Security – Nortel Networks NN43001-121 User Manual
Page 59
General requirements
59
The port range can be controlled (restricted) to a smaller range using
the group policy settings as described on the Microsoft Web site:
Port ranges must not overlap.
Security
When you consider a Converged Office deployment, ensure you understand
the following security concepts and integrate them into your deployment
planning.
OC client authentication
Authentication of Office Communicator clients is provided by the Office
Communications Server. For more information about authentication, see
Microsoft Office Communications Server 2007 Planning Guide . Download
Microsoft documentation from the Download Center at
.
Authorization of TR/87 (Remote Call Control) service requests
Authorization of TR/87 (Remote Call Control) service requests within a
Converged Office deployment is handled by the Nortel MCM. The main
requirement for authorization of service requests arises from Office
Communicator users who can manually override the Phone Integration
settings in Active Directory provisioned by an administrator. To ensure
that each Office Communications Server user is restricted to the Active
Directory configuration provisioned by an administrator for Remote Call
Control, MCM provides an option to enable or disable authorization of
TR/87 service requests. For details about the authorization process and
MCM configuration requirements, see
"Configuring MCM for Remote Call
.
Signaling and media encryption
IP connectivity between the Office Communications Server and the CS
1000 is provided by TCP and TLS. Similarly, Office Communications Server
server-to-server traffic can also be TCP or TLS. The MCM 3.0 supports TCP
only, therefore, the connections between the Mediation Server and the OCS
Proxy server and the Proxy server and the NRS/SIP Gateway are TCP.
To provide signaling security between the Office Communications Server
and the CS 1000 (see
Figure 17 "Signaling Security" (page 60)
), Nortel
Contivity VPN routers can be used to tunnel SIP signaling between the
Office Communications Server and the CS 1000. A single VPN router that
supports the Office Communications Server can service multiple individual
VPN routers from multiple CS 1000 deployments.
Nortel Communication Server 1000
Nortel Converged Office Fundamentals — Microsoft Office Communications Server 2007
NN43001-121
01.03
Standard
Release 5.0
30 April 2008
Copyright © 2005–2008, Nortel Networks
.