OCS 2007 R1/R2 Remote Access Configuration Guide


Configuring port, certificate and DNS values for an OCS 2007 R1 / R2 Edge server topology can be confusing, especially when multiple Edge servers are involved. This OCS 2007 R1/R2 Remote Access Configuration Guide was created to simplify the process:


http://cid-b6d0e1f9969eb052.skydrive.live.com/browse.aspx/.Public/OCS2007R2EdgeConfigGuide


Office Communications Server (OCS) 2007 R2 provides instant messaging (IM), presence, conferencingand if PSTN integration is configuredvoice capability for employees within your organization. To allow remote access to these features it’s necessary to install and configure one or more Edge servers.


Currently there are 2 versions of OCS deployed in production environments; the original version which is referred to in this document as OCS 2007 “R1” and the most recent version called OCS 2007 “R2”.


Between the 2 releases there are four primary Edge topologies and this document covers all of them, starting with the simplest and moving to the most complex. The focus will be on the current R2 version of OCS 2007 but configuration and operational differences between versions will be clearly defined when necessary.


The Configuration Guide is split into 3 sections:




  1. Overview – OCS remote access best practices


  2. Scenarios – detailed certificate / port / DNS values for each topology


  3. Step by Step – detailed instructions for configuring Edge / Reverse Proxy servers

Recommended Usage:

Step 1Review the information in the Overview section and determine which remote access scenario matches your business requirements


Step 2 – Review the 10 to 15 pages associated with the specific scenario you want to deploy


Step 3 – Search each of the tables related to the chosen scenario replacing existing server FQDNs / IP Addresses with your production values


Step 4 – Print out the results and use it as a reference for ordering certificates, opening firewall ports and creating DNS A / SRV records


Step 5 – Optionally, use the Step by Step instructions to configure OCS for remote access if necessary


The best practice and related configuration information provided in the various sections is based on over 50 production remote access deployments but please keep in mind they are recommendations only. It is possible to configure OCS remote access many different ways but this document focuses on the approach proven to produce consistent results with a minimum of errors.


For reference, here is a summary of the content:

SECTION 1 – Remote Access Overview


·         Introduction


·         Edge Topology Options


·         Remote Access Best Practices


·         Certificate Recommendations


·         DNS Recommendations


SECTION 2 – Deployment Scenarios


·         Deployment Model (Scenario Based)


·         Scenario 1 – Single Consolidated Edge (R2)  


·         Scenario 2 – Scaled Consolidated Edge (R2)


·         Scenario 3 – Single Site Edge (R1)


·         Scenario 4 – Scaled Single Site Edge (R1)


SECTION 3 – Step by Step Instructions


·         Step by Step – Edge


·         Step by Step – Next Hop Pool


·         Step by Step – ISA


·         Appendix A: Common Configuration Issues


For assistance with OCS 2007 remote access design refer to one of these links:


For R2 Edge:


http://technet.microsoft.com/en-us/library/dd425196(office.13).aspx


For R1 Edge:


http://www.microsoft.com/downloads/details.aspx?FamilyId=ED45B74E-00C4-40D2-ABEE-216CE50F5AD2&displaylang=en

Thanks.

Comments (3)

  1. Anonymous says:

    Excellent work !!!  Very helpful indeed.  All the common scenarios explained in full detail.  Step by Step instructions are great!!

    Thanks Rick

    Tariq

  2. shah says:

    what if we have a single AD & multiple sip .. then how will we restrict remote administrators so that they can create only respective sip for respective users.

    e.g.

    one ad

    we have single AD … and 6 differnt universities but all are on same AD… each uni has its own UPN.. how can we restrict these six universities (uni) admin .. which will connect remotely and they shud be able to make users of their respective upn only.. uni1 must  not be able to mess with uni2 sip… intentionally or unintentionally …

    please guide! thanking u in advance