Deploy Web downloadable clients in Skype for Business Server 2015

Skype for Business Server 2015
 

마지막으로 수정된 항목: 2017-05-31

Summary: Deploy the Skype for Business Web App and Skype Meetings App used with Skype for Business.

비즈니스용 Skype Web App이란? is an Internet Information Services (IIS) web client that is installed on the server running 비즈니스용 Skype 서버 2015 and default it is deployed on demand to meeting users who do not already have the 비즈니스용 Skype client. These meeting users are more often than not connecting from outside your network. Whenever a user clicks a meeting URL but does not have the 비즈니스용 Skype client installed, the user is presented with the option to join the meeting by using the latest version of 비즈니스용 Skype Web App이란?.

The voice, video, and sharing features in 비즈니스용 Skype Web App이란? require a Microsoft ActiveX control that is used as a plugin by the user's browser. You can either install the ActiveX control in advance or allow users to install it when prompted, which happens the first time they use 비즈니스용 Skype Web App이란? or the first time they access a feature that requires the ActiveX control.

note참고:
In 비즈니스용 Skype 서버 2015 Edge Server deployments, an HTTPS reverse proxy in the perimeter network is required for 비즈니스용 Skype Web App이란? client access. You must also publish simple URLs. For details, see Lync Server 2013에 대한 역방향 프록시 서버 설치 and Lync Server 2013의 단순 URL 계획.

The 비즈니스용 Skype 서버 2015 version of 비즈니스용 Skype Web App이란? supports multi-factor authentication. In addition to user name and password, you can require additional authentication methods, such as smart cards or PINs, to authenticate users who are joining from external networks when they sign in to 비즈니스용 Skype meetings. You can enable multi-factor authentication by deploying Active Directory Federation Service (AD FS) federation server and enabling passive authentication in 비즈니스용 Skype 서버 2015. After AD FS is configured, external users who attempt to join 비즈니스용 Skype meetings are presented with an AD FS multi-factor authentication webpage that contains the user name and password challenge along with any additional authentication methods that you have configured.

important중요:
The following are important considerations if you plan to configure AD FS for multi-factor authentication:
  • Multi-factor ADFS authentication works if the meeting participant and organizer are both in the same organization or are both from an AD FS federated organization. Multi-factor ADFS authentication does not work for Lync federated users because the Lync server web infrastructure does not currently support it.

  • If you use hardware load balancers, enable cookie persistence on the load balancers so that all requests from the 비즈니스용 Skype Web App이란? client are handled by the same Front End Server.

  • When you establish a relying party trust between 비즈니스용 Skype 서버 and AD FS servers, assign a token life that is long enough to span the maximum length of your 비즈니스용 Skype meetings. Typically, a token life of 240 minutes is sufficient.

  • This configuration does not apply to Lync mobile clients.

Configure Multi-Factor Authentication
  1. Install an AD FS federation server role. For details, see the Active Directory Federation Services 2.0 Deployment Guide at https://go.microsoft.com/fwlink/p/?linkid=267511

  2. Create certificates for AD FS. For more information, see the "Federation server certificates" section of the Plan for and deploy AD FS for use with single sign-on topic at https://go.microsoft.com/fwlink/p/?LinkId=285376.

  3. From the Windows PowerShell 명령줄 인터페이스, run the following command:

    add-pssnapin Microsoft.Adfs.powershell
    
  4. Establish a partnership by running the following command:

    Add-ADFSRelyingPartyTrust -Name ContosoApp -MetadataURL https://lyncpool.contoso.com/passiveauth/federationmetadata/2007-06/federationmetadata.xml
    
  5. Set the following relying party rules:

    $IssuanceAuthorizationRules = '@RuleTemplate = "AllowAllAuthzRule" => issue(Type = "http://schemas.contoso.com/authorization/claims/permit", Value = "true");'$IssuanceTransformRules = '@RuleTemplate = "PassThroughClaims" @RuleName = "Sid" c:[Type == "http://schemas.contoso.com/ws/2008/06/identity/claims/primarysid"]=> issue(claim = c);'
    
    Set-ADFSRelyingPartyTrust -TargetName ContosoApp -IssuanceAuthorizationRules $IssuanceAuthorizationRules -IssuanceTransformRules $IssuanceTransformRules
    
    Set-CsWebServiceConfiguration -UseWsFedPassiveAuth $true -WsFedPassiveMetadataUri https://dc.contoso.com/federationmetadata/2007-06/federationmetadata.xml
    

The BranchCache feature in Windows 7 and Windows Server 2008 R2 can interfere with 비즈니스용 Skype Web App이란? web components. To prevent issues for 비즈니스용 Skype Web App이란? users, make sure that BranchCache is not enabled.

For details about disabling BranchCache, see the BranchCache Deployment Guide, which is available in Word format at the Microsoft Download Center at http://go.microsoft.com/fwlink/p/?LinkId=268788 and in HTML format in the Windows Server 2008 R2 Technical Library at https://go.microsoft.com/fwlink/p/?LinkId=268789.

You can use the Test-CsUcwaConference cmdlet to verify that a pair of test users can participate in a conference using the Unified Communications Web API (UCWA). For details about this cmdlet, see Test-CsUcwaConference in the 비즈니스용 Skype 서버 관리 쉘 documentation.

If installation of the plug-in fails on a computer running Windows Server 2008 R2, you may need to modify the Internet Explorer security setting or the DisableMSI registry key setting.

Modify the security setting in Internet Explorer
  1. Open Internet Explorer.

  2. Click Tools, click Internet Options, and then click Advanced.

  3. Scroll down to the Security section.

  4. Clear Do not save encrypted pages to disk, and then click OK.

    note참고:
    If selected, this setting will also cause an error when trying to download an attachment from 비즈니스용 Skype Web App이란?.
  5. Rejoin the meeting. The plug-in should download without errors.

Modify the DisableMSI Registry setting
  1. Click Start, and then click Run.

  2. To access the Registry Editor, type regedit.

  3. Navigate to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer.

  4. Edit or add the DisableMSI registry key of type REG_DWORD and set it to 0.

  5. Rejoin the meeting.

This procedure is optional. If you do not use it, external users will continue to join meetings using 비즈니스용 Skype Web App이란?.

Enable simplified meeting join and Skype Meetings App
  1. When you enable access to the Content Delivery Network (CDN), users will have the ability to connect to CDN online and get UNRESOLVED_TOKEN_VAL(skype16_MeetingsApp), and will use the simplified meeting join experience.

    Set-CsWebServiceConfiguration -MeetingUxUseCdn $True
    
  2. Allow client side logging telemetry from the meeting join web page or the UNRESOLVED_TOKEN_VAL(skype16_MeetingsApp) to be sent to Microsoft servers (the command defaults to false).

    Set-CsWebServiceConfiguration -MeetingUxEnableTelemetry $True
    

    Information sent to Microsoft is in strict compliance with Skype for Business data collection practices.

  3. Set the timeout before fall back to the locally hosted 비즈니스용 Skype Web App이란? experience if CDN isn't available. The default value is 6 seconds. If this value is set to 0, there will be no timeout.

    Set-CsWebServiceConfiguration -JoinLauncherCdnTimeout (New-TimeSpan -Seconds 10)
    
 
표시: