Skype for Business Server 2015 full deployment (EDGE/reverse proxy/Mobile side)

Skype for Business Server 2015 full deployment for intranet/Mobile client logons.

This deployment does not deploy Office Web Apps Server and persistent chat.

First, resources

1, internal and external domain name: yangqs.com

2, a total of 4 servers, using Hyper-V virtualization Server

(1) Domain/certificate/dns-in-one server S4BDC01.yangqs.com, 1 Internal network card (intranet IP)

(2) Standard Edition front end server S4BFE01.yangqs.com, 1 Internal network card (intranet IP), add domain

(3) Edge Server S4BAE01.yangqs.com, 1 Internal network card (this time not using the DMZ LAN network card, less open internal port steps), 1 external network card, no domain (add domain suffix)

(4) IIS arr Reverse proxy Server arr.yangqs.com,1 block Internal network card (this time not using the DMZ zone NIC, less open internal port steps), 1 external NIC, no domain (add domain suffix)

3, the public network of ip,2

4, Edge external firewall open port

Open Internet access ports: 442, 443 (TCP), 444, 3478 (UDP), 5061 (TCP), 5269 (TCP), 50000-59999 (tcp| UDP)

Open Access Internet port: (tcp| UDP), (TCP), 443 (TCP), 3478 (UDP), 5061 (TCP), 5269 (TCP), 50000-59999 (tcp| UDP)

5. Operating system using Windows Server R2

6. Standard Edition front-end server Installation Prerequisites

Standard Edition front End server

add-windowsfeature Net-framework-core, Rsat-adds, Windows-identity-foundation, Web-server, Web-Static-Content, Web-default-doc, Web-http-errors, web-dir-browsing, Web-asp-net, Web-net-ext, Web-isapi-ext, Web-ISAPI-Filter, Web-http-logging, Web-log-libraries, Web-request-monitor, web-http-tracing, Web-basic-auth, Web-Windows-Auth, Web-client-auth, Web-filtering, Web-stat-compression, Web-dyn-compression, Net-wcf-http-activation45, Web-Asp-Net45 , Web-mgmt-tools, Web-scripting-tools, Web-mgmt-compat, server-media-foundation, BITS -source D:\sources\sxs

7. Edge Server Installation Prerequisites

add-windowsfeature Net-framework-core, Rsat-adds, windows-identity-foundation, BITS -source D:\sources\sxs

8. IIS ARR Reverse proxy Server installation ARR3.0

Https://www.microsoft.com/web/gallery/install.aspx?appid=ARRv3_0

9, public network free certificate application

Http://www.wosign.com/DVSSL/DV_KuaiSSL_Free.htm

Wosign free SSL certificate, can apply for 5 domain name of the free SSL certificate, basic to meet the requirements of LYNC/S4B external network deployment

Import the Edge server/iis arr reverse proxy server after applying as required

10. Edge Server/iis arr reverse proxy server, import the root certificate issued by the internal CA to the trusted Root certification authorities

Second, the standard version of the front-end server/Edge server installation, the topology planning process skipped

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/7C/AE/wKioL1bWRjqSTiFdAACN9aDq4lw588.png "style=" float: none; "title=" 1.png "alt=" Wkiol1bwrjqstifdaacn9adq4lw588.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7C/AF/wKiom1bWRcLB9-WMAACrRJ4HjN4959.png "style=" float: none; "title=" 2.png "alt=" Wkiom1bwrclb9-wmaacrrj4hjn4959.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7C/AE/wKioL1bWRjqQstGhAADE8XUZnWQ525.png "style=" float: none; "title=" 3.png "alt=" Wkiol1bwrjqqstghaade8xuznwq525.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7C/AE/wKioL1bWRjuAL-SHAAA8lIuEEF8572.png "style=" float: none; "title=" 4.png "alt=" Wkiol1bwrjual-shaaa8liueef8572.png "/>

Third, the external network domain name configuration, yangqs.com million domain name (Ali domain name), add analytic record

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/AE/wKioL1bWR37g1IZBAAD2rDKy8xk652.png "title=" 5.png " alt= "Wkiol1bwr37g1izbaad2rdky8xk652.png"/>

Iv. IIS ARR Reverse proxy server configuration

(1) External DNS, completed

(2) Internal DNS

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7C/AE/wKioL1bWSUCCrc4mAAAQLxk2VZI933.png "style=" float: none; "title=" 6.png "alt=" Wkiol1bwsuccrc4maaaqlxk2vzi933.png "/>

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7C/AF/wKiom1bWSMixIVQSAAAQ9GJyCl8521.png "style=" float: none; "title=" 7.png "alt=" Wkiom1bwsmixivqsaaaq9gjycl8521.png "/>

(3) IIS arr Reverse proxy Server local Hosts file add static parse record

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/7C/AF/wKiom1bWSX6DywV4AABSFNeOSkw650.png "title=" 8.png " alt= "Wkiom1bwsx6dywv4aabsfneoskw650.png"/>

(4) SSL public certificate binding after ARR3.0 installation

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/7C/B0/wKiom1bWSybSmKYcAAEHGnXgDVI906.png "title=" 9.png " alt= "Wkiom1bwsybsmkycaaehgnxgdvi906.png"/>

(5) Add Dialin, meet, Lyncweb, Lyncdiscover Farm, server farms-create server Farms

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7C/B0/wKiom1bWTSnymyqVAAA4VnPI6Jg512.png "style=" float: none; "title=" 10.png "alt=" Wkiom1bwtsnymyqvaaa4vnpi6jg512.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7C/AE/wKioL1bWTaGCtyt-AABOLBvo3bM685.png "style=" float: none; "title=" 11.png "alt=" Wkiol1bwtagctyt-aabolbvo3bm685.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7C/B0/wKiom1bWTSqxtzRYAAAYKp3ZJLk468.png "style=" float: none; "title=" 12.png "alt=" Wkiom1bwtsqxtzryaaaykp3zjlk468.png "/>

Same operation, add the remaining meet, Lyncweb, Lyncdiscover

(6) After adding the server Farms, all the following items will be configured and "Apply"

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7C/AF/wKioL1bWTfzgNGm1AABB3Wu96Qs775.png "style=" float: none; "title=" 13.png "alt=" Wkiol1bwtfzgngm1aabb3wu96qs775.png "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7C/AF/wKioL1bWTfzz7P9WAAAg2oejNfg282.png "style=" float: none; "title=" 14.png "alt=" Wkiol1bwtfzz7p9waaag2oejnfg282.png "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/B0/wKiom1bWTYSjhszIAAA42yP_dZs814.png "style=" float: none; "title=" 15.png "alt=" Wkiom1bwtysjhsziaaa42yp_dzs814.png "/>

(7) URL rewrite, delete/HTTP entry

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7C/B0/wKiom1bWTl2QQzdyAAEcFC0s4sU793.png "title=" 16.png "alt=" Wkiom1bwtl2qqzdyaaecfc0s4su793.png "/>

(8) Edit the inbound rule, add {http_host} record, meet.*,dialin.*,lyncweb.*,lyncdiscover.*

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7C/AF/wKioL1bWUCmxDuYWAAB6l9YSObM896.png "title=" 17.png "alt=" Wkiol1bwucmxduywaab6l9ysobm896.png "/>

V. Open the network user login, verify the mobile policy enable mobility, enable mobile mobile phone information push

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7C/B0/wKiom1bWUvWRWRaKAABhaYgZjcw010.png "style=" float: none; "title=" 18.png "alt=" Wkiom1bwuvwrwrakaabhaygzjcw010.png "/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/7C/AF/wKioL1bWU26xKm_EAABngH6mmIg095.png "style=" float: none; "title=" 19.png "alt=" Wkiol1bwu26xkm_eaabngh6mmig095.png "/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7C/B0/wKiom1bWUvbST3OqAABPQEJc-f0681.png "style=" float: none; "title=" 20.png "alt=" Wkiom1bwuvbst3oqaabpqejc-f0681.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7C/AF/wKioL1bWU27yizd4AABPUGmBWXw026.png "style=" float: none; "title=" 21.png "alt=" Wkiol1bwu27yizd4aabpugmbwxw026.png "/>

Summarize:

Edge servers, by opening external firewall ports and internal firewalls (if in the DMZ), IIS arr reverse proxies come in different domains to convert ports.

Specifically, Skype for business Server 2015 Mobile does not require special configuration and is turned on by default.

This article is from "Johnson's blog" blog, please be sure to keep this source http://yangqs.blog.51cto.com/127876/1746629

Skype for Business Server 2015 full deployment (EDGE/reverse proxy/Mobile side)