Chapter 15. Administration

Office Communications Server 2007 has a simple administration model. After you complete your deployment by using the Setup program, which provides wizards to facilitate the configuration of your servers, on-going administration of those servers is performed using the Admin Tools MMC snap-in called Office Communications Server 2007. This management console automatically discovers all the Office Communications Servers joined to Active Directory by querying Active Directory. The only server roles the management console is not able to discover are the Edge Server roles, as they don't publish themselves into Active Directory.

Office Communications Server 2007 also provides a Windows Management Instrumentation (WMI) interface that abstracts the underlying provider whether it is Active Directory, SQL Server, or the WMI repository. This WMI interface simplifies the effort to write management tools and scripts. The Admin Tools management console uses this WMI interface. A graphical representation of this logical structure is shown in Figure 15-1.

Office Communications Server 2007 management model

Figure 15-1. Office Communications Server 2007 management model

Note

Not all WMI settings are exposed via the Admin Tools MMC. The design philosophy of the Admin Tools MMC is to expose approximately 80 percent of the configurable settings that will be most commonly used by administrators. For more advanced configuration scenarios or less commonly used settings not exposed in the Admin Tools MMC, administrators must use the WMI interface.

The design philosophy behind the Office Communications Server 2007 management infrastructure is to store in Active Directory any information that needs to be available to all servers deployed in the forest, such as global settings and user information. Settings that must be available within the scope of a pool (that is, all servers associated with a pool) are stored in SQL. Server settings (that is, information specific to a server) are stored in the local server's WMI repository. The WMI interface exposes all these settings in an object model representation that provides semantic validation to prevent administrators or developers from creating an invalid state that the system cannot recover from. Office Communications Server 2007 exposes 95 different WMI classes, and the organizational structure of these WMI classes is described in the following section.

Configuring Global Settings

Office Communications Server 2007 leverages Active Directory to store settings that are used by all Office Communications Server 2007 servers deployed within a forest. Office Communications Server 2007 provides two options for storing global settings:

  • Global settings can be stored in the Active Directory Configuration Partition. (This option can be used for new installations only.)

  • Global settings can be stored in the Active Directory System Container in the root domain partition. (You must use this option if you are already running Live Communications Server.)

When using the System container to store global settings, Office Communications Server 2007 servers connect to root domain domain controllers (DCs) to retrieve this data. When using the configuration container, Office Communications Server 2007 servers connect to their local Global Catalog (GC) servers to obtain global settings. The servers retrieve this data via Windows Management Instrumentation (WMI)—this is not to be confused with user data, which is retrieved via the user replicator (UR) process. (See Figure 15-2.) These global settings are created during the Forest Prep step in Setup.

WMI and UR services

Figure 15-2. WMI and UR services

Global Office Communications Server settings are configurable from the Admin Tools MMC by right-clicking the forest node and selecting Properties. Two settings are available: Global Properties and Voice Properties. (See Figure 15-3.) Voice properties are global settings that are applicable only to Enterprise Voice scenarios.

Configuring global settings

Figure 15-3. Configuring global settings

Office Communications Server 2007 exposes these global settings via WMI. Administrators should access these settings from the WMI interface instead of directly modifying them in Active Directory via the Active Directory Services Interface (ADSI) or Lightweight Directory Access Protocol (LDAP). The WMI interface builds in a safety measure to prevent setting values that are invalid.

The following WMI classes are used for configuring global settings:

  • MSFT_SIPDomainData This WMI class defines the Session Initiation Protocol (SIP) domains authoritative to the Office Communications Server 2007 servers deployed within the forest. In our example environment, contoso.com is the SIP domain. Messages to users with SIP Uniform Resource Identifiers (URIs) of , where username is the name of the user, will be routed internally to the user's home pool server. If a message is addressed to a user with an SIP URI of , for example, the request will be routed outside the organization's network through the federated connection as defined by the administrator in the Federation tab. The Admin Tools MMC exposes the settings from this class in the General tab of Office Communications Server Global Properties. One of the SIP domains must be marked as the default routing domain, as shown in the following screen shot:

    Configuring global settings
  • MSFT_SIPESGlobalSearchSetting As the class name indicates, all global search settings are configurable via this WMI class. This class is exposed in the Admin Tools MMC in the Search tab, which is shown in the following screen shot:

    Configuring global settings
  • MSFT_SIPESGlobalRegistrarSetting This WMI class defines the restrictions for searching the registrar (database) to maintain performance of the system. Part of the configuration settings of this class is exposed in the User tab, which is shown in the following screen shot:

    Configuring global settings
  • MSFT_SIPGlobalFederationSetting This WMI class exposes the global Federation settings. This global configuration setting allows the administrator to centrally disable Federation without going to every server to block Federation traffic in the case of a virus or worm outburst. Also, this class allows the administrator to configure an outbound route for Federation without having to configure this same setting on all Office Communications Server 2007 servers. The Admin Tools MMC displays these settings on the Federation tab, shown in the next screen shot:

    Configuring global settings
  • MSFT_SIPGlobalArchivingSetting This WMI class exposes the global Archiving settings, and it is enforced by every Office Communications Server 2007 Standard Edition server and Enterprise Edition pool front-end server deployed in the forest that are configured to archive user communications. Settings from this class are available from the Admin Tools MMC in the Archiving tab, which is shown in the following screen shot:

    Configuring global settings
  • MSFT_SIPGlobalCDRSetting This WMI class exposes settings to configure Call Detail Records (CDRs). These settings can be found in the Admin Tools MMC under the Call Detail Records tab, shown in the next screen shot:

    Configuring global settings
  • MSFT_SIPEdgeProxySetting This WMI class defines the list of trusted Edge Servers. This list includes all Edge Server roles (Web Edge Server, Access Edge Server, A/V Edge Server). This list serves as an added measure of security. Internal Office Communications Server 2007 servers establish MTLS connections with Edge Servers in the organization's perimeter network only if they are registered in this class. The Admin Tools MMC exposes this list of trusted Edge Servers in the Edge Servers tab.

    Configuring global settings
  • MSFT_SIPArchivingServerSetting This WMI class lists all the Archiving and CDR servers deployed in the forest. This list is exposed in the Admin Tools MMC in the scope pane.

  • MSFT_SIPMCUFactorySetting This WMI class is not exposed in the Admin Tools MMC. An instance of this class is automatically created for every media type (IM, A/V, Web Conferencing, Telephony) when the pool is created. The MCU Factory is associated with an MCU only when a Conferencing Server of the same media type is activated. Because the IM Conferencing Server role runs on the front-end server, the front-end server is automatically associated with the IM MCU Factory as the IM MCU.

  • MSFT_SIPForwardingProxySetting This WMI class served a purpose in the Live Communications Server 2003 release, but it's now mostly obsolete and seldom used. As such, it is not exposed in the Admin Tools MMC.

Configuring UC-specific Settings

Office Communications Server 2007 introduces new Enterprise Voice capabilities and scenarios. When a user enabled for Unified Communications (UC) places a call by dialing a phone number, Office Communications Server needs to know how to route the call to the correct destination so that the call reaches the desired party. The administrator must configure this routing logic, configure who is allowed to use this route, and define the different phone number patterns that can be interpreted to use this route. (There's more about how phone routes are defined in Chapter 10, "VoIP Scenario.")

Configuration of these Voice over Internet Protocol (VoIP) settings is exposed by the WMI classes listed next. These settings are also exposed in the Admin Tools MMC in the Voice Properties section located under the forest node.

  • MSFT_SIPPhoneRouteUsageData This WMI class defines a list of usage names created by the administrator. A usage name is a friendly name that is associated with a phone route to indicate its intent or usage.

  • MSFT_SIPPhoneRouteData This WMI class defines a phone route. A phone route is composed of a phone pattern that is associated with a Mediation Server (and therefore a media gateway). If a dialed phone number matches the pattern, the route specifies the call to be routed to the associated Mediation Server.

  • MSFT_SIPLocalNormalizationRuleData This WMI class defines a list of 2-tuples. A 2-tuple, or pair, is composed of a matching regular expression and a transform regular expression. When a user dials a phone number, this number is checked against all the matching regular expressions that are associated with the location profile assigned to the user. If a match is found, the phone number is transformed by the transform regular expression. This process is called normalization of the phone number because a phone number can be interpreted in different ways depending on the context (such as country, state, county, city, and so on). These are called local normalization rules. The normalized phone number is then used to match a phone pattern to a phone route, and then it's routed to the correct Mediation Server.

  • MSFT_SIPLocationProfileData This WMI class defines location profiles. A location profile is simply a name that describes a collection of normalization rules to translate a phone number into E.164 format.

Configuring Policy-Specific Settings

To ease the administrative burden, instead of requiring administrators to configure each user individually, Office Communications Server exposes the concept of policies. A policy is simply a collection of user-specific settings abstracted by the name of the policy. Once the administrator configures the values of the settings to his or her needs, the administrator can assign users to this policy. If the administrator later modifies settings in the policy, these updates are automatically enforced on all users assigned to this policy without needing to configure each user individually. Office Communications Server introduces two policies: a Meeting policy and a UC policy. The Meeting policy applies to Web Server and A/V Conferencing Server settings. The UC policy configures VoIP-related settings.

The following WMI classes are used for configuring policy-specific settings:

  • MSFT_SIPGlobalMeetingSetting This WMI class defines the default Meeting policy. It actually points to an instance of the class MSFT_SIPGlobalMeetingPolicyData.

  • MSFT_SIPGlobalMeetingPolicyData This WMI class lists all Meeting policies created by the administrator. Meeting policies are stored in Active Directory in XML format. You can obtain this raw XML format of the policy by using the class MSFT_SIPGlobalPolicyXMLData with the Type field set to Meeting. The Meetings tab of the Global Properties page is shown in the following screen shot:

    Configuring Policy-Specific Settings
  • MSFT_SIPGlobalUCSetting This WMI class defines the default UC policy. It references one of the UC policies defined in MSFT_SIPGlobalUCPolicyData.

  • MSFT_SIPGlobalUCPolicyData This WMI class lists all UC policies created by the administrator. Similar to Meeting policies, these UC policies are stored in XML format in Active Directory. To retrieve the XML version of this policy, use the WMI class MSFT_SIPGlobalPolicyXMLData with the Type field set to UC. The Policy tab of the Voice Properties page is shown in the following screen shot:

    Configuring Policy-Specific Settings
  • MSFT_SIPGlobalPolicyXMLData This WMI class exposes the policy settings in XML format as they are stored in Active Directory.

Configuring Service Connection Point Settings

Each Office Communications Server (with the exception of Edge Server roles) creates a service connection point (SCP) on the corresponding computer object in Active Directory when installed. The SCP marker registers in Active Directory the type of service installed on the computer joined to the Active Directory forest. This makes it possible for administrators and monitoring services (SMS, HP OpenView, IBM Tivoli) to determine what type of services are running on every computer. When the Office Communications Server is uninstalled, the SCP is removed from the corresponding computer object in Active Directory. This is part of Microsoft's best practice standards for Active Directory.

The following WMI classes are used for configuring SCP settings:

  • MSFT_SIPESServerSetting This WMI class defines the SCP for Office Communications Server 2007 Standard Edition servers and Enterprise Edition pool front-end servers. The "ES" in the name of the class stands for "Enterprise Services."

  • MSFT_SIPMCUSetting This WMI class defines the SCP for Conferencing Servers.

  • MSFT_SIPWebComponentsServerSetting This WMI class defines the SCP for Web Components Servers.

  • MSFT_SIPMediationServerSetting This WMI class defines the SCP for Mediation Servers.

Note

There is no SCP created for Communicator Web Access Servers.

Configuring Trusted Server Settings

To avoid the scenario of a rogue server inside the organization posing as a legitimate Office Communications Server and therefore gaining access to other users' data, Office Communications Server 2007 uses a trusted server list. This list prevents rogue servers from spoofing as Office Communications Servers. If a server's fully qualified domain name (FQDN) is not listed in the trusted server list, all other Office Communications Servers will not accept mutual transport layer security (MTLS) connections from it.

All internal Office Communications Servers (except Edge Servers) create an entry in the appropriate trusted server list during activation. This is why administrators must be members of the RTCUniversalServerAdmins group to run activation. Rogue users with insufficient permissions are not able to add their server's FQDN to this trusted server list.

This list of trusted servers is not explicitly exposed in the Admin Tools MMC—for example, in a table with the heading "Trusted Servers." However, the scope pane uses the different trusted server lists to populate the tree view. Any server not trusted is not listed in the scope pane. The only exception is Communicator Web Access (CWA) Servers. To view the list of trusted CWA servers, you must open the Communicator Web Access (2007 release) Manager, and all trusted CWA 2007 servers will be listed in the scope pane.

For each type of server role, a different WMI class is used. The following WMI classes are used for configuring trusted server settings:

  • MSFT_SIPESTrustedServerSetting This WMI class defines the list of Office Communications Server 2007 servers to be trusted. The following server roles, when activated, create an entry in this list specifying their FQDN: Standard Edition Servers, Enterprise Edition pool front-end servers, Conferencing Servers, and Mediation Servers.

  • MSFT_SIPTrustedServiceSetting This WMI class defines the list of services trusted by other Office Communications Server 2007 servers. Communicator Web Access Servers, Mediation Servers, and A/V Edge Servers—referred to internally as Media Relay Access Servers (MRAS)—are listed as trusted services. Third-party independent software vendors (ISVs) that want to create SIP servers that are trusted by Office Communications Server 2007 servers must create an entry in this trusted service list.

  • MSFT_SIPTrustedMCUSetting This WMI class, introduced in Office Communications Server 2007, lists all the Microsoft trusted Conferencing Servers (Web Conferencing Server, IM Conferencing Server, A/V Conferencing Server, and Telephony Conferencing Server).

  • MSFT_SIPTrustedWebComponentsServerSetting This WMI class defines the list of trusted Web Components Servers, as its name indicates.

Configuring User-Specific Settings

Office Communications Server 2007 leverages existing user information available in Active Directory, plus it adds more attributes to the user object that are specific to Office Communications. These additional attributes are made available through the schema extension performed during Schema Prep. Such attributes include SIP URI, home server FQDN, Federation setting, Remote User setting, PIC setting, RCC settings, and UC settings.

In addition to the user attributes stored in Active Directory that need to be available to every home server in the forest, the user's home server stores user settings that need to be available only to the user's endpoint (for example, Communicator, which can be considered an endpoint for communications from user to user across various systems). These settings are often large and change more frequently than the user settings stored in Active Directory. Storing these settings in Active Directory would not make the right use of this technology. Storing this data in SQL Server is a more appropriate choice. Settings stored in SQL Server are contacts, contact groups, permissions, and user options (call forwarding rules, notes, and so on).

These Office Communications Server–specific user settings are exposed to administrators via the four WMI classes listed next. Unlike the client application programming interfaces (APIs) offered—such as the UC Communicator Web Access (AJAX) APIs and Communicator APIs—the advantage of these WMI APIs is that the administrator can administer a user's contacts, groups, and permissions without needing to sign in with the user's credentials. These WMI APIs do not expose the full functionality that the client APIs offer, though. For example, an administrator can prepopulate a user's contact list with the peers from her working group or organizational structure.

The following WMI classes are used for configuring user-specific settings:

  • MSFT_SIPESUserContactGroupData This WMI class exposes the user's contact groups.

  • MSFT_SIPESUserContactData This WMI class exposes the user's contact list.

  • MSFT_SIPESUserACEData This WMI class exposes permissions that are applied on the user's contacts.

  • MSFT_SIPESUserSetting This WMI class exposes the user's settings stored in Active Directory and the user's home server SQL Server database.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.137.174.147