370 likes | 599 Views
Microsoft ® Lync ™ Server 2010: Architecture. Speaker Microsoft Corporation. Agenda. Unified Communications Roadmap Topology related investments Manageability enhancements Virtualization DNS load balancing Authentication enhancements Location Infrastructure Cloud Integration Q&A.
E N D
Microsoft® Lync™ Server 2010: Architecture Speaker Microsoft Corporation
Agenda • Unified Communications Roadmap • Topology related investments • Manageability enhancements • Virtualization • DNS load balancing • Authentication enhancements • Location Infrastructure • Cloud Integration • Q&A
2H 2010 • December 2008 • July 2007 Unified Communications Roadmap • Web Conferencing • Basic Voice • Video Dial-In Conferencing Advanced Call Features
Lync Server 2010 Product InvestmentsDeliver the next generation communications system v • Ease of Use Lower TCO Open and Extensible Next Generation Communications Enterprise Voice Platform for Business Processes
Agenda • Unified Communications Roadmap • Topology related investments • Manageability enhancements • Virtualization • DNS load balancing • Authentication enhancements • Location Infrastructure • Cloud Integration • Q&A
Central Management Store • Schematized definition of deployment topology • Configuration of Lync Server 2010 services and Policies managed by central store • Replication of policies/ configuration to all topology nodes (including Edge) • Validation tools help prevent misconfiguration Service Site A, AVConfServices, 1 depends on Site A, User Services, 1 depends on Site A, Meditation Server, 1 installed on Site A, Pool A Example Service Representation
Survivable Branch Appliance (SBA) A purpose-built appliance optimized to provide resilient multi-modal communication for maximizing branch office user productivity. Solution re-architected for Registrar to work when UserServices role is unavailable or unaccessible. Data Center Branch Office Lync Server Pool SBA Edge Server PSTN WAN
Topologies Simplified Topologies Servers Optional Servers Front end Mediation Standard Edition Back end Group Chat AV Conf Archiving Edge Monitoring Enterprise Edition Director UM SCOM
Deployment Model • Global Deployment is a collection of Sites • Sites are made of Pools • Pools host users & services (such as conferencing, Voice over Internet Protocol (VoIP))
Deployment Options Multi-site Resiliency Pool-level Resiliency Small or Trial Deploy Single Data Center Multiple Data Centers Central Site Branch Office Site Sites which host a pool of either SE or EE Sites that do not host a pool • Branches without redundant WANs will purchase a Survivable Branch Appliance to handle voice resiliency in the branch office • Branches with a redundant WAN connection, still require basic PSTN termination with SIP Gateway. • Standard Edition Server can be utilized for improved Quality of Experience (QoE) in large, distant “branches” (truly a Central Site) with lots of conferencing utilization. • Not all branches will require resiliency – for smaller branches, use Remote User Connectivity over public internet or 3G/4G network. • Smaller organizations not requiring resiliency can choose a Standard Edition Server (SE), a single server with all roles consolidated on that server functioning • Organizations who need resiliency will choose an Enterprise Edition Pool (EE), defining a pool of multiple servers comprised of front end and back end roles • “Paired” Standard Edition can offer failover between two SE servers for lower cost and reduced functionality. • Additional Server roles required include Archiving, Director, Edge and Monitoring
Reference Topologies Central Site Standard Edition Small < 5000 users Branch A CA/DNS tiny.contoso.com Survivable Branch Appliance Edge Server Exchange UM Server PSTN All Server Roles HTTP reverse proxy WAN This example 5,000 users, 3 servers 1667 users/server PSTN Gateway(s)
Reference Topologies Central Site Enterprise Edition Single Datacenter < 100,000 users Branch A CA/DNS contoso.com Survivable Branch Appliance Edge Server Pool retail.contoso.com Exchange UM Server File Share DNS Load Balancing DNS Load Balancing Branch B PSTN AV Conferencing Pool HTTP reverse proxy Front End Pool PSTN Gateway WAN This example 20,000 users, HA, 14 servers, 1429 users/server Director Pool Monitoring Pool PSTN Gateway(s)
Reference Topologies Global, Multi-Site Unlimited Branch A Central Site 1 -Enterprise Edition Exchange UM Server This example Site 1: 18 servers Site 2: 11 servers 2413 users/server (central sites only) CA/DNS Survivable Branch Appliance EU.contoso.com contoso.com “Branch” B Edge Server Pool Edge Server Pool File Share AV Conferencing Pool NA.contoso.com DNS Load Balancing Standard Edition PSTN Gateway DNS Load Balancing Front End Pool Monitoring and Archiving Pool PSTN SIP Trunking HTTP reverse proxy HTTP reverse proxy WAN Central Site 2 -Enterprise Edition DNS LB Branch C CA/DNS Director Pool PSTN Gateway(s) Front End Pool PSTN Gateway File Share AV Conferencing Pool
Agenda • Unified Communications Roadmap • Topology related investments • Manageability enhancements • Virtualization • DNS load balancing • Authentication enhancements • Location Infrastructure • Cloud Integration • Q&A
Manageability Enhancements • Lync Server 2010 Control Panel (CSCP) • Silverlight™ based administration console • Task oriented and uses underlying PowerShell Infrastructure • Replaces MMC • PowerShell • Complete access to all administrative tasks • Automation interface • Replaces Windows Management Instrumentation (WMI) • Role Based Access Control (RBAC) • Access controlled by security group membership • New delegation model: site aware • Synthetic Transactions – powershell based framework that allows admins to proactively identify faults in the system, and raise alerts in SCOM
Agenda • Unified Communications Roadmap • Topology related investments • Manageability enhancements • Virtualization • DNS load balancing • Authentication enhancements • Location Infrastructure • Cloud Integration • Q&A
Virtualization • What’s supported? • Virtualization of specific Lync Server 2010 roles • SQL, Exchange, Active Directory® Domain Services (AD DS) virtualization (as per guidelines) • Hyper-V R2 (2008 not supported), VM Ware (per SVVP) • Client virtualization (except Audio/video - use IP phone) • Not Supported • Branch office/Gateway only/Mediation server + gateway • Standard Edition (single server deployed as “Datacenter” site) • Live migration of VMs via SCVMM (ongoing calls/sessions will be dropped) • Virtual Deployment • 4 VMs – Front end, back end+ file store, A/V MCU, Edge • 1 Physical machine – 16 cores, 16 GB, 500 GB SAS drive, Dual NIC, Intel Xeon E7450 procs. Dedicated to Communications Server “14” only • Pilot no HLB or DNS LB. Production – Needs HLB. • Scale reduction (up to 50%) compared to non-virtualized
Agenda • Unified Communications Roadmap • Topology related investments • Manageability enhancements • Virtualization • DNS load balancing • Authentication enhancements • Location Infrastructure • Cloud Integration • Q&A
DNS Load Balancing DNS LB Goals • Simplify HLB Configuration • Reduce dependence on HLB • DNS LB supported for Internal Pool, Director Pool • All Server-Server and Client-Server SIP traffic • All Server-Server HTTP traffic • Media traffic • Support Draining of Applications • Improve Load balancing of server-server traffic (Ex: Access Edge – Director) • Eliminating HLB is not a goal • HLB still be required for Internal Pools • Client – Server HTTP & HTTP(s) traffic (ABS, DLX, LIS, etc.) • DCOM Traffic (Move User) – Will be fixed post Beta
DNS LB Architecture/Design • DNS A Record for FQDN resolves to Multiple IPs • Failover: If connect to an IP fails, failover to the next IP in the list • Load balance across multiple servers (Ex: SIP traffic sent to multiple IPs) • Draining: If Server IP1 being drained (returns 503 with special header), send all traffic to the next IP (IP2) • Honor DNS TTL except • If < 5 min, TTL = 5 min • If > 24 hours, TTL = 24 hours
DNS LB Sample Configuration For a Lync Server 2010 Pool ocspool1.contoso.com with 3 FEs: FE1, FE2, FE3 OCS 2007 R2 HLB - DNS Configuration Lync Server 2010 DNS LB - DNS Configuration Pool DNS A Entries Machine DNS A Entries
Agenda • Unified Communications Roadmap • Topology related investments • Manageability enhancements • Virtualization • DNS load balancing • Authentication enhancements • Location Infrastructure • Cloud Integration • Q&A
Lync Server Certificate Authentication • Lync Server Cert is used by Microsoft Lync 2010 for Branch Office Resiliency • Infrastructure is shared with device PIN auth. • Lync 2010 presents a PKI key pair to Lync Server 2010for signing. • Lync Server 2010 stores the keys and gives Lync 2010 a signed copy. • Lync Server 2010 publishes the certificate internally to FEs. • Certificates live on the order of months (3).
Lync Server Certificate AuthenticationSIP Authentication (TLS-DSK): Step 1 Lync Server 2010 FE / Director SIP REGISTER 401 Authenticate with certificate (TLS-DSK) WWW-Authenticate: TLS-DSK realm="SIP Communications Service", targetname="OCSDIR01.contoso.com", version=4, sts-uri="https://wp1.contoso.com/CertProv/CertProvisioningService.svc"
Lync Server Certificate AuthenticationSIP Authentication (TLS-DSK): Step 2 Lync Server 2010 FE / Director Get Certificate Service MEX Document Lync Server 2010 Certificate WS • Certificate service requires an existing certificate or a Web-ticket to authenticate the user • Contains Web-Ticket service URL Lync Server 2010 Web-Ticket WS
Lync Server Certificate AuthenticationSIP Authentication (TLS-DSK): Step 3 Lync Server 2010 FE / Director Lync Server 2010 Certificate WS Request Web-Ticket MEX / Security Token Web-Ticket Security Token Lync Server 2010 Web-Ticket WS • Lync 2010 authenticates user with NTLM/Kerberos
Lync Server Certificate AuthenticationSIP Authentication (TLS-DSK): Step 4 Lync Server 2010 FE / Director Certificate Signing Request Lync Server 2010 Signed Certificate Lync Server 2010 Certificate WS • Lync 2010 authenticates with Web Ticket • Lync 2010 provides PKI key pair for user • Certificate service publishes cert to FEs, replicates to BOAs, etc. Lync Server 2010 Web-Ticket WS
Lync Server Certificate AuthenticationSIP Authentication (TLS-DSK): Step 5 If Lync 2010 has no cert, it tries NTLM/Kerbfirst • Speeds up sign-in process • Web service requests could time out during outage NOTE:Lync 2010 remembers a cert was requested during registration • After sign-in completes, a certificate will be fetched for the next logon session Lync Server 2010 FE / Director SIP REGISTER w/ Lync Server 2010 Signed Certificate 200 OK
Allow PIN based sign on for devices Lync Server 2010 signed certificates to access Lync Server 2010 Web services User certificate to access EWS Unify PIN for devices and CAA PIN Management portal in Lync Server 2010 along with appropriate notifications INTERNAL NETWORK ONLY PIN Authentication 1a. DHCP Option 43 & 120 1b. Lync Cert WS URL & Lync Registrar FQDN DHCP Server/ Lync Registrar INTERNAL NETWORK ONLY 2a. Http: Get Cert Chain 2b. Http: Download Cert Chain 3a. Https: Resolve User (Ext/Phone #, Pin) 3b. Https: SIP URI 4a. Https: Get and Publish Cert (SIP URI, Pin, CSR) 4b. Https: Lync Signed Cert Lync Cert Provisioning Web Service EXTERNAL NETWORK 5. TLS to Lync Registrar FQDN AUTH (SIP URI, Cert) 6. REGISTER (SIP URI) Supported; Cert Lync Registrar SIP 401ww-authenticate: Cert 7. REGISTER (SIP URI) Authorization: Cert, Cert Param 200 OK Lync User Services
Agenda • Unified Communications Roadmap • Topology related investments • Manageability enhancements • Virtualization • DNS load balancing • Authentication enhancements • Location Infrastructure • Cloud Integration
Location Infrastructure • Base requirement – provide location with emergency calls (North American), while ensuring that the solution addresses the roaming nature of communicator clients • Added a Location Information Service that is part of the Frontend role • Flexibility in enablement options – user/location • Architecture allows integration with existing LIS systems
Agenda • Unified Communications Roadmap • Topology related investments • Manageability enhancements • Virtualization • DNS load balancing • Authentication enhancements • Location Infrastructure • Cloud Integration
Cloud IntegrationConnected business and optimized IT • Consistent user experience across delivery options • Common architecture and data model across deployments • Flexibility in deployment – meets your complex needs • Adaptability in deployment – enables changes at any time On-Premises Hosted Service Rapid scalability Advanced manageability Control and ownership Customization
Key Takeaways You should now have a better understanding of the key architectural changes in Lync Server 2010 and the benefits of the engineering investments: • Simplified Topologies – fewer number of servers with more functionality • Understand how TCO is lowered by offering a simplified deployment and administration experience • Improved support for Virtualized environments • Great monitoring capabilities to allow for proactive problem detection • Seamless Integration with Cloud infrastructure allowing more choices of deployment across the different workloads
Learn More • View Related Unified Communications (UNC) Content at TechEd Online • Visit microsoft.com/communicationsserver for more Lync Server 2010 product information • Find additional Lync Server 2010 content in the Technical Library, weekly technical articles at NextHop, and follow DrRez on Twitter • Check out Microsoft TechNet resources for Lync Server and Exchange Server • Visit additional Exchange 2010 IT Professional-focused content: Partner Link or Customer Link (Name: ExProPword: EHLO!world) • Try it out! • Exchange 2010 SP1 Beta download is now available from the download center
Resources Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers http://microsoft.com/technet http://microsoft.com/msdn