The Three UC Amigos

Three Microsoft UC technology specialists covering U.S. Education

Setup of Edge for Federation with Public IM

Setup of Edge for Federation with Public IM

  • Comments 3
  • Likes

The First Step after installation of the Access Edge and activating the server is to configure the server. Run the Configuration Wizard and enable the server for federation.

 

clip_image002

 

Before I start setting up Federation with Public IM it is important to note that both the External Edge of the Access Edge and Web Conferencing Edge need to have public certs. This is not needed for the A/V Edge Server. It is recommended to use a separate IP address for each role even if both services are collocated.

For the scaled single-site edge topology, it's recommended that each server role use a separate VIP address on the external load balancer. A separate certificate matching the FQDN of each VIP address used by each Access Edge and Web Conferencing Edge server role must be installed on that server. For example, the Web Conferencing Edge Servers must have a certificate that matches the VIP address used by the Web Conferencing Edge Servers on the external load balancer.

The Provider addresses are:

Yahoo - lcsap.msg.yahoo.com

AOL - sip.oscar.aol.com

Live - federation.messenger.msn.com

IMProviders

For the public certificate it is important to have both client and server authorization. This is because the AOL SIP Proxy requires both, the MSN and Yahoo can be done with a web certificate. I would plan for all three and use the client/server authorization.

After the certs are installed you need to setup federation on the Access Edge Server. You can setup with three different levels:

1. Automatic discovery - traffic is based at a trust level - this is the default.

2. Discovery with Allow List - discovery but trust level can be higher for Allowed List parties

3. Do not allow discovery and base access on the allow list.

To enable federation:

1. Log on to the Access Edge Server as a member of the Administrators group or a group with equivalent user rights.

2. Open Computer Management. Click Start, click All Programs, click Administrative Tools, and then click Computer Management.

3. In the console tree, expand Services and Applications, right-click Microsoft Office Communications Server 2007, and then click Properties.

4. On the Access Methods tab, select the Allow discovery of federated partners check box.

Adding Federated Partners:

1. Log on to the Access Edge Server as a member of the Administrators group or a group with equivalent user rights.

2. Open Computer Management. Click Start, click All Programs, click Administrative Tools, and then click Computer Management.

3. On the Allow tab, click Add.

4. In the Add Federated Partner dialog box, do the following:

· In the Federated partner domain name box, type the domain of each federated partner domain.

· In the Federated partner Access Edge Server box, optionally type the FQDN of each Access Edge Server that you want to add to your Allow list. Remember if you configure the FQDN of a partner’s Access Edge Server and the FQDN changes, you must manually update your configuration for this partner.

· Click OK.

After that make sure you setup your Global settings to ensure that anonymous participants can join meetings.

 

clip_image002[5]

 

After this is done you can setup users and enable them for federation and Public IM. To do this you can configure the users with the wizard and select both federation and federation with Public IM.

 

Keep in mind users that have the domain in their Live ID already will be notified that they have a domain name that belongs to the University. This is an example of the form letter.

image

Q&A on PIC:

Does everyone with a Windows Live ID (Passport Identity) with an email in my enterprise domain receive the email? A: Only legitimate email address will receive the notification. A legitimate address means anyone who currently has an inbox on your corporate email server. Q: Can I obtain the list of addresses that you find using my enterprise domain? A: No. These addresses are considered Personally Identifiable Information (PII) and our Terms Of Use restrict us from sharing them with you. Q: Where can I get more information?
A: All the notification messages have links that point to http://support.microsoft.com/gp/Messenger/ for more detailed information. Should you have additional questions regarding LCS/PIC, please go to: http://www.microsoft.com/office/livecomm/prodinfo/publicim.mspx

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment