You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

 

READ BEFORE BEGINNING

You must follow these steps completely and in the order shown. Failure to do so increases the risk of node failure.

Table of Contents
About this Page

The intent of this article to provide a step-by-step procedure for CCE High Availability Deployment on SBC Edge.

CCE Deployment Scenarios

Following diagram displays the typical CCE Deployment Scenarios:

 


Prerequisites

  1. A public domain name prepared and mapped with your Office 365 tenant.See: Create an Office 365 tenant

  2. An Office 365 tenant with some E5 license or E3 + Cloud PBX. See:  Create an Office 365 tenant.

  3. Have an O365 tenant account with ADMIN privileges that will be used during CCERe-DeploymentSpecificSteps.

  4. A public certificate authority ready to sign a certificate for EDGE FQDN. See  https://technet.microsoft.com/en-us/library/mt605227.aspx,  Information you need to gather before deployment  Certificate requirements.

  5. A properly configured firewall. See: https://technet.microsoft.com/en-us/library/mt605227.aspx. See https://technet.microsoft.com/en-us/library/mt605227.aspx,  Information you need to gather before deployment \ \ Ports and protocols.

  6. Latest System Release 6.1.0 SBC Firmtware.

  7. Latest System Release 6.1.0 SbcComms Firmware.

  8. MSFT CCE image 1.4.0 on ASM recovery partition.
  9. SBC Edge is already configured with two IP interfaces, one for internal / corporate network, and the second one for external / internet network as shown below:

 

Pre-configured IP Interfaces

Optionally, if you want to configure a secondary

Unable to show "metadata-from": No such page "_space_variables"
in your environment, make sure to have the secondary
Unable to show "metadata-from": No such page "_space_variables"
 network interface is configured accordingly to be able to reach out to CCE's internal / corporate network.

Network Settings

For this best practice, CCE deployment is completed in the following network:

Typical Deployments

 

Firewall Settings

The following rules are applied:

Firewall Rules

d Firewall Rules fufw.png
 

Prerequisites

Microsoft defines the multi-site CCE deployment in https://technet.microsoft.com/en-us/library/mt740650.aspx. Based on this article, we will use the following information in our best practice example:

CCE Site FQDNAepsite1.sonusms01.com
CCE-1: Edge Server External IP192.168.211.86 CCE-2 Edge Server External IP192.168.211.81
CCE-1: Edge Server Public IP12.8.245.86 CCE-2: Edge Server Public IP12.8.245.81
CCE-1: Domain Controller IP192.168.210.115 CCE-2: Domain Controller IP192.168.210.121
CCE-1: Central Management Store IP192.168.210.116 CCE-2: Central Management Store IP192.168.210.122
CCE-1: Mediation Server IP192.168.210.117 CCE-2: Mediation Server IP192.168.210.123
CCE-1: Edge Server Internal IP192.168.210.118 CCE-2: Edge Server Internal IP192.168.210.124
SBC-1 FQDN and IP

sbc1.sonusms01.com

192.168.210.113

 SBC-2 FQDN and IP

sbc2.sonusms01.com

192.168.210.125

DNS Settings

Based on above table entries and on our deployment scenario, make sure that CCE FQDN is resolving to both Edge Server PublicIP addresses. To do so, login to your DNS server and create the relevant entries as shown below:

The following sections describe a clean install of the CCE. If your environment has already deployed with CCE, and you are planning to re-deploy, it is necessary to clean up the site(s) that may already exists in O365. To do so, please follow the steps in CCE Re-Deployment Specific Steps in Best Practice for CCE Deployment on SBC Edge.

Re-Initialization of ASM

Both ASMs must be re-initialized with the latest image that contains the latest CCE software (in this example it is 1.4.1 version).

To do so:

  1. login to WebUI of both SBC Edge systems
  2. Under Task (tab), click on Reinitialize (in navigation pane)
  3. Select the appropriate image from the drop-down menu and click Apply as shown below:
ASM-1ASM-2

Upgrade of SBCcomms

Both ASM's must be re-initialized with the latest image that contains the latest CCE software (in this example it is 1.4.1 version).

To do so:

  1. login to WebUI of both SBC Edge systems
  2. Under Task (tab), click on Install ASM Update (in navigation pane)
  3. Using the Choose File button, browse to the latest SBCcomms firmware and click Apply as shown below:
ASM-1ASM-2

ASM Admin Password

Change the Admin Password on both ASM:

  1. login to WebUI of both SBC Edge systems
  2. Under Task (tab), click on Change Admin Password (in navigation pane)
  3. Enter the desired Admin Password twice and click OK as shown below:
ASM-1ASM-2

Node FQDN

  1. login to WebUI of both SBC Edge systems
  2. Under Settings (tab), click on Node-Level Settings (in navigation pane)
  3. Make sure to have host and domain names of the SBCs are configured correctly as shown below:
SBC-1SBC-2

CCE Deployment

ASM Config

  1. login to WebUI of both SBC Edge systems
  2. Under Tasks (tab), click on Setup Cloud Connector Edition (in navigation pane)
  3. Click on ASM Config (tab)
  4. Fill in the IP information as shown below (accordingly with your environment) as shown below:
CCE-1CCE-2

Generate CSR

  1. login to WebUI of one of your SBC Edge systems.
  2. Under Tasks (tab), click on Setup Cloud Connector Edition (in navigation pane)
  3. Click on Generate CSR (tab)
  4. Generate the CSR as shown below with following information. Please note that in this example we are using aepsite1.sonusms01.com and sip.sonusms01.com as common name and SAN as shown below:

Import Certificate Keys

  1. login to WebUI of both SBC Edge systems
  2. Under Tasks (tab), click on Setup Cloud Connector Edition (in navigation pane)
  3. Click on Import Certificate Keys (tab)
  4. Select the certificate Action (in this example we are using Import PKCS12 Certificate and Key selection), enter the password, select the relevant certificate file using Choose File button and click OK as shown below:
CCE-1CCE-2

Configure CCE

  1. ogon to WbUI of both SBC Edge systems
  2. Under Tasks (tab), click on Setup Cloud Connector Edition (in navigation pane
  3. Click on Configure CCE (tab)
  4. Configure all necessary information and click OK as shown below:
CCE-1CCE-2

CCE Configuration.INI file verification and Update

After the step above, several checks and (if needed) corrections are needed in the INI file.

The CCE deployment internally sets the domain suffix as defined under VirtualMachineDomain attribute. Although your SBC may have an FQDN that can be reached from your corporate network, it is important to setup the SBC's Gateway FQDN parameter accordingly with the VirtualMachineDomain value, so that CCE can communicate with SBC without a problem.

In addition, when deploying a High Availability systems, it is important to have Management IP Prefix to be unique on each HA system. For instance, if your HA Master CCE system has 192.168.213.x as the Management IP Prefix, you need to be sure to configure this attribute differently on HA Slave system. While doing this, also make sure that subnet that you are defining in this field does NOT conflict in your IP infrastructure.

To verify these values or correct them in Configuration.INI file, follow the steps as shown below:

  1. ON both SBC-1 and SBC-2 webUI > under Configure CCE (tab) click on Click to re-configure CCE application button
  2. Click on OK on the popup
  3. Click on Edit Raw Config button
  4. In CCE Configuration INI File (raw file), verify/correct the values and click OK as shown below:

 

Verification of Shared Site Directory on HA Master CCE

Above step creates a shared site directory that both CCE-1 and CCE-2 will use on SBC Edge-1 ASM. To verify that this particular directory is successfully created proceed with the following steps:

  1. Remote Desktop to ASM of the SBC Edge-1 system
  2. Launch the PowerShell
  3. Execute Get-CcSiteDirectory command.
  4. Then using the windows explorer verify that relevant directory exists as shown below:

Prepare CCE

  1. Login to WebUI of both SBC Edge systems
  2. Under Tasks (tab), click on Setup Cloud Connector Edition (in navigation pane)
  3. Click on Prepare CCE (tab)
  4. Click on Prepare CCE button, enter the password for Edge Server External Certificate, and click OK as shown below:
CCE-1CCE-2

Register-CcAppliance

  1. Remote Desktop to ASM of the SBC Edge-1 system
  2. Launch the PowerShell
  3. Execute Register-CcAppliance command for HA Master.
  4. Once the command is executed successfully,  Remote Desktop to ASM of the SBC Edge-2 system
  5. Launch the PowerShell
  6. Execute Register-CcAppliance command again for HA Slave.
ASM-1ASM-2

Verification of Appliances after successful Registration

While on ASM > PoweShell, you may verify the appliances registration by using the O365 Tenant user with Admin privileges (by running series of commands on PowerShell:)

  • Import-Module skypeonlineconnector
  • $cred = Get-Credential

enter the credentials for O365 Admin Tenant

  • $Session = New-CsOnlineSession -Credential $cred -Verbose

Once the login is successful, execute Get-CsHybridPSTNAppliance command on PowerShell as shown below:

Install-CcAppliance on HA Master Node

  1. Remote Desktop to ASM of the SBC Edge-1 system
  2. Launch the PowerShell
  3. Execute Install-CcAppliance command for HA Master as shown below:

Please note that due to a possible certificate issue, this step may fail! Relevant workaround for this is already covered in:
Best Practice for CCE Deployment on SBC Edge section Best Practice for CCE Deployment on SBC Edge

after fixing the certificate issue, starting the Edge Server Services, and fixing the Virtual Machine Network adapter settings, CCE High Availability Master Node settings completes. Now you need to publish the CcAppliance to proceed with CcAppliance installation on HA Slave Node.

Publish-CcAppliance

  1. Remote Desktop to ASM of the SBC Edge-1 system
  2. Launch the PowerShell
  3. Execute Publish-CcAppliance command as shown below:

Install-CcAppliance on HA Slave Node

  1. Remote Desktop to ASM of the SBC Edge-2 system
  2. Launch the PowerShell
  3. Execute Install-CcAppliance command for HA Slave as shown below:

Similarly, due to a possible certificate issue, this step may fail as well. Relevant workaround for this is already covered in:
Best Practice for CCE Deployment on SBC Edge section Best Practice for CCE Deployment on SBC Edge

after fixing the certificate issue, starting the Edge Server Services, and fixing the Virtual Machine Network adapter settings, CCE High Availability Slave Node settings completes.

Integration of SBC Edge

Integration of SBC Edge-1 with CCE

  1. login to WebUI of SBC Edge-1 systems
  2. Under Tasks (tab), click on SBC Easy Setup > Easy Config Wizard (in navigation pane)
  3. Follow the steps 1, 2, and 3 as shown below and click Finish
  4. Click OK on the next two popups to complete the setup as shown below:

Above wizard run configures the necessary settings for SBC Edge-1 and CCE integration, which you can see all relevant configuration items in Settings tab as shown below:

Integration of SBC Edge-2 with CCE

  1. login to WebUI of SBC Edge-2 systems
  2. Under Tasks (tab), click on SBC Easy Setup > Easy Config Wizard (in navigation pane)
  3. Follow the steps 1, 2, and 3 as shown below and click Finish
  4. Click OK on the next two popups to complete the setup as shown below:

Above wizard run configures the necessary settings for SBC Edge-2 and CCE integration, which you can see all relevant configuration items in Settings tab as shown below:

Adding Split-DNS entries

To allow SIP communication between the CCE Mediation Server and SBC-Edge, Split DNS entries need to be added on each SBC-Edge systems with the following information:

  1. On SBC-Edge 1, add an entry with DNS Server IP Address as the IP address of CCE-1 AD Virtual Machine's Internal (corporate) IP address and the Domain Name as the the VirtualMachineDomain attribute
  2. On SBC-Edge 2, add an entry with DNS Server IP Address as the IP address of CCE-2 AD Virtual Machine's Internal (corporate) IP address and the Domain Name as the the VirtualMachineDomain attribute

as shown below:

SBCE Edge-1SBCE Edge-2

Adding Mediation Server FQDN entries

Lastly, the Mediation Server FQDNs MUST be added to SIP Server Table and SIP Signaling Group Federated FQDN fields with the following information:

  1. On SBC-Edge 1, add the CCE-2's Mediation Server FQDN into SIP Server Table as well as into SIP Signaling Group Federated IP/FQDN list as shown below:
  2. On SBC-Edge 2, add the CCE-1's Mediation Server FQDN into SIP Server Table as well as into SIP Signaling Group Federated IP/FQDN list as shown below:
SBCE Edge-1SBCE Edge-2

 

 

 

  • No labels