Topic Last Modified: 2011-04-12
For Microsoft Lync Server 2010 Edge Server deployments, an HTTPS reverse proxy in the perimeter network is required for external clients to access the Lync Server 2010 Web Services (called Web Components in Office Communications Server) on the Director and the user’s home pool. Some of the features that require external access through a reverse proxy include the following:
- Enabling external users to download meeting content for your
meetings.
- Enabling external users to expand distribution groups.
- Enabling remote users to download files from the Address Book
service.
- Accessing the Microsoft Lync Web App client.
- Accessing the Dial-in Conferencing Settings webpage.
- Accessing the Location Information service.
- Enabling external devices to connect to Device Update web
service and obtain updates.
We recommend that you configure your HTTP reverse proxy to publish all Web Services in all pools. Publishing https:// ExternalFQDN/* publishes all IIS virtual directories for a pool. You need one publishing rule for each Standard Edition server, Front End pool, or Director or Director pool in your organization.
In addition, you need to publish the simple URLs. If the organization has a Director or Director pool, the HTTP reverse proxy listens for HTTP/HTTPS requests to the simple URLs and proxies them to the external Web Services virtual directory on the Director or Director pool. If you have not deployed a Director, you need to designate one pool to handle requests to the simple URLs. (If this is not the user’s home pool, it will redirect them onward to the Web Services on the user’s home pool). The simple URLs can be handled by a dedicated web publishing rule, or you can add it to the public names of the web publishing rule for the Director.
You can use Microsoft Forefront Threat Management Gateway 2010 or Microsoft Internet Security and Acceleration (ISA) Server 2006 SP1 as a reverse proxy. The detailed steps in this section describe how to configure Forefront Threat Management Gateway (TMG) 2010, and the steps for configuring ISA Server 2006 are almost identical. If you are using a different reverse proxy, consult the documentation for that product.
You can use the information in this section to set up a TMG 2010 reverse proxy, which requires completing the procedures in this section.
- Configure
Web Farm FQDNs
- Configure
Network Adapters
- Request and
Configure a Certificate for Your Reverse HTTP Proxy
- Configure
Web Publishing Rules for a Single Internal Pool
- Verify or
Configure Authentication and Certification on IIS Virtual
Directories
- Create DNS
Records for Reverse Proxy Servers
- Verify
Access through Your Reverse Proxy
Before You Begin
Set up the system you use for your reverse proxy before continuing with the configuration for reverse proxy.