I worked with the Microsoft team that was building the first Lync Multitenant reference architecture. This is an implementation of link that crosses state and continental boundaries. The four site itself was originally designed to support over 200,000 multi-tenanted users. The system was designed to demonstrate to larger hosting and telecom organizations just what it would take to build a system. It was also designed to demonstrate new ways for Telecoms and Hosting companies to sell more bandwidth to it’s present customers. In this article I wanted to give a high level understanding of some of the topology aspects of this type of multi-tenant implementation
As with most major systems there is a front end and a backend to the system. The front end Data Core is where data first comes into the system. In this system there are two component features. The first is Security; the other is tracking of data packet to the appropriate backend systems. In the reference architecture the backend systems include the Data Block and the VoIP Block. Each system has a physical, logical and software systems that protect the security of each block
Across these three blocks three layers of technology were placed. The first layer of course is the data center fabric. This is a system of routers, switches, load balancers, data systems and a core layer platform of technology. The second layer includes the Lync and Exchange roles. The Lync server roles manage the edge systems and communication between the data systems and the voice systems. The exchange roles are used to manage and track both email systems as well as the other 3rd party applications. The third layer is the Add-On layer. The Add-On layer is were 3rd party applications that have been created or applications on the drawing board or applications that are yet to be thought of are installed. As long as these “add-on” applications are written to the Lync platform requirements, it will be useable by any Lync user.
The fabric extends across the front end and backend systems. The data core data is filtered for security purposes and then directed through the front end router systems to the appropriate voice or data systems. The data block contains all the servers, data storage and load balancing for the entire data block. Data of course enters form the Data core. The Data Block is split between edge systems and the Lync and the Exchange services systems. These services are supported by servers dedicated to data storage and application support. The front end edge services systems are placed in a no-man’s land that protects the data integrity of the systems.
Data into the VoIP Block is also directed from the Data Core systems. Packets connect directly with the VoIP services. These services are mostly 3rd party systems. These systems include video, mobile voice integration, text integration and audio conferencing systems. These systems utilize the Lync platform and Exchange services to communicate between the various communications technologies. This means that between the Data Block and the VoIP block there are additional edge systems protecting systems in both backend blocks from each other. From a security perspective, each block (Data Core, Data Block and VoIP Block) each have their own security boundaries that are managed by the Lync Edge systems as well as the firewalls and routing rules in the Data Core. Just reading through this explanation I realize there is a lot going on.
I’ve included some of the visuals that I’ve been describing here. Working with the Microsoft teams I felt that what we are seeing is a new way of doing business. I think this more communication centric style of communication will be better understood by the next generations. Still as IT professionals we need to keep up with the times, so I’ve tried to explain this as best I can.