Planning for Edge Transport Server Deployment

The Edge Transport server role differs from other Exchange 2007 server roles in several important ways that you must consider when you plan your deployment. The Exchange 2007 Edge Transport server does not have access to Active Directory for storage of configuration and recipient information as do the other Exchange 2007 server roles. The Edge Transport server uses the Active Directory Application Mode (ADAM) directory service to store configuration and recipient information. The Edge Transport server is deployed outside the Exchange organization in the perimeter network and can provide Simple Mail Transfer Protocol (SMTP) relay and smart host functionality. The Edge Transport server also has an important role in providing anti-spam and antivirus functionality for the Exchange organization.

Note:

Exchange 2007 Service Pack 1 (SP1) supports deployment of server roles on a Windows Server 2008 computer. If the Edge Transport server is installed on Windows Server 2008, ADAM is replaced by Active Directory Lightweight Directory Services (AD LDS). Windows Server 2008 includes several features that have been enhanced or renamed. For information about the feature changes between Windows Server 2003 and Windows Server 2008, see Terminology Changes.

When you plan to deploy the Edge Transport server role, you should consider all the following topics:

• Topology Options   Begin by planning where you will put your Edge Transport server in the Exchange physical topology. When you have determined where the Edge Transport server will be located in the network relative to your other Exchange servers, you can plan for the connectors that you will require and for how they should be configured. For more information about how to plan for placement of the Edge Transport server, see Planning Your Deployment.
  
  
• Server Capacity   Planning for server capacity includes planning to conduct performance monitoring of the Edge Transport server. Performance monitoring will help you understand how hard the server is working. This information will determine the capacity of your current hardware configuration. For more information, see Planning Processor Configurations.
  
  
• Transport Features   The Edge Transport server can provide antivirus and anti-spam protection at the edge of the network. As part of your planning process, you should determine the transport features that you will enable at the Edge Transport server and how they will be configured. For more information about how to plan to use Exchange 2007 transport features, see Planning for Edge Transport Server Features.
  
  
• Security   The Edge Transport server role is designed to have a minimal attack surface. Therefore, it important to correctly secure and manage both the physical access and network access to the server. Planning for security will help you make sure that IP connections are only enabled from authorized servers and from authorized users. For more information, see the Deployment Security Checklist.
  
  The recommended practice is to put the Edge Transport server within a perimeter network. To make sure that the server can send and receive e-mail and receive recipient and configuration data updates from the Microsoft Exchange EdgeSync service, you must allow communication through the ports that are listed in the following table.
  
  

  Communication port settings for Edge Transport servers

  Network interface	Open port	Protocol	Note
  Inbound from and outbound to the Internet	25/TCP	SMTP	This port must be open for mail flow to and from the Internet.
  Inbound from and outbound to the internal network	25/TCP	SMTP	This port must be open for mail flow to and from the Exchange organization.
  Local only	50389/TCP	LDAP	This port is used to make a local connection to ADAM.
  Inbound from the internal network	50636/TCP	Secure LDAP	This port must be open for EdgeSync synchronization.
  Inbound from the internal network	3389/TCP	RDP	Opening this port is optional. It provides more flexibility in managing the Edge Transport servers from inside the internal network by letting you use a remote desktop connection to manage the Edge Transport server.

Note:
The Edge Transport server role uses non-standard LDAP ports. The ports that are specified in this topic are the LDAP communication ports that are configured when the Edge Transport server role is installed. For more information, see How to Modify ADAM Configuration.

• EdgeSync   You can create an Edge Subscription to subscribe the Edge Transport server to the Exchange organization. When you create an Edge Subscription, recipient and configuration data is replicated from Active Directory to ADAM. You subscribe an Edge Transport server to an Active Directory site. Then the Microsoft Exchange EdgeSync service that is running on the Hub Transport servers in that site periodically updates ADAM by synchronizing data from Active Directory. The Edge Subscription process automatically provisions the Send connectors that are required to enable mail flow from the Exchange organization to the Internet through an Edge Transport server. If you are using the recipient lookup or safelist aggregation features on the Edge Transport server, you must subscribe the Edge Transport server to the organization. For more information, see Using an Edge Subscription to Populate ADAM with Active Directory Data.
  
  

For More Information