Rick Varvel

Microsoft UC Info OCS 2007 R2 Unified Messaging -- ISA 2006

OCS 2007 R1/R2 Remote Access Configuration Guide

OCS 2007 R1/R2 Remote Access Configuration Guide

  • Comments 3
  • Likes

Configuring port, certificate and DNS values for an OCS 2007 R1 / R2 Edge server topology can be confusing, especially when multiple Edge servers are involved. This OCS 2007 R1/R2 Remote Access Configuration Guide was created to simplify the process:

http://cid-b6d0e1f9969eb052.skydrive.live.com/browse.aspx/.Public/OCS2007R2EdgeConfigGuide

Office Communications Server (OCS) 2007 R2 provides instant messaging (IM), presence, conferencingand if PSTN integration is configuredvoice capability for employees within your organization. To allow remote access to these features it’s necessary to install and configure one or more Edge servers.

Currently there are 2 versions of OCS deployed in production environments; the original version which is referred to in this document as OCS 2007 “R1” and the most recent version called OCS 2007 “R2”.

Between the 2 releases there are four primary Edge topologies and this document covers all of them, starting with the simplest and moving to the most complex. The focus will be on the current R2 version of OCS 2007 but configuration and operational differences between versions will be clearly defined when necessary.

The Configuration Guide is split into 3 sections:

  1. Overview – OCS remote access best practices
  2. Scenarios – detailed certificate / port / DNS values for each topology
  3. Step by Step – detailed instructions for configuring Edge / Reverse Proxy servers

Recommended Usage:

Step 1 - Review the information in the Overview section and determine which remote access scenario matches your business requirements

Step 2 - Review the 10 to 15 pages associated with the specific scenario you want to deploy

Step 3 - Search each of the tables related to the chosen scenario replacing existing server FQDNs / IP Addresses with your production values

Step 4 - Print out the results and use it as a reference for ordering certificates, opening firewall ports and creating DNS A / SRV records

Step 5 - Optionally, use the Step by Step instructions to configure OCS for remote access if necessary

The best practice and related configuration information provided in the various sections is based on over 50 production remote access deployments but please keep in mind they are recommendations only. It is possible to configure OCS remote access many different ways but this document focuses on the approach proven to produce consistent results with a minimum of errors.

For reference, here is a summary of the content:

SECTION 1 – Remote Access Overview

·         Introduction

·         Edge Topology Options

·         Remote Access Best Practices

·         Certificate Recommendations

·         DNS Recommendations

SECTION 2 – Deployment Scenarios

·         Deployment Model (Scenario Based)

·         Scenario 1 – Single Consolidated Edge (R2)  

·         Scenario 2 – Scaled Consolidated Edge (R2)

·         Scenario 3 – Single Site Edge (R1)

·         Scenario 4 – Scaled Single Site Edge (R1)

SECTION 3 – Step by Step Instructions

·         Step by Step – Edge

·         Step by Step – Next Hop Pool

·         Step by Step – ISA

·         Appendix A: Common Configuration Issues

For assistance with OCS 2007 remote access design refer to one of these links:

For R2 Edge:

http://technet.microsoft.com/en-us/library/dd425196(office.13).aspx

For R1 Edge:

http://www.microsoft.com/downloads/details.aspx?FamilyId=ED45B74E-00C4-40D2-ABEE-216CE50F5AD2&displaylang=en

Thanks.
Comments
  • PingBack from http://blogs.technet.com/rickva/archive/2009/04/09/ocs-2007-r1-r2-remote-access-configuration-guide.aspx

  • Excellent work !!!  Very helpful indeed.  All the common scenarios explained in full detail.  Step by Step instructions are great!!

    Thanks Rick

    Tariq

  • what if we have a single AD & multiple sip .. then how will we restrict remote administrators so that they can create only respective sip for respective users.

    e.g.

    one ad

    we have single AD ... and 6 differnt universities but all are on same AD... each uni has its own UPN.. how can we restrict these six universities (uni) admin .. which will connect remotely and they shud be able to make users of their respective upn only.. uni1 must  not be able to mess with uni2 sip... intentionally or unintentionally ...

    please guide! thanking u in advance

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment