Silly people those softies ;) It makes perfect sense. What he's saying is to create a server that does nothing but handle the SMTP traffic to/from the internet gateways. Your FE server in the DMZ is for OWA and I assume that's all it does. To prevent the traffic from having to go to the DMZ for restriction processing, the softie wants you to create a separate FE server dedicated to that process. Basically, you want to have a server that handles SMTP traffic and restrictions, so you basically want something with processor and disk spindles. Not a lot, but some more than a standard web server, right. I'd approach it like this: dual proc machine with some memory (1-2GB would likely be more than enough), enough spindles to off-load the log files and the SMTP Queue (since that's what it does, right?). In HPQ terms, that would likely be a DL380 machine with 6 spindles in RAID 1 x 3 configuration (three mirror sets). Not too large of drives, but 36GB would be likely. All of this depends on the expected message traffic, but it's primary job is to check restrictions and route mail. That infers you'd want to be able to withstand some backed up SMTP queues, hence the space/spindles. SMTP also does better if you remove the disk bottleneck. SMTP is write heavy, previously estimated for planning at 7:1 w/r signature. To install a server as a FE server, install it into the ORG. Configure the disk layout. Designate it as a FE server. Configure your connector to use that server as the brideghead. In case of failure, re-configure the connector to your BE master server. What confuses me, is what the purpose of the BE master server is? If it's not doing anything, why not use it? If it services mailboxes, then never mind. As a side note, it's likely that you would want to off-load RUS and DG expansion to this machine as well, if you can get away with it. Just a thought though. Does that make sense? Al -----Original Message----- From: Amy Kohler [mailto:akohler@xxxxxxxxxxxxx] Sent: Wednesday, January 12, 2005 4:59 PM To: [ExchangeList] Subject: [exchangelist] RE: Bridgehead Exchange Server Build http://www.MSExchange.org/ Currently we have an FE OWA server in the DMZ. We have a dedicated SMTP Gateway for inbound and a dedicated SMTP (Symantec) Gatway for outbound. We have a master be and a cluster be. A microsoft health guy came in last month and said that since we have restrictions to not let certain users be able to send internet mail (configured on the connector) we should implement a dedicated bridgehead server to take off the process toll of the... Here is what he wrote: The first is the lack of a dedicated bridgehead server. In a small environment this is not a problem in and of itself, as all servers can still email all others and the Internet with no problems. However, as message volumes increase, the lack of a dedicated routing server will be felt as mailbox servers suffer under an increased routing load. The use of restrictions on connectors is particularly problematic in an environment without dedicated routing servers. Restriction checking is extremely processor intensive, as the criteria must be re-evaluated for each message. Having mailbox servers spend precious cycles upon evaluating message criteria is inherently inefficient. By deploying a dedicated bridgehead server, this restriction checking can be offloaded to a server whose primary function is to perform such work. EXCHSTL1 is the current bridgehead for the outbound SMTP connector to the Internet. Therefore, we want to set up a dedicated exchange bridgehead server inside the DMZ that the mail can flow through and can process the restrictions on the connector and take processor work off of the master server. Does this help? -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: Wednesday, January 12, 2005 3:50 PM To: [ExchangeList] Cc: Amy Kohler Subject: [exchangelist] RE: Bridgehead Exchange Server Build http://www.MSExchange.org/ If you have a FE in the DMZ, a smarthost isn't what you want to be using. A FE server is part of the Exchange ORG by default. Unless it's part of a separate forest, it knows how to route with any connectors defined to use the bridgehead. Is that how you have it configured? -----Original Message----- From: Amy Kohler [mailto:akohler@xxxxxxxxxxxxx] Sent: Wednesday, January 12, 2005 3:42 PM To: [ExchangeList] Subject: [exchangelist] RE: Bridgehead Exchange Server Build http://www.MSExchange.org/ What if I already have an FE in the dmz. Have you ever heard that one would need to remove the smart host from the BE's also? -----Original Message----- From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: Wednesday, January 12, 2005 2:24 PM To: [ExchangeList] Subject: [exchangelist] RE: Bridgehead Exchange Server Build http://www.MSExchange.org/ Usually you'd designate it as a Front-End server as well. That just says that it's not going to handle any user mailstores. There are some docs on http://www.microsoft.com/exchange/library that talk about FE-BE scenarios if you need them. al -----Original Message----- From: Amy Kohler [mailto:akohler@xxxxxxxxxxxxx] Sent: Wednesday, January 12, 2005 3:23 PM To: [ExchangeList] Subject: [exchangelist] Bridgehead Exchange Server Build http://www.MSExchange.org/ Good Afternoon! It has been suggested to me to build a Dedicated BridgeHead server for my exchange environment to off load the backend servers since I am using restrictions on connectors. Does anyone know of a "rules to follow or steps to follow for building a Dedicated Bridgehead server? All is 2000 Do I Just install exchange, patch it, IIS Lockdown it. It will be behind firewalls. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: akohler@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: akohler@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: al.mulnick@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx