Configure External Access Policy
by Tom Pacyk, Andrew Abbate, Alex Lewis
Microsoft® Lync Server 2010 Unleashed
- Title Page
- Copyright Page
- Dedication
- Contents at a Glance
- Table of Contents
- About the Authors
- Acknowledgments
- We Want to Hear from You!
- Reader Services
- Introduction
- Part I. Overview
- Chapter 1. What Is Microsoft Lync Server?
- Chapter 2. What Is New in Microsoft Lync Server?
- Introducing New Management Tools
- Topology Changes
- New Enterprise Voice Features
- New Call Management Features
- Integrated Mediation Server
- New Presence Features
- New Conferencing Features
- DNS Load Balancing
- Survivable Branch Appliances
- Operating System Support
- New Lync Client Features
- Client Appearance
- The “Me” Area
- Enhanced Contacts
- Privacy Relationships
- Integration with Office and Windows 7
- Whiteboarding and Application Sharing
- Improved Meeting Join Experience
- Conferencing Attendant and Scheduling
- PSTN Dial-In Conferencing Improvements
- Video Improvements
- Manager/Admin Improvements
- Improved Phone Experience
- Summary
- Chapter 3. Feature Overview of Microsoft Lync Server
- Chapter 4. Benefits of Microsoft Lync Server 2010
- Part II. Microsoft Lync Server 2010 Server Roles
- Chapter 5. Microsoft Lync Server 2010 Front End
- Chapter 6. Microsoft Lync Server 2010 Edge
- Chapter 7. Microsoft Lync Server 2010 Monitoring
- Overview
- Installation
- Configuration
- Administration
- Troubleshooting
- Best Practices
- Summary
- Chapter 9. Director
- Part III. External Dependencies
- Chapter 10. Dependent Services
- Chapter 11. SQL
- Chapter 12. Firewall and Security Requirements
- Part IV. Administration and Management
- Chapter 13. Monitoring Microsoft Lync Server 2010
- Overview
- OpsMgr Lync Server 2010 Monitoring
- What Is New in OpsMgr R2?
- How OpsMgr Works
- OpsMgr Architecture
- How to Use OpsMgr
- OpsMgr Component Requirements
- Advanced OpsMgr Concepts
- Understanding OpsMgr Deployment Scenarios
- Multiple Configuration Groups
- Deploying Geographic-Based Configuration Groups
- Deploying Political or Security-Based Configuration Groups
- Sizing the OpsMgr Database
- Defining Capacity Limits
- Defining System Redundancy
- Monitoring Nondomain Member Considerations
- Securing OpsMgr
- Installing Operations Manager 2007 R2
- Installing Edge Component Monitoring Certificates
- Installing the Lync Server 2010 Management Pack
- Best Practices
- Summary
- Chapter 14. Backup and Restore of Microsoft Lync Server 2010
- Chapter 15. Administration of Microsoft Lync Server 2010
- Chapter 13. Monitoring Microsoft Lync Server 2010
- Part V. Migrating from Older Versions
- Part VI. Voice
- Chapter 17. PBX Integration
- Chapter 18. Enterprise Voice
- Chapter 19. Audio Conferencing
- Part VII. Integration with Other Applications
- Chapter 20. Exchange 2010 and SharePoint 2010 Integration
- Overview
- Exchange 2010 Unified Messaging
- Call Answering Rules
- Exchange 2010 Unified Messaging Architecture
- Unified Messaging Users
- UM Web Services
- Supported IP/VoIP Hardware
- Unified Messaging Protocols
- Unified Messaging Installation
- Postinstall Configuration
- Data Storage in Unified Messaging
- Exchange 2010 Outlook Web Application
- SharePoint 2010 Integration
- Best Practices
- Chapter 21. UCMA
- Chapter 20. Exchange 2010 and SharePoint 2010 Integration
- Part VIII. Clients
- Chapter 22. Microsoft Communicator Client for Macintosh
- Chapter 23. Windows, Browser, and Silverlight Clients
- Chapter 24. UC Endpoints
- Part IX. Planning for Deployment
- Chapter 25. Virtualization
- Chapter 26. Planning for Internal Non-Voice Deployment
- Chapter 27. Planning for Deploying External Services
- Chapter 28. Planning for Voice Deployment
- Index
Configure External Access Policy
,The next tab is External User Access. The first section, External Access Policy, defines the access edge policy for communication with external users. The access edge configuration section controls settings for federation and remote user access. Next is the Federated Domains section. Administrators can explicitly allow or deny federated partners. If open federation is not enabled, all partners need to be defined in the allow list. The last section is for public IM providers. An administrator can enable each of the public IM providers separately. Note that a special client access license is required for some public IM federation.
The Monitoring and Archiving tab contains policy-based settings for CDR (Call Detail Recording) and QoE (Quality of Experience) information. It also contains global and policy-based archiving settings. These are explained in great detail in Chapters 7, “Microsoft Lync Server 2010 Monitoring,” and 8, “Microsoft Lync Server 2010 Archiving.”
The second-to-last tab in the Lync Server Control Panel is Security. The registrar section has options for Kerberos, NTLM, or certificate authentication. By default, all three are enabled. The web service section covers web service authentication methods. The options are PIN authentication, certificate authentication, and enabling certificate chain download. All are enabled by default.
The final tab is Network Configuration. This section includes various policy settings for voice configuration as related to the network. Specifically, this is the area where an administrator can configure Call Admission Control (CAC) and Media Bypass policies. Additionally, administrators can configure E911 and location-specific settings for users in the location policy.
Lync Server supports DNS load balancing for multiple server pools. This is a huge benefit because hardware load-balancing configuration for SIP traffic can be difficult and requires significant troubleshooting. Many load-balancer administrators don’t understand the concept beyond balancing web traffic. Although DNS load balancing is used for SIP traffic in Lync Server, a hardware load balancer is still required for web services traffic, such as the address book service. DNS load balancing isn’t exactly round robin DNS. A proper configuration using the Company ABC environment and assuming mcsfe1 and mcsfe2 are both Enterprise Edition servers in the same pool would be configured in DNS as shown in Table 5.1.
Table 5.1 Configuration of DNS Load Balancing
When the client does an SRV record lookup as part of the automatic configuration process, the cspool.companyabc.com record is returned. From that, the DNS server returns the list of IPs assigned to cspool.companyabc.com (192.168.1.172 & 192.168.1.173). The client is programmed to choose an IP at random and register to that front end server. If the connection fails, the client tries the next random IP address in the list until it successfully registers or exhausts all the IP addresses returned by the DNS server.
-
No Comment