Category Archives: Lync Server 2010

Microsoft Surface vs Apple iPad

Microsoft drew the curtain up on their newest project called Surface, which is a tablet computer.  So naturally, a lot of people in the industry and consumers alike are trying to compare it to the iPad.  I wanted to take a few minutes to downplay this and try to explain a few facts on why I believe these two products are very different and can not be compared.

1.  Surface primary target is the corporate user.  Yes, the corporate user is now going to get a mobile device that will cater to their professional needs.  This is a very nobel approach Microsoft is taking because they finally listened to their customers when they stated these claims.  For the normal corporate user to a powerful executive, the only true way to be mobile and be connected is either from a mobile device such as a smartphone or from a laptop either big or small.  Nothing in the market is offered inbetween.  Andriod offers a tablet called Galaxy but it has no extensions reaching out to the Microsoft stack, and Apple has the iPad which also does not only do the Microsoft stack but it does little to no good connecting a normal or high end user back to their corporate world other than email or web browsing.  BlackBerry has a tablet as well as the Amazon Kindle, but they both favor their own software and product needs, thus not addressing the corporate user in any way or fashion.  But with Surface, this will be the first tablet engineered to target the corporate user.  Sure the normal consumer can use it an I am sure kids can as well,  but they are not the target. Who is?  If you have a Windows computer as your primary desktop/laptop an you carry around an iPad, then you are the target.

2.  Windows App store.  This is going to be the challenge for Microsoft.  How can they compare to Apple’s app store?  Honestly, it can’t.  Apple’s app store has millions and millions of apps for sale an download.  The Kindle has the Amazon app store as well as millions of ebooks.  Google has an app store for their tablet customers which is building very fast.  Microsoft has an app store that is so young and fresh that a lot of users may not even know it is there.  But Microsoft needs is to convince their 3rd party partners and developers to help build applications so the app store can be big enough to attract an keep customers attached to the Surface just as much as they would any other smart phone or mobile device.

3.  Generating more reasons to move to Windows 8.  Microsoft is rolling out Windows 8 later this year.  What better to attract users to the new operating system by giving them a new way to compute on a new device using Windows 8.  Users will be able to harness an experiance the benefits of Windows 8 on Surface probably before their own desktop gets upgraded.  But that is part of the focus here.  This method works.  Apple has been doing it for years with iOS.  I know iOS and OSX are not the same, but the push to keep users drawn to them comes when Apple makes major operating system releases.  And this method works well.  I am sure Microsoft is going to try it, or else we would of seen Surface pre-loaded with Win7 a year ago.

Keep in mind, Microsoft is tapping into the tablet market in a very creative way.  They are not going to go “heads up” against Apple and challenge the iPad, that would be suicide.  But what they are trying to do is help their already Windows users not only embrace Windows 8, but help them work more seamless using Windows 8 on their desktop and Surface tablet.  It is a huge gamble, Microsoft has already tried to jump into the MP3 player world with Zune, and we all know how that went.  But with this tablet, it is different, it is very ambitious, and in the end may proove to be very succesful.  So in conclusion, in no way do I see that these two products can be compared.  They both have areas where one does what the other one does not do and vice versa.  I would say, by the time the Surface is released, and Windows 8 is released, it will be very clear just how different the iPad and Surface are.

At least Roy and Moss like it 🙂

Lync Server 2010 Pre-Install

Sometimes I am asked on what steps an IT admin should do or consider before throwing in the disc and attempting to install Lync Server 2010.  There are more than a few considerations that need to be addressed before the install occurs.  Here are a few that I have noted; and of course why not blog about it.

Taking notes

Taking notes like a boss

First, some questions should be asked and answered.  Based on the answers the next steps will reveal themselves.  Now, by any means, this is no different on how you should approach other Microsoft technology installations.  But it should not be taken lightly, and by this I mean you should not think you can just throw the disc in and install.  If you do, prepare for a onslaught of errors coming your way during the install and most certainly after.

nobody likes errors

Here are some questions that should be asked:

1.  How many users in the domain/forest I wish to install Lync into?  This answer is key to determining how to size your database, and how many server roles you should install, thus how many licenses you should purchase both server and client.

2.  Does the Domain have a SQL 2008 backend?  If yes, can I make Lync it’s own instance or will the DB admin be okay with Lync’s databases being installed into the default path?  The install will create 6 databases.  Again, your answer will determine if you need to buy more SQL licenses or not, and if you do not have SQL 2008 running, then a decision must be made to either purchase and install SQL 2008 or just run the local instance of SQL in Lync Standard edition.

3.  Do you wish to have external access to Lync or just internal?  Your answer here will factor in your design and if you should include an Lync Edge server.  If so then add this to your licensees because it will require one.

4.  What naming convention do you wish to use for all the host names for Lync?  By taking some time out to figure out your Lync server naming convention will come in handy during the install.  And I am not talking about the names of the server, but the names of the hosts for Lync.  You will have one for SIP, A/V service, Web Conferencing, Lync Pool, and Edge Pool as well.  These host names will require DNS entries for host files and service records.  More on this later.

5.  Do you have a certificate authoritative within your domain or do you need to purchase one from a public CA?  Your domain should have a certificate authoritative.  If it does then you can request a certificate from it once you reach this part of the install.  If you do not, you can always use a trusted public one.  Most places have a CA already either via public or internally.  Just use the sites standard CA and this will get you to complete this step successfully.

If you can answer these questions, then you are starting off on the right foot.  What comes next?  Well based on your answers there will be some very clear steps on what to do next.  I will cover those in my next post.  Keep in mind, these next few posts are only written to point out some key findings before you actually click the install button for Lync Server 2010.  You can most certainly will “kick” those errors before creating them.

forgifs.com

Benefits of using Lync 2010

Being in the position I am in at my current job, I have had the time and most certainly the motivation along with management approval to deploy Lync 2010 for presence and conferencing. But before I received the approval, I was asked by management and a few select others the same question “Andy, what is Lync?” It is a valid question, and after trying to explain some of the obvious points that Lync can give you, I compiled a document that gives some of the benefits of Lync from a client perspective, and a server perspective. So why not make for a good post, right?

Image

What is Lync?

Microsoft Lync is a single, unified communications platform that integrates seamlessly with Microsoft Office® and other existing tools and systems, and can enhance or replace your existing IP PBX system. This can lead to improved productivity, increased mobility, and faster responses for customers, partners, and employees. Other benefits may include smoother deployment, easier management, and lower cost of ownership.

Lync Info

Does the Lync client work with Office 2010?

Lync client has a 32bit and a 64bit version for Mac and Windows. Lync for windows comes with a few more benefits than the version for Mac but thus does not make it superior by any means. Both versions have the ability to use all the features and benefits that Lync has to offer to your organization.

Can we use Lync to instant message to my other non work related contacts?

Since Lync works over the internet, Lync has the ability to federate with public servers to enable Public IM Connectivity. Public IM Connectivity allows Lync to connect with public IM service providers such as Microsoft Windows Live, AOL, and Yahoo messenger. Lync users from one organization can add users at another to contact lists, send them instant messages, and see their presence information.

Can we use Lync with our mobile devices?

Yes, Lync makes communicating easier and more engaging by delivering a consistent experience across computers, browsers, telephones and mobile phones. Windows Phone, Apple iPad and iPhone, Google Android phones and other such devices such as Nokia and BlackBerry all have the Lync 2010 client mobility client that gives the user full ability to do all they can do from their desktop Lync client.

This posting does not show all the benefits that Lync can do, but just some of the ones i get asked about usually. I just wanted to post to share with my small but yet vocal followers.

on a side note, good luck to the Thunder and Spurs in the west finals.  lets just hope someone high fives this dude when he shoots his free throws.

forgifs.com

Lync 2010 Network Port Requirements and Summaries

While doing my last buildout of Lync 2010, I included some information showing all the port requirements along with a quick summary for the network team to have all the information they would need to assist in the build.  I thought I should post it here.


Port Requirements

Server Role Enabled Ports DNS LB HLB
A/V Conferencing

Server

5063/TCP used for AV conferencing No No
57501-65335/TCP/UDP – Used for media port range No No
Edge Server 3478/UDP (internal and external interfaces) for STUN/UDP inbound and outbound media communications Yes No
443/TCP (external interface) for SIP/TLS communications for external users accessing internal Web conferences, and STUN/TCP inbound and outbound media communications for accessing internal media and A/V sessions Yes No
4443/TCP used to push configuration data from the Central Management Server to the Edge Server. This port must be opened on every individual Edge Server, not on the load balancer. No No
5061/TCP (internal and external interface) for SIP/MTLS communication for remote user access or federation Yes No
5062/TCP (internal interface) for SIP/MTLS authentication of instant messaging communications flowing outbound through the internal firewall Yes No
8057/TCP (internal interface) for PSOM/MTLS communications from the Web Conferencing Server on the internal interface of the Web Conferencing Server No No
50,000-59,999/RTP/TCP used for inbound and outbound media transfer through the external firewall No No
Director 5060/5061/TCP/MTLS for all internal communication Yes No
Enterprise Edition Server 80/TCP for traffic from the front-end servers to the Web farm FQDNs Yes Yes
135/DCOM/RPC used for DCOM based operations such as Moving Users, User Replicator Synchronization, and Address Book Synchronization Yes Yes
443/TCP for HTTPS traffic from the front-end servers to the Web farm FQDNs Yes Yes
444/TCP for HTTPS traffic between the focus and the conferencing servers Yes No
445/TCP used for replication from central management server to Microsoft Lync Servers No No
448/TCP used for Lync Server Bandwidth Policy Service Yes No
5060/5061/TCP/MTLS for all internal communication Yes No
5062-5065 for IM conferencing, A/V conferencing, telephony conferencing, and application sharing No No
5066/TCP – for outbound E.911 gateway No No
5067/TCP/TLS used for incoming SIP requests from PSTN gateway Yes No
5068/TCP used for incoming SIP requests from the PSTN gateway Yes No
5069/TCP – for QoE Agent on the front end server Yes No
5070/TCP used for listening for SIP traffic for mediation service Yes No
5071-5074 for Response Group, Conferencing Attendant, Conferencing Announcement Yes No
5075/TCP used for incoming SIP requests for the Call Park Service Yes No
5076/TCP used for incoming SIP requests for the Audio Test service Yes No
5080/TCP used for Lync Server Bandwidth Policy Service Yes No
8057/TLS to listen to PSOM connections from Live Meeting No No
8080/TCP used for external IIS for Address Book Server and sharing slides Yes Yes
8404 for internal server communications (remoting over MTLS) for Response Group No No
49152-57500/TCP/UDP for media requests for audio conferencing on all internal servers. Used by all servers that terminate audio. No No
49152-65335/TCP – Used for application sharing port range No No
57501-65335/TCP/UDP – Used for media port range No No
Monitoring Server 135 for MSMQ No No
Reverse Proxy 80/TCP used for connection from ISA to internal Web Services No No
8080/TCP used for external IIS for Address Book Server and sharing slides No No
443/TCP used for listening on the external interface for incoming requests from external users for Web components information, and file downloads, distribution expansion as well as Address Book information. No No
4443/TCP used by Reverse Proxy for distribution group expansion No No
Component Port Protocol Notes
Clients 67/68 DHCP Used by Lync Server 2010 to find the Registrar FQDN (that is, if DNS SRV fails and manual settings are not configured).
Clients

443

TCP (TLS) Used for client-to-server SIP traffic for external user access.
Clients

443

TCP (PSOM/TLS) Used for external user access to web conferencing sessions.
Clients

443

TCP (STUN/MSTURN) Used for external user access to A/V sessions and media (TCP)
Clients

3478

UDP (STUN/MSTURN) Used for external user access to A/V sessions and media (TCP)
Clients

5061

TCP (MTLS) Used for client-to-server SIP traffic for external user access.
Clients 1024-65535 TCP/UDP Audio port range (minimum of 20 ports required)
Clients 1024-65535 TCP/UDP Video port range (minimum of 20 ports required).
Clients 1024-65535 TCP Peer-to-peer file transfer (for conferencing file transfer, clients use PSOM).
Clients 1024-65535 TCP Application sharing.

 
 

Andy Quiroz on Twitter Counter

Lync 2010 & Active Directory Schema Changes and Object additions summary

Lync Server 2010 requires several new classes and attributes and modifies some existing classes and attributes. In addition, much configuration information for Lync Server 2010 is stored in the Central Management store instead of in AD DS as in previous versions. The following information is still stored in AD DS in Lync Server 2010:

  • Schema extensions:
    • User object extensions
    • Extensions for Office Communications Server 2007 and Office Communications Server 2007 R2 classes to maintain backward compatibility with supported previous versions
  • Data(stored in Lync Server extended schema and in existing schema classes):
    • User SIP Uniform Resource Identifier (URI) and other user settings
    • Contact objects for applications such as Response Group and Conferencing Attendant
    • A pointer to the Central Management store
    • Kerberos Authentication Account (an optional computer object)

Classes Added by Lync Server 2010

Class Description
msRTCSIP-ConnectionPoint Generic service connection point (SCP) to specify the computer as a server running Lync Server.
msRTCSIP-GlobalTopologySetting The global topology setting object.
msRTCSIP-GlobalTopologySettings Container to hold global topology setting objects.

 

Attributes Added by Lync Server 2010

Attribute Description
msRTCSIP-AcpInfo This attribute stores user audio conferencing provider information.
msRTCSIP-DeploymentLocator This attribute is used in a split domain topology and contains a fully qualified domain name (FQDN).
msRTCSIP-GroupingID This attribute is a unique identifier of a group, used to group address book entries.
msRTCSIP-OwnerUrn This attribute is the Uniform Resource Name (URN) of the owner for the application contact.
msRTCSIP-PrivateLine This attribute contains the device ID of a private line device.
msRTCSIP-TargetUserPolicies This attribute stores name value pairs for target policies for a Lync Server user.
msRTCSIP-TenantId This attribute stores the unique identifier of the tenant. This identifier should be unique across all tenants.
msRTCSIP-UserPolicies This attribute stores name value pairs for user policies.
msExchUCVoiceMailSettings This multi-valued attribute holds voice mail settings. This attribute is shared with Exchange Unified Messaging (UM).

 

Classes Modified by Lync Server 2010

Class Change Class or Attribute
Organizational-Unit add: mayContain msRTCSIP-TenantId
User add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

msRTCSIP-AcpInfo

msRTCSIP-GroupingID

msRTCSIP-OwnerUrn

msRTCSIP-TargetUserPolicies

msRTCSIP-TenantId

msRTCSIP-UserPolicies

msRTCSIP-DeploymentLocator

msRTCSIP-PrivateLine

Contact add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

add: mayContain

msRTCSIP-AcpInfo

msRTCSIP-GroupingID

msRTCSIP-OwnerUrn

msRTCSIP-TargetUserPolicies

msRTCSIP-TenantId

msRTCSIP-UserPolicies

msRTCSIP-DeploymentLocator

msRTCSIP-PrivateLine

Group add: mayContain

add: mayContain

msRTCSIP-GroupingID

msRTCSIP-TenantId

msRTCSIP-GlobalTopologySetting add: mayContain

add: mayContain

add: mayContain

msRTCSIP-BackEndServer

msRTCSIP-ExtensionData

msRTCSIP-ServerVersion

Mail-Recipient* add: mayContain msExchUCVoiceMailSettings

 

Objects created during install of Lync Server 2010                                                      

Service groups:

  • RTCHSUniversalServices – includes service accounts used to run Front End Server and allows servers read/write access to Lync Server global settings and Active Directory user objects.
  • RTCComponentUniversalServices – includes service accounts used to run A/V Conferencing Servers, Web Services, Mediation Server, Archiving Server, and Monitoring Server.
  • RTCProxyUniversalServices – includes service accounts used to run Lync Server Edge Servers.

 

Administration groups:

  • RTCUniversalServerAdmins – allows members to manage server and pool settings.
  • RTCUniversalUserAdmins – allows members to manage user settings and move users from one server or pool to another.
  • RTCUniversalReadOnlyAdmins – allows members to read server, pool, and user settings.

 

Infrastructure groups:

  • RTCUniversalGlobalWriteGroup – grants write access to global setting objects for Lync Server.
  • RTCUniversalGlobalReadOnlyGroup – grants read-only access to global setting objects for Lync Server.
  • RTCUniversalUserReadOnlyGroup – grants read-only access to Lync Server user settings.
  • RTCUniversalServerReadOnlyGroup – grants read-only access to Lync Server settings. This group does not have access to pool level settings, only to settings specific to an individual server.

Forest preparation then adds service and administration groups to the appropriate infrastructure groups, as follows:

  • RTCUniversalServerAdmins is added to RTCUniversalGlobalReadOnlyGroup, RTCUniversalGlobalWriteGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.
  • RTCUniversalUserAdmins is added as a member of RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.
  • RTCHSUniversalServices, RTCComponentUniversalServices and RTCUniversalReadOnlyAdmins are added as members of RTCUniversalGlobalReadOnlyGroup, RTCUniversalServerReadOnlyGroup, and RTCUniversalUserReadOnlyGroup.

Forest preparation also creates the following role-based access control (RBAC) groups:

  • CSAdministrator
  • CSArchivingAdministrator
  • CSBranchOfficeTechnician
  • CSHelpDesk
  • CSLocationAdministrator
  • CSResponseGroupAdministrator
  • CSServerAdministrator
  • CSUserAdministrator
  • CSViewOnlyAdministrator
  • CSVoiceAdministrator