Understanding the Requirements for and Use of Certificates in Federation
by Nirav Kamdar, Rajesh Ramanathan, Rick Kingslan, Rui Maximo
Microsoft® Office Communications Server 2007 R2 Resource Kit
- Microsoft® Office Communications Server 2007 R2 Resource Kit
- SPECIAL OFFER: Upgrade this ebook with O’Reilly
- A Note Regarding Supplemental Files
- Foreword
- Acknowledgments
- Introduction
- I. Overview and Architecture
- 1. Overview of Office Communications Server 2007 R2
- 2. New Features Overview
- New Features
- Call Delegation
- Team Ring
- Group Chat
- Desktop Sharing
- Desktop Sharing Requirements
- Desktop Sharing Features
- Audio Conferencing
- Server Applications
- Sample Scenarios
- Outside Voice Control
- SIP Trunking
- Enhanced Media
- Simplified Firewall Configuration for the A/V Edge Server
- Presence Enhancements
- Archiving, CDR, and QoE Enhancements
- Simplified Management
- Technical Overview
- Summary
- Additional Resources
- New Features
- 3. Server Roles
- 4. Infrastructure and Security Considerations
- Infrastructure and Security Considerations
- Understanding How Office Communications Server Takes Advantage of Active Directory
- Using DNS to Publish Office Communications Server
- Securing Office Communications Server with PKI
- Scaling with SQL Server
- Building Redundancy with Hardware Load Balancing
- Bridging VoIP to the PSTN Network by Using a Media Gateway
- Firewall Scenarios and Configuration
- Summary
- Additional Resources
- II. Key Usage Scenarios
- 5. Basic IM and Presence Scenarios
- Understanding the Login Process
- Why Talk About the Login Process?
- A Login Scenario
- The Technical Details Behind the Login Process
- How Presence Information Is Shared
- What Is Presence?
- A Presence Sharing Scenario
- Technical Details Behind the Presence Sharing Scenario
- Step 1: What Happens During Looking Up a Contact
- Step 2: What Happens When Adding a Contact
- Step 3: What Happens When Subscribing for Presence and Receiving an Offline Notification
- Step 4: What Happens When the Contact Logs In and Updated Presence Is Received
- Step 5: What Happens When Controlling the Access Level of a Contact
- Instant Messaging
- Summary
- Additional Resources
- Understanding the Login Process
- 6. Conferencing Scenarios
- Understanding Conferencing User Types
- Understanding Conferencing User Roles
- Understanding Conference Security and Access Types
- Understanding Conferencing Media Types
- Multiparty Instant Messaging
- Data Collaboration
- Audio and Video Conferencing
- Audio Conferencing Provider Support
- Understanding Communicator Web Access Server R2
- Support for Distribution Groups
- Audio Conferencing
- Desktop Sharing
- Hosting for Dial-in Audio Conferencing Web Page
- Configuring Communicator Web Access Server R2
- Examining the Technical Details Behind Conferencing Scenarios
- Understanding the Conferencing Architecture
- Understanding the Conference Life Cycle
- Examining the Technical Details Behind Web Conferencing
- Meeting Policy and Policy Enforcement
- Summary
- Additional Resources
- 7. Remote Access and Federation Scenarios
- Understanding Basic Remote Access Topologies
- Single Edge Server Topology
- Scaled Single-Site Edge Server Topology
- Multisite Edge Server Topology
- Understanding Basic Remote Access Scenarios
- Understanding Office Communicator Web Access 2007 R2
- Understanding Federation
- Understanding the Requirements for and Use of Certificates in Federation
- Understanding On-Premises Conferencing Rules for Federated and Nonfederated Users
- Configuring and Administering Federation
- Examining the Technical Details Behind the Federation Scenario
- Summary
- Additional Resources
- 8. Public IM Connectivity Scenarios
- What Is Public IM Connectivity?
- Public IM Connectivity Scenarios
- Configuring Public IM Connectivity
- Enabling Federation with Public IM Service Providers
- Step 1: Provision of Federation with the Public IM Service Providers
- Step 2: Configure DNS for the Access Edge Server
- Step 3: obtain a Public Certificate
- Step 4: Configure the Access Edge Server for Federation
- Step 5: Enable Connections to Public IM Service Providers
- Step 6: Authorize Users for Public IM Connectivity
- Provisioning Federation with the Public IM Service Providers
- Enabling Connections to Public IM Service Providers
- Considerations Involving Public IM Providers
- Existing Accounts on Provider Networks
- Capacity Planning Considerations
- Security Considerations
- Considerations Involving Media Sharing
- Authorizing Users for Public IM Connectivity
- Technical Details Behind the Public IM Connectivity Scenarios
- Scenario one: Adding a Contact in office Communicator 2007
- Step 1: Specify Recipient’s Account
- Step 2: Recipient’s Presence Displayed as Unknown
- Step 3: Recipient’s Account Added as a Contact
- Step 4: Recipient’s Presence Displayed as offline
- Step 5: Recipient Receives Notification
- Step 6: Recipient Adds a User to the Buddy List
- Step 7: Recipient’s Presence Displayed as Online
- Scenario Two: Sending a Single Message
- Scenario one: Adding a Contact in office Communicator 2007
- Summary
- Additional Resources
- 9. Remote Call Control Scenarios
- 10. Dual Forking Scenarios
- 11. VoIP Scenarios
- 12. Voice Mail Scenarios
- 13. Enterprise Voice Application Scenarios
- What Is Enterprise Voice?
- Overview of Enterprise Voice Scenarios
- Examining the Technical Details Behind Enterprise Voice Scenarios
- Configuring Enterprise Voice Applications
- Configuring the Response Group Service
- Terminology
- Overview of the Management Model
- Installing the Response Group Service
- Deploying a Response Group
- Step 1: Create the Contact Objects to be Used for your Response Groups
- Step 2: Define the Set of Agents, Groups, and Queues that Handle Calls Received by the Response Groups
- Step 3: Select and Configure the Response Group Template for Definition of the Caller Experience
- Step 4: Deploy the Office Communicator Tab for Formal Agents
- Step 1: Contact Object Creation
- Step 2: Agents, Groups, and Queue Configuration
- Step 3: Template Selection and Configuration
- Step 4: Deploying the Agent Tab for Formal Agents
- Configuring Conferencing Attendant
- Configuring the Response Group Service
- Summary
- Additional Resources
- 5. Basic IM and Presence Scenarios
- III. Planning and Deployment
- 14. Planning Example
- Defining a Statement of Work
- Gathering and Defining Business Requirements
- Mapping Business Requirements to Office Communications Server 2007 R2 Features
- Determining Interoperational Requirements
- Performing a Gap Analysis
- Architectural Design of the Solution
- Output to the Deployment Team for Development of the Deployment Plan
- Summary
- Additional Resources
- 15. Deployment Example
- 14. Planning Example
- IV. Operations and Administration
- 16. Monitoring
- 17. Backup and Restore
- Planning for Backup and Restore
- Restoring Service
- Verifying Restoration Prerequisites
- Installing Restoration Tools
- Restoring Data
- Restoring Settings
- Re-creating Enterprise Pools
- Reassigning Users
- Restoring Domain Information
- Restoring Sites
- Step 1: Determine the Recovery Support to Be Provided by the Secondary Site
- Step 2: Create a Deployment Plan and Restoration Strategy for the Secondary Site
- Step 3: Set Up the Secondary Site
- Step 4: Prepare the Primary Site to Support Recovery at the Secondary Site
- Step 5: Maintain the Secondary Site
- Step 6: Validate Site Recovery Capabilities by Simulating an Outage
- Step 7: Bring the Secondary Site Online
- Step 8: Restore the Primary Site and Bring It Back Online
- Summary
- Additional Resources
- 18. Administration
- Configuring Global Settings
- Configuring Enterprise Voice Settings
- Configuring Policy-Specific Settings
- Configuring Service Connection Point Settings
- Configuring Trusted Server Settings
- Configuring User-Specific Settings
- Configuring Conference Directory Settings
- Configuring Application Contact Object Settings
- Configuring Conference Auto Attendant Settings
- Configuring Pool Settings
- Configuring Server Settings
- Configuring Settings for All Servers
- Configuring Settings for Standard Edition and Enterprise Edition Servers
- Configuring Application Server Settings
- Configuring Archiving Settings
- Configuring Monitoring Server Settings
- Configuring Conferencing Server Settings
- Configuring Communicator Web Access Server Settings
- Configuring Mediation Server Settings
- Configuring Edge Server Settings
- Configuring Federation Settings
- Migrating to Office Communications Server 2007 R2
- Summary
- Additional Resources
- Configuring Global Settings
- 19. Client and Device Administration
- Office Communicator 2007 R2
- Office Live Meeting 2007 R2
- Multiple Client Installation Script
- Group Policy for Unified Communications Clients
- Response Group Service Clients
- Communicator Phone Edition
- RoundTable Management
- Summary
- Additional Resources
- V. Technical Troubleshooting and Diagnostics
- 20. Diagnostic Tools and Resources
- Identifying Diagnostic Tools by Scenario
- Using Server Setup Logs
- Using Event Logs
- Using the Validation Wizard
- Using Client and Server Trace Logs
- Using Snooper
- Using Best Practices Analyzer
- Summary
- Additional Resources
- 21. Troubleshooting Problems
- 22. Routing and Authentication
- 20. Diagnostic Tools and Resources
- A. About the Authors
- B. System Requirements
- Index
- About the Authors
- SPECIAL OFFER: Upgrade this ebook with O’Reilly
Certificates play an important role in federation scenarios. The Access Edge Server of each federated enterprise must have an MTLS certificate. The MTLS certificate requires that the Edge Servers mutually authenticate. If MTLS authentication cannot be established, there is no communication.
As discussed in Chapter 4, the DNS and certificates provide a strong authentication and encryption channel for data flow between the federated partners. Users will still use TLS, but servers must use MTLS for maximum security.
Note
If your IM servers do not communicate after you put your plan in place, this problem is likely to be caused by a DNS or certificate naming conflict or mismatch. You should also ensure that all switch ports are on and configured correctly, check the server services for proper state of operation, and verify your IP configuration.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.