locked
OCS R2 Edge Deployment RRS feed

  • Question

  • Hi,
    I am trying to work out if it is possible to deploy 2 R2 edge servers without the use of a Load Balancer (looking at redundancy purposes). These would be in 2 different locations and would connect back to the R2 pool. Currently setting up R2 edge server as single consolidated. If it can be done what would the certificate requirements be like? (SAN Cert require both Edge servers and multiple IP's and DNS requirements as well). Or is there away to configure R2 edge as a primary and secondary for fail over reasons?
    Any help is much appreciated.
    Thanks

    Thursday, July 23, 2009 9:34 AM

Answers

  • Attempting to use either ISA or NLB is not supported by any of the OCS pools (internal or external).  A warm standby can be tricky as if you have another Edge server (or pool) online simply changing DNS records is not enough.  You'd have to reconfigure OCS internally at the pool and server level to point Front-End, Mediation, and other roles to the new Edge server FQDNs, and the spare servers would need to be online, with valid certs preconfigured, and firewall rules setup.

    But since the Edge servers are not domain joined then it would be easier, and faster, to have a cold standby server that was configured with the exact same FQDN and IP addresses as the original Edge server.  Then no OCS, DNS, or firewall reconfiguration would be necessary.  In fact you could use a warm standby server with a different name/IP and keep it online for patching and during the failure simply rename and re-assign IP addresses, and then clear ARP caches in the connected routers/firewalls to force the change.


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, July 24, 2009 12:52 PM
    Moderator
  • BTW, Microsoft has just released a white paper addressing these topics for R2:

    Microsoft Office Communications Server 2007 R2 Site Resiliency White Paper
    http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c930febb-3a44-4bf3-969d-1c52675a7063
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, July 24, 2009 1:04 PM
    Moderator

All replies

  • Hello,

    Yes it can be done. There could be various way, but the way I have done is the create a streched VLAN for the Edge servers for my 2 geographically dispersed  locations.  Thes use a hardware NLB e.g. Big F5 to publish the Edge servers.  The 2 edge servers will get their own IPs  and hrbt IPs and names.  You will have to install a public external certificate on the external facing NIC on the Edge servers.

    In addition you will require certificates on your internal NICs as well as you may know already. 

    The certificate must containt fqdn of Both the Edge servers.  You can install the same UCC/SAN cert on both the Edge servers.  Now the Big F5 will also get a cert and will hold the NLB VIP.  You will need to publish DNS enteries in the External DNS for (A) record for the Edge server FQDN pointing to the BIGF5 VIP.  Failover will be handled by BigF5 between sites.

    http://technet.microsoft.com/en-us/library/dd425272(office.13).aspx

    http://www.f5.com/pdf/deployment-guides/f5-ocs-r2-dg.pdf



    HTH

    James.
    Thursday, July 23, 2009 1:25 PM
  • There is no way to setup a redundant primary/secondary Edge withou using an HLB.
    Take a look at this article for more details on Edge topoligies: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=70

    Also, Keep in mind if you deploy multiple Edge servers in a distribute topology for a single SIP domain that all SIP traffic (external client logins) will traverse just a single Access Edge Server, while media traffic (Web Conf, A/V Conf) will travel over the Edge server at the site where the user's home pool is stored.



    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Thursday, July 23, 2009 1:49 PM
    Moderator
  • Thanks for the replies. 
    Could the use of a warm standby work? where if the main site goes down we bring on the secondary site and use BGP/DNS entries to bring it up. It does not have to be instant and could have up to 4 hrs for this to take place.
    I guess another question is could i look at using ISA as the NLB as another option? 
    Thanks in advance.
    Friday, July 24, 2009 1:44 AM
  • If you do not have a 100% uptime need, then definitely just do a standby server. I have also done some deployments for smaller companies where we just used two standard edition front end servers, one as a standby. No need to purchase the expensive load balancer if they are just looking for quick recovery, which that solution is.

    I have never got into using ISA as a LB and I doubt it is supported, I would stick with a standy server if you are not going to purchase a hardware load balancer.

    Randy Wintle | MCTS: UC Voice Specialization | WinXnet Inc
    Friday, July 24, 2009 12:28 PM
  • Attempting to use either ISA or NLB is not supported by any of the OCS pools (internal or external).  A warm standby can be tricky as if you have another Edge server (or pool) online simply changing DNS records is not enough.  You'd have to reconfigure OCS internally at the pool and server level to point Front-End, Mediation, and other roles to the new Edge server FQDNs, and the spare servers would need to be online, with valid certs preconfigured, and firewall rules setup.

    But since the Edge servers are not domain joined then it would be easier, and faster, to have a cold standby server that was configured with the exact same FQDN and IP addresses as the original Edge server.  Then no OCS, DNS, or firewall reconfiguration would be necessary.  In fact you could use a warm standby server with a different name/IP and keep it online for patching and during the failure simply rename and re-assign IP addresses, and then clear ARP caches in the connected routers/firewalls to force the change.


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, July 24, 2009 12:52 PM
    Moderator
  • BTW, Microsoft has just released a white paper addressing these topics for R2:

    Microsoft Office Communications Server 2007 R2 Site Resiliency White Paper
    http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c930febb-3a44-4bf3-969d-1c52675a7063
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, July 24, 2009 1:04 PM
    Moderator
  • Thanks everyone. I appreciate all the replies. It has been helpful.
    Cheers
    Friday, July 24, 2009 3:47 PM