Skype for Business Hybrid deployment guide (with Cloud PBX)...Hybrid deployment allows you keep yours users on your Skype for Business or Lync Server on-premises and on Skype for Business
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Skype for Business Hybrid deployment guide (with Cloud PBX)
Overview: Skype for Business hybrid deployment is mixed environment with Skype for Business Online and On-Premises configuration. In Hybrid environment has existing on-premises deployment with users that were created in your on-premises Active Directory - with Skype for Business Online. Hybrid deployment allows you keep yours users on your Skype for Business or Lync Server on-premises and on Skype for Business Online using the Active Directory Synchronization to keep your on-premises and online users synchronized. Below are the topics are discussed in this document:
Sr. No. Topics
1 Description
2 Pre-requisite for Hybrid deployment
3 Details steps for Hybrid configuration
4 User migration to Skype for Business Online
5 User migration to Skype for Business Online with Cloud PBX.
6 Auto discover Configure for Hybrid deployment
7 Lesson learned
8 Office 365 health, readiness, and connectivity checks
Blog: http://communicationsknowledge.blogspot.com/ . This document covers Skype for Business Hybrid deployment process. Target audience for this admin guide are Skype for Business / Lync Administrator, Skype for Business Online (Office365) Administrator and System Administrator who manages Skype for Business and Lync server 2013 environment.
You must have the following configured in your environment in order to implement
and deploy a hybrid deployment:
A Microsoft Office 365 tenant with Skype for Business Online enabled. Note that you can use only a single tenant for a hybrid configuration with your on-premises deployment.
A single on-premises deployment (infrastructure) of Skype for Business Server 2015, Lync Server 2013, or Lync Server 2010 that is deployed in a supported topology.
Skype for Business Server 2015 administrative tools. If you are using Lync Server 2013 or Lync Server 2010, you can use the Lync Server 2013 administrative tools.
To support Single Sign-on with Office 365 so that users can use the same login credentials for signing in to Office as they do on-premises, you can use the password sync features of Azure Active Directory (AAD) Connect. You can also use Active Directory Federation Services (AD FS) for single sign-on with Office 365.
A single directory synchronization solution to keep your on-premises and online Active Directory objects synchronized. For details about Directory Synchronization, see Directory Integration Tools.
For this document purpose I have used ADFS and DirSync.
Assuming that you already have setup ADFS for Office 365 and single sign-on and your On-prem ADDS accounts synced with Office 365. If not then you can refer below Microsoft article Set up ADFS for Office 365 for Single Sign-On.
Skype for Business client supportability:
There are some differences in the features supported in clients, as well as the features
available in on-premises and online environments. Before you decide where you want
to home users in your organization, you should review the Client comparison tables for
Skype for Business Server 2015 to determine the client support for the various
configurations of Skype for Business Server. The following clients are supported with
Skype for Business Online in a hybrid deployment:
Skype for Business 2015 Skype for Business 2016 Lync 2013 Lync 2010 Lync Windows Store app Lync Web App Lync Mobile
If you setup hosting provider then you need initiate the replication, run the
below command to invoke replication.
Invoke-Csmanagementstorereplication
Note: To check the creation of your host providing you can type
Get-Cshostingprovider -localstore again to see hosting provider information.
7. As far as Federation policy. Your On-Premises and Skype for Business Online
federation policy must be identical.
a. Domain matching must be configured the same for your on-premises deployment and your Office 365 tenant. If partner discovery is enabled on the
on-premises deployment, then open federation must be configured for your online tenant. If partner discovery is not enabled, then closed federation must be configured for your online tenant.
b. The Blocked domains list in the on-premises deployment must exactly match the Blocked domains list for your online tenant.
c. The Allowed domains list in the on-premises deployment must exactly match the Allowed domains list for your online tenant.
d. Federation must be enabled for the external communications for the online tenant, which is configured by using the Skype for Business Online Control Panel.
8. What is DNS requirement for Hybrid?
When creating DNS records for hybrid deployments, all Skype for Business
external DNS records should point to the on-premises infrastructure.
DNS record Resolvable by
DNS requirement
DNS SRV record for _sipfederationtls._tcp.<sipdomain.com> for all supported SIP domains resolving to Access Edge external IP(s)
Edge server(s)
Enable federated communication in a hybrid configuration. The Edge Server needs to know where to route federated traffic for the SIP domain that is split between on premises and online.
DNS A record(s) for Edge Web Conferencing Service FQDN, e.g. webcon.contoso.com resolving to Web Conferencing Edge external IP(s)
Enable online users to present or view content in on-premises hosted meetings. Content includes PowerPoint files, whiteboards, polls, and shared notes.
Above both are available in my environment.
9. Firewall requirement for Hybrid deployment:
Refer complete firewall port requirement for Skype for Business online:
Now you can make outbound call and checks. You will be able to make outbound call.
How to run Office 365 health, readiness, and connectivity checks?
I would recommend that you run Office365 health, readiness, and connectivity checks before you set up Office 365, Skype for Business Online or Office 365 hybrid environment.
This test can find settings in your current environment that might cause problems when you start to set up or use your services.
If you know where the potential roadblocks are before you start, you can fix or work around them to make your deployment path easier to complete.
The readiness checks are looking at settings in your current local network environment and anything you’ve already set up in Office 365. The checks use
your credentials to make their inspection. Run the checks while connected to your current local network and logged in as an admin.
Check results are sorted into these categories:
Passed: the setting that we checked is correct for Office 365. You might want to review passed items to see what we looked at, but these results are informational only.
Warning: the setting that we checked won't break anything, but isn't optimized for Office 365. You can review the results to see if this is an important setting for you. If you want to learn more about the warning, or learn how to change the setting, you can get help from the panel to the right.
Error: the setting that we checked will negatively affect your setup and should be fixed before you continue. Definitely review these results and make changes as needed. Help on how to fix issues is available from the panel to the right. If you see an error for something you haven't set up yet, such as DNS records, you can ignore the error for now. But, we recommend you run the readiness checks again after you get set up.
How to run HRC?
Go to URL: Run HRC
Login with your tenant admin account. The HRC (check advanced) should be run from a regular user PC. It will check for outbound ports for Office 365 services.
Once you click on “Run checks”, You may see security warning say “Run” on security warning to check your environment health.
Click on “Run”
This test basically checks User Principle Name, Proxy Address, mailnickename, mail attribute for each AD users. Additionally it will check Directory Synchronization for AD DS objects.