http://blogs.technet.com/b/nexthop/archive/2012/09/19/lync-server-2010-external-user-access-security-overview.aspxAfter a security audit for a new or existing Lync Server 2010 deployment, questions often arise regarding potential security risks created by giving external user access to Lync Server 2010. This article provides a high level overview and answers to theen-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.technet.com/b/nexthop/archive/2012/09/19/lync-server-2010-external-user-access-security-overview.aspx#3523146Fri, 28 Sep 2012 14:32:01 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3523146J S<p>Hi, when do you expect to re-publish this article?</p> <p>Regards,</p> <p>James.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3523146" width="1" height="1">http://blogs.technet.com/b/nexthop/archive/2012/09/19/lync-server-2010-external-user-access-security-overview.aspx#3521795Fri, 21 Sep 2012 16:04:10 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3521795Acid-Guy<p>Hi Petri</p> <p>Lync is SIP based application. The user login information is exchanged when the session is established. From sa ecurity stand point the directory server acts another layer to protect the front-end servers so I would say as far as possible its good have directory server in the topology. Yes I do agree not all the traffic travels through the Director server however these &nbsp;connections are only established after the connecting user/endpoint has identified themselves or &nbsp;the conference.</p> <p>does this answer you question?</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3521795" width="1" height="1">http://blogs.technet.com/b/nexthop/archive/2012/09/19/lync-server-2010-external-user-access-security-overview.aspx#3521746Fri, 21 Sep 2012 11:47:56 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3521746Petri X<p>When we can expect to see simple external solution? Now we have:</p> <p> - reverse proxy, is publishing web services, directly from the back end</p> <p> - clients needs direct access to the edge</p> <p> - some connections goes to directory server</p> <p> - some connections goes to back end and perhaps A/V conference</p> <p>Plus the number of ports in all above connections...</p> <p>Plus mobile service...</p> <p>You say that directory server is required because of security reasons, but at the same time there is plenty of other connection which don&#39;t care of the director role.</p> <p>From old fashion security guys (firewall is all) looks scary when they see Lync&#39;s requirements.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3521746" width="1" height="1">http://blogs.technet.com/b/nexthop/archive/2012/09/19/lync-server-2010-external-user-access-security-overview.aspx#3521214Wed, 19 Sep 2012 23:53:34 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3521214Susan S. Bradley - MSFT<p>Excellent article, thanks Edwin!</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3521214" width="1" height="1">http://blogs.technet.com/b/nexthop/archive/2012/09/19/lync-server-2010-external-user-access-security-overview.aspx#3521171Wed, 19 Sep 2012 20:57:15 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:3521171Igor Kravchenko<p>Good article. &nbsp;Thank you.</p> <div style="clear:both;"></div><img src="http://blogs.technet.com/aggbug.aspx?PostID=3521171" width="1" height="1">