Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.

Published byEssence Presson Modified over 9 years ago

Similar presentations

Presentation on theme: "Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412."— Presentation transcript:

1

2 Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412

3

4

5

6

7

8 Home Home NAT Internet

9 Inner FW Perimeter Network Outer FW Work Internet

10 Private Computer NAT/Firewall Private Network Internet Access Edge Internet Computer

11 Inner FW Home Outer FW Work Home NAT Access Edge aw INVITE m/c = a 200OK m/c = w

12 UDP TCP Inner FW Home Outer FW Work Access Proxy a INVITE m/c = a 200OK m/c = w d cb e STUN TURN Server (AV Edge) y x w cand=a,b,c,d,e cand=w,x,y Home NAT

13 Remote, Federated and anonymous users Edge Server Reverse Proxy

14

15 SIP Register Outer Firewall Endpoint Inner Firewall Lync FE Server ms-user-logon-data: RemoteUser sip:Mras.contoso.com 200 OK internet SIP Service edge.contoso.com 3478 443 77qq8yXccBc2lwOmFy Wnujl0eo00YkV/5dg= 480 200 OK Service 200OK Access Edge A/V Edge MRAS MTLS

16 SIP Invite Access Edge A/V Edge MRAS MTLS Service 200OK avedge.contoso.com 3478 443 77qq8yXccBc2lwOF Wnujl0eo00YkV/5g= 480 200 OK Endpoint Outer Firewall Inner Firewall Lync FE Server

17 Demo Log Analysis: MRAS

18 c c UDP TCP e nic a Allocate UDP Allocate TCPa b c d b NAT/Firewall Endpoint localremote candidate list default Media Relay d e MRAS

19 c c nic a Allocate TCPa b NAT/Firewall Endpoint localremote candidate list default Media Relay b c MRAS UDP TCP

20 c c e nic a a b c d NAT/FirewallEndpoint localremote candidate list default UPNP: Add Port Map nic2 f f g g e d Media Relay MRAS b UDP TCP

21 c c d nic a a b c d b NAT/FirewallEndpoint localremote candidate list default y y z nic w w x y z x NAT/FirewallEndpoint localremote candidate list default SIP INVITE c :: a,b,c,dc a b c d 183 Session Progress y :: w,x,y,zy w x y z 200 OK y :: w,x,y,z SIP Edge 21

22 Demo Log Analysis: Candidates

23

24

25

26 Demo Log Analysis: Final Candidates

27 NAT/FW Inner FW A/V Edge Home1 Lync Home2 Lync Work1 Lync A/V MCU Mediation ExchangeUM Access Edge Outer FW (no NAT) UDP 3478 TCP 443 UDP/TCP 50000. UDP/TCP 59999 Work2 Lync......

28 w1 w1 w1 Access Edge Inner FWA/V Edge Outer FW (no NAT) UDP 3478 TCP 443 UDP/TCP 50000. UDP/TCP 59999 w2 w2 w2 Work1 Lync A/V MCU Mediation ExchangeUM Work2 Lync

29 h1 h1 h1 Home1 Lync Access Edge h1 h1 UDP 3478 TCP 443 UDP/TCP 50000. UDP/TCP 59999 w1 w1 w1 Work1 Lync A/V MCU Mediation ExchangeUM Inner FWA/V Edge Outer FW (no NAT)

30 h1 h2 h2 Home1 Lync Access Edge h1 h1 UDP 3478 TCP 443 UDP/TCP 50000. UDP/TCP 59999 h1 h1 Home2 Lync h2 h2 h2 Inner FW A/V Edge Outer FW (no NAT)

31 w2 w2 Inner FW 2007 Edge Work2 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP 50000. UDP/TCP 59999 w2 w1 w1 Inner FW 2007 Edge Work1 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP 50000. UDP/TCP 59999 w1 Outer FWs (no NAT)

32 w2 w2 Inner FW R2/Lync Edge Work2 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP 50000. UDP/TCP 59999 w2 w1 w1 Inner FW R2/Lync Edge Work1 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP 50000. UDP/TCP 59999 w1 Outer FWs (no NAT)

33 w2 w2 Inner FW 2007 Edge Work2 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP 50000. UDP/TCP 59999 w2 w1 w1 Inner FW R2/Lync Edge Work1 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP 50000. UDP/TCP 59999 w1 Outer FWs (no NAT)

34

35 443 TCP 3478 UDP 443 TCP 3478 UDP 50,000 port range 50,000 port range 443 TCP 3478 UDP 443 TCP 3478 UDP 50,000 port range 50,000 port range 443 TCP 3478 UDP 443 TCP 3478 UDP 50,000 port range 50,000 port range 443 TCP 3478 UDP 443 TCP 3478 UDP 50,000 port range 50,000 port range

36 A/V Edge A/V Edge UDP TCP TLS External Firewall Lync A/V Auth Internal Firewall Lync FE Server Access Edge Service SIP Register SIP Service Issue Load Balancers Allocate UDP Allocate TCP

37

38

39 ICE BootstrapUCCP Log Tip AVEdge Provisioning Search mrasuri for SIP 200OK provisioning response Confirms pool is configured with A/V Edge server AVEdge Credentials Search credentialsRequestID for SIP SERVICE Confirms A/V Edge is running and reachable on internal port TCP5062 ICE NegotiationUCCP Log Tip Address Discovery Search a=candidate to find first INVITE/200OK Check IP addresses of UDP/TCP candidate pairs in INVITE Confirms local endpoint** can reach A/V Edge server Address Exchange Search a=candidate to find first INVITE/200OK Check IP address of UDP/TCP candidate pairs in 200OK Confirms remote endpoint** reach A/V Edge server Connectivity Checks Check Re-Invite (see below) for connectivity check result Confirms connectivity check completed Candidate Promotion Search for “a=remote-candidate” INVITE and 200OK should have only one candidate pair Confirms candidate promotion completed and the path that ICE negotiated

40

41 EXL411: Best Practices in Securing Your Microsoft Lync Server 2010 Edge Servers EXL33-HOL: Deploying a Microsoft Lync Server 2010 Architecture Product Demo Stations: Friday 13:00-15:00 70-664: TS: Microsoft Lync Server 2010, Configuring 70-665: PRO: Microsoft Lync Server 2010, Administrator Find Me Later At…

42 Connect. Share. Discuss. http://europe.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn

43 Evaluations http://europe.msteched.com/sessions Submit your evals online

44 tbinder@microsoft.com

Download ppt "Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412."

Similar presentations

Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
Lync 2014 4/11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Lync /11/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
UC403: Lync & Network Interaction

UC403: Lync & Network Interaction
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Microsoft Exchange Server 2010 SP2 Tips & Tricks Scott Schnoll Principal Technical Writer Microsoft Corporation EXL305_R.

Microsoft Exchange Server 2010 SP2 Tips & Tricks Scott Schnoll Principal Technical Writer Microsoft Corporation EXL305_R.
Kevin Donovan Program Manager, Office BI Microsoft Corporation

Kevin Donovan Program Manager, Office BI Microsoft Corporation
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.
externalinternal SIP Proxy a w.

externalinternal SIP Proxy a w.
Lync Deep Dive: Edge Media Connectivity with ICE Bryan Nyce UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.

Lync Deep Dive: Edge Media Connectivity with ICE Bryan Nyce UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.
SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.
What's New in Microsoft Deployment Toolkit 2012 Michael Niehaus Senior Program Manager Microsoft Corporation.

What's New in Microsoft Deployment Toolkit 2012 Michael Niehaus Senior Program Manager Microsoft Corporation.
Introducing the New Visual Studio 2012 Unit Testing Experience Peter Provost Sr. Program Manager Lead Microsoft Corporation DEV214.

Introducing the New Visual Studio 2012 Unit Testing Experience Peter Provost Sr. Program Manager Lead Microsoft Corporation DEV214.
Customizing and Extending ADFS 2.0 Brian Puhl Technology Architect Microsoft Corporation SIA318.

Customizing and Extending ADFS 2.0 Brian Puhl Technology Architect Microsoft Corporation SIA318.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Troubleshooting Windows 7 Deployments Michael Niehaus Senior Program Manager Microsoft Corporation.

Troubleshooting Windows 7 Deployments Michael Niehaus Senior Program Manager Microsoft Corporation.
High Availability and Web Publishing for UC Deployments Load Balancing & Reverse Proxy October 24, 2013 Bhargav Shukla Director – Product Research and.

High Availability and Web Publishing for UC Deployments Load Balancing & Reverse Proxy October 24, 2013 Bhargav Shukla Director – Product Research and.
Windows Azure SQL Reporting Dany Hoter Senior Program Manager Microsoft Corporation Ola Lavi Software Development Engineer Microsoft Corporation.

Windows Azure SQL Reporting Dany Hoter Senior Program Manager Microsoft Corporation Ola Lavi Software Development Engineer Microsoft Corporation.
SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

SIP, NAT, Firewall SIP NAT Firewall How to Traversal NAT/Firewall for SIP.

Similar presentations

Ads by Google