- Integration Overview
- Planning for Integration
- Planning for User Migration
- Configuration Workflows for Partitioned Intradomain Federation
- IM and Presence Service Node Configuration for Partitioned Intradomain Federation
- Skype for Business Configuration for Partitioned Intradomain Federation
- Microsoft Lync Configuration for Partitioned Intradomain Federation
- Microsoft Office Communications Server Configuration for Partitioned Intradomain Federation
- User Migration
- Interdomain Federation and Intradomain Federation Deployment Integration
- Integration Troubleshooting
- Skype for Business Intradomain Federation
- Skype for Business Intradomain Federation Task Flow
Skype for Business Configuration for Partitioned Intradomain Federation
Skype for Business Intradomain Federation
The IM and Presence Service supports direct federation with Skype for Business with IM and Presence only. IM and Presence + calling is not supported.
Skype for Business Intradomain Federation Task Flow
Complete these tasks to set up intradomain federation with Skype for Business.
Command or Action | Purpose | |
---|---|---|
Step 1 | Configure Routing Node for IM and Presence | Select an IM and Presence node to act as the routing node. The routing node routes traffic to and from Skype for Business. There should be no users assigned to the routing node. |
Step 2 | Start Feature Services for Cluster | Start essential feature services for your IM and Presence Service cluster nodes. Complete this task on all nodes except the routing node. |
Step 3 | Configure Intradomain Federation | Use the Federation wizard to configure partitioned intradomain federation with Skype for Business. The wizard configures items such as TLS static routes, TLS peers, access control lists, and application listener ports. |
Step 4 | Configure CA Certificates for IM and Presence | Complete these tasks to set up CA certificates for IM and Presence Service. |
Step 5 | Configure Static Route from Skype for Business | On the Skype for Business servers, set up static routes that point to the IM and Presence Service routing node. |
Step 6 | Configure Trusted Applications | On the Skype for Business server, assign the IM and Presence Service as a trusted application and add the IM and Presence cluster nodes to a trusted servers pool. |
Step 7 | Publish Topology | After you add the IM and Presence Service cluster nodes, publish the Skype for Business topology. |
Step 8 | Exchange Certificates | Exchange certificates between IM and Presence and Skype for Business. |
Configure Routing Node for IM and Presence
For multi-node IM and Presence Service deployments, select an IM and Presence routing node. There should be no users assigned to the routing node. The routing node routes traffic to and from the Skype for Business server.
What to Do Next
Start Feature Services for Cluster
Start essential feature services for your IM and Presence Service cluster nodes. Complete this task for all nodes except the routing node.
What to Do Next
Configure Intradomain Federation
Use the wizard to set up partitioned intradomain federation with Skype for Business.
Make sure that you know your Skype for Business deployment details.
The wizard sets up intradomain federation with TLS static routes, application listener ports, and access control lists.
What to Do NextAfter setting up partitioned intradomain federation, the wizard provides general instructions on additional configuration tasks, such as configuring certificates on IM and Presence Service and setting up static routes on the Skype for Business server. For detailed procedures, see:
To configure CA certificates on IM and Presence Service, go to Configure CA Certificates for IM and Presence
To proceed with the Skype for Business setup, go to Configure Static Route from Skype for Business
Configure CA Certificates for IM and Presence
Complete these tasks to set up CA certificates for the IM and Presence Service.
Command or Action | Purpose | |
---|---|---|
Step 1 | Import Root Certificate of Certificate Authority | Upload the root certificate of the CA into the IM and Presence Service trust store. |
Step 2 | Generate Certificate Signing Request for IM and Presence Service | Request a CA-signed certificate. |
Step 3 | Import Signed Certificate from CA | Generate and download a CSR from IM and Presence Service. |
Import Root Certificate of Certificate Authority
All Skype for Business security certificates are generally signed by a Certificate Authority (CA). The IM and Presence Service certificates should also be signed by the same Certificate Authority used by the Microsoft server. In order for the IM and Presence Service to use a certificate signed by the Microsoft server CA, and to accept Microsoft server certificates signed by that same CA, the root certificate of the CA must be uploaded into the IM and Presence Service trust store.
Before importing the root certificate, retrieve the certificate from the certificate authority and copy it to your local computer.
What to Do Next
Generate Certificate Signing Request for IM and Presence Service
Generate Certificate Signing Request for IM and Presence Service
IM and Presence Service certificates should be signed by the same Certificate Authority (CA) that is used by Skype for Business. You must complete the following two-step process to obtain a CA-signed certificate:
-
Generate an IM and Presence Service Certificate Signing Request (CSR).
-
Upload the CA signed certificate onto IM and Presence Service.
The following procedure describes how to generate and download a CSR from IM and Presence Service. IM and Presence Service CSRs are 2048 bit in size.
What to Do Next
After you download the CSR, you can use it to request a signed certificate from your chosen CA. This can be a well-known public CA or an internal CA. For details, see Import Signed Certificate from CA.
Import Signed Certificate from CA
The following procedure describes how to upload the CA signed certificate to IM and Presence Service.
What to Do Next
Configure Static Route from Skype for Business
On the Skype for Business server, configure TLS static routes that point to the IM and Presence Service routing node.
What to Do Next
Configure Trusted Applications
On the Skype for Business server, assign the IM and Presence Service as a trusted application and add all IM and Presence cluster nodes to a trusted server pool.
Step 1 | Log in to the Skype for Business command shell. | ||||||||||||||||
Step 2 | Run the following command to create a trusted application server pool on the Skype for Business server:
New-CsTrustedApplicationPool -Identity trusted_application_pool_name_in FQDN_format -Registrar S4B_registrar_service_FQDN -Site ID_for_the_trusted_application_pool_site -TreatAsAuthenticated $true -ThrottleAsServer $true -RequiresReplication $false -OutboundOnly $false -Computerfqdn first_trusted_application_computer where:
| ||||||||||||||||
Step 3 | Run the following command to add your IM and Presence Service cluster nodes to the trusted application pool. You must run this command for each IM and Presence node, except the routing node.
New-CsTrustedApplicationComputer -Identity imp_FQDN -Pool new_trusted_app_pool_FQDN where:
| ||||||||||||||||
Step 4 | Enter the
following command to create a new trusted application for the IM and Presence Service and add it to the new
application pool:
New-CsTrustedApplication -ApplicationID new_application_name -TrustedApplicationPoolFqdn new_trusted_app_pool_FQDN -Port 5061 where:
|
What to Do Next
Publish Topology
What to Do Next
Exchange Certificates
To deploy Intradomain Federation, you must follow this process to exchange CA-signed certificates between the IM and Presence Service deployment and the Skype for Business deployment.
Step 1 | Download CA-signed certificates from IM and Presence Service. |
Step 2 | Download CA-signed certificates from the Skype for Business edge server. |
Step 3 | Upload Skype for Business certificates to the IM and Presence Service. |
Step 4 | Upload IM and Presence certificates to the Skype for Business edge server. |
Certificate Notes
For IM and Presence Service, you can download and upload certificates from the Certificate Management window of Cisco Unified IM OS Administration (choose ). For detailed procedures, see the "Security Configuration" chapter of the Configuration and Administration Guide for IM and Presence Service at http://www.cisco.com/c/en/us/support/unified-communications/unified-presence/products-installation-and-configuration-guides-list.html.
For Skype for Business certificates, you can use the Skype for Business Deployment Wizard to install or download certificates. Run the wizard and select the Request, Install or Assign Certificates option. For details, see your Microsoft Skype for Business documentation.