2 Client Access Server role
The Client Access Server
role offers access to the mailboxes for all available protocols. In
Exchange Server 2003, Microsoft introduced the concept of "front-end"
and "back-end" servers, and the Client Access Server role is comparable
to an Exchange Server 2003 front-end server.
All clients connect to the
Client Access Server and, after authentication, the requests are proxied
to the appropriate Mailbox Server. Communication between the client and
the Client Access Server is via the normal protocols (HTTP, IMAP4, POP3
and MAPI), and communication between the Client Access Server and the
Mailbox Server is via Remote Procedure Calls (RPC).
The following functionality is provided by the Exchange Server 2010 Client Access Server:
HTTP for Outlook Web App
Outlook Anywhere (formerly known as RPC/HTTP) for Outlook 2003, Outlook 2007 and Outlook 2010
ActiveSync for (Windows Mobile) PDAs
Internet protocols POP3 and IMAP4
MAPI on the Middle Tier (MoMT)
Availability
Service, Autodiscover and Exchange Web Services – these services are
offered to Outlook 2007 clients and provide free/busy information,
automatic configuration of the Outlook 2007 and Outlook 2010 client, the
Offline Address Book downloads and Out-of-Office functionality.
NOTE
SMTP Services are not offered by the Client Access Server. All SMTP Services are handled by the Hub Transport Server.
At least one Client
Access Server is needed for each Mailbox Server in an Active Directory
site, as well as a fast connection between the Client Access Server and
the Mailbox Server. The Client Access Server also needs a fast
connection to a Global Catalog Server.
The Client Access Server
should be deployed on the internal network and NOT in the network's
Demilitarized Zone (DMZ). In order to access a Client Access Server from
the Internet, a Microsoft Internet Security and Acceleration (ISA)
Server should be installed in the DMZ. All necessary Exchange services
should be "published" to the Internet, on this ISA Server.
3 Hub Transport Server role
The Hub Transport Server role
is responsible for routing messaging, not only between the Internet and
the Exchange organization, but also between Exchange servers within your
organization.
All messages are always
routed via the Hub Transport Server role, even if the source and the
destination mailbox are on the same server, and even if the source and
the destination mailbox are in the same Mailbox Database. For example,
in Figure 8, the Hub Transport Server is responsible for routing all messages:
Step 1: A message is sent to the Hub Transport Server.
Step 2: A recipient on the same server as the sender means the message is sent back.
Step 3:
When the recipient is on another mailbox server, the message is routed
to the appropriate Hub Transport Server. This is then followed by...
...Step 4: The second Hub Transport Server delivers the message to the Mailbox Server of the recipient.
The reason for routing all
messages through the Hub Transport Server is simply compliancy. Using
the Hub Transport Server, it is possible to track all messaging flowing
through the Exchange organization and to take appropriate action if
needed (legal requirements, HIPAA, Sarbanes-Oxley, and so on). On the
Hub Transport Server the following agents can be configured for
compliancy purposes:
Transport Rule agents
– using Transport Rules, all kinds of actions can be applied to
messages according to the Rule's filter or conditions. Rules can be
applied to internal messages, external messages or both.
Journaling agents – using the journaling agent, it is possible to save a copy of every message sent or received by a particular recipient.
Since a Mailbox Server does
not deliver any messages, every Mailbox Server in an Active Directory
site requires a Hub Transport Server in that site. The Hub Transport
Server also needs a fast connection to a Global Catalog server for
querying Active Directory. This Global Catalog server should be in the
same Active Directory site as the Hub Transport Server.
When a message has an
external destination, i.e. a recipient on the Internet, the message is
sent from the Hub Transport Server to the "outside world." This may be
via an Exchange Server 2010 Edge Transport Server in the DMZ, but the
Hub Transport Server can also deliver messages directly to the Internet.
Optionally, the Hub Transport
Server can be configured to deal with anti-spam and anti-virus
functions. The anti-spam services are not enabled on a Hub Transport
Server by default, since this service is intended to be run on an Edge
Transport Service in the DMZ. Microsoft has supplied a script on every
Hub Transport Server that can be used to enable their anti-spam services
if necessary.
Anti-virus services can
be achieved by installing the Microsoft Forefront for Exchange software.
The anti-virus software on the Hub Transport Server will scan inbound
and outbound SMTP traffic, whereas anti-virus software on the Mailbox
Server will scan the contents of a Mailbox Database, providing a double
layer of security.
