Microsoft® Lync™ Server 2010: Architecture Michael Trommsdorff Group Manager Vassili Kaplan Developer Zurich Development Center Microsoft Corporation C202
Feb 23, 2016
Microsoft® Lync™ Server 2010: Architecture
Michael TrommsdorffGroup Manager
Vassili KaplanDeveloper
Zurich Development CenterMicrosoft Corporation
UC202
Made in Switzerland!▪ Lync Server voice-apps (dial-in conferencing, Response Group
Service, Announcement Service, Call Park) & Attendant Console
Agenda
▪ Unified Communications Roadmap▪ Topology related investments▪ Manageability enhancements + demo▪ Virtualization▪ DNS load balancing▪ PIN Authentication▪ Location Infrastructure▪ Cloud Integration▪ Q&A
Unified Communications Roadmap
Web ConferencingBasic Voice
Video
Dial-In ConferencingAdvanced Call Features
November 2010December 2008July 2007
Full Voice supportUnified Web conferencing client
v
Next Generation Communications
Lync Server 2010 Product InvestmentsDeliver the next generation communications system
Enterprise Voice Platform for Business Processes
Ease of Use Lower TCO Open and Extensible
Agenda
▪ Unified Communications Roadmap▪ Topology related investments
▪ Central Management Store▪ Resiliency
▪ Manageability enhancements▪ Virtualization▪ PIN Authentication▪ Location Infrastructure▪ Cloud Integration▪ Q&A
Central Management Store
▪ Schematized definition of deployment topology▪ Configuration of Lync Server 2010 services and Policies managed
by central store
Example Service Representation
Service
depends on
depends on
installed on
Site A, AVConfServices, 1
Site A, User Services, 1
Site A, Meditation Server, 1
Site A, Pool A
▪ Replication of policies/ configuration to all topology nodes (including Edge)
▪ Validation tools help prevent misconfiguration
Topologies Simplified
Director
Archiving
Monitoring
Mediation Front end
Back end
AV Conf
Edge
UM
SCOM
Group Chat
Topologies Optional ServersServers
Standard Edition
Enterprise Edition
Deployment Model▪ Global Deployment is a collection of Sites▪ Sites are made of Pools▪ Pools host users & services (such as conferencing, Voice over Internet
Protocol (VoIP))
Pools
Data Center Sites
Global Microsoft
Redmond
Tukwila-1
Tukwila-2
Dublin
Dublin-1
Design changes to supportVoice high availability
▪ Registrar Component▪ Registration and Routing▪ Each registrar has its SQL Express DB
▪ User Services Component▪ Presence & Conferencing
▪ Registrar and User Services are collocated in same physical Front End in the DC
▪ All user end points register with same registrar▪ Users are load balanced by Registrars
using a Distributed Hash Algorithm▪ Registrar can be installed in remote locations
Lync Clients
User Services Component(Presence & Conferencing)
Registrar ComponentRegistration & Routing
User’s Desktop
Resiliency Architecture▪ Each user has a “Primary Registrar Pool”.
▪ Discovers through DNS SRV. Directed to “Primary & Backup Registrar Pool”▪ For Data Center User = Data Center▪ For Branch User = Survivable Branch Appliance (SBA)
▪ Branch Users always register with the SBA Registrar unless it is unavailable
▪ Each Registrar Pool can have a “Backup Registrar Pool”▪ Backup Registrar Pool = Data Center CS Pool
▪ Backup Registrar heart-beats Primary Registrar. ▪ If heart-beat not received within Backup starts accepting client registrations▪ Configurable Failover Interval (default = 120 sec for branch offices)
Resiliency Architecture
BackupRegistrar
Pool
Bob’s Primary Registrar & User
Services:EE Pool 1
Data Center - EE Pool 1PresenceConferencing
Registrar(Registration& Routing)
Active Directory
AD & DNS
Alice’s Primary Registrar & User
Services:EE Pool 2
Data Center - EE Pool 2PresenceConferencing
Registrar(Registration& Routing)
Active Directory
AD & DNS Registrar
Survivable Branch Appliance
Branch Office
Joe’s Primary Registrar: SBAUser Services:
EE Pool 1
Other Resiliency enhancements▪ DNS Based Load Balancing for Internal Pools
▪ All traffic can be DNS Load Balanced except Client –> Server HTTP▪ Still require Hardware Load Balancer (HLB) for this traffic – Windows
Network Load Balancing (NLB) not supported for production▪ Draining: Ability to drain a “server” before taking the server down▪ Session Dialog Resiliency for Conferencing
▪ Even if the Front End goes down, User can still participate in a conference▪ Client caches successful connections to Lync Server 2010
▪ FQDN and IP of SIP Registrar, Media Relay & Media Relay Auth Server▪ Reconnections are very fast
▪ Lync Server certificate authentication for client to server auth▪ Certs are issues by Lync and allow for resiliency when AD is down
Users
Large Branch (>1000 users)
Medium Branch - (25-1000 users)
Branch Resiliency Options
25
500
1000
Small Branch (<25 users)No Local Infrastructureor gateway only
Survivable Branch Server or Standard Edition Server and Separate Media Gateway
Survivable Branch
Appliance(s)
SBA
Data Center
Active Directory
AD & DNS
CircuitPacket
PSTN
WAN
Survivable Branch Appliance (SBA)Purpose-built appliance optimized to provide resilient multi-modal communication for maximizing branch office user productivity
Data Center
Lync Server PoolEdge
Server SBA
Branch OfficePSTN
WAN
Survivable Branch Appliance (SBA)
Components Functionality Go-To Market
• Windows Server® 2008 R2
• Mediation Server
• Registrar
• PSTN Gateway
• SIP Registrar• Normal/Failover mode
• SIP Proxy & Routing engine• PSTN connectivity• Voicemail routing• PSTN re-routing
• Centrally provisioned• Up to 1000 user support
• OEM (Embedded channel)
• Current partners• Audiocodes• Dialogic• Ferrari• HP• NET
Voice high availability for branch officesAppliance form factor with Hardened Windows Server 2008 R2Sold and supported by UC partnersCentrally Managed from the Datacenter
Reference Topologies – Standard Edition
Edge Server
HTTP reverse proxy
Survivable Branch Appliance
tiny.contoso.com CA/DNS
Exchange UM Server
PSTN Gateway(s)
All Server Roles
WAN
Small< 5000 users
This example5,000 users, 3 servers
1667 users/server
Small Standard Edition central site Branch through Edge
Small with Branches 250-5,000 Standard Edition central site Single branch, with SBA
Small with Failover Two Standard Editions - “Paired” Standard Edition to support inexpensive failover Any
Central Site Standard Edition
Branch A
PSTN
DNS Load Balancing
Reference Topologies – Enterprise Edition
Edge Server Pool
HTTP reverse proxy
Survivable Branch Appliance
WAN
Single Datacenter< 100,000 users
This example20,000 users, HA, 14
servers, 1429 users/server
Central Site Enterprise Edition
Branch Acontoso.com CA/DNS
Exchange UM Server
PSTN Gateway(s)
retail.contoso.comFile Share
Director Pool
AV Conferencing Pool
Front End Pool
Monitoring Pool
DNS Load Balancing
Branch B
PSTN
PSTN Gateway
Single DC Enterprise Edition, Single Data Center Branch through Edge
DC with Branches 1,000 – 30,000 Enterprise Edition, Single Data Center Two branches, one SBA, one PSTN Interconnect
Reference Topologies – Multi-site
Survivable Branch Appliance
WAN
Central Site 1 - Enterprise Edition
Branch A
Edge Server Pool
HTTP reverse proxy
contoso.comCA/DNS Exchange UM Server
NA.contoso.com
File Share
DNS Load Balancing
Director Pool
AV Conferencing Pool
PSTN
PSTN Gateway
Edge Server Pool
HTTP reverse proxy
Monitoring and Archiving
PoolFront End Pool
DNS Load Balancing
Standard Edition
SIP Trunking
Central Site 2 - Enterprise Edition
EU.contoso.comCA/DNS
File Share AV Conferencing Pool
Front End Pool
DNS LB
PSTN Gateway(s)
Branch C
PSTN Gateway
“Branch” B
Global Very Large
10,000+ Unlimited
• Two Data Centers with EE
• One Central Site with an SE
• Enterprise Edition, > Two Data Centers
• Standard Editions
• Some SBA• Some
PSTN
• Survivable Branch Appliances
• Branch with Standard Edition
Global, Multi-SiteUnlimited
This exampleSite 1: 18 serversSite 2: 11 servers2413 users/server(central sites only)
Agenda
▪ Unified Communications Roadmap▪ Topology related investments▪ Manageability enhancements▪ Virtualization▪ PIN Authentication▪ Location Infrastructure▪ Cloud Integration▪ Q&A
Manageability Enhancements▪ Lync Server 2010 Control Panel (CSCP)
▪ Silverlight™ based administration console▪ Task oriented and uses underlying PowerShell Infrastructure▪ Replaces MMC
▪ PowerShell▪ Complete access to all administrative tasks▪ Automation interface▪ Replaces Windows Management Instrumentation (WMI)
▪ Role Based Access Control (RBAC)▪ Access controlled by security group membership▪ New delegation model: site aware
▪ Synthetic Transactions – powershell based framework that allows admins to proactively identify faults in the system, and raise alerts in SCOM
Manageability enhancementsVassili Kaplan
Demo
Agenda
▪ Unified Communications Roadmap▪ Topology related investments▪ Manageability enhancements▪ Virtualization▪ PIN Authentication▪ Location Infrastructure▪ Cloud Integration▪ Q&A
Virtualization▪ What’s supported?
▪ Virtualization of specific Lync Server 2010 roles▪ SQL, Exchange, Active Directory® Domain Services (AD DS) virtualization (as per guidelines)▪ Hyper-V R2 (2008 not supported), VM Ware (per SVVP)▪ Client virtualization (except Audio/video - use IP phone)
▪ Not Supported▪ Branch office/Gateway only/Mediation server + gateway▪ Standard Edition (single server deployed as “Datacenter” site)▪ Live migration of VMs via SCVMM (ongoing calls/sessions will be dropped)
▪ Virtual Deployment ▪ 4 VMs – Front end, back end+ file store, A/V MCU, Edge▪ 1 Physical machine – 16 cores, 16 GB, 500 GB SAS drive, Dual NIC, Intel Xeon E7450 procs.
Dedicated to Communications Server “14” only▪ Pilot no HLB or DNS LB. Production – Needs HLB.▪ Scale reduction (up to 50%) compared to non-virtualized
PIN Authentication
▪ Allow PIN based sign on for devices
▪ Lync Server 2010 signed certificates to access Lync Server 2010 Web services
▪ User certificate to access EWS
▪ Unified PIN for devices and CAA
▪ PIN Management portal in Lync Server 2010 along with appropriate notifications
EXTERNALNETWORK
AUTH (SIP URI,
Cert)
Lync User Services
Lync Registrar
200 OK
5. TLS to Lync Registrar FQDN
6. REGISTER (SIP URI) Supported; Cert
SIP 401ww-authenticate: Cert
7. REGISTER (SIP URI) Authorization: Cert, Cert Param
INTERNAL NETWORK
ONLY
DHCP Server/ Lync Registrar
1a. DHCP Option 43 & 120
1b. Lync Cert WS URL & Lync Registrar FQDN
INTERNAL NETWORK
ONLY
Lync Cert Provisioning Web Service
2a. Http: Get Cert Chain
2b. Http: Download Cert Chain
3a. Https: Resolve User (Ext/Phone #, Pin)
3b. Https: SIP URI
4a. Https: Get and Publish Cert (SIP URI, Pin, CSR)
4b. Https: Lync Signed Cert
Agenda
▪ Unified Communications Roadmap▪ Topology related investments▪ Manageability enhancements▪ Virtualization▪ PIN Authentication▪ Location Infrastructure▪ Cloud Integration
Location Infrastructure▪ Base requirement – provide location with emergency calls
(North American), while ensuring that the solution addresses the roaming nature of communicator clients
▪ Added a Location Information Service that is part of the Frontend role
▪ Flexibility in enablement options – user/location▪ Architecture allows integration with existing LIS systems
▪ Unified Communications Roadmap▪ Topology related investments▪ Manageability enhancements▪ Virtualization▪ DNS load balancing▪ PIN Authentication▪ Location Infrastructure▪ Cloud Integration
Agenda
Cloud IntegrationConnected business and optimized IT
▪ Consistent user experience across delivery options
▪ Common architecture and data model across deployments
▪ Flexibility in deployment – meets your complex needs
▪ Adaptability in deployment – enables changes at any time
Hosted Service
Rapid scalability Advanced manageability
On-Premises
Control and ownership Customization
Key Takeaways
You should now have a better understanding of the key architectural changes in Lync Server 2010 and the benefits of the engineering investments:▪ Simplified Topologies – fewer number of servers with more functionality▪ Understand how TCO is lowered by offering a simplified deployment and
administration experience▪ Improved support for Virtualized environments▪ Great monitoring capabilities to allow for proactive problem detection▪ Seamless Integration with Cloud infrastructure allowing more choices of
deployment across the different workloads
Learn More
▪ View Related Unified Communications (UNC) Content at TechEd Online▪ Visit microsoft.com/communicationsserver for more Lync Server 2010 product
information▪ Find additional Lync Server 2010 content in the Technical Library, weekly
technical articles at NextHop, and follow DrRez on Twitter▪ Check out Microsoft TechNet resources for Lync Server and Exchange Server▪ Visit additional Exchange 2010 IT Professional-focused content: Partner Link
or Customer Link (Name: ExPro Pword: EHLO!world)▪ Try it out!
▪ Exchange 2010 SP1 Beta download is now available from the download center
Обратная связь Ваше мнение очень важно для нас. Пожалуйста, оцените доклад, заполните анкету и сдайте ее при выходе из зала
Спасибо!
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Lync, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.