Justo Oreja Vega, Francisco MartinezCommunications CoEMicrosoft Corporation

Bandwidth and Security Implications of Lync Online

• Lync Online Network Assessment Challenges• Media path Topologies, Lync online P2P & Conference calls• Audio, Video, Federation

• Bandwidth Requirements and Control• Lync Client TCP Ports (NAT)• Quality Of Services for Managed Network

• Lync Online - Transport Reliability IP Probe• Microsoft Network Assessment for Unified Communications Approach

for Lync Online

• Lync Online Security • Lync sRTP, encryption, • Lync online Conference data retention policy

Agenda

Lync Online

What’s new in Lync?Be there without going there

Video gallery

HD video or high resolution photos of attendees

H.264 SVC support

Personalized collaboration experiences

Intuitive controls

Consistent and familiar clients

Immersive experience optimized for touch

Mobile client experiences designed for the device

Lync Web App for browser access to meetings

Single identity across business and social applications

Shared contact card

Communicate directly from within Office

OneNote Share

SharePoint integration

Modern, mobile and web clients

Social and integrated design

Communicate with anyone on Skype

Share rich presence information

Secure and archived Instant Messaging

Peer to peer voice

Multiparty HD video and content sharing

Federation with Skype

Lync Online

Managed infrastructure

Transparent & quarterly updates

Simplified administration

Deployment flexibility

Safe and secure in the cloud

Complement PBX deployments

Fastest path to unified communications

Near parity for IM/P and meetingsIM/Presence Lync Meetings Federation Media Controls Enterprise

Voice

• No persistent chat

• Attendee limit: 250 vs. 1000

• Partner ACP needed for dial-in PSTN conferencing

• No Sametime or XMPP federation

• No QoS, call admission control (CAC), and media bypass

• No enterprise voice capabilities

Lync Server

Lync Online

Lync Online Exceptions

ü

ü

ü

ü ü

ü ü ü

û û

Lync Online bandwidth and Security

Lync online Bandwidth and Security• We don’t have to deploy Lync servers but:• Internet Bandwidth to Microsoft Data

Centers are important• Lync Online users use their managed

networks and Internet to connect to Microsoft datacenters.

• Network conditions are important for A/V sessions and Customer Experience

• Customer communication and traffic should be secure

Lync Online Bandwidth

Lync Online Deployment Lync Server

UserLync Online

User

Internet

Contoso

Microsoft Datacenter

Remote Lync Online User

Lync Server2013

PBX

Public Switched Telephony

Network (PSTN)

Instant messaging, presence, voice, audio/HD video conferencing

Enterprise voice (PSTN)

Instant messaging, presence, voice

Managed Customer Network

Unmanaged

Managed Network

Lync Online Audio / Video Quality of Experience

• Lync Online AV conference or peer to peer call

• Quality maybe choppy, tinny, or delayed and will result on meeting or call unusable

• Common reasons:• Poor network connectivity, Delay, Jitter, Packet Loss• Low-bandwidth network connections• Poor audio quality from a particular device

Internet

Lync Online Media Path Topologies• Lync Peer to Peer audio / video call

flows • Internal P2P calls, Internal to External p2p Calls, External to

External

Microsoft Datacenter

Managed Network

Lync Online User A

Contoso

Lync Online User B

Managed Customer Network

SIP

SIP

SRTP

Remote Lync Online User C

SIP

SRTP

2

2

1

Remote Lync Online User D

3

• Lync Peer to Peer audio / video call flows • Online Edge does relay , because some security device is blocking

p2p traffic• Microsoft don’t control customer network but can advice about

internal firewalls before Lync Online deployment• This scenario can impact Internet bandwidth requirements

Lync online Edge Relaying (TURN)

Internet

Microsoft Datacenter

Managed

Network

Lync Online User A

Contoso

Lync Online User B

Managed Customer Network

SIP

SIP

SRTP1 û

SRTP

SRTP

Lync Edge

1

• Lync Peer to Peer audio / video call flows • Online Edge does relay , because some security device is blocking

p2p traffic• Microsoft don’t control customer network but can advice/awareness

about internal firewalls before Lync Online deployment• This scenario can impact Customer Network (example. MPLS)

bandwidth requirements

Lync online STUN Candidates

Internet

Microsoft Datacenter

Managed

Network

Lync Online User A

Contoso

Lync Online User B

Managed Customer Network

SIP

SIP

SRTP1 û

SRTP

SRTP

Lync Edge

1

STUN candidate

s

• Lync Conferences Audio / Video call Flows• Internal and External Users Conference calls• All traffic comes to Lync Online Datacenter• All traffic over internet

Lync Online Media Path Topologies

Internet

Microsoft Datacenter

Managed Network

Lync Online User A

Contoso

Lync Online User B

Managed Customer NetworkSIP

SIP

SRTP

Remote Lync Online User C

SIP

SRTP

2

3

Remote Lync Online User D

1SRTP

SRTPSIP

Lync Conference

MCUs

Lync Online Bandwidth RequirementsAudio/Video P2P A/V Conferences

• A Lync BW Calculator for Lync Online will help to estimate Internet Bandwidth

• Lync BW calculator is for Lync On-prem• Can we adapt the calculator for Lync Online?• Lync Online Data Center = Central Site on Lync BW

calculator?• We need to consider if the customer has only one or

many Internet Access• Assume usage Model are the same

Lync BW Calculator

Lync BW Calculator

Review Lync BW Calculator (On-premise)

One Branch Example

• Customer will know capacity and network conditions for Lync Online Best Experience

• Today we can leverage tools like Ixia to simulate, P2P traffic on customer Network

• We are working on Lync Online Conference Simulation (not available today) for Lync Online MT

• Other Traffic simulation tools can be used

Traffic Simulation Approach

Lync Online Data Center Locations

• Amsterdam, NL: http://trippams.online.lync.com(http://trippams.online.lync.com )

• Blue Ridge, VA: http://trippbl2.online.lync.com(http://trippbl2.online.lync.com)

• Dublin, IE: http://trippdb3.online.lync.com(http://trippdb3.online.lync.com)

• Hong Kong: http://tripphkn.online.lync.com(http://tripphkn.online.lync.com)

• San Antonio, TX: http://trippsn2.online.lync.com(http://trippsn2.online.lync.com)

• Singapore: http://trippsg1.online.lync.com

Transport Reliability IP Probe DEMO• http://trippsn2.online.lync.com/• Review and explain concepts• The Media Access test• The AudioVideo - lowerbound and

AudioVideo - upperbound tests• Download and upload speeds • The VoIP test• Recomendations

Lync Online QoS

• Lync Online is at Microsoft Data Center and the customer use his network, Internet and Lync Online Data Center

• Jitter, Packet Loss and Latency also exist and have to be considered

• We can provide QoS for Lync Online on Managed networks not over Internet.

Latency, Packet Loss, Jitter

Lync Online and QoS

• Lync Online Media Port Changes Offer Better Bandwidth Management

• Lync Online media ports have been split into three separate categories, giving you much better control over network bandwidth

• Use Quality of Service (QoS) group policies to give a higher network priority to audio or video packets.

• Separate port ranges for application sharing and file transfer are planned for a future service update

• QoS group policies only work with client machines running Windows 7 or Windows 8

• QoS policies apply only to peer-to-peer Lync conversations on a network you control

Lync Online QoS on Managed Networks

Internet

Microsoft Datacenter

Managed Network

Lync Online User A

Contoso

Lync Online User B

Managed Customer Network

SIP

SIP

SRTP

Remote Lync Online User C

SIP

SRTP

2

2

1

Remote Lync Online User D

3

Lync Online media ports for QoS

Port Protocol Direction Usage

50000-50019 RTP/UDP Outbound Audio

50020-50039 RTP/UDP Outbound Video

50040-50059 UDP Outbound Application sharing and file transfer

Lync Online Bandwidth

Demo

Lync Online Security

Service security– defense in depthMulti-dimensional approach to safeguarding services and dataSECURITY MANAGEMENT

NETWORK PERIMETER

INTERNAL NETWORK

HOST

APPLICATION

DATA

USER

FACILITY

Threat and vulnerability management, monitoring, and response

Edge routers, intrusion detection, vulnerability scanning

Dual-factor authentication, intrusion detection, vulnerability scanning

Access control and monitoring, anti-malware, patch and configuration management

Secure engineering (SDL), access control and monitoring, anti-malware

Access control and monitoring, file/data integrity

Account management, training and awareness, screening

Physical controls, video surveillance, access control

• User’s communications are encrypted to potential interception by network sniffers

• Lync Signalization traffic is encrypted (TLS)• Lync Media Traffic is always encrypted

SRTP, AES 128 bits• Lync Online provides archiving of peer-to-

peer instant messages, multiparty instant messages, and content upload activities in meetings

Lync Online Secure Communications

• Lync Online Edge Role • Customer Firewall, Internal Firewalls• ICE, STUN, TURN for Lync Online Users

Lync online Edge Relaying

Internet

Microsoft Datacenter

Managed

Network

Lync Online User A

Contoso

Lync Online User B

Managed Customer Network

SIP

SIP

SRTP1 û

SRTP

SRTP

Lync Edge

1

Lync Online Security

DEMO

• Lync Online users communications with Federated Partners are Encrypted

• Lync Online users communications with SKYPE are Encrypted

Lync Online Secure Federation

Firewall or proxy server Configuration for Lync Online

Port Protocol Direction Usage

443 STUN/TCP OutboundAudio, video, and application sharing sessions

443 PSOM/TLS Outbound Data sharing sessions

3478 STUN/UDP Outbound Audio and video sessions

5223 TCP OutboundLync Mobile push notifications

50000-50019 RTP/UDP Outbound Audio50020-50039 RTP/UDP Outbound Video

50040-50059 TCP OutboundApplication sharing and file transfer

Individual computers are automatically configured for Lync Online network traffic when Lync is installed.

TLS /HTTPS Outbound access connections to :

• *.microsoftonline.com

• *.microsoftonline-p.com

• *.onmicrosoft.com

• *.sharepoint.com

• *.outlook.com

• *.lync.com

• evsecure-ocsp.verisign.com

• evsecure-aia.verisign.com

• evsecure-crl.verisign.com

• PowerPoint, OneNote, Attachments , other files

• One Time or Recurring Meeting retained for 15 days

• Meet Now meetings retained for 8 hrs

Lync Online Meeting Content Retention

Additional Lync Online Reports

Active users who have logged on and participated in a peer to peer or conference session

Peer to peer audio/video minutes

Audio/video conference minutes

*For representative purposes only.

Shipped

Sep 2013

Lync Online Audio/Video QoE reports• Lync online currently does not offer reports

about QoE• We could address this on the following

updates • This will help rapid adoption of A/V

workloads

Lync Online Monitoring Reports

• Active users• CsAVConferenceTime*

reports• CsConference* reports• CsP2PAVTime* reports• CsP2PSession* reports

• Lync Online Reports helps to measure how customer users are adopting the services

• Plan for future use and Internet connections BW increment

• Statistics shows the customer the value of AV services

MyLync allows you to create a custom experience and network with the Lync Community both online and in person.With MyLync, you can:• Build your own personalized calendar while browsing all available sessions• View breakout session material including PPTs and Videos within

48 hours of each session• Participate in the Community and find people in your social networks

who are attending and interact with speakers• Arrange meetings or social activities• Navigate the Exhibit Hall floor plan and learn more about our Sponsors• Fill out evaluations to win prizes

Log into MyLync at http://mylync.lyncconf.comFor MyLync support, please visit the Registration Desk.*

* Please note that adding a session to your calendar does not reserve a seat. Seating is on a first-come, first-served basis.

HANDS-ON LABS

You can also access labs on MyLync!

3:00pm – 9:00pm10:30am – 9:00pm7:30am – 9:00pm8:00am –1:30pm

LOCATIONPinyon 3

Monday, February 17Tuesday, February 18Wednesday, February 19 Thursday, February 20

LRS

LOCATIONCopperleaf 12

Wednesday, February 198:30am – 9:45am10:15am – 11:30am1:00pm – 2:15pm2:45pm – 4:00pm4:30pm – 5:45pm

Thursday, February 209:00am – 10:15am10:45am – 12:15pm12:45pm – 2:00pm

THANKYOU!To our Lync MVPs

Lync Most Valuable Professionals (MVPs) are independent community leaders who share their passion, technical expertise and practical knowledge of Lync around the world.

They’re here at Lync Conference as speakers, proctors and experts. Please join us in saying THANK YOU!

ADAM ALEXIS BRIAN CHRISTOPHER CURTIS ELAN EVAN JACOB JAMES JEFF JOHAN JOHN JUSTIN

KENMARTIN MATT MICHAEL MICHAEL MIKE PETER RANDY RUBEN STÄLE TIM TOMKWOK

Fill out evaluations to win prizesFill out evaluations on MyLync or MyLync Mobile.Prizes awarded daily.

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.