Thursday, October 25, 2012

System Center Operation Manager with Lync

System Center 2012 Operation Manager is the preferred choice fro Lync Monitoring.
Please don't confuse yourself with Lync Monitoring Server, which actually monitors the call and conferences, as well as the QoE data

1. With Lync 2013 you still need the NEW UCMA 4.0 (for Lync 2010 UCMA 3.0 was sufficient) and make sure you have the latest Windows Updates installed. And the Lync and SCOM Server need to be in the same AD Domain or a trusted domain.

2. In SCOM 2012 you need a dedicated Notification Action Account (NAA). if you don't have already configured on, make sure its and AD enabled
normal user account.

3. After the NAA is replicated through AD, you have to enable this user for Lync. Follow your normal procedure as you do for normal Lync users
too. you can do so from the Control Panel or from PowerShell (Enable-Cs-User command)

Next it's part working on SCOM site: Still you need a SCOM Console and a user who is Operation Manager Administrator.

4. After you logged into the Console, you need to create a Run AS account with the NAA.
(You find this under Administration -> Run As Configuration) and make sure you will have chosen the Default More Secure Option.

5. The next step is ensuring the Run As Account is distributed to you Management Server.
You do this by choosing the NAA account under Accounts with a right click and the Distribution tab, where you can push the account to all
Management Servers you will have to chose.

6. Now a Notification Account Profile needs to be created. Make use of the included wizard.

7. In SCOM Console, create a Notification Channel, which will the pointed to Instant Messaging (IM). In the IM Server Box, you have to type the FQDN for Lync 2013 Std Server or the Lync 2013 Enterprise Front End Pool.

8. Chose a IM Return Address (shows where the IM is coming from), other configuration you still need to provide are: the sip: prefaced address in the protocol option, TLS as the transport protocol and the authentication method with NTLM. At last type the instant messaging port 5061.

9. Than you are able to change the default IM message to any text you prefer.

10. the variable, shown next to the right arrow, actually allow you to modify the message with given constants predefined by SCOM.

11. Make sure the Unicode (UTF-8) is set as the notification message default format.

Now you have setup Lync for IM to inform about defined alerts from SCOM.

I personally prefer only IM notification for critical alerts, where immediate action should be taken.

RTM Office 2013 + Lync, Exchange available

Just the fast info for everybody who is waiting since weeks and was guessing when the RTM is public.
Since yesterday night, RTM for Office 2013, Lync 2013 and Exchange 2013 is downloadable via MSDN.

Have fun and check it out

Tuesday, October 23, 2012

Secured, SIP Secured and Unsecured Voice integration Exchange

In Exchange 2007/ 2010/ 2013, you are able to set different security configuration for your SIP Traffic.
Therefore special configuration between Gateway, Lync (via Exchange Dial Plans) and Server-to-Server Communication can be defined.
Let talk about Exchange 2013 and Lync 2013 UM integration, especially for your configuration in your live environment.
With Exchange Administration Center (EAC) or the Set-UMDialPlan cmdlet in PowerShell you can define your SIP Security configuration.
When you configure the UM dial plan to use SIP secured* ([-VoIPSecurity <SIPSecured | Unsecured | Secured>])or Secured mode, Client Access and Mailbox servers will encrypt the SIP signaling traffic or the RTP media channels or both. For Lync, you need the special SIP Secured Mode (described below)

VoIP security mode, can be configured as:
-          SIP secured
(SIP Secured setting only protect SIP traffic using TLS while RTP traffic would be transmitted over TCP)

-          Secured
(SIP Signaling and Media traffic via TLS – properly for Exchange and Lync communication)

-          Unsecured (default)
(no encryption)



*) The VoIPSecurity parameter in Exchange Dial Plan specifies whether the signaling channel is encrypted using mutual Transport Layer Security (TLS). The default setting is Unsecured.

Secure SIP is defined by SIP RFC 3261, a security mechanism defined for sending SIP messages over a Transport Layer Security-encrypted channel. It was originally used for securing HTTP sessions; Transport Layer Security (TLS) can be used to protect SIP session communications from eavesdropping or tampering.

If you configure SIP traffic with in Exchange only, chosen certificates can be self-signed certificates in Exchange, if any other server, like Lync is involved for this Dial Plans, you need to ensure that a trusted root authority is used. This could be managed with an internal Enterprise Certificate Authority.