Physical architecture

  • Article

The physical architecture for Windows EBS Standard is structured around three discrete servers. The servers are connected through the network and configured to meet hardware requirements (as described in the Server hardware requirements section of this document). Windows EBS Premium Edition adds a fourth server to the server group to run SQL Server and user-installed business applications. The Management, Security, and Messaging Server architectures for the Standard and Premium Editions are the same.

The following sections explain the components that are included in each server.

Management Server

Most of the components that are installed on the Management Server are dedicated to using, operating, and managing the Windows EBS network and environment. Examples of these tasks include:

  • Creating user accounts

  • Installing and assigning Windows EBS client access licenses (CALs)

  • Printing documents

  • Managing certificates

  • Monitoring system health

  • Displaying critical alerts

To support these tasks, the following components are installed on the Windows EBS Management Server. The primary components in this list are described in the Product technologies section of this document.

User interface components

  • Windows EBS Administration Console

  • New User Account Wizard

  • Install CAL Packs Wizard

Application components

  • System Center Essentials monitoring and management component

  • System Center Essentials update management and software deployment components

  • Active Directory Domain Services components

  • Domain Name System (DNS)

  • DHCP Server service

  • File and print services

  • Exchange Server 2007 management tools

  • Forefront TMG management tools

  • Internet Information Services (IIS)

  • Windows EBS licensing service

  • Certificate services

Data management components

  • Active Directory Domain Services database

  • DNS data store

  • Certificate store

  • SQL Express database, which stores data for the following applications:

    • Forefront security

    • Forefront antivirus

    • Forefront anti-spam

    • Windows EBS management (Administration Console)

    • System Center Essentials

  • Windows EBS license store

  • User shared files and folders

  • Redirected Documents and My Documents folders

You can choose the hard disk drives that you want to use to install these applications and data components during installation. The Installation Wizard gives you the option to save system and application files on one hard disk drive or partition and data files on a different hard disk drive or partition, or you can choose to store everything on one hard disk drive or partition. It is recommended that you separate the system and application files from the data files to ease your backup, restore, and disaster recovery operations.

Security Server

The Windows EBS Security Server provides an application-layer firewall to help secure your network. In addition to a high-layer protocol filter provided by the firewall, the Security Server contains anti-spam and antivirus security components for e-mail and Web traffic. The Security Server enables controlled access to published Web sites, dial-up and direct Internet access to a virtual private network (VPN) server, and controlled access to Terminal Server (by using the RemoteApp application).

To support these and related tasks, the following components are installed on the Windows EBS Security Server. The primary components in this list are described in the Product technologies section of this document.

User interface components

  • Forefront TMG console

  • Exchange Server 2007 Edge Transport console

Application components

  • Forefront TMG

  • Exchange Server Edge Transport

  • VPN

  • Forefront Security for Exchange Server

Data management components

  • Exchange Server 2007 data store

  • Active Directory Lightweight Directory Services data stores for:

    • Exchange Server Edge Transport

    • Forefront TMG

  • SQL Express database for Forefront TMG

As with the Management Server, you can choose physical locations to install these applications and data components on the Security Server during installation.

Messaging Server

The Windows EBS Messaging Server supports internal and external messaging and acts as the secondary Active Directory domain controller. To support these roles, the server has the following primary components installed:

User interface components

  • Exchange Server 2007 management tools

Application components

  • Exchange Server 2007 Hub Transport

  • Exchange Server 2007 Client Access Server

  • Exchange Server 2007 Mailbox

  • Terminal Services Gateway

  • Active Directory Domain Services components

  • DNS

  • DHCP Server service

  • IIS

  • Remote Web Workplace

Data management components

  • Active Directory Domain Services database

  • DNS data store

  • Exchange Server 2007 data store, which contains:

    • Exchange Server 2007 Mailbox data

    • Exchange Server 2007 logs

As with the Management and Security Servers, you can choose physical locations to install these applications and data components on the Messaging Server during the installation. It is recommended that you separate the system and application files from the data files.