This chapter introduces the conferencing scenarios and capabilities supported by Office Communications Server 2007. The chapter also describes the technical details behind these scenarios, including the conferencing architecture, conference life cycle, and call flow. Finally, the chapter concludes with a discussion of meeting policy and policy enforcement.
Office Communications Server 2007 introduces the capability for enterprise users both inside and outside the corporate firewall to create and join real-time Web conferences hosted on internal corporate servers. These conferences or meetings (which are referred to as on-premise conferences) can be scheduled or ad hoc. Attendees of these conferences can communicate using IM, audio, video, application sharing, slide presentations, and other forms of data collaboration. Enterprise users can invite external users without Active Directory Domain Services accounts to participate. Users who are employed by federated partners with a secure and authenticated identity can also join conferences and, if invited to do so, can act as presenters. Conference organizers control access to the conferences they organize by defining access types.
For administrators, Office Communications Server 2007 provides meeting policies, global-level settings, pool-level settings, and user-level settings to allow administrators to control almost every aspect of on-premise conferencing capabilities, such as access control, resource management, conference life cycle management, and so on. The scale-out conferencing architecture based on pools ensures high availability of conferences—if a server supporting a conference fails, the conference is automatically rolled over to another server with the same server role. Moreover, Office Communications Server also supports features that meet common compliance requirements. Basic conference information—such as creation time, activation time, user join, and user leave—are logged in the Call Detail Record (CDR) database. Most data collaboration contents are also recorded in a specific compliance file share.
This unified, server-based conferencing solution provides an alternative to hosted Web conferencing for organizations that require a more secure and controlled collaboration experience.
In an Office Communications Server conference, all users are authenticated. Authentication is performed either by the front end of an Office Communications Server pool, by a Director if a Director is deployed, or by a federated server. Depending on the type of credentials used for authentication, Office Communications Server supports three types of users: an authenticated enterprise user, a federated user, and an anonymous user.
An authenticated enterprise user is an employee of the enterprise hosting the Office Communications Server conference who has the following characteristics:
Has a persistent Active Directory identity
Is enabled for communications in Active Directory and in Office Communication Server management, and is assigned a valid Session Initiation Protocol (SIP) Uniform Resource Identifier (URI)
Is assigned to either a valid Office Communications Server 2007 pool or a Live Communications Server 2005 Service Pack 1 (SP1) pool
Authenticated enterprise users hosted on an Office Communications Server pool can create and participate in an Office Communications Server conference. On the other hand, authenticated enterprise users hosted on a Live Communications Server 2005 SP1 pool cannot create a conference. However, they can participate in an Office Communications Server 2007 conference.
Authenticated enterprise users can be further classified into two categories according to the location from which they access Office Communications Server:
Internal User Internal users connect to Office Communications Server from a location behind the corporate firewall.
Remote User Remote users connect to Office Communications Server from a location outside of the corporate firewall. They include employees working at home or on the road, and other remote workers, such as trusted vendors, who have been granted enterprise Active Directory credentials for their terms of service.
Office Communications Server employs two Integrated Windows Authentication methods to authenticate enterprise users. Internal users are authenticated using either NTLM or Kerberos, depending on the server setting. For remote users, only NTLM is supported because Kerberos requires that the client have a direct connection to Active Directory, which is generally not the case for users connecting from outside of the corporate firewall.
A federated user is not an employee of the enterprise hosting the Office Communications Server conference. Instead, a federated user is an employee of a federated partner who has the following characteristics:
Has a persistent identity in the federated partner's Active Directory
Is enabled for communications in Active Directory and in Office Communications Server management, and is assigned a valid SIP URI
Is assigned to either a valid Office Communications Server 2007 pool or a Live Communications Server 2005 SP1 pool hosted in the federated partner domain
Federated users are authenticated by the Office Communications Server 2007 or Live Communications Server 2005 SP1 hosted in the trusted federated partner domain. Therefore, they are trusted as authenticated users by the Office Communications Server 2007 server that hosts the conference. Federated users can join conferences, but they cannot create conferences in federated enterprises.
An anonymous user is not an employee of the enterprise hosting the Office Communications Server conference or an employee of a federated partner. Instead, an anonymous user is any user who does not have a persistent Active Directory identity in the enterprise hosting the Office Communications Server or federated partner enterprise.
Anonymous users can connect from the following three locations outside of the corporate firewall:
An enterprise that deploys Office Communications Server 2007 or Live Communications Server 2005 SP1. However, the enterprise domain is not federated with the enterprise hosting the conference.
An enterprise that deploys neither Office Communications Server 2007 nor Live Communications Server 2005 SP1.
The Internet.
Anonymous users are authenticated via Digest authentication. For conferences that allow anonymous users to participate, Office Communications Server generates a conference key. Anonymous users must present the conference key when they join the conference.
Regardless of authentication types, conference participants fall into one of two user role groups during a conference: presenters or attendees. Office Communications Server 2007 keeps track of user roles for each conference participant. These user roles are used to authorize users to have access to different in-conference functionalities, which are summarized in the following list:
Presenter A user who is authorized to present information at a conference, using whatever media is supported. A presenter is also granted rights to control a conference, such as locking a conference, ending a conference, promoting other participants to the presenter role, removing a user from a conference, or changing the list of in-conference features non-presenter participants can access, and so on.
Attendee A user who has been invited to attend a meeting but who is not authorized to act as a presenter. An attendee can be promoted to presenter by other presenters during a conference.
Promotion of user roles is not persistent across different instances of the same conference. If an attendee is promoted to the presenter role during a conference, she has the presenter role until she leaves the conference. The next time the attendee joins the same conference, she will again be assigned the attendee role. Only participants who are designated as presenters by the organizer at conference creation time—that is, they are pre-set presenters—can join a conference with the automatic presenter role. In addition, currently, Office Communications Server does not support demoting a presenter to attendee.
All authenticated enterprise users and federated users can join a conference as pre-set presenters. Anonymous users can join a conference only as attendees. However, once they have joined, anonymous users can be promoted to presenter by any existing presenter in a conference.
In addition, there is an implicit role of organizer:
Organizer The user who creates a conference, whether impromptu or by scheduling.
Every Office Communications Server 2007 conference is associated with an organizer. An organizer must be an authenticated enterprise user. If a user is deleted from the enterprise Active Directory, all Office Communications Server 2007 conferences she organizes are also removed from the back-end database. The content created in conferences organized by such an organizer is also removed through a content expiration feature. An organizer is by definition also a presenter and determines who else can be a presenter. An organizer can make this determination either at the time a meeting is scheduled or after the meeting is under way.
Security has been a top priority for on-premise conferencing. All messaging and media in conferencing are encrypted, using the same security infrastructure as Live Communications Server 2005 SP1. In addition, Office Communications Server 2007 provides additional safeguards for conferencing. These safeguards include the following features:
Strong authentication using Integrated Windows Authentication and Digest authentication.
Level of access through three predefined access types.
Policy-based administration to allow administrators to control resource utilization and security. Meeting features are grouped and managed using meeting policies. Administrators control which meeting features a meeting organizer can use during a meeting by configuring and applying specific policies. See the section titled Understanding Meeting Policy and Policy Enforcement later in this chapter for more information.
When organizers create a conference, they can set the conference to have one of three access types: open authenticated, closed authenticated, or anonymous allowed.
An open authenticated conference can be joined by all authenticated enterprise users. They join as attendees unless they have been designated as presenters by the meeting organizer.
An open authenticated conference is suitable in situations where the participant list is dynamic or unknown, such as a brown-bag meeting. Authenticated enterprise users can join any open authenticated meeting hosted on any Office Communications Server pool, even if they are not specifically invited by the conference organizer. This is usually achieved by one user forwarding a conference invitation to another user.
Federated users can join the meeting as attendees if they are invited by the organizer. Federated users are not able to join the meeting as presenters, but they can be promoted to presenter during the meeting (this is currently a client implementation limitation; Office Communications Server does not support creating an open authenticated conference with federated users as pre-set presenters). If you want to prevent federated users from participating in an open authenticated meeting, you can do so by not configuring the Access Edge Server for federation or by disabling the organizer for federation.
A closed authenticated conference can be joined only by authenticated enterprise users who are specifically invited by the conference organizer.
Closed authenticated conferences are suitable in situations where tight control of the conference content is required, such as a meeting that discusses confidential company financial information. An authenticated user who is not explicitly invited cannot join a closed authenticated conference, even if the user has conference join information from forwarded invitations.
Federated users can join a closed authenticated conference if explicitly invited. They can join either as attendees or pre-set presenters. Currently, client implementation prevents a user from scheduling a closed authenticated conference with federated users.
Anonymous allowed type conferences have the most relaxed access control. Anonymous allowed conferences can be joined by authenticated enterprise users and federated users, as well as anonymous users, as long as those users have conference join information.
Anonymous allowed conferences are suitable in situations where collaboration between enterprise users and outside users is required, such as a sales meeting that invites potential outside customers.
To create a meeting of this type, the meeting organizer must be authorized to invite anonymous users. Enterprise users and federated users join as attendees unless they have been designated as presenters by the meeting organizer. Anonymous users join only as attendees, although they can be promoted to the presenter role by presenters after they have entered the meeting. To enter a meeting, anonymous users must present a conference key, which they receive in an e-mail meeting invitation, and they must pass Digest authentication.
Table 5-1 summarizes different situations in which users can be allowed into Office Communications Server conferences.
Office Communications Server 2007 conferences provide rich multimedia experiences. The following sections discuss the four main types of multimedia conferencing: multiparty instant messaging, data collaboration, audio/video, and audio conferencing provider support.
Multiparty instant messaging, or group IM, refers to an IM conversation among three or more parties. The Microsoft Windows Messenger 5.x and Office Communicator 2005 clients, along with Live Communications Server 2005 SP1, already support group IM based on establishing a separate connection between each two-user pair engaged in the conversation. In Office Communications Server 2007, a group IM session is implemented as a server-hosted conference with IM modality. This approach is more scalable and offers greater flexibility to participants than a group conversation that is based on a large number of linked peer-to-peer conversations.
The main client for multiparty instant messaging conferences is Office Communicator 2007. A group IM session can be created in one of the following ways:
By sending an instant message to multiple parties
By inviting additional parties to a two-person IM conversation
By sending an instant message to a Microsoft Exchange Server distribution list
Data collaboration conferences are often referred to as Web conferences. Office Communications Server 2007 supports a rich mix of data collaboration possibilities, including the following:
PowerPoint presentations Office Communications Server 2007 provides native Microsoft Office PowerPoint support, which includes uploading and sharing slide decks created with PowerPoint, including animations and other rich features.
Application and desktop sharing Sharing applications among multiple participants and giving other participants control of the desktop or application. Administrators can customize the level of sharing or control that is allowed in their organization or disable this feature completely through meeting policy.
Microsoft Office Document Imaging (MODI) support Office Communications Server 2007 also supports uploading and sharing of any document format that supports the MODI print driver. This support provides conference users the ability to share in read-only mode virtually any kind of documents that can be printed to MODI file format, including all Microsoft Office document formats, Adobe PDF format, and HTML file format.
Web slides Sharing URLs to Web pages that can be viewed and navigated independently by all meeting participants.
Multimedia content Office Communications Server supports uploading and sharing media files (such as Flash or Windows Media technology files). The viewing of the media files by all meeting participants can be synchronous (controlled by presenter) or asynchronous (participants view files independently).
Handouts Exchanging files in their native formats among meeting participants.
Snapshot slides Capturing and displaying a static view of (an area of) the user's desktop.
Whiteboards Free-form drawing and writing in a common shared space.
Text slides Writing and sharing text on a virtual whiteboard (separate from the graphical whiteboard features).
Annotations Annotating many types of slides, including PowerPoint slides and MODI document slides.
Polling The ability to create questions and answers and compile and share responses from participants.
Q&A Asking and answering questions during a meeting.
In-meeting chat Peer-to-peer IM within the context of a meeting.
Shared notes The ability to edit and share meeting notes with other participants.
The main client for data collaboration conferences is Office Live Meeting 2007. A data collaboration session can be created in one of the following ways:
Office Communications Server 2007 supports multiparty audio/video (A/V) conferencing. Through advanced wideband codecs such as RTAudio and RTVideo, Office Communications Server (through the Audio/Video Conferencing Server role) delivers high-quality audio and video in a conference.
The audio streams from all participants are mixed at the server and broadcasted to all participants. For video, the video stream of the most active speaker is sent to all participants. When deployed on a separate computer, the Audio/Video Conferencing Server can support up to 250 participants within a single session.
The main clients for A/V conferences are Office Communicator 2007 and Office Live Meeting 2007. An A/V conference session can be initiated in the following ways:
By scheduling a data collaboration conference with audio and video in Outlook with the Outlook Conferencing Add-in.
By scheduling a conference call with audio and video in Outlook with the Outlook Conferencing Add-in.
By starting an audio/video conversation with two or more other participants in Office Communicator.
External audio conference participants who have not deployed Office Communications Server can participate through the services of a third-party Audio Conferencing Provider (ACP). The provider enables conferencing over an external Public Switched Telephone Network (PSTN) bridge.
Office Live Meeting 2007 is the main client that supports ACP conferences. It provides user interfaces to control various aspects of the audio conference hosted on an external PSTN bridge, such as mute self, un-mute self, mute all, and so on.
In Office Communications Server 2007, there is no interaction between the VoIP-based audio conference hosted by the Audio/Video Conferencing Server and the ACP conference hosted by external Audio Conferencing Providers. This means in a conference there cannot be some participants using their phones to dial in to the meeting while the rest use their computer audio hardware to join the meeting. When scheduling a conference, the conference organizer needs to make appropriate audio choices.
ACP integration is managed by the Telephony Conferencing Server, which always runs as a separate process on either an Office Communications Server 2007 Standard Edition server or Enterprise Edition front-end server. Integration with the Audio Conferencing Provider occurs by configuring a federated connection with the external service provider, as you would with any other federated partner.
18.216.24.36