11/11/2008

A server role is a collection of services that performs a specific function. Collectively, the server roles make up the server.

Server roles provide the following advantages:

Reduces potential ways to attack an Exchange server. You can add servers in the company network without disrupting the Client Access Server operation or exposing these servers outside the corporate local area network (LAN).
Simple installation lets you fully customize a server to support business goals and needs. You select the features to install.
Potentially increases server performance because the overall CPU and memory usage workload is disbursed to several server operating systems.

Server roles can reside on one piece of server hardware, or distributed across several.

MDM Server Roles

The following describes System Center Mobile Device Manager (MDM) server roles.

Server Role	Description
MDM Device Management Server	MDM Device Management Server is the server that manages devices that connect to MDM Gateway Server. MDM Device Management Server can check information about a device and apply required Group Policy or software packages to it.
MDM Enrollment Server	MDM Enrollment Server provides Administration service, Enrollment Web service, and Enrollment service. The following shows what these services provide: The Administration service provides the interface for cmdlets. These support command-line configuration and other services to interact with the server. This includes configuring services and requesting new enrollment passwords. MDM Shell or the Windows® PowerShell™ cmdlets address these services. MDM Console Snap-in: MDM Console is a GUI-based management tool. This Microsoft Management Console (MMC 3.0) snap-in lets you manage Windows Mobile devices, components, and gateway servers. For more information, see Overview of MDM Management Consolein MDM Operations. The Enrollment Web service manages incoming requests from mobile devices to enroll on the company network. When the Enrollment Web service receives a request, it manages communications with the mobile device until it enrolls. Afterward, MDM Gateway Server handles communications. The Enrollment service processes all incoming enrollment requests. This includes Active Directory Domain Service and public key infrastructure (PKI) on behalf of the device.
MDM Gateway Server	MDM Gateway Server provides a network access point for managed devices. Typically, this server is installed in the perimeter network of the company where it helps reduce risks to the internal network security. MDM Gateway Server has the following characteristics: MDM Gateway Server is a stand-alone server that faces the Internet from inside the perimeter network, but is outside the company network firewall. MDM Gateway Server is a stand-alone server, not domain-joined, and does not share accounts or passwords with the company domain. There is no direct use of Active Directory Domain Service, NTLM, or Kerberos access to authenticate devices because these require the server to be domain-joined, or to store domain credentials. MDM Gateway Server authenticates incoming connection requests by verifying that the request is signed by a particular root certificate. MDM Gateway Server then checks authorized devices against a blocked-device list that you can configure. MDM Gateway Server has a Certificate Store. MDM uses certificates on a Windows Mobile device to authenticate managed devices, MDM Gateway Server, and MDM Device Management Server. These certificates are stored in the Windows Certificate Store. For improved security, MDM Gateway Server does not initiate connections to MDM Device Management Server.

Server Role

Description

MDM Device Management Server

MDM Device Management Server is the server that manages devices that connect to MDM Gateway Server. MDM Device Management Server can check information about a device and apply required Group Policy or software packages to it.

MDM Enrollment Server

MDM Enrollment Server provides Administration service, Enrollment Web service, and Enrollment service. The following shows what these services provide:

The Administration service provides the interface for cmdlets. These support command-line configuration and other services to interact with the server. This includes configuring services and requesting new enrollment passwords. MDM Shell or the Windows® PowerShell™ cmdlets address these services.
MDM Console Snap-in: MDM Console is a GUI-based management tool. This Microsoft Management Console (MMC 3.0) snap-in lets you manage Windows Mobile devices, components, and gateway servers. For more information, see Overview of MDM Management Consolein MDM Operations.
The Enrollment Web service manages incoming requests from mobile devices to enroll on the company network. When the Enrollment Web service receives a request, it manages communications with the mobile device until it enrolls. Afterward, MDM Gateway Server handles communications.
The Enrollment service processes all incoming enrollment requests. This includes Active Directory Domain Service and public key infrastructure (PKI) on behalf of the device.

MDM Gateway Server

MDM Gateway Server provides a network access point for managed devices. Typically, this server is installed in the perimeter network of the company where it helps reduce risks to the internal network security.

MDM Gateway Server has the following characteristics:

MDM Gateway Server is a stand-alone server that faces the Internet from inside the perimeter network, but is outside the company network firewall.
MDM Gateway Server is a stand-alone server, not domain-joined, and does not share accounts or passwords with the company domain. There is no direct use of Active Directory Domain Service, NTLM, or Kerberos access to authenticate devices because these require the server to be domain-joined, or to store domain credentials.
MDM Gateway Server authenticates incoming connection requests by verifying that the request is signed by a particular root certificate. MDM Gateway Server then checks authorized devices against a blocked-device list that you can configure.

MDM Gateway Server has a Certificate Store. MDM uses certificates on a Windows Mobile device to authenticate managed devices, MDM Gateway Server, and MDM Device Management Server. These certificates are stored in the Windows Certificate Store.

For improved security, MDM Gateway Server does not initiate connections to MDM Device Management Server.

Exchange Server Roles

The following describes Microsoft® Exchange Server 2007 server roles that you can use in MDM message deployment.

Server Role	Description
Client Access Server	This role is necessary in a mobile messaging deployment. This role supports Microsoft Exchange ActiveSync® client applications, the Post Office Protocol version 3 (POP3), and Internet Message Access Protocol version 4, revision 1 (IMAP4) protocols. It is the primary server component of the mobile messaging system. In distributed role topology, the Client Access Server behaves as a front-end server to the Mailbox Server on the company network. The Client Access Server role manages ActiveSync communication with a Windows Mobile device.
Mailbox Server	This role is necessary in a mobile messaging deployment. This role hosts mailboxes and public folders.

Server Role

Description

Client Access Server

This role is necessary in a mobile messaging deployment.

This role supports Microsoft Exchange ActiveSync® client applications, the Post Office Protocol version 3 (POP3), and Internet Message Access Protocol version 4, revision 1 (IMAP4) protocols. It is the primary server component of the mobile messaging system.

In distributed role topology, the Client Access Server behaves as a front-end server to the Mailbox Server on the company network. The Client Access Server role manages ActiveSync communication with a Windows Mobile device.

Mailbox Server

This role is necessary in a mobile messaging deployment.

This role hosts mailboxes and public folders.

For more information about Microsoft Exchange 2007 server roles, see the Server Role Roadmap section for Microsoft Exchange Server 2007, at this Microsoft Web site: http://go.microsoft.com/fwlink/?LinkID=87058 .

MDM Server Roles

Exchange Server Roles

See Also

Concepts