The Security Server

The Security Server is the second server installed in a Windows Essential Business Server 2008 deployment. It integrates with the existing Management Server and it is automatically configured for the typical needs of a <300 seat business. The Security Server offers stateful and stateless firewall protection, higher-layer protocol filtering on all traffic, and spam and malware protection for e-mail.

Primary Security Server Services

· Exchange Server 2007 Edge Transport Role – Performs multiple messaging functions including anti-spam and message hygiene, in addition to receiving all incoming e-mail and forwarding all outgoing e-mail;

· Forefront Threat Management Gateway, Medium Business Edition – (The next-generation of ISA server) Provides firewall services such as traffic filtering, and web antivirus protection for the Windows Essential Business Server 2008 solution;

· Web Services (Internet Information Services) – Web server providing services for Forefront Threat Management Gateway reporting.

When we did our research and spoke to our customers it became clear that there was a specific need for a layer of isolation between the outside world and the internal network.  The Security Server is designed to fulfill the edge role as part of the all up defense in depth approach across the EBS environment.  Think of the Security Server as the first port of call before passing any data into your protected network.

While we're on the subject of security it's worth while highlighting some more areas EBS excels in.

· Unified View of Security in EBS Administration Console –  a single view of overall security status, desktop update status, e-mail antivirus signatures, and firewall settings from a single console;

· Protection of Critical Services – internal servers are isolated behind a robust enterprise-quality firewall, providing greater control over how people may access your network;

· E-mail Security Features – EBS scans your e-mail for viruses, worms, and malicious software. E-mail is processed prior to reaching the intended recipient’s mailbox via the Exchange Edge role hosted on the Security server.  This is done using Forefront Security for Exchange, which is installed on the messaging server.  The Security server is able to manage anti-spam, IP allow lists, and domain filtering;

· Comprehensive Reporting – You can gather information about security status and Internet usage, from receiving alerts when suspicious activity occurs to reports on how company employees are using the Internet.

Windows Essential Business Server 2008 also provides highly secure remote connectivity. The Security Server is responsible for brokering these activities.  The remote connectivity features for Windows Essential Business Server 2008 include:

· Remote Web Workplace (Remote Web Workplace) –Windows Essential Business Server 2008 provides employees with remote browser-based access to e-mail, files and folders on the network, and desktop PCs from any Internet-enabled PC;

· Pre-configured Perimeter Access - Windows Essential Business Server 2008 automatically enables secure publishing for Outlook® Web Access, Microsoft Exchange ActiveSync, and Outlook Anywhere (formerly know as RPC/HTTPS);

· Pre-configured Management Access - Windows Essential Business Server 2008 automatically enables secure remote access to the Management Server, via the Terminal Services Gateway which is installed on the messaging server.

Finally it's worth mentioning that the Security Server is domain joined.  This enables management and monitoring of the Security Server from a single EBS Administration Console. Forefront Threat Management Gateway can also now work as the secure bridge to the trusted environment, meaning there is no requirement to synchronize directories outside of the firewall