This article contains general explanations about where UCMA should be installed and how "Trusted Application" works.
UCMA
UCMA is a software component by Microsoft that we install on certain servers (typically Access Portal web server).
This component allows for developers and 3rd party apps to get access and take control over certain aspects of Microsoft's Enhanced Presence information, instant messaging, telephone and video calls, and audio/video conferencing.
This component together with the "CsTrustedApplciation" configurations allow us to perform manipulations and use the SfB/Lync environment in order to do the following:
- Use Contact list information pulled from SfB environment to set certain Ethical wall policies that apply according to contact list memebers
- Send IMs to users and admins from the local SfB environment in order to notify them about Ethical wall/DLP/etc. actions that were performed.
This is an important part of our product and guidance about it's installation and configuration can be found in the installer guide, Ethical wall installation guide and DLP installation guide.
Trusted Application
As part of the installation of the UCMA certain configuration in the SfB/Lync topology. These configurations allow the environment to identify and authenticate the 3rd party application that are trying to access them (Access Portal Web App/SIP Filter).
In order to view this what is already configured with this configuration the following commands can be used:
Get-CsTrustedApplicationPool
Get-CsTrustedApplication
Get-CsTrustedApplicationEndpoint
Each one of those commands present a different part of the Trusted Application configuration. Generally there are 4 types of Trusted Application configurations: Trusted Application Pool, Trusted Application , Trusted Application endpoint , Trusted Application computer.
SkypeShield is not using Trusted Application computer. However it does use the others. Each one of these configurations have a few settings in them.
When troubleshooting issues regarding UCMA these specific settings are important to know :
For Trusted Application Endpoint:
https://technet.microsoft.com/en-us/library/gg398594.aspx
For Trusted Application:
https://technet.microsoft.com/en-us/library/gg398259.aspx
For Trusted Application pool:
https://technet.microsoft.com/en-us/library/gg425804.aspx
Trusted Application pool
Each Trusted Application has a pool that can contain multiple Trusted Applications,
In the Each trusted application pool is set to a specific SfB server (this is the server that we "authorize" the 3rd party application to work on) and the server in which the 3rd party App that requires authorization is installed.
Trusted Application
Within the Trusted Application pool we set a Trusted Application.
The Trusted Application specifies a "identified" (in our case "SkypeShieldTrustedApp" or "SipFilterTrustedApp") and a port to send the remote SfB actions on (by default with our scripts it's set to 11111)
Trusted Application Endpoint
In the pool our scripts also create a Trusted application endpoint, A trusted application endpoint is an Active Directory contact object that enables routing of calls to a trusted application.
Within the trusted application Endpoint we define a SIP address (In our case it is used to contact customers for IMs).
SkypeShield's trusted application installation
When installing UCMA for SkypeShield (in order to allow SkypeShield to send IM notifications and/or use contact lists as basis for Ethical wall policies) the Trusted Application configurations is a crucial part.
The Trusted Application configuration can be set under 'settings' --> 'General':
In order to configure the Trusted Applications in the SfB/Lync environment