Upload
truongdan
View
220
Download
0
Embed Size (px)
Citation preview
Microsoft Unified Communications
Brett Johnson
UC Technical Specialist
Microsoft UK
http://blogs.technet.com/brettjo
www.brettjo.com
Connect the Right WayReduced Overload
User-Centric Communication Single User Identity
Identity And Presence At The Core
Messaging at Microsoft (MSIT)
• 3 Locations worldwide – US, EMEA, APAC
• 16.5m msgs/day arrive from the Internet (115m/week)
– 12.6m filtered as spam by Connection Filtering
– ~350,000 messages were rejected by the IMF
– ~66,000 messages were routed to user Junk Email Folders
• 1.3m messages were delivered to user Inboxes
– 91.92% spam
– 2.4 million internal messages received
– 2.5 million internal messages sent
20 October 2008 | Page 10
Exchange Anywhere Access
“By 2007 “telework” will be practiced by more than 60 million people…”- Gartner Management Update 2004
Built-in: No special server or services requiredRich access for the many, not the few
Evolution of Unified Communications :
Traditional
External phone
Phone company’s Central Office
Traditional PBX
Internal phones
Voice Mail
Exchange Servers
Active Directory
Internal phones
LCS 2005
IM
Exchange 2003
Email/Cal/Contacts
LCS ServersOffice
Communicator IM
ActiveSync/Outlook/OWA
Full Microsoft UC Deployment
External phone
Phone company’s Central Office
• Exchange 2007 Servers
• Mailbox
• CAS
• Hub Transport
Active Directory
OC
Unified Messaging Server(s)
Advanced GW
PhonesOCS/UM VoIP
Gateway
ActiveSync/Outlook/OWA
Office Communications Server 2007
IM
VoIP
MCU
Exchange 2007
Email/Cal/Contacts
Voicemail/Fax/ Speech Access
OCS Servers
IP \PBX
QOE
Monitoring
Archiving
CDR
OCS 2007 Architecture
Public IM
Clouds
MSNAOL
Yahoo
Remote
Users
DMZ
Federated
Businesses
Front-End Server(s)
(IM, Presence)
Inbound
Routing
Outbound
Routing
PSTN
Backend
SQL server
Exchange
2007 Server UM
Voicemail
UC endpoints
Active
Directory
Voice Mail
Routing
Conferencing
Server(s)
PBX
(SIP-PSTN GW)
Access
Server
Data
Audio/
Video
SIP
Mediation Server
PRI
User Trust Levels
• Internal Users
• External users– Remote users; your enterprise users located:
• On the public Internet
• Or in another corporate network
– Federated users
• Users that belong to enterprises you federate with
– Anonymous users
• Users who do not have a SIP address
• Users who may have a SIP address, but who belong to an enterprise that is not federating with you
– Public cloud (Yahoo!, Windows Live, AOL) users
Security Architecture - Protocols
Protocol Use
TLS (Transport Layer Security) Client to server communication
MTLS (Mutual Transport Layer Security) Server to server communication
SRTP (Secure Real-Time Protocol) Secure transfer of A/V media
TURN (Traversal Using Relay NAT) Allow clients to receive media from
peer sending packets to public
internet
ICE (Interactive Connectivity Establishment) Secure methodology to easily
communicate across NATs
Security Architecture - Authentication
Type of User/Server Authentication Protocol
Internal users Kerberos
Remote users with AD
credentials
NTLM
Anonymous users
(conferencing only)
DIGEST
Public IM Connectivity (PIC)
users
PIC Infrastructure. PIC servers configured as IM
Provider on the Access Edge Server
Federated users Authentication done by federated enterprise.
Federation configured on the Access Edge server
Servers MTLS and Trusted Server/Service entry