Skype for Business Server 2015 full deployment for intranet/Mobile client logons.
This deployment does not deploy Office Web Apps Server and persistent chat.
First, resources
1, internal and external domain name: yangqs.com
2, a total of 4 servers, using Hyper-V virtualization Server
(1) Domain/certificate/dns-in-one server S4BDC01.yangqs.com, 1 Internal network card (intranet IP)
(2) Standard Edition front end server S4BFE01.yangqs.com, 1 Internal network card (intranet IP), add domain
(3) Edge Server S4BAE01.yangqs.com, 1 Internal network card (this time not using the DMZ LAN network card, less open internal port steps), 1 external network card, no domain (add domain suffix)
(4) IIS arr Reverse proxy Server arr.yangqs.com,1 block Internal network card (this time not using the DMZ zone NIC, less open internal port steps), 1 external NIC, no domain (add domain suffix)
3, the public network of ip,2
4, Edge external firewall open port
Open Internet access ports: 442, 443 (TCP), 444, 3478 (UDP), 5061 (TCP), 5269 (TCP), 50000-59999 (tcp| UDP)
Open Access Internet port: (tcp| UDP), (TCP), 443 (TCP), 3478 (UDP), 5061 (TCP), 5269 (TCP), 50000-59999 (tcp| UDP)
5. Operating system using Windows Server R2
6. Standard Edition front-end server Installation Prerequisites
Standard Edition front End server
add-windowsfeature Net-framework-core, Rsat-adds, Windows-identity-foundation, Web-server, Web-Static-Content, Web-default-doc, Web-http-errors, web-dir-browsing, Web-asp-net, Web-net-ext, Web-isapi-ext, Web-ISAPI-Filter, Web-http-logging, Web-log-libraries, Web-request-monitor, web-http-tracing, Web-basic-auth, Web-Windows-Auth, Web-client-auth, Web-filtering, Web-stat-compression, Web-dyn-compression, Net-wcf-http-activation45, Web-Asp-Net45 , Web-mgmt-tools, Web-scripting-tools, Web-mgmt-compat, server-media-foundation, BITS -source D:\sources\sxs
7. Edge Server Installation Prerequisites
add-windowsfeature Net-framework-core, Rsat-adds, windows-identity-foundation, BITS -source D:\sources\sxs
8. IIS ARR Reverse proxy Server installation ARR3.0
Https://www.microsoft.com/web/gallery/install.aspx?appid=ARRv3_0
9, public network free certificate application
Http://www.wosign.com/DVSSL/DV_KuaiSSL_Free.htm
Wosign free SSL certificate, can apply for 5 domain name of the free SSL certificate, basic to meet the requirements of LYNC/S4B external network deployment
Import the Edge server/iis arr reverse proxy server after applying as required
10. Edge Server/iis arr reverse proxy server, import the root certificate issued by the internal CA to the trusted Root certification authorities
Second, the standard version of the front-end server/Edge server installation, the topology planning process skipped
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/7C/AE/wKioL1bWRjqSTiFdAACN9aDq4lw588.png "style=" float: none; "title=" 1.png "alt=" Wkiol1bwrjqstifdaacn9adq4lw588.png "/>
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7C/AF/wKiom1bWRcLB9-WMAACrRJ4HjN4959.png "style=" float: none; "title=" 2.png "alt=" Wkiom1bwrclb9-wmaacrrj4hjn4959.png "/>
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7C/AE/wKioL1bWRjqQstGhAADE8XUZnWQ525.png "style=" float: none; "title=" 3.png "alt=" Wkiol1bwrjqqstghaade8xuznwq525.png "/>
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7C/AE/wKioL1bWRjuAL-SHAAA8lIuEEF8572.png "style=" float: none; "title=" 4.png "alt=" Wkiol1bwrjual-shaaa8liueef8572.png "/>
Third, the external network domain name configuration, yangqs.com million domain name (Ali domain name), add analytic record
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/AE/wKioL1bWR37g1IZBAAD2rDKy8xk652.png "title=" 5.png " alt= "Wkiol1bwr37g1izbaad2rdky8xk652.png"/>
Iv. IIS ARR Reverse proxy server configuration
(1) External DNS, completed
(2) Internal DNS
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7C/AE/wKioL1bWSUCCrc4mAAAQLxk2VZI933.png "style=" float: none; "title=" 6.png "alt=" Wkiol1bwsuccrc4maaaqlxk2vzi933.png "/>
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/7C/AF/wKiom1bWSMixIVQSAAAQ9GJyCl8521.png "style=" float: none; "title=" 7.png "alt=" Wkiom1bwsmixivqsaaaq9gjycl8521.png "/>
(3) IIS arr Reverse proxy Server local Hosts file add static parse record
650) this.width=650; "src=" Http://s4.51cto.com/wyfs02/M01/7C/AF/wKiom1bWSX6DywV4AABSFNeOSkw650.png "title=" 8.png " alt= "Wkiom1bwsx6dywv4aabsfneoskw650.png"/>
(4) SSL public certificate binding after ARR3.0 installation
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M00/7C/B0/wKiom1bWSybSmKYcAAEHGnXgDVI906.png "title=" 9.png " alt= "Wkiom1bwsybsmkycaaehgnxgdvi906.png"/>
(5) Add Dialin, meet, Lyncweb, Lyncdiscover Farm, server farms-create server Farms
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7C/B0/wKiom1bWTSnymyqVAAA4VnPI6Jg512.png "style=" float: none; "title=" 10.png "alt=" Wkiom1bwtsnymyqvaaa4vnpi6jg512.png "/>
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7C/AE/wKioL1bWTaGCtyt-AABOLBvo3bM685.png "style=" float: none; "title=" 11.png "alt=" Wkiol1bwtagctyt-aabolbvo3bm685.png "/>
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/7C/B0/wKiom1bWTSqxtzRYAAAYKp3ZJLk468.png "style=" float: none; "title=" 12.png "alt=" Wkiom1bwtsqxtzryaaaykp3zjlk468.png "/>
Same operation, add the remaining meet, Lyncweb, Lyncdiscover
(6) After adding the server Farms, all the following items will be configured and "Apply"
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M01/7C/AF/wKioL1bWTfzgNGm1AABB3Wu96Qs775.png "style=" float: none; "title=" 13.png "alt=" Wkiol1bwtfzgngm1aabb3wu96qs775.png "/>
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/7C/AF/wKioL1bWTfzz7P9WAAAg2oejNfg282.png "style=" float: none; "title=" 14.png "alt=" Wkiol1bwtfzz7p9waaag2oejnfg282.png "/>
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/7C/B0/wKiom1bWTYSjhszIAAA42yP_dZs814.png "style=" float: none; "title=" 15.png "alt=" Wkiom1bwtysjhsziaaa42yp_dzs814.png "/>
(7) URL rewrite, delete/HTTP entry
650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7C/B0/wKiom1bWTl2QQzdyAAEcFC0s4sU793.png "title=" 16.png "alt=" Wkiom1bwtl2qqzdyaaecfc0s4su793.png "/>
(8) Edit the inbound rule, add {http_host} record, meet.*,dialin.*,lyncweb.*,lyncdiscover.*
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7C/AF/wKioL1bWUCmxDuYWAAB6l9YSObM896.png "title=" 17.png "alt=" Wkiol1bwucmxduywaab6l9ysobm896.png "/>
V. Open the network user login, verify the mobile policy enable mobility, enable mobile mobile phone information push
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/7C/B0/wKiom1bWUvWRWRaKAABhaYgZjcw010.png "style=" float: none; "title=" 18.png "alt=" Wkiom1bwuvwrwrakaabhaygzjcw010.png "/>
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M00/7C/AF/wKioL1bWU26xKm_EAABngH6mmIg095.png "style=" float: none; "title=" 19.png "alt=" Wkiol1bwu26xkm_eaabngh6mmig095.png "/>
650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M01/7C/B0/wKiom1bWUvbST3OqAABPQEJc-f0681.png "style=" float: none; "title=" 20.png "alt=" Wkiom1bwuvbst3oqaabpqejc-f0681.png "/>
650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7C/AF/wKioL1bWU27yizd4AABPUGmBWXw026.png "style=" float: none; "title=" 21.png "alt=" Wkiol1bwu27yizd4aabpugmbwxw026.png "/>
Summarize:
Edge servers, by opening external firewall ports and internal firewalls (if in the DMZ), IIS arr reverse proxies come in different domains to convert ports.
Specifically, Skype for business Server 2015 Mobile does not require special configuration and is turned on by default.
This article is from "Johnson's blog" blog, please be sure to keep this source http://yangqs.blog.51cto.com/127876/1746629
Skype for Business Server 2015 full deployment (EDGE/reverse proxy/Mobile side)