{"id":763,"date":"2014-01-27T17:19:53","date_gmt":"2014-01-27T15:19:53","guid":{"rendered":"http:\/\/blog.lync2013.org\/?p=763"},"modified":"2014-05-07T13:09:48","modified_gmt":"2014-05-07T13:09:48","slug":"part-1-draft-chapter-6-dns-certificate-firewall-requirements-lync-server-2013","status":"publish","type":"post","link":"https:\/\/modern-workplace.uk\/?p=763","title":{"rendered":"Part 1 of the draft: Chapter 6 DNS, Certificate and Firewall Requirements for Lync Server 2013"},"content":{"rendered":"

This is the first part of the draft for a new chapter of\u00a0Microsoft Lync Server 2013: Basic Administration (\u00a0http:\/\/gallery.technet.microsoft.com\/office\/Lync-Server-2013-Basic-0a86824d <\/a>). Feedbacks and suggestions are welcome, especially in this early stage.<\/p>\n

In Chapter 2 I have shown a DNS configuration with split name resolution, just because it was required to build your Lync 2013 laboratory. Now it is important to clarify some basic concepts.<\/span><\/p>\n

\n

 <\/p>\n

What is DNS (in Six Lines)<\/span><\/h4>\n

 <\/p>\n

Machines\u00a0and human beings have a different logic. So, while a computer is comfortable in finding another computer with a 12 digit hexadecimal value (the MAC address) or using another numeric value like the IP address, you and I have to use names to find a computer (or a specific service) among the others. The DNS <\/strong>server keeps a list of hostnames (or services) paired with one (or more) IP address, so that you are able to access network objects and services in an intuitive manner, with a name that is easy to remember.<\/span><\/p>\n

\n

 <\/p>\n

Why DNS is Fundamental for Lync Server 2013<\/span><\/h4>\n

 <\/p>\n

With the release of Windows 2000, Microsoft decided that DNS was the right (and only) tool to publish the infrastructure of network services. Authentication, access to data and (of course) unified communications with Lync, are all made available using DNS servers. Fully qualified domain name<\/strong> (FQDN<\/strong>) like Apollo<\/em>.Lync2013.Dom\u00a0<\/i>will be required to build your Lync infrastructure, along with the so called Service Records<\/strong> (SRV<\/strong> records<\/strong>) that identify a network service with a FQDN and a port number (for example a public SRV record, _sipfederationtls._tcp.lync2013.org<\/em>\u00a0on TCP port 5061 pointing to Access.lync2013.org<\/em>\u00a0that is required to enable Lync Dynamic Federation<\/strong>). If a required FQDN or SRV record is misconfigured or not available, a part of the services from Lync Server will not be available.<\/span><\/p>\n

\n

 <\/p>\n

The Basic Diagram of a Lync Deployment We Will Use in the Chapter<\/span><\/h4>\n

 <\/p>\n

The explanation of Lync requirements will start from a diagram in figure 6.1 (identical to the one shown in figure 2.2), representing the minimal infrastructure required to deploy a Lync server 2013 that is available also for external users<\/span><\/p>\n

\"6_11\"<\/a>
Figure 6.1<\/figcaption><\/figure>\n

Figure 6.1 A minimal working infrastructure of Lync Server 2013 including external users<\/em><\/span><\/p>\n

To explain the Lync infrastructure, as I said, we will need to add names and network addresses (IPs) to our Lync design. To grant the name resolution we will use the same DNS server that is already required for the\u00a0Active Directory Domain Services\u00a0(AD DS).<\/span><\/p>\n

Note<\/strong>: There will be two different DNS names resolutions required, one for the Internet and one for the internal network. The latter is the one that will take advantage of the existing DNS server.<\/span><\/p>\n

\n

 <\/p>\n

Lync Server 2013: Internal Network<\/span><\/h4>\n

 <\/p>\n

In figure 6.2 I have added names, network address and Virtual LANs<\/b> (VLANs<\/b>) to the schema shown in the Previous figure 6.1<\/span><\/p>\n

\"6_1\"
Figure 6.2<\/figcaption><\/figure>\n

Figure 6.2 The previous Lync diagram, populated with names, IPs and VLANs<\/em><\/span><\/p>\n

\n

 <\/p>\n

Servers located in the LAN<\/span><\/h4>\n

 <\/p>\n

The Domain Controller<\/strong>, Aphrodite <\/strong>will be in charge of user authentication, permissions and DNS service. Lync is built over Active Directory, so the internal deployment will require a Domain with the following requirements:<\/span><\/p>\n