Рабочие нагрузки Skype for business 2015 UC Lab

Следующая встреча UC2 номер 13 (26.04.2016)

Alexey BogomolovMicrosoftMicrosoft MVP: Exchange

Exchange 2013/2016 Transport High Availability

Сергей ТрюханAvaya Networking

Решения Avaya Networking для UC Microsoft

Приходите на встречу UC2 номер 13 в Технологический Центр Microsoft (MTC) или подключайтесь к трансляции Skype for Business Online!

Рабочие нагрузки Skype for Business

2015Журавлев Александр (UC Lab, Руководитель лаборатории)

29.03.2016 Технологический центр Microsoft

В докладе будут рассмотрены темы:• маршрутизация трафика Skype for Business 2015• используемы порты и протоколы Skype for Business 2015• моделирование и симуляция трафика Skype for Business 2015.

решения Microsoft• моделирование и симуляция трафика Skype for Business 2015.

решения IXIA (совместно с Владимиром Назаренко)

Моделирование и симуляция трафика Skype for Business 2015. решения Microsoft• Skype for Business, Bandwidth Calculator• Skype for Business 2015, Planning Tool• Stress and Performance Tool• iperf• Debugging Tools• Key Health Indicators• SDN API• KEMP шаблоны

Skype for Business, Bandwidth Calculator 2.60

PLEASE NOTE: This download is also applicable to Lync Server 2010 and 2013 deploymentshttps://www.microsoft.com/en-gb/download/details.aspx?id=1901120335B-5

https://www.microsoft.com/en-gb/download/details.aspx?id=19011

https://www.microsoft.com/en-gb/download/details.aspx?id=19011

10 профилей пользователей

10 центральных сайтов, 300 филиалов

Planning ToolSkype for Business 2015, Planning Tool (9319.145)https://www.microsoft.com/en-us/download/details.aspx?id=50357Microsoft Lync Server 2013, Planning Tool (8308.420)https://www.microsoft.com/ru-ru/download/details.aspx?id=36823Microsoft Lync Server 2010, Planning Tool (7577.117)https://www.microsoft.com/en-us/download/details.aspx?id=19711Planning Tool for Office Communications Server 2007 (6362.53)https://www.microsoft.com/en-us/download/details.aspx?id=23126

https://www.microsoft.com/en-us/download/details.aspx?id=50357

https://www.microsoft.com/ru-ru/download/details.aspx?id=36823





Planning Tool

Planning Tool

Моделирование в Planning Tool

0 10000 20000 30000 40000 50000 60000 70000 80000 900000

2

4

6

8

10

12

14

Enterprise Edition

FE(EE) Edge(EE) dir(EE)

FE 6660EDGE 15000MAXIMUM 240000 (3 POOL, 36 FE)

DEMOДокументирование инфраструктурыДокументация для СБ

Stress and Performance ToolSkype for Business Server 2015, Stress and Performance Tool (9319.113)https://www.microsoft.com/en-us/download/details.aspx?id=50367Lync Server 2013, Stress and Performance Tool (8308.299)http://www.microsoft.com/en-us/download/details.aspx?id=36819Lync Server 2010, Stress and Performance Tool (7577.120)https://www.microsoft.com/en-us/download/details.aspx?id=25005


http://www.microsoft.com/en-us/download/details.aspx?id=36819


Подготовка к тестированию

…<MediationServer>sea-pool.contoso.com</MediationServer> <MediationServerPort>5067</MediationServerPort> <GatewaySimulatorPort>5067</GatewaySimulatorPort>…

Выполнение тестирования

cmd (Administrator)cd "C:\Program Files\Skype for Business Server 2015\LyncStressAndPerfTool\LyncStress"regsvr32 /i /n LyncPerfToolPerf.dllregsvr32 /i /n S4Perf.dll

cd "C:\3.28_21.4.25\client0_all"RunClient0.bat "C:\Program Files\Skype for Business Server 2015\LyncStressAndPerfTool\LyncStress“

cd "C:\3.28_21.4.25\client1_all"RunClient1.bat "C:\Program Files\Skype for Business Server 2015\LyncStressAndPerfTool\LyncStress"

iperf Client (Internal) - FE

iperf Client (External) - EDGE

Debugging ToolsSkype for Business Server 2015 Debugging Tools (9319.73)https://www.microsoft.com/en-us/download/details.aspx?id=47263Microsoft Lync Server 2013 Debugging Tools (8308.577)http://www.microsoft.com/en-us/download/details.aspx?id=35453


http://www.microsoft.com/en-us/download/details.aspx?id=35453

Debugging ToolsC:\Program Files\Skype for Business Server 2015\Debugging Tools

C:\Program Files\Microsoft Lync Server 2013\Debugging Tools

Key Health Indicators (perfmon.msc)Network Planning, Monitoring, and Troubleshooting with Lync Serverhttps://www.microsoft.com/en-us/download/details.aspx?id=39084Key Health Indicators for Lync Server 2013 and Skype for Business Server 2015https://www.microsoft.com/en-us/download/details.aspx?id=46895

#Create KHI Data Collector on a single serverCreate_KHI_Data_Collector.ps1 –version Skype4BCreate_KHI_Data_Collector.ps1 –version LyncServer2013

#Stop KHI Data Collector on a single serverLogman stop KHI

#Start KHI Data Collector on a single serverLogman start KHI



SDN API

SDN Manager в Windows 8.1 x64 в CMD от АдминистратораC:\Program Files\Microsoft Skype for Business Server\Microsoft Skype for Business SDN ManagerSDNManager.exe.config

serviceSkype for Business SDN ManagerSkype for Business SDN Interface - Skype for Business SDN Manager"C:\Program Files\Microsoft Skype for Business Server\Microsoft Skype for Business SDN Manager\SDNManager.exe"Network Service

LDL config files (LyncDialogListener.exe.config) on the FE's

LSM config files (LyncSDNManager.exe.config) on the LSM

Lync SDN API 2.0 (от 14.1.2014)

Lync SDN Interface 2.1.1 (от 26.1.2015)

Skype for Business, SDN Interface 2.2 (от 19.6.2015)LDL config files (DialogListener.exe.config) on the FE'sLSM config files (SDNManager.exe.config) on the LSM

SDN API 2.0 Архитектура

(Источник: Microsoft)

• Lync Dialog Listener (LDL) устанавливается на Lync FEПередает информацию (сигнализация и диагностическая информация о media) в LSM

• Lync SDN Manager (LSM), устанавливается на отдельном сервере 2008/2012 Windows Server.Собирает данные и отправляет на контроллер Aruba (ArubaOS v6.3 и выше)

https://channel9.msdn.com/events/Lync-Conference/Lync-Conference-2014/NETW300




https://channel9.msdn.com/events/Lync-Conference/Lync-Conference-2014/SOLU201

https://channel9.msdn.com/events/Ignite/2015/BRK2191

Для информации














https://channel9.msdn.com/events/Ignite/2015/BRK2191

SDN API vs Heuristics (Aruba Networks)


Ports and protocols for internal servershttps://technet.microsoft.com/en-us/library/gg398833.aspxRequired Server Ports (by Server Role)Hardware Load Balancer Ports if Using Only Hardware Load BalancingHardware Load Balancer Ports if Using DNS Load BalancingRequired Client Ports

https://technet.microsoft.com/en-us/library/gg398833.aspx

SfB_2015.tmpl

KEMP шаблоныSfB_2015.tmpl

Кракоз бры (крякоз бры) — бессмысленный с точки зрения читателя набор я́ я́символов, чаще всего получаемый на компьютере в результате неправильного перекодирования осмысленного текста. /Циклопедия/

Lync Edge Internal 2013 HLB Only1 192.168.1.201:443 tcp Lync Edge Internal AV Media TCP L7 on Real Server round robin (TCP Audio, Video, Sharing & Files)2 192.168.1.201:3478 udp Lync Edge Internal AV Media UDP L4 round robin (Audio/Video)3 192.168.1.201:5061,5062 tcp Lync Edge Internal SIP L7 round robin (SIP/TLS, A/V Authentication)

Lync Internal 2013 DNS1 192.168.1.201:80,8080 tcp Lync Internal WebSvc HTTP L7 round robin2 192.168.1.201:443,4443 tcp Lync Internal WebSvc HTTPS L7 on Real Server round robin

Lync Internal 2013 HLB Only1 192.168.1.201:80,8080 tcp Lync Internal WebSvc HTTP L7 round robin2 192.168.1.201:135 tcp Lync Internal Front-End DCOM L7 round robin3 192.168.1.201:443,444,4443 tcp Lync Internal WebSvc HTTPS HLB Only L7 on Real Server round robin 4 192.168.1.201:5061,448, tcp Lync Internal Front-End SIP L7 round robin

5070-5073,5075,5076,5080Lync Mediation 2013 HLB Only1 192.168.1.201:5070 tcp Lync Mediation L7 round robin

Lync Office Web App Servers 20131 192.168.1.201:443 tcp Office Web App Servers L7 round robin

Lync Reverse Proxy 20131 192.168.1.201:80 tcp Lync Reverse Proxy HTTP L7 round robin 2 192.168.1.201:443 tcp Lync Reverse Proxy HTTPS L7 round robin


Lync Director 2013 DNS1 192.168.1.201:443,444,4443 tcp Lync Director L7 on Real Server round robin

Lync Director 2013 HLB Only1 192.168.1.201:443,444,4443 tcp Lync Director L7 on Real Server round robin 2 192.168.1.201:5061 tcp Lync Internal Director SIP L7 round robin

Lync Edge External 2013 HLB Only1 192.168.1.201:443 tcp Lync Edge External SIP L7 on Real Server round robin (Remote Users)2 192.168.1.201:5061 tcp Lync Edge External SIP Federation L7 round robin (SIP/TLS)3 192.168.1.201:5269 tcp Lync Edge External XMPP L7 round robin

Lync Edge External AV 2013 HLB Only1 192.168.1.201:443 tcp Lync Edge External AV Media TCP L7 on Real Server round robin (Fallback port, TCP Audio, Video, Sharing & Files)2 192.168.1.201:3478 udp Lync Edge External AV Media UDP L4 round robin (Audio/Video)

Lync Edge External Conferencing 2013 HLB Only1 192.168.1.201:443 tcp Lync Edge External Conferencing L7 on Real Server round robin (Conferencing)


2013 FEName ProtocolPort

FE Web 80 TCP 80FE DCOM (RPC) TCP 135 RPC

443 WebSvc (SSL)FE Conf TCP 444 HTTPS – Intra and interpool communication (SSL)FE CAC TCP 448 Used for call admission control by the Lync Server Bandwidth Policy ServiceFE Web 4443 TCP 4443 (SSL)FE SIP TCP 5061 SIP/MTLSFE MED TCP 5070 для MediationFE RSG TCP 5071 Response GroupFE CAA TCP 5072 Attendant (dial in conferencing)FE CA TCP 5073 Conferencing Announcement service (that is, for dial-in conferencing)FE TCP 5075 Call ParkFE TCP 5076 Audio Test serviceFE TCP 5080 Used for call admission control by the Bandwidth Policy service for A/V Edge TURN trafficFE Web 8080 TCP 8080 HTTP Root Cert Retrieval for Lync Phones


Microsoft Lync Server 2010 Protocol Workloads Poster.pdf

Lync_2013_poster.pdf

Skype for Business 2015 Protocol Workloads Posterhttps://www.microsoft.com/en-us/download/details.aspx?id=46448

IM and Presence

A/V and Web Conferencing

Application Sharing

Enterprise Voice

Certificate Requirements DNS Configuration CMS


CMS. Начальные условияInternal

External Firewall Internal Firewall

Back-endSQL Server

Active Directory Domain Services

Enterprise Pool(CMS master)

Edge Pool(CMS replica)

Director(CMS replica)

Front-end Pool(CMS replica)

Mediation Pool(CMS replica)

StandardEdition Server(CMS replica)

Branch Appliance(CMS replica)

Install on Enterprise Edition to provide high availability.

CMS Internal

HTTPS:4443


Back-endSQL Server


Enterprise Pool(CMS master)

Edge Pool(CMS replica)

Director(CMS replica)

Front-end Pool(CMS replica)

Mediation Pool(CMS replica)

StandardEdition Server(CMS replica)

Branch Appliance(CMS replica)

Default (1433) or SQL named instance

TCP:1433

SMB:4

45

Install on Enterprise Edition to provide high availability.

SMB trafficHTTPS traffic

RTC xds Central Management Store data (master)

Enterprise Voice. Начальные условия

Internal

Internal Firewall

External

Branch Office

Skype for Business 2015 users


External Firewall

Directors



Front end poolEdge Pool

Exchange UM

Branch Appliance

Mediation Pool(optional)

Connectivity to:� IP-PSTN gateway� IP/PBX� Direct SIP� SIP trunk

WANConnection

Enterprise Voice. SIP traffic; CAC traffic

Internal

Internal Firewall

External

Branch Office



External Firewall

Directors



Front end poolEdge Pool

Exchange UM

Branch Appliance



WANConnection

SIP/MTLS:5062SIP/MTLS:5061

Access Edge - SIP/TLS:443

MRAS traffic

Port number to service traffic assignment:5064 - Telephony Conferencing Service5067 – Mediation Server Service5071 - Response Group Service5072 - Conferencing Attendant Service5073 - Conferencing Announcement Service5075 - Call Park Service

SIP/TLS:5061,5070

SIP/TL

S:506

1

SIP/MTLS

SIP/TL

S:506

1

MRAS traffic

Lync client automatically registers with the pool if the Branch Appliance becomes unavailable.

For federation, SBA connects directly with Director. If no Director is available, federation traffic goes directly to the Edge Server.

SIP/TCP:5060,5061

SIP/TLS:5061

SIP/MTLS:5062

SIP/MTLS:5061

TURN

/TCP:4

48

If no Edge Server is defined in the topology, callee checks the Front End Server·s Bandwidth Policy Service.

HTTPS:444

SIP trafficCall Admission Control (CAC) traffic

Enterprise Voice. RTP/SRTP traffic: A/V Conferencing; ICE traffic

RTP/SRTP traffic: A/V ConferencingICE traffic

Internal

Internal Firewall

External

Branch Office



External Firewall

Directors



Front end poolICE: STUN/TCP:443, UDP:3478SRTP: STUN/TCP:443, UDP:3478A/V Edge – ICE: STUN/TCP:443, STUN/UDP:3478

Edge Pool

Exchange UM

Branch Appliance

SRTP: STUN/TCP:443, UDP:3478ICE: STUN/TCP:443, UDP:3478SRTP/UDP:30,000-39,999

SRTP

: STU

N/TC

P:443

, UDP

:3478

ICE: S

TUN/

TCP:4

43, U

DP:34

78

SRTP

/RTC

P:49,1

52-5

7,500

STUN/TCP:448


Media bypass: audio routed directly to gateway bypassing Mediation Server.

Enterprise Voice applications

WANConnection


SRTP/RTCP:49,152-57,500

SRTP/RTCP:60,000-64,000

Media codec varies per workload: RTAudio, G.711, SILK

Application Sharing. Начальные условия

External Internal

Edge PoolSkype for Business 2015 users



Reverse proxy

Directors

Skype for Business federation



Front end pool

Application Sharing. SIP traffic: signaling; HTTP(S) traffic

External Internal




Reverse proxy

Directors




Front end pool

HTTPS:443

SIP/MTLS:5062SIP/MTLS:5061

SIP/TL

S:506

1

HTTPS:4443

Access Edge - SIP/TLS:5061Access Edge - SIP/TLS:443

SIP/TL

S:506

1

SIP/MTLS

If client connects on port 80 during sign-in, it gets redirected to

port 443

Port number to service traffic assignment:5065 - Application Sharing Conferencing Service

MRAS traffic

SIP traffic: signaling HTTP(S) traffic

Application Sharing. RTP/SRTP traffic: A/V Conferencing; ICE traffic External Internal




Reverse proxy

Directors




Front end poolICE: STUN/TCP:443SRTP: STUN/TCP:443

A

ICE: STUN/TCP:443SRTP: STUN/TCP:443 RDP/SRTP/TCP:1024-65535

RDP/

SRTP

/TCP:4

9152

-655

35

Peer-to-peer application

sharing session

RTP/SRTP traffic: A/V ConferencingICE traffic

ASource IPA/V EdgeAny

Destination IPAnyA/V Edge

Source PortTCP 50,000-59,999Any

Destination PortTCP 443TCP 443

A/V and Web Conferencing. Начальные условияExternal Internal




File Share Server

Reverse proxy

Directors




Front end pool

VIS

VTCOffice Web Apps Server

CUCM

A/V and Web Conferencing. SIP traffic: signaling SIP traffic: signaling

External Internal




File Share Server

Reverse proxy

Directors




Front end pool

VIS

VTCOffice Web Apps Server

CUCM

Access Edge – SIP/TLS:5061

Access Edge – SIP/TLS:443

SIP/MTLS/TCP:5062

SIP/MTLS/TCP:5061

TLS:5

061

TCP:5

060

TLS:5

061

SIP Tr

unk

SIP/MTLS/TCP:5061

SIP/TL

S:506

1

MRAS traffic

TCP:5060 TLS:5061

A/V and Web Conferencing. RTP/SRTP traffic: A/V ConferencingExternal Internal




File Share Server

Reverse proxy

Directors




Front end pool

A

VIS

SRTP: STUN/TCP:443, UDP:3478

SRTP: STUN/TCP:443, UDP:3478

SRTP/UDP:1024-65535

SRTP

/UDP

:4915

2-65

535

HTTPS:443

SRTP/UDP:49152-65535

VTC

Peer-to-peer A/V session.

B

C

D

Traffic goes directly to A/V Conferencing Service WITHOUT going through the pool·s hardware load balancer

Meeting content + metadata +

compliance file share.

SRTP/UDP:49152-65535

Office Web Apps Server

CUCM

ASource IPA/V EdgeA/V EdgeAnyAny

Destination IPAnyAnyA/V EdgeA/V Edge

Source PortTCP 50,000-59,999UDP 3478AnyAny

Destination PortTCP 443UDP 3478TCP 443UDP 3478

B Codec varies per workload: G.722 for audio H264SVC for video

C Codec varies per workload: G.722, Siren or SILK for audio H264SVC for video [RTVideo for

downlevel clients]

D Codec varies per workload: G.722 for audio H264AVC for video

RTP/SRTP traffic: A/V Conferencing

A/V and Web Conferencing. HTTP(S) traffic

PSOM traffic: Web ConferencingICE traffic

External Internal




File Share Server

Reverse proxy

Directors




Front end pool

HTTPS:443

If client connects on port 80 during sign-in, it gets redirected to

port 443

VIS

ICE: STUN/TCP:443, UDP:3478PSOM/MTLS/TCP:8057

ICE: STUN/TCP:443, UDP:3478 HTTP

S:443

PSOM

/TLS:8

057

SMB:445

HTTPS:443

HTTPS:4443

HTTP

S:443

HTTPS:443

SRTP/UDP:49152-65535

VTC

E

Meeting content + metadata +

compliance file share.

Director proxies Web traffic to destination pool·s Web Service.

Web Conf Edge - PSOM/TLS:443

A/V Edge – STUN/TCP:443, UDP:3478

Office Web Apps Server

CUCM

IM and Presence. Начальные условия

External Internal

Reverse proxy

Edge Pool

ADFS ProxySkype Directory Search

Front end pool


Directors

Persistent Chat Server

Persistent Chat Compliance Server

Centralized Logging Service

DirSync

ADFS Back-end SQL Server


CertificateAuthority


XMPP federation


Office 365

File Share Server

Address book & Persistent

Chat file share


and Public IM

Single sign-on (SSO)

IM and Presence. CLS trafficExternal Internal

Reverse proxy

Edge Pool


Front end pool


Directors




DirSync





XMPP federation


Office 365

File Share Server


Chat file share


and Public IM


CLS/MTLS: 50001-50003

CLS traffic

External Internal

Reverse proxy

Edge Pool


Front end pool


Directors




DirSync





XMPP federation


Office 365

File Share Server


Chat file share


and Public IM


B

Access Edge – SIP/MTLS: 5061

SIP/MTLS: 5061

SIP/MTLS:5041

C

SIP/T

LS: 5

061

SIP/T

LS: 5

061

SIP/MTLS

Port number to service traffic assignment:5062 – IM Conferencing Service5086 – Internal Mobility Service 5087 – External Mobility Service

External user sign-in process: 1. Client discovers Edge Server:

a. lyncdiscoverinternal.<sip-domain>b. lyncdiscover.<sip-domain>c. _sipinternaltls._tcp.<sip-domain>d. _sipinternal._tcp.<sip-domain>e. _sip._tls.<sip-domain>f. sipinternal.<sip-domain>g. sip.<sip-domain>h. sipexternal.<sip-domain>

2. Client connects to Edge Server.3. Edge Server proxies connection to Director.4. Director authenticates user and proxy connection to user·s home pool.

B

Internal user sign-in process: 1. Client discovers Enterprise Pool:

a. lyncdiscoverinternal.<sip-domain>b. lyncdiscover.<sip-domain>c. _sipinternaltls._tcp.<sip-domain>d. _sipinternal._tcp.<sip-domain>e. sipinternal.<sip-domain>f. sip.<sip-domain>

2. Client connects to Enterprise Pool server.3. Enterprise pool server authenticates user and redirects connection to user·s home server.

C

SIP traffic: signaling and IM

IM and Presence. SIP traffic: signaling and IM

IM and Presence. XMPP, HTTPS, MSMQ traffic

XMPP trafficHTTPS trafficMSMQ traffic

This port is used to connect to Web Services: download the Address Book connect to Address Book Web query URL provide distribution list expansion download meeting content connect to the Mobility Service connect to the AutoDiscover Service connect to Dial-in URL connect to Lync Web App connect to CertProvisioningService

A

External Internal

Reverse proxy

Edge Pool

ADFS Proxy

A

Skype Directory Search

HTTPS:443

XMPP/TCP: 5269

Access Edge – SIP/TLS: 443

HTTPS: 4443

Front end pool


Directors

XMPP/MTLS: 23456

C3P/HTTPS: 444




DirSync



Director proxies Web traffic to destination pool·s Web service.

Publish rule for port 4443 to set f́orward host headerµto true. This ensures the original

URL is forwarded.

Ports to load balance by HLB:- 80 - 8080 - 443 - 4443- 5061 [can use DNS load balancing]

DSML/HTTPS: 443 MSMQ



HTTP

: 80

TCP:

443


HTTP

S: 44

3

XMPP federation


Office 365

File Share Server


Chat file share

HTTPS: 4443

SAML/HTTPS: 443


and Public IM

LPE devices also require port 80.

Благодарю за внимание!

Регистрация на мероприятия UC2https://uc2.timepad.ru/NEW! Презентации доступны для просмотра online и загрузки на сайте Slidesharehttp://www.slideshare.net/UC2Канал UC2 в YouTubehttps://www.youtube.com/channel/UC6qbCeLgBLiPBHuylQaZNQw

https://uc2.timepad.ru/

http://www.slideshare.net/UC2

https://www.youtube.com/channel/UC6qbCeLgBLiPBHuylQaZNQw

Software

Рабочие нагрузки Skype for business 2015 UC Lab