locked
Appropriate sign-on for PIC enabled users RRS feed

  • Question

  • We have recently added an EDGE server. Internally we  have one standard edition server. We have 15 users enabled for PIC usage. The only component enabled is IM.

     

    Currently, we use email address for sign in. Is this a bad practice. Our SIP domain equals our email domain. Will we see a lot of attempts to connect from external spammers. What is the best practice in this area?

     

    Thanks

     

    Monday, July 28, 2008 2:29 PM

Answers

  • I guess that depends on how you want to leverage IM?

     

    From a deployment standpoint it's typically a best practice to use the same SIP domain as the SMTP domain, regardless of the AD namespace.  But if you don't enable Open Federation, then the only unsolicited connection attempts you may see would be from PIC sources (AOL, Yahoo, MSN/Live).  Whenever someone on one of the public services attempts to add you to their contact list IM you'll get a prompt from Communicator asking how you want to handle that contact in terms of what group to store them in and what access level to assign them to.  The defaults are Other Contacts and Public, respectivly.  You users can easily allow/block communicationed from people they do/don't know at this point.

     

    Monday, July 28, 2008 3:26 PM
    Moderator

All replies

  • I guess that depends on how you want to leverage IM?

     

    From a deployment standpoint it's typically a best practice to use the same SIP domain as the SMTP domain, regardless of the AD namespace.  But if you don't enable Open Federation, then the only unsolicited connection attempts you may see would be from PIC sources (AOL, Yahoo, MSN/Live).  Whenever someone on one of the public services attempts to add you to their contact list IM you'll get a prompt from Communicator asking how you want to handle that contact in terms of what group to store them in and what access level to assign them to.  The defaults are Other Contacts and Public, respectivly.  You users can easily allow/block communicationed from people they do/don't know at this point.

     

    Monday, July 28, 2008 3:26 PM
    Moderator
  • Thank you for your response.

     

    I'm not exactly sure what you mean by Open Federation. Would you please give further explanation.

     

    Also, I am comfortable using the same SIP domain as SMTP, but we are using our actual email addresses for sign in. Many of our users have allowed their email address to slip out into the wild, so wouldn't that increase the instances of malicous users attempting to connect?

     

    What do you think mosty peope are doing as far as logon  types?

     

    Thanks again

     

     

     

     

    Monday, July 28, 2008 8:41 PM
  • Open Federation is covered in the OCS documentation.  It's a configuration (adding a specific SRV record to your external DNS records) which allows other OCS deployments (not Public IM)

    to see presence and send messages to your users.  The OCs console has a place to view cpnneciton attempts and block any unwanted sources.

     

    I hanve't seen much of anyone complain about IM-spam, but if it is problem or concern, then you may want to simply limit PIC access to certain users.

    Monday, July 28, 2008 9:00 PM
    Moderator
  • Jeff,

     

    So Yahoo, MSN and AOL are not using our SRV record in external DNS. Are they strictly using the info provided in the provisioning process?

     

     

    Wednesday, July 30, 2008 1:51 PM
  • Yes that is correct.  They may attempt to validate your environment by trying to query your DNS SRV record, but they will use the Access Edge Server you provided them as their point of connection.

     

    Wednesday, July 30, 2008 3:29 PM
  • Yeah, since there is a licensing cost and 30-day 'configuration wait' in order to get PIC up and running, it definitely is not something as seamless as Open Federation Smile

    Wednesday, July 30, 2008 6:30 PM
    Moderator