Export (0) Print
Expand All

Securing Lync Web App Sessions

Lync Server 2010
 

Topic Last Modified: 2011-04-11

The sessions between clients and the Lync Web App can be made more secure by using session timeouts and encryption. This section discusses ways to enhance the security of sessions between the client and Lync Web App.

In Lync Web App, the same token is used for the session token and the authentication token. You can enhance the security of tokens by using short timeouts on Lync Web App virtual servers that service external requests. You can set different timeout values for public and private computers in the external virtual server’s properties.

The following are the requirements and recommendations regarding encryption:

  • You must use TLS/MTLS for all communications between Lync Web App and servers that are running Microsoft Lync Server 2010.

  • You should always use HTTPS unless SSL offloading is used for performance reasons and other effective security safeguards are in place.

  • You may use HTTP for communications between a hardware load balancer or other device and the Lync Web App if SSL offloading is used for performance reasons. In this case, the physical link should be secured.

  • Do not use HTTP between the client and the Lync Web App.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft