Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Skype for Business
Cloud Connector Edition
Planning and Migration Guide
Version 1.0
© 03.03.2016, Thomas Pött, MVP Office ...
Index
Index..................................................................................................................
Release Notes:
The technical level of this document is 200.
This article requires knowledge about Skype for Business Serve...
Introduction of Cloud Connector Edition
First look we have is into the change setup, or some may say common setup for a hy...
 Mediation Server Role
(SIP to SIP, Codec conversion)
 Edge Server Role
(Access Edge, Media Relay, Media Relay Authentic...
Next look we take is into the simplified on-premise components based on the Could Connector
Edition (CCE)
On Premise
PSTN
...
Tenant support in Office 365
As another point, mostly for companies offering customize service to their end customers ask ...
Cloud Connector Active Directory Forest
In any hybrid scenario, the users are either one- or two way synched between On-Pr...
Cloud Connector (CCE) Topologies
As in the last chapter we discussed the Active Directory topologies, now we have a look i...
CCE ABA in planning:
Since the hardware spec’s are tremendous, I asked for other options which make the solution having
a ...
High Availability:
In the same way we must calculate the SLA / availability of single site.
You can archive 99.9% availabi...
The next example will explain the call routing via the second Site London. Assuming the client
initiates a call to a UK ph...
Migration to Cloud PBX with Cloud Connector Edition
Migration can be quite tricky. We have multiple scenarios from where w...
On Premise (SITE LONDON)
User
Cloud Connector
Edition VMs
Office 365 including
Skype for Business Online (E5 Plan)
Cloud P...
Target: Cloud Connector Edition + Office 365 Calling Plan (Cloud Voice Users) + Skype for
Business partial Enterprise Voic...
Infrastructure requirements for Cloud Connector Edition
Physical infrastructure
First look we had ware into the components...
Certificates externally
Additional to DNS entries, we require public signed SAN Certificate in the form of:
SN/ CN ACCESS....
Firewall Port Configuration1
Internal firewall
Source IP Destination IP Source Port Destination Port
Cloud Connector Media...
Prochain SlideShare
Chargement dans…5
×

Skype for business cloud connector edition v1.0

4 145 vues

Publié le

How to plan and Migrate to Microsoft Skype for Business Cloud Connector for Office 365 Cloud PBX feature.

Publié dans : Technologie

Skype for business cloud connector edition v1.0

  1. 1. Skype for Business Cloud Connector Edition Planning and Migration Guide Version 1.0 © 03.03.2016, Thomas Pött, MVP Office Server (Skype for Business) Version 1.0 contact: via contact from on http://lyncuc.blogspot.com
  2. 2. Index Index........................................................................................................................................................ 2 Introduction of Cloud Connector Edition................................................................................................ 4 Tenant support in Office 365.............................................................................................................................. 7 Cloud Connector Active Directory Forest................................................................................................ 8 Cloud Connector (CCE) Topologies.......................................................................................................... 9 CCE ABA in planning:........................................................................................................................................ 10 High Availability:............................................................................................................................................... 11 Multi-Site deployment ..................................................................................................................................... 11 Migration to Cloud PBX with Cloud Connector Edition......................................................................... 13 Greenfield......................................................................................................................................................... 13 Skype for Business with Enterprise Voice on-premise ..................................................................................... 14 Target: native Cloud Connector Edition ...................................................................................................... 14 Target: Cloud Connector Edition with Office 365 Calling Plan (Cloud Voice Users) .................................... 14 Target: Cloud Connector Edition + Skype for Business partial Enterprise Voice (on-premise) ................... 14 Target: Cloud Connector Edition + Office 365 Calling Plan (Cloud Voice Users) + Skype for Business partial Enterprise Voice (on-premise)..................................................................................................................... 15 Summary: ......................................................................................................................................................... 15 Infrastructure requirements for Cloud Connector Edition.................................................................... 16 Physical infrastructure...................................................................................................................................... 16 Logical infrastructure ....................................................................................................................................... 16 DNS.............................................................................................................................................................. 16 Certificates externally.................................................................................................................................. 17 Certificates internally .................................................................................................................................. 17 Firewall Port Configuration.......................................................................................................................... 18
  3. 3. Release Notes: The technical level of this document is 200. This article requires knowledge about Skype for Business Server, Office 365, certificate authorities and general knowledge about Office 365 hybrid configurations. The new feature announced for Skype for Business called Cloud Connector Edition (CCE) was recently published. This article describes the Planning considerations for simple and complex CCE deployments. It talks about Active Directory synchronization for Hybrid Office 365 installations. CCE will be a downloadable Virtual Machine environment only designed for Microsoft Hyper-V Windows Server 2012 R2. There are no physical PSTN Gateways available from Microsoft. This has to be integrated from 3rd party vendors. Note: This document is neither a sizing nor a configuration guide. You should use this document only for your environment planning’s purposes and design considerations. In lager environments you should spend some time to evaluate the optimal path of your PSTN deployment.
  4. 4. Introduction of Cloud Connector Edition First look we have is into the change setup, or some may say common setup for a hybrid Skype for Business deployment. The hybrid setup is literally nothing different than a regular on-premise deployment, connected to the Office 365 tenant. We have to deploy the on-premise system as we did in the past, including the dedicated DMZ servers, as there are Edge and Reverse Proxy server. The both environments are than combined, means federated. This is still valid if you have E5 plan and active the Cloud PBX. The Cloud PBX enables the Enterprise Voice features in the cloud. I don’t step further into the hybrid configuration, where you have users in the Cloud and On-Premise, neither I have look into the correct licensing, beside, with the E5 plan your users are entitled for Enterprise Voice. On Premise PSTN User SIP PBX or Provider Gateway Skype for Business Edge Reverse Proxy Office 365 including Skype for Business Online (E5 Plan) Cloud PBX Users As we see, we still require the on-premise server’s setup and configured as usual. Which leads us to the question of consultancy and integration services. Well in other words here we don’t see any changes. The work is still identically as we had this in the past, also with Lync 2013. Simplifying a deployment, especially while we are move towards the cloud is a defined goal. Asked simplification is:  It does not require a full on-premises Skype for Business Server deployment.  It is available worldwide.  Your users are homed online.  You can keep your current PSTN carrier if required.  You can purchase PSTN conferencing from Microsoft or from audio conferencing provider (ACP) partners.* (*) Audio Conferencing is available in tow possible methods, either you configure your own PSTN conferencing numbers or, your participate in the new Microsoft Cloud offering, where Microsoft provides a PSTN conferencing dial-in bridge. How can we archive this? Microsoft and some vendors, e.g. SONUS, come with perfect solution. The Microsoft answer is the Cloud Connector Edition for Skype for Business 2015. If we identify the required on-premise components, we see the:
  5. 5.  Mediation Server Role (SIP to SIP, Codec conversion)  Edge Server Role (Access Edge, Media Relay, Media Relay Authentication MRAS, Outbound Routing and CMS replica)  Central Management Store (CMS) (File Transfer and on-premise topology)  Domain Controller (if on-premise AD exits, this is still present in parallel) * (*) IMPORTANT NOTE The AD for the CCE will be independent of the on-premise AD and runs in its own forest. There is no connection to the local AD from point of the Cloud Connector. Next is, the AZURE AD, sure there are no issue with the Azure AD if the CCE AD runs in parallel! Next important requirement is, the user running Skype for Business 2015 Online in Office 365 and were moved into the Cloud MUST run EXCHANGE ONLINE! Set-CsUser $username -EnterpriseVoiceEnabled $true -HostedVoiceMail $true A good question asked now, why no Reverse Proxy Server. This is explained with, there is no internal Web Services present. This allows us further reduce the number of server roles. If those roles can be combined into s simplified deployment, we have reached our goals. Mediation Edge Domain Controller Central Management Store (CMS) Cloud Connector NOTE: Domain name for the internal components of Cloud Connector. This domain should be different from the production domain. The name can be the same across all instances of Cloud Connectors.
  6. 6. Next look we take is into the simplified on-premise components based on the Could Connector Edition (CCE) On Premise PSTN User SIP PBX or Provider Gateway Cloud Connector Edition VMs Office 365 including Skype for Business Online (E5 Plan) Cloud PBX Users Also recommended for those straight forward deployment is a virtualization technology, e.g. Hyper- V. The “blue” CCE components are subject to Virtual Machines only. Where we position those VM’s can be either on dedicated physical hosts or we might be able to implement them on the SBC, which has Intel infrastructure board integrated. NOTE: The user on-premise are not stored on the Could Connector, nor that Online User are replicated to the Cloud Connector. Meaning simple: there are NO users locally on the CCE. A local CCE database is not present.
  7. 7. Tenant support in Office 365 As another point, mostly for companies offering customize service to their end customers ask if a multi-tenant setup will be possible. There is a clear answer on this topic: NO User On Premise (Tenant A) AD Azure AD Sync (DirSync) User On Premise (Tenant B) AD Azure AD Sync (DirSync) Cloud Connector Edition VMs CCE AD Shared Cloud Connector PSTN WARING: This scenario is not support and not possible. The external Access Edge DNS name must be UNIQUE across Office 365 tenants Office 365 with Azure AD multi-tenant With Skype for Business Microsoft called back the multi-tenant pack for hoster’s. Therefor this environment enabling configuration splits is not available any longer and there is no way right now for supporting CCE at those scenarios. If you need a model where multiple parties are supported, you have to deploy CCE in parallel for each tenant one.
  8. 8. Cloud Connector Active Directory Forest In any hybrid scenario, the users are either one- or two way synched between On-Premise and Azure AD in Office 365, while in two-way sync the affected users MUST be administered from the On-Prem AD only! User Office 365 with Azure AD On Premise Users AD Azure AD Sync (DirSync) Next we are having look into the scenario, where the an On-Premise Active Directory is present. The standard method in Office 365 is the Azure AD Sync (DirSync) to the cloud. Now with the Cloud Connector installed, the AD Forrest created on the CCE is another, totally different forest and in no relationship with the On-Premise Active Directory (also NO TRUSTS). This is important. User Office 365 with Azure AD On Premise Users AD Azure AD Sync (DirSync) Cloud Connector Edition VMs CCE AD All users must be on Exchange Online, incl. UM
  9. 9. Cloud Connector (CCE) Topologies As in the last chapter we discussed the Active Directory topologies, now we have a look into the Cloud Connector deployment topologies. The topology includes high availability and site based definitions. First we have look into the SIP Signaling and the Media Path at the beginning. The Media Path is defined as the client to Mediation Server or gateway connectivity. On Premise PSTN User SIP PBX or Provider Gateway Cloud Connector Edition VMs Office 365 including Skype for Business Online (E5 Plan) Cloud PBX Users MEDIA SIP Signaling Signaling can be seen as functionality of the Cloud PBX feature, therefor we can understand that the path must be from the device to the Cloud PBX and from there to the Mediation Server component. This is identically with any other form of deployments. Not fully visualized is the SIP flow in detail, but as the Access Edge component must be involving, the signaling flies from the client internally to the Cloud PBX -> back to Access Edge -> than to the Mediation Server. Media instead was in defined as either to the Mediation Server or with Media By-Pass to the gateway directly. Now at point of writing this guide, the Media By-Pass feature is not available, but might be in later updates implemented. (This is different with the on-premise deployment) Some requirements are subject to consider: - Per PSTN breakout at least one Cloud Connector Edition is required - A single CCE instance can support up to 500 concurrent calls - A maximum number of 4 (3+1) CCE can be deployed per PSTN breakout - 3+1 refers to 3 CCE for scalability and +1 for high availability If the maximum number of PSTN call is higher than 3x500 = 1500, you can deploy another site in parallel to the existing one.
  10. 10. CCE ABA in planning: Since the hardware spec’s are tremendous, I asked for other options which make the solution having a better RoI, especially for smaller sites and customers. As we remember from OCS/ Lync and SfB, the on-premise solution offers Survival Branch Appliances (SBA), a system design with an embedded SfB Server, integrating the Mediation Server and minimalistic Frontend Server, the Registrar only. It enables customer still making and receiving calls if a WAN failure occurs between the SBA location and the central SfB pool. Authentication for users is handled by User Communication MTLS certificate. If we have deeper look into the CCE, it looks similar, beside we need authentication integrated for servers, which handles the integrated Active Director Domain Controller. Mediation server for Audio transcoding and a smaller dedicated topology database the minimalistic CMS and component for connections to the Office 365 SfB Online tenant, the Access Edge Server. As we see this similarity creates a possibility for SBA like CCE. E.g. Sonus is investigating this setup right now and I’m proud announcing this first. On Premise (SITE LONDON) PSTN User Cloud Connector Edition VMs on Sonus SBA CCE Office 365 including Skype for Business Online (E5 Plan) Cloud PBX Users Additionally, there are undergoing testing’s right now supporting high concurrent call volume. Here Sonus has tested a setup with 1000 concurrent calls on single CCE with their own gateway. Being fair to other vendors, this will be put into the qualification list from Microsoft and other will be able developing similar solutions.
  11. 11. High Availability: In the same way we must calculate the SLA / availability of single site. You can archive 99.9% availability by running a 2+2 setup. 99.8% is archived by either 1+1 or 3+1, which differs only in the maximum concurrent call volume. Multi-Site deployment If we have multiple sites deployed, the signaling stays the same. We only have the Cloud PBX feature in Office 365, so all initial communication has to go into the cloud first. We will have a look into the both sites MUNICH and LONDON. The both site have different breakouts and here we see the setup If the target phone number can’t be resolved through internal Reverse Number Lookup (RNL), it is defined as a PSTN call. Therefor the Voice Routes are taken into the loop. The call will be directed to the number breakout location. Which in the first case Munich, a German location. The client than established the Media Path through the Mediation Server component associated with Munich Site. On Premise (SITE MUNICH) PSTN User SIP PBX or Provider Gateway Cloud Connector Edition VMs Office 365 including Skype for Business Online (E5 Plan) Cloud PBX Users MEDIA SIP Signaling On Premise (SITE LONDON) User SIP PBX or Provider Gateway Cloud Connector Edition VMs Call to: +49 89 123456789
  12. 12. The next example will explain the call routing via the second Site London. Assuming the client initiates a call to a UK phone number and it is identified as such. Now signaling has to follow the preferred Access Edge server for the CCE Site identified, which is NOT the initial site in Munich, it is the second site in London. After the Session Initiate (INVITE) the SDN parameters will tell the client that from the Voice Routes chosen Mediation Server component, which is London and the Media Path will be established from the Client -> London Mediation Server -> London Gateway -> PSTN On Premise (SITE MUNICH) User SIP PBX or Provider Gateway Cloud Connector Edition VMs Office 365 including Skype for Business Online (E5 Plan) Cloud PBX Users MEDIA SIP Signaling On Premise (SITE LONDON) PSTN User SIP PBX or Provider Gateway Cloud Connector Edition VMs Call to: +44 20 87456321 Note: With on-premise ACP (Audio Conferencing PSTN) it stays similar, only that the conferencing component in the Cloud will connect directly to the on-premise Cloud Connector Mediation Server component.
  13. 13. Migration to Cloud PBX with Cloud Connector Edition Migration can be quite tricky. We have multiple scenarios from where we can move towards the Cloud PBX with CCE. I try describing the common scenarios and discuss possible difficulties. Starting with a greenfield setup; the other possible migration scenarios require at least an Office 365 deployment and Skype for Business setups Note: This section of the CCE guide will be continuously updated and we hope seeing a lot of changes coming. Greenfield What does greenfield mean? Assuming you didn’t run any LSC, OCS, Lync or Skype for Business software in your on-premise during the past and want to make use of the actual release of Microsoft Unified Communication software. You simply activate an Office 365 tenant and enable the Cloud users for Skype for Business there. Once you have the enabled you start rolling out CCE’s into your locations where you have the PSTN breakout and or having PBX systems ready for migration. Most likely in this scenario, you will have a PBX system in place. This can any classic PBX like Avaya, Lucent or others, as well you could operate other UC software, like Cisco CUCM or others. If you want to migrate, here is the scenario First you place an PSTN Gateway in-between your PSTN breakout and your PBX. If you do so with e.g. SONUS, since this device are configured in automatic bypass mode, it will be after the insert fully transparent. This is helpful, because you do not yet have any Office 365 Skype for Business Online user activated for enterprise voice. Well, I assume you have the online Dial Plans and Voice Policies ready The next step will be phone number migration. You configure the identical phone number a user has on the classic PBX now in Office 365. Three migration step’s run in parallel: - Configuring the GATEWAY pointing this dedicated number to the CCE (Cloud PBX) - Removing the phone number and user from the PBX and define this number to be directed externally. (From here the gateway can pick up the call from the PBX and direct it to the CCE) - Now activating the Office 365 user for Cloud PBX with same phone number as he was assigned on the classic PBX
  14. 14. On Premise (SITE LONDON) User Cloud Connector Edition VMs Office 365 including Skype for Business Online (E5 Plan) Cloud PBX Users All users must be on Exchange Online, incl. UM PSTN Sonus gateway AD Azure AD Sync (DirSync) Azure AD Connect On-Premise User Sync to Office 365 Phone Number Migration to Cloud PBX with CCE Call Routing destination based routing PSTN Audio Conferencing Provider Microsoft Brigde Note: Some PBX are having head number reservation configuration. Meaning, a dedicated number range is reserved by the PBX and call within this range can’t be routed outside the PBX. If this is the case, contact your vendor and find a workaround, e.g. shrinking the head number, or define face numbers in the PBX, which are than masked on the gateway. Skype for Business with Enterprise Voice on-premise Simply I have to state: If you need Skype for Business on-premise Voice and can’t move to the Cloud PBX + CCE yet, you have to consider a classic SfB hybrid solution utilizing pools, sites and SBA’s. Still benefiting from the Meeting Broadcasts and e.g Microsoft’s upcoming ACP for PSTN conferencing. This lets you RoI increase and you might be able in the near future consolidating your on-premise deployment. Target: native Cloud Connector Edition Moving towards native Cloud PBX with CCE’s only. Since we can see the not supported setup below, there is only one possible solution. You have to move all SfB users to SfB online first. From here you can deploy the CCE after you have fully decommission the SfB on-premise setup. This is not a scenario you link to offer to larger customer. But Microsoft is working on a solution. And I keep you updating towards this scenario. Target: Cloud Connector Edition with Office 365 Calling Plan (Cloud Voice Users) Not Supported! Target: Cloud Connector Edition + Skype for Business partial Enterprise Voice (on-premise) Not supported!
  15. 15. Target: Cloud Connector Edition + Office 365 Calling Plan (Cloud Voice Users) + Skype for Business partial Enterprise Voice (on-premise) Not supported! Summary: Write a summary isn’t that easy yet. As a result, out of the information above, I can highlight you should dig into the CCE setup soonest. For greenfield customers and for those where “one shot” migration can be considering, the benefit is huge of utilizing CCE deployments. If a smooth migration is required, where on-premise Skype for Business is present, there is right now no way of coping this task. You have to wait until some later releases Microsoft is coming up with. But again, if an on-premise, classic PBX is present, well please consider the CCE setup. It is a straight forward task for migration and it quite simple moving all users into the Cloud, especially if you only utilize the presence, IM and AV p2p and conferencing services. The enhancement with enterprise voice can be seen a next task in enhancing the services and user experience.
  16. 16. Infrastructure requirements for Cloud Connector Edition Physical infrastructure First look we had ware into the components involved in the Cloud Connector. It will be delivered form of only Hyper-V Virtual Machines (VMs). Each VM contains the featured server role from Skype for Business. This are 4 VM’s which require a dedicated physical host with a minimum of: - 64 bit dual CPU, six core (12 real core) a 2.5 GHz or higher - 64 GB RAM - 4x 600 GB 10k RPM 128MB Cache SAS 6Gbps Disks in RAID 5 - 3x 1 Gbps network adapter Recommended are at least 2 PSTN Gateway for redundancy. Azure Express Route between the sites and Office 365 are recommended, just I personally want to see them mandatory. As you need to ensure high quality and reliable networks. If you run your own ACP, meaning offering your personal conferencing dial-in numbers on your CCE. Audio is send from the Skype for Business Online conferencing MCU down and forth to your CCE. This requires the QoS being integrated in your network including the Office 365 tenant. Note: At point of writing this article it is in consideration of smaller physical servers if you will support less users and it will be confirmed soon. Logical infrastructure DNS DNS is required externally for the Access Edge Server and the Media Relay (Audio), Video is not implemented for local breakouts. It must be ensured, the internal CCE servers, can resolve internal DNS names and the Access Edge component the external DNS too. Therefor the Access Edge should resolve DNS externally and have a host file for internal DNS resolving (C:WindowsSystem32drivershosts) Note: (onmicrosoft.com DNS suffix external tenant is not supported!) External DNS entries (also used for certificates): Access Edge: e.g. ACCESS.SIPDOMAIN.COM Media Relay: e.g. MEDIA.SIPDOMAIN.COM Data Proxy: e.g. DP.SIPDOMAIN.COM (no necessary for certificates)
  17. 17. Certificates externally Additional to DNS entries, we require public signed SAN Certificate in the form of: SN/ CN ACCESS.SIPDOMAIN.COM SAN ACCESS.SIPDOMAIN.COM SAN SIP.SIPDOMAIN.COM If you have multiple SIP Domain registered with Office 365 (not confirmed yet) SN/ CN ACCESS.SIPDOMAIN.COM SAN ACCESS.SIPDOMAIN.COM SAN SIP.SIPDOMAIN.COM SAN SIP.SIPDOMAIN-B.COM SAN ACCESS.SIPDOMAIN-B.COM Note: Wildcard is supported as SN=SIP.SIPDOMAIN, SAN=SIP.SIPDOMAIN.COM + SAN=*.SIPDOMAIN.COM Certificates internally As usual, all internal Servers beside the Domain Controller require certificates, which can be either private certificates or externally signed. CMS (Primary or Backup) VM(s) require default certificate with server FQDN as the subject name. Mediation Server VM(s) require default certificate with Mediation Server Pool FQDN as the subject name. A single certificate can be used across all mediation server VMs, or each VM can use its own certificate as long as all of them have the pool FQDN in the subject name. Edge VM(s) Require internal certificate with Edge Server internal pool FQDN as the subject name. A single certificate can be used across all edge server VMs or each VM can use its own certificate as long as all of them have internal pool FQDN in the subject name. Note: Do not forget importing the Root CA Certificates if you are going to use internal/ private certificates.
  18. 18. Firewall Port Configuration1 Internal firewall Source IP Destination IP Source Port Destination Port Cloud Connector Mediation component SBC/PSTN Gateway Any TCP 5060** SBC/PSTN Gateway Cloud Connector Mediation component Any TCP 5068/ TLS 5067 Cloud Connector Mediation component Internal clients 49 152 – 57 500* TCP 50,000- 50,019 Cloud Connector Mediation component Internal clients 49 152 – 57 500* UDP 50,000- 50,019 Internal clients Cloud Connector Mediation component TCP 50,000- 50,019 49 152 – 57 500* Internal clients Cloud Connector Mediation component UDP 50,000- 50,019 49 152 -57 500* * This is the default port range on the Mediation component. For optimal call flow, four ports per call are required. ** This port should be configured on the SBC/PSTN gateway; 5060 is an example. You can configure other ports on your SBC/PSTN gateway. External firewall - minimum configuration Source IP Destination IP Source port Destination port Any Cloud Connector Edge External Interface Any TCP 5061 Cloud Connector Edge External Interface Any UDP 3478 UDP 3478 Any Cloud Connector Edge External Interface TCP 50,000- 59,999 TCP 443 Any Cloud Connector Edge External Interface UDP 3478 UDP 3478 Cloud Connector Edge External Interface Any TCP 50,000- 59,999 TCP 443 External firewall - recommended configuration Source IP Destination IP Source Port Destination Port Any Cloud Connector Edge External Interface Any TCP 5061 Cloud Connector Edge External Interface Any TCP 50,000-59,999 any Cloud Connector Edge External Interface Any UDP 3478; UDP 50,000-59,999 any Any Cloud Connector Edge External Interface Any TCP 443; TCP 50,000- 59,999 Any Cloud Connector Edge External Interface Any UDP 3478; UDP 50,000 - 59,999 1 Taken from Technet

×