The Exchange Server 2010 Edge Transport server role performs an important job in the organization. The Edge Transport server is specifically designed to handle internet email flow, protect from viruses and spam, and apply important business rules to email entering or leaving the network.
But despite this specialized role most businesses do not deploy an Edge Transport server in their Exchange organization. This can be for one of several reasons, such as having an existing email security server or appliance running in the network, integrating an email security product on their internet-facing Hub Transport server, or simply for reasons of cost.
However the Edge Transport server is certainly a useful role to deploy, and in this upcoming series of tutorials we’ll walk through the process of installing an Edge Transport server and explore some of the features of the Edge Transport server role.
Where to Deploy Exchange Server 2010 Edge Transport Servers
The Edge Transport server is designed to operate in perimeter networks, in other words a DMZ. Of course you could place it in the internal network if you wanted to, but this detracts from some of the security benefits of deploying in a DMZ.
Unlike other Exchange server roles the Edge Transport server does not need to be a member of an Active Directory domain, so locating it within a DMZ does not create any difficult firewall configurations. There are only a few firewall ports that need to be open for the Edge Transport server to do its job.
For this tutorial series the Edge Transport server is being deployed in a DMZ that is secured by a 3-legged ISA Server 2006 firewall.
Preparing the Server to Install the Exchange Server 2010 Edge Transport Server Role
The Edge Transport server role has the same basic operating system requirements as other server roles. Edge Transport servers can be deployed on the following operating systems:
- Windows Server 2008 64-bit Standard or Enterprise, with Service Pack 2
- Windows Server 2008 R2 Standard or Enterprise
For this demonstration Windows Server 2008 R2 Enterprise with Service Pack 1 is being used to run the Edge Transport server role.
To install the Edge Transport server pre-requisites open an elevated Windows PowerShell prompt and run the following command.
1 | PS C:\> Import-Module ServerManager |
Next run this command to install the required roles and features for the Edge Transport server.
1 | PS C:\> Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS -Restart |
Note that using the -Restart parameter will cause the server to restart automatically to complete the installation of the roles and features.
In the next part of this series we’ll look at installing the Exchange 2010 Edge Transport server role.
For more information see these frequently asked questions about Edge Transport servers.
Hi
I m new to exchange I have few questions regarding publishing it to the outside world.
For the dns side I will publish my MX record and spf records all along with necessary a, cname records.
But on network side what ports needs to be allowed from outside.
How many live ip address are required and do I need to PAT /NAT all my servers roles I. E. mailbox, cas, um, ht, edge servers?
All of these are in same ip subnet 10.11.10.0/24 subnet.
I m confused which servers needs to be exposed and on which ports?
I m not using ISA/TMG/UAG, all are behind a cisco router 1841,
I currently have a network with two Exch 2010 servers with roles CAS/HT/MB with DAG. I have a second network that will be pushed out at times on a slow link with limited bandwidth. When not deploy from the main site latency is not an issue. Would it be beneficial to install another MB role and set it up for DAG with the other two servers, keep it a separate and install CAS/HT/MB, or could installing the edge role benefit this slow link back into the main network? Thank you for the multiple write ups you have one
From my understanding the Edge server cannot be installed on the same server as the Exchange in any circumstance.
It needs to be on it own right?
Correct, the Edge Transport role cannot co-exist with any other Exchange server role.
Hi Paul,
Can you give the Edge transport server 2010 hardware requirement?
Thanks!
You’ll find Microsoft’s guidance here:
http://technet.microsoft.com/en-us/library/dd351192