Step 2. Determine the Components Required for External User Access (2007 R2 Beta)

[This is preliminary documentation and is subject to change. Blank topics are included as placeholders.]

This section describes the components required to enable external user access in an Office Communications Server deployment.

Feature Components

Edge Server is a server role in Office Communications Server, and it is the primary component required for enabling external user access. To deploy an Edge Server, install Office Communications Server on a server, choosing the role of Edge Server during setup.

An Edge Server always runs the following three services:

• Access Edge service, which provides the core functionality for collaboration between your internal users and external users. The Access Edge service provides a single, trusted connection point for both outbound and inbound Session Initiation Protocol (SIP) traffic.
• Web Conferencing Edge service, which enables external users to join on-premise meetings. This service enables your users to invite remote users to meetings; these remote users can include your organization’s remote users, federated users, and any other external users who are sent invitations to specific meetings.
• A/V Edge service, which makes it possible to share audio and video with external users. Your users can add audio and video to meetings that include external participants, and they can share audio and video directly with an external user in point-to-point sessions.

The following components are also required or recommended to enable external user access.

Perimeter Network (Required)

Edge Servers are deployed on a perimeter network (also known as a DMZ, demilitarized zone, or screened subnet). The perimeter network is a small network set up separately from your organization's internal network and the Internet. The perimeter network allows external users access to the Edge Servers located in the perimeter network while preventing access to the internal corporate network.

You can deploy your perimeter network using two firewalls or one. The two-firewall configuration is recommended. For details, see Step 3. Identify the Technical Requirements for Deploying External User Access.

Reverse HTTP Proxy

We recommend that you deploy a reverse HTTP proxy in the perimeter network. The reverse proxy is required for the following:

• To enable external users to download meeting content for your meetings.
• To enable external users to expand distribution groups.
• To enable remote users to download files from the Address Book Service.
• To enable remote users to download files from the Address Book Service.
• To enable remote users to download files from the Address Book Service.

If you already have a reverse proxy deployed to support other services, you may use it for Office Communications Server 2007 R2 as well (although it must be deployed in the perimeter network). The reverse proxy can be deployed using Microsoft Internet Security and Acceleration (ISA) Server 2006, or other Internet server software. This documentation includes detailed steps for configuring a server that is running ISA Server 2006 as a reverse proxy.

Director

If you have multiple Enterprise pools, a Director is required—if you have only one pool, or only Standard Edition servers, a Director is not needed.

A Director is an Enterprise pool that does not home users; instead, it serves as an internal next-hop server to which an Edge Server routes inbound SIP traffic destined to internal servers. The Director authenticates inbound requests and distributes them among the servers in the Enterprise pool or to the appropriate Standard Edition server. By authenticating inbound SIP traffic from remote users, the Director helps insulate home servers and Enterprise pools from potentially malicious traffic, and it also relieves those servers of the overhead of performing authentication.

Scaling

To scale your Edge Server capabilities, simply deploy more Edge Servers in your perimeter network, and use a load balancer to spread the workload among them.

If you use a multiple-site topology, you can deploy multiple Edge Servers both in your data center and in any remote sites that require such scaling.

See Also

Concepts

Step 3. Identify the Technical Requirements for Deploying External User Access