microsoft lync server 2013 - basic administration release 2_1

8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1

1/92

Microsoft Lync Server 201

Basic AdministratioRelease 2

Author: Fabrizio Vol e


2/92

1

Acknowledgements

This book is dedicated to those who live every day with me, my family, Federico and

Antonella and to my parents. It is dedicated to Flavia who has just started her life, and

to my grandmother Ines who still lives in my thoughts.

There Ain't no Such Thing as a Free Lunch

You will read this book at no cost.

I hope the work that I am making available to you, which is the result of the end of an

interesting and complex collaboration with the publisher Manning Publications will be

useful to you in understanding and managing Lync. But I do not believe in free lunches.

So if this text will be useful to you, and you will have the desire to pay for it, I invite you

to make a donation to Save the Childrens or to another association for the protection of

minors.

Then you will have paid for your meal.

Disclaimer

This release 2.1adds a full chapter (6, Firewall Requirements for Lync Server 2013) to

the previous work. Again, I had a great technical review and useful hints from Lync MVP

Thomas Poett (@ThomasPoett). The Lync client debugging paragraph you will find in

chapter 6 comes from his hands-on experience and is outstanding imho.

This time I had also another reviewer that gave me a great feedback not only on the final

draft, but also on the first versions I have published on my website. Alessio Giombini

(@AlessioGiombini), an experienced solution architect and Lync professional, gave a

fundamental help to this work. To both of them I say thank you. The Lync community is

a big place to be because there are people like you.

Cover image: Calgary skyline and a pedestrian bridge in Calgary, Alberta Canada. Used

under Extended Print RF License


3/92

2

About the Author

Fabrizio VolpeHas worked in the Iccrea Banking Group since 2000, as Network

and Systems Administrator. Since 2011 he has been awarded Microsoft MVP on

Directory Services from Microsoft. In the year 2014 he has been awarded Microsoft

MVP on Lync. Fabrizio has authored books dedicated to the IT and security

professionals, has participated as speaker on well-known IT conferences and is

committed to creating content that is accessible to a wide number of people, so he often

publishes contents

on his channel on YouTube (http://www.youtube.com/user/lync2013 ) on his personal blog (http://blog.lync2013.org) on SlideShare (http://www.slideshare.net/fabriziov )

About the Reviewers

Thomas Poett- Professional, consistent, and experienced expert who is technicallysavvy with over 20 years of experience in IT, telecommunication and software

development. Additional extensive experience in business and market development.

Specialized in intercultural and business relationship in Asia. Successful in providing

leadership on new topics and complex global projects that require interfacing with

internal/external teams and ecosystems. Early adaptor of visionary technologies. 20+
http://www.youtube.com/user/lync2013http://www.youtube.com/user/lync2013http://www.youtube.com/user/lync2013http://blog.lync2013.org/http://blog.lync2013.org/http://blog.lync2013.org/http://www.slideshare.net/fabriziovhttp://www.slideshare.net/fabriziovhttp://www.slideshare.net/fabriziovhttp://blog.lync2013.org/http://www.youtube.com/user/lync2013


4/92

3

year career within different companies in the areas software development,

telecommunication, IT, mobility and hosted/cloud services.

Alessio Giombini - Alessio is an Infrastructure Solutions Architect, with a strong

focus in Microsoft and Unified Communications area. Over 15 years' study and hands on

experience delivering small to large-scale projects for major EMEA enterprise

industries, mainly based on Microsoft and other leading edge technologies, systems

applications and operations running on top of them. He has Broad and mixed technical

background in infrastructure and communications field, systems integration, Systems

Management, security, as well as an in-depth understanding of the business of

computing and networking in enterprise organisations. Currently works for InterCall

UK and his main tasks are Architectural design and delivery of Microsoft environments,

with specific focus on multi-vendor UC solutions, based on Microsoft Lync 2013 with

Enterprise Voice, Exchange Unified Messaging, migrations from Lync 2010 and OCS

2007, load balancers, reverse proxy, firewall, Exchange UM.


5/92

4

ACKNOWLEDGEMENTS ......................................................................................................................................... 1

THERE AIN'T NO SUCH THING AS A FREE LUNCH ...................................................................................................... 1

DISCLAIMER ......................................................................................................................................................... 1

ABOUT THE AUTHOR ............................................................................................................................................. 2

ABOUT THE REVIEWERS .......................................................................................................................................... 2

1 BEFORE YOU BEGIN .................................................................................................................................. 7

WHAT IS MICROSOFT LYNC 2013SERVER? ............................................................................................................ 7

WHY LYNC 2013MATTERS?.................................................................................................................................. 7

LOOKING AT LYNC 2013FROM THE CLIENT ........................................................................................................... 8

LOOKING AT LYNC 2013FROM THE SERVER ........................................................................................................ 13

ADOPTING LYNC:WHAT INEED AND HOW MUCH DOES IT COST ........................................................................ 14

EXTRA COSTS TO BE AWARE OF WITH LYNC 2013 ................................................................................................ 18

FINAL WORD ..................................................................................................................................................... 19

2 BUILDING YOUR LYNC 2013 LAB ........................................................................................................... 20

PLANNING A MINIMAL WORKING INFRASTRUCTURE................................................................................................ 20

INTERNAL LYNC SERVER SERVICES ONLY .............................................................................................................. 20

Try it now .................................................................................................................................................................. 21

LYNC SERVER AVAILABLE FOR EXTERNAL USERS .................................................................................................... 21

Try it now .................................................................................................................................................................. 22

EXCHANGE 2013AND SHAREPOINT 2013INTEGRATION...................................................................................... 22

ASSEMBLING THE REQUIRED SOFTWARE AND HARDWARE ....................................................................................... 23

Virtualization ........................................................................................................................................ 23

Acquiring the Required Resources ................................................................................................... 24

REALIZING THE DEPLOYMENT SCENARIOS ............................................................................................................. 25

Try it now .................................................................................................................................................................. 25

DEPLOYING THE LAB ........................................................................................................................................... 26

Domain controller ............................................................................................................................... 26

Try it now .................................................................................................................................................................. 27

Lync Server Front End ......................................................................................................................... 28

Office Web Apps Server .................................................................................................................... 28

Reverse Proxy ...................................................................................................................................... 28

Lync Edge ............................................................................................................................................ 28

Exchange and SharePoint ................................................................................................................. 28

LAB ................................................................................................................................................................... 29

3 MANAGING USERS WITH LYNC SERVER CONTROL PANEL .................................................................. 30

INTRODUCING LYNC ADMINISTRATION FROM THE CONTROL PANEL....................................................................... 30

CHOOSING BETWEEN THE CONTROL PANEL AND THE MANAGEMENT SHELL........................................................... 31

POLICIES AND POLICY SCOPES IN LYNC ADMINISTRATION..................................................................................... 32

ROLES IN LYNC ADMINISTRATION ......................................................................................................................... 34

Try It Now.................................................................................................................................................................. 34


6/92

5

ENABLING AND CONFIGURING USERS ................................................................................................................. 35

ENABLING A USER TO LYNC ................................................................................................................................. 36

Pool assignment .................................................................................................................................. 37

SIP URI configuration ........................................................................................................................... 38

Telephony options .............................................................................................................................. 40

Dial plan policy ................................................................................................................................... 41Voice policy ........................................................................................................................................ 43

Policy assignment ............................................................................................................................... 43

Try it Now .................................................................................................................................................................. 46

LAB ................................................................................................................................................................... 46

4 MANAGING CLIENTS, AND DEVICES WITH LYNC SERVER CONTROL PANEL ...................................... 48

SOFTWARE CLIENTS ............................................................................................................................................ 51

Try It Now.................................................................................................................................................................. 53

HARDWARE DEVICES .......................................................................................................................................... 54

MOBILITY ........................................................................................................................................................... 56SOME THINGS YOU HAVE TO DO OUTSIDE THE CONTROL PANEL .......................................................................... 58

Try It Now.................................................................................................................................................................. 60

LAB ................................................................................................................................................................... 60

5 MANAGING USERS WITH LYNC SERVER MANAGEMENT SHELL ........................................................... 62

ADMINISTERING USERS FROM THE MANAGEMENT SHELL ....................................................................................... 62

ENABLE OR DISABLE LYNC USERS ......................................................................................................................... 65

Try It Now.................................................................................................................................................................. 67

MOVING LYNC USERS BETWEEN DIFFERENT POOLS ............................................................................................... 67

HANDLING POLICIES FROM THE MANAGEMENT SHELL .......................................................................................... 69

LAB ................................................................................................................................................................... 73

6 FIREWALL REQUIREMENTS FOR LYNC SERVER 2013 .............................................................................. 74

PLANNING A LYNC DEPLOYMENT THE RIGHT WAY:TOOLS YOU WILL LOVE (PART 1) ............................................. 74

THE BASIC DIAGRAM OF A LYNC DEPLOYMENT WE WILL USE IN THE CHAPTER....................................................... 75

LYNC SERVER 2013:INTERNAL NETWORK ............................................................................................................ 76

Servers located in the LAN ................................................................................................................ 76

Servers located in the DMZ ................................................................................................................ 78

Try it now .................................................................................................................................................................. 80

INFRASTRUCTURE REQUIREMENTS .......................................................................................................................... 80

FIREWALL RULES REQUIRED FOR LYNC SERVER 2013 ............................................................................................. 816.1 NETWORK TRAFFIC FROM SERVERS IN THE DMZTO SERVERS IN THE INTERNAL NETWORK................................. 83

6.2 NETWORK TRAFFIC FROM THE SERVERS IN THE DMZTO THE EXTERNAL NETWORK........................................... 83

6.3 NETWORK TRAFFIC FROM THE EXTERNAL NETWORK TO THE SERVERS IN THE DMZ ........................................... 84

6.4 NETWORK TRAFFIC FROM THE SERVERS IN THE INTERNAL NETWORK TO THE SERVERS IN THE DMZ ..................... 86

6.5 NETWORK TRAFFIC RELATED TO LYNC CLIENTS IN THE INTERNAL NETWORK.................................................... 87

NOTES RELATED TO THE FIREWALL RULES REQUIRED FOR LYNC SERVER 2013 .......................................................... 88


7/92

6

VERIFYING A LYNC DEPLOYMENT IN THE RIGHT WAY:TOOLS YOU WILL LOVE (PART 2) .......................................... 89

VERIFYING A LYNC DEPLOYMENT IN THE RIGHT WAY:SOME HIGH-LEVEL DEBUGGING STEPS IF LYNC CLIENTS ON THE

EXTERNAL NETWORK ARE NOT WORKING ............................................................................................................ 90

LAB ................................................................................................................................................................... 90


8/92


9/92

8

decided to make Lync compatible with as many hardware products (dedicated to voice

and conferencing) as possible. A large number of coexistence scenarios with other

unified communication solutions is also available. Finally yet importantly, Lync has high

quality interfaces for administrators and users that are proving to be the strong point.

Looking At Lync 2013 from the Client

One of the best ways to get an idea of the capabilities of Lync is to open one of the

available clients, as I did in figure 1.1.

Figure 1.1 Full Lync 2013 client with presence indicators

As soon as a user logs into Lync, he uses the first feature of Lync called "rich presence".

Virtually all the people connected and enabled to our Lync infrastructure (colleagues,

employees of partner companies or business associates) display the rich presence

indicator as a status marker. Rich presence is like a simple traffic light with green,

yellow or red colors. It shows whether the person is able (and willing) to communicate

with us in a direct way (green indicator) rather than receive messages using a non-real-

time method (yellow or red indicator).

In the first situation, if you need to communicate with the other user, an instant

message or a call are a good solution, while you could prefer e-mail or invitations to a

scheduled meeting for a busy contact.


10/92

9

Rich presence status in Lync includes a set of information that allow the user to specify

the reason why he or she is not available. You can see the indicators summarized in the

following figure

Figure 1.2 a quick look at the presence status you can use in Lync client 1

Presence indicator of Lync are extended also to Exchange and SharePoint, so if we are

going to write a mail message or to organize a meeting, we know the presence status of

other users as you can see in figure 1.3

Figure 1.3 scheduling a meeting in Outlook for Lync enabled users. Some of them are busy at the moment

1Via an individual configuration, based on standard xml files, those presence indicators can be

enhanced with up to 4 additional, corporate based standards (see

http://technet.microsoft.com/en-us/library/gg398997.aspx)
http://technet.microsoft.com/en-us/library/gg398997.aspxhttp://technet.microsoft.com/en-us/library/gg398997.aspxhttp://technet.microsoft.com/en-us/library/gg398997.aspx


11/92

10

Other Microsoft and 3rdparty vendor application, e.g. Microsoft Office, Dynamic CRM

or most of the web based application also support a native integration with Lync Client

API. This enables us to start a quick communication regardless what we are doing.

Figure 1.3a Contact in Microsoft Word

I just mentioned the possibility to see the presence status of contacts that are not part of

our company. That is achieved using a further feature, Lync federation. Federation is

the capability of two companies with a Lync infrastructure to extend functionalities (IM

but also conferencing and voice) to each other if they establish a trust relationship. The

federation feature has been improved recently to include Skype users. Lync 2013 canfederate also with non-Microsoft services based on XMPP. You can see an example of

Lync users shown inside a Skype client in figure 1.4

Figure 1.4 Lync users are available in Skype if their company is using federation


12/92

11

Instant Messaging(including the ability to exchange files between users) and the

direct video conferencebetween two users are an experience similar to what you

may have already seen in other systems like Skype. One feature often not available in

other UC systems is the capability to use a web interface (the Lync Web App)to

enable people with no Lync client installed on their workstation to participate in ameeting. In figure 1.5 you can see the logon screen for the Web App

Figure 1.5 the Lync Web App plug-in is required if you want all the meeting features

Lync 2013 Web App comprises all the possibilities, including participation in audio and

video (in Lync 2010 it was limited to IM). This tool broadens the participation to those

who are working on a temporary workplace. External users using the Web App are able

to take part to a Lync meeting with an interface they are familiar with (as you can see in

figure 1.6)

Figure 1.6 a Lync meeting seen from the Lync Web App. Voice and video are available in the browser

Lync 2013 for Mobile clients is another tool that will expand your Lync user base. It

is available for Windows Phone, iPhone, iPad and Android. As you can see in the next


13/92

12

figure, the mobile client includes almost all of the features comprised in full client,

including video conferencing and VOIP functions.

Figure 1.7 doing a video call from a Windows Phone is no longer a big problem

The quality of this new mobile client is a major asset of Lync 2013, and it is very popular

with top management in the companies.

A series of plug-ins and third party packages exists to optimize the Lync client in a

virtualized working place (including bothvirtual desktopsand remote desktop

services).

Lync includes a feature known as persistent chatthat lets you create rooms. Rooms

are a way to categorize IM messages and preserve them. Anytime a user needs to read or

update a conversation, it is available on the server.

To complete this quick overview of the client side of Lync, I have to talk about the

enterprise voicefeatures. Lync can replace seamlessly an IP PBX and provide all kind

of service you can expect from a VOIP solution. It is also easy to integrate with pre-

existing solutions (such as the Cisco CUCM). Extending the voice functionalities to users

connecting from an external network requires only the Lync client we have already seen

Available Mobile Clients are:

Windows Phone 7.x(Lync 2010)Windows Phone 8 (Lync 2013)

Windows App(Lync 2013 App)

iPhone

iPAD

Android


14/92

13

Lync server 2013 supports also hardware desk phones like the ones you see in figure 1.8

Figure 1.8 some desk phones you can use with Lync Enterprise Voice

Adding support for more traditional-looking devices like the aforementioned ones, Lync

give to the users the capability to choose between these telephones and headsetsconnected directly to the computer (a more practical choice especially for mobile users).

Looking At Lync 2013 from the Server

Often, as a Lync administrator, you will see the infrastructure and features from the

server point of view. There are many tools to help you managing or debugging a Lync

deployment but the two main instruments, the ones you will use for day-by-day tasks,

are the administrative graphical interface of Lync (Lync Server Control Panel) and

the administrative command line (Lync Server Management Shell) based on

PowerShell.

You can see both of them in figure 1.9

Figure 1.9 the Control Panel and the Management Shell side by side


15/92

14

The Control Panel is the tool you can use for around 80% of all the administrative tasks.

The remaining 20% is available only in the Management Shell (that includes also all the

features you have in the Control Panel).

Adopting Lync: What I Need and How Much Does It Cost

Lync clearly distinguishes between two editions (Standard andEnterprise). The

basic server license costs the same in the two versions. However, the kind of edition you

will use has an impact on the available continuity features and on the number of

required servers.

To understand the aforementioned differences, it is required to explain also Lync server

roles.

Roles:

Every role grants to the infrastructure one or more Lync features Roles can be held by one or more Lync server at the same time

Roles make the architecture of Lync Server 2013 highly scalable. A deployment in a

small business with no external users can consist of a single standard edition server,

with the role of Lync Front End.This is because the Lync Front End is the

fundamental role, and runs a great part of the basic Lync Server functions.

Adding to the scenario an Active Directory server (Directory Servicesare required forLync) and a server with Office Web Appsinstalled (this is required for PowerPoint

presentations inside a Lync meeting) we have the fully functional (internal) Lync

deployment you can see in figure 1.10

Figure 1.10 a minimal infrastructure that will grant Lync features to our internal user


16/92

15

Users are homed on a Front End and their capability to work with Lync depends on

the availability of this role or of a server able to replace their home server in case of

errors.

The solution based on standard edition is interesting, especially to keep the costs as low

as possible.

It requires no additional licenses outside a single standard edition of Lync and does not

use an external database, as is the case for the enterprise edition. This kind of solution,

based on a single box, has its limits. Lync standard edition cannot guaranteehigh

availability. There is, as you will see, a method to pair two Front End server to grant

resiliencybut this is not automatic and requires operations by the Lync administrator.

The enterprise edition deployment is more expensive and complex. At least two Lync

Front End servers are required to create a Pool. It also requires the deployment of a

load balancer. This is required due to session persistence for http/ https.

A pool is a group of servers with identical configuration that provide high availability. In

a pool Lync features will be available even if one server goes offline. The functional

databases of Lync arent cohosted on the Front End (as it was for the standard edition)

but are active on an external SQL server. If we need also database continuity, we are

able to use the SQL mirroring mechanism. Clustered SQL installation is supported too,

but you have to keep in mind that this kind of high availability is focused on the SQL

server itself and does not give the additional continuity to the database that we have

with mirroring.In Lync high availability of the server roles requires the deployment of pools.


17/92

16

In figure 1.11 you can see a plan for a Lync deployment with an enterprise edition Front

End pool.

Figure 1.11 a plan for a Lync deployment including a pool for Front End high availability

Office Web Apps is not a Lync role, so if you need it in high availability you have to use

its mechanism that is deploying a farm.

The cost of this solution derive from:

From licenses for Lync enterprise edition servers

From SQL server licenses, needed to create the Lync database infrastructure,called Back End.

Note: SQL 2012 Licensing Guide states that, if the second SQL server is used only as

a passive copy, you need only a single SQL license (the one for the first server)

http://download.microsoft.com/download/7/3/C/73CAD4E0-D0B5-4BE5-AB49-

D5B886A5AE00/SQL_Server_2012_Licensing_Reference_Guide.pdf

Usually the next step after the installation of services for the internal network is the

exposure of the Lync features to external users.

To achieve the aforementioned result you are required to deploy a Lync Edgeserver

and a reverse proxy.

The Lync Edge server is a Lync role installed on a standalone machine, typically located

in a perimeter network and not added to the Active Directory domain. Lync edge makes

audio, video and conferencing services of available to the external users in a secure
http://download.microsoft.com/download/7/3/C/73CAD4E0-D0B5-4BE5-AB49-D5B886A5AE00/SQL_Server_2012_Licensing_Reference_Guide.pdfhttp://download.microsoft.com/download/7/3/C/73CAD4E0-D0B5-4BE5-AB49-D5B886A5AE00/SQL_Server_2012_Licensing_Reference_Guide.pdfhttp://download.microsoft.com/download/7/3/C/73CAD4E0-D0B5-4BE5-AB49-D5B886A5AE00/SQL_Server_2012_Licensing_Reference_Guide.pdfhttp://download.microsoft.com/download/7/3/C/73CAD4E0-D0B5-4BE5-AB49-D5B886A5AE00/SQL_Server_2012_Licensing_Reference_Guide.pdfhttp://download.microsoft.com/download/7/3/C/73CAD4E0-D0B5-4BE5-AB49-D5B886A5AE00/SQL_Server_2012_Licensing_Reference_Guide.pdf


18/92

17

manner, acting like a man in the middle that receive requests from the Internet and

forwards them to the Lync Front End. There is no direct connection between the user

and the Lync servers on the internal network.

A reverse proxy is similar to a Lync edge, but it exposes safely theweb functionalities

(like the Web App, Address Book or Simple URLs) of the Front End, placing itself in themiddle between the client and the target server.

A reverse Proxy solution could be Microsoft TMG, Microsoft IIS ARR, Microsoft Web

Application Proxy (2012 R2) or any other supported firewall.

In figure 1.12 , you can see a schema including the servers required for external users

access.

Figure 1.12 schema with a perimeter network and the servers required for external user access

Adding the Lync edge and a reverse proxy does not require additional costs, because

edge requires no license and there are many free solutions to deploy reverse proxy

functionalities.

Talking about Lync roles there are some of them that I have not mentioned yet:

Monitoringis a role dedicated to the registration of quality parameters and to the

related reporting.

Archivingrole saves the contents of IM communications for legal and compliance

requirements and archives IM, Conferencing and Persistent Chat.


19/92

18

In Lync 2013 server monitoring and archiving role are always collocated on the Front

End. The decision to make is whether these roles are required. Monitoring is very useful

for troubleshooting and gains additional value if you use the enterprise voice. The

presence of archiving is related only to legal constraints.

Persistent Chatis a role that enables the creation of IM chat rooms. You will be ableto create thematic areas and the room are persistent. A user can re-read the

conversation or add something at any time. A function like this makes sense, for

example, to create a corporate knowledge base. Persistent chat can be collocated on a

standard edition Front End or deployed as a dedicated server (or pool).

Mediation serveris required to operate the enterprise voice (it manages the

"signaling" data stream). In Lync 2013, the hardware requirements have been reduced

due to the presence of the media bypass (which will be discussed in the chapters devoted

to the implementation of voice). This innovation allows collocating the mediation as arole on a Lync Front End. The possibility of creating a server or a pool of mediation is

still available.

Directoris a role that manages user authentication before they connect directly with

Lync Front End. In Lync server 2013 this role is not really useful. It could provide an

additional layer of security but director adds (also) a potential critical point.

Extra Costs to Be Aware of with Lync 2013

During the previous explanation, I have not mentioned some costs that have their

importance in the design of a Lync solution. The first aspect to consider is the cost of the

base operating systemson which we will install Lync and the required additional

servers (Office Web Apps and reverse proxy). Lync supports installation on a virtual

environment, so we could use the virtualization rights of Windows to reduce costs (for

example, the Datacenter edition of Windows 2012 allows you to install unlimited virtual

machines on a single physical host). Nevertheless, a complex structure, such as the one

with a Front End pool, will also require a significant expense for the base operating

systems.

The second aspect is the cost of client licenses. Lync requires a CAL (Client Access

License) for each user or machine that logs on to the server. CALs are of three types and

each one is entitled to the use of a part of the features. Access to premium functionality

is determined by adoption of the Standard CALand then you have to add


20/92

19

supplemental CALS, an Enterprise CALand, for some additional features, a third

license called Plus CAL(you may think to Enterprise CAL and Plus CAL as

supplemental to the Standard CAL).

Standard CAL: offers IM (Instant Messaging) and Presence, as well as PC-PCaudio and video communication

Enterprise CAL: the user can use multi-party Lync meetings (including GalleryView, a feature allowing up to five active video streams to be displayed at once)

and PSTN conferencing dial-out..

Plus CAL: enables enterprise voice capabilities

The Lync 2013 client software can lead to a further increase in costs. The full Lync 2013

client for desktop is available as part of Office 2103 Plus or as a standalone application

under an Enterprise Agreement contract, so we'll have to consider the cost of this

package. The free alternative (Basic client for Lync 2013) has some limitations, for

example the Lync enterprise voice features are scaled down for such a client. It is also

possible to keep on using the pre-existing Lync 2010 clients but, however, the choice of a

client solution requires a proper assessment of the costs.

Note: Lync CALs:are additive, so possible combinations under the licensing agreement

only are:

Standard CAL Standard CAL + Enterprise CAL or Standard CAL + Plus CAL Standard CAL + Enterprise CAL + Plus CAL

Final Word

This brief overview has introduced concepts that you will see in detail throughout the

book. Many of the ideas presented here will make a greater sense when viewed in their

context, then I invite you to start with the first main chapter, Building your Lync 2013

Lab.


21/92


22/92

21

With the three servers above, you have a working Lync environment. It is a good idea to

add a virtualized client to test the behavior of a Lync user inside and outside the domain.

Your lab should look like the one in the next figure

Figure 2.1 the basic lab environment

With the above deployment (and adding a DHCP server on your domain controller) you

could even test a Lync phone edition.

Try it now

Are you able to install Lync Front End with no Office Web Apps server available? What

are the consequences?

Lync Server Available for External Users

If you want to test also the external user access, you have to add a Lync Edge and a

software or hardware to reverse proxy Lync Front End services (for example IIS or

Forefront TMG). An additional requirement will be to simulate the most common

scenario, a DMZ network between the Internet and your internal network. You could

achieve the result with a schema like the one in the next image using Forefront TMG as

a three legged firewall, configuring RRAS on a virtual Windows server or using a

hardware to simulate the network topology.

NOTE:

Under all circumstances, if you deploy Lync Edge Server in a real, fully supported

environment, you MUST ensure that each Edge Server is deployed with TWO network

interfaces , one for internal and the other for external access!


23/92

22

Figure 2.2 lab environment with three simulated networks

Try it now

Accepting to work in an unsupported scenario to limit the number of servers required,

are you able to deploy Lync for the external users with no reverse proxy? Is it possible to

achieve the result without the Lync Edge server?

Exchange 2013 and SharePoint 2013 Integration

Exchange and SharePoint add a lot of interesting features to Lync (Unified contact store

and high resolution images from Exchange 2013, skill based search with SharePoint

2013). With Exchange you should consider also the Unified Messaging feature to

integrate voice mail and other voice services. Also, to explore the integration between

Lync and Outlook you will need to mail enable your Lync users with an Exchange

mailbox. The lab at this point is not easy to deploy and manage as the ones we have seen

before


24/92

23

Figure 91630_2_3 lab environment with Exchange and SharePoint deployed

Assembling the required software and hardware

So, we are going to build working lab environments. One driver is (usually) keeping a

low cost (in terms of space, money and time required). Which are the resources we needto save the much? What we are able to keep on a virtual environment and what we need

to install on a dedicated hardware?

Virtualization

Lets start from the last of the aforementioned aspects: Lync 2013 enables virtualization

of all the Lync roles. Also, almost everything in the infrastructure that will support you

deployment or add features (domain controllers, mail servers and so on) is virtualizable

too. This is really important and will help you obtaining the first objective (learning

Lync with the least effort) and adds the support for snapshots, so you are able to test

configurations and rollback with a simple command. If you have access to a SIP trunk

(or you can simulate it, for example with a second Lync deployment or an alternative

voice solution like Asterisk) you are able to learn a lot of things about Lync Enterprise

Voice with no required dedicated hardware. If you are able to buy a Lync desk phone

and a switch you are able to explore also the management of telephony hardware with


25/92

24

Lync. So, what you will miss with such a solution? Well, what you cannot expect is the

working knowledge on how to configure third party voice gateways, IP PBX and so on.

That is something important that you will have to learn (probably) on the field, hoping

that the vendor documentation is as good as possible.

Acquiring the Required Resources

First lets examine the single resources you will need. After the next paragraph (in which

you will see the different deployment scenarios) I will try to propose best way to

obtaining them.

RAM(memory): it is a costly asset to attain. On laptops and desktops the maximum

memory you are able to use is limited by the hardware, and a really good motherboard

could use up to a maximum of 32 Gb (but you have to consider the costs of the memory

modules too).So one of your focus will be on creating the required infrastructure usingthe less memory possible. A limit here is usability because often you are able to keep

some servers up and running with few Mb of RAM but their performances will be so bad

that they will be like unusable. Virtualization can be of help supporting dynamic

memory but required memory is often a bottleneck anyway.

Hard disks: usually allocating disk space to the servers is fast and cheap (especially if

we are talking about a virtualized deployment). Disk performances may create an issue.

The more virtual machines you put on a single disk physical, the slower they will work.

Again, the solution here could be adding disks (easier on a desktop), to distribute the

files of the virtual servers on external disks or using SSD disks (costly).

CPU: this is a resource that usually overpowers the requirements. If you have a good

x64 processor with multiple cores and hyper threading enabled, that is something you

dont have to worry about.

Networking: if you want to try also the access for external users you will have to

simulate an Internet network and an internal one (with your edge server and reverse

proxy acting as an entry point to your Lync deployment). You could use an hardware

(SOHO firewalls and routers are really cheap) or a software (a virtualized Windows

server system with routing and remote access enables)

SSL Certificates: in a test environment you could use an internal C.A. to create and

distribute your certificates. Keep in mind that in a real world scenario a third party C.A.

is the easiest way to expand Lync services to external users and to avoid headaches and

problems.


26/92


27/92

26

Deploying the lab

Starting with the Internal Lync Server Services Only scenario you have to deploy:

A domain controller A Lync Front End (Standard Edition) An Office Web Apps Server

Domain controller

Lync will use the following servers as a base infrastructure:

Active Directory DNS Certification Authority

Lync interacts with Active Directory to build up the infrastructure, modify the schema,

the forest and the domains so that new classes and attributes are created. One of the

boundaries is that you can have only one Lync organization for every forest. It is

required to have at least a Windows 2003 level for the forest and for the domains.

DNS: Lync requires the capability to resolve all the names involved in the

infrastructure, including both the ones associated with the internal domain and the onesrelated to the public name (or names) of our company. The latter are usually defined SIP

domains for a company (Session Initiation Protocol or SIP is the protocol used to

initiate or terminate live communication sessions). That makes sense because your

users will log into Lync always with the same SIP address (or by using their mail

address) regardless of their location (tablet outside our company, desktop joined to the

domain and so on). So the internal DNS must be able to resolve the public names of

your domain AND must be able to route the requests to network addresses that are

inside our network. To achieve this result two solutions are available: split DNS (that is

hosting a fake public zone on the internal DNS) or to use PinPoint zones, that enablesyou to point single public names to internal IPs, without the need to manage the whole

internal copy of the public zone that is typical of the split brain scenarios.

To create a PinPoint zone (for a example for meet.lync2013.org to point to

192.168.1.100), you can use the following commands from a command prompt on the

DNS server.


28/92

27

dnscmd . /zoneadd meet.lync2013.org. /dsprimary

dnscmd . /recordadd meet.lync2013.org. @ A 192.168.1.100

In the next image you can see the messages resulting from the dnscmd commands

Figure 2.4 successfully pinpointing the meet record for the Lync Front End

Note: if you try the aforementioned commands from PowerShell, only the first one will

succeed.

Note: Regardless, of the kind of DNS records that you will use, it is important to fully

understand the impact you create for the Lync Clients. Lync Client use a given

procedure to identify their Lync Server, based on the users SIP Domain(@domain.com). The process is based on SRV DNS records. For our Test Lab, we will

not go into more detail.

Certification Authority: the whole Lync system is secure by design and communication

travels only in a secure from. That is why certificates are really important in Lync (base

services will not event start if there is an issue with certificates). For a test environment

the C.A. installed on the domain controller is all we need to create internally the

certificates required for internal and Internet connected servers.

Try it nowPinpointing can be done from the graphical interface too. Try it and evaluate what

method best fits for you


29/92

28

Lync Server Front End

Talking about the lab deployment what I suggest is to install Lync Standard Edition, and

collocate the Monitoring role, the Group Chat role and the Mediation server.

Note: to collocate the Monitoring role, you need to deploy also the monitoring reports. The whole process is well

described on the Matt Landis bloghttp://windowspbx.blogspot.it/2012/07/aaa-donotpost-install-lync-

standard.html

Office Web Apps Server

The installation is well described on the TechNet article Deploy Office Web Apps Server

http://technet.microsoft.com/en-us/library/jj219455.aspx. Only warning here is to select

and remember the internal and public name of the server, because they will be required

for certificates and for Lync Topology building.

You have additional requirements for the second scenario Lync Server Available for

External Users

Reverse Proxy

Microsoft does not suggest a specific solution for the Lync 2013 publishing process.

With TMG on the road toward the end of life, a viable solution is to use IIS as a reverse

proxy. Such a solution is outlined on the NextHop blog Using IIS ARR as a Reverse

Proxy for Lync Server 2013

http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-

proxy-for-lync-server-2013.aspx

Lync Edge

Lync Edge installation ill be discussed in chapter 25. In a test environment I suggest to

use the hosts file on the edge server to resolve the names of the internal Lync

infrastructure.

Exchange and SharePoint

The setup of Exchange and SharePoint is tied to the version of the aforementioned

servers you are going to deploy. Lync is able to integrate with Exchange 2007, 2010 and

2013. SharePoint is supported if the selected release is 2010 or 2013.

Some hints here:
http://windowspbx.blogspot.it/2012/07/aaa-donotpost-install-lync-standard.htmlhttp://windowspbx.blogspot.it/2012/07/aaa-donotpost-install-lync-standard.htmlhttp://windowspbx.blogspot.it/2012/07/aaa-donotpost-install-lync-standard.htmlhttp://technet.microsoft.com/en-us/library/jj219455.aspxhttp://technet.microsoft.com/en-us/library/jj219455.aspxhttp://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspxhttp://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspxhttp://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspxhttp://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspxhttp://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspxhttp://technet.microsoft.com/en-us/library/jj219455.aspxhttp://windowspbx.blogspot.it/2012/07/aaa-donotpost-install-lync-standard.htmlhttp://windowspbx.blogspot.it/2012/07/aaa-donotpost-install-lync-standard.html


30/92

29

In Exchange 2013 there is no UM role:

The functionality is into the Mailbox server role. Client Access server role provides the UM Call Router service Server-to-server authentication and authorization, OAuth(Open Authorization)

is a protocol required by Lync Server 2013, Exchange 2013 and Microsoft

SharePoint Server User credentials and passwords are not transmitted from one

computer to another (OAuth is based on the exchange of security tokens) Tokens

grant access to a specific set of resources for a specific amount of time

Lab

The configuration of OAuth can be started from Lync 2013 Assigning a Server-to-

Server Authentication Certificate to Microsoft Lync Server 2013

http://technet.microsoft.com/en-us/library/jj205253.aspxor from Exchange 2013Integrating Exchange 2013 + Lync 2013 for UCS & OWA integrationhttp://memphistech.net/?p=280

Try both the methods and evaluate pros and cons of the different approaches.
http://technet.microsoft.com/en-us/library/jj205253.aspxhttp://technet.microsoft.com/en-us/library/jj205253.aspxhttp://memphistech.net/?p=280http://memphistech.net/?p=280http://memphistech.net/?p=280http://technet.microsoft.com/en-us/library/jj205253.aspx


31/92

30

3 Managing users with

Lync Server Control PanelThe Lync Control Panel is the first administrative tool youll head to after the Lync

installation is complete. Around 80-90% of all the administrative tasks can be managed

with this graphical interface (the remaining operations will be limited to the Lync Server

Management Shell that I will explain starting from chapter 5).

This chapter is ideally split in two base topics:

An high level overview of the Control Panel and of some fundamental concepts ofLync administration (policies, policy scopes and administrative roles)

A complete explanation of the user configuration parameters available in theControl Panel, including pool assignment, SIP URI configuration, telephony

options and policy assignment

Introducing Lync Administration from the Control Panel

If you are not a PowerShell expert and if your Lync deployment does not require

frequent troubleshooting, the Control Panel is the tool you will use more often in the dayby day administration of Lync.

The first operation you will usually perform in the Control Panel (and the one that is

suggested by default) is to enable users to Lync. The aforementioned operation may

sound logical if we ignore one basic fact: the configuration your user will receive is based

for a large part on Lync policies and rules while his / her Enterprise Voice configuration

will depend largely on the dial plans and voice routes you will deploy in your company.

So the unspoken assumption here is that before enabling the first user you should have

all the required settings already in place and the planning for voice, workload balancing

and so on done by this time.

My personal experience says that usually (for a lot of good reasons) you will have to

enable users to Lync and later modify the user settings accordingly to the configurations

you will deploy in a second moment.


32/92

31

So lets examine some of the steps you need to take if youre going to enable our users

(Patricia Johnson, Peter Duggan and Julie Penny) to Lync keeping in mind their

different needs. Summarizing what we said about here in the 1stChapter, they will

Enterprise Voice (for Julie with the external access prefix configured, for Peter with

delegation), mobility, conferencing (with gallery view feature for Patricia) andfederation with an XMPP external provider (again for Patricia).

Choosing Between the Control Panel and the Management Shell

A decision you need to make before you begin the actual work is about what tool you will

use. As I said at the beginning of the chapter, Lync 2013 enables management from a

graphical interface (Lync Server Control Panel) and a command line (Lync Server

Management Shell). Managing with a GUI is easier, but for example, if you are going to

enable a large number of users with a batch modification, the best tool it the

Management Shell.

The Control Panel may be confusing because you will have all the administrative

interfaces available, including ones related to features that you have still not deployed

(and ones that you will never use). Looking at the next image, for example, you see the

Persistent Chat tab in the Control Panel of a Lync deployment that does not have

persistent chat enabled.

Figure 3.1 The Home screen of the Control Panel


33/92


34/92

33

The policy will apply to all the Lync infrastructure (see figure 3.2)

Figure 3.2 a global policy with delegation not enabled

Few Lync users like Peter Duggan (that will delegate to Julie Penny) will have access to

the aforementioned feature. To create an exception to the rule you will create an

additional Voice Policy (with scope = user) and then you will be able to apply it to the

requiring users. We are going to define a new voice policy to respond to this need in

figure 3.3

Figure 3.3 selecting the scope to create policies that will be applied to specific users

If you had a branch office with a lot of users in need of the delegation feature, you could

have used the third scope (site) that applies to all the users in a specific Lync site. The

more specific policy overrides the others to allow a granular management (i.e.

conflicting parameters will be resolved by the User policy overriding the Site policy

and the site policy replacing the Global policy parameters).

As a consequence, the network aspect of your deployment will influence your Lync

administration; this is obvious because if you have a single site, you will lose a level of

flexibility when managing your policies.


35/92

34

Roles in Lync Administration

Role Based Access Control (RBAC) is the permissions model used in Lync 2013. During

the forest and domain preparation that is mandatory for the deployment of Lync, some

universal groups are created and permissions are assigned to them.

The aforementioned groups are the base of RBAC and enable you to control what

administrators and end-users can do. The division between Lync roles and other

administrative tasks (like Directory Services administration) is so net that just after the

domain preparation you have to insert at least one user in theCsAdministrator

group, to define the first administrator of Lync 2013.

Each RBAC role is associated with a set of Lync Server Management Shell cmdlets

corresponding to the tasks that can be carried out by users the users in a specific group.

Lets try to imagine a scenario: Lync2013.Org wantsto delegate to a group of operators

the monitoring of Lync health. The only operation that the Lync administrator will need

to perform is to insert their users in the CsViewOnlyAdministrator group (the tool

to use isActive Directory Users and Computers, there is no way from Lync to

perform this task)

Try It Now

We said that the groups have a limited subset of cmdlets available. To verify what

commands every group is able to perform you can use the following string in the Lync

Management Shell

Staying with the aforementioned example, you can launch the following line

GET-CSADMINROLE -IDENTITY "CSVIEWONLYADMINISTRATOR"|SELECT-OBJECT -EXPANDPROPERTY

CMDLETS

The result will show a list of the cmdlets related to the CsViewOnlyAdministrator group.

You can try the same command with CsAdministrator and see the differences.


36/92

35

Enabling And Configuring Users

In figure 3.4 I have divided the New Lync Server Userscreen into four zones:

Pool assignment SIP URI configuration Telephony options Policy assignment

I will use the aforementioned division to separate the different tasks related to user

parameters that you have at your disposal to configure your users (later in the chapter,

we will do the same thing for clients and devices).

Figure 3.4 The New LyncServer User page with the options divided into four zones


37/92

36

Enabling a User to Lync

Lets take a look to a standard process to enable to Lync one our users, Patricia Johnson.

We want to give her a Lync user that matches with her mail address, to assign her to theLync pool that is located in the companys headquarter and to give her a phone number

that is directly reachable from the public telephony system 1(555)555-5555.

She will use the Lync capability to view multiple video streams in a single conference

(gallery view) and she required to simplify her access to public IM services like

Jabber.Org (at the moment she has many different accounts on the various systems).

Patricia and her colleagues have used for many years a PBX that required dial 9 before

you were able to compose an external number. We want to accommodate also this

dialing habit.

We can start from the Control Panel, Userstab and select Enable Users

Figure 3.5 Starting with the enabling process

In the next screen selectAdd

Figure 3.6 The New Lync Server User screen

In the Select From Active Directoryscreen you are able to search the user with a

search or you can simply press the Findbutton and have a list of all the Active Directory

users not enabled to Lync. Select Patricia Johnson.


38/92

37

Figure 3.7 Starting with the enabling process

Pool assignment

Several parameters are already set to automatic, meaning that the Global policy will

apply as long as we do not decide otherwise. The first area is used to decide which pool

will host the user account (Patricia Johnson) as you can see in the following screen

capture (figure 3.8). The information related to the pool in which the user is homed

are shown in the first part of the menu and are important, for example, if we need tomove our users from one server to another one in case of a disaster recovery.

Figure 3.8 Assigning the user to a Standard Edition server

In Lync 2013 the so called Front End pool is in charge of a great part of base Lync

functionalities including authentication and registration. A Front End pool could be


39/92

38

constituted by a single Lync Standard edition server or by a group of Lync Enterprise

edition servers (the suggested minimum is two servers for an Enterprise pool).

Every user enabled to Lync must be homed on a pool. If the pool contains more than one

server, every person connecting to Lync will have a defined registration order (that is

build and updated using an algorithm) containing a primary server, a secondary serverand so on. The aforementioned mechanism balances the users on the pool nodes and

gives continuity if one or more of the servers fails. If you have a geographical network

with different Lync sites, the standard scenario is to have users homed on a pool that is

on their local network, although this is not mandatory.

With the so called brick logic implemented in Lync 2013, we have an additional

continuity feature (Front End pairing). If you have two separate pools, you are able to

failover and failback the accounts from one Front End pool to another. This is not the

same continuity level that you have with a single enterprise pool because you will haveto manually fail users form one Standard edition server to the other one. However this

method supports continuity (not high availability) because data are replicated in a way

that permits the user to be moved with no information lost.

SIP URI configuration

Patricia Johnson has a mail address on our companys Exchange system

([email protected] ). She will be more comfortable if you enable her to use thesame address to access also the Lync services( afeature calledunified communication).

Customers and partners will expect to contact her via Lync / Skype federation using the

same mail address (reported also on his business card). A second reference, different

from the aforementioned address, could be confusing.

As you know, Lync uses Session Initiation Protocol (SIP) as the signaling protocol. To

citate the RFC 3261 SIP is an application-layer control protocol that can establish,

modify, and terminate multimedia sessions (conferences) such as Internet telephony

calls. SIP can also invite participants to already existing sessions.

SIP URI is the SIP addressing schema to call another person. In other words, a SIP URI

is the software version of a traditional phone number based on the SIP protocol.

Each resource in an SIP network needs a unique URI (uniform resource identifier) and

Lync is no exception. The second zone, SIP URI Configuration iswhere you can
mailto:[email protected]:[email protected]:[email protected]:[email protected]


40/92

39

configure an SIP address for your user that must be unique in the Lync structure and

should be as easy as possible to remember for both internal and external users.

Figure 3.9 The SIP options available for every user

The available choices for the SIP URI depend heavily on the choices you make in the

Lync Topology Builder. When you design (and publish) your Lync infrastructure, you

are required to list all the SIP domains that your deployment will manage.

In figure 3.10 you can see the configuration related to the default SIP domain and to the

additional ones you are able to add. SIP URI containing domains that are not existing

here are not configurable in Lync Server 2013.

Figure 3.10 Adding or removing SIP domains requires modifications to the topology

If one of the SIP domains is also a public mail domain for the company, the Use usersemail address option should be your first choice.

The option to use the UPN (user principal name) has been widely used, but if your

Active Directory domain uses an internal name, the limits on the third party certificates

that will be effective on November 2015 make this option less convenient than it was in


41/92

40

the past. The remaining options add flexibility to give you the possibility to use a SIP

URI naming scheme that matches your companys needs.

Telephony options

In the third zone, telephony options, four settings are available in the first drop-down

menu as you can see in figure 3.11.

Figure 3.11 the Telephony drop-down menu

Audio/video disabledimplies that the user cannot make calls with audio and video

and is limited to Presence and IM only

PC-to-PC the user can make only PC-to-PC audio or video calls.

Enterprise Voice enables the user to take incoming and place outgoing voice calls

(this feature requires a specific Client Access License that you will need to buy in

addition to the server license, as I will explain later in the chapter). Remote call control

has two different settings

Remote call controlenables the user to remote call control. There are two option,

Remote call controlandRemote call control only. If RCC only is chosen, the PC-to-PC

call feature is disabled.

All parameters (excluding Audio/video disabled) require a Line URI (the telephone

number of the user).

Patricia requires full Enterprise Voice features and a number reachable from the public

telephonic system, 1(555)555-5555.

The first parameter we need is a Line URI. We said that Lync is based on the SIP

protocol, so you have to format it according to the ITU-T recommendation E. 164

(tel:+15555555555).


42/92

41

Such a format includes a country code, an area code, and a local user number and it is

required to put Lync server 2013 in a position to talk (also) with thePublic switched

telephone network(PSTN) and with the outside world in general. Enterprise voice

will be explained in greater detail later in the book.

The aforementioned number may be directly reachable from outside the company (thisis called DID, Direct Inward Dialing) or may be an internal number that requires calling

a main number. In the latter scenario, we have support for an additional parameter, ext.

The Line URI will look like the one in the figure 3.12, where the extension is 5555.

Figure 3.12 Configuring a user DID with extension

Dial plan policy

The Dial plan policy and the Voice policy will add some parameters we need to manage

an Enterprise Voice user.

The Dial plan policy resolves a common issue: you need to normalize the numbers (for

example, the ones that a user dials) so that they are transmitted to the voice gateways or

SIP trunks in E. 164 format. A Dial plan contains one or more normalization rules that

you can apply to a site, a pool, a user, or to the whole Lync system (the default Global

policy).

Normalization rules are created using regular expressions such as $ match the end (a

topic we will explore in the Enterprise Voice part of the book).


43/92


44/92

43

Voice policy

Voice policies are made up from two parts: features (that you can enable or disable)

and PSTN Usage records, as shown in figure 3.14

Figure 3.14 Editing a Voice policy

The previous screen capture shows the default configuration for a voice policy. For our

user we will enable also the call park feature (that is, the capability to leave a call

waiting and pick it up from another phone). The PSTN records are labels that we use

to group rules needed to manage call costs and voice routing. Well talk more about

Enterprise Voice in the third part of the book.

Earlier, we mentioned Lync CALs. Lync licensing is honor-based, so there is no control

or limit on the features you are able to use even if you havent acquired the necessary

licenses and you have no dedicated screen or configuration to add or remove licenses.

The only way you have to keep control over the number of required licenses is with the

policies you assign to Lync users, adding or removing features.

Policy assignment

We said that Patricia will use a feature called Gallery view. This is a new conferencing

layout that features up to five active video streams at the same time. The Allow multiple

video streams parameter (enabled by default and introduced for the first time in Lync

2013) can be disabled in situations where we need to inhibit access to a conference that

uses Gallery view. This is something we have to enable using a policy (that is, by working


45/92

44

in the last area of the Control Panel). The parameters are set in the screen you see in

figure 3.15 (in the Conferencing tab, editing the conferencing policy).

Figure 3.15 Editing the global conferencing policy to enable multiple video streams

Patricia Johnson keeps in touch with a large number of customers of our company and

she is often required to meet them on public IM services like jabber.org . You want to

make it easy for her to connect with the aforementioned external services using her Lync

account (and replacing with the latter a long list of accounts she uses on the various

platforms). You can achieve the result configuring a federation based on XMPP. I will

explain the details later, but basically what you need to do is to configure the policy in

the Federation and External Accesstab, editing the External Access Policyasshown in figure 3.16


46/92


47/92

46

ExternalAccesspolicyYou can configure which public systems (including XMPP

federated partners) or external users can collaborate with internal users.

ArchivingpolicyArchiving enables your company to keep a record of IM

conversations involving your Lync users. The aforementioned feature could be required

for legal reasons and could be turned on only for specific users, with a dedicated policyapplied to the people you need to track.

LocationpolicyLocation policy contains the E9-1-1 settings.

MobilitypolicyThe features you can control from here are related principally to the

Lync 2013 clients for mobile devices, e.g. Wifi Connection requirement for Video Calls

from those devices.

Persistent Chat policyThe parameters you can modify here are related to the

persistent chat service.

Client policyThe client policy dictates which client features will be available for the

user.

As youve seen, even the configuration of a user that doesnt have particularlycomplex

requirements involves several steps. A users policies and configuration (especially

projected on a large scale) have a deep impact on costs and on the performance of your

system and are not to be undervalued.

Try it Now

Move a user from one Lync pool to another and to disable their conferencing policies

using the Control Panel.

Lab

NOTE For this lab, youll need your domain controller and a Lync Front End up and running.

Proceed to enable a new users in Lync Delegate to this user the capability to enable and disable users for Lync Server Launch the Lync Control Panel whit the aforementioned user and enable two new

users to Lync

Define their policies so that one of them is enabled only to IM while the other oneis an Enterprise Voice user


48/92

47

For the latter, configure a dial policy that includes 0 as an external access prefix Try an audio call and then configure everything so that users are able to talk each

other with Enterprise Voice

Test the delegation feature, enabling it for a Lync user and applying the numberdelegation from the Lync client


49/92

48

4 Managing Clients, and

Devices with Lync ServerControl PanelAs a Lync server administrator, one of your tasks is to manage software updates and

usage policies for the clients. The definition of client in Lync includes Lync client

software installed on the user workstation or on a mobile device and IP deskphones. You

can add to the list the Lync Web App, a web interface accessible to the users with no

client software on their local machine. The Web App is not a full featured client butenables participation to an existing meeting.

In figure 4.1 you can see the full client, the Web App and a deskphone side by side.

4.1 A graphic representation of some of Lync 2013 clients

The Control Panel of Lync 2013 server will be of great help in this task with the tools

incorporated in a tab called CLIENTS(as I explained previously, the Control Panel is

the graphical interface for Lync administration). You can see it in figure 4.2

4.2 The left pane of Lync 2013 server Control Panel. The green circle shows the clients tab

In the client tabs we have the instruments to manage:


50/92

49

Clients: Lync and OCS client software installed on desktop clients (OCS 2007 R2 was

the UC product published from Microsoft before Lync)

Hardware: this definition includes all the deskphones you can use with Lync. These

can be divided into two broad categories:

Compatible IP Phones Tested and Qualified for Lyncthat are phones that use a

third-party software compatible with Lync

IP Phones Optimized for Lyncthat are phones based on Lync Phone Edition (see

figure 4.3). Lync Phone Edition is a client software from Microsoft that runs on qualified

devices and provides traditional and advanced telephony features.

Figure 4.3 the phone on the left uses Lync Phone Edition while the one on the right uses a software from the

hardware manufacturer

Mobility: dedicated to the management of client functionality designed for mobiledevices such as smartphones and tablets

In Figure 4.4, in addition to showing contents of the Clients tab, I have divided it into

three "zones" (client, hardware and mobility). It should be easier to explain the different

tools this way.

Figure 4.4 Clients tab in Lync Control Panel with the three zones


51/92

50

As you can see, two tabs are for Software Clients management, four are for Hardware

Devices and two focus on Mobility.

You can map each tab with the administrative tasks you accomplish inside, like in the

following table

Client Version Policy Client version policies enable you to specifywhich clients will accepted from Lync Server

Client VersionConfiguration

Here you can specify a default action forclients with no client version policy defined

Device Update You are able to approve and distributesoftware updates to the devices

Test Device You can add a test device and use it to verifynew updates before deploying them to

production devicesDevice LogConfiguration

You can manage settings related to thedevice updates logging

Device Configuration Device configuration enable you to modifymanagement options for Lync Phone Editionlike phone lock after time-out

Mobility Policy You can create a mobility policy to allow ordeny Lync features to mobile users

Push NotificationConfiguration

You can enable o disable push notifications.A notification is an on-screen warning aboutmissed Lync communications. It is available

only on certain versions of the Lync mobileclient

I will explain some of the configurations available in the various tab, keeping the logical

division into three areas to improve the clarity.

NOTE: Usually client management is not a job that you will perform on a daily basis.

Usually you will work in the face of new software updates or if you need to change

policies for your clients.

Now, to start with a practical example, lets imagine that you have just migrated your

corporates Lync infrastructure to Lync server 2013. You will probably have the Lync

2010 clients displaying the following error: Microsoft Lync 2010 is not a version that

can be used to sign in to the server, as you can see in figure 4.5


52/92

51

Figure 4.5 Default error with Lync 2010 clients

The solution to your problem is in what I have called the softwareclients zone of the

clients tab in the Lync serve Control Panel.

Software Clients

The parameters in the Client Version Policy and in the Client Version

Configuration tabs dictate together which clients can login to Lync server.

Every time a Lync user logs on, the client version configuration select if it is subject to

client version checks or not.

If the Client Version Configuration is enabled(see figure 4.6 the Client Version Policy

will check the release of the client software and allow (or deny) it the access.

Figure 4.6 Client Version Configuration enabled

Then the Client Version Policy establishes the rules for admitting or blocking the

different clients.


53/92

52

The default policy is a global one (that means that it applies to the entire infrastructure

Lync) as you can see in figure 4.7

Figure 4.7 client version policy with the default (global) policy

Opening the policy, you will see the list in the image 4.7. The value I have pointed out in

green is the one that regards our Lync 2010 clients. If they are older than version4.0.7577.4103 they will not be able to connect to Lync server 2013.

Figure 4.7 client version policy with the parameter regarding Lync 2010 client highlighted

The default settings are too restrictive, for our scenario, cutting out a part of the Lync

2010 clients. What you have to do is modify to set to allow the OC 4.0.7577.4103 version

of the User agent (corresponding to the Lync 2010 client) as you can see in the next

screen capture


54/92

53

Figure 4.6 Enabling Lync 2010 clients

Now, lets add some information to go beyond the specific issue you have just seen.

Version Configuration includes a setting to allow or block unidentified clients. That is an

important set because it dictates how Lync will manage any client it is not able to match

with the versions listed in the policy parameters.

To manage scenarios with a companys deployment of the Lync clients that is not

homogenous you can create site or user policies to manage exceptions for a single office

or employer.

Note: If you want to keep also Microsoft Office Communicator 2007 R2 clients running,

the version to modify is 3.5.6907.233

Hint: I suggest you a free tool (Find Lync Versions

http://www.stumper66.com/software/lync.html ) that queries the RTCLocal database to

retrieve the client versions that your users have on their workstation.

Try It Now

Open a Lync client and identify its version number. Prepare a list of the required steps to allow connection to the Lync server for

legacy clients in a branch office with a local Lync Front End server where the

users are homed. Now, imagine the aforementioned branch office with a SBA deployment of Lync (

Survivable Branch Appliance is a an hardware with limited Lync features to

increase voice resiliency in branch-office scenarios). The list of required steps to

keep legacy clients working will change ?


55/92

54

Hardware Devices

If your company uses the Enterprise Voice of Lync server 2013 (that is the Lync term to

define voice communications over Internet Protocol or VOIP) you probably have also

deployed deskphones as the ones you have seen at the beginning of the chapter.

A part of your administrative tasks is to keep up to date and to align to the last version of

software the aforementioned physical phone devices.

In this zone of the Control Panel you are able to approve and distribute updates to the

devices (and to rollback in case an issue arises), to test them or to configure some

parameters (see figure 4.7)

Figure 4.7 Device Management in Lync Control Panel

Letsassume that you need to update an HP4110 phone to the last release of the

software. The first step is to download an updated .bin file (this file, deployed to the

deskphones, will update their software). Then you need to make it available to the

devices.

Lync enables software distribution to the devices through the web service installed by

default on the Lync Front Ends.

Note: the procedure will require also the use of the Lync Management Shell (that is the

command line based on Windows PowerShell for Lync administration) and its cmdlets

(a lightweight command that is used in the PowerShell environment)

You need a cmdlet to import the .bin files in Lync server. The base command is Import-

CsDeviceUpdate but you need also to know a parameter of your Front End called

identity.

If you do not know the -identity parameter for your server you can use the following

cmdlet Get-CsService WebServer.

In my example I have a value equal to Webserver:2012SE1.Lync2013.dom.

The .bin file I have downloaded is located in c: and named ucupdates.cab. The ending

cmdlet to import it will be

Import-CsDeviceUpdate -identity WebServer:2012SE1.Lync2013.dom -FileName

c:\ucupdates.cab


56/92

55

To verify if the update have been imported correctly you have to go in the Lync Control

Panel and open the Device Updatein the clients tab.

The result is the one you can see in figure 4.8 (I have also opened the Action menu for

the approval).

Figure 4.8 Updates are available for approval in Lync Control Panel

Before deploying it on a large scale you can verify the new updates on a test devices

using the dedicated menu (Test Device) in the Control Panel. The hardware can be

identified using the MAC address (unique identifier of the network interface of the

deskphone). In my case 00:04:13:72:00:7F. You could also use the serial number

(M08400000) as shown in figure 4.9

Figure 4.9 Configuring a Test Device

If the test device shows no issue, you can deploy the update approving it in the

aforementioned Device Update tab.


57/92

56

Note: The pre-requirements for a successful Phone Edition deployment include a

working Lync Enterprise Voice implementation and modifications to the network

infrastructure servers like DNS and DHCP.

Mobility

Lets say that our user Patricia Johnson needs:

To use a mobile client and the call via work feature (i.e. the capability to call fromher cell phone using her work number)

We want her to use voice and video only if a Wi-Fi connection is available (somobile data connection should be inhibited for those features)

The bad news are that you cant achieve the result using only the Control Panel.

The default policy (global) that you can see in the Mobility Policytab (figure 4.10)

does not satisfy the aforementioned requirements and that there is no way to force the

Wi-Fi parameter from the Control Panel.

Figure 4.10 The Mobility Policy with the default policy opened

I have zoomed the previous image in figure 4.11. As you can see, the settings are only to

enable or disable mobility and call via work.


58/92


59/92

58

Push Notification are disabled by default (see Figure 4.12)

Figure 4.12 Default Policy for Push Notifications

To continue with our previous example, if Patricia has Lync 2013 Mobile on an Apple

device, you do not need push notifications because the new version of the client for IPad

and IPhone does not support them. If she uses Lync 2010 Mobile on an Apple device or

a Windows Phone, notifications useful. The aforementioned configurations will use the

push service to notify the user for lost IM messages and contacts when the client is in

background.

Note: the feature requires configurations for the Lync Edge and for the reverse proxy

that we will see later in the text.

Some Things You Have to Do Outside the Control Panel

Some devices, like the

microsoft lync server 2013 - basic administration release 2_1

Documents