Export (0) Print
Expand All

Plan your hybrid deployment for Skype for Business Server 2015

Skype for Business Server 2015
 

Topic Last Modified: 2015-08-18

Summary: Learn about the requirements for configuring a Skype for Business Server 2015 hybrid deployment.

A Skype for Business hybrid deployment is a deployment where users of a domain, such as contoso.com, are split between using Skype for Business Server on-premises and Skype for Business Online. Some of the domain users are homed on the on-premises Skype for Business Server pools, and some users are homed in Skype for Business Online.

You can configure your on-premises deployment for hybrid with Skype for Business Online and use Active Directory Synchronization to keep your on-premises and online users synchronized. You can also configure hybrid deployments for integration with on-premises Exchange and SharePoint, or with Microsoft Office 365 applications, including Exchange Online and SharePoint Online.

This topic describes the infrastructure and system requirements you'll need to configure your existing on-premises deployment - with users that were created in your on-premises Active Directory - with Skype for Business Online. If you are currently a Skype for Business Online customer that has users enabled for Skype for Business Online that have not been enabled in an on-premises deployment, see Configure hybrid from online to on-premises in Skype for Business Server 2015.

You should consider the following requirements for users and your network infrastructure while planning for a hybrid deployment with Skype for Business Online.

When you are asked to provide your administrator credentials, use the username and password for the administrator account for your Office 365 tenant. You will also use these credentials when you configure Azure Active Directory for federation, directory synchronization, single sign-on, and moving users to Skype for Business Online.

Administrators now have the ability to use Windows PowerShell to manage Skype for Business Online and their Skype for Business Online user accounts. To do this, you must first download and install the Skype for Business Online Connector Module from the Microsoft Download Center. For more information on downloading, installing, and using the Skype for Business Online Connector Module, and for detailed information on using Windows PowerShell to manage Skype for Business Online, see Using Windows PowerShell to manage Lync Online. Updated information for Skype for Business Online coming soon.

You must have the following configured in your environment in order to implement and deploy a hybrid deployment.

  • A Microsoft Office 365 tenant with Skype for Business Online enabled.

  • An on-premises deployment of Skype for Business Server 2015, Lync Server 2013, or Lync Server 2010.

    For information about configuring your Lync Server 2013 or Lync Server 2010 deployment for hybrid, see Lync Server 2013 hybrid.

  • Skype for Business Server 2015 administrative tools. If you are using Lync Server 2013 or Lync Server 2010, you can use the Lync Server 2013 administrative tools. Please see Lync Server 2013 hybrid for more information.

  • To support Single Sign-on with Office 365 so that users can use the same login credentials for signing in to Office as they do on-premises, you can use the password sync features of Azure Active Directory (AAD) Connect. You can also use Active Directory Federation Services (AD FS) for single sign-on with Office 365.

    For more information, see Integrating your on-premises identities with Azure Active Directory.

  • A directory synchronization solution to keep your on-premises and online Active Directory objects synchronized. For details about Directory Synchronization, see Directory Integration Tools.

There are some differences in the features supported in clients, as well as the features available in on-premises and online environments. Before you decide where you want to home users in your organization, you should review the Client comparison tables for Skype for Business Server 2015 to determine the client support for the various configurations of Skype for Business Server. The following clients are supported with Skype for Business Online in a hybrid deployment:

  • Skype for Business

  • Lync 2013

  • Lync 2010

  • Lync Windows Store app

  • Lync Web App

  • Lync Mobile

  • Lync for Mac 2011

  • Lync Room System and Skype for Business Room System

  • Lync Basic 2013

For details about client support, see the following topics:

To configure your deployment for hybrid with Skype for Business Online, you need to have one of the following supported topologies:

  • A Skype for Business Server 2015 deployment with all servers running Skype for Business Server 2015.

  • A Lync Server 2013 deployment with all servers running Lync Server 2013.

  • Microsoft Lync Server 2010 with Cumulative Updates for Lync Server 2010: February 2013 applied, and the Skype for Business Server 2015 or Lync Server 2013 administrative tools installed on-premises. The federation Edge Server and next hop server from the federation Edge Server must be running Microsoft Lync Server 2010 with the latest cumulative updates.

    importantImportant:
    The administrative tools should be installed on a separate server that has access to connect to the existing on-premises deployment. The Move-CsUser cmdlet to move users from your on-premises deployment to Skype for Business Online must be run from the administrative tools connected to your on-premises deployment.

The Allowed domains list includes domains that have a partner Edge fully qualified domain name (FQDN) configured. These are sometimes referred to as allowed partner servers or direct federation partners. You should be familiar with the difference between Open Federation and Closed Federation, referred to as partner discovery and allowed partner domain list, respectively, in on-premises deployments.

The following requirements must be met to successfully configure a hybrid deployment:

  • Domain matching must be configured the same for your on-premises deployment and your Office 365 tenant. If partner discovery is enabled on the on-premises deployment, then open federation must be configured for your online tenant. If partner discovery is not enabled, then closed federation must be configured for your online tenant.

  • The Blocked domains list in the on-premises deployment must exactly match the Blocked domains list for your online tenant.

  • The Allowed domains list in the on-premises deployment must exactly match the Allowed domains list for your online tenant.

  • Federation must be enabled for the external communications for the online tenant, which is configured by using the Skype for Business Online Control Panel.

When creating DNS SRV records for hybrid deployments, the records, _sipfederationtls._tcp.<domain> and _sip._tls.<domain>, should point to the on-premises Access Proxy.

Computers on your network must be able to perform standard Internet DNS lookups. If these computers can reach standard Internet sites, your network meets this requirement.

Depending on the location of your Microsoft Online Services data center, you must also configure your network firewall devices to accept connections based on wildcard domain names (for example, all traffic from *.outlook.com). If your organization’s firewalls do not support wildcard name configurations, you will have to manually determine the IP address ranges that you would like to allow and the specified ports.

Refer to the Help topic Office 365 URLs and IP address ranges.

In addition to the port requirements for internal communication, you must also configure the following ports.

 

Protocol / Port Applications

TCP 443

Open inbound

  • Active Directory Federation Services (federation server role)

    For more information, see Directory Integration Tools.

  • Active Directory Federation Services (proxy server role) either on-premises or in Azure.

  • Microsoft Online Services Portal

  • My Company Portal

  • Outlook Web App

  • Client (communication between Skype for Business Online and your on-premises deployment.

TCP 80 and 443

Open inbound

  • Microsoft Online Services Directory Synchronization Tool

TCP 5061

Open inbound/outbound on the Edge Server

PSOM/TLS 443

Open inbound/outbound for data sharing sessions

STUN/TCP 443

Open inbound/outbound for audio, video, application sharing sessions

STUN/UDP 3478

Open inbound/outbound for audio and video sessions

RTP/TCP 50000-59999

Open outbound for audio and video sessions

In a hybrid deployment, any user that you want to home online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online, which will move the user’s contact list.

When you synchronize user accounts between your on-premises deployment and online tenant using AAD Connect, you need to synchronize the AD accounts for all Skype for Business or Lync users in your organization, even if users are not moved to online. If you do not synchronize all users, communication between on-premises and online users in your organization may not work as expected.

importantImportant:
If the user was created by using the online portal for Office 365, the user account will not be synchronized with on-premises Active Directory, and the user will not exist in the on-premises Active Directory. If you have already created users in your online tenant, and want to configure hybrid with an on-premises deployment, see Configure hybrid from online to on-premises in Skype for Business Server 2015.

You should also consider the following user-related issues when planning for a hybrid deployment.

  • User contacts   The limit for contacts for Lync Online users is 250. Any contacts beyond that number will be removed from the user’s contact list when the account is moved to Lync Online.

  • Instant Messaging and Presence   User contact lists, groups, and access control lists (ACLs) are migrated with the user account.

  • Conferencing data, meeting content, and scheduled meetings   This content is not migrated with the user account. Users must reschedule meetings after their accounts are migrated to Lync Online.

  • In a hybrid environment, users can be enabled for Instant Messaging and conferencing (meetings) either on-premises or online, but not both simultaneously.

  • Client support    Some users may require a new client version when they are moved to Skype for Business Online. For Office Communications Server 2007 R2, users must be moved to a Skype for Business Server or Lync Server 2013 pool prior to migration to Skype for Business Online.

  • On-premises policies and configuration (non-user)   Online and on-premises policies require separate configuration. You cannot set global policies that apply to both.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2015 Microsoft