Versions Compared

Old Version 8

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 9

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 9

...

 

Include Page
Not_for_SWe
Not_for_SWe

 

Section

This operation is optional, and allows optional allowing SBA administrators to configure the security settings for roles, role services, and features on the SBA. This applies security rules to the Windows Server 2008 R2 operating system on the ASM hosting the SBA, and improves system hardening (i.e., reducing its surface of vulnerabilityvulnurability).

You can do so by either Applying a Predefined Security Template, or Importing a Custom Security Template of choice. The following is a list of the main groups of security rules that are modified:

  • Microsoft OS Services
  • Microsoft OS Networking Firewall
  • Microsoft OS Registry Values
  • Microsoft OS Audit
  • Microsoft OS SCE Templates

 

Status

Lync SBA Branch Site Tasks

(tick)

Step 1 - Configuring the ASM IP Settings

(tick)

Step 2 - Joining the ASM to a Domain

(tick)

Step 3 - Deploying the SBA

(tick)

Step 4 - Generate and Import an SBA Certificate

(tick)

Step 5 - Starting the SBA Services

Now →

Step 6 - Applying an SBA Security Template

Applying

...

a Predefined Security Template

Warning

Once the security template is applied, the action cannot be reversed. In order to disable the security template, the ASM has to be re-initialized.

...

  • Enables data execution protection
  • Enables firewall
  • Disables domain users from logging into the ASM
  • Enables only local administrator login

  1. Click the Apply Stronger Security Rules Template

...

  1. .

    Panel
    borderStylenone
  2. In the WebUI, access Tasks> Lync Survivable Branch Appliance (or Skype for Business Survivable Branch) > Setup SBA.
  3. Click Security.

    Caption
    0Figure
    1Apply Predefined Security Template

    Image Removed

  4. From the Apply Version drop down list, select the applicable TLS option (TLS 1.2 Only or TLS 1.0-1.2).

    Info

    Depending on the SBA deployment, configure the appropriate TLS version. See below for guidelines.

    • TLS 1.2 Only is supported for Lync 2013 with security update and Skype for Business.
    • TLS 1.2 Only is not supported in Lync 2010.
    Note

    For TLS 1.2 Only to work with a Skype for Business setup, ensure ASM-ROLL-UP-UPDATES_2016-10.zip or later is applied to the SBA. For installing ASM Rollups, refer to ASM Roll-up Update.

  5. Click Apply TLS Version.

  6. For Microsoft SBA Security Hardening, click Apply Default Template. If SBA Security Hardening has been run on the SBA at deployment, this field will be greyed out.

    7. For Custom Security Template, click Browse and select the applicable Security XML file. You need a Windows Server

  7. Image Added 

  8. Click OK. The operation will take up to to 5 minutes to complete.

Importing a Custom Security Template

You will need a Windows Server 2008 security template XML file created using the Microsoft Security Configuration Wizard (SCW)

...

Caption
0Figure
1Windows Security Templates
Windows VersionMicrosoft Security Configuration Wizard Reference
Windows 2008Microsoft Security Configuration Wizard (SCW)
Windows 2008R2
Windows 2012R2

Microsoft Security Configuration Wizard (SCW)

 

to proceed with this operation.

Add label
labelshardening

...

Verify TLS Version is Applied

...

0Figure
1View Enabled TLS Version

...

Pagebreak