Saltar al contenido
Inicio / Comunicaciones Unificadas / Lync Server / Deploying Lync in a Multi-Forest Architecture (Partner Hosted Lync with Exchange Hybrid)

Deploying Lync in a Multi-Forest Architecture (Partner Hosted Lync with Exchange Hybrid)

Excelente documento que no debeis dejar de leer si queréis implementar Lync Server en Hosted y con un Exchange Server en un entorno híbrido, además claramente en un entorno Multi Bosque: Deploying Lync in a Multi-Forest Architecture (Partner Hosted Lync with Exchange Hybrid)

Exchange_Forest_Lync_Hosted.JPG
Aquí tenéis el índice del documento,
1      Introduction. 1
1.1      What problem are we trying to solve?. 1
2      About this document 2
2.1      Document scope. 2
2.2      Document assumptions. 3
2.3      Naming conventions. 3
3      Environment design and configuration. 3
3.1      Public Key Infrastructure (PKI) 3
3.2      User management and provisioning. 3
3.3      General environment configuration. 3
4      Overview of the multi-forest model 4
4.1      Customer on-premises Environment (Customer user forest) 6
4.2      Lync in a partner data center (Partner-hosted Resource Forest) 7
4.3      Exchange Online (Multi-Tenant Resource Forest) 8
4.4      Deployment considerations. 8
5      Prerequisites for configuring Lync Server with Exchange Online. 9
5.1      Public Key Infrastructure (PKI) 9
5.2      Domain Name System (DNS) 9
5.3      Trust relationships. 11
5.3.1      Active Directory Forest Trust 11
5.3.2      Office 365 Federation Trust 11
5.4      Active Directory Synchronization (DirSync) 11
5.4.1      Directory Synchronization with Exchange Online. 12
5.4.1.1        Exchange Online Attribute Write-back. 12
5.4.2      Directory Synchronization Tools. 12
5.4.3      Manual vs. Automated DirSync. 13
5.5      Authentication (AuthN) 13
5.5.1      Resource Provider vs. Identity Provider 13
5.5.2      Lync Client Authentication. 13
5.5.3      Exchange Online Client Authentication. 14
5.5.4      Pass Through Authentication. 14
5.5.5      Claims Based Authentication. 15
5.5.6      Endpoint authentication types. 15
5.5.6.1        Passive (web) clients. 16
5.5.6.2        Exchange Online Outlook Web Access Client Authentication Details (Always external) 16
5.5.6.3        MEX (rich) clients. 17
5.5.6.4        Active clients. 17
5.5.7      Password Synchronization. 18
5.6      Federation. 19
5.6.1      Microsoft Federation Gateway. 19
5.6.2      Identity federation. 20
5.6.3      Single Sign-On (SSO) for Lync. 20
5.6.4      Single Sign-On (SSO) for Exchange Online. 20
5.6.5      Active Directory Federation Services (AD FS) 20
5.6.6      Federation server proxy. 21
5.6.7      AD FS High Availability. 21
5.6.8      Smart links. 21
5.6.9      Identity management 22
6      Scenario A: Lync Server with Exchange Online (Multi-tenant) Implementation Details. 22
6.1      Initial Forest Configuration. 23
6.1.1      Step 1 – Make Changes to Global DNS Settings. 23
6.1.1.1        Create / Modify Internal DNS Records. 24
6.1.1.2        Create / Modify External DNS Records. 25
6.1.1.3        Additional considerations. 26
6.1.2      Step 2 – Configure Customer User Forest 26
6.1.2.1        Update Root Certificate Authority. 26
6.1.2.2        Configure the Customer user forest for SSO with Exchange Online. 27
6.1.2.3        Establish Directory Synchronization with the Lync Resource Forest Active Directory  27
6.1.2.4        Automate Lync Identity Management Process. 27
6.1.2.5        Establish Directory Synchronization with the Exchange Online resource forest Active Directory  28
6.1.2.6        Automate Exchange Identity Management Process. 28
6.1.2.7        Order Certificates for Lync and Exchange. 28
6.1.2.8        Configure DNS to locate services in the Lync and Exchange Online resource forests  29
6.1.3      Step 3 – Configure the Lync Resource forest 29
6.1.3.1        Establish Trust 29
6.1.3.2        Update Root CA. 29
6.1.3.3        Configure DNS to locate services in the Customer User Forest and Exchange Online resource forest 30
6.1.3.4        Prepare the Lync Resource Forest Active Directory for Lync. 30
6.1.3.5        Install and Configure Lync Server Using Microsoft Best Practices. 30
6.1.3.6        Install and Configure PSTN connectivity. 31
6.1.3.7        Configure the Lync Resource Forest for Exchange Online UM.. 31
6.1.3.7.1     Configure the Edge Server for Integration with Exchange Online UM.. 31
6.1.3.8        Create a Hosted Voice Mail policy. 31
6.1.4      Step 4 – Configure Exchange Online Resource Forest 32
6.2      Ongoing Identity Management 32
6.2.1      Step 1 – Create New Active Directory Account(s) 32
6.2.1.1        Create new Active Directory user accounts from an authoritative source. 32
6.2.1.2        Add attributes manually. 32
6.2.1.3        Add Exchange Online URL to IE Trusted Sites list 32
6.2.1.4        Step 2 – Provision Accounts for Lync. 33
6.2.1.4.1     Create disabled user accounts in the Lync resource forest 33
6.2.1.4.2     Enable the Lync disabled user accounts. 33
6.2.1.4.3     Configure disabled user accounts for Exchange Online UM.. 33
6.2.1.4.4     Enable the disabled user accounts to receive UM messages. 33
6.2.1.4.5     Synchronize Lync resource forest disabled user account with Customer user forest account 33
6.2.1.4.6     Optional: Enable OWA for IM integration. 34
6.2.1.5        Confirm Attribute Mapping (Customer user forest to Lync resource forest) 34
6.2.1.6        Step 3 – Provision Mailbox Accounts for Exchange Online. 35
6.2.1.6.1     Create enabled user accounts in the Exchange Online resource forest 36
6.2.1.6.2     Configure the Exchange enabled user accounts. 36
6.2.1.6.3     Create an Exchange mailbox. 36
6.2.1.6.4     Synchronize Exchange Online resource forest enabled user account with the corresponding enabled user account in the Customer user forest 36
6.2.1.6.5     Enable Lync EUM routing. 36
6.2.1.6.6     Confirm Attribute Mapping (Customer user forest to Exchange Online resource forest) 36
6.2.1.6.7     Confirm Attribute Mapping required for Exchange Rich Coexistence (Customer user forest) 38
7      Scenario B – Lync Server with Exchange Hybrid (Online Multitenant with on-premises) 39
7.1      Initial Forest Configuration. 39
7.1.1      Step 1 – Make Changes to Global DNS Settings. 40
7.1.1.1        Create / Modify Internal DNS Records. 40
7.1.1.2        Create / Modify External DNS Records. 41
7.1.2      Step 2 – Configure Customer User Forest 43
7.1.2.1        Update Root CA. 43
7.1.2.2        Configure the Customer user forest for SSO with Exchange Online. 43
7.1.2.3        Establish Directory Synchronization with the Lync Resource Forest Active Directory  44
7.1.2.4        Automate Lync Identity Management Process. 44
7.1.2.5        Establish Directory Synchronization with the Exchange Online resource forest Active Directory  44
7.1.2.6        Automate Exchange Identity Management Process. 45
7.1.2.7        Order Certificates for Lync and Exchange. 45
7.1.2.8        Configure DNS to locate services in the Lync and Exchange Online resource forests  46
7.1.3      Step 3 – Configure Lync Resource Forest 46
7.1.3.1        Establish Trust 46
7.1.3.2        Update Root CA. 47
7.1.3.3        Configure DNS to locate services in the Customer User Forest and Exchange Online resource forest 47
7.1.3.4        Prepare the Lync Resource Forest Active Directory for Lync. 47
7.1.3.5        Install and Configure Lync Server Using Microsoft Best Practices. 48
7.1.3.6        Install and Configure PSTN connectivity. 48
7.1.3.7        Configure the Lync Resource Forest for Exchange Online UM.. 48
7.1.3.7.1     Configure the Edge Server for Integration with Exchange Online UM.. 48
7.1.3.7.2     Create Hosted Voice Mail Policy. 49
7.1.3.8        Configure the Lync Resource Forest for Exchange on-premises UM.. 49
7.1.3.8.1     Prepare Exchange for Active Directory. 50
7.1.3.8.2     Apply ACLs to Lync resource forest Active Directory containers. 50
7.1.3.8.3     Import the Active Directory modules for Windows PowerShell 50
7.1.3.8.4     Manually create Exchange UM Dial Plans in the Lync resource forest 50
7.1.3.8.5     Manually create Exchange UM Server objects in the Lync resource forest 51
7.1.3.8.6     Manually associate the UM Server object with the UM DialPlan object 51
7.1.3.8.7     Manually create an Exchange Auto Attendant in the Lync resource forest: 52
7.1.3.8.8     Run the Exchange UM Integration tool ocsumutil.exe. 52
7.1.3.8.9     Validate Successful Creation of Exchange UM DialPlan and UM Server objects  52
7.1.4      Step 4 – Configure Exchange Online Resource Forest 53
7.2      Ongoing Identity Management 53
7.2.1      Step 1 – Create New Active Directory Account(s) 53
7.2.1.1        Create new Active Directory user accounts from an authoritative source. 53
7.2.1.2        Add attributes manually. 53
7.2.1.3        Add Exchange Online URL to IE Trusted Sites list 53
7.2.2      Step 2 – Provision Accounts for Lync. 53
7.2.2.1.1     Create disabled user accounts in the Lync resource forest 53
7.2.2.1.2     Enable the Lync disabled user accounts. 54
7.2.2.2        Configure disabled user accounts for Exchange Online UM.. 54
7.2.2.3        Enable the disabled user accounts to receive UM messages. 54
7.2.2.4        Synchronize Lync resource forest disabled user account with Customer user forest account 54
7.2.2.5        Optional: Enable OWA for IM integration. 54
7.2.2.6        Confirm Attribute Mapping (Customer user forest to Lync resource forest) 55
7.2.3      Step 3 – Provision Mailbox Accounts for Exchange Online. 56
7.2.3.1.1     Create enabled user accounts in the Exchange Online resource forest 57
7.2.3.1.2     Configure the Exchange enabled user accounts. 57
7.2.3.2        Create an Exchange mailbox. 57
7.2.3.3        Synchronize Exchange Online resource forest enabled user account with the corresponding enabled user account in the Customer user forest 57
7.2.3.4        Enable Lync EUM routing. 57
7.2.3.5        Confirm Attribute Mapping required for Exchange Rich Coexistence (Customer user forest) 57
7.2.4      Step 4 – Provision Mailbox Accounts for Exchange on-premises. 58
8      Appendix A. 59
8.1      Resources. 59
8.2      Lync Resource Forest Modifications Required to Support Hosted UM.. 60
8.2.1      Lync Hosted Voice Mail policy. 61
8.3      Claims Based Authentication Example. 62
8.4      How Single Sign on (SSO) Works in Office 365. 62
8.5      Manual Account Creation Process. 65
Etiquetas:

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

¡Comparte!
Share This