How federated traffic is evaluated when using

Info icon This preview shows pages 41–43. Sign up to view the full content.

View Full Document Right Arrow Icon
How Federated Traffic Is Evaluated When Using Automatic Discovery If you choose to use automatic discovery of federated partners, the Access Edge service automatically evaluates incoming federated traffic in the following way: If a federated party sends requests to more than 1,000 URIs (valid or invalid) in the local domain, the connection first placed on the Watch list is evaluated first. Any additional requests are blocked by the Access Edge service. If the Access Edge service detects suspicious traffic on a connection, it limits the federation partner to a low message rate of one message per second. The Access Edge service detects suspicious traffic by calculating the ratio of the number of successful responses to the number of failed responses. The Access Edge service also limits legitimate federated partner connections (unless added to the Allow list) to 20 messages per second. The list of suspicious peer connects is displayed in the Access Edge service Computer Management console. If you know that you will have more than 1,000 requests sent by a legitimate federated partner or a volume of more than 20 messages per second sent to your organization, you must add the federated partner to the Allow tab to allow these volumes. The following figure shows rate limitations on open federation. Limiting connections for enhanced federation 37
Image of page 41

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Microsoft Lync Server 2010 Security Guide After configuring federation, you can use the Lync Server administrative tools to manage federated partner access on an ongoing basis. For details, see the Lync Server Control Panel documentation. HTTP Reverse Proxy for Lync Server 2010 An HTTP reverse proxy is required in your perimeter network for: To enable external users to download meeting content for your meetings. To enable external users to expand distribution groups. To enable remote users to download files from the Address Book Service. To enable access to the Microsoft Lync Web App client. To enable access to the Dial-in Conferencing Settings web page. To enable access to the Location Information Service. To enable external devices to connect to Device Update Service and obtain updates. The HTTP reverse proxy provides a single discoverable IP address through which external users can download content from the internal Web Components (IIS) Servers. The Web Components Servers in turn use the reverse proxy to download expanded distribution lists, Address Book files, and meeting content for external users. All communication between a reverse proxy and internal Web servers occurs over HTTPS (TLS over HTTP) and therefore is encrypted. For details about deploying and configuring an HTTP reverse proxy, including configuring your firewall to work with a reverse proxy, see Planning for External User Access in the Planning documentation and Set Up Reverse Proxy Servers in the Deployment documentation.
Image of page 42
Image of page 43
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern