HP Survivable Branch Communication zl Module powered by Microsoft Lync Planning and Design Guide 2011-02
3-9
Ready the Data Center for an SBM Deployment
Ready a Certificate for the SBM
Ready a Certificate for the SBM
The person who performs the initial configuration of the SBM must install a
Web Server certificate on it. He or she will have these options:
■ Install a certificate/private key already created for the SBM
■ Create a request on the SBM and submit the request for signing
■ Automatically request a certificate from your domain certificate
authority (CA)
Note Later, when the SBM has appropriate certificates installed on it, the SBM
administrator will also have the option of assigning one of those certificates
to the Lync Server.
The automatic request from a domain CA requires your company to have a
Windows CA. For the other two options, the certificate can be created or
signed by your own Windows CA or by a third-party CA.
You must inform the SBM administrator which option to choose, and based
on your decision you might need to perform some tasks in advance. The
sections below provide guidelines.
Also note that, whichever option you choose, you might need to give the SBM
administrator a file with the CA certificate chain. (This is only necessary if
your domain does not use a group policy object [GPO] to push the CA
certificate to computers when they join the domain.)
SBM Administrator Installs a Certificate/Private Key
File
This option gives you the greatest control over the certificate generation. You
generate or obtain the certificate and private key for the SBM in advance. The
SBM administrator then quickly installs it and gets the SBM up and running.
He or she does not require any special domain permissions.