Versions Compared

Version Old Version 8 New Version Current
Changes made by

Agat Support

Avi J. Levin (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article contains general explanations about where UCMA should be installed and how "Trusted Application"  works.

Table of Contents

UCMA

UCMA is a software component by Microsoft that we install on certain servers (typically Access the Admin Portal web serverServer).
This component allows for developers and 3rd party apps developers to get access and take control over certain aspects of the following aspects of Skype for Business internal functionalities:

  • Microsoft's Enhanced Presence information

...

  • .
  • Impersonating messages.
  • Telephone and video calls

...

  • .
  • Audio/video conferencing.

This component together integration combined with setting the "CsTrustedApplciation" Trusted Application configurations allow us to perform manipulations and use the SfB/Lync environment in order to do the following:

  • Ethical Wall policies based on Contact list - Use Contact list information pulled from the SfB environment to set certain Ethical wall policies that apply according to contact list memebersmembers.
  • User/Admin notification - Send IMs to users and admins from the local SfB environment in order to notify them about Ethical wall/DLP/etc. actions that were performed.
  • Escalate conference: wheמ a conversation  starts and we want to join it in a hidden way to make it a conference we will use UCMA.

...

  • Organized conference for MDM registration - Create a conference after device registration when using 3rd generation MDM to ease the registration process.

Trusted Application

As part of the installation of the UCMA certain configuration in the SfB/Lync topology. These configurations allow the environment to identify and authenticate the 3rd party application that are trying to access them (Access Admin Portal Web App/SIP Filter).

Skype for Business presents 4 entity types within the model of Trusted Applications.

Trusted Application pool

A trusted application is a Skype for Bussiness Business entity that is configured under a Server pool and represents a collection of internal functionalities/components of the Server Pool(named Trusted Application).

You can list the existing Application pools by  by running the following command in Powershell on the Front-End

Code Block
languagepowershell
Get-CsTrustedApplicationPool

Trusted Application

A Trusted Application is an entity within the pool that specifies an identity and connectivity details for different components utilizing the Application Pool

Sphereshield set 3 Applications

Trusted Application namePortUsagePoolRequired
SkypeShieldTrustedApp1111Access PortalAccess Portal poolYes
MaintenanceServiceTrustedApp1113Maintenance ServiceAccess Portal poolYes
SipFilterTrustedApp1112SIP filter on the Front-EndFront-End poolNo

You can list the existing Application pools by  by running the following command in Powershell on the Front-End

...


A trusted application endpoint is an Active Directory contact object that enables the routing of calls to a trusted application.

Sphreshield Sphereshield requires it for IM notification and enable the ability to impersonate a SIP address 

You can list the existing Application pools by  by running the following command in Powershell on the Front-End

Code Block
languagepowershell
Get-CsTrustedApplicationEndpoint

Trusted Application

...

Computer

Not used by Sphereshield

SkypeShield's trusted application installation

...

See Also