Deploying the Survivable Branch Appliance in Lync Server 2010 for Cisco Integrated Services Router/Service Ready Engine

Microsoft Lync Server 2010 communications software

Published: November 2011

Authors: Karl Good, Jack Wight

Abstract:

This article describes how to use a Cisco 3925 ISR G2 configured with a SRE-900 Service Module (Cisco Service Ready Engine Virtualization (SRE-V) support platform)to bedeployed as a Survivable Branch Appliance (SBA) ina Microsoft Lync Server 2010 environment. In this configuration, Lync Server exists on a virtual installation of Windows Server 2008R2 that is hosted on VMware ESXi.This article includes instructions abouthow to installthe SBA software, configure the device, and integrate it into your Lync Server deployment.

This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.

Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

Copyright © 2011 Microsoft Corporation. All rights reserved.

Contents

What this Article Covers

Prerequisite Knowledge

Audience

System Requirements

Planning to Deploy a Generic SBA

Defining a Static IP Address for an SBA

Defining an Active Directory Name for an SBA

Defining a Central Office Site

Adding a Branch Office Site by Using Topology Builder

To add a branch office site by using Topology Builder

Creating an SBA in a Cisco ISR/SRE Environment

Special Active Directory User Accounts

Setting up Computers running Microsoft Lync 2010

Setting up the Cisco ISR/SRE

Configuring the Cisco Router - Network

Creating a Virtual Windows Image on the Cisco ISR/SRE

Configuring the Cisco Router - Telephony

Establishing PSTN Connections

Installing the SBA Software on a Cisco ISR/SRE

Setting the SBA Registry Key

To set the SBA registry key

Installing the SBA Software

To install the SBA software

To configure the IP settings

To join the domain

To prepare the SBA

To activate the SBA

Homing Users in the SBA

Testing Your New SBA Deployment

Troubleshooting Your SBA and Cisco ISR/SRE Deployment

Summary

Additional Information

Lync Server Resources

What this Article Covers

This article describes how todeploy the software used in a Survivable Branch Appliance (SBA) with MicrosoftLync Server 2010 using a Cisco Integrated Service Router (ISR)/Service Ready Engine (SRE). This article also recommends best practices for the order or tasks to deploy SBAs using a Cisco ISR/SRE.

Prerequisite Knowledge

This article assumes that you have a basic understanding of both Lync Server 2010 and Cisco ISR/SRE platform technology.

Audience

The target audience for this document is information technology (IT) personnel and consultants who plan to deploy and use the Lync Server and Cisco ISR/SRE technology in their environment.

System Requirements

The following table describes the prerequisite software that needs to be deployed on an SBA that doesn't have software pre-installed.

The operating system must be 64-bit Windows Server 2008 R2.

The following table shows the Windows Server 2008 R2 roles and features that must be enabled on the operating system of the SBA.

Type / Item / Description
Operating system component / Windows PowerShell 2.0.
This is available by default on Windows Server 2008 R2. / Required to manage the Lync Server configuration. It can also be used to further automate Lync Server setup and deployment tasks.
Operating system component / Message Queuing:
  • Message Queuing Server and Directory Service Integration features
  • Microsoft .NET Framework: 3.5 SP1, .NET Framework 3.5 SP2, .NET Framework 4.0, or .NET Framework 4.0.30319, enabled using Server Manager on Windows Server 2008 R2
Apply the update Windows6.1-KB974372-x64.msu.For details, see “CLR 2.0 SP2: Managed heap corruption in Office Communications Server” at / Required by Lync Server call detail recording and Archiving agent to queue call detail records and archived instant messages. These records are then read by the call detail recording and Archiving Servers in the central office site.

Note All computer systems are set up with IPv4 enabled. IPv6 is not supported.

Planning to Deploya Generic SBA

The following sections describe planning considerationsfor successfully deploying a genericSBA.

Defining a Static IP Address for an SBA

To create a static IP address and name for an SBA, follow this step:

  1. Click Start, click Control Panel, double-click Administrative Tools, and then double-click DNS Manager.
  2. Create a static IP address and name for the SBA.

Defining an Active Directory Name for an SBA

Topology Builder requires that the names used for an SBA computer be defined in Active Directory, and have a specific attribute set indicating that Topology Builder may use the name in a topology definition. To create the name, follow these steps:

  1. Click Start, click Control Panel, double-click Administrative Tools, double-click Active Directory Users and Computers, and then create a Computer for the static IP name, domain joinable by an SBA Technician member:

  1. Save the entry.
  2. Using AdsiEdit to editthis entry’sservicePrincipalName property, add the following: HOST/<FQDN>. The fully qualified domain name (FQDN) is the same as the static IP Domain Name System (DNS) entry.
  3. Save and close AdsiEdit.The FQDN can now be used by Topology Builder.

Defining aCentral Office Site

Under most circumstances, a customer’s topology already exists, and any new SBA is added to it. Setting up a new central office site is beyond the scope of this document. For details about Lync Server Topology Builder and defining a central office site, see “Deploying Lync Server 2010 Standard Edition into an Existing Lync Server 2010 Enterprise” at .

Before deploying any SBA, a customer must always add a definition in their topology for the new SBA. If the SBA is not defined, activating the SBA will fail when it is deployed. This is a standard prerequisite and has no special requirements for anSBA for a Cisco ISR/SRE.

For the purposes of this guide, the following topology is used as an example of an existing customer topology.

The central office site configuration is either a Lync Server Enterprise Edition or single Standard Edition environment.

The Cisco ISR/SRE is deployed in a separate subnet as the branch office site configuration.

Note In this example, the public switched telephone network (PSTN) gateway’s IP address, 10.10.10.10, is configured for the central office site.

Adding a Branch Office Site by Using Topology Builder

A branch office site can be considered a container for one or more SBAs that are related to oneanother. An SBA can be added only to a branch office site. Create branch office sites by using the following steps.

To add a branch office site by using Topology Builder

  1. Open Topology Builder by clicking Start, All Programs, Microsoft Lync Server 2010, and then click Lync Server Topology Builder.

  1. In the tree view pane, do one of the following options:
  • If you've used the Planning Tool to design your Enterprise Voice topology, expand the Branch sites node, and then expand the name of the branch site you previously specified. Next, proceed to step 3.
  • If you didn't use the Planning Tool, right-click the Branch sites node, and then click New Branch Site.
  1. Click Name, and then type the name of the branch office site. This field is required.
  2. Optional> Click Description, and then type a meaningful description for the branch office site.
  3. Optional> Click Country/Region Code, and then type the two-digit calling code for the country/region in which the branch office site is located.
  4. Optional> Click State/Province, and then type the name of the state or province in which the branch site is located.
  5. Optional> Click City, and then type the name of the city in which the branch office site is located.
  6. Click Next to create the branch office.The Branch Office wizard appears.
  7. Type aFQDN (in this example, SBA1.WestCoast.contoso.com).
  8. Complete the wizard by responding to its prompts.

In this example, the branch office site, WestCoast, contains the SBA, SBA1.WestCoast.contoso.com.

Note In this example, the PSTN gateway’s IP address, 10.10.101.10, is configured for the branch office.

  1. To create more branch office sites, repeat steps 1-10

Creating an SBA in a Cisco ISR/SRE Environment

Understanding when and where to deploy the SBAand Cisco ISR/SRE is an important part of your architecture design phase. The following figure shows both the physical placement and the logical placement of the SBA and Cisco ISR/SRE in relation to the location of your branch office sites.

A Windows Server 2008 R2 internal certification authority (CA) is set up on the topology domain controller to provide certificates for all servers.

Special Active Directory User Accounts

There are no unique Active Directory user account requirements for an SBA and Cisco ISR/SRE environment. As a Lync Server best practice, we recommend definingSBATechniciandomain users who are members of the Lync Server security group RTCUniversalSBATechnicians. Members of this group are allowed all Lync Server administrative permissions on an SBA and should be added to the SBA local administrators group. Otherwise, a domain administrator must be the SBA Technician.

Active Directory user accounts can be configured to be Microsoft Lync-enabled with Enterprise Voice and enabled for Remote Access. Additionally, user accounts can be set up to use the SBA as their primary Registrar.

As an example of two user accounts, additionaldetails about typical Active Directory settings for an SBA and Cisco SRE-V follow. There is nothing an administrator needs to configure in this example, except to simply note the reference to primary Registrar, ‘RegistrarPool=sba02.contoso.com.’

Setting up Computers running Microsoft Lync 2010

Any generic laptops can be used to represent the endpoint clients running Lync 2010. To determine your minimum system requirements for clients running Lync 2010, see “Client System Requirements” at .

Both computers are configured with static IP Addresses on the 172.16.0.0/24 subnet – the same subnet as the Lync Server Standard Edition server. The DNS is configured to use the contoso.com domain controller at 172.16.0.11.

Media bypass attempts a direct connection between the client running Lync 2010 and the Cisco gateway (172.16.1.100).

The laptops’ configuration consists of the following specifications:

  • 64-bit Windows 7 Enterprise operating system
  • OptionalDomain disjoined (Workgroup)
  • Intel Core I5 CPU M 520 2.40Ghz
  • 4-GB Ram
  • Lync 2010 Client Version 4.0.7577
  • Microsoft Office 2010 Professional
  • LyncTestComputer1: 172.16.0.5
  • LyncTestComputer2: 172.16.0.6

Setting up the Cisco ISR/SRE

Before deploying the SBA,the following Cisco-specific tasks must be performed. Following these tasks, the virtual Windows Server will be running on the SRE-V and able to interact with the customer topology:

  • Configure the Cisco router
  • Configure the Cisco SRE service-module interface
  • Configure the Cisco VLAN
  • Create the virtual Windows Server 2008 R2 image hosted by the Cisco SRE-V

Configuring the Cisco Router - Network

Routing between the virtual sites is facilitated through the Ethernet Port on the Cisco 3925 that is directly connected to a Layer 2 switch that acts as a common backbone for both environments.

We used the Cisco IOS CLI commands to configure each of the interfaces on the router. For the VLAN1 interface, we chose MGF Layer 2 Switched Configuration.For details, see “Configuring the Cisco SRE Service Module Interfaces” on the Cisco website. The following summarizes this configuration.

From the Host-Router CLI, enter:

enable

configure terminal

Configure slot/0 of the Console Manager:

interface SM2/0

ip unnumbered GigabitEthernet0/0

service-module ip address 192.168.5.92 255.255.255.0

service-module ip default-gateway 192.168.5.90

service-module mgf ip address 172.16.1.20 255.255.255.0

no shut

exit

ip route 192.168.5.92 255.255.255.255 SM2/0

Configure slot/1 of the Console Manager:

interface SM2/1

switchport mode trunk

description Internal switch interface connected to Service Module

exit

Configure VLAN1:

interface vlan 1

ip address 172.16.1.100 255.255.255.0

ip helper-address 172.16.0.11

no shut

exit

copy running-config startup-config

Creating a Virtual Windows Image on the Cisco ISR/SRE

In the following example,VMware vSphere Clientis used to create and monitor the virtual Windows 2008 Server R2 image running on the Cisco ISR/SRE (172.16.1.20). Complete instructions from Cisco are available at

The workflow for creating a VM is:

  1. Download and install the vSphere Client.
  2. Start the client and indicate the SRE.
  3. Open Create a new virtual machine from the Getting Started page.
  4. ClickTypical.
  5. ClickName and Location–This should match the new SBA name, but this is only the image name.
  6. ClickDatastoreand select default.
  7. ClickGuest Operating System value of Microsoft Windows Server 2008 R2 (64-bit).
  8. Click Create a Disk(default 40GB).
  9. ClickFinish.

The VM is created in a few seconds and reports it is ready. At this point, the guest operating system is ready to be installed. By default, when powered up, the image attempts to PXE boot off the network. If not,use the vSphere Client to mount an Operating System installation CD/DVD, and power up the image. In either case, you mustinstall Microsoft Windows Server 2008 R2 (64-bit). Installation is standard.It is not necessary to join the domain at this time.

The following screenshots show the virtual image summary.

Resource allocation:

Configuring the Cisco Router - Telephony

The SBA is now up and running as a standard Windows Server. It can contact both the topology as well as the router. The next step is to configure the router for Telephony.

Again, from the Host-Router CLI, enter:

enable

configure terminal

isdn switch-type primary-ni

controller T1 0/0/0

pri-group timeslots 1-24

exit

interface Serial0/0/0:23

no ip address

isdn switch-type primary-ni

isdn incoming-voice voice

no cdp enable

exit

dial-peer voice 302 pots

service session

destination-pattern 91......

no digit-strip

port 0/0/0:23

exit

dial-peer voice 300 voip

service session

destination-pattern ......

session protocol sipv2

session target ipv4:172.16.1.21:5068

session transport tcp

voice-class sip options-keepalive down-interval 65 retry 3

dtmf-relay rtp-nte

codec g711ulaw

exit

dial-peer voice 303 pots

service session

destination-pattern 1......

no digit-strip

port 0/0/0:23

prefix 9

exit

sip-ua

sip-server ipv4:172.16.1.21:5068

exit

gatekeeper

shutdown

exit

This configuration is an example only. The customer configuration and switch type will probably differ. See the Cisco website for additional configuration guides.

Note Cisco is not configured for Transport Layer Security/secure real-time transport protocol (TLS/SRTP) as Cisco does not support TLS and SRTP interoperability with Lync Server.

Establishing PSTN Connections

A primary rate interface (PRI) or time division multiplexing (TDM) connection can be connected to the PRI port on the Cisco SRE 900 Series Router.

Important The following entries are provided as examples only. You need to communicate with your switch provider for specific details.

Example: An outbound dial-peer is defined to route calls to a PRI connection by using the following entry:

dial-peer voice 302 pots

destination-pattern 91......

no digit-strip

port 0/0/0:23

There are two inbound dial-peers:

  • ‘300’ is the primary (implicit ‘preference 0’) option routes inbound PSTN calls to the Lync Server SBA IP (172.16.1.21).
  • ‘301’ is used when the router detects that the primary dial-peer is not responding, and routes to some other server running Lync Server (in this case, the Datacenter Lync Server).

The inbound dial-peers have the following key features:

  • Keepalive — Enables the SIP OPTIONS message by which the router determines the state of the associated SIP target (Lync Server).
  • Preference — Indicates to the router which dial-peer will be evaluated first.
  • Session — Protocol, target, and transport are required.
  • Codec and Destination-pattern as per customer requirements

Example: The inbound dial-peer routes PSTN calls to Lync Server by using the following entry:

dial-peer voice 300 voip

destination-pattern ......

session protocol sipv2

session target ipv4:172.16.1.21:5068

session transport tcp

voice-class sip options-keepalive down-interval 65 retry 3

dtmf-relay rtp-nte

codec g711ulaw

!

Example: The following failover dial-peer is used only if the preceding dial-peer (300) fails to receive an answer to its ‘options-keepalive.’

dial-peer voice 301 voip

preference 1

destination-pattern ......

session protocol sipv2

session target ipv4:172.16.0.15:5068

session transport tcp

voice-class sip options-keepalive down-interval 65 retry 3

dtmf-relay rtp-nte

codec g711ulaw

!

Installingthe SBA Software on a Cisco ISR/SRE

Follow these manual steps to install the SBA on the virtual Windows Server 2008 R2 image:

  • Setting the SBA registry key
  • Installing the SBA Software

Setting the SBA Registry Key

Before you install Lync Server SBA software components, you must set the following registry key.

To set the SBA registry key

  • Add an Appliance registry key to the following location:
  • HKLM\SOFTWARE\Microsoft\Real-Time Communications\Deployment

The Applianceregistrykeyis of type DWORD and it must be set to value 1.