We're finding that RDG (Remote Desktop Gateway role) and VPN (Remote Access Server role) and Exchange roles do not want to play nice on one Server 2008 R2 machine.
For this reason we've moved to virtualizing them on Hyper-V across two seperate machines, VM#1 and VM#2.
Remote Desktop Gateway and VPN (sstp; Remote Acces Server) are running on Server 2008 R2 Std on VM#1.
We want to virtualize our Exchange on Server 2008 R2 Std to VM#2.
At the moment we only have one IP address.
Port 80 and 443 are directed to VM#1. Port 25 is directed to VM#2. We could easily deploy an edge server for exchange on VM#1 and point port 25 to VM#1 as well.
There is no TMG/ISA. No reverse proxy either.
We have a SAN/UCC SSL Certificate from a third party for:
- mail.ourdomain.com
- autodiscover.ourdomain.com
- exchange.ourdomain.local <-- VM running Exchange mailbox and hub transport roles.
- remote.ourdomain.local <-- VPN/RDP access.
We would like to keep VM#1 and VM#2 seperate, as opposed to installing Exchange CAS and Edge roles on VM#1 on top of what we currently have.
Does anyone have advice on how best to accomplish this setup with one IP, and one UCC/SAN cert rather than getting two IPs from our ISP and pointing the second IP to exchange on VM#2?
To sum up the suggestions:
1) Get a new IP from our ISP specifically for use with Exchange. This way port 443 traffic can be pointed to Exchange without the needed complexity of setting up IAS/TMG or a reverse proxy.
If installing the CAS role on the VM with RDG and VPN, then follow:
2) install an SNI based solution that can look at the SSL request and match it to the specific certificate for connecting to exchange.
3) use a SAN/UCC certificate that covers
4) extra config work to get CAS role to play nice with RDG: http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/1da9cd90-80f4-4087-9edf-2d9cfa1d312f/