locked
S4B Standard Edition deployement in a branch Site throught VPN Site-2-Site RRS feed

  • Question

  • Hi,

    I'm currently studying the deployment of Skype For Business.In my case,

    I have two sites A and B in two different countries. Let A be the main site.

    Currently these two sites are linked together through a Site-2-Site VPN and each site has a firewall (TMG 2010).

    My objectives:

    Have Skype For Business on both sites with full functionality.

    My constraints:

    - Use Skype For Business Standard Edition.

    - I would like to have a complete installation of skype for business Standard Edition in the branch site (no SBA and no SBS).

    My questions:

    1- Am I already on a good track?

    2- Do the two Front End A and B servers have to be paired?

    3- A single Edge server in the main site A can be used by the branch site B? (Just need a confirmation :))

    4- Is it possible to bypass the VPN for SIP traffic in the branch B site?

    It will be very cool if you can share some useful links for my scenario

    Thank you!

    Tuesday, July 4, 2017 12:21 PM

Answers

  • 1 - Yes. But you might have an problem with VPN performance if users will communicate with each other between Site A and Site B. I think that you have domain controllers from the same Active Directory in both sites. The Front End servers in both sites can share SIP domain.

    2- No. You not need to pair them. The pairing is for Disaster Recovery so if the Front End in Site A crashed all Site A users can be activated in Site B, so the pairing might not be a bad option.

    3- Yes. It's no problem for Site B Front End servers to use Edge servers placed in Site A as long as firewall rules accept the communication.

    4 - I'm not sure why you want to bypass the VPN for SIP traffic? SIP traffic to the Edge (internet) will go from clients in Site B thru VPN to Site A Edge.

    • Marked as answer by SChniter Friday, July 14, 2017 10:19 AM
    Tuesday, July 4, 2017 1:18 PM

All replies

  • 1 - Yes. But you might have an problem with VPN performance if users will communicate with each other between Site A and Site B. I think that you have domain controllers from the same Active Directory in both sites. The Front End servers in both sites can share SIP domain.

    2- No. You not need to pair them. The pairing is for Disaster Recovery so if the Front End in Site A crashed all Site A users can be activated in Site B, so the pairing might not be a bad option.

    3- Yes. It's no problem for Site B Front End servers to use Edge servers placed in Site A as long as firewall rules accept the communication.

    4 - I'm not sure why you want to bypass the VPN for SIP traffic? SIP traffic to the Edge (internet) will go from clients in Site B thru VPN to Site A Edge.

    • Marked as answer by SChniter Friday, July 14, 2017 10:19 AM
    Tuesday, July 4, 2017 1:18 PM
  • Thank you for your reply Linus,

    1 - Yes. But you might have an problem with VPN performance if users will communicate with each other between Site A and Site B.

    => This is why i want to bypass VPN between A and B.

    In addition to that, all SIP traffic from/to site B will pass throught principal site A edge, so it will pass throught VPN after that... (Maybe i missed some tips)

    Sami,

    Tuesday, July 4, 2017 1:41 PM
  • Agree with Linus

    Wednesday, July 5, 2017 7:12 AM
  • If you will have the same Active Directory on both sites and share the SIP domain (ex. contoso.com) between the sites you will not be able to bypass the VPN. Maybe an MPLS network or better VPN solution could help you.

    One option is to only have servers at site A and have the Site B users to connect via the Edge servers.

    Wednesday, July 5, 2017 7:53 AM