Dell PowerVault 775N Configuring Windows® Firewall to Work With Dell - Page 22

Planning for Security

Get Dell PowerVault 775N PDF manuals and user guides View all Dell PowerVault 775N manuals
Add to My Manuals
Save this manual to your list of manuals

Page 22 highlights

Planning a Deployment Remotely Storing Files from an Active/Active Exchange Cluster The Feature Pack supports one active/active Exchange cluster, as shown in Figure 1.7. In the supported configuration, both Exchange servers in the cluster are active and access the Windows Storage Server computer at the same time. If one of the cluster nodes fails, the storage group operations of the failed node are handled by the other node, thereby preventing loss of service. A dedicated Gigabit Ethernet connection is recommended between each Exchange 2003 server and the Windows Storage Server computer. A dedicated Gigabit Ethernet connection is either a direct point-to-point connection, or is implemented through a switch that supports virtual LANs (VLANs). A separate connection to the public network is required for access to Active Directory and, optionally, to provide client access for general-purpose file sharing. Figure 1.7 Topology with One 2-Node Active/Active Exchange Server Cluster Planning for Security Moving Exchange databases and transaction logs to a Windows Storage Server computer requires the Exchange server to access its data over a network connection. It is therefore important to verify the security of that connection. A dedicated Gigabit network for Exchange traffic is strongly recommended to help prevent network sniffing of Exchange data. Additionally, the Server Message Block (SMB) share used to host the Exchange databases and transaction logs on the Windows Storage Server computer must be locked down to ensure data security. Limiting access to this share to the minimum number of administrators, backup operators, and Exchange servers required is strongly recommended. Important SMB shares that are created using the Win32 user interface grant Read permissions to the Everyone group by default. To ensure data security, this permission setting must be removed on shares that are used to host the Exchange databases and transaction logs. For additional information about Exchange server security requirements, see "Planning an Exchange Server 2003 Messaging System" (http://go.microsoft.com/fwlink/?LinkId=23131). Feature Pack Deployment Guide 22

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
Planning a Deployment
Feature Pack Deployment Guide
22
Remotely Storing Files from an Active/Active Exchange Cluster
The Feature Pack supports one active/active Exchange cluster, as shown in Figure 1.7. In the
supported configuration, both Exchange servers in the cluster are active and access the Windows
Storage Server computer at the same time. If one of the cluster nodes fails, the storage group
operations of the failed node are handled by the other node, thereby preventing loss of service.
A dedicated Gigabit Ethernet connection is recommended between each Exchange 2003 server
and the Windows Storage Server computer. A dedicated Gigabit Ethernet connection is either a
direct point-to-point connection, or is implemented through a switch that supports virtual LANs
(VLANs). A separate connection to the public network is required for access to Active Directory
and, optionally, to provide client access for general-purpose file sharing.
Figure 1.7
Topology with One 2-Node Active/Active Exchange Server Cluster
Planning for Security
Moving Exchange databases and transaction logs to a Windows Storage Server computer
requires the Exchange server to access its data over a network connection. It is therefore
important to verify the security of that connection. A dedicated Gigabit network for Exchange
traffic is strongly recommended to help prevent network sniffing of Exchange data.
Additionally, the Server Message Block (SMB) share used to host the Exchange databases and
transaction logs on the Windows Storage Server computer must be locked down to ensure data
security. Limiting access to this share to the minimum number of administrators, backup
operators, and Exchange servers required is strongly recommended.
Important
SMB shares that are created using the Win32 user interface grant
Read permissions to the Everyone group by default. To ensure data
security, this permission setting must be removed on shares that are
used to host the Exchange databases and transaction logs.
For additional information about Exchange server security requirements, see “Planning an
Exchange Server 2003 Messaging System” (
).