Fast and Secure Microsoft Exchange Deployment

Email System Architecture

Email is one of the most commonly used and visible services provided by an IT department. Half the world’s population uses email. There will be over 4 billion email users creating 320 billion emails per day by 2021.

An email system consists of the following main components:

  1. Directory service to lookup user information.
  2. Client program that allows users to read and send emails and access the directory. Examples would include Outlook, Outlook on the web, and mobile devices such as Apple iPhone and Android devices.
  3. Client access interface that enables the client to retrieve email messages from a remote mail server. This could be a client/server protocol such as POP3 or IMAP4 or a web interface.
  4. Protocol that transports the mail reliably and efficiently, such as SMTP.
  5. Storage system for storing mail until a user retrieves them.

For on premise deployment of an email system, there are solutions from different vendors. The market leader is Microsoft Exchange server, providing email, scheduling, and related tools for custom collaboration and messaging service applications. As per a Gartner research when Gartner last tracked the on-premises email market back in 2012, Microsoft Exchange has more than 80% market share.

Microsoft Exchange Server Roles

Microsoft Exchange has evolved over a period of time to take advantage of increase in CPU horsepower. For instance, Microsoft Exchange Server 2010 had five roles which were consolidated into the following three roles in Microsoft Exchange Server 2013:

  1. Client Access server role: This is the server that clients (e.g. Outlook, Outlook Web App) connect to for mailbox access. The Client Access server authenticates and redirects or proxies those requests to the appropriate Mailbox server.
  2. Mailbox server role: This server hosts all the components and/or protocols that process, render and store the data. Mailbox servers can be added to a Database Availability Group, thereby forming a high available unit that can be deployed in one or more datacenters.
  3. Edge Transport server role: This server is optional and is typically deployed in your perimeter network, outside your internal Active Directory forest thereby minimizing the attack surface of your Microsoft Exchange environment. It can also it add additional layers of message protection and security against viruses and spam.

Microsoft further consolidated these into just two server roles in Microsoft Exchange 2016.

  1. Mailbox Server Role: The Mailbox server in Microsoft Exchange 2016 now includes all of the server components from the Microsoft Exchange 2013 Mailbox and Client Access server roles. In consists of:
    – The transport services that are used to route mail.
    – Mailbox databases that process, render, and store data.
    – Client Access services that accept client connections for all protocols. These frontend services are responsible for routing or proxying connections to the corresponding backend services on a Mailbox server. Clients don’t connect directly to the backend services.
    – Unified Messaging (UM) services that provide voice mail and other telephony features to mailboxes
  2. Edge Transport Server Role: This role is optional and similar to one in Microsoft Exchange 2013.

Microsoft Exchange 2016 Architecture

The overall architecture of a Microsoft Exchange 2016 deployment is shown in the diagram below.

Microsoft Exchange 2016 Architecture
Microsoft Exchange 2016 Architecture

Deployment Criteria for Microsoft Exchange

The critical importance of email within an organization requires that any Microsoft Exchange deployment meet the following requirements:

How A10 Networks Can Help

You can achieve all the key requirements listed above by deploying an application delivery controller with integrated DDoS and Web Application Firewall capabilities in front of the Microsoft Exchange servers. Thunder ADC can enhance your Microsoft Exchange server deployment by providing the following benefits:

A10 Networks’ AppCentric Templates enable the deployment of Microsoft Exchange 2016 with minimal effort.This will allow you to easily deploy the ADC with the recommended security best practices without having to manually configure the settings.

Thunder ADC Deployment with Microsoft Exchange

For more details on deploying Microsoft Exchange, see the following resources:


|

December 12, 2018

About A10 Staff