A Unified Communication Blog
Get Adobe Flash player

 

In the Fifth post in my little series of deploying a Lync Server 2013 High Availability environment, we have now come to the fun part were we almost can begin to deploy Lync.

In the previous post we have been setting up a SQL Server 2012 mirroring cluster and a DFS file share.

 

As a prerequisite to use Lync, you should have deployed an internal PKI infrastructure, because Lync uses certificates to secure its communications. You could in theory use public certificates if you have a lot of money, but I will not recommend it.

 

As a start, we need to create the servers, which we are going to be used in the installation of Lync, which will include

  • 3 Frontend servers
  • 2 Access Edge Servers
  • 2 Mediation Servers
  • 2 Office Web Apps Servers

 

Frontend Servers

To make the Lync solution fully fault tolerant, I have deployed three frontend servers (three servers is the min. recommendation from Microsoft – http://technet.microsoft.com/en-us/library/gg412996(v=ocs.15).aspx)

My three frontend servers has these specification:

  • 4 vCPU
  • 16 GB RAM
  • 100 GB Disk space
  • Windows Server 2012

 

The servers must be member of the domain.

Before we can start the installation on the servers you need to install the pre-requisites – the easiest way is with this powershell:

Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Windows-Identity-Foundation,Web-Scripting-Tools, Web-Mgmt-Compat, Desktop-Experience, Telnet-Client, BITS,RSAT-DNS-Server,MSMQ-Server,MSMQ-Directory –restart

 

Access Edge Servers

In my solution I also have two Access Edge Servers, which will handle my external users and federation with my partners.

The specs for my servers is:

  • 2 vCPU
  • 8 GB RAM
  • 100 GB Disk space
  • 2 Nics
  • Windows Server 2012

The Access Edge Servers must be placed in two DMZ zones with a Nic in each of them. One Nic is handling the communication with the internal servers, and the other nic is handling the external communication.

Because there are two edge servers, you can’t use private ip addresses on the external interface. It must be public ip addresses that you assign to that nic.

When you are using public ip addresses you are going to use a lot of them. I my solution I will use:

3 IP addresses pr. Edge Server

3 Virtual IP addresses for my Hardware Load Balancer (the Lync Services)

1 IP address for each hardware load balancer

1 Virtual IP addresses for the Hardware Load Balancer cluster

In total with two edge servers and 2 HLB’s, I will need 11 public ip addresses.

In my setup I don’t expose the Edge Servers directly to the internet, meaning that I have a firewall in front of the edge servers, which routes (no NAT) the public ip address to the external segment. This means that I have a /27 or /28 segment for my edge servers, and firewall rules which protects my servers.

The servers is not member of the domain, but has a FQDN name, configured like the internal domain.

You configure this on the System Properties

Also because you have two nics in the servers, you should set the default gateway on the External interface. So when you do that you manually need to specify the routes to you internal IP segments.

Use this command (with the right segments that fits your internal network):

Route add 10.0.0.0 mask 255.0.0.0 10.10.10.1 if 13 –p

“if 13″ is the interface that identify you internal nic.

It’s very important that you add all your internal segments to the route table, otherwise you users might have problem with external audio/video.

You should also install pre-requisites on the server before you can install Lync.

Again, this is easiest done with powershell:

Add-WindowsFeature Web-Asp-Net45, Web-Mgmt-Tools,Windows-Identity-Foundation,Telnet-Client –restart

 

Mediation Servers

If you are going to use Enterprise voice in your environment, then its recommend that you deploy separate servers and don’t collocated that roleon the frontend servers.

If you are going to use SIP trunks you should find out if you sip trunk provider supports an HA mediation pool (two or more servers), and if they support NAT of the media traffic.

If the sip trunk vendor do not support NAT, you must have mediation servers with two nics, where one of them has a Public ip address (like the Access edge servers)

The specs on my Mediation looks like this:

  • 2 vCPU
  • 8 GB RAM
  • 100 GB Disk space
  • 2 Nics
  • Windows Server 2012

The prerequisites for the servers is again installed from powershell:

Add-WindowsFeature Web-Asp-Net45, Web-Mgmt-Tools,Windows-Identity-Foundation,Telnet-Client –restart

 

Office Web Apps Servers

You are properly also going to use Lync for conferencing, so you will need an Office Web Server 2013 (WAC) if your users is going to make Powerpoint presentations, which Lync will stream from the WAC servers.

In my solution I have again deployed to two servers with these specs:

  • 2 vCPU
  • 8 GB RAM
  • 100 GB Disk space
  • Windows Server 2012

 

The prerequisites for the servers is these:

Add-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Static-Content,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,InkandHandwritingServices –restart

 

Director Servers

The director servers in Lync 2013 is an optional server, which you don’t need, but if you want an extra layer of security from the internet (protection agaist DDoS) and/or have multiple pools then it would be a good idea to deploy the Director role.

In my solution I have again deployed two servers (just because I can J) with these specs:

  • 2 vCPU
  • 8 GB RAM
  • 100 GB Disk space
  • Windows Server 2012

The prerequisites for the servers is these:

Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Windows-Identity-Foundation,Web-Scripting-Tools, Web-Mgmt-Compat, Desktop-Experience, BITS,MSMQ-Server,MSMQ-Directory –restart

 

Reverse Proxy Servers

In a Lync installation you will need a devices or a server which can perform reverse proxy on the external web traffic to Lync.

After TMG has been stopped from Microsoft, I have used Kemp Load Balancers for my reverse proxy function, but there are plenty of other devices that can do the same. I will cover that part in a future post.

 

In my next post, we will start the really fun part, where we will start the Lync installation.

Lync 2013 High Availability

Part 1: http://exchangepro.dk/2013/08/28/install-a-sql-2012-mirroring-cluster-for-use-with-lync-2013-part-1/

Part 2: http://exchangepro.dk/2013/08/29/install-a-sql-2012-witness-server-for-use-with-lync-2013-part-2/

Part 3: http://exchangepro.dk/2013/09/01/configure-a-sql-2012-mirroring-cluster-for-use-with-lync-2013-part-3/

Part 4: http://exchangepro.dk/2013/09/14/deploy-a-lync-2013-file-store-part-4/

Part 6: http://exchangepro.dk/2013/09/21/creating-the-lync-server-2013-ha-topology-part-6/

Part 7: http://exchangepro.dk/2013/09/30/install-the-first-frontend-server-part-7/

Part 8: http://exchangepro.dk/2013/10/06/update-the-frontend-server-part-8/

Part 9: http://exchangepro.dk/2013/10/13/install-the-office-web-servers-part-9/

Part 10: http://exchangepro.dk/2013/10/21/deploy-the-director-servers-in-lync-2013-ha/

Part 11: http://exchangepro.dk/2013/10/25/install-the-access-edge-ha-servers-part-11/

Part 12: http://exchangepro.dk/2013/11/05/deploy-reverse-proxy-using-kemp-hardware-load-balancer-part-12/

Part 13: http://exchangepro.dk/2013/11/14/adding-additional-frontend-servers-to-lync-ha-part-13/

Part 14: http://exchangepro.dk/2013/11/26/setup-load-balancers-for-the-internal-lync-servers-part-14/

Part 15: http://exchangepro.dk/2013/11/26/load-balance-the-office-web-apps-server-part-15/

Part 16: http://exchangepro.dk/2013/11/26/load-balance-the-lync-frontend-web-services-part-16/

Part 17: http://exchangepro.dk/2013/11/28/load-balance-the-lync-frontend-services-part-17/

Part 18: http://exchangepro.dk/2013/12/15/load-balance-the-lync-director-servers-part-18/

Part 19: http://exchangepro.dk/2013/12/15/load-balance-lync-access-edge-internal-nic-part-19/

Part 20: http://exchangepro.dk/2013/12/29/load-balance-lync-access-edge-external-nic-part-20/

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Search

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 71 other subscribers

Follow me on Twitter