Tag Archives: Step by step Edge Pool

#Skype4B – Edge Pool Deployment Part IV


Skype for Business Server Edge Pool deployment has four parts to cover end to end deployment process. See Part I, Part II, Part III and Part IV for step by step process.

Part IV of Skype for Business Server Edge Pool deployment focus on certificates. Once you are done with Edge server installation you can request a certificate. Edge server need two different types of certificates one for internal and another for external. For internal certificate you can use internal CA while for external certificate you can generate the request and send it to your external CA to get the public certificate. Follow the step by step process to request and assign the certificates:

Select “Edge internal” and click on “Request”

Select offline certificate request and click on Next

Browse to location where you want to store the certificate request

Click on Next

Enter friendly name and select “Mark the certificate’s private key as exportable”

Fill the Organization Information

Fill the Geographical Information

Click on Next

Add all the Edge servers FQDN which are going to be part of this pool

Review the summary and click on Next

Once completed successfully, click on Next

Click on finish to generate the CSR

As you have request CSR for internal certificate, copy the *.req file and go to the internal CA to request the internal certificate.

Access your ADCS through web and click on “Request a certificate”

Select “advanced certificate request”

Select “Submit a certificate request …… PKCS#7 file”

Copy and paste the *.req file content here and select “Web Server” as a certificate template

Select “Base 64 encoded” and download both the files

Install the root certificate on your Edge server, you may run “Download certificate chain” to install the root certificate.

Install only root certificate form “certificate chain” and store it to “Local Computer” under “Trusted Root Certification Authorities”

If you don’t install root certificate then you can face below error while assigning certificate

Once done with root certificate installation, go to the Certificate Wizard and click on “Import Certificate”

Select the *.cer file and click on next

Click on Next to import the certificate

Once completed click on finish

Now, select “Edge internal” and click on “Assign”

Click on Next

Select Certificate and click on Next

Review the summary and click on Next

Once completed click on Finish.

Once Certificate is assigned to “Edge internal”, you can select the “External Edge certificate…” and click on “Request”

Select “offline certificate request” and click on Next

Browse to location to save the certificate request file

Click on Next

Enter “Friendly name” and make sure “Mark the certificate’s private key as exportable” is being selected

Enter your Organization Information

Enter Geographical Information

Click on Next

Select SIP domains and click on Next

Enter alternative SANs if you have any (For Example: If you want to use the same certificate for reverse proxy as well add same names such as lyncdiscover.domain.com, meet.domain.com, externalwebservices.domain.com etc.)

Once certificate request has been completed successfully, click on Next

Click on Finish to generate the CSR

Sent the *.req file to you Public CA vendor and get the certificate. Once you receive the certificate then Import and assign the certificate.

Once certificate part is done, start the Edge server services

Open Skype for Business Server Management Shell and run “Start-CsWindowsService”

Enjoy your Edge services J

Make sure you have public DNS records in place for external users.

#Skype4B – Edge Pool Deployment Part III


Skype for Business Server Edge Pool deployment has four parts to cover end to end deployment process. See Part I, Part II, Part III and Part IV for step by step process.

This post is a continuation of my preceding post #Skype4B – Edge Pool Deployment Part II and describes the step by step installation of Edge Server.

Log on one of the Edge Server with administrative rights.

Open PowerShell and add following features.

Add-WindowsFeature NET-Framework-Core, Windows-Identity-Foundation, NET-WCF-HTTP-Activation45, Web-Asp-Net45 -Source D:\sources\sxs

Run windows update (KB2982006).

Install Silverlight.

Insert Skype for Business Server 2015 media and run setup.exe.

Accept License Agreement.

Run “Install or Update Skype for Business Server System” from deployment Wizard.

Run “Install Local Configuration Store”

Navigate to the exported edge configuration and click on Next.

Run “Setup or Remove Skype for Business Server Components”

Once completed step1 and step2 successfully, request for the certificates.

Request Edge internal and external certificate separately. Internal certificate can be created from internal CA while external certificate request can be sent to Public CA to generate the certificate.

Once you have created internal and external certificates, Import the certificates and assign it.

I hope you enjoyed it J

Skype for Business Server Edge Pool deployment has four parts to cover end to end deployment process. See Part I, Part II, Part III and Part IV for step by step process.

#Skype4B – Edge Pool Deployment Part II


Skype for Business Server Edge Pool deployment has four parts to cover end to end deployment process. See Part I, Part II, Part III and Part IV for step by step process.

This post is a continuation of #Skype4B – Edge Pool Deployment Part I and focus on SfB topology configuration for Edge pool. Open Topology Builder on one of the FE / SfB management server and follow the steps as given below:

Open topology builder and select “Download Topology from existing deployment”

Right click on Edge Pools and click on New Edge Pool…

Click on Next

Define Edge Pool FQDN

Enable federation if you want

Server this option if you are using single FQDN and IP address.

Select “The external IP address of this Edge pool is translated by NAT” if you are using NAT for external interfaces.

Define External FQDNs

Click on Add to add FQDN of your Edge servers.

Define internal ip address and FQDN of your first Edge server

Define external ip addresses of your first Edge server

In the same way, add second edge server.

Select the Next hop pool. Select you FE pool if not using director otherwise use director.

Select FE and Mediation pools which you want to associate with this Edge server pool.

Once you are done, publish the topology.

Once topology is published successfully. Export this configuration to install the edge server.

Next part of this post will cover the step by step installation of Edge server.

Skype for Business Server Edge Pool deployment has four parts to cover end to end deployment process. See Part I, Part II, Part III and Part IV for step by step process.

#Skype4B – Edge Pool Deployment Part I


Skype for Business Server Edge role is precisely the same as Lync Server 2013 Edge role and follow the same deployment process. Edge server role allows external Skype for Business Server users such as remote, anonymous, federated and PIC users to connect with FE Pool/Server. Edge server can be deployed as standalone server or as a pool. If you are planning to deploy standalone server, you can follow the Step by Step Lync 2013 Edge Server deployment blogpost.

This post will cover step by step deployment process of Skype for Business Server Edge Pool. Below illustration describes very high level design of Skype for Business Server topology.

As illustrated in the above diagram, there will be three external interfaces and one internal interface for each Edge server. However, you can use one external and one internal interface for each edge server but in that condition you will use different ports for each service.

First prepare all the edge servers in perimeter network.

  • Install Operating System (Windows Server 2012 / 2012 R2)
  • Define Server Host Name with DNS Suffix (Ex: P1Edge01.UC.LAB, where UC.LAB is primary DNS suffix)
  • Configure IP Addresses (Define gateway only in external interfaces)
    • In my setup, I have three different subnets:
      • 172.80.x.x/21 for Corporate Network (assigned on internal servers such as FE Pool)
      • 192.168.10.x/24 for Perimeter Network (assigned on Edge internal interface)
      • 10.10.80.x/16 for External Network (assigned on Edge external interfaces)
    • If you have two Edge Server in a pool then you need total 9 ip addresses for external interfaces
      • 3 ip addresses per server
        • 1 for Access Edge
        • 1 for Web Conf Edge
        • 1 for A/V Edge
      • 3 ip addresses for VIP for all three services
        • 1 for Access Edge
        • 1 for Web Conf Edge
        • 1 for A/V Edge

Below are the list of ip addresses which will be used in this deployment.

P1Edge01.UC.LAB Access Edge Web Conf Edge A/V Edge
External Interface 10.10.80.11 10.10.80.12 10.10.80.13
Internal Interface 192.168.10.11

 

P1Edge02.UC.LAB Access Edge Web Conf Edge A/V Edge
External Interface 10.10.80.14 10.10.80.15 10.10.80.16
Internal Interface 192.168.10.12

 

P1EdgePool.UC.LAB Access Edge Web Conf Edge A/V Edge
VIP 10.10.80.17 10.10.80.18 10.10.80.19

Once you are done with IP configuration part, create network route to move the external traffic via Edge internal interface from Edge Pool to Director / FE pool.

Open the Windows PowerShell or CMD and run ipconfig /all and note down the “Description” of internal adapter.

Run “route print” and note down the Interface list number in this case it is “12”.

Now add route for internal traffic via Edge internal interface; 192.168.10.1 is an ip address of internal firewall which will be used as a gateway to route the traffic. (Again make sure internal interface doesn’t have any gateway assigned.)

Follow the same steps to configure route on second Edge Server.

Next part of this post will cover the topology configuration and SfB Edge Server role installation and configuration.

Skype for Business Server Edge Pool deployment has four parts to cover end to end deployment process. See Part I, Part II, Part III and Part IV for step by step process.