locked
In skype for business single reverse proxy is used for 2 Data center ? RRS feed

  • Question

  • Hello folks, 

    I having 2 sites 

    Site A 

    1 Standard edition server 
    1 Edge server 
    1 Reverse proxy ( netscalar)
    Firewall
    Ingress/ Egress routing are from site A

    Site B 

    1 Standard edition server
    1 Edge server

    Currently I having HLB for edge services and web services URL at site A. 

    Now I am going to implement new site B, but in site B there is no Reverse proxy. 

    I want to know what kind of load balancing used for web services URL and edge services for site B?  and how traffic flow from site B to site A reverse proxy? 

    Please let me share idea and documents for this. 

    Regards,

    Vivin


    Tuesday, December 18, 2018 4:43 PM

Answers

  • Hi,

    Actually Reverse Proxy works for port address translation that translating from TCP port 80 facing external, to TCP port 8080 facing internal. 

    External users get connected to the reverse proxy with https on port 443 and from there it'll get forwarded to 4443 on FE. 

    In site B, you will need to define a new External web service FQDN and create a new A record in DNS (both internal and external DNS configuration) pointing this External web service FQDN to RP public IP of site A.


    Also please update RP certificate SAN to add external web service FQDN of site B.


    Kind regards,

    Calvin Liu


    Please remember to mark the reply as an answer if you find it is helpful. It will assist others who has similar issue. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by K.Vivin Wednesday, December 19, 2018 11:25 AM
    Wednesday, December 19, 2018 9:40 AM
  • Agree with Calvin.

    You don't have to have a Reverse Proxy at Site A if you don't want to.

    However you can.

    As long as you have your DNS records correctly for the External Web Services FQDN, they'll come into the Reverse Proxy and then you just offload them to the Site B Front End Server (Port 443 to 4443)

    so webextfqdn1 will come into RP and go to Site A FE

    and webextfqdn2 will come into RP and go to Site B FE.

    If you want to load balance RP's (I know this can be done with Kemp so you have a shared IP across 2 sites for resilience) or have separate Reverse Proxies, then that's up to you.

    As Calvin says, remember to update the certificate although RP's do accept wildcards so if you're using that then there's no need to change.

    Regards

    • Marked as answer by K.Vivin Wednesday, December 19, 2018 11:25 AM
    Wednesday, December 19, 2018 11:12 AM

All replies

  • I am not sure you would be able to collate site A  revers proxy for site B, or my understanding id wrong ? .. here is the Microsoft site which says 

    • You can't collocate a reverse proxy server, which isn't a Skype for Business Server component, and may not even be in your topology. You'll need a reverse proxy if you want to support sharing of web content for federated users, among many other things. If you need to, go ahead and implement reverse proxy support for Skype for Business Server by configuring an existing reverse proxy server that's already in your organization that's being used by other applications.

    • You can't collocate any Exchange UM component or SharePoint Server component with any Skype for Business Server role.

    https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/topology-basics/topology-basics

    Dose it make sense ?

    Tuesday, December 18, 2018 9:12 PM
  • Hello Thuyavan,

    I am using reverse proxy (net-scalar) for skype for business server services alone and device is placed at site A. In this Net-scalar all my edge services are HLB too. 

    I am planning to build new site B. There i am going to use 1 standard edition server and 1 edge server. 

    For site B I planned DNS load balancing for all my edge services( No net-scalar deployed at site B for HLB). 

    So, Can I point my web services from site B to reverse proxy (net-scalar) located in site A?. If your answer yes, please let me know what is pros and cons of web traffic routing from site B to site A reverse proxy.

    Regards,

    Vivin

    Wednesday, December 19, 2018 1:58 AM
  • Hi,

    Actually Reverse Proxy works for port address translation that translating from TCP port 80 facing external, to TCP port 8080 facing internal. 

    External users get connected to the reverse proxy with https on port 443 and from there it'll get forwarded to 4443 on FE. 

    In site B, you will need to define a new External web service FQDN and create a new A record in DNS (both internal and external DNS configuration) pointing this External web service FQDN to RP public IP of site A.


    Also please update RP certificate SAN to add external web service FQDN of site B.


    Kind regards,

    Calvin Liu


    Please remember to mark the reply as an answer if you find it is helpful. It will assist others who has similar issue. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by K.Vivin Wednesday, December 19, 2018 11:25 AM
    Wednesday, December 19, 2018 9:40 AM
  • Agree with Calvin.

    You don't have to have a Reverse Proxy at Site A if you don't want to.

    However you can.

    As long as you have your DNS records correctly for the External Web Services FQDN, they'll come into the Reverse Proxy and then you just offload them to the Site B Front End Server (Port 443 to 4443)

    so webextfqdn1 will come into RP and go to Site A FE

    and webextfqdn2 will come into RP and go to Site B FE.

    If you want to load balance RP's (I know this can be done with Kemp so you have a shared IP across 2 sites for resilience) or have separate Reverse Proxies, then that's up to you.

    As Calvin says, remember to update the certificate although RP's do accept wildcards so if you're using that then there's no need to change.

    Regards

    • Marked as answer by K.Vivin Wednesday, December 19, 2018 11:25 AM
    Wednesday, December 19, 2018 11:12 AM
  • I got clear picture. Thank you very much Calvin. 

    Thanks for Thuyavan for your input too. 

    Both are Much appreciated. 

    Regards,

    Vivin

    Wednesday, December 19, 2018 11:25 AM
  • Thanks a lot Sir. 

    I hope this helps. If you feel this answers your question please give a like and set as the solution. If not please let me

    Wednesday, December 19, 2018 7:15 PM
  • Hi Vivin,

    You are welcome!

    Kind regards,

    Calvin Liu


    Please remember to mark the reply as an answer if you find it is helpful. It will assist others who has similar issue. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, December 20, 2018 1:41 AM