Key Elements to Deploying OCS. Where to Start OCS can seem to require an awful lot of servers _ Edge, Director, Front End, SQL, Monitoring, SQL, Archiving,

Key Elements to Key Elements to Deploying OCSDeploying OCS

Where to StartWhere to Start

OCS can seem to require an awful lot of servers _ Edge, OCS can seem to require an awful lot of servers _ Edge, Director, Front End, SQL, Monitoring, SQL, Archiving, Director, Front End, SQL, Monitoring, SQL, Archiving, SQL, Mediation, Group Chat, SQL, …SQL, Mediation, Group Chat, SQL, …

Project I was working on the objectives where to reduce Project I was working on the objectives where to reduce mobile phone spend by offering enterprise voice and mobile phone spend by offering enterprise voice and reduce conferencing by offering live meeting to external reduce conferencing by offering live meeting to external users.users.

80K users, 10K ent voice, UK & USA phone numbers80K users, 10K ent voice, UK & USA phone numbers Phased Implementation Phased Implementation

LabLab Pilot (7k)Pilot (7k) Production 80K, 10K ent voiceProduction 80K, 10K ent voice

PlanningPlanning

High level planning tool is the OCS Planning High level planning tool is the OCS Planning ToolTool

Capacity largely determined by number of Capacity largely determined by number of concurrent usersconcurrent users Logon rate and number of endpointsLogon rate and number of endpoints Contention rate to PSTNContention rate to PSTN

Considerations disaster recovery and resilienceConsiderations disaster recovery and resilience Network Impact _ in particular voice and videoNetwork Impact _ in particular voice and video

Key RequirementsKey Requirements

Active DirectoryActive Directory Windows Server 2003 Domain functional Windows Server 2003 Domain functional

level. DCs W2k3 SP1+level. DCs W2k3 SP1+ If LCS or OCS R1. Global Settings may be in If LCS or OCS R1. Global Settings may be in

system container. If multiple domains suggest system container. If multiple domains suggest moving to config container before schema moving to config container before schema prepprep

Significant Certificate and DNS Significant Certificate and DNS requirements which will be covered laterrequirements which will be covered later

Hardware\OS 64 bit onlyHardware\OS 64 bit only

Voice ImplementationVoice Implementation

Users have Users have bothboth PBX phone PBX phone andand OCOC

Users have Users have eithereither PBX phone PBX phone oror OCOC

Legacy Scenario:Legacy Scenario:RCC onlyRCC only

(partially deprecated)(partially deprecated)

User DID homed User DID homed on PBX on PBX onlyonly





User call control:User call control:Click to call/pick up Click to call/pick up on OC or dial on phoneon OC or dial on phoneRouting, features:Routing, features:PBX only, voice only, PBX only, voice only, features from PBX features from PBX incl. VMincl. VMMedia:Media:Transported by PBX Transported by PBX to PBX phone, no to PBX phone, no outside useroutside userPresence:Presence:PBX line presencePBX line presence





User DID homed User DID homed on PBX on PBX onlyonly

PBX Co-PBX Co-Existence:Existence:

Dual ForkingDual Forking(RCC optional)(RCC optional)

User DID homed on User DID homed on bothboth PBX PBX andand OCS OCS





User call control:User call control:Click to call/pick up on Click to call/pick up on OC or dial on phoneOC or dial on phoneRouting, features:Routing, features:PBX only, voice only, PBX only, voice only, features from PBX incl. features from PBX incl. VMVMMedia:Media:Transported by PBX to Transported by PBX to PBX phone, no outside PBX phone, no outside useruserPresence:Presence:PBX line presencePBX line presence



User call control:User call control:From OC or phoneFrom OC or phoneRouting, features:Routing, features:OCS features from OC, OCS features from OC, PBX features from PBX features from phone, VM from PBXphone, VM from PBXMedia:Media:Choice of voice to OC Choice of voice to OC or PBX phone for each or PBX phone for each call; benefits of OC to call; benefits of OC to outside usersoutside usersPresence (with RCC):Presence (with RCC):Merged OCS “on-the-Merged OCS “on-the-phone” presence and phone” presence and PBX line presencePBX line presence





User DID homed on User DID homed on PBX PBX onlyonly




Enterprise Voice Enterprise Voice “Standalone” with “Standalone” with

SIP-PSTN SIP-PSTN GatewayGateway

User DID homed on User DID homed on OCS OCS oror PBX only PBX only





User DID homed on User DID homed on PBX PBX onlyonly





SIP-PSTN SIP-PSTN GatewayGateway

User DID homed on User DID homed on OCS OCS oror PBX only PBX only


Direct SIPDirect SIP

User DID homed on User DID homed on OCS OCS oror IP-PBX only IP-PBX only





User call control:User call control:Click to call/pick up on Click to call/pick up on OC or dial on phoneOC or dial on phoneRouting, features:Routing, features:PBX only, voice only, PBX only, voice only, features from PBX incl. features from PBX incl. VMVMMedia:Media:Transported by PBX to Transported by PBX to PBX phone, no outside PBX phone, no outside useruserPresence:Presence:PBX line presencePBX line presence



User call control:User call control:From OC or phoneFrom OC or phoneRouting, features:Routing, features:OCS features from OC, OCS features from OC, PBX features from PBX features from phone, VM from PBXphone, VM from PBXMedia:Media:Choice of voice to OC Choice of voice to OC or PBX phone for each or PBX phone for each call; benefits of OC to call; benefits of OC to outside usersoutside usersPresence (with RCC):Presence (with RCC):Merged OCS “on-the-Merged OCS “on-the-phone” presence and phone” presence and PBX line presencePBX line presence

Enterprise Voice “Standalone” with Enterprise Voice “Standalone” with Media Gateway or Direct SIPMedia Gateway or Direct SIP

User call control:User call control:From OCFrom OCRouting, features:Routing, features:OCS features, incl. Exchange UM OCS features, incl. Exchange UM integrationintegrationMedia:Media:OC media including multimedia; all benefits OC media including multimedia; all benefits of OC to outside users, etcof OC to outside users, etcPresence:Presence:OCS native “on the phone” presenceOCS native “on the phone” presence





Anchors PBX, not Anchors PBX, not UC experience UC experience (how (how to place a call when to place a call when nomadic? multimedia?)nomadic? multimedia?)

PBX economics and PBX economics and opsops (proprietary PBX (proprietary PBX CTI, requires 3rd party CTI, requires 3rd party signaling gateway…)signaling gateway…)

Some RCC features Some RCC features deprecated in OC’07deprecated in OC’07

RCC is dead-end, RCC is dead-end, but can help extend but can help extend life of existing PBX life of existing PBX while preparingwhile preparing for for OCS VoiceOCS Voice



Richest experience, Richest experience, best of both worlds best of both worlds (limited VM integration)(limited VM integration)

PBX economics and PBX economics and ops, dual licensingops, dual licensing

Likely to require Likely to require PBX upgradePBX upgrade

Limited availability Limited availability to date but in planto date but in plan

Best for users who Best for users who need PBX feature need PBX feature set, set, in combinationin combination with with Enterprise Voice for Enterprise Voice for other usersother users

Enterprise Voice “Standalone” with Enterprise Voice “Standalone” with Media Gateway or Direct SIPMedia Gateway or Direct SIP

Full UC experienceFull UC experience

UC economics and flexibilityUC economics and flexibility

Interoperates with any PBX (with Gateway)Interoperates with any PBX (with Gateway)

Limited “pure voice” feature set and Limited “pure voice” feature set and survivability in W13survivability in W13

Best for subset of users with simple feature set Best for subset of users with simple feature set needs, especially nomadic, PC centric or needs, especially nomadic, PC centric or collaborative; other users should stay on the collaborative; other users should stay on the PBX for nowPBX for now

Gateway or Direct SIP: infrastructure, not Gateway or Direct SIP: infrastructure, not feature issue; at small/medium scale, gateway feature issue; at small/medium scale, gateway is simple, inexpensive and proven method of is simple, inexpensive and proven method of inter-connecting; MS UC works with vendors inter-connecting; MS UC works with vendors to support Direct SIP to facilitate scalingto support Direct SIP to facilitate scaling

CCM ExampleCCM Example

DNS and CertificatesDNS and Certificates The supported SIP URIs drive the DNS and certificate The supported SIP URIs drive the DNS and certificate

requirementsrequirements For each domain supported DNS records and For each domain supported DNS records and

certificates are requiredcertificates are required Typically the SIP URI is the same as a user’s e-mail Typically the SIP URI is the same as a user’s e-mail

address Eg sip:[email protected] Eg sip:[email protected] There are two clients Communicator and Live Meeting. There are two clients Communicator and Live Meeting.

Two Sets of DNS records for internal and external Two Sets of DNS records for internal and external connection.connection.

““meet:sip:[email protected];gruu;opaque=app:conf:focumeet:sip:[email protected];gruu;opaque=app:conf:focus:id385aa8ec0fcb4879dcb40c%3Fconf-key=JvrI7t324Vx”s:id385aa8ec0fcb4879dcb40c%3Fconf-key=JvrI7t324Vx”

Federation requires Federation requires _sipfederationtls._tcp.uk.didata.com _sipfederationtls._tcp.uk.didata.com Phone edition requires Phone edition requires _ntp._udp._ntp._udp.uk.didata.com uk.didata.com

DNS and CertificatesDNS and Certificates

Access Edge CertificatesAccess Edge Certificates

For PIC a single FQDN of the access edge is given and For PIC a single FQDN of the access edge is given and this is the primary name in cert. eg acp.didata.comthis is the primary name in cert. eg acp.didata.com

Also for @didata.comAlso for @didata.com _sipfederationtls._tcp.didata.com_sipfederationtls._tcp.didata.com _sip._tls.didata.com_sip._tls.didata.com

Now for @uk.didata.com the server offering the Now for @uk.didata.com the server offering the service for _sip._tls.uk. didata.com can NOT be service for _sip._tls.uk. didata.com can NOT be acp. didata.com but must be same domain as acp. didata.com but must be same domain as srv record. Eg sip.srv record. Eg sip.uk.didata.comuk.didata.com. This name . This name needs to be added as a SAN to the certificateneeds to be added as a SAN to the certificate

Example of Edge ServerExample of Edge Server

Cert Assigned to access EdgeCert Assigned to access Edge Acp. didata.comAcp. didata.com

• San sip.uk.didata.com, sip.fr.didata.com etcSan sip.uk.didata.com, sip.fr.didata.com etc

Cert Assigned to web edgeCert Assigned to web edge Web.didata.comWeb.didata.com

Cert Assigned to av egeCert Assigned to av ege Av.didata.comAv.didata.com

Cert Assigned to intranet edgeCert Assigned to intranet edge Edge. didata.com (Can be internal cert. NB HLB etc)Edge. didata.com (Can be internal cert. NB HLB etc)

Example of DirectorExample of Director

When deployedWhen deployed Similar to the access edge role a cert is Similar to the access edge role a cert is

required with typically multiple SANsrequired with typically multiple SANs Primary cert name is that of poolPrimary cert name is that of pool Then for each domain _sipinternaltls._tcp. Then for each domain _sipinternaltls._tcp.

didata.com will point to sip. didata.comdidata.com will point to sip. didata.com _sipinternaltls._tcp.uk. didata.com will _sipinternaltls._tcp.uk. didata.com will

point to sip.uk. didata.compoint to sip.uk. didata.com

Deploying Edge ServersDeploying Edge Servers

Decide on redundancy requirements, dr.Decide on redundancy requirements, dr. Capacity will drive minimum numberCapacity will drive minimum number Co-locate all roles unless a good reason not to Co-locate all roles unless a good reason not to

do sodo so For single edge box it is acceptable to have a For single edge box it is acceptable to have a

NATed AV edge server (public ip)NATed AV edge server (public ip) For load balanced edge boxes the AV edge For load balanced edge boxes the AV edge

public IP must not be NATedpublic IP must not be NATed The intranet IP must never be NATed but must The intranet IP must never be NATed but must

be routablebe routable

Number of IPs requiredNumber of IPs required

Install StepsInstall Steps

Install files, activate, choose roles, Install files, activate, choose roles, account, configure IP and names,account, configure IP and names,

Firewall RulesFirewall Rules

Call Flow and FirewallsCall Flow and Firewalls

Back End SQL Server

Archiving & CDR SQL Server

Internal FirewallA/V Edge

Access Edge / Web Edge

BP1XEUCC010

BP1XEUCC011

OCS PilotXEUOCS01 (VIP)

QOE Server

Client PC DirectorOCS server with no users

1 2 3

6

EMDC 1052

149.184.164.8

External PC to PC Call _ Full Cone FW client side

Client PC 2

4Client FW

Client FW

6

7

5

For a call from an external client to external client the flow is as follows1. Client signals over SIP (5061 Encrypted) to Access Edge2. Access edge over SIP 5061 proxies to the director3. Director forwards to the VIP of the OCS Pool. SIP 50614. Client 2 is notified of call. SIP 50615. One of OCS servers signals A/V Edge over 5062 to allow clients to use STUN6. Both clients use STUN UDP 3478 or STUN TCP 443 to determine IP7. Client PCs establish RTP stream over UDP

SIP _ Encrypted TCP 5061

STUN _ UDP 3478 or TCP 443

SIP _ Encrypted TCP 5062

RTP _ UDP 1024-65535 (Encrypted)

Signalling Media

Directors _ Are they requiredDirectors _ Are they required

No… No… But they are recommendedBut they are recommended

Role Of DirectorRole Of Director

InternallyInternally When multiple pools deployedWhen multiple pools deployed Deterministic Client Connection. Re-directs Deterministic Client Connection. Re-directs

clientsclients Only point where multiple SANs requiredOnly point where multiple SANs required

From OutsideFrom Outside Next hop from access edgeNext hop from access edge Authenticates users before proxying on dataAuthenticates users before proxying on data

Documents

Key Elements to Deploying OCS. Where to Start OCS can seem to require an awful lot of servers _ Edge, Director, Front End, SQL, Monitoring, SQL, Archiving,