Desmond LeeSenior Consultantwww.leedesmond.comEmail/SIP Address: [email protected]
Deployment Best Practices
Rich, immersive, robust, scalable, secured comm-unications and collaborative platform administered through a single management infrastructureEmpower people to keep in touch in a single, unified client interface anytime and anywhere
Instant Message and PresenceA/V ConferencingDesktop / Application SharingWhiteboard and PollingFile TransferEnterprise VoiceFederation and integration with other products
Lync Server 2010Quick Overview
Agenda
Before You StartLync Concepts ExplainedOWA/Lync IntegrationVirtualizationClient-side Story
Agenda
Before You StartEnvironment ReadinessCollocation ScenariosField Notes
Software RequirementsLync Server Roles
Windows Server 2008 SP2Windows Server 2008 R2Windows Server 2008 R2 SP1PowerShell v2.0
SQL Server BackendSQL Server 2005 SP3SQL Server 2008 SP1SQL Server 2008 R2
Admin Tools & Core Components
Windows 7Vista SP2PowerShell v2.0SQL Server 2008 Management Studio Express
AD Forest/Domain LevelWindows Server 2003
nativeWindows Server 2008Windows Server 2008 R2Global Catalog per AD site
Note: All server components require 64-bits / x64 platform only
OS Component Prerequisites.NET Framework 3.5 SP1
An update for the .NET Framework 3.5 Service Pack 1 is available (KB959209)FIX: You cannot open an XPS document by using the Microsoft XPS Viewer on a Windows Vista x64 edition-based computer that has .NET Framework 3.5 SP1 installed (KB967190)A memory leak occurs in a .NET Framework 2.0-based application that uses the AesCryptoServiceProvider class (KB981575)
IIS 7.x role servicesAnonymous Authentication (default)Static ContentDefault DocumentHTTP ErrorsASP.NET.NET ExtensibilityInternet Server API (ISAPI) ExtensionsISAPI FiltersHTTP LoggingLogging ToolsTracingClient Certificate Mapping AuthenticationWindows AuthenticationRequest FilteringStatic Content CompressionIIS Management Console /IIS Management Scripts and Tools
Note: All server components require 64-bits / x64 platform only
OS Component PrerequisitesOthers
Visual C++ 2008 Redistributable run-timeSQL 2005 Back Compatibility moduleRemote Server Administration Tools (RSAT)Silverlight 4Windows Media Format RuntimeWindows Firewall ON
Internal (Windows) PKI or public certificates
Monitoring/Archiving RolesSQL Server 2005 SP3
SQL Server 2008 SP1 or R2SQL Server Reporting ServicesSQL 2005/2008 Express EditionSQL Workgroup or Web EditionMessage Queuing (MSMQ)
Note: All server components require 64-bits / x64 platform only
• Message Queuing Server• Directory Service Integration
Security GroupsCSAdministratorRTCUniversalServerAdmins
Core*IM/PresenceA/V Conferencing ServerSQL Express database RTC instanceApplication Sharing
Can collocate withLync File share / storeMediation ServerMonitoring Server**Archiving Server**
Collocation not SupportedDirector
Lync Edge ServerReverse proxy (TMG)Exchange UM roleDomain controller
Supported Standalone / PoolMediation Server
Monitoring ServerArchiving ServerMonitoring/Archiving ServerLync Edge ServerDirector
Server CollocationStandard Edition
* required; cannot be separated ** test environment only
Core*IM/PresenceApplication Sharing
Can collocate withA/V Conferencing ServerMediation Server
Collocation not Supported Director
Lync Edge ServerReverse proxyExchange UM roleSQL Server database backendLync File share / store**Domain controller
Supported Standalone / PoolA/V Conferencing Server
Mediation ServerBE for FE + Monitoring + Archiving + separate database instance on BE (both Monitoring & Archiving)Monitoring/ArchivingLync Edge ServerDirector
Server CollocationEnterprise Edition
* required; cannot be separated ** DFS supported
Field NotesActive Directory
DNS / AD replicationRepadmin*AD Replication Monitor utility (Replmon.exe)** dcdiag / dnscmd / dnslintnetdiag / nltest / nslookup / pathping
Pending Changes / RebootGroup Policy Object (GPO)Software Update – SCCM, WSUS, etc.Hardware changesSysprep OOBE “Generalize” (duplicate SID)
* Windows Server 2008 or newer ** Windows Server 2003 Support Tools
Multi-DomainRun Install-CsAdServerSchema and Enable-CsAdForest before preparing sub/domain(s)Run Enable-CsAdDomain in every domain where users will be Lync-enabledLync FE Pool not required in child domain (deploy and home in root domain)Keep default Lync universal security groups in Users OU
Field NotesActive Directory
Environment Readiness CheckGet-CsAdServerSchema #SCHEMA_VERSION_STATE_CURRENTGet-CsAdForest #LC_FORESTSETTINGS_STATE_READYGet-CsAdDomain #LC_DOMAINSETTINGS_STATE_READY
Execute in Lync Server Management ShellCheck / Load Lync PowerShell Module
Get-ModuleModuleType Name ExportedCommands---------- ---- ----------------Manifest Lync {Clear-CsDeviceUpdateFile, Get-CsCertif...Import-Module Lync
Active Directory Domain Services Reference (Lync)http://technet.microsoft.com/en-us/library/gg398379.aspx
Field NotesActive Directory
Lync à la Communicator Web Access (CWA)Lync Web AppLync Web Attendee ConsoleOutlook Web App (Exchange Server 2010 / SP1)CWA can register and work against Lync Server 2010 FE (without R2 pool)
Prepare AD Schema with OCS 2007 R2 media prior to that for LyncDeploy Lync FE pool and prepare CWA serverCreate OCS 2007 R2 Virtual Web Server (internal/external)Install OCS WMI Backwards Compatibility tool (ocswmibc.msi)Merge-CSLegacyTopology and publish topologyLegacy components appear under BackCompatSite node in TB(Get-CSTrustedApplication)
Field NotesWindows Server 2008 R2 SP1
Windows Server 2008 R2 SP1 Update No known issues updating Windows Server 2008 R2 RTM to SP1 running LyncDynamic memory in Hyper-V R2 not validated with Lync Server 2010 workloads
Server Virtualization in Microsoft Lync Server 2010http://go.microsoft.com/fwlink/?linkid=211394
Windows Media Format RuntimeRequired to deploy Lync conferencing featuresMust install from command prompt via dism.exe before running Lync setupLync Server 2010 Setup or Remove Lync Components fails on Windows Server 2008 R2 SP1http://support.microsoft.com/kb/2522454
Field NotesCertificates Request & Assignment
Field NotesCertificates Request & Assignment
Field NotesSQL Database
Run “Prepare single Standard Edition Server”If rolling out Lync SE as the first pool in the deployment*Not essential for subsequent SE poolsEnterprise Edition Pool needs full backend SQL instance deployed*
* Central Management Store (CMS) to hold topology document
Field NotesSQL Database
SqlExpressRtc Failed InstallationChecking prerequisite SqlExpressRtc...Installation result: -2068578304Error: Prerequisite installation failed: SqlExpressRtcDetailsType: PrereqInstallFailedStack Trace in Microsoft.Rtc.Internal.Tools.Bootstrapper.BootstrapperTask.AddMsiPrereq(String prereqName)in Microsoft.Rtc.Management.Internal.Utilities.LogWriter.InvokeAndLog[T](Action`1 action, T arg)
Field NotesSQL Database
SqlExpressRtc Failed InstallationComplete any pending reboot on machineConflict with existing SQL Express installationSQLEXPR_x64.exe /Q /HIDECONSOLE /ACTION=Install /FEATURES=SQLEngine,Tools /INSTANCENAME=RTC /TCPENABLED=1 /SQLSVCACCOUNT="NT AUTHORITY\NetworkService" /SQLSYSADMINACCOUNTS="Builtin\Administrators" /BROWSERSVCSTARTUPTYPE="Automatic" /AGTSVCACCOUNT="NT AUTHORITY\NetworkService" /SQLSVCSTARTUPTYPE=Automatic
How to troubleshoot SQL Server 2008 Setup issueshttp://support.microsoft.com/kb/955396
Field NotesSQL Database
No NTFS compression volumesSQL server / cluster
1 SQL BE can only map to 1 Lync Enterprise FE Pool*OCS and Lync can use the same SQL BE (default 1433 dynamic/static port conflict)**
Database Re-locationStop all Lync ServicesDetach SQL databasesMove files (*.mdf, *.ldf)Re-attach SQL databasesStart stopped Lync Services
* even with distinct SQL instances ** existing OCS db will be dropped if new instance is not created for Lync
Field NotesSQL Server 2008 R2
Supported databasesLync Server Front-EndMonitoring and Archiving
Database Software and Clustering Support (Lync)*http://technet.microsoft.com/en-us/library/gg398990.aspx
Not supportedGroup Chat databases
* may not be updated yet to reflect latest Microsoft supportability stance
Agenda
Lync Concepts Explained
Central Management StoreDeployment ModelConfiguration settings v.s. Policy
Central Management StoreCentral Management Database
Stores Topology, Policies and Configuration data as XML documentsOne single master CMD (xds) per deployment(RTC instance)
ReplicaEach Lync Server maintains a copy (replica xds) of the master CMD (local SQL Express instance RTCLOCAL)Continues to function without access to the master CMD
Central Management ServiceRuns on one Front-End pool per deploymentReplicates changes of policies/configuration toall topology nodes (including Edge via HTTPS)
Deployment ModelGlobal deployment is a collection of SitesSites are made of Pools or ServicesPools host users & services (such as IM/Presence, conferencing, VoIP)Policy Resolution Order: User > Pool > Site > Global
Pools
Sites
Global Microsoft
Zurich
Wallisellen Enge
Redmond
Bellevue
Configuration Settings vs. PoliciesConfiguration Settings
Refer to data or information that Lync Server depends on to operate and function properly in the environmentStored in the Central Management Store (CMS)Applied at the global, site or service scopeAll services or computers are subjected to the same settings without exception.For example, each and every Address Book server in a pool (service scope) must synchronize with Active Directory at the same defined frequency.
Configuration Settings vs. PoliciesPolicies
Deployed to manage behaviors and privileges associated with Cs-enabled usersA policy can be applied at the global, site, service or per-user scopeIf a “setting” can be applied to a user, then it is classified as a policy, as configuration settings cannot be applied to individual users by definition.For example, executives in an organization can be exempted from a global conferencing policy that limits the number of participants by having their own “executive policy” at the per-user scopeContinues to function without access to the master CMD
Field NotesCentral Management Store
“Local machine is not present in the local configuration store”
Use FQDN to describe machine name*Check CMS replication status
Get-CsConfigurationStoreLocation #server.domain.com\RTCRemove-CsConfigurationStoreLocation #removes entry in ADSet-CsConfigurationStoreLocation -SqlServerFqdn <Lync FE FQDN>
-SqlInstanceName RTC # or publish topology in TBGet-CsManagementStoreReplicationStatus
UpToDate : FalseReplicaFqdn : <Lync FE FQDN>LastStatusReport : 29.04.2011 19:19:12LastUpdateCreation : 29.04.2011 19:19:09ProductVersion : 4.0.7577.0
Invoke-CsManagementStoreReplication -Verbose* no single labelled name even for workgroup computers
Field NotesCentral Management Store
1 FE servers in the pool is designated as the active masterWrites occur on the active master where changes are propagated to replicasFind out which Front-End server is the active master
Get-CsManagementStoreReplicationStatus –CentralManagementStoreStatusLastUpdatedOn : 30.04.2011 15:13:27ActiveMasterFqdn : lyncFE.swissitpro.chActiveMasterLastHeartBeat : 02.05.2011 00:03:55ActiveFileTransferAgentFqdn : lyncFE.swissitpro.chActiveFileTransferAgentLastHeartBeat : 02.05.2011 00:03:55ActiveReplicas : {lyncFE.swissitpro.ch}DeletedReplicas { }
Field NotesCentral Management Store
-ReplicaFqdn targets specific replicaGet-CsManagementStoreReplicationStatusInvoke-CsManagementStoreReplication
ResiliencyDeploy Lync Enterprise Front-End PoolBackup CMS regularly: Export-CsConfiguration -Filename <file.zip>File Storage Supporthttp://technet.microsoft.com/en-us/library/gg399073.aspx
Lync Backup/RestoreLync Backup Instructionshttp://blogs.technet.com/b/uc_mess/archive/2011/03/17/lync_2d00_server_2d00_2010_2d00_backup_2d00_instructions.aspx
Agenda
Outlook Web App and Lync Server 2010 Integration
Pre-requisitesExchange Server 2010 SP1Download and Install components on CAS
Microsoft Office Communications Server 2007 R2 Web Service Providerhttp://www.microsoft.com/downloads/en/details.aspx?familyid=CA107AB1-63C8-4C6A-816D-17961393D2B8&displaylang=en
Unified Communications Managed API 2.0 Redist (64 Bit) Hotfix KB 2501720 *http://www.microsoft.com/downloads/en/details.aspx?FamilyID=1F565A42-71D2-4FBD-8AE0-4B179E8F02AB
CWAOWASSP.msi (v3.5.6907.57 or higher)OCS 2007 R2 Web Service Provider Hotfix KB 981256http://www.microsoft.com/downloads/en/details.aspx?FamilyID=45C94403-39FA-44D3-BE23-07F25A2D25C7
CWAOWASSP.msp (v3.5.6907.202)* version 3.5.6907.215 or later
Integration WalkthroughGet-CsSite #retrieves site ID N
New-CsTrustedApplicationPool-Identity <E14 CAS FQDN>-Registrar <Lync FE FQDN> -Site N-RequiresReplication $false-ThrottleAsServer $true-TreatAsAuthenticated $true
Get-CsTrustedApplicationPoolGet-CsTrustedApplicationComputer
Integration WalkthroughNew-CsTrustedApplication*
-ApplicationId SITPUGExchangeOWA #choose a suitable name
-TrustedApplicationPoolFqdn <E14 CAS FQDN>-Port nnnn #unique in trusted app
pool
Enable-CsTopology -v
Get-ExchangeCertificate #pick entry with service IIS
Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InstantMessagingType OCS -InstantMessagingEnabled:$true -InstantMessagingCertificateThumbprint <thumbprint>-InstantMessagingServerName <Lync FE FQDN>
iisreset* creation of a Trusted Application is needed if Exchange Server 2010 SP1 CAS role is not collocated on same server as the UM role
Integration Outcome
Field NotesOWA & Lync Server 2010 Integration
“Instant Messaging isn’t available right now. The Contact List will appear when the service becomes available”
Get-CsManagementStoreReplicationStatus #look for UpToDate = TrueInvoke-CsManagementStoreReplication -Verbose
Field NotesOWA & Lync Server 2010 Integration
“Instant Messaging isn’t available right now. The Contact List will appear when the service becomes available”
Verify that CN in certificate issued to IIS service on CAS matches <E14 CAS FQDN> in New-CsTrustedApplicationPool and New-CsTrustedApplicationOutlook Anywhere maybreak (RPC over HTTP)
Agenda
VirtualizationServer VirtualizationClient Virtualization
Workloads / ModalitiesIM/PresenceA/V ConferencingApplication SharingEnterprise Voice (Mediation Server)Supports up to 2000 users per virtualized SE with 100 concurrent A/V conference users
Server RolesLync Edge Server*Monitoring Server*Archiving Server*Director (must be physical)
Server VirtualizationStandard Edition
* must be on a different physical host machine than the one hosting the SE server
Hardware Requirements CPU 2.26GHz or higher with
at least 4 cores per VM running a Lync Server roleRAM of 16 GB+ per VMSAS Drive of 500 GB+2 x 1 Gbps NIC adapters
NotePhysical host virtualization platform = Hyper-V R2 or VMware ESX 4.xLync VMs must run Windows Server 2008 R2Must apply KB981836 on physical Hyper-V R2 host and all VMs
Server VirtualizationStandard Edition
Workloads / ModalitiesIM/PresenceA/V ConferencingApplication SharingEnterprise Voice (Mediation Server)Supports up to 5000 users per virtualized EE FE Server with 125 concurrent A/V conference users
Server RolesFrond End ServerA/V Conferencing ServerDirectorLync Edge Server*Monitoring ServerArchiving ServerMediation ServerSQL Backend Database
Server VirtualizationEnterprise Edition
* must be on a different physical host machine than the one hosting the other Lync server roles
Hardware Requirements CPU 2.26GHz or higher with
at least 4 cores per VM running a Lync Server roleRAM of 16 GB+ per VMSAS Drive of 500 GB+2 x 1 Gbps NIC adapters
NotePhysical host virtualization platform = Hyper-V R2 or VMware ESX 4.xLync VMs must run Windows Server 2008 R2Must apply KB981836 on physical Hyper-V R2 host and all VMs[optional] SCVMM andSCOM with Lync ServerManagement Pack
Server VirtualizationEnterprise Edition
Field NotesServer Virtualization
Run only on supported physical host virtualization platformApply recommended hotfixes/patches on Hyper-V R2 host and guest VMsUpdate Hyper-V R2 Integration Services to match version on hypervisor hostUse synthetic network adapterDedicated 1Gbps network link for Live MigrationLync Best Practice Analyzer / Planning Tool
Session VirtualizationAka “Full Desktop Remoting” or “Application Remoting”Remote Desktop Services (RDS)Citrix XenApp
Virtual Desktop InfrastructureAka “Full Desktop
Remoting”RDS-VDI*Citrix XenDesktop
Client VirtualizationAt a Glance
* Microsoft VDI Standard Suite, Microsoft VDI Premium Suite
Application VirtualizationAka “Application Streaming”Microsoft App-VCitrix XenApp
Supported ClientsLync 2010Lync 2010 Group Chat
Unsupported ClientsLync 2010 AttendeeLync 2010 Attendee ConsoleLync Web App
Client VirtualizationSupport Statement
Vendor SupportMicrosoft
Remote Desktop Services 6.1.x (RDP 7.1) on Windows Server 2008 R2App-V 4.6.1053
CitrixXenDesktop 4.0.4522.0 (Provisioning Server 5.1 SP2)XenApp 6.0.0.0 on Windows Server 2008 R2
Note: Alll Lync clients are supported on each vendor’s virtualization environment except Lync 2010 Group Chat which is not supported using App-V and XenApp
Client VirtualizationModalities Support – Lync 2010 Client
Virtualized Environment
Audio Video Recording
Desktop/ App / White-board Sharing
Power-Point Sharing
Full Desktop Remoting
Yes* No No Yes Yes
Application Remoting
No No No No (WB sharing supported)
No
Application Streaming
Yes Yes Yes Yes Yes
* only through pairing of desk phones running Lync 2010 Phone Edition with USBR
Agenda
Client-side StoryLync Client UpdateUnified Store / EWSMobile devices
Lync Client Update
No Updates FoundGA on Windows Update / WSUS expected May 2011
Unified StoreExchange Web Services
Unified StoreExchange Web Services
Fixes Issues in Lync 2010 ClientExchange connectivity (infamous red bang message)Empty, stale partial conversation and phone historyPartial or missing contactsCannot share desktop, application, whiteboard or polling
Unified StoreExchange Web Services – Reverse Proxy (TMG)
www.testocsconnectivity.comrecite.microsoft.comwww.testexchangeconnectivity.com
Unified StoreExchange Web Services – Certificate
Mobile DevicesToday and Beyond
Fuze MessengerFree 3rd party product (FuzeBox)Integrated access to common IM solutions in one single clientCWA or BlackBerry Enterprise Server 5.0 SP3 not essentialIM/Presence, Contact SearchSupports iPhone and Blackberry
Mobile DevicesToday and Beyond
Lync Mobile LP clientFree Microsoft product (unsupported)Require Lync LP Server application backendIM/Presence, Lync audio calls, Contact SearchSupports Windows Phone 7
Private CloudSystem Center Server Platform
Design, Configure & Deploy
Data Protection & Recovery
Virtualize, Deploy & Manage
Monitor & Manage Service End to End
IT Service Management
Q&A
References
Visit www.microsoft.com/lync for more Lync Server 2010 product informationFind additional Lync Server 2010 content in the Technical Library, weekly technical articles at NextHop, Lync PowerShell and followDrRez on TwitterView related Unified Communications (UNC) Content at TechEd OnlineTechNet Lync / OCS Community Forum (English, Deutsch)MVP and IT community blogs, RSS feeds
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.