Lync2013 Enterprise Pool with Standard Pool Deployment



Deployment of Lync 2013 Enterprise pool Setup along with Lync 2013 Existing Standard Pool_Part3
Details of Servers & IP address:
Initially we have deployed a Lync 2013 Standard Pool with One Single Lync Server and One Edge Server
The Servers which fall under the Lync 2013 Standard Pool are
TESTLYNC.test.com- 10.10.1.127 (Holding CMS store with read write copy of Lync Topology Builder)
The servers which fall under the Lync 2013 Standard Edge Pool are
TESTEDGE01 – 10.10.1.199(Internal) 192.21.89.55(External) - (Note: = this server will be decommissioned once we have setup Enterprise Edge Pool)
Once we have setup and tested on the Lync 2013 Standard Pool On the existing topology we have created with Lync 2013 Enterprise Pool for High availability (HA) along with Lync 2013 Edge pool and HLB (Hardware Load Balancer using Citrix Netscaler)
lyncpool.test.com (10.10.1.33, 10.10.1.34, 10.10.1.39)
TESTLYNC1.test.com – 10.10.1.33
TESTLYNC2.test.com – 10.10.1.34
TESTLYNC3.test.com – 10.10.1.39
The servers which fall under the Lync 2013 Enterprise Edge Pool are
lyncedgepool.test.com (10.10.1.202) VIP the below servers will be in DMZ
TESTEDG01 – 10.10.1.200 (Internal Nic IP)
    192.21.89.56, 192.21.89.58, 192.21.89.60 (External Nic IP)
TESTEDG02 – 10.10.1.201 (Internal Nic IP)
     192.21.89.57, 192.21.89.59, 192.21.89.61 (External Nic IP)
HLB Configured Using Citrix Netscaler
Webconf.test.com -10.10.1.145 (VIP on HLB NetScaler)
Webis.test.com – 10.10.1.146(VIP on HLB NetScaler)
Webisint.test.com – 10.10.1.144 (VIP on HLB NetScaler)
lyncedgepool.test.com – 10.10.1.202 (VIP on HLB NetScaler)
access.test.com – 192.21.89.50 (VIP on HLB NetScaler)
webcon.test.com – 192.21.89.51 (VIP on HLB NetScaler)
av.test.com – 192.21.89.53 (VIP on HLB NetScaler)



Step1. Created 5 VMs with OS Windows Server 2012 Datacentre

Servers
Domain
Joined Domain
Internal IP
External IP
RAM
CPU
TESTLYNC
Yes
Test.com
10.10.1.127

8 GB
4
TESTLYNC1
Yes
test.com
10.10.1.33

8 GB
4
TESTLYNC2
Yes
test.com
10.10.1.34

8 GB
4
TESTLYNC3
Yes
test.com
10.10.1.39

8 GB
4
TESTEDG01
No
No
10.10.1.200
192.21.89.56
8 GB
4




192.21.89.58






192.21.89.60


TESTEDG02
No
No
10.10.1.201
192.21.89.57
8 GB
4




192.21.89.59






192.21.89.61


HLB Citrix Netscaler
No
No
Access
192.21.89.50



Webconf
192.21.89.51
av
192.21.89.52
Reverse Proxy HLB Citrix Netscaler
No
No
Webis, meet, dial and lyncdiscover
192.21.89.53



               
Step2. Created a User “TestLyncSrv”, providing rights with Enterprise, Schema and Domain admin, Local Administrator

Need to create a separate SQL Instance and the User should have complete rights and permissions on the SQL Instance

 TestLyncSrv user have to provide complete rights on the Instance TESTSQL (SQL INSTANCE)

Need to Add Lync user as local Admin on the SQL Server

TestLyncSrv users add to Local Admin on the SQL Server (TESTSQL.test.com)

Step3. Installed the Roles specified by Microsoft before going to run the Lync server Setup Roles:  Installed using Windows Server 2012 “Add Roles and Features Wizard” On All the Servers TESTLYNC1, TESTLYNC2, TESTLYNC3, TESTEDG01 and TESTEDG02
§ Web Server (IIS)
Features
§ Message Queuing | Message Queuing Services
§ Remote Server Administration Tools | Role Administration Tools | AD DS and AD LDS Tools
§ User Interfaces and Infrastructure | Desktop Experience
§ Windows Identity Foundation 3.5
§ .NET Framework 3.5 Features
§ .NET Framework 3.5
§ HTTP Activation (Important!)
§ Non-HTTP Activation
§ .NET Framework 4.5 (all options)
Roles
§ Web Server (IIS)
§ Role Services
§ Common Http Features Installed
§ Static
§ Default doc
§ Https errors
§ Health and Diagnostics
§ Http logging
§ Logging Tools
§ Tracing
§ Performance
§ Static Content Compression
§ Dynamics Content Compression
§ Security
§ Request Filtering
§ Client Cert Mapping Authentication
§ Windows Authentication
§ Management Tools
§ IIS Mgt Console
§ IIS mgt Scripts and Tools
§ Application Development
§ ASP.NET 3.5
§ ASP.NET 4.5
§ .NET extensibility 3.5
§ .NET extensibility 4.5
§ ISAPI extensions
§ ISAPI Filters

Step4.  Login to TESTLYNC1, Click on Add roles and features
Step5.  Click On Next
Step6. Click on Role-based or feature-based installation, Click on Next
Step7. Click on Select a server from the server pool Click on Next
Step8. Click On Next
Step9. Select on all the features provided in the Step 3 and click on Install and reboot the server
Step10. Repeat Step4 to Step9 on remaining Servers TESTLYNC2, TESTLYNC3, TESTEDG01 and TESTEDG02

Step11. Login to the Server TESTLYNC with User TestLyncSrv, Open LyncTopology Builder
Step12. Select on Download Topology from existing deployment, Click on OK
Step13.Select on Enterprise Edition Front End pools
Step14.Right Click on Enterprise Edition Front End pools, Click on New Front End Pool
Step15. Click On Next
Step16. Enter Pool FQDN: lyncpool.test.com, Click on Next
Step17. Enter Computer FQDN: TESTLYNC1.test.com, Click on Add, Same way we have to add other 2 servers TESTLYNC2.test.com and TESTLYNC3.test.com 
Step18. Click on Conferencing and Archiving, Click on Next
Step19.Click on Next
Step20. Click on Enable an Edge pool to be used by the media component of this Front End Pool, Click on Next
Step21. Click on SQL Server store: New
Step22. Enter SQL Server FQDN: TESTSQL.test.com, Click on Named instance: TESTSQL, Click on OK
Step23.Click on Next
Step24. Click on Next
Step25. Click On Next
Step26. Drop down Archiving SQL Server store Select TESTSQL.test.com\TESTSQL, Click on Next
Step27.Click on Finish
Step28. Click On Next
Step29. Enter Pool FQDN: lyncedgepool.test.com, Select Multiple computer pool, Click on Next
Step30.Click on Enable federation and Enable XMPP federation, Click on Next
Step31.Click on Enable IPv4 on internal interface, Enable IPv4 on external interface, Click on Next
Step32. Click on Next (In this we are using 3 different IPs for the below 3 services so will use same port 443 number)
Step33. Click on Add
Step34. Enter Internal IPv4 address: 10.10.1.200, Internal FQDN: TESTEDG01.test.com, Click on Next
Step35.Enetr Access Edge Service: 192.21.89.50, Web Conferencing Edge service: 192.21.89.51, A/V Edge service : 192.21.89.52, Click on Finish
Step36. Now you can see TESTEDG01.test.com is Added, Click on Add
Step37. Enter Internal IPv4 address: 10.10.1.201, Internal FQDN: TESTEDG02.test.com, Click on Next
Step38. Enter Access Edge Service: 192.19.89.50, Web Conferencing Edge service: 192.19.89.51, A/V Edge service: 192.19.89.52, Click on Finish
Step39. Now you can see TESTEDG02.test.com is Added, Click on Next
Step40. Click on Finish
Step41. Click on Action
Step42. Click on Publish Topology
Step43. Click on Next
Step44.Click on Advance, Select Use SQL Server Instance defaults, Click on OK, Click on Finish
Step45.Click on Action, Click on Install Database
Step46.Put Tick Mark on Select the databases you want to create: TESTSQL.test.com, Click on Next
Step47.Click on Finish
Step48. Login to the Server TESTLYNC1, Copy the Lync 2013 Setup File, Click on Mount
Step49. Double Click on Setup File
Step50. Click on Yes
Step51.Click on Yes
Step52. Click on Install
Step53.Click on I accept the terms in the license agreement, Click on OK
Step52.Click on Install or Update Lync Server System
Step53. Click on Run: Install Local Configuration Store
Step54. Click On Next
Step55.Click on Finish
Step56.Click on Run: Setup o Remove Lync Server Components
Step57.Click on Next
Step58. Click on Finish (It will take some time to execute all the Commands)
Step59.Click on Run: Request, Install or Assign Certificates
Step60.You can Check OAuthTokenIssuer Certificate is already assigned from Our Previous Standard Pool Server TESTLYNC, as in complete Lync environment Single OAuthTokenIssuer will be issued Global, But in Our Environment We are going to remove going  and reassign From TESTLYNC1 server
Step61. Select Default certificate, Click on Request
Step62. Click on Next
Step63.Click on Next
Step64. Click on Next
Step65.Click on Next
Step66. Click on Next
Step67.Enter Friendly name: LyncPoolInternalCer, Click on Mark the certificate’s private key as exportable, Click on Next
Step68.Enter Organization: TESTORG, Organization unit: IT
Step69. Select Country/Region: India, Enter State/Province: AP, City/Locality:Hyd, Click on Next
Step70.Click on Next
Step71.Put tick mark on All Configured SIP domains: Click on Next
Step72. Enter one by one SAN Entries, click on Add, Click on Next
sip.test.com, sip.test1.com,
Step73.Click on Next
Step74.Click on Next
Step75. Click on Assign this certificate to Lync Server certificate usages, Click on Finish
Stp76.Click on Next (Assigning the Certificate which we have requested)
Step77. Click on Next
Step78.Click on Finish, You have installed the LyncPoolInternalCer successfully
Step79. As per Step60 Now Select on OAuthTokenIssuer, Click on Remove, Click on Yes, Click on Finish
Step80. Now we can see OAuthTokenIssuer Certificate is been removed
Step81. Select on OAthTokenIssuer, Click on Request
Step82.Click on Next
Step83. Click on Next
Step84. Click on Next
Step85.Click on Next
Step86. Click on Next
Step87. Enter Friendly name: LyncOauthPoolCer, Click on Next
Step88.Enter Organization: TESTORG, Organizational unit: IT, Click on Next
Step89.Select Country/Region: India, State/Province: AP, City/Locality: Hyd, Click on Next
Step90. Click on Next
Step91. Put tick mark on All Configured SIP domains: Click on Next
Step92. Enter one by one SAN Entries, click on Add, Click on Next
Enter all the below SIPs
sip.test.com, sip.test1.com,
Step93. Click on Next
Step94.Click on Next
Step95.  Click on Assign this certificate to the Lync Server certificate usages, Click on Finish
Step96. Click on Next
Step97.Click on Next
Step98. Click On Finish
Step99. Now we can see both Default and OAuthTokenIssuer Certificates has successfully installed
Step100. Click Run: Start Services
Step101.Click on Next
Step102.Click on Finish
Step103. Click on Exit, Reboot the Server
Step104. Now you need to repeat the Steps48 to Step59 Start Installing on the Servers TESTLYNC2, TESTLYNC3
You Can Check on both the servers will have once you have started the Step48 to Step59 on each individual server
When you reach Request Install or Assign Certificates You can See OAuthTokenIssuer will be installed as it is Global so you can see on all the other 3 servers TESTLYNC2, TESTLYNC3 and TESTLYNC
Step105.Now We Need to Login the Server TESTLYNC1 to Export the LyncInernalPoolCer internal certificate from the Server TESTLYNC1 and to Copy the Exported certificate to the servers TESTLYNC2, TESTLYNC3 and TESTLYNC and need to Import on the remaining servers 
Step106. Click on Start, Click on Run, Enter mmc, click on OK  
Step107. Click on File, Click on Add/Remove Snap-in
Step108. Select Certificates, Click on Add, Click on OK
Step109.Select on Computer account, Click on Next
Step110. Click on Finish
Step111. Click on OK
Step112.Expand the Console Root, Click on Certificates, Click on Personal, Click on Certificates, Right Click on lyncpooltest.com, Click on Open
Step113. Click on Copy to File, Click on OK
Step114.  Click on Next
Step115. Select on Yes export the private key, Click on Next
Step116. Click On Next
Step117. Click on Password, Enter password, Click on Next
Please keep in mind the password which was provided during export that needs to be given while importing on other servers
Step118.Click on Browse, Provide the path, enter the File Name LyncpoolInternal
Step119 Click Next
Step120. Click on Finish
Step121. Click On OK
Step122. No We Can See the file is exported on Desktop
Step123. Now Login to the Server TESTLYNC2 Repeat the Step48 to Step59, Now Import the Internal certificate on the Server
Copy the LyncPoolInternal Certificate from TESTLYNC1 to TESTLYNC2
Click On Run: Request, Install or Assign Certificates
Step124.Now You Can See the OAuthTokenIssuer is already assigned as it is Global
Select Default Certificate, Click on Import Certificate
Step125. Click on Browse, Provide the Path of The certificate which was copied from the server TESTLYNC1, Click on Certificate file contains certificates private key, Enter the same password when the Certificate exported from TESTLYNC1, Click on Next, Click on Finish
Step126.Now Click on Assign, Click on Next
Step127. Select LyncPoolInternalCer, Click on Next, Click on Finish
Step128. Now we can see both the certificates are in Assigned, Click on Close
Step129.Click on Run: Start Services
Step130. Click on Next
Step131. Click on Finish, Click on Exit
Step132. Login to the server TESTLYNC3, Repeat the Steps from Step48 to Step59 and Repeat the Steps from Step123 to Step131
Step133. Click on Exit
Step134. Now Login to the server TESTLYNC and repeat the steps From Step123 to Step131
Step135. Click on Exit
Step136. Reboot the Lync Servers in order One by One wait until TESTLYNC complete starts the services now we need to reboot the Server TESTLYNC1, TESTLYNC2 and TESTLYNC3
Step135. Click on Lync Topology Builder, Click on TESTLYNC.test.com Looks
Step136. Click on lyncpool.test.com
Deployment of Lync 2013 Enterprise Edge pool Setup along with Lync 2013 Existing Standard Pool_Part4

Step by Step Process of Installing Lync 2013 Edge Server for the Lync clients to login externally using External network
Step1. Login the server TESTEDG01 (Note. This server should not join to domain) using Administrator account, the server is in DMZ 
Step2. The Server should have 2 Nics; We named the Nic as ExternalPrimary and InternalPrimary
Step3. Right Click on the External Nic and assign the External IP Address 192.19.89.56, Subnet Mask, Gateway, Click on Advance, On IP Settings tab Click on Add, Enter IP address 192.19.89.58, 192.21.89.60   Click on OK, Click on OK
Step4. Right Click on the Internal Nic and assign the Internal IP Address, Subnet Mask, without Gateway, and assign Internal DNS IP, Click on OK
Step5. Right Click on System Properties and Enter Primary DNS Suffix: test.com, Click on OK
Step6. Login to the DNS server; create A record with TESTEDGE01 Pointing to Internal IP
Step7. Login to TESTEDGE01, Open Host file, Add the IP and host 10.10.1.1 TESTrootad01.test.com
10.10.0.4 TESTDC2AD01.test.com, 10.10.1.33 TESTLYNC1.test.com
10.10.1.34 TESTLYNC2.test.com, 10.10.1.39 TESTLYNC3.test.com
10.10.1.33 lyncpool.test.com, 10.10.1.127 TESTLYNC.test.com, Click on SAVE
Step8. Login to TESTLYNC, Right Click On Lync Server Management Shell, Run as Administrator
Step9. . Enter the command Export-Configuration –Filename C:\topology_export.zip, Click on Enter button on Keyboard
Step10. Now you can see the Configuration File is exported on C drive topology. Export zip file
Step10. . Login to the Server TESTEDG01 and copy the topology. Export zip file
Step11. Copy the Lync Setup file on TESTEDG01 and Run the Setup
Step12.Click on Install
Step13. Click on I accept the terms in the license agreement, Click on OK
Step14. Click on Install or Update Lync Server System
Step15. Click on Run: Install Local Configuration Store
Step16. Browse the configuration file Topology_export.zip, Click on Next
Step17. It will take some time in executing the Commands, Click on Finish
Step18. Click On Run: Setup or Remove Lync Server Components
Step19. Click On Next
Step20. Click On Finish
Step21. Click on Run: Request Install or Assign Certificates
Step22. Click on Request for Edge Internal Certificate
Step23. Click on Next
Step24. Select Prepare the request now, but Send it later (offline certificate request), Click on Next
Step25. Browse, Save the File LyncEdgeInternalPool.req on Desktop, Click On Next
Step26. Click On Next
Step27. Enter Friendly name: LyncEdgeInternalPool, Click on Mark the certificate’s private key as exportable, Click on Next,
Step28. Enter Organization: TESTORG, Organizational unit: IT, Click on Next
Step29. Select Country/Region: India, Enter State/Province: AP, Enter City/Locality: Hyd, Click ON Next
Step30. Click On Next
Step31. Enter one by one SAN Entries, click on Add, Click on Next
Enter all the below SIPs
sip.test.com, sip.test1.com
Step32. Click On Next
Step33. Click On Next
Step34. Click On Finish
Step35. Login to the Lync Server TESTLYNC, Copy the Root Certificate, Click on Run, Enter certmgt.msc , Select TESTROOTAD01 certificate
Step36. Right Click on TESTROOTAD01, Click on Open, Click On Details tab, Click On Copy to File
Step37. Click On Next
Step38. Click On Next
Step39. Click On Browse; Select the Path to export the Root Certificate, Click On Next
Step40. Copy the rootcertificate from TESTLYNC to TESTEDG01
Step41. . Install the rootcertifcate on the Edge Server TESTEDG01, Right Click On rootcertifcate, Click on Install Certificate
Step42. Select on Local Machine, Click on Next
Step43. Browse, Select Trusted Root Certificate Authorities, Click on OK
Step44. Click On Next
Step45. Click On Finish
Step46. Login to the TESTROOTAD01, Copy the LyncEdgeInterna.req file in the Root server, To Publish  Certificate  request
Step47. Select TESTROOTAD01, Right Click, Select All Tasks, Click On Submit New request
Step48. Select the File LyncEdgeInternalPool.req, Change the File Name: LyncEdgeInternal.cer, Click On Save
Step49. Now You Can See the Certificate is saved on the Desktop, Copy the LyncEdgeInternalPool.cer to TESTEDG01
Step50. Login to Edge Server TESTEDGE01, Click on Import Certificate
Step51. Browse, Select LyncEdgeInternalPool.cer, Click on Next
Step52. Click On Next
Step53. Click On Finish
Step54.Click on Assign
Step55. Click on Next
Step56.Select LyncEdgeInternalPool, Click on Next
Step57. Click on Next
Step58. Click on Finish
Step59. Now You Can See the LyncEdgeInternalPool, assigned
Step60.Select External Edge certificate, Click on Request
Step61. Click on Yes (This is because we are already having one Edge Server)
Step62.Click on Next
Step63. Select Prepare the request now, but send it later, Click on Next
Step64. Browse; Provide the Path for the Cer Request File LyncEdgePoolExternal.req, Click On Next
Step65. Click On Next
Step66. Enter Friendly name: LyncEdgePoolExternal Certificate, Click on Next
Step67. Enter Organization: TESTORG, Organization unit: IT, Click on Next
Step68. Select Country/Region: India, State/Province: AP, City/Locality: Hyd, Click On Next
Step69. Click On Next
Step70.Put tick mark on all Configured SIP domains, Click on Next
Step71. Enter one by one SAN Entries, click on Add, Click on Next
Enter all the below SIPs
sip.test.com, sip.test1.com,
Step72. Click on Next
Step73. Click on Next
Step74. Click On Finish
Step75. LyncEdgePoolExternal.CSR file generated from the Edge Server need to provide the CSR file to the Third- party SSL Certificate Vendor
Step76. After Successful Validation done by the Third-party SSL Certification Vendor, Vendor will provide with the text File along with some supported certificate
Step77. Now Copy the access.test.com.txt provided by the Third-Party Vendor on the Server TESTROOTAD01 and Publish the Certificate, Repeat the Step47 to Step49, Copy the Certificate access.test.com.cer On the Edge Server TESTEDG01
Step78. Select External Edge Certificate, Click on Import Certificate
Step79.Browse, Select the access.test.com.cer, Click on Certificate file contains certificate’s private key, Enter the Password, Click on Next
Step80. Click on Next
Step81.Click on Finish
Step82. Now Certificate Assignment Click on Next
Step83.Select LynEdgePoolExternal, Click on Next
Step84. Click on Next
Step85.Click on Finish
Step86. Now you can see the Edge Internal and External Certificates are Assigned, Click on Close
Step87. Click on Run: Start Services
Step88. Click on Next
Step89. Click on Finish
Step90. Click on Exit
Step91. Now we need to install the Root Certificate on TESTEDG01 in the Trusted Root Certificate,
Step92. Now we need to Install Intermediate supported certificate provided by the Vendor in to the Intermediate certificate
Step93.Now Copy the assigned certificate access.test.com From TESTEDG01 to TESTEDG02
Login to TESTEDG01, Click on Start, Click on Run, Enter mmc, Click on OK
Step94.Click on File, Click on Add or remove Snap-Ins , Select Certificates , Click on Add, Select on Computer Account, Click on Next, Click on Finish, Click on OK
Step95.Select access.test.com, Right Click on Open
Step96.Click on Details Tab, Click on Copy to file
Step97.Click on Next
Step98.Select on Yes, Export the private key, Click on Next
Step99. Click on Next
Step100.Select Password, Enter Password, Remember password it requires when Import in the Server TESTEDG02 , Click on Next
Step101.Click on Browse, Provide the path to Save, Click on Next
Step102.Click on Finish
Step103. Now select lyncedgepool.test.com certificate need to be exported and copy the same on the server TESTEDG02
Step104.Repeat the Steps from Step96 to Step102, Now You can find the Certificates are exported to the TESTEDG01 Desktop
Step105. Now Login to the Server TESTEDG02 Run the Setup File, Repeat the Steps from Step10 to Step22, Now Select Edge Internal, Click on Import
Step106.Click on Browse, Provide the path of the LyncEdgePoolInternal certificate copied from the TESTEDG01, Provide the same password when we have provided while exporting the certificate from TESTEDG01, Click on Next
Step107. Click on Next
Step108.Click on Finish
Step109.Select on Edge Internal, Click on Assign
Step110.Click on Next
Step111.Select LyncEdgeInternalPool, Click on Next
Step112.Click on Next
Step113.Click on Finish
Step114.Now we can See Edge Internal certificate is assigned, Select External Edge certificate, Click on Import Certificate, Click on Next
Step115.Click on Browse, Provide the Path of the access.test.com certificate path copied from TESTEDG01, Provide the Password same one we have exported from the TESTEDG01, Click on Next
Step116. Click on Next
Step117.Click on Finish
Step118.Select External Edge Certificate, Click on Assign
Step119.Click on Next
Step120.Select Lync EdgePoolExternal, Click on Next
Step121.Click on Next
Step122. Click on Finish
Step123.Now you can find both the Edge internal and External Edge are assigned, Click on Close
Step124. Click on Run: Start Services
Step125. Click on Next
Step126. Click on Finish
Step127.Click on Exit
Step128. Now we need to install the Root Certificate on TESTEDG02 in the Trusted Root Certificate,
Step129.  Now we need to Install Intermediate supported certificate provided by the Vendor in to the Intermediate certificate,
Step130.Now We have Done with the Setup, Now we need to create DNS Records I;e A,SRV internally and Externally
For External records we have requested to your 3rd party DNS are if you have eternal DNS you can create  to create below A and SRV records
Lync Servers:
Si No.
Lync Servers
IP Address
Domain Added

1
TESTLYNC
10.10.1.127
Test.com

2
TESTLYN01
10.10.1.33
Test.com

3
TESTLYN02
10.10.1.34
Test.com

4
TESTLYN03
10.10.1.39
Test.com






Si No.
Lync Edge Servers
Internal IP Address
External IP address
Domain
1
TESTEDG01
10.10.1.200
192.21.89.56




192.21.89.58




192.21.89.60

2
TESTEDG02
10.10.1.201
192.21.89.57




192.21.89.59




192.21.89.61

3
Revese proxy
193.21.89.1



HLB VIP (IP Address):
Si No.
Services
Name HLB
VIP-IP Address HLB
1
Office Web Apps Farm External Web FQDN
webconf.test.com
10.10.1.145
2
Front End Pool External web FQDN
webis.test.com
10.10.1.146
3
Front End Pool Internal web FQDN
webisint.test.com
10.10.1.144
4
Edge Internal load balancer FQDN
lyncedgepool.test.com
10.10.1.202
5
Access Edge External FQDN
access.test.com
192.21.89.50
6
Web Conferencing Edge External FQDN
webcon.test.com
192.21.89.51
7
A/V Edge External FQDN
av.test.com
192.21.89.52
8
Reverse Proxy setting
External access for WEB https traffic
192.21.89.1

Internal DNS Records
Internal DNS  A records

Si No
Record Type
FQDN record name
IP Address
1
A
lyncedgepool.test.com
10.10.1.202
2
A
TESTEDG01.test.com
10.10.1.200
3
A
TESTEDG02.test.com
10.10.1.201
4
A
lyncpool.test.com
10.10..1.33
5
A
lyncpool.test.com
10.10..1.34
6
A
lyncpool.test.com
10.10.1.39
7
A
webis.test.com
10.10.1.146
8
A
TESTLYN01.test.com
10.10.1.33
9
A
TESTLYN01.test.com
10.10.1.34
10
A
TESTLYN01.test.com
10.10.1.39
11
A
TESTLYNC.test.com
10.10.1.127
12
A
sip.test.com
10.10.1.146
13
A
sip.test1.com
10.10.1.146
14
A
dialin.test.com
10.10.1.33
15
A
meet.test.com
10.10.1.144
16
A
meet.test1.com
10.10.1.144
17
A
admin.test.com
10.10.1.146
18
A
webconf.test.com
10.10.1.145
19
A
lyncdiscoverinternal.test.com
10.10.1.33
20
A
lyncdiscoverinternal.test.com
10.10.1.34
21
A
lyncdiscoverinternal.test.com
10.10.1.39
22
A
lyncdiscoverinternal.test.com
10.10.1.33
23
A
av.test.com
192.21.89.52
24
A
admin.test.com
10.10.1.33
25
A
access.test.com
192.21.89.50
26
A
webcon.test.com
192.21.89.51
27
A
lyncdiscoverinternal.test.com
10.10.1.33
28
A
lyncdiscoverinternal.test1.com
10.10.1.33

Internal DNS SRV records:
Internal DNS  SRV records


Si No
Record Type
FQDN record name
Pointing to Lync Pool

1
SRV
_sipinternaltls._tcp.test.com
lyncpool.test.com

2
SRV
_sipinternaltls._tcp.test1.com
lyncpool.test1.com






External DNS A and CNAME records:
External DNS  A records


Si No
Record Type
FQDN record name
IP Address

1
A
access.test.com
192.21.89.50

2
A
access.test1.com
192.21.89.50

3
A
webcon.test.com
192.21.89.51

4
A
webcon.test1.com
192.21.89.51

5
A
av.test.com
192.21.89.52

6
A
av.test1.com
192.21.89.52

7
A
lyncdiscover.test.com
192.21.89.1

8
A
dialin.test.com
192.21.89.1

9
A
meet.test.com
192.21.89.1

10
A
webis.test.com
192.21.89.1

11
A
webconf.test.com
192.21.89.51

12
A
meet.test1.com
192.21.89.1

13
CNAME
lyncdiscover.test1.com
lyncdiscover.test.com








External SRV Records:

External DNS  SRV Records

Si No
Record Type
FQDN record name
Pointing to  external access Lync Pool
1
SRV
_sip._tls.test.com
access.test.com
2
SRV
_sip._tls.test1.com
access.test.com
3
SRV
_sipfederationtls._tcp.test.com
access.test.com
4
SRV
_sipfederationtls._tcp.test1.com
access.test.com

Step121.Now we have create rules on NetScaler

External Interface (VIP) for Hardware Load Balancer

Edge Server Role
Source IP
Source Port
Destination IP
Destination Port
Transport
Application
Access
Any
Any
192.21.89.50
443
TCP
SIP (TLS)
Access
Any
Any
192.21.89.50
5061
TCP
SIP (MTLS)
Access
Any
Any
192.21.89.50
5269
TCP
XMPP
Web Conferencing
Any
Any
192.21.89.51
443
TCP
PSOM (TLS)
A/V
Any
Any
192.21.89.52
3478
UDP
STUN/MSTURN
A/V
Any
Any
192.21.89.52
443
TCP
STUN/MSTURN

External Interface Node 1 (TESTEDG01) and Node 2 (TESTEDG02)

Edge Server Role
Source IP
Source Port
Destination IP
Destination Port
Transport
Application
Access
192.21.89.56
192.21.89.57
Any
Any
80
TCP
HTTP
Access
192.21.89.56
192.21.89.57
Any
Any
53
UDP
DNS
Access
192.21.89.56
192.21.89.57
Any
Any
5061
TCP
SIP (MTLS)
Access
192.21.89.56
192.21.89.57
Any
Any
5269
TCP
XMPP
A/V
192.21.89.60
192.21.89.61
50000-59999
Any
Any
TCP
RTP
A/V
192.21.89.60
192.21.89.61
50000-59999
Any
Any
UDP
RTP
A/V
Any
Any
192.21.89.60
192.21.89.61
50000-59999
TCP
RTP
A/V
Any
Any
192.21.89.60
192.21.89.61
50000-59999
UDP
RTP
A/V
192.21.89.60
192.21.89.61
3478
Any
Any
UDP
STUN/MSTURN
A/V
Any
Any
192.21.89.60
192.21.89.61
3478
UDP
STUN/MSTURN
A/V
Any
Any
192.21.89.60
192.21.89.61
443
TCP
STUN/MSTURN

Internal Firewall Ports Settings

Internal Interface (VIP)

Edge Server Role
Source IP
Source Port
Destination IP
Destination Port
Transport
Application
Access
10.10.1.33
10.10.1.34
10.10.1.39
Any
10.10.1.202
5061
TCP
SIP (MTLS)
A/V
Any
Any
10.10.1.202
5062
TCP
SIP (MTLS)
A/V
Any
Any
10.10.1.202
3478
UDP
STUN/MSTURN
A/V
Any
Any
10.10.1.202
443
TCP
STUN/MSTURN


Internal Interface Node1 (TESTEDG01) and Node2 (TESTEDG02)


Edge Server Role
Source IP
Source Port
Destination IP
Destination Port
Transport
Application
Access
10.10.1.200
10.10.1.201
Any
10.10.1.33
10.10.1.34
10.10.1.39
5061
TCP
SIP (MTLS)
Access
10.10.1.33
10.10.1.34
10.10.1.39
Any
10.10.1.200
10.10.1.201
5061
TCP
SIP (MTLS)
Access
10.10.1.33
10.10.1.34
10.10.1.39
Any
10.10.1.200
10.10.1.201
4443
TCP
HTTPS
Web Conferencing
Any
Any
10.10.1.200
10.10.1.201
8057
TCP
PSOM (MTLS)
A/V
Any
Any
10.10.1.200
10.10.1.201
3478
UDP
STUN/MSTURN
A/V
Any
Any
10.10.1.200
10.10.1.201
443
TCP
STUN/MSTURN
Step123.Now we have to configure Hardware Load Balancer, We are Using Citrix Netscaler hardware load balancer
We need to Configure Citirx NetScaler by mentioning the below request
 
Services name
HLB sip address
HLB IP address
IP Address
Ports
Front End Pool Internal Web FQDN
webisint.test.com
10.10.1.144
10.10.1.33
HTTPS/443,HTTP/80



10.10.1.34




10.10.1.39

Office Web Apps Farm External Web FQDN
webconf.test.com
10.10.1.145
Future Purpose

Front End Pool External Web FQDN
webis.test.com
10.10.1.146
10.10.1.202
HTTPS/4443,HTTP/8080

Services name
HLB sip address
HLB IP address
IP Address
Ports
External SIP and TLS login
Access.test.com
192.21.89.50
192.21.89.56
HTTPS/443,HTTP/80



192.21.89.57





External Web conferencing
webcon.test.com
192.21.89.51
192.21.89.58
Web Conf Edge- PSOM/TLS:443
192.21.89.59
External AV conferencing
av.test.com
192.21.89.52
192.21.89.60
A/V Edge-Stun/TCP:443, UDP:3478
192.21.89.61

Reverse Proxy Settings:
Service name
HLB sip address
HLB IP address
IP Address
Ports
External Web interface
Meet.test.com
Dialin.test.com
Webis.test.com
192.21.89.182
10.10.1.146
HTTPS/443
HTTP/80

To work Lync meet url and mobile login externally we have create a Reverse proxy settings on Citrix NetScaler  by using 192.21.89.182 and uploaded the SSL Certificate on to the NetScaler , So users when send the Lync meeting request to users who doesn’t have Lync client installed on their desktop can able to login by using the web url provided  by the Lync user who initiated the meeting and while logging from mobile it will go throw the NetScaler and accept the certificate and bypass the HLB access and hit directly to the Lync server to Login   
Step124. Now Reboot the Servers One by one but wait until all the services started than go with another server reboot
TESTLYNC.test.com
TESTLYNC1.test.com
TESTLYNC2.test.com
TESTLYNC3.test.com
TESTEDG01
TESTEDG02
Now we can see all the servers are in open the Lync control panel by entering the url https:\\admin.test.com will route to https:\\lynpool.test.com


Testing :

Lync Test
Internal to Internal
External to External
Internal to External
External to Internal
Internal to Redcentric
External to Redcentric
Skype
IM
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Audio
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Video
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Desktop
Yes
Yes
Yes
Yes
Yes
Yes

Web IM
Yes
Yes
Yes
Yes



Web Desktop
Yes
Yes
Yes
Yes



Web Audio
Yes
Yes
Yes
Yes



Web Video
Yes
Yes
Yes
Yes



Conferencing IM Desktop
Yes
Yes
Yes
Yes
Yes
Yes

File Share txt file
Yes
Yes
Yes
Yes
Yes
Yes

Mobile IM / Video One to One
Yes
Yes
Yes
Yes
Yes
Yes

Mobile Lync Call One to One
Yes
Yes
Yes
Yes



Mobile Conferencing IM Video
Yes
Yes
Yes
Yes



Mobile Video Restriction to Users
Yes
Yes
Yes
Yes










Comments

Post a Comment

Popular posts from this blog

Configuring and Managing Storage

Configuring and Managing Storage Storage Concepts If you are an ESX/ESXi administrator planning to set up ESX/ESXi hosts to work with SANs, you must have a working knowledge of SAN concepts. You can find information about SANs in print and on the Internet. Because this industry changes constantly, check these resources frequently. If you are new to SAN technology, familiarize yourself with the basic terminology. A storage area network (SAN) is a specialized high-speed network that connects computer systems, or host servers, to high performance storage subsystems. The SAN components include host bus adapters (HBAs) in the host servers, switches that help route storage traffic, cables, storage processors (SPs), and storage disk arrays. A SAN topology with at least one switch present on the network forms a SAN fabric. To transfer traffic from host servers to shared storage, the SAN uses Fibre Channel (FC) protocol that packages SCSI commands into Fibre Channel frames. To rest...
Read more

vCenter Server 5.5 installation software requirements and Step by Step process to implement

vCenter Server 5.5 installation software requirements and Step by Step process to implement : Requirements : vCenter Single Sign-On, vSphere Web Client, vCenter Inventory Service, and vCenter Server hardware requirements                                Host Hardware for Simple Install Deployment   Minimum Requirement Processor   Intel or AMD x64 processor with two or more logical cores, each with a speed of 2 GHz. Memory   3 GB Disk Storage   2 GB Network speed   1 Gbps Software requirments   Minimum Requirement Microsoft server   Windows Server 2008 R2 .net   3.5 SP1 Framwork SQL Server   SQL Server 2008 vCenter Server Software Requirements and service requirements : 1. ...
Read more