Single Edge Server Topology
by Nirav Kamdar, Rajesh Ramanathan, Rick Kingslan, Rui Maximo
Microsoft® Office Communications Server 2007 R2 Resource Kit
- Microsoft® Office Communications Server 2007 R2 Resource Kit
- SPECIAL OFFER: Upgrade this ebook with O’Reilly
- A Note Regarding Supplemental Files
- Foreword
- Acknowledgments
- Introduction
- I. Overview and Architecture
- 1. Overview of Office Communications Server 2007 R2
- 2. New Features Overview
- New Features
- Call Delegation
- Team Ring
- Group Chat
- Desktop Sharing
- Desktop Sharing Requirements
- Desktop Sharing Features
- Audio Conferencing
- Server Applications
- Sample Scenarios
- Outside Voice Control
- SIP Trunking
- Enhanced Media
- Simplified Firewall Configuration for the A/V Edge Server
- Presence Enhancements
- Archiving, CDR, and QoE Enhancements
- Simplified Management
- Technical Overview
- Summary
- Additional Resources
- New Features
- 3. Server Roles
- 4. Infrastructure and Security Considerations
- Infrastructure and Security Considerations
- Understanding How Office Communications Server Takes Advantage of Active Directory
- Using DNS to Publish Office Communications Server
- Securing Office Communications Server with PKI
- Scaling with SQL Server
- Building Redundancy with Hardware Load Balancing
- Bridging VoIP to the PSTN Network by Using a Media Gateway
- Firewall Scenarios and Configuration
- Summary
- Additional Resources
- II. Key Usage Scenarios
- 5. Basic IM and Presence Scenarios
- Understanding the Login Process
- Why Talk About the Login Process?
- A Login Scenario
- The Technical Details Behind the Login Process
- How Presence Information Is Shared
- What Is Presence?
- A Presence Sharing Scenario
- Technical Details Behind the Presence Sharing Scenario
- Step 1: What Happens During Looking Up a Contact
- Step 2: What Happens When Adding a Contact
- Step 3: What Happens When Subscribing for Presence and Receiving an Offline Notification
- Step 4: What Happens When the Contact Logs In and Updated Presence Is Received
- Step 5: What Happens When Controlling the Access Level of a Contact
- Instant Messaging
- Summary
- Additional Resources
- Understanding the Login Process
- 6. Conferencing Scenarios
- Understanding Conferencing User Types
- Understanding Conferencing User Roles
- Understanding Conference Security and Access Types
- Understanding Conferencing Media Types
- Multiparty Instant Messaging
- Data Collaboration
- Audio and Video Conferencing
- Audio Conferencing Provider Support
- Understanding Communicator Web Access Server R2
- Support for Distribution Groups
- Audio Conferencing
- Desktop Sharing
- Hosting for Dial-in Audio Conferencing Web Page
- Configuring Communicator Web Access Server R2
- Examining the Technical Details Behind Conferencing Scenarios
- Understanding the Conferencing Architecture
- Understanding the Conference Life Cycle
- Examining the Technical Details Behind Web Conferencing
- Meeting Policy and Policy Enforcement
- Summary
- Additional Resources
- 7. Remote Access and Federation Scenarios
- Understanding Basic Remote Access Topologies
- Single Edge Server Topology
- Scaled Single-Site Edge Server Topology
- Multisite Edge Server Topology
- Understanding Basic Remote Access Scenarios
- Understanding Office Communicator Web Access 2007 R2
- Understanding Federation
- Understanding the Requirements for and Use of Certificates in Federation
- Understanding On-Premises Conferencing Rules for Federated and Nonfederated Users
- Configuring and Administering Federation
- Examining the Technical Details Behind the Federation Scenario
- Summary
- Additional Resources
- 8. Public IM Connectivity Scenarios
- What Is Public IM Connectivity?
- Public IM Connectivity Scenarios
- Configuring Public IM Connectivity
- Enabling Federation with Public IM Service Providers
- Step 1: Provision of Federation with the Public IM Service Providers
- Step 2: Configure DNS for the Access Edge Server
- Step 3: obtain a Public Certificate
- Step 4: Configure the Access Edge Server for Federation
- Step 5: Enable Connections to Public IM Service Providers
- Step 6: Authorize Users for Public IM Connectivity
- Provisioning Federation with the Public IM Service Providers
- Enabling Connections to Public IM Service Providers
- Considerations Involving Public IM Providers
- Existing Accounts on Provider Networks
- Capacity Planning Considerations
- Security Considerations
- Considerations Involving Media Sharing
- Authorizing Users for Public IM Connectivity
- Technical Details Behind the Public IM Connectivity Scenarios
- Scenario one: Adding a Contact in office Communicator 2007
- Step 1: Specify Recipient’s Account
- Step 2: Recipient’s Presence Displayed as Unknown
- Step 3: Recipient’s Account Added as a Contact
- Step 4: Recipient’s Presence Displayed as offline
- Step 5: Recipient Receives Notification
- Step 6: Recipient Adds a User to the Buddy List
- Step 7: Recipient’s Presence Displayed as Online
- Scenario Two: Sending a Single Message
- Scenario one: Adding a Contact in office Communicator 2007
- Summary
- Additional Resources
- 9. Remote Call Control Scenarios
- 10. Dual Forking Scenarios
- 11. VoIP Scenarios
- 12. Voice Mail Scenarios
- 13. Enterprise Voice Application Scenarios
- What Is Enterprise Voice?
- Overview of Enterprise Voice Scenarios
- Examining the Technical Details Behind Enterprise Voice Scenarios
- Configuring Enterprise Voice Applications
- Configuring the Response Group Service
- Terminology
- Overview of the Management Model
- Installing the Response Group Service
- Deploying a Response Group
- Step 1: Create the Contact Objects to be Used for your Response Groups
- Step 2: Define the Set of Agents, Groups, and Queues that Handle Calls Received by the Response Groups
- Step 3: Select and Configure the Response Group Template for Definition of the Caller Experience
- Step 4: Deploy the Office Communicator Tab for Formal Agents
- Step 1: Contact Object Creation
- Step 2: Agents, Groups, and Queue Configuration
- Step 3: Template Selection and Configuration
- Step 4: Deploying the Agent Tab for Formal Agents
- Configuring Conferencing Attendant
- Configuring the Response Group Service
- Summary
- Additional Resources
- 5. Basic IM and Presence Scenarios
- III. Planning and Deployment
- 14. Planning Example
- Defining a Statement of Work
- Gathering and Defining Business Requirements
- Mapping Business Requirements to Office Communications Server 2007 R2 Features
- Determining Interoperational Requirements
- Performing a Gap Analysis
- Architectural Design of the Solution
- Output to the Deployment Team for Development of the Deployment Plan
- Summary
- Additional Resources
- 15. Deployment Example
- 14. Planning Example
- IV. Operations and Administration
- 16. Monitoring
- 17. Backup and Restore
- Planning for Backup and Restore
- Restoring Service
- Verifying Restoration Prerequisites
- Installing Restoration Tools
- Restoring Data
- Restoring Settings
- Re-creating Enterprise Pools
- Reassigning Users
- Restoring Domain Information
- Restoring Sites
- Step 1: Determine the Recovery Support to Be Provided by the Secondary Site
- Step 2: Create a Deployment Plan and Restoration Strategy for the Secondary Site
- Step 3: Set Up the Secondary Site
- Step 4: Prepare the Primary Site to Support Recovery at the Secondary Site
- Step 5: Maintain the Secondary Site
- Step 6: Validate Site Recovery Capabilities by Simulating an Outage
- Step 7: Bring the Secondary Site Online
- Step 8: Restore the Primary Site and Bring It Back Online
- Summary
- Additional Resources
- 18. Administration
- Configuring Global Settings
- Configuring Enterprise Voice Settings
- Configuring Policy-Specific Settings
- Configuring Service Connection Point Settings
- Configuring Trusted Server Settings
- Configuring User-Specific Settings
- Configuring Conference Directory Settings
- Configuring Application Contact Object Settings
- Configuring Conference Auto Attendant Settings
- Configuring Pool Settings
- Configuring Server Settings
- Configuring Settings for All Servers
- Configuring Settings for Standard Edition and Enterprise Edition Servers
- Configuring Application Server Settings
- Configuring Archiving Settings
- Configuring Monitoring Server Settings
- Configuring Conferencing Server Settings
- Configuring Communicator Web Access Server Settings
- Configuring Mediation Server Settings
- Configuring Edge Server Settings
- Configuring Federation Settings
- Migrating to Office Communications Server 2007 R2
- Summary
- Additional Resources
- Configuring Global Settings
- 19. Client and Device Administration
- Office Communicator 2007 R2
- Office Live Meeting 2007 R2
- Multiple Client Installation Script
- Group Policy for Unified Communications Clients
- Response Group Service Clients
- Communicator Phone Edition
- RoundTable Management
- Summary
- Additional Resources
- V. Technical Troubleshooting and Diagnostics
- 20. Diagnostic Tools and Resources
- Identifying Diagnostic Tools by Scenario
- Using Server Setup Logs
- Using Event Logs
- Using the Validation Wizard
- Using Client and Server Trace Logs
- Using Snooper
- Using Best Practices Analyzer
- Summary
- Additional Resources
- 21. Troubleshooting Problems
- 22. Routing and Authentication
- 20. Diagnostic Tools and Resources
- A. About the Authors
- B. System Requirements
- Index
- About the Authors
- SPECIAL OFFER: Upgrade this ebook with O’Reilly
The single Edge Server topology is a single server that hosts three server roles, as shown in Figure 7-1. The roles with their associated primary protocols are as follows:
Access Edge Server. Session Initiation Protocol (SIP).
Web Conference Edge Server. Persistent Shared Object Model (PSOM).
A/V Edge Server. Real-Time Protocol (RTP) and Simple Traversal of User Datagram Protocol (UDP) through the Network Address Translation (NAT) protocol. The simplified name for this protocol is STUN and is defined by the Internet Engineering Task Force (IETF) under Request for Comment (RFC) 3489.
The simplest installation involves minimizing the hardware required to provide access by consolidating the installation of the Access, Web Conferencing, and A/V Edge Servers on the same physical server in the edge network. Firewalls protect the edge network from the external network and protect the enterprise network from irregular access from the edge network. The consolidated Edge Server validates traffic from the edge network and connects to the internal servers in the organization, which could be a pool of servers or a single Office Communications Server Standard Edition Server.
Note
Starting with Office Communications Server 2007 R2, the consolidated Edge Server deployment is the only configuration supported by Microsoft, regardless of whether you are using Standard Edition or Enterprise Edition.
For a single Edge Server topology, remote access Office Communicator clients use Transport Layer Security (TLS) to securely connect to the Access Edge Server from the Internet. This scenario may require multiple Internet Protocol (IP) addresses to be bound to the network interface to handle calls to the collocated roles. Office Communicator discovers the enterprise Access Edge Server through Domain Name System (DNS) Service Record Locators (SRVs). This interaction is similar to how internal clients connect. For more information about internal logon and DNS SRV records, see Chapter 5.
To prevent spoof and "man-in-the-middle" (a widely used security term, also known as the bucket brigade) attacks, Transmission Control Protocol (TCP) is not offered for clients that connect from external networks. The Access Edge Server has a certificate issued by a well-known certification authority (CA) that Microsoft Windows trusts. This enables computers outside the network that are not members of the domain to connect, validate, and trust the Access Edge Server certificate. This trust is necessary to prevent DNS spoofing attacks that could enable the connecting Office Communicator client to negotiate authentication and pass communications through an undesired intermediary. The Access Edge Server then uses another certificate (issued by a public or private CA) to connect securely to the Director server inside the enterprise network. Note that the Access Edge Server helps protect the internal servers against network-level attacks, validates the SIP network protocol messages that it receives, validates the domain that the client uses to log on, and then forwards requests to the internal Director.
Note
For more information about how Office Communicator uses DNS SRV records during remote access and local enterprise logon, see Chapter 5. The section titled "The Technical Details Behind the Login Process" explains which DNS SRV records are queried and how the result is interpreted. Remote access mainly involves the sipexternal.<domain> host (A) record and the _sip._tls.<domain> record.
The single Edge Server topology can support concurrent IM, Web conference, and A/V traffic. Although this is the simplest topology to administer, there are limits to what a single server can handle. You may find that as the needs and user requirements of your organization grow, one of the other topologies discussed in this chapter will be more applicable. For more information about capacity planning, see Chapter 14.
-
No Comment