Exchange 2010 - To edge or not to edge...
Posted on 2011-09-26
Not a problem so much as advice sought.
I am in the process of setting up a home/lab environment based on Microsoft products. They are all virtualised and currently have 3 servers (one more to come). The environment consists of a DC running 2008R2, a Forefront TMG, an exchange 2010 server, which is the process of being set up, and eventually an IIS/app server.
TMG has been set up as a three leg perimeter, with the DMZ marked as private (ultimately the DMZ will host the IIS server). I am a little unsure on how to set up the exchange environment though.
It will be a small setup, probably less than 10 mailboxes, and I originally intended putting all roles on the same machine as it will get such a small number of hits. I read originally that the Hub Transport can be set up to do the job of an Edge Transport, which in small environments is how MS suggests doing things. However, I got to wondering where to locate the server.
Firstly, am I right in saying that the CAS needs to go in the internal network and that the Edge Transport needs to go in the DMZ (a strange concept for me as I thought, for OWA, the CAS needed outside access and should therefore be in the DMZ)? Can I get away without creating a separate Edge Transport server even if its in the internal LAN? And finally, if I were to set up the Hub Transport to do the job of the Edge Transport (if I understand that correctly) and this were all on the internal LAN, what do I lose out on anything in terms of security for example (I'm sure it can't just be down to resources, and how much mail is being processed).
I am torn between using up more system resources creating a whole new VM just for this role, and keeping it all simple. This is partly for furthering my own understanding, but at the same time, I don't want it all falling over because the kit is underspec'ed.