chapter 08 planning for virtualization monitoring archiving

8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving

1/50

Chapter 8: Planning for Virtualization,

Archiving, Monitoring, and Manageability

Microsoft Lync Server 2010

Published: May 2011


2/50

This document is provided as-is. Information and views expressed in this document, includingURL and other Internet Web site references, may change without notice.

Some examples depicted herein are provided for illustration only and are fictitious. No real

association or connection is intended or should be inferred.

This document does not provide you with any legal rights to any intellectual property in any

Microsoft product. You may copy and use this document for your internal, reference purposes.Copyright 2011 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, ActiveSync, ActiveX, DirectX, Excel, Forefront, Groove, Hyper-V,

Internet Explorer, Lync, MSDN, MSN, OneNote, Outlook, PowerPoint, RoundTable, SharePoint,

Silverlight, SQL Server, Visio, Visual C++, Visual Studio, Windows, Windows Live, Windows

Media, Windows PowerShell, Windows Server, and Windows Vista, are trademarks of the

Microsoft group of companies. All other trademarks are property of their respective owners.


3/50

Contents

Planning for Virtualization, Management, and Other Features ....................................................1

Running in a Virtualized Environment......................................................................................1

Role-Based Access Control......................................................................................................6

Planning for Simple URLs ......................................................................................................29

Preventing New Connections to Lync Server 2010 ................................................................31

Planning for Archiving ................................................................................................................33

Overview of Archiving .............................................................................................................33

Defining Your Requirements for Archiving ..............................................................................34

Components and Topologies for Archiving ......................................................................... ....36

Technical Requirements for Archiving ................................................................................... .38

Archiving Deployment Overview .............................................................................................40

Planning for Monitoring ..............................................................................................................43


4/50

Planning for Virtualization, Management, andOther FeaturesThis section explains the features related to manageability of Microsoft Lync Server

2010 communications software.

In This Section

Running in a Virtualized Environment

Role-Based Access Control

Planning for Simple URLs

Preventing New Connections to Lync Server 2010

Running in a Virtualized EnvironmentMicrosoft Lync Server 2010 supports virtualization topologies that support all Lync Server 2010

workloadsinstant messaging (IM) and presence, conferencing, Enterprise Voice, Monitoring

Server, and Archiving Server. Windows Server 2008 R2 is required. Lync Server virtualization

supports Hyper-V and equivalent virtualization platforms. This section briefly discusses the

virtualization support. For more details, see http://go.microsoft.com/fwlink/?LinkId=211394.

Supported Topologies

You can mix physical and virtual servers in your deployment, with only the following restrictions:

You cannot mix different types of servers within the same pool. All servers within the

same pool must either be physical or virtual. For these purposes, Front End Servers and SQL

Servers running the back-end database are considered to be separate, meaning that you can

have virtual Front End Servers using a physical back-end database.

This is the only limitation to mixing physical and virtual servers. You could have one Front

End pool of physical servers and another of virtual servers. And you can deploy different

pools and servers as either physical or virtual in any combination.

All servers within one pool should provide about the same performance. For example, if

you have virtual Front End Servers in one pool being hosted on different host servers, you

should make sure each virtual Front End Server is capable of a similar level of performance.

If you are deploying a large amount of virtualized servers across different host servers, you

should consider spreading out the members of one pool across different host servers. Forexample, in a pool of eight virtual Front End Servers, deploy four on one physical host and four

on another. While this is not a true high-availability solution, it does provide some protection if a

single host server fails.

1
http://go.microsoft.com/fwlink/?LinkId=211394http://go.microsoft.com/fwlink/?LinkId=211394http://go.microsoft.com/fwlink/?LinkId=211394


5/50

Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability

Recommended Host Server Configurations

The following table shows the recommended base hardware for a host server.

Component Recommendation

Server Enterprise-grade server, with a minimum of two

CPU sockets

CPU Intel Xeon 5500 series or AMD Opteron 6100

series, 2 Gigahertz or greater, recommended

for best performance. Support of nested page

tables (NPT) or extended page tables (EPT) is

recommended.

Network adapter Two or more 1GbE or 10 GbE adapters. Virtual

Machine Queue (VMQ) is recommended.

Storage Two or more serial advanced technology

attachment (SATA) or serial attached SCSI

(SAS) hard disk drive, 10k rpm or higher direct

attach storage (DAS), or equivalent storage.

RAID 1 or equivalent SSD.

Memory At least 32 GB. PC2-6400 double data rate

(DDR2) or PC3-8500 DDR3 is recommended.

Both the physical host servers and all virtual servers must run Windows Server 2008 R2 with the

software update described in Microsoft Knowledge Base article 981836, "Network connectivity for

a Windows Server 2003-based Hyper-V virtual machine is lost temporarily in Windows Server

2008 R2," at http://go.microsoft.com/fwlink/?LinkId=201212.

Note:

You must run this update on both the physical host server and all virtual machines, even

though the Microsoft Knowledge Base article states otherwise.

2
http://go.microsoft.com/fwlink/?LinkId=201212http://go.microsoft.com/fwlink/?LinkId=201212


6/50


Networking Considerations

Lync Server provides real-time communications, and depends on fast and efficient networking. If

a packet is delayed by as little as a few milliseconds, users might detect an audio glitch,

experience a delayed call, or frozen video. To improve the network performance of your

virtualized topology, you should do the following:

The host must have at least one network adapter dedicated to the virtual machines

running Lync Server roles. Sharing a network adapter with the host or with a storage area

network (SAN) is not recommended.

Note that a Lync Server workload that includes media (Front End Servers and A/V

Conferencing Servers) can reach a peak network utilization of more than 500 Mbps.

If one host server is running multiple guest virtual servers that each run Lync Server

media workloads, ensure that the host network adapter can handle the traffic. To prevent

bottlenecks, consider a higher speed network adapter (such as 10 GbE) or multiple network

adapters using link aggregation.

Enable virtual LAN (VLAN) tagging on the network adapter, and implement multiple

VLANs on the virtual servers to optimize network traffic.

Implement multi-path I/O (MPIO) to your back-end database.

Use network adapters enabled for Virtual Machine Queue (VMQ). VMQ is a virtualization

technology for the efficient transfer of network traffic to a virtualized operating system. VMQ

allows the VMs to filter the queue of packets within the network adapter, resulting in improved

efficiency of network traffic. If you use these network adapters, you can enable VMQ for each

virtual machine using the hypervisors management console.

Virtual Server Scaling

To provision enough virtual servers for your needs, use the following table to compare

recommended scalability of physical and virtual specifications for Lync Server 2010 roles.

Server role Physical Virtual

CPU Memory Number of

users

supported

CPU Memory Number of

users

supported

Front End

Server, allworkloads

8 cores 16 GB 10,000 4 cores 16 GB 5,000

Front End

Server, IM and

presence only

8 cores 16 GB 25,000 4 cores 16 GB 12,500

Standard

Edition server,

8 cores 16 GB 5,000 4 cores 16 GB 2,000

3


7/50


Server role Physical Virtual

all workloads

Standard

Edition server,

IM and

presence only

8 cores 16 GB 10,000 4 cores 16 GB 10,000

Director 4 cores 4 GB 20,000 2 cores 3 GB 8,000

Monitoring

Server and/or

Archiving

Server

8 cores 16 GB 100,000 or

more

4 cores 8 GB 100,000

A/V

ConferencingServer

8 cores 16 GB 20,000 4 cores 12 GB 10,000

Mediation

Server (stand-

alone server)

8 cores 16 GB 800

concurrent

calls

4 cores 10 GB 400

concurrent

calls

Edge Server 8 cores 16 GB 15,000 4 cores 8 GB 7,500

Survivable

branch server

2 cores 2 GB 1,000 2 cores 2 GB 1,000

Back-end

database

8 cores 32 GB 80,000 4 cores 16 GB 40,000

Monitoring and

Archiving

Database

8 cores 16 GB 230,000 4 cores 12 GB 115,000

File Server 4 cores 4 GB 80,000 2 cores 3 GB 40,000

Managing Your Virtual Environment

We recommend you use Microsoft System Center Virtual Machine Manager (VMM) to manage

your virtualized Lync Server topology.

By using VMM, you do not need to use Terminal Services or Remote Desktop Services for the

virtual machine management. Additionally, by using VMM you can view and manage

performance, and other components such as disk space. You can also save a virtual machine as

a template for creating new instances.

VMM uses Windows PowerShell, so you can create VMM Windows PowerShell scripts that

integrate with Lync Server Management Shell to manage Lync Server.

4


8/50


For details about VMM, see the System Center Virtual Machine Manager website at

http://go.microsoft.com/fwlink/?LinkId=202887.

Getting Started Using VMM

To get started using VMM to manage your virtualized Lync Server topology, do the following:1. In VMM, create a new host group named LS 2010.

2. In the Actions pane, click Add Host.

3. If your virtual environment is part of your Active Directory domain, select that option.

Otherwise, select the Windows Server-based host on a perimeter network, and click Next.

4. Install a VMM Agent on the host server. If the host server is on a perimeter network, you

must create a security key, which must then be available to the VMM Administrative Console.

5. Go back to the VMM Administrative Console and click Add Host.

6. Specify the machine name and the domain/machine name and security key, making sure

that VMM can find the host, and then click Next.

7. After the host has been added, the four virtual machines should be available. In the VMM

Administrative Console, click the Virtual Machines button.

8. You will now see the Virtual Machines view, with the four virtual machines running Lync

Server listed.

Using System Center Operations Manager

You can use Microsoft System Center Operations Manager (formerly Microsoft Operations

Manager) to monitor your virtualized topology, just as you can with a physical topology. If you do

so, install System Center Operations Manager R2 first, add the Lync Server Operations Manager

pack, and then integrate it with VMM.

For details about integrating System Center Operations Manager with VMM, see "How to

Integrate Operations Manager with VMM 2008 R2" at http://go.microsoft.com/fwlink/?

LinkId=201214.

5
http://go.microsoft.com/fwlink/?LinkId=202887http://go.microsoft.com/fwlink/?LinkId=201214http://go.microsoft.com/fwlink/?LinkId=201214http://go.microsoft.com/fwlink/?LinkId=202887http://go.microsoft.com/fwlink/?LinkId=201214http://go.microsoft.com/fwlink/?LinkId=201214


9/50


Role-Based Access Control

To enable you to delegate administrative tasks while maintaining high standards for security,

Microsoft Lync Server 2010 communications software introduces role-based access control(RBAC). With RBAC, administrative privilege is granted by assigning users to predefined

administrative roles. Lync Server 2010 includes a rich set of built-in administrative roles, and you

can assign user groups to these roles.

Better Server Security and Centralization

In previous versions of Office Communications Server, administrative rights were defined very

broadly, and users with administrative access for a server running Lync Server could make many

types of changes. With RBAC, access and authorization is based more precisely on a user s Lync

Server role. This enables greater use of the security practice of "least privilege," granting

administrators and users only the rights that are necessary for their job.

Important:

RBAC restrictions work only on administrators working remotely, using either the Lync

Server Control Panel or Lync Server Management Shell. A user sitting at a server running

Lync Server is not restricted by RBAC. Therefore, physical security of your Lync Server is

important to preserve RBAC restrictions.

Roles and Scope

In RBAC, a role is a list of cmdlets defined by Lync Server, designed to be useful for a certain

type of administrator or technician. A scope is the set of objects which the cmdlets defined in a

role can operate on. The objects that scope affects can be either user accounts (grouped by

organizational unit) or servers (grouped by site).

The following table lists the predefined roles in Lync Server 2010, and gives a general overview of

the types of tasks each can do. The fourth column shows the similar Microsoft Exchange Server

role for each Lync Server role, if there is one.

For a detailed list of exactly which cmdlets each role can run, see the tables later in this topic.

6


10/50


7


11/50


Predefined Administrative Roles

Role Tasks allowed Underlying Active Directory

Group

Exchange equivalent

CsAdministrator Can perform all administrative tasks

and modify all settings, including

creating roles and assigning users to

roles. Can expand a deployment by

adding new sites, pools, and services.

CS Administrators Organization Management

CsUserAdministrator Can enable and disable users for Lync

Server, move users and assign existing

policies to users. Cannot modify

policies.

CS User Administrators Mail Recipients

CsVoiceAdministrator Can create, configure, and manage

voice-related settings and policies.

CS Voice Administrators Not applicable.

CsServerAdministrator Can manage, monitor, and troubleshoot

servers and services. Can prevent new

connections to servers, stop and start

services, and apply software updates.

Cannot make changes with globalconfiguration impact.

CS Server Administrators Server Management

CsViewOnlyAdministrator Can view the deployment, including

user and server information, in order to

monitor deployment health.

CS View-Only

Administrators

View-Only Organization

Management

CsHelpDesk Can view the deployment, including

user's properties and policies. Can run

specific troubleshooting tasks. Cannot

CS HelpDesk HelpDesk

8


12/50


Role Tasks allowed Underlying Active Directory

Group

Exchange equivalent

change user properties or policies,

server configuration, or services.

CsArchivingAdministrator Can modify archiving configuration and

policies.

CS Archiving

Administrators

Retention Management, Legal

Hold

CsResponseGroupAdministrator Can manage the configuration of the

Response Group application within a

site.

CS Response Group

Administrators

Not applicable

CsLocationAdministrator Lowest level of rights for Enhanced 9-

1-1 (E9-1-1) management, including

creating E9-1-1 locations and network

identifiers, and associating these with

each other. This role is always

assigned with a global scope.

CS Location Administrators Not applicable

9


13/50


All predefined roles shipped in Lync Server have a global scope. To follow least privilege

practices, you should not assign users to roles with global scope if they are going to administer

only a limited set of servers or users. To accomplish this, you can create roles which are based

on the predefined roles, but with a more limited scope.

Creating a Role

When you create a role, you specify the scope, along with the existing role it is based on and the

Active Directory group to be assigned the role. The Active Directory group you specify must

already be created. The following cmdlet is an example of a creating a role with limited scope. It

creates a new role called Site01 Server Administrators. The new role has the abilities of

the predefined CsServerAdministrator role, but only for the servers located in the Site01 site. For

this cmdlet to work, the Site01 site must already be defined, and a security group named Site01

Server Administratorsmust already exist.

New-CsAdminRole -Identity "Site01 Server Administrators" -Template

CsServerAdministrator -ConfigScopes site:Site01"

After this cmdlet runs, all users who are members of the Site01 Server Administrators

group will have server administrator privileges for the servers in Site01. Additionally, any users

who are later added to this security group also gain the privileges of this role. Note that both the

role itself, and the security group it is assigned to are called Site01 Server

Administrators.

The following example limits user scope instead of server scope. It creates a Sales Users

Administrator role to administer the user accounts in the Sales organizational unit. The

SalesUsersAdministrator security group must already be created for this cmdlet to work.

New-CsAdminRole -Identity "Sales Users Administrator " -Template

CsUserAdministrator -UserScopes OU:OU=Sales, OU=Lync Tenants,

DC=Domain, DC=com"

A user can be given multiple RBAC roles by being added to the underlying Active Directory

groups that correspond to each role.

Note that when you create a role, users who are later added to the underlying Active Directory

group gain the abilities of that role.

Assigning Roles to Users

Each Lync Server role is associated with an underlying Active Directory security group, which is

created in Active Directory when you deploy Lync Server. Any users who you add to the

underlying group gain the abilities of that role.

The examples in the preceding section both created a new role and assigned a group to it. Toassign an existing role to one or more users, add those users to the group associated with the

role. You can add both individual users and security groups to these role groups.

For example, the CsAdministratorrole is automatically granted to the CS Administrators

security group in Active Directory. This security group is created in Active Directory when you

deploy Lync Server. To grant a user or group this privilege, you can simply add them to the CS

Administrators group.

10


14/50


Planning for RBAC

For each person who is to be given any kind of administrative rights for your Lync Server

deployment, consider exactly which tasks they need to perform, then assign them to roles with

the least privilege and scope necessary for their job.

Users who have the CsAdministrator role can create all types of roles, including roles based on

CsAdministrator, and assign users to them. The best practice is to assign the CsAdministrator

role to a very small set of trusted users.

Cmdlets Permitted for Predefined Roles

The following sections list the cmdlets that each predefined role is permitted to run.

CsAdministrator

The CsAdministrator role is permitted to run all cmdlets.

11


15/50


CsUserAdministrator

The CsUserAdministrator role is permitted to run the cmdlets in the following table.

Disable-CsUser

Enable-CsUser

Get-CsAdUser

Get-CsUserPoolInfo

Move-CsUser

Move-CsLegacyUser

Set-CsUser

Grant-CsClientPolicy

Grant-CsClientVersionPolicy

Grant-CsConferencingPolicy

Grant-CsDialPlan

Grant-CsExternalAccessPolicy

Grant-CsHostedVoicemailPolicy

Grant-CsLocationPolicy

Grant-CsPinPolicy

Grant-CsVoicePolicy

Get-CsArchivingPolicy

Get-CsClientPolicy

Get-CsClientVersionPolicy

Get-CsConferencingPolicy

Get-CsExternalAccessPolicy

Get-CsHostedVoicemailPolicy

Get-CsLocationPolicy

Get-CsPinPolicy

Get-CsVoicePolicy

Get-CsClientPinInfo

Unlock-CsClientPin

Lock-CsClientPin

Set-CsClientPin

Get-CsClientVersionConfiguration

Get-CsDialPlan

Get-CsSite

Get-CsComputer

Get-CsNetworkInterface

Get-CsPool

Get-CsService

Get-CsSipDomain

Revoke-CsClientCertificate

Get-

CsManagementStoreReplicationStatus

Get-CsAdContact

Get-CsUserAcp

Set-CsUserAcp

Remove-CsUserAcp

Get-CsArchivingConfiguration

Get-CsPresencePolicy

Grant-CsPresencePolicyGet-CsWindowsService

Get-CsPstnUsage

Get-CsRoutingConfiguration

Set-CsCommonAreaPhone

Remove-

CsCommonAreaPhone

Get-CsCommonAreaPhone

New-CsCommonAreaPhone

Move-CsCommonAreaPhone

Set-CsAnalogDevice

Move-CsAnalogDevice

Remove-CsAnalogDevice

Get-CsAnalogDevice

New-CsAnalogDevice

Move-CsExUmContact

Set-CsExUmContact

Remove-CsExUmContactGet-CsExUmContact

New-CsExUmContact

12


16/50


CsVoiceAdministrator

The CsVoiceAdministrator role is permitted to run the cmdlets listed in the following table.

Remove-CsNetworkSite

Remove-CsNetworkSubnet

Set-

CsNetworkBandwidthPolicyProfile

Set-CsNetworkInterRegionRoute

Set-CsNetworkInterSitePolicy

Set-CsNetworkRegion

Set-CsNetworkRegionLink

Set-CsNetworkSite

Set-CsNetworkSubnet

Get-

CsVoicemailReroutingConfiguration

Set-


Remove-


New-


Get-CsTrunkConfiguration

Set-CsTrunkConfiguration

Remove-CsTrunkConfiguration

New-CsTrunkConfiguration

Set-CsHostedVoicemailPolicy

Remove-

CsHostedVoicemailPolicy

New-CsHostedVoicemailPolicy

Test-CsP2PAV

New-CsAnalogDevice

Move-CsAnalogDevice

Get-CsAnalogDevice

Get-CsExUmContact

Set-CsExUmContact

Move-CsExUmContact

New-CsExUmContact


Remove-CsCommonAreaPhone

Remove-CsExUmContactSet-CsAnalogDevice




Test-CsVoiceNormalizationRule

Test-CsDialPlan

Test-CsVoiceRoute

Get-CsNetworkConfiguration

Set-CsRgsAgentGroup

Set- CSRgsHoursofBusiness

Set-CsRgsConfiguration

Set-CsRgsHolidaySet

Set-CsRgsQueue

Set-CsRgsWorkflow

Get-CsAdContact

Get-CsAdUser

Get-CsAudioTestServiceApplication

Get-

CsBandwidthPolicyServiceConfigur

ation

Get-CsClientPinInfo

Get-CommonAreaPhone

Get-CpsConfiguration

Get-

CsEnhancedEmergencyServiceDis

claimer

Get-CsLisCivicAddress

Get-CsLisLocation

Get-CsLisPort

New-CsMediaConfiguration

New-CsLocationPolicy

New-CsCpsConfiguration

New-


ation

New-CsRgsAnswer

New-CSRgsCallAction

New-CSRgsHoliday

New-CSRgsHolidaySet

New-CSRgsHoursOfBusiness

New-CSRgsQuestion

New-CSRgsQueue

New-CSRgsTimeRange

New-CSRgsWorkflow

New-CSRgsPrompt

New-CsRoutingConfiguration

New-CsVoiceRegex

Publish-CsLisConfiguration

Remove-


ation

13


17/50


Get-CsOutboundTranslationRule

Set-CsOutboundTranslationRule

Remove-

CsOutboundTranslationRule

New-CsOutboundTranslationRule

Get-CsPstnUsage

Set-CsPstnUsage

Get-CsVoiceRoute

Set-CsVoiceRoute

Remove-CsVoiceRoute

New-CsVoiceRoute


Set-CsRoutingConfiguration

Remove-CsRoutingConfiguration

Get-CsDialPlan

Set-CsDialPlan

Remove-CsDialPlan

New-CsDialPlan

Get-CsVoiceNormalizationRule

Set-CsVoiceNormalizationRule

Remove-

CsVoiceNormalizationRule

New-CsVoiceNormalizationRule

Get-CsVoicePolicy

Set-CsVoicePolicy

Test-CsVoicePolicy

Test-CsVoiceTestConfiguration

Test-CsVoiceUser

Test-CsTrunkConfiguration

Get-CsDeviceUpdateRule

Remove-CsDeviceUpdateRule

Approve-CsDeviceUpdateRule

Reset-CsDeviceUpdateRule

Restore-CsDeviceUpdateRule

Clear-CsDeviceUpdateFile

Clear-CsDeviceUpdateLog

Get-

CsDeviceUpdateConfiguration

Set-


New-


Remove-


Get-CsTestDevice

Set-CsTestDevice

New-CsTestDevice

Remove-CsTestDevice

Get-

CsManagementStoreReplication

Status

Get-CsLisServiceProvider

Get-CsLisSubnet

Get-CsLisSwitch

Get-CsLisWirelessAccessPoint


Get-CsMediaConfiguration


Get-CsQOEConfiguration

Get-PinPolicy

Get-CsRgsAgentGroup

Get-CsRgsHoursOfBusiness

Get-CsRgsConfiguration

Get-CsRgsHolidaySet

Get-CsRgsQueue

Get-CsRgsWorkflow

Get-CsUserPoolInfo

Get-CsUserPoolInfo

Get-CsWebServiceConfigurationGet-CsWindowsService

Grant-CsDialPlan

Grant-CsHostedVoicemailPolicy


Grant-CsVoicePolicy

Import-CsLisConfiguration

Import-CsRgsAudioFile

Remove-CsCpsConfiguration

Remove-


claimer

Remove-CsLisLocation

Remove-CsLisPort

Remove-CsLisServiceProvider

Remove-CsLisSubnet

Remove-CsLisSwitch

Remove-CsLisWirelessAccessPoint

Remove-CsLocationPolicy

Remove-CsMediaConfiguration

Remove-


Remove-CsNetworkConfiguration

Remove-CsQoEConfiguration

Remove-CSRgsAgentGroup

Remove-CSRgsHolidaySet

Remove-CSRgsHoursOfBusiness

Remove-CSRgsQueue

Remove-CSRgsWorkflow

Set-CsAudioTestServiceApplication

Set-


ation

Set-CsNetworkConfiguration

14


18/50


Remove-CsVoicePolicy

New-CsVoicePolicy

Get-CsVoiceTestConfiguration

Set-CsVoiceTestConfiguration

Remove-CsVoiceTestConfiguration

New-CsVoiceTestConfiguration

Get-CsVoiceConfiguration

Set-CsVoiceConfiguration

Remove-CsVoiceConfiguration

Get-CsUCPhoneConfiguration

Set-CsUCPhoneConfiguration

Remove-CsUCPhoneConfiguration

Get-


claimer

New-CsUCPhoneConfiguration


Test-CsLisCivicAddress

Test-CsLisConfiguration

Debug-CsLisConfiguration

Export-CsLisConfiguration

Test-CsLocationPolicy

Test-CsPhoneBootStrap

Test-CsPstnOutboundCall

Test-CsPstnPeerToPeerCall

Unlock-CsClientPin

Unpublish-CsLisConfiguration

Set-CsPstnGateway

Set-CsQoEConfiguation

Lock-CsClientPin

Move-CsApplicationEndpoint

Move-CsConferenceDirectory

Move-CsRgsConfiguration

New-CsRgsAgentGroup

New-CsQoEConfiguration

New-

CsNetworkMediaBypassConfigurati

on

New-CsNetworkBWPolicy

New-CsNetworkBWAlternatePath

Get-

CsSipResponseCodeTranslationRu

le

New-


le

Set-


le

Remove-


le

Set-CsMediationServer

Set-CsMediaConfiguration

Set-CsLocationPolicy

Set-CsLisWirelessAccessPoint

Set-CsLisSwitch

Set-CsLisSubnet

Set-CsLisServiceProvider

Set-CsLisPort

Set-CsLisLocation

Set-


claimer

Set-CsCpsConfiguration

Set-CsClientPin

CsServerAdministrator

The CsServerAdministrator role is permitted to run the cmdlets listed in the following table.

15


19/50


Get-CsApplicationEndpoint


Set-CsPresencePolicy

New-CsPresencePolicy

Remove-CsPresencePolicy

Get-CsWindowsService

Start-CsWindowsService

Stop-CsWindowsService

Get-CsCertificate

Get-CsAccessEdgeConfiguration

Get-CsAddressBookConfiguration

Get-CsAllowedDomain

Get-CsAnnouncement



Get-CsAVEdgeConfiguration

Get-

CsBandwidthPolicyServiceConfigurat

ion

Get-CsBlockedDomain

Get-CsCallParkOrbit

Get-CsCdrConfiguration

Get-CsClientPolicy



Set-CsAVEdgeConfiguration

New-CsAVEdgeConfiguration

Remove-CsAVEdgeConfiguration

Set-


ion

New-CsBandwidthPolicyServiceConfigurat

ion

Remove-


ion

Set-CsBlockedDomain

New-CsBlockedDomain

Remove-CsBlockedDomain

Set-CsCallParkOrbit

New-CsCallParkOrbit

Remove-CsCallParkOrbit

Set-CsCdrConfigurationNew-CsCdrConfiguration

Remove-CsCdrConfiguration

Set-CsClientPolicy

New-CsClientPolicy

Remove-CsClientPolicy

Set-CsClientVersionConfiguration

New-CsClientVersionConfiguration

New-CsNetworkInterSitePolicy

Remove-

CsNetworkInterSitePolicy

Set-CsNetworkRegion

New-CsNetworkRegion

Remove-CsNetworkRegion

Set-CsNetworkRegionLink

New-CsNetworkRegionLink

Remove-CsNetworkRegionLink

Set-CsNetworkSite

New-CsNetworkSite


Set-CsNetworkSubnet

New-CsNetworkSubnet


Set-


New-


Remove-


Set-CsPstnUsage

Set-CsPinPolicy

New-CsPinPolicy

Remove-CsPinPolicy

Set-CsPrivacyConfiguration

Test-CSLocationPolicy

Enable-CSPublicProvider

Disable-CSPublicProvider

Test-CSVoiceNormalizationRule

Test-CSVoicePolicy

Test-CSVoiceRoute

Test-CSVoiceTestConfiguration

Test-CsFederatedPartner

Test-CsGroupExpansion

Test-CsAddressBookService

Test-CsAddressBookWebQuery

Test-CsAVConference

Test-CsClientAuth

Test-CsDialInConferencing

Test-CsGroupIM

Test-CsIM

Test-CsPresence

Test-CsRegistrationTest-CsP2PAV

Test-CsPhoneBootstrap



Test-CsVoiceUser

Test-CsDialPlan


16


20/50


Get-CsConferenceDirectory

Get-CsConferenceDisclaimer

Get-CsConferencingConfiguration


Get-CsCpsConfiguration

Get-CsDeviceUpdateConfiguration


Get-CsDiagnosticConfiguration

Get-

CsDiagnosticHeaderConfiguration

Get-

CsDialInConferencingAccessNumber

Get-

CsDialInConferencingConfiguration

Get-

CsDialInConferencingDtmfConfigurat

ion

Get-

CsDialInConferencingLanguageListGet-CsDialPlan

Get-

CsEnhancedEmergencyServiceDiscl

aimer


Get-CsTrustedApplication

Get-CsTrustedApplicationEndpoint

Remove-

CsClientVersionConfiguration

New-CsConferenceDirectory

Remove-CsConferenceDirectory

Move-CsConferenceDirectory

Set-CsConferenceDisclaimer

Remove-CsConferenceDisclaimer

Set-CsConferencingConfiguration

New-CsConferencingConfiguration

Remove-

CsConferencingConfiguration

Set-CsConferencingPolicy

New-CsConferencingPolicy

Remove-CsConferencingPolicy

Set-CsCpsConfiguration

New-CsCpsConfiguration

Remove-CsCpsConfiguration

Set-CsDeviceUpdateConfiguration

New-CsDeviceUpdateConfiguration

Remove-


Remove-CsDeviceUpdateRule

Set-CsDiagnosticConfiguration

New-CsDiagnosticConfiguration

Remove-CsDiagnosticConfiguration

New-CsPrivacyConfiguration

Remove-

CsPrivacyConfiguration

Set-CsProxyConfiguration

New-CsProxyConfiguration

Remove-CsProxyConfiguration

Set-CsPublicProvider

New-CsPublicProvider

Remove-CsPublicProvider

Set-CsQoEConfiguration

New-CsQoEConfiguration

Remove-CsQoEConfiguration

Set-CsRegistrarConfiguration

New-CsRegistrarConfiguration

Remove-

CsRegistrarConfiguration

Set-CsRgsAgentGroup

New-CsRgsAgentGroup

Remove-CsRgsAgentGroup

Set-CsRgsHoursOfBusiness

Remove-

CsRgsHoursOfBusiness

New-CsRgsHoursOfBusiness



Clear-CsDeviceUpdateFile

Clear-CsDeviceUpdateLog

Get-CsAdContact

Get-CsAdminRole

Get-CsAdminRoleAssignment

Get-CsAdUser

Get-CsAnalogDevice

Get-

CsAudioTestServiceApplication

Get-CsClientCertificate

Get-CsClientPinInfo

Get-CsClientVersionPolicyRule




Remove-CsCommonAreaPhone



Get-

CsTrustedApplicationComputer

Get-CsTrustedApplicationPool

Get-CsUser

Get-CsUserAcp

Get-CsUserDatabaseState

Get-CsUserPoolInfo

17


21/50


Get-CsExUmContact

Get-CsFileTransferFilterConfiguration

Get-

CsHealthMonitoringConfiguration


Get-CsHostingProvider

Get-CsImFilterConfiguration



Get-CsLisLocation

Get-CsLisPort


Get-CsLisSubnet

Get-CsLisSwitch



Get-CsManagementConnection

Get-

CsManagementStoreReplicationStat

us


Get-CsMeetingConfiguration

Get-


Get-CsNetworkInterRegionRoute

Get-CsNetworkInterSitePolicy

Set-


New-


Remove-


Set-CsDialInConferencingAccessNumber

New-


Remove-


Set-


New-


Remove-


Set-

CsDialInConferencingDtmfConfiguration

New-


ion

Remove-


ion

Set-CsRgsHolidaySet

New-CsRgsHolidaySet

Remove-CsRgsHolidaySet

Set-CsRgsQueue

New-CsRgsQueue

Remove-CsRgsQueue

Set-CsRgsWorkflow

New-CsRgsWorkflow

Remove-CsRgsWorkflow

Set-CsRoutingConfiguration

New-CsRoutingConfiguration

Remove-

CsRoutingConfiguration

Set-CsServerApplication

New-CsServerApplication

Remove-CsServerApplication

Set-CsSimpleUrlConfiguration

New-CsSimpleUrlConfiguration

Remove-

CsSimpleUrlConfiguration

Set-CsSipDomain

New-CsSipDomain

Remove-CsSipDomain

Set-

CsStaticRoutingConfiguration

Import-CSAnnouncementFile

Import-CsConfiguration

Import-CSRgsAudioFile

Export-CsConfiguration

Invoke-

CsManagementStoreReplication

Move-CsApplicationEndpoint

New-CsAnalogDevice

Move-CsAnalogDevice

New-CsClientPolicyEntry

New-CsClientVersionPolicy

New-CsClientVersionPolicyRule

New-CsDiagnosticsFilter

New-CsIssuedCertId

New-CsNetworkBWAlternatePath

New-CsNetworkBWPolicy

New-

CsNetworkMediaBypassConfigur

ation

New-CSRgsAnswer

New-CSRgsCallAction

New-CSRgsHoliday

New-CSRgsQuestion

New-CSRgsTimeRange

New-CSRgsPrompt

18


22/50


Get-CsNetworkRegion

Get-CsNetworkRegionLink

Get-CsNetworkSite

Get-CsNetworkSubnet



Get-CsPstnUsage

Get-CsPinPolicy

Get-CsPrivacyConfiguration

Get-CsProxyConfiguration

Get-CsPublicProvider

Get-CsQoEConfiguration

Get-CsRegistrarConfiguration

Get-CsRgsAgentGroup



Get-CsRgsHolidaySet

Get-CsRgsQueueGet-CsRgsWorkflow


Get-CsServerApplication

Get-CsSimpleUrlConfiguration

Get-CsSipDomain

Get-CsStaticRoutingConfiguration

Get-CsTestDevice

Set-CsDialPlan

New-CsDialPlan

Remove-CsDialPlan

Set-

CsEnhancedEmergencyServiceDiscl

aimer

Remove-CsEnhancedEmergencyServiceDiscl

aimer

Set-CsExternalAccessPolicy

New-CsExternalAccessPolicy

Remove-CsExternalAccessPolicy

Set-CsTrustedApplication

New-CsTrustedApplication

Remove-CsTrustedApplication

Set-CsTrustedApplicationEndpoint

New-CsTrustedApplicationEndpoint

Remove-

CsTrustedApplicationEndpointSet-CsExUmContact

New-CsExUmContact

Move-CsExUmContact

Remove-CsExUmContact

Set-CsFileTransferFilterConfiguration

New-

CsFileTransferFilterConfiguration

New-


Remove-


Set-CsTestDevice

New-CsTestDevice

Remove-CsTestDevice

Set-CsTrunkConfiguration

New-CsTrunkConfiguration

Remove-CsTrunkConfiguration

Set-CsUCPhoneConfiguration

New-CsUCPhoneConfiguration

Remove-

CsUCPhoneConfiguration

Set-

CsUserReplicatorConfiguration

New-


Remove-CsUserReplicatorConfiguration

Set-

CsUserServicesConfiguration

New-


Remove-


New-CsSimpleUrl

New-CsSimpleUrlEntry

New-CsSipProxyCustom

New-CsSipProxyRealm

New-CsSipProxyTCP

New-CsSipProxyTLS

New-CsSipProxyTransport

New-CsSipProxyUseDefault

New-CsSipProxyUseDefaultCert

New-CsStaticRoute

New-


New-CsTrustedApplicationPool

New-CsVoiceRegex

New-CsWebTrustedCACertificate


ReMove-CsClientVersionPolicy

ReMove-

CsClientVersionPolicyRule

ReMove-CsNetworkConfiguration

ReMove-


ReMove-

CsTrustedApplicationPool

Set-CsAnalogDevice

Set-CsApplicationServer

19


23/50




Get-CsUserReplicatorConfiguration

Get-CsUserServicesConfiguration

Get-CsUnassignedNumber


Get-



Get-CsVoicePolicy

Get-CsVoiceRoute


Get-CsWebServiceConfiguration

Get-CsComputer

Get-CsPool

Get-CsService

Get-CsSite

Get-CsTopology


Set-CsAccessEdgeConfiguration

Set-CsAddressBookConfiguration

New-CsAddressBookConfiguration

Remove-

CsAddressBookConfiguration

Set-CsAllowedDomain

Remove-


Set-CsHealthMonitoringConfiguration

New-


Remove-

CsHealthMonitoringConfigurationSet-CsHostedVoicemailPolicy

New-CsHostedVoicemailPolicy

Remove-CsHostedVoicemailPolicy

Set-CsHostingProvider

New-CsHostingProvider

Remove-CsHostingProvider

Set-CsImFilterConfiguration

New-CsImFilterConfiguration

Remove-CsImFilterConfiguration

Set-CsLisLocation


Set-CsLisPort

Remove-CsLisPort

Set-CsLisServiceProvider

Remove-CsLisServiceProvider

Set-CsLisSubnet

Remove-CsLisSubnet

Set-CsLisSwitch

Set-CsUnassignedNumber

New-CsUnassignedNumber

Remove-

CsUnassignedNumber

Set-CsVoiceConfiguration

Remove-CsVoiceConfiguration

Set-

CsVoicemailReroutingConfigur

ation

New-


ation

Remove-


ation

Set-CsVoiceNormalizationRule

New-


Remove-


Set-CsVoicePolicy

New-CsVoicePolicy

Remove-CsVoicePolicy

Set-CsVoiceRoute

New-CsVoiceRoute

Remove-CsVoiceRoute

Set-


Set-

CsCallParkServiceMusicOnHoldF

ile

Set-CsClientVersionPolicy

Set-CsClientVersionPolicyRuleSet-CsConferenceServer

Set-CsDirector

Set-CsEdgeServer

Set-CsManagementServer

Set-CsMediationServer

Set-CsMonitoringServer

Set-CsNetworkConfiguration

Set-CsPstnGateway

Set-CsRegistrar

Set-CsSite

Set-CsTrustedApplicationPool

Set-CsUserDatabaseState

Set-CsUserServer

Set-CsWebServer

Update-CsAddressBook

Update-CsUserDatabase

Get-

CsSipResponseCodeTranslation

Rule

20


24/50


New-CsAllowedDomain

Remove-CsAllowedDomain

Set-CsAnnouncement

New-CsAnnouncement

Remove-CsAnnouncement

Remove-CsLisSwitch



Set-CsLocationPolicy

New-CsLocationPolicy

Remove-CsLocationPolicy

Set-CsManagementConnection

Remove-CsManagementConnection

Set-CsMediaConfiguration

New-CsMediaConfiguration

Remove-CsMediaConfiguration

Set-CsMeetingConfiguration

New-CsMeetingConfiguration

Remove-CsMeetingConfiguration

Set-


New-


Remove-


Set-CsNetworkInterRegionRoute

New-CsNetworkInterRegionRoute

Remove-

CsNetworkInterRegionRoute

Set-CsNetworkInterSitePolicy

Set-CsVoiceTestConfiguration

New-CsVoiceTestConfiguration

Remove-

CsVoiceTestConfiguration

Set-

CsWebServiceConfiguration

New-CsWebServiceConfiguration

Remove-


Approve-CsDeviceUpdateRule

Reset-CsDeviceUpdateRule

Restore-CsDeviceUpdateRule

Enable-CsHostingProvider

Disable-CsHostingProvider




Import-CSLisConfiguration

Publish-CSLisConfiguration

UnPublish-CSLisConfiguration

New-


Rule

Set-


Rule

Remove-CsSipResponseCodeTranslation

Rule

21


25/50


CsViewOnlyAdministrator

The CsViewOnlyAdministrator role is permitted to run the cmdlets listed in the following table.



Get-CsAllowedDomain

Get-CsAnnouncementGet-CsArchivingConfiguration



Get-

CsBandwidthPolicyServiceConfigura

tion

Get-CsBlockedDomain

Get-CsCallParkOrbit


Get-CsClientPolicy


Get-CsClientVersionPolicyGet-CsConferenceDirectory










Get-CsExUmContactGet-


Get-







Get-CsLisLocation

Get-CsLisPort

Get-CsLisServiceProviderGet-CsLisSubnet

Get-CsLisSwitch




Get-

CsManagementStoreReplicationSt


Get-CsPstnUsage

Get-CsPinPolicy

Get-CsPrivacyConfigurationGet-CsProxyConfiguration




Get-CsRgsAgentGroup


Get-CsRgsHolidaySet

Get-CsRgsQueue

Get-CsRgsWorkflow





Get-CsSipDomain

Get-


Get-CsTestDevice


Get-CSVoiceRoute

Get-CSVoiceTestConfiguration

Get-CSWebServiceConfiguration

Get-CSComputerGet-CSPool

Get-CSSite

Get-CSService

Test-CSNetworkInterface

Test-CSSetupPermission

Get-CSTopology

Get-CSAnalogDevice

Get-CSCommonAreaPhone

Get-CSCertificate

Get-CSWindowsService

Get-CSAdUser

Get-CSUser

Get-CSClientPinInfo

Get-CSVoiceConfiguration


Get-CsAdContact

Get-


22


26/50



Get-


Get-

CsDialInConferencingAccessNumbe

r

Get-CsDialInConferencingConfiguration

Get-


ion

Get-

CsDialInConferencingLanguageList

Get-CsDialPlan

atus



Get-


Get-CsNetworkRInteregionRoute


Get-CsNetworkRegion


Get-CsNetworkSite

Get-CsNetworkSubnet


Get-


Get-



Get-CsVoicemailReroutingConfigurat

ion


Get-CsVoicePolicy

Get-CsClientCertificate

Get-CsClientVersionPolicyRule

Get-


Get-CsTrustedApplicationPool

Get-CsUserAcp

Get-CsUserDatabaseState

Get-CsUserPoolInfo

Get-

CsSipResponseCodeTranslationR

ule

23


27/50


CsHelpDesk

The CsHelpDesk role is permitted to run the cmdlets listed in the following table.



Get-CsAllowedDomain

Get-CsAnnouncement




Get-

CsBandwidthPolicyServiceConfigurati

on

Get-CsBlockedDomain

Get-CsCallParkOrbit


Get-CsClientPolicy



Get-CsConferenceDirectory






Get-CsExUmContact

Get-


Get-






Get-CsLisConfiguration

Get-CsLisLocation

Get-CsLisPort


Get-CsLisSubnet

Get-CsLisSwitch




Get-

CsManagementStoreReplicationSt

atus




Get-CsRgsAgentGroup



Get-CsRgsHolidaySet

Get-CsRgsQueue

Get-CsRgsWorkflow




Get-CsSipDomain

Get-


Get-CsTestDeviceGet-CsTrunkConfiguration


Get-


Get-



Get-CsUser

Get-CSClientPinInfo

Lock-CSClientPin

Unlock-CSClientPin

Set-CSClientPin

Get-CSClientVersionPolicyRule




Test-CsFederatedPartner

Test-CsGroupExpansion

Test-CsAddressBookService

Test-CsAddressBookWebQuery

Test-CsAVConference

Test-CsClientAuth

Test-CsDialInConferencing


Test-CsGroupIM

Test-CsIM

Test-CsPresence

Test-CsRegistration

24


28/50




Get-CsDiagnosticHeaderConfiguration

Get-


Get-


Get-

CsDialInConferencingDtmfConfigurati

on

Get-

CsDialInConferencingLanguageList

Get-CsDialPlan

Get-

CsEnhancedEmergencyServiceDisclai

mer





Get-


Get-CsNetworkInterRegionRoute


Get-CsNetworkRegion


Get-CsNetworkSite

Get-CsNetworkSubnet



Get-CsPstnUsage

Get-CsPinPolicy

Get-CsPrivacyConfiguration

Get-CsProxyConfiguration



Get-

CsVoicemailReroutingConfigura

tion


Get-CsVoicePolicy

Get-CsVoiceRoute


Get-


Get-CsComputer

Get-CsPool

Get-CsService

Get-CsSite

Get-CsTopology

Get-CsAnalogDevice


Get-CsAdUser

Test-CsPhoneBootstrap

Test-CsP2PAV



Test-CsVoiceUser

Get-CsAdContact


Get-CsUserAcp

Get-CsUserPoolInfo

Get-


Get-

CsSipResponseCodeTranslationR

ule

25


29/50


CsArchivingAdministrator

The CsArchivingAdministrator role is permitted to run the cmdlets listed in the following table.

New-CsArchivingPolicy


Set-CsArchivingPolicy

Remove-CsArchivingPolicy

Grant-CsArchivingPolicy

New-CsArchivingConfiguration


Set-CsArchivingConfiguration

Remove-CsArchivingConfiguration

Get-CsUser

Export-CsArchivingData

Get-CsSite

Get-CsService

Get-CsPool

Get-CsComputer


Get-CsManagementStoreReplicationStatus


Get-CsUserPoolInfo

Set-CsArchivingServer

CsResponseGroupAdministrator

The CsResponseGroupAdministrator role is permitted to run the cmdlets listed in the following table.

Get-CsRgsAgentGroupGet-CsRgsHoursofBusiness


Get-CsRgsHolidaySet

Get-CsRgsQueue

Get-CsRgsWorkflow

Get-CsService

Get-CsUser

New-CsRgsPromptRemove-CsRgsAgentGroup

Remove-CsRgsHoursofBusiness

Remove-CsRgsHolidaySet

Remove-CsRgsQueue

Remove-CsRgsWorkflow

Set-CsRgsAgentGroup

Set- CSRgsHoursofBusiness

26


30/50


Import-CsRgsAudioFile


New-CsRgsAgentGroup

New-CsRgsAnswer

New-CsRgsHoursofBusiness

New-CsRgsCallAction

New-CsRgsHoliday

New-CsRgsHolidaySet

New-CsRgsQuestion

New-CsRgsQueue

New-CsRgsTimeRange

New-CsRgsWorkflow


Set-CsRgsHolidaySet

Set-CsRgsQueue

Set-CsRgsWorkflow

Get-CsSite

Get-CsPool

Get-CsComputer




Get-CsUserPoolInfo

CsLocationAdministrator

The CsLocationAdministrator role is permitted to run the cmdlets listed in the following table.

Get-CsNetworkSite

Get-CsNetworkSubnetGet-CsNetworkRegion

Get-CsNetworkBandwidthPolicyProfile

New-CsNetworkSite

New-CsNetworkSubnet



Set-CsNetworkSite


Set-CsLisLocationGet-CsLisPort

Remove-CsLisPort

Set-CsLisPort

Get-CsLisSubnet

Remove-CsLisSubnet

Set-CsLisSubnet

Get-CsLisSwitch

Get-CsPool

Get-CsUserGet-CsComputer




Get-CsUserPoolInfo



27


31/50


Set-CsNetworkSubnet




Publish-CsLisConfiguration

Unpublish-CsLisConfiguration

Get-CsLisLocation

Remove-CsLisSwitch

Set-CsLisSwitch




Get-CsSite

Get-CsService



Get-CsWebServiceConfiguration

Import-CsLisConfiguration


Test-CsLocationPolicy

28


32/50


Planning for Simple URLs

Simple URLs make joining meetings easier for your users, and make getting to Microsoft Lync

Server 2010 administrative tools easier for your administrators.Microsoft Lync Server 2010 communications software supports three simple URLs:

Meet is used as the base URL for all conferences in the site or organization. An example

of a Meet simple URL is https://meet.contoso.com. A particular meeting URL might be

https://meet.contoso.com/username/7322994.

With the Meet simple URL, links to join meetings are easy to comprehend, and easy to

communicate and distribute.

Dial-in enables access to the Dial-in Conferencing Settings webpage. This page displays

conference dial-in numbers with their available languages, assigned conference information

(that is, for meetings that do not need to be scheduled), and in-conference DTMF controls,

and supports management of personal identification number (PIN) and assigned

conferencing information. The Dial-in simple URL is included in all meeting invitations so that

users who want to dial in to the meeting can access the necessary phone number and PIN

information. An example of the Dial-in simple URL is https://dialin.contoso.com.

Admin enables quick access to the Microsoft Lync Server 2010 Control Panel. From any

computer within your organizations firewalls, an admin can open the Lync Server 2010

Control Panel by typing the Admin simple URL into a browser. The Admin simple URL is

internal to your organization. An example of the Admin simple URL is

https://admin.contoso.com

Simple URL Scope

You can configure your simple URLs to have global scope, or you can specify different simple

URLs for each central site in your organization. If both a global simple URL and a site simple URL

are specified, the site simple URL has precedence.

In most cases, we recommend that you set simple URLs only at the global level, so that a users

Meet simple URL does not change if they move from one site to another. The exception would be

organizations that need to use different telephone numbers for dial-in users at different sites. Note

that if you set a one simple URL (such as the Dial-in simple URL) at a site to be a site-level

simple URL, you must also set the other simple URLs at that site to be site-level as well.

You can set global simple URLs in Topology Builder. To set a simple URL at the site level, you

must use the Set-CsSimpleURLConfiguration cmdlet.

Naming Your Simple URLs

There are three recommended options for naming your simple URLs. Which option you choose

has implications for how you set up your DNS A records and certificates which support simple

URLs. In each option, you must configure one Meet simple URL for each SIP domain in your

organization. You always need just one simple URL in your whole organization for Dial-in, and

one for Admin, no matter how many SIP domains you have.

29


33/50


For details about the necessary DNS A records and certificates, see DNS Requirements for

Simple URLs and Certificate Requirements for Internal Servers in the Planning documentation.

In Option 1, you create a new SIP domain name for each simple URL.

If you use this option, you need a separate DNS A record for each simple URL, and each Meet

simple URL must be named in your certificates.

Simple URL Naming Option 1

Simple URL Example

Meet https://meet.contoso.com,

https://meet.fabrikam.com, and so on (one for

each SIP domain in your organization)

Dial-in https://dialin.contoso.com

Admin https://admin.contoso.com

With Option 2, simple URLs are based on the domain name lync.contoso.com. Therefore, you

need only one DNS A record which enables all three types of simple URLs. This DNS A record

references lync.contoso.com. Additionally, you still need separate DNS A records for other SIP

domains in your organization.


Simple URL Example

Meet https://lync.contoso.com/Meet,

https://lync.fabrikam.com/Meet, and so on (one

for each SIP domain in your organization)

Dial-in https://lync.contoso.com/Dialin

Admin https://lync.contoso.com/Admin

Option 3 is most useful if you have many SIP domains, and you want them to have separate Meet

simple URLs but want to minimize the DNS record and certificate requirements for these simple

URLs.


Simple URL Example

Meet https://lync.contoso.com/contosoSIPdomain/Meet

https://lync.contoso.com/fabrikamSIPdomain/Meet

Dial-in https://lync.contoso.com/Dialin

Admin https://lync.contoso.com/Admin

30


34/50


Simple URL Naming and Validation Rules

Topology Builder and the Lync Server Management Shell cmdlets enforce several validation rules

for your simple URLs. You are required to set simple URLs for Meet and Dialin, but setting one for

Admin is optional. Each SIP domain must have a separate Meet simple URL, but you need only

one Dialin simple URL and one Admin simple URL for your whole organization.

Each simple URL in your organization must have a unique name, and cannot be a prefix of

another simple URL (for example, you could not set lync.contoso.com/Meet as your Meet simple

URL and lync/contoso.com/Meet/Dialin as your Dialin simple URL). Simple URL names cannot

contain the FQDN of any of your pools, or any port information (for example,

https://FQDN:88/meet is not allowed). All simple URLs must start with the https:// prefix.

Simple URLs can contain only alphanumeric characters (that is, a-z, A-Z, 0-9, and the period (.). If

you use other characters, the simple URLs might not work as expected.

Changing Simple URLs after Deployment

If you change a simple URL after initial deployment, you must be aware of what changes impact

your DNS records and certificates for simple URLs. If the change impacts the base of a simple

URL, then you must change the DNS records and certificates as well. For example, changing

from https://lync.contoso.com/Meet to https://meet.contoso.com changes the base URL from

lync.contoso.com to meet.contoso.com, so you would need to change the DNS records and

certificates to refer to meet.contoso.com. If you changed the simple URL from

https://lync.contoso.com/Meet to https://lync.contoso.com/Meetings, the base URL of

lync.contoso.com stays the same, so no DNS or certificate changes are needed.

Whenever you change a simple URL name, however, you must run Enable-CsComputer on each

Director and Front End Server to register the change.

See Also

DNS Requirements for Simple URLs

Preventing New Connections to Lync Server 2010

Microsoft Lync Server 2010 introduces a new feature that enables you to take a server offline (for

example, to apply software or hardware upgrades) without any loss of service to users. When you

specify the option to prevent new connections or calls to a server in a pool, it stops taking any

new connections and calls as soon as you implement this option. These new connections and

calls are routed through other servers in the pool. A server that is preventing new connections

allows its sessions on existing connections to continue until they naturally end. When all existing

sessions have ended, the server is ready to be taken offline.

When you prevent new connections to a Front End Server, some Lync Server 2010 features andservices rely on the new DNS load balancing feature to ensure proper that it functions properly. If

you are not using DNS load balancing on the pool, connections through these services may not

be re-routed to other servers during the period that the server is preventing new connections, and

thus when the server is taken offline some sessions and calls may be interrupted. The features

that rely on DNS load balancing to ensure that this option operates properly are as follows:

Microsoft Lync 2010 Attendant

31


35/50


Conferencing Announcement application

Response Group application

Announcement application

Call Park applicationFor details about DNS load balancing, see DNS Load Balancing in the Planning documentation.

In addition to preventing new connections for all services on a server running Lync Server 2010,

you can also prevent new connections for individual Lync Server services. For example, this

method is useful in a situation where you need to apply a Lync Server update that does not

require the whole server to be shut down. Note that when you prevent connections for one

service, you must select a service as it is grouped and displayed in the Windows list of services.

For example, the Lync Server Front-End service and the data collection agent for Monitoring

Server are separate Lync Server services, but in the Windows services list they are consolidated

and shown as the RTCSrv.exe service. You can prevent new connections for the RTCSrv.exe

service, but you cannot prevent new connections for these two individual underlying Lync Server

services separately.

Important:

When you set a server to prevent new connections, and then restart the server, by default

the server will immediately begin accepting new connections after it starts. To prevent

this, set the server to only pause and resume manually, before you restart the server.

32


36/50


Planning for ArchivingIn Microsoft Lync Server 2010 communications software, you can deploy the Archiving Server

feature to archive instant messaging (IM) and web conferencing communications sent throughLync Server 2010, in order to support compliance requirements.

In This Section

Overview of Archiving

Defining Your Requirements for Archiving

Components and Topologies for Archiving

Technical Requirements for Archiving

Archiving Deployment Overview

Overview of Archiving

Corporations and other organizations are subject to an increasing number of industry and

government regulations that require the retention of specific types of communications. With the

Archiving Server feature, Microsoft Lync Server 2010 provides a way for you to archive instant

messaging (IM) content, conferencing (meeting) content, or both that is sent through Lync Server

2010.

If you deploy Archiving Server and associate it with Front End pools, you can set it to archive

instant messages and conferences and specify the users for which archiving is enabled. When

you deploy Archiving Server, a global policy is created by default. You can use the global policy to

enable archiving of internal communications (that is, communications between internal users) and

external communications (that is, communications that include at least one non-internal user).

You can also specify the users for whom archiving is enabled by creating policies for specific

users or sites. If archiving is enabled, the instant messages from all multiparty conferences

involving users can also archived, even if you have set Archiving Server to archive the messages

of only specified users and sites.

The following types of content are archived:

Peer-to-peer instant messages

Multiparty instant messages

Conference content, including uploaded content (for example, handouts) and event-

related content (for example, joining, leaving, uploading sharing, and changes in visibility)

The following types of content are not archived:

Peer-to-peer file transfers

Audio/video for peer-to-peer instant messages and conferences

Application sharing for peer-to-peer instant messages and conferences

Conferencing annotations and polls

To configure archiving, you need to specify the following:

33


37/50


The scope of archiving support required in your organization, including which policies are

required for specific sites and users and whether archiving is to be enabled for internal

communications, external communications, or both, in addition to which workloads are to be

archived.

Whether to run Lync Server 2010 in critical mode, which blocks IM or conferencing

sessions if archiving fails.

How archived data is to be managed. The archiving database is not intended for long-

term retention and Lync Server 2010 does not provide an e-discovery (search) solution for

archived data, so data needs to be moved to other storage. Lync Server 2010 does provide a

session export tool that you can use to export archived data, creating searchable transcripts

of the archived data.

Whether to enable purging of archived data and, if so, how to implement purging.

For details about these options, see Defining Your Requirements for Archiving.

If you enable archiving in one Front End pool or Standard Edition server, you should then enable

it for all other Front End pools and Standard Edition servers in your deployment. You need to do

this because users whose communications are required to be archived can be invited to a group

IM conversation or meetings hosted on a different pool. If archiving is not enabled on the pool

where the conversation or meeting is hosted, the session cannot be archived.

Defining Your Requirements for Archiving

If your organization must follow compliance regulations, you can deploy Archiving Server to

enable archiving support for Microsoft Lync Server 2010 instant messaging (IM) and

conferencing. To deploy Archiving Server, you need to decide how you want to implement it,

including support for specific sites and users, criticality of archiving, purge settings, and

management of archived data.Before you deploy Archiving Server, you need to determine the following for your organization:

Which sites and users in your organization require archiving support.

Whether to enable archiving for internal communications (that is, communications

between internal users), external communications (that is, communications that include at

least one user outside your organization), or both.

Whether to enable archiving for both IM and conferencing sessions or only for IM

sessions.

In addition, you also need to determine the specific policies and other support options that you

want to implement, including the use of critical mode and how to manage the exporting and

purging archived data.

Note:

To enable you to delegate administrative tasks while maintaining your organization's

security standards, Microsoft Lync Server 2010 communications software uses role-

based access control (RBAC). With RBAC, administrative privilege is granted by

assigning users to pre-defined administrative roles. To configure archiving policies and

other archiving options, the user be assigned to the CsArchivingAdministrator role

34


38/50


(unless the configuration is done directly on the Archiving Server, instead of remotely

from another computer). For details about RBAC, seeRole-Based Access Controlin the

Planning documentation. For a list of the user rights, permissions, and roles required for

archiving deployment, see Archiving Deployment Overview, which is available in both the

Planning documentation and the Deployment documentation.

Archiving Policies

You can control the scope of archiving support by using archiving policies and the configuration

options for each policy. Archiving policies include the following:

Global archiving policy By default, Lync Server 2010 creates a global archiving policy

when you deploy Archiving Server. The global policy applies to all users and sites in your

deployment. In the global policy, you specify whether to enable archiving of internal

communications, external communications, or both.

Important:

By default, neither archiving of internal communications nor archiving of external

communications is enabled. The global policy cannot be deleted. If you try to delete

it, the policy is reset to the default values.

Site archiving policy You can enable or disable archiving support for specific sites. For

example, to enable archiving support for a small number of sites, you can set the global

archiving policy to not archive internal or external communications, and then create a site

policy for each site for which you want to enable archiving support. As with the global policy,

you specify in each site policy whether to enable archiving of internal communications,

external communications, or both.

User archiving policy You can enable or disable archiving support for specific users by

assigning the policies to users that are defined in Users. For example, to disable archivingsupport for specific users at a site, you could set the global archiving policy to not archive

internal or external communications, create a site policy for the site to enable archiving for the

site, and then create a user policy that disables archiving support for the users. You could

also not use a site policy at all, and use only user policies to enable archiving for specific

users. As with the global policy and site policies, you specify in each user policy whether to

enable archiving of internal communications, external communications, or both.

For each archiving policy in your deployment, you can specify whether to archive only IM

sessions or to archive both IM and conferencing sessions.

If you create both site and user policies, user policies override site policies.

Note:

Group instant messages and conferences are archived only if a user policy for at least

one of the participants is configured to enable archiving.

35


39/50


Critical Mode

If archiving is mission-critical in your organization, you can specify that Archiving Server run in

critical mode. In critical mode, Lync Server 2010 blocks specific functionality, if instant messages

and conferencing content cannot be archived. For example:

If the Archiving service is temporarily unable to send a message to the database queue

or insert a message into the database), both IM and conferencing functionality are blocked in

the deployment until archiving support is restored.

If a conferencing user uploads a file, but the file cannot be copied to the archiving file

store, conferencing functionality is blocked in the deployment until the problem is resolved,

but IM functionality is not blocked.

The blocking of IM and conferencing does not affect any other Lync Server features and

functionality, which should continue to operate as usual. By default, blocking of IM and

conferencing sessions is not enabled.

Data Export

Using the session export tool provided in Lync Server 2010, you can create searchable

transcripts of archived data. You can use the tool to do the following:

Create transcripts from archived data such as multi-part email messages (multi-part

MIME formatted Outlook Express Electronic Mail (EML) format .eml file) that consists of the

IM or conference transcript, the conference activity file (as an attachment), and uploaded

conference files, including handouts (as attachments). You can create transcripts for all users

or specific users.

Mark records that have been exported as safe to delete.

The session export tool creates one transcript for each completed communications session within

the specified date range (between specified starting and ending dates). You run this tool using the

Lync ServerExport-CsArchivingData cmdlet. For an overview of the cmdlets you can use to

manage Lync Server, see New Lync Server Management Shell in the Getting Started

documentation.

Purge Mode

You can specify whether to purge the archives of data. If you enable purging of archiving data,

you must specify one of the following options:

Purge both exported archiving data and stored archiving data after a specific number of

days. The minimum number of days that you can specify is one day. The maximum number of

days that you can specify is 2562 days. By default, purging is not enabled.

Purge exported archiving data only. This option purges all records that have been

exported and marked as safe to delete by the session export tool.

Components and Topologies for Archiving

To be able to archive the content of IM, including conferencing content, sent through Microsoft

Lync Server 2010 communications software, deploy Archiving Server, which is a server role in

36


40/50


Lync Server. To deploy an Archiving Server, you first use Topology Builder to define it and publish

the topology, and then install and configure Lync Server 2010 on the server that you want to set

up as the Archiving Server.

Supported Components

The Archiving Server feature includes the following components:

Archiving agents Are installed and activated automatically on every Front End pool

and Standard Edition server. The archiving agents capture messages for archiving and send

them to the destination queue on the Archiving Server. Although archiving agents are

activated automatically, no messages are actually captured unless an Archiving Server is

deployed and associated with that Front End pool or Standard Edition server and archiving is

enabled. You can enable archiving at the global level, at the site level, or for specific users.

Archiving Server The server role that reads the messages from the archiving agents in

the Front End Servers and then writes them to the Archiving back-end database.

Archiving Server back-end database The SQL Server database that runs on SQL

Server and stores the archived messages. The database can be collocated on the same

computer as the Archiving Server, or on a different computer, as described in this section.

For a list of hardware and software requirements for Archiving Server and the server running the

Archiving Server database, see Supported Hardware and Server Software and Infrastructure

Support in the Supportability documentation.

Supported Topologies

An Archiving Server can archive messages from one or more Front End pools or Standard Edition

servers. All Front End pools and Standard Edition servers in a central site and associated branch

sites must use the same Archiving Server. The following figure illustrates two possible ArchivingServer topologies.

Archiving Server topologies

37


41/50


Supported Collocation

Lync Server 2010 supports a variety of collocation scenarios, allowing you flexibility to save

hardware costs by running multiple components on one physical server (if you have a small

organization), or to separate components onto different servers (if you have a larger organization

that needs scalability and performance). Scalability factors should certainly be considered before

you decide whether to collocate Archiving Server or its database with other server roles or

databases.

You can deploy the Archiving Server and the Archiving database on the same server or separate

servers. You can also collocate the Archiving Server and the Archiving database with any or all of

the following:

Monitoring Server

Monitoring database

Back-end database of an Enterprise Edition Front End pool

File share for Lync Server 2010.

If you collocate the Archiving database with the Monitoring database, back-end database, or both

of these databases, you can either use a single SQL instance for any or all of the databases, or

you can use a separate SQL instance for each database, with the following limitations:

Each SQL instance can contain only a single back-end database, single Monitoring

database, and single Archiving database.

The database server cannot support more than one Front End pool, one Archiving

Server, and one Monitoring Server, but it can support one of each, regardless of whether the

databases use the same SQL instance or separate SQL instances.

For details about collocation of all server roles and databases, see Supported Server Collocation

in the Supportability documentation.

Note:

The server hosting the Archiving Server database can host other databases. However,

when you consider collocating the Archiving database with other databases, be aware

that if you are archiving the messages of more than a few users, the disk space needed

by the Archiving Server database can grow very large. For details about database

capacity, seeTechnical Requirements for Archiving.

Technical Req

chapter 08 planning for virtualization monitoring archiving

Documents