Lync Mobility Deployment

Lync Mobility DeploymentTom Arbuthnot Justin MorrisConsultant, ModalitySystems and Lync MVP Consultant, Modality Systems @tomarbuthnot @jm_deluxe http://www.lyncdup.com http://www.justin-morris.net tom.arbuthnot@modalitysystems.com justin.morris@modalitysystems.com

Agenda• Step by Step Deployment Guide – Prerequisites, DNS, Certificates – Reverse Proxy, Push Notifications• The Lync Mobile Sign-In Process• Top 5 Issues• Do I need lyncdiscoverinternal?• Monitoring Performance of Mobility• Questions19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 2

Mobility Service Deployment in 7 slides• Cumulative Update 4 on all Servers• Mobility DNS Requirements• New FE listening ports and IIS changes• Install the MCX Service• Certificate Updates• Reverse Proxy Rule Update• Add Lync Online Federation for Push Notifications20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 3

Cumulative Update 4 First• CU4 on all servers• CU4 DB Update• Install-CsDatabase -Update - ConfiguredDatabases -SqlServerFqdn <EEBE.Fqdn> -UseDefaultSqlPaths20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 4

DNS Requirements• Lync Mobile uses two DNS records to discover the server to register to, lyncdiscover and lyncdiscoverinternal• CNAME and Host (A) records are supported• Internal DNS: Lyncdiscoverinteral.domain.com points to Lync pool/Director DNS record• External DNS: Lyncdisover.domain.com, external (and reachable internal), points to External Reverse Proxy• Lync discover returns proxy FQDN. This needs to be resolvable internally20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 5

New FE Listening Ports and IIS changes• Set-CsWebServer -Identity lync.domain.com - McxSipPrimaryListeningPort 5086• Set-CsWebServer -Identity lync.domain.com - McxSipExternalListeningPort 5087• Re enable the topology to enact these IIS changes – Enable-CsTopology• There is also an additional IIS feature Requirement – Import-Module ServerManager Add-WindowsFeature Web-Server, Web-Dyn- Compression20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 6

Install the MCX Service• Download the McxStandalone.msi installation package and save it into the following existing directory on each Lync server where it will be installed.• C:ProgramDataMicrosoftLync ServerDeploymentcache4.0.7577.0setup• C:Program FilesMicrosoft Lync Server 2010DeploymentBootstrapper.exe20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 7

Certificate Updates – Internal and External• Internal FE certs – Set-CsCertificate –Type Default,WebServicesInternal,WebServicesExternal – Thumbprint <Certificate Thumbprint> – This will add the lyncdiscover and lyncdiscoverinternal names to the FE cert• Externally, discovery can be done http(80) or https(443), if using https the external cert requires lyncdiscover.domain.com SAN name• Both required for each supported SIP domain on the system20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 8

New Reverse Proxy Rule• To allow access from the outside for the mobile clients• It can be added to your existing reverse proxy rule set for Lync• Full Reverse Proxy setup steps on Adam’s imaucblog.com• Port 80 required for http discovery20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 9

Federation to Lync Online for Push• New-CsHostingProvider –Identity "LyncOnline" –Enabled $true – ProxyFqdn "sipfed.online.lync.com" –VerificationLevel UseSourceVerification• New-CsAllowedDomain –Identity push.lync.com –Comment “Mobile Push Notifications”• Set-CsPushNotificationConfiguration –EnableApplePushNotificationService $true –EnableMicrosoftPushNotificationService $true20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 10

Summary: Mobility Service Deployment• Cumulative Update 4 on all Servers• Mobility DNS Requirements• New FE listening ports and IIS changes• Install the MCX Service• Certificate Updates• Reverse Proxy Rule Update• Add Lync Online Federation for Push Notifications20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 11

Handover to Justin20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 12

Lync Mobile Sign-In ProcessInternal1. Mobile device locateslyncdiscoverinternal.<SIPFQDN> record viainternal DNS2. External MCX URL isreturned3. Lync Mobile clientcommunicates withexternal web service(4443 MCX virtualdirectory) by hair-pinning the reverseproxy19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 13

Lync Mobile Sign-In ProcessExternal1. Mobile device locateslyncdiscover.<SIPFQDN>record via external DNS2. External MCX URL isreturned3. Lync Mobile clientcommunicates withexternal web service(4443 MCX virtualdirectory) via the reverseproxy19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 14

Lync Mobile Sign-In ProcessAuthentication and In-Band Provisioning1. Web ticket request is made for a client certificate for authentication.2. SIP REGISTER packet comes from the Lync Front End on the listening port e.g. 5087.3. Do I have a mobility policy granted to me?4. In-band provisioning occurs: – Voicemail URI, ABS URL, dial plan, voice policy.5. Contact list and contact cards are retrieved.19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 15

Top Mobile Client Issues• Account details (domainusername) required if UPN is different to SIP URI e.g. UPN - justin.morris@contoso.int SIP URI – justin.morris@contoso.com• Check EWS connectivity – requires same as desktop client.• URL filtering in IM breaks push notifications.• McxStandalone.msi must be run using Bootstrapper.19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 16

Do I need lyncdiscoverinternal? • Mobile clients won’t trust your internal CA, who has a public certificate on their FEs? • Deploying root CA certificate to all mobile devices is unlikely to happen. • Solution: route all internal lyncdiscover.sipdomain traffic to the external interface of the Reverse Proxy.19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 17

Monitoring Performance of Mobility• Why do we do this? – Ensuring we have the capacity to support users. – Predicting when extra capacity is required.• How do we do this? – Can be monitored from within IIS -> Worker Processes. – CsIntMcxAppPool and CxExtMcxAppPool CPU% should be under 15%19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 18

Questions?Sources: Brendan Carius - http://blog.kloud.com.au/2011/12/12/lync-2010-mobility-do-i-need-lyncdiscoverinternal/ http://blog.kloud.com.au/2011/12/12/lync-2010-mobility-sign-in-internals/ 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 19

http://www.justin-morris.net	1070
http://mucugl.co.uk	539
http://feeds.feedburner.com	48
http://webcache.googleusercontent.com	2
http://translate.googleusercontent.com	1
http://ranksit.com	1

Lync Mobility Deployment

by MUCUGL on Jan 20, 2012

Accessibility

Categories

Tags

Upload Details

Usage Rights

6 Embeds 1,661

Statistics

Lync Mobility Deployment — Presentation Transcript