locked
OCS deployment doubts RRS feed

  • Question

  • Hello:

     

    I have some doubts about the OCS deployment. I had read all the documentation of OCS but I still do not understand the difference between the following concepts:

     

    External URL for meeting content download

    External URL for group expansion 

    File share URL for external connections

     

    These URL I'm still don't understand wich one will require public certificates, wich one can use internal certificates. What I had understand it's that the meeting content URL download it's the only that requires public certificates.

     

    Can somebody help me just tell me wich URL needs public certificates or all of them can use internal certificates?

     

    Regards,

    Monday, June 30, 2008 4:07 PM

All replies

  • These URLs are part of the 'in-band' configuration settings in OCS.  You only need to deploy certificates to the Edge server components: Access Edge, WebConf Edge, and A/V Auth Edge.  These steps are completed with the Certificate Wizard in the OCS management console.  The clients only need to be aware of the Access Edge FQDN (via DNS or manual configuration) and then the remaining URLs are passed to the client by the server over that single connection.  Those three Edge services should all have public, trusted certificates; that is all you need.

     

    Think of it this way, if external clients connecting are on workstations that don't already trust the internal CA (usually anything outside of corporate laptops) then a public certificate will be required on that client.  Which externally-available services you whis to deploy and support will control which of the 3 Edge roles you'll need.  The Acces Edge role is at least the bare minimum and reuires just a single public cert.

     

    The Edge server's internal interface can operate with an internal certificate.  There is only one of these needed.

    Tuesday, July 1, 2008 12:36 AM
    Moderator