none
Forefront Security for LYNC 2010

    Question

  • Dears,

    any news about Forefront for LYNC 2010? is anybody try Forefront for OCS 2007 R2 with LYNC 2010?

    Thanks

     

    Fady


    Regards, Fady Naguib
    Wednesday, October 13, 2010 3:01 PM

All replies

  • At current there is no support for Forefront with Lync Server 2010. Any change to the support statement for this configuration would come from the Forefront team first  http://social.technet.microsoft.com/Forums/en/forefrontOCS/threads
    Tom Laciano Microsoft Program Manager UC Customer and Partner Deployment Readiness
    Monday, October 25, 2010 8:33 PM
  • And therefore we will have to cancel our Enterprise wide design and deployment we were currently undertaking for a large customer and regress back to OCS 2007 R2, which will then have to remain in place for a year or two before they would consider an upgrade.

    This just keeps happening with a product released that we cannot use because the supporting technologies are not there.  Surely Microsoft did not think that we would either replace our nicely protected OCS implementations or deploy new Lync solutions to customers without protection?!

    So as it stands now Lync 2010 is totally none deployable in any sort of professional outside of a lab scenario due to the lack of a ForeFront module for it.

    Other examples include the release of SQL 2007 R2 and yet a number of products do not recognise it so we cannot deploy on it (e.g. SCCM and SCOM will not install so our recently upgraded SQL server farm will have to have an older version reinstalled to support our SC deployments)

    Regards

    Mike

    Wednesday, November 17, 2010 2:08 PM
  • Easy tiger?  Kidding, but curious as to what you're major concern here is.  File transfer via OCS/Lync client?  Just curious what the larger picture is regarding your concerns.
    Friday, November 19, 2010 9:38 PM
  • Indeed the lack of control over File Transfers (type and content) is one critical function that we cannot deliver at this time without the ForeFront module for Lync, so we have had to regress a 22,000 seat install back to OCS 2007 R2.

    Which does not make any of us look good.

    Defence in depth has to include protection at product launch, if we are to deploy it.

    Thursday, November 25, 2010 5:41 PM
  • FaceTime offers a solution named Vantage for security, management, and compliance for OCS and Lync.  It includes the ability to control file transfers based on file type, size, and content... as well as most other aspects of UC usage.  The solution for OCS has been out for years and we're going to be releasing our version for Lync soon.

    I manage the Vantage platform for FaceTime and of course would be happy to provide you with more details.  We are a Microsoft Gold Partner.

    Brian

    Tuesday, November 30, 2010 7:44 PM
  • The last I have heard on this subject is that the next service pack / update will provide this support. This information does not always flow through our team so if anyone catches the update before I do, please post it here for others.
    Tom Laciano Microsoft Program Manager UC Customer and Partner Deployment Readiness
    Tuesday, December 14, 2010 3:57 PM
  • any update? when will Forefront for Lync avaiable?
    Monday, February 28, 2011 7:01 AM
  • We have not received too much more information, it seems that "next SP" may have been more accurately stated as "future SP". While the 2 teams work together I believe that ForeFront will actually own the support statement and thus monitoring their forums. Certainly I will share when we hear something. 
    Tom Laciano Microsoft Program Manager UC Customer and Partner Deployment Readiness
    Monday, February 28, 2011 1:39 PM
  • I have a client doing two greenfield environments, each holding ~15,000 users that will likely be on OCS 2007 R2 due to this. And if they DO go to OCS, it'll be at least three years before they consider changing to something else.

    Sad that this long after RTM there is no Forefront solution.

    Thursday, March 17, 2011 5:52 PM
  • I agree.  The gap between RTM and an updated release of ForeFront for Lync, plus the various mobile clients we have been looking for, is far too large.  When a release of this magnitude is performed Microsoft needs to follow that up with supporting releases much faster than this...

    Thursday, April 07, 2011 1:45 PM
  • Are there any updates on when ForeFront will be available for Lync? It looks like Vantage is the only option for protecting Lync currently.

    Jason Hindson
    Thursday, May 05, 2011 12:03 AM
  • The latest update (May 13)

    A service pack for Forefront Security for Office Communications Server to support Lync in H2 CY11 (2nd half of the calendar year 2011).

    Please be aware of the Lync Security Guide - http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1400504e-8b2e-4d75-b091-1bf9f7bbc46f and for the Lync Admin, use the Set-CsFileTransferFilterConfiguration and Set-CsImFilterConfiguration policy settings. 

    1. Lync PowerShell Blog - http://blogs.technet.com/b/csps/
    2. Next Hop Blog - http://blogs.technet.com/b/nexthop/  IT Pro content and alert to content in the community
    3. Dr Rez blog - http://blogs.technet.com/b/drrez/  Deep technical content including Resource Kit chapters

    Note: I like to caution folks assuming no delay occurs in this plan that December 31 11:59:59 PST is still H2 CY11, I offer this because many times people are overly optimistic that it would be available June 1. 

     


    Tom Laciano Microsoft Program Manager UC Customer and Partner Deployment Readiness
    Saturday, May 14, 2011 12:57 PM

  • "December 31 11:59:59 PST is still H2 CY11"

    This indeed is true! :) (the smiley goes for the statement, and not for this awkward situation)
    Tuesday, May 31, 2011 2:14 PM
  • Just wanted to subscribe as we are concerned about this new Forefront product for Lync 2010 as well. We plan to switch to Lync 2010 from OCS 2007 and agressively testing it in a lab right now. Second Half 2011 just started, so I probably shouldn't expect Lync support for at least another couple of months.
    Wednesday, June 15, 2011 1:57 PM
  • Actiance has recently announced a new subscription, Vantage Security for Lync, that essentially offers all the functionality plus a lot more that FF for OCS had, and its available now.  Feel free to read up on it here:  http://actiance.com/news-events/press-releases/lync-security.aspx

    Be happy to answer any questions via email  ptoth@actiance.com

     

    Paul

    Friday, June 17, 2011 12:17 AM
  • Because our Enterprise is using volume and campus licenses for Microsoft products our management will most likely wait until FF for Lync 2010 is out. Or until that SP2 is available for FF For OCS R2 that makes is compatible with Lync 2010.
    Thursday, June 23, 2011 3:20 PM
  • is there Any Updates?

    does FS support Lync Product now??

     

    Saturday, November 12, 2011 5:38 AM
  • Nothing new that I know about, I would also suggest monitoring the Forefront forums although they are linking here also

    http://social.technet.microsoft.com/Forums/en-US/forefrontOCS/thread/dd1d6ac7-d05c-4b67-95e3-5b10746c2d04

     


    Tom Laciano Microsoft Program Manager UC Customer and Partner Deployment Readiness
    Monday, November 14, 2011 9:19 PM
  • 12-31-2011 is 10 days away... if they are still planning on releasing a SP for Forefront Security for OCS to support link, then they are really pusing the 2H CY11 thing.

    Still patiently waiting...

    Thursday, December 22, 2011 1:01 AM
  • Unfortunately I have no further information. Forefront is responsible for releasing the solution and thus has ownership of the message.

    Please don't read that to mean that the Lync team doesn't have contributing responsibilities, just that Forefront is primary.

    Unless someone from the Forefront team posts something I don't see 2011 happening.

    Premier customers should work through their TAM's to apply pressure for an answer in addition to these forums.


    Tom Laciano Microsoft Program Manager Lync Online - Dedicated
    Thursday, December 22, 2011 5:38 PM
  • Thank you for the quick reply Tom!

    Is there someone on the Forefront team you can contact to find out for us? I realize you are in two different product groups, but there is probably a part of each group communicating about this very issue/concern and hopefully someone in the Lync product group knows who to ask in the Forefront product group.

    Thursday, December 22, 2011 5:58 PM
  • I am in the process now of asking who would be the authoritative voice, I'll respond when I get something.
    Tom Laciano Microsoft Program Manager Lync Online - Dedicated
    Thursday, December 22, 2011 6:02 PM
  • An update, albeit absent of details, however I think come January you will know whether the release was made or not.

    For those wanting further details, I was told customers should follow up with the Forefront team. Being in a support organization for so long I will admit ignorance in how customers engage with us for a proactive manner without being a Premier customer, so in absence of anything else I would leverage the earlier post with the link to the Forefront forums.

     


    Tom Laciano Microsoft Program Manager Lync Online - Dedicated
    Tuesday, December 27, 2011 3:42 PM
  • Thank you for looking into this for us Tom, it was nice to have someone at Microsoft provide some interest and feedback.

    I must say I am dissapointed we can't get any news out of anyone, even if that news is "its delayed until 1H CY2012". As a preimere support customer, I can tell you we aren't getting any more information or help than the rest of the community is getting which is why we took to the message boards to try and get someone, anyone, to help clue us in. As it is we have been waiting for over 1/2 a year for an update ourselves, and I know others have been waiting longer.

    So here we sit and wait until the Forefront team decides to give us an update.

    Tuesday, December 27, 2011 11:18 PM
  • So I guess its a few more months since its delayed until First half of Calendar year 2012... :(
    Monday, January 09, 2012 4:34 PM
  • Would someone be so kind as to elaborate on exactly what update everyone is waiting for here?  My company is running Forefront and Lync on the employees computers and the people who work solely over the vpn are experiencing 100% CPU utilization when on a Lync call with Forefront protection on.  Problem does not seem to happen if Forefront is disabled.  Ran across this thread and am wondering now if its a known that these two products don't play nice together.
    Thursday, January 12, 2012 12:56 AM
  • We are talking about the next version of the Forefront product for the Lync Server, it would be considered the subsequent version to this one

    http://technet.microsoft.com/en-us/library/cc676967.aspx

     


    Tom Laciano Microsoft Program Manager Lync Online - Dedicated
    Thursday, January 12, 2012 1:44 AM
  • So is that Forefront for OCS SP2 already released that supposed to have support for a Lync Server?
    Thursday, January 12, 2012 1:39 PM
  • Yes the Forefront for OCS 2007 R2 is a released and supported solution. That solution is not supported on a Lync 2010 server. This thread, at the current moment, is about when to expect the Forefront solution for Lync Server 2010.

    Because I work with Lync and the Forefront team is responsible for this topic, all further questions should be directed to the Forefront forums.

    Not to be rude but as there is nothing further I can add I will not respond to further items on this thread.

     


    Tom Laciano Microsoft Program Manager Lync Online - Dedicated
    Thursday, January 12, 2012 1:48 PM
  • I see.  But even after this is released it would not eliminate the need for our employee computers to be running the client side Forefront protection correct?  What we seem to be experiencing at the moment is Lync triggering something in Forefront which quickly spirals out of control until CPU usage goes to 100% and does not go away even after a reboot.  I'm guessing its doing a virus scan which simply continues even after a reboot.  If this is the case I'm guessing there are some Lync files we should add to our Forefront excluded list.  I have no idea what files those might be however.  I'm wondering if that is something that this Forefront update would do for us behind the scenes?  Again, just trying to get a handle on whether the two are supposed to work together right now or not.  I realize Forefront won't be doing anything fancy at the moment with protecting the Lync communication but can they at least run together (client side) before this update or is that an untested, unsupported, or not recommended sort of thing?
    Thursday, January 12, 2012 1:53 PM
  • Just for the ones who do not want to wait for FF support for Lync 2010, there´s IM Security from Trend Micro which supports Lync 2010. Quite a good product and I even got experience in real big Lync environment (up to 50000 seats).
    Friday, January 13, 2012 2:29 PM
  • @Tom - thank you for the digging you have done so far. I hope we don't seem ungrateful, just rather frustrated with the situation.

    @B_tobbe - I don't think you should ever stop running client side antivirus because Lync file exchanges aren't the only thing that the client side antivirus protects you from. As for working together, there is no Forefront Protection for Lync today, so the issues you are experiencing are something else, and I strongly encourage you to create a new post in the Lync forums about the client client side issues you are having as this is a discussion on when the new server side product might be released.

    @Sirturkey1 - Some of the frustration/complaints are centered around folks who have already purchased the ECAL suite and as such are licensed and entitled to the Forefront Protection for Lync product when and if it becomes available. While it is good to know there are other alternatives out there, some of the people don't want to have to pay for a product twice just to get another product up and running sooner.

    Friday, January 13, 2012 4:44 PM
  • All, Forefront Hotfix Rollup 4 for Forefront Security for Office Communications Server has now been released.  This allows the product to be used on Lync.  Details here...

    http://support.microsoft.com/kb/2694730

    Features of the hotfix rollup

    Hotfix Rollup 4 allows FSOCS to be installed on Lync 2010 (running on Windows 2008 R2 or Windows 2008 SP2 x64) in addition to Office Communications Server 2007 and Office Communications Server 2007 R2. As the feature set and patch level are the same as RU3, customers who have already deployed RU3 can update but are not required to do so.


    • Proposed as answer by Dave Simm Friday, March 30, 2012 8:22 AM
    • Edited by Dave Simm Friday, March 30, 2012 8:23 AM
    Friday, March 30, 2012 8:22 AM
  • About gosh darn time seeing as how Lync is over a year old! :)

    However these two notes about implementing it with Lync make it seem kind of worthless:

    Lync 2010 clients are capable of performing peer-to-peer as well as group file transfers. Forefront is able to scan and filter file transfers only when 2 participants are involved. When 3 or more participants are involved in the conversation, file transfers are exchanged using a conferencing role that Forefront does not protect. In this scenario, files will not be scanned or filtered by Forefront.

    The Lync 2010 client added additional functionality (ICE, TURN, STUN) to overcome previous limitations in which attempts to create a direct connection between peers failed due to firewall issues such as clients sitting behind a NAT. Lync also changed the protocol for peer to peer file transfers from using FTP in 2007 / 2007 R2 to using RTP. With Forefront installed, Lync clients can be expected to use the earlier client behavior with respect to establishing connections as well as the use of FTP.

    So it won't scan file transfers in group situations, and it will "dumb down" the Lync clinet to act like an OCS client. I guess it's time to start looking at 3rd party solutions as the Forefront team really dropped the ball on this one since Lync 2010 has been out for over a year now and this is the best they can do....

    Friday, March 30, 2012 3:38 PM
  • With Forefront installed, Lync clients can be expected to use the earlier client behavior with respect to establishing connections as well as the use of FTP.

    So it won't scan file transfers in group situations, and it will "dumb down" the Lync clinet to act like an OCS client. I guess it's time to start looking at 3rd party solutions as the Forefront team really dropped the ball on this one since Lync 2010 has been out for over a year now and this is the best they can do....

    Hm, thats really a strange outcome, however it may be due to the nature of P2P traffic avoiding servers.
    Saturday, March 31, 2012 8:09 AM