Got the following question in our support mailbox and wondered if the instructors and/or other board members might be able to help out.

As the internet access into the business becomes more complicated I am reaching the stage where I need multiple HTTPS sub domains coming in, for example:

1) https://myclasslink.blossomhouseschool.co.uk/myclasslink - this goes to IIS on my domain controller
2) https://owamail.blossomhouseschool.co.uk/exchange – this goes to IIS on my exchange server
3) https://ftp.blossomhouseschool.co.uk/ftp – this goes to IIS on my file manager server

I need to understand where and how you split multiple HTTPS signals coming in through a router/gateway and onto the necessary servers – unfortunately the above is to complicated for port forwarding, I think from my Exchange Server 2003 training video I might need a NATS server or something.

Two items I can mention are:
1. You will need separate IP addresses for each website to guarantee they'll be secure with HTTPS. Just providing different host names will not allow that.
2. It is strongly recommended to not have a web server on a domain controller or exchange server. A web server is public and can lead to many security holes which you do not want to make the domain controller or exchange server vulnerable.

.... or just install ISA 2006 (soon TMG) .

ISA will reverse proxy the job. will allow single IP for all those websites, in most configurations.

and will authenticate on the EDGE, which I very very like.

my two cents.

Gotta look this one up but do Host Headers work on 443?

Host headers don't apply with SSL. That's just for HTTP.

As was mentioned, unless you have ISA or some other web proxy in place, you'll want to have a separate IP for each internal destination server. That way each server can get unique SSL traffic. You'll also probably want to have a unique cert for each host, unless you want to make a wildcard cert that works and load it on all the systems.