Exchange Server 2013 Server Roles

The multi-role server architecture that was introduced with Exchange Server 2007, and then continued with Exchange 2010, has been consolidated in Exchange Server 2013.

Exchange 2013 has three server roles that can be installed:

  • Client Access server
  • Mailbox server
  • Edge Transport server (from SP1 or later)
Server role selection during Exchange 2013 setup

The Mailbox and Client Access roles can co-exist on the same host, or be installed separately. It is generally recommended to install them on the same server (multi-role server installs) instead of separate server roles.

Exchange Server 2013 Client Access Server

As the name suggests, the Client Access server role is the server that clients (eg Outlook, Outlook Web App, ActiveSync) connect to for mailbox access. The Client Access server authenticates, and redirects or proxies those requests to the appropriate Mailbox server.

Client Access servers can be made highly available through the use of a load balancer.

There are two main components:

  • Client Access service – this handles the client connections to mailboxes
  • Front End Transport service – this performs various email traffic filtering functions, as well as email routing between the Exchange servers and the outside world

Exchange Server 2013 Mailbox Server

Mailbox servers host the databases that contain mailbox and public folder data. As with Exchange 2010 the Exchange 2013 Mailbox server role can be made highly available by configuring a Database Availability Group.

The Mailbox server also runs two Transport services:

  • Hub Transport service – similar to the Exchange 2007/2010 Hub Transport server role, this service provides email routing within the organization, and connectivity between the Front End transport service and the Mailbox Transport service
  • Mailbox Transport service – this service passes email messages between the Hub Transport service and the mailbox database

Exchange Server 2013 Edge Transport Server

Edge Transport servers are optional for organizations, and are designed to sit in a DMZ network to provide SMTP connectivity and mail flow in and out of the organization, whether to/from the internet or Office 365. The Edge Transport role can be used to satisfy the requirement that some organizations have to not permit any direct communications from the internet to internal networks.

Other Server Roles from Exchange 2007/2010

With the reduction in server roles to just two in Exchange Server 2013 you may be wondering what has happened to the remaining server roles that existed in Exchange Server 2007 and 2010:

  • Hub Transport server – this functionality has been divided between the Client Access server (Front End Transport service) and Mailbox server (Hub Transport and Mailbox Transport services) and is no longer a dedicated server role
  • Unified Messaging – this functionality has been divided between the Client Access and Mailbox server and is no longer a dedicated server role

Comments

  1. Doug says

    We’re using a 3 tiered security stack: Perimeter, mid-tier and backend. If the CAS/mailbox server are in the backend and there is no plan for an Edge Transport, what is going to proxy the OWA connections from the internet to the backend. Also, is Microsoft planning ANY edge device that supports IPv6?

    • says

      Exchange 2007/2010 Edge Transports work with Exchange 2013.

      I saw a comment from MS today that Edge won’t be in RTM, which doesn’t mean it won’t come later perhaps, but I probably wouldn’t count on it.

      I haven’t seen any yes/no info yet on whether the Exchange 2013 CAS can sit in a DMZ.

  2. Ashraf Tammam says

    Hello

    If i have only 2 servers. is it possible to install CAS and Mailbox server roles on both of them and configure load balancing and DAG on these 2 servers??

    regards

    • says

      CAS and Mailbox roles can co-exist on the same server. If that server is also a DAG member and you want to do load balancing you’ll need to use a hardware load balancer, not Windows NLB.

      • says

        So, in theory, to run this configuration without the need or usage of a hardware load balanacer, youd need to run two Mailbox servers and place them in a DAG, with the Witness Server being the CAS server?

        Thanks,

        James

  3. PopatN says

    Hi Paul,

    You mention that the CAS and Mailbox Roles can Co-Exist on a single server. Is this regarded as Best Practise now? When would you separate the roles and configure them on their own independent servers?

    Thanks

    Neil

    • says

      Best practice is multi-role servers. Only install separate roles if you have a specific requirement to.

      Examples may be if there is a performance requirement (probably not as common these days) or to reduce the number of CAS in environments with a lot of MBX (eg if you’ve got a 16 member DAG you may not need 16 CAS as multi-role servers when a smaller number of dedicated CAS would do the job).

  4. John says

    I have a single exchange 2010 and want upgrade it to 2013 directly. is it possible?
    Hub Transport also installed on it.
    Thanks,
    John

  5. Brett Stares says

    I am migrating towards two Exchange 2013 Servers, one in each site. I would like to install multi role in both sites to setup mail flow redundancy – however the DAG requires a CAS without the mailbox role to act as the witness. Will this require the purchase of an additional exchange license and 2012 server?

    FYI I would prefer to manually switch on the databases – can I do this without DAG?

    Cheers
    Brett

Leave a Reply

Your email address will not be published. Required fields are marked *