Securing Transport Servers
Applies to: Exchange Server 2010
The security of your Transport servers is crucial to maintaining a robust and secure Exchange environment. This topic provides links to security-related topics that can help you understand the security model for Edge and Hub Transport servers in Microsoft Exchange Server 2010.
TLS Protection
All SMTP communications between Transport servers are protected by Transport Layer Security (TLS) encryption. For more information about TLS encryption in Exchange 2010, see the following topics:
- Understanding TLS Certificates
- TLS Functionality and Related Terminology in Exchange 2010
- Managing TLS Certificates
Exchange 2010 allows you to disable TLS encryption in certain scenarios. For example, if you're using WAN Optimization Controller (WOC) devices, the TLS-encrypted traffic may prevent the compression of SMTP communications over your WAN link. In such scenarios, you can disable TLS encryption. However, we recommend that you only disable TLS encryption on specific links and allow all other communications to continue to be protected by TLS. To learn more, see Disabling TLS Between Active Directory Sites to Support WAN Optimization.
Domain Security
Exchange 2010 provides a feature set called Domain Security that provides administrators a way to manage secure message paths with business partners over the Internet. The following topics provide information about Domain Security:
- Understanding Domain Security
- Using PKI on the Edge Transport Server for Domain Security
- Using Domain Security: Configuring Mutual TLS
- Test PKI and Proxy Configuration
Transport Permissions
Exchange 2010 uses Role Based Access Control (RBAC) for assigning permissions to users. With RBAC, you can control what resources administrators can configure and what features users can access. To learn more about RBAC, see Understanding Permissions.
For specific information about permissions required for managing Transport servers, see Transport Permissions.