none
Lync Reverse Proxy

    Question

  • Hi,

     

    Have seen couple of posts in this forum regarding support for Lync reverse proxying using UAG. Currently, i was planning to reverse proxy Lync web services and simple URLs using UAG. But looks this isn't officially supported ?

    And if so,  is TMG officially supported as a Reverse Proxy ? And does it then support reverse proxying Lync reverse proxying and other web publishing (Exchange OWA, Outlook Anywhere, Active Sync etc.)/ Sharepoint sites ?

    Also does UAG support multiple host headers (like in TMG, we can have multiple public names mapping to same publishing rule)

     

    Thanks,

    Ravi

    Monday, September 26, 2011 10:02 PM

All replies

  • To my knowledge, Lync publishing is not currenlty supported by the UAG product group and OCS wasn't either, hence why I wrote this: http://blog.msedge.org.uk/2010/10/publishing-ocs-2007-r2-web-components.html

    However, I don't believe the same approach is possible with Lync though, as it uses 8443 on the backend and UAG does support publishing non-standard web ports on backend servers.

    TMG is a good option though, and yes, you can also use the same reverse proxy for Exchange and SharePoint. There is no reason why you couldn't still use UAG for Exchange and SharePoint though and use TMG exclusively for Lync. Guess it depends if you need the UAG benefits for Exchange/SharePoint.

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Monday, September 26, 2011 10:27 PM
    Moderator
  • Thanks Jason,

    Primarily my requirement is to publish websites (Exchange, Sharepoint) and Lync Reverse Proxy. From a UAG benefit perspective, i am currently not looking at End point compliance etc. Does publishing these through TMG have any drawbacks ? Wouldn't really want to go in for UAG + TMG combinations for obvious reasons (support, licenses, infra etc.) .

    Also any idea on Microsoft's stand on officially supporting reverse proxy implementations on TMG ?

    Cheers,

    Ravi

     

    Tuesday, September 27, 2011 8:16 AM
  • Hi Ravi,

    I don't think I have seen a "TMG is fully supported with Lync" statement, but I am sure TMG is discussed in the Lync design material like this:

    http://technet.microsoft.com/en-us/library/gg398069.aspx

    Often MS get criticised for pushing their own products, so sometimes use the term "reverse proxy" to be a little more product agnostic. Similar story with PKI and AD CS.

    It sounds like TMG would be the better option for you and will probably save on cost too...

    I am aware that the UAG product team were looking at adding support for other core MS apps into UAG during an upcoming update, but nothing has been publically announed or confirmed yet.

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, September 27, 2011 8:42 AM
    Moderator
  • It is possible to publish Lync but not using a traditional trunk in UAG. (I tried with partial success but the WebApp fails to initialize when joining a meeting)Although there are rumors that Lync will be added in the near future. You will need to publish Lync on your UAG server using TMG Publishing Rules and a listener. But first you have to modify the IIS bindings configured by UAG so that the IP address you want to publish Lync on is available to TMG. After i figured this out the hard way I ran across a post another guy had made on this very same topic. You can find it here and good luck!

    http://ocsguy.com/2010/08/30/reverse-proxy-bang-for-your-buck/

     


    Steve Angell - IDA Consultant (http://www.InfraScience.com)
    Tuesday, September 27, 2011 8:47 PM
  • Hmmm...that is a pretty nasty hack though and completely unsupported by the UAG PG. It does work if you are desperate and happy to accept the support limitations ;)


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, September 27, 2011 9:00 PM
    Moderator
  • Hmmm...that is a pretty nasty hack though and completely unsupported by the UAG PG. It does work if you are desperate and happy to accept the support limitations ;)


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    Agreed, but like you said, for now it does work. At least until it is officially supported in UAG.
    Steve Angell - IDA Consultant (http://www.InfraScience.com)
    Tuesday, September 27, 2011 9:02 PM
  • Yeah, roll on the next update and here's hoping it adds this functionality...it is quite a common ask...
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, September 27, 2011 9:07 PM
    Moderator
  • Hi Sangellga\Jason Jose,

    You had written "I tried with partial success but the WebApp fails to initialize when joining a meeting)"

     "You will need to publish Lync on your UAG server using TMG Publishing Rules and a listener. But first you have to modify the IIS bindings configured by UAG so that the IP address you want to publish Lync on is available to TMG. "

    So webapp worked fine after the following the above? 

    We have UAG in our environment and need to publish meet, dial-in and Web components through UAG for Lync. Could you confirm that all of these worked for you with TMG Publishing rule in UAG? (Irrespective of Microsoft support for this)

    Thanks

    Suhas

     


     

    Wednesday, September 28, 2011 9:07 PM
  • All function using TMG publishing rules on a UAG server.

     

    Oddly I was able to get everything except the Web App using a Trunk in UAG but just could not get passed that point.


    Steve Angell - IDA Consultant (http://www.InfraScience.com)
    Thursday, September 29, 2011 5:47 PM