Solved

Lync 2010 - Edge Server Security Concerns

Posted on 2011-09-03
1
956 Views
Last Modified: 2012-05-12
Hi Experts,

I'm deploying Lync Server in our company. Microsoft's Official documentation says I must connect Edge Server to both DMZ and INTERNAL networks.

Is that true? If so it will overlap all firewall rules in place and if someone hacks that server, he could gain access to our internal network easily.

Moreover If I come to our security team with a requeriment to connect the server to DMZ and Internal LAN simultaneously, for sure I will get fired since anyone with basic network knowledge knows this is a huge security breach.

Along with the answer, could you explain to me why I need to deploy TMG to publish internal resources from Lync Front-end Server? Shouldn't everything needed to an external client to access Lync Servers be homed only on the Edge Servers?

tks!

Rodrigo Garcone
0
Comment
Question by:garconer
1 Comment
 
LVL 36

Accepted Solution

by:
Jian An Lim earned 500 total points
ID: 36481752
halo,

i will suggest you to use your planning tool for lync to see the edge network diagram.


Internet | external firewall | EDGE / Reverse Proxy | internal Firewall | Internal network.



By looking at it, if your external firewall is compromise and your edge and reverse proxy is compromise, you still have your internal firewall protecting internal network.

So your requirement is it need to connect to Internet and Internal LAN and sitting in DMZ.
this is a normal network and security team with a good knowledge will know it is a normal pratice (unless they have certain concern about current network and etc)

---------------

TMG to publish internal resource is an optional for the LYNC to work.  you will able to logon to the systems without any issues.

However, Certain function will be missing from external if TMG is not deployed as below.
1. cannot upload document to conference.
2. cannot search user as address book is unavailable
3. distribution list expansion

0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Converting Excel to OFX 2 106
Excel 2013: Displaying times in Milliseconds 6 213
Skype/Lync Emoticons Question 3 106
COPY from excel to notepad 3 56
Introduction: Sometimes when I receive a call from my users to solve their problems it is very difficult for me to found their computer IP address. Even finding their computer Host to provide remote support can be a problem.  So I resorted to Goo…
We were having a lot of "Heartbeat Alerts" in our SCOM environment, now "Heartbeat" in a SCOM environment for those of you who might not be familiar with SCOM is a packet of data sent from the agent to the management server on a regular basis, basic…
The viewer will learn how to simulate a series of coin tosses with the rand() function and learn how to make these “tosses” depend on a predetermined probability. Flipping Coins in Excel: Enter =RAND() into cell A2: Recalculate the random variable…
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question