Professional Documents
Culture Documents
IM and Presence: External Internal
IM and Presence: External Internal
IM and Presence
Skype for Business
2015 users
Legend
HTTPS: 443
SIP/TLS: 5061
SIP/TLS: 5061
HTTPS traffic Director proxies Web traffic to LPE devices
destination pool s Web service. also require
MSMQ traffic port 80.
HTTPS:443 HTTPS: 4443
CLS traffic A
Arrow direction indicates which Publish rule for port 4443 to C
server initiates the connection. Reverse proxy set forward host header to
Actual traffic is bi-directional. true. This ensures the original File Share Server
URL is forwarded.
HTTP: 80
provide distribution list expansion SIP/MTLS: 5061
download meeting content
Access Edge – SIP/TLS: 443 HTTPS: 4443 SIP/MTLS
connect to the Mobility Service
connect to the AutoDiscover Service Front end pool
XMPP/MTLS: 23456
connect to Dial-in URL
connect to Lync Web App Access Edge – SIP/MTLS: 5061 CLS/MTLS: 50001-50003
TCP: 443
connect to CertProvisioningService
External user sign-in process: Edge Pool
B 1. Client discovers Edge Server:
C3P/HTTPS: 444
a. lyncdiscoverinternal.<sip-domain>
b. lyncdiscover.<sip-domain> SIP/
c. _sipinternaltls._tcp.<sip-domain> MSMQ MTLS:
d. _sipinternal._tcp.<sip-domain> DSML/HTTPS: 443 5041
e. _sip._tls.<sip-domain>
f. sipinternal.<sip-domain>
g. sip.<sip-domain> Skype for Business DirSync Centralized Logging Persistent Chat Persistent Chat
h. sipexternal.<sip-domain>
2. Client connects to Edge Server.
federation Service Compliance Server Server
3. Edge Server proxies connection to Director. and Public IM
4. Director authenticates user and proxy
connection to user s home pool.
Ports to load balance by HLB:
Internal user sign-in process: SAML/HTTPS: 443 - 80 - 8080 - 443 - 4443
C 1. Client discovers Enterprise Pool: - 5061 [can use DNS load balancing]
a. lyncdiscoverinternal.<sip-domain>
b. lyncdiscover.<sip-domain>
c. _sipinternaltls._tcp.<sip-domain> Skype Office 365 ADFS Proxy ADFS Back-end SQL
d. _sipinternal._tcp.<sip-domain> Directory Server
e. sipinternal.<sip-domain> Search Single sign-on
f. sip.<sip-domain> (SSO) Port number to service traffic assignment:
2. Client connects to Enterprise Pool server. 5062 – IM Conferencing Service
3. Enterprise pool server authenticates user and 5086 – Internal Mobility Service
redirects connection to user s home server. 5087 – External Mobility Service
SRTP/UDP:49152-65535
Arrow direction indicates which going through the
server initiates the connection. A E pool s hardware load
Actual traffic is bi-directional. balancer
PSOM/TLS:8057
Skype for Business
SIP/TLS:5061
federation
HTTPS:443
Directors
Meeting content +
ICE: STUN/TCP:443, UDP:3478
metadata +
A SRTP: STUN/TCP:443, UDP:3478 compliance file share.
Source IP Destination IP Source Port Destination Port Access Edge – SIP/TLS:443 SIP/MTLS/TCP:5061 SIP/MTLS/TCP:5061
A/V Edge Any TCP 50,000-59,999 TCP 443 Web Conf Edge - PSOM/TLS:443 PSOM/MTLS/TCP:8057
A/V Edge Any UDP 3478 UDP 3478
Any A/V Edge Any TCP 443 ICE: STUN/TCP:443, UDP:3478 SMB:445
A/V Edge – STUN/TCP:443, UDP:3478
Any A/V Edge Any UDP 3478
SRTP: STUN/TCP:443, UDP:3478
Skype for Business
Edge Pool SIP/MTLS/TCP:5062
TLS:5061
2015 users Front end pool File Share Server
Codec varies per workload:
B G.722 for audio MRAS traffic Director proxies
H264SVC for video
Web traffic to
HTTPS:443
destination pool s
Codec varies per workload: Web Service.
C G.722, Siren or SILK for audio
SRTP/
HTTPS:4443 UDP:49152-
H264SVC for video [RTVideo for 65535
downlevel clients] HTTPS:443 HTTPS:443
VIS D
Codec varies per workload: If client connects on
D G.722 for audio
HTTPS:443
port 80 during sign-in, Reverse proxy
H264AVC for video it gets redirected to
SIP Trunk
TCP:5060
TLS:5061
port 443
Office Web
HTTPS:443 is used to download Apps Server VTC
E conferencing content.
TCP:5060
TLS:5061
CUCM
RDP/SRTP/TCP:49152-65535
Arrow direction indicates which
server initiates the connection.
Actual traffic is bi-directional. Skype for Business
federation
SIP/TLS:5061
SIP/TLS:5061
Port number to service
A traffic assignment:
A Directors 5065 - Application
Sharing Conferencing
Source IP Destination IP Source Port Destination Port Service
A/V Edge Any TCP 50,000-59,999 TCP 443 Access Edge - SIP/TLS:5061 SIP/MTLS:5061
Any A/V Edge Any TCP 443
Access Edge - SIP/TLS:443 SIP/MTLS:5062
SRTP: STUN/TCP:443 SIP/MTLS
Skype for Business
Edge Pool ICE: STUN/TCP:443
2015 users Front end pool
MRAS traffic
Active Directory
Domain Services
HTTPS:443 HTTPS:4443
If client connects on
port 80 during sign-in, Reverse proxy
it gets redirected to
port 443
SRTP/RTCP:49,152-57,500
directly to
gateway
bypassing For federation, SBA
Mediation Server. connects directly with STUN/TCP:448
Director. If no Director is
SIP/TLS:5061
TURN/TCP:448
available, federation
SIP/TLS:5061
Lync client
External traffic goes directly to
automatically
the Edge Server.
registers with the
WAN pool if the Branch
MRAS traffic
Directors Connection Appliance becomes
unavailable.
SIP/MTLS:5061 SIP/MTLS:5061
Access Edge - SIP/TLS:443 SIP/MTLS:5062 HTTPS:444
A/V Edge – ICE: STUN/TCP:443, STUN/UDP:3478 SRTP: STUN/TCP:443, UDP:3478 SIP/MTLS:5062
SIP/TLS:5061
5064 - Telephony Conferencing Service
MRAS traffic 5067 – Mediation Server Service
5071 - Response Group Service
5072 - Conferencing Attendant Service
5073 - Conferencing Announcement Service
Enterprise Voice applications 5075 - Call Park Service
Connectivity to:
Exchange UM
IP-PSTN gateway
SIP/TLS:5061,5070
IP/PBX
Direct SIP SRTP/RTCP:49,152-57,500
SIP trunk
Mediation Pool SIP/TCP:5060,5061
(optional)
SMB:445
The Active Directory Domain Services (AD
DS) are still used to store basic user Director
information, such as the user s SIP URI and (CMS replica)
phone number. User policy information is
stored in the Central Management store. The
use of Active Directory Domain Services (AD
DS) also provides backward compatibility
with earlier releases of Lync Server. Mediation Pool
To administer servers and services, you use (CMS replica)
Skype for Business Server Management Shell Standard
or the Skype for Business Server Control Edition Server
Panel, which then configure the settings in (CMS replica)
the Central Management store. The Central
Management Server, which runs on one Front
End pool or one Standard Edition server in
your deployment, replicates the
configuration changes to all of the servers in Branch Appliance
your deployment. (CMS replica)
Active Directory
Domain Services
DNS Type Value Enterprise Edition Resolution Standard Edition Resolution Purpose
SRV _sipinternaltls._tcp.<sip-domain> pool FQDN pool FQDN internal user access
A/CNAME lyncdiscoverinternal.<sip-domain> HLB FE Pool VIP pool IP address internal AutoDiscover Service
A Pool FQDN individual FE IPs pool IP address Internal pool name
A admin URL HLB FE Pool VIP pool IP address Lync Server Control Panel (LSCP)
A meet URL HLB FE Pool VIP pool IP address Lync Server Web Service
A dial-in URL HLB FE Pool VIP pool IP address Lync Server Web Service
A internal Web Services FQDN HLB FE Pool VIP pool IP address Lync Server Web Service
A external Web Services FQDN Reverse proxy public IP address Reverse proxy public IP address Proxied to Lync Server Web Service
OWA
DNS Type Value Office Web Apps Farm Resolution Office Web Apps Server Resolution Purpose
A OWA internal URL HLB OWA VIP OWA server IP internal user access to PowerPoint Presentations
A OWA external URL Reverse proxy public IP address Reverse proxy public IP address external user access to PowerPoint Presentations