Exchange 2013 to 2016 migration

I have done some researching in upgrading my current exchange 2013 to 2016, and I have a problem with needing to have the edge server outside my AD organization. All my servers are running in VMs in a scale computing hyperconverged system.  Can I just have the edge server on the same network, but not added to the domain, would that work?
Otherwise,  I would have to purchase a physical server to run somewhere outside of my firewall, which complicates things.

Any recommendations?
DanNetwork EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tom CieslikIT EngineerCommented:
I think you can install Edge server as Virtual Machine in same subnet but you can't add it to your corporate domain, so you going to need a local server administrator to log on, not domain admin.
0
DanNetwork EngineerAuthor Commented:
if that would work, it would make my life easy, as I can just create another VM and just not add it to the domain.  Have you tested this?
0
DanNetwork EngineerAuthor Commented:
I just found an article that the edge transport role is not required, so I'm going to skip on installing it and only install the mailbox role to keep things simple.
0
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

8046586Commented:
If you have extra network cards on the server, you can always virtualise it and run on a dedicated LAN.
0
DanNetwork EngineerAuthor Commented:
True, but I would have to setup a new server for that, what I wanted to avoid.  I think I'm just going to skip having an edge transport role.
0
8046586Commented:
You still need some exchange antivirus installed on the server or move that service to some provider.
0
DanNetwork EngineerAuthor Commented:
My firewall has a dual engine to check for AV.   I also am using Webroot, so I can make sure that's installed on the exchange server.
I guess there are also services online that I can send all my mail to flow through their servers as they scan for AV, spam, etc... first before it hits my exchange, but that gets costly.
0
8046586Commented:
Depend on the number of users you have. I calculated that for a small site, less than 20 users, is cheaper to host e-mails in the cloud than on a local server. Price for the antivirus will come close to the price for hosting the mailbox.
0
DanNetwork EngineerAuthor Commented:
I have about 100 users, but I have closer to about 380 exchange accounts.
0
Todd NelsonSystems EngineerCommented:
You are right, afacts, an Edge Transport server is not required.  In fact, I never recommend an Edge Transport server especially when a spam filtering product is already in use.  What spam filtering solution do you have in place?
0
AmitIT ArchitectCommented:
Edge Transport. I advise just skip it, if you don't need headache of maintaining additional server and paying extra license cost to MS for OS and Exchange. As per my experience, it is a waste of time and money, installing Edge role.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DanNetwork EngineerAuthor Commented:
I'm currently using webroot AV, but not sure how much exchange Spam protection that offers, I guess I need to find out.
0
8046586Commented:
I think you should stick to your server AV for files and internet security. You cannot mix AV applications, and you have to stick to your current AV recommendation for Exchange. Otherwise, you should explore the option for cross upgrade. For my clients, I am installing ESET because they have complete security solution and local support in the city which is most important (getting expert dialling the DDI),
0
DanNetwork EngineerAuthor Commented:
I just found out that webroot does not have any exchange antispam protection, so I will need to look for something.
Does anyone recommend a good solution?
0
Todd NelsonSystems EngineerCommented:
Definitely a hosted spam filter like Barracuda, Sonicwall, Mimecast, Proofpoint, etc.
0
DanNetwork EngineerAuthor Commented:
So it's best to pass all my traffic via a 3rd party spam filter company?  That's just too intrusive, I feel like all our data would be available if they were to get hacked or would somehow just sell the info.
0
8046586Commented:
I always prefer everything on site and rely on my self or hosting everything in the cloud and keep the hands clean rather than splitting the services. I have bad experiences with split responsibilities because when something is not going as should, both parties are pointing the finger to other sites, and customers suffer.
0
Todd NelsonSystems EngineerCommented:
Personally having your spam filtered by a 3rd party is better than having all of that traffic come on site which will cause bandwidth latency.
0
DanNetwork EngineerAuthor Commented:
Thanks everyone for your help.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.