Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Microsoft LynServer 2013 : Firewall and Security Requirements - Reverse Proxy Requirements

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
12/29/2014 3:10:27 AM

Reverse Proxy Requirements

Reverse proxies, such as ISA 2006 SP1 or Forefront Threat Management Gateway (TMG), are excellent ways to securely publish applications, such as Lync Server, to users on the Internet. By controlling specific ports to pass traffic and limiting destination URLs to only the desired paths, you can safely pass traffic from the Internet to Lync Server roles. The following sections discuss how to configure reverse proxies to work with Lync Server.

Why a Reverse Proxy Is Required

It is important to understand why a reverse proxy solution is required for Lync Server 2013. In Lync Server 2013, a reverse proxy is required to publish Lync Web Services to external users. These services are responsible for the following:

Simple URL Publishing—This is required for users to join a Lync Online Meeting.

Web Conferencing Content—Users will download PowerPoint, Whiteboard, and Poll data through the Lync Web Services when in a meeting.

Address Book and Distribution List (DL) Expansion—This is required for users to download the Lync Address Book and perform DL expansion.

User Certificates—Lync Server utilizes client certificate authentication for many purposes; external users must connect to the Lync Web Services to obtain certificates.

Device Updates—Lync Phone Edition devices require access to the Lync Web Services to obtain software updates.

Mobility—Lync Mobile clients on Windows Phone, Android, and Apple IOS connect through the Lync Web Services.

Deploying a Reverse Proxy solution with Lync Server 2013 is absolutely critical in order to enable external user access. This book provides a configuration guide for Microsoft Forefront Threat Management Gateway 2010; many other solutions are available to securely publish these services. To deploy Lync Web Services, the reverse proxy solution must meet the following requirements:

HTTP and HTTPS Publishing—Devices must be capable of securely publishing application content. Devices that support this functionality will specifically call this out as a feature.

SSL Bridging—Lync Server 2013 requires the reverse proxy server to listen for connections on TCP port 443, but to bridge these connections to the Front End Server Pool on TCP port 4443. This is required because the Lync Web Services contain separate virtual web directories for security purposes. The external Lync Web Services directory listens on port 4443, and should be used when publishing to the Internet.

Authentication Bypass—The proxy solution should allow for authentication to occur at the Lync Servers, not at the proxy itself.


Caution

It is not supported by Microsoft, and it is not recommended to deploy external web services without a reverse proxy solution. Do not use NAT as a replacement for a reverse proxy solution.



Certificate Requirements

In general, the reverse proxy certificate requires a public certificate with the following entries:

Lync Web Services External FQDN—This is defined in the topology and should be configured as the Subject Name of your certificate.

Simple URL Entries—There should be a certificate entry in the SAN field for every meeting and dial-in simple URL. There is typically a single dial-in FQDN, and there will be a meeting FQDN for each SIP domain in the environment.

LyncDiscover—Lync Mobile devices are hard-coded to look for the DNS entry lyncdiscover.<sipdomain>. This should terminate at the reverse proxy, as such a certificate entry is required for each SIP domain in your environment.

Other -----------------
- Microsoft LynServer 2013 : Firewall Requirements Overview, Ports Required for Internal and External Access
- Micorosoft Sharepoint 2013 : SharePoint Metadata Types (part 4) - Metadata in Publishing
- Micorosoft Sharepoint 2013 : SharePoint Metadata Types (part 3) - Metadata in Lists
- Micorosoft Sharepoint 2013 : SharePoint Metadata Types (part 2) - Content Types
- Micorosoft Sharepoint 2013 : SharePoint Metadata Types (part 1) - Site Columns
- Micorosoft Sharepoint 2013 : The SharePoint Content Type Model - New Content Type Model Functionality
- Microsoft SQL Server 2012 : Knowing Tempdb - Troubleshooting Common Issues (part 3) - Troubleshooting Space Issues
- Microsoft SQL Server 2012 : Knowing Tempdb - Troubleshooting Common Issues (part 2) - Latch Contention - ikelihood of it happening. Multiple Tempdb Data Files
- Microsoft SQL Server 2012 : Knowing Tempdb - Troubleshooting Common Issues (part 1) - Latch Contention - Allocation Page Contention
- Microsoft SQL Server 2012 : Knowing Tempdb - Overview and Usage (part 2) - The Version Store
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
 
programming4us
Natural Miscarriage
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Game Trailer