Professional Documents
Culture Documents
Module Overview
Conferencing and External Capabilities of Lync Server 2013
Planning for IM and Presence Federation Designing Edge Services
Gateway
Lync Server 2013 XMPP Federation XMPP Federation - Architecture Usage Control through Policies Security in Conferencing and External Scenarios
Web Conferencing
Audio Conferencing
ACP Integration
(online only)
PIC 1
PIC 2
Windows Live
US East
XMPP Federation Lync Pool 1 (Runs XMPP GW)
Lync Edge (Runs XMPP Proxy) Outbound & Inbound External XMPP Fed Route
Fabrikam.com
US West
Lync Pool 3 (Runs XMPP GW) Lync Edge (Runs XMPP Proxy)
Google Talk
adatum.com
IM & P (SIP)
Lync FE Pool
OWA IM & P
Exchange 2013
Address Book DLX, Photo (Web)
Reverse proxy
media Evaluate the need for anti-malware solutions Avoid deployment of Edge Servers in an internal domain Deploy the Edge Server between an internal firewall and an external firewall Lock down Edge Servers for additional security Evaluate the need for anonymous or federated access
Internet
Perimeter Network
Internal Network
Reverse Proxy
Front End
Designing Interoperability in Lync Server 2013 Federation with PIC (MSN/Skype) Public IM Connectivity (PIC) provisioning process
XMPP (Jabber/Google Talk) XMPP Proxy/Gateway Third Party Presence Engines Supports federation with Third Party Presence Engines
Microsoft
provides access
3. You will be notified and then the provisioning process for each
Scenario
Presence IM peer-to-peer IM conferencing Collaboration A/V peer-to-peer
XMPP
+ + X X X
A/V conferencing
File transfer
+
+
+
+
X
X
+
X
X
X
* For PIC A/V peer-to-peer support, you must use the new version of Windows Live Messenger.
Internal Firewall
TO CORP NET
TO INTERNET
TO PERIMETER
INTERNET
CORP NET
XMPP/TCP/5269
HTTP/80
DNS/53 SIP/TLS/443 SIP/MTLS/5061 Access Edge External IP Edge Internal IP WebCon Edge External IP Media Authentication Service XMPP/TCP/23456 SIP/MTLS/5061 PSOM/MTLS/8057 SIP/MTLS/5062 STUN/UDP/3478 STUN/TCP/443 HTTPS/4443 Lync Server 2013 Single Consolidated Edge
AV Edge External IP
1:1 NAT Hardware Load Balanced Routable Ips DNS Load Balanced 1:1 NAT
Defining Filters File Filters You can use these filters to block certain types of files from entering your network URL Filters You can use these filters to block certain types of files from entering your network Client Versioning Filters You can use Client Versioning Filters to block and upgrade clients, so that you can ensure a certain minimum version level of your Lync Server 2013 clients in your organization
External DNS
External DNS External DNS External DNS External DNS External DNS
A: webconf.adatum.com
A: av.adatum.com A: rp.adatum.com A: dialin.adatum.com A: meet.adatum.com A: lyncdiscover.adatum.com
External user access to audio/video (A/V) sessions, application sharing, and conferencing
Mobile requests using automatic discovery of Web Service Persistent Chat Web Services for File Upload/Download
Exchange Web Services You can deploy private certificates for all internal Lync Server 2013 roles, and for the internal interface of Lync Server Edge servers When deploying an internal certificate authority, a key item that you need to configure is CRL download locations When deploying public certificates, you need to consider a few items such as CRL download locations and root certificate support
Other Certificate Usage Scenarios In a Lync Server 2013 infrastructure, the following use certificates:
Survivable Branch Appliances (SBAs) Web Services
SBA Provisioning
1. 2. 3.
SBA gets a certificate installed on it and uses it for client authentication SBA looks at the SIP domain part of the SIP URI of the client attempting to register and compares it to the installed certificate If the domain part of the SIP URI matches a domain that is present in the SBA certificate, the client is allowed to register to the SBA
2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.