Topic Last Modified: 2011-03-26

Enterprise Voice is the software-based VoIP solution available in Microsoft Lync Server 2010. Enterprise Voice uses VoIP for both internal calls and for connecting to traditional telephone networks. Because internal VoIP calls, like IM, are all encrypted, security concerns that are specific for VoIP focus on the transfer of calls to and from the unencrypted public switched telephone network (PSTN).

Enterprise Voice requires two devices to provide VoIP connectivity with the PSTN:

If you choose to configure the link between a media gateway and the Mediation Server for TCP, that link becomes a potential security loophole because the signaling is unencrypted. Nevertheless, some currently available devices with connectivity to the PSTN do not support MTLS, so a TCP connection to the Mediation Server may be required until such time as you are able to upgrade your device. The recommended mitigation for this potential vulnerability is to deploy the Mediation Server in its own subnet by installing a two network interface cards, each with a separate IP address in a separate subnet with a separate port setting. One card serves as the Mediation Server’s internal edge, listening for TLS traffic from internal servers. The second card acts as the Mediation Server’s external edge, listening for TCP traffic from the media gateway. Using two dedicated listening addresses ensures the clear separation between trusted traffic originating in the Lync Server 2010 network and untrusted traffic from the PSTN. For details about the necessity for two dedicated, non-routed subnets, see Communications Server Mediation Server: Dual NIC Issue at

In This Section