Clicky

I am planning a deployment on Lync 2010 and have questions. We have a corporate office that houses ALL servers, and roughly 100 employees.  We also have 2 other offices connected to the Corporate office via MPLS (each remote office has a 20MG metro and the Corporate office has a 40MG metro).  The remote servers DO NOT have any servers locally, and currently connect back to corporate for everything (including internet access).  The remote locations have roughly 20 employees each.

When creating my topology running the planning tool & topology builder, do I create a central site AND branch sites?  I do not want to install a Survivable branch appliance or server at they remote locations.
The features we want to use mainly are Chat, Presence, Video Conferencing, External User Access, and External services like Yahoo, MSN, etc.  We do not want to connect our existing PBX to the Lync system, at all.  What roles can I, and must I exclude since we will not be utilizing the PBX (Phones) at all?
If I do NOT install an Archiving Server will the users still be able to see any chat history and if so how much?  I am assuming the Archive Server holds ALL conversations forever (or a predetermined amount of time).

Sorry for all the questions, but I am deploying in a week and have a lot of planning to do prior!!  THANK YOU!!

asked 10/28/2011 08:10

BSModlin's gravatar image

BSModlin ♦♦


7 Answers:
1.  You'll only need to create a single site.  I am running Lync for Chat, Presence, Web Conferencing, and Remote Access across a 25-site, 850-user network all from a single site/front end server and a single edge server.

2.  The bare minimum features are Chat, Presence, Web Conferencing, and Lync-to-Lync audio/video.  All other roles can be excluded or included as needed.

3.  Users have the ability to save their Conversation History in Outlook via settings on the Lync client.  I believe the default setting is to save conversations.  A Conversation History folder will be added to the users' e-mail folder and the Conversation History tab in Lync will directly access the Outlook folder.  If the setting is off the conversations are not saved.  The advantage of the Archiving Server is that all conversations are saved and searchable from a central location.  But if you have no legal compliance concerns you shouldn't need it.

Good luck on your Lync project!

--Jeff
link

answered

jeiben812's gravatar image

jeiben812

Man, all that info was VERY helpful.... I have one last question regarding SSL certs....  I will be purchasing the necessary cert(s) from GoDaddy.  My question is since I am going to be allowing external access via an Edge Server do I need 2 certs, one for the Lync Server and one for the Edge server?  If so, what subject alt. names need to be included for both servers?

Example:

dialin.xyz.com
meet.xyz.com
conf.xyz.com

Which servers require what alt. names?

link

answered 10/28/11 10:03 PM

BSModlin's gravatar image

BSModlin

You will need three certs, actually...  

1. The internal cert for the Lync Front End (or Standard) server itself.
Subject: <Pool FQDN>
SANs: <_sipinternaltls SRV record FQDN>, <Pool FQDN>, <Front End Server FQDN>, <dialin FQDN>, <meet FQDN>, <admin FQDN>, <web services FQDN>

2. The internal cert for the Lync Edge server that secures the connection to the Lync Front End.
Subject: <Edge Pool/Server FQDN>
No SANs

3. The external cert for the Lync Edge server that secures the external connections.
Subject: <External _sip._tls SRV record FQDN>
SANs: <External _sip._tls SRV record FQDN>, <conf FQDN>

The Lync setup wizard does a good job of walking you through generating the certificate requests.  You just need to make sure all the SANs match your implementation.

--Jeff
link

answered 10/31/11 08:43 AM

jeiben812's gravatar image

jeiben812

I am a bit confused.... I am not using multiple front end or Edge servers...  Why would I need to purchase 2 certs for one edge server?
link

answered 10/31/11 09:40 AM

BSModlin's gravatar image

BSModlin

The connection between the Edge server and the Front End server must also be secured.  That is why the Edge server needs 2 certs.  This cert is only used between the two servers, so there is no need for 3rd-party signing.  I recommend using the domain CA for this cert.

Honestly, I went with domain-signed certs for all purposes to avoid the costs of the 3rd-party certs.  It's a minor inconvenience for the users to have to verify that they want to continue to the site, and it doesn't affect the Lync client behavior at all.

--Jeff
link

answered 10/31/11 09:42 AM

jeiben812's gravatar image

jeiben812

And will the Edge Server wizard help me create requests for both certs?
link

answered 10/31/11 10:15 AM

BSModlin's gravatar image

BSModlin

Yes, it will.

--Jeff
link

answered 10/31/11 10:59 AM

jeiben812's gravatar image

jeiben812

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×2
×2

Asked: 10/28/2011 08:10

Seen: 397 times

Last updated: 10/31/2011 07:22