Skype for Business Server 2015 full deployment (EDGE/reverse proxy/Mobile side)

Source: Internet
Author: User
Tags free ssl free ssl certificate ssl certificate rsat

Skype for Business Server 2015 full deployment for intranet/Mobile client logons.


This deployment does not deploy Office Web Apps Server and persistent chat.

First, resources

1, internal and external domain name: yangqs.com

2, a total of 4 servers, using Hyper-V virtualization Server

(1) Domain/certificate/dns-in-one server S4BDC01.yangqs.com, 1 Internal network card (intranet IP)

(2) Standard Edition front end server S4BFE01.yangqs.com, 1 Internal network card (intranet IP), add domain

(3) Edge Server S4BAE01.yangqs.com, 1 Internal network card (this time not using the DMZ LAN network card, less open internal port steps), 1 external network card, no domain (add domain suffix)

(4) IIS arr Reverse proxy Server arr.yangqs.com,1 block Internal network card (this time not using the DMZ zone NIC, less open internal port steps), 1 external NIC, no domain (add domain suffix)


3, the public network of ip,2

4, Edge external firewall open port

Open Internet access ports: 442, 443 (TCP), 444, 3478 (UDP), 5061 (TCP), 5269 (TCP), 50000-59999 (tcp| UDP)

Open Access Internet port: (tcp| UDP), (TCP), 443 (TCP), 3478 (UDP), 5061 (TCP), 5269 (TCP), 50000-59999 (tcp| UDP)

5. Operating system using Windows Server R2

6. Standard Edition front-end server Installation Prerequisites

Standard Edition front End server

add-windowsfeature Net-framework-core, Rsat-adds, Windows-identity-foundation, Web-server, Web-Static-Content, Web-default-doc, Web-http-errors, web-dir-browsing, Web-asp-net, Web-net-ext, Web-isapi-ext, Web-ISAPI-Filter, Web-http-logging, Web-log-libraries, Web-request-monitor, web-http-tracing, Web-basic-auth, Web-Windows-Auth, Web-client-auth, Web-filtering, Web-stat-compression, Web-dyn-compression, Net-wcf-http-activation45, Web-Asp-Net45 , Web-mgmt-tools, Web-scripting-tools, Web-mgmt-compat, server-media-foundation, BITS -source D:\sources\sxs

7. Edge Server Installation Prerequisites

add-windowsfeature Net-framework-core, Rsat-adds, windows-identity-foundation, BITS -source D:\sources\sxs

8. IIS ARR Reverse proxy Server installation ARR3.0

Https://www.microsoft.com/web/gallery/install.aspx?appid=ARRv3_0

9, public network free certificate application

Http://www.wosign.com/DVSSL/DV_KuaiSSL_Free.htm

Wosign free SSL certificate, can apply for 5 domain name of the free SSL certificate, basic to meet the requirements of LYNC/S4B external network deployment

Import the Edge server/iis arr reverse proxy server after applying as required

10. Edge Server/iis arr reverse proxy server, import the root certificate issued by the internal CA to the trusted Root certification authorities


Second, the standard version of the front-end server/Edge server installation, the topology planning process skipped

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/7C/AE/wKioL1bWRjqSTiFdAACN9aDq4lw588.png "style=" float: none; "title=" 1.png "alt=" Wkiol1bwrjqstifdaacn9adq4lw588.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7C/AF/wKiom1bWRcLB9-WMAACrRJ4HjN4959.png "style=" float: none; "title=" 2.png "alt=" Wkiom1bwrclb9-wmaacrrj4hjn4959.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7C/AE/wKioL1bWRjqQstGhAADE8XUZnWQ525.png "style=" float: none; "title=" 3.png "alt=" Wkiol1bwrjqqstghaade8xuznwq525.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7C/AE/wKioL1bWRjuAL-SHAAA8lIuEEF8572.png "style=" float: none; "title=" 4.png "alt=" Wkiol1bwrjual-shaaa8liueef8572.png "/>


Third, the external network domain name configuration, yangqs.com million domain name (Ali domain name), add analytic record

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/AE/wKioL1bWR37g1IZBAAD2rDKy8xk652.png "title=" 5.png " alt= "Wkiol1bwr37g1izbaad2rdky8xk652.png"/>

Iv. IIS ARR Reverse proxy server configuration


(1) External DNS, completed

(2) Internal DNS

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7C/AE/wKioL1bWSUCCrc4mAAAQLxk2VZI933.png "style=" float: none; "title=" 6.png "alt=" Wkiol1bwsuccrc4maaaqlxk2vzi933.png "/>

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7C/AF/wKiom1bWSMixIVQSAAAQ9GJyCl8521.png "style=" float: none; "title=" 7.png "alt=" Wkiom1bwsmixivqsaaaq9gjycl8521.png "/>

(3) IIS arr Reverse proxy Server local Hosts file add static parse record

650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/7C/AF/wKiom1bWSX6DywV4AABSFNeOSkw650.png "title=" 8.png " alt= "Wkiom1bwsx6dywv4aabsfneoskw650.png"/>

(4) SSL public certificate binding after ARR3.0 installation

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/7C/B0/wKiom1bWSybSmKYcAAEHGnXgDVI906.png "title=" 9.png " alt= "Wkiom1bwsybsmkycaaehgnxgdvi906.png"/>

(5) Add Dialin, meet, Lyncweb, Lyncdiscover Farm, server farms-create server Farms

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7C/B0/wKiom1bWTSnymyqVAAA4VnPI6Jg512.png "style=" float: none; "title=" 10.png "alt=" Wkiom1bwtsnymyqvaaa4vnpi6jg512.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7C/AE/wKioL1bWTaGCtyt-AABOLBvo3bM685.png "style=" float: none; "title=" 11.png "alt=" Wkiol1bwtagctyt-aabolbvo3bm685.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7C/B0/wKiom1bWTSqxtzRYAAAYKp3ZJLk468.png "style=" float: none; "title=" 12.png "alt=" Wkiom1bwtsqxtzryaaaykp3zjlk468.png "/>


Same operation, add the remaining meet, Lyncweb, Lyncdiscover


(6) After adding the server Farms, all the following items will be configured and "Apply"

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7C/AF/wKioL1bWTfzgNGm1AABB3Wu96Qs775.png "style=" float: none; "title=" 13.png "alt=" Wkiol1bwtfzgngm1aabb3wu96qs775.png "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7C/AF/wKioL1bWTfzz7P9WAAAg2oejNfg282.png "style=" float: none; "title=" 14.png "alt=" Wkiol1bwtfzz7p9waaag2oejnfg282.png "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/B0/wKiom1bWTYSjhszIAAA42yP_dZs814.png "style=" float: none; "title=" 15.png "alt=" Wkiom1bwtysjhsziaaa42yp_dzs814.png "/>

(7) URL rewrite, delete/HTTP entry

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7C/B0/wKiom1bWTl2QQzdyAAEcFC0s4sU793.png "title=" 16.png "alt=" Wkiom1bwtl2qqzdyaaecfc0s4su793.png "/>

(8) Edit the inbound rule, add {http_host} record, meet.*,dialin.*,lyncweb.*,lyncdiscover.*

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7C/AF/wKioL1bWUCmxDuYWAAB6l9YSObM896.png "title=" 17.png "alt=" Wkiol1bwucmxduywaab6l9ysobm896.png "/>


V. Open the network user login, verify the mobile policy enable mobility, enable mobile mobile phone information push

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7C/B0/wKiom1bWUvWRWRaKAABhaYgZjcw010.png "style=" float: none; "title=" 18.png "alt=" Wkiom1bwuvwrwrakaabhaygzjcw010.png "/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/7C/AF/wKioL1bWU26xKm_EAABngH6mmIg095.png "style=" float: none; "title=" 19.png "alt=" Wkiol1bwu26xkm_eaabngh6mmig095.png "/>

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7C/B0/wKiom1bWUvbST3OqAABPQEJc-f0681.png "style=" float: none; "title=" 20.png "alt=" Wkiom1bwuvbst3oqaabpqejc-f0681.png "/>

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7C/AF/wKioL1bWU27yizd4AABPUGmBWXw026.png "style=" float: none; "title=" 21.png "alt=" Wkiol1bwu27yizd4aabpugmbwxw026.png "/>



Summarize:


Edge servers, by opening external firewall ports and internal firewalls (if in the DMZ), IIS arr reverse proxies come in different domains to convert ports.


Specifically, Skype for business Server 2015 Mobile does not require special configuration and is turned on by default.

This article is from "Johnson's blog" blog, please be sure to keep this source http://yangqs.blog.51cto.com/127876/1746629

Skype for Business Server 2015 full deployment (EDGE/reverse proxy/Mobile side)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.