With the discontinuation of Forefront TMG, Microsoft now offers either IIS ARR or Win2012 WAP as a software based solution for Lync 2013 Reverse Proxy. There is much guidance available on how to configure either of these, and while the future direction from Microsoft is WAP, each method has it's own merits as well as limitations. A good alternative is to use Virtual Load Balancers such as the VLM200 from KempTechnologies. This is a virtualized load balancer that runs on both Hyper-V and VMware so it's still a software based approach vs hardware appliance. This article walks through the steps taken to setup the latest version 7.1 VLM200 on Hyper-V as a Reverse Proxy in the Perimeter DMZ Network for a Lync Server 2013 Front End pool. Below is a generic architecture of a FE Pool with Load Balancer from Microsoft Technet: |
1. Configure Networking
2. Load SSL Certificates
3. Add Virtual Service
The VLM200 comes with 2 Ethernet interfaces eth0 and eth1. As a best practice, for the internet or client facing side we should use eth0 and for the internal server network facing we should use eth1. Below is the configuration of eth0 in the internet facing subnet of the Perimeter DMZ network:
As this load balancer is for the external Lync web services, we need to load a public SSL certificate into the VLM. Simply purchase a SSL certificate from a well-known public CA such as GoDaddy. The certificate SN must be the external Lync web services FQDN. For this lab Windows Server was used to generate the CSR which as then submitted to the public CA provider. Detailed steps for generating the CSR can be found in TechNet. After receiving the certificate from the CA provider, we import the SSL cert back to the same Windows Server and then export it along with the private key to a .pfx file. We then load this .pfx file into VLM under Certificates->SSL Certificates:
Now we are ready to add the virtual service for the external Lync web services. Before doing this, it's useful to first install the templates provided by Kemp to simplify configuration and reduce errors. These templates can be downloaded from the Kemp website and installed into the VLM as shown below:
As can be seen, configuring the Kemp as a load balancer for Lync external web services is very straightforward and made even simpler by the templates that Kemp provides. Compared with setting up TMG Forefront or IIS ARR, Kemp offers a much easier configuration experience. Keep up the good work Kemp!