MSFT_SIPEnhancedFederationConnectionLimitsData
This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.
Represents information about open federation partners who have been classified as suspicious by Access Edge Server.
MSFT_SIPEnhancedFederationConnectionLimitsData
The following syntax is simplified from Managed Object Format (MOF) code and includes all inherited properties. Properties are listed in alphabetic order, not MOF order.
Syntax
class MSFT_SIPEnhancedFederationConnectionLimitsData
{
string CertIssuer;
string CertSN;
string[] Domains;
[key] string InstanceID;
boolean MarkedForDeletion;
string SubjectName;
string ThrottlingMode;
};
Methods
This class does not define any methods.
Properties
The MSFT_SIPEnhancedFederationConnectionLimitsData class has the following properties.
CertIssuer
Data type: stringAccess type: Read/Write
Required. The name of the certificate authority that issued the certificate for the federated partner.
The value of this property is not case-sensitive.
CertSN
Data type: stringAccess type: Read/Write
Required. The serial number of the certificate.
The value of this property is not case-sensitive.
Domains
Data type: string[]Access type: Read/Write
Required. A list of the federated partner domains that the remote peer has used.
Also referred to as the "watch" list. The values of this property are not case-sensitive.
The values must be SIP domains. IP addresses are not allowed.
InstanceID
Data type: [key] stringAccess type: Read-only
Required. A GUID value that uniquely identifies an instance of this class.
The GUID must be encapsulated between the "{" and "}" braces; for example: "{01234567-0123-4567-89AB-CDEF01234567}".
MarkedForDeletion
Data type: booleanAccess type: Read/Write
Reserved.
SubjectName
Data type: stringAccess type: Read/Write
Required. The subject name of the certificate for the federated partner.
The value of this property is not case-sensitive.
ThrottlingMode
Data type: stringAccess type: Read/Write
Required. Specifies the condition under which an icon is displayed on the watch list in the Microsoft Management Console (MMC).
The value of this property is not case-sensitive.
Value
Description
high
Displayed when either Access Edge Server has detected suspicious traffic on the connection or the federated partner has sent requests to more than 1000 URIs (valid or invalid) in the local domain.
medium
Displayed when Access Edge Server has detected suspicious traffic on the connection and the federated partner has sent requests to more than 1000 URIs (valid or invalid) in the local domain.
Remarks
This class gets and sets information at the following level: WMI.
When using automatic (DNS-based) discovery of federated partners, Access Edge Server monitors incoming federated traffic and takes precautionary action in the following situations:
If Access Edge Server detects suspicious traffic on a connection
If a federated partner sends requests to more than 1000 URIs (valid or invalid) in the local domain
If the federated peer is approaching the limits of 20 messages per second for sustained periods
Access Edge Server evaluates suspicious traffic by calculating the ratio of failed responses to successful responses. A high ratio of failed responses can indicate server misconfiguration, transient network issues, or malicious activity. In this situation, Access Edge Server takes the following actions:
Adds the FQDN of the federated domain from which the traffic originates to the list in the Domains property (the "watch" list)
Limits the federation partner to a message rate of 1 message per second
Situations in which either the number of URIs targeted in the local domain or the number of messages per second on a single connection is high can indicate a possible directory attack. In these situations, Access Edge Server takes the following actions:
Adds the FQDN of the federated domain from which the traffic originates to the list in the Domains property (the "watch" list)
Blocks any additional requests from the federation partner to new URIs not covered by the original 1000
To avoid limiting or blocking legitimate traffic from legitimate federated partners, add those partners to the Allow list.
After configuring federation, you can use Office Communications Server 2007 R2 administrative tools to monitor and manage federated partner access on an ongoing basis. For more information, see the Microsoft Office Communications Server Administration Guide.
Important
Remove federated partner domain names from the watch list only after either adding the domain names to the Allow list or blocking the domains or certificates.
Instances of this class support the following interface methods:
Provider::DeleteInstance();
Provider::EnumerateInstances();
Provider::GetObject();
Provider::PutInstance();
Where PutInstance() supports the following flags:
WBEM_FLAG_CREATE_ONLY
WBEM_FLAG_UPDATE_ONLY
WBEM_FLAG_CREATE_OR_UPDATE
Requirements
Server: Installed on computers serving the following role: Access Edge Server.
Namespace: Defined in \root\cimv2.
See Also
Concepts
MSFT_SIPFederationPartnerTable