locked
Domain and FQDN naming advice RRS feed

  • Question

  • Hi all,

    I need some advice for naming my server and sip domain.

    Currently I will setup a internal OCS 2007 Standard server. In the near future, I also want to communicate to the outside world, and will add a edge server.

    In my test setups i always used:

    servername01.domain.local, and domain.local for FQDN and SIP domain. This works just fine for testing purposes. The ssl certificate would have the following names:

    1. servername01
    2 servername01.domain.local
    3. domain.local
    4. sip.domain.local

    This always works.

    Now, In this setup, I will be placing a server internally, and later on, add a Edge server in the dmz.

    I was thinking it should now be something like this:

    Internal ocs 2007 server: servername01.domain.local, and OCS.publicdomain.com for SIP domain.

    Question: Do I need a public SIP domain if I wish communicate with the outside world in the future? (Lifemeeting)

    Question 2: What names do I need to use in my certificate if I have a Public SIP domain on the Internal ssl certificate?

    I was thinking something like this but I might be wrong:
    Subject Name: servername01.domain.local
    Subject Alternate Names: domain.local, sip.domain.local,ocs.publicdomain.com, publicdomain.com, sip.publicdomain.com, servername01.



    Wednesday, September 10, 2008 10:02 AM

All replies

  • Question: Do I need a public SIP domain if I wish communicate with the outside world in the future? (Lifemeeting)

    Yes. You'll need to use a SIP domain that is publically resolveable e.g. yourcompany.com. This is because you'll be creating public DNS A and SRV records to enable things like open federation (if you enable this feature) and automatic sign in for your remote users who are enabled for the public SIP domain.

    Question 2: What names do I need to use in my certificate if I have a Public SIP domain on the Internal ssl certificate?

    I suggest using at least servername.domain.local (your AD domain) and servername.yourcompany.com (for your publically resolveable domain) but you can add SANs for sip.domain.local, etc. For consistency purposes, this ensures that both users configured for the domain.local SIP domain and the yourcompany.com SIP domain can log onto the same OCS server.

    In terms of determining the SIP domain you're going to use, your best bet in my opinion is to use the SIP domain you'll be using externally from the start if you know you're going to be supporting external access.
    Wednesday, September 10, 2008 12:07 PM
  • Typically you'd use your existing SMTP domain name as the SIP domain, unless you don't want people trying to 'guess' your user's SIP addresses.
    Thursday, September 11, 2008 5:25 AM
    Moderator