Publishing Office Web Apps Server in Lync Server 2013 using F5 Local Traffic Manager (LTM)

This article provides step-by-step instructions on how to publish Office Web Apps Server in Lync Server 2013 for external meeting participants (that is, users joining Lync meetings from outside your organization's firewall) using F5's BIG-IP LTM.  There is an iApp template for Office Web Apps Server that you can use, but in some cases, it's necessary to set it up manually.

Before we can start working with BIG-IP LTM, we need to know the external URL used by the Office Web Apps Server farm. 

Below is the Office Web Apps Server farm settings in my lab:

You must use the FQDN published under "InternalURL" when configuring Office Web Apps Server though the Topology Builder:

 

Initially, I wasn't sure as to which URL was needed to be published in Lync topology, but I soon found that the external participants are provided with the "ExernalURL" configured in the Office Web Apps Server farm in order to view the PowerPoint presentation.  The "ExernalURL" DOES NOT need to be published in Lync topology.  However, you have to make sure to create a DNS (A) record for the external URL and that it's pointing to the reverse proxy IP address.

 

 

In my lab environment, owaext.acme.com is the external URL that needs to be published through the reverse proxy using F5 BIG-IP LTM.

These are the steps involved in configuring BIG-IP LTM as a Lync Reverse Proxy:

  • Creating a new server-side (LAN) TCP profile
  • Creating a new client-side (WAN) TCP profile
  • Importing Office Web Apps Server certificate
  • Creating a new SSL Server profile
  • Creating a new SSL Client profile
  • Creating a new HTTPs Monitor
  • Creating a new Lync Front End Pool
  • Creating a new Cookie Persistence profile
  • Creating a new Source Address Persistence profile
  • Creating a new Virtual Server

 

1. Create a new server-side (LAN) TCP profile

1.1  From the main menu, navigate to Local TrafficVirtual ServersProfilesProtocolTCP

1.2  Click Create on the top right

1.3  Type in the name of the profile (e.g., Lync_WAC_tcp_lan)

1.4  Select tcp-lan-optimized as the Parent Profile

Note: This will import all the values from the tcp-lan-optimized baseline(parent) profile.

1.5  Click Repeat at the bottom of the screen

 

 

2. Create a new client-side (WAN) TCP profile

2.1  Type in the name of the profile (e.g., Lync_WAC_tcp_wan)

2.2  Select tcp-wan-optimized as the Parent Profile

Note: This will import all the values from the tcp-wan-optimized baseline(parent) profile.

2.3  Click Finished at the bottom of the screen

  

3. Create a new HTTP profile

3.1  From the main menu, navigate to Local TrafficVirtual ServersProfiles – ServicesHTTP

3.2  Click Create on the top right

3.3  Type in the name of the profile (e.g., Lync_WAC_http)

3.4  Select http as the Parent Profile

Note: This will import all the values from the http baseline(parent) profile.

3.5  Check the Custom box on the top right

3.6  Change the Redirect Rewrite value from None to Matching

3.7  Click Finished at the bottom of the screen

 

 

4. Import Office Web Apps Server certificate

4.1  From the main menu, navigate to SystemFile ManagementSSL Certificate List

4.2  Click Import on the top right

4.3  Select PKCS 12 (IIS) as the Import Type

4.4  Type in the certificate name (e.g., wacext_acme.com)

4.5  Click Browse to locate the certificate/private key (.pfk file) that you exported from the Office Web Apps Server

4.6  Enter the password

4.7  Click Import to complete the importing process

 

 

5. Create a new SSL Server profile

5.1  From the main menu, navigate to Local TrafficVirtual ServersProfilesSSLServer

5.2.  Click Create on the top right

5.3  Type in the name of the profile

5.4  Select serverssl as the Parent Profile

Note: This will import/keep all the values from the serverssl baseline(parent) profile.

5.5  Click Finished at the bottom of the screen

 

 

 

6. Create a new SSL Client profile

6.1  From the main menu, navigate to Local TrafficVirtual ServersProfilesSSLClient

6.2  Click Create on the top right

6.3  Type in the name of the profile

6.4.  Select clientssl as the Parent Profile

Note: This will import/keep all the values from the clientssl baseline(parent) profile.

6.5  Check the Custom box on the top right

6.6  Select the certificate and key that you imported in Step 4

6.7  Click Finished at the bottom of the screen

 

 

7. Create a new HTTPS monitor

7.1  From the main menu, navigate to Local TrafficMonitors

7.2.  Click Create on the top right

7.3  Type in the name of the profile

6.4  Select HTTPS as the Type and https as the Parent Monitor

Note: This will import/keep all the values from the https baseline(parent) monitor.

7.5  Enter 30 secondsfor the Interval

7.6  Enter 91 secondsfor the Interval

7.7  Enter GET /hosting/discovery HTTP/1.1\r\nHost: owaext.acme.com\r\nConnection: Close\r\n\r\n for the Send String

7.8  Enter wopi-discovery for the Receive String

7.9  Click Finished at the bottom of the screen

 

8. Create a new Pool

8.1  From the main menu, navigate to Local TrafficVirtual ServersPoolsPool List

8.2  Click Create on the top right

8.3  Type in the name of the pool (e.g., Lync_WAC_pool)

8.4  Select the Health Monitor that you created in Step 7 and move it over to Active

8.5  Select Least Connections (member) as the Load Balancing Method

Note: The Least Connections load balancing method determines the member/node with the least connections to pass the service request. Thus, the service requests are evenly distributed among poor members. This method is recommended for supporting long-lived connections.

8.6  Select Node List to see the list of available nodes (click New Node and enter the IP address of each Office Web Apps Server if the servers are not in the list)

8.7  Select the IP address of each Office Web Apps Server

8.8  Enter 443 as the Service Port and click Add

8.9  Click Finished at the bottom of the screen once all the servers have been added

 

9. Create a new Cookie Persistent profile

9.1  From the main menu, navigate to Local TrafficVirtual ServersProfiles – Persistence

9.2.  Click Create on the top right

9.3  Type in the name of the profile

9.4  Select Cookie as the Persistent Type

9.4  Select cookie as the Parent Profile

Note: This will import/keep all the values from the cookie baseline(parent) profile.

9.5  Click Finished at the bottom of the screen

 

10. Create a new Source Address Persistent profile

10.1  From the main menu, navigate to Local TrafficVirtual ServersProfiles – Persistence

10.2  Click Create on the top right

10.3  Type in the name of the profile

10.4  Select Source Address Affinity as the Persistent Type

10.4  Select source_addr as the Parent Profile

Note: This will import/keep all the values from the source_addr baseline(parent) profile.

10.5  Click Finished at the bottom of the screen

 

 

11. Create a new Virtual Server

11.1  From the main menu, navigate to Local TrafficVirtual ServersVirtual Server List

11.2  Click Create on the top right

11.3  Type in the name of the virtual server (e.g., Lync_WAC_vs)

11.4  Select Host as the Destination Type

11.5  Enter the IP address of the external URL

11.6  Enter 443 as the Service Port

11.7  From Configuration, select Advanced

11.8  Select the TCP client profile that you created in Step 2 as the Protocol Profile (Client)

11.9  Select the TCP server profile that you created in Step 1 as the Protocol Profile (Client)

11.10 Select the SSL client profile that you created in Step 6 as the SSL Profile (Client)

11.11 Select the SSL server profile that you created in Step 5 as the SSL Profile (Server)

11.12 Select the HTTP profile that you created in Step 3 as the HTTP Profile

11.13 Select Auto Map for the Source Address Translation

11.14 From the Resources section, select the pool you previously created in Step 8 as the Default Pool

11.15 Select the Cookie Persistent profile that you created in Step 9 as the Default Persistent Profile

11.16 Select the Source Address profile that you created in Step 10 as the Fallback Persistence Profile

11.17 Click Finished at the bottom of the screen

 

 

 

Once all above steps have been completed, you can validate the configuration by navigating to the WOP URL:

https://owaext.acme.com/hosting/discovery