I will not go into much detail about Lync 2013 infrastructures its just a basic setup to use the NetScaler as reverse proxy for external access to the Lync Frontend server. I am still working on the virtual server configuration for the Lync Edge and internal Lync Frontend server but will follow soon. Especially the Lync Edge is a bit tricky because you can’t use SNAT (not recommended) for your load balancing configuration, so the NetScaler needs to own the gateway and all traffic must path though the NetScaler.
Very useful is the Lync 2013 Protocol Map to understand the communication flow.
Add Custom Availability Monitors
add lb monitor monitor-LYNC-TCP4443 TCP -LRTM ENABLED -destPort 4443 -secure YES add lb monitor monitor-LYNC-TCP8080 TCP -LRTM ENABLED -destPort 8080
Add Lync Servers
add server LYFE01 10.1.1.30 add server LYFE02 10.1.1.31
Create Service Groups and bind Monitors
add serviceGroup service-LYNC-FE_8080 HTTP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appflowLog DISABLED add serviceGroup service-LYNC-FE_4443 SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appflowLog DISABLED bind serviceGroup service-LYNC-FE_8080 LYFE01 8080 -CustomServerID "\"None\"" bind serviceGroup service-LYNC-FE_8080 LYFE02 8080 -CustomServerID "\"None\"" bind serviceGroup service-LYNC-FE_8080 -monitorName monitor-LYNC-TCP8080 bind serviceGroup service-LYNC-FE_4443 LYFE01 4443 -CustomServerID "\"None\"" bind serviceGroup service-LYNC-FE_4443 LYFE02 4443 -CustomServerID "\"None\"" bind serviceGroup service-LYNC-FE_4443 -monitorName monitor-LYNC-TCP4443
Create Virtual Servers for Lync
add lb vserver vserver-LYNC-FE_80 HTTP 10.44.124.6 80 -persistenceType COOKIEINSERT -timeout 180 -cookieName MS-WSMAN -cltTimeout 180 add lb vserver vserver-LYNC-FE_443 SSL 10.44.124.6 443 -persistenceType COOKIEINSERT -timeout 180 -cookieName MS-WSMAN -cltTimeout 180
Bind Virtual Servers to Service Groups and configure SSL
bind lb vserver vserver-LYNC-FE_80 service-LYNC-FE_8080 bind lb vserver vserver-LYNC-FE_443 service-LYNC-FE_4443 set ssl vserver vserver-LYNC-FE_443 -tls11 DISABLED -tls12 DISABLED bind ssl vserver vserver-LYNC-FE_443 -certkeyName lync.mydomain.net
If you want more details please have a look into the Deplyment Guide – Citrix NetScaler for Microsoft Lync
More information about from Microsoft you find here: Network Planning, Monitoring, and Troubleshooting with Lync Server
Hi,
Thanks for the detailed article, we are struggling to setup Lync 2013 mobility setup on NetScaler, as you mentioned in the article if enter command
add lb vserver vserver-LYNC-FE_80 HTTP 10.44.124.6 80 -persistenceType COOKIEINSERT -timeout 180 -cookieName MS-WSMAN -cltTimeout 180
This command doesn’t seems to work, if I remove the cookiename name option then it worked. But I wonder where we can set the cookie name on the vserver config?
Hi Charlie,
I double checked it in my config, I have this exactly configured like this:
add lb vserver vserver-LYNC-FE_80 HTTP 10.44.60.6 80 -persistenceType COOKIEINSERT -timeout 180 -cookieName MS-WSMAN -cltTimeout 189
The cookie name comes from a Microsoft best practice guide, if you dont specify the name then it will be an random cookie name, should be fine if this works.
Cheers,
Bernd
Thanks for the info. We you able to figure out load balancing the edge servers? Thanks.
Lync Edge Servers are a bit tricky to do because you have to balance UDP packets and this doesnt work well with SNAT, it is supported but…. the NetScaler needs to own the default gateway in the network where your Edge Server is located then you can do the config and load balance.
I thought about if your NetScaler doesnt own the default gateway to use GSLB but I had not time to test this until now.
Hi,
Great article…. Thank you