Enabling Edge Server Features

To enable the Edge Servers to process remote access and federation requests, the Access Edge configuration must be updated to enable these features. Figure 6.4 shows a sample policy configuration. Use the following steps to enable Access Edge features to the Lync Server infrastructure:

1. Open the Lync Server Control Panel.

2. Select External User Access in the navigation pane.

3. Click Access Edge Configuration.

4. Highlight the Global policy, and then click Edit and then Modify.

5. Check the Enable remote user access box.

6. Check the Enable federation box.

7. If DNS SRV lookups are allowed to discover federated partners, check the Enable partner domain discovery box.

8. If an archiving disclaimer should be sent to federated contacts when initiating an IM conversation, check the Send archiving disclaimer to federated partners box.

9. If the web conferencing service enables anonymous external participants, check the Enable anonymous access to conferences box.

10. Click Commit to accept the changes.

Figure 6.4 Access Edge Configuration

Alternatively, the Lync Server Management Shell also can be used to configure the following setting:

Set-CSAccessEdgeConfiguration –AllowOutsideusers $true –AllowFederatedUsers $true
–EnablePartnerDiscovery $true –EnableArchivingDisclaimer $true AllowAnonymousUsers
$true

There are some additional options available for Access Edge Server configuration that are not exposed in the Lync Server Control Panel. The following parameters can also be used as part of the Set-CSAccessEdgeConfiguration cmdlet to configure external access:

• BeClearingHouse—True or false value indicating whether the Access Edge Servers are directly connected to other organizations. A clearinghouse Access Edge Server can be used to support direct federation between multiple organizations. It can also be considered a federation gateway for multiple internal Lync Server deployments. Typically, this value is false.

• DefaultRouteFQDN—Used to override a default federation route. If it is required to proxy client connections through a specific server for federation, this parameter can be entered. This parameter must be used in conjunction with the UseDefaultRouting parameter.

• UseDefaultRouting—True or false value indicating whether the Access Edge Servers will use a manually entered default route FQDN. This value is false by default, which enables Access Edge Servers to use DNS SRV records for routing federation requests.

• KeepCRLsUpToDateForPeers—True or false value indicating whether the Access Edge Servers will periodically check whether a partner’s certificate is still valid based on the CRL. This parameter is true by default.

• MarkSourceVerifiableOnOutgoingMessages—True or false value indicating whether the Access Edge Servers mark outgoing messages from a verified source. This enables partners to assign a higher level of trust to messages they receive from an organization marking messages as verifiable. This parameter is true by default.

• OutgoingTLSCountForFederatedPartners—Numeric value from 1 to 4 indicating the maximum number of connections that can be used for a federated partner. The default value is 4, but if connections should be more limited, this value can be reduced.