A content delivery network (CDN) is a distributed network of servers that will cache and serve content from edge nodes closer to the user’s browser. By utilising this functionality websites can offload much of their static content delivery to those servers saving valuable web processing and bandwidth for core business related activities and giving the user a better online experience.

A CDN should be considered for delivering content for Internet workloads that exhibit:

• Static or slow changing content
• Content shared by many users
• Geographically dispersed users
• Ad-hoc or irregular usage (and therefore don’t get the benefit of the browser cache)
• Expensive or saturated bandwidth connections

One or more of these characteristics is an indicator that a CDN may be a worthwhile investment, but the investment need not be a large one.

Azure CDN

The Windows Azure CDN is a network of servers deployed at strategically placed locations around the globe. They will cache and deliver Windows Azure blobs and the static content output of compute instances. The CDN can be enabled through the Windows Azure Platform Management Portal as an add-on feature to your subscription. This article shows how to cheaply and easily leverage the Azure CDN in your architecture without any development, migration nor publishing effort.

Before looking at Azure, it’s worth taking a step back to look at some of the foundational components that can be used to build a CDN. IIS 7 and later has a powerful module plug-in capability for affecting the request response pipeline which can been leveraged to implement content serving farms (in fact I bet these components are used under the Azure CDN)

URLRewrite

One of the powerful and under rated plugins is URLRewrite 2.0 which has a config driven regular expression rules engine for mapping incoming requests to new URLs and for modifying the content of the outgoing response. While this is a similar concept to ASP.NET URLRewrite used heavily in MVC, it works at a lower level and doesn’t actually need ASP.NET at all.

Start out by downloading and installing URLRewrite for IIS 7(or 8) which will put an icon like this in your IIS management console.

• Create a local website with some content in a folder like:
  website/content/Kloud.jpg
• Create a folder (or virtual directory) called “cdn”.

We can now create a rule that delivers the “Content” folder directly from a new content URL.

• In IIS click on the cdn folder and double click the URLRewrite icon and create a new “Blank” inbound rule.

• Add a new rule called “cdn” as a case insensitive regular expression rule to match all incoming URLs (.*)
• and rewrite to them to the content folder
  (/Content/{R:1})
• Click Apply.

This will create a web.config file in the cdn folder with the rewrite rules (which can be directly edited if preferred to using the GUI wizard). Now the web site has two URLs on which content be retrieved.
http://localhost/cdn/kloud.jpg and http://localhost/Content/kloud.jpg

While that’s a handy way to create vanity URLs, the same could be achieved with a simple virtual directory. The real power of the Rewrite Module is in partnership with the Application Request Routing module.

Application Request Routing

Application Request Routing is a module designed to provide the functionality to build large content caching farms from IIS servers. ARR 2.5 (at time of writing) is available as a set of 4 dependant modules through the Web Platform Installer, but also as a direct install from here (this will become important later).

In our case we’ll use just one part, the ability to request “off box” for the rewritten URL. That is we can turn our virtual directory into a reverse proxy by simply editing our rewriting rules appropriately.

• Open the URLRewrite configuration for the cdn folder and “Disable Rule” on the cdn rule created previously
• Now click Add rule and choose the “Reverse Proxy” rule and click OK to the warning about setting up a proxy rule.
  
• Here we will define a server that will be serving the content, for instance this blog kloudsolutions.files.wordpress.com (but any site capable of serving content will do).

(Don’t worry about outbound rules that will come later)

• Accept the default rules (match all URLS and append query string) and Click Apply which will create a new reverse proxy inbound rule.

Now browse to the URL

• http://localhost/cdn/2011/12/121211_0222_lync2010mob1.png?w=630

and even with different query strings

• http://localhost/cdn/2011/12/121211_0222_lync2010mob1.png?w=50

The local IIS should now be forwarding requests and serving content on behalf of the Kloud blog, which is interesting but not altogether useful unless some other value adding service is provided like caching.

Azure WebRole CDN Folder

The first release of the CDN required static content to be pre-uploaded to an Azure Blob store marked for publishing via the CDN. That meant a big upfront effort to identify and manually publish the content appropriate for CDN publishing. The March 2011 update to Azure quietly released some updates to the CDN that made publishing content much easier and much more powerful.

“Developers can now use the Windows Azure Web and VM roles as “origin” for objects to be delivered at scale via the Windows Azure CDN”

That means if a user’s browser requests some content from the CDN that isn’t yet in the Blob store then Azure will try to hit your WebRole on the /cdn folder to deliver the content before giving the user a 404 not found error.

So what if we combine those two ideas and use an Azure Web Role to reverse proxy the requests from the Azure CDN to a content server? To do this we’ll need to install and configure ARR and URLRewrite on a WebRole. This can be done and is detailed here so won’t be detailed here.

• Open Visual Studio and create a new Windows Azure Project called “ContentProxy” and add a WCF WebRole to it (that’s the simplest role to remove all the code from).
• Take the web.config file from the CDN folder we created locally and copy it into a CDN folder in the Azure project.
• Add the install files as described in the blog and remove everything else you can until it looks like this.

• Build and run the project in the development emulator and check it still returns proxied content from the blog
  http://localhost:81/cdn/2011/12/121211_0222_lync2010mob1.png?w=630
• Deploy to Azure ensuring to tick the Remote Desktop option so the installation and config can be checked later if need be.
• Browse to the new Azure service and see that it’s still returning proxied content.
  http://yourazure.cloudapp.net/cdn/2011/12/121211_0222_lync2010mob1.png?w=630

Now we have a content proxy deployed to Azure listening on the CDN folder for requests. Now there’s some final configuration required to publish a CDN end point and wire it up to our WebRole.

Azure CDN Endpoint

• Browse to and log in to the Azure Management Portal.
• Click on Hosted Services, Storage Accounts and CDN.
• Click on the CDN menu item and the New Endpoint for your subscription

  

• Create a new CDN end point and choose the hosted service running the content proxy and provide the CDN source URL for retrieving content.

  

• This will create a new publically available end point like which can be used to get your dynamic content off the CDN:
  http://az190064.vo.msecnd.net/2011/12/121211_0222_lync2010mob1.png?w=50

Now by changing the definition or the URL Rewrite rules you can cache and deliver via CDN any content from anywhere on the Internet including your own corporate web serving infrastructure. The effect will be that a piece of content will be requested from the host server only once when requested by a browser and then every subsequent request will come off the edge nodes of the Azure CDN until it expires from the CDN.

….with no code!

Recently I’ve had to explore the dark art of license assignment using Powershell. It’s not particularly well documented so this might help you…

Displaying a list of the current licensing assignment is pretty straightforward. Get-MsolUser can be used to return information on an individual or a list of users.

Get-MsolUser -All run on its own will return all of the users available in the tenant along with whether or not there is a user license assigned.

To make this a bit more usable, you could pipe this output to a CSV file and work with it from there

Get-MsolUser | Export-Csv c:\path\AllUsers.CSV

If you want to filter it a bit more you can user the “TRUE” or “FALSE” options

Get-MsolUser | Where-Object {$_.isLicensed -eq “TRUE”} | Export-Csv c:\path\AllUsersWithLicenses.CSV

First Time License Assignment

The next step from here is to know what licensing SKU you have available before you can apply it. The first thing you will need to do is obtain the AccountSkuId values that have been setup for your tenant.

In my case, I have an E3 tenant which is an ENTERPRISEPACK AccountSkuId that is prefixed with the name of my tenant. You need to display your SKU:

Get-MsolAccountSku | Format-Table AccountSkuId, SkuPartNumber

If you have an E4 subscription, the AccountSkuId is ENTERPRISEPACKWITHCAL

The available service plans in each of these are

• OFFICESUBSCRIPTION (Office Pro Plus)
• MCOSTANDARD (Lync Online)
• SHAREPOINTWAC (Office Web Apps)
• SHAREPOINTENTERPRISE (Sharepoint Online)
• EXCHANGE_S_ENTERPRISE (Exchange Online)

In the Kiosk plans the AccountSkuId is DESKLESSWOFFPACK and this contains:

• SHAREPOINTWAC
• SHAREPOINTDESKLESS
• EXCHANGE_S_DESKLESS

The Exchange Online Archiving SKU contains:

• EXCHANGE_S_ARCHIVE

Doing bulk license assignments you’ll need to create a CSV file containing the UPN for each batch you want to license. I’ve names the column in my CSV “UPN”

Then you’ll need to set the licenses you would like to disable, in my example I only want to assign a license for Office Pro Plus so I need to set a variable which contains my assignment:

$Step1 = New-MsolLicenseOptions -AccountSkuId klouds:ENTERPRISEPACK -DisabledPlans MCOSTANDARD,SHAREPOINTWAC,SHAREPOINTENTERPRISE,EXCHANGE_S_ENTERPRISE

When assigning a license for the first time you also need to specify the country of use

Import-Csv .\Sample.CSV | foreach {set-MsolUser -UserPrincipalName $_.UPN -UsageLocation AU}

The next step is to assign the license:

Import-Csv .\Sample.CSV | foreach {Set-MsolUserLicense -UserPrincipalName $_.UPN -AddLicenses klouds:ENTERPRISEPACK -verbose -LicenseOptions $Step1}

You can check the license assignment with:

(Get-MSOLUser –UserPrincipalName “Your UPN”).Licenses[0].ServiceStatus

Modifying Subscriptions within a License

As with the first time license assignment, you will need to set a variable containing the license subscriptions you want to activate. In my example I am going to remove the Office Pro Plus subscription and activate Exchange Online:

$Step2 = New-MsolLicenseOptions -AccountSkuId klouds:ENTERPRISEPACK -DisabledPlans OFFICESUBSCRIPTION,MCOSTANDARD,SHAREPOINTWAC,SHAREPOINTENTERPRISE

The next step is to assign remove the Office Pro Plus subscription and assign Exchange Online

Import-Csv .\Sample.CSV | ForEach {Set-MsolUserLicense -UserPrincipalName $_.UPN -LicenseOptions $Step2}

Again using (Get-MSOLUser –UserPrincipalName “Your UPN”).Licenses[0].ServiceStatus you can see that the change to the subscription was successful:

If you try to modify the subscription using the same commands used for first time license allocation, you will get an error stating that the license is invalid

How it works

The following diagram shows how the Lync Mobile client functions with Lync Push Notifications.

Sending an Instant Message to a Push User

Take a scenario of a new Instant Message to a Lync Mobile user who is active for Push notifications. The Instant Message is generated from the Lync Front-end and an interception by the MCX Component initiates the SIP request to the Lync Online Clearing House (as shown in Step 5). The Lync Online clearing house receives the interpreted message using SIP and translates that to a HTTP request to the Microsoft Push Notification Service. The payload of this message includes the URI of the device (push notification URI) along with instructions for the Lync Mobile client. This includes information such as:

• The visual update to the Lync Mobile application tile (ie message count)
• A toast notification for the device with a preview of the message.

The Microsoft Push Notification Service sends a response code to the Lync Online Clearing House which converts back to SIP for a notification back to the Lync front-end via the Lync Edge. The message is delivered to the mobile device at the next possible opportunity. However, the Microsoft Push Notification Service does not provide an end-to-end confirmation that your push notification was delivered to the device. Hence the message notification back to the sender, though it is likely it was actually delivered to the device.

Attempt 1: IM Not Acknowledged Send an IM to a mobile user – Waiting for a response…	Response not acknowledged by the mobile user
Attempt 2: IM Acknowledged Send an IM to a mobile user – Waiting for a response…	Response acknowledged by the mobile user (Lync client lauched/resumed)

Looking at the SIP Stack, you see that in all cases the Lync front-end sends a simple message request to the Lync Online Clearing House. You can surmise that the message body in this request includes XML information pertaining to the new invitation, including:

• Importance
• Conference or Not
• Invitation Modality, eg Text, Call etc
• Message Body, eg “Hi Brendan”
• Timestamp

Peer: sipfed.online.lync.com:5061

Message-Type: request

Start-Line: MESSAGE sip:push@push.lync.com SIP/2.0

From: “Brendan Carius”<sip:McxUsere70bc1dd4f9f40fead43db9502b00564brendan.carius@kloud.com.au>;epid=3470B22863;tag=b6d38c5ec0

To: <sip:push@push.lync.com>

CSeq: 21319 MESSAGE

Call-ID: e16e70125be6482ea259f9a1e0bf06c9

Via: SIP/2.0/TLS 155.25.24.23:22360;branch=z9hG4bK3753723F.FE580C552FA25BA9;branched=FALSE;ms-internal-info=”djml34b0vzwRElFhOibGyaNltxs2YuxJMSXdKiHG2lPvxVDFj-w3gGawAA”

Max-Forwards: 68

Via: SIP/2.0/TLS 192.168.1.15:55243;branch=z9hG4bK6C6FDB33.5F9554A4FC3B7C7A;branched=FALSE;ms-received-port=55243;ms-received-cid=562400

Via: SIP/2.0/TLS 192.168.1.15:55241;branch=z9hG4bK2acd82a;ms-received-port=55241;ms-received-cid=13A0800

CONTACT: <sip: atl-edge-001.litwareinc.com;gruu;opaque=srvr:McxExternal:AbaS4im61lGvIsQfMHKgsQAA>;IsOutsideVoiceB2B;automata;actor=”attendant”;text;audio;video;image

CONTENT-LENGTH: 830

SUPPORTED: gruu-10

USER-AGENT: RTCC/4.0.0.0 McxService/4.0.0.0

CONTENT-TYPE: application/vnd.microsoft.lync.pushNotification+xml; charset=”Unicode (UTF-8)”

ms-asserted-verification-level: ms-source-verified-user=verified

Message-Body: —-****MESSAGE BODY DELETED****—-

$$end_record

And, the Response OK.

Peer: lyncse.kloud.net:55243

Message-Type: response

Start-Line: SIP/2.0 200 OK

From: “Brendan Carius”<sip:McxUsere70bc1dd4f9f40fead43db9502b00564brendan.carius@kloud.com.au>;tag=b6d38c5ec0;epid=3470B22863

To: “Push Notification Clearing House”<sip:push@push.lync.com>;tag=f1cbe21fcc

CSeq: 21319 MESSAGE

Call-ID: e16e70125be6482ea259f9a1e0bf06c9

Via: SIP/2.0/TLS 192.168.1.15:55243;branch=z9hG4bK6C6FDB33.5F9554A4FC3B7C7A;branched=FALSE;ms-received-port=55243;ms-received-cid=562400,SIP/2.0/TLS 192.168.1.15:55241;branch=z9hG4bK2acd82a;ms-received-port=55241;ms-received-cid=13A0800

CONTENT-LENGTH: 0

CONTENT-TYPE: application/vnd.microsoft.lync.pushNotification+xml; charset=”Unicode (UTF-8)”

SERVER: RTCC/4.0.0.0 PnchApplication

ms-diagnostics-public: 30000;Reason=”Success”

ms-edge-proxy-message-trust: ms-source-type=DirectPartner;ms-ep-fqdn=atl-edge-001.litwareinc.com;ms-source-verified-user=verified;ms-source-network=federation

Message-Body: –

$$end_record

So as per above, the notification service simply sends a response to Lync to notify that the MS Push Notification Service successfully received the message. This does not indicate whether the device actually received the invitation.

This was an out of band message generated by the MCX application on the Lync Front-end based on a new instant message conversation being generated for the Lync Mobile user. Therefore we have the original SIP dialog between Alice and Bob still occurring. As per any SIP dialog, the initial INVITE responses are TRYING (100) then RINGING (180), assuming all is good.

In ATTEMPT 1, the Lync Mobile user does not acknowledge the new invitation. That is, the person misses the notification and does not launch the Lync Mobile client on the device. This results in a REQUEST TIMEOUT (408) response to the original SIP INVITE. The sender receives the warning of “This message may not have been delivered to….”.

However, in ATTEMPT 2 above, the Lync Mobile user does acknowledge the invitation and does launch the Lync Mobile client when they receive the Push Notification. In this case the response is a 200 OK rather than the timeout. Therefore the “waiting for response…” text is removed from the Instant Message conversation window and the Instant Message conversation is conducted.

The Push Notification service simply operates as a means of notifying the Lync Mobile client of a new invitation (instant message). The Notification Service provides the 1^st line of the IM conversation and updates the Lync Mobile tile with a missed conversation / call count. The instant message conversation between to a Lync Mobile client user is always performed over HTTPS through the Reverse Proxy to the MCX Service on the Lync Front-ends.

Push Notification Synthetic Transactions

An initial test of the push notification service is to run a Test-csMcxPushNotification. To the cmdlet, simply pass the Lync Edge internal FQDN.

Test-CsMcxPushNotification -AccessEdgeFqdn “atl-edge-001.litwareinc.com”

If configured correctly, the result will return:

PS C:\> Test-CsMcxPushNotification -AccessEdgeFqdn “atl-edge-001.litwareinc.com”
TargetFqdn :
Result : Success
Latency : 00:00:00
Error :
Diagnosis :

Looking at the SIPStack on the Edge you will see an outbound request to the Push Notification clearing house (push.lync.com):

Trace-Correlation-Id: 999570620

Instance-Id: 000E445E

Direction: outgoing;source=”internal edge”;destination=”external edge”

Peer: sipfed.online.lync.com:5061

Message-Type: request

Start-Line: MESSAGE sip:push@push.lync.com SIP/2.0

From: <sip:McxUser26df046c-84c7-4ea2-b506-a962bc731b92@kloud.com.au>;epid=40CA3D275B;tag=00c7e644

To: <sip:push@push.lync.com>

CSeq: 1 MESSAGE

Call-ID: 473648cd73334c94a11b8140d3bfaabd

Via: SIP/2.0/TLS 155.25.24.23:22321;branch=z9hG4bK9C46E3C8.30D9E486908D36CB;branched=FALSE;ms-internal-info=”bjLizr_XsA-roWQDzGqWJn-x8229wLtllPfCz1SYhZ2lCG5Nkww3gGawAA”

Max-Forwards: 69

Via: SIP/2.0/TLS 192.168.1.15:54018;branch=z9hG4bKbec5f4fe;ms-received-port=54018;ms-received-cid=55E500

CONTACT: <sip:atl-edge-001.litwareinc.com;transport=Tls>

CONTENT-LENGTH: 434

USER-AGENT: RTCC/4.0.0.0

CONTENT-TYPE: application/vnd.microsoft.lync.pushNotification+xml; charset=”Unicode (UTF-8)”

ms-asserted-verification-level: ms-source-verified-user=verified

Message-Body: —-****MESSAGE BODY DELETED****—-

$$end_record

In response, the Push Notification clearing house should respond with a successful processing of the synthetic transaction:

Trace-Correlation-Id: 999570620

Instance-Id: 000E445F

Direction: incoming;source=”external edge”;destination=”internal edge”

Peer: sipfed.online.lync.com:5061

Message-Type: response

Start-Line: SIP/2.0 200 OK

From: <sip:McxUser26df046c-84c7-4ea2-b506-a962bc731b92@kloud.com.au>;tag=00c7e644;epid=40CA3D275B

To: “Push Notification Clearing House”<sip:push@push.lync.com>;tag=8edaf7323d

CSeq: 1 MESSAGE

Call-ID: 473648cd73334c94a11b8140d3bfaabd

Via: SIP/2.0/TLS 155.25.24.23:22321;received=111.221.22.73;branch=z9hG4bK9C46E3C8.30D9E486908D36CB;branched=FALSE;ms-internal-info=”bjLizr_XsA-roWQDzGqWJn-x8229wLtllPfCz1SYhZ2lCG5Nkww3gGawAA”;ms-received-port=22321;ms-received-cid=15225400,SIP/2.0/TLS 192.168.1.15:54018;branch=z9hG4bKbec5f4fe;ms-received-port=54018;ms-received-cid=55E500

CONTENT-LENGTH: 0

CONTENT-TYPE: application/vnd.microsoft.lync.pushNotification+xml; charset=”Unicode (UTF-8)”

SERVER: RTCC/4.0.0.0 PnchApplication

ms-diagnostics-public: 30007;Reason=”Push Notification synthetic transaction succeeded“

ms-asserted-verification-level: ms-source-verified-user=verified

Message-Body: –

$$end_record

I hope that helps in understanding the function of the Push Notification service for the Lync Mobile client and assists you in troubleshooting any issues with the notification service.

There are a couple of ways these updates can be distributed to the client machines: –

Centralised Deployment

Many businesses will have an SOE and a managed environment in which the most effective method of distribution will be using a patch management system such as Microsoft System Centre Configuration Manager.

This approach will give you access to scheduling, delivery and reporting tools that will help ensure successful deployment of the updates along with minimising the need to manually install them on individual machines.

All systems will require the Microsoft Online Services Sign-In Assistant – x86 or x64

Depending on the OS and version of Office, there are different updates required. If your Office updates are current, it is likely that these updates will already be installed.

Office 2007 on Windows XP SP3 or Windows 7 requires two updates:

• Microsoft Office 2007 Security Update – all versions
• Microsoft Outlook 2007 Update – all versions

Office 2010 on Windows XP SP3 or Windows 7 requires the following three updates:

• Microsoft Office 2010 Update* – x86 or x64
• Microsoft Outlook 2010 Update – x86 or x64
• Microsoft OneNote 2010 Update – x86 or x64

*On Windows XP after applying this update the following reg key is required for each user [HKCU\Software\Microsoft\Office\14.0\Common\Internet\FormsBasedAuthSettings\AllowFBANoPatches – DWORD: 1]

The patches I’ve described can be downloaded from community.office365.com.

Self Service

The other method is by using the Microsoft Office 365 desktop setup tool which is a user self service option. This is the best option for unmanaged environments such as employees configuring their home PCs for use with the Office 365 service and depending on the migration method, it may also be the most hassle free way to configure your desktop applications such as Outlook, Lync, and integrate with SharePoint Online. Local admin rights to allow software installation is a requirement however.

Running the service connector application will scan your system and work out which updates (and/or registry keys) are required by your system in order to use the Office 365 service with your OS and version of Office.

Depending on what services have been assigned to your account in the portal it will also work out what applications it can automatically configure for you.

The service connector can be downloaded from here but you will need an active Office 365 account.

But thinking about Mobile clients specifically, they do not have this Group Policy deployment luxury. I’m trying to determine the advantage of ever defining lyncdiscoverinternal.<your sip domain> in the internal DNS namespace. Typically, the Lync Web Services certificate assigned to the Front-end Pool is issued by an internal certificate authority. This Root Certificate Authority certificate is not present on Mobile devices, therefore will be untrusted. The Lync mobile client would not be able to sign-in, unless the internal root certificate was pre-installed on the device.

As you are unable to simply deploy the root certificates to your fleet of mobile devices, bouncing all the devices to lyncdiscover.<your sip domain> looks to be the most appropriate approach. This will typically require routing and access rules to allow internal traffic a connection to the Reverse Proxy server.

1. Enter sign-in information and credentials into the Lync Mobile client. (hmmm, screen crack)

   

2. Performs a standard DNS query for lyncdiscoverinternal.<sip domain namespace>.

   If the client is external, this DNS resolution will fail and the client will drop to the next discovery record

3. Performs a standard DNS query for lyncdiscover.<sip domain namespace>.

   This DNS query will succeed and typically respond with a subsequent query for the value of the lyncdiscover.<sip domain namespace> CNAME entry. In my case, this is the Lync External Web Services URL.

4. Perform a standard DNS query for external Lync Web services URL and return the IP to connect.
5. Establish a HTTP and HTTPS connection to the resolved lyncdiscover.<sip domain namespace> location, which will be a TMG or other reverse proxy.
6. As all good citizens should, our TMG listener switches HTTP inbound traffic to HTTPS.

   

   We’re now only talking to TMG using HTTPS. As a result a bunch of stuff happens on the wire that I cannot see, so look at TMG logs to get further information

7. The TMG request is destined to lyncdiscover.<sip domain namespace>/?sipuri=<your sip address>
8. The client is provided the Lync external web services URL, which will be used for all further communications.
9. The first activity is to authenticate the client. A Web Ticket request is raised to obtain a client certificate for authentication.

    

   With authentication complete, Lync sign-in and in-band provisioning occurs. To capture this information, I’m looking at the MCXService and SIPStack traces at sign-in.

    

10. The REGISTER request comes into the Lync Front-end as using the McxSipExternalListeningPort, 5087 (CONTACT: <sip:<<LYNC FRONT-END POOL>:5087)

     

11. First and foremost, am I granted a mobility policy? sip:brendan.carius@kloud.com.au is enabled for mobility: True… Phew.

     

    To grant a mobility policy, assign the policy scope Global, to a Site, or to a User. For example: Get-CsUser -filter {samaccountname -eq “bcarius”} | Grant-CsMobilityPolicy -PolicyName All_Mobility. The “All_Mobility” policy grants Mobility and Outside Voice Control (get-csmobilitypolicy).
    

     

12. The standing in-band provisioning occurs on the Lync front-end and I expect MCX is parsing this provisioning to provide the Lync Mobile client only what is requires. This includes:
    1. My Voicemail URI
    2. Whether I’m allows simRing, callForwarding, delegation, team call,
    3. The Address Book, Group Expansion, Location Information URLs
    4. Contact and photo display policies
    5. Mobility policies (outside voice, push notification etc)
    6. And my Dial Plan, ahhh wonderful, a consistent dialing experience to when I’m in the office, this is excellent!!!
13. I now need to figure out if I am a push or pull sorta guy. If I am enabled for PUSH notification, I need to establish a subscription to the Microsoft Online Push Notification Service. If I’m a Pull sorta guy, then my TMG server with GET/POST requests will be apples.

     

14. From here I’m subscribed and ready to use Lync Mobile, my buddy list and contact cards are retrieved.

1. DNS: Create an External DNS CNAME.

   Create CNAME Lyncdiscover.<your sip domain> that resolves to your external web services.

2. Configure Ports: Configure Ports for the Mobility Service

   Set-CsWebServer –Identity <name of pool> –McxSipPrimaryListeningPort 5086
   

   Set-CsWebServer –Identity <name of pool> –McxSipExternalListeningPort 5087
   

   Enable-CsTopology –verbose
   

3. Install Components: Install the Mobility and Lync Automatic discovery services

   On each front-end and director run McsStandalone.msi to install the Mobility Service and the Autodiscover Service. If you’re Windows Server 2008 (not Windows Server 2008 R2) you need to manually modify C:\Windows\System32\inetsrv\config\applicationHost.config. Refer to here.

4. Update Certificates: Update certificates subject alternate names

   As the mobility service has added lyncdiscover.<your sip domain> a new subject alternate name is required on the Reverse Proxy certificate. There are multiple options in publishing the new service using the Reverse Proxy, but the easiest would be to:

   1. Request a new Reverse Proxy certificate that adds lyncdiscover.<your sip domain> to the subject alternate name list.
   2. Install the new certificate on the Reverse Proxy
5. Update Reverse Proxy: Update the Reverse Proxy Listener and Web publishing rule.

   It is easier to update the using Lync external web services listener and publishing rule to support mobility.

   1. On the Listener – Select the new Certificate
   2. On the Web Publishing Rule – Add lyncdiscover.<your sip domain> to the list of Public Names.

   As long as the Path configuration is set to /*, it will be functional.

6. Configure Push: Configure Push Notifications

   To support push notifications, execute the following:

   1. New-CsHostingProvider –Identity “LyncOnline” –Enabled $True –ProxyFqdn “sipfed.online.lync.com” –VerificationLevel UseSourceVerification
      
   2. New-CsAllowedDomain –Identity “push.lync.com”
      
   3. Set-CsPushNotificationConfiguration –EnableApplePushNotificationService $True –EnableMicrosoftPushNotificationService $True
      

Push and client mobility can be restricted using mobility policies if desired.

Profitable since the first quarter, 375 million page views per month, $4 million in annual revenue, 75 employees and $30 million in venture funding. Certainly sounds like a successful business, and it is.

I Can Has Cheezburger has leveraged the initial success of that hit web site by launching hundreds of other similar but slightly different sites based on the original. Many of these sites fail to attract traffic and are shut down within weeks, but every now and then one works, like “Fail Blog” or “Totally looks like“. With many copy cat sites launching web sites daily, chasing the latest “meme” and clipping the ticket on advertising for every one of your page views there’s plenty of motivation to continue.

Traditional innovation business models involve coming up with a great idea, getting seed capital, driving the business for a year only to watch it fail and leave the inventor bankrupt for his troubles. CEO Ben Hu is a new breed of trial-and-error innovator powered by the “scale fast” and “fail fast” business model enabled by the Cloud. By constantly trying out new variants of sites and seeing what works, and more importantly what doesn’t, he is tightening up and lowering the cost of the innovation cycle.

Could a cringe-worthy blog on cat pictures really change the world? Quite possibly, yes. Mr Hu is disappointed with the way newspapers have been presenting news online and is using all the lessons learnt in publishing cat pictures along with his new $30M of seed capital to reinvent the world of online journalism. He will no doubt try many new ways to present news, most will fail, but eventually something is going to stick and we could then be looking at the next Rupert Murdoch.

We know from Richard Dawkins “Blind Watchmaker” that many small incremental changes combined with a process of selection will eventually turn an amoeba to a human. When applied to the Internet and powered by the pay as you go model of the Cloud, the rate of change can be dialled up to 11 and the consequence of failure is near zero. The result will be revolutionary and highly effective ways of presenting information over the Internet for the benefit of humanity and especially Mr Hu!

It’s late at night in January and an email just arrived that has someone very excited. A medical student has won an auction, but this is no eBay auction, it’s an Amazon EC2 instance auction. She has been preparing for this moment for over a year and will make or break her post-doctoral research paper.

She is continuing the valuable work done by her predecessors in the field of on Parkinson’s research and its relationship to dopamine levels in the brain. Previous studies were painstakingly conducted by carefully tracking, monitoring and documenting the lives of hundreds of thousands of patients presenting with dopamine affecting afflictions such as methamphetamine addictions over the course of 10-15 years.

Our scientist is hoping to show a relationship to other causes of dopamine depletion and to do it she’s has been scouring the huge catalogue of free and paid for databases from the likes of the WHO and Science Direct available in the Cloud. Bringing together datasets as wide as meteorology, geography, drug addiction, depression and death rates she has amassed 20Tb of data that needs to be processed to find correlations. Trial runs on small subsets have shown that it will take around 30,000 hours for one CPU to get through the full set. She can’t afford to wait the 3 years to run on her own machine, and limited by a $5,000 grant she can’t buy the hardware needed to do it herself. Instead she puts in a bid for 5000 Amazon EC2 Spot instances at 4c/hour.

Humming in the darkness under a football field sized roof in Ashburn Virginia are thousands of computers running Amazon.com, Instagram, Reddit, Quora and Foursquare. But now it is late in the evening, many shoppers and users are asleep, post Christmas sales are over and the GFC have all conspired to bring Internet traffic to a record low. One by one computers are being freed up into a pool until there are 5000 available and the deal is struck. 6 hours and $1200 later and she has her answer.

This is an example of the new paradigm of data-intensive scientific discovery and it’s happening right now. Effectively time-shifting 16 years of research into 6 hours of processing by utilising data and computing power that already exists. While many organizations are battling with the concept of how to secure their data in the cloud, others have seen the opportunity and make their data freely available or as a chargeable service.

There are many problems that don’t need to be solved now, or even today. In fact some problems have remained unsolved for years but may now tackled using enormous amounts of otherwise idle computing capacity at prices previously unheard of to scientists. This new tool of human evolution will be used to map the neurons in the brain, solve the riddle of Parkinson’s disease, chip away at the list of cancers and discover unexpected relationships and correlations across massive datasets of medical information.

And it’s all available to anyone with a hunch or a hypothesis they want to test.

In a small office in the back of a house in Melbourne is a business taking on the big players in their own backyard. Running a photo library and acting as an intermediary between a carefully chosen group of photographers and a select genre of magazines and publications.

A new photo shoot has just been uploaded from Hungary to the hosting site and a notification email has been sent. The shoot is first quality controlled, categorised and submitted for key wording using one of the new “mechanical turk” cloud services that provide an electronic portal into large, on demand, pools of human labour.

The business of photo syndication is perfectly suited to an Internet only shop front where communication, marketing and product delivery are all electronic. Where reputation is based on service level and quality of product, success can be achieved by targeting and excelling at a very narrow vertical market.

The monthly outgoings are less than $AU150 including, hosting, CRM, campaign management, marketing, invoicing, accounting and laptop. With such low overheads it doesn’t take many sales to turn a profit. All you need is an eye for good photographers, a supply of good photo shoots and a contact list of regular customers with a need for your niche.

This is a window into the frontline of the new Software as a Service, “Pay As You Go” enabled cottage industry. Appearing to all intents as a large professional operation, leveraging the very same tools for operation, but provisioned at a smaller scale.

Unhindered by technological barriers to entry, cottage industries are finding a new resurgence on a level playing field with their much larger competitors. These new kids on the industrial block are unconcerned about size and don’t need internal economies of scale to be profitable.