I am currently setting up an Exchange Server deployment that will utilize two Exchange Servers (2013) in two different locations sharing the same email domain. The two locations are already up and running with a domain controller and Exchange server at each, with a hardware VPN tunnel up and running between them.
I would like to set up an Edge Transport server in AWS EC2 to route the inbound emails (coming only from antispam services) based on their respective assigned Exchange store. I intend to use a VPC setup at AWS with hardware VPN tunnels to the two locations. The Edge Transport server would not be used to send outbound email.
I have two questions:
1. Can i run the Exchange Transport Server Role (2013) on a domain controller? Or should i have two instances in EC2, one for a domain controller and one for the Edge Transport server?
2. Which AWS VPC configuration would be best to use for this, "VPC with Public and Private Subnets and Hardware VPN Access" or can i get away with using "VPC with a Private Subnet Only and Hardware VPN Access" and ordering up an elastic IP and NATting the Edge Server instance for inbound SMTP connections from the antispam services?
Please note when responding with your suggestions that hosting the email servers themselves (or using an email hosting service) in the cloud is not an option.
Thanks in advance for your help.