EXCH 2010 Server Roles
EXCH 2010 Server Roles
EXCH 2010 Server Roles
How you manage and configure server roles has a huge impact on the efficiency of
your Exchange Server infrastructure.
Excerpted from Exchange 2010 - A Practical Approach, published by Red Gate
Books (2009).
Jaap Wesselius
A lot has changed with server roles and Exchange Server. Up until Exchange Server
2003, you had to install all roles on one server. You couldnt select which features
would be available. You could designate an Exchange 2000 or Exchange 2003 server
as a so-called front-end server, but this worked like an ordinary Exchange server
acting as a protocol proxy. It still had a Mailbox Database and a Public Folder
database installed by default.
Exchange Server 2007 introduced the concept of server roles. Exchange Server
2010 greatly expands on this concept. Exchange Server 2010 has the following
server roles, each with a specific function:
You can install these server roles on dedicated hardware, where each machine has
its own role. You can also combine roles on a single server. A typical server
installation, for example, combines the Mailbox, Client Access and Hub Transport
Server roles. Management Tools are always installed during installation, regardless of
which server role is installed.
By contrast, you cant combine the Edge Transport Server role with any other role. In
fact, you cant even have the Edge Transport Server role be part of the internal
domain, because its designed to be installed in the network perimeter. There are
many reasons for separating Exchange Server into multiple server roles:
Enhanced scalability: Because you can dedicate one server for one server role, scalability
profits are huge. You can configure and optimize this specific server for one particular role, resulting in
functions and ports are disabled, which results in a more secure system.
Simplified deployment and administration: A dedicated server is easier to configure, secure
and administer.
Outlook Anywhere (formerly known as RPC/HTTP) for Outlook 2003, Outlook 2007 and Outlook
2010
Availability Service, Autodiscover and Exchange Web Services: These are offered to Outlook
2007 clients and provide free/busy information, automatic configuration of the Outlook 2007 and
Outlook 2010 client, the Offline Address Book downloads and Out-of-Office functionality.
The Client Access Server doesnt offer SMTP Services. The Hub Transport Server
handles all SMTP Services. You need at least one Client Access Server for each
Mailbox Server in an Active Directory site, as well as a fast connection between the
Client Access Server and the Mailbox Server. The Client Access Server also needs a
Transport Rule agents: You can apply actions to messages according to the Rule filters or
conditions. You can apply rules to internal messages, external messages or both.
Journaling agents: These save a copy of every message sent or received by a particular
recipient.
Because a Mailbox Server doesnt deliver any messages, every Mailbox Server within
an Active Directory site also requires a Hub Transport Server. The Hub Transport
Server also needs a fast connection to a Global Catalog server for querying Active
Directory. This Global Catalog server should be in the same Active Directory site as
the Hub Transport Server.
When a message is going to an external recipient, the message is sent from the Hub
Transport Server out over the Internet. This may be via an Exchange Server 2010
Edge Transport Server in the perimeter network, but the Hub Transport Server can
also deliver messages directly to the Internet.
You can also configure the Hub Transport Server to handle anti-spam and antivirus
functions. Anti-spam services are disabled on a Hub Transport Server by default, as
this service is intended to run on an Edge Transport Server in the perimeter network.
Microsoft supplies a script on every Hub Transport Server to enable anti-spam
services.
You can use Microsoft Forefront for Exchange for antivirus capabilities. Using this on
the Hub Transport Server will scan inbound and outbound SMTP traffic. On the
Mailbox Server, it will scan the contents of a Mailbox Database, which provides a
double layer of security.
Edge Transport Rules: These rules control message flow sent to or received from the Internet,
when those messages meet certain conditions.
Address Rewriting: This service changes the SMTP address of messages sent to or received from
the Internet. This can be useful for hiding internal domains.
The Edge Transport Server is installed in the network perimeter. It cant be a member
of an internal Active Directory and Exchange Server 2010 organization. The Edge
Transport Server uses the Active Directory Lightweight Directory Services (AD LDS)
to store all information.
In earlier versions of Windows, this service was called Active Directory Application
Mode (ADAM). The AD LDS stores basic information regarding the Exchange
infrastructure, such as recipients and the Hub Transport Server to which the Edge
Transport Server is sending its messages. It uses a synchronization feature called
EdgeSync to keep the AD LDS database up-to-date. This pushes information from the
Hub Transport Server to the Edge Transport Server at regular intervals.
Call Answering: This feature acts as an answering machine. When you cant answer the phone,
you can have a personal message recorded and sent to the recipients mailbox as an .mp3 file.
Subscriber Access: This is sometimes called Outlook Voice Access. Using Subscriber Access, a
user can access his mailbox with a normal phone line and listen to his voicemail messages. He can
also access regular mailbox items such as messages and calendar items, and reschedule
appointments.
Auto Attendant: Using the Auto Attendant, you can create a custom menu in the Unified
Messaging system using voice prompts. A caller can use the telephone keypad or voice commands to
navigate through the menu.
The Unified Messaging service installed on the Unified Messaging Server role works
closely with the Microsoft Exchange Speech Engine Service. The Speech Engine
Service provides Dual Tone Multi Frequency (DTMF), also referred to as touch-tone,
Automatic Speech Recognition, and Text-to-Speech service responsible for reading