External Internal IM And Presence - .microsoft
InternalSkype for BusinessusersLegendActive DirectoryDomain ServicesInternal FirewallDirector proxies Web traffic todestination pool’s Web service.HTTPS trafficMSMQ trafficHTTPS:443CLS trafficArrow direction indicates whichserver initiates the connection.Actual traffic is bi-directional.BCThis port is used to connect to Web Services: download the Address Book connect to Address Book Web query URL provide distribution list expansion download meeting content connect to the Mobility Service connect to the AutoDiscover Service connect to Dial-in URL connect to Lync Web App connect to CertProvisioningServiceExternal user sign-in process:1. Client discovers Edge Server:a. lyncdiscoverinternal. sip-domain b. lyncdiscover. sip-domain c. sipinternaltls. tcp. sip-domain d. sipinternal. tcp. sip-domain e. sip. tls. sip-domain f. sipinternal. sip-domain g. sip. sip-domain h. sipexternal. sip-domain 2. Client connects to Edge Server.3. Edge Server proxies connection to Director.4. Director authenticates user and proxyconnection to user’s home pool.Internal user sign-in process:1. Client discovers Enterprise Pool:a. lyncdiscoverinternal. sip-domain b. lyncdiscover. sip-domain c. sipinternaltls. tcp. sip-domain d. sipinternal. tcp. sip-domain e. sipinternal. sip-domain f. sip. sip-domain 2. Client connects to Enterprise Pool server.3. Enterprise pool server authenticates user andredirects connection to user’s home server.CertificateAuthorityHTTP: 80AReverse proxyBPublish rule for port 4443 toset “forward host header” totrue. This ensures the originalURL is forwarded.CFile Share ServerXMPP/TCP: 5269DirectorsXMPP federationSIP/MTLS: 5061Access Edge – SIP/TLS: 443SIP/MTLSHTTPS: 4443Access Edge – SIP/MTLS: 5061Front end poolCLS/MTLS: 50001-50003Edge PoolC3P/HTTPS: 444MSMQDSML/HTTPS: 443Skype for Businessfederationand Public IMDirSyncCentralized Logging Persistent ChatServiceCompliance ServerOffice 365ADFS ProxySIP/MTLS:5041Persistent ChatServerPorts to load balance by HLB:- 80 - 8080 - 443 - 4443- 5061 [can use DNS load balancing]SAML/HTTPS: 443SkypeDirectorySearchAddress book& PersistentChat file shareLPE devicesalso requireport 80.XMPP/MTLS: 23456TCP: 443Services and ProcessesHTTPS: 4443AHTTPS: 443XMPP trafficExternal FirewallSIP/TLS: 5061Skype for BusinessusersSIP traffic: signaling and IMSIP/TLS: 5061IM and PresenceExternalADFSSingle sign-on(SSO)Back-end SQLServerPort number to service traffic assignment:5062 – IM Conferencing Service5086 – Internal Mobility Service5087 – External Mobility ServiceVersion date 7/6/2018 2018 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at SfBdoc201 5@microsoft.com.
ExternalA/V and WebConferencingInternalPeer-to-peer A/Vsession.External FirewallLegendSRTP/UDP:1024-65535Internal FirewallSkype for BusinessusersSIP traffic: signalingActive DirectoryDomain ServicesBSkype for BusinessusersSRTP/UDP:4915265535HTTP(S) trafficRTP/SRTP traffic: A/V ConferencingCAccess Edge – SIP/TLS:5061Arrow direction indicates whichserver initiates the connection.Actual traffic is bi-directional.ADirectorsICE: STUN/TCP:443, UDP:3478ADestination IP Source PortDestination PortAccess Edge – SIP/TLS:443SIP/MTLS/TCP:5061A/V EdgeA/V EdgeAnyAnyAnyAnyA/V EdgeA/V EdgeTCP 443UDP 3478TCP 443UDP 3478Web Conf Edge - PSOM/TLS:443PSOM/MTLS/TCP:8057Codec varies per workload: G.722, Siren or SILK for audio H264SVC for video [RTVideo fordownlevel clients]Codec varies per workload: G.722 for audio H264AVC for videoHTTPS: 443 is used to downloadconferencing content, includingPowerpoint files and sharing.SMB:445Edge PoolSIP/MTLS/TCP:5062Front end poolMRAS trafficHTTPS:4443HTTPS:443If client connects onport 80 during sign-in,it gets redirected toport 443Director proxiesWeb traffic todestination pool’sWeb Service.TLS:5061SRTP: STUN/TCP:443, UDP:3478Skype for BusinessusersFile Share verse proxyOffice WebApps ServerSIP TrunkECodec varies per workload: G.722 for audio H264SVC for videoICE: STUN/TCP:443, UDP:3478A/V Edge – STUN/TCP:443, UDP:3478TCP:5060TLS:5061DTCP 50,000-59,999UDP 3478AnyAnySIP/MTLS/TCP:5061HTTPS:443CMeeting content metadata compliance file share.SRTP: STUN/TCP:443, UDP:3478Source IPBSIP/TLS:5061Skype for BusinessfederationHTTPS:443ETraffic goes directly toA/V ConferencingService WITHOUTgoing through thepool’s hardware loadbalancerPSOM/TLS:8057ICE trafficSRTP/UDP:49152-65535PSOM traffic: Web ConferencingTCP:5060TLS:5061CUCMVersion date 7/6/2018 2018 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at SfBdoc201 5@microsoft.com.VTC
Internal FirewallSIP traffic: signalingSRTP: STUN/TCP:443HTTP(S) trafficICE: STUN/TCP:443RTP/SRTP traffic: A/V ConferencingSkype for BusinessfederationAASource IPDestination IP Source PortA/V EdgeAnyAnyA/V EdgeSkype for BusinessusersSkype for BusinessusersICE trafficArrow direction indicates whichserver initiates the connection.Actual traffic is /TLS:5061External FirewallLegendPeer-to-peerapplicationsharing RTP/TCP:49152-65535ExternalDestination PortTCP 50,000-59,999 TCP 443AnyTCP 443Access Edge - SIP/TLS:5061SIP/MTLS:5061Access Edge - SIP/TLS:443SIP/MTLS:5062SRTP: STUN/TCP:443Skype for BusinessusersEdge PoolPort number to servicetraffic assignment:5065 - ApplicationSharing ConferencingServiceSIP/MTLSICE: STUN/TCP:443Front end poolMRAS trafficHTTPS:4443HTTPS:443If client connects onport 80 during sign-in,it gets redirected toport 443Reverse proxyVersion date 7/6/2018 2018 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at SfBdoc201 5@microsoft.com.Active DirectoryDomain Services
InternalLegendExternal FirewallInternal FirewallCall Admission Control (CAC) trafficSRTP: STUN/TCP:443, UDP:3478RTP/SRTP traffic: A/V ConferencingICE: STUN/TCP:443, UDP:3478ICE 00ExternalMRAS 61For federation, SBAconnects directly withDirector. If no Director isavailable, federationtraffic goes directly tothe Edge Server.TURN/TCP:448Media bypass:audio routeddirectly togatewaybypassingMediation Server.Skype for BusinessusersSkype for BusinessusersMedia codec variesper workload:RTAudio, G.711, SILKICE: STUN/TCP:443, UDP:3478Arrow direction indicates whichserver initiates the connection.Actual traffic is 5061, 5071Access Edge - SIP/TLS:443SIP/MTLS:5062HTTPS:444A/V Edge – ICE: STUN/TCP:443, STUN/UDP:3478ICE: STUN/TCP:443, UDP:3478SRTP: STUN/TCP:443, UDP:3478Lync clientautomaticallyregisters with thepool if the BranchAppliance becomesunavailable.SIP/MTLS:5062SRTP: STUN/TCP:443, UDP:3478Front end poolEdge PoolSIP/TLS:5061Skype for BusinessusersIf no Edge Server isdefined in the topology,callee checks the FrontEnd Server’s BandwidthPolicy Service.SRTP: STUN/TCP:443, UDP:3478SIP trafficActive DirectoryDomain ServicesSRTP/RTCP:49,152-57,500Enterprise VoiceBranch OfficeSIP/MTLSMRAS trafficEnterprise Voice applicationsConnectivity to:Branch AppliancePort number to service traffic assignment:5064 - Telephony Conferencing Service5067 – Mediation Server Service5071 - Response Group Service5072 - Conferencing Attendant Service5073 - Conferencing Announcement Service5075 - Call Park ServiceExchange UM IP-PSTN gateway IP/PBX Direct SIP SIP tion Pool(optional)SIP/TCP:5060,5061Version date 7/6/2018 2018 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at SfBdoc201 5@microsoft.com.
Certificate RequirementsCore elementsAdditional elementsFront End PoolReverse proxyFront End Server 1, Front End Server 2FQDN:Certificate SN:Certificate SAN:EKU:Root certificate:pool. ad-domain pool. ad-domain pool. ad-domain , fe. ad-domain , sip. sip-domain ,lyncdiscoverinternal. sip-domain , lyncdiscover. sip-domain ,admin URL, meet URL, dial-in URL,serverprivate CAEKU:Root certificate:external Web Service FQDNexternal Web Service FQDNexternal Web Service FQDN, lyncdiscover. sip-domain ,meet URL, dial-in URL, OwaExtWeb. sip-domain serverpublic CABranch ApplianceEdge ServersEdge Server 1, Edge Server 2Internal FQDN:internal. ad-domain Certificate SN:internal. ad-domain Certificate SAN:EKU:serverRoot certificate:private CAExternal FQDN:Certificate SN:Certificate SAN:EKU:Root certificate:External networkInternal networkAccess edgeA/V edgeInternal edgeConf edgeaccess. sip-domain access. sip-domain access. sip-domain , sip. sip-domain , conf. sip-domain serverpublic CAPersistent Chat ServerFQDN:Certificate SN:Certificate SAN:EKU:Root certificate:DirectorsFQDN:Certificate SN:Certificate SAN:chatsrv. ad-domain chatsrv. ad-domain N/Aserver, clientprivate CAFQDN:Certificate SN:Certificate SAN:EKU:Root certificate:sba. ad-domain sba. ad-domain sba. ad-domain serverprivate CAExchange UM ServerFQDN:Certificate SN:Certificate SAN:EKU:Root certificate:umsrv. ad-domain umsrv. ad-domain N/Aserverprivate CAOffice Web Apps ServerDirector 1, Director 2FQDN:dir. ad-domain Certificate SN:dir. ad-domain Certificate SAN:dir. ad-domain , sipinternal. sip-domain , sip. sip-domain ,lyncdiscoverinternal. sip-domain , lyncdiscover. sip-domain ,admin URL, meet URL, dial-in URLEKU:serverRoot certificate:private CAFQDN:Certificate SN:Certificate SAN:Certificate SAN:EKU:Root certificate:OwaExtWeb. sip-domain OwaExtWeb. sip-domain wacsrv1. ad-domain wacsrv2. ad-domain serverprivate CAVersion date 7/6/2018 2018 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at SfBdoc201 5@microsoft.com.
InternalCMSLegendSMB trafficExternal FirewallInstall on Enterprise Editionto provide high availability.Internal FirewallHTTPS trafficDefault (1433) or SQLnamed instanceArrow direction indicates whichserver initiates the connection.Subsequent traffic is bi-directional.HTTPS:4443All changes to this configuration data happenat the Central Management store, eliminating“out-of-sync” issues. Read-only copies of thedata are replicated to all servers in thetopology, including Edge Servers andSurvivable Branch Appliances.The Active Directory Domain Services (ADDS) are still used to store basic userinformation, such as the user’s SIP URI andphone number. User policy information isstored in the Central Management store. Theuse of Active Directory Domain Services (ADDS) also provides backward compatibilitywith earlier releases of Lync Server.To administer servers and services, you useSkype for Business Server Management Shellor the Skype for Business Server ControlPanel, which then configure the settings inthe Central Management store. The CentralManagement Server, which runs on one FrontEnd pool or one Standard Edition server inyour deployment, replicates theconfiguration changes to all of the servers inyour deployment.Edge Pool(CMS replica)Back-endSQL ServerEnterprise Pool(CMS master)Front-end Pool(CMS replica)SMB:445The Central Management Store provides arobust, schematized storage of the dataneeded to define, set up, maintain,administer, describe, and operate a Skype forBusiness Server deployment. It also validatesthe data to ensure configuration consistency.TCP:1433Director(CMS replica)Mediation Pool(CMS replica)StandardEdition Server(CMS replica)Branch Appliance(CMS replica)Active DirectoryDomain ServicesVersion date 7/6/2018 2018 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at SfBdoc2015@microsoft.com.
DNS ConfigurationInternal DNS ConfigurationDNS TypeSRVA/CNAMEAAAAAAValuesipinternaltls. tcp. sip-domain lyncdiscoverinternal. sip-domain Pool FQDNadmin URLmeet URLdial-in URLinternal Web Services FQDNexternal Web Services FQDNEnterprise Edition Resolutionpool FQDNHLB FE Pool VIPindividual FE IPsHLB FE Pool VIPHLB FE Pool VIPHLB FE Pool VIPHLB FE Pool VIPReverse proxy public IP addressStandard Edition Resolutionpool FQDNpool IP addresspool IP addresspool IP addresspool IP addresspool IP addresspool IP addressReverse proxy public IP addressPurposeinternal user accessinternal AutoDiscover ServiceInternal pool nameLync Server Control Panel (LSCP)Lync Server Web ServiceLync Server Web ServiceLync Server Web ServiceProxied to Lync Server Web ServiceExternal DNS ConfigurationDNS TypeSRVSRVSRVAAAAA/CNAMEAAAValuesipfederationtls. tcp. sip-domain sip. tls. sip-domain xmpp-server. tcp. sip-domain sip. sip-domain Access Edge FQDN: access. sip-domain A/V Edge FQDN: av. sip-domain Conf Edge FQDN: conf. sip-domain lyncdiscover. sip-domain meet URLdial-in URLexternal Web Services FQDNResolutionAccess Edge FQDN: access. sip-domain Access Edge FQDN: access. sip-domain Access Edge FQDN: access. sip-domain Access Edge FQDN: access. sip-domain Access Edge IP addressA/V Edge IP addressConf Edge IP addressreverse proxy public IP addressreverse proxy public IP addressreverse proxy public IP addressreverse proxy public IP addressPurposeFederation and public IM connectivityexternal user accessXMPP federationlocate Edge ServerEdge Server Access edgeEdge Server A/V edgeEdge Server Conf edgeexternal AutoDiscover Serviceproxied to Lync Server Web Serviceproxied to Lync Server Web Serviceproxied to Lync Server Web ServiceOWADNS TypeAAValueOWA internal URLOWA external URLOffice Web Apps Farm ResolutionHLB OWA VIPReverse proxy public IP addressOffice Web Apps Server ResolutionOWA server IPReverse proxy public IP addressPurposeinternal user access to PowerPoint Presentationsexternal user access to PowerPoint PresentationsVersion date 7/6/2018 2018 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at SfBdoc201 5@microsoft.com.
BroadcastConferencingMicrosoft Broadcast Solution1. Join meeting using link2a. Authentication (if closed meeting)HTTPS:443 Join PageHTTPS trafficHTTPS:443 Authentication request (closed meeting only)2b. AuthenticationArrow direction indicates whichserver initiates the connection.Actual traffic is bi-directional.3. Streaming starts, technology depends on clientHTTPS:443MPEG-DASH AESAzureHTTPS:443 HLS AESJoin Service Broadcast Pool(UCWA)Connection toUCWA withmeetings settingsAzureActive DirectoryHTTPS:443LegendMediaServices CDNHTTPS:443Smooth Streaming AESAttendeeBrowser3. Get AES KeyHTTPS:443 Request Key with TokenToken VerificationHTTPS:443 Return KeyKey ServicesAES KeyOn Premises Hybrid EnvironmentProducerOnlineUser PoolCalling join service/authentication, gettingconference linkDirSyncUser PoolADFS ProxyActive DirectoryFont End Domain ServicesServer poolVersion date 7/6/2018 2018 Microsoft Corporation. All rights reserved. To send feedback about this documentation, please write to us at SfBdoc201 5@microsoft.com.
Reverse proxy FQDN: external Web Service FQDN Certificate SN: external Web Service FQDN Certificate SAN: external Web Service FQDN, lyncdiscover. sip-domain , meet URL, dial-in URL, OwaExtWeb. sip-domain EKU: server Root certificate: public CA Office Web Apps Server FQDN: OwaExtWeb. sip-domain Certificate SN: OwaExtWeb. sip-domain
Furuncle of external ear. H60.00 Abscess of external ear, unspecified ear. H60.01 Abscess of right external ear. H60.02 Abscess of left external ear. H60.03 Abscess of external ear, bilateral. H60.1 Cellulitis of external ear. Cellulitis of auricle Cellulitis of external auditory canal. H60.10 Cellulitis of external ear, unspecified ear
SAE J1926-1 7/16-20 UNF-2A SAE J1926-2 G1/4A DIN 3852-A Thread External Internal External External Torque 20 Nm Name 1/4-19 BSPT R1/4 PER DIN EN 10226 1/4-18 NPTF 1/8-27 NPTF Thread External External Internal Torque 20 Nm Note: Recommended torque may varify according to material and specific application GENERAL NOTES * for more options see How .
How does conflict show itself with internal customers? – Slide 11 and pages 15-17 of the Delegate Workbook. Ask/discuss Explain the concepts of internal and external conflict and how internal conflict can drive and affect external conflict and external relationships. Internal conflict can create the following problems: 1. Breakdown in .
internal promotions or lateral moves than through external promotions or lateral moves. There is a better balance between internal and external hiring in lower-skilled jobs (such as clerical and expert workers), suggesting that the bias toward internal hiring rises along with the level in the job hierarchy.
same job level as that of the internal candidate but rather at the next level up. Research on internal-versus-external hiring involves specifying an empirical model of the different ways in which a job vacancy could be filled (e.g., internal promotion, external lateral move, etc.).
Walled Pressure Vessel (1) ! Circumferential Stress Calculated by equating the force due to internal gas/fluid pressure with the force due to the Circumferential stress:! Pressure force on wall [p internal p external]Rsinθdθ 0 π [p internal p external] R cosθ 0 π p [internal p external] 2R L θ" force .
In the following cases, an internal appeal is deemed exhausted, allowing a consumer to move to an external review without completing the internal appeals process: The plan or issuer waives an internal appeal; Urgent-care situations (expedited external review may be initiated at the same time as expedited internal appeals); and
Internal control is a process that "controls" or mitigates risk, for example: In accounting, internal control is a process to provide reasonable assurance over the accuracy and reliability of financial reporting (internal and external). In compliance, internal control is a process to provide reasonable assurance over adherence to laws, regulations, internal policies, etc.
