Deploy your edge servers in a staging or lab

Info icon This preview shows pages 40–42. Sign up to view the full content.

View Full Document Right Arrow Icon
Deploy your edge servers in a staging or lab environment before deploying them in your production environment. Deploy the edge servers in your perimeter network only when you are satisfied that the test deployment meets your requirements and that it can be incorporated successfully in a production environment. Deploy at least one Director to act as an authentication gateway for inbound external traffic. Deploy edge servers on dedicated computers that only run what is required. This includes disabling unnecessary services and running only essential programs on the computer, such as programs embodying routing logic that are developed by using Microsoft SIP Processing Language (MSPL) and the Lync Server API. Enable monitoring and auditing as early as possible on the computer. Use a computer that has two network adapters to provide physical separation of the internal and external network interfaces. Federation Safeguards for Lync Server 2010 Federation provides your organization with the ability to communicate with other organizations’ Access Edge Servers to share IM and presence. If you have enabled federation on the Access Edge service, access by federated partners is controlled using one of the following methods: Allow automatic discovery of federated partners . This is the default option during the initial configuration of an Access Edge service because it balances security with ease of configuration and management. For example, when you enable automatic discovery of federated partners on your Access Edge service, Microsoft Lync Server 2010 allows any federated domain to send communications with you and automatically evaluates incoming traffic from federation partners and limits or blocks that traffic based on the trust level, amount of traffic, and administrator settings. 36
Image of page 40

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Microsoft Lync Server 2010 Security Guide Allow discovery of federated partners, but grant a higher level of trust to specific domains or Access Edge Servers that you specify on the Allow list . For example, if you want to grant a higher level of trust to partners using the SIP domain contoso.com and fabrikam.com, add these two domains on the Allow tab. Restricting discovery in this way establishes a higher level of trust for connections with the domains or Access Edge service that you add to your Allow list, but it still provides the ease of management that is possible by discovering other federation partners that are not listed on the Allow tab. A Block Domain option is also available to allow filtering of SIP domains. Do not allow discovery of federation partners and limit access of federated partners to only the domains or Access Edge Servers for which you want to enable connections . Connections with federated partners are allowed only with the specific domains or Access Edge services you add to the Allow tab. This method offers the highest level of security, but it does not offer ease of management. For example, if an FQDN of an Access Edge service changes, you must manually change the FQDN of the server in the Allow list.
Image of page 41
Image of page 42
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern