The topology for OCS architecture has changed for R2. We know support three topologies:
- Consolidated Edge
- Load Balanced Consolidated Edge
- Multi-Site Consolidated Edge
Consolidated Edge – in RTM We needed a Public IP address for the outside edge. In R2 we’ve changed that if you are using a single consolidated edge. In this scenario you can NAT the external IP address. This will help with small installations of OCS.
Load Balanced Edge – NATing can’t be done as we have multiple External Edge and the H/W load balancer wouldn’t not which Edge to route traffic to. In this scenario the External Edge will need Public IP Addresses. For most schools this isn’t an issue but a very important distinction.
Finally we have multi-site Consolidated Edge Configuration
We have made significant changes in the design of the edge for A/V which reduce the external edge external firewall ports from 20K to 2. No inbound TCP/UDP port range is required on external firewall. Also the outbound UDP port range is not required. So 3478 and 443 are only ports needed. There are restrictions such as federation with an OCS RTM A/V Edge server. In this scenario the same ports are required as for RTM. This is important if your plans are to federate with other schools.
Reverse Proxy also has more responsibilities in an R2 configuration. If you support external devices the Device Update Service requires a reverse proxy. The reverse proxy must be configured to publish these directories:
- —The external URL of the Web Components Server: https://<external Server FQDN>/RequestHandler/ucdevice.upx
- —The external URL for the Update site: https://<external Server FQDN>/sites/updateserver
- —DNS A record to resolved the external server FQDN
We didn’t discuss certs here but the last thing I’ll mention today is the desktop sharing. Desktop sharing requires both CWA and AV Edge. CWA needs to have reverse proxy and media traversal for desktop sharing happens via the AV Edge.