The Edge Server is one of the Exchange 2010 server roles. What makes it quite different from the other Exchange 2010 Server roles is that:
- It is designed to reside in the DMZ (Perimeter Network)
- Handles incoming messages from the Internet - the MX record for your email domain(s) should be pointing to Edge Server's public IP
- It is not member of Active Directory – typically is deployed in a workgroup
- It is not installed on an Exchange server in your Exchange 2010 organization – you cannot combine the EDGE role with any other Exchange Server role
- The Edge server checks only SMTP traffic - all inbound and outbound e-mails for your organization should be flowing through it
- You cannot use the Edge server for OWA (Outlook Web Access), Outlook Anywhere, POP3, IMAP access
An organization can choose to not have an EDGE server and still have a fully functional messaging environment. As we demonstrate in our Screencast Exchange Server 2010 Initial Configuration
, you can configure an Exchange 2010 Hub Transport server to receive directly messages from the Internet.
However, a standard Exchange server is an attractive target. In case of a security breach it might allow an attacker access to mailboxes and Active Directory data. Here comes into play the Edge server as a lean, locked-down standalone version of Exchange server. The data, synchronized one way - from the internal AD into the local instance of AD LDS (Active Directory Lightweight Directory Service), is hashed, which makes it of little use to an attacker. In addition, the EDGE server is running a truncated version of Exchange Management tools. As you will see, the EMC (Exchange Management Console) is showing data just for the local Edge server and has quite a limited functionality. The same way EMS (Exchange Management Shell) supports a limited set of cmdlets.
In the following Screencast, we demonstrate the installation and initial synchronization of Exchange 2010 SP1 Edge Transport server on Windows 2008 R2 OS. For your convenience, we have published the text file with the commands which we are using in the Screencast here