11-02-2013 05:34 AM
we are planing to install a bes 5 in our enviroment. the server is planed to be placed in a separate network (dmz), in the main network zone we have 2 ad servers, 4 exchange and 1 sql server. i'm looking for some reason, to make the bes a ad member server. is it a good idea to have the bes separated? or is it best practice to have just a blackberry role in the dmz and all the other roles in the main network.
thanks for your help
I'm rockin the BlackBerry Passport, Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook, BlackBerry Wireless Headset HS-700
11-04-2013 10:04 AM
BES in a DMZ is a bad idea and yes its needs to be joined to domain.
You can put the BlackBerry router in the DMZ but it really does not offer any security benefit.
more info here
BESAdmin's, please make a signature with your BES environment info.
BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V
11-04-2013 10:53 AM
thanks for your fast answer. that's what i was looking for. So best practice is to install a blackberry router in the dmz which is not part of the ad. then just open the port 3101 from the core zone to the dmz and install a bes in the core zone whitch is a ad member server, right?