Best Practices for Securing Enterprise Voice
Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Deploy media gateways and Mediation Servers in a physically secure environment.
Install the Mediation Server on a computer with two network adapter cards. The Deployment Wizard detects the presence of the two network cards and writes their IP addresses to the Communications Server listening IP address list and the Gateway listening IP address list, both on the General tab of the Mediation Server Properties dialog box.
Note
Even if you configure the link between the Mediation Server and the media gateway for TLS, it is still good practice to further enhance security by configuring the Mediation Server with two network interface cards to separate its internal and external edges. It is possible to configure both edges on a single adapter card, but this alternative is not recommended.
Configure the internal edge of a Mediation Server to correspond to a unique static route that is described by an IP address and a port number. The default port is 5061.
Configure the external edge of a Mediation Server as the internal next hop proxy for the media gateway. The external edge should be identified by a unique combination of IP address and port number. The IP address should not be the same as that of the internal edge; the default port is 5060.