8/7/2016 Skype for Business. Edge & Reverse Proxy. Md Shaifullah Mozide Palash

Similar documents
Module 6. Designing and Deploying External Access. MVA Jump Start

Deploying the BIG-IP System with Microsoft Lync Server 2010 and 2013 for Site Resiliency

EDGE SERVER. Predavatelj: Sašo Erdeljanov, MVP Exchange Podjetje: Sašo Erdeljanov s.p.

Microsoft Lync Server Overview

Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2. Office Communications Server Overview.

Lync Certificate Planning and Assignments (Edge, Reverse Proxy, Director, Frontend, Mediation, WAC)

Deploying BIG-IP LTM with Microsoft Lync Server 2010 and 2013

Deploying the BIG-IP LTM with Microsoft Skype for Business

Deployment Guide. Microsoft Lync 2013 and Citrix NetScaler Deployment Guide. citrix.com

Load Balancing Microsoft Lync 2010 Load Balancing Microsoft Lync Deployment Guide

Application Notes for Microsoft Office Communicator R2 Client integration with Avaya one-x Portal and Intelligent Presence Server - Issue 1.

Cisco Collaboration with Microsoft Interoperability

Microsoft.Braindumps v by.Toni.75q

HOSTED LYNC EXPRESS. Administrator s Guide. This guide will help enable the customer to set up and maintain the HLE services for their organization.

MS Skype for Business and Lync. Integration Guide

Microsoft Lync 2010 Deployment Guide

Microsoft Exam-Osler

Personal Telepresence. Place the VidyoPortal/VidyoRouter on a public Static IP address

Deployment Guide July-2014 rev. a. Deploying Array Networks APV Series Application Delivery Controllers for Microsoft Lync Server 2013

Technical White Paper

Deployment Guide. AX Series for Microsoft Lync Server 2010

How to Configure an Initial Installation of the VMware ESXi Hypervisor

Pexip Reverse Proxy and TURN Server Deployment Guide

Unified Communications in RealPresence Access Director System Environments

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition


Load Balancing Microsoft Lync Deployment Guide

Application Note. SIP Domain Management

PRODUCT VERSION: LYNC SERVER 2010, LYNC SERVER 2013, WINDOWS SERVER 2008

ARR Reverse proxy deployment for Lync 2013

Module 4. Planning and Designing Load Balancing

Integrating Avaya Aura Presence Services with Microsoft OCS

Core Solutions of Microsoft Lync Server 2013

Connecting With Lifesize Cloud

Core Solutions of Microsoft Lync Server 2013

Deploying the BIG-IP LTM v10 with Microsoft Lync Server 2010 and 2013

50573: Premier Support for Lync Partners Tier 2. Sobre o curso. Microsoft - Servidores

IM and Presence. Skype for Business 2015 users. Legend. Skype for Business 2015 users. Active Directory Domain Services.

Radware s AppDirector. And. Microsoft Office Communications Server R2. Integration Guide

Load Balancing for Microsoft Office Communication Server 2007 Release 2

Connecting With Lifesize Cloud

How to put the DVR online

Thunder Series with Microsoft Lync Server 2013 for Reverse Proxy Deployments DEPLOYMENT GUIDE

Course Outline. Course 20336B: Core Solutions of Microsoft Lync Server Duration: 5 Days

Course Outline. Core Solutions of Microsoft Lync Server 2013 Course 20336B: 5 days Instructor Led. About this Course.

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

Course Syllabus. About the course. Audience. At Course Completion. Microsoft Lync 2013 Depth Support Engineer. Certification Exams:

Grandstream Networks, Inc. How to Integrate UCM6100 with Microsoft Lync Server

Demystify HLB and DNS Load Balancing - Lync 2013 Topology with High Availability (POOLs, DNS LB vs HLB)

Deployment Scenarios

How To - Deploy Cyberoam in Gateway Mode

Virtual Appliance Setup Guide

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Implementing Live Meeting with Microsoft Office Communications Server 2007

Core Solutions of Microsoft Lync Server 2013

Jeff Schertz MVP, MCITP, MCTS, MCP, MCSE

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones - Issue 1.1

Application Note. Lync 2010 deployment guide. Document version: v1.2 Last update: 12th December 2013 Lync server: 2010 ALOHA version: 5.

nexvortex Setup Template

Integrating Skype for SIP with UC500

Networking Topology For Your System

VoIPon Tel: +44 (0) Fax: +44 (0)

What communication protocols are used to discover Tesira servers on a network?

Installing Skype for Business Server 2015

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

Cisco Expressway Basic Configuration

F-SECURE MESSAGING SECURITY GATEWAY

WORKING WITH WINDOWS FIREWALL IN WINDOWS 7

nexvortex Setup Guide

Premier Support for Lync Partners Tier 2

Configuring an Etherspeak SIP Trunk in Microsoft Lync 2013

Optimum Business SIP Trunk Set-up Guide

DEPLOY A SINGLE-SERVER OFFICE WEB APPS SERVER FARM THAT USES HTTPS

F-Secure Messaging Security Gateway. Deployment Guide

Microsoft Core Solutions of Microsoft Lync Server 2013

IP PBX. SD Card Slot. FXO Ports. PBX WAN port. FXO Ports LED, RED means online

Communicating in the Cloud with Lync Online

Creating a VPN with overlapping subnets

A Guide to New Features in Propalms OneGate 4.0

Application Note Configuring the Synapse SB67070 SIP Gateway for Broadvox GO! SIP Trunking

Optional VBP-E at the Headquarters Location

Enabling Users for Lync services

Premier Support for Lync Partners Tier 1

Security Provider Integration Kerberos Authentication

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

Acano solution. Third Party Call Control Guide. March E

Fabrizio Volpe. MVP Directory Services MCITP Lync

10533A: Deploying, Configuring, and Administering Microsoft Lync Server 2010

This document explains how to enable the SIP option and adjust the levels for the connected radio(s) using the below network example:

Course 20336: Core Solutions of Microsoft Lync Server 2013

Core Solutions of Microsoft Lync Server 2013

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

Web based training for field technicians can be arranged by calling These Documents are required for a successful install:

Core Solutions of Microsoft Lync Server 2013

NEFSIS DEDICATED SERVER

Microsoft Lync Server 2010

1. Introduction to DirectAccess. 2. Technical Introduction. 3. Technical Details within Demo. 4. Summary

Transcription:

8/7/2016 Skype for Business Edge & Reverse Proxy Md Shaifullah Mozide Palash

Table of Contents Introduction... 2 Edge Server:... 2 Access Edge Service:... 2 Web Conferencing Edge Service:... 2 A/V Edge Service:... 2 XMPP Proxy Service:... 2 Sample Topology... 3 Edge Server Basics... 4 Internal DNS Requirements... 5 External DNS Requirements... 5 Access Edge Service... 5 Web Conferencing Edge Service... 5 Audio Video Edge Service... 5 SRV Records... 5 Firewall Requirements... 6 Reverse Proxy... 7 Meeting URL... 7 Discovery URL... 7 Office Web Apps URL... 8 Firewall Requirements... 8 1

Introduction You need an edge server, if you want to let external users (Not logged into your organizations internal network) to be able to interact with internal users. These external users could be, Authenticated remote users Anonymous remote users Federated users (from different organizations) Mobile clients When discussing the Edge Server environment, we're referencing components that are, for the most part, deployed in a perimeter network (that's to say it's either in a workgroup or a domain that's outside your Skype for Business Server domain structure). Keeping that in mind, these are the components you're going to need to keep in mind for deploying your Edge successfully: Edge Server Reverse Proxy We have more detail on each of these below: Edge Server: These are the Skype for Business Servers deployed in your perimeter environment. Their role is to send and receive network traffic to external users for the services offered by your internal Skype for Business Server deployment. To do this successfully, each Edge Server runs: Access Edge Service: Provides a single, trusted connection point for both outbound and inbound Session Initiation Protocol (SIP) traffic. Web Conferencing Edge Service: Enables external users to join meetings that are hosted on your internal Skype for Business Server environment. A/V Edge Service: Makes audio, video, application sharing and file transfer available to external users. XMPP Proxy Service: Accepts and sends extensible messaging and presence protocol (XMPP) messages to and from configured XMPP Federated partners. Authorized external users can use your Edge Servers to connect to your internal Skype for Business Server deployment, but otherwise, they provide no other access to your internal network for anyone. There are four types of roles in Skype for Business Edge Server Access Edge Authenticates external connections Allows remote connection Allows federation Connection Web Conferencing Handles SIP Traffic Handles Data Conferencing Packets 2

Allows external users to join SFB meetings Allows external users to use whiteboard Allows external users to use Poll Allows external users to use QnA A/V Conferencing Extends audio to external users Extends video to external users Extends app sharing to external users Allows file transfer to external users Handles A/V Conferencing Packets XMPP Proxy Handles XMPP packets Allows XMPP based server\client to connect Earlier, it was a different role (no colocation) Usually used to federate with google users Sample Topology 3

This is just a reference topology. Your edge design should be based on various design factors; external features, location, security concern, high availability etc. You need to configure two interfaces of the edge server; internal and external. Internal interface would interact with the internal servers (front end\director etc.). External interface needs ip address and port configuration for each of the edge services (access, web, av). A single default gateway should be defined only on the external interface. This would force all traffic to go to internet, except the internal ones. For which you need to define static route. Edge Server Basics If you ve worked with OCS, Lync 2010, Lync 2013 or Skype for Business 2015 you are aware that there are some cardinal rules when installing an Edge server in a supported configuration and following Best Practices: You need to assign three (3) Public IP addresses for each Edge server. This is true whether you have a single Edge server or multiple Edge servers. It is true in a multiple Edge server Edge pool whether you choose to use DNS Load Balancing or Hardware Load Balancing. If you use Hardware Load Balancing, you will need three (3) more Public IP addresses above those you have pulled for the Edge servers themselves. These additional IP addresses are used for the Edge s virtual IP addresses (VIPs) The Edge server has to have two (2) network interface cards (NIC), four (4) is better but two (2) works fine! On a 2 NIC Edge, each one of the NICs has to be connected to a separate subnet. One of the subnets is defined as being connected to the internal side of the Edge with the other connected to the external side. On a four (4) NIC Edge you would have one (1) NIC on the internal side and the remaining three (3) on the external side. You also need four (4) IP addresses, one (1) on the internal NIC and its subnet and the remaining three (3) on the external side NIC(s) and their subnet The required firewall rules are split up between those for the external side of the Edge server and those for the internal side. Rules for the external side prescribe ports that should be opened between the Internet and the external side of the Edge. While rules for the internal side prescribe ports that should be opened between the internal user and Skype for Business 2015 server subnets and the internal side of the Edge. This implies that the external side of the Edge should only be able to hear traffic coming in from the Internet while the internal side of the Edge should only be able to hear traffic coming from the internal users or the internal Skype for Business 2015 servers. Unfortunately, this is only implied and not called out explicitly in the documentation; but we are calling these rules out here: 4

1. There should never be routing that allows traffic to get directly from either the internal user subnets or the internal Skype for Business 2015 servers to the external side of the Edge servers. 2. There should never be routing that allows traffic to get directly from the Internet or the external side of the Edge server to the internal user subnets or the internal Skype for Business 2015 servers Internal DNS Requirements Edge servers are not domain joined machines. You need to create a DNS entry for each of the Edge servers using internally used domain names. Let s assume, Skype for Business pool FQDN is sfbpool.contoso.com, and Edge server hostname is edge01. DNS entry should be created as below (internal DNS server) edge01.contoso.com 172.30.40.42 (IP address of internal interface) External DNS Requirements You need to create external DNS records for the external IP addresses you have configured on the edge servers. DNS entries would look like as below. These records need to be created on public DNS servers. Access Edge Service A sip.oviwin.com 202.202.1.10 (External IP address configured for Access Edge Service) Web Conferencing Edge Service A wconf.oviwin.com 202.202.1.11 (External IP address configured for Web Conf Edge Service) Audio Video Edge Service A av.oviwin.com 202.202.1.12 (External IP address configured for Web Conf Edge Service) SRV Records Name Host Port Reason _sip.tls.oviwin.com sip.oviwin.com 443 Auto login for external client _sipfederationtls._tcp.oviwin.com sip.oviwin.com 5061 Federation discovery _xmpp._tcp.oviwin.com sip.oviwin.com 5269 XMPP gateway locator 5

Firewall Requirements ONE TWO 6

THREE Reverse Proxy A reverse proxy (RP) server has no Skype for Business Server role, but is an essential component of an Edge Server deployment. A reverse proxy allows external users to: Connect to meetings or dial-in conferences using simple URLs. Download meeting content. Expand distribution groups. Get user-based certificates for client certificate based authentication Download files from the Address Book Server, or to submit queries to the Address Book Web Query service. Obtain updates to client and device software. And for mobile devices: It lets them automatically discover Front End Servers offering mobility services. It enables push notifications from Office 365 to mobile devices. Meeting URL A meet.oviwin.com 202.202.1.13 (External IP address configured for RP) Discovery URL A lyncdiscover.oviwin.com 202.202.1.13 (External IP address configured for RP) 7

Office Web Apps URL A owaent.oviwin.com 202.202.1.13 (External IP address configured for RP) Firewall Requirements 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information