Skype for Business, Lync and Ethical Wall

Intro and Scenario

 

As some of you know, I work inside financial / banking companies.

One of the important aspects of the aforementioned kind of business is that risks and scenario that are acceptable for a large part of other customers are not tolerable for a bank.

When we talk about IM and conferencing in Skype for Business (S4B) or Lync, strict compliance and privacy controls are not a widespread requirement for a deployment.

Anyway, I could give you examples like this one: an Italian company almost ditched Lync because labor union decided that the presence feature was too “talkative” about the time that workers spent away from keyboard J

Other scenarios include the capabilities like:

  • filter domains that you want your users to allowed to have a meetings with
  • block conversations that contain PANs (credit card numbers)

Everything in the aforementioned list is (probably) doable working with the Management Shell but implementing and keeping the settings updated would require a tremendous effort.

For my next deployment, I have talked with Fabbricadigitale ( http://www.fabbricadigitale.com/ ) to understand how their Ethical Wall (EW) solution was able to fit the specific needs of our federation of banks

How does it Work

 

A Front-End Agent to install on Lync / S4B Front-Ends, an Admin Console and a database, composes a basic EW deployment (more complex designs including high availability are possible).

There is no requirement to install software on the clients.

One simple deployment is the one you can see in the following image

 

Single-to-Single

 

The EW Front-End Agent manages the Lync communication flows, implementing the static/dynamic rules stored in the database.

EW is made up by two different services

  • Windows Service “fabbricadigitale – MultiUx Ethical Wall” is the Front-End Agent core service
  • Windows Service “fabbricadigitale – Courtesy Alert” is the Courtesy Alert service: it sends courtesy messages when the created rules block the communications

A courtesy alert looks like the following message

 

2016-04-20_15-04-24

 

Rules

 

The main work you will perform inside the web based admin interface is rules management.

Rules allow controlling Lync communication flows, their directions, and their properties between two end-points.

You can create rules among all kind of end-points (Internal User, Internal User from Internet, Federated User, Telephone number, Skype User, Ethical Wall Group custom group, Active Directory Group, AD Organizational Unit, Domain: internal domain, Federated Domain, Any Internal User from Internet, Any Internal User, Any Federated User, Any – all the Lync accounts).

See them in the next picture

Endpoints

 

You can create rules specifying the direction of the communication flows:

  • from A to B – from B to A (both the end-points can start communication sessions)
  • from A to B (A can start a session with B, who can answers, but cannot start a new session)
  • from B to A (B can start a session with A, who can answers, but cannot start a new session)

You can see an example in the following screenshot

 

Rules_01

 

Rules include the capability to send a courtesy message when EW blocks a communication.

 

CA-MessageSelection

 

It is also possible to configure a schedule so that a rule is active only in specific timeslots

 

Create-a-Rule_TS1

 

There is also a dashboard containing an overview of the Ethical Wall and the Skype for Business/Lync Front-End server status.

 

Rules-Sync

 

Positive Sides and Red Flags

 

EW is easy to use and add a set of powerful features to manage S4B and Lync compliance and security.

The main red flag I see (at least in the existing version) is that EW is able to work only if the organizator of the meeting is in an on-premises environment.

If the meeting is organized by an external or Cloud based user, there will be no EW filtering.

 

Takeways

 

Probably it is the first time that I write a review that has an “all or nothing” approach.

Is you have an on-premises deployment (or, at least, you are able to dictate user behavior so that your meeting start always on your on-premises Front-Ends) EW is a bright solution, that adds a set of interesting features with a user friendly management interface.

Otherwise, if many meetings and conversation are managed by Cloud users or by federated users, EW gives you no advantage.

I strongly suggest to Fabbricadigitale to look at the Cloud, just to follow the direction more and more companies are taking.