Lync2013 Standard Pool Deployment



Deployment of Lync 2013 Standard Pool _Part1
Details of Servers & IP address:
Initially we have deployed a Lync 2013 Standard Pool with One Single Std Lync Server and One Edge Server

The Servers which fall under the Lync 2013 Standard Pool are
TESTLYNC.test.com- 10.10.1.127
The servers which fall under the Lync 2013 Standard Edge Pool are
TESTEDGE01 – 10.10.1.199(Internal) 193.21.89.55(External) - (Note: = this server will not join to domain and will have two nic cards one for internal and other for external)
access.test.com – 193.21.89.55 pointing to internal IP 10.10.1.196
webcon.test.com – 193.21.89.55 pointing to internal IP 10.10.1.197
av.test.com – 193.21.89.55 pointing to internal IP 10.10.1.198
Step by Step Process of Installing First Lync 2013 Standard Pool
Step1. Created a User “Lync”, providing rights with Enterprise, Schema, Domain admin and Local administrator  
Step2. Installed the server TESTLYNC01 and TESTEDGE01 with OS (Win 2K12 STD)
Step3. Joined the Server TESTLYNC01 to the root domain (test.com)
Step4. Added the User “Lync” to Local System Administrator account
Step5. Installed the Roles specified by Microsoft before going to run the Lync server Setup
Roles:  Installed using Windows Server 2012 “Add Roles and Features Wizard

§ Web Server (IIS)
Features
§ Message Queuing | Message Queuing Services
§ Remote Server Administration Tools | Role Administration Tools | AD DS and AD LDS Tools
§ User Interfaces and Infrastructure | Desktop Experience
§ Windows Identity Foundation 3.5
§ .NET Framework 3.5 Features
§ .NET Framework 3.5
§ HTTP Activation (Important!)
§ Non-HTTP Activation
§ .NET Framework 4.5 (all options)
Roles
§ Web Server (IIS)
§ Role Services
§ Common Http Features Installed
§ Static
§ Default doc
§ Https errors
§ Health and Diagnostics
§ Http logging
§ Logging Tools
§ Tracing
§ Performance
§ Static Content Compression
§ Dynamics Content Compression
§ Security
§ Request Filtering
§ Client Cert Mapping Authentication
§ Windows Authentication
§ Management Tools
§ IIS Mgt Console
§ IIS mgt Scripts and Tools
§ Application Development
§ ASP.NET 3.5
§ ASP.NET 4.5
§ .NET extensibility 3.5
§ .NET extensibility 4.5
§ ISAPI extensions
§ ISAPI Filters


Step6. Click Add roles and Features
Step7. Click On Next
Step8. Click on Role-based or feature-based installation and click on Next
Step9. Click on Select a server from the server pool Click on Next
Step10.  Click on Next
Step 11.  Select on all the features provided in the Step 5 and click on Install and reboot the server
Step12. Copy the Lync 2013 Setup Folder to the Server TESTLYNC01 and Mount the ISO file
Step13. Run the Setup File
Step14. Click On Yes
Step15. Click On Yes
Step16. Click On Install
Step17. Click on I accept the terms in the license agreement Click on OK
Step18. Click On Prepare Active Directory
Step19. Click on RUN: Prepare Schema
Step20. Click On Next
Step21. Click On Finish
Step22. Click on RUN: Prepare Current Forest
Step23. Click On Next
Step24.  In Domain FQDN enter test.com, Click on Next
Step25. Click On Next
Step26. Click On Finish
Step27. Logon to 10.10.1.3 server, Open Active Directory Users and Computers, Search for CSAdministrator, Right Click on CSAdministrator Click on Properties
Step28. Click on Members, Click on Add, Type User Name Lync, Click on Check Names, Click on OK
Step29. Click on DNSMgmt on the server 10.10.1.3 to create the SRV and A records
Create SRV Record by Clicking on test.com, Right Click on test.com click on other New Records
Step30. Select Service Location (SRV), Click on Create Record
Step31. Enter Service:  _sipinternaltls, Port Number: 5061, Host offering this services: TESTLYNC.test.com, Click on OK
Step32. Create A Record by Clicking on test.com, Right Click on test.com click on New Host (A)
Step33. Enter Name: meet, IP address: 10.10.1.127
Step34. Repeat step 31 and 32 to create other 2 records dialin and admin pointing the IP Address 10.10.1.172
Step35. Now Login to the TESTLYNC01 Server and Click on BACK
Step36. Click on Prepare first Standard Edition server
Step37. Click On Next
Step38. Click On Browse, Provide the Setup File Path, Click on Next
Step39. Click on Finish once all the Commands are Executed Completed
Step40.  Click On Install Administrative Tools
Step41.  Locate Your Setup File Click on Open, Click Next
Step42. Now Locate Lync Server Topology Builder by going Start button in the server TESTLYNC01, Double Click on Lync Server Topology Builder
Step43. Select New Topology, Click on OK
Step44. Create a New Folder Lync2013, Save the Topology File name TestLync2013 in Lync2013
Step45. Enter the Primary SIP domain: test.com
Step46. Enter Additional supported SIP domains:test.com
Step47. Enter Name: Central Site Berkeley and Description: Primary Site
Step48. Enter City: Hyd, State/Province: AP, Country/Region Code: India, Click on Next
Step49. Click ON Finish
Step50. Click on Next to define New Front End Pool
Step51. Enter FQDN: TESTLYNC.test.com, Select Standard Edition Server, Click on Next
Step52. Select Conferencing, Enterprise Voice, Call Admission Control, Click on Next
Step53. Select Collocate Mediation Server Click on Next
Step54. Select Enable an Edge pool, Click on Next
Step55. Click on Next when we are Installing Std Pool Server it will install SQL express automatically
 Step56.  Create a Folder LyncData to store Lync Configuration and log files in TESTLYNC01 server
Step57. Provide Full access permissions to the Folder LyncData for all the Four Groups  
RTCHS Universal Services, RTC Component Universal Services, RTC Universal Server Admins,    RTC Universal Config Replicator
By right Clicking on Folder LyncData Select Properties 
Step58. Enter File Server FQDN: TESTLYNC.test.com, File share: LyncData
Step59.  Click on Next
Step60. Select Associate pool with an office Web App Server, Click on New
Step61. Enter Office Web Apps Server FQDN: OWA.test.com, Click on OK
Step62. Click on Next
Step63. Now we have Finished with the wizard
Step64. Click On Action, Click on Edit Properties
Step65. Enter Administrative access URL: https://admin.test.com , Select Central Management Server On:TESTLYNC.test.com
Step66. Expand the Lync Server, Right Click CentralSiteBerkeley, Click on Topology, Click on Publish
Step67. Click On Next
Step68. Click on Next
Step69.  Click on Finish
Step70. Click on Lync Server 2013 Deployment Wizard
Step71. Click on Install or Update Lync Server System
Step72. Click on Run: Install Local Configuration Store
Step73.  Click On Next
Step74. Click on Finish
Step75. Click on Run: Setup or Remove Lync Server Components
Step76. Click on Next
Step77. Click on Finish
Step78. Click on Run: Request Install or Assign Certificates
Step79. Select Default Certificate, Click on Request
Step80. Click on Next
Step81. Click on Next
Step82. Click On Next
Step83. Click on Next
Step84. Enter Friendly name: LyncInternal, Click on Next
Step85. Enter Organization: TESTORG, Organizational unit: IT, Click on Next
Step86. Select Country/Region: India, Enter State/Province: AP, City/Locality: Hyd, Click on Next
Step87. Click on Next
Step88. Put tick mark on Configured SIP domains: test.com, test1.com, Click on Next
Step89. Click on Next
Step90. Click on Next
Step91. Click on Next
Step92. Put tick mark on Assign this certificate to Lync Server certificate usage, Click on Finish
Step93. Click on Next
Step94. Click on Next
Step95. Click on Finish
Step96. Select OAuthTokenIssuer, Click on Assign
Step97. Click on Next
Step98. Click on Next
Step99.  Enter Friendly name: LyncOauthpoolCer, Click on Next
Step100. Enter Organization: TESTORG, Organization unit: IT, Click on Next
Step101. Select Country/Region: India, Enter State/Province: AP, City/Locality: HYD, Click on Next
Step102. Click on Next
Step103. Put tick mark on Configured SIP domains: in.test.com, test.com, Click on Next
Step104.  Put tick mark on Assign this certificate to the Lync Server Certificate usages, Click on Finish
Step105. Click On Next
Step106. Click on Next
Step107. Click On Finish
Step108. Now You Can Check Both the Certificates Assigned Default Certificate and OAuthTokenIssuer , Click on Close
Step109. Click on Run: Service Status (Optional)
Step110. Click on Next
Step111. Click on Finish
Step112. Click On Exit, Now Reboot the Server
Step113. Click On Lync Server Control Panel
Step114.  Enter Username, Password, Click on OK
Step106. Now we can Enable users to Login to the Lync Client Internally

Deployment of Lync 2013 Standard Edge Pool _Part2

Step by Step Process of Installing Lync 2013 Edge Server for the Lync clients to login externally using External network
Step1. Login the server TESTEDGE01 (Note. This server should not join to domain) using Administrator account, the server is in DMZ 
Step2. The Server should have 2 Nics; we named the Nic as External and Internal
Step3. Right Click on the External Nic and assign the External IP Address, Subnet Mask, Gateway, Click on OK
Step4. Right Click on the Internal Nic and assign the Internal IP Address, Subnet Mask, without Gateway, and assign Internal DNS IP, Click on OK
Step5. Right Click on System Properties and Enter Primary DNS Suffix: test.com, Click on OK
Step6. Login to the DNS server; create A record with TESTEDGE01 Pointing to Internal IP
Step7. Login to TESTEDGE01, Open host file and Add the IP and host of DC root Server (10.10.1.1: TESTVMAD01.test.com) and Lync Server (10.10.1.127: TESTLYNC.test.com), Click on SAVE
Step8. Login to Server TESTLYNC01, Click on Lync Server Topology Builder
Step9. Select on Download Topology from existing deployment, Click on OK
Step10. Right click on Edge pool, Click on New Edge Pool
Step11. Click On Next
Step12. Enter FQDN: TESTEDGE01.test.com, Select on Single computer pool
Step13. Click on Use a single FQDN and IP address, Click on Enable Federation (port 5061), Click on Next
Step14. Click on Enable IPv4 on Internal interface, Click on Enable IPv4 on External interface,
Step15. Click on Next (Note as we have taken single External Network so each service will use different port)
Step16. Enter Internal IPv4 address: 10.10.1.199, Click on Next
Step17. Enter External IPv4 address: 193.21.89.55, Click on Next
Step18. Click On Next
Step19. Click On Finish
Step20.Select Central Management Store, Right Click Topology, Click on Publish
Step21. Click on Finish
Step22. Right Click on Lync Server Management Shell, Run as Administrator
Step23. Enter the command Export-Configuration –Filename C:\topology_export.zip, Click on Enter button on Keyboard
Step24. Now you can see the Configuration File is exported on C drive topology. Export zip file
Step25. Login to the Server TESTEDGE01 and copy the topology. Export zip file
Step26. Copy the Lync Setup file on TESTEDGE01 and Run the Setup
Step27. Click on Install or Update Lync Server System
Step28. Click on Run: Install Local Configuration Store
Step29. Browse the configuration file Topology_export.zip, Click on Next
Step30. It will take some time in executing the Commands, Click on Finish
Step31. Click On Run: Setup or Remove Lync Server Components
Step32. Click On Next
Step33. Click On Finish
Step34. Click on Run: Request Install or Assign Certificates
Step35. Click on Request for Edge Internal Certificate
Step36. Click on Next
Step37. Select Prepare the request now, but Send it later (offline certificate request), Click on Next
Step38. Browse, Save the File LyncEdgeInternal.req on Desktop, Click on Next
Step39. Click On Next
Step40. Click on Mark the certificate’s private key as exportable, Click on Next
Step41. Enter Organization: TESTORG, Organizational Unit: IT, Click On Next
Step42. Select Country/Region: India, Enter State/Province: AP, Enter City/Locality: HYD, Click on Next
Step43. Click On Next
Step44. Enter all the SIP address, Click on Add, Click on Next
Step45. Click On Next
Step46. Click On Next
Step47. Click On Finish 
Step48. Login to the Lync Server TESTLYNC01, Copy the Root Certificate, Click on Run, Enter certmgt.msc, Select TESTVMAD01 certificate
Step49. Right Click on TESTVMAD01, Click on Open, Click on Details tab, Click On Copy to File
Step50. Click On Next
Step51. Click On Next
Step52. Click On Browse; Select the Path to export the Root Certificate, Click on Next
Step53. Copy the rootcertificate from TESTLYNC01 to TESTEDGE01
Step54. Install the rootcertifcate on the Edge Server TESTEDGE01, Right Click On rootcertifcate, Click on Install Certificate
Step55. Select on Local Machine, Click on Next
Step56. Browse, Select Trusted Root Certificate Authorities, Click on OK
Step57. Click On Next
Step58. Click On Finish
Step59. Login to the TESTVMAD01, Copy the LyncEdgeInterna.req file in the Root server, To Publish  Certificate  request
Step60. Select TESTVMAD01, Right Click, Select All Tasks, Click on Submit New request
Step61. Select the File LyncEdgeInternal.req, Change the File Name: LyncEdgeInternal.cer, Click On Save
Step62. Now You Can See the Certificate is saved on the Desktop, Copy the LyncEdgeInternal.cer to TESTEDGE01
Step63. Login to Edge Server TESTEDGE01, Click on Import Certificate
Step64. Browse, Select LyncEdgeInternal.cer, Click on Next
Step65. Click On Next
Step66. Click On Finish
Step67. Select External Edge certificate, Click on Request
Step68. Click On Next
Step69. Select Prepare the request now, but send it later, Click on Next
Step70. Browse; Provide the Path for the Cer Request File LyncEdgeExternal.req, Click on Next
Step71. Click On Next
Step72. Enter Friendly name: Edge01External Certificate, Click on Next
Step73. Enter Organization: TESTORG, Organization unit: IT, Click on Next
Step74. Select Country/Region: India, State/Province: AP, City/Locality: Hyd, Click On Next
Step75. Click On Next
Step76. Select all Configured SIP domains, Click on Next
Step77. Click On Next
Step78. Click On Next
Step79. Click On Next
Step80. Click On Finish
Step81. Raised the request with www.cacert.org by creating an account, provided the LynEdgeExternal.req file to the www.cacert.org as we are in testing, once the Cacert has processed will provide the Encrypted Certificate in the txt format 
Step82. Once the request is successful you will be getting the mail to download the txt file of Cer
Step83. Login to the TESTVMAD01, Copy the LyncEdgeExterna.req file in the Root server, To Publish Certificate  request
Step84. Select TESTVMAD01, Right Click, Select All Tasks, Click on Submit New request
Step85. Select the File LyncEdgeExternal.req, Change the File Name: LyncEdgeExternal.cer, Click On Save
Step86. Now You Can See the Certificate is saved on the Desktop, Copy the LyncEdgeExternal.cer to TESTEDGE01
Step87. Login to Edge Server TESTEDGE01, Select External Edge Cert, Click on Import Certificate
Step88. Browse, Select LyncEdgeExternal.cer, Click on Next
Step89. Click On Next
Step90. Click On Finish
Step91. Now we need to assign the Certificate Once we have Imported, Select on Edge Internal, Click on Assign, Click On Next
Step92. Select Edge01 Internal Certificate, Click on Next
Step93. Click On Next
Step94. Click On Finish
Step95. Now we need to assign the Certificate Once we have Imported, Select on Edge External, Click on Assign, Click on Next
Step96. Select Edge01 External Certificate, Click on Next
Step97. Click On Next
Step98.  Click On Finish
Step99. Now You Can Find Internal and External Certificates are Assigned, Click On Close
Step100.Click on Start Services
Step101. Click On Next
Step102. Click On Finish
 Step103. Login to Server TESTLYNC01, Open Lync Control Panel, Enter Username, Password
Step104. Click on Federation and External Access, Click on External Access Policy tab, Double Click on Global
Step105. Click on Enable communication with federation users, Enable communication with remote users, Enable communications with public users, Click on Commit
Step106. Now we can see the Policy has External Access Policy is Enabled
Step107. Click on Federation and External Access, Click on Access Edge Policy tab, Double Click on Global
Step108. Click on Enable federation and public IM connectivity users, Enable partner domain discovery, Enable remote user access, Enable anonymous user access to conferences, Click on Commit
Step109. Now we can see the Policy has Access Edge Policy is enabled
Step110. Now we need to Create A records SRV records Externally and Internally
Internal SRV records

_sipinternaltls._tcp.test.com[5061]->sip.test.com
_sipinternal._tcp.test.com[5061]->sip.test.com

External SRV records

_sipfederationtls._tcp.test.com[5061]->sip.test.com
_sip._tls.test.com[443]->sip.test.com

Internal Host records (A )
Host record
Pointing IP
Lyncdiscoverinternal.test.com
10.10.1.127
Meet.test.com
10.10.1.127
Dialin.test.com
10.10.1.127
TESTEDGE01.test.com
10.10.1.199
Sipinternal.test.com
10.10.1.127
External Host records (A)
Host record
Pointing IP
Lyncdiscover.test.com
193.21.89.55
Sip. test.com
193.21.89.55
Meet. test.com
193.21.89.55
Dialin.test.com
193.21.89.55

Step111. Now we need to Open the Ports and Create the Rules at Firewall
Default SIP for Internal: test.com              
SIP for External communication is: test.com
Internal Web Services and External ports to be opened at firewall
Internal
HTTP
HTTPS
Listening port
80
443,444
Published port
80
443,444

 External
HTTP
HTTPS
Listening port
8080
4443,444
Published port
80
443,444

Firewall for Federation
Role/Protocol/TCP or UDP/Port
Source IP address
Destination IP address
Access/SIP(MTLS)/TCP/5061
193.21.89.55
Any
Firewall for Public Instant Messaging Connectivity
Role/Protocol/TCP or UDP/Port
Source IP address
Destination IP address
Access/SIP(MTLS)/TCP/5061
Public IM connectivity partners
193.21.89.55
Access/SIP(MTLS)/TCP/5061
193.21.89.55
Public IM connectivity partners
Access/SIP(TLS)/TCP/443
clients
193.21.89.55

Firewall for Extensible Messaging
XMPP/TCP/5269(Extn Messaging)
Any
193.21.89.55
XMPP/TCP/5269
193.21.89.55
Any

Firewall For Ping Report
ICMP
Any
193.21.89.55
ICMP
193.21.89.55
Any



                                                                                                   

Comments

Post a Comment

Popular posts from this blog

Configuring and Managing Storage

Configuring and Managing Storage Storage Concepts If you are an ESX/ESXi administrator planning to set up ESX/ESXi hosts to work with SANs, you must have a working knowledge of SAN concepts. You can find information about SANs in print and on the Internet. Because this industry changes constantly, check these resources frequently. If you are new to SAN technology, familiarize yourself with the basic terminology. A storage area network (SAN) is a specialized high-speed network that connects computer systems, or host servers, to high performance storage subsystems. The SAN components include host bus adapters (HBAs) in the host servers, switches that help route storage traffic, cables, storage processors (SPs), and storage disk arrays. A SAN topology with at least one switch present on the network forms a SAN fabric. To transfer traffic from host servers to shared storage, the SAN uses Fibre Channel (FC) protocol that packages SCSI commands into Fibre Channel frames. To rest...
Read more

vCenter Server 5.5 installation software requirements and Step by Step process to implement

vCenter Server 5.5 installation software requirements and Step by Step process to implement : Requirements : vCenter Single Sign-On, vSphere Web Client, vCenter Inventory Service, and vCenter Server hardware requirements                                Host Hardware for Simple Install Deployment   Minimum Requirement Processor   Intel or AMD x64 processor with two or more logical cores, each with a speed of 2 GHz. Memory   3 GB Disk Storage   2 GB Network speed   1 Gbps Software requirments   Minimum Requirement Microsoft server   Windows Server 2008 R2 .net   3.5 SP1 Framwork SQL Server   SQL Server 2008 vCenter Server Software Requirements and service requirements : 1. ...
Read more