Export (0) Print
Expand All
6 out of 8 rated this helpful - Rate this topic

Deploying Lync Server 2010  

How Microsoft IT Empowers Workers to Collaborate Anytime and Anywhere on Their Own Terms

Technical White Paper

Published: December 2011

Download

Download Technical White Paper, 1.5 MB, Microsoft Word file

Situation

Solution

Benefits

Products & Technologies

Microsoft users rely on real-time collaboration tools to communicate with team members. Microsoft IT saw an opportunity to improve the communication capabilities by helping workers to connect and collaborate with a better user experience that Lync Server 2010 provides.

Microsoft IT migrated to Lync Server 2010 to enable users to collaborate in real time, improve its communications infrastructure, and converge traditional TDM services.

  • Reduce costs through converged communications.
  • Drive adoptions through ease of use and Microsoft Office.
  • Ease deployment and migration through interoperability and extensibility.
  • Lync Server 2010
  • SQL Server 2008 R2
  • Windows Server 2008 R2
  • Active Directory
  • Office Communication Server 2007 R2
  • Enterprise Voice

Executive Summary

Microsoft workers participate in a culture where connected groups operate across departmental and geographic boundaries to create products and solutions for customers. This collaborative approach often requires forming virtual teams that include people in many locations that work together on common projects. Microsoft IT makes it possible for teams to collaborate anywhere and anytime on their own terms by using a suite of real-time collaboration tools through Lync Server 2010 that include instant messaging (IM), voice and video conferencing, Enterprise Voice, and Web collaboration.

Lync Server 2010 enables workers at Microsoft to move beyond mere communication and to form connections with others. To take advantage of the efficiency and productivity gains of the latest real-time collaboration tools, Microsoft IT migrated from Office Communication Server 2007 R2 to Lync Server 2010. Lync Server 2010 also provides administration and system management improvements, such as role-based access control, a tool for managing Lync infrastructure components, and a configuration management store that serves as a central data repository to define, administer, and operate a Lync Server 2010 infrastructure.

When migrating to Lync Server 2010, Microsoft IT followed a best-practices-based approach to consider the design requirements, plan for deployment, verify configurations, and then deploy gradually in phases. This approach minimized user impact while validating configurations before migrating users to the production environment. The key deployment considerations included the following:

  • Provide access for each type of user in a secure-by-design way by taking advantage of the roles included in Lync Server 2010.

  • Leverage the existing network infrastructure and roll out new clients with a support system that makes it possible to make adjustments during migration to ensure high user satisfaction.

  • Build infrastructure that accommodates anticipated growth and scaling requirements, as well as operational and support needs.

  • Support coexistence with Office Communication Server 2007 R2 until all dependencies are migrated to the Lync Server 2010 production environment.

This technical white paper covers the details of how Microsoft IT deployed Lync Server 2010. It assumes that you are already familiar with the basic concepts of messaging, telephony, and TCP/IP networking. This paper provides IT Pros and Lync Server 2010 implementers with guidance for deploying and migrating to Lync Server 2010. For more information about Lync Server 2010, see http://technet.microsoft.com/en-us/library/gg398616.aspx

Note: For security reasons, the sample names of forests, domains, internal resources, organizations, and internally developed security file names used in this paper do not represent real resource names used within Microsoft and are for illustration purposes only.

Lync Server 2010 Unified Communications Overview

The unified communications story at Microsoft goes back to the early 2000s when the increase of available network bandwidth and improvements in processor and hardware technology made it possible to realize the promise of unified communications. This promise consisted of the idea that technology could help people form connections in real-time using voice, video, and text. Since this time, Microsoft has invested heavily in unified communication technologies in order to realize this promise within the enterprise. Microsoft is able to deliver on real-time collaboration solutions through Lync Server 2010 desktop and Web-based software clients, which provide the full spectrum of real-time collaboration services. Exchange Server 2010 and SharePoint Server 2010 complete the unified communication infrastructure to deliver additional collaboration capabilities for e-mail and document sharing.

Opportunities

In addition to the real-time collaboration offerings in Lync Server 2010 Microsoft continues to invest in opportunities across the business landscape such as the following:

  • For IT Optimize Lync 2010 deployments by taking advantage of PowerShell automation, media bypass, and load balancing simplification.

  • For users By consolidating Live Meeting and Communicator clients into a single client, Microsoft provides a more seamless end-user experience, reduces training and deployment costs, and offers improved  controls in audio and web collaboration scenarios such as dual-tone multi-frequency (DTMF) conferencing controls, whiteboards, and polling.

  • For developers Ability to take advantage of enhanced application programming interface (API) capabilities and the creation of custom applications that extend the value of Lync to a broader set of applications.

Delivery

Microsoft IT worked closely with the Lync Server product group as well as Microsoft Online Services (BOSD) during the development of the new product to engineer and validate Lync Server 2010 features and capabilities. Microsoft IT validates pre-release software in a test environment using a small population of users at first, and then deploys major releases to all users worldwide.

One way that Microsoft IT accomplishes service reliability is by componentizing the architecture and design according to security boundaries and server roles. For example, Microsoft IT places Lync Server 2010 roles according to security boundaries either inside the corporate network or in a perimeter network used for hosting or communicating with Internet hosts, as shown in Figure 1.

Figure 1. Communication Infrastructure

Figure 1. Communication Infrastructure

The Microsoft Lync 2010 infrastructure includes the following server roles:

  • Front-end Microsoft IT uses pools of front-end servers to provide core user features and the communication logic for Lync Server 2010. These features include user authentication and registration, and presence functionality.

  • Back-end Lync Server 2010 utilizes SQL Server 2008 R2 for the back-end database functionality. Microsoft IT deployed back-end servers and databases to store information such as contacts, presence status, conference state, and scheduling data.

  • A/V conferencing This role provides A/V conferencing and Web collaboration functionality.

  • Edge Edge servers provide remote connectivity for employees, federated partners, and public IM connectivity providers.

  • Mediation Microsoft IT uses Mediation servers to implement Enterprise Voice and audio conferencing. Mediation servers have been moved to coexist with the Lync server environment in the datacenter. 

  • Monitoring Monitoring servers provide the necessary functionality to collect data related to Lync interactions, including call detail record (CDR) and Quality of Experience (QoE) data.

  • Director Microsoft IT uses directors to manage high amounts of internal and external user authentication requests.

  • Archiving This role provides archiving capability of communication content such as instant messaging, uploaded conference content, and event-related content.

Lync Server 2010 Benefits

Lync Server 2010 offers Microsoft IT an opportunity to streamline its infrastructure, increase interoperability, and reduce administrative overhead.

Reduce Costs through Converged Communications

Microsoft IT saves money with Lync Server 2010 by uniting disparate systems and offering a mature unified communications service. In conducting a business analysis (that you can read at http://technet.microsoft.com/en-us/library/cc982178.aspx), Microsoft IT made the following discoveries about the cost savings realized by deploying Lync Server 2010:

  • Reduced travel costs of $92 million by reducing the need for 45,600 trips per year.

  • $8 million saved in audio-conferencing costs per year by using Lync audio conferencing.

  • Administrative overhead associated with office moves and voice infrastructure management reduced by over one million USD annually.

In addition, the savings that are more difficult to quantify include increased team productivity due to less travel, faster issue resolution, and faster project completion.

Drive Adoption through Ease of Use and Microsoft Office Integration

Office applications integrate with Lync in a consistent way to provide the same features and capabilities across multiple applications. Users experience the same presence, contact card, and click-to-communicate experience throughout Lync, Outlook, SharePoint, Word, Excel and PowerPoint. The contact card shows details about presence, location, status, and communication options across applications to provide an intuitive and predictable user experience. The Lync 2010 client extends the capability of Office applications to enable application sharing, and shows presence information for document owners and those who have updated or changed a document to provide an easy method for collaborating on documents.

Extend Lync to Custom Applications

Lync 2010 includes server and client side features that increase Microsoft IT's ability to make conversations contextual, and extend communications into everyday business processes. For example, one way that Microsoft IT uses Lync 2010 is the Ask an Expert application. This is a custom application in which workers sign up to be an expert in a specific body of knowledge to support others within the company to answer questions and collaborate on projects. People with questions can locate the category for their question, and the Ask an Expert application sends out an IM message of the question to all available relevant experts. The first person to respond to the question may interface directly with the person asking the question to enable a real-time contextual conversation. In previous solutions, a person with a query would send it out to an e-mail distribution list, and often multiple people would respond, resulting in a duplication of effort.

Lync 2010 APIs make the development of rich applications possible due to the following client and server extensions:

  • Client—Lync 2010 Managed API This .NET API gives custom applications access to all Lync capabilities, including contextual conversations, support for a controls class library for creating Windows Presentation Foundation (WPF) applications, Silverlight, and drag-and-drop feature integration. It supports the Lync user interface (UI) and enables developers to extend it for custom line-of-business applications.

  • Server—UCMA 4.0 For custom development, Microsoft IT relies on a robust, extensible, and scalable multi-layer managed API based on .NET.

To help industry participants who develop VoIP devices, IP-PBXs, and PSTN gateways, Microsoft formed a non-profit vendor alliance named Unified Communications Open Interoperability Program. This program aims to increase user adoption and industry involvement by enabling interoperability of unified communication scenarios based on existing standards. It is open to all unified communication hardware and software vendors, service providers and network operators. For more information, see http://technet.microsoft.com/en-us/lync/gg131938.aspx.

Lync Server 2010 Infrastructure

Lync Server 2010 relies on an updated architecture that places much of the server configuration and other vital data within the Lync configuration database and not in Active Directory. The Lync product group provides Microsoft IT with sizing recommendations and capacity planning guidelines (found at http://technet.microsoft.com/en-us/library/gg399017.aspx), which Microsoft IT uses as a starting point in designing the Lync infrastructure.

Out of the design considerations and dependencies involved in planning for Lync Server 2010, the following were especially important for Microsoft IT:

  • Relating user load to server sizing and distribution An important consideration for any application is the number of users, and the server load that user behaviors generate. This consideration is relevant for common sizing aspects such as processor speed, disk capacity and disk throughput, as well as pool sizing, distribution of servers based on user location, and the number of devices and connections per user.

  • Ensuring features function as expected Lync Server 2010 relies on many server roles to deliver its key features. In planning for these features, Microsoft IT worked with its core engineering team to consider each feature and its dependencies, satisfying the dependencies, and verifying that each feature works per specification.

  • Maintaining high levels of security Microsoft IT deployed Edge server roles in Lync to enable its users to connect to federated partners and public-IM-connected users.

Topology and Geographic Distribution

With Lync Server 2010, Microsoft IT distributed eight Lync server pools among four data centers to accommodate users worldwide. The deployment consisted of new servers for each pool, and the existing Office Communication Server 2007 R2 infrastructure remained in place until all users and services were migrated to Lync Server 2010.

The goal of the Microsoft IT deployment design was to create a highly available infrastructure that could scale up to accommodate additional users in each region.  Regional Lync pool distribution ensures better audio quality experiences for Microsoft's user base. Figure 2 shows the topology and geographic distribution, including the configuration used in the Americas region to support business continuity and disaster recovery. The Dublin and Singapore data centers accommodate the remaining users throughout the rest of world. Each data center deployment consists of two identical pools and users are evenly distributed based on user load (number of users, devices, and conferencing load)

. Figure 2 Topology and server distribution

Figure 2 Topology and server distribution

Table 1 shows the server counts for each data center. The configuration for disaster recovery in the Americas region consists of two identical pools running in an active/active configuration where each pool can handle 100 percent of the expected traffic in case an event requires one data center to handle the entire load for the Americas region. Additional capacity is included in the design for increases in user population and new services such as Lync Mobile.

Table 1. Server distribution

Role

Americas1

Americas2

Singapore

Dublin

Director pool

4

4

2

2

Edge pool

4

4

2

2

Front-end pool 1

4

4

3

3

Front-end pool 2

4

4

3

3

Mediation pool

3

3

2

2

Audio/Video pool

4

4

2

2

Monitoring and Archiving

1

1

0

0

SQL back-end

2

2

2

2

Mediation servers

3

3

0

0

File server for content storage

1

1

1

1

As Table 1 suggests, the data centers accommodate different user loads.

  • Edge and Director pools Americas1 and Americas2 are the only data centers that handles federation for external users. The other data centers support remote access only.

  • Mediation servers for Enterprise Voice Each data center has a dedicated pool of Mediation servers.

  • User load Americas1 and Americas2 include an additional front-end server in each front-end pool to handle an increased number of users.

Server Configuration

Microsoft IT designed the server specifications to include two standardized server types: one design for back-end servers with the required capacity and disk throughput, and one design for all other server roles that provide balanced performance in terms of processing capability, memory, and disks. As a starting point, Microsoft IT used the product group recommendations found at http://technet.microsoft.com/en-us/library/gg398835.aspx.

While the product group in collaboration with Microsoft IT provides capacity and scalability guidance for server requirements (such as the ones found at http://technet.microsoft.com/en-us/library/gg398811.aspx), the initial starting point was simpler. Because Microsoft IT ran Office Communication Server 2007 R2 in the corporate production environment, it was relatively straightforward to project Lync Server 2010 server requirements using previous designs as a starting point. To support Lync Mobile, Microsoft IT upgraded RAM in front-end servers from 32 GB to 48 GB. Table 2 shows the configuration for front-end servers.

Table 2. Front-end server details

Component

Specification

CPU

2 quad core Xeon L5520, 2.26 Ghz

RAM

48 GB

Disk

SAS, 4x300 GB RAID10 (+1 spare)

Other

Dual network interface controllers (NICs), redundant power supply

Consumption of real-time collaboration tools at Microsoft places heavy loads on back-end database servers. These server loads require high throughput to meet performance demands. Table 3 shows the initial disk configuration used for Lync Server 2010. In practices, Microsoft IT discovered that the primary RAID10 array was performance-bound. As a result, Microsoft IT added another identical 12x 146 GB RAID10 array to back-end servers.

Table 3. Server details for back-end servers

Component

Specification

CPU

4 quad core 64-bit, 2.26 Ghz

RAM

48 GB

Disk

Logical Drive

Hosted Resources

2x146 GB RAID1

OS, SQL, Swap, Support files

4x300 GB RAID10 (+1spare)

rtcdyn.ldf

12x146 GB RAID10

rtcab.mdf, rtcab1.mdf, cpsdyn.mdf, rgsconfig.mdf, rgsdyn.mdf, rtc.mdf, rtcdyn.mdf, lis.mdf, xds.mdf

2x146 GB RAID1

Tempdb

2x146 GB RAID1

rtcab.ldf, rtcab1.ldf, cpsdyn.ldf, rgsconfig.ldf, rgsdyn.ldf, lis.ldf, xds.ldf

2x146 GB RAID1

rtc.ldf

Other

Dual NICs, redundant power supply

Remote Access

Providing users outside of the corporate network with remote access to Lync Server is vital to Microsoft's culture. Microsoft IT currently supports more than 3,000 federated partner connections as well as connections for anonymous users who join meetings. When planning for remote access scenarios, Microsoft IT incorporates scalability requirements into the design to handle special cases of high user load, such as 'snow day' events, when an unusually high number of people connect remotely.

Remote access entails configuring firewalls to handle traffic, and enabling Lync servers to traverse the firewalls and serve content to clients external to the corporate network without requiring virtual private network (VPN). The key enablers of this architecture design include the following:

  • Dual-homed NICs on Edge roles The Edge role includes services to handle Access, Web, and A/V services. It is homed with a dual NIC configuration to handle traffic to the external Internet-facing side and internal corporate-network-facing side. The external-facing side has three IP addresses: one for Access, Web, and A/V. Federation traffic for bidirectional Session Initiation Protocol (SIP) and Mutual Transport Layer Security (MTLS) on port 5061, and inbound PSOM/TLS on port 443 is limited to only the external IP address associated with Edge Access. In addition, inbound Persistent Shared Object Model (PSOM)/ Transport Layer Security (TLS)/443 for Web conferencing is open on only the Web Edge external IP address. Figure 3 shows the port configuration.

  • Edge Director pool As mentioned, Directors serve a vital function in handling authentication traffic. This configuration mitigates the risk of denial-of-service (DoS) attacks, and increases scalability.

  • Hardware load balancers Configuring firewall rules in combination with the load balancer configuration proved to be somewhat challenging due to complex routing requirements. There are nuanced configuration specifics Microsoft IT discovered in designing load balancer details, which you can find at http://technet.microsoft.com/en-us/library/gg398478.aspx.

Figure 3 Port configuration

Figure 3 Port configuration

Enterprise Voice

Microsoft deployed Enterprise Voice to more than 86 sites that include over 92,000 people. Lync Server 2010 provided the opportunity to update the voice infrastructure to enable workers to connect anytime and anywhere. Lync 2010 consolidates clients and provides a better Enterprise Voice experience with improved audio quality.

The best practice for onboarding executives is to first migrate executive assistants one week before migrating the managers they support. This practice provides assistants time to become familiar with Enterprise Voice.

PBX Replacement

Microsoft IT has replaced nine total PBXs; three PBXs in each of the three deployment regions to validate PBX replacement scenarios. This improvement entailed using gateways and Aries phones for the majority of locations. For phone locations where network connectivity was not available, Microsoft IT used analog telephone adaptors (ATAs) to replace phones where only Category 3 connections were available. Media bypass was used instead of deploying on-site mediation servers.

The PBX replacement and consolidation provides cost savings by reducing the cost of infrastructure deployment and lower management overhead. Microsoft IT uses voice gateways in new sites for a unified infrastructure, thus avoiding the need to support and maintain traditional PBXs in the future. By migrating to Lync Server 2010, Microsoft IT simplified its infrastructure and decommissioned 183 Mediation servers. In the future, Microsoft IT is currently deploying SIP trunking in order to consolidate its PSTN infrastructure and reduce operational overhead of managing PSTN gateways. (A future whitepaper regarding Enterprise Voice will provide additional details.)

Load Balancing

Lync Server 2010 provides Microsoft IT with the capability to use both DNS and hardware load balancing to balance traffic among front-end server pools, Edge Director pools, and Edge pools. The topology and geographic distribution by design already homes users to their regional data centers, which accomplishes regional load balancing among sites. Where possible, DNS load balancing is used because it provides a technique to drain-stop front-end servers, which decreases user impact from normal maintenance and patching activities.

The load balancing approach Microsoft IT uses relies on hardware devices that perform firewall, reverse proxy, routing, and load balancing functions for the environment, as shown in Figure 4.

Figure 4 Load balancer architecture

Figure 4 Load balancer architecture

One of the challenging aspects of the configuration is ensuring that cookie persistence takes place. Cookie persistence is required to ensure that multiple connections from a single client session are always routed to the same server. HTTPS traffic is encrypted, and there is no reliable way to ensure session persistence takes place without having a load balancer decrypt traffic and re-encrypt it with the same certificate that the Edge Web service uses.

One additional configuration Microsoft IT made to enable load balancing is enabling host header forwarding on the reverse proxy on port 4443.

Security

Microsoft developed Lync Server 2010 with security in mind by making it trustworthy by default, by design, and by deployment. This approach is called Trustworthy Computing and is part of Microsoft's Software Development Lifecycle (SDLC). During product development, Microsoft identified common threat vectors such as eavesdropping, spoofing, man-in-the-middle attacks, real-time transport protocol (RTP) replay attacks, exposure of personally identifiable information (PII), as well as created tests to check code for vulnerabilities.

Microsoft IT in implementing Lync Server 2010 followed best practices around security at every boundary (external, perimeter, internal network) to make the most of the security features. Some of the configuration decisions relevant to Microsoft IT's implementation include the following:

  • Architecture and topology Internet sources continue to represent the biggest threat vector to Internet-enabled technologies, especially when they provide access of internal resources to remote clients. The topology shown in Figure 4 uses a back-to-back firewall configuration to protect internal hosts from attack. Edge servers that are accessible from the Internet can only communicate securely with trusted hosts that are explicitly defined and secured by common protocols and technologies such as MTLS, and Secure Real-Time Transport Protocol (SRTP) with 128-bit or higher encryption. In effect, all servers involved are trusted, all communication is encrypted, and all users are authenticated.

  • Conferencing and client permissions When external users do participate in consuming Lync services, the built-in security model helps to minimize risk. For example, only users with credentials can schedule conferences and start meetings. Unauthenticated users who join meetings must have a valid invitation. Participant types and roles also enable fine granularity of controls. This process prevents unauthorized or fraudulent use of the conferencing platform.

  • Least-privilege Role-based access control (RBAC) Microsoft Lync Server 2010 gives Microsoft IT the capability to create RBACs and delegate administrative tasks while maintaining high standards for security. With RBAC, Microsoft IT grants administrative privileges as needed based on role, where each role is associated with a specific list of Lync Server Management Shell cmdlets. In this way, administrators are given only the permissions required to complete authorized tasks.

  • Authentication and authorization Microsoft IT relies on Kerberos and certificate authentication for clients. Internal and federated clients with accounts in the internal production environment or the perimeter network authenticate through Kerberos, and anonymous users invited to a conference have a valid conference key that the conference originator sends. An authenticated user must join before anonymous users can join the bridge. The Edge pool offloads authentication requests from external users to the Director pool in the data center, and routes user traffic to their home pools. In case of outage, it is possible to move the traffic load from one data center to another.

Additionally, Microsoft IT follows standard operations best practices on all servers to help ensure the configuration remains protected against risks. For example, all servers have automatic updates configured, run antivirus software with scheduled scans, and are hardened to remove unnecessary services.

To ensure protection against common Internet-based threats such as worms, viruses, and Trojans, Microsoft IT deploys intelligent IM filtering that is part of Lync, disables clickable hyperlinks from external parties, and blocks many types of files that can be transferred through Lync. For additional control over SPAM over instant messaging (SPIM), users must add a contact in Lync before accepting instant messages from PIC contacts.

Deployment and Migration

The process to design and deploy Lync Server 2010 took place in several phases because of the dependencies involved in implementing the infrastructure and taking time to test and verify before onboarding users. Microsoft IT carried out the following deployment phases in the project:

  1. Prepare infrastructure dependencies Microsoft IT deployed the Lync Server environment by using new servers in all the data centers, and migrated to a new standard for hardware load balancing. Before deploying Lync, Microsoft IT carried out strict quality assurance processes on all servers.

  2. Deploy servers The deployment process involved using scripts to implement all server roles. These scripts undergo security and other validation checks to ensure they conform to best practices. Part of the audit process entails using checklists to verify functionality. The appendix includes sample checklists that Microsoft IT used.

  3. Validate environment The first group of users consisted of volunteers who signed up to test pre-release versions of Lync Server 2010 and associated clients. These users provided important feedback about their collaboration scenarios in order to validate the product before it was released to the general market. This testing also included server performance validation such as reliability, scalability, performance, and manageability.

  4. Deploy final product company-wide After testing and validation completes, and after fixing major and minor issues, Microsoft IT migrated users, features, and roles from Office Communication Server 2007 R2 to Lync Server 2010.

  5. Feedback from end users drives future features and improvements With the entire company on Lync 2010 end users continue to provide feedback that is tracked and submitted to the product team for opportunities to be considered for the next Lync release.

User Migration Process

The technical details of migration are relatively straightforward because they entail migrating batches of users from a server pool that runs a previous version to a server pool that runs the latest version.

End users receive e-mail communications before they are migrated to Lync to ensure they understand how the migration may affect them. Microsoft IT uses client version control (CVC) to manage which client end users are able to use on the Lync Server environment.  The block with URL setting in CVC is used to inform users to upgrade their software client the first time they log in. Although some concern existed that forcing upgrades would lead to user dissatisfaction, Microsoft IT found that users generally preferred having the latest client to take advantage of the full feature set of Lync Server 2010. For more information about updating clients, see http://technet.microsoft.com/en-us/library/gg412977.aspx.

Using Education and Support to Help Manage Change

There are many approaches that Microsoft IT uses to help ensure a positive user experience and to help educate users about the possibilities of Lync. One key strategy entails using the Lync 2010 Adoption and Training kit that provides guidance about common Lync features and best practices in the form of self-training guides and documents. The helpdesk support personnel that handle Lync issues also received user adoption and training customized to help them handle support issues related to Lync.

Microsoft IT creates many education opportunities for all users throughout the deployment of Lync Server 2010, including the following options:

  • Self-guided Self-guided modules provide an effective learning method for users.

  • Online instructor-led Online instructor-led training is offered on Lync basics and conferencing via the Microsoft IT Productivity Center in Fargo, ND.

  • In-person A team of four subject matter experts provide in-person, instructor-led training. These experts deliver hands-on training to small groups. Similarly, Site IT Managers hold sessions to explain usage scenarios and familiarize users with Lync 2010. If users miss a session, they may view a similar one online in a recorded session.

  • Resource kit document collection Many users also use the downloadable documentation and quick reference materials included in the resource kit.

All of these education opportunities span the continuum of self-study to instructor-led study available in multiple media formats, on demand, and in a scheduled way. Microsoft IT purposefully created many education opportunities to ensure that users could easily obtain critical training information in a time and format that works for them.

Supporting and Managing Lync Server 2010

Microsoft IT uses a four-tier support structure split between a global support group that runs helpdesk and desk-side support and the Lync Server 2010 engineering group. The following tiers handle support for the environment:

  • Tier 1: Call center through global support desk Tier 1 answers front-line support calls that are general in nature. It represents the first point of response for issues that people have with Lync 2010 and cannot resolve by reading documentation or asking a local expert. Support is available via phone and web chat.

  • Tier 2: Escalation and desk-side support For a small portion of support issues, a group of Tier 2 technicians are available for Tier 1 escalations.

  • Tier 3: Escalation for server-side fixes In case the support issue is serious in nature and cannot be resolved immediately, or is urgent, a staff member can route it directly to the team that handles the specific issue, or route it directly to the last tier if it is clearly a Lync-specific issue. This may involve escalation to sustaining engineering or to the product teams via Customer Technical Support (CTS).

  • Tier 4: Engineering As the last tier, the engineering team handles issues related directly to core the Lync infrastructure.

On average, during the initial deployment, the support staff handled 500-800 requests per month. Most of the issues were related to client install and uninstall, authentication errors, and online meeting or options. Tier 1 resolves over 80 percent of support tickets. Combined Tier 1 and Tier 2 resolve approximately 95 percent of tickets.

Support Tools

Microsoft IT relies on a centralized System Center Operations Manager infrastructure and a variety of tools to help carry out monitoring and support functions:

  • Operations Manager The Lync Server 2010 Monitoring Management Pack provides end-to-end monitoring of Lync for Operations Manager, such as alerting operators when Lync processes exceed a defined performance threshold. The management pack also enables Microsoft IT to perform synthetic transactions that simulate user behaviors such as joining a meeting or IM traffic.

  • SQL Server Reporting Services (SSRS) The Monitoring role included in Lync Server 2010 enables Microsoft IT to utilize Lync standard reports based on CDR and QoE data. Microsoft IT also creates custom SSRS reports with CDR and QoE data that allows end users and teams to have additional reports for their business. Microsoft IT administrators specify permissions for users and groups and access the built-in reports on system usage, call diagnostics, and media diagnostics. The available reports show system summary statistics, such as top failures and conference summary, as well as detailed reports about server performance or per-user activity.

  • Perfmon For monitoring performance metrics, Microsoft IT uses Perfmon to monitor concurrent connections to the Lync pools to ensure pools are properly load balanced.

Best Practices

In the course of designing, deploying, and operating Lync Server 2010, Microsoft IT learned practical lessons from the many teams involved that have helped ensure a successful deployment and excellent user experience. These best practices include the following:

  • Audit Edge role and firewall configuration Communication traffic takes place over multiple protocols and ports, and with external user support, crosses a few security boundaries. The traversal of traffic among boundaries may break with incorrect configurations. Microsoft IT uses various manual and automatic configuration audits to test end-to-end user scenarios to ensure everything functions as expected. For example, Microsoft IT disables real-time antivirus scanning on Edge servers to ensure this process does not affect audio quality.

  • · Verify dual home configuration on Edge role A common configuration issue involves the firewall rules, routing, and addressing of the network interfaces on Edge servers. The auditing and verification process includes checks to ensure the configuration functions as designed.

  • Test and verify session persistence for SSL Certificate configuration and session persistence are crucial to the proper functionality of Lync Server 2010. Before deploying in a production environment, Microsoft IT tested and verified stickiness and then again verified it upon putting gateways in production. See Appendix A for more details.

  • Ensure back-end servers are not performance-bound In Microsoft IT's experience, as users and end points increase on the pool, the Backend disk throughput needs to be monitored to ensure process latency isn't impacting the user experience.

  • Guide users through device choices The testing and verification program Microsoft IT started to certify and test devices such as headsets helped to ensure a smooth user experience by working out functionality issues, form factor, and compatibility early on. It is a best practice for each organization to perform its own due diligence on devices and select the best ones that meet organizational needs.

  • Create training, onboarding, and evangelism programs One key component to the rapid adoption of Lync within Microsoft has been the strategy to onboard people who will champion the product and be an evangelist for the technology, provide training in many modalities in order to appeal to a broad set of users. Ensure that users have adequate ability to provide feedback so that course corrections can be made as needed.

  • Shared commitments With infrastructure, operations, implementation, user adoption, and other teams involved in deploying Lync Server 2010, it is vital for Microsoft IT to share commitments among groups to remedy issues and achieve a high service quality.

  • Think of sizing and capacity in terms of end points, not users With users having multiple devices, as user load increases, it is important to monitor server and load balancer performance to fine-tune details such as database caching and disk throughput.

  • Manage certificates Session persistence and certificate issues for dual-homed Edge servers are common areas where issues may arise. It is a best practice to manage certificate issuance to ensure a trusted authority grants certificates, and to create a maintenance plan to replace certificates before they expire.

Appendix: Server Deployment Checklists

During server deployment, Microsoft IT automates installation and configuration, making the deployment process more about verifying and auditing tasks than following a systematic process. There are three separate checklists: one used to ensure deployment readiness, one for deployment, and one to verify successful completion of deployment processes. The deployment checklist is short and consists of running a command to start the installation routine and verifying that the routine completes. Table 4 lists the steps in the pre-deployment checklist.

Table 4. Pre-deployment checklist

Task

Details

Verify hardware meets requirements

Check CPU, disk, memory and hardware against design.

Confirm AD and networking details

Verify AD site, OU, network IP address, server name, NIC set to Auto for speed and duplexing, WINS/DNS resolution, update NIC drivers if necessary.

Check swap file

Ensure swap file is set to 16 GB.

Verify time sync

Ensure time zone is correct and time syncs to DC

Configure external NIC

Run batch file to configure, validate.

Configure and validate certificates

Import certificates, install, validate and record expiration dates.

Check NTLM Local Policy

Encryption settings changed to 'No minimum'

Install pre-requisites and any KBs

KB981575, KB2028997, and KB981836

Verify tools installation

Install standard suite of management tools, such as NetMon.

Install SQL Management Studio on back-end servers

Verify installation on all back-end servers

Install admin and Resource Kit

Install on all servers

After deployment, Microsoft IT verifies security and other settings, as well as performs post-deployment steps as shown in Table 5.

Table 5. Post-deployment checklist

Task

Details

Install updates

Install Lync-specific updates, such as cumulative update 3 or later. Also, install Office Communications Server 2007 R2 latest cumulative update.

Verify installation path

Should be D:\Program Files\Microsoft Lync Server 2010

Check file share

Check permissions on E:\LyncFS, and D:\LyncFS

Verify IPSec exception

All servers should be exempted from global policy.

Federation router

For new site, create Federation Router between the new site and the federated edge

Verify operations details

Use CollectSrvInfo to verify backup schedules and certificate info.

Validate CMS

Export the topology with Topology Builder, Push out pool-level config and verify it exists on the Server

End-to-end functionality

Validate functionality of core services (end-to-end with two Lync clients). Ensure Topology Validator tests all pass.

Review logs

App/System event logs, set log size to 30720

Update documentation

Record status of items, update records in tracking database

Deployment Verification

After deploying and configuring servers, Microsoft IT verifies the functionality and features to ensure that core scenarios function as expected. Table 6 lists the functionality tests performed.

Table 6. Feature validation checklist

Task

Details

Check service installation

Ensure services are running.

Peer to Peer IM

Send IM message

Group IM

Send IM to group

Presence

Confirm presence works.

Peer to Peer AV Conference

Initiate AV conference, 2 party

AV Conference

Initiate multiparty AV conference

Peer to Peer PSTN call

Place call to peer

Outbound PSTN call

Place outbound call

Address Book

Search contact in address book

Location Policy

Verify policy application

Location Information Service configuration

Verify configuration per spec

Dial in Conferencing

Call into conference/

Address Book Web Query

Test address book

Client Authentication

Ensure clients access in all scenarios

Federation

Verify federation configuration

Phone Bootstrap

Verify bootstrapping

Outlook Plugin meeting can be scheduled

Schedule meeting from Outlook, verify content, PSTN functionality

IM Filtering configuration

Verify filters

Audio Call

Place Enterprise Voice call

Desktop Sharing

View, share control, check functionality

Outside User IM/Audio/Desktop Sharing (Share Control)

Verify desktop sharing for partner account

File Transfer Filtering configuration

Verify filtering configuration for files

Device Update settings

Check for windows update settings

Response Group Service configuration

Check RGS settings

Edge connectivity

Verify the edge connectivity with both Office Communications Server 2007 R2 (if applicable) and Lync Server 2010.

Exchange UM validation

Ensure Exchange integration works.

Microsoft IT conducts the deployment verification detailed in Table 6 for all server pools. In the scenario when Lync Server 2010 coexists with Office Communication Server 2007 R2, both versions of server pools are verified after deployment.

For More Information

For more information about Microsoft products or services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada information Centre at (800) 563-9048. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information through the World Wide Web, go to:

http://www.microsoft.com

http://www.microsoft.com/technet/itshowcase

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

© 2011 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Excel, Lync, PowerPoint, SharePoint, Silverlight, SQL Server, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.