Cisco Cisco Expressway
"Lync gateway" Expressway: Ensure that TLS is enabled in SIP
configuration
configuration
1. Go to
Configuration > Protocols > SIP
.
2. Ensure that TLS mode is On.
Lync Server configuration
The configuration will vary depending upon the architecture of the Lync Server installation.
n
If a Lync Director is in use, then configure the Lync Director (pool) to trust the "Lync gateway" Expressway
and to route traffic to Expressway. Other FEPs receiving calls for the video domain may not know how to
route them (depending on Lync SIP routing configuration), and may pass the calls to the Director pool for
routing.
and to route traffic to Expressway. Other FEPs receiving calls for the video domain may not know how to
route them (depending on Lync SIP routing configuration), and may pass the calls to the Director pool for
routing.
n
If there is just a hardware load balancer in front of a set of FEP pools, configure each FEP pool.
n
If there is just a single FEP, configure it.
To allow the "Lync gateway" Expressway to communicate with Lync Server:
1. For a TLS (encrypted signaling) connection between the "Lync gateway" Expressway and Lync Server
(recommended), TLS must be allowed on Lync Server.
For a TCP connection (not recommended), TCP must be allowed on Lync Server .
For a TCP connection (not recommended), TCP must be allowed on Lync Server .
2. Configure Lync Server to trust the "Lync gateway" Expressway(s).
3. Configure Lync Server media encryption capabilities.
Trust a "Lync gateway" Expressway
Lync trust can either be set up for a single "Lync gateway" Expressway or multiple Expressways (for
example when using a cluster for "Lync gateway" Expressway.
example when using a cluster for "Lync gateway" Expressway.
On Lync Server (using Lync 2010 as an example):
1. Select
Start > All Programs > Microsoft Lync Server 2010 > Lync Server Management Shell
.
2. Set one or more "Lync gateway" Expressways as a trusted application for Lync Server (Expressway is
treated as an application by Lync Server).
Use the command New-CsTrustedApplicationPool with the following parameters:
-Identity
Use the command New-CsTrustedApplicationPool with the following parameters:
-Identity
: specifies the "Lync gateway" Expressway cluster FQDN. This name must match the
Common Name / Subject Alternate Name specified in the Expressway server certificate e.g.
lyncexp.ciscotp.com.
-ComputerFqdn
lyncexp.ciscotp.com.
-ComputerFqdn
: specifies the "Lync gateway" Expressway peer FQDN (specify the master
Expressway FQDN if running a cluster), e.g. exp01.ciscotp.com. This name must match the Common
Name specified in the Expressway server certificate.
-Registrar
Name specified in the Expressway server certificate.
-Registrar
: specifies the FQDN of the registrar for the Lync pool
-Site
: specifies the siteID on which this application pool is homed
Note: you can use the command Get-CsSite to get the full list of sites (SiteID) and related pools.
-RequiresReplication
-RequiresReplication
: specifies that this trusted application must not be replicated between Pools
(must be $false)
-ThrottleAsServer
-ThrottleAsServer
: reduces the message throttling as it knows the trusted device is a server, not a
client (must be $true)
-TreatAsAuthenticated
-TreatAsAuthenticated
: specifies that this application is authenticated by default (must be $true)
Microsoft Lync and Cisco Expressway Deployment Guide (X8.5)
Page 31 of 71
Enabling endpoints registered on the video network to call clients registered on Lync