locked
Edge and ISA Server in OCS RRS feed

  • Question

  • Hi,

    Is it mandatory to have ISA Server (Reverse Proxy) as a firewall in perimeter network before or during the Deploying Server roles..Access Edge Server,Web Conferencing Edge Server, A/V Edge Server....

    It isn't enough if i have NAT with basic Firewall??

    Thanks
    Sameer
    Friday, June 12, 2009 4:45 AM

All replies

  • Be aware that NAT is only supported for A/V EDGE in OCS 2007 R2
    ISA Server is not required for NAT you can use other Firewalls
    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    Friday, June 12, 2009 10:46 AM
  • Hello SAM,

    To put it in a simple way, you could use any firewall which supports NAT to you OCS 2007 R2 Edge External Interface. These IP's that are used for AccessEdge/WebCOnf/AVEdge are natted to the public IP's on the external interface of your firwall. Thats the basic fundamental and you just need to ensure that.

    When it comes to reverse proxing, MS recommends an ISA Reverse Proxy. Please note Reverse Proxy is used to just public the live meeting content downloads, group expansions and the address book database from the OCS R2 Front-End to the internet client. So, if your firewall does support reverse proxying you could might as well use your firewall to publish the meeting URL,AddressBook URL etc.Note the certificate that you use for the Web listener should match the external web farm fqdn of the ocs front end. I personally recommend ISA for reverse proxying the internal URL's.

    Hope that clarifies your query.

    Savio.
    __________________________________________________

    Sr Consultant | MCTS W2K8 & E2K7 | MCITP W2K8 & E2K7 |
    Friday, June 12, 2009 11:05 AM
  • Sameer,

    There are many previous threads on this discussion, the topic comes up almost weekly.  The reverse proxy simply publishes the Web Components IIS site (running on the internal Front-End Server) to the public.  It has nothing to do with the Edge Server.  Clients are based the External Web Farm FQDN in-band after connecting and them attempt to connect to that URL for the features which are listed above (and in the thread linked below).

    See my reply here:
    http://social.technet.microsoft.com/Forums/en-US/ucccommunityocsdeployment/thread/0deda05b-5578-4264-a5ad-fa7bf404cd72
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, June 12, 2009 12:38 PM
    Moderator