Securing MPS to Back-end System Communications
The MPF Engine servers will communicate with various back-end systems through MPF Providers. Hosted Messaging and Collaboration ships 23 providers that use various protocols or APIs to perform actions both locally and on remote servers. A Service Provider should take steps to ensure that this communication cannot be inspected, redirected, or modified by rogue users or systems. Some actions like the following should be taken:
Configure firewalls to only allow connections between the MPF engine server and the servers in order to perform necessary provisioning actions.
Explicitly disallow MPF Engine servers from connecting to any servers outside of your data center.
Configure firewall rules to ensure that only the necessary protocols are open between MPF Engine and provisioned servers. The table below describes the APIs or Protocols used by each provider this may be helpful in defining firewall rules.
Provider Name Protocol/API Notes Active Directory Provider
System.DirectoryServices
BlockModelRMO
System.Data.SQLClient
Command Line Provider
CreateProcess (Local Only)
Computer Management Provider
System.DirectoryServices Native Advapi32 methods (LSA*) (interop)
CoreRMO
System.Data.SQLClient
DNS Provider
HTTPS (remote) WMI (local)
The DNS provider has a .NET remoting component that must be installed on each target DNS server.
Error Provider
(Local only)
Exchange 2007 Mobility Provider
Powershell Exchange 2007 Cmdlets
Exchange 2007 Provider
System.DirectoryServices Powershell Exchange 2007 Cmdlets
File System Provider
(Local Only) Various File IO and security APIs
FrontPage Provider
System.Web.Services.Protocols
IIS Provider
System.DirectoryServices IISOle
Office Communications Server Provider
System.DirectoryServices WMI
Powershell Provider
(Local Only) PowerShell
Registry Provider
Microsoft.Win32.Registry*
Scripting Provider
IActiveScript (Interop)
SharePoint2007Provider
HTTPS (Remote) Microsoft.SharePoint class library (local)
The SharePoint2007 Provider has a Web Service component that must be installed on a SharePoint Server, remote MPF Engines use HTTPS to connect to this Web Service.
SMTP Mail Provider
System.Net.Mail.SMTPClient
SQL Admin Provider
System.Data.SQLClient
SQL Provider
OLEDB
Unified Messaging 2007 Provider
Powershell Exchange 2007 Cmdlets
Windows Installer Provider
WMI
XML File Provider
(Local Only) System.IO System.XML