Public Provider Connectivity
A special form of federation is the
capability to use Lync Server to communicate with contacts on the
public IM networks, referred to as Public IM Connectivity (PIC). The
Skype, AOL, and MSN networks are the native Public IM Connectivity
providers to Lync Server. To communicate with these contacts, users
simply need to add the address to a contact list.
Lync Server users can see presence and
exchange instant messages with their contacts when Public IM
Connectivity is provisioned. The conversations are limited to
peer-to-peer, though, and they cannot include three or more
participants as users are accustomed to within the organization or with
federated contacts.
Audio and video support with the MSN
or Windows Live networks was introduced in Lync Server 2010. In Lync
Server 2013, Microsoft introduces audio federation to Skype as well.Skype video federation is not available;
however, it is on the road map for a future service. This functionality
is included as part of the Lync Server Standard CAL; no additional
licensing is required. Federation to other services including Google
Talk and Jabber is available through the XMPP gateway service. The XMPP
gateway service is covered in a later section.
Web Conferencing Edge Service
The Web Conferencing Edge Service enables
remote users to participate in web conferences with internal users or
other remote workers. The Web Conferencing Edge Service enables remote
users to participate in collaboration sessions that involve whiteboards
and polls. Any user who connects to the Web Conferencing Edge Service must authenticate with the Access Edge Service first.
Organizations can also elect to
allow anonymous or unauthenticated users to join web conferences with
their own users. Web conferencing uses Microsoft’s Proprietary Shared
Object Model (PSOM) protocol to facilitate the meetings and data. Like
the Access Edge traffic, all Web Conferencing Edge traffic is conducted
over HTTPS port 443, so it is secure and resilient to proxy servers.
A/V Edge Service
The A/V Edge Service is responsible for
securely relaying audio and video media among internal, external, and
federated contacts. The A/V Edge Service uses the Interactive
Connectivity Establishment (ICE), Simple Traversal Utilities for NAT
(STUN), and Traversal Using Relay NAT (TURN) methods to enable
endpoints to communicate from nearly any network connection with
Internet access.
When possible, endpoints attempt to use a
peer-to-peer connection for media streams, but when an endpoint is
behind a NAT device such as a home router, the A/V Edge role can act as
a relay point between the endpoints to facilitate communication. The
A/V Edge service uses a combination of HTTPS port 443 and UDP port 3478
to negotiate and provide the media stream.
To support media traffic between
internal and external users, an additional service exists on the A/V
Edge Server called the A/V Edge Authentication Service. This service is
responsible for authenticating media requests from internal users to
external contacts. When a user wants to initiate an external A/V
conversation, the user is provided with a temporary media token that
she uses to authenticate to this service before media is allowed to
flow.
XMPP Gateway Service
Lync Server 2013 now integrates the
XMPP proxy functionality into the Lync Edge Server. In previous
versions, this was a dedicated server role. The XMPP Gateway is also
deployed on Front End Servers for internal integration with XMPP
Services. Organizations can deploy XMPP federation as an optional
component. Deploying XMPP federation will allow users to perform
Instant Messaging sessions with XMPP-based contacts such as Google’s
GTalk.
Collocation
The Edge Server roles cannot be collocated
with any other role in Lync Server. Although many of the other roles
depend on access to Active Directory, Edge Servers are typically placed
in a perimeter network and might not even be joined to the corporate
domain for security reasons.
In previous
versions of Office Communications Server, it was possible to install
only specific Edge roles. However, in Lync Server 2010, all Edge roles
were consolidated on a single server. This change cut down on confusion
of deployment models, which required knowing which Edge roles were safe
to collocate together. This has carried through to Lync Server 2013;
you must not collocate the Edge Server with any other Lync Server role,
and all Lync Edge Services are installed together on a single server.
