SlideShare uma empresa Scribd logo

Lync 2010 deep dive edge

Transferir como PPTX, PDF
Harold Wong
Harold Wong

Lync Server 2010 Deep Dive - Edge Services (delivered by Byron Spurlock)

Tecnologia
1 de 55
Microsoft® Lync ™ Server 2010Edge Deep Dive Byron SpurlockFounder Architect - Quadrantechnologies Byrons@Quadrantechnologies.com http://Quadrantechnologies.wordpress.com/2011/
Agenda ,[object Object]
Edge Scenarios – Users point of view
Interoperability Federation
Certificates
Edge Scenario – DNS Load Balancing
Authentication
Discovery
Federation2
Architecture Overview 3
Architecture Considerations ,[object Object]
Multiple Access Edge (pools) for remote users
SRV record points to only one Edge Server (pool)
Single Access Edge Server (pool) for Federation
Used Edge Server
SIP traffic
Federation traffic: Federation Route
Remote users: Edge server used for sign in
AV traffic
AV Edge assigned to pool
Use localized Edge Servers to optimize media path4
Edge Scenarios 5
Interoperability Federation Partners ,[object Object]
MSN
AOL
Yahoo!
IBM Lotus Sametime
Cisco Presence
Extensible Messaging and Presence Protocol (XMPP)
Jabber
Google Talk6
Interoperability: How to ,[object Object]
PIC
Licenses
AOL certificate
XMPP
XMPP Gateway
Cisco Unified Presence
Unified Presence Server 7.0 and Adaptive Security Appliance 8.0.4.X
IBM Lotus Sametime
Sametime 8.0.2 with Hot-Fix One (HF1)
Sametime Gateway7
Certificates Simplified ,[object Object]
Access Edge Server
Web Conferencing Edge Server
AV Edge Server
Private certificates
Internal Edge Interface8
9 9
10 10
Ports 50,000-59,999 ,[object Object]
Federation with OCS 2007
Open UDP and TCP in- and out-bound
Federation with OCS 2007 R2/Lync Server 2010
Open TCP outbound11

Recomendados

Office Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 PosterOffice Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 Poster
Paulo Freitas
 
Microsoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads posterMicrosoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads poster
bigwalker
 
225735365 ccna-study-guide-a
225735365 ccna-study-guide-a225735365 ccna-study-guide-a
225735365 ccna-study-guide-a
homeworkping10
 
Solarwinds port requirement
Solarwinds port requirementSolarwinds port requirement
Solarwinds port requirement
Ezahir Amer
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation Protocol
Matt Bynum
 
PLNOG 9: Emil Gągała - Fast Service Restoration
PLNOG 9: Emil Gągała - Fast Service Restoration PLNOG 9: Emil Gągała - Fast Service Restoration
PLNOG 9: Emil Gągała - Fast Service Restoration
PROIDEA
 
Ccna 1 5
Ccna 1 5Ccna 1 5
Ccna 1 5
Vahdet Shehu
 
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
EC-Council
 

Recomendados

Office Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 PosterOffice Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 Poster
Paulo Freitas
 
Microsoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads posterMicrosoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads poster
bigwalker
 
225735365 ccna-study-guide-a
225735365 ccna-study-guide-a225735365 ccna-study-guide-a
225735365 ccna-study-guide-a
homeworkping10
 
Solarwinds port requirement
Solarwinds port requirementSolarwinds port requirement
Solarwinds port requirement
Ezahir Amer
 
Session Initiation Protocol
Session Initiation ProtocolSession Initiation Protocol
Session Initiation Protocol
Matt Bynum
 
PLNOG 9: Emil Gągała - Fast Service Restoration
PLNOG 9: Emil Gągała - Fast Service Restoration PLNOG 9: Emil Gągała - Fast Service Restoration
PLNOG 9: Emil Gągała - Fast Service Restoration
PROIDEA
 
Ccna 1 5
Ccna 1 5Ccna 1 5
Ccna 1 5
Vahdet Shehu
 
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul CogginTakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
TakeDownCon Rocket City: Bending and Twisting Networks by Paul Coggin
EC-Council
 
Uip Sip Implementation Best Practices060409
Uip Sip Implementation Best Practices060409Uip Sip Implementation Best Practices060409
Uip Sip Implementation Best Practices060409
Abdel-Fattah M. Hmoud
 
Networking Fundamentals: Local Networks
Networking Fundamentals: Local NetworksNetworking Fundamentals: Local Networks
Networking Fundamentals: Local Networks
Andriy Berestovskyy
 
Client server
Client serverClient server
Client server
maryam1231
 
CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648
Mohmed Abou Elenein Attia
 
Ip seminar
Ip seminarIp seminar
Ip seminar
YonasMegersa1
 
Packet Card Knowledge Transferfinal
Packet Card Knowledge TransferfinalPacket Card Knowledge Transferfinal
Packet Card Knowledge Transferfinal
Abdel-Fattah M. Hmoud
 
ACI MultiPod 구성
ACI MultiPod 구성ACI MultiPod 구성
ACI MultiPod 구성
Woo Hyung Choi
 
1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618) 1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618)
Mohmed Abou Elenein Attia
 
Multicast IP addresses Part 1
Multicast IP addresses Part 1Multicast IP addresses Part 1
Multicast IP addresses Part 1
Mohmed Abou Elenein Attia
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214
Mac An
 
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Đồng Quốc Vương
 
IPv6 Static Routes
IPv6 Static RoutesIPv6 Static Routes
IPv6 Static Routes
Irsandi Hasan
 
CCNA Dec, 2015 Questions
CCNA Dec, 2015 QuestionsCCNA Dec, 2015 Questions
CCNA Dec, 2015 Questions
Eng. Emad Al-Atoum
 
CCNA 200-120 Exam Quick Notes
CCNA 200-120 Exam Quick NotesCCNA 200-120 Exam Quick Notes
CCNA 200-120 Exam Quick Notes
Eng. Emad Al-Atoum
 
CCNAX 200 120 dumps
CCNAX 200 120 dumpsCCNAX 200 120 dumps
CCNAX 200 120 dumps
abdulquyyum
 
VoIP on LTE -packet Filter
VoIP on LTE -packet FilterVoIP on LTE -packet Filter
VoIP on LTE -packet Filter
raj_naveen
 
Support for Network-based User Mobility with LISP
Support for Network-based User Mobility with LISPSupport for Network-based User Mobility with LISP
Support for Network-based User Mobility with LISP
Andrea Galvani
 
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
Đồng Quốc Vương
 
Ccna 4 final exam answer v5
Ccna 4 final exam answer v5Ccna 4 final exam answer v5
Ccna 4 final exam answer v5
friv4schoolgames
 
Lightweight 4-over-6: One step further Dual-Stack Lite Networks (RIPE 76)
Lightweight 4-over-6: One step further Dual-Stack Lite Networks (RIPE 76)Lightweight 4-over-6: One step further Dual-Stack Lite Networks (RIPE 76)
Lightweight 4-over-6: One step further Dual-Stack Lite Networks (RIPE 76)
Igalia
 
Data Center Design Guide 4 2
Data Center Design Guide 4 2Data Center Design Guide 4 2
Data Center Design Guide 4 2
Fiyaz Syed
 
16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)
Jeff Green
 

Mais conteúdo relacionado

Mais procurados

Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Đồng Quốc Vương
 
Support for Network-based User Mobility with LISP
Support for Network-based User Mobility with LISPSupport for Network-based User Mobility with LISP
Support for Network-based User Mobility with LISP
Andrea Galvani
 
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
Đồng Quốc Vương
 
Ccna 4 final exam answer v5
Ccna 4 final exam answer v5Ccna 4 final exam answer v5
Ccna 4 final exam answer v5
friv4schoolgames
 

Mais procurados (20)

Uip Sip Implementation Best Practices060409
Uip Sip Implementation Best Practices060409Uip Sip Implementation Best Practices060409
Uip Sip Implementation Best Practices060409
 
Networking Fundamentals: Local Networks
Networking Fundamentals: Local NetworksNetworking Fundamentals: Local Networks
Networking Fundamentals: Local Networks
 
Client server
Client serverClient server
Client server
 
CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648CCNP Security SIMOS 300-209=vpn 642-648
CCNP Security SIMOS 300-209=vpn 642-648
 
Ip seminar
Ip seminarIp seminar
Ip seminar
 
Packet Card Knowledge Transferfinal
Packet Card Knowledge TransferfinalPacket Card Knowledge Transferfinal
Packet Card Knowledge Transferfinal
 
ACI MultiPod 구성
ACI MultiPod 구성ACI MultiPod 구성
ACI MultiPod 구성
 
1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618) 1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618)
 
Multicast IP addresses Part 1
Multicast IP addresses Part 1Multicast IP addresses Part 1
Multicast IP addresses Part 1
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214
 
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
 
IPv6 Static Routes
IPv6 Static RoutesIPv6 Static Routes
IPv6 Static Routes
 
CCNA Dec, 2015 Questions
CCNA Dec, 2015 QuestionsCCNA Dec, 2015 Questions
CCNA Dec, 2015 Questions
 
CCNA 200-120 Exam Quick Notes
CCNA 200-120 Exam Quick NotesCCNA 200-120 Exam Quick Notes
CCNA 200-120 Exam Quick Notes
 
CCNAX 200 120 dumps
CCNAX 200 120 dumpsCCNAX 200 120 dumps
CCNAX 200 120 dumps
 
VoIP on LTE -packet Filter
VoIP on LTE -packet FilterVoIP on LTE -packet Filter
VoIP on LTE -packet Filter
 
Support for Network-based User Mobility with LISP
Support for Network-based User Mobility with LISPSupport for Network-based User Mobility with LISP
Support for Network-based User Mobility with LISP
 
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
Www ccnav5 net_ccna_3_v5_final_exam_answers_2014
 
Ccna 4 final exam answer v5
Ccna 4 final exam answer v5Ccna 4 final exam answer v5
Ccna 4 final exam answer v5
 
Lightweight 4-over-6: One step further Dual-Stack Lite Networks (RIPE 76)
Lightweight 4-over-6: One step further Dual-Stack Lite Networks (RIPE 76)Lightweight 4-over-6: One step further Dual-Stack Lite Networks (RIPE 76)
Lightweight 4-over-6: One step further Dual-Stack Lite Networks (RIPE 76)
 

Semelhante a Lync 2010 deep dive edge

Data Center Design Guide 4 2
Data Center Design Guide 4 2Data Center Design Guide 4 2
Data Center Design Guide 4 2
Fiyaz Syed
 
16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)
Jeff Green
 
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowApplication Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible Netflow
Cisco DevNet
 
Sinnreich Henry Johnston Alan Pt 2
Sinnreich Henry Johnston Alan Pt 2Sinnreich Henry Johnston Alan Pt 2
Sinnreich Henry Johnston Alan Pt 2
Carl Ford
 
vCenter and ESXi network port communications
vCenter and ESXi network port communicationsvCenter and ESXi network port communications
vCenter and ESXi network port communications
Animesh Dixit
 
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
Louis Göhl
 
ITCamp 2011 - Florin Cardasim - Duplex Communications with WCF and Azure
ITCamp 2011 - Florin Cardasim - Duplex Communications with WCF and AzureITCamp 2011 - Florin Cardasim - Duplex Communications with WCF and Azure
ITCamp 2011 - Florin Cardasim - Duplex Communications with WCF and Azure
Florin Cardasim
 

Semelhante a Lync 2010 deep dive edge (20)

Data Center Design Guide 4 2
Data Center Design Guide 4 2Data Center Design Guide 4 2
Data Center Design Guide 4 2
 
16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)
 
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowApplication Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible Netflow
 
OSI layer by cisco
OSI layer by ciscoOSI layer by cisco
OSI layer by cisco
 
Networking 101
Networking 101Networking 101
Networking 101
 
Networking 101
Networking 101Networking 101
Networking 101
 
Networking 101
Networking 101Networking 101
Networking 101
 
Networking 101
Networking 101Networking 101
Networking 101
 
TCP/IP Basics
TCP/IP BasicsTCP/IP Basics
TCP/IP Basics
 
WebRTC Videobroadcasting
WebRTC VideobroadcastingWebRTC Videobroadcasting
WebRTC Videobroadcasting
 
Sinnreich Henry Johnston Alan Pt 2
Sinnreich Henry Johnston Alan Pt 2Sinnreich Henry Johnston Alan Pt 2
Sinnreich Henry Johnston Alan Pt 2
 
SOA patterns
SOA patterns SOA patterns
SOA patterns
 
Fedv6tf-fhs
Fedv6tf-fhsFedv6tf-fhs
Fedv6tf-fhs
 
WebRTC Infrastructure Design
WebRTC Infrastructure DesignWebRTC Infrastructure Design
WebRTC Infrastructure Design
 
vCenter and ESXi network port communications
vCenter and ESXi network port communicationsvCenter and ESXi network port communications
vCenter and ESXi network port communications
 
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
 
(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs
 
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
 
ITCamp 2011 - Florin Cardasim - Duplex Communications with WCF and Azure
ITCamp 2011 - Florin Cardasim - Duplex Communications with WCF and AzureITCamp 2011 - Florin Cardasim - Duplex Communications with WCF and Azure
ITCamp 2011 - Florin Cardasim - Duplex Communications with WCF and Azure
 
Bezpečnostní architektura F5
Bezpečnostní architektura F5Bezpečnostní architektura F5
Bezpečnostní architektura F5
 

Mais de Harold Wong

It camp veeam presentation (no videos)
It camp veeam presentation (no videos)It camp veeam presentation (no videos)
It camp veeam presentation (no videos)
Harold Wong
 

Mais de Harold Wong (20)

System Center 2012 SP1 Overview and Window Azure IaaS
System Center 2012 SP1 Overview and Window Azure IaaSSystem Center 2012 SP1 Overview and Window Azure IaaS
System Center 2012 SP1 Overview and Window Azure IaaS
 
Upgrading from Windows Server 2008 / 2008 R2 to Windows Server 2012
Upgrading from Windows Server 2008 / 2008 R2 to Windows Server 2012Upgrading from Windows Server 2008 / 2008 R2 to Windows Server 2012
Upgrading from Windows Server 2008 / 2008 R2 to Windows Server 2012
 
Windows 8 Deployment
Windows 8 DeploymentWindows 8 Deployment
Windows 8 Deployment
 
FY13 Q2 IT Camp - Windows 8 Overview
FY13 Q2 IT Camp - Windows 8 OverviewFY13 Q2 IT Camp - Windows 8 Overview
FY13 Q2 IT Camp - Windows 8 Overview
 
TechMentor 2012: Deploying Windows Server 2012 Server Core
TechMentor 2012: Deploying Windows Server 2012 Server CoreTechMentor 2012: Deploying Windows Server 2012 Server Core
TechMentor 2012: Deploying Windows Server 2012 Server Core
 
TechMentor 2012: What's new in Windows Server 2012 and Hyper-V
TechMentor 2012: What's new in Windows Server 2012 and Hyper-VTechMentor 2012: What's new in Windows Server 2012 and Hyper-V
TechMentor 2012: What's new in Windows Server 2012 and Hyper-V
 
IT Camp - Vision Solutions Presentation
IT Camp - Vision Solutions PresentationIT Camp - Vision Solutions Presentation
IT Camp - Vision Solutions Presentation
 
Windows Server 2012 Beta Storage Overview
Windows Server 2012 Beta Storage OverviewWindows Server 2012 Beta Storage Overview
Windows Server 2012 Beta Storage Overview
 
IT Camp Windows Server 2012 Beta Hyper-V Overview
IT Camp Windows Server 2012 Beta Hyper-V OverviewIT Camp Windows Server 2012 Beta Hyper-V Overview
IT Camp Windows Server 2012 Beta Hyper-V Overview
 
FI-B328 How to Build a Microsoft Private Cloud Lab in 1,000 Tiny Steps
FI-B328 How to Build a Microsoft Private Cloud Lab in 1,000 Tiny StepsFI-B328 How to Build a Microsoft Private Cloud Lab in 1,000 Tiny Steps
FI-B328 How to Build a Microsoft Private Cloud Lab in 1,000 Tiny Steps
 
It camp veeam presentation (no videos)
It camp veeam presentation (no videos)It camp veeam presentation (no videos)
It camp veeam presentation (no videos)
 
Cloud Intelligence - Get Your Head Out of the Clouds
Cloud Intelligence - Get Your Head Out of the CloudsCloud Intelligence - Get Your Head Out of the Clouds
Cloud Intelligence - Get Your Head Out of the Clouds
 
Cloud Intelligence - Build a Private Cloud in a 1,000 Easy Steps
Cloud Intelligence - Build a Private Cloud in a 1,000 Easy StepsCloud Intelligence - Build a Private Cloud in a 1,000 Easy Steps
Cloud Intelligence - Build a Private Cloud in a 1,000 Easy Steps
 
IT Camp Opening - Los Angeles
IT Camp Opening - Los AngelesIT Camp Opening - Los Angeles
IT Camp Opening - Los Angeles
 
IT Camp Opening - Phoenix / Tempe
IT Camp Opening - Phoenix / TempeIT Camp Opening - Phoenix / Tempe
IT Camp Opening - Phoenix / Tempe
 
IT Camp - Server Migration Overview
IT Camp - Server Migration OverviewIT Camp - Server Migration Overview
IT Camp - Server Migration Overview
 
Private cloud forefront identity manager 2010 (adam bresson)
Private cloud forefront identity manager 2010 (adam bresson)Private cloud forefront identity manager 2010 (adam bresson)
Private cloud forefront identity manager 2010 (adam bresson)
 
Private cloud 201 how to build a private cloud
Private cloud 201 how to build a private cloud Private cloud 201 how to build a private cloud
Private cloud 201 how to build a private cloud
 
Get ready for tomorrow, today!
Get ready for tomorrow, today!Get ready for tomorrow, today!
Get ready for tomorrow, today!
 
Lync 2010 Conferencing Deep Dive
Lync 2010 Conferencing Deep DiveLync 2010 Conferencing Deep Dive
Lync 2010 Conferencing Deep Dive
 

Último

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Último (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 

Lync 2010 deep dive edge

  • 1. Microsoft® Lync ™ Server 2010Edge Deep Dive Byron SpurlockFounder Architect - Quadrantechnologies Byrons@Quadrantechnologies.com http://Quadrantechnologies.wordpress.com/2011/
  • 2.
  • 3. Edge Scenarios – Users point of view
  • 6. Edge Scenario – DNS Load Balancing
  • 11.
  • 12. Multiple Access Edge (pools) for remote users
  • 13. SRV record points to only one Edge Server (pool)
  • 14. Single Access Edge Server (pool) for Federation
  • 18. Remote users: Edge server used for sign in
  • 21. Use localized Edge Servers to optimize media path4
  • 23.
  • 24. MSN
  • 25. AOL
  • 29. Extensible Messaging and Presence Protocol (XMPP)
  • 32.
  • 33. PIC
  • 36. XMPP
  • 39. Unified Presence Server 7.0 and Adaptive Security Appliance 8.0.4.X
  • 41. Sametime 8.0.2 with Hot-Fix One (HF1)
  • 43.
  • 49. 9 9
  • 50. 10 10
  • 51.
  • 53. Open UDP and TCP in- and out-bound
  • 54. Federation with OCS 2007 R2/Lync Server 2010
  • 56. Lync Server Edge scenarios External User Access Lync clients can transparently connect to the Lync Server deployment over the public Internet PIC Connecting with public IM providers Federation Federation with other Enterprises IM&P only, or All modalities A/V and Application Sharing
  • 58. Terms & Acronyms Candidate Possiblecombinationof IP addressandportformediachannel NAT Network Address Translation TURN TraversalUsing Relay NAT STUN Simple Traversal of UDP through NAT Session Traversal Utilities for NAT
  • 59. Home NATs General NAT/Firewall behavior Allow connections from the private network Blocks connection from the Internet Security/usability tradeoff Blocks attackers from harming your system PROBLEM: Also blocks incoming signaling and media Home Internet Home NAT
  • 60. Corporate Firewalls Though more scrutinized, goals are similar Sharing of IP addresses Controlling data traffic from the internet Two firewalls isolate via perimeter network Work Perimeter Network Internet Inner FW Outer FW
  • 61. Why is NAT Traversal a problem? SIP signaling over TCP uses Access Edge UDP media flows over separate channel Pre-ICE endpoints uses local IPs & ports No media can be sent between (a) and (w) UDP TCP INVITE m/c = a 200 OK m/c = w Access Edge Home Work a w Outer FW Inner FW Home NAT
  • 62. Solution – STUN, TURN, ICE Add a Media Relay (aka A/V Edge Server) STUN reflects NAT addresses (b) and (e) TURN relays media packets (c) (d) (x) (y) ICE exchanges candidates (cand) and determines optimal media path All three protocols based IETF standards UDP TCP INVITE m/c = a 200 OK m/c = w Access Edge Home Work cand=a,b,c,d,e cand=w,x,y c b a STUN TURN Server (AV Edge) w d e x y Inner FW Outer FW Home NAT
  • 64. Single IP address Edge Edge Server edge-int.contoso.com 172.25.33.10 SIP: 5061 Web Conf: 8057 A/V Conf: 443, 3478 edge.contoso.com 131.107.155.10 SIP: 5061 Web Conf: 444 A/V Conf: 443, 3478 Internal External
  • 65. Multiple IP address Edge Edge Server access.contoso.com 131.107.155.10 443, 5061 External SIP edge-int.contoso.com 172.25.33.10 SIP: 5061 Web Conf: 8057 A/V Conf: 443, 3478 webcon.contoso.com 131.107.155.20 443 Internal External Web Conf av.contoso.com 131.107.155.30 443, 3478 External AV
  • 66. Edge using NAT IP addresses Public IP space NAT Edge Server IP1 IP1’ External SIP Lync Server does not need to know translated SIP and Web Conf IP IP2’ IP2 Client Int External Web Conf Clients connect to IP for A/V traffic Translated AV IP must be configured in Lync Server IP3’ IP3 External AV
  • 67.
  • 68.
  • 69. DNS Load Balanced Edge using NAT NAT Public IP space Edge Server 1 IP1 IP1’ DNS A records access.contoso.com IP1’ and IP4’ webcon.contoso.com IP2’ and IP5’ av.contoso.com IP3’ and IP6’ Int IP2 IP2’ IP3 IP3’ Translated AV IP addresses must be configured in Lync Server individually IP3 to IP3’ IP6 to IP6’ Edge Server 2 IP4 IP4’ Int IP5 IP5’ IP6 IP6’
  • 70. Hardware Load Balanced Edge HLB Public IP space Edge Server 1 IP1 DNS A records access.contoso.com VIP1 webcon.contoso.com VIP2 av.contoso.com VIP3 Int IP2 IP3 VIP1 VIP2 AV client connections are initiated over the VIP. Subsequent client AV traffic (UDP) connect directly to Edge. TCP traffic continues to use VIP. NAT and HLB is not possible Edge Server 2 VIP3 IP4 Int IP5 IP6
  • 71. DNS Load Balancing and Interop/Migraion Co-existence/Side-by-Side OCS 2007 OR OCS 2007 R2 pool and Edge Server can co-exist with Lync Server pool and Lync Edge Server Only a single Edge (server/pool) for Federation is possible DNS Load Balancing Legacy components do not support DNS LB If co-existence time is short: DNS LB If co-existence time is long: Hardware LB
  • 73. Reverse Proxy and external access Forwards External HTTPS and HTTP traffic to Front End and Director Pool HTTPS Simple URLs (Join Launcher URL) Address Book (download and/or web service) ABS Distribution List Expansion DLX Web Ticket (Web Auth) HTTP Device Updates (Firmware) Device Update logs upload
  • 74. Reverse Proxy and external access Simple URL forward to Director (recommended) Forwarding rule for Simple URL to a single Director (or Pool); port 443 Reverse Proxy certificate’s SAN to contain base FQDN of each Simple URL Web External Pool traffic forwarded to pools by Reverse Proxy Reverse Proxy requires a forwarding rule each Web External FQDN (Front End Pool and Director); port 443 If external Phone Devices are implemented, Reverse Proxy rule for port 80 is required Reverse Proxy certificate’s SAN to contain base FQDN of all configured Web external Pools (Front End Pool and Director)
  • 75. Reverse Proxy Front End Pool1 Reverse Proxy Front End Pool2 Client Director join.contoso.com to Director meet.fabrikam.com to Director webext1.contoso.com to Pool 1 webext2.contoso.com to Pool 2 DNS LB not supported for HTTP/S traffic SAN in Reverse Proxy Certificate
  • 77. Credentials for remote client MTLS MRAS A/V Edge SIP Subscribe 200 OK Access Edge ms-user-logon-data: RemoteUser <mrasUri>sip:Mras.contoso.com OCS FE Server SIP Service <location>internet</location> 200 OK <hostName>avedge.contoso.com <udpPort>3478 <tcpPort>443 <username> 77qq8yXccBc2lwOmFy <password> Wnujl0eo00YkV/5dg= <duration>480 Service 200 OK Inner Firewall Outer Firewall Endpoint
  • 78. Credentials for remote client 02/09/2011|10:00:41.608 1B9C:A24 INFO :: Sending Packet - 208.115.110.XXX:443 (From Local Address: 192.168.1.138:54415) 1334 bytes: 02/09/2011|10:00:41.608 1B9C:A24 INFO :: SERVICE sip:edegeinternalfqdn.contoso.com@Contoso.com;gruu;opaque=srvr:MRAS:v6H_I-uZa1irVldx3Z_CdgAA SIP/2.0 ms-user-logon-data: RemoteUser Via: SIP/2.0/TLS 192.168.1.138:54415 Max-Forwards: 70 From: <sip:<userName>@contoso.com>;tag=6adfd24c1b;epid=92a17ee2ce To: <sip:edgeinternalfqdn.contoso.com@Contoso.com;gruu;opaque=srvr:MRAS:v6H_I-uZa1irVldx3Z_CdgAA> Call-ID: 0ba8a0c30bf74534a7d94a182b4d72f8 CSeq: 1 SERVICE Contact: <sip: <userName>@contoso.com;opaque=user:epid:1dRPOJppUlG-Qszig4EXYgAA;gruu> User-Agent: UCCAPI/4.0.7577.108 OC/4.0.7577.108 (Microsoft Lync 2010) Proxy-Authorization: TLS-DSK qop="auth", realm="SIP Communications Service", opaque="6436AC83", targetname="edgeinternalfqdn.contoso.com", crand="eee9b681", cnum="7", response="63d56f98d452b3e25266ba340e88dfb47e96c7de" Content-Type: application/msrtc-media-relay-auth+xml Content-Length: 478 <request requestID="128326152" version="2.0" to="sip: EDGEINTERNALFQDN.Contoso.com@Contoso.com;gruu;opaque=srvr:MRAS:v6H_I-uZa1irVldx3Z_CdgAA" from="sip: user@contoso.com " xmlns="http://schemas.microsoft.com/2006/09/sip/mrasp" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><credentialsRequest credentialsRequestID="128326152"><identity>sip: <userName>@contoso.com </identity><location>internet</location><duration>480</duration></credentialsRequest></request>
  • 79. Credentials for remote client <?xml version="1.0"?> <response xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" requestID="128326152" version="2.0" serverVersion="2.0" to="sip:edgeinternalfqdn.contoso.com@contoso.com;gruu;opaque=srvr:MRAS:v6H_I-uZa1irVldx3Z_CdgAA" from="sip:<userName>@contoso.com" reasonPhrase="OK" xmlns="http://schemas.microsoft.com/2006/09/sip/mrasp"> <credentialsResponsecredentialsRequestID="128326152"> <credentials> <userName>AgAAJEqlo9QBy8itWiOmR2d4zw8ZJqfwTPDagP7i95AAAAAAbdyNu23CueVPKAjFdxLksF0ihSk=</userName> <password>eulmSPLxOMZZAYZvkq78HBo2uSk=</password> <duration>480</duration> </credentials> <mediaRelayList> <mediaRelay> <location>internet</location> <hostName>AVEDGEEXTERNAL.contoso.com</hostName> <udpPort>3478</udpPort> <tcpPort>443</tcpPort> </mediaRelay> </mediaRelayList> </credentialsResponse> </response> 02/09/2011|10:00:41.873 1B9C:A24 INFO :: End of Data Received - 208.115.110.143:443 (To Local Address: 192.168.1.138:54415) 1727 bytes
  • 80. Credentials for Conferencing SIP Invite OCS FE Server 200 OK Access Edge <hostName>avedge.contoso.com <udpPort>3478 <tcpPort>443 <username> 77qq8yXccBc2lwOmFy <password> Wnujl0eo00YkV/5dg= <duration>480 3CP: Add User 200 OK {MRAS Credentials} Service MTLS A/V MCU 200 OK A/V Auth A/V Edge Outer Firewall Inner Firewall Endpoint
  • 81. Credentials for remote client Direction: incoming;source="external edge";destination="internal edge" Peer: 76.187.107.231:54385 Message-Type: request Start-Line: INVITE sip:bob@contoso.com;gruu;opaque=app:conf:audio-video:id:FZG8SYVR SIP/2.0 From: <sip:bob@contoso.com>;tag=75336413c0;epid=3821b40476 To: <sip:bob@contoso.com;gruu;opaque=app:conf:audio-video:id:FZG8SYVR>;tag=a4f2e92356;epid=0B08BA10A9 CSeq: 3 INVITE m=audio 50743 RTP/SAVP 9 111 0 8 97 13 118 101 a=ice-ufrag:cGUT a=ice-pwd:eUrBEAMFNrwFGgroXuUMaLtS a=candidate:4 1 UDP 16648703 97.75.78.122 50743 typ relay raddr 76.187.107.231 rport 31602 a=candidate:4 2 UDP 16648702 97.75.78.122 55309 typ relay raddr 76.187.107.231 rport 31603 a=cryptoscale:1 client AES_CM_128_HMAC_SHA1_80 inline:FU4Gl7hGYS894KJYhEvNq72Jo7ADq2e0gkLUzPV1|2^31|1:1 a=remote-candidates:1 192.168.32.102 53622 2 192.168.32.102 53623 a=maxptime:200 a=rtcp:55309 a=rtpmap:9 G722/8000 a=rtpmap:111 SIREN/16000 a=fmtp:111 bitrate=16000 a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:97 RED/8000 a=rtpmap:13 CN/8000 a=rtpmap:118 CN/16000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=encryption:required m=video 56786 RTP/SAVP 121 34 a=ice-ufrag:eQIo
  • 83. Secure Communications in LyncCan someone sniff the packets and access my IM/audio/video/data?
  • 84. Edge Validation Public Web Service Tool available for Edge Validation Supports OCS 2007 R2 and Lync Server 2010 https://www.testocsconnectivity.com
  • 86. More Terms Internal IP address The IP address assigned to the network interface of the client computer. Reflexive IP address IP address of the public address assigned to the home router. Media relay address The public IP address of the Audio/Video Edge service that is associated with the internal Lync 2010 user’s pool.
  • 87. nic a c default MRAS a b b c Allocate UDP candidate list c Media Relay Allocate TCP d e d e UDP TCP local remote Endpoint NAT/Firewall AddressDiscovery (AV)
  • 88. c Address Discovery (Desktop Sharing) nic a default a MRAS b c candidate list Media Relay Allocate TCP c b UDP TCP local remote Endpoint NAT/Firewall
  • 89. Address Exchange TURN TURN nic nic a b w x SIP INVITE c :: a,b,c,d local remote local remote y y c c default default 183 Session Progress y :: w,x,y,z w a a w 200 OK y :: w,x,y,z x b b x candidate list candidate list y c c y z d d z c y d z SIP NAT/Firewall Endpoint NAT/Firewall Endpoint 45
  • 90. Address Exchange (Caller-Invite) 05/31/2011|16:55:25.856 2D7C:1FF8 INFO :: Sending Packet - 208.115.110.143:443 (From Local Address: 10.180.181.223:62230) 7439 bytes: 05/31/2011|16:55:25.856 2D7C:1FF8 INFO :: INVITE sip:alice@contoso.com SIP/2.0 Via: SIP/2.0/TLS 10.180.181.223:62230 Max-Forwards: 70 From: <sip:bob@contoso.com>;tag=c4a189acf6;epid=92a17ee2ce To: <sip:alice@contoso.com> Call-ID: eb472e8ebc384c68a07b1e5beb70be38 CSeq: 1 INVITE m=audio 55336 RTP/AVP 114 9 112 111 0 8 116 115 4 97 13 118 101 a=ice-ufrag:6QrA a=ice-pwd:LColjpNYVTQVn6KK6Bg7D9k1 a=candidate:5 2 UDP 2130703870 10.180.181.223 25743 typ host a=candidate:6 1 TCP-PASS 6556159 208.115.110.145 50162 typ relay raddr 166.248.0.235 rport 30907 a=candidate:6 2 TCP-PASS 6556158 208.115.110.145 50162 typ relay raddr 166.248.0.235 rport 30907 a=candidate:7 1 UDP 16648703 208.115.110.145 55336 typ relay raddr 166.248.0.235 rport 52259 a=candidate:7 2 UDP 16648702 208.115.110.145 54267 typ relay raddr 166.248.0.235 rport 52282 a=candidate:8 1 UDP 1694233599 166.248.0.235 52259 typsrflxraddr 10.180.181.223 rport 11252 a=candidate:8 2 UDP 1694232062 166.248.0.235 52282 typsrflxraddr 10.180.181.223 rport 11253 a=candidate:9 1 TCP-ACT 7074303 208.115.110.145 50162 typ relay raddr 166.248.0.235 rport 30907 a=candidate:9 2 TCP-ACT 7073790 208.115.110.145 50162 typ relay raddr 166.248.0.235 rport 30907 a=candidate:10 1 TCP-ACT 1684795391 166.248.0.235 30907 typsrflxraddr 10.180.181.223 rport 15645 a=candidate:10 2 TCP-ACT 1684794878 166.248.0.235 30907 typsrflxraddr 10.180.181.223 rport 15645
  • 91. Address Exchange (Callee-Response) 05/31/2011|16:55:28.485 2D7C:1FF8 INFO :: Data Received - 208.115.110.143:443 (To Local Address: 10.180.181.223:62230) 3093 bytes: 05/31/2011|16:55:28.485 2D7C:1FF8 INFO :: SIP/2.0 183 Session Progress ms-user-logon-data: RemoteUser From: "bob"<sip:bob@contoso.com>;tag=c4a189acf6;epid=92a17ee2ce To: <sip:alice@contoso.com>;epid=73f1df72ee;tag=ed247c795f Call-ID: eb472e8ebc384c68a07b1e5beb70be38 CSeq: 1 INVITE Record-Route: <sip:LYNCFE.contoso.com:5061;transport=tls;opaque=state:T:F;lr;received=10.0.1.62;ms-received-cid=73BB7E00> Contact: <sip:alice@contoso.com;opaque=user:epid:bEfyhOYmMVynmDXlgp2D6gAA;gruu> User-Agent: UCCAPI/4.0.7577.256 OC/4.0.7577.280 (Microsoft Lync 2010) m=audio 57501 RTP/SAVP 114 9 112 111 0 8 116 115 4 97 13 118 101 a=candidate:2 1 TCP-PASS 6556159 208.115.110.145 55275 typ relay raddr 75.98.19.251 rport 4523 a=candidate:2 2 TCP-PASS 6556158 208.115.110.145 55275 typ relay raddr 75.98.19.251 rport 4523 a=candidate:3 1 UDP 16648703 208.115.110.145 57501 typ relay raddr 75.98.19.251 rport 32250 a=candidate:3 2 UDP 16648702 208.115.110.145 56075 typ relay raddr 75.98.19.251 rport 32251 a=candidate:4 1 UDP 1694235647 75.98.19.251 32250 typsrflxraddr 10.104.72.9 rport 32250 a=candidate:4 2 UDP 1694234110 75.98.19.251 32251 typsrflxraddr 10.104.72.9 rport 32251 a=candidate:5 1 TCP-ACT 7076351 208.115.110.145 55275 typ relay raddr 75.98.19.251 rport 4523 a=candidate:5 2 TCP-ACT 7075838 208.115.110.145 55275 typ relay raddr 75.98.19.251 rport 4523 a=candidate:6 1 TCP-ACT 1684797439 75.98.19.251 4523 typsrflxraddr 10.104.72.9 rport 4523 a=candidate:6 2 TCP-ACT 1684796926 75.98.19.251 4523 typsrflxraddr 10.104.72.9 rport 4523
  • 93. Port Requirements for Audio/Video Lync 2010 UDP 3478, TCP 443 UDP/TCP 50,000-59,999 inbound/outbound Enables federation with OCS 2007 Edges OCS 2007 R2 UDP 3478, TCP 443 No additional ports needed for remote access only TCP 50,000-59,999 outbound Enables federation with R2 Edges UDP/TCP 50,000-59,999 inbound/outbound Enables federation with OCS 2007 Edges OCS 2007 UDP 3478, TCP 443 UDP/TCP 50,000-59,999 inbound/outbound
  • 94. A/V Federation 2007-2007 Access Proxy Access Proxy Work2 OC/Console A/V MCU w2 w1 Work1 OC/Console A/V MCU UDP 3478 TCP 443 UDP 3478 TCP 443 UDP/TCP 50000 . . . . . . . . . UDP/TCP 59999 UDP/TCP 50000 . . . . . . . . . UDP/TCP 59999 w2 w1 w2 w1 2007 Edge 2007 Edge Outer FWs (no NAT) Inner FW Inner FW
  • 95. A/V Federation R2 Tunnel Mode Access Proxy Access Proxy Work2 OC/Console A/V MCU w2 Work1 OC/Console A/V MCU w1 UDP 3478 TCP 443 UDP 3478 TCP 443 UDP/TCP 50000 . . . . . . . . . UDP/TCP 59999 UDP/TCP 50000 . . . . . . . . . UDP/TCP 59999 w2 w1 w2 w1 R2 Edge R2 Edge Outer FWs (no NAT) Inner FW Inner FW
  • 96. A/V Federation R2-2007 Interop Access Proxy Access Proxy Work2 OC/Console A/V MCU w2 Work1 OC/Console A/V MCU w1 UDP 3478 TCP 443 UDP 3478 TCP 443 UDP/TCP 50000 . . . . . . . . . UDP/TCP 59999 UDP/TCP 50000 . . . . . . . . . UDP/TCP 59999 w2 w1 w2 w1 2007 Edge R2 Edge Outer FWs (no NAT) Inner FW Inner FW
  • 97. A/V Federation Lync Access Proxy Access Proxy Work2 OC/Console A/V MCU w2 Work1 OC/Console A/V MCU w1 UDP 3478 TCP 443 UDP 3478 TCP 443 UDP/TCP 50000 . . . . . . . . . UDP/TCP 59999 UDP/TCP 50000 . . . . . . . . . UDP/TCP 59999 Lync Edge Lync Edge Outer FWs (no NAT) Inner FW Inner FW
  • 98.
  • 99. Edge Scenarios – Users point of view
  • 102. Edge Scenario – DNS Load Balancing
  • 106. 55

Notas do Editor

  1. Slide Objective:Notes:
  2. Slides Objective:Give an overview over the sessionNotes:This session will include the most important topics around changes for Edge Server in Lync Server 2010:Edge Scenarios – what Edge enables your users to doInterop Federation – Federations with non OCS/Lync Server 2010 environments: PIC, XMPP, Sametime, CiscoPlan for Edge –FQDNs/Simple URLs, Certificates, Firewall, Load BalancingManage Edge – Install, BigFin, FederationsEdge Architecture with Multiple sites
  3. Slides Objective:Give an overview of ArchitectureNotes:Edge Server enables a Lync Server 2010 deployment to communicate with external participants – Remote users, Federated users (including PIC) and anonymous users. On the left side we have the public network/internet, then we have a perimeter network between an internal and external firewall. On the right side we have the internal network.In the perimeter the Edge Server runs three services: Access Edge, Web Conferencing Edge und AV Edge. Additionally there is a Reverse Proxy, publishing meeting content, address book, and group expansion.The director in the internal network is an optional role, that acts as a next hop server. It adds additional security and – in a deployment with multiple internal pools – offloads the distribution of users to their home pools.The internal deployment here is simplified, of course there can be additional components such as AV conferencing pool, Exchange UM, Monitoring Server,…Also the symbols for Edge and Front End show a pool, also single servers can be used.
  4. Slide Objective: Discuss the planning for Edge Server locationsNotes: This is the same as in OCS 2007 R2. The only way to install Edge is as a consolidated Edge with all three server roles (Access Edge, Web Conferencing Edge, AV Edge). While multiple Edge Server (pools) can be used as SIP ingress points for remote user, only a single Edge Server (pool) can be used for Federation traffic (including PIC). However, the SRV record will point only to one Edge Server (pool) that is used for client sign in. To use localized Edge Servers (pools) for SIP traffic, GPOs can be used to specify connection settings.However, it is important to know, which Edge Server and also which Edge Server role is used when by a user. Remote users for SIP traffic always use the Access Edge Server they used for sign in (located either through automatic login or via “manual” configuration/GPO). Independently they will always use the AV Edge Server that is assigned to their home pool.For Federation/PIC traffic, the Access Edge server used for outgoing route is configured for the whole deployment. However, the AV Edge Server used for media sessions will always be the one, assigned to the home pool of a user.Because media traffic is very dependent on network quality such as latency, it makes complete sense to use localized Edge servers in all locations where you have also a pool.For conferences, the Web Conferencing Edge server and the AV Edge Server used for the conference will be the one assigned to the home pool of the user organizing the conference.
  5. Slides Objective:Explain Edge Server ScenariosNotes:Edge Server is useful in a number of scenarios. Depending of the type of communication partner, different features are available. This is a description of the features:PresenceIM 1:1 – two party instant messagesIM conferencing – IM sessions with more than two usersCollaboration– Share the desktop, one or more applications, whiteboard and filesA/V 1:1 – two party Audio-/VideoA/V conferencing: Audio-/Video sessions with more than two peopleFile Transfer: Sending files over Lync 2010, two party only; in Lync Server 2010 File Transfer uses the ICE protocol to establish a media path between two endpoints. That means that in contrast to earlier versions of Lync 2010, we can now transfer files trough NATs and firewalls. In conferences, files are not sent directly to other users, they are uploaded to the meeting on Lync Server 2010 and participants can download it from there.In general there are four different kind of users that interact with an Edge environment:Remote Users: These are users of the same company, with an Active Directory account, however these users are not connected to the internal enterprise network and are also not using any VPN connection.Remote users will have the full feature set and the same user experience as internal users.Federated Users: Federated users are users from a different company with an Active directory account at that different company. They are configured for OCS at the other company and between your company and the other company, a Federation is established: a trust relationship to allow users from both companies to communicate with each others.Federated users will have the full features set except for address book. There is no address book sharing over the Edge Server, but contacts can be added to Active Directory Domain Services (AD DS) so that Federated users can be found. In Lync 2010, Federated users are marked with a planet icon to distinguish them from internal users. If the federation partner has an older version of Lync Server 2010, the user experience will be the same as in Migration/co-existence scenarios and the feature set will be limited. However, same as for co-existence, Federated users can use the Lync Attendee to join meetings with the full feature set.Anonymous users are users without an AD account in your OCS environment nor in a Federated one. These users can use the AOC to join meetings. However, the AOC does not offer presence or 1:1 capabilities – from a technical perspective this is a conference and hence hosted on a conference server, without peer-to-peer traffic in the client. Of course, you can have a conference with only two participants.Non Lync Server 2010 Federation partners such as PIC (MSN, Yahoo!, AOL) or XMPP partners support only basic presence (a reduced set of presence status) and 1:1 IM. The only exception is MSN, that will offer AV capabilities with the Windows Live Messenger client from Windows Live Essentials 2011.
  6. Slides Objective:Discuss Federations with non-OCS/Lync Server 2010 environmentsNotes:Lync Server 2010 offers a number of interoperability scenarios with non OCS/Lync Server 2010 environments. Goal of this and the following slides is to give an overview over the solutions and create awareness of the possibilities, not to give deep dive configuration information. Detailed information is provided in the links sections.PIC (Public Internet Connectivity) is the integration of public Instant Messaging providers into Lync Server 2010. PIC can be activated also only for a subset of PIC partners.IBM Lotus Sametime and Cisco Presence allow integration for IM and Presence, on the Lync Server 2010 side this is configured as Federation.For XMPP an additional server in the perimeter network is required with the XMPP gateway installed on it. The XMPP gateway is provided by Microsoft and does not require an additional license.
  7. Slides Objective:Provide a brief overview on how to set up interop FederationsNotes:Federation with Windows Live and AOL do not need additional licenses, Federation with Yahoo! requires the LyncServer 2010 Public IM Connectivity (PIC) per user subscription license. The LyncServer 2010 PIC license is sold separately on a per-user, per-month basis as a Microsoft service. PIC service licenses are available for Microsoft Volume License customers only.http://www.microsoft.com/en-us/lync/public-im-connectivity.aspxFederation with Google Talk and Jabber can be enabled through the Microsoft Office Communications Server 2007 R2 XMPP Gateway, available at no additional licensing cost. This Gateway provides presence sharing and instant messaging (IM) with XMPP networks like Google Talk.IBM Lotus Sametime requires version 8.0.2 with Hot-Fix One (HF1) or above of Sametime – Sametime is SIP/SIMPLE based – required Sametime Gateway.http://publib.boulder.ibm.com/infocenter/sametime/v8r5/index.jsp?topic=/com.ibm.help.sametime.v85.doc/config/config_gw_conn_ocs.htmlCisco Unified Presence requires at least Unified Presence Server 7.0 and Adaptive Security Appliance 8.0.4.X. A guide for Federating Cisco Unified Presence with OCS can be found here: http://www.cisco.com/en/US/docs/voice_ip_comm/cups/7_0/english/integration_notes/federation/Integration_Guide_for_Configuring_Cisco_Unified_Presence_70__for_Interdomain_Federation.book.pdf
  8. Slide Objective: Discuss Certificate requirementsNotes: Lync Server 2010 requires less public certificates (certificates that are signed by a public certification authority). A single public certificate can be used for Access Edge, Web Conferencing Edge, AV Edge and even Reverse Proxy if the SANs are manually added in the request. Consider the various SANs that might be required (Simple URLs, multiple domains)The wizard can automatically add all required Subject Names/Subject Alternate NameFor the internal interface, an internal certificate can be used.
  9. Slide Objective: Explain port changes for Reverse Proxy from OCS 2007 R2.Notes:First explain the setup: this first diagram is about reverse proxy. On the left side is the external network, the internet. On the right side is the internal network, the corp net. In between, there is the perimeter network with an internal and external firewall. For the external interface, port 80 was added on Reverse Proxy. This port was not required in previous version.On the internal interface port 8080 was added to forward all requests send to port 80. Another change is, that request to port 443 are now mapped to port 4443 for web components. This enables us to use on the internal server port 443 for all internal queries and port 4443 for all external queries.
  10. Slide Objective: Explain port changes for Edge Server from OCS 2007 R2.Notes:Again we have from left to right the external network, perimeter network and internal network. There is one Edge Server with all roles installed (Access Edge, Web Conferencing Edge and AV Edge). On the left side, the blue arrows at the top connect to the Access Edge IP. The single arrow in the middle connects to the Web Conferencing Edge and the green arrows at the bottom connect to the AV Edge.On the internal firewall, all connections point to the internal Edge IP address.For replicating the configuration, the central management store (CMS), running on one of the Front End Servers, uses port 4443 to push the configuration file to the internal interface of the Edge Server. The configuration data is stored on a SQL Express database on the Edge Server.
  11. Slide Objective: Explain requirements for the 50,000-59,999 port rangeNotes: This has not changed from OCS 2007 R2.The port range is required for federated media traffic. If Federating with OCS 2007, the port range has to be opened for UDP and TCP in/ and outbound. For Federation with OCS 2007 R2 or Lync Server 2010 only TCP outbound is required.If you don’t open the port range, media to Federated contacts will not work at all (OCS 2007) respectively Desktop Sharing and File Transfer (OCS 2007 R2 and Lync Server 2010) – please note that File Transfer over firewalls will work only Lync Server 2010 to Lync Server 2010.
  12. Slides Objective:Give an overview over the sessionNotes:This session will include the most important topics around changes for Edge Server in Lync Server 2010:Edge Scenarios – what Edge enables your users to doInterop Federation – Federations with non OCS/Lync Server 2010 environments: PIC, XMPP, Sametime, CiscoPlan for Edge –FQDNs/Simple URLs, Certificates, Firewall, Load BalancingManage Edge – Install, BigFin, FederationsEdge Architecture with Multiple sites