Topic Last Modified: 2011-04-04
After installing and configuring you internal deployment of Microsoft Lync Server 2010, internal users in your organization can collaborate with other internal users who have SIP accounts in your Active Directory Domain Services (AD DS). Collaboration can include exchanging instant messages and presence information and, if configured, participating in conferences (also known as "meetings"). By default, only users who are logged on to your internal network can log on to Lync Server 2010. You enable and configure external user access to control whether supported external users can collaborate with internal Lync Server users. External users can include remote users, federated users (including supported users of public instant messaging (IM) service providers), and anonymous participants in conferences, depending on how you configure external user access.
Deploying an Edge Server or Edge pool is the first step to supporting external users. For details about deploying Edge Servers, see Deploying Edge Servers in the Deployment documentation.
After completing the setup of an Edge Server or Edge pool, you must enable the types of external user access that you want to support and configure support for the external users that your organization wants to support. In Lync Server 2010, you enable and configure external user access using the Lync Server Control Panel and the Lync Server Management Shell. For details about these management tools, see Lync Server Control Panel in the Operations documentation, Lync Server Management Shell in the Operations documentation, Lync Server Control Panel in the Operations documentation, and Install Lync Server Administrative Tools in the Operations documentation.
To support external user access, you must do both of the following:
- Enable support for your organization. To enable support for
external user access in your deployment, you enable each type
external user access that you want to support. You enable and
disable support for external user access Lync Server 2010 Control
Panel by editing the global settings on the Access Edge
Configuration page in the External User Access group.
Enabling support for external user access specifies that your
servers running the Lync Server Access Edge service support
communications with external users, but external users cannot
communicate with internal users until you also configure at least
one policy to manage the use of external user access. External
users cannot communicate with users of your organization when
external user access is disabled or if no policies are configured
to support it.
- Configure and assign one or more policies to support external
user access, which can include the following.
- External user access policies, which you can create and
configure to control use of one or more types of external user
access, including access for your remote users, access by users of
federated domains, and access for users of supported public IM
service providers. You configure external user policies in Lync
Server 2010 Control Panel using the global policy and, optionally,
one or more site and user policies, on the External Access
Policy page in the External User Access group. The
global policy is created when you first deploy an Edge Server or
Edge pool and cannot be deleted. You create and configure any site
and user policies that you want to use to limit external user
access to specific sites or users. Global and site policies are
automatically assigned. If you create and configure a user policy,
you must then assign it to the specific users or users groups to
whom you want it to apply. Each external user access policy can
support one or more of the following: remote user access, federated
user access, and public IM connectivity.
- Conferencing policies, which you can create and configure to
control conferencing in your organization, including which users in
your organization can invite anonymous users to conferences that
they host. After creating a conferencing policy and enabling
support for anonymous users in the policy, you must then assign the
policy to the specific users or user groups that need to be able to
invite anonymous users to their conferences.
- External user access policies, which you can create and
configure to control use of one or more types of external user
access, including access for your remote users, access by users of
federated domains, and access for users of supported public IM
service providers. You configure external user policies in Lync
Server 2010 Control Panel using the global policy and, optionally,
one or more site and user policies, on the External Access
Policy page in the External User Access group. The
global policy is created when you first deploy an Edge Server or
Edge pool and cannot be deleted. You create and configure any site
and user policies that you want to use to limit external user
access to specific sites or users. Global and site policies are
automatically assigned. If you create and configure a user policy,
you must then assign it to the specific users or users groups to
whom you want it to apply. Each external user access policy can
support one or more of the following: remote user access, federated
user access, and public IM connectivity.
You can configure external user access settings, including any policies that you want to use to control external user access, even if you have not enabled external user access for your organization. However, the policies and other settings that you configure are in effect only when you have external user access enabled for your organization. External users cannot communicate with users of your organization when external user access is disabled or if no external user access policies are configured to support it.
Your edge deployment authenticates the types of external users and controls access based on how you configure your edge support. In order to control communications across the firewall, you can configure one or more policies and configure other settings that define how users inside and outside your firewall communicate with each other. This includes the default global policy for external user access, in addition to site and user policies that you can create and configure to enable one or more types of external user access for specific sites or users.
