I am preparing for a Unified messaging installation for a customer who currently has a scenario where their Exchange server is separated from their Domain Controllers and their Corporate Network by a firewall. The Exchange server is a member server in the 2003 domain that services the enterprise. From what I have read, it is not desirable to place the Unity Server and Exchange server on opposite sides of a firewall. However, if I place the Unity server on the same side as the Exchange server, it will be separated from the Callmanagers, phones, Gateways, etc... which also seems like a bad idea.
In short, I guess my question is whether separating Unity from Exchange with a firewall is a supported solution. Is there any documentation to support the solution or the fact that it is not supported? I have been looking, but I haven't found anything definitive.
Any help is appreciated...
The Cisco Unity Design Guide at: http://www.cisco.com/application/pdf/en/us/guest/products/ps4608/c1612/ccmigration_09186a008022f4aa.pdf
says this: "For Exchange 2000, Exchange 2003, or an Exchange mixed-mode environment, the Cisco Unity server must not be separated by a firewall from the message store servers that home Cisco Unity subscribers, from the DCs and GCs that service those message store servers, or from other network resources necessary to operate normally."
So, given the strong language (I'm referencing "must not"), what you are trying to do is not supported based on this design document.
And, for your reference, in case you haven't found this already, is this document on Unity security: http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_white_paper09186a00802077c0.shtml
I hope this helps!