MSFT_SIPEnhancedFederationConnectionLimitsData class

  • Article
 
Communications Server 2007 Server SDK Documentation

MSFT_SIPEnhancedFederationConnectionLimitsData

Represents information about open federation partners who have been classified as suspicious by the Access Edge Server.

The following syntax is simplified from Managed Object Format (MOF) code and includes all inherited properties. Properties are listed in alphabetic order, not MOF order.

class MSFT_SIPEnhancedFederationConnectionLimitsData
{
  string CertIssuer;
  string CertSN;
  string[] Domains;
  [key] string InstanceID;
  boolean MarkedForDeletion;
  string SubjectName;
  string ThrottlingMode;
};

Methods

This class does not define any methods.

Properties

The MSFT_SIPEnhancedFederationConnectionLimitsData class has the following properties.

  • CertIssuer
    Data type: string

    Access type: Read/Write

    Required. The name of the certificate authority that issued the certificate for the federated partner.

    The value of this property is not case-sensitive.

  • CertSN
    Data type: string

    Access type: Read/Write

    Required. The serial number of the certificate.

    The value of this property is not case-sensitive.

  • Domains
    Data type: string[]

    Access type: Read/Write

    Required. A list of the federated partner domains that the remote peer has used.

    Also referred to as the "watch" list. The values of this property are not case-sensitive.

    The values must be SIP domains. IP addresses are not allowed.

  • InstanceID
    Data type: [key] string

    Access type: Read-only

    Required. A GUID value that uniquely identifies an instance of this class.

    The GUID must be encapsulated between the "{" and "}" braces; for example: "{01234567-0123-4567-89AB-CDEF01234567}".

  • MarkedForDeletion
    Data type: boolean

    Access type: Read/Write

    Reserved.

  • SubjectName
    Data type: string

    Access type: Read/Write

    Required. The subject name of the certificate for the federated partner.

    The value of this property is not case-sensitive.

  • ThrottlingMode
    Data type: string

    Access type: Read/Write

    Required. Specifies the condition under which an icon is displayed on the watch list in the Microsoft Management Console (MMC).

    The value of this property is not case-sensitive.

    Value Description
    "high" Displayed when either the Access Edge Server has detected suspicious traffic on the connection, or the federated partner has sent requests to more than 1000 URIs (valid or invalid) in the local domain.
    "medium" Displayed when the Access Edge Server has detected suspicious traffic on the connection, and the federated partner has sent requests to more than 1000 URIs (valid or invalid) in the local domain.

Remarks

This class gets and sets information at the following level(s): WMI.

When using automatic (DNS-based) discovery of federated partners, the Access Edge Server monitors incoming federated traffic and takes precautionary action in the following situations:??

  • If the Access Edge Server detects suspicious traffic on a connection.
  • If a federated partner sends requests to more than 1000 URIs (valid or invalid) in the local domain.
  • If the federated peer is approaching the limits of 20 messages per second for sustained periods.

The Access Edge Server evaluates suspicious traffic by calculating the ratio of failed responses to successful responses. A high ratio of failed responses can indicate server misconfiguration, transient network issues, or malicious activity.?? In this situation, the Access Edge Server takes the following actions:

  • Adds the FQDN of the federated domain from which the traffic originates to the list in the Domains property (the ???watch??? list).
  • Limits the federation partner to a message rate of 1 message per second.

Situations in which either the number of URIs targeted in the local domain, or the number of messages per second on a single connection is high can indicate a possible directory attack. In these situations, the Access Edge Server takes the following actions:

  • Adds the FQDN of the federated domain from which the traffic originates to the list in the Domains property (the ???watch??? list).
  • Blocks any additional requests from the federation partner to new URIs not covered by the original 1000.

To avoid limiting or blocking legitimate traffic from legitimate federated partners, add those partners to the Allow list.

After configuring federation, you can use Office Communications Server 2007 administrative tools to monitor and manage federated partner access on an ongoing basis. For more information, see the Microsoft Office Communications Server 2007 Administration Guide.

Important????Remove federated partner domain names from the watch list only after either adding the domain names to the Allow list, or blocking the domains or certificates.

Instances of this class support the following interface methods:

  • Provider::DeleteInstance();

  • Provider::EnumerateInstances();

  • Provider::GetObject();

  • Provider::PutInstance();

    Where PutInstance() supports the following flag(s):

    • WBEM_FLAG_CREATE_ONLY
    • WBEM_FLAG_UPDATE_ONLY
    • WBEM_FLAG_CREATE_OR_UPDATE

Requirements

Server: Installed on computers serving the following role(s): Access Edge Server.
Namespace: Defined in \root\cimv2.

See Also

MSFT_SIPFederationPartnerTable, MSFT_SIPFederationDeniedDomainSetting, Communications Server WMI Reference

  
  What did you think of this topic?
  © 2007 Microsoft Corporation. All rights reserved.