locked
Publish Lync using KEMP LoadMaster RRS feed

  • Question

  • Hi all,

    We are in the process of deploying Lync Server 2010 Standard (1 x Standard, 1 x Edge Server so no load balancing required) and will soon be tackling the publishing of the URL's (meet, dialin, etc).  We have both UAG and KEMP LoadMasters available to us but we want to try and understand the comparison between the two.  Is one more secure than the other?

    We currently have it configured to go through the Loadmaster using Layer 7.  It is listening on 443 and sending the traffic to the FE server on 4443.  We have also installed the public SSL cert on to it.

    Every single piece of documentation I read states that you 'must' use a reverse proxy to publish the URL's.

    Many thanks in advance,

    Graham

    Monday, July 16, 2012 8:51 AM

Answers

  • UAG and a HLB like the Kemp product are not really the same thing so it is difficult to compare them. Even though they can both act as a reverse proxy this is a very limited use of their capabilities. Also, don't forget that UAG does not currently support Lync mobility so if this is important to you the question might be academic if you want to deploy mobility.

    Perhaps a better question is what you are you using for HLB on your Edge environment. If you are not using HLB then I would stick with UAG but if you plan on deploying HLB then I'm not sure that it matters what you use.

    Monday, July 16, 2012 12:47 PM
  • Theoretically you can does this but the HLB would just serve as a port forwarder and not a true reverse proxy, and there will be no traffic inspection performed, leaving the internal server susceptible to attacks.

    Jeff Schertz | Microsoft Solutions Architect - Polycom | Lync MVP

    Monday, July 16, 2012 1:06 PM
    Moderator

All replies

  • Hi,

    you Need the URL's for several function, like addressbook syncronisation for the lync Client and also for sharing content in a meeting and also for the Registration process of the Lync mobile Client.

    Maybe this will help, it is the configuration for TMG

    http://www.darylhunter.me/blog/2011/11/lync-2010-reverse-proxy-part-3.html

    http://ucken.blogspot.de/2011/07/configuring-lync-for-external-access.html


    regards Holger Technical Specialist UC

    Monday, July 16, 2012 9:08 AM
  • Hi Holger,

    My question is not related to the URL's specifically, I already have a good understanding of them and their purpose.

    It's also important to note that we have UAG, not TMG.

    My question is essentially; would it be ok to use the Kemp Loadmaster as the Reverse Proxy.

    Graham

    Monday, July 16, 2012 9:55 AM
  • UAG and a HLB like the Kemp product are not really the same thing so it is difficult to compare them. Even though they can both act as a reverse proxy this is a very limited use of their capabilities. Also, don't forget that UAG does not currently support Lync mobility so if this is important to you the question might be academic if you want to deploy mobility.

    Perhaps a better question is what you are you using for HLB on your Edge environment. If you are not using HLB then I would stick with UAG but if you plan on deploying HLB then I'm not sure that it matters what you use.

    Monday, July 16, 2012 12:47 PM
  • Theoretically you can does this but the HLB would just serve as a port forwarder and not a true reverse proxy, and there will be no traffic inspection performed, leaving the internal server susceptible to attacks.

    Jeff Schertz | Microsoft Solutions Architect - Polycom | Lync MVP

    Monday, July 16, 2012 1:06 PM
    Moderator
  • Thanks all,

    We do require the autodiscover / mobility feature and it is those services that we were unable to get working though UAG.  We did manage to get the meet, dialin & Lyncweb URL's published however.

    Monday, July 16, 2012 1:35 PM
  • Hi,Birtybasset,

    I think ALANMAD and Jeff has explain the difference between UAG and HLB when publishing Lync web services.As ALANMAD,currently UAG doesn't support Lync mobility,however you may get it works with adding another public IP on UAG for lyncdiscover,details you can check http://adfordummiez.com/?p=326  (Note:It's not a recommended way and you may hit the Microsoft unsupport criteria).

    B/R

    Sharon


    Sharon Shen

    TechNet Community Support

    ************************************************************************************************************************

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

    Tuesday, July 17, 2012 6:22 AM
    Moderator