Exchange Server 2010 Server Roles

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
whether you're new to exchange or you've used exchange for quite some time you may have the question why use server roles especially if you've worked with exchange in the past you might be wondering why did we have a need to split this up into various roles we'll keep in mind with legacy exchange servers the common practice was to deploy servers in dedicated roles so you might utilize one exchange server to be your mailbox server another one would handle the bridgehead functionality another one would be your front-end and you could split up what the functionality of the server was but ultimately all of the code would be installed so you're dealing with a larger footprint which actually makes for a less secure system because there's a variety of unnecessary services and features that would be installed as well so the exchange team saw the need to divide the exchange server up into five roles now this started with exchange 2007 the nice thing about this is that it only installs the required code for that particular role that makes for a smaller footprint it makes it more secure and the management interfaces will change based on the server role which in all honesty only really makes a difference when you're dealing with the edge transport server role reviewed the five server roles in a previous video let's do it again and let's go a little bit deeper and explaining what each one of these roles can do for us so to start with there's the mailbox server role there's the client access server role there's the hub transport server role and those server roles are the most important ones and then we have the unified messaging server role and the edge transport server role every exchange organization that you create will have to have the three main roles that is the mailbox hug transport and client access server roles in order to function if any one of these roles is missing you won't have a functional exchange organization when configuring a typical exchange environment if that exchange environment is only going to handle the three main server roles mailbox hub transport and client access server that will work just fine you'll put the server behind a firewall and connect directly to the Internet now at that point you may still use a hosted service on the Internet to help with anti-spam to help with antivirus protection and so forth there are hosted services out there to protect you before that mail comes into your exchange organization at the same time you can enable anti-spam features on the hub transport server and also configure various transport rules to help protect your internal organization however you may decide to go with optional roles as well one of the optional roles is unified messaging which can also be placed on the same server as your other exchange roles you can install all of these roles on a single server so long as that server has the ability to handle all of those server roles at the same time and logically you can install these server roles as separate servers but in the case of these four server roles those go before the firewall so what that means is you're not going to put this in a perimeter network in what they call a DMZ the edge transport server however is a little different we mentioned a moment ago that you might have services out on the Internet to help protect you from spam to help protect you from viruses well you can also bring those services in-house with an edge transport server however the key to that is that you put the edge transport server in between the Internet and a firewall and then a firewall and your internal organization so that edge transport server becomes your line of defense when it comes to spam and viruses and so forth that might be coming into your organization and it's something that microsoft does recommend if you have the ability whether you host it in-house or go with a hosted solution it's recommended that you have some form of protection to keep the spam and the viruses out of your organization itself the more you can keep that at bay the more you can keep that out of your exchange organization the easier your life as an exchange administrator is going to be now some get a little confused and they think maybe I should put my client access server role in the perimeter network as well but that's a mistake that perimeter network which is also referred to as the DMZ or demilitarized zone this is what companies deploy between the internet and their intranet to provide a more stable defense when it comes to individuals hackers and so forth that are trying to get through however Microsoft does not recommend putting the client access server out in the perimeter network there's no real way to accomplish that the reason why a lot of people think that they should do that is because perhaps they did something similar when it came to exchange 2000 or 2003 front end servers but the client access server role with exchange 2007 and 2010 is significantly different from a front end server so you can make the comparison you can say oh the client access server is like a front end server from exchange 2000 and 2003 and yes there are similarities however the client access server role is designed differently and so you don't want to put that in your perimeter network so it's easy to remember that the only server that goes in that perimeter is the edge transport server all the other exchange server roles should be behind that firewall on the intranet so to start with let's talk about the mailbox server role now this role is so important that we have dedicated an entire video covering the overview of the mailbox server role and so at this point we're just going to provide a few of the highlights of this role for starters the primary responsibilities of the mailbox server role is to host the mailbox databases and provide storage and advanced scheduling services for your Outlook users so even though you might think that mailbox server role is really going to be all about individual recipient mailboxes and you will spend a lot of time making sure that your mailboxes are all there and that people have what they need but you're also going to need to understand mailbox databases you need to understand the storage structure of exchange in order to really know what's happening on your exchange mailbox server and know how to recover in the event of a problem storage is also a big factor when it comes to the mailbox server role as opposed to other roles and that's because obviously with each mailbox that you add to that role you're going to need disk space to handle the mail for that user so depending on whether or not you use quotas are not which you can you can implement quotas on each mailbox let's say you give each mailbox a one gigabyte quota so 100 mailboxes is 100 gigabytes of space 200 300 400 how much space will you need on that mailbox server to accommodate all of the different mailboxes that you're going to have and then in some cases you may have databases open-ended where there are no quotas and sometimes the mailboxes can really grow out of hand so this is something you need to keep in mind with your mailbox server roles this server will require the most amount of storage space out of all of your other server roles now as far as calculating the amount of storage you're going to need and so forth the exchange team provides a calculator that you can download from the Microsoft Exchange Team website this calculator will help you to determine the amount of space that you're going to need for your mailbox server another thing that the mailbox server role does is it handles the public folder databases now if you'd like to know more about public folders we have an entire video on that in this introduction series however it's important to note that even though exchange 2010 supports public folder databases you can create and configure public folder databases you can replicate public folder databases really all of the support you could possibly need is included in exchange 2010 however Microsoft is trying to eliminate public folder use in the exchange environment and so they've warned us that future versions of exchange may not have public folder support they are encouraging companies to move towards SharePoint however if you don't like SharePoint you can move towards something else just keep in mind that the public folders are going to be gone in future versions so you can start preparing for that now now another great feature to the mailbox server role is the fact that it has built-in high availability solutions now this isn't new to exchange with earlier versions of exchange you have the ability to cluster exchange servers together to provide higher availability with exchange 2007 there were solutions that required clustering and solutions that did not require clustering and so you could pick and choose what you needed in your environment or you could of course go with a third party solution exchange 2010 completely rewrites the book on high availability for exchange and starts us with the use of database availability groups or dag groups and these provide the ability to have multiple replicas of your databases you can actually have up to 16 copies although that may seem a bit crazy in terms of redundancy but each organization is different and has a different requirement the good news is that you can configure a database availability group with actually only two servers so that you can replicate databases from server one over to server two and in the event server one goes down server two will continue to function and pick up the slack with the copies that it has and from the perspective of your users they'll never even know the difference they'll never know that they've been switched connectivity wise from server one over to server two now in addition to high availability concerns the mailbox server role is the one that you must be the most concerned about when it comes to backing up you need to ensure that your data is safe you need to ensure that you can restore mailboxes databases even messages if that's what your organization requires so that mailbox server role is such an important one to stay focused on as far as the ability to install the role you can install the mailbox server role on a system with other roles so you can put it with the hub transport the client access server the unified messaging server roles you cannot put it with the edge transport server role that server role stands on its own it cannot be installed with other servers in the exchange organization ok so again if you want to learn more about the mailbox server please watch the video that provides a deeper overview of the mailbox server role now the next role to consider is the unified messaging server role now you might say well that seems out of order usually we would put this one towards the end maybe before the edge transport server role but we're moving it up to right after the mailbox server role because this actually is such an intense role that it has its own video as well and so going forward in this video we're going to cover mostly the client access server role the hub transport server role and the edge transport server role but the mailbox server has its own video and the unified messaging server role has its own video and personally I think the unified messaging server role is the coolest of all of the roles I know some might disagree they might say no no it's got to be the mailbox server because of course that's the most important others might say well you know I really like the ability of the client access server role because it's the role that has all of the incoming connections from the outside whether it be mobile devices or web browsers but you know this unified messaging server role it really caught my attention because it provides something new and unique to exchange that also pulls us into a whole nother world the world of telephony and so what the unified messaging server role does is it provides the ability to have a universal inbox and this includes your email incoming faxes voice mail it puts it all in your inbox which is really great now you might say okay well as far as email that always went into my inbox with incoming faxes we could always go to a service provider to have that occur as well but voicemail see that's really the key what happens with a unified messaging server is it integrates with your telephony network so let's say your company has a PBX you might think well yeah we have one and I don't touch it well that's pretty typical actually because the PBX really requires telephony knowledge and if you're a network administrator you may not have any telephony knowledge and that's okay you might have a little bit more experience with it if you have an IP PBX which allows for connectivity to your packet switch network as well as to your internal IP based network but whether you have experience with telephony or not it's important with the unified messaging server role that you understand some of the basics of how a telephone network works and we cover that in another video now if you have a legacy PBX that may be fine but you will need to install a voice over IP gateway in order to work with it if however you're starting from scratch then we recommend that you get an IP PBX which is a single solution that will provide both telephony and unified messaging connectivity one of the great things about the unified messaging server role is that you can configure an auto attendant which will help answer calls and direct them to the right voicemail you can configure the auto attendant to be different languages depending on the location it's really an amazing solution some of the special features of unified messaging include things like Outlook voice access which allows you to call your inbox and you can not only find out what your mail is it will read the mail to you if you'd like it to but you can also check your calendar if you're going to be late for a meeting you can say you're going to be late it will update your calendar and then others who are waiting for you at that meeting they'll be able to see that you're going to be a few minutes late another great feature is voicemail preview what happens is when that voicemail goes into your inbox you get a preview of it it will actually transcribe the voice into text so that you can see what that voicemail was all about now it's not perfect there are definitely times when there are errors in the translation but in testing it's actually been proven to be pretty good when it comes to voice to text some other features include play on phone which is great for a situation where let's say you don't want to play your voicemail through your computer through your laptop or whatever for others to hear and let's say you don't have your earbuds and you just don't want to do it that way well you can ask your outlook to call you and play the message on your own phone and so those are just some of the features of the unified messaging server role there's really a whole list more that make this a valuable server one that's worth implementing if you have the need and the desire to start branching out into another aspect of exchange features the next role we want to discuss is the client access server role now we could easily just go through this and say the client access server role provides Outlook Web App Exchange ActiveSync exchange web services pop and IMAP services Outlook anywhere but really that's assuming that you know what all of these features are if you do then you know that the client access server role is incredible if you don't then you're probably missing out on what the client access server role really provides so let's start at the top Outlook Web App this was originally called Outlook Web Access so the acronym stays the same which is great and you can see they love the acronyms here but what is Outlook Web App this is a feature that works off of Internet Information server and it allows you to access your mailbox through a web browser now the great thing about Outlook Web App is that there are always enhancements with each release of exchange and so every time we get the next version of it we see how much closer the Outlook Web App features mimic the outlook client the real client that you install on your desktop and so that's really great some of the new features that have been enhanced in Outlook Web App for exchange 2010 include things like chat text messaging mobile phone integration there is an enhanced conversation view so there's a lot that's been added but one of the great things about Outlook Web App for exchange 2010 is the ability for it to work on multiple browsers now you might say well wait a minute I remember Outlook Web Access worked on multiple browsers before there was a lite version of it that worked for Firefox and Safari that's true but now with exchange 2010 you can use Internet Explorer 6.0 and up you can use Firefox you can use Safari you can even use Google's Chrome browser and you get the full range of services that you would get if you used it with Internet Explorer 8 point O so Outlook Web App is certainly a great feature and one of the nice things about it is it just works right out of the box now there are configuration options that you can set there are policies you can set to and we're going to show you that in a moment but the fact that it just works with the client access server role is really a relief that you have to jump through hoops in order to make it work now the next thing that the client access server role provides is Exchange ActiveSync this allows you to synchronize data between a mobile device and exchange 2010 you can synchronize your email contacts calendar information tasks so this is really an incredible feature now depending on the mobile device that you're using let's say you're using Windows Mobile 5.0 with the messaging security feature pack or perhaps a higher version of Windows Mobile then in that case the mobile device will support what's called direct push this is a technology that's built into Exchange ActiveSync that allows your device to be continuously synchronized with your exchange mailbox now that's important to mention because BlackBerry devices have supported direct push for a long time and so sometimes persons that are not aware of the updates the enhancements to exchange may think oh well you need a BlackBerry if you want to have direct push other than that you have to pull your information down from the exchange server but that's not the case direct push has been part of Exchange ActiveSync for a while now so it's good to know where we stand in terms of some of these features because sometimes people get it into their mind oh this is a technology that's only supported by this one vendor and then we never update our knowledge when it comes to other vendors that now support that technology well certainly Microsoft stood up and took notice when blackberry could give direct push and so right away they implemented it into their exchange world so this is something that certainly exchange 2010 offers for mobile devices running 5.0 and higher now as for exchange web services this is something that has been included with exchange 2010 that provides the functionality to enable client applications to communicate with the exchange server exchange Web Services is actually one of several services that are included with exchange 2010 there's the autodiscover which is a soap service there's the auto discover Pio X service there's the Unified Messaging web service so exchange Web Services is one of these services are included and essentially it's an XML messaging interface that allows you to manage exchange store items and access exchange functionality from your client applications now we're not going to go into any real great depth on that the fact that those services exist through the client access server role is good to know as far as taking advantage of those services that's something that would require a lot more discussion and would take us off of the administrative track and more into a developmental phase of discussion so we're going to just leave it as it is that client access server role provides exchange web services now the client access server role also provides pop and IMAP support so typically you might be familiar with Outlook in your organization that the clients are called mappy clients and of course with Outlook Web App the clients are HTTP clients however pop3 and IMAP clients are also supported so perhaps you're using let's say a version of Windows Mail or Windows Live Mail if you're using Windows 7 and you've downloaded the Live essentials pack that goes with that so you're using a pop client really you can use that to connect up to an exchange server as well you might use pop clients like Mozilla Thunderbird or others you might use IMAP clients these are all just different types of email clients and so in some cases you're not connected to an exchange server and you don't get all of the functionality of being connected to an exchange server as a mappy client in some cases let's say you're connected to an Internet service provider that only gives you pop or IMAP support so if you're setting up a server that is only going to give pop or IMAP support well it's the client access server that provides those features provides those services so that a person can still have a mailbox but ultimately they're going to connect up and pull their mail down and they won't get all the extra bells and whistles that comes from being a mappy client Outlook anywhere is another feature that the client access server provides and this lets your clients that use let's say Outlook 2003 2007 or even Outlook 2010 connect to the exchange server or the Internet using what's called RPC which is remote procedure call RPC over so without getting into the depth of how the technology works and how the our pcs or remote procedure calls are wrapped with an HTTP layer and going into how traffic traverses the network firewalls and so forth the outlook anywhere feature provides you the ability to use outlook at home as if you're working directly with an exchange server in the office so you might say well I use Outlook Web App for that but you don't get all of the features of Outlook in Outlook Web App so you might want to use your outlook client and outlook anywhere allows you to do that but remember it's the client access server a role that's going to provide that functionality okay now let's move forward and talk about some of the other things that the client access server role provides for example the client access server role provides free/busy data through the availability service now free/busy data that's something that we may have heard in previous versions of exchange and we may never have understood what does it mean free/busy but it's basically a simple term to describe availability and so they change the name the availability service provides consistent and up-to-date information on things like a workers calendar and meeting schedule information about services that are available so sometimes there are individuals that you want to check on to see if they're available you want to look at their calendar you want to know what their timeframe is and then you can determine whether or not you can configure an appointment with them but you need to be able to check to see if they are available so that's one use of free/busy information the availability service will also provide access to automatic reply messages that users will send when they're out of the office or let's say if they're away for a period of time so the availability service takes care of things like that and in addition to the availability service the kaz server role also allows clients to access automatic configuration settings through the auto discover service so outlook clients and certain mobile phones that have the ability can receive their profile settings directly from the server by using the clients domain credentials the server updates the device or system automatically and that's really a great feature because first of all with the first connect of a client to the server you don't have to go and handle the configuration it will just do it automatically second of all if anything changes and let's say you move a mailbox the users mailbox can automatically reconfigure itself because of the auto discover service now as far as the clients that are allowable well this is something that only Outlook 2007 and Outlook 2010 as well as certain supported mobile phones can handle so if you have Outlook 2003 it doesn't work with the auto discover service so essentially when you use your Outlook 2007 or 2010 client and if you are joined up to a domain the users domain account is used if not it will ask you for an account and a password it will take that information and it will automatically configure your user profile it will locate the users mailbox and it will connect the two up and so as I said if a user's exchange information becomes changed in any way let's say in the event a users mailbox is moved then outlook will contact the auto discover service and it will automatically update the users profile to connect the user back up with their new mailbox location again all of this depends on the client access server role and last but not least there's the offline address book which is also handled by the client access server role now basically this is a copy of an address book that has been downloaded so that an Outlook user can access that information even though the user may be disconnected from the server you can really micromanage this as an administrator you can actually pick and choose which address books can be made available to which users and when they work offline that would be the address book that they're given you can also determine the method of deployment for these offline address books so you might choose web-based distribution or even public folder distribution okay so now that you have a good understanding of all of the different things that the client access server role really provides and how essential it really is in fact it is a server that you have to install in order for your exchange to work at all you need to at least have the three primary servers which is the mailbox server the client access server and the hub transport server so this is one of your key servers and now you can see why because it provides so many features here that are absolutely necessary in fact one thing that we don't want to forget to mention is that even though you see all of these different provisions of the client access server role you might think that it only has to do with external connections or internet oriented connections to the client access server but you can start to see with the availability service the autodiscover service the offline address book service that there's actually quite a bit of connectivity to your in-house clients your mappy clients in actuality there have been some other changes that have been made behind the scenes with the client access server role in exchange 2010 so we had a client access server with exchange 2007 and it did a lot of great stuff but there were still features that were handled by the exchange mailbox servers but that has been changed with 2010 with all clients that want to access their mailbox data they have to go through the client access server first there are two new services that I'll just mention briefly there's an RPC client access service and an address book service and these services provide the functionality that we need on the client access server that at one time resided on the mailbox servers in previous versions of exchange including exchange 2007 so this client access server role is not just for your internet clients but also your internal mappy clients at this point they've really changed the architecture to give it a more integral role with your mappy clients now at this point let's take a look at the exchange management console let's look at a few of the policy configuration settings and some of the other settings for both the organization side and the server side - configuring your client access server okay so here we are on our exchange server on the New York exchange server that we have configured with the mailbox client access hub transport and unified messaging server roles now we look here at the organization configuration level and we've selected client access already and you can see there isn't much to do on an organization-wide level we have Outlook Web App mailbox policies and Exchange ActiveSync mailbox policies still though these are very cool things to configure very important and it's interesting if we just take a look at what each of these policies offers you'll be able to quickly see that the ability to create a policy and then enforce that policy on your users will really have a dramatic effect on the amount of control that you can have when it comes to your exchange organization and that's very important so here you can see there's a default policy that's automatically created if we open that up you can use the default or you can go with your own policy it's completely up to you and then when you configure users you can choose these policies and you can determine which policy you want to apply to which group of users okay so the general tab doesn't really say much just general and then gives the name of the policy here we have the segmentation tab and here you can change the policy to disable some of the features that outlook web app has enabled by default so for example address lists calendar contacts journal junk email filtering so you might say well why would I want to disable any of those features well it's completely up to you and your organization for example text messaging instant messaging these are things you may want to disable in your organization so you go right here to the segmentation tab you can change it for the default policy or you can create additional policies and then apply them to the users that you want to disable this feature for some other options here include public and private computer file access and you can see they're the same exact settings for each the point is that at times you may be accessing files from or Outlook Web App and in that case if you are public then you're out on the internet somewhere and you're accessing it in through a firewall so here you see direct file access it says enable direct file access and then you can customize direct file access allows users to open files that are attached to email messages or files that are stored in let's say a Windows SharePoint services library or on a Windows file share so you can manage this and here if we click customize you can see we can choose to allow certain types to block certain types to force a Save where the user must save it to disk before opening instead of simply opening right where it is and you recall when you connect with Outlook Web App that you choose if this is a public or shared computer or if this is a private computer so depending on which choice you make those are the settings that it's going to choose so you can configure these to be exactly the same or you can specify distinctions between the public and the private use of these so here if we click allow under always allow you can see all of the different file types that are allowed by default and you can edit that you can delete any one of these if you don't want to allow it you can add additional types this is something you can do for the allow block or save sections for unknown files you can force save you can allow or you can block now here web ready document viewing that's something a little different so we have the direct file access and then you have web ready document viewing you notice it says enable web ready document viewing and then it says forced web ready document viewing when a convertor is available and then specify supported document types basically web ready document viewing allows users to access file attachments in the outlook web app so let's say you don't have Microsoft Word installed you're using a browser and you want to access a document that is a Word document so you want to view the document directly in the Outlook Web App here if we click supported you can see that all of the major applications are supported for Outlook Web App and so this is a great feature you have the ability to quickly see a document right from within the browser so these two features together direct file access and web ready document viewing they really make it a lot easier for you to work with documents when you're using Outlook Web App and so really that's all you need in a policy the control here as well as the segmentation control here you can configure the policy and then determine to whom that policy should apply so that's one feature the other feature is over here Exchange ActiveSync mailbox policies again we see that there's a default policy and if we open that up you can see that there are several tabs now for starters allow non-provisional devices so there are times when you have an organization with mixed devices it's not always the case that everybody has the same device and sometimes there are devices that are not provisional in other words there are devices that may not be able to apply the policy settings that you're about to configure now if you deselect this option then devices that do not meet the standards that you're hoping for here will not be able to connect up with your system so it's important to allow non-provisional devices if you want to make sure that even legacy mobile devices can connect now you might say well no I don't want that at all I want to make sure that this policy is applied and so you'll want to deselect that here you see refresh interval in hours as far as the Refresh interval for your mobile devices and this policy we have password which is really great you can require a password for your users to connect up and if you do that you can require an alphanumeric password if you do that you can configure the minimum number of complex characters enable password recovery require encryption on device require encryption on storage card we could spend a lot of time describing each and every one of these and actually in a future series will do just that we'll spend quite a bit of time going through all of these but here you can see that you can have simple passwords number of failed attempts allowed minimum pass word lengths all of this can be configured here on the policy sync settings here you can include past calendar items or email items and in this case it's set to all but you can actually change that if you'd like you can limit the email size and kilobytes here you see allow direct push when roaming we've talked about this as far as whether or not a device has the ability to handle direct push allow HTML formatted email allow attachments to be downloaded to device and if so you can determine a maximum attachment size so this is just showing you the amount of strength that you have by using these active sync policies with each new release of exchange starting with exchange 2007 and then with service pack 1 for 2007 each time they enhance these features you get more and more properties that you can configure so here we see device and look at all of these great features here you can choose to disallow the camera disallow Wi-Fi that's on the mobile device by setting this policy and having it apply to that device let's say this is your mobile device that you have provided to the user your the company you have the right to configure how it runs but all these devices have these cameras these days so you might say that is a legal hassle just waiting to happen it's happening all over the world people with these cameras are taking pictures and using all that inappropriately or perhaps exactly as it was designed and that's going to cost your company money so one little click of a button and you will disallow the camera the camera will not function you can turn off internet sharing turn off remote desktop all of that with a click of a button the only thing to keep in mind is this little footnote here it says the ability to modify policies on this tab is a premium exchange activesync feature that requires an exchange enterprise client access license for each mailbox policies are restricted on so these features here for this policy will only work for enterprise client access licenses up here we have device applications which have a similar footnote here here you can say allow browser allow consumer mail allow unsigned applications allow unsigned installation packages over here we have other which again has the same footnote and here you can allow or block applications on that mobile device so again a tremendous amount of control off of just this little policy here for active sync and you created at the organization configuration level and then you can apply it down to your users now under server configuration we also have the client access server role here and you can see it's a little different here instead of policies we're looking at exchange activesync exchange Control Panel outlook web app offline address book distribution pop3 and IMAP and for each of those tabs there are settings there are properties that you can go into by selecting and going into the properties and here you can see for the most part there isn't much that you can change when it comes to at least the offline address book distribution for Outlook Web App you can see that the properties are a little bit more extensive for Outlook Web App whether it's public computer file access and again direct file access or web ready document viewing this is on the server itself and then private computer file access remote file servers so we can really go on for a long time talking about all of these different features again you're going to want to look to a future series that will drill down deeper into how to configure and work with all of these client access server features this was just the overview to show you what a client access server is all about what does a client access server do for your organization why do you need one and then from there your knowledge will certainly grow now let's go back to the slides and let's talk about the hub transport server for a little bit you now let's talk about the hub transport server role this server is deployed within your Active Directory forest so it is not something you put on the perimeter so you don't want to get this confused with the edge transport server role that is something you put on the perimeter and we're going to talk about that server role next when it comes to the hub transport server role however it mimics very closely what the edge transport server does in fact you might say that it has a little bit more flexibility because it's designed to work without an edge transport server so you'll find that the edge transport server it does some of the same things as the hub transport server but it's meant for its own specific purpose as opposed to the hub transport server which can also put on the edge transport hat if it needs to so we'll talk about that a little bit more later on as far as where it's deployed it is deployed within the Active Directory forest and this is a role that has to be deployed if you want your mailbox server and your client access server to work so it's part of the typical installation it's a necessity for your exchange organization now the purpose of the role is it handles mail flow within the organization the way that mail flow is handled is actually something that they changed up in exchange 2007 they started working right off of your Active Directory so Active Directory makes site connections and it understands the flow of your organization in terms of where replication should take place so if you have objects that need to be replicated it looks at your router structure it looks at let's say branch offices the LAN connection the speed of the connection the amount of stress bandwidth wise on those connections and it designs a topology that it works with now you can get in there and you can start playing around with that topology you can make changes to it if you'd like however typically microsoft recommends with the later versions of server that you leave it alone with server 2000 if you're a Windows Server 2000 guru then you knew that you had to get in there and you had to start making some changes and that's because there was a tool that was used to create the site topology and it didn't work very well but with Server 2000 3r 2 of Server 2003 and then 2000 and 2008 r2 you know they've enhanced these tools so that you can trust them a little bit better and Microsoft wants you to do that now at the same time your exchange now comes into the mix and it's going to rely on that site topology for how it sends messages through your organization does that work for you well hopefully it does however if it doesn't you still have the ability to go in there and change the connectors not necessarily for your Active Directory although you can but for your exchange environment at least the nice thing about that is in a larger environment where you might have exchange administrators and Active Directory administrators you don't want to have to fight between you as far as setting up these connectors and where things should flow so if you have a disagreement with the Active Directory team and you want your mail to flow a different way being that you're in control of exchange well you can go in there and you can adjust the connectors for your exchange organization however assuming everything is working great for your Active Directory you would leave that alone and let the hub transport server do its job which is simply sending mail through the organization now what this means is that all mail coming into and going out from your organization or between mailboxes within your organization will go through the hub transport server now one of the great things about that is it provides you the ability to establish transport rules we're going to take a look at transport rules in a moment and you'll see that the great thing about transport rules is you can establish a rule on the hub transport side and not worry about mail slipping through being that all mail goes to a hub transport server before it goes anywhere else you know that that rule is going to be applied to your mail so you might say well okay well what would I use a transport rule for well let's take one simple example I did some work for a company in Manhattan an accounting firm that had to put a little disclaimer at the end of all of their emails now the thing was they wanted email between people in the company to just be normal so if I sent the person next door to me an email it wouldn't put the little disclaimer down at the bottom but they wanted to ensure that anyone outside the company that received email would get this legal disclaimer so they thought about this and they thought about well maybe we'll just ask everybody to put it at the bottom of their emails or maybe we'll make it part of their signatures but again there was no way to enforce that legal disclaimer then be a part of every single email so some were going to go out properly and others would obviously due to user error be forgotten about with a transport rule however we were able to put this little disclaimer at the bottom of all of the emails without the users being involved at all because every email that went through that server if it was heading out of the organization it got that little disclaimer so we're going to show you how to do that with transport rules in just a few moments here but you can see how powerful that feature can be now another great feature is journaling journaling also ties in with legal compliance because there are a variety of different rules out there for companies that say that you have to retain your email for a period of time they want to be able to check back through email in the event the company has a problem and they want to be able to see who's really involved in the problem by checking through a person's email so when you're working with a company that email is not really yours it's something that the company is responsible for and so they may journal it now what journaling does is it makes a copy of your email and you can do this on different levels you can do this on a mailbox you can do this on a database you can do this for the entire organization so journaling is a very important feature that the hub transport server all handles as well another important feature of the hub transport server is edge synchronization now this is only necessary if you have an edge transport server so if you don't then you don't have to worry about the synchronization if you do however then you're going to need to synchronize the edge transport server with the hub transport server in your organization and we'll talk about that a little bit more Indy tell when we talk about the edge transport server role another feature is anti-spam agents now when we look at the hub transport server role you're going to notice that there are no anti-spam agents so we're not just tricking you here those agents are only installed and are only configurable if you ask them to be so I'm going to show you how to install those because many of you out there may not use an edge transport server when we install the edge transport server those agents are automatically installed but with the hub transport server if you decide not to use an edge transport server you're going to run a PowerShell script that will install those agents and then you'll be able to work with them from within the hub transport server side okay so here we are on our exchange server we're back on our New York exchange server and let's say you have a situation where you don't want to use an edge transport server but you do want the anti-spam agents installed on the hub transport server here so we said that we could do this that we could install them let's look first of all at our exchange files let's look for the scripts that we have included you you you okay we can see the scripts there you and you see if we scroll down there's one called install anti-spam agents if I just double click on this it shows you some information about what the code is what it does it installs the following agents and it doesn't take any parameters it says you just have to kick off the script so for starters if we hold the shift key down and we right-click we can copy as path then we're going to go back to our Exchange Management shell and let's scroll down so you can see it a bit and we're going to change directory command there so we'll just go to that and then if we want to kick it off we can type period backslash install anti-spam agents ps1 and hit enter and I made a mistake okay that's a good reminder let's go back its install and let's let's put the dash in there anti-spam agents that's a separate thing install - anti-spam agents ps1 and we hit enter you now it tells us that we need to restart the microsoft exchange transport service for changes to take effect so let's do that we'll go to our services we'll find the microsoft exchange transport service here it is and we will restart it you okay and so now if we go back to our exchange management console you and now you can see that we have that anti-spam folder here with all of the settings that we have on the edge transport server so it's good to note that that's under server configuration hub transport it's not an organization configuration setting it's something that you have to enable on individual hub transport servers obviously an important aspect of hub transport is the ability to send and receive email so in order to accomplish that there are these connectors now we're going to talk about in a moment how the send connector is actually non-existent on your hub transport server and so you might have a great exchange organization that's working just fine sending email from user to user B but if they're not able to send email to the Internet well then you have a problem right so we're going to talk about creating a send connector and as far as receive connectors are concerned there are some receive connectors that are automatically built in for you and as you add additional servers to the mix whether they be more hub transport servers or as you connect up with edge transport servers you'll see that these connectors become very important in terms of that mail flow that we were talking about if you only have one hub transport server than in reality the only way mail is coming in is through that one or going out through that one so there's really not much involved with connectors at that point but when your organization begins to sprawl out and you have more hub transport servers may be multiple edge transport servers then the connectors become a little bit more important the hub transport server role also involves email address policies that we'll take a look at and accepted domains so you might wonder well what's an accepted domain we're going to talk about accepted domains as well as relay domains we'll talk about remote domains so this is just something that involves the flexibility of your Exchange server to handle different design types for organisations that may have multiple domain names or organizations that may have mail coming into the exchange server and need that mail to be relayed off somewhere else either internally or externally so we'll talk about that in a moment okay so we've talked enough about the hub transport server role let's go take a quick look at how this works on an organisation and server wide level and then we'll come back to the slides because we need to map out a send connector in order to send mail to the outside world we're going to talk about that a little bit because it's one of the little hang-ups that people have when they set up an exchange server especially if it's for the first time okay so we're on our exchange server the New York exchange server that we set up and here you can see we're under server configuration hub transport now you'll note that there really isn't much here in terms of configuration we have received connectors and we have the link up here where we can actually make changes when it comes to this particular server itself you do that by right-clicking and choosing properties or going to the properties here off the actions pane and then from here we have system settings we have limits log settings so there is a little bit we can do here but not really much now most of the hub transport server work is done on the organization configuration level and so here you can see we have accepted domains which we're going to talk about in a moment we have remote domains we have edge subscriptions global settings we have journal rules which as you can see there are none to start with Transport rules email address policies where you see we have a default policy but for the most part you can see we have nothing really set up for our hub transport server so if you wanted to make changes we would start here on the actions pane and you can see new transport rule new journal rule new send connector so this is something that will require a little bit of time and effort but to start with your exchange organization just seems to work let's talk for a moment about this new send connector feature because you're going to find when it's really time to make your exchange environment live live on the Internet live for your users to send and receive mail a send connector is going to be an invaluable thing because without it especially if you don't have an edge server your users mail is not going to get very far let's go back to the slides for a moment talk about this and then we'll come back and set up a new send connector okay so let's talk about send connectors and especially let's talk about the asterisk send connector now this is a situation that comes up pretty often a person will call me and say you know I set up exchange I did exactly what you said I've read your book or I've seen your videos and I set up exchange and it's working great and I cannot send an email to the outside world what am I missing and you know it dawned on me that I don't usually tell people what to do to create the send connector to get this out to the outside world but basically you create a send connector with an asterisk you're going to see what that means in a moment but it literally is an asterisk and what happens is the server when it gets mail when the hub transport server gets mail it says huh this is mail that's not from my domain so if it doesn't say as in the case of our scenario globo man takes com in the email address if it says something like Microsoft com then it says okay well this isn't for me so I have to send it somewhere but if you don't have a send connector it doesn't know where to send it now the cool thing about this is that if you set up an edge transport server the edge transport server typically knows what to do with the mail so once it gets that mail it sends it out because it usually has the asterisk send connector created for it but the hub transport server doesn't part of the reason for that is because Microsoft is hoping you set up an edge transport server and allow your mail to go through that because that's certainly going to be the safer solution as far as they're concerned but let's say you're a smaller organization that doesn't want an edge transport server well then in that case you need that send connector to have the asterisk so we're going to jump back over to the server and create this asterisk oriented send connector but at the same time you might be wondering what about email from the outside world how does it come into my exchange organization well that involves the Public DNS you need to create an MX record that points off to your receiving Exchange server now as far as configuring your public dns really that depends on what you use to accomplish that do you control your own DNS servers do you have a hosting company control your DNS servers what type of interface do they provide you in order for you to make those changes so for example if you go through one of these sites like GoDaddy or one of the hosted sites they typically provide you with a very simple browser-based configuration tool where you can go in there and you can create an MX record that points off to your exchange server but remember you don't want to do that until you're sure you have an up and running exchange environment that's functioning smoothly before you start diverting mail into that exchange environment you need to make sure you have your mailboxes set up otherwise mail is going to start bouncing so you don't want to turn on the reality switch with an MX record until you're sure that that exchange server is ready to handle the mail coming into it for all of the users in your organization that should be receiving that mail the same is true of configuring the send connector you don't want to turn on the send connector until you're ready to also set the MX record mainly because if you start sending emails out from that organization people are going to start responding to those emails from the outside world well if they respond they're not going to be able to get back in to your people because you don't have an MX record that points them in the right direction so these are little things you have to think about when you're working with a real live solution as opposed to a test or a lab environment okay so let's jump back over and let's take a look at creating a send connector okay so we're on our exchange server again we're under the hub transport node under organization configuration and we're on the send connectors tab as you can see there's nothing here now let's say this organization was ready to take that step and start sending emails out to the internet well we would start that off by clicking new send connector and as far as the name is concerned we can name it whatever we like in this case we'll call it Internet sending and then it says select the intended use for this send connector custom internal Internet or partner we're going to choose Internet and notice what it says internet send connectors are used to send email to the Internet this connector will be configured to use DNS MX records to route email so you might say oh well I have to set up MX records well you do you have to set up MX records so that mail coming into your organization is sent in the right direction but as far as mail going out the nice thing is is if you're sending email let's say to Microsoft comm the fact that you have a server that is connected to the internet that knows how to find a DNS server of its own and knows how to send out from this server well when mail hits that server it will use DNS MX records that are already out there on the internet to route that email so you really don't have to do anything else once you set up this end connector we click Next and it asks us for an address space to which this connector will route mail we click Add and we simply put in the asterisk we can include all subdomains we can change the cost so you have your send connector created now you'll note this option here scoped send connector what is a scope to send connector you might be asking well in actuality when you create a send connector initially it can be used by all hub transport servers in the exchange organization however if you select this check box what you're basically saying is at this end connector can only be used by hub transport servers in the same Active Directory site so this is a design and an implementation decision in our case we only have the one hub transport server so we don't have to worry about this but it's good to know that you have that ability to configure your send connectors to work the way you want we click Next now at this point you can actually determine the route of your mail through smart hosts you can use the external DNS lookup settings on the transport server or you can use the default which is domain name system MX records to route mail automatically that's the easiest one to work with and that's the default so we'll leave it at that we'll click Next it says associate this connector with the following hub transport servers and you can see it's already selected the one that we have so in our case this is just fine this is the source server for this send connector we click Next and here we see the configuration we click new you you and we're all set so at this point clients that are connected up to this exchange organization clients that have the ability to send mail from their Outlook through this exchange server will now have the ability to also send a mail out to the internet this send connector will send mail using DNS MX records so again don't set this up right away make sure you do all of your other work first before you make your Exchange Server live when it comes to sending mail out to the internet now let's go back to the slides for a moment because we want to talk a little bit about new transport rules and see the way these rules work before we create one of our own okay so in discussing transport rules the important thing to remember is that transport rules will work because all mail must eventually go in and out of a hub transport server even if you use an edge transport server mail is still going to hit one of your hub transport servers within your organization and so at an organizational level you can create these transport rules now a lot of this may look familiar to you if you've worked with setting up rules for your outlook but of course we're talking about a whole different level we're talking about a much more administrative level here but the concept itself may not be foreign to you so the first step is to configure a condition and that condition can be any number of different things whether it's mail coming from a specific user or a group or leaving your organization or meeting certain criteria that's what the condition is all about then you establish an action so if mail going through that hub transport server meets up with a certain condition or criteria then this action is going to be taken so for example add disclaimer so if something meets the condition you're going to add the disclaimer and then the last thing we need to do is provide exceptions now this is something that you don't have to do you only provide an exception if it matters so the transport rule that we're going to create and remember this is just one example there are literally hundreds of different transport rules that you might create for your organization but we're going to show you one example and then from there it's up to you to determine where this might apply in your organization so we're going to say as a condition all outgoing mail not incoming but outgoing mail will have a disclaimer appended to the mail not prepended we're going to see how there's a difference but appended to the email unless it's going to a specific user and we'll determine who that user is when we make the rule so now let's go back over to our exchange server and let's see how we would walk through the creation of this particular rule okay so here we are on the exchange server again and we're under the organisation configuration under hub transport we're looking at the transport rules tab and we're going to click the action new transport rule to start with we'll give it a simple name sometimes the name alone is enough but sometimes we need to put in a comment so that we know what this rule is really all about without having to follow it from beginning to end so it's good to keep the comment up-to-date so that it's easy to figure out what the rule is supposed to do here we can disable the rule by deselecting the check box by leaving this enabled then as soon as we create the rule it's going to go into effect so that's completely up to you if you need to keep a rule let's say offline you can deselect the little checkbox here so we click Next and so here you can see the conditions and look at all of the different conditions that exist that's why it's impossible for us to tell you exactly how to create a transport rule for every single situation because every situation is going to be different so here from people from a member of a distribution list and so on actually in our case we're going to say sent to users that are inside or outside the organisation or partners so if we click that checkbox you notice that step two here is edit the rule description by clicking an underlined value so here it says sent to users that are inside the organisation but in actuality in our case we want this rule to apply to messages that are sent to users that are outside the organisation so we click the link and then we get this drop-down and here we can choose from amongst the four different settings in this case we want outside the organisation and we say ok so that's really our only condition any email that leaves our organisation goes to individuals outside the organisation we want this rule to apply to so we click Next ok so what exactly do we want to have applied again there's a lot of different information here that if we scroll down we have a variety of different actions that we can take in we want to append disclaimer text and we're going to select that now you notice we're setting it to a pend if we click that link we could choose prepend that means it goes at the top of the email instead of the bottom but that's not normally the way things are done so in this case we're leaving it at append it'll be at the bottom of the email and then here disclaimer text this rule really cannot be applied you'll notice the little pencil it's letting us know that there's some kind of a problem if we try to apply this before the pencil disappears well we need to actually include disclaimer text there's nothing here so let's type in our disclaimer and now certainly we can add more to that we say okay and here we have the text there now in the event were unable to apply this to an email here it says wrap we can choose to wrap it ignore it or reject in this case we're going to choose reject because we must have that legal disclaimer put with each and every email so we click Next and now we have exception so we're looking at exceptions and maybe we don't have any exceptions we want this always to apply but look at all of the different exception options we can choose from so here if we go back up to the top and if we say accept when the message is sent to and we can choose people and we can add who those people might be so even though the administrator is actually in house we're going to leave it as administrator just because it's easier to do that and now we have a full rule we click Next and there we have it we click finish and there is our rule now you note there's a priority level if we had multiple rules and we wanted them to apply in different priorities so that one takes place over another we can actually configure different priority levels if we open up the rule note we can change the Commons anytime we can change any of these different options as far as let's say we don't really want this exception because we don't really need to worry about an exception we want it apply to everything and we can update the rule nice and easy and so you don't want to go crazy with Transport rules you don't want to have a billion of them but it's a good idea to have a few Transport rules to control the flow of mail a little better the other set of rules that you may want to take into consideration are Journal rules which are great because again we talked about earlier the need to have a copy of information so here you can see it's a very simple rule you can set up a rule name and then the scope can be global where it's all messages internal for internal messages only external for messages with an external sender or recipient you can journal messages for recipient and then choose a specific recipient and then enable the rule so this is a very simple way to configure journaling or copying of content the journal reports themselves you can send to an email address and let's say you would send that to an administrative email address or even to a journal email address and then you can choose which recipients you're going to journal so that information would be copied off to the recipient journal email address the next thing we want to talk about is accepted domains now if we click the link here you notice we already have an accepted domain so for starters what exactly is an accepted domain well according to Microsoft an accepted domain is any SMTP namespace which stands for Simple Mail Transfer Protocol namespace for which a Microsoft Exchange organization sends or receives email okay so we know that global antics then would be an accepted domain but you note that there are three different categories there's a thorat ativ internal relay and external relay so what's the difference between each one of these being that any given namespace as an accepted domain can only be one of these three different types so as far as authoritative domains these are domains where the exchange organization literally hosts mailboxes there are email addresses that connect to mailboxes within this organization so we know in this case this is definitely an authoritative domain then because email is delivered to recipients in this exchange organization globo mant XCOM has users so if someone sends an email to Jenny at Global mantiques com well the exchange organization is configured with a mailbox for Jenny so that that email will come into the organization and go to her mailbox now one thing that a lot of people don't appreciate don't realize is the flexibility of an exchange server in this regard okay so Global mantiques com is an authoritative domain there are mailboxes but an organization can have more than one authoritative domain configured so what if we have Globo man --tx and then we have international global man ticks calm as well you can actually configure a secondary authoritative domain for international Globo man ticks calm that the exchange organization can handle so you'd have two different authoritative domains and then from there you can configure different sets of mailboxes so before we go too deep into that we'll leave that discussion for a later time but it's good for you to know that that is the flexibility of accepted domains and authoritative domains then you have internal relay domains and external relay domains so when it comes to internal relay domains this is where the exchange organization hosts some but maybe not all of the mailboxes that use that domain some call this a shared SMTP namespace so you can see here that it says email is delivered to recipients in this exchange organization or relate to an email server outside this exchange organization use this setting if the domain is shared by this exchange organization and another messaging system so you might use an internal relay domain if two companies let's say are merging or they have merged but they haven't quite consolidated their exchange environment yet under one single organization so they might have the need for a consistent email addressing scheme across both environments but still maintain separate environments and so in that case you would use an internal relay so here's an example let's say global Mattox takes over another company called avatar comm so what happens when an accepted domain is set as an internal relay domain is that the organization is still set to accept mail for the domain but if there's no recipient found in that organization then it looks to a list of send connectors to determine where to send it next and so you have to configure this so that this is the internal relay the mail comes into it but if you don't have a recipient on this server it says well what do I do with it then it uses a send connector for the namespace and sends the email for the unknown recipients to the other exchange organization that you know where it exists so you can configure it to send it off to that other exchange organization those users will get their mail but they're not hosted within this exchange organization just yet so that's sort of a mix-and-match solution the last solution there is an external relay domain this is where the exchange organization will accept mail but there are no mailboxes in that organization for that domain so it accepts the mail but then uses a send connector to relay it off to an external namespace completely so it's not like the internal relay domain where there may be recipients there and some are not know in this case it will accept the mail and send it off somewhere else so this is a solution that might be used when one exchange organization is accepting mail from the internet let's say but it's accepting mail for a non authoritative domain name and then it forwards it on to the authoritative exchange organization and you might establish this not so much at the hub transport level but more at the edge transport level in order to keep email for non authoritative domains from entering your corporate network so you configure this at the edge level and you send it off to an authoritative exchange organization and let that exchange organisation receive the mail so you might say well there's a lot of different configurations here it seems very complicated why not just set it up nice and easy the way we have it well in actuality even though it seems easy to start with different companies and different configurations different designs require different levels of flexibility so this is just showing you how the hub transport server role plays a part in providing that flexibility to your exchange organization and especially in situations where you merge with other companies and you need more flexibility because without that you're just going to pretty much have to scrap everything that you have and end up creating everything from the beginning now you might be eager to do that as an administrator certainly things seem to flow a lot better when you do that but the hassle and the frustration especially if you're dealing with a large merger large number of users and mailboxes it could just get out of hand so you don't want to have to do that all the time this gives you a lot of flexibility to accept mail for others and relay it off to them if necessary but in our case here we're doing fine we have our authoritative domain it's an accepted domain we get email coming into it we accept it we have recipients right within our organization and we don't have recipients anywhere else so so this is a nice simple implementation of our hub transport server and our domains okay so we've really given the hub transport server a good overview we're going to move over to a discussion of the edge transport server so let's go back to our slides and let's look at an overview as to what the edge transport server is supposed to do to help you to protect your organization okay so now let's talk about our last server role the edge transport server this server is unique unique when you compare it to the other server roles in that it's deployed not within your Active Directory but rather it's not a member of the Active Directory it's actually in your perimeter network it's not included within your internal network so it holds a very unique role starting with the fact that it's deployed in the DMZ or the perimeter Network and then followed up with the fact that it's not a member of the Active Directory instead you install the Active Directory lightweight services role on that edge server so you might be wondering well what do I do with this edge transport server role we've talked about it a little bit but let's see if we can narrow down what the purpose is the edge transport server is used to apply transport rules from the perimeter so you already saw how transport rules can be really beneficial if we apply them on the hub transport server mail is coming in and out of your organization and it hits that hub transport server and so those rules can be applied universally because we apply them to the organization level and it affects all hub transport servers in your organization well with the edge transport server it's a little bit different with each edge transport server you need to make sure that the transport rules are configured there's no connectivity between edge transport servers so if you set up a transport rule on one of them it doesn't automatically replicate over to one of the other ones so that's something to keep in mind making sure if you want the same rule applied universally that all of your edge transport servers have those rules and there's ways to accomplish that without manually going through and making sure you put that same rule everywhere that's a lot of room for error if you have to manually do that on each one so that's one thing that the edge transport server is really good for is transport rules from the perimeter another important feature is anti-spam which is included with your edge transport server now you may decide that you want to purchase and utilize a third party solution in addition to what's provided by the edge transport server itself and that's fine that's totally up to you there are nine different anti-spam agents that are actually given to you if that's not enough which it might not be actually then you can certainly install something else and you would put it on that edge transport server the other feature that you're looking for out of the edge transport server is antivirus protection which is not included at all with the edge transport server so you might start looking at third-party utilities microsoft recommends forefront to handle the antivirus protection forefront is designed to protect your organization from a variety of different problems that may be coming your way whether it be viruses or malware or something of that sort that comes in through your email so forefront is one tool you might want to check out you might want to look at other tools the edge transport server is also good for address rewriting you use address rewriting to provide a consistent appearance to recipients that are external to your organization when it comes to messages from your exchange organization so you can configure the address rewriting agent to modify the SMTP addresses for inbound and outbound messages so it's a good solution to maintaining that consistent appearance regardless of what's going on behind the scene this is really good for newly merged organizations there may be several domains and you want to provide a consistent appearance of email addresses for those external recipients but on the inside you may still have a mixed version of SMTP addresses and domains because you're still dealing with working out the merger and working out the configuration from the merger so address rewriting is another great feature on the edge transport server role now beyond setting it up which it's actually very easy to do because all you're doing is installing the lightweight directory services and making sure that you have all of the other prerequisites for your exchange environment then you install the edge transport server role it's the only role you can install on that server and you'll see that the exchange management console is unique to that edge transport server because we only see the edge transport server role when we're working on the edge transport server but now the goal is to create a connection back to your exchange organization we that connection there's no trust between the edge transport and the hub transport servers so you make that connection first of all by using the exchange Management Shell and using the new dash edge subscription command light on the edge transport server to create an XML file then you move that XML file to the hub transport server and then finally you use the exchange management console you could use the shell as well but it's easier to use the console to import the XML file on the hub transport server and we're going to walk through those steps as well so let's go over to our edge transport server which we already have installed and let's take a look at the exchange management console and you'll get a chance to see the difference you'll also get a chance to see the nine anti-spam agents that are included and we'll take a look at creating that edge subscription with our hub transport server okay and here we are on our edge transport server you can see right away that we're looking at the exchange management console and the console is very different because we don't have organization and server wide configuration in this case we just have edge transport we do have a tool box which is good but the edge transport has everything right here that we need that we can configure so here are the anti-spam agents we were talking about and we can count them one two three four five six seven eight nine yes just making sure I know I said nine and I wanted to make sure that that's exactly what we had was nine different anti-spam agents and you recall that earlier we installed these on the hub transport server so it's not that you can't have them on the hub transport server but you have to go through that extra step of using the exchange Management Shell to ensure that the agents are installed on that server here we have send connectors transport rules accepted domains receive connectors so these are all the things that we would normally have to worry about with an edge transport server and as you can see it's really not a lot that it has to do it has a very specific job a very specific purpose and a very limited set of things that you can work with in addition you can work with an ISO server you can install for front so there are a few other things that you can do in the perimeter to make your network more secure but really what we need to do if we want to connect our edge transport server up to our hub transport server is create an edge subscription file now when we create that file there's information about credentials that are used during the process of communication between the hub and edge transport servers that will be put into that file credentials are used to authenticate and authorize this connection between your Active Directory lightweight directory service and your active directory on the internal network so we can't do this from the exchange management console we have to open up our exchange management shell you you we're going to create the XML file we're going to move that file over to our hub transport server and then we're going to pull that file in and create that edge subscription now one of the things microsoft recommends is that you delete that edge subscription file from all locations once your edge subscription is done so it's not a good idea to keep those files around because there's a lot of important information that goes into that file so once you're done make sure that file is destroyed from both the edge and the hub transport servers so to create this file we're going to type new - edge and then we'll hit the tab key and it brings us right to edge subscription space - file name and we'll give it a normal file name let's say we put it in the C Drive and we'll just call it edge subscription dot XML and then we'll end the quotes we hit enter it gives us a ton of information that we can read and maybe the first time you do this you should read this but in our case we know that this is what we want to do we're going to confirm hit y for yes okay so that part is done now I'm going to grab that file I'm going to move it over to the hub transport server let's go over to our hub transport server and we'll import the file okay so we're back on the hub transport server and we'll show you that in a moment with the exchange management console but you can see that we moved over the edge subscription XML document that we created on the edge transport server so now if we open up our exchange management console we see that we have the hub transport role here under the organisation configuration node we have the edge subscriptions tab which currently we don't have any edge subscriptions so what we're going to do is click the new edge subscription action link here and that will kick off the wizard for us again you can do this through the exchange management shell but this is not something that you typically do in bulk so we're going to just do this here from the wizard it asks about the Active Directory site we click browse in our case you only have the one default site we'll leave it at that and say ok and then it asks us about the subscription file we click browse and we'll go right to our desktop grab that file and say open and then here there's a little link automatically create a send connector for this edge subscription so we'll leave that and we'll click new okay and it completed so it gives us a little warning here it's giving us some information that's not a bad thing that's actually a very good thing it shows us what Exchange Management shell command was used it gives us information about being able to resolve the IP address for the DMZ edge server and be able to connect to that host on port five zero six three six so this is something that we're going to have to make sure we have available through the firewalls but ultimately that was really the end of the process so now we have an edge transport server that will handle the front line of mail coming in and going out of our organization I don't know about you but I feel safer already you
Info
Channel: Pluralsight IT - Training Archive
Views: 138,109
Rating: undefined out of 5
Keywords: Exchange Server 2010, Server roles, mailbox role, client access role, hub transport role, unified messaging role, edge transport role
Id: Q_zVn5Eqfco
Channel Id: undefined
Length: 88min 37sec (5317 seconds)
Published: Wed Feb 06 2013
Related Videos
Pluralsight Webinar: Networking Fundamentals: Mastering IP Addressing in Under 1 Hour
Pluralsight IT - Training Archive
403K
Fundamental of IT - Complete Course || IT course for Beginners
Geek's Lesson
2.1M
Manage Mailbox in Microsoft Windows Exchange Server 2010
Pluralsight IT - Training Archive
141K
HOW TO MAKE A SUPER EXTENSION CORD! (Perfect for Christmas!)
Stud Pack
1.1M
CompTIA A+ Certification Video Course
PowerCert Animated Videos
2.8M
The Top 15 Senior Admin Exchange Questions Answered by Jaap Wesselius
Kemp
22K
Configuring Public Folders in Exchange Server 2010
Pluralsight IT - Training Archive
40K
Kubernetes Crash Course for Absolute Beginners [NEW]
TechWorld with Nana
272K
Marty Lobdell - Study Less Study Smart
PierceCollegeDist11
15M
Active Directory Concepts and Installation with Windows Server 2008 R2
Paul St.Onge
171K
Exchange 2010 Training - Module 02 Lesson 03 Part 1 Installing an SSL Certificate
Practical 365
25K
Exchange 2010 DAG
Pluralsight IT - Training Archive
49K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.