Installing, Configuring Exchange 2007 Edge Server (Part 1)
Installing, Configuring Exchange 2007 Edge Server (Part 1)
Despite the success in conquering internal corporate networks, earlier Exchange versions failed to replicate the same success at the DMZ. One reason for this was the Exchange server installation requirements that included IIS and Active Directory. These are often considered too cumbersome for hosts running internet facing services.
Splitting functionality into distinct roles, allowed Exchange 2007 to provide the first DMZ friendly solution. The Edge server role was thus born, an SMTP transport where email hygiene applications filter emails before allowing entry and exit to/from the internal network.
Today we walk through the installation of an Exchange Edge server. We also configure this to connect to the Exchange servers running internally.
Network Layout
We start our walk with a look at the network layout. A typical DMZ is shown below. Internet originating email is received by the Edge server. If accepted this is relayed to the internal Exchange Hub transport. In case of outgoing email, the Hub transport uses the Edge server as a smart host.For the purposes of this article, the internal network is already up and running. The internal domain name is exchinbox.local. An Exchange Hub transport server is also in place accepting emails for the domain adminstop.com.
Edge Installation Requirements
We start the Edge installation from a standalone Windows 2003 SP2 server. To satisfy the basic Exchange 2007 requirements we install the .NET Framework 2.0, MMC and PowerShell. With these bits out of the way, we look at some requirements specific to the Edge role.First we have to configure the DNS Suffix for the Edge machine:
- Open the properties for 'My Computer'
- Select the Computer Name page and click Change
- Click More
- Enter the DNS name of the internal domain. In our case exchinbox.local
- Finally we restart the machine
Thus on Windows 2003 we install the Active Directory Application Mode ADAM service. Just like Active Directory this is an LDAP directory service. However this will only be used to store information relevant to Exchange.
We download ADAM SP1 from the Microsoft download center. The Service Pack includes all the bits and can be installed directly on a machine where ADAM was never installed.
There is nothing worthy of note regarding the installation of ADAM. It is just a matter of clicking Next, 'I Agree' and Finish.
Note: ADAM is included with Windows 2003 R2. In this case use the Optional Component Manager to complete this installation.
Note: If we were installing Edge on Windows 2008 instead of ADAM we would install Active Directory Lightweight Directory Services (AD LDS).
Installing the Edge Server Role
We now satisfied the installation requirements. Using the Microsoft Update Service we make sure we also have all the latest updates. Finally we are ready to install the Edge Server role.The usual Exchange 2007 installation Wizard greets us. Here we choose the Custom Exchange Server Installation option since Edge is not part of the typical installation.
Looking at ADAM
As already discussed, in this setup ADAM is acting as the configuration repository for the Edge server. ADAM is really a sibling of Active Directory. Thus tools that we usually use against Active Directory are also available for ADAM. Let's use ADSI Edit to take a look at what ADAM is storing.- Start MMC: Run | mmc.exe
- Open, File | Add/Remove Snap-in | Add | ADAM ADSI Edit
- Add the Snap-In and click OK to close the Add/Remove Snap-in dialog
- Now right-click the ADAM ADSI Edit node and select 'Connect To...'
- At the Connections Settings Dialog change the port to 50389. This is the default port ADAM listens to.
- Hit OK to connect and we are ready to browse the directory. Here is the all too familiar Exchange Administrative Group object...
Final Tips
Today we started the deployment of an Exchange 2007 Edge server. We looked briefly at the general characteristics of the DMZ, the network segment to home our installation.Next we looked at the installation requirements. These contribute greatly in making the Exchange 2007 Edge server role DMZ friendly. The requirements include ADAM. This fills up the void left by the lack of the Active Directory service, providing storage for the Edge server configuration. Once all requirements were satisfied, installing Edge was just a matter of selecting the custom installation type and the Edge server role.
In the next part of this article we will proceed with the configuration and connection of the Edge server to the Exchange servers running internally.
Installing, Configuring Exchange 2007 Edge Server (Part 2)
Comments
Post a Comment