2. Federation Requirements for Push Notifications
Federation must be configured with the
Microsoft Push Notification Clearing House to deliver push
notifications to Apple and Microsoft mobile users. In Lync Server 2013,
this is done by adding a new hosting provider configuration. Perform
these steps to enable the hosting provider for push notifications:
1. Open the Lync Server Management Shell (PowerShell).
2. Run the following command to add the hosting provider:
New-CsHostingProvider -Identity <Lync Online
hosting provider> -Enabled $True -ProxyFqdn <FQDN for the Access
Server used by the hosting provider> -VerificationLevel
UseSourceVerification
The following example shows the command that would be used for companyabc with an the Push Notification Clearing House identity being sipfed.online.lync.com:
New-CsHostingProvider -Identity LyncPush -Enabled
$True -ProxyFqdn sipfed.online.lync.com -VerificationLevel
UseSourceVerification
3. Add push.lync.com as an allowed SIP domain by running the following command:
New-CSAllowedDomain -Identity push.lync.com
At this point, the federation configuration is complete for push notifications.
3. Reverse Proxy and Hardware Load Balancer Considerations for Mobility
All Lync mobile traffic will go
through a reverse proxy regardless of the client location. Given the
roaming nature of mobile clients, connection affinity is better
controlled when the client connects through the same service. In the
case of Lync Mobile, that service will always be the external web
services directory, which is published through a reverse proxy
solution. When external Lync services are being deployed, a reverse
proxy must be configured to publish the Front End Pool Web Services to
the Internet. The Mobility Service will run on the same URL as the
Front End Pool Web Services, and under a subdirectory for the
appropriate Mobile Service. However, the LyncDiscover service, although
it will point to the same Front End Server Web Service, will require a
unique FQDN defined, and the reverse proxy will require an entry to
support that FQDN.
Reverse Proxy Certificate Requirements
When Mobility is being deployed as part of a
new deployment or this functionality is being added to an existing
environment, the key change to the reverse proxy solution is
certificates. When the LyncDiscover service is being deployed through a
reverse proxy, there are two possible solutions:
• Include LyncDiscover.<sipdomain>
as a subject alternative name (SAN) entry on the web services public
certificate. This can become costly when there are many SIP domains
supported in the environment.
• Publish the LyncDiscover service over
HTTP. When the service allows connections on port 80, the initial
request will not be over TLS; clients are then redirected to the
external web services FQDN for the Front End Server pool, resulting in
no requirement for a LyncDiscover entry on the certificate.
Initial requests to the LyncDiscover service,
whether they are over HTTPS or HTTP, are not authenticated; as such,
there is not a great security risk with publishing this service over
HTTP. The initial connection will simply be used to identify the full
URL to connect to for the LyncDiscover service, and this information is
given to connecting clients whether they connect over HTTP or HTTPS.
Hardware Load Balancer Requirements
Enterprise Edition Lync Front End
Server pools will require a Hardware Load Balancer (HLB) to be deployed
to provide high-availability to the web services for that pool. In Lync
Server 2010, introducing Lync Mobile to the environment required
cookie-based persistence to be configured on the HLB to provide session
affinity to Lync mobile users. Because the session for each connected
client was maintained only on the Front End Server they connected to,
the client would always be required to connect to that same server. As
such, cookie-based persistence was required to provide this affinity.
In Lync Server 2013, the requirements for cookie-based persistence have
been removed, including for Lync 2010 Mobile clients connecting to Lync
Server 2013 servers. Lync Server 2013 Front End
Servers will maintain session affinity for mobile clients; as such,
source address affinity should be configured on the HLB instead of
cookie-based persistence.
