Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.

Slides:



Advertisements
Similar presentations
Unified. Simplified. Unified Communications Launch 2007.
Advertisements

Lync /11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
UC403: Lync & Network Interaction
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Microsoft Exchange Server 2010 SP2 Tips & Tricks Scott Schnoll Principal Technical Writer Microsoft Corporation EXL305_R.
Kevin Donovan Program Manager, Office BI Microsoft Corporation
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.
externalinternal SIP Proxy a w.
Lync Deep Dive: Edge Media Connectivity with ICE Bryan Nyce UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
What's New in Microsoft Deployment Toolkit 2012 Michael Niehaus Senior Program Manager Microsoft Corporation.
Introducing the New Visual Studio 2012 Unit Testing Experience Peter Provost Sr. Program Manager Lead Microsoft Corporation DEV214.
Customizing and Extending ADFS 2.0 Brian Puhl Technology Architect Microsoft Corporation SIA318.
Module 5: Configuring Access to Internal Resources.
Troubleshooting Windows 7 Deployments Michael Niehaus Senior Program Manager Microsoft Corporation.
High Availability and Web Publishing for UC Deployments Load Balancing & Reverse Proxy October 24, 2013 Bhargav Shukla Director – Product Research and.
Windows Azure SQL Reporting Dany Hoter Senior Program Manager Microsoft Corporation Ola Lavi Software Development Engineer Microsoft Corporation.
SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

Unified. Simplified. Unified Communications Launch 2007.
Configuring Hybrid Exchange the Easy Way
Top 10 Production Experiences with Service Manager and Orchestrator Nathan Lasnoski Infrastructure Architect Microsoft MVP Concurrency.
Archiving in the cloud with Exchange Online Archiving Bharat Suneja Sr Technical Writer | Exchange Microsoft Corporation EXL301.
Secure Remote Access & Lync Ilse Van Criekinge
SIP and NAT Dr. Jonathan Rosenberg Cisco Fellow. What is NAT? Network Address Translation (NAT) –Creates address binding between internal private and.
Microsoft ® Lync™ Server 2010 Edge Server/Remote Access Module 16 Microsoft Corporation.
Windows Phone 8 device and app management Alan Meeus Sr. Technical Product Manager Windows Phone Division Microsoft Corporation WPH205.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.
NAT (Network Address Translation) Natting means "Translation of private IP address into public IP address ". In order to communicate with internet we must.
 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.
Ewan MacKellar Steve Moore. Get to know what is normal! - Build a repository of network captures and Snooper logs showing what takes place in.
Module 7: Firewalls and Port Forwarding 1. Overview Firewall configuration for Web Application Hosting Forwarding necessary ports for Web Application.
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.
Real World High Availability and Site Resilience Design Robert Gillies Solution Architect Microsoft Corporation EXL308.
Karthik Bharathy Senior Program Manager Microsoft Corporation
EXL321. Lync 2010 Planning tool+ Planning guides+ * new in LS significant enhancements in LS 2010.
1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization.
Using the Windows Server 2012 Server Manager for Remote and Multi-Server Management Ian Lucas Principal Program Manager Microsoft Corporation WSV335.
App Controller Richard Rundle Ketan Ghelani Program Managers Microsoft Corporation MGT303.
1 NAT & RTP Proxy Date: 2009/7/2 Speaker: Ni-Ya Li Advisor: Quincy Wu.
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.
Dial Plans and Voice Management Deep Dive Korneel Bullens UC Voice Architect Microsoft Corporation EXL313.
Windows Phone: Building Enterprise Apps Rob Tiffany Architect Microsoft Corporation WPH207.
Simon Millard Professional Services Manager Aculab – booth 402 The State of SIP.
Johann Kruse National Technology Specialist Microsoft Australia UNC310.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
Demystifying Forefront Edge Security Technologies – TMG and UAG Richard Hicks Director – Sales Engineering Celestix Networks, Inc. SIA208.
Microsoft ® Lync On-Line ™ SIP Trunking in the Cloud.
Interactive Connectivity Establishment : ICE
OSP201: Creating Self- Service BI Solutions with SharePoint Server 2010 Peter Myers.
App Controller Tabrez Mohammed Yuan Zheng Program Managers Microsoft Corporation MGT303.
Vakhtang Assatrian Asia Communications TSP Lead, Microsoft Architecture options for implementing Skype for Business PRD32 7.
Unlocking your CORE CAL with Lync Server 2010 Marc Perez Senior Consultant, Unified Communications Microsoft Corporation.
© 2006 Intertex Data AB 1 Connect your LAN to the SIP world, while keeping your existing firewall*! The IX67 LAN SIParator (Part of the SIP Switch option.
jitsi. org advanced real-time communication.
Johan Delimon 26/04/2016 BE-COM E-COMMUNICATIONS EVENT THE INNER WORKINGS OF SKYPE FOR BUSINESS: NETWORKING.
Architecting Enterprise Workloads on AWS Mike Pfeiffer.
NAT Traversal in HIP Xiang LIU TML/HIIT 1.
The Secrets of Media Flows in Skype for Business
Microsoft /25/ :33 AM BRK4007 Troubleshoot media flows in Skype for Business across online, server and hybrid Thomas Binder Senior Program.
Understanding Media Flows in Microsoft Teams and Skype for Business
Installing TMG & Choosing a Client Type
IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It works.
Implementing TMG Server Publishing
11/21/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Alan Shen Director Unify Square
Microsoft Virtual Academy
Deep Dive into the Team Foundation Server 2012 Agile Planning Tools
09 | Configuring Lync Online
Presentation transcript:

Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412

Home Home NAT Internet

Inner FW Perimeter Network Outer FW Work Internet

Private Computer NAT/Firewall Private Network Internet Access Edge Internet Computer

Inner FW Home Outer FW Work Home NAT Access Edge aw INVITE m/c = a 200OK m/c = w

UDP TCP Inner FW Home Outer FW Work Access Proxy a INVITE m/c = a 200OK m/c = w d cb e STUN TURN Server (AV Edge) y x w cand=a,b,c,d,e cand=w,x,y Home NAT

Remote, Federated and anonymous users Edge Server Reverse Proxy

SIP Register Outer Firewall Endpoint Inner Firewall Lync FE Server ms-user-logon-data: RemoteUser sip:Mras.contoso.com 200 OK internet SIP Service edge.contoso.com qq8yXccBc2lwOmFy Wnujl0eo00YkV/5dg= OK Service 200OK Access Edge A/V Edge MRAS MTLS

SIP Invite Access Edge A/V Edge MRAS MTLS Service 200OK avedge.contoso.com qq8yXccBc2lwOF Wnujl0eo00YkV/5g= OK Endpoint Outer Firewall Inner Firewall Lync FE Server

Demo Log Analysis: MRAS

c c UDP TCP e nic a Allocate UDP Allocate TCPa b c d b NAT/Firewall Endpoint localremote candidate list default Media Relay d e MRAS

c c nic a Allocate TCPa b NAT/Firewall Endpoint localremote candidate list default Media Relay b c MRAS UDP TCP

c c e nic a a b c d NAT/FirewallEndpoint localremote candidate list default UPNP: Add Port Map nic2 f f g g e d Media Relay MRAS b UDP TCP

c c d nic a a b c d b NAT/FirewallEndpoint localremote candidate list default y y z nic w w x y z x NAT/FirewallEndpoint localremote candidate list default SIP INVITE c :: a,b,c,dc a b c d 183 Session Progress y :: w,x,y,zy w x y z 200 OK y :: w,x,y,z SIP Edge 21

Demo Log Analysis: Candidates

Demo Log Analysis: Final Candidates

NAT/FW Inner FW A/V Edge Home1 Lync Home2 Lync Work1 Lync A/V MCU Mediation ExchangeUM Access Edge Outer FW (no NAT) UDP 3478 TCP 443 UDP/TCP UDP/TCP Work2 Lync......

w1 w1 w1 Access Edge Inner FWA/V Edge Outer FW (no NAT) UDP 3478 TCP 443 UDP/TCP UDP/TCP w2 w2 w2 Work1 Lync A/V MCU Mediation ExchangeUM Work2 Lync

h1 h1 h1 Home1 Lync Access Edge h1 h1 UDP 3478 TCP 443 UDP/TCP UDP/TCP w1 w1 w1 Work1 Lync A/V MCU Mediation ExchangeUM Inner FWA/V Edge Outer FW (no NAT)

h1 h2 h2 Home1 Lync Access Edge h1 h1 UDP 3478 TCP 443 UDP/TCP UDP/TCP h1 h1 Home2 Lync h2 h2 h2 Inner FW A/V Edge Outer FW (no NAT)

w2 w2 Inner FW 2007 Edge Work2 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP UDP/TCP w2 w1 w1 Inner FW 2007 Edge Work1 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP UDP/TCP w1 Outer FWs (no NAT)

w2 w2 Inner FW R2/Lync Edge Work2 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP UDP/TCP w2 w1 w1 Inner FW R2/Lync Edge Work1 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP UDP/TCP w1 Outer FWs (no NAT)

w2 w2 Inner FW 2007 Edge Work2 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP UDP/TCP w2 w1 w1 Inner FW R2/Lync Edge Work1 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP UDP/TCP w1 Outer FWs (no NAT)

443 TCP 3478 UDP 443 TCP 3478 UDP 50,000 port range 50,000 port range 443 TCP 3478 UDP 443 TCP 3478 UDP 50,000 port range 50,000 port range 443 TCP 3478 UDP 443 TCP 3478 UDP 50,000 port range 50,000 port range 443 TCP 3478 UDP 443 TCP 3478 UDP 50,000 port range 50,000 port range

A/V Edge A/V Edge UDP TCP TLS External Firewall Lync A/V Auth Internal Firewall Lync FE Server Access Edge Service SIP Register SIP Service Issue Load Balancers Allocate UDP Allocate TCP

ICE BootstrapUCCP Log Tip AVEdge Provisioning Search mrasuri for SIP 200OK provisioning response Confirms pool is configured with A/V Edge server AVEdge Credentials Search credentialsRequestID for SIP SERVICE Confirms A/V Edge is running and reachable on internal port TCP5062 ICE NegotiationUCCP Log Tip Address Discovery Search a=candidate to find first INVITE/200OK Check IP addresses of UDP/TCP candidate pairs in INVITE Confirms local endpoint** can reach A/V Edge server Address Exchange Search a=candidate to find first INVITE/200OK Check IP address of UDP/TCP candidate pairs in 200OK Confirms remote endpoint** reach A/V Edge server Connectivity Checks Check Re-Invite (see below) for connectivity check result Confirms connectivity check completed Candidate Promotion Search for “a=remote-candidate” INVITE and 200OK should have only one candidate pair Confirms candidate promotion completed and the path that ICE negotiated

EXL411: Best Practices in Securing Your Microsoft Lync Server 2010 Edge Servers EXL33-HOL: Deploying a Microsoft Lync Server 2010 Architecture Product Demo Stations: Friday 13:00-15: : TS: Microsoft Lync Server 2010, Configuring : PRO: Microsoft Lync Server 2010, Administrator Find Me Later At…

Connect. Share. Discuss. Learning Microsoft Certification & Training Resources TechNet Resources for IT Professionals Resources for Developers

Evaluations Submit your evals online

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.