Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Exchange 2008 w/o Edge or Hub transport servers

We are moving to Exchange 07 for somewhere between 5-10K users. I've already talked management into using IronPort instead of MS Edge Transport servers. Would anyone who is currently doing this like to comment on how it is working?

More importantly, it seems to me that IronPort can also do the job of the Hub Transport servers. However, I've been told that Exchange 07 cannot run without them. We are currently using LDAP accept and LDAP routing on IronPort (with AD). Can't that take the place of the Hub servers for Exchange?

4 REPLIES
New Member

Re: Exchange 2008 w/o Edge or Hub transport servers

We are moving to Exchange 07 for somewhere between 5-10K users. I've already talked management into using IronPort instead of MS Edge Transport servers. Would anyone who is currently doing this like to comment on how it is working?

More importantly, it seems to me that IronPort can also do the job of the Hub Transport servers. However, I've been told that Exchange 07 cannot run without them. We are currently using LDAP accept and LDAP routing on IronPort (with AD). Can't that take the place of the Hub servers for Exchange?


I have been looking long time similar solution. If You have more information, please let me know. IronPort and Microsoft support didn't know is this possible.

We are using Exchange 2007 as internal mail server and Exchange
2007 uses for outgoing (public internet) traffic IronPort cluster as mail (anti spam/anti
virus) gateway, so for example if some our user@onecompany.ee sends email to
user@othercompany.ee, the message goes true external mail gateway.

But when AD/MS domain and Outlook users sending messages between themselves, like
user1@company.ee > user2@company.ee, the messages does not goes true external
mail gateway right now.

This seems to be Hub Transport Server default behavior.

But as in IronPort we are using a a lot different content filters to remove headers, add
headers, drop specific attachment, look into archives encrypt and decrypt, notify,
quarantine, message tracking etc, so I'd like to route every single message true IronPort
but can't find any way to do it.

As far I know Hub Transport Servers can run specific software, like Forefront etc which
intercept the local traffic.

So So basically IronPort should act as external security appliance for Hub Transport Servers.

New Member

Re: Exchange 2008 w/o Edge or Hub transport servers

We have an Exchange 2007 environment with 16k mailboxes. We also did not deply the Edge server(s) because of our existing IronPort infrastructure. So far this has worked very well. We do have two hub servers to move the mail. Exchange 2007 requires hub servers to move mail. If a person on Exchange 2007 sends e-mail to another person on your Exchange 2007 environment, (even on the same mailbox server) it has to use a Hub server to move the mail. Basically we use IronPort as our perimeter gateway but also use it has our internal hub for all of the other 3,000+ SMTP servers (workstations, printers, etc.) we have.

Now, with that said we are watching what Microsoft does with their Edge solution to see if it can compete with IronPort. I don't think they are anywhere close to IronPort today...

New Member

Re: Exchange 2008 w/o Edge or Hub transport servers

We used Exchange 2007 and ~15000 mailboxes on 4 backend servers in 1 cluster. We provide 3 additional servers that have the hub transport and client access roles on both. No edge servers - we use Ironport as it is a more effective anti-spam engine and also gives us better central tracking and spam quarantine on M series (rather than using exchange message store to hold spam). I wouldn't do away with Exchange hub transport as they handle all the inter-exchange message routing - keep it simple - let Exchaneg handle all of its own routing.

We use LDAP accept query on the ironport to restrict delivery to valid addresses anyway to further reduce exchange traffic.

New Member

Re: Exchange 2008 w/o Edge or Hub transport servers

The decision of MS to route every message (also the messages between exchange servers and even between mailboxes on the same server is a major step forward. this makes it possible to define a few points where all messages pass.
Until now it's not possible to "escape" to other, third party, servers on a SMTP basis.
I think that with the evolution of the hub transport product the "out of the box" rules become more useful and that, maybe, it becomes possible to reroute every message via an external (SMTP) device.
Since Microsoft provides API's for 3rd party software vendors it might be a good opportunity for Ironport to write a piece of software that makes rerouting to one of their devices possible.
(We would probably be one of the first to start using this!)

Steven.

334
Views
0
Helpful
4
Replies
CreatePlease to create content