MS Lync 2013 Single Pair Addendum
Contents
1 Introduction
1.1 Document Purpose
This documentation is intended to provide guidance on how to configure a single pair of Kemp LoadMaster products to provide high availability for a Microsoft Lync Server 2013 environment. This documentation is created using a representative sample environment described later in the document. As this documentation is not intended to cover every possible deployment scenario it may not address unique setup or requirements. The Kemp Support Team is available to provide solutions for scenarios not explicitly defined.
1.2 Prerequisites
It is assumed that the reader is a network administrator or a person otherwise familiar with networking and general computer terminology. It is further assumed that the Microsoft Lync Server 2013 environment has been set up and the Kemp LoadMaster has been installed.
Other LoadMaster documentation can be referred to as needed from http://kemptechnologies.com/loadmaster-documentation.
The minimum requirements that should be met before proceeding are as follows:
LoadMaster firmware version 7.0-6 or above should be installed
Configured and published Microsoft Lync Server architecture with Lync Topology builder
Installed the Microsoft Servers, Active Directories and followed other Microsoft requirements
Configured internal and external DNS entries for Front-End, Director and Edge pools
Established access to the LoadMaster Web User Interface (WUI)
2 Load Balancing Microsoft Lync 2013
CAUTION! - While Kemp supports the configuration as depicted in the above diagram, this deployment option departs from the Microsoft recommended standard, as described in http://technet.microsoft.com/en-us/library/gg398478(v=ocs.14).aspx. If your configuration differs from that depicted above, please contact the local Kemp Support Team for assistance.
3 Network Segmentation to support Lync deployments
LoadMaster uses the concept of a Virtual Service to publish services to clients. Clients can be actual end user clients or other servers which require access to the servers published by the Virtual Service. Virtual Services within the LoadMaster give the LoadMaster knowledge about local routes between networks. Using the local route/short cut between these interfaces may not always be the desired behaviour and this can be true within the Lync context specifically when configuring a Multi headed deployment on a single pair of LoadMaster devices.
Enabling Use Default Route Only "forces" traffic to follow back from Virtual Services to Real Server when a Default Gateway is configured on the specific Virtual Service.
If the traffic flowing between Virtual Service and the Real Server is able to take the shorter route using the LoadMaster when symmetric network operation is not required then that is achieved by not having a Virtual Service Default Gateway. Note - If a Virtual Service does not have a default route then the LoadMaster default route will be used.
To apply the above set up to the Lync Single Pair deployment a typical packet flow is shown in the below diagram. Deployments are unique and alternative flows may be configured or required depending on the specific deployment.
4 General Configuration
The required additional LoadMaster configuration settings are outlined below to support a single pair deployment. These options can be set within the LoadMaster WUI.
4.1 Enable Use Default Route Only
In order to route traffic properly in a single pair configuration, the Use Default Route Only option must be enabled globally.
- In the main menu, select System Configuration.
- Select Miscellaneous Options.
- Select Network Options.
- Enable Use Default Route Only.
When enabled, this option forces traffic from Virtual Services that have default route entries set, to only be routed to the interface where the Virtual Services' default route is located.
5 Configuring Virtual Services for Lync 2013
This guide covers three types of Virtual Service; DNS Only, HLB only and those that are common to both types of environment. The below sections provide the additional instructions and recommended configuration options for setting up a single pair of Kemp LoadMasters to work with Lync 2013 using these configuration options.
For an explanation of each of the fields mentioned, refer to the Web User Interface (WUI), Configuration Guide.
5.1 Lync Internal WebSvc HTTPS Virtual Service
To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.1.1 Lync Director 2013 DNS Virtual Service
To configure a Virtual Service for Lync Director, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.1.2 Lync Internal WebSvc HTTP Virtual Service
To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the internal network (this default gateway will be on the same network as the Virtual Service)
5.2 HLB Only Configuration
The HLB only configuration instructions are below.
5.2.1 Lync Director 2013 HLB Virtual Service
To configure a Virtual Service for Lync Director, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.2.2 Lync Internal Director SIP Virtual Service
To configure a Virtual Service for Lync Internal Director SIP, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.2.3 Lync Mediation Virtual Service
DNS-only load balancing is sufficient for Mediation pools. If using the LoadMaster instead of DNS, load balance only TCP port 5070.
To configure a Virtual Service for Lync Mediation, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.2.4 Lync Edge Internal AV Media TCP Virtual Service
This is the failback path for A/V media transfer. It is used for file transfer and desktop sharing.
To configure a Virtual Service for Lync Edge Internal AV Media TCP, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.2.5 Lync Edge Internal SIP Virtual Service
This is used by Directors and FE Pools.
To configure a Virtual Service for Lync Edge Internal SIP, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.2.6 Lync Internal WebSvc HTTP Virtual Service
To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.2.7 Lync Internal Front-End DCOM Virtual Service
To configure a Virtual Service for Lync Internal WebSvc HTTP, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.2.8 Lync Internal WebSvc HTTPS Virtual Service
To configure a Virtual Service for Lync Internal WebSvc HTTPS HLB Only, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.2.9 Lync Internal Front-End SIP Virtual Service
To configure a Virtual Service for Lync Internal Front-End SIP, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.2.10 Configure Edge Virtual Services
To configure the various Edge Virtual Services, refer to the sections below.
When load balancing external interfaces of Edge pools, Access VIP should be used as the default gateway on all Edge interfaces. Also, a publicly routable IP with no NAT or port translation must be used.
5.2.10.1 Lync Edge External SIP Virtual Service
To configure a Virtual Service for Lync Edge External SIP, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.2.10.2 Lync Edge External SIP Federation Virtual Service
To configure a Virtual Service for Lync Edge External SIP Federation, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.2.10.3 Lync Edge External XMPP Virtual Service
To configure a Virtual Service for Lync Edge External XMPP, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.2.10.4 Lync Edge External Conferencing Virtual Service
To configure a Virtual Service for Lync Edge External Conferencing, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.2.10.5 Lync Edge External AV Media TCP Virtual Service
To configure a Virtual Service for Lync Edge External AV, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.3 Common to Both
The Virtual Services listed below are common to both DNS and HLB configurations.
5.3.1 Lync Office Web App Servers Virtual Service
To configure a Virtual Service for Office Web App Servers, follow the additional steps below:
1. Expand the Advanced Properties section.
2. Enter https://%h%s in the Redirection URL field and click Add HTTP Redirector.
3. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.3.2 Lync Reverse Proxy HTTP Virtual Service
To configure a Virtual Service for Lync Reverse Proxy HTTP, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
5.3.3 Lync Reverse Proxy HTTPS Virtual Service
To configure a Virtual Service for Lync Reverse Proxy HTTPS, follow the additional steps below:
1. Expand Advanced Properties section and input the following options:
2. Enter the Default Gateway for the connected network (this default gateway will be on the same network as the Virtual Service)
6 Additional Information
Some additional information that may be of use is contained within the sections below.
6.1 Server Maintenance
When blocking traffic to a server during maintenance, removing the server IP entry from the pool Fully Qualified Domain Name (FQDN) is not sufficient. The server entry must be removed from the DNS. As the server to server traffic is topology-aware, in order to block server to server traffic the server must be removed from the DNS topology.
6.2 Loss of Failover while using DNS
Loss of failover when load balancing Edge pools using DNS is possible in the following scenarios:
Federation with organizations running OCS versions older than Lync 2010
PIM connectivity with Skype, Windows Live, AOL, Yahoo! and XMPP partners
UM Play on Phone functionality
Transferring calls from UM Auto Attendant
6.3 Hardware Load Balancing
If hardware load balancing is being used, a list of the ports that must be open can be found here: http://technet.microsoft.com/en-us/library/gg398833.aspx
Hardware load balancing Edge servers requires N+1 Public IP addresses.
Refer to the two links below for further information on hardware load balancing:
http://technet.microsoft.com/en-us/library/gg398739.aspx
http://technet.microsoft.com/en-us/library/gg398478.aspx
6.4 Configuration Caution
CAUTION - A Single Pair deployment means that Internal and External traffic traverses the same LoadMaster unit. As a result, a denial of service could impact both the internal and external Lync Server deployment.
References
The following sources are referred to in this document:
Kemp website
Kemp Documentation page
http://kemptechnologies.com/loadmaster-documentation
Web User Interface (WUI), Configuration Guide
http://kemptechnologies.com/loadmaster-documentation
Virtual Services and Templates, Feature Description
http://kemptechnologies.com/loadmaster-documentation
Ports and Protocols for Internal Servers
1. http://technet.microsoft.com/en-us/library/gg398833.aspx
Port Summary - Scaled Consolidated Edge with Hardware Load Balancers
2. http://technet.microsoft.com/en-us/library/gg398739.aspx
Scaled Consolidated Edge with Hardware Load Balancers
3. http://technet.microsoft.com/en-us/library/gg398478.aspx
Last Updated Date
This document was last updated on 03 March 2022.