Wherever we talked about remote user or internet user Director role comes in mind, Director is middle man between your Edge and Front End pools. Main benefits of having a Director in place are to offload user authentication requests and to provide an extra layer of security between the Edge Servers in the perimeter network and your internal Lync Server 2010 pool
Keep in mind below points:
· When you configure a server as a Director, you cannot home users on it.
· You can still configure a single Director or a Director pool. The Director is not designated as either a Standard Edition or Enterprise Edition server.
· For a user in your organization to authenticate against a Director instead of the user’s home pool server, you have to point your SRV record for automatic configuration to your Director instead of your Standard Edition server or Front End pool.
· If you deploy a single Director, you have just introduced a single point of failure into your environment. To avoid this single point of failure, you can add multiple servers to create a Director pool. You will have to locate these pooled Directors behind a physical hardware load balancer.
· A pool of Directors must be load balanced. You can use a hardware load balancer, or you can implement DNS load balancing to take care of the SIP traffic. Implementing DNS load balancing makes the administration of the hardware load balancer simpler, because the hardware load balancer has to balance only HTTP traffic.
· With Office Communications Server 2007, we supported an array of Standard Edition servers behind a load balancer, which was commonly referred to as a Director array. From Lync Server 2010 forward, an array of Standard Edition servers is no longer supported. However, a pool of Enterprise Edition servers configured as Directors is supported.
1. The User Replicator process synchronizes user information with Active Directory domain controllers.
2. Lync performs a DNS SRV query to locate a Lync Server that is authoritative of the user’s SIP domain.
3. The DNS SRV query performed by Lync returns the FQDN and IP address of the Director.
4. Lync contacts the IP address returned from the DNS SRV query and connects to the Director.
5. Because the Director is not the user’s home server, the Director redirects Lync to the user’s home server or pool.
6. Lync signs in to the user’s home server or pool.
In addition to helping route traffic for internal deployments, a Director plays an important role for external topologies. When configuring federation, public IM connectivity, or remote access, deploying a Director as the Access Edge Server’s next hop is required when remote access for users is needed. By using a Director or bank of Directors, the only IP address and port number that needs to be opened on the internal firewall is access to the Director on port 5061 for SIP traffic.
By restricting the Access Edge Server to reach only the Director, you can limit access to your internal network if the Access Edge Server is ever compromised. None of the internal Standard Edition servers and Front End pools can be directly accessed by the Access Edge Server.
· Authenticates remote users. The Director prevents unauthorized users from entering the internal network.
· Proxies remote user connections to the correct Standard Edition server or Front End pool. This is necessary because remote user connections cannot be redirected.
· Mitigates denial-of-service (DoS) attacks. The Director verifies that the intended recipient of a message is a valid user. This protects internal servers from processing invalid messages from a public IM connection or federated partner.
For outgoing connections to the Access Edge Server, the Standard Edition servers and Front End pools route traffic destined for external users (that is, federated contacts, public IM connectivity contacts, and remote users) to the Director. The Director then proxies the connection to the Access Edge Server.
Thank you.
Nice,
ReplyDeleteThanks for your grateful informations, am working in, asian affairs magazine
so it will be a better information’s for me. Try to post best informations like this always
Pakistan: Qadri's 'long march' takes no significant steps
Hello Publisher,
ReplyDeleteThank you for valuable comments. Will continue to publish information.
Visited your site http://asianaffairs.in/ and it is very good and you are doing wonderful job.
Thank you.