Lync Server 2013 中的埠摘要-調整式合併 edge (透過公用 IP 位址進行 DNS 負載平衡)Port summary - Scaled consolidated edge, DNS load balancing with public IP addresses in Lync Server 2013

 

主題上次修改日期: 2013-04-03Topic Last Modified: 2013-04-03

此案例架構中所述的 Lync Server 2013,Edge Server 功能非常類似于 Lync Server 2010 中所執行的功能。The Lync Server 2013, Edge Server functionality described in this scenario architecture is very similar to what was implemented in Lync Server 2010. 最值得注意的是加入了可延伸訊息及目前狀態通訊協定 (XMPP) 的連接埠 5269 over TCP 項目。The most noticeable addition is the port 5269 over TCP entry for the extensible messaging and presence protocol (XMPP). Lync Server 2013 (選用)在 Edge Server 或 Edge 集區上部署 XMPP proxy,並在前端伺服器或前端集區上部署 XMPP 閘道伺服器。Lync Server 2013 optionally deploys an XMPP proxy on the Edge Server or Edge pool and the XMPP gateway server on the Front End Server or Front End pool.

除了 IPv4 之外,Edge Server 現在還支援 IPv6。In addition to IPv4, the Edge Server now supports IPv6. 但為了清楚說明起見,此案例僅會使用 IPv4。For clarity, only IPv4 is used in the scenarios.

調整式合併 Edge 的企業周邊網路(透過公用 IP 位址進行 DNS 負載平衡)Enterprise perimeter network for Scaled Consolidated Edge, DNS Load Balancing with Public IP Addresses

96f5a8f5-16d2-464d-b86e-7c7ecfc89ead96f5a8f5-16d2-464d-b86e-7c7ecfc89ead

埠與通訊協定詳細資料Port and Protocol Details

建議您只開啟支援您提供外部存取之功能所需的埠。It is recommended that you open only the ports required to support the functionality for which you are providing external access.

若要讓遠端存取可用於任何 edge service,必須保證 SIP 流量雙向流動,如輸入/輸出 edge 流量圖所示。For remote access to work for any edge service, it is mandatory that SIP traffic is allowed to flow bi-directionally as shown in the Inbound/Outbound edge traffic figure. 換句話說,來回 Access Edge Service 的 SIP 訊息會涉及立即訊息 (IM)、顯示狀態、Web 會議、音訊/視訊 (A/V) 與同盟等功能。Stated another way, the SIP messaging to and from the Access Edge service is involved in instant messaging (IM), presence, web conferencing, audio/video (A/V) and federation.

調整式合併 Edge (利用公用 IP 位址進行 DNS 負載平衡)的防火牆摘要:外部介面–節點1和節點 2 (範例) Firewall Summary for Scaled Consolidated Edge, DNS Load Balancing with Public IP Addresses: External Interface – Node 1 and Node 2 (Example)

角色/通訊協定/TCP 或 UDP/連接埠Role/Protocol/TCP or UDP/Port 來源 IP 位址Source IP address 目的地 IP 位址Destination IP address 注意事項Notes

XMPP/TCP/5269XMPP/TCP/5269

任何Any

XMPP Proxy 服務 (與 Access Edge service 共用 IP 位址) XMPP Proxy service (shares IP address with Access Edge service)

XMPP Proxy 服務接受來自定義之 XMPP 同盟中 XMPP 連絡人的流量XMPP Proxy service accepts traffic from XMPP contacts in defined XMPP federations

存取/HTTP/TCP/80Access/HTTP/TCP/80

Edge Server Access Edge service 公用 IP 位址Edge Server Access Edge service public IP address

任何Any

憑證撤銷/CRL 檢查及擷取Certificate revocation/CRL check and retrieval

存取/DNS/TCP/53Access/DNS/TCP/53

Edge Server Access Edge service 公用 IP 位址Edge Server Access Edge service public IP address

任何Any

透過 TCP 的 DNS 查詢DNS query over TCP

存取/DNS/UDP/53Access/DNS/UDP/53

Edge Server Access Edge service 公用 IP 位址Edge Server Access Edge service public IP address

任何Any

透過 UDP 的 DNS 查詢DNS query over UDP

Access/SIP (TLS) /TCP/443Access/SIP(TLS)/TCP/443

任何Any

Edge Server Access Edge service 公用 IP 位址Edge Server Access Edge service public IP address

外部使用者存取從用戶端到伺服器的 SIP 流量Client-to-server SIP traffic for external user access

存取/SIP (MTLS) /TCP/5061Access/SIP(MTLS)/TCP/5061

任何Any

Edge Server Access Edge service 公用 IP 位址Edge Server Access Edge service public IP address

適用於使用 SIP 的同盟與公用 IM 連線For federated and public IM connectivity using SIP

存取/SIP (MTLS) /TCP/5061Access/SIP(MTLS)/TCP/5061

Edge Server Access Edge service 公用 IP 位址Edge Server Access Edge service public IP address

任何Any

適用於使用 SIP 的同盟與公用 IM 連線For federated and public IM connectivity using SIP

Web 會議/PSOM(TLS)TCP/443Web Conferencing/PSOM(TLS)TCP/443

任何Any

Edge Server Web 會議 Edge service 公用 IP 位址Edge Server Web Conferencing Edge service public IP address

Web 會議媒體Web Conferencing media

A/V/RTP/TCP/50000-59999A/V/RTP/TCP/50,000-59,999

Edge Server A/V Edge service 公用 IP 位址Edge Server A/V Edge service public IP address

任何Any

與執行 Office 通訊伺服器2007、Office 通訊伺服器 2007 R2、Lync Server 2010 和 Lync Server 2013 的合作夥伴進行同盟所需。Required for federating with partners running Office Communications Server 2007, Office Communications Server 2007 R2, Lync Server 2010 and Lync Server 2013.

A/V/RTP/UDP/50000-59999A/V/RTP/UDP/50,000-59,999

Edge Server A/V Edge service 公用 IP 位址Edge Server A/V Edge service public IP address

任何Any

僅適用于執行 Office 通訊伺服器2007之合作夥伴的同盟。Required only for federation with partners running Office Communications Server 2007.

A/V/RTP/TCP/50000-59999A/V/RTP/TCP/50,000-59,999

任何Any

Edge Server A/V Edge service 公用 IP 位址Edge Server A/V Edge service public IP address

僅適用于執行 Office 通訊伺服器2007之合作夥伴的同盟Required only for federation with partners running Office Communications Server 2007

A/V/RTP/UDP/50000-59999A/V/RTP/UDP/50,000-59,999

任何Any

Edge Server A/V Edge service 公用 IP 位址Edge Server A/V Edge service public IP address

僅適用于執行 Office 通訊伺服器2007之合作夥伴的同盟Required only for federation with partners running Office Communications Server 2007

A/V/STUN、MSTURN/UDP/3478A/V/STUN,MSTURN/UDP/3478

Edge Server A/V Edge service 公用 IP 位址Edge Server A/V Edge service public IP address

任何Any

3478輸出可用來判斷與 Lync Server 進行通訊的 Edge Server 版本,以及來自 Edge Server 至 Edge Server 的媒體流量。3478 outbound is used to determine the version of Edge Server that Lync Server is communicating with and also for media traffic from Edge Server-to-Edge Server. 與 Lync Server 2010、Windows Live Messenger 和 Office 通訊伺服器 2007 R2 的同盟是必要的,此外,如果在公司內部署了多個 Edge 集區,也是必要的。Required for federation with Lync Server 2010, Windows Live Messenger, and Office Communications Server 2007 R2, and also if multiple Edge pools are deployed within a company.

A/V/STUN、MSTURN/UDP/3478A/V/STUN,MSTURN/UDP/3478

任何Any

Edge Server A/V Edge service 公用 IP 位址Edge Server A/V Edge service public IP address

透過 UDP/3478 之 STUN/TURN 候選的交涉STUN/TURN negotiation of candidates over UDP/3478

A/V/STUN、MSTURN/TCP/443A/V/STUN,MSTURN/TCP/443

任何Any

Edge Server A/V Edge service 公用 IP 位址Edge Server A/V Edge service public IP address

透過 UDP/443 之 STUN/TURN 候選的交涉STUN/TURN negotiation of candidates over TCP/443

A/V/STUN、MSTURN/TCP/443A/V/STUN,MSTURN/TCP/443

Edge Server A/V Edge serviceEdge Server A/V Edge service

任何Any

透過 UDP/443 之 STUN/TURN 候選的交涉STUN/TURN negotiation of candidates over TCP/443

調整式合併 Edge (透過公用 IP 位址進行 DNS 負載平衡)的防火牆摘要:內部介面–節點1和節點 2 (範例) Firewall Summary for Scaled Consolidated Edge, DNS Load Balancing with Public IP Addresses: Internal Interface – Node 1 and Node 2 (Example)

通訊協定/TCP 或 UDP/連接埠Protocol/TCP or UDP/Port 來源 IP 位址Source IP address 目的地 IP 位址Destination IP address 註解Comments

XMPP/MTLS/TCP/23456XMPP/MTLS/TCP/23456

任何 (都可以定義為前端伺服器位址,或執行 XMPP 閘道服務的前端集區 IP 位址) Any (can be defined as Front End Server address, or Front End pool IP address running the XMPP Gateway service)

Edge Server 內部介面Edge Server internal interface

來自前端伺服器或前端集區上執行之 XMPP 閘道服務的輸出 XMPP 流量Outbound XMPP traffic from XMPP Gateway service running on Front End Server or Front End pool

SIP/MTLS/TCP/5061SIP/MTLS/TCP/5061

任何 (都可以定義為 Director、Director 集區 IP 位址、前端伺服器或前端集區 IP 位址) Any (can be defined as Director, Director pool IP address, Front End Server or Front End pool IP address)

Edge Server 內部介面Edge Server internal interface

(從 Director、Director 集區 IP 位址、前端伺服器或前端集區 IP 位址) 到 Edge Server 內部介面的輸出 SIP 流量Outbound SIP traffic (from Director, Director pool IP address, Front End Server or Front End pool IP address) to Edge Server internal interface

SIP/MTLS/TCP/5061SIP/MTLS/TCP/5061

Edge Server 內部介面Edge Server internal interface

任何 (都可以定義為 Director、Director 集區 IP 位址、前端伺服器或前端集區 IP 位址) Any (can be defined as Director, Director pool IP address, Front End Server or Front End pool IP address)

從 Edge Server 內部介面) 的輸入 SIP 流量 (到 Director、Director 集區 IP 位址、前端伺服器或前端集區 IP 位址Inbound SIP traffic (to Director, Director pool IP address, Front End Server or Front End pool IP address) from Edge Server internal interface

PSOM/MTLS/TCP/8057PSOM/MTLS/TCP/8057

任何 (都可以定義為前端伺服器的 IP 位址,或前端集區中的每個前端伺服器 IP 位址) Any (can be defined as Front End Server IP address, or each Front End Server IP address in a Front End pool)

Edge Server 內部介面Edge Server internal interface

如果在集區中,則為 Edge Server 內部介面,來自前端伺服器或每一部前端伺服器的 Web 會議流量Web conferencing traffic from Front End Server or each Front End Server if in a pool, to Edge Server internal interface

SIP/MTLS/TCP/5062SIP/MTLS/TCP/5062

任何 (都可以定義為前端伺服器的 IP 位址,或前端集區的 IP 位址,或是使用此 Edge Server 的任何 Survivable Branch 裝置或 Survivable Branch 伺服器) Any (can be defined as Front End Server IP address, or Front End pool IP address or any Survivable Branch Appliance or Survivable Branch Server using this Edge Server)

Edge Server 內部介面Edge Server internal interface

A/V 使用者的驗證 (A/V 驗證服務) 來自前端伺服器或前端集區的 IP 位址,或是使用此 Edge Server 的任何 Survivable 分支裝置或 Survivable 分支伺服器Authentication of A/V users (A/V authentication service) from Front End Server or Front End pool IP address or any Survivable Branch Appliance or Survivable Branch Server using this Edge Server

STUN/MSTURN/UDP/3478STUN/MSTURN/UDP/3478

任何Any

Edge Server 內部介面Edge Server internal interface

內部與外部使用者之間的 A/V 媒體傳輸的慣用路徑,Survivable Branch 裝置或 Survivable Branch 伺服器Preferred path for A/V media transfer between internal and external users, Survivable Branch Appliance or Survivable Branch Server

STUN/MSTURN/TCP/443STUN/MSTURN/TCP/443

任何Any

Edge Server 內部介面Edge Server internal interface

內部與外部使用者之間 A/V 媒體傳輸的回退路徑。 Survivable 分支裝置或 Survivable Branch Server 如果無法建立 UDP 通訊,則會使用 TCP 進行檔案傳輸和桌面共用Fallback path for A/V media transfer between internal and external users, Survivable Branch Appliance or Survivable Branch Server if UDP communication cannot be established, TCP is used for file transfer and desktop sharing

HTTPS/TCP/4443HTTPS/TCP/4443

任何 (都可以定義為前端伺服器的 IP 位址,或存放中央管理存放區的集區) Any (can be defined as the Front End Server IP address, or pool that holds the Central Management store)

Edge Server 內部介面Edge Server internal interface

從中央管理存放區到 Edge Server 的變更複製Replication of changes from the Central Management store to the Edge Server

MTLS/TCP/50001MTLS/TCP/50001

任何Any

Edge Server 內部介面Edge Server internal interface

集中式記錄服務控制器使用 Lync Server 管理命令介面和集中式記錄服務 Cmdlet,ClsController 命令列 ( # A0) 或 agent ( # A1) 命令和記錄檔集合Centralized Logging Service controller using Lync Server Management Shell and Centralized Logging Service cmdlets, ClsController command line (ClsController.exe) or agent (ClsAgent.exe) commands and log collection

MTLS/TCP/50002MTLS/TCP/50002

任何Any

Edge Server 內部介面Edge Server internal interface

集中式記錄服務控制器使用 Lync Server 管理命令介面和集中式記錄服務 Cmdlet,ClsController 命令列 ( # A0) 或 agent ( # A1) 命令和記錄檔集合Centralized Logging Service controller using Lync Server Management Shell and Centralized Logging Service cmdlets, ClsController command line (ClsController.exe) or agent (ClsAgent.exe) commands and log collection

MTLS/TCP/50003MTLS/TCP/50003

任何Any

Edge Server 內部介面Edge Server internal interface

集中式記錄服務控制器使用 Lync Server 管理命令介面和集中式記錄服務 Cmdlet,ClsController 命令列 ( # A0) 或 agent ( # A1) 命令和記錄檔集合Centralized Logging Service controller using Lync Server Management Shell and Centralized Logging Service cmdlets, ClsController command line (ClsController.exe) or agent (ClsAgent.exe) commands and log collection

同盟的防火牆摘要Firewall Summary for Federation

角色/通訊協定/TCP 或 UDP/連接埠Role/Protocol/TCP or UDP/Port 來源 IP 位址Source IP address 目的地 IP 位址Destination IP address 注意事項Notes

存取/SIP (MTLS) /TCP/5061Access/SIP(MTLS)/TCP/5061

Access Edge Service 公用 IP 位址Access Edge service public IP address

任何Any

適用於使用 SIP 的同盟與公用 IM 連線For federated and public IM connectivity using SIP

防火牆摘要 - 公用立即訊息連線Firewall Summary – Public Instant Messaging Connectivity

角色/通訊協定/TCP 或 UDP/連接埠Role/Protocol/TCP or UDP/Port 來源 IP 位址Source IP address 目的地 IP 位址Destination IP address 注意事項Notes

存取/SIP (MTLS) /TCP/5061Access/SIP(MTLS)/TCP/5061

公用 IM 連線協力廠商Public IM connectivity partners

Edge Server Access Edge serviceEdge Server Access Edge service

適用於使用 SIP 的同盟與公用 IM 連線For federated and public IM connectivity using SIP

存取/SIP (MTLS) /TCP/5061Access/SIP(MTLS)/TCP/5061

Edge Server Access Edge serviceEdge Server Access Edge service

公用 IM 連線協力廠商Public IM connectivity partners

適用於使用 SIP 的同盟與公用 IM 連線For federated and public IM connectivity using SIP

Access/SIP (TLS) /TCP/443Access/SIP(TLS)/TCP/443

用戶端Clients

Edge Server Access Edge serviceEdge Server Access Edge service

外部使用者存取從用戶端到伺服器的 SIP 流量Client-to-server SIP traffic for external user access

A/V/RTP/TCP/50000-59999A/V/RTP/TCP/50,000-59,999

Edge Server A/V Edge serviceEdge Server A/V Edge service

Live Messenger 用戶端Live Messenger clients

如果有設定 IM 連線,可與 Windows Live Messenger 用於 A/V 工作階段Used for A/V sessions with Windows Live Messenger if public IM connectivity is configured.

A/V/STUN、MSTURN/UDP/3478A/V/STUN,MSTURN/UDP/3478

Edge Server A/V Edge serviceEdge Server A/V Edge service

Live Messenger 用戶端Live Messenger clients

與 Windows Live Messenger 進行公用 IM 連線時必須使用Required for public IM connectivity with Windows Live Messenger

A/V/STUN、MSTURN/UDP/3478A/V/STUN,MSTURN/UDP/3478

Live Messenger 用戶端Live Messenger clients

Edge Server A/V Edge serviceEdge Server A/V Edge service

與 Windows Live Messenger 進行公用 IM 連線時必須使用Required for public IM connectivity with Windows Live Messenger

可延伸訊息和顯示狀態通訊協定的防火牆摘要Firewall Summary for Extensible Messaging and Presence Protocol

通訊協定/TCP 或 UDP/連接埠Protocol/TCP or UDP/Port 來源 (IP 位址)Source (IP address) 目的地 (IP 位址)Destination (IP address) 註解Comments

XMPP/TCP/5269XMPP/TCP/5269

任何Any

Edge Server Access Edge service interface IP addressEdge Server Access Edge service interface IP address

XMPP 的標準伺服器對伺服器通訊連接埠。Standard server-to-server communication port for XMPP. 允許來自同盟 XMPP 合作夥伴的 Edge Server XMPP proxy 的通訊Allows communication to the Edge Server XMPP proxy from federated XMPP partners

XMPP/TCP/5269XMPP/TCP/5269

Edge Server Access Edge service interface IP addressEdge Server Access Edge service interface IP address

任何Any

XMPP 的標準伺服器對伺服器通訊連接埠。Standard server-to-server communication port for XMPP. 允許從 Edge Server XMPP proxy 到同盟 XMPP 合作夥伴的通訊Allows communication from the Edge Server XMPP proxy to federated XMPP partners

XMPP/MTLS/TCP/23456XMPP/MTLS/TCP/23456

任何Any

每個內部 Edge Server 介面 IPEach internal Edge Server Interface IP

從前端伺服器或前端集區的 XMPP 閘道到 Edge Server 內部 IP 位址或每個 Edge 集區成員的內部 IP 位址的內部 XMPP 流量Internal XMPP traffic from the XMPP Gateway on the Front End Server or Front End pool to the Edge Server internal IP address or each Edge pool member’s internal IP address