FAQ 1 - DNS, SIP Namespaces, and SIP URIs
Joe Schurman
If you haven't gone cross-eyed yet, just wait. Ok, SIP is the
communications protocol for LCS. SIP URIs are id's given to contacts/users
that use the SIP service. LCS uses SIP and when you plug in your user
id/sign-in name for Communicator or Windows Messenger, you are giving the
client application, yes, drum roll please, your SIP URI. If you want to use
the magical feature of automatic configuration for Communicator or Windows
Messenger, you will rely on your DNS infrastructure. This is why MCSEs are
really important. So for autoconfig, your SIP URI, remember the drum roll?,
has a address at the right of the @ symbol, usually your company's name.com.
The client then performs a DNS query to find a matching host record for that
SIP URI. This is called a SIP Namespace.
So if you want autoconfig to work properly, you have to create the following
entries in DNS (It took me three iterations with Jeremy Buch to get this
right, so all credit is given to Jeremy, thank you Jeremy):
1. "A" Host Record for the LCS Hosting Service - lcs.domain.com which will
point to the IP Address of a Single Standard Edition Server, a Single LCS
Pool Server, a LCS Director, or a Load Balancer.
2. DNS SRV Record for TLS by choosing TCP and then entering _SIPINTERNALTLS
for internal TLS connections. (This is new because of Communicator)
3. DNS SRV Record for TCP by choosing TCP and then entering _SIPINTERNAL
for internal TCP connections. (This is new because of Communicator)
4. DNS SRV Record for TLS by entering _TLS and then entering _SIP for
external TLS connections. (This is the same as was before for Windows
Messenger)
5. DNS SRV Record for TCP by choosing TCP and then entering _SIP for
external TCP connections. (This is the same as was before for Windows
Messenger)
a. Internal SRV Records pointing to the host of lcs.company.com
b. External pointing to the Access Proxy's external edge.
c. For you perfectionists out there, the priority and weight of the SRV
records is set to 0 and the default port is 5061 or TLS and 5060 for TCP.
(Did I say thank you Jeremy?)
How do I handle multiple SIP Namespaces and SIP URIs?
Ok, if your this big conglomerate organization or if you are a trigger happy
mergers and acquisitions company, this is for you. In this scenario, you may
have sub companies still using their respective company email addresses or
you may just like to make things hard on yourself so you thought, hey, let's
support multiple SIP Namespaces and URIs. Regardless, there is a solution.
Again, this was edited by Jeremy Buch. Thank you Jeremy Buch the LCS Guru of
SIP and DNS.
Solution 1 - The LCS Director
Using a LCS Director, you can support multiple SIP URIs and Multiple Domains
for automatic configuration using the Certificate Subject Alternative Name.
You may already be familiar with the common name or friendly name of a
certificate. If not, it's the primary name of the certificate. The client
using a defined SIP URI such as us...@company2.com using autoconfig is looking
for a DNS matching record of company1.com. Same goes for us...@company3.com
and us...@company4.com. But let's say that the primary use of this LCS
deployment is for us...@company.com and this type of convoluted deployment as
expressed in my mentioning above is going to leverage one LCS environment for
these multiple domains, SIP Namespaces and SIP URIs. In this case, you will
make a routing entry in your LCS Director for the one inbound TLS connection
using the default port of 5061 and apply the certificate with at a Server
Authorization EKU and a common/friendly name of lcs.company.com (matches the
DNS Host Record for this entry) and then in the Subject Alternative Name
field, enter your company2.com, company3.com, company4.com entries. Then you
are set. Now you can enable multiple SIP URIs and Namespaces for one entry,
one port.
(Did I say thank you Jeremy? Oh yeah, thank you Amey as well)
Solution 2 - There is another solution, but we're still working on it
--
Joe Schurman
Connected Innovation
http://www.connectedinnovation.com