Microsoft Lync 2013

Contents

2 Introduction

 KEMP’s LoadMaster family of purpose-built hardware and Virtual Appliances (VLM) offer advanced Layer 4 and Layer 7 server load balancing, content switching, SSL Acceleration and a multitude of other advanced Application Delivery and Optimization (ADC) features.

KEMP’s LoadMaster fully supports Microsoft’s key solutions and are approved by Microsoft (KEMP is a Microsoft Gold partner). The LoadMaster efficiently distributes user traffic for Microsoft Lync 2013 so that users get the best experience possible.

The entire KEMP LoadMaster product family, including the Virtual LoadMaster (VLM) supports Microsoft Lync 2013.

For more information about KEMP Technologies, visit us online at www.kemptechnologies.com.

2.1 Microsoft Lync 2013

Microsoft Lync is a communications tool which provides services such as audio/video conferencing, Instant Messaging (IM) and Voice over Internet Protocol (VoIP). These services can all be accessible from the Internet, or from an internal network. Microsoft Lync allows companies to enhance collaboration amongst employees.

A number of enhancements have been made in Microsoft Lync 2013. The network topology setup is quite similar to the previous version but with a number of small differences. Changes include the consolidation of the archiving and monitoring features towards the front-end servers (optional feature). The Lync 2010 Director role is now optional and is not recommended anymore. Less servers are needed because front-end servers can now take the role of Director.

2.2 Document Purpose

This documentation is intended to provide guidance on how to configure KEMP LoadMaster products to provide high availability for a Microsoft Lync Server 2013 environment. This documentation is created using a representative sample environment described later in the document. As this documentation is not intended to cover every possible deployment scenario it may not address unique setup or requirements. The KEMP Support Team is available to provide solutions for scenarios not explicitly defined.

2.3 Prerequisites

It is assumed that the reader is a network administrator or a person otherwise familiar with networking and general computer terminology. It is further assumed that the Microsoft Lync Server 2013 environment has been set up and the KEMP LoadMaster has been installed.

Other LoadMaster documentation can be referred to as needed from http://www.kemptechnologies.com/documentation.

The minimum requirements that should be met before proceeding are as follows:

LoadMaster firmware version 7.0-6 or above should be installed

Configured and published Microsoft Lync Server architecture with Lync Topology builder

Installed the Microsoft Servers, Active Directories and followed other Microsoft requirements

Configured internal and external DNS entries for Front-End, Director and Edge pools

Established access to the LoadMaster Web User Interface (WUI)

3 Load Balancing Microsoft Lync 2013

Load Balancing Microsoft Lync.png

Deploying a Microsoft Lync environment can require multiple servers in Front-End pools and Edge server pools. Load balancing is necessary in this situation to distribute the traffic amongst these servers.

Microsoft Lync Server 2013 supports two load balancing solutions: DNS load balancing and Hardware Load Balancing (HLB). Hardware load balancers are also required to provide load balancing for the internal and external web services when DNS load balancing is used.

Different load balancing methods cannot be used on the Edge internal and Edge external interfaces, for example, DNS load balancing cannot be used on the Edge internal interface when hardware load balancing is being used on the Edge external interface. Health checking at the LoadMaster ensures that, if one of the servers becomes inaccessible, the load balancer will take the sever offline and automatically re-route and reconnect users to other functioning servers.

KEMP Technology recommend the configuration as depicted in the above diagram. If your configuration differs from the recommended configuration and there are issues deploying the LoadMaster, please contact the local KEMP Support Team for assistance.

4 General Configuration

Some recommended general LoadMaster configuration settings are outlined below. These options can be set within the LoadMaster WUI.

4.1 Disable SNAT Globally

By default, global Server Network Address Translation (SNAT) is enabled in the LoadMaster settings. KEMP recommends disabling SNAT globally when using the LoadMaster with a Lync 2013 environment. To disable SNAT globally, follow the steps below:

1. In the main menu, select System Configuration.

2. Select Miscellaneous Options.

3. Select Network Options.

Disable SNAT Globally.png

4. Remove the check from the Enable Server NAT check box.

4.2 Subnet Originating Requests

When the LoadMaster is deployed in a two-armed configuration, KEMP recommends enabling Subnet Originating Requests. When this option is enabled, the LoadMaster will use its local IP address, instead of the IP address of the Virtual Service, when communicating to the Real Servers.

Subnet Originating Requests can be enabled on a per-Virtual Service or a global basis.

It is recommended that the Subnet Originating Requests option is enabled on a per-Virtual Service basis.

To enable Subnet Originating Requests globally, follow the steps below:

1. In the main menu of the LoadMaster WUI, select System Configuration > Miscellaneous Options > Network Options.

Disable SNAT Globally.png

2. Select the Subnet Originating Requests check box.

4.3 Change Drop Connections Settings

 The LoadMaster must be configured to drop connections on Real Server Failure to have fast failover for clients to another Real Server.

1. To configure dropping connections, click System Configuration.

2. Click Miscellaneous Options.

3. Click L7 Configuration.

Change Drop Connections Settings.png

4. Select the Drop Connections on RS failure checkbox.

4.4 Increase the Connection Timeout

The Loadmaster Connection Timeout must be set to one day. The reason why this value can be set so high is because the LoadMaster monitors client connection to Real Servers and if a server fails then the LoadMaster can drop the associated client connections to that real server.  Clients are disconnected from the LoadMaster and then reconnected to the LoadMaster to connect to another Real Server. 

One day is the maximum value for this setting and it must be used in conjunction with the Drop Connections on RS failure option.

1. To configure the Connection Timeout, click System Configuration.

2. Click Miscellaneous Options.

3. Click L7 Configuration.

Increase the Connection Timeout.png

4. Enter 86400 (1 day) in the L7 Connection Drain Time (secs) field and click Set Time.

4.5 Connection Scaling For Large Scale Deployments

Execution of this procedure is optional and should be used only in cases where network traffic is expected to be greater than 64,000 server connections at any one particular time.

 L7 Transparency must be disabled in order to use connection scaling.

1. To use connection scaling, click System Configuration.

2. Click Miscellaneous Options.

3. Click L7 Configuration.

Connection Scaling For Large.png

4. Select the Allow connection scaling over 64K Connections checkbox.

5. Click Virtual Services.

6. Click View/Modify Services.

7. Click the Modify button of the appropriate Virtual IP Address.

8. Expand the Advanced Properties section.

VSVSAP010.png

9. In the Advanced Properties panel, input a list of Alternate Source Addresses. Multiple IPV4 addresses must be separated with a space; each must be unallocated and allow 64K connections.

10. Click the Set Alternate Source Addresses button.

5 Template

KEMP has developed a template containing our recommended settings for this workload. You can install this template to help when creating Virtual Services, as it automatically populates the settings. This is quicker and easier than manually configuring each Virtual Service. If needed, changes can be made to any of the Virtual Service settings after using the template.

Download released templates from the Templates section on the KEMP documentation page: http://kemptechnologies.com/documentation.

For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description on the KEMP Documentation Page.

For steps on how to manually add and configure each of the Virtual Services using the recommended settings, refer to the steps in this document.

6 Configuring Virtual Services for Lync 2013

This deployment guide covers three types of Virtual Service; DNS Only, HLB only and those that are common to both types of environment. The below sections provide instructions and recommended configuration options for setting up a KEMP LoadMaster to work with Lync 2013 using these configuration options.

For an explanation of each of the fields mentioned, refer to the Web User Interface (WUI), Configuration Guide.

6.1 DNS Only Configuration

Refer to the sections below for instructions on how to set up the LoadMaster using a DNS only configuration.

Microsoft recommends that DNS load balancing is used for Session Initiation Protocol (SIP) traffic. Microsoft also recommend that web services are configured to override FQDN for internal web services.

Source-IP Persistence

Source IP persistence can be used but take care before enabling it because:

Clients from behind an NAT device show up as a single IP

It can result in uneven connection distribution

Cookies

If cookies are used, there is no negative impact. However, there are some requirements:

The cookie must be named MS-WSMAN

It must not expire

It must not be marked httpOnly

Cookie optimization should be turned off

To configure the various Front-End Virtual Services, refer to the sections below.

6.1.1 Lync Internal WebSvc HTTPS Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the steps below:

1. Click the Add New button.

Lync Internal WebSvc HTTPS.png

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Internal WebSvc HTTPS.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

Lync Internal WebSvc HTTPS_1.png

7. Expand the Standard Options section and select the following options:

a) Ensure the Force L4 checkbox is clear (if visible).

b) Enter 4443 in the Extra Ports field and click Set Extra Ports.

c) Ensure the Transparency checkbox is clear.

d) Select Source IP Address as the Persistence Mode.

e) Select 20 Minutes as the Persistence Timeout.

f) Select least connection as the Scheduling Method.

g) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

Lync Internal WebSvc HTTPS_2.png

8. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

6.1.2 Lync Director 2013 DNS Virtual Service

To configure a Virtual Service for Lync Director, follow the steps below:

1. Click the Add New button.

Lync Director 2013 DNS Virtual.png

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Director.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

Lync Director 2013 DNS Virtual_1.png

7. Expand the Standard Options section and select the following options:

a) Enter 444,4443 in the Extra Ports field and click the Set Extra Ports button.

b) Remove the tick from the Transparency check box.

c) Select Source IP Address as the Persistence Mode.

d) Select 20 Minutes as the Persistence Timeout.

e) Select least connection as the Scheduling Method.

f) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

Lync Internal WebSvc HTTPS_2.png

8. Expand the Real Servers section.

9. Select TCP Connection Only as the Real Server Check Parameters.

10. Enter 5061 in the Checked Port field and click Set Check Port.

6.1.3 Lync Internal WebSvc HTTP Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the steps below:

1. Click the Add New button.

Lync Internal WebSvc HTTP.png

2. Enter a Virtual Address.

3. Enter 80 in the Port field.

4. Enter a recognisable Service Name, for example Lync Internal WebSvc HTTP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

Lync Internal WebSvc HTTP_1.png

7. Expand the Standard Options section and select the following options:

a) Enter 8080 in the Extra Ports text box and click the Set Extra Ports button.

b) Select Source IP Address as the Persistence Mode.

c) Select 20 Minutes as the Persistence Timeout.

d) Select least connection as the Scheduling Method.

e) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

Lync Internal WebSvc HTTPS_2.png

8. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

6.2 HLB Only Configuration

The HLB only configuration instructions are below.

6.2.1 Lync Director 2013 HLB Virtual Service

To configure a Virtual Service for Lync Director, follow the steps below:

1. Click the Add New button.

Lync Director 2013 HLB Virtual.png

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Director.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

Lync Director 2013 HLB Virtual_1.png

7. Expand the Standard Options section and select the following options:

a) Enter 444,4443 in the Extra Ports field and click the Set Extra Ports button.

b) Remove the tick from the Transparency check box.

c) Select Source IP Address as the Persistence Mode.

d) Select 20 Minutes as the Persistence Timeout.

e) Select least connection as the Scheduling Method.

f) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

Lync Internal WebSvc HTTPS_2.png

8. Expand the Real Servers section.

9. Select TCP Connection Only as the Real Server Check Parameters.

10. Enter 5061 in the Checked Port field and click Set Check Port.

6.2.2 Lync Internal Director SIP Virtual Service

To configure a Virtual Service for Lync Internal Director SIP, follow the steps below:

1. Click the Add New button.

Lync Internal Director SIP.png

2. Enter a Virtual Address.

3. Enter 5061 in the Port field.

4. Enter a recognisable Service Name, for example Lync Internal Director SIP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

Lync Internal Director SIP_1.png

7. Within the Basic Properties section, select Generic as the Service Type.

Lync Internal Director SIP_2.png

8. Expand the Standard Options section and select the following options:

a) Ensure the Force L4 checkbox is clear.

b) Ensure the Transparency checkbox is clear.

c) Select Normal Protocols in the Server Initiating Protocols drop-down menu.

d) Select Source IP Address as the Persistence Mode.

e) Select 20 Minutes as the Persistence Timeout.

f) Select least connection as the Scheduling Method.

g) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

Lync Internal WebSvc HTTPS_2.png

9. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

6.2.3 Lync Mediation Virtual Service

DNS-only load balancing is sufficient for Mediation pools. If using the LoadMaster instead of DNS, load balance only TCP port 5070.

To configure a Virtual Service for Lync Mediation, follow the steps below:

1. Click the Add New button.

Lync Mediation Virtual Service.png

2. Enter a Virtual Address.

3. Enter 5070 in the Port field.

4. Enter a recognisable Service Name, for example Lync Mediation.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

Lync Mediation Virtual Service_1.png

7. Within the Basic Properties section, select Generic as the Service Type.

Lync Mediation Virtual Service_2.png

8. Expand the Standard Options section and select the following options:

a) Ensure the Force L4 checkbox is clear.

b) Ensure the Transparency checkbox is clear.

c) Select Normal Protocols in the Server Initiating Protocols drop-down menu.

d) Select Source IP Address as the Persistence Mode.

e) Select 20 Minutes as the Persistence Timeout.

f) Select least connection as the Scheduling Method.

g) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

Lync Mediation Virtual Service_3.png

9. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the drop-down menu.

b) Enter 5070 in the Checked Port field and click Set Check Port.

6.2.4 Lync Edge Internal AV Media TCP Virtual Service

This is the failback path for A/V media transfer. It is used for file transfer and desktop sharing.

To configure a Virtual Service for Lync Edge Internal AV Media TCP, follow the steps below:

1. Click the Add New button.

Lync Edge Internal AV Media.png

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge Internal AV Media TCP.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

Lync Edge Internal AV Media_1.png

7. Within the Basic Properties section, select Generic as the Service Type.

Lync Edge Internal AV Media_2.png

8. Expand the Standard Options section and select the following options:

a) Ensure that the Force L4 check box is clear.

b) Ensure that the Transparency check box is clear.

c) Select Normal Protocols in the Server Initiating Protocols drop-down menu.

d) Select Source IP Address as the Persistence Mode.

e) Select 20 Minutes as the Persistence Timeout.

f) Select least connection as the Scheduling Method.

g) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

Lync Edge Internal AV Media_3.png

9. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

6.2.5 Lync Edge Internal AV Media UDP Virtual Service

This is the preferred path for A/V media transfer.

To configure a Virtual Service for Lync Edge Internal AV Media UDP, follow the steps below:

1. Click the Add New button.

Lync Edge Internal AV Media_1_1.png

2. Enter a Virtual Address.

3. Enter 3478 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge Internal AV Media UDP.

5. Select udp as the Protocol.

6. Click Add This Virtual Service.

Lync Edge Internal AV Media_1_2.png

7. Expand the Real Servers section.

8. Select ICMP Ping in the Real Server Check Parameters drop-down menu.

6.2.6 Lync Edge Internal SIP Virtual Service

This is used by Directors and FE Pools.

To configure a Virtual Service for Lync Edge Internal SIP, follow the steps below:

1. Click the Add New button.

Lync Edge Internal SIP Virtual.png

2. Enter a Virtual Address.

3. Enter 5061 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge Internal SIP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

Lync Edge Internal SIP Virtual_1.png

7. Within the Basic Properties section, select Generic as the Service Type.

Lync Edge Internal SIP Virtual_2.png

8. Expand the Standard Options section and select the following options:

a) Enter 5062 in the Extra Ports field and click Set Extra Ports.

Port 5062 is used by any FE pool and SBA

b) Select Normal Protocols in the Server Initiating Protocols drop-down menu.

c) Select Source IP Address as the Persistence Mode.

d) Select 20 Minutes as the Persistence Timeout.

e) Select least connection as the Scheduling Method.

f) Enter 1800 in the Idle Connection Timeout and click Set Idle Timeout.

Lync Edge Internal SIP Virtual_3.png

9. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the Real Server Check Parameters drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

6.2.7 Lync Internal WebSvc HTTP Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the steps below:

1. Click the Add New button.

Lync Internal WebSvc HTTP_1_1.png

2. Enter a Virtual Address.

3. Enter 80 in the Port field.

4. Enter a recognisable Service Name, for example Lync Internal WebSvc HTTP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

Lync Internal WebSvc HTTP_1_2.png

7. Expand the Standard Options section and select the following options:

a) Enter 8080 in the Extra Ports text box and click the Set Extra Ports button.

b) Select Source IP Address as the Persistence Mode.

c) Select 20 Minutes as the Persistence Timeout.

d) Select least connection as the Scheduling Method.

e) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

Lync Edge Internal SIP Virtual_3.png

8. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

6.2.8 Lync Internal Front-End DCOM Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the steps below:

1. Click the Add New button.

Lync Internal Front End DCOM.png

2. Enter a Virtual Address.

3. Enter 135 in the Port field.

4. Enter a recognisable Service Name, for example Lync Internal Front-End DCOM.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

Lync Internal Front End DCOM_1.png

7. Expand the Standard Options section and select the following options:

a) Deselect the Transparency checkbox.

b) Select Normal Protocols in the Server Initiating Protocols drop-down menu.

c) Select Source IP Address as the Persistence Mode.

d) Select 20 Minutes as the Persistence Timeout.

e) Select least connection as the Scheduling Method.

f) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

Lync Edge Internal SIP Virtual_3.png

8. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

6.2.9 Lync Internal WebSvc HTTPS Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTPS HLB Only, follow the steps below:

1. Click the Add New button.

Lync Internal WebSvc HTTPS_1_1.png

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Internal WebSvc HTTPS HLB Only.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

Lync Internal WebSvc HTTPS_1_2.png

7. Expand the Standard Options section and select the following options:

a) Select the Force L4 checkbox (if visible).

b) Enter 4443 in the Extra Ports field and click Set Extra Ports.

c) Ensure the Transparency checkbox is clear.

d) Select Source IP Address as the Persistence Mode.

e) Select 20 Minutes as the Persistence Timeout.

f) Select least connection as the Scheduling Method.

g) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

Lync Edge Internal SIP Virtual_3.png

8. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

6.2.10 Lync Internal Front-End SIP Virtual Service

To configure a Virtual Service for Lync Internal Front-End SIP, follow the steps below:

1. Click the Add New button.

Lync Internal Front End SIP.png

2. Enter a Virtual Address.

3. Enter 5061 in the Port field.

4. Enter a recognisable Service Name, for example Lync Internal Front-End SIP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

Lync Internal Front End SIP_1.png

7. Within the Basic Properties section, select Generic as the Service Type.

Lync Internal Front End SIP_2.png

8. Expand the Standard Options section and select the following options:

a) Ensure the Force L4 checkbox is clear.

b) Enter 448,5070-5073,5075,5076,5080 in the Extra Ports field and click the Set Extra Ports button.

c) Ensure the Transparency checkbox is clear.

d) Select Normal Protocols in the Server Initiating Protocols drop-down menu.

e) Select Source IP Address as the Persistence Mode.

f) Select 20 Minutes as the Persistence Timeout.

g) Select least connection as the Scheduling Method.

h) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

Lync Edge Internal SIP Virtual_3.png

9. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

6.2.11 Configure Edge Virtual Services

To configure the various Edge Virtual Services, refer to the sections below.

When load balancing external interfaces of Edge pools, the shared interface IP should be used as the default gateway on all Edge interfaces. Also, a publicly routable IP with no NAT or port translation must be used.

6.2.11.1 Lync Edge External AV Media UDP Virtual Service

To configure a Virtual Service for Lync Edge External AV Media UDP, follow the steps below:

1. Click the Add New button.

Configure Edge Virtual Services.png

2. Enter a Virtual Address.

3. Enter 3478 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge External AV Media UDP.

5. Select udp as the Protocol.

6. Click Add This Virtual Service.

Configure Edge Virtual Services_1.png

7. Expand the Standard Options section and select the following options:

a) Select Source IP Address as the Persistence Mode.

b) Set the Timeout to 20 Minutes.

c) Select least connection as the Scheduling Method.

Configure Edge Virtual Services_2.png

8. Expand the Real Servers section.

9. Select ICMP Ping in the Real Server Check Parameters drop-down menu.

6.2.11.2 Lync Edge External SIP Virtual Service

To configure a Virtual Service for Lync Edge External SIP, follow the steps below:

1. Click the Add New button.

Configure Edge Virtual Services_3.png

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge External SIP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

Configure Edge Virtual Services_4.png

7. Expand the Standard Options section and select the following options:

a) Ensure the Force L4 checkbox is clear.

b) Ensure the Transparency checkbox is clear.

c) Select Source IP Address as the Persistence Mode.

d) Select 20 Minutes as the Persistence Timeout.

e) Select least connection as the Scheduling Method.

f) Enter 1800 in the Idle Connection Timeout and click Set Idle Timeout.

Configure Edge Virtual Services_5.png

8. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the Real Server Check Parameters drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

6.2.11.3 Lync Edge External SIP Federation Virtual Service

To configure a Virtual Service for Lync Edge External SIP Federation, follow the steps below:

1. Click the Add New button.

Configure Edge Virtual Services_6.png

2. Enter a Virtual Address.

3. Enter 5061 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge External SIP Federation.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

Configure Edge Virtual Services_7.png

7. Expand the Standard Options section and select the following options:

a) Ensure the Force L4 checkbox is clear.

b) Ensure the Transparency checkbox is clear.

c) Select Source IP Address as the Persistence Mode.

d) Select 20 Minutes as the Persistence Timeout.

e) Select least connection as the Scheduling Method.

f) Enter 1800 in the Idle Connection Timeout and click Set Idle Timeout.

Configure Edge Virtual Services_5.png

8. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the Real Server Check Parameters drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

6.2.11.4 Lync Edge External XMPP Virtual Service

To configure a Virtual Service for Lync Edge External XMPP, follow the steps below:

1. Click the Add New button.

Configure Edge Virtual Services_8.png

2. Enter a Virtual Address.

3. Enter 5269 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge External XMPP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

Configure Edge Virtual Services_9.png

7. Expand the Standard Options section and select the following options:

a) Ensure the Force L4 checkbox is clear.

b) Ensure the Transparency checkbox is clear.

c) Select Source IP Address as the Persistence Mode.

d) Select 20 Minutes as the Persistence Timeout.

e) Select least connection as the Scheduling Method.

f) Enter 1800 in the Idle Connection Timeout and click Set Idle Timeout.

Configure Edge Virtual Services_5.png

8. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the Real Server Check Parameters drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

6.2.11.5 Lync Edge External Conferencing Virtual Service

To configure a Virtual Service for Lync Edge External Conferencing, follow the steps below:

1. Click the Add New button.

Configure Edge Virtual Services_10.png

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge External Conferencing.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

Configure Edge Virtual Services_11.png

7. Expand the Standard Options section and select the following options:

a) Ensure the Force L4 checkbox is clear.

b) Ensure the Transparency checkbox is clear.

c) Select Source IP Address as the Persistence Mode.

d) Select 20 Minutes as the Persistence Timeout.

e) Select least connection as the Scheduling Method.

f) Enter 1800 in the Idle Connection Timeout and click Set Idle Timeout.

Configure Edge Virtual Services_12.png

8. Expand the Advanced Properties section.

9. Enter https://%h%s in the Redirection URL field and click Add HTTP Redirector.

Configure Edge Virtual Services_13.png

10. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the Real Server Check Parameters drop-down menu.

b) Enter 443 in the Checked Port field and click Set Check Port.

6.2.11.6 Lync Edge External AV Media TCP Virtual Service

To configure a Virtual Service for Lync Edge External AV, follow the steps below:

1. Click the Add New button.

Configure Edge Virtual Services_14.png

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge External AV Media TCP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

Configure Edge Virtual Services_15.png

7. Expand the Standard Options section and select the following options:

a) Ensure the Force L4 checkbox is clear.

b) Select the Transparency checkbox.

c) Select Source IP Address as the Persistence Mode.

d) Select 20 Minutes as the Persistence Timeout.

e) Select least connection as the Scheduling Method.

f) Enter 1800 in the Idle Connection Timeout and click Set Idle Timeout.

Configure Edge Virtual Services_13.png

8. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the Real Server Check Parameters drop-down menu.

b) Enter 443 in the Checked Port field and click Set Check Port.

6.3 Common to Both

The Virtual Services listed below are common to both DNS and HLB configurations.

6.3.1 Lync Office Web App Servers Virtual Service

To configure a Virtual Service for Office Web App Servers, follow the steps below:

1. Click the Add New button.

Lync Office Web App Servers.png

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Office Web App Servers.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

Lync Office Web App Servers_1.png

7. Expand the SSL Properties section and select the following options:

a) Select the Enabled check box.

b) Select the Reencrypt check box.

Lync Office Web App Servers_2.png

8. Expand the Standard Options section and select the following options:

a) Select Super HTTP and Source IP as the Persistence Mode.

b) Select 30 Minutes as the Persistence Timeout.

c) Select least connection as the Scheduling Method.

d) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

VSVSAP011.png

9. Expand the Advanced Properties section.

10. Enter https://%h%s in the Redirection URL field and click Add HTTP Redirector.

Lync Office Web App Servers_4.png

11. Expand the Real Servers section and select the following options:

a) Select HTTPS Protocol in the drop-down menu.

b) Enter /hosting/discovery in the URL field and click Set URL.

c) Select the Use HTTP/1.1 checkbox.

d) Select GET as the HTTP Method.

6.3.2 Lync Director Reverse Proxy HTTP Virtual Service

To configure a Virtual Service for Lync Reverse Proxy HTTP, follow the steps below:

1. Click the Add New button.

Lync Director Reverse Proxy.png

2. Enter a Virtual Address.

3. Enter 80 in the Port field.

4. Enter a recognisable Service Name, for example Lync Director Reverse Proxy HTTP.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

Lync Director Reverse Proxy_1.png

7. Expand the Standard Options section and select the following options:

a) Ensure the Force L4 checkbox is clear.

b) Ensure the Transparency checkbox is clear.

c) Select Source IP Address as the Persistence Mode.

d) Select 20 Minutes as the Persistence Timeout.

e) Select least connection as the Scheduling Method.

f) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

Lync Director Reverse Proxy_2.png

8. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

9. Click the Add New … button to add a Real Server.

Lync Director Reverse Proxy_3.png

10. Enter the Real Server Address for the Director(s).

11. Enter 8080 as the port.

Ensure to not use 80 as the Real Server Port.

12. Click the Add This Real Server button.

6.3.3 Lync Director Reverse Proxy HTTPS Virtual Service

To configure a Virtual Service for Lync Reverse Proxy HTTPS, follow the steps below:

1. Click the Add New button.

Lync Director Reverse Proxy_1_1.png

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Director Reverse Proxy HTTPS.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

7. Expand the SSL Properties section.

Lync Director Reverse Proxy_1_2.png

8. Select the Enabled check box.

9. Click OK.

10. Select the Reencrypt checkbox.

Lync Director Reverse Proxy_1_3.png

11. Expand the Standard Options section and select the following options:

a) Select Source IP Address as the Persistence Mode.

b) Select 20 Minutes as the Persistence Timeout.

c) Select least connection as the Scheduling Method.

d) Enter 1800 in the Idle Connection Timeout text box and click Set Idle Timeout.

Lync Director Reverse Proxy_2.png

12. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

13. Click the Add New … button to add a Real Server.

Lync Director Reverse Proxy_1_4.png

14. Enter the Real Server Address for the Director(s).

15. Enter 4443 as the Port.

Ensure to not use 443 as the Real Server Port.

16. Click the Add This Real Server button.

6.3.4 Lync Front End Reverse Proxy HTTP Virtual Service

To configure a Virtual Service for Lync Reverse Proxy HTTP, follow the steps below:

1. Click the Add New button.

Lync Front End Reverse Proxy.png

2. Enter a Virtual Address.

3. Enter 80 in the Port field.

4. Enter a recognisable Service Name, for example Lync Front End Reverse Proxy HTTP.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

Lync Front End Reverse Proxy_1.png

7. Expand the Standard Options section and select the following options:

a) Ensure the Force L4 checkbox is clear.

b) Ensure the Transparency checkbox is clear.

c) Select Source IP Address as the Persistence Mode.

d) Select 20 Minutes as the Persistence Timeout.

e) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

Lync Director Reverse Proxy_2.png

8. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

9. Click the Add New button to add a Real Server.

Lync Front End Reverse Proxy_2.png

10. Enter the Real Server Address for Front End Server(s).

11. Enter 8080 as the port.

Please do not use 80 as the Real Server Port.

12. Click the Add This Real Server button.

6.3.5 Lync Front End Reverse Proxy HTTPS Virtual Service

To configure a Virtual Service for Lync Reverse Proxy HTTPS, follow the steps below:

1. Click the Add New button.

Lync Front End Reverse Proxy_1_1.png

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Front End Reverse Proxy HTTPS.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

7. Expand the SSL Properties section.

Lync Front End Reverse Proxy_1_2.png

8. Select the Enabled check box.

9. Click OK.

10. Select the Reencrypt checkbox.

Lync Front End Reverse Proxy_1_3.png

11. Expand the Standard Options section and select the following options:

a) Select Source IP Address as the Persistence Mode.

b) Select 20 Minutes as the Persistence Timeout.

c) Select least connection as the Scheduling Method.

d) Enter 1800 in the Idle Connection Timeout text box and click Set Idle Timeout.

Lync Director Reverse Proxy_2.png

12. Expand the Real Servers section and select the following options:

a) Select TCP Connection Only in the drop-down menu.

b) Enter 5061 in the Checked Port field and click Set Check Port.

13. Click the Add New … button to add a Real Server.

Lync Front End Reverse Proxy_1_4.png

14. Enter the Real Server Address for Front End Server(s).

15. Enter 4443 as the Port.

Do not use 443 as the Real Server Port.

16. Click the Add This Real Server button.

7 Additional Information

Some additional information that may be of use is contained within the sections below.

7.1 Server Maintenance

When blocking traffic to a server during maintenance, removing the server IP entry from the pool Fully Qualified Domain Name (FQDN) is not sufficient. The server entry must be removed from the DNS. As the server to server traffic is topology-aware, in order to block server to server traffic the server must be removed from the DNS topology.

7.2 Loss of Failover while using DNS

Loss of failover when load balancing Edge pools using DNS is possible in the following scenarios:

Federation with organizations running OCS versions older than Lync 2010

PIM connectivity with Skype, Windows Live, AOL, Yahoo! and XMPP partners

UM Play on Phone functionality

Transferring calls from UM Auto Attendant

7.3 Hardware Load Balancing

If hardware load balancing is being used, a list of the ports that must be open can be found here: http://technet.microsoft.com/en-us/library/gg398833.aspx

Hardware load balancing Edge servers requires N+1 Public IP addresses.

Refer to the two links below for further information on hardware load balancing:

http://technet.microsoft.com/en-us/library/gg398739.aspx

http://technet.microsoft.com/en-us/library/gg398478.aspx

8 References

The following sources are referred to in this document:

KEMP Technologies website

www.kemptechnologies.com

KEMP Technologies Documentation page

http://kemptechnologies.com/loadmaster-documentation.

MS Lync 2013 Single Pair Addendum, Deployment Guidehttp://www.kemptechnologies.com/documentation

Web User Interface (WUI), Configuration Guide

http://www.kemptechnologies.com/documentation

Virtual Services and Templates, Feature Description

http://www.kemptechnologies.com/documentation

Ports and Protocols for Internal Servers

1. http://technet.microsoft.com/en-us/library/gg398833.aspx

Port Summary - Scaled Consolidated Edge with Hardware Load Balancers

2. http://technet.microsoft.com/en-us/library/gg398739.aspx

Scaled Consolidated Edge with Hardware Load Balancers

3. http://technet.microsoft.com/en-us/library/gg398478.aspx

Document History

Date Change Reason for Change Version Resp.

July 2016

Release updates

Updates for 7.1.35

7.0

LB

Oct 2016

Release updates

Updates for 7.2.36

8.0

POC

Jan 2017

Minor changes

Enhancement made

9.0

LB

July 2017 Release updates Updates for 7.2.39 10.0 CMC

 

Was this article helpful?

0 out of 0 found this helpful

Comments