While I spend most of my time helping clients focus on big-picture strategy and leading overall implementations, my technically astute partner Dino Caputo spends most of his day providing technical architecture, design and technical implementation expertise related to Lync environments. As in my previous Technically Lync articles, this piece incorporates Dino's how-to directives.
Sequels are big at movies in 2014: Jack Ryan, The Muppets, Captain America, X-Men, Spider-Man, How to Train Your Dragon, Planet of the Apes, Hunger Games, Dumb and Dumber To. Given this, it seemed the right time to revisit Lync federation... the sequel.
Federation, or business-to-business collaboration, can significantly improve your interactions with key partners and suppliers. We have written previously that federation is a game changer and suggested that the Microsoft combined tools may create an ecosystem that delivers voice to more than a billion connected users.
With Lync federation, you can connect with people outside your organization as easily as you can with people inside your organization. And once connected, you can communicate via instant messaging (IM), voice, video or content sharing. Plus you see presence status for both internal and external contacts, in a controlled fashion. You can control what information you share with a particular external or internal contact by right clicking on the contact and selecting "Change Privacy Relationship." You get to pick whether you want to share no, limited or complete presence, contact and location information, as shown below.
Lync federation is fantastic and can transform your business relationships, but how exactly do you set up federation for your organization? Is it difficult? Does it take a large amount of effort?
First Comes the Lync Edge Server
First, know that a prerequisite for enabling federation is use of a Lync Edge Server, which lives in a secured network perimeter, or DMZ, and provides secure external access into your Lync environment. The Edge Server enables external users who are not logged into your organization's internal network to communicate with Lync users inside your organization. These external users could be authenticated and anonymous remote users, federated partners (including partners using XMPP for communications), mobile clients and users of public IM services.
Setting up a Lync Edge Server requires some time -- how much time depends on the size of your operation. You'll need anywhere from one to 14 days in total planning time, and from less than two hours to a day for the actual deployment. Here's a breakdown.
1. Planning for the Edge Server(s) -- Estimated time to complete: 1 day (small company) up to 14 days (larger more complex organization)
1. Planning for the Edge Server(s) -- Estimated time to complete: 1 day (small company) up to 14 days (larger more complex organization)
The planning phase will likely take the longest in your quest for Lync federation capabilities as it requires you to gather information about your network and make decisions about things like standing up the Edge Server in your DMZ, obtaining public and internal certificates, making firewall rule changes, figuring out possible load-balancing requirements and publishing DNS records.
For the smaller company looking to deploy a Lync Edge Server, planning and mapping out the logistics might only take a day -- with the proper guidance. This will take longer at larger companies, simply because each of the items to consider are generally managed by different groups. Larger organizations may also want to provide multiple Edge Servers for scale and high availability. So larger enterprises should plan for at least two weeks of elapsed time to meet with all the appropriate groups, educate them on the requirements and to schedule and execute the required changes. This timing may vary depending on the complexity of your company and the availability of the various groups. You can find more information on planning for your Lync Edge infrastructure on Microsoft TechNet.
Once you have gone through all the planning, educated the appropriate teams on the requirements and have the appropriate server or servers in place, you'll be ready to go!
2. Topology Builder -- Add the Lync Edge Server to the topology, enable federation and publish the topology. Estimated time to complete: 10 minutes
2. Topology Builder -- Add the Lync Edge Server to the topology, enable federation and publish the topology. Estimated time to complete: 10 minutes
As the name Lync Topology Buildersuggests, this is where you will define and build your federated Lync environment. Assuming you have already deployed a Lync Front End Server and are using other features of Lync, you should be familiar with Topology Builder. In just a few minutes, you will create the Edge Server, defining all the carefully planned out information from the previous step. Here you will enable federation for your Lync deployment as shown. Once you publish your topology you are ready to export the edge configuration and install the Lync bits on your Edge Server or servers.
3. Run the Lync setup on each Edge Server. Estimated time to complete: 30 to 60 minutes
Assuming your public certificate provider can turn around a certificate request immediately, this process generally takes 30 to 60 minutes from start to finish.
Then use the Lync 2013 Deployment Wizard, which will install Lync and the required binaries that make Lync work.
Click to the next page to learn about setting up your federation options
Federating with a New Organization
Given your Lync Edge Server is running you now need to configure options in order to allow users to federate with users from other companies running Lync. For this, you need to account for bureaucracy, let's say from zero to an unlimited number of minutes, and for a total execution time of between five and 10 minutes.
In large organizations, the bureaucracy associated with approving a federation request can greatly exceed the technical time needed to execute the configuration change. Often this is the case because some individuals do not understand the security and user control options built into Lync.
Assuming you have approval to federate with a new domain, follow the process below to enable the required configuration:
1. From the Lync Control panel, which is a Silverlight browser-based application, you need to review and set a number of configuration options as appropriate. Estimated time to complete: 5 to 10 minutes
1. From the Lync Control panel, which is a Silverlight browser-based application, you need to review and set a number of configuration options as appropriate. Estimated time to complete: 5 to 10 minutes
That completes the federation configuration. Users will now be able to federate!
Clearly federation and remote access are extremely powerful Lync capabilities that can greatly improve communication efficiency at most organizations. If you have not already planned to deploy a Lync Edge server and enable federation, we would suggest you expand your plans.
Lync federation can help you connect and communicate efficiently with tens of thousands of organization and millions of individuals, especially in light of Microsoft's recently announced Skype for Business. This next iteration of Lync will increase the reach of Lync federation in 2015 to include IM, presence, voice and video with any of the 300 million active Skype users.
What do you think about Lync federation? Are you federated with your key suppliers and clients? Do you have technical or other issues with federation? We welcome and will respond to any of your comments below.
Follow Kevin Kieller on Twitter and Google+!
@kkieller
