Specifications
Table Of Contents
- 1 Introduction
- 2 Microsoft Lync Server 2013
- 3 Dell Unified Communication Solution Reference Architecture
- 4 Technical Specifications
- 5 Verification
- 6 Conclusion
- A Additional Resources
23 Reference Architecture | Dell
TM
Unified Communication Solution with Microsoft® Lync® Server 2013 for Single Site
Implementation | Version 1.0
• Downloading files from the address book service
• Accessing the Lync Web App client
• Enabling the Lync 2013 client, Lync Windows Store app and Lync 2013 mobile client to locate the Lync
Discover (autodiscover) URLs and use Unified Communications Web API (UCWA), etc.
Per Microsoft recommendation, these web services are made available to external users by publishing
them through external simple URLs. HTTP and HTTPS requests from external users are handled by the
Reverse Proxy Server, which forwards them internally to the Lync Front End pool. If Reverse Proxy is not
present, these external users will not have access to the functionalities. Furthermore, the Lync mobile
client for phones and tablets will not be functional for external users as they are web-based and require
the Reverse Proxy to communicate with the Lync Front End pool’s IIS mobility website.
3.3.3 Best Practices for Edge and Reverse Proxy Host
In order to deploy the Edge and Reverse Proxy Servers, the following best practices should be considered:
• Two separate network interfaces should be used for internal and external networks at minimum. These
should use separate subnets that are not routable across each other. Only the external interface should
include the default gateway and not the internal interface.
• Static routes must be defined on the Edge Server for connectivity to internal subnets.
• A standard SSL certificate, with common name field set to the Edge Server’s FQDN, should be used for
the internal Edge certificate; this certificate cannot contain a subject alternative name (SAN) field.
• Whenever possible, internally facing certificates should be obtained from an internal Windows®
Enterprise CA.
• The external edge certificate should be a UCC or SAN certificate issued by public trusted certificate
authority. It should include a common name field set to the access edge FQDN and subject alternative
name field that contains both the access edge FQDN and the web conferencing FQDN.
• Additionally, externally facing certificates not include any of the internal hostnames. Broadcasting the
internal namespace on an external certificate is considered a poor practice.
• Although it is not recommended to use the same external certificate for both the external Edge Server
interface and the Reverse Proxy Server interface, should this be done for cost-saving purposes, the
access edge FQDN must be specified in the common name field and the Reverse Proxy FQDN in the
SAN (subject alternative name) field.
3.4 Enterprise Voice Connectivity
In Lync Server 2013, the functionality of the Mediation Server can be part of the Front End Server by
default and thus a separate Mediation Server is no longer required. This means that the Front End pool can
now directly connect to a PSTN gateway, an IP-PBX or to a SIP trunk via a session border controller (SBC).
This reference architecture assumes connectivity to an ITSP via an intermediary on-premise SBC or to a
PSTN via a media gateway, as shown in Figure 6.
While the reference architecture collocates the mediation server with the frontend server, it is
recommended that you contact Dell services to scope out the optimal solution to fit your needs.