Sample Topology Considerations
,These topologies provide some general guidance, but organizations ultimately need to design a virtualized solution that works best for them. These topologies provide a starting point, but should be taken with consideration and adjusted to meet the needs of each organization instead of simply reusing the sample topologies. There are a few key issues with the sample topology; these are discussed in this section.
Guest Placement
With the published example, Microsoft has dedicated particular virtual hosts for specific Lync Server roles such as only Front-End Servers, only A/V Conferencing Servers, or only Directors. The obvious issue with this type of deployment is that if a single host server fails, it will bring down all the virtual machines running on that server. With many of these roles, each host becomes a single point of failure. So, although mixing roles across different host servers might make performance testing or troubleshooting slightly more difficult, it does remove one piece of hardware from being a single point of failure.
Disk Layout
The examples provided by Microsoft also use RAID 0 disk configurations for the host servers in most cases. Although this provides a performance benefit over other RAID configurations, the reality is that most organizations prefer to offer some form of redundancy at the physical disk level. If a single disk in a RAID 0 array fails, the entire array is lost, and all virtual machine disks on that array are unavailable. Using a redundant disk configuration such as RAID 5 or RAID 1+0 for most host servers offers some redundancy with slightly reduced performance.
Edge Virtual Machine Collocation
One security concern the Microsoft design addresses is the fact that the Edge Server should not be located on the same host machine as any other server roles. This is because the Edge Server is designed to sit in a perimeter network surrounded by firewalls on both sides.
Caution
Placing Edge Servers on a host machine within the internal network is a bit of a security concern, which is why Microsoft recommends separating these virtual machines.
In reality, many organizations will probably deploy Edge Servers on the same host as other virtual machines. With the ability to tag individual virtual machine adapters with a specific VLAN, the perimeter network traffic can be directed to only the adapters assigned to Edge Servers. Of course this means the perimeter network traffic passes through the host hypervisor at some level, but this seems to be a security issue less important for organizations because of the flexibility gained with VLAN tagging. Of course, the proper firewall rules should be in place to protect both the host and guest operating systems. If nothing else, it might make sense to use perimeter network hosts to also deploy virtual reverse proxy servers such as Microsoft Forefront Threat Management Gateway, which also is typically placed in a perimeter network.
Reverse Proxy
An often overlooked component of a deployment can be the requirement for a reverse proxy server when enabling remote access. The sample topology does not account for these servers, but organizations should plan for these additional virtual machines when deploying Lync Server. The requirements for each server are not nearly as high as for a Lync Server role, but do consume some resources on a host. Because these servers are typically placed in a perimeter network, the same concerns exist as when virtualizing an Edge Server deployment.