lync-server-2013-psfp ml13 deploy lync2013 edge federation
DESCRIPTION
bookTRANSCRIPT
Released:
Conditions and Terms of Use
This training package content is proprietary and confidential, and is intended only for users described in the training materials. This content and information is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or information included in this package is strictly prohibited.
THE CONTENTS OF THIS PACKAGE ARE FOR INFORMATIONAL AND TRAINING PURPOSES ONLY AND ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
Training package content, including URL and other Internet Web site references, is subject to change without notice. Because Microsoft must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
Copyright and Trademarks © Microsoft Corporation. All rights reserved.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
For more information, see Use of Microsoft Copyrighted Content at http://www.microsoft.com/about/legal/permissions/.
Microsoft®, Internet Explorer, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
About the Authors
Author: Greg Anthony
Bio:
Project Member: Ron Solomon
Bio:
Acknowledgements We want to thank the numerous members of the Product Group, User Assistance Teams, Beta Team, Reskit Team, and Product Quality Team and other supporting teams for their collaboration, time, effort, materials, and presentations that in many important ways has helped to make this project successful.We also want to thank Global Technical Readiness for help with the formatting, presentation creation and other training readiness items and CTS Labs with their help in on boarding the virtual environment in external VMAS.Lastly, I want to thank the CSS Readiness Team for their push, encouragement, and assistance with additional resources to complete this project in a timely manner.
Table of ContentsLab 13: Deploy Lync Server 2013 Edge Role................................................................................................
Exercise 1: Deploy Lync Server 2013 Edge...............................................................................................................
Exercise 2: Migrate Lync 2010 Edge to Lync 2013 Edge.........................................................................................25
Exercise 3: Configure Federation on Lync Server 2013..........................................................................................28
Exercise 4: Configure XMPP Federation with Lync 2013 Edge...............................................................................32
Lab 13: Deploy Lync Server 2013 Edge Role During this lab, you will gain hands-on experience with migrating Edge role services from Microsoft Lync Server 2010 to Lync Server 2013.
Estimated time to complete this lab: XX minutes
Before You BeginThis lab does not depend on the completion of any previous labs.
What You Will LearnAfter completing the exercises, you will be able to:
Deploy Lync 2013 Edge Role for federation and remote access
Move external roles from Lync Server 2010 Edge to Lync 2013
Configure XMPP access and federation with Google Talk
ScenarioContoso has deployed Lync Server 2013 and now need to begin the process of deploying Lync Server 2013 Edge services.
Exercise 1: Deploy Lync Server 2013 Edge 1. On L15S1FE01, open Topology Builder, expand site Corp->Lync Server 2013, right-
click Edge pools, and then select New Edge Pool.
2. On the Define the New Edge Pool page, read over the information presented and then click Next.
3. On the Define the Edge Pool FQDN page, in the Pool FQDN field enter L15S1EDGE01.contoso.com, select the radio button for Single computer pool, and then click Next.
4. On the Select features page, enable support for XMPP but do not enable federation. Federation is currently routed through the legacy Lync Server 2010 Edge Server. This setting will be configured in a later phase of migration.
5. On the Select IP options page, choose IPV4 for the internal and external interface, and select External IP is translated by NAT.
6. On the External FQDNs page, use the same FQDNS as those defined on your Lync 2010 Edge server and then click Next.
Sip.<lync#>.msftonlinerepro.com Webcon.<lync#>.msftonlinerepro.com Av.<lync#>.msftonlinerepro.com
7. On the Define the internal IP address page, enter the appropriate IP address for the Internal IPv4 address field. You can get this information by opening the info.txt file created by the tmgconfigscript you ran in lab 1. Just open this link\\l2010se01\c$\users\administrator.contoso\downloads\info.txt. Your lab info will be different from that pictured below.
8. On the Define the external IP Address page, using the info.txt file enter the appropriate IP address and click Next.
9. On the Define the public IP address page, in the Public IPV4 address for AV Edge service field enter the public IP address from the info.txt file for the Lync 2010 A/V Edge public IP.
10. On the Define the next hop server page, accept the default – pool.contoso.com and click Next.
11. On the Associate Front End pools or Mediation pools page, do not associate a pool with this Edge pool at this time. External media traffic is currently routed through the legacy Lync Server 2010 Edge Server. This setting will be configured in a later phase of migration.
12. Click Finish and then Publish the topology.
13. After publishing the topology in Lync Server Management Shell, execute the following to export the configuration for import on the Lync 2013 Edge server.Export-CsConfiguration -Filename c:\users\administartor\downloads\config.zip
14. On L15S1EDGE01, run Lync Server 2013 Deployment Wizard, and click Install or Update Lync Server System.
15. On the Welecome to Lync Server Deployment page, by Step 1: Install Local Configuration Store, click Run.
16. On the Configure the Local Replica of Central Management Store page, enter \\l15s1fe01\c$\Users\administrator.CONTOSO\Downloads\config.zip as the path to the config.zip exported in a prior step and then click Next.
17. On the Executing Commands page, when the task status is complete, click Finish.
18. By Step 2: Setup or Remove Lync Server Components click Run.
19. On the Setup Lync Server Components page, click Next.
20. On the Executing Commands page, when the task status is complete, click Finish.
21. Before running Step 3: Request, Install or Assign Certificates, import the same certificate to the computer certificate store for the external edge roles that you used on the L2010S1EDGE01 in an earlier lab. You can either export that certificate from L2010S1EDGE01 or import your copy of the pfx file. This would be the certificate with the common name of sip.<lync#>.msftonlinerepro.com.
22. After importing your certificate for the external edge roles, click Run by Step 3.
23. On the Certificate Wizard page, select Edge Internal and click Request.
24. On the Certificate Request page, click Next.
25. On the Delayed or Immediate Requests page, click Next.
26. On the Choose a Certification Authority (CA) page, in the Specify another certification authority field, enter Enterprisedc.contoso.com\contoso-EnterpriseDC-CA and click Next.
27. On the Certification Authority Account page, enter the contoso\administrator credentials, and click Next.
28. On the Specify Alternate Certificate Template page, click Next.
29. On the Name and Security Settings page, enter a friendly name, and then click Next.
30. On the Organization Information page, enter your information and click Next.
31. On the Geographical Information page, enter your information, and click Next.
32. On the Subject Name / Subject Alternative Names page, click Next.
33. On the Configure Additional Subject Alternative Names page, click Next.
34. On the Certificate Request Summary page, click Next.
35. On the Executing Commands page, click Next.
36. On the Online Certificate Request Status page, click Next.
37. On the Certificate Assignment page, click Next.
38. On the Certificate Assignment Summary page, click Next.
39. On the Executing Commands page, when the task status is complete, click Next.
40. On the Certificate Wizard page, select External Edge certificate, and then click Assign.
41. On the Certificate Assignment page, click Next.
42. On the Certificate Store page, select your sip.<lync#>.msftonlinerepro.com certificate and then click Next.
43. On the Certificate Assignment Summary page, click Next.
44. On the Executing Commands page, when the task status is complete, click Next.
45. On the Certificate Wizard page, click Close.
46. By Step 4: Start Services, click Run.
47. On the Start Services page, click Next.
48. On the Executing Commands page, when task status is complete, click Finish.49. Exit and close the Lync Server 2013 Deployment Wizard.
Exercise 2: Migrate Lync 2010 Edge to Lync 2013 Edge 1. On L15S1FE01, in Topology Builder, expand site Corp -> Lync Server 2010 -> Standard
Edition Front End Server, right-click the l2010s1se01.contoso.com pool and click Edit Properties.
2. On the Edit Properties page, under Associations, change the Associate Edge pool field to L15S1EDGE01.contoso.com and then click OK.
3. Repeat these steps for the rest of the Lync pools in the topology that are listed below.
a. Corp -> Lync Server 2013 -> Enterprise Edition Front End pools -> pool.contoso.com
b. Corp -> Branch sites -> Charlotte -> Lync Server 2013 -> Survivable Branch Applicance -> l15s3sba.contoso.com
c. Site2 -> Lync Server 2013 -> Standard Edition Front End Servers -> L15S2SE01.contoso.com
4. Leave Topology Builder open, as you will complete publishing in exercise 3.
Update Threat Management Gateway 2010 configuration to reflect Lync Server 2013 Edge IP addresses.
5. On WSTMG01, launch Microsoft Forefront Threat Management Gateway console.
6. In the left hand navigation pane, expand ForeFront TMG (WSTMG01) and select the Firewall Policy.
7. On the right hand side select the Toolbox tab, expand Network Objects section and underneath expand Computers.
8. Open c:\users\administrator\downloads\info.txt in Notepad for reference.
9. Back in Forefront TMG console, double-click Lync Access Edge computer object to edit the properties and change the Computer IP Address field to that of the Lync 2013 Access Edge private IP listed in your info.txt file and click OK.
10. Repeat for Lync Webconf Edge and Lync AV Edge computer objects using their associated IP addresses.
11. For the rules in the following figure, change the To IP address to reflect your L15S1EDGE01 IP Addresses. Number 13, 14, 15 should reflect the Access Edge private IP, number 12 the Web Conferencing Edge Private IP, and number 11, 16, 17 the A/V Edge private IP.
12. In the Forefront TMG console header, click Apply. If prompted for a Configuration Change Description, click Apply and then on the Saving Configuration Changes page, click OK.
Exercise 3: Configure Federation on Lync Server 2013 Assign Lync 2013 Edge for federation route
1. Back on L15S1FE01, expand Corp -> Lync Server 2013 -> Edge pools, right-click L15S1Edge01.contoso.com and then select Edit Properties.
2. On the Edit Properties page, under General, select Enable federation for this Edge pool (Port 5061) and then click OK.
3. Expand Corp -> Lync Server 2010 -> Edge pools, right-click L2010S1Edge01.contoso.com and then select Edit Properties.
4. On the Edit Properties page, under General, deselect Enable federation for this Edge pool (Port 5061) and then click OK.
5. Right-click site Corp, and select Edit Properties.
6. On the Edit Properties page, select Federation Route and under Site federation route assignment, select Apply federation route assignments to all sites.
7. Select Enable SIP Federation and in the drop-down select l15s1edge01.contoso.com, then click OK.
8. Publish the topology and before clicking Finish on the Publishing wizard complete page, click to open the to-do list and run local setup on each server in the list. Run Get-CsManagementStoreReplicationStatus to verify all the replicas are up to date first.
Exercise 4: Configure XMPP Federation with Lync 2013 Edge
1. XMPP federation requires DNS SRV record for dialback. Confirm you can resolve the DNS record for your domain. _xmpp-server._tcp.lync#.msftonlinerepro.com. Verify the appropriate Anchor record exists and listening port number (5269).
2. Open DNS management console on EnterpriseDC and create an SRV record for XMPP in the <lync#>.msftonlinerepro.com zone.
_xmpp-server._tcp
TCP Port: 5269
Sip.lyncX.msftonlinerepro.com
3. Open Lync Server Management Shell and create a new external access policy:
New-CsExternalAccessPolicy –Identity CTSFedPic -EnableFederationAccess $true –EnablePublicCloudAccess $true -EnableXmppAccess $true –EnableOutsideAccess $true
4. Assign policy to users.
Get-CsUser | Grant-CsExternalAccessPolicy -PolicyName CTSFedPic –ea SilentlyContinue
Note: Ignore error – “unable to assign policy to hosted users”
5. Create unique dialback phrase for Contoso:
Set-CsXmppGatewayConfiguration -DialbackPassPhrase "ctsdialback"
Configure XMPP federation with Google Talk - Google talk currently only supports unencrypted, TCP connections for server-to-server XMPP federation and only supports Server Dialback for identity verification. (See http://xmpp.org/extensions/xep-0220.html
6. In Lync Server Management Shell, create a new XMPP allowed partner entry for gmail:
New-CsXmppAllowedPartner gmail.com -TlsNegotiation NotSupported -SaslNegotiation NotSupported -EnableKeepAlive $false -SupportDialbackNegotiation $true
7. Open Lync Server Control Panel and review the setting there.
Enable XMPP federation in the Lync topology8. In Topology Builder, edit properties of the Contoso site. Under Site federation route
assignment select Enable XMPP Federation and in the drop-down select l15s1edge01.contoso.com and click OK.
9. Publish the topology and before clicking Finish on the Publishing wizard complete page, check whether there is a to-do list and perform those steps if there is one.