Module 6. Designing and Deploying External Access. MVA Jump Start

Similar documents
Deployment Guide July-2014 rev. a. Deploying Array Networks APV Series Application Delivery Controllers for Microsoft Lync Server 2013

Module 4. Planning and Designing Load Balancing

Lync Certificate Planning and Assignments (Edge, Reverse Proxy, Director, Frontend, Mediation, WAC)

Deployment Guide. Microsoft Lync 2013 and Citrix NetScaler Deployment Guide. citrix.com

Application Note. Lync 2010 deployment guide. Document version: v1.2 Last update: 12th December 2013 Lync server: 2010 ALOHA version: 5.

Network Configuration/Bandwidth Planning Scope

Microsoft Exam-Osler

IM and Presence. Skype for Business 2015 users. Legend. Skype for Business 2015 users. Active Directory Domain Services.

EDGE SERVER. Predavatelj: Sašo Erdeljanov, MVP Exchange Podjetje: Sašo Erdeljanov s.p.

Microsoft Lync Server Overview

Load Balancing for Microsoft Office Communication Server 2007 Release 2

Integrating Avaya Aura Presence Services with Microsoft OCS

TESTING & INTEGRATION GROUP SOLUTION GUIDE

Cisco Collaboration with Microsoft Interoperability

Demystify HLB and DNS Load Balancing - Lync 2013 Topology with High Availability (POOLs, DNS LB vs HLB)

Core Solutions of Microsoft Lync Server 2013

Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2. Office Communications Server Overview.

10533A: Deploying, Configuring, and Administering Microsoft Lync Server 2010

50573: Premier Support for Lync Partners Tier 2. Sobre o curso. Microsoft - Servidores

Course Syllabus. About the course. Audience. At Course Completion. Microsoft Lync 2013 Depth Support Engineer. Certification Exams:

ACS Express for Office365

Core Solutions of Microsoft Lync Server 2013

Live Communications Server 2005 SP1 Office Communications Server Matt Newton Network Engineer MicroMenders, Inc

Deploying the BIG-IP System with Microsoft Lync Server 2010 and 2013 for Site Resiliency

Microsoft Lync Server 2010 LICENSING GUIDE

Microsoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE

Deploying the BIG-IP LTM with Microsoft Skype for Business

Course Outline. Course 20336B: Core Solutions of Microsoft Lync Server Duration: 5 Days

Course Outline. Core Solutions of Microsoft Lync Server 2013 Course 20336B: 5 days Instructor Led. About this Course.

Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones - Issue 1.1

Deploying the BIG-IP LTM v10 with Microsoft Lync Server 2010 and 2013

Microsoft Lync Ignite. Microsoft Lync 2013

Office Communications Server 2007 Videoconferencing Interoperability

Quick Setup Guide. Integration of Aastra MX-ONE / Aastra 700 and Microsoft Lync Server 2010

Microsoft Lync 2010 Deployment Guide

MS Skype for Business and Lync. Integration Guide

Radware s AppDirector. And. Microsoft Office Communications Server R2. Integration Guide

Core Solutions of Microsoft Lync Server 2013

Enabling Users for Lync services

LifeSize Transit Deployment Guide June 2011

Load Balancing Microsoft Lync 2010 Load Balancing Microsoft Lync Deployment Guide

Unified Communications in RealPresence Access Director System Environments

Microsoft.Braindumps v by.Toni.75q

PRODUCT VERSION: LYNC SERVER 2010, LYNC SERVER 2013, WINDOWS SERVER 2008

Implementing Live Meeting with Microsoft Office Communications Server 2007

A Business Case for Lync 2010 Unified Communications. Marcus Bluestein Chief Technology Officer Kraft & Kennedy

Core Solutions of Microsoft Lync Server 2013

Application Notes for Configuring Microsoft Office Communications Server 2007 R2 and Avaya IP Office PSTN Call Routing - Issue 1.0

Deploying BIG-IP LTM with Microsoft Lync Server 2010 and 2013


This presentation discusses the new support for the session initiation protocol in WebSphere Application Server V6.1.

Communicating in the Cloud with Lync Online

Overview of WebMux Load Balancer and Live Communications Server 2005

Microsoft Core Solutions of Microsoft Lync Server 2013

Load Balancing Microsoft Lync Deployment Guide

Thunder Series with Microsoft Lync Server 2013 for Reverse Proxy Deployments DEPLOYMENT GUIDE

Using LifeSize systems with Microsoft Office Communications Server Server Setup

Implementing Microsoft Office Communications Server 2007 With Coyote Point Systems Equalizer Load Balancing

StarLeaf Connectivity Services. Deployment Guide

Course 20336: Core Solutions of Microsoft Lync Server 2013

4xx High Definition IP Phones. Deployment Guide. AudioCodes 420HD Compatible IP Phone Tested and Qualified for Microsoft Lync. Document #: LTRT-21920

MS 20337A: Enterprise Voice and Online Services with Microsoft Lync 2013

Deployment Guide. AX Series for Microsoft Lync Server 2010

Deploying, Configuring, and Administering Microsoft Lync Server 2010

Application Note. Onsight Connect Network Requirements v6.3

Unified Communications Mobile and Remote Access via Cisco Expressway

Enterprise Voice and Online Services with Microsoft Lync Server 2013

Core Solutions of Microsoft Lync Server 2013

20336B: Core Solutions of Microsoft Lync Server 2013

SIP Trunking with Microsoft Office Communication Server 2007 R2

Cisco Expressway IP Port Usage for Firewall Traversal. Cisco Expressway X8.1 D December 2013

Acano solution. Third Party Call Control Guide. March E

SIP Trunking Configuration with

Cisco Expressway Series

Microsoft Lync Server 2010

Grandstream Networks, Inc. How to Integrate UCM6100 with Microsoft Lync Server

Microsoft. MCSE: Communication Certification Courseware. Version 2.1

Deploy Remote Desktop Gateway on the AWS Cloud

Lync Express The Evolution of UC Frederic Dickey Director of Professional Services July 9, 2013

Cisco TelePresence Video Communication Server (Cisco VCS) IP Port Usage for Firewall Traversal. Cisco VCS X8.5 December 2014

Introducing Cisco Voice and Unified Communications Administration Volume 1

Polycom Unified Communications in RealPresence Access Director System Environments

HOSTED LYNC EXPRESS. Administrator s Guide. This guide will help enable the customer to set up and maintain the HLE services for their organization.

Cisco TelePresence Video Communication Server Basic Configuration (Control with Expressway)

LoadMaster Deployment Guide

With a little bit of IPv6 magic: Windows 7 DirectAccess

Course 10533A: Deploying, Configuring, and Administering Microsoft Lync Server 2010

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Unified Communications Mobile and Remote Access via Cisco VCS

Transport server data paths

Polycom Unified Communications Deployment Guide for Microsoft Environments

Unified Communications Mobile and Remote Access via Cisco VCS

Ports Reference Guide for Cisco Virtualization Experience Media Engine for SUSE Linux Release 9.0

User's Guide: Beta 1 Draft

Fabrizio Volpe. MVP Directory Services MCITP Lync

Jeff Schertz MVP, MCITP, MCTS, MCP, MCSE

StarLeaf Network Guide

Dialogic 4000 Media Gateway Series as a Survivable Branch Appliance for Microsoft Lync Server 2010

Enterprise Voice and Online Services with Microsoft Lync Server 2013

Transcription:

Module 6 Designing and Deploying External Access MVA Jump Start

Module Overview Conferencing and External Capabilities of Lync Server 2013 Planning for IM and Presence Federation Designing Edge Services

Lesson 1: Conferencing and External Capabilities of Lync Server 2013 Conferencing Capabilities of Lync Server 2013 Overview of Public Instant Messaging Features of Extensible Messaging and Presence Protocol (XMPP) Gateway Lync Server 2013 XMPP Federation XMPP Federation - Architecture Usage Control through Policies Security in Conferencing and External Scenarios

Conferencing Capabilities of Lync Server 2013 Web Conferencing Instant Message Conferencing PSTN PSTN Conferencing Audio Conferencing ACP Integration (online only) Lync Server 2013 Video Conferencing Integration with third-party A/V SIP endpoints and MCUs

Overview of Public Instant Messaging Lync Server 2013 PIC Service Integration P2P Audio & Video PIC 1 PIC 2 Lync 2013 Clients Windows Live

Extensible Messaging and Presence Protocol (XMPP) Gateway Add and delete each other as contacts Publish presence and subscribe for each other presence Engage in one-to-one conversations

Lync Server 2013 XMPP Federation XMPP natively integrated into the Lync Front End Server and Edge Server o o Separate gateway not needed Integrated setup, management Scale-out, high availability consistent with rest of Lync Cisco/Jabber, Google Talk interoperability US East Lync Pool 1 (Runs XMPP GW) Lync Pool 2 (Runs XMPP GW) US West Lync Edge (Runs XMPP Proxy) Outbound & Inbound External XMPP Fed Route XMPP Federation Google Talk Fabrikam.com Lync Pool 3 (Runs XMPP GW) Lync Edge (Runs XMPP Proxy) Google Talk Servers adatum.com External XMPP Fed (Direction shows TLS Connection establishment)

XMPP Federation - Architecture On-Premises Deployment (Site 1) Lync Edge IM & P (SIP) Persistent Chat (XCCOS) Address Book, DLX, Photos (Web) IM & P (SIP) Lync FE Pool Persistent Chat (XCCOS) Lync Persistent Chat Pool Contacts Notifications IM Archiving (uses S2S authorization) OWA IM & P Lync Online- Office 365 Exchange 2013 OCS/ Lync Federated Address Book DLX, Photo (Web) Reverse proxy

Usage Control through Policies

Security in Conferencing and External Scenarios Plan for usage Directors Set conferencing policies to prevent unsupported usage scenarios Keep the default security settings requiring TLS or SSL in all signaling and media Evaluate the need for anti-malware solutions Avoid deployment of Edge Servers in an internal domain Deploy the Edge Server between an internal firewall and an external firewall Lock down Edge Servers for additional security Evaluate the need for anonymous or federated access

Lesson 2: Planning for IM and Presence Federation Designing Federation in Lync Server 2013 Designing Interoperability in Lync Server 2013 Implementing the Public Instant Messaging Provisioning Process Functionalities Supported by Lync Server 2013

Designing Federation in Lync Server 2013 Internet Perimeter Network Internal Network Reverse Proxy Front End Remote Clients Federated Clients Anonymous Clients Edge Server Director

Designing Interoperability in Lync Server 2013 Federation with PIC (MSN/Skype) Public IM Connectivity (PIC) provisioning process XMPP (Jabber/Google Talk) XMPP Proxy/Gateway Third Party Presence Engines Supports federation with Third Party Presence Engines

Implementing the Public Instant Messaging Provisioning Process 1. You provide the FQDN, SIP domains, and contact information to Microsoft 2. Microsoft tests the information, establishes credibility, and then provides access 3. You will be notified and then the provisioning process for each PIC domain will start

Functionalities Supported by Lync Server 2013 Communications capabilities by type of user: Scenario Remote User Federated User PIC/Inter op Anonymous User Presence + + + X + IM peer-to-peer + + + X + IM conferencing + + X X X Collaboration + + X + X A/V peer-to-peer + + +* X X A/V conferencing + + X + X File transfer + + X X X XMPP * For PIC A/V peer-to-peer support, you must use the new version of Windows Live Messenger.

Lesson 3: Designing Edge Services Firewall Requirements Design for External Scenarios Edge Network Requirements Defining Filters DNS Usage in Lync Server 2013 Identifying Required DNS Records PKI Certificate Usage in Lync Server 2013 Subject Names and Subject Alternate Names Planning for Types of Certificates and Providers Other Certificate Usage Scenarios

Firewall Requirements Design for External Scenarios TO PERIMETER External Firewall Enterprise Perimeter Network Internal Firewall TO CORP NET TO PERIMETER TO INTERNET Reverse Proxy External IP Reverse Proxy External IP HTTP/8080 HTTPS/443, HTTPS/443 80 (optional) HTTPS/4443 HTTPS/443 Reverse Proxy Server INTERNET XMPP/TCP/5269 CORP NET XMPP Proxy Service HTTP/80 XMPP/TCP/23456 DNS/53 SIP/TLS/443 Access Edge External IP SIP/MTLS/5061 SIP/MTLS/5061 PSOM/TLS/443 Edge Internal IP WebCon Edge External IP STUN/TCP/443 RTP/UDP/50,000-59,999 STUN/TCP/443 SIP/MTLS/5062 STUN/UDP/3478 RTP/TCP/50,000-59,999 STUN/UDP/3478 PSOM/MTLS/8057 AV Edge External IP Lync Server 2013 Single Consolidated Edge Media Authentication Service HTTPS/4443 Traffic by Server Role Reverse Proxy Access Edge WebCon Edge AV Edge

Edge Network Requirements Internal Edge Interface No NAT supported External Edge Interface Single Edge Server 1:1 NAT Hardware Load Balanced Routable Ips DNS Load Balanced 1:1 NAT

Defining Filters File Filters You can use these filters to block certain types of files from entering your network URL Filters You can use these filters to block certain types of files from entering your network Client Versioning Filters You can use Client Versioning Filters to block and upgrade clients, so that you can ensure a certain minimum version level of your Lync Server 2013 clients in your organization

DNS Usage in Lync Server 2013 Client and mobile discovery of logon servers Device discovery of Device Update servers to update devices Server to Server discovery of federation partners Client and server discovery of servers Clients and servers securely set up sessions

Identifying Required DNS Records Location DNS Record Target External DNS SRV: _sip._tls.adatum.com Access Edge Server: sip.adatum.com port:443 External DNS SRV: _sipfederationtls._tcp.adatum.com Access Edge Server: sip.adatum.com port:5061 External DNS A: sip.adatum.com IP of Access Edge Server External DNS A: webconf.adatum.com IP of Web Conferencing Edge External DNS A: av.adatum.com IP of AV Edge External DNS A: rp.adatum.com IP of Reverse Proxy External DNS A: dialin.adatum.com IP of Reverse Proxy External DNS A: meet.adatum.com IP of Reverse Proxy External DNS A: lyncdiscover.adatum.com IP of Reverse Proxy

PKI Certificate Usage in Lync Server 2013 Within the Lync Server 2013, Public Key Infrastructure (PKI) is used while using Transport Layer Security (TLS) and Mutual Transport Layer Security (MTLS) Lync Server 2013 certificates are used for: TLS connections between client and server MTLS connections between servers Federation using automatic DNS discovery of partners Remote user access for instant messaging (IM) External user access to audio/video (A/V) sessions, application sharing, and conferencing Mobile requests using automatic discovery of Web Service Persistent Chat Web Services for File Upload/Download

Subject Names and Subject Alternate Names The Subject Name of a given X.509 certificate is supported by all PKIs and certificate authority implementations, including all commercial third-party certificate authorities The Subject Alternative Name property on an X.509 certificate: Provides alternative subject names in the certificate Enables TLS and MTLS connections to different names which all resolve to the same physical or virtual server The following server roles use certificates with SAN: Edge Servers Front End servers and Directors

Planning for Types of Certificates and Providers You can use public certificates for Lync Server Access Edge, Reverse Proxy, and Exchange Web Services You can deploy private certificates for all internal Lync Server 2013 roles, and for the internal interface of Lync Server Edge servers When deploying an internal certificate authority, a key item that you need to configure is CRL download locations When deploying public certificates, you need to consider a few items such as CRL download locations and root certificate support

Other Certificate Usage Scenarios In a Lync Server 2013 infrastructure, the following use certificates: Survivable Branch Appliances (SBAs) Web Services SBA Provisioning 1. SBA gets a certificate installed on it and uses it for client authentication 2. SBA looks at the SIP domain part of the SIP URI of the client attempting to register and compares it to the installed certificate 3. If the domain part of the SIP URI matches a domain that is present in the SBA certificate, the client is allowed to register to the SBA

2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information