Hi All, I'm getting ready to put in my first Exchange 2010 servers, and I am a little curious about sharing roles on one server. My understanding is that I can put Mailbox, CAS, and Hub on to a server in any combination, but I am reading articles that make me think that putting Hub and CAS together would work better than putting Hub and Mailbox together. I mention it because I was planning on setting up the Hub and Mailbox together and having the CAS separate, similar to the way our Exchange 2003 infrastructure is setup (separate back-end and front-end servers). So is one way better than the other? Again, I plan on keeping CAS and mailbox separate from each other, but I would like to have the Hub role on one of them. Thanks in advance!

I'd put the CAS with the hub. If you ever wanted to introduce another mailbox server, such as to make a DAG, you'd already have the hub transport server in the right place.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Thanks, Ed; that does make sense. It may also make for an easier migration/coexistance if my company ever bought or merged with another firm. Are there any potential security concerns though putting the Hub (which is essentially an SMTP engine) on the same server as my CAS (which will be open via SSL outside my network)? My concern is that it may become infected and become an SMTP gateway for all sorts of nastiness. I understand that the SMTP portion will only be open on my internal network, and that the only portion that will be open will be via SSL/HTTPS, and will require authentication... So it may just be that I'm being paranoid, but I am an IT guy, afterall. ;) I take it there is little concern with that type of set up? I figure that if there was it would have cropped up in the last version of Exchange.

I agree with Ed. HT/CAS combo out front and mailbox in the back is more common. But the question that begs asking is the size and topology of your environment? This can greatly influence how Exchange should be designed. Also, if you want to secure Exchange from the internet you may consider a box out front running TMG and Edge transport (combo). Mike Crowley Check out My Blog!

Thanks Mike. I don't think that the topology of my environment will be too crazy; one Mailbox server with appx. 125 user mailboxes (and 5-10 "General Purpose"/"Group" mailboxes) and one AD Domain (with one site), so I think that the separate mailbox server and combined CAS/Hub would be okay. Right now we have one 2003 front-end and one 2003 back-end working fine. Now that's not to say that I will be working with small databases, as I work with accountants and lawyers (all digital pack-rats). The average mailbox size is 2GB (users range from 10MB to 10GB), so I want to make sure that the resources are inplace properly. (We will also be implementing Symantec's Enterprise Vault though as well along with a long overdue data-retention policy to clean these mailboxes up!) As for using TMG/Edge, I would definitely consider them, but we are using FortiGate firewalls/threat-management devices, which offer the same types of protection as the TMG & Edge servers.

You could likely get by with a single Exchange server for that user count, not that I'm suggesting you do that. I know of no security issues combining HT+CAS. Our designs are normally combined that way.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

Awesome. Thank you both for the insight! I figure that's how I'll do my network then; one server with the mailbox role and one with hub and client access. Thanks again!