1. Installing the On-Premise Systems
A Lync hybrid deployment starts with the
installation of the on-premise Lync infrastructure, if there is no
existing Lync environment in place. At a minimum, the on-premise
deployment requires one Front End pool and one Edge pool, with the Edge
pool enabled for federation. Although a Lync 2010 Front End pool and
Edge pool can be used for this, at least one Lync 2013 Front End Server
needs to be installed to support advanced voice features. For further
details on the on-premise topology options supported for a hybrid
deployment.
Although it’s not required, consideration should be given to building
high-availability into the solution, leveraging the built-in resilience
features of Lync 2013.
After the Lync on-premise installation is in
place and functional, and the Lync Online or Office 365 subscription is
active, the next steps are required to prepare the on-premise systems
for a hybrid deployment:
• If it has not already been added, the
SIP domain that will be split between the on-premise and cloud
deployment will need to be added to Lync Online/Office 365, with the
ownership verified.
• Install Active Directory Federated
Services to enable SSO for the hybrid deployment, using a minimum of
one federation server. If users will be connecting remotely, at least
one AD FS proxy should also be included, and should be installed in a
DMZ subnet. As part of the deployment, request an SSL certificate from
a public certificate authority with the sts.<SIPdomain>
name specified as the subject name, and apply the certificate to the
Default Web Site on both the federation server and the federation proxy
server systems.
• After the
internal federation service is operational, a trust relationship must
be established with the Lync Online/Office 365 deployment.
• Activate the online tenant
for AD synchronization; then configure directory synchronization
between the on-premise Active Directory and the Lync Online/Office 365
directory, and synchronize the on-premise users and groups to Lync
Online.
2. Preparing the Network for a Lync Hybrid Deployment
The network requirements for a Lync
hybrid deployment are similar to the requirements for a cloud-only
deployment. However, there are several additional firewall port
requirements compared to a cloud-only deployment, and there is at least
one additional DNS requirement for the hybrid deployment, depending on
the configuration.
3. Configuring Federation with Lync Online
To establish interoperability between the
on-premise deployment and Lync Online, the on-premise Edge pool must be
configured for federation with the Lync Online tenant. The following
steps are used to configure federation between an on-premise Edge pool
and a Lync Online tenant:
1. Log on to a system where the Lync Server management tools are installed, and open the Lync Server Management Shell.
2. Execute the following command to enable federation and set basic parameters:
Set-CSAccessEdgeConfiguration -AllowOutsideUsers 1 -AllowFederatedUsers 1 -UseDnsSrvRouting
3. Execute the following command to establish federation with Lync Online:
New-CSHostingProvider -Identity LyncOnline -ProxyFqdn
"sipfed-tip.online.lync.com"
-Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true
-VerificationLevel UseSourceVerification -IsLocal $false
4. Moving Users Between Lync On-Premise and Lync Online
After both environments have been fully
deployed and the relationship between them has been established, users
can be moved from an on-premise pool to the Lync Online tenant using a
PowerShell cmdlet. Before moving users to Lync Online, the pool FQDN of
the Lync Online tenant must first be determined,
since it must be entered as one of the parameters for the PowerShell
cmdlet. The following steps can be used to determine the pool FQDN of
the Lync Online tenant:
1. Log on to the Office 365 Portal.
2. On the main page, click the Admin tab at the top, and then select Lync from the drop-down menu to open the Lync Admin Center.
3. In the browser address bar, copy the first portion of the address listed, up to the lync.com string. For example, a typical Lync Online pool FQDN would be https://admin.online.lync.com. Then, append the following string to the URL just copied: /HostedMigration/hostedmigrationservice.svc. These two strings combine to form the HostedMigrationOverrideUrl
value, which will be specified in the PowerShell cmdlet used to move
users to the online tenant. Using the preceding example, the resulting
URL value would be https://admin.online.lync.com/HostedMigration/hostedmigrationservice.svc.
After the HostedMigrationOverrideUrl value is identified, use PowerShell to move an on-premise user to the online tenant, using the following steps:
1. Log on to a system where the Lync Server management tools are installed, and open the Lync Server Management Shell.
2. Execute the following command to establish credentials for the session:
$cred=Get-Credentials
3. At the prompt, enter the credentials of a Lync Online/Office 365 administrative account.
4. Execute the following command to move the user to the online tenant, where <SIPaddress> is the SIP URI of the user account, and <URL> is the value previously identified as the HostedMigrationOverrideUrl for the online tenant:
Move-CsUser -Identity <SIPaddress> -Target
sipfed.lync.online.com -Credentials $cred -HostedMigrationOverrideUrl
<URL>
To move a user from the online tenant back to an on-premise Lync pool, use the following procedure:
1. Log on to a system where the Lync Server management tools are installed, and open the Lync Server Management Shell.
2. Execute the following command to establish credentials for the session:
$cred=Get-Credentials
3. At the prompt, enter the credentials of a Lync Online/Office 365 administrative account.
4. Execute the following command to move the user to the on-premise Lync pool, where <SIPaddress> is the SIP URI of the user account, and <PoolFQDN> is the fully qualified domain name of the on-premise Lync pool:
Move-CsUser -Identity <SIPaddress> -Target <PoolFQDN> -Credentials $cred
