Understanding the relationships between UCMA Trusted Application objects
Published May 20 2019 05:23 PM 1,340 Views
Brass Contributor
First published on TECHNET on Sep 18, 2017
Author: Zack Campbell , Service Engineer, Microsoft Skype for Business Online Services

I was recently engaged by the owner of multiple high-visibility and business-critical UCMA Trusted Applications, requesting my assistance to replace the Trusted App Computers associated to a large list of Endpoints. I didn't know the full backstory, but apparently their servers were VMs, hosted to Hyper-V hosts which they were under a hard deadline to vacate. Anyway, the initial request seemed simple enough, but as I dug in, I quickly realized that there was no direct relationship between their Trusted App Computers and their Endpoints.

I also realized (not so quickly) that there was not a one-to-one relationship between those objects. I knew I had the data I needed to figure out those relationships, but -- being the smart lazy SfB admin that I am -- I started by digging around the Internet for some background, only to come up empty.

Anyone who has worked much with UCMA Trusted Apps probably already understands this, but I was just then realizing that I had some quick scrambling to do to ensure I didn't cause an outage for their Trusted Apps… while implementing a change to prevent a different outage. That's never a good day.

You're really going to make me work at this, huh?

Up to this point, I had been able to slide by on most UCMA change work, without having a super clear understanding of the relationships between UCMA Trusted Apps and their respective Pool, Endpoint, and Computer objects.

This time, however, while the app owner was somewhat confident of the App Pools and Apps associated with his various Computers and Endpoints, he wasn't totally certain, nor was he sure which ones corresponded with which. Unfortunately, that's not good enough, when doing change work… so it fell to me to really figure this whole model out, so I could give the App owner solid consulting advice, make the right changes at the right times, and help him avoid any impact.

Getting all the pieces together

Not having found any help on the Internet, I got to work, picking through my company SfB deployment's various existing Trusted Apps, Computers, App Pools and Endpoints, looking closely at the object properties that tied them together. I made several interesting observations, which I was later able to stitch together into a fairly simple model:

  • Trusted Apps are directly related to a single Trusted App Pool .

    1. The property that ties them together is the App Pool 's PoolFqdn (corresponding to the Trusted Apps ' TrustedApplicationPoolFqdn property).

    2. The App Pool has a corresponding Applications multivalued property, populated by all the Trusted Apps associated with it (via their ApplicationId properties).

    3. A Trusted App Pool doesn't have to have any Trus...

  • Trusted App Endpoints are directly related to a single Trusted App .

    1. The property that ties them together is the Trusted App 's ApplicationId (corresponding to the Trusted Apps Endpoints ' OwnerUrn property).

    2. A Trusted App doesn't have to have any Trusted A...

Ok, that's not so bad

These observations were helpful, but not the kind of thing that's easy to remember or use. More to the point, I prefer pictures, so I made one. Nice, huh? This is a lot easier…



With this model in hand, it was a simple matter to build the list of all Trusted App Pools and respective Trusted App Computers associated with the Endpoints my customer provided, and it helped them as well, to see/understand how their objects related to each other.

My hope is that it'll be useful to other SfB admins, as well. Don't hesitate to provide comments and feedback. I'll be happy to update this, as needed.
Version history
Last update:
‎May 20 2019 05:23 PM
Updated by: