Next week, I’m planning to spend three days on a Microsoft Live Communications Server (LCS) 2005 course, which has prompted me to look back at some earlier notes from last year’s Microsoft Technical Roadshow. At that event, Paul Brombley, a Messaging Technology Specialist with Microsoft UK, gave an overview of the LCS product – this post repeats the key messages from that presentation.
Enterprises face a number of communication challenges. One of these is productivity and cost, with disconnected data, processes, platforms and people. Communications are full of inefficiencies – playing e-mail/voice-mail “tag”, considering geographic/time zone separations, understanding availability before attempting to contact – and whilst technology can help, it is sometimes difficult to automate real-time processes and notifications. Even in these days of widespread Internet access, it can still be difficult to connect to other organisations due to the variety of standards in use, often requiring organisations to resort to specialist (and sometimes expensive) third party products. Additionally, although communications costs are dropping, long distance phone calls are still expensive, virtual meetings can’t always substitute face-to-face interaction, and e-mail systems are still used by many as huge filing systems.
Many people (myself included) have resorted to using public instant messaging (IM) services such as MSN Messenger for instant communications with presense awareness; but public IM networks are not secure (messages are transmitted in clear text over the Internet), client management is not easy, there are regulatory and compliance issues around auditing – besides which using a Hotmail address for business communications just does not look professional.
Even so, according to Microsoft, 38% of information workers use at least one IM client and whilst in 2004, 20% of enterprise users worldwide were using IM, by 2008 this is expected to grow to 80%. IM is moving from the consumer space to into business – and it’s the presence information that makes a difference.
According to Microsoft’s marketing information, their products deliver a full suite of communications capabilities:
- Integrated communications services are covered with Live Meeting, Live Communications Server and Exchange Server.
- Collaborative work space is covered by Office, Windows SharePoint Services and Project Server.
- Timely access to knowledge is covered with SharePoint Portal Server and Content Management Server.
- People-driven processes are covered by InfoPath and BizTalk Server.
- All of the above are supported with Office and the Windows Server System.
Microsoft’s real-time collaboration vision is for “intuitive, integrated software and services that provide pervasive real-time collaboration capabilities enabling people to work together more effectively”.
The products which support this vision are:
- Live Communications Server – Microsoft’s communications platform engine for presence information, IM and real-time collaboration (audio, video and data).
- Live Meeting – a web service offering conferencing and call screening over HTTPS.
- Office Communicator – Microsoft’s latest IM and telephony client, passing calls to wherever a user is physically located (desk, mobile, home, etc.) and identifying callers from the user’s address book.
Microsoft views integrated communications as a series of concentric rings. At the centre is identity, authenticated within a real organisation. The next layer is around presense, understanding context (e.g. a user is online, but their calendar says they are in a meeting, so do not disturb them unless you really need to – that’s not the same as “busy”). Next comes the communication mechanisms – data, voice, e-mail, IM and video. Finally, information agents, workflow and workspaces provide value to end-users, IT operations management and developers alike – an intuitive, contextual user experience; rich, presence-based multi-modal collaboration; universal availability across devices and networks; integrated seamlessly into the organisational infrastructure; built on standards, rich APIs, and development tools.
Enough of the marketing… basically LCS is about connecting people in a world of presence awareness and remote working, whilst keeping data safe and managed, reducing cost, and integrating with other technologies through recognised standards.
LCS can be extended outside an organisation using an LCS access proxy – a secure access point (placed in the DMZ) for external clients to interface with the internal LCS server(s). Using this model, the session initiation protocol (SIP) is run over TLS on port 5061 or 443 and no VPN is required as authentication is at the access proxy. It should be noted that although text travels between servers, audio and video are transmitted point-to-point, so may be affected by any intermediate firewalls.
This model can be extended to offer federation between organisations, or to a public IM network with a number of interconnected LCS access proxies (or other SIP proxies). Clearing houses can be used to allow an enterprise to use a single connection to interface with multiple partners, with the advantage of offering a single point of management.
LCS 2005 standard edition uses a single Active Directory-connected server, supporting up to 15,000 users with a local MSDE database. Logging/archiving can be provided using a separate SQL Server and remote access/federation is achieved via a separate LCS access proxy, placed in the organisation’s DMZ.
LCS 2005 enterprise edition provides a two-tiered architecture for scaling out, using SQL Server as the back-end database and supporting up to 20,000 users per LCS server (load balanced so up to 100,000 can be supported in a single pool). As for standard edition, remote users are supported via an LCS access proxy as is federation. High availability can be facilitated by clustering the SQL Servers.
Administered via an MMC console, LCS 2005 offers significant feature enhancements over the earlier LCS 2003 product. The licensing model is for a server, plus client access licenses (CALs), with separate CALs for LCS, telephone connectivity, and public IM connectivity (licensed per user, per month). Microsoft claims that the subscription model for public IM connectivity allows for compensation of the public IM networks for lost advertising revenue; however not every LCS user needs to be given public access – this can be controlled via Active Directory.
Mark
The last diagram on the page shows the layout of servers used to provide federated LCS. Should the Director server be on the inside LAN and not in the DMZ as the diagram seems to show? The Director authenticates users against AD and so is best done outside of the DMZ.
MarkB
Mark,
You are absolutely correct (thank you) – I have updated both the diagram and the associated text.
One thing I omitted from the text is that the director is an optional role (basically a server with no users homed on it) that is used to proxy external SIP connections to the appropriate server or pool. As Mark points out, the director needs to communicate with Active Directory and should be placed inside the firewall.
Assuming I get some time, I’m intending to write some more about LCS soon, including a more thorough description of the various server roles.
Mark
Just wanted to let you know that Microsoft does not support SQL Server 2005 Express Edition with Live Communications Server 2005 Standard Edition.
Best regards,
Rui M.
Hi Rui – thanks for that clarification – I’ve updated the text to remove the reference to SQL Server 2005 Express Edition.
Mark
Hi there, I have a “How does it work” and “How do you get it to work” question.
I have recently created a test environment to house LCS 2005 (Pool server), LCS Dir (Directory), & LCS AP (Access Proxy).
The IM is working fine within the AD and it has not affected the AD schema or Mail services, which is good.
The ultimate goal is to setup a Remote User Access model.
However, I am unsure if I need to Publish DNS SVR or DNS A record at my ISP or Telco for the LCS AP server as well as configuring the LCS AP in my DMZ. That is, the LCS AP has one Nic card with one ip address. I use the Firewall to route all inbound SIP traffice to the LCS AP and then reoute information to the LCS Dir server.
In addition, does the IM application use SIP:username@company.com connection name (i.e. email address) to piggy back to my network.
If someone can please help me -it would be appreciated.
Thank You,
Troy Price
sir
i have instaled the lcs 2005 in my environment sucessfully and working fine . but i want access the remote users to use the lcs 2005. i searched from google and i got some idea to create access proxy to be installed. but i have doubt to where to locate the access proxy server. please give me the clear network picture to locate the server.
please help