Public network publishing can not be separated from the edge server, like the front end, edge servers also need a highly available architecture
Can be implemented through the hardware load balancer and DNS polling, we use DNS polling implementation, but the external network will need two public address, as a demonstration I will publish a
The deployment content is as follows:
1. Publish The Lyncedge topology
2. Add a DNS suffix for Lyncedge
3. Add DNS records for Lyncedge
4. Add the first Lyncedge to the edge pool
5. Install the second Lyncedge, export the first Lyncedge certificate when processing the certificate, and import the second one.
The Edge server information is as follows
1.LYNCEDGE01 \ IP inside:192.168.124.27 IP outside:192.168.124.37
2.LYNCEDGE02 \ IP inside:192.168.124.28 IP outside:192.168.124.38
4. The intranet network card needs to fill in the DNS address, but does not need the gateway, the external network card must fill the gateway, does not need the DNS
= = Publish Topology
The picture is missing one, the operation is very simple, the emphasis is explained
1) New Edge Pool
650) this.width=650; "title=" Qq20160806135353.png "alt=" wkiol1erl4ct0bmpaacghdfvdvm719.png "src="/HTTP/ S4.51cto.com/wyfs02/m01/85/a7/wkiol1erl4ct0bmpaacghdfvdvm719.png "/>
2) Define the FQDN of an edge pool, note that it is a multi-machine pool
650) this.width=650; "title=" Qq20160806135504.png "style=" Float:none "alt=" Wkiol1erl_vitnvdaab4wend2jo582.png "src = "Http://s2.51cto.com/wyfs02/M01/85/A7/wKioL1erL_vitnvDAAB4wEnD2Jo582.png"/>
3) Select the function of the edge pool, temporarily do not enable the Federation, the first required
650) this.width=650; "title=" Qq20160806135618.png "style=" Float:none "alt=" Wkiom1erl_uhq-_0aackyd3uzik105.png "src = "Http://s2.51cto.com/wyfs02/M02/85/A8/wKiom1erL_uhQ-_0AACkyD3uZIk105.png"/>
4) internal and external enable IPV4, do not check NAT
650) this.width=650; "title=" Qq20160807121838.png "style=" Float:none "alt=" Wkiol1erl_uql7q5aab6k_i2qm0338.png "src = "Http://s2.51cto.com/wyfs02/M02/85/A7/wKioL1erL_uQl7q5AAB6K_I2Qm0338.png"/>
5) The external FQDN basically fills in the SIP domain name, sets the A/V Edge service port to 442, saves the public IP, so you can simultaneously publish the edge and Officewebapp service
650) this.width=650; "title=" Qq20160807122421.png "style=" Float:none "alt=" Wkiol1ermlwwz7k8aacmgthlujc110.png-wh_ "Src=" Http://s4.51cto.com/wyfs02/M00/85/A7/wKioL1erMLWwz7K8AACMGthLuJc110.png-wh_500x0-wm_3-wmp_4-s_ 326326248.png "/>
6) Enter the internal IP address of the LyncEdge01.jacksi.win
650) this.width=650; "title=" Qq20160807122901.png "style=" Float:none "alt=" Wkiom1ermlbidjxoaabujfwa6w0965.png-wh_ "Src=" Http://s4.51cto.com/wyfs02/M01/85/A8/wKiom1erMLbiDJXoAABUJFwa6w0965.png-wh_500x0-wm_3-wmp_4-s_ 2277608627.png "/>
7) Enter the external IP address, here forget forgive me, my external address is 192.168.124.37, if there is hardware load balancing, the external address needs to be set to the cluster IP address
8) Enter the internal IP address of the LyncEdge02.jacksi.win
650) this.width=650; "title=" Qq20160810004641.png "style=" Float:none "alt=" Wkiom1ermejrb_mhaabxkac6rmw916.png "src = "Http://s2.51cto.com/wyfs02/M02/85/A8/wKiom1erMejRB_mHAABXkaC6rmw916.png"/>
9) Enter the external address of the LyncEdge02.jacksi.win
650) this.width=650; "title=" Qq20160810004654.png "style=" Float:none "alt=" Wkiol1ermensddujaabtxxipsr0906.png "src = "Http://s2.51cto.com/wyfs02/M02/85/A7/wKioL1erMenSdduJAABTxXIPSR0906.png"/>
10) Define the next hop server, which is our front end pool
650) this.width=650; "title=" Qq20160807122944.png "style=" Float:none "alt=" Wkiol1ermxysqxxmaabh-w5qang596.png "src = "Http://s2.51cto.com/wyfs02/M00/85/A7/wKioL1erMxySQxxmAABH-w5qAng596.png"/>
650) this.width=650; "title=" Qq20160807122954.png "style=" Float:none "alt=" Wkiom1ermxyrwmquaabs2lmlqrc707.png "src = "Http://s2.51cto.com/wyfs02/M00/85/A8/wKiom1erMxyRWMQUAABs2LMLQrc707.png"/>
11) Publish the topology after completion
650) this.width=650; "title=" Qq20160807123028.png "alt=" wkiom1erm07qmzl7aacasszal00357.png "src="/HTTP/ S4.51cto.com/wyfs02/m01/85/a8/wkiom1erm07qmzl7aacasszal00357.png "/>
= = add lyncedge to DNS suffix
650) this.width=650; "title=" Qq20160807122154.png "style=" Float:none "alt=" Wkiom1erm-ng3jb6aacuawfwixu146.png "src = "Http://s1.51cto.com/wyfs02/M01/85/A8/wKiom1erM-ng3jb6AACUaWFwiXU146.png"/>
650) this.width=650; "title=" Qq20160807122311.png "style=" Float:none "alt=" Wkiol1erm-rtoqalaackj747pom710.png "src = "Http://s5.51cto.com/wyfs02/M01/85/A7/wKioL1erM-rTOqalAACKj747PoM710.png"/>
= = DNS record Additions
1) Lyncedge is the name of the pool, where you need to point the hold record to both edge servers, and specify that the IP address must be the internal network card address of the Edge server
2) Add the FQDN of the two edge server
650) this.width=650; "title=" Qq20160807122103.png "alt=" wkiom1ernaathjyaaaaf5brezly109.png "src="/HTTP/ S1.51cto.com/wyfs02/m02/85/a8/wkiom1ernaathjyaaaaf5brezly109.png "/>
= = Install First Lyncedge
1) need to export the front-end defined topology, the file suffix must be a zip
650) this.width=650; "title=" Qq20160807123433.png "alt=" wkiol1ernmhhyaynaaah9bn58ce336.png "src="/HTTP/ S1.51cto.com/wyfs02/m02/85/a7/wkiol1ernmhhyaynaaah9bn58ce336.png "/>
2) First complete some prerequisites and need to install Windows Identity Foundation and Message Queuing
650) this.width=650; "title=" Qq20160807125121.png "alt=" wkiom1ernt6jao1eaad0-tw1nna290.png "src="/HTTP/ S4.51cto.com/wyfs02/m00/85/a8/wkiom1ernt6jao1eaad0-tw1nna290.png "/>
3) Install the local configuration store, open the previously exported zip file 650) this.width=650; "title=" Qq20160807124746.png "alt=" Wkiom1ernrna16qxaacdume2mli334.png "src=" Http://s1.51cto.com/wyfs02/M00/85/A8/wKiom1erNRnA16QXAACdUmE2mlI334.png "/>
650) this.width=650; "title=" Qq20160807133431.png "style=" Float:none "alt=" Wkiol1ernmuyq6apaaddy8in4p4721.png "src = "Http://s1.51cto.com/wyfs02/M01/85/A8/wKioL1erNmuyq6ApAADDY8In4P4721.png"/>
650) this.width=650; "title=" Qq20160807134034.png "style=" Float:none "alt=" Wkiom1ernmzw1fzgaadfaqxhitc780.png "src = "Http://s1.51cto.com/wyfs02/M02/85/A8/wKiom1erNmzw1FZGAADfaQXhiTc780.png"/>
= = First Lyncedge configuration certificate
1) Request Edge Internal certificate
650) this.width=650; "title=" Qq20160807134348.png "style=" Float:none "alt=" Wkiol1eroels32weaabrkcrbhr8654.png "src = "Http://s5.51cto.com/wyfs02/M02/85/A8/wKioL1erOELS32WeAABrkCrBhR8654.png"/>
You can only request an offline certificate request because the Edge server is not joined to a domain
650) this.width=650; "title=" Qq20160807134918.png "style=" Float:none "alt=" Wkiom1eroepsuy8iaabdky4idxk696.png "src = "Http://s5.51cto.com/wyfs02/M00/85/A8/wKiom1erOEPSuy8IAABdky4IDXk696.png"/>
Friendly name fill in the FQDN of the Edge server internal edge pool and mark the private key to export (the certificate will be imported to LYNCEDGE02 later)
650) this.width=650; "title=" Qq20160807135007.png "style=" Float:none "alt=" Wkiom1eroeojqrs0aabsqfdhuqy758.png "src = "Http://s5.51cto.com/wyfs02/M00/85/A8/wKiom1erOEOjqRs0AABsQFDHUqY758.png"/>
650) this.width=650; "title=" Qq20160807135033.png "style=" Float:none "alt=" Wkiol1eroesckbvuaabnizusnrq239.png "src = "Http://s2.51cto.com/wyfs02/M00/85/A8/wKioL1erOESCKbvuAABNizUsnrQ239.png"/>
650) this.width=650; "title=" Qq20160807135041.png "style=" Float:none "alt=" Wkiol1eroeswrxaaaabmowkfhzq312.png "src = "Http://s2.51cto.com/wyfs02/M00/85/A8/wKioL1erOESwRXAaAABMoWkFhZQ312.png"/>
User name add two Lyncedge server
650) this.width=650; "title=" Qq20160807135101.png "style=" Float:none "alt=" Wkiom1eroetibt1waabbgoknkuc277.png "src = "Http://s2.51cto.com/wyfs02/M01/85/A8/wKiom1erOETibt1wAABbgOKnKuc277.png"/>
650) this.width=650; "title=" Qq20160807135114.png "style=" Float:none "alt=" Wkiom1eroewqriz4aad1jpn2ud4624.png "src = "Http://s3.51cto.com/wyfs02/M01/85/A8/wKiom1erOEWQRiz4AAD1jPn2uD4624.png"/>
Fill in a req suffix file name
650) this.width=650; "title=" Qq20160807134942.png "style=" Float:none "alt=" Wkiol1eroepqnmsbaabtsjvxaeo741.png "src = "Http://s5.51cto.com/wyfs02/M02/85/A8/wKioL1erOEPQnMSBAABTsjVXAeo741.png"/>
650) this.width=650; "title=" Qq20160807135125.png "alt=" wkiol1erphqdtlhcaabn07iuwju963.png "src="/HTTP/ S1.51cto.com/wyfs02/m01/85/a8/wkiol1erphqdtlhcaabn07iuwju963.png "/>
2) Apply for external edge certificate
650) this.width=650; "title=" Qq20160807142942.png "style=" Float:none "alt=" Wkiom1eroujcdlx8aab7suhyh9a347.png-wh_ "Src=" Http://s2.51cto.com/wyfs02/M02/85/A8/wKiom1erOujCdlx8AAB7suhYH9A347.png-wh_500x0-wm_3-wmp_4-s_ 1616795561.png "/>650" this.width=650; "title=" Qq20160807143815.png "style=" Float:none; "alt=" Wkiom1eroumy3z6maaciwlfol7w659.png-wh_50 "src=" http://s2.51cto.com/wyfs02/M00/85/A9/ Wkiom1eroumy3z6maaciwlfol7w659.png-wh_500x0-wm_3-wmp_4-s_1223553749.png "/>
650) this.width=650; "title=" Qq20160807143826.png "style=" Float:none "alt=" Wkiol1eroumsbe1iaacetckdai4965.png-wh_ "Src=" Http://s2.51cto.com/wyfs02/M00/85/A8/wKioL1erOumSbe1iAACetcKDaI4965.png-wh_500x0-wm_3-wmp_4-s_ 3261988794.png "/>
650) this.width=650; "title=" Qq20160807143846.png "style=" Float:none "alt=" Wkiom1erouny3tacaabroz4lhra977.png-wh_ "Src=" Http://s2.51cto.com/wyfs02/M01/85/A9/wKiom1erOuny3TaCAABROZ4lHrA977.png-wh_500x0-wm_3-wmp_4-s_ 2037085758.png "/>
650) this.width=650; "title=" Qq20160807143857.png "style=" Float:none "alt=" Wkiol1erourygx0zaabnqgakqpi035.png-wh_ "Src=" Http://s1.51cto.com/wyfs02/M01/85/A8/wKioL1erOurygx0ZAABNQGAkqPI035.png-wh_500x0-wm_3-wmp_4-s_ 2936335531.png "/>
3) Web page completion certificate request
Using a text document to open the previous two suffix req file, copy the contents of the file to the box, and the certificate template uses the Web server
650) this.width=650; "title=" Qq20160807142317.png "alt=" wkiol1erpl7gpk88aacq7yaqzyy327.png "src="/HTTP/ S4.51cto.com/wyfs02/m02/85/a8/wkiol1erpl7gpk88aacq7yaqzyy327.png "/>
4) After the certificate request is complete, import the certificate using MMC, or use the import in the Installation wizard to import two certificates in the same operation.
650) this.width=650; "title=" Qq20160807142814.png "style=" Float:none "alt=" Wkiol1erpxahnvnraadq0o0srqm592.png "src = "Http://s5.51cto.com/wyfs02/M01/85/A8/wKioL1erPXahNvnrAADQ0O0SrqM592.png"/>
Certificate stored in a personal
650) this.width=650; "title=" Qq20160807142835.png "style=" Float:none "alt=" Wkiom1erpxfqrttmaabfb9rajbs687.png "src = "Http://s5.51cto.com/wyfs02/M02/85/A9/wKiom1erPXfQRtTMAABFb9rajBs687.png"/>
assigning Lyncedge Internal certificates
650) this.width=650; "title=" Qq20160807142904.png "style=" Float:none "alt=" Wkiol1erpxeso28jaabttvgrnhs849.png "src = "Http://s4.51cto.com/wyfs02/M00/85/A8/wKioL1erPXeSo28jAABTTVgRnhs849.png"/>
650) this.width=650; "title=" Qq20160807142930.png "style=" Float:none "alt=" Wkiom1erpxfz7icwaact0ine0nc516.png "src = "Http://s4.51cto.com/wyfs02/M01/85/A9/wKiom1erPXfz7icwAACT0iNE0nc516.png"/>
5) Assigning Edge external certificates
650) this.width=650; "title=" Qq20160807144038.png "style=" Float:none "alt=" Wkiol1erplpzo98faab1sa56umw324.png "src = "Http://s4.51cto.com/wyfs02/M00/85/A8/wKioL1erPlPzo98fAAB1sA56UMw324.png"/>
650) this.width=650; "title=" Qq20160807144053.png "style=" Float:none "alt=" Wkiom1erplpztbrgaabhuhpjqg0058.png "src = "Http://s4.51cto.com/wyfs02/M01/85/A9/wKiom1erPlPzTBRgAABhuHPjQg0058.png"/>
650) this.width=650; "title=" Qq20160807144154.png "style=" Float:none "alt=" Wkiom1erpltzedshaab7lev52qk568.png "src = "Http://s4.51cto.com/wyfs02/M00/85/A9/wKiom1erPlTzedsHAAB7leV52Qk568.png"/>
6) Start Lync Service
650) this.width=650; "title=" Qq20160807144228.png "style=" Float:none "alt=" Wkiol1erpltx39xfaadydjuhlqi994.png "src = "Http://s3.51cto.com/wyfs02/M00/85/A8/wKioL1erPlTx39XFAADydJuhLqI994.png"/>
7) Lync Service startup situation
650) this.width=650; "title=" Qq20160810005500.png "alt=" wkiom1erp3gayyjdaafnt2q8jsk674.png "src="/HTTP/ S1.51cto.com/wyfs02/m02/85/a9/wkiom1erp3gayyjdaafnt2q8jsk674.png "/>
= = Second Lyncedge installation
1) do not do here, the only difference in the installation procedure is the certificate processing method
2) first install two prerequisites
3) Add Lync.zip file when installing local storage
4) No re-application is required to process the certificate, export the LYNCEDGE01 Lync Certificate and import the LYNCEDGE02
5) Start the Lync Service and complete the installation
The next chapter on the external network publishing and external network function test
This article from "Sameold" blog, declined reprint!
Lync Server 2013 Deployment _ Lync Server Edge High Availability (DNS polling)