Microsoft Inner Circle Lync2013


Published on

Lync 2013 Client/ Server new Features.
Server-to-Server Authentication Protocol (OAuth2) - hybrid, on-premise

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Microsoft Inner Circle Lync2013

  1. 1. Ihre IT ist unser Business 05. October 2012 ACP IT Solutions AG Oberbayern Thomas Pött Managing Consultant/ MVP Lync BLOG:© 2010 ACP Gruppe
  2. 2. Agenda  New Client Features  New Server Features  Other Server Features© ACP Gruppe 2011
  3. 3. Lync 2013 Client New Features Core experiences feel simple and familiar • Lync 2013 is easy to understand and use. Controls do not overwhelm the user. Video can be used confidently. Persistent chat is nicely integrated into applications. Handling multiple conversations is easy. People are a bigger part of the experience • Connections are deeper and more natural. People are represented in a higher quality. Conversations feel human. Consistent implementation • The basics are done right. Experiential completeness across platforms. Modern user experience (UX) • Lync 2013 is part of the Office/Metro family Live, dynamic experiences • Fluid, flexible conversation views and experiences. Performant, responsive motion all up.© ACP Gruppe 2011
  4. 4. Lync APP Store Client Best Practice: Install the desktop client via Office 2013 !! App Problems: - APP client is difficult to use without touch screen - Desktop sharing do not work - It shows phone number ins contact, even if you are not EV enabled - Sometimes IM do not appear© ACP Gruppe 2011
  5. 5. Lync 2013 Server New Features  New capabilities in core workloads • Instant messaging (IM) & Presence • Video • Collaboration • Business Voice  Internet Protocol version 6 (IPv6), virtual desktop infrastructure (VDI)  Manageability • Scale, • High availability (HA)/disaster recovery (DR)© ACP Gruppe 2011
  6. 6. Unified Contact StoreExchange 2013 Lync 2013 Pool and UCWA Unified Contact Store Migrate Buddy List Enables… Read Favorites and Buddy List Contacts ACLs Favorites Buddy List Updates (workgroup Buddy List federated) R/W Favorites and Buddy List Notifications Read Favorites and Buddy ListOutlook 2013, Lync 2013 Rich Lync Lync 2010 Client, OWA Mobile  Same People card across Lync and Office  Same favorites and buddy List across Lync, Outlook, OWA  De-duped and aggregated People search  High-resolution photos © ACP Gruppe 2011
  7. 7. Collaboration (Persistent Chat [group chat])• Persistent Chat Server is a first- class server role in Lync Server Mirrored topology SQL• Multiple Persistent Chat Server Registration & Active Directory Presence (SIP) pools to help comply with data Persistent Chat (XCCOS) privacy regulations Room Management (Web) Lync PC Pool 1• Disaster recovery improvements Registration, Presence (SIP) and stretched pools Persistent Chat (XCCOS) Persistent Chat (XCCOS)• Simplified administration model Lync IM & P Edge Topology Builder, Lync Server Lync FE Pool 1 Control Panel, Microsoft Windows PowerShell®, Health and Monitoring Reverse• Large rooms Proxy Up to 15K concurrent Lync admin Datacenter 1 endpoints/room• Server SDK for room management© ACP Gruppe 2011
  8. 8. XMPP and 3PPI US East Active Directory XMPP Federation Lync Pool 1(Runs Lync Edge XMPP GW) (Runs XMPP Proxy) Outbound & Inbound External XMPP XMPP Fed Route Federation Lync Pool 2(Runs Google XMPP GW) Talk US West Google Talk Lync Edge servers (Runs XMPP Lync Pool 3 (Runs Proxy) XMPP GW) External XMPP Fed Active Directory Contoso. (Direction shows TLS Connection establishment) com MSFT Terms: • XMPP extern • 3PPI intern© ACP Gruppe 2011
  9. 9. Video • Multi-view video for natural interactions • Standards-based codec – H.264 AVC/SVC • Desktop, mobile, and slate ready Optimized for mobile networks (3G, 4G and WiFi networks) Multiple client platforms (Microsoft Windows®, Windows Phone, MAC, iOS, Android) • High-definition video in meetings 720p for conferences; 1080p for Room Systems; HD in Panorama Video • Third-party telepresence systems inter-op through gateways© ACP Gruppe 2011
  10. 10. Video Part II • Multiple Incoming video streams – switched or pinned • Square video with Smart Cropping • Active Speaker indication in video • Multiple outgoing video streams and layers • Support for both H.264 and VC-1 • H.264 provides • Increased resiliency to packet loss (protects base layers better) • HW SoC (ARM) support (slates/mobile) • No more lowest common denominator • Third-party Room System interoperability© ACP Gruppe 2011
  11. 11. Collaboration and Meetings Microsoft Office PowerPoint® rendered with animations, transitions, video using Web Application Companion (WAC) Server Lync Web App with full meeting client capabilities built to web standards (HTML/JS) • Application sharing, audio/video through browser plug-in • Windows and Mac One-click Lync meeting scheduling from Exchange OWA Click-to-join Audio Conferencing with dial-out Join support for Lync Online and Hybrid deployments Large-scale meetings (up to 1K users) on dedicated pool Conference content archiving for whiteboard and polling Room Systems, stereo audio support Audio quality improvements for large meetings© ACP Gruppe 2011
  12. 12. Business Voice • Support for M:N – MS:GW • Improved Caller ID management Routing • Improved delegate routing Enhancements • Response Group Service (RGS) Manager • Inter-trunk routing (session management) • Lync-to-phone, IP phone devices in Office Hosted 365 Voice • Hybrid model – on-premise server appliance with user being homed in the cloud IPv6 • Support for IPv6 in all Lync components VDI • Support for VDI for audio and video© ACP Gruppe 2011
  13. 13. IPv6  IPv4 depletion has caused enterprises to start planning for transition to IPv6 seriously  Exponential growth of mobile devices has forced carriers to start issuing IPv6 addresses  Goals for this release : • Lync 2013 scenarios work well in a dual-stack IPv6/IPv4 environment • IPv6–capable: If IPv4 is disabled from the network, Lync should continue to work for all the basic functionalities  Recommend converting entire deployment to Lync 2013 before enabling IPv6, for simplifying interoperability© ACP Gruppe 2011
  14. 14. Scale and Resiliency  Lower-cost high availability  Identical clusters paired as active- active backup of one another  Real-time replication between paired pools of unified communications (UC) data  Faster disaster recovery  Each pool carries 50% of total load  Users re-routed when home Pool fails  Service resiliency Shared Servers Shared Servers  Works across pools or datacenters P1 P2 P3 P4 P5 P6 P7 P8 P9 P10  Outage leaves services unaffected  Workloads  100.000 user / pool active  1.000.000 user / pool identities (passive)© ACP Gruppe 2011
  15. 15. User Pool Pairing Pool 1 Pool 1 Users Users Pool 2 Pool 2 Users Users Backup Pool 1 Pool 1 User Data User Data Pool 2 Pool 2 User Data User Data Pool 1 Pool 2 Data Center 1 Data Center 2© ACP Gruppe 2011
  16. 16. Database Mirroring SQL Mirroring Major Steps: SQL Server Requirements: • The primary server’s version of • Use Topology Builder to configure Topology SQL Server must support SQL for Mirroring mirroring. (Mirroring Port 5022) • The primary, mirror, and the witness (if deployed) must have the same version of SQL Server. • User Management Shell to install Mirror Install-CsMirrorDatabase • The primary and the mirror must have the same edition of SQL Get-CsDatabaseMirrorState Server. The witness may have a different edition. • Configure SQL Witness CU 9 SQL Server 2008 -> © ACP Gruppe 2011
  17. 17. Other Server Improvements  Consolidated Archiving  Server to Server Authentication Protocol • OAuth cloud process • OAuth on-premise© ACP Gruppe 2011
  18. 18. Consolidated Archiving  One archive store • Lync content stored with mail in Exchange user mailboxes. • Everything textual: IMs, uploads, whiteboards, polls  One archive policy • Single management between Exchange email and Lync • Simple end-user access to archives through Microsoft Office Outlook®  One compliance experience© ACP Gruppe 2011
  19. 19. Server-to-Server Authentication Protocol (OAuth)  It allows users to access their private resources (e.g. Lync Contact List, IM Archiving) stored on Servers without having to hand out their credentials, typically supplying username and password tokens instead. Each token grants access to a specific service for specific resources and for a defined duration   © ACP Gruppe 2011
  20. 20. OAuth Part II – cloud scenario 1. Lync Server contacts the Authorization Server (Microsoft) and requests a token to use for communicating with e.g. 1 Authorization Server Exchange 2 2. Authorization Server sends Lync Server a security token Lync Server 3 3. Lync Server uses the acquired security token to contact Exchange Server© ACP Gruppe 2011
  21. 21. OAuth Part III – on-premise scenario • Assign a certificate to Lync Servers built-in token issuer. • Configure the server that Lync Server will communicate with to be a "partner application." 1 For example, if Lync Server needs to communicate with Microsoft Exchange then you Lync Server will need to configure Microsoft Exchange to be a partner application. 1. Lync Server uses its own Note: security token to directly A "partner application" is any application that Microsoft contact Exchange Server Lync Server can directly exchange security tokens with, without having to go through a third-party security token server.© ACP Gruppe 2011
  22. 22. Prerequisites and Configuration  only Microsoft Exchange 2013, SharePoint Server 2013, and Lync Server 2013currently support Oauth  Certificate: token issuer certificate (OAuthTokenIssuer) - must be request able on PKI - every Web Server Certificate that includes the name of the SIP Domain in the Subject Field can be used as OAuthTokenIssuer Certificate Get-CsCertificate -Type OAuthTokenIssuer Import-CsCertificate –Identity global –Type OAuthTokenIssuer –Path C:CertificatesServerToServerAuth.pfx –Password "P@ssw0rd“ If a Certificate exists for (e.g. the default certificate) it can be used: $x = (Get-CsCertificate -Type Default).Thumbprint Set-CsCertificate –Identity global -Type OAuthTokenIssuer -Thumbprint $x© ACP Gruppe 2011
  23. 23. Configuration (CsPartnerApplication) Set-CSPartnerApplication.ps1 if ((Get-CsPartnerApplication app -ErrorAction  $shp = Get-CsPartnerApplication microsoft.sharepoint - SilentlyContinue) -ne $Null) ErrorAction SilentlyContinue {  Remove-CsPartnerApplication app  if ($shp -eq $null) }  {  New-CsPartnerApplication -Identity $exch = Get-CsPartnerApplication - microsoft.sharepoint -MetadataUrl http://atl-sharepoint- ErrorAction SilentlyContinue - ApplicationTrustLevel Full if ($exch -eq $null)  } {  else New-CsPartnerApplication -Identity  { -MetadataUrl https://atl-exchange-  if ($shp.ApplicationIdentifier –ne “00000003- - 0000-0ff1-ce00-000000000000”) ApplicationTrustLevel Full  { }  Remove-CsPartnerApplication else microsoft.sharepoint {  if ($exch.ApplicationIdentifier –ne “00000002-0000-  New-CsPartnerApplication -Identity 0ff1-ce00-000000000000”) microsoft.sharepoint -MetadataUrl http://atl-sharepoint- { - Remove-CsPartnerApplication ApplicationTrustLevel Full New-CsPartnerApplication -Identity -  } MetadataUrl https://atl-exchange-  else -  { ApplicationTrustLevel Full  Set-CsPartnerApplication -Identity } microsoft.sharepoint -ApplicationTrustLevel Full else  } {  } Set-CsPartnerApplication -Identity  -ApplicationTrustLevel Full  Set-CsOAuthConfiguration -ServiceName 00000004-0000- } 0ff1-ce00-000000000000 }If your REALM should be different from the Organization Name (EXCHANGE) you need to specify incl. the REALM Parameter:Set-CsOAuthConfiguration -ServiceName 00000004-0000-0ff1-ce00-000000000000 –Realm "" © ACP Gruppe 2011
  24. 24. Configuration (Set Metadata URL + PartnerApp)MetadataURL:Lync 2013 Preview: 2013 RTM: you run this script you might receive an error message similar to the following: New-CsPartnerApplication : Cannot bind parameter MetadataUrl to the target. Exception setting "MetadataUrl": "The metadata document could not be downloaded from the URL in the MetadataUrl parameter or downloaded data is not a valid metadata document." This error message typically means one of two things: 1) that one of the URLs specified in the script is invalid (that is, one of your metadata URLs is not actually a metadata URL); or, 2) that of the metadata URLs could not be contacted. If this happens, verify that the URLs are correct and are accessible, and the re-run the script© ACP Gruppe 2011
  25. 25. OAuth and Partner App Verification Verification of configured PartnerApplication settings: Get-CsPartnerApplication Result:Identity : microsoft.exchangeAuthToken : Microsoft.Rtc.Management.WritableConfig. Settings.SSAuth.UseOAuthServerName : microsoft.exchangeRealm : contoso.comApplicationTrustLevel : FullEnabled : True© ACP Gruppe 2011
  26. 26. Thank you Wir sehen den Weg. Wir gehen den Weg. Gehen Sie mit uns!© ACP Gruppe 2011 26