locked
Lync 2013 Edge connectivity RRS feed

  • Question

  • Hi all,

    just thought I'll ask the question before I make any changes to the our network. We have been forced apon an outsourcer to buid us an on-premise Lync 2013 soution. Our company is multinational, spanning the world. However, each country is infrastructure independant (although under the same AD). The outsourcer wants us to route the whole company (x.x.x.x/8) to our DMZ, where the Lync Edge server is, claiming that now clients connect directly to Edge (in some meeting scenarios), as well as FE servers. Not only I have to open the whole company to the Edge servers (on required ports) but also enable routing to our DMZ, since they cannot be sure where other Lync servers will be and at what stage.

    is that true that cleints now connect directly to Edge? what would be the point of Edge now?

    Regards all

    Tuesday, September 16, 2014 5:25 AM

Answers

  • By outside I meant public Internet, so a German user on the inside network sharing media with a German user on the outside network doesn't have to route all media through an edge in another country unnecessarily, they'd have their own edge pool for media. Most of those ports listed are needed by front end servers, not clients, so you wouldn't need them opened from everywhere, just the Lync servers. Client ports are as noted and all subnets with a server or client would want to be able to route to this edge.

    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer". SWC Unified Communications

    • Proposed as answer by Eason Huang Monday, September 22, 2014 8:57 AM
    • Marked as answer by Eason Huang Monday, September 29, 2014 3:10 AM
    Wednesday, September 17, 2014 2:31 AM

All replies

  • I can't comment on the design without knowing your network, AD, and business requirements.  I'll say you could potentially have a different edge per region depending on your design as well.  Still, yes, clients will need to be able to route TCP/443 and UDP/3478 to the internal interface of your edge server if they are sharing media with outside users.

    See the A/V section of this handy poster: http://www.microsoft.com/en-us/download/details.aspx?id=39968

    For internal/internal conversations, media and other traffic should not traverse the edge. 


    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer". SWC Unified Communications

    Tuesday, September 16, 2014 11:44 AM
  • Anthony, thank you for your reply. The countries (in the company) have pretty much their own phisycal infrastructure, but bound by the same AD, each country has its own OU. AD is linked by VPN over internet, with local DCs. It will be a federated Lync installation. They requested not just those 2 ports, but the whole bunch (below). Can I ask you what you meant by sharing media with outside users. Outside a country (within the company)? or Public Internet users?

    443/TCP
    3478/UDP
    5061/TCP
    5062/TCP
    8057/TCP
    4443/TCP
    23456/TCP
    50001/TCP
    50002/TCP
    50003/TCP

    Wednesday, September 17, 2014 12:53 AM
  • By outside I meant public Internet, so a German user on the inside network sharing media with a German user on the outside network doesn't have to route all media through an edge in another country unnecessarily, they'd have their own edge pool for media. Most of those ports listed are needed by front end servers, not clients, so you wouldn't need them opened from everywhere, just the Lync servers. Client ports are as noted and all subnets with a server or client would want to be able to route to this edge.

    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer". SWC Unified Communications

    • Proposed as answer by Eason Huang Monday, September 22, 2014 8:57 AM
    • Marked as answer by Eason Huang Monday, September 29, 2014 3:10 AM
    Wednesday, September 17, 2014 2:31 AM