Skype For Business Installation (Part 2): Lets Start and Have DNS Fun

In the Part 1 blog post, we discussed planning and building a design for the new Skype For Business environment.  Now, let’s discuss installing the Skype For Business (SfB) Server.  Today, we’ll dive into the first steps of setting up Skype For Business and the infamous topic of DNS.

Microsoft has laid out the process to upgrade to Skype For Business (see here).  Here is a flow diagram from that site:

clip_image002

I followed this process but also highlight some key points.

TechNet Steps Dean Comments
Step 1: Install Prerequisites (here) I am building my environment on Windows 2012 R2 Server. So, I setup 3 Windows 2012 Servers and joined them to the domain. I ran Windows Updates and installed the Prerequisites on all 3 machines.Would recommend using the PowerShell “Add-WindowsFeature” cmdlet to add all of the Prerequisites.
Step 2: Create File Share (here) There is a recommendation that for a high availability environment, a Distributed File System (DFS) file share is recommended.
Step 3: Install Administrative Tools (here) Install the Administrative Tools from the Skype For Business (SfB) Deployment Wizard.A key point on this step is to “Connect to computer in the topology that does not have Lync OCSCore or any other Lync components installed.” This means that you can’t do this step on the existing Lync 2013 servers.  I setup 3 new servers that would be my new SfB Front End pool and performed this step on them.clip_image004
Step 4: Prepare Active Directory (here) Followed the steps documented on Technet and had no issues.
Step 5: Create DNS Records (here) DNS. Getting the right DNS records created is probably one of the biggest sources of problems that I see.  This is right alongside with determining the number of public IP addresses needed and the names required on the certificates.(DNS, IP addresses, Certificates).I recommend reviewing the documentation notes below:· DNS Requirements (https://technet.microsoft.com/en-us/library/gg398386.aspx)

· DNS Requirements (https://technet.microsoft.com/en-us/library/gg398758(v=ocs.15).aspx)

· Simple URLs (https://technet.microsoft.com/en-us/library/gg425874(v=ocs.15).aspx)

· Lync Planning Tool (http://www.microsoft.com/en-us/download/details.aspx?id=36823)

Jeff Schertz also has a great blog on the client autodiscover process

· http://blog.schertz.name/2012/12/lync-2013-client-autodiscover/

Some considerations to think about when planning your DNS needs are:

Your DNS Architecture

Do you have:

  • Split brain DNS: For example, your internal DNS zone is domain.com and external DNS zone is domain.com.
  • Delegated sub-domain DNS: For example, external DNS zone is domain.com and internal DNS zone is subdomain.domain.com.
  • Separate domain DNS: For example, external DNS zone is domain.com and internal DNS zone is domain.net.

Your SfB Pool Architecture

  • Do you have an Standard Edition or Enterprise edition pools?
  • How many SIP domains do you have?
  • What is your Simple URL’s architecture?
  • How many SfB Edge Servers do you have?
  • How are you publishing your SfB Edge Servers external IP addresses (NAT’d?, public IP?)
  • What kind of load balancing are you going to use (DNS + Hardware load balancing, Hardware Load balancing). Remember even with DNS load balancing, you need to use a hardware load balancer for load balancing the web traffic (443).

The above articles walk you through the various decisions.

In my scenario,

I have:

  • Split brain DNS: Internal and external DNS domain zone is: mtcirvine.com
  • My Active Directory domain and DNS zone (mtc-irv.com) is different from my public DNS domain (mtcirvine.com)
  • I am building out an Enterprise Edition pool with 3 Front-End Servers
  • I have a single SfB Edge server.
  • I have a single SIP domain (mtcirvine.com)
  • I am using DNS load balancing.
  • I decided to using a single simple URL with subdomains
    • Join.mtcirvine.com
    • Join.mtcirvine.com/meet (for meeting URL)
    • Join.mtcirvine.com/dialin (for phone access URL)
    • Join.mtcirvine.com/admin (for Admin access)

Some based upon these decisions, I needed to create records on my internal DNS server and also external our DNS provider in our mtcirvine.com zone.

On my internal DNS zone for my Active Directory domain (mtc-irv.com)

A record was created for each SfB server when I joined them to the domain

On my internal DNS server for my public DNS domain (mtcirvine.com)

I created the following records

  • DNS A records
    • For the pool (e.g. irvpool2.mtcirvine.com). Created 3 DNS A records pointing to the IP address of each of the SfB front-end servers
    • For each SfB Front End (e.g. SFB2015FE1.mtcirvine.com, SFB2015FE2.mtcirvine.com, SFB2015FE3.mtcirvine.com) pointing to IP address of each SfB front-end servers
    • Created an A record for the internal leg of the SfB edge server (sfb2015Edge1.mtcirvine.com)
    • Edge servers DNS A records pointing to public IP addresses of the external NICs of my SfB edge server:
      • Access1.mtcirvine.com (for access edge)
      • Webcon1.mtcirvine.com (for web conferencing)
      • AV1.mtcirvine.com (for audio/video conferencing)
      • I used public IP addresses on the external leg of my SfB Edge server.
    • Join.mtcirvine.com (for simple URLs) pointing to public IP address of reverse proxy’s external leg
    • Rp.mtcirivne.com (for reverse proxy) pointing to public IP address of reverse proxy’s external leg
    • Lyncdiscover.mtcirvine.com ; pointing to my reverse proxy public IP address
    • Sip.mtcirvine.com ; pointing to my access edge public IP address
    • Lyncdiscoverinternal.mtcirvine.com ; pointing to internal IP address of SfB pool
  • SRV record:
    • _sip._tls.mtcirvine.com 100 1 443 access1.mtcirvine.com
    • _sipinternaltls._tcp.mtcirvine.com 0 0 5061 ; pointing to SfB pool
    • _sipederationaltls._tcp.mtcirvine.com 100 1 5061 ; pointing to SfB pool

On my external DNS server for my public DNS domain (mtcirvine.com)

I created the following records

  • DNS A records
    • Edge servers DNS A records pointing to public IP addresses of the external NICs of my SfB edge server:
      • Access1.mtcirvine.com (for access edge)
      • Webcon1.mtcirvine.com (for web conferencing)
      • AV1.mtcirvine.com (for audio/video conferencing)
    • Join.mtcirvine.com (for simple URLs) pointing to public IP address of reverse proxy
    • Rp.mtcirivne.com (for reverse proxy) pointing to public IP address of reverse proxy
    • Lyncdiscover.mtcirvine.com ; pointing to my reverse proxy public IP address
    • Sip.mtcirvine.com ; pointing to my access edge public IP address
    • Sipexternal.mtcirvine.com ; pointing to access edge public IP address
  • SRV record:
    • _sip._tls.mtcirvine.com 100 1 443 access1.mtcirvine.com
    • _sipinternaltls._tcp.mtcirvine.com 0 0 5061 ; pointing to access1.mtcirvine.com
    • _sipederationaltls._tcp.mtcirvine.com 100 1 5061 ; pointing to access1.mtcirvine.com

If you have multiple SfB Edge Servers, then you will need more DNS records and IP addresses

Advertisements
This entry was posted in Lync, Office 365, Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s