If you configured access for federated partners during deployment, you do not need to do so again unless you want to change the access method for Access Edge services of any or all of your federated partners.
Using Office Communications Server 2007 R2, you can enable access by federated partners, including other organizations and audio conferencing providers (ACPs) who provide telephony integration for your organization. You can implement federation using the following methods:
- Allow discovery of federated partners. This is the default
option during initial configuration of an Access Edge service
because it balances security with ease of configuration and
management. For instance, when you enable discovery of federated
partners for your Access Edge service, Office Communications Server
2007 R2 automatically evaluates incoming traffic from discovered
federated partners and limits or blocks that traffic based on trust
level, amount of traffic, and administrator settings.
- Do not allow discovery of federated partners, and limit access
of federated partners to only those listed on the Allow list.
Connections with federated partners are allowed only if the
federated partner domain and, optionally, the partner’s Access Edge
service FQDN are listed in the Allow list. This method offers the
highest level of security, but it does not offer the ease of
management and other features that are available with automatic
discovery.
 Note: |
|---|
| To add an ACP, you must add both the domain and FQDN of the ACP
to the Allow list. For details about how to configure support for
an ACP, see “Office Communications Server 2007 Audio Conferencing
Providers” at
|
You can enable discovery of federated partners and add federated partners to the Allow list. Adding specific partners to the Allow list gives them a higher level of trust. If you enable discovery, your Access Edge service can search for federated partners other than the ones in the Allow list.
If you did not specify the appropriate federation method during Edge Server deployment or you now want to change the federation method, you can use one of the following two procedures to enable the appropriate method:
- To use discovery of Access Edge services, either with all
federated partners or only for specific federated partner domains,
use the first procedure in this section.
- To prevent discovery, which restricts federated partner access
to specific federated domains and their specified Access Edge
services, use the second procedure in this section.
To enable discovery of Edge
Servers of federated partners
-
On an Edge Server running the Access Edge service, open Computer Management.
-
In the console tree, expand Services and Applications, right-click Office Communications Server 2007 R2, and then click Properties.
-
On the Access Methodstab, do the following:
- Select the
Federate with other domainscheck box.
- Select the
Allow discovery of federation partnerscheck box.
- Select the
Federate with other domainscheck box.
-
To restrict DNS discovery of federated partners to Access Edge services in specific domains, on the Allowtab, click Add.
-
In the Add Federated Partnerdialog box, do the following:
- In
Federated partner domain name, type the name of the
federated partner domain for which you want to enable DNS-based
discovery of the Access Edge service FQDN. This name should be
unique and should not already exist in the Allow list for this
Access Edge service. The name cannot exceed 256 characters in
length.
- To provide the highest level of trust, type the name of each
individual Access Edge service in the
Federated partner Access Edge Serverbox. If you add server
names to the list, discovery is not limited to the names that you
add, but the names that you add have a higher trust level than
names that are not in the list.
- In
Federated partner domain name, type the name of the
federated partner domain for which you want to enable DNS-based
discovery of the Access Edge service FQDN. This name should be
unique and should not already exist in the Allow list for this
Access Edge service. The name cannot exceed 256 characters in
length.
-
Repeat steps 4 and 5 for each federated partner you want to add to your Allow list.
To restrict federated partner
access to specific Edge Servers
-
On an Edge Server running the Access Edge service, open Computer Management.
-
In the console tree, expand Services and Applications, right-click Office Communications Server 2007 R2, and then click Properties.
-
On the Access Methodstab, do the following:
- Select the
Federate with other domainscheck box.
- Clear the
Allow discovery of federation partnerscheck box.
- Select the
Federate with other domainscheck box.
-
On the Allowtab, click Add.
-
In the Add Federated Partnerdialog box, do the following:
- In
Federated partner domain name, type the name of the external
SIP domain of the federated partner that you want to add to your
Allow list. This name should not already exist in the Allow list
for this Access Edge Server. The name cannot exceed 256 characters
in length.
- In the
Federated partner Access Edge Serverbox, type the FQDN of
each Access Edge service that you want to add to your Allow list.
- In
Federated partner domain name, type the name of the external
SIP domain of the federated partner that you want to add to your
Allow list. This name should not already exist in the Allow list
for this Access Edge Server. The name cannot exceed 256 characters
in length.
-
Repeat steps 4 and 5 for each federated partner you want to add to your Allow list.