Introduction to Exchange 2007 Server Roles
Understanding the Exchange Information Store
Exchange 2007 introduces a new concept to Exchange organizations, the concept of server roles. Similar to how a Windows server can host one or many roles, this type of configuration has been implemented in Exchange Server 2007.
Note: This article is published with permission from www.msexchange.org
Devolutions Remote Desktop Manager
Devolutions RDM centralizes all remote connections on a single platform that is securely shared between users and across the entire team. With support for hundreds of integrated technologies — including multiple protocols and VPNs — along with built-in enterprise-grade password management tools, global and granular-level access controls, and robust mobile apps to complement desktop clients.
Server roles allow an administrator to split the functions of an Exchange server and place each role, or a combination of roles, on different servers in the organization. This can be done for performance reasons, management reasons, or any other reason deemed necessary by the organizations policies.
With current Exchange servers you can make a server a Front-End server, or a Back-End server and that is about it. Exchange 2007 introduces five roles to the Exchange organization.
- Edge Transport
- Hub Transport
- Client Access
- Unified Messaging
The following graphic (Figure 1) shows the placement of each role in a typical organization.
Edge Transport Role
The Edge Transport role is installed on the edge of the network and therefore is installed on a standalone server that is not a member of the Active Directory domain. Because the server is not a member of the Active Directory domain, Active Directory Application Mode (ADAM) is used to sync AD with the Edge Transport server. ADAM and a component called EdgeSync are used to perform scheduled one-way synchronization of the configuration and recipient information from Active Directory. This allows the Edge Transport to perform recipient lookups and Spam filtering.
The Edge Transport role performs a number of functions including Anti-spam and Anti-virus protection. The Edge Transport uses connection filtering, content filtering, recipient filtering, SenderID, sender and IP reputation to reduce the amount of Spam delivered to the end users inbox. Mail tagged as Spam will sit in a Spam quarantine from which administrators can delete or allow messages tagged as Spam. One of the top features is the ability for Outlook 2003 and 2007 clients to merge their Spam settings (like white and black lists) to the Edge Transport server to increase the efficiency and accuracy of the filters. The built in VSAPI has been improved and the introduction of transport agents will allow third party AV applications to provide stronger AV filtering.
Edge Transport Rules are used to protect the Exchange organization by applying rules and based on whether the message passes or fails appropriate action is taken. Unlike the Anti-virus and Anti-Spam processing, Edge Transport rules are based on SMTP and MIME addresses, words in the subject or message body, and SCL rating. The Edge Transport role also handles address rewriting; in Exchange 2007 an administrator can modify the SMTP address on in or outbound mail.
The Edge Transport server is also responsible for all mail entering or leaving the Exchange organization. Mail travels inbound through the Edge Transport and once the Edge Transport Rules have been applied the message is passed on to the Hub Transport server. Because the Edge Transport is responsible for all in and outbound mail, you can configure multiple Edge Transport servers for redundancy and load balancing.
Hub Transport Role
The Hub Transport role is responsible for all internal mail flow. This role is similar to the bridgehead server in an Exchange 2000/2003 organization. In fact it originally was called the Bridgehead Role until it was changed.
The Hub Transport server, as well as the rest of the server roles, is installed on member server(s) in an Active Directory domain. There is no need for ADAM on this, or any other role aside from the Edge Transport. Because it is a member of an AD domain, all its configuration information is stored in AD and any other Hub Transport servers you install will get their configuration from AD.
Inbound mail is accepted from the Edge Transport and passed on to the users mailbox, and all outbound mail is relayed from the Hub Transport to the Edge Transport and out to the Internet. The Hub Transport and Edge Transport servers are very similar and in fact, one can forgo the Edge Transport server and configure the Hub Transport to accept mail from, and send mail to, the Internet. Hub Transport agents can also be deployed to enforce corporate message policies such as message retention, something that will come as good news to administrators attempting to comply with SarbOx rules.
The Anti-Spam and Anti-virus features of the Edge Transport can be configured on the Hub Transport in order to reduce the number of servers required. It is quite feasible that you may only have one server in your Exchange organization with all the roles installed on it. In this case you cannot have an Edge Transport and all those features will be passed on to the Hub Transport role.
The simplest of the roles has to be the Mailbox Role. Quite simply the Mailbox role holds the Exchange databases within which the user mailboxes are contained. It is also home to the Public Folder databases if you enabled Public Folders. (They are not enabled by default in Exchange 2007)
Client Access Role
The Client Access Role is similar to the role a Front-End server would play in an Exchange 2000/2003 organization. The Client Access server is the server that users connect to with their mail client, mobile device, or web browser. The Client Access server handles all connections whether they come from an application such as Outlook 2003 or 2007, Outlook Express, or any other MAPI, POP3 or IMAP4 client. The Client Access server also handles connections made from mobile devices such as a Windows Mobile 5 Smartphone, or any other device using Exchange ActiveSync. Exchange ActiveSync in Exchange 2007 supports all devices with PocketPC 2002/2003 and Windows Mobile 5. Figure 2 shows how all the clients and roles connect to each other.
This role also provides Outlook Web Access (OWA). OWA allows a user to access his or her mailbox from a web browser and have full access to all the information in the mailbox including task lists, calendar information, mail items and public folders. One of the hot new functions of OWA is Sharepoint and UNC access. Now users can access UNC shares (”servername’share) and Sharepoint document libraries reducing the need for complex VPN configurations.
Unified Messaging Role
The last, and in my opinion, coolest role is the Unified Messaging Role. The Unified Messaging role is responsible for merging your VOIP infrastructure with your Exchange organization. What does this allow for?
- combined voice, fax, and mail in one inbox
- access to voice, fax and mail via multiple interfaces
Need to check your voicemail but all you have is Internet access? No problem, connect to the Exchange server with OWA and you will find your voicemail as attachments in email messages. Running late for a meeting and no access to email or your calendar? Call the Exchange server and move the start of the appointment in your calendar and the attendees with get an email notifying them of the change.
Unified messaging will change the way user’s access voice, fax and email and they will love you for it. Now before you get too excited this will require some special hardware to interact with your phone system and more information will be released as Exchange 2007 gets closer to RTM.
This introduction scratches the surface at the capabilities of each role. Stay tuned for more information on each role as Exchange 2007 gets closer to RTM.
Rodney Buike is a Microsoft MVP and has his MCSE certification on Windows 2000 and 2003. He is the System Engineer for a major Canadian manufacturing company and is the publisher of http://thelazyadmin.com
Note: This article is published with permission from www.msexchange.org