Overview of External User Access
Topic Last Modified: 2012-10-16
In this documentation, we use the term external user to refer to a user who signs in to your Microsoft Lync Server 2010 deployment from outside the firewall. External users that you can authorize to use Microsoft Lync Server 2010 communications software to communicate with internal users (that is, users who sign in to Lync Server 2010 from inside the firewall) can include the following:
- Remote users Users of your organization who sign in to Lync Server from outside the firewall (for example, business travelers and telecommuters) by using a virtual private network (VPN), Microsoft Direct Access (a feature of Windows Server 2008 R2 and Windows Server 2008), clients using transport layer security connection (TLS), or the Lync Web App by using a browser.
- Federated users Users who have an account with a trusted customer or partner organization. When you have established a trust relationship with this type of organization’s domain, you can authorize users in that domain to access your Lync Server deployment. This trust relationship is called federation and it is not related to or dependent upon an Active Directory trust relationship.
- Public IM users Users of public instant messaging (IM) services, including any or all of the following: Windows Live, AOL, and Yahoo!, in addition to XMPP-based providers and servers, such as Google Talk and Jabber by using an Extensible Messaging and Presence Protocol (XMPP) gateway. A public IM service provider is a specific type of federated partner. Support for public IM users has specific requirements that are different from the requirements for users of other federated partners. Customers that do not have a volume license for Lync Server 2010 require a separate license if they choose to configure public IM connectivity with Windows Live, AOL, and Yahoo! For details, see the NextHop blog article, "Changes in Office Communications Server Public IM Federation," at http://go.microsoft.com/fwlink/p/?LinkId=269620 and "Microsoft Lync: Pricing and Licensing" at http://go.microsoft.com/fwlink/p/?LinkId=202848.
Note: To use XMPP, you must install the XMPP Gateway. You can download the XMPP Gateway from the Microsoft Download Center at http://go.microsoft.com/fwlink/p/?LinkId=204552. After you install the XMPP Gateway, you need to install the hotfix, which is available for download from http://go.microsoft.com/fwlink/p/?LinkId=204561.
- Anonymous users Users who do not have a user account in your organization's Active Directory Domain Services (AD DS) or in a supported federated domain, but who have received invitations to participate remotely in an on-premises conference.
Your edge deployment authenticates these types of external users and controls external access for the following types of communication:
- IM and presence Authorized external users can participate in IM conversations and conferences, and they can get information about one another’s presence status. Users of public IM service providers and federated users can participate in IM conversations with individual Lync Server users in your organization and access presence information, but they cannot participate in Lync Server-based IM multiparty conferences. It is strictly peer-to-peer communication. File transfer is not supported for users of public IM service providers, and audio/video in peer-to-peer communications is supported for Windows Live Messenger 2011 users, but not other users of public IM service providers.
- Web conferencing Authorized external users can participate in conferences that are hosted on your Lync Server deployment. Remote users, federated users, and anonymous users can be enabled for participation in web conferencing, but public IM users cannot participate in conferences. Depending on the options that you select, web conferencing-enabled users can participate in desktop and application sharing and can act as meeting organizers or presenters.
- A/V conferencing Authorized external users can share audio and video in conferences that your Lync Server deployment provides.
In order to control communications across the firewall, you can configure one or more policies that define how users inside and outside your firewall communicate with each other. You can also configure settings and apply policies for individual internal users or for specific types of external users to control communications with external users.