Because an Edge Transport server sits at your network perimeter, It is the one server in an Exchange Server 2007...
organization that is exposed to the outside world (although this server should still be protected by a firewall).
The pre-installation checks will actually fail if NNTP is installed on Exchange Server 2007, because it does not support the NNTP service. Likewise, the Exchange 2007 Setup wizard also checks to make sure that the SMTP service is not installed.
The SMTP service is forbidden because it is actually an Internet Information Services (IIS) component. Fearing that IIS might be vulnerable to attack, the Exchange Server development team completely rewrote the SMTP service using managed code. The new and improved SMTP service gets installed as a part of Exchange Server 2007.
The relationship between an Edge Transport server and Active Directory
Microsoft has also made some changes to Exchange Server's dependency on Active Directory. Exchange Server 2007 requires access to Active Directory, but the Edge Transport server role is an exception.
It would be a huge security risk to give a perimeter server read and write access to Active Directory. So an Edge Transport server uses Active Directory Application Mode (ADAM) instead.
What this means is that critical portions of Active Directory are copied to an Active Directory partition that resides on the Edge Transport server. Consequently, the server has the necessary configuration information -- but you eliminate the risk of exposing sensitive Active Directory data.
Edge Transport Server server role rules
Microsoft created the concept of server roles in Exchange 2007 as a way of making the newest Exchange version more modular. Various roles can be combined on a machine so Exchange Server can perform its required tasks without unnecessary overhead or security risks that could potentially be introduced by running unnecessary code.
Normally, a single Exchange 2007 server can host multiple server roles -- an Edge Transport server is again the exception. Because an Edge Transport server needs to be hardened (and because it doesn't have direct access to Active Directory), no other Exchange 2007 server roles can be run on the same machine.
HOW TO INSTALL AND CONFIGURE AN EDGE TRANSPORT SERVER
Step 1: How an Edge Transport server works
Step 2: Install the Edge Transport server
Step 3: Create an Edge Subscription
Step 4: Replicate Active Directory data to the Edge Transport server
Step 5: Verify communication with the Hub Transport server
Step 6: Configure Edge Transport server email filtering agents
Step 7: Set up Edge Transport server advanced content-filtering features
|ABOUT THE AUTHOR:|
| Brien M. Posey, MCSE
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Exchange Server, and has previously received Microsoft's MVP award for Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at http://www.brienposey.com.