Manualshelf

HP Survivable Branch Communication zl Module powered by Microsoft Lync Planning and Design Guide 2011-02

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
2-34
Design Considerations
Planning Security
Use a GPO to configure a smaller range of ports for the RTP traffic.
The registry entries are: HKEY_LOCAL_MACHINE\SOFTWARE\Poli-
cies\Microsoft\Lync\PortRange\MinMediaPort and
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Lync\Por-
tRange\MaxMediaPort. The range must include at least 40 ports, but
you can include more. You can then open that range on your firewall.
Ports for audio and video conferencingIf your solution supports
conferencing, branch users must contact the Conferencing Server at the
central site to receive the service. The default ports for this service are:
Audio conferencing = TCP 49152 to 65535
Video conferencing = TCP 57501 to 65535
Ports required for remote management—If you want to monitor and
manage your SBM with a tool such as a Syslog or SNMP server, you must
ensure that the appropriate ports are open. Your firewall might already
permit all such traffic from the Syslog or SNMP server, but if you have
destination-specific policies, you must add the SBM’s IP address or host-
name to the list. The standard ports are:
Syslog = UDP 514
SNMP = UDP 161
SNMP trap = UDP 162
However, your tool might use custom ports. Check with the tool’s admin-
istrator.
You should check your solution and environment carefully and verify that you
do not need to open any other ports.
The SBM comes preinstalled with the correct firewall policies for its own
firewall. See Table 2-21 on page 2-45.
Planning Computer Policies for the SBM
Your domain might automatically push security policies to all servers that join
the domain. However, certain policies, including those defined by the Micro-
soft Security Configuration Wizard, can interfere with or break SBM function-
ality.
To protect your system, HP has already taken steps to secure the Windows
Server 2008 R2 OS that runs on the HP SBM, whenever possible following the
United States Government Configuration Baseline (USGCB) recommenda-
tions. For example, the local Administrator and Guest accounts have been
renamed and firewall rules have been added to minimize vulnerabilities to SIP
fuzzing.