Edge Server Deployment Guidelines (2007 R2 Beta)
[This is preliminary documentation and is subject to change. Blank topics are included as placeholders.]
To enhance Edge Server performance and security, as well as to facilitate deployment, use the following guidelines when establishing your deployment process:
- Deploy Edge Servers only after you have finished deploying Office Communications Server 2007 R2 inside your organization.
- Deploy Edge Servers in a workgroup rather than a domain. Doing so simplifies installation and keeps Active Directory® Domain Services (AD DS) out of the perimeter network. Locating AD DS in the perimeter network can present a significant security risk.
- Deploy your Edge Servers in a staging or lab environment before you deploy them in your production environment. Deploy it in your perimeter network only when you are satisfied that the test deployment meets your requirements and that it can be incorporated successfully in a production environment.
- Deploy Edge Servers on dedicated computers that do not run anything that is not required. This includes disabling unnecessary services and running only essential programs on the computer, such as programs embodying routing logic that are developed by using Microsoft SIP Processing Language (MSPL) and the Office Communications Server API.
- Enable monitoring and auditing as early as possible on the computer.
- Use a computer that has two network adapters to provide physical separation of the internal and external network interfaces.
- Deploy the Edge Server between two firewalls (an internal firewall and an external firewall) to ensure strict routing from one network edge to the other.