Wow!
Reaching this point took some time. It all started with my general interest of new technology and this time is really a good time to be an IT-consultant.
This year Microsoft has released new versions of Exchange, Lync, Sharepoint, Office and recently new versions of Windows Server, and SQL Server. For me I decided to create the perfect home lab to play around with all these services and we all know doing this on our spare time is more effective compared to try to setup all these things at work.
Therefore I have two HP Microservers running esxi in my homecooking lab.
Hardware spec
| OS | Vmware ESXi 5.1 + vSphere |
| Memory | 16GB ECC memory |
| CPU | N40 and N54 AMD Turion |
| Disks | 4x128GB SSD 6GB/s diskar + a few TB 7200 SATA disk |
| Raid | HP 212 Raidcontroller |
| NIC | Intel DualGigabit NICs |
| Broadband | ComHem 100Mbit/s Cable with four dynamic public IPs |
The server runs a bunch of VMs:
Internet gateway (Loophole) is a standard PFSense NetBSD firewall that takes care of External IPv4 and IPv6 traffic (IPv6 being a tunnel to HE.net).
Inbound http/https traffic goes to a reverse proxy (Squid IIS) that takes care of external access for Lync (web conferencing), Exchange 2013 (OWA, Active Sync, Autodiscover and EWS), Microsoft CRM, Office Web Apps and Sharepoint (This blog and the extranet)
Lync edge and Direct Access are the two last services with external access and there did my four IP addresses goes 🙂
The rest of the services consists of a simple 2008 ADDS together with an internal CA, one Asterisk service (To run enterprise voice), Linux web server, a backup server (Veeam) and a SQL Server 2012 mainly used for Microsoft CRM.
The interesting fact here would be that all services are fully operational both internally and externally where the only peace missing would be the dial-in conferencing number but I didn’t want to add an extra PSTN number for a service I would never use 🙂 As I already have Enterprise voice configured as a replacement for my regular home line I’m done there. Of course UM works and you can leave a voice message that Exchange 2012 UM takes cares of.
The performance is alright considered the CPU is targeted for laptop systems and not servers. OWA is really snappy and Sharepoint works fine. The only issue I have atm would be Lync Front-End that takes to much resources and sometimes decides to stop the Lync Front-End service where it could be a pain to get it running again. This happens however only when you have high load on other Vms (for example installing a service pack or CU).
No more IPs
Of course it can be a bit tricky to run all these services on only four IP-addresses. I’m sure however that I could have run things with even fewer addresses if I would have decided to run Lync edge and DA behind NAT on the firewall. I felt that I however would prefer to take the load off the firewall. The only issue now would be that I need to re-create the DA and Lync Edge policy when my IPs change, luckily that does not happen to often.
Running a reverse proxy for all the http/https traffic sure helps a lot and squid is a really great replacement for TMG where Microsoft has not really been communicating well about the future of their Access Edge products (UAG) that is based on TMG (And that product is gone).
Getting squid to work with NTLM and to be able to support all the different requirements where the most challenging part as the open source community does not really care that much about Sharepoint, so to speak 🙂
In follow-up blog posts I will describe how things have been configured and how you can run squid as a replacement reverse-proxy in your org. Stay tuned.
