This is pretty nice update since it is adding in updates for coexistence and cloud hybrid and cloud only scenarios if you looking at our cloud offering for Exchange Online.

Here is a checklist for moving to the Office 365’s Exchange Online:

Updated Coexistence checklist for deploying Exchange 2010 with both Exchange 2003 and Exchange 2007:

Visit the Exchange 2010 Deployment Assistant tool here.

Two new chapters have been posted to the Kit. One on Direct SIP and the other on Exchange Unified Messaging integration. Direct Session Initiation Protocol (SIP) provides SIP trunking between an IP-PBX and Lync Server.

Direct SIP supports the following use cases:

• Use Simultaneous Ring feature on IP-PBX or Lync Server to ring both IP-PBX handset and Lync 2010
• Call from IP-PBX handset to Lync 2010
• Call from Lync 2010 to IP-PBX handset
• Call from IP-PBX handset to dial-in conferencing on Lync Server
• Call from IP-PBX handset to Lync Server Response Group
• PSTN access for Lync Server through IP-PBX

Download the chapters here.

8 Lync Tools you can use for free, my favorite tool is the Conversation Translator which is a great usage case scenario for English as a Second language in schools or other business that need to communicate to various languages and countries.

Check out the 8 tools which are: 

IM an Expert

Conversations Analyzer

Conversation Translator

Information Dashboard

Tabbed Conversations

Group Chat Stress

Lync Custom Intranet Site

Lync How-to

Download all 8 of these great tools here:

http://lync.microsoft.com/Adoption-and-Training-Kit/tools-and-apps/Pages/Overview.aspx

Some excellent Office 365 video jump start training delivered by the products teams covering Lync Online, Exchange Online, SharePoint Online, and Office 365:

• Office 365 Jump Start (01): Microsoft Office 365 Overview for IT Pros
• Office 365 Jump Start (02): Deploying Clients for Office 365
• Office 365 Jump Start (03): Microsoft Office 365 Administration & Automation Using Windows PowerShell™
• Office 365 Jump Start (04): Microsoft Office 365 Identity and Access Solutions
• Office 365 Jump Start (05): Microsoft Office 365 Directory Synchronization
• Office 365 Jump Start (06): Exchange Online Overview for IT Pros
• Office 365 Jump Start (07): Microsoft Exchange Online Administration
• Office 365 Jump Start (08): Microsoft Staged Exchange Online Migration
• Office 365 Jump Start (09): Hybrid Options with Exchange Server & Exchange Online
• Office 365 Jump Start (10): Exchange Online Archiving & Compliance
• Office 365 Jump Start (11): Lync Online Overview & Configuration for IT Pros
• Office 365 Jump Start (12): SharePoint Online Overview
• Office 365 Jump Start (13): SharePoint Online Administration
• Office 365 Jump Start (14): SharePoint Online Extensibility & Customization
• Office 365 Jump Start (15): Office 365 Deployment Overview

I will post more after the Office 365 launch.

This has been a hot topic for some of my customers and I’m very happy to see it’s release. The whitepaper for Client Virtualization can be found here.

Products from both Microsoft and Citrix are detailed in the paper including Remote Desktop Services (RDS), App-V, and Citrix’s XenDesktop and XenApp. The paper goes on to describe 3 different options for virtualization Full Desktop Remoting, Application Remoting, and Application Streaming.

…cut/paste from whitepaper…

[1] Application Streaming was verified on Microsoft products. For details, see the “Vendor Support” section earlier in whitepaper.[2] Audio is supported only in a VDI environment. Audio is not supported in a session-based desktop delivery environment such as Microsoft RDS.[3] Communication modes for Online Meetings are limited by peer-to-peer communication modes supported for the specified architecture. For example, if audio is not supported on the specified architecture, audio will not work in Online Meetings.[4] Joining online meetings from Microsoft Outlook meeting reminder and/or meeting invitation is not supported.

Updated 5-20-11 with new independent security tests against Lync Server 2010

I sometimes get asked by telecom teams how secure is the voice traffic in Lync and is the conferencing traffic secure both on the internal network or externally. Note: diagrams and a few excerpts taken from our whitepapers

What type of secure communications are used with Lync?

Server to server Lync Server 2010 communications is encrypted by default. By requiring all servers to use certificates and by using Kerberos authentication, TLS, Secure Real-Time Transport Protocol (SRTP), and other industry-standard encryption techniques, including 128-bit Advanced Encryption Standard (AES) encryption, virtually all Lync Server data is protected on the network.

Lync Clients to Server traffic uses TLS for SIP traffic and SRTP for media such as audio, video and desktop sharing.

The following is a matrix showing the secure traffic types:

This diagram from the whitepaper shows how clients communicate securely using audio and video SRTP and TLS and Lync servers communicate securely with MTLS

Can someone sniff the packets and get access to my Lync voice/data?

By using TLS it would render a sniff/man in the middle attack very difficult to impossible to achieve within the time period in which a given conversation could be attacked. TLS authenticates all parties and encrypts all traffic. This does not prevent listening over the wire, but the attacker cannot read the traffic unless the encryption is broken.  Additionally, by enabling SRTP voice, video and desktop sharing traffic will be encrypted.

How do I secure my voice traffic?

• Use TWO nics cards with mediation servers even if you can get away with one so you can lock down the routes:
  • Configure the internal edge of a Mediation Server to correspond to a unique static route that is described by an IP address and a port number. The default port is 5061.
  • Configure the external edge of a Mediation Server as the internal next hop proxy for the media gateway. The external edge should be identified by a unique combination of IP address and port number. The IP address should not be the same as that of the internal edge; the default port is 5068.
• Enable MTLS and SRTP between mediation server and media gateway (if gateway supported) to secure SIP and media  – requires a cert on the media gateway
• Limit the number of failed call attempts on the media gateway to reduce phone attacks
• Don’t leverage IP sec between Mediation and Edge can impact voice quality
• Configure Lync 2010 clients to use TLS and not TCP
• Enable the Require SIP high security mode Group Policy setting for the users GPO for the Lync 2010 Clients

Are there Lync Server GPOs I can use to lock things down?

Yes, there is a communicator.adm file located in the %windir%\inf folder that you can leverage.

What are tips to secure my Lync Edge servers?

• Use a different subnet just for the Microsoft Lync Server 2010 Edge Servers.
• Lock down the routing rules for access to that subnet (disable broadcast, multicast, and traffic to other perimeter network subnets).
• Don’t change the service account under which edge services run.
• Read and use the information in Protecting the Edge Server Against DoS and Password Brute-Force Attacks in Lync Server 2010 at http://go.microsoft.com/fwlink/?LinkID=214180

What do I need to exclude from my antivirus program running on my Lync Server 2010?

· Lync Server 2010 processes:

· ASMCUSvc.exe

· AVMCUSvc.exe

· DataMCUSvc.exe

· DataProxy.exe

· FileTransferAgent.exe

· IMMCUSvc.exe

· MasterReplicatorAgent.exe

· MediaRelaySvc.exe

· MediationServerSvc.exe

· MeetingMCUSvc.exe

· MRASSvc.exe

· OcsAppServerHost.exe

· QmsSvc.exe

· ReplicaReplicatorAgent.exe

· RTCArch.exe

· RtcCdr.exe

· RTCSrv.exe

· IIS processes:

· %systemroot%\system32\inetsrv\w3wp.exe

· %systemroot%\SysWOW64\inetsrv\w3wp.exe

· SQL Server processes:

· %ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLServr.exe

· %ProgramFiles%\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe

· %ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe

· Directories:

· %systemroot%\System32\LogFiles

· %systemroot%\SysWow64\LogFiles

Download the excellent Lync Security Guide available here.

Independent Lync Server 2010 security attacks conducted from Miercom here in Section 6.0.

Some great news announced by the product team today:

• The Unified Messaging server role is now supported in a virtualized environment.
• Combining Exchange 2010 high availability solutions (database availability groups (DAGs)) with hypervisor-based clustering, high availability, or migration solutions that will move or automatically failover mailbox servers that are members of a DAG between clustered root servers, is now supported.

New virtualized UM guidance (from the whitepaper):

• Exchange 2010 SP1, or later, is required.
• minimum four CPU cores and 16 GB memory
• 40 concurrent calls if Voice Mail Preview is active for all UM users, and 65 concurrent calls if Voice Mail Preview is not in use – this appears to be about a 60% perf hit vs. physical UM server
• 4,000 Unified Messaging–enabled mailboxes if they all have Voice Mail Preview enabled, and about 6,500 mailboxes if Voice Mail Preview is not enabled. – also around a 60% scale hit vs. physical UM server

New DAG and virtualization HA guidance such as Hyper-V Live Migration or VMWare’s Vmotion (from the whitepaper):

• Exchange 2010 SP1, or later, is required
• Use cluster shared volumes instead of pass-through drives where possible
• ensure that hypervisor and host-based clustering technology is able to migrate resources in less than five seconds
• Ensure that the latest patches for the hypervisor are deployed
• Enable jumbo frames on the network interface for each host and ensure that the switch handling the network traffic was configured to support jumbo frames.
• On the live migration network, change receive buffers to 8192 (default for the network interfaces in test was 896) on each host
• Deploy as much bandwidth as possible for the live migration network. In testing, Microsoft used 5 Gb

. Grab the new best practices Exchange 2010 virtualization whitepaper here.

CU2 update for Lync clients, phones, and servers available:

If you want to be more proactively informed on Lync updates there is a single web page called the ‘Updates Resource Center for Lync’ you can visit that lists all the Lync latest updates here or you can also run the Lync Best Practice Analyzer daily/weekly to ensure you have the latest hotfixes, patches, etc:

A common question for multi-datacenter deployments is how can we configure a DAG where failure will enable a DAG member locally vs. the other datacenter. This requires DAC mode. DAC or Datacenter Activation Mode is a property of the DAG that can be turned on or off and is disabled by default.

In Exchange 2010 SP1, DAC Mode has been extended to support two-member DAGs that each have a member in a separate datacenter. Bottom-line – you can now use DAC with DAG members in same or different AD Sites allowing the capability of using DAC with two or more members of a DAG.

A common deployment I have is with 4 members of DAG, 2 servers in each datacenter. FSW is in the primary Datacenter and will be quorum. Now Primary Datacenter has power outage. Manually, Exchange admin activates the secondary datacenter with an alternate file share witness.

When the power is restored in the primary site. When the two DAG members and witness server comes online, it has a quorum (majority) and will try to activate the databases. This will cause a “split brain syndrome” where both datacenters think that they are hosting the active databases.

DAC mode is used to avoid this and if enabled when the DAG members come online they will leverage Datacenter Activation Coordination Protocol (DACP) before trying to mount databases.

For more information on how this works check out the following Technet article. http://technet.microsoft.com/en-us/library/dd979790.aspx

DAG with Four-members in 2 datacenters with 2 AD Sites.

Great write-up from EighTwOne (821) here.

Thanks Michel!!

As discussed with a lot of my customers Exchange UM no longer uses System Center (SCOM). Exchange 2010 with SP1 now has built-in reporting.

Call Data Records (CDR) are generated after each call. The server collects audio quality metrics with the same metrics that are used for the Monitoring server for Lync. Once the audio metrics are received they are stored in the e-discovery mailbox. They also have a lifetime of 90 days at which time they are automatically erased. This value can’t be changed but if you need them longer your can simply import them into a CSV file.

UM reporting features are done via EMC toolbox. If you are a tenant UM Admin you can also see them in ECP.

Call statistics provide stats about calls received or sent by UM Servers. In this case, to generate the CDRs, UM needs to read the CDR, and also need to calculate stats based on the period of time, type of call, dialplan, gateway, etc.

Call Stats are generated once per day and can be filtered by month or day for past 90 days.

More info on Call Statistics and individual call logs can be found here.