The TMOS v11 iApp for Lync 2010 is here! http://bit.ly/r3NSup Use this new iApp for faster, easier configuration of LTM for Lync. Thanks! James

Updating this form post with the latest Lync deployment guidance as of today 4/5/2012 Deployment Guide with steps For customers running BIG-IP v10.2 or later: http://www.f5.com/pdf/deployment-guides/f5-lync-dg.pdf For customers running BIG-IP v11 or later: http://www.f5.com/pdf/deployment-guides/microsoft-lync-iapp-dg.pdf For customers running BIG-IP v11 or 11.1, please use this iApp for Lync. In a subsequent release it will be put in box, but for now it's the preferred iApp version for Lync: https://devcentral.f5.com/wiki/iApp.Microsoft-Lync-Server-2010-Updated-iApp.ashx Deployment Guide for reverse proxy configuration (ISA/TMG and F5 APM): http://www.f5.com/pdf/deployment-guides/microsoft-forefront-tmg-dg.pdf Excellent blog post summarizing key configuraiton for Lync Edge services. Read this blog! https://devcentral.f5.com/weblogs/rkorock/archive/2011/07/14/1096289.aspx Thanks! James Hendergart Sr Business Development Manager for F5

Hi James, I'm setting up MS Lync 2010 now and noticed the new iApp template in DevCentral. I've downloaded it, but before I go ahead and try upgrading it. Is there a way to determine what version of the iApp my LTM currently running. I'm running - BIG-IP 11.1.0 Build 2027.0 Hotfix HF2 thanks

Hey there, if this is the first time you've downloaded the Lync template from DevCentral, then you are using the version of the iApp that shipped with BIG-IP v11.1. There are a number of issues with overwriting the Lync iApp with the new template, so you will need to deploy the template in parallel with your existing deployment. To avoid IP address conflicts, you can either deploy the new iApp with different virtual server IP addresses and reconfigure DNS when you are done, or change the IP addresses in the existing deployment before beginning with the new template. Please follow up and let us know how it goes. thanks Mike

Hi guys, As Lync requires some for of reverse proxy is anyone working on a guide and iApp template that includes APM in place of TMG? We'd like to go down this road but would prefer the template and guide. I know there is guides (and this template) that include the reverse proxy setup for use with TMG and iRules as an alternative, but it would be nice to have an F5 one stop solution. Thanks in advance, Bob James

Robert, We've tested using APM for accessing simple URLs, and it's pretty straightforward. Unfortunately, as of right now we don't support authentication of the Lync client, which needs reverse proxy to download the address book, or Lync Mobility clients. If you wanted to secure the meeting and simple URLs with APM, you could simply create another virtual server to which DNS for those URLs points, apply your access policy to it, and make the internal reverse proxy virtual server the pool member. Mike

Lync Server 2010 Deployment Guide Update

29 Replies

Robert_James_10
Nimbostratus
Jul 03, 2012
Posted By mikeshimkus on 05/11/2012 10:14 AM

Robert,

We've tested using APM for accessing simple URLs, and it's pretty straightforward. Unfortunately, as of right now we don't support authentication of the Lync client, which needs reverse proxy to download the address book, or Lync Mobility clients. If you wanted to secure the meeting and simple URLs with APM, you could simply create another virtual server to which DNS for those URLs points, apply your access policy to it, and make the internal reverse proxy virtual server the pool member.

Mike

Sorry Mike, just to be clear APM does not support authentication? Isn't that it's job (or at least pawn it off the AD servers)

Can you elaborate a little more on this please.

Thanks,

Bob James
mikeshimkus_111
Historic F5 Account
Jul 03, 2012
APM does support authentication, but not for the Lync client or Lync Mobility. Much like Outlook Anywhere with APM, a specific iRule will need to be created to support authenticating these clients. A request has been created for this but I cannot tell you when it will be available, unfortunately.
Robert_James_10
Nimbostratus
Jul 03, 2012
Hi,

What's the default persistence set to for this? It seems to take 3-5 minutes for the clients to switch over to another FE server if one dies. Is this normal as per the client source affinity or cookie?

Thanks in advance, (And thanks Mike - too bad the sales force doesn't know this and are selling it as a solution)

Bob James
mikeshimkus_111
Historic F5 Account
Jul 03, 2012
I'll check into why you were told APM fully supports Lync.

When you say your FE server dies, does it get marked down by the monitor? If so, the BIG-IP should instantly pick another pool member. If not, it could be a monitor issue. Can you post the config for the monitor in question?

I'll like to request that you open a support ticket for these issues. It'll help us track them and also help get these features into the product.

thanks
Robert_James_10
Nimbostratus
Jul 04, 2012
I have a ticket open. It's a pretty base config as we are only using the front end servers now. And the downloaded iAPP template. I've gone through the guide and verified all the settings but did notice there is no Oneconnect profile for 8080 as per the documents so I'm not sure if this is an issue or not, but the template didn't have one.

We tried stopping the services, shutting down the server and disabling it in monitoring. All with the same results. I feel this is normal behaviour based on using the template and all the setting.

We'll see what we find out tomorrow. Could also be a client setting for Lync which the server guyswill investigate.

Thanks,

Bob James
mikeshimkus_111
Historic F5 Account
Jul 05, 2012
I searched for your ticket, but couldn't find it. Can you send me a private message on DevCentral with your case information?

thanks
Dan_23654
Nimbostratus
Jul 06, 2012
We are working on deploying Lync in our firm and currently only have the FE servers LB with the f5.

When a user dials in for a conference and is asked to enter a conference ID; once they do sometimes it goes through and finds it fine. majority of the time there is a 8-10 sec delay and it occasionally can find it but usually after a delay we see a failure with a system message usually stating "sorry but I’m having trouble accessing the system"

Has anyone seen this? We have our f5 Field Engineer looking into it but currently we are not sure what is going on. I also have a support ticket open with some traces.

Thanks!
Josh_41258
Nimbostratus
Jul 30, 2012
Shahram,

Could you please give us an update as to how your implementation turned out? I am also in a similar situation as you.. I need to use NAT'd IP's for the external edge roles.

Thanks,

Josh
Robert_James_10
Nimbostratus
Aug 01, 2012
Josh,

From what I have seen the external edge servers need a public IP (can't be Natted) because they present thei internal IP back to the Internet client. The first communication goes to the VIP then after load balancing the client may talk to the host. This is why MS says they have to be public IP's.

I have the NAT working on an older version but it's not officially supported.

Let me know if yours works externally

Bob James
Josh_41258
Nimbostratus
Aug 02, 2012
Robert,

I have heard success stories from people using NAT, and the Topology builder actually allows you to specify a NAT address for the A/V role. I believe that the only real restriction for the A/V role is that you cannot use SNAT. This is a pretty good reference: http://www.shudnow.net/2012/04/25/lync-2010-edge-servers-and-ip-requirements-nat-vs-public-ip/

Still working on the config, but I'll update as soon as I get things working.

Josh