The Director Role and Offloading Authentication in Skype for Business 2015

Let’s take a look at the offloading authentication and the redirect, since those are two areas with which administrator and designers need to be familiar just in case they happened to deploy a director or already have a director in their environment.

Byron Spurlock

January 23, 2018

2 Min Read
Skype for Business 2015

In Skype for Business Server 2015, the Director role is a mysterious role. Microsoft says it’s optional but then they also say it’s recommended -- so which one is it really? Let’s take a look at the offloading authentication and the redirect, since those are two areas with which administrator and designers need to be familiar just in case they happened to deploy a director or already have a director in their environment.

Offloading Authentication

What does this really mean? Authentication happens when a client initiates a connection to a front-end server or a director server. One of the two server roles will perform client authentication to allow the Skype client to log in. The question that you should be asking yourself is the following: “What am I actually offloading?”  The answer: You are offloading the request for authentication to allow the user to sign into Skype for Business. Now that we know what we are offloading; how does that really help us out, about usage on in our Skype for Business environment? 

For those that do not have Director, you may ask where is the authentication happening? It is being performed on the front end server. The front end server does an LDAP request to Active Directory for authentication. Once the client gets its LDAP request accepted and authenticated from Active Directory, the client is allowed to sign in to the Skype Front End server.

The only difference between the front end server and the director server handling you request is which one will talk to Active Directory for the initial authentication request. Some will argue that the front end server is busy doing other request such as handling Instant Messaging, presence, conferencing, and enterprise voice calls.

Redirects  

A redirect is what happens when a connection request hits a front end server, then needs to reroute the request to the user’s home server. So, in the case where we think we are offloading redirects to another server, we are really not doing that either. Let us take for example the scenario: Three Front End servers (A, B, and C) in a pool and we have a single server Director.

The Skype client would make a SIP request to the Director, which would then reach out to Active Directory for authentication. Once validated the Director would send the SIP request to its next hop, which would be the Front-End pool. Once the SIP request reaches the Front-End pool, the request will arbitrarily select one of the Front-End servers, A, B, or C. Let us say that the user is actually homed on Server B. In this scenario, the SIP request from the Director for the user hits Server A. Server A would then initiate a 301 redirect to Server B, which is the user’s home server. 

Therefore, despite us having a Director in this scenario we are not eliminating any redirects. The only thing we are eliminating is the authentication request.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like