Edge Migration to Lync Server 2013
The Edge Server migration process is actually the easiest part of the overall migration process; it’s a direct replacement. A Lync 2013 Edge Server can proxy connections for Lync Server 2010 Front End pools, meaning there is no need to run both versions of Edge in parallel during the coexistence period. This section covers the migration aspect of the Lync Server 2013 Edge Server; a full review of the Edge Server design process is covered in Chapter 31, “Planning to Deploy External Services.” In addition, the Edge Server build process is covered in detail in Chapter 6, “Microsoft Lync Server 2013 Edge Server.” This section covers the changes that need to be made for migrating from the Lync Server 2010 Edge Server to a Lync 2013 Edge Server.
This section covers adding a Lync Server 2013 Edge Server to the Lync Server 2013 pool and migrating Lync Server 2010 external Edge functions to the Lync Server 2013 Edge Server.
The first step in the Edge Server migration process is to update the federation routes. The Federation Route needs to be updated to use the Lync Server 2013 Edge Server. Federation is a trust relationship between two or more SIP domains that permits users in separate organizations to communicate across network boundaries. At this point in the migration, you are using the Lync Server 2010 Edge Server as your Federation Route for the Lync Server 2013 pool. You need to update this configuration so that you can begin to move Lync Edge functions from the legacy Lync Server 2010 Edge Server to the new Lync Server 2013 Edge Server.
Finally, the administrator must repoint the appropriate DNS records to the new Edge Server, that is, sip.companyabc.com. In addition to the new DNS records listed in Chapter 6, the existing SRV records need to be modified as well. Here are the SRV records required and what they should be changed to:
• For Remote User Access
• _sip._tls.companyabc.com points to port 443 for the FQDN of the Access Edge Service on the Edge Server.
• For Federation
• _sipfederationtls._tcp.companyabc.com points to port 5061 for the FQDN of the Access Edge Service on the Edge Server.
• _xmpp-server._tcp.companyabc.com points to port 5269 for the FQDN of the Access Edge Service on the Edge Server.
If your organization has any partners who do not use open federation, they will need to update their Edge Server federation settings with the name of the new Lync Edge Server.
Note
Changing the federation and media traffic route requires that you schedule maintenance downtime for the Lync Server 2013 and Lync Server 2010 Edge Servers. During the transition, federated access will be unavailable for the duration of the outage. There are several reasons why downtime is required. You might have decided to use new IP addresses on the Lync Server 2013 Edge Server. This means that external DNS entries would need to be updated to reflect the new IP addresses. DNS propagation can take a while depending on TTL values and other external DNS servers updating records. Downtime can also be caused by the decision to use the same IP addresses on the Lync Server 2013 Edge Server that were used on the Lync Server 2010 Edge Server. In that case, you will have to be really quick and swap an Ethernet cable (I still picture an engineer in the datacenter, hand on the Ethernet cable, waiting for the word “GO!” and then quickly moving the cable to the new server hoping there is no outage), or disable the NIC on the legacy Lync Server 2010 Edge Server and enable the NIC on the Lync Server 2013 Edge Server. That of course would mean that you had preconfigured the NIC(s) on the Lync Server 2013 Edge Server before the downtime.
To transition the federation and media route from the Lync Server 2010 Edge Server to the Lync Server 2013 Edge Server, there are a few configuration changes that need to take place. First you need to remove the legacy federation association from Lync Server 2013 sites. To do that, you must complete the following steps:
1. Open Topology Builder on the Lync Server 2013 Front End Server.
2. In the left pane, navigate to the site node, which is located directly below Lync Server.
3. Right-click the site and then click Edit Properties.
4. In the left pane, select Federation Route.
5. Under Site Federation Route Assignment, clear the Enable SIP Federation check box to disable the federation route through the legacy Lync Server 2010 environment, as shown in Figure 16.6.
6. Click OK to close the Edit Properties page.
7. From Topology Builder, select the top node, Lync Server.
8. From the Action Menu, click Publish Topology.
9. Click Next to complete the publish process and then click Finish.
The next step is to configure the legacy Lync Server 2010 Edge Server as a nonfederating Edge Server. This is in preparation for the Lync Server 2013 Edge Server to take over this function. Here are the steps to follow:
1. In the left pane, navigate to the Lync Server 2010 node and then to the Edge Pools node.
2. Right-click the Edge Server, and then click Edit Properties.
3. Select General in the left pane.
4. Clear the Enable Federation for This Edge Pool (Port 5061) check box entry, as shown in Figure 16.7, and click OK to close the page.
5. From the Action menu, select Publish Topology, and then click Next.
6. When the Publishing Wizard completes, click Finish to close the wizard.
7. Verify that federation for the legacy Edge Server is disabled in the legacy end server properties.
You now need to enable federation on the Lync Server 2013 Edge Server, and change the Lync Server 2010 federation route to use the Lync Server 2013 Edge Server.
At this point it is important to remind you of the certificate requirements of the Lync Server 2013 Edge. It is assumed that the Lync Server 2013 Edge Server has all the correct IP addresses assigned and external SSL Certificates assigned to the Access Edge Service, Web Conferencing Edge Service, and A/V Edge External service (also referred to as the A/V Authentication Service). It is also important in an Edge pool configuration where there are multiple Lync Server Edge Servers that the same SSL certificate with private key be assigned to the A/V Edge Service (A/V Authentication Service) of each Edge Server in the pool.
Here are the steps to complete:
1. From Topology Builder, in the left pane, navigate to the Lync Server 2013 node and then to the Edge Pools node.
2. Right-click the Edge Server, and then click Edit Properties.
3. Select General in the left pane.
4. Select the check box for Enable Federation for This Edge Pool (Port 5061) and then click OK to close the page.
5. From the Action menu, select Publish Topology, and then click Next.
6. When the Publishing Wizard completes, click Finish to close the wizard.
7. Verify that Federation (Port 5061) is set to Enabled, as shown in Figure 16.8.
Next you need to configure the Lync Server 2013 Edge Server next hop to point to the Lync Server 2013 pool:
1. From Topology Builder, in the left pane, navigate to the Lync Server 2013 node and then to the Edge Pools node.
2. Expand the node, right-click the Edge Server listed, and then click Edit Properties.
3. On the General page, under Next Hop Selection, select the Lync Server 2013 pool from the drop-down list as shown in Figure 16.9.
4. Click OK to close the Edit Properties page.
5. From Topology Builder, select the top node Lync Server.
6. From the Action menu, click Publish Topology and complete the wizard.
Next you need to configure the Lync Server 2013 pool to use the Lync Server 2013 Edge Server as the outbound media path:
1. From Topology Builder, in the left pane, navigate to the Lync Server 2013 node and then to the pool below Standard Edition Front End Servers or Enterprise Edition Front End pools.
2. Right-click the pool, and then click Edit Properties.
3. In the Associations section, select the Associate Edge Pool (For Media Components) check box.
4. From the drop-down box, select the Lync Server 2013 Edge Server, as shown in Figure 16.10.
5. Click OK to close the Edit Properties page.
To enable the Lync Server 2013 Edge Server for federation, follow these steps:
1. From Topology Builder, in the left pane, navigate to the Lync Server 2013 node and then to the Edge Pools node.
2. Expand the node, right-click the Edge Server listed, and then click Edit Properties.
3. On the General page, verify that the Enable Federation for This Edge Pool (Port 5061) setting is checked.
4. Click OK to close the Edit Properties page.
5. Next, navigate to the site node.
6. Right-click the site, and then click Edit Properties.
7. In the left pane, click Federation Route.
8. Under Site Federation Route Assignment, select Enable SIP Federation, and then from the list select the Lync Server 2013 Edge Server listed as shown in Figure 16.11.
9. Click OK to close the Edit Properties page.
For multisite deployments, complete this procedure at each site.
Next you need to configure the Lync Server 2010 pool to use the Lync Server 2013 Edge Server for outbound media. This is required so that the users that are homed on the Lync Server 2010 pool will be able to use the Lync Server 2013 Edge Server for external Edge features. If all users and services have been moved to Lync Server 2013, this step is not required.
1. From Topology Builder, in the left pane, navigate to the Lync Server 2010 node and then to the pool below Standard Edition Front End Servers or Enterprise Edition Front End pools.
2. Right-click the pool, and then click Edit Properties.
3. In the Associations section, select the Associate Edge Pool (For Media Components) check box.
4. From the drop-down box, select the Lync Server 2013 Edge Server as shown in Figure 16.12.
5. Click OK to close the Edit Properties page.
The last step is to publish the Edge Server configuration changes:
1. From Topology Builder, select the top node, Lync Server.
2. From the Action menu, select Publish Topology and complete the wizard.
3. Wait for Active Directory replication to occur in all pools in the deployment.
Note
You might see the following message:
Warning: The topology contains more than one Federated Edge Server. This can occur during migration to a more recent version of the product. In that case, only one Edge Server would be actively used for federation. Verify that the external DNS SRV record points to the correct Edge Server. If you want to deploy multiple federation Edge Servers to be active concurrently (that is, not a migration scenario), verify that all federated partners are using Lync Server. Verify that the external DNS SRV record lists all federation-enabled Edge Servers.
This warning is expected and can be safely ignored. This is because there is more than one Edge Server pool defined in the topology enabled for federation, and only one pool can be used for the federation route.
Simple URLs were introduced in Lync Server 2010. There are three simple URLs:
• Meet is used as the base URL for all conferences in the site or organization.
• Dial-in enables access to the Dial-in Conferencing Settings web page.
• Admin (optional) enables quick access to the Lync Server Control Panel.
It is important that after migrating to Lync Server 2013 you are aware of the impacts to DNS records and certificates for simple URLs. After you have migrated all services from the Lync Server 2010 environment, the simple URLs DNS records need to be updated to point to the reverse proxy that is publishing web services to the Lync Server 2013 web service.