You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 18 Next »

 

Not supported by SBC SWe Lite in this release.

 

READ BEFORE BEGINNING

You must follow these steps completely and in the order shown. Failure to do so increases the risk of node failure.

In this section...

For details on troubleshooting, see Troubleshooting Cloud Connector 6.1.2.

Before You Start

CCE Deployment Scenarios

The following diagram shows typical CCE deployment scenarios on a PSTN site. The PSTN site is a combination of Cloud Connector instances, deployed at the same location, and with common PSTN gateways pool connected to them. PSTN sites allow you to:

  • Provide connectivity to gateways that are closest to your users.

  • Allow for scalability by deploying multiple Cloud Connector instances within one or more PSTN sites.

  • Allow for high availability by deploying multiple instances of Cloud Connector within a single PSTN site.

 

CCE Deployment Scenarios



Scenario 1 and Scenario 2 are covered in Configuring the SBC Edge for a Single CCE. This document contains steps for Scenario 3 and Scenario 4 .

Prerequisites

A public domain name prepared and mapped with your Office 365 tenant (for example, "mydomain.com"). See Create an Office 365 Tenant.
An entry on your public domain name that points to the fixed IP address of your SBC Edge (for example, myccesite1.mydomain.com" with an IP address of "nn.nn.mm.nn").

An Office 365 tenant with an E5 license or E3 + Cloud PBX.

You must have the Global Administrator role for your O365 tenant account.

A public certificate authority ready to sign a certificate for the SBC Edge.

Important!  Read the steps outlined in Certificate Requirements at Microsoft Technet.

A properly configured firewall. See Ports and Protocols at Microsoft Technet.

MANDATORY!

Latest System Release SBC Firmware and SbcComms Firmware

Important!

  • Refer to the SBC Edge Release Information page for instructions on obtaining the latest firmware.
  • Failure to update to the latest firmware could lead to deployment failure.
  • Make sure to use the latest sustaining release.
Microsoft Cloud Connector Edition image on ASM recovery partition.

Network Settings

We recommend deploying both Appliances on the same subnet with a resilient connection.

For the purposes of this document, the CCE is deployed in the following network:

Typical Deploments

 

 

 

Firewall Settings

In this best practice the router/firewall is configured with the following rules:

Internal Firewall Rules for CCE

Source IP

Destination IP

Source Port

Destination Port

Cloud Connector Mediation component – 192.168.210.123 & 192.168.210.117

Internal clients

TCP 49 152 – 57 500*

TCP 50,000-50,019 (Optional)

Cloud Connector Mediation component – 192.168.210.123 & 192.168.210.117

Internal clients

UDP 49 152 – 57 500*

UDP 50,000-50,019

Internal clients

Cloud Connector Mediation component – 192.168.210.123 & 192.168.210.117

TCP 50,000-50,019

TCP 49 152 – 57 500*

Internal clients

Cloud Connector Mediation component – 192.168.210.123 & 192.168.210.117

UDP 50,000-50,019

UDP 49 152 -57 500*



External Firewall Rules for CCE

Source IP

Destination IP

Source Port

Destination Port

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

Any

TCP 5061

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

Any

TCP 80

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

Any

UDP 53

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

Any

TCP 53

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

TCP 50,000-59,999

Any

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

UDP 3478

Any

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

UDP 50,000-59,999

Any

Any

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

TCP 5061

Any

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

TCP 443

Any

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

TCP 50,000-59,999

Any

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

UDP 3478

Any

Cloud Connector Edge External Interface – 192.168.211.81 & 192.168.211.86

Any

UDP 50,000 - 59,99



Host Firewall Rules - Internal or External Access

Source IP Destination IPSource PortDestination Port
ASMAnyAnyTCP 53
ASMAnyAnyTCP 80
ASMAnyAnyTCP 443

DNS Settings

Make sure that CCE FQDN is resolving to the SBC Edge Public IP address. To do so, login to your DNS server and create the relevant entries.

Preparing Your Node

Preparing the SBC Edge for Initial Setup

Update the SBC Edge firmware to the latest release version.

Ensure the Node FQDN is definitive. Changing this information requires the CCE to be redeployed.

Sonus recommends starting with a clean and empty configuration.

 

Ensure That the Node's FQDN is Correct


 

Optional

When configuring a secondary

Unable to show "metadata-from": No such page "_space_variables"
in your environment, make sure to have the secondary
Unable to show "metadata-from": No such page "_space_variables"
network interface is configured accordingly to be able to reach out to CCE's internal/corporate network.

Preparing the ASM

If your ASM has been used previously, reinitialize it following the steps  in Re-Initializing the ASM.

Confirm that the ASM is ready to deploy the CCE by following these steps.

Perform these steps on both

Unable to show "metadata-from": No such page "_space_variables"
systems.

StepAction
1Login to the WebUI of the SBC Edge.
2Click the Task tab, and then click Operational Status.
3

Verify that:

  • The ASM Board Status is Up
  • The appropriate Service Status is Running
  • The Service is the latest version. If the service version (SBC Communications Service) is not the latest, update it by following the steps in Installing an ASM Package.

 

4

Change the ASM Admin password:

    1. Login to WebUI of both SBC Edge systems
    2. Click the Task tab and then click Change Admin Password.
    3. Enter the desired password twice and then click OK.

 

Deploying the CCE

Deploying the CCE on the

Unable to show "metadata-from": No such page "_space_variables"
consists of two steps:

  1. Prepare the CCE deployment on the SBC Edge using the section below.
  2. Using Sonus Cloud Link Deployer via Remote Desktop on the ASM Module:
    1. Register all the CCE appliances.
    2. Install and publish the CCE Appliance Master.
    3. Install the CCE Appliance Slave.
  • If this is a re-deployment of a CCE deployment, complete the steps in Redeploying the CCE to clean up previously entered data in O365 before proceeding with the following section.

Configuring the CCE Through the WebUI

Configuring the ASM

Perform these steps on both

Unable to show "metadata-from": No such page "_space_variables"
systems.

StepAction
1

Login to the WebUI of each SBC Edge.

2

Navigate to Tasks  > Setup Cloud Connector Edition.

3

Click the ASM Config tab and configure/verify the Network and IP settings of your ASM as shown below.

4

Click Apply. After receiving the activity status as successfully completed, click the Generate CSR tab.

Configuring the ASM – CCE-1

Configuring the ASM – CCE-2

Generating the CSR

This process is required only if you don't have a public certificate for your deployment. If you already have a certificate, proceed to Import Certificate.

Perform these steps on only one of the

Unable to show "metadata-from": No such page "_space_variables"
systems.

Step Action
1Login to the WebUI of one of the SBC Edge systems.
2

Navigate to Tasks > Setup Cloud Connector Edition > Generate CSR.

3

Generate the CSR as shown below with following information.

Note: This example uses aepsite1.sonusms01.com and sip.sonusms01.com as common name and SAN

To ensure creating a valid CSR for Cloud Connector Edition usage, please see the section "Certificate requirements" on https://technet.microsoft.com/en-us/library/mt605227.aspx .

Generate CSR


 

Importing Certificate/Keys

Perform these steps on both

Unable to show "metadata-from": No such page "_space_variables"
systems.

Step Action
1Login to the WebUI of each SBC Edge.
2

Navigate to Tasks > Setup Cloud Connector Edition and then click the Import Certificate/Keys tab.

3

On SBC-1, click the Action drop-down list and select the appropriate option:

  • If you generated a Certificate Request (CSR) in the previous section, select the Import X.509 Signed Certificate option using the Choose File button.
  • If you prepare your certificate by yourself, select the Import PKCS12 Certificate and Key option and paste into the Paste Base64 Certificate box.
4Click OK.
5
  • On SBC-1, select the certificate Action, use Export PKCS12 Certificate and Key, enter the password, and then click OK.
  • On SBC-2, select the certificate Action, use Import PKCS12 Certificate and Key to import the pkcs certificate you exported on SBC-1, enter the password, select the relevant certificate file using the Choose File button and then click OK.

 

Configuring the CCE

Perform these steps on both

Unable to show "metadata-from": No such page "_space_variables"
systems.

StepAction
1Login to the WebUI of each SBC Edge.
2Open the Tasks tab and click Setup Cloud Connector Edition in the navigation pane.
3Click the Configure CCE tab.
4

Configure all necessary information and then click OK.

 

Configuring the ASM – CCE-1

 

Configuring the ASM – CCE-2

 

 

 

Note: Enter the ASM's IP address in the HA Master IP Address field. The Slave uses the same root certification as the Master, and this location contains the shared folder that contains the Root CA of the Master.

5After receiving the activity status as successfully completed, click the Prepare CCE tab to continue.

 

 

 If the deployment environment consists of multiple-site with a single certificate, or a wild card certificate, ensure the CCE Site Name and the Edge Server Public Hostname are correct before proceeding.

Verifying and Updating the CCE Configuration INI File 

You must verify (and possibly correct) the CCE Configuration INI File after configuring the CCE.

When deploying a High Availability (HA) systems, it is important to have Management IP Prefix unique on each HA system. For instance, if your HA Master CCE system has 192.168.213.x as the Management IP Prefix, you need to be sure to configure this attribute differently on HA Slave system. While doing this, also make sure that subnet that you are defining in this field does not conflict in your IP infrastructure.

Perform these steps on both

Unable to show "metadata-from": No such page "_space_variables"
systems.


Follow these steps to verify and correct values in the CCE Configuration INI File.

StepAction
1Login to the WebUI of each SBC Edge.
2Click the Configure CCE tab and then click Click to re-configure CCE application.
3Click OK on the popup dialog box.
4

Click the Raw (INI) Config drop-down list, and select an option:

  • Edit. Configurable fields are displayed for editing. Modifications to the CCE configuration requires redeployment of the CCE VM, and this action takes approximately two hours.
  • Export. Exports the .ini file.
  • Import. Imports the .ini file.
5

Verify/correct the values in the CCE Configuration INI File and then click OK.


Preparing the CCE 

Perform these steps on both

Unable to show "metadata-from": No such page "_space_variables"
systems.

StepAction
1Login to the WebUI of each SBC Edge.
2Open the Tasks tab and click Setup Cloud Connector Edition in the navigation pane.
3Click the Prepare CCE tab.
4

Click the Prepare CCE button. A confirmation will request you to enter the password again for the new password. Only the Tenant credentials are already existing. The same password should be used on all Appliances in the site. Click OK as shown below.

5

To complete the deployment, continue with Activating the CCE.

Activating the CCE

This step stores the Microsoft product keys, and activates the CCE VM (which is not yet activated).

Perform these steps on both

Unable to show "metadata-from": No such page "_space_variables"
systems.

Each CCE requires four VMs; each Microsoft Product Key activates two VMs.

StepAction
1Login to the WebUI of each SBC Edge.
2Open the Tasks tab and click Setup Cloud Connector Edition in the navigation pane.
3Click the Activate CCE tab.
4

In Domain Controller and Central Management Store VM > Windows Product Key 1, enter the first Microsoft Product Key. To identify the Product Key, see Identify Microsoft Product Key.

5In Under Mediation Server and Edge Server VM > Windows Product Key 2, enter the second Microsoft Product Key. To identify the Product Key, see Identify Microsoft Product Key.
6Click Activate.
7Access Tasks> Operational Status to verify Windows Activation. If activation fails, see Troubleshooting.
8

To complete the deployment, continue with installing the Installing the CCE Appliance using Sonus Cloud Link Deployer.

Activate the CCE

 

Identify Microsoft Product Key

To identify the Microsoft Product Key:

  1. Access the bottom of the SBC unit and locate the two Microsoft Certificate of Authenticity stickers.
  2. Locate the Microsoft Product Key for each.

    Sample Microsoft Certificate of Authenticity Sticker
Activation - Troubleshooting Tips

If activation fails, check the following:

  • If access to the Microsoft Server fails, verify IP and Firewall configuration. 
  • Verify each Product Key has not reached the allowed limit of 15 activations.
  • Verify correct entry of the Product Key.

Installing the CCE Appliance using Sonus Cloud Link Deployer

CCE Deployment - Using a Proxy on the ASM Host

If you plan to use a proxy on the ASM Host to reach Office 365, you must add the Management network (192.168.213.0) into the exclusion list and specify proxy settings per machine rather than per user.

CCE Deployment - What to Expect
  • The CCE deployment may exceed two hours.
  • The CCE deployment status is visible only on the Remote Desktop to the ASM. The WebUI indicates that the CCE is running while the deployment process is in progress.
  • While the CCE deployment is running, you should not perform any actions on the ASM via the WebUI (i.e., Shut Down/Reset/Reboot/Reinitialize/Install etc.).
  • If the Office 365 PSTN Site already exists in your tenant, ensure the other Appliance is removed, and the CCE Auto-Update time window is properly configured. If you are in a time window dedicated to the Auto-Update, you should use the command Set-CsHybridPSTNSite to set EnableAutoUpdate to $False. Replication of the information may take up to 30 minutes.

Using Sonus Cloud Link Deployer via Remote Desktop on the ASM Module:

  1. Register all the CCE Appliance.
  2. Install and publish the CCE Appliance Master.
  3. Install the CCE Appliance Slave.

Registering the CCE Appliance

Perform these steps on only one of the

Unable to show "metadata-from": No such page "_space_variables"
systems.

Step

Action

1

Remote desktop to the ASM of the SBC Edge System 1.

2

Launch the Sonus Cloud Link Deployer from icon on the desktop.

3

Check the first two actions:

  • Transfer Password from SBC: This step imports the password that has been set during the Preparing the CCE.
  • Register Appliance: This step registers this new appliance on your Ofiice365 tenant.
4Click Apply.
5

After successful execution, remote desktop to the ASM of the

Unable to show "metadata-from": No such page "_space_variables"
System 2.

6

Launch the Sonus Cloud Link Deployer from icon on the desktop.

7

Check the first two action.

  • Transfer Password from SBC: This step imports the password that has been set during the Preparing the CCE.
  • Register Appliance: This step registers this new appliance on your Ofiice365 tenant.
8Click Apply.

Registering the CCE Appliance - Master

 

Registering the CCE Appliance - Slave


 
 

Install-CcAppliance on the HA Master Node

Step

Action

1

Remote desktop to the ASM of the SBC Edge System 1.

2Launch the Sonus Cloud Link Deployer from icon on the desktop.
3

Check the last two actions:

  • Install Appliance: This step deploys the CCE.
  • Publish Appliance (HA Only): This will extract the required information from the HA Master
4Click Apply.

Install CcAppliance on HA Master Node


 
 

Install-CcAppliance on the HA Slave Node

StepAction
1

Remote desktop to the ASM of the SBC Edge System 2.

2Launch the Sonus Cloud Link Deployer from icon on the desktop.
3

Check the third action:

  • Install Appliance: This step deploys the CCE.
4Click Apply. The Installation time depends on the bandwidth between the Master and the Slave.
5After configuring the SBC Edge for CCE, refer to Managing Your Office 365 Tenant to configure CCE update time and user.

Install CcAppliance on the HA Slave Node


 
 

Integrating SBC Edge With CCE

After the CCE is deployed, integrate the

Unable to show "metadata-from": No such page "_space_variables"
and allow calls from/to O365 clients. In this example, the following steps will set up the 
Unable to show "metadata-from": No such page "_space_variables"
for:

 

SIP Provider (193.168.210.103) – SBC Edge (193.168.210.125)  – CCE (mediation Server: 193.168.210.123) – O365 Cloud

Building Your SBC Edge-1 Configuration

StepAction
1Login to the WebUI of SBC Edge-1.
2Navigate to Tasks > SBC Easy Setup and then click the Easy Configuration Wizard.
3

Follow steps 1, 2, and 3 and then click Finish.

The wizard configures the necessary settings for SBC Edge-1 and CCE integration, after which you can see all relevant configuration items in Settings tab.

Building your SBC Edge-1 Configuration

 

Building Your SBC Edge-2 Configuration

StepAction
1Login to the WebUI of SBC Edge-2.
2Navigate to Tasks > SBC Easy Setup and then click the Easy Configuration Wizard.
3

Follow steps 1, 2, and 3 and then click Finish.

 

The wizard configures the necessary settings for SBC Edge-2 and CCE integration, after which you can see all relevant configuration items in Settings tab.

 

 

Building your SBC Edge-2 Configuration

 

Basic Call Verification after CCE Deployment and SBC Edge Integration

With the preceding settings, an endpoint from the SIP provider side can dial the number of a Skype For Business (O365) client and reach out to it over SBC Edge. The call flow for this call is shown below:

 

 

Call Flow

Similarly, a Skype For Business (O365) client can dial the number of an endpoint off of ITSP and reach out to it over SBC Edge. The call flow for this call is shown below:

 

Call Flow

O365 Known Issue and Workarounds for CCE

Redeploying the CCE

Configuration changes to the CCE in the WebUI per Tasks > Setup Cloud Connector Edition> Configure CCE requires the CCE to be re-deployed.

Backup the Public Certificate per Tasks > Setup Cloud Connector Edition> Import Certificate.

Clean Office 365 Tenant

If the CCE was previously deployed, previously installed information must be cleared in O365. To do so, follow the steps below:

StepAction
1Remote Desktop to the ASM system
2

Connect the Office365 Tenant through a series of commands as follows:

a. Execute the following command:

Import-Module skypeonlineconnector
$cred = Get-Credential
b. When prompted, execute the credentials for O365 Admin Tenant.
c. Execute the following command:
$Session = New-CsOnlineSession -Credential $cred -Verbose
Import-PSSession $session
3Display all the Appliances assigned to your tenant, identify the Appliance you just re-initialized, and copy the identity into your clipboard.

Get-CsHybridPSTNAppliance

4

Execute the following command to remove the appliance:

Unregister-CsHybridPSTNAppliance -Identity <paste the identity here> -Force

5

Execute the following command to verify that the appliance has been removed:

Get-CsHybridPSTNAppliance

6

This completes the cleanup.

Re-Initializing of the ASM

The ASM must be re-initialized with the image that contains the latest CCE software. To do so:

StepAction
1Login to the WebUI of the SBC Edge.
2Click the Task tab, and then click Reinitialize in the navigation pane.
3

Select the appropriate image from the drop-down list and then click Apply.

Updating the CCE Password

Follow these steps if you need to update the O365 tenant admin password or account.

StepAction
1On the WebUI, run Preparing the CCE to specify a new Password. Select the existing password and enter the new password. Only the O365 should be modified for a running instance of CCE.
2

On Remote desktop, start the Sonus Cloud Link Deployer, and check Transfer Password from SBC to reset the credentials.

  • No labels