RPC over HTTP (why this is a great option for Hosted Exchange)
Yesterday I learned about a cool feature that is part of Exchange 2003. RPC over HTTP will allow you to connect to a firewalled exchange server without having to VPN past the firewall. There is a technet guide describing how to set this up at this link.
Due to security concerns with allowing incoming netbios traffic, it is an accepted best practice to keep your exchange server behind a firewall. While using a VPN to access your exchange server is a standard practice and accepted method, it has some drawbacks, specifically in the hosted exchange environment. First, granting VPN access gives the user complete access to the entire internal exchange network. Second, providing and managing VPN clients for your hosting customers is going to be a migrain headache at best. In a hosted exchange offering, the ideal solution is to allow a secure method by which a user can access just the exchange resources he needs without having to grant that user rights to the entire network.
Enter RPC over HTTP. This allows you to connect to the exchange server if you're running outlook 2003 and exchange 2003. On the exchange side, you put the exchange servers behind an ISA server and web proxy. Read the technet guide for more details. I just set this up on my home PC to access the corporate exchange server (without VPN), and it works really well.
If your're a Microsoft employee reading this post and curious how to set this up for the corporate exchange server, there is a link to specific instructions on the front entrypoint to the OWA.
