The Director is a special configuration mode of either Standard Edition or Enterprise Edition Server and is not used to home any users. Directors are used to authenticate enterprise users connecting from outside the corporate firewall and to route these users to their home pools. By design, Edge Servers do not communicate with Active Directory. Therefore, pairing them up with Directors inside the enterprise network for purposes of authentication helps defend against distributed Internet attacks, where attackers are posing as remote users. If authentication fails on the Director, the unauthenticated traffic is halted and dropped before it reaches an internal home server.

Best Practices

Deploy a Director as the next-hop internal server for the Edge Server.
Deploy a Director on a dedicated computer (a Standard Edition server can be used).
Configure the Director as the first point of authentication for SIP traffic from outside users.
Configure the Director to monitor all outside user traffic for security auditing.

Microsoft Office Communications Server 2007 R2

Director