Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

This article contains general explanations about where UCMA should be installed and how "Trusted Application"  works.

UCMA

UCMA is a software component by Microsoft that we install on certain servers (typically Access Portal web server).
This component allows for developers and 3rd party apps to get access and take control over certain aspects of Microsoft's Enhanced Presence information, instant messaging, telephone and video calls, and audio/video conferencing.

This component together with the "CsTrustedApplciation" configurations allow us to perform manipulations and use the SfB/Lync environment in order to do the following:

  • Use Contact list information pulled from SfB environment to set certain Ethical wall policies that apply according to contact list memebers
  • Send IMs to users and admins from the local SfB environment in order to notify them about Ethical wall/DLP/etc. actions that were performed.

 

This is an important part of our product and guidance about it's installation and configuration can be found in the installer guide, Ethical wall installation guide and DLP installation guide.

Trusted Application

As part of the installation of the UCMA certain configuration in the SfB/Lync topology. These configurations allow the environment to identify and authenticate the 3rd party application that are trying to access them (Access Portal Web App/SIP Filter).

In order to view this what is already configured with this configuration the following commands can be used:

Get-CsTrustedApplicationPool

Get-CsTrustedApplication

Get-CsTrustedApplicationEndpoint

 

Each one of those commands present a different part of the Trusted Application configuration. Generally there are 4 types of Trusted Application configurations: Trusted Application Pool, Trusted Application , Trusted Application endpoint , Trusted Application computer.

SkypeShield is not using Trusted Application computer. However it does use the others. Each one of these configurations have a few settings in them.

When troubleshooting issues regarding UCMA these specific settings are important to know :

For Trusted Application Endpoint:

https://technet.microsoft.com/en-us/library/gg398594.aspx

For Trusted Application:

https://technet.microsoft.com/en-us/library/gg398259.aspx

For Trusted Application pool:

https://technet.microsoft.com/en-us/library/gg425804.aspx

 

Trusted Application pool

Each Trusted Application has a pool that can contain multiple Trusted Applications,

In the Each trusted application pool is set to a specific SfB server (this is the server that we "authorize" the 3rd party application to work on) and the server in which the 3rd party App that requires authorization is installed.

Trusted Application

Within the Trusted Application pool we set a Trusted Application.

The Trusted Application specifies a "identified" (in our case "SkypeShieldTrustedApp" or "SipFilterTrustedApp") and a port to send the remote SfB actions on (by default with our scripts it's set to 11111)

Trusted Application Endpoint

In the pool our scripts also create a Trusted application endpoint, A trusted application endpoint is an Active Directory contact object that enables routing of calls to a trusted application.

Within the trusted application Endpoint we define a SIP address (In our case it is used to contact customers for IMs).

 

 

SkypeShield's trusted application installation

When installing UCMA for SkypeShield (in order to allow SkypeShield to send IM notifications and/or use contact lists as basis for Ethical wall policies) the Trusted Application configurations is a crucial part.

In order to configure the Trusted Applications in the SfB/Lync environment it is recommended to first define the values in the Access Portal,
the Trusted Application configuration can be set under 'settings' --> 'General':

First, it is required to insert the correct values (into the fields marked in red):

  • Lync pool name  - as it appears in the topology,
  • Trusted application user SIP - a random SIP address that isn't already taken
  • Access Portal server - the FQDN of the Access Portal server
  • Lync site - the SfB/Lync site as it appears in the topology

 

After inserting the correct the values press 'save' (#1) to save the configurations and then press "Export Trusted Application script" (#2), 
this will download a .ps1 file that is the script that needs to be ran on the FE.

This method of exporting the script and then running it on the Front End is faster than running the script manually and only then insert it to the Access Portal, it also assures that the Access Portal is using the correct values that are defined.

Troubleshooting

Please paste here UCMA errors and I'll try to give out information on each error so we will have a throughout troubleshooting section.

  • No labels