The Exchange 2013 Edge Server version of this Screencast is available here.

The Edge Server is one of the Exchange 2010 server roles. What makes it quite different from the other Exchange 2010 Server roles is that:
– It is designed to reside in the DMZ (Perimeter Network)
– Handles incoming messages from the Internet – the MX record for your email domain(s) should be pointing to Edge Server’s public IP
– It is not member of Active Directory – typically is deployed in a workgroup
– It is not installed on an Exchange server in your Exchange 2010 organization – you cannot combine the EDGE role with any other Exchange Server role

– The Edge server checks only SMTP traffic – all inbound and outbound e-mails for your organization should be flowing through it
– You cannot use the Edge server for OWA (Outlook Web Access), Outlook Anywhere, POP3, IMAP access

An organization can choose to not have an EDGE server and still have a fully functional messaging environment. As we demonstrate in our Screencast Exchange Server 2010 Initial Configuration, you can configure an Exchange 2010 Hub Transport server to receive directly messages from the Internet.
However, a standard Exchange server is an attractive target. In case of a security breach it might allow an attacker access to mailboxes and Active Directory data. Here comes into play the Edge server as a lean, locked-down standalone version of Exchange server. The data, synchronized one way – from the internal AD into the local instance of AD LDS (Active Directory Lightweight Directory Service), is hashed, which makes it of little use to an attacker. In addition, the EDGE server is running a truncated version of Exchange Management tools. As you will see, the EMC (Exchange Management Console) is showing data just for the local Edge server and has quite a limited functionality. The same way EMS (Exchange Management Shell) supports a limited set of cmdlets.

In the following Screencast, we demonstrate the installation and initial synchronization of Exchange 2010 SP1 Edge Transport server on Windows 2008 R2 OS. For your convenience, we have published the text file with the commands which we are using in the Screencast here .

Step 1 We start with an overview of our network diagram and our existing Exchange configuration. The Exchange 2010 SP1 EDGE server will be installed in a DMZ, and we discuss the required ports that need to be open on the firewall.

Step 2 Next, we prepare and install the new Edge server – set its name, DNS suffix, workgroup membership. As you can see, Windows 2008 R2 SP1 contains the required Exchange patches and updates which simplifies significantly our task. In addition, we take advantage of the Exchange 2010 SP1 option to add automatically the required windows server roles and features.

Step 3 This step is very important as most Edge server problems are connected with name resolution issues or firewall ports configuration. We adjust and test the name resolution on both the Edge and Hub server. Then, we test the ports required for normal communication between the Edge and Hub server.

Step 4 Finally, we are ready to subscribe the Edge Server to our Exchange 2010 organization. In case you have multiple AD sites, as it is in our demo, you have to choose the site with the fastest and most reliable connection to the edge server.