The multi-role server architecture that was introduced with Exchange Server 2007, and then continued with Exchange 2010, has been consolidated in Exchange Server 2013.
Exchange 2013 has three server roles that can be installed:
- Client Access server
- Mailbox server
- Edge Transport server (from SP1 or later)
The Mailbox and Client Access roles can co-exist on the same host, or be installed separately. It is generally recommended to install them on the same server (multi-role server installs) instead of separate server roles.
Exchange Server 2013 Client Access Server
As the name suggests, the Client Access server role is the server that clients (eg Outlook, Outlook Web App, ActiveSync) connect to for mailbox access. The Client Access server authenticates, and redirects or proxies those requests to the appropriate Mailbox server.
Client Access servers can be made highly available through the use of a load balancer.
There are two main components:
- Client Access service – this handles the client connections to mailboxes
- Front End Transport service – this performs various email traffic filtering functions, as well as email routing between the Exchange servers and the outside world
Exchange Server 2013 Mailbox Server
Mailbox servers host the databases that contain mailbox and public folder data. As with Exchange 2010 the Exchange 2013 Mailbox server role can be made highly available by configuring a Database Availability Group.
The Mailbox server also runs two Transport services:
- Hub Transport service – similar to the Exchange 2007/2010 Hub Transport server role, this service provides email routing within the organization, and connectivity between the Front End transport service and the Mailbox Transport service
- Mailbox Transport service – this service passes email messages between the Hub Transport service and the mailbox database
Exchange Server 2013 Edge Transport Server
Edge Transport servers are optional for organizations, and are designed to sit in a DMZ network to provide SMTP connectivity and mail flow in and out of the organization, whether to/from the internet or Office 365. The Edge Transport role can be used to satisfy the requirement that some organizations have to not permit any direct communications from the internet to internal networks.
Other Server Roles from Exchange 2007/2010
With the reduction in server roles to just two in Exchange Server 2013 you may be wondering what has happened to the remaining server roles that existed in Exchange Server 2007 and 2010:
- Hub Transport server – this functionality has been divided between the Client Access server (Front End Transport service) and Mailbox server (Hub Transport and Mailbox Transport services) and is no longer a dedicated server role
- Unified Messaging – this functionality has been divided between the Client Access and Mailbox server and is no longer a dedicated server role
Is it possible to route email from exchange online to exchange 2013 without using the CAS server front end service, and instead routing to from exchange online to the mailbox role server directly
Hi Paul,
A quick one, Consider an environment of one exchange server (2013) which has both CAS and MB role. The effective quantity of license is showing as ‘1’ in the license portal.Is it possible to install a new CAS server with the same license? Or do we need to buy extra license for CAS?
How many EXCH 2013 licenses are required to do the setup of Exchange 2013 with CAS+MB in one server and second server with only CAS role?
Thanks
Hi Paul
Just a quick question. Can exchange 2013 go on the same box as exchange 2010 or do i have to buy another server. I ran the setup in my virtual mode and it said that exchange 2013 cant be installed on a server that has exchange 2007 or exchange 2010 server role installed.
The Real Person!
The Real Person!
No, it can’t.
Great article it’s. It’s in Simple language, easy to understand.
Thanks!
Apologies if it has been asked before……
I am looking to setup 2 new servers which will only be used for dedicated hub transport queues and will not host any mail DBs.
Do I need to install them as mailbox servers or could I use the edge transport role even though the will not be installed in a DMZ?
I am configuring SMTP journaling but do not have the space requirements on the existing mailbox servers where the current transport queues sit. I intend to create two new servers to accommodate the queues for the journal copies.
Many thanks,
The Real Person!
The Real Person!
Edge can’t do journaling, and isn’t designed to participate in internal mail flow. If the journaling target is an external address, and you’re thinking that those Edge servers will handle just those queues, then maybe. But I’ve not worked with that design myself before.
Pingback: Windows Server: “Install Exchange 2013 SP1 on Windows 2012 R2 Server Edition Part 1” | 0XY-nets
Pingback: Microsoft Exchange Server 2013 – Design, Deployment and Migration – MS EXCHANGE TIPS
Pingback: Microsoft Exchange Server 2013 – Design, Deployment and Migration | MS EXCHANGE TIPS
Q1
Will changing autodiscover url in coexistance environment(ex2007 and ex2013) affect outlook clients?
Q2
Is this process correct? How does outlook determine which CAS server to connect to(in coexistance environment)?
1.Outlook opens, and queries Active Directory for the Service Connection Point on an Exchange server for the AutoDiscover URI / URL (I will explain more about this below)
2.Active Directory returns the URI / URL to the Outlook client, which then looks it up within DNS
3.Outlook connects to Exchange using the AutoDiscover URL over TCP 135 (RPC Endpoint Mapper) to Authenticate, pulls a ton of Exchange attributes from the mailbox (mainly find the mailbox using the homeMDB attribute along with the version of Exchange the user is on using the msExchangeVersion attribute), pulls the proper TCP ports (RPC Client Access, Address Book Service, Public Folders) and also pulls the Outlook provider record (e.g: EXPR: which gives the EWS InternalURL)
4.Outlook then negotiates its connection and connects into Exchange
The Real Person!
The Real Person!
Q1 – yes, clients will start connecting to wherever the SCP resolves to in DNS
Q2 – TechNet has very in depth articles about how Autodiscover works. Have you read those?
hi, i just want to ask if we have 2 branch, (main and branch1) what is the best setup for this.
option 1:
ex. Main branch (1 dedicated CAS, 1 dedicated MBX)
branch1 (1 MBX only)
option 2:
ex. Main branch (1 dedicated CAS, 1 dedicated MBX)
branch1 (1 dedicated CAS and 1 dedicated MBX)
Note:
currently were using a 10mbps vpn connection, only 1 domain.
or if you have any good suggestion. It would be better
hi, i just want to ask if we have 2 branch, (main and branch1) what is the best setup for this.
option 1:
ex. Main branch (1 dedicated CAS, 1 dedicated MBX)
branch1 (1 MBX only)
option 2:
ex. Main branch (1 dedicated CAS, 1 dedicated MBX)
branch1 (1 dedicated CAS and 1 dedicated MBX)
Note:
currently were using a 10mbps vpn connection, only 1 domain.
Hi Paul,
I really like your technical post comments way of answer in the real world. I have small Test environment Like ( 1 AD, Mailbox , CAS ( Role installed separate server ) all are MS 2012 R2 and everything is working fine in internally (LAN) . I would test my exchange environment to publish to internet for the incoming and outgoing mail flow to outside world. is there is any free dns hosting site to register for free public domain (testing). what the steps to follows to achieve my test exchange environment to public.
Pl advice.
Regards,
Laxman
Pingback: What Is Exchange Server | cancercommon.com
Hi Paul,
I am new to Exchange and wanna become really good at it. I want to start by Learning Exchange 2013, do you have any advice for me?
Thanks
The Real Person!
The Real Person!
Start here:
https://www.practical365.com/exchange-2013-boot-camp/
Pingback: Installing Exchange 2013 | Lephunt
We are setting up Exchange 2013 in its own forest, between 2 Data centers for DR and HA purposes. Need to determine architecture of mailbox copies. We want to maintain Active /Active between both datacenters. Any suggestions?
The Real Person!
The Real Person!
Absolutely:
https://www.practical365.com/ebooks/deploying-managing-exchange-server-2013-high-availability/
Other than Jetstress, what other automated tool/3rd party tools would you recommend to size the environment. Plan to move from physical to virtual environment using vmware for Exchange 2013. Contemplating whether to Multi Role or Single Role .
The Real Person!
The Real Person!
The sizing calculator that Microsoft publishes. If you’re virtualizing also read their virtualization best practices or seek out any of the TechEd, MEC, or Ignite sessions about the topic.
You’ve mentioned Microsoft’s best practice is Multi Role Server. Any links or documentations supporting pros/cons of multi role server versus single. Company trying to determine best option.
Thanks.
The Real Person!
The Real Person!
Any relevant TechEd, MEC, or Ignite session by Ross Smith IV in the last couple of years, or read his blog post series on the Exchange 2013 Preferred Architecture.
Hi Paul,
I have 2 Exchange 2010 servers .1 CAS and 1 MBX (100 mailboxes).Now need to shift to 2013.I have two licence of Exchange 2013 and thinking to setup multi role deployment.What do you think, is this ok :
Create DAG with 2 DB. 50% of mailboxes on 1 MBXCAS and 50% on 2MBXCAS and use DNS Round Robin for CAS.
1MBXCAS is physical machine and 2MBXCAS is virtual.
The Real Person!
The Real Person!
Technically that will work, it is a fairly common and basic HA set up. Whether it is the right fit for your business and technical environment is another matter entirely.
Hello,
Just a small question i have a 3 server’s architecture, one with CAS, other with EDGE and another with MB all in different machines. I need to update from Exchange Server 2013 SP1 or CU4 to CU7, which machine should I do first? Is there any important order to be made or it is irrelevant!
Thanks
The Real Person!
The Real Person!
Here you go:
https://www.practical365.com/exchange-2013-installing-cumulative-updates/
I just purchased 2 new servers. One will be used to run Exchange 2013 HUB/CAS (LAN) and the other will be a Web server (DMZ) hosting various internal websites (IIS/PHP). Instead of having a 3rd older server run Exchange 2013 Edge, I was thinking on installing it on the Web server. Any disadvantages or no-nos?
Thanks
Hello…very useful topic. Thanks again. So my question is there any documents or guide to migrate roundcub mail system to Microsoft Exchange server 2013. Thank s
If i put Edge on DMZ…
What DNS IP i’ve to put on Edge server (the internal DNS that sits on inside), or public DNSs???
What ports need to be open from DMZ, to inside?
Regards!
I want to setup Exchange 2013 with two separate server (one CAS, one Mailbox).
to which IP i’ve to redirect the incoming 25 port, to CAS or to Mailbox???
also…if i need to setup a DMZ…what server roles i’ve to put there?
Regards
The Real Person!
The Real Person!
1. CAS
2. The only server role suitable for DMZ is Edge Transport.
Thank you Paul.
What Edge Server is better to put on DMZ, 2010 or 2013?
My other question…the clients that will be connect to OWA or with ActiveSync…will be connected to CAS server, that will be inside, right???
so…which ports i’ve to open???
So i will publish directly port 443 to be nat-ed to CAS server IP?
I’m not clear how the CAS will not be in DMZ…when i’ve to publish its 443 port.
Regards!
The Real Person!
The Real Person!
Functionally I don’t know of any significant difference between Edge 2010 and Edge 2013 but I would use 2013 anyway.
External clients using OWA or ActiveSync connect to the CAS on port TCP 443, that is correct.
Pingback: Exchange 2013: Create an SSL Certificate Request
I am migrating towards two Exchange 2013 Servers, one in each site. I would like to install multi role in both sites to setup mail flow redundancy – however the DAG requires a CAS without the mailbox role to act as the witness. Will this require the purchase of an additional exchange license and 2012 server?
FYI I would prefer to manually switch on the databases – can I do this without DAG?
Cheers
Brett
The Real Person!
The Real Person!
The DAG does not require a CAS or any other Exchange role for the file share witness. The file share witness only needs to be a Windows server.
More info:
https://www.practical365.com/using-a-non-exchange-server-as-an-exchange-2013-dag-file-share-witness/
I’m not quite sure what you mean by “manually switch on the databases”.
I have a single exchange 2010 and want upgrade it to 2013 directly. is it possible?
Hub Transport also installed on it.
Thanks,
John
The Real Person!
The Real Person!
There is no in-place upgrade option for Exchange. You need to deploy a new server in your existing org and migrate data and services across to it.
Pingback: SSL Certificates Installation for Exchange Server 2013 using local PKI | A Messaging / Unified Communication Portal
Pingback: Markoni Consulting
Hi Paul,
You mention that the CAS and Mailbox Roles can Co-Exist on a single server. Is this regarded as Best Practise now? When would you separate the roles and configure them on their own independent servers?
Thanks
Neil
The Real Person!
The Real Person!
Best practice is multi-role servers. Only install separate roles if you have a specific requirement to.
Examples may be if there is a performance requirement (probably not as common these days) or to reduce the number of CAS in environments with a lot of MBX (eg if you’ve got a 16 member DAG you may not need 16 CAS as multi-role servers when a smaller number of dedicated CAS would do the job).
Thanks for your prompt reply Paul. this clarifies things
Pingback: Exchange Server 2013 Mail Flow and Transport Services
Pingback: Cenabit » Migrar Exchange Server 2010 a Exchange Server 2013 PARTE 1
Pingback: Proxying Outbound Email Through Exchange 2013 Client Access Servers
Pingback: Exchange Server 2013 Database Availability Groups
Hello
If i have only 2 servers. is it possible to install CAS and Mailbox server roles on both of them and configure load balancing and DAG on these 2 servers??
regards
The Real Person!
The Real Person!
CAS and Mailbox roles can co-exist on the same server. If that server is also a DAG member and you want to do load balancing you’ll need to use a hardware load balancer, not Windows NLB.
So, in theory, to run this configuration without the need or usage of a hardware load balanacer, youd need to run two Mailbox servers and place them in a DAG, with the Witness Server being the CAS server?
Thanks,
James
Hi
Is it possible to have 2 or 3 multi roles servers (MBX+CAS) in a DAG and to access the CAS array with DNS round robin ?
thx
The Real Person!
The Real Person!
There is no CAS array in 2013, but yes you can use DNS RR to distribute traffic across multiple Exchange 2013 servers.
https://www.practical365.com/exchange-2013-client-access-server-high-availability/
With an existing E2010 environnement with 4 CAS in DNS RR and 3 MBX servers in a DAG, is it possible to add another DAG (for example with 3 CAS/MBX servers in E2013 or 2016) ?
How will be routed clients between E2010 CAS and E2013/2016 CAS ?
thx
The Real Person!
The Real Person!
Yes, if you want a 2013 or 2016 DAG the only way to do that is to create a new DAG in the environment.
Client access connections are handled by the 2013 or 2016 servers, which will proxy to the 2010 server for any 2010 mailbox users. This is referred to as “co-existence” and is achieved by pointing the CAS namespaces to the 2013 or 2016 servers.
Pingback: Exchange Server 2013 のエッジトランスポートの役割について « SE の雑記
As good as it gets!
Thanks!
We’re using a 3 tiered security stack: Perimeter, mid-tier and backend. If the CAS/mailbox server are in the backend and there is no plan for an Edge Transport, what is going to proxy the OWA connections from the internet to the backend. Also, is Microsoft planning ANY edge device that supports IPv6?
The Real Person!
The Real Person!
Exchange 2007/2010 Edge Transports work with Exchange 2013.
I saw a comment from MS today that Edge won’t be in RTM, which doesn’t mean it won’t come later perhaps, but I probably wouldn’t count on it.
I haven’t seen any yes/no info yet on whether the Exchange 2013 CAS can sit in a DMZ.
Neither CAS15 or MBX15 will be supported in a perimeter network.
Paul-
Have you by chance seen anything yet for Exchange 2013 that points to whether or not CAS can sit in a DMZ? I have been looking and cannot seem to find anything.
The Real Person!
The Real Person!
CAS cannot sit in DMZ.
Hi Paul, We have Exchange 2010 SP3 servers. Since we have a lot of DBS overgrown. We are thinking to put Exchange 2013 with DB role only with our exchange 2010 Servers. Will that work without any issues and does it support DAG on 2013 side. Eagerly waiting for your reply.
Thanks Harry Bhmra
The Real Person!
The Real Person!
You can’t just deploy the Mailbox server role for 2013. You’ll need to deploy the Client Access server role as well. The current best practice is to deploy both roles on the same server as a multi-role server.
The 2013 server can’t be a member of a 2010 DAG. It can be a member of a 2013 DAG though.
Thanks for the Reply Paul, Can we add Exchange 2013 CAS and Mailbox Server as a DB Server on Exchange 2010 Server Env. (Exisitng Env. has No DAG, only 4 Exch. 2010 Servers)
The Real Person!
The Real Person!
Yes, you can. You will need to treat it like a normal migration project and establish co-existence properly before you can move any mailboxes to the 2013 server.