chapter 08 planning for virtualization monitoring archiving
TRANSCRIPT
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
1/50
Chapter 8: Planning for Virtualization,
Archiving, Monitoring, and Manageability
Microsoft Lync Server 2010
Published: May 2011
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
2/50
This document is provided as-is. Information and views expressed in this document, includingURL and other Internet Web site references, may change without notice.
Some examples depicted herein are provided for illustration only and are fictitious. No real
association or connection is intended or should be inferred.
This document does not provide you with any legal rights to any intellectual property in any
Microsoft product. You may copy and use this document for your internal, reference purposes.Copyright 2011 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, ActiveSync, ActiveX, DirectX, Excel, Forefront, Groove, Hyper-V,
Internet Explorer, Lync, MSDN, MSN, OneNote, Outlook, PowerPoint, RoundTable, SharePoint,
Silverlight, SQL Server, Visio, Visual C++, Visual Studio, Windows, Windows Live, Windows
Media, Windows PowerShell, Windows Server, and Windows Vista, are trademarks of the
Microsoft group of companies. All other trademarks are property of their respective owners.
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
3/50
Contents
Planning for Virtualization, Management, and Other Features ....................................................1
Running in a Virtualized Environment......................................................................................1
Role-Based Access Control......................................................................................................6
Planning for Simple URLs ......................................................................................................29
Preventing New Connections to Lync Server 2010 ................................................................31
Planning for Archiving ................................................................................................................33
Overview of Archiving .............................................................................................................33
Defining Your Requirements for Archiving ..............................................................................34
Components and Topologies for Archiving ......................................................................... ....36
Technical Requirements for Archiving ................................................................................... .38
Archiving Deployment Overview .............................................................................................40
Planning for Monitoring ..............................................................................................................43
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
4/50
Planning for Virtualization, Management, andOther FeaturesThis section explains the features related to manageability of Microsoft Lync Server
2010 communications software.
In This Section
Running in a Virtualized Environment
Role-Based Access Control
Planning for Simple URLs
Preventing New Connections to Lync Server 2010
Running in a Virtualized EnvironmentMicrosoft Lync Server 2010 supports virtualization topologies that support all Lync Server 2010
workloadsinstant messaging (IM) and presence, conferencing, Enterprise Voice, Monitoring
Server, and Archiving Server. Windows Server 2008 R2 is required. Lync Server virtualization
supports Hyper-V and equivalent virtualization platforms. This section briefly discusses the
virtualization support. For more details, see http://go.microsoft.com/fwlink/?LinkId=211394.
Supported Topologies
You can mix physical and virtual servers in your deployment, with only the following restrictions:
You cannot mix different types of servers within the same pool. All servers within the
same pool must either be physical or virtual. For these purposes, Front End Servers and SQL
Servers running the back-end database are considered to be separate, meaning that you can
have virtual Front End Servers using a physical back-end database.
This is the only limitation to mixing physical and virtual servers. You could have one Front
End pool of physical servers and another of virtual servers. And you can deploy different
pools and servers as either physical or virtual in any combination.
All servers within one pool should provide about the same performance. For example, if
you have virtual Front End Servers in one pool being hosted on different host servers, you
should make sure each virtual Front End Server is capable of a similar level of performance.
If you are deploying a large amount of virtualized servers across different host servers, you
should consider spreading out the members of one pool across different host servers. Forexample, in a pool of eight virtual Front End Servers, deploy four on one physical host and four
on another. While this is not a true high-availability solution, it does provide some protection if a
single host server fails.
1
http://go.microsoft.com/fwlink/?LinkId=211394http://go.microsoft.com/fwlink/?LinkId=211394http://go.microsoft.com/fwlink/?LinkId=211394 -
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
5/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Recommended Host Server Configurations
The following table shows the recommended base hardware for a host server.
Component Recommendation
Server Enterprise-grade server, with a minimum of two
CPU sockets
CPU Intel Xeon 5500 series or AMD Opteron 6100
series, 2 Gigahertz or greater, recommended
for best performance. Support of nested page
tables (NPT) or extended page tables (EPT) is
recommended.
Network adapter Two or more 1GbE or 10 GbE adapters. Virtual
Machine Queue (VMQ) is recommended.
Storage Two or more serial advanced technology
attachment (SATA) or serial attached SCSI
(SAS) hard disk drive, 10k rpm or higher direct
attach storage (DAS), or equivalent storage.
RAID 1 or equivalent SSD.
Memory At least 32 GB. PC2-6400 double data rate
(DDR2) or PC3-8500 DDR3 is recommended.
Both the physical host servers and all virtual servers must run Windows Server 2008 R2 with the
software update described in Microsoft Knowledge Base article 981836, "Network connectivity for
a Windows Server 2003-based Hyper-V virtual machine is lost temporarily in Windows Server
2008 R2," at http://go.microsoft.com/fwlink/?LinkId=201212.
Note:
You must run this update on both the physical host server and all virtual machines, even
though the Microsoft Knowledge Base article states otherwise.
2
http://go.microsoft.com/fwlink/?LinkId=201212http://go.microsoft.com/fwlink/?LinkId=201212 -
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
6/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Networking Considerations
Lync Server provides real-time communications, and depends on fast and efficient networking. If
a packet is delayed by as little as a few milliseconds, users might detect an audio glitch,
experience a delayed call, or frozen video. To improve the network performance of your
virtualized topology, you should do the following:
The host must have at least one network adapter dedicated to the virtual machines
running Lync Server roles. Sharing a network adapter with the host or with a storage area
network (SAN) is not recommended.
Note that a Lync Server workload that includes media (Front End Servers and A/V
Conferencing Servers) can reach a peak network utilization of more than 500 Mbps.
If one host server is running multiple guest virtual servers that each run Lync Server
media workloads, ensure that the host network adapter can handle the traffic. To prevent
bottlenecks, consider a higher speed network adapter (such as 10 GbE) or multiple network
adapters using link aggregation.
Enable virtual LAN (VLAN) tagging on the network adapter, and implement multiple
VLANs on the virtual servers to optimize network traffic.
Implement multi-path I/O (MPIO) to your back-end database.
Use network adapters enabled for Virtual Machine Queue (VMQ). VMQ is a virtualization
technology for the efficient transfer of network traffic to a virtualized operating system. VMQ
allows the VMs to filter the queue of packets within the network adapter, resulting in improved
efficiency of network traffic. If you use these network adapters, you can enable VMQ for each
virtual machine using the hypervisors management console.
Virtual Server Scaling
To provision enough virtual servers for your needs, use the following table to compare
recommended scalability of physical and virtual specifications for Lync Server 2010 roles.
Server role Physical Virtual
CPU Memory Number of
users
supported
CPU Memory Number of
users
supported
Front End
Server, allworkloads
8 cores 16 GB 10,000 4 cores 16 GB 5,000
Front End
Server, IM and
presence only
8 cores 16 GB 25,000 4 cores 16 GB 12,500
Standard
Edition server,
8 cores 16 GB 5,000 4 cores 16 GB 2,000
3
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
7/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Server role Physical Virtual
all workloads
Standard
Edition server,
IM and
presence only
8 cores 16 GB 10,000 4 cores 16 GB 10,000
Director 4 cores 4 GB 20,000 2 cores 3 GB 8,000
Monitoring
Server and/or
Archiving
Server
8 cores 16 GB 100,000 or
more
4 cores 8 GB 100,000
A/V
ConferencingServer
8 cores 16 GB 20,000 4 cores 12 GB 10,000
Mediation
Server (stand-
alone server)
8 cores 16 GB 800
concurrent
calls
4 cores 10 GB 400
concurrent
calls
Edge Server 8 cores 16 GB 15,000 4 cores 8 GB 7,500
Survivable
branch server
2 cores 2 GB 1,000 2 cores 2 GB 1,000
Back-end
database
8 cores 32 GB 80,000 4 cores 16 GB 40,000
Monitoring and
Archiving
Database
8 cores 16 GB 230,000 4 cores 12 GB 115,000
File Server 4 cores 4 GB 80,000 2 cores 3 GB 40,000
Managing Your Virtual Environment
We recommend you use Microsoft System Center Virtual Machine Manager (VMM) to manage
your virtualized Lync Server topology.
By using VMM, you do not need to use Terminal Services or Remote Desktop Services for the
virtual machine management. Additionally, by using VMM you can view and manage
performance, and other components such as disk space. You can also save a virtual machine as
a template for creating new instances.
VMM uses Windows PowerShell, so you can create VMM Windows PowerShell scripts that
integrate with Lync Server Management Shell to manage Lync Server.
4
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
8/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
For details about VMM, see the System Center Virtual Machine Manager website at
http://go.microsoft.com/fwlink/?LinkId=202887.
Getting Started Using VMM
To get started using VMM to manage your virtualized Lync Server topology, do the following:1. In VMM, create a new host group named LS 2010.
2. In the Actions pane, click Add Host.
3. If your virtual environment is part of your Active Directory domain, select that option.
Otherwise, select the Windows Server-based host on a perimeter network, and click Next.
4. Install a VMM Agent on the host server. If the host server is on a perimeter network, you
must create a security key, which must then be available to the VMM Administrative Console.
5. Go back to the VMM Administrative Console and click Add Host.
6. Specify the machine name and the domain/machine name and security key, making sure
that VMM can find the host, and then click Next.
7. After the host has been added, the four virtual machines should be available. In the VMM
Administrative Console, click the Virtual Machines button.
8. You will now see the Virtual Machines view, with the four virtual machines running Lync
Server listed.
Using System Center Operations Manager
You can use Microsoft System Center Operations Manager (formerly Microsoft Operations
Manager) to monitor your virtualized topology, just as you can with a physical topology. If you do
so, install System Center Operations Manager R2 first, add the Lync Server Operations Manager
pack, and then integrate it with VMM.
For details about integrating System Center Operations Manager with VMM, see "How to
Integrate Operations Manager with VMM 2008 R2" at http://go.microsoft.com/fwlink/?
LinkId=201214.
5
http://go.microsoft.com/fwlink/?LinkId=202887http://go.microsoft.com/fwlink/?LinkId=201214http://go.microsoft.com/fwlink/?LinkId=201214http://go.microsoft.com/fwlink/?LinkId=202887http://go.microsoft.com/fwlink/?LinkId=201214http://go.microsoft.com/fwlink/?LinkId=201214 -
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
9/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Role-Based Access Control
To enable you to delegate administrative tasks while maintaining high standards for security,
Microsoft Lync Server 2010 communications software introduces role-based access control(RBAC). With RBAC, administrative privilege is granted by assigning users to predefined
administrative roles. Lync Server 2010 includes a rich set of built-in administrative roles, and you
can assign user groups to these roles.
Better Server Security and Centralization
In previous versions of Office Communications Server, administrative rights were defined very
broadly, and users with administrative access for a server running Lync Server could make many
types of changes. With RBAC, access and authorization is based more precisely on a user s Lync
Server role. This enables greater use of the security practice of "least privilege," granting
administrators and users only the rights that are necessary for their job.
Important:
RBAC restrictions work only on administrators working remotely, using either the Lync
Server Control Panel or Lync Server Management Shell. A user sitting at a server running
Lync Server is not restricted by RBAC. Therefore, physical security of your Lync Server is
important to preserve RBAC restrictions.
Roles and Scope
In RBAC, a role is a list of cmdlets defined by Lync Server, designed to be useful for a certain
type of administrator or technician. A scope is the set of objects which the cmdlets defined in a
role can operate on. The objects that scope affects can be either user accounts (grouped by
organizational unit) or servers (grouped by site).
The following table lists the predefined roles in Lync Server 2010, and gives a general overview of
the types of tasks each can do. The fourth column shows the similar Microsoft Exchange Server
role for each Lync Server role, if there is one.
For a detailed list of exactly which cmdlets each role can run, see the tables later in this topic.
6
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
10/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
7
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
11/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Predefined Administrative Roles
Role Tasks allowed Underlying Active Directory
Group
Exchange equivalent
CsAdministrator Can perform all administrative tasks
and modify all settings, including
creating roles and assigning users to
roles. Can expand a deployment by
adding new sites, pools, and services.
CS Administrators Organization Management
CsUserAdministrator Can enable and disable users for Lync
Server, move users and assign existing
policies to users. Cannot modify
policies.
CS User Administrators Mail Recipients
CsVoiceAdministrator Can create, configure, and manage
voice-related settings and policies.
CS Voice Administrators Not applicable.
CsServerAdministrator Can manage, monitor, and troubleshoot
servers and services. Can prevent new
connections to servers, stop and start
services, and apply software updates.
Cannot make changes with globalconfiguration impact.
CS Server Administrators Server Management
CsViewOnlyAdministrator Can view the deployment, including
user and server information, in order to
monitor deployment health.
CS View-Only
Administrators
View-Only Organization
Management
CsHelpDesk Can view the deployment, including
user's properties and policies. Can run
specific troubleshooting tasks. Cannot
CS HelpDesk HelpDesk
8
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
12/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Role Tasks allowed Underlying Active Directory
Group
Exchange equivalent
change user properties or policies,
server configuration, or services.
CsArchivingAdministrator Can modify archiving configuration and
policies.
CS Archiving
Administrators
Retention Management, Legal
Hold
CsResponseGroupAdministrator Can manage the configuration of the
Response Group application within a
site.
CS Response Group
Administrators
Not applicable
CsLocationAdministrator Lowest level of rights for Enhanced 9-
1-1 (E9-1-1) management, including
creating E9-1-1 locations and network
identifiers, and associating these with
each other. This role is always
assigned with a global scope.
CS Location Administrators Not applicable
9
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
13/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
All predefined roles shipped in Lync Server have a global scope. To follow least privilege
practices, you should not assign users to roles with global scope if they are going to administer
only a limited set of servers or users. To accomplish this, you can create roles which are based
on the predefined roles, but with a more limited scope.
Creating a Role
When you create a role, you specify the scope, along with the existing role it is based on and the
Active Directory group to be assigned the role. The Active Directory group you specify must
already be created. The following cmdlet is an example of a creating a role with limited scope. It
creates a new role called Site01 Server Administrators. The new role has the abilities of
the predefined CsServerAdministrator role, but only for the servers located in the Site01 site. For
this cmdlet to work, the Site01 site must already be defined, and a security group named Site01
Server Administratorsmust already exist.
New-CsAdminRole -Identity "Site01 Server Administrators" -Template
CsServerAdministrator -ConfigScopes site:Site01"
After this cmdlet runs, all users who are members of the Site01 Server Administrators
group will have server administrator privileges for the servers in Site01. Additionally, any users
who are later added to this security group also gain the privileges of this role. Note that both the
role itself, and the security group it is assigned to are called Site01 Server
Administrators.
The following example limits user scope instead of server scope. It creates a Sales Users
Administrator role to administer the user accounts in the Sales organizational unit. The
SalesUsersAdministrator security group must already be created for this cmdlet to work.
New-CsAdminRole -Identity "Sales Users Administrator " -Template
CsUserAdministrator -UserScopes OU:OU=Sales, OU=Lync Tenants,
DC=Domain, DC=com"
A user can be given multiple RBAC roles by being added to the underlying Active Directory
groups that correspond to each role.
Note that when you create a role, users who are later added to the underlying Active Directory
group gain the abilities of that role.
Assigning Roles to Users
Each Lync Server role is associated with an underlying Active Directory security group, which is
created in Active Directory when you deploy Lync Server. Any users who you add to the
underlying group gain the abilities of that role.
The examples in the preceding section both created a new role and assigned a group to it. Toassign an existing role to one or more users, add those users to the group associated with the
role. You can add both individual users and security groups to these role groups.
For example, the CsAdministratorrole is automatically granted to the CS Administrators
security group in Active Directory. This security group is created in Active Directory when you
deploy Lync Server. To grant a user or group this privilege, you can simply add them to the CS
Administrators group.
10
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
14/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Planning for RBAC
For each person who is to be given any kind of administrative rights for your Lync Server
deployment, consider exactly which tasks they need to perform, then assign them to roles with
the least privilege and scope necessary for their job.
Users who have the CsAdministrator role can create all types of roles, including roles based on
CsAdministrator, and assign users to them. The best practice is to assign the CsAdministrator
role to a very small set of trusted users.
Cmdlets Permitted for Predefined Roles
The following sections list the cmdlets that each predefined role is permitted to run.
CsAdministrator
The CsAdministrator role is permitted to run all cmdlets.
11
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
15/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
CsUserAdministrator
The CsUserAdministrator role is permitted to run the cmdlets in the following table.
Disable-CsUser
Enable-CsUser
Get-CsAdUser
Get-CsUserPoolInfo
Move-CsUser
Move-CsLegacyUser
Set-CsUser
Grant-CsClientPolicy
Grant-CsClientVersionPolicy
Grant-CsConferencingPolicy
Grant-CsDialPlan
Grant-CsExternalAccessPolicy
Grant-CsHostedVoicemailPolicy
Grant-CsLocationPolicy
Grant-CsPinPolicy
Grant-CsVoicePolicy
Get-CsArchivingPolicy
Get-CsClientPolicy
Get-CsClientVersionPolicy
Get-CsConferencingPolicy
Get-CsExternalAccessPolicy
Get-CsHostedVoicemailPolicy
Get-CsLocationPolicy
Get-CsPinPolicy
Get-CsVoicePolicy
Get-CsClientPinInfo
Unlock-CsClientPin
Lock-CsClientPin
Set-CsClientPin
Get-CsClientVersionConfiguration
Get-CsDialPlan
Get-CsSite
Get-CsComputer
Get-CsNetworkInterface
Get-CsPool
Get-CsService
Get-CsSipDomain
Revoke-CsClientCertificate
Get-
CsManagementStoreReplicationStatus
Get-CsAdContact
Get-CsUserAcp
Set-CsUserAcp
Remove-CsUserAcp
Get-CsArchivingConfiguration
Get-CsPresencePolicy
Grant-CsPresencePolicyGet-CsWindowsService
Get-CsPstnUsage
Get-CsRoutingConfiguration
Set-CsCommonAreaPhone
Remove-
CsCommonAreaPhone
Get-CsCommonAreaPhone
New-CsCommonAreaPhone
Move-CsCommonAreaPhone
Set-CsAnalogDevice
Move-CsAnalogDevice
Remove-CsAnalogDevice
Get-CsAnalogDevice
New-CsAnalogDevice
Move-CsExUmContact
Set-CsExUmContact
Remove-CsExUmContactGet-CsExUmContact
New-CsExUmContact
12
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
16/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
CsVoiceAdministrator
The CsVoiceAdministrator role is permitted to run the cmdlets listed in the following table.
Remove-CsNetworkSite
Remove-CsNetworkSubnet
Set-
CsNetworkBandwidthPolicyProfile
Set-CsNetworkInterRegionRoute
Set-CsNetworkInterSitePolicy
Set-CsNetworkRegion
Set-CsNetworkRegionLink
Set-CsNetworkSite
Set-CsNetworkSubnet
Get-
CsVoicemailReroutingConfiguration
Set-
CsVoicemailReroutingConfiguration
Remove-
CsVoicemailReroutingConfiguration
New-
CsVoicemailReroutingConfiguration
Get-CsTrunkConfiguration
Set-CsTrunkConfiguration
Remove-CsTrunkConfiguration
New-CsTrunkConfiguration
Set-CsHostedVoicemailPolicy
Remove-
CsHostedVoicemailPolicy
New-CsHostedVoicemailPolicy
Test-CsP2PAV
New-CsAnalogDevice
Move-CsAnalogDevice
Get-CsAnalogDevice
Get-CsExUmContact
Set-CsExUmContact
Move-CsExUmContact
New-CsExUmContact
Remove-CsAnalogDevice
Remove-CsCommonAreaPhone
Remove-CsExUmContactSet-CsAnalogDevice
Set-CsCommonAreaPhone
New-CsCommonAreaPhone
Move-CsCommonAreaPhone
Test-CsVoiceNormalizationRule
Test-CsDialPlan
Test-CsVoiceRoute
Get-CsNetworkConfiguration
Set-CsRgsAgentGroup
Set- CSRgsHoursofBusiness
Set-CsRgsConfiguration
Set-CsRgsHolidaySet
Set-CsRgsQueue
Set-CsRgsWorkflow
Get-CsAdContact
Get-CsAdUser
Get-CsAudioTestServiceApplication
Get-
CsBandwidthPolicyServiceConfigur
ation
Get-CsClientPinInfo
Get-CommonAreaPhone
Get-CpsConfiguration
Get-
CsEnhancedEmergencyServiceDis
claimer
Get-CsLisCivicAddress
Get-CsLisLocation
Get-CsLisPort
New-CsMediaConfiguration
New-CsLocationPolicy
New-CsCpsConfiguration
New-
CsBandwidthPolicyServiceConfigur
ation
New-CsRgsAnswer
New-CSRgsCallAction
New-CSRgsHoliday
New-CSRgsHolidaySet
New-CSRgsHoursOfBusiness
New-CSRgsQuestion
New-CSRgsQueue
New-CSRgsTimeRange
New-CSRgsWorkflow
New-CSRgsPrompt
New-CsRoutingConfiguration
New-CsVoiceRegex
Publish-CsLisConfiguration
Remove-
CsBandwidthPolicyServiceConfigur
ation
13
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
17/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Get-CsOutboundTranslationRule
Set-CsOutboundTranslationRule
Remove-
CsOutboundTranslationRule
New-CsOutboundTranslationRule
Get-CsPstnUsage
Set-CsPstnUsage
Get-CsVoiceRoute
Set-CsVoiceRoute
Remove-CsVoiceRoute
New-CsVoiceRoute
Get-CsRoutingConfiguration
Set-CsRoutingConfiguration
Remove-CsRoutingConfiguration
Get-CsDialPlan
Set-CsDialPlan
Remove-CsDialPlan
New-CsDialPlan
Get-CsVoiceNormalizationRule
Set-CsVoiceNormalizationRule
Remove-
CsVoiceNormalizationRule
New-CsVoiceNormalizationRule
Get-CsVoicePolicy
Set-CsVoicePolicy
Test-CsVoicePolicy
Test-CsVoiceTestConfiguration
Test-CsVoiceUser
Test-CsTrunkConfiguration
Get-CsDeviceUpdateRule
Remove-CsDeviceUpdateRule
Approve-CsDeviceUpdateRule
Reset-CsDeviceUpdateRule
Restore-CsDeviceUpdateRule
Clear-CsDeviceUpdateFile
Clear-CsDeviceUpdateLog
Get-
CsDeviceUpdateConfiguration
Set-
CsDeviceUpdateConfiguration
New-
CsDeviceUpdateConfiguration
Remove-
CsDeviceUpdateConfiguration
Get-CsTestDevice
Set-CsTestDevice
New-CsTestDevice
Remove-CsTestDevice
Get-
CsManagementStoreReplication
Status
Get-CsLisServiceProvider
Get-CsLisSubnet
Get-CsLisSwitch
Get-CsLisWirelessAccessPoint
Get-CsLocationPolicy
Get-CsMediaConfiguration
Get-CsNetworkConfiguration
Get-CsQOEConfiguration
Get-PinPolicy
Get-CsRgsAgentGroup
Get-CsRgsHoursOfBusiness
Get-CsRgsConfiguration
Get-CsRgsHolidaySet
Get-CsRgsQueue
Get-CsRgsWorkflow
Get-CsUserPoolInfo
Get-CsUserPoolInfo
Get-CsWebServiceConfigurationGet-CsWindowsService
Grant-CsDialPlan
Grant-CsHostedVoicemailPolicy
Grant-CsLocationPolicy
Grant-CsVoicePolicy
Import-CsLisConfiguration
Import-CsRgsAudioFile
Remove-CsCpsConfiguration
Remove-
CsEnhancedEmergencyServiceDis
claimer
Remove-CsLisLocation
Remove-CsLisPort
Remove-CsLisServiceProvider
Remove-CsLisSubnet
Remove-CsLisSwitch
Remove-CsLisWirelessAccessPoint
Remove-CsLocationPolicy
Remove-CsMediaConfiguration
Remove-
CsNetworkBandwidthPolicyProfile
Remove-CsNetworkConfiguration
Remove-CsQoEConfiguration
Remove-CSRgsAgentGroup
Remove-CSRgsHolidaySet
Remove-CSRgsHoursOfBusiness
Remove-CSRgsQueue
Remove-CSRgsWorkflow
Set-CsAudioTestServiceApplication
Set-
CsBandwidthPolicyServiceConfigur
ation
Set-CsNetworkConfiguration
14
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
18/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Remove-CsVoicePolicy
New-CsVoicePolicy
Get-CsVoiceTestConfiguration
Set-CsVoiceTestConfiguration
Remove-CsVoiceTestConfiguration
New-CsVoiceTestConfiguration
Get-CsVoiceConfiguration
Set-CsVoiceConfiguration
Remove-CsVoiceConfiguration
Get-CsUCPhoneConfiguration
Set-CsUCPhoneConfiguration
Remove-CsUCPhoneConfiguration
Get-
CsEnhancedEmergencyServiceDis
claimer
New-CsUCPhoneConfiguration
Get-CsHostedVoicemailPolicy
Test-CsLisCivicAddress
Test-CsLisConfiguration
Debug-CsLisConfiguration
Export-CsLisConfiguration
Test-CsLocationPolicy
Test-CsPhoneBootStrap
Test-CsPstnOutboundCall
Test-CsPstnPeerToPeerCall
Unlock-CsClientPin
Unpublish-CsLisConfiguration
Set-CsPstnGateway
Set-CsQoEConfiguation
Lock-CsClientPin
Move-CsApplicationEndpoint
Move-CsConferenceDirectory
Move-CsRgsConfiguration
New-CsRgsAgentGroup
New-CsQoEConfiguration
New-
CsNetworkMediaBypassConfigurati
on
New-CsNetworkBWPolicy
New-CsNetworkBWAlternatePath
Get-
CsSipResponseCodeTranslationRu
le
New-
CsSipResponseCodeTranslationRu
le
Set-
CsSipResponseCodeTranslationRu
le
Remove-
CsSipResponseCodeTranslationRu
le
Set-CsMediationServer
Set-CsMediaConfiguration
Set-CsLocationPolicy
Set-CsLisWirelessAccessPoint
Set-CsLisSwitch
Set-CsLisSubnet
Set-CsLisServiceProvider
Set-CsLisPort
Set-CsLisLocation
Set-
CsEnhancedEmergencyServiceDis
claimer
Set-CsCpsConfiguration
Set-CsClientPin
CsServerAdministrator
The CsServerAdministrator role is permitted to run the cmdlets listed in the following table.
15
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
19/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Get-CsApplicationEndpoint
Get-CsPresencePolicy
Set-CsPresencePolicy
New-CsPresencePolicy
Remove-CsPresencePolicy
Get-CsWindowsService
Start-CsWindowsService
Stop-CsWindowsService
Get-CsCertificate
Get-CsAccessEdgeConfiguration
Get-CsAddressBookConfiguration
Get-CsAllowedDomain
Get-CsAnnouncement
Get-CsArchivingConfiguration
Get-CsArchivingPolicy
Get-CsAVEdgeConfiguration
Get-
CsBandwidthPolicyServiceConfigurat
ion
Get-CsBlockedDomain
Get-CsCallParkOrbit
Get-CsCdrConfiguration
Get-CsClientPolicy
Get-CsClientVersionConfiguration
Get-CsClientVersionPolicy
Set-CsAVEdgeConfiguration
New-CsAVEdgeConfiguration
Remove-CsAVEdgeConfiguration
Set-
CsBandwidthPolicyServiceConfigurat
ion
New-CsBandwidthPolicyServiceConfigurat
ion
Remove-
CsBandwidthPolicyServiceConfigurat
ion
Set-CsBlockedDomain
New-CsBlockedDomain
Remove-CsBlockedDomain
Set-CsCallParkOrbit
New-CsCallParkOrbit
Remove-CsCallParkOrbit
Set-CsCdrConfigurationNew-CsCdrConfiguration
Remove-CsCdrConfiguration
Set-CsClientPolicy
New-CsClientPolicy
Remove-CsClientPolicy
Set-CsClientVersionConfiguration
New-CsClientVersionConfiguration
New-CsNetworkInterSitePolicy
Remove-
CsNetworkInterSitePolicy
Set-CsNetworkRegion
New-CsNetworkRegion
Remove-CsNetworkRegion
Set-CsNetworkRegionLink
New-CsNetworkRegionLink
Remove-CsNetworkRegionLink
Set-CsNetworkSite
New-CsNetworkSite
Remove-CsNetworkSite
Set-CsNetworkSubnet
New-CsNetworkSubnet
Remove-CsNetworkSubnet
Set-
CsOutboundTranslationRule
New-
CsOutboundTranslationRule
Remove-
CsOutboundTranslationRule
Set-CsPstnUsage
Set-CsPinPolicy
New-CsPinPolicy
Remove-CsPinPolicy
Set-CsPrivacyConfiguration
Test-CSLocationPolicy
Enable-CSPublicProvider
Disable-CSPublicProvider
Test-CSVoiceNormalizationRule
Test-CSVoicePolicy
Test-CSVoiceRoute
Test-CSVoiceTestConfiguration
Test-CsFederatedPartner
Test-CsGroupExpansion
Test-CsAddressBookService
Test-CsAddressBookWebQuery
Test-CsAVConference
Test-CsClientAuth
Test-CsDialInConferencing
Test-CsGroupIM
Test-CsIM
Test-CsPresence
Test-CsRegistrationTest-CsP2PAV
Test-CsPhoneBootstrap
Test-CsPstnOutboundCall
Test-CsPstnPeerToPeerCall
Test-CsVoiceUser
Test-CsDialPlan
Test-CsTrunkConfiguration
16
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
20/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Get-CsConferenceDirectory
Get-CsConferenceDisclaimer
Get-CsConferencingConfiguration
Get-CsConferencingPolicy
Get-CsCpsConfiguration
Get-CsDeviceUpdateConfiguration
Get-CsDeviceUpdateRule
Get-CsDiagnosticConfiguration
Get-
CsDiagnosticHeaderConfiguration
Get-
CsDialInConferencingAccessNumber
Get-
CsDialInConferencingConfiguration
Get-
CsDialInConferencingDtmfConfigurat
ion
Get-
CsDialInConferencingLanguageListGet-CsDialPlan
Get-
CsEnhancedEmergencyServiceDiscl
aimer
Get-CsExternalAccessPolicy
Get-CsTrustedApplication
Get-CsTrustedApplicationEndpoint
Remove-
CsClientVersionConfiguration
New-CsConferenceDirectory
Remove-CsConferenceDirectory
Move-CsConferenceDirectory
Set-CsConferenceDisclaimer
Remove-CsConferenceDisclaimer
Set-CsConferencingConfiguration
New-CsConferencingConfiguration
Remove-
CsConferencingConfiguration
Set-CsConferencingPolicy
New-CsConferencingPolicy
Remove-CsConferencingPolicy
Set-CsCpsConfiguration
New-CsCpsConfiguration
Remove-CsCpsConfiguration
Set-CsDeviceUpdateConfiguration
New-CsDeviceUpdateConfiguration
Remove-
CsDeviceUpdateConfiguration
Remove-CsDeviceUpdateRule
Set-CsDiagnosticConfiguration
New-CsDiagnosticConfiguration
Remove-CsDiagnosticConfiguration
New-CsPrivacyConfiguration
Remove-
CsPrivacyConfiguration
Set-CsProxyConfiguration
New-CsProxyConfiguration
Remove-CsProxyConfiguration
Set-CsPublicProvider
New-CsPublicProvider
Remove-CsPublicProvider
Set-CsQoEConfiguration
New-CsQoEConfiguration
Remove-CsQoEConfiguration
Set-CsRegistrarConfiguration
New-CsRegistrarConfiguration
Remove-
CsRegistrarConfiguration
Set-CsRgsAgentGroup
New-CsRgsAgentGroup
Remove-CsRgsAgentGroup
Set-CsRgsHoursOfBusiness
Remove-
CsRgsHoursOfBusiness
New-CsRgsHoursOfBusiness
Set-CsRgsConfiguration
Move-CsRgsConfiguration
Clear-CsDeviceUpdateFile
Clear-CsDeviceUpdateLog
Get-CsAdContact
Get-CsAdminRole
Get-CsAdminRoleAssignment
Get-CsAdUser
Get-CsAnalogDevice
Get-
CsAudioTestServiceApplication
Get-CsClientCertificate
Get-CsClientPinInfo
Get-CsClientVersionPolicyRule
Get-CsCommonAreaPhone
New-CsCommonAreaPhone
Move-CsCommonAreaPhone
Remove-CsCommonAreaPhone
Set-CsCommonAreaPhone
Get-CsRgsHoursOfBusiness
Get-
CsTrustedApplicationComputer
Get-CsTrustedApplicationPool
Get-CsUser
Get-CsUserAcp
Get-CsUserDatabaseState
Get-CsUserPoolInfo
17
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
21/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Get-CsExUmContact
Get-CsFileTransferFilterConfiguration
Get-
CsHealthMonitoringConfiguration
Get-CsHostedVoicemailPolicy
Get-CsHostingProvider
Get-CsImFilterConfiguration
Get-CsLisCivicAddress
Debug-CsLisConfiguration
Get-CsLisLocation
Get-CsLisPort
Get-CsLisServiceProvider
Get-CsLisSubnet
Get-CsLisSwitch
Get-CsLisWirelessAccessPoint
Get-CsLocationPolicy
Get-CsManagementConnection
Get-
CsManagementStoreReplicationStat
us
Get-CsMediaConfiguration
Get-CsMeetingConfiguration
Get-
CsNetworkBandwidthPolicyProfile
Get-CsNetworkInterRegionRoute
Get-CsNetworkInterSitePolicy
Set-
CsDiagnosticHeaderConfiguration
New-
CsDiagnosticHeaderConfiguration
Remove-
CsDiagnosticHeaderConfiguration
Set-CsDialInConferencingAccessNumber
New-
CsDialInConferencingAccessNumber
Remove-
CsDialInConferencingAccessNumber
Set-
CsDialInConferencingConfiguration
New-
CsDialInConferencingConfiguration
Remove-
CsDialInConferencingConfiguration
Set-
CsDialInConferencingDtmfConfiguration
New-
CsDialInConferencingDtmfConfigurat
ion
Remove-
CsDialInConferencingDtmfConfigurat
ion
Set-CsRgsHolidaySet
New-CsRgsHolidaySet
Remove-CsRgsHolidaySet
Set-CsRgsQueue
New-CsRgsQueue
Remove-CsRgsQueue
Set-CsRgsWorkflow
New-CsRgsWorkflow
Remove-CsRgsWorkflow
Set-CsRoutingConfiguration
New-CsRoutingConfiguration
Remove-
CsRoutingConfiguration
Set-CsServerApplication
New-CsServerApplication
Remove-CsServerApplication
Set-CsSimpleUrlConfiguration
New-CsSimpleUrlConfiguration
Remove-
CsSimpleUrlConfiguration
Set-CsSipDomain
New-CsSipDomain
Remove-CsSipDomain
Set-
CsStaticRoutingConfiguration
Import-CSAnnouncementFile
Import-CsConfiguration
Import-CSRgsAudioFile
Export-CsConfiguration
Invoke-
CsManagementStoreReplication
Move-CsApplicationEndpoint
New-CsAnalogDevice
Move-CsAnalogDevice
New-CsClientPolicyEntry
New-CsClientVersionPolicy
New-CsClientVersionPolicyRule
New-CsDiagnosticsFilter
New-CsIssuedCertId
New-CsNetworkBWAlternatePath
New-CsNetworkBWPolicy
New-
CsNetworkMediaBypassConfigur
ation
New-CSRgsAnswer
New-CSRgsCallAction
New-CSRgsHoliday
New-CSRgsQuestion
New-CSRgsTimeRange
New-CSRgsPrompt
18
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
22/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Get-CsNetworkRegion
Get-CsNetworkRegionLink
Get-CsNetworkSite
Get-CsNetworkSubnet
Get-CsNetworkConfiguration
Get-CsOutboundTranslationRule
Get-CsPstnUsage
Get-CsPinPolicy
Get-CsPrivacyConfiguration
Get-CsProxyConfiguration
Get-CsPublicProvider
Get-CsQoEConfiguration
Get-CsRegistrarConfiguration
Get-CsRgsAgentGroup
Get-CsRgsHoursOfBusiness
Get-CsRgsConfiguration
Get-CsRgsHolidaySet
Get-CsRgsQueueGet-CsRgsWorkflow
Get-CsRoutingConfiguration
Get-CsServerApplication
Get-CsSimpleUrlConfiguration
Get-CsSipDomain
Get-CsStaticRoutingConfiguration
Get-CsTestDevice
Set-CsDialPlan
New-CsDialPlan
Remove-CsDialPlan
Set-
CsEnhancedEmergencyServiceDiscl
aimer
Remove-CsEnhancedEmergencyServiceDiscl
aimer
Set-CsExternalAccessPolicy
New-CsExternalAccessPolicy
Remove-CsExternalAccessPolicy
Set-CsTrustedApplication
New-CsTrustedApplication
Remove-CsTrustedApplication
Set-CsTrustedApplicationEndpoint
New-CsTrustedApplicationEndpoint
Remove-
CsTrustedApplicationEndpointSet-CsExUmContact
New-CsExUmContact
Move-CsExUmContact
Remove-CsExUmContact
Set-CsFileTransferFilterConfiguration
New-
CsFileTransferFilterConfiguration
New-
CsStaticRoutingConfiguration
Remove-
CsStaticRoutingConfiguration
Set-CsTestDevice
New-CsTestDevice
Remove-CsTestDevice
Set-CsTrunkConfiguration
New-CsTrunkConfiguration
Remove-CsTrunkConfiguration
Set-CsUCPhoneConfiguration
New-CsUCPhoneConfiguration
Remove-
CsUCPhoneConfiguration
Set-
CsUserReplicatorConfiguration
New-
CsUserReplicatorConfiguration
Remove-CsUserReplicatorConfiguration
Set-
CsUserServicesConfiguration
New-
CsUserServicesConfiguration
Remove-
CsUserServicesConfiguration
New-CsSimpleUrl
New-CsSimpleUrlEntry
New-CsSipProxyCustom
New-CsSipProxyRealm
New-CsSipProxyTCP
New-CsSipProxyTLS
New-CsSipProxyTransport
New-CsSipProxyUseDefault
New-CsSipProxyUseDefaultCert
New-CsStaticRoute
New-
CsTrustedApplicationComputer
New-CsTrustedApplicationPool
New-CsVoiceRegex
New-CsWebTrustedCACertificate
Remove-CsAnalogDevice
ReMove-CsClientVersionPolicy
ReMove-
CsClientVersionPolicyRule
ReMove-CsNetworkConfiguration
ReMove-
CsTrustedApplicationComputer
ReMove-
CsTrustedApplicationPool
Set-CsAnalogDevice
Set-CsApplicationServer
19
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
23/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Get-CsTrunkConfiguration
Get-CsUCPhoneConfiguration
Get-CsUserReplicatorConfiguration
Get-CsUserServicesConfiguration
Get-CsUnassignedNumber
Get-CsVoiceConfiguration
Get-
CsVoicemailReroutingConfiguration
Get-CsVoiceNormalizationRule
Get-CsVoicePolicy
Get-CsVoiceRoute
Get-CsVoiceTestConfiguration
Get-CsWebServiceConfiguration
Get-CsComputer
Get-CsPool
Get-CsService
Get-CsSite
Get-CsTopology
Get-CsNetworkInterface
Set-CsAccessEdgeConfiguration
Set-CsAddressBookConfiguration
New-CsAddressBookConfiguration
Remove-
CsAddressBookConfiguration
Set-CsAllowedDomain
Remove-
CsFileTransferFilterConfiguration
Set-CsHealthMonitoringConfiguration
New-
CsHealthMonitoringConfiguration
Remove-
CsHealthMonitoringConfigurationSet-CsHostedVoicemailPolicy
New-CsHostedVoicemailPolicy
Remove-CsHostedVoicemailPolicy
Set-CsHostingProvider
New-CsHostingProvider
Remove-CsHostingProvider
Set-CsImFilterConfiguration
New-CsImFilterConfiguration
Remove-CsImFilterConfiguration
Set-CsLisLocation
Remove-CsLisLocation
Set-CsLisPort
Remove-CsLisPort
Set-CsLisServiceProvider
Remove-CsLisServiceProvider
Set-CsLisSubnet
Remove-CsLisSubnet
Set-CsLisSwitch
Set-CsUnassignedNumber
New-CsUnassignedNumber
Remove-
CsUnassignedNumber
Set-CsVoiceConfiguration
Remove-CsVoiceConfiguration
Set-
CsVoicemailReroutingConfigur
ation
New-
CsVoicemailReroutingConfigur
ation
Remove-
CsVoicemailReroutingConfigur
ation
Set-CsVoiceNormalizationRule
New-
CsVoiceNormalizationRule
Remove-
CsVoiceNormalizationRule
Set-CsVoicePolicy
New-CsVoicePolicy
Remove-CsVoicePolicy
Set-CsVoiceRoute
New-CsVoiceRoute
Remove-CsVoiceRoute
Set-
CsAudioTestServiceApplication
Set-
CsCallParkServiceMusicOnHoldF
ile
Set-CsClientVersionPolicy
Set-CsClientVersionPolicyRuleSet-CsConferenceServer
Set-CsDirector
Set-CsEdgeServer
Set-CsManagementServer
Set-CsMediationServer
Set-CsMonitoringServer
Set-CsNetworkConfiguration
Set-CsPstnGateway
Set-CsRegistrar
Set-CsSite
Set-CsTrustedApplicationPool
Set-CsUserDatabaseState
Set-CsUserServer
Set-CsWebServer
Update-CsAddressBook
Update-CsUserDatabase
Get-
CsSipResponseCodeTranslation
Rule
20
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
24/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
New-CsAllowedDomain
Remove-CsAllowedDomain
Set-CsAnnouncement
New-CsAnnouncement
Remove-CsAnnouncement
Remove-CsLisSwitch
Set-CsLisWirelessAccessPoint
Remove-CsLisWirelessAccessPoint
Set-CsLocationPolicy
New-CsLocationPolicy
Remove-CsLocationPolicy
Set-CsManagementConnection
Remove-CsManagementConnection
Set-CsMediaConfiguration
New-CsMediaConfiguration
Remove-CsMediaConfiguration
Set-CsMeetingConfiguration
New-CsMeetingConfiguration
Remove-CsMeetingConfiguration
Set-
CsNetworkBandwidthPolicyProfile
New-
CsNetworkBandwidthPolicyProfile
Remove-
CsNetworkBandwidthPolicyProfile
Set-CsNetworkInterRegionRoute
New-CsNetworkInterRegionRoute
Remove-
CsNetworkInterRegionRoute
Set-CsNetworkInterSitePolicy
Set-CsVoiceTestConfiguration
New-CsVoiceTestConfiguration
Remove-
CsVoiceTestConfiguration
Set-
CsWebServiceConfiguration
New-CsWebServiceConfiguration
Remove-
CsWebServiceConfiguration
Approve-CsDeviceUpdateRule
Reset-CsDeviceUpdateRule
Restore-CsDeviceUpdateRule
Enable-CsHostingProvider
Disable-CsHostingProvider
Test-CsLisCivicAddress
Test-CsLisConfiguration
Export-CsLisConfiguration
Import-CSLisConfiguration
Publish-CSLisConfiguration
UnPublish-CSLisConfiguration
New-
CsSipResponseCodeTranslation
Rule
Set-
CsSipResponseCodeTranslation
Rule
Remove-CsSipResponseCodeTranslation
Rule
21
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
25/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
CsViewOnlyAdministrator
The CsViewOnlyAdministrator role is permitted to run the cmdlets listed in the following table.
Get-CsAccessEdgeConfiguration
Get-CsAddressBookConfiguration
Get-CsAllowedDomain
Get-CsAnnouncementGet-CsArchivingConfiguration
Get-CsArchivingPolicy
Get-CsAVEdgeConfiguration
Get-
CsBandwidthPolicyServiceConfigura
tion
Get-CsBlockedDomain
Get-CsCallParkOrbit
Get-CsCdrConfiguration
Get-CsClientPolicy
Get-CsClientVersionConfiguration
Get-CsClientVersionPolicyGet-CsConferenceDirectory
Get-CsConferenceDisclaimer
Get-CsConferencingConfiguration
Get-CsConferencingPolicy
Get-CsCpsConfiguration
Get-CsDeviceUpdateConfiguration
Get-CsDeviceUpdateRule
Get-CsExternalAccessPolicy
Get-CsTrustedApplication
Get-CsTrustedApplicationEndpoint
Get-CsExUmContactGet-
CsFileTransferFilterConfiguration
Get-
CsHealthMonitoringConfiguration
Get-CsHostedVoicemailPolicy
Get-CsHostingProvider
Get-CsImFilterConfiguration
Get-CsLisCivicAddress
Debug-CsLisConfiguration
Get-CsLisLocation
Get-CsLisPort
Get-CsLisServiceProviderGet-CsLisSubnet
Get-CsLisSwitch
Get-CsLisWirelessAccessPoint
Get-CsLocationPolicy
Get-CsManagementConnection
Get-
CsManagementStoreReplicationSt
Get-CsOutboundTranslationRule
Get-CsPstnUsage
Get-CsPinPolicy
Get-CsPrivacyConfigurationGet-CsProxyConfiguration
Get-CsPublicProvider
Get-CsQoEConfiguration
Get-CsRegistrarConfiguration
Get-CsRgsAgentGroup
Get-CsRgsConfiguration
Get-CsRgsHolidaySet
Get-CsRgsQueue
Get-CsRgsWorkflow
Get-CsRgsHoursOfBusiness
Get-CsRoutingConfiguration
Get-CsServerApplication
Get-CsSimpleUrlConfiguration
Get-CsSipDomain
Get-
CsStaticRoutingConfiguration
Get-CsTestDevice
Get-CsTrunkConfiguration
Get-CSVoiceRoute
Get-CSVoiceTestConfiguration
Get-CSWebServiceConfiguration
Get-CSComputerGet-CSPool
Get-CSSite
Get-CSService
Test-CSNetworkInterface
Test-CSSetupPermission
Get-CSTopology
Get-CSAnalogDevice
Get-CSCommonAreaPhone
Get-CSCertificate
Get-CSWindowsService
Get-CSAdUser
Get-CSUser
Get-CSClientPinInfo
Get-CSVoiceConfiguration
Get-CsPresencePolicy
Get-CsAdContact
Get-
CsAudioTestServiceApplication
22
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
26/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Get-CsDiagnosticConfiguration
Get-
CsDiagnosticHeaderConfiguration
Get-
CsDialInConferencingAccessNumbe
r
Get-CsDialInConferencingConfiguration
Get-
CsDialInConferencingDtmfConfigurat
ion
Get-
CsDialInConferencingLanguageList
Get-CsDialPlan
atus
Get-CsMediaConfiguration
Get-CsMeetingConfiguration
Get-
CsNetworkBandwidthPolicyProfile
Get-CsNetworkRInteregionRoute
Get-CsNetworkInterSitePolicy
Get-CsNetworkRegion
Get-CsNetworkRegionLink
Get-CsNetworkSite
Get-CsNetworkSubnet
Get-CsUCPhoneConfiguration
Get-
CsUserReplicatorConfiguration
Get-
CsUserServicesConfiguration
Get-CsUnassignedNumber
Get-CsVoicemailReroutingConfigurat
ion
Get-CsVoiceNormalizationRule
Get-CsVoicePolicy
Get-CsClientCertificate
Get-CsClientVersionPolicyRule
Get-
CsTrustedApplicationComputer
Get-CsTrustedApplicationPool
Get-CsUserAcp
Get-CsUserDatabaseState
Get-CsUserPoolInfo
Get-
CsSipResponseCodeTranslationR
ule
23
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
27/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
CsHelpDesk
The CsHelpDesk role is permitted to run the cmdlets listed in the following table.
Get-CsAccessEdgeConfiguration
Get-CsAddressBookConfiguration
Get-CsAllowedDomain
Get-CsAnnouncement
Get-CsArchivingConfiguration
Get-CsArchivingPolicy
Get-CsAVEdgeConfiguration
Get-
CsBandwidthPolicyServiceConfigurati
on
Get-CsBlockedDomain
Get-CsCallParkOrbit
Get-CsCdrConfiguration
Get-CsClientPolicy
Get-CsClientVersionConfiguration
Get-CsClientVersionPolicy
Get-CsConferenceDirectory
Get-CsConferenceDisclaimer
Get-CsConferencingConfiguration
Get-CsConferencingPolicy
Get-CsCpsConfiguration
Get-CsDeviceUpdateConfiguration
Get-CsExUmContact
Get-
CsFileTransferFilterConfiguration
Get-
CsHealthMonitoringConfiguration
Get-CsHostedVoicemailPolicy
Get-CsHostingProvider
Get-CsImFilterConfiguration
Get-CsLisCivicAddress
Get-CsLisConfiguration
Get-CsLisLocation
Get-CsLisPort
Get-CsLisServiceProvider
Get-CsLisSubnet
Get-CsLisSwitch
Get-CsLisWirelessAccessPoint
Get-CsLocationPolicy
Get-CsManagementConnection
Get-
CsManagementStoreReplicationSt
atus
Get-CsMediaConfiguration
Get-CsQoEConfiguration
Get-CsRegistrarConfiguration
Get-CsRgsAgentGroup
Get-CsRgsHoursOfBusiness
Get-CsRgsConfiguration
Get-CsRgsHolidaySet
Get-CsRgsQueue
Get-CsRgsWorkflow
Get-CsRoutingConfiguration
Get-CsServerApplication
Get-CsSimpleUrlConfiguration
Get-CsSipDomain
Get-
CsStaticRoutingConfiguration
Get-CsTestDeviceGet-CsTrunkConfiguration
Get-CsUCPhoneConfiguration
Get-
CsUserReplicatorConfiguration
Get-
CsUserServicesConfiguration
Get-CsUnassignedNumber
Get-CsUser
Get-CSClientPinInfo
Lock-CSClientPin
Unlock-CSClientPin
Set-CSClientPin
Get-CSClientVersionPolicyRule
Get-CSWindowsService
Get-CsNetworkInterface
Get-CsPresencePolicy
Test-CsFederatedPartner
Test-CsGroupExpansion
Test-CsAddressBookService
Test-CsAddressBookWebQuery
Test-CsAVConference
Test-CsClientAuth
Test-CsDialInConferencing
Test-CsTrunkConfiguration
Test-CsGroupIM
Test-CsIM
Test-CsPresence
Test-CsRegistration
24
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
28/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Get-CsDeviceUpdateRule
Get-CsDiagnosticConfiguration
Get-CsDiagnosticHeaderConfiguration
Get-
CsDialInConferencingAccessNumber
Get-
CsDialInConferencingConfiguration
Get-
CsDialInConferencingDtmfConfigurati
on
Get-
CsDialInConferencingLanguageList
Get-CsDialPlan
Get-
CsEnhancedEmergencyServiceDisclai
mer
Get-CsExternalAccessPolicy
Get-CsTrustedApplication
Get-CsTrustedApplicationEndpoint
Get-CsMeetingConfiguration
Get-
CsNetworkBandwidthPolicyProfile
Get-CsNetworkInterRegionRoute
Get-CsNetworkInterSitePolicy
Get-CsNetworkRegion
Get-CsNetworkRegionLink
Get-CsNetworkSite
Get-CsNetworkSubnet
Get-CsNetworkConfiguration
Get-CsOutboundTranslationRule
Get-CsPstnUsage
Get-CsPinPolicy
Get-CsPrivacyConfiguration
Get-CsProxyConfiguration
Get-CsPublicProvider
Get-CsVoiceConfiguration
Get-
CsVoicemailReroutingConfigura
tion
Get-CsVoiceNormalizationRule
Get-CsVoicePolicy
Get-CsVoiceRoute
Get-CsVoiceTestConfiguration
Get-
CsWebServiceConfiguration
Get-CsComputer
Get-CsPool
Get-CsService
Get-CsSite
Get-CsTopology
Get-CsAnalogDevice
Get-CsCommonAreaPhone
Get-CsAdUser
Test-CsPhoneBootstrap
Test-CsP2PAV
Test-CsPstnOutboundCall
Test-CsPstnPeerToPeerCall
Test-CsVoiceUser
Get-CsAdContact
Get-CsRgsHoursOfBusiness
Get-CsUserAcp
Get-CsUserPoolInfo
Get-
CsAudioTestServiceApplication
Get-
CsSipResponseCodeTranslationR
ule
25
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
29/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
CsArchivingAdministrator
The CsArchivingAdministrator role is permitted to run the cmdlets listed in the following table.
New-CsArchivingPolicy
Get-CsArchivingPolicy
Set-CsArchivingPolicy
Remove-CsArchivingPolicy
Grant-CsArchivingPolicy
New-CsArchivingConfiguration
Get-CsArchivingConfiguration
Set-CsArchivingConfiguration
Remove-CsArchivingConfiguration
Get-CsUser
Export-CsArchivingData
Get-CsSite
Get-CsService
Get-CsPool
Get-CsComputer
Get-CsNetworkInterface
Get-CsManagementStoreReplicationStatus
Get-CSWindowsService
Get-CsUserPoolInfo
Set-CsArchivingServer
CsResponseGroupAdministrator
The CsResponseGroupAdministrator role is permitted to run the cmdlets listed in the following table.
Get-CsRgsAgentGroupGet-CsRgsHoursofBusiness
Get-CsRgsConfiguration
Get-CsRgsHolidaySet
Get-CsRgsQueue
Get-CsRgsWorkflow
Get-CsService
Get-CsUser
New-CsRgsPromptRemove-CsRgsAgentGroup
Remove-CsRgsHoursofBusiness
Remove-CsRgsHolidaySet
Remove-CsRgsQueue
Remove-CsRgsWorkflow
Set-CsRgsAgentGroup
Set- CSRgsHoursofBusiness
26
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
30/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Import-CsRgsAudioFile
Move-CsRgsConfiguration
New-CsRgsAgentGroup
New-CsRgsAnswer
New-CsRgsHoursofBusiness
New-CsRgsCallAction
New-CsRgsHoliday
New-CsRgsHolidaySet
New-CsRgsQuestion
New-CsRgsQueue
New-CsRgsTimeRange
New-CsRgsWorkflow
Set-CsRgsConfiguration
Set-CsRgsHolidaySet
Set-CsRgsQueue
Set-CsRgsWorkflow
Get-CsSite
Get-CsPool
Get-CsComputer
Get-CsWindowsService
Get-CsNetworkInterface
Get-CsManagementStoreReplicationStatus
Get-CsUserPoolInfo
CsLocationAdministrator
The CsLocationAdministrator role is permitted to run the cmdlets listed in the following table.
Get-CsNetworkSite
Get-CsNetworkSubnetGet-CsNetworkRegion
Get-CsNetworkBandwidthPolicyProfile
New-CsNetworkSite
New-CsNetworkSubnet
Remove-CsNetworkSite
Remove-CsNetworkSubnet
Set-CsNetworkSite
Remove-CsLisLocation
Set-CsLisLocationGet-CsLisPort
Remove-CsLisPort
Set-CsLisPort
Get-CsLisSubnet
Remove-CsLisSubnet
Set-CsLisSubnet
Get-CsLisSwitch
Get-CsPool
Get-CsUserGet-CsComputer
Get-CsWindowsService
Get-CsNetworkInterface
Get-CsManagementStoreReplicationStatus
Get-CsUserPoolInfo
Get-CsLocationPolicy
Grant-CsLocationPolicy
27
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
31/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Set-CsNetworkSubnet
Get-CsLisCivicAddress
Test-CsLisCivicAddress
Debug-CsLisConfiguration
Publish-CsLisConfiguration
Unpublish-CsLisConfiguration
Get-CsLisLocation
Remove-CsLisSwitch
Set-CsLisSwitch
Get-CsLisWirelessAccessPoint
Remove-CsLisWirelessAccessPoint
Set-CsLisWirelessAccessPoint
Get-CsSite
Get-CsService
Export-CsLisConfiguration
Get-CsLisServiceProvider
Get-CsWebServiceConfiguration
Import-CsLisConfiguration
Test-CsLisConfiguration
Test-CsLocationPolicy
28
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
32/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Planning for Simple URLs
Simple URLs make joining meetings easier for your users, and make getting to Microsoft Lync
Server 2010 administrative tools easier for your administrators.Microsoft Lync Server 2010 communications software supports three simple URLs:
Meet is used as the base URL for all conferences in the site or organization. An example
of a Meet simple URL is https://meet.contoso.com. A particular meeting URL might be
https://meet.contoso.com/username/7322994.
With the Meet simple URL, links to join meetings are easy to comprehend, and easy to
communicate and distribute.
Dial-in enables access to the Dial-in Conferencing Settings webpage. This page displays
conference dial-in numbers with their available languages, assigned conference information
(that is, for meetings that do not need to be scheduled), and in-conference DTMF controls,
and supports management of personal identification number (PIN) and assigned
conferencing information. The Dial-in simple URL is included in all meeting invitations so that
users who want to dial in to the meeting can access the necessary phone number and PIN
information. An example of the Dial-in simple URL is https://dialin.contoso.com.
Admin enables quick access to the Microsoft Lync Server 2010 Control Panel. From any
computer within your organizations firewalls, an admin can open the Lync Server 2010
Control Panel by typing the Admin simple URL into a browser. The Admin simple URL is
internal to your organization. An example of the Admin simple URL is
https://admin.contoso.com
Simple URL Scope
You can configure your simple URLs to have global scope, or you can specify different simple
URLs for each central site in your organization. If both a global simple URL and a site simple URL
are specified, the site simple URL has precedence.
In most cases, we recommend that you set simple URLs only at the global level, so that a users
Meet simple URL does not change if they move from one site to another. The exception would be
organizations that need to use different telephone numbers for dial-in users at different sites. Note
that if you set a one simple URL (such as the Dial-in simple URL) at a site to be a site-level
simple URL, you must also set the other simple URLs at that site to be site-level as well.
You can set global simple URLs in Topology Builder. To set a simple URL at the site level, you
must use the Set-CsSimpleURLConfiguration cmdlet.
Naming Your Simple URLs
There are three recommended options for naming your simple URLs. Which option you choose
has implications for how you set up your DNS A records and certificates which support simple
URLs. In each option, you must configure one Meet simple URL for each SIP domain in your
organization. You always need just one simple URL in your whole organization for Dial-in, and
one for Admin, no matter how many SIP domains you have.
29
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
33/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
For details about the necessary DNS A records and certificates, see DNS Requirements for
Simple URLs and Certificate Requirements for Internal Servers in the Planning documentation.
In Option 1, you create a new SIP domain name for each simple URL.
If you use this option, you need a separate DNS A record for each simple URL, and each Meet
simple URL must be named in your certificates.
Simple URL Naming Option 1
Simple URL Example
Meet https://meet.contoso.com,
https://meet.fabrikam.com, and so on (one for
each SIP domain in your organization)
Dial-in https://dialin.contoso.com
Admin https://admin.contoso.com
With Option 2, simple URLs are based on the domain name lync.contoso.com. Therefore, you
need only one DNS A record which enables all three types of simple URLs. This DNS A record
references lync.contoso.com. Additionally, you still need separate DNS A records for other SIP
domains in your organization.
Simple URL Naming Option 2
Simple URL Example
Meet https://lync.contoso.com/Meet,
https://lync.fabrikam.com/Meet, and so on (one
for each SIP domain in your organization)
Dial-in https://lync.contoso.com/Dialin
Admin https://lync.contoso.com/Admin
Option 3 is most useful if you have many SIP domains, and you want them to have separate Meet
simple URLs but want to minimize the DNS record and certificate requirements for these simple
URLs.
Simple URL Naming Option 3
Simple URL Example
Meet https://lync.contoso.com/contosoSIPdomain/Meet
https://lync.contoso.com/fabrikamSIPdomain/Meet
Dial-in https://lync.contoso.com/Dialin
Admin https://lync.contoso.com/Admin
30
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
34/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Simple URL Naming and Validation Rules
Topology Builder and the Lync Server Management Shell cmdlets enforce several validation rules
for your simple URLs. You are required to set simple URLs for Meet and Dialin, but setting one for
Admin is optional. Each SIP domain must have a separate Meet simple URL, but you need only
one Dialin simple URL and one Admin simple URL for your whole organization.
Each simple URL in your organization must have a unique name, and cannot be a prefix of
another simple URL (for example, you could not set lync.contoso.com/Meet as your Meet simple
URL and lync/contoso.com/Meet/Dialin as your Dialin simple URL). Simple URL names cannot
contain the FQDN of any of your pools, or any port information (for example,
https://FQDN:88/meet is not allowed). All simple URLs must start with the https:// prefix.
Simple URLs can contain only alphanumeric characters (that is, a-z, A-Z, 0-9, and the period (.). If
you use other characters, the simple URLs might not work as expected.
Changing Simple URLs after Deployment
If you change a simple URL after initial deployment, you must be aware of what changes impact
your DNS records and certificates for simple URLs. If the change impacts the base of a simple
URL, then you must change the DNS records and certificates as well. For example, changing
from https://lync.contoso.com/Meet to https://meet.contoso.com changes the base URL from
lync.contoso.com to meet.contoso.com, so you would need to change the DNS records and
certificates to refer to meet.contoso.com. If you changed the simple URL from
https://lync.contoso.com/Meet to https://lync.contoso.com/Meetings, the base URL of
lync.contoso.com stays the same, so no DNS or certificate changes are needed.
Whenever you change a simple URL name, however, you must run Enable-CsComputer on each
Director and Front End Server to register the change.
See Also
DNS Requirements for Simple URLs
Preventing New Connections to Lync Server 2010
Microsoft Lync Server 2010 introduces a new feature that enables you to take a server offline (for
example, to apply software or hardware upgrades) without any loss of service to users. When you
specify the option to prevent new connections or calls to a server in a pool, it stops taking any
new connections and calls as soon as you implement this option. These new connections and
calls are routed through other servers in the pool. A server that is preventing new connections
allows its sessions on existing connections to continue until they naturally end. When all existing
sessions have ended, the server is ready to be taken offline.
When you prevent new connections to a Front End Server, some Lync Server 2010 features andservices rely on the new DNS load balancing feature to ensure proper that it functions properly. If
you are not using DNS load balancing on the pool, connections through these services may not
be re-routed to other servers during the period that the server is preventing new connections, and
thus when the server is taken offline some sessions and calls may be interrupted. The features
that rely on DNS load balancing to ensure that this option operates properly are as follows:
Microsoft Lync 2010 Attendant
31
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
35/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Conferencing Announcement application
Response Group application
Announcement application
Call Park applicationFor details about DNS load balancing, see DNS Load Balancing in the Planning documentation.
In addition to preventing new connections for all services on a server running Lync Server 2010,
you can also prevent new connections for individual Lync Server services. For example, this
method is useful in a situation where you need to apply a Lync Server update that does not
require the whole server to be shut down. Note that when you prevent connections for one
service, you must select a service as it is grouped and displayed in the Windows list of services.
For example, the Lync Server Front-End service and the data collection agent for Monitoring
Server are separate Lync Server services, but in the Windows services list they are consolidated
and shown as the RTCSrv.exe service. You can prevent new connections for the RTCSrv.exe
service, but you cannot prevent new connections for these two individual underlying Lync Server
services separately.
Important:
When you set a server to prevent new connections, and then restart the server, by default
the server will immediately begin accepting new connections after it starts. To prevent
this, set the server to only pause and resume manually, before you restart the server.
32
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
36/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Planning for ArchivingIn Microsoft Lync Server 2010 communications software, you can deploy the Archiving Server
feature to archive instant messaging (IM) and web conferencing communications sent throughLync Server 2010, in order to support compliance requirements.
In This Section
Overview of Archiving
Defining Your Requirements for Archiving
Components and Topologies for Archiving
Technical Requirements for Archiving
Archiving Deployment Overview
Overview of Archiving
Corporations and other organizations are subject to an increasing number of industry and
government regulations that require the retention of specific types of communications. With the
Archiving Server feature, Microsoft Lync Server 2010 provides a way for you to archive instant
messaging (IM) content, conferencing (meeting) content, or both that is sent through Lync Server
2010.
If you deploy Archiving Server and associate it with Front End pools, you can set it to archive
instant messages and conferences and specify the users for which archiving is enabled. When
you deploy Archiving Server, a global policy is created by default. You can use the global policy to
enable archiving of internal communications (that is, communications between internal users) and
external communications (that is, communications that include at least one non-internal user).
You can also specify the users for whom archiving is enabled by creating policies for specific
users or sites. If archiving is enabled, the instant messages from all multiparty conferences
involving users can also archived, even if you have set Archiving Server to archive the messages
of only specified users and sites.
The following types of content are archived:
Peer-to-peer instant messages
Multiparty instant messages
Conference content, including uploaded content (for example, handouts) and event-
related content (for example, joining, leaving, uploading sharing, and changes in visibility)
The following types of content are not archived:
Peer-to-peer file transfers
Audio/video for peer-to-peer instant messages and conferences
Application sharing for peer-to-peer instant messages and conferences
Conferencing annotations and polls
To configure archiving, you need to specify the following:
33
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
37/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
The scope of archiving support required in your organization, including which policies are
required for specific sites and users and whether archiving is to be enabled for internal
communications, external communications, or both, in addition to which workloads are to be
archived.
Whether to run Lync Server 2010 in critical mode, which blocks IM or conferencing
sessions if archiving fails.
How archived data is to be managed. The archiving database is not intended for long-
term retention and Lync Server 2010 does not provide an e-discovery (search) solution for
archived data, so data needs to be moved to other storage. Lync Server 2010 does provide a
session export tool that you can use to export archived data, creating searchable transcripts
of the archived data.
Whether to enable purging of archived data and, if so, how to implement purging.
For details about these options, see Defining Your Requirements for Archiving.
If you enable archiving in one Front End pool or Standard Edition server, you should then enable
it for all other Front End pools and Standard Edition servers in your deployment. You need to do
this because users whose communications are required to be archived can be invited to a group
IM conversation or meetings hosted on a different pool. If archiving is not enabled on the pool
where the conversation or meeting is hosted, the session cannot be archived.
Defining Your Requirements for Archiving
If your organization must follow compliance regulations, you can deploy Archiving Server to
enable archiving support for Microsoft Lync Server 2010 instant messaging (IM) and
conferencing. To deploy Archiving Server, you need to decide how you want to implement it,
including support for specific sites and users, criticality of archiving, purge settings, and
management of archived data.Before you deploy Archiving Server, you need to determine the following for your organization:
Which sites and users in your organization require archiving support.
Whether to enable archiving for internal communications (that is, communications
between internal users), external communications (that is, communications that include at
least one user outside your organization), or both.
Whether to enable archiving for both IM and conferencing sessions or only for IM
sessions.
In addition, you also need to determine the specific policies and other support options that you
want to implement, including the use of critical mode and how to manage the exporting and
purging archived data.
Note:
To enable you to delegate administrative tasks while maintaining your organization's
security standards, Microsoft Lync Server 2010 communications software uses role-
based access control (RBAC). With RBAC, administrative privilege is granted by
assigning users to pre-defined administrative roles. To configure archiving policies and
other archiving options, the user be assigned to the CsArchivingAdministrator role
34
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
38/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
(unless the configuration is done directly on the Archiving Server, instead of remotely
from another computer). For details about RBAC, seeRole-Based Access Controlin the
Planning documentation. For a list of the user rights, permissions, and roles required for
archiving deployment, see Archiving Deployment Overview, which is available in both the
Planning documentation and the Deployment documentation.
Archiving Policies
You can control the scope of archiving support by using archiving policies and the configuration
options for each policy. Archiving policies include the following:
Global archiving policy By default, Lync Server 2010 creates a global archiving policy
when you deploy Archiving Server. The global policy applies to all users and sites in your
deployment. In the global policy, you specify whether to enable archiving of internal
communications, external communications, or both.
Important:
By default, neither archiving of internal communications nor archiving of external
communications is enabled. The global policy cannot be deleted. If you try to delete
it, the policy is reset to the default values.
Site archiving policy You can enable or disable archiving support for specific sites. For
example, to enable archiving support for a small number of sites, you can set the global
archiving policy to not archive internal or external communications, and then create a site
policy for each site for which you want to enable archiving support. As with the global policy,
you specify in each site policy whether to enable archiving of internal communications,
external communications, or both.
User archiving policy You can enable or disable archiving support for specific users by
assigning the policies to users that are defined in Users. For example, to disable archivingsupport for specific users at a site, you could set the global archiving policy to not archive
internal or external communications, create a site policy for the site to enable archiving for the
site, and then create a user policy that disables archiving support for the users. You could
also not use a site policy at all, and use only user policies to enable archiving for specific
users. As with the global policy and site policies, you specify in each user policy whether to
enable archiving of internal communications, external communications, or both.
For each archiving policy in your deployment, you can specify whether to archive only IM
sessions or to archive both IM and conferencing sessions.
If you create both site and user policies, user policies override site policies.
Note:
Group instant messages and conferences are archived only if a user policy for at least
one of the participants is configured to enable archiving.
35
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
39/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Critical Mode
If archiving is mission-critical in your organization, you can specify that Archiving Server run in
critical mode. In critical mode, Lync Server 2010 blocks specific functionality, if instant messages
and conferencing content cannot be archived. For example:
If the Archiving service is temporarily unable to send a message to the database queue
or insert a message into the database), both IM and conferencing functionality are blocked in
the deployment until archiving support is restored.
If a conferencing user uploads a file, but the file cannot be copied to the archiving file
store, conferencing functionality is blocked in the deployment until the problem is resolved,
but IM functionality is not blocked.
The blocking of IM and conferencing does not affect any other Lync Server features and
functionality, which should continue to operate as usual. By default, blocking of IM and
conferencing sessions is not enabled.
Data Export
Using the session export tool provided in Lync Server 2010, you can create searchable
transcripts of archived data. You can use the tool to do the following:
Create transcripts from archived data such as multi-part email messages (multi-part
MIME formatted Outlook Express Electronic Mail (EML) format .eml file) that consists of the
IM or conference transcript, the conference activity file (as an attachment), and uploaded
conference files, including handouts (as attachments). You can create transcripts for all users
or specific users.
Mark records that have been exported as safe to delete.
The session export tool creates one transcript for each completed communications session within
the specified date range (between specified starting and ending dates). You run this tool using the
Lync ServerExport-CsArchivingData cmdlet. For an overview of the cmdlets you can use to
manage Lync Server, see New Lync Server Management Shell in the Getting Started
documentation.
Purge Mode
You can specify whether to purge the archives of data. If you enable purging of archiving data,
you must specify one of the following options:
Purge both exported archiving data and stored archiving data after a specific number of
days. The minimum number of days that you can specify is one day. The maximum number of
days that you can specify is 2562 days. By default, purging is not enabled.
Purge exported archiving data only. This option purges all records that have been
exported and marked as safe to delete by the session export tool.
Components and Topologies for Archiving
To be able to archive the content of IM, including conferencing content, sent through Microsoft
Lync Server 2010 communications software, deploy Archiving Server, which is a server role in
36
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
40/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Lync Server. To deploy an Archiving Server, you first use Topology Builder to define it and publish
the topology, and then install and configure Lync Server 2010 on the server that you want to set
up as the Archiving Server.
Supported Components
The Archiving Server feature includes the following components:
Archiving agents Are installed and activated automatically on every Front End pool
and Standard Edition server. The archiving agents capture messages for archiving and send
them to the destination queue on the Archiving Server. Although archiving agents are
activated automatically, no messages are actually captured unless an Archiving Server is
deployed and associated with that Front End pool or Standard Edition server and archiving is
enabled. You can enable archiving at the global level, at the site level, or for specific users.
Archiving Server The server role that reads the messages from the archiving agents in
the Front End Servers and then writes them to the Archiving back-end database.
Archiving Server back-end database The SQL Server database that runs on SQL
Server and stores the archived messages. The database can be collocated on the same
computer as the Archiving Server, or on a different computer, as described in this section.
For a list of hardware and software requirements for Archiving Server and the server running the
Archiving Server database, see Supported Hardware and Server Software and Infrastructure
Support in the Supportability documentation.
Supported Topologies
An Archiving Server can archive messages from one or more Front End pools or Standard Edition
servers. All Front End pools and Standard Edition servers in a central site and associated branch
sites must use the same Archiving Server. The following figure illustrates two possible ArchivingServer topologies.
Archiving Server topologies
37
-
8/6/2019 Chapter 08 Planning for Virtualization Monitoring Archiving
41/50
Chapter 8: Planning for Virtualization, Archiving, Monitoring, and Manageability
Supported Collocation
Lync Server 2010 supports a variety of collocation scenarios, allowing you flexibility to save
hardware costs by running multiple components on one physical server (if you have a small
organization), or to separate components onto different servers (if you have a larger organization
that needs scalability and performance). Scalability factors should certainly be considered before
you decide whether to collocate Archiving Server or its database with other server roles or
databases.
You can deploy the Archiving Server and the Archiving database on the same server or separate
servers. You can also collocate the Archiving Server and the Archiving database with any or all of
the following:
Monitoring Server
Monitoring database
Back-end database of an Enterprise Edition Front End pool
File share for Lync Server 2010.
If you collocate the Archiving database with the Monitoring database, back-end database, or both
of these databases, you can either use a single SQL instance for any or all of the databases, or
you can use a separate SQL instance for each database, with the following limitations:
Each SQL instance can contain only a single back-end database, single Monitoring
database, and single Archiving database.
The database server cannot support more than one Front End pool, one Archiving
Server, and one Monitoring Server, but it can support one of each, regardless of whether the
databases use the same SQL instance or separate SQL instances.
For details about collocation of all server roles and databases, see Supported Server Collocation
in the Supportability documentation.
Note:
The server hosting the Archiving Server database can host other databases. However,
when you consider collocating the Archiving database with other databases, be aware
that if you are archiving the messages of more than a few users, the disk space needed
by the Archiving Server database can grow very large. For details about database
capacity, seeTechnical Requirements for Archiving.
Technical Req