How to Setup Lync Federation
How often have you sent an email to a business partner that ended up being a 25-email conversation thread… which at some point started discussing what you’re going to do over the weekend? If you have Microsoft Lync deployed and that partner had Lync, you can setup a Lync federation partnership and eliminate those long email conversation threads by simply having an IM session with your coworker. Not only have you become more productive by saving time from writing that email about your plans, but you might also keep your Exchange admin happy as well. After all, email is not a chat session.
Types of Lync Federation
Using Lync is a great tool to communicate internally, but it can also be used to communicate with your external partners or businesses just as easy using Lync Federation. This article will discuss what you need to do to get federated with an external Lync deployment.
Lync Federation with another external Lync deployment, typically a business partner/customer, allows the users of the federated partnership to access IM and Presence (person to person only), and it creates federated contacts within the Lync client. Perhaps you want to limit the federation to only a subset of users. This can be accomplished via Lync External Access Polices assigned by users.
There are several types of Lync Federation: Discovered Partner Domain, Allowed Partner Domain, Allowed Partner Server, and Hosting Provider and Public IM.
Discovered Partner Domain (Open Enhanced Federation)
The partner’s Lync Edge server is discovered by looking the SRV record using DNS. The Firewall would need to allow all inbound traffic on port 5061 through without restriction. This type of federation allows users to connect to any potential business partner without contacting the Lync Admin to setup the federation. This open form of federation requires such that the A record and certificate for the federated access edge server needs to match the SIP domain. There is also a limit of 20 SIP messages received per second by this type of partnership.
Allowed Partner Domain (Enhanced Federation)
This type of federation requires the Lync Administrator to setup the federation as it requires you know your partner’s SIP domain and add it to the list of Federated Domains Lync control panel. Like the Discovered Partner Federation, the A record and certificate for the federated access edge server needs to match the SIP domain, but there are no limitations as far as SIP messages.
Allowed Partner Server (Direct Federation)
This type of federation is manually added and does not require A records and certificates to match the partners access edge server. Instaed, it uses the Partner’s FQDN of the access edge server and the domain name.
Hosting Provider and Public IM
This type is used for federating with hosting providers such as Office 365, Skype, and AOL.
This allows federation with deployments using eXtensible Messaging and Presence Protocol (which will not be shown in this article).
Prior to setting up the federation you will need to ensure that your Lync deployment is setup properly.
- You will need to deploy Lync Edge server and publish your topology. If you already have Lync Edge server set up, you’re ahead of the game, and you’ll only need to modify your settings. For the purpose of this article I will not go into the full details of setting up an Edge server deployment, but I will demonstrate the setup of federation using a Single Consolidated Lync Edge deployment that has been previously setup for Edge access. If you don’t have Lync Edge deployed, read TechNet’s guide to determine the best type of Lync Edge deployment for your environment. You may also need to discuss Lync Edge deployments with your Networking team as firewall ports may need to allow through any firewalls you may have.
- Configure any DNS A or SRV records required for Lync Edge, if they are not already published.
Enable Lync Federation on Existing Edge Server Setup
- Download Topology from Existing Deployment.
- Right-click on your Edge pool and select Properties.
- Select Enable Lync Federation and click OK.
- Click Action, select Topology, and Publish your topology.
- On your Edge server, select Install/Update Lync Server System, then select Setup or Remove Lync Server Components. Select Run Again.
- Restart Lync Services.
Configuring Support for External User Access
In the Lync Control Panel, navigate to External access Policy page and enable users to communicate with federated users.
After you have configured for federation on your Edge servers, you’ll be ready to start federating with business partners. Determine what type of federation you will be using for that partner and then define the DNS records required for that particular type of federation.
Discovered Partner Domain (Open Enhanced Federation): If you want to use this type of federation, you will need to enable the feature using the Access Edge Configuration settings.
Lync Edge server will locate the business partner using the partner’s SRV record using DNS if it’s published. <_sipfederationtls._tcp.<external domain name>
Allowed Partner Domain (Enhanced Federation): In the Federated Domain tab add the business partner’s domain name.
Allowed Partner Server (Direct Federation): In the Federated Domain tab, add the business partner’s Access Edge server FQDN and the partner’s domain. Both must be entered.
Hosting Provider and Public IM: To federate with a business partner using Office 365, fill in the provider name and Access edge FQDN. You will also need to choose to allow communication with this provider. Once these settings are added in the hosting provider tab you will still need to add the business partner’s domain info in the Federated Domains list tab.
Once all settings are added for the business partner and you’ve exchanged your details with them, then you can begin testing the Lync Federation.