Edge servers support multimedia communications with external users. These edge servers can be installed on a single computer or on separate computers. Edge server roles include:

• Access Edge Server
  
• Web Conferencing Edger Server
  
• A/V Edge Server
  

The Access Edge Server is essential for all external user scenarios, including conferencing, remote user access, and federation.

The Access Edge Server validates and forwards Session Initiation Protocol (SIP) signaling traffic between internal and external users. It handles only the SIP traffic that is required to establish and validate connections. It does not handle data transfer, nor does it authenticate users. Authentication of inbound traffic is performed by the Director or the Front End Server.

The Web Conferencing Edger Server enables data collaboration with external users.

The Web Conferencing Edge Server proxies Persistent Shared Object Model (PSOM) traffic between the Web Conferencing Server and external clients. External conference traffic must be authorized by the Web Conferencing Edge Server before it is forwarded to the Web Conferencing Server. The Web Conferencing Edge Server requires that external clients use Transport Layer Security (TLS) connections and obtain a conference session key.

The A/V Edge Server enables audio and video conferencing and A/V peer-to-peer communications with external users who are equipped with the Office Communicator 2007 client. Peer-to-peer communications traverse between the clients and do not go through the Audio/Video Conferencing Server.

The A/V Edge Server provides a single trusted connection point through which inbound and outbound media traffic can securely traverse network address translators (NATs) and firewalls. The industry standard solution for multimedia traversal of firewalls is Interactive Connectivity Establishment (ICE), which is based on the Simple Traversal Underneath NAT (STUN) and Traversal Using Relay NAT (TURN) protocols. The A/V Edge Server is a STUN server. All users are authenticated to help secure both access to the enterprise and use of the firewall traversal service that is provided by the A/V Edge Server. To send media inside the enterprise, an external user must be authenticated and must have an authenticated internal user agree to communicate with him or her through the A/V Edge Server.

The media streams themselves are exchanged by using SRTP (Secure Real-time Transport Protocol), which is an industry standard for real-time media transmission and reception over IP.

The HTTP reverse proxy is not an Office Communications Server 2007 server role, but it is required in the perimeter network to carry HTTP and HTTPS traffic for external users. The HTTP reverse proxy is used to enable external users to download address Book Server files, Web conferencing content, and expanded distribution lists for group IM.

The reverse proxy does not run Office Communications Server 2007 or carry SIP traffic.

For detailed information about edge servers, download and review Office Communications Server 2007 Planning Guide and Office Communications Server 2007 Edge Server Deployment Guide.