Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412.

Similar presentations


Presentation on theme: "Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412."— Presentation transcript:

1

2 Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412

3

4

5

6

7

8 Home Home NAT Internet

9 Inner FW Perimeter Network Outer FW Work Internet

10 Private Computer NAT/Firewall Private Network Internet Access Edge Internet Computer

11 Inner FW Home Outer FW Work Home NAT Access Edge aw INVITE m/c = a 200OK m/c = w

12 UDP TCP Inner FW Home Outer FW Work Access Proxy a INVITE m/c = a 200OK m/c = w d cb e STUN TURN Server (AV Edge) y x w cand=a,b,c,d,e cand=w,x,y Home NAT

13 Remote, Federated and anonymous users Edge Server Reverse Proxy

14

15 SIP Register Outer Firewall Endpoint Inner Firewall Lync FE Server ms-user-logon-data: RemoteUser sip:Mras.contoso.com 200 OK internet SIP Service edge.contoso.com qq8yXccBc2lwOmFy Wnujl0eo00YkV/5dg= OK Service 200OK Access Edge A/V Edge MRAS MTLS

16 SIP Invite Access Edge A/V Edge MRAS MTLS Service 200OK avedge.contoso.com qq8yXccBc2lwOF Wnujl0eo00YkV/5g= OK Endpoint Outer Firewall Inner Firewall Lync FE Server

17 Demo Log Analysis: MRAS

18 c c UDP TCP e nic a Allocate UDP Allocate TCPa b c d b NAT/Firewall Endpoint localremote candidate list default Media Relay d e MRAS

19 c c nic a Allocate TCPa b NAT/Firewall Endpoint localremote candidate list default Media Relay b c MRAS UDP TCP

20 c c e nic a a b c d NAT/FirewallEndpoint localremote candidate list default UPNP: Add Port Map nic2 f f g g e d Media Relay MRAS b UDP TCP

21 c c d nic a a b c d b NAT/FirewallEndpoint localremote candidate list default y y z nic w w x y z x NAT/FirewallEndpoint localremote candidate list default SIP INVITE c :: a,b,c,dc a b c d 183 Session Progress y :: w,x,y,zy w x y z 200 OK y :: w,x,y,z SIP Edge 21

22 Demo Log Analysis: Candidates

23

24

25

26 Demo Log Analysis: Final Candidates

27 NAT/FW Inner FW A/V Edge Home1 Lync Home2 Lync Work1 Lync A/V MCU Mediation ExchangeUM Access Edge Outer FW (no NAT) UDP 3478 TCP 443 UDP/TCP UDP/TCP Work2 Lync......

28 w1 w1 w1 Access Edge Inner FWA/V Edge Outer FW (no NAT) UDP 3478 TCP 443 UDP/TCP UDP/TCP w2 w2 w2 Work1 Lync A/V MCU Mediation ExchangeUM Work2 Lync

29 h1 h1 h1 Home1 Lync Access Edge h1 h1 UDP 3478 TCP 443 UDP/TCP UDP/TCP w1 w1 w1 Work1 Lync A/V MCU Mediation ExchangeUM Inner FWA/V Edge Outer FW (no NAT)

30 h1 h2 h2 Home1 Lync Access Edge h1 h1 UDP 3478 TCP 443 UDP/TCP UDP/TCP h1 h1 Home2 Lync h2 h2 h2 Inner FW A/V Edge Outer FW (no NAT)

31 w2 w2 Inner FW 2007 Edge Work2 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP UDP/TCP w2 w1 w1 Inner FW 2007 Edge Work1 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP UDP/TCP w1 Outer FWs (no NAT)

32 w2 w2 Inner FW R2/Lync Edge Work2 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP UDP/TCP w2 w1 w1 Inner FW R2/Lync Edge Work1 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP UDP/TCP w1 Outer FWs (no NAT)

33 w2 w2 Inner FW 2007 Edge Work2 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP UDP/TCP w2 w1 w1 Inner FW R2/Lync Edge Work1 Lync A/V MCU Access Proxy UDP 3478 TCP 443 UDP/TCP UDP/TCP w1 Outer FWs (no NAT)

34

35 443 TCP 3478 UDP 443 TCP 3478 UDP 50,000 port range 50,000 port range 443 TCP 3478 UDP 443 TCP 3478 UDP 50,000 port range 50,000 port range 443 TCP 3478 UDP 443 TCP 3478 UDP 50,000 port range 50,000 port range 443 TCP 3478 UDP 443 TCP 3478 UDP 50,000 port range 50,000 port range

36 A/V Edge A/V Edge UDP TCP TLS External Firewall Lync A/V Auth Internal Firewall Lync FE Server Access Edge Service SIP Register SIP Service Issue Load Balancers Allocate UDP Allocate TCP

37

38

39 ICE BootstrapUCCP Log Tip AVEdge Provisioning Search mrasuri for SIP 200OK provisioning response Confirms pool is configured with A/V Edge server AVEdge Credentials Search credentialsRequestID for SIP SERVICE Confirms A/V Edge is running and reachable on internal port TCP5062 ICE NegotiationUCCP Log Tip Address Discovery Search a=candidate to find first INVITE/200OK Check IP addresses of UDP/TCP candidate pairs in INVITE Confirms local endpoint** can reach A/V Edge server Address Exchange Search a=candidate to find first INVITE/200OK Check IP address of UDP/TCP candidate pairs in 200OK Confirms remote endpoint** reach A/V Edge server Connectivity Checks Check Re-Invite (see below) for connectivity check result Confirms connectivity check completed Candidate Promotion Search for “a=remote-candidate” INVITE and 200OK should have only one candidate pair Confirms candidate promotion completed and the path that ICE negotiated

40

41 EXL411: Best Practices in Securing Your Microsoft Lync Server 2010 Edge Servers EXL33-HOL: Deploying a Microsoft Lync Server 2010 Architecture Product Demo Stations: Friday 13:00-15: : TS: Microsoft Lync Server 2010, Configuring : PRO: Microsoft Lync Server 2010, Administrator Find Me Later At…

42 Connect. Share. Discuss. Learning Microsoft Certification & Training Resources TechNet Resources for IT Professionals Resources for Developers

43 Evaluations Submit your evals online

44


Download ppt "Lync Deep Dive: Edge Media Connectivity with ICE Thomas Binder UC Voice Architect – MCS Voice Center of Excellence Microsoft Corporation EXL412."

Similar presentations


Ads by Google