Microsoft Lync Server 2010 : Planning for Internal Non-Voice Deployment - Planning for Archiving (part 2)

12/13/2013 2:36:15 AM

3. Planning for Virtualization

Many modern datacenters are moving toward virtualizing their workload as much as possible. Lync Server 2010 supports virtualizing all its roles, although it is supported with a lower-rated capacity when virtualization is involved. This isn’t to suggest that virtualization adds overhead, but should be taken as a statement from Microsoft that although it supports Lync Server 2010 on virtualized systems, it would rather see them run on physical hardware and, as such, lower their capacity ratings for virtualized roles. Microsoft even goes as far as to state that if the virtual host is given dedicated resources equivalent to a physical host, it will support the same number of users as the physical host. Its conservative stance is based on the resources that are typically allocated to a given virtual guest.

For example, when using virtualized servers, Microsoft suggests a maximum load of 2,000 users per virtual Standard Edition server and a maximum of 5,000 users per virtual Enterprise Edition Front End Server. Compare these values to the 5,000 users per Standard Edition and 10,000 per Enterprise Front End Server when used with physical hardware.


Microsoft officially supports only Windows Server 2008 R2 for the guest operating systems when used for Lync Server 2010. On the host side, both VMWare and Hyper-V virtualization platforms are supported.

Given that typically virtualized environments are shared across a variety of applications and usually connected to some form of shared storage, pay careful attention to the amount of disk I/O available to various Lync Server 2010 roles.


Don’t automatically assume that because a virtualization environment is attached to a high performance SAN that there’s automatically enough I/O to keep a new application happy. Always evaluate current loads on the infrastructure, both the virtualization farm and the back end storage, to ensure that the new loads imposed on the environment won’t degrade the performance of all applications running on the farm.

Another area to plan for is the networking aspect of the virtualization platform. To optimize performance for Lync Server 2010, it is recommended that each virtualized host be bound to a dedicated Ethernet port on the host system. For large deployments, this can mean a large number of Ethernet ports. Strongly consider deploying multiport network interface cards (NICs) into virtualization hosts.

Another technology to consider, especially when virtualizing Lync Server 2010, is the use of NICs that support Virtual Machine Queue (VMQ). VMQ is a virtualization technology that allows for the efficient transfer of network traffic to a virtualized operating system. VMQ enables virtual machines to filter their queue of packets within the NIC to improve the efficiency of network traffic. If the NICs support it, VMQ can be enabled for individual virtual machines from within the hypervisor’s management console.

It is also recommended to increase the transmit and receive buffers on NICs dedicated to virtual machines to at least 1,024 to avoid packet loss. Not all NICs support a buffer of this size, so take this into account when planning where to deploy the virtual machines for Lync Server 2010 or when planning what hardware to purchase to support a virtualized Lync Server 2010 deployment.

4. Planning for Management

Lync Server 2010 follows the currently popular model of role based access control (RBAC). The concept is that one defines a role, typically based around common tasks, and then delegates the capability to perform these tasks to the role group. Existing security groups or individuals are then populated into that role group to grant them the necessary rights to perform the tasks.

Lync Server 2010 predefines nine RBAC groups that cover most of the commonly delegated tasks within Lync Server 2010. These groups and their allowed tasks are as follows:

CsAdministrator—This group can perform all administrative tasks and modify all settings within Lync Server 2010. This includes creating and assigning roles, and modification or creation of new sites, pools, and services.

CsUserAdministrator—This group can enable or disable users for Lync Server 2010. They can also move users and assign existing policies to users. They can neither create new policies nor modify existing policies.

CsVoiceAdministrator—This group can manage, monitor, and troubleshoot servers and services. They can prevent new connections to servers, apply software updates, as well as start and stop services. They cannot, however, make changes that affect global configuration.

CsViewOnlyAdministrator—This group can view the deployment, including server and user information, in order to monitor deployment health.

CsHelpDesk—This group can view the deployment, including user’s properties and policies. They can also run specific troubleshooting tasks. They can neither change user properties or policies nor server configuration or services.

CsArchivingAdministrator—This group can modify archiving configuration and policies.

CsResponseGroupAdministrator—This group can manage the configuration of the Response Group application within a site.

CsLocationAdministrator—This group offers the lowest level of rights for Enhanced 911 (E911) management. This includes creating E911 locations and network identifiers and network identifiers and enables associating these with each other. This role is assigned with a global scope as opposed to a site-specific scope.

To comply with RBAC best practices, do not assign users to roles with global scopes if they are supposed to administer only a limited set of servers or users. This means creating additional role-based groups with similar rights to previous groups, but applied to a more limited scope because all default role groups in Lync Server 2010 have a global scope. That is to say, the rights apply to all users and to servers in all sites.

These scoped role groups can be created through the PowerShell commandlets provided with Lync Server 2010 by using an existing global group as a template and by assigning the rights to a precreated group in Active Directory. For example:

New-CsAdminRole –Identity "Site01 Server Administrators" –Template
CsServerAdministrator –ConfigScopes "site:Site01"

This commandlet gives the Site01 Server Administrators group the same rights as the predefined CsServerAdministrator role, but rather than giving the rights globally, the rights apply only to servers in Site01.

A similar process can be used to create a role that is scoped based on users rather than on sites:

New-CsAdminRole –Identity "Finance Users Administrators" –Template
CsUserAdministrator –UserScopes "OU:OU=Finance, OU=Corporate Users,
DC=CompanyABC, DC=com"

This grants a group called Finance Users Administrators rights similar to the predefined CsUserAdministrator group but rather than getting the rights across all user objects, they will be limited to user objects in the Finance OU as defined in the commandlet.

After the necessary role groups have been defined, simply add users or other groups to the role groups through Active Directory Users and Computers.


When users are placed into either a new security group or into a role group, they need to log out and then log on for the Kerberos ticket to be updated with the new group membership. Without this process, they will not be able to use the new rights that they are granted.

For users who are given any level of administrative rights within Lync Server 2010, carefully consider which tasks they need to perform and then assign them to the roles with the least privilege and scope necessary to perform the tasks.

5. Documenting the Plan

After all the various requirements have been determined and the options thought out and decided on, put these decisions and requirements into a design document. The complexity of the project affects the size of the document and the effort required to create it. The intention is that this design document summarizes the goals and objectives that were gathered in the initial discovery phase and describes how the project’s result will meet them. It should represent a detailed picture of the end state when the new technologies and clients are implemented. The amount of detail can vary, but it should include key design decisions made in the discovery process and collaboration sessions.

The following is a sample table of contents and brief description of the design document:

Executive Summary—Provides a brief discussion of the scope of the Lync Server 2010 implementation (the pieces of the puzzle).

Goals and Objectives—Includes the 50,000-foot view business objectives, down to the 1,000-foot view staff level tasks that will be met by the project.

Background—Provides a high-level summary of the current state of the network, focusing on problem areas, as clarified in the discovery process, as well as summary decisions made in the collaboration sessions.

Approach—Outlines the high-level phases and tasks required to implement the solution (the details of each task are determined in the migration document).

End State—Defines the details of the new technology configurations. For example, this section describes the number, placement, and functions of Lync Server 2010.

Budget Estimate—Provides an estimate of basic costs involved in the project. Whereas a detailed cost estimate requires the creation of the migration document, experienced estimators can provide order of magnitude numbers at this point. Also, it should be clear what software and hardware are needed, so budgetary numbers can be provided.

When developing the document further, one will want to add additional detail in various sections to lay out the costs and benefits as well as providing a long-term vision to the project. Consider including these details in the various sections of the document:

Executive Summary—The executive summary should set the stage and prepare the audience for what the document will contain, and it should be concise. It should outline, at the highest level, what the scope of the work is. Ideally, the executive summary also positions the document in the decision-making process and clarifies that approvals of the design are required to move forward.

Goals and Objectives—The goals and objectives section should cover the high-level goals of the project and include the pertinent departmental goals. It’s easy to go too far in the goals and objectives sections and get down to the 1,000-foot view level, but this can end up becoming confusing, so this information might be better to record in the migration document and the detailed project plan for the project.

Background—The background section should summarize the results of the discovery process and the collaboration sessions, and can list specific design decisions that were made during the collaboration sessions. Additionally, decisions made about what technologies or features not to include can be summarized here. This information should stay at a relatively high level as well, and more details can be provided in the end state section of the design document. This information is useful as a reference later in the project when the infamous question “Who made that decision?” comes up.

Approach—The approach section should document the implementation strategy agreed upon to this point, and should also serve to record decisions made in the discovery and design process about the timeline (end to end and for each phase) and the team members participating in the different phases. This section should avoid going into too much detail because in many cases the end design might not yet be approved and might change after review. Also, the migration document should provide the details of the process that will be followed.

End State—In the end state section, the specifics of the Lync Server 2010 implementation should be spelled out in detail and the high-level decisions that were summarized in the background section should be fleshed out. Essentially, the software to be installed on each server and the roles that will be installed on each server are spelled out here, along with the future roles of existing legacy servers. Information on the clients that will be supported, policies that will be enforced, and so on should be in this section. Diagrams and tables can help explain the new concepts and show what the solution will look like, where the key systems will be located, and how the overall topology of the implementation will look. Often, besides a standard physical diagram of what goes where, a logical diagram illustrating how devices communicate is needed.

Budget Estimate—The budget section is not exact but should provide order of magnitude prices for the different phases of the project. If an outside consulting firm is assisting with this document, it can draw from experience with similar projects of like-sized companies. Because no two projects are ever the same, there needs to be some flexibility in these estimates. Typically, ranges for each phase should be provided. The goal is for the audience of the document to understand what the project will cost and what they are getting for that money. This is also a great place to point out anticipated returns on investment (ROI) because these often act as the primary justification for a Lync Server 2010 implementation.

  •  Microsoft Lync Server 2010 : Planning for Internal Non-Voice Deployment - Planning for Conferencing
  •  Microsoft Lync Server 2010 : Planning for Internal Non-Voice Deployment - Planning for IM
  •  Microsoft Lync Server 2010 : Planning for Internal Non-Voice Deployment - Planning for Capacity
  •  Microsoft Lync Server 2010 : Planning for Internal Non-Voice Deployment - Determining Your Infrastructure Needs
  •  Microsoft Lync Server 2010 : Determining the Scope of the Deployment
  •  System Center Configuration Manager 2007 : Creating a Package (part 5) - Forefront Client - Configuring the Package, Adding Programs
  •  System Center Configuration Manager 2007 : Creating a Package (part 4) - Forefront Client - Using the New Package Wizard
  •  System Center Configuration Manager 2007 : Creating a Package (part 3) - OpsMgr Client - Configuring the Package Used by the Package Definition File
  •  System Center Configuration Manager 2007 : Creating a Package (part 2) - OpsMgr Client - Configuring the Installation Program
  •  System Center Configuration Manager 2007 : Creating a Package (part 1) - OpsMgr Client - Using the Create Package from Definition Wizard
    Top 10
    Review : Sigma 24mm f/1.4 DG HSM Art
    Review : Canon EF11-24mm f/4L USM
    Review : Creative Sound Blaster Roar 2
    Review : Philips Fidelio M2L
    Review : Alienware 17 - Dell's Alienware laptops
    Review Smartwatch : Wellograph
    Review : Xiaomi Redmi 2
    Extending LINQ to Objects : Writing a Single Element Operator (part 2) - Building the RandomElement Operator
    Extending LINQ to Objects : Writing a Single Element Operator (part 1) - Building Our Own Last Operator
    3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart
    - First look: Apple Watch

    - 3 Tips for Maintaining Your Cell Phone Battery (part 1)

    - 3 Tips for Maintaining Your Cell Phone Battery (part 2)
    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
    Popular Tags
    Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8