Updated 5-24-11 with new Mango information
At TechEd 2011 this week, we demoed the beta of Lync Mobile for Windows Phone 7.x and Outlook Mobile in the upcoming Windows Phone “Mango” release. The Microsoft TechEd presenter commented Lync Mobile was slated for the 2nd half of 2011 and looks like it will be a free download from Marketplace. The beta version looks pretty nice thus far. Note:Here are some screenshots from the public demo shown at TechEd 2011 however features and UI are subject to change:
Lync Mobile beta
Lync mobile on the main Windows Phone 7 tiles with presence Launching Lync Mobile beta
Set your status, call forwarding Lync contacts with photos come across from full client, group IM also supported
Contact view, Photo support, IM Threaded Lync IM conversations
Mango Windows Phone 7.5 update of Outlook Mobile beta
Ability to drill into mail subfolders view filtered emails like ‘all unread’
Conversation view supported. Emails with three dots represent multiple threads. View right protected emails
What’s new with Mango release
Communications: Easier to connect and share
Internet beyond the browser
A smarter approach to Apps
Watch the demo video of Windows Phone Mango here.
Updated 5-20-11 with new independent security tests against Lync Server 2010
I sometimes get asked by telecom teams how secure is the voice traffic in Lync and is the conferencing traffic secure both on the internal network or externally. Note: diagrams and a few excerpts taken from our whitepapers
What type of secure communications are used with Lync?
Server to server Lync Server 2010 communications is encrypted by default. By requiring all servers to use certificates and by using Kerberos authentication, TLS, Secure Real-Time Transport Protocol (SRTP), and other industry-standard encryption techniques, including 128-bit Advanced Encryption Standard (AES) encryption, virtually all Lync Server data is protected on the network.
Lync Clients to Server traffic uses TLS for SIP traffic and SRTP for media such as audio, video and desktop sharing.
The following is a matrix showing the secure traffic types:
This diagram from the whitepaper shows how clients communicate securely using audio and video SRTP and TLS and Lync servers communicate securely with MTLS
Can someone sniff the packets and get access to my Lync voice/data?
By using TLS it would render a sniff/man in the middle attack very difficult to impossible to achieve within the time period in which a given conversation could be attacked. TLS authenticates all parties and encrypts all traffic. This does not prevent listening over the wire, but the attacker cannot read the traffic unless the encryption is broken. Additionally, by enabling SRTP voice, video and desktop sharing traffic will be encrypted.
How do I secure my voice traffic?
Are there Lync Server GPOs I can use to lock things down?
Yes, there is a communicator.adm file located in the %windir%\inf folder that you can leverage.
What are tips to secure my Lync Edge servers?
What do I need to exclude from my antivirus program running on my Lync Server 2010?
· Lync Server 2010 processes:
· IIS processes:
· SQL Server processes:
· %ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLServr.exe
· %ProgramFiles%\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
· %ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe
Download the excellent Lync Security Guide available here.
Independent Lync Server 2010 security attacks conducted from Miercom here in Section 6.0.
Some outstanding Lync Server deep details in the Lync Server 2010 Res Kit with new content updates available this month. I would recommend you download these chapters and become familiar with them if you are a Lync Administrator. You can download individual chapters or all the chapters.
Here are the update/new chapters available in the Lync Reskit (it appears more content is being added monthly since there a lot more content than available in April so check the ResKit download link periodically for updated content):
Here is a nice sample excerpt from the Lync Troubleshooting Basics chapter:
The Microsoft Office Communications Server 2007 and Communications Server 2007 R2 validation wizards no longer exist in Lync Server 2010. The validation wizards are no longer required because those checks are automatically performed by the Lync Server Topology Builder. Lync Server 2010 introduces the concept of synthetic transactions instead. A synthetic transaction is a mechanism to test end-to-end functionality of the system by using Windows Powershell cmdlets. The cmdlets simulate (end-to-end) transactions as if performed by actual users and can be used for troubleshooting and monitoring the health of the Lync Server environment.
To get the list of all available synthetic transaction cmdlets, open a Lync Server Management Shell window and run one of the following:
Get-Command Test-Cs* -module lync
Get-Command Test-Cs* | Format-Table –Property Name,Definition –Auto
· You can add the credentials as a command-line parameter. To do this, set the password information in a Windows Powershell variable, and then use the cmdlet Get-Credential. Then you can use the variable you get as input for the credential parameter in the Lync Server cmdlet.
Figure 3 shows an example of how to test for presence.
Figure 3. One method for providing credentials
Note. After every invocation of the Get-Credential cmdlet, you will see the typical Windows credential request.
· A more convenient way to provide default test user information, is to use the New-CsHealthMonitoringConfiguration cmdlet. With a health monitoring configuration, you preset the information for the two test users and the Registrar information these users are hosted on. You then reference that configuration by using the TargetFqdn parameter of the synthetic transaction.
Figure 4 provides an example of how to prepare a health monitoring configuration with test users.
Figure 4. Creating a health monitoring configuration
Figure 5 gives an example of how to use this configuration.
Figure 5. Example output of a health monitoring configuration
When looking at the output in Figure 5, the verbose section shows the Registrar, SIP addresses, and ports used for that synthetic transaction. Also notice that the commands provide timing information, which might help when troubleshooting performance issues during certain user actions.
You can grab the updated Lync Server 2010 ResKit chapters here.
Lync Server 2010 Resource Kit tools available for download:
Grab the ResKit tools here.
This was asked by a university in California. The answer is yes it is possible with Exchange 2010 and Microsoft IT has been running in a backupless state for all mailboxes in production since the beta of Exchange 2010. Note: pics from our documentation
What backup and recovery requirements did MS IT have?
Support mailbox capacities of 5 GB.
Reduce backup costs by eliminating third-party backups.
Reduce administrative overhead by simplifying the mail restore process.
Provide recovery of mail items up to 30 days old.
What were the objectives MS IT had to meet to move to this state?
A minimum of 30 days of data available to be recovered at any time
The ability to recover any single item that was deleted within those last 30 days
The ability to hold information for longer than 30 days if active litigation required it
The safety to know that if one or two copies of the data went offline, the e-mail system data could still operate or be recovered
How did MS IT accomplish backupless Exchange 2010?
1) Implement Exchange 2010 DAG for high availability and general resiliency
2) Leverage the new dumpster and additional feature called single item recovery
How do I recover something from single item recovery?
Administrators can recover purged items from Exchange Control Panel E-Discovery UI (Ent. CAL) or Search-Mailbox cmdlet (Std. CAL). Below are your options:
Is a lagged database copy needed?
Initially, MS IT implemented this during the beta however it did not really align with their core objectives such as reduced complexity, lack of quick recovery, and if logical data corruption occurred reseeding is required which, in effect, loses the lagged aspect of the copy. Non-lagged DAG database replicas better met the objectives of MS IT and also allowed for recovery during a rare case of logical data corruption. Read more here on seeding, lagged copies, etc.
What is the general DAG and makeup of an MS IT mailbox server?
Exchange Native Data Protection – no backups
4 real time DB copies on JBOD – see more on JBOD decision here
Single item recovery set to 30 days
5 GB mailbox quota
Approx 300 users per DB
35 DBs per server
Variable number of nodes per DAG (up to 16)
Backup cost savings?
MS IT reduced its backup costs from ~$5 per mailbox per year using daily incremental backups to disk to $0 per mailbox after the move to Exchange 2010.
Read more on MS IT’s backupless approach here.
Lync Adoption and Training Downloads
The Microsoft Lync 2010 Adoption and Training Kit provides a one-stop shop for resources for IT pros, project managers, help desk agents, and trainers. The kit provides:
Found : http://lync.microsoft.com/Adoption-and-Training-Kit/Pages/default.aspx
Microsoft Lync 2010 Training Download Package
The Lync Training Download Package contains all of the available training and user education resources for Lync. The training strategy and resources that offer the best return on investment vary depending on the user profile and the product features deployed in your organization. The Lync Training Plans workbook included with this download package helps you understand the available user education and training resources and recommendations for use so that you can make informed decisions about training strategies.
Lync Work Smart Guides
Lync 2010 Work Smart Guides provide productivity tips and tricks to help you work more productively with Lync 2010
Adoption and Training :
Training PACK :
Quick Start Guides :
What's New Video's & Articles :
Short Video's :
Work Smart :
Presence & IM Training :
Voice & Video Training :
Conferencing & Collaboration Training :
Web App Training :
Delegate Training :
Attendant Training :
RGS Training :
This has been a hot topic for some of my customers and I’m very happy to see it’s release. The whitepaper for Client Virtualization can be found here.
Products from both Microsoft and Citrix are detailed in the paper including Remote Desktop Services (RDS), App-V, and Citrix’s XenDesktop and XenApp. The paper goes on to describe 3 different options for virtualization Full Desktop Remoting, Application Remoting, and Application Streaming.
…cut/paste from whitepaper…
Full Desktop Remoting
Application Streaming 
Sharing PowerPoint Presentations
Desk phone paired using USBR
 Application Streaming was verified on Microsoft products. For details, see the “Vendor Support” section earlier in whitepaper. Audio is supported only in a VDI environment. Audio is not supported in a session-based desktop delivery environment such as Microsoft RDS. Communication modes for Online Meetings are limited by peer-to-peer communication modes supported for the specified architecture. For example, if audio is not supported on the specified architecture, audio will not work in Online Meetings. Joining online meetings from Microsoft Outlook meeting reminder and/or meeting invitation is not supported.
Some great news announced by the product team today:
New virtualized UM guidance (from the whitepaper):
New DAG and virtualization HA guidance such as Hyper-V Live Migration or VMWare’s Vmotion (from the whitepaper):
. Grab the new best practices Exchange 2010 virtualization whitepaper here.
Just as we have defined certification and testing for UC with PBXs, SIP providers, e911, and Gateways we are doing the same with Video interoperability. The new website for this is here. The video interop testing looks at both Video Endpoints which can enable direct registration with OCS 2007 R2 or Lync, and Video infrastructure which is used to enable multipoint video conference bridge with Lync users and enable standards based VTCs and MCUs pass through. Very exciting times….