- Lync Server Cookbook
- Fabrizio Volpe Alessio Giombini Lasse Nordvik Wed? António Vargas
- 433字
- 2021-08-06 19:28:36
Deploying a secure Lync Edge
Lync Edge is a role that makes Lync services available to external users and companies in a secure manner. A Lync Edge Server is not part of the internal domain, and in general, it is deployed in a Demilitarized Zone (DMZ) network with a series of limitations (for example, usually, the name resolution of the Lync Servers in the internal network is limited to local hosts file). The previously mentioned restrictions and other security features, however, are not enough to defend the server from some kind of Internet threats including Distributed Denial-of-Service (DDoS) and brute-force attacks. An extremely powerful instrument we have at our disposal to protect our Lync deployment is the Microsoft SIP Processing Language (MSPL). MSPL is a scripting language used specifically to filter and route SIP messages. Chris Norman, for example, has shared a really interesting MSPL script to block presence indicators with federated partner at http://voipnorm.blogspot.it/2013/01/mspl-script-blocking-federated-presence.html. The idea behind the script is to keep features we need running (such as IM), limiting the information we show to external users. The steps we will see (required to apply the previously mentioned solution) are the same every time we use an MSPL script.
How to do it...
- Connect to a Lync Front End Server.
- Open the Lync Server Management Shell and launch the following cmdlet to get a list of the existing server applications:
Get-CsServerApplication
- Now, we can install the script (
BlockFederatedPresence.am).New-CsServerApplication -Identity "EdgeServe:cheshirecat.absoluteuc.corp/Simple" -Uri "http://sip.absoluteuc.org/BlockFederatedPresence" -ScriptName "C:\BlockFederatedPresence.am"-Enabled $true -Critical $false
The explanation of the preceding code is as follows:
- The
Identityparameter indicates the Edge Server using the FQDN of the server. In our scenario, it is the Edge Servercheshirecat.absoluteuc.corp. - Uri is a value we define in the
appUriparameter of the script (I customized the one in Chris Norman's script found athttp://sip.yourdomain.com/BlockFederatedPresence). - ScriptName indicates the path to the
.amfile (in our scenario,C:\BlockFederatedPresence.am). - Enabled
$trueor$falseis a switch to activate or deactivate the script. - Critical
$trueor$falseis a switch to select whether Lync Server can start when our application does not start for any reason.
- The
- We have to restart the Lync services (
Stop-CsWindowsService|Start-CsWindowsService).
See Also
Rui Maximo wrote a post for Lync 2010 Edge Servers where he talks about DDOS to the Lync Edge Servers and points out how to use MSPL to handle this kind of threat Lync Server 2010: Security at the Edge at http://technet.microsoft.com/en-us/magazine/hh219285.aspx, Code4Lync at http://mohamedasakr.wordpress.com/, and Lync Development at http://blog.greenl.ee/ are two blogs, from Mohamed Sakr and Michael Greenlee, that have a lot of interesting posts dedicated to MSPL.
- TypeScript入門與實戰(zhàn)
- Node.js Design Patterns
- LabVIEW Graphical Programming Cookbook
- C/C++算法從菜鳥到達人
- 機器人Python青少年編程開發(fā)實例
- Mastering Unity Shaders and Effects
- Reactive Programming With Java 9
- 實戰(zhàn)Java高并發(fā)程序設(shè)計(第3版)
- Python貝葉斯分析(第2版)
- AutoCAD VBA參數(shù)化繪圖程序開發(fā)與實戰(zhàn)編碼
- Learning Concurrent Programming in Scala
- ServiceNow:Building Powerful Workflows
- Advanced Express Web Application Development
- Instant PHP Web Scraping
- 動手打造深度學(xué)習(xí)框架