This article contains general explanations about where UCMA should be installed and how "Trusted Application" works.
UCMA
UCMA is a software component by Microsoft that we install on certain servers (typically Access Portal web server).
This component allows for developers and 3rd party apps to get access and take control over certain aspects of Microsoft's Enhanced Presence information, instant messaging, telephone and video calls, and audio/video conferencing.
This component together with the "CsTrustedApplciation" configurations allow us to perform manipulations and use the SfB/Lync environment in order to do the following:
- Use Contact list information pulled from SfB environment to set certain Ethical wall policies that apply according to contact list memebers
- Send IMs to users and admins from the local SfB environment in order to notify them about Ethical wall/DLP/etc. actions that were performed.
- Escalate conference: wheמ a conversation starts and we want to join it in a hidden way to make it a conference we will use UCMA.
This is an important part of our product and guidance about it's installation and configuration can be found in the installer guide, Ethical wall installation guide and DLP installation guide.
Trusted Application
As part of the installation of the UCMA certain configuration in the SfB/Lync topology. These configurations allow the environment to identify and authenticate the 3rd party application that are trying to access them (Access Portal Web App/SIP Filter).
Skype for Business presents 4 entity types within the model of Trusted Applications.
Trusted Application pool
A trusted application is a Skype for Bussiness entity that is configured under a Server pool and represents a collection of internal functionalities/components of the Server Pool(named Trusted Application).
You can list the existing Application pools by running the following command in Powershell on the Front-End
Get-CsTrustedApplicationPool
Trusted Application
A Trusted Application is an entity within the pool that specifies an identity and connectivity details for different components utilizing the Application Pool
Sphereshield set 3 Applications
| Trusted Application name | Port | Usage | Pool | Required |
|---|---|---|---|---|
| SkypeShieldTrustedApp | 1111 | Access Portal | Access Portal pool | Yes |
| MaintenanceServiceTrustedApp | 1113 | Maintenance Service | Access Portal pool | Yes |
| SipFilterTrustedApp | 1112 | SIP filter on the Front-End | Front-End pool | No |
You can list the existing Application pools by running the following command in Powershell on the Front-End
Get-CsTrustedApplication
Trusted Application Endpoint
A trusted application endpoint is an Active Directory contact object that enables the routing of calls to a trusted application.
Sphreshield requires it for IM notification and enable the ability to impersonate a SIP address
You can list the existing Application pools by running the following command in Powershell on the Front-End
Get-CsTrustedApplicationEndpoint
Trusted Application computer
Not used by Sphereshield
SkypeShield's trusted application installation
In order to deploy the UCMA integration we recommend starting from the Access Portal for more information see the following KB