microsoft lync server 2013 - basic administration release 2_1
TRANSCRIPT
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
1/92
Microsoft Lync Server 201
Basic AdministratioRelease 2
Author: Fabrizio Vol e
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
2/92
1
Acknowledgements
This book is dedicated to those who live every day with me, my family, Federico and
Antonella and to my parents. It is dedicated to Flavia who has just started her life, and
to my grandmother Ines who still lives in my thoughts.
There Ain't no Such Thing as a Free Lunch
You will read this book at no cost.
I hope the work that I am making available to you, which is the result of the end of an
interesting and complex collaboration with the publisher Manning Publications will be
useful to you in understanding and managing Lync. But I do not believe in free lunches.
So if this text will be useful to you, and you will have the desire to pay for it, I invite you
to make a donation to Save the Childrens or to another association for the protection of
minors.
Then you will have paid for your meal.
Disclaimer
This release 2.1adds a full chapter (6, Firewall Requirements for Lync Server 2013) to
the previous work. Again, I had a great technical review and useful hints from Lync MVP
Thomas Poett (@ThomasPoett). The Lync client debugging paragraph you will find in
chapter 6 comes from his hands-on experience and is outstanding imho.
This time I had also another reviewer that gave me a great feedback not only on the final
draft, but also on the first versions I have published on my website. Alessio Giombini
(@AlessioGiombini), an experienced solution architect and Lync professional, gave a
fundamental help to this work. To both of them I say thank you. The Lync community is
a big place to be because there are people like you.
Cover image: Calgary skyline and a pedestrian bridge in Calgary, Alberta Canada. Used
under Extended Print RF License
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
3/92
2
About the Author
Fabrizio VolpeHas worked in the Iccrea Banking Group since 2000, as Network
and Systems Administrator. Since 2011 he has been awarded Microsoft MVP on
Directory Services from Microsoft. In the year 2014 he has been awarded Microsoft
MVP on Lync. Fabrizio has authored books dedicated to the IT and security
professionals, has participated as speaker on well-known IT conferences and is
committed to creating content that is accessible to a wide number of people, so he often
publishes contents
on his channel on YouTube (http://www.youtube.com/user/lync2013 ) on his personal blog (http://blog.lync2013.org) on SlideShare (http://www.slideshare.net/fabriziov )
About the Reviewers
Thomas Poett- Professional, consistent, and experienced expert who is technicallysavvy with over 20 years of experience in IT, telecommunication and software
development. Additional extensive experience in business and market development.
Specialized in intercultural and business relationship in Asia. Successful in providing
leadership on new topics and complex global projects that require interfacing with
internal/external teams and ecosystems. Early adaptor of visionary technologies. 20+
http://www.youtube.com/user/lync2013http://www.youtube.com/user/lync2013http://www.youtube.com/user/lync2013http://blog.lync2013.org/http://blog.lync2013.org/http://blog.lync2013.org/http://www.slideshare.net/fabriziovhttp://www.slideshare.net/fabriziovhttp://www.slideshare.net/fabriziovhttp://blog.lync2013.org/http://www.youtube.com/user/lync2013 -
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
4/92
3
year career within different companies in the areas software development,
telecommunication, IT, mobility and hosted/cloud services.
Alessio Giombini - Alessio is an Infrastructure Solutions Architect, with a strong
focus in Microsoft and Unified Communications area. Over 15 years' study and hands on
experience delivering small to large-scale projects for major EMEA enterprise
industries, mainly based on Microsoft and other leading edge technologies, systems
applications and operations running on top of them. He has Broad and mixed technical
background in infrastructure and communications field, systems integration, Systems
Management, security, as well as an in-depth understanding of the business of
computing and networking in enterprise organisations. Currently works for InterCall
UK and his main tasks are Architectural design and delivery of Microsoft environments,
with specific focus on multi-vendor UC solutions, based on Microsoft Lync 2013 with
Enterprise Voice, Exchange Unified Messaging, migrations from Lync 2010 and OCS
2007, load balancers, reverse proxy, firewall, Exchange UM.
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
5/92
4
ACKNOWLEDGEMENTS ......................................................................................................................................... 1
THERE AIN'T NO SUCH THING AS A FREE LUNCH ...................................................................................................... 1
DISCLAIMER ......................................................................................................................................................... 1
ABOUT THE AUTHOR ............................................................................................................................................. 2
ABOUT THE REVIEWERS .......................................................................................................................................... 2
1 BEFORE YOU BEGIN .................................................................................................................................. 7
WHAT IS MICROSOFT LYNC 2013SERVER? ............................................................................................................ 7
WHY LYNC 2013MATTERS?.................................................................................................................................. 7
LOOKING AT LYNC 2013FROM THE CLIENT ........................................................................................................... 8
LOOKING AT LYNC 2013FROM THE SERVER ........................................................................................................ 13
ADOPTING LYNC:WHAT INEED AND HOW MUCH DOES IT COST ........................................................................ 14
EXTRA COSTS TO BE AWARE OF WITH LYNC 2013 ................................................................................................ 18
FINAL WORD ..................................................................................................................................................... 19
2 BUILDING YOUR LYNC 2013 LAB ........................................................................................................... 20
PLANNING A MINIMAL WORKING INFRASTRUCTURE................................................................................................ 20
INTERNAL LYNC SERVER SERVICES ONLY .............................................................................................................. 20
Try it now .................................................................................................................................................................. 21
LYNC SERVER AVAILABLE FOR EXTERNAL USERS .................................................................................................... 21
Try it now .................................................................................................................................................................. 22
EXCHANGE 2013AND SHAREPOINT 2013INTEGRATION...................................................................................... 22
ASSEMBLING THE REQUIRED SOFTWARE AND HARDWARE ....................................................................................... 23
Virtualization ........................................................................................................................................ 23
Acquiring the Required Resources ................................................................................................... 24
REALIZING THE DEPLOYMENT SCENARIOS ............................................................................................................. 25
Try it now .................................................................................................................................................................. 25
DEPLOYING THE LAB ........................................................................................................................................... 26
Domain controller ............................................................................................................................... 26
Try it now .................................................................................................................................................................. 27
Lync Server Front End ......................................................................................................................... 28
Office Web Apps Server .................................................................................................................... 28
Reverse Proxy ...................................................................................................................................... 28
Lync Edge ............................................................................................................................................ 28
Exchange and SharePoint ................................................................................................................. 28
LAB ................................................................................................................................................................... 29
3 MANAGING USERS WITH LYNC SERVER CONTROL PANEL .................................................................. 30
INTRODUCING LYNC ADMINISTRATION FROM THE CONTROL PANEL....................................................................... 30
CHOOSING BETWEEN THE CONTROL PANEL AND THE MANAGEMENT SHELL........................................................... 31
POLICIES AND POLICY SCOPES IN LYNC ADMINISTRATION..................................................................................... 32
ROLES IN LYNC ADMINISTRATION ......................................................................................................................... 34
Try It Now.................................................................................................................................................................. 34
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
6/92
5
ENABLING AND CONFIGURING USERS ................................................................................................................. 35
ENABLING A USER TO LYNC ................................................................................................................................. 36
Pool assignment .................................................................................................................................. 37
SIP URI configuration ........................................................................................................................... 38
Telephony options .............................................................................................................................. 40
Dial plan policy ................................................................................................................................... 41Voice policy ........................................................................................................................................ 43
Policy assignment ............................................................................................................................... 43
Try it Now .................................................................................................................................................................. 46
LAB ................................................................................................................................................................... 46
4 MANAGING CLIENTS, AND DEVICES WITH LYNC SERVER CONTROL PANEL ...................................... 48
SOFTWARE CLIENTS ............................................................................................................................................ 51
Try It Now.................................................................................................................................................................. 53
HARDWARE DEVICES .......................................................................................................................................... 54
MOBILITY ........................................................................................................................................................... 56SOME THINGS YOU HAVE TO DO OUTSIDE THE CONTROL PANEL .......................................................................... 58
Try It Now.................................................................................................................................................................. 60
LAB ................................................................................................................................................................... 60
5 MANAGING USERS WITH LYNC SERVER MANAGEMENT SHELL ........................................................... 62
ADMINISTERING USERS FROM THE MANAGEMENT SHELL ....................................................................................... 62
ENABLE OR DISABLE LYNC USERS ......................................................................................................................... 65
Try It Now.................................................................................................................................................................. 67
MOVING LYNC USERS BETWEEN DIFFERENT POOLS ............................................................................................... 67
HANDLING POLICIES FROM THE MANAGEMENT SHELL .......................................................................................... 69
LAB ................................................................................................................................................................... 73
6 FIREWALL REQUIREMENTS FOR LYNC SERVER 2013 .............................................................................. 74
PLANNING A LYNC DEPLOYMENT THE RIGHT WAY:TOOLS YOU WILL LOVE (PART 1) ............................................. 74
THE BASIC DIAGRAM OF A LYNC DEPLOYMENT WE WILL USE IN THE CHAPTER....................................................... 75
LYNC SERVER 2013:INTERNAL NETWORK ............................................................................................................ 76
Servers located in the LAN ................................................................................................................ 76
Servers located in the DMZ ................................................................................................................ 78
Try it now .................................................................................................................................................................. 80
INFRASTRUCTURE REQUIREMENTS .......................................................................................................................... 80
FIREWALL RULES REQUIRED FOR LYNC SERVER 2013 ............................................................................................. 816.1 NETWORK TRAFFIC FROM SERVERS IN THE DMZTO SERVERS IN THE INTERNAL NETWORK................................. 83
6.2 NETWORK TRAFFIC FROM THE SERVERS IN THE DMZTO THE EXTERNAL NETWORK........................................... 83
6.3 NETWORK TRAFFIC FROM THE EXTERNAL NETWORK TO THE SERVERS IN THE DMZ ........................................... 84
6.4 NETWORK TRAFFIC FROM THE SERVERS IN THE INTERNAL NETWORK TO THE SERVERS IN THE DMZ ..................... 86
6.5 NETWORK TRAFFIC RELATED TO LYNC CLIENTS IN THE INTERNAL NETWORK.................................................... 87
NOTES RELATED TO THE FIREWALL RULES REQUIRED FOR LYNC SERVER 2013 .......................................................... 88
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
7/92
6
VERIFYING A LYNC DEPLOYMENT IN THE RIGHT WAY:TOOLS YOU WILL LOVE (PART 2) .......................................... 89
VERIFYING A LYNC DEPLOYMENT IN THE RIGHT WAY:SOME HIGH-LEVEL DEBUGGING STEPS IF LYNC CLIENTS ON THE
EXTERNAL NETWORK ARE NOT WORKING ............................................................................................................ 90
LAB ................................................................................................................................................................... 90
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
8/92
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
9/92
8
decided to make Lync compatible with as many hardware products (dedicated to voice
and conferencing) as possible. A large number of coexistence scenarios with other
unified communication solutions is also available. Finally yet importantly, Lync has high
quality interfaces for administrators and users that are proving to be the strong point.
Looking At Lync 2013 from the Client
One of the best ways to get an idea of the capabilities of Lync is to open one of the
available clients, as I did in figure 1.1.
Figure 1.1 Full Lync 2013 client with presence indicators
As soon as a user logs into Lync, he uses the first feature of Lync called "rich presence".
Virtually all the people connected and enabled to our Lync infrastructure (colleagues,
employees of partner companies or business associates) display the rich presence
indicator as a status marker. Rich presence is like a simple traffic light with green,
yellow or red colors. It shows whether the person is able (and willing) to communicate
with us in a direct way (green indicator) rather than receive messages using a non-real-
time method (yellow or red indicator).
In the first situation, if you need to communicate with the other user, an instant
message or a call are a good solution, while you could prefer e-mail or invitations to a
scheduled meeting for a busy contact.
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
10/92
9
Rich presence status in Lync includes a set of information that allow the user to specify
the reason why he or she is not available. You can see the indicators summarized in the
following figure
Figure 1.2 a quick look at the presence status you can use in Lync client 1
Presence indicator of Lync are extended also to Exchange and SharePoint, so if we are
going to write a mail message or to organize a meeting, we know the presence status of
other users as you can see in figure 1.3
Figure 1.3 scheduling a meeting in Outlook for Lync enabled users. Some of them are busy at the moment
1Via an individual configuration, based on standard xml files, those presence indicators can be
enhanced with up to 4 additional, corporate based standards (see
http://technet.microsoft.com/en-us/library/gg398997.aspx)
http://technet.microsoft.com/en-us/library/gg398997.aspxhttp://technet.microsoft.com/en-us/library/gg398997.aspxhttp://technet.microsoft.com/en-us/library/gg398997.aspx -
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
11/92
10
Other Microsoft and 3rdparty vendor application, e.g. Microsoft Office, Dynamic CRM
or most of the web based application also support a native integration with Lync Client
API. This enables us to start a quick communication regardless what we are doing.
Figure 1.3a Contact in Microsoft Word
I just mentioned the possibility to see the presence status of contacts that are not part of
our company. That is achieved using a further feature, Lync federation. Federation is
the capability of two companies with a Lync infrastructure to extend functionalities (IM
but also conferencing and voice) to each other if they establish a trust relationship. The
federation feature has been improved recently to include Skype users. Lync 2013 canfederate also with non-Microsoft services based on XMPP. You can see an example of
Lync users shown inside a Skype client in figure 1.4
Figure 1.4 Lync users are available in Skype if their company is using federation
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
12/92
11
Instant Messaging(including the ability to exchange files between users) and the
direct video conferencebetween two users are an experience similar to what you
may have already seen in other systems like Skype. One feature often not available in
other UC systems is the capability to use a web interface (the Lync Web App)to
enable people with no Lync client installed on their workstation to participate in ameeting. In figure 1.5 you can see the logon screen for the Web App
Figure 1.5 the Lync Web App plug-in is required if you want all the meeting features
Lync 2013 Web App comprises all the possibilities, including participation in audio and
video (in Lync 2010 it was limited to IM). This tool broadens the participation to those
who are working on a temporary workplace. External users using the Web App are able
to take part to a Lync meeting with an interface they are familiar with (as you can see in
figure 1.6)
Figure 1.6 a Lync meeting seen from the Lync Web App. Voice and video are available in the browser
Lync 2013 for Mobile clients is another tool that will expand your Lync user base. It
is available for Windows Phone, iPhone, iPad and Android. As you can see in the next
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
13/92
12
figure, the mobile client includes almost all of the features comprised in full client,
including video conferencing and VOIP functions.
Figure 1.7 doing a video call from a Windows Phone is no longer a big problem
The quality of this new mobile client is a major asset of Lync 2013, and it is very popular
with top management in the companies.
A series of plug-ins and third party packages exists to optimize the Lync client in a
virtualized working place (including bothvirtual desktopsand remote desktop
services).
Lync includes a feature known as persistent chatthat lets you create rooms. Rooms
are a way to categorize IM messages and preserve them. Anytime a user needs to read or
update a conversation, it is available on the server.
To complete this quick overview of the client side of Lync, I have to talk about the
enterprise voicefeatures. Lync can replace seamlessly an IP PBX and provide all kind
of service you can expect from a VOIP solution. It is also easy to integrate with pre-
existing solutions (such as the Cisco CUCM). Extending the voice functionalities to users
connecting from an external network requires only the Lync client we have already seen
Available Mobile Clients are:
Windows Phone 7.x(Lync 2010)Windows Phone 8 (Lync 2013)
Windows App(Lync 2013 App)
iPhone
iPAD
Android
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
14/92
13
Lync server 2013 supports also hardware desk phones like the ones you see in figure 1.8
Figure 1.8 some desk phones you can use with Lync Enterprise Voice
Adding support for more traditional-looking devices like the aforementioned ones, Lync
give to the users the capability to choose between these telephones and headsetsconnected directly to the computer (a more practical choice especially for mobile users).
Looking At Lync 2013 from the Server
Often, as a Lync administrator, you will see the infrastructure and features from the
server point of view. There are many tools to help you managing or debugging a Lync
deployment but the two main instruments, the ones you will use for day-by-day tasks,
are the administrative graphical interface of Lync (Lync Server Control Panel) and
the administrative command line (Lync Server Management Shell) based on
PowerShell.
You can see both of them in figure 1.9
Figure 1.9 the Control Panel and the Management Shell side by side
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
15/92
14
The Control Panel is the tool you can use for around 80% of all the administrative tasks.
The remaining 20% is available only in the Management Shell (that includes also all the
features you have in the Control Panel).
Adopting Lync: What I Need and How Much Does It Cost
Lync clearly distinguishes between two editions (Standard andEnterprise). The
basic server license costs the same in the two versions. However, the kind of edition you
will use has an impact on the available continuity features and on the number of
required servers.
To understand the aforementioned differences, it is required to explain also Lync server
roles.
Roles:
Every role grants to the infrastructure one or more Lync features Roles can be held by one or more Lync server at the same time
Roles make the architecture of Lync Server 2013 highly scalable. A deployment in a
small business with no external users can consist of a single standard edition server,
with the role of Lync Front End.This is because the Lync Front End is the
fundamental role, and runs a great part of the basic Lync Server functions.
Adding to the scenario an Active Directory server (Directory Servicesare required forLync) and a server with Office Web Appsinstalled (this is required for PowerPoint
presentations inside a Lync meeting) we have the fully functional (internal) Lync
deployment you can see in figure 1.10
Figure 1.10 a minimal infrastructure that will grant Lync features to our internal user
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
16/92
15
Users are homed on a Front End and their capability to work with Lync depends on
the availability of this role or of a server able to replace their home server in case of
errors.
The solution based on standard edition is interesting, especially to keep the costs as low
as possible.
It requires no additional licenses outside a single standard edition of Lync and does not
use an external database, as is the case for the enterprise edition. This kind of solution,
based on a single box, has its limits. Lync standard edition cannot guaranteehigh
availability. There is, as you will see, a method to pair two Front End server to grant
resiliencybut this is not automatic and requires operations by the Lync administrator.
The enterprise edition deployment is more expensive and complex. At least two Lync
Front End servers are required to create a Pool. It also requires the deployment of a
load balancer. This is required due to session persistence for http/ https.
A pool is a group of servers with identical configuration that provide high availability. In
a pool Lync features will be available even if one server goes offline. The functional
databases of Lync arent cohosted on the Front End (as it was for the standard edition)
but are active on an external SQL server. If we need also database continuity, we are
able to use the SQL mirroring mechanism. Clustered SQL installation is supported too,
but you have to keep in mind that this kind of high availability is focused on the SQL
server itself and does not give the additional continuity to the database that we have
with mirroring.In Lync high availability of the server roles requires the deployment of pools.
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
17/92
16
In figure 1.11 you can see a plan for a Lync deployment with an enterprise edition Front
End pool.
Figure 1.11 a plan for a Lync deployment including a pool for Front End high availability
Office Web Apps is not a Lync role, so if you need it in high availability you have to use
its mechanism that is deploying a farm.
The cost of this solution derive from:
From licenses for Lync enterprise edition servers
From SQL server licenses, needed to create the Lync database infrastructure,called Back End.
Note: SQL 2012 Licensing Guide states that, if the second SQL server is used only as
a passive copy, you need only a single SQL license (the one for the first server)
http://download.microsoft.com/download/7/3/C/73CAD4E0-D0B5-4BE5-AB49-
D5B886A5AE00/SQL_Server_2012_Licensing_Reference_Guide.pdf
Usually the next step after the installation of services for the internal network is the
exposure of the Lync features to external users.
To achieve the aforementioned result you are required to deploy a Lync Edgeserver
and a reverse proxy.
The Lync Edge server is a Lync role installed on a standalone machine, typically located
in a perimeter network and not added to the Active Directory domain. Lync edge makes
audio, video and conferencing services of available to the external users in a secure
http://download.microsoft.com/download/7/3/C/73CAD4E0-D0B5-4BE5-AB49-D5B886A5AE00/SQL_Server_2012_Licensing_Reference_Guide.pdfhttp://download.microsoft.com/download/7/3/C/73CAD4E0-D0B5-4BE5-AB49-D5B886A5AE00/SQL_Server_2012_Licensing_Reference_Guide.pdfhttp://download.microsoft.com/download/7/3/C/73CAD4E0-D0B5-4BE5-AB49-D5B886A5AE00/SQL_Server_2012_Licensing_Reference_Guide.pdfhttp://download.microsoft.com/download/7/3/C/73CAD4E0-D0B5-4BE5-AB49-D5B886A5AE00/SQL_Server_2012_Licensing_Reference_Guide.pdfhttp://download.microsoft.com/download/7/3/C/73CAD4E0-D0B5-4BE5-AB49-D5B886A5AE00/SQL_Server_2012_Licensing_Reference_Guide.pdf -
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
18/92
17
manner, acting like a man in the middle that receive requests from the Internet and
forwards them to the Lync Front End. There is no direct connection between the user
and the Lync servers on the internal network.
A reverse proxy is similar to a Lync edge, but it exposes safely theweb functionalities
(like the Web App, Address Book or Simple URLs) of the Front End, placing itself in themiddle between the client and the target server.
A reverse Proxy solution could be Microsoft TMG, Microsoft IIS ARR, Microsoft Web
Application Proxy (2012 R2) or any other supported firewall.
In figure 1.12 , you can see a schema including the servers required for external users
access.
Figure 1.12 schema with a perimeter network and the servers required for external user access
Adding the Lync edge and a reverse proxy does not require additional costs, because
edge requires no license and there are many free solutions to deploy reverse proxy
functionalities.
Talking about Lync roles there are some of them that I have not mentioned yet:
Monitoringis a role dedicated to the registration of quality parameters and to the
related reporting.
Archivingrole saves the contents of IM communications for legal and compliance
requirements and archives IM, Conferencing and Persistent Chat.
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
19/92
18
In Lync 2013 server monitoring and archiving role are always collocated on the Front
End. The decision to make is whether these roles are required. Monitoring is very useful
for troubleshooting and gains additional value if you use the enterprise voice. The
presence of archiving is related only to legal constraints.
Persistent Chatis a role that enables the creation of IM chat rooms. You will be ableto create thematic areas and the room are persistent. A user can re-read the
conversation or add something at any time. A function like this makes sense, for
example, to create a corporate knowledge base. Persistent chat can be collocated on a
standard edition Front End or deployed as a dedicated server (or pool).
Mediation serveris required to operate the enterprise voice (it manages the
"signaling" data stream). In Lync 2013, the hardware requirements have been reduced
due to the presence of the media bypass (which will be discussed in the chapters devoted
to the implementation of voice). This innovation allows collocating the mediation as arole on a Lync Front End. The possibility of creating a server or a pool of mediation is
still available.
Directoris a role that manages user authentication before they connect directly with
Lync Front End. In Lync server 2013 this role is not really useful. It could provide an
additional layer of security but director adds (also) a potential critical point.
Extra Costs to Be Aware of with Lync 2013
During the previous explanation, I have not mentioned some costs that have their
importance in the design of a Lync solution. The first aspect to consider is the cost of the
base operating systemson which we will install Lync and the required additional
servers (Office Web Apps and reverse proxy). Lync supports installation on a virtual
environment, so we could use the virtualization rights of Windows to reduce costs (for
example, the Datacenter edition of Windows 2012 allows you to install unlimited virtual
machines on a single physical host). Nevertheless, a complex structure, such as the one
with a Front End pool, will also require a significant expense for the base operating
systems.
The second aspect is the cost of client licenses. Lync requires a CAL (Client Access
License) for each user or machine that logs on to the server. CALs are of three types and
each one is entitled to the use of a part of the features. Access to premium functionality
is determined by adoption of the Standard CALand then you have to add
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
20/92
19
supplemental CALS, an Enterprise CALand, for some additional features, a third
license called Plus CAL(you may think to Enterprise CAL and Plus CAL as
supplemental to the Standard CAL).
Standard CAL: offers IM (Instant Messaging) and Presence, as well as PC-PCaudio and video communication
Enterprise CAL: the user can use multi-party Lync meetings (including GalleryView, a feature allowing up to five active video streams to be displayed at once)
and PSTN conferencing dial-out..
Plus CAL: enables enterprise voice capabilities
The Lync 2013 client software can lead to a further increase in costs. The full Lync 2013
client for desktop is available as part of Office 2103 Plus or as a standalone application
under an Enterprise Agreement contract, so we'll have to consider the cost of this
package. The free alternative (Basic client for Lync 2013) has some limitations, for
example the Lync enterprise voice features are scaled down for such a client. It is also
possible to keep on using the pre-existing Lync 2010 clients but, however, the choice of a
client solution requires a proper assessment of the costs.
Note: Lync CALs:are additive, so possible combinations under the licensing agreement
only are:
Standard CAL Standard CAL + Enterprise CAL or Standard CAL + Plus CAL Standard CAL + Enterprise CAL + Plus CAL
Final Word
This brief overview has introduced concepts that you will see in detail throughout the
book. Many of the ideas presented here will make a greater sense when viewed in their
context, then I invite you to start with the first main chapter, Building your Lync 2013
Lab.
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
21/92
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
22/92
21
With the three servers above, you have a working Lync environment. It is a good idea to
add a virtualized client to test the behavior of a Lync user inside and outside the domain.
Your lab should look like the one in the next figure
Figure 2.1 the basic lab environment
With the above deployment (and adding a DHCP server on your domain controller) you
could even test a Lync phone edition.
Try it now
Are you able to install Lync Front End with no Office Web Apps server available? What
are the consequences?
Lync Server Available for External Users
If you want to test also the external user access, you have to add a Lync Edge and a
software or hardware to reverse proxy Lync Front End services (for example IIS or
Forefront TMG). An additional requirement will be to simulate the most common
scenario, a DMZ network between the Internet and your internal network. You could
achieve the result with a schema like the one in the next image using Forefront TMG as
a three legged firewall, configuring RRAS on a virtual Windows server or using a
hardware to simulate the network topology.
NOTE:
Under all circumstances, if you deploy Lync Edge Server in a real, fully supported
environment, you MUST ensure that each Edge Server is deployed with TWO network
interfaces , one for internal and the other for external access!
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
23/92
22
Figure 2.2 lab environment with three simulated networks
Try it now
Accepting to work in an unsupported scenario to limit the number of servers required,
are you able to deploy Lync for the external users with no reverse proxy? Is it possible to
achieve the result without the Lync Edge server?
Exchange 2013 and SharePoint 2013 Integration
Exchange and SharePoint add a lot of interesting features to Lync (Unified contact store
and high resolution images from Exchange 2013, skill based search with SharePoint
2013). With Exchange you should consider also the Unified Messaging feature to
integrate voice mail and other voice services. Also, to explore the integration between
Lync and Outlook you will need to mail enable your Lync users with an Exchange
mailbox. The lab at this point is not easy to deploy and manage as the ones we have seen
before
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
24/92
23
Figure 91630_2_3 lab environment with Exchange and SharePoint deployed
Assembling the required software and hardware
So, we are going to build working lab environments. One driver is (usually) keeping a
low cost (in terms of space, money and time required). Which are the resources we needto save the much? What we are able to keep on a virtual environment and what we need
to install on a dedicated hardware?
Virtualization
Lets start from the last of the aforementioned aspects: Lync 2013 enables virtualization
of all the Lync roles. Also, almost everything in the infrastructure that will support you
deployment or add features (domain controllers, mail servers and so on) is virtualizable
too. This is really important and will help you obtaining the first objective (learning
Lync with the least effort) and adds the support for snapshots, so you are able to test
configurations and rollback with a simple command. If you have access to a SIP trunk
(or you can simulate it, for example with a second Lync deployment or an alternative
voice solution like Asterisk) you are able to learn a lot of things about Lync Enterprise
Voice with no required dedicated hardware. If you are able to buy a Lync desk phone
and a switch you are able to explore also the management of telephony hardware with
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
25/92
24
Lync. So, what you will miss with such a solution? Well, what you cannot expect is the
working knowledge on how to configure third party voice gateways, IP PBX and so on.
That is something important that you will have to learn (probably) on the field, hoping
that the vendor documentation is as good as possible.
Acquiring the Required Resources
First lets examine the single resources you will need. After the next paragraph (in which
you will see the different deployment scenarios) I will try to propose best way to
obtaining them.
RAM(memory): it is a costly asset to attain. On laptops and desktops the maximum
memory you are able to use is limited by the hardware, and a really good motherboard
could use up to a maximum of 32 Gb (but you have to consider the costs of the memory
modules too).So one of your focus will be on creating the required infrastructure usingthe less memory possible. A limit here is usability because often you are able to keep
some servers up and running with few Mb of RAM but their performances will be so bad
that they will be like unusable. Virtualization can be of help supporting dynamic
memory but required memory is often a bottleneck anyway.
Hard disks: usually allocating disk space to the servers is fast and cheap (especially if
we are talking about a virtualized deployment). Disk performances may create an issue.
The more virtual machines you put on a single disk physical, the slower they will work.
Again, the solution here could be adding disks (easier on a desktop), to distribute the
files of the virtual servers on external disks or using SSD disks (costly).
CPU: this is a resource that usually overpowers the requirements. If you have a good
x64 processor with multiple cores and hyper threading enabled, that is something you
dont have to worry about.
Networking: if you want to try also the access for external users you will have to
simulate an Internet network and an internal one (with your edge server and reverse
proxy acting as an entry point to your Lync deployment). You could use an hardware
(SOHO firewalls and routers are really cheap) or a software (a virtualized Windows
server system with routing and remote access enables)
SSL Certificates: in a test environment you could use an internal C.A. to create and
distribute your certificates. Keep in mind that in a real world scenario a third party C.A.
is the easiest way to expand Lync services to external users and to avoid headaches and
problems.
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
26/92
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
27/92
26
Deploying the lab
Starting with the Internal Lync Server Services Only scenario you have to deploy:
A domain controller A Lync Front End (Standard Edition) An Office Web Apps Server
Domain controller
Lync will use the following servers as a base infrastructure:
Active Directory DNS Certification Authority
Lync interacts with Active Directory to build up the infrastructure, modify the schema,
the forest and the domains so that new classes and attributes are created. One of the
boundaries is that you can have only one Lync organization for every forest. It is
required to have at least a Windows 2003 level for the forest and for the domains.
DNS: Lync requires the capability to resolve all the names involved in the
infrastructure, including both the ones associated with the internal domain and the onesrelated to the public name (or names) of our company. The latter are usually defined SIP
domains for a company (Session Initiation Protocol or SIP is the protocol used to
initiate or terminate live communication sessions). That makes sense because your
users will log into Lync always with the same SIP address (or by using their mail
address) regardless of their location (tablet outside our company, desktop joined to the
domain and so on). So the internal DNS must be able to resolve the public names of
your domain AND must be able to route the requests to network addresses that are
inside our network. To achieve this result two solutions are available: split DNS (that is
hosting a fake public zone on the internal DNS) or to use PinPoint zones, that enablesyou to point single public names to internal IPs, without the need to manage the whole
internal copy of the public zone that is typical of the split brain scenarios.
To create a PinPoint zone (for a example for meet.lync2013.org to point to
192.168.1.100), you can use the following commands from a command prompt on the
DNS server.
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
28/92
27
dnscmd . /zoneadd meet.lync2013.org. /dsprimary
dnscmd . /recordadd meet.lync2013.org. @ A 192.168.1.100
In the next image you can see the messages resulting from the dnscmd commands
Figure 2.4 successfully pinpointing the meet record for the Lync Front End
Note: if you try the aforementioned commands from PowerShell, only the first one will
succeed.
Note: Regardless, of the kind of DNS records that you will use, it is important to fully
understand the impact you create for the Lync Clients. Lync Client use a given
procedure to identify their Lync Server, based on the users SIP Domain(@domain.com). The process is based on SRV DNS records. For our Test Lab, we will
not go into more detail.
Certification Authority: the whole Lync system is secure by design and communication
travels only in a secure from. That is why certificates are really important in Lync (base
services will not event start if there is an issue with certificates). For a test environment
the C.A. installed on the domain controller is all we need to create internally the
certificates required for internal and Internet connected servers.
Try it nowPinpointing can be done from the graphical interface too. Try it and evaluate what
method best fits for you
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
29/92
28
Lync Server Front End
Talking about the lab deployment what I suggest is to install Lync Standard Edition, and
collocate the Monitoring role, the Group Chat role and the Mediation server.
Note: to collocate the Monitoring role, you need to deploy also the monitoring reports. The whole process is well
described on the Matt Landis bloghttp://windowspbx.blogspot.it/2012/07/aaa-donotpost-install-lync-
standard.html
Office Web Apps Server
The installation is well described on the TechNet article Deploy Office Web Apps Server
http://technet.microsoft.com/en-us/library/jj219455.aspx. Only warning here is to select
and remember the internal and public name of the server, because they will be required
for certificates and for Lync Topology building.
You have additional requirements for the second scenario Lync Server Available for
External Users
Reverse Proxy
Microsoft does not suggest a specific solution for the Lync 2013 publishing process.
With TMG on the road toward the end of life, a viable solution is to use IIS as a reverse
proxy. Such a solution is outlined on the NextHop blog Using IIS ARR as a Reverse
Proxy for Lync Server 2013
http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-
proxy-for-lync-server-2013.aspx
Lync Edge
Lync Edge installation ill be discussed in chapter 25. In a test environment I suggest to
use the hosts file on the edge server to resolve the names of the internal Lync
infrastructure.
Exchange and SharePoint
The setup of Exchange and SharePoint is tied to the version of the aforementioned
servers you are going to deploy. Lync is able to integrate with Exchange 2007, 2010 and
2013. SharePoint is supported if the selected release is 2010 or 2013.
Some hints here:
http://windowspbx.blogspot.it/2012/07/aaa-donotpost-install-lync-standard.htmlhttp://windowspbx.blogspot.it/2012/07/aaa-donotpost-install-lync-standard.htmlhttp://windowspbx.blogspot.it/2012/07/aaa-donotpost-install-lync-standard.htmlhttp://technet.microsoft.com/en-us/library/jj219455.aspxhttp://technet.microsoft.com/en-us/library/jj219455.aspxhttp://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspxhttp://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspxhttp://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspxhttp://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspxhttp://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspxhttp://technet.microsoft.com/en-us/library/jj219455.aspxhttp://windowspbx.blogspot.it/2012/07/aaa-donotpost-install-lync-standard.htmlhttp://windowspbx.blogspot.it/2012/07/aaa-donotpost-install-lync-standard.html -
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
30/92
29
In Exchange 2013 there is no UM role:
The functionality is into the Mailbox server role. Client Access server role provides the UM Call Router service Server-to-server authentication and authorization, OAuth(Open Authorization)
is a protocol required by Lync Server 2013, Exchange 2013 and Microsoft
SharePoint Server User credentials and passwords are not transmitted from one
computer to another (OAuth is based on the exchange of security tokens) Tokens
grant access to a specific set of resources for a specific amount of time
Lab
The configuration of OAuth can be started from Lync 2013 Assigning a Server-to-
Server Authentication Certificate to Microsoft Lync Server 2013
http://technet.microsoft.com/en-us/library/jj205253.aspxor from Exchange 2013Integrating Exchange 2013 + Lync 2013 for UCS & OWA integrationhttp://memphistech.net/?p=280
Try both the methods and evaluate pros and cons of the different approaches.
http://technet.microsoft.com/en-us/library/jj205253.aspxhttp://technet.microsoft.com/en-us/library/jj205253.aspxhttp://memphistech.net/?p=280http://memphistech.net/?p=280http://memphistech.net/?p=280http://technet.microsoft.com/en-us/library/jj205253.aspx -
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
31/92
30
3 Managing users with
Lync Server Control PanelThe Lync Control Panel is the first administrative tool youll head to after the Lync
installation is complete. Around 80-90% of all the administrative tasks can be managed
with this graphical interface (the remaining operations will be limited to the Lync Server
Management Shell that I will explain starting from chapter 5).
This chapter is ideally split in two base topics:
An high level overview of the Control Panel and of some fundamental concepts ofLync administration (policies, policy scopes and administrative roles)
A complete explanation of the user configuration parameters available in theControl Panel, including pool assignment, SIP URI configuration, telephony
options and policy assignment
Introducing Lync Administration from the Control Panel
If you are not a PowerShell expert and if your Lync deployment does not require
frequent troubleshooting, the Control Panel is the tool you will use more often in the dayby day administration of Lync.
The first operation you will usually perform in the Control Panel (and the one that is
suggested by default) is to enable users to Lync. The aforementioned operation may
sound logical if we ignore one basic fact: the configuration your user will receive is based
for a large part on Lync policies and rules while his / her Enterprise Voice configuration
will depend largely on the dial plans and voice routes you will deploy in your company.
So the unspoken assumption here is that before enabling the first user you should have
all the required settings already in place and the planning for voice, workload balancing
and so on done by this time.
My personal experience says that usually (for a lot of good reasons) you will have to
enable users to Lync and later modify the user settings accordingly to the configurations
you will deploy in a second moment.
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
32/92
31
So lets examine some of the steps you need to take if youre going to enable our users
(Patricia Johnson, Peter Duggan and Julie Penny) to Lync keeping in mind their
different needs. Summarizing what we said about here in the 1stChapter, they will
Enterprise Voice (for Julie with the external access prefix configured, for Peter with
delegation), mobility, conferencing (with gallery view feature for Patricia) andfederation with an XMPP external provider (again for Patricia).
Choosing Between the Control Panel and the Management Shell
A decision you need to make before you begin the actual work is about what tool you will
use. As I said at the beginning of the chapter, Lync 2013 enables management from a
graphical interface (Lync Server Control Panel) and a command line (Lync Server
Management Shell). Managing with a GUI is easier, but for example, if you are going to
enable a large number of users with a batch modification, the best tool it the
Management Shell.
The Control Panel may be confusing because you will have all the administrative
interfaces available, including ones related to features that you have still not deployed
(and ones that you will never use). Looking at the next image, for example, you see the
Persistent Chat tab in the Control Panel of a Lync deployment that does not have
persistent chat enabled.
Figure 3.1 The Home screen of the Control Panel
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
33/92
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
34/92
33
The policy will apply to all the Lync infrastructure (see figure 3.2)
Figure 3.2 a global policy with delegation not enabled
Few Lync users like Peter Duggan (that will delegate to Julie Penny) will have access to
the aforementioned feature. To create an exception to the rule you will create an
additional Voice Policy (with scope = user) and then you will be able to apply it to the
requiring users. We are going to define a new voice policy to respond to this need in
figure 3.3
Figure 3.3 selecting the scope to create policies that will be applied to specific users
If you had a branch office with a lot of users in need of the delegation feature, you could
have used the third scope (site) that applies to all the users in a specific Lync site. The
more specific policy overrides the others to allow a granular management (i.e.
conflicting parameters will be resolved by the User policy overriding the Site policy
and the site policy replacing the Global policy parameters).
As a consequence, the network aspect of your deployment will influence your Lync
administration; this is obvious because if you have a single site, you will lose a level of
flexibility when managing your policies.
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
35/92
34
Roles in Lync Administration
Role Based Access Control (RBAC) is the permissions model used in Lync 2013. During
the forest and domain preparation that is mandatory for the deployment of Lync, some
universal groups are created and permissions are assigned to them.
The aforementioned groups are the base of RBAC and enable you to control what
administrators and end-users can do. The division between Lync roles and other
administrative tasks (like Directory Services administration) is so net that just after the
domain preparation you have to insert at least one user in theCsAdministrator
group, to define the first administrator of Lync 2013.
Each RBAC role is associated with a set of Lync Server Management Shell cmdlets
corresponding to the tasks that can be carried out by users the users in a specific group.
Lets try to imagine a scenario: Lync2013.Org wantsto delegate to a group of operators
the monitoring of Lync health. The only operation that the Lync administrator will need
to perform is to insert their users in the CsViewOnlyAdministrator group (the tool
to use isActive Directory Users and Computers, there is no way from Lync to
perform this task)
Try It Now
We said that the groups have a limited subset of cmdlets available. To verify what
commands every group is able to perform you can use the following string in the Lync
Management Shell
Staying with the aforementioned example, you can launch the following line
GET-CSADMINROLE -IDENTITY "CSVIEWONLYADMINISTRATOR"|SELECT-OBJECT -EXPANDPROPERTY
CMDLETS
The result will show a list of the cmdlets related to the CsViewOnlyAdministrator group.
You can try the same command with CsAdministrator and see the differences.
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
36/92
35
Enabling And Configuring Users
In figure 3.4 I have divided the New Lync Server Userscreen into four zones:
Pool assignment SIP URI configuration Telephony options Policy assignment
I will use the aforementioned division to separate the different tasks related to user
parameters that you have at your disposal to configure your users (later in the chapter,
we will do the same thing for clients and devices).
Figure 3.4 The New LyncServer User page with the options divided into four zones
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
37/92
36
Enabling a User to Lync
Lets take a look to a standard process to enable to Lync one our users, Patricia Johnson.
We want to give her a Lync user that matches with her mail address, to assign her to theLync pool that is located in the companys headquarter and to give her a phone number
that is directly reachable from the public telephony system 1(555)555-5555.
She will use the Lync capability to view multiple video streams in a single conference
(gallery view) and she required to simplify her access to public IM services like
Jabber.Org (at the moment she has many different accounts on the various systems).
Patricia and her colleagues have used for many years a PBX that required dial 9 before
you were able to compose an external number. We want to accommodate also this
dialing habit.
We can start from the Control Panel, Userstab and select Enable Users
Figure 3.5 Starting with the enabling process
In the next screen selectAdd
Figure 3.6 The New Lync Server User screen
In the Select From Active Directoryscreen you are able to search the user with a
search or you can simply press the Findbutton and have a list of all the Active Directory
users not enabled to Lync. Select Patricia Johnson.
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
38/92
37
Figure 3.7 Starting with the enabling process
Pool assignment
Several parameters are already set to automatic, meaning that the Global policy will
apply as long as we do not decide otherwise. The first area is used to decide which pool
will host the user account (Patricia Johnson) as you can see in the following screen
capture (figure 3.8). The information related to the pool in which the user is homed
are shown in the first part of the menu and are important, for example, if we need tomove our users from one server to another one in case of a disaster recovery.
Figure 3.8 Assigning the user to a Standard Edition server
In Lync 2013 the so called Front End pool is in charge of a great part of base Lync
functionalities including authentication and registration. A Front End pool could be
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
39/92
38
constituted by a single Lync Standard edition server or by a group of Lync Enterprise
edition servers (the suggested minimum is two servers for an Enterprise pool).
Every user enabled to Lync must be homed on a pool. If the pool contains more than one
server, every person connecting to Lync will have a defined registration order (that is
build and updated using an algorithm) containing a primary server, a secondary serverand so on. The aforementioned mechanism balances the users on the pool nodes and
gives continuity if one or more of the servers fails. If you have a geographical network
with different Lync sites, the standard scenario is to have users homed on a pool that is
on their local network, although this is not mandatory.
With the so called brick logic implemented in Lync 2013, we have an additional
continuity feature (Front End pairing). If you have two separate pools, you are able to
failover and failback the accounts from one Front End pool to another. This is not the
same continuity level that you have with a single enterprise pool because you will haveto manually fail users form one Standard edition server to the other one. However this
method supports continuity (not high availability) because data are replicated in a way
that permits the user to be moved with no information lost.
SIP URI configuration
Patricia Johnson has a mail address on our companys Exchange system
([email protected] ). She will be more comfortable if you enable her to use thesame address to access also the Lync services( afeature calledunified communication).
Customers and partners will expect to contact her via Lync / Skype federation using the
same mail address (reported also on his business card). A second reference, different
from the aforementioned address, could be confusing.
As you know, Lync uses Session Initiation Protocol (SIP) as the signaling protocol. To
citate the RFC 3261 SIP is an application-layer control protocol that can establish,
modify, and terminate multimedia sessions (conferences) such as Internet telephony
calls. SIP can also invite participants to already existing sessions.
SIP URI is the SIP addressing schema to call another person. In other words, a SIP URI
is the software version of a traditional phone number based on the SIP protocol.
Each resource in an SIP network needs a unique URI (uniform resource identifier) and
Lync is no exception. The second zone, SIP URI Configuration iswhere you can
mailto:[email protected]:[email protected]:[email protected]:[email protected] -
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
40/92
39
configure an SIP address for your user that must be unique in the Lync structure and
should be as easy as possible to remember for both internal and external users.
Figure 3.9 The SIP options available for every user
The available choices for the SIP URI depend heavily on the choices you make in the
Lync Topology Builder. When you design (and publish) your Lync infrastructure, you
are required to list all the SIP domains that your deployment will manage.
In figure 3.10 you can see the configuration related to the default SIP domain and to the
additional ones you are able to add. SIP URI containing domains that are not existing
here are not configurable in Lync Server 2013.
Figure 3.10 Adding or removing SIP domains requires modifications to the topology
If one of the SIP domains is also a public mail domain for the company, the Use usersemail address option should be your first choice.
The option to use the UPN (user principal name) has been widely used, but if your
Active Directory domain uses an internal name, the limits on the third party certificates
that will be effective on November 2015 make this option less convenient than it was in
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
41/92
40
the past. The remaining options add flexibility to give you the possibility to use a SIP
URI naming scheme that matches your companys needs.
Telephony options
In the third zone, telephony options, four settings are available in the first drop-down
menu as you can see in figure 3.11.
Figure 3.11 the Telephony drop-down menu
Audio/video disabledimplies that the user cannot make calls with audio and video
and is limited to Presence and IM only
PC-to-PC the user can make only PC-to-PC audio or video calls.
Enterprise Voice enables the user to take incoming and place outgoing voice calls
(this feature requires a specific Client Access License that you will need to buy in
addition to the server license, as I will explain later in the chapter). Remote call control
has two different settings
Remote call controlenables the user to remote call control. There are two option,
Remote call controlandRemote call control only. If RCC only is chosen, the PC-to-PC
call feature is disabled.
All parameters (excluding Audio/video disabled) require a Line URI (the telephone
number of the user).
Patricia requires full Enterprise Voice features and a number reachable from the public
telephonic system, 1(555)555-5555.
The first parameter we need is a Line URI. We said that Lync is based on the SIP
protocol, so you have to format it according to the ITU-T recommendation E. 164
(tel:+15555555555).
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
42/92
41
Such a format includes a country code, an area code, and a local user number and it is
required to put Lync server 2013 in a position to talk (also) with thePublic switched
telephone network(PSTN) and with the outside world in general. Enterprise voice
will be explained in greater detail later in the book.
The aforementioned number may be directly reachable from outside the company (thisis called DID, Direct Inward Dialing) or may be an internal number that requires calling
a main number. In the latter scenario, we have support for an additional parameter, ext.
The Line URI will look like the one in the figure 3.12, where the extension is 5555.
Figure 3.12 Configuring a user DID with extension
Dial plan policy
The Dial plan policy and the Voice policy will add some parameters we need to manage
an Enterprise Voice user.
The Dial plan policy resolves a common issue: you need to normalize the numbers (for
example, the ones that a user dials) so that they are transmitted to the voice gateways or
SIP trunks in E. 164 format. A Dial plan contains one or more normalization rules that
you can apply to a site, a pool, a user, or to the whole Lync system (the default Global
policy).
Normalization rules are created using regular expressions such as $ match the end (a
topic we will explore in the Enterprise Voice part of the book).
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
43/92
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
44/92
43
Voice policy
Voice policies are made up from two parts: features (that you can enable or disable)
and PSTN Usage records, as shown in figure 3.14
Figure 3.14 Editing a Voice policy
The previous screen capture shows the default configuration for a voice policy. For our
user we will enable also the call park feature (that is, the capability to leave a call
waiting and pick it up from another phone). The PSTN records are labels that we use
to group rules needed to manage call costs and voice routing. Well talk more about
Enterprise Voice in the third part of the book.
Earlier, we mentioned Lync CALs. Lync licensing is honor-based, so there is no control
or limit on the features you are able to use even if you havent acquired the necessary
licenses and you have no dedicated screen or configuration to add or remove licenses.
The only way you have to keep control over the number of required licenses is with the
policies you assign to Lync users, adding or removing features.
Policy assignment
We said that Patricia will use a feature called Gallery view. This is a new conferencing
layout that features up to five active video streams at the same time. The Allow multiple
video streams parameter (enabled by default and introduced for the first time in Lync
2013) can be disabled in situations where we need to inhibit access to a conference that
uses Gallery view. This is something we have to enable using a policy (that is, by working
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
45/92
44
in the last area of the Control Panel). The parameters are set in the screen you see in
figure 3.15 (in the Conferencing tab, editing the conferencing policy).
Figure 3.15 Editing the global conferencing policy to enable multiple video streams
Patricia Johnson keeps in touch with a large number of customers of our company and
she is often required to meet them on public IM services like jabber.org . You want to
make it easy for her to connect with the aforementioned external services using her Lync
account (and replacing with the latter a long list of accounts she uses on the various
platforms). You can achieve the result configuring a federation based on XMPP. I will
explain the details later, but basically what you need to do is to configure the policy in
the Federation and External Accesstab, editing the External Access Policyasshown in figure 3.16
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
46/92
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
47/92
46
ExternalAccesspolicyYou can configure which public systems (including XMPP
federated partners) or external users can collaborate with internal users.
ArchivingpolicyArchiving enables your company to keep a record of IM
conversations involving your Lync users. The aforementioned feature could be required
for legal reasons and could be turned on only for specific users, with a dedicated policyapplied to the people you need to track.
LocationpolicyLocation policy contains the E9-1-1 settings.
MobilitypolicyThe features you can control from here are related principally to the
Lync 2013 clients for mobile devices, e.g. Wifi Connection requirement for Video Calls
from those devices.
Persistent Chat policyThe parameters you can modify here are related to the
persistent chat service.
Client policyThe client policy dictates which client features will be available for the
user.
As youve seen, even the configuration of a user that doesnt have particularlycomplex
requirements involves several steps. A users policies and configuration (especially
projected on a large scale) have a deep impact on costs and on the performance of your
system and are not to be undervalued.
Try it Now
Move a user from one Lync pool to another and to disable their conferencing policies
using the Control Panel.
Lab
NOTE For this lab, youll need your domain controller and a Lync Front End up and running.
Proceed to enable a new users in Lync Delegate to this user the capability to enable and disable users for Lync Server Launch the Lync Control Panel whit the aforementioned user and enable two new
users to Lync
Define their policies so that one of them is enabled only to IM while the other oneis an Enterprise Voice user
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
48/92
47
For the latter, configure a dial policy that includes 0 as an external access prefix Try an audio call and then configure everything so that users are able to talk each
other with Enterprise Voice
Test the delegation feature, enabling it for a Lync user and applying the numberdelegation from the Lync client
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
49/92
48
4 Managing Clients, and
Devices with Lync ServerControl PanelAs a Lync server administrator, one of your tasks is to manage software updates and
usage policies for the clients. The definition of client in Lync includes Lync client
software installed on the user workstation or on a mobile device and IP deskphones. You
can add to the list the Lync Web App, a web interface accessible to the users with no
client software on their local machine. The Web App is not a full featured client butenables participation to an existing meeting.
In figure 4.1 you can see the full client, the Web App and a deskphone side by side.
4.1 A graphic representation of some of Lync 2013 clients
The Control Panel of Lync 2013 server will be of great help in this task with the tools
incorporated in a tab called CLIENTS(as I explained previously, the Control Panel is
the graphical interface for Lync administration). You can see it in figure 4.2
4.2 The left pane of Lync 2013 server Control Panel. The green circle shows the clients tab
In the client tabs we have the instruments to manage:
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
50/92
49
Clients: Lync and OCS client software installed on desktop clients (OCS 2007 R2 was
the UC product published from Microsoft before Lync)
Hardware: this definition includes all the deskphones you can use with Lync. These
can be divided into two broad categories:
Compatible IP Phones Tested and Qualified for Lyncthat are phones that use a
third-party software compatible with Lync
IP Phones Optimized for Lyncthat are phones based on Lync Phone Edition (see
figure 4.3). Lync Phone Edition is a client software from Microsoft that runs on qualified
devices and provides traditional and advanced telephony features.
Figure 4.3 the phone on the left uses Lync Phone Edition while the one on the right uses a software from the
hardware manufacturer
Mobility: dedicated to the management of client functionality designed for mobiledevices such as smartphones and tablets
In Figure 4.4, in addition to showing contents of the Clients tab, I have divided it into
three "zones" (client, hardware and mobility). It should be easier to explain the different
tools this way.
Figure 4.4 Clients tab in Lync Control Panel with the three zones
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
51/92
50
As you can see, two tabs are for Software Clients management, four are for Hardware
Devices and two focus on Mobility.
You can map each tab with the administrative tasks you accomplish inside, like in the
following table
Client Version Policy Client version policies enable you to specifywhich clients will accepted from Lync Server
Client VersionConfiguration
Here you can specify a default action forclients with no client version policy defined
Device Update You are able to approve and distributesoftware updates to the devices
Test Device You can add a test device and use it to verifynew updates before deploying them to
production devicesDevice LogConfiguration
You can manage settings related to thedevice updates logging
Device Configuration Device configuration enable you to modifymanagement options for Lync Phone Editionlike phone lock after time-out
Mobility Policy You can create a mobility policy to allow ordeny Lync features to mobile users
Push NotificationConfiguration
You can enable o disable push notifications.A notification is an on-screen warning aboutmissed Lync communications. It is available
only on certain versions of the Lync mobileclient
I will explain some of the configurations available in the various tab, keeping the logical
division into three areas to improve the clarity.
NOTE: Usually client management is not a job that you will perform on a daily basis.
Usually you will work in the face of new software updates or if you need to change
policies for your clients.
Now, to start with a practical example, lets imagine that you have just migrated your
corporates Lync infrastructure to Lync server 2013. You will probably have the Lync
2010 clients displaying the following error: Microsoft Lync 2010 is not a version that
can be used to sign in to the server, as you can see in figure 4.5
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
52/92
51
Figure 4.5 Default error with Lync 2010 clients
The solution to your problem is in what I have called the softwareclients zone of the
clients tab in the Lync serve Control Panel.
Software Clients
The parameters in the Client Version Policy and in the Client Version
Configuration tabs dictate together which clients can login to Lync server.
Every time a Lync user logs on, the client version configuration select if it is subject to
client version checks or not.
If the Client Version Configuration is enabled(see figure 4.6 the Client Version Policy
will check the release of the client software and allow (or deny) it the access.
Figure 4.6 Client Version Configuration enabled
Then the Client Version Policy establishes the rules for admitting or blocking the
different clients.
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
53/92
52
The default policy is a global one (that means that it applies to the entire infrastructure
Lync) as you can see in figure 4.7
Figure 4.7 client version policy with the default (global) policy
Opening the policy, you will see the list in the image 4.7. The value I have pointed out in
green is the one that regards our Lync 2010 clients. If they are older than version4.0.7577.4103 they will not be able to connect to Lync server 2013.
Figure 4.7 client version policy with the parameter regarding Lync 2010 client highlighted
The default settings are too restrictive, for our scenario, cutting out a part of the Lync
2010 clients. What you have to do is modify to set to allow the OC 4.0.7577.4103 version
of the User agent (corresponding to the Lync 2010 client) as you can see in the next
screen capture
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
54/92
53
Figure 4.6 Enabling Lync 2010 clients
Now, lets add some information to go beyond the specific issue you have just seen.
Version Configuration includes a setting to allow or block unidentified clients. That is an
important set because it dictates how Lync will manage any client it is not able to match
with the versions listed in the policy parameters.
To manage scenarios with a companys deployment of the Lync clients that is not
homogenous you can create site or user policies to manage exceptions for a single office
or employer.
Note: If you want to keep also Microsoft Office Communicator 2007 R2 clients running,
the version to modify is 3.5.6907.233
Hint: I suggest you a free tool (Find Lync Versions
http://www.stumper66.com/software/lync.html ) that queries the RTCLocal database to
retrieve the client versions that your users have on their workstation.
Try It Now
Open a Lync client and identify its version number. Prepare a list of the required steps to allow connection to the Lync server for
legacy clients in a branch office with a local Lync Front End server where the
users are homed. Now, imagine the aforementioned branch office with a SBA deployment of Lync (
Survivable Branch Appliance is a an hardware with limited Lync features to
increase voice resiliency in branch-office scenarios). The list of required steps to
keep legacy clients working will change ?
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
55/92
54
Hardware Devices
If your company uses the Enterprise Voice of Lync server 2013 (that is the Lync term to
define voice communications over Internet Protocol or VOIP) you probably have also
deployed deskphones as the ones you have seen at the beginning of the chapter.
A part of your administrative tasks is to keep up to date and to align to the last version of
software the aforementioned physical phone devices.
In this zone of the Control Panel you are able to approve and distribute updates to the
devices (and to rollback in case an issue arises), to test them or to configure some
parameters (see figure 4.7)
Figure 4.7 Device Management in Lync Control Panel
Letsassume that you need to update an HP4110 phone to the last release of the
software. The first step is to download an updated .bin file (this file, deployed to the
deskphones, will update their software). Then you need to make it available to the
devices.
Lync enables software distribution to the devices through the web service installed by
default on the Lync Front Ends.
Note: the procedure will require also the use of the Lync Management Shell (that is the
command line based on Windows PowerShell for Lync administration) and its cmdlets
(a lightweight command that is used in the PowerShell environment)
You need a cmdlet to import the .bin files in Lync server. The base command is Import-
CsDeviceUpdate but you need also to know a parameter of your Front End called
identity.
If you do not know the -identity parameter for your server you can use the following
cmdlet Get-CsService WebServer.
In my example I have a value equal to Webserver:2012SE1.Lync2013.dom.
The .bin file I have downloaded is located in c: and named ucupdates.cab. The ending
cmdlet to import it will be
Import-CsDeviceUpdate -identity WebServer:2012SE1.Lync2013.dom -FileName
c:\ucupdates.cab
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
56/92
55
To verify if the update have been imported correctly you have to go in the Lync Control
Panel and open the Device Updatein the clients tab.
The result is the one you can see in figure 4.8 (I have also opened the Action menu for
the approval).
Figure 4.8 Updates are available for approval in Lync Control Panel
Before deploying it on a large scale you can verify the new updates on a test devices
using the dedicated menu (Test Device) in the Control Panel. The hardware can be
identified using the MAC address (unique identifier of the network interface of the
deskphone). In my case 00:04:13:72:00:7F. You could also use the serial number
(M08400000) as shown in figure 4.9
Figure 4.9 Configuring a Test Device
If the test device shows no issue, you can deploy the update approving it in the
aforementioned Device Update tab.
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
57/92
56
Note: The pre-requirements for a successful Phone Edition deployment include a
working Lync Enterprise Voice implementation and modifications to the network
infrastructure servers like DNS and DHCP.
Mobility
Lets say that our user Patricia Johnson needs:
To use a mobile client and the call via work feature (i.e. the capability to call fromher cell phone using her work number)
We want her to use voice and video only if a Wi-Fi connection is available (somobile data connection should be inhibited for those features)
The bad news are that you cant achieve the result using only the Control Panel.
The default policy (global) that you can see in the Mobility Policytab (figure 4.10)
does not satisfy the aforementioned requirements and that there is no way to force the
Wi-Fi parameter from the Control Panel.
Figure 4.10 The Mobility Policy with the default policy opened
I have zoomed the previous image in figure 4.11. As you can see, the settings are only to
enable or disable mobility and call via work.
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
58/92
-
8/12/2019 Microsoft Lync Server 2013 - Basic Administration Release 2_1
59/92
58
Push Notification are disabled by default (see Figure 4.12)
Figure 4.12 Default Policy for Push Notifications
To continue with our previous example, if Patricia has Lync 2013 Mobile on an Apple
device, you do not need push notifications because the new version of the client for IPad
and IPhone does not support them. If she uses Lync 2010 Mobile on an Apple device or
a Windows Phone, notifications useful. The aforementioned configurations will use the
push service to notify the user for lost IM messages and contacts when the client is in
background.
Note: the feature requires configurations for the Lync Edge and for the reverse proxy
that we will see later in the text.
Some Things You Have to Do Outside the Control Panel
Some devices, like the