Lync Edge is the point where we make services such as Access Edge, A/V authentication, A/V Edge, Web Conferencing Edge, and XMPP proxy service available to the external users. We have the possibility to bind such services to three public addresses on the external interface of Edge, or to join them to three different ports joined to a single public IP. The decision between the configurations has an impact on costs and on the accessibility of the services.
The first solution requires three valuable public IPs dedicated to Edge, while the second one requires only one Internet address.
However, the latter design is more prone to difficulties that the access might face from the external networks because the ports that the external users will be required to open on Edge are out of the standard TCP/80 and TCP/443 that are allowed by almost all the enterprise proxies and firewalls.
To deploy Lync Edge, we have to comply with the following requirements:
- Two network interfaces, configured as discussed earlier in the chapter.
- The server must be outside our domain.
- Lync Front End Servers and Lync Edge must be able to resolve each others' Fully Qualified Domain Name (FQDN). Edge is usually located in a Demilitarized Zone (DMZ) network, so that we can:
- Use one or more public DNS to resolve names from the "external" interface of Edge. We will have to add the FQDN of the Front End in the HOSTS file of Edge and vice versa.
- Enable Edge to query our internal DNS and keep the same logic of split-brain (or pinpointing) we have seen in Chapter 1, Installing a Lync 2013 Enterprise Pool.
- We have to configure a DNS suffix for our Edge. This could be the name of our public zone (as shown in the following screenshot), and this is a good solution to keep compatibility with third-party certificates that should contain the Edge server name. The name has to match the one used in the Topology Builder.
- If we plan to use certificates generated on the domain CA, we have to import the certificate of the root Certification Authority on the server.
The steps for the configuration are as follows:
- The first step of the configuration is to launch the Topology Builder, and we have to define the new Edge pool. After a welcome screen, we will be asked if we plan to deploy one or more Edge servers, as shown in the following screenshot:
- The option to deploy a pool, as usual, is related to the need for high availability and continuity. The screenshot that follows will present the different options, and they are as follows:
- For Edge publishing (single IP or multiple IPs)
- For federation
- For XMPP federation
Federation enables our Lync deployment to connect with other published Lync systems. The XMPP federation is used to communicate with services such as Google Talk.
If we choose to proceed with a single public address for all the services, both SIP and federation access will be listening on port 5061. In this chapter, I will assume that we are working with three public addresses for Edge.
- We will receive a request to define which versions of IP we will use and (really important) if we are going to use NAT.
Note
Network Address Translation (NAT) is a mechanism used if we are running our Lync Edge behind a firewall. The real IPs of Edge are translated by the firewall to the ones people will see from the external network. Setup without NAT usually is related to a Lync Edge that is directly connected to the Internet with the network interfaces configured with public IPs.
- The following screenshot will require the names of the external FQDN:
- The next screen will require to define the internal IP address of the server; the value will be the network address of the network interface that will connect the server to the internal network (172.25.33.10 if we use the schema created with the Lync Server 2013 planning tool).
- We will be asked to associate the public IPs of Edge with the different services (again, we will use the public addresses we have put in the planning tool):
- We will propose to associate Edge with one of our Front End Servers:
- If we have one or more Mediation servers, we will be offered the opportunity to associate one or more with Edge.
This last step completes the preparation phase.
As usual, we will have to publish the topology, and then, before we go to set up the Lync components on Edge, we have an additional task to perform: exporting the CMS.
Edge is to be installed on a standalone server, so we have to export the CMS, copy the file on Edge, and then import the CMS.
- We will launch an export command from a working Back End Server using Lync Management Shell:
Export-CsConfiguration –File C: empexport.zip
- Copy the compressed file on the Edge server.
- Launch the deployment wizard on Edge. In the Configure Local Replica of Central Management Store page, we will select the Import from a file option.
The other steps are to be performed, as we have seen in Chapter 1, Installing a Lync 2013 Enterprise Pool, for the deployment of a Lync Front End.