1 / 111

Secure Remote Access & Lync

Secure Remote Access & Lync. Ilse Van Criekinge http://blogs.technet.com/ilvancri @ivcrieki. Session Objectives and Takeaways. Session Objectives Overview of typical Lync Server Edge configurations DNS Load Balancing and Hardware Load Balancing NAT support for Edge Deployment

Download Presentation

Secure Remote Access & Lync

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Secure Remote Access & Lync Ilse Van Criekinge http://blogs.technet.com/ilvancri @ivcrieki

  2. Session Objectives and Takeaways • Session Objectives • Overview of typical Lync Server Edge configurations • DNS Load Balancing and Hardware Load Balancing • NAT support for Edge Deployment • Reverse Proxy • ICE • Takeaways • Understand typical Edge planning and deployment process • Understand certificate requirements for Edge and Reverse Proxy

  3. Introduction

  4. Conferencing Capabilities of Lync

  5. Dial-In Conferencing

  6. Simple URLs • Lync Server 2010 • Meet • Dial-in • Admin • Scope = Global & Site • Created using PowerShell or Topology Builder

  7. Edge Server Role

  8. Lync Server Edge scenarios • External User Access • Lync clients can transparently connect to the Lync Server deployment over the public Internet • PIC • Connecting with public IM providers • Federation • Federation with other Enterprises • IM&P only, or • All modalities A/V and Application Sharing

  9. Edge Server Role Requirements • General Requirements • 64-bit Windows 2008, Windows 2008 R2 • Microsoft .NET Framework 3.5 SP1 • Windows PowerShell v2 • Cannot be collocated with any other Microsoft Lync Server role • Virtualization is supported (Windows 2008 R2 OS!)

  10. Edge Server Roles • Access Edge = handles all SIP traffic crossing the corporate firewall • Web Conferencing Edge = proxies PSOM (Persistant Shared Object Model) traffic between the Web Conferencing Server and external clients • Audio/Video Edge = provides a single trusted connection point through which audio and video traffic enters and exits your network

  11. Edge Server Role 1 IP, 2 IP, 3 IP, 4 IP, ... ?

  12. A Few Networking Lync Facts • Lync Server 2010 supports only IPv4 • It does niet support IPv6 • Can function in a network with dual IP stack enabled • Two network adapters for each Edge Server are required: • one for the internal-facing interface • one for the external-facing interface • Important: The internal and external subnets must not be routable to each other.

  13. Single IP address Edge Edge Server edge-int.contoso.com 172.25.33.10 SIP: 5061 Web Conf: 8057 A/V Conf: 443, 3478 edge.contoso.com 131.107.155.10 SIP: 5061 Web Conf: 444 A/V Conf: 443, 3478 Internal External

  14. Multiple IP address Edge access.contoso.com 131.107.155.10 443, 5061 Edge Server External SIP edge-int.contoso.com 172.25.33.10 SIP: 5061 Web Conf: 8057 A/V Conf: 443, 3478 webcon.contoso.com 131.107.155.20 443 Internal External Web Conf av.contoso.com 131.107.155.30 443, 3478 External AV

  15. Edge using NAT IP addresses Public IP space NAT Edge Server IP1 IP1’ External SIP Lync Server does not need to know translated SIP and Web Conf IP IP2’ IP2 Client External Web Conf Int Clients connect to IP for A/V traffic Translated AV IP must be configured in Lync Server IP3’ IP3 External AV

  16. DNS Load Balanced Edge Public IP space Edge Server 1 IP1 DNS A records access.contoso.com IP1 and IP4 webcon.contoso.com IP2 and IP5 av.contoso.com IP3 and IP6 IP2 Int IP3 Edge Server 2 IP4 Client IP5 Int Client can retrieve and handle multiple IP addresses and can fail over DNS server returns randomized IP address IP6

  17. DNS Load Balanced Edge using NAT NAT Public IP space Edge Server 1 IP1’ IP1 DNS A records access.contoso.com IP1’ and IP4’ webcon.contoso.com IP2’ and IP5’ av.contoso.com IP3’ and IP6’ IP2’ IP2 Int IP3’ IP3 Translated AV IP addresses must be configured in Lync Server individually IP3 to IP3’ IP6 to IP6’ Edge Server 2 IP4’ IP4 IP5’ IP5 Int IP6’ IP6

  18. Hardware Load Balanced Edge HLB Public IP space Edge Server 1 IP1 DNS A records access.contoso.com VIP1 webcon.contoso.com VIP2 av.contoso.com VIP3 IP2 Int IP3 VIP1 VIP2 Initial AV connection requires will land on VIP and gets forwarded. However clients will connect to Edge directly (UDP) TCP traffic continues to use VIP NAT and HLB is not possible Edge Server 2 VIP3 IP4 IP5 Int IP6

  19. Edge Server Role installation

More Related