Microsoft Unified Communications

Brett Johnson

UC Technical Specialist

Microsoft UK

http://blogs.technet.com/brettjo

www.brettjo.com

Unified Communications - “Secure?”

YES

The foundation of UC

Connect the Right WayReduced Overload

User-Centric Communication Single User Identity

Identity And Presence At The Core

Voice (Unified Messaging, Enhanced VoIP)

Unified CommunicationsBuilding the Foundation

Conferencing

Exchange 2007 Architecture

DMZ Intranet

Edge

Server

Ex2007

Server

Messaging at Microsoft (MSIT)

• 3 Locations worldwide – US, EMEA, APAC

• 16.5m msgs/day arrive from the Internet (115m/week)

– 12.6m filtered as spam by Connection Filtering

– ~350,000 messages were rejected by the IMF

– ~66,000 messages were routed to user Junk Email Folders

• 1.3m messages were delivered to user Inboxes

– 91.92% spam

– 2.4 million internal messages received

– 2.5 million internal messages sent

Ports 443 (993 / 995)

20 October 2008 | Page 10

Exchange Anywhere Access

“By 2007 “telework” will be practiced by more than 60 million people…”- Gartner Management Update 2004

Built-in: No special server or services requiredRich access for the many, not the few

Evolution of Unified Communications :

Traditional

External phone

Phone company’s Central Office

Traditional PBX

Internal phones

Voice Mail

Exchange Servers

Active Directory

Internal phones

LCS 2005

IM

Exchange 2003

Email/Cal/Contacts

LCS ServersOffice

Communicator IM

ActiveSync/Outlook/OWA

Full Microsoft UC Deployment

External phone

Phone company’s Central Office

• Exchange 2007 Servers

• Mailbox

• CAS

• Hub Transport

Active Directory

OC

Unified Messaging Server(s)

Advanced GW

PhonesOCS/UM VoIP

Gateway

ActiveSync/Outlook/OWA

Office Communications Server 2007

IM

VoIP

MCU

Exchange 2007

Email/Cal/Contacts

Voicemail/Fax/ Speech Access

OCS Servers

IP \PBX

OCS Anywhere Access

QOE

Monitoring

Archiving

CDR

OCS 2007 Architecture

Public IM

Clouds

MSNAOL

Yahoo

Remote

Users

DMZ

Federated

Businesses

Front-End Server(s)

(IM, Presence)

Inbound

Routing

Outbound

Routing

PSTN

Backend

SQL server

Exchange

2007 Server UM

Voicemail

UC endpoints

Active

Directory

Voice Mail

Routing

Conferencing

Server(s)

PBX

(SIP-PSTN GW)

Access

Server

Data

Audio/

Video

SIP

Mediation Server

PRI

User Trust Levels

• Internal Users

• External users– Remote users; your enterprise users located:

• On the public Internet

• Or in another corporate network

– Federated users

• Users that belong to enterprises you federate with

– Anonymous users

• Users who do not have a SIP address

• Users who may have a SIP address, but who belong to an enterprise that is not federating with you

– Public cloud (Yahoo!, Windows Live, AOL) users

Security Architecture - Protocols

Protocol Use

TLS (Transport Layer Security) Client to server communication

MTLS (Mutual Transport Layer Security) Server to server communication

SRTP (Secure Real-Time Protocol) Secure transfer of A/V media

TURN (Traversal Using Relay NAT) Allow clients to receive media from

peer sending packets to public

internet

ICE (Interactive Connectivity Establishment) Secure methodology to easily

communicate across NATs

Security Architecture - Authentication

Type of User/Server Authentication Protocol

Internal users Kerberos

Remote users with AD

credentials

NTLM

Anonymous users

(conferencing only)

DIGEST

Public IM Connectivity (PIC)

users

PIC Infrastructure. PIC servers configured as IM

Provider on the Access Edge Server

Federated users Authentication done by federated enterprise.

Federation configured on the Access Edge server

Servers MTLS and Trusted Server/Service entry

Secure Connections