Tuesday, March 29, 2011

Lync 2010 Deployment Guide (Edge role with 3 IP addresses)

Now that I have verified Edge configuration with singe IP address, let’s look now a configuration with three separate IP addresses would look like.






***One so misleading message! It should read “If the external IP address of the AV interface of this pool is translated by NAT…”


***Because we will use unique IP addresses for each service, we can safely leave the default ports here.




***Alert! This is the MOST often omitted OR misunderstood part. It should read “Because the external IP address of the Edge’s AV interface is translated by NAT…”. Here we will enter the Public routable IP address which will be mapped to the internal IP, assigned to AV service.




 
Looks good and so I can proceed with the steps described in earlier posts to publish the topology, expert it to .zip file, import it to my edge, configure the firewall, and make the changes necessary in my public DNS.










7 comments:

Anonymous said...

Hi ocsdude,

your posts are the best guides for Lync 2010 I found so far! I deployed everthing as you described, but have some question.

I deployed the edge role with one IP-Adress and I am wondering how external user can access the lync web app, when the public adress is only sip.domain.com?

Internal we have meet.domain.com, dialin.domain.com...this is working perfektly, but what about external access. I want that external users can access the lync web app with the same adress as internal user (meet.domain.com, dialin.domain.com), but I don´t know what to do...problem is also the public certificate, I have issued one for sip.domain.com (as you described), but what about meet.domain.com, dialin.domain.com?

Thank you for any help!

Harry from Germany, Hamburg

Drago said...

I have not gottent to this part, my friend. For web apps we need reverse proxy. Here is the TechNet article: http://technet.microsoft.com/en-us/library/gg398069.aspx

halit said...

This is the best blog i have ever read.. I have one question.. I set up the edge on DMZ and published via ISA.I check the ISA logs but i dont see any packet going ISA external interface from Lync client. I could not understand how Lync client finds edge server on internet? How should be public DNS configured and which records should be created there? Is av.domain.com webconf.domain.com and sip.domain.com records enough to connect edge?
I would be very happy if you could explain.. I guess previous guy asked the same..

Drago said...

We have two scenarios – “singe public IP” and “three public IP’s”.

When we use single public IP, one A-Record is sufficient, presumably sip.domain.com.

When we use three public IP’s, we must have three A-Records. The FQDN is determined by us in Topology Builder, but common sense calls for sip.domain.com; webconf.domain.com and av.domain.com.

In both cases, we need SRV records as well – one for external access and one for federation.
When single IP is used, both _sip._tls.domain.com and _sipfederationtls._tcp.domain.com would point to sip.domain.com, typically port 5061 (the port is specified in Topology Builder).

In case of three IP’s, _sip._tls.domain.com would point to sip.domain.com (port 443) and _sipfederationtls._tcp.domain.com points again to sip.domain.com (typically port 5061). This is, if you accepted the defaults in TB.

External clients look for _sip._tls.domain.com to obtain the IP address (via A-Record) and port of the edge in order to send REGISTER request.

This is in nutshell. Hope it make sence.

rizwan baig said...

Hi Champ,

i have a query, i have 3 different location and all tha location have the Lync standard edition is installed, only one edge server is in central location.

my dought is how external requrest forward to the location other than central and what is the process to configure this scenario.

vijendhar said...

Hi Champs,

I have doubt, while deploying edge in HA mode can we use NATed IP for AVEdge service or we should use public routable IP.

Waiting for reply.

Thanks in advance:)

Regards
Vijendhar.A

Drago said...

The method (private or public ip) is not relevant. Tt very much depends how your HLB is configured network wise.