How Microsoft IT Implemented Microsoft Exchange Server 2010 SESSION CODE: UNC202 How Microsoft IT Implemented Microsoft Exchange Server 2010 Mahendra Sekaran

Survivable Branch Appliance (SBA) A purpose-built appliance optimized to provide resilient multi-modal communication for maximizing branch office user productivity. Solution re-architected for Registrar to work when UserServices role is unavailable or unaccessible. Data Center CS Pool Edge Server Branch Office SBA WAN PSTN Components Functionality Go-To Market Windows Server® 2008 R2 Mediation Server Registrar PSTN Gateway Normal/Failover mode SIP Registrar SIP Proxy and Routing engine PSTN connectivity Voicemail routing PSTN re-routing Centrally provisioned Up to 1000 user support OEM (Embedded channel) 5 partners Audiocodes HP Dialogic NET Ferrari Details? UNC 313

Topologies Simplified Standard Edition Enterprise Edition Topologies Front end Back end AV Conf Edge Servers Director Archiving Monitoring Mediation Group Chat Optional Servers UM SCOM

Deployment Model Global Deployment is a collection of Sites Sites are made of Pools Pools host users & services (such as conferencing, Voice over Internet Protocol (VoIP)) Pools Data Center Sites Global Microsoft Redmond Tukwila-1 Tukwila-2 Dublin Dublin-1

Deployment Options Small or Trial Deploy Single Data Center Pool-level Resiliency Multi-site Resiliency Small or Trial Deploy Single Data Center Multiple Data Centers Typical Use Departmental deployment of reduced criticality and scale Enterprise deployments where multi-site high-availability is not a requirement Huge deployments of a geographically dispersed workforce Central Site Central Site has a Standard Edition Server Single Central Site with an Enterprise Edition Pool Multiple Central Sites of Enterprise Edition Pools Branch Office Site Branch Offices for Survivability or PSTN interconnect Branch Offices for Survivability or Public Switched Telephone Network (PSTN) interconnect Branch will be combination of SE, SBA and PSTN-only Central Site Branch Office Site Sites which host a pool of either SE or EE Sites that do not host a pool Smaller organizations not requiring resiliency can choose a Standard Edition Server (SE), a single server with all roles consolidated on that server functioning Organizations who need resiliency will choose an Enterprise Edition Pool (EE), defining a pool of multiple servers comprised of front end and back end roles “Paired” Standard Edition can offer failover between two SE servers for lower cost and reduced functionality. Additional Server roles required include Archiving, Director, Edge and Monitoring Branches without redundant WANs will purchase a Survivable Branch Appliance to handle voice resiliency in the branch office Branches with a redundant WAN connection, still require basic PSTN termination with SIP Gateway. Standard Edition Server can be utilized for improved Quality of Experience (QoE) in large, distant “branches” (truly a Central Site) with lots of conferencing utilization. Not all branches will require resiliency – for smaller branches, use Remote User Connectivity over public internet or 3G/4G network.

Reference Topologies Small This example 5,000 users, 3 servers Standard Edition central site Branch through Edge Small with Branches 250-5,000 Single branch, with SBA Small with Failover Two Standard Editions - “Paired” Standard Edition to support inexpensive failover Any

Reference Topologies Single Datacenter This example < 100,000 users This example 20,000 users, HA, 14 servers 1429 users/server Single DC Enterprise Edition, Single Data Center Branch through Edge DC with Branches 1,000 – 30,000 Two branches, one SBA, one PSTN Interconnect

Reference Topologies Global, Multi-Site This example Unlimited Site B Site C This example Site 1: 18 servers Site 2: 11 servers Site3: 1 server 2413 users/server Global 10,000 + Two Data Centers with EE One Central Site with an SE Some SBA Some PSTN Very Large Unlimited Enterprise Edition, > Two Data Centers Standard Editions Survivable Branch Appliances Branch with Standard Edition

Agenda Communications Server Roadmap Topology related investments Manageability enhancements Virtualization DNS load balancing Authentication enhancements Location Infrastructure Cloud Integration Q&A

Manageability Enhancements Rich Planning and Topology building tools Communications Server Control Panel (CSCP) Silverlight™ based administration console Task oriented and uses underlying Powershell Infrastructure PowerShell Complete access to all administrative tasks Automation interface Replaces Windows Management Instrumentation (WMI) Role Based Access Control (RBAC) Access controlled by security group membership New delegation model: site aware Synthetic Transactions – powershell based framework that allows admins to proactively identify faults in the system, and raise alerts in SCOM Details? UNC 317

Agenda Communications Server Roadmap Topology related investments Manageability enhancements Virtualization DNS load balancing Authentication enhancements Location Infrastructure Cloud Integration Q&A

Virtualization What’s supported? Not Supported 11/23/2018 12:56 AM Virtualization What’s supported? Virtualization of specific OCS roles SQL, Exchange, AD virtualization (as per guidelines) Hyper-V R2 (2008 not supported), VMWare Client virtualization (except Audio/video - use IP phone) Not Supported Branch office/Gateway only/Mediation server+gateway Standard Edition (single server deployed as production Site) Live migration of VMs via SCVMM (ongoing calls/sessions will be dropped) Virtual Deployment Reference Topology 4 VMs – Front-end, Back-end+ filestore, A/V MCU, Edge 1 Physical machine – 16 cores, 32 GB with 4 NICs, 1024 GB SAS drive, Intel Xeon E7450 procs. Dedicated to OCS only Pilot has no HLB or DNS LB. Production – Needs HLB. Perf reduction (around 50%) compared to non-virtualized topology © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Agenda Communications Server Roadmap Topology related investments Manageability enhancements Virtualization DNS load balancing Authentication enhancements Location Infrastructure Cloud Integration Q&A

DNS Load Balancing Simplify HLB Configuration Reduce dependence on HLB DNS LB Goals Simplify HLB Configuration Reduce dependence on HLB DNS LB supported for Internal Pool, Director Pool, and Edge All Server-Server and Client-Server SIP traffic All Server-Server HTTP traffic Media traffic Support Draining of Applications Improve Load balancing of server-server traffic (Ex: Access Edge – Director) Eliminating HLB is not a goal HLB still be required for Internal Pools Client – Server HTTP & HTTP(s) traffic (ABS, DLX, LIS, etc.)

DNS LB Architecture/Design DNS A Record for FQDN resolves to Multiple IPs Failover: If connect to an IP fails, failover to the next IP in the list Load balance across multiple servers (Ex: SIP traffic sent to multiple IPs) Draining: If Server IP1 being drained (returns 503 with special header), send all traffic to the next IP (IP2) Honor DNS TTL except If < 5 min, TTL = 5 min If > 24 hours, TTL = 24 hours

DNS LB Sample Configuration For a Communications Server Pool ocspool1.contoso.com with 3 FEs: FE1, FE2, FE3 OCS 2007 R2 HLB - DNS Configuration CS “14” DNS LB - DNS Configuration DNS FQDN DNS A Record IP Pool VIP ocspool1.contoso.com 172.24.32.150 FE FE1.contoso.com 172.24.32.151 FE2.contoso.com 172.24.32.152 FE3.contoso.com 172.24.32.153 DNS FQDN DNS A Record IP Web VIP Ocsweb1.contoso.com 172.24.32.150 Pool ocspool1.contoso.com 172.24.32.151 172.24.32.152 172.24.32.153 FE FE1.contoso.com FE2.contoso.com FE3.contoso.com DNS A Entries Pool DNS A Entries Machine

Agenda Communications Server Roadmap Topology related investments Manageability enhancements Virtualization DNS load balancing Authentication enhancements Location Infrastructure Cloud Integration Q&A

Authentication OCS Signed Certificate Authentication – Certificate issued by OCS to a client endpoint, which can then be used by client to authenticate against OCS (no PKI requirements) Auth without AD (temporarily) and domain controller for Branch Resiliency PIN based devices authenticating outside enterprise PIN based authentication Inside devices authenticating with keypad Acquire OCS signed certificate via PIN to use externally. In order to support these scenarios, we’ve added a new authentication framework called Web-Ticket

Web-Ticket Authentication Service can use NTLM, Kerberos, PIN, or OCS Signed Certificate to get a web-ticket. Web-ticket auth used for OCS web services. ABS, DLX, ABS-WQ, RGS, OCS Certificate Consolidates web service authentication under a single standards-based framework WS-Transfer, WS-Trust, WS-Security, SAML, SOAP, WS-MetadataExchange Use NTLM/Kerb/PIN to get Web-Ticket Use Web-Ticket to get OCS Certificate Use OCS Certificate to renew Web-Ticket Use Web-Ticket to authenticate with other OCS services: ABS/DLX/etc.

PIN Authentication Allow PIN based sign on for devices OCS signed certificates to access OCS web services Unify PIN for devices and CAA PIN Management portal in OCS along with appropriate notifications

Agenda Communications Server Roadmap Topology related investments Manageability enhancements Virtualization DNS load balancing Authentication enhancements Location Infrastructure Cloud Integration Q&A

Location Infrastructure Base requirement – provide location with emergency calls (North American), while ensuring that the solution addresses the roaming nature of communicator clients Added a Location Information Service that is part of the Frontend role Flexibility in enablement options – user/location Architecture allows integration with existing LIS systems

Agenda Communications Server Roadmap Topology related investments Manageability enhancements Virtualization DNS load balancing Authentication enhancements Location Infrastructure Cloud Integration Q&A

Cloud Integration Connected business and optimized IT Details? UNC 206 Hosted Service Rapid scalability Advanced manageability On-Premise Control and ownership Customization Consistent user experience across delivery options Common architecture and data model across deployments Flexibility in deployment – meets your complex needs Adaptability in deployment – enables changes at any time

Key Scenarios Federation within tenants in the cloud Cross-Premises Federation Federation within tenants in the cloud Federation with on- premises deployments Cross-premises federation (split-domain) Federation with Exchange Online

Session Objectives and Key Takeaways Understand key architectural changes in Communications Server “14” and the benefits of the engineering investments: Simplified Topologies – fewer number of servers with more functionality Understand how TCO is lowered by offering a simplified deployment and administration experience Improved support for Virtualized environments Great monitoring capabilities to allow for proactive problem detection Seamless Integration with Cloud infrastructure allowing more choices of deployment across the different workloads

Related Breakout Sessions All of them in this room Tech Ed North America 2010 11/23/2018 12:56 AM Related Breakout Sessions All of them in this room Monday 4:30PM UNC320 CS “14”: What's New in Communicator “14” Experience & Backend Amit Gupta Tuesday 9:45AM UNC311 CS “14”: Architecture Mahendra Sekaran 1:30PM UNC313 CS “14”: Voice Architecture and Planning for High Availability Jamie Stark 3:15PM UNC312 CS “14”: Network Considerations Neil Deason 5:00PM UNC314 CS “14”: Voice Deployment Wednesday 8:00AM UNC318 CS “14”: What's New in Conferencing Experience & Backend Cameron & Tim UNC317 CS “14”: Management Experience Anand & Cezar 11:45AM UNC321 CS “14”: Interoperability: Voice, Video, Conferencing, IM, & Presence Francois Doremieux UNC316 CS “14”: Monitoring and Reporting Jared & Neil UNC315 CS “14”: Setup and Deployment Peter Schmatz Thursday UNC208 CS “14”: What's New in Devices Avi & Sachin You are here © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Q&A

Unified Communications Track Call to Action! Tech Ed North America 2010 11/23/2018 12:56 AM Unified Communications Track Call to Action! Learn More! View Related Unified Communications (UNC) Content at TechEd/after at TechEd Online Visit microsoft.com/communicationsserver for more Communications Server “14” product information Find additional Communications Server “14” content in the Technical Library, weekly technical articles at NextHop, and follow DrRez on Twitter Check out Microsoft TechNet resources for Communications Server and Exchange Server Visit additional Exchange 2010 IT Professional-focused content Partner Link or Customer Link (Name: ExPro Pword: EHLO!world) Try It Out! Exchange 2010 SP1 Beta download is now available from the download center! © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Resources Learning Required Slide www.microsoft.com/teched Tech Ed North America 2010 11/23/2018 12:56 AM Required Slide Resources Learning Sessions On-Demand & Community Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning Resources for IT Professionals Resources for Developers http://microsoft.com/technet http://microsoft.com/msdn © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Complete an evaluation on CommNet and enter to win! Tech Ed North America 2010 11/23/2018 12:56 AM Required Slide Complete an evaluation on CommNet and enter to win! © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st http://northamerica.msteched.com/registration   You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year

Tech Ed North America 2010 11/23/2018 12:56 AM © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.