Microsoft Lync 2013

2 Introduction

 KEMP’s LoadMaster family of purpose-built hardware and Virtual Appliances (VLM) offer advanced Layer 4 and Layer 7 server load balancing, content switching, SSL Acceleration and a multitude of other advanced Application Delivery and Optimization (ADC) features.

KEMP’s LoadMaster fully supports Microsoft’s key solutions and are approved by Microsoft (KEMP is a Microsoft Gold partner). The LoadMaster efficiently distributes user traffic for Microsoft Lync 2013 so that users get the best experience possible.

The entire KEMP LoadMaster product family, including the Virtual LoadMaster (VLM) supports Microsoft Lync 2013.

For more information about KEMP Technologies, visit us online at www.kemptechnologies.com.

2.1 Microsoft Lync 2013

Microsoft Lync is a communications tool which provides services such as audio/video conferencing, Instant Messaging (IM) and Voice over Internet Protocol (VoIP). These services can all be accessible from the Internet, or from an internal network. Microsoft Lync allows companies to enhance collaboration amongst employees.

A number of enhancements have been made in Microsoft Lync 2013. The network topology setup is quite similar to the previous version but with a number of small differences. Changes include the consolidation of the archiving and monitoring features towards the front-end servers (optional feature). The Lync 2010 Director role is now optional and is not recommended anymore. Less servers are needed because front-end servers can now take the role of Director.

2.2 Document Purpose

This documentation is intended to provide guidance on how to configure KEMP LoadMaster products to provide high availability for a Microsoft Lync Server 2013 environment. This documentation is created using a representative sample environment described later in the document. As this documentation is not intended to cover every possible deployment scenario it may not address unique setup or requirements. The KEMP Support Team is available to provide solutions for scenarios not explicitly defined.

2.3 Prerequisites

It is assumed that the reader is a network administrator or a person otherwise familiar with networking and general computer terminology. It is further assumed that the Microsoft Lync Server 2013 environment has been set up and the KEMP LoadMaster has been installed.

Other LoadMaster documentation can be referred to as needed from http://www.kemptechnologies.com/documentation.

The minimum requirements that should be met before proceeding are as follows:

LoadMaster firmware version 7.0-6 or above should be installed

Configured and published Microsoft Lync Server architecture with Lync Topology builder

Installed the Microsoft Servers, Active Directories and followed other Microsoft requirements

Configured internal and external DNS entries for Front-End, Director and Edge pools

Established access to the LoadMaster Web User Interface (WUI)

3 Load Balancing Microsoft Lync 2013

Load Balancing Microsoft Lync.png

Deploying a Microsoft Lync environment can require multiple servers in Front-End pools and Edge server pools. Load balancing is necessary in this situation to distribute the traffic amongst these servers.

Microsoft Lync Server 2013 supports two load balancing solutions: DNS load balancing and Hardware Load Balancing (HLB). Hardware load balancers are also required to provide load balancing for the internal and external web services when DNS load balancing is used.

Different load balancing methods cannot be used on the Edge internal and Edge external interfaces, for example, DNS load balancing cannot be used on the Edge internal interface when hardware load balancing is being used on the Edge external interface. Health checking at the LoadMaster ensures that, if one of the servers becomes inaccessible, the load balancer will take the sever offline and automatically re-route and reconnect users to other functioning servers.

KEMP Technology recommend the configuration as depicted in the above diagram. If your configuration differs from the recommended configuration and there are issues deploying the LoadMaster, please contact the local KEMP Support Team for assistance.

4 General Configuration

Some recommended general LoadMaster configuration settings are outlined below. These options can be set within the LoadMaster WUI.

4.1 Disable SNAT Globally

By default, global Server Network Address Translation (SNAT) is enabled in the LoadMaster settings. KEMP recommends disabling SNAT globally when using the LoadMaster with a Lync 2013 environment. To disable SNAT globally, follow the steps below:

1. In the main menu, select System Configuration.

2. Select Miscellaneous Options.

3. Select Network Options.

SCMONO003.png

4. Remove the check from the Enable Server NAT check box.

4.2 Subnet Originating Requests

When the LoadMaster is deployed in a two-armed configuration, KEMP recommends enabling Subnet Originating Requests. When this option is enabled, the LoadMaster will use its local IP address, instead of the IP address of the Virtual Service, when communicating to the Real Servers.

Subnet Originating Requests can be enabled on a per-Virtual Service or a global basis.

It is recommended that the Subnet Originating Requests option is enabled on a per-Virtual Service basis.

To enable Subnet Originating Requests globally, follow the steps below:

1. In the main menu of the LoadMaster WUI, select System Configuration > Miscellaneous Options > Network Options.

Disable SNAT Globally.png

2. Select the Subnet Originating Requests check box.

4.3 Change Drop Connections Settings

 The LoadMaster must be configured to drop connections on Real Server Failure to have fast failover for clients to another Real Server.

1. To configure dropping connections, click System Configuration.

2. Click Miscellaneous Options.

3. Click L7 Configuration.

068.png

4. Select the Drop Connections on RS failure checkbox.

4.4 Increase the Connection Timeout

The Loadmaster Connection Timeout must be set to one day. The reason why this value can be set so high is because the LoadMaster monitors client connection to Real Servers and if a server fails then the LoadMaster can drop the associated client connections to that real server.  Clients are disconnected from the LoadMaster and then reconnected to the LoadMaster to connect to another Real Server. 

One day is the maximum value for this setting and it must be used in conjunction with the Drop Connections on RS failure option.

1. To configure the Connection Timeout, click System Configuration.

2. Click Miscellaneous Options.

3. Click L7 Configuration.

070.png

4. Enter 86400 (1 day) in the L7 Connection Drain Time (secs) field and click Set Time.

4.5 Connection Scaling For Large Scale Deployments

Execution of this procedure is optional and should be used only in cases where network traffic is expected to be greater than 64,000 server connections at any one particular time.

 L7 Transparency must be disabled in order to use connection scaling.

1. To use connection scaling, click System Configuration.

2. Click Miscellaneous Options.

3. Click L7 Configuration.

069.png

4. Select the Allow connection scaling over 64K Connections checkbox.

5. Click Virtual Services.

6. Click View/Modify Services.

7. Click the Modify button of the appropriate Virtual IP Address.

8. Expand the Advanced Properties section.

VSVSAP010.png

9. In the Advanced Properties panel, input a list of Alternate Source Addresses. Multiple IPV4 addresses must be separated with a space; each must be unallocated and allow 64K connections.

10. Click the Set Alternate Source Addresses button.

5 Template

KEMP has developed a template containing our recommended settings for this workload. You can install this template to help when creating Virtual Services, as it automatically populates the settings. This is quicker and easier than manually configuring each Virtual Service. If needed, changes can be made to any of the Virtual Service settings after using the template.

Download released templates from the Templates section on the KEMP documentation page: http://kemptechnologies.com/documentation.

For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description on the KEMP Documentation Page.

For steps on how to manually add and configure each of the Virtual Services using the recommended settings, refer to the steps in this document.

6 Configuring Virtual Services for Lync 2013

This deployment guide covers three types of Virtual Service; DNS Only, HLB only and those that are common to both types of environment. The below sections provide instructions and recommended configuration options for setting up a KEMP LoadMaster to work with Lync 2013 using these configuration options.

For an explanation of each of the fields mentioned, refer to the Web User Interface (WUI), Configuration Guide.

6.1 DNS Only Configuration

Refer to the sections below for instructions on how to set up the LoadMaster using a DNS only configuration.

Microsoft recommends that DNS load balancing is used for Session Initiation Protocol (SIP) traffic. Microsoft also recommend that web services are configured to override FQDN for internal web services.

Source-IP Persistence

Source IP persistence can be used but take care before enabling it because:

Clients from behind an NAT device show up as a single IP

It can result in uneven connection distribution

Cookies

If cookies are used, there is no negative impact. However, there are some requirements:

The cookie must be named MS-WSMAN

It must not expire

It must not be marked httpOnly

Cookie optimization should be turned off

To configure the various Front-End Virtual Services, refer to the sections below.

6.1.1 Lync Internal WebSvc HTTPS Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Internal WebSvc HTTPS.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Force L4 Disabled  
  Extra Ports 4443 Click Set Extra Ports.

 

Transparency Disabled  

 

Persistence Options Source IP Address  
  Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

6.1.2 Lync Director 2013 DNS Virtual Service

To configure a Virtual Service for Lync Director, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Director.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Extra Ports 444,4443 Click Set Extra Ports.
  Transparency Disabled  

 

Persistence Options Source IP Address  

 

Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

6.1.3 Lync Internal WebSvc HTTP Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 80 in the Port field.

4. Enter a recognisable Service Name, for example Lync Internal WebSvc HTTP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Extra Ports 8080 Click Set Extra Ports.
  Persistence Options Source IP Address  

 

Persistence Timeout 20 Minutes  

 

Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

6.2 HLB Only Configuration

The HLB only configuration instructions are below.

6.2.1 Lync Director 2013 HLB Virtual Service

To configure a Virtual Service for Lync Director, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Director.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Extra Ports 444,4443 Click Set Extra Ports.
  Transparency Disabled  

 

Persistence Options Source IP Address  

 

Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

6.2.2 Lync Internal Director SIP Virtual Service

To configure a Virtual Service for Lync Internal Director SIP, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 5061 in the Port field.

4. Enter a recognisable Service Name, for example Lync Internal Director SIP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment
Basic Properties Service Type Generic  

Standard Options

Force L4 Disabled  
  Transparency Disabled  

 

Server Initiating Protocols Normal Protocols  

 

Persistence Options Source IP Address  
  Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

 

6.2.3 Lync Mediation Virtual Service

DNS-only load balancing is sufficient for Mediation pools. If using the LoadMaster instead of DNS, load balance only TCP port 5070.

To configure a Virtual Service for Lync Mediation, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 5070 in the Port field.

4. Enter a recognisable Service Name, for example Lync Mediation.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment
Basic Properties Service Type Generic  

Standard Options

Force L4 Disabled  
  Transparency Disabled  

 

Server Initiating Protocols Normal Protocols  

 

Persistence Options Source IP Address  
  Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5070 Click Set Check Port.

6.2.4 Lync Edge Internal AV Media TCP Virtual Service

This is the failback path for A/V media transfer. It is used for file transfer and desktop sharing.

To configure a Virtual Service for Lync Edge Internal AV Media TCP, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge Internal AV Media TCP.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment
Basic Properties Service Type Generic  

Standard Options

Force L4 Disabled  
  Transparency Disabled  

 

Server Initiating Protocols Normal Protocols  

 

Persistence Options Source IP Address  
  Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

6.2.5 Lync Edge Internal AV Media UDP Virtual Service

This is the preferred path for A/V media transfer.

To configure a Virtual Service for Lync Edge Internal AV Media UDP, follow the steps below:

1. Click the Add New button.

2. Enter a Virtual Address.

3. Enter 3478 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge Internal AV Media UDP.

5. Select udp as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Real Servers

Real Server Check Parameters ICMP Ping

 

6.2.6 Lync Edge Internal SIP Virtual Service

This is used by Directors and FE Pools.

To configure a Virtual Service for Lync Edge Internal SIP, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 5061 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge Internal SIP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment
Basic Properties Service Type Generic  

Standard Options

Extra Ports 5062 Click Set Extra Ports. Port 5062 is used by any FE pool and SBA.
  Server Initiating Protocols Normal Protocols  

 

Persistence Options Source IP Address  

 

Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

6.2.7 Lync Internal WebSvc HTTP Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 80 in the Port field.

4. Enter a recognisable Service Name, for example Lync Internal WebSvc HTTP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Extra Ports 8080 Click Set Extra Ports.
  Persistence Options Source IP Address  

 

Persistence Timeout 20 Minutes  

 

Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

6.2.8 Lync Internal Front-End DCOM Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 135 in the Port field.

4. Enter a recognisable Service Name, for example Lync Internal Front-End DCOM.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Transparency Disabled  
  Server Initiating Protocols Normal Protocols  

 

Persistence Options Source IP Address  

 

Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

6.2.9 Lync Internal WebSvc HTTPS Virtual Service

To configure a Virtual Service for Lync Internal WebSvc HTTPS HLB Only, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Internal WebSvc HTTPS HLB Only.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Force L4 Enabled  
  Extra Ports 4443 Click Set Extra Ports.

 

Transparency Disabled  

 

Persistence Options Source IP Address  
  Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

6.2.10 Lync Internal Front-End SIP Virtual Service

To configure a Virtual Service for Lync Internal Front-End SIP, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 5061 in the Port field.

4. Enter a recognisable Service Name, for example Lync Internal Front-End SIP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment
Basic Properties Service Type Generic  

Standard Options

Force L4 Disabled  
  Extra Ports 448,5070-5073,5075,5076,5080 Click Set Extra Ports.

 

Transparency Disabled  

 

Server Initiating Protocols Normal Protocols  
  Persistence Options Source IP Address  
  Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

6.2.11 Configure Edge Virtual Services

To configure the various Edge Virtual Services, refer to the sections below.

When load balancing external interfaces of Edge pools, the shared interface IP should be used as the default gateway on all Edge interfaces. Also, a publicly routable IP with no NAT or port translation must be used.

6.2.11.1 Lync Edge External AV Media UDP Virtual Service

To configure a Virtual Service for Lync Edge External AV Media UDP, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 3478 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge External AV Media UDP.

5. Select udp as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Standard Options

Persistence Options Source IP Address
  Persistence Timeout 20 Minutes

 

Scheduling Method least connection

Real Servers

Real Server Check Parameters ICMP Ping

 

6.2.11.2 Lync Edge External SIP Virtual Service

To configure a Virtual Service for Lync Edge External SIP, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge External SIP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Force L4 Disabled  
  Transparency Disabled  

 

Persistence Options Source IP Address  

 

Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

6.2.11.3 Lync Edge External SIP Federation Virtual Service

To configure a Virtual Service for Lync Edge External SIP Federation, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 5061 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge External SIP Federation.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Force L4 Disabled  
  Transparency Disabled  

 

Persistence Options Source IP Address  

 

Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

6.2.11.4 Lync Edge External XMPP Virtual Service

To configure a Virtual Service for Lync Edge External XMPP, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 5269 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge External XMPP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Force L4 Disabled  
  Transparency Disabled  

 

Persistence Options Source IP Address  

 

Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

6.2.11.5 Lync Edge External Conferencing Virtual Service

To configure a Virtual Service for Lync Edge External Conferencing, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge External Conferencing.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Force L4 Disabled  
  Transparency Disabled  

 

Persistence Options Source IP Address  

 

Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.
Advanced Properties Redirection URL https://%h%s Click Add HTTP Redirector.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 443 Click Set Check Port.

6.2.11.6 Lync Edge External AV Media TCP Virtual Service

To configure a Virtual Service for Lync Edge External AV, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Edge External AV Media TCP.

5. Ensure that tcp is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Force L4 Disabled  
  Transparency Enabled  

 

Persistence Options Source IP Address  

 

Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 443 Click Set Check Port.

6.3 Common to Both

The Virtual Services listed below are common to both DNS and HLB configurations.

6.3.1 Lync Office Web App Servers Virtual Service

To configure a Virtual Service for Office Web App Servers, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Office Web App Servers.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment
SSL Properties SSL Acceleration Enabled  
  Reencrypt Enabled  

Standard Options

Persistence Options Super HTTP and Source IP  
  Persistence Timeout 30 Minutes  

 

Scheduling Method least connection  

 

Idle Connection Timeout 1800 Click Set Idle Timeout.
Advanced Properties Redirection URL https://%h%s Click Add HTTP Redirector.

Real Servers

Real Server Check Parameters HTTPS Protocol  
  URL /hosting/discovery Click Set URL.
  Use HTTP/1.1 Enabled  
  HTTP Method GET  

6.3.2 Lync Director Reverse Proxy HTTP Virtual Service

To configure a Virtual Service for Lync Reverse Proxy HTTP, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 80 in the Port field.

4. Enter a recognisable Service Name, for example Lync Director Reverse Proxy HTTP.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Force L4 Disabled  
  Transparency Disabled  

 

Persistence Options Source IP Address  

 

Persistence Timeout 20 Minutes  
  Scheduling Method least connection  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 8080 as the Port.

Ensure to not use 80 as the Real Server Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

9.

6.3.3 Lync Director Reverse Proxy HTTPS Virtual Service

To configure a Virtual Service for Lync Reverse Proxy HTTPS, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Director Reverse Proxy HTTPS.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment
SSL Properties SSL Acceleration Enabled  
  Reencrypt Enabled  

Standard Options

Persistence Options Source IP Address  
  Persistence Timeout 20 Minutes  

 

Scheduling Method least connection  

 

Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server for the Director(s).

d) Type 4443 as the Port.

Ensure to not use 443 as the Real Server Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

6.3.4 Lync Front End Reverse Proxy HTTP Virtual Service

To configure a Virtual Service for Lync Reverse Proxy HTTP, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 80 in the Port field.

4. Enter a recognisable Service Name, for example Lync Front End Reverse Proxy HTTP.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment

Standard Options

Force L4 Disabled  
  Transparency Disabled  

 

Persistence Options Source IP Address  

 

Persistence Timeout 20 Minutes  
  Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 8080 as the Port.

Please do not use 80 as the Real Server Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

6.3.5 Lync Front End Reverse Proxy HTTPS Virtual Service

To configure a Virtual Service for Lync Reverse Proxy HTTPS, follow the steps below:

1. Click the Add New button.

 

2. Enter a Virtual Address.

3. Enter 443 in the Port field.

4. Enter a recognisable Service Name, for example Lync Front End Reverse Proxy HTTPS.

5. Ensure that TCP is set as the Protocol.

6. Click Add This Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comment
SSL Properties SSL Acceleration Enabled  
  Reencrypt Enabled  

Standard Options

Persistence Options Source IP Address  
  Persistence Timeout 20 Minutes  

 

Scheduling Method least connection  

 

Idle Connection Timeout 1800 Click Set Idle Timeout.

Real Servers

Real Server Check Parameters TCP Connection Only  
  Checked Port 5061 Click Set Check Port.

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 4443 as the Port.

Do not use 443 as the Real Server Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

7 Additional Information

Some additional information that may be of use is contained within the sections below.

7.1 Server Maintenance

When blocking traffic to a server during maintenance, removing the server IP entry from the pool Fully Qualified Domain Name (FQDN) is not sufficient. The server entry must be removed from the DNS. As the server to server traffic is topology-aware, in order to block server to server traffic the server must be removed from the DNS topology.

7.2 Loss of Failover while using DNS

Loss of failover when load balancing Edge pools using DNS is possible in the following scenarios:

Federation with organizations running OCS versions older than Lync 2010

PIM connectivity with Skype, Windows Live, AOL, Yahoo! and XMPP partners

UM Play on Phone functionality

Transferring calls from UM Auto Attendant

7.3 Hardware Load Balancing

If hardware load balancing is being used, a list of the ports that must be open can be found here: http://technet.microsoft.com/en-us/library/gg398833.aspx

Hardware load balancing Edge servers requires N+1 Public IP addresses.

Refer to the two links below for further information on hardware load balancing:

http://technet.microsoft.com/en-us/library/gg398739.aspx

http://technet.microsoft.com/en-us/library/gg398478.aspx

8 References

The following sources are referred to in this document:

KEMP Technologies website

www.kemptechnologies.com

KEMP Technologies Documentation page

http://kemptechnologies.com/loadmaster-documentation.

MS Lync 2013 Single Pair Addendum, Deployment Guidehttp://www.kemptechnologies.com/documentation

Web User Interface (WUI), Configuration Guide

http://www.kemptechnologies.com/documentation

Virtual Services and Templates, Feature Description

http://www.kemptechnologies.com/documentation

Ports and Protocols for Internal Servers

1. http://technet.microsoft.com/en-us/library/gg398833.aspx

Port Summary - Scaled Consolidated Edge with Hardware Load Balancers

2. http://technet.microsoft.com/en-us/library/gg398739.aspx

Scaled Consolidated Edge with Hardware Load Balancers

3. http://technet.microsoft.com/en-us/library/gg398478.aspx

Last Updated Date

This document was last updated on 03 January 2018.

Was this article helpful?

0 out of 0 found this helpful

Comments