Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Lync 2010 - Edge Server Security Concerns

Posted on 2011-09-03
1
Medium Priority
?
967 Views
Last Modified: 2012-05-12
Hi Experts,

I'm deploying Lync Server in our company. Microsoft's Official documentation says I must connect Edge Server to both DMZ and INTERNAL networks.

Is that true? If so it will overlap all firewall rules in place and if someone hacks that server, he could gain access to our internal network easily.

Moreover If I come to our security team with a requeriment to connect the server to DMZ and Internal LAN simultaneously, for sure I will get fired since anyone with basic network knowledge knows this is a huge security breach.

Along with the answer, could you explain to me why I need to deploy TMG to publish internal resources from Lync Front-end Server? Shouldn't everything needed to an external client to access Lync Servers be homed only on the Edge Servers?

tks!

Rodrigo Garcone
0
Comment
Question by:garconer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 37

Accepted Solution

by:
Jian An Lim earned 2000 total points
ID: 36481752
halo,

i will suggest you to use your planning tool for lync to see the edge network diagram.


Internet | external firewall | EDGE / Reverse Proxy | internal Firewall | Internal network.



By looking at it, if your external firewall is compromise and your edge and reverse proxy is compromise, you still have your internal firewall protecting internal network.

So your requirement is it need to connect to Internet and Internal LAN and sitting in DMZ.
this is a normal network and security team with a good knowledge will know it is a normal pratice (unless they have certain concern about current network and etc)

---------------

TMG to publish internal resource is an optional for the LYNC to work.  you will able to logon to the systems without any issues.

However, Certain function will be missing from external if TMG is not deployed as below.
1. cannot upload document to conference.
2. cannot search user as address book is unavailable
3. distribution list expansion

0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft has released remote PowerShell capabilities to all commercial Office 365 customers. So you can be controlled via PowerShell and not from the Office 365 admin center Download Windows PowerShell Module for Lync Online http://www.micros…
Article by: Leon
Software Metering within our group of companies has always been an afterthought until auditing of software and licensing became a pain point. Orchestrator and SCCM metering gave us the answer and it was an exciting process.
The viewer will learn how to simulate a series of sales calls dependent on a single skill level and learn how to simulate a series of sales calls dependent on two skill levels. Simulating Independent Sales Calls: Enter .75 into cell C2 – “skill leve…
The viewer will learn how to create a normally distributed random variable in Excel, use a normal distribution to simulate the return on an investment over a period of years, Create a Monte Carlo simulation using a normal random variable, and calcul…

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question