Topic Last Modified: 2010-12-14

Effective planning for external user access requires that you take into account the following:

Deployment Prerequisites for External User Access

Before you deploy your perimeter network and implement support for external users, you must already have deployed your Microsoft Lync Server 2010 internal servers, including a Front End pool or a Standard Edition server. If you plan to deploy Directors in your internal network, you should also deploy them prior to deploying Edge Servers. For details about the Director deployment process, see Director in the Planning documentation.

Deployment Process for Edge Servers

The following table provides an overview of the Edge Server deployment process. For details about deployment steps, see Deploying Edge Servers.

Note:
The information in the following table focuses on a new deployment. If you have deployed Edge Servers in an Office Communications Server 2007 R2 or Office Communications Server 2007 environment, see the Migration for details about migrating to Lync Server 2010. Migration is not supported from any version prior to Office Communications Server 2007, including Live Communications Server 2005, and Live Communications Server 2003.

Edge Server Deployment Process

Phase Steps Permissions Documentation

Create the appropriate edge topology and determine the appropriate components.

  • Run Topology Builder to configure Edge Server settings and create and publish the topology, and then use Lync Server Management Shell to export the topology configuration file.

Domain Admins group and RTCUniversalServerAdmins group

Note:
You can define a topology using an account that is a member of the local users group, but publishing a topology requires an account that is a member of the Domain Admins group and the RTCUniversalServerAdmins group.

Defining Your Edge Topology

Prepare for setup.

  1. Ensure that system prerequisites are met.

  2. Configure IP addresses for both internal and public facing network interfaces on each Edge Server.

  3. Configure internal and external DNS records, including configuring the DNS suffix on the computer to be deployed as an Edge Server.

  4. Configure firewalls.

  5. (Optional) Create and install public certificates. The time required to obtain certificates depends on which certification authority (CA) issues the certificate. If you do not perform this step at this point, you must do it during Edge Server installation. The Edge Server service cannot be started until certificates are obtained.

  6. Provision support for public IM connectivity, if your deployment is to support communications with Windows Live, AOL, or Yahoo! users.

As appropriate to your organization

Preparing for Installation of Servers in the Perimeter Network

Set up reverse proxy.

  • Set up the reverse proxy (for example, for Microsoft Forefront Threat Management Gateway 2010 or Microsoft Internet Security and Acceleration (ISA) Server with Service Pack 1) in the perimeter network, obtain the necessary public certificates, and configure the web publishing rules on the reverse proxy server.

Administrators group

Set Up Reverse Proxy Servers

Setup a Director (recommended).

  • (Optional) Install and configure one or more Directors in the internal network.

Administrators group

Setting Up the Director

Set up Edge Servers.

  1. Install prerequisite software.

  2. Transport the exported topology configuration file to each Edge Server.

  3. Install the Lync Server 2010 software on each Edge Server.

  4. Configure the Edge Servers.

  5. Request and install certificates for each Edge Server.

  6. Start the Edge Server services.

Administrators group

Setting Up Edge Servers

Configure support for external user access.

  1. Use the Lync Server 2010 Control Panel to configure support for each of the following (as applicable):

    • Remote user access

    • Federation

    • Public IM connectivity

    • Anonymous users

  2. Configure user accounts for remote user access, federation, public IM connectivity, and anonymous user support (as applicable)

RTCUniversalServerAdmins group or user account that is assigned to the CSAdministrator role

Configuring Support for External User Access

Verify your Edge Server configuration.

  1. Verify server connectivity and replication of configuration data from internal servers.

  2. Verify that external users can connect, including remote users, users in federated domains, public IM users, and anonymous users, as appropriate to your deployment.

For verification of replication, RTCUniversalServerAdmins group or user account that is assigned to the CSAdministrator role

For verification of user connectivity, a user for each type of external user access that you support

Remote users

Verifying Your Edge Deployment