Share via


Best practices for your core infrastructure in Skype for Business Server

You probably already took steps to design fault tolerance in your system, using practices such as ensuring hardware redundancy, guarding against power loss, routinely installing security updates and antivirus measures, and Monitoring Server activity. These practices benefit not only your Skype for Business Server infrastructure, but also your entire network. If you didn't implement these practices, we recommend that you do so before deploying Skype for Business Server.

To help protect the servers in your Skype for Business Server deployment from accidental or purposeful harm that might result in downtime, take the following precautions:

  • Ensure your servers are up-to-date with security updates. Subscribing to the Microsoft Security Notification Service helps ensure that you receive immediate notification of security bulletin releases for any Microsoft product. To subscribe, go to the Microsoft Technical Security Notifications website.

  • Ensure that access rights are set up correctly.

  • Ensure your servers are in a physical environment that prevents unauthorized access. Ensure that adequate antivirus software is installed on all your servers. Keep the software up-to-date with the latest virus signature files. Use the automatic update feature of your antivirus application to keep the virus signatures current.

  • Disable the Windows Server operating system services that aren't required on the computers where you install Skype for Business Server.

  • Encrypt operating systems and disk drives where data is stored with a full-volume encryption system, unless you can guarantee constant and complete control of the servers, total physical isolation, and proper and secure decommissioning of replaced or failed disk drives.

  • Disable all external Direct Memory Access (DMA) ports of the server, unless you can guarantee tight control over the physical access to the servers. DMA-based attacks, which can be initiated fairly easily, could expose very sensitive information, such as private encryption keys.