On-Premises Cloud On-PremisesHybridCloud

Lync Online Hybrid Deep DiveChristopher WallickCommunications Architect Enterprise Communications Center of Excellence

OFC-B341

What is Lync Hybrid?Deployment OverviewRequirements for Deploying Lync HybridConfiguring Lync HybridConfiguring and Deploying users from Online to On-premisesLync Hybrid in multi-forest AD

Agenda

What is Lync Hybrid?

Lync 2013 deployment choices

On-Premises


On-Premises Cloud


On-Premises Hybrid Cloud

Some users homed on-premises and some onlineUsers share the same domain (Lync split domain)Integration with other Office 365 applications

What is Lync Hybrid?

Lync Online

Lync On-Premises

Contoso.com

Contoso.com

Why you may deploy Lync Hybrid?

Enable Existing Lync On-Premises customers to move to Microsoft Office 365

Enable New customers to get Lync services through a combination of on-premise and cloud

Deployment Overview

Lync Hybrid coexistence topologies


ContosoActive Directory

Lync Server 2013

OCS 2007 R2

Lync Edge Server 2013

OCS 2007 R2 + Lync Server 2013


Contoso ContosoActive Directory Active Directory

Lync Server 2013

OCS 2007 R2

Lync Edge Server 2013 Lync Edge Server 2010

Lync Server 2010

Lync Server 2013 Admin Tools


Lync Server 2010 + Lync Server 2013

Lync Server 2010 February 2013 Cumulative Updates applied.


Contoso Contoso ContosoActive Directory Active Directory Active Directory

Lync Server 2013

OCS 2007 R2

Lync Edge Server 2013 Lync Edge Server 2010

Lync Server 2010

Lync Server 2013 Admin Tools

Lync Server 2013

Lync Edge Server 2013


Lync Server 2010 + Lync Server 2013

Lync Server 2013

Lync Server 2010 February 2013 Cumulative Updates applied.

Deployment process overview


Office 365 tenant.


Office 365 tenant.

Setup Active Directory Sync.


Office 365 tenant.


Deploy Active Directory Federation Services (AD FS) 2.0.


Office 365 tenant.


Enable Federation within your Office 365 tenant.



Office 365 tenant.




Setup Lync Hybrid.


Office 365 tenant.




Setup Lync Hybrid.

Move users to Lync Online.*

Or move users from Online to On Prem

Requirements for Deploying Lync Hybrid

Office 365 Tenant

Tenant running Lync Online 2013.

Appropriate Office 365 plan.- Lync Plan 3- E3 (includes Lync

Plan 3)

Domain verified.

http://office.microsoft.com/en-us/office365-suite-help/add-your-domain-to-office-365-HA102818660.aspx?CTT=5&origin=HA102851067




DirSyncAdd Alternate UPN Suffix to Active DirectoryMatch On-Premise UPN with Office 365 UPNActivate directory synchronizationInstall Windows Azure Active Directory Sync tool

http://technet.microsoft.com/en-us/library/jj151831


DirSyncAdd Alternate UPN Suffix to Active DirectoryMatch On-Premise UPN with Office 365 UPNActivate directory synchronizationInstall Windows Azure Active Directory Sync tool




AD FS 2.0 (SSO)AD FS 2.0AD FS 2.0 Proxy (for users connecting from outside company’s network)

Windows Server 2012 - AD FS role service


Contoso

Active Directory

AD FS Proxy

DMZ

AD FS



AD FS 2.0 (SSO)AD FS 2.0AD FS 2.0 Proxy (for users connecting from outside company’s network)

Windows Server 2012 - AD FS role service

Install Windows Azure Active Directory Module for Windows PowerShellEstablish trust relationship between AD FS 2.0 server and Office 365

Don't forget to match On-Premises UPN with Office 365 UPN


Contoso

Active Directory

AD FS Proxy

DMZ

AD FS

Trust

Convert-MsolDomainTo Federated –DomainName contoso.com



Lync Server 2013 On-Premises

OCS 2007

- Not supported


OCS 2007

- Not supported

OCS 2007 R2

- Requires Lync Server 2013 On-Premises

- Front End and Edge


OCS 2007

- Not supported

OCS 2007 R2



Lync Server 2010

- Requires Lync Server 2013 Administrative Tool

- Lync Server 2010 Ferbruary 2013 Comulative Update


OCS 2007

- Not supported

OCS 2007 R2



Lync Server 2013

- No additional requirements

Lync Server 2010

- Requires Lync Server 2013 Administrative Tool (No Lync 2013 Pools or Edges)

- Lync Server 2010 February 2013 Comulative Update

Configuring Lync for Hybrid

Enable Federation in Office 365

Enable Federation in Office 365 tenant


Enable Federation in Office 365 tenantDomain matching must be configured the same for on-premises deployment and Office 365 tenant


Enable Federation in Office 365 tenantDomain matching must be configured the same for on-premises deployment and Office 365 tenantBlocked/Allowed domains list in on-premises deployment must exactly match list for online tenantFederation must be enabled for external communications for online tenant

Setup Lync Hybrid• Configure Lync 2013 Edge Server for

FederationSet-CsAccessEdgeConfiguration -UseDnsSrvRouting -AllowOutsideUsers 1 -AllowFederatedUsers 1 -EnablePartnerDiscovery 1



• Federate with Office 365Set-CsHostingProvider -Identity LyncOnline -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification –AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root






• Federate with Office 365Set-CsHostingProvider -Identity LyncOnline -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification –AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

• Configure Office 365 tenant for split-domainRequires a support request (used to not anymore)





Move Users to Lync Online• Assign license to users in Office 365


• Locate hosted migration service URLhttps://admin0a.online.lync.com/HostedMigration/hostedmigrationservice.svc


• Locate hosted migration service URLhttps://admin0a.online.lync.com/HostedMigration/hostedmigrationservice.svc

• Move on-premises user to Lync Online tenant

$creds=Get-CredentialMove-CsUser -Identity [email protected] -Target sipfed.online.lync.com -Credential $creds -HostedMigrationOverrideUrl <URL>

Migration User DataContact list, Groups , ACLs.Voice: User-level call routing capabilities

Not MigratedOnline meetings must be rescheduled; tool to help with meeting reschedulingMeeting content

Client MigrationLync Client 2013 required for users migrated to Lync Online from Lync ServerFor OCS 2007 R2 environments, move user to a Lync 2013 pool (& Lync 2013 client) prior to migration

What Gets Migrated?Source

IM/P Meetings Voice

OCS 2007 R2 l l l

Lync Server 2010

l l l

Lync Server 2013

l l l

http://www.microsoft.com/en-us/download/confirmation.aspx?id=41656




Customer deploy Lync Online before Lync On premiseBefore you start moving Lync Online users to your on-premises environment must be fully deployedYour Lync Online tenant must be configured for remote PowerShell Access

Move Users from Lync Online to Lync On-premise

http://technet.microsoft.com/en-us/library/dn689117.aspx

RequirementsLync On-premises is fully deployedLync Online Tenant must be configured for remote PowerShell AccessLync Online must be configured for Shared SIP Address Space

Migrating Lync Online users to Lync On-Premises

Migrating Online users to On-premises Organization is configured for hybridVerify On-Premises Edge Servers have a certificate chain that enables connection to Lync Onlinehttps://corp.sts.microsoft.com/Onboard/ADFS_Onboarding_Pack/corp_sts_certs.zip

Enable users in On-Premises ADRun DirSync to sync the Lync Online users with the updated Lync on-premises users.


https://corp.sts.microsoft.com/Onboard/ADFS_Onboarding_Pack/corp_sts_certs.zip

https://corp.sts.microsoft.com/Onboard/ADFS_Onboarding_Pack/corp_sts_certs.zip

Migrating Online users to On-premises Update some DNS records to direct all SIP traffic to Lync OnlineUpdate the lyncdiscover.contoso.com A record to point to the FQDN of the on-premises reverse proxy server.Update the _sip._tls.contoso.com SRV record to resolve to the public IP or VIP address of the Access Edge service of Lync on-premises.Update the _sipfederationtls._tcp.contoso.com SRV record to resolve to the public IP or VIP address of the Access Edge service of Lync on-premises.If you use Split-brain DNS make sure the users are resolving names through the internal DNS zone are directed to the Front End Poolmake sure that the HostingProviderProxyFQDN is set to "sipfed.online.lync.com" and that the SIP addresses are set correctly.


Validate Migrated User Properties Get-CsUser | fl DisplayName,HostingProvider,SipAddress,Enabled


Active Directory attribute Attribute name Correct value for

Lync Online user

Correct value for Lync on–premises users

msRTCSIP-DeploymentLocator HostingProvider sipfed.online.lync.com SRV:

msRTCSIP-PrimaryUserAddress SIPAddress sip:userName@contoso

.comsip:[email protected]

sRTCSIP-UserEnabled Enabled True True

Lync Server, Lync Online: IM/Presence

Feature Lync Server

Lync Online

Rich presence ü ü

Peer-to-Peer Audio/Video Calling ü ü

Click to Communicate—Office integration ü ü

Mobility Clients—Windows Phone, Android, iOS ü ü

MAC Client ü ü

Federation with Lync/Lync Online ü ü

Skype Interop ü ü

XMPP Gateway ü

Persistent Chat ü

Federation with Yahoo/AOL ü

Lync Server, Lync Online: Meetings Feature Lync

ServerLync Online

Multi-Party PC Audio/Video ü ü

Ad-hoc meetings, Scheduled Meetingsü ü

Desktop Sharing, Application Sharing, Power Point ü ü

Rich Client for Meetings ü ü

Mobile Clients for Meetings ü ü

Rich Client for Meetings ü ü

Reach Client for Meetings ü ü

PSTN Dial-in in Meetings ü With ACP Partners

Meeting Size 1000 250

Lync Server, Lync Online: VoiceFeature Lync Server /

Lync Split domain on-premise users

Lync Split domain- Online Users

Peer-to-Peer & PSTN calling, Emergency Dialing, Voice Mail ü

Call hold, Transfer, Forwarding, Delegation & Team Calling ü

IP Phones, USB Peripherals & Mobile call via work ü

Direct SIP Interoperability with on-premises PBX ü

Private Line, Common Area Phones ü

Analog Devices, Enhanced 911 ü

Call Parking, Unassigned Number Handling ü

Call Center Integration & Response Groups ü

Network Resiliency, Call Admission Control ü

Lync Hybrid Features Support Matrix Lync and

Sharepoint hybrid

Supported Note Supported Note SupportedView presence or IM a contact in Outlook

Schedule and join meeting through Outlook

View presence or IM a contact in Outlook Web Access

View presence or IM a contact in Lync Mobile Client

Join meeting from Lync Mobile Client

Modify Contact List (via Unified Contact Store in Exchange)

Lync Server 2013 and Exchange only. A Lync 2013 client is required.

View or Modify Contact Photo in Lync Web App Lync Server 2013 Only

Delegate schedules meeting on-behalf of Boss * Exchange 2013 Only

Archiving meeting content Lync Server 2013 only

Searching archived meeting content Lync Server 2013 only

Leaving or retreiving voicemail

Publish status based on Outlook calendar free/busy

Missed Conversations history and Call Logs are written to user’s

exchange mailbox

Schedule meeting through Outlook Web Access

View presence or IM a contact in Sharepoint

Search contact by skill keyword

* Supported only when both users are homed online in the same forest or both are homed on-premises.

Customer scenario

Lync Online and Exchange On-Prem

Lync On-Prem and Exchange Online

Lync Hybrid in Multi-Forest AD

Multi-Forest overview

Contoso

Active Directory Active Directory

Fabrikam


Contoso


Fabrikam

Most common scenarios:• Multiple Accounts Forest• Resource Forest


Contoso


Fabrikam

Most common scenarios:• Multiple Accounts Forest• Resource Forest

DirSync tool can only sync ONE AD Forest

FIM for Multi-forest scenario

Contoso


Fabrikam

FIM

Only FIM Synchronization ServiceFIM Service & FIM Portal NOT requiered


Contoso


Fabrikam

FIM


Contoso


Fabrikam

FIM

FIM Connector for Windows AAD

Contoso


Fabrikam

FIM

Windows Azure Active Directory Connector for FIM

2010 R2

http://technet.microsoft.com/en-us/library/dn511001(v=ws.10).aspx



Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

msdn

Resources for Developers

http://microsoft.com/msdn

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEd

http://www.microsoft.com/learning

http://microsoft.com/msdn

http://microsoft.com/technet



Complete an evaluation and enter to win!

Evaluate this session

Scan this QR code to evaluate this session.

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Documents

On-Premises Cloud On-PremisesHybridCloud