Activating a UCMA 3.0 Core Trusted Application
A UCMA trusted application is an application based on Microsoft Unified Communications Managed API (UCMA) 3.0 that is trusted by Microsoft Lync Server 2010. This trust relationship is summarized in the following list.
Trusted applications are not challenged for authentication by Lync Server 2010.
Trusted applications are not throttled by Lync Server 2010 for SIP transactions, connections or outgoing Voice over Internet Protocol (VoIP) calls.
Trusted applications can impersonate any user and can join conferences without appearing in rosters.
Trusted applications are highly available and resilient.
Activating an application is the process by which UCMA 3.0 applications are configured to take advantage of Lync Server 2010 functionalities. Most of the commonly-used configuration data exists in Active Directory, the Central Management Store and the computer that hosts the application’s local certificate store.
Activation is needed not only for deploying a ready-to-ship application, but also must be performed in order to test an application during the application development phase.
Note
It is recommended that the computer running the trusted application be joined to the domain in which Lync Server 2010 is running. However, if there is no intent to run Lync Server 2010 PowerShell cmdlets from the application server or to make use of UCMA auto-provisioning capabilities, then the application can be run on a computer that is not joined to the domain.
Prerequisites for Activation
UCMA 3.0 SDK or UCMA 3.0 Runtime has been installed with Microsoft Lync Server 2010, Core Components.
Microsoft Lync Server 2010 Core Components provide access to PowerShell cmdlets needed for activating the application and also installs the binaries needed to enable a local replica, or copy, of the Central Management Store.
A valid server topology with Microsoft Lync Server 2010 and an Active Directory domain controller exist for the application to run against.
Appropriate permissions and memberships are set.
An application that runs as a trusted application must be a member of the appropriate groups. These groups are created during Lync Server 2010 setup so that group members can carry out their intended tasks. The following table provides more information.
Role |
Group membership |
---|---|
Lync Server 2010 Administrator |
Domain Admins security group |
Trusted Application Operator |
RTCUniversalServerAdmins security group Administrators local group |
Trusted Application Service Account |
RTC Component Local Group local group |
Note
After Lync Server 2010 has been installed, administrators must manually create users with the previously listed permissions to act in the Trusted Application Administrator and Trusted Application Service Account roles.
Note
A security group is an entity that exists in the domain and is stored in Active Directory. Security groups can be managed using the Active Directory Users and Computers Microsoft Management Console (MMC). A local group is an entity that exists in the computer on which the trusted application is running. Local groups can be managed by using the Local Users and Groups MMC.
The following table summarizes the tasks that can be performed by the three different roles.
Task |
Lync Server 2010 Administrator |
Trusted Application Operator |
Trusted Application Service Account |
---|---|---|---|
Install UCMA 3.0 Core SDK or UCMA 3.0 Runtime |
Yes |
Yes |
No |
Manage trusted application pools and trusted application computers |
Yes |
No |
No |
Request and set certificates |
Yes |
Yes |
No |
Manage trusted applications |
Yes |
No |
No |
Manage trusted application endpoints |
Yes |
Yes |
No |
Install and activate a local Central Management Store replica |
Yes |
Yes |
No |
Run UCMA-based applications |
Yes |
Yes |
Yes |
In This Section
The remaining topics in this section discuss how activation, provisioning, and deployment are different in UCMA 3.0, and list the activation steps that are required for all trusted applications, as well as the activation steps required by either auto-provisioned or manually-provisioned applications.
Activation, Provisioning, and Deployment Changes in UCMA 3.0 Core
General Application Activation-Activation steps needed by all trusted applications
Activating an Auto-Provisioned Application-Activation steps needed by auto-provisioned applications
Auto-provisioned applications require a local copy of the Central Management Store.
Activating a Manually-Provisioned Application-Activation steps needed for manually provisioned applications
Manually-provisioned applications do not require a local copy of the Central Management Store.
Activating Applications Programmatically—Steps required to run Lync Server 2010 PowerShell cmdlets programmatically.
See Also
Concepts
Managing UCMA 3.0 Core Applications
Other Resources
Unified Communications Managed API 3.0 Core SDK Documentation