Deploying Edge Transport in existing Exchange 2007 enviroment

I have an existing server running Exchange 2007 with hub, cas, transport, and mailbox roles all on this server.  I have allowed SMTP to flow directly from the internet to this system and things are working great.
I would now like to deploy an edge transport server in our DMZ.  Does anyone have any suggestions, hints, or gotchas for adding the edge server after-the-fact?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Matthew MillersCommented:
Install the edge
Subscribe the edge

That should be about it.
It straight forward,

Install Edge -- make sure the computer had a dns suffix (install gives error if you dont)
make sure edge can resolve name of hub server either host file or point to internal dns
subscribe the edge.....

Note I just wrote a blog on antispam on the hub however its similar for edge that may help you in configuration
Matthew MillersCommented:
The edge also does safelist aggregation which I think is pretty cool
ncluettAuthor Commented:
Thanks for the input.  Additionally, what about the accepted domains?  Does the Edge server learn this as part of the subscription process or do I manually need to remove them from the current server and add them on the Edge?  What about the receive connector?  Should I remove our external email receive connector from the first server before I subscribe the edge or just leave it and remove the "anonymous users" permission?
Also, I'm currently using Trend ScanMail on the cas, hub, mailbox server.... should I uninstall this and install only on the edge or do I want it on both servers?  Is Forefront the way to go instead?
Matthew MillersCommented:

Accepted domain are part of the sync process. You should be able to leave the receive connector as is.

Is trend certified for 2007? If it is, then i guess there is no reason not to keep using it. But if I was to tow the line, forefront is the way to go.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.