Export (0) Print
Expand All
Expand Minimize

MSFT_SIPEnhancedFederationConnectionLimitsData

This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.

Represents information about open federation partners who have been classified as suspicious by Access Edge Server.

The following syntax is simplified from Managed Object Format (MOF) code and includes all inherited properties. Properties are listed in alphabetic order, not MOF order.

Syntax

class MSFT_SIPEnhancedFederationConnectionLimitsData
{
  string CertIssuer;
  string CertSN;
  string[] Domains;
  [key] string InstanceID;
  boolean MarkedForDeletion;
  string SubjectName;
  string ThrottlingMode;
};

Methods

This class does not define any methods.

Properties

The MSFT_SIPEnhancedFederationConnectionLimitsData class has the following properties.

CertIssuer

Data type: string

Access type: Read/Write

Required. The name of the certificate authority that issued the certificate for the federated partner.

The value of this property is not case-sensitive.

CertSN

Data type: string

Access type: Read/Write

Required. The serial number of the certificate.

The value of this property is not case-sensitive.

Domains

Data type: string[]

Access type: Read/Write

Required. A list of the federated partner domains that the remote peer has used.

Also referred to as the "watch" list. The values of this property are not case-sensitive.

The values must be SIP domains. IP addresses are not allowed.

InstanceID

Data type: [key] string

Access type: Read-only

Required. A GUID value that uniquely identifies an instance of this class.

The GUID must be encapsulated between the "{" and "}" braces; for example: "{01234567-0123-4567-89AB-CDEF01234567}".

MarkedForDeletion

Data type: boolean

Access type: Read/Write

Reserved.

SubjectName

Data type: string

Access type: Read/Write

Required. The subject name of the certificate for the federated partner.

The value of this property is not case-sensitive.

ThrottlingMode

Data type: string

Access type: Read/Write

Required. Specifies the condition under which an icon is displayed on the watch list in the Microsoft Management Console (MMC).

The value of this property is not case-sensitive.

Value

Description

high

Displayed when either Access Edge Server has detected suspicious traffic on the connection or the federated partner has sent requests to more than 1000 URIs (valid or invalid) in the local domain.

medium

Displayed when Access Edge Server has detected suspicious traffic on the connection and the federated partner has sent requests to more than 1000 URIs (valid or invalid) in the local domain.

Remarks

This class gets and sets information at the following level: WMI.

When using automatic (DNS-based) discovery of federated partners, Access Edge Server monitors incoming federated traffic and takes precautionary action in the following situations:

  • If Access Edge Server detects suspicious traffic on a connection

  • If a federated partner sends requests to more than 1000 URIs (valid or invalid) in the local domain

  • If the federated peer is approaching the limits of 20 messages per second for sustained periods

Access Edge Server evaluates suspicious traffic by calculating the ratio of failed responses to successful responses. A high ratio of failed responses can indicate server misconfiguration, transient network issues, or malicious activity. In this situation, Access Edge Server takes the following actions:

  • Adds the FQDN of the federated domain from which the traffic originates to the list in the Domains property (the "watch" list)

  • Limits the federation partner to a message rate of 1 message per second

Situations in which either the number of URIs targeted in the local domain or the number of messages per second on a single connection is high can indicate a possible directory attack. In these situations, Access Edge Server takes the following actions:

  • Adds the FQDN of the federated domain from which the traffic originates to the list in the Domains property (the "watch" list)

  • Blocks any additional requests from the federation partner to new URIs not covered by the original 1000

To avoid limiting or blocking legitimate traffic from legitimate federated partners, add those partners to the Allow list.

After configuring federation, you can use Office Communications Server 2007 R2 administrative tools to monitor and manage federated partner access on an ongoing basis. For more information, see the Microsoft Office Communications Server Administration Guide.

Important noteImportant

Remove federated partner domain names from the watch list only after either adding the domain names to the Allow list or blocking the domains or certificates.

Instances of this class support the following interface methods:

  • Provider::DeleteInstance();

  • Provider::EnumerateInstances();

  • Provider::GetObject();

  • Provider::PutInstance();

    Where PutInstance() supports the following flags:

    • WBEM_FLAG_CREATE_ONLY

    • WBEM_FLAG_UPDATE_ONLY

    • WBEM_FLAG_CREATE_OR_UPDATE

Requirements

Server: Installed on computers serving the following role: Access Edge Server.

Namespace: Defined in \root\cimv2.

Show:
© 2014 Microsoft