Lync Server 2010 - Architecture - Microsoft Education Partner Network

enginestagΔίκτυα και Επικοινωνίες

26 Οκτ 2013 (πριν από 3 χρόνια και 10 μήνες)

252 εμφανίσεις

Microsoft
®

Lync


Server
2010:
Architecture

Speaker

Microsoft Corporation

Agenda


Unified Communications Roadmap


Topology related investments


Manageability enhancements


Virtualization


DNS load balancing


Authentication enhancements


Location Infrastructure


Cloud Integration


Q&A

Unified Communications Roadmap

Web Conferencing

Basic Voice

Video

Dial
-
In Conferencing

Advanced Call Features




Next Generation
Communications

Lync Server
2010
Product
Investments

Deliver the next generation communications system

Enterprise Voice

Platform
for
Business
Processes

Agenda


Unified Communications
Roadmap


Topology related investments


Manageability enhancements


Virtualization


DNS load balancing


Authentication enhancements


Location Infrastructure


Cloud Integration


Q&A

Central Management Store


Schematized definition of deployment topology


Configuration of Lync Server 2010 services and Policies managed
by central store

Example Service Representation

Service

depends on

depends on

installed on

Site A, AVConfServices, 1

Site A, User Services, 1

Site A, Meditation Server, 1

Site A, Pool A


Replication of policies/
configuration to all
topology nodes
(including Edge)


Validation tools help
prevent
misconfiguration

Survivable Branch Appliance (SBA)

A purpose
-
built appliance optimized to provide resilient multi
-
modal communication
for maximizing branch office user productivity. Solution re
-
architected for Registrar
to work when UserServices role is unavailable or unaccessible.

Data Center

Lync
Server

Pool

Edge

Server

SBA

Branch Office

Components

Functionality

Go
-
To

Market

Windows Server® 2008 R2

Mediation Server

Registrar

PSTN Gateway


Normal/Failover mode


SIP Registrar


SIP Proxy and Routing engine


PSTN connectivity


Voicemail routing


PSTN re
-
routing

Centrally provisioned

Up to 1000 user support

OEM (Embedded channel)

5


partners:


AudioCodes


HP


Dialogic


NET


Ferrari

WAN

PSTN

Topologies Simplified

Director

Archiving

Monitoring

Mediation

Front end

Back end

AV Conf

Edge

UM

SCOM

Group Chat

Standard
Edition

Enterprise
Edition

Deployment Model


Global Deployment is a collection of Sites


Sites are made of Pools


Pools host users & services (such as conferencing, Voice over Internet
Protocol (VoIP))


Pools

Data Center Sites

Global

Microsoft

Redmond

Tukwila
-
1

Tukwila
-
2

Dublin

Dublin
-
1

Central Site

Small or Trial Deploy

Single Data
Center

Multiple Data Centers

Branch Office Site


Smaller organizations not requiring resiliency can choose a
Standard Edition Server (SE),
a single server with all roles
consolidated on that server functioning


Organizations who need resiliency will choose an
Enterprise
Edition Pool (EE),

defining a pool of multiple servers comprised
of front end and back end roles


“Paired” Standard Edition
can offer failover between two SE
servers for lower cost and reduced functionality.


Additional Server roles required include Archiving, Director,
Edge and Monitoring


Branches without redundant WANs will purchase a
Survivable Branch Appliance
to handle voice resiliency
in the branch office


Branches with a redundant WAN connection, still require
basic
PSTN termination
with SIP Gateway.


Standard Edition Server
can be utilized for improved
Quality of Experience (QoE) in large, distant “branches”
(truly a Central Site) with lots of conferencing utilization.


Not all branches will require resiliency


for smaller
branches, use
Remote User Connectivity
over public
internet or 3G/4G network.

Typical
Use

Departmental deployment of
reduced criticality and scale

Enterprise deployments where multi
-
site high
-
availability is
not
a
requirement

Huge

deployments

of a
geographically dispersed
workforce

Central
Site

Central Site has a Standard
Edition Server

Single Central Site with an Enterprise
Edition Pool

Multiple Central Sites of
Enterprise Edition Pools

Branch
Office

Site

Branch Offices for Survivability
or PSTN interconnect

Branch Offices for Survivability or
Public Switched Telephone Network
(PSTN) interconnect

Branch will be combination of SE,
SBA and PSTN
-
only

Pool
-
level
Resiliency

Multi
-
site
Resiliency

Sites that do not host a pool

Sites which host a pool of either SE or EE

Deployment Options

Reference Topologies

Edge Server

HTTP reverse
proxy

Survivable Branch
Appliance

tiny.contoso.com

CA/DNS

Exchange UM Server

PSTN Gateway(s)

All Server
Roles

WAN

Small

< 5000 users

This example

5,000 users, 3 servers

1667 users/server

Small

Standard Edition central site

Branch through Edge

Small with Branches

250
-
5,000

Standard Edition central site

Single branch, with SBA

Small with Failover

Two Standard Editions
-

“Paired” Standard Edition to support inexpensive failover

Any

Central Site
Standard Edition

Branch A

PSTN

DNS Load
Balancing

Reference Topologies

Edge

Server Pool

HTTP reverse
proxy

Survivable Branch
Appliance

WAN

Single Datacenter

< 100,000 users

This example

20,000 users, HA, 14
servers, 1429 users/server

Central Site
Enterprise Edition

Branch A

contoso.com

CA/DNS

Exchange UM Server

PSTN Gateway(s)

retail.contoso.com

File Share

Director
Pool

AV Conferencing
Pool

Front End Pool

Monitoring

Pool

DNS Load
Balancing

Branch B

PSTN

PSTN Gateway

Single DC

Enterprise Edition, Single Data Center

Branch through Edge

DC with Branches

1,000


30,000

Enterprise Edition, Single Data Center

Two branches, one SBA, one PSTN Interconnect

Reference Topologies

Survivable Branch
Appliance

WAN

Central Site 1

-

Enterprise Edition

Branch A

Edge

Server Pool

HTTP reverse
proxy

contoso.com

CA/DNS

Exchange UM Server

NA.contoso.com

File Share

DNS Load
Balancing

Director Pool

AV Conferencing
Pool

PSTN

PSTN
Gateway

Edge

Server Pool

HTTP reverse
proxy

Monitoring and Archiving

Pool

Front End Pool

DNS Load
Balancing

Standard
Edition

SIP Trunking

Central Site 2

-

Enterprise Edition

EU.contoso.com

CA/DNS

File Share

AV Conferencing Pool

Front End Pool

DNS LB

PSTN Gateway(s)

Branch C

PSTN Gateway

“Branch” B

Global

Very Large

10,000+

Unlimited


Two Data
Centers
with EE


One

Central
Site with
an SE


Enterprise
Edition, >
Two Data
Centers


Standard
Editions


Some SBA


Some
PSTN


Survivable
Branch
Appliances


Branch
with
Standard
Edition

Global, Multi
-
Site

Unlimited

This example

Site 1: 18 servers

Site 2: 11 servers

2413 users/server

(central sites only)

Agenda


Unified Communications
Roadmap


Topology related investments


Manageability enhancements


Virtualization


DNS load balancing


Authentication enhancements


Location Infrastructure


Cloud Integration


Q&A

Manageability Enhancements


Lync Server 2010
Control Panel (CSCP)


Silverlight™ based administration console


Task
oriented and uses underlying PowerShell Infrastructure


Replaces
MMC


PowerShell


Complete access to all administrative tasks


Automation interface


Replaces Windows Management Instrumentation (WMI)


Role Based Access Control (RBAC)


Access controlled by security group membership


New delegation model: site
aware


Synthetic Transactions


powershell based framework that allows admins to
proactively identify faults in the system, and raise alerts in SCOM


Agenda


Unified Communications
Roadmap


Topology related investments


Manageability enhancements


Virtualization


DNS load balancing


Authentication enhancements


Location Infrastructure


Cloud Integration


Q&A

Virtualization


What’s supported?


Virtualization of specific Lync Server
2010 roles


SQL, Exchange, Active Directory® Domain Services (AD DS) virtualization (as per guidelines)


Hyper
-
V R2 (2008 not supported), VM Ware (per SVVP)


Client virtualization (except Audio/video
-

use IP phone)


Not Supported


Branch office/Gateway only/Mediation server + gateway


Standard Edition (single server deployed as “Datacenter” site)


Live migration of VMs via SCVMM (ongoing calls/sessions will be dropped)


Virtual Deployment


4 VMs


Front end, back end+ file store, A/V MCU, Edge


1 Physical machine


16 cores, 16 GB, 500 GB SAS drive, Dual NIC, Intel Xeon E7450
procs
.
Dedicated to Communications Server “14” only


Pilot no HLB or DNS LB. Production


Needs HLB.


Scale reduction (up to 50%) compared to non
-
virtualized

Agenda


Unified Communications
Roadmap


Topology related investments


Manageability enhancements


Virtualization


DNS load balancing


Authentication enhancements


Location Infrastructure


Cloud Integration


Q&A

DNS Load Balancing

DNS LB Goals


Simplify HLB Configuration


Reduce dependence on HLB


DNS LB supported for Internal Pool, Director Pool


All Server
-
Server and Client
-
Server SIP traffic


All Server
-
Server HTTP traffic


Media traffic


Support Draining of Applications


Improve Load balancing of server
-
server traffic (Ex: Access Edge


Director)


Eliminating HLB is not a goal


HLB still be required for Internal Pools


Client


Server HTTP & HTTP(s) traffic (ABS, DLX, LIS, etc.)


DCOM Traffic (Move User)


Will be fixed post
Beta

DNS LB Architecture/Design


DNS A Record for FQDN resolves to Multiple IPs


Failover: If connect to an IP fails, failover to the next IP
in the list


Load balance across multiple servers (Ex: SIP traffic
sent to multiple IPs)


Draining: If Server IP1 being drained (returns 503 with
special header), send all traffic to the next IP (IP2)


Honor DNS TTL except


If < 5 min, TTL = 5 min


If > 24 hours, TTL = 24 hours

Lync Server
2010 DNS
LB
-

DNS Configuration

OCS 2007 R2 HLB
-

DNS Configuration

DNS LB Sample Configuration

For a Lync Server
2010 Pool
ocspool1.contoso.com with 3 FEs: FE1, FE2, FE3

DNS FQDN

DNS A Record

IP

Web
VIP

Ocsweb1.contoso.com

172.24.32.150


Pool

ocspool1.contoso.com

172.24.32.151

Pool

ocspool1.contoso.com

172.24.32.152

Pool

ocspool1.contoso.com

172.24.32.153

FE

FE1.contoso.com

172.24.32.151

FE

FE2.contoso.com

172.24.32.152

FE

FE3.contoso.com

172.24.32.153

DNS FQDN

DNS A Record

IP

Pool
VIP

ocspool1.contoso.co
m

172.24.32.150

FE

FE1.contoso.com

172.24.32.151

FE

FE2.contoso.com

172.24.32.152

FE

FE3.contoso.com

172.24.32.153

Pool DNS A Entries

Machine DNS A Entries

Agenda


Unified Communications
Roadmap


Topology related investments


Manageability enhancements


Virtualization


DNS load balancing


Authentication enhancements


Location Infrastructure


Cloud Integration


Q&A

Lync Server
Certificate Authentication


Lync Server Cert
is used by
Microsoft Lync 2010 for
Branch Office
Resiliency


Infrastructure is shared with device PIN auth.



Lync 2010 presents
a PKI key pair to Lync Server 2010
for
signing.



Lync Server
2010 stores
the keys and gives
Lync 2010 a
signed copy.



Lync Server
2010 publishes
the certificate internally to FEs.



Certificates live on the order of months (3).


Lync Server Certificate Authentication

SIP Authentication (TLS
-
DSK): Step
1


WWW
-
Authenticate
: TLS
-
DSK realm="SIP Communications Service",



targetname
="OCSDIR01.contoso.com
", version=4,


sts
-
uri
="https://wp1.contoso.com/
CertProv
/
CertProvisioningService.svc
"


Lync Server
2010
FE / Director


Get Certificate Service MEX Document






Lync Server Certificate Authentication

SIP Authentication (TLS
-
DSK): Step 2


Lync Server
2010
FE / Director

Lync Server
2010
Certificate WS

Lync Server
2010
Web
-
Ticket WS


Certificate service requires an existing certificate or a
Web
-
ticket
to authenticate the
user


Contains Web
-
Ticket service URL

Lync Server Certificate Authentication

SIP Authentication (TLS
-
DSK): Step 3


Lync 2010 authenticates
user with NTLM/Kerberos

Lync Server
2010
FE / Director

Lync Server
2010
Certificate WS

Lync Server
2010
Web
-
Ticket WS



Certificate Signing Request




Lync Server 2010 Signed
Certificate



Lync Server Certificate Authentication

SIP Authentication (TLS
-
DSK): Step
4


Lync 2010 authenticates
with Web Ticket


Lync 2010 provides
PKI key pair for user


Certificate service publishes cert to FEs, replicates to BOAs, etc.

Lync Server
2010
FE / Director

Lync Server
2010
Certificate WS

Lync Server
2010
Web
-
Ticket WS

Lync Server Certificate Authentication

SIP Authentication (TLS
-
DSK): Step
5

If
Lync 2010 has
no cert, it tries NTLM/
Kerb

first


Speeds
up sign
-
in
process


Web
service requests could time out during
outage

NOTE
:

Lync 2010 remembers
a cert was requested during
registration


After sign
-
in completes, a certificate will be fetched for the next logon session


Lync Server
2010
FE / Director

PIN
Authentication


Allow PIN based sign on for
devices


Lync Server 2010 signed
certificates to access
Lync
Server 2010 Web services


User certificate to access
EWS


Unify PIN for devices and
CAA


PIN Management portal in
Lync
Server 2010 along
with
appropriate notifications


EXTERNAL

NETWORK

AUTH
(SIP URI,
Cert)

Lync User Services

Lync Registrar

200 OK

5. TLS to Lync
Registrar FQDN

6. REGISTER (SIP URI)
Supported; Cert

SIP 401ww
-
authenticate: Cert

7. REGISTER (SIP URI)
Authorization: Cert, Cert
Param

INTERNAL

NETWORK


ONLY

DHCP Server/
Lync Registrar

1a. DHCP Option
43 & 120

1b. Lync Cert WS URL &
Lync Registrar FQDN

INTERNAL

NETWORK

ONLY

Lync Cert Provisioning
Web Service

2a. Http: Get Cert Chain

2b. Http: Download Cert Chain

3a. Https: Resolve User (Ext/Phone #, Pin)

3b. Https: SIP URI

4a. Https: Get and Publish Cert (SIP URI,
Pin, CSR)

4b. Https: Lync Signed Cert

Agenda


Unified Communications
Roadmap


Topology related investments


Manageability enhancements


Virtualization


DNS load balancing


Authentication enhancements


Location Infrastructure


Cloud
Integration

Location Infrastructure


Base requirement


provide location with emergency calls
(North American), while ensuring that the solution
addresses the roaming nature of communicator clients


Added a Location Information Service that is part of the
Frontend role


Flexibility in enablement options


user/location


Architecture allows integration with existing LIS systems



Unified Communications
Roadmap


Topology related investments


Manageability enhancements


Virtualization


DNS load balancing


Authentication enhancements


Location Infrastructure


Cloud
Integration

Agenda

Cloud Integration

Connected business and optimized IT


Consistent user
experience across
delivery options


Common architecture
and data model across
deployments


Flexibility in
deployment


meets
your complex needs


Adaptability in
deployment


enables
changes at any time

Hosted Service

Rapid scalability


Advanced manageability


On
-
Premises


Control and ownership


Customization

Key Takeaways

You should now have a better understanding of the key architectural
changes in
Lync Server 2010 and
the benefits of the engineering
investments:


Simplified Topologies


fewer number of servers with more functionality


Understand how TCO is lowered by offering a simplified deployment and
administration experience


Improved support
for Virtualized environments


Great monitoring capabilities to allow for proactive problem detection


Seamless Integration with Cloud infrastructure allowing more choices of
deployment across the different
workloads

Learn More


View Related Unified Communications (UNC) Content at
TechEd

Online


Visit
microsoft.com/
communicationsserver

for more
Lync Server 2010
product
information


Find additional
Lync Server 2010
content in the
Technical Library
, weekly
technical articles at
NextHop
, and follow
DrRez

on Twitter


Check out Microsoft TechNet resources for
Lync Server

and
Exchange Server


Visit additional Exchange 2010 IT Professional
-
focused content:
Partner Link

or
Customer Link

(Name:
ExPro

Pword
:
EHLO!world
)


Try it out!


Exchange 2010 SP1 Beta download

is now available from the download center

Resources

www.microsoft.com/teched

www.microsoft.com/learning


http://microsoft.com/technet


http://microsoft.com/msdn


Learning

©
2010 Microsoft
Corporation. All rights reserved. Microsoft,
Lync, and
other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the
dat
e of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accu
rac
y of any information provided after the date of this presentation.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.