Av edge service ip address requirements in lync

Info icon This preview shows pages 35–38. Sign up to view the full content.

View Full Document Right Arrow Icon
A/V Edge Service IP Address Requirements In Lync Server 2010, an Edge Server is a single server running all three edge services, including Access Edge service, Web Conferencing Edge service, and A/V Edge service. Edge Servers that do not use a load balancer can use NAT for all three service roles. This means that you do not need to provide a publicly routable IP address to the actual server, and you can use your perimeter address range. However, NAT is not supported for the internal edge of the Edge Server. If you use multiple Edge Servers behind a hardware load balancer, you must allocate a public address for the hardware load balancer virtual IP and the A/V Edge service. The public address must provide direct routable access for your clients that access the A/V Edge over the Internet. If you use multiple Edge Servers behind a DNS load balancer, you must allocate a public address for each external address. This is required because addressing for a media session occurs at the IP address layer, where the presence of a NAT function can break end-to-end connectivity. For an Edge Server, a NAT provides only address translation; it does not provide any security through routing policy rule enforcement or packet inspection. The only potential benefit a NAT offers is to obfuscate the IP 31
Image of page 35

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Microsoft Lync Server 2010 Security Guide address of the server, but attempting to hide the IP address of any network server is not a reliable way to provide security. All Edge Servers need a properly associated firewall policy to restrict client access to the designated listening ports and by disabling any other unnecessary network services. Given compliance with these recommended practices, there is no additional benefit from the presence of a NAT. External User A/V Traffic Traversal Enabling external users and internal users to exchange media requires an Access Edge service to handle the SIP signaling that is necessary to set up and tear down a session. It also requires an A/V Edge service to act as a relay for the transfer of the media. The call sequence is illustrated in the following figure. Call sequence to enable media traversal of NATs and firewalls The following sequence of events takes place when a external user calls internal users and therefore needs to be able to send voice, VoIP, or both by means of the A/V Edge Server: 1. Within the context of this authenticated, encrypted SIP session, the user obtains authentication credentials from the A/V Authentication service by sending a SIP SERVICE request to the service. 2. The external user authenticates itself with the A/V Edge service and obtains media session ports (Lync Server 2010 uses 3478/UDP and 443/TCP) on the server for use in the upcoming call. At this point, the external user can send packets by way of the allocated port on the 32
Image of page 36
Microsoft Lync Server 2010 Security Guide public IP address of the A/V Edge service, but still cannot send media packets inside the enterprise.
Image of page 37

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 38
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern