none
Lync server 2013 external access with 1 public IP and without reverse proxy

    Question

  • Hi everyone,

    I'm installing a Lync 2013 test environment.

    This is just for testing and I can't spend too much money on it.

    Because of that I want to try to get external access without installing a reverse proxy and with only one public IP address on the edge server.

    I know this is not recommended, but I would still like to know if that's possible, and how I can do this.

    I'm following this tutorial for configuring the edge: http://ocsguy.com/2010/11/21/deploying-an-edge-server-with-lync/

    Thanks

    Thursday, October 03, 2013 10:39 AM

Answers

  • U can install edge server using single public IP, make sure you have correct Public DNS records,

    A -->sip.contoso.com-->map to public IP

    SRV-->_sip._tls.contoso.com-->map to sip.contoso.com on port 443

    and if u want federation then below SRV

    SRV-->_sipfederationtls._tcp.contoso.com-->map to sip.contoso.com on port 5061

    For installtion and deployment of edge follow the same article which u mentioned in the question.


    Praveen | MCSE Messaging 2003

    • Marked as answer by Kent-Huang Tuesday, October 22, 2013 2:29 AM
    Thursday, October 03, 2013 1:43 PM
  • Hi Dragonis,

    Yes, it is possible to access to logon external if you have an Edge server in DMZ.

    The link you provided using three public IPs, so it is not apply for you.

    You can use one public IP with NAT to the private IPs of Lync Edge three services (Access Edge service, Web conferencing service and A/V service).

    You can refer to the following link about deploy Edge server with One Public IP:

    http://terenceluk.blogspot.in/2013/01/deploying-lync-server-2013-edge-server.html

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    The Reverse Proxy server is an optional, external component that is not a Lync Server role and is not defined in the Lync Topology.  The reason this component is considered optional is because without it deployed an external Lync client can still connect to Lync and most features will function (IM, Presence, Calls, Desktop Sharing, etc.) as will federated communications.  Only the feature listed on the link below will not be available to external clients, which although are important in a fully functional deployment they are not critical.  Yet best practice is always to provide for these features by publishing the internal web services. A Reverse Proxy is also required to support any external Mobility client connectivity.

    http://technet.microsoft.com/en-us/library/gg398069

    Best Regards,

    Eason Huang

    • Marked as answer by Kent-Huang Tuesday, October 22, 2013 2:29 AM
    Friday, October 04, 2013 11:36 AM

All replies

  • Hi,

    If the PC/Notebook is domain joined you can connect externally. You will loose the ability to have Lync Meeting, Mobility, Address Book download/Query or any service provided by Reverse Proxy.

    David

    Thursday, October 03, 2013 12:38 PM
  • U can install edge server using single public IP, make sure you have correct Public DNS records,

    A -->sip.contoso.com-->map to public IP

    SRV-->_sip._tls.contoso.com-->map to sip.contoso.com on port 443

    and if u want federation then below SRV

    SRV-->_sipfederationtls._tcp.contoso.com-->map to sip.contoso.com on port 5061

    For installtion and deployment of edge follow the same article which u mentioned in the question.


    Praveen | MCSE Messaging 2003

    • Marked as answer by Kent-Huang Tuesday, October 22, 2013 2:29 AM
    Thursday, October 03, 2013 1:43 PM
  • Praveen,

    Thanks for your help.

    I have one question: Those two records, do I have to create them at my internal DNS or at my external? I'm a little bit lost when it comes to DNS.

    I don't use federation. That's not relevant for my test environment for now.

    Friday, October 04, 2013 11:21 AM
  • Hi Dragonis,

    Yes, it is possible to access to logon external if you have an Edge server in DMZ.

    The link you provided using three public IPs, so it is not apply for you.

    You can use one public IP with NAT to the private IPs of Lync Edge three services (Access Edge service, Web conferencing service and A/V service).

    You can refer to the following link about deploy Edge server with One Public IP:

    http://terenceluk.blogspot.in/2013/01/deploying-lync-server-2013-edge-server.html

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    The Reverse Proxy server is an optional, external component that is not a Lync Server role and is not defined in the Lync Topology.  The reason this component is considered optional is because without it deployed an external Lync client can still connect to Lync and most features will function (IM, Presence, Calls, Desktop Sharing, etc.) as will federated communications.  Only the feature listed on the link below will not be available to external clients, which although are important in a fully functional deployment they are not critical.  Yet best practice is always to provide for these features by publishing the internal web services. A Reverse Proxy is also required to support any external Mobility client connectivity.

    http://technet.microsoft.com/en-us/library/gg398069

    Best Regards,

    Eason Huang

    • Marked as answer by Kent-Huang Tuesday, October 22, 2013 2:29 AM
    Friday, October 04, 2013 11:36 AM
  • the one which i mentioned before are all external records.

    Praveen | MCSE Messaging 2003

    Saturday, October 05, 2013 8:52 AM
  • This is so wrong.

    When using single public IP on edge server, SRV record for _sip._tls.contoso.com should map to sip.contoso.com on port 5061. Not 443 which is the default when you're using three IP addresses. Lync setup actually sets sip to 5061, webconf to 444 and av to 443.  The SRV will therefore map to av according to your suggestion and not sip.

    http://techdom.nl/microsoft/configuring-lync-2010-single-public-ip-address-external-access-port-summary/

    Thursday, November 07, 2013 9:17 PM
  • This guy wins the Internet.  Why is it that Microsoft's own documentation gets this wrong?  Either way, I'm glad I found this because I surely didn't want to waste 3 IP addresses on my Edge server.  I incorrectly had my _sip._tls.domain.com record on port 443 and wasn't suspecting anything amiss until I noticed my Lync qualified handset trying to make a TLS connection on my sip.domain.com server at port 443.

    MICROSOFT: please make this VERY clear in your Lync documentation!

    Wednesday, January 15, 2014 5:27 AM