Is there a way to run the UCA client (5.0) in a secure manner (Teleworker) without configuring a softphone? I have several people with physical phones in their homes. In order to get these people working with the UCA remotely our vendor told us to allow direct access across the internet to our MAS server (NATed at my firewall) so that the UCA client can work with it. This just doesn't seem right at all as the traffic is unencrypted, I can see it with a packet capture. We do have other people using Softphones through our MBG.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Can UCA be run in Teleworker mode without a Softphone? 1
- Thread starter 308win
- Start date
One option would be to run a VPN. Seen several posts in this forum from people who do that rather then using a Teleworker.
Just curious what data you see that is unencrypted.
I'd tell you a UDP joke but I'm afraid you won't get it. TCP jokes are the best because you always get them.
Just curious what data you see that is unencrypted.
I'd tell you a UDP joke but I'm afraid you won't get it. TCP jokes are the best because you always get them.
- Thread starter
- #3
Presence changes are readable. Chat is not readable raw but I have no assurance that it can't be decrypted/decoded. The fact that the Teleworker mode is encrypted and fronted by the MBG leads me to believe that I have vulnerabilities exposing my MAS server to the Internet.
VPN is an option but with our migration to SharePoint for file sharing and Outlook Anywhere 95% of my remote people no longer need one to do their work. It would be nice if the UCA could follow in a secure manner.
VPN is an option but with our migration to SharePoint for file sharing and Outlook Anywhere 95% of my remote people no longer need one to do their work. It would be nice if the UCA could follow in a secure manner.
-
1
- #4
UCA can run in teleworker mode without a softphone. Put their extension in and generate and retrieve certificate. You also have to add the pseudo mac to the minet enabled phones. My typical install would use the proxy in mbg for any external uca.
- Thread starter
- #5
![[smile]](/data/assets/smilies/smile.gif "[smile] [smile]")
- Thread starter
- #7
It doesn't consume a Teleworker license on the MBG either, so long as the UCA profile has no Softphone at all. If you have one, even the different DN, it will consume. The MBG event log showed my softphone pseudo MAC even when I was using a different 'dummy' DN. Once I removed the softphone from my UCA profile it stopped happening.
- Thread starter
- #9
the client must use a fqdn that is reachable from outside your network.
- appropriate Ports either forwarded from the assoicated IP address to the the MAS/UCA server or via MBG as proxy
Then yes it just works.
It uses similar communications path as for smart device and web portal
If I never did anything I'd never done before , I'd never do anything.....
- appropriate Ports either forwarded from the assoicated IP address to the the MAS/UCA server or via MBG as proxy
Then yes it just works.
It uses similar communications path as for smart device and web portal
If I never did anything I'd never done before , I'd never do anything.....
- Status
Similar threads
- Question