Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Lync 2013 Edge Without DMZ

Posted on 2013-11-08
6
Medium Priority
?
1,482 Views
Last Modified: 2013-11-13
Is it possible and does anyone have a recommended method for setting up Lync edge without a DMZ?

Id like FE & Edge servers to sit behind existing load balanced ISA's.

I don't intend for any of my clients to talk directly to the FE pool or the Edge server. All traffic is to be routed through ISA.

Many thanks!
0
Comment
Question by:pxuser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 39635333
All you really need to make life easy is to separate networks on the edge server so that it can route the traffic from external to internal.

when you say don't intend any users to connect directly to the FE are you talking about internal users as well? That would make it very hard to work
0
 

Author Comment

by:pxuser
ID: 39639592
Yes I would like all internal users to connect to a Public address on the ISA. My reasoning behind this is not wanting to have to maintain split DNS for the desired external domain name.

Just to clarify the 'internal' clients are not on the same public address range and they sit behind a different ISA to the FE and Edge, so could technically be classed as external.
0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 39640194
thats a bit of a risk with traffic as you are putting an extra overhead on things, not sure how SIP traffic would cope going through ISA, it seems like a lot of effort for a few PinPoint records for one SIP domain

i think i would need a network diagram to understand where things sit.

but///
the only real design consideration for Edge services are
Not on the Domain
two NIC's on seperate ranges to allow for routing between the two
Enough IP's to service all the edge services

its then up to you how you allow traffic through to it and whether it sits between firewalls etc
0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 

Author Comment

by:pxuser
ID: 39641821
I've carved up a weather map and made it into a quick diagram... Its virtual so if you start from the far right, everything below the B-RAS is at our office site and everything above is in the data centre.

Ultimately all traffic must pass through ISA & TMG one way or another, so if there is an overhead for doing things this way I don't have a choice.

The route highlighted in red is the internal ISA network that allows traffic to and from the server and client networks.

The Blue route is my preferred route. If all traffic is routed this way it would prevent having to maintain internal and external DNS records for the SIP domain as this domain is not held in internal DNS. Laptops and mobiles etc wouldn't have to transition between the two routes when dropping off and on the wifi for example.
 

 
I guess my main questions are around the edge configuration:

1. Does the external NIC on the edge have to be on a separate range? - This means adding         additional NIC's to ISA (I'm guessing this is a yes)

2. Does each Edge service need its own Public IP and FQDN?

3. 'A/V Edge service is NAT enabled' in the edge configuration - can you shed some light on this?

4. Have I missed anything?


Thanks.
0
 
LVL 18

Accepted Solution

by:
irweazelwallis earned 1500 total points
ID: 39641922
1. To make life easy on the Lync Edge Servers yes a seperate range so that it can route properly

2. yes, some are consolidated and pointed at one place but you will need at least 4 - 3 edge and 1 Front End RP

3. this means that it can cope with being translated through a firewall so you don't need your Lync Server directly on the Internet  i.e. you can translate from 1.1.1.1 to 192.168.7.1 and it will cope

I think the best thing is to think about this as though all your clients are remote clients as none of them will be able to connect directly to the FE servers.

here is a Edge Diagram to get you started

http://technet.microsoft.com/en-us/library/gg425891.aspx
0
 

Author Closing Comment

by:pxuser
ID: 39644321
Thanks for your help
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This very simple solution applies to a narrow cross-section of the "needs to close" variety. In this case, the full message in Event Viewer was in applog, Event ID 1000: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module …
Many companies are making the switch from Microsoft to Google Apps (https://www.google.com/work/apps/business/). Use this article to learn more about what Google Apps has to offer and to help if you’re planning on migrating to Google Apps. It is …
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question