Configuring Support for External User Access
Topic Last Modified: 2011-04-04
After installing and configuring you internal deployment of Microsoft Lync Server 2010, internal users in your organization can collaborate with other internal users who have SIP accounts in your Active Directory Domain Services (AD DS). Collaboration can include exchanging instant messages and presence information and, if configured, participating in conferences (also known as "meetings"). By default, only users who are logged on to your internal network can log on to Lync Server 2010. You enable and configure external user access to control whether supported external users can collaborate with internal Lync Server users. External users can include remote users, federated users (including supported users of public instant messaging (IM) service providers), and anonymous participants in conferences, depending on how you configure external user access.
Deploying an Edge Server or Edge pool is the first step to supporting external users. For details about deploying Edge Servers, see Deploying Edge Servers in the Deployment documentation.
After completing the setup of an Edge Server or Edge pool, you must enable the types of external user access that you want to support and configure support for the external users that your organization wants to support. In Lync Server 2010, you enable and configure external user access using the Lync Server Control Panel and the Lync Server Management Shell. For details about these management tools, see Lync Server Control Panel in the Operations documentation, Lync Server Management Shell in the Operations documentation, Lync Server Control Panel in the Operations documentation, and Install Lync Server Administrative Tools in the Operations documentation.
To support external user access, you must do both of the following:
Enable support for your organization. To enable support for external user access in your deployment, you enable each type external user access that you want to support. You enable and disable support for external user access Lync Server 2010 Control Panel by editing the global settings on the Access Edge Configuration page in the External User Access group. Enabling support for external user access specifies that your servers running the Lync Server Access Edge service support communications with external users, but external users cannot communicate with internal users until you also configure at least one policy to manage the use of external user access. External users cannot communicate with users of your organization when external user access is disabled or if no policies are configured to support it.
Configure and assign one or more policies to support external user access, which can include the following.
External user access policies, which you can create and configure to control use of one or more types of external user access, including access for your remote users, access by users of federated domains, and access for users of supported public IM service providers. You configure external user policies in Lync Server 2010 Control Panel using the global policy and, optionally, one or more site and user policies, on the External Access Policy page in the External User Access group. The global policy is created when you first deploy an Edge Server or Edge pool and cannot be deleted. You create and configure any site and user policies that you want to use to limit external user access to specific sites or users. Global and site policies are automatically assigned. If you create and configure a user policy, you must then assign it to the specific users or users groups to whom you want it to apply. Each external user access policy can support one or more of the following: remote user access, federated user access, and public IM connectivity.
Conferencing policies, which you can create and configure to control conferencing in your organization, including which users in your organization can invite anonymous users to conferences that they host. After creating a conferencing policy and enabling support for anonymous users in the policy, you must then assign the policy to the specific users or user groups that need to be able to invite anonymous users to their conferences.
You can configure external user access settings, including any policies that you want to use to control external user access, even if you have not enabled external user access for your organization. However, the policies and other settings that you configure are in effect only when you have external user access enabled for your organization. External users cannot communicate with users of your organization when external user access is disabled or if no external user access policies are configured to support it.
Your edge deployment authenticates the types of external users and controls access based on how you configure your edge support. In order to control communications across the firewall, you can configure one or more policies and configure other settings that define how users inside and outside your firewall communicate with each other. This includes the default global policy for external user access, in addition to site and user policies that you can create and configure to enable one or more types of external user access for specific sites or users.