This section outlines some sample scenarios. By no
means are these intended to be an end-to-end deployment sample, but they
should provide additional clarity and examples of what is possible. In
each of these examples, assume an internal infrastructure already exists
and Edge services are being added.
Single Edge Server
Company ABC is a small company of about 200 people located in San Francisco, uses sip.companyabc.com
as its only SIP domain, and the internal Active Directory domain
companyabc.local. The single Edge Server is named mcsedge and has a DNS
suffix defined to match the internal domain. Company ABC plans to use a
single subject alternative certificate for all external functionality. Figure 1
displays what the overall topology would look like. There are no
high-availability requirements, and the external URLs are defined as
follows:
Table 1 displays the public and private certificate requirements while Table 2 indicates the DNS record requirements.
Scaled Single Site
Company ABC is a large company of about 5,000 people with a single office located in San Francisco, uses sip.companyabc.com
as its only SIP domain, and the internal Active Directory domain is
companyabc.local. The Edge Servers are named lyncedge1 and lyncedge2 and
both have DNS suffixes defined to match the internal domain. The
internal Edge pool name is lyncedge.companyabc.com. The overall topology is displayed in Figure 2.
To save costs, DNS load balancing is used because
Company ABC does not require Public IM Connectivity or down-level
federation. Company ABC uses individual certificates where required. Two
Forefront Threat Management Gateway reverse proxy servers are
configured with Windows Network Load Balancing. The external URLs are
defined as follows:
Table 3 displays the public and private certificate requirements, whereas Table 4 indicates the DNS record requirements.
Scaled Multiple Sites
Company
ABC is a growing company of about 7,500 people split between two
offices in San Francisco and New York. Each office has a Front-End pool
hosting users. It uses sip.companyabc.com as its only SIP domain, and the internal Active Directory domain is companyabc.local.
The Edge Servers in San Francisco are named sfoedge1 and sfoedge2 and they belong to the Edge pool sfoedge.companyabc.local, whereas the New York Edge Servers are named nyedge1 and nyedge2 belonging to the Edge pool nyedge.companyabc.local. All have DNS suffixes defined to match the internal domain.
Company ABC uses hardware load balancers in both
locations to support Public IM Connectivity and down-level federation.
Company ABC uses individual certificates where required. Two Forefront
Threat Management Gateway reverse proxy servers are configured in each
location and also use hardware load balancing. Figure 3 displays the overall topology and the external URLs are defined as follows:
Note
10.x.x.x addresses are used here as an example.
However, publicly routable IP addresses must be used when leveraging a
hardware load balancer. Both the VIPs and IPs on the servers must be
publicly routable.
