Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft ® Lync™ Server 2010 Edge Server/Remote Access Module 16 Microsoft Corporation.

Published byAngelina Gardner Modified over 9 years ago

Similar presentations

Presentation on theme: "Microsoft ® Lync™ Server 2010 Edge Server/Remote Access Module 16 Microsoft Corporation."— Presentation transcript:

1 Microsoft ® Lync™ Server 2010 Edge Server/Remote Access Module 16 Microsoft Corporation

2 Session Objectives At the end of this session, you will be able to: 2 Describe Edge Server scenarios Plan for Edge installation Verify Edge installations Manage Edge Server

3 Agenda Edge Scenarios Interoperability Federation Plan for Edge Manage Edge Architecture 3

4 Architecture Overview 4

5 Edge Scenarios 5 ScenarioRemote userFederatedAnonymousPIC/Interop Presence IM 1:1 IM conferencing Collaboration A/V 1:1 (MSN) A/V conferencing File transfer

6 Lync Attendee Attendees without Lync Server 2010 With legacy clients Without a Lync Server 2010 client Enables full meeting experience IM Audio/Video Collaboration Whiteboard Desktop Sharing 6

7 Interoperability Federation Partners Public IM Connectivity (PIC) MSN AOL Yahoo! IBM Lotus Sametime Cisco Presence Extensible Messaging and Presence Protocol (XMPP) Jabber Google Talk 7

8 Interoperability Features Basic Presence 1:1 IM AV with MSN 8

9 Interoperability: How to All scenarios require Edge Server PIC Licenses AOL certificate XMPP XMPP Gateway Cisco Unified Presence Unified Presence Server 8.5 and above and Adaptive Security Appliance 8.3.X or above IBM Lotus Sametime Sametime Gateway 8.0.2 with Hot-Fix Nine (HF9) or above 9

10 Simple Uniform Resource Locators One “meet” simple URL per domain Single “dialin” simple URL per deployment “Admin” not used externally Published by Reverse Proxy 10 Simple URLOption 1Option 2 Meethttps://meet.contoso.comhttps://cs.contoso.com/meet Dial-inhttps://dialin.contoso.comhttps://cs.contoso.com/dialin

11 Simple Uniform Resource Locators Impacts Option 1 Requires additional SANs Meet. Dialin. Per additional SIP domain Meet. Option 2 Longer Simple URLs No additional SANs required 11

12 Simple URL: Split Brain DNS Split brain DNS Single FQDN Internally resolved differently than externally Required for Simple URLs Internally points to Pool Externally points to Reverse Proxy 12

13 Certificates Simplified Single public certificate Access Edge Server Web Conferencing Edge Server A/V Edge Server Private certificates Internal Edge Interface 13

14 14

15 15

16 Ports 50,000-59,999 Required for federated media traffic Federation with OCS 2007 Open UDP and TCP in- and out-bound Federation with OCS 2007 R2/Lync Server 2010 Open TCP outbound 16

17 Edge Server and NAT Internal Edge Interface No NAT supported External Interface Single Edge Server Routable IPs or 1:1 NAT Hardware Load Balanced Routable IPs DNS Load Balanced Routable IPs or 1:1 NAT 17

18 Load Balancing External Servers Edge Server Roles Hardware Load Balancing (HLB) Domain Name Service Load Balancing (DNS LB) Reverse Proxy HLB 18

19 Hardware Load Balancer All IPs must be public routable Three IPs per server Three virtual IPs required HLB must be configured for Destination network address translation (DNAT): traffic from internet to server Source network address translation (SNAT): traffic from server to internet 19

20 Domain Name Service Load Balancer IP addresses can be 1:1 NATed Three IP addresses per server No virtual IPs required NAT must be configured for DNAT: traffic from internet to server SNAT: traffic from server to internet Does not work with legacy endpoints PIC, XMPP gateway, legacy clients, down level Federation, Exchange UM 2007/2010 SP0 Exchange UM 2010 SP1 does not support DNS LB for Media over Edge 20

21 Domain Name Service Load Balancer + Host File A host file is often used for resolving internal server names (next hop) on the Edge Server Host file can include multiple IP addresses for one FQDN 21

22 DNS LB vs. HLB 22 DNS LBHLB IP addresses requiredServer x 3(Server+1) x 3 CompatibilityNot compatible with Exchange UM PIC XMPP gateway Down level Federation Compatible with all components/scenarios NATing of IP addresses RecommendedNot supported Server drainingPossibleNot possible Reverse ProxyNot supportedWith or without NAT

23 Install Edge Topology builder Export topology file: PowerShell Server prerequisites Add DNS suffix: Computer name must match FQDN in topology builder Static routes Start installation Certificates 23

24 Managing Edge SQL Express on Edge Advantages: Central management with Lync Server Control Panel or Windows PowerShell™ No need to add internal SIP domains Trusted server list Same configuration on all Edge servers No local configuration on Edge 24

25 What to Manage All management done internally via Lync Server Control Panel User policies Remote Access Federation communication PIC communication Federation 25

26 Recap: Federation Types Direct Federation Configure trusted SIP domain and Access Edge Server Enhanced Federation Configure trusted SIP domain Open Federation Discover Federation partners automatically In combination with block list 26

27 Open Federation Security Limits Request only 1,000 SIP URIs 20 messages per second Event viewer on Edge Server Too many SIP URIs Block requests for additional SIP URI request Bad ratio valid/invalid SIP messages Limited to 1 message per second Too many messages Warning only, recommendation to add to allow list Open Federation partners 27

28 Architecture Considerations (Scaled) consolidated Edge only Multiple Access Edge (pools) for remote users SRV record points to only one Edge Server (pool) Single Access Edge Server (pool) for Federation Used Edge Server SIP traffic Federation traffic: Federation Route Remote users: Edge server used for sign in A/V traffic AV Edge assigned to pool Use localized Edge Servers to optimize media path 28

29 Verify Edge Deployment Get-CsManagementStoreReplicationStatus https://www.testocsconnectivity.com Test with external and federated users 29

30 Photos and Federation Photos will only be shown to Federated users, if uploaded to the web 30

31 31 Q&A

32 Resources 32 XMPP Gateway http://www.microsoft.com/downloads/details.aspx?FamilyID=aa560bfe-9960-473a-bfb8- 53bff678cec4&displaylang=en http://www.microsoft.com/downloads/details.aspx?FamilyID=aa560bfe-9960-473a-bfb8- 53bff678cec4&displaylang=en Lotus Notes Sametime http://www- 10.lotus.com/ldd/stwiki.nsf/dx/Connecting_to_a_Microsoft_Office_Communications_Server_community_st852i fr1 Cisco Unified Presence http://www.cisco.com/en/US/docs/voice_ip_comm/cups/8_0/english/integration_notes/Federation/Federation_ Nov17.pdf PIC Guide http://www.microsoft.com/downloads/details.aspx?FamilyID=9ccaac38-2da8-4a76-8193- 96f4bbf04678&displaylang=en http://www.microsoft.com/downloads/details.aspx?FamilyID=9ccaac38-2da8-4a76-8193- 96f4bbf04678&displaylang=en Tested Load Balancers http://technet.microsoft.com/en-us/office/ocs/cc843611.aspx http://technet.microsoft.com/en-us/office/ocs/cc843611.aspx

33 Appendix 33

34 Terms and Acronyms CMS: Central Management Store SN: Subject Name of a certificate SAN: Subject Alternate Name of a certificate NAT: Network Address Translation DNAT: Destination NAT, also called half NAT SNAT: Source NAT, also called full NAT HLB: Hardware Load Balancing DNS LB: Domain Name Service Load Balancing 34

35 Examples Situation Two SIP domains Contoso.com Litwareinc.com Simple URLs Option 1 Automatic configuration: yes Discoverable for Federation: yes 35

36 DNS SRV Records 36 DNS recordTargetPurpose SRV: _sip._tls.contoso.comAccess Edge Server: sip.contoso.com port:443 Automatic configuration for contoso.com users SRV: _sip._tls.litwareinc.comAccess Edge Server: sip.litwareinc.com port:443 Automatic configuration for litwareinc.com users SRV: _sipfederationtls._tcp.contoso.com Access Edge Server: sip.contoso.com port:5061 Discoverable for Federation for contoso.com domain SRV: _sipfederationtls._tcp.litwareinc.com Access Edge Server: sip.litwareinc.com port:5061 Discoverable for Federation for litwareinc.com domain

37 DNS A Records 37 DNS recordTargetPurpose A: sip.contoso.comIP of Access Edge ServerAccess Edge Server IP A: sip.litwareinc.comIP of Access Edge ServerAccess Edge Server IP A: webconf.contoso.comIP of Web Conferencing EdgeWeb Conferencing Edge, does not have to match the domain A: av.contoso.comIP of AV EdgeAV Edge, does not have to match the domain A: rp.contoso.comIP of Reverse ProxyABS, Meeting content, Distribution group expansion A: dialin.contoso.comIP of Reverse ProxySimple URL for Dialin A: meet.contoso.comIP of Reverse ProxySimple URL for meetings for contoso.com hosted meetings A: meet.litwareinc.comIP of Reverse ProxySimple URL for meetings for litwareinc.com hosted meetings

38 Certificates 38 PurposePublic/private certificateSN/SAN External Edge Certificate/ReversePublicSN: sip.contoso.com SAN: sip.contoso.com SAN: sip.litwareinc.com SAN: webcof.contoso.com SAN: rp.contoso.com SAN: dialin.contoso.com SAN: meet.contoso.com SAN: meet.litwareinc.com Internal Edge CertificatePrivateSN: internal Edge interface FQDN

39 39 © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. This document may contain information related to pre-release software, which may be substantially modified before its first commercial release. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email address, logo, person, place or event is intended or should be inferred.

Download ppt "Microsoft ® Lync™ Server 2010 Edge Server/Remote Access Module 16 Microsoft Corporation."

Similar presentations

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager 2007. Configuration Manager 2007 Internet-Based.

The following 10 questions test your knowledge of Internet-based client management in Configuration Manager Configuration Manager 2007 Internet-Based.
Microsoft ® Lync™ Server 2010 Make It Real Scenario Microsoft Corporation 1.

Microsoft ® Lync™ Server 2010 Make It Real Scenario Microsoft Corporation 1.
Name | Title | Microsoft Corporation

Name | Title | Microsoft Corporation
Microsoft ® Lync Ignite Microsoft Lync 2013.

Microsoft ® Lync Ignite Microsoft Lync 2013.
1. 2 Branch Office Network Performance Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache.

1. 2 Branch Office Network Performance Caches content downloaded from file and Web servers Users in the branch can quickly open files stored in the cache.
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
Feature: Purchase Requisitions - Requester © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.

Feature: Purchase Requisitions - Requester © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names.
High Availability and Web Publishing for UC Deployments Load Balancing & Reverse Proxy October 24, 2013 Bhargav Shukla Director – Product Research and.

High Availability and Web Publishing for UC Deployments Load Balancing & Reverse Proxy October 24, 2013 Bhargav Shukla Director – Product Research and.
MIX 09 4/15/2017 11:14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.

MIX 09 4/15/ :14 PM © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered.
Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.

Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.
TS Licensing RDP Terminal Server TSV Session BrokerTS Gateway Client TS Web Access The terminal server runs applications locally and displays them.

TS Licensing RDP Terminal Server TSV Session BrokerTS Gateway Client TS Web Access The terminal server runs applications locally and displays them.
Unified. Simplified. Unified Communications Launch 2007.

Unified. Simplified. Unified Communications Launch 2007.
Rob Williams Program Manager Microsoft Corporation.

Rob Williams Program Manager Microsoft Corporation.
Secure Remote Access & Lync Ilse Van Criekinge

Secure Remote Access & Lync Ilse Van Criekinge
Understanding Active Directory

Understanding Active Directory
1 Migrating From LCS 2005 To OCS 2007 Tom Laciano Sr. Program Manager Microsoft UNC352.

1 Migrating From LCS 2005 To OCS 2007 Tom Laciano Sr. Program Manager Microsoft UNC352.
Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.

Feature: Web Client Keyboard Shortcuts © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Similar presentations

Ads by Google