Saturday, January 24, 2009

OCS 2007 R2 Deployment, Part 3

Here, we have already prepared Active directory, Installed OCS 2007 R2, and we are now ready to Configure the Server and Certificate.


I removed domain.com here and used my "external" domain of chrislehr.com. And yes, I am generic enough to name my home domain domain.com.


I highly recommend automatic logon:

Choose which domains you will support automatic logon for. I chose both, even though I plan on chrislehr.com being the main one.


I skipped this for now. If and when I do an Edge server (I plan/hope to, but unless I get a new network connection and firewall, it might not be fully functional)


Review my settings, and click next!



And it's done! I can choose to review the log, but will skip that for brevity.


Now, an important note… this is the internal pool, so an internally signed SSL cert is fine.

However, the variety of options provided is a NICE change from R1.


Now here is the important part. The name here is the "friendly name" but I still like to use a valid DN here. The MS default is OCS2007R2 (the machine name)


I skipped my org name and department screens, but here is where MS got smart and made the auto-fill work a lot better:


Now, keep in mind, OCS 2007 R2 is going to want split brain DNS. So internally, sip.domain.com and sip.chrislehr.com need to point to the pool server. If and when I move to having an edge server, then I will need those same names to externally point to the edge interface, and I will need the SSL cert there to have the same names. Keep in mind here, internally, additional SAN names are free. Externally, you want to limit this if possible. If I want to do federation, the external cert will need to be third party trusted certificate. If just remote user access, you can get away with internally signed as long as the remote machine/user are both domain members so the internally signed cert is trusted. If you expect home machines and office communicator mobile R2, you want a third party certificate.

Yes, my two person network has a Root CA.


Final review before committing:


I chose to assign the cert immediately, why make you wait for another blog post?


Viewing the cert:



And we are DONE!

Tune in next time as we configure the Web Components Server Cert and Verify our config both with the wizard and with some person to person OCS communications!

No comments: