Chapter 3

Security

In today’s world, where security breaches are all too common, the ability to secure your Lync Server 2010 deployment is critical. In particular, your key focus should be protecting external access to Lync. The Lync Edge role and its supporting components deliver the ability to communicate with close to a billion people worldwide. However, the possibility of communicating with that many people entails risk. When correctly configured, Lync’s design will help you mitigate that risk.

Of course, its various core capabilities provide security. For example, Lync encrypts all its communications, both the signaling and the media, which means that as a platform it can be used in highly secure environments where systems that leave the media unencrypted on the wire would be less useful. With Lync, there is no need to implement another security system, such as IP Security (IPsec), just to secure media traffic. The authentication mechanisms available constitute another key element to securing Lync. While the standard username and password options are used for several clients (the PC-based ones), PIN and extension authentication underpinned by certificate authentication are used on all the new Lync IP Phone edition devices.