Lync server consists of multiple roles and Edge server role is one of them. Lync server 2013 Edge server role take care of external connectivity of Lync users. It provides connectivity to Remote, PIC, Mobile, Federated and Anonymous users. Edge server deployment provides external access to different communication modalities IM & Presence, Web Conferencing and Audio/Video Conferencing.

Edge server deployment is not as simple as other Lync server roles and requires attentive preparation before jump into the installation. Let’s start the preparation for deploying standalone Edge server role.

IP Address Planning:

I am using 192.168.x.x/16 IP addressing for Internal Network, 172.25.x.x/16 IP addressing for Perimeter Network and 10.x.x.x/8 IP addressing for External Network. IP address on internal firewall is 172.25.33.100 which will act as a gateway for communication between perimeter network and internal network, IP address on External firewall is 10.1.1.100.

As internal NIC of Edge server is behind internal firewall and don’t have gateway in internal network address. So, we will have to route traffic from 172.25.33.10 to internal network via 172.25.33.100.

Follow below steps to add route.

Open command prompt with administrative rights on Edge Server.

Run “ipconfig /all” and note down the physical address and Ethernet adapter description of internal NIC.

 

Now run route print and note the Interface List ID of the internal NIC.

 

Now add the persistent route for internal traffic.

 

Open Lync Server Topology Builder on Lync Front-End / Standard Edition Server.

Right click on Edge Pool and select New Edge Pool.

 

Click on Next.

 

Write Edge Server FQDN.

 

Select appropriate features as per your requirements.

 

Select IP versions and NAT option according to your requirement.

 

Specify external FQDN and associated port numbers. (Note: If you have selected “Use a Single FQDN and IP address” then you will have to use different port numbers for all three FQDNs).

 

Specify the IP address for Edge server internal NIC.

 

Now specify the external IP address for all services.

 

Please specify the Public IP address which will be NAT to the A/V edge service. (In my case, the deployment has been done in LAB and don’t have public IP address. That’s why I am taking a different IP address.)

 

Define the next hop server. Next hop server will be your Lync pool if you don’t have director otherwise next hop will be your director pool.

 

Select pool and click on finish.

 

Now publish your topology.

 

 

 

Open Lync management shell with administrative privilege on Lync FE server and export the configuration.

 

Login to the Edge Server with administrative privilege and run Microsoft Lync Server 2013 setup and follow the steps.

 

 

 

 

After installing Lync 2013 core components, open Lync server 2013 deployment wizard.

 

Click on “Install or Update Lync Server System”.

 

Run “Install Local Configuration Store”

 

Browse Edge configuration file which you had exported in Lync FE server.

 

Click on Next.

 

 

 

Cross verify the installation through log file.

 

Now, Run “Setup or Remove Lync Server Components”.

 

 

 

 

 

Now, it’s time to request and assign certificates.

 

Follow the steps to request the Edge Internal Certificate.

 

 

 

 

 

 

Fill the appropriate information.

 

 

 

 

 

 

 

Now, request External Edge certificate.

 

 

 

 

 

 

 

 

(Note: If you want to use same public certificate for Reverse proxy also, add additional SAN’s for reverse proxy: lyncdiscover.domain.com, lyncwebservicesexternalname.domain.com, dailin.domain.com, meet.domain.com)

 

 

 

 

Once you have generated certificate request, can send these request to your certification authority to generate the certificates for you. As we are doing this setup in our lab, so we will use our internal AD CA.

Once you have generated the certificates open mmc and add certificates (Local Computer) via add/remove snap-in to import the generated certificates.

 

Import root CA onto Trusted Root Certification Authority.

 

Import generated certificates into Personal store.

 

 

 

 

 

Follow same step to import Edge Public cert also.

 

Now, It’s time to assign certificate to Edge services.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Once certification assignment is done, open Lync control panel in Lync FE server and go to Federation and External access.

 

Change External access policy as shown below.

 

Change Access Edge configuration policy as shown below.

 

Now everything has been done, it’s time to perform last step. Add Front End Pool / FE server entry into Edge server host file.

 

Finally, your external Lync clients will be able to login and you can use Edge services for external connectivity.

But, still you cannot use those services which require Reverse proxy. Therefore, configure your reverse proxy also to get all the things worked seamlessly.