Security Framework for Lync Server 2010


Topic Last Modified: 2011-05-06

This chapter provides an overview of the fundamental elements that form the security framework for Microsoft Lync Server 2010. Understanding how these elements work together is essential for making informed decisions about securing your particular Lync Server 2010 deployment.

These elements are as follows:

  • Active Directory Domain Services (AD DS) provides a single trusted back-end repository for user accounts and network resources.

  • Role-based access control (RBAC) enables you to delegate administrative tasks while maintaining high standards for security.

  • Public key infrastructure (PKI) uses certificates issued by trusted certification authorities (CAs) to authenticate servers and ensure data integrity.

  • Transport Layer Security (TLS), HTTPS over SSL (HTTPS), and mutual TLS (MTLS) enable endpoint authentication and IM encryption. Point-to-point audio, video, and application sharing streams are encrypted using Secure Real-Time Transport Protocol (SRTP).

  • Industry-standard protocols for user authentication, where possible.

  • Windows PowerShell provides security features that are enabled by default so that users cannot easily or unknowingly run scripts.

These fundamental security elements work together to define trusted users, servers, connections, and operations to help ensure a secure foundation for Lync Server 2010.

The topics in this section describe how each of these fundamental elements works to enhance the security of your Lync Server infrastructure.