Exchange 2007 Server Roles

The five Exchange 2007 Server Roles

It should be noted that four of the five Exchange 2007 roles can be homed on the same server. This includes the Client Access Server (CAS), Hub Transport Server (HTS), Mailbox Server (MBS) and the Unified Messaging Server (UMS). The Edge Transport Server cannot be a member of the AD Forest, or domain and cannot be combined with any other server roles. While these four roles can reside on the same server, the determination to execute these roles on the same server will be dependent on a companies need for scalability and performance. A scenario for a medium to large organization at the very least might likely involve two dedicated Edge Transport Servers in the DMZ if deployed for spam filtering, two Hub Transport servers in a centralized AD site, two Client Access Servers, a dedicated Unified Messaging Server if deployed, and a Mailbox server implementation using a Continuous Cluster Replication (see CCR https://blogs.pointbridge.com/Blogs/pointbridge/Lists/Posts/Post.aspx?ID=20 ). The configuration and building of each of these roles has been simplified based on a modular setup enabling not only configuration of the specific role but optimization of the particular server role by way of the Server Roles Selection.

Client Access Server

The Client Access server role accepts connections to your Exchange 2007 server from a variety of different clients. Software clients such as Microsoft Outlook Express and Eudora use POP3 or IMAP4 connections to communicate with the Exchange server. Hardware clients, such as mobile devices, use ActiveSync, POP3, or IMAP4 to communicate with the Exchange server. If users access their Inbox by using any client other than Microsoft Outlook, you must install the Client Access server role in your Exchange organization.

Outlook Web Access

Outlook Web Access in Exchange Server 2007 lets you access your e-mail from any Web browser. Outlook Web Access has been redesigned in Exchange Server 2007 to enhance the user experience and productivity in many ways. New features, such as smart meeting booking, Microsoft Windows SharePoint Services and Universal Naming Convention (UNC) file share integration, and improvements in reminders and the address book, give you a rich user experience from any computer that has a Web browser. There are two versions of Outlook Web Access included in Exchange Server 2007: the full-featured Outlook Web Access client and the new Outlook Web Access Light client. Outlook Web Access Light is designed to optimize your Outlook Web Access experience for mobile devices and slower connections.

Exchange ActiveSync

Exchange ActiveSync lets you synchronize data between your mobile device and Exchange 2007. You can synchronize e-mail, contacts, calendar information, and tasks. Devices that run Microsoft Windows Mobile® software, including Windows Mobile powered Pocket PC 2002, Windows Mobile powered Pocket PC 2003, and Windows Mobile 5.0, are all supported.

If you use a device that has Windows Mobile 5.0 and the Messaging Security and Feature Pack (MSFP) installed, your mobile device will support Direct Push. Direct Push is a technology that is built into Exchange ActiveSync that keeps a mobile device continuously synchronized with an Exchange mailbox.

POP3 and IMAP4

Besides supporting MAPI and HTTP clients, Exchange Server 2007 supports POP3 and IMAP4 clients. By default, POP3 and IMAP4 are installed and enabled when you install the Client Access server role.

Hub Transport Server

Deployed inside your Active Directory directory service forest, the Hub Transport server role handles all mail flow inside the organization, applies transport rules, applies journaling policies, and delivers messages to a recipient’s mailbox. Messages that are sent to the Internet are relayed by the Hub Transport server to the Edge Transport server role that is deployed in the perimeter network. Messages that are received from the Internet are processed by the Edge Transport server before they are relayed to the Hub Transport server. If you do not have an Edge Transport server, you can configure the Hub Transport server to relay Internet messages directly. You can also install and configure the Edge Transport server agents on the Hub Transport server to provide anti-spam and antivirus protection inside the organization.

The Hub Transport server role stores all its configuration information in Active Directory. This information includes transport rules settings, journal rule settings, and connector configurations. Because this information is stored in Active Directory, you can configure settings one time, and then those settings are applied by every Hub Transport server in the organization.

You can install the Hub Transport server role on the same hardware with any other non-clustered internal server role or on a server that is dedicated to the Hub Transport server role. You must deploy a Hub Transport server role in each Active Directory site that contains a Mailbox server role. Deploying more than one Hub Transport server per site provides redundancy if a server fails. When you install more than one Hub Transport server in an Active Directory site, the connections are distributed.

The message-processing scenarios that you can manage on the Hub Transport server role are described in the following sections.

Internal Mail Flow

The Hub Transport server role processes all messages that are sent inside the Exchange 2007 organization before the messages are delivered to a recipient’s Inbox or are routed to users outside the organization. There are no exceptions to this behavior; messages are always passed through a server that runs the Hub Transport server role.

Messages are submitted to the Hub Transport server in three ways: through Simple Mail Transfer Protocol (SMTP) submission, from the Pickup directory, or when a user inside the organization sends a message, and that message is picked up from the user’s Outbox by the store driver, a software component of the Hub Transport server that delivers inbound messages to Exchange stores, the databases that contain public folder and mailbox stores.

Revolutionize Your Business With Generative AI

From product design and software development to virtual agents, content creation, and reporting, GenAI is transforming business. Our AI experts help you unlock GenAI’s full potential and drive growth.

Let’s Get Started

When messages are submitted to the Hub Transport server, they are processed by the categorizer. The categorizer is a component of Exchange transport that processes all inbound messages and determines what to do with the messages based on information about the intended recipients. In Exchange 2007, the Hub Transport server uses the categorizer to expand distribution lists and to identify alternative recipients and forwarding addresses. After the categorizer retrieves full information about the recipients, it uses that information to apply policies, route the message, and perform content conversion. Messages are then delivered locally by the store driver to a recipient’s mailbox, or they are delivered remotely by using SMTP to send messages to another transport server. Messages that are sent by users in your organization are picked up from the sender’s Outbox by the store driver and are put in the Submission queue on a server that runs the Hub Transport server role.

Messaging Policy and Compliance Features

A collection of transport agents lets you configure rules and settings that are applied as messages enter and leave the mail flow components. You can create messaging policy and rule settings that are designed to meet different regulations and that can easily be changed to adapt to your organization’s requirements. The transport-based messaging policy and compliance features include server-based rules that you configure to enforce your organization’s compliance scenarios and the Journaling agent that acts to enforce message retention.

Anti-Spam and Antivirus Protection

The Exchange 2007 Built-in Protection features provide anti-spam and antivirus protection for messages. Although these Built-in Protection features are designed for use in the perimeter network on the Edge Transport server role, the Edge Transport agents can also be configured on the Hub Transport server. By default, these agents are not enabled on the Hub Transport server role. To use the anti-spam features on the Hub Transport server, you must register the agents in a configuration file and enable the features that you want to use by running a provided Exchange Management Shell script. You install and enable the antivirus agent in a separate operation.

Mailbox Server

The Mailbox server role hosts mailbox databases, which contain users’ mailboxes. If you plan to host user mailboxes, public folders, or both, the Mailbox server role is required. In Exchange Server 2007, the Mailbox server role integrates with the Active Directory directory service better than the mailbox features and functionality in earlier versions of Exchange. This improved integration makes deployment and operation tasks much easier. The Mailbox server role also improves the information worker experience by providing richer calendaring functionality, resource management, and offline address book downloads. The Mailbox server is where Local Continuous Replication (LCR) and Cluster Continuous Replication (CCR) are implemented and must be dedicated without any other roles in these scenarios.

See LCR https://blogs.pointbridge.com/Blogs/pointbridge/Lists/Posts/Post.aspx?ID=21 or CCR https://blogs.pointbridge.com/Blogs/pointbridge/Lists/Posts/Post.aspx?ID=20

Unified Messaging Server

Exchange 2007 Unified Messaging provides a single point of message administration for Exchange administrators in an organization.

The features within Exchange 2007 Unified Messaging enable an Exchange administrator to:

1. Manage the voice mail, e-mail, and fax systems from a single platform.
2. Manage Unified Messaging using scriptable commands.
3. Build highly available and reliable Unified Messaging infrastructures.

The Unified Messaging server role in Exchange 2007 lets users access voice mail, e-mail, fax messages, and calendar information that is located in their Exchange 2007 mailbox from an e-mail client such as Microsoft Outlook or Outlook Web Access, from a mobile device that has Microsoft Exchange ActiveSync enabled, such as a Windows Mobile® powered smartphone or a personal digital assistant (PDA), or from a telephone.

Unified Messaging in Exchange 2007 gives users features such as:

1. Call Answering Call answering includes answering an incoming call on behalf of a user, playing their personal greeting, recording a message, and submitting it for delivery to their inbox as an e-mail message.
2. Fax Receiving Fax receiving is the process of submitting a fax message for delivery to the Inbox. The fax receiving feature lets users receive fax messages in their Inbox.
3. Subscriber Access The subscriber access feature enables dial-in access for company users. Company users or subscribers who are dialing into the Unified Messaging system can access their mailbox using Outlook Voice Access. Subscribers who use Outlook Voice Access can access the Unified Messaging system by using the telephone keypad or voice inputs.

By using a telephone, a subscriber or user can:

1. Access voice mail over a telephone.
2. Listen, forward, or reply to e-mail messages over a telephone.
3. Listen to calendar information over a telephone.
4. Access or dial contacts stored in the global address list or a personal contact list over a telephone.
5. Accept or cancel meeting requests over a telephone.
6. Set a voice mail Out-of-Office message.
7. Set user security preferences and personal options.

Auto Attendant An auto attendant is a set of voice prompts that gives external users access to the Exchange 2007 Unified Messaging system. An auto attendant lets the user use either the telephone keypad or speech inputs to navigate the menu structure, place a call to a user, or locate a user and then place a call to that user.

An auto attendant gives the administrator the ability to:

1. Create a customizable set of menus for external users.
2. Define informational greetings, business hours greetings, and non-business hours greetings.
3. Define holiday schedules.
4. Describe how to search the organization’s directory.
5. Describe how to connect to a user’s extension so external callers can call a user by specifying their extension.
6. Describe how to search the organization’s directory so external callers can search the organization’s directory and call a specific user.
7. Enable external users to call the operator.

Edge Transport Server

The Edge Transport server role is deployed in the organization’s perimeter network as a stand-alone server. It is designed to minimize the attack surface. The Edge Transport server handles all Internet-facing mail flow, which provides Simple Mail Transfer Protocol (SMTP) relay and smart host services for the Exchange organization. Additional layers of message protection and security are provided by a series of agents that run on the Edge Transport server and act on messages as they are processed by the message transport components. These agents support the features that provide protection against viruses and spam and apply transport rules to control message flow.

The computer that has the Edge Transport server role installed doesn’t have access to the Active Directory directory service. All configuration and recipient information is stored in the Active Directory Application Mode (ADAM) directory service. To perform recipient lookup tasks, the Edge Transport server requires data that resides in Active Directory. EdgeSync is a collection of processes that are run on a computer that has the Hub Transport server role installed to establish one-way replication of recipient and configuration information from Active Directory to the ADAM instance on an Edge Transport server. The Microsoft Exchange EdgeSync service copies only the information that is required for the Edge Transport server to perform anti-spam configuration tasks and the information about the connector configuration that is required to enable end-to-end mail flow. The Microsoft Exchange EdgeSync service performs scheduled updates so that the information in ADAM remains current. EdgeSynch Service pushes date from AD to Edge Transport server using LDAP Port 50389/TCP or Secure LDAP Port 50636/TCP by default.

More than one Edge Transport server is recommended to be deployed in the perimeter network for redundancy. Load-balance SMTP traffic to the organization between Edge Transport servers can be accomplished by using Domain Name System (DNS) round robin, a simple mechanism that is used by DNS servers to share and distribute loads for network resources. You can achieve consistency in configuration between multiple Edge Transport servers by using cloned configuration scripts. Additionally, an Edge Transport server template is provided for use with the Microsoft Windows Server 2003 Service Pack 1 Security Configuration Wizard to help configure Windows Server 2003 at the appropriate role-based security level.

The message-processing scenarios that can be managed on the Edge Transport server role are described in the following sections.

Internet Mail Flow

Servers that run the Edge Transport server role accept messages that come into the Exchange 2007 organization from the Internet. After the messages are processed by the Edge Transport server, they are routed to Hub Transport servers inside the organization. All messages that are sent to the Internet from the organization are routed to Edge Transport servers after the messages are processed by the Hub Transport server. You can configure the Edge Transport server to use DNS to resolve Mail Exchanger (MX) resource records for external SMTP domains, or you can configure the Edge Transport server to forward messages to a smart host for DNS resolution.

Anti-Spam and Antivirus Protection

In Exchange 2007, the anti-spam and antivirus features provide services to block viruses and spam, or unsolicited commercial e-mail, at the network perimeter. Most viruses use spam-like tactics to gain access to your organization and to entice users to open an e-mail message. If you can filter out most of your spam, you are also more likely to capture viruses before they enter your organization.

Spammers use a variety of techniques to send spam into your organization. Servers that run the Edge Transport server role help prevent users in your organization from receiving spam by providing a collection of agents that work together to provide different layers of spam filtering and protection. Establishing tarpitting intervals on connectors makes e-mail harvesting attempts ineffective.

Edge Transport Rules

Edge Transport rules are used to control the flow of messages that are sent to or received from the Internet. The Edge Transport rules help protect corporate network resources and data by applying an action to messages that meet specified conditions. These rules are configured for each server. Edge Transport rule conditions are based on data, such as specific words or text patterns in the message subject, body, header, or From address, the spam confidence level (SCL), or attachment type. Actions determine how the message is processed when a specified condition is true. Possible actions include quarantine of a message, dropping or rejecting a message, appending additional recipients, or logging an event. Optional exceptions exempt particular messages from having an action applied.

Address Rewriting

You use address rewriting to present a consistent appearance to external recipients of messages from your Exchange 2007 organization. You configure the Address Rewriting agent on the Edge Transport server role to enable the modification of the SMTP addresses on inbound and outbound messages. Address rewriting is