UXDOC61:Notadd_workflow_for_ |
SWeUXDOC61:Not_for_SWe | nopanel | true |
---|
Warning |
---|
title | READ BEFORE BEGINNING |
---|
|
You must follow these steps completely and in the order shown. Failure to do so increases the risk of node failure. |
Info |
---|
For details on troubleshooting, see Troubleshooting Cloud Connector 6.1.2. |
Multiexcerpt include |
---|
MultiExcerptName | BeforeYouStart |
---|
PageWithExcerpt | UXDOC61:Configuring the SBC Edge for a Single CCE |
---|
|
Scenario 1 and Scenario 2 are covered in Configuring the SBC Edge for a Single CCE. This document contains steps for Scenario 3 and Scenario 4 .
Multiexcerpt include |
---|
MultiExcerptName | PreRequisites |
---|
PageWithExcerpt | UXDOC61:Configuring the SBC Edge for a Single CCE |
---|
|
Network Settings
Note |
---|
We recommend deploying both Appliances on the same subnet with a resilient connection. |
For the purposes of this document, the CCE is deployed in the following network:
Caption |
---|
0 | Figure |
---|
1 | Typical Deploments |
---|
|
Image Removed Image Removed |
Firewall Settings
techpubs |
---|
AUTH1 | UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'} |
---|
JIRAIDAUTH | SYM-24331 |
---|
REV5 | UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'} |
---|
REV6 | UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'} |
---|
REV3 | UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cd700a1f, userName='null'} |
---|
REV1 | UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cc5207f0, userName='null'} |
---|
|
Excerpt Include |
---|
| UXDOC61:Not_for_SWe |
---|
| UXDOC61:Not_for_SWe |
---|
nopanel | true |
---|
|
Warning |
---|
title | READ BEFORE BEGINNING |
---|
|
You must follow these steps completely and in the order shown. Failure to do so increases the risk of node failure. |
Note |
---|
SBC Edge now supports a new deployment with CCE 2.1.0 in release 7.0.1. Before this release, if your CCE auto-updates to CCE 2.1.0: - To rerun the step “Transfer Credential from SBC”, it will require 7.0.1.
|
Info |
---|
For details on troubleshooting, see Troubleshooting Cloud Connector. |
Multiexcerpt include |
---|
MultiExcerptName | BeforeYouStart |
---|
PageWithExcerpt | Configuring the SBC Edge for a Single CCE |
---|
|
Scenario 1 and Scenario 2 are covered in Configuring the SBC Edge for a Single CCE. This document contains steps for Scenario 3 and Scenario 4.
Multiexcerpt include |
---|
MultiExcerptName | PreRequisites |
---|
PageWithExcerpt | Configuring the SBC Edge for a Single CCE |
---|
|
Network Settings
Note |
---|
We recommend deploying both Appliances on the same subnet with a resilient connection. |
For the purposes of this document, the CCE is deployed in the following network:
Caption |
---|
0 | Figure |
---|
1 | Typical Deploments |
---|
|
Image Added Image Added |
Firewall Settings
In this best practice the router/firewall is configured with the following rules:
Caption |
---|
0 | Table |
---|
1 | Internal Firewall Rules for CCE |
---|
|
Source IP | Destination IP | Source Port | Destination Port |
---|
Cloud Connector Mediation component |
|
In this best practice the router/firewall is configured with the following rules: Caption |
---|
0 | Table |
---|
1 | Internal Firewall Rules for CCE |
---|
|
Source IP | Destination IP | Source Port | Destination Port |
---|
Cloud Connector Mediation component – 192.168.210.123 & 192.168.210.117 | Internal clients | TCP 49 152 – 57 500* | TCP 50,000-50,019 (Optional) | Cloud Connector Mediation component – 192.168.210.123 & 192.168.210.117 | Internal clients | UDP TCP 49 152 – 57 500* | UDP TCP 50,000-50,019 (Optional) | Cloud Connector Mediation component – 192.168.210.123 & 192.168.210.117 | Internal clients | UDP 49 152 – 57 500* | UDP 50,000-50,019 | Internal clients | Cloud Connector Mediation component – 192.168.210.123 & 192.168.210.117 | TCP 50,000-50,019 | TCP 49 152 – 57 500* | Internal clients | Cloud Connector Mediation component – 192.168.210.123 & 192.168.210.117 | UDP 50,000-50,019 | UDP 49 152 -57 500* |
|
Caption |
---|
0 | Table |
---|
1 | External Firewall Rules for CCE |
---|
|
Source IP | Destination IP | Source Port | Destination Port |
---|
Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86 | Any | Any | TCP 5061 | Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86 | Any | Any | TCP 80 | Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86 | Any | Any | UDP 53 | Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86 | Any | Any | TCP 53 | Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86 | Any | TCP 50,000-59,999 | Any | Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86 | Any | UDP 3478 | Any | Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86 | Any | UDP 50,000-59,999 | Any | Any | Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86 | Any | TCP 5061 | Any | Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86 | Any | TCP 443 | Any | Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86 | Any | TCP 50,000-59,999 | Any | Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86 | Any | UDP 3478 | Any | Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86 | Any | UDP 50,000 - 59,999 |
|
multiexcerpt-includeTable | 1 | Host Firewall Rules - Internal or External Access |
---|
|
Source IP | Destination IP | Source Port | Destination Port |
---|
ASM | Any | Any | TCP 53 | ASM | Any | Any | TCP 80 | ASM | Any | Any | TCP 443 |
|
Multiexcerpt include |
---|
MultiExcerptName | DNSSettings |
---|
PageWithExcerpt |
---|
MultiExcerptName | DNSSettings |
---|
PageWithExcerpt | UXDOC61:Configuring the SBC Edge for a Single CCE |
---|
|
...
Update the SBC Edge firmware to the latest release version.
Note |
---|
- Ensure the Node FQDN is definitive. Changing this information requires the CCE to be redeployed.
- Ensure that an NTP server is configured.
|
Sonus recommends starting with a clean and empty configuration.
...
Step | Action |
---|
1 | Login to the WebUI of the SBC Edge. |
2 | Click the Task tab, and then click Operational Status. |
3 | Verify that: - The ASM Board Status is Up
- The appropriate Service Status is Running
- The Service is the latest version. If the service version (SBC Communications Service) is not the latest, update it by following the steps in Installing an ASM Package.
|
4 | Change the ASM Admin password: - Login to WebUI of both SBC Edge systems
- Click the Task tab and then click Change Admin Password.
- Enter the desired password twice and then click OK.
|
...
Note |
---|
- If this is a re-deployment of a CCE deployment, complete the steps in Redeploying the CCE to clean up previously entered data in O365 before proceeding with the following section.
|
...
Note |
---|
Perform these steps on both systems. |
Step | Action | |
---|
1 | Login to the WebUI of both each SBC Edge. | |
2 | Navigate to Tasks > Setup Office 365 Cloud Connector Edition> Setup. | |
3 | Click the ASM Config tab and configure/verify the Network and IP settings of your ASM as shown below. | |
4 | Click Apply. After receiving the activity status as successfully completed, click the Generate CSR tabFrom the Remote Desktop Enabled drop down list, select Yes (to enable Remote Desktop) or No (to disable Remote Desktop). | |
...
0 | Figure |
---|
1 | Configuring the ASM – CCE-1 |
---|
...
Image Removed
Caption |
---|
0 | Figure |
---|
1 | Configuring the ASM – CCE-2 |
---|
|
Image Removed |
Generating the CSR
This process is required only if you don't have a public certificate for your deployment. If you already have a certificate, proceed to Import Certificate.
Note |
---|
Perform these steps on only one of the systems. |
...
Navigate to Tasks > Setup Cloud Connector Edition > Generate CSR.
...
Generate the CSR as shown below with following information.
...
To ensure creating a valid CSR for Cloud Connector Edition usage, please see the section "Certificate requirements" on https://technet.microsoft.com/en-us/library/mt605227.aspx .
Importing Certificate/Keys
Note |
---|
Perform these steps on both systems. |
Step | Action |
---|
1 | Login to the WebUI of both SBC Edge. |
2 | Navigate to Tasks > Setup Cloud Connector Edition and then click the Import Certificate/Keys tab. |
3 | On SBC-1, click the Action drop-down list and select the appropriate option: - If you generated a Certificate Request (CSR) in the previous section, select the Import X.509 Signed Certificate option using the Choose File button.
- If you prepare your certificate by yourself, select the Import PKCS12 Certificate and Key option using the Choose File button.
|
4 | Click OK. |
5 | - On SBC-1, select the certificate Action, use Export PKCS12 Certificate and Key, enter the password, and then click OK.
- On SBC-2, select the certificate Action, use Import PKCS12 Certificate and Key to import the pkcs certificate you exported on SBC-1, enter the password, select the relevant certificate file using the Choose File button and then click OK.
|
...
Note |
---|
Perform these steps on both systems. |
...
Configure all necessary information and then click OK.
Caption |
---|
0 | Figure |
---|
1 | Configuring the ASM – CCE-1 |
---|
|
Image Removed |
Caption |
---|
0 | Figure |
---|
1 | Configuring the ASM – CCE-2 |
---|
|
Image Removed |
...
Warning |
---|
If the deployment environment consists of multiple-site with a single certificate, or a wild card certificate, ensure the CCE Site Name and the Edge Server Public Hostname are correct before proceeding. |
Verifying and Updating the CCE Configuration INI File
You must verify (and possibly correct) the CCE Configuration INI File after configuring the CCE.
...
5 | From the Windows Firewall Enabled drop down list, select Yes (to enable Windows Firewall) or No (to disable Windows Firewall). | |
6 | From the Proxy Enabled drop down list, Enables use of the Proxy Server on the ASM. Select from the drop down list: Yes (enables Proxy Server on the ASM) or No (disables Proxy Server). | |
7 | From the Proxy Address drop down list, select Yes (to enable the IP address for the Proxy Server in IPv4 format). This field is available only when Proxy Enabled is set to Yes. | |
8 | From the Proxy Port drop down list, select Yes (to enable the port in which the Proxy Server connects). Valid entry: Valid entry: 1 - 65000. This field is available only when Proxy Enabled is set to Yes. | |
9 | Configure/verify the Network and IP settings of your ASM. | |
10 | Click Apply. After receiving the activity status as successfully completed, click the Generate CSR tab. | |
Caption |
---|
0 | Figure |
---|
1 | Configuring the ASM – CCE-1 |
---|
|
Image Added |
Caption |
---|
0 | Figure |
---|
1 | Configuring the ASM – CCE-2 |
---|
|
Image Added |
Generating the CSR
This process is required only if you don't have a public certificate for your deployment. If you already have a certificate, proceed to Import Certificate.
Note |
---|
Perform these steps on only one of the systems. |
Step | Action |
---|
1 | Login to the WebUI of one of the SBC Edge. |
2 | Navigate to Tasks > Office 365 Cloud Connector Edition> Setup. |
3 | Click the Generate CSR tab. |
4 | Generate the CSR as shown below with following information. Note: This example uses aepsite1.sonusms01.com and sip.sonusms01.com as common name and SAN. To ensure creating a valid CSR for Cloud Connector Edition usage, please see the section "Certificate requirements" on https://technet.microsoft.com/en-us/library/mt605227.aspx. |
Caption |
---|
|
Image Added |
Set CCE Public Certificate
Note |
---|
Perform these steps on both systems. |
Step | Action |
---|
1 | Login to the WebUI of the SBC Edge. |
2 | Navigate to Tasks > Office 365 Cloud Connector Edition and click the CCE Public Certificate tab. |
3 | On SBC-1, click the Action drop-down list and select the appropriate option: - Import X.509 Signed Certificate. This option is used if you generated a Certificate Request (CSR) and this is the initial deployment. Paste the certificate in the window and click OK.
- Import PKCS12 Certificate and Key. Imports a certificate you created. Enter the password, select the file (certificate) to import, and click OK.
- Export PKCS12 Certificate and Key. Export the CCE certificate for backup purposes. Enter password and click OK.
- Transfer Public Certificate to Edge. Transfers the public certificate to the CCE (after deployment).
- Display Certificate. Displays the current SBC Edge certificate.
|
4 | On SBC-2, click the Action drop-down list and select the appropriate option: - Import X.509 Signed Certificate. This option is used if you generated a Certificate Request (CSR) and this is the initial deployment. Paste the certificate in the window and click OK.
- Import PKCS12 Certificate and Key. Imports a certificate you created. Enter the password, select the file (certificate) to import, and click OK.
- Export PKCS12 Certificate and Key. Export the CCE certificate for backup purposes. Enter password and click OK.
- Transfer Public Certificate to Edge. Transfers the public certificate to the CCE (after deployment).
- Display Certificate. Displays the current SBC Edge certificate.
|
5 | After receiving the activity status as successfully completed, click on Configure CCE tab. |
Caption |
---|
0 | Figure |
---|
1 | SBC 1 - CCE Public Certificate |
---|
|
Image Added |
Caption |
---|
0 | Figure |
---|
1 | SBC 2 - CCE Public Certificate |
---|
|
Image Added |
Anchor |
---|
| Configuring the CCE |
---|
| Configuring the CCE |
---|
|
Configuring the CCE Note |
---|
Perform these steps on both systems. |
Note |
---|
If you configure TLS and downgrade the system to a release prior to Release 7.0, the Exchange CA Certificate for TLS will be unavailable; you must re-deploy or upgrade to Release 7.0. Along with TLS configuration on the CCE, the TLS capability requires a loaded Root CA certificate and a signed certificate on the SBC. |
Step | Action |
---|
1 | Login to the WebUI of the SBC Edge. |
2 | Navigate to Tasks > Office 365 Cloud Connector Edition> Setup. |
3 | Click the Configure CCE tab. |
4 | Configure all necessary information and then click OK. Note |
---|
TLS 1.2 is supported; the following fields are required to configure TLS: - Primary SBC Transport Protocol. Options: TCP or TLS (supports TLS 1.2).
- Secondary SBC Transport Protocol (optional). Options: TCP or TLS (supports TLS 1.2).
If TLS is configured as the Primary SBC Transport Protocol, you must run the Synchronize CCE/SBC CA Certificate task to allow a successful TLS handshake between CCE and SBC Edge. However, if TCP is configured as the Primary SBC Transport Protocol the Synchronize CCE/SBC CA Certificate task is not mandatory. See Managing Cloud Connector Edition Private Certificates. |
Caption |
---|
0 | Figure |
---|
1 | Configuring the ASM – CCE-1 |
---|
| Image Added |
Caption |
---|
0 | Figure |
---|
1 | Configuring the ASM – CCE-2 |
---|
| Image Added | Note: Enterthe ASM's IP address in the HA Master IP Address field. The Slave uses the same root certification as the Master, and this location contains the shared folder that contains the Root CA of the Master. |
5 | To increase Fast Failover (which shortens the time where certain ported numbers have a long delay from ITSP PSTN provider) configure Trunk Information: Refer Support. Indicates whether Gateways support Refer for a Call Transfer scenario. Valid entries: Enable (the Gateway(s) supports Refer which can handle call transfer) or Disable (the Gateway does not support Refer and the Mediation Server handles call transfer). Fast Failover Timer. Determines whether outbound calls that are not answered by the gateway within ten seconds will be routed to the next available trunk; if there are no additional trunks, the call will automatically be dropped. Valid entries: Enable or Disable. Forward Call History. Indicates whether call history information is forwarded through the trunk. Valid entries: Enable or Disable. Forward PAI. Indicates whether the P-Asserted-Identity (PAI) header will be forwarded along with the call. Valid entries: Enable or Disable. |
6 | After receiving the activity status as successfully completed, click the Prepare CCE tab to continue. |
Warning |
---|
If the deployment environment consists of multiple-site with a single certificate, or a wild card certificate, ensure the CCE Site Name and the Edge Server Public Hostname are correct before proceeding. |
Verifying and Updating the CCE Configuration INI File
You must verify (and possibly correct) the CCE Configuration INI File after configuring the CCE.
Info |
---|
When deploying a High Availability (HA) systems, it is important to have Management IP Prefix unique on each HA system. For instance, if your HA Master CCE system has 192.168.213.x as the Management IP Prefix, you need to be sure to configure this attribute differently on HA Slave system. While doing this, also make sure that subnet that you are defining in this field does not conflict in your IP infrastructure. |
Note |
---|
Perform these steps on both systems. |
Follow these steps to verify and correct values in the CCE Configuration INI File.
Step | Action |
---|
1 | Login to the WebUI of the SBC Edge. |
2 | Click the Configure CCE tab and then click Click to re-configure CCE application. |
3 | Click OK on the popup dialog box. |
4 | Click the Raw (INI) Config drop-down list, and select an option: - Edit. Configurable fields are displayed for editing. Modifications to the CCE configuration requires redeployment of the CCE VM, and this action takes approximately two hours.
- Export. Exports the .ini file.
- Import. Imports the .ini file.
|
5 | Verify/correct the values in the CCE Configuration INI File and then click OK. |
Preparing the CCE
Anchor |
---|
| Preparing the CCE |
---|
| Preparing the CCE |
---|
|
Note |
---|
Perform these steps on both systems. |
Step | Action |
---|
1 | Login to the WebUI of both SBC Edge systems. |
2 | Navigate to Tasks > Office 365 Cloud Connector Edition> Setup. |
3 | Click the Prepare CCE tab. |
4 | Click the Prepare CCE button. Enter the requested password. A confirmation will request you to enter the password again. The same password should be used on all Appliances in the site. Click OK as shown below. |
5 | To complete the deployment, continue with Activating the CCE. |
Customizing the CCE VMThis step stores the two Microsoft product keys, and customizes the CCE VM (which is not yet activated)
...
.
Note |
---|
Perform these steps on both systems. |
Follow these steps to verify and correct values in the CCE Configuration INI File.
Step | Action |
---|
1 | Login to the WebUI of the SBC Edge. |
2 | Click the Configure CCE tab and then click Click to re-configure CCE application. |
3 | Click OK on the popup dialog box. |
4 | Click the Raw (INI) Config drop-down list, and select an option: - Edit. Configurable fields are displayed for editing. Modifications to the CCE configuration requires redeployment of the CCE VM, and this action takes approximately two hours.
- Export. Exports the .ini file.
- Import. Imports the .ini file.
|
5 | Verify/correct the values in the CCE Configuration INI File and then click OK. |
...
Note |
---|
Perform these steps on both systems. |
...
Click the Prepare CCE button. Enter the requested password. A confirmation will request you to enter the password again. The same password should be used on all Appliances in the site. Click OK as shown below.
Info |
---|
Each CCE requires four VMs; each Microsoft Product Key activates two VMs. |
Step | Action |
---|
1 | Login to the WebUI of each SBC Edge. |
2 | Navigate to Tasks > Office 365 Cloud Connector Edition> Setup. |
3 | Click the Cutomize CCE VMs tab. |
4 | In Domain Controller and Central Management Store VM > Windows Product Key 1, enter the first Microsoft Product Key. To identify the Product Key, see Identify Microsoft Product Key. |
5 | In Under Mediation Server and Edge Server VM > Windows Product Key 2, enter the second Microsoft Product Key.To identify the Product Key, see Identify Microsoft Product Key. |
6 | From the Proxy Usage drop down list, select Enabled (enables the Proxy Server on the DMZ facing the internal network) If you select Disable, the Proxy Server is disabled. |
7 | In the Proxy Server IP Address field, enter the server IP address for the Proxy Server in IPv4 format. This field is available only when Proxy Usage is set to Enabled. |
8 | In the Proxy Server Port field, enter the port number for the Proxy Server. Valid entry: 1 - 65535. This field is available only when Proxy Usage is set to Enabled. |
9 | Click Apply. |
10 | Access Tasks> Operational Status to verify Windows Activation. |
11 | |
Caption |
---|
|
Image Added |
Info |
---|
title | Identify Microsoft Product Key |
---|
|
To identify the Microsoft Product Key:- Access the bottom of the SBC unit and locate the two Microsoft Certificate of Authenticity stickers.
- Locate the Microsoft Product Key for each.
Sample Microsoft Certificate of Authenticity Sticker Image Added
|
Info |
---|
title | Activation - Troubleshooting Tips |
---|
|
Anchor |
---|
| Troubleshooting |
---|
| Troubleshooting |
---|
| If activation fails, check the following:- If access to the Microsoft Server fails, verify IP and Firewall configuration.
- Verify each Product Key has not reached the allowed limit of 15 activations.
- Verify correct entry of the Product Key.
|
Info |
---|
See Managing Cloud Connector Edition Private Certificates for the following setup options: - Synchronize the CCE and SBC CA Certificate
- Renew the CCE CA or CCE Certificate
|
...
Anchor |
---|
| Manually Configuring the CCE on the ASM |
---|
| Manually Configuring the CCE on the ASM |
---|
|
Installing
the CCE Appliance using Sonus Cloud Link Deployer...
title | CCE Deployment - Using a Proxy on the ASM Host |
---|
the CCE Appliance using Sonus Cloud Link Deployer
...
Note |
---|
title | CCE Deployment - What to Expect |
---|
|
- The CCE deployment may exceed two hours.
- The CCE deployment status is visible only on the Remote Desktop to the ASM. The WebUI indicates that the CCE is running while the deployment process is in progress.
- While the CCE deployment is running, you should not perform any actions on the ASM via the WebUI (i.e., Shut Down/Reset/Reboot/Reinitialize/Install etc.).
- If your the Office 365 PSTN Site already exists in your tenant, ensure the other Appliance is removed, and the CCE Auto-Update time window is properly configured. You should be outside of a maintenance time window for the installationis removed, and the CCE Auto-Update time window is properly configured. If you are in a time window dedicated to the Auto-Update, see Managing Update Schedule and Creating and Modifying PSTN Hybrid Site to configure the PSTN Hybrid Site and configure Auto-Update to false. Replication of the information may take up to 30 minutes.
|
Using Sonus Cloud Link Deployer via Remote Desktop on the ASM Module:
...
Step | Action |
---|
1 | Remote desktop to the ASM of the SBC Edge System 1. |
2 | Launch the Sonus Cloud Link Deployer from icon on the desktop. |
3 | Check the last two actions: - Install Appliance: This step deploys the CCE.
- Publish Appliance (HA Only): This will extract the required information from the HA Master.
|
4 | Click Apply. |
Caption |
---|
0 | Figure |
---|
1 | Install CcAppliance on HA Master Node |
---|
|
|
...
Caption |
---|
0 | Figure |
---|
1 | Building your SBC Edge-2 Configuration |
---|
|
|
Multiexcerpt include |
---|
MultiExcerptName | BasicCallVerification |
---|
PageWithExcerpt | UXDOC61:Configuring the SBC Edge for a Single CCE |
---|
|
Multiexcerpt include |
---|
MultiExcerptName | O365KnownIssues |
---|
PageWithExcerpt | UXDOC61:Configuring the SBC Edge for a Single CCE |
---|
|
Updating the CCE Password
Follow these steps if you need to update the O365 tenant admin password or account.
Step | Action |
---|
1 | On the WebUI, run Preparing the CCE to specify a new Password. Select the existing password and enter the new password. Only the O365 should be modified for a running instance of CCE.the WebUI, click Tasks and select the Prepare CCE tab (see Preparing the CCE). |
2 | Click Prepare CCE. |
3 | From the Password Setting drop down list, select Change Password. Keep the same passwords for the Edge Server, CCE Service and CA Backup File, but change the passwords for Tenant Account User and Tenant Account Password. |
42 | On Remote desktop, start the Sonus Cloud Link Deployer, and check Transfer Password from SBC to reset the credentials. |