Filter
Top Products
17
Using Access Proxy and Director with the BIG-IP
LTM system for remote access
The Live Communications Server 2005 product allows the network of an
organization to federate (peer) with other Live Communications
Server-enabled networks for core presence and instant messaging.
This feature is enabled using a proxy server, Microsoft® Office Live
Communications Server 2005 Access Proxy, using TLS/MTLS (Mutually
Authenticated Transport Layer Security) for connections on both internal
and external interfaces. Outside legs and inside legs are designated by
different IP addresses, on two separate Network Interface Cards (NICs) or
both addresses on the same NIC.
The Access Proxy functions as a reverse-proxy operation, when outside
users (users of an enterprise outside the enterprise’s network) need access
into the enterprise’s internal Live Communications Server service.
Employees traveling, or working from home or in remote offices, can use
the ‘outside user’ mode to remotely access the service.
A Microsoft® Office Live Communications Server 2005, Director is a Live
Communications Server 2005 device with no locally homed users that
communicates with the Access Proxy to provide additional security for the
internal network. The Director authenticates and authorizes external SIP
traffic coming from the Access Proxy to prevent unauthenticated traffic
from reaching the internal Live Communications Servers.
Access Proxies and Directors can be connected in tandem to provide
scalability and availability. The distribution of new connections and routing
of traffic on existing connections is performed using a BIG-IP LTM system.
The Access Proxy is the entry point into the enterprise Live
Communications Server deployment. Its main role is to secure the internal
network, these are some of the tasks performed by the Access Proxy:
• The Access Proxy performs connection management.
• Only TLS connections are accepted for connections from remote users
and MTLS connection from federated servers.
• The Access Proxy ensures that when receiving a message from a server,
it is from a well known server that has been configured by the
administrator.
• The Access Proxy also blocks all messages coming from domains on its
block list.
For specific information on how to configure the Access Proxy or Director
devices, see the Microsoft documentation.
Note
More than one Access Proxy device in a cluster is called a Array.