Exchange Server 2013 Server Roles

The multi-role server architecture that was introduced with Exchange Server 2007, and then continued with Exchange 2010, has been consolidated in Exchange Server 2013.

Exchange 2013 has just two server roles that can be installed:

  • Client Access server
  • Mailbox server

Server role selection during Exchange 2013 setup

The two roles can co-exist on the same host, or be installed separately.

Exchange Server 2013 Client Access Server

As the name suggests, the Client Access server role is the server that clients (eg Outlook, Outlook Web App, ActiveSync) connect to for mailbox access. The Client Access server authenticates, and redirects or proxies those requests to the appropriate Mailbox server.

Client Access servers can be made highly available through the use of a load balancer.

There are two main components:

  • Client Access service – this handles the client connections to mailboxes
  • Front End Transport service – this performs various email traffic filtering functions, as well as email routing between the Exchange servers and the outside world

Exchange Server 2013 Mailbox Server

Mailbox servers host the databases that contain mailbox and public folder data. As with Exchange 2010 the Exchange 2013 Mailbox server role can be made highly available by configuring a Database Availability Group.

The Mailbox server also runs two Transport services:

  • Hub Transport service – similar to the Exchange 2007/2010 Hub Transport server role, this service provides email routing within the organization, and connectivity between the Front End transport service and the Mailbox Transport service
  • Mailbox Transport service – this service passes email messages between the Hub Transport service and the mailbox database

Other Server Roles from Exchange 2007/2010

With the reduction in server roles to just two in Exchange Server 2013 you may be wondering what has happened to the remaining server roles that existed in Exchange Server 2007 and 2010:

  • Hub Transport server – this functionality has been divided between the Client Access server (Front End Transport service) and Mailbox server (Hub Transport and Mailbox Transport services) and is no longer a dedicated server role
  • Unified Messaging – this functionality has been divided between the Client Access and Mailbox server and is no longer a dedicated server role
  • Edge Transport – Exchange 2013 Preview does not contain an Edge Transport server role, however it will function with an Exchange 2007 or 2010 Edge Transport. There have been hints that the Edge Transport server role will not be in future versions of Exchange server.
About Paul Cunningham

Paul is a Microsoft Exchange Server MVP and publisher of Exchange Server Pro. He also holds several Microsoft certifications including for Exchange Server 2007, 2010 and 2013. Connect with Paul on Twitter and Google+.

Comments

  1. We’re using a 3 tiered security stack: Perimeter, mid-tier and backend. If the CAS/mailbox server are in the backend and there is no plan for an Edge Transport, what is going to proxy the OWA connections from the internet to the backend. Also, is Microsoft planning ANY edge device that supports IPv6?

    • Exchange 2007/2010 Edge Transports work with Exchange 2013.

      I saw a comment from MS today that Edge won’t be in RTM, which doesn’t mean it won’t come later perhaps, but I probably wouldn’t count on it.

      I haven’t seen any yes/no info yet on whether the Exchange 2013 CAS can sit in a DMZ.

  2. As good as it gets!
    Thanks!

  3. Ashraf Tammam says:

    Hello

    If i have only 2 servers. is it possible to install CAS and Mailbox server roles on both of them and configure load balancing and DAG on these 2 servers??

    regards

    • CAS and Mailbox roles can co-exist on the same server. If that server is also a DAG member and you want to do load balancing you’ll need to use a hardware load balancer, not Windows NLB.

      • So, in theory, to run this configuration without the need or usage of a hardware load balanacer, youd need to run two Mailbox servers and place them in a DAG, with the Witness Server being the CAS server?

        Thanks,

        James

  4. Hi Paul,

    You mention that the CAS and Mailbox Roles can Co-Exist on a single server. Is this regarded as Best Practise now? When would you separate the roles and configure them on their own independent servers?

    Thanks

    Neil

    • Best practice is multi-role servers. Only install separate roles if you have a specific requirement to.

      Examples may be if there is a performance requirement (probably not as common these days) or to reduce the number of CAS in environments with a lot of MBX (eg if you’ve got a 16 member DAG you may not need 16 CAS as multi-role servers when a smaller number of dedicated CAS would do the job).

Leave a Comment

*

We are an Authorized DigiCert™ SSL Partner.