baea3779ad92ceddeb66264ec0d399cc.ppt
- Количество слайдов: 46
Develop Enterprise Communication with Live Communications Server 2005
Prerequisite Knowledge • • Active Directory DNS PKI SQL Level 300
Agenda • • • Overview of Live Communications Server 2005 Differences in versions and editions Server Roles Preparing Active Directory Deploying and Managing Server Active Directory Topology Telephony Topology Remote Access Topology Federation Topology Remote Call Control Topology Archiving Topology
Live Communications Server 2005 Real-Time Collaboration Capabilities Integration Connect People Connect with other businesses Public IM networks Remote Users Find Subject Experts Share. Point Portal Microsoft Office Programs Telephony Windows Active Directory Exchange Server Reduce Cost Keep Data Safe Encryption and authentication Meet regulatory commitments Logging and Reporting Enable real-time decision making Reduce email storage Reduction in VPN/RAS Reduction in phone use
Overview • • Enterprise Instant Messaging Uses SIP (Session Initiation Protocol) Uses TLS (Transport Layer Security) Both SMB and Enterprise Solutions – LCS 2005 Standard Edition – LCS 2005 Enterprise Edition • Integrated with the Office System – Office 2003 – Share. Point – Live Meeting • Integrated with Active Directory
Live Communications Server 2005 Secure • • Windows AD Integration Transport Layer Security (TLS) connections Audio/Video privacy using RTP/LCP encryption Kerberos and NTLM for client authentication Manageable • • • Familiar Windows based management tools – WMI/MMC/MOM Manage users, servers, and global settings Group policy object support for a controlled rollout • • • SDK for Clients and Servers enable the building of compelling apps and solutions – creating a broad ecosystem Supporting a Store, Registrar, and a high-end Presence Engine Access to the SIP routing engine Connected • • Encrypted and managed enterprise to enterprise LCS Federation Managed connectivity to public IM clouds (MSN, AOL, Yahoo) IT administered “Safe User Lists” to control external connectivity Remote User Scenario – No VPN required Enterprise Grade • • Distributed, two-tiered architecture for scale and fault tolerance SQL Server storage for clustering and disaster recovery support Scalable deployment with new topologies “pool architecture” SAN support Extensible
Differences in Version
LCS 2003 • • • IM and presence Standard Edition Standards protocols (SIP and SIMPLE) Controlled SIP namespace Encryption Centralized management Integration with Active Directory Integration with Microsoft Office 2003 Archiving – logging of messages Customizable client using XML
LCS 2005 • • • Enterprise Edition High availability Remote user access Direct Federation Clearing house Active Directory topology support: – Resource forest – Central forest – Multi-tree forest
LCS 2005 SP 1 • • Enhanced Federation PIC – public IM connectivity Remote call control Address Book Service
Differences in Editions
Standard vs Enterprise Edition • Single computer configuration • MSDE • Single point of failure • Max 15, 000 active users • Multiple computer configuration • SQL server • No single point of failure • Max 125, 000 active users per pool • High availability • SQL clustering
Server Roles • Standard Edition Server • Director • Enterprise Pool – Hardware Load Balancer – Front-End Servers – SQL Back-End Server • Access Proxy • Branch Proxy • Archiving Service
Standard Edition Server • • Single computer installation Supports up to 15 k active users User’s data stored in MSDE Acts as a Director when no users are homed on it • Director proxies external SIP connections to the user’s server or pool
Enterprise pool • • • Multiple computer installation Supports up to 125 k active users Requires hardware load balancer User’s data stored in SQL Provides fault tolerance through redundant front-end servers Supports clustering of SQL back -end server
Access Proxy • Deployed in the network perimeter • Hardened against security attacks • Terminates TLS and MTLS connections • Controls Federation and Remote Access settings Internet Firewall Load balancer Firewall Corporate Network
A Example of LCS 2005 Topology
Preparing Active Directory 1. 2. 3. 4. Extending the Schema Running Forest Prep Running Domain Add Prep
Schema Extensions • Schema extension – 7 new classes – 22 new attributes • Causes Windows 2000 Global Catalogs (GC) to rebuild
Schema Extensions Objects: Attributes: • User • Contact • • • ms. RTCSIP-Primary. User. Address ms. RTCSIP-User. Enabled ms. RTCSIP-Target. Home. Server ms. RTCSIP-Originator. SID ms. RTCSIP-Primary. Home. Server ms. RTCSIP-Federation. Enabled (LCS 2005) ms. RTCSIP-Internet. Access. Enabled (LCS 2005) ms. RTCSIP-Archiving. Enabled (LCS 2005) ms. RTCSIP-Option. Flags (SP 1) ms. RTCSIP-Line. Server (SP 1) ms. RTCSIP-User. Extension
Schema Extensions Objects: Attributes: • Computer • • ms. RTCSIP-Enterprise. Server. Settings ms. RTCSIP-Enterprise. Services ms. RTCSIP-Pool. Address (LCS 2005) ms. RTCSIP-Server. Data
Schema Extensions Objects: Attributes: • Pool • • ms. RTCSIP-Pool. Display. Name (LCS 2005) ms. RTCSIP-Back. End. Server (LCS 2005) ms. RTCSIP-Pool. Type (LCS 2005) ms. RTCSIP-Pool. Version (SP 1) dns. Host. Name (LCS 2005) ms. RTCSIP-Pool. Data ms. RTCSIP-Pool. Service (LCS 2005) ms. RTCSIP-Front. End. Servers (LCS 2005)
Forest Prep • • • Run once per forest Run on the root domain Creates global settings
Domain Prep • Run on every domain hosting LCS • Creates new domain groups – – – RTCDomain. Server. Admins RTCDomain. User. Admins RTCHSDomain. Services • Sets permissions for these accounts at the root domain
Domain. Add Prep • • Cross domain administration Child domain access to Enterprise Objects Hosting users from other domains Run on – Root domain – User only domains • Gives permissions to the following groups – RTCDomain. Server. Admins to home users – RTCHSDomain. Services to read user attributes
Asking to Extend Schema
Piloting Live Communications Server Corporate Forest
Permissions • RTCDomain. User. Admins – Global Security Group – Must be a member to administer users across domains • RTCDomain. Server. Admins – Global Security Group – Used to administer servers across domains • RTCHSDomain. Services – Global Security Group – Must be a member to install and activate servers
demonstration Deploying and Managing Live Communications Server 2005
Management Capabilities MMC / WMI Active Directory Users and Computer snap-in Admin Tools Performance monitoring Wizard based tasks WMI interface for scripting SQL Highly available Meet regulatory commitments Logging and Reporting Active Directory Integration by extending AD Performs authentication Performs authorization MOM Enable real-time monitoring Management pack available
Live Communications Server 2005 Administration – Resource View Server and Server Pool Management Task pane List of Technical Documentation
Live Communications Server 2005 Administration – Performance View
Active Directory Topology • Single Forest – Multiple Domains – Multi-Tree Forest • Multiple Forests – Resource Forest – Central Forest
Resource Forest Disabled users Resource Forest
Central Forest MIIS contacts Central Forest
Telephony Topology
SIP to PSTN SIP MTLS PSTN Static route PBX SIP/PSTN gateway SIP Proxy
Remote Access Topology
Remote User Firewall: port 443 or 5061 DMZ Director Pool TLS MTLS (NTLM challenge) Access Proxy AD
Federation Topology • Direct • Enhanced • Public Instant Messaging Connectivity • Clearing house
Direct Federation Pool MTLS AD Enterprise A Access Proxy MTLS DNS Pool MTLS AD Enterprise B
Enhanced Federation Go from this in LCS 2005…to this with SP 1!
Enhanced Federation Supplier Contoso DNS MTLS Joe Bob 1. Is Supplier. com in the block list? NO 2. Look-up SIPFederation. TLS. _TCP. supplier. com – Verify that AP name matches domain name 3. Establish MTLS connection and verify certificate SN
Public Instant Messaging Connectivity With MSN, AOL, Yahoo Enterprise A LCS 2005 Access Proxy LCS 2005 LCS Client • • LCS Client A top customer-requested scenario Brings together corporate IM and public IM No 3 rd party gateways/software required One desktop client LCS 2005 Access Proxy SIP Proxy LCS 2005 Access Proxy
Clearing house F Contoso D Routing table on the AP: Domain Default route: Block: Next hop AP. Clear D. com G. com E Clearing house
Summary • Considerations before deploying – Active Directory infrastructure – Geographic distribution of users – Network bandwidth between geographies • Feature requirements • Up-time