The Edge Transport server role was designed specifically to deploy into a perimeter network. However, there is lag time for both newly created and updated accepted domains and accepted users on the Edge server because of built in EdgeSync delay replication and cache delay (see KB Article 936159). This can cause unwanted NDR messages for hosting organizations.
For this reason, we offer an alternative deployment scenario where the Microsoft Exchange 2007 SP1 Hub Transport server can be reached directly through the Internet. In the reference architecture, this Internet-facing Hub Transport server is called EXHUBEXT01. The Service provider should evaluate the increased security risks of this deployment option (compared to implementing a perimeter network-based SMTP gateway, such as the Edge Transport server) with the benefits of having immediate mail access to newly provisioned SMTP domains and users.
The Internet-facing Hub Transport server will offer antivirus and anti- spam protection similar to the security provided by the Edge server role.
The Internet-facing Hub Transport Server is a Hub Transport server role with Forefront security. In this topic, you will deploy the Exchange 2007 SP1 Internet-facing Hub Transport server.
- Install Prerequisites for the Internet-facing Hub Transport
- Install the Hub Transport Server Role
- Install Forefront Security for Exchange Server on the
Internet-facing Hub Transport Server
Install Prerequisites for the Internet-facing Hub Transport Server (EXHUBEXT01)
A number of prerequisites must be installed before the Exchange 2007 SP1 Hub Transport server role can be installed.
Procedure W03-DWHE.11: To install prerequisites for the Internet-facing Hub Transport server
Install Windows Server 2003 R2 Standard Edition (x64) with SP2
Install the Microsoft .NET Framework 2.0 with SP1.
Install the Windows Server 2003 Support Tools.
Join the Fabrikam domain.
Enable the ASP.NET 2.0 Web service extensions in Internet Information Services Manager.
Install Microsoft PowerShell 1.0.
Install the Hub Transport Server Role
After you install the prerequisites, install the Exchange 2007 SP1 Hub Transport server role on EXHUBEXT01.
Procedure W03-DWHE.12: To install the Hub Transport server role
Log on to EXHUBEXT01 as Fabrikam\Administrator.
Using the Exchange 2007 SP1 installation media, run Exchange 2007 SP1 setup from the command line specifying the Hub Transport server role:
Setup /mode:install /roles:HT
Install Forefront Security for Exchange Server on the Internet-facing Hub Transport Server
Procedure W03-DWHE.13: To install Forefront Security for Exchange server on the Internet-facing Hub Transport server
Log on to EXHUBEXT01. from the Forefront Security for Exchange Server SP1 media, run Setup.exe.
Perform a local installation with full-installation type. Configure Quarantine security settings (Secure Mode or Compatibility Mode) based on your security requirements. Select up to five scan engines and continue with the installation.
After installation has successfully completed, Setup can stop and restart Exchange services automatically (required for Forefront for Exchange Server to become active). Follow the instruction to perform the restart.
Open Forefront Server Security Administrator to verify that transport scan job is listed and enabled.