SIP - Lync uses Session Initiation Protocol (SIP) as the
signaling protocol, which is encrypted using Transport Layer Security (TLS). SIP
is an application layer peer-to-peer communication protocol for establishing,
manipulating, and tearing down communication sessions. However, SIP does not
transport the media itself; that is handled by codecs within the communications
programs or devices. SIP is modeled after HTTP, and in fact uses much of HTTP’
semantics and syntax. Both SIP and HTTP use a plain text based. SIP is used to
set up, manage, and tear down media sessions (for example, voice, text, and
video) language. SIP works with other network protocols as well as
application-layer technologies to provide complete end-to-end functionality.
SIP devices can communicate directly if they know each other’s URI (Uniform
Resource Identifier) or IP address. Together with Web services and XML-based
applications, SIP enables presence within business applications. Desktop
programs that have references to business contacts within them will be able to
show the presence of those contacts, on the screen, within the application. In
other words, you don’t have to switch to another application such as an IM
client to view the presence of a contact.
SIP Domain – In order to configure SIP addresses for your
users, you must supply two pieces of information: a valid user ID (for example,
Joe.Smith) and a valid SIP domain name (for example, litwareinc.com). The SIP
domain used when configuring a SIP address must be located somewhere in your
Active Directory forest; in addition, this domain must have been explicitly
designated as a SIP domain. (Just being in your forest does not make a domain a
SIP domain.) For example, supposed you have domains named litwareinc.com,
fabrikam.com, and contoso.com, but only litwareinc.com has been designated as a
SIP domain. In that case, you cannot use SIP address like sip:Joe.Smith@fabrikam.com
or sip:Joe.Smith@contoso.com, at least not until fabrikam.com and contoso.com
have been configured as valid SIP domains. Best practice is to use the public DNS namespace as your Primary SIP domain
Direct SIP - Direct SIP connections are SIP connections that do not cross the local network boundary. They connect to a public switched telephone network (PSTN) gateway or private branch exchange (PBX) within your internal network.
SIP Trunk - SIP trunks are used for connections between two separate SIP networks. Lync Server supports the following connection types for SIP trunking:
PBX - A private Branch
eXchange (PBX) is a telephone exchange that serves a particular business or
office, as opposed to one that a common carrier or telephone company operates
for many businesses or for the general public.
Media bypass - refers to removing the Mediation Server from
the media path whenever possible for calls whose signaling traverses the Mediation
Server. In none bypass scenario the mediation server transcodes a Lync endpoint RTAudio narrowband stream and sends it as G.711 to the gateway. In Media Bypass calls can be
sent using G.711 directly to a supported gateway or PBX. SIP signaling still
flows through the mediation server but higher bandwidth media traffic (RTP)
bypasses the mediation server. Media bypass is useful in branch office
scenarios were no mediation servers exist. Media bypass must be supported and enabled on a SIP trunk.
- MPLS
- T-1, T3/E1 or higher (Fiber/Leased Line)
- Internet Connection (Requires VPN)
G.711 - also known as Pulse Code
Modulation (PCM), is a commonly used waveform codec. G.711 is a narrowband
audio codec that provides toll-quality audio at 64 kbit/s. G.711 sends all data
without compression at very high quality. It requires a relatively high
bandwidth and a good service provider.
Lync Server 2013 supports only the
following codecs:- G.711 a-law (used primarily outside North America)
- G.711 µ-law (used in North America)
Note: G.729 - is a codec that uses compression, but
is not natively supported in Lync Server.
VoIP (Voice over
Internet Protocol) - Voice over Internet Protocol (VoIP), is a technology that
allows you to make voice calls using a broadband Internet connection instead of
a regular (or analog) phone line. This technology allows for the the routing of
voice conversations over an IP data network, whether on the Internet or internal
private network.
PSTN - The public
switched telephone network (PSTN) is the collection of networks providing
infrastructure and services for public telecommunication worldwide. Often refer
to as POTS (Plain Old Telephone Service) this circuit-switched telephone
service adheres to the standards created by the ITU-T. These standards allow networks
in other countries to interconnect seamlessly on a global scale.. The E.163 and
E.164 standards provide a single global address space for telephone numbers.
SBC - A Session
Border Controller connects disparate IP communications networks. An SBC is
deployed in a VoIP network to exert control over the signaling involved in
setting up, conducting, and tearing down telephone calls and or other
interactive media communications. The SBC enforces security, quality of service
and admission control mechanism over the VoIP sessions. The SBS is often installed in a point of
demarcation between one part of a network and another. Most Session Border controllers will be
installed between peering service provider networks, between the enterprise
network and the service provider network, or between the service provider
network and residential users. Session Border Controller (SBC) hide topologies, IP addressing, signaling attributes and policies established between these two networks from each other.
SIMPLE - The Session Initiation Protocol (SIMPLE) for
Instant Messaging and Presence Leveraging Extensions is an instant messaging
(IM) and presence protocol suite based on Session Initiation Protocol (SIP)
managed by the IETF. Like XMPP, and in contrast to the vast majority of IM and
presence protocols used by software deployed today, SIMPLE is an open standard.
Microsoft Lync Server uses SIP for signaling along with the SIMPLE extensions
to SIP for IM and presence. Media is transferred using RTP/SRTP. The Live
Meeting client uses PSOM to download meeting content. The Communicator client
also uses HTTPS to connect with the web components server to download address
books, expand distribution lists, etc. By default, Office Communications Server
encrypts all signaling and media traffic using SIP over TLS and SRTP. There is
one exception to this - traffic between the Mediation Server and a basic media
gateway is carried as SIP over TCP and RTP. However, if a hybrid gateway is
leveraged, such as one from Microsoft's Open Interoperability Site, then in
fact everything is encrypted from all points if (SSL certificates are configured
on the gateway and TLS elected as the transmission type).
TLS/MTLS – Lync uses TLS (Transport Layer Security) and MTLS
(Mutual Transport Layer Security) to create the network of trusted servers and
to ensure that all communications over that network are encrypted. All SIP
communications between servers occur over MTLS, regardless of whether the
traffic is confined to the internal network or crosses the internal network
perimeter. Client-to-server is encrypted TLS which provides communication
security by using certificate-based authentication. On a TLS connection, the
client requests a valid certificate from the server. Because TLS leverages the
secured SIP channel, IM traffic benefits from the same encryption provided by
TLS.
TURN - reflects the NAT IP addresses of the external user’s
endpoint visible to the internal user’s Lync client. This helps the external
user’s Lync client determine which IP addresses other clients can see across
firewalls. TURN allocates media ports on the external A/V edge of the Edge
Server to allow the internal user’s Lync endpoint to connect to the external
user’s Lync endpoint. TURN is an extension to STUN, where the Communicator
client uses the TURN server (the Lync edge) as a RELAY (proxy) to allow media
traversal over a NAT that does not do the “consistent hole punch” required by
STUN traffic. This protocol allows a dedicated ICE server to provide its own
public IP address as a media candidate to one or both parties in a call and
will act is a relay or proxy for the media session. This IP would always be the
Internet-facing public IP address (either assigned directly to the server
interface or assigned to an external NAT-device).
ICE - To traverse firewalls, Lync Server uses the Internet
Engineering Task Force (IETF) standard from the Interactive Connectivity
Establishment (ICE) to determine the most direct media path between two
endpoints. ICE is based on two protocols, Session Traversal Utilities for NAT
(STUN) and Traversal Using Relay NAT (TURN). ICE provides two protocol-level
solutions that nearly every Lync client and server role can leverage to find
some available path to establish media between each other. All Enterprise Voice
and conferencing remote access scenarios use the ICE protocol and STUN/TURN for
media connectivity.
STUN - is component of A/V Media Relay service. The Session
Traversal Utilities for Network Address Translation (STUN) protocol is an
integral component of the Audio/Video Media Relay service. It provides the
routing information and signaling that is needed to establish a secure media
connection for all endpoints that are involved in audio/video communications.
This protocol allows an ICE client which is located behind a firewall providing
Network Address Translation to discover the public IP address as well as
identify the type of NAT in use and then provide that IP to the other party as
a potential candidate to send media to. This IP would be assigned to the
Internet-facing side of the NAT device which the client is located behind.
SRTP - Audio and video (A/V) traffic traveling to and from
Lync Server is protected with Secure Real Time Protocol (SRTP) to prevent any
eavesdropping or packet injection. SRTP uses 128-bit Advanced Encryption
Standard (AES) stream encryption. Lync Server establishes a media path that can
traverse firewalls and network address translations (NATs) before allowing A/V
traffic to flow between two endpoints.
SDP (Session Description Protocol) - is a negotiation protocol. It’s
used so that each endpoint in the session can tell each other what methods they
can talk such as media codecs, the IP and ports and authentication. SDP provide initialization parameters for the
media stream in an audio or audio/video session and completely based on ASCII.
RTP - The Real-time Transport Protocol (RTP) defines a
standardized packet format for delivering audio and video over IP networks. Lync generally sends media via an encrypted form of RTP, called SRTP, but it can communicate in unsecured RTP if necessary and if security settings allow. Lync uses RTP to transmit DTMF tones.
RTCP - Real-time Transport Control Protocol (RTCP) is used
to track the quality of a RTP transmission, measuring number of lost packets,
total delays and jitter. RTCP is used to associate timestamps of data packets
with the actual time points in the session. RTCP itself does not provide any
flow encryption or Secure Real-time Transport Protocol. SRTP would be used to
provide encryption, message authentication and integrity, and replay protection
to the RTP data in both unicast and multicast applications. While RTP carries
the media streams (e.g., AV) RTCP is used to monitor transmission statistics
and QoS.
PSOM - is the protocol used for web conferencing. It’s a Lync-specific protocol. The Live Meeting client uses PSOM to download meeting
content.
MRAS - The Edge Server serves as a media relay access server
(MRAS). Besides establishing the media path, this ICE negotiation exchanges a
128-bit AES key over the TLS-secured SIP channel. This key helps encrypt the
media flow, and is based on a computer-generated password that rotates every
eight hours. A sequence number and random generation deter replay attacks.
XMPP – Extensible Messaging and Presence Protocol (XMPP) is
an open-standard communications protocol for message-oriented middleware based
on XML. Lync Server has an XMPP gateway server to federate with external XMPP
servers such as Google Talk. This enables Lync 2010 users to use IM with and
view presence of users who are using XMPP systems.
AOR - Address of record (AOR) when used by a SIP device, the
URI will be retrieved and used to communicate with another party. Another key
feature of SIP is its ability to use an end-user’s address of record (AOR) as a
single unifying public address for all communications. With SIP-enhanced
communications, a user’s AOR becomes her single address that links the user to
all of the communication devices or services that she uses. For example, Eileen
Dover’s AOR might be sip:username@ company.com. Using this AOR, you can reach
Eileen on any of her multiple communication devices (her UAs) without having to
know each of her unique device addresses or phone numbers. To complement AORs,
SIP supports Uniform Resource Identifiers (URIs) that establish a common
addressing scheme for all of an individual’s user agents. A URI address follows
the same basic format as a Web or e-mail address: contact-address@ domain.
Using this format, SIP can map the unique addresses of a user’s multiple
devices and services to a communication domain, and then link all the user
agents to a user’s single AOR for that domain. Some examples of how a URI might
be applied include:
- A phone: sip:425-555-1212@company.com; user= phone
- A fax: sip:425-555-1214@company.com;user=fax
- An IM user: sip:username@company.com
MPOP - Multiple Points of Presence. With the exception of
Microsoft Lync Attendant, Lync Server clients support multiple points of
presence (MPOP). A single user can be signed in at multiple locations. Lync
Server presence has the added flexibility of being read from multiple endpoints
simultaneously. This enables a user to be signed in at multiple locations or
endpoints that publish presence independently. The server then aggregates these
endpoints and forms a single presence class that is published to subscribers.
Lync Server determines which endpoint is currently most active for that user.
For example, a user might be Away at two of the three endpoints, so the server
sends the message only to the endpoint where the user is Available. If the
server is unable to determine which state is most active, it sends the message
to the endpoint it determines most likely active and waits to see if the user
acknowledges the toast at any location. If the user opens the toast at an
endpoint, the server removes the message from the other endpoints. If an
endpoint doesn’t acknowledge the message, the server leaves the message at only
one location which is the most likely endpoint. You cannot control how long the
client stays logged in for, but you can control how many Lync clients a user
can log into at any one time. You can do this by using the -MaxEndpointsPerUser
switch in the Set-CsRegistrarConfiguration cmdlet. The default is 8 but you can
set it from 1 endpoint to 64 endpoints using this cmdlet.
Federation - is a trust relationship between two or more SIP
domains that permits users in separate organizations to communicate across
network boundaries.
Media Bypass - refers to removing the Mediation Server from
the media path whenever possible for calls whose signaling traverses the
Mediation Server.
Registrars - are used to authenticate logon requests, and to
maintain information about user status and availability. The Lync Server Registrar
is a server role that enables client registration, authentication and
provides routing services. It resides along with other components on a Standard
Edition server, Front End Server, Director, or Survivable Branch Appliance. A
Registrar pool consists of Registrar Services running on the Front End pool and
residing at the same site.
Each user is assigned to a particular Registrar pool, which becomes that user’s primary Registrar pool. Each pool has a designated backup registrar pool which is used in failure scenarios.
MCU -A multipoint control unit
allows for multi-party conferencing by providing users the use of virtual room
or video bridge where multiple parties can connect and conduct video
conferencing. These virtual rooms/video bridges will appear in the OCS and Lync
contact list to allow those users to connect and participate in multiparty
video calls.
Gateway (GW) - A gateway allows connection with different
network and provides Microsoft Lync access to different protocols to make video
calls. Microsoft Lync uses SIP for signaling and H.263 and RTVideo as the video
codec. Gateways provide access to other protocols such as H.323, H.261 and
H.264. ‘Optimized for’ – IP phones, headsets, conference room systems and other
devices that offer a rich and integrated experience giving customers the power
to get the most out of their Lync experience and return on investment.
Dial Plan -
is a named set of normalization rules that translates
phone numbers for a named location , individual user, or contact object into a
single standard e.164 format for purposes of phone authorization and call routing.
Call admission control (CAC) - determines whether there is sufficient network bandwidth to establish a real-time session of acceptable quality. CAC controls real-time traffic only for audio and video, but it does not affect data traffic. If the default WAN path does not have the required bandwidth, CAC can attempt to route the call through an Internet path or the PSTN.
