Should I Setup edge server for Exchnage 2010 or use third party software for antispam and antivirus?

I am planning to install Exchange 2010 server, Should I install Edge server on different machine or on the same server of exchange or I use instead GFI mail essentials or Kaspersky anti virus?
what is the best practice? Because  I am scared to install Exchange in 2 servers , It seems to me little bit scary?
IhabAsked:
Who is Participating?
 
RadweldConnect With a Mentor Commented:
Most installations of exchange do not need edge transport servers. You can install 3rd party anti virus and still use Microsoft anti spam by running a script to install these into the server with the hub transport role.

Edge transport does offer some advantage but none of my customers run it.
0
 
kpa2011Connect With a Mentor Commented:
Edge server can not be in the same domain as other server roles. Also Edge server is not mandatory if you have subscribed for third party provider for anti spam/virus like MS FF services or so. Else you install Edge on a server with anti virus/anti spam module installed. Also I suggest you need to firewall configured.
0
 
Jessie Gill, CISSPConnect With a Mentor Technical ArchitectCommented:
You can't install an edge server with any other exchange role.  it has to be by itself, exchange won't even let you install another role if you select edge server.


The edge server is really only for spam, and antivirus filtering for mail not OS.  You should have Antivirus on all your exchange servers with the correct exceptions to protect OS also.  Honestly I don't know many people using edge server role, most people I know use a dedicated appliance like a watch guard or barracuda, or software like Symantec mail security for exchange.  GFI mail essentials is fine also.  Putting an edge server does complicate your architecture, since all mail goes to that server when it enters your system instead of you one server you have setup, and you will have do some firewall and exchange configurations to get it going.  So if you are comfortable doing that then go for the edge server if not then do something like GFI, or Symantec mail security for exchange.  Also having multiple exchange servers is fine, I run 8 for my organization, 3 CAS, 2 HUB, and 3 mailbox in a DAG.  I also use a watch guard appliance.  We thought about setting up edge servers but we choose an appliance as it was easier to setup and we got way better reporting.

If you want to go edge server then you do the below

1. Install edge server on it’s own server (Exchange will not allow Edge role to be installed with any other exchange role) in your DMZ
2. Steps to configure it - http://exchangeserverpro.com/exchange-2010-edge-transport-server-configuring-edgesync


Reading you should do
http://technet.microsoft.com/en-us/library/bb124701.aspx

Good luck
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
IhabAuthor Commented:
The third party software i.e gfi mail essentials or Kaspersky run on the exchange server or on different server gateway?
0
 
Jessie Gill, CISSPTechnical ArchitectCommented:
Well I'm pretty sure they will need to run othe hub role, so if you only have 1 exchange server then I who uld imagine they run on it.  You would need to read the install instructions.  But most software spam filters like symantectmail security need the hub role installed I imagine the gfi is no different.
0
 
TheNemesisConnect With a Mentor Commented:
Having spam and virus protection on the productive server only can be an issue for some people. Therefor an edge can separate your 1st line of defense from your crucial email data. Using anti-virus and anti-spam on your edge will hold off lots of unwanted content from your production environment.

If you don't like the idea of installing two exchange servers, there are virtual appliances (eg. from Trend Micro) that you can use to prescan your mail. In combination with cloud prescanning this can be very effective.

Anti-virus on the production server should in any case be in place.
0
 
IhabAuthor Commented:
thanks for your support
so if I have 1 Exchange server, and I buy GFI mail essentials , is it oka if I install it on this server, no issues?
0
 
Jessie Gill, CISSPTechnical ArchitectCommented:
well it should be fine, just make sure you read the install steps and configure GFI correctly.  As GFI will probably show up as a transport agent.  Since it looks like you are a small shop i see a lot of companies run 1 exchange server and just send all their mail to it.  It is always better to have a permitter device or server but you can get by without it in your case.  So again just follow the GFI best practices for installing the software.
0
 
TheNemesisCommented:
Yes, for SMB environments, it's okay, I don't like GFI and would prefer Trend Micro instead, but that's not the question ... ;)
0
 
RadweldConnect With a Mentor Commented:
There are two forms of anti virus, exchange aware and basic file level. The file level anti virus won't stop a virus being emailed to you where as Exxhange aware will. Hopefully the exchange aware system will come preconfigured as there are a number of exceptions ie what not to scan, that have to be configured. Regardless of what product you installed, you shoul check that the pre configured exclusions have the correct exceptions, the following will help you check or configure them.

http://technet.microsoft.com/en-us/library/bb332342.aspx
0
 
IhabAuthor Commented:
thanks in advance
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.