The sessions between clients and the Communicator Web Access server can be secured through session time-outs and encryption. This section discusses ways to secure sessions between the client and Communicator Web Access.
In Communicator Web Access, the same token is used for the session token and the authentication token. You can secure tokens by using short time-outs on Communicator Web Access virtual servers that service external requests. You can set different time-out values for public and private computers in the external virtual server’s properties.
The following are the requirements and recommendations regarding encryption:
- You must use TLS/MTLS for all communications between
Communicator Web Access servers and servers that are running Office
Communications Server 2007 R2.
- You should always use HTTPS unless SSL offloading is used for
performance reasons and effective security safeguards are in place.
- You may use HTTP for communications between a hardware load
balancer or other device and the Communicator Web Access server if
SSL offloading is used for performance reasons. In this case, the
physical link should be secured.
- Do not use HTTP between the client and the Communicator Web