Lync 2010 / 2013

jetNEXUS ALB-X Lync 2010 & 2013 Deployment Guide

Synopsis

Overview

Pre-requisites

Why
jetNEXUS?

LAB
Environment

Lync 2010/2013 Description

What
server role can be load balanced by jetNEXUS ALB-X?

Standard Lync Deployment

Configuring
External Edge Pool

Configuring
Internal Edge Pool

Configuring Reverse
Proxy

jetPACK Quick Installation

Troubleshooting

Contact
Us

Synopsis

This online guide explains briefly the concept of
Lync 2010/2013 and how
to use a edgeNEXUS Accelerating Load Balancer (ALB-X) to load balance
Lync 2010/2013
traffic.

Overview

Microsoft
Lync (previously known as Microsoft
Office Communications Server) is a real-time communications server for
the
enterprise. In response to today’s changing working patterns and the
need for
real-time collaboration, organisations are looking for integrated
productivity
tools that enable users to communicate from anywhere in a
cost-effective and
secure manner.

As with any service-oriented architecture, it is essential that
applications
run seamlessly with superb performance and robust security. The nature
of
Lync’s real-time communication and collaboration services, together
with its
business critical importance demands a high level of service delivery.

Enter
edgeNEXUS – Application Delivery Control
for Microsoft Lync

 

The
edgeNEXUS Accelerating Load Balancer is
specifically developed to improve the performance, scalability,
reliability and
manageability of Microsoft Lync. Easy to deploy, configure and
maintain, the jetNEXUS ALB-X for Lync has the simplicity of a
plug-and-play solution, with the performance capabilities to meet even
the most demanding traffic profiles.

 


Pre-requisites

The following are general prerequisites and
configuration
notes for this guide:

  • It is assumed that the reader is a
    network administrator or person familiar with networking and general
    computer terminology
  • You have set-up your Microsoft Lync
    Enterprise Server 2010 environment and have installed your jetNEXUS
    ALB-X application delivery controller
  • You have configured your internal and
    external DNS entries for the Front-End and Edge Pools, and services accessed by Reverse Proxy
  • When Microsoft refer to a hardware
    load balancer (HLB) it is equivalent to the industry term “Application
    Delivery Controller”
  • You are running Software Version 4.0.1 (Build 1576) or later on you jetNEXUS ALB-X

 

Webscheduler

It is advised to create a simple url for webscheduler. This url should map to the same external internet facing IP as meet and dialin.
E.g. you can go to https://ReverseProxyWebfqdnOfPool/scheduler where ReverseProxyWebfqdnOfPool has a separate external internal facing IP or

you can create DNS SRV records and forwarding rules for your external interface for external user signin without autodiscover and federation traffic.
For further details refer to https://technet.microsoft.com/en-us/library/gg412787.aspx

For user sign-in: _sip._tls.

-> your edge external interface FQDN.
For federation: _sipfederationtls._tcp.

-> your edge external interface FQDN.

 

Why jetNEXUS?

Server Health Monitoring Application layer server health checks, detect and route around
problems to eliminate downtime
Layer 4 & Layer 7 Load
Balancing
Speedy layer 4 load balancing with layer 7 health checks ensure the most efficient load balancing is acheived
Reverse Proxy Traffic from external clients is securely proxied by edgeNEXUS ensuring no external client can directly access internal resources
Session persistence edgeNEXUS Lync Reverse Proxy uses specifically named cookies to provide session persistence to the Front End pool
Compression Compression is automatically used to accelerate external web and mobile clients
SSL Re-encryption Enables
end to end secure encrypted traffic between client and internal
resources whilst still being able to provide acceleration and traffic
manipulation with flightPATH
flightPATH Our
intelligent application layer traffic manipulation engine can be easily
configured to redirect web and mobile clients to the correct services

 

 

LAB Environment

This
Guide for Load balancing Microsoft Lync 2010/2013 has been designed on
the following configuration.

 

  • Lync
    2010

     

  • An Enterprise Front End pool, consisting of two
    nodes. Consolidating Conferencing, Enterprise Voice and Mediation
    Server features

 

  • Each Front End server was configured on a
    Microsoft Windows 2008 R2 Server with a single NIC, on a private IP
    address. Each NIC has a single IP address.

 

 

  • An Edge pool, consisting of two nodes.
    Consolidating SIP, Web Conferencing and A/V services. Each of these
    services is configured using a common IP/Hostname and different ports
    for each service
  • Each Edge server is configured on a Microsoft
    Windows 2008 R2 Server with two NICs. One on the Private LAN, and
    another on a DMZ LAN. Each NIC has a single IP address, and the DMZ NIC
    is configured with a default gateway
  • A single Database Server, configured on a
    Microsoft Windows 2008 R2 Server running Microsoft SQL 2008 R2

 

 

  • Lync
    2013

 

  • An Enterprise Front End pool, consisting of two nodes.
    Consolidating Conferencing, Enterprise Voice and Mediation Server
    features
  • Each Front End server
    was
    configured on a Microsoft Windows 2012 Server with a single NIC, on a
    private IP address. Each NIC has a single IP address.
  • An Edge pool,
    consisting of two nodes. Consolidating SIP, Web Conferencing and A/V
    services. Each of these services is configured using a common
    IP/Hostname and different ports for each service
  • Each Edge server is
    configured on a Microsoft Windows 2012 Server with two NICs. One on the
    Private LAN, and another on a DMZ LAN. Each NIC has a single IP
    address, and the DMZ NIC is configured with a default gateway
  • A single
    Database Server, configured on a Microsoft Windows 2012 Server running
    Microsoft SQL 2012

 

 

Common to Lync 2010 & 2013

  • A single PSTN Gateway
    running a configured SIP trunk

 

  • A Single File Store, a
    simple file share available on the Private LAN

 

 

  • No Director, Archiving
    or Monitoring Servers were configured

M

 

 

Lync 2010/2013 Description

Server Roles

The Front End Server

Lync Front End pool is an array of load balanced servers that provide
services to a common group of users.

 

Front End server functions are:
Client registration and authentication
Presence availability information, DL expansion and
address book services
Web conferencing and app sharing
IM services including IM conferences (chat rooms)

 

Directors

This role can authenticate Lync Server user requests, but they do not
home user accounts or provide presence or conferencing services.
Directors are most useful to enhance security in deployments that
enable external user access. The Director can authenticate requests
before sending them on to internal servers. In the case of a
denial-of-service attack, the attack ends with the Director and does
not reach the Front End servers

 

Mediation Server

The Mediation Server is a necessary component for implementing VOIP and
voice conferencing. This role processes and translates different VOIP
codecs. If you already have an existing VOIP system, you will be
running a SIP trunk to your VOIP system. This can be collocated with
the Front End server role.

A/V Conferencing Server

A/V conferencing server provides A/V services to Lync clients. This can
be installed as a single role or with the Front End server.

 

Edge Server

Lync Edge Server role is one of the most important server roles because
it’s a proxy between internal and external clients. This role allows
Lync clients to communicate with users outside company firewalls, which
includes external users that may not have an account in your company’s
Active directory.

Archiving and Monitoring

This server role monitors your Lync Server usage. Archiving IM
conversations, Group Chat and conference logs.

 

What server role can be load balanced
by jetNEXUS ALB-X?

Front End Pool

Deploy Multiple Servers in a pool and use jetNEXUS ALB-X to load
balance the traffic

Director Pool

Deploy Multiple Director servers in a pool and use jetNEXUS ALB-X to
load balance the traffic

Mediation Pool

The Mediation Service is usually collocated on the Front End Servers

Edge Pool

Deploy Multiple Servers in a pool and use jetNEXUS ALB-X to load
balance the traffic

Reverse Proxy

The jetNEXUS ALB-X can be used as a reverse proxy to force HTTP traffic
to HTTPs and port address translate 443 to 4443 necessary for External
Web Services

 

Standard Lync Deployment

Diagram 1.1

Configuring the FrontEnd Pool

Required Services
for the Front End Pool: – Table 1.1

 

Service Name

Port

Service Type

Connectivity

Health Check

Persistence

Notes

FE
DCOM

 

135

 

Layer4 TCP

 

Reverse Proxy

 

TCP
Connect

 

IP
Bound

 

RPC/DCOM

 

FE
SIP

 

5061

 

Layer4 TCP

 

Reverse Proxy

 

TCP
Connect

 

IP
Bound

 

SIP/TLS

 

FE
App Share

 

5065

 

Layer4 TCP

 

Reverse Proxy

 

TCP
Connect

 

IP
Bound

 

Application
Sharing

 

FE
QoE

 

5069

 

Layer4 TCP

 

Reverse Proxy

TCP
Connect

 

IP
Bound

 

QoE
Agent

 

FE
Conf

 

444

 

Layer4 TCP

 

Reverse Proxy

TCP
Connect

 

IP
Bound

 

Conferencing

 

FE
Web Int

 

443

 

Layer4 TCP

 

Reverse Proxy TCP Connect

IP Bound

 

HTTPS
Internal Web Services

 

FE
Web Ext

 

4443

 

HTTP

 

Reverse Proxy

Lync
Layer7 Health Check

 

Cookie

 

HTTPS
External Web Services

 

 

Optional
Services for Front End Pool: – Table 1.2

 

Service Name

Port

Service Type

Connectivity

Health Check

Persistence

Notes

FE
Web Int

 

80

 

Layer4 TCP

 

Reverse Proxy

200OK

 

IP Bound

 

HTTP
root Cert Retrieval for Lync Phones

 

FE
Web Ext

 

8080

 

Layer4 TCP

 

Reverse Proxy

200OK

 

IP Bound

 

HTTP
root cert retrieval for Lync Phones

 

FE
CAC

 

448

 

Layer4 TCP

 

Reverse Proxy

TCP
Connection

 

IP
Bound

 

Call
Admission Control

 

FE
SIP-U

 

5060

 

Layer4 TCP

 

Reverse Proxy

TCP
Connection

 

IP
Bound

 

SIP
Unsecured

 

FE
MED

 

5067

 

Layer4 TCP

 

Reverse Proxy

TCP
Connection

 

IP
Bound

 

Mediation
Server SIP/TLS

 

FE
MED

 

5068

 

Layer4 TCP

 

Reverse Proxy

TCP
Connection

 

IP
Bound

 

Mediation
Server SIP/TCP

 

FE

 

5070

 

Layer4 TCP

 

Reverse Proxy

TCP
Connection

 

IP
Bound

 

Mediation
Server

 

FE
RSG

 

5071

 

Layer4 TCP

 

Reverse Proxy

TCP
Connection

 

IP
Bound

 

Response
Groups

 

FE
CAA

 

5072

 

Layer4 TCP

 

Reverse Proxy

TCP
Connection

 

IP
Bound

 

Conferencing
Attendant

 

FE
CA

 

5073

 

Layer4 TCP

 

Reverse Proxy

TCP
Connection

 

IP
Bound

 

Conferencing
Announcement

 

FE
OV

 

5074

 

Layer4 TCP

 

Reverse Proxy

TCP
Connection

 

IP
Bound

 

Outside
Voice Control

 

FE
CP

 

5075

 

Layer4 TCP

 

Reverse Proxy

TCP
Connection

 

IP
Bound

 

Call
Park

 

FE
CQ

 

5076

 

Layer4 TCP

 

Reverse Proxy

TCP
Connection

 

IP
Bound

 

Call
quality test

 

FE
CAC

 

5080

 

Layer4 TCP

 

Reverse Proxy

TCP
Connection

 

IP
Bound

 

Call
Admission Control

 

 

Configuring a
Virtual Service for SIP services on the Lync-Front-End Pool

1.    Log on to your jetNEXUS ALB-X https://x.x.x.x and open up the IP-Services page

2.    Click Add IP and complete each column with the
details below taking care to replace the IP addresses here with your
own.

3.    Click on the Actions – Basic Tab and set each
setting as below

4.    Click on the Actions – Advanced Tab and set each
setting as below

Configuring a Virtual Service for Additional SIP services on
the Front-End Servers

1.    Log on to your jetNEXUS ALB-X https://x.x.x.x and open up the IP-Services page
2.    Click Add Port  and complete the columns as
per Table 1.1 & 1.2 as required for your deployment
3.    The Actions-Basic settings should be configured
the same for all SIP based services

Configuring a Virtual Service for Internal HTTPS-based services for the Front-End servers

1.    Log on to your jetNEXUS ALB-X https://x.x.x.x and open up the IP-Services page

2.    Click Add IP and complete each column with the
details below taking care to replace the IP addresses here with your
own.

3.    Click on the Actions – Basic Tab and set each
setting as below

4.    Click on the Actions – Advanced Tab and set each
setting as below

Configuring a Virtual Service for External HTTPS-based services for
the Front-End servers

1.    Log on to your jetNEXUS ALB-X https://x.x.x.x and open up the IP-Services page

2.    Click Add IP and complete each column with the
details below taking care to replace the IP addresses here with your
own.

3.    Click on the Actions – Basic Tab and set each
setting as below

4.    The “Lync Layer 7 Health Check” is configured in
the Configure – Real Server Monitor section

5.    The Cookie name must be set to MS-WSMAN. Please
contact pre-sales@edgenexus.io for the Lync 2010 Cookie jetPACK which
will change this setting automatically
6.    The SSL Certificate must be the same certificate
on the Front End Servers and is typically your public certificate with subject alternative names

Export the certificate from your Front End Server (This will be a PKCS#12 and includes the private key and intermediates)
Import this certificate onto the jetNEXUS ALB-X – for details on this please see https://appstore.edgenexus.io/user-guides/user-guide-4-1-4/software-version-4-1-4-user-guide/ssl-certificates/
The certificate will now be available to choose from the drop down list in the SSL section. Our example above shows “sipjetnexuscom” which is a friendly name for our external certificate

7.    Content SSL must be set to Any for SSL Bridging also known as SSL  Re-Encryption

Configuring the Edge Pool

External Interface

1.    Log on to your jetNEXUS ALB-X https://x.x.x.x and open up the IP Services page

2.    Click Add IP and complete each column with the
details below taking care to replace the IP addresses here with your
own.

3.    Click on the Actions – Basic Tab and set each
setting as below

4. In this instance we have one Public IP address 200.200.200.1 for
sip.domain.com which will be forwarded to jetNEXUS ALB-X Channel IP of
10.1.2.1 and the three services SIP, AV and Conferencing are split by
port consistent with a Lync Consolidated Edge Topology

5.    Each Edge Server will need a Public IP address and
here we have given Edge Server2 the Public IP address 200.200.200.12.
Where Public IP is an internet routable IP address
6.    You will then need to create a one to one NAT for
this public IP address to the External IP address of each Edge Server.
Where External IP is the private IP address of the External interface
of the Edge server. In this instance the External Interface IP    address
of Edge Server 2 is 10.1.2.12

7.    The External Lync Client makes an initial
connection to sip.domain.com which is then forwarded to the jetNEXUS
VIP and load balanced to the external interface of one of the Edge
Servers

8.    The Edge server responds to the client via the
load balancer with its  Public IP address 200.200.200.12

  1. 9.
    The Lync Client then connects direct with the Edge Server’s public
    address

10.    Ensure you have the correct firewall rules for
the Edge Server ports. http://technet.microsoft.com/en-us/library/gg425882.aspx

Edge Internal Interface

    1. 1.   Log on to your
      jetNEXUS ALB-X https://x.x.x.x and open up the IP Services page

2.    Click Add IP and complete each column with the
details below taking care to replace the IP addresses here with your
own.

3.    Click on the Actions – Basic Tab and set each
setting as below

Configuring the ALB-X as a Reverse
Proxy

  1. 1.   Log on to your jetNEXUS
    ALB-X https://x.x.x.x and
    open up the IP Services page

2.    Click Add IP and complete each column with the
details below taking care to replace the IP addresses here with your
own.

3.    Notice on the 443 Channel we have port address
translated to 4443 to the Lync Front End Servers. Now Click for the 443
channel on the Actions – Basic Tab and set each setting as below

4.    The recommended policy is to run a flightPATH rule
on the HTTP port 80 channel to redirect all traffic to the secure HTTPS
443 channel.

5.    The flightPATH rule flightPATH 1 – Redirect to HTTPS is configured in
the Configure—flightPATH section as below. The Condition and Evaluation should be left blank and the Action is detailed below

jetPACK Quick Installation

The jetNEXUS ALB-X can be configured automatically with a Lync 2010/2013
“jetPACK”, template which is fully-tuned with all of the
application-specific settings that you need in order to enjoy optimised
service delivery from your ALB-X
If you supply the virtual IP
address and real server IP addresses to support@edgenexus.io we will
send you a custom jetPACK that you simply upload to the jetNEXUS ALB-X
The upload can be done via the GUI and will be fully configured in less
than 1 minute
The relevant jetPACK can be applied to multiple jetNEXUS ALB-X
appliances saving valuable time and eliminating simple mistakes
For more information and to download a jetPACK please go
to our website https://appstore.edgenexus.io/jetpack-2/#Microsoft_Lync

 

Troubleshooting

Further help can be found on the main edgeNEXUS website

http://www.edgenexus.io/support/

User central

 

Contact Us

I hope you have found this Deployment Guide informative, but if you
need any clarification or further information, please do not hesitate
to get in contact with edgeNEXUS Support:

E-mail

support@jetNEXUS.com

Phone

+44 (0870) 382 5529

Blog

http://jetNEXUS.blogspot.com/

CONTACT US

We're not around right now. But you can send us an email and we'll get back to you, asap.

Sending

Log in with your credentials

Forgot your details?