Book Image

LYNC SERVER COOKBOOK

Book Image

LYNC SERVER COOKBOOK

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
LYNC SERVER COOKBOOK
Jan, 2015 | 392 pages
No titles found
Table of Contents (19 chapters)
Lync Server Cookbook
Lync Server Cookbook
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Lync 2013 Security
Lync 2013 Security
Introduction
Controlling administrative rights with RBAC and custom cmdlets
Hardening Lync Servers
Hardening Lync databases
Enhancing conferencing security
Managing certificates for the authentication of desk-phones
Deploying a secure Lync Edge
Applying ethical walls for federation security
Using Application Request Routing to configure a reverse proxy for Lync Server 2013
2
Lync 2013 Authentication
Lync 2013 Authentication
Introduction
Configuring passive authentication for Lync
Enabling two-factor authentication
Adding the app password for mobile clients
Authenticating with online services using DirSync
Managing Windows Azure Directory for Lync Online
Configuring server-to-server authentication
Troubleshooting with client authentication logging
3
Lync Dial Plans and Voice Routing
Lync Dial Plans and Voice Routing
Introduction
Introducing dial plans and voice routing
Defining dial plans
Configuring PSTN usage – voice policy
Configuring PSTN usage – Location-Based Routing
Enabling routes
Validating trunks
Configuring load balancing, failover, and least cost routing
Controlling call forwarding
4
Lync 2013 Integration with Exchange
Lync 2013 Integration with Exchange
Introduction
Configuring the Unified Messaging integration
Configuring OAuth between Lync 2013 and Exchange 2013
Configuring Lync 2013 and Exchange 2013 as partner applications
Configuring Lync 2013 to use Exchange 2013 for archiving
Configuring Lync 2013 to use the Exchange 2013 Unified Contact Store
Integrating Lync 2013 with the Exchange 2013 Outlook Web App
5
Scripts and Tools for Lync
Scripts and Tools for Lync
Introduction
Installing Lync prerequisites and more – Set-Cs2013Features
Creating a fully functional voice configuration – Lync Dialing Rule Optimizer
Switching between multiple Lync identities with a click – Profiles for Lync (P4L)
Tracing made easier – Lync 2013 Centralized Logging Tool
Identifying recurrent issues – Lync Pilot Deployment Health Analysis
Managing phone numbers – Search-LineURI and Get-UnusedNumbers
Managing Call Pickup Groups – Lync2013CallPickupManager 1.01
6
Designing a Lync Solution – The Overlooked Aspects
Designing a Lync Solution – The Overlooked Aspects
Introduction
Meeting your users' expectations
User training
Gathering the users' requirements
Weighing up around Lync virtualization
Network readiness – introduction
Defining personas for the network
Defining sites for the network
Network readiness – reviewing and analyzing results
7
Lync 2013 in a Resource Forest
Lync 2013 in a Resource Forest
Introduction
Planning a resource forest
Using Exchange Online for a Lync resource forest
Configuring FIM in a Lync resource forest
Synchronizing forests with FIM
Deploying Azure Active Directory Synchronization services (AAD Sync) in a Lync resource forest
AAD Sync synchronization services and rules
8
Managing Lync 2013 Hybrid and Lync Online
Managing Lync 2013 Hybrid and Lync Online
Introducing Lync Online
Administering with the Lync Admin Center
Using Lync Online Remote PowerShell
Using Lync Online cmdlets
Introducing Lync in a hybrid scenario
Planning and configuring a hybrid deployment
Moving users to the cloud
Moving users back on-premises
Debugging Lync Online issues
9
Lync 2013 Monitoring and Reporting
Lync 2013 Monitoring and Reporting
Introduction
Installing Lync 2013 monitoring reports
Selecting the right kind of report
Call Diagnostic Reports
Media Quality Diagnostic Reports
Call Leg Media Quality Report
Lync 2013 with System Center 2012 R2 Operations Manager
Configuring a watcher node and synthetic transactions
10
Managing Lync 2013 Backup and Restore
Managing Lync 2013 Backup and Restore
Introduction
Topology information
Configuration information
User database
Persistent Chat database
The Location Information LIS database
The Response Group Services configuration
Certificates
Backend databases
Voice dial plans, policies, and settings
File services
Don't forget the infrastructure – the greater recovery plan
11
Controlling Your Network – A Quick Drill into QoS and CAC
Controlling Your Network – A Quick Drill into QoS and CAC
Introduction
Gathering data about your network
Creating network bandwidth policies
Adding networks to the topology
Creating region links and routes
Enabling CAC
Preparing servers and clients for DSCP tagging
Controlling/limiting the port ranges for traffic
Media bypass
12
Lync 2013 Debugging
Lync 2013 Debugging
Introduction
Using Snooper to examine log files
Investigating Call Flow with Snooper Flow Chart
Reviewing Lync information with OCSLogger
Tracing from a command line with OCSTracer
Customizing CLS scenarios using CLSController
Testing our setting with Best Practices Analyzer
Capturing network traffic with Wireshark
Troubleshooting clients with the Microsoft Lync Connectivity Analyzer
Verifying a deployment with the Microsoft Remote Connectivity Analyzer
Index
Index

Enhancing conferencing security

Conferencing, in Lync Server 2013, has the same default security configuration that we had in Lync Server 2010. Justin Morris, in a post dedicated to Lync Server 2010 conferencing (http://www.justin-morris.net/understanding-conference-security-in-lync-server-2010/), pointed out some of them, including the fact that every Lync user has a meeting URL and a conference ID that never changes by default, and that users invited to a meeting using a PSTN line have the ability to bypass the lobby. If we always use the same conference ID, people outside our company whom we have invited in the past could use it with malicious motivations, or different (unrelated) conferences with different people could merge if our time schedule is not perfect. We will list some steps to improve conferencing security, including a couple of cmdlets from the previously mentioned post.

How to do it...

  1. We can start assessing the security configuration of conferencing for our Lync deployment using Get-CsMeetingConfiguration.

  2. To disable the lobby bypass for PSTN users, use the following cmdlet:

    Set-CsMeetingConfiguration -PstnCallersBypassLobby $false

  3. To force users to schedule private meetings (with unique IDs), use the following cmdlet:

    Set-CsMeetingConfiguration -AssignedConferenceTypeByDefault $false -EnableAssignedConferenceType $true

  4. Then, we have to work on the conferencing policies. The default global policy allows almost any of the available conferencing features. I suggest that you clone it using New-CsClonedPolicy from Pat Richard (http://www.ehloworld.com/2300). This script is useful to create a new user-conferencing policy called, for example, DefaultConferencing, which will have the same parameters we had in the global policy. The cmdlet we will use is the following one:

    .\New-CsClonedPolicy.ps1 -SourcePolicyName global -TargetPolicyName "DefaultConferencing" -PolicyType ConferencingPolicy

  5. Restrict the global conferencing policy to match the minimal level of service we will grant to every Lync-enabled user.

  6. To enhance conferencing security, we can also restrict the number of TCP ports involved in the client communication. Launch the Get-CsConferencingConfiguration cmdlet to look at the applied configuration. If ClientMediaPortRangeEnabled is False, then the clients will use a port between ports 1024 and 65535 when involved in a communication session. We can use the following cmdlet to force port range (default will be starting from TCP port 5350 for all the kind of network traffic):

    Get-CsConferencingConfiguration | Set-CsConferencingConfiguration  -ClientMediaPortRangeEnabled $True

How it works...

As we said, the cmdlet shown in step 6 will use the same TCP port for all the network traffic involved in the clients' communication. We can refer to Chapter 11, Controlling Your Network – A Quick Drill into QoS and CAC to also implement Quality of Service (QoS) and Call Admission Control (CAC).

See also

I suggest that you also read a second post from Justin Morris, which is related to the unique conference IDs, Why You Should and Shouldn't Configure Unique Conference IDs in Lync (http://www.justin-morris.net/why-you-should-and-shouldnt-configure-unique-conference-ids-in-lync/#sthash.W9h9mCzn.dpuf). This post examines the pros and cons of the solution outlined in the previous document in depth.

Previous Section
End of Section 6
Next Section