Understanding Edge Transport Servers with an Exchange 2003 Hybrid Deployment
Applies to: Exchange Server 2010 SP2
Topic Last Modified: 2011-07-25
The Edge Transport server role is typically deployed on a computer located in an Exchange organization's perimeter network and is designed to minimize the attack surface of the organization. Available in Exchange 2007 and later, the Edge Transport server role handles all Internet-facing mail flow, which provides SMTP relay and smart host services for the Exchange organization. Additional layers of message protection and security are provided by a series of agents that run on the Edge Transport server and act on messages as they're processed by the message transport components. These agents support the features that provide protection against viruses and spam and apply transport rules to control message flow.
Learn more at: Exchange 2007: Edge Transport Server Role: Overview
Learn more about Edge Transport servers in Exchange 2010 at: Overview of the Edge Transport Server Role
Exchange Online uses Microsoft Forefront Online Protection for Exchange (FOPE) instead of Edge Transport servers to provide SMTP relay and smart host services and manage the anti-malware and anti-spam features for cloud-based organizations. For message communications between your on-premises and cloud-based organizations, these services are handled differently in a hybrid deployment than in a typical stand-alone on-premises Exchange organization.
In both a hybrid and stand-alone Exchange deployment, the on-premises Edge Transport server handles message protection and security for inbound and outbound mail routing to external organizations and recipients. However, the on-premises Edge Transport server is bypassed for message routing between the on-premises and cloud-based organizations in a hybrid deployment. Instead, the on-premises hybrid server and the cloud-based FOPE service handle message routing between the two organizations. Additionally, the cloud-based FOPE service handles all message protection and security for messages between the on-premises and cloud-based organizations.
Adding the hybrid server changes message routing configuration and the way that messages are processed within your Exchange organization in several ways:
The hybrid server is automatically included as an available Hub Transport server in your Exchange organization Because the hybrid server is configured with the Hub Transport server role and directly queries Active Directory, it automatically assists other Hub Transport servers in your organization with routing all incoming messages to your on-premises mailbox servers. From the Edge Transport server's perspective, the hybrid server is the equivalent of simply adding another Hub Transport server in the Exchange 2010 organization. The hybrid server automatically assists in the routing of incoming messages from the Internet to on-premises recipient mailboxes, not just cloud-based recipients in your organization. This behavior is by design when you are using Edge Subscriptions to route Internet mail.
The hybrid server assists with handling journaling and transport rules for your Exchange 2007 organization When the hybrid server is added to your existing Exchange organization, all existing journaling and transport rules are imported from your on-premises Hub and Edge Transport servers. The hybrid server will apply these rules when processing messages just like any other Hub Transport server in your organization. However, if you update or add new journaling or transport rules in your organization after installing the hybrid server, you will need to manually update these rules on the hybrid server. The hybrid server won't automatically import changes to journaling or transport rules after it has been added to your Exchange organization. This behavior is by design because Transport rules have changed significantly in Exchange 2010.
Learn more at: Upgrade from Exchange 2007 Transport
The hybrid server assumes your organization's EdgeSync synchronization duties Because Exchange 2010 is preferred for EdgeSync synchronization, the hybrid server assumes EdgeSync duties the next time a Hub Transport server selection occurs for EdgeSync synchronization in your organization. If you prefer that the hybrid server doesn't take over EdgeSync synchronization, you can disable the Microsoft Exchange EdgeSync service on the hybrid server.
Learn more at: Understanding Edge Subscriptions
Learn more at Upgrade from Exchange 2007 Transport