Link to home
Start Free TrialLog in
Avatar of BSModlin
BSModlinFlag for United States of America

asked on

Lync Server 2010 Central/Branch Site and PBX Questions

I am planning a deployment on Lync 2010 and have questions. We have a corporate office that houses ALL servers, and roughly 100 employees.  We also have 2 other offices connected to the Corporate office via MPLS (each remote office has a 20MG metro and the Corporate office has a 40MG metro).  The remote servers DO NOT have any servers locally, and currently connect back to corporate for everything (including internet access).  The remote locations have roughly 20 employees each.

When creating my topology running the planning tool & topology builder, do I create a central site AND branch sites?  I do not want to install a Survivable branch appliance or server at they remote locations.
The features we want to use mainly are Chat, Presence, Video Conferencing, External User Access, and External services like Yahoo, MSN, etc.  We do not want to connect our existing PBX to the Lync system, at all.  What roles can I, and must I exclude since we will not be utilizing the PBX (Phones) at all?
If I do NOT install an Archiving Server will the users still be able to see any chat history and if so how much?  I am assuming the Archive Server holds ALL conversations forever (or a predetermined amount of time).

Sorry for all the questions, but I am deploying in a week and have a lot of planning to do prior!!  THANK YOU!!

ASKER CERTIFIED SOLUTION
Avatar of jeiben812
jeiben812
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of BSModlin

ASKER

Man, all that info was VERY helpful.... I have one last question regarding SSL certs....  I will be purchasing the necessary cert(s) from GoDaddy.  My question is since I am going to be allowing external access via an Edge Server do I need 2 certs, one for the Lync Server and one for the Edge server?  If so, what subject alt. names need to be included for both servers?

Example:

dialin.xyz.com
meet.xyz.com
conf.xyz.com

Which servers require what alt. names?

You will need three certs, actually...  

1. The internal cert for the Lync Front End (or Standard) server itself.
Subject: <Pool FQDN>
SANs: <_sipinternaltls SRV record FQDN>, <Pool FQDN>, <Front End Server FQDN>, <dialin FQDN>, <meet FQDN>, <admin FQDN>, <web services FQDN>

2. The internal cert for the Lync Edge server that secures the connection to the Lync Front End.
Subject: <Edge Pool/Server FQDN>
No SANs

3. The external cert for the Lync Edge server that secures the external connections.
Subject: <External _sip._tls SRV record FQDN>
SANs: <External _sip._tls SRV record FQDN>, <conf FQDN>

The Lync setup wizard does a good job of walking you through generating the certificate requests.  You just need to make sure all the SANs match your implementation.

--Jeff
I am a bit confused.... I am not using multiple front end or Edge servers...  Why would I need to purchase 2 certs for one edge server?
The connection between the Edge server and the Front End server must also be secured.  That is why the Edge server needs 2 certs.  This cert is only used between the two servers, so there is no need for 3rd-party signing.  I recommend using the domain CA for this cert.

Honestly, I went with domain-signed certs for all purposes to avoid the costs of the 3rd-party certs.  It's a minor inconvenience for the users to have to verify that they want to continue to the site, and it doesn't affect the Lync client behavior at all.

--Jeff
And will the Edge Server wizard help me create requests for both certs?
Yes, it will.

--Jeff