Lync Online Hybrid Deep DiveChristopher WallickCommunications Architect Enterprise Communications Center of Excellence
OFC-B341
What is Lync Hybrid?Deployment OverviewRequirements for Deploying Lync HybridConfiguring Lync HybridConfiguring and Deploying users from Online to On-premisesLync Hybrid in multi-forest AD
Agenda
Some users homed on-premises and some onlineUsers share the same domain (Lync split domain)Integration with other Office 365 applications
What is Lync Hybrid?
Lync Online
Lync On-Premises
Contoso.com
Contoso.com
Why you may deploy Lync Hybrid?
Enable Existing Lync On-Premises customers to move to Microsoft Office 365
Enable New customers to get Lync services through a combination of on-premise and cloud
Lync Hybrid coexistence topologies
ContosoActive Directory
Lync Server 2013
OCS 2007 R2
Lync Edge Server 2013
OCS 2007 R2 + Lync Server 2013
Lync Hybrid coexistence topologies
Contoso ContosoActive Directory Active Directory
Lync Server 2013
OCS 2007 R2
Lync Edge Server 2013 Lync Edge Server 2010
Lync Server 2010
Lync Server 2013 Admin Tools
OCS 2007 R2 + Lync Server 2013
Lync Server 2010 + Lync Server 2013
Lync Server 2010 February 2013 Cumulative Updates applied.
Lync Hybrid coexistence topologies
Contoso Contoso ContosoActive Directory Active Directory Active Directory
Lync Server 2013
OCS 2007 R2
Lync Edge Server 2013 Lync Edge Server 2010
Lync Server 2010
Lync Server 2013 Admin Tools
Lync Server 2013
Lync Edge Server 2013
OCS 2007 R2 + Lync Server 2013
Lync Server 2010 + Lync Server 2013
Lync Server 2013
Lync Server 2010 February 2013 Cumulative Updates applied.
Deployment process overview
Office 365 tenant.
Setup Active Directory Sync.
Deploy Active Directory Federation Services (AD FS) 2.0.
Deployment process overview
Office 365 tenant.
Setup Active Directory Sync.
Enable Federation within your Office 365 tenant.
Deploy Active Directory Federation Services (AD FS) 2.0.
Deployment process overview
Office 365 tenant.
Setup Active Directory Sync.
Enable Federation within your Office 365 tenant.
Deploy Active Directory Federation Services (AD FS) 2.0.
Setup Lync Hybrid.
Deployment process overview
Office 365 tenant.
Setup Active Directory Sync.
Enable Federation within your Office 365 tenant.
Deploy Active Directory Federation Services (AD FS) 2.0.
Setup Lync Hybrid.
Move users to Lync Online.*
Or move users from Online to On Prem
Office 365 TenantTenant running Lync Online 2013.
Appropriate Office 365 plan.- Lync Plan 3- E3 (includes Lync
Plan 3)
Domain verified.
http://office.microsoft.com/en-us/office365-suite-help/add-your-domain-to-office-365-HA102818660.aspx?CTT=5&origin=HA102851067
DirSyncAdd Alternate UPN Suffix to Active DirectoryMatch On-Premise UPN with Office 365 UPNActivate directory synchronizationInstall Windows Azure Active Directory Sync tool
http://technet.microsoft.com/en-us/library/jj151831
DirSyncAdd Alternate UPN Suffix to Active DirectoryMatch On-Premise UPN with Office 365 UPNActivate directory synchronizationInstall Windows Azure Active Directory Sync tool
http://technet.microsoft.com/en-us/library/jj151831
AD FS 2.0 (SSO)AD FS 2.0AD FS 2.0 Proxy (for users connecting from outside company’s network)
Windows Server 2012 - AD FS role service
http://technet.microsoft.com/en-us/library/jj151786
Contoso
Active Directory
AD FS Proxy
DMZ
AD FS
AD FS 2.0 (SSO)AD FS 2.0AD FS 2.0 Proxy (for users connecting from outside company’s network)
Windows Server 2012 - AD FS role service
Install Windows Azure Active Directory Module for Windows PowerShellEstablish trust relationship between AD FS 2.0 server and Office 365
Don't forget to match On-Premises UPN with Office 365 UPN
http://technet.microsoft.com/en-us/library/jj151786
Contoso
Active Directory
AD FS Proxy
DMZ
AD FS
Trust
Convert-MsolDomainTo Federated –DomainName contoso.com
Lync Server 2013 On-Premises
OCS 2007- Not supported
OCS 2007 R2- Requires Lync
Server 2013 On-Premises
- Front End and Edge
Lync Server 2013 On-Premises
OCS 2007- Not supported
OCS 2007 R2- Requires Lync
Server 2013 On-Premises
- Front End and Edge
Lync Server 2010- Requires Lync
Server 2013 Administrative Tool
- Lync Server 2010 Ferbruary 2013 Comulative Update
Lync Server 2013 On-Premises
OCS 2007- Not supported
OCS 2007 R2- Requires Lync
Server 2013 On-Premises
- Front End and Edge
Lync Server 2013- No additional
requirements
Lync Server 2010- Requires Lync
Server 2013 Administrative Tool (No Lync 2013 Pools or Edges)
- Lync Server 2010 February 2013 Comulative Update
Enable Federation in Office 365
Enable Federation in Office 365 tenantDomain matching must be configured the same for on-premises deployment and Office 365 tenant
Enable Federation in Office 365Enable Federation in Office 365 tenantDomain matching must be configured the same for on-premises deployment and Office 365 tenantBlocked/Allowed domains list in on-premises deployment must exactly match list for online tenantFederation must be enabled for external communications for online tenant
Setup Lync Hybrid• Configure Lync 2013 Edge Server for
FederationSet-CsAccessEdgeConfiguration -UseDnsSrvRouting -AllowOutsideUsers 1 -AllowFederatedUsers 1 -EnablePartnerDiscovery 1
Setup Lync Hybrid• Configure Lync 2013 Edge Server for
FederationSet-CsAccessEdgeConfiguration -UseDnsSrvRouting -AllowOutsideUsers 1 -AllowFederatedUsers 1 -EnablePartnerDiscovery 1
• Federate with Office 365Set-CsHostingProvider -Identity LyncOnline -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification –AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root
Setup Lync Hybrid• Configure Lync 2013 Edge Server for
FederationSet-CsAccessEdgeConfiguration -UseDnsSrvRouting -AllowOutsideUsers 1 -AllowFederatedUsers 1 -EnablePartnerDiscovery 1
• Federate with Office 365Set-CsHostingProvider -Identity LyncOnline -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification –AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root
• Configure Office 365 tenant for split-domainRequires a support request (used to not anymore)
Move Users to Lync Online• Assign license to users in Office 365
• Locate hosted migration service URLhttps://admin0a.online.lync.com/HostedMigration/hostedmigrationservice.svc
Move Users to Lync Online• Assign license to users in Office 365
• Locate hosted migration service URLhttps://admin0a.online.lync.com/HostedMigration/hostedmigrationservice.svc
• Move on-premises user to Lync Online tenant
$creds=Get-CredentialMove-CsUser -Identity [email protected] -Target sipfed.online.lync.com -Credential $creds -HostedMigrationOverrideUrl <URL>
Migration User DataContact list, Groups , ACLs.Voice: User-level call routing capabilities
Not MigratedOnline meetings must be rescheduled; tool to help with meeting reschedulingMeeting content
Client MigrationLync Client 2013 required for users migrated to Lync Online from Lync ServerFor OCS 2007 R2 environments, move user to a Lync 2013 pool (& Lync 2013 client) prior to migration
What Gets Migrated?Source
IM/P Meetings Voice
OCS 2007 R2 l l l
Lync Server 2010
l l l
Lync Server 2013
l l l
http://www.microsoft.com/en-us/download/confirmation.aspx?id=41656
Customer deploy Lync Online before Lync On premiseBefore you start moving Lync Online users to your on-premises environment must be fully deployedYour Lync Online tenant must be configured for remote PowerShell Access
Move Users from Lync Online to Lync On-premise
http://technet.microsoft.com/en-us/library/dn689117.aspx
RequirementsLync On-premises is fully deployedLync Online Tenant must be configured for remote PowerShell AccessLync Online must be configured for Shared SIP Address Space
Migrating Lync Online users to Lync On-Premises
Migrating Online users to On-premises Organization is configured for hybridVerify On-Premises Edge Servers have a certificate chain that enables connection to Lync Onlinehttps://corp.sts.microsoft.com/Onboard/ADFS_Onboarding_Pack/corp_sts_certs.zip
Enable users in On-Premises ADRun DirSync to sync the Lync Online users with the updated Lync on-premises users.
Migrating Lync Online users to Lync On-Premises
Migrating Online users to On-premises Update some DNS records to direct all SIP traffic to Lync OnlineUpdate the lyncdiscover.contoso.com A record to point to the FQDN of the on-premises reverse proxy server.Update the _sip._tls.contoso.com SRV record to resolve to the public IP or VIP address of the Access Edge service of Lync on-premises.Update the _sipfederationtls._tcp.contoso.com SRV record to resolve to the public IP or VIP address of the Access Edge service of Lync on-premises.If you use Split-brain DNS make sure the users are resolving names through the internal DNS zone are directed to the Front End Poolmake sure that the HostingProviderProxyFQDN is set to "sipfed.online.lync.com" and that the SIP addresses are set correctly.
Migrating Lync Online users to Lync On-Premises
Validate Migrated User Properties Get-CsUser | fl DisplayName,HostingProvider,SipAddress,Enabled
Migrating Lync Online users to Lync On-Premises
Active Directory attribute Attribute name Correct value for
Lync Online user Correct value for Lync on–premises users
msRTCSIP-DeploymentLocator HostingProvider sipfed.online.lync.com SRV:
msRTCSIP-PrimaryUserAddress SIPAddress sip:userName@contoso
.comsip:[email protected]
sRTCSIP-UserEnabled Enabled True True
Lync Server, Lync Online: IM/Presence
Feature Lync Server
Lync Online
Rich presence ü üPeer-to-Peer Audio/Video Calling ü ü
Click to Communicate—Office integration ü ü
Mobility Clients—Windows Phone, Android, iOS ü ü
MAC Client ü ü
Federation with Lync/Lync Online ü ü
Skype Interop ü ü
XMPP Gateway ü
Persistent Chat ü
Federation with Yahoo/AOL ü
Lync Server, Lync Online: Meetings Feature Lync
ServerLync Online
Multi-Party PC Audio/Video ü ü
Ad-hoc meetings, Scheduled Meetings ü ü
Desktop Sharing, Application Sharing, Power Point ü ü
Rich Client for Meetings ü ü
Mobile Clients for Meetings ü ü
Rich Client for Meetings ü ü
Reach Client for Meetings ü ü
PSTN Dial-in in Meetings ü With ACP Partners
Meeting Size 1000 250
Lync Server, Lync Online: VoiceFeature Lync Server /
Lync Split domain on-premise users
Lync Split domain- Online Users
Peer-to-Peer & PSTN calling, Emergency Dialing, Voice Mail ü
Call hold, Transfer, Forwarding, Delegation & Team Calling ü
IP Phones, USB Peripherals & Mobile call via work ü Direct SIP Interoperability with on-premises PBX ü Private Line, Common Area Phones ü Analog Devices, Enhanced 911 ü Call Parking, Unassigned Number Handling ü Call Center Integration & Response Groups ü Network Resiliency, Call Admission Control ü
Lync Hybrid Features Support Matrix Lync and
Sharepoint hybrid
Supported Note Supported Note SupportedView presence or IM a contact in OutlookSchedule and join meeting through OutlookView presence or IM a contact in Outlook Web AccessView presence or IM a contact in Lync Mobile ClientJoin meeting from Lync Mobile Client
Modify Contact List (via Unified Contact Store in Exchange)
Lync Server 2013 and Exchange only. A Lync 2013 client is required.
View or Modify Contact Photo in Lync Web App Lync Server 2013 Only
Delegate schedules meeting on-behalf of Boss * Exchange 2013 Only
Archiving meeting content Lync Server 2013 only
Searching archived meeting content Lync Server 2013 only
Leaving or retreiving voicemailPublish status based on Outlook calendar free/busyMissed Conversations history and Call Logs are written to user’s exchange mailboxSchedule meeting through Outlook Web AccessView presence or IM a contact in SharepointSearch contact by skill keyword
* Supported only when both users are homed online in the same forest or both are homed on-premises.
Customer scenarioLync Online and
Exchange On-PremLync On-Prem and Exchange Online
Multi-Forest overview
Contoso
Active Directory Active Directory
Fabrikam
Most common scenarios:• Multiple Accounts Forest• Resource Forest
Multi-Forest overview
Contoso
Active Directory Active Directory
Fabrikam
Most common scenarios:• Multiple Accounts Forest• Resource Forest
DirSync tool can only sync ONE AD Forest
FIM for Multi-forest scenario
Contoso
Active Directory Active Directory
Fabrikam
FIM
Only FIM Synchronization ServiceFIM Service & FIM Portal NOT requiered
FIM Connector for Windows AAD
Contoso
Active Directory Active Directory
Fabrikam
FIM
Windows Azure Active Directory Connector for FIM
2010 R2
http://technet.microsoft.com/en-us/library/dn511001(v=ws.10).aspx
ResourcesLearning
Microsoft Certification & Training Resourceswww.microsoft.com/learning
msdnResources for Developers
http://microsoft.com/msdn
TechNetResources for IT Professionals
http://microsoft.com/technet
Sessions on Demandhttp://channel9.msdn.com/Events/TechEd
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.