locked
Skype for Business 2015: Login without Corporate VPN RRS feed

  • Question

  • Hi
    We are currently running a Skype for Business 2015 Standard environment that is configured for Chat only.  There are no plans to use any of the meeting, audio, or telephony options with Skype.  That said, since the install we have needed to connect to Skype using our corporate VPN, when outside of the office, but now we are being asked to remove the need for VPN and expose Skype to the internet, similar to the way Outlook is able to authenticate to Exchange without VPN.

    I'm having trouble determining the best practice and installation options for doing this.  Is it as simple as opening ports on the firewall, and NATing our Skype server?  Or do I need a more complicated install, consisting of an Edge server, Load Balancer, and ADFS services?

    We aren't concerned with external users (non-corporate) logging into meetings using their credentials, and also we don't need to see external user presence or engage them in IM.  We just want the ability to log into the Skype client without the use of VPN, and have it secure. 

    Thanks for any advice you can give.



    • Edited by DrJuice Wednesday, May 30, 2018 3:11 PM
    Wednesday, May 30, 2018 2:07 PM

Answers

  • Hi DrJuice,

    If you want to external users to sign in SFB without VPN, you should deploy a edge server in the DMZ, buy a certificates from public CA for edge server and you need a public IP for the edge server.

    If you want to deploy an edge server, you could refer to this link.

    https://gallery.technet.microsoft.com/lync/Step-By-Step-Deploy-Skype-1e24428e


    Best Regards,
    Leon Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, May 31, 2018 3:05 AM

All replies

  • Hi DrJuice,

    If you want to external users to sign in SFB without VPN, you should deploy a edge server in the DMZ, buy a certificates from public CA for edge server and you need a public IP for the edge server.

    If you want to deploy an edge server, you could refer to this link.

    https://gallery.technet.microsoft.com/lync/Step-By-Step-Deploy-Skype-1e24428e


    Best Regards,
    Leon Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, May 31, 2018 3:05 AM
  • Hi DrJuice,

    Like Leon says you need an Edge server, with an Edge server also enables you to federate with other companies if desired. 

    For external login is best to use a Load Balancer for the webservices. The client does do a DNS lookup via lyncdiscover.domain.com.

    Check the technical diagram how the flow goes and what the requirments are (network, servers etc)

    https://docs.microsoft.com/en-us/skypeforbusiness/technical-diagrams

    Greetings,

    Erdem


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

    Thursday, May 31, 2018 6:50 AM
  • Hi ,

     

    Do you have some updates? If the reply help to you ,please mark the reply as answer.


    Best Regards,
    Leon Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, June 7, 2018 9:03 AM
  • Thanks for the advice.  I'm in the process of installing an Edge server with the Access Edge role only, and configuring it in our DMZ.  If we ever have the need for the other features of Skype for Business, then the Edge server will be there and ready to be modified for extension.

    Regards
    Tony

    Friday, June 8, 2018 8:19 PM