To enhance Edge Server performance and security, as well as to facilitate deployment, use the following guidelines when deploying your perimeter network and Edge Servers:
- Deploy Edge Servers only after you have finished deploying
Office Communications Server 2007 R2 inside your organization.
- Deploy Edge Servers in a workgroup rather than a domain. Doing
so simplifies installation and keeps Active Directory Domain
Services (AD DS) out of the perimeter network. Locating
AD DS in the perimeter network can present a significant
security risk.
- Deploy your Edge Servers in a staging or lab environment before
you deploy them in your production environment. Deploy them in your
perimeter network only when you are satisfied that the test
deployment meets your requirements and that it can be incorporated
successfully in a production environment.
- Deploy Edge Servers on dedicated computers that do not run
anything that is not required. This includes disabling unnecessary
services and running only essential programs on the computer, such
as programs embodying routing logic that are developed by using
Microsoft SIP Processing Language (MSPL) and the Office
Communications Server API.
- Enable monitoring and auditing as early as possible on the
computer.
- Use a computer that has two network adapters to provide
physical separation of the internal and external network
interfaces.
- Deploy the Edge Server between two firewalls (an internal
firewall and an external firewall) to ensure strict routing from
one network edge to the other.