1. Microsoft Corporation
4/20/2017 5:13 AM
Microsoft® Lync™ Server 2010 High Availability and Resiliency Module 12
Microsoft Corporation
Slide Objective:
Notes:

2. Session Objectives and Takeaways
4/20/2017
Session Objectives and Takeaways
Session Objectives:
Resiliency Architecture
Branch Office Resiliency
Data Center Resiliency
Takeaways:
Microsoft Lync Server 2010 Architecture provides High Availability for Voice services
Survivable Branch Appliance built by UC partners delivers Voice High Availability for branch users
Metropolitan Data Center Resiliency delivers High Availability for all UC modalities across datacenters separated by high bandwidth & low latency
Voice Data Center Resiliency delivers Voice High Availability across geo-dispersed datacenters
Slide Objective: Introduce Objectives and Takeaways
Notes:
Explain the key deliveries and highlight that within OCS 2007 R2 the story around general (and especially voice) resilience was not that strong.
This session addresses this story and is one of the areas with the biggest changes/improvements
Highlight that Survivable Branch Appliances (SBAs) are a major component to establish resiliency. Also explain that a SQL geo cluster solution is no longer needed for certain scenarios to achieve availability

3. Agenda Main Concepts High Availability Branch Office Resiliency
Data Center Voice Resiliency
Metropolitan Data Center Resiliency
Slide Objective: Discuss Agenda
Notes:

4. Main Concepts
Slide Objective:
Notes:

5. Survivable Branch Appliance (SBA)
A purpose-built appliance optimized to provide resilient multi-modal communication for maximizing branch office user productivity
Data Center
Lync
Pool
Edge
Server
Branch Office
SBA
WAN
PSTN
Components
Functionality
Go-To Market
Windows Server® 2008 R2
Mediation Server
Registrar
PSTN Gateway
Normal/Failover mode
SIP Registrar
SIP Proxy and Routing engine
PSTN connectivity
Voic routing
PSTN re-routing
Centrally provisioned
Up to 1000 user support
OEM (Embedded channel)
5 partners
Audiocodes
Dialogic
Ferrari HP
NET
Slide Objective: Briefly describe SBA
Notes:
It is an appliance with built in ISDN card and Lync Server 2010 role on top
It is mainly used in branch office scenarios to ensure a majority of Lync services (especially telephony related ones)
Explain that a special lifecycle is taken into place to ensure that devices are up to date, when they have been deployed into your environment. Further details about the devices are covered later in this module

6. Terminology
DNS Load Balancing (DNS LB) is NOT the same as DNS Round Robin (DNS RR)
DNS RR: DNS Server is configured for Round Robin and returns a list of IP addresses for a Pool FQDN in different order
Pool.contoso.com resolves to IP1, IP2, IP3
DNS Server replies to 1st Query with (IP1, IP2, IP3)
DNS Server replies to 2nd Query with (IP2, IP1, IP3)
DNS Server replies to 3rd Query with (IP3, IP2, IP1)
DNS Load balancing
Lync Clients and Servers are able to understand multiple IP addresses (Ex: IP1, IP2, IP3)
Clients failover if connectivity to one IP fails
Servers failover as well as load balance traffic across these IPs
DNS RR complements DNS Load Balancing
Slide Objective: Define DNS LB and its process
Notes:
The process of DNS load balancing is simple:
The front-end servers register their fully qualified domain name (FQDN) as A records in DNS
When the Enterprise pool is created, the pool FQDN (that is, the SRV record) is registered to return from DNS the list of IP addresses of all the front-end servers
The client attempts to connect to one of the IP addresses that were returned. If this connection fails, the client attempts to connect to the next IP address in the list until the connection succeeds
Is this DNS “round robin”? Not quite. DNS “round robin” typically refers to a method of load balancing the results of the DNS query: the first client connection request receives the first record, the second query receives the second record, and so on. In each case, only one record is returned. There is no intelligence behind this method to facilitate failover—purely a connection-distribution method
From
by Keith Hanna

7. DNS Load Balancing Goals
Simplify Hardware Load Balancer (HLB) Configuration
Reduce dependence on HLB
DNS LB supported for Internal Pool, Director Pool
All Server-Server and Client-Server SIP traffic
All Server-Server HTTP traffic
Media traffic
Support Draining of Applications
Improve Load balancing of server-server traffic (Ex: Access Edge – Director)
Eliminating HLB is not a goal
HLB still be required
Client – Server HTTP & HTTP(s) traffic (ABS, DLX, LIS, etc.)
Edge – High availability for PIC and legacy clients
Slide Objective:
Notes:

8. Domain Name System Load Balancing Sample Configuration
For a Lync Server Pool ocspool1.contoso.com with 3 FEs: FE1, FE2, FE3
DNS FQDN
DNS A Record IP
Pool VIP
ocspool1.contoso.com FE
FE1.contoso.com
FE2.contoso.com
FE3.contoso.com
DNS FQDN
DNS A Record IP
Web VIP
lyncweb1.contoso.com
Pool
lyncpool1.contoso.com FE
FE1.contoso.com
FE2.contoso.com
FE3.contoso.com
Pool DNS A Entries
Machine DNS A Entries
OCS 2007 R2 HLB - DNS Configuration
Lync Server DNS LB - DNS Configuration
Slide Objective: Explain the sample configuration
Notes:
Without using DNS load balancing, this FQDN would resolve to the IP address of the hardware load balancer, which in turn would be responsible for directing traffic to front-end servers
The client queries DNS to resolve the FQDN of the pool (for example, ocspool1.contoso.com) similar to Office Communications Server 2007 R2. Instead of returning the virtual IP address of the hardware load balancer, the DNS query returns the list of front-end server FQDNs as shown in the table. With previous versions of Lync Server 2010, this query would return the IP address of the hardware load balancer
In Lync Server 2010, the DNS query returns the list, { , , }, to the client. The order in which these are returned to the client is irrelevant. The client chooses an IP address from the list at random, and then attempt to connect to the front-end server. If the connection fails, the client continues down the list in a random fashion until a successful connection to the pool is achieved or the list is empty

9. Other Resiliency Enhancements
DNS Based Load Balancing for Internal Pools
Only Client – Server HTTP traffic can be DNS Load Balanced
All other traffic CANNOT be DNS Load Balanced
Still require HLB for this traffic (NLB not supported)
Draining: Ability to “drain a server” before taking the server down
Session Dialog Resiliency for Conferencing
User can still participate in a conference even if the FE the user is connected to goes down
Client caches successful connections to Lync Server 2010
SIP Registrar, Media Relay Authentication Server (MRAS)/Media Relay (MR) FQDN and IP
Slide Objective:
Discuss resiliency enhancements not already introduced
Notes:
HTTP traffic can not be load balanced via DNS LB because only the new Lync Server 2010 client components support /understand this functionality
Draining: when server is switched into draining mode, all connected users get dropped off, they get redirected to the next server in their logon list and no new connections are accepted for the “drained” server. In greater detail the rtsrcv service shuts down. (CAA, CPS, RGS will not accept new calls but they still service existing calls) If Server IP1 being drained (returns 503 with special header), send all traffic to the next IP (IP2)

10. High Availability Slide Objective: Notes:
In the following section explain briefly what high availability means to us, and what the major challenges have been during the last versions of OCS

11. High Availability in OCS 2007 / 2007 R2
Office Communications Server (OCS) 2007 and R2
Bob’s Lync
2010
Bob’s Phone
Registration
Routing
Presence
Conferencing
Architecture:
One monolithic Front End Service
Dependency on single shared backend database (Registration, Routing, Presence, Conferencing)
HLB required for all traffic
Slide Objective: Explain HA Architecture from legacy systems in a few words
Notes:
Also for a clear understanding of the new system, highlight that Bob’s OC and his Phone is registered on different Front End Server. It is possible that they connect to a different front end server. In Lync Server 2010, this behavior is no longer possible. Highlight also that a granular separation of the services (registration, routing, presence, and conferencing) was not possible with OCS 2007 & OCS 2007 R2
Also highlight that a pool with multiple front end servers always required a Hardware load balancer
Remind students that with OCS 2007 R2, only one instance of SQL server was used within one pool

12. High Availability – Lync Server 2010
Microsoft Lync Server 2010
Bob’s Lync
2010
Bob’s Phone
User Services Database
(Presence and Conferencing)
Registrar
Database
HLB is optional for SIP traffic
(DNS LB is recommended)
HLB still required for client-server
HTTP Traffic
Architecture:
Registrar Role (Registration and Routing). Each registrar has its own SQL Express database
User Services Role (Presence and Conferencing)
Registrar and User Services are collocated in the datacenter (but on different servers)
All user end points register with same Front End
Users are load balanced by Registrars using a Distributed Hash Algorithm
Registrar can be installed in remote locations
(Registration and
Routing)
Slide Objective: Explain the Lync Server 2010 HA process
Notes:
Start to explain, that with in Lync Server 2010 every user logs on against a predefined front end server within one pool. (briefly describe the hash algorithm procedure to generate a logon sequence per SIP URI). Highlight clearly that Bob is connected to ONE front end server, regardless of how many sip endpoints he uses in parallel. Looking for details? -> nexthop.info (Introducing DNS Load Balancing in Lync Server 2010)
Explain that every server within Lync Server 2010 has its own SQL express database which is used for several purposes in this example for registration and routing
HLB Is Optional and is NOT Recommended for SIP traffic. DNS LB is recommended to make HLB configuration easier (Web only). In order to reduce failed call incidents due to HLB misconfiguration, it is desirable to get the HLB out of the main SIP routing path
HLB is advised for SIP traffic only for the scenario where a customer plans to be in co-existence (OCS & Lync Server 2010, OCS 2007 R2 & Lync Server 2010) for a large amount of time (ex: six months+)

13. Resiliency Architecture
Registrar
SBA
Branch Office
Joe’s Primary Registrar = SBA., User Services = EE Pool1
Data Center - EE Pool 1
Bob’s Primary Registrar
& User Services = EE Pool 1
Presence
Conferencing
Registrar
(Registration
& Routing)
AD & DNS
Backup
Registrar
Pool
Data Center - EE Pool 2
Presence
Conferencing
Registrar
(Registration
& Routing)
Alice’s Primary Registrar
& User Services = EE Pool 2
AD & DNS
Backup
Pool
Architecture:
Each user has a “Primary Registrar Pool”. Each Registrar Pool can have a “Backup Registrar Pool”
User’s client discovers a Registrar Pool through DNS SRV. Directed to “Primary & Backup Registrar Pool”
Backup Registrar heart-beats Primary Registrar. If heart-beat not received within Configurable Failover Interval (default = 120 sec for branch offices), Backup starts accepting client registrations
Slide Objective: Discuss architecture within Lync Server 2010
Notes:
Start with the explanation that within Lync Server 2010 every SIP account has its primary and secondary (backup) registrar pool. With this feature a SIP account is able to log on against various pools, the example above shows that a user (Bob) can also register against the SBA in the branch office. Make sure that students understand that presence and conferencing info from pool 1 (data center) are not transferred to pool 2 (data center 2). In case of a failure from pool 1 users are able to log on against backup pool (2) but not all features will be available when they are signed in on their backup pool. A diagram with details will be shown later in this presentation
What does the branch office user count?
Branch User’s Primary Registrar Pool = Survivable Branch Appliance (SBA) Backup Registrar Pool = Data Center Lync Server 2010 Pool
Branch Users always register with the SBA Registrar (Primary) unless it is unavailable

14. Branch Resiliency
Slide Objective:
Notes:

15. Branch Resiliency Options
4/20/2017 5:13 AM
Large Branch (>1000 users)
Survivable Branch Server (or SE Server)
AND Separate Media Gateway
1000
Medium Branch ( users)
SBA
Lync
PSTN / WAN
500
Small Branch (<25 users)
No Local Infrastructure
Or gateway (GW) Only 25
Slide Objective: Provide a quick overview with some estimates for when an SBA can be considered. (On the right-hand some user counts are provided to get an idea when its maybe useful to introduce an SBA). Remember that this slide does not replace a good planning session with your local MCS team
Notes:
Keep in mind that a Lync Server 2010 site (own definition) only supports 2 SBAs
How is a Lync Server 2010 site defined (if site is defined by a subnet or a number of subnets)
Also mention that if you have multiple SBAs they can not be backup for each other
Users

16. Branch Client Registration Scenarios
Lync Server 2010 Pool
PSTN
Data Center
Lync Server 2010 Pool
Edge
Server
SBA
WAN
PSTN
Data Center
Lync Server 2010 Pool
Edge
Server
SBA
WAN
PSTN
WAN
Normal Mode
Users Register with SBA
Signaling
WAN Down
No change
SBA Down
Users register with Backup Registrar Pool in the datacenter
Slide Objectives: Introduce each diagram of the registration scenarios
Notes:
First diagram:
User Registers against local SBA, WAN, and PSTN availability is available
Second diagram:
If the WAN goes down, user is still able to log on against his local SBA. User registration is not effected. Keep in mind that an SBA relies on the user services provided from the pool, so the clients will be effected
Last diagram:
Local SBA goes down, as long as WAN availability is in place users are able to log on against their backup (here in datacenter) registrar pool. If the WAN also goes down, users are no longer able to sign in. Again highlight that the new client uses features like SIP registrar caching to contact the last successful registrar server before connection attempts are made to the backup pool

17. Client Media and Signaling Paths WAN available
PSTN
Data Center
Lync Server 2010 Pool
Edge
Server
SBA
WAN
PSTN
Data Center
Lync Server 2010 Pool
Edge
Server
SBA
WAN
PSTN
WAN
Intra-Branch calls
Signaling/media don’t traverse wide area network (WAN)
SBA routes the call between the users
Media
Signaling
Branch PSTN calls
SBA sends the call to Public Switched Telephone Network (PSTN)
No WAN involved
Inter-Branch/ HQ calls
Signaling/media traverse WAN
SBA routes the call to the other cluster
Slide Objective: Introduce each diagram of media and signaling paths
Notes:
Audience should be aware that we are always looking for the shortest media path, to ensure best quality of the transferred media
First diagram:
Media between two clients is the same as OCS 2007/R2, point to point, signaling is relayed via SBA and not via Pool because of the registrar and routing service on the front end server
Second diagram:
Signaling happens via SBA and home pool of the second contact, whereas media is sent directly from endpoint to endpoint. If the WAN breaks, Lync Server 2010 has a built in logic to reroute the call (details about this functionality are provided on the next slide)
Last diagram:
Shows a call into the PSTN, in this case the SBA routes the traffic to the PBX (signaling and media) there is no involvement of the home pool in the datacenter. Involvement of the datacenter happens if the user organizes a conference, this information is stored on the Backend of the pool

18. Client Voice Media and Signaling Paths Key failure scenarios
PSTN
Data Center
Lync Server 2010 Pool
Edge
Server
SBA
WAN
Gateway
PSTN
Data Center
Lync Server 2010 Pool
Edge
Server
SBA
WAN
Gateway
Lync Server 2010 Pool
PSTN
WAN
Intra-Branch calls
No impact on two party voice/video /IM/App sharing
Audio conferencing possible (through PSTN)
No Presence or Video conferencing
Media
Signaling
Inter-Branch/ HQ calls
SBA initiates PSTN re-routing
Media is over PSTN (only voice)
SBA Down
Clients register with Backup Registrar Pool in datacenter
All functionality driven by that pool over the WAN
No loss in functionality
Slide Objective: Introduce each diagram of voice media and signaling paths
Notes:
First diagram:
As the WAN is not involved in the communication between the two endpoints it is not affected
Second diagram:
As the WAN is unavailable, Lync Server 2010 tries to reroute the call via PSTN. SBA initiates a PSTN call instead of a Lync 2010 call (User receive a message that indicates that the call will be rerouted to PSTN because of infrastructure problems). In the datacenter, the incoming call is handled as all other incoming calls (signaling travels via Media GW & pool, whereas the Media is sent directly to the endpoint)
Last diagram:
Local SBA goes down, the signaling travels via backup registrar (in this case the Pool in the datacenter). The media itself is sent between the two endpoints

19. User Interface in Normal and Survivability Mode
Features Available when WAN Down
PSTN Inbound and Outbound calls
Intra-Site calls
Inter site calls (PSTN Rerouting)
Hold, Retrieve, Transfer
Authentication, Authorization
Voic Deposit (Redirect to Exchange UM in Data Center)
Voic Retrieve (through PSTN)
Call Forwarding, SimulRing
Boss-Admin, Team-call
Call Detail Records (CDR)
All 2 Party Intra Site communications
Audio Conferencing through PSTN
Contact Search
WAN Up
All Features Available
WAN Down
Basic Voice Features Available
Features Unavailable
Inter-site Data (IM, App Sharing, etc.)
Conferencing (IM, Video and Web)
Presence & DND based routing
Modify Presence or Change Call Forwarding Settings
Contact List
Response Group and Call Park
 Resilient Lync Server 2010 clients: Lync 2010, Attendant Console, Lync Phone Edition
Slide Objective: This slide explains the available functions if a user is registered against a pool
Notes:
If the registrar goes down the client automatically registers against the backup registrar (In this case SBA). The available functions are highlighted in green on the right hand. Explain that this separation represents, on a high-level base, the new separation of the two available services (on the Front end server, the routing and registrar service, and on the backend the presence and conferencing service)

20. Branch Office: Lync Server 2010 Discovery
WAN
Branch Office
Data Center
1. DNS SRV Query
Response: (Multiple) Director Pool FQDN
AD DS & DNS
2. TLS to Director Pool. SIP Register
Bob
Response: 401 Redirect to Cert Provisioning
Lync Server 2010
Director
5. SIP Register
Response: 301 Redirect
Primary: SBA FQDN, Backup: EE Pool FQDN
3. https;//PoolFQDN/CertSvc
6. SIP-TLS Register
200 OK
(Cert Auth)
Client caches SBA FQDN
And IP Address
IIS - IWA Auth
Get Certificate
SBA
4. Certificate Replication
Lync Server 2010 Enterprise Edition Pool
Slide Objective: Explain each process listed on the slide
Notes:
1. As with OCS 2007 & OCS 2007 R2, the client queries DNS SRV to provide a Lync Server 2010 Pool FQDN (in this case a Director Server). The DNS server returns a Director Pool FQDN (it can also return multiple addresses for DNS load balancing purposes)
2. A TLS SIP register request is sent to the Director server
The server returns a 401 certificate challenge, (ensure that audience understands that this certificate request is different from an AD cert authority)
Lync Server 2010 provides its “own” CA which is only used for authentication purposes
3. The client connects the Lync Server 2010 certificate service with its windows credentials
4. The pool creates a certificate and returns it to the client as well as the server (it’s more like a token which is issued from Lync Server 2010 to the client). It can only be used within Lync Server The reason for issuing the certificate is that the client sign-in no longer relies on Domain controllers. So if the WAN is down, a user can authenticate against Lync Server 2010 servers without the need to contact the DC in the Datacenter
5. With the issued certificate, the client tries again to register against the pool. In this case, the Director returns a 301 redirect message to redirect the server to the local SBA
6. The client is now able to authenticate against the SBA. The client caches locally the SBA FQDN and the IP address and therefore the dependency for DNS no longer exists. The client only needs to contact the server for the first login. Another advantage is that future logons are faster, since the entire procedure does not have to happen again

21. Branch Office – Server Connectivity when WAN Is Down
Data Center
Branch Office
SBA
Bob
TLS to cached FQDN and IP
SIP Register
(Cert Auth)
200 OK
AD DS & DNS
Lync Server 2010
Director
WAN
Branch Office
Alice
(new client)
TLS to SBA FQDN
SIP Register
(Cert Auth)
DHCP Server or
Lync DHCP on SBA
DHCP Options
120 Query
SBA FQDN
200 OK
SBA
Lync Server 2010 EE Pool
Slide Objective: Explain the methods for connection when the WAN is down
Notes:
If the WAN goes down, the client is still able to connect to its SBA via one of the two following depicted methods
The client has cached the FQDN and the IP address to connect to the SBA
The client queries DHCP Option 120 (this returns the SBA FQDN)
Therefore you can either configure an existing DHCP server or enable the Lync Server 2010 DHCP (this is a small DHCP server that only server Option 120 and Option 43 DHCP queries) with the configured response (the FQDN of SBA)
After one of these methods, the client receives a certificate challenge, he responds with the issued certificate and is afterwards successfully logged on to the SBA
Keep in mind that not all functionality is available if the SBA has no connection to the pool in the Datacenter

22. Data Center Voice Resiliency
Slide Objective:
Notes:

23. Data Center Voice Resiliency (EE) Failover to backup data center
Features Available to Users
In Case of Data Center Disaster
PSTN Inbound calls (if Carrier offers this resiliency)
PSTN Outbound calls
Intra-Site calls and Inter site calls
Hold, Retrieve, Transfer
Authentication, Authorization
2 Party Intra Site Instant Messaging (IM) and Audio/Video (A/V)
Call Detail Records (CDR)
Call Forwarding, SimulRing
Boss-Admin, Team-call
Join conferences scheduled by users homed on other pool
Lync Server 2010 Edge1
Lync Server 2010 Pool 1
North America Data Center
Lync Server 2010 Edge2
Lync Server Pool 2
Europe Data Center
WAN
Backup
Registrar
Failover
Features Unavailable
Conferencing Auto Attendant (AA) (through PSTN)
Schedule IM, A/V & Web Conferences
Presence and Do Not Disturb (DND) based routing
Updating Call Forwarding settings
Response Group Service & Call Park
Voic Deposit (Redirect to Exchange UM in the datacenter)
Voic Retrieve (through PSTN)
Lync Server 2010 Pool. That Lync Server 2010 Pool directs client to primary and backup SIP registrar
Client attempts connect to Primary Registrar Pool, if fails, connects to Backup
Limited feature set available on failover
Enable/Disable Automatic failover, Configurable Failover interval
Automatic Failback, Configurable Failback interval (No manual failback. Workaround: Stop Front End Services on Primary Registrar pool servers)
What happens if Primary Data Center cannot be restored?
Slide Objective: Discuss failover
Notes:
In this case, Lync Server 2010 is NOT split across two data centers, but instead, there are two separate Lync Server 2010 installations. Users can fail over from one to the other, but functionality is lost at failover if it relies on information stored in the Lync Server 2010 backend. This includes the vast majority of “unavailable features” – user call forwarding settings, etc., can only be restored by manually copying those settings from a backup into the backend in the second pool. Voic issues here are the same as in the previous scenario
Two modes for failover and failback
Automatic: backup connection after configurable interval
Manual: administrator switch enables connection (manual capability avoids failover on transient)
What happens if primary datacenter cannot be restored?
Restore Central management Server in backup datacenter
Restore other services including Presence, Conferencing by “moving” users to other Pool

24. Data Center Voice Resiliency (SE) Failover to backup data center
Features Available to Users
In Case of Data Center Disaster
PSTN Inbound calls (if Carrier offers this resiliency)
PSTN Outbound calls
Intra-Site calls and Inter site calls
Hold, Retrieve, Transfer
Authentication, Authorization
2 Party Intra Site Instant Messaging (IM) and Audio/Video (A/V)
Call Detail Records (CDR)
Call Forwarding, SimulRing
Boss-Admin, Team-call
Join conferences scheduled by users homed on other pool
North America Data Center
Europe Data Center
WAN
Backup
Registrar
Lync Server 2010 Edge1
Lync Server 2010 Pool 1
WAN
Lync Server Pool 2
Lync Server 2010 Edge2
Failover
Features Unavailable
Conferencing Auto Attendant (AA) (through PSTN)
Schedule IM, A/V & Web Conferences
Presence and Do Not Disturb (DND) based routing
Updating Call Forwarding settings
Response Group Service & Call Park
Voic Deposit (Redirect to Exchange UM in the datacenter)
Voic Retrieve (through PSTN)
SE Servers operate as separate systems
Client DNS SRV request discovers (one or multiple) Lync Server 2010 SE. That Lync Server 2010 SE sever directs client to primary and backup SIP registrar
Client attempts connect to Primary Registrar, if fails, connects to Backup
Limited feature set available on failover
Enable/Disable Automatic failover, Configurable Failover interval
Automatic Failback, Configurable Failback interval (No manual failback. Workaround: Stop Front End Services on Primary Registrar servers)
If Primary Data Center cannot be restored:
Restore Central management Server in backup datacenter
Restore other services including Presence, Conferencing by “moving” users to other Pool
Slide Objective: Discuss failover
Notes:
In this case, Lync Server 2010 is NOT split across two data centers, but instead, there are two separate Lync Server 2010 installations. Users can fail over from one to the other, but functionality is lost at failover if it relies on information stored in the Lync Server 2010 backend. This includes the vast majority of “unavailable features” – user call forwarding settings, etc., can only be restored by manually copying those settings from a backup into the backend in the second pool. Voic issues here are the same as in the previous slide
Two modes for failover and failback
Automatic: backup connection after configurable interval
Manual: administrator switch enables connection (manual capability avoids failover on transient 24

25. Lync Server 2010 Director Pool
Data Center Voice Resiliency Failover to backup data center (discovery)
North America Data Center
Europe Data Center
Backup
Registrar
Lync Server 2010 Edge1
WAN
Lync Server 2010 Director Pool
Lync Server Pool 1
Lync Server 2010 Pool 2
Lync Server 2010
Edge2
(6)
(3)
(4)
(5)
AD DS & DNS
(1)
(2)
Client DNS SRV request. Example: DNS SRV for _sipinternaltls._tcp.contoso.com
DNS SRV Response includes
Lync Server 2010 Director Pool.contoso.com:5061 Priority=0, Weight=10
Pool2.contoso.com:5061 Priority=1 , Weight=10
Client connects via TLS to Lync Server 2010 Director Pool. Sends SIP Register. Authenticates
Lync Server 2010 Director Pool redirects client. SIP 301 includes Primary & Backup Registrar pool
If Primary Registrar Pool is available, client connects and registers with it
Else client connects and registers with Backup Registrar Pool (Lync Server 2010 Pool 2)
Slide Objective: Discuss failover
Notes:
1. As with OCS 2007 & OCS 2007 R2, the client queries DNS SRV to provide a Lync Server 2010 Pool FQDN (in this case a Director Server). The DNS server returns the Director Pool FQDN (it can also return multiple addresses for DNS load balancing purposes)
2. A TLS SIP register request is sent to the Director server.
The server returns a 401 certificate challenge, (ensure that audience understands that this certificate request is different from an AD cert authority)
Lync Server 2010 provides its “own” CA which is only used for authentication purposes
3. The client connect the Lync Server 2010 certificate service with its Windows credentials
4. The pool creates a certificate and returns it to the client as well as the server (it’s more like a token which is issued from Lync Server 2010 to the client). It can only be used within Lync Server 2010
5. With the issued certificate the client tries again to register against the pool. In this case the Director returns a 301 redirect message to redirect the client to the Pool
6. If the primary pool becomes unavailable, the client automatically connects to the backup registrar

26. Metropolitan Data Center Resiliency
Slide Objective:
Notes:

27. Metropolitan Data Center Resiliency Lync Server 2010 Pool extended across two data centers
NY Data Center
NJ Data Center
Features Available to Users
If One Data Center goes Down
PSTN Inbound calls
PSTN Outbound calls
Intra-Site calls and Inter site calls
Hold, Retrieve, Transfer
Authentication, Authorization
2 Party Intra Site IM and A/V
Call Detail Records (CDR)
Call Forwarding, SimulRing
Boss-Admin, Team-call
Voice Apps (CAA, Response Group, Call Park)
Conferencing (IM, A/V and Web)
Presence and DND based routing
Updating Call Forwarding settings
Active SQL
Passive SQL
Low-Latency
WAN
Lync Server 2010 Edge
FE 1-2
FE 3-4
Lync Server 2010 Edge
Lync Server 2010 pools operate as one logical system
Split Front End pool across two datacenters (all FEs active)
SQL Geo cluster for backend (Stretched Virtual Local Area Network (VLAN))
Data replication is done by storage arrays (Ex: EMC SRDF, HP CLX EVA)
Requires low latency WAN (15 milliseconds)
In one site is down, clients are serviced by FEs in other site
Nearly all features available
PSTN termination may affect inbound calls
Failback has to be manually initiated
Features Available Depending on Ex-UM Deployment
Voic Deposit
Voic Retrieve
Slide Objective: Explain how Lync Server 2010 works when split over two data centers
Notes:
In this case, Lync Server 2010 is effectively split across two data centers – if one data center is lost, the user fails over to the second and still has almost all features, much like the case where a single server is lost in a Lync Server 2010 pool
Ability to leave voic for the user is lost if the user’s DID number terminates in the failed data center and the associated gateways or SIP trunk connections are lost. This is expected to be a likely case, so ensure SIP trunk connections are fault-tolerant
Response group service is an app running on local pool
Further talking points:
If you plan to deploy this Lync Server 2010 architecture you need to ensure that you have a geo- cluster for SQL Server (this is necessary for the functionality of the SQL Server not the Lync Server Server)
The entire pool works as one logical unit

28. Metropolitan Data Center Resiliency Lync Server 2010 Pool extended across two data centers
Features Available to Users
If One Data Center goes Down
PSTN Inbound calls
PSTN Outbound calls
Intra-Site calls and Inter site calls
Hold, Retrieve, Transfer
Authentication, Authorization
2 Party Intra Site IM and A/V
Call Detail Records (CDR)
Call Forwarding, SimulRing
Boss-Admin, Team-call
Voice Apps (CAA, Response Group, Call Park)
Conferencing (IM, A/V and Web)
Presence and DND based routing
Updating Call Forwarding settings
NY Data Center
NJ Data Center
Active SQL
Passive SQL
Low-Latency
WAN
Lync Server 2010 Edge
Lync Server 2010 Edge
FE 1-2
FE 3-4
DNS Srv
Features Available Depending on Ex-UM Deployment
Voic Deposit
Voic Retrieve
DNS Server
Pool.contoso.com
Slide Objective: Explain how Lync Server 2010 works when split over two data centers
Notes:
Once again a more detailed flow:
Lync Server 2010 client queries a local DNS Server (if necessary) to get the pool FQDN (remember this can also happen via Clientcache or DCHP option 120)
Afterwards the client connects to its primary front end server
In the event of a failover in datacenter NY
The SQL Server cluster initiates a failover (SQL Server in the backup datacenter becomes the active SQL Server)
The client automatically tries to connect to the next server in the generated log on list for the specific SIP URI. This happens until the client is able to log on to the next available server
What happens to the client:
The client should sign out and sign in in a short amount of time (media conversation should not break)
Why are two options marked as not working in the deck?
Ability to leave voic for the user is lost if the user’s DID number terminates in the failed data center and the associated gateways or SIP trunk connections are lost. This is expected to be a likely case, so ensure that SIP trunk terminations are fault tolerant.

29. Survivable Branch Appliance
Slide Objective: In this section explain some details behind the SBAs
Notes:

30. Survivable Branch Appliance
SBA
Centrally Managed
Sold and supported by UC partners
Appliance form factor with Hardened Windows Server 2008 R2
Voice high availability for branches
Slide Objective: Describe the primary purpose for the SBA
Notes:
This is high availability of the voice functionality, especially for branch offices. The device combines all the functionalities of a simple media Gateway with the advantages of the Mediation server combined with the new features of the registration service
They are sold by UC partners and a list of certified devices is available and is posted on the UC open interoperability website
Another requirement was to create an appliance in a form factor to stay in a rack with a hardened operating system
Due to the new architecture of Lync Server 2010, it is also an appliance which is centrally manageable. Remember you can plan and configure the SBA via Topology Builder and configure further details (normalization rules) via central management console.

31. Survivable Branch Appliance Deployment Simple, easy, repeatable
Data Center
Lync Server 2010 Administrator (Data Center)
AD Computer
Add SBA to
Topology
Move Users to SBA
Branch
SBA Drop Shipped w/
Software installed
Technician connects to SBA-WEB based GUI
IP Configuration
Join to Domain
Enable Lync Server 2010 Replica
SBA downloads topology & config
Request/Assign Certs
Start Lync Server 2010 services
Finish GW Config
Test PSTN Connectivity-Make/Receive call using Test User account
Slide Objective:
What does a sample deployment look like?
Notes:
In this case we had a domain administrator who connects to AD and pre-creates a computer account (for the SBA) in the branch office
Afterward he has done this the SBA is added to the Lync Server 2010 Topology via Topology designer. These are the only steps which had to happen before the SBA can be deployed in the branch
Afterwards the SBA gets dropped from the vendor to the branch with preinstalled software. The local administrator connects to the device via webinterface and configure the IP address, so that the SBA is reachable and he connects the SBA to the domain. After the IP configuration the ISDN connection to the PBX or PSTN has to happen
The SBA receives the configuration information from the centralized store. Now the certificates had to be assigned to the SBA and afterwards the administrator can start the services
In the datacenter the Lync Server 2010 administrator moves the User from the local pool to the SBA

32. SBA – Central Management Centralizing move, add, changes
Lync Server 2010 administrator (Data Center)
Lync Server 2010 Central Management
Server
Store Configuration
Replicate to SBA
Change Normalization Rules
Change Routing Rules
Change User Policies
Data Center
Survivable Branch Appliance
Replicated to the SBA
Branch
Slide Objective:
Discuss central management
Notes:
The global Lync Server 2010 admin is able to configure the settings for normalization rule, routing rules etc. via centralized management console
The configuration setting gets stored in the central management store and finally replicated to the SBA
The big advantage with this procedure is that the administrator doesn’t have to have any knowledge of the underlying SBA, he pushes only the necessary rules to the defined SBA
Remember that with Lync Server 2010 we have global settings: these settings affect all SBAs
The other options is the site setting: these settings affect all SBAs in the Lync Server 2010 site

33. Survivable Branch Appliance Support and service
SBA is supported and serviced by the SBA partner
Windows Server Updates
SBA partner can act as the gatekeeper OR
Customers can deploy updates
Microsoft Lync Server 2010 updates
SBA partner will test and release product notice on whether a particular update can be applied on the SBA
Compatibility issues
Partner notifies the customer on updates compatibility
Original equipment manufacturer (OEM) notified about impending Lync Server 2010 Updates
OEM Downloads and tests the updates
Partner addresses the issue if any
X-5 Biz Days
Date X
MSFT Update
X+30 Days
Slide Objective:
Explain support and service for SBA
Notes:
As the SBA is a product of one of our partners, the entire lifecycle is managed from our partners
Windows updates can be deployed on the customer’s lifecycle, or the customer can deploy updates with the approval of the SBA partners
The second software which needs to be updated is the Lync Server 2010 on the SBA. These Updates will be tested from the partners and customers will be noticed if a particular update can be deployed
The timeline below shows the defined frame for Lync Server 2010 server updates

34. Survivable Branch Appliance Partner Solutions
Audiocodes two form factor
M1k –1U, 4E1/T1, redundant power supply
MSBG-Firewall, Routing engine
M2k – 1U, 480 concurrent calls, redundant power supply
Dialogic DMG 4000
1U, 4 E1/T1
Redundant power supply
NET UX Series
1U, 8 E1/T1, Redundant power supply
Ferrari
1U, 4 E1/T1, Redundant Power supply
HP Procurve
Survivable Branch Appliance Module running on 54xx switch Chassis
Redundant Power supply, 8 E1/T1, Layer 2 functionality
Audiocodes: Existing M1k and M2k gateways can be converted to SBA
Dialogic: Existing DMG4000 Hybrid can be converted to SBA
NET: New HW to support SBA. Migration plan for customers wanting to move to UX platform
Ferrari: Existing R2 Hybrid gateway can be converted into SBA
HP: Customers using ProCurve switches can convert it into a SBA by buying the module
Slide Objective:
Notes:

35. Summary
Lync Server 2010 Architecture provides High Availability for Voice services
Survivable Branch Appliance built by UC partners delivers Voice High Availability for branch users
Metropolitan Data Center Resiliency delivers High Availability for all UC modalities across datacenters separated by high bandwidth and low latency
Voice Data Center Resiliency delivers Voice High Availability across geographically dispersed datacenters
Slide Objective: Highlight again the key takeaways of this session
Notes:
High availability for voice scenarios: reemphasize that all core features (except conferencing) works with voice datacenter resiliency scenarios
SBAs as the devices which deliver the voice high availability in branch office scenarios
The metropolitan data center scenarios which offer high availability for all UC modalities, not only voice but also conferencing

36. Q&A
Slide Objective:
Notes:

37. Appendix – Survivable Branch Appliance Partners
Slide Objective:
Notes:

38. Dialogic® 4000 Media Gateway Series Survivable Branch Appliance
Dialogic® 4000 Media Gateway Series (DMG4000)
Broad Hybrid Gateway Product Line and Scalability
8 port, 8 channel FXO - Analog to SIP
8 port, 16 channel - BRI to SIP
24/30 channel - T1/E1 to SIP
48/60 channels - dual T1/E1 to SIP
96/120 channels - Quad T1/E1 to SIP
Complete Support for Microsoft Unified Communications
Qualified Hybrid Gateway for Office Communications Server 2007 R2
Performs Mediation Server Role
Certified for Exchange Server 2010 Unified Messaging
Ready for Lync Server 2010
Field Software Upgrade to Survivable ‘Survivable Branch Appliance’
Performs ‘Survivable Branch Appliance’ Server Role (Lync Server 2010 Release)
‘Survivable Branch Appliance’ Survivability Features
Local PSTN Connectivity
Local Lync Server 2010 Wave 14 and Analog Endpoint Registration
Alternative Routing Rules
Active Directory® Domain Services Look Up
Flexible, Cost Effective Support for Analog Devices
Support for Advanced Technology Attachments (ATAs) and Foreign Exchange Station (FXS) Gateways from Grandstream and Cisco
Easy to deploy - 1, 2, 4, 8, 24 port solutions
Low cost per port
Interface for any number of Analog Devices
Conference Phones, Fax Machines, Plain Old Telephone System (POTS), elevator phones, loading docks, checkout registers, paging systems, etc.
Complete PBX, PSTN, IP and Fax Protocol Support
Analog Foreign Exchange Office (FXO), Primary Rte Interface (PRI), Basic Rate Interface (BRI), Integrated Services Digital Network (ISDN), code access security (CAS), Q.SIG protocols
SIP (RFC32XX), Microsoft SIP (TCP Transport), Microsoft Secure SIP: TLS
T.30 (PSTN) Fax to T.38 (FoIP)
Exclusive V.34 Fax / FoIP speed
Exceeds Transcoding and Security Requirements
Ready for Lync Server 2010
RTP: G.711, G.729, sRTP w/ TLS
Robust Windows 2008 Server Platform
Dual Xeon® 3.0 Ghz processors offers more resource processing power for up to 120 UC sessions and more
Dual redundant hard disk drives with redundant array of independent disks (RAID)-1
Dual power supply option
Additional chassis slots for expanding TDM connectivity
Value Added Software Options
Centralized Management System
Includes ESTOS CallControlGateway (5 licenses)
Local Microsoft Shared Fax Server Included
Support for Value Added 3rd Party Applications
Slide Objective:
Notes: 38

39. NET Survivable Branch Appliance
SFP Optical & Copper Ethernet Ports
4 T1/E1 WAN Ports
COM Express Interface (SBA)
USB Ports
Mgmt Port
Indicator Lights
Gig-E LAN/WAN ports
Description
QTY
Channel DSP modules
1- 6
USB ports
2+2
Line Cards (rear) 2
Gig-E Ports
8+1 mgmt
AC power supplies
1 or 2
Fans
Slide Objective:
Notes:

40. Ferrari Survivable Branch Appliance
Unique hardware approach for Microsoft Lync Server 2010 SBA
HP Server Hardware Certified for Windows Server 2008 R2 High performance, high availability, Integrated Lights Out (ILO) remote management
Integrated Gateway Hardware: 4 analog ports, 4 digital interfaces: 4 BRI or 2 BRI/2 PRI, expandable PCIe Gateway card 100% self contained, using LAN-interface +
Slide Objective:
Notes:

41. HP Procurve Survivable Branch Appliance
HP ProCurve ONE Services zl Module:
Intel Core 2 Duo
250G HDD
2 x 10G Ethernet connections to network fabric
Supported in zl series chassis:
5400zl for edge and branch (4U/7U)
8200 with high availability for core and distribution (9U)
PSTN Gateway
Up to 8 T1/E1 ports
Up to 4 FXS or FXO ports
ProCurve Switch 8212zl
Slide Objective: Introduce HP Procurve
Notes:
Most important to communicate on this slide:
The ProCurve ONE Services zl Module is an Intel based compute platform with two 10G interfaces that connect directly into the backplane of the switch
The module is dedicated to applications, so there is no chance of causing degrading switch performance with an errant application
[Note to the speaker: competitive differentiation over Juniper’s open OS strategy]
At launch the module can support one application at a time, but we’re investigating virtualization... [Note to speaker: Not in committed roadmap yet]
Supported in the zl-series; which in turn supports both wired, and wireless deployments
The 5400 series – ideal for edge and branch – e.g. One chassis, with 2x Gig cards, WLAN controller, and services module forms a great branch solution
[Note to speaker: this is our answer to Cisco’s ISR with AXP program]
The 8212 switch – with high-availability, makes it ideal for core & distribution
Additional material (use ONLY when you MUST provide more detail):
Some applications can benefit from this close coupling with the network - through control of the forwarding plane, and influence over packet forwarding decisions
[Note to speaker : Not in committed roadmap yet]
We plan to provide access to allow applications to tap into the rich ProVision-ASIC-based network processors on every one of our ports to offload packet forwarding decisions from the application blade into the switch hardware; providing huge scalability advantages for an embedded application
[Note to speaker: Not in committed roadmap yet]

42. Uniform Functionality, Manageability and Protocol Support
Audiocodes Survivable Branch Appliance
Uniform Functionality, Manageability and Protocol Support
Entry level and Mid Range – Mediant 1000 SBA
Up to 4 E1/T1 + a mix of up to 20 BRI/FXS/FXO in 1U chassis
Up to 120 concurrent PSTN Calls, 1000 Users
Hardware and software scalability option
High End – Mediant 2000 SBA
Up to 16 E1/T1 in 1U chassis
Up to 480 concurrent PSTN Calls,,1000 Users
Software scalability option
Slide Objective:
Notes:

43. 4/20/2017 5:13 AM © 2011 Microsoft Corporation. All rights reserved.
Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation.  Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.  This document may contain information related to pre-release software, which may be substantially modified before its first commercial release. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED  OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Unless otherwise noted, the example companies, organizations, products, domain names, addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, address, logo, person, place or event is intended or should be inferred.
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
© 2011 Microsoft Corporation.  All rights reserved.
Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation.  Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.  This document may contain information related to pre-release software, which may be substantially modified before its first commercial release. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED  OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Unless otherwise noted, the example companies, organizations, products, domain names, addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, address, logo, person, place or event is intended or should be inferred.