- Microsoft Lync / Skype for Business
- Introduction
- Integration features
- Example on-prem deployment
- On-prem Pexip Infinity configuration
- On-prem Lync/Skype server configuration
- Adding more on-prem nodes or locations
- Example public DMZ deployment
- Public DMZ Infinity configuration
- Configuring Infinity as a Lync/Skype gateway
- Certificate creation and requirements
- Presence and contact lists
- Multiple SIP domains (public DMZ)
- Configuring nodes to work behind NAT
- Firewall ports
- Troubleshooting
- Using Lync/Skype clients with Pexip Infinity
Download Lync/Skype guide as PDF
Adding more nodes or locations to an existing on-prem Lync / Skype for Business deployment
This section explains the steps involved if you need to add additional Conferencing Nodes, or new Lync / Skype for Business
* Note that where this documentation refers to "Lync/SfB", it represents both Microsoft Lync and Skype for Business unless explicitly stated otherwise.
Adding a new Conferencing Node to an existing location
Within Pexip Infinity
Using the names of the example environment described in this guide, you need to:
- Assign a hostname to the Conferencing Node, e.g. in the format eu-pxNN.example.com.
- Assign a DNS A record for this Conferencing Node, registered as eu-pxNN.example.com.
- Add a DNS A record to the pool domain eu-px.example.com so that Lync/SfB will also load balance over this new node.
-
Generate a new single certificate for all of the Conferencing Nodes in the application pool. This new certificate should contain the same name information as the existing certificate, with the addition of the FQDN of the new node as another SAN (Subject Alternative Name).
The new certificate must be uploaded to all of the Conferencing Nodes in the application pool.
For example, before adding the new node, the certificate name information in our example would be:
CN=eu-px.example.com, SAN=eu-px.example.com, px-cn1.example.com, px-cn2.example.com
The name information in the new certificate would be (assuming the new hostname is px-cn3.example.com):
CN=eu-px.example.com, SAN=eu-px.example.com, px-cn1.example.com, px-cn2.example.com, px-cn3.example.com
Within Lync/SfB
You need to add the identity of the new Conferencing Node to the existing Trusted Application Pool, in our example eu-px.example.com:
New-CsTrustedApplicationComputer -Identity eu-pxNN.example.com -Pool eu-px.example.com
and then enable topology:
Enable-CsTopology
Adding new Front End pools (FEPs), locations and Conferencing Nodes
If you have Lync/SfB servers and Conferencing Nodes in other geographic locations, then you should apply the same configuration model for these other locations as described for the Europe location configuration.
For example, if you had the following devices located in the USA:
- 2 Lync/SfB Front End Servers us-lyncfe01 and us-lyncfe02 in a pool us-lyncpool.example.com
- 2 Conferencing Nodes us-px01 and us-px02 in System location US and to be placed in an application pool us-px.example.com
Within Pexip Infinity
-
Generate and assign a server certificate to the US Conferencing Nodes:
commonName = us-px.example.com
altNames = us-px01.example.com, us-px02.example.com, us-px.example.com - Configure the US system location to use:
- the us-lyncpool.example.com Front End pool
- DNS servers on the inside of the network
- a TURN server
- a STUN server.
- Configure DNS records for the US Conferencing Nodes:
- A-records for each Conferencing Node us-px01 and us-px02
- another A-record per Conferencing Node with the host name us-px.example.com (the application pool name of the Conferencing Nodes).
-
Configure the SIP TLS FQDN setting for each US Conferencing Node to reflect its DNS FQDN e.g. us-px01.example.com and us-px02.example.com.
Within Lync/SfB
-
Create a trusted application pool for the Conferencing Nodes.
This command adds a trusted application pool for the Front End pool us-lyncpool.example.com and adds the first node (us-px01.example.com) as a computer in the application pool:
New-CsTrustedApplicationPool -Identity us-px.example.com -ComputerFqdn us-px01.example.com -Registrar us-lyncpool.example.com -Site 1 -RequiresReplication $false -ThrottleAsServer $true -TreatAsAuthenticated $true
-
Add the other Conferencing Nodes in that location to the trusted application pool.
This command adds us-px02 to the new trusted application pool:
New-CsTrustedApplicationComputer -Identity us-px02.example.com -Pool us-px.example.com
-
Create a trusted application for the pool of Conferencing Nodes.
This command creates a trusted application for the us-px.example.com pool:
New-CsTrustedApplication -Applicationid us-px -TrustedApplicationPoolFqdn us-px.example.com -Port 5061
-
Create a static SIP domain route and associate it with the trusted application.
This example creates a static route from the US Front End pool (us-lyncpool.example.com) to the us-px.example.com nodes for the domain vc.example.com:
$newroute = New-CsStaticRoute -TLSRoute -Destination "us-px.example.com" -Port 5061 -MatchUri "vc.example.com" -UseDefaultCertificate $true
Set-CsStaticRoutingConfiguration -Identity "Service:Registrar:us-lyncpool.example.com" -Route @{Add=$newroute}
Note that if there is no existing routing configuration for this registrar, this can be created via:
New-CsStaticRoutingConfiguration -Identity "Service:Registrar:us-lyncpool.example.com"
-
Enable the new topology using the following command:
Enable-CsTopology