Microsoft Inner Circle Lync2013

© 2010 ACP Gruppe

www.acp.dewww.acp.at

www.acp-it.eu

Ihre IT ist unser Business

05. October 2012

ACP IT Solutions AGOberbayern

Thomas PöttManaging Consultant/ MVP Lync

BLOG: http://lyncuc.blogspot.de

http://www.man.eu/MAN/de/

© ACP Gruppe 2011© ACP Gruppe 2011

Agenda

New Client FeaturesNew Server FeaturesOther Server Features


Lync 2013 Client New Features

Core experiences feel simple and familiarLync 2013 is easy to understand and use. Controls do not

overwhelm the user. Video can be used confidently. Persistent chat is nicely integrated into applications. Handling multiple conversations is easy.

People are a bigger part of the experienceConnections are deeper and more natural. People are

represented in a higher quality. Conversations feel human.

Consistent implementationThe basics are done right. Experiential completeness across

platforms.

Modern user experience (UX)Lync 2013 is part of the Office/Metro family

Live, dynamic experiencesFluid, flexible conversation views and experiences. Performant,

responsive motion all up.


Lync APP Store Client

http://office.microsoft.com/en-us/lync-help/lync-2013-known-issues-HA102919641.aspx

Best Practice:Install the desktop client via Office 2013 !!

App Problems:- APP client is difficult to

use without touch screen

- Desktop sharing do not work

- It shows phone number ins contact, even if you are not EV enabled

- Sometimes IM do not appear


Lync 2013 Server New Features

New capabilities in core workloadsInstant messaging (IM) & PresenceVideoCollaborationBusiness Voice

Internet Protocol version 6 (IPv6), virtual desktop infrastructure (VDI)ManageabilityScale, High availability (HA)/disaster recovery (DR)


Unified Contact Store

Unified Contact Store Enables…

Same People card across Lync and Office Same favorites and buddy List across Lync,

Outlook, OWA De-duped and aggregated People search High-resolution photos

Lync 2010Outlook 2013, Lync 2013 Rich

Client, OWA

Read Favorites and Buddy List

ACLs(workgroup

federated)

Read Favorites and Buddy List

Lync Mobile

Buddy List UpdatesContactsFavoritesBuddy List

Lync 2013 Pool and UCWAExchange 2013

R/W Favorites and Buddy List Notifications

Migrate Buddy List


Collaboration (Persistent Chat [group chat])

• Persistent Chat Server is a first-class server role in Lync Server topology

• Multiple Persistent Chat Server pools to help comply with data privacy regulations

• Disaster recovery improvements and stretched pools

• Simplified administration modelTopology Builder, Lync Server Control Panel, Microsoft Windows PowerShell®, Health and Monitoring

• Large rooms Up to 15K concurrent endpoints/room

• Server SDK for room management

Active Directory

Lync Edge

Lync FE Pool 1

ReverseProxy

Registration & Presence (SIP)Persistent Chat (XCCOS)Room Management (Web)

Persistent Chat (XCCOS)

IM & P

Registration, Presence (SIP)Persistent Chat (XCCOS)

Datacenter 1

Lync PC Pool 1

Mirrored SQL

Lync admin


XMPP and 3PPI

XMPP Federation

Lync Pool 1(Runs XMPP GW)

Lync Edge(Runs XMPP Proxy)Outbound & Inbound External XMPP FedRoute

US East

Lync Pool 2(Runs XMPP GW)

XMPP Federation

Active Directory

Fabrikam.com

Lync Pool 3 (Runs XMPP GW)

Lync Edge(Runs XMPP Proxy)

US West

Google Talkservers

GoogleTalk

External XMPP Fed(Direction shows TLSConnection establishment)

Active Directory

Contoso.com

XMPP natively integrated into the Lync Front End server and Edge server Separate gateway not

needed Integrated setup,

management Scale-out, high

availability consistent with rest of Lync

Cisco/Jabber, Google Talk interoperability

MSFT Terms:• XMPP extern• 3PPI intern


Video

• Multi-view video for natural interactions

• Standards-based codec – H.264 AVC/SVC

• Desktop, mobile, and slate ready

Optimized for mobile networks (3G, 4G and WiFi networks)Multiple client platforms (Microsoft Windows®, Windows Phone, MAC, iOS, Android)

• High-definition video in meetings

720p for conferences; 1080p for Room Systems; HD in Panorama Video

• Third-party telepresence systems inter-op through gateways


Video Part II

• Multiple Incoming video streams – switched

or pinned

• Square video with Smart Cropping

• Active Speaker indication in video

• Multiple outgoing video streams and layers

• Support for both H.264 and VC-1

• H.264 provides

• Increased resiliency to packet loss

(protects base layers better)

• HW SoC (ARM) support (slates/mobile)

• No more lowest common denominator

• Third-party Room System interoperability


Collaboration and Meetings

Microsoft Office PowerPoint® rendered with animations, transitions, video using Web Application Companion (WAC) ServerLync Web App with full meeting client capabilities built to web standards (HTML/JS)

Application sharing, audio/video through browser plug-inWindows and MacOne-click Lync meeting scheduling from Exchange OWAClick-to-join Audio Conferencing with dial-outJoin support for Lync Online and Hybrid deploymentsLarge-scale meetings (up to 1K users) on dedicated poolConference content archiving for whiteboard and pollingRoom Systems, stereo audio supportAudio quality improvements for large meetings


Business Voice

Routing Enhancements

• Support for M:N – MS:GW• Improved Caller ID management• Improved delegate routing• Response Group Service (RGS) Manager• Inter-trunk routing (session management)

Hosted

Voice

• Lync-to-phone, IP phone devices in Office 365

• Hybrid model – on-premise server appliance with user being homed in the cloud

IPv6 • Support for IPv6 in all Lync components

VDI • Support for VDI for audio and video


IPv6

IPv4 depletion has caused enterprises to start planning for transition to IPv6 seriously Exponential growth of mobile devices has forced carriers to start issuing IPv6 addressesGoals for this release :

Lync 2013 scenarios work well in a dual-stack IPv6/IPv4 environmentIPv6–capable: If IPv4 is disabled from the network, Lync should continue to work for all the basic functionalitiesRecommend converting entire deployment to Lync 2013 before enabling IPv6, for simplifying interoperability


Scale and Resiliency

P1 P2 P3 P4 P5

Shared Servers

P6 P7 P8 P9 P10

Shared Servers

Lower-cost high availability

Identical clusters paired as active-active backup of one another

Real-time replication between paired pools of unified communications (UC) data

Faster disaster recovery

Each pool carries 50% of total load

Users re-routed when home Pool fails

Service resiliency

Works across pools or datacenters

Outage leaves services unaffected

Workloads

100.000 user / pool active

1.000.000 user / pool identities (passive)


User Pool Pairing

Pool 2User Data

Pool 2 Users

Pool 1 User Data

Pool 1 Users

Pool 2User Data

Pool 2 Users

Pool 1 User Data

Pool 1 Users

Backup

Pool 1 Pool 2

Data Center 1 Data Center 2

User Pool FailoverUser Pool FailureUser Pool RepairedUser Pool FailbackUser Experience in Pool Failover


Database Mirroring

CU 9 SQL Server 2008 -> http://support.microsoft.com/?kbid=2083921

SQL Server Requirements:

• The primary server’s version of SQL Server must support SQL mirroring.

• The primary, mirror, and the witness (if deployed) must have the same version of SQL Server.

• The primary and the mirror must have the same edition of SQL Server. The witness may have a different edition.

SQL Mirroring Major Steps:

• Use Topology Builder to configure Topology for Mirroring(Mirroring Port 5022)

• User Management Shell to install MirrorInstall-CsMirrorDatabaseGet-CsDatabaseMirrorState

• Configure SQL Witness

http://lyncuc.blogspot.de/2012/07/database-mirroring-step-by-step-lync.html


Other Server Improvements

Consolidated ArchivingServer to Server Authentication Protocol

OAuth cloud processOAuth on-premise


Consolidated Archiving

One archive store

• Lync content stored with mail in Exchange user mailboxes.

• Everything textual: IMs, uploads, whiteboards, polls

One archive policy

• Single management between Exchange email and Lync

• Simple end-user access to archives through Microsoft Office Outlook®

One compliance experience

• Discovery and content preservation using Exchange tools by Compliance Officer

• Integrates with corporate compliance e-discovery partners


Server-to-Server Authentication Protocol (OAuth)

OAuth2 is an open standard for authorizationIt allows users to access their private resources (e.g. Lync Contact List, IM Archiving) stored on Servers without having to hand out their credentials, typically supplying username and password tokens instead. Each token grants access to a specific service for specific resources and for a defined duration

OAuth2 standard-based server-to-server trust across all Office servers Lync, Exchange, Microsoft Office SharePoint®, Active

DirectoryLync scenarios enabled

Unified Contacts, IM Archiving, OWA meeting scheduling

On-Premise and Hybrid


OAuth Part II – cloud scenario

Lync Server

Authorization Server1

1. Lync Server contacts the Authorization Server (Microsoft) and requests a token to use for communicating with e.g. Exchange

22. Authorization Server sends Lync Server a security token

3

3. Lync Server uses the acquired security token to contact Exchange Server


OAuth Part III – on-premise scenario

Lync Server

1

1. Lync Server uses its own security token to directly contact Exchange Server

• Assign a certificate to Lync Server's built-in token issuer.

• Configure the server that Lync Server will communicate with to be a "partner application." For example, if Lync Server needs to communicate with Microsoft Exchange then you will need to configure Microsoft Exchange to be a partner application.

Note:A "partner application" is any application that Microsoft Lync Server can directly exchange security tokens with, without having to go through a third-party security token server.


Prerequisites and Configuration

only Microsoft Exchange 2013, SharePoint Server 2013, and Lync Server 2013currently support OauthCertificate: token issuer certificate (OAuthTokenIssuer)- must be request able on PKI- every Web Server Certificate that includes the name of the SIP Domain in the Subject Field can be used as OAuthTokenIssuer Certificate

Get-CsCertificate -Type OAuthTokenIssuerImport-CsCertificate –Identity global –Type OAuthTokenIssuer –Path C:\Certificates\ServerToServerAuth.pfx –Password "P@ssw0rd“If a Certificate exists for (e.g. the default certificate) it can be used:$x = (Get-CsCertificate -Type Default).ThumbprintSet-CsCertificate –Identity global -Type OAuthTokenIssuer -Thumbprint $x


Configuration (CsPartnerApplication)Set-CSPartnerApplication.ps1

if ((Get-CsPartnerApplication app -ErrorAction SilentlyContinue) -ne $Null) { Remove-CsPartnerApplication app } $exch = Get-CsPartnerApplication microsoft.exchange -ErrorAction SilentlyContinue if ($exch -eq $null) { New-CsPartnerApplication -Identity microsoft.exchange -MetadataUrl https://atl-exchange-001.litwareinc.com/autodiscover/metadata/json/1 -ApplicationTrustLevel Full }else { if ($exch.ApplicationIdentifier –ne “00000002-0000-0ff1-ce00-000000000000”) { Remove-CsPartnerApplication microsoft.exchangeNew-CsPartnerApplication -Identity microsoft.exchange -MetadataUrl https://atl-exchange-001.litwareinc.com/autodiscover/metadata/json/1 -ApplicationTrustLevel Full } else { Set-CsPartnerApplication -Identity microsoft.exchange -ApplicationTrustLevel Full } }

$shp = Get-CsPartnerApplication microsoft.sharepoint -ErrorAction SilentlyContinue

if ($shp -eq $null) { New-CsPartnerApplication -Identity

microsoft.sharepoint -MetadataUrl http://atl-sharepoint-001.litwareinc.com/jsonmetadata.ashx -ApplicationTrustLevel Full

} else { if ($shp.ApplicationIdentifier –ne “00000003-

0000-0ff1-ce00-000000000000”) { Remove-CsPartnerApplication

microsoft.sharepoint New-CsPartnerApplication -Identity

microsoft.sharepoint -MetadataUrl http://atl-sharepoint-001.litwareinc.com/jsonmetadata.ashx -ApplicationTrustLevel Full

} else { Set-CsPartnerApplication -Identity

microsoft.sharepoint -ApplicationTrustLevel Full } } Set-CsOAuthConfiguration -ServiceName 00000004-0000-

0ff1-ce00-000000000000

If your REALM should be different from the Organization Name (EXCHANGE) you need to specify incl. the REALM Parameter:Set-CsOAuthConfiguration -ServiceName 00000004-0000-0ff1-ce00-000000000000 –Realm "contoso.com"


Configuration (Set Metadata URL + PartnerApp)

MetadataURL:Lync 2013 Preview:https://atl-exchange-001.litwareinc.com/autodiscover/metadata/v1/json

Lync 2013 RTM:https://atl-exchange-001.litwareinc.com/autodiscover/metadata/json/1

When you run this script you might receive an error message similar to the following:

New-CsPartnerApplication : Cannot bind parameter 'MetadataUrl' to the target. Exception

setting "MetadataUrl": "The metadata document could not be downloaded from the URL

in the MetadataUrl parameter or downloaded data is not a valid metadata document."

This error message typically means one of two things:

1) that one of the URLs specified in the script is invalid (that is, one of your metadata

URLs is not actually a metadata URL); or,

2) that of the metadata URLs could not be contacted. If this happens, verify that the

URLs are correct and are accessible, and the re-run the script

https://atl-exchange-001.litwareinc.com/autodiscover/metadata/v1/json



https://atl-exchange-001.litwareinc.com/autodiscover/metadata/json/1




OAuth and Partner App Verification

Verification of configured PartnerApplication settings:Get-CsPartnerApplication

Result:Identity : microsoft.exchangeAuthToken : Microsoft.Rtc.Management.WritableConfig.

Settings.SSAuth.UseOAuthServerName : microsoft.exchangeRealm : contoso.comApplicationTrustLevel : FullEnabled : True


Wir sehen den Weg.

Wir gehen den Weg.

Gehen Sie mit uns!

Thank you

26

Technology

Microsoft Inner Circle Lync2013