Export (0) Print
Expand All

Activating a UCMA 4.0 trusted application

Last modified: August 16, 2013

Applies to: Lync 2013 | Lync Server 2013

A UCMA trusted application is an application based on Microsoft Unified Communications Managed API 4.0 that is trusted by Microsoft Lync Server 2013. This trust relationship is summarized in the following list:

  • Trusted applications are not challenged for authentication by Lync Server 2013.

  • Trusted applications are not throttled by Lync Server 2013 for SIP transactions, connections, or outgoing Voice over Internet Protocol (VoIP) calls.

  • Trusted applications can impersonate any user and can join conferences without appearing in rosters.

  • Trusted applications are highly available and resilient.

Activating an application is the process by which UCMA 4.0 applications are configured to take advantage of Lync Server 2013 functionality. Most of the commonly-used configuration data exists in Active Directory, the Central Management Store, and the computer that hosts the application’s local certificate store.

Activation is needed not only for deploying a ready-to-ship application, but also must be performed in order to test an application during the application development phase.

Note Note

It is recommended that the computer running the trusted application be joined to the domain in which Lync Server 2013 is running. However, if there is no intent to run Lync Server 2013 PowerShell cmdlets from the application server or to make use of UCMA auto-provisioning capabilities, then the application can be run on a computer that is not joined to the domain.

  • UCMA 4.0 SDK or UCMA 4.0 Runtime has been installed with Microsoft Lync Server 2013, Core Components.

    Microsoft Lync Server 2013 Core Components provide access to PowerShell cmdlets needed for activating the application, and include the binaries that are needed to enable a local replica, or copy, of the Central Management Store.

  • A valid server topology with Microsoft Lync Server 2013 and an Active Directory domain controller exist for the application to run against.

  • Appropriate permissions and memberships are set.

    An application that runs as a trusted application must be a member of the appropriate groups. These groups are created during Lync Server 2013 setup so that group members can carry out their intended tasks. The following table provides more information.

Role

Group membership

Lync Server 2013 Administrator

Domain Admins security group

Trusted Application Operator

RTCUniversalServerAdmins security group

Administrators local group

Trusted Application Service Account

RTC Component Local Group local group

Note Note

After Lync Server 2013 has been installed, administrators must manually create users with the previously listed permissions to act in the Trusted Application Administrator and Trusted Application Service Account roles.

Note Note

A security group is an entity that exists in the domain and is stored in Active Directory. Security groups can be managed using the Active Directory Users and Computers Microsoft Management Console (MMC). A local group is an entity that exists in the computer on which the trusted application is running. Local groups can be managed by using the Local Users and Groups MMC.

The following table summarizes the tasks that can be performed by the three different roles.

Task

Lync Server 2013 Administrator

Trusted Application Operator

Trusted Application Service Account

Install UCMA 4.0 SDK or UCMA 4.0 Runtime

Yes

Yes

No

Manage trusted application pools and trusted application computers

Yes

No

No

Request and set certificates

Yes

Yes

No

Manage trusted applications

Yes

No

No

Manage trusted application endpoints

Yes

Yes

No

Install and activate a local Central Management Store replica

Yes

Yes

No

Run UCMA-based applications

Yes

Yes

Yes

The remaining topics in this section discuss how activation, provisioning, and deployment are different in UCMA 4.0 and list the activation steps that are required for all trusted applications, as well as the activation steps required by either auto-provisioned or manually-provisioned applications:

Show:
© 2014 Microsoft