The Edge Transport server role was designed specifically to deploy into a perimeter network. However, there is lag time for both newly created and updated accepted domains and accepted users on the Edge server because of built in EdgeSync delay replication and cache delay (see KB Article 936159).

For this reason, we offer an alternative deployment scenario where the Microsoft Exchange 2007 SP1 Hub Transport server can be reached directly through the Internet. In the reference architecture, this Internet-facing Hub Transport server is called EXHUBEXT01. The Service provider should evaluate the increased security risks of this deployment option (compared to implementing a perimeter network-based SMTP gateway, such as the Edge Transport server) with the benefits of having immediate mail access to newly provisioned SMTP domains and users.

The Internet-facing Hub Transport server will offer antivirus and anti- spam protection similar to the security provided by the Edge server role.

The Internet-facing Hub Transport Server is a Hub Transport server role with Forefront security. In this topic, you will deploy the Exchange 2007 SP1 Internet-facing Hub Transport server.

Tasks

  1. Prepare the Internet-facing Hub Transport Server (EXHUBEXT01)
  2. Install IIS
  3. Install Windows PowerShell
  4. Install the Hub Transport Server Role
  5. Install Forefront Security for Exchange Server on the Internet-facing Hub Transport Server

Prepare the Internet-facing Hub Transport Server (EXHUBEXT01)

Procedure W08-DWHE.18: To prepare the Internet-facing Hub Transport Server (EXHUBEXT01)

  1. Install Windows Server 2008 (x64) on EXHUBEXT01.

  2. Enable Remote Desktop.

  3. Join the Fabrikam domain.

  4. Disable Windows Firewall.

Install IIS

Procedure W08-DWHE.19: To install IIS

  1. On EXHUBEXT01, open the Server Manager console.

  2. Add the Web Server (IIS) role. Add the features required for Web Server (Windows Process Activation Service) when prompted.

  3. In addition to the default web server roles, select IIS 6 Management Compatibility management tool.

  4. Confirm your selections and start the installation.

Install Windows PowerShell

Procedure W08-DWHE.20: To install Windows PowerShell

  1. On EXHUBEXT01, open the Server Manager console.

  2. Add the Windows PowerShell feature. Follow the prompts to complete the installation.

Install the Hub Transport Server Role

Procedure W08-DWHE.21: To install the Hub Transport Server Role

  1. Log on to EXHUBEXT01 as Fabrikam\Administrator.

  2. Using the Exchange 2007 SP1 installation media, run Exchange 2007 SP1 setup from the command line specifying the Hub Transport server role:

      Copy Code
    Setup /mode:install /roles:HT
    

Install Forefront Security for Exchange Server on the Internet-facing Hub Transport Server

Procedure W08-DWHE.22: To install Forefront Security for Exchange server on the Internet-facing Hub Transport server

  1. Log on to EXHUBEXT01. from the Forefront Security for Exchange Server SP1 media, run Setup.exe.

  2. Perform a local installation with full-installation type. Configure Quarantine security settings (Secure Mode or Compatibility Mode) based on your security requirements. Select up to five scan engines and continue with the installation.

  3. After installation has successfully completed, Setup can stop and restart Exchange services automatically (required for Forefront for Exchange Server to become active). Follow the instruction to perform the restart.

  4. Open Forefront Server Security Administrator to verify that transport scan job is listed and enabled.