This is related to systems directly facing the internet. There must be two systems handling traffic coming from the internet:

  • Reverse Proxy
  • Lync Edge Server
Regarding the Reverse Proxy component – it is highly recommended to use solutions which are supported, either by Microsoft or the vendor. Microsoft only supports IIS Application Request Routing (ARR)/Wireless Application Protocol (WAP) 1 and Threat Management Gateway (TMG). The Edge Security Pack (ESP) is a non-Microsoft solution which will be discussed later in this document.

The Lync Edge Server is one of the most secure servers. The reverse proxy only handles web traffic – the Edge Server handles all SIP traffic. The Edge Server acts as a real application firewall.

1

At time of write this document, Windows Server 2012 R2 Web Application Proxy (WAP) is not supported, due to problems handling Lync deployments with multiple SIP domains.