To support all the remote features available in Lync
Server, a reverse proxy must be used to publish internal web services in
addition to an Edge Server pool. The type of reverse proxy used is
flexible because almost any kind of reverse proxy should be capable of
handling the requirements. Microsoft recommends using either the
Forefront Unified Access Gateway or Threat Management Gateway products
for publishing Lync Server. Threat Management Gateway, or TMG, is the
next generation of the Internet Security & Acceleration (ISA) Server
product and Unified Access Gateway (UAG) builds on TMG with additional
security and filtering capabilities. This section focuses on publishing
the Lync Server Front End or Director pools using Forefront Threat
Management Gateway 2010.
Reverse Proxy Installation
If a reverse proxy
already exists in the organization, it can be used to also publish Lync
Server web services. There is no requirement for a reverse proxy to be
dedicated only to Lync Server, but if no reverse proxy exists, one
should be deployed when an Edge Server is provisioned.
The following section details how to use the Microsoft Forefront Threat
Management Gateway 2010 as a reverse proxy for Lync Server.
Forefront Threat Management Gateway 2010 Prerequisites
This section discusses
the hardware, operating system, and software requirements necessary for
installing Forefront Threat Management Gateway.
Hardware Requirements
The Forefront Threat Management Gateway server processor requirement is as follows:
Caution
Threat Management Gateway
2010 is only a 64-bit application and requires a 64-bit capable
processor. This is generally not an issue with any modern hardware.
However, verify that legacy hardware supports a 64-bit operating system
before attempting to use it as a reverse proxy.
The Forefront Threat Management Gateway server memory requirement is as follows:
The Forefront Threat Management Gateway disk requirement is as follows:
The Forefront Threat Management Gateway server network requirements are as follows:
Note
Designing a
high-availability solution for Threat Management Gateway is not
discussed in detail here. However, this can be done with Windows Network
Load Balancing or a hardware load balancer. Follow the documentation on
TechNet to design a solution that matches and meets availability
requirements for the Lync Server infrastructure.
Operating System Requirements
Forefront Threat Management Gateway supports the following operating systems:
Windows Server 2008, x64 Standard Edition with Service Pack 2
Windows Server 2008, x64 Enterprise Edition with Service Pack 2
Windows Server 2008, x64 Datacenter Edition with Service Pack 2
Windows Server 2008 R2, Standard Edition
Windows Server 2008 R2, Enterprise Edition
Windows Server 2008 R2, Datacenter Edition
The Windows Server Core, Web,
and High Performance Computing editions for any operating system version
are not supported for deployment.
Software Requirements
The Forefront Threat Management Gateway server requires installation of the following components:
Server Roles and Features
In addition to the
operating system and software requirements listed previously, the
Forefront Threat Management Gateway requires several Windows server
roles, role services, and features to be installed. The following roles
and features can either be preinstalled or installed automatically by
the Forefront Threat Management Gateway preparation tool.
Network Policy Server
Routing and Remote Access Services
Active Directory Lightweight Directory Services Tools
Network Load Balancing Tools
Windows PowerShell
Forefront Threat Management Gateway 2010 Installation
This section
discusses installing a standalone Forefront Threat Management Gateway
2010 server to support the reverse proxy functionality required for
external access. For detailed instructions on configuring an array of
Threat Management Gateway servers or centralized management options,
refer to TechNet.
1. | Launch the Forefront Threat Management Gateway 2010 installation media.
|
2. | If the required server roles and features have not applied, click Run Preparation Tool.
|
3. | Click Next to begin the Preparation Wizard.
|
4. | Select I accept the terms of license agreements and then click Next.
|
5. | Select Forefront TMG services and Management and then click Next.
|
6. | Select Launch Forefront TMG Installation Wizard and then click Finish.
|
7. | Click Next to begin the installation.
|
8. | Select I accept the terms in the license agreement and then click Next.
|
9. | Enter a username, organization, and product serial number. Then click Next.
|
10. | Enter an installation path and then click Next.
|
11. | Click the Add button to begin entering internal network ranges.
|
12. | Click Add Adapter, select the network adapter, and then click OK.
|
13. | Verify
the start and end addresses account for the internal network ranges of
the Lync Server servers. Include additional ranges, and then click OK and Next.
|
14. | Click Next and then Install to begin the installation.
|
15. | Click Finish when the installation completes. |
