On September 16, 2011, Byron Spurlock delivered a TechNet webcast on Lync Server 2010 Edge services. I helped Byron answer questions on the back-end during the webcast. I am posting the full Q&A log here after validating the answers to the questions. You can also find a copy of the PowerPoint deck on my Slideshare site here.
If you have any questions, please contact me or Byron.
Questions and Answers Log: TechNet Webcast: Deep Dive: Lync Server 2010 Edge Servers
Question: will the slides be available for download - I have printed to PDF, but that doesn't allow you to click on links
Answer: You should have received an email follow up after the Webcast that has a link to download the PowerPoint deck. Alternatively, I have posted the deck to Slideshare: http://www.slideshare.net/harold.wong/lync-2010-deep-dive-edge.
Question: What traffic is traversing the reverse proxy?
Answer: There are many types of traffic. They are as follows:
1. Enabling external users to download meeting content for meetings
2. Enabling external users to expand distribution groups
3. Enabling remote users to download files from Address Book service
4. Accessing Lync Web App client
5. Accessing Dial-in Conferencing settings web page
6. Accessing Location Information service
7. Enabling external devices to connect to Device Update web service and obtain updates
Question: Why TMG is not supported as a NAT device for Edge A/V?
Answer: Lync 2010 does not support NAT on the external interface of the AV Edge. You can still use TMG, but you must have the perimeter network configured correctly and place the Lync Edge servers appropriately.
Question: The documentation for the Migration from BPOS to Office 365 says that the Lync client will replace all the functionality of messenger and Live Meeting. With all this ports configuration how will I be able to use Lync in Office 365 to have a public Live meeting list this one I am watching now? Could you have used Lync to do this presentation instead of live meeting with all the external users?
Answer: If you are using Office 365, all the configurations needed to host external Lync Meetings is already taken care of by Microsoft. You don't have to worry about configuring any of the server side components. A decision was made to continue to use Live Meeting for our public facing webcasts for a period of time to minimize the impact to customers. With that said, we could have used Lync for this session.
Question: Are the SIP, web, and conf services used exclusively by the Lync client? ie: they are not used by web app clients. ? Thanks
Answer: They are as well, but the interaction is slightly different than the full Lync Client.
Question: Is there a Lync Client for Windows Phone 7? If so what is it called I searched the market place with no results returned? Does it support a video phone call on the new front facting camra Windows Phone 7 phones?
Answer: Currently, there is no Mobile Lync client avaialble for Windows Phone 7.
Question: Is there a requiement have an external A-rec specifically named sip.domain.com?
Answer: This is one of the default names searched for when client is configured for autoconfiguration.
Question: Lync 2010 IS supporting NAT for A/V, but a src nat / dst nat behaviour look http://technet.microsoft.com/en-us/library/gg425882.aspx anyway, another question: What are the risks of not implementing the internal firewall?
Answer: You are correct on the NAT. I was going to reference that article as well. The key is the way the communications need to happen in both the outbound and inbound. Some NAT configurations don't support the necessary behavior. This also includes TMG if everything isn't configured properly. The answer to your second question is much harder and has the "It Depends" clause. If your security rules don't allow it, then it is a moot point. I do know many organizations that have only a single firewall interface and they are secure. It can be done.
Question: I have a customer that do not allows deploying without the 2nd internal firewall, the project is in pause because of this... And I couldn't get documentation about this.
Answer: Microsoft does not produce any official documentation that specifically states the above is secure or not secure or compares that to a double firewall environment.