[This is pre-release documentation and subject to change in future releases. This topic's current status is: Milestone-Ready]

Topic Last Modified: 2010-07-19

Effective planning for external user access requires that you take into account the following:

Deployment Prerequisites for External User Access

Before you deploy your perimeter network and implement support for external users, you must already have deployed your Microsoft Communications Server 2010 internal servers, including an Enterprise pool or a Standard Edition server, as well as the Central Management Server. If you plan to deploy Directors in your internal network, you should also deploy them prior to deploying Edge Servers. For details about the Director deployment process, see Director in the Planning documentation.

Deployment Process for Edge Servers

The following table provides an overview of the Edge Server deployment process. For details about deployment steps, see Deploying Edge Servers in the deployment documentation.

Note:
The focus of the information in the following table is on a new deployment. If you have deployed Office Communications Server 2007 R2 or Office Communications Server 2007 Edge Servers, see the migration and coexistence documentation for details about migrating to Communications Server 2010. Migration is not supported from any version prior to Office Communications Server 2007, including Live Communications Server 2005, and Live Communications Server 2003.

Edge Server Deployment Process

Phase Steps Permissions Documentation

Create the appropriate edge topology and determine appropriate components
  1. Run the Planning Tool and Topology Builder to configure edge settings and create and publish the topology, and then use Windows PowerShell to export the topology configuration file (for each site where Communications Server 2010 is to be deployed).

Domain Admins group and RTCUniversalServerAdmin group

Note:
You can define a topology using an account that is a member of the local users group, but publishing and enabling a topology requires an account that is a member of the Domain Admins group and the RTCUniversalServer Admin group.

Using the Planning Tool to Design the Topology (Optional) in the edge Deployment documentation

Prepare for setup.
  1. Ensure that system prerequisites are met.

  2. Configure interfaces and IP addresses on each edge server.

  3. Configure internal and external DNS records, including configuring the DNS suffix on the computer to be deployed as an Edge Server.

  4. Configure firewalls.

  5. (Optional) Create and install public certificates. The time required to obtain certificates is dependent on which CA issues the certificate. If you do not do this step at this point, you must do it during Edge Server installation, but the Edge Server service cannot be started until certificates are obtained.

  6. Provision support for public IM connectivity, if your deployment is to support communications with Windows Live, AOL, or Yahoo! users.

As appropriate to your organization

Preparing for Installation of Servers in the Perimeter Network in the edge Deployment documentation

Set up reverse proxy.
  1. Set up the reverse proxy (for example, for Forefront Threat Management Gateway 2010 or ISA Server 2006 with SP1) in the perimeter network, obtain the necessary public certificates, and configure the Web publishing rules on the reverse proxy server

Administrators group

Setting Up Reverse Proxy Servers in the edge Deployment documentation

Setup a Director (recommended)
  1. (Optional) Install and configure one or more Directors in the internal network.

Administrators group

Adding a Director to the Enterprise Pool in the edge Deployment documentation

Set up Edge Servers.
  1. Install prerequisite software.

  2. Transport the previously exported topology configuration file to each Edge Server.

  3. Install the Communications Server 2010 software on each Edge Server.

  4. Configure the Edge Servers.

  5. Request and install certificates for each Edge Server.

  6. Start the Edge Server services.

Administrators group

Setting Up Edge Servers in the edge Deployment documentation

Configure support for external user access.
  1. Use the Communications Server Control Panel to configure support each of the following (as applicable):

    • Remote user access

    • Federation

    • Public IM connectivity

    • Anonymous users

  2. Configure user accounts for remote user access, federation, public IM connectivity, and anonymous user support (as applicable).

Administrators group

Configuring Support for External User Access in the edge Deployment documentation

Verify your edge configuration.
  1. Verify server connectivity and replication of configuration data from internal servers.

  2. Verify that external users can connect, including remote users, users in federated domains, public IM users, and anonymous users, as appropriate to your deployment.

Administrators group

Verifying Your Edge Deployment in the edge Deployment documentation