Lync® Online is a Microsoft Office 365 hosted communications offering that delivers the collaboration capabilities of Lync Server 2013 as a cloud-based service.  The various Lync server roles (Front End Server, Mediation Server, Edge Server, etc.) all run in Microsoft data centers.

Now, with the recent 1.6 release of Citrix’s HDX RealTime Optimization Pack for Lync, delivering the Lync client from XenApp/XenDesktop in a Lync Online environment is easier than ever before.

Just like organizations that host their own Lync server infrastructure on premises, Lync Online customers would prefer to deliver the Lync client in an “optimized” way, to maximize the scalability of their XenApp/XenDesktop servers and to eliminate unnecessary “hairpinning” (or “tromboning”) of audio-video traffic through the data center. Such an optimized architecture is possible for Lync Online customers by using the Citrix HDX RealTime Optimization Pack for Lync, which requires no modifications to the back-end Lync server infrastructure. The Optimization Pack consists of two components: (1) the HDX RealTime Connector for Lync runs alongside the Lync 2010 client in the user’s desktop virtual desktop to ensure that when a user makes a call the media processing is offloaded to (2) the HDX RealTime Media Engine on the user device (Windows, Linux or Mac). The Citrix HDX RealTime Media Engine is analogous to Microsoft’s Lync VDI Plug-in for Windows, which unfortunately does not support Lync Online /Office 365. Like the Lync VDI Plug-in, the HDX RealTime Media Engine includes Microsoft’s proprietary RT Audio and RT Video codecs and proprietary SIP extensions. In addition, it includes various industry standard codecs, notably H.264, various flavors of H.263, G.711 and several G.722 variants, enabling interoperability with many third-party in-room conferencing systems that are capable of registering with the Lync Front End Server.

To fully support Lync Online, version 1.6 of the HDX RealTime Optimization Pack for Lync offers a variety of compatible authentication methods.

No doubt the most important one for large enterprises is Active Directory Federation. With this method, the enterprise retains its Active Directory on premises, and authentication to the Office 365 environment is achieved through claims-based single sign-on. Using federated trust to manage access to Lync Online reduces or eliminates the need for duplicate accounts and other credential management overhead. The user’s identification is verified by the organization’s on-premises Active Directory rather than Office 365’s Azure Active Directory. 

Small customers (typically less than 200 users) may prefer to use Office 365 Cloud Identities. In this model, user accounts are created and managed in Office 365 and stored in Azure AD, and the password is verified by Azure AD. Office 365 onboarding is easy with this approach since there is nothing that needs to be configured other than to create users in the Office 365 admin center.

A third alternative for authentication to Lync Online is to use the Microsoft Azure Active Directory Sync Tool. In this model, user identities are managed in an on-premises Active Directory server and the accounts and password hashes are synchronized to the Office 365 cloud. The password hash is designed so that it cannot be reversed to reveal the user’s plaintext password. Additional security processing is applied to the password hash before it is synchronized to the Azure AD authentication service. When a user logs in to Lync Online, the user’s password is verified by Azure Active Directory. This model is popular both with SMB and large enterprise customers.

For an overview of the authentication and single sign-on mechanisms supported by the HDX RealTime Optimization Pack for Lync, please see CTX135647, which is in the process of being updated to describe AD Federation to Lync Online.

Derek Thorslund,

Director of Product Management, HDX