Microsoft Lync 2013 - Single Pair Addendum

1 Introduction

1.1 Document Purpose

This documentation is intended to provide guidance on how to configure a single pair of KEMP LoadMaster products to provide high availability for a Microsoft Lync Server 2013 environment. This documentation is created using a representative sample environment described later in the document. As this documentation is not intended to cover every possible deployment scenario it may not address unique setup or requirements. The KEMP Support Team is available to provide solutions for scenarios not explicitly defined.

1.2 Prerequisites

It is assumed that the reader is a network administrator or a person otherwise familiar with networking and general computer terminology. It is further assumed that the Microsoft Lync Server 2013 environment has been set up and the KEMP LoadMaster has been installed.

Other LoadMaster documentation can be referred to as needed from http://kemptechnologies.com/loadmaster-documentation.

The minimum requirements that should be met before proceeding are as follows:

LoadMaster firmware version 7.0-6 or above should be installed

Configured and published Microsoft Lync Server architecture with Lync Topology builder

Installed the Microsoft Servers, Active Directories and followed other Microsoft requirements

Configured internal and external DNS entries for Front-End, Director and Edge pools

Established access to the LoadMaster Web User Interface (WUI)

2 Load Balancing Microsoft Lync 2013

Load Balancing Microsoft Lync.png

CAUTION! – While KEMP Technologies supports the configuration as depicted in the above diagram, this deployment option departs from the Microsoft recommended standard, as described in http://technet.microsoft.com/en-us/library/gg398478(v=ocs.14).aspx. If your configuration differs from that depicted above, please contact the local KEMP Support Team for assistance.

3 Network Segmentation to support Lync deployments

LoadMaster uses the concept of a Virtual Service to publish services to clients.  Clients can be actual end user clients or other servers which require access to the servers published by the Virtual Service.  Virtual Services within the LoadMaster give the LoadMaster knowledge about local routes between networks.  Using the local route/short cut between these interfaces may not always be the desired behaviour and this can be true within the Lync context specifically when configuring a Multi headed deployment on a single pair of LoadMaster devices.

Network Segmentation to support.png

Enabling Use Default Route Only “forces” traffic to follow back from Virtual Services to Real Server when a Default Gateway is configured on the specific Virtual Service.

If the traffic flowing between Virtual Service and the Real Server is able to take the shorter route using the LoadMaster when symmetric network operation is not required then that is achieved by not having a Virtual Service Default Gateway.  Note - If a Virtual Service does not have a default route then the LoadMaster default route will be used.

To apply the above set up to the Lync Single Pair deployment a typical packet flow is shown in the below diagram.  Deployments are unique and alternative flows may be configured or required depending on the specific deployment.

Network Segmentation to support_1.png

4 General Configuration

The required additional LoadMaster configuration settings are outlined below to support a single pair deployment. These options can be set within the LoadMaster WUI.

4.1   Enable Use Default Route Only

In order to route traffic properly in a single pair configuration, the Use Default Route Only option must be enabled globally.

  1. In the main menu, select System Configuration.
  2. Select Miscellaneous Options.
  3. Select Network Options.

Enable Use Default Route Only.png

  1. Enable Use Default Route Only.

When enabled, this option forces traffic from Virtual Services that have default route entries set, to only be routed to the interface where the Virtual Services’ default route is located.

5 Configuring Virtual Services for Lync 2013

This guide covers three types of Virtual Service; DNS Only, HLB only and those that are common to both types of environment. The below sections provide the additional instructions and recommended configuration options for setting up a single pair of KEMP LoadMasters to work with Lync 2013 using these configuration options.

For an explanation of each of the fields mentioned, refer to the Web User Interface (WUI), Configuration Guide.

5.1 Lync Internal WebSvc HTTPS Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the additional steps below:

Lync Internal WebSvc HTTPS.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.1.1 Lync Director 2013 DNS Virtual Service

To configure a Virtual Service for Lync Director, follow the additional steps below:

Lync Internal WebSvc HTTPS.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.1.2 Lync Internal WebSvc HTTP Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the additional steps below:

Lync Internal WebSvc HTTP.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the internal network (this default gateway will be on the same network as the Virtual Service)

5.2 HLB Only Configuration

The HLB only configuration instructions are below.

5.2.1 Lync Director 2013 HLB Virtual Service

To configure a Virtual Service for Lync Director, follow the additional steps below:

Lync Internal WebSvc HTTPS.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)

5.2.2 Lync Internal Director SIP Virtual Service

To configure a Virtual Service for Lync Internal Director SIP, follow the additional steps below:

Lync Internal WebSvc HTTPS.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

5.2.3 Lync Mediation Virtual Service

DNS-only load balancing is sufficient for Mediation pools. If using the LoadMaster instead of DNS, load balance only TCP port 5070.

To configure a Virtual Service for Lync Mediation, follow the additional steps below:

Lync Internal WebSvc HTTPS.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

5.2.4   Lync Edge Internal AV Media TCP Virtual Service

This is the failback path for A/V media transfer. It is used for file transfer and desktop sharing.

To configure a Virtual Service for Lync Edge Internal AV Media TCP, follow the additional steps below:

Lync Edge Internal AV Media.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

5.2.5 Lync Edge Internal SIP Virtual Service

This is used by Directors and FE Pools.

To configure a Virtual Service for Lync Edge Internal SIP, follow the additional steps below:

Lync Edge Internal AV Media.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

5.2.6 Lync Internal WebSvc HTTP Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the additional steps below:

Lync Internal WebSvc HTTP.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

5.2.7 Lync Internal Front-End DCOM Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the additional steps below:

     Lync Internal WebSvc HTTPS.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

5.2.8 Lync Internal WebSvc HTTPS Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTPS HLB Only, follow the additional steps below:

Lync Internal WebSvc HTTPS.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

5.2.9 Lync Internal Front-End SIP Virtual Service

To configure a Virtual Service for Lync Internal Front-End SIP, follow the additional steps below:

Lync Internal WebSvc HTTPS.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

5.2.10 Configure Edge Virtual Services

To configure the various Edge Virtual Services, refer to the sections below.

When load balancing external interfaces of Edge pools, Access VIP should be used as the default gateway on all Edge interfaces. Also, a publicly routable IP with no NAT or port translation must be used.

5.2.10.1 Lync Edge External SIP Virtual Service

To configure a Virtual Service for Lync Edge External SIP, follow the additional steps below:

Configure Edge Virtual Services.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

5.2.10.2 Lync Edge External SIP Federation Virtual Service

To configure a Virtual Service for Lync Edge External SIP Federation, follow the additional steps below:

Configure Edge Virtual Services.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

5.2.10.3 Lync Edge External XMPP Virtual Service

To configure a Virtual Service for Lync Edge External XMPP, follow the additional steps below:

Configure Edge Virtual Services.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

5.2.10.4 Lync Edge External Conferencing Virtual Service

To configure a Virtual Service for Lync Edge External Conferencing, follow the additional steps below:

Configure Edge Virtual Services.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

5.2.10.5 Lync Edge External AV Media TCP Virtual Service

To configure a Virtual Service for Lync Edge External AV, follow the additional steps below:

Configure Edge Virtual Services.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

5.3 Common to Both

The Virtual Services listed below are common to both DNS and HLB configurations.

5.3.1 Lync Office Web App Servers Virtual Service

To configure a Virtual Service for Office Web App Servers, follow the additional steps below:

Lync Office Web App Servers.png

1. Expand the Advanced Properties section.

2. Enter https://%h%s in the Redirection URL field and click Add HTTP Redirector.

3. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

5.3.2 Lync Reverse Proxy HTTP Virtual Service

To configure a Virtual Service for Lync Reverse Proxy HTTP, follow the additional steps below:

Lync Reverse Proxy HTTP Virtual.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

5.3.3 Lync Reverse Proxy HTTPS Virtual Service

To configure a Virtual Service for Lync Reverse Proxy HTTPS, follow the additional steps below:

Lync Reverse Proxy HTTP Virtual.png

1. Expand Advanced Properties section and input the following options:

2. Enter the Default Gateway for the connected network  (this default gateway will be on the same network as the Virtual Service)

6 Additional Information

Some additional information that may be of use is contained within the sections below.

6.1 Server Maintenance

When blocking traffic to a server during maintenance, removing the server IP entry from the pool Fully Qualified Domain Name (FQDN) is not sufficient. The server entry must be removed from the DNS. As the server to server traffic is topology-aware, in order to block server to server traffic the server must be removed from the DNS topology.

6.2 Loss of Failover while using DNS

Loss of failover when load balancing Edge pools using DNS is possible in the following scenarios:

Federation with organizations running OCS versions older than Lync 2010

PIM connectivity with Skype, Windows Live, AOL, Yahoo! and XMPP partners

UM Play on Phone functionality

Transferring calls from UM Auto Attendant

6.3 Hardware Load Balancing

If hardware load balancing is being used, a list of the ports that must be open can be found here: http://technet.microsoft.com/en-us/library/gg398833.aspx

Hardware load balancing Edge servers requires N+1 Public IP addresses.

Refer to the two links below for further information on hardware load balancing:

http://technet.microsoft.com/en-us/library/gg398739.aspx

http://technet.microsoft.com/en-us/library/gg398478.aspx

6.4 Configuration Caution

CAUTION – A Single Pair deployment means that Internal and External traffic traverses the same LoadMaster unit. As a result, a denial of service could impact both the internal and external Lync Server deployment.

References

The following sources are referred to in this document:

KEMP Technologies website

www.kemptechnologies.com

KEMP Technologies Documentation page

http://kemptechnologies.com/loadmaster-documentation

Web User Interface (WUI), Configuration Guide

http://kemptechnologies.com/loadmaster-documentation

Virtual Services and Templates, Feature Description

Ports and Protocols for Internal Servers

1. http://technet.microsoft.com/en-us/library/gg398833.aspx

Port Summary - Scaled Consolidated Edge with Hardware Load Balancers

2. http://technet.microsoft.com/en-us/library/gg398739.aspx

Scaled Consolidated Edge with Hardware Load Balancers

3. http://technet.microsoft.com/en-us/library/gg398478.aspx

Document History

Date Change Reason for Change Version Resp.

July 2014

Release updates

Updates for 7.1-18a

1.7

LB

July 2014

Minor updates

Defects resolved

1.8

LB

Feb 2015

Updated

Topology Enhancements

1.9

KJ/IK

Oct 2015

Release updates

Updates for 7.1-30

3.0

LB

Jan 2016

Minor updates

Updated Copyright Notices

4.0

LB

Jan 2017

Minor updates

Enhancements made

5.0

LB

July 2017 Minor updates Enhancements made 6.0 CMC

 

 

Was this article helpful?

0 out of 0 found this helpful

Comments