The Access Edge Server (formerly known as the Access Proxy in Live Communications Server 2005 SP1) must be deployed if you want to enable federation, public IM connectivity, or remote user access. The Access Edge Server handles the SIP traffic that is necessary to establish and validate connections. It does not transfer data or authenticate users. The Director, the internal Standard Edition Server, or the Enterprise pool authenticate users.

The Access Edge Server cannot be collocated with any other network perimeter service, such as Microsoft Internet Security and Acceleration (ISA) Server or the Microsoft Exchange 2007 Server Edge role; however, it can be collocated with the Web Conferencing Edge Server and the A/V Edge Server. In fact, the supported method of installing the Access Edge Server is along with the Web Conferencing and A/V Edge Server, all collocated on the same physical server known as the consolidated edge topology.

The Access Edge Server must be configured with two IP addresses, one that is visible to the Internet and one that is visible to the enterprise network. The recommended configuration (for performance and ease of securing the server) is to install two NICs, connecting the Internet to one and the enterprise network to the other. Access Edge Server configuration is discussed in further detail in Chapter 4.

To provide high availability in Office Communicator Server R2, consolidated Edge Servers can be deployed in the perimeter network. A hardware load balancer must be configured on both sides of the consolidated Edge Servers, as shown in Figure 3-7.

Figure 3-7. Array of Edge Servers

The Web Conferencing Edge Server proxies PSOM Web conferencing media across the firewall between the Internet and the corporate network. The Web Conferencing Edge Server must be configured with two NICs: one network card connected to the Internet, and the other network card connected to the internal network. The network security administrator must open port 443 on the external NIC to allow users to connect from the Internet and port 8057 on the internal NIC so that Web Conferencing Servers can connect to it. Connections between the Web Conferencing Edge Server and the Web Conferencing Server are always initiated by the internal Web Conferencing Server. This design reduces the number of vectors into the corporate network.

If audio and video are not priorities for your edge deployment and high availability is still a concern, it is recommended that you combine the Access Edge Server role and the Web Conferencing Edge Server role on the same physical servers in an array with at least two physical servers. This configuration provides high availability while consolidating the number of Edge Servers required.

The A/V Edge Server enables audio and video traffic to traverse the corporate perimeter network. The A/V Edge Server serves as a meeting point for bridging users connecting from the Internet to an A/V Conferencing Server associated with the user’s home server. Users connect to the A/V Edge Server, and the A/V Conferencing Server connects to the A/V Edge Server. The A/V Edge Server relays the Real-Time Protocol (RTP) traffic between the users and A/V Conferencing Server. Similar to the other Edge Server roles, the A/V Edge Server must be configured with two NICs: one network card connected directly to the Internet and given a public routable IP address, and the other network card connected to the internal network. The A/V Edge Server uses the Information and Content Exchange (ICE) protocol to enable clients to traverse firewalls that might lie between the end user’s client and the A/V Edge Server. A/V Edge Server configuration is discussed in further detail in Chapter 4.