Sunday, January 24, 2010

Comments on the OCS 2007 R2 Workload Architecture Poster

The recently RTW’ed Architecture Poster provides a very good overview of port and certificate requirements in the different OCS workloads.

This poster of Office Communications Server 2007 R2 describes the traffic flow of protocols and ports used in each workload. Communications Server 2007 R2 supports the following workloads: IM and Presence, Conferencing, Application Sharing, and Enterprise Voice. These filtered views can assist you in architecting your deployment of Communications Server 2007 R2. The different server roles are described along with server certificate requirements. Firewall and DNS configuration requirements are also described.

I like this Poster and the idea/work put in to it and will certainly print one out for the walls in my home office. It provides a visually good overview of the Port usage and signaling/media flows used in OCS.

I have a few comments to the drawing though -

Application Sharing Workload

  • Red arrow depicting RDP/SRTP shows inbound traffic to 50,000-59,999. This is not correct – only outbound is required to endpoint. The only place this would be required is for traffic to an OCS 2007 “R1” Edge Server.
  • “A/V Edge must have publicly routable IP addresses” – true if implemented in loadbalanced config as shown (But not required for standalone Edge).

Enterprise Voice Workload

  • Red arrow depicting RDP/SRTP shows inbound traffic to 50,000-59,999. This is not correct – only outbound is required to endpoint. The only place this would be required is for traffic to an OCS 2007 “R1” Edge Server
  • I’m sure G.711 is not used through the A/V Edge as any packet loss would kill it ;-) Siren maybe used for conferencing scenarios.

A/V and Web Conferencing Workload

  • Arrows for HTTPS traffic are not correct – they should point towards the LM endpoints, as they are used for downloads of content e.g. slides.
Firewall configuration and ports on the Edge Server. Even though not OCS specific I would personally add port 53 for DNS (To internal or external depending on config) and port 80 to both external and internal (As this port is used for CRL checks). If not in the drawing then in the “Firewall Configuration” text box.
 
I generally like the idea about the DNS and Certificate portion in this poster, but IMHO it is to simplified. If a future update is planned the I think it should have its own page/poster to really handle the different scenarios and namespace requirements in OCS. So for certificates I would still point to the Whitepaper on Deploying Certificates in OCS 2007 and OCS 2007 R2, which does a better job of explaining the complexity of certificates usage/naming in OCS.

5 comments:

DrRez said...

Thank you for this feedback. It is appreciated and has been relayed to the author of the poster for review. You can always reach us (DrRez) on Twitter @DrRez with feedback as well. Keep up the good work! Best... DrRez

Rui Maximo said...

hi Dennis,
Thanks for blogging about the poster. :-) Good feedback. I'll try to incorporate more details regarding certificates and DNS within the constraints of the available space. By no means is it meant to replace the Whitepaper on Deploying Certificates in OCS 2007 and OCS 2007 R2, which is an excellent resource.
Quick feedback: although I tried to explain how to read the direction of arrows, there's two possible ways to interpret what the arrows mean. In this poster, the arrow pointing away from the LM endpoints indicates that the LM endpoint initiates the connection. Even though the LM endpoint downloads the meeting content, it must first initiate the connection. Thus, the arrow pointing from the LM endpoint to the reverse proxy to the pool.
Feel free to send me directly any more feedback. You know where to reach me.

Unknown said...

Hi Rui,

Thx for the feedback and don't get me wrong I think it's very good work and it's impossible to cover all scenarios in this limited space (otherwise it should be A1 size poster).

I'll ping you later ;-)

Vncntblack said...

wdrfv

Vncnblack said...

This is very nice points... to remind about workload...