OCS Edge server?

Our company wants to implement OCS 2007 R2, initially for presence awareness, but may think about using voice features in the future.  Right now we would have around 75 users on the system, all from PC's that are a part of the domain.  Some would be connecting directly to our network in our office, some would be connecting from a remote location (that isn't on our network).

My question is, do I absolutely need an Edge server?  We have no perimeter network at the moment.  We just have a Juniper firewall/router that protects us from the public internet and we open ports as necessary.  I don't have a problem exposing our internal OCS server (Standard Edition) to the internet....if that is possible.
LVL 38
Justin SmithSr. System EngineerAsked:
Who is Participating?
Absolutely necessary? No.  Highly recommended for external clients access? Yes.
If you simply allow traffic through the Juniper to the Front-End server you can support external client access, but over TCP5061 and not the default TCP443 that Office Communicator would use for external access to an Edge server.  Typically 443 is open everywhere, but there may be a number of public networks or other corporate guest networks were 5061 is not allowed out, limiting the flexibility of external users connecting from various networks.

Also, with an Edge server you cannot support OCS-to-OCS federations, Public IM Connectivity to AOL/Yahoo/MSN, or XMPP connectivity to Jabber/GTalk.  Additionally supporting features like Desktop Sharing, Web and A/V Conferencing will be difficult to impossible without the additional Edge roles installed.

But if you only need IM/Presence for external users then publishing the internal FE is sufficient, although not a secure best practice.
ocs edge is designed to be outside, not frontend server. because frontend severs has a lot of AD info, which you don't want to expose to the internet.
however, if your users are using vpns to access corporate resources then you can live without EDGE. You need edge, when you want to make federations and allow other (3rd party) users to chat/converence with your internal users
Justin SmithSr. System EngineerAuthor Commented:
I want my employees to be able to use OCS features, from outside our office, without using a VPN.  Not really worried about 3rd party federation right now.  So, is it necessary to have a seperate edge server, or can I just poke holes in the firewall to expose the frontend server to the internet?
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

you need edge server, because it is much easier to expose edge server outside, than opening holes (yes you will have to open a lot!) in your fw.
BusbarSolutions ArchitectCommented:
adding to from exp.
the problem is not that it is more secure to have an edge, it is about that you cannot expose the frontend to the internet, doing so will leave you with so many features not working and in a not supported configuration, so it is not optional it is manadatory
Justin SmithSr. System EngineerAuthor Commented:
Thanks to all.  Jeff your answer was exactly what I was looking for, as far as the ports.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.