Using Lync Server without a reverse proxy…
Well I have decided to dive into the world of Lync. I have previously used Office Communications Server 2007 R2 in the past and remember the pain it was to set up. I will say that it paid off in the end because the users absolutely loved it. They used it all the time to talk to each other even though they were only five feet away lol.
Anyways I wanted to setup a small environment but didn’t want to go through the mess of setting up a reverse proxy.
In case you didn’t know the following features require a reverse proxy for external users:
- Enabling external users to download meeting content for your meetings.
- Enabling external users to expand distribution groups.
- Enabling remote users to download files from the Address Book service.
- Accessing the Microsoft Lync Web App client.
- Accessing the Dial-in Conferencing Settings webpage.
- Accessing the Location Information service.
- Enabling external devices to connect to Device Update web service and obtain updates.
Now whenever you deploy a front-end server it will create two virtual directories in IIS. One is for internal users and the other is for external users. The difference is the external virtual directory listens on port 8080 and port 4443 (SSL) instead of the normal ports.
Just as if you were setting up a reverse proxy you will still need a different IP address from your edge services IP addresses. The first step I would try with the new IP is to perform a PAT (port address translation) on your firewall to port forward inbound traffic on TCP 80 and 443 to port 8080 and 4443 on your pool or standard edition front end server.
To paint you a picture below is a picture of my sonic wall NAT configuration:
Now if your firewall does not support PAT then you can try to create another local IP on your front-end server and assign the external virtual directory to it on port 80 and 443. Example would be to have the internal virtual directory listening on port 80 & 443 on 10.10.2.5 and then the external virtual directory listening on port 80 and 443 on 10.10.2.6. From there just do a simple port forward using the same IP address as what your reverse proxy “should” be.