The Microsoft Exchange Server 2007 Edge Transport server role is designed to provide improved antivirus and anti-spam protection for the Exchange organization. Computers that have the Edge Transport server role also apply policies to messages in transport between organizations. This server role is deployed in the perimeter network and outside the
Active Directory directory service forest. This topic provides an overview of the steps that we recommend that you perform when planning to deploy the Edge Transport server role.
Planning for Edge Transport Server Deployment
The Edge Transport server role differs from other Exchange 2007 server roles in several important ways that you must consider when you plan your deployment. The
Exchange 2007 Edge Transport server does not have access to Active Directory for storage of configuration and recipient information as do the other Exchange 2007 server roles. The Edge Transport server uses the Active Directory Application Mode (ADAM) directory service to store configuration and recipient information. The Edge Transport server is deployed outside the Exchange organization in the perimeter network and can provide Simple Mail Transfer Protocol (SMTP) relay and smart host functionality. The Edge Transport server also has an important role in providing anti-spam and antivirus functionality for the Exchange organization.
When you plan to deploy the Edge Transport server role, you should consider all the following topics:
• Topology Options Begin by planning where you will put your Edge Transport server in the Exchange physical topology. When you have determined where the Edge Transport server will be located in the network relative to your other Exchange servers, you can plan for the connectors that you will require and for how they should be configured. For more information about how to plan for placement of the Edge Transport server, see Planning Your Deployment
•
.
Server Capacity Planning for server capacity includes planning to conduct performance monitoring of the Edge Transport server. Performance monitoring will help you
understand how hard the server is working. This information will determine the capacity of your current hardware configuration. For more information, see Planning Processor and Memory Configurations
•
.
Transport Features The Edge Transport server can provide antivirus and anti-spam protection at the edge of the network. As part of your planning process, you should determine the transport features that you will enable at the Edge Transport server and how they will be configured. For more information about how to plan to use
Exchange 2007 transport features, see Planning for Edge Transport Server Features
•
. Security The Edge Transport server role is designed to have a minimal attack surface. Therefore, it important to correctly secure and manage both the physical access and network access to the server. Planning for security will help you make sure that IP connections are only enabled from authorized servers and from authorized users. For more information, see t
The recommended practice is to put the Edge Transport server within a perimeter network. To make sure that the server can send and receive e-mail and receive recipient and configuration data updates from the Microsoft Exchange EdgeSync service, you must allow communication through the ports that are listed in the following table.
Table 49 Communication port settings for Edge Transport servers
Network interface Open port Protocol Note
Inbound from and outbound to the Internet
25/TCP SMTP This port must be
open for mail flow to and from the Internet. Inbound from and
outbound to the internal network
25/TCP SMTP This port must be
open for mail flow to and from the Exchange organization.
Local only 50389/TCP LDAP This port is used to
make a local
connection to ADAM. Inbound from the
internal network
50636/TCP Secure LDAP This port must be
open for EdgeSync synchronization. Inbound from the
internal network
3389/TCP RDP Opening this port is
optional. It provides more flexibility in managing the Edge Transport servers from inside the internal network by letting you use a remote desktop connection to manage the Edge Transport server.
Note:
The Edge Transport server role uses non-standard LDAP ports. The ports that are specified in this topic are the LDAP communication ports that are configured when the Edge Transport server role is installed. For more information, s
• EdgeSync You can create an Edge Subscription to subscribe the Edge Transport server to the Exchange organization. When you create an Edge Subscription, recipient and configuration data is replicated from Active Directory to ADAM. You subscribe an Edge Transport server to an Active Directory site. Then the
that site periodically updates ADAM by synchronizing data from Active Directory. The Edge Subscription process automatically provisions the Send connectors that are required to enable mail flow from the Exchange organization to the Internet through an Edge Transport server. If you are using the recipient lookup or safelist aggregation