EzCloudInfo

Edge server serves as a best security filtering system for all the incoming and outgoing emails  in our organization. It prevents spammers from exploring and hacking our network.

In real time edge servers will be placed in a DMZ zone.
So the setup will be looking like below
Intranet (Basically corporate LAN) – intranet firewall – DMZ – perimeter firewall –  Internet

So we should be placing the edge server’s right in between the intranet and perimeter firewall which is demilitarized zone.
Basically in this DMZ zone there wouldn’t be full access to the directory services because this DMZ zone acts as a first filtering agent for any kind of spam messages that are coming to the network.
We will have the DMZ be placed in a different sub-net apart from LAN sub-net for security reasons not to expose the LAN network to the spammers.So we use the concept of DNS suffix so that we would be able to communicate with the LAN network with minimal required access to few services.

With help of ADLDS installed on edge servers ,directory services would be able to provide dedicated required services for Edge server.Here the edge transport server uses the ADLDS services to store the recipient and configuration information alone.

By having this information it would be able to validate the authenticated valid users on its own domain, applying the required spam filtering agent settings for its recipients, knowing the connector configurations and routing the mail-flow accordingly.
Following are the prerequisites for installing Edge server
Remote Tools Administration Pack
ADLDS
Required Windows components – NET-Framework, ADLDS
Windows Management Framework 4.0
Follow below TechNet article to install Exchange 2013 edge server Prerequisites
http://technet.microsoft.com/en-us/library/bb691354(v=exchg.150).aspx

1. Configure DNS suffix on Edge server.
Add the edge server name along with the domain name as the DNS suffix.

In my-case im adding it as edge2013.exchangequery.com

2. Configure firewall rule as following:

Inbound traffic:
SMTP – TCP port 25 (from Internet)
SMTP – TCP port 25 (from Edge server to Hub server on internal network)
Outbound traffic:
SMTP – TCP/UDP port 25 (from Edge to Internet)
SMTP – TCP/UDP port 25 (from Hub to Edge server)
LDAP for Edge Sync – TCP port 50389 (from Mailbox to Edge server) Secure LDAP for Edge Sync – TCP port 50636 (from Mailbox to Edge server). Do not open these ports on perimeter firewall. These ports should be open only on intranet firewall.

Note:

If you are installing edge in lab setup you can follow the below steps
1) Bring edge server and do not join it in a domain.
2) Add the DNS suffix with the domain name alone.
3) Have edge server on a different subnet. But have these 2 subnets on the same VLAN.
4) Add one ip range of edge server in mailbox server as Additional in advance TCP/IP settings in the primary NIC. Similarly do the same for edge server. Add one ip range of mailbox server as Additional in advance TCP/IP settings in the primary NIC.
By doing this only you would be able to ping these 2 different sub-nets and they will have network connectivity.
In real time scenarios we have to ensure connectivity between perimeter n\w and LAN n\w and all the required ports open else we will be having trouble with the edge synchronization with the mailbox servers.

3. Install the Exchange 2013 Edge server

Select the edge transport role

Wait for the readiness to be completed.

Reboot the computer once the setup completes successfully.
After the reboot ensure that the edge server is installed. From Exchange 2013 we do not have exchange 2013 management through GUI and it is from exchange management shell on the edge server itself.But after Edge-synchronization is completed we will be able to manage the edge server from EAC.

Run the following command to ensure that edge server is available.

Get-Transportservice
Also you can run Get-Transportservice | FL to check all other parameters as well.

4. Start edge subscription by following command:

“New-EdgeSubscription –Filename “C:\edgeserversubscription.xml”

5. Copy the xml file to the mailbox server local disk.

6. Complete subscription by running the below command:

New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path “C:\EdgeServerSubscription.xml” -Encoding Byte -ReadCount 0)) -Site “Default-First-Site-Name”

7. Run Start-EdgeSynchronization

Now we need to Start-EdgeSynchronization cmdlet to immediately start synchronization of configuration data from Active Directory to the subscribed Edge Transport server.
Start-EdgeSynchronization -Server exchangequery.com

Once the synchronization is over the edge setup is completed successfully.
Cheers
Sathish Veerapandian
Technology Consultant  🙂