Edge Transport Role question (Full Version)

All Forums >> [Microsoft Exchange 2007] >> Installation


KenMorr -> Edge Transport Role question (21.Nov.2007 8:48:40 AM)

I'm in the process of planning the installation of Exchange 2007 with 250 users, 2- 2003 A/D  severs, one GC (currently on Exchange 2003- single box - no F/E server) and want to confirm one thing and questions about other things:
1) The Edge Transport server role is best placed in the DMZ on a server with or without other funtions on it?
2) What O/S is needed for the Edge Transport Server role to be installed on?
3) What are the minimum hardware requirements for the role?


rishishah -> RE: Edge Transport Role question (21.Nov.2007 8:52:30 AM)

1) Yes put it on the DMZ. You can add Gateway AV and Gway Anti-Spam
2) Windows 2003 STD 64Bit
3) Depends on your mail flow and Gateway AV and Antispam you deploy on it but i would go with atleast one 64 Bit Processor (two better if you can get it/afford it), 4GB RAM and a Raid 10 set disk configuration (for the OS and Exchange).

Although if you mailflow is low 2GB RAM and Raid 1 is enough.

ismail.mohammed -> RE: Edge Transport Role question (21.Nov.2007 8:57:22 AM)


Edge server is used for Anti-spam and anti-virus updates so that before mails comes to in your organization it should filterize as per the technology and our business requirement. In Exchange 2003 there was issue of spamming, spoofing which has been reduced.

Edge server should always need to be setup in the DMZ that is the best practice.
If you are having small environment you can option out this Edge server and you can configure your Hub Server for enabling the Edge server functionality

For hardware require : 64 bit needs to implemented on production environment with 2 GB ram atleast

For more information on Exchange 2007 System Requirements

KenMorr -> RE: Edge Transport Role question (21.Nov.2007 9:11:09 AM)

This is helping. Many Thanks.
We are already using a hardware appliance for the role of filtering and A/V.  It's the Symantec Mail Security server. Would there be any advantage to using the Edge role in this case either as in addition to or replacing what is already there?
If not, what would be recommended as the best practice for OWA set up?
Thank you

rishishah -> RE: Edge Transport Role question (21.Nov.2007 9:35:43 AM)

OWA can only be done by the CAS server role.

If you are happy and your security policy allows you to receive mail with just one AV engine than you can get away without using the Hub Transport. However you will have to create a specific Send Connector on the Hub Transport to allow you to send and receive internet mail from the Symantect Mail Security Server.

You can than deploy CAS on this server to use for OWA, ActiveSync and even RCP over HTTPS all together.


vhato -> RE: Edge Transport Role question (16.Dec.2007 9:27:51 AM)

My environmet is similar.  I installed the Anti-SPAM script and see it in my Hub Transport layer as mentioned above.  However, I can't see any of Microsofts Anti-SPAM updates. Windows Updates shows them as instsalled.  Do these updates ONLY apply to EDGE?

ismail.mohammed -> RE: Edge Transport Role question (16.Dec.2007 12:01:12 PM)


See this article : maily focus on question and answer round
Enabling Forefront Security Anti-spam Updates

And read this entire article
Configuring Exchange 2007 Hub Transport role to receive Internet mail

vhato -> RE: Edge Transport Role question (16.Dec.2007 3:42:20 PM)

Thanks for the reply.  From what I read is I can use Hub Transport and it will work.  Unless I misunderstand.  I ran Enable-AntispamUpdates -Identity SRVMAIL -IPReputationUpdatesEnabled $True -UpdateMode Automatic -SpamSignatureUpdatesEnabled $True And it now shows all features are enabled. However, items such as IP Allow List Providers, IP Blcok List Providers and Filtering options are all empty. I then ran Get-antispamupdates and it shows current information. What am I misunderstanding?

vhato -> RE: Edge Transport Role question (16.Dec.2007 10:25:51 PM)

I did some more playing.  The logs show Anti-SPAM is working.  I just ASSumed I would have control over the contingencies Microsoft sends out daily as SPAM.  So now I see the Block lists, etc are just for my custom inputs.

Page: [1]