locked
Edge Server Deployment - Question for Implementation RRS feed

  • Question

  • I have deployed OCS R2 Std edition on the internal network and IM is working great.  I am now tasked with deploying an Edge server to provide Federation and External IM support.

    I am currently installing a physical 2008 server in the DMZ now (member of work group) and I have 3 NICs available for this deployment.

    We use NAT (no reverse proxy available).  Is this possible?  Any input that you can provide to assist is much appreciated.

    Wednesday, October 7, 2009 3:45 PM

Answers

  • Ideally you'll only need need to use two NICs for the deployment, but depending on your DMZ network(s) and NAT'd IP range you might potentially need the third for a dedicated interface for A/V Edge.

    Take a look through these blog article and most of your questions should be answered related to deploying the Edge Server:

    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=79
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=78
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=33
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=19
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Wednesday, October 7, 2009 3:57 PM
    Moderator
  • On an Edge Server you should remove the Default Gateway settings from your internal interface and then define the correct gateway on the external interface.  Then you'll need to manually add static routes to define any internal networks you may have, using the internal interface as the route.  Make sure to add them statically (route add -p).

    Also, this really depends on your network configuration, as I assume that in the example above you are using unnatural /24 subnet masks and that both the internal and external DMZ networks are separate networks (a natural Class B would put those both in the same network: 172.16.0.0 /16).

    Because your internal network must be routable (and not NAT'd) from the internal Edge, then assuming you have the internal servers and client on 10.1.1.0/24 then you would add a route like this:

    route add -p 10.1.1.0 mask 255.255.255.0 172.16.8.1

    (Note: You may see some example with the interface (IF) switch at the end, but in this case it's redundant as the server will already have a route definition for hosts in the 172.16.8.0 network to use the internal interface.)

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Thursday, October 8, 2009 5:03 PM
    Moderator

All replies

  • Ideally you'll only need need to use two NICs for the deployment, but depending on your DMZ network(s) and NAT'd IP range you might potentially need the third for a dedicated interface for A/V Edge.

    Take a look through these blog article and most of your questions should be answered related to deploying the Edge Server:

    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=79
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=78
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=33
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=19
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Wednesday, October 7, 2009 3:57 PM
    Moderator
  • Jeff - Thanks for the documents as they are all VERY helpful.  I do have one quick question as a result.

    I have setup the Edge server and assigned the 4 IP addresses to two NICs in the following format:

    NIC #1 - Internal - 172.16.8.3 (Default Gateway set as 172.16.8.1)
    NIC #2 - DMZ - 172.16.1.26, 172.16.1.27, 172.16.1.28 (one for each Access, Web Conf and A/V roles)

    I am unable to ping any of the 1 subnet addresses because there I have not specified a Default Gateway.  When I specify the Def. Gateway as 172.16.1.1 for NIC #2, I am prompted that this configuration will lead to errors. 
    Can I safely ignore this?
    Should I leave the Def. Gateway empty? 
    Should I set both NICs to have the same DNS entries or leave DNS blank for NIC #2. 

    Sorry for the newbie questions but I am just a little lost with how I should configure NIC #2 with DNS and Def Gateway and want to make sure that I get this right before proceeding.
    Thursday, October 8, 2009 3:22 PM
  • On an Edge Server you should remove the Default Gateway settings from your internal interface and then define the correct gateway on the external interface.  Then you'll need to manually add static routes to define any internal networks you may have, using the internal interface as the route.  Make sure to add them statically (route add -p).

    Also, this really depends on your network configuration, as I assume that in the example above you are using unnatural /24 subnet masks and that both the internal and external DMZ networks are separate networks (a natural Class B would put those both in the same network: 172.16.0.0 /16).

    Because your internal network must be routable (and not NAT'd) from the internal Edge, then assuming you have the internal servers and client on 10.1.1.0/24 then you would add a route like this:

    route add -p 10.1.1.0 mask 255.255.255.0 172.16.8.1

    (Note: You may see some example with the interface (IF) switch at the end, but in this case it's redundant as the server will already have a route definition for hosts in the 172.16.8.0 network to use the internal interface.)

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Thursday, October 8, 2009 5:03 PM
    Moderator