Not supported by SBC SWe Lite in this release.
This operation is optional, and allows SBA administrators to configure the security settings for roles, role services, and features on the SBA. This applies security rules to the Windows Server 2008 R2 operating system on the ASM hosting the SBA, and improves system hardening (i.e., reducing its surface of vulnerability).
You can do so by either Applying a Predefined Security Template, or Importing a Custom Security Template of choice. The following is a list of the main groups of security rules that are modified:
Status | |
---|---|
Step 1 - Configuring the ASM IP Settings | |
Step 2 - Joining the ASM to a Domain | |
Step 3 - Deploying the SBA | |
Step 5 - Starting the SBA Services | |
Now → | Step 6 - Applying an SBA Security Template |
Once the security template is applied, the action cannot be reversed. In order to disable the security template, the ASM has to be re-initialized.
Below is a summarized list of the primary security settings that will be applied by the stronger security rules template :
Click Security.
From the Apply Version drop down list, select the applicable TLS option (TLS 1.2 Only or TLS 1.0-1.2).
Depending on the SBA deployment, configure the appropriate TLS version. See below for guidelines.
For TLS 1.2 Only to work with a Skype for Business setup, ensure ASM-ROLL-UP-UPDATES_2016-10.zip or later is applied to the SBA. For installing ASM Rollups, refer to ASM Roll-up Update.
Click Apply TLS Version.
For Microsoft SBA Security Hardening, click Apply Default Template. If SBA Security Hardening has been run on the SBA at deployment, this field will be greyed out.
For Custom Security Template, click Browse and select the applicable Security XML file. You need a Windows Server security template XML file created using the Microsoft Security Configuration Wizard (SCW). Refer to the following for how to create the file:
Under Windows Status > TLS Version, view the current, enabled TLS version.