Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Add_workflow_for_techpubs
AUTH1UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cb8305e9, userName='null'}
JIRAIDAUTHSYM-24215
REV5UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cb8305e9, userName='null'}
REV6UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cb8305e9, userName='null'}
REV3UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c87d0111, userName='null'}
REV1UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cc5207f0, userName='null'}

 

Warning
titleREAD BEFORE BEGINNING

You must follow these steps completely and in the order shown. Failure to do so increases the risk of node failure.

Panel

In this section....

Table of Contents
maxLevel2

Note

SBC Edge supports new deployment with CCE 2.1.0 in Release 6.1.5.

Before this release, if your CCE auto-updates to CCE 2.1.0:

  • To rerun the step “Transfer Credential from SBC”, it will require Release 6.1.5
  • To rerun the step “Register Appliance”, you need to install .NET4.6.2 using Windows Update.
Info

For details on troubleshooting, see Troubleshooting Cloud Connector 6.1.2.

This page provides a step-by-step procedure for Non High Availability Deployment on SBC Edge CCE.

Multiexcerpt
MultiExcerptNameBeforeYouStart

Before You Start

CCE Deployment Scenarios

The following diagram shows typical CCE deployment scenarios on a PSTN site. The PSTN site is a combination of Cloud Connector instances, deployed at the same location, and with common PSTN gateways pool connected to them. PSTN sites allow you to:

  • Provide connectivity to gateways that are closest to your users.

  • Allow for scalability by deploying multiple Cloud Connector instances within one or more PSTN sites.

  • Allow for high availability by deploying multiple instances of Cloud Connector within a single PSTN site.

 

Caption
0Figure
1CCE Deployment Scenarios



 

Scenario 3 and Scenario 4 are covered in Configuring the SBC Edge for Two CCEs. This document contains steps for Scenario 1 and Scenario 2 deployments.

Multiexcerpt
MultiExcerptNamePreRequisites

Prerequisites

A public domain name prepared and mapped with your Office 365 tenant (for example, "mydomain.com"). See Create an Office 365 Tenant.
An entry on your public domain name that points to the fixed IP address of your SBC Edge (for example, myccesite1.mydomain.com" with an IP address of "nn.nn.mm.nn").

An Office 365 tenant with an E5 license or E3 + Cloud PBX.

You must have the Global Administrator role for your O365 tenant account.

A public certificate authority ready to sign a certificate for the SBC Edge.

Important!  Read the steps outlined in Certificate Requirements at Microsoft Technet.

A properly configured firewall. See Ports and Protocols at Microsoft Technet.

Note
titleMANDATORY!

Latest System Release SBC Firmware and SbcComms Firmware

Important!

  • Refer to the SBC Edge Release Information page for instructions on obtaining the latest firmware.
  • Failure to update to the latest firmware could lead to deployment failure.
  • Make sure to use the latest sustaining release.
Microsoft Cloud Connector Edition image on ASM recovery partition.

Network Settings

For this best practice, Cloud Connector Edition deployment follows the cabling shown below: 

 

Caption
0Figure
1Typical Deployments



Firewall Settings

For this best practice, the Router/Firewall is configured using the following rules: 

Caption
0Table
1Internal Firewall Rules
 Source IP

Destination IP

Source Port

Destination Port

Cloud Connector Mediation component

Internal clients

TCP 49 152 – 57 500*

TCP 50,000-50,019 (Optional)

Cloud Connector Mediation component

Internal clients

UDP 49 152 – 57 500*

UDP 50,000-50,019

Internal clients

Cloud Connector Mediation component

TCP 50,000-50,019

TCP 49 152 – 57 500*

Internal clients

Cloud Connector Mediation component

UDP 50,000-50,019

UDP 49 152 -57 500*


Caption
0Table
1External Firewall Rules

Source IP

Destination IP

Source Port

Destination Port

Any

Cloud Connector Edge External Interface

Any

TCP 5061

Cloud Connector Edge External Interface

Any

Any

TCP 5061

Cloud Connector Edge External Interface

Any

Any

TCP 80

Cloud Connector Edge External Interface

Any

Any

UDP 53

Cloud Connector Edge External Interface

Any

Any

TCP 53

Cloud Connector Edge External Interface

Any

TCP 50,000-59,999

Any

Cloud Connector Edge External Interface

Any

UDP 3478

Any

Cloud Connector Edge External Interface

Any

UDP 50,000-59,999

Any

Any

Cloud Connector Edge External Interface

Any

TCP 443

Any

Cloud Connector Edge External Interface

Any

TCP 50,000-59,999

Any

Cloud Connector Edge External Interface

Any

UDP 3478

Any

Cloud Connector Edge External Interface

Any

UDP 50,000 - 59,999



Caption
0Table
1Host Firewall Rules - Internal or External Access
Source IP Destination IPSource PortDestination Port
ASMAnyAnyTCP 53
ASMAnyAnyTCP 80
ASMAnyAnyTCP 443

Multiexcerpt
MultiExcerptNameDNSSettings

DNS Settings

Make sure that CCE FQDN is resolving to the

Spacevars
0product
Public IP address. To do so, login to your DNS server and create the relevant entries.

 

Preparing Your Node

Preparing the
Spacevars
0product
for Initial Setup

Update the

Spacevars
0product
firmware to the latest released version.

Note
  • Ensure the Node FQDN is definitive. Changing this information requires the CCE to be redeployed.
  • Ensure that an NTP server is configured.

Sonus recommends starting with a clean and empty configuration.

Caption
0Figure
1Ensure That the Node FQDN is Correct

Info

Optionally, if you want to configure a secondary 

Spacevars
0product
in your environment, make sure to have the secondary 
Spacevars
0product
network interface configured accordingly to be able to reach out to the internal company network (corporate network).

Preparing the ASM

If your ASM have been used before, you should re-Initialize it now. Refer to Re-Initializing the ASM for details.

Confirm that the ASM is ready to deploy the Cloud Connector Edition. To do so:

StepAction
1Login to the WebUI of the SBC Edge.
2Click the Task tab and then select Operational Status.
3Verify the following:
  • ASM board Status is Up.

  • Service Status is Running.

  • The service version (SBC Communications Service) is the most recent version. If it is not, update it by following the steps in Installing an ASM Package.

Caption
0Figure
1Operational Status

 

After you update the ASM, change its Admin Password.

StepAction
1Login to the WebUI of the SBC Edge.
2Click the Settings tab and then click Change Admin Password.
3

Enter and confirm your new password and then click OK.

Caption
0Figure
1New Admin Password

Deploying the CCE

Deploying the CCE  on the

Spacevars
0product
consists of two steps:

Configuring the CCE using the SBC Edge WebUI

 

Warning

Anchor
ConfiguringtheCCEthroughtheWebUI
ConfiguringtheCCEthroughtheWebUI
Configuring the CCE Through the WebUI

ASM Config

StepAction
1

Login to the WebUI of the SBC Edge.

2

Navigate to Tasks  > Setup Cloud Connector Edition.

3

Click the ASM Config tab and configure/verify the Network and IP settings of your ASM.

4

Click Apply. After receiving the activity status as successfully completed, click the Generate CSR tab.

Caption
0Figure
1ASM Config

Generating the CSR

This process is required only if you don't have a public certificate for your deployment. If you already have a certificate, proceed to Import Certificate.

 

StepAction
1Login to the WebUI of the SBC Edge.
2

Navigate to Tasks > Setup Cloud Connector Edition > Generate CSR.

3

Generate the CSR as shown below with following information. To ensure creating a valid CSR for Cloud Connector Edition usage, please see the section "Certificate requirements" on https://technet.microsoft.com/en-us/library/mt605227.aspx .

4Copy the CSR from the lower pane of the Generate CSR page and save it as a .txt file.
5After the CSR is signed by the Certificate Authority and you receive the PKCS7 Certificate file, continue the wizard by clicking on Import Certificate tab.

Caption
0Figure
1Generate CSR


 

 

Anchor
ImportCertificate
ImportCertificate
Importing Certificate/Keys

StepAction
1Login to the WebUI of the SBC Edge.
2

Navigate to Tasks > Setup Cloud Connector Edition and then click the Certificate and Key tab.

3

Click the Action drop-down list and select the appropriate option:

  • Import X.509 Signed Certificate. If you generated a Certificate Request (CSR) on the previous step, select the Import X.509 Signed Certificate option, and paste the BASE64 certificate in the text box.
  • Import PKCS12 Certificate and Key. If you prepare your certificate by yourself, select the Import PKCS12 Certificate and Key option, enter a password and select the relevant certificate file.
  • Export PKCS12 Certificate and Key. To export a certificate, select ExportPKCS12 Certificate and Key and enter a password.
  • Import PKCS7 Certificate Chain. Select the Import PKCS7 Certificate Chain option, and select a file.
4

Click OK.

5

After receiving the activity status as successfully completed, click on Configure CCE tab.

Configuring the CCE

StepAction
1Login to the WebUI of the SBC Edge.
2Open the Tasks tab and click Setup Cloud Connector Edition in the navigation pane.
3Click the Configure CCE tab.
4

Configure all necessary information and then click OK. All the pre-configured fields are valid as is, and recommended by Sonus. These fields may be edited, but all entries must meet Microsoft requirements.

Warning

If the deployment environment consists of multiple-site with a single certificate or a wild card certificate, ensure the CCE Site Name and the Edge Server Public Hostname are correct before proceeding.

5 After receiving the activity status as successfully completed, click the Prepare CCE tab to continue.


Caption
0Figure
1Configure CCE

 

Preparing the CCE
Anchor
Preparing the CCE
Preparing the CCE

StepAction
1Login to the WebUI of the SBC Edge.
2Open the Tasks tab and click Setup Cloud Connector Edition in the navigation pane.
3Click the Prepare CCE tab.
4

Click the Prepare CCE button. A confirmation will request you to enter the password again for the new password. Only the Tenant credentials are already existing. Click OK as shown below.


Caption
0Figure
1Prepare the CCE

 

Info

If you receive this error message:

Code Block
Additional Information: Got an exception deploying CCE: Certificate Chain is broken. Root and Intermediate Certificate needs to be imported on ASM Operating System: A certificate chain could not be built to a trusted root authority.

...refer to Manually Loading the Root and Intermediate Certificates on the CCE

 

Activating the CCE

This step stores the two Microsoft product keys, and activates the CCE VM (which is not yet activated).

Info

The CCE requires four VMs; each Microsoft Product Key activates two VMs.

StepAction
1Login to the WebUI of the SBC Edge.
2Open the Tasks tab and click Setup Cloud Connector Edition in the navigation pane.
3Click the Activate CCE tab.
4

In Domain Controller and Central Management Store VM > Windows Product Key 1, enter the first Microsoft Product Key. To identify the Product Key, see Identify Microsoft Product Key.

5In Under Mediation Server and Edge Server VM Windows Product Key 2, enter the second Microsoft Product Key.To identify the Product Key, see Identify Microsoft Product Key.
6Click Activate.
7
8

To complete the deployment, continue with installing the CCE Appliance using the Sonus Cloud Link Deployer. 

Caption
0Figure
1Activate the CCE

 

Info
titleIdentify Microsoft Product Key

Anchor
ProductKey
ProductKey
To identify the Microsoft Product Key:

  1. Access the bottom of the SBC unit and locate the two Microsoft Certificate of Authenticity stickers.
  2. Locate the Microsoft Product Key for each.

    Sample Microsoft Certificate of Authenticity Sticker
Info
titleActivation - Troubleshooting Tips

Anchor
Troubleshooting
Troubleshooting
If activation fails, check the following:

  • If access to the Microsoft Server fails, verify IP and Firewall configuration. 
  • Verify each Product Key has not reached the allowed limit of 15 activations.
  • Verify correct entry of the Product Key.

Anchor
CCEAppliance
CCEAppliance
Installing the CCE Appliance using Sonus Cloud Link Deployer

 

Note
titleCCE Deployment - Using a Proxy on the ASM Host

If you plan to use a proxy on the ASM Host to reach Office 365, you must add the Management network (192.168.213.0) into the exclusion list and specify proxy settings per machine rather than per user.

Note
titleCCE Deployment - What to Expect
  • The CCE deployment may exceed two hours.
  • The CCE deployment status is visible only on the Remote Desktop to the ASM. The WebUI indicates that the CCE is running while the deployment process is in progress.
  • While the CCE deployment is running, you should not perform any actions on the ASM via the WebUI (i.e., Shut Down/Reset/Reboot/Reinitialize/Install etc.).
  • If the Office 365 PSTN Site already exists in your tenant, ensure the other Appliance is removed, and the CCE Auto-Update time window is properly configured. If you are in a time window dedicated to the Auto-Update, you should use the command Set-CsHybridPSTNSite to set EnableAutoUpdate to $False. Replication of the information may take up to 30 minutes.
StepAction
1Remote desktop to the ASM system.
2Launch the Sonus Cloud Link Deployer from icon on the desktop.
3Check the first three actions:
  • Transfer Password from SBC: This step imports the password that has been set during the Preparing the CCE.
  • Register Appliance: This step registers this new appliance on your Office365 tenant.
  • Install Appliance: This step deploys the CCE.

Select Apply.

Caption
0Figure
1Sonus Cloud Link Deployer

 

Integrating the SBC Edge With Cloud Connector Edition

After the CCE is deployed, integrate the  Sonus SBC Edge and allow calls from/to O365 clients. In this example, the following steps will set up the Sonus SBC Edge for:

 

SIP Provider (NNN.NNN.NNN.NNN) – SBC Edge (NNN.NNN.NNN.NNN)  – CCE (mediation Server: NNN.NNN.NNN.NNN) – O365 Cloud

 

Build your SBC configuration

StepAction
1Login to the WebUI of the SBC Edge.
2Click the Tasks tab, and then click SBC Easy Setup > Easy Config Wizard in the navigation pane.
3

Follow steps 1, 2, and 3 as shown below and then click Finish.

 

4

 Click OK on the next two popups to complete the setup.

5

 The wizard configures the necessary settings for the single SBC Edge and CCE integration. Relevant configuration items are shown in the Settings tab below:

 

 

Build your Second SBC Configuration (Optional)

StepAction
1Login to the WebUI of the Secondary SBC Edge.
2Click the Tasks tab and then run the Easy Config.
3

The preceding step will configure the Secondary SBC Edge with the appropriate configuration items.

Multiexcerpt
MultiExcerptNameBasicCallVerification

Basic Call Verification after CCE Deployment and
Spacevars
0product
Integration

With the preceding settings, an endpoint from the SIP provider side can dial the number of a Skype For Business (O365) client and reach out to it over

Spacevars
0product
. The call flow for this call is shown below:

 

 

Caption
0Figure
1Call Flow

Similarly, a Skype For Business (O365) client can dial the number of an endpoint off of ITSP and reach out to it over

Spacevars
0product
. The call flow for this call is shown below:

 

Caption
0Figure
1Call Flow

Multiexcerpt
MultiExcerptNameO365KnownIssues

O365 Known Issue and Workarounds for CCE

Redeploying the CCE

Note

Configuration changes to the CCE in the WebUI per Tasks > Setup Cloud Connector Edition> Configure CCE requires the CCE to be re-deployed.

Info

Backup the Public Certificate per Tasks > Setup Cloud Connector Edition> Import Certificate.

Clean Office 365 Tenant

If the CCE was previously deployed, previously installed information must be cleared in O365. To do so, follow the steps below:

StepAction
1Remote Desktop to the ASM system
2

Connect the Office365 Tenant through a series of commands as follows:

a. Execute the following command:

Import-Module skypeonlineconnector
$cred = Get-Credential
b. When prompted, execute the credentials for O365 Admin Tenant.
c. Execute the following command:
$Session = New-CsOnlineSession -Credential $cred -Verbose
Import-PSSession $session
3Display all the Appliances assigned to your tenant, identify the Appliance you just re-initialized, and copy the identity into your clipboard.

Get-CsHybridPSTNAppliance

4

Execute the following command to remove the appliance:

Unregister-CsHybridPSTNAppliance -Identity <paste the identity here> -Force

5

Execute the following command to verify that the appliance has been removed:

Get-CsHybridPSTNAppliance

6

This completes the cleanup.

Re-Initializing of the ASM

The ASM must be re-initialized with the image that contains the latest CCE software. To do so:

StepAction
1Login to the WebUI of the SBC Edge.
2Click the Task tab, and then click Reinitialize in the navigation pane.
3

Select the appropriate image from the drop-down list and then click Apply.

Manually Managing the CCE Configuration File

Editing the CCE Configuration File

The “.ini” file is the configuration of the Microsoft CCE (Cloud Connector Edition) running on the ASM. The contents of the ".ini" file must be as defined by Microsoft. From the Configure CCE panel, the Raw INI Config drop-down list enables you to edit, export, or import the ".ini" file.

 Working with the ".ini" file allows you to provision multiple CCEs in a similar manner. Once you configure a CCE, you can export the ".ini" file, modify it for the second system, and then import the CCE. This procedure can then be repeated for the third system, etc. Also, backing up the SBC configuration and CCE configuration helps recover faster in the case of lost data.

 

 StepAction
1After receiving the activity status completion message, click the Click to re-configure CCE application button.
2Click OK on the popup.
4

Click the Raw (INI) Config drop-down list, select Edit. Configurable fields are displayed for editing. Modifications to the CCE configuration requires redeployment of the CCE VM, and this action takes approximately two hours.

Note: The example uses AEPSITE2 for the these attributes.

5

After verifying the information click OK.


Importing and Exporting the CCE Configuration File

Step
Action
1.

After receiving the activity status completion message, click the Click to re-configure CCE application button.

2.Click OK on the popup.
3.

From the Raw (INI) Config drop down list, select Import or Export.

  • Export. Exports the .ini file.
  • Import. Imports the .ini fil


Updating the CCE Password

Follow these steps if you need to update the O365 tenant admin password or account.

 

StepAction
1

On the WebUI, click Tasks and select the Prepare CCE tab (see Preparing the CCE). 

2Click Prepare CCE.
3

From the Password Setting drop down list, select Change Password. Keep the same passwords for the Edge Server, CCE Service and CA Backup File, but change the passwords for Tenant Account User and Tenant Account Password.

4On Remote desktop, start the Sonus Cloud Link Deployer, and check Transfer Password from SBC to reset the credentials.

Pagebreak