The TMOS v11 iApp for Lync 2010 is here! http://bit.ly/r3NSup Use this new iApp for faster, easier configuration of LTM for Lync. Thanks! James

Updating this form post with the latest Lync deployment guidance as of today 4/5/2012 Deployment Guide with steps For customers running BIG-IP v10.2 or later: http://www.f5.com/pdf/deployment-guides/f5-lync-dg.pdf For customers running BIG-IP v11 or later: http://www.f5.com/pdf/deployment-guides/microsoft-lync-iapp-dg.pdf For customers running BIG-IP v11 or 11.1, please use this iApp for Lync. In a subsequent release it will be put in box, but for now it's the preferred iApp version for Lync: https://devcentral.f5.com/wiki/iApp.Microsoft-Lync-Server-2010-Updated-iApp.ashx Deployment Guide for reverse proxy configuration (ISA/TMG and F5 APM): http://www.f5.com/pdf/deployment-guides/microsoft-forefront-tmg-dg.pdf Excellent blog post summarizing key configuraiton for Lync Edge services. Read this blog! https://devcentral.f5.com/weblogs/rkorock/archive/2011/07/14/1096289.aspx Thanks! James Hendergart Sr Business Development Manager for F5

Hi James, I'm setting up MS Lync 2010 now and noticed the new iApp template in DevCentral. I've downloaded it, but before I go ahead and try upgrading it. Is there a way to determine what version of the iApp my LTM currently running. I'm running - BIG-IP 11.1.0 Build 2027.0 Hotfix HF2 thanks

Hey there, if this is the first time you've downloaded the Lync template from DevCentral, then you are using the version of the iApp that shipped with BIG-IP v11.1. There are a number of issues with overwriting the Lync iApp with the new template, so you will need to deploy the template in parallel with your existing deployment. To avoid IP address conflicts, you can either deploy the new iApp with different virtual server IP addresses and reconfigure DNS when you are done, or change the IP addresses in the existing deployment before beginning with the new template. Please follow up and let us know how it goes. thanks Mike

Hi guys, As Lync requires some for of reverse proxy is anyone working on a guide and iApp template that includes APM in place of TMG? We'd like to go down this road but would prefer the template and guide. I know there is guides (and this template) that include the reverse proxy setup for use with TMG and iRules as an alternative, but it would be nice to have an F5 one stop solution. Thanks in advance, Bob James

Robert, We've tested using APM for accessing simple URLs, and it's pretty straightforward. Unfortunately, as of right now we don't support authentication of the Lync client, which needs reverse proxy to download the address book, or Lync Mobility clients. If you wanted to secure the meeting and simple URLs with APM, you could simply create another virtual server to which DNS for those URLs points, apply your access policy to it, and make the internal reverse proxy virtual server the pool member. Mike

Lync Server 2010 Deployment Guide Update

jameshendergart
Historic F5 Account
Apr 05, 2012
Updating this form post with the latest Lync deployment guidance as of today 4/5/2012

Deployment Guide with steps

For customers running BIG-IP v10.2 or later: http://www.f5.com/pdf/deployment-guides/f5-lync-dg.pdf

For customers running BIG-IP v11 or later: http://www.f5.com/pdf/deployment-guides/microsoft-lync-iapp-dg.pdf

For customers running BIG-IP v11 or 11.1, please use this iApp for Lync. In a subsequent release it will be put in box, but for now it's the preferred iApp version for Lync: https://devcentral.f5.com/wiki/iApp.Microsoft-Lync-Server-2010-Updated-iApp.ashx

Deployment Guide for reverse proxy configuration (ISA/TMG and F5 APM):

http://www.f5.com/pdf/deployment-guides/microsoft-forefront-tmg-dg.pdf

Excellent blog post summarizing key configuraiton for Lync Edge services. Read this blog!

https://devcentral.f5.com/weblogs/rkorock/archive/2011/07/14/1096289.aspx

Thanks!

James Hendergart

Sr Business Development Manager for F5
mduhra_57359
Nimbostratus
Apr 18, 2012
Hi James, I'm setting up MS Lync 2010 now and noticed the new iApp template in DevCentral. I've downloaded it, but before I go ahead and try upgrading it. Is there a way to determine what version of the iApp my LTM currently running.

I'm running - BIG-IP 11.1.0 Build 2027.0 Hotfix HF2

thanks
mikeshimkus_111
Historic F5 Account
Apr 18, 2012
Hey there, if this is the first time you've downloaded the Lync template from DevCentral, then you are using the version of the iApp that shipped with BIG-IP v11.1. There are a number of issues with overwriting the Lync iApp with the new template, so you will need to deploy the template in parallel with your existing deployment. To avoid IP address conflicts, you can either deploy the new iApp with different virtual server IP addresses and reconfigure DNS when you are done, or change the IP addresses in the existing deployment before beginning with the new template. Please follow up and let us know how it goes.

thanks

Mike
Robert_James_10
Nimbostratus
May 11, 2012
Hi guys, As Lync requires some for of reverse proxy is anyone working on a guide and iApp template that includes APM in place of TMG? We'd like to go down this road but would prefer the template and guide. I know there is guides (and this template) that include the reverse proxy setup for use with TMG and iRules as an alternative, but it would be nice to have an F5 one stop solution.

Thanks in advance,

Bob James
mikeshimkus_111
Historic F5 Account
May 11, 2012
Robert,

We've tested using APM for accessing simple URLs, and it's pretty straightforward. Unfortunately, as of right now we don't support authentication of the Lync client, which needs reverse proxy to download the address book, or Lync Mobility clients. If you wanted to secure the meeting and simple URLs with APM, you could simply create another virtual server to which DNS for those URLs points, apply your access policy to it, and make the internal reverse proxy virtual server the pool member.

Mike
Shahram_83722
Nimbostratus
Jun 20, 2012

I'm about to configure Lync on our Edge and was wondering if anyone has deployed a scenario similar to mine (depicted below) where ALL the VIPs and server IP's are all NATted in the firewall. I have all our Edge servers on a DMZ and our load balancer within that environment. I would like to know if this is a viable solution and whether it will work.

R1 and R2 represent the router which will serve as the default gateway on those subnets (Subnet20 and Subnet40 respectively). I will use an ACL to block the access between the Edge internal and Edge external interfaces as required by Microsoft documents. The Access External and Webconf external addresses will be on the same subnet behind the LB (10.10.20.0). All Virtual Servers will use the 10.10.10.0 subnet on the outside of the LB, including the 'Edge Internal' VS.

Couldn't get the diagram inhere... I'll think of a way...

All feedback is greatly appreciated.
mikeshimkus_111
Historic F5 Account
Jun 21, 2012
Hi Sharam, the blog post James mentioned above describes why you want to avoid NATing those services. Lync will be unable to set up peer to peer communications between clients, therefore it will need to proxy all of these connections through the Edge servers. It should work, though, as long as you configure the Edge servers to be aware of the public address used by the NAT.

Mike
Shahram_83722
Nimbostratus
Jun 21, 2012
Oh, just to clarify, this is the 'edge' portion only. I already have the internal (front end and directors) working. We also have the proxy server all set up and working.
mikeshimkus_111
Historic F5 Account
Jun 25, 2012
Although I haven't tested that scenario personally, I know of deployments that are working with SNAT. Keep us updated on how it goes.
Robert_James_10
Nimbostratus
Jul 03, 2012
Shahram,

Although I have had a simular configuration working as you described, Microsoft will not support the FE servers with NAT'ed internal IP's with Load Balancers (Although they will with RRDNS??).

Just as a heads up

Bob James