locked
Skype Director and Edge RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi, I used skype topology designer to build the design and DNS/firewall requirements.

    It created the design and communication ports.

    I am confused for internal communication between Edge internal NIC and Director/Front end servers.

    Edge internal will communicate with Director or they will communicate with Skype front end servers ?

    ports needs to be open between

    1. edge internal and front server and same goes for load balancing (we are using F5 load balancer)

    or

    2. edge internal and director server and for load balancing.

    Please support and suggest.

    System Administrator

    Tuesday, June 13, 2017 5:25 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Irfan Ali Siddiqui,

    Agree with others.

    As a supplement, you will need some ports open from FE server to Edge.

    Inbound:

    ========

    Protocol  Port

    TCP   443

    TCP   444

    TCP   5061

    TCP   5269

    TCP   50000-59999

    UDP   3478

    UDP   50000-59999

     

    Regards,

    Alice Wang

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 14, 2017 3:15 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Irfan Ali Siddiqui,

    Thanks for your response.

    For your question, Microsoft is not supported to deploy SFB Edge server in the domain, if you want to deploy Edge server for your environment, you need to set up Edge server in the DMZ area, because Edge server is the required component for external access, for security concern, it is not supported to deploy it in the domain.

    I will share a document about deploying Edge server, please refer to
    https://technet.microsoft.com/en-us/library/dn933903.aspx
    http://blog.schertz.name/2016/03/skype-for-business-2015-edge-server-deployment/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Regards,

    Alice Wang

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 14, 2017 5:45 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    It is based on the next hope configured on the topology.If you have director configured in topology usually director will be the next hope from edge pool.You may verify that and accordingly you need to open ports towards the server.If the director is pointing to edge then the same ports usually open between SFB FE to Edge/Vice Versa needs to open between director and Edge.

    Jayakumar K

    • Proposed as answer by Alice-Wang Wednesday, June 14, 2017 3:11 AM
    Tuesday, June 13, 2017 7:09 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Jaya,

    It means there will be no communicate from edge to FE, if I have director in place.

    all communication from edge server will be directed to director pool. right ?

    System Administrator

    Tuesday, June 13, 2017 7:56 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Even with director, Edge will communicate with FrontEnd server. This is even if next hop is Director instead of FrontEnd: https://www.microsoft.com/en-us/download/confirmation.aspx?id=46448

    Please check protocol poster for more info.

    FrontEnd will do ICE negotiation with Edge server

    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    • Proposed as answer by Alice-Wang Wednesday, June 14, 2017 3:11 AM
    Tuesday, June 13, 2017 12:07 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Irfan Ali Siddiqui,

    Agree with others.

    As a supplement, you will need some ports open from FE server to Edge.

    Inbound:

    ========

    Protocol  Port

    TCP   443

    TCP   444

    TCP   5061

    TCP   5269

    TCP   50000-59999

    UDP   3478

    UDP   50000-59999

     

    Regards,

    Alice Wang

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 14, 2017 3:15 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks Alice. that's is what specifically I was looking for.

    Tell me one more thing or I can open a separate question for that.

    In any circumstances, it is allowed that we can join Skype edge server to domain ?

    My network team is saying if it is behind the firewall and then F5 is doing the load balancing based on ports so it doesn't matter if the edge server is joined to domain.

    they still provide me two networks on the edge server but not specifically in DMZ. as per network team DMZ is just a virtual network segregation.

    is this practice ok ?

    System Administrator

    Wednesday, June 14, 2017 5:23 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Irfan Ali Siddiqui,

    Thanks for your response.

    For your question, Microsoft is not supported to deploy SFB Edge server in the domain, if you want to deploy Edge server for your environment, you need to set up Edge server in the DMZ area, because Edge server is the required component for external access, for security concern, it is not supported to deploy it in the domain.

    I will share a document about deploying Edge server, please refer to
    https://technet.microsoft.com/en-us/library/dn933903.aspx
    http://blog.schertz.name/2016/03/skype-for-business-2015-edge-server-deployment/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Regards,

    Alice Wang

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 14, 2017 5:45 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Irfan Ali Siddiqui,

    What’s the status of your issue?

    IF the reply is helpful to you, please mark it as an answer, it will help others who have similar issue.

    Regards,

    Alice Wang

    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, June 15, 2017 9:30 AM