Difference between Open and Closed Federation in Lync/SfB Server

One of the features that Lync Server and Skype for Business Server has and customers like is the ability to federate with another company. This post will focus only on Lync/SfB to Lync/SfB or Lync/SfB to OCS federation. Usually, Lync/SfB administrators don’t know if they have an open or closed federation – why is that so? Because it’s only a matter of checking a box and the description isn’t really helpful.

So, how do we know if we have an open federation? Simply open your Lync/SfB Control Panel, then Federation and External Access -> Access Edge Configuration and double click Global:

OCFederation01

If Enable partner domain discovery is checked, it means the federation is open. Using PowerShell, check if the EnablePartnerDiscovey is set to True with:

Get-CsAccessEdgeConfiguration

OCFederation02

To close the federation you need to remove the Enable partner domain discovery checkbox in the Lync Control Panel or run the cmdlet:

Set-CsAccessEdgeConfiguration -UseDnsSrvRouting -EnablePartnerDiscovery $False

Make sure that Lync replication is working to all Lync servers. We can go to replication with:

Invoke-CsManagementStoreReplication

And check the replication with:

Get-CsManagementStoreReplicationStatus

OCFederation03

In the Lync Control Panel, we can also check the replication status:

OCFederation04

With a closed federation we need to manually configure each allowed sip domain:

OCFederation05

And fill with the right parameters:

OCFederation06

If we don’t know the partners Access Edge Service (FQDN), we need to do a SRV DNS lookup for _sipfederationtls._tcp.<sip domain>. This can be achieved in a Command Prompt or PowerShell:

nslookup -type=srv _sipfederationtls._tcp.lync2010.uclobby

Even if we close the federation, it’s really important to leave the SRV record _sipfederationtls._tcp.<sip domain> in the external DNS. Thus, if we allow a partner that has already an open federation, our partner doesn’t need to change his configuration.

Last reminder: there is a list of companies that use OCS/Lync, so feel free to add yours:

Lync Federation Directory
http://www.lyncdirectory.com/

4 thoughts on “Difference between Open and Closed Federation in Lync/SfB Server

  1. Nice article, but what is the difference between open and closed federation?
    How does Lync behave differently when his federation configuration is open of closed (other then ‘federated companies need to be whitelisted’).

    1. If you have a close federation Lync will block communication to/from all sip domain not included in the whitelist. In an open federation you allow communication to/from any sip domains, however in this scenario you can add sip domains to the blacklist if you need it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.