I am upgrading exchange 2007 to 2013. Although the docs say you don't need an Edge transport server any more, (as was recommended in 2007), the role still exists. What advantages are there to using a separate Edge Transport server in Exchange 2013?
In Exchange 2007, using an Edge Transport was recommended for connections to the internet, in order to place exposed functions on a machine in the DMZ instead of one inside the firewall. What does Exchange 2013 do differently to mitigate this?
I don't know what docs you're reading, but all the ones I've read (preparing for a migration from a third-party e-mail system to a new Exchange 2013 deployment) do recommend an Edge server. Prior to SP1, however, Exchange 2013 did not have its own Edge servers, and thus the recommendation was to either use 2010's Edge servers, or a third-party.
Now that SP1 is out, however, the recommendation is:
You don't strictly need an Edge server, as the other roles will accept mail directly itself, but it's a good idea to have (at least) one. Edge servers reduce the potential surface area exposed to attacks, and because they lack AD access (they get a subset of AD information pushed to them via EdgeSync, only enough to do what they need to do) and are deployed sequestered into your DMZ, any breach of an Edge server is limited in terms of what else can be exposed or compromised.
Exchange 2013 -- or 2007, really -- will run just fine without an Edge server. That doesn't mean it's a good idea, however.
