I previously wrote a walkthrough on deploying a Lync 2010 SBA. I thought I’d write an updated post for a Lync 2013 SBA. Not a lot has changed in the process or in how the SBA worked. Since writing the last walkthrough net has been acquired by Sonus. I am using the same gateway, a Sonus SBC 1000 (previously called net UX 1000)
There are essentially 3 major steps to deploying an SBA
- Lync Topology Configuration
- “Gateway” Setup
- “SBA” Setup
The SBA is basically a gateway and a server in a single box. You configure the gateway part like you would configure any other Sonus gateway. You then configure the Survivable Branch Appliance (the server part).
Any 2010 SBA can be upgraded to a 2013 SBA by uploading a new 2013 Image to the SBA blade. This is done via copying the image to a USB and inserting it to the gateway.
1) Lync Topology Configuration
I have a mixed 2010/2013 lab environment. We will be adding an SBA to a 2013 Standard Edition Pool. I won’t comment each step, they are pretty self explanatory.
Choose your 2013 pool
Edge if you are going to have one
2) Sonus UX 1000 Gateway Setup for Lync
This is just a high level overview of the gateway setup:
Import the root certificate for the environment
Generate a Cert request for the gateway
Copy thhe base 64 cert request text to an Enterprise CA and generate a certificate
Upload the generated cert to the gateway (via uploading .cer or pasting base64 string)
Run the Lync setup wizard. This set s the gateway up based on the scenario you define.
The “gateway setup” part is now complete.
3) Sonus UX 1000 Survivable Branch Appliance Setup
The SBA is essentially a little blade server in the box. It can be setup with a 2010 SBA image, 2013 SBA image, or even a standard Server 2008 R2 image if you want (for example to run a branch DC where an SBA isn’t needed.
SBA Image setup
A new Sonus SBC 1000/2000 SBA will ship with all three images, which are held on a backup partition, so you can choose the appropriate one. If you have a 2010 SBA you can add the 2013 Image. Talk to your support partner about getting the 2013 image.
In this scenario we are going to use the 2013 SBA Image, so we choose that, apply.
It can take up to 40 minutes (usually around 30 in my experience)
Once complete, you can see from the ASM/Operational status menu the image is Lync Server 2013 SBA and that the operational status is presently unknown (because it isn’t configured)
We go to the setup SBA menu and configure an IP on the SBA
Then we join it to the domain
Domain join causes the SBA to reboot (note it can reboot independently of the gateway)
Next we deploy the SBA in three steps; Prepare, Start Replication and Activate
This might take a while
Now we must provide a certificate for the Lync services on the SBA. Note, you can auto submit but you must know the CA name.
I usually go old school and generate, download, sign on the enterprise CA then upload to the SBA
Save to notepad
Submit Base64, paste in the cert request
Download Certificate, note must download in base64 format (not DER as I screenshot)
Back to side menu on the gateway, under Lync SBA/Import SBA Certificate
Open the cert you generated in notepad and paste it in
Note, you will usually be using an Enterprise CA, so AD join will cause the root to download on the SBA. However if you are not you may need the chain or to import the trusted root manually via logging onto remote desktop
Once complete return to the setup workflow and you will see the CSR/Cert step complete
Next Start the SBA services:
Finally apply the security template that hardens the windows server install
Back to operational status, we can se the SBA up and running
If we want to logon to remote desktop to the SBA for any reason we can. We can also set the local administrator password:
Remote desktop on the SBA. Note on the 2013 SBA we have the centralised logging service
We can see the SBA replicating in topology:
Now we can move a user to the SBA
We can validate they are on the SBA by press ctrl and right click on the Lync tray icon to get the config menu
Note Connected Lync Server is lab3-sba1.lab3.com
That’s it. All pretty easy via the nice web GUI