Topic Last Modified: 2011-04-12
You have probably already taken steps to design fault tolerance in your system, using practices such as ensuring hardware redundancy, guarding against power loss, routinely installing security updates and antivirus measures, and Monitoring Server activity. These practices benefit not only your Microsoft Lync Server 2010 infrastructure, but also your entire network. If you have not implemented these practices, we recommend that you do so before deploying Lync Server 2010.
To help protect the servers in your Lync Server 2010 deployment from accidental or purposeful harm that might result in downtime, take the following precautions:
- Keep your servers up-to-date with security updates. Subscribing
to the Microsoft Security Notification Service helps ensure that
you receive immediate notification of security bulletin releases
for any Microsoft product. To subscribe, go to the Microsoft
Technical Security Notifications website at http://go.microsoft.com/fwlink/?LinkId=145202.
- Ensure that access rights are set up correctly.
- Keep your servers in a physical environment that prevents
unauthorized access. Ensure that adequate antivirus software is
installed on all your servers. Keep the software up-to-date with
the latest virus signature files. Use the automatic update feature
of your antivirus application to keep the virus signatures
- We recommend that you disable the Windows Server 2008 or
Windows Server 2008 R2 operating system services that are not
required on the computers where you install Lync Server 2010.
- Encrypt operating systems and disk drives where data is stored
with a full-volume encryption system, unless you can guarantee
constant and complete control of the servers, total physical
isolation, and proper and secure decommissioning of replaced or
failed disk drives.
- Disable all external Direct Memory Access (DMA) ports of the
server, unless you can guarantee very tight control over the
physical access to the servers. DMA-based attacks, which can be
initiated fairly easily, could expose very sensitive information,
such as private encryption keys.