Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Lync Mobility Deployment

Tom Arbuthnot                            Justin Morris
Consultant, Modality
Systems and Lync MVP...
Agenda
• Step by Step Deployment Guide
      – Prerequisites, DNS, Certificates
      – Reverse Proxy, Push Notifications
...
Mobility Service Deployment in 7 slides

•   Cumulative Update 4 on all Servers
•   Mobility DNS Requirements
•   New FE l...
Cumulative Update 4 First
• CU4 on all servers



• CU4 DB Update
• Install-CsDatabase -Update -
  ConfiguredDatabases -Sq...
DNS Requirements
• Lync Mobile uses two DNS records to discover the
  server to register to, lyncdiscover and
  lyncdiscov...
New FE Listening Ports and IIS changes

• Set-CsWebServer -Identity lync.domain.com -
  McxSipPrimaryListeningPort 5086
• ...
Install the MCX Service
• Download the McxStandalone.msi installation package and
  save it into the following existing di...
Certificate Updates – Internal and External

• Internal FE certs
      – Set-CsCertificate –Type
        Default,WebServic...
New Reverse Proxy Rule
• To allow access from the outside for the mobile clients
• It can be added to your
       existing...
Federation to Lync Online for Push

• New-CsHostingProvider –Identity "LyncOnline" –Enabled $true –
  ProxyFqdn "sipfed.on...
Summary: Mobility Service Deployment

•   Cumulative Update 4 on all Servers
•   Mobility DNS Requirements
•   New FE list...
Handover to Justin




20/01/2012   Microsoft Unified Communications User Group London (MUCUGL)   12
Lync Mobile Sign-In Process
Internal

1. Mobile device locates
lyncdiscoverinternal.<SIP
FQDN> record via
internal DNS

2....
Lync Mobile Sign-In Process
External

1. Mobile device locates
lyncdiscover.<SIPFQDN>
record via external DNS

2. External...
Lync Mobile Sign-In Process
Authentication and In-Band Provisioning


1. Web ticket request is made for a client
   certif...
Top Mobile Client Issues
• Account details (domainusername) required
  if UPN is different to SIP URI e.g.
  UPN - justin....
Do I need lyncdiscoverinternal?

 • Mobile clients won’t trust your internal CA, who has a public certificate on their FEs...
Monitoring Performance of Mobility

• Why do we do this?
      – Ensuring we have the
        capacity to support users.
 ...
Questions?




Sources: Brendan Carius - http://blog.kloud.com.au/2011/12/12/lync-2010-mobility-do-i-need-lyncdiscoverinte...
Upcoming SlideShare
Loading in …5
×

of

Lync Mobility Deployment Slide 1 Lync Mobility Deployment Slide 2 Lync Mobility Deployment Slide 3 Lync Mobility Deployment Slide 4 Lync Mobility Deployment Slide 5 Lync Mobility Deployment Slide 6 Lync Mobility Deployment Slide 7 Lync Mobility Deployment Slide 8 Lync Mobility Deployment Slide 9 Lync Mobility Deployment Slide 10 Lync Mobility Deployment Slide 11 Lync Mobility Deployment Slide 12 Lync Mobility Deployment Slide 13 Lync Mobility Deployment Slide 14 Lync Mobility Deployment Slide 15 Lync Mobility Deployment Slide 16 Lync Mobility Deployment Slide 17 Lync Mobility Deployment Slide 18 Lync Mobility Deployment Slide 19
Upcoming SlideShare
20120726 ta-mucugl-lync-2013-top-10-features
Next
Download to read offline and view in fullscreen.

2 Likes

Share

Download to read offline

Lync Mobility Deployment

Download to read offline

Presented by Justin Morris and Tom Arbuthnot at MUCUGL January 2012

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Lync Mobility Deployment

  1. 1. Lync Mobility Deployment Tom Arbuthnot Justin Morris Consultant, Modality Systems and Lync MVP Consultant, Modality Systems @tomarbuthnot @jm_deluxe http://www.lyncdup.com http://www.justin-morris.net tom.arbuthnot@modalitysystems.com justin.morris@modalitysystems.com
  2. 2. Agenda • Step by Step Deployment Guide – Prerequisites, DNS, Certificates – Reverse Proxy, Push Notifications • The Lync Mobile Sign-In Process • Top 5 Issues • Do I need lyncdiscoverinternal? • Monitoring Performance of Mobility • Questions 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 2
  3. 3. Mobility Service Deployment in 7 slides • Cumulative Update 4 on all Servers • Mobility DNS Requirements • New FE listening ports and IIS changes • Install the MCX Service • Certificate Updates • Reverse Proxy Rule Update • Add Lync Online Federation for Push Notifications 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 3
  4. 4. Cumulative Update 4 First • CU4 on all servers • CU4 DB Update • Install-CsDatabase -Update - ConfiguredDatabases -SqlServerFqdn <EEBE.Fqdn> -UseDefaultSqlPaths 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 4
  5. 5. DNS Requirements • Lync Mobile uses two DNS records to discover the server to register to, lyncdiscover and lyncdiscoverinternal • CNAME and Host (A) records are supported • Internal DNS: Lyncdiscoverinteral.domain.com points to Lync pool/Director DNS record • External DNS: Lyncdisover.domain.com, external (and reachable internal), points to External Reverse Proxy • Lync discover returns proxy FQDN. This needs to be resolvable internally 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 5
  6. 6. New FE Listening Ports and IIS changes • Set-CsWebServer -Identity lync.domain.com - McxSipPrimaryListeningPort 5086 • Set-CsWebServer -Identity lync.domain.com - McxSipExternalListeningPort 5087 • Re enable the topology to enact these IIS changes – Enable-CsTopology • There is also an additional IIS feature Requirement – Import-Module ServerManager Add-WindowsFeature Web-Server, Web-Dyn- Compression 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 6
  7. 7. Install the MCX Service • Download the McxStandalone.msi installation package and save it into the following existing directory on each Lync server where it will be installed. • C:ProgramDataMicrosoftLync ServerDeploymentcache4.0.7577.0setup • C:Program FilesMicrosoft Lync Server 2010DeploymentBootstrapper.exe 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 7
  8. 8. Certificate Updates – Internal and External • Internal FE certs – Set-CsCertificate –Type Default,WebServicesInternal,WebServicesExternal – Thumbprint <Certificate Thumbprint> – This will add the lyncdiscover and lyncdiscoverinternal names to the FE cert • Externally, discovery can be done http(80) or https(443), if using https the external cert requires lyncdiscover.domain.com SAN name • Both required for each supported SIP domain on the system 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 8
  9. 9. New Reverse Proxy Rule • To allow access from the outside for the mobile clients • It can be added to your existing reverse proxy rule set for Lync • Full Reverse Proxy setup steps on Adam’s imaucblog.com • Port 80 required for http discovery 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 9
  10. 10. Federation to Lync Online for Push • New-CsHostingProvider –Identity "LyncOnline" –Enabled $true – ProxyFqdn "sipfed.online.lync.com" –VerificationLevel UseSourceVerification • New-CsAllowedDomain –Identity push.lync.com –Comment “Mobile Push Notifications” • Set-CsPushNotificationConfiguration –EnableApplePushNotificationService $true –EnableMicrosoftPushNotificationService $true 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 10
  11. 11. Summary: Mobility Service Deployment • Cumulative Update 4 on all Servers • Mobility DNS Requirements • New FE listening ports and IIS changes • Install the MCX Service • Certificate Updates • Reverse Proxy Rule Update • Add Lync Online Federation for Push Notifications 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 11
  12. 12. Handover to Justin 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 12
  13. 13. Lync Mobile Sign-In Process Internal 1. Mobile device locates lyncdiscoverinternal.<SIP FQDN> record via internal DNS 2. External MCX URL is returned 3. Lync Mobile client communicates with external web service (4443 MCX virtual directory) by hair- pinning the reverse proxy 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 13
  14. 14. Lync Mobile Sign-In Process External 1. Mobile device locates lyncdiscover.<SIPFQDN> record via external DNS 2. External MCX URL is returned 3. Lync Mobile client communicates with external web service (4443 MCX virtual directory) via the reverse proxy 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 14
  15. 15. Lync Mobile Sign-In Process Authentication and In-Band Provisioning 1. Web ticket request is made for a client certificate for authentication. 2. SIP REGISTER packet comes from the Lync Front End on the listening port e.g. 5087. 3. Do I have a mobility policy granted to me? 4. In-band provisioning occurs: – Voicemail URI, ABS URL, dial plan, voice policy. 5. Contact list and contact cards are retrieved. 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 15
  16. 16. Top Mobile Client Issues • Account details (domainusername) required if UPN is different to SIP URI e.g. UPN - justin.morris@contoso.int SIP URI – justin.morris@contoso.com • Check EWS connectivity – requires same as desktop client. • URL filtering in IM breaks push notifications. • McxStandalone.msi must be run using Bootstrapper. 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 16
  17. 17. Do I need lyncdiscoverinternal? • Mobile clients won’t trust your internal CA, who has a public certificate on their FEs? • Deploying root CA certificate to all mobile devices is unlikely to happen. • Solution: route all internal lyncdiscover.sipdomain traffic to the external interface of the Reverse Proxy. 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 17
  18. 18. Monitoring Performance of Mobility • Why do we do this? – Ensuring we have the capacity to support users. – Predicting when extra capacity is required. • How do we do this? – Can be monitored from within IIS -> Worker Processes. – CsIntMcxAppPool and CxExtMcxAppPool CPU% should be under 15% 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 18
  19. 19. Questions? Sources: Brendan Carius - http://blog.kloud.com.au/2011/12/12/lync-2010-mobility-do-i-need-lyncdiscoverinternal/ http://blog.kloud.com.au/2011/12/12/lync-2010-mobility-sign-in-internals/ 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 19
  • EdwardAnderson2

    Oct. 22, 2013
  • BruceKnox

    Aug. 21, 2013

Presented by Justin Morris and Tom Arbuthnot at MUCUGL January 2012

Views

Total views

10,865

On Slideshare

0

From embeds

0

Number of embeds

3,548

Actions

Downloads

178

Shares

0

Comments

0

Likes

2

×