Tuesday, October 18, 2016

Understanding Cloud Connector Edition (CCE) Network Design

Understanding Cloud Connector Edition (CCE) Network

CCE virtual machines

First I like to introduce the internal VM structure to CCE again. We will from here understand better the requirement for virtual networks.

We require network connection to the internet, the SBC and the virtual machines themselves.


PICTURE: CCE Network 00.png

 
The Cloud Connector Edition is built with 4 virtual machines, a subset from a typical on-premise deployment.

Domain Controller:
supporting the internal CCE PKI and the authentication for “CCE domain joint” machines.
Single NIC (internal VM only)

CMS:
contains the subset for the Skype for Business relevant minimalistic Topology
Single NIC (internal VM only)

Mediation Server:
Codec transcoding unit for the Session Boarder Controller, between the RTP data stream from Office 365 and Skype for Business Clients to the SBC.
Single NIC (internal VM and SBC on same subnet only)
NOTE:
The Mediation likewise the on-premise setup doesn’t allow a dual NIC setup. More over the SBC can be with on the same vNET or routed into the LAN.


Edge Server:
The Edge connects the rest of the CCE VMs with Office 365 tenant over the internet.
Dual NIC (internal VM and Internet)
 

CCE Network Switches in Hyper-V


Core to the CCE image installation is the ISO -> VHDX conversion. This process is generating the VM including their owned disks. The Windows Server ISO image is taken from a local storage (HDD) . Additionally, it requires a Windows Update process before the generalization occurs. This is done via temporary IP address assigned to the SfB CCE Corpnet Switch and uses a temporary IP from the BaseVMIP parameter, it must reach out to the Internet for Windows Updates.

In total we need to provide three (3) virtual switches in Hyper-V:
 
§  SfB CCE Corpnet Switch
The Corpnet enabled the VMs accessing each other (all VMs on this HOST), allows RDP into the VM, allows Skype for Business Clients to connect to the Mediation Server and connects the Mediation Server to the PSTN Gateway. It is also used for Windows and SfB Updates and required an Internet connection.

§  SfB CCE Management Switch
The management switch to provides temporary network connectivity of host and VMs during the VM deployment and will be disconnected after provisioning. ManagementIPPrefix in MUST be configured as different subnet from other internal IPs.

§  SfB CCE Internet Switch
Only used for Edge external access to the DMZ1 which is internet facing.


The parameter in the CCE CloudConnector.ini file represent the virtual switch names (vSwitch). They are not subject to chance and should be kept.

Those parameters are used during the setup scripting for VM installation.

PARAMETER
VALUE
ManagementSwitchName
SfB CCE Management Switch
InternetSwitchName
SfB CCE Internet Switch
CorpnetSwitchName
SfB CCE Corpnet Switch

 

PICTURE: CCE Network 01.png


CCE typical Network setup in Hyper-V


The CCE usability is defined with two possible access point, where the Skype for Business is either in the internal LAN or it outside the corporate network (Internet or any other LAN, e.g. Home Office).

Next we are discussing the position where the CCE and it SBC should be located. Since the CCE has it Edge Server, we shouldn’t place the CCE into the internal LAN. Best approach is the dedicated DMZ segment.

It plays a minor role if the SBC (ox IP-PBX) is within the sale DMZ or located on the internal LAN. This Media stream can be handled through a firewall without NAT. Same applies to the internal Skype for Business client.

As general security advice, the illustration below is the best approach and will isolate the CCE within its own DMZ.

 
PICTURE: CCE Network 03.png

 

If we have a look into the more detailed setup approach, where we wish the SBC is placed inside the CCE own DMZ, the firewalls are located on the external, Internet facing and the internal LAN facing connectivity paint.
 
NOTE:
The internal firewall must NOT have NAT enabled. A straight routing is required.

This illustration doesn’t reflect the entire routing, with either gateways nor static routes. But in general the Internet facing vNET required a default route in the direction of the Internet (0.0.0.0 -> GW INET). While the internal, LAN directed vNET, require a static route in the form of e.g. 10.0.0.0/8 -> GW-LAN
 

PICTURE: CCE Network 02.png

 

The last I wish highlighting again is:

You shouldn’t change the generic CCE vSwitch structure manually. The CCE deployment will fail if you do so. Same applies to the vSwitch naming. The setup is case sensitive, so please keep an eye on your typing’s.

If you deploy the CCE on a dedicated physical host (server) or you are choosing an Appliance, the network design is identical.


Friday, October 14, 2016

Skype for Business Network Assessment (Requirement for Office 365)

The network assessment is very crucial with Office 365 voice implementations.

This is valid if you run:
- PSTN Calling
- Cloud Connector Edition
- or any hybrid scenario

I also recommend a choosing a partner how has the appropriated knowledge and can analyze your network entirely.

Several tool and service are available measuring the network performance in the director the Office 365 datacenters. Either with or without the Express Route setup.
This should be part of the Microsoft Skype Operations Framework

The most optimal tool is the IR Prognosis UC Assessor:
http://www.ir.com/skype-for-business-assessment





The Assessor is the right tool, for professional analysis and repots.

-----------------------------------------------------------------------------------------------------

A free tool is available too from Microsoft it was release September 2016

https://www.microsoft.com/en-us/download/details.aspx?id=53885

Even if this tool also provide the rudimentary information, it is not simple in setup, neither it is capable providing a end-2-end monitoring.

You need a XML configuration file for you environment:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <startup>
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
    </startup>
    <appSettings>
     
<add key="Relay.IP" value="13.107.8.20"/>

      <!-- At least one of the following two protocols must be configured   -->
      <!-- Configure only one if testing only one protocol                  -->
      <!-- If both are configured, UDP will be preferred if it is available -->
      <add key="Relay.UDPPort" value="3478"/>
      <add key="Relay.TCPPort" value="443"/>

      <!-- WMAFilePath configures the WMA file to be streamed -->
      <!-- WMAOutputFilePath contains the received audio -->
      <!-- If WMAOutputFilePath already exists,the existing file will be overwritten-->
      <add key="WMAFilePath" value="Tone.wma"/>
      <add key="WMAOutputFilePath" value="ReceivedAudioFile.wma"/>

      <add key="NumIterations" value="3"/>
      <add key="ResultsFilePath" value="results.tsv"/>
      <add key="Delimiter" value="  "/>
      <add key="IntervalInSeconds" value="5"/>    </appSettings>
</configuration>

The Analyzer : ResultsAnalyzer.exe results.tsv provides you with an output of test results.
As you can see it is not made for permanent analysis and it can be seen just as an indicator.

Result Output:

Skype for Business - Network Assessment Tool - Results Analyzer
Input file:           results.tsv
Total rows read:      10
Total rows skipped:   0
Total rows processed: 10

90th percentile values per metric:
Packet loss rate:     0.50 %
RTT latency:          70.5 ms
Jitter:               10.0 ms
Packet reorder ratio: 0.00 %

If this is a Skype for Business Client machine connecting to the Microsoft network Edge:
Packet loss rate:     PASSED
RTT latency:          PASSED
Jitter:               PASSED
Packet reorder ratio: PASSED

If this is a network Edge connecting to the Microsoft network Edge:
Packet loss rate:     PASSED
RTT latency:          FAILED
Jitter:               PASSED
Packet reorder ratio: PASSED




----------------------------------------------------
Other solution available:
EventZero and Nectar, which aren't yet available in Europe




Friday, October 7, 2016

Cloud Connector Edition with Skype for Business from Ignite, Atlanta US


Have fun watching it ;)



https://www.youtube.com/watch?v=ACyVP9aXAMM

Busy on Busy guide for Skype for Business

Some general statements to Busy on Busy:
  • It is only available for user homed on Skype for Business Pool (SE or EE)
  • CU3 must be installed on all Pool Members
  • Not working for user homed on Lync 2013 or SBA.
  • Using Busy on Busy requires a Voice Policy in Skype for Business (Global, Sites or User)

IMPORTANT:

The Busy On Busy feature has an timeout of 12min.
If the user got disconnected for a call, e.g he was on disconnected from the network, which can be happened with a mobile phone or if you got connected via Wifi, the busy signal stay active for 12min before it will be reset.
As well remember the Busy Options cannot be configured by any user themselves. This is only an administrative task.


Busy on Busy supports only three different types:

- BusyOnBusy:
If the user is on an active call, the busy signal will be played to the caller.
- VoiceMailOnBusy:
If the user is on an active call, the call will be forwarded to the users Voice Mail
- Off:
If the user is on an active call: all other feature are working as expected, either no answer, or the users local Voice Mail or Team Delegate settings are active


Mein Status
Busy On Busy
(not activated - default)
Busy On Busy
(user set for)
Voicemail On Busy
(user set for)
Offline
No received call, Directed  to VoiceMail (based on client settings)
No received call, Directed  to VoiceMail (based on client settings)
No received call, Directed  to VoiceMail (based on client settings)
Appear Offline
SfB ringing, directed to VoiceMail (based on client settings)
SfB ringing, directed to VoiceMail (based on client settings)
SfB ringing, directed to VoiceMail (based on client settings)
Bereit
SfB ringing, directed to VoiceMail (based on client settings)  
SfB ringing, directed to VoiceMail (based on client settings) 
SfB ringing, directed to VoiceMail (based on client settings) 
Busy
(manuelly set by user)
SfB ringing, directed to VoiceMail (based on client settings)  
SfB ringing, directed to VoiceMail (based on client settings)  
SfB ringing, directed to VoiceMail (based on client settings)
Busy
(automatically set Outlook Meeting)
SfB ringing, directed to VoiceMail (based on client settings)  
SfB ringing, directed to VoiceMail (based on client settings)  
SfB ringing, directed to VoiceMail (based on client settings) 
Busy
(conference call)
SfB ringing, directed to VoiceMail (based on client settings)  
„BUSY“ signalized(new)
Instantly to VoiceMail(new)
Busy
(In a Call)
SfB ringing, directed to VoiceMail (based on client settings)  
„BUSY“ signalized(new)
Instantly to VoiceMail 
(new)
DND
only team member/ family, else instantly to VoiceMain (if configured)
only team member/ family, else instantly to VoiceMain (if configured)
only team member/ family, else instantly to VoiceMain (if configured)
Away
SfB ringing, directed to VoiceMail (based on client settings) 
SfB ringing, directed to VoiceMail (based on client settings) 
SfB ringing, directed to VoiceMail (based on client settings)



------------------------------------------------------------------------------------------------------------------------

Configuration:

1. Identify the Pool in your topology

Get-CsPool

2. Define the Server Application on the Pool which should host BusyOnBusy

New-CsServerApplication -Identity 'Service:Registrar:%FQDN%/BusyOptions' -Uri http://www.microsoft.com/LCS/BusyOptions -Critical $False -Enabled $True -Priority (Get-CsServerApplication -Identity 'Service:Registrar:%FQDN%/UserServices').Priority




whereby: %FQDN%, Pools FQDN: (only SfB 2015), e.g. SfBFEPool01.domain.local


3. Verify the CsServerAppliaction

Get-CsServerAppliaction | where-object $_.Name -eq "BusyOptions"}


4. Update the Admin Role
This command adds the three new commandlets to the Admin Role.
Which are:
  • Get-CsBusyOptions
  • Set-CsBusyOptions
  • Remove-CsBusyOptions
Updating by using:

Update-CsAdminRole


5. Configure Users

Configuration a user, if he has the Voice Policy for BusyOnBusy generally assigned:

for user with Busy on Busy:

Set-CsBusyOptions -Identity "Thomas Poett" -ActionType BusyOnBusy






for user with VoiceMail on Busy:



Set-CsBusyOptions -Identity "Thomas Poett" -ActionType VoiceMailOnBusy








If you want to remove the BusyOnBusy setting from a user, use:

Remove-CsBusyOptions

--------------------------------------------------------------------------------------------------------------------------

Note:
With the current CU3, the BosyOnBusy has an false positive error.
What does this mean.

If you query a user for this Busy Options and the user hasn't configured any setting, the commandlet Get-CsBusyOptions will show you an "red" error.
But this is not an error, it mainly provides the information that BusyOnBusy is NOT configured with this user.