Succeed with Lync, BYOD and WiFi

Ståle Hansen

Lync MVP

Chief Technical Architect

When you do telephony, Lync will become a

true productivity tool

@StaleHansen

The Lync 2013 mobile client works on

Microsoft, Apple and Android operating systems

and is a strong solution for those

enterprises seeking a UC and telephonyclient for their mobile devices.

Gartner 2014

Gartner Magic Quadrant for Corporate Telephony 2014

http://www.gartner.com/technology/reprints.do?id=1-23HXCI1&ct=141022&st=sb @StaleHansen

Clients report poor call quality,

dropped calls and system

outages in implementations that didn't

use a Lync integrator

Gartner 2014

Gartner Magic Quadrant for Corporate Telephony 2014

http://www.gartner.com/technology/reprints.do?id=1-23HXCI1&ct=141022&st=sb @StaleHansen

LAN Wi-Fi

Bring Your Own Device (BYOD)

Choose Your Own Device

Bring Your Own Disaster

@StaleHansen

Users expect good

performance in meeting

spaces

Users consume the network in

a different way today than

yesterday

Challenge

@StaleHansen

Salesforce Marketing Cloud – 2014 Mobile Behavior Reporthttp://www.exacttarget.com/sites/exacttarget/files/deliverables/etmc-2014mobilebehaviorreport.pdf

GoalHelp you meet the expectations of mobile users

Succeed with Lync, BYOD and WiFi

• Understand Lync Mobile media flow

• Make sure logon is simple

• Do unmanaged devices correct

• Optimize WiFi for Lync

• Evaluate security and authentication

@StaleHansen

Ståle Hansen

@StaleHansen

KNOW HOW LYNC MOBILE MEDIA

FLOW WORKS

@StaleHansen

Lync mobile sign in

• Lyncdiscoverinternal.domain.com

• Lyncdiscover.domain.com

• Lync Mobile is an UCWA application

• Will always connect to external web services

– Internal UCWA and Externa UCWA attributes is reserved for future use

@StaleHansen

Sign in process

@StaleHansen

Media Path Enterprise Voice

@StaleHansen

Media Path Enterprise Voice

@StaleHansen

Lyncdiscoverinternal and certificates

• Lyncdiscoverinternal pointing to Lync Front-End

• If internal PKI is used

• Unmanaged clients typically don’t trust Root CA

• iOS clients will sign in fine

• Android clients will give a redirect warning

• Windows Phone will not be able to sign in– Use public certificates on Front-End Server

– Or point lyncdiscover or lyncdiscoverinternal to external reverseproxy

@StaleHansen

MAKE SURE LOGON IS SIMPLE

@StaleHansen

User name should match

mail address

NetBIOS sign in is legacy

@StaleHansen

@StaleHansen

msunified\stahanse

stale.hansen@msunified.net

EXCHANGE WEB SERVICES (EWS)

Do it right

@StaleHansen

THE CHALLENGE, ON-PREMISES

Outlook works perfectly with Exchange

Using SCP records to locate autodiscover

Lync client is introduced, no exchange integration works

@StaleHansen

Lync use DNS-based discovery

method• http://<smtpdomain>/autodiscover/autodiscover.xml

• https://<smtpdomain>/autodiscover/autodiscover.xml

• http://autodiscover.<smtpdomain>/autodiscover/autodiscover.xml

• https://autodiscover.<smtpdomain>/autodiscover/autodiscover.xml

• _autodiscover._tcp.<smtpdomain>

@StaleHansen

MAPI fallback when EWS fails• Exchange delegation information (MAPI only)

• Missed Conversations history and Call Logs are written – Retrieving conversation history fails

• Voice Mail count only

• Exchange integrated Archiving will work

Major failures• Presence update based on calendar

• Presence based on Out of Office messages

• All mobile clients fail to connect to Exchange

@StaleHansen

Features available only with EWS• Unified Contact Store

• High-Resolution Photos

• Meeting tab

• Contact Information

• Presence based on Calendar Information

• Conversation History– Missed Conversations

– Missed Calls

• Voice Mail Playback

@StaleHansen

That is why we Lync folk care about

Exchange Web Services

@StaleHansen

Best Practice publishing EWS• DNS A Record for autodiscover.domain.com

– SRV is supported, but not recommended

– Multidomain? Use HTTP redirect

• Publish using NTLM, no pre-authentication– EWS and autodiscover

– Avoids authentication pop-up for EWS

• No need to Set-AutodiscoverVirtualDirectory– Should point to HLB with correct autodiscover

certificate

@StaleHansen

DO UNMANAGED DEVICES CORRECT

@StaleHansen

access and placement

@StaleHansen

@StaleHansen

Policybased access

Clearpass onboarding and network

authentication

@StaleHansen

1.

2.1.

3.

4.

5.

6.

7.

8.

OPTIMIZE WIFI FOR LYNC

@StaleHansen

access vs quality

@StaleHansen

WiFi• Signal Strength

• Lync quality

performance

WiFi problem areas

• Shared medium

• Limited band selection in 2.4 GHz band

• Was designed for none-real time data

usage

• Deployed for access, not throughput

@StaleHansen

How to optimize for voice over WiFi

• WiFi tag Lync voice traffic with DSCP value– Through heuristic approach, deep packet inspection and guestimates

– Use QoS to prioritize Lync voice traffic

– Great for unmanaged devices

• Move to 802.11n and 5ghz or 802.11ac

• High-density AP deployments– Closer to users

• Fast inter-AP handover support– All venderos stress end to end optimization

– Endpoint -> WiFi -> LAN -> WAN -> LAN -> WiFi -> Endpoint

@StaleHansen

End to end optimization

@StaleHansen

No handover from WiFi to cellular

@StaleHansen

Validate your WiFi network with Ixia

• Discovery Phase– Understand what network environment exists

– Understand user modalities

• Modeling Phase– Determine Lync utilization per AP

• Traffic Simulation– Using a Lync Traffic simulator, connect clients and apply real traffic to

production network and monitor factors that affect the quality of Lync traffic: delay, jitter, and packet loss

• Report– Analyze factors affecting quality and produce a full report with

recommendations

@StaleHansen

Validate your network

• Network Stats (RSSI, PHY)

– Target & other networks

– HTTP speed test

• Lync results per location

– By traffic class (voice, video)

– By client

EVALUATE SECURITY AND

AUTHENTICATION

@StaleHansen

Pre-authorization in DMZ

Lync is not built in that manner

today

@StaleHansen

Challenges

• Lync clients need to authenticate directly

• Native passive authentication breaks

exchange

@StaleHansen

Passive authentication

• Supported on WP8 and iOS

• Works only with Lync, breaks Exchange

Web Services

– Meetings environment

– Voice Mail environment

– UCS will still work through the Lync Server

@StaleHansen

• A number of third parties can sit in the HTTP flow/Reverse Proxy Role and add additional Security– Restrict sign in to selected devices

– Authenticate specific devices to specific users

– Use dedicated “lync mobile” credentials so that AD credentials to not sit on the phone

• Vendors include– PointSharp

– Lync Solutions

– LyncShield

@StaleHansen

PointSharp

• Lync reverse proxy

• App specific password

• Device control

• User identity

• Pre-authentication

• 2-factor auth

@StaleHansen

MediaLync Web ServicesPointSharp Web ServicesExchange Web Services

GoalHelp you meet the expectations of mobile users

OPTIMIZE WIFI FOR LYNC AND

UNMANAGED DEVICES

@StaleHansen

Want happy users?

Let’s discuss

@StaleHansen

Thank you!Remember to evaluate the sessions

@StaleHansen