none
Lync Mobility Publish with Edge Server

    Question

  • Hi,

    I have 1 Lync Server and and Edge server(DMZ) running on two machine. currently we can connect to lync from home/internet using Edge server pubic IP. Now we are planning to deploy Mobility patch on our Lync server.

    Now i want to know for enabling mobility access for external user am i need another public IP map to my FE server or my Edge server will take care of it?


    Xohaib

    Tuesday, November 19, 2013 12:30 PM

Answers

  • Hi,

    Lync mobility will rely on web services that will be published by your Reverse Proxy solution. So in answer to your question, Yes you will need another public IP for your Reverse Proxy that maps to your webservices on your Front End server.

    Your Edge server cannot act as a reverse proxy as it is an unsupported collocation scenario, is very unreliable, and requires workaround and constant manual intervention in order to even work - Reverse Proxy and Edge should be two seperate boxes.

    Common reverse proxy solution include TMG, IIS ARR and Kemp appliances to name a few.

    You will publish your web services under global DNS entry such as webservices.mydomain.co.uk and add this entry to your global / public DNS records. You will also need to add this to your public certificate, or request a new certificate that contains the appropriate entries; these might also include dialin, meet, lyncdiscover etc. This certificate would then be applied to your reverse proxy solution.

    There's a lot to consider in planning, so I'd prefer to direct you towards the technet library article for mobitliy here http://technet.microsoft.com/en-us/library/hh690055(v=ocs.14).aspx. You will see a subsection there that relates to the aforementioned Reverse Proxy, but if you have any specific questions I'm sure people here will be happy to answer them.

    Kind regards
    Ben


    • Edited by BenDonaldson Tuesday, November 19, 2013 12:52 PM
    • Proposed as answer by Alessio Giombini Tuesday, November 19, 2013 12:55 PM
    • Marked as answer by Kent-Huang Sunday, December 08, 2013 9:02 AM
    Tuesday, November 19, 2013 12:50 PM
  • Hi,

    Agree with Ben,

    You need a Reverse Proxy placed on DMZ zone for Mobility and you must use another Public IP point to web service on Reverse Proxy.

    You can configure TMG as Reverse Proxy for Lync server 2010 with the help of the link below:

    https://social.technet.microsoft.com/wiki/contents/articles/9807.how-to-configure-forefront-tmg-2010-as-reverse-proxy-for-lync-server-2010.aspx

    Best Regards,

    Eason Huang


    Eason Huang
    TechNet Community Support

    • Marked as answer by Kent-Huang Sunday, December 08, 2013 9:02 AM
    Wednesday, November 20, 2013 12:34 PM

All replies

  • Hi,

    Lync mobility will rely on web services that will be published by your Reverse Proxy solution. So in answer to your question, Yes you will need another public IP for your Reverse Proxy that maps to your webservices on your Front End server.

    Your Edge server cannot act as a reverse proxy as it is an unsupported collocation scenario, is very unreliable, and requires workaround and constant manual intervention in order to even work - Reverse Proxy and Edge should be two seperate boxes.

    Common reverse proxy solution include TMG, IIS ARR and Kemp appliances to name a few.

    You will publish your web services under global DNS entry such as webservices.mydomain.co.uk and add this entry to your global / public DNS records. You will also need to add this to your public certificate, or request a new certificate that contains the appropriate entries; these might also include dialin, meet, lyncdiscover etc. This certificate would then be applied to your reverse proxy solution.

    There's a lot to consider in planning, so I'd prefer to direct you towards the technet library article for mobitliy here http://technet.microsoft.com/en-us/library/hh690055(v=ocs.14).aspx. You will see a subsection there that relates to the aforementioned Reverse Proxy, but if you have any specific questions I'm sure people here will be happy to answer them.

    Kind regards
    Ben


    • Edited by BenDonaldson Tuesday, November 19, 2013 12:52 PM
    • Proposed as answer by Alessio Giombini Tuesday, November 19, 2013 12:55 PM
    • Marked as answer by Kent-Huang Sunday, December 08, 2013 9:02 AM
    Tuesday, November 19, 2013 12:50 PM
  • Thanks,

    I dont have TMG for reverse proxy.. can we do it via Router?.. if edge is not used... then whats the purpose of it putting it on DMZ because if we assign public ip to lync FE server it is exposed to Internet..


    Xohaib

    Wednesday, November 20, 2013 6:54 AM
  • Morning Xohaib Firstly you should never expose your lync frontend server to the external internet. Edge servers are used with a DMZ to provide a level of security required to protect your Lync environment from attacks. To answer your question, you will need a reverse proxy and you can't us a router doing port forwarding as the reverse proxy also holds a trusted certificate which also allows the traffic to flow from a smartphone to your lync environment. I hope this helps Regards Iain Smith
    Wednesday, November 20, 2013 7:34 AM
  • thank IAN,

    but we use TMG only for proxy server and all the publishing is done via router.. So guide me how to implement reverse proxy solution for the mobility service to external users


    Xohaib

    Wednesday, November 20, 2013 8:00 AM
  • Hi,

    Agree with Ben,

    You need a Reverse Proxy placed on DMZ zone for Mobility and you must use another Public IP point to web service on Reverse Proxy.

    You can configure TMG as Reverse Proxy for Lync server 2010 with the help of the link below:

    https://social.technet.microsoft.com/wiki/contents/articles/9807.how-to-configure-forefront-tmg-2010-as-reverse-proxy-for-lync-server-2010.aspx

    Best Regards,

    Eason Huang


    Eason Huang
    TechNet Community Support

    • Marked as answer by Kent-Huang Sunday, December 08, 2013 9:02 AM
    Wednesday, November 20, 2013 12:34 PM