Broadband pricing in Indonesia is getting down. I am sure there's gonna be another decrease of cost in bandwidth next year. It is now about half the price of the last year, that's not bad. And since things are upgrading, like the company I work for is upgrading it's system to VOIP thingy. Then I think it's time to set the network better now.
When I first got in the company, things were simple. Accessibility and availability were low. Employees had only Outlook Web Access (OWA) to access email from remote. OWA was good, but not good enough. They could have had the full MsOutlook features. I mean, when you have a laptop, why use OWA if you can have a complete feature of Ms Outlook? Well yes, OWA is good when you have only a very limited bandwidth, though.
Alright, then we took notes, what was feasible to enhance and what had to wait. Then we had it all in the list of what to do, what to reconfigure later on, like websites, FTP site, intranet, extranet, mail availability (Outlook, Outlooke web access, Outlook mobile access, Mobile outlook via microsoft activesync pushmail), data availability (such as via VPN) and web applications to support business processes.
Yes you know, the back technology would be, DNS, RPC over HTTP, IIS, Front-end Exchange Server, Back-end Exchange Server, Firewall, SSL with CA, ASP, WAP, dotNet, and of course we need to have a Demiliterizarion Zone (DMZ), so be certain in routing and firewalling. One of the most irritating problem is you need to make sure that the changing of IP address and the way your router routes network will be quite different. This will impact on everything not only security issues but also availability.
When migrating to new topology, remember to take notes of the prior conf of the firewall and translate it to new topoloty. In my case, my new topology is very different with the previous one, since I use the point-to-point IP as the router gateway as the internet address, therefore I hide the real IP I have. This is more secure yet more difficult to route and firewalled. I don't want any service such as push mail nor website disturbed.
Consistency among router-firewall-IIS is critical. Check out every detail like in the website header, address, services, port number, authentication setting. Since they are scattered all over IIS, router, firewall and Exchange Manager (at both front-end and back-end server) than taking notes is crucial.
It was quite an experience. Re-setting the router-firewall-IIS was a real pain in the a*s. But now it is working real good, so I guess everything turns out worthwhile then.