Posted by: kurtsh | January 13, 2016

HOWTO: Monitor Skype for Business or Lync Edge Servers with Operations Manager 2012

AMAZING POST.  This is more for my own reference but I think there’s a lot of folks running Skype for Business or Lync that could make use of this.

Hi All

Happy New Year for 2016. I thought I’d start off the year with a blog on a topic I have been meaning to get to for 18 months now J, and that is on monitoring your Skype/Lync Edge servers with Operations Manager. Too often I go out and review Skype/Lync environments that include an Edge component and find that external role is not well monitored. In my opinion, in a Skype and Lync environment monitoring your external facing components is critical and in some ways more important than monitoring your internal servers. This is of course down to the fact that they are external facing and more likely to be attacked/compromised. In the same vein, Skype Edge Servers should also be well managed, patched, configured for Antivirus and updated with software updates as they are released. Please make sure you monitor your Edge Servers and your Reverse Proxies. *End of rant* J

Now part of the reason I think Operations Manager doesn’t get used enough to monitor the Edge Server role is it can be quite tricky monitoring a server that is 1) in the DMZ and 2) in a workgroup. So this blog is all about setting up monitoring of an Edge Server with Operations Manager 2012 R2.

To use a Gateway Server or not?

The first decision you need to make when embarking off on this monitoring adventure is to decide whether or not you are going to allow your Edge Servers to talk directly to the Operations Manager Management Servers directly, or whether or not you need to funnel all communication from the DMZ through an Operations Manager Gateway server. Gateway servers are useful for taking connections from lots of servers in a DMZ and funnelling back the communication to the internal Operations Manager Server, limiting of course the connections from untrusted (in the DMZ) to trusted in the internal network. This is likely to be the best option for you if you have a lot of servers in the DMZ that need to be monitored.

image

Read the rest of this VERY LONG instructional post here:


Categories

%d bloggers like this: