Securing Transport Servers


Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

The security of your Transport servers is crucial to maintaining a robust and secure Exchange environment. This topic provides links to security-related topics that can help you understand the security model for Edge and Hub Transport servers in Microsoft Exchange Server 2010.

TLS Protection

All SMTP communications between Transport servers are protected by Transport Layer Security (TLS) encryption. For more information about TLS encryption in Exchange 2010, see the following topics:

Exchange 2010 allows you to disable TLS encryption in certain scenarios. For example, if you're using WAN Optimization Controller (WOC) devices, the TLS-encrypted traffic may prevent the compression of SMTP communications over your WAN link. In such scenarios, you can disable TLS encryption. However, we recommend that you only disable TLS encryption on specific links and allow all other communications to continue to be protected by TLS. To learn more, see Disabling TLS Between Active Directory Sites to Support WAN Optimization.

Domain Security

Exchange 2010 provides a feature set called Domain Security that provides administrators a way to manage secure message paths with business partners over the Internet. The following topics provide information about Domain Security:

Transport Permissions

Exchange 2010 uses Role Based Access Control (RBAC) for assigning permissions to users. With RBAC, you can control what resources administrators can configure and what features users can access. To learn more about RBAC, see Understanding Permissions.

For specific information about permissions required for managing Transport servers, see Transport Permissions.

 © 2010 Microsoft Corporation. All rights reserved.