Lync Mobility Deployment
Download as PPTX, PDF
2 likes4,481 views
This document discusses Lync mobility deployment, including: - A 7 step deployment process covering prerequisites, DNS, certificates, reverse proxy, and push notifications configuration. - An overview of the Lync mobile sign-in process, both internally and externally. - Common issues like account details mismatches and URL filtering breaking push notifications. - Best practices like monitoring CPU usage on the internal and external MCX application pools to ensure capacity. The presentation provides guidance on deploying Lync mobility services and configuring the necessary DNS, certificates, and other components to enable the Lync mobile client sign-in flow and functionality.
Lync Mobility Deployment
- 1. Lync Mobility Deployment Tom Arbuthnot Justin Morris Consultant, Modality Systems and Lync MVP Consultant, Modality Systems @tomarbuthnot @jm_deluxe http://www.lyncdup.com http://www.justin-morris.net tom.arbuthnot@modalitysystems.com justin.morris@modalitysystems.com
- 2. Agenda Step by Step Deployment Guide Prerequisites, DNS, Certificates Reverse Proxy, Push Notifications The Lync Mobile Sign-In Process Top 5 Issues Do I need lyncdiscoverinternal? Monitoring Performance of Mobility Questions 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 2
- 3. Mobility Service Deployment in 7 slides Cumulative Update 4 on all Servers Mobility DNS Requirements New FE listening ports and IIS changes Install the MCX Service Certificate Updates Reverse Proxy Rule Update Add Lync Online Federation for Push Notifications 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 3
- 4. Cumulative Update 4 First CU4 on all servers CU4 DB Update Install-CsDatabase -Update - ConfiguredDatabases -SqlServerFqdn <EEBE.Fqdn> -UseDefaultSqlPaths 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 4
- 5. DNS Requirements Lync Mobile uses two DNS records to discover the server to register to, lyncdiscover and lyncdiscoverinternal CNAME and Host (A) records are supported Internal DNS: Lyncdiscoverinteral.domain.com points to Lync pool/Director DNS record External DNS: Lyncdisover.domain.com, external (and reachable internal), points to External Reverse Proxy Lync discover returns proxy FQDN. This needs to be resolvable internally 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 5
- 6. New FE Listening Ports and IIS changes Set-CsWebServer -Identity lync.domain.com - McxSipPrimaryListeningPort 5086 Set-CsWebServer -Identity lync.domain.com - McxSipExternalListeningPort 5087 Re enable the topology to enact these IIS changes Enable-CsTopology There is also an additional IIS feature Requirement Import-Module ServerManager Add-WindowsFeature Web-Server, Web-Dyn- Compression 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 6
- 7. Install the MCX Service Download the McxStandalone.msi installation package and save it into the following existing directory on each Lync server where it will be installed. C:ProgramDataMicrosoftLync ServerDeploymentcache4.0.7577.0setup C:Program FilesMicrosoft Lync Server 2010DeploymentBootstrapper.exe 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 7
- 8. Certificate Updates Internal and External Internal FE certs Set-CsCertificate Type Default,WebServicesInternal,WebServicesExternal Thumbprint <Certificate Thumbprint> This will add the lyncdiscover and lyncdiscoverinternal names to the FE cert Externally, discovery can be done http(80) or https(443), if using https the external cert requires lyncdiscover.domain.com SAN name Both required for each supported SIP domain on the system 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 8
- 9. New Reverse Proxy Rule To allow access from the outside for the mobile clients It can be added to your existing reverse proxy rule set for Lync Full Reverse Proxy setup steps on Adams imaucblog.com Port 80 required for http discovery 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 9
- 10. Federation to Lync Online for Push New-CsHostingProvider Identity "LyncOnline" Enabled $true ProxyFqdn "sipfed.online.lync.com" VerificationLevel UseSourceVerification New-CsAllowedDomain Identity push.lync.com Comment Mobile Push Notifications Set-CsPushNotificationConfiguration EnableApplePushNotificationService $true EnableMicrosoftPushNotificationService $true 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 10
- 11. Summary: Mobility Service Deployment Cumulative Update 4 on all Servers Mobility DNS Requirements New FE listening ports and IIS changes Install the MCX Service Certificate Updates Reverse Proxy Rule Update Add Lync Online Federation for Push Notifications 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 11
- 12. Handover to Justin 20/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 12
- 13. Lync Mobile Sign-In Process Internal 1. Mobile device locates lyncdiscoverinternal.<SIP FQDN> record via internal DNS 2. External MCX URL is returned 3. Lync Mobile client communicates with external web service (4443 MCX virtual directory) by hair- pinning the reverse proxy 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 13
- 14. Lync Mobile Sign-In Process External 1. Mobile device locates lyncdiscover.<SIPFQDN> record via external DNS 2. External MCX URL is returned 3. Lync Mobile client communicates with external web service (4443 MCX virtual directory) via the reverse proxy 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 14
- 15. Lync Mobile Sign-In Process Authentication and In-Band Provisioning 1. Web ticket request is made for a client certificate for authentication. 2. SIP REGISTER packet comes from the Lync Front End on the listening port e.g. 5087. 3. Do I have a mobility policy granted to me? 4. In-band provisioning occurs: Voicemail URI, ABS URL, dial plan, voice policy. 5. Contact list and contact cards are retrieved. 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 15
- 16. Top Mobile Client Issues Account details (domainusername) required if UPN is different to SIP URI e.g. UPN - justin.morris@contoso.int SIP URI justin.morris@contoso.com Check EWS connectivity requires same as desktop client. URL filtering in IM breaks push notifications. McxStandalone.msi must be run using Bootstrapper. 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 16
- 17. Do I need lyncdiscoverinternal? Mobile clients wont trust your internal CA, who has a public certificate on their FEs? Deploying root CA certificate to all mobile devices is unlikely to happen. Solution: route all internal lyncdiscover.sipdomain traffic to the external interface of the Reverse Proxy. 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 17
- 18. Monitoring Performance of Mobility Why do we do this? Ensuring we have the capacity to support users. Predicting when extra capacity is required. How do we do this? Can be monitored from within IIS -> Worker Processes. CsIntMcxAppPool and CxExtMcxAppPool CPU% should be under 15% 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 18
- 19. Questions? Sources: Brendan Carius - http://blog.kloud.com.au/2011/12/12/lync-2010-mobility-do-i-need-lyncdiscoverinternal/ http://blog.kloud.com.au/2011/12/12/lync-2010-mobility-sign-in-internals/ 19/01/2012 Microsoft Unified Communications User Group London (MUCUGL) 19