Introduction

You need an edge server, if you want to let external users (Not logged into your organizations internal network) to be able to interact with internal users. These external users could be.

• Authenticated remote users
• Anonymous remote users
• Federated users (from different organizations)
• Mobile clients

Edge Server Roles

There are four types of roles in Skype For Business Edge Server.

Co-Location of Edge Roles

All four edge services are collocated on the edge server. You can have a different media edge server but you can’t install an edge server with just AV edge service.

You can also chose to disable either of the edge services on edge pool\server.

Sample Topology

This is just a reference topology. Your edge design should be based on various design factors; external features, location, security concern, high availability etc.

You need to configure two interfaces of the edge server; internal and external. Internal interface would interact with the internal servers (front end\Director etc). External interface needs ip address and port configuration for each of the edge services (access, web, av).

A single default gateway should be defined only on the external interface. This would force all traffic to go to internet, except the internal ones. For which you need to define static route.

Internal DNS Requirements

Edge servers are not domain joined machines. You need to create a DNS entry for each of the Edge servers using internally used domain names.

Let’s assume, Skype for Business pool FQDN is sfbpool.contoso.com, and Edge server hostname is Edge01. DNS entry should be created as below (internal DNS server).

Edge01.contoso.com 192.168.1.30 (IP address of internal interface)

External DNS Requirements

You need to create external DNS records for the external IP addresses you have configured on the edge servers. DNS entries would look like as below. These records need to be created on public DNS servers.

Access Edge Service

Web Conferencing Edge Service

Audio Video Edge Service

SRV Records

Firewall Requirements

For more details on firewall requirements: https://technet.microsoft.com/en-us/library/gg398833.aspx

Define Edge Server Topology

Launch Topology Builder on a server (Skype for Business Admin Tools must be installed on the server). Right Click the Edge Pools, click New Edge Pool.

Click Next.

On the Define the Edge pool FQDN screen, type the FQDN (internal), and select Single computer pool,

clicking Next when done

On the Select features screen, chose the features you want.

Ob below screen, If you didn’t check the Use a single FQDN and IP Address check box, you’ll need to enter the three external FQDNs for the SIP Access Edge service, the Web Conferencing Edge service, and the A/V Edge service. Click Next when done.

Make appropriate selection in below screen.

Type the IP address of your Edge Server in the Internal IPv4 address.

Type the IP address of your Edge Server in the External IPv4 address.

In the Next hop pool box, select the name of your internal pool, which might be a Front End pool or a Standalone pool. If you have a Director in your environment, you should choose the Director. Then click Next.

Select the pool to associate with this edge server\pool. Click Finish.

Publish the Topology

In Topology Builder, in the console tree, right-click Skype for Business Server 2015 and then click Publish Topology.

Click Next.

Click Finish.

Export Edge Server Topology

Start the Skype for Business Server Management Shell.

In the Skype for Business Server Management Shell, run the following:

Copy the exported file to the local drive of Edge Server.

Deploy Edge Server

Log onto the server you’ve been configuring for the Edge Server role with an account that’s in the local Administrator’s group

You’ll need the topology configuration file you copied out at the end of the Edge Server Topology documentation on this machine. Access the external media you placed that configuration file on (like a USB drive or share).

Start the Deployment Wizard.

Once the wizard opens, click Install or Update Skype for Business Server System.

The wizard will run checks to see if anything’s already installed. As this is the first time running the wizard, you’ll want to start at Step 1. Install Local Configuration Store.

The Configure Local Replica of Central Management store dialog will appear. You need to click Import from the file you exported in last section.

From here, browse to the location of the topology you exported previously, select the .zip file, click Open, and then click Next.

The Deployment Wizard will read the configuration file and write the XML configuration file to the local computer.

After the Executing Commands process is finished, click Finish.

In the Deployment Wizard, click Step 2. Setup or Remove Skype for Business Server Components. The wizard will then install the Skype for Business Server 2015 Edge components specified in the XML configuration file that’s been stored on the local computer.

Assign Certificate

Internal Certificate

In the Deployment Wizard, click Step 3: Request, Install, or Assign Certificates, click Run

On the Certificate Request page, ensure Internal Edge Certificate is selected, and click Request and Assign the certificate.

External Certificate

In the Deployment Wizard, click Step 3: Request, Install, or Assign Certificates, click Run

On the Available Certificate Tasks page, click Create a new certificate request.

On the Certificate Request page, ensure External Edge Certificate is selected, and click Next.

Follow through the steps to assign external certificate.

Start Services

Go to services console (services.msc), and start following services.

External Access Configuration

Launch Skype For Business Control Panel, ensure that the access policies are configured appropriately.