Microsoft Skype for Business Server 2015

Problem this snippet solves:

New release candidate iApp template and deployment guide for Microsoft Skype for Business Server 2015 (formerly Lync Server 2010/2013). For more information and complete guidance on configuring the iApp template, see the associated deployment guide: http://www.f5.com/pdf/deployment-guides/microsoft-skype-for-business-dg.pdf

f5.microsoft_skype_server_2015.v1.0.0rc9: posted to downloads.f5.com in 11/2017

RC-9 was posted to downloads.f5.com (as will most new versions of this template). It contained the following changes: new BIG-IP AFM IP Intelligence threat categories to support BIG-IP v13.1 and support for route domain 0 from non-Common partitions.

f5.microsoft_skype_server_2015.v1.0.0rc7: posted 09/21/2016

RC-7 provides additional SIP domain support within reverse proxy, a monitor schema change for reverse proxy to make use of the 200 OK response when querying lyncdiscover/lyncdiscoverinternal, support for the director service standalone use case(separate LTM from Front End service), added support to ask for the IP phone update url to allow connections through reverse proxy and added a port 80 Virtual Server in addition to the existing 443 Virtual Server for reverse proxy.

RC 5 and 6 were never released to the public, this includes changes as a part of those RC's

f5.microsoft_skype_server_2015.v1.0.0rc4: posted 02/16/2016

RC-4 Fixes a security log profile error when deploying on versions of BIG-IP earlier than 11.4, where AFM is not available.

f5.microsoft_skype_server_2015.v1.0.0rc3: posted 01/22/2016

RC-3 attaches a supplemental ICMP monitor to the Edge internal UDP virtual server. See https://support.f5.com/kb/en-us/solutions/public/6000/100/sol6143.html for more information.

f5.microsoft_skype_server_2015.v1.0.0rc2: posted 01/11/2016

RC-2 contains only a small correction to the iRule produced by the iApp template. The iApp will now always force the FQDN written to lowercase in the iRule, even if the user enters CAPITAL letters.

f5.microsoft_skype_server_2015.v1.0.0rc1: posted 07/06/2015

New iApp template for Skype for Business.

Code :

70782
Published Jul 06, 2015
Version 1.0
application delivery
devops
iApps
LTM
lync
  • amolari's avatar
    amolari
    Icon for Cirrostratus rankCirrostratus
    Sep 07, 2016

    yes, it's deployed as reverse proxy only (fwd traffic to skype servers). I've updated the tmpl to rc6 and the Irule is still the same:

    when HTTP_REQUEST {
     switch -glob [string tolower [HTTP::host]] {
          sfbpoolemeaext.xyz.com* { pool create_reverse_proxy_front_end_4443_pool }
            { pool create_reverse_proxy_front_end_4443_pool }
          meet-emea.xyz.com*   { pool create_reverse_proxy_front_end_4443_pool  }
          dialin-emea.xyz.com* { pool create_reverse_proxy_front_end_4443_pool  }
            { pool create_reverse_proxy_front_end_4443_pool }
     }
}
  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Sep 07, 2016

    To confirm, you answered "Yes" to "Do you want to include Skype Mobility services for external clients?", and typed the FQDN into the "What is the FQDN for external Skype Mobility access?" field, and still not in the iRule?

     

  • LH_55870's avatar
    LH_55870
    Icon for Nimbostratus rankNimbostratus
    Sep 09, 2016

    Hi, I am just trying to configure the S4B VIPs using the v1.0.0rc6 version of template and have discovered that the "Microsoft Skype Server Director Virtual Servers" section is part of the "Microsoft Skype Server Front End Virtual Servers" section which prevents me to do a separate configuration for the director pool which I would like to run in different trafic group thus being active on other LTM node. In Lync template there it was possible to separate the config, so my question is simple. Is this on purpose or it's a bug and it might be fixed?

     

    thanks

     

    LH

     

  • mikeshimkus_111's avatar
    mikeshimkus_111
    Historic F5 Account
    Sep 09, 2016

    Hi LH, both the Lync and Skype templates work the same way-if you choose to deploy FE services, then the question about Director services appears and you should be able to enter in whatever node address you like in the Director Pool section. Which version of the Lync template were you using?

     

  • LH_55870's avatar
    LH_55870
    Icon for Nimbostratus rankNimbostratus
    Sep 12, 2016

    Hi mikeshimkus, well, I have no issue with choosing the right director node. My issue is that I can't use the template to configure just the director pool without the need to configure the enterprise pool first, which means I cant run each of the pools on different LTM node (box). I hope it is more clear now. In the template such configuration is possible.

     

    thanks

     

    LH

     

  • JamesSevedge_23's avatar
    JamesSevedge_23
    Historic F5 Account
    Sep 12, 2016

    Hello LH, The issue is understood now. Thanks for clarifying, the most typical use case seen when deploying director services is to also deploy FE services. So for the purpose of hiding questions unless they are needed the director services section was made dependent on FE services being set to yes as you observed. It appears however that you have a unique edge case where you would like those two sets of services managed by different iApps on different LTM's. We will take this under advisement and update the iApp accordingly.

     

    As it sits for you now my suggestion is to simply fill in the FE services with a placeholder VS ip and pool member ip. I know that is not ideal but that will allow you to use the iApp without modifying it and making it unsupported.

     

  • LH_55870's avatar
    LH_55870
    Icon for Nimbostratus rankNimbostratus
    Sep 13, 2016

    Hello James, I am still just in the testing environment with my S4B upgrade, so you have plenty time to update the template. In the worst case I will use the workaround with dummy FE IPs also in production environment.

     

    thanks

     

    LH

     

  • JamesSevedge_23's avatar
    JamesSevedge_23
    Historic F5 Account
    Sep 22, 2016

    LH, as noted in latest RC released on this page this includes the enhancement for separating director role from front end role dependency. Thanks for the feedback!

     

  • LH_55870's avatar
    LH_55870
    Icon for Nimbostratus rankNimbostratus
    Sep 27, 2016

    Thanks for the changes which make it possible to host the Director and Frontend pool on different BigIP machines. Nevertheless it looks like I drove in another deathend ;)

     

    With the upgrade to Skype4Businness I wanted to get rid of the TMG reverse proxy so I tried to configure the "Microsoft Skype Server Reverse Proxy" part of the template. But there again is the Director and Frontend part bound together. OK, so I tried to put a dummy IP in the FE VIP and backend fields which did create all the frontend dummy and 8080 director but not the 4443 virtual server for director pool. Is this on purpose? Because otherwise I would preffer to forward the 4443 trafic to Director too.

     

    I have also tried to create the iApp with just the Reverse proxy configuration for both the frontend and director pools, but it ended up with an ilegal sharing error, although the ports 8080 and 4443 are not being used in any other iApp. What could be wrong here?

     

    I have used following options in both cases - Yes, receive the reverse proxy traffic from another BIG-IP system - Yes, forward reverse proxy traffic to Director servers

     

    I am also wondering if it would be possible to do the SSL passthrough here without a need to import certificate and key.

     

    best regards

     

    LH