locked
OCS2007 communication Q RRS feed

  • Question

  •  

    Hi All,

     

    I have a question prior to installing OCS2007 regarding its comms and transport.

     

    We are deploying 1 x Standard Server and 1 x Edge server, both on the internal LAN.  These servers are initially intended for IM and application sharing. No Web Conferencing as such yet (I beleive the server will need to go into a DMZ for this purposes due to NAT'ing)

     

    I understand that the OCS Server will send any IM traffic that is not registered as a allowed SIP domain in the OCS to the Edge Server for external access.

     

    My question is, how does the edge server communicate out to the net? Other products I have seen, you can configure to go through a Proxy, Direct access, Firewall or gateway.

     

    Is all traffic sent out on the external network card or is the external card only required for inbound connections?

     

    How is the IM conversation handled at Microsoft's end? I assume the MSN URL defaulted in the install (federation.messenger.com) is what the Edge server talks to and MS see the hostname of the server connecting and permit it once licensed through their licensing portal?

     

    Any advice much appreciated.

     

    Monday, November 12, 2007 11:37 AM

All replies

  •  Iain McInally wrote:

     

    My question is, how does the edge server communicate out to the net? Other products I have seen, you can configure to go through a Proxy, Direct access, Firewall or gateway.

     

    Iain,

     

    The recommended configuration of the Edge Server is to have at least 2 network interfaces, connecting one to an internal firewall and the other to an external firewall.  If you have a standard 3-leg perimeter hanging off a single firewall you can connect both interfaces back to the same routing device.  Here's some more detail regarding this requirement.

     

    At this point you can connect the Edge Server's external interface to any firewall or proxy, or even directly to the Internet, although that is not recommended for obvious security reasons.

    Monday, November 12, 2007 4:37 PM
    Moderator