Lync Server 2010 - Supportability

Microsoft Lync Server 2010 Supportability
Guide
Microsoft Lync Server 2010
Published: March 2012
This document is provided as-is. Information and vies e!pressed in this document" includin#
$%& and other Internet 'eb site references" ma( chan#e ithout notice.
)ome e!amples depicted herein are provided for illustration onl( and are fictitious. *o real
association or connection is intended or should be inferred.
This document does not provide (ou ith an( le#al ri#hts to an( intellectual propert( in an(
Microsoft product. +ou ma( cop( and use this document for (our internal" reference purposes.
,op(ri#ht - 2012 Microsoft ,orporation. .ll ri#hts reserved.
Contents
)upportabilit(............................................................................................................................... 1
.ctive /irector( )upport.......................................................................................................... 1
)upported &(nc )erver 2010 Topolo#ies.................................................................................. 1
)upported )erver ,ollocation.................................................................................................. 0
)erver ,ollocation in an 1nterprise 1dition 2ront 1nd Pool /eplo(ment..............................0
)erver ,ollocation in a )tandard 1dition )erver /eplo(ment...............................................3
)upported Mi#ration Paths and ,oe!istence )cenarios..........................................................4
)upported )erver Mi#ration Paths and ,oe!istence )cenarios...........................................4
)upported ,lients from Previous /eplo(ments..................................................................10
)upported 5ardare.............................................................................................................. 11
)erver 5ardare Platforms................................................................................................. 11
,lient and /evice 5ardare )upport..................................................................................16
,lient 5ardare )upport................................................................................................. 16
/evice 5ardare )upport............................................................................................... 10
2ile )tora#e )upport........................................................................................................... 10
)erver )oftare and Infrastructure )upport...........................................................................17
)erver and Tools 8peratin# )(stem )upport......................................................................17
/atabase )oftare and ,lusterin# )upport........................................................................19
,ertificate Infrastructure )upport........................................................................................ 20
'ildcard ,ertificate )upport............................................................................................... 20
/omain *ame )(stem :/*); Infrastructure )upport.........................................................<1
Internet Information )ervices :II); )upport.........................................................................<1
IP and *etor=in# Protocol )upport................................................................................... <1
>oice )upport..................................................................................................................... <2
)IP Trun=in# )upport...................................................................................................... <2
/irect )IP ,onnections )upport...................................................................................... <<
1!chan#e $nified Messa#in# :$M; )upport....................................................................<0
,omponents and Topolo#ies for 8n-Premises $nified Messa#in#..................................<0
)upport for 5osted 1!chan#e $M Inte#ration.................................................................<7
14-1-1 )upport................................................................................................................ <3
>irtuali?ation )upport.......................................................................................................... <9
.dditional )erver )upport and %e@uirements........................................................................<9
,lient and /evice )oftare and Infrastructure )upport.........................................................00
,lient )oftare )upport...................................................................................................... 00
%e@uired &(nc )erver 2010 ,omponents for /evices........................................................02
/evice )(stem and Infrastructure )upport......................................................................... 06
Supportability
Microsoft &(nc )erver 2010 communications softare supports topolo#ies that are desi#ned to
meet the needs of or#ani?ations that are small" medium" or lar#e and that have var(in#
re@uirements for performance" hi#h availabilit(" and scalabilit(.
In This Section
.ctive /irector( )upport
)upported &(nc )erver 2010 Topolo#ies
)upported )erver ,ollocation
)upported Mi#ration Paths and ,oe!istence )cenarios
)upported 5ardare
)erver )oftare and Infrastructure )upport
.dditional )erver )upport and %e@uirements
,lient and /evice )oftare and Infrastructure )upport
Active Directory Support
The .ctive /irector( /omain )ervices topolo#ies supported b( Microsoft &(nc )erver 2010 are as
follos:
)in#le forest ith sin#le domain
)in#le forest ith a sin#le tree and multiple domains
)in#le forest ith multiple trees and disAoint namespaces
Multiple forests in a central forest topolo#(
Multiple forests in a resource forest topolo#(
ote!
&(nc )erver does not support sin#le-labeled domains. 2or e!ample" a forest ith a root
domain named contoso"local is supported" but a root domain named local is not
supported. 2or details" see Microsoft Bnoled#e Case article 60079<" Information about
confi#urin# 'indos for domains ith sin#le-label /*) names" at
http:DD#o.microsoft.comDflin=DE&in=IdF1<6302.
2or details about supported topolo#ies and re@uirements" see .ctive /irector( /omain )ervices
%e@uirements" )upport" and Topolo#ies in the Plannin# documentation.
Supported Lync Server 2010 Topolo#ies
Microsoft &(nc )erver 2010 supports deplo(ment of one or more sites that can be scaled to meet
hi#h availabilit( and location re@uirements. +ou can structure these sites and their components to
meet the access and resilienc( re@uirements of (our or#ani?ation.
+ou can have one or more sites in (our &(nc )erver 2010 deplo(ment:
1
+our deplo(ment must include at least one central site :also =non as a data center;. 1ach
central site must contain at least one of 1nterprise 1dition 2ront 1nd pool or one )tandard
1dition server. These consist of the folloin#:
1nterprise 1dition 2ront 1nd pool" hich consists of one or more 2ront 1nd )ervers
:t(picall(" at least to 2ront 1nd )ervers for scalabilit(; and a separate Cac= 1nd )erver.
. 2ront 1nd pool can contain a ma!imum of ten 2ront 1nd )ervers. &oad balancin# is
re@uired for multiple 2ront 1nd )ervers. 2or )IP traffic" /*) load balancin# is
recommended" but hardare load balancin# is also supported. If (ou use /*) load
balancin# for )IP traffic" (ou still need a hardare load balancer for 5TTP traffic. .
'indos cluster of to or more Cac= 1nd )ervers is recommended for hi#h availabilit( of
the )G& )erver databases. The cluster can be on an e!istin# )G& )erver cluster that
includes cluster nodes that are used for other applications" but the bac=-end database
must reside on dedicated cluster nodes. The bac=-end database re@uires a separate
instance" but (ou can collocate the archivin# and monitorin# database ith it. &(nc
)erver 2010 also supports the use of a shared cluster for the file shares in (our
deplo(ment. 2or details about database stora#e re@uirements" see /atabase )oftare
and ,lusterin# )upport. 2or details about file stora#e re@uirements" see 2ile )tora#e
)upport.
I$portant!
If (ou collocate &(nc )erver databases ith other databases" e hi#hl(
recommend assessin# all factors that mi#ht affect availabilit( and performance"
as ell as ensurin# that" if a node fails" the remainin# node can handle the load.
To verif( failover capabilities" e recommend testin# all failover scenarios.
)tandard 1dition server" hich includes a collocated )G& )erver 1!press database.
+our deplo(ment can also have one or more branch sites associated ith a central site.
This section describes the sites and components of a &(nc )erver 2010 deplo(ment. 2or details
about &(nc )erver 2010 site" topolo#(" and component plannin#" see Topolo#( Casics +ou Must
Bno Cefore Plannin# and %eference Topolo#ies in the Plannin# documentation. 2or details
about inte#ration of previous 8ffice ,ommunications )erver components" see )upported
Mi#ration Paths and ,oe!istence )cenarios.
Central Site Topolo#ies and Co$ponents
.lthou#h a central site topolo#( must include one 2ront 1nd pool or )tandard 1dition server" each
central site can also contain the folloin#:
Multiple 2ront 1nd pools" hich can be in the same domain or different domains. .lthou#h" all
2ront 1nd )ervers in a 2ront 1nd pool and the Cac= 1nd )erver for that pool" must be in the
same domain.
Multiple )tandard 1dition servers.
.D> ,onferencin# )erver or pool" if (ou ant to support .D> conferencin# functionalit( at the
central site. 2or a )tandard 1dition server deplo(ment" the .D> ,onferencin# )erver is
automaticall( collocated ith the )tandard 1dition server and (ou cannot use a stand-alone
.D> ,onferencin# )erver or pool. 2or a 2ront 1nd pool" use of a stand-alone .D>
2
Microsoft Lync Server 2010 Supportability Guide
,onferencin# )erver or .D> ,onferencin# pool is optional but recommended for deplo(ments
ith more than 10"000 users. The servers in an .D> ,onferencin# pool do not re@uire load
balancin# because the( provide their on load balancin#. .ll 2ront 1nd )ervers of a central
site that do not have a collocated .D> ,onferencin# )erver use the same stand-alone .D>
,onferencin# )erver or pool.
1d#e )erver or 1d#e pool in (our perimeter netor=" if (ou ant (our deplo(ment to support
federated partners" public IM connectivit(" remote user access" participation of anon(mous
users in meetin#s" or hosted $M . +ou cannot collocate an( other server role ith an 1d#e
)erver. /*) load balancin# is recommended" here appropriate" but hardare load
balancin# is also supported. The internal 1d#e interface and e!ternal 1d#e interface must
use the same t(pe of load balancin#. +ou cannot use /*) load balancin# on one 1d#e
interface and hardare load balancin# on the other 1d#e interface. 2or details about load
balancin# re@uirements and support" see Plannin# for 1!ternal $ser .ccess in the Plannin#
documentation and /eplo(in# 1d#e )ervers in the /eplo(ment documentation.
Mediation )erver or pool" if (ou ant to support 1nterprise >oice or dial-in conferencin# in a
2ront 1nd pool at the central site. /ependin# on ho (ou deplo( 1nterprise >oice support"
(ou can collocate the Mediation )erver in a 2ront 1nd pool :the default; or deplo( a stand-
alone Mediation )erver or pool. 2or details about the plannin# the appropriate Mediation
)erver topolo#(" includin# collocation options" see /eplo(ment Huidelines for Mediation
)erver in the Plannin# documentation. +ou can use /*)" hardare or application load
balancin# :hen appropriate; to distribute traffic from a Mediation )erver poolIs #atea(
peer" includin# a P)T* #atea(" IP-PCJ" or )IP trun= )ession Corder ,ontrol :)C,;.
Monitorin# )erver" if (ou ant to support data collection about of (our audioDvideo Gualit( of
1!perience :Go1; and call detail recordin# :,/%; for 1nterprise >oice and .D> conferences
in (our deplo(ment. 8ptionall(" (ou can also install the Microsoft )(stem ,enter 8perations
Mana#er :formerl( Microsoft 8perations Mana#er;" hich uses Monitorin# ,/% and Go1
data to #enerate near real-time alerts shoin# the health of call reliabilit( and media @ualit(. .
Monitorin# )erver can be collocated ith an .rchivin# )erver" ith a )G& )erver store of an
1nterprise 1dition 2ront 1nd pool" or ith a file store of a 2ront 1nd pool. The Monitorin#
)erver re@uires a database" but the database can be collocated on the Monitorin# )erver"
ith the database server for the .rchivin# )erver" or on the Cac= 1nd )erver of an 1nterprise
1dition 2ront 1nd pool. . Monitorin# )erver cannot be collocated ith a )tandard 1dition
server in a production environment.
.rchivin# )erver" if (ou ant to archive IM communications and meetin# content :for
compliance reasons; in (our deplo(ment. .n .rchivin# )erver can be collocated ith a
Monitorin# )erver" ith a )G& )erver store of an 1nterprise 1dition 2ront 1nd pool" or ith a
file store of an 1nterprise 1dition 2ront 1nd pool. The .rchivin# )erver re@uires a database"
but the database can be collocated on the .rchivin# )erver" ith the database server for the
Monitorin# )erver" or on the Cac= 1nd )erver of a 2ront 1nd pool. .n .rchivin# )erver
cannot be collocated ith a )tandard 1dition server in a production environment.
/irector or /irector pool" if (ou ant to facilitate resilienc( and redirection of &(nc )erver user
re@uests to the userIs home pool" hich can be either an 1nterprise 1dition 2ront 1nd pool or
a )tandard 1dition server. 'e recommend that (ou deplo( a /irector or /irector pool in each
central site that supports e!ternal user access and in each central site in hich (ou deplo(
6
one or more 2ront 1nd pools. 1ach /irector pool can contain a ma!imum of ten /irectors. .
/irector cannot be collocated ith an( other server role.
%everse pro!(" hich is not a &(nc )erver component but is re@uired if (ou ant to support
sharin# of eb content for federated users. +ou cannot collocate a reverse pro!( server ith
an( &(nc )erver 2010 server role" but (ou can implement reverse pro!( support for a &(nc
)erver deplo(ment b( confi#urin# the support on an e!istin# reverse pro!( server in (our
or#ani?ation that is used for other applications.
.ll 2ront 1nd pools and )tandard 1dition servers that (ou deplo( at a central site share an( of the
folloin# that (ou deplo( for the central site:
/irector or /irector pool
Monitorin# )erver
.rchivin# )erver
)tand-alone .D> ,onferencin# )erver or pool :1nterprise 1dition 2ront 1nd pool onl(;
)tand-alone Mediation )erver or pool
1d#e )erver or 1d#e pool
ote!
.n 1!chan#e $M )erver can be implemented ith (our &(nc )erver 2010 deplo(ment if
(ou ant to support inte#ration of Microsoft 1!chan#e unified messa#in#" but it is not a
component of the &(nc )erver site.
Multiple central sites can also share an( of the folloin# that (ou deplo( in one central site:
.rchivin# )erver
Monitorin# )erver
)tand-alone Mediation )erver or pool
1d#e )erver or 1d#e pool
ote!
.n 1!chan#e $M )erver can be implemented ith (ou &(nc )erver 2010 deplo(ment
and shared b( multiple central sites" but it is not a component of the &(nc )erver site
2or details about &(nc )erver 2010 server roles" see )erver %oles in the Plannin#
documentation.
2or a summar( of hich &(nc )erver 2010 server roles can be collocated ith other server roles"
see )upported )erver ,ollocation.
In addition to the server roles covered previousl( in this section" &(nc )erver 2010 has additional
components and options" hich can include some or all of the folloin#:
2irealls
P)T* #atea(s :if deplo(in# 1nterprise >oice;
1!chan#e $M )erver
/*) load balancin#
5ardare load balancers
)G& )erver databases
<
2ile shares
2or details about all of the &(nc )erver 2010 components and options" see the Plannin#
documentation.
%ranch Site Topolo#ies and Co$ponents
. branch site is associated ith a central site and each )urvivable Cranch .ppliance in a branch
site is associated ith an 1nterprise 1dition 2ront 1nd pool or a )tandard 1dition server in the
associated central site. Cranch sites depend on the central site for most of their functionalit(" so
components at a branch site contain onl( the folloin#:
. )urvivable Cranch .ppliance" hich combines a public sitched telephone netor= :P)T*;
#atea( ith some &(nc )erver functionalit(. Mediation )erver can be collocated ith the
instance of the %e#istrar on the )urvivable Cranch .ppliance" (ou can deplo( a stand-alone
Mediation )erver or pool of Mediation )ervers.
. )urvivable Cranch )erver" hich is a 'indos server that has &(nc )erver 2010 %e#istrar
and Mediation )erver softare installed.
. stand-alone P)T* #atea( :not part of the )urvivable Cranch .ppliance; and stand-alone
Mediation )erver.
The re@uirements for )urvivable Cranch )ervers are the same as the re@uirements for an( &(nc
)erver 2010 server role.
Supported Server Collocation
Microsoft &(nc )erver 2010 communications softare supports collocation of some server roles.
'hich server roles (ou can collocate is partl( dependent on hether (ou are deplo(in# a 2ront
1nd pool or a )tandard 1dition server.
In This Section
)erver ,ollocation in an 1nterprise 1dition 2ront 1nd Pool /eplo(ment
)erver ,ollocation in a )tandard 1dition )erver /eplo(ment
Server Collocation in an &nterprise &dition 'ront &nd (ool Deploy$ent
This section describes the server roles" databases" and file shares that (ou can collocate in a
Microsoft &(nc )erver 2010 2ront 1nd pool deplo(ment.
Server )oles
,ollocation of the folloin# server roles on the same computer is supported:
'ront &nd Server *ith the A+, Conferencin# service and the Mediation service The
default confi#uration is collocated .D> ,onferencin# service and Mediation service" but (ou
can choose to deplo( either or both separatel(" each on a stand-alone server.
Monitorin# Server *ith Archivin# Server +ou can also collocate either or both of these on
a database server" as described later in this section.
The folloin# server roles must each be deplo(ed on a separate computer:
0
/irector
1d#e )erver
Trusted .pplication )erver
)tand-alone .D> ,onferencin# )erver :if not collocated ith the 2ront 1nd )erver;
Mediation )erver :if not collocated ith the 2ront 1nd )erver;
,ollocatin# Microsoft &(nc )erver 2010" Hroup ,hat ith an( server role is not supported.
If (ou do not collocate either or both of the folloin# server roles on the 2ront 1nd )erver" (ou
must deplo( each stand-alone server on a separate computer:
)tand-alone .D> ,onferencin# )erver
)tand-alone Mediation )erver
Databases
+ou can collocate each of the folloin# databases on the same database server:
Cac=-end database
Monitorin# database
.rchivin# database
+ou can collocate an( or an( or all of these databases in a sin#le )G& instance or use a separate
)G& instances for each" ith the folloin# limitations:
1ach )G& instance can contain onl( a sin#le bac=-end database" sin#le Monitorin# database"
and sin#le .rchivin# database.
The database server cannot support more than one 2ront 1nd pool" one .rchivin# )erver"
and one Monitorin# )erver" but it can support one of each" re#ardless of hether the
databases use the same )G& instance or separate )G& instances.
+ou can collocate a sin#le Monitorin# )erver" a sin#le .rchivin# )erver" or both on ith the
databases. +ou can also collocate a file share ith the databases" as described later in this
section.
+ou should not collocate the Hroup ,hat database and compliance database :for Hroup ,hat
)erver; ith an( database server or ith Hroup ,hat )erver. These collocations are not
supported.
'ile Shares
The file share can be a separate server or can be collocated on the same server as an( or all of
the folloin#:
/atabase server" includin# the Cac= 1nd )erver of an 1nterprise 1dition 2ront 1nd pool"
.rchivin# database" and Monitorin# database
Monitorin# )erver
.rchivin# )erver
. sin#le file share can be used for multiple 2ront 1nd pools" )tandard 1dition servers" .rchivin#
)ervers" and Monitorin# )ervers :all in the same site;.
7
-ther Co$ponents
+ou cannot collocate a reverse pro!( server" hich is not a &(nc )erver 2010 component but is
re@uired in (our deplo(ment if (ou ant to support sharin# of eb content for federated users"
ith an( &(nc )erver server role. +ou can" hoever" implement reverse pro!( support for a &(nc
+ou cannot collocate an( 1!chan#e $nified Messa#in# :$M; component or )harePoint
component ith an( &(nc )erver role.
Server Collocation in a Standard &dition Server Deploy$ent
This section describes the server roles" databases" and file shares that (ou can collocate in a
Microsoft &(nc )erver 2010 )tandard 1dition server deplo(ment.
Server )oles
,ollocation of the folloin# server roles on the same computer is supported:
Standard &dition server *ith A+, Conferencin# service and Mediation service The
default confi#uration is collocated .D> ,onferencin# service and Mediation service. +ou can
deplo( Mediation service as a separate server or pool. +ou cannot deplo( .D> ,onferencin#
service as a separate server or pool.
Monitorin# Server *ith Archivin# Server +ou can collocate either or both of these ith
the database server" as described later in this topic.
Standard &dition server *ith Monitorin# Server and Archivin# Server .for test
purposes only/ +ou can collocate the Monitorin# )erver" .rchivin# )erver" or both on the
)tandard 1dition server in a test environment.
I$portant!
/o not collocate these to server roles on a )tandard 1dition server in a production
environment.
The folloin# server roles must each be deplo(ed on a separate computer:
/irector
1d#e )erver
Trusted .pplication )erver
,ollocatin# Microsoft &(nc )erver 2010" Hroup ,hat ith an( server role is unsupported.
If (ou do not collocate either or both of the folloin# server roles on the 2ront 1nd )erver" (ou
must deplo( each stand-alone server on a separate computer:
)tand-alone .D> ,onferencin# )erver
)tand-alone Mediation )erver
Databases
C( default" the )G& )erver 1!press bac=-end database is collocated on the )tandard 1dition
server. +ou cannot move it to a separate computer. +ou cannot collocate other databases on the
)tandard 1dition server.
3
+ou can collocate each of the folloin# databases on a sin#le database server:
Monitorin# database
.rchivin# database
. bac=-end database for an 1nterprise 1dition 2ront 1nd pool
+ou can collocate an( or an( or all of these databases in a sin#le )G& instance or use a separate
)G& instances for each" ith the folloin# limitations:
1ach )G& instance can contain onl( a sin#le bac=-end database :for an 1nterprise 1dition
2ront 1nd pool;" sin#le Monitorin# database" or sin#le .rchivin# database.
The database server cannot support more than one 1nterprise 1dition 2ront 1nd pool" one
.rchivin# )erver" and one Monitorin# )erver" but it can support one of each" re#ardless of
hether the databases use the same )G& instance or separate )G& instances.
+ou can collocate a sin#le Monitorin# )erver" a sin#le .rchivin# )erver" or both ith the
databases. +ou can also collocate a file share ith the databases :as described later in this
section;.
+ou should not collocate the Hroup ,hat database and compliance database :for Hroup ,hat
)erver; ith an( database server or ith Hroup ,hat )erver. These collocations are not
supported.
'ile Shares
The file share can be a separate server or can be collocated on the same server as an( or all of
the folloin#:
/atabase server" includin# the Cac= 1nd )erver of a 2ront 1nd pool" .rchivin# database" and
Monitorin# database
Monitorin# )erver
.rchivin# )erver
. sin#le file share can be used for multiple 2ront 1nd pools" )tandard 1dition servers" .rchivin#
)ervers" and Monitorin# )ervers :all in the same site;.
-ther Co$ponents
+ou cannot collocate a reverse pro!( server" hich is not a &(nc )erver 2010 component but is
re@uired in (our deplo(ment if (ou ant to support sharin# of eb content for federated users"
ith an( &(nc )erver server role. +ou can" hoever" implement reverse pro!( support for a &(nc
+ou cannot collocate an( 1!chan#e $nified Messa#in# :$M; component or )harePoint
component ith an( &(nc )erver role.
Supported Mi#ration (aths and Coe0istence Scenarios
Microsoft &(nc )erver 2010 supports mi#ration from the more recent versions of 8ffice
,ommunications )erver" includin# coe!istence ith specific client and server components of
those previous deplo(ments.
9
In This Section
)upported )erver Mi#ration Paths and ,oe!istence )cenarios
)upported ,lients from Previous /eplo(ments
Supported Server Mi#ration (aths and Coe0istence Scenarios
Microsoft &(nc )erver 2010 supports mi#ration from either of the folloin#:
Microsoft 8ffice ,ommunications )erver 2003
Microsoft 8ffice ,ommunications )erver 2003 %2
Mi#ration from an environment runnin# both of these previous versions of 8ffice ,ommunications
)erver is not supported. Mi#ration for earlier versions" such as &ive ,ommunications )erver
2000" is not supported.
Mi#ration Methods
Mi#ration of all &(nc )erver 2010 topolo#ies and server roles is supported. +ou can mi#rate from
one topolo#( to a different topolo#(" includin# from )tandard 1dition server to 1nterprise 1dition
server.
&(nc )erver 2010 supports onl( the folloin# mi#ration method:
Side1by1side $i#ration" In side-b(-side mi#ration" &(nc )erver 2010 is deplo(ed alon#side
an e!istin# 8ffice ,ommunications )erver 2003 or 8ffice ,ommunications )erver 2003 %2
deplo(ment" and then (ou transfer operations to the ne servers and move users to &(nc
)erver 2010. This method re@uires additional server platforms" includin# hardare and
softare" durin# mi#ration" and s(stem names and pool names are different in the ne
confi#uration. If it becomes necessar( to roll bac= to the previous version" (ou can shift
operations bac= to the previous servers.
Mi#ration across .ctive /irector( forests is not supported.
The recommended mi#ration path is a phased approach. 2or details about mi#ratin# from a
previous release" includin# the appropriate phasin# of component deplo(ment" see Mi#ration
from 8ffice ,ommunications )erver 2003 %2 to &(nc )erver 2010 in the Mi#ration
documentation.
Coe0istence Scenarios
&(nc )erver 2010 can coe!ist ith components of either an 8ffice ,ommunications )erver 2003
deplo(ment or an 8ffice ,ommunications )erver 2003 %2 deplo(ment. ,oncurrent deplo(ment of
&(nc )erver 2010 ith both 8ffice ,ommunications )erver 2003 and 8ffice ,ommunications
)erver 2003 %2 :concurrent deplo(ment of all three versions; is not supported.
/urin# a phased mi#ration in hich a previous 8ffice ,ommunications )erver 2003 or 8ffice
,ommunications )erver 2003 %2 deplo(ment coe!ists temporaril( ith the ne &(nc )erver
2010 deplo(ment" support for mi!ed version routin# is limited. 2or details" see the Mi#ration
documentation.
+ou can deplo( a &(nc )erver 2010 database as ne instance on an e!istin# )G& )erver on
hich (ou have deplo(ed an 8ffice ,ommunications )erver 2003 or 8ffice ,ommunications
)erver 2003 %2 database" if the hardare and softare meet &(nc )erver 2010 re@uirements and
4
minimum netor= re@uirements. +ou cannot use the same )G& instance for a &(nc )erver 2010
2ront 1nd pool that (ou use for an 8ffice ,ommunications )erver 2003 or 8ffice ,ommunications
)erver 2003 %2 2ront 1nd pool.
ote!
If (ou intend to deplo( server roles that are ne to &(nc )erver 2010" such as a stand-
alone .D> ,onferencin# )erver or )urvivable Cranch .ppliance" e recommend that (ou
first up#rade (our e!istin# deplo(ment as described in the Mi#ration documentation and
the /eplo(ment documentation" and then deplo( the ne server roles as described in the
Plannin# documentation and /eplo(ment documentation.
2or specific coe!istence re@uirements and other details about coe!istence and mi#ration of 8ffice
,ommunications )erver 2003 or 8ffice ,ommunications )erver 2003 %2 and &(nc )erver 2010
components" see Mi#ration from 8ffice ,ommunications )erver 2003 %2 to &(nc )erver 2010
and Mi#ration from 8ffice ,ommunications )erver 2003 to &(nc )erver 2010 in the Mi#ration
documentation. 2or details about coe!istence of &(nc )erver 2010 pools and /irectors ith 8ffice
,ommunications )erver 2003 or 8ffice ,ommunications )erver 2003 %2 pools and /irectors"
see ,oe!istence ,han#es in the Plannin# documentation. 2or details about mi!ed version
support for clients" see )upported ,lients from Previous /eplo(ments. 2or details about support
for previous $,M. applications" see Mi#rate .pplications Cuilt on Microsoft $nified
,ommunications Mana#ed .PI :$,M.; 2.0 ,ore )/B in the Plannin# documentation.
Supported Clients fro$ (revious Deploy$ents
In a coe!istence scenario" Microsoft &(nc )erver 2010 communications softare clients can
interact ith clients from earlier versions of Microsoft 8ffice ,ommunications )erver. $sers
homed on different versions of the server and ho are usin# different clients and client versions
can interact as follos:
'hen &(nc )erver 2010 clients interact ith 8ffice ,ommunications )erver 2003 %2 clients"
instant messa#in# :IM;" presence" and voice features are supported.
'hen &(nc )erver 2010 clients interact ith 8ffice ,ommunications )erver 2003 clients" IM"
presence" and video are supported ith some voice feature limitations. 2or details see ,lient
Interoperabilit( in the Plannin# documentation.
Interaction ith Microsoft 8ffice ,ommunicator 2000 clients :basic presence and IM; is
supported onl( if the 8ffice ,ommunicator 2000 user is on a federated netor=.
ote!
$sers cannot use &(nc )erver 2010 clients to si#n in to previous server versions.
2or details about the abilit( of &(nc )erver 2010 clients to coe!ist and interact ith clients from
earlier versions of 8ffice ,ommunications )erver" see ,lient Interoperabilit( in the Plannin#
documentation.
10
Supported 2ard*are
5ardare re@uirements var( accordin# to server role" topolo#(" stora#e re@uirements" and the
specific deplo(ment scenario.
In This Section
)erver 5ardare Platforms
,lient and /evice 5ardare )upport
2ile )tora#e )upport
Server 2ard*are (latfor$s
Microsoft &(nc )erver 2010 communications softare server roles and computers runnin# &(nc
)erver administrative tools re@uire 7<-bit hardare.
The specific hardare used for &(nc )erver 2010 deplo(ment can var( dependin# on si?e and
usa#e re@uirements. This section describes the recommended hardare. .lthou#h these are
recommendations" not re@uirements" usin# hardare that does not meet these recommendations
can result in si#nificant performance impacts and other problems.
2ard*are Support for Servers )unnin# Lync Server 2010
The folloin# table describes the recommended hardare for all servers here (ou plan to install
&(nc )erver 2010" e!cept for the /irector server role. These recommendations are based on a
user pool of 90"000 users ith ei#ht 2ront 1nd )ervers and one Cac= 1nd )erver.
2ard*are )eco$$endations for Servers )unnin# Lync Server 2010
2ard*are co$ponent )eco$$ended
,P$ 8ne of the folloin#:
7<-bit dual processor" @uad-core" 2.0 H5?
or hi#her
7<-bit <-a( processor" dual-core" 2.0 H5?
or hi#her
Intel Itanium processors are not supported for
&(nc )erver 2010 server roles.
Memor( 17 HC
/is= &ocal stora#e ith at least 32 HC free dis=
space on a 10"000 %PM dis= drive
*etor= 1 netor= adapter re@uired :2 recommended;"
each 1 Hbps or hi#her
)ervers runnin# the /irector server role have lesser hardare re@uirements. These
recommendations are based on a ma!imum of 64"000 e!ternal users per 2ront 1nd pool :hich
11
follos the user model of 90"000 users per 2ront 1nd pool" ith 60K of users connectin#
e!ternall( and 1.0 multiple points of presence :MP8P;
2ard*are )eco$$endations for Directors
7<-bit processor" @uad-core" 2.0 H5? or
hi#her
7<-bit dual processor" dual-core" 2.0 H5? or
hi#her
Intel Itanium processors are not supported for
&(nc )erver 2010 server roles.
Memor( < HC
2ard*are Support for %ac3 &nd Servers and -ther Database Servers
Cac= 1nd )erver re@uirements and re@uirements for other database servers are similar to those
of servers runnin# &(nc )erver 2010" e!cept that Cac= 1nd )ervers re@uire additional memor(.
The folloin# table describes the recommended hardare for a Cac= 1nd )erver or other
database servers" based on a 90"000 user pool ith ei#ht 2ront 1nd )ervers and one Cac= 1nd
)erver ith all databases re@uired for (our &(nc )erver deplo(ment runnin# on a sin#le database
server.
2ard*are )eco$$endations for %ac3 &nd Servers and -ther Database Servers
7<-bit dual processor" @uad-core" 2.0 H5?
or hi#her
7<-bit <-a( processor" dual-core" 2.0 H5?
or hi#her
Memor( 62 HC recommended for Cac= 1nd )erver :ith
or ithout collocated .rchivin# and Monitorin#
databases;" 17 HC recommended for .rchivin#
and Monitorin# database :not collocated ith
the Cac= 1nd )erver;.
12
Client and Device 2ard*are Support
,lient computers must meet certain hardare re@uirements to support Microsoft &(nc )erver
2010 communications softare clients. .dditional hardare confi#urations must be in place
before (ou deplo( IP phones and analo# devices.
In This Section
,lient 5ardare )upport
/evice 5ardare )upport
Client 2ard*are Support
This section describes the recommended hardare for Microsoft &(nc )erver
2010 communications softare clients.
)eco$$ended 2ard*are for Microsoft Lync 20104 -nline Meetin# Add1in for Microsoft
Lync 20104 and Microsoft Lync 2010 Attendee
2ard*are co$ponent Mini$u$ re5uire$ent
,P$ Intel Pentium <" .M/ .thlon 7<" or e@uivalent
/ata and voice: 1.7 #i#ahert? :H5?; or hi#her
processor" 2 H5? 62-bit or 7<-bit processor
:recommended;
2or video: /ual ,ore 1.4 H5? processor or
hi#her for >H." Guad ,ore 2.0 H5? or hi#her
for hi#h definition
2or the Microsoft %oundTable conferencin#
device: 2 H5? processor or hi#her
Memor( 8n 'indos JP: 1 #i#ab(te :HC; of %.M
8n 'indos >ista or 'indos 3: 2 HC of %.M
/ispla( resolution 102<!379 re@uired
Hraphics hardare )upport for Microsoft /irectJ 4.0
application pro#rammin# interface :.PI;
129 MC of #raphics memor( :minimum;
'indos /ispla( /river Model driver
Pi!el )hader 2.0 in hardare
16
2ard*are co$ponent Mini$u$ re5uire$ent
62 bits per pi!el
Telephon( Microphone and spea=ers" headset ith
microphone" or e@uivalent device
%ecommended: Microsoft unified
communications :$,; device" or a phone
runnin# Microsoft &(nc 2010 Phone 1dition
>ideo source $)C 2.0 video camera or %oundTable device
*etor= 2or netor= re@uirements" see Media Traffic
*etor= $sa#e in the Plannin# documentation.
)eco$$ended 2ard*are for Microsoft Lync 2010 Attendant
5ardare component Minimum re@uirement
,P$ Intel Pentium <" .M/ .thlon 7<" or e@uivalent
/ata and voice: 1 H5? or lar#er processor.
)upport for 62-bit and 7<-bit
2or the Microsoft %oundTable conferencin#
device: 2 H5? processor or hi#her
Memor( 8n 'indos JP: 1 HC of %.M
8n 'indos >ista or 'indos 3: 2 HC of %.M
/ispla( resolution %e@uired: )uper >H. 102< ! 379
%ecommended: )uper >H. 1290 ! 102< or
hi#her
5ard dis= drive .t least 100 MC free
Telephon( Microphone and spea=ers" headset ith
microphone" or e@uivalent device
%ecommended: Microsoft unified
communications :$,; device
Candidth re@uirements >oice: 00 =bps :minimum;L 90 =bps :hi#h-
@ualit(;
%oundTable device :for audio;: 00 =bps
:minimum;L 600 =bps :hi#h-@ualit(;
1<
Device 2ard*are Support
)pecific hardare confi#urations must be in place before (ou deplo( IP phones and analo#
devices.
IP phones runnin# Microsoft &(nc 2010 Phone 1dition communications softare support &in=
&a(er /iscover( Protocol-Media 1ndpoint /iscover( :&&/P-M1/; and Poer over 1thernet
:Po1;. To ta=e advanta#e of &&/P-M1/" the sitch must support I111902.1.C and .*)IDTI.-
1003. To ta=e advanta#e of Po1" the sitch must support Po1902.6.2 or 902.6at.
To enable &&/P-M1/" the administrator must enable &&/P b( usin# the sitch console indo
and set the &&/P-M1/ netor= polic( ith the correct voice >&.* I/.
In addition" if (our deplo(ment includes analo# devices" (ou must confi#ure the analo# #atea(
to use Microsoft &(nc )erver 2010" and the #atea( must be one of the folloin#:
.n analo# telephone adapter :.T.;
. P)T* analo# #atea(
. )urvivable Cranch .ppliance that includes a P)T* analo# #atea(
. )urvivable Cranch .ppliance that includes a P)T* #atea( that communicates ith an
.T.
To learn ho to confi#ure an analo# #atea(" see Plannin# to /eplo( .nalo# /evices in the
Plannin# documentation.
I$portant!
+ou can confi#ure the sitch for 1nhanced 4-1-1 :14-1-1;" if the sitch supports this.
'ile Stora#e Support
Microsoft &(nc )erver 2010 communications softare supports usin# file shares on either direct
attached stora#e :/.); or a stora#e area netor= :).*;" includin# /istributed 2ile )(stem
:/2);" and on a redundant arra( of independent dis=s :%.I/; for file stores. 2or details about
stora#e re@uirements" see Technical %e@uirements for IM and Presence and Technical
%e@uirements for /irector in the Plannin# documentation. 2or details about /2) for 'indos
)erver 2009" see the /2) )tep-b(-)tep Huide for 'indos )erver 2009 at
http:DD#o.microsoft.comDflin=DE&in=IdF202960.
&(nc )erver 2010 supports the use of a shared cluster for the file shares in (our deplo(ment. If
(ou use a shared cluster for the file shares in (our deplo(ment" (ou should use cluster servers
runnin# 'indos )erver 2009 or 'indos )erver 2009 %2. $sin# cluster servers runnin# an
older version of 'indos ma( encounter permission issues that prevent some features from
bein# available. $se the ,luster .dministrator to create the file shares. 2or details about usin#
the ,luster .dministrator" see Microsoft Bnoled#e Case article 29<969" 5o to ,reate a )erver
,luster 2ile )hare ith ,luster.e!e at http:DD#o.microsoft.comDflin=DE&in=IdF1<0944.
Server Soft*are and Infrastructure Support
)oftare support for server components" includin# all Microsoft &(nc )erver 2010 server roles
and stora#e" includes supported operatin# s(stems" database softare" infrastructure softare"
10
and other softare re@uired to support specific functionalit(. It also includes virtuali?ation of
server components.
In This Section
)erver and Tools 8peratin# )(stem )upport
/atabase )oftare and ,lusterin# )upport
,ertificate Infrastructure )upport
'ildcard ,ertificate )upport
/omain *ame )(stem :/*); Infrastructure )upport
Internet Information )ervices :II); )upport
IP and *etor=in# Protocol )upport
>oice )upport
>irtuali?ation )upport
Server and Tools -peratin# Syste$ Support
.ll server roles support the same 'indos )erver operatin# s(stems. The re@uired operatin#
s(stem support for other server roles" such as database servers" depends on hat softare (ou
install on those servers.
Microsoft &(nc )erver 2010 communications softare administrative tools are installed b( default
on the server runnin# &(nc )erver 2010" but (ou can install administrative tools separatel( on
other computers runnin# 'indos operatin# s(stems. 2or e!ample" (ou can use a client
computer runnin# 'indos 3 as an administrative console for plannin# purposes.
I$portant!
&(nc )erver 2010 is available onl( in 7<-bit" hich re@uires 7<-bit hardare and 7<-bit
editions of 'indos )erver. &(nc )erver 2010 is not available in a 62-bit version. This
means that all server roles and computers runnin# &(nc )erver administrative tools run a
7<-bit edition operatin# s(stem.
-peratin# Syste$s for Server )oles
Microsoft &(nc )erver 2010 supports the 7<-bit editions of the folloin# operatin# s(stems:
The 'indos )erver 2009 %2 )tandard operatin# s(stem :re@uired; or latest service pac=
:recommended;
The 'indos )erver 2009 %2 1nterprise operatin# s(stem :re@uired; or latest service pac=
:recommended;
The 'indos )erver 2009 %2 /atacenter operatin# s(stem :re@uired; or latest service pac=
:recommended;
The 'indos )erver 2009 )tandard operatin# s(stem ith )ervice Pac= 2 :)P2; :re@uired;
or latest service pac= :recommended;
The 'indos )erver 2009 1nterprise operatin# s(stem ith )P2 :re@uired; or latest service
pac= :recommended;
17
The 'indos )erver 2009 /atacenter operatin# s(stem ith )P2 :re@uired; or latest service
pac= :recommended;
otes!
If (ou have an e!istin# server runnin# 'indos )erver 2009 ith )ervice Pac= 1 :)P1;" (ou must
up#rade it to either 'indos )erver 2009 )P2 :or latest service pac=;" or 'indos
)erver 2009 %2 :or latest service pac=; before deplo(in# &(nc )erver 2010.
To deplo( &(nc )erver 2010 on a computer that is runnin# either the 'indos )erver 2009 %2
/atacenter operatin# s(stem or the 'indos )erver 2009 /atacenter operatin# s(stem ith
)ervice Pac= 2 :)P2; and that is confi#ured for multiple processor #roups :d(namic hardare
partitionin#;" (ou must up#rade Microsoft )G& )erver 2009 1!press database softare" hich is
installed b( default hen (ou install &(nc )erver 2010" to Microsoft )G& )erver 2009 %2 1!press.
The )G& instance name is %T, for a )tandard 1dition server bac=-end database and %T,&ocal
for the local confi#uration store :on each server role;. . server runnin# &(nc )erver 2010
)tandard 1dition has both )G& instances" and each needs to be up#raded separatel(.
&(nc )erver 2010 is not supported on the folloin# operatin# s(stems:
The )erver ,ore installation option of 'indos )erver 2009 %2 or 'indos )erver 2009
The 'indos 'eb )erver 2009 %2 operatin# s(stem or the 'indos 'eb )erver 2009
operatin# s(stem
'indos )erver 2009 %2 5P, 1dition or 'indos )erver 2009 5P, 1dition
-peratin# Syste$s for -ther Servers
8peratin# s(stem support for servers other than those on hich (ou deplo( &(nc )erver 2010
server roles is dependent on the softare (ou plan to install on those servers. 2or details about
re@uirements for Cac= 1nd )ervers and other database servers" see /atabase )oftare and
,lusterin# )upport. 2or details about re@uirements for reverse pro!( servers :for ed#e
deplo(ment;" see Internet Information )ervices :II); )upport. 2or details about other softare
re@uirements" includin# infrastructure and virtuali?ation support" see the other topics in the )erver
)oftare and Infrastructure )upport section.
Additional -peratin# Syste$s for Ad$inistrative Tools
&(nc )erver 2010 supports installation of the administrative tools" hich includes the Topolo#(
Cuilder" on computers runnin# an( of the 7<-bit editions of the operatin# s(stems supported for
deplo(ment of server roles :as described in the previous section;. .dditionall(" (ou can install
administrative tools on the 7<-bit editions of the folloin# operatin# s(stems:
The 'indos 3 operatin# s(stem :re@uired; or latest service pac= :recommended;
The 'indos >ista operatin# s(stem ith )P2 :re@uired; or latest service pac=
:recommended;
-peratin# Syste$ for the (lannin# Tool
&(nc )erver 2010 supports installation of the Plannin# Tool on computers runnin# an( of the
folloin# operatin# s(stems:
The 62-bit version of 'indos 3 operatin# s(stem :re@uired; or latest service pac=
:recommended;
13
The 7<-bit version of 'indos 3 operatin# s(stem :re@uired; or latest service pac=
:recommended; usin# the '8'7< !97 emulator
The 62-bit edition of 'indos >ista ith )P2 operatin# s(stem :re@uired; or latest service
pac= :recommended;
The 7<-bit edition of 'indos >ista ith )P2 operatin# s(stem :re@uired; or latest service
pac= :recommended; usin# the '8'7< !97 emulator
The 62-bit edition of 'indos JP ith )P6 operatin# s(stem :re@uired; or latest service pac=
:recommended;
The 7<-bit edition of 'indos JP ith )P6 operatin# s(stem :re@uired; or latest service pac=
:recommended; usin# '8'7< !97
The 62-bit edition of 'indos )erver 2009 operatin# s(stem :re@uired; or latest service pac=
:recommended;
The 7<-bit edition of 'indos )erver 2009 operatin# s(stem :re@uired; or latest service pac=
:recommended; usin# '8'7< !97
The 7<-bit edition of 'indos )erver 2009 %2 operatin# s(stem :re@uired; or latest service
pac= :recommended; usin# '8'7< !97
Database Soft*are and Clusterin# Support
The folloin# list contains the database mana#ement s(stems for the bac=-end database" the
.rchivin# database" the Monitorin# database" Hroup ,hat database and Hroup ,hat compliance
database that are supported b( Microsoft &(nc )erver 2010:
%ac31end database of a 'ront &nd pool4 Archivin# database4 Monitorin# database4
Group Chat database and Group Chat co$pliance database
Microsoft )G& )erver 2009 %2 1nterprise database softare :7<-bit edition; or latest
service pac= :recommended;
Microsoft )G& )erver 2009 %2 )tandard :7<-bit edition; or latest service pac=
:recommended;
Microsoft )G& )erver 2009 1nterprise :7<-bit edition; ith )ervice Pac= 1 :)P1;
:re@uired; or latest service pac= :recommended;
Microsoft )G& )erver 2009 )tandard :7<-bit edition; ith )P1 :re@uired; or latest service
pac= :recommended;
Microsoft )G& )erver 2000 1nterprise :7<-bit edition; ith )ervice Pac= 6 :)P6;
:re@uired; or latest service pac= :recommended;
Microsoft )G& )erver 2000 )tandard :7<-bit edition; ith )P6 :re@uired; or latest service
pac= :recommended;
Standard &dition server database and local confi#uration store databases
Microsoft )G& )erver 2009 1!press database softare :7<-bit edition;
19
otes!
)G& )erver 1!press :7<-bit edition; is automaticall( installed b( &(nc )erver 2010 on each
)tandard 1dition server and each &(nc )erver 2010 server on hich the local confi#uration store
is deplo(ed.
&(nc )erver 2010 supports manuall( up#radin# each )G& )erver 2009 1!press database to )G&
)erver 2009 %2 1!press :7<-bit edition;" after the initial deplo(ment of each )tandard 1dition
server and other &(nc )erver 2010 server on hich the local confi#uration store is located.
I$portant
&(nc )erver 2010 does not support )G& )erver 2009 62-bit edition" )G& )erver 2009 %2 62-bit
edition" or )G& )erver 2000 62-bit edition. +ou must use the 7<-bit edition.
)G& )erver 'eb edition and )G& )erver 'or=#roup edition are not supported. +ou cannot use
them ith &(nc )erver 2010.
&(nc )erver 2010 does not support native database mirrorin#.
To use the Monitorin# )erver role" (ou should install )G& )erver %eportin# )ervices.
In a 2ront 1nd pool" the bac=-end database can be a sin#le computer runnin# )G& )erver.
.lternativel(" (ou can cluster to or more dedicated computers runnin# )G& )erver in a multiple-
node activeDpassive confi#uration. . )G& )erver cluster for the bac=-end database improves
availabilit( b( providin# failover capabilities. In a multiple-node cluster" the &(nc )erver 2010 )G&
instance must be able to failover to a passive node that" for performance reasons" should not be
shared b( an( other )G& instance.
)G& )erver database clusterin# usin# 'indos clusterin# is the onl( )G& )erver hi#h availabilit(
mechanism supported b( &(nc )erver 2010. )G& )erver clusterin# support includes the
folloin#:
To-node failover clusterin# for the folloin#:
)G& )erver 2009 %2 )tandard or latest service pac= :recommended;
)G& )erver 2009 )tandard ith )P1 :re@uired; or latest service pac= :recommended;
)G& )erver 2000 )tandard ith )P6 :re@uired; or latest service pac= :recommended;
$p to si!teen-node failover clusterin# for the folloin#:
)G& )erver 2009 %2 1nterprise or latest service pac= :recommended;
)G& )erver 2009 1nterprise ith )P1 :re@uired; or latest service pac= :recommended;
)G& )erver 2000 1nterprise ith )P6 :re@uired; or latest service pac= :recommended;
I$portant!
If (ou collocate &(nc )erver databases ith other databases" e hi#hl( recommend
assessin# all factors that mi#ht impact availabilit( and performance" as ell as ensurin#
that" if one node fails" the remainin# node can handle the load. To verif( failover
capabilities" e recommend testin# all failover scenarios.
Certificate Infrastructure Support
Microsoft &(nc )erver 2010 communications softare re@uires a public =e( infrastructure :PBI; to
support Transport &a(er )ecurit( :T&); and mutual T&) :MT&); connections. C( default" &(nc
14
)erver 2010 is confi#ured to use T&) for client-to-server connections. MT&) is used for
connections beteen servers.
MT&) certificates must be issued b( trusted certification authorities :,.s; for &(nc )erver. &(nc
)erver supports certificates that are issued from the folloin# ,.s:
,ertificates issued from an internal ,.:
The 'indos )erver 2009 operatin# s(stem ,.
The 'indos )erver 2009 %2 operatin# s(stem ,.
The 'indos )erver 2006 1nterprise 1dition operatin# s(stem ith )ervice Pac= 1
:)P1; ,.
'indos )erver 2006 operatin# s(stem ith )P1 stand-alone ,. :supported" but not
recommended;
'hen submittin# a eb-based certificate re@uest to a 'indos )erver 2006 ,." (ou must
submit it from a computer runnin# either 'indos )erver 2006 ith )P2 or 'indos JP.
,ertificates issued from a public ,.
2or connections from clients runnin# 'indos 3 operatin# s(stem" 'indos )erver 2009
operatin# s(stem" 'indos )erver 2009 %2 operatin# s(stem" 'indos >ista operatin# s(stem"
and Microsoft 8ffice ,ommunicator 2003 Phone 1dition" &(nc )erver 2010 includes support for
certificates si#ned usin# the )5.-207 cr(pto#raphic hash function. To support e!ternal access
usin# )5.-207" the e!ternal certificate is issued b( a public ,. usin# )5.-207.
6ildcard Certificate Support
Microsoft &(nc )erver 2010 uses certificates to provide communications encr(ption and server
identit( authentication. In some cases" such as eb publishin# throu#h the reverse pro!(" stron#
subAect alternative name :).*; entr( matchin# to the full( @ualified domain name :2G/*; of the
server presentin# the service is not re@uired. In these cases" (ou can use certificates ith
ildcard ).* entries :commonl( =non as ildcard certificates; to reduce the cost of a
certificate re@uested from a public certification authorit( and to reduce the comple!it( of the
plannin# process for certificates.
6arnin#!
To retain the functionalit( of unified communications :$,; devices :for e!ample" des=
phones;" (ou should test the deplo(ed certificate carefull( to ensure that devices function
properl( after (ou implement a ildcard certificate.
There is no support for a ildcard entr( as the subAect name :also referred to as the common
name or ,*; for an( role. The folloin# server roles are supported hen usin# ildcard entries in
the ).*:
)everse pro0y" 'ildcard ).* entr( is supported for simple $%& publishin# certificate.
Director" 'ildcard ).* entr( is supported for simple $%&s in /irector eb components.
'ront &nd Server .Standard &dition/ and 'ront &nd pool .&nterprise &dition/" 'ildcard
).* entr( is supported for simple $%&s in 2ront 1nd eb components.
&0chan#e 7nified Messa#in# .7M/" The server dos not use ).* entries hen deplo(ed as
a stand-alone server.
20
Microsoft &0chan#e Server Client Access server" 'ildcard entries in the ).* are
supported for internal and e!ternal clients.
&0chan#e 7nified Messa#in# .7M/ and Microsoft &0chan#e Server Client Access
server on sa$e server" 'ildcard ).* entries are supported.
)erver roles that are not addressed in this topic:
Internal server roles :includin#" but not limited to the Mediation )erver" .rchivin# and
Monitorin# )erver" )urvivable Cranch .ppliance" or )urvivable Cranch )erver;
1!ternal 1d#e )erver interfaces
Internal 1d#e )erver
ote!
2or the internal 1d#e )erver interface" a ildcard entr( can be assi#ned to the ).*"
and is supported. The ).* on the internal 1d#e )erver is not @ueried" and a ildcard
).* entr( is of limited value.
To describe the possible ildcard certificate usa#es" the certificate #uidance used for the
%eference .rchitectures in the Plannin# documentation is replicated here to retain consistenc(.
2or details" see %eference .rchitecture. .s mentioned previousl(" $, devices rel( on stron#
name matchin# and ill fail to authenticate if a ildcard ).* entr( is presented before the 2G/*
entr(. C( folloin# the order presented in the folloin# tables" (ou limit the potential problems
ith a $, device and ildcard entries in the ).*.
6ildcard Certificate Confi#urations for Lync Server 2010
Co$pone
nt
Sub8ect na$e SA entries+-rder Certificatio
n authority
.CA/
&nhance
d 3ey
usa#e
.&97/
Co$$ents
%everse
pro!(
lsrp.contoso.com lseb-e!t.contoso.com
M.contoso.com
Public )erver .ddress Coo=
)ervice"
distribution
#roup
e!pansion and
&(nc IP device
publishin#
rules. )ubAect
alternative
name
includes:
1!ternal 'eb
)ervices
2G/*
21
Co$pone
nt
n authority
.CA/
&nhance
d 3ey
usa#e
.&97/
Co$$ents
The ildcard
replaces both
meet and
dialin ).*
here the
meet and
dialin simple
$%&s use the
folloin#
formats:
<FQDN>Dmeet
<FQDN>Ddiali
n
8%
meet.<FQDN
>
dialin.N2G/*
O
/irector dirpool01.contoso.n
et
sip.contoso.com
sip.fabri=am.com
direb.contoso.net
direb-
e!t.contoso.com
<ostna!e>.contoso.n
et" for e!ample
NhostnameO is
director01 for a
/irector in a pool
dirpool.contoso.net
M.contoso.com
Private )erver .ssi#n to the
folloin#
servers and
roles in the
/irector pool:
1ach /irector
in the pool or
to the stand-
alone /irector
hen a
/irector pool
is not
deplo(ed.
The ildcard
replaces both
meet and
dialin ).*
here the
meet and
dialin simple
22
Co$pone
nt
n authority
.CA/
&nhance
d 3ey
usa#e
.&97/
Co$$ents
$%&s use the
folloin#
formats:
<FQDN>Dadmi
n
<FQDN>Dmeet
<FQDN>Ddiali
n
8%
admin.<FQDN
>
meet.<FQDN
>
dialin.N2G/*
O

1nterprise
1dition
2ront 1nd
pool01.contoso.net
:2or a load
balanced pool;
sip.contoso.com
sip.fabri=am.com
lseb.contoso.net
lseb-e!t.contoso.com
<ostna!e>.contoso.n
et" for e!ample
NhostnameO is fe01 for
a front end server in a
pool
pool01.contoso.net
M.contoso.com
folloin#
servers and
roles in the
ne!t hop pool:
2ront 1nd in
Pool01
The ildcard
replaces both
meet and
dialin ).*
here the
meet and
dialin simple
$%&s use the
folloin#
formats:
<FQDN>Dadmi
n
<FQDN>Dmeet
<FQDN>Ddiali
n
26
Co$pone
nt
n authority
.CA/
&nhance
d 3ey
usa#e
.&97/
Co$$ents
8%
admin.<FQDN
>
meet.<FQDN
>
dialin.N2G/*
O
)tandard
1dition
2ront 1nd
se01.contoso.net sip.contoso.com
sip.fabri=am.com
lseb.contoso.net
lseb-e!t.contoso.com
se01.contoso.net
M.contoso.com
folloin#
servers and
roles in the
ne!t hop pool:
The ildcard
replaces both
meet and
dialin ).*
here the
meet and
dialin simple
$%&s use the
folloin#
formats:
<FQDN>Dadmi
n
<FQDN>Dmeet
<FQDN>Ddiali
n
8%
admin.<FQDN
>
meet.<FQDN
>
dialin.N2G/*
O
2<
Microsoft &0chan#e Server 200: and &0chan#e Server 2010
'hen (ou install and confi#ure Microsoft 1!chan#e )erver" self-si#ned certificates are created
and implemented. 'hen (ou add a ,. provided certificate to the server" e recommend that (ou
do not delete the self-si#ned certificate until (ou have reconfi#ured all services and eb services
to successfull( use the ne certificate. In the event that somethin# does not or= correctl(" the
self-si#ned certificate ill still be available so that (ou can reconfi#ure the ori#inal settin#s and
restore the ori#inal functions" althou#h the self-si#ned certificate ill not allo all of the features
that (ou need. This provides (ou ith additional time to resolve the confi#urations ithout
affectin# all production functions.
2or details about certificate use in 1!chan#e" see the folloin#:
$nderstandin# /i#ital ,ertificates and ))&: http:DD#o.microsoft.comDflin=DE&in=IdF219266
$nderstandin# ,lient .ccess server *amespaces: http:DD#o.microsoft.comDflin=DE
&in=IdF21926<
$nderstandin# the .utodiscover )ervice: http:DD#o.microsoft.comDflin=DE&in=IdF213012
2or Microsoft 1!chan#e )erver deplo(ed ith the 1!chan#e $nified Messa#in# :$M; and
1!chan#e ,lient .ccess server" there are four possible deplo(ment scenarios:
Scenario 1! 1!chan#e $nified Messa#in# :$M; and 1!chan#e ,lient .ccess server are
deplo(ed on different servers and ,lient .ccess server is Internet facin#.
Scenario 2! 1!chan#e $nified Messa#in# :$M; and 1!chan#e ,lient .ccess server are
collocated on the same server and are Internet facin#.
Scenario ;! 1!chan#e $nified Messa#in# :$M; and 1!chan#e ,lient .ccess server are
deplo(ed on different servers ith a reverse pro!( for publishin#.
Scenario <! 1!chan#e $nified Messa#in# :$M; and 1!chan#e ,lient .ccess server are
collocated on the same server ith a reverse pro!( for publishin#.
20
Scenario 1! &0chan#e 7nified Messa#in# .7M/ = &0chan#e Client Access Server Deployed on Different Servers .Client Access Server is
Internet 'acin#/
Microsoft &0chan#e
co$ponent
Sub8ect na$e SA entries+-rder Certification
authority .CA/
&nhanced 3ey
usa#e .&97/
Co$$ents
1!chan#e $nified
Messa#in# :$M;
)erver name:
e!chum01.contoso.com
e!chum01.contoso.com 1!chan#e $M role should
not contain a ).* entr(
Private )erver 1!chan#e $M server
communicates onl( ith
internal clients and servers.
Import private ,. root
certificate onto each
1!chan#e $M server.
,reate and assi#n uni@ue
certificate for each 1!chan#e
$M server. )ubAect *ame
must match server name.
+ou must enable Transport
&a(er )ecurit( :T&); on the
1!chan#e $M server before
(ou can assi#n a certificate to
the 1!chan#e $M role.
.ssi#n this certificate for use
on the 1!chan#e ,lient
.ccess server for inte#ration
ith 8utloo= 'eb .ccess and
instant messa#in# :IM;.
1!chan#e ,lient .ccess
server
Internet-facin# .ctive
mail.contoso.com mail.contoso.com
autodiscover.contoso.com
M.contoso.com
Public )erver )ubAect *ame and ).* entr(
must match to support
e!ternal $, devices.
27
Microsoft &0chan#e
co$ponent
authority .CA/
&nhanced 3ey
usa#e .&97/
Co$$ents
/irector( site ,lient
.ccess server
)erver name:
e!chcas01.contoso.com
)ubAect name and ).* entr(
mail.contoso.com is an
e!ample name used to refer
to 8utloo= 'eb .ccess"
8utloo= .n(here" 1')" and
the 8ffline .ddress Coo=. The
onl( re@uirements are that
the entr( must match a /*)
record and that the
1!ternal$%& and other
service entries can be
referenced b( the #iven
name.
autodiscover ).* entr( is
re@uired to support e!ternal
$, devices.
server
*on-Internet-facin#
.ctive /irector( site
,lient .ccess server
)erver name:
internalcas01.contoso.net
internalcas01.contoso.com internalcas01.contoso.com
M.contoso.com
Private )erver *on-Internet facin# .ctive
/irector( site ,lient .ccess
server communicates onl(
ith internal clients and
servers. The Internet facin#
.ctive /irector( site ,lient
.ccess server pro!ies
communications to this ,lient
.ccess server if the re@uest
comes from a user or service
that is @uer(in# for services
23
Microsoft &0chan#e
co$ponent
authority .CA/
&nhanced 3ey
usa#e .&97/
Co$$ents
:for e!ample" mailbo!; that is
hosted in this .ctive /irector(
site.
1') and 8ffline .ddress
Coo= services on the non-
Internet facin# .ctive
/irector( site are confi#ured
to use the certificate
deplo(ed. This certificate can
be from the internal private
,.. The root certificate for
the private ,. must be
imported into the Trusted
Third (arty )oot
Certificates store on the
server.
Scenario 2! &0chan#e 7nified Messa#in# .7M/ = &0chan#e Client Access Server Collocated on Sa$e Server .Internet 'acin#/
Microsoft &0chan#e
co$ponent
authority .CA/
&nhanced 3ey
usa#e .&97/
Co$$ents
1!chan#e $nified
Messa#in# :$M;
e!chcas01.contoso.com 1!chan#e $M role should
29
Microsoft &0chan#e
co$ponent
authority .CA/
&nhanced 3ey
usa#e .&97/
Co$$ents
)erver name:
1!chan#e $M server.
+ou must enable T&) on
the 1!chan#e $M server
before (ou can assi#n a
certificate to the 1!chan#e
$M role.
.ssi#n this certificate for
use on the ,lient .ccess
server for inte#ration ith
8utloo= 'eb .ccess and
IM.
server and
.ccess server
)erver name:
M.contoso.com
Public )erver )ubAect *ame and ).*
entr( must match to
support e!ternal $,
devices.
)ubAect name and ).*
entr( mail.contoso.com is
an e!ample name used to
refer to 8utloo= 'eb
.ccess" 8utloo= .n(here"
1')" and the 8ffline
.ddress Coo=. The onl(
re@uirements are that the
24
Microsoft &0chan#e
co$ponent
authority .CA/
&nhanced 3ey
usa#e .&97/
Co$$ents
entr( must match a /*)
record and that the
name.
autodiscover"<do!ain
na!espace> ).* entr( is
$, devices.
server
*on-Internet facin#
.ctive /irector( site
,lient .ccess server
)erver name:
internalcas01.contoso.net
M.contoso.com
servers. The Internet-facin#
communications to this
,lient .ccess server if the
re@uest comes from a user
or service that is @uer(in#
for services :for e!ample"
mailbo!; that is hosted in
this .ctive /irector( site.
1!chan#e 'eb )ervices
and 8ffline .ddress Coo=
services on the non-
60
Microsoft &0chan#e
co$ponent
authority .CA/
&nhanced 3ey
usa#e .&97/
Co$$ents
/irector( site are
confi#ured to use the
certificate deplo(ed. This
certificate can be from the
internal private ,.. The
root certificate for the
private ,. must be
Third Part( %oot
,ertificates store on the
server.
Scenario ;! &0chan#e 7nified Messa#in# .7M/+&0chan#e Client Access Server Deployed on Different Servers *ith )everse (ro0y for
(ublishin#
Microsoft &0chan#e
co$ponent
authority .CA/
&nhanced 3ey
usa#e .&97/
Co$$ents
1!chan#e $nified
Messa#in# :$M;
)erver name:
e!chum01.contoso.com
Import Private ,. %oot
1!chan#e $M server.
61
Microsoft &0chan#e
co$ponent
authority .CA/
&nhanced 3ey
usa#e .&97/
Co$$ents
certificate for each
1!chan#e $M server.
)ubAect *ame must match
server name.
+ou must enable T&) on
the 1!chan#e $M server
before (ou can assi#n a
certificate to the 1!chan#e
$M role.
.ssi#n this certificate for
use on the ,lient .ccess
server for inte#ration ith
8utloo= 'eb .ccess and
IM.
server
)erver name:
e!chcas01.contoso.com e!chcas01.contoso.com
mail.contoso.com
M.contoso.com
Private )erver )ubAect *ame and ).*
entr( must match to
support e!ternal $,
devices.
server.
)ubAect name and ).*
entr( mail.contoso.com is
an e!ample name used to
refer to 8utloo= 'eb
62
Microsoft &0chan#e
co$ponent
authority .CA/
&nhanced 3ey
usa#e .&97/
Co$$ents
.ccess" 8utloo= .n(here"
1')" and the 8ffline
.ddress Coo=. The onl(
re@uirements are that the
entr( must match a /*)
record and that the
name.
$, devices.
The entr( for the machine
name :in this e!ample"
e!chcas01.contoso.com;
must e!ist for inte#ration
ith 8utloo= 'eb .ccess
and IM.
%everse Pro!(
)erver name :
rp.contoso.com
M.contoso.com
Public )erver . matchin# entr( for the
subAect name must also be
in the ).* of the
certificate.
Terminatin# T&) or ))& at
the reverse pro!( and then
reestablishin# T&) or ))&
66
Microsoft &0chan#e
co$ponent
authority .CA/
&nhanced 3ey
usa#e .&97/
Co$$ents
to the ,lient .ccess server
ill cause $, devices to
fail. . feature of some
products such as Microsoft
Internet )ecurit( and
.cceleration :I).; )erver
and Microsoft 2orefront
Threat Mana#ement
Hatea( and other third-
part( implementations" T&)
or ))& termination cannot
be used if (ou ill be
supportin# $, devices.
).* entr( for autodiscover
must e!ist for $, devices
to or= correctl(.
server
*on-Internet-facin# .ctive
.ccess server
)erver name:
internalcas01.contoso.com
M.contoso.com
servers. The Internet facin#
communications to this
,lient .ccess server if the
re@uest comes from a user
or service that is @uer(in#
6<
Microsoft &0chan#e
co$ponent
authority .CA/
&nhanced 3ey
usa#e .&97/
Co$$ents
for services :for e!ample"
mailbo!; that is hosted in
this .ctive /irector( site.
1!chan#e 'eb )ervices
and 8ffline .ddress Coo=
services on the non-
/irector( site are
confi#ured to use the
internal private ,.. The
root certificate for the
private ,. must be
Third Part( %oot
,ertificates store on the
server.
60
Scenario <! &0chan#e 7nified Messa#in# .7M/+&0chan#e Client Access Server Collocated on Sa$e Server *ith )everse (ro0y for
(ublishin#
Microsoft &0chan#e
co$ponent
authority
.CA/
&nhanced
3ey usa#e
.&97/
Co$$ents
1!chan#e $nified
Messa#in# :$M;
)erver name:
1!chan#e $M server.
certificate for each 1!chan#e
$M server. )ubAect *ame
must match server name.
).* is not re@uired.
+ou must enable T&) on the
1!chan#e $M server before
(ou can assi#n a certificate to
the 1!chan#e $M role.
server
1!chan#e $nified
Messa#in# :$M;
)erver name:
mail.contoso.com e!chcas01.contoso.com
mail.contoso.com
M.contoso.com
Private )erver )ubAect *ame and ).* entr(
must match to support
e!ternal $, devices.
server.
)ubAect name and ).* entr(
67
Microsoft &0chan#e
co$ponent
authority
.CA/
&nhanced
3ey usa#e
.&97/
Co$$ents
mail.contoso.com is an
e!ample name used to refer
to 8utloo= 'eb .ccess"
8utloo= .n(here" 1')" and
the 8ffline .ddress Coo=.
The onl( re@uirements are
that the entr( must match a
/*) record and that the
name.
$, devices.
The entr( for the machine
name :in this e!ample"
e!chcas01.contoso.com;
must e!ist for inte#ration ith
8utloo= 'eb .ccess and IM.
%everse Pro!(
)erver name :
rp.contoso.com
M.contoso.com
Public )erver . matchin# entr( for the
subAect name must also be in
the ).* of the certificate.
Terminatin# T&) or ))& at
the reverse pro!( and then
63
Microsoft &0chan#e
co$ponent
authority
.CA/
&nhanced
3ey usa#e
.&97/
Co$$ents
reestablishin# T&) or ))& to
the ,lient .ccess server ill
cause $, devices to fail. .
feature of some products
such as I). )erver and
2orefront Threat
Mana#ement Hatea(
:TMH; and other third-part(
implementations" T&) or ))&
termination cannot be used if
(ou ill be supportin# $,
devices.
).* entr( for autodiscover
must e!ist for $, devices to
or= correctl(.
server
*on-Internet-facin# .ctive
.ccess server
)erver name:
internalcas01.contoso.com
M.contoso.com
servers. The Internet-facin#
communications to this ,lient
.ccess server if the re@uest
comes from a user or service
that is @uer(in# for services
69
Microsoft &0chan#e
co$ponent
authority
.CA/
&nhanced
3ey usa#e
.&97/
Co$$ents
:for e!ample" mailbo!; that is
hosted in this .ctive /irector(
site.
1!chan#e 'eb )ervices and
8ffline .ddress Coo=
services on the non-Internet
facin# .ctive /irector( site
are confi#ured to use the
internal private ,.. The root
certificate for the private ,.
must be imported into the
Trusted Third (arty )oot
Certificates store on the
server.
64
Do$ain a$e Syste$ .DS/ Infrastructure Support
Microsoft &(nc )erver 2010 communications softare re@uires /omain *ame )(stem :/*); and
uses it in the folloin# a(s:
To discover internal servers or pools for server-to-server communications.
To allo clients to discover the 2ront 1nd pool or )tandard 1dition server used for various
)IP transactions.
To associate the simple $%&s for conferences ith the servers hostin# those conferences.
To allo e!ternal servers and clients to connect to 1d#e )ervers or the 5TTP reverse pro!(
for instant messa#in# :IM; or conferencin#.
To allo unified communications :$,; devices that are not lo##ed in to discover the 2ront
1nd pool or )tandard 1dition server runnin# /evice $pdate 'eb service" obtain updates" and
send lo#s.
To allo mobile clients to automaticall( discover 'eb )ervices resources ithout re@uirin#
users to manuall( enter $%&s in device settin#s.
2or /*) load balancin#.
ote!
&(nc )erver 2010 does not support internationali?ed domain names :I/*s;.
I$portant!
The name (ou specif( must be identical to the computer name confi#ured on the server.
C( default the computer name of a computer that is not Aoined to a domain is a short
name" not a full( @ualified domain name :2G/*;. Topolo#( Cuilder uses 2G/*s" not
short names. )o" (ou must confi#ure a /*) suffi! on the name of the computer to be
deplo(ed as an 1d#e )erver that is not Aoined to a domain. 7se only standard
characters :includin# .PQ" aP?" 0P4" and h(phens; hen assi#nin# 2G/*s of (our &(nc
)ervers" 1d#e )ervers" and pools. /o not use $nicode characters or underscores.
*onstandard characters in an 2G/* are often not supported b( e!ternal /*) and public
,.s :that is" hen the 2G/* must be assi#ned to the )* in the certificate;. 2or details
about addin# a /*) suffi! to a computer name" see ,onfi#ure /*) %ecords for 1d#e
)upport.
Internet Infor$ation Services .IIS/ Support
)everal Microsoft &(nc )erver 2010 communications softare components re@uire Internet
Information )ervices :II);. 2or details about the II) re@uirements for &(nc )erver 2010
components" see Internet Information )ervices :II); %e@uirements in the Plannin#
documentation.
I( and et*or3in# (rotocol Support
Microsoft &(nc )erver 2010 communications softare supports the folloin# IP and netor=in#
protocols:
<0
I( (rotocols" &(nc )erver 2010 supports onl( IP version < :IPv<;. It does not support IP
version 7 :IPv7;.
ote!
&(nc )erver 2010 can function in a netor= ith dual IP stac= enabled.
SI( Transport (rotocols" Henericall(" )IP can use at least three transport t(pes: $ser
/ata#ram Protocol :$/P;" Transmission ,ontrol Protocol :T,P;" and Transport &a(er
)ecurit( :T&);. In the default )IP transport confi#uration" T&) runs over T,P. T&) is used
ithin the &(nc )erver netor=. .t the ed#e of the netor=" &(nc )erver can interoperate over
T,P. &(nc )erver 2010 does not support $/P for )IP transport because it doesnIt meet the
minimum standards for enterprise communications securit(" reliabilit(" and scalabilit(. 2or
details" see the 8ffice ,ommunications )erver team blo# article" RTo $/P" or not to $/P" that
is the @uestion"R at http:DD#o.microsoft.comDflin=DE&in=IdF190674.
ote!
The content of each blo# and its $%& are subAect to chan#e ithout notice.
,oice Support
If (our deplo(ment includes a 2ront 1nd pool" (ou can deplo( support for 1nterprise >oice" the
>oice over IP :>oIP; solution offered b( Microsoft. >oice over IP :>oIP; is a softare-based
alternative to traditional PCJ-based telephon(. Thou#h the >oIP call e!perience is similar to the
traditional telephon( e!perience" 1nterprise >oice includes features that enable richer
communication and collaboration. 2or e!ample" (our 1nterprise >oice deplo(ment can be
confi#ured to enable Microsoft &(nc 2010 clients" includin# Microsoft &(nc 2010 Phone 1dition to
allo users to vie enhanced presence information or location information for contacts in (our
or#ani?ationIs address boo=. )ome Microsoft &(nc )erver 2010 features are enabled throu#h
inte#ration ith other &(nc )erver 2010 or=loads and ith 1!chan#e $nified Messa#in# :$M;.
2or details about the features and functionalit( available ith 1nterprise >oice and ho to plan for
deplo(ment" see Plannin# for 1nterprise >oice in the Plannin# documentation.
In This Section
)IP Trun=in# )upport
/irect )IP ,onnections )upport
1!chan#e $nified Messa#in# :$M; )upport
14-1-1 )upport
SI( Trun3in# Support
If (ou plan to use 1nterprise >oice ith )IP trun=in#" (ou must deplo( a Mediation )erver and
ensure that other infrastructure and components meet the support re@uirements appropriate to
(our deplo(ment model. 2or details about determinin# hether to implement )IP trun=in#" see
'h( $se )IP Trun=in#E in the Plannin# documentation.
+ou can use the Microsoft $nified ,ommunications 8pen Interoperabilit( Pro#ram for enterprise
telephon( infrastructure to find @ualified P)T* #atea(s" IP-PCJs" and )IP trun=in# services"
includin# @ualified IP telephon( service providers. 2or details" see the Microsoft $nified
<1
,ommunications 8pen Interoperabilit( Pro#ram ebsite at http:DD#o.microsoft.comDflin=DE
&in=IdF193391.
Mediation Server Support
To implement )IP trun=in#" (ou must route the connection throu#h a Mediation )erver" hich
pro!ies communications sessions beteen &(nc )erver 2010 clients and the service provider.
The Mediation )erver decodes the media traffic from clients and servers and re-encodes it before
sendin# it to the service provider. The re-encodin# is needed because )IP trun=s do not support
some codecs used li=e %eal Time .udio :%T.; or Interactive ,onnectivit( 1stablishment :I,1;
protocol ne#otiation for fireall traversal.
1ach Mediation )erver can have to netor= adapters" hich provide an internal and an e!ternal
netor= interface. The e!ternal interface is commonl( called the #atea( interface because
traditionall( it has been used to connect to a P)T* #atea( or an IP-PCJ. To implement a )IP
trun=" (ou connect the e!ternal interface to a )ession Corder ,ontroller :)C,; at a service
provider.
Centrali>ed vs" Distributed SI( Trun3in#
#entrali$ed )IP trun=in# routes all >oIP traffic" includin# branch site traffic" throu#h (our data
center. The centrali?ed deplo(ment model is simple" cost-effective" and #enerall( the preferred
approach for implementin# )IP trun=s ith &(nc )erver 2010.
/ependin# on usa#e patterns ithin (our enterprise" (ou ma( not ant to route all users throu#h
the centrali?ed )IP trun=. To anal(?e (our needs" anser the folloin# @uestions:
5o bi# is each siteE 5o man( usersE
'hich /irect Inard /ialin# :/I/; numbers at each site #et the most phone callsE
Distributed )IP trun=in# is a deplo(ment model in hich (ou implement a local )IP trun= at one or
more branch sites. >oIP traffic is then routed from the branch site directl( to their service provider"
ithout #oin# throu#h (our data center.
/istributed )IP trun=in# is re@uired onl( in the folloin# cases:
The branch site re@uires survivable phone connectivit( :for e!ample" if the '.* #oes don;.
If the branch does need redundanc( and failover" the service provider ill char#e more and
the confi#uration ill ta=e lon#er. This should be anal(?ed for each branch site. )ome of (our
branches ma( re@uire redundanc( and failover" hile others do not.
The branch site and data center are in different countriesDre#ions. 2or compatibilit( and le#al
reasons" (ou need at least one )IP trun= per countr(Dre#ion.
The decision about hether to deplo( centrali?ed or distributed )IP trun=in# re@uires a cost-
benefit anal(sis. In some cases" it ma( be advanta#eous to opt for the distributed deplo(ment
model even if it is not re@uired. In a completel( centrali?ed deplo(ment" all branch site traffic is
routed over '.* lin=s. Instead of pa(in# for the bandidth re@uired for '.* lin=in#" (ou ma(
ant to use distributed )IP trun=in#.
ote!
2or details about h( and ho (ou mi#ht use distributed )IP trun=in#" see Cranch )ite
)IP Trun=in# in the Plannin# documentation.
Supported SI( Trun3in# Connection Types
<2
&(nc )erver 2010 supports the folloin# connection t(pes for )IP trun=in#:
Multiprotocol &abel )itchin# :MP&); is a private netor= that directs and carries data from
one netor= node to the ne!t. The bandidth in an MP&) netor= is shared ith other
subscribers" and each data pac=et is assi#ned a label to distin#uish one subscriberIs data
from anotherIs. This connection t(pe does not re@uire >P*. . potential drabac= is that
e!cessive IP traffic can interfere ith >oIP operation unless >oIP traffic is #iven priorit(.
. private connection ith no other traffic is t(picall( the most reliable and secure connection
t(pe :for e!ample" a leased fiber-optic connection or T1 line;. This connection t(pe provides
the hi#hest call-carr(in# capacit(" but is t(picall( the most e!pensive. >P* is not re@uired.
Private connections are appropriate for or#ani?ations ith hi#h call volumes or strin#ent
securit( and availabilit( re@uirements.
The public Internet is the least e!pensive connection t(pe" but also the least reliable" and the
one ith the loest call-carr(in# capacit(. +our Internet Telephon( )ervice Provider :IT)P;
can help secure this )IP trun= connection t(pe if it supports T&) and )ecure %eal-Time
Transport Protocol :)%TP; to encr(pt si#nalin# and media traffic. If (ou cannot confi#ure a
)IP trun= connection throu#h the Internet to use T&) and )%TP" e stron#l( recommend that
(ou use a >P* tunnel to provide a more secure connection. ,ontact (our IT)P to determine
hether it provides support for T&) ith )%TP.
Selectin# a Connection Type
The most appropriate )IP trun=in# connection t(pe for (our enterprise depends on (our needs
and (our bud#et.
2or mid-si?e or lar#er enterprise" #enerall( an MP&) netor= provides the most value. It can
provide the necessar( bandidth at a cheaper rate than a speciali?ed private netor=.
&ar#e enterprises ma( re@uire a private fiber-optic or T1 connection.
2or a small enterprise or branch site ith lo call volume" )IP trun=in# throu#h the Internet
ma( be the best choice" hoever this connection t(pe is not recommended for mid-si?e or
lar#er sites.
Codec Support
The service provider pro!( must support the folloin# codecs:
H.311 a-la :used primaril( outside *orth .merica;
H.311 S-la :used in *orth .merica;
Direct SI( Connections Support
Microsoft &(nc )erver 2010 supports the use direct )IP connections to connect &(nc )erver
2010 to either of the folloin#:
.n IP-PCJ
. P)T* #atea(
The Mediation )ervers in a &(nc )erver 2010 pool can control multiple #atea(s" )ession Corder
,ontrollers :)C,s; provided b( telephon( service providers" or some combination thereof.
.dditionall(" multiple Mediation )ervers in the pool can interact ith a sin#le #atea(.
+ou can use the Microsoft $nified ,ommunications 8pen Interoperabilit( Pro#ram for enterprise
telephon( infrastructure to find @ualified P)T* #atea(s" IP-PCJs" and )IP trun=in# services. 2or
<6
details" see the Microsoft $nified ,ommunications 8pen Interoperabilit( Pro#ram ebsite at
2or details about the topolo#( and deplo(ment options for direct )IP connections" see /irect )IP
,onnections in the Plannin# documentation.
&0chan#e 7nified Messa#in# .7M/ Support
Microsoft &(nc )erver 2010 supports inte#ration ith 1!chan#e $nified Messa#in# :$M; for
combinin# voice messa#in# and email messa#in# into a sin#le messa#in# infrastructure.
1!chan#e $M is one of several server roles that (ou can install and confi#ure on a computer that
is runnin# Microsoft 1!chan#e )erver. 2or &(nc )erver 1nterprise >oice deplo(ments" 1!chan#e
$M combines voice messa#in# and email messa#in# into a sin#le store that is accessible from a
telephone :that is" 8utloo= >oice .ccess; or a computer. 1!chan#e $M and &(nc )erver or=
to#ether to provide call anserin#" 8utloo= >oice .ccess" and auto attendant services to users of
1nterprise >oice.
In addition to the support that previous &(nc )erver releases have provided for inte#ration ith
on-premises deplo(ments of 1!chan#e $M" &(nc )erver 2010 introduces support for inte#ration
ith hosted 1!chan#e $M. This enables (ou to provide voice messa#in# to (our users if (ou
mi#rate some or all of them to a hosted 1!chan#e service provider such as Microsoft 1!chan#e
8nline.
&(nc )erver 2010 supports the folloin# versions:
Microsoft 1!chan#e )erver 2010 :re@uired; or ith latest service pac= :recommended;
Microsoft 1!chan#e )erver 2003 ith )ervice Pac= 1 :)P1; :re@uired; or latest service pac=
:recommended;
+ou cannot collocate 1!chan#e $M ith &(nc )erver or a &(nc )erver database. +ou can install
1!chan#e $M and &(nc )erver in separate forests.
ote!
1!chan#e $M ma( not be re@uired for 1nterprise >oice deplo(ments that have a PCJ
deplo(ed" because the PCJ can continue to provide voice mail and related services to all
users. If (ou eventuall( retire the PCJ" :for e!ample" if (ou deplo( )IP trun=in# for public
sitched telephone netor= :P)T*; connectivit(; (ou must reconfi#ure 1!chan#e $M to
provide voice mail to users ho previousl( used the PCJ voice mail s(stem.
In This Section
,omponents and Topolo#ies for 8n-Premises $nified Messa#in#
)upport for 5osted 1!chan#e $M Inte#ration
Co$ponents and Topolo#ies for -n1(re$ises 7nified Messa#in#
This topic describes the Microsoft 1!chan#e )erver components re@uired to provide 1!chan#e
$nified Messa#in# :$M; features to Microsoft &(nc )erver 2010 communications softare
1nterprise >oice users hose mailbo!es are homed on an on-premises Microsoft 1!chan#e
deplo(ment. It also describes the supported topolo#ies for on-premises 1!chan#e $M inte#ration.
&0chan#e Server Co$ponents
<<
To provide the 1!chan#e $M features and services described earlier in this section to 1nterprise
>oice users in (our or#ani?ation" (ou must deplo( the folloin# Microsoft 1!chan#e server roles:
Mailbo! )erver" hich hosts user mailbo!es and provides a sin#le stora#e location for email
and voice mail.
5ub Transport )erver" hich routes email messa#es from the 1!chan#e $M )erver to user
mailbo!es.
,lient .ccess )erver" hich hosts client protocols and services" such as Post 8ffice Protocol
version 6 :P8P6;" Internet Messa#e .ccess Protocol < :IM.P<;" )ecure 5(perte!t Transfer
Protocol :5TTP);" 8utloo= .n(here" .vailabilit( service" and .utodiscover service. The
,lient .ccess )erver also hosts 'eb services.
1!chan#e $M )erver" hich connects Microsoft 1!chan#e )erver ith &(nc )erver 2010.
Supported Topolo#ies
+ou can deplo( &(nc )erver and 1!chan#e $M in the same forest or multiple forests. If the
deplo(ment spans multiple forests" (ou must perform the 1!chan#e inte#ration steps for each
1!chan#e $M forest. 2urthermore" (ou must confi#ure each Microsoft 1!chan#e forest to trust
the &(nc )erver forest and the &(nc )erver forest to trust each 1!chan#e $M forest. In addition to
this forest trust" the 1!chan#e $M settin#s for all users must be set on the user obAects in the
&(nc )erver forest.
&(nc )erver supports the folloin# topolo#ies for 1!chan#e $M inte#ration:
)in#le forest
)in#le domain :that is" a sin#le forest ith a sin#le domain;. &(nc )erver" Microsoft
1!chan#e" and users all reside in the same domain.
Multiple domain :that is" a root domain ith one or more child domains;. &(nc )erver" and
Microsoft 1!chan#e servers are deplo(ed in different domains from the domain here (ou
create users. 1!chan#e $M servers can be deplo(ed in different domains from the &(nc
)erver pool the( support.
Multiple forest :that is" resource forest;. &(nc )erver is deplo(ed in a sin#le forest" and then
users are distributed across multiple forests. The usersI 1!chan#e $M attributes must be
replicated over to the &(nc )erver forest.
ote!
1!chan#e can be deplo(ed in multiple forests. 1ach 1!chan#e or#ani?ation can
provide 1!chan#e $M to its users" or the 1!chan#e $M servers can be deplo(ed in
the same forest as &(nc )erver.
Support for 2osted &0chan#e 7M Inte#ration
The &(nc )erver 2010 1!$M %outin# application supports inte#ration ith 1!chan#e $nified
Messa#in# :$M; in an on-premises environment" here &(nc )erver 2010 and 1!chan#e $M are
both installed locall( ithin (our enterprise" or in ith 1!chan#e $M hosted b( a service provider"
as shon in the folloin# dia#ram.
<0
The folloin# modes are supported:
-n1pre$ises Mode &(nc )erver and 1!chan#e $M are both deplo(ed on local servers
ithin (our enterprise.
Cross1pre$ises Mode &(nc )erver is deplo(ed on local servers ithin (our enterprise and
1!chan#e $M is hosted in an online service providerIs facilit(" such as a Microsoft 1!chan#e
8nline data center.
Mi0ed Mode +our &(nc )erver deplo(ment has some user mailbo!es homed on local
servers runnin# Microsoft 1!chan#e )erver ithin (our enterprise and some mailbo!es
homed in a hosted 1!chan#e service data center.
ote!
Mi!ed mode can be used as a transitional solution durin# evaluation and stepise
mi#ration of users to hosted 1!chan#e $M" or a permanent solution if (ou opt to
=eep some usersI 1!chan#e $M services on-premises after mi#ratin# others.
To inte#rate &(nc )erver ith hosted 1!chan#e $M" (ou must confi#ure a sared S%& address
space :also called a split do!ain;. In this confi#uration" both &(nc )erver and the third-part(
hosted 1!chan#e $M service provider can access the same )IP domain address space. 2or
details" see 5osted 1!chan#e $M Inte#ration .rchitecture in the Plannin# documentation.
&?1111 Support
Microsoft &(nc )erver 2010 communications softare supports 1nhanced 4-1-1 :14-1-1; as part
of an enterprise deplo(ment. 14-1-1 is an emer#enc( notification feature that associates the
callin# part(Is telephone number ith a civic or street address. 14-1-1 support is onl( available in
the $nited )tates.
In order to support 14-1-1 as part of a &(nc )erver deplo(ment" (ou must obtain 14-1-1 routin#
service from a certified emer#enc( services provider. The emer#enc( services provider routes
<7
emer#enc( calls ori#inatin# from &(nc )erver to the correct Public )afet( .nserin# Point
:P).P; based on the location information contained ithin the call. 2or details about 14-1-1
support" see 1mer#enc( )ervices :14-1-1; in the Plannin# documentation.
,irtuali>ation Support
Microsoft &(nc )erver 2010 supports virtuali?ation topolo#ies that support all maAor or=loads"
includin# instant messa#in# :IM; and presence" conferencin#" and 1nterprise >oice. >irtuali?ation
is supported onl( on the 'indos )erver 2009 %2 operatin# s(stem for all host and #uest
operatin# s(stems. The supported topolo#ies are as follos:
)tandard 1dition server topolo#(" supportin# up to 2"000 users per )tandard 1dition server"
for proof-of-concept" pilot proAects" and branch sites.
1nterprise 1dition data center topolo#(" supportin# up to 0"000 users per 2ront 1nd )erver.
&(nc )erver 2010 supports virtuali?ation of the folloin#:
2ront 1nd )ervers. If (ou virtuali?e a 2ront 1nd )erver" (ou can also virtuali?e some or all of
the other server roles of that site.
)tandard 1dition servers. 'hen deplo(in# a virtuali?ed )tandard 1dition server" the onl(
server roles that can be deplo(ed ith it are the /irector" Monitorin# )erver" .rchivin# )erver"
and 1d#e )erver.
1d#e )ervers for 2ront 1nd pools and )tandard 1dition servers.
)upport includes both of the folloin#:
Microsoft 5(per-> technolo#(
>M'are
2or details about virtuali?ation support and re@uirements" includin# the number of virtual
machines to be deplo(ed" see %unnin# in a >irtuali?ed 1nvironment in the Plannin#
documentation.
Additional Server Support and )e5uire$ents
In addition to the softare support described in the other sections of this )upportabilit(
documentation" Microsoft &(nc )erver 2010 has the folloin# support limitations:
&(nc )erver 2010 supports /omain *ame )(stem :/*); and hardare load balancin# for
specific server roles. It also supports application load balancin# for Mediation )ervers" here
appropriate. 2or details about hen to use each" see the Plannin# documentation.
&(nc )erver 2010 uses the /istribution &ist 1!pansion Protocol :/&J; to e!pand distribution
lists. This protocol also specifies the eb service method that is used to #et the membership
of a distribution list. Microsoft 1!chan#e )erver supports d(namic #roups that do not have
members staticall( assi#ned to them. Instead" the( store @ueries that are evaluated hen the
#roup is e!panded. /&J does not support d(namic distribution lists.
The 1nable $ser 'i?ard does not support automatic conversion of non-1n#lish characters to
a )IP-compliant $%I" so (ou must modif( the )IP address manuall(.
<3
2or servers runnin# antivirus softare" include all servers runnin# &(nc )erver 2010 in the
e!ception list in order to provide optimal performance and audio @ualit(. 2or details" see
)pecif(in# .ntivirus )cannin# 1!clusions in the )ecurit( documentation.
If (ou use IPsec" e recommend disablin# IPsec over the port ran#es used for audio and
video traffic. 2or details" see IPsec 1!ceptions in the Plannin# documentation.
If (our or#ani?ation uses a Gualit( of )ervice :Go); infrastructure" the media subs(stem is
desi#ned to or= ithin this e!istin# infrastructure. 2or details about implementin# Go)" see
1nablin# Gualit( of )ervice :Go); in the 8perations documentation.
$se of the operatin# s(stem fireall is supported. &(nc )erver 2010 mana#es the fireall
e!ceptions for the operatin# s(stem fireall" e!cept for Microsoft )G& )erver database
softare. 2or details about )G& )erver fireall re@uirements" see the )G& )erver
documentation.
The e!ternal interfaces used to implement support for e!ternal user access must be on a
separate subnet" not on the same netor= as the internal interfaces.
&(nc )erver 2010 does not support to-factor authentication. 5oever" if (ou deplo( &(nc
)erver in a netor= environment that alread( provides to-factor authentication :for e!ample"
a >P* ith to-factor authentication;" &(nc )erver or=s in that environment.
&(nc )erver 2010 and Microsoft 1!chan#e )erver 2010 )ervice Pac= 1 :)P1; operate ith
support for 2ederal Information Processin# )tandard :2IP); 1<0-2 al#orithms if the 'indos
)erver 2009 )ervice Pac= 2 :)P2; 'indos )erver 2009 %2 operatin# s(stems are
confi#ured to use the 2IP) 1<0-2 al#orithms for s(stem cr(pto#raph(. To implement 2IP)
support" (ou must confi#ure each server runnin# &(nc )erver 2010 to support it. 2or details
about 2IP)-compliant al#orithms and ho to implement 2IP) support" see Microsoft
Bnoled#e Case article 911966" The effects of enablin# the )(stem cr(pto#raph(: $se
2IP) compliant al#orithms for encr(ption" hashin#" and si#nin#R securit( settin# in 'indos
JP and in later versions of 'indos" at http:DD#o.microsoft.comDflin=DE
lin=idF6002T=bidF911966. 2or details about 2IP) 1<0-2 support and limitations in 1!chan#e
2010" see 1!chan#e 2010 )P1 and )upport for 2IP) ,ompliant .l#orithms at
&(nc )erver 2010 re@uires the installation of other softare on specific components prior to or
durin# deplo(ment. This includes softare that is available ith the operatin# s(stem"
donloadable softare" and softare that is automaticall( installed durin# installation of &(nc
)erver 2010. 2olloin# is a list of additional softare that can be re@uired:
'indos $pdate
Messa#e Gueuin# )erver and Messa#e Gueuin# /irector( )ervice Inte#ration
Microsoft .*1T 6.0 ith )ervice Pac= 1 :)P1; 2rameor=
Microsoft >isual ,UU 2009 %edistributable
Microsoft >isual VW version 2.0 %edistributable
$%& %erite Module version 2.0 %edistributable
'indos Media 2ormat %untime
'indos Poer)hell version 2.0
'indos Installer version <.0
<9
Microsoft )ilverli#ht < broser plu#-in :)ilverli#ht <.0.0002<.0 or the latest version for &(nc
)erver ,ontrol Panel;
.ctive /irector( /omain )ervices :./ /); tools
)G& )erver
)ome of these softare re@uirements onl( appl( to specific server roles or components. 2or
details about these softare re@uirements" see .dditional )oftare %e@uirements in the Plannin#
documentation.
Client and Device Soft*are and Infrastructure Support
)oftare support for Microsoft &(nc )erver 2010 clients and devices includes the supported
operatin# s(stems" infrastructure softare" and other additional softare re@uired to support
client and device features.
In This Section
,lient )oftare )upport
%e@uired &(nc )erver 2010 ,omponents for /evices
/evice )(stem and Infrastructure )upport
Client Soft*are Support
This section summari?es the softare support for Microsoft &(nc )erver 2010 clients.
6indo*s -peratin# Syste$s
The folloin# clients support the same 'indos operatin# s(stems:
Microsoft &(nc 2010
8nline Meetin# .dd-in for Microsoft &(nc 2010
Microsoft &(nc 2010 .ttendee
Microsoft &(nc 2010 .ttendant
)upported operatin# s(stems for these clients include the folloin#:
'indos 3 operatin# s(stems
'indos >ista operatin# s(stems
'indos JP operatin# s(stem ith )ervice Pac= 6 :)P6;
ote!
'indos Installer 6.1 must be installed before deplo(in# &(nc 2010.
Installation of the client and updates re@uires administrator ri#hts and permissions.
&(nc supports communications beteen &(nc and previous client versions. 2or details" see &(nc
2010 ,ompatibilit( in the Plannin# documentation.
Macintosh -peratin# Syste$s
The folloin# clients support the Macintosh operatin# s(stem:
<4
Microsoft &(nc for Mac 2011
Microsoft ,ommunicator for Mac 2011
)upported operatin# s(stems for these clients include the folloin#:
Mac 8) 10.0.9 or the latest service pac= or release :Intel-based;
%ro*sers
&(nc supports the folloin# brosers:
'indos Internet 1!plorer 4 Internet broser
Mo?illa 2irefo! eb broser
ote!
If (ou are usin# &(nc ith Microsoft 1!chan#e 8nline and (our or#ani?ation has deplo(ed
an authenticatin# 5TTP pro!(" Internet 1!plorer 4 or Internet 1!plorer 9 is re@uired.
Microsoft &(nc 'eb .pp supports specific combinations of operatin# s(stems and brosers. 2or
details" see &(nc 'eb .pp )upported Platforms in the Plannin# documentation.
Microsoft Silverli#ht
The Microsoft )ilverli#ht broser plu#-in version <.0 is re@uired for &(nc and the 8nline Meetin#
.dd-in for &(nc 2010. It is installed automaticall( durin# &(nc setup.
)ilverli#ht <.0 is also re@uired for &(nc 'eb .pp. +ou can deplo( )ilverli#ht <.0 to client
computers or allo users to be prompted for installation hen the( first start &(nc 'eb .pp.
Microsoft "&T 'ra$e*or3 ;"@
To install &(nc 2010 .ttendant" the Microsoft .*1T 2rameor= 6.0 must alread( be installed. 2or
details about installin# the Microsoft .*1T 2rameor= 6.0" see http:DD#o.microsoft.comDflin=DE
&in=IdF122<07.
Microsoft -ffice
&(nc )erver 2010 clients support inte#ration ith various versions of Microsoft 8ffice. This
section summari?es Microsoft 8ffice supportabilit(. 2or details" see &(nc 2010 ,ompatibilit( in the
Plannin# documentation.
The Microsoft 8utloo= 2010 messa#in# and collaboration client and Microsoft 1!chan#e
)erver 2010 are re@uired for the full set of ne 8utloo= inte#ration features in &(nc.
,ertain &(nc inte#ration features are supported on Microsoft 8ffice 2003 suites and Microsoft
8ffice 2006 )ervice Pac= 6 :)P6;. 2or inte#ration ith Microsoft 8ffice 2003 to or= correctl("
(ou ma( have to install an update to Microsoft 8utloo= 2003. 2or details about the 8utloo=
update" see Microsoft Bnoled#e Case article 46797<" R/escription of the 2003 8ffice hotfi!
pac=a#eR at http:DD#o.microsoft.comDflin=DE&in=I/F1<6112.
The 8nline Meetin# .dd-in for &(nc 2010 is supported ith Microsoft 8ffice 2010 suites"
8ffice 2003" and the Microsoft 8ffice 2006 suites.
00
7sin# Mandatory (rofiles
If users are plannin# to use &(nc 2010 conferencin# features" the( should not use 'indos
.ctive /irector( /omain )ervices mandator( profiles to si#n in to the &(nc 2010 client. Cecause
mandator( profiles are read-onl( user profiles" the Public Be( Infrastructure :PBI; =e(s that are
re@uired for &(nc 2010 conferencin# cannot be saved to the profile. 2or details" see Microsoft
Bnoled#e Case article 2002221" &(nc 2010 conferencin# feature fails hen the user is si#ned
in usin# a mandator( user profile" at http:DD#o.microsoft.comDflin=DElin=idF6002T=bidF2002221.
)e5uired Lync Server 2010 Co$ponents for Devices
Cefore (ou deplo( unified communications :$,; phones" ensure that the folloin# re@uired
Microsoft &(nc )erver 2010 components are in place.
6eb Services
The /evice $pdate 'eb service" hich is an automated a( to update (our IP phones" is
installed ith 'eb )ervices" on the 2ront 1nd )erver.
I$portant!
In &(nc )erver 2010 1nterprise 1dition" (ou ma( have multiple servers in the pool. 2or
each instance of 'eb )ervices runnin# on servers in a pool" there is a separate instance
of /evice $pdate 'eb service runnin# in the pool. 'hen (ou ma=e a confi#uration
chan#e to the /evice $pdate 'eb service" the chan#es are propa#ated to all the servers
in that pool but not to servers in an( other pool. 2or details about re@uired confi#urations"
see )(stem and Infrastructure %e@uirements for /evices in the Plannin# documentation.
&nterprise ,oice
1nterprise >oice is the voice over IP :>oIP; solution in &(nc )erver 2010 that allos users to
ma=e calls and use rich communication and collaboration features" such as viein# enhanced
presence information or location information for contacts in (our or#ani?ationIs address boo=.
1nterprise >oice must be enabled for each device user. To chec= hether 1nterprise >oice is
enabled for a user" in Microsoft &(nc )erver 2010 ,ontrol Panel find the user" then vie the
userIs details. If the user is enabled for 1nterprise >oice" the chec= bo! &nabled for Lync Server
ill be selected" and the Telephon( drop don ill have 1nterprise >oice selected.
Contact -b8ects
.Applies to Co$$on area phones/ Phones that are not associated ith a specific user must be
associated ith an .ctive /irector( contact obAect. &i=e user accounts" contact obAects can be
assi#ned policies and voice plans" thereb( #ivin# (ou a a( to mana#e the device.
2or details about creatin# contact obAects for common area phones" see ,onfi#urin# ,ommon
.rea Phones in the /eplo(ment documentation.
Dial (lans4 ,oice (olices4 and -utbound Call )outes
/ial plans" voice polices" and call routes must be set up for users. /ial plans are named sets of
normali?ation rules that translate phone numbers for a named location" individual user" or contact
obAect into a sin#le standard :1.17<; format" alloin# $, device users to ma=e calls to the public
01
sitched telephone netor= :P)T*;. >oice policies are records that define call permissions for
users" sites" or an entire or#ani?ation and include various callin# features that ma( be enabled or
disabled as appropriate. >oice policies must be set up for device users. ,all routes are rules that
specif( ho &(nc )erver 2010 handles outbound calls from $, devices.
To verif( hether dial plans" voice polices" and call routes are set up for users" or to set up or
modif( these user polices" see Plannin# 8utbound ,all %outin# in the Plannin# documentation.
2or details about confi#urin# policies for common area phones" see ,onfi#urin# ,ommon .rea
Phones in the /eplo(ment documentation.
I$portant!
'e recommend that (ou also confi#ure 1!chan#e $nified Messa#in# :$M; and &(nc
)erver 2010 to or= to#ether and that (ou enable users for 1!chan#e $M call anserin#
and 8utloo= >oice .ccess. 2or details" see the 1!chan#e )erver 2010 Tech*et &ibrar( at
http:DD#o.microsoft.comDflin=DElin=idF197202.
(I Authentication and (olicy
If (ouIre deplo(in# phones from the ne line of IP phones" (ou must enable personal
identification number :PI*; authentication on &(nc )erver" and an appropriate PI* polic( need to
be in place. This allos authentication to be automatic hen a user si#ns in on an .astra 7321ip
common area phone" .astra 7320ip des= phone" 5P <110 IP Phone :common area phone;" 5P
<120 IP Phone :des= phone;" Pol(com ,J000 IP common area phone" Pol(com ,J700 IP des=
phone" or Pol(com ,J6000 IP conference phone. +ou set the PI* polic( on the (I (olicy pa#e
of the Security #roup in &(nc )erver 2010 ,ontrol Panel. .lso in Security" clic= 6eb Service"
and verif( that PI* authentication is enabled in the Hlobal polic(.
To do this is the &(nc )erver Mana#ement )hell" run the folloin# command:
Set-CsWebServiceConfiguration -Identity "WebService:<FQDN of web
service>" UsePinAuth $true
Device Syste$ and Infrastructure Support
This section describes the hardare" port" /omain *ame )(stem :/*);" /(namic 5ost
,onfi#uration Protocol :/5,P;" and securit( confi#urations that must be in place before (ou
deplo( IP phones. These re@uirements are in addition to the re@uired components described in
%e@uired &(nc )erver 2010 ,omponents for /evices in the Plannin# documentation.
ote!
%evie the manufacturerIs data sheet for the devices that (ou are deplo(in# to learn
about additional re@uirements.
2ard*are )e5uire$ents
IP phones runnin# Microsoft &(nc 2010 Phone 1dition support &in= &a(er /iscover( Protocol-
Media 1ndpoint /iscover( :&&/P-M1/; and Poer over 1thernet :Po1;. To ta=e advanta#e of
&&/P-M1/" the sitch must support I111902.1.C and .*)IDTI.-1003. To ta=e advanta#e of
Po1" the sitch must support Po1902.6.2 or 902.6at.
To enable &&/P-M1/" the administrator must enable &&/P b( usin# the sitch console indo
and set the &&/P-M1/ netor= polic( ith the correct voice >&.* I/.
02
I$portant!
+ou can confi#ure the sitch for 1nhanced 4-1-1 :14-1-1;" if the sitch supports this.
(ort )e5uire$ents
IP phones use port <<6 for the /evice $pdate 'eb service.
DS )e5uire$ents
IP phones re@uire certain /*) records. The folloin# table describes the records that (ou must
create and publish to a /*) service" ithin the corporate netor=" if (ou are deplo(in# IP
phones. The folloin# table provides details about the /*) records that are re@uired for e!ternal
IP phones.
DS )ecords for &0ternal Devices
Type ,alue ote
. 2ull( @ualified domain names
:2G/*s; for the pool:s; hostin#
the %e#istrars
The ne Microsoft &(nc )erver 2010
/*) load balancin# feature re@uires (ou
to specif( the server 2G/* and the pool
2G/*" usin# the same IP address" for
each server in the pool and to create .
records for all pools that contain a
%e#istrar.
2or e!ample:
%e#istrar)erver8neInPool.<S%&
do!ain>: 1.2.6.<" %e#istrarPool.<S%&
do!ain>: 1.2.6.<"
%e#istrar)erverToInPool.<S%&
do!ain>: 1.2.6.0" and
%e#istrarPool.<S%& do!ain>: 1.2. 6.0.
If (ou are usin# hardare load balancin#"
Aust specif( . records for each pool that
contains a %e#istrar. .llos e!ternal
devices to connect b( usin# )IP over
T&) to the %e#istrar internall(.
)%> Xsipinternal.Xtcp.<S%& do!ain>
Xsipinternaltls.Xtcp.<S%&
do!ain>
)pecifies the to )IP 2G/*s for internal
routin#" one for communications over
T,P" and one for T,P communications
that use T&).
. ucupdates-r2.<S%& do!ain> )pecifies the 'eb )ervices portion of the
/evice $pdate 'eb service $%&. The
device appends
:<<6D%e@uest5andlerDucdevice.up!.
Ma=e sure the hardare load balancer
translates e!ternal re@uests to use
06
Type ,alue ote
:<<6D%e@uest5andlerDucdevice.up!.
The e!ternal port is <<6.
ote!
If the pool is alread( deplo(ed" (ou can #et this information from &(nc )erver ,ontrol
Panel on the Topolo#( pa#e b( viein# the 1d#e )erver properties.
D2C( )e5uire$ents
IP phones re@uire the 'eb )ervices $%& and %e#istrar 2G/* from the /5,P server" for
connectivit(. To ma=e sure that the /5,P server can provide IP phones ith the appropriate
information" refer to the #uidelines described in )(stem and Infrastructure %e@uirements for
/evices in the Plannin# documentation.
Security )e5uire$ents
If (ou are alloin# e!ternal access for IP phones" a public =e( infrastructure :PBI; infrastructure
must be in place" and devices must have a valid &(nc )erver 2010 certificate" hich the( obtain
hen the( lo# on and is issued from a public certification authorit( :,.; :recommended; or a
private ,.. This allos the devices to connect to the /evice $pdate 'eb service from outside the
intranet. 2or details" see ,ertificate Infrastructure %e@uirements in the Plannin# documentation.
&d#e Server )e5uire$ents
If (ouIre alloin# e!ternal access for IP phones" deplo( 1d#e )ervers b( folloin# the
instructions in /eplo(in# 1d#e )ervers in the /eplo(ment documentation. 5oever" durin# the
setup process described in )et $p *etor= Interfaces for 1d#e )ervers in the /eplo(ment
documentation" use the folloin# confi#uration information to enable e!ternal access to the
/evice $pdate 'eb service:
In the ,onfi#ure a %everse Pro!( step" confi#ure the reverse 5TTP pro!( to use the /evice
$pdate 'eb service virtual director( https:DD<e'ternal Server FQDN>:<<6 for the e!ternal
$%& for 'eb )ervices and the /evice $pdate 'eb service.
In the ,onfi#ure /*) step" use the information in the folloin# table.
DS )ecords for &0ternal Devices
Type ,alue ote
)%> 1d#e )erver:Xsipe!ternal.Xtls.<S%&
do!ain>" and Xsipe!ternaltls.<S%&
do!ain>
.llos e!ternal devices to
connect b( usin# )IP over
T&) to the %e#istrar
internall(.
. %everse pro!( 2G/*:<server
na!e>.<S%& do!ain>
.llos e!ternal devices to
connect b( usin# T&) over
5TTP to the /evice $pdate
'eb service.
0<
ote!
If the 1d#e )erver is alread( deplo(ed" (ou can #et this information from &(nc )erver
,ontrol Panel on the Topolo#y pa#e b( viein# the 1d#e )erver properties.
00

Lync Server 2010 - Supportability

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Lync Server 2010 - Supportability

Hochgeladen von

Copyright:

Verfügbare Formate

Microsoft Lync Server 2010 Supportability

Das könnte Ihnen auch gefallen