One of the areas I'm interested in is Unified Communications based on MS Lync Server. It is very entertaining to do Lync with good knowledge of networking, because all SIP things, firewall things, QoS things are immediately clear.
Many Lync features are also available when users are outside the corpnet: some require special server role named Edge (there are several flavors of Edge roles available) , but some require only reverse proxy, because they are web based: conferencing, address book and mobility to name a few.
However publishing these web based services securely requires also internal role called Director. Director is used to authenticate users, this way taking load (especially in case of DoS) from FrontEnd (FE) server.
I'll do my best today to show how to publish these roles in UAG (it is UAG with SP2 in my case).
First of all grab names of external sites of Director and FE from Topology Builder:
Standard FE:
Director:
Mobility requires lyncdiscover.<yourdomain> published resource in order to work:
To publish Lync resources you need HTTPS trunk with correct certificate:
You use this cert to create https trunk with no authentication:
After that you can configure applications. Lync web applications can be added with wizard, but mobility can be added as OtherWeb application later.
As you can see,
I have both director and FE external services published. as well as meet, dialin and lyncdiscovery.
Now some screenshots of applications:
In my case meet and dialin internally are CNAME to Director server. Dialin configuration is similar to meet.
Many Lync features are also available when users are outside the corpnet: some require special server role named Edge (there are several flavors of Edge roles available) , but some require only reverse proxy, because they are web based: conferencing, address book and mobility to name a few.
However publishing these web based services securely requires also internal role called Director. Director is used to authenticate users, this way taking load (especially in case of DoS) from FrontEnd (FE) server.
I'll do my best today to show how to publish these roles in UAG (it is UAG with SP2 in my case).
First of all grab names of external sites of Director and FE from Topology Builder:
Standard FE:
Director:
Mobility requires lyncdiscover.<yourdomain> published resource in order to work:
To publish Lync resources you need HTTPS trunk with correct certificate:
You use this cert to create https trunk with no authentication:
After that you can configure applications. Lync web applications can be added with wizard, but mobility can be added as OtherWeb application later.
As you can see,
I have both director and FE external services published. as well as meet, dialin and lyncdiscovery.
Now some screenshots of applications:
In my case meet and dialin internally are CNAME to Director server. Dialin configuration is similar to meet.
