Lync Edge external NIC with UAG RRS feed

  • General discussion

  • Our UAG is setup with a single NAT's external IP and a single trunk that already has OWA and ActiveSync publicly available. I need to publish Lync 2013. I currently have a stand-alone Lync Front end server.

    When I create lync edge in topology builder, do I specify UAG external NIC address as an edge server external NIC? if so, after i am done with topology builder and am ready to run Lync local setup on my edge server (in a workgroup), what do I do with the external NIC on edge server. Obviously I cannot assign the same external IP that belongs to UAG external NIC. Do i just not configure external NIC on edge server?

    Thursday, May 2, 2013 8:20 PM

All replies

  • Hi,

    Couple of comments.

    Lync 2013 is not yet (?) supported by UAG. There's no official word afaik it will.

    UAG will only support the web-based parts of Lync, but not the mobility parts. See http://technet.microsoft.com/en-us/library/hh490317.aspx

    I doubt when/if 2013 comes, that will change.

    For the 2013 publishing questions, I am not a Lync person. If you want to give it a shot despite the comments above, treat it as a 2010 setup.

    Hth, Anders Janson Enfo Zipper

    Monday, May 6, 2013 8:15 AM
  • Anders is correct to point out that UAG can only publish the web parts of Lync, so make sure that will meet your needs. If it does not, then you need to setup a regular Lync Edge server and at that point you might as well run all of your external Lync traffic through it.

    UAG and Lync Edge are two different things (obviously :) but even with regards to Lync publishing). When you use UAG to publish Lync, you don't need a Lync Edge server. And when you use a Lync Edge server, you really don't need UAG (for the purposes of Lync).

    Also keep in mind that publishing Lync through UAG requires a very particularly created SAN certificate. You can NOT use a wildcard, so you'll most likely have to publish Lync on its own portal and keep it away from your Exchange traffic, depending on what the certificate looks like for that trunk.

    Monday, May 6, 2013 6:34 PM
  • 0

    If i want to publish Lync 2013 using UAG and treat it like Lync 2010, are you saying i dont need an edge server? Edge pool has to be created for sure. Where would i create it then?

    Also, what if i just want to enabled federation via UAG as oppsed to opening my edge pool to the outside. Would that work?

    Monday, May 6, 2013 7:02 PM
  • I'm afraid I don't know the Lync configuration side of it as well. I have helped a number of people get Lync published through UAG, it essentially acts as a reverse proxy for the Lync web services, and so you don't need Lync Edge server for that, as UAG just pushes the traffic through to the internal Lync server. Beyond that, I don't know how the pool configuration has to be configured. Sorry!
    Monday, May 6, 2013 7:59 PM
  • The Lync Edge server is required for remote users to sign in to Lync and use audio/video without a VPN as well as federation. A separate reverse proxy is required for some Lync client functionality, mobility and for remote meeting join (Lync client and Lync Web App). In the topology you will specify a Lync Edge pool and the reverse proxy is on the pool 'External web services'.

    As Anders mentioned above UAG is not officially supported on UAG - but it does work. I recently published a blog about using UAG 2010 to publish Lync 2013 web services, mobility and Office Web Apps, but you will need a new trunk as it can't use the normal UAG authentication.


    Thursday, May 9, 2013 1:19 AM
  • Thank you, Mark. Do i specify reverse proxy as external web services under standard edition front end servers? Is it ok to specify internal FQDN for my UAG as UAG is joined to domain?

    In your blog, you recommend creating autodiscover app under Lync trunk. How will autodiscover work if i never defined it on my single fron end Lync 2013 server?

    Tuesday, May 14, 2013 7:20 PM
  • The External web services is what external users will connect to - so it needs to be the public external IP address of the UAG trunk and must have a DNS entry publicly resolvable. For a Standard Edition server you cannot modify the Internal web services URL as it is the server FQDN.

    For your second question, Lyncdiscover isn't something you need to define in the Lync topology. You will need an external DNS entry for lyncdiscover.sipdomain and an internal DNS entry (or hosts file on the UAG) for whatever you specify on the 'Web Servers / Addresses' part on the UAG application.

    Wednesday, May 15, 2013 7:34 AM