An authorized host is a server, client, or gateway that you explicitly designate as trusted. For example, an authorized host might be a server or client that has already performed authentication but does not appear on the trusted server list. Or it might be an IP-PSTN gateway or other entity that does not perform authentication but can be trusted anyway. When specifying an authorized host, you need to specify the following:
- Server. You can identify the server using either the fully
qualified domain name (FQDN) or the IP address.
- Settings. You can specify the following settings for each
authorized host:
- Outbound only. This specifies that a server in this pool can
only make outbound connections to the authorized host. If you
select this option, the authorized host cannot open a connection to
the servers in this pool. If you do not select this option, the
remote authorized host can open connections to the servers in this
pool. This setting is only used in conjunction with a static route.
- Throttle as server. This specifies that connections made to the
authorized host are throttled as though the authorized host is a
server instead of a client computer. If you select this option, the
authorized host is throttled as a server, which means that greater
throughput to the authorized host is enabled than is allowed for
client connections. If you do not select this option, the
authorized host is throttled as a client, which means that greater
restrictions are imposed on the connection.
- Treat as authenticated. This specifies that connections made to
the authorized host are considered to have already been
authenticated and, therefore, are not challenged by the servers in
the pool. If you select this option, you should mitigate the risks
by implementing additional security measures, such as a firewall or
Internet Protocol security (IPsec), around the authorized host.
- Outbound only. This specifies that a server in this pool can
only make outbound connections to the authorized host. If you
select this option, the authorized host cannot open a connection to
the servers in this pool. If you do not select this option, the
remote authorized host can open connections to the servers in this
pool. This setting is only used in conjunction with a static route.
To add or edit an authorized host
for a Standard Edition server or an Enterprise pool
-
Open the Office Communications Server 2007 R2 snap-in.
-
In the console tree, expand the forest node, and then do one of the following:
- For an Enterprise pool, expand
Enterprise pools, right-click the pool, click
Properties, and then click
Front End Properties.
- For a Standard Edition server, expand
Standard Edition servers, right-click the name of the pool,
click
Properties, and then click
Front End Properties.
- For an Enterprise pool, expand
Enterprise pools, right-click the pool, click
Properties, and then click
Front End Properties.
-
Click the Host Authorizationtab.
-
On the Host Authorizationtab, do one of the following:
- To add an authorized host, click
Add.
- To change the configuration an authorized host, click the
authorized host, and then click
Edit.
- To add an authorized host, click
Add.
-
In the Add Authorized Hostor Edit Authorized Hostdialog box, specify the appropriate information:
- Under
Server, click
FQDNand type the FQDN of the authorized host, or click
IP addressand type the IP address of the authorized host.
Specify the FQDN of the authorized host if you configured a static
route on the pool that specifies the next hop computer by its FQDN.
Specify the IP address of the authorized host if you configured a
static route on the pool that specifies the next hop computer by
its IP address. The IP address 0.0.0.0 is not allowed. Multicast
addresses ranging from 224.0.0.0 to 239.255.255.255 are also not
allowed. All other IP addresses are allowed.
- Under
Settings, select the check boxes of the options that you
want to implement (
Outbound Only,
Throttle As Server, and
Treat As Authenticated). If you select the
Treat As Authenticatedoption, you should implement
additional security measures (such as a firewall or IPsec) around
the authorized host.
- Under
Server, click
FQDNand type the FQDN of the authorized host, or click
IP addressand type the IP address of the authorized host.
Specify the FQDN of the authorized host if you configured a static
route on the pool that specifies the next hop computer by its FQDN.
Specify the IP address of the authorized host if you configured a
static route on the pool that specifies the next hop computer by
its IP address. The IP address 0.0.0.0 is not allowed. Multicast
addresses ranging from 224.0.0.0 to 239.255.255.255 are also not
allowed. All other IP addresses are allowed.