Microsoft Office Communications Server 2007 R2 enables enterprise users inside and outside the corporate firewall to create and join real-time Web conferences that are hosted on internal corporate servers. These conferences or meetings (which are referred to as on-premise conferences) can be scheduled or spontaneous. Attendees of these conferences can communicate by using instant messaging (IM), audio, video, application sharing, slide presentations, and other forms of data collaboration. Enterprise users can invite external users that do not have Active Directory Domain Services accounts to participate. Users who are employed by federated partners and who have a secure and authenticated identity can also join conferences and, if invited to do so, can act as presenters. Conference organizers control access to the conferences they organize by defining access types.
For administrators, Office Communications Server 2007 R2 provides meeting policies, global-level settings, pool-level settings, and user-level settings to enable administrators to control almost every aspect of on-premise conferencing capabilities, such as access control, resource management, conference life cycle management, and so on. The scalable conferencing architecture that is based on pools ensures high availability of conferences. If a server supporting a conference fails, the conference automatically rolls over to another server that has the same server role. Moreover, Office Communications Server also supports features that meet common compliance requirements. Basic conference information, such as creation time, activation time, users who join, and users who leave, is logged in the Call Detail Record (CDR) database. Most data collaboration contents are also recorded in a specific compliance file share. Both CDR and the compliance functions are discussed in Chapter 16.
This unified, server-based conferencing solution provides an alternative to hosted Web conferencing for organizations that require a more secure and controlled collaboration experience.
In Office Communications Server 2007 R2, new features and functions are available that will also enhance the overall usability and user experience for the product. This chapter will highlight these new features.
This chapter introduces the conferencing scenarios and capabilities that Office Communications Server 2007 R2 supports. The chapter also describes the technical details behind these scenarios, including the conferencing architecture, conference life cycle, and call flow. Finally, the chapter concludes with a discussion of Meeting policy and policy enforcement.
On the Companion Media
You can find information related to the topics addressed in this chapter via links available to you on this book’s companion CD.
In an Office Communications Server conference, all users are authenticated. Authentication is performed either by the front end of an Office Communications Server pool, by a Director server if a Director is deployed, or by a federated server. Depending on the type of credentials used for authentication, Office Communications Server supports three types of users: authenticated enterprise users, federated users, and anonymous users.
An authenticated enterprise user is an employee of the enterprise who hosts the Office Communications Server conference and who meets the following requirements:
Has a persistent Active Directory identity
Is enabled for communications in Active Directory and in Office Communications Server management console, and is assigned a valid Session Initiation Protocol (SIP) Uniform Resource Identifier (URI)
Is assigned to either a valid Office Communications Server 2007 R2, Microsoft Office Communications Server 2007 or a Microsoft Office Live Communications Server 2005 Service Pack 1 (SP1) pool
Authenticated enterprise users who are hosted on an Office Communications Server pool can create and participate in an Office Communications Server conference. However, authenticated enterprise users that are hosted on an Office Live Communications Server 2005 SP1 pool cannot create a conference, but they can participate in an Office Communications Server 2007 R2 conference.
Authenticated enterprise users can be further classified into two categories according to the location from which they access Office Communications Server:
Internal user. Internal users connect to Office Communications Server from a location behind the corporate firewall.
Remote user. Remote users connect to Office Communications Server from a location outside the corporate firewall. They include employees working at home; those who are traveling; and other remote workers, such as trusted vendors, who have been granted enterprise Active Directory credentials for their terms of service.
Office Communications Server employs two Integrated Windows authentication methods to authenticate enterprise users. Internal users are authenticated by using either NT LAN Manager (NTLM) or Kerberos, depending on the server setting. For remote users, only NTLM is supported because Kerberos requires that the client have a direct connection to Active Directory, which is generally not the case for users connecting from outside the corporate firewall.
A federated user is not an employee of the enterprise that is hosting the Office Communications Server conference. Instead, a federated user is an employee of a federated partner who meets the following requirements:
Has a persistent identity in the federated partner’s Active Directory
Is enabled for communications in the federated partner’s Active Directory and in Office Communications Server management console, and is assigned a valid SIP URI
Is assigned to either a valid Office Communications Server 2007 R2, Office Communications Server 2007, or a Live Communications Server 2005 SP1 pool that is hosted in the federated partner domain
Federated users are authenticated by the Office Communications Server 2007 R2, Office Communications Server 2007, or Live Communications Server 2005 SP1 that is hosted in the trusted federated partner domain. Therefore, they are trusted as authenticated users by the Office Communications Server 2007 R2 server that hosts the conference. Federated users can join conferences, but they cannot create conferences in federated enterprises.
For more information about federated users, see Chapter 7.
An anonymous user is not an employee of the enterprise that is hosting the Office Communications Server conference or an employee of a federated partner. Instead, an anonymous user is any user who does not have a persistent Active Directory identity in the enterprise that is hosting the Office Communications Server or federated partner enterprise.
Anonymous users can connect from the following three locations outside the corporate firewall:
An enterprise that deploys Office Communications Server 2007 R2, Office Communications Server 2007, or Live Communications Server 2005 SP1. However, the enterprise domain is not federated with the enterprise hosting the conference.
An enterprise that deploys neither Office Communications Server 2007 R2, Office Communications Server 2007, nor Live Communications Server 2005 SP1.
The Internet.
Anonymous users are authenticated by using Digest authentication. For conferences that allow anonymous users to participate, Office Communications Server generates a conference key. Anonymous users must present the conference key when they join the conference.