Physical architecture
The physical architecture for Windows EBS Standard is structured around three discrete servers. The servers are connected through the network and configured to meet hardware requirements (as described in the Server hardware requirements section of this document). Windows EBS Premium Edition adds a fourth server to the server group to run SQL Server and user-installed business applications. The Management, Security, and Messaging Server architectures for the Standard and Premium Editions are the same.
The following sections explain the components that are included in each server.
Management Server
Most of the components that are installed on the Management Server are dedicated to using, operating, and managing the Windows EBS network and environment. Examples of these tasks include:
Creating user accounts
Installing and assigning Windows EBS client access licenses (CALs)
Printing documents
Managing certificates
Monitoring system health
Displaying critical alerts
To support these tasks, the following components are installed on the Windows EBS Management Server. The primary components in this list are described in the Product technologies section of this document.
User interface components
Windows EBS Administration Console
New User Account Wizard
Install CAL Packs Wizard
Application components
System Center Essentials monitoring and management component
System Center Essentials update management and software deployment components
Active Directory Domain Services components
Domain Name System (DNS)
DHCP Server service
File and print services
Exchange Server 2007 management tools
Forefront TMG management tools
Internet Information Services (IIS)
Windows EBS licensing service
Certificate services
Data management components
Active Directory Domain Services database
DNS data store
Certificate store
SQL Express database, which stores data for the following applications:
Forefront security
Forefront antivirus
Forefront anti-spam
Windows EBS management (Administration Console)
System Center Essentials
Windows EBS license store
User shared files and folders
Redirected Documents and My Documents folders
You can choose the hard disk drives that you want to use to install these applications and data components during installation. The Installation Wizard gives you the option to save system and application files on one hard disk drive or partition and data files on a different hard disk drive or partition, or you can choose to store everything on one hard disk drive or partition. It is recommended that you separate the system and application files from the data files to ease your backup, restore, and disaster recovery operations.
Security Server
The Windows EBS Security Server provides an application-layer firewall to help secure your network. In addition to a high-layer protocol filter provided by the firewall, the Security Server contains anti-spam and antivirus security components for e-mail and Web traffic. The Security Server enables controlled access to published Web sites, dial-up and direct Internet access to a virtual private network (VPN) server, and controlled access to Terminal Server (by using the RemoteApp application).
To support these and related tasks, the following components are installed on the Windows EBS Security Server. The primary components in this list are described in the Product technologies section of this document.
User interface components
Forefront TMG console
Exchange Server 2007 Edge Transport console
Application components
Forefront TMG
Exchange Server Edge Transport
VPN
Forefront Security for Exchange Server
Data management components
Exchange Server 2007 data store
Active Directory Lightweight Directory Services data stores for:
Exchange Server Edge Transport
Forefront TMG
SQL Express database for Forefront TMG
As with the Management Server, you can choose physical locations to install these applications and data components on the Security Server during installation.
Messaging Server
The Windows EBS Messaging Server supports internal and external messaging and acts as the secondary Active Directory domain controller. To support these roles, the server has the following primary components installed:
User interface components
- Exchange Server 2007 management tools
Application components
Exchange Server 2007 Hub Transport
Exchange Server 2007 Client Access Server
Exchange Server 2007 Mailbox
Terminal Services Gateway
Active Directory Domain Services components
DNS
DHCP Server service
IIS
Remote Web Workplace
Data management components
Active Directory Domain Services database
DNS data store
Exchange Server 2007 data store, which contains:
Exchange Server 2007 Mailbox data
Exchange Server 2007 logs
As with the Management and Security Servers, you can choose physical locations to install these applications and data components on the Messaging Server during the installation. It is recommended that you separate the system and application files from the data files.