Install ADFS on Azure VM step by step

Planning for Lync Server 2013 hybrid deployments with Skype for Business Online

You should consider the following requirements for users and your network infrastructure while planning for a hybrid deployment.

Infrastructure Prerequisites

You must have the following available in your environment to implement and configure a Lync Server 2013 hybrid deployment.
  • An Office 365 tenant with Lync Online enabled.
  • Optionally, if you want to support Single Sign-on with Office 365, an Active Directory Federation Services (AD FS) Server either on-premises or using Microsoft Azure Active Directory.
  • An on-premises deployment of Lync Server 2013 or Lync Server 2010 with Cumulative Updates for Lync Server 2010: March 2013 or later applied.
    Lync Server 2013 administrative tools.
  • AAD Sync

Topology Requirements

To configure Lync 2013 deployment for hybrid with SFB Online, we need to have one of the following supported topologies:
  • Microsoft Lync Server 2010 with Cumulative Updates: (March 2013 or later) applied, and the Lync Server 2013 administrative tools installed on-premises. Move-CSuser will be run on the Lync 2013 Admin Tools.
  • The federation Edge Server must be running on Lync Server 2010 with Cumulative Updates: (March 2013 or later) applied, or Lync Server 2013.
 OR
  •  A Lync Server 2013 deployment with all servers running Lync Server 2013.

Requirements for Federation

  • The Blocked domains list in the on-premises deployment must exactly match the Blocked domains list for your online tenant.
  • The Allowed domains list in the on-premises deployment must exactly match the Allowed domains list for your online tenant.
  • Federation must be enabled for the external communications for the online tenant, which is configured by using the Lync Online Control Panel.

DNS Settings

When creating DNS SRV records for hybrid deployments, the records, _sipfederationtls._tcp.<domain> and _sip._tls.<domain>, should point to the on-premises Access Proxy.

Firewall Considerations

Computers on your network must be able to perform standard Internet DNS lookups. If these computers can reach standard Internet sites, your network meets this requirement.

Depending on the location of your Microsoft Online Services data center, you must also configure your network firewall devices to accept connections based on wildcard domain names (for example, all traffic from *.outlook.com). If your organization’s firewalls do not support wildcard name configurations, you will have to manually determine the IP address ranges that you would like to allow and the specified ports.

Refer to the Help topic Office 365 URLs and IP address ranges.

Port and Protocol Requirements

In addition to the port requirements for internal Lync Server 2013 communication, you must also configure the following ports.


Protocol / Port
Applications
TCP 443 Open inbound
  • Active Directory Federation Services (federation server role)
  • Active Directory Federation Services (proxy server role)
  • Microsoft Online Services Portal
  • My Company Portal
  • Outlook Web App
  • Lync client (communication to Lync Online from on-premises Lync Server)
TCP 80 and 443 Open inbound
  • Microsoft Online Services Directory Synchronization Tool
TCP 5061 Open inbound/outbound on the Edge Server
PSOM/TLS 443 Open inbound/outbound for data sharing sessions
STUN/TCP 443 Open inbound/outbound for audio, video, application sharing sessions
STUN/UDP 3478 Open inbound/outbound for audio and video sessions
RTP/TCP 50000-59999 Open outbound for audio and video sessions

Comments