Pages

Wednesday, June 15, 2016

Edge Transport Server Planning and Configuration for Internet Mail Flow

In MS Exchange Server 2013, Edge Transport Server Role has been re-introduced that provides improved anti-spam protection by handling all the internet-facing mail flow for the Exchange organization. Agents present on the Edge Transport server contains layers that enables protection of messages against viruses/spam and apply transport rules to control mail flow. You might have read my last blog which I had written about creation of new database in exchange server and delete the default one. I am going to discuss something new about exchange server, so In this post the Content will be describing way to guide Exchange Server users in Edge Transport Server planning and configuration for Internet Mail Flow.

Planning before deploying Edge Transport Server

The Edge Transport Server Role needs to be deployed in the perimeter network and is not considered the member of organization’s active directory forest. These servers need data stored in Active Directory like connector info for mail flow and recipient info for anti-spam recipient lookup tasks.
Few issues that needs to considered before installation of Edge Transport servers:
  1. Server Capacity
    Planning for capacity of the server helps in conducting performance monitoring of the Edge Transport Server that will help users understand the potential of the server. This information will help in determining the current hardware configuration.
  2. Transport Features
    As the Edge transport server provides anti-spam protection, the planning process should include determination of anti-spam features that needs to be enabled at Edge Transport server and how it can be configured.
  3. Security
    In order to have minimal attack surface in the Edge Transport Server role, it is necessary to correctly secure & manage both the physical & network access to server. Proper planning for security enables only the IP connections from authorized servers/users.
To ensure that Edge Transport Server can send/receive emails from the MS Exchange EdgeSync Service, user must allow communication through the ports listed below:

The preferred way to subscribe Edge Transport server on Exchange organization is by using EdgeSync. Creating Edge subscription involves one-way replication of recipient & configuration data from Active Directory to AD LDS (Active Directory Lightweight Directory Services). EdgeSync keeps only the required data required by Edge Transport server for mail flow and anti-spam configuration tasks.

Configure Internet Mail Flow through Subscribed Edge Transport Server

In order to establish internet mail through an Edge Transport Server, we can subscribe the edge transport server to the Exchange 2013 mailbox server. It will automatically create two send connectors needed for internet mail flow:
  • One Send Connector for sending outbound email to all internet domains
  • Another Send Connector for sending inbound email from the edge transport server to an Exchange 2013 Mailbox Server
Before we subscribe an Edge Transport Server to organization, we need to configure authoritative domains and email address policies for the organization. In addition, we need to enable the secure LDAP port 50636/TCP through Firewall that will separate the perimeter network from the Exchange organization. Edge Transport Server must be able to communicate with all the Exchange 2013 mailbox servers in Active Directory site.
Steps to configure Internet Mail Flow through subscribed Edge Transport server are as follows:
  1. We need to create Edge Subscription file on the Edge Transport Server using the following command:
    For Example: We take Edge Subscription file is EdgeSubscriptionInfo.xml under the location path D:\My Folder. The Force parameter is used to suppress prompts with the confirmation that commands will be disabled and warning of configuration data may be overwritten on the Edge Transport Server. New-EdgeSubscription –FileName “D:\My Folder\EdgeSubscriptionInfo.xml” –Force
  2. We will be subscribed to the Edge Transport Server after copying the Edge Subscription file to a Mailbox server in the active directory site.
  3. To import the Edge Subscription File on the mailbox server, we will use the following commands:
    Here, Filename -> the path of Edge Subscription File
    E.g. F:\Data\EdgeSubscriptionInfo
    SiteName -> Name of the Active Directory Site
    E.g. Default-First-Site-Name
  4. We will run the following commands on the mailbox server to start the EdgeSync Synchronization -> “Start-EdgeSynchronization
  5. After completing the process, we must delete the Edge Subscription file from both Edge Transport server and the mailbox server as this file contains information related to credentials used in LDAP (Lightweight Directory Access Protocol) communication process.

Conclusion

The article has been aimed to focus on what issues user needs to keep in mind before deploying Edge Transport Server in the Exchange Organization for the anti-spam protection features. It also further describes the steps of configuration of the Internet Mail Flow through Subscribed Edge Transport Server. 
To learn more about Exchange Server and Office 365 keep reading my Exchange Server Guide Blog.

0 comments:

Post a Comment

Post a reply