OCS 2007의 DNS(srv 레코드) 설정 및 OCS 2007의 개요 Collaboration2009. 1. 29. 16:47
사용자가 자동 로그인을 시도하면 다음과 같은 순서로 DNS를 쿼리한다.
1. _sipinternaltls._tcp.<domain> - 내부 TLS 연결(포트 : 5061)
2. _sipinternal._tcp.<domain> - 내부 TCP 연결(포트 : 5060)
3. _sip._tls.<domain> - 외부 TLS 연결(포트 : 443)
4. _sip._tcp.<domain> - 외부 TCP 연결(포트 : 443)
추가 기능에 대한 필요 서버
|
제공할 기능 |
추가할 서버 역할 |
사용 클라이언트 |
|
내부 사용자를 위한 IM과 상태정보 제공 |
추가 서버 없음 |
Communicator 2005/2007 |
|
On-premise Web Conferencing |
Standard Edition: |
Live Meeting 2007 client |
|
Address Book Server |
Standard Edition: |
|
|
Archiving and Call Detail Records |
Archiving and CDR Server |
|
|
외부 사용자 접근 |
Access Edge Server |
Communicator 2005/2007 |
|
Federation | ||
|
Public IM Connectivity(PIC) | ||
|
외부사용자와의 Web conferencing |
Web Conferencing Edge Server |
Live Meeting 2007 client |
|
외부사용자와의 Audio/Video Conferencing |
A/V Conferencing Edge Server |
Live Meeting 2007 client |
|
웹 브라우저 기반 클라이언트에 대한 IM과 상태정보 제공 |
Communicator Web Access Server |
Communicator Web Access |
|
Enterprise Voice |
Mediation Server and basic media gateway |
Communicator 2007 |
Edge 서버
|
Server |
Required to Support |
Corresponding Internal Server Required |
Protocol |
|
Access Edge Server |
Public IM, Federation, 내부 사용자의 원격 접근 지원, 내부에서 외부로 Conference, Voice 기능을 위해 연결 지원 |
Office Communications Server 2007 server or pool and, optionally, a Director |
Session Initiation Protocol (SIP) |
|
Web Conferencing Edge Server |
External Web conferencing |
Web Conferencing Server |
Persistent Shared Object Model (PSOM) |
|
A/V Edge Server |
A/V conferences with external users Point-to-point A/V calls with external users |
A/V Conferencing Server |
RTP/RTCP, Simple Traversal of UDP through NAT (STUN)/ |
|
Reverse Proxy |
Group Expansion(배포그룹 확장) 과 주소록 파일 다운로드에 필요. 웹 컨퍼런싱을 위한 회의 자료(ppt) 에 접근하기 위해 필요 |
Web server (IIS) |
HTTP(s) |
인증서 요구 사항
|
Topology |
Server Role |
Recommended CA |
Subject Name/ |
SAN |
Comments |
|
Standard Edition server |
All server roles (which are collocated) |
Enterprise CA. |
FQDN of the Standard Edition Server |
If you have multiple SIP domains and have enabled automatic client configuration, the certificate wizard detects and adds each supported SIP domain FQDNs. (The wizard detects any SIP domains you specified during setup and automatically adds them to the SAN) |
Additionally, you must use the IIS administrative snap-in to assign the certificate used by the Web Component Server |
|
Enterprise pool: consolidated |
All server roles. Certificate configured on each Enterprise Edition Server |
Enterprise CA. |
FQDN of the pool For the Web Components Server role, the certificate must have the URL of the internal Web farm in the SN or SAN. |
If you have multiple SIP domains and have enabled automatic client configuration, the wizard detects the SIP domains, adds them to the SAN, and then adds each supported SIP domain FQDN. (The wizard detects any SIP domains you specified during setup and automatically adds them to the SAN) For the Web Components Server role, the certificate must have the URL of the internal Web farm in the SAN (if the FQDN is different from the pool FQDN). |
Certificate must be installed on each server in the pool. Additionally, you must use the IIS administrative snap-in to assign the certificate used by the Web Component Server. |
|
Enterprise pool: expanded |
Front End |
Enterprise CA |
FQDN of the pool |
If you have multiple SIP domains and have enabled automatic client configuration, add each supported SIP domain FQDN. (The wizard detects any SIP domains you specified during setup and automatically adds them to the SAN) |
Certificate must be installed on each server in the pool |
|
Web Conferencing |
Enterprise CA |
FQDN of the pool |
|
Certificate must be installed on each server in the pool | |
|
A/V Conferencing |
Enterprise CA |
FQDN of the pool |
|
Certificate must be installed on each server in the pool | |
|
Web Components |
Enterprise CA |
FQDN of the VIP (virtual IP) of the load balancer used by the Web Components Server |
SAN must contain the URL of the internal Web farm in the SAN (if the FQDN is different from the pool FQDN) |
A certificate has to be configured in IIS on the all servers that are running the Web Component Services | |
|
Director, |
Director |
Enterprise CA |
FQDN of Standard Edition Server |
If you have multiple SIP domains and have enabled automatic client configuration and all clients use this Director for logon, add each supported SIP domain FQDN. (The wizard detects any SIP domains you specified during setup and automatically adds them to the SAN) |
|
|
Director, |
Director |
Enterprise CA |
FQDN of the pool |
If you have multiple SIP domains and have enabled automatic client configuration and all clients use this Director for logon, add each supported SIP domain FQDN. |
. |
|
Array of Standard Edition Directors |
Director |
Enterprise CA. |
FQDN of the Director Server |
FQDN of Director Server and the FQDN of the virtual IP (VIP) used by the array If you have multiple SIP domains and have enabled automatic client configuration and all clients use this Director for logon, add each supported SIP domain FQDNs. |
FQDN of the server is in the SUBJECT field FQDN of the Director VIP and the FQDN of the server must be in the SUBJECT_ALT_NAME as DNS values |
사용 포트
|
Component (Server role or client) |
Port |
Protocol |
Notes |
|
Front End Servers |
5060/5061 |
TCP MTLS |
Used by Standard Edition Servers and Enterprise pools for all internal SIP communications between servers and between servers and Office Communicator |
|
Front End Servers |
443 |
HTTPS |
Communication from front-end servers to the Web farm FQDNs (the URLs used by Web Components) |
|
Front End Servers |
444 |
HTTPS |
Communication between the focus (Office Communications Server component that manages conference state) and the conferencing servers |
|
Front End Servers |
135 |
DCOM and RPC |
Used when a load balancer is deployed, port 135 is used by the Front End Servers for WMI operations and moving users (a remote DCOM-based database operation) |
|
Web Components |
443 |
TCP |
HTTPS traffic to the pool URLs |
|
Web Conferencing Server |
443 |
TLS |
HTTPS communications to Web Components Servers |
|
Web Conferencing Server |
444 |
TLS |
HTTPS between the Web Conferencing Server and the Front End Server |
|
Web Conferencing Server |
8057 |
TLS |
Used to listen to direct PSOM connections from Live Meeting client |
|
A/V Conferencing Server |
5063 |
TCP |
Used for incoming SIP listening requests |
|
A/V Conferencing Server |
49152 – 65535 media port range |
UDP |
Port range used for media requests sent. |
|
Reverse Proxy |
443 |
TCP |
Used for SIP/TLS communications from external users on both the internal and external firewalls for external user access |
|
Access Edge Server |
5061 |
TCP |
Used for SIP/MTLS communication for remote user access or federation. |
|
Access Edge Server |
443 |
TCP |
Used for SIP/TLS communication for remote user access |
|
Web Conferencing Edge Server |
8057 |
TCP |
Used to listen for PSOM/MTLS communications from the Web Conferencing Server on the internal interface of the Web Conferencing Edge Server |
|
Web Conferencing Edge Server |
443 |
TCP |
Used for inbound communications for access of remote, anonymous and federated users to access internal Web conferences |
|
A/V Edge Server |
443 |
TCP |
Used for STUN/TCP inbound and outbound media communications to allow external users to access media and A/V sessions |
|
A/V Edge Server |
5062 |
TCP |
Used for SIP/MTLS authentication of A/V users. Communications flow outbound through the internal firewall. |
|
A/V Edge Server |
3478 |
UDP |
Used for STUN/UDP inbound and outbound media communications |
|
A/V Edge Server |
50,000-59,999 |
RTP/TCP |
Used for inbound and outbound media transfer through the external firewall. |
|
Office Communicator |
5060 |
TCP (SIP) |
Used by Office Communicator for SIP communications internally |
|
Office Communicator |
5061 |
TCP (SIP) |
Used by Office Communicator for SIP communications internally and for SIP/MTLS authentication of A/V users. Communications flow outbound through the internal firewall |
|
Office Communicator |
443 |
TCP (HTTP) |
Used by Communicator clients connecting from outside the intranet for SIP communications |
|
Office Communicator |
1024-65535 |
UDP/TCP |
Port range used for inbound and outbound media transfer through the external firewall. |
|
Office Communicator |
6891-6901 |
TCP |
Port ranged used by Office Communicator for file transfer. |
|
Live Meeting 2007 client |
443 |
TCP |
Used by Live Meeting 2007 clients connecting from outside the intranet for: SIP traffic sent to the Access Edge Server PSOM traffic sent to the Web Conferencing Edge Server |
|
Live Meeting 2007 client |
8057 |
TCP |
Used for outgoing PSOM traffic sent to the Web Conferencing Server |
|
Live Meeting 2007 client |
5061 |
TCP |
Used for SIP/TLS communication between Live Meeting and the Front End Servers or the Access Edge Server and for SIP/MTLS authentication of A/V users. Communications flow outbound through the internal firewall |
|
Live Meeting 2007 client |
1024-65535 |
UDP/TCP |
Port range used for inbound and outbound media transfer through the external firewall |
|
Live Meeting 2007 client |
6891-6901 |
TCP |
Port ranged used by Live Meeting for file transfer |
