TMG + RODC or only TMG in DMZ RRS feed

  • Question

  • Hello,

    I have a DMZ, where we plan to install TMG Standard (one adapter). In this DMZ also have the Exchange 2010 Edge role. The main use is going to have the TMG will be publishing the OWA.

    Now I doubt  which is better or more recommended:

    1. - Install the TMG in DMZ and open ports to the internal network for communication with the DCs (RW) of the internal network, as with the HUB / CAS Exchange 2010.


    2. - In addition to the TMG, also install an RODC in the DMZ, which validates the TMG and the TMG only communicate with the HUB / CAS internal network.

    That you think that is best solution or the best architecture? What things should I consider? Never install an RODC and not what is the best architecture or possible problems that might cause me.

    Thank you very much!
    Monday, July 8, 2013 12:10 PM


All replies