Replacement for Forefront TMG 2010

With Forefront Threat Management Gateway 2010 now discontinued, we sought a suitable reverse proxy solution that works with Lync Server and also supports other Microsoft products, such as Exchange and SharePoint. With the release of Windows Server 2008, it is now possible to add an optional component called IIS Application Request Routing (ARR) 2.5 to the Internet Information Services (IIS) role. This component enables IIS to handle reverse proxy requests, URL rewrites, and load balancing, among other tasks. For details and download, check out the Application Request Routing page of the Microsoft IIS website.

So why is a reverse proxy required? Aside from security considerations that arise if you use network address translation (NAT) directly to your Lync Front End Server in your LAN (which is never recommended), this also requires your firewall to do port translation. Lync Server uses two websites to service its web requests, one for the internal network and one for the external network. The external website listens on port 4443, instead of on the standard port 443, thus requiring a reverse proxy to translate between the two, as shown below/

1018.Figure 1

Pre-Requisite: IIS ARR is supported on Windows Server 2008 and above. In addition to same, if you’re deploying it for Exchange or Lync or SharePoint, you’ll need to ensure that environment is deployment & functional and that all services & features are working internally or within organization.

Troubleshooting: To troubleshoot, the best place to start is with the IIS log on the ARR server. Browse to this default folder: %SystemDrive%\inetpub\Logs\W3SVC1.

To see what ARR is actually doing under the hood and to configure Failed Request Tracing, review the article titled, Using Failed Request Tracing Rules to Troubleshoot Application Request Routing (ARR). This process creates XML trace files in this folder by default: %SystemDrive%\inetpub\Logs\FailedReqLogFiles\W3SVC1.

For detailed walk-through for how to deploy IIS ARR for small scale Lync environment, please refer here. For high scale environment, load balancers or devices should fill the gap accordingly.

Reference: Using IIS ARR as a Reverse Proxy for Lync Server 2013

January 21, 2013   Posted in: Exchange Server General, Lync 2013

Leave a Reply