Microsoft Lync Server 2010 design. Help a lot on troubleshooting on unifi communication.

1. IM and Presence Workload Internal user sign-in process:
1. Client resolves DNS SRV record _sipinternaltls._tcp.<sip-domain> to Director.
2. Client connects to Director.
A/V and Web Conferencing Workload
3. Director redirects client to user’s home pool. Peer-to-peer
ICE: STUN/TCP:443, UDP:3478 A/V session.
SIP traffic: signaling and IM SIP traffic: signaling
SRTP/UDP:49152-65535
XMPP traffic HTTPS:443 HTTPS traffic
HTTPS traffic RTP/SRTP traffic: A/V Conferencing
SRV query
MSMQ traffic This port is used to: PSOM traffic: Web Conferencing
- download the Address Book
- connect to the Mobility Service ICE traffic
- connect to the AutoDiscovery Service Codec varies per workload:
- G.722 or Siren for audio
- RTVideo for video
SRTP/UDP:49152-65535
Protocol Workloads
HLB: Active Directory Traffic goes directly to Audio/
Web
This port is used to: Domain Services Video Conferencing Service
HTTPS:443
Publish rule for port 4443 to Conferencing Service
External user sign-in process: - download the Address Book WITHOUT going through the
set “forward host header” to
PSOM/TLS:8057
If client connects on port 80,
SIP/TLS:5061
SIP/TLS:5061
1. Client resolves DNS SRV record _sip._tls.<sip-domain> to Edge Server. ICE: STUN/TCP:443, UDP:3478 pool’s hardware load balancer.
true. This ensures the - connect to the Mobility Service balancer
SIP/TLS:5061
2. Client connects to Edge Server. it gets redirected to port 443
original URL is forwarded. - connect to the AutoDiscovery Service
HTTPS:443
3. Edge Server proxies connection to Director. Ports to load balanced by HLB: HTTPS:443 is
4. Director authenticates user and proxies connection to user’s home pool. - 443 used to
LEARN MORE - 4443
- 5061 Directors
download
conferencing
HTTPS:443 HTTPS:4443 - 135 – only if SIP traffic is load balanced by HLB content.
http://technet.microsoft.com/lync Meeting content
Enterprise + metadata +
Reverse proxy Directors compliance file
pool
share.
HTTPS:4443 Address book Enterprise
http://twitter.com/DrRez & Group Chat Access Edge - SIP/TLS:443 SIP/MTLS:5061 SIP/MTLS:5061 pool
file share.
Web Conf Edge - PSOM/TLS:443 PSOM/MTLS:8057
http://go.microsoft.com/fwlink/?LinkId=204593 http://nexthop.info Yahoo! Access Edge - SIP/TLS:443
SIP/MTLS:5061 SIP/MTLS:5061 SRTP/UDP:57501-65335
AOL A/V Edge - STUN/TCP:443, UDP:3478 ICE: STUN/TCP:443, UDP:3478
Diagram v5.10 Author: Rui Maximo — Editor: Kelly Fuller Blue — Designer: Ken Circeo SIP/MTLS:5063
MSN Access Edge - SIP/MTLS:5061
Reviewers: Jens Trier Rasmussen, Paul Brombley, Doug Lawty, Stefan Plizga, Jeff Colvin, Kaushal Mehta, SIP/MTLS A/V Edge – SRTP:443,3478,[50,000-59,999] Edge Servers SIP/MTLS:5062
C3P/HTTPS:444
Richard Pasztor, Thomas Binder, Subbu Chandrasekaran, Randy Wintle, Rob L. Edge Servers
Federated Port range, 50,000-59,999, only needs to be
SIP/MTLS:5061
Company open outbound to the Internet. MRAS
Active Directory Domain Services (AD DS) Monitoring Two inbound and two Inbound traffic from the Internet only needs to traffic.
AD DS Sync LDAP traffic
Group Chat
SIP/MTLS:5061
Server outbound unidirectional
streams.
be open for federation with partners still
running Office Communications Server 2007.
MSMQ
Gmail Server
AD DS HTTPS:4443
LDAP/TCP:3268 HTTPS:443 A/V Conferencing
MSMQ
Domain Controller Jabber XMPP/TCP:5269 Archiving
(DC) AD DS Server
Server
Global Catalog
A.contoso.com (GC) XMPP Gateway Port number to service traffic Reverse proxy
MSMQ
assignment:
5062 – IM Conferencing Service
LDAP/TCP:3268 LDAP/TCP:389 5086 – Internal Mobility Service
Group Chat 5087 – External Mobility Service
LDAP/TCP:3268 Monitoring
Compliance
Enterprise pool External Internal Server Server
B.contoso.com Firewall External Internal
C.contoso.com Firewall firewall firewall
Central Management Service
Central Management Service Application Sharing Workload RDP/SRTP/TCP:1024-65535
Peer-to-peer
application Enterprise Voice Workload If no Edge Server is defined in
the topology, callee checks
If no Edge Server is defined in
the topology, callee checks
sharing session. the Front End Server’s the Front End Server’s
Bandwidth Policy Service. Bandwidth Policy Service.
SMB traffic HTTPS traffic Direction of arrow indicates which
SIP traffic
server initiates the connection. SIP traffic Direction of arrow indicates which Media bypass: audio routed
Subsequent traffic is bi-directional. server initiates the connection. directly to gateway TURN/TCP:443, UDP:3478
RTP/SRTP traffic
RDP/SRTP traffic Subsequent traffic is bi-directional. bypassing Mediation
Server.
Call Admission Control (CAC) traffic
RDP/SRTP/TCP:49152-65535
Install on Enterprise Edition HTTPS traffic
SRTP/RTCP:30,000-39,999
to provide high availability.
HTTPS:443 ICE traffic
STUN/TCP:443, STUN/UDP:3478
ICE traffic Media codec varies
SRTP/RTCP:30,000-39,999
SIP/TLS:5061
Central Management Store per workload: For federation, SBA WAN
SRTP/RTCP:60,000-64,000
(CMS master) - RTAudio connects directly with
TURN/TCP:448
SRTP,ICE: STUN/TCP:443, UDP:3478 Connection
SIP/TLS:5061
- G.711 Director. If no Director
is available, federation
SIP/TLS:5061
Directors Directors traffic goes directly to
HTTPS:4443 Edge Server
TURN/TCP:448
Edge Servers MRAS MRAS SIP/TLS:5061
(CMS replica) traffic. traffic.
Enterprise
Enterprise pool
pool
SIP/MTLS:5061
SIP/MTLS:5061 SIP/MTLS:5061 SIP/MTLS:5061
Access Edge - SIP/TLS:443 Access Edge - SIP/TLS:443 HTTPS:444
SIP/MTLS:5062 SIP/MTLS:5062
A/V Edge – ICE: STUN/TCP:443, STUN/UDP:3478 SIP/MTLS:5062
A/V Edge – SRTP:443,3478,50,000-59,999
SMB:445
SRTP,ICE: STUN/TCP:443, UDP:3478 SIP/MTLS SRTP,ICE: STUN/TCP:443, UDP:3478 Branch
A/V Edge – SRTP:443,3478,[UDP|TCP:50,000-59,999] Appliance
Enterprise pool Edge Servers
(CMS replica) SIP/MTLS:5062 (optional)
Edge Servers
Two inbound and Range of ports SIP/MTLS MRAS
SRTP/RTCP:49,152-57,500
two outbound is configurable. Port range, 50,000-59,999, only needs to be traffic.
unidirectional SRTP consists of two open outbound to the Internet.
streams. unidirectional streams. RTCP Inbound traffic from the Internet only needs to SIP/TLS:5061
traffic piggy backs on the SRTP Lync client automatically
be open for federation with partners still
Mediation stream. running Office Communications Server 2007. registers with the pool if
HTTPS:443 HTTPS:4443
HTTPS:443 Exchange
Server Media codec varies per workload: the Branch Appliance
(CMS replica) - RTAudio UM Server MSMQ
MSMQ Enterprise Voice becomes unavailable
- G.711
Standard Edition Reverse proxy Monitoring applications
If client connects on port 80, - Siren
Server Server - G.722 Monitoring Server
it gets redirected to port 443 Connectivity to: