Solved

Lync 2010 - Edge Server Security Concerns

Posted on 2011-09-03
1
957 Views
Last Modified: 2012-05-12
Hi Experts,

I'm deploying Lync Server in our company. Microsoft's Official documentation says I must connect Edge Server to both DMZ and INTERNAL networks.

Is that true? If so it will overlap all firewall rules in place and if someone hacks that server, he could gain access to our internal network easily.

Moreover If I come to our security team with a requeriment to connect the server to DMZ and Internal LAN simultaneously, for sure I will get fired since anyone with basic network knowledge knows this is a huge security breach.

Along with the answer, could you explain to me why I need to deploy TMG to publish internal resources from Lync Front-end Server? Shouldn't everything needed to an external client to access Lync Servers be homed only on the Edge Servers?

tks!

Rodrigo Garcone
0
Comment
Question by:garconer
1 Comment
 
LVL 36

Accepted Solution

by:
Jian An Lim earned 500 total points
ID: 36481752
halo,

i will suggest you to use your planning tool for lync to see the edge network diagram.


Internet | external firewall | EDGE / Reverse Proxy | internal Firewall | Internal network.



By looking at it, if your external firewall is compromise and your edge and reverse proxy is compromise, you still have your internal firewall protecting internal network.

So your requirement is it need to connect to Internet and Internal LAN and sitting in DMZ.
this is a normal network and security team with a good knowledge will know it is a normal pratice (unless they have certain concern about current network and etc)

---------------

TMG to publish internal resource is an optional for the LYNC to work.  you will able to logon to the systems without any issues.

However, Certain function will be missing from external if TMG is not deployed as below.
1. cannot upload document to conference.
2. cannot search user as address book is unavailable
3. distribution list expansion

0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Group Policies review 1 103
Recommendation of Antivirus software for Personal Use 19 205
Creating a tuition video for users 2 93
Excel formula lookup multiple charges 11 76
The canonical version of this article is on my web site here: http://iconoun.com/articles/collisions/ A companion presentation is available here: http://iconoun.com/articles/collisions/Unicode_Presentation.pdf
Microsoft has released remote PowerShell capabilities to all commercial Office 365 customers. So you can be controlled via PowerShell and not from the Office 365 admin center Download Windows PowerShell Module for Lync Online http://www.micros…
Viewers will learn the different options available in the Backstage view in Excel 2013.
The viewer will learn how to simulate a series of sales calls dependent on a single skill level and learn how to simulate a series of sales calls dependent on two skill levels. Simulating Independent Sales Calls: Enter .75 into cell C2 – “skill leve…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question