Lync Server 2010 Deployment Guide Update

Updating this form post with the latest Lync deployment guidance as of today 4/5/2012

 

 

Deployment Guide with steps

 

For customers running BIG-IP v10.2 or later: http://www.f5.com/pdf/deployment-guides/f5-lync-dg.pdf

 

For customers running BIG-IP v11 or later: http://www.f5.com/pdf/deployment-guides/microsoft-lync-iapp-dg.pdf

 

For customers running BIG-IP v11 or 11.1, please use this iApp for Lync. In a subsequent release it will be put in box, but for now it's the preferred iApp version for Lync: https://devcentral.f5.com/wiki/iApp.Microsoft-Lync-Server-2010-Updated-iApp.ashx

 

 

Deployment Guide for reverse proxy configuration (ISA/TMG and F5 APM):

 

http://www.f5.com/pdf/deployment-guides/microsoft-forefront-tmg-dg.pdf

 

 

Excellent blog post summarizing key configuraiton for Lync Edge services. Read this blog!

 

https://devcentral.f5.com/weblogs/rkorock/archive/2011/07/14/1096289.aspx

 

 

Thanks!

 

James Hendergart

 

Sr Business Development Manager for F5

Hi James, I'm setting up MS Lync 2010 now and noticed the new iApp template in DevCentral. I've downloaded it, but before I go ahead and try upgrading it. Is there a way to determine what version of the iApp my LTM currently running.

 

 

I'm running - BIG-IP 11.1.0 Build 2027.0 Hotfix HF2

 

 

thanks

Hey there, if this is the first time you've downloaded the Lync template from DevCentral, then you are using the version of the iApp that shipped with BIG-IP v11.1. There are a number of issues with overwriting the Lync iApp with the new template, so you will need to deploy the template in parallel with your existing deployment. To avoid IP address conflicts, you can either deploy the new iApp with different virtual server IP addresses and reconfigure DNS when you are done, or change the IP addresses in the existing deployment before beginning with the new template. Please follow up and let us know how it goes.

 

thanks

 

Mike

Hi guys, As Lync requires some for of reverse proxy is anyone working on a guide and iApp template that includes APM in place of TMG? We'd like to go down this road but would prefer the template and guide. I know there is guides (and this template) that include the reverse proxy setup for use with TMG and iRules as an alternative, but it would be nice to have an F5 one stop solution.

 

 

Thanks in advance,

 

 

 

Bob James

Robert,

 

We've tested using APM for accessing simple URLs, and it's pretty straightforward. Unfortunately, as of right now we don't support authentication of the Lync client, which needs reverse proxy to download the address book, or Lync Mobility clients. If you wanted to secure the meeting and simple URLs with APM, you could simply create another virtual server to which DNS for those URLs points, apply your access policy to it, and make the internal reverse proxy virtual server the pool member.

 

Mike

 

I'm about to configure Lync on our Edge and was wondering if anyone has deployed a scenario similar to mine (depicted below) where ALL the VIPs and server IP's are all NATted in the firewall. I have all our Edge servers on a DMZ and our load balancer within that environment. I would like to know if this is a viable solution and whether it will work.

 

 

R1 and R2 represent the router which will serve as the default gateway on those subnets (Subnet20 and Subnet40 respectively). I will use an ACL to block the access between the Edge internal and Edge external interfaces as required by Microsoft documents. The Access External and Webconf external addresses will be on the same subnet behind the LB (10.10.20.0). All Virtual Servers will use the 10.10.10.0 subnet on the outside of the LB, including the 'Edge Internal' VS.

 

 

 

 

Couldn't get the diagram inhere... I'll think of a way...

 

 

All feedback is greatly appreciated.

 

 

Hi Sharam, the blog post James mentioned above describes why you want to avoid NATing those services. Lync will be unable to set up peer to peer communications between clients, therefore it will need to proxy all of these connections through the Edge servers. It should work, though, as long as you configure the Edge servers to be aware of the public address used by the NAT.

 

Mike

Oh, just to clarify, this is the 'edge' portion only. I already have the internal (front end and directors) working. We also have the proxy server all set up and working.

Although I haven't tested that scenario personally, I know of deployments that are working with SNAT. Keep us updated on how it goes.

Shahram,

 

 

Although I have had a simular configuration working as you described, Microsoft will not support the FE servers with NAT'ed internal IP's with Load Balancers (Although they will with RRDNS??).

 

 

Just as a heads up

 

 

Bob James