Wednesday, September 27, 2017

Edge Server Properties: Access Methods

Edge Server Properties: Access Methods

Use this tab to configure remote access and federation.

Federate with other domains

Select this check box to enable presence, instant messaging (IM), and Web or A/V conferencing with external users in federated domains.

Allow discovery of federation partners

Select this check box to enable discovery of federated partners.

Enable archiving disclaimer notification to federated users

Select this check box to enable the archiving disclaimer notification to be sent to federated users. If you archive communications from federated users, you should enable archiving disclaimer notification to warn partners that their messages are being archived.

Allow remote user access to your network

Select this check box to allow your own organization's remote users to communicate with other Office Communications Server users in your organization.

Allow anonymous user to join meetings

Select this check box to allow anonymous users to participate in internal conferences. Anonymous users are users who do not have credentials in your organization but are invited to specific conferences.

Allow users to communicate with federated contacts

If this Edge Server is configured as an Access Edge Server dedicated to remote user access (that is, with another Access Edge Server configured for federation and public IM connectivity), select this option to enable remote users connecting through this Access Edge Server to communicate with federated users that connect through another Access Edge Server.

Learn More Online

Click to expand or collapse

External Users

External users are those who either temporarily or permanently connect to an organization from locations outside the corporate firewall. They may or may not have Active Directory credentials. Office Communications Server 2007 R2 supports access for the following types of external users:

  • Federated users. Users who possess valid credentials with federated partners and are therefore treated as authenticated by Office Communications Server. Federated users can join conferences and act as presenters, but they cannot create conferences in the local enterprise.

  • Remote users. Users who have a persistent Active Directory identity within the organization. They include employees working at home or on the road, and other remote workers, such as trusted vendors, who have been granted enterprise credentials for their terms of service. Remote users can create and join conferences and act as presenters.

  • Anonymous users. Users who do not have an Active Directory identity within the organization and are not federated users. Anonymous users are authenticated using a per-meeting conference key provided to them inside the invitation conference organizers send. All recipients of an e-mail message containing a conference key are authenticated using the same conference key.

Federated Partner Access

Federation is a trust relationship between two or more Session Initiation Protocol (SIP) domains that permits users in separate organizations to communicate in real-time across network boundaries as federated partners. Internal users can communicate with external users of a federated partner by using IM or conferencing.

A federated partner can also be an audio conferencing provider (ACP) providing telephony integration. Using Office Communications Server, you can enable access by federated partners, including other organizations and ACPs who provide telephony integration for your organization.

Note:  Federated partner access is not required for SIP trunking service providers.

You can implement federation using the following methods:

  • Allow discovery of federated partners. This is the default option during initial configuration of an Access Edge Server because it balances security with ease of configuration and management. For instance, when you enable discovered federation on your Access Edge Server, Office Communications Server automatically evaluates incoming traffic from enhanced federation partners and limits that traffic depending on trust level, traffic patterns, and administrator settings.

  • Do not allow discovery and limit access of federated partners to only those listed in the Allow list. If you do not select the Allow discovery of federation partners check box, connections with federated partners are allowed only if the federated partner domain and, optionally, the partner's Access Edge Server fully qualified domain name (FQDN) are listed in your Allow list. This method offers the highest level of security, but does not offer the ease of management and other features available with automatic discovery.

Note: To add an ACP as a federated partner, you must add the domain and FQDN of the ACP to the Allow list. For information about how to configure support for an ACP, see the Microsoft Office Communications Server 2007 R2 Technical Library on TechNet.

You can also enable discovery of federation partners AND add federated partners to the Allow list. Adding specific partners to the Allow list gives them a higher level of trust. Your Access Edge Server would then discover federated partners other than the ones listed on the Allow list.

For details, see the Operations section of the Office Communications Server Technical Library.

No comments:

Post a Comment