• Article

Configuring Access for Federated Partners

Topic Last Modified: 2009-03-04

If you configured access for federated partners during deployment, you do not need to do so again unless you want to change the access method for Access Edge services of any or all of your federated partners.

Using Office Communications Server 2007 R2, you can enable access by federated partners, including other organizations and audio conferencing providers (ACPs) who provide telephony integration for your organization. You can implement federation using the following methods:

  • Allow discovery of federated partners. This is the default option during initial configuration of an Access Edge service because it balances security with ease of configuration and management. For instance, when you enable discovery of federated partners for your Access Edge service, Office Communications Server 2007 R2 automatically evaluates incoming traffic from discovered federated partners and limits or blocks that traffic based on trust level, amount of traffic, and administrator settings.
  • Do not allow discovery of federated partners, and limit access of federated partners to only those listed on the Allow list. Connections with federated partners are allowed only if the federated partner domain and, optionally, the partner’s Access Edge service FQDN are listed in the Allow list. This method offers the highest level of security, but it does not offer the ease of management and other features that are available with automatic discovery.

Note

To add an ACP, you must add both the domain and FQDN of the ACP to the Allow list. For details about how to configure support for an ACP, see “Office Communications Server 2007 Audio Conferencing Providers” at https://go.microsoft.com/fwlink/?LinkId=144562.

You can enable discovery of federated partners and add federated partners to the Allow list. Adding specific partners to the Allow list gives them a higher level of trust. If you enable discovery, your Access Edge service can search for federated partners other than the ones in the Allow list.

If you did not specify the appropriate federation method during Edge Server deployment or you now want to change the federation method, you can use one of the following two procedures to enable the appropriate method:

  • To use discovery of Access Edge services, either with all federated partners or only for specific federated partner domains, use the first procedure in this section.
  • To prevent discovery, which restricts federated partner access to specific federated domains and their specified Access Edge services, use the second procedure in this section.

To enable discovery of Edge Servers of federated partners

  1. On an Edge Server running the Access Edge service, open Computer Management.

  2. In the console tree, expand Services and Applications, right-click Office Communications Server 2007 R2, and then click Properties.

  3. On the Access Methods tab, do the following:

    • Select the Federate with other domains check box.
    • Select the Allow discovery of federation partners check box.

  4. To restrict DNS discovery of federated partners to Access Edge services in specific domains, on the Allow tab, click Add.

  5. In the Add Federated Partner dialog box, do the following:

    • In Federated partner domain name, type the name of the federated partner domain for which you want to enable DNS-based discovery of the Access Edge service FQDN. This name should be unique and should not already exist in the Allow list for this Access Edge service. The name cannot exceed 256 characters in length.
    • To provide the highest level of trust, type the name of each individual Access Edge service in the Federated partner Access Edge Server box. If you add server names to the list, discovery is not limited to the names that you add, but the names that you add have a higher trust level than names that are not in the list.

  6. Repeat steps 4 and 5 for each federated partner you want to add to your Allow list.

To restrict federated partner access to specific Edge Servers

  1. On an Edge Server running the Access Edge service, open Computer Management.

  2. In the console tree, expand Services and Applications, right-click Office Communications Server 2007 R2, and then click Properties.

  3. On the Access Methods tab, do the following:

    • Select the Federate with other domains check box.
    • Clear the Allow discovery of federation partners check box.

  4. On the Allow tab, click Add.

  5. In the Add Federated Partner dialog box, do the following:

    • In Federated partner domain name, type the name of the external SIP domain of the federated partner that you want to add to your Allow list. This name should not already exist in the Allow list for this Access Edge Server. The name cannot exceed 256 characters in length.
    • In the Federated partner Access Edge Server box, type the FQDN of each Access Edge service that you want to add to your Allow list.

  6. Repeat steps 4 and 5 for each federated partner you want to add to your Allow list.