Is Microsoft Lync Server 2010 a good fit for public-facing applications?

Question

The release candidate for Microsoft Lync Server 2010 (formerly known as Office Communications Server and/or Speech Server) was just made available for download. From the site:

Microsoft Lync Server 2010 now delivers complete presence, instant messaging, conferencing and enterprise voice capabilities through a single, easy-to-use interface that is consistent across PC, browser, and mobile device. Administrators benefit from a single, consistent management infrastructure, new capabilities to increase availability, and interoperability with existing systems.

In coordination with this release, also available for download is the Microsoft Unified Communications Managed API 3.0 SDK (UCMA 3.0). This is the client-side .NET managed API enabling integration and extension of Lync experiences.

This is all very exciting because I would like to start building rich voice and instant messaging application with tight integration to the Microsoft technology stack and with fewer third-party dependencies (e.g. Voxeo, Nuance, IMified, etc).

However, what I am still unclear on is this: Is Microsoft Lync Server 2010 a good fit for public-facing Web sites and applications? Or is really intended for use primarily within the corporate firewall, for mostly internal applications?

I guess what I need to know is this: Can Microsoft Lync Server 2010 serve as both an internal and public-facing hosting provider for VoiceXML and IM-based applications, and scale to meet the needs of a large public-facing site with thousands or even millions of users?

Am I totally misunderstanding what Lync can/cannot, and should/should not do?

Answer 1

http://technet.microsoft.com/en-us/ff706687.aspx

Companies that allow employees to sign in to Office Communications Server remotely from the Internet can be susceptible to denial-of-service (DoS) and brute-force attacks. These kinds of attacks involve guessing users’ passwords or locking users out of their accounts when too many incorrect password attempts are made to a valid Active Directory user account when password policy is enforced. Although internal security is not compromised, these types of attacks are disruptive to users and use up internal server resources. To prevent such attacks at the edge, you can install a security filter on the Edge Server that monitors sign-in attempts and enforces account lockout at the network perimeter.

---

There are a number of caveats to your question on scale etc. Firstly Lync 2010 is a release candidate, not even a full release so I wouldn't bet anything on this current release - I'd wait until 2011 for a full release. Secondly it appears to be aimed at applications within the corporate firewall, so although it may scale beyond there, there is unlikely to be any developer support materials in that area for some months, if ever.

That said the Lync product at least moves away from having to register COM objects to develop against the SDK (like the previous version Office Communicator 2007) which is a step forward. The SilverLight and WPF controls SDK will make some intranet sites using Lync feel polished - but the paucity of information about simply running around the API and performing tasks that include Lync (rather than being entirely Lync) is a drawback.

EDIT

Lync is clearly COM at heart, after reflecting some of the Lync methods it becomes obvious:

This method:

public static LyncClient GetClient()

contains a call to:

private static void EnsureOI()
{
    if (s_officeIntegration == null)
    {
        try
        {
            if (!IsUISuppressed() && !IsRunning())
            {
                throw new ClientNotFoundException("The host process is not running", null);
            }
            s_officeIntegration = (UCOfficeIntegration) Activator.CreateInstance(Type.GetTypeFromCLSID(new Guid("...")));
        }
        catch (COMException exception)
        {
            throw GetOCOMException(exception);
        }
    }
}