Q: Does Exchange Server 2016 require an Edge Transport server to be deployed?
Edge Transport is an optional role, which has been the case for all versions of Exchange that have had an Edge role available. The consolidation of Exchange 2016 server roles into just two (Mailbox, and Edge Transport) doesn’t change that. You can deploy a simple Exchange 2016 environment on a single Mailbox server, with no Edge Transport server deployed at all.
What you might need to consider though, is whether Edge Transport does anything for you that you need from a functionality perspective. The Edge Transport server role is designed to sit in a perimeter network, providing secure mail flow in and out of your organization. That includes filtering unwanted email, although the capabilities are not as rich as most other email security products and cloud services (including Exchange Online Protection). So from a functionality perspective, you may still need to deploy an email security server or service to protect your environment and your end users.
You can read more about the Edge Transport server role here (the article is written for Exchange 2013, but little has changed for 2016).
renewing my exchange 2016 auto-sign certificate by local autority certificate will impact my edge ? since he has auto -sign certificate itself
can you use an edge transport server without any other exchange servers if you only want to sent email and not receive?
No, A edge server is usually used to protect a environment with protection against viruses, etc. For me it’s just more elegant a safer option to have a edge server as it dosen’t expose the ad joined exchange mail server.
Can we use 2016 Exchange as Edge server to replace TMG 2010 .
Can I install the Edge transport role on the same windows 2016 server where the mailbox server role of exchange 2016 is installed?
Specifically in Exchange 2016 environment.
If we dont have Edge Transport & any third party filtering service deployed in our environment. Then who would be responsible for email filtering ?
Hi Paul, I want to use 2016 Edge placed at the iDMZ which will point to Google. Do you have any installation guide doing this? Some detailed one.
What does “point to Google” mean exactly?
Is there any need for an edge transport server if you run an hybrid installation and all traffic goes thru Online Protection? And we also only have like 50 functional mailboxes left on ground.
Thanks for a great site!
Even though that the Edge role ist not *required* for an on-premises Exchange deployment there are certain enterprise deployment scenarios where you want to deploy servers running the Edge role.
When it comes to 3rd Party gateway solutions you must keep in mind that those are not officially supported for native hybrid mailflow with Office 365.
Dear Paul Sir,
I follow your articles. It’s amazing. “Thank you so much for generously sharing your time and expertise.”
As per my knowledge, If we have 3rd party mail security gateway then we don’t need an Edge server.
Do we need a license for this component if we configure this role on a server running in DR
I already have barracuda email security as a gateway, Do i still need Edge Transport role ?
Hi Paul, in Exchange 2016 will I require a separate Edge Transport Server in order to get DNSBL (Connection Filtering) working?
If I am setting up the hybrid architecture for Exchange 2016, then why would I need the Edge Transport Role? O 365 will take care of anti-virus and spam filtering. Just curious about this.
Some organizations have a policy against allowing external connections to the internal network, and require them to go through a host in a perimeter network instead.
Can Edge Transport 2016 be installed on a separate box in DMZ for an environment with MS Exchange 2010 hub-transport and 2010 CAS/Mailbox servers (in the inside network). Do you see that as possible or potentially see it as not doable/problematic.
Thanks in advance.
Can the Exchange 2016 Edge server role run in a high availabiliy setup?
Yes. HA for Edge is achieved through the use of multiple servers, multiple MX, load balancing, multiple datacenters, etc (or some combination of those things). There’s no special configuration of Edge required for HA though, not like a DAG.