Solved

Lync 2010 - Edge Server Security Concerns

Posted on 2011-09-03
1
965 Views
Last Modified: 2012-05-12
Hi Experts,

I'm deploying Lync Server in our company. Microsoft's Official documentation says I must connect Edge Server to both DMZ and INTERNAL networks.

Is that true? If so it will overlap all firewall rules in place and if someone hacks that server, he could gain access to our internal network easily.

Moreover If I come to our security team with a requeriment to connect the server to DMZ and Internal LAN simultaneously, for sure I will get fired since anyone with basic network knowledge knows this is a huge security breach.

Along with the answer, could you explain to me why I need to deploy TMG to publish internal resources from Lync Front-end Server? Shouldn't everything needed to an external client to access Lync Servers be homed only on the Edge Servers?

tks!

Rodrigo Garcone
0
Comment
Question by:garconer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 37

Accepted Solution

by:
Jian An Lim earned 500 total points
ID: 36481752
halo,

i will suggest you to use your planning tool for lync to see the edge network diagram.


Internet | external firewall | EDGE / Reverse Proxy | internal Firewall | Internal network.



By looking at it, if your external firewall is compromise and your edge and reverse proxy is compromise, you still have your internal firewall protecting internal network.

So your requirement is it need to connect to Internet and Internal LAN and sitting in DMZ.
this is a normal network and security team with a good knowledge will know it is a normal pratice (unless they have certain concern about current network and etc)

---------------

TMG to publish internal resource is an optional for the LYNC to work.  you will able to logon to the systems without any issues.

However, Certain function will be missing from external if TMG is not deployed as below.
1. cannot upload document to conference.
2. cannot search user as address book is unavailable
3. distribution list expansion

0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction: Sometimes when I receive a call from my users to solve their problems it is very difficult for me to found their computer IP address. Even finding their computer Host to provide remote support can be a problem.  So I resorted to Goo…
As with any other System Center product, the installation for the Authoring Tool can be quite a pain sometimes. This article serves to help you avoid making these mistakes and hopefully save you a ton of time on troubleshooting :)  Step 1: Make sur…
Viewers will learn how to maximize accessibility options in an Excel workbook for users with accessibility issues.
The viewer will learn how to simulate a series of coin tosses with the rand() function and learn how to make these “tosses” depend on a predetermined probability. Flipping Coins in Excel: Enter =RAND() into cell A2: Recalculate the random variable…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question