// // 1 comment

[Tutorial] Microsoft Lync Edge Server without Reverse Proxy

A reverse proxy server such as Microsoft Forefront Treat Management Gateway 2010 or ISA Server 2006 is recommended to publish the External Web Services on the Lync Front end server to the Internet while protecting the server from attack. However, it is possible to use a Firewall to allow the traffic through to the Front End Server.
Using Lync without a reverse proxy is possible but not a supported deployment method by Microsoft. 
Purpose of Reverse Proxy, 

  • Enabling external users to download meeting content for your meetings.
  • Enabling external users to expand distribution groups.
  • Enabling remote users to download files from the Address Book service.
  • Accessing the Microsoft Lync Web App client.
  • Accessing the Dial-in Conferencing Settings webpage.
  • Accessing the Location Information service.
  • Enabling external devices to connect to Device Update web service and obtain updates.
In my case I am using below URL’s
meet.mytricks.in    ->simple URL
dialin.mytricks.in    ->simple URL
yncweb.mytricks.in  -> External Web Services URL
I am usening Cicso ASA 5510 Firewall.
I am able to connect my Lync Front End server from Internet via Edge server. All in place now just need to expose Simple URL’s & External Web Services.
While installing Lync it creates two web sites such as “Lync Server Internal Web Site” and “Lync Server External Web Site”. Each website is configured for either internal or external access.  The internal site is published on ports 80 & 443 & the external site is published on 8080 & 4443.  
As per Microsoft’s documentation you have to use a reverse proxy server to publish the external simple URLs and External web Services.
So let get started,
1. Assign additional IP address to your Lync Front End Server as shown below,
2. Open Internet Information Services (IIS) Manger ( start->Run-> type inetmgr and press Enter
3. Click on “Lync Server Internal Web Site” & click on Stop from right Pane “Mange Web Site” option as shown below,

4. Now click on “Lync Server External Web Site” & click on Bindings option as shown below,
5. Now Change the HTTP port from 8080 to 80 & https port from 4443 to 443, and change IP addres from * to IP address which we added in our first step (i.e. second IP address of front End server)
6. Please follow [Guide] Installing trusted Certificate on Microsoft Lync External Web Services & Simple URL’s
7. Now we need to configure our Cisco ASA 5510 firwall, 
Open Cisco ASA 5510 ASDM & go to Firewall-> Nat Rules -> Click on Add -> Add Static NAT Rule.. as shown below
8. Now we need to allow “HTTPS” for all outside users to access Simple URL’s & Web External Services..
Open Cisco ASA 5510 ASDM & go to Firewall-> Access Rules -> Add-> Click Add Access Rules,
9. Now login to Lync from Intenet via Lync Client & try to access Dialin,mytricks.in, meet.mytricks.in & lyncweb.mytricks.in

1 comment: