In-Band Provisioning
Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
During sign-in, a client uses the methods described in the section Client Sign-In, Discovery, and Presence to determine which server it should sign in to. When the sign-in process begins, the client receives bootstrapping information that specifies the default servers and security mode that the client should use until sign-in is completed.
After the client is signed in, it receives settings from the server pool through in-band provisioning. Specific settings that have been configured in the Office Communications Server properties are propagated to the client during this process.
For example, Office Communicator clients receive server locations, security information, and settings related to specific client features during in-band provisioning. Office Communicator Phone Edition devices receive the list of supported location profiles and pool-level defaults through in-band provisioning.
The following table outlines the settings that are sent to Office Communicator clients during in-band provisioning and the location where these settings are configured on the server.
Office Communicator in-band provisioning settings
Settings sent through in-band provisioning | Location in server properties |
---|---|
Internal and external URLs for the Address Book Server and Web Service for Distribution Group expansion. |
In the pool properties, Web Component Properties, Address Book tab, Internal URL and External URL |
Location of the Media Relay Access server |
In the forest properties, Global Properties, Edge Servers tab, under A/V Edge Servers. |
SIP high security mode |
In the pool properties, Front End Properties, Voice tab, in the Advanced Voice Options page (after Advanced Options, click Configure), under SIP security mode. |
Telephony Mode, which determines whether enterprise and voice telephony features, remote call control, computer-to-computer calling, are enabled |
Voice license: In the user’s Active Directory properties, Communications tab, Telephony options. Enterprise license: In the forest properties, Global Settings, Meetings, Global Policies Enterprise with Voice license: Both of the above settings |
Audio/video conferencing and data conferencing, |
In the forest properties, Global Properties, Meetings, Global Policies |
Simultaneous ringing |
In the forest properties, Voice Properties, Policy tab, edit the policy and select or clear “Allow simultaneous ringing of phones” |
Whether encryption is supported or required when making and receiving audio and video calls |
Pool Properties, Media Tab, under Security Settings, Encryption Level |
Default location context for phone calls |
In the forest properties, Voice Properties, Location tab |
Line information for the UC phone line |
In the user’s Active Directory properties, Communications tab, Telephony options, Line URI. |
For Office Communicator, an advantage of using in-band provisioning is that information critical to client functionality is stored on the server and not on the computer, enabling a user to sign in from any computer that is running Office Communicator.
In-band provisioning simplifies applying policies and server settings across the organization because the settings apply to all clients that sign in to the server pool. However, some organizations may have to apply distinct settings and policies to different groups within the organization. Administrators can achieve this greater level of detail by using Group Policy to apply separate client settings to different Active Directory groups, as described in the next section, “Group Policy for Unified Communications Clients.”
Note
Office Communicator Phone Edition clients receive all settings from the server through in-band provisioning and are not configurable through registry-based Group Policy.
Some application layer settings are common between Office Communicator and Office Communicator Phone Edition. Because Office Communicator Phone Edition has no Group Policy mechanism, certain application layer settings that were previously controlled only through Group Policy have moved in-band in the Office Communications Server 2007 R2 release. This move was made so that Phone Edition clients could receive these settings through in-band provisioning. However, before you remove any group policies because the settings have moved in-band, you should consider the effect on Communicator clients. The affected settings are as follows:
Portrange (Specify dynamic port ranges) and the Enabled, MaxMediaPort, and MinMediaPort subkeys
EnableTracing (Turn on tracing for Communicator)
EnableSIPHighSecurityMode (Configure SIP security mode)
Of these settings, the SIP Security Mode setting is used during the bootstrapping process to specify whether TLS is required. If your organization has required a TLS connection between clients and servers in earlier versions of Office Communications Server, you have probably already set the Group Policy for SIP Security Mode. Even though the setting has moved in-band for Office Communications Server 2007 R2, you should keep the SIP Security Mode Group Policy because it is still used during bootstrapping, before the client can receive settings through in-band provisioning. Maintaining the SIP Security Mode policy helps to retain security during the bootstrapping process.