locked
ocs access from the wan RRS feed

  • Question

  •  

    Hi,

     

    Is is possible to publish OCS2007 and use live meeting  without Edge server?

     

    I installed OCS and all is working in the internal domain (users log on with user.local)

     

    I want to be able to log in to live meetings from the wan.

    I can login to IM.

     

     

    1.what do I need to configure in the OCS?

    2. what do I need to configure in the DNS?

    3. I can see in the ethereal that it tries to reach the pool.local instead of pool.com (which I published the machine using isa) I also had all names configure in the alternate name of the certificate.

     

    realy need answers..

     

    Thanks,

     

     

    Moran.

    Thursday, May 29, 2008 11:23 AM

All replies

  • Yes, if you just want to use a centralized OCS deployment for folks across the WAN you do not need an Edge server.  You only need an Edge server if you want to enable access to/from the internet or federation/PIC.  Just keep in mind that if you have a lot of latency between sites (anything over ~150-200ms) that the voice/video experience may be impacted.

    In any case, there's not much you need to do.  First, enable the users for Communications Server from Active Directory Users and Computers.  This needs to be done from the OCS server or a system where you've installed the OCS admin tools.  Next, publish a DNS SRV record for _sipinternaltls._tcp.yourdomain.com, where yourdomain.com is the part of the SIP address after the @ sign.  The details on how to publish this are in the Planning Guide.  Be sure that the certificate you are using on your OCS server is trusted by all the users that are accessing the system.  If all the machines are domain joined then you can create an Enterprise Root CA in Active Directory and generate the certificate from there (if you just created the CA it will take some time for the root CA certificate to replicate to all machines in your domain/forest).  If you'd rather not mess with an internal CA then you can buy a certificate from one of the trusted CAs like Entrust, Verisign, Thawte, etc.
    Thursday, May 29, 2008 11:42 AM
    Moderator