Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 970
  • Last Modified:

Lync 2010 - Edge Server Security Concerns

Hi Experts,

I'm deploying Lync Server in our company. Microsoft's Official documentation says I must connect Edge Server to both DMZ and INTERNAL networks.

Is that true? If so it will overlap all firewall rules in place and if someone hacks that server, he could gain access to our internal network easily.

Moreover If I come to our security team with a requeriment to connect the server to DMZ and Internal LAN simultaneously, for sure I will get fired since anyone with basic network knowledge knows this is a huge security breach.

Along with the answer, could you explain to me why I need to deploy TMG to publish internal resources from Lync Front-end Server? Shouldn't everything needed to an external client to access Lync Servers be homed only on the Edge Servers?

tks!

Rodrigo Garcone
0
garconer
Asked:
garconer
1 Solution
 
Jian An LimCommented:
halo,

i will suggest you to use your planning tool for lync to see the edge network diagram.


Internet | external firewall | EDGE / Reverse Proxy | internal Firewall | Internal network.



By looking at it, if your external firewall is compromise and your edge and reverse proxy is compromise, you still have your internal firewall protecting internal network.

So your requirement is it need to connect to Internet and Internal LAN and sitting in DMZ.
this is a normal network and security team with a good knowledge will know it is a normal pratice (unless they have certain concern about current network and etc)

---------------

TMG to publish internal resource is an optional for the LYNC to work.  you will able to logon to the systems without any issues.

However, Certain function will be missing from external if TMG is not deployed as below.
1. cannot upload document to conference.
2. cannot search user as address book is unavailable
3. distribution list expansion

0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now