Office Communications Server 2007 R2 introduces the capability for enterprise users both inside and outside the firewall to create and join real-time Web conferences that are hosted on internal Office Communications Server 2007 R2 servers. Enterprise users can also invite external users who do not have an Active Directory Domain Services account to participate. Users who are employed by federated partners with a secure and authenticated identity can also join conferences and, if promoted to do so, can act as presenters. Anonymous users cannot create or join a conference as a presenter, but they can be promoted to presenter after they join.
On-premises Web conferencing is built on top of the Office Communications Server basic security framework:
- All servers are trusted.
- All server connections are MTLS.
- All communications are encrypted.
- All users are authenticated.
Internal A/V Conferencing Servers in an expanded pool configuration connect to Front End Servers and Mediation Servers over MTLS. Internal Web Conferencing Servers connect to Front End Servers and the Web Conferencing Edge service over MTLS. On a Standard Edition server or in a consolidated pool configuration, conferencing servers are collocated on Front End Servers, but MTLS is still required for communication between the collocated components.
Enabling outside users to participate in on-premises Web conferences greatly increases the value of this feature, but it also entails some security risks. To address these risks, Office Communications Server provides the following additional safeguards:
- Participant roles determine conference control privileges.
- Participant types allow you to limit access to specific
- Defined meeting types determine which types of participants can
- Conference scheduling is restricted to users who have Active
Directory credentials in the internal network and are enabled for
Office Communications Server 2007 R2.
- Anonymous, that is, unauthenticated, users must present a
unique conference passwords and pass digest authentication to join
a meeting. Passwords are unique per conference.
Meeting participants fall into three groups, each with its own privileges and restrictions:
Organizer.The user who creates a meeting, whether impromptu
or by scheduling. An organizer must be an authenticated enterprise
user and have control over all end-user aspects of a meeting.
Presenter.A user who is authorized to present information at
a meeting, using whatever media is supported. A meeting organizer
is by definition also a presenter and determines who else can be a
presenter. An organizer can make this determination when a meeting
is scheduled or while the meeting is under way.
Attendee.A user who has been invited to attend a meeting but
who is not authorized to act as a presenter.
A presenter can also promote an attendee to the role of presenter during the meeting.
Meeting participants are also categorized by location and credentials. You can use both of these characteristics to specify which users can have access to specific meetings. Users can be divided broadly into internal and external users:
- Internal users have Active Directory credentials within the
enterprise and connect from locations inside the corporate
- External users are those who temporarily or permanently connect
to an enterprise from locations outside the corporate firewall.
They might have Active Directory credentials. Office Communications
Server 2007 R2 provides conferencing support for the following
types of external users:
- Remote usershave a persistent Active Directory identity within
the enterprise. They include employees who are working at home or
on the road, and others, such as employees of trusted vendors, who
have been granted enterprise credentials for their terms of
service. Remote users can create and join conferences and act as
- Federated users possess valid credentials with federated
partners and are therefore treated as authenticated by Office
Communications Server 2007 R2. Federated users can join conferences
and be promoted to presenters after they have joined the meeting,
but they cannot create conferences in enterprises with which they
- Anonymous users do not have an Active Directory identity and
are not federated with the enterprise. For conferencing, public
cloud users are treated as anonymous users.
- Remote usershave a persistent Active Directory identity within the enterprise. They include employees who are working at home or on the road, and others, such as employees of trusted vendors, who have been granted enterprise credentials for their terms of service. Remote users can create and join conferences and act as presenters.
Customer data shows that many conferences involve external users. Those same customers also want reassurance about the identity of external users before allowing those users to join a conference. As the following section describes, Office Communications Server 2007 R2 limits meeting access to those user types that have been explicitly allowed and requires all user types to present appropriate credentials when entering a meeting.
You can configure Office Communications Server 2007 R2 to support meetings that include the following types of users:
Internal users only.If you do not deploy edge servers, all
participants have persistent Active Directory identities within the
enterprise and can connect only from within your organization’s
Authenticated users only.All participants have Active
Directory identities within the enterprise or within a federated
enterprise, and they can connect from inside or outside your
Meetings that are open only to authenticated users can be one of two types:
Invite Within Network.All enterprise users can join the
meeting. They join as attendees unless they have been designated as
presenters by the meeting organizer. Federated users can join the
meeting as attendees if they are invited by the organizer.
Federated users cannot join the meeting as a presenter, but they
can be promoted to presenter during the meeting.
Invite Within Network (Restricted).Only users with valid
Active Directory credentials in the enterprise and who are on the
meeting organizer’s presenter and attendee lists are allowed to
attend a closed authenticated meeting. For example, a workgroup or
business unit might use this designation for its regularly
scheduled meeting. Federated and anonymous users are not permitted
to join this type of meeting.
Invite Anyone.A meeting to which anonymous users can be
invited. The meeting organizer must be authorized to invite
anonymous users to create a meeting of this type. Enterprise users
join as attendees unless they are designated as presenters by the
meeting organizer. Anonymous users join only as attendees, although
they can be promoted to the presenter role by the meeting organizer
after entering the meeting. To enter a meeting, anonymous users
must present a conference key, which they receive in an e-mail
meeting invitation. They must also pass digest authentication. For
details about digest authentication, see
for Office Communications Server 2007 R2.