Security Guide3
Live Communications Server2005 Supportability Guide
Published: May 2006
Updated: August 2006
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
© 2006 Microsoft Corporation. All rights reserved.
Microsoft, Windows, Windows Mobile, Windows NT, Windows Server, Windows Vista, Active Directory, Internet Explorer, MSDN, MSN, Outlook, SharePoint, and SQL Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Contents
Introduction 1
Operating System Support 1
Coexistence Support 2
Server Role Coexistence Configurations and Scenarios 3
SQL Server Back-End Coexistence Configurations and Scenarios 4
Archiving Service Coexistence Configurations and Scenarios 4
Domain Topology Support 4
Organization Topology Support 4
Support for Internal Users 5
Standard Edition Server Topologies 5
Enterprise Edition Pool Configurations 5
Communicator Web Access Configurations 5
Support for Remote Users 6
Live Communications Server 2005 Topologies and Configurations 6
Communicator Web Access Scenarios 6
Federation Scenarios 6
Branch Office Topology 7
Clearing House Topology 7
Public IM Connectivity Configurations 7
Live Communications Server 2005 Role Support 8
Front End 8
Standard Edition 8
Enterprise Edition Pool 8
Access Proxy Configurations 8
Access Proxy Array Configurations 9
Access Proxy for Direct Federation 9
Access Proxy for Clearing House Configurations 9
Access Proxy for IM Service Provider Configurations (Live Communications Server 2005 with SP1 only) 10
Director Configurations 10
Back-End Configurations 10
Standard Edition Configurations 10
Enterprise Edition (Pool) Configurations 10
Proxy Configurations 10
Archiving Service Configurations 11
Configurations Supported only by Live Communications Server with 2005 SP1 12
Telephony Support 12
SIP-PSTN Gateway Configurations 12
Communicator Web Access Server Role Support 12
IIS 6.0 Virtual Server/Isolation Configurations 13
SSL Web Publishing Configurations 13
ISA Server 2004 Configurations 13
Communicator Web Access Reverse Proxy Configurations 13
Client Support 13
Microsoft Office Communicator 2005 14
Microsoft Office Communicator Web Access 2005 14
Certificate Support 14
Live Communications Server 2005 (without SP1) Environments 15
Live Communications Server 2005 with SP1 Environments 15
Live Communications Server 2005 Environments 15
Communicator Web Access Server Certificates 15
Certificate Requirements for Clients 15
Communicator 15
Communicator Web Access 16
Public IM Connectivity Certificates 16
Hardware Load Balancing Support 16
Live Communications Server 2005 16
Communicator Web Access 16
Network Load Balancing Support 16
Port Configuration Support 17
Firewall Configuration Support 17
Live Communications Server 2005 Firewalls 17
Private (Internal) Firewall Configurations 17
Public (External) Firewall Configurations 18
Communicator Web Access Firewalls 18
Upgrade Support 18
%temp% folder Encryption Support 19
Virtualization Support 19
Live Communications Server 2005 Supportability Guide19
Introduction
This document identifies supported configurations for Microsoft® Office Live Communications Server 2005, Live Communications Server 2005with Service Pack 1 (SP1), and Microsoft Office Communicator Web Access. Client support is also identified. Live Communications Server 2003 is not discussed, but documentation is available at http://office.microsoft.com/en-us/FX011526581033.aspx
Only supported configurations are identified. If a configuration is not identified as supported in this document, then you should assume that it is not supported, even if it might work.
This document contains no deployment procedures. The Live Communications Server 2005 deployment documentation is available at:
http://office.microsoft.com/en-us/FX011526591033.aspx
The Communicator Web Access deployment documentation is available at:
http://office.microsoft.com/en-us/assistance/HA100240791033.aspx
In this document, unless otherwise noted, “Live Communications Server 2005” refers to the product with or without SP1.
Operating System Support
This section identifies supported operating systems that are required for Live Communications Server 2005 and Communicator Web Access deployments.
Live Communications Server 2005 requires one of the following operating systems:
§ Microsoft Windows Server™ 2003 R2, Standard Edition or later
§ Windows Server 2003 R2, Enterprise Edition or later
§ Windows Server 2003 R2, Datacenter Edition or later
§ Windows Server 2003, Standard Edition or later
§ Windows Server 2003, Enterprise Edition or later
§ Windows Server 2003, Datacenter Edition or later
Communicator Web Access servers require Live Communications Server 2005 with SP1 running on Windows Server 2003 SP1 as the front-end server.
All Communicator Web Access servers require one of the following operating systems:
§ Windows Server 2003 SP1 or later, Standard Edition
§ Windows Server 2003 SP1 or later, Enterprise Edition
§ Windows Server 2003 SP1 or later, Datacenter Edition
Table 1 summarizes supported operating systems for other components.
Live Communications Server 2005 Supportability Guide19
Table 1: Supported Operating System by Component
Component / Supported operating systemsLive Communications Server 2005 Remote Management MMC / Microsoft Windows® 2000 SP4
Windows XP Professional
Windows Server 2003 R2, Standard Edition or later
Windows Server 2003 R2, Enterprise Edition or later
Windows Server 2003, Standard Edition or later
Windows Server 2003, Enterprise Edition or later
Communicator Web Access Manager MMC / Windows XP Professional with IIS Manager
Windows Server 2003, Standard Edition or later, with IIS Manager
Windows Server 2003, Enterprise Edition or later, with IIS Manager
Windows Server 2003 R2, Standard Edition or later, with IIS Manager
Windows Server 2003 R2, Enterprise Edition or later, with IIS Manager
ISA Server 2000 or 2004 Firewalls / Windows Server 2003 R2, Standard Edition or later
Windows Server 2003 R2, Enterprise Edition or later
Windows Server 2003 R2, Datacenter Edition or later
Windows Server 2003, Standard Edition or later
Windows Server 2003, Enterprise Edition or later
Windows Server 2003, Datacenter Edition or later
Other Firewalls / See firewall documentation.
ISA Server 2004 to SSL Web publishing the Communicator Web Access external virtual server / Windows Server 2003 SP1, Standard Edition or later
Windows Server 2003 SP1, Enterprise Edition or later
Windows Server 2003 SP1, Datacenter Edition or later
Other Reverse Proxy / See proxy documentation.
PKI / See Certificate Support, later in this document.
Public IM Connectivity Components
(Live Communications Server 2005 with SP1 required) / Windows Server 2003 R2, Standard Edition or later
Windows Server 2003 R2, Enterprise Edition or later
Windows Server 2003 R2, Datacenter Edition or later
Windows Server 2003 SP1, Standard Edition or later
Windows Server 2003 SP1, Enterprise Edition or later
Windows Server 2003 SP1, Datacenter Edition or later
SIP-PSTN Host
(Live Communications Server 2005 with SP1, Director, required) / Windows Server 2003 SP1, Standard Edition
Windows Server 2003 SP1, Enterprise Edition
Windows Server 2003 SP1, Datacenter Edition
Communicator Web Access Client / Windows 98 SE
Windows 2000, all editions
Windows XP and later, all editions
Other operating system as dictated by Browser Support
Coexistence Support
This section identifies supported coexisting or colocated configurations.
Server Role Coexistence Configurations and Scenarios
Table 2 lists supported coexistence configurations.
Table 2: Supported Coexisting Server Roles
Server role / Supported coexisting server roles /Access Proxy / ISA Server 2000
ISA Server 2004
MOM Service (Agent)
Address Book Server / Live Communications Server, Standard Edition, Enterprise Edition, or Director
MOM Service (Agent)
Disabling Address Book Service on one or all of the front-end servers is supported for Live Communications Server 2005 with SP1.
Archiving Service / MOM Service (Agent). For details, see Archiving Service Coexistence Configurations and Scenarios later in this document.
Communicator Web Access Server / Live Communications Server 2005 with SP1, Standard Edition (recommended)
Live Communications Server 2005 with SP1, Enterprise Edition Front-End
Live Communications Server 2005 with SP1, Address Book Server
MOM Service (Agent)
Director / None
Enterprise Edition Server (Pool) / Communicator Web Access
MOM Service (Agent)
Proxy / MOM Service (Agent)
Reverse Proxy / None
Standard Edition Home Server(Front-End) / Communicator Web Access
Address Book Server
MOM Service (Agent)
SIP-PSTN / None
SQL Server (Back-End) / See SQL Server Back-End Coexistence Configurations later in this document.
Live Communications Server 2005 Management MMC / None
Communicator Web Access Management MMC / None
Firewall / Access Proxy (for ISA Server 2000 and ISA Server 2004)
Microsoft Operations Manager 2005, SP1 Server / None
SQL Server Back-End Coexistence Configurations and Scenarios
The supported Microsoft SQL Server™ back-end coexistence configuration is SQL Server 2-node (active/passive) cluster of Live Communications Server 2005 Enterprise pool back-end servers
Archiving Service Coexistence Configurations and Scenarios
Table 3 lists supported Archiving Service Coexistence configurations.
Table 3: Supported Archiving Service Coexistence
Archiving service configuration / Supported forArchiving service on Standard Edition server / Live Communications Server 2005
Archiving service on proxy / Live Communications Server 2005
Domain Topology Support
Live Communications Server 2005 and Communicator Web Access deployments support the following domain topologies:
§ Windows Server 2003 Microsoft Active Directory® directory service domains
§ Windows 2000 Server SP4 and Windows Server 2003 Active Directory domains
§ Domains with only Windows 2000 Server SP4 domain controllers, on which adprep has been run with the /forestprep and /domainprep switches. In this topology, the Live Communications Server 2005 and Communicator Web Access server components must be running on Windows Server 2003 member servers that are joined to the domain.
§ Multiple domains
§ Multiple forests
§ Multiple-tree forest topologies (Live Communications Server 2005 with SP1 only)
Organization Topology Support
Live Communications Server 2005 and Communicator Web Access deployments support the following organization topologies:
§ Internal user
§ Remote user
§ Federation
§ Enhanced federation (Live Communications Server 2005 with SP1 only)
§ Public IM federation (Live Communications Server 2005 with SP1 only)
§ Branch office
§ Clearing house
Support for Internal Users
The following supported topologies and Enterprise pool configurations enable internal users to access services provided by Live Communications Server 2005 Standard Edition and Enterprise Edition and by Communicator Web Access.
Standard Edition Server Topologies
The following Live Communications Server 2005 Standard Edition (SE) server configurations are supported:
§ One or more SE servers deployed alone or in combination with one or more Enterprise Edition (EE) server pools.
§ One or more SE servers collocated with one or more Communicator Web Access Servers on one or more computers.
For information about supported network load balancing configurations, see Network Load Balancing later in this document.
Enterprise Edition Pool Configurations
The following Live Communications Server 2005 Enterprise Edition (EE) server configurations are supported:
§ One EE server configured as an Enterprise Pool behind a hardware load balancer, with the back-end database on a separate computer.
§ Two or more EE servers configured as an Enterprise Pool behind a hardware load balancer, with the back-end database on a separate computer.
§ Two or more EE servers configured as an Enterprise pool behind a hardware load balancer, with a Communicator Web Access server colocated on one or more of the EE servers that make up the Enterprise Pool, and with the back-end database on a separate computer.
For information about supported network load balancing configurations, see Network Load Balancing later in this document.
Communicator Web Access Configurations
Communicator Web Access supports the following internal client configurations:
§ Internal clients with and without Windows operating systems.
§ Internal clients with and without the Internet Explorer® Internet browser.
§ Internal clients that are not domain members, as well as those that are domain members.
The following server configurations are supported:
§ Two or more Communicator Web Access servers behind a hardware load balancer for internal clients.
§ Communicator Web Access server colocated with the Live Communications Server 2005 SE server (recommended only for small deployments).
§ Communicator Web Access server colocated with one of the EE servers that make up the Enterprise pool (supported but not recommended).
Support for Remote Users
Live Communications Server 2005 Standard Edition and Enterprise Edition and Communicator Web Access support remote users.
Live Communications Server 2005 Topologies and Configurations
Live Communications Server 2005 supports the following remote topologies and configurations:
§ All SE and EE topologies and configurations that are supported for internal users are also supported for remote users, as long as an Access Proxy is in front of the configuration.
§ A Director between the Access Proxy and the SE or EE configuration is recommended but not required. A Director is required when an Access Proxy is deployed with more than one internal Enterprise pool.
§ Client-to-server connections, in which direct connection is made between remote client and the Access Proxy.
§ Server-to-server connections, in which the connection between the remote client and the Access Proxy is first made through a branch office Proxy.
Communicator Web Access Scenarios
Communicator Web Access supports the following remote user scenarios:
§ SSL Web publishing of the external Communicator Web Access virtual server by using ISA Server 2004 or other reverse proxy is the recommended configuration.