IM AND PRESENCE
1. lyncdiscoverinternal.<sip-domain>
2. lyncdiscover.<sip-domain>
Direction of arrow indicates which 3. _sipinternaltls._tcp.<sip-domain>
server initiates the connection. 4. _sipinternal._tcp.<sip-domain>
SIP traffic: signaling and IM Subsequent traffic is bi-directional. 5. sipinternal.<sip-domain>
6. sip.<sip-domain>
XMPP traffic HTTPS:443
Active Directory
HTTPS traffic Domain Services
This port is used to connect to Lync Web Services:
MSMQ traffic - download the Address Book
- connect to Address Book Web query URL Address book &
Diagram v6.9 CLS traffic - provide distribution list expansion Persistent Chat file share.
- download meeting content
External user sign-in process: - connect to the Mobility Service
1. Client discovers Edge Server: - connect to the AutoDiscover Service
a. lyncdiscoverinternal.<sip-domain> - connect to Dial-in URL File Share
b. lyncdiscover.<sip-domain> - connect to Lync Web App Server
c. _sipinternaltls._tcp.<sip-domain> - connect to CertProvisioningService
HTTPS:443
Publish rule for port 4443 to
@DrRez
d. _sipinternal._tcp.<sip-domain> set forward host header to
SIP/TLS:5061
SIP/TLS:5061
e. _sip._tls.<sip-domain> Director redirects Web
true. This ensures the
f. sipinternal.<sip-domain> traffic to destination
original URL is forwarded.
g. sip.<sip-domain> pool s Web Service. Ports to load balance by HLB:
h. sipexternal.<sip-domain> - 80
2. Client connects to Edge Server. - 8080
3. Edge Server proxies connection to Director. - 443
HTTPS:443 HTTPS:4443 - 4443
4. Director authenticates user and proxies
connection to user s home pool. - 5061 [can use DNS load balancing]
Directors Enterprise
Reverse proxy
Pool
DNS CONFIGURATION http://technet.microsoft.com/en-us/library/gg398758.aspx HTTPS:4443
CLS/MTLS:50001-50003
DNS TYPE VALUE RESOLUTION PURPOSE
SIP/MTLS:5041
A meet URL pool IP address Lync Server Web Service XMPP Access Edge - SIP/MTLS:5061
CLS/MTLS:50001-50003 CLS/MTLS:50001-50003
A dial-in URL pool IP address Lync Server Web Service federation
A internal Web Services FQDN pool IP address Lync Server Web Service Edge Pool
CERTIFICATE REQUIREMENTS
SRTP/UDP:49152-65535
Video Conferencing
Conferencing ServiceService
Director 1, Director 2
WITHOUT going through the
SRTP, ICE: STUN/TCP:443, UDP:3478 pool s hardware load balancer.
balancer
PSOM/TLS:8057
FQDN: dir.<ad-domain>
A/V Edge – SRTP:443,3478
Directors
Certificate SN: dir.<ad-domain>
SIP/TLS:5061
HTTPS:443 is
HTTPS:443
Certificate SAN: dir.<ad-domain>, Lync used to
sipinternal.<sip-domain>, If client connects on port 80, federation download
Directors
sip.<sip-domain>, it gets redirected to port 443 conferencing
lyncdiscoverinternal.<sip-domain>, content.
lyncdiscover.<sip-domain>, Meeting content
admin URL, + metadata +
meet URL, compliance file
dial-in URL share.
EKU: server
Root certificate: private CA
Access Edge - SIP/TLS:443 SIP/MTLS:5061 SIP/MTLS:5061
Persistent Chat Server FQDN: chatsrv.<ad-domain> Web Conf Edge - PSOM/TLS:443 PSOM/MTLS:8057
Certificate SN: chatsrv.<ad-domain>
Certificate SAN: N/A A/V Edge - STUN/TCP:443, UDP:3478 SRTP, ICE: STUN/TCP:443, UDP:3478
EKU: server, client
Root certificate: private CA SIP/MTLS:5062 Enterprise
A/V Edge – SRTP:443,3478,[TCP:50,000-59,999] Edge Pool File Share
Pool
Server
TCP port range, 50,000-59,999, only needs to be open outbound.
HTTPS:443
FQDN: medsrv.<ad-domain> TCP/UDP port range, 50,000-59,999, needs to be open inbound MRAS traffic.
Mediation Server
Certificate SN: medsrv.<ad-domain> Two inbound and two and outbound to the Internet for federation with partners running
Director redirects Web
Certificate SAN: N/A outbound Office Communications Server 2007.
traffic to destination
EKU: server unidirectional streams. pool s Web Service.
Root certificate: private CA
TCP:443 must be open HTTPS:4443
inbound. HTTPS:443
HTTPS:443 HTTPS:443
Branch Appliance FQDN: sba.<ad-domain> UDP:3478 must be
Certificate SN: sba.<ad-domain> open both inbound Reverse proxy
Certificate SAN: sba.<ad-domain> and outbound.
EKU: server Office Web
Root certificate: private CA External Internal
Apps Server
firewall firewall
FQDN: wacsrv.<ad-domain>
Office Web Apps Server Certificate SN: wacsrv.<ad-domain>
Certificate SAN: wacsrv.<ad-domain>
EKU: server
Root certificate: private CA
APPLICATION SHARING RDP/SRTP/TCP:1024-65535
Peer-to-peer
Exchange UM Server FQDN: umsrv.<ad-domain> application
Certificate SN: umsrv.<ad-domain> sharing session.
SIP traffic
Certificate SAN: N/A
EKU: server RDP/SRTP traffic
Root certificate: private CA
RDP/SRTP/TCP:49152-65535
HTTPS traffic
dial-in URL,
wacsrv.<ad-domain>
EKU: server
Root certificate: public CA
MRAS traffic.
Reverse proxy
If client connects on port 80,
it gets redirected to port 443
Enterprise Pool
(CMS master)
named instance
ENTERPRISE VOICE the topology, callee checks
the Front End Server s
Bandwidth Policy Service.
If no Edge Server is defined in
the topology, callee checks
the Front End Server s
SRTP,ICE: STUN/TCP:443
Bandwidth Policy Service.
SIP traffic
HTTPS:4443 TCP:1433
RTP/SRTP traffic Media bypass: audio routed TURN/TCP:443, UDP:3478
directly to gateway
Back-end bypassing Mediation Server.
Call Admission Control (CAC) traffic
Edge Pool SQL Server
UDP:3478
SRTP/RTCP:30,000-39,999
STUN/UDP:3478
- G.711
ICE: STUN/TCP:443,
Director. If no Director
SIP/TLS:5061
is available, federation
Director traffic goes directly to
Directors
STUN/TCP:443,
Enterprise Pool
TURN/TCP:448
(CMS replica) MRAS traffic. SIP/TLS:5061
SRTP,
Enterprise Pool
SIP/MTLS:5061 SIP/MTLS:5061, 5071
SIP/MTLS:5061
Access Edge - SIP/TLS:443 HTTPS:444
Mediation Pool SIP/MTLS:5062
(CMS replica) A/V Edge – ICE: STUN/TCP:443, STUN/UDP:3478 SIP/MTLS:5062
Branch
SRTP, ICE: STUN/TCP:443, UDP:3478 Appliance
Standard Edition A/V Edge – SRTP:443,3478,[TCP:50,000-59,999]
Server
(CMS replica) Edge Pool
SIP/MTLS MRAS traffic.
SRTP/RTCP:49,152-57,500
© 2013 Microsoft Corporation. All rights reserved. Active Directory, Lync, Skype, and any associated logos are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other trademarks or trade names mentioned herein are the property of their respective owners.