Exchange 2010 – Part 20 – A look at the Hub and Edge Transport Server Roles

The Hub and Edge Transport Server Roles

The purpose of this post is to explain the differences between the two transport role servers, the Hub Transport and the Edge Transport.

We will look at some of the key aspects of transport servers including:

  • Send/Receive Connectors
  • Anti-spam and Anti-virus protection
  • Transport Rules
  • Hub/Edge Synchronization

Take for example a scenario where your company has configured enough of it’s organization that they want to be able to send and receive email in full production. Because of this, we should discuss the configuration elements involved in our transport role servers. In our example, we have more than just a Hub Transport server, we also have an Edge Transport server that we installed but never configured to work with our Hub.

You’re never really completely done with Exchange, there’s always something left to do, to monitor etc.

So to start, in the Hub Transport server in the EMC, and click on Organization Configuration -> Hub Transport, we have several tabs:

Click Image to Enlarge

Send Connectors – Here you might not see any send connectors if none have been setup. Receive connectors are located under the Server Configuration-> Hub Transport. We don’t have any Anti-spam settings here yet in our Hub Transport role.

Edge Subscriptions – Here we will create a connection to our Edge Transport Server

Global Settings – we will go over this later

Email Address Policies – we will go over this later

Transport Rules – Here we can create transport rules, with conditions, actions, and exceptions – by default none.

Journal Rules – by default are blank

Remote Domains – we will go over this later

Accepted Domains – we will go over this later

 

If we remote into our “Edge” transport server, our EMC will be pretty much empty except for our Edge Transport settings. It’s one of the easiest server roles to work with because there is not much here to configure:

Click Image to Enlarge

The five tabs we have to work with are:

Anti-Spam

Send Connectors

Receive Connectors

Transport Rules

Accepted Domains

Hub vs. Edge: – Hub is on the inside of the firewall

Edge Transport sits on the edge of the network, in the DMZ. It it isolated, but is there to defend the network. Edgesynch synchrononization is the connection between the hub and edge transport servers.

Hub handles all of the mail flow within the company: Applies Transport Rules, Journaling policies, delivers messages to mailboxes and more.

 

If there is no Edge transport role, the Hub will relay messages to the internet. The Edge Transport server minimizes attacks from the internet – virus, spam, etc. . You can have more than one Hub or Edge Transport servers for failover capabilities.

You can export settings from one Edge Transport server to a 2nd Edge.

Do you need to have an Edge Transport Server? No. However, it is recommended that you have some kind of protector in se.

Without an Edge Transport Server, by default you will be missing Anti-Spam solution, and certain Transport Rules.

You can enable Anti-Spam on the Hub transport server, or a 3rd party solution.

Mail will go through Hub and Edge transport servers. All mail will flow between them.

  • If you have one HT and one ET, all mail will flow between them, both incoming and outgoing
  • To make the connection between the HT and ET you need to make a manually configured synchronization. It is also called a subscription or an “edge synch process”
The Edge Transport Role is engineered to protect on the front lines of your network
  • It isn’t part of the domain
  • It can cut down the spam at the front door
The Hub Transport role, although it can protect the front lines to a degree, is designed to be a second layer of defense and has a greater role in message compliance, internal mail flow and policy enforcement.

 

 

 

A large majority of the content provided in my Blog’s Exchange series is derived from J. Peter Bruzzese’ excellent Train Signals Exchange Server 2010 Video Disk Series, as well as my own Exchange 2010 lab. Trainsignal.com is an invaluable source for accurate, easy to understand, IT information and training. http://www.trainsignal.com