How to configure an Edge Transport server in Exchange

Deploying an Edge Transport server

Rationale: Typically deployed in an organization's perimeter network to minimize the attack surface, handle all Internet-facing mail flow, and provide SMTP relay and smart host services for the Exchange organization

Introduction: Edge Transport servers are not required. When you transfer messages, you can meet your daily basic communications requirements by deploying a Hub Transport server. But if you do not install an Edge Transport server, This will result in a significant reduction in security performance. You need to be aware when deploying an Edge Transport server. Microsoft has changed some dependencies between Exchange and the Active Directory. The Edge Transport server uses Active Directory Application Mode (ADAM) to operate, which means that An important part of the Active Directory is replicated everywhere in the partition of the Active Directory next to the Edge Transport server. The Edge Transport server has the necessary configuration information. At the same time, it reduces the risk of exposing the sensitive, important data placed on the Active Directory to the external network environment.

The Edge Transport server cannot be installed on the same server as other server roles.

Installing an Edge Transport server

Conditions for deploying Edge Transport servers:

Recommended deployment in the perimeter network (DMZ area)

It is best to install on a stand-alone server (it is not recommended to join an Active Directory domain)

To configure the FQDN name of an Edge Transport server

Open the corresponding port on the fireproof wall

Exchange Edge Transport servers are typically deployed in the perimeter network, which enables more efficient transmission and management of Internet mail and improves the security of your messaging system

A series of agents running on an Edge Transport server can provide antivirus and anti-spam features, and can also control mail flow through transport rules

Installing an Edge Transport server

Install Adam patches (you need to install Adam (Active directory Application Mode) patches on Windows 2003 computers. Because the Edge Transport server is not a member of the Active Directory domain, the server's configuration information cannot be saved through the Active Directory. The Edge Transport server uses Adam instead of an Active Directory domain. Adam is a special mode of Active Directory service that can store specific information for an application. On the Exchange 2007 Edge Transport server, Adam is used to save configuration and recipient information. Ensure that the installation computer complies with the Exchange 2007 hardware and software requirements (ensure that the. NET Framework 2.0, Microsoft Management Console 3.0 and PowerShell 1.0) are installed on your computer)

Install the Edge Transport server role (the Active Directory Lightweight Directory service role needs to be added before installing the Edge Transport server role in a Windows 2008 computer.) ）

Configuring Edge Synchronization

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/Mail/

After you install an Edge Transport server, you need to configure edge synchronization. Edge synchronization copies information from Active Directory to ADAM

Step: Run the new-edgesubscription command, export the Edge subscription file (on the Edge Transport server)

Copy Edge Subscription file to Hub Transport server

Create a new Edge subscription to import an edge subscription file to a Hub Transport server

Run the "start-edgesynchronization" command to Force Edge synchronization (on the Hub Transport server)

Run the "test-edgesynchronization" command to verify the success (on the Hub Transport server)

Configuring Edge subscriptions automatically establishes 2 send connectors, respectively, on both the Hub Transport server and the Edge Transport server

The receiving domain configuration information for the Hub Transport server is automatically replicated to the Edge Transport server