Versions Compared

Old Version 10

changes.mady.by.user Meir Davis

Saved on

compared with

New Version Current

changes.mady.by.user Agat Support

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Components (SIP front end/ Edge / Bastion) that need to install be installed for each scenario 


Internal / external - Describes if the user is part of the company domain or a federated / guest user

Remote/ LocalLocal - Describes the location from which a user is connecting from -   local network or remote network.

Incoming/ OutgoingOutgoing - define Defines the direction of the traffic relative to the internal SIP domain

...

Business Case ExamplePreferred Setup
Prevent sensitive info from reaching users who are
not members of the company, except Anonymous
Guests		SIP Filter on the Skype for
Business Edge
Prevent sensitive data from reaching mobile
devices of an employee		Bastion HTTPS proxy
Block communication between different groups
inside the company		SIP on the Skype for Business
Front End
Prevent sensitive data from reaching devices of an
employee outside to corporate network		Bastion HTTPS proxy and SIP
Filter on the Skype for
Business Edge
Block file transfer for Anonymous Conference
guests and for Federated Peers		Bastion HTTPS proxy and SIP
Filter on the Skype for
Business Edge
Directional screen sharing in conference 

When using direction for directional screen sharing in a conference with SipFilter, if the internal participant is not allowed to share their screen and he they override existing sharing from the external externally (that IS allowed to share),
if there is another external participant in the conference, he they will be able to see the screen of the internal participant.

There is no new invite that we can block for prenventing this senario, the preventing this scenario.  The only way was is to manage external users in the meeting and block the sharing in the FE.

thereforeTherefore, if you what want to solve this issue you must to do the following steps:

  1. SipFilter must be installed on FE and EGDE (version 3.1.9.2 or higher)
  2. the filed: field manage-meeting-external-users must be in the YAML and set to true in both FE and EDGE

the edge The EDGE will manage the users in the DB database (who join and who leave) and the FE will force the screenshare based on that

If the customer would like to block external participants from seeing Desktop of internal for anonymous (done through webapp) - Bastion is required

If the customer would like to block external participants from seeing Desktop of internal to Windows client Only - only sip should be installed on FE and Edge servers (Bastion is not required)
If the customer would like to block external participants from seeing Desktop of internal to mobile client Only - only sip should be installed on FE and Edge servers (Bastion is not required)


Info

Installing SIP Filter on the Front End may cause resource consumption and should be done following Ethical Wall Best Practice Tips

...