This is a first of three parts designed to educate the reader on fundamental principles of Exchange 2007. Before any installation or upgrade can take place, solid understanding of fundamental technologies should be understood.
This first part will describe the Exchange 2007 server roles and how they compare to their Exchange 2003 counter-parts.
Exchange 2007 was designed by Microsoft to be much more scalable than previous versions of Exchange. To that end, Microsoft has designed the Exchange 2007 servers to provide roles or duties which specialize on messaging functionality. As Active Directory has its roles – for example the five FSMO roles – messaging in Exchange 2007 has roles as well.
Critical to understanding how Exchange 2007 works will completely understand the roles supported by Exchange. Not all installations will involve all of the five Exchange 2007 roles. Because this is a new topic for many Exchange 2003 administrators, clear understanding of these roles in vital.
Exchange 2007 Server Role Fast-Facts
|
Exchange 2007 Role |
Counter-Role in Exchange 2003 |
Purpose of Role for Exchange 2007 |
|
Edge Transport Server (ETS) Role |
Front-end (FE) Exchange 2003 server using SMTP for mail transport.
This server generally belongs to the same Exchange 2003 organization as the rest of the Exchange 2003 servers. Therefore, it was contained within the AD database making AD more vulnerable to attacks.
This server often was called a “smart-host”.
With the aid of DNS, multiple FE (front-end) Exchange servers could leverage NLB (Network Load Balancing) to provide some SMTP balancing and scalability. |
This role is very new and unique as compared to the Exchange 2003/2000 world. The ETS is also not required. The HTS (Hub Transport Server) can carry the responsibility of in/out-bound SMTP traffic if an ETS is not employed.
This E2k7-roled server is poised to sit in your DMZ or perimeter network. It can be referred to as a “smart-host” for the inside messaging resources. The ETS can have no other Exchange 2007 role running alongside on the same hardware. It truly runs isolated.
This role is unique because it is installed to be a workgroup-member server – not a member of the AD forest. As a matter of fact, is this server does belong to an AD forest, it cannot be the same forest that houses the other Exchange 2007 server roles for the organization. This requirement helps tremendously on securing the “border” Exchange 2007 server. This server is also unique in that it uses an Active Directory Application Mode (ADAM) database Microsoft designed in previous years to serve as a LDAP-compliant database without the overhead of a full AD database. Because it’s separate than AD, the organizations AD database is better protected. This ADAM database holds recipient and configuration information.
The ADAM database communicates to the AD database using encrypted LDAP via a new service called EdgeSync. EdgeSync performs regular one-way synchronization (from AD on the HTS to ADAM) of recipient and configuration information from AD to the ADAM instance running on the Edge Transport server.
The ETS uses SMTP to communicate inbound messaging from the Internet, and also outbound messaging to the Internet. This makes it ideal for hosting anti-spam and anti-virus software to analyze mail via agents. The companies outside MX record will point to this server to receive inbound mail from the Internet.
The ETS is designed to provide the following functions to support the safe and secure messaging policies of the organization: · Edge Transport Rules · Content Filtering · Connection and Recipient Filtering · White Listing (Safe Sender List Aggregation)
Also with the aid of DNS, multiple ETS can leverage NLB to provide for SMTP load balancing and scalability.
|
|
Hub Transport Server (HTS) Role |
Similar to Exchange 2003 Bridgehead servers.
E2k3 Bridgehead servers use Exchange Routing Groups and Connectors to route message traffic. |
The Exchange 2007 organization uses the HTS to provide message security and message policy services via SMTP and MAPI messaging protocols. The HTS handles messaging by routing them to the next hop which could be another HTS, and ETS or a mailbox server. This role is a required role. It cannot be part of a cluster environment.
The Hub Transport server role stores all its configuration information in Active Directory. This information includes transport rules settings, journal rule settings, and connector configurations. Because this information is stored in Active Directory, you can configure settings one time, and then those settings are applied by every Hub Transport server in the organization.
Inbound message traffic traversing through the ETS will always go to the HTS for delivery to users’ mailboxes – and outbound Internet mail will leave the HTS to the ETS for outside delivery. This new role uses AD Site configuration to route message traffic – not legacy routing groups used in the previous Exchange versions.
All messages sent and received by inside employees of the organization are processed by the HTS. Microsoft designed this purposely to guarantee that all message traffic flowing through this server must be treated by the server-based rules and journaling policies.
The Hub Transport Server is the only server to use SMTP to transport a message within the organization.
The HTS communicates to the ETS via the EdgeSync service, as discussed in the ETS row above.
|
|
Mailbox Server (MS) Role |
Exchange 2003 Back-End Server |
The MS Role hosts user mailboxes and public folders and is required for message storage.
The MS must directly interact with all the following server roles with the listed protocols: · Active Directory domain controller via LDAP · Microsoft Outlook clients via MAPI RPC · Client Access Server (CAS) via MAPI.Net over RPC · Hub Transport Server (HTS) via MAPI.Net over RPC · Unified Messaging Server (UMS) via MAPI.Net over RPC
While the MS role is responsible for mailbox and public folder databases, accessing Free/Busy information and the client profile information requires access to the CAS. This information cannot pass directly through communication channels of the MS and the Outlook client.
Only the Mailbox Server (MS) role can be installed at part of a failover cluster. No other role can be part of a failover cluster. High availability for Exchange 2007 Hub Transport, Edge Transport, Client Access, and Unified Messaging server roles is achieved through a combination of server redundancy, Network Load Balancing, DNS round robin, as well as proactive server, service, and infrastructure management.
|
|
Client Access Server (CAS) Role |
Exchange Front-End Server |
The CAS role provides mailbox access to clients accessing Exchange using POP3, IMAP4, Outlook Web Access (OWA), Outlook Anywhere (used to be called RPC Over HTTPS), and Exchange ActiveSync for mobile clients. This role also supports the Autodiscover service used by the Outlook client.
This role is required if clients access their mailboxes with any type of supported protocol other than Outlook. All other non-Microsoft Outlook clients access the mail stores via this CAS role.
|
|
Unified Messaging Server (UMS) Role |
None |
This role enables end users to access their mailbox, address book, and calendar using telephone and voice. IP-PBX or VoIP gateway needs to be installed and configured to facilitate much of the functionality of this server role.
This role is new to Exchange and is not able to interoperate with any previous versions of Exchange.
It is not required for messaging communications.
After you install and configure the Unified Messaging server role on a computer that is running Exchange 2007, you must create Active Directory objects that enable the Unified Messaging functionality that is found in Exchange 2007. These objects live in AD, and they control a feature set in E2k7 Unified Messaging.
|
In the second part of this three-part series, I’ll discuss the considerations to deployments such as Installation Prerequisites and Considerations.
