Book Image

LYNC SERVER COOKBOOK

Book Image

LYNC SERVER COOKBOOK

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
LYNC SERVER COOKBOOK
Jan, 2015 | 392 pages
No titles found
Table of Contents (19 chapters)
Lync Server Cookbook
Lync Server Cookbook
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Lync 2013 Security
Lync 2013 Security
Introduction
Controlling administrative rights with RBAC and custom cmdlets
Hardening Lync Servers
Hardening Lync databases
Enhancing conferencing security
Managing certificates for the authentication of desk-phones
Deploying a secure Lync Edge
Applying ethical walls for federation security
Using Application Request Routing to configure a reverse proxy for Lync Server 2013
2
Lync 2013 Authentication
Lync 2013 Authentication
Introduction
Configuring passive authentication for Lync
Enabling two-factor authentication
Adding the app password for mobile clients
Authenticating with online services using DirSync
Managing Windows Azure Directory for Lync Online
Configuring server-to-server authentication
Troubleshooting with client authentication logging
3
Lync Dial Plans and Voice Routing
Lync Dial Plans and Voice Routing
Introduction
Introducing dial plans and voice routing
Defining dial plans
Configuring PSTN usage – voice policy
Configuring PSTN usage – Location-Based Routing
Enabling routes
Validating trunks
Configuring load balancing, failover, and least cost routing
Controlling call forwarding
4
Lync 2013 Integration with Exchange
Lync 2013 Integration with Exchange
Introduction
Configuring the Unified Messaging integration
Configuring OAuth between Lync 2013 and Exchange 2013
Configuring Lync 2013 and Exchange 2013 as partner applications
Configuring Lync 2013 to use Exchange 2013 for archiving
Configuring Lync 2013 to use the Exchange 2013 Unified Contact Store
Integrating Lync 2013 with the Exchange 2013 Outlook Web App
5
Scripts and Tools for Lync
Scripts and Tools for Lync
Introduction
Installing Lync prerequisites and more – Set-Cs2013Features
Creating a fully functional voice configuration – Lync Dialing Rule Optimizer
Switching between multiple Lync identities with a click – Profiles for Lync (P4L)
Tracing made easier – Lync 2013 Centralized Logging Tool
Identifying recurrent issues – Lync Pilot Deployment Health Analysis
Managing phone numbers – Search-LineURI and Get-UnusedNumbers
Managing Call Pickup Groups – Lync2013CallPickupManager 1.01
6
Designing a Lync Solution – The Overlooked Aspects
Designing a Lync Solution – The Overlooked Aspects
Introduction
Meeting your users' expectations
User training
Gathering the users' requirements
Weighing up around Lync virtualization
Network readiness – introduction
Defining personas for the network
Defining sites for the network
Network readiness – reviewing and analyzing results
7
Lync 2013 in a Resource Forest
Lync 2013 in a Resource Forest
Introduction
Planning a resource forest
Using Exchange Online for a Lync resource forest
Configuring FIM in a Lync resource forest
Synchronizing forests with FIM
Deploying Azure Active Directory Synchronization services (AAD Sync) in a Lync resource forest
AAD Sync synchronization services and rules
8
Managing Lync 2013 Hybrid and Lync Online
Managing Lync 2013 Hybrid and Lync Online
Introducing Lync Online
Administering with the Lync Admin Center
Using Lync Online Remote PowerShell
Using Lync Online cmdlets
Introducing Lync in a hybrid scenario
Planning and configuring a hybrid deployment
Moving users to the cloud
Moving users back on-premises
Debugging Lync Online issues
9
Lync 2013 Monitoring and Reporting
Lync 2013 Monitoring and Reporting
Introduction
Installing Lync 2013 monitoring reports
Selecting the right kind of report
Call Diagnostic Reports
Media Quality Diagnostic Reports
Call Leg Media Quality Report
Lync 2013 with System Center 2012 R2 Operations Manager
Configuring a watcher node and synthetic transactions
10
Managing Lync 2013 Backup and Restore
Managing Lync 2013 Backup and Restore
Introduction
Topology information
Configuration information
User database
Persistent Chat database
The Location Information LIS database
The Response Group Services configuration
Certificates
Backend databases
Voice dial plans, policies, and settings
File services
Don't forget the infrastructure – the greater recovery plan
11
Controlling Your Network – A Quick Drill into QoS and CAC
Controlling Your Network – A Quick Drill into QoS and CAC
Introduction
Gathering data about your network
Creating network bandwidth policies
Adding networks to the topology
Creating region links and routes
Enabling CAC
Preparing servers and clients for DSCP tagging
Controlling/limiting the port ranges for traffic
Media bypass
12
Lync 2013 Debugging
Lync 2013 Debugging
Introduction
Using Snooper to examine log files
Investigating Call Flow with Snooper Flow Chart
Reviewing Lync information with OCSLogger
Tracing from a command line with OCSTracer
Customizing CLS scenarios using CLSController
Testing our setting with Best Practices Analyzer
Capturing network traffic with Wireshark
Troubleshooting clients with the Microsoft Lync Connectivity Analyzer
Verifying a deployment with the Microsoft Remote Connectivity Analyzer
Index
Index

Using Application Request Routing to configure a reverse proxy for Lync Server 2013

A reverse proxy (a service that retrieves information on behalf of a client from servers usually located in a corporate network) is a required part of any Lync Server 2013 deployment that we want to make available to external users (as shown at http://technet.microsoft.com/en-us/library/gg398069.aspx). There are many reverse proxy solutions offered by vendors and a couple of free solutions available as part of the Windows OS. The first one is the Web Application Proxy (WAP) that is part of the Remote Access Server role in Windows Server 2012 R2. However, WAP is a relatively new technology, and there have been some issues related to using it as a reverse proxy solution for Lync Server 2013. The other solution is the IIS Application Request Routing (ARR) that enables a Windows server to act as a reverse proxy. We will talk about the setup required for the latter scenario.

Getting ready

The latest available version of IIS ARR is 3.0. A prerequirement for ARR 3.0 is to have IIS enabled on the server (we can use the default settings). ARR is available using the Microsoft Web Platform Installer (MWPI) at http://www.microsoft.com/web/gallery/install.aspx?appid=ARRv3_0. There is also a standalone version (ARR 3.0 standalone package) at http://www.microsoft.com/en-us/download/details.aspx?id=40813, which does not require the Web Platform Installer and could be a good solution for a server with a high level of segregation. We will use the first option (with MWPI). The FQDN of the server we are going to use is dormouse, the Lync 2013 Standard Edition Front End server is madhatter.absoluteuc.corp, and the AD DS server (that includes a certification authority) is alice.absoluteuc.corp. The frontend has a public name madhatter.absoluteuc.org, as shown in the following screenshot:

The configuration of a reverse proxy for Lync Server 2013 requires a digital certificate (usually issued from a public CA) that must include at least the Lync Pool FQDN and the Lync simple URLs for Lync (meet and dial-in). The admin simple URL is optional, and for internal use only (http://technet.microsoft.com/en-us/library/gg425874.aspx).

Note

The reverse proxy in Lync can also be used as a proxy also the simple URLs for Lync Web External (lyncwebext), Mobility (Lyncdiscover), Office Online external URL (which could be unique or shared with lyncwebext). If we enable it, we will also have the simple URL for webscheduler.

Some reference material on this topic is available in the See also section of this recipe. A reverse proxy is usually deployed in a Demilitarized Zone (DMZ) network and will require two different network interfaces (NICs), one behind the Internet-facing firewall (external NIC) and one behind the backend firewall, used to connect to our internal Lync deployment (internal NIC). The reverse proxy will be reachable from the Internet using a Network Address Translation (NAT), a process performed by the firewall that converts an internal network address into a different address that is public on the Internet.

How to do it...

  1. Our reverse proxy will be located in a DMZ (that is a best practice). Usually, in a similar scenario, we have no access to a DNS server that is able to resolve the FQDNs of the internal domain (in our situation, wonderland.lab), so we have to populate the local HOSTS file on our server.

  2. Prepare the SSL digital certificate, starting from a CSR generated using IIS (http://technet.microsoft.com/en-us/library/cc732906(v=ws.10).aspx) or a third-party utility like the DigiCert Certificate Utility for Windows (https://www.digicert.com/util/) and follow the steps required by the selected CA.

  3. Open the Internet Information Services (IIS) Manager and go to the server home screen. Select Server Certificates and select Import… to import the SSL certificate (in our example, it will be named LyncCert).

  4. Open the Default Web Site page, and select Bindings….

  5. Select Add, set Type HTTPS, and select the SSL certificate as shown in the following screenshot:

  6. Launch the installer and select Application Request Routing 3.0, as shown in the following screenshot. The configuration will go on automatically.

  7. Open the start screen, select Internet Information Server (IIS) Manager, and go to the Server Farms screen. Right-click and select Create Server Farm, as we can see in the following screenshot:

  8. Type the FQDN of the service we are going to publish (for example, madhatter.absoluteuc.org). Leave the online flag selected. Click on Next.

  9. Before we add the server, select the Advanced Settings… tab. On the ApplicationRequestRouting parameters, change the HTTP and HTTPS ports (for Lync Server 2013, they are 8080 and 4443, if we haven't customized them in the topology design). In the server name field, type the name of our internal server (or load balancer) and click on Add. The configuration is shown in the screen capture. The steps are shown in the following screenshot:

  10. Select Finish. A notification like the one in the following screenshot will be shown. Select Yes.

  11. Now, under the Server Farms menu, we will have lyncdiscover.absoluteuc.org. We have to select it and modify some of the options shown in the following screenshot:

  12. Go to the Caching options. Remove the flag from Enable disk cache. Select Apply.

  13. Go to the Routing Rules options. Remove the flag from Enable SSL Offloading. Select Apply.

  14. Go to the server's home screen and select URL rewrite. The previous wizard created two rewrite rules, one with HTTPS/SSL and one with plain HTTP. Remove the one we are not going to use and edit the other one to match our needs. In our example, we are going to publish madhatter.absoluteuc.org using HTTPS, so we will remove the HTTP rule and edit the SSL rewrite rule, as shown in the following screenshot:

  15. The conditions to use are as follows:

    input= {HTTPS}, Type=Matches the Pattern, Pattern=on input={HTTP_HOST}, type=Matches the pattern, Pattern=madhatter.*

  16. We also have a Test Pattern option to match the URL we are going to use with the rules. When we have done, we have to select Apply. The screen is shown in the following screenshot:

  17. The previously mentioned steps have to be repeated for every URL we plan to publish.

    Tip

    To avoid the "Your server configuration has changed. Please restart Lync" message on Apple mobile devices, it is recommended that you set the Proxy Time-out to 960 seconds (it is a parameter related to every Server Farm we have defined), as we can see in the next screenshot:

How it works...

The reverse proxy will receive requests on standard ports (TCP 80 for HTTP and TCP 443 for HTTPS) and redirect them to ports 8080 and 4443 of our Lync Server deployment. The "public" Lync 2013 site that is listening on these ports has rewrite rules to handle all the SIP domains we have deployed. For more information, see the Lync 2013 Internal and External Web Sites post at http://tsoorad.blogspot.it/2013/04/lync-2013-internal-and-external-web.html by John Weber.

See also

To plan Lync certificates, the following are some useful resources:

Previous Section
End of Chapter 1
Next Chapter