Deployment Guide Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9
Introducing the BIG-IP and Live Communications Server 2005 Enterprise Edition configuration Microsoft® and F5 have collaborated on a highly effective way to intelligently direct traffic for Microsoft Office Live Communications Server 2005 Enterprise Edition with the F5 BIG-IP® application traffic management device. Microsoft and F5 Networks have conducted interoperability testing between the BIG-IP LTM system and Microsoft Live Communications Server 2005.
Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9 Configuration example The Live Communications Server 2005 Enterprise Edition introduces the concept of a pool. Multiple Live Communications Servers communicate with a single back-end SQL Server (or cluster of servers). Pool is used to describe this collection of multiple Live Communications Servers tied to a single back-end. Users are now homed to a pool as opposed to individual Live Communications Servers.
Configuring the BIG-IP and Live Communications Server for deployment To configure the BIG-IP and Live Communications Server for integration, you need to complete the following procedures: • Connecting to the BIG-IP device • Creating a VLAN • Creating a self IP • Configuring a health monitor • Creating pools • Creating a profile • Creating virtual servers • Creating a SNAT • Synchronizing the BIG-IP configuration if using a redundant system Tip We recommend you save your existing BIG-IP configuration before
Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9 2. Type your user name and password, and click OK. The Welcome screen opens. Once you are logged onto the BIG-IP LTM system, the Welcome screen of the new Configuration utility opens. From the Configuration utility, you can configure and monitor the BIG-IP LTM system, as well as access online help, download SNMP MIBs and Plug-ins, and even search for specific objects.
Creating a self IP Self IP addresses are the IP addresses owned by the BIG-IP LTM system that you use to access the internal and external VLANs. The next step in this configuration is to create a self IP address for the VLAN we created in the preceding procedure. To create a self IP address using the Configuration utility 1. On the Main tab, expand Network, and then click Self IPs. The Self IP screen opens. 2. Click the Create button. The new Self IP screen opens. 3.
Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9 2. Click the Create button. The New Monitor screen opens. 3. In the Name box, type a name for the Monitor. In our example, we type lcs_monitor. 4. From the Type list, select TCP. The TCP Monitor configuration options appear. 5. From the Configuration list, select Advanced. The advanced configuration options appear. 6. In the Configuration section, in the Interval and Timeout boxes, type an Interval and Timeout.
on the BIG-IP device that contain the Live Communications Servers, one for TLS (Transport Layer Security) traffic and one for RPC (Remote Procedure Call) traffic. Creating the TLS pool The first pool we create is for TLS traffic. 1. On the Main tab, expand Local Traffic, and then click Pools. The Pool screen opens. 2. In the upper right portion of the screen, click the Create button. The New Pool screen opens. 3. From the Configuration list, select Advanced. The advanced configuration options appear. 4.
Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9 8. In the Resources section, from the Load Balancing Method list, choose your preferred load balancing method (different load balancing methods may yield optimal results for a particular network). For this configuration, we recommend selecting Least Connections. In Least Connections mode, the BIG-IP LTM system passes a new connection to the node that has the least number of current connections.
Creating the RPC pool The next pool is for RPC traffic. 1. On the Main tab, expand Local Traffic, and then click Pools. The Pool screen opens. 2. In the upper right portion of the screen, click the Create button. The New Pool screen opens. 3. From the Configuration list, select Advanced. The advanced configuration options appear. 4. In the Name box, enter a name for your pool. In our example, we use rpc_pool. 5.
Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9 Creating a profile BIG-IP version 9.0 and later uses profiles. A profile is an object that contains user-configurable settings, with default values, for controlling the behavior of a particular type of network traffic, such as HTTP connections. Using profiles enhances your control over managing network traffic, and makes traffic-management tasks easier and more efficient.
8. Click the Finished button. Figure 7 Creating the TCP profile For more information on creating or modifying profiles, or applying profiles in general, see the BIG-IP documentation. Creating virtual servers A virtual server with its virtual address is the visible, routable entity through which the Live Communications Servers in a load balancing pool are made available to the client (the IP address to give clients or add to DNS).
Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9 3. In the Name box, type a name for this virtual server. In our example, we type tls_virtual. 4. In the Destination section, select the Host option button. 5. In the Address box, type the IP address of this virtual server. In our example, we use 192.168.10.16. 6. In the Service Port box, type 5061. Figure 8 The General Properties of the TLS virtual server 7. From the Configuration list, select Advanced. 8.
10. Click the Finished button. For additional information about configuring a virtual server, click the Help button. Creating the RPC virtual server The next virtual server we create references the rpc_pool. To create the RPC virtual server 1. On the Main tab, expand Local Traffic, and then click Virtual Servers. The Virtual Servers screen opens. 2. In the upper right portion of the screen, click the Create button. The New Virtual Server screen opens. 3.
Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9 7. In the Configuration section, from the Type list, select Forwarding (IP). 8. From the Protocol list, select All Protocols. 9. From the VLAN Traffic list, make sure that All VLANS is selected (see Figure 9). 10. Click the Finished button.
To create a SNAT 1. On the Main tab, expand Local Traffic, and then click SNATs. The SNATs screen opens. 2. In the upper right portion of the screen, click the Create button. The New SNAT screen opens. 3. In the Name box, type a name for this SNAT. In our example, we type lcs_defaultSNAT. 4. From the Translation list, select a setting appropriate for your configuration. In our example, we select Automap. 5. Click the Finished button.
Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9 In a redundant configuration, you also need to configure a Floating Self IP address for the VLAN on both devices. To create this Floating Self IP address, follow the procedure Creating a self IP, on page 5, but check the Floating IP box. On the redundant device, create a Floating Self IP address using the same IP address as the original device, and check the Floating IP box.
Using Access Proxy and Director with the BIG-IP LTM system for remote access The Live Communications Server 2005 product allows the network of an organization to federate (peer) with other Live Communications Server-enabled networks for core presence and instant messaging. This feature is enabled using a proxy server, Microsoft® Office Live Communications Server 2005 Access Proxy, using TLS/MTLS (Mutually Authenticated Transport Layer Security) for connections on both internal and external interfaces.
Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9 WARNING There are a wide variety of ways to deploy the BIG-IP LTM system with Access Proxy and Director devices, and the configuration depends on your network configuration. The following procedures give a base example, however, there may be differences in your configuration. We recommend you contact your F5 Field Representative or F5 Consulting before attempting this section.
Configuration example In this configuration, there are BIG-IP devices on both sides of the array of Access Proxy devices, to direct traffic for inbound and outbound traffic. Figure 12 BIG-IP LTM systems with Access Proxy and Director devices Tip To configure the BIG-IP LTM system to provide high availability for firewalls, we recommend a BIG-IP Firewall Sandwich configuration. For more information on the Firewall Sandwich and for configuration instructions, see the BIG-IP Solutions Guide.
Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9 Prerequisites The following are prerequisites to the Access Proxy configuration. ◆ In the following procedures, we assume you have already created pools for the Live Communications Servers, as shown in Creating pools, on page 1-6, and virtual servers, as shown in Creating virtual servers, on page 1-11.
• Creating the self IP on the outside BIG-IP LTM system • Configuring a health monitor • Creating a pool for the Access Proxy devices on the outside BIG-IP LTM system • Creating the TCP profile • Creating the virtual server on the outside BIG-IP LTM system • Creating a SNAT on the outside BIG-IP LTM system Creating the self IP on the outside BIG-IP LTM system The first step is to create a self IP address on the outside BIG-IP LTM system. To create a self IP address using the Configuration utility 1.
Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9 Configuring a health monitor The next step in this configuration is to configure a health monitor on the BIG-IP LTM system for the Access Proxy devices. To configure a health monitor 1. On the Main tab, expand Local Traffic, and then click Monitors. The Monitors screen opens. 2. Click the Create button. The New Monitor screen opens. 3. In the Name box, type a name for the Monitor. In our example, we type ap_monitor.
6. The other fields in the Configuration section are optional. Configure these fields as applicable for your network. (For additional information about configuring a pool, click the Help button.) 7. In the Resources section, from the Load Balancing Method list, choose your preferred load balancing method (different load balancing methods may yield optimal results for a particular network). For this configuration, we recommend selecting Least Connections. 8.
Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9 Creating the virtual server on the outside BIG-IP LTM system After you define the pool, the next step is to define the following virtual server on the BIG-IP devices to load balance the traffic to the Access Proxy pool. To create the virtual server for the Access Proxy pool on the outside BIG-IP device 1. On the Main tab, expand Local Traffic, and then click Virtual Servers. The Virtual Servers screen opens. 2.
Configuring the inside BIG-IP LTM system The next section of this deployment is to configure the inside BIG-IP LTM system (as shown in Figure 12).
Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9 To create a pool for the Access Proxy devices from the Configuration utility 1. On the Main tab, expand Local Traffic, and then click Pools. The Pool screen opens. 2. In the upper right portion of the screen, click the Create button. The New Pool screen opens. 3. From the Configuration list, select Advanced. The advanced configuration options appear. 4. In the Name box, enter a name for your pool.
A Director is a Pool (typically a Enterprise Edition server) with no locally homed users, and acts as a authorization/AD-routing proxy for outside users and domains, protecting internal Live Communications Servers against unauthenticated SIP traffic. A Director is typically needed when there are outside users and multiple pools (or servers) within an enterprise. Although a Director is not a requirement, it increases the security and manageability of the deployment.
Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9 Creating the TCP profile The next step is to create a TCP profile. To create this TCP profile, use the procedure Creating the TCP profile, on page 23. Creating the virtual servers on the inside BIG-IP LTM system After you create the pools, you configure the virtual servers on the inside BIG-IP LTM system.
a pool for the next hop server in the enterprise network, on page 26. In our example, this is internal_nexthop_pool, the virtual server IP address is 10.10.10.200 with a service of 5061. Creating a default SNAT on the inside BIG-IP LTM system To create a default SNAT on the inside BIG-IP LTM system, follow the procedure Creating a SNAT on the outside BIG-IP LTM system, on page 24.
Deploying Microsoft Office Live Communications Server 2005 and the F5 BIG-IP LTM System v9 Appendix A: Backing up and restoring the BIG-IP system configuration We recommend saving your BIG-IP configuration before you begin this configuration.
3. In the Restore a Configuration section, choose the configuration file you want to restore from the list box, or type the path where your configuration files were saved. 4. Click the Restore button. To check the status of the restoration, click the View Log button. You should wait a few moments for the log file to start generating before you click View Log. Repeated clicking of this button will update your screen with the most current log file information until the restoration is complete.