After four posts, we reach the end of the saga about “five things you probably don’t know about Exchange Server 2007.” And now, #5/5 on the list:
5. Edge Transport is optional… depending on what you want to do.
Many people are inclined to think that if a vendor includes a component with a product that it must be used for the system to work. For example, would you use a computer without a mouse? Well, actually that’s a complicated question based on a plethora of factors. How about the crevice tool on your vacuum? Do you need to you use it, or is it optional?
Exchange Server 2007 includes several roles which could be performed: Mailbox, Active Clustered Mailbox, Passive Clustered Mailbox, Hub Transport, Client Access, Unified Messaging, and Edge Transport. Yes, Virginia, you can choose whether your organization really wants to use Microsoft’s Edge Transport service or not. Here are some guidelines.
If you already have Barracuda, IronPort, Postini, etc. type filtering devices, you may want to preserve that investment and not use Microsoft’s Edge Transport service role for Exchange Server 2007. That saves some hardware, a Windows Server license, and an Exchange Server 2007 license because the Edge Transport role cannot be installed on the same Exchange/Windows server as any other E2K7 role. It is possible to use both E2K7 Edge Transport in conjunction with those sorts of devices, but not always a productive use of money unless having “double coverage” for SPAM or AntiVirus scanning with different products is gives you some actual advantage.
For small deployments, it’s worth noting that it is possible to make a Hub Transport server (or servers) do the kinds of filtering an Edge Transport server would do. That saves having a separate server box (or two) for Edge Transport. Certainly, if you have more than one or two servers with the Hub Transport role, you could choose which ones act as gateways/bridgeheads to/from the outside world and would do AntiSPAM + AntiVirus scanning, and which would not.
When you don’t have Barracuda type filters and you want to isolate your SPAM and Virus checking (along with other filtering, processing, and routing potentially), you could install one or two separate servers running Exchange Server 2007 out in a DMZ (DeMilitarizedZone, edge network, perimeter network, extranet) and install only the Edge Transport role. Active Directory Lightweight Directory Services (AD LDS, formerly known as ADAM) and some other prerequisites are required.
Then you’d configure the Hub Transport servers inside your Exchange organization to work with the Edge Transport server(s) outside and vice versa. The magic is in the details.
In summary, based on your needs and other messaging filtering and services, you may or may not need E2K7 Edge Transport services in (the perimeter network of your) Exchange organization. In that sense, it’s conditionally optional.
I hope you’ve enjoyed these Five Things About Exchange Server 2007 You Probably Don’t Know.
Next I’ll probably post about something other than Exchange since I suspect Rich Luckett will likely be writing about Exchange on the blog. That, and I’ve been getting some great questions on Windows Server 2008 topics lately that I feel like writing about.