Configuring Lync Federation

Brian Hadfield -

Lync external connectivity (federation) enables a Lync user to connect with users in other organizations that use a hosted Lync service as well as those that host their own Lync Server on-premises. Federated contacts can see presence, communicate by using IM, and make Lync-to-Lync audio and video calls.

The federation functionality is enabled by completing the following:

  1. Add the customer SIP domain to the Lync SSL certificate (Chinook Communications)
  2. Create the Lync federation DNS records (Customer)
  3. Add the domain to be federated to the Federated Domains list (Customer)
  4. Notify federated company to allow the SIP domain (Federation Partner Administrator)

The following steps will guide you through the process of enabling Lync federation.

1.  Add the customer SIP domain to the Lync SSL certificate

In order to allow for federation with external Lync users, we must add your domain name to our Lync SSL certificate.   Issuing a secure certificate to a company that does not own and operate the domain being secured would allow fraudulent transactions.  Therefore, to fulfill this requirement, our SSL certificate vendor (Digit Cert) will send an e-mail to the contact listed in the WhoIs record for the domain. Please make sure your WhoIs record contains current and accurate information.  This is the address where the domain validation will be sent, once you have confirmed that you have access to this e-mail account, please notify us and we will begin the process below.

NOTE: If you do not know your contact information for who is, please browse to the Network Solutions WHOIS search page (or any other similar site) and enter your domain name in the Search all WHOIS Records box.  Please note the Administrative Contact e-mail address as that is the mailbox that will receive the domain validation email.

  1. The Support Engineer will order the new certificate with the customer SIP domain from the Certificate Authority.
  2. The Administrative Contact for the domain will receive an email with a link to validate the request.

DigicertValidation.png

  1. Clicking on the link will take you to a DigiCert Approval page similar to the one below.  Please check the box approving the Terms of Service, enter your first and last name and click Submit Approval.

DigiCert_Approval-5.png

  1. Once the request has been approved, we will be notified and issued the updated certificate.
  2. When the new certificate has been issued, the Support team will notify you of the scheduled maintenance window to publish the updated certificate. 

2.  Create the Lync Federation DNS records

 The final step in completing the federation configuration is updating the DNS records for the domain.  This can be completed at any time, but will not be valid until the SSL certificate with your SIP domain has been updated and published.

  1.  Add the following DNS records for the SIP domain listed on the certificate request (replacing your domain.com with your actual SIP domain name).

CNAME Records

      • sip.yourdomain.com -> access02.partnerhosted.com

 SRV Records

      • _sipfederationtls._tcp.yourdomain.com | Port 5061 | Weight 100 | Target=sip.yourdomain.com
  1.  Allow the new DNS records to propagate.  Once the records have propagated, your domain will be enabled for Lync federation.

3.  Add the domain to be federated to the Federated Domains list

Once the certificate has been updated and DNS records created, you will need to login to the control panel and add the domains of external contacts to the Federated Domains list.  Follow the guidance below to add a federated domain.

  1. Login to the Control Panel as a Company Admistrator or Reseller Administrator.
  2. Open the Company Info screen.
  3. Select Lync 2013 Hosting Service from the Active Services menu.
  4. Enter a domain name in the Domain to Federate: box.
  5. Select the check mark icon to add the domain.

Federation_-_Inbox-4.gif

  1. Repeats steps 4 and 5 for additional domains to federate with.
  2. Select Update.

4.  Notify federated company to allow the SIP domain

Some remote Lync platforms will require your domain to be allowed to federate with their Lync platform.  This is a change that will need to be made by the Lync administrator on the platform you would like to federate with.  No further changes beyond what is outlined in this article are required on the Chinook hosted Lync platform to enable federation.

NOTE:  If the company that you are federating with is hosted on the Office 365 platform, guidance for enabling communication with external contacts is located here.

 

Have more questions? Submit a request

Comments

Powered by Zendesk