Configuring the SFB 2015 Reverse Proxy Server for Express for Lync 3.0

Similar documents
Step-by-step installation guide for monitoring untrusted servers using Operations Manager

Best Practices for Security Certificates w/ Connect

How to Set Up External CA VPN Certificates

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

VMware Horizon View Deployment

Privileged Access Agent on a Remote Desktop Services Gateway

Sophos UTM Web Application Firewall For: Microsoft Exchange Services

Revised: 08/02/ Click the Start button at bottom left, enter Server Manager in the search box, and select it in the list to open it.

How to configure the UTM Web Application Firewall for Microsoft Lync Web Services connectivity

Module 3 Remote Desktop Gateway Estimated Time: 90 minutes

Workspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

DEPLOYMENT GUIDE. Load Balancing VMware Unified Access Gateway

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

Installing Lync 2013 Edge Server

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

VMware Content Gateway to Unified Access Gateway Migration Guide

Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2

LDAP Directory Integration

Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server

LDAP Directory Integration

Connect to Wireless, certificate install and setup Citrix Receiver

Please select your version. Installation Instructions for BIG-IP F5 version 9.x and 10.x. Installation Instructions for F5 BIG-IP version 11

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Configuring Windows 7 VPN (Agile) Client for authentication to McAfee Firewall Enterprise v8. David LePage - Enterprise Solutions Architect, Firewalls

SonicWALL Security Appliances. SonicWALL SSL-VPN 200 Getting Started Guide

Installing and Configuring vcloud Connector

App Orchestration 2.6

MS Lync 2013 Server Security Guide. Technical Note

On-demand target, up and running

Using SSL to Secure Client/Server Connections

Table of Contents HOL-1757-MBL-6

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

ACE Live on RSP: Installation Instructions

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

VMware Enterprise Systems Connector Installation and Configuration. JULY 2018 VMware Identity Manager 3.2 VMware Identity Manager VMware AirWatch 9.

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

SAPO Trust Centre: Certificate Installation on Exchange Manual

Secure IIS Web Server with SSL

Load Balancing Censornet USS Gateway. Deployment Guide v Copyright Loadbalancer.org

Setting Up Resources in VMware Identity Manager

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

New World ERP-eSuite

XenMobile 10 Cluster installation. Here is the task that would be completed in order to implement a XenMobile 10 Cluster.

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: UNIFIED ACCESS GATEWAY ARCHITECTURE

Cloud Link Configuration Guide. March 2014

Table of Contents. VMware AirWatch: Technology Partner Integration

Using SSL/TLS with Active Directory / LDAP

System Setup. Accessing the Administration Interface CHAPTER

Horizon Cloud with On-Premises Infrastructure Administration Guide. VMware Horizon Cloud Service Horizon Cloud with On-Premises Infrastructure 1.

VMware Tunnel on Linux. VMware Workspace ONE UEM 1811

System Administration

How to Configure SSL VPN Portal for Forcepoint NGFW TECHNICAL DOCUMENT

Migrating from Citrix XenApp (IMA / FMA) to Parallels Remote Application Server

Unified Communicator Advanced

Load Balancing VMware Workspace Portal/Identity Manager

This PDF Document was generated for free by the Aloaha PDF Suite If you want to learn how to make your own PDF Documents visit:

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

Vendor: Citrix. Exam Code: 1Y Exam Name: Implementing Citrix NetScaler 10.5 for App and Desktop Solutions. Version: Demo

Configuring the SMA 500v Virtual Appliance

Installing and Configuring vcloud Connector

AirWatch Mobile Device Management

SRA Virtual Appliance Getting Started Guide

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

A certificate request and installation, can be performed by using the following tools:

Gnostice StarDocs On-Premises API Virtual Appliance

A. On the VCS, navigate to Configuration, Protocols, H.323, and set Auto Discover to off.

Table of Contents. Installing the AD FS Running the PowerShell Script 16. Troubleshooting log in issues 19

Microsoft Office Communicator Call Control with Microsoft OCS for IM and Presence Service on Cisco Unified Communications Manager, Release 11.

Windows 8.1 and Windows 10 a) Connect to wireless network Click on the wireless icon in taskbar. Select detnsw and click on Connect.

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Enable the Always Offline Mode to Provide Faster Access to Files

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

UDP Director Virtual Edition Installation and Configuration Guide (for Stealthwatch System v6.9.0)

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9

OCSP Client Tool V2.2 User Guide

PROVIDING SECURE ACCESS TO VMWARE HORIZON 7 AND VMWARE IDENTITY MANAGER WITH THE VMWARE UNIFIED ACCESS GATEWAY REVISED 2 MAY 2018

3.1 Getting Software and Certificates

Configuring the VPN Client

Blue Coat Security First Steps Solution for Controlling HTTPS

Adding a VPN connection in Windows XP

Procedure for Connecting to OIL VPN

Agility 2018 Hands-on Lab Guide. VDI the F5 Way. F5 Networks, Inc.

VMware Horizon Client for Chrome Installation and Setup Guide. 15 JUNE 2018 VMware Horizon Client for Chrome 4.8

Hands-on Lab Exercise Guide

Kerberos Constrained Delegation Authentication for SEG V2. VMware Workspace ONE UEM 1811

Deployment of Unified Communication - Lync Server 2013 Steps: Lync Front End Server in a Domain. Few Screen Shots. Scroll down to start your drill

Deploy Avi Vantage with Microsoft Lync 2013

Status Web Evaluator s Guide Software Pursuits, Inc.

Installing a SSL Server Certificate on Client Access Server

Partner Integration Portal (PIP) Installation Guide

Module 1 Web Application Proxy (WAP) Estimated Time: 120 minutes

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

Getting Started with ESX Server 3i Installable Update 2 and later for ESX Server 3i version 3.5 Installable and VirtualCenter 2.5

The VPN menu and its options are not available in the U.S. export unrestricted version of Cisco Unified Communications Manager.

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

Getting Started with VMware View View 3.1

Deploying the BIG-IP LTM v11 with Microsoft Lync Server 2010 and 2013

akkadian Global Directory 3.0 System Administration Guide

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

Transcription:

Configuring the SFB 2015 Reverse Proxy Server for Express for Lync 3.0 Overview A reverse proxy server is required by Express for SFB is a required component of Express for SFB if you plan on deploying external access to the SFB environment. It can provide access to the following SFB components: SFB Server mobility SFB meetings SFB Dial-in conferencing information Office web apps Without a reverse proxy server, SFB mobility WILL NOT function. All other components will only function from within the LAN. It is important to note, like the SFB Edge Server, the reverse proxy server MUST NOT be a domain joined computer. This will protect the Active Directory (AD) domain from any unwanted activity or access. You require 2 SSL certificates for the operation of the Reverse Proxy Server: Internal Active Directory generated certificate which was covered while setting up Active Directory Certificate Services External SSL Unified Communications certificate. Can be purchased online through various different certificate authorities The external certificate is used to authenticate any requests coming into the reverse proxy server, and the internal certificate is used to authenticate the request after the reverse proxy server modifies the initial web request sent to it. The reverse proxy role will be configured by using Internet Information Services Application Request Routing (IIS ARR). Several methods exist in creating a reverse proxy server. The most prominent way was using Microsoft Forfront Threat Management Gateway (TMG), however, Microsoft has since discontinued the product. The Reverse proxy server MUST sit in a De-militerized Zone (DMZ) of any network with a persistant static route to the internal network. Activate the Reverse Proxy Server In order to begin using the Reverse Proxy role you must turn on the Reverse Proxy server. Follow the steps below to gain access to the server. 1. Launch the Hyper-V manager from the windows Start Screen. 2. In the Windows Hyper-V Manager window, select the Virtual Machine labelled "SFBReverseProxy". Right click on it, and select "Settings...".

3. In the settings window, on the left hand side you will notice configuration options. Scroll down to "Automatic Start Action" and select "Always Start the Virtual Machine automatically". This will always start the domain controller when the Express for SFB appliance boots up. Click OK to accept the changes. 4. 5. Double click on the virtual machine labelled "SFBReverseProxy" to launch the Remote Terminal Window. Click on the start button to start the virtual machine. The start button is the Green icon at the top of the virtual machine connection window. At the virtual machine welcome screen, go to the action menu, and click on the menu item "Ctrl+Alt+Delete" to bring up the login screen. Enter the following credentials to login: username: administrator password: sangoma1! Configure the SFB Reverse Proxy Server After the LAN interfaces have been configured, you must add the edge server FQDN (Fully Qualified Domain Name) to the internal and external DNS servers. For example on the internal DNS Server add "rproxy.sfbsangoma.local" and have it point to your LAN interface IP 10.10.32.112

For example on the external DNS Server add " rproxy.sfbsangoma.com" and have it point to your LAN interface IP 104.145.6.20 SSL Certificates The following steps here will show you how to install the root CA certificate and generate both internal and external certificates. Installing the Internal CA Certificates 1. Log into the Certificate services server. The URL will be http://<ip-of-certificate-server>/certsrv/. Once here click Download a CA Certificate, certificate chain or CRL. 2. On the download page click Download CA certificate. As well download the CA certificate chain. 3. Once the certificates are downloaded right click on them and then click Install Certificate.

4. When the Certificate Import Wizard starts select Local Machine and then click Next. 5. On the Certificate Store sceen select Place all Certificates in the Following Store and then click Browse.

6. Select the Trusted Root Certification Authorities. 7. Once done click Next.

8. On the Summary screen click Finish. 9. Repeat these steps for both the CA certificate and the CA certificate chain.

Generate the Internal Certificate Request and Install the Internal Certificate 1. On the Reverse Proxy Server search for certificate. Then click on the Manage computer certificates. 2. Once the certificate management interface right click on Personal and then go to All Tasks -> Advanced Operations -> Create Custom Request.

3. On the Before You Begin screen click Next. 4. On the Select Certificate Enrollment Policy click Next.

5. Next select Template "(No Template) Legacy Key" and ensure supress default extensions is unchecked. Then verify the format is PKCS#10. At this point click Next. 6. On the Certificate Information screen click Details.

7. Once the details of the request appear click Properties. 8. Fill out the Friendly name and the description.

9. Set the Common name to rproxy.sfb.sangoma.local. Once done click Ok and then Next. 10. At the next screen provide the location and file name to save the request to. Also ensure the format is Base 64.

11. Now go to the internal CA website http://<ip-of-certificate-server>/certsrv/. Then click request a certificate. 12. On the Request a Certificate page click Advanced Certificate Request.

13. On the Advanced Certificate Request page click Submit a certifcate request by using a base 64... 14. At this point open the Certificate Request saved in step 10 above. Press CTRL + A to select all the text and then copy this to the clipboard. 15. At this point paste the certificate into the Certificate Server. Select the Web Server template and then click Submit.

16. Select the DER format and then click Download certificate. 17. Next right click on the Internal Certificate and click Install Certificate.

18. On the Certificate Import Wizard select Local Machine and then click Next. 19. On the Certificate Store page click browse and then select Personal and click Next.

20. On the Summary page click Finish. Generate the External Certificate Request and Install the External Certificate Follow the exact same steps for the External Certificate Request and Installation as done previously for the Interal Certificate Request and Installation. Ensure you use the public FQDN and a public CA as shown below.

The External Certificate MUST be a Unified Communications (UC) Subject Alternate Name (SAN) based SSL certificate. These types of certificates are generally sold online through various different certificate authorities. You may visit some of the websites below in order to purchase a UC SAN certificate: GoDaddy Entrust Symantec Digicert You would require at least 5 DNS names within your SSL Certificate. By default, we use the names below: lyncdiscover.<domain> - Autodiscover for SFB Mobility meet.<domain> - For meetings dialin.<domain> - For dial-in conferencing webapps.<domain> - for Office Web Apps rproxy.<domain> - Server name (Should be certificate name not a SAN) Configure IIS ARR Now that the server certificates have been installed, you can configure IIS ARR. Follow the instructions below to configure IIS ARR. 1. Within IIS, right click on "Server Farms" and select "Create Server Farm". 2. Provide a name for the Server farm and click "Next".

3. In the next screen, enter in a server address and click Add. You will then have the option of entering advanced settings. Change the httpport to 8080 and the httpsport to 4443. Click "Finish" to close the wizard. 4. You will then get a popup asking if you would like to create a URL Rewrite Rule. Click "Yes" to proceed.

5. Once done, click on the new server farm created. This will display a list of options for this particular server farm. Double click on "Proxy" to open the proxy options. 6. Within the Proxy options, change the timeout option to 3600 s. This will help with SFB mobility as lower timeout values cause the SFB Mobile client to disconnect. Change this value appropriately if you find users are getting disconnected from their mobile clients. Click "Apply" to accept the changes and to go back to the Server Farm options. 7. Double click on the "Routing Rules" option in the server farm options. De-select the "Enable SSL Offloading" option and click "Apply".

Click on "URL Rewrite" to modify the rules within the rewrite module in IIS. 8. Double click on the first Rewrite rule in order to modify its contents. 9. Within the rule make the following changes: Within the matching condition, change the using dropdown to "Regular Expressions" and change the pattern to (.*). In the conditions section, change the logical grouping to "Match Any" and then add a new condition as per the screenshot below. The string to be entered in the Pattern is "lyncdiscover.<domain> webapps.<domain> rproxy.<domain> meet.<domain> dialin.<domain>". Click OK to continue. Click "Apply" to accept the changes.

10. When returned to the "URL Rewrite" options, select the second rule and click "Disable Rule" from the actions menu as it is not used. Now that you have followed all the steps above, the reverse proxy server is setup.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback