Versions Compared

Old Version 9

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 10

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Add_workflow_for_techpubs
AUTH1
JIRAIDAUTHSYM-2301223000
REV5
REV6
REV3
REV1

Excerpt Include
UXDOC61:Not_for_SWe
UXDOC61:Not_for_SWe
nopaneltrue

...

In this best practice the router/firewall is configured with the following rules:

Caption
0Table
1Internal Firewall Rules for CCE

Source IP

Destination IP

Source Port

Destination Port

Cloud Connector Mediation component – 192.168.210.123 & 192.168.210.117

Internal clients

TCP 49 152 – 57 500*

TCP 50,000-50,019 (Optional)

Cloud Connector Mediation component – 192.168.210.123 & 192.168.210.117

Internal clients

UDP 49 152 – 57 500*

UDP 50,000-50,019

Internal clients

Cloud Connector Mediation component – 192.168.210.123 & 192.168.210.117

TCP 50,000-50,019

TCP 49 152 – 57 500*

Internal clients

Cloud Connector Mediation component – 192.168.210.123 & 192.168.210.117

UDP 50,000-50,019

UDP 49 152 -57 500*

Caption
0Table
1External Firewall Rules for CCE

Source IP

Destination IP

Source Port

Destination Port

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

Any

TCP 5061

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

Any

TCP 80

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

Any

UDP 53

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

Any

TCP 53

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

TCP 50,000-59,999

Any

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

UDP 3478

Any

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

UDP 50,000-59,999

Any

Any

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

TCP 5061

Any

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

TCP 443

Any

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

TCP 50,000-59,999

Any

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

UDP 3478

Any

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

UDP 50,000 - 59,999

 

 

Multiexcerpt include
MultiExcerptNameDNSSettings
PageWithExcerptUXDOC61:Configuring the SBC Edge for a Single CCE

...

Note
  • If this is a re-deployment of a CCE deployment, complete the steps in Redeploying the CCE to clean up previously entered data in O365 before proceeding with the following section.

...

StepAction 
1

Login to the WebUI of each SBC Edge.

 
2

Navigate to Tasks  > Setup Office 365 Cloud Connector Edition> Setup.

 
3

Click the ASM Config tab and configure/verify the Network and IP settings of your ASM as shown below.

 
4From the Remote Desktop Enabled drop down list, select Yes (to enable Remote Desktop) or No (to disable Remote Desktop). 
5From the Windows Firewall Enabled drop down list, select Yes (to enable Windows Firewall) or No (to disable Windows Firewall). 
6From the Proxy Enabled drop down list, Enables use of the Proxy Server on the ASM. Select from the drop down list: Yes (enables Proxy Server on the ASM) or No (disables Proxy Server). 
7From the Proxy Address drop down list, select Yes (to enable the IP address for the Proxy Server in IPv4 format). This field is available only when Proxy Enabled is set to Yes. 
8From the Proxy Port drop down list, select Yes (to enable the port in which the Proxy Server connects). Valid entry: Valid entry: 1 - 65000. This field is available only when Proxy Enabled is set to Yes. 
9Configure/verify the Network and IP settings of your ASM. 
10

Click Apply. After receiving the activity status as successfully completed, click the Generate CSR tab.

 

...

 

Caption
0Figure
1Configuring the ASM – CCE-1

Image Modified

Caption
0Figure
1Configuring the ASM – CCE-2

Image RemovedImage Added

Generating the CSR

...

Step Action
1Login to the WebUI of one of the SBC Edge.
2

Navigate to to Tasks  > Setup Office 365 Cloud Connector Edition > Edition> Setup.

3Click the Generate CSR tab.
34

Generate the CSR as shown below with following information.

Note: This example uses aepsite1.sonusms01.com and sip.sonusms01.com as common name and SAN.

To ensure creating a valid CSR for Cloud Connector Edition usage, please see the section "Certificate requirements" on https://technet.microsoft.com/en-us/library/mt605227.aspx . 

Caption
0Figure
1Generate CSR


 

...

Set CCE Public Certificate

...

Note

Perform these steps on both

Spacevars
0product
systems.

select certificate Action, use Import PKCS12 Certificate and Key to import the pkcs certificate you exported on SBC-1, enter the password, select the relevant certificate file using the Choose File button and then click OK.
Step ActionAction
1Login to the WebUI of both the SBC Edge.
2

Navigate to Tasks > Setup Office 365 Cloud Connector Edition and then click the Import CCE Public Certificate /Keys tab.

3

On SBC-1, click the Action drop-down list and select the appropriate option:

  • If Import X.509 Signed Certificate. This option is used if you generated a Certificate Request (CSR) in the previous section, select the Import X.509 Signed Certificate option using the Choose File button.If you prepare your certificate by yourself, select theand this is the initial deployment. Paste the certificate in the window and click OK.
  • Import PKCS12 Certificate and Key option and paste into the Paste Base64 Certificate box.
4Click OK.
5
  • On SBC-1. Imports a certificate you created. Enter the password, select the file (certificate) to import, and click OK.
  • Action, use Export PKCS12 Certificate and Key, enter the password, and then . Export the CCE certificate for backup purposes. Enter password and click OK.
  • Transfer Public Certificate to Edge. Transfers the public certificate to the CCE (after deployment).
  • Display Certificate. Displays the current SBC Edge certificate.
4

On SBC-2,

click the

 

...

Action drop-down list and select the appropriate option:

  • Import X.509 Signed Certificate. This option is used if you generated a Certificate Request (CSR) and this is the initial deployment. Paste the certificate in the window and click OK.
  • Import PKCS12 Certificate and Key. Imports a certificate you created. Enter the password, select the file (certificate) to import, and click OK.
  • Export PKCS12 Certificate and Key. Export the CCE certificate for backup purposes. Enter password and click OK.
  • Transfer Public Certificate to Edge. Transfers the public certificate to the CCE (after deployment).
  • Display Certificate. Displays the current SBC Edge certificate.
4

After receiving the activity status as successfully completed, click on Configure CCE tab.

Caption
0Figure
1SBC 1 - CCE Public Certificate

Image Added 

Caption
0Figure
1SBC 2 - CCE Public Certificate

Image Added

 

Anchor
Configuring the CCE
Configuring the CCE
Configuring the CCE

Note

Perform these steps on both

Spacevars
0product
systems.

StepAction
1Login to the WebUI of the SBC Edge.
2Navigate to Tasks  > Office 365 Cloud Connector Edition> Setup
Note

Perform these steps on both

Spacevars
0product
systems.

StepAction
1Login to the WebUI of the SBC Edge.
2Open the Tasks tab and click Setup Cloud Connector Edition in the navigation pane.
3Click the Configure CCE tab.
4

Configure all necessary information and then click OK.

 

Caption
0Figure
1Configuring the ASM – CCE-1

Image RemovedImage Added

 

Caption
0Figure
1Configuring the ASM – CCE-2

Image Removed

 Image Added

 

Note: Enterthe ASM's IP address in the HA Master IP Address field. The Slave uses the same root certification as the Master, and this location contains the shared folder that contains the Root CA of the Master.

5After receiving the activity status as successfully completed, click the Prepare CCE tab to continue.

 

 

Warning

 If

Warning

 If the deployment environment consists of multiple-site with a single certificate, or a wild card certificate, ensure the CCE Site Name and the Edge Server Public Hostname are correct before proceeding.

...

StepAction
1Login to the WebUI of both SBC Edge systems.
2Open the Tasks tab and click Setup Navigate to Tasks  > Office 365 Cloud Connector Edition in the navigation pane> Setup.
3Click the Prepare CCE tab.
4

Click the Prepare CCE button. Enter the requested password. A confirmation will request you to enter the password again. The same password should be used on all Appliances in the site. Click OK as shown below.

5

To complete the deployment, continue with  Activating the CCE.

...

StepAction
1Login to the WebUI of each SBC Edge.
2Open the Tasks tab and click Setup Navigate to Tasks  > Office 365 Cloud Connector Edition in the navigation pane> Setup.
3Click the Cutomize CCE VMs tab.
4

In Domain Controller and Central Management Store VM > Windows Product Key 1, enter the first Microsoft Product Key. To identify the Product Key, see Identify Microsoft Product Key.

5In Under Mediation Server and Edge Server VM Windows Product Key 2, enter the second Microsoft Product Key.To identify the Product Key, see Identify Microsoft Product Key.
6From the Proxy Usage drop down list, select Enabled (enables the Proxy Server on the DMZ facing the internal network) If you select Disable, the Proxy Server is disabled.
7In the Proxy Server IP Address field, enter the server IP address for the Proxy Server in IPv4 format. This field is available only when Proxy Usage is set to Enabled.
8In the Proxy Server Port field, enter the port number for the Proxy Server. Valid entry: 1 - 65535. This field is available only when Proxy Usage is set to Enabled.
9Click Apply.
10Access Tasks> Operational Status to verify Windows Activation. If activation fails, see Troubleshooting..
11

To complete the deployment, continue with installing the Installing the CCE Appliance using Sonus Cloud Link Deployer.

...

 

Caption
0Figure
1Activate the CCE

 

To identify the Microsoft Product Key:
  • Access the bottom of the SBC unit and locate the two Microsoft Certificate of Authenticity stickers.
    • Locate the Microsoft Product Key for each.
    Sample Microsoft Certificate of Authenticity Sticker
    Image RemovedIf activation fails, check the following:
    • If access to the Microsoft Server fails, verify IP and Firewall configuration. 
    • Verify each Product Key has not reached the allowed limit of 15 activations.
    • Verify correct entry of the Product Key.
    Info
    titleIdentify Microsoft Product Key

    Anchor
    ProductKey
    ProductKey
    To identify the Microsoft Product Key

    Anchor
    ProductKeyProductKey
    Info
    titleActivation - Troubleshooting Tips
    Anchor
    TroubleshootingTroubleshooting

    :

    1. Access the bottom of the SBC unit and locate the two Microsoft Certificate of Authenticity stickers.
    2. Locate the Microsoft Product Key for each.

      Sample Microsoft Certificate of Authenticity Sticker
      Image Added
    Info
    titleActivation - Troubleshooting Tips

    Anchor
    Troubleshooting
    Troubleshooting
    If activation fails, check the following:

    • If access to the Microsoft Server fails, verify IP and Firewall configuration. 
    • Verify each Product Key has not reached the allowed limit of 15 activations.
    • Verify correct entry of the Product Key.

    Set CCE Private Certificate

    This step synchronizes the CCE and SBC CA Certificate, or Renews the CCE CA or CCE Certificate.

    Info

    This feature applies to SBCs running ASM with the Office 365 Cloud Connector Edition image.

    Note

    If you configure TLS and downgrade the system to a release prior to Release 7.0, the Exchange CA Certificate for TLS will be unavailable; you must re-deploy or upgrade to Release 7.0. Along with TLS configuration on the CCE, the TLS capability requires a loaded Root CA certificate and a signed certificate on the SBC.

    Note

    These instructions assume the SBC Edge already includes a valid Trusted CA (which issues the Sonus SBC Certificate).  For more information, refer to Working with Certificates.

    You will not be able to complete Step 4: Synchronize CCE/SBC CA Certificate without a valid Trusted CA in SBC Edge.

    StepAction
    1Login to the WebUI of the SBC Edge.
    2Navigate to Tasks > Office 365 Cloud Connector Edition and click the CCE Private Certificate tab.
    3Click the CCE Private Certificate tab.
    4

    For SBC-1: three options are available, when needed:

    • Synchronize CCE/SBC CA Certificate. Synchronizes the CCE/SBC CA certificate; certificate information is exchanged between the CCE and SBC CA.
    • Renew CCE CA Certificate. Renews CCE CA certificate.
    • Renew CCE Certificate. Renews the CCE certificate.

    Note: The CCE CA and CCE Certificates are valid for two years.

    5

    For SBC-2: three options are available, when needed:

    • Synchronize CCE/SBC CA Certificate. Synchronizes the CCE/SBC CA certificate; certificate information is exchanged between the CCE and SBC CA.
    • Renew CCE CA Certificate. Renews CCE CA certificate.
    • Renew CCE Certificate. Renews the CCE certificate.
    Note: The CCE CA and CCE Certificates are valid for two years.
    6After synchronizing or renewing a certificate, a message indicating success appears on the screen.
    7

    To complete the deployment, continue with installing the CCE Appliance using the Sonus Cloud Link Deployer.

    Caption
    0Figure
    1SBC 1 - CCE Private Certificate

    Image Added 

    Caption
    0Figure
    1SBC 2 - CCE Private Certificate

    Image Added 

    Anchor
    Manually Configuring the CCE on the ASM
    Manually Configuring the CCE on the ASM
    Installing the CCE Appliance using Sonus Cloud Link Deployer

    Note
    titleCCE Deployment - Using a Proxy on the ASM Host

    If you plan to use a proxy on the ASM Host to reach Office 365, you must add the Management network (192.168.213.0) into the exclusion list and specify proxy settings per machine rather than per user.

    ...

    Step

    Action

    1

    Remote desktop to the ASM of the SBC Edge System 1.

    2Launch the Sonus Cloud Link Deployer from icon on the desktop.
    3

    Check the last two actions:

    • Install Appliance: This step deploys the CCE.
    • Publish Appliance (HA Only): This will extract the required information from the HA Master.
    4Click Apply.

    Caption
    0Figure
    1Install CcAppliance on HA Master Node


     

     

    ...

     

    Caption
    0Figure
    1Building your SBC Edge-2 Configuration

     

    Multiexcerpt include
    MultiExcerptNameBasicCallVerification
    PageWithExcerptUXDOC61:Configuring the SBC Edge for a Single CCE

    Multiexcerpt include
    MultiExcerptNameO365KnownIssues
    PageWithExcerptUXDOC61:Configuring the SBC Edge for a Single CCE

    Updating the CCE Password

    Follow these steps if you need to update the O365 tenant admin password or account.

    StepAction
    1On the WebUI, run Preparing the CCE to specify a new Password. Select the existing password and enter the new password. Only the O365 should be modified for a running instance of CCE.
    2

    On Remote desktop, start the Sonus Cloud Link Deployer, and check Transfer Password from SBC to reset the credentials.