If you would like to read the next articles in this series please go to:
- Microsoft Office Communications Server Resource Kit Chapter 5: Conferencing Scenarios (Part 2)
- Microsoft Office Communications Server Resource Kit Chapter 5: Conferencing Scenarios (Part 3)
A WindowsNetworking.com exclusive! The three articles in this series represent an entire chapter of the soon-to-be-released Microsoft Office Communications Server Resource Kit. This Resource Kit will be the definitive reference for deploying, configuring, and supporting Office Communications Server 2007 and includes lots of expert insights direct from the Microsoft Office Communications Server Team. The Resource Kit provides in-depth technical guidance concerning architecture, deployment, security, administration, performance tuning, and troubleshooting Office Communications Server 2007.
The content for these articles has been excerpted from Chapter 5 by Hao Yan of the Microsoft Office Communications Server Resource Kit by Jeremy Buch, Jochen Kunert, and Rui Maximo with Byron Spurlock, Hao Yan, James O’Neill, John Clarkson, Kintan Brahmbhatt, Mitch Tulloch, Rick Kingslan, Stephanie Lindsey, and the Microsoft Office Communications Server Team. Reprinted by permission of Microsoft Press. All rights reserved. For more information, go to http://www.microsoft.com/MSPress/books/10482.aspx.
Chapter 5: Conferencing Scenarios (Part 1 of 3)
This chapter introduces the conferencing scenarios and capabilities supported by Office Communications Server 2007. The chapter also describes the technical details behind these scenarios, including the conferencing architecture, conference life cycle, and call flow. Finally, the chapter concludes with a discussion of conference administration that includes configuring pool-level settings and global-meeting policy settings.
Overview of Conferencing Scenarios
Office Communications Server 2007 introduces the capability for enterprise users both inside and outside the corporate firewall to create and join real-time Web conferences hosted on internal corporate servers. These conferences or meetings (which are referred to as on-premise conferences) can be scheduled or ad hoc. Attendees of these conferences can communicate using IM, audio, video, application sharing, slide presentations, and other forms of data collaboration. Enterprise users can invite external users without Active Directory Domain Services accounts to participate. Users who are employed by federated partners with a secure and authenticated identity can also join conferences and, if invited to do so, can act as presenters. Conference organizers control access to the conferences they organize by defining access types.
For administrators, Office Communications Server 2007 provides meeting policies, global-level settings, pool-level settings, and user-level settings to allow administrators to control almost every aspect of on-premise conferencing capabilities, such as access control, resource management, conference life cycle management, and so on. The scale-out conferencing architecture based on pools ensures high availability of conferences¡ªif a server supporting a conference fails, the conference is automatically rolled over to another server with same server role. Moreover, Office Communications Server also supports features that meet common compliance requirements. Basic conference information¡ªsuch as creation time, activation time, user join, and user leave¡ªare logged in the Call Detail Record (CDR) database. Most data collaboration contents are also recorded in a specific compliance file share.
This unified, server-based conferencing solution provides an alternative to hosted Web conferencing for organizations that require a more secure and controlled collaboration experience.
Understanding Conferencing User Types
In an Office Communications Server conference, all users are authenticated. Authentication is performed either by the front end of an Office Communications Server pool, by a Director if a Director is deployed, or by a federated server. Depending on the type of credentials used for authentication, Office Communications Server supports three types of users: an authenticated enterprise user, a federated user, and an anonymous user.
Understanding Authenticated Enterprise Users
An authenticated enterprise user is an employee of the enterprise hosting the Office Communications Server conference who has the following characteristics:
- Has a persistent Active Directory identity
- Is enabled for communications in Active Directory and in Office Communication Server management, and is assigned a valid Session Initiation Protocol (SIP) Uniform Resource Identifier (URI)
- Is assigned to either a valid Office Communications Server 2007 pool or a Live Communications Server 2005 Service Pack 1 (SP1) pool
Authenticated enterprise users hosted on an Office Communications Server pool can create and participate in an Office Communications Server conference. On the other hand, authenticated enterprise users hosted on a Live Communications Server 2005 SP1 pool cannot create a conference. However, they can participate in an Office Communications Server 2007 conference.
Authenticated enterprise users can be further classified into two categories according to the location from which they access Office Communications Server:
Internal User
- Internal users connect to Office Communications Server from a location behind the corporate firewall.
Remote User
- Remote users connect to Office Communications Server from a location outside of the corporate firewall. They include employees working at home or on the road, and other remote workers, such as trusted vendors, who have been granted enterprise Active Directory credentials for their terms of service.
Office Communications Server employs two Integrated Windows Authentication methods to authenticate enterprise users. Internal users are authenticated using either NTLM or Kerberos, depending on the server setting. For remote users, only NTLM is supported because Kerberos requires that the client have a direct connection to Active Directory, which is generally not the case for users connecting from outside of the corporate firewall.
Understanding Federated Users
A federated user is not an employee of the enterprise hosting the Office Communications Server conference. Instead, a federated user is an employee of a federated partner who has the following characteristics:
- Has a persistent identity in the federated partner¡¯s Active Directory
- Is enabled for communications in Active Directory and in Office Communication Server management, and is assigned a valid SIP URI
- Is assigned to either a valid Office Communications Server 2007 pool or a Live Communications Server 2005 SP1 pool hosted in the federated partner domain
Federated users are authenticated by the Office Communications Server 2007 or Live Communications Server 2005 SP1 hosted in the trusted federated partner domain. Therefore, they are trusted as authenticated users by the Office Communications Server 2007 server that hosts the conference. Federated users can join conferences, but they cannot create conferences in federated enterprises.
Understanding Anonymous Users
An anonymous user is not an employee of the enterprise hosting the Office Communications Server conference or an employee of a federated partner. Instead, an anonymous user is any user who does not have a persistent Active Directory identity in the enterprise hosting the Office Communications Server or federated partner enterprise.
Anonymous users can connect from the following three locations outside of the corporate firewall:
- An enterprise that deploys Office Communications Server 2007 or Live Communications Server 2005 SP1. However, the enterprise domain is not federated with the enterprise hosting the conference.
- An enterprise that deploys neither Office Communications Server 2007 nor Live Communications Server 2005 SP1.
- The Internet.
Anonymous users are authenticated via Digest authentication. For conferences that allow anonymous users to participate, Office Communications Server generates a conference key. Anonymous users must present the conference key when they join the conference.
Anonymous users can join Office Communications Server conferences, but they cannot create conferences on the server.
Understanding Conferencing User Roles
Regardless of authentication types, conference participants fall into one of two user role groups during a conference: presenters or attendees. Office Communications Server 2007 keeps track of user roles for each conference participant. These user roles are used to authorize users to have access to different in-conference functionalities, which are summarized in the following list:
Presenter
- A user who is authorized to present information at a conference, using whatever media is supported. A presenter is also granted rights to control a conference, such as locking a conference, ending a conference, promoting other participants to the presenter role, removing a user from a conference, or changing the list of in-conference features non-presenter participants can access, and so on.
Attendee
- A user who has been invited to attend a meeting but who is not authorized to act as a presenter. An attendee can be promoted to a presenter by other presenters during a conference.
Promotion of user roles is not persistent across different instances of the same conference. If an attendee is promoted to the presenter role during a conference, she has the presenter role until she leaves the conference. The next time the attendee joins the same conference, she will again be assigned the attendee role. Only participants who are designated as presenters by the organizer at conference creation time¡ªthat is, they are pre-set presenters¡ªcan join a conference with the automatic presenter role. In addition, currently, Office Communications Server does not support demoting a presenter to attendee.
All authenticated enterprise users and federated users can join a conference as pre-set presenters. Anonymous users can join a conference only as attendees. However, once they have joined, anonymous users can be promoted to a presenter by any existing presenters in a conference.
In addition, there is an implicit role of organizer:
Organizer
- The user who creates a conference, whether impromptu or by scheduling.
Every Office Communications Server 2007 conference is associated with an organizer. An organizer must be an authenticated enterprise user. If a user is deleted from the enterprise Active Directory, all Office Communications Server 2007 conferences she organizes are also removed from the back-end database. The content created in conferences organized by such an organizer is also removed through a content expiration feature. An organizer is by definition also a presenter and determines who else can be a presenter. An organizer can make this determination either at the time a meeting is scheduled or after the meeting is under way.
Understanding Conference Security and Access Types
Security has been a top priority for on-premise conferencing. All messaging and media in conferencing are encrypted, using the same security infrastructure as Live Communications Server 2005 SP1. In addition, Office Communications Server 2007 provides additional safeguards for conferencing. These safeguards include the following features:
- Strong authentication using Integrated Windows authentication and Digest authentication.
- Role-based authorization for conference control.
- Level of access through three predefined access types.
- Policy-based administration to allow administrators to control resource utilization and security. Meeting features are grouped and managed using meeting policies. Administrators control which meeting features a meeting organizer can use during a meeting by configuring and applying specific policies. See the section titled ¡°Understanding Meeting Policy and Policy Enforcement¡± later in this chapter for more information.
When organizers create a conference, they can set the conference to have one of three access types: open authenticated, closed authenticated, and anonymous allowed.
Understanding the Open Authenticated Conference
An open authenticated conference can be joined by all authenticated enterprise users. They join as attendees unless they have been designated as presenters by the meeting organizer.
An open authenticated conference is suitable in situations where the participant list is dynamic or unknown, such as a brown-bag meeting. Authenticated enterprise users can join any open authenticated meeting hosted on any Office Communications Server pool, even if they are not specifically invited by the conference organizer. They do need to get conference joining information, however, to join. This is usually achieved by one user forwarding a conference invitation to another user.
Federated users can join the meeting as attendees if they are invited by the organizer. Federated users are not able to join the meeting as a presenter, but they can be promoted to presenter during the meeting (This is currently a client implementation limitation; Office Communications Server does not support creating an open authenticated conference with federated users as pre-set presenters). If you want to prevent federated users from participating in an open authenticated meeting, you can do so by not configuring the Access Edge Server for federation or by disabling the organizer for federation.
Understanding the Closed Authenticated Conference
A closed authenticated conference can be joined only by authenticated enterprise users who are specifically invited by the conference organizer.
Closed authenticated conferences are suitable in situations where tight control to the conference content is required, such as a meeting that discusses confidential company financial information. An authenticated user who is not explicitly invited cannot join a closed authenticated conference, even if the user has conference join information from forwarded invitations.
Federated users can join a closed authenticated conference if explicitly invited. They can join either as attendees or pre-set presenters. Currently, client implementation prevents a user from scheduling a closed authenticated conference with federated users.
Understanding the Anonymous Allowed Conference
Anonymous allowed type conferences have the most relaxed access control. Anonymous allowed conferences can be joined by authenticated enterprise users and federated users, as well as anonymous users, as long as those users have conference join information.
Anonymous allowed conferences are suitable in situations where collaboration between enterprise users and outside users is required, such as a sales meeting that invites potential outside customers.
The meeting organizer must be authorized to invite anonymous users to create a meeting of this type. Enterprise users and federated users join as attendees unless they have been designated as presenters by the meeting organizer. Anonymous users join only as attendees, although they can be promoted to the presenter role by presenters after they have entered the meeting. To enter a meeting, anonymous users must present a conference key, which they receive in an e-mail meeting invitation, and they must pass Digest authentication.
Table 5-1 summarizes whether a user can be allowed into an Office Communications Server conference in different situations.
Conference Access Types (√means the user can join, while X means the user cannot join)
|
Conference Type |
Authenticated Enterprise User |
Federated User |
Anonymous User |
|||
|
|
Directly Invited |
Forwarded |
Directly Invited |
Forwarded |
Directly Invited |
Forwarded |
|
Open Authenticated |
√ |
√ |
√ |
√ |
X |
X |
|
Closed Authenticated |
√ |
X |
√ |
X |
X |
X |
|
Anonymous Allowed |
√ |
√ |
√ |
√ |
√ |
√ |
Understanding Conferencing Media Types
Office Communications Server 2007 conferences provide a rich multimedia experience. The following sections discuss the four main types of multimedia conferencing: multiparty instant messaging, data collaboration, audio/video, and audio conferencing provider support
Understanding Multiparty Instant Messaging
Multiparty instant messaging, or group IM, refers to an IM conversation among three or more parties. The Microsoft Windows Messenger 5.x and Office Communicator 2005 clients, along with Live Communications Server 2005 SP1, already support group IM based on establishing a separate connection between each two-user pair engaged in the conversation. In Office Communications Server 2007, a group IM session is implemented as a server-hosted conference with IM modality. This approach is more scalable and offers greater flexibility to participants than a group conversation that is based on a large number of linked peer-to-peer conversations.
The main client for multiparty instant messaging conferences is Office Communicator 2007. A group IM session can be created in one of the following ways:
-
By sending an instant message to multiple parties
-
By inviting additional parties to a two-person IM conversation
-
By sending an instant message to a Microsoft Exchange Server distribution list
|
Direct from the Source: Group Expansion Web Service
¨CHao Yan, Senior Program Manager |
Understanding Data Collaboration
Data collaboration conferences are often referred to as Web conferences. Office Communications Server 2007 supports a rich mix of data collaboration possibilities, including the following:
PowerPoint presentations
-
Office Communications Server 2007 provides native Microsoft Office PowerPoint support, which includes uploading and sharing slide decks created with PowerPoint, including animations and other rich features.
Application and desktop sharing
-
Sharing applications among multiple participants and giving other participants control of the desktop or application. Administrators can customize the level of sharing or control that is allowed in their organization or disable this feature completely through meeting policy
Microsoft Office Document Imaging (MODI) support
-
Office Communications Server 2007 also supports uploading and sharing of any document format that supports the MODI print driver. This support provides conference users the ability to share in read-only mode virtually any kind of documents that can be printed to MODI file format, including all Microsoft Office document formats, Adobe PDF format, and HTML file format. .
Web slides
-
Sharing URLs to Web pages that can be viewed and navigated independently by all meeting participants.
Multimedia content
-
Office Communications Server supports uploading and sharing media files (such as Flash or Windows Media technology files). The viewing of the media files by all meeting participants can be synchronous (controlled by presenter) or asynchronous (participants view files independently).
Handouts
-
Exchanging files in their native formats among meeting participants.
Snapshot slides
-
Capturing and displaying a static view of (an area of) the user¡¯s desktop.
Whiteboards
-
Free-form drawing and writing in a common shared space.
Text slides
-
Writing and sharing text on a virtual whiteboard (separate from the graphical whiteboard features).
Annotations
-
Annotating many types of slides, including PowerPoint slides and MODI document slides.
Polling
-
The ability to create questions and answers and compile and share responses from participants.
Q&A
-
Asking and answering questions during a meeting.
In-meeting chat
-
Peer-to-peer IM within the context of a meeting.
Shared notes
-
The ability to edit and share meeting notes with other participants.
The main client for data collaboration conferences is Office Live Meeting 2007. A data collaboration session can be created in one of the following ways:
-
By scheduling a data collaboration conference in Microsoft Office Outlook with the Outlook Conferencing Add-in
-
By selecting Meet Now in Office Live Meeting 2007
-
By adding data collaboration to an existing IM and audio/video session in Office Communicator 2007
Understanding Audio and Video Conferencing
Office Communications Server 2007 supports multiparty audio/video (A/V) conferencing. Through advanced wideband codecs such as RTAudio and RTVideo, Office Communications Server (through the Audio/Video Conferencing Server role) delivers high-quality audio and video in a conference.
The audio streams from all participants are mixed at the server and broadcasted to all participants. For video, the video stream of the most active speaker is sent to all participants. When deployed on a separate computer, the Audio/Video Conferencing Server can support up to 250 participants within a single session.
The main clients for A/V conferences are Office Communicator 2007 and Office Live Meeting 2007. An A/V conference session can be initiated in the following ways:
- By scheduling a data collaboration conference with audio and video in Outlook with the Outlook Conferencing Add-in.
- By scheduling a conference call with audio and video in Outlook with the Outlook Conferencing Add-in.
- By starting an audio/video conversation with two or more other participants in Office Communicator.
Understanding Audio Conferencing Provider Support
External audio conference participants who have not deployed Office Communications Server can participate through the services of a third-party Audio Conferencing Provider (ACP). The provider enables conferencing over an external Public Switched Telephone Network (PSTN) bridge.
Office Live Meeting 2007 is the main client that supports ACP conferences. It provides user interfaces to control various aspects of the audio conference hosted on an external PSTN bridge, such as mute self, un-mute self, mute all, and so on.
In Office Communications Server 2007, there is no interaction between the VoIP-based audio conference hosted by the Audio/Video Conferencing Server and the ACP conference hosted by external Audio Conferencing Providers. This means in a conference there cannot be some participants using their phone to dial in to the meeting while the rest use their computer audio hardware to join the meeting. When scheduling a conference, the conference organizer needs to make appropriate audio choices.
ACP integration is managed by the Telephony Conferencing Server, which always runs as a separate process on either a Office Communications Server 2007 Standard Edition server or Enterprise Edition front-end server. Integration with the Audio Conferencing Provider occurs by configuring a federated connection with the external service provider, as you would with any other federated partner. (to be continued)
If you would like to read the next articles in this series please go to:
