Download Skype for Business cloud connector deployment

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
Document related concepts
no text concepts found
Transcript 
SKYPE FOR BUSINESS CLOUD
CONNECTOR DEPLOYMENT
Shankar Paulraj
SEPTEMBR 21, 2016
Version
1.0
1.1
Date
21 Sep 2016
10 Oct 2016
Author
Shankar Paulraj
Shankar Paulraj
Change Description
Initial draft
Include configuration for CLID
manipulation, Call Transfer & MOH.
Contents
Overview ......................................................................................................................................... 2
Prepare your environment for Cloud Connector ............................................................................. 3
IP Address Requirements ............................................................................................................ 3
External Firewall Requirements .................................................................................................. 3
Edge Certificate Requirements.................................................................................................... 4
Download CCE Setup File on Host Machine.............................................................................. 5
Install CCE Setup on Host Machine ........................................................................................... 6
Verify Installation Directory ....................................................................................................... 7
Setup external certificate path on Host Machine ........................................................................ 7
Create virtual switches in Hyper-V Manager .............................................................................. 7
Update the CloudConnector.ini file ............................................................................................ 8
Download Sample ini file ..................................................................................................... 14
Download the bits to the Site Directory .................................................................................... 15
Prepare Base Virtual Disk from Windows Server 2012R2 ISO file ......................................... 15
Set the PowerShell Execution policy to RemoteSigned............................................................ 16
Change local Group Policy to not forcefully unload the user registry at user logoff ............... 17
Download the Skype for Business Online module for PowerShell .......................................... 17
Deploy a single site in Cloud Connector ...................................................................................... 17
Register the appliance ............................................................................................................... 17
Install appliance......................................................................................................................... 18
Configure Cloud Connector integration with your Office 365 tenant .......................................... 18
Update Public DNS for your domain ........................................................................................ 18
Setup Hybrid and Configure O365............................................................................................ 19
Test Client Sign-In and PSTN Dial out..................................................................................... 21
Modify the configuration of an existing Cloud Connector deployment ....................................... 22
Additional Configuration .............................................................................................................. 23
Remove Country code from SFB Client CLID ......................................................................... 23
Disable REFER support ............................................................................................................ 23
Enable Client Music On Hold ................................................................................................... 24
Reference ...................................................................................................................................... 24
Overview
This guides covers steps involved in downloading and installing Skype for Business Cloud
Connector Edition 1.4.1.
Microsoft Technet link https://technet.microsoft.com/en-us/library/mt605228.aspx was used
as reference throughout the deployment.
In order to perform a successful deployment, do spend more time on planning and modifying
the configuration file “CloudConnector.ini” with accurate values.
Yet to explore the Enterprise Voice features available in cloud, this guide is a work in progress
and will be updated with more information.
Internal Network
Signaling
media
Signaling
Edge
media
SFB Online User in
Internet
media
PSTN Gateway
Mediation
Skype for Business
Online Infra
media
CMS
Signaling
Domain Controller
SFB Online User in
Internal Network
High-level Requirements
1 x Host Server with Windows 2012R2 Data Center Edition
1 x PSTN Gateway (makes no sense to test the CCE without an On-Premise PSTN Gateway)
1 x Public SSL Cert (free version can be obtained for LAB)
1 x Public IP for the Edge Access
1 x Working O365 Tenant with E5 License
Prepare your environment for Cloud Connector
IP Address Requirements
Plan the IP address for your environment.
Host
IP Address
Gateway
Remarks
AD
172.16.40.151/24
10.16.40.1
CMSServer
172.16.40.152/24
10.16.40.1
MediationServer
172.16.40.153/24
10.16.40.1
172.16.40.154/24
NA
192.168.1.154/24
192.168.1.1
NAT to <public IP>
One Public IP Needed for Edge External Interface
172.16.100.11
NA
PSTN Gateway listening on Port: 5068
EdgeServer
Gateway1
External Firewall Requirements
Source IP
Destination IP
Source Port
Destination Port
Cloud Connector Edge
External Interface
Any
Any
TCP 5061
Cloud Connector Edge
External Interface
Any
Any
TCP 80
Cloud Connector Edge
External Interface
Any
Any
UDP 53
Cloud Connector Edge
External Interface
Any
Any
TCP 53
Cloud Connector Edge
External Interface
Any
TCP 50,000-59,999
Any
Outgoing Traffic from Edge
Cloud Connector Edge
External Interface
Any
UDP 3478; UDP
50,000-59,999
Any
Any
Cloud Connector Edge
External Interface
Any
TCP 443; TCP 50,00059,999
Any
Cloud Connector Edge
External Interface
Any
UDP 3478; UDP 50,000
- 59,999
Any
Cloud Connector Edge
External Interface
Any
TCP 5061
Incoming Traffic to Edge
Note: My Lab environment did not have Internal Firewall
Edge Certificate Requirements
From any machine, run DigiCert Certificate Utility and create CSR.
Copy CSR and generate Cert using public CA.
Used following CA for this lab.
https://startssl.com/OTPlogin
Install the certificate on the machine from which CSR was created.
Export the certificate with private key
Download CCE Setup File on Host Machine
http://aka.ms/getcce141
Install CCE Setup on Host Machine
Verify Installation Directory
Setup external certificate path on Host Machine
Copy the certificate created previously to the Host machine folder C:/Certs
Set the certificate path for CCE
Create virtual switches in Hyper-V Manager
1. Open Hyper-V Manager > Virtual Switch Manager, and select New Virtual Switch
Manager.
2. Create an External virtual switch and bind it to the physical network adapter that is
connected to your internal network domain.
Select Allow management operating system to share this network adapter for this
virtual switch.
3. Create an External virtual switch and bind it to the physical network adapter that is
connected to the Internet and has a public IP address assigned.
Select Allow management operating system to share this network adapter for this
virtual switch.
4. Set the name of the switch that is connected to your perimeter network to your internal
network domain to SfB CCE Corpnet Switch.
Set the name of the switch that connects your perimeter network to the internet SfB
CCE Internet Switch.
Update the CloudConnector.ini file
Site parameters
Description
Virtual machine
domain name
Domain name for the internal components of Cloud Connector.
This domain should be different from the production domain.
The name can be the same across all instances of Cloud
Connectors.
Name in .ini file: “VirtualMachineDomain”
Cloud Connector
domain controller
name
Name of the domain controller.
Name in .ini file: “ServerName”
Cloud Connector
domain controller
IP/subnet mask
IP address of the domain controller.
Name in .ini file: “IP”
O365 Online service
FQDNs
Should be the default in most cases for the world-wide O365
instance.
Name in .ini file: “OnlineSipFederationFqdn”
SiteName
Skype for Business site name; for example, Seattle.
Name in .ini file: “SiteName”
For Release 1.4.1, site name must be different for each site and
the name must match the PSTN site defined in Office 365.
HardwareType
Release 1.4.1 only
Type of hardware. The default value is Normal. You can also set
to Minimum.
Country Code
Country Code for Dialing.
Name in .ini file: “CountryCode”
City
City (Optional).
Name in .ini file: “City”
State
State (Optional).
Name in .ini file: “State”
Notes
Base VM IP address
The IP address of the temporary base VM that will be used to
create the VHDX for all Cloud Connector virtual machines. This
IP should be in the same perimeter corporate network subnet
defined in the next step and requires Internet access. Be sure
to define the corporate default gateway and the DNS that is
routable to the internet.
Name in .ini file: “BaseVMIP”
WSUSServer
WSUSStatusServer
Release 1.4.1 only
The address of the Windows Server Update Services (WSUS)—
an intranet server to host updates from Microsoft Update.
You can leave blank if WSUS is not needed.
Subnet mask for
internal network
Cloud Connector configures an IP network for internal
communication between Cloud Connector components. Edge
also should be connected to another subnet which allows
Internet connectivity.
Name in .ini file: “CorpnetIPPrefixLength” under “Parameters
for a pool of VM network”
Subnet mask for
external network
For the external network of the Edge component.
Name in .ini file: “InternetIPPrefix” under “Parameters for a
pool of VM network”
Switch name for
internal network
Name for switch that will be used for the internal Cloud
Connector network.
In most cases the default suggested value can be used.
Name in .ini file: “CorpnetSwitchName” under “Parameters for
a pool of VM network
Switch name for
external network
Name for switch that will be used for the external Cloud
Connector network.
In most cases the default suggested value can be used.
Name in .ini file: “InternetSwitchName” under “Parameters for
a pool of VM network
Default Gateway for
internal network
This gateway should provide access to the Internet (Internet
also requires setting the DNS server) and will be configured on
internal interfaces of Cloud Connector components.
Name in .ini file: “CorpnetDefaultGateway” under “Parameters
for a pool of VM network
Default Gateway for
external interface of
Edge component
Will be configured on external interface of Edge component.
Name in .ini file: “InternetDefaultGateway” under “Parameters
for a pool of VM network
DNS server for internal
network
Will be configured on internal interface of temporary VM.
Should provide name resolution for Internet names. Without
providing a DNS server, internet connection will fail and
deployment will not finish.
Name in .ini file: “CorpnetDNSIPAddress” under “Parameters
for a pool of VM network
DNS Server for
external interface of
Edge component
Will be configured on external interface of Edge.
Name in .ini file: “InternetDNSIPAddress” under “Parameters
for a pool of VM network
Management switch
name
Management switch is a temporary switch that will be created
automatically, and that will be used for configuration of Cloud
Connector during the deployment. It will be disconnected
automatically after the deployment. It should be a different
subnet from any other networks used in Cloud Connector.
In most cases the default suggested value can be used.
Name in .ini file: “ManagementSwitchName” under
“Parameters for a pool of VM network
Management subnet
address/subnet mask
Management subnet is a temporary subnet that will be created
automatically, and that will be used for configuration of Cloud
Connector during the deployment. It will be removed
automatically after the deployment. It should be a different
subnet from any other networks used in Cloud Connector.
Names in .ini file: “ManagementIPPrefix” and
“ManagementIPPrefixLength” under “Parameters for a pool of
VM network
Central Management
Store (CMS) Machine
Single FQDN used for Central Management Store (CMS). The
AD Domain name will be used to generate the FQDN.
Name in .ini file: “ServerName” under “Parameters for Primary
Central Management Service
CMS Machine IP
address
IP address for CMS Server (internal in perimeter network).
Name in INI file: “IP” under “Parameters for Primary Central
Management Service
File Share Name
File Share Name to be created on CMS server for Skype for
Business replication data (for example, CmsFileStore).
In most cases the default suggested value can be used.
Name in .ini file: “CmsFileStore” under “Parameters for Primary
Central Management Service
Mediation component
Pool Name
Pool Name of Mediation component. Enter Netbios name only.
The AD Domain name will be used to generate the FQDN.
Name in .ini file: “PoolName” under “Parameters for a pool of
Mediation Servers”
Mediation component
name
Component Name of Mediation component 1. Enter Netbios
name only. The AD Domain name will be used to generate the
FQDN.
Name in .ini file: “ServerName” under “Parameters for a pool
of Mediation Servers”
Mediation component
Machine IP address
Internal Corpnet IP for Mediation component (internal in
perimeter network).
Name in .ini file: “IP” under “Parameters for a pool of
Mediation Servers”
Edge pool internal
name
Pool Name of Edge component. Enter Netbios name only. The
AD Domain name will be used to generate the FQDN.
Name in .ini file: “InternalPoolName” under “Parameters for a
pool of Edge Servers”
Edge Server internal
name
Component Name of Edge component. Enter Netbios name
only. The AD Domain name will be used to generate the FQDN.
Name in .ini file: “InternalServerName” under “Parameters for
a pool of Edge Servers”
Edge server internal IP
Internal perimeter network IP of Edge component to
communicate with other components of Cloud Connector.
Name in .ini file: “InternalServerIPs” under “Parameters for a
pool of Edge Servers”
Access Pool External
Name
Name of Access Edge; for example, AP. This name must match
the name provided for the SSL certificate. Enter Netbios name
only. The SIP Domain name will be used to generate the FQDN.
One external pool name will be used for all Edge components
in the pool. One Edge Access pool is required per PSTN site.
Name in .ini file: “ExternalSIPPoolName” under “Parameters
for a pool of Edge Servers”
External IP of Access
Edge
External IP of Edge component – either Public IP if no NAT is
available, or translated IP (please specify both addresses if
mapped).
accessedgepool
“sip” is reserved
and therefore
cannot be used as
the name.
The generated
FQDN name must
match the name
provided for the
SSL certificate.
Name in .ini file: “ExternalSIPIPs” under “Parameters for a pool
of Edge Servers”
Media Relay name
Name of Audio Video Media Relay Edge; for example, MR. One
external pool name will be used for all Edge components in a
pool. One Edge Media Relay pool is required per PSTN site.
Name in .ini file: “ExternalMRFQDNPoolName” under
“Parameters for a pool of Edge Servers”
External IP of Media
Relay Edge
Currently only one IP is supported, so this will be the same IP
as Access Edge, either public or mapped IP (please specify both
addresses if mapped). Can be the same address as Edge
component External IP of Access Edge. Note if Edge is behind
NAT, you also need to specify the value for the next parameter.
Name in .ini file: “ExternalMRIPs” under “Parameters for a pool
of Edge Servers”
External IP of Media
Relay Edge (if Edge is
behind NAT)
If your Edge is behind NAT you also need to specify the public
address of the NAT device.
Name in .ini file: “ExternalMRPublicIPs” under “Parameters for
a pool of Edge Servers”
Voice Gateway 1 Make
and Model
Specify the make and model of the SBC/Voice gateway. Note
that you can connect a device or SIP trunk from the list of
tested devices athttp://technet.Microsoft.com/UCOIP.
Voice Gateway 2 Make
and Model (copy this
row if you have more
than 2 gateways)
Specify the make and model of Voice gateway. Note that you
can connect a device from the list of tested
devices http://technet.Microsoft.com/UCOIP.
Voice Gateway 1
Name
Used to generate the machine FQDN with AD Domain.
Required if TLS will be used between the Mediation
component and Voice Gateway. If you do not plan to use
FQDN—for example, TLS is not required or Voice Gateway
doesn’t support connection using FQDN (only IP)—please
specify.
Voice Gateway 2
Name (copy this row if
you have more than 2
gateways)
Used to generate the machine FQDN with AD Domain.
Required if TLS will be used between Mediation component
and Voice Gateway. If you do not plan to use FQDN—for
example, TLS is not required or Voice Gateway doesn’t support
connection using FQDN (only IP)—please specify.
NA
Voice Gateway 1 IP
Address
IP Address of Voice Gateway.
Voice Gateway 2 IP
Address (copy this row
if you have more than
2 gateways)
IP Address of Voice Gateway.
Voice Gateway 1 Port
# (copy this row if you
have more than 2
gateways)
Port that the Voice Gateway SIP trunk will listen on, e.g. 5060.
Voice Gateway 2 Port
#
Port that the Voice Gateway SIP trunk will listen on, e.g. 5060.
Voice Gateway 1
Protocol for SIP Traffic
TCP or TLS.
Voice Gateway 2
Protocol for SIP Traffic
(copy this row if you
have more than 2
gateways)
TCP or TLS.
NA
External Media port
range for traffic to and
from Edge component
TCP/UDP port range for media traffic to and from external
interface of edge. Must always start from 50 000. Refer to
“Ports and Protocols” for more information.
50000 - 59 999
Media port range to
communicate to/from
the Mediation
component via the
internal firewall
UDP port range that the Mediation component will use to
communicate to clients and gateways (recommendation 4
ports per call).
Media port range to
communicate to/from
Skype for Business
client via internal
firewall
For planning purposes, cannot be changed. Ports need to be
opened in the internal firewall to communicate between Skype
for Business clients within the internal network and with the
Mediation component.
Public Certificate
password
Must be provided in the script.
NA
NA
50 000- 50 019
Safe Mode
Administrator
Password
Safe mode administrator password for internal CC domain.
Cloud Connector
Domain Administrator
password
Password for Cloud Connector Domain Administrator (different
from your production domain). User name is Administrator.
You cannot change the user name.
Virtual Machines
Administrator
Password
Will be used to configure management network during the
deployment.
User name is Administrator. You cannot change the user name.
Enable REFER support
This will define whether SIP REFER support is enabled or
disabled on the Trunk Configuration to your IP/PBX. The
default value is True. If your IP/PBX Gateway supports REFER
support, please leave this as True. If it does not, this value
needs to be changed to False. If you are not sure if your
gateway supports REFER, please seeQualified IP-PBXs and
Gateways.
Forward PAI
Release 1.4.1 only
Determines whether the PAI (P-Asserted-Identity) header field
is forwarded from the Mediation Server to the gateways.
The value can be True or False. The default value is True.
Download Sample ini file
Copy the sample ini file from C:\Users\Administrator\CloudConnector\ApplianceRoot
Rename the file to CloudConnector.ini and edit the file to suit your environment.
Download the bits to the Site Directory
Download time depends on network conditions. Run the Get-CcDownloadProgress cmdlet to
check the download status.
Prepare Base Virtual Disk from Windows Server 2012R2 ISO file
This step prepares a virtual hard disk (VHDX) file from the Windows Server 2012 ISO image. The
VHDX will be used to create virtual machines during deployment. A temporary virtual machine
(base VM) will be created and Windows Server 2012 will be installed from the ISO file. After the
VM is created, some necessary components will be installed. At the end, the base VM will be
generalized (sysprep) and cleaned up, leaving only the generated virtual disk file.
Download the ISO file “WindowsServer2012R2.iso” on Host Server.
Sample command: Convert-CcIsoToVhdx -IsoFilePath
c:\Users\Administrator\Downloads\WindowsServer2012R2.iso -PauseBeforeUpdate
Ensure that the VM has internet access and then type “Y”.
After almost 3 long hours,
Set the PowerShell Execution policy to RemoteSigned
On the Host machine ensure that execution policy is set “RemoteSigned”
Change local Group Policy to not forcefully unload the user registry at user logoff
The CceService account is created during the Skype for Business Cloud Connector Edition (CCE)
deployment. It runs the CCE Management Service and requires permission to uninstall the
cloudconnector.msi.
To change the Group Policy setting
1. Open the Group Policy Editor by running gpedit.msc.
2. In the Group Policy Editor, navigate to Administrative Templates > System > UserProfile
> Do not forcefully unload the user registry at user logoff.
3. Set its value to be Enabled.
Download the Skype for Business Online module for PowerShell
Download and install SFB online module for PowerShell
https://www.microsoft.com/en-us/download/details.aspx?id=39366
Deploy a single site in Cloud Connector
Register the appliance
Enter necessary password for accounts.
Install appliance
>Install-CcAppliance
Verify the Virtual Machines
Configure Cloud Connector integration with your Office 365 tenant
Update Public DNS for your domain
TYPE
SERVICE
PROTOCOL
PORT
TARGET
NAME
SRV
_sip
_tls
443
sipdir.online.lync.com
@
SRV
_sipfederationtls
_tcp
5061
sipfed.online.lync.com
@
RECORDS FOR THE EDGE SERVER
TYPE
HOST
NUMERIC IP
A
accessedgepool
<your edge public ip>
A
mr
<your edge public ip>
Setup Hybrid and Configure O365
Import Module SkypeOnlineConnector
Connect to O365 Tenant
Import Session
Setup Hybrid Connectivity
>Set-CsTenantHybridConfiguration -PeerDestination <External Access Edge FQDN>
-UseOnPremDialPlan $false
>Set-CsTenantFederationConfiguration -SharedSipAddressSpace $True
Configure Tel URI for Users
Assumption: User is configured in O365 and assigned E5 license.
Set-CsUser -Identity "<User name>" -EnterpriseVoiceEnabled $true HostedVoiceMail $true -OnPremLineURI <tel:+phonenumber>
Setup UM
New-CsOnlineUMDialplan -Identity BusinessVoice_8D_DialPlan CountryOrRegionCode 1 -NumberOfDigitsInExtension 8
Enable UM Mailbox for Users
Get-CsOnlineUser -Identity <SipAddress/UPN> | Enable-CsOnlineUMMailbox
Test Client Sign-In and PSTN Dial out
Make Test Calls
Modify the configuration of an existing Cloud Connector deployment
Follow below procedure ONLY if there is a need to change any of the CCE settings that was
configured using the INI file previously.
If there is only one appliance in the site, when you want to change the configuration settings
after the appliance is deployed, you can modify the CloudConnector.ini file and start the
deployment again.
1. Run the following cmdlet to uninstall all existing virtual machines on host server:
>Uninstall-CcAppliance
2. Run the following cmdlet to unregister the appliance
>Unregister-CcAppliance
3. Update the CloudConnector.ini file in the Appliance Directory.
Modify INI file to include the changes that you may want.
4. Run the following cmdlet to register the appliance again
>Register-CcAppliance
5. Run the following cmdlet to install Skype for Business Cloud Connector Edition:
>Install-CcAppliance
Additional Configuration
Remove Country code from SFB Client CLID
Manipulate SFB Client CLID from the Mediation Server
New-CsOutboundCallingNumberTranslationRule -Parent "site:Site1" -Name
EightDigit -Description "Converts a dialed number to eight digits" -Pattern
'^\+65(\d{8})$' -Translation '$1'
Disable REFER support
Based on the PSTN gateway used there might be a need to disable REFER support on the trunk
configuration, otherwise the call transfer feature may not function correctly.
Disable REFER support from the Mediation Server
Set-CsTrunkConfiguration –Identity Site:Site1 -EnableReferSupport $false
Enable Client Music On Hold
Enable MOH from Skype Online.
Connect to Skype online and issue the following command.
Set-CsClientPolicy -Identity Global -EnableClientMusicOnHold $true
Reference
https://technet.microsoft.com/en-us/library/mt605228.aspx
Related documents
ASTR2050 Introduction to Astronomy and Astrophysics Studio lab April 1, 2005
ASTR2050 Introduction to Astronomy and Astrophysics Studio lab April 1, 2005
Operating System Research Worksheet
Operating System Research Worksheet
Formation of the Solar System
Formation of the Solar System
LDR LDR (or Light Dependant Resistor, or Photoresistor) is a
LDR LDR (or Light Dependant Resistor, or Photoresistor) is a
Weather Vocabulary PowerPoint
Weather Vocabulary PowerPoint
iKnowledge: Using Connectors (text only)
iKnowledge: Using Connectors (text only)
Water cycle crossword
Water cycle crossword
Functional Specification for 200 kV BIL BOL
Functional Specification for 200 kV BIL BOL
Earth Science - Chapter 1 Notes
Earth Science - Chapter 1 Notes
Station model interpretation
Station model interpretation
mossberg on cloud
mossberg on cloud
9. Using INI files to configure the system
9. Using INI files to configure the system