Technically, Reverse Proxy is not a Lync Server role. It’s more like a helping hand, guiding Lync’s communications to where you want them to go.

I haven’t focused much on reverse proxies here in the past. Which is why today’s Lync Insider post is dedicated to their explanation and understanding. Let’s get started.

What is a reverse proxy? What does it do?

Definition of a reverse proxy from Wikipedia:

“In computer networks, a reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as though they originated from the server itself (or servers themselves). While a forward proxy acts as an intermediary for its (usually nearby) associated clients and returns to them resources accessible on the Internet, a reverse proxy acts as an intermediary for its (usually nearby) associated servers and only returns resources provided by those associated servers.”

So a reverse proxy is a type of intermediary. Like a regular proxy, it stands between your computer and a server, passing messages between them when appropriate. The function serves to aid privacy, keep security tight and balance network resources.Reverse Proxy as a Way Out

There is an excellent diagram of how a reverse proxy operates (as well as a regular ‘forward’ proxy) at
Difference between Proxy Server and Reverse Proxy Server – StackOverflow

Is this process the same when you use a Reverse Proxy Server in Lync?

Primarily, yes. The Reverse Proxy Server sits in the perimeter network, like your Edge Servers do. There it processes certain messages you send via your Lync 2013 client. The difference is in what those messages ask for.

When do we need to use a reverse proxy in Lync Server?

The Reverse Proxy’s function in Lync is to facilitate client access to the Lync Web Services. These are optional services, but the list is long and very useful. From TechNet:

  • Enabling external users to download meeting content for your meetings.
  • Enabling external users to expand distribution groups.
  • Enabling remote users to download files from the Address Book service.
  • Accessing the Lync Web App client.
  • Accessing the Dial-in Conferencing Settings webpage.
  • Accessing the Location Information service.
  • Enabling external devices to connect to Device Update web service and obtain updates.
  • Enabling mobile applications to automatically discover and use the mobility (Mcx) URLs from the Internet.
  • Enabling the Lync 2013 client, Lync Windows Store app and Lync 2013 Mobile client to locate the Lync Discover (autodiscover) URLs and use Unified Communications Web API (UCWA).

Please note: None of these are critical, necessary functions! Lync users can get by just fine without a reverse proxy. IM/Presence, Enterprise Voice, & Persistent Chat all work without one.

It’s only when you want to provide those Web services to external users (normal users on mobile devices, telecommuters, non-users such as customers) that you’ll want to put in a reverse proxy.

How do I set up a Reverse Proxy in Lync?

In the past, the standard software choice for running a Reverse Proxy Server with Lync was the ForeFront Threat Management Gateway 2010 (TMG). However Microsoft discontinued TMG in November 2012.

Since then, the standard has been Internet Information Server Application Request Routing (IIS ARR). There are other options you can try – see “Additional Resources” below for one such option – but we’d normally recommend using IIS ARR.

You’ll find setup instructions linked on the Setting Up Reverse Proxy Servers page. The Vytru Blog also has a good tutorial: Installing Lync 2013 Reverse Proxy IIS ARR – Vytru Blog.

The basic steps are:

  1. Install PowerShell prerequisites
  2. In Lync Topology Builder, configure Web Services FQDNs
  3. In IIS Manager, create a server farm in Application Request Routing
  4. Add application servers to the farm (minimum 1, more if you need redundancy or load balancing)
  5. Configure the new servers
  6. Request & install a certificate on the reverse proxy
  7. Configure Web Publishing Rules
  8. Create DNS Records
  9. Test your new reverse proxy!

I encourage you to read the above links before attempting to install a reverse proxy. The process has many steps–and many steps means many places where we can miss or skip something by accident.

Ideally, the best time to install a reverse proxy is right after you install a fresh instance of Lync Server 2013. But so long as you have the Web Services URLs, you can install one at any time.

What’s your experience with Reverse Proxy? If you have a story – or a question – please comment or email it to us.

Additional Resources:
Configuring Reverse Proxy Access to Microsoft Lync Server 2013 using KEMP LoadMaster – NextHop
Lync Edge Server Best Practices – Jeff Schertz’s Blog

Reverse Proxies 101

One thought on “Reverse Proxies 101

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.