locked
questions on external usage RRS feed

  • Question

  • I have a couple of questions related to external users.

    - Do you need Edge Servers if external users are trying to use OCS2007 functionality like IM?
    With 'external users' I mean 'internal users' who are working remotely on a customer site.

    eg. with Outlook you can work remotely via RPC over HTTPS without extra 'servers', is something equal available for IM/IP telephony use while someone internal works at a customer site?

    - Maybe you can combine the question: Is there a difference between a user from another company and an internal user who works at a customer site?

    Thursday, July 19, 2007 10:12 AM

Answers

  • Hello,

     

    A good way to describe an external user is a non domain user or a federated user. The OCS 2007 Remote Access user usually falls under the heading of the non domain user beacuse they will access their business domain from home or other locations using a DSL or perhaps a VPN connection and they have no need to log directly into the domain. For a Remote Access user to use IM with internal domain users they will require a OCS 20007 Access Edge sevrer that has remote access enabled on it and thier Communications User account will have to be enabled for Remote Access. By default the OCS 2007 Edge server listens on port 443 for Remote Acces users and this port is configurable through the Access Edge properties dialog. The external OC 2007 client will have to log into the domain using NTLM authtentication e. g. domain\username and the OC 2007 client can use the manual TLS option to log on through the OCS 2007 Access Edge sever. The OC 2007 external URL will require the port that the OCS Access Edged server has configured for Remote Access e. g external URL: external.domain.com:443. The external OC 2007 client can also be configured to use automatic sign on as long as the external SRV record is mapped to the port that the OCS 2007 Access Edge server has configured for remote access. Also, The OCS 2007 external client will require the same Certificate Authority cert that the Access Edge sever has applied to it.

     

    Thanks,

     

    Mike Adkins

    Thursday, July 19, 2007 11:46 PM

All replies

  • Hello,

     

    A good way to describe an external user is a non domain user or a federated user. The OCS 2007 Remote Access user usually falls under the heading of the non domain user beacuse they will access their business domain from home or other locations using a DSL or perhaps a VPN connection and they have no need to log directly into the domain. For a Remote Access user to use IM with internal domain users they will require a OCS 20007 Access Edge sevrer that has remote access enabled on it and thier Communications User account will have to be enabled for Remote Access. By default the OCS 2007 Edge server listens on port 443 for Remote Acces users and this port is configurable through the Access Edge properties dialog. The external OC 2007 client will have to log into the domain using NTLM authtentication e. g. domain\username and the OC 2007 client can use the manual TLS option to log on through the OCS 2007 Access Edge sever. The OC 2007 external URL will require the port that the OCS Access Edged server has configured for Remote Access e. g external URL: external.domain.com:443. The external OC 2007 client can also be configured to use automatic sign on as long as the external SRV record is mapped to the port that the OCS 2007 Access Edge server has configured for remote access. Also, The OCS 2007 external client will require the same Certificate Authority cert that the Access Edge sever has applied to it.

     

    Thanks,

     

    Mike Adkins

    Thursday, July 19, 2007 11:46 PM
  • Hi Mike,

    that's exactly what I wanted to know.

    cheers.
    Friday, July 20, 2007 6:27 AM
  • How can I get a Certificate from my internal network as an external client ?

    When I try to connect to my edge server from outside, I've got a certificate error message.

    As an external user I should be able to sign in with my domain login/password no ?


    Monday, August 6, 2007 1:38 PM