Data Loss Prevention

 View Only

  • 1.  Vontu 11 & Exchange 2010

    Posted May 17, 2011 04:22 PM

    Hi,

    Could anyone point me to a KB article or documentation regarding how Vontu 11 integrates with Exchange 2010? I have checked the Altiris KB and have not found anything regarding specifics on Exchange.

    We currently have mail routing from our Exchange 2003 cluster --> to one of two mail relay servers --> to one of two IronPort MTA devices --> to one of two Network Prevent - Email servers --> back to one of two IronPort MTA devices --> possibly to one of two tumblewee mailgate email firewalls for encryption --> and finally to the DMZ where the last mailgates are sitting.

    It is admittedly not the most ideal setup. With exchange 2010, we are hopping to get rid of a few of these devices, mainly the IronPort MTA, but we need to better understand how exchange 2010 and vontu integrates. Any help would be greatly appreciated.



  • 2.  RE: Vontu 11 & Exchange 2010

    Posted May 18, 2011 10:07 AM

    DLP 11 and Exchange 2010 aren't going to get you far in this situation with regards to cutting out any of these devices, unfortunately.  The only real architecture type change that V11 introduces for Prevent is the ability to put that device in the cloud, which is not your case here.

    You need those Ironport devices in there to perform any mail routing based on what Prevent tells it to do (send to Tumbleweed to encrypt, or send to the mail gateways in the DMZ).  You may even be doing you block on Ironport now, which gives you some additional options/functionality.

    I'm not sure you need the two mail relays before going to the Ironport devices, but there's probably a reason you did this.  You could go right from Exchange to Ironport.  Or if you want to simplify the mail flow a little, you could put Prevent in forwarding mode instead of reflection.  Typically how I recommend that configuration:

    Exchange --> Load Balancer  ---> Prevent 1 or Prevent 2 --> Ironport 1 or 2 --> Tumbleweed or final mail gateway.

    With the load balancer, you can specify to fail open direct to Ironport if Prevent 1 and 2 are not up, hence you still have fail open capabilities.  This has the added benefit of reducing your load on Ironport if that happens to be an issue.

    ~Keith



  • 3.  RE: Vontu 11 & Exchange 2010

    Posted May 31, 2011 11:07 AM

    We have moved to Exchange 2010 and have to put Prevent inline to monitor the (now TLS encrypted) email.  Has anyone used a F5 Big-IP device as the load balancer?  TNX