Edge Server Deployment Without TLS

Hi.

My organization us using the following Exchange server: 1 x Exchange 2010 w/SP3 (Mailbox Role) and 1 x Exchange 2010 w/SP3 (CAS + Hub Transport).

Emails are currently sent out and received using a smart host e.g an anti spam appliance

We are planning to remove the smart host and introduce Exchange Edge server to carry out this task.

I have the following questions:

1. Is it necessary to have a load balanced edge server to send/receive email? Can I deploy a single edge server instead? I have about 500 mailbox users.

2. Is it necessary to use TLS between the edge server and the CAS server? We are currently using a cloud based email threat prevention solution that secures messages using TLS from their Cloud ETP --> our Smart Host --> our CAS server

Due to this implementation, there were instances when emails containing malware attachments got through our firewall without detection.

If we implement an Edge server, can we do away with TLS between the Edge server and the CAS server? Is there any repercussion or downside to doing this?

Please advise.

Regards,

spurs_adr

August 4th, 2015 9:24pm

1. You can deploy a single edge server if you can afford to have a the SPOF.

2. Although it's not necessary to have TLS between hub and edge, it's a common practice. In fact, Exchange server will try to use TLS for all SMTP traffic whenever possible. You should leave it as is. It's not recommended to use firewall to scan malware in email. You already have cloud based malware scanning. Generally speaking, it's much better than firewall in terms of efficiency and accuracy.

Free Windows Admin Tool Kit Click here and download it now
August 5th, 2015 12:28am

1. You can deploy a single edge server if you can afford to have a the SPOF.

2. Although it's not necessary to have TLS between hub and edge, it's a common practice. In fact, Exchange server will try to use TLS for all SMTP traffic whenever possible. You should leave it as is. It's not recommended to use firewall to scan malware in email. You already have cloud based malware scanning. Generally speaking, it's much better than firewall in terms of efficiency and accuracy.

August 5th, 2015 4:26am
This forum is for Exchange Development questions. Your question seems more about Exchange mailflow, and would be better served in the Exchange mailflow forum on TechNet. I'll move it over for you.
Free Windows Admin Tool Kit Click here and download it now
August 5th, 2015 11:20am

Hi,

Great advice for Li.

As additional, we can also enable attachment filter in Edge server. For your reference:
https://technet.microsoft.com/en-us/library/aa997242(v=exchg.141).aspx

Thanks.

August 6th, 2015 10:06pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics