Академический Документы
Профессиональный Документы
Культура Документы
Walkthrough: Introduction
This document describes the steps necessary to deploy Microsoft Lync Server 2010 in a lab
environment in a single forest, single domain topology. The deployment of Lync Server 2010 also
includes a consolidated Edge Server for external user access, a reverse-proxy server, and client
machines for testing.
Note:
The deployment of the reverse-proxy server will be covered in this document at a later
date. For installation information, see Forefront TMG Deployment.
Step 1: Prerequisites
Before you deploy and operate Microsoft Lync Server 2010 communications software, you must
first apply the software prerequisites, understand the deployment topology you will be building
and the overall deployment process. The deployment topology for this walkthrough includes an
internal deployment of Lync Server 2010, and the supporting server roles for external user
access. The Lync Server Deployment Wizard prepares Active Directory Domain Services,
configures a local copy of Microsoft SQL Server database software, configures firewalls, and
installs and starts the core services.
1
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
• Walkthrough: Prerequisites
• Walkthrough: Deploy Topology
Walkthrough: Prerequisites
Before you deploy Lync Server 2010, ensure that your environment meets the following
requirements:
• The 64-bit edition of the Windows Server 2008 R2 operating system installed on all
server roles.
• Windows 7 operating system installed on client computers.
• .NET 3.5 SP1 installed on all servers.
• The Microsoft Silverlight browser plug-in installed on Standard Edition Server and
Director.
• Active Directory Administrative tools feature installed on Standard Edition Server
and Director. Installing this feature now prevents a reboot to the servers during deployment.
See Walkthrough: Install Active Directory Administrative Tools for details.
• All clients and servers are up to date with patches from Windows Update.
• Domain controller is running Windows Server 2008 R2 configured as a domain
controller, DNS server, and certification authority (CA).
• Standard Edition Server is running Windows Server 2008 R2 on which you will install
Lync Server 2010.
• Director is running Windows Server 2008 R2 on which you will install the Lync Server
2010 Director role.
• Edge Server is running Windows Server 2008 R2 on which you will install the Lync
Server 2010 Edge Server role.
• Proxy Server is running Windows Server 2008 R2 on which you will install the Microsoft
Forefront Threat Management Gateway (TMG) 2010 software.
Note:
The deployment of the reverse-proxy server will be covered in this document at a
later date. For installation information, see Forefront TMG Deployment
• Three client machines are running the Windows 7 operating system to test features and
external user access.
• This walkthrough uses the default computer administrator account. Once the machines
are domain joined, the default domain\administrator account is also used.
2
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
access, federation, and conferencing with anonymous users. To follow along with this lab,
configure your physical or virtual machines to match the table below.
Caution:
It is highly recommended that all of the physical or virtual computers represented in the
topology are online before starting this lab. Specifically, before you can publish a topology
successfully, the Standard Edition Server and the Director must have computer account
entries in Active Directory Domain Services prior to publishing.
Deploy Topology
1. Set up server as a domain controller, DNS server, and certification authority (CA).
2. Join the Standard Edition Server and the Director as member servers in the
3
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
domain.
3. Join two of the client machines to the domain.
4. Log on to clients and servers as domain members (ie, contoso\administrator), and
not as the local machine administrator (ie, lab-se\administrator).
5. Configure the third client machine, the Edge server, and the reverse-proxy server as
members of a Workgroup.
6. Configure the Edge server with two network cards, with one interface connected to
the internal network and the other connected to the Workgroup.
7. Configure the reverse-proxy server with two network cards, with one interface
connected to the internal network and the other connected to the Workgroup.
4
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
• Walkthrough: Run Lync Server 2010 Setup
• Walkthrough: Prepare Active Directory
• Walkthrough: Update Security Group Membership
IIS Requirements
5
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
6
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
7
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
8
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
9
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
5. Wait for Active Directory replication to complete or force replication to all the domain
controllers listed in the Active Directory Sites and Services snap-in for the forest root
domain controller.
10
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
Walkthrough: Create a Topology
Create a topology
1. From the Microsoft Lync Server 2010 (RC) program group, open Planning Tool.
2. Start the Planning Tool wizard from the beginning by clicking the Get Started button.
3. Select Yes and click Next on the Audio and Video Conferencing page.
4. Select No and click Next on the Dial-In Conferencing page.
5. Select Yes and click Next on the Web Conferencing page.
6. Select No and click Next on the Enterprise Voice page.
7. Select No and click Next on the Call Admission Control page.
8. Select No and click Next on the Monitoring page.
9. Select No and click Next on the Archiving page.
10. On the Federation page, ensure that both boxes are selected and click Next.
11. Select No and click Next on the High Availability page.
12. Select Shared WAN and click Next on the Network Connection page.
13. Click Design Sites.
14. On the Central Sites page, make the following changes:
a. Enter a descriptive name for Site Name. This lab will use Chicago
b. Enter the number of users in your organization. This lab will use 5000
c. Under Online Collaboration, ensure that Dial-in Conferencing is unchecked.
d. Under Server Applications, uncheck Call Admission Control.
e. Click Next to continue.
15. On the SIP Domain page, enter the primary SIP domain. This lab will use
contoso.net. Click Add then click Next.
16. On the Bandwidth Capacity Planning page, accept the default settings and
continue.
17. On the Branch Office page, leave each field blank and continue.
18. On the External User Access page, uncheck Enable high availability for external
users, click Finish, and then click Draw.
19. From the File menu, select Save Topology.
Important:
This copy of the topology file includes sample data populated by the Planning
Tool. In the next section, you’ll modify this sample data and enter information
pertaining to your environment. It’s highly recommended that you keep a backup
copy of this file to retain the sample data information. Create a backup of this
topology named chicago_backup.xml.
11
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
Walkthrough: Export Sample Data
Caution:
For this walkthrough, do not modify the fe01.contoso.net sample data. If you modify this
sample data, you will not be able to publish the topology successfully.
Standard Edition Server See Caution message above. See Caution message above.
12
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
URL
Note:
The 68.107.155.x IP addresses is sample data for this lab. Use appropriate external IP
addresses for your environment.
13
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
Walkthrough: Installing Topology Builder
Install Topology Builder and Import the Topology from the Planning Tool
1. From the Standard Edition Server, open the Lync Server Deployment Wizard.
2. Select Install Topology Builder.
3. From the Microsoft Lync Server 2010 (RC) program group, open Lync Server
Topology Builder.
4. Select Open Topology from a local file
5. From the Open dialog, navigate to the file you saved earlier. This lab used
chicago.tbxml.
14
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
Walkthrough: Edit Edge pools
Parameter Value
15
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
Review Topology
1. In Topology Builder, click on Lync Server 2010 (RC). You should have the following
settings configured:
• Default SIP domain: contoso.net
• Phone access URLS: https://dialin.contoso.net
• Meeting URLs: https://meet.contoso.net
• Administrative access URL: https://admin.contos.net
• Central Management Server: lab-se.contoso.net (Chicago)
2. In the left pane of Topology Builder, navigate to Standard Edition Front End
Servers.
3. Expand the node and select the lab-se.contoso.net pool.
4. Verify the following settings:
16
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
Parameter Value
FQDN lab-se.contoso.net
Conferencing Enabled
Parameter Value
Publish Topology
1. From Topology Builder, select Lync Server 2010 (RC).
2. From the Actions pane, select Publish Topology and click Next.
17
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
18
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
Configure Certificates
1. In the Lync Server Deployment Wizard, next to Step 3: Request, Install or Assign
Certificates, click Run.
2. On the Certificate Wizard page, click Request.
3. On the Certificate Request page, click Next.
4. On the Delayed or Immediate Requests page, accept the default Send the request
immediately option, and then click Next. The internal CA with automatic online
enrollment must be available.
5. On the Choose a Certification Authority (CA) page, accept the default.
6. On the Certification Authority Account page, click Next.
7. On the Specify Alternate Certificate Template page click Next.
8. On the Name and Security Settings page, for Friendly Name enter cert, accept the
remaining defaults, and then click Next.
9. On the Organization Information page, optionally provide organization information,
and then click Next.
10. On the Geographical Information page, optionally provide geographical information,
and then click Next.
11. On the Subject Name / Subject Alternate Names page, click Next.
12. On the SIP Domain setting page, select the SIP Domain and then click Next.
13. On the Configure Additional Subject Alternate Names page, click Next.
14. On the Certificate Request Summary page, click Next.
15. On the Executing Commands page, click Next.
16. On the Online Certificate Request Status page, click Finish.
17. On the Certificate Assignment page, click Next.
18. On the Certificate Assignment Summary page, click Next.
19. On the Executing Commands page, click Finish.
20. When finished, and on the Certificate Wizard page, click Close.
19
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
Walkthrough: Start Services
Start Services
1. In the Lync Server Deployment Wizard, on the Lync Server 2010 page, click the Run
button next to Step 4: Start Services.
2. On the Start Services page, click Next to start the Lync Server services on the
server.
3. On the Executing Commands page, after all services have started successfully,
click Finish.
20
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
Walkthrough: Configure Certificates
Configure Certificates
1. In the Lync Server Deployment Wizard, next to Step 3: Request, Install or Assign
Certificates, click Run.
2. On the Certificate Wizard page, click Request.
3. On the Certificate Request page, click Next.
4. On the Delayed or Immediate Requests page, accept the default Send the request
immediately option, and then click Next. The internal CA with automatic online
enrollment must be available.
5. On the Choose a Certification Authority (CA) page, accept the default.
6. On the Certification Authority Account page, click Next.
7. On the Specify Alternate Certificate Template page, click Next.
8. On the Name and Security Settings page, for Friendly Name enter cert, accept the
remaining defaults, and then click Next.
9. On the Organization Information page, optionally provide organization information,
and then click Next.
10. On the Geographical Information page, optionally provide geographical information,
and then click Next.
11. On the Subject Name / Subject Alternate Names page, click Next.
12. On the SIP Domain setting page, select the SIP Domain and then click Next.
13. On the Configure Additional Subject Alternate Names page, click Next.
14. On the Certificate Request Summary page, click Next.
15. On the Executing Commands page, click Next.
16. On the Online Certificate Request Status page, click Finish.
17. On the Certificate Assignment page, click Next.
18. On the Certificate Assignment Summary page, click Next.
19. On the Executing Commands page, click Finish.
20. When finished, and on the Certificate Wizard page, click Close.
Start Services
1. In the Lync Server Deployment Wizard, on the Lync Server 2010 page, click the Run
button next to Step 4: Start Services.
2. On the Start Services page, click Next to start the Lync Server services on the
server.
3. On the Executing Commands page, after all services have started successfully,
click Finish.
21
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
22
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
23
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
• Walkthrough: Verify DNS Records for Edge Support
• Walkthrough: Configure the DNS Suffix for Edge Servers
• Walkthrough: Request Certificates from the Internal Enterprise CA
• Walkthrough: Configure Network Interfaces for Edge Servers
• Walkthrough: Export Your Topology
Note:
The deployment of the reverse-proxy server will be covered in this document at a later
date. For installation information, see Forefront TMG Deployment
24
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
Walkthrough: Configure the DNS Suffix for Edge Servers
25
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
Walkthrough: Export Your Topology
26
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
27
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
• State/Province: IL
• City/Locality: Chicago
10. On the Subject Name/Subject Alternate Names page, click Next.
11. On the Configure Additional Subject Alternate Names page, click Next.
12. On the Request Summary page, review the certificate information to be used to
generate the request.
13. After the commands complete, click Next.
14. On the Certificate Request File page, click Finish.
Copy the certificate request to your CA and create a certificate for the internal interface
1. Copy internal.req from the Edge server to a location on your Domain Controller
(c:\public\internal.req).
2. On the Domain Controller, open Certification Authority from the Administrative
Tools group.
3. Right-click on contoso-lab-pdc-ca, select All Tasks, then Submit new request.
4. In the Open Request File page, browse to c:\public\internal\req.
5. Save the certificate as c:\public\internal.cer.
6. Copy c:\public\internal.cer to c:\public\internal.cer on the Edge Server.
28
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
Copy the certificate request to your CA and create a certificate for the external
interface
1. Copy external.req from the Edge server to a location on your Domain Controller (ie,
c:\public\external.req).
2. On the Domain Controller, open Certification Authority from the Administrative
Tools group.
3. Right-click on contoso-lab-pdc-ca, select All Tasks, then Submit new request.
4. In the Open Request File page, browse to c:\public\external.req.
5. Save the certificate as c:\public\external.cer.
6. Copy c:\public\external.cer to c:\public\external.cer on the Edge Server.
29
Walkthrough: Microsoft Lync Server 2010 Standard Edition Server with External Access
30