Implementing Lync Reverse Proxy using IIS arr

We used to do the Lync reverse proxy we used to use TMG, but TMG has too many problems, such as only installed on the Server2008 server, and Microsoft has no subsequent development, we can now use IIS arr to implement the reverse proxy function, he compared to TMG does not need to deploy the server alone, Just find a server with Server2012 installed and you can use it to install the IIS Arr component.

So since both TMG and IIS arr can implement the reverse proxy for Lync, what's going on somewhere else?

First TMG is a firewall, his reverse proxy is based on port mapping, which is similar to our enterprise router or firewall function, can do IP-to-IP mapping.

And IIS arr is a Web service-based application layer routing, he can only for the HTTP and HTTPS protocol routing, in this experiment to implement Lync Extranet Web conferencing, Lync Phone login and other features, because he is the application layer routing, he only need an external IP address, according to the target domain name different, Routed to a different intranet server, which means that the domain name of Lync (RP, meet, Dialin, Lyncdiscover, and so on) is routed to the front-end server, and exchange's domain name (OWA, ECP) is routed to the CAs of exchange. So the port mapping on the Lync Edge is still implemented through TMG or the corporate firewall.

For a test environment or a simple production environment this feature of the IIS arr is advantageous, so that we only need a public IP address, a common external 443 port for Lync, Exchange, OWA and other applications. Then we start deploying.

Download from Microsoft Official website IIS ARR Components, currently the latest version is 3.0

Http://www.microsoft.com/web/gallery/install.aspx?appid=ARRv3_0

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/67/wKioL1VIxz6yK1brAADoBOdziIc401.jpg "style=" float: none; "title=" 1.jpg "alt=" Wkiol1vixz6yk1braadobodziic401.jpg "/>

double-click to open the installation Arrv3_0

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/6C/wKiom1VIxc6AN8jAAACQbY6ngg0354.jpg "style=" float: none; "title=" 2.jpg "alt=" Wkiom1vixc6an8jaaacqby6ngg0354.jpg "/>

Follow the prompts to install the program

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/67/wKioL1VIxz-RktT0AADB3DHRPoI356.jpg "style=" float: none; "title=" 3.jpg "alt=" Wkiol1vixz-rktt0aadb3dhrpoi356.jpg "/>

The installer will be downloaded through the network, the host needs to be installed to connect to the public network

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/6C/wKiom1VIxc6yWTCZAAFSGaKI8zY197.jpg "style=" float: none; "title=" 4.jpg "alt=" Wkiom1vixc6ywtczaafsgaki8zy197.jpg "/>

Installation Completion Tips

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/67/wKioL1VIxz-Ro5bYAADy3c9lqn0745.jpg "style=" float: none; "title=" 5.jpg "alt=" Wkiol1vixz-ro5byaady3c9lqn0745.jpg "/>

we need to pre- IIS ARR certificates, in the same way as TMG, I recommend using the external gateway certificate of the Lync Edge Server, which basically contains the DNS name that we need for Lync Login , and then add as needed DNS for OWA and Exchange is on the line. Use MMC to export certificates from the Lync Edge Server and import them in the IIS ARR server.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/6C/wKiom1VIxc_jaGsaAAFOMCYZ4-M150.jpg "style=" float: none; "title=" 7.jpg "alt=" Wkiom1vixc_jagsaaafomcyz4-m150.jpg "/>

in the View Certificates in IIS Manager

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/6C/wKiom1VIxc-wqpb7AACsRwC362g199.jpg "style=" float: none; "title=" 8.jpg "alt=" Wkiom1vixc-wqpb7aacsrwc362g199.jpg "/>

Open IIS Manager

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/67/wKioL1VIxz_iyXIyAADQZOSFll4847.jpg "title=" 6.png " Style= "Float:none;" alt= "wkiol1vixz_iyxiyaadqzosfll4847.jpg"/>

Open Web site, right-click Default Web Site, select Edit Binding

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/67/wKioL1VIx0DBaG5YAADkpe2maDs233.jpg "style=" float: none; "title=" 9.jpg "alt=" Wkiol1vix0dbag5yaadkpe2mads233.jpg "/>

Add type to HTTPS, select the SSL certificate that you just imported

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/6C/wKiom1VIxfqSUPRIAAD_TzTS_0o244.jpg "style=" float: none; "title=" 10.jpg "alt=" Wkiom1vixfqsupriaad_tzts_0o244.jpg "/>

Restart site has applied changes

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/67/wKioL1VIx2qwOX-VAADbNw0KbPg986.jpg "style=" float: none; "title=" 11.png "alt=" Wkiol1vix2qwox-vaadbnw0kbpg986.jpg "/>

below to start adding Server Farms, right-click Server Farms, select Create server Farms

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/6C/wKiom1VIxfqTy8wrAADfM7MSEIc148.jpg "style=" float: none; "title=" 12.png "alt=" Wkiom1vixfqty8wraadfm7mseic148.jpg "/>

Let's first add For Lync Front-end web mapping, fill in the need to correspond to the external Web service FQDN that the Lync front-end server configures , click Next

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/67/wKioL1VIx2uhs3bGAACOdBti3bQ579.jpg "style=" float: none; "title=" 13.jpg "alt=" Wkiol1vix2uhs3bgaacodbti3bq579.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/6C/wKiom1VIxfuDBmvZAADkbA-DSVU631.jpg "style=" float: none; "title=" 14.jpg "alt=" Wkiom1vixfudbmvzaadkba-dsvu631.jpg "/>

Enter the target server (i.e. Lync Front-end server internal IP), expand Advanced settings--applicationrequestrouting, change the destination port to 8080 and 4443, such as. Click Finish

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/67/wKioL1VIx2uwfebpAADoUBRNEKQ307.jpg "style=" float: none; "title=" 15.jpg "alt=" Wkiol1vix2uwfebpaadoubrnekq307.jpg "/>

prompt to reconfigure Rewite Rules, we first click OK, then do the configuration later

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/6C/wKiom1VIxfvAhvwMAAEAfeDwcEY866.jpg "style=" float: none; "title=" 16.png "alt=" Wkiom1vixfvahvwmaaeafedwcey866.jpg "/>

Open the added Lync server farm, open Caching

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/6C/wKiom1VIxjugvJyvAACbt2sx3z0468.jpg "style=" float: none; "title=" 17.jpg "alt=" Wkiom1vixjugvjyvaacbt2sx3z0468.jpg "/>

put Enable disk cache Tick Cancel, click Apply

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/67/wKioL1VIx6yzWt0XAADewDYBjK4267.jpg "style=" float: none; "title=" 18.png "alt=" Wkiol1vix6yzwt0xaadewdybjk4267.jpg "/>

continue back to server farm open Proxy

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/6C/wKiom1VIxjuDfhJPAADk2hCUlLk009.jpg "style=" float: none; "title=" 19.png "alt=" Wkiom1vixjudfhjpaadk2hcullk009.jpg "/>

will be Time-out time set to $, click Apply

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/6C/wKiom1VIxjuTpUeDAAD6HoukRI0049.jpg "style=" float: none; "title=" 20.jpg "alt=" Wkiom1vixjutpuedaad6houkri0049.jpg "/>

continue back to the server farm, open Routing Rules

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/67/wKioL1VIx6ywVvMQAADlZR9Ne08715.jpg "style=" float: none; "title=" 21.png "alt=" Wkiol1vix6ywvvmqaadlzr9ne08715.jpg "/>

will be Enable SSL offloading before the tick is removed, click Apply

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/67/wKioL1VIx6ySUrjzAADomQiaU04594.jpg "style=" float: none; "title=" 22.jpg "alt=" Wkiol1vix6ysurjzaadomqiau04594.jpg "/>

and then repeat the add Server Farms, including simple URLs for Lync,Lync self-discovery

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/6C/wKiom1VIxjyxnixKAAGPCUtzJzM443.jpg "style=" float: none; "title=" 23.png "alt=" Wkiom1vixjyxnixkaagpcutzjzm443.jpg "/>

Add Exchange 's OWA login address, it is important to note that Lync needs to do a 8080,443 to 4443 changes, Exchange does not need to be added by default (Office Web App Server has not yet been tested and is supplemented later).

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/67/wKioL1VIx6zSV3ZKAACYyVACBCI834.jpg "style=" float: none; "title=" 24.jpg "alt=" Wkiol1vix6zsv3zkaacyyvacbci834.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/67/wKioL1VIx8ajmhcYAADdEGcviHU533.jpg "style=" float: none; "title=" 25.jpg "alt=" Wkiol1vix8ajmhcyaaddegcvihu533.jpg "/>

also need Disable disk Cache and Disbale SSL offloading, where Proxy time-out value needs to be changed to 180

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/6C/wKiom1VIxlXhbAa7AACRgKTx9mM835.jpg "style=" float: none; "title=" 26.jpg "alt=" Wkiom1vixlxhbaa7aacrgktx9mm835.jpg "/>

when all is added, go back to the homepage and click URL Rewriting

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/67/wKioL1VIx8aRW9cAAAEDoqqcWxE059.jpg "style=" float: none; "title=" 27.jpg "alt=" Wkiol1vix8arw9caaaedoqqcwxe059.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/6C/wKiom1VIxlax_DeiAAEd_GSzqvw018.jpg "style=" float: none; "title=" 28.jpg "alt=" Wkiom1vixlax_deiaaed_gszqvw018.jpg "/>

because Lync itself does not have a port, only need to jump to 443, we can have Lync related to the route to delete (that is, without SSL ), after deletion as

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/6C/wKiom1VIxlaRHb_2AAEGwxkh2vk108.jpg "style=" float: none; "title=" 29.jpg "alt=" Wkiom1vixlarhb_2aaegwxkh2vk108.jpg "/>

Double-click Edit Inbound rules for Lync, click Add

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/67/wKioL1VIx8eSaWupAADfeKnASXg273.jpg "style=" float: none; "title=" 30.jpg "alt=" Wkiol1vix8esawupaadfeknasxg273.jpg "/>

Conditional Input {Http_host} , the mode is the domain name of the Lync Web external FQDN. *, my domain name is rp.uc-test.com, then fill in rp.* click Apply

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6C/6C/wKiom1VIxlbSdITzAAEPi44Ou5s306.jpg "style=" float: none; "title=" 31.jpg "alt=" Wkiom1vixlbsditzaaepi44ou5s306.jpg "/>

also put Lync Other simple URLs,Lync Self-discovery configuration,Exchange settings complete, restart IIS

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/67/wKioL1VIx8eSR7oMAACs6oCOKLs251.jpg "style=" float: none; "title=" 32.jpg "alt=" Wkiol1vix8esr7omaacs6ocokls251.jpg "/>

point the map of the router to IIS ARR Server, test Lync Web conferencing and Exchange OWA Login

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6C/6C/wKiom1VIxlfxGRtRAAFGW8NvQq0210.jpg "style=" float: none; "title=" 33.png "alt=" Wkiom1vixlfxgrtraafgw8nvqq0210.jpg "/>

Lync Web OK

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/68/wKioL1VIx8fw3baHAAB61qPQDXs705.jpg "style=" float: none; "title=" 34.jpg "alt=" Wkiol1vix8fw3bahaab61qpqdxs705.jpg "/>

Exchange OWA OK

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6C/6C/wKiom1VIxlewFtLmAACHO2KI0Sc433.jpg "style=" float: none; "title=" 35.jpg "alt=" Wkiom1vixlewftlmaacho2ki0sc433.jpg "/>

Implementing Lync Reverse Proxy using IIS arr