Upload
thomas-poett
View
1.853
Download
6
Embed Size (px)
DESCRIPTION
Lync 2013 Client/ Server new Features. Server-to-Server Authentication Protocol (OAuth2) - hybrid, on-premise
Citation preview
© 2010 ACP Gruppe
www.acp.dewww.acp.at
www.acp-it.eu
Ihre IT ist unser Business
05. October 2012
ACP IT Solutions AGOberbayern
Thomas PöttManaging Consultant/ MVP Lync
BLOG: http://lyncuc.blogspot.de
© ACP Gruppe 2011© ACP Gruppe 2011
Agenda
New Client FeaturesNew Server FeaturesOther Server Features
© ACP Gruppe 2011© ACP Gruppe 2011
Lync 2013 Client New Features
Core experiences feel simple and familiarLync 2013 is easy to understand and use. Controls do not
overwhelm the user. Video can be used confidently. Persistent chat is nicely integrated into applications. Handling multiple conversations is easy.
People are a bigger part of the experienceConnections are deeper and more natural. People are
represented in a higher quality. Conversations feel human.
Consistent implementationThe basics are done right. Experiential completeness across
platforms.
Modern user experience (UX)Lync 2013 is part of the Office/Metro family
Live, dynamic experiencesFluid, flexible conversation views and experiences. Performant,
responsive motion all up.
© ACP Gruppe 2011© ACP Gruppe 2011
Lync APP Store Client
http://office.microsoft.com/en-us/lync-help/lync-2013-known-issues-HA102919641.aspx
Best Practice:Install the desktop client via Office 2013 !!
App Problems:- APP client is difficult to
use without touch screen
- Desktop sharing do not work
- It shows phone number ins contact, even if you are not EV enabled
- Sometimes IM do not appear
© ACP Gruppe 2011© ACP Gruppe 2011
Lync 2013 Server New Features
New capabilities in core workloadsInstant messaging (IM) & PresenceVideoCollaborationBusiness Voice
Internet Protocol version 6 (IPv6), virtual desktop infrastructure (VDI)ManageabilityScale, High availability (HA)/disaster recovery (DR)
© ACP Gruppe 2011© ACP Gruppe 2011
Unified Contact Store
Unified Contact Store Enables…
Same People card across Lync and Office Same favorites and buddy List across Lync,
Outlook, OWA De-duped and aggregated People search High-resolution photos
Lync 2010Outlook 2013, Lync 2013 Rich
Client, OWA
Read Favorites and Buddy List
ACLs(workgroup
federated)
Read Favorites and Buddy List
Lync Mobile
Buddy List UpdatesContactsFavoritesBuddy List
Lync 2013 Pool and UCWAExchange 2013
R/W Favorites and Buddy List Notifications
Migrate Buddy List
© ACP Gruppe 2011© ACP Gruppe 2011
Collaboration (Persistent Chat [group chat])
• Persistent Chat Server is a first-class server role in Lync Server topology
• Multiple Persistent Chat Server pools to help comply with data privacy regulations
• Disaster recovery improvements and stretched pools
• Simplified administration modelTopology Builder, Lync Server Control Panel, Microsoft Windows PowerShell®, Health and Monitoring
• Large rooms Up to 15K concurrent endpoints/room
• Server SDK for room management
Active Directory
Lync Edge
Lync FE Pool 1
ReverseProxy
Registration & Presence (SIP)Persistent Chat (XCCOS)Room Management (Web)
Persistent Chat (XCCOS)
IM & P
Registration, Presence (SIP)Persistent Chat (XCCOS)
Datacenter 1
Lync PC Pool 1
Mirrored SQL
Lync admin
© ACP Gruppe 2011© ACP Gruppe 2011
XMPP and 3PPI
XMPP Federation
Lync Pool 1(Runs XMPP GW)
Lync Edge(Runs XMPP Proxy)Outbound & Inbound External XMPP FedRoute
US East
Lync Pool 2(Runs XMPP GW)
XMPP Federation
Active Directory
Fabrikam.com
Lync Pool 3 (Runs XMPP GW)
Lync Edge(Runs XMPP Proxy)
US West
Google Talkservers
GoogleTalk
External XMPP Fed(Direction shows TLSConnection establishment)
Active Directory
Contoso.com
XMPP natively integrated into the Lync Front End server and Edge server Separate gateway not
needed Integrated setup,
management Scale-out, high
availability consistent with rest of Lync
Cisco/Jabber, Google Talk interoperability
MSFT Terms:• XMPP extern• 3PPI intern
© ACP Gruppe 2011© ACP Gruppe 2011
Video
• Multi-view video for natural interactions
• Standards-based codec – H.264 AVC/SVC
• Desktop, mobile, and slate ready
Optimized for mobile networks (3G, 4G and WiFi networks)Multiple client platforms (Microsoft Windows®, Windows Phone, MAC, iOS, Android)
• High-definition video in meetings
720p for conferences; 1080p for Room Systems; HD in Panorama Video
• Third-party telepresence systems inter-op through gateways
© ACP Gruppe 2011© ACP Gruppe 2011
Video Part II
• Multiple Incoming video streams – switched
or pinned
• Square video with Smart Cropping
• Active Speaker indication in video
• Multiple outgoing video streams and layers
• Support for both H.264 and VC-1
• H.264 provides
• Increased resiliency to packet loss
(protects base layers better)
• HW SoC (ARM) support (slates/mobile)
• No more lowest common denominator
• Third-party Room System interoperability
© ACP Gruppe 2011© ACP Gruppe 2011
Collaboration and Meetings
Microsoft Office PowerPoint® rendered with animations, transitions, video using Web Application Companion (WAC) ServerLync Web App with full meeting client capabilities built to web standards (HTML/JS)
Application sharing, audio/video through browser plug-inWindows and MacOne-click Lync meeting scheduling from Exchange OWAClick-to-join Audio Conferencing with dial-outJoin support for Lync Online and Hybrid deploymentsLarge-scale meetings (up to 1K users) on dedicated poolConference content archiving for whiteboard and pollingRoom Systems, stereo audio supportAudio quality improvements for large meetings
© ACP Gruppe 2011© ACP Gruppe 2011
Business Voice
Routing Enhancements
• Support for M:N – MS:GW• Improved Caller ID management• Improved delegate routing• Response Group Service (RGS) Manager• Inter-trunk routing (session management)
Hosted
Voice
• Lync-to-phone, IP phone devices in Office 365
• Hybrid model – on-premise server appliance with user being homed in the cloud
IPv6 • Support for IPv6 in all Lync components
VDI • Support for VDI for audio and video
© ACP Gruppe 2011© ACP Gruppe 2011
IPv6
IPv4 depletion has caused enterprises to start planning for transition to IPv6 seriously Exponential growth of mobile devices has forced carriers to start issuing IPv6 addressesGoals for this release :
Lync 2013 scenarios work well in a dual-stack IPv6/IPv4 environmentIPv6–capable: If IPv4 is disabled from the network, Lync should continue to work for all the basic functionalitiesRecommend converting entire deployment to Lync 2013 before enabling IPv6, for simplifying interoperability
© ACP Gruppe 2011© ACP Gruppe 2011
Scale and Resiliency
P1 P2 P3 P4 P5
Shared Servers
P6 P7 P8 P9 P10
Shared Servers
Lower-cost high availability
Identical clusters paired as active-active backup of one another
Real-time replication between paired pools of unified communications (UC) data
Faster disaster recovery
Each pool carries 50% of total load
Users re-routed when home Pool fails
Service resiliency
Works across pools or datacenters
Outage leaves services unaffected
Workloads
100.000 user / pool active
1.000.000 user / pool identities (passive)
© ACP Gruppe 2011© ACP Gruppe 2011
User Pool Pairing
Pool 2User Data
Pool 2 Users
Pool 1 User Data
Pool 1 Users
Pool 2User Data
Pool 2 Users
Pool 1 User Data
Pool 1 Users
Backup
Pool 1 Pool 2
Data Center 1 Data Center 2
User Pool FailoverUser Pool FailureUser Pool RepairedUser Pool FailbackUser Experience in Pool Failover
© ACP Gruppe 2011© ACP Gruppe 2011
Database Mirroring
CU 9 SQL Server 2008 -> http://support.microsoft.com/?kbid=2083921
SQL Server Requirements:
• The primary server’s version of SQL Server must support SQL mirroring.
• The primary, mirror, and the witness (if deployed) must have the same version of SQL Server.
• The primary and the mirror must have the same edition of SQL Server. The witness may have a different edition.
SQL Mirroring Major Steps:
• Use Topology Builder to configure Topology for Mirroring(Mirroring Port 5022)
• User Management Shell to install MirrorInstall-CsMirrorDatabaseGet-CsDatabaseMirrorState
• Configure SQL Witness
http://lyncuc.blogspot.de/2012/07/database-mirroring-step-by-step-lync.html
© ACP Gruppe 2011© ACP Gruppe 2011
Other Server Improvements
Consolidated ArchivingServer to Server Authentication Protocol
OAuth cloud processOAuth on-premise
© ACP Gruppe 2011© ACP Gruppe 2011
Consolidated Archiving
One archive store
• Lync content stored with mail in Exchange user mailboxes.
• Everything textual: IMs, uploads, whiteboards, polls
One archive policy
• Single management between Exchange email and Lync
• Simple end-user access to archives through Microsoft Office Outlook®
One compliance experience
• Discovery and content preservation using Exchange tools by Compliance Officer
• Integrates with corporate compliance e-discovery partners
© ACP Gruppe 2011© ACP Gruppe 2011
Server-to-Server Authentication Protocol (OAuth)
OAuth2 is an open standard for authorizationIt allows users to access their private resources (e.g. Lync Contact List, IM Archiving) stored on Servers without having to hand out their credentials, typically supplying username and password tokens instead. Each token grants access to a specific service for specific resources and for a defined duration
OAuth2 standard-based server-to-server trust across all Office servers Lync, Exchange, Microsoft Office SharePoint®, Active
DirectoryLync scenarios enabled
Unified Contacts, IM Archiving, OWA meeting scheduling
On-Premise and Hybrid
© ACP Gruppe 2011© ACP Gruppe 2011
OAuth Part II – cloud scenario
Lync Server
Authorization Server1
1. Lync Server contacts the Authorization Server (Microsoft) and requests a token to use for communicating with e.g. Exchange
22. Authorization Server sends Lync Server a security token
3
3. Lync Server uses the acquired security token to contact Exchange Server
© ACP Gruppe 2011© ACP Gruppe 2011
OAuth Part III – on-premise scenario
Lync Server
1
1. Lync Server uses its own security token to directly contact Exchange Server
• Assign a certificate to Lync Server's built-in token issuer.
• Configure the server that Lync Server will communicate with to be a "partner application." For example, if Lync Server needs to communicate with Microsoft Exchange then you will need to configure Microsoft Exchange to be a partner application.
Note:A "partner application" is any application that Microsoft Lync Server can directly exchange security tokens with, without having to go through a third-party security token server.
© ACP Gruppe 2011© ACP Gruppe 2011
Prerequisites and Configuration
only Microsoft Exchange 2013, SharePoint Server 2013, and Lync Server 2013currently support OauthCertificate: token issuer certificate (OAuthTokenIssuer)- must be request able on PKI- every Web Server Certificate that includes the name of the SIP Domain in the Subject Field can be used as OAuthTokenIssuer Certificate
Get-CsCertificate -Type OAuthTokenIssuerImport-CsCertificate –Identity global –Type OAuthTokenIssuer –Path C:\Certificates\ServerToServerAuth.pfx –Password "P@ssw0rd“If a Certificate exists for (e.g. the default certificate) it can be used:$x = (Get-CsCertificate -Type Default).ThumbprintSet-CsCertificate –Identity global -Type OAuthTokenIssuer -Thumbprint $x
© ACP Gruppe 2011© ACP Gruppe 2011
Configuration (CsPartnerApplication)Set-CSPartnerApplication.ps1
if ((Get-CsPartnerApplication app -ErrorAction SilentlyContinue) -ne $Null) { Remove-CsPartnerApplication app } $exch = Get-CsPartnerApplication microsoft.exchange -ErrorAction SilentlyContinue if ($exch -eq $null) { New-CsPartnerApplication -Identity microsoft.exchange -MetadataUrl https://atl-exchange-001.litwareinc.com/autodiscover/metadata/json/1 -ApplicationTrustLevel Full }else { if ($exch.ApplicationIdentifier –ne “00000002-0000-0ff1-ce00-000000000000”) { Remove-CsPartnerApplication microsoft.exchangeNew-CsPartnerApplication -Identity microsoft.exchange -MetadataUrl https://atl-exchange-001.litwareinc.com/autodiscover/metadata/json/1 -ApplicationTrustLevel Full } else { Set-CsPartnerApplication -Identity microsoft.exchange -ApplicationTrustLevel Full } }
$shp = Get-CsPartnerApplication microsoft.sharepoint -ErrorAction SilentlyContinue
if ($shp -eq $null) { New-CsPartnerApplication -Identity
microsoft.sharepoint -MetadataUrl http://atl-sharepoint-001.litwareinc.com/jsonmetadata.ashx -ApplicationTrustLevel Full
} else { if ($shp.ApplicationIdentifier –ne “00000003-
0000-0ff1-ce00-000000000000”) { Remove-CsPartnerApplication
microsoft.sharepoint New-CsPartnerApplication -Identity
microsoft.sharepoint -MetadataUrl http://atl-sharepoint-001.litwareinc.com/jsonmetadata.ashx -ApplicationTrustLevel Full
} else { Set-CsPartnerApplication -Identity
microsoft.sharepoint -ApplicationTrustLevel Full } } Set-CsOAuthConfiguration -ServiceName 00000004-0000-
0ff1-ce00-000000000000
If your REALM should be different from the Organization Name (EXCHANGE) you need to specify incl. the REALM Parameter:Set-CsOAuthConfiguration -ServiceName 00000004-0000-0ff1-ce00-000000000000 –Realm "contoso.com"
© ACP Gruppe 2011© ACP Gruppe 2011
Configuration (Set Metadata URL + PartnerApp)
MetadataURL:Lync 2013 Preview:https://atl-exchange-001.litwareinc.com/autodiscover/metadata/v1/json
Lync 2013 RTM:https://atl-exchange-001.litwareinc.com/autodiscover/metadata/json/1
When you run this script you might receive an error message similar to the following:
New-CsPartnerApplication : Cannot bind parameter 'MetadataUrl' to the target. Exception
setting "MetadataUrl": "The metadata document could not be downloaded from the URL
in the MetadataUrl parameter or downloaded data is not a valid metadata document."
This error message typically means one of two things:
1) that one of the URLs specified in the script is invalid (that is, one of your metadata
URLs is not actually a metadata URL); or,
2) that of the metadata URLs could not be contacted. If this happens, verify that the
URLs are correct and are accessible, and the re-run the script
© ACP Gruppe 2011© ACP Gruppe 2011
OAuth and Partner App Verification
Verification of configured PartnerApplication settings:Get-CsPartnerApplication
Result:Identity : microsoft.exchangeAuthToken : Microsoft.Rtc.Management.WritableConfig.
Settings.SSAuth.UseOAuthServerName : microsoft.exchangeRealm : contoso.comApplicationTrustLevel : FullEnabled : True
© ACP Gruppe 2011© ACP Gruppe 2011
Wir sehen den Weg.
Wir gehen den Weg.
Gehen Sie mit uns!
Thank you
26