Lync Server 2013 Deployment _ Lync Server Edge High Availability (DNS polling)

Public network publishing can not be separated from the edge server, like the front end, edge servers also need a highly available architecture

Can be implemented through the hardware load balancer and DNS polling, we use DNS polling implementation, but the external network will need two public address, as a demonstration I will publish a

The deployment content is as follows:

1. Publish The Lyncedge topology

2. Add a DNS suffix for Lyncedge

3. Add DNS records for Lyncedge

4. Add the first Lyncedge to the edge pool

5. Install the second Lyncedge, export the first Lyncedge certificate when processing the certificate, and import the second one.

The Edge server information is as follows

1.LYNCEDGE01 \ IP inside:192.168.124.27 IP outside:192.168.124.37

2.LYNCEDGE02 \ IP inside:192.168.124.28 IP outside:192.168.124.38

4. The intranet network card needs to fill in the DNS address, but does not need the gateway, the external network card must fill the gateway, does not need the DNS

= = Publish Topology

The picture is missing one, the operation is very simple, the emphasis is explained

1) New Edge Pool

650) this.width=650; "title=" Qq20160806135353.png "alt=" wkiol1erl4ct0bmpaacghdfvdvm719.png "src="/HTTP/ S4.51cto.com/wyfs02/m01/85/a7/wkiol1erl4ct0bmpaacghdfvdvm719.png "/>

2) Define the FQDN of an edge pool, note that it is a multi-machine pool

650) this.width=650; "title=" Qq20160806135504.png "style=" Float:none "alt=" Wkiol1erl_vitnvdaab4wend2jo582.png "src = "Http://s2.51cto.com/wyfs02/M01/85/A7/wKioL1erL_vitnvDAAB4wEnD2Jo582.png"/>

3) Select the function of the edge pool, temporarily do not enable the Federation, the first required

650) this.width=650; "title=" Qq20160806135618.png "style=" Float:none "alt=" Wkiom1erl_uhq-_0aackyd3uzik105.png "src = "Http://s2.51cto.com/wyfs02/M02/85/A8/wKiom1erL_uhQ-_0AACkyD3uZIk105.png"/>

4) internal and external enable IPV4, do not check NAT

650) this.width=650; "title=" Qq20160807121838.png "style=" Float:none "alt=" Wkiol1erl_uql7q5aab6k_i2qm0338.png "src = "Http://s2.51cto.com/wyfs02/M02/85/A7/wKioL1erL_uQl7q5AAB6K_I2Qm0338.png"/>

5) The external FQDN basically fills in the SIP domain name, sets the A/V Edge service port to 442, saves the public IP, so you can simultaneously publish the edge and Officewebapp service

650) this.width=650; "title=" Qq20160807122421.png "style=" Float:none "alt=" Wkiol1ermlwwz7k8aacmgthlujc110.png-wh_ "Src=" Http://s4.51cto.com/wyfs02/M00/85/A7/wKioL1erMLWwz7K8AACMGthLuJc110.png-wh_500x0-wm_3-wmp_4-s_ 326326248.png "/>

6) Enter the internal IP address of the LyncEdge01.jacksi.win

650) this.width=650; "title=" Qq20160807122901.png "style=" Float:none "alt=" Wkiom1ermlbidjxoaabujfwa6w0965.png-wh_ "Src=" Http://s4.51cto.com/wyfs02/M01/85/A8/wKiom1erMLbiDJXoAABUJFwa6w0965.png-wh_500x0-wm_3-wmp_4-s_ 2277608627.png "/>

7) Enter the external IP address, here forget forgive me, my external address is 192.168.124.37, if there is hardware load balancing, the external address needs to be set to the cluster IP address

8) Enter the internal IP address of the LyncEdge02.jacksi.win

650) this.width=650; "title=" Qq20160810004641.png "style=" Float:none "alt=" Wkiom1ermejrb_mhaabxkac6rmw916.png "src = "Http://s2.51cto.com/wyfs02/M02/85/A8/wKiom1erMejRB_mHAABXkaC6rmw916.png"/>

9) Enter the external address of the LyncEdge02.jacksi.win

650) this.width=650; "title=" Qq20160810004654.png "style=" Float:none "alt=" Wkiol1ermensddujaabtxxipsr0906.png "src = "Http://s2.51cto.com/wyfs02/M02/85/A7/wKioL1erMenSdduJAABTxXIPSR0906.png"/>

10) Define the next hop server, which is our front end pool

650) this.width=650; "title=" Qq20160807122944.png "style=" Float:none "alt=" Wkiol1ermxysqxxmaabh-w5qang596.png "src = "Http://s2.51cto.com/wyfs02/M00/85/A7/wKioL1erMxySQxxmAABH-w5qAng596.png"/>

650) this.width=650; "title=" Qq20160807122954.png "style=" Float:none "alt=" Wkiom1ermxyrwmquaabs2lmlqrc707.png "src = "Http://s2.51cto.com/wyfs02/M00/85/A8/wKiom1erMxyRWMQUAABs2LMLQrc707.png"/>

11) Publish the topology after completion

650) this.width=650; "title=" Qq20160807123028.png "alt=" wkiom1erm07qmzl7aacasszal00357.png "src="/HTTP/ S4.51cto.com/wyfs02/m01/85/a8/wkiom1erm07qmzl7aacasszal00357.png "/>

= = add lyncedge to DNS suffix

650) this.width=650; "title=" Qq20160807122154.png "style=" Float:none "alt=" Wkiom1erm-ng3jb6aacuawfwixu146.png "src = "Http://s1.51cto.com/wyfs02/M01/85/A8/wKiom1erM-ng3jb6AACUaWFwiXU146.png"/>

650) this.width=650; "title=" Qq20160807122311.png "style=" Float:none "alt=" Wkiol1erm-rtoqalaackj747pom710.png "src = "Http://s5.51cto.com/wyfs02/M01/85/A7/wKioL1erM-rTOqalAACKj747PoM710.png"/>

= = DNS record Additions

1) Lyncedge is the name of the pool, where you need to point the hold record to both edge servers, and specify that the IP address must be the internal network card address of the Edge server

2) Add the FQDN of the two edge server

650) this.width=650; "title=" Qq20160807122103.png "alt=" wkiom1ernaathjyaaaaf5brezly109.png "src="/HTTP/ S1.51cto.com/wyfs02/m02/85/a8/wkiom1ernaathjyaaaaf5brezly109.png "/>

= = Install First Lyncedge

1) need to export the front-end defined topology, the file suffix must be a zip

650) this.width=650; "title=" Qq20160807123433.png "alt=" wkiol1ernmhhyaynaaah9bn58ce336.png "src="/HTTP/ S1.51cto.com/wyfs02/m02/85/a7/wkiol1ernmhhyaynaaah9bn58ce336.png "/>

2) First complete some prerequisites and need to install Windows Identity Foundation and Message Queuing

650) this.width=650; "title=" Qq20160807125121.png "alt=" wkiom1ernt6jao1eaad0-tw1nna290.png "src="/HTTP/ S4.51cto.com/wyfs02/m00/85/a8/wkiom1ernt6jao1eaad0-tw1nna290.png "/>

3) Install the local configuration store, open the previously exported zip file 650) this.width=650; "title=" Qq20160807124746.png "alt=" Wkiom1ernrna16qxaacdume2mli334.png "src=" Http://s1.51cto.com/wyfs02/M00/85/A8/wKiom1erNRnA16QXAACdUmE2mlI334.png "/>

650) this.width=650; "title=" Qq20160807133431.png "style=" Float:none "alt=" Wkiol1ernmuyq6apaaddy8in4p4721.png "src = "Http://s1.51cto.com/wyfs02/M01/85/A8/wKioL1erNmuyq6ApAADDY8In4P4721.png"/>

650) this.width=650; "title=" Qq20160807134034.png "style=" Float:none "alt=" Wkiom1ernmzw1fzgaadfaqxhitc780.png "src = "Http://s1.51cto.com/wyfs02/M02/85/A8/wKiom1erNmzw1FZGAADfaQXhiTc780.png"/>

= = First Lyncedge configuration certificate

1) Request Edge Internal certificate

650) this.width=650; "title=" Qq20160807134348.png "style=" Float:none "alt=" Wkiol1eroels32weaabrkcrbhr8654.png "src = "Http://s5.51cto.com/wyfs02/M02/85/A8/wKioL1erOELS32WeAABrkCrBhR8654.png"/>

You can only request an offline certificate request because the Edge server is not joined to a domain

650) this.width=650; "title=" Qq20160807134918.png "style=" Float:none "alt=" Wkiom1eroepsuy8iaabdky4idxk696.png "src = "Http://s5.51cto.com/wyfs02/M00/85/A8/wKiom1erOEPSuy8IAABdky4IDXk696.png"/>

Friendly name fill in the FQDN of the Edge server internal edge pool and mark the private key to export (the certificate will be imported to LYNCEDGE02 later)

650) this.width=650; "title=" Qq20160807135007.png "style=" Float:none "alt=" Wkiom1eroeojqrs0aabsqfdhuqy758.png "src = "Http://s5.51cto.com/wyfs02/M00/85/A8/wKiom1erOEOjqRs0AABsQFDHUqY758.png"/>

650) this.width=650; "title=" Qq20160807135033.png "style=" Float:none "alt=" Wkiol1eroesckbvuaabnizusnrq239.png "src = "Http://s2.51cto.com/wyfs02/M00/85/A8/wKioL1erOESCKbvuAABNizUsnrQ239.png"/>

650) this.width=650; "title=" Qq20160807135041.png "style=" Float:none "alt=" Wkiol1eroeswrxaaaabmowkfhzq312.png "src = "Http://s2.51cto.com/wyfs02/M00/85/A8/wKioL1erOESwRXAaAABMoWkFhZQ312.png"/>

User name add two Lyncedge server

650) this.width=650; "title=" Qq20160807135101.png "style=" Float:none "alt=" Wkiom1eroetibt1waabbgoknkuc277.png "src = "Http://s2.51cto.com/wyfs02/M01/85/A8/wKiom1erOETibt1wAABbgOKnKuc277.png"/>

650) this.width=650; "title=" Qq20160807135114.png "style=" Float:none "alt=" Wkiom1eroewqriz4aad1jpn2ud4624.png "src = "Http://s3.51cto.com/wyfs02/M01/85/A8/wKiom1erOEWQRiz4AAD1jPn2uD4624.png"/>

Fill in a req suffix file name

650) this.width=650; "title=" Qq20160807134942.png "style=" Float:none "alt=" Wkiol1eroepqnmsbaabtsjvxaeo741.png "src = "Http://s5.51cto.com/wyfs02/M02/85/A8/wKioL1erOEPQnMSBAABTsjVXAeo741.png"/>

650) this.width=650; "title=" Qq20160807135125.png "alt=" wkiol1erphqdtlhcaabn07iuwju963.png "src="/HTTP/ S1.51cto.com/wyfs02/m01/85/a8/wkiol1erphqdtlhcaabn07iuwju963.png "/>

2) Apply for external edge certificate

650) this.width=650; "title=" Qq20160807142942.png "style=" Float:none "alt=" Wkiom1eroujcdlx8aab7suhyh9a347.png-wh_ "Src=" Http://s2.51cto.com/wyfs02/M02/85/A8/wKiom1erOujCdlx8AAB7suhYH9A347.png-wh_500x0-wm_3-wmp_4-s_ 1616795561.png "/>650" this.width=650; "title=" Qq20160807143815.png "style=" Float:none; "alt=" Wkiom1eroumy3z6maaciwlfol7w659.png-wh_50 "src=" http://s2.51cto.com/wyfs02/M00/85/A9/ Wkiom1eroumy3z6maaciwlfol7w659.png-wh_500x0-wm_3-wmp_4-s_1223553749.png "/>

650) this.width=650; "title=" Qq20160807143826.png "style=" Float:none "alt=" Wkiol1eroumsbe1iaacetckdai4965.png-wh_ "Src=" Http://s2.51cto.com/wyfs02/M00/85/A8/wKioL1erOumSbe1iAACetcKDaI4965.png-wh_500x0-wm_3-wmp_4-s_ 3261988794.png "/>

650) this.width=650; "title=" Qq20160807143846.png "style=" Float:none "alt=" Wkiom1erouny3tacaabroz4lhra977.png-wh_ "Src=" Http://s2.51cto.com/wyfs02/M01/85/A9/wKiom1erOuny3TaCAABROZ4lHrA977.png-wh_500x0-wm_3-wmp_4-s_ 2037085758.png "/>

650) this.width=650; "title=" Qq20160807143857.png "style=" Float:none "alt=" Wkiol1erourygx0zaabnqgakqpi035.png-wh_ "Src=" Http://s1.51cto.com/wyfs02/M01/85/A8/wKioL1erOurygx0ZAABNQGAkqPI035.png-wh_500x0-wm_3-wmp_4-s_ 2936335531.png "/>

3) Web page completion certificate request

Using a text document to open the previous two suffix req file, copy the contents of the file to the box, and the certificate template uses the Web server

650) this.width=650; "title=" Qq20160807142317.png "alt=" wkiol1erpl7gpk88aacq7yaqzyy327.png "src="/HTTP/ S4.51cto.com/wyfs02/m02/85/a8/wkiol1erpl7gpk88aacq7yaqzyy327.png "/>

4) After the certificate request is complete, import the certificate using MMC, or use the import in the Installation wizard to import two certificates in the same operation.

650) this.width=650; "title=" Qq20160807142814.png "style=" Float:none "alt=" Wkiol1erpxahnvnraadq0o0srqm592.png "src = "Http://s5.51cto.com/wyfs02/M01/85/A8/wKioL1erPXahNvnrAADQ0O0SrqM592.png"/>

Certificate stored in a personal

650) this.width=650; "title=" Qq20160807142835.png "style=" Float:none "alt=" Wkiom1erpxfqrttmaabfb9rajbs687.png "src = "Http://s5.51cto.com/wyfs02/M02/85/A9/wKiom1erPXfQRtTMAABFb9rajBs687.png"/>

assigning Lyncedge Internal certificates

650) this.width=650; "title=" Qq20160807142904.png "style=" Float:none "alt=" Wkiol1erpxeso28jaabttvgrnhs849.png "src = "Http://s4.51cto.com/wyfs02/M00/85/A8/wKioL1erPXeSo28jAABTTVgRnhs849.png"/>

650) this.width=650; "title=" Qq20160807142930.png "style=" Float:none "alt=" Wkiom1erpxfz7icwaact0ine0nc516.png "src = "Http://s4.51cto.com/wyfs02/M01/85/A9/wKiom1erPXfz7icwAACT0iNE0nc516.png"/>

5) Assigning Edge external certificates

650) this.width=650; "title=" Qq20160807144038.png "style=" Float:none "alt=" Wkiol1erplpzo98faab1sa56umw324.png "src = "Http://s4.51cto.com/wyfs02/M00/85/A8/wKioL1erPlPzo98fAAB1sA56UMw324.png"/>

650) this.width=650; "title=" Qq20160807144053.png "style=" Float:none "alt=" Wkiom1erplpztbrgaabhuhpjqg0058.png "src = "Http://s4.51cto.com/wyfs02/M01/85/A9/wKiom1erPlPzTBRgAABhuHPjQg0058.png"/>

650) this.width=650; "title=" Qq20160807144154.png "style=" Float:none "alt=" Wkiom1erpltzedshaab7lev52qk568.png "src = "Http://s4.51cto.com/wyfs02/M00/85/A9/wKiom1erPlTzedsHAAB7leV52Qk568.png"/>

6) Start Lync Service

650) this.width=650; "title=" Qq20160807144228.png "style=" Float:none "alt=" Wkiol1erpltx39xfaadydjuhlqi994.png "src = "Http://s3.51cto.com/wyfs02/M00/85/A8/wKioL1erPlTx39XFAADydJuhLqI994.png"/>

7) Lync Service startup situation

650) this.width=650; "title=" Qq20160810005500.png "alt=" wkiom1erp3gayyjdaafnt2q8jsk674.png "src="/HTTP/ S1.51cto.com/wyfs02/m02/85/a9/wkiom1erp3gayyjdaafnt2q8jsk674.png "/>

= = Second Lyncedge installation

1) do not do here, the only difference in the installation procedure is the certificate processing method

2) first install two prerequisites

3) Add Lync.zip file when installing local storage

4) No re-application is required to process the certificate, export the LYNCEDGE01 Lync Certificate and import the LYNCEDGE02

5) Start the Lync Service and complete the installation

The next chapter on the external network publishing and external network function test

This article from "Sameold" blog, declined reprint!

Lync Server 2013 Deployment _ Lync Server Edge High Availability (DNS polling)