locked
Configuring Access for Federated Partners RRS feed

  • Question

  • Hello all,

     

    I'm interesting in configuring federation access to several partners of mine.

    I have couple of question regarding the federation and the features of it that I couldn't find the answers on the deployment guide - http://technet.microsoft.com/en-us/library/bb663635.aspx.

     

    1. If I'm establishing federation with a partner, would the partner be able to see the list of all users in my company?
      F
      or example, if my domain is mydomain.com, and I'm establishing federation with mypartner.com.
      Does mypartner.com users will be able to see all of my users?
      if so, is it possible to block them to see only specific users?

    2. If I'm establishing federation with couple of partners (mypartner1.com & mypartner2.com).
      Would they be able to see each other users? or only the one that is establishing the federation with them (myself)?
    3. After establishing federation with a partner, is it possible to allow only one side to search and add users?
      I want to prevent from mypartner.com users to search and add users from mydomain.com – I want it to be allowed only from my side.

     My infrastructure:

    1 Office Communication 2007 Standard Server

    1 EDGE server for remote access

     

     

    Thank you for the assistance,

    Best regards.

    Ploni.

    Wednesday, November 26, 2008 6:02 PM

Answers

  • Ploni,

     

    1. Yes, unless individual users move federated contacts in to the Block Access List policy.
    2. Federations are not transitive, so communications only flow between you<>partner1 and you<>partner2.  Partner1 and Partner2 would only be able to communicate if they specifically define each other as federated.  If Open Federation is used then ANY OCS user could essentially establish a connection to a remote OCS deployment, but that requires specific SRV records to be deployed and isn't a default behavior.
    3. You can't really 'search' a federated partners Address Book in the same way that you can your own Address Book.  But once a contact's SIP address is shared there isn't a way to limit which direction a conversation can be initiated, it's basically a two-way street.  Again, answer #1 applies here as well, on a user-by-user basis.

     

    Wednesday, November 26, 2008 6:26 PM
    Moderator