Monday, May 21, 2007

Understanding Edge Servers synchronization process in Large Environment




I have no doubt EDGE server will shake the market soon enough. Third party appliance is going to have hard time to keep up with EDGE server in corporate environment as well as other platform. Corporate networks are going to save big $$$$ by implementing and taking advantage from EDGE server, introduced in Exchange 2007, role based granular implementation

Let's take a quick look the pin points for EDGE server.

Edge transport server

  • Implemented in DMZ
  • Stand Alone server ( Can be a Member server DMZ type of domain)
  • Used ADAM ( Active Directory Application Mode) as its database
  • ADAM database, consist mail enabled objects information and routing information
  • EDGE transport server subscribes to the Exchange Organization, by using EdgeSync service
  • EdgeSync replicated data (enabled objects information and routing information) from AD, service to the ADAM directory on EDGE server
  • ADAM is local Database.
  • EdgeSync synchronization process, also involves in configure Send connectors and configuration objects that are common to both the Exchange organization and the Edge Transport server on a Hub Transport server and then have that data automatically populated to ADAM
  • EDGE Server ONLY Talks to the HUB server.
  • EdgeSync service is the data synchronization service that periodically replicates configuration data from Active Directory to a subscribed Edge Transport server
  • The Microsoft Exchange EdgeSync service runs on all Hub Transport servers under the context of the Local Service account
  • Data is pushed from Active Directory to the EDGE server ( One WAY, from inside out to the DMZ)
  • Microsoft Exchange EdgeSync service uses TCP port 50636 for secure LDAP communications
  • modify
    the secure LDAP port that is used to connect to ADAM is possible ( use the ConfigureAdam.ps1 script)
  • Configuration objects and recipient data are populated to ADAM during initial replication. The initial replication process can take a long time if you have a large quantity of recipient data
  • Edge Subscription information,

    Configuration information,

    Recipient information,

    Topology information

  • All proxy addresses assigned to each recipient are replicated to ADAM as hashed data; SHA-256 generates a 256-bit message digest of the original data. Storing proxy addresses as hashed data helps secure this information in case the Edge Transport server or ADAM is compromised.
  • What is to lose is ADAM gets hacked? SMTP Proxy addresses are hashed data 256Bit, Safe sender list is hashed also as well as Per Recipient anti-spam settings
  • The recipient information that is replicated to ADAM includes only a subset of the recipient attributes.

Oz Ozugurlu

No comments: