Plan and configure Hybrid Voice in Skype for Business and Office 365–Ignite 2017 Summary

An oldie but definitely a goodie from Ignite 2017 presented by Nikolay Muravlyannikov and Carolyn Blanding. I Stumbled across this session and thought ive write up a summary on the session.

Keep in mind this is Hybrid Voice with Skype for Business and not Teams and was presented before Microsoft Teams Direct Routing was announced. For more info on Direct Routing check it out here

 

This is a session presented at Ignite by Nikolay Muravlyannikov Senior Program Manager in SfB and Carolyn Blanding Senior Supportability Program Manager.

Session can be found here

image

Starts with raise of hands for Hybrid Voice and also Nikolay asks if anyone is interested in Hybrid Voice for Teams and seems there was no hands raised and then Nikolay mentions this wont be covered in this session.

Lets start with quick intros from the speakers

image

Works with TAP customers and provide feedback to developers, Big thanks for feedback from TAP customers and program participants.

image

delivers telephony services for SfB and Microsoft Teams.

Session Objectives – Lets set the expectations for the session

image

This session is built in mind that the product has been to market for over 1 year now. How its different from session presented last year.

  • Product more than 1 year to market
  • well over 1000 active deployments
  • Practical stuff from what has been learned over the last years from Microsoft and partners

This session will cover practical stuff and how hybrid voice can be relevant and migration paths from pbx to phone system based on real examples, review architectures and experiences.

If your deploying first time you should be well equipped with this session.

Briefly touch on Hybrid voice options for teams but not in details. Next year go deeper in hybrid voice for teams.

Start with overview and then go deeper into Hybrid Voice

image

Lets start with Common telephony terminology , this would be used across traditional pbx platforms, cisco / avaya etc

image

  • PSTN  – Global network of global interconnected wires that delivers telephony calls
  • PBX or Phone System – connects phone within company and provide calling features, Group call, team calls etc
  • Trunk – Telephony line to connect PBX to PSTN, TDM or SIP
  • SBC – provide routing and protection for SIP based telephony, benefits deliver on the same wire as other traffic, internet or private, can be firewall or router. Do security inspection, DDOS, translate different protocols. Good book on SBCs from Microsoft Partner Sonus called SBC for dummies.
  • PSTN Gateway – serves as router but not as security.

image

Two separate PBXs

  • on premises – Enterprise Voice, Lync Server 2010, 2013, SfB 2015. Trunk must be customer provided and connected to servers direct or via certified SBC / gateway.
  • Cloud – SfB Online, PBX is now called Cloud PBX after Sept 2017 its called Microsoft Phone System

Two options for telephony

– Buy SIP trunk (Calling Plans) from Microsoft and Microsoft provides your Phone system. You port your telephone numbers to Microsoft or buy new numbers. You buy Microsoft Phone system with Calling Plans. (previously known as PSTN Calling)

– Connect your own Trunk via your own SBC/Gateway which is paired to Microsoft Phone System using SfB Server 2015 or Cloud Connector Edition (CCE) this is hybrid voice!

Hybrid voice allows you to connect your own trunks to Phone System.

2nd important part of Hybrid voice is interoperability !!

image

This is where we need to interop with existing systems / devices such as contact centres or analog devices! Pagers, lift phones, factory phones, fax etc.

Microsoft couldn’t provide functionality that your current Contact centre has such as skilled based routing then you can keep Call centre and use Hybrid Voice and keep contract centre users on premises and move other users.

Hybrid Voice

image

This slide show i can deliver voice on net without touching the PSTN network. So calls between SfB users and third party pbx’s are routed via the SBC and not the PSTN.

image

Avaya, Cisco, Mitel PBX examples

imageStarting Point is the PBX

imageConnected via SBC (or directly without SBC is an option as well) to the PSTN Network (For Migration an SBC is recommended)

imageInbound route for assigned telephone numbers to your PSTN (SIP Trunks / ISDN), these all route to SBC then SBC route to PBX.

imageThe PBX owns a range of numbers for all users and device types. ( This is a common setup for customers)

How to more to Microsoft Phone System and do gradual migration ?

image

You connect same SBC to Microsoft Phone System, you need to deploy either CCE if new custoemr or existing confoigure your SfB Server Pool.

Next change voice routing on SBC so telephone numbers route to SfB and not PBX and move users to Phone System, im not porting numbers in this scenario.

image

Deploy SfB client or phones, create new route on SBC/gateway and now send to CCE / SfB Server and then onto Microsoft Phone System.

Migrate 10 users then another 10 then 1000 users this is gradually migration and again minimise PBX footprint.

Some services i can also move from the PBX such as analog devices and connect to SBC via Analog Terminal adaptors from AudioCodes / Sonus now Ribbon)

image

then move the analog devices to the ATA and update the SBC routing to route analog devices to the SBC and then to ATA.

image

Then remove analog numbers from PBX and that leaves only the call /contact centre numbers with skilled based routing.

You have minimised the footprint of the PBX and should reduce costs

image

Architecture and Traffic Flow

image

image

The traffic from SBC must be trusted for Phone System

Pair on premises Edge with Online Edge and keep media local.

image

Pairing – CCE is made up of 4 virtual machines and is a scripted deployment. By deploying CCE one of the lines in the .CloudConnector.ini file is specify from which IP the traffic to this mediation server from this ip the traffic is trusted we can use TCP or TLS, Mediation server now trusts SBC via Edge to O365. This can also be a Skype for Business Server 2015 deployment as well.

CCE is to setup hybrid relationship and where teh trusted edge is.

Now the trusted relationship for the SBC and the cloud is complete.

Second reason for devices on premises is keep media local

image

First lets look at Media flow

here we have Mediation server and edge server, CCE or full pool, SBC paired to PSTN network on left side.

image

User places call to +431610640, the call goes to Phone System (Cloud PBX) for reverse number lookup and check does that number exist to any SfB users ?

image

1000 users likely to have 100 on concurrent calls for PBX

moving to skype you would see reduced to 1/10 instead of 1/100 by doing RNL it can save on number of PSTN trunks.

If RNL matches a number then it converts the call from PSTN to VOIP and starts runing

image

If no match with RNL then next step is to check the user voice policy.

If the users voice policy is BusinessVoice then route via Calling Plans (Microsoft PSTN)

image

If its matchs Hybrid Voice and route to Hybrid Voice Edge

image

route to Hybrid Voice Edge

image

Edge Server to Mediation

image

This is still SIP Signalling an we get the media candidate of the SBC 10.10.11.3

get media candidate, mediation server checks client internal or external and its where media bypass will come into play

image

The way its checks direct is a special webservice and get a bypass id and if client id can query it its internal and if its not then its external. If client can not provide bypass id its treated as external.

Also for media bypass we have to check the SfB client version, if not bypass

image

If condition matches then we provide the direct candaiate of SBC.

 

image

Media goes direct to SBC and onto PSTN. New feature and save on number of mediation server

image

support up to 500 sim calls on one mediation if not media bypass. If media bypass it depends on number of clients using the supported media bypass client version 16.0.7870.2020 or above!

Mac not supported on SfB mac or mobile client or users outside on internet, these user types and where and how connecting would mean how much hardware / no of mediation servers you need.

 

image

If no media bypass the process is simple, client is not on supported SfB Client version, two ip addresses are provided to the client, the internal IP of mediation server and external ip of Edge server

image > image

SfB client does connectivity to both IPs, if client can reach mediation then the call will go mediation server > SBC > PSTN

the other address would be the external edge server address if cant connect to internal mediation server ip, one example be windows SfB client on non supported client version for Media Bypass

image

What if client is external and is connection outside of the internal network.

image

We provide two ip address as candidates to the external client

image

client will check internal ip of mediation serfer and fail and check external of edge and be successful and media will go client > Edge > Mediation > SBC > PSTN

image

When planning number of CCEs or SfB Pools you need to consider media bypass and number of version that can support and how many maybe external or internal.

So this is the call flow now lets talk about CCE, CCE is four VMs and can support up to 16 CCEs per pstn site , a pstn site is a logical combination or association of to users to a cce that associated an sbc location.

For example i build CCE for Amsterdam SBC and build SBC for Seattle and associate users to a pstn site either Amsterdam or Seattle

image

This is basic media flow and will help you plan and dont forget about media bypass and no of users that cant use media bypass.

Architecture and Migration Path

image

Real life example

image

CCE is each location, Vienna site is shown above as single site but there could be 30 sites in total, if in each and every site theres an SBC you build two CCEs per site, two sbcs and two PSTN for redundancy. There is no other survivability options.

So that works and provide HA but its not best option for customers with large number of sites, 30 sites, two CCEs per site, licencing for Windows. Sonus and AudioCodes provide CCE as an appliance and can help reduce price but still expensive in price and management. Mixed review on this setup.

Fortanuately what we ended up doing at the same time is centralising the number of SIP trunks, most customers want to centralise sip trunks and not have 200 gateways and bring sip trunks in one or two locations.

image

Just need couple of SBCs and use internal Wide Area network to route traffic to / from datacentres, you deploy CCE and this option helps save money on hardware deployed in branches.

image

Before we centralised we used to have PBX in each and every location and manage them. We centralised everyting in two cities and removed 12 pbx and sbc’s.

THis case works for a lot of customers and most effective solution for CCEs. You need make sure your WAN connectivity can route PSTN traffic. PSTN goes to PSTN > SBC > WAN > Client.

image

But there’s also countries where centralising sip trunk is not an option this is mostly regulatory

We still deploy centralised CCE but with decentralised SIP trunks, Here we keep local gateway in local countries but it will transverse the WAN two times

image

Go to centralised CCE and then to local gateway. This helps to preserve local connectivity and save on CCEs, but requires to transverse WAN two times.

To summarise we review Microsoft telephony solutions, understand call flow and considerations to keep in mind for CCE with media bypass and typical scenarios.

Hybrid voice story for teams, current story is deploy something from Microsoft and we hear feedback and we need CCE for two reason and for Microsoft Teams we used different authentication and use this chance to remove elements. Moving to Teams we will introduce private connection to Teams via SBC. All SBCs with CCE you can connect to Teams. more details next year. Dont panic !

This wasn’t in the Ignite session but was recently announced 12th March 2018 and is called Direct Routing for Microsoft Teams here some details

https://techcommunity.microsoft.com/t5/Microsoft-Teams-Blog/Direct-Routing-enables-new-enterprise-voice-options-in-Microsoft/ba-p/170450

image

back to the ignite session now.

image

first lets look at terminology

image

OPCH – means using SfB Server 2015 software on premises

CCE – using Cloud Connector Edition and this is the software edition running on premises

image

We still misconfiguration during setup and then management issues

image

Certificate Configuration – Almost always the certificates

SAN name missing for supported sip domain. SIP SAN is used for authentication. SIP.domain.com must be used. Import tools for CCE check this.

Alot of issues is the certificate train is not trusted or key is missing and causes issues.

The CCE Edge services can not start.

One tip is use the digicert window certificate utility! I use this. request and process certificate on the same machine.

Once you have valid certificate you need to import it

image

second to certificate we see firewall and proxy issues

image

image

Host server needs to talk to the internal VMs and does this via powershell session, if host is blocked and scrpts wont run and we will see CCEs cant connect to the VM becuase something is blocking it.

90% of the time a proxy server is the way and there isn’t expectations.

We need to add the CCE management subnet and corporate subnets to the proxy Winhttp bypass list use netsh to do that.

image

Call out here! we need to corporate network switch v2 or higher.

The methodology before over management switch caused issues and this was connected and disconnected not this is corporate switch.

Sometimes no ip address range on network adaptor on the same IP as the corp network. Network adaptor assigned to corporate switch needs an ip address to ensure routing.

image

Office 365 tenant config

for OPCH we have the hybrid wizard today has reduced concerns.

Slide is broken here Carolyn says

image

Missing mediation server settings in Office 365 for CCE. Online needs to understand how to route on prem.

P 2 P call escalate to PSTN call escalation

this is caused by a missed step.

Create hybrid mediation server configuration on the tenant for every mediation server we deploy for CCE.

Use this cmdlet to confirm. Always run and check this is configured for mediation servers in your Office 365.

Client logs would show 404 error.

image

P2P to PSTN call escalation also fail is shared sip address is set to false this must be set to true!

image

Quite a few things can go wrong with DNS

Deck include impacts and diagnostics.

This one is big when Edge server cant resolve SRV

image

Let talk about the flow

We have inbound call from PSTN to mediation server and the call is for cbland@microsoft.com and hits edge server and edge needs to look up sip federation srv record if it cant resolve it and wont know how to route the call. It fails a lot as Edge cant resolve external DNS.

you can use pinpoint DNS now.

504 server timeout will be displayed

image

image

This hit a large customer running alot of CCE in centralised deployment, all was fine and feedback was it works !

next day outbound calling failing for all users

Onboarding more users to CCE, then they added a new CCE appliance and outbound calls were failing

they missed updating topology with the new appliance

Next one

image

Customer added deep packet inspection on external firewall for edge server

image

For CCE we encrypt local cache passwords with admin password of the admin user account that was signed in when CCE was deployed. if that password changes we cant decrypt the file.

image

if we miss updating topology outbound calls will fail because edge server cant reach mediation server.

Edge server cant route the call as every edge server in CCE must be able to route to every mediation server and it must know about them.  Every server needs to know about every server in the topology.

image

Stretched pool not recommended or supported across different subnet and can see this problem with routing.

image

if inbound calls are to fail but outbound work its because edge server tries to connect to Office 365 and cant complete ssl handshake as tls traffic is blocked by deep packet inspection.

check by browsing to url from edge server if you don’t get certificate pop it means its being blocked. https://sipfed.online.lync.com:5061

image

User configuration issues – large customer expanding hybrid voice and new users online and how to get users online

image

Here we have an OPCH user on premises using Enterprise Voice

Move them to online

Dial pad missing and inbound not working.

their line uri is missing because we need to Enterprise Voice enable them and phone number is synced online, but this needs

Needs to be ran for OPCH users or CCE users to sync the phone number

image

LineURI must be E.164 or calls will fail

image

If outbound calls are failing there a voice policy needs assigning.

Only available via Management Shell.

image

wrap up.

Cloud PBX is now Microsoft Phone System

PSTN Calling is now Calling Plans

 

Q and A

Excited option to direct SBC to Teams

on Roadmap no details.

Why wasn’t this done before ? why CCE? a redesigned back end was required.

 

Question – TSP raising concern on existing deployment.

SBC with CCE should no be deployed in new solutions, all deployment should include OPCH ?

Why ?

Any likely hood SBA would be supported ?

Looking at some option but nothing certain. Redudant internet connection

 

CCE on Hyper V, supported for other platforms ?

Require support from vendors, microsoft own Hyper V and SfB.

If third party change media stack.

 

Regarding Migration of numbers out of order ?

– migrate 20 users from range 1000 –2000 but are not sequentially.

1. voice route for every number but sbc may have limited

2. Two voice routes on SBC, before you route go and query Active Directory

SBC caches info from AD so doesnt query each time.

Some SBC have text routes stored on SBC in csv.

 

No option to directly connect sip trunk to CCE ?

You can have direct certified SIP provider to CCE.

 

Media bypass – do you have to Microsoft certified SBC to support it ?

Qualified list of SBC is required.

 

Status on Call Queues for CCE ?

Release for hybrid voice later.

*** this is released now *****

 

In order to have SBC we need to disable deep packet inspection ?

Recommend to be disable on firewall for edge server.

SBC has a firewall built in, SBC provide firewall like functionality.

 

Plans for support for SBC in Azure

Azure not designed for real time traffic

 

Customer EV on Lync Server 2013, do we go 2015, 2019 or Teams ?

Option 1 – wait for Teams

Option 2 – change delivering services on prem to online. SfB On prem or Online, requires network planning.

Go to SfB Online now and when Teams and you are ready then move to Teams

Buy SBC now and more to Teams

Investments in on premises with SfB may be more than CCE!

 

Interop Skype with Teams – would SfB 2015 provide interop for chat with Teams

yes

 

Existing client for SfB, alot of office in different countries, looking for voice solution?

Apart from licencing, do we need to configure global connectors on tenant or go at country level.

Depends on country level, stop by booth and we can look at it.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.