Internal Message Delivery
Mailbox servers communicate with the Hub Transport server
using MAPI over RPC.? Each AD site that contains a Mailbox server must also
have an Exchange server running the Hub Transport role, both the Mailbox and
Hub Transport roles can be installed on the same system.? When a message is
sent from a user in one AD site to a user in another AD site the messages are
first queued up on the Hub Transport server.? The Hub Transport server then
determines if it can make a direct connection to the Hub Transport server in
the destination AD site.? If it can, the message is sent directly to the target
Hub Transport server.? If it can not, the Hub Transport server in the source
site will then contact a Hub Transport server in the next AD site based on the
site topology defined.
Each Hub Transport server
communicates only with an Edge Transport or other Hub Transport servers.?
Communications between Hub Transport and Edge Transport servers are carried out
using SMTP over Transport Layer Security (TLS) with Kerberos authentication.?
The Hub Transport server communicating with the Edge Server is also responsible
for pushing configuration, recipient, and other settings to the Edge Transport
server.
External Message Delivery
The Edge Transport Server, unlike previous versions of Exchange,
DO NOT communicate with the Active Directory.? The Edge server should also NOT
be installed into an existing Domain; it should be setup on a stand-alone
member server only.? When the Edge role is installed, Active Directory
Application Mode (ADAM) is also installed on the server.? The Hub server
communicating with the Edge server is responsible for pushing the required
information to ADAM on the Edge server.? In short, the Edge server only sends
and receives messages to and from the Hub server.? It never needs to contact
another server inside the firewall, nor does it require a complex set of ports
to be opened up.? The messages sent between the Hub and Edge servers are also sent
using SMTP over TLS.? If an Edge server is communicating with another Edge
server, such as one located at a partner or other organization, it will attempt
to use SMTP over TLS and also use signed and encrypted Message Level Security
(MLS).? In Exchange 2007, setting up message encryption between two
organizations will be very simple. ?Currently, it requires creating a TXT
record in the DNS that stores a public encryption key.? The Edge Transport role
can also be used to replace Sendmail and other non-Microsoft solutions that
many larger companies have used in their DMZ to provide an extra layer of
security for their e-mail system.
Figure 4 - Exchange 2007 Topology
Conclusion
Exchange 2007 is a major update and will require additional
education for users to be able to employ some of the new features, but at the
same time it will increase end-user productivity.? With the changes to
calendaring some of the most common headaches will be greatly reduced and users
and administrators will be provided with better flexibility.? The multiple
infrastructure and management changes and improvements will also provide for a
more robust and secure messaging environment.? Stay tuned for future updates to
this article and additional articles as more information becomes available on
Exchange 2007.
More Information
|
