Should I Setup edge server for Exchnage 2010 or use third party software for antispam and antivirus?

I am planning to install Exchange 2010 server, Should I install Edge server on different machine or on the same server of exchange or I use instead GFI mail essentials or Kaspersky anti virus?
what is the best practice? Because  I am scared to install Exchange in 2 servers , It seems to me little bit scary?
IhabAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RadweldCommented:
Most installations of exchange do not need edge transport servers. You can install 3rd party anti virus and still use Microsoft anti spam by running a script to install these into the server with the hub transport role.

Edge transport does offer some advantage but none of my customers run it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kpa2011Commented:
Edge server can not be in the same domain as other server roles. Also Edge server is not mandatory if you have subscribed for third party provider for anti spam/virus like MS FF services or so. Else you install Edge on a server with anti virus/anti spam module installed. Also I suggest you need to firewall configured.
0
Jessie Gill, CISSPTechnical ArchitectCommented:
You can't install an edge server with any other exchange role.  it has to be by itself, exchange won't even let you install another role if you select edge server.


The edge server is really only for spam, and antivirus filtering for mail not OS.  You should have Antivirus on all your exchange servers with the correct exceptions to protect OS also.  Honestly I don't know many people using edge server role, most people I know use a dedicated appliance like a watch guard or barracuda, or software like Symantec mail security for exchange.  GFI mail essentials is fine also.  Putting an edge server does complicate your architecture, since all mail goes to that server when it enters your system instead of you one server you have setup, and you will have do some firewall and exchange configurations to get it going.  So if you are comfortable doing that then go for the edge server if not then do something like GFI, or Symantec mail security for exchange.  Also having multiple exchange servers is fine, I run 8 for my organization, 3 CAS, 2 HUB, and 3 mailbox in a DAG.  I also use a watch guard appliance.  We thought about setting up edge servers but we choose an appliance as it was easier to setup and we got way better reporting.

If you want to go edge server then you do the below

1. Install edge server on it’s own server (Exchange will not allow Edge role to be installed with any other exchange role) in your DMZ
2. Steps to configure it - http://exchangeserverpro.com/exchange-2010-edge-transport-server-configuring-edgesync


Reading you should do
http://technet.microsoft.com/en-us/library/bb124701.aspx

Good luck
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

IhabAuthor Commented:
The third party software i.e gfi mail essentials or Kaspersky run on the exchange server or on different server gateway?
0
Jessie Gill, CISSPTechnical ArchitectCommented:
Well I'm pretty sure they will need to run othe hub role, so if you only have 1 exchange server then I who uld imagine they run on it.  You would need to read the install instructions.  But most software spam filters like symantectmail security need the hub role installed I imagine the gfi is no different.
0
TheNemesisCommented:
Having spam and virus protection on the productive server only can be an issue for some people. Therefor an edge can separate your 1st line of defense from your crucial email data. Using anti-virus and anti-spam on your edge will hold off lots of unwanted content from your production environment.

If you don't like the idea of installing two exchange servers, there are virtual appliances (eg. from Trend Micro) that you can use to prescan your mail. In combination with cloud prescanning this can be very effective.

Anti-virus on the production server should in any case be in place.
0
IhabAuthor Commented:
thanks for your support
so if I have 1 Exchange server, and I buy GFI mail essentials , is it oka if I install it on this server, no issues?
0
Jessie Gill, CISSPTechnical ArchitectCommented:
well it should be fine, just make sure you read the install steps and configure GFI correctly.  As GFI will probably show up as a transport agent.  Since it looks like you are a small shop i see a lot of companies run 1 exchange server and just send all their mail to it.  It is always better to have a permitter device or server but you can get by without it in your case.  So again just follow the GFI best practices for installing the software.
0
TheNemesisCommented:
Yes, for SMB environments, it's okay, I don't like GFI and would prefer Trend Micro instead, but that's not the question ... ;)
0
RadweldCommented:
There are two forms of anti virus, exchange aware and basic file level. The file level anti virus won't stop a virus being emailed to you where as Exxhange aware will. Hopefully the exchange aware system will come preconfigured as there are a number of exceptions ie what not to scan, that have to be configured. Regardless of what product you installed, you shoul check that the pre configured exclusions have the correct exceptions, the following will help you check or configure them.

http://technet.microsoft.com/en-us/library/bb332342.aspx
0
IhabAuthor Commented:
thanks in advance
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.