Wednesday, 8 August 2012

Understanding the Purpose of Server Roles


Understanding the Purpose of Server Roles

Earlier versions of Exchange Server allowed the administrator to specific various types of servers such as a Front-End Server, a Mailbox Server or a Bridgehead Server.  However, because all the code gets deployed into the Exchange installation, this inevitably results in unnecessary services and features being installed.  This translated into a larger attack surface, which is not desirable from a security point of view.  By offering a total of five different server roles, Exchange 2007 seeks to reduce this attack surface.
During installation, administrator are prompted to choose which of the server role (or roles) that they want installed, which includes the Mailbox Role, the Client Access Role, Hub Transport Role, Unified Messaging Server Role, and the Edge Transport Server Role.   These roles are designed either for deployment on internal or perimeter networks.  The majority of the server roles meant for internal networks with the exception of the Edge Transport Role, which was specially designed for the perimeter.
Assuming the presence of an Edge Transport Role configured and placed in the perimeter network, a total of two firewalls can be deployed for greater security; one firewall between the perimeter network and the internal network, and another one between the perimeter network and the Internet.  An additional layer of defense to protect your organization from external attacks would be to deploy an Internet Security and Acceleration (ISA) server to work in tandem with Exchange to tighten things down even further.  Do note that the Mailbox Server Role, Client Access Server Role and Hub Transport Server Role are essential in Exchange 2007.
The Edge Transport Role can be ignored for organizations that may prefer not to deploy it, while the Unified Messaging Server is also optional where unified messaging capabilities is not required.  Future lessons will discuss the features of each server role in greater detail.

No comments: