SHARE



ABOUT THE AUTHOR


Kevin Kieller and Dino Caputo
SHARE



Kevin Kieller and Dino Caputo | October 28, 2014 |

 
   

Technically Lync: Reverse Proxy Alternatives

Technically Lync: Reverse Proxy Alternatives Using IIS ARR 3.0 on Windows Server 2012 as a Reverse Proxy for Lync Server 2013

Using IIS ARR 3.0 on Windows Server 2012 as a Reverse Proxy for Lync Server 2013

In our second article of this series catering to the more technical audience in the No Jitter crowd, we explore the role of and options for a Lync reverse proxy server. (The first Technically Lync article investigated real-time monitoring of your Lync environment.)

Like all unified communications solutions, Microsoft Lync UC requires several server roles. These different server roles take care of communication modalities such as instant messaging, presence, voice, video, persistent chat and conferencing; connection management, including remote access and federation; and management and reporting, including monitoring and archiving.

The reverse proxy role is one of the Lync supporting roles that's needed to enable a complete remote Lync experience. Some of the key features that the remote proxy enables include:

  • Allowing external users to download meeting content
  • Enabling remote users to download files from the Address Book service
  • Letting external participants access the Lync Web App client
  • Providing access to the dial-in conferencing Web page
  • Enabling mobile applications to automatically discover and use mobility URLs from the Internet
In general, a reverse proxy server accesses resources on behalf of a client from one or more servers and then returns these resources to the client as if they came directly from the server itself. A reverse proxy serves a security role in that it can "hide" the existence or attributes of key servers. It can also assist in load balancing to distribute the load from incoming client requests across multiple servers.

In the past, many Lync installations relied on Threat Management Gateway (TMG) which had to be purchased separately. However, in November 2012, Microsoft ceased license sales of TMG 2010. While Microsoft still supports the product, you might want to consider using a reverse proxy alternative instead.

And with that overview out of the way, I turn it over to my more technical colleague Dino Caputo. Dino is a Microsoft Certified System Engineer (MCSE) as well as a Microsoft Certified Technology Specialist (MCTS) in LCS 2005, OCS 2007, Lync 2010 and 2013. In summary, Dino knows lots about successfully deploying Lync.

Over to Dino ...

I've reliably been using Internet Information Server Application Request Routing (IIS ARR), free with Windows Server, as a low-cost replacement for ISA/TMG for some time now; however, I recently had a customer that had provisioned Windows Server 2012R2 so I decided to use IIS ARR 3.0 instead of 2.5, which is what I've always used for previous installations. (According to Microsoft, "[IIS ARR] ... is a fully tested and supported option for implementing a reverse proxy for Lync Server 2010 and Lync Server 2013.")

I found some good information on this subject available at NextHop, which I've always followed and has served me well.

On the surface, IIS ARR 3.0 looks identical to Version 2.5; however, I ran into many challenges with rules not processing in 3.0 as expected under 2.5. After much trial and tribulation, I ended up deleting all my rules, starting from scratch and coming up with a different configuration by combining some lessons learned from Lync MVP Richard Brynteson's post.

Based on my experience, I share the process that worked well for me in the hope that it can perhaps help a few other folks along the way:
  1. Start with a fresh installation of Windows Server 2012 R2 and install IIS from Server Manager. In this case I had a single NIC server that joined to the domain and the corporate network. I enabled the Windows firewall and configured the external Firewall to allow ports TCP 80 and 443 inbound in a 1:1 NAT configuration.
  2. Download the Microsoft Web Platform Installer (currently 5.0) and search for IIS ARR 3.0. Select it and install it.
  3. Open IIS Manager, and the fun begins!


Initial Setup
You'll need to make the following modification to the IIS Application Pool for the default Website, which will force the application pool not to shut down after idle minutes. Change the highlighted "Max Time-out" value to 0 as shown below.

portable


You'll need to provision an SSL certificate from a public provider that will contain all the URLs required for Lync, Office Web App and potentially Exchange Server OWA. (I haven't gone into too much detail or the process of provisioning the certificate as I assume readers understand what these URLs are.)

Bind this certificate in IIS like you would any other secure Website. Choose the Default Website, and select Bindings in the action tab on the right. Click on Add and add a binding for Port 443. Select the certificate you provisioned and installed on this server.

portable


Next, we can start building out the Server Farms. In the IIS manager, if you installed IIS ARR correctly, you will see "Server Farms" as a new option in the left pane.

You want to highlight it and right click and select "New Server Farm."

First, we start with creating the Lync Autodiscover farm that will handle requests for Lync Autodiscovery to work.

portable

Click Next, and configure the settings as follows, adding in the FQDN of the internal Lync front end server or enterprise front-end pool that will handle this request. Be sure to change the options as shown below as is required by Lync. Specifically, we use httpPort 8080 and httpsPort 4443.

portable

Click "Finish." You'll be prompted to create IIS re-write rules to which you want to say "Yes." We'll address these a bit later.

Create another server farm for each external Web service you need to publish. If you're publishing for two pools, you'll need to create two farms in the same way outlined above.

Create a Server Farm for Office Web Apps in the same way as above, except use the default Port 80 and 443 for the Office Web App server. If you have a pool of Office Web App Servers you can add each server in a single farm.

The results will look something like this when done:

portable

Next page: Dino covers Server Farm Settings, URL Rewrite Rules, Office Web App URL Rewrite, Lync AutoDiscover, Lync External Web Services and more.





COMMENTS



Enterprise Connect Orlando 2018
March 12-15 | Orlando, FL

Connect with the Entire Enterprise Communications & Collaboration Ecosystem


Stay Up-to-Date: Hear industry visionaries in Keynotes and General Sessions delivering the latest insight on UC, mobility, collaboration and cloud

Grow Your Network: Connect with the largest gathering of enterprise IT and business leaders and influencers

Learn From Industry Leaders: Attend a full range of Conference Sessions, Free Programs and Special Events

Evaluate All Your Options: Engage with 190+ of the leading equipment, software and service providers

Have Fun! Mingle with sponsors, exhibitors, attendees, guest speakers and industry players during evening receptions

Register now with code NOJITTEREB to save $200 Off Advance Rates or get a FREE Expo Pass!

November 1, 2017

Your customers (internal and external) demand that you offer them the ability to connect by any means. With the adoption of cloud communications tools you now have access to an expanded portfolio o

October 18, 2017

Microsofts recent Ignite event had some critically important announcements for enterprise communications. Namely, Microsofts new Team Collaboration offering, Teams, will be its primary communicatio

September 20, 2017

Customer experience can make or break your business. But how do you achieve outstanding customer service when you're dealing with outdated organizational structure, lagging technology, dated proces

September 22, 2017
In this podcast, we explore the future of work with Robert Brown, AVP of the Cognizant Center for the Future of Work, who helps us answer the question, "What do we do when machines do everything?"
September 8, 2017
Greg Collins, a technology analyst and strategist with Exact Ventures, delivers a status report on 5G implementation plans and tells enterprises why they shouldn't wait to move ahead on potential use ....
August 25, 2017
Find out what business considerations are driving the SIP trunking market today, and learn a bit about how satisfied enterprises are with their providers. We talk with John Malone, president of The Ea....
August 16, 2017
World Vision U.S. is finding lots of goodness in RingCentral's cloud communications service, but as Randy Boyd, infrastructure architect at the global humanitarian nonprofit, tells us, he and his team....
August 11, 2017
Alicia Gee, director of unified communications at Sutter Physician Services, oversees the technical team supporting a 1,000-agent contact center running on Genesys PureConnect. She catches us up on th....
August 4, 2017
Andrew Prokop, communications evangelist with Arrow Systems Integration, has lately been working on integrating enterprise communications into Internet of Things ecosystems. He shares examples and off....
July 27, 2017
Industry watcher Elka Popova, a Frost & Sullivan program director, shares her perspective on this acquisition, discussing Mitel's market positioning, why the move makes sense, and more.
July 14, 2017
Lantre Barr, founder and CEO of Blacc Spot Media, urges any enterprise that's been on the fence about integrating real-time communications into business workflows to jump off and get started. Tune and....
June 28, 2017
Communications expert Tsahi Levent-Levi, author of the popular BlogGeek.me blog, keeps a running tally and comprehensive overview of communications platform-as-a-service offerings in his "Choosing a W....
June 9, 2017
If you think telecom expense management applies to nothing more than business phone lines, think again. Hyoun Park, founder and principal investigator with technology advisory Amalgam Insights, tells ....
June 2, 2017
Enterprises strategizing on mobility today, including for internal collaboration, don't have the luxury of learning as they go. Tony Rizzo, enterprise mobility specialist with Blue Hill Research, expl....
May 24, 2017
Mark Winther, head of IDC's global telecom consulting practice, gives us his take on how CPaaS providers evolve beyond the basic building blocks and address maturing enterprise needs.
May 18, 2017
Diane Myers, senior research director at IHS Markit, walks us through her 2017 UC-as-a-service report... and shares what might be to come in 2018.
April 28, 2017
Change isn't easy, but it is necessary. Tune in for advice and perspective from Zeus Kerravala, co-author of a "Digital Transformation for Dummies" special edition.
April 20, 2017
Robin Gareiss, president of Nemertes Research, shares insight gleaned from the firm's 12th annual UCC Total Cost of Operations study.
March 23, 2017
Tim Banting, of Current Analysis, gives us a peek into what the next three years will bring in advance of his Enterprise Connect session exploring the question: Will there be a new model for enterpris....
March 15, 2017
Andrew Prokop, communications evangelist with Arrow Systems Integration, discusses the evolving role of the all-important session border controller.
March 9, 2017
Organizer Alan Quayle gives us the lowdown on programmable communications and all you need to know about participating in this pre-Enterprise Connect hackathon.
March 3, 2017
From protecting against new vulnerabilities to keeping security assessments up to date, security consultant Mark Collier shares tips on how best to protect your UC systems.
February 24, 2017
UC analyst Blair Pleasant sorts through the myriad cloud architectural models underlying UCaaS and CCaaS offerings, and explains why knowing the differences matter.
February 17, 2017
From the most basics of basics to the hidden gotchas, UC consultant Melissa Swartz helps demystify the complex world of SIP trunking.
February 7, 2017
UC&C consultant Kevin Kieller, a partner at enableUC, shares pointers for making the right architectural choices for your Skype for Business deployment.
February 1, 2017
Elka Popova, a Frost & Sullivan program director, shares a status report on the UCaaS market today and offers her perspective on what large enterprises need before committing to UC in the cloud.
January 26, 2017
Andrew Davis, co-founder of Wainhouse Research and chair of the Video track at Enterprise Connect 2017, sorts through the myriad cloud video service options and shares how to tell if your choice is en....
January 23, 2017
Sheila McGee-Smith, Contact Center/Customer Experience track chair for Enterprise Connect 2017, tells us what we need to know about the role cloud software is playing in contact centers today.