The Director is a special configuration mode of either Standard Edition or Enterprise Edition Server and is not used to home any users. Directors are used to authenticate enterprise users connecting from outside the corporate firewall and to route these users to their home pools. By design, Edge Servers do not communicate with Active Directory. Therefore, pairing them up with Directors inside the enterprise network for purposes of authentication helps defend against distributed Internet attacks, where attackers are posing as remote users. If authentication fails on the Director, the unauthenticated traffic is halted and dropped before it reaches an internal home server.
Best Practices
- Deploy a Director as the next-hop internal server for the Edge
Server.
- Deploy a Director on a dedicated computer (a Standard Edition
server can be used).
- Configure the Director as the first point of authentication for
SIP traffic from outside users.
- Configure the Director to monitor all outside user traffic for
security auditing.