First…. rumor control….. no the edge role is not required for Exchange 2007…..
Now, the biggest question I get asked about the Edge role is regarding the redundancy. On a basic level most people want the edge role to be clustered, load balanced, or some other comforting idea. The reality is that Microsoft’s recomended approach is simply using round robin. There can be several Exchange 2007 edge servers in the network perimeter that service your organization. Using round robin allows administrators to easily add/remove edge servers, it also enables low-cost redundancy as all modern DNS systems support round robin. I would like to see load balancing as a supported option for customers who want to use it, but I have not seen or heard anyone testing or pushing for this yet.
So what does this mean to you? Is round robin sufficient? Well if the hub transport submits email to the edge transport and does not complete the SMTP conversation due to the edge server having a failure, the hub transport will retry the submission, with round robin the hub is likely to get a different server then it previously conversed with and therefore has a high likelihood of avoiding the previous issue. Of course this isn’t perfect and without active monitoring outbound email could certainly suffer. MS has not published much on this so I can expand if you REALLY need me to (they are working on it)
Here is a diagram from Microsoft’s site to help illustrate the scenario:
UPDATE: 2/13/07 – apparently MS’s re-designed web site removed the gif….How do they ever expect anyone to hear a consistent message if they are always moving things around? You can get a diagram in PDF form from their site
So is this technology worth it? well there are no official numbers of messages/sec supported, but I have heard numbers with no rules (anti-spam, re-writes, etc) enabled that are comparable to enterprise appliances (e.g. Ironport & Ironmail) and numbers with all the rules enabled that are comparable with SMB appliances (e.g. Clearswift). So… somewhere in between is where most companies will be with their rule sets and somewhere in between should be the expected performance (at a much lower cost).
That leaves the security of the physical server…. I can not attest to this, I would love to hear about attempts to get into an Edge role that is properly configured though, if you have done this… drop me a line. The services are restricted and the database is offloaded to ADAM (to protect AD and the internal services). The Edgesync is ONE way (hub -> ADAM)… so ONLY SMTP goes through the firewall Edge -> Hub (more details here). Once the data is in ADAM, the Edge uses it’s own jet database to transport the email with lookups to ADAM for delivery instructions (including looking up blocked senders for every user, etc). This is interesting as the Edge server is essentially the hub transport server (using a jet database) with everything extra turned off, that is querying ADAM for delivery details (kind of the lightweight everything in the DMZ). Of course a lot of people are still worried about this, eWeek’s big review of Exchange 2007 stated edge SHOULD reside behind another appliance… hmm wouldn’t that add to the processing time… and as such the overall delivery time and add to the complexity of the environment?
What do you think about this technology? Go take the poll…..Should the Exchange 2007 Edge Server Role reside behind a separate web facing appliance?
So…. Cast your votes!!
Me? In general, I vote for NOT putting edge behind some other appliance, if you are going to use it…. get rid of your other gear and use edge…..otherwise, don’t use it. Of course every customer has their own scenarios and should carefully evaluate AND TEST the technology before implementing it…. so let us know what are your plans.