Skip to content

Policy-driven External Federation

December 1, 2011

This is the third part of a three part series of blogs looking at scenarios for short-term and long-term intra-domain federation as well as inter-domain federation.

Companies with the luxury of being able to implement a ‘clean slate’ UC deployment can immediately enjoy the benefits of a single platform environment within the domain.  However, they are not immune from the challenges of integrating with other UC platforms: business partners with whom they may wish to federate will not necessarily have made the same UC platform choice, as was discussed in ‘Inter-company Federation – the Bad News’.  Having solved the problem of how to facilitate inter-vendor, inter-company federation, there is also the challenge of who should, and who should not, be exposed to the federation interface.

The technologies employed in federation connections, specifically digital certificate-based encryption and authentication, will ensure that a federation connection cannot be hijacked by a malicious 3rd party. However, those implementing ‘open federation’ (i.e. the acceptance of federation sessions from any domain that can authenticate itself) should consider policies that protect itself and its employees from unapproved communications access.

Most UC aliases are the same as the employee’s email alias.  Once the corporate alias standard has been deduced (e.g. first initial plus last name or first name dot last name, etc.) then unscrupulous callers can start to traverse the organization far more easily than they could ever do with telephone extensions.  Telemarketing and other unsolicited calls can be a distraction to key employees on telephony devices, however unwanted presence-driven UC sessions can be even more intrusive since they are routed to the location (and device) the employee is registered to, with a commensurately higher probability of ‘call completion’.

Many companies will want to manage communications even with approved business partners.  UC modalities such as voice, video, data collaboration, etc. consume large amounts of precious and expensive bandwidth, with the potential for non-value-adding communications blocking out critical business conversations.  Without doubt, certain departments and organizational roles should gain priority access to UC federation; for example senior executives, joint project teams, production management and order fulfillment personnel, or support groups.

Just as many companies control physical movement around their business premises, particularly ones housing confidential business operations, virtual access should also be managed.  UC data collaboration sessions could be a source of intellectual property ‘leakage’, so appropriate departmental federation policies should be implemented.

As was described in ‘Thousands of parts flying in close formation’, UC federation is an extremely powerful tool.  However, with that power, there is the potential to reduce the benefit gained from UC in an unmanaged federation environment.  While there are standards-based and non-standards-based ways to create inter-vendor, inter-domain UC federation connections, there are as yet no standards for inter-company corporate directory federation or the implementation of policies on directory access.  Companies considering the implementation of UC federation should also consider their needs for policy-driven management of federation sessions, as well as the management of the dissemination of users’ presence indications based on context, activity, business process or location.  Such forward thinking companies should consider NextPlane.

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s