Exchange 2010 Server Roles (part 2) - Hub Transport Server, Client Access Server

2.2. Hub Transport Server

If a message is delivered in an Exchange 2010 organization, at least one Hub Transport server touched the message. This is true even if the message is sent from a mailbox to another mailbox on the same database; the message is routed through a Hub Transport server.

There is a very important reason for that: a Hub Transport server must "touch" all email messages; the Exchange 2010 transport rules and journaling features need to be able to process every message that is sent by a user so that the rules can be applied consistently. However, if a message must pass through more than one Hub Transport server, the transport rules only "fire" one time on the message; the transport rules fire only on the first Hub Transport server that the message passes through.

Figure 4 shows the placement of the Hub Transport role within an Exchange organization. There must be at least one Hub Transport server role in each Active Directory site that contains a Mailbox server.

Figure 4. Hub Transport server role placement

Looking at things from a high-level overview, the Hub Transport server provides the message transport function for all email. However, there is quite a bit more to the Hub Transport server's functions, which include:

• Picking up and delivering email for Mailbox servers in the local Active Directory site

• Routing email to Hub Transport servers in other Active Directory sites

• Sending mail to or receiving mail from an Edge Transport server

• Sending mail to or receiving mail from a third-party SMTP server, an external SMTP server, or an external (hosted) message hygiene system

• Sending to or receiving mail directly from the Internet (depending on your configuration)

• Receiving email from POP3 or IMAP4 clients and routing those messages on to Mailbox servers or outside the organization

• Receiving email from network-enabled scanners or photocopiers and routing those messages on to Mailbox servers or outside the organization

• Expanding distribution list membership

• Executing transport rules

• Performing mailbox-level journaling functions

• Processing antispam or antivirus scanning functions depending on your organization's configuration

• Receiving voicemail messages from Unified Messaging servers in the local Active Directory site that should be delivered to the destination mailbox

If you examine the service console on an Exchange 2010 server that has the Hub Transport server running, you will see a number of services related to Exchange Server. The service display name, short name, and the executable name as well as the service function are shown in Table 2.

2.3. Client Access Server

The Exchange Server 2010 Client Access server provides most of the interface for accessing email data. The Exchange 2010 iteration of the Client Access server is the latest development as Microsoft abstracts the messaging database from end-user applications.

As you can see in Figure 5, the Client Access server, rather than the Mailbox server, now sits at the center of the client's universe.

Figure 5. Placement of the Client Access server

The Client Access server coordinates all communication between clients except for Outlook MAPI client connectivity with Mailbox servers that host public folder databases. Some of the functions of the Client Access server include the following:

• Supporting connections from Outlook MAPI clients

• Supporting connections from Outlook Anywhere (RPC over HTTP)

• Supporting connections from mobile devices using Microsoft ActiveSync technology

• Supporting connections from POP3 and IMAP4 clients

• Supporting connections from other Exchange Web Services (EWS) applications

• Proxying connections from various email clients to the relevant Exchange Mailbox server

• Acting as an endpoint for Outlook and Windows Mobile clients by proxying connections for directory lookups to a global catalog server in the local Active Directory site.

• Proxying connections from external Outlook Anywhere, Outlook Web App, or Windows Mobile clients to Client Access servers (CASs) in other Active Directory sites. The actual mechanics of the connection depends on the client that is being used and the location of the mailbox:

  • If an OWA user's mailbox is on an E2K3 server, then the E2K10 CAS silently redirects the user to the E2K3 front-end or E2K7 CAS using single sign-on.

  • If an OWA user's mailbox is on an E2K2 server and is located in same site as the E2K10 CAS, then the CAS silently redirects the user to the E2K7 CAS using single sign-on.

  • If an OWA user's mailbox is on an E2K7 server and is located in a different Active Directory site and there are no externally facing E2K7 CASs present in that Active Directory site, then the E2K10 CAS proxies the session to the E2K7 CAS in the target Active Directory site.

  • If an OWA user's mailbox is on an E2K7 server and is located in a different Active Directory site and there are externally facing E2K7 CASs present in that Active Directory site, then the E2K10 CAS performs a manual redirect, requiring the user to utilize the target Active Directory site's external URL link.

  • If an ActiveSync user's mailbox is on an E2K3 server, then the E2K10 CAS directly connects over TCP 80 to the E2K10 Mailbox server.

  • If an ActiveSync user's mailbox is on an E2K7 server and the ActiveSync version of the device is 12.1 or higher, and the target E2K7 CAS is externally facing, then the E2K10 CAS issues a 451 redirect with the external URL of the E2K7 CAS.

  • If an ActiveSync user's mailbox is on an E2K7 server, and the ActiveSync version of the device is less than 12.1, then the E2K10 CAS server proxies the session to the E2K7 CAS.

  • If an Outlook Anywhere user's mailbox is an E2K3 or E2K7 server, then the E2K10 CAS directly connects to the E2K3 or E2K7 Mailbox server.

When the hardware is properly sized, a Client Access server can accept thousands and thousands of simultaneous connections from different types of clients and connect on behalf of those clients to the Mailbox server. The Client Access server does not require one active connection for each active client between the CAS and the Mailbox server. The CAS and each Mailbox server share a pool of 100 RPC connections even if there are far more CAS clients using a particular Client Access server. This allows the Mailbox server to host more simultaneous clients by simply scaling upward on the number of CASs in the Active Directory site.

Each Active Directory site that contains an Exchange 2010 Mailbox server must have at least one Client Access server. Microsoft recommends a ratio of three Client Access processor cores for each four Mailbox server processor cores and that the Client Access server have 2 GB of RAM for processor core. This is, of course, a generic recommendation and your actual mileage may vary depending on the number of simultaneous clients and the types of users (light, medium, heavy). You should keep up with Microsoft's current recommendations for sizing as they may change over time.

When you look in the service console on an Exchange 2010 Client Access server, you will see a number of services that may or may not be familiar to you. The Client Access server is dependent on many of the Internet Information Server web services so they are also required. The services found on an Exchange 2010 Client Access server are listed in Table 3.