Configuring Authorized Hosts

Topic Last Modified: 2009-03-06

An authorized host is a server, client, or gateway that you explicitly designate as trusted. For example, an authorized host might be a server or client that has already performed authentication but does not appear on the trusted server list. Or it might be an IP-PSTN gateway or other entity that does not perform authentication but can be trusted anyway. When specifying an authorized host, you need to specify the following:

  • Server. You can identify the server using either the fully qualified domain name (FQDN) or the IP address.
  • Settings. You can specify the following settings for each authorized host:
    • Outbound only. This specifies that a server in this pool can only make outbound connections to the authorized host. If you select this option, the authorized host cannot open a connection to the servers in this pool. If you do not select this option, the remote authorized host can open connections to the servers in this pool. This setting is only used in conjunction with a static route.
    • Throttle as server. This specifies that connections made to the authorized host are throttled as though the authorized host is a server instead of a client computer. If you select this option, the authorized host is throttled as a server, which means that greater throughput to the authorized host is enabled than is allowed for client connections. If you do not select this option, the authorized host is throttled as a client, which means that greater restrictions are imposed on the connection.
    • Treat as authenticated. This specifies that connections made to the authorized host are considered to have already been authenticated and, therefore, are not challenged by the servers in the pool. If you select this option, you should mitigate the risks by implementing additional security measures, such as a firewall or Internet Protocol security (IPsec), around the authorized host.

To add or edit an authorized host for a Standard Edition server or an Enterprise pool

  1. Open the Office Communications Server 2007 R2 snap-in.

  2. In the console tree, expand the forest node, and then do one of the following:

    • For an Enterprise pool, expand Enterprise pools, right-click the pool, click Properties, and then click Front End Properties.
    • For a Standard Edition server, expand Standard Edition servers, right-click the name of the pool, click Properties, and then click Front End Properties.
  3. Click the Host Authorization tab.

  4. On the Host Authorization tab, do one of the following:

    • To add an authorized host, click Add.
    • To change the configuration an authorized host, click the authorized host, and then click Edit.
  5. In the Add Authorized Host or Edit Authorized Host dialog box, specify the appropriate information:

    • Under Server, click FQDN and type the FQDN of the authorized host, or click IP address and type the IP address of the authorized host. Specify the FQDN of the authorized host if you configured a static route on the pool that specifies the next hop computer by its FQDN. Specify the IP address of the authorized host if you configured a static route on the pool that specifies the next hop computer by its IP address. The IP address 0.0.0.0 is not allowed. Multicast addresses ranging from 224.0.0.0 to 239.255.255.255 are also not allowed. All other IP addresses are allowed.
    • Under Settings, select the check boxes of the options that you want to implement (Outbound Only, Throttle As Server, and Treat As Authenticated). If you select the Treat As Authenticated option, you should implement additional security measures (such as a firewall or IPsec) around the authorized host.