+ All Categories
Home > Technology > Lync Mobility Deployment

Lync Mobility Deployment

Date post: 14-Dec-2014
Category:
Upload: mucugl
View: 8,872 times
Download: 2 times
Share this document with a friend
Description:
Presented by Justin Morris and Tom Arbuthnot at MUCUGL January 2012
Popular Tags:
19
Lync Mobility Deployment Tom Arbuthnot Consultant, Modality Systems and Lync MVP @ tomarbuthnot http:// www.lyncdup.com [email protected] Justin Morris Consultant, Modality Systems @ jm_deluxe http:// www.justin-morris.ne t j [email protected]
Transcript
Page 2: Lync Mobility Deployment

Microsoft Unified Communications User Group London (MUCUGL) 2

Agenda

• Step by Step Deployment Guide– Prerequisites, DNS, Certificates– Reverse Proxy, Push Notifications

• The Lync Mobile Sign-In Process• Top 5 Issues• Do I need lyncdiscoverinternal?• Monitoring Performance of Mobility• Questions

19/01/2012

Page 3: Lync Mobility Deployment

10/04/2023 Microsoft Unified Communications User Group London (MUCUGL) 3

Mobility Service Deployment in 7 slides

• Cumulative Update 4 on all Servers• Mobility DNS Requirements• New FE listening ports and IIS changes• Install the MCX Service• Certificate Updates• Reverse Proxy Rule Update• Add Lync Online Federation for Push

Notifications

Page 4: Lync Mobility Deployment

10/04/2023 Microsoft Unified Communications User Group London (MUCUGL) 4

Cumulative Update 4 First

• CU4 on all servers

• CU4 DB Update• Install-CsDatabase -Update -

ConfiguredDatabases -SqlServerFqdn <EEBE.Fqdn> -UseDefaultSqlPaths

Page 5: Lync Mobility Deployment

10/04/2023 Microsoft Unified Communications User Group London (MUCUGL) 5

DNS Requirements

• Lync Mobile uses two DNS records to discover the server to register to, lyncdiscover and lyncdiscoverinternal

• CNAME and Host (A) records are supported• Internal DNS: Lyncdiscoverinteral.domain.com points to

Lync pool/Director DNS record• External DNS: Lyncdisover.domain.com, external (and

reachable internal), points to External Reverse Proxy• Lync discover returns proxy FQDN. This needs to be

resolvable internally

Page 6: Lync Mobility Deployment

10/04/2023 Microsoft Unified Communications User Group London (MUCUGL) 6

New FE Listening Ports and IIS changes

• Set-CsWebServer -Identity lync.domain.com -McxSipPrimaryListeningPort 5086

• Set-CsWebServer -Identity lync.domain.com -McxSipExternalListeningPort 5087

• Re enable the topology to enact these IIS changes– Enable-CsTopology

• There is also an additional IIS feature Requirement– Import-Module ServerManager

Add-WindowsFeature Web-Server, Web-Dyn-Compression

Page 7: Lync Mobility Deployment

10/04/2023 Microsoft Unified Communications User Group London (MUCUGL) 7

Install the MCX Service

• Download the McxStandalone.msi installation package and save it into the following existing directory on each Lync server where it will be installed.

• C:\ProgramData\Microsoft\Lync Server\Deployment\cache\4.0.7577.0\setup\

• C:\Program Files\Microsoft Lync Server2010\Deployment\Bootstrapper.exe

Page 8: Lync Mobility Deployment

10/04/2023 Microsoft Unified Communications User Group London (MUCUGL) 8

Certificate Updates – Internal and External

• Internal FE certs– Set-CsCertificate –Type

Default,WebServicesInternal,WebServicesExternal –Thumbprint <Certificate Thumbprint>

– This will add the lyncdiscover and lyncdiscoverinternal names to the FE cert

• Externally, discovery can be done http(80) or https(443), if using https the external cert requires lyncdiscover.domain.com SAN name

• Both required for each supported SIP domain on the system

Page 9: Lync Mobility Deployment

10/04/2023 Microsoft Unified Communications User Group London (MUCUGL) 9

New Reverse Proxy Rule

• To allow access from the outside for the mobile clients• It can be added to your

existing reverse proxy rule set for Lync

• Full Reverse Proxy setup steps on Adam’s imaucblog.com

• Port 80 required for httpdiscovery

Page 10: Lync Mobility Deployment

10/04/2023 Microsoft Unified Communications User Group London (MUCUGL) 10

Federation to Lync Online for Push

• New-CsHostingProvider –Identity "LyncOnline" –Enabled $true –ProxyFqdn "sipfed.online.lync.com" –VerificationLevel UseSourceVerification

• New-CsAllowedDomain –Identity push.lync.com –Comment “Mobile Push Notifications”

• Set-CsPushNotificationConfiguration –EnableApplePushNotificationService $true –EnableMicrosoftPushNotificationService $true

Page 11: Lync Mobility Deployment

10/04/2023 Microsoft Unified Communications User Group London (MUCUGL) 11

Summary: Mobility Service Deployment

• Cumulative Update 4 on all Servers• Mobility DNS Requirements• New FE listening ports and IIS changes• Install the MCX Service• Certificate Updates• Reverse Proxy Rule Update• Add Lync Online Federation for Push

Notifications

Page 12: Lync Mobility Deployment

10/04/2023 Microsoft Unified Communications User Group London (MUCUGL) 12

Handover to Justin

Page 13: Lync Mobility Deployment

Microsoft Unified Communications User Group London (MUCUGL) 1319/01/2012

Lync Mobile Sign-In ProcessInternal

1. Mobile device locates lyncdiscoverinternal.<SIPFQDN> record via internal DNS

2. External MCX URL is returned

3. Lync Mobile client communicates with external web service (4443 MCX virtual directory) by hair-pinning the reverse proxy

Page 14: Lync Mobility Deployment

Microsoft Unified Communications User Group London (MUCUGL) 1419/01/2012

Lync Mobile Sign-In ProcessExternal

1. Mobile device locates lyncdiscover.<SIPFQDN> record via external DNS

2. External MCX URL is returned

3. Lync Mobile client communicates with external web service (4443 MCX virtual directory) via the reverse proxy

Page 15: Lync Mobility Deployment

Microsoft Unified Communications User Group London (MUCUGL) 15

Lync Mobile Sign-In ProcessAuthentication and In-Band Provisioning

1. Web ticket request is made for a client certificate for authentication.

2. SIP REGISTER packet comes from the Lync Front End on the listening port e.g. 5087.

3. Do I have a mobility policy granted to me?4. In-band provisioning occurs:– Voicemail URI, ABS URL, dial plan, voice policy.

5. Contact list and contact cards are retrieved.

19/01/2012

Page 16: Lync Mobility Deployment

Microsoft Unified Communications User Group London (MUCUGL) 16

Top Mobile Client Issues

• Account details (domain\username) required if UPN is different to SIP URI e.g. UPN - [email protected] SIP URI – [email protected]

• Check EWS connectivity – requires same as desktop client.

• URL filtering in IM breaks push notifications.• McxStandalone.msi must be run using

Bootstrapper.19/01/2012

Page 17: Lync Mobility Deployment

Microsoft Unified Communications User Group London (MUCUGL) 17

Do I need lyncdiscoverinternal?

19/01/2012

• Mobile clients won’t trust your internal CA, who has a public certificate on their FEs?• Deploying root CA certificate to all mobile devices is unlikely to happen.• Solution: route all internal lyncdiscover.sipdomain traffic to the external interface

of the Reverse Proxy.

Page 18: Lync Mobility Deployment

Microsoft Unified Communications User Group London (MUCUGL) 18

Monitoring Performance of Mobility

• Why do we do this?– Ensuring we have the

capacity to support users.– Predicting when extra

capacity is required.• How do we do this?

– Can be monitored from within IIS -> Worker Processes.

– CsIntMcxAppPool and CxExtMcxAppPool CPU% should be under 15%

19/01/2012

Page 19: Lync Mobility Deployment

Microsoft Unified Communications User Group London (MUCUGL) 19

Questions?

19/01/2012

Sources: Brendan Carius - http://blog.kloud.com.au/2011/12/12/lync-2010-mobility-do-i-need-lyncdiscoverinternal/ http://blog.kloud.com.au/2011/12/12/lync-2010-mobility-sign-in-internals/


Recommended