Exchange 2013 to 2016 migration

I have done some researching in upgrading my current exchange 2013 to 2016, and I have a problem with needing to have the edge server outside my AD organization. All my servers are running in VMs in a scale computing hyperconverged system.  Can I just have the edge server on the same network, but not added to the domain, would that work?
Otherwise,  I would have to purchase a physical server to run somewhere outside of my firewall, which complicates things.

Any recommendations?
DanNetwork EngineerAsked:
Who is Participating?
 
AmitIT ArchitectCommented:
Edge Transport. I advise just skip it, if you don't need headache of maintaining additional server and paying extra license cost to MS for OS and Exchange. As per my experience, it is a waste of time and money, installing Edge role.
0
 
Tom CieslikIT EngineerCommented:
I think you can install Edge server as Virtual Machine in same subnet but you can't add it to your corporate domain, so you going to need a local server administrator to log on, not domain admin.
0
 
DanNetwork EngineerAuthor Commented:
if that would work, it would make my life easy, as I can just create another VM and just not add it to the domain.  Have you tested this?
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
DanNetwork EngineerAuthor Commented:
I just found an article that the edge transport role is not required, so I'm going to skip on installing it and only install the mailbox role to keep things simple.
0
 
8046586Commented:
If you have extra network cards on the server, you can always virtualise it and run on a dedicated LAN.
0
 
DanNetwork EngineerAuthor Commented:
True, but I would have to setup a new server for that, what I wanted to avoid.  I think I'm just going to skip having an edge transport role.
0
 
8046586Commented:
You still need some exchange antivirus installed on the server or move that service to some provider.
0
 
DanNetwork EngineerAuthor Commented:
My firewall has a dual engine to check for AV.   I also am using Webroot, so I can make sure that's installed on the exchange server.
I guess there are also services online that I can send all my mail to flow through their servers as they scan for AV, spam, etc... first before it hits my exchange, but that gets costly.
0
 
8046586Commented:
Depend on the number of users you have. I calculated that for a small site, less than 20 users, is cheaper to host e-mails in the cloud than on a local server. Price for the antivirus will come close to the price for hosting the mailbox.
0
 
DanNetwork EngineerAuthor Commented:
I have about 100 users, but I have closer to about 380 exchange accounts.
0
 
Todd NelsonSystems EngineerCommented:
You are right, afacts, an Edge Transport server is not required.  In fact, I never recommend an Edge Transport server especially when a spam filtering product is already in use.  What spam filtering solution do you have in place?
0
 
DanNetwork EngineerAuthor Commented:
I'm currently using webroot AV, but not sure how much exchange Spam protection that offers, I guess I need to find out.
0
 
8046586Commented:
I think you should stick to your server AV for files and internet security. You cannot mix AV applications, and you have to stick to your current AV recommendation for Exchange. Otherwise, you should explore the option for cross upgrade. For my clients, I am installing ESET because they have complete security solution and local support in the city which is most important (getting expert dialling the DDI),
0
 
DanNetwork EngineerAuthor Commented:
I just found out that webroot does not have any exchange antispam protection, so I will need to look for something.
Does anyone recommend a good solution?
0
 
Todd NelsonSystems EngineerCommented:
Definitely a hosted spam filter like Barracuda, Sonicwall, Mimecast, Proofpoint, etc.
0
 
DanNetwork EngineerAuthor Commented:
So it's best to pass all my traffic via a 3rd party spam filter company?  That's just too intrusive, I feel like all our data would be available if they were to get hacked or would somehow just sell the info.
0
 
8046586Commented:
I always prefer everything on site and rely on my self or hosting everything in the cloud and keep the hands clean rather than splitting the services. I have bad experiences with split responsibilities because when something is not going as should, both parties are pointing the finger to other sites, and customers suffer.
0
 
Todd NelsonSystems EngineerCommented:
Personally having your spam filtered by a 3rd party is better than having all of that traffic come on site which will cause bandwidth latency.
0
 
DanNetwork EngineerAuthor Commented:
Thanks everyone for your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.