Microsoft Lync 2013 - Single Pair Addendum

 

1Introduction

1.1Document Purpose

This documentation is intended to provide guidance on how to configure a single pair of KEMP LoadMaster products to provide high availability for a Microsoft Lync Server 2013 environment. This documentation is created using a representative sample environment described later in the document. As this documentation is not intended to cover every possible deployment scenario it may not address unique setup or requirements. The KEMP Support Team is available to provide solutions for scenarios not explicitly defined.

1.2Prerequisites

It is assumed that the reader is a network administrator or a person otherwise familiar with networking and general computer terminology. It is further assumed that the Microsoft Lync Server 2013 environment has been set up and the KEMP LoadMaster has been installed.

Other LoadMaster documentation can be referred to as needed from http://kemptechnologies.com/loadmaster-documentation.

The minimum requirements that should be met before proceeding are as follows:

  • LoadMaster firmware version 7.0-6 or above should be installed
  • Configured and published Microsoft Lync Server architecture with Lync Topology builder
  • Installed the Microsoft Servers, Active Directories and followed other Microsoft requirements
  • Configured internal and external DNS entries for Front-End, Director and Edge pools
  • Established access to the LoadMaster Web User Interface (WUI)

2Load Balancing Microsoft Lync 2013

Figure 2‑1: Lync 2013 Network Topology

CAUTION! – While KEMP Technologies supports the configuration as depicted in Figure 2.1. This deployment option departs from the Microsoft recommended standard, as described in http://technet.microsoft.com/en-us/library/gg398478(v=ocs.14).aspx. If your configuration differs from that depicted above, please contact the local KEMP Support Team for assistance.

3Network Segmentation to support Lync deployments

LoadMaster uses the concept of a Virtual Service to publish services to clients. Clients can be actual end user clients or other servers which require access to the servers published by the Virtual Service. Virtual Services within the LoadMaster give the LoadMaster knowledge about local routes between networks. Using the local route/short cut between these interfaces may not always be the desired behaviour and this can be true within the Lync context specifically when configuring a Multi headed deployment on a single pair of LoadMaster devices.

Figure 3-1: Network Segmentation

Enabling Use Default Route Only “forces” traffic to follow back from Virtual Services to Real Server when a Default Gateway is configured on the specific Virtual Service.

If the traffic flowing between Virtual Service and the Real Server is able to take the shorter route using the LoadMaster when symmetric network operation is not required then that is achieved by not having a Virtual Service Default Gateway. Note - If a Virtual Service does not have a default route then the LoadMaster default route will be used.

To apply Figure 3-1 to the Lync Single Pair deployment a typical packet flow is shown in figure 3-2. Deployments are unique and alternative flows may be configured or required depending on the specific deployment.

Figure 3‑1: Lync 2013 Single Pair Typical Deployment

4General Configuration

The required additional LoadMaster configuration settings are outlined below to support a single pair deployment. These options can be set within the LoadMaster WUI.

4.1 Enable Use Default Route Only

In order to route traffic properly in a single pair configuration, the Use Default Route Only option must be enabled globally.

  1. In the main menu, select System Configuration.
  2. Select Miscellaneous Options.
  3. Select Network Options.

Figure 4‑1: Use Default Route Only

  1. Enable Use Default Route Only.

When enabled, this option forces traffic from Virtual Services that have default route entries set, to only be routed to the interface where the Virtual Services’ default route is located.

5Configuring Virtual Services for Lync 2013

This guide covers three types of Virtual Service; DNS Only, HLB only and those that are common to both types of environment. The below sections provide the additional instructions and recommended configuration options for setting up a single pair of KEMP LoadMasters to work with Lync 2013 using these configuration options.

For an explanation of each of the fields mentioned, refer to the Web User Interface (WUI), Configuration Guide.

5.1.1Lync Internal WebSvc HTTPS Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the additional steps below:

Figure 5‑1: Advanced Properties section

Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.1.2Lync Director 2013 DNS Virtual Service

To configure a Virtual Service for Lync Director, follow the additional steps below:

Figure 5‑2: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.1.3Lync Internal WebSvc HTTP Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the additional steps below:

Figure 5‑3: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the internal network (this default gateway will be on the same network as the Virtual Service)

5.2HLB Only Configuration

The HLB only configuration instructions are below.

5.2.1Lync Director 2013 HLB Virtual Service

To configure a Virtual Service for Lync Director, follow the additional steps below:

Figure 5‑4: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.2.2Lync Internal Director SIP Virtual Service

To configure a Virtual Service for Lync Internal Director SIP, follow the additional steps below:

Figure 5‑5: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.2.3Lync Mediation Virtual Service

DNS-only load balancing is sufficient for Mediation pools. If using the LoadMaster instead of DNS, load balance only TCP port 5070.

To configure a Virtual Service for Lync Mediation, follow the additional steps below:

Figure 5‑6: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.2.4 Lync Edge Internal AV Media TCP Virtual Service

This is the failback path for A/V media transfer. It is used for file transfer and desktop sharing.

To configure a Virtual Service for Lync Edge Internal AV Media TCP, follow the additional steps below:

Figure 5‑7: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.2.5Lync Edge Internal SIP Virtual Service

This is used by Directors and FE Pools.

To configure a Virtual Service for Lync Edge Internal SIP, follow the additional steps below:

Figure 5‑8: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.2.6Lync Internal WebSvc HTTP Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the additional steps below:

Figure 5‑9: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.2.7Lync Internal Front-End DCOM Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the additional steps below:

Figure 5‑10: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.2.8Lync Internal WebSvc HTTPS Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTPS HLB Only, follow the additional steps below:

Figure 5‑11: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.2.9Lync Internal Front-End SIP Virtual Service

To configure a Virtual Service for Lync Internal Front-End SIP, follow the additional steps below:

Figure 5‑12: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.2.10Configure Edge Virtual Services

To configure the various Edge Virtual Services, refer to the sections below.

 

When load balancing external interfaces of Edge pools, Access VIP should be used as the default gateway on all Edge interfaces. Also, a publicly routable IP with no NAT or port translation must be used.

5.2.10.1Lync Edge External SIP Virtual Service

To configure a Virtual Service for Lync Edge External SIP, follow the additional steps below:

Figure 5‑13: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.2.10.2Lync Edge External SIP Federation Virtual Service

To configure a Virtual Service for Lync Edge External SIP Federation, follow the additional steps below:

Figure 5‑14: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.2.10.3Lync Edge External XMPP Virtual Service

To configure a Virtual Service for Lync Edge External XMPP, follow the additional steps below:

Figure 5‑15: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.2.10.4Lync Edge External Conferencing Virtual Service

To configure a Virtual Service for Lync Edge External Conferencing, follow the additional steps below:

Figure 5‑16: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.2.10.5Lync Edge External AV Media TCP Virtual Service

To configure a Virtual Service for Lync Edge External AV, follow the additional steps below:

Figure 5‑17: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.3Common to Both

The Virtual Services listed below are common to both DNS and HLB configurations.

5.3.1Lync Office Web App Servers Virtual Service

To configure a Virtual Service for Office Web App Servers, follow the additional steps below:

Figure 5‑18: Advanced Properties section

  1. Expand the Advanced Properties section.

a)Enter https://%h%s in the Redirection URL field and click Add HTTP Redirector.

b)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.3.2Lync Reverse Proxy HTTP Virtual Service

To configure a Virtual Service for Lync Reverse Proxy HTTP, follow the additional steps below:

Figure 5‑19: Advanced Properties section

  1. Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.3.3Lync Reverse Proxy HTTPS Virtual Service

To configure a Virtual Service for Lync Reverse Proxy HTTPS, follow the additional steps below:

Figure 5‑20: Advanced Properties section

Expand Advanced Properties section and input the following options:

a)Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

6Additional Information

Some additional information that may be of use is contained within the sections below.

6.1Server Maintenance

When blocking traffic to a server during maintenance, removing the server IP entry from the pool Fully Qualified Domain Name (FQDN) is not sufficient. The server entry must be removed from the DNS. As the server to server traffic is topology-aware, in order to block server to server traffic the server must be removed from the DNS topology.

6.2Loss of Failover while using DNS

Loss of failover when load balancing Edge pools using DNS is possible in the following scenarios:

  • Federation with organizations running OCS versions older than Lync 2010
  • PIM connectivity with Skype, Windows Live, AOL, Yahoo! and XMPP partners
  • UM Play on Phone functionality
  • Transferring calls from UM Auto Attendant

6.3Hardware Load Balancing

If hardware load balancing is being used, a list of the ports that must be open can be found here: http://technet.microsoft.com/en-us/library/gg398833.aspx

Hardware load balancing Edge servers requires N+1 Public IP addresses.

Refer to the two links below for further information on hardware load balancing:

6.4Configuration Caution

CAUTION – A Single Pair deployment means that Internal and External traffic traverses the same LoadMaster unit. As a result, a denial of service could impact both the internal and external Lync Server deployment.

References

The following sources are referred to in this document:

KEMP Technologies website

www.kemptechnologies.com

KEMP Technologies Documentation page

http://kemptechnologies.com/loadmaster-documentation

Web User Interface (WUI), Configuration Guide

http://kemptechnologies.com/loadmaster-documentation

Virtual Services and Templates, Feature Description

http://kemptechnologies.com/loadmaster-documentation

Ports and Protocols for Internal Servers

http://technet.microsoft.com/en-us/library/gg398833.aspx

Port Summary - Scaled Consolidated Edge with Hardware Load Balancers

http://technet.microsoft.com/en-us/library/gg398739.aspx

Scaled Consolidated Edge with Hardware Load Balancers

http://technet.microsoft.com/en-us/library/gg398478.aspx

 

 

 

 

Document History

Date

Change

Reason for Change

Version

Resp.

July 2014

Release updates

Updates for 7.1-18a

1.7

LB

July 2014

Minor updates

Defects resolved

1.8

LB

Feb 2015

Updated

Topology Enhancements

1.9

KJ/IK

Oct 2015

Release updates

Updates for 7.1-30

3.0

LB

Jan 2016

Minor updates

Updated

4.0

LB

Jan 2017

Minor updates

Enhancements made

5.0

LB

Was this article helpful?

0 out of 0 found this helpful

Comments