This chapter is from the book
This chapter is from the book
This chapter is from the book
Configuration
The good news about Lync Server is that with the Topology Builder tool, much of the configuration is done automatically. Although both configuration and administration can be done from the Silverlight web GUI or the Lync Server management shell, the configuration section focuses on the former, whereas the administration section focuses on the latter to avoid duplication of concepts.
First, an introduction to the Lync Server Control Panel. This section reviews each of the tabs and options in the Silverlight Control Panel web application and cites management shell commands for functions that do not appear in the Control Panel.
To launch the Control Panel on a Lync Server, select the Lync Server Control Panel link from the Start menu under the Microsoft Lync Server program group. To launch the Control Panel from another system, enter the Admin simple URL you entered during the initial installation or https://<poolFQDN>/cscp. In the sample environment, this is either https://admin.companyabc.com/ or https://Lyncpool.companyabc.com/cscp/. Either URL brings you to the Control Panel.
When you first log in, you're brought to the Control Panel home page. The navigation bar is on the left and includes options for Home, Users, Topology, IM and Presence, Voice Routing, Voice Features, Response Groups, Conferencing, Clients, External User Access, Monitoring and Archiving, and Security.
On the Home page, you can see a link to a quick start guide and other informational links in the center pane and shortcuts to common tasks in the right pane. This is certainly easier than hunting for them in the various other menus. The shortcuts include
- Add New User
- Configure Voice Routing Dial Plans
- Configure Voice Policy
- Configure Voice Routes
- Configure PIN Policy
As you can see, Microsoft has a strong focus on the voice functions of Lync Server.
The Users tab opens with a search bar. To find all users, simply leave the field blank and click the Search icon. All Communications Server–enabled users are returned, as shown in Figure 5.42. To enable a new user for Lync Server, click the New button and a wizard displays. Click Add under the Select Domain Users menu, and then type the name or names of users to be enabled. Choose a Front End pool and SIP URI generation method, and then assign telephony rules and user policies. Be sure to click the Add button at the top to save the user; otherwise, your changes are lost.
)
Figure 5.42 All Lync Server–Enabled Users
An administrator can also use the get-CsUser management shell cmdlet. With no arguments, the cmdlet returns all users. However, when run with the argument of a user's SIP address, the cmdlet returns detailed information about the account and configuration as shown in the following:
PS C:\Users\Administrator.COMPANYABC> get-CsUser alex@companyabc.com
Identity : CN=Alex Lewis,OU=CS Users,DC=companyabc,DC=
com
OriginatorSid :
VoicePolicy :
ConferencingPolicy :
DialPlan :
LocationPolicy :
ClientPolicy :
ClientVersionPolicy :
ArchivingPolicy :
PinPolicy :
ExternalAccessPolicy :
HostedVoiceMail :
HostedVoicemailPolicy :
HostingProvider : SRV:
RegistrarPool : lyncpool.companyabc.com
TargetRegistrarPool :
CSEnabled : True
SipAddress : sip:alex@companyabc.com
LineURI :
LineServerURI :
EnterpriseVoiceEnabled : False
TenantId : 00000000-0000-0000-0000-000000000000
HomeServer : CN=Lc Services,CN=Microsoft,CN=Headquarters
:1,CN=Pools,CN=RTC Service,CN=Services,CN=C
onfiguration,DC=companyabc,DC=com
TargetHomeServer :
PrivateLine :
IPPBXSoftPhoneRoutingEnabled : False
RemoteCallControlTelephonyEnabled : False
EnabledForRichPresence : True
AudioVideoDisabled : False
DisplayName : Alex Lewis
SamAccountName : alex
UserPrincipalName : alex@companyabc.com
OriginatingServer : CABCDC1.companyabc.com
From the User Search menu, administrators can also save common searches for easy access later. This saves the search as a User Search Query file or .usf. The file can be loaded later by clicking the Open button and selecting the file. This can be especially helpful in multidomain environments.
The default Topology menu shows all servers in the Lync Server topology and their statuses. If there is an error, it shows to the right of the server name and the administrator can drill down by double-clicking the server name. There are also two other tabs at the top of the screen: Server Application and Trusted Application. The Server Application tab shows the services for each pool and their statuses. Under the Action menu, the administrator can choose to enable or disable services as required. The Trusted Application tab shows all trusted applications. This is the same as the get-CsTrustedApplication management shell cmdlet. By default, there are no trusted applications.
The IM and Presence tab can be a bit confusing. It actually controls the client file transfer filter and URL filter policies. These are similar to Office Communications Server 2007 R2 and function in a predictable manner. The file filter allows administrators to set file types that are blocked by file extension. Note that the tool doesn't do any deep inspection beyond file type suffix, so renaming a file to change the suffix works to circumvent it. The URL filter has three options: Allow URLs, Block URLs, and Send Warning. The warning option allows the administrator to configure a custom warning message.
Configure Voice Policy
The next four tabs—Voice Routing, Voice Features, Response Groups, and Conferencing—are covered in detail in the voice chapters included in Section 6, "Voice," later in this book. For this reason, this section offers only an overview of these tabs.
The Voice Routing tab has many options. The first one is Dial Plan. This is roughly equivalent to the location profile in Office Communications Server 2007 R2. It has options to configure normalization rules per dial plan. The Normalization Wizard successfully blends the best parts of the previous tools. It has the power and flexibility of raw regular expressions and the intuitive and logical interface of the Office Communications Server 2007 R2 Enterprise Voice Route Helper. This should go a long way toward helping administrators without traditional telephony backgrounds to create complex dial plans.
The Voice Policy option is something completely new. Although it has an associated usage policy, it also has a number of check boxes to enable or disable various calling features. The choices are
- Enable call forwarding
- Enable delegation
- Enable call transfer
- Enable call park
- Enable simultaneous ringing of phones
- Enable team call
- Enable PSTN reroute
- Enable bandwidth policy override
- Enable malicious call tracing
Many of these features require additional configuration that doesn't just involve simply checking a box. For example, orbits must be defined for call park to function correctly. This simply creates a policy to allow the functionality for users assigned to a specific voice policy.
The Route option focuses on policy-based routing. This allows logical call routing based on number patterns. This can be especially helpful in mixed Enterprise Voice and PBX scenarios or where Lync Server is used for conferencing but a PBX maintains enterprise call control. Note that a call follows the first applicable path, not all paths that match.
PSTN Usage, the next tab from the top bar, is essentially the combination of a route and a voice policy. When a usage is assigned only actions that fit, the voice policy is allowed, and then calls follow the appropriate route.
The next tab, Trunk Configuration, can apply to internal or external SIP trunk configuration. Proper configuration of the Trunk Configuration options allow interoperability with a wider scope of SIP trunks and SIP trunking providers.
The last tab under Voice Routing is Test Voice Routing. This allows an administrator to define and save test cases. This is especially helpful in rapidly changing or complex environments.
The Voice Features item on the left bar has two sections: Call Park and Unassigned Number. The Call Park section allows an administrator to define Call Park number ranges and assign them to a pool. The Unassigned Number section allows an administrator to define number ranges and an action where to redirect the call. In previous versions, the call simply disconnected, but in Lync Server, the call can be routed to Exchange UM or to the Announcement service for a front end pool. Multiple rules can be defined for different number ranges. This is helpful for multiple site deployments where using a local pool or one with a different language is valuable.
Response Groups have the same familiar pieces: Workflow, Queue, and Group definition fields. Existing Response Group workflows can also be imported from Office Communications Server 2007 R2.
Configure Conferencing Policy
The next tab in the left column is Conferencing. The Conferencing Policy Section allows configuration for data collaboration, application sharing, audio, video, PSTN, and recording options. Select the default global policy and click Edit to examine the options and default settings. The Meeting Configuration section allows administrators to define meeting settings such as PSTN caller bypass and who can be enabled as a presenter. The Dial-In Access Number section is much improved. It acts as a single screen for all dial-in conferencing numbers enterprisewide. Multiple numbers can be defined for different sites or pools. The final section is PIN Policy, which defines settings for PIN length, PIN expiration, and the maximum number of retries.
Configure Clients Tab
The Clients tab covers both Communicator clients and Communicator Phone Edition devices. This covers the following sections, client version policy, client version configuration, device update, test device, device log configuration, and device configuration. The client version filter allows explicit deny and allow for all types of clients. The client version configuration allows an administrator to define what happens for a client that doesn't fit one of the client version filters. The device update section allows administrators to upload .cab files to be deployed to Communication Phone Edition devices. The next section allows an administrator to define one or more test devices to test Communicator Phone Edition updates before they are widely deployed. The device log configuration is self-explanatory with options for defining log size and duration. The device configuration section allows administrators to define SIP security level, logging level, QoS settings, and device-locking settings.
Configure External Access Policy
The next tab is External User Access. The first section, External Access Policy, defines the access edge policy for communication with external users. The access edge configuration section controls settings for federation and remote user access. Next is the Federated Domains section. Administrators can explicitly allow or deny federated partners. If open federation is not enabled, all partners need to be defined in the allow list. The last section is for public IM providers. An administrator can enable each of the public IM providers separately. Note that a special client access license is required for some public IM federation.
The Monitoring and Archiving tab contains policy-based settings for CDR (Call Detail Recording) and QoE (Quality of Experience) information. It also contains global and policy-based archiving settings. These are explained in great detail in Chapters 7, "Microsoft Lync Server 2010 Monitoring," and 8, "Microsoft Lync Server 2010 Archiving."
The second-to-last tab in the Lync Server Control Panel is Security. The registrar section has options for Kerberos, NTLM, or certificate authentication. By default, all three are enabled. The web service section covers web service authentication methods. The options are PIN authentication, certificate authentication, and enabling certificate chain download. All are enabled by default.
The final tab is Network Configuration. This section includes various policy settings for voice configuration as related to the network. Specifically, this is the area where an administrator can configure Call Admission Control (CAC) and Media Bypass policies. Additionally, administrators can configure E911 and location-specific settings for users in the location policy.
Lync Server supports DNS load balancing for multiple server pools. This is a huge benefit because hardware load-balancing configuration for SIP traffic can be difficult and requires significant troubleshooting. Many load-balancer administrators don't understand the concept beyond balancing web traffic. Although DNS load balancing is used for SIP traffic in Lync Server, a hardware load balancer is still required for web services traffic, such as the address book service. DNS load balancing isn't exactly round robin DNS. A proper configuration using the Company ABC environment and assuming mcsfe1 and mcsfe2 are both Enterprise Edition servers in the same pool would be configured in DNS as shown in Table 5.1.
Table 5.1. Configuration of DNS Load Balancing
|
_sip._tls.companyabc.com |
Cspool.companyabc.com |
|
192.168.1.172 |
|
|
192.168.1.173 |
|
|
192.168.1.172 192.168.1.173 |
When the client does an SRV record lookup as part of the automatic configuration process, the cspool.companyabc.com record is returned. From that, the DNS server returns the list of IPs assigned to cspool.companyabc.com (192.168.1.172 & 192.168.1.173). The client is programmed to choose an IP at random and register to that front end server. If the connection fails, the client tries the next random IP address in the list until it successfully registers or exhausts all the IP addresses returned by the DNS server.