Cisco Cisco TelePresence Video Communication Server Expressway
1. For a TLS (encrypted signaling) connection between the “Lync gateway” VCS and Lync Server
(recommended), TLS must be allowed on Lync Server.
For a TCP connection (not recommended), TCP must be allowed on Lync Server .
For a TCP connection (not recommended), TCP must be allowed on Lync Server .
2. Configure Lync Server to trust the “Lync gateway” VCS(s).
3. Configure Lync Server media encryption capabilities.
Trust a “Lync gateway” VCS
Lync trust can either be set up for a single “Lync gateway” VCS or multiple VCSs (for example when using a
cluster for “Lync gateway” VCS.
cluster for “Lync gateway” VCS.
On Lync Server (using Lync 2010 as an example):
1. Select
Start > All Programs > Microsoft Lync Server 2010 > Lync Server Management Shell
.
2. Set one or more "Lync gateway" VCSs as a trusted application for Lync Server (VCS is treated as an
application by Lync Server).
Use the command New-CsTrustedApplicationPool with the following parameters:
-Identity
Use the command New-CsTrustedApplicationPool with the following parameters:
-Identity
: specifies the "Lync gateway" VCS cluster FQDN. This name must match the Common
Name / Subject Alternate Name specified in the VCS server certificate e.g. lyncvcs.ciscotp.com.
-ComputerFqdn
-ComputerFqdn
: specifies the "Lync gateway" VCS peer FQDN (specify the master VCS FQDN if
running a cluster), e.g. vcs01.ciscotp.com. This name must match the Common Name specified in the
VCS server certificate.
-Registrar
VCS server certificate.
-Registrar
: specifies the FQDN of the registrar for the Lync pool
-Site
: specifies the siteID on which this application pool is homed
Note: you can use the command Get-CsSite to get the full list of sites (SiteID) and related pools.
-RequiresReplication
-RequiresReplication
: specifies that this trusted application must not be replicated between Pools
(must be $false)
-ThrottleAsServer
-ThrottleAsServer
: reduces the message throttling as it knows the trusted device is a server, not a
client (must be $true)
-TreatAsAuthenticated
-TreatAsAuthenticated
: specifies that this application is authenticated by default (must be $true)
For example:
C:\Users\administrator.CISCOTP>New-CsTrustedApplicationPool -Identity lyncvcs.ciscotp.
com -ComputerFqdn vcs01.ciscotp.com -Registrar feppool.ciscotp.com -site 1 -RequiresRe
plication $false -ThrottleAsServer $true -TreatAsAuthenticated $true
3. (For TCP only deployments) Use the Topology Builder to configure the IP address of the "Lync gateway"
VCS as a trusted server:
a. Select
Start > All Programs > Microsoft Lync Server 2010 > Topology Builder
.
b. Under
Lync Server 2010 >Trusted Application Servers
, right-click on the VCS host and select
Edit
Properties
.
c. In the
General
tab, select Limit service usage to selected IP addresses, enter the Primary IP
address of the VCS and click OK.
d. Publish the topology (you may need to restart the Lync Front-End Service to make sure that topology
changes are applied).
4. If using a cluster of “Lync gateway” VCSs, use the shell to add the additional cluster peer members as
computers to the trusted application pool using the command New-
CsTrustedApplicationComputer
CsTrustedApplicationComputer
with the following parameters:
-Identity
: specifies the FQDN of the VCS cluster peer being added, e.g. vcs02.ciscotp.com. This
name must match the Common Name specified in the VCS server certificate.
-Pool
-Pool
: specifies the FQDN of the application pool this VCS is being added to (identical to the FQDN
used for -Identity in the previous step, e.g. lyncvcs.ciscotp.com.
Microsoft Lync and Cisco VCS Deployment Guide (X8.1)
Page 27 of 76
Enabling endpoints registered on the video network to call clients registered on Lync