1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

edge transport role in exchange 2007

Discussion in 'Exchange Exams' started by Meltin, Apr 22, 2007.

  1. Meltin

    Meltin Bit Poster

    We have just done a migration to Exchange 2007 at work. Previously we had a single exchange 2003 server. We have just gone for the typical installation with hub transport, client access and mailbox roles. As I understand it the only way to get the spam handling features and the blocklist features that are available in exchange 2003, isto have a second server in front of a firwall that is not in your AD running the edge transport role.
    Is this the case? For smaller organisations that cannot or do not want to use a second server this is a bit of a pain. Also I wonder how this will work when exchange 2007 is included in SBS servers.
    Anyone got any views?
    Certifications: A+, Network+,MCSA
    WIP: 70-297
  2. zebulebu

    zebulebu Terabyte Poster

    That's correct, Edge Transport sits on a server that can't have any other Exchange Roles. This is because of the security necessary for Edge Transport to function as required - it can't be part of your AD infrastructure and must be completely separate. it communicates with AD by means of ADAM (Active Directory Application Module - form memory, that may be wrong!) and it has been designed from the ground up with security in mind.

    M$' idea here is that you replace your anti-spam, av and malware boxes with one big M$ product (good luck selling that one!) so, theoretically, although you will spend more money kitting out an ET server you should save in the long run by removing two or three other appliances from your racks.

    Gawd alone knows what will happen when SBS ships with E2K7 - i would imagine the ET role will simply not be offered, or may be reduced licensing costs involved in purchasing a second server - since it isn't inherently part of your AD topology I'd imagine the licensing model for it will be very different, maybe based on connection or mail volume or something.
    Certifications: A few
    WIP: None - f*** 'em
  3. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    Thats not entirely true
    many of the features available in the edge transport can be run on any hub transport server
    however you lose some of the security benfits of having it on a non domain, external to the perimeter system

    that said it will still be more secure than your old single 2k3 server

    the edge transport server is an option, and whilst its a good one its not a one size fits all one, which is exactly why exchange 2007 was sliced into roles in the first place

    have a look on the technet website for info on securing your hub transport server and what features can be enabled/configured
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  4. McMuffin

    McMuffin Bit Poster

    Spam features CAN be enabled on a Hub Transport server, it is quite possible to have a single Exchange 2007 server with the hub, cas and mailbox roles. Although this is not best practice and certainly not recommended.

    The following powershell script will enable the antispam filters on the Hub Transport role.


    The script can be found in the Program Files\Microsoft\Exchange Server\Scripts folder.

    You will need to restart the transport service aftwards.
    Certifications: 2k3 MCSA:M,70-293,70-294,70-237,70-238
    WIP: 70-236,70-297,70-431,CCNA
  5. Meltin

    Meltin Bit Poster

    Thanks for the advice guys. I might look at putting some of these roles on the hub transport server.
    Certifications: A+, Network+,MCSA
    WIP: 70-297

Share This Page