Director role in Lync 2010

Microsoft has introduced a new dedicated role in Lync 2010 and its known as Directory role. In OCS 2007 and R2 this role existed but was not a explicit role. it was just a frontend server with out any users homed on it.

It’s server which is generally placed before the front end pool. Its purely a optional server and it can be a single Directory role server or pool of servers behind a hardware load balancer or DNS load balancing. It can disadvantage if you have a single directory role server when it goes down. So its recommended to have multiple servers into the directory pool to avoid single point of failure. One more way of avoiding single point of failure is add multiple SRV records. One SRV record for Directory pool and other one for the Front end pool with different preference.

This role can only be deployed on the sever running Lync server2010 Enterprise edition and it cannot clubbed with any other role.

Director Pool Topology diagram

figure 1. Directory server/pool placement.

Director role acts has a mediator between Lync 2010 client and front end pool. Lync 2010 client can be coming form the Internal or Internet and service offered by the director server varies depending on the client source(Internal or Internet)

Director role service for Internal client

During deployment SRV record should be pointing to the director pool. So when the client issues a request on the SRV _sipinternaltls._tcp.<domain>.com record , then the service is handled by the director pool and it determine the front end pool where the users are located from its local database and and redirect to the correct pool. Its one more useful when you have a multiple front end pool.

Once the client determines its front end pool then director role server will not be communicated any more.

Director role service for Internet client

The main purpose of director role is for the users/client coming from the internet. Though its optional, its recommended to implement for security reasons and it allows and authenticates  clients are connecting from Internet. When users from the internet tries to connect the Lync server, it talks to the edge server and it will be forwards to director for the authentication. Once client is authenticated then it proxies the client request to the appropriate front end pool. It also maintains the communication path between the client and the user’s home pool as well as the Edge Server.

Refence link from DR Rez

DNS Requirement for Remote Access and local access of Lync 2010 client users

DNS configuration varies depending the current DNS settings in the organization. You need get check if the current DNS is configured with DNS split brain syndrome or not. DNS split brain syndrome  is a beautiful concept as such and its very useful in a organization where you have same domain name space is followed in internal and external DNS.

Eg.

Internal DNS name space : abc.com
External DNS name space : abc.com

DNS with out split brain syndrome is where internal and external name space is different.

Eg.

Internal DNS name space : abc.local
External DNS name space : abc.com

Most organization follow this for security reasons.

Lets understand how the Lync Client 2010 will connect when you have two different name space. Before we get into this, lets understand what lync 2010 client needs to connect to its frontend server

When user enters the email address Eg. Krishna@abc.com in the lync client and click on connect then the client will take the user email domain eg abc.com and try to locate the sip server  using srv record in the DNS. SRV record will be in this format eg. “_sipinternaltls._tcp.abc.com” where abc.com is the domain name. With this SRV record lync client connects and access the front-end pool on port 5061.

lync client tries to query the SRV record in the following order and connects using the best available SRV record

_sipinternaltls._tcp.abc.com
_sipinternal._tcp.abc.com
_sip._tls.abc.com

With this information lets focus on the configuration required for the internal access of lync 2010 clients

Create a zone in the internal DNS that matches the external DNS zone (for example, abc.com) and create DNS A records corresponding to the Lync Server 2010 pool used for automatic configuration. For example, if a user is homed on pool01.abc.local but signs into Lync as user@abc.com, create an internal DNS zone called abc.com and inside it, create a DNS A record for pool01.abc.com or you can create a pin point zone which matching the external DNS zone. pin point zone can only be created using dnscmd.exe. below is the example to create pin point zone in the internal dns for the domain abc.com and front-end pool name pool01.abc.com

dnscmd . /zoneadd _sipinternaltls._tcp.abc.com. /dsprimary
dnscmd . /recordadd _sipinternaltls._tcp.abc.com. @ SRV 0 0 5061 pool01.abc.com.
dnscmd . /zoneadd pool01.abc.com. /dsprimary
dnscmd . /recordadd pool01.contoso.com. @ A 192.168.1.10
dnscmd . /recordadd pool01.contoso.com. @ A 192.168.1.11

We are good from the internal, similar configuration needs to be done from the Internet DNS as well.

Create a SRV record in Internet DNS “_sip._tls.abc.com” where abc.com is the domain name

Eg.
dnscmd . /recordadd _sip._tls.abc.com. @ SRV 0 0 443

As discussed earlier, lync client uses specific order to query the SRV records. When the lync client is accessing from the internet then the first two SRV request will fail as its not available in the Internet DNS zone and it would connect using the last SRV record “_sip._tls.abc.com” which is defined in the DNS zone

I hope this information helps you to have better understanding the DNS requirementSmile