Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Multi-Cloud Service Orchestration & Delivery Platform

External DNS and Certificates Planning for Lync 2010 as Hosting Service

E

Microsoft released Lync Multi-Tenant Pack for hosting providers to offer Lync as a hosting service. Even before this pack, many companies were already offering Lync and OCS as hosting services to SMBs. The deployment guide for Multi-Tenant pack states to add few SAN entries for each new domain. If you try to login without adding SAN entry for the domain, login fails! This means that with every new customer, you will have to update your certificates, pay for any new SAN entries and then reassign the certificates. This does not seem to be a good idea in terms of cost and ease of provisioning a new tenant.

So, to help out those who are planning to offer Lync as a hosting service or those who already are, I suggest planning DNS and certificates as following:

Meet URL configuration:

For every hosted domain you will need meet URLs. These URLs are used to schedule online meetings. I would recommend first reading this article: Planning for Simple URL. For a hosting company, Option 3 mentioned in this article is best choice. Format for meet URL as per Option is:

https://lync.contoso.com/contosoSIPdomain/Meet

https://lync.contoso.com/fabrikamSIPdomain/Meet

Where lync.contoso.com is Provider’s domain and contosoSIPdomain and fabrikamSIPdomain are hosted domains. Following this format will minimize DNS and certificate requirements.

DNS for Hosted Domain:

External DNS and Certificates Planning for Lync 2010 as Hosting ServiceIf you have followed Option 3 for meet URL, you now only need three DNS records for every hosted organization. Frist one for client auto configuration; an SRV record _sip._tls.<hosteddomain> pointing to sip.<providerdomain>. Second, for federation; an SRV record _sipfederationtls._tcp.<hosteddomain> pointing to sip.<providerdomain>. Third one is for Lync Mobile Clients: ‘A’ record lyncdiscover.<hosteddomain> pointing to MCX Server.

Using such planning, there will be no need to update and reapply certificates. However, clients will display a pop up window while logging in, informing that you are being redirected to another server:

At this point user should check the box ‘Always trust this server’ (after seeing the certificate details and making sure that this is indeed service provider’s server).

Apart from being cost effective and easy, another advantage is that, if you expand the Certificate Details, your hosted organizations will not be exposed!

Multi-Cloud Service Orchestration & Delivery Platform

Connect with MachSol

MachSol is Microsoft Certified Partner and Microsoft Validated Vendor having years of experience in cloud automation industry.

Categories