Topic Last Modified: 2011-04-05
Federation is a trust relationship between two or more SIP domains that permits users in separate organizations to communicate across network boundaries. After you migrate to your Lync Server 2010 pilot pool, you need to transition from the federation route of your Microsoft Office Communications Server 2007 R2 Edge Servers to the federation route of your Microsoft Lync Server 2010 Edge Servers.
Use the procedures that follow to transition the federation route and the media traffic route from your Office Communications Server 2007 R2 Edge Server and Director to your Lync Server 2010 Edge Server and Director, for a single-site deployment.
Important: |
---|
Changing the federation route and media traffic route requires that you schedule maintenance downtime for the Lync Server 2010 and Office Communications Server 2007 R2 Edge Servers. This entire transition process also means that federated access will be unavailable for the duration of the outage. You should schedule the downtime for a time when you expect minimal user activity. You should also provide sufficient notification to your end users. Plan accordingly for this outage and set appropriate expectations within your organization. |
Important: |
---|
If your legacy Office Communications Server 2007 R2 Edge Server
is configured to use the same FQDN for the Access Edge service, Web
Conferencing Edge service, and the A/V Edge service, the procedures
in this section to transition the federation setting to a Lync
Server 2010 Edge Server are not supported. If the legacy Edge
services are configured to use the same FQDN, you must first
migrate all your users from Office Communications Server 2007 R2 to
Lync Server 2010, then decommission the Office Communications
Server 2007 R2 Edge Server before enabling federation on the Lync
Server 2010 Edge Server. For details, see the following topics:
|
To successfully publish, enable, or disable a topology when adding or removing a server role, you should be logged in as a user who is a member of the RTCUniversalServerAdmins and Domain Admins groups. It is also possible to delegate the proper user rights and permissions for adding server roles. For details, see Delegate Setup Permissions in the Standard Edition server or Enterprise Edition server Deployment documentation. For other configuration changes, only membership in the RTCUniversalServerAdmins group is required.
To remove the legacy federation association from Lync Server 2010 sites
-
Start Topology Builder: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Topology Builder.
-
Select the option to Download topology from existing deployment, and then click OK.
-
In the Save Topology As dialog box, select the Topology Builder file you want to use, and then click Save.
-
In the left pane, navigate to the site node.
-
Right-click the site, and then click Edit Properties.
-
Select Federation route in the left pane.
-
Under Site federation route assignment, select Disable to disable the federation route through the BackCompatSite.
-
Click OK to close the Edit Properties page.
-
From Topology Builder, select the top node Lync Server 2010.
-
From the Actions pane, click Publish Topology and complete the wizard.
To configure the legacy Edge Server as a non-federating Edge Server
-
From Topology Builder, in the Actions pane. click Merge 2007 or 2007 R2 Topology.
-
Click Next to continue.
-
On the Specify Edge Setup, select the Edge Server Internal FQDN that is currently configured for federation, and then click Change.
-
Click Next and accept the default settings until you get to the Specify External Edge page:
-
In Specify External Edge, clear the This Edge pool is used for federation and public IM connectivity check box. This will remove the federation association with the BackCompatSite.
Important: This step is important. You must clear this option to remove the legacy federation association. -
Click Next and accept the default settings of the remaining pages of the wizard.
-
In Summary, click Next to begin merging the topologies.
Note: You may see the following message: WARNING : No Office Communications Server 2007 / Office Communications Server 2007 R2 Edge has been enabled for federation. This warning is expected and can be ignored. -
In the Status column, verify that the value is Success, and then click Finish to close the wizard.
-
From the Actions pane, select Publish Topology, and then click Next.
-
When the Publishing wizard completes, click Finish to close the wizard.
As shown in the previous figure, the Site federation route assignment is set to Disabled.
To configure certificates on the Lync Server 2010 Edge Server
-
Export the external Access Proxy certificate, with the private key, from the legacy Office Communications Server 2007 R2 Edge Server.
-
On the Lync Server 2010 Edge Server, import the Access Proxy external certificate from the previous step.
-
Assign the Access Proxy external certificate to the Lync Server 2010 external interface of the Edge Server.
-
The internal interface certificate of the Lync Server 2010 Edge Server should not be changed.
To change Office Communications Server 2007 R2 federation route to use Lync Server 2010 Edge Server
-
On the Office Communications Server 2007 R2 Standard Edition server or Front End Server, log on with an account that is a member of the RTCUniversalServerAdmins group.
-
On the Office Communications Server 2007 R2 Standard Edition server or Front End Server, click Start, click Administrative Tools, and then click Office Communications Server 2007 R2.
-
In the left pane, expand the top node, and then right-click the Forest node. Select Properties, and then click Global Properties.
-
Click the Federation tab.
-
Select the check box to enable federation and Public IM connectivity.
-
Enter the FQDN of the Lync Server 2010 Edge Server, and then click OK.
To update Lync Server 2010 Edge Server federation next hop
-
Returning to your Lync Server 2010 Standard Edition server or Front End Server, log on to the computer with an account that is a member of the RTCUniversalServerAdmins group.
-
Start Topology Builder: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Topology Builder.
-
Select the option to Download topology from existing deployment and then click OK.
-
In the left pane, navigate to the Edge pools node.
-
Expand the node, right-click the Edge Server listed, and then click Edit Properties.
-
On the General page, under Next hop selection, select from the drop-down list the Lync Server 2010 Edge Server or Director, if a Lync Server 2010 Director was configured.
-
Click OK to close the Edit Properties page.
-
From Topology Builder, select the top node Lync Server 2010.
-
From the Actions pane, click Publish Topology and complete the wizard.
To configure Lync Server 2010 Edge Server outbound media path
-
From Topology Builder, navigate to the pool below Standard Edition Front End Servers or Enterprise Edition Front End pools.
-
Right-click the pool, and then click Edit Properties.
-
In the Associations section, select the Associate Edge pool (for media components) check box.
-
From the drop down box, select the Lync Server 2010 Edge Server.
-
Click OK to close the Edit Properties page.
To turn on Lync Server 2010 Edge Server federation
-
From Topology Builder, in the left pane, navigate to the Edge pools node.
-
Expand the node, right-click the Edge Server listed, and then click Edit Properties.
Note: Federation can only be enabled for a single Edge pool. If you have multiple Edge pools, select one to use as the federating Edge pool. -
On the General page, select the Enable federation for this Edge pool (Port 5061) check box.
-
Click OK to close the Edit Properties page.
-
Next, navigate to the site node.
-
Right-click the site, and then click Edit Properties.
-
In the left pane, click Federation route.
-
Under Site federation route assignment, select Enable, and then from the list select the Lync Server 2010 Edge Server or Director listed.
-
Click OK to close the Edit Properties page.
For multi-site deployments, complete this procedure at each site.
To publish Edge Server configuration changes
-
From Topology Builder, select the top node Lync Server 2010.
-
From the Actions pane, select Publish Topology and complete the wizard.
-
Wait for Active Directory replication to occur to all pools in the deployment.
Note: You may see the following message:
Warning: The topology contains more than one Federated Edge Server. This can occur during migration to a higher version of the product. In that case, only one Edge Server would be actively used for federation. Verify that the external DNS SRV record points to the correct Edge Server. If you want to deploy multiple federation Edge Server to be active concurrently (that is, not a migration scenario), verify that all federated partners are using Office Communications Server 2007 R2 or later. Verify that the external DNS SRV record lists all federation enabled Edge Servers.
This warning is expected and can be safely ignored.
To configure Lync Server 2010 Edge Server
-
Bring all of the Lync Server 2010 Edge Servers online.
-
Update the external firewall routing rules or the hardware load balancer settings to send SIP traffic for external access (usually port 443) and federation (usually port 5061) to the Lync Server 2010 Edge Server, instead of the legacy Edge Server.
-
Next, stop the Office Communications Server Access Edge from each Edge Server computer.
-
From each legacy Edge Server computer, open the Services applet from the Administrative Tools.
-
In the services list, find Office Communications Server Access Edge.
-
Right-click the services name, and then select Stop to stop the service.
-
Set the Startup type to Disabled.
-
In the services list, find Office Communications Server Access Edge.
-
Right-click the services name, and then click Properties.
-
From the drop-down list, select Disabled.
-
Click OK to close the Properties window.