Deploying the Edge Transport Server Role

Deploying the Edge Transport Server Role

The Edge Transport server role in Exchange Server 2007 is meant to be installed in your organization s perimeter network (also called a demilitarized zone [DMZ] or screened subnet). This server role supports Simple Mail Transfer Protocol (SMTP) routing (more specifically, SMTP-relay and Smart Host functionality) and provides several antispam filtering agents and support for antivirus extensibility. The Edge Transport server is the only server role that shouldn t be part of your Active Directory directory service forest; it should instead be installed on a stand-alone server in a workgroup as shown in Figure 7.1.

Figure 7.1: A Typical Edge Transport Server Scenario

Although the Edge Transport server role is isolated from Active Directory, it s still able to communicate with the Active Directory using a collection of processes known as EdgeSync, which runs on the Hub Transport server. Since it is part of the Active Directory, the Hub Transport server has access to the necessary Active Directory data. The Edge Transport server uses Active Directory Application Mode (ADAM) to store the required Active Directory data, which is data such as accepted domains, recipients, safe senders, send connectors, and a Hub Transport server list (used to generate dynamic connectors so that you don t need to create them manually).

It s important to understand that the EdgeSync replication is encrypted by default and that the replication is a one-way process from Active Directory to ADAM. This means that no data is replicated from ADAM to AD.

The...