Lync Implementation with different internal and external domain sync
Hello Experts,
Having Windows 2012r2 with Lync 2013 frontend and Edge 2012 server on Win2012. Internal domain name is test.local and Internet domain name is : tgroup.com. Internally all the clients are able to sync with frontend
server using [email protected] or [email protected] Internal CA and External Digicert works fine. But only problem is with external clients who want to communicate through edge server.
Edge server has 3 LAN ip address (nat with public IP), 10.10.10.2, 10.10.10.3, 10.10.10.4 and another Internal network interface which has ip 10.10.20.3
which uses that to communicate with front-end.
How to achieve this ? We dont have reverse proxy configured and we have only two servers.
Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.
The reverse proxy is used to publish URL's like the meet and dialin url, the address book url and the lync mobile client (smart phones and tablets) urls. This doesn't impact the external desktop user access as thats via the edge server. There is more to
it than that but for the sake of keeping this simple lets stick to that for now.
As far as SIP domains go. Think of your Lync users as having a SIP address similar to email addresses. You wouldn't have a user with an internal email address but with a different external email address. In fact best practice is to have the Lync SIP address
match the email address.
My reccomendation is to use the ttgoup.com as a sip domain and not the test.local
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Lync Sorted blog
Similar Messages
-
Cisco ISE with both internal and External RADIUS Server
Hi
I have ISE 1.2 , I configured it as management monitor and PSN and it work fine
I would like to know if I can integrate an external radius server and work with both internal and External RADIUS Server simultanously
So some computer (groupe_A in active directory ) will continu to made radius authentication on the ISE internal radius and other computer (groupe_B in active directory) will made radius authentication on an external radius server
I will like to know if it is possible to configure it and how I can do it ?
Thanks in advance for your help
Regards
BlaiseCisco ISE can function both as a RADIUS server and as a RADIUS proxy server. When it acts as a proxy server, Cisco ISE receives authentication and accounting requests from the network access server (NAS) and forwards them to the external RADIUS server. Cisco ISE accepts the results of the requests and returns them to the NAS.
Cisco ISE can simultaneously act as a proxy server to multiple external RADIUS servers. You can use the external RADIUS servers that you configure here in RADIUS server sequences. The External RADIUS Server page lists all the external RADIUS servers that you have defined in Cisco ISE. You can use the filter option to search for specific RADIUS servers based on the name or description, or both. In both simple and rule-based authentication policies, you can use the RADIUS server sequences to proxy the requests to a RADIUS server.
The RADIUS server sequence strips the domain name from the RADIUS-Username attribute for RADIUS authentications. This domain stripping is not applicable for EAP authentications, which use the EAP-Identity attribute. The RADIUS proxy server obtains the username from the RADIUS-Username attribute and strips it from the character that you specify when you configure the RADIUS server sequence. For EAP authentications, the RADIUS proxy server obtains the username from the EAP-Identity attribute. EAP authentications that use the RADIUS server sequence will succeed only if the EAP-Identity and RADIUS-Username values are the same. -
SiteMinder integration with the internal and external facing portals
Hi ,
We are in development phase for SiteMinder integration with the internal and external facing portals.The proposed dual authentication scheme which requires both SiteMinder for External facing portal (EFP) and LDAP for Internal portal .is it possible?
and is it possible to main to diff LDAP directories one is external users and one is for internal users.?
If you maintain 2 diff(external & internal) LDAP Directories in Siteminder Policy Server what about external users which are not exit in portal data source .
I appreciate if anyone can help me for my above query .
Regards
TagHey Tag,
We do have a physical external Portal and a physical internal portal. The both the external and internal are connected to 2 LDAP directories.
For example the External Portal is connected to the Employee LDAP Direcotry and the Customer LDAP Directory. The Internal Portal is connected to the US Employee LDAP Direcotry and the EMEA LDAP Directory.
So each one of them is connected to 2 different LDAP Directories.
I believe that the Siteminder Policy is setup such that the Internal portal has a policy and the External portal has a seperate policy on the same Siteminder Server. Then each of the Policies is configured to connect to the approiate LDAP Directories.
You have to maintain the LDAP Directory information in both the portal and Siteminder Policy Server. It is required in the policy server so that it can authenticate the user and it is required in the Portal server so that it can authorize the user and display content based on thier assigned roles.
Hope that helps.
Regards,
Keith -
How to Setup RDS custom property when internal and external domain name space is different
Hi All
I am setting up RDS for customer
My internal domain name is domain.local and my external domain is domain.com
I came across below PowerShell cmdlets on some blogs because my internal and external name space are different
Set-RDSessionCollectionConfiguration –CollectionName QuickSessionCollection -CustomRdpProperty “use redirection server name:i:1 `n alternate full address:s:remote.domain.com”
In above command, remote.domain.com points to which host?
Is it pointing to RD Session Broker
OR
Pointing to RD Session Host servers
I am not sure what above command will do exactly ?
Any help will be highly appreciated
Thanks Best Regards MaheshHi,
It all depends who is accessing the RDS Solution.
If you have a large BYOD or large number of external users, it would be better to use a public certificate.
Have a look at the following script which will simplyfy the configuration of the RDSH hosts with certificates.
http://ryanmangansitblog.com/2014/05/20/rds-2012-rdsh-certificate-deployment-script/
You can use a custom RDP property to hide the Session host names.
Have a look at the following article on configuring certificates:
http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
Ryan Mangan | Ryanmangansitblog.wordpress.com | Help keep the forums tidy, if this has helped please mark it as an answer -
Exchange 2013 DNS for internal and external domain
Hi All,
I have been assigned a task to implement Microsoft Exchange Server 2013. I need some help in setting up DNS namespaces and design a strategy to have same internal and external names. Let me share some details here.
We have an Active Directory domain myinternaldomain.net, and we have a public domain
mypublicdomain.com and we have setup email policy to have
mypublicdomain.com as the SMTP domain for all the users. We have created another DNS zone in Active directory integrated DNS and created a records for
mail.mypublicdomain.com and autodiscover.mypublicdomain.com which will point to CAS NLB IP. We have 2 CAS servers and 2 MBX servers, we have configured DAG for MBX High availability and planning to implement WNLB for CAS as
hardware LB is out of scope due to budget constrains.
We want to have same URLs for OWA, Autodiscover, ECP and other services from internal network as well as from public network. Users should not be bothered to remember two URLs, using one from internal and other from public networks. I also want to confirm
that with this setup in place do i need to have myinternaldomain.net and server names in SAN certificate?
ThanksHi Sccmnb,
You can easily achieve this using split DNS.
Internal DNS hostname "mail.mypublicdomain.com" will be pointing to your internal CAS NLB IP and the external public DNS hostname"mail.mypublicdomain.com" will be pointing to the Network device or
Reverse proxy server IP.
Depending upon users access location(internal\external) the IPs would vary and they should be able to access the website with same name.
The names that you would require on the certificate(Use EAC or powershell to raise the request) for client connectivity would be
SN= mail.mypublicdomain.com
SAN= autodiscover.mypublicdomain.com
You don't need to have the active directory domain name present in the certificate.
Additional to this you need to update the AutodiscoverURI for all servers and OWA,ECP,Autodiscover Virtual Directories InternalURL and ExternalURL fields with appropiate public names.
Some additional Info:
*Internal vs. External Namespaces
Since the release of Exchange 2007, the recommendation is to deploy a split-brain DNS infrastructure for the Internet-based client namespaces. A split-brain DNS infrastructure enables different IP addresses to be returned for a given namespace
based on where the client resides – if the client is within the internal network, the IP address of the internal load balancer is returned; if the client is external, the IP address of the external gateway/firewall is returned.
This approach simplifies the end-user experience – users only have to know a single namespace (e.g., mail.contoso.com) to access their data, regardless of where they are connecting. A split-brain DNS infrastructure, also simplifies the configuration of Client
Access server virtual directories, as the InternalURL and ExternalURL values within the environment can be the same value.
*Managing Certificates in Exchange Server 2013 (Part 2)
*Nice step by step article
Designing a simple namespace for Exchange 2013
Regards,
Satyajit
Please“Vote As Helpful”
if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you. -
CRM2015 IFD Internal and External Domains
I am trying to setup CRM2015 with IFD. My internal domain is xr.local and external domain name is somethingelse.com. When going through the directions and searching through the forums I see similar questions regarding with no real information on the possibility.
Am I able to set this up to support 2 different domains and where might I find some guidance to do so?
Thanks...
GYHi David,
Yes. the above setup should "do the trick" as the servers you put with blank DNS entry should be excluded in the NRPT table.
You can confirm this by running at the client: netsh name show polocy
at command line and see something like:
Settings for da.domain.com
Certification authority :
DNSSEC (Validation) : disabled
DNSSEC (IPsec) : disabled
DirectAccess (DNS Servers) :
DirectAccess (IPsec) : disabled
DirectAccess (Proxy Settings) : Use default browser settings
Settings for .domain.com
Certification authority :
DNSSEC (Validation) : disabled
DNSSEC (IPsec) : disabled
DirectAccess (DNS Servers) : 1234:1234:1234:3333::1
DirectAccess (IPsec) : disabled
DirectAccess (Proxy Settings) : Bypass proxy
So in this scenario the .domain.com is using the DA while the specific entry (da.domain.com) is set as exclude and have emptry DNS ...
Hope this helps,
Ophir. -
ILife with both internal and external hard drives?
I've been considering switching from a homebrew, multi-boot desktop to a MacBook for my primary computer, in part so I can hang out with my family in the living room rather than be exiled to the home office when I want to compute.
But here's my concern: I have media. We have about 50 GB of iTunes; maybe 30 GB of iPhoto; and tons and tons of digital video that would be stored in iMovie. Obviously the libraries are all interlinked. And it's all growing. I also like to rip DVDs and re-encode them for my iPod and AppleTV. Right now, my desktop has 480 GB of internal storage and that's just about enough.
I have discovered that the MacBook only comes with an option up to 250 GB. I absolutely need AppleCare, so I can't get an aftermarket hard drive. (All my Macs break - this one from the office that I'm on right now has a bum DVD drive, and my wife's has needed both fan and logic board replacements.)
While I'm aware of the existence of external hard drives, I'm concerned about Apple's non-external-hard-drive-friendly way of storing iLife data. If I wanted to keep more recent or useful music and photos on the internal drive but older stuff on an external, and still be able to use iLife seamlessly, would that be possible? (I see myself editing recent video in the living room, but then hooking back into the external HD in the office if I need older stuff.)
What solutions are out there for integrating data stores on both internal and external hard drives into an iLifestyle?
Thanks!Sascha Segan1 wrote:
.. What solutions are out there for integrating data stores on both internal and external hard drives into an iLifestyle?
all iApps (iPhoto, iTunes, iM08) support usage of external drives as 'mass storage' devices.. you can tell all apps which drive to use for the Libraries.. there some tools out there, which even allow the usage of 2/many different Libraries in iTunes/iPhoto..
for iM in detail: the Projects are small files, and should stay internal (allthough I'm discribing a 'hack' on my site: http://karsten.schluter.googlepages.com/im08tricks Project Library (and Events) on External Harddrive); the Events (=GBs) could be located on as much ext. HDDs as you want..
but ...
all iApps are single-user .. you can NOT 'share' Libraries to 2/many different users; the idea of a 'media server' which hosts/shares all kind of data to all kind of users is not 'on concept' of iLife .. -
Same internal and external domain names - AGAIN!
Hi all-
Like many of you, I am confronting the problem of having the same FQDN for both my Active Directory domain and Internet domain. For the sake of discussion, let's call the domain rlh.com.
I need to access an externally-hosted website on the rlh.com domain. The site is coded exclusively to use rlh.com and NOT
www.rlh.com. Therefore, the old trick of adding a static www A record on my internal DNS server will not work.
It looks like another option is to install IIS on my DC and then configure some type of forwarding to the external site. While this might work, frankly, I don't want IIS on my DC. It's a DC, not a web server.
Yet a third option, correct me if I'm wrong, looks to be using some type of "split DNS." Though I have not read the particulars (yet) of this solution, I am suspicious of it causing DNS inefficiencies.
All of these solutions look to me to be workarounds. I am preparing to install a new DC (upgrading from 2003 to 2008 R2) and want to FIX the problem, not work around it. That said, it looks like I have two options:
1. Rename my existing 2003 AD domain using rendom
2. Install the new 2008 R2 DC with the new domain name, setup domain trust between the old and new domains, and then use ADMT.
Can someone please comment on my logic here? Does anyone have experience with both of the two options? Is one less painful than the other?
As I preparatory step, I have migrated from my onsite Exchange 2003 server to Office 365. Exchange is no longer present in my organization, though some slight "remnants" may remain in Active Directory. Other than Exchange, I have a
Hyper-V host, 2 SQL Servers, and 3 RDS servers present in my environment.
Thanks.I realized this was answered, but I would like to add the following comprehensive blog on this subject.
Can't Access Website with Same Name (Split Zone or no Split Brain)
Published by Ace Fekay, MCT, MVP DS on Sep 4, 2009 at 12:11 AM 1278 0
Note - In an AD same name as the external name (split zone) scenario, if you don't want to use WWW in front of URL, such as to access it by
http://domain.com, then scroll down to "So you don't want to use WWW in front of the domain name"
http://blogs.msmvps.com/acefekay/2009/09/03/split-zone-or-no-split-zone-can-t-access-internal-website-with-external-name/
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights. -
Internal and external domain problem
Host: oserver. sbsrv. local (internal address)
Version: 10.1.2.0.2
Installation Type: Portal and Wireless
I have installed the oracle portal and works well in the internal network.
The problem:
When I try to access from public domain (www.mycompany.com) i get the welcome page from application server (fine) ,but if I press the link (log on to Oracle Application Server Portal) it redirects me to the internal address (http://oserver.sbsrv.local/portal/page?_pageid=0,1&_dad=portal&_schema=PORTAL)
I edit httpd.conf (Apache) and i change the line from ServerName oserver.sbsrv.local to ServerName www.mycompany.com and i get something like, that : ??????: ??? ???? ?????? ? ???? ????????????? ??????? ??? ?? ???? ??????
Question:
How can I map the internal domain: oserver. sbsrv. local (IP 192.168. xx. xx) with public domain www. mycompany. com (IP 62. x. x. x) ?
thanks.
Message was edited by:
user543368I did this 3 or 4 years ago and set up the Web-Cache to act as a reverse proxy. There is a paper on Metalink that explains how to set it up but I do not have the Doc ID.
Also check out the White Paper that illustrates a different method. "Expose your Intranet Portal to the
Outside World in a Secured Manner
(aka. A Secured Inside/Outside Portal)" see http://www.oracle.com/technology/products/ias/portal/pdf/admin_security_1014_secured_inside_outside.pdf
BG... -
Ex2010 -Probem with sending internal and external e-mail
Hi
In night we have a problem with time sync on VMWare Host so our Exchange Environment stopped working. Edge server (Ex 2010 SP3 full update) stopped transfer e-mails to mailbox server (Ex 2010 SP3 full update). After time synchronization e-mails were
treansfered to mailbox server. Users was able to send e-mail inside and outside but after 20-40 minutes users cannot send e-mails - between themselves and outside.
I don't see any e-mails in mailbox queues or using get-messagetrackinlog. I sent e-mail to our test e-mail mailbox on gmail and outlook.com. They wrere not be delivered by mailbox server. I can't find it using get-messagetrackinglog or in mailbox qeue.
What was happen? How to solve this problem?Hi,
Please disable 3rd party AVs for a little while as Ed mentioned.
Also check whether there is any related error message in App Log.
Thanks
Mavis Huang
TechNet Community Support -
Internal and external switches on server 2012 r2
this is driving me nuts.
I have a vm with an internal and external switch.
I am trying to get backups to route to the host machine using the internal switch only.
I've gone all over priorities and the routes are all fine but the data will constantly go over the external switch.
If i disable external switch traffic goes over internal switch just fine.
I've read about the automatic detection of least cost routing on the internal switch but just can not get it to run correctly.
please help
DougAll settings below.
backup traffic should run from 192.168.200.4 > 192.168.200.2 over internal NIC
VM Settings
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #3
Physical Address. . . . . . . . . : 00-15-5D-37-0E-04
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.200.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-37-0E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.100.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DNS Servers . . . . . . . . . . . : 192.168.100.3
NetBIOS over Tcpip. . . . . . . . : Enabled
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.4 261
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.100.0 255.255.255.0 On-link 192.168.100.4 261
192.168.100.4 255.255.255.255 On-link 192.168.100.4 261
192.168.100.255 255.255.255.255 On-link 192.168.100.4 261
192.168.200.0 255.255.255.240 On-link 192.168.200.4 276
192.168.200.4 255.255.255.255 On-link 192.168.200.4 276
192.168.200.15 255.255.255.255 On-link 192.168.200.4 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.100.4 261
224.0.0.0 240.0.0.0 On-link 192.168.200.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.100.4 261
255.255.255.255 255.255.255.255 On-link 192.168.200.4 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.100.1 Default
===========================================================================
HOST Settings
Ethernet adapter vEthernet (Internal-NIC):
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
Physical Address. . . . . . . . . : 00-15-5D-37-0E-02
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::744b:bbc1:e067:5592%48(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.200.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.240
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 805311837
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-79-97-A0-D3-C1-05-24-BF
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet Host:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Ethernet 1Gb 4-port 331FLR Adapter #4
Physical Address. . . . . . . . . : A0-D3-C1-05-24-BF
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3412:1255:61dc:3e3c%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.100.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DHCPv6 IAID . . . . . . . . . . . : 211866561
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-79-97-A0-D3-C1-05-24-BF
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Ethernet Host:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Ethernet 1Gb 4-port 331FLR Adapter #4
Physical Address. . . . . . . . . : A0-D3-C1-05-24-BF
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3412:1255:61dc:3e3c%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.100.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DHCPv6 IAID . . . . . . . . . . . : 211866561
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-79-97-A0-D3-C1-05-24-BF
DNS Servers . . . . . . . . . . . : 8.8.8.8
NetBIOS over Tcpip. . . . . . . . : Enabled
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.100.1 192.168.100.2 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.45.46 276
169.254.45.46 255.255.255.255 On-link 169.254.45.46 276
169.254.255.255 255.255.255.255 On-link 169.254.45.46 276
192.168.100.0 255.255.255.0 On-link 192.168.100.2 276
192.168.100.2 255.255.255.255 On-link 192.168.100.2 276
192.168.100.255 255.255.255.255 On-link 192.168.100.2 276
192.168.200.0 255.255.255.240 On-link 192.168.200.2 261
192.168.200.2 255.255.255.255 On-link 192.168.200.2 261
192.168.200.15 255.255.255.255 On-link 192.168.200.2 261
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.45.46 276
224.0.0.0 240.0.0.0 On-link 192.168.100.2 276
224.0.0.0 240.0.0.0 On-link 192.168.200.2 261
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.45.46 276
255.255.255.255 255.255.255.255 On-link 192.168.100.2 276
255.255.255.255 255.255.255.255 On-link 192.168.200.2 261
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.100.1 Default
Doug Hardy -
Internal and External different set of menu for ESS
Hi
We have 2 portal server - Internal and External. The Portal are being used not.
We are planning to implement ESS now in Portal. We are planning to provide two different set of options when the same user access internally and externally.
For example, User XYZ access internally he will get menus ABCDE but the same user access from external he only gets manu AB.
If anyone has implemented with similar concepts or know how to do it technically, kindly advice.
Thanks
YuvaLet us assume we have 3 internal groups :
internalGroup_1 -> Role A, Role B
internalGroup_2 -> Role C, Role D,
internalGroup_3 -> Role E,
and 2 external group :
externalGroup_1 -> Role A,
externalGroup_2 -> Role B,
We add similar user under a group. and then roles are assigned to groups. in above example Role A , Role B is assigned to internalGroup_1.
We can have a single user id in which is attached to interalGroup_1, interalGroup_2, interalGroup_3 , externalGroup_1and interalGroup_2.
When user logon to Internal portal he will see role A, B,C,D and E
and when user logon to internal poral he will see role A,B.
provided A,B,C,D,E roles should exist in internal protal and role A,B exist in External portal. You can use transport roles from external portal to internal portal. -
DNS records to be created for Lync deployment (Internal and External)
Hi There,
If I want the Lync server environment to work Internal as well from External in all the aspects. (auto-discover, meetings, AV conferencing,web conferencing, voice integration, mobility etc), please answer to the below questions and also their purpose please.
I'm not sure whether the answer varies for 2010 and 2013 version.
1. What are the Internal and External(public) DNS records to be created for the reverse proxy(assume i'm using TMG servers), and their purpose?
2. What are the Internal and External(public) DNS records to be created for Lync Edge server, and their purpose?I'll try to answer as well.
1) For the reverse proxy, you'll need to publish the following:
External:
lyncdiscover.sipdomain.com (You'll need this record for every sip domain you have). This is for client autodiscover.
external web services FQDN (You'll need one of these per pool, you get to choose the name). This is for address book downloads, web conferencing, etc.
Meet.sipdomain.com (You can choose the name here, and have one per sip domain or one for the whole org). This is for web conferencing.
Dialin.sipdomain.com (You'll just need one here, it doesn't have to be dialin). This is for changing your conferencing/phone pin, resetting conference info, and general conferencing info.
For Lync 2013 only, you may want the Office Web Application server pool name as well for PowerPoint sharing. Lync 2010 doesn't use this.
Internal:
The external web services FQDN. You'll need this available internally through the reverse proxy so you can redirect requests on port 443 to port 4443. This will be used for mobile devices on WiFi.
2) For the Edge server:
Externally:
sip.sipdomain.com (you'll need one per sip domain) this is an autodiscover/multi use FQDN and should point to your access edge IP.
webedge.sipdomain.com (edge web conferencing, you can pick any name you like).
avedge.sipdomain.com (av edge, you can pick any name you like).
accessedge.sipdomain.com (you'll need a name for the access edge role, however you can just use sip.sipdomain.com and save a name in your certificate request).
Internally:
edgepool.sipdomain.com (you can pick any name you want, it's just the name assigned to the internal edge interface.
If you choose to have a single ip for the external edge, you can get away with just an access edge name and/or sip.sipdomain.com
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications
This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Specification documents o internal and external programs documentation
I have to make some changes in the specification documents o internal and external programs documentation. I want to know i there are defined some standard conventions about the technica objects name and the requirements documentation.
We have made some formats, but we have seen change resistance=2 The problem is the amount of information required in these ne formats that we think is important and will help to reduc ambiguity and to avoid backworks but it's going to ad activities to the developers.. Ours is bit different to what she sampled but the standardization differ from the team implementing it. You must also come out with the pattern for program "pre" and "post" documentation.
1. Before the actual coding of the program, you have to specify the estimated number of mandays needed for the analysis, coding and documentation. Don't forget to add n% for the buffer. (In our case, we use 30% buffer). Then update the form by putting on the other column the actual mandays consumed. There should not be cases that estimated < actual mandays. If problem is encountered that may cause delay, inform team lead to adjust the estimated mandays.
2. Create a form that will specifically states the unit testing made (eg. Test case, test data, how the test is perform, outcome of testing, rating: pass or fail, etc.)
3. After coding, specific program specification (eg. logic of the program, tables created, function module used, authorization checking, etc). Please be reminded to put result of "program extended syntax check" (tcode: slin) and "run time analysis" (tcode: se30) if applicable.
4. And initial code review must made also. If proper ABAP coding is incorporated and obliged by the program. If the proper naming convention that you implemented is followed by the program...so on and so forth.
hope you'll get some ideas out of it.
cheers, -
Best practises regarding Internal and External access to SIM
Currently we have two separate Active Directories one internal and one in the DMZ and plan to have one SIM on an segmented network allowing access for our internal users directly to SIM UI and external users thru portlets that talks to SIM.
The external AD hosts some internal users that also needs access to the DMZ applications so we can save efforts in managing to separate SIM environments in development, tests, upgrades, unique UID etc...
What are the best practices on the market is this a preferred choice with only one SIM or with one SIM internally and one SIM in DMZ hosting suppliers, customers etc?
With a single SIM environment are you allowing internal users accessing SIM from Internet to change internal AD password or have you restricted the functionality in some way for internal users accessing SIM from internet?
How about challenge response questions are you allowing users to have the same both internally and externally or setup different for different user interfaces?
Anyone willing to share how your environment is setup for internal and external access?Yes for handling the access to the SIM we probably need to look into some kind of access management solution to get it to work in a secure way.
The question is a bit complex with many different factors controlling the outcome of the SIM implementation, but I hope to get some idées with this thread of how we can solve it.
The question still remains if its common to have one or to SIM's and what internal users is allowed to do in SIM from Internet.
Ex are internal users allowed to change their password in internal Active Directory thru SIM from Internet or what have others done to limit the functionality?
Maybe you are looking for
-
Not able to generate UCCX Historical Report of one agent
Dear All, I am not able to generate the UCCX Historical report of the agent as the Historical reports of the agent is generating upto the Feburary 2013 but we are not able to view the Historical Report of March 2013 and onwards, the realtime reports
-
HT4914 Can I use music that is on my iPhone 4 but not on iTunes down load to imatch
Can I use music that is on my iPhone 4 but not on iTunes? and down load to I match, then to all my apple devices?
-
Has anyone had any problems with the Many Tricks software product Butler causing a kernel panic? I've attempted to isolate all variables and continues to see like it is this program (which I forget to unload) that causes the kernel panic upon shutdow
-
Understanding XML file handling in ODI
Hi People, I've just completed a simple Interface to upload an XML file into an Oracle 10g database table. The interface copes well with both inserts and updates, so I'm very pleased about that. ;) This exercise has raised some questions though. I tr
-
Their site redirects me to a download page with links for many different browsers (Internet Explorer, Mozilla, etc.) When I push the downloadable for mozilla, it redirects me to your page with the 5.0 upgrade. But my problem is that 5.0 is not compat