Lync Server 2013 Mobility – Basics

Mobility features and capabalities

1.       To support Lync mobile applications on mobile devices, Lync Server 2013 provides three services: Lync Server 2013 Mcx Mobility Service, Lync Server 2013 Autodiscover Service, and Lync Server 2013 Push Notification Service. The Cumulative Updates for Lync Server 2013: February 2013 adds a complimentary, but advanced, service for Lync 2013 Mobile clients—mobility support through the use of the Unified Communications Web API, or UCWA. 

2.       When you deploy the Lync Server 2013 Mobility Service, users can use supported Apple iOS, Android, and Windows Phone, or Nokia Symbian mobile devices to perform activities such as

a.        Send and receive instant messages (Mcx)

b.        View presence (Mcx)

c.        View contacts (Mcx)

d.        Click to join a conference (Mcx)

e.        Call via work (Mcx)

f.         Single number reach (Mcx)

g.        Voice mail (Mcx)

h.        Missed call notification (Mcx)

i.         Voice over IP (VoIP)

j.         Attendee video (H.264)

      

3.        The mobility feature also supports push notifications for mobile devices that do not support applications running in the background. A push notification is a notification that is sent to a mobile device about an event that occurs while a mobile application is inactive. For example, a missed instant messaging (IM) invitation can result in a push notification. 

Mobility Components

Lync Server 2013 Unified Communications Web API (UCWA)   

Provides services for real-time communications with mobile and web clients in Lync Server 2013. When you deploy the February 2013 CU to the Front End Server and Director, the installation creates a virtual directory in the internal and external web services (Ucwa). A web component that is part of the Ucwa virtual directory accepts calls from UCWA-enabled clients. The client apps communicate over a REST interface for presence, contacts, instant messaging, VoIP, video conferencing, and collaboration. UCWA uses a P-GET based channel to send events, such as an incoming call, incoming instant message, or a message to the client app. 

Lync Server 2013 Mobility Service (Mcx)   

This service supports Lync functionality, such as instant messaging (IM), presence, and contacts, on mobile devices. The Mobility Service is installed on every Front End Server in each pool that is to support Lync functionality on mobile devices. When you install Lync Server 2013, a new virtual directory (Mcx) is created under both the internal website and the external website on your Front End Servers. 

Lync Server 2013 Autodiscover Service   

This service identifies the location of the user and enables mobile devices and other Lync clients to locate resources—such as the internal and external URLs for Lync Server 2013 Web Services, and the URL for the Mcx or UCWA—regardless of network location. Automatic discovery uses hardcoded host names (lyncdiscoverinternal for users inside the network; lyncdiscover for users outside the network) and the SIP domain of the user. It supports client connections that use either HTTP or HTTPS. 

The Autodiscover Service is installed on every Front End Server and on every Director in each pool that is to support Lync functionality on mobile devices. When you install the Autodiscover Service, a new virtual directory (Autodiscover) is created under both the internal website and the external website, on both Front End Servers and Directors. 

Push Notification Service   

This service is a cloud-based service that is located in the Lync Online data center. When the Lync mobile application on a supported Apple iOS device or Windows Phone is inactive, it cannot respond to new events, such as a new instant messaging (IM) invitation, a missed instant message, a missed call, or voice mail, because these devices do not support mobile applications running in the background. In these cases, a notification of the new event—called a push notification—is sent to the mobile device. The Mobility Service sends the notification to the cloud-based Push Notification Service, which then sends the notification either to the Apple Push Notification Service (APNS) (for supported Apple iOS devices) or to the Microsoft Push Notification Service (MPNS) (for Windows Phone), which then sends it on to the mobile device. The user can then respond to the notification on the mobile device to activate the application. 

The Lync 2010 Mobile on Apple and Windows Phone devices use push notifications. The Lync 2013 Mobile client for Apple devices introduced with the Cumulative Updates for Lync Server 2013: February 2013 no longer uses push notification or the push notification clearing house (PNCH). 

Push Notification - Lync Mobility

  

Technical requirements

All Mobility Service traffic goes through the reverse proxy, regardless of where the origination point is—internal or external. In the case of a single reverse proxy or a farm of reverse proxies, or a device that is providing the reverse proxy function, an issue can arise when the internal traffic is going out through an interface and attempting to immediately coming in on the same interface. This often leads to a Security rule violation known as TCP packet spoofing or just spoofing. Hair pinning (the outgoing and immediate incoming of a packet or series of packets) must be allowed in order for mobility to function. One way to resolve this issue is to use a reverse proxy that is separate from the firewall (the spoofing prevention rule should always be enforced at the firewall, for security purposes). The hairpin can occur at the external interface of the reverse proxy instead of the firewall external interface. You detect the spoofing at the firewall, and relax the rule at the reverse proxy, thereby allowing the hairpin that mobility requires. 

Use the Domain Name System (DNS) host or CNAME records to define the reverse proxy for the hairpin behavior (not the firewall), if at all possible. 

Internal and External DNS Configuration 

When you use Automatic Discovery, mobile devices use DNS to locate resources. During the DNS lookup, a connection is first attempted to the FQDN that is associated with the internal DNS record (lyncdiscoverinternal.<internal domain name>). If a connection cannot be made by using the internal DNS record, a connection is attempted by using the external DNS record (lyncdiscover.<sipdomain>). A mobile device that is internal to the network connects to the internal Autodiscover Service URL, and a mobile device that is external to the network connects to the external Autodiscover Service URL. External Autodiscover requests go through the reverse proxy. The Lync Server 2013 Autodiscover Service returns all Web Services URLs for the user's home pool, including the Mobility Service (Mcx and UCWA) URLs. However, both the internal Mobility Service URL and the external Mobility Service URL are associated with the external Web Services FQDN. Therefore, regardless of whether a mobile device is internal or external to the network, the device always connects to the Lync Server 2013 Mobility Service externally through the reverse proxy. 

Port and Firewall Requirements

If you support push notifications and want Apple mobile devices to receive push notifications over your Wi-Fi network, you also need to open port 5223 on your enterprise Wi-Fi network. Port 5223 is an outbound TCP port used by the Apple Push Notification Service (APNS). The mobile device initiates the connection.  

Note that if a user is homed on a Survivable Branch Appliance (SBA) then the following ports are required: 

•          UcwaSipExternalListeningPort requires port 5088 

•          UcwaSipPrimaryListeningPort requires port 5089

Internet Information Services (IIS) Requirements 

We recommend that you use IIS 7.5, IIS 8.0, or IIS 8.5 for mobility. The Mobility Service installer sets flags in ASP.NET to improve performance. IIS 7.5 is installed by default on Windows Server 2008 R2, IIS 8.0 is installed on Windows Server 2012, and IIS 8.5 is installed on Windows Server 2012 R2. The Mobility Service installer automatically changes the ASP.NET settings. 

Hardware Load Balancer Requirements 

On the hardware load balancer that is supporting the Front End pool, the external Web Services virtual IPs (VIPs) for Web Services traffic must be configured for source. Source affinity helps to ensure that multiple connections from a single client are sent to one server to maintain session state. For details about affinity requirements, 

If you plan to support Lync mobile clients only over your internal Wi-Fi network, you should configure the internal Web Services VIPS for source as described for external Web Services VIPs. In this situation, you should use source_addr (or TCP) affinity for the internal Web Services VIPs on the hardware load balancer. 

  

Reverse Proxy Requirements 

If you support automatic discovery for Lync mobile clients, you need to update the current publishing rule as follows: 

•             If you decide to update the subject alternative names lists on the reverse proxy certificates and use HTTPS for the initial Autodiscover Service request, you must update the web publishing rule for lyncdiscover.<sipdomain>. Typically, this is combined with the publishing rule for the external Web Services URL on the Front End pool. 

•             If you decide to use HTTP for the initial Autodiscover Service request so that you do not need to update the subject alternative names list on the reverse proxy certificates, you must create a new web publishing rule for port HTTP/TCP 80, if one does not already exist. If a rule for HTTP/TCP 80 does already exist, you can update that rule to include the lyncdiscover.<sipdomain> entry.