The Microsoft Office Communications Server 2007 keynote session and other launch sessions – provide us with a wealth of information about the functionality delivered in this product and why it is essential to the business process infrastructure in the organization. In this session,
1. Exploring OCS 2007: How do I run a pilot? The first step in evaluating and deploying OCS 2007 is to run a Pilot program in the organization. Based on organizational needs, a Pilot size deployment may also be sufficient in some cases. In this section, we’ll see how you can go about deploying a pilot for OCS 2007.
2. Next, we’ll see - How we can plan the enterprise deployment? This section talks about the steps beyond the pilot. We’ll look at a list of “Key Considerations” – questions that you should address in planning the enterprise deployment in your organization.
3. Then we’ll look at the various deployment options that are available for enterprise deployment: in this section, we’ll talk about options for deployment – such as high availability, scalability, performance, remote access, PSTN connectivity etc and look at how each scenario would influence the topology for the deployment.
4. The next section provides a list of steps that you can perform after the planned installation completes – such as setting policies, configuring IM, voice, user-access etc to finalize the OCS 2007 deployment.
Standard Edition Deployment
For a pilot, the recommended installation topology is the Standard Edition Deployment.
This deployment is also ideal for running a pilot or for use with branch offices in a global deployment.
The product installation requires one machine running Microsoft Windows Server 2003 that meets the minimum hardware requirements, and Microsoft Active Directory where users, groups and devices are already managed. With this single server installation, - provisioned users have the ability to use the following features: IM, presence information, peer-to-peer voice using Office Communicator and conferencing.
In this deployment topology – the features that are not available (and which can be added by extending the deployment) include – PSTN Access, Remote or External Access, and high availability /failover.
All server roles of the product are co-located on a single server in this installation and the installation scales to about 5000 users (based on standard usage described in the planning guide).
OCS 2007 Standard Edition demo
Now that we’ve seen the Standard Edition deployment topology, let us jump into a demo where we explore the Standard Edition deployment steps.
1. Show the setup wizard – with the 5 steps in the deployment of the standard edition. Voiceover talks about logical organization of setup steps, built-in verification after each step and detailed logs & information available right the setup wizard.
2. Another Image – setup wizard is in the final step. Deployment finishes. Open MMC and talk about how information is easily available for configuring server roles, users etc.
3. Provision 2 users for Communications.
- Microsoft Office Communicator Client Part of premium Office 2007 editions Office Professional Plus Office Enterprise MSI has driven setup Roll out Communicator 2007 SMS package Desktop deployment wizard Client settings are autoconfigured
On the client desktop, these enabled users can now start using the functionality provided by OCS 2007 with the Office Communicator client.
This client is a part of the Office 2007 premium editions including – Office Professional Plus and Office Enterprise.
The Office Communicator client is installed with an MSI setup. This allows for broad distribution – with remote command-line automation (msiexec) or with desktop software rollout solutions such as SMS (or Microsoft System Center Configuration Manager) and the desktop deployment wizard.
With the in-band provisioning feature of OCS 2007, client-side settings are automatically downloaded from Active Directory and Office Communications Server back-end during user login. So the administrator does not need to provision/configure anything on the client-side for each user.
OCS 2007 Architecture Overview
Before we dig into the enterprise deployment options – let us go through the OCS 2007 Architecture as well as the Server Roles in the product. This will give us an idea of the various product pieces and how each server role can be managed to meet the requirements of the organization.
Active Directory – shown on the right-hand side of this architecture diagram – servers as a single point for managing the identity of users, devices, group etc. It is also used by the messaging and communications infrastructure - as we saw in the demo earlier. The OCS 2007 deployment – includes the Front-end roles, the back-end roles as well as the conferencing, data and voice roles.
This gives the ability for end-points (Office Communicator and a variety of phone devices – to utilize the services provided by OCS back-end).
Advanced Media Gateway (aka Mediation Server) helps the interoperation with an existing PBX and a PSTN system. This provides the ability for OCS enabled users and to dial-out and call, non-OCS enabled users inside & outside the organization through a PBX or PSTN setup. With Exchange Unified Messaging integration – a rich set of functionality becomes available for OCS users. This includes voice mail & missed call notification, auto-attendant, and other call management features.
With the File Share – users can share content to be used in Conferences. The Archiving/Call Detail Records role is useful in capturing information – such as capturing all IM conversations, recording call related information – for helping with compliance requirements in the organization With the “Edge” roles in OCS 2007, remote users, federated business users, and public IM clouds can now utilize the features provided by OCS outside the corporate firewall as well. The launch session on “Anywhere Access” and the launch session on “Security and Organizational Governance” provide more information about Anywhere Access features of the product.
Server Roles
During deployments, we can decide to co-locate many server roles on the same physical machine. Similarly, we may want to install the same server role on multiple physical machines for scale and availability.
Standard Edition We saw the Standard Edition deployment already. This all-in-one server deployment is – ideal for a pilot/branch office.
Enterprise Edition Front end-providers high availability in a typical enterprise deployment. Contains all core server functions except storage. A pool of Front-end servers is load balanced.
Enterprise Edition Back End Microsoft SQL Server™ stand-alone or cluster that stores users, meetings, and configuration state.Director Optional security role that facilitates external user logins and isolates the internal deployment from external authentication traffic.
Access Edge Server Security role for external access. Transports SIP signaling through the perimeter network in a secure manner.
Mediation Server Provides mediation services for IP-PBX gateways that enable voice calls and conference calls to work on traditional telephony systems. Archiving Server Provides the ability to archive all Instant Messages and Voice Call details to a SQL Server database.
Communicator Web Access (CWA) ServerCommunicator Web Access Server delivers Instant Messaging (IM) and rich presence functionality using the Web browser (similar out OWA – Outlook Web Access).
Web Conferencing Server Dedicated Multi-point Control Unit (MCU) for Web (data) conferencing in large-scale deployments. Audio/Video Conferencing Server Dedicated MCU for audio/video conferencing in large-scale deployments.
IIS Server Dedicated IIS Server for conferencing functions such as slide access and services such as Distribution List Expansion, etc., in large-scale deployments. Web Conferencing Edge Server Optional server role to support high availability External access. Transports Web conferencing (PSOM) traffic through the perimeter network for external, anonymous and federated access.
A/V Conferencing Edge Server Optional server role to support high availability External access. Transports audio/video traffic (SRTP) through the perimeter network for external, anonymous and federated access.
QoE Monitoring Server Monitors Quality of Experience for Voice and media. Rich reporting and historical analysis Exchange Unified Messaging This is not a specific server role. But the integration on the Front-end server with Exchange UM provides – voicemail, missed call notification, auto-attendant features.
Key Planning Considerations
Functional requirements Will I deploy Voice? §Audio/Video Multi Control Unit (MCU), PSTN integration, Mediation Server Will I deploy Video? §Audio/Video MCU, scale-out configuration, network bandwidth for video Will I deploy Conferencing? §Conferencing MCU, External Access (outside corporate firewall), IIS Do I need to provide access outside the corporate firewall? §External Access (Edge Servers, Audio/Video, and Conferencing MCU) Do I have compliance requirements for IM and conferencing?
Archiving Server Role and configuration, Policies To plan our OCS 2007 enterprise deployment, let us walk over the “Key Planning Considerations”. –which of these server roles do I need for the deployment?
(Functional Requirements).
•Voice: When deploying voice we want to think about the Audio /Video Multi Control Unit (MCU) Server. If the voice usage (PC to PC or PC to PSTN) is likely to be high we’d want more than one A/V MCU server. To integrate OCS users with PSTN access, we’ll want to set up a mediation server to work with a Gateway. More details on the configuration and management aspects are providing in the following sessions: “ UC Management Experience” and “Voice Interoperability”
•Video: When deploying video we again want to think about the Audio/Video MCU. To scale out the A/V MCU – we may require multiple servers. Another important consideration is to verify whether the existing network supports the bandwidth required for Video. We’ll talk about bandwidth requirements for video shortly.
•Conferencing:
Conferencing MCU, External Access (outside corporate firewall), IIS When deploying conferencing, a big deployment consideration is an ability for federated business users (such as partners, suppliers, and others) as well as anonymous users to participate in the conference. This would dictate setup for edge access and edge conferencing server roles.
•External access - outside the corporate firewall: For External Access, we would require the setup of Edge Servers – Edge Access Server, Audio/Video Edge Server, and Conferencing Edge Server. Deployment also includes configuring the internal and external firewalls to open the right ports for communication and ISA server configuration.
•Compliance requirements for IM and conferencing:
•Archiving Server Role needs to be installed and enabled – to collect/record IM and call detail records. This would be used in combination with configuration policies that are applied at the organization level, pool level and at each user level. -Once we’ve decided on the functional requirements – we can plan out what server-roles are needed and how are they located (co-located on a single machine, located on a separate machine, located on a set of machines to meet availability and scalability needs)
- Microsoft Active Directory Integration OCS 2007 uses AD for centralized identity management Leverages AD authentication and authorization services Installs schema extensions to AD to store per-user data SIP URI Meeting policy Per-user settings OCS guided setup performs AD schema update Step-by-step wizard to complete Forest prep, Domain prep, Schema update Wizard also verifies AD replication after each step AD schema updates are at the forest level Multiple OCS pools in the same forest share AD schema settings
With AD integration, there is only one identity to manage for the IT Administrator. This immensely simplifies administration and enables easy integration with existing business processes in the organization.
OCS 2007 leverages AD for authentication and authorization services. As a part of OCS 2007, schema extensions are installed to Active Directory. These extensions are irreversible.
OCS 2007 guided setup helps perform and verify each step. -
Here is an example of a Global Deployment with Voice and PSTN access: For this deployment example – we have 2 sites: Primary and Secondary The Primary site has about 50k users and is using the Enterprise Expanded topology The secondary site has about 20k users and is using the Enterprise Consolidated topology The Directors (2 in this example) direct traffic to the right site (or pool) based on incoming requests.
We’ve added External Access servers to enable remote users, federated businesses to connect with the enterprise while outside the corporate firewall. We’ve also added PSTN integration for a call to traditional telephony networks inside and outside the corporation. External Access and PSTN Connectivity are enabled for both sites (Primary and secondary).
- Finalizing Deployment Instant Messaging Intelligent IM Filter for URL, File transfer Voice PSTN Connectivity Location Profile, Dial Plan, Policy, Routes Covered in session – “VOIP Topologies and Interoperability” Policies Archiving Conferences and meetings Call Detail Records
•This involves – enabling users for communications as well as configuring Intelligent IM Filter: This Filter can be used to block or modify URLs in IM conversations. This feature is usually in counteracting SpIM attacks. The Intelligent IM Filter can also be allowed to block some or all file extensions. The administrator controls these configuration settings through policies. Configuring Voice
•PSTN Connectivity – this involves setting up a Location Profile for the site location, Dial Plans for normalizing phone numbers that are dialed, Policy that determines what users are allowed to call which area/numbers and Routing information that helps identify the right gateway/mediation server to use in order to minimize telephony cost.
This information is a session in session – “VOIP Topologies and Interoperability” Configuring Policies Policies are configured by IT Administrators at the following levels – Forest, Pool and per-user. So the settings that we’ll see in this section can be specified at any of these levels. •Archiving policies can enforce archiving as required or vary based on per-user settings.
•Conferences and meetings – Administrators can specify policy about anonymous users participating in conferences, as well as the ability to include voice/video or application data as a part of conferences. •Call Detail Records – setting policies for CDRs helps the IT Admin collect data that help meet organizational governance goals.
Certificates •Traffic (both media and control information ) is secured using TLS (Transport Layer Security) and MTLS (Mutually authenticated TLS). The new certificate wizard helps administrators deploy the certificates necessary for TLS. External Access
•Configuring External access include opening specific ports on the internal and external Firewalls, configuring the ISA server and setting up Reverse Proxy for phone number lookup. Exchange Server 2007 UM integration
To configure Exchange 2007 UM, we can point Exchange UM to OCS front-end. OCS can act as a gateway for Exchange UM and carry all the routed traffic in & out of Exchange. This requires setting up location profile, dialing & normalization rules. QoE Monitoring Server
•Quality of Experience Monitoring Server can collect a wealth of near real-time data about call metrics, call quality and provided aggregated reporting on top of this. With a Microsoft Operations Manager 2005 Management Pack, administrators can receive alerts on observed call quality at locations and set their own thresholds to monitor voice quality in the deployment.
Deployment Tools
Validating deployment configuration Validation tools in MMC console §Simulates workloads (IM, login, presence, A/V etc) §Checks configuration settings §Provides detailed drill-down reports Best Practices Analyzer tool Automating deployment tasks With LcsCmd.exe §Delegate Administration – server admin, user admin, setup admin §Check status of deployment §Prepare Active Directory for deployment §Backup/Restore operations.
Comments
Post a Comment