locked
Design Question RRS feed

  • Question

  •  

    I'm trying to understand what the minimum requirement is to deploy a fully functioning OCS 2007 environment that includes IM, AV and web conferencing along with federation to MSN, Yahoo and AOL.

     

    We currently have a single OCS server on our internal domain, with a NATed IP address, and my understanding is that we need to have a publicly routable IP for some of the other services.

     

    Also, are there any additional components on the server side required for Live Meeting, or is that included in OCS?

     

    Any help would be appreciated.  Thanks.

    Wednesday, October 22, 2008 4:43 AM

Answers

  • Yes, you can but that is certainly not recommended.  Depending on how you deploy certificate and if you have a split-DNS configuration or not there might be some other configuration changes needed to support external access.  I'd personally skip the reverse proxy altogether versus punching a hole in a firewall directly to an internal server.
    Wednesday, October 22, 2008 3:28 PM
    Moderator

All replies

  • If you want Internet access to your OCS Environment you need an EDGE Server

    You can have a single EDGE Server that acts as Access, Web Conferencing  and AV Conferencing EDGE

    The EDGE Requires a public routeable address for the AV Conf EDGE Service

    The EDGE Server is also required for MSN, AOLand YAHOO federation

    For more info read the EDGE Server deployment guide

    http://www.microsoft.com/downloads/details.aspx?FamilyId=ED45B74E-00C4-40D2-ABEE-216CE50F5AD2&displaylang=en

     

    You do not connect your internal server to the internet

    No additional components are required for Live Meeting (included in OCS STD or EE and remote access through EDGE server)

     

     

     

    Wednesday, October 22, 2008 11:34 AM
  • You'll also need certificates issued by a trusted third-party CA for Public IM Connectivity, as well as purchased licenses; PIC federation is not free.

     

    http://www.microsoftvolumelicensing.com/userights/ProductPage.aspx?pid=207

     

    Wednesday, October 22, 2008 1:21 PM
    Moderator
  •  

    Thanks, this is really helpful.  One more question though.  Do I need ISA (a reverse proxy) for something?  I remember reading somewhere that I did, but I don't understand its purpose.  If not, all the better.
    Wednesday, October 22, 2008 2:11 PM
  • The reverse proxy is not required, but without it external users will not be able to download the address book, expand distribution lists, or be able get some meeting content.

     

    The last portion of this blog has some clarification on the Reverse Proxy regarding some of the deployment details: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=19

     

    Also check out the Perimeter Network whitepaper from Microsoft that I have linked in this article as well for more background on the Edge Server deployment:

    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=33

     

     

    Wednesday, October 22, 2008 2:36 PM
    Moderator
  • Thanks a lot.  So it is kind of required if I want everything to function properly for external users?  Can I not just NAT the abs site through to the internal OCS server?  I understand this might not be ideal, I'm just asking if it's possible.

     

    Wednesday, October 22, 2008 2:41 PM
  • Yes, you can but that is certainly not recommended.  Depending on how you deploy certificate and if you have a split-DNS configuration or not there might be some other configuration changes needed to support external access.  I'd personally skip the reverse proxy altogether versus punching a hole in a firewall directly to an internal server.
    Wednesday, October 22, 2008 3:28 PM
    Moderator
  • Thanks!  This seems to be a relatively easy thing to overcome with a UC certificate.

     

    Wednesday, October 22, 2008 3:49 PM