Shulou(Shulou.com)06/02 Report--

This post enters part 7 of the Skype for business 2015 comprehensive deployment series: configuring the Skype for business Server 2015 Edge Transport server. First of all, this paper introduces in detail the process of deploying the edge pool and publishing the topology in the front-end server lync.itwish.cn, and then introduces the preparations for deploying the edge transport server in lyncedge.itwish.cn (including exporting topology files, adding relevant DNS records, exporting AD domain certificate chain and edge computer preparation), then introduces the deployment and installation of the edge transport server, and finally verifies the deployment of the edge server. I hope to correct the imperfections of this article in the comments section. Thank you very much.

Define the edge pool and publish the topology

Log in to the Skype for Business Server 2015 front-end server lync.itwish.cn and open the Skype for Business Server 2015 Topology Builder.

In the console tree, expand the site where you want to deploy the edge server.

Right-click Edge Pool, and then click New Edge Pool.

On the define a new edge pool screen, click next.

On the define Edge Pool FQDN screen, type the fully qualified domain name (FQDN) of the edge server you want to use, then select this pool has multiple servers, and click next when you are finished.

To plan to enable federation, select the enable federation (port 5061) check box for this edge pool.

On the Select feature screen, select use a FQDN and IP address.

After clicking "next", you will go to the "IP options" screen. Check the "enable IPV4 on the inside interface" and "enable IPV4 on the outside interface", and select the "the external IP address of this edge pool is translated by NAT" check box to perform this configuration. When you are finished, click next.

On the external FQDN screen, you need to enter a single external FQDN in the SIP access box. Then, you need to enter a different port number for each edge service to allow them all to connect independently. We recommend that SIP access Edge Services use 5061, Web Conferencing Edge Services use 444, and ACMV Edge Services use 442. Click next when you are finished.

You are now on the Internal FQDN and IP address screen. Enter the IP address and FQDN name of the edge server in the Internal IPv4 address and Internal FQDN text boxes. Click next when you are finished.

On the define external IP address screen, type the external IPv4 in the SIP access text box, and then click next.

Enter the screen "define Public IP address" text box. You need to enter the IPv4 and / or IPv6 addresses that are set for the Aamp V edge service, which will be translated by NAT. Then click finish.

The next screen is "define the next hop." In the next hop pool box, select the name of the internal pool, which can be a front-end pool or a stand-alone pool. If there is a controller in the environment, the controller should be selected. Then click next.

On the Associate Front Pool screen, you need to specify one or more internal pools to associate with this edge server, including front-end pools and Standard Edition servers. Select only the name of the internal pool that you want and use this edge server to communicate with supported external users. Click next.

Click finish on the next screen.

You can now release this updated topology, and from here, follow the instructions in deploying Edge Server in Skype for Business Server 2015 and deploy to Edge Server.

Export topology file

In order to deploy successfully, the Skype for Business Server 2015 deployment wizard needs access to central management storage data. The edge server is located outside the domain, so it is necessary to manually export the topology file to the edge server location, usually with the help of physical media. Such an export is performed through PowerShell:

Start the Skype for Business Server hypervisor.

In the Skype for Business Server hypervisor, run the following command:

Transfer the exported file to the edge server through physical media placement

Export-CsConfiguration-FileName

Add DNS record and export AD domain certificate chain

Log in to the server.itwish.cn domain controller

Add DNS related A records to prepare for configuring edge deployment

Download or export the CA certificate chain (obtained through IE access or exported through the mmc certificate authority)

Log in to the URL http://server.itwish.cn/certsrv, and on the certsrv page of the issuing CA, under "Select Task", click "download CA Certificate, Certificate chain or CRL".

Under download CA certificate, certificate chain, or CRL, click download CA certificate chain.

Save to the share path\\ server.itwish.cn\ Share\ Certnew.p7b and copy it to the folder on the Edge Server.

Deploy Edge Server in Skype for Business Server 2015

The Edge Server computer prepares:

Define the computer name lyncedge and add the dns suffix

Install two network adapters for the edge server, one for the internal interface and the other for the external interface.

Configure a static IP address on the external perimeter network subnet and point the default gateway to the internal interface of the external firewall.

On the internal interface, configure a static IP on the internal perimeter network subnet.

Import the AD domain Certnew.p7b certificate chain on the edge server, log in to the MMC console-"add or remove Units"-"Certificate"-"computer account", select "Certificate"trusted Root Certificate Authority", and import the certificate chain.

To enable windows update update, please use Windows Update to make sure that Windows Server has been updated to the latest version.

New features: Windows Update, .NET Framework 3.5functionality (HTTP activation), remote server management tools (AD DS and AD LDS tools), Windows Identity Foundation 3.5and so on.

Edge server installation

Log in to the server configured for the Edge Server role using an account that belongs to the local administrators group.

Enter the Skype for Business Server 2015 installation media. Please double-click the setup.exe program to "install". The installation media requires Microsoft Visual C++ to run. Microsoft Visual C++ will be installed automatically.

Smart setup is a new feature in Skype for Business Server 2015 that allows you to connect to the Internet to check for updates during installation. This ensures that you get the latest product updates during installation, providing a better experience. Click install to begin the installation.

Read the license agreement carefully and if you agree to the terms, select "I accept the terms of the license agreement", and then click OK.

At this point, the core components of Skype for Business Server 2015 have been installed on the edge server. The core components include the following: the Skype for Business Server 2015 deployment Wizard, which provides a startup panel to install various components of Skype for Business Server 2015; and the Skype for Business Server 2015 Management Shell, a preconfigured PowerShell program that allows you to manage Skype for Business Server 2015

After you complete the installation of the core components, the Skype for Business Server 2015 deployment wizard starts automatically. Click install or Update the Skype for Business Server 2015 system on the deployment wizard.

Step 1: install the local configuration store

A. check the prerequisite information for step 1, which can be accessed by clicking the drop-down menu under the heading of step 1. Click run in step 1 to launch the install Local configuration Store wizard.

B, select Import from File (recommended for Edge Server), browse to select the imported topology profile 1.zip, and then click next.

C. After installing the local configuration store, you can click "View Log" to view the log. Click finish to close the install Local configuration Storage wizard, and then return to the Skype for business 2015-deployment Wizard step.

Step 2: install or remove Skype For Business Server components

A. check the prerequisite information for step 2, which can be accessed by clicking the drop-down menu under the heading of step 2. Click run in step 2 to launch the set up Skype for business server components wizard, and click next.

B. After installing the Skype for business server components, you can see "installing Server.msi (ADDLOCAL=Feature_Server_Edge REBOOT..."), that is, the components that are installing Edge Transport.

You can click "View Log" to view the log. Click finish to close the set Skype for business server components wizard, and then return to the Skype for business 2015-deployment Wizard step.

Step 3: request, install, or assign a certificate

Generate internal and external certificate request files for the edge server

A, check the prerequisites, and then click run next to step 3: request, install, or assign certificates.

B. on the Certificate Wizard page, select inside Edge, and click request.

C. on the delayed or immediate request page, select the option to prepare the request now, but send it later (offline certificate request). Because the edge server cannot contact the certificate server directly.

In the certificate request file page, create the full path and file name of the certificate signing request file.

On the specify alternate Certificate template page, to use the default Web server template, click next.

On the name and Security Settings page, specify a friendly name. By using a friendly name, you can quickly identify the certificate and purpose. Select Mark the private key of the certificate as exportable, and then click next.

G. Fill in the organizational information and organizational unit

H. Select a country / region and fill in the region

I. on the user name / alternate user name page, default, and then click next

J. On the configure other consumer alternative names page, add any other user alternative names you need, including those that may be needed by other SIP domains in the future, default, and then click next.

On the Certificate request Summary page, check the information in the summary. If the information is correct, click next.

On the executing Command page, click next.

M. on the Certificate request File page, by default, and then click finish.

N, through the same steps, on the Certificate Wizard page, select external Edge Certificate, and click request.

O. On the certificate request page, check "all" and "itwish.cn". Default is the next step.

On the configure other consumer alternative names page, add any other user alternative names that you need, including those that may be required by other SIP domains in the future, default, and then click next

Q, on the Certificate request File page, by default, and then click finish.

R, so far, the certificate requests inside and outside the edge server have been completed.

Generate the internal and external certificates of the edge server through the ca certificate authority.

A, log in to the URL http://server.itwish.cn/certsrv, and on the certsrv page of the issuing CA, under "Select Task", click "apply for Certificate".

B. under the apply for Certificate page, click Advanced Certificate request.

C. under the Advanced Certificate Application Page, click the use base64-encoded CMC or... option.

D. Open the certificate request file edge-internal.req file generated inside the Edge Server in notepad

E. Copy the req file to the "Base-64-encoded certificate request" box, select "Web Server" as the certificate template, and click submit.

Download the internal certificate and certificate chain of the edge server and save it locally

G. Log in to the URL http://server.itwish.cn/certsrv. On the certsrv page of the license issuing CA, under "Select Task", click "apply for Certificate" again to apply for a certificate outside the Edge Server.

H. Open the certificate request file edge-internet.req file generated outside the Edge Server in notepad

As shown in the figure, complete the Edge Server certificate application, external certificate edge_internet, internal certificate edge_internal

Import the certificate to the edge server

A, put the previously generated external certificate edge_internet and internal certificate edge_internal of the edge server to the local disk, return to the certificate application page, log in to the mmc console, in the "personal"certificate" option, import the server external certificate edge_internet and internal certificate edge_internal.

Assign a certificate

Go to the Certificate Wizard page, select "inside the Edge", and click the "assign" option.

B. Go to the "Certificate allocation Page" and confirm that the certificate is correct. Next step

C. Complete the allocation of internal and external certificates

Step 4: start the service

A. check the prerequisites for step 4: start the service.

B. You use Start-CsWindowsService to start related services.

C. on the executing Command page, after starting all services successfully, click finish.

Run Windows Update again to see if there are any updates after installing the Skype for Business Server component. Click exit to close the deployment wizard.

Verify edge deployment

Verify the transfer between the edge server and the internal server

Run Get-CsManagementStoreReplicationStatus on an internal server with central management storage, or on any joined domain computer with Skype for Business Server 2015 core components (OcsCore.msi) installed

The result of running this command for the first time may give you a replication status of False instead of True. If this happens, run Invoke-CsManagementStoreReplication cmdlet. Leave some time for it to complete the replication, and then run Get-CsManagementStoreReplicationStatus cmdlet again.

Log in to the front-end server, open the skype for business control panel topology, and the edge server replicates normally.

At this point, the deployment of the Skype for business server 2015 Edge Transport server is complete.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.