none
Open Federation vs Direct Federation

    Question

  • Hello,

    Please suggest which federation method is higly recommended in terms of security, control and monitoring.I have seen in many articles where experts are suggesting to allow Open federation in place of direct federation, Any suggestion/feedback on this.

    If we allow open federation, is there any way through which we can monitor federated traffic to ensure its credibility.

    Regards,

    JinDeep

    Saturday, March 18, 2017 1:53 PM

All replies

  • Hi JinDeep,

    Direct federation is more secure than open federation, you could refer to the following link:
    http://blog.nextplane.net/2009/05/12/what-are-different-types-of-federations

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    From this link, you could notice: “While direct federation is more secure than open federation, it’s still difficult to establish for a variety of reasons”.

    For control and monitor, I could not find any documents about it.


    Best Regards,
    Jim Xu
    TechNet Community Support


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 20, 2017 2:11 AM
    Moderator
  • If you want to control the federation,with whom you wanted to have federation better go with Direct federation.If you make open federation it wont be under your control as any other open federated organisation can federate with you without any admin intervention.There is no builtin monitoring mechanism for federation as per my knowledge.But you can check edge event logs .Edge will always validate federation connection.

    Jayakumar K

    Monday, March 20, 2017 10:51 AM
  • Hi,

    Thanks for reply.

    Our main objective to know if we can analyse what all are activities being performed between internal users and federated users to avoid any misuse of Skype functionality.

    As an Skype Admin , do we have any such option ?

    Regards,

    JINDEEP

    Monday, March 20, 2017 11:00 AM
  • Hi Jindeep,

    I think Monitoring server role wil help ur need

     Skype for Business Server 2015 enables you to monitor two general types of data: call detailing recording (CDR) data and Quality of Experience (QoE) data. Call detail recording provides a way for you to track the usage of Skype for Business Server 2015 features such as Voice over IP (VoIP) phone calls; instant messaging (IM); file transfers; audio/video (A/V) conferencing; and application sharing sessions. This information helps you know which Skype for Business Server 2015 features are being used (and which ones are not) and also provides information as to when these features are being used. Quality of Experience data allows you to maintain a record of the quality of audio and video calls made in your organization, including such things as the number of network packets lost, background noise, and the amount of "jitter" (differences in packet delay).

    https://technet.microsoft.com/en-us/library/jj204937.aspx#Basics


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer

    Monday, March 20, 2017 12:28 PM
  • Agree with Akabe,you can use reporting but it wont give you segregated report for fedarated activities,you need to pull the report and do some manual task to segregate the activities.

    Jayakumar K

    Monday, March 20, 2017 12:53 PM
  • Hi,

    There is a parameter called "MarkForMonitoring" for "CsAllowedDomain", if we set it to "True".It seems we can see the logs of federated connection as described below:

    MarkForMonitoring

    Optional

    System.Boolean

    Indicates whether the federation connection between your domain and the remote domain will be monitored by Monitoring Server. By default, MarkForMonitoring is set to False, meaning that the connection will not be monitored.

    Is there any one who has seen the report of this type of monitoring data ? I would like to know what all information are included.

    Regards,

    JINDEEP

    Tuesday, March 21, 2017 3:49 PM
  • again this is subjected to having Monitoring server. Set the value to true and seek help from Monitoring server's report 

    It was a good find. Thnx for sharing


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer


    • Edited by Akabe Tuesday, March 21, 2017 3:51 PM
    Tuesday, March 21, 2017 3:50 PM
  • Hi,

    I totally agree with you.I wanted to confirm from monitoring reports, would we get complete information about activities with federated partners or just number of AV calls etc ?

    Regards,

    JINDEEP

    Tuesday, March 21, 2017 3:56 PM
  • Hmm.

    I think it would depend upon how ur monitoring server role is set up (Two types- CDR & QOE)

    If you have CDR i would believe it will capture below details even though it is a federated partner/domain:-

    features such as:-
    1. Voice over IP (VoIP) phone calls
    2. instant messaging (IM) 
    3. file transfers
    4.audio/video (A/V) conferencing
    5.application sharing sessions. 


    MCSA Office 365 | MCSA Exchange server 2010 | Red Hat Certified Engineer

    Tuesday, March 21, 2017 4:06 PM