By Dino Caputo and Kevin Kieller, Partners at enableUC
Federation, or business to business collaboration, can significantly improve your interactions with key partners and suppliers. We have written previously that federation is a “game changer” and suggested that the Microsoft combined tools may create an ecosystem that delivers voice to over a billion connected users.
With Lync federation, you can connect with people outside your organization as easily as you can with people inside your organization. And once connected, you can communicate via instant messaging, voice, video or content sharing. Plus you see presence status for both internal and external contacts; noting that you can control what information you share with a particular external or internal contact by right clicking on the contact and selecting “Change Privacy Relationship”. You are given several granular choices that share no, limited or complete presence, contact and location information:
Federation is fantastic but how do you setup federation for your organization?
A pre-requisite for enabling federation is to deploy a Lync Edge Server. The Edge Server role in Lync enables external users who are not logged into your organization’s internal network, including authenticated and anonymous remote users, federated partners (including XMPP partners), mobile clients and users of public instant messaging (IM) services, to communicate with other users in your organization using Lync Server. The Lync Edge Server is deployed in the network DMZ and provides secure external access into your Lync environment.
Setting up A Lync Edge Server
Total Planning Time: 1 – 14 days (small company to Enterprise)
Total Execution Time: < 2 hours – 1 day (small to Enterprise)
1. Planning for the Edge Server(s) – Estimated Time to complete: 1 day (small company) up to 14 days (larger more complex organization)
The planning phase will likely take the longest in your quest for Lync Federation capabilities as it requires you to gather information about your network and make decisions about things like standing up the Edge Server in your Perimeter (DMZ) network, obtaining public and internal certificates, making firewall rule changes, possible load balancing requirements and publishing DNS records.
For the smaller company looking to deploy a Lync Edge Server, with the proper guidance, this might take only a day to plan and map out the logistics. Larger companies will take longer, simply because each of the items to consider are generally managed by different groups. Larger organizations may also want to provide multiple Edge servers for scale and high availability. Plan for at least two weeks of elapsed time to meet with all the appropriate groups, educate them on the requirements and to schedule and execute the required changes. This timing may vary depending on the complexity of your company and the availability of the various groups. For more information on planning for your Lync Edge infrastructure see http://technet.microsoft.com/en-us/library/gg399048.aspx.
Once you have gone through all the planning, educated the appropriate teams on the requirements and have the appropriate server(s) in place and ready to go!
2. Topology Builder – Add the Lync Edge Server to the Topology, Enable Federation and Publish the Topology. Estimated Time – 10 minutes to complete
Everything in Lync Server must first be created in the Lync Topology Builder - See http://technet.microsoft.com/en-us/library/gg398788.aspx As its name suggests, this is where you will define and build your Lync environment. Assuming you have already deployed a Lync Front End Server and are already using other features of Lync you would have already used the Topology Builder. In just a few minutes, you will create the Edge Server, defining all the carefully planned out information from the previous step. Here you will enable Federation for your Lync Deployment as shown. Once you publish your Topology you are ready to export the Edge configuration and install the Lync bits on your Edge Server(s)
3. Run the Lync Setup on each Edge Server. Estimated Time – 30-60 minutes to complete
Assuming your Public Certificate provider can turn around a certificate request immediately this process generally takes 30-60 minutes from start to finish.
Lync 2013 Deployment Wizard - This process actually installs Lync and the related required binaries that make Lync work.
Federating with a New Organization
Total Bureaucracy Time: 0 – unlimited minutes (small company to Enterprise)
Total Execution Time: 5 – 10 minutes
Given your Lync Edge Server is running you now need to configure options in order to allow users to federate with users from other companies running Lync.
In large organizations, the bureaucracy associated with approving a federation request can greatly exceed the technical time needed to execute the configuration change. Often this is the case because some individuals do not understand the security and user control options built into Lync.
Assuming you have approval to federate with a new domain, follow the process below to enable the required configuration:
1. From the Lync Control panel, which is a Silverlight browser based application, you need to review and set a number of configuration options as appropriate. Estimated Time – 5-10 minutes to complete
a. In the Lync Control Panel, External Access Policy Tab enable the required functionality. Here we enabling Federation, Remote user access and Public IM access at the Global Level. This can also be done at Site or User level.
b. Access Edge Configuration
Within the Access Edge Configuration you can specify whether or not you want to use “Open Federation” – Open Federation allows for automatic discovery of your Lync Edge server assuming you have published your external DNS records as per previous article. If Enable Partner Domain Discover is not checked then on the next tab “SIP Federated Domains” you will need to explicitly define all the domains you wish to federate with.
c. SIP Federated Domains – list of allowed or blocked domains – even though we previously specified open federation you can still list allowed domains here for a greater degree of “Trust” in terms of built in throttling protection that the Lync Edge has available to it.
d. The SIP Federated Providers tab is where you setup Public IM Connectivity to networks like Skype and Exchange Online as well as others.
e. Lastly the XMPP tab allows setup for XMPP based networks like Jabber or GoogleTalk
That completes the federation configuration. Users will now be able to federate!
Federation and remote access are both extremely powerful features provided by Lync that greatly improve communication efficiency at most organizations. If you have not already planned to deploy a Lync Edge server and enable federation, we would suggest you expand your plans.