#skype4b: Director Server role

There are myths around the director server role in Lync Server 2013 and Skype for Business Server 2015. Let me give you the facts:

What, When, Why, Where and How?

Many IT professionals, even consultants and architects who work on Microsoft Unified Communication area may have all these questions in their mind.

What: Director is an optional server role in Lync Server 2013 and Skype for Business Server 2015. Director authenticates user requests, but doesn’t home any user accounts.

When: Director may require in following conditions:

  • If you deploy, multiple Front End pools at a central site.
  • If you want to increase security against denial of service attacks.

Why: Director protects Front End pools from denial of service attacks, avoid unnecessary traffic by pre-authenticating inbound requests, and redirecting users to their home pool.

Where: Director can be deployed in corporate network where you deploy Front End servers and can never be collocated with any other role.

How: You need to use the same process which you use to add mediation server or any other additional server role in Lync/Skype for Business site.

As I mentioned in the beginning, director is an optional server role and deployment of director totally depends on the business need and discretion.

Definitely, it increases the level of security and simplify the authentication process for external users who comes through Edge server, Director does the pre-authentication for them and passes these request to internal servers. By doing this, it saves Front End pool server from the authentication overhead and also help isolate internal Front End pools from malicious traffic such as denial-of-service attacks.

It serves as an internal next hop server to which an Edge Server routes inbound SIP traffic intended for internal servers. If the network is flooded with invalid external traffic in such an attack, this traffic ends at the Director.

If you deploy multiple Front End pools at a central site, by adding a Director to that site you can streamline authentication requests and improve performance. In this scenario, all requests go first to the Director, which then routes them to the correct Front End pool.

Now, I think you can pick the best option and design your Skype for Business solution based on the specific requirements.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s