Tag Archives: Reverse proxy

IIS ARR on Windows 8.1 for Lync 2013


Reverse Proxy is a key part of the infrastructure topology which help users to access application from the internet. As Microsoft has no futuristic road-map for TMG/UAG and other products which provide same kind of functionality may expensive and costly. Therefore, Microsoft came up with inexpensive reverse proxy solution which works on IIS 7 onwards. It is very simple to configure and can be configured on Windows server operating system as well as on client operating system.

Let’s start step by step procedure to configure Internet Information Service Application Request Routing (IIS ARR) on window 8.1. The basic requirements to configure IIS ARR is 2 NIC’s and IIS 7 & above.

(Note: If you are using IIS ARR behind the internal firewall then don’t forget to add the route for inbound traffic and don’t specify any gateway in your internal NIC.)

The system should not be part of the domain. One network will connect to your internal network and another network will connect to the internet.

 

 

Install windows 8.1 Enterprise.

 

Add DNS Suffix.

 

Configure both NIC’s. In my setup “Edge” will talk to internal network and “External” will talk to Internet. Don’t configure gateway and dns in internal NIC.

 

Install IIS with default features.

 

There are two ways two install IIS ARR components.

  1. Automatic (If you have internet connection on your IIS ARR, you can use this option.)
  2. Manual (if you don’t have internet connectivity.)

For automatic installation just download “Windows Platform Installer” and run wpilauncher.exe.

 

Type ARR in search menu and enter, you will get Application Request Routing 3.0 and click on add and then click on install.

 

You will get the list of dependency including AAR 3.0. Click on I accept to install.

 

If you don’t have internet connection on your IIS ARR server, you can follow the same steps till now on any machine where you have internet connection and can download all dependencies by clicking on “Direct Download Link”.

Now, you can install everything manually including IIS features which are not installed by default by cross checking in the above window.

 

 

 

 

 

 

 

 

 

 

 

Once you have done with installation, please assign certificate to IIS which should have following SAN’s.

  1. Lyncdiscover.doamin.com
  2. Dailin.domain.com
  3. Meet.domain.com
  4. LyncExternalWebSerivice.domain.com (FQDN of external Lync Web Services)
  5. WACExt.domain.com (FQDN of external WAC services) – only if you are publishing WAC url.

     

Open IIS Manager and cross verify assigned certificate.

 

Right click on Server Farms and create new server farm.

 

Define server farm name and click on next.

 

Define IP address of you FE Pool or FQDN* of your FE Pool.

(Note: If you use FQDN then you should make entry in host file.)

 

Make server entry and change the port in advance settings as below.

 

Now, you can see your server farm.

 

Follow the same steps and add all your require server farms.

 

Now go to you websites and click on bindings.

 

Do the necessary bindings with port 443 for https.

 

 

 

Now, you have to go to in each farm and change configuration under Caching, Proxy and Routing rules.

 

Uncheck “Enable disk cache”

 

Click on apply.

 

Now, change time-out (seconds) to 180-200.

 

Click on apply.

 

Uncheck “Enable SSL offloading” in Routing Rules.

 

Click on apply.

 

Now, It is time to configure URL Rewrite settings.

 

You have to keep only _SSL URL path.

 

Click on each and add the condition (HTTP_HOST)

 

 

 

 

 

Follow the same steps for all server farms.

Now, we are done with the configuration.

Advertisements

High Availability in Lync 2013


Availability is the concern for any enterprise application. In Lync 2013 Microsoft took a step ahead and delivered better availability options. Lync 2013 is a next level enterprise communication and voice based solution which based on different Lync Server roles. In Lync 2013 Microsoft did a tremendous job to consolidate many Lync roles and reduced the number of Lync roles and their complexity. To know more about Lync roles click here

Lync Server Standard Edition and HA*

This is big question for all to know about HA option in Lync Server 2013 Standard Edition. Lync Server 2013 supports up to 5000 users and can be deployed in a single box but to achieve more availability (*not exactly High Availability) you can deploy Lync 2013 SE in paired pool. Paired pools means deploy two Lync SE Server and paired them in a pool. Failover In a paired pool is manual activity (can be automated by PowerShell scripting) and users will get limited functionality at the time of failover. HA can’t be achieved for Persistent Chat in Standard Edition.

Lync Server Enterprise Edition and HA

Lync Server Front End (Audio/Video, Archiving & Monitoring is collocated): High availability can be achieved by deploying Lync 2013 Enterprise Edition Server pool. In one Lync Server 2013 EE pool you can accommodate 80,000 users by deploying maximum of 12 servers. Lync 2013 Enterprise Edition is designed by using brick model which works on Windows Fabric to provide HA. In Lync 2013 EE need minimum three FE servers (MS recommendation) for one pool. For availability, Lync Server pool needs N/2, N/2+1 server in a pool to work.

Microsoft recommends if you have large conferences for more than 250 users, a separate A/V (FE) pool can be deployed.

Lync Server Back End: Lync Server uses SQL server for its backend databases. You need databases for Lync Server backend, archiving/monitoring and persistent chat which can be collocated in one SQL server or deployed on separate (MS recommended) SQL Server instances. Lync Server 2013 supports SQL mirror for its databases. It does not support SQL failover clustering (not recommended) or SQL always on feature. To configure automatic failover in SQL server mirror, you need SQL witness server which can be SQL Express edition or SQL Server instance.

Lync Mediation Server: In Lync 2013, Mediation server role can be collocated with FE server role or can be deployed separately as a pool.

Lync Persistent Chat: In Lync 2013, Persistent Chat is a new server role which replace Lync server 2010 Group Chat server component which was not part of the Lync 2010 server roles. You can deploy Lync Server Persistent Chat as a pool to achieve HA and can have maximum 8 servers in a pool (4 active and 4 passive) for 80,000 concurrent users and total 1, 50,000 users.

Lync Edge Server: Lync Edge server role can be deployed as a pool in a perimeter network to provide HA for external (outside your organization firewall) users.

Director: In Lync 2013, Director is an optional role and can be deployed in the same way as Lync Server 2010 Director pool.

Reverse proxy: Reverse Proxy is not part of any Lync Server role but required for external users. You can use Microsoft Reverse proxy solutions such TMG 2010 / UAG 2010 / IIS ARR or can have any third party solution.