exchange 2007 hub / edge transport configurations

raskaliraskali Member Posts: 16 ■□□□□□□□□□
Couple of quick questions that i need clarification on regardging configuring an exchange server without the edge transport role in place.

My understanding is that its not advisable but doable. however if i decide to go with only setting up the hubtransport with bth the receive and send conectors are there any gotchas that i need to be concerned about. Also since the HT will be handeling internet mail flow will i still be able to setup OWA and Active-sync to use the HT as well and if so what are the complications since there is no edge transport server to handle all the front end filtering. All help will really be appreciated as iam a noob at this and trying to completley understand the intricasies behind both transport roles.


  • Mojo_666Mojo_666 Member Posts: 438
    You do not need an edge, it is just an extra layer of security, nothing more nothing less, running without an edge is just like running FE/BE in 2003.

    If you can afford it do it, if not then don't sweat it.
  • joey74055joey74055 Member Posts: 216
    OWA and activesync will use the CAS role. You can have all the roles (CAS, HT, MB) all on one box, you will setup your connectors on the HT role. Think of an Edge as just a Spam filtering device. If you have a spam filtering device already, like the barracuda, you do not need the Edge server. Just point your spam filter device to your exchange server.
  • Chivalry1Chivalry1 Member Posts: 569
    Just to add to what the others have already posted. I recommend if you are going with this architectural design of Exchange to install the Anti-Spam features on the hub for additional protection.

    But, please consider utilizing something in front of the hub server for added security. There are many free options out there. A free application Multi-functional Firewall Software - Open Source Content Filter & Spam Filter | is a very good SMB solution. Or something simple as a Linux Distro (SUSE) box with Spam Assassin.

    If not you will quickly find yourself removing viruses.
    "The recipe for perpetual ignorance is: be satisfied with your opinions and
    content with your knowledge. " Elbert Hubbard (1856 - 1915)
  • blargoeblargoe Self-Described Huguenot NC, USAMember Posts: 4,174 ■■■■■■■■■□
    You can connect the hub directly to the Internet, but you really need *something* on the edge. Microsoft, if you're reading the official curriculum, or Technet online, is going to steer you toward an Edge Transport server with Forefront A/V. That solution is fine but I'd say the majority of people in production are using a different edge solution (because they had already invested in something else before they upgraded to 2007, in a lot of cases). Most people I think are using some kind of virus/spam gateway appliance or a cloud solution like a Postini or FOPE.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • Mojo_666Mojo_666 Member Posts: 438
    Just to add to what blargoe said, a lot of companies if not running some edge tech themselves will be using a third party smart host such as message labs or postini which will do all the AV/Spam filtering for you, so bear those solutions in mind also.
  • Chivalry1Chivalry1 Member Posts: 569
    Personally/Professionally Cisco Cisco IronPort Email and Web Security | Secure Email Appliances, Web Security Appliances, and Enterprise Spam Solutions is the best spam/av appliance. I have dealt with a large majority of the spam appliance gateways and Cisco has the best solution. It will do what postini and messagelabs does plus more.

    Cisco Ironport = 0 spam 0 viruses.
    "The recipe for perpetual ignorance is: be satisfied with your opinions and
    content with your knowledge. " Elbert Hubbard (1856 - 1915)
Sign In or Register to comment.