cloud connector configuration guide with sonus cloud link

Skype for Business

Hybrid Voice

Cloud Connector Edition Configuration Guide of Sonus Cloud Link

Version 1.2

© 15.01.2017, Thomas Poett, MVP Office Servers and Services

(Skype for Business) - Version 1.2

Contact: http://lyncuc.blogspot.com

http://lyncuc.blogspot.com/

https://mvp.microsoft.com/en-us/mvp/Jasper Brekelmans-5001356

Table of Contents Table of Contents .................................................................................................................................... 2

Introduction to Cloud Connector Edition ................................................................................................ 5

CCE Planning and Configuration Guide .............................................................................................................. 5

CCE Voice Routing with Multi-site (Generic) ...................................................................................................... 5

CCE Network Switches in Hyper-V...................................................................................................................... 7

Generic Sonus CCE Appliance (Sonus Cloud Link) Setup .................................................................................... 8

Advanced Features ........................................................................................................................................ 9

Network Setup ............................................................................................................................................. 10

Generating the CSR and Import Certificate ................................................................................................. 10

Configuring the CCE ..................................................................................................................................... 11

Scenario-based Infrastructure .......................................................................................................................... 12

System, MPLS and Connectivity Infrastructure ........................................................................................... 13

CCE Appliance Infrastructure ....................................................................................................................... 15

Logical Infrastructure ....................................................................................................................................... 17

DNS .............................................................................................................................................................. 17

External Certificates .................................................................................................................................... 19

Internal Certificates ..................................................................................................................................... 20

Firewall Port Configuration ......................................................................................................................... 21

Configuration Guide for Users, Dial-Plans, Voice Routes and PSTN Usage ........................................... 22

Connect to MSOnline ....................................................................................................................................... 22

Connect to Skype for Business Online .............................................................................................................. 22

Management Guide for Users .......................................................................................................................... 23

Reading and Writing User Information and Settings ....................................................................................... 23

Configuration Guide for Cloud Connector on Sonus Appliance ............................................................ 24

Cloud Connector Configuration Data Definition .............................................................................................. 25

Configuration Data Definition APSITE1 (Malaysia) ...................................................................................... 26

Configuration Data Definition APSITE2 (Germany) ..................................................................................... 27

Cloud Connector Configuration Files (CloudConnector.ini) ........................................................................ 28

Configuring the Sonus Appliance ..................................................................................................................... 35

Sonus Appliance Setup – Germany Site ....................................................................................................... 35

Sonus Appliance Setup – Malaysia Site ....................................................................................................... 48

Sonus Session Border Control Configuration Numbering (Normalization) ...................................................... 59

Normalization – CCE Deployment Overview ............................................................................................... 59

Normalization – Configuration .................................................................................................................... 60

Normalization – Germany Site (Munich and Toronto) ................................................................................ 61

Normalization – Malaysia Site (Kuala Lumpur) ............................................................................................ 63

Normalization – Incoming from SIP Trunk (Summary) ................................................................................ 69

Setting Up the Contact Center Connections ................................................................................................ 70

Configuring Office 365 ...................................................................................................................................... 75

Establishing a Skype for Business Online Session ............................................................................................. 77

Creating a Hybrid PSTN Site ............................................................................................................................. 78

Managing Hybrid PSTN Users ........................................................................................................................... 79

Assigning a Hybrid PSTN Site to Users ......................................................................................................... 79

Assigning Voice to Users (Cloud PBX) .......................................................................................................... 79

Assigning On-premises Phone Numbers to Cloud PBX Users ...................................................................... 82

Testing All Configurations and Connections ................................................................................................ 85

DialPlans With CCE in Office 365 ................................................................................................................. 91

Commandlets for Online Configuration ................................................................................................ 92

Dial-in Conferencing Commandlets ............................................................................................................. 92

E911 and Location Information Service (LIS) Commandlets ........................................................................ 92

Skype Meeting Broadcast Commandlets ..................................................................................................... 92

PSTN Calling Commandlets .......................................................................................................................... 92

Hybrid PSTN Site and User Commandlets ................................................................................................... 93

Internet Protocol (IP) Phone Commandlets ................................................................................................ 93

Reporting Commandlets .............................................................................................................................. 93

Online User Commandlets ........................................................................................................................... 93

Cloud Connector INI File Parameters .................................................................................................... 94

Special Thanks

To my wife Jau Dih: I very much appreciate her compassion towards me, and allowing me to spend a lot of our private time making this Sonus CCE Guide possible. I owe her more than a big kiss and hug.

To Adrien Plessis (Sonus): Adrien helped me tremendously with the Test Lab setup, scenario-based configuration, guidance on the early deployment, and access to the Sonus SBC 2000 CCE. He also personally supported me a lot, helping me become an expert on Sonus gateways. And a special thanks for spending an entire weekend preparing the CCE VM base setup.

To Michael Reckert and Daniel Furrer (Sonus): For the valued contact they established with Adrien, and convincing him to support this activity.

To all my Westcon workmates: For their valued feedback and support, and making Westcon a valued Sonus distributor. And thanks for sharing our technical and logistical knowledge with all Microsoft partners and other potential resellers.

Version History

Version Comment Date

Version 0.9 Released without the Sonus Appliance April 12th 2016

Version 1.0 Released without the Sonus Appliance August 20th 2016 Version 2.0 Interim Version:

Cloud Connector Edition - Hybrid Voice Guide - Version 2.0 December 12th 2017

Version 1.1 Admin Guide based on Sonus 1k/2k Cloud Link Appliance

November 29th 2016

Version 1.2 Added PowerShell provide CCE installation, change to several cmdlets

January 15th 2017

Introduction to Cloud Connector Edition

CCE Planning and Configuration Guide

In a previously released document, the technical requirements, planning approach and

configuration scenario for Hyper Voice PSTN sites was described. In it, a free Ebook download

(Cloud Connector Edition - Hybrid Voice Guide - Version 2.0) was offered for more detailed

information. If you have not yet, please download and read this guide to gain the knowledge

required for this technical configuration guide.

The download is at Cloud Connector Edition - Hybrid Voice Guide - Version 2.0

CCE Voice Routing with Multi-site (Generic)

Cloud Connector Edition with Cloud PBX in Microsoft Office 365 does not support:

The CSVoiceRoute commandlet

Least cost routing

Destination routing

The question might be asked, “How can we use different CCE sites with different PSTN breakouts

assigned?” The answer is, by utilizing a simple two-site deployment that allows replicating the

configuration to larger designs with N-Sites.

For the examples that follow, there will be two locations. The first in Munich, Germany, and the

other in London, UK. Both sites have their own dedicated PSTN breakout. It will not matter if the

connection to the PSTN gateway is via an ISDN/PRI, or an SIP Trunk line. However, there can be a PBX

behind the local site gateway.

If Media Bypass is not available, the user can connect to the customer’s LAN, and the connection to

the Mediation Server can be direct if firewall rules allow this path. In this scenario, the users connect

over the Internet.

PSTN-based calls can generally flow in two directions, from PSTN -> Cloud PBX user, or from the

Cloud PBX user -> PSTN. The simplest call flow is the incoming call from PSTN -> Cloud PBX.

Every CCE has a direct connection/path to the Microsoft Office 365 Skype for Business online

platform. Therefore, every incoming call will be signalized to the Cloud PBX directly. There are no

other logical or technical considerations.

It is much different for outgoing calls. There must be a mechanism to determine the destination each

call should route to, and in this example it would be either Munich or London. The call flow for

outgoing calls is illustrated below, showing the SIP signaling and the media path. Keep in mind that

signaling starts before the media.

Assume there are two users, User A and User B.

https://gallery.technet.microsoft.com/office365/Cloud-Connector-Edition-e20a0981

User A is associated with Germany

User B is associated with Malaysia

The first CCE Site is called “Germany”

The second CCE Site is called “Malaysia”

The following diagram describes a CCE Multi-site deployment, and shows the outgoing call flow for

the users associated with the different CCE sites.

On Premise (SITE MUNICH)

PSTN

User

Cloud Connector Edition VMs

Office 365 including Skype for Business Online (E5 Plan)

CloudPBX

Online Users

MEDIA

SIP Signaling

On Premise (SITE MALAYSIA)

User


User A /Site GermanyCall to:+49 89 123456789

CCE

Edge

DC and CA CMS

Mediation

CCE

Edge

DC and CA CMS

Mediation

User B /Site MalaysiaCall to:+49 89 123456789

New-CsHybridPstnSite -Identity GERMANY -EdgeFQDN

EDGEDE01.SIPDOMAIN.COM

New-CsHybridPstnSite -Identity MALAYSIA -EdgeFQDN

EDGEUK01.SIPDOMAIN.COM

Set-CsUserPstnSettings -

Identity UserA -

HybridPSTNSite GERMANY -

AllowInternationalCalls

$true

Set-CsUserPstnSettings -

Identity UserB -

HybridPSTNSite MALAYSIA -

AllowInternationalCalls

$true

EDGEMY01.SIPDOMAIN.COM

MEDIA

SIP Signaling

EDGEDE01.SIPDOMAIN.COM

SIP PBX orProvider Gateway


Interestingly, and not surprisingly, calls will always flow through the CCE site the user is associated

with. This is because voice routes cannot be defined with a Cloud PBX or a CCE. In addition, as long as

the CCE local setup can recognize the incoming call, it will be sent to the Cloud PBX, which–through

Reverse Number Lookup (RNL)–knows which user should be addressed. Normalization for this

incoming call scenario can be provided on the PSTN/SIP Trunk gateway.

The next section is a guide through the Cloud PBX site setup and user site assignment.


Edge

DC and CA

CMS

Mediation

CCE HOST

Facing Internetinternal

external Facing CCE VMs

VM environment

ISO to VDHX

Conversion store

On local host

SfB

CC

E C

orp

net

vLA

N

DM

Z2D

MZ2

SfB CCE Internet vLAN DM

Z1D

MZ1

SfB CCE Internet Switch

192.168.219.0SfB CCE Management Switch

(temporary)

VM Remote Desktop

SfB CCE Corpnet Switch

192.168.100.119 Temporary BaseVMIP for

ISO2VHDX conversion and

dad Windows update's

CCE Network Switches in Hyper-V

Central to the CCE image installation is the ISO -> VHDX conversion. This process generates the VM,

including dedicated disks. The Windows Server ISO image is taken from local storage (HDD) and a

Windows Update process is required before generalization can occur. This is done via a temporary IP

address that is assigned to the SfB CCE Corpnet Switch, but to use a temporary IP address from the

BaseVMIP parameter, a Windows update may be required.

In total, there must be three virtual switches in Hyper-V:


Corpnet enables VMs to access each other–that is, all VMs on the same host–and allows RDP into the

VM. It also allows Skype for Business Clients to connect to the Mediation Server, and connects the

Mediation Server to the PSTN gateway. This switch requires an Internet connection for Windows and

SfB updates.

SfB CCE Management Switch

The management switch provides temporary network connectivity to host and VMs during VM

deployment, and will be disconnected after provisioning. The Management IP Address Prefix MUST

be configured as a different subnet from other internal IPs. The network is an “internal” host only

network switch.


This switch is only used for external edge access to the DMZ1, which is Internet-facing.

Generic Sonus CCE Appliance (Sonus Cloud Link) Setup

The platform for the new Sonus Cloud Link CCE Appliance is the well-known Sonus 1000 and 2000

series. To install and run the CCE Appliance software, an Application Solution Module (ASM) board–

which has the recommended hardware and capability to run the virtual machines–is required. A full-

blown Windows Server 2012 R2 also needs to be installed, along with Hyper-V. Some points to

consider during setup are:

Microsoft Cloud Connector Edition is software that provides PSTN connectivity through

Office 365

– Packaged VMs are installed on the customer’s hardware

– Cloud PBX users are able to use on-premises PSTN

– There is supports for up to 500 concurrent calls

No IM, conferencing, or other local functions

– Users log in and are homed to Office 365

– WAN resiliency is vital to avoid potential downtime

– Sonus SBC will host embedded CCE on ASM (2H2016)

PSTN connectivity and survivability are provided by Sonus SBC via:

– SIP

– ISDN PRI

– Analog

http://www.sonus.net/solutions/microsoft-solutions/sonus-cloud-link-for-microsoft-cce

To ensure appliances have the maximum required level of security, Sonus built in the following:

Updated ASM

– State of the art CPU and memory

– Windows Server 2012 R2 Standard

– CCE application/Setup Wizard

True appliance model

– Firewalled off from the network

– No Internet Explorer, IIS or Windows networking

– Managed like an appliance, not a server

Internal Ethernet connection

– Configuration of IP address via SBC GUI

Advanced Features

CCE includes an important new feature that deserves to be highlighted. If a call runs through the

SBC/GW, the call can be identified and associated by the caller or call recipient. Once identified, the

Rich Presence to those users can be updated. This feature is helpful and provides the best user

experience possible, especially when–during a PBX migration and Office 365 users have not yet

migrated to Enterprise Voice–phone calls must still route through legacy PBX systems.

ASM

CCE “Bits”

Windows Server 2012 R2

SBC/GW

Firewall/SBC Ethernet

Office 365 Microsoft Office and

Exchange

PSTN

SIP ISDN Analog

Simplified CCE setup–which is key to fast deployment–is achieved through the new wizard, which

collects the required setup information for CCE implementation.

Network Setup

The first step defines the ASM and the Windows Server host setup.

Note:

The host needs Internet access in order to load the CCE Appliance, and also to receive updates

directly from Microsoft.

Generating the CSR and Import Certificate

The CCE Edge Server VM requires a public certificate to communicate with the Office 365

infrastructure.

Creating the CSR request is fast and easy because the included wizard will generate or import

whatever is required into the CCE setup process.

You can either us the generate CSR and paste the certificate answer file or you can import an existing

certificate including a private key. The imported certificate requires a password.

Configuring the CCE

Configuring the CCE with its INI files can be quite complex (see the subsection Network and

CloudConnector.ini on CCE Site under the Configuring the Sonus Appliance section) but with the

included wizard it is simple and straightforward.

All that is needed are the external IP addresses for the Edge Server VM, and compliance with the

general setup of an on-premises Edge Server. Since the Edge Server IP address is the most NATed IP

address in both the internal DMZ as well as the Edge Server external public IP, it will the IP address

assigned to the firewall. This also includes external network connections, where the firewall acts as

the Internet gateway.

Some points of interest regarding Deployment Type and CCE Internal Network Type:

A CCE can be built with up to four systems in parallel over time

As of the writing of this guide, an appliance can support a high-availability (HA) solution

with two systems

This limitation is due to setup script complexity, and future updates will address this

The Deployment Type setup will be Standalone or HA (Master and Slave)

Infrastructure Definition of Cloud Connector Edition

Scenario-based Infrastructure

Suppose there is a customer in Germany who is interested in Office 365 with the E5 plan. They want

to utilize Office 365 with Cloud PBX as much as possible, but their internal contact center, along with

certain applications requiring PSTN connectivity, are preventing the move to the cloud entirely (PSTN

calling service).

Adding to this challenge are two subsidiaries, one in Malaysia and another in Canada. In Canada,

there is a sales office with less than 10 employees in the office, and five home office workers. Home

office work is also a future goal for Germany, but not Malaysia. In each location, the sales staff have

shared office space, but 75% of the time they are out of the office. The MPLS connection between

Germany and Malaysia is approximately 140 ms, but between Germany and Canada a ping round trip

was measured at less than 50 ms. QoS is activated for SIP traffic on the local LAN as well as the MPLS.

The customer has an MPLS between all three locations. The profiles for the three locations look like

this:

Munich, Germany

Users: 1500

Country code: +49

Area number: 89

Number block: 561234-100/999

Contact center: 561235-0/09 needs to be routed via SIP on the gateway

PSTN break out: Central SIP Trunk covering Germany and Canada

Kuala Lumpur, Malaysia

Users: 100

Country code: +60

Area number: 3

Number block: 30901-100/199

PSTN break out: SIP Trunk covering Malaysia

Toronto, Canada

Users: 50

Country code: +1

Area number: 416

Number block: 406-1000/1099

No PSTN break out: SIP is on the same SIP Trunk in the Germany location physical

infrastructure

Based on the locations and telephony requirements above, the physical infrastructure would require

matching the scenario-based assumption.

System, MPLS and Connectivity Infrastructure

Two Sonus CCE Appliances (SBC 2000 CCE) would be required, one in Germany and one in Malaysia. They would connect over the Internet to Office 365, with

the Cloud PBX feature enabled. Additionally, there would be two PSTN breakouts (SIP Trunks) per location, each with an applied CCE Appliance. Canada would

use the MPLS network, connecting directly to the Sonus SBC in Germany, which is where the Canadian phone numbers terminate via the allocated SIP Trunk.

Logical infrastructure scenario with Express Route Setup

The setup would be identical to the Internet connection-based setup–unlike with the MPLS approach–where now the Sonus CCE Appliance connects to the CCE

component directly with Office 365. There is no need to look any further into this setup since the Azure Express Route has requirements that are not crucial for

the general understanding of Cloud Connector Edition deployment. So, for the sake of simplicity and to ensure better understanding, the Contact Center is

removed from the following illustration.

CCE Appliance Infrastructure

Hardware and other components involved in the Cloud Connector installation are delivered during

the setup of the Hyper-V virtual machines (VM). Each VM contains a featured server role from Skype

for Business. Microsoft provides a download that will unpack itself and start deploying VMs. Once the

deployment has started, unattended setup will do everything else for you, from installing and

configuring the VMs–including the VM network–as well as the Domain Controller, AD and the Skype

for Business components.

It is important to ensure high quality and reliable networks, and while Azure ExpressRoute is no

longer recommended, it does offer clear advantages. The same applies to the internal network, so

careful planning is crucial; consider where the SfB client is located, and how the client will connect to

the Mediation Server.

Facilities can also run their own ACP to offer personal conferencing dial-in numbers on their CCE.

Audio is sent from the Skype for Business Online conferencing MCU directly to the CCE, but the QoS

must be integrated throughout the network, including the Office 365 tenant.

Note:

A minimum of two PSTN Gateways (CCE Appliances) are recommended for redundancy.

Sonus Cloud Link (CCE Appliance)1

Sonus Cloud Link integrates Skype for Business Cloud Connector Edition in a single, flexible and

secure appliance that reduces the CAPEX associated with server hardware and software procurement

and implementation. Sonus Cloud Link also preserves existing PSTN connectivity, supports legacy

PBXs and analog devices and provides an enterprise-wide legacy dial plan, as well as Active Directory

dial plan integration. This helps customers migrate to Office 365 Cloud PBX at their own pace while

avoiding disruption caused by the cutover.

Sonus Cloud Link is an integrated appliance solution that combines Sonus’ award winning SBC 1000

and 2000 session border controllers. These run embedded Microsoft Skype for Business Cloud

Connector Edition software which connects directly into the Office 365 Cloud PBX feature.

Cloud Link features include:

Sonus Cloud Link Support for up to 500 concurrent Skype for Business Cloud Connector

Edition managed calls in a single, secure, 1U appliance

Up to four appliances for scalability and high availability (Microsoft has a limit of 1,500

concurrent calls per CCE pool)

Easy-to-use Web GUI Setup Wizard for rapid provisioning and management

Sonus based Call Admission Control (CAC)2 to deny excessive calls based on session

establishment rate per trunk group

Advanced call routing features such Active Directory integration, Lightweight Directory

Access Protocol (LDAP) server routing integration, onboard call forking which “forks” a single

call from any source to up to eight unique destinations (including legacy PRI/FXS/FXO/BRI-

based endpoints), and other flexible routing options

Seamless integration with existing enterprise telephony infrastructure

Interconnects Skype for Business Cloud PBX to SIP, TDM and analog PSTN-bound trunks to

support on-premises Service Provider connectivity with a wide variety of SIP and legacy port

interfaces

1 Sonus Cloud Link for Microsoft CCE webpage 2 This CAC is not in Skype for Business; it is implemented on the Sonus Cloud Link only. At the point of writing this guide, CAC is not available in SfB Online.

http://www.sonus.net/solutions/microsoft-solutions/sonus-cloud-link-for-microsoft-cce

Logical Infrastructure

DNS

DNS access is required externally for the Access Edge Server and the Media Relay (Audio); video is

not implemented for local breakouts. The internal CCE servers must resolve internal DNS names and

the Access Edge component via external DNS. Therefore, the Access Edge should resolve DNS

externally and have a host file (C:\Windows\System32\drivers\hosts) for internal DNS resolution.

Note:

The onmicrosoft.com DNS suffix external tenant is not supported.

SIP.<sipdomain> for any CCE is not supported, it is reserved for the Office 365 Access Edge.

External DNS entries for CCE (also used for certificates):

Access Edge: e.g., access.sipdomain.com CCE Site (x) Access Edge

SIP domain: e.g., sip.sipdomain.com Office 365 Access Edge

DNS Record for sonusms01.com

Record Type

Setting Comment

CCE Site A

Accesspool A 123.123.123.1 IP of Access Edge, Single CCE SITE or Site A

mr01 A 123.123.123.2 Not required to be set (mr can be the same IP as Access Edge

CCE Site B

accesspool02 A 12.123.123.1 IP of Access Edge, Multi CCE SITES, e.g. Site B

mr02 A 12.123.123.2 Not required to be set

Office 365

sip CNAME sipdir.online.lync.com

lyncdiscover CNAME webdir.online.lync.com

_sip.tls SRV 100 1 443 sipdir.online.lync.com

_sipfederationtls.tcp SRV sipfed.online.lync.com

Note:

Media Relay is not required in the certificate. The MRAS service will issue its own certificate for

media encryption. Therefore, a DNS Record is not required too and optional.

The MR can have its own IP Address, but is neither required nor a good advice.

DNS Access queries in CCE

All internal VMs will query the CCE AD DNS installed automatically on the DC VM.

The Edge Server VM, has a an host file install for internal DNS and uses any external “public” DNS

Server for Internet related queries, as for the Office 365 tenant.

Mediation

Edge

DC and DNS

CMS

Cloud Connector Edition Setup (DNS)

INTERNETHOSTS

Note:

All other DNS records necessary for the internal and external (Internet) networks remain unchanged

for Office 365 deployments.

Note:

During CCE installation is might be required setting the internal DNS (AD) pointing to an external

system.

External Certificates

Notes:

A CN starting with SIP.<domain> is not supported with others than wildcard certificate. SIP is a

placeholder for access edge client logins.

It is possible to use a single certificate for all CCE sites, as long the other sites are listed with their

fully qualified domain name (FQDN) in the SAN entries.

Single CCE Site

In addition to the DNS entries, publicly-signed SAN certificates are also required:

SN/CN accesspool.sonusms01.com Single CCE SITE

SAN accesspool.sonusms01.com

SAN sip.sonusms01.com

Note:

Single CCE site deployment is similar to the well-known on-premises deployments for Edge Servers;

the principals are identical. That is, if an Edge Pool is used, the external Pool Name must be

addressed with HLB or DNS LB, but if it is a single server, only the server name is needed.

Multi-Site CCE Site with Shared Certificates

Multiple CCE Sites can be registered with Office 365:

SN/CN accesspool.sonusms01.com

SAN accesspool.sonusms01.com CCE Site 1

SAN accesspool01.sonusms01.com CCE Site 2

SAN sip.sonusms01.com

Wildcard Certificates

Wildcard certificate are support.

SN/CN name.sonusms01.com It can be sip.* too in this case

SAN sip.sonusms01.com 1

SAN *.sonusms01.com Wildcard

SAN xx Any other SAN

Notes:

Wildcards are supported as sn=sip.sipdomain.com, san=sip.sipdomain.com + san=*.sipdomain.com.

Microsoft also supports sn=*.sipdomain.com, san=sip.sipdomain.com + san=*.sipdomain.com.

Internal Certificates

All internal servers–including the Domain Controller–require certificates, which can be either private

certificates or externally signed.

Typically, a CA is installed using the CCE automated setup, and the certificate can be generated

automatically based on the CA

The “Member Servers” are in a joint domain joint with the CCE Active Directory Forest

Root Certificates are propagated automatically, but with the Edge component, you have to

import the Root Certificate for the internal site of the Edge

CMS VMs (primary or backup) require a default certificate with server FQDN as the subject name.

Mediation Server VMs require a default certificate with the Mediation Server Pool FQDN as the subject name. A single certificate can be used across all mediation server VMs, or each VM can use its own certificate, as long as they all have the pool FQDN in the subject name.

Edge VMs require an internal certificate with the Edge Server internal pool FQDN as the subject name. A single certificate can be used across all Edge Server VMs, or each VM can use its own certificate, as long as they all have the internal pool FQDN in the subject name.

Note:

Remember to import the Root CA certificates if internal or private certificates are going to be used.

With the Sonus CCE Appliance, this step is handled by the CCE Installation Wizard.

Firewall Port Configuration3

Internal Firewall

Source IP Destination IP Source Port Destination Port

Cloud Connector Mediation component

SBC/PSTN Gateway Any TCP 5060**

SBC/PSTN Gateway Cloud Connector Mediation component

Any TCP 5068/TLS 5067


Internal clients 49 152–57 500*

TCP 50,000–50,019


Internal clients 49 152–57 500*

UDP 50,000–50,019

Internal clients Cloud Connector Mediation component

TCP 50,000–50,019

49 152–57 500*

Internal clients Cloud Connector Mediation component

UDP 50,000–50,019

49 152–57 500*

* This is the default port range on the Mediation component. For optimal call flow, four ports per call are required. ** This port should be configured on the SBC/PSTN gateway; 5060 is an example. Other ports on the SBC/PSTN gateway can be configured as required.

External Firewall - Minimum Configuration


Any Cloud Connector Edge External Interface

Any TCP 5061

Cloud Connector Edge External Interface

Any UDP 3478 UDP 3478


TCP 50,000–59,999

TCP 443


UDP 3478 UDP 3478


Any TCP 50,000–59,999

TCP 443

External Firewall - Recommended Configuration



Any TCP 5061


Any TCP 50,000–59,999 Any


Any UDP 3478; UDP 50,000–59,999

Any


Any TCP 443; TCP 50,000–59,999


Any UDP 3478; UDP 50,000–59,999

3 Taken from TechNet

Configuration Guide for Users, Dial-Plans, Voice Routes and PSTN

Usage

This section covers the view for Cloud Connector Edition Setup only. Remember to assign an Office

365 license before users are enabled for a Skype for Business online account.

Connect to MSOnline Best is connecting to MSOnline too

Import-Module MSOnline

$credential = get-credential

Connect-MsolService -Credential $credential

Connect to Skype for Business Online

The Business Online Connector (Windows PowerShell module) can be download from the Microsoft download center.

For more information go to Configuring your computer for Skype for Business Online management.

Import-Module skypeonlineconnector

$cred = Get-Credential

$Session = New-CsOnlineSession -Credential $cred -Verbose

Import-PSSession $session

https://www.microsoft.com/en-us/download/details.aspx?id=39366

https://www.microsoft.com/en-us/download/details.aspx?id=39366

https://technet.microsoft.com/en-us/library/dn362839(v=ocs.15).aspx

Management Guide for Users

The Set-CsUser command is used for both types of installation – on-premises as well as the Skype for

Business Online version. Using the Skype for Business Management Shell (that is delivered with

Skype for Business on-premises) is not recommended for configuring Skype for Business Online in

Office 365. Instead, the standard PowerShell is used and the skypeonlineconnector is imported in a

standalone setup. This way, the on-premises version commandlets are not visible nor usable.

It is important to understand that Skype for Business users cannot simply be created. Rather, the

user must be created either in Office 365 (Azure AD) or in an on-premises AD, and then synced to

Office 365 (Azure AD). From here a user for Skype for Business Online can be enabled, or the

parameters can be modified.

Reading and Writing User Information and Settings

Once the Skype for Business Online accounts are started, the well-known on-premises commands are

working. Therefore, Get-CsUser must be replaced with Get-CsOnlineUser as an example.

Note that for syncing users and changing settings, the online Admin Center is used.

WARNING:

The Set-CsUser commandlet is available to Skype for Business Online administrators. However,

Set-CsUser cannot currently be used to manage Skype for Business Online, except for setting the

AudioVideoDisabled parameter. Attempting to run the commandlet with any other parameter

will fail, and the following error message will appear: “Unable to set SipAddress. This parameter is

restricted within Remote Tenant PowerShell.”

Configuration Guide for Cloud Connector on Sonus Appliance

The scenarios presented so far are in the controlled environment of a Sonus Lab. However, in a live

production environment, there might be more internal network segments, including possibly two

firewall systems.

Note:

It is crucial to verify the SBC and Mediation Server listening ports. The SBC (that is, the PSTN/SIP

Trunk gateway) should listen on TCP 5060, or if encrypted, on TLS 5061. The Skype for Business VM

containing the Mediation Server has to listen on TCP 5068, or if encrypted, on TLC 5067.

For this port configuration, the requirements for the CloudConnector.ini and the Sonus Gateway

configuration should be considered.

Cloud Connector Configuration Data Definition

In the configuration example–which includes a Microsoft Office 365 E5 Plan-based tenant–the multi-

site CCE deployment worked using real data from a Sonus Lab. Most of the parameters are defined

within the CCE Setup Wizard included with the appliance. However, if a Sonus SBC and standard-

deployed Hyper-V-based CCE is used, the table on the following page contains the parameters

needed.

The CCE board is included on the Sonus SBC 2000 chassis, which also contains the PSTN gateway.

Since there is no Media Bypass possible with CCE (at this time), the Mediation Server <-> Gateway

communication should be unencrypted, which lets the Mediation Server talk and listen on TCP Port

5068, and the Gateway on TCP Port 5060. Before starting the configuration, the parameters in the

following sections need to be defined.

Configuration Data Definition APSITE1 (Malaysia)

The LAN site is network address 192.168.210.0/24

Parameter Value

SIP Domain sonusms01.com

Virtual Machine Domain sfbhybridtest.local

Server Name AD

IP 192.168.210.115

Online SIP Federation FQDN sipfed.online.lync.com

Site Name AEPSITE1

Base VMIP 192.168.210.119

Management Switch Name SfB CCE Management Switch

Internet Switch Name SfB CCE Internet Switch

Corpnet Switch Name SfB CCE Corpnet Switch

Management IP Address Prefix 192.168.219.0

Internet Default Gateway 192.168.211.1

Corpnet Default Gateway 192.168.210.1

Internet DNS IP Address 8.8.8.8

Corpnet DNS IP Address 8.8.8.8

Primary CMS

Server Name CMS-Server

IP Address 192.168.210.116

Share Name CmsFileStore

Mediation Server

Server Name MediationServer

Pool Name mspool

IP Address 192.168.210.117

Edge Server

Internal Server Name Edge-064913

External MR Public IPs 12.8.245.86

External SIP IPs 192.168.211.86

Internal Pool Name Edgepool

Internal Server IPs 192.168.210.118

External MR IPs 192.168.211.86

External SIP Pool Name AEPSITE2

Gateway

FQDN Sbc1.sfbhybridtest.local

IP Address 192.168.210.113

PORT 5060

Protocol TCP

Enable Refer Support true

Sonus Network (specific too)

Network Type intranet

Deployment Type standalone

Configuration Data Definition APSITE2 (Germany)

The LAN site is network address 192.168.100.0/24

Parameter Value

SIP Domain sonusms01.com

Virtual Machine Domain sfbhybridtest.local

Server Name AD-064913

IP Address 192.168.100.115

Online SIP Federation FQDN sipfed.online.lync.com

Site Name AEPSITE2

Base VM IP Address 192.168.100.119

Management Switch Name SfB CCE Management Switch

Internet Switch Name SfB CCE Internet Switch

Corpnet Switch Name SfB CCE Corpnet Switch

Management IP Address Prefix 192.168.219.0

Internet Default Gateway 192.168.211.1

Corpnet Default Gateway 192.168.100.1

Internet DNS IP Address 8.8.8.8

Corpnet DNS IP Address 8.8.8.8

Primary CMS

Server Name CMS-064913

IP Address 192.168.100.116

Share Name CmsFileStore

Mediation Server

Server Name Med-064913

Pool Name mspool

IP Address 192.168.100.117

Edge Server

Internal Server Name Edge-064913

External MR Public IPs 12.8.245.84

External SIP IPs 192.168.211.84

Internal Pool Name Edgepool

Internal Server IPs 192.168.100.118

External MR IPs 192.168.211.84

External SIP Pool Name AEPSITE2

Gateway

FQDN sbc2.sfbhybridtest.local

IP Address 192.168.100.113

Port 5060

Protocol TCP

Enable Refer Support true

Sonus Network (specific too)

Network Type intranet

Deployment Type standalone

Cloud Connector Configuration Files (CloudConnector.ini)

Both systems have wizard-based automatically-generated CloudConnector.ini files.

CloudConnector.ini (Malaysia)

; Build number 6.0.9319.255 - Keep this comment for diagnostic purpose

;;;;;;;;;;;;;; Common (topology-wide) parameters. ;;;;;;;;;;;;;

[Common]

;Domain(s) of SIP URIs used by company users.

;Domain(s) registered on O365.

;Support multiple domains separated by space. First domain is the default used.

;for phone URI.

SIPDomains=sonusms01.com

;Domain DNS suffix for the Skype for Business Cloud Connector Edition itself.

;Virtual machines CMS, Mediation server join this domain.

;Can be local (e.g. does not need to be in public DNS)

;MUST be different with domain(s) registered on O365

VirtualMachineDomain=sfbhybridtest.local

;AD Server Name

ServerName=AD

;AD Server IP address

IP=192.168.210.115

;O365 Online service FQDNs

;No need to change for world-wide O365 instance. For other instances, go to domain settings

page in O365 portal to get the right FQDN.

OnlineSipFederationFqdn=sipfed.online.lync.com

;Optional site parameters

SiteName=AEPSITE1

CountryCode=MY

City=KUALALUMPUR

State=SG

;The IP address of the VM that prepares base VM image

;This setting is only necessary for Convert-CcIsoToVhdx

BaseVMIP=192.168.210.119

;;;;;;;;;;;;;;;;;;;; Parameters for a pool of VM network. ;;;;;;;;;;;;;;;;;;;;

[Network]

; For Corpnet IPs

CorpnetIPPrefixLength=24

; For Edge external IPs

InternetIPPrefixLength=24

; The Hyper-V switch names for Corpnet and internet connectivity.

CorpnetSwitchName=SfB CCE Corpnet Switch

InternetSwitchName=SfB CCE Internet Switch

;Default gateway in Corpnet

;Corpnet default gateway enables automatic updating the servers from the Corpnet

;It must be configured for Convert-CcIsoToVhdx to convert windows ISO file to VHDX file

;Corpnet default gateway will allow BaseVM to connect to internet and install window update

packs

CorpnetDefaultGateway=192.168.210.1

;Internet default gateway to enable Edge server to connect O365 servers

;Remove or leave it as blank if don't want to configure default gateway

InternetDefaultGateway=192.168.211.1

;DNS IP address in Corpnet


;Corpnet DNS will allow BaseVM to connect to internet and install window update packs

CorpnetDNSIPAddress=8.8.8.8

;Internet DNS IP address for resolving _sipfederationtls._tcp.<domain> and _sip._tls.<domain>

;This DNS will be assigned to internet connection network adapter on Edge server

;The Edge server must be able to resolve public DNS records for the O365 Sip Domain

;If Gateway FQDN uses O365 Sip Domain in name for TLS purposes, be sure to set this IP address

to allow Edge to resolve these records

InternetDNSIPAddress=8.8.8.8

; The management switch to provide network connectivity of host and VMs.

; ManagementIPPrefix in MUST be configured as different subnet from other internal IPs.

; Just as the default value shown, ManagementIPPrefix is 192.168.213.0, while AD IPAddress is

192.168.0.238

; The ManagementIPPrefixLength should be a value in range [8, 29].

ManagementSwitchName=SfB CCE Management Switch

ManagementIPPrefix=192.168.219.0

ManagementIPPrefixLength=24

;;;;;;;;;;;;; Parameters for Primary Central Management Service. ;;;;;;;;;;;;;

[PrimaryCMS]

;Server name which will be used to generate Server FQDN. It CANNOT contain .<DomainName>

;Pool name will be the same as server name.

ServerName=CMSServer

;Server IP address

IP=192.168.210.116

;File share name for Primary CMS File Store Service.

;Must be created on the Primary CMS server (used for replication of CMS data

;to other servers and backup CMS)

ShareName=CmsFileStore

;;;;;;;;;;;;;;;;;;;; Parameters for a pool of Mediation Servers. ;;;;;;;;;;;;;;;;;;;;

[MediationServer]

;Server name which will be used to generate server FQDN. It CANNOT contain .<DomainName>

ServerName=MediationServer

;Pool name which will be used to generate pool FQDN. It CANNOT contain .<DomainName>

PoolName=mspool

;Server IP address

IP=192.168.210.117

;;;;;;;;;;;;;;;;;;;; Parameters for a pool of Edge Servers. ;;;;;;;;;;;;;;;;;;;;

[EdgeServer]


InternalServerName=EdgeServer


;FQDN of the Edge Pool internal interface must resolve to IP addresses on

;internal interfaces of all Edge servers (one A record per server)

InternalPoolName=edgepool

;Internal IP addresses of servers in Edge Server Pool.

InternalServerIPs=192.168.210.118


;FQDN of the Edge Pool external interface for SIP traffic must resolve to

;IP addresses on external interfaces of all Edge servers (one

;A record per server) or to the VIP of HLB (if HLB is used for SIP traffic).

;The suffix of this FQDN should be the default (first) internal domain.

;The "sip" prefix is not allowed.

ExternalSIPPoolName=aepsite1

;External IP addresses of servers in Edge Server Pool for SIP traffic.

;Public IP addresses if there is no NAT (firewall or HLB),

;NAT-ed addresses otherwise.

ExternalSIPIPs=192.168.211.86


;FQDN of the Edge Pool external interface for media traffic must resolve to

;IP addresses on external interfaces of all edge servers (one

;A record per server) or to the VIP of HLB (if HLB is used for media traffic).

;Can be the same FQDN as External SIP FQDN (since there is no client

;SIP traffic in this topology there is no conflict for port 443).

ExternalMRFQDNPoolName=aepsite1

;External IP addresses of servers in Edge Server Pool for Media traffic.

;Public IP addresses if there is no NAT or firewall or HLB,


;Can be the same IPs as External SIP IPs (since there is no client SIP traffic

;in this topology there is no conflict for port 443).

ExternalMRIPs=192.168.211.86

;Public External IP addresses of servers in Edge Server Pool for Media

;traffic. Should only be specified if NAT (firewall or HLB) is used.

;If NAT is not used, keep this element here and leave the value as blank.

;Single IP addresses in case of HLB, multiple addresses (one per edge)

;in case of DNS LB.

ExternalMRPublicIPs=12.8.245.86

;Public External port range for Media Relay (AV Edge role)

;MR port start from 50000, the range should be even number from 100 to 10000

;For both TCP and UDP

;Each concurrent call need 2 ports

;So the concurrent call capability in MR should be range / 2

;Note: concurrent call number also depends on the capability of PSTN Gateway

ExternalMRPortRange=10000

;Parameters for gateway

;If only one Gateway is needed, remove entire [GateWay2] section. Don't keep it but leave

values empty.

;If Gateway FQDN uses O365 Sip Domain in name for TLS purposes, be sure to set

InternetDNSIPAddress to allow Edge to resolve these records

[Gateway1]

; Gateway FQDN

FQDN=sbc1.sfbhybridtest.local

;Gateway IP address

IP=192.168.210.113

;Gateway Port

Port=5060

;Protocol for SIP traffic (TCP or TLS)

Protocol=TCP

;List of voice routes used by this gateway.

;Routes are defined in the next section.

VoiceRoutes=LocalRoute

;;;;;;;;;;;;;;;;;;;; Parameters for hybrid voice routing ;;;;;;;;;;;;;;;;;;;;

[HybridVoiceRoutes]

;Named voice route to be used by one or more gateways

LocalRoute=.*

;;;;;;;;;;;;;;;;;;;; Parameters for TrunkConfiguration ;;;;;;;;;;;;;;;;;;;;

[TrunkConfiguration]

;Whether Gateways support Refer. It is used for Call Transfer scenario.

;The value can be "true" or "false". Default value is "true".

;EnableReferSupport set to "true" means the Gateway(s) support Refer which can handle all the

call transfer stuffs.

;EnableReferSupport set to "false" means the Gateway(s) don't support Refer. Then Mediation

Server will handle all the call transfer stuffs.

EnableReferSupport=true

CloudConnector.ini (Germany)

; Build number 6.0.9319.255 - Keep this comment for diagnostic purpose

;;;;;;;;;;;;;; Common (topology-wide) parameters. ;;;;;;;;;;;;;

[Common]

;Domain(s) of SIP URIs used by company users.

;Domain(s) registered on O365.

;Support multiple domains separated by space. First domain is the default used.

;for phone URI.

SIPDomains=sonusms01.com

;Domain DNS suffix for the Skype for Business Cloud Connector Edition itself.

;Virtual machines CMS, Mediation server join this domain.

;Can be local (e.g. does not need to be in public DNS)

;MUST be different with domain(s) registered on O365

VirtualMachineDomain=sfbhybridtest.local

;AD Server Name

ServerName=AD-064913

;AD Server IP address

IP=192.168.100.115

;O365 Online service FQDNs

;No need to change for world-wide O365 instance. For other instances, go to domain settings

page in O365 portal to get the right FQDNs.� OnlineSipFederationFqdn=sipfed.online.lync.com

;Optional site parameters

SiteName=AEPSITE2

CountryCode=DE

City=MUNICH

State=BY

;The IP address of the VM that prepares base VM image

;This setting is only necessary for Convert-CcIsoToVhdx

BaseVMIP=192.168.100.119

;;;;;;;;;;;;;;;;;;;; Parameters for a pool of VM network. ;;;;;;;;;;;;;;;;;;;;

[Network]

InternetSwitchName=SfB CCE Internet Switch

; For Edge external IPs

InternetIPPrefixLength=24

ManagementIPPrefixLength=24

;Internet default gateway to enable edge server to connect O365 servers

;Remove or leave it as blank if don't want to configure default gateway

InternetDefaultGateway=192.168.211.1

;Default gateway in Corpnet

;Corpnet default gateway enables automatic updating the servers from the Corpnet


;Corpnet default gateway will allow BaseVM to connect to internet and install window update

packs

CorpnetDefaultGateway=192.168.100.1

;Internet DNS IP address for resolving _sipfederationtls._tcp.<domain> and _sip._tls.<domain>

;This DNS will be assigned to internet connection network adapter on Edge server

;The Edge server must be able to resolve public DNS records for the O365 Sip Domain

;If Gateway FQDN uses O365 Sip Domain in name for TLS purposes, be sure to set this IP address

to allow Edge to resolve these records

InternetDNSIPAddress=8.8.8.8

;DNS IP address in Corpnet


;Corpnet DNS will allow BaseVM to connect to internet and install window update packs

CorpnetDNSIPAddress=8.8.8.8

; The Hyper-V switch names for Corpnet and internet connectivity.

CorpnetSwitchName=SfB CCE Corpnet Switch

; For Corpnet IPs

CorpnetIPPrefixLength=24

ManagementIPPrefix=192.168.219.0

; The management switch to provide network connectivity of host and VMs.

; ManagementIPPrefix in MUST be configured as different subnet from other internal IPs.

; Just as the default value shown, ManagementIPPrefix is 192.168.213.0, while AD IPAddress is

192.168.0.238

; The ManagementIPPrefixLength should be a value in range [8, 29].

ManagementSwitchName=SfB CCE Management Switch

;;;;;;;;;;;;; Parameters for Primary Central Management Service. ;;;;;;;;;;;;;

[PrimaryCMS]

;Server name which will be used to generate Server FQDN. It CANNOT contain .<DomainName>

;Pool name will be the same as server name.

ServerName=CMS-064913

;Server IP address

IP=192.168.100.116

;File share name for Primary CMS File Store Service.

;Must be created on the Primary CMS server (used for replication of CMS data

;to other servers and backup CMS)

ShareName=CmsFileStore

;;;;;;;;;;;;;;;;;;;; Parameters for a pool of Mediation Servers. ;;;;;;;;;;;;;;;;;;;;

[MediationServer]


ServerName=Med-064913


PoolName=mspool

;Server IP address

IP=192.168.100.117

;;;;;;;;;;;;;;;;;;;; Parameters for a pool of Edge Servers. ;;;;;;;;;;;;;;;;;;;;

[EdgeServer]

;Public External IP addresses of servers in Edge Server Pool for Media

;traffic. Should only be specified if NAT (firewall or HLB) is used.

;If NAT is not used, keep this element here and leave the value as blank.

;Single IP addresses in case of HLB, multiple addresses (one per edge)

;in case of DNS LB.

ExternalMRPublicIPs=12.8.245.84

;External IP addresses of servers in Edge Server Pool for SIP traffic.

;Public IP addresses if there is no NAT (firewall or HLB),


ExternalSIPIPs=192.168.211.84


;FQDN of the Edge Pool internal interface must resolve to IP addresses on

;internal interfaces of all Edge servers (one A record per server)

InternalPoolName=edgepool

;Internal IP addresses of servers in Edge Server Pool.

InternalServerIPs=192.168.100.118

;External IP addresses of servers in Edge Server Pool for Media traffic.

;Public IP addresses if there is no NAT or firewall or HLB,


;Can be the same IPs as External SIP IPs (since there is no client SIP traffic

;in this topology there is no conflict for port 443).

ExternalMRIPs=192.168.211.84


;FQDN of the Edge Pool external interface for SIP traffic must resolve to


;A record per server) or to the VIP of HLB (if HLB is used for SIP traffic).

;The suffix of this FQDN should be the default (first) internal domain.

;The "sip" prefix is not allowed.

ExternalSIPPoolName=AEPSITE2


InternalServerName=Edge-064913

;Public External port range for Media Relay (AV Edge role)

;MR port start from 50000, the range should be even number from 100 to 10000

;For both TCP and UDP

;Each concurrent call need 2 ports

;So the concurrent call capability in MR should be range / 2

;Note: concurrent call number also depends on the capability of PSTN Gateway

ExternalMRPortRange=10000


;FQDN of the Edge Pool external interface for media traffic must resolve to


;A record per server) or to the VIP of HLB (if HLB is used for media traffic).

;Can be the same FQDN as External SIP FQDN (since there is no client

;SIP traffic in this topology there is no conflict for port 443).

ExternalMRFQDNPoolName=AEPSITE2

;Parameters for gateway

;If only one Gateway is needed, remove entire [GateWay2] section. Don't keep it but leave

values empty.

;If Gateway FQDN uses O365 Sip Domain in name for TLS purposes, be sure to set

InternetDNSIPAddress to allow Edge to resolve these records

[Gateway1]

; Gateway FQDN

FQDN=sbc2.sfbhybridtest.local

;Gateway IP address

IP=192.168.100.113

;Gateway Port

Port=5060

;Protocol for SIP traffic (TCP or TLS)

Protocol=TCP

;List of voice routes used by this gateway.

;Routes are defined in the next section.

VoiceRoutes=LocalRoute

;;;;;;;;;;;;;;;;;;;; Parameters for hybrid voice routing ;;;;;;;;;;;;;;;;;;;;

[HybridVoiceRoutes]

;Named voice route to be used by one or more gateways

LocalRoute=.*

;;;;;;;;;;;;;;;;;;;; Parameters for TrunkConfiguration ;;;;;;;;;;;;;;;;;;;;

[TrunkConfiguration]

;Whether Gateways support Refer. It is used for Call Transfer scenario.

;The value can be "true" or "false". Default value is "true".

;EnableReferSupport set to "true" means the Gateway(s) support Refer which can handle all the

call transfer stuffs.

;EnableReferSupport set to "false" means the Gateway(s) don't support Refer. Then Mediation

Server will handle all the call transfer stuffs.

EnableReferSupport=true

[SonusNetworks]

NetworkType=intranet

DeploymentType=standalone

Configuring the Sonus Appliance

The CCE Appliance configuration and setup is isolated from an Office 365 deployment; it simply

integrates with Office 365 as component. The focus will be on the setup, configuration, testing and

integration with the Office 365 E5 tenant shared at Sonus. Within the live configuration example–

which includes a Microsoft Office 365 E5 Plan-based tenant– the multi-site CCE deployment worked

using real data from a Sonus Lab.

Sonus Appliance Setup – Germany Site

In earlier sections, the planning stages for a CCE deployment was described; the illustration below

summarizes this.

On Premise (SITE GERMANY)


Edge

DC and CA

CMS

Mediation

EDGEMY01.SONUSMS01.COM


CCE HOST

SONUS CCE Appliance

192.168.100.117

192.168.100.115

192.168.100.116

192.168.219.0


192.168.100.113

also gateway

configuration

IP address for

browser

192.168.211.84/24


192.168.100.119BaseVMIP (temp)for

ISO2VHDX conversion

internal

external


192.168.100.118

192.168.100.114

192.168.211.85

NIC1(physical)

NIC2(physical)

The Sonus appliance will start out-of-the-box. To access the default website, change the gateway IP

address to the 192.168.100.113. From this point forward, navigate to each section highlighted below.

Note:

NIC 1 has two IP addresses assigned because the NIC is used for both the vSwitch and the gateway

Network and CloudConnector.ini on CCE Site

Set the Network Interfaces on CCE

The first step is navigating to the Settings tab –> ASM Configuration in the Node Interfaces section.

Here a real IP address is assigned to the physical SBC network interface.

Two Class C networks are defined:

NIC 1 LAN (and CCE VMs): IP: 192.168.100.0/24, IP: 192.168.100.114

NIC 2 Internet (and CCE Edge VMs): IP: 192.168.211.0/24, IP: 192.168.211.85

Set VM and Hyper-V Networks on CCE

Next click the Tasks tab –> Configure CCE, where the CCE deployment information is provided, such

as CCE VM IP addresses, internal/external DNS server, and so on. The Deployment Type also needs to

be chosen, either Standalone or Corporate Intranet. This defines a single CCE (non-HA) and LAN

deployment.

Note:

The internal DNS will be set in the next section.

Adjust or Administer the DNS Server Setting

Under System –> Node-Level Settings, change the Primary Server IP/DNS within Domain Name

Service window to the Controller IP address, 192.168.100.115.

Start CCE Deployment on Appliance Configuration (Wizard)

After verifying the settings and parameters, CCE deployment is ready. This can take one to two

hours.

Navigate to System and click “Deploy CCE VM” where there is a summary of all the important

parameters from the CloudConnector.ini file.

Deploy the CCE Appliance by clicking “Prepare CCE” at the bottom of the page.

You will be asked providing the certificate password, either your password for the imported

certificate file or the certificate requires answer file writing the certificate into the CCE appliance,

storing the file locally.

Next step will be a reminder proceeding with the CCE installation process.

Finalizing CCE Deployment on Appliance using the Hyper-V host powershell

The process for installing the CCE VMs and automatically letting them be configured is identically

with the process described in the Technet.

Register-CcAppliance

Install-CcAppliance

Next you need to provide the required user accounts and password:

Local VmAdmin, DomainAdmin, SafeModeAdmin, ExternalCert’s and

user name and password of your Office 365 admin account

Next start the deployment for Cloud Connector Appliance with the cmdlet Install-CcAppliance

The VM deployment will start immediately. Connect to the HOST with the defined IP address and

open the Virtual Machine Manager to find:

The VM being cloned

SysPrep

VM started

Updated (Windows Update)

Finalized

Note:

If you started a redeployment, you must unregister the existing CCE Appliance configuration with

your Office 365 tenant, by using:

Get-CsHybridPSTNAppliance

(NOTE: mark the IDENTITY)

Unregister-CsHybridPSTNAppliance -identity <MarkedName> -Force

Set Up CCE Skype for Business to Mediation Server

After a successful deployment, the correct Mediation Server to Gateway Transmission Control

Protocol (TCP) ports must be validated.

• Navigate to the main page, select “SBC Easy Setup,” and the Configuration Wizard will

automatically open.

• In Step 1, choose SIP Skype for Business/Lync. Using a SIP Trunk to ensure the PSTN

is available for ISDN usage as determined earlier.

• Type a scenario description, such as “Cloud Connector Edition,” and then choose the telephony

country. It is not important which country is chosen at this step because normalization will be

configured manually.

• Select the SIP Trunk provider and the Skype for Business/Lync Version.

Note: Cloud Connector is only available for Skype for Business.

Click Next.

IMPORTANT:

Make sure the appropriate Mediation Server vs. Gateway Ports are selected.

TCP TLS

Mediation Server 5068 5067

Gateway/SBC 5060 5061

In the scenarios discussed up to this point, the work has been based on TCP, not Transport Layer

Security (TLS).

To define the Border Server Element and the SIP Trunk Provider’s SBC, use

provider1.domain.com

For the live setup, our own internal SIP Test Simulator (provider)–with the given FQDN–has

been defined

Choose TCP or UDP for the protocol submission, with the Port Number: 5060 (depending on

the provider)

The Skype for Business connection is the Mediation Server, listening on TCP Port: 5068 with

the FQDN mspool.sfbhybridtest.local (the chosen internal CCE Active Directory Domain)

Click Next.

In Step 3, the SBC Setup Configuration Summary provides an overview of the configured parameters.

If the parameters are correct, proceed.

Click Finish.

The Installation Wizard will now apply the appropriate configurations to the SBC/Gateway and Skype

for Business (CCE). At this point the CCE Appliance setup is complete. Testing connectivity must now

take place before users can begin using the system.

Test CCE Network and SIP Connectivity

Testing the setup for connectivity is crucial. If testing is done completely and correctly, time required

for troubleshooting can be minimized. Start with a simple ping from the gateway/SBC to the

Mediation Server Pool FQDN.

At the same time, test the opposite as well, just to be sure all the systems are working properly; ping

the SBC from within the Mediation Server virtual machine.

For the final step, check the SIP connectivity.

Go to Signaling Groups and click the Settings tab

Below Display is the Counter

Click Counter and a new window opens, providing SIP message information

Make sure Incoming and Outgoing Requests are visible

The Service Status column is the first indicator that the interfaces see each other. If a package flow is

active it will be green.

Sonus Appliance Setup – Malaysia Site

In earlier sections, the planning stages for a CCE deployment was described; the illustration below

summarizes this.

On Premise (SITE MAYASIA)

EDGEDE01.SONUSMS01.COM


Edge

DC and CA

CMS

Mediation


CCE HOST

SONUS CCE Appliance

internal

external

192.168.210.117

192.168.210.115

192.168.210.116

192.168.219.0


192.168.210.113

also gateway

configuration

IP address for

browser

192.168.211.86/24


192.168.210.119BaseVMIP (temp)for

ISO2VDHX conversion

192.168.210.114


192.168.210.118

192.168.211.87

NIC1(physical)

NIC2(physical)

The Sonus appliance will start out-of-the-box. To access the default website, change the gateway IP

address to the 192.168.100.113. From this point forward, navigate to each section highlighted below.

Note:

NIC 1 has two IP addresses assigned because the NIC is used for both the vSwitch and the gateway.

Network and CloudConnector.ini on CCE SITE

Set the Network Interfaces on CCE

The first step is navigating to the Settings tab –> ASM Configuration in the Node Interfaces section.

Here a real IP address to the physical SBC network interface will be assigned.

Two Class C networks are defined:

NIC 1 LAN (and CCE VMs): IP: 192.168.210.0/24, IP: 192.168.210.114

NIC 2 Internet (and CCE Edge VMs): IP: 192.168.211.0/24, IP: 192.168.211.87

Set VM and Hyper-V Networks on CCE

Next click the Tasks tab –> Configure CCE, where the CCE deployment information–such CCE VM IP

addresses, internal/external DNS server, and so on–will be provided. The Deployment Type–either

Standalone or Corporate Intranet–will also be chosen. This defines a single CCE (non-HA) and LAN

deployment.

Note:

The internal DNS will be set in the next section.

Adjust or Administer the DNS Server Setting

Under System –> Node-Level Settings, change the Primary Server IP/DNS within Domain Name

Service window to the Controller IP address, 192.168.210.115.

Start CCE Deployment on Appliance Configuration (Wizard)

After verifying the settings and parameters, CCE deployment is ready. This can take one to two

hours.

Navigate to System and click “Deploy CCE VM.” A summary of all the important parameters from the

CloudConnector.ini file will be there.

Deploy the CCE Appliance by clicking “Prepare CCE” at the bottom of the page.

Follow the identical step provided in the section: Finalizing CCE Deployment on Appliance using the

Hyper-V host powershell

The VM deployment will start immediately. Connect to the HOST with the defined IP address and

open the Virtual Machine Manager to find:

The VM being cloned

SysPrep

VM started

Updated (Windows Update)

Finalized

Set Up CCE Skype for Business to Mediation Server

After a successful deployment, you must validate the correct Mediation Server to Gateway

Transmission Control Protocol (TCP) ports.

• Navigate to the main page, select “SBC Easy Setup,” and the Configuration Wizard will

automatically open.

• In Step 1, choose SIP Skype for Business/Lync. Using an SIP Trunk to ensure the PSTN

is available for ISDN usage as determined earlier.

• Type a scenario description, such as “Cloud Connector Edition,” and then choose the telephony

country. It is not important which country is chosen at this step because we will configure the

normalization manually.

• Select the SIP Trunk provider and the Skype for Business/Lync Version.

Note: Cloud Connector is only available for Skype for Business.

Click Next.

IMPORTANT:

Make sure the appropriate Mediation Server vs. Gateway Ports have been selected.

TCP TLS

Mediation Server 5068 5067

Gateway/SBC 5060 5061

In the scenarios discussed up to this point, the work has been based on TCP, not Transport Layer

Security (TLS).

To define the Border Server Element and the SIP Trunk Provider’s SBC, use

provider1.domain.com

For the live setup, the internal SIP Test Simulator (provider)–with the given FQDN–has been

defined

Choose TCP or UDP for the protocol submission, with the Port Number: 5060 (depending on

your provider)

The Skype for Business connection is the Mediation Server, listening on TCP Port: 5068 with

the FQDN mspool.sfbhybridtest.local (the chosen internal CCE Active Directory Domain)

Notes:

In this scenario–in a Sonus lab–the SIP Simulator and Contact Center are located on the same

system, provider1.domain.com. It uses an SIP trunk-based PSTN for connectivity. In a live production

environment this might be a different FQDN or IP address.

Both CCEs are using the same CCE-based Active Directory Domain, but the CCE sites are not related to

each other in terms of AD security principals and UIDs. This is a typical configuration, and is

supported.

Click Next.

In Step 3, the SBC Setup Configuration Summary provides an overview of the configured parameters.

If the parameters are correct, proceed.

Click Finish.

The Installation Wizard will now apply the appropriate configurations to the SBC/Gateway and Skype

for Business (CCE). At this point the CCE Appliance setup is complete. Testing connectivity must now

take place before users can begin using the system.

Test CCE Network and SIP Connectivity

Testing the setup for connectivity is crucial. If testing is done completely and correctly, time required

for troubleshooting can be minimized. Start with a simple ping from the gateway/SBC to the

Mediation Server Pool FQDN.

At the same time, test the opposite as well, just to be sure all the systems are working properly; ping

the SBC from within the Mediation Server virtual machine.

For the final step, check the SIP connectivity.

Go to Signaling Groups and click the Settings tab

Below Display is the Counter

Click Counter and a new window opens, providing the SIP message information

Make sure Incoming and Outgoing Requests are visible

The Service Status column is the first indicator that the interfaces see each other. If a package flow is

active it will be green.

Sonus Session Border Control Configuration Numbering (Normalization)

Normalization ensures the SIP Trunk, and PSTN connectivity, are working correctly. SIP Trunks have

their own requirements, depending on which format is supported, and at times might require

different normalizations.

Generally, Skype for Business works with E.164 format internally, so incoming calls must follow this

format as well, especially with Cloud PBX. In the future this may change. Outgoing calls from Skype

for Business to the connected SIP Trunk will mostly require service provider and area-based

normalization.

If the E.164 format is unfamiliar, there is plenty of available documentation explaining it, including

the blog, Demystify Lync Enterprise Voice Phone Numbers and Extension, written by Thomas Poett,

author of this Configuration Guide.

As an example, suppose the German SIP Trunk is accepting E.164 format calls end-to-end. In

Malaysia, however, it depends on the registered location, which is Kuala Lumpur in this example. The

SIP Trunk will not accept a “+” sign in front of the phone number, and in-country calls must also

exclude the country and area code. So, calls to and from Kuala Lumpur cannot use E.164 format

(+6031234567) calls, but instead must follow the 1234567 format.

To become familiar with normalizations, testing and configuring can be accomplished using the

http://regex101.com website, shown below.

Normalization – CCE Deployment Overview

As described in the previous section, the following number behavior is common with CCE

deployments. Skype for Business uses non-customizable DialPlans. Internally, it uses the E.164

format exclusively, so SIP Trunks must send calls using a different format that have matching

normalization for calls into the SIP Trunk.

Skype for Business Incoming (to SfB) Outgoing (to PSTN)

Munich, Germany

Canada with US +14161234567 14161234567 14161234567

Any Location E.164 E.164 E.164

http://lyncuc.blogspot.com/2013/02/demystify-lync-enterprise-voice-phone.html

http://regex101.com/

Kuala Lumpur, Malaysia

KL (03) +60312345678 12345678 1234567

Malaysia (+60) +604412345678 0412345678 0412345678

Singapore (+65) +6512345678 006512345678 0212345678

Singapore (02) +6512345678 0212345678 0212345678

+60212345678 0212345678 0212345678

International +498912345678 00498912345678 00498912345678

Normalization – Configuration

Normalization – Configuration for Skype

To configure normalization rules go to Transformation, and choose Cloud Connector Edition: From

Skype/Lync: Passthrough.

Click the green “+” sign to add a new normalization rule.

Normalization – Configuration for SIP Trunk

To configure normalization rules go to Transformation, and choose Cloud Connector Edition: From

SIP Trunk: Passthrough.

Click the green “+” sign to add a new normalization rule.

Normalization – Germany Site (Munich and Toronto)

The SIP Trunk in Germany is responsible for incoming calls in the following number ranges:

Munich, Germany:

Number Block - Users: +49 89 561234100 -> +49 89 561234999

Number Block - Contact Center: +49 89 561235-0 -> +49 89 56123509

Toronto, Canada:

Number Block - Users: +1 416 406-1000 -> +1 416 406 1099

There is a unique condition with calls to and from Toronto; the SIP Trunk does not provide–nor

accept–a “+” sign for this location. This means that incoming calls to a Toronto user might look like

this: “14164061000.” The same is required for outgoing calls to “+1 numbers,” such as for the US and

Canada. However, calls to Germany will be received in the E.164 format.

Note:

This scenario might differ from one provider to the next; this should help in understanding special

scenarios where multiple locations run through a single SIP Trunk.

Incoming Call to a User in Canada when the +1 is Missing

Canadian users have an E.164 format number assigned, and for calls to go through successfully it is necessary to complete the number. Therefore, there is a mandatory rule of adding a +1 in front of the caller’s number. • The Regex is +1/1 • Description: Passthrough • Match Type: Mandatory (Must Match) • Input Field • Type: Called Address/Number • Value: (.*) • Output Field: • Type: Called Address/Number • Value: +1/1

Calls to Canada Must Have +1 Removed

Conversely, if a user assigned to the German CCE is making a call to the US or Canada, the +1 must be

removed.

• Description: Passthrough

• Match Type: Mandatory (Must Match)

• Input Field:

• Type: Called Address/Number

• Value: +1(.*)

• Output Field:


• Value: \1

Normalization – Malaysia Site (Kuala Lumpur)

In the past, a complication in RegEx requirements for Malaysia and Singapore was seen. This is just

something to keep in mind in case it might be necessary to use Singapore as a Malaysian calling

territory. Years ago, Singapore was part of Malaysia, so the Singapore Country Code +65 is equal to

Malaysia's Country Code which is 60, as far as telephony is concerned. This is just a reminder to raise

awareness should upcoming work with SIP Trunk and PSTN configurations cause issues.

In summary, a Kuala Lumpur phone number in E.164 format might be “+60312345678,” but the

system in Malaysia would require the number “0060312345678.”

• 0060 is the country code for Malaysia,

• 03 is the area code for Kuala Lumpur

• 12345678 is the caller’s phone number

In this configuration, it has been determined that the local billing and SIP Trunk installation address

would be based in Kuala Lumpur.

Incoming Call to Malaysian User

Incoming calls are based on the From SIP Trunk section under Transformation.

For Incoming Calls to a Malaysian User (Replace 00 -> +)

In this example, incoming call numbers starting with “00” were defined. However, the E.164 format

used in Skype for Business requires a “+” instead of “00,” so the following transformation rules to

properly accomplish this change have been defined:

• Description: Replace 00 -> +


• Input Field:


• Value: 00(.*)

• Output Field:


• Value: +\1

Incoming Calls to a Malaysian User (Replace 01–09 -> +60x)

Incoming caller numbers from domestic locations do not include the local country code “+60” so all

Malaysian numbers starting with “01” to “09” will be transformed into “+601” to “+609.”

• Description: Replace 01-09 -> +60x


• Input Field:


• Value: ^0(.[1-9]*)

• Output Field:


• Value: +60\1

Incoming Calls to a Malaysian User (Replace area code 03)

As discussed earlier, local calls coming into–or originating from–the Kuala Lumpur location will not

include country or area codes. All numbers starting with 1 to 9 must be transformed into “+603”

calls, where “+60” is Malaysia and “3” is the Kuala Lumpur area.

• Description: Local Kuala Lumpur Number


• Input Field:


• Value: (.[1-9]*)

• Output Field:


• Value: +603

Outgoing Calls From Malaysian SIP Trunk

Calls originating from the SIP Trunk configuration in Malaysia must be normalized as well in order to

match format requirements.

• Description: Replace + -> 60


• Input Field:


• Value: +(.*)

• Output Field:


• Value: 00\1

• Description: Kuala Lumpur area

• Match Type: Optional (Match One)

• Input Field:


• Value: +603(.*)

• Output Field:


• Value: \1

For the rest of Malaysia:

• Description: +60x into area code 01-09

• Match Type: Optional (Match One)

• Input Field:


• Value: +60(.*)

• Output Field:


• Value: 0\1

Normalization – Incoming from SIP Trunk (Summary)

The normalization rules–as they would apply to scenarios like the ones in our examples–have now

finalized. Proper naming is important because later those rules will be assigned to SBC ports and

general directions. Choose descriptions for normalization rules that will make them easy to identify

later.

All configurations described in the above steps are arranged according to their direction of SIP Trunk

and Skype for Business. This simplifies the organization of normalization rules for later use in multiple

connections.

The following two sections show condensed summaries of the normalization rules that had been

defined for the Malaysian SIP Trunk site. Remember, normalization takes place in both directions:

from the SIP Trunk –> SfB, and from the SfB -> SIP Trunk.

From SIP Trunk to Contact Center and SfB

This subset of normalization rules represents the transformation into a full E.164 format dialed

number string which can be used within Skype for Business Enterprise voice calls.

From Skype for Business/Lync to Contact Center and SIP Trunk

Remember that due to the special situation with Singapore (country code 02), 02 codes must be

included in the rules because of the area code range of 01 to 09. This is a requirement based on the

Malaysian number plan requirements which must use a modified number string for submission into

the SIP Trunk.

Setting Up the Contact Center Connections

The Contact Center is connected to the Germany CCE, utilizing the gateway component via SIP. For

implementation of the routing group–named the SIP Signaling Group–it must be ensured that

outgoing and incoming calls from all three directions are routed through the appropriated exiting

interfaces. The Signaling Group itself acts as an interface.

The logical overview illustration below should be helpful in understanding how the configuration

works. Generally speaking, the Call Routing Group sends and receives calls on behalf the designated

target (Signaling Group) provided in the Transformation Table, assuming this was the table chosen

according to the Transformation Rules.

Configure the SIP Signaling Group

In the Signaling Groups section click the Create Signaling Group drop-down box and select SIP

Signaling Group.

The Contact Center is addressed via:

o The FQDN: ContactCenter.domain.com

o Protocol: UDP

o Port: 5060

Optionally, a dedicated IP address can be chosen.

Call routing behavior All calls coming from the trusted IP/FQDN on the defined Listening Port are accepted and will be sent to the Call Routing Table. The already-configured SIP Signaling Group should look like the following:

Configure the Call Routing Table

The Call Routing Table is the instance sitting in-between the Signaling Groups, routing and modifying calls to and from their designated destinations. Call priority order is important here, because calls will be identified for routing purposes in their sequence order. The rules are: In the Routing Table the following tasks will be handled:

- If matching number, then … - If matching name for, then … - A transformation will occur if present - It will be routed into the Signaling Group (The Input Field is used and forwarded)

Create a new Call Routing Table Go to Call Routing Table and click new (“+”)

o Two destination-based routings will be needed o The Routing Table chooses the Sonus gateway component which is associated with the

external SIP Trunk connection, and Office 365 (CCE) The two Call Routing Tables needed are:

1. From Contact Center to SIP Trunk 2. From Contact Center to Office 365 (CCE: Mediations Server)

While setting up Skype for Business Online (Cloud Connector), the SIP Trunk and the Cloud Connector: Mediation Server were configured as Call Routing Tables. Now, the third group gets set up and its target defined. With the transformation (input filed), it was earlier decided:

o Which numbers would go to the mediation server (all ranges configured in Office 365) o Which ones would go to the external SIP Trunk/PSTN o And for all other calls anything that is intended for the internal defined number range

Call Routing Table: From Contact Center-> Office 365

For destination information, define the CCE Mediation Server as the target. Note: Validation for overlapping number matching needs to be taken into consideration to ensure appropriate routing occurs. Call Routing Table: From Contact Center -> SIP Trunk

Configure Transformation Rules

After configuring Signaling Group and Call Routing, the final step is to ensure the proper transformation of numbers between those groups and tables. The Contact Center can make calls toward the SIP Trunk as well as the Mediation Server, so this requires two transformation entities: • Navigate to Transformation and click New. From there choose New and provide a description of the new transformation. In this case: “No change on number to O365.” • Leave the Transformation Rules configured and activated on Sonus Appliance for Contact Center. The Contact Center to Office 365 (Mediation Server) should look like this:

The SIP Trunk (using the Session Border Controller) should look like this:

Configuring Office 365

This configuration guide is for Cloud Connector Edition, and focusses on tasks aimed at telephony.

NOT covered in this guide are:

o Setting up Office 365 Cloud PBX

o Office 365 Azure Active Directory is installed

o Tenant activation

o Buying and activating user license E-Plans

For everything to work correctly as described in this guide, setting up Office 365 Cloud PBX is a

requirement, and the assumption is made that the reader already has knowledge of the initial Office

365 task. If that is not the case, it is important to come up to speed on setting up Office 365 Cloud

PBX. There is a wealth of information available on this, and one source in particular is the extensive

Microsoft TechNet website.

Another requirement is that Office 365 Azure Active Directory is:

o Installed

o Selected in properties

o Appropriate licenses are activated

o The Cloud PBX feature is activated

In the following screenshot the tenant has an activated E5 license, but without PSTN conferencing.

Note:

License types can vary, and can be started with Cloud PBX. It is important to ensure the Cloud PBX

feature can be provided to users. To activate simply move the slider to “On.”

In this example, users have been named according to their designated countries, but there are no

strict rules for naming users. Two more users are required to complete the scenario, with at least one

user per location. We had defined Germany, Canada and Malaysia, where Germany and Canada will

run based on the same CCE Site (physical) utilizing a single SIP Trunk.

https://technet.microsoft.com/en-us/

User 2 User 3

Important Note:

The assignment of a user’s location is critical. Later in this guide, in the section Assigning Voice to

Users (Cloud PBX), UsageLocation–which is important for identifying the CCE location and associated

physical positioning–will be discussed.

Establishing a Skype for Business Online Session

All configuration work will be implemented from within PowerShell using the Skype for Business

Online Connector. This is a requirement. PowerShell should be running in Administrator Mode, and

Office 365 Administrator credentials must be provided. The Administrator runs on Office 365 Online

Administrator, not the local computer or Active Directory.

Import-Module SkypeOnlineConnector

$cred = Get-Credential

$session = New-CsOnlineSession -Credential $cred -verbose

Import-PSSession $session

Creating a Hybrid PSTN Site

In this section, two physical sites for Cloud Connector placement will be defined. Hybrid PSTN site

physical locations are defined by how they are represented in their logical Office 365 structure. For

naming conventions, it is safe to just stay with the standard limitations for identity naming in Office

365.

Create Germany site: New-CsHybridPSTNSite -Identity GermanyCanada -Edge FQDN aesite1.sinusms01.com

In this example the name GermanyCanada simply implies that Canada is included with Germany via

the SIP Trunk at this location.

Create Malaysia site: New-CsHybridPSTNSite -Identity Malaysia -Edge FQDN aesite2.sinusms01.com

PowerShell commands

AESITE1

AESITE2

Validate the Hybrid PSTN Site.

Check to make sure there are no spelling errors. Get-CsHybridPSTNSite

Managing Hybrid PSTN Users

Managing users in Office 365 requires several commandlets. They are differentiated, and are

associated with the service provided within Office 365. Skype for Business has a common Active

Directory, whereas Office 365 uses an Azure Active Directory. We also need commandlets for Skype

for Business Online, and also for Microsoft Exchange. Exchange is not addressed in this guide, but

later there will be reference to Unified Messaging, which is what Exchange uses.

Assigning a Hybrid PSTN Site to Users

Office 365 users need to be assigned to a dedicated Hybrid PSTN Site.

o The Office 365 Online command Set-CsUserPstnSettings is enabled for this task

o The command HybridPSNSite addresses the configured CCE Site

o The AllowInternationalCalls command allows calls not associated with a country code

Set-CsUserPstnSettings -Identity usercanada -HybridPSTNSite GermanyCanada -

AllowInternationalCalls $true

Set-CsUserPstnSettings -Identity usergermany -HybridPSTNSite GermanyCanada -


Set-CsUserPstnSettings -Identity usermalaysi -HybridPSTNSite GermanyCanada -


Assigning Voice to Users (Cloud PBX)

Each user must have parameters set for their Cloud PBX identification. The Get-CsOnlineVoiceUser

commandlet shows the user, enabled for PSTN Calling Service. In this guide, Cloud Connector is used.

Cloud Connector is an on-premises part from Skype for Business Online. If the provided command is

run alone with no further format-list, it will not show any users.

The next command (unrelated to Azure AD, but part of Skype for Business Online) is the Get-

CsOnlineUser. The command -Get-CsUser is the Azure AD query for this. For the CCE configuration,

the following will directly query the parameters for Skype for Business.

Get-CsOnlineUser -identity usermalaysia| fl *host*,*dial*,*reg*, *voice*,

*sip*,*usage*,*phone*,*id*,*onprem*

The above example only queries the usermalaysia setting, while the pipe (|) forces the format list

table to limit the parameters only to what needs to be shown. Using the asterisk (*) means that any

other character (that is, in front of or behind the word defined) will also be queried, so *reg* refers

to TargetRegistrarPool, but also to CountryOrRegionDisplayName as well.

Some of the parameters that are important for this scenario include DialPlan, VoicePolicy and

UsageLocation.

When checking for user assignments in Malaysia and Germany, the DialPlan is already assigned. This

was done automatically. At this point, where users are enabled for the Cloud PBX feature

geographically, the chosen location is reflected in UsageLocation.

Note:

This command display shows that phone numbers are not yet assigned to Skype for Business Online

users. This will be addressed in the next section.

Assigning On-premises Phone Numbers to Cloud PBX Users

Users must have a phone number assigned. The Reverse Number Lookup Service in Skype for

Business needs an incoming E.164 format number string to search for an associated user.

Remember:

Since the user’s PSTN access is on-premises, there must be an OnPremLineURI. The user’s on-

premises parameter is associated with Azure AD, so the Set-CsUser command is used to set this

parameter.

Enable the user for Enterprise Voice with EnterpriseVoiceEnabled $true, and set the phone number

in E.164 format starting with tel:, as in tel:+14164061000. If the user needs to use Exchange Unified

Messaging Voice Mail in Office 365, enable it with HostedVoiceMail.

Set-CsUser -Identity UserCanada -HostedVoiceMail $true -OnPremLineURI

tel:+14164061000 -EnterpriseVoiceEnabled $true

Now, verify that the phone number is assigned, and Enterprise Voice is enabled.

Get-CsOnlineUser -identity usercanada| fl *host*,*dial*,*reg*, *voice*,


tel:+14164061000

Enable the Germany user:

Set-CsUser -Identity UserGermay -HostedVoiceMail $true -OnPremLineURI


Get-CsOnlineUser -identity UserGermay | fl *host*,*dial*,*reg*, *voice*,


tel:+4989561234100

Enable the Malaysia user:

Set-CsUser -Identity UserMalaysia -HostedVoiceMail $true -OnPremLineURI


Get-CsOnlineUser -identity UserMalaysia | fl *host*,*dial*,*reg*, *voice*,


The user setup and enablement is now complete. The deployment has been finalized and is ready to

operate once all configurations and connections are tested.

tel:+6033090110

Testing All Configurations and Connections

Testing is an essential task during a deployment. Accounts with names like User Country were

selected because they can be easily tested and validated.

The User Acceptance Test is conducted with the customer and is an essential component of the sign-

off phase. The following sections focus on the basic tests to initiate and run.

Testing Federation and Presence

It can be safely assumed that the internal Office 365 features are working correctly because

Microsoft monitors this environment closely. However, in order to be sure, status can be checked in

the Office 365 Admin Portal which is where issue or outages are displayed.

The test examples that follow were conducted by Sonus and Westcon, both of which host on Office

365, and have many different tenants and different regions with the Microsoft Datacenter structure.

Therefore, these represent valid tests that approximate real-world scenarios.

The CCE user in Canada is a good representative test because the Canada location is remote, but is

assigned to the German CCE Appliance and represents a good user object. The screenshot shows that

presence is active, and (although there is no picture available) IM correspondence was functional.

Another important test is validating the DialPlan assignment. This was discussed during the setup of the Office 365 Admin Portal where the user was assigned a location. The DialPlan represents a set of RegEx, and, depending on the input string, a number should be modified and completed into E.164 format. Skype for Business requires the E.164 format for internal call handling. As for the DialPlan, the example shown here explains how numbers are modified for Munich, which is represented by +49 (Germany), 89 (Area/City), 1234567 (phone number). Assume for this example that the office is in Munich while the home is in Frankfurt (69)

Location Mobile Phone Office Phone

Dialing from your office 089 1234567 1234567

Dialing from your home 089 1234567 089 1234567

Dialing from Malaysia Office +49 89 1234567 +49 89 1234567

Carrier internal backbone number submission

+49 89 1234567 +49 89 1234567

Interestingly, if the caller is abroad, the number is dialed in the E.164 format which the carrier is using in its backbone already. However, compared to the other locations, the number is dialed differently. The carrier at its SBC will usually convert the dial string into E.164. The same is true for Skype for Business. When the pattern is dialed, the Skype for Business Online DialPlan will handle this string and start the E.164 conversion. Note: It may be confusing that dialed patterns get converted. When this guide was written, individual Online DialPlans could not be created or modified. This is subject to a feature change by Microsoft in the future, but no date has been published for this yet.

Testing DialPlans

During the test scenario setup, some non-technical issues were experienced. A positive user experience is always key, so here are a few highlights of issues experienced with dialing behavior. Note: Subject to future changes to Office 365 by Microsoft, these user experience might be eliminated. For a Canadian user dialing to France, 00 is typically chosen instead of “+” simply because of tradition, it is a faster method, and works on all mobile devices worldwide.

Traditional Phone Dialing Modern Dialing

00301699100803 +301699100803

Office 365 DialPlan does not match Works but requires modern dialing

Notes: When using the “+” format, make sure all Active Directory phone numbers are in the same E.164 format. Area code-based DialPlans do not exist. Callers are required to dial the area code even within the same city.

Testing Calling

Making test calls is key to User Acceptance Testing. All possible paths in the deployment must be tested. For the following test, a caller in Malaysia is dialing to Canada.

Testing RNL

This test will also show if the RNL is working correctly, and the AV connection is tested in the same way via this path. The PSTN Site on the gateways will not be used. RNL is working and it is set as a Skype for Business call

Presence is updated on both sites, and the Malaysian user is able to see the correct name of the Canadian user.

Testing SIP Trunk (PSTN) Calling

Testing an outgoing call from an Office 365 Hybrid Voice user to a PSTN user. The user makes the call.

The external user receives the call.

Testing an incoming call A PSTN call was initiated and can be seen on the right side as connected.

Monitoring PSTN Connections on the Sonus CCE Appliance

The Sonus CCE Appliance includes a PSTN/SIP Gateway. By connecting to the gateway as described, and navigating to Monitor, SIP channel consumption can be monitored, including detailed information based on Caller and Callee.

DialPlans With CCE in Office 365

DialPlans are central to providing a positive user experience. It is important to remember that CCE

deployment is not the same as hybrid on-premises Skype for Business deployment. The use of an on-

premises DialPlan cannot be realized because CCE does not store configuration information of

required objects. In the future, once a customizable Online DialPlan is available, this section will be

removed from an updated version of this guide.

The following text is from Plan for Skype for Business Cloud Connector Edition, a Microsoft TechNet

article. (October 18, 2016).

Generally, clients in hybrid voice mode can use two types of dial plans: an on-premises

dial plan (if you deploy Cloud PBX with on-premises PSTN connectivity via an existing

Skype for Business or Lync Server 2013 pool), or an online dial plan (which can be used

with either Cloud PBX with on-premises PSTN connectivity via an existing a Skype for

Business or Lync Server 2013 pool or Cloud PBX with on-premises PSTN connectivity via

Cloud Connector Edition).

Cloud Connector Edition does not have an on-premises dial plan because there is no

registrar component deployed on premises. Therefore, when deploying Cloud PBX with

on-premises PSTN Connectivity via Cloud Connector Edition, you must force the use of

an online dial plan as follows:

Connect to your Skype for Business Online Remote PowerShell and run the following

cmdlet:

Set-cstenanthybridconfiguration -tenant < TENANT ID > -useonpremdialplan

$false

https://technet.microsoft.com/en-us/library/mt605227.aspx

Commandlets for Online Configuration

Skype for Business Online uses several commandlets that the online module will import. It is

important to understand that there are different commands for PSTN Calling and PSTN Hybrid

configurations.

Note that the command Get-CsOnlineUser is not listed in TechNet. This commandlet is for Skype for

Business-enabled online users, but has no equivalent for Set or Delete.

This guide focuses on the Cloud Connector Edition, and is relevant to the hybrid configuration, but

not to PSTN Calling.

Dial-in Conferencing Commandlets --------------------------------------------------------------------------------

Disable-CsOnlineDialInConferencingUser

Enable-CsOnlineDialInConferencingUser

Get-CsOnlineDialInConferencingBridge

Get-CsOnlineDialInConferencingLanguagesSupported

Get-CsOnlineDialInConferencingUser

Get-CsOnlineDialInConferencingServiceNumber

Set-CsOnlineDialInConferencingBridge

Set-CsOnlineDialInConferencingServiceNumber

Set-CsOnlineDialInConferencingUser

Get-CsOnlineDialinConferencingTenantConfiguration

Get-CsOnlineDialInConferencingTenantSettings

Set-CsOnlineDialInConferencingTenantSettings

Remove-CsOnlineDialInConferencingTenantSettings

E911 and Location Information Service (LIS) Commandlets --------------------------------------------------------------------------------

New-CsOnlineLisCivicAddress

Get-CsOnlineLisCivicAddress

Set-CsOnlineLisCivicAddress

Remove-CsOnlineLisCivicAddress

Test-CsOnlineLisCivicAddress

New-CsOnlineLisLocation

Set-CsOnlineLisLocation

Get-CsOnlineLisLocation

Remove-CsOnlineLisLocation

Get-CsOnlineEnhancedEmergencyServiceDisclaimer

Set-CsOnlineEnhancedEmergencyServiceDisclaimer

Skype Meeting Broadcast Commandlets --------------------------------------------------------------------------------

Get-CsBroadcastMeetingConfiguration

Set-CsBroadcastMeetingConfiguration

Get-CsBroadcastMeetingPolicy

Grant-CsBroadcastMeetingPolicy

PSTN Calling Commandlets --------------------------------------------------------------------------------

Get-CsOnlineTelephoneNumber

Remove-CsOnlineTelephoneNumber

Get-CsOnlineTelephoneNumberInventoryAreas

Get-CsOnlineTelephoneNumberInventoryCities

Get-CsOnlineTelephoneNumberInventoryCountries

Get-CsOnlineTelephoneNumberInventoryTypes

Get-CsOnlineTelephoneNumberInventoryRegions

Search-CsOnlineTelephoneNumberInventory

Clear-CsOnlineTelephoneNumberReservation

Select-CsOnlineTelephoneNumberInventory

Set-CsOnlineVoiceUser

Get-CsOnlineVoiceUser

Get-CsOnlineDirectoryTenantNumberCities

Get-CsOnlineTelephoneNumberAvailableCount

Get-CsOnlineTelephoneNumberReservationsInformation

Get-CsVoiceRoutingPolicy

Grant-CsVoiceRoutingPolicy

Set-CsUser

Hybrid PSTN Site and User Commandlets --------------------------------------------------------------------------------

Get-CsHybridPstnSite

Set-CsHybridPstnSite

New-CsHybridPstnSite

Remove-CsHybridPstnSite

Get-CsUserPstnSettings

Set-CsUserPstnSettings

Get-CsTenantHybridConfiguration

Set-CsTenantHybridConfiguration

Internet Protocol (IP) Phone Commandlets --------------------------------------------------------------------------------

Get-CsIPPhonePolicy

Set-CsIPPhonePolicy

Grant-CsIPPhonePolicy

Reporting Commandlets --------------------------------------------------------------------------------

Get-CsUserSession

Get-CsActiveUserReport

Get-CsP2PSessionReport

Get-CsConferenceReport

Get-CsP2PAVTimeReport

Get-CsAVConferenceTimeReport

Get-CsClientDeviceReport

Get-CsClientDeviceDetailReport

Get-CsUserActivitiesReport

Online User Commandlets --------------------------------------------------------------------------------

Get-CsOnlineUser

Cloud Connector INI File Parameters

This important setup INI file information is from Plan for Skype for Business Cloud Connector Edition,

a Microsoft TechNet article. (October 18, 2016).


Site parameters Description Notes

Virtual machine domain name Domain name for the internal components of Cloud Connector. This domain should be different from the production domain. The name can be the same across all instances of Cloud Connectors. Name in .ini file: “VirtualMachineDomain”

.local domain is preferred.

Cloud Connector domain controller name

Name of the domain controller. Name in .ini file: “ServerName”

Must be 15 characters or less. Enter NetBIOS name only.

Cloud Connector domain controller IP/subnet mask

IP address of the domain controller. Name in .ini file: “IP”

O365 Online service FQDNs Should be the default in most cases for the world-wide O365 instance. Name in .ini file: “OnlineSipFederationFqdn”

SiteName Skype for Business site name; for example, Seattle. Name in .ini file: “SiteName”

Country Code Country Code for Dialing. Name in .ini file: “CountryCode”

City City (Optional). Name in .ini file: “City”

State State (Optional). Name in .ini file: “State”

Base VM IP address The IP address of the temporary base VM that will be used to create the VHDX for all Cloud Connector virtual machines. This IP should be in the same perimeter corporate network subnet defined in the next step and requires Internet access. Be sure to define the corporate default gateway and the DNS that is routable to the internet. Name in .ini file: “BaseVMIP”

Subnet mask for internal network

Cloud Connector configures an IP network for internal communication between Cloud Connector components. Edge also should be connected to another subnet which allows Internet connectivity. Name in .ini file: “CorpnetIPPrefixLength” under “Parameters for a pool of VM network”

Subnet mask for external network

For the external network of the Edge component. Name in .ini file: “InternetIPPrefix” under “Parameters for a pool of VM network”

Switch name for internal network

Name for switch that will be used for the internal Cloud Connector network. In most cases the default suggested value can be used. Name in .ini file: “CorpnetSwitchName” under “Parameters for a pool of VM network

Switch name for external network

Name for switch that will be used for the external Cloud Connector network. In most cases the default suggested value can be used. Name in .ini file: “InternetSwitchName” under “Parameters for a pool of VM network

Default Gateway for internal network

This gateway should provide access to the Internet (Internet also requires setting the DNS server) and will be configured on internal interfaces of Cloud Connector components. Name in .ini file: “CorpnetDefaultGateway” under “Parameters for a pool of VM network

Default Gateway for external interface of Edge component

Will be configured on external interface of Edge component. Name in .ini file: “InternetDefaultGateway” under “Parameters for a pool of VM network

DNS server for internal network

Will be configured on internal interface of temporary VM. Should provide name resolution for Internet names. Without providing a DNS server, internet connection will fail and deployment will not finish. Name in .ini file: “CorpnetDNSIPAddress” under “Parameters for a pool of VM network

DNS Server for external interface of Edge component

Will be configured on external interface of Edge.



Name in .ini file: “InternetDNSIPAddress” under “Parameters for a pool of VM network

Management switch name Management switch is a temporary switch that will be created automatically, and that will be used for configuration of Cloud Connector during the deployment. It will be disconnected automatically after the deployment. It should be a different subnet from any other networks used in Cloud Connector. In most cases the default suggested value can be used. Name in .ini file: “ManagementSwitchName” under “Parameters for a pool of VM network

Management subnet address/subnet mask

Management subnet is a temporary subnet that will be created automatically, and that will be used for configuration of Cloud Connector during the deployment. It will be removed automatically after the deployment. It should be a different subnet from any other networks used in Cloud Connector. Names in .ini file: “ManagementIPPrefix” and “ManagementIPPrefixLength” under “Parameters for a pool of VM network

Central Management Store (CMS) Machine

Single FQDN used for Central Management Store (CMS). The AD Domain name will be used to generate the FQDN. Name in .ini file: “ServerName” under “Parameters for Primary Central Management Service

Must be 15 characters or less. Enter NetBIOS name only. (CMS Pool Name = Server Name)

CMS Machine IP address IP address for CMS Server (internal in perimeter network). Name in INI file: “IP” under “Parameters for Primary Central Management Service

File Share Name File Share Name to be created on CMS server for Skype for Business replication data (for example, CmsFileStore). In most cases the default suggested value can be used. Name in .ini file: “CmsFileStore” under “Parameters for Primary Central Management Service

Mediation component Pool Name

Pool Name of Mediation component. Enter NetBIOS name only. The AD Domain name will be used to generate the FQDN. Name in .ini file: “PoolName” under “Parameters for a pool of Mediation Servers”

Must be 15 characters or less. Enter Netbios name only.

Mediation component name Component Name of Mediation component 1. Enter NetBIOS name only. The AD Domain name will be used to generate the FQDN. Name in .ini file: “ServerName” under “Parameters for a pool of Mediation Servers”


Mediation component Machine IP address

Internal Corpnet IP for Mediation component (internal in perimeter network). Name in .ini file: “IP” under “Parameters for a pool of Mediation Servers”

Edge pool internal name Pool Name of Edge component. Enter NetBIOS name only. The AD Domain name will be used to generate the FQDN. Name in .ini file: “InternalPoolName” under “Parameters for a pool of Edge Servers”


Edge Server internal name Component Name of Edge component. Enter NetBIOS name only. The AD Domain name will be used to generate the FQDN. Name in .ini file: “InternalServerName” under “Parameters for a pool of Edge Servers”


Edge server internal IP Internal perimeter network IP of Edge component to communicate with other components of Cloud Connector. Name in .ini file: “InternalServerIPs” under “Parameters for a pool of Edge Servers”

Access Pool External Name Name of Access Edge; for example, AP. This name must match the name provided for the SSL certificate. Enter NetBIOS name only. The SIP Domain name will be used to generate the FQDN. One external pool name will be used for all Edge components in the pool. One Edge Access pool is required per PSTN site. Name in .ini file: “ExternalSIPPoolName” under “Parameters for a pool of Edge Servers”

Must be 15 characters or less. Enter NetBIOS name only. “sip” is reserved and therefore cannot be used as the name. The generated FQDN name must match the name provided for the SSL certificate.

External IP of Access Edge External IP of Edge component – either Public IP if no NAT is available, or translated IP (please specify both addresses if mapped). Name in .ini file: “ExternalSIPIPs” under “Parameters for a pool of Edge Servers”

Media Relay name Name of Audio Video Media Relay Edge; for example, MR. One external pool name will be used for all Edge components in a pool. One Edge Media Relay pool is required per PSTN site.


Name in .ini file: “ExternalMRFQDNPoolName” under “Parameters for a pool of Edge Servers”

External IP of Media Relay Edge

Currently only one IP is supported, so this will be the same IP as Access Edge, either public or mapped IP (please specify both addresses if mapped). Can be the same address as Edge component External IP of Access Edge. Note if Edge is behind NAT, you also need to specify the value for the next parameter. Name in .ini file: “ExternalMRIPs” under “Parameters for a pool of Edge Servers”

External IP of Media Relay Edge (if Edge is behind NAT)

If your Edge is behind NAT you also need to specify the public address of the NAT device. Name in .ini file: “ExternalMRPublicIPs” under “Parameters for a pool of Edge Servers”

Voice Gateway 1 Make and Model

Specify the make and model of the SBC/Voice gateway. Note that you can connect a device or SIP trunk from the list of tested devices at http://technet.Microsoft.com/UCOIP.

Voice Gateway 2 Make and Model (copy this row if you have more than 2 gateways)

Specify the make and model of Voice gateway. Note that you can connect a device from the list of tested devices at http://technet.Microsoft.com/UCOIP.

Voice Gateway 1 Name Used to generate the machine FQDN with AD Domain. Required if TLS will be used between the Mediation component and Voice Gateway. If you do not plan to use FQDN—for example, TLS is not required or Voice Gateway doesn’t support connection using FQDN (only IP)—please specify.

Voice Gateway 2 Name (copy this row if you have more than 2 gateways)

Used to generate the machine FQDN with AD Domain. Required if TLS will be used between Mediation component and Voice Gateway. If you do not plan to use FQDN—for example, TLS is not required or Voice Gateway doesn’t support connection using FQDN (only IP)—please specify.

Voice Gateway 1 IP Address IP Address of Voice Gateway.

Voice Gateway 2 IP Address (copy this row if you have more than 2 gateways)

IP Address of Voice Gateway.

Voice Gateway 1 Port # (copy this row if you have more than 2 gateways)

Port that the Voice Gateway SIP trunk will listen on, e.g. 5060.

Voice Gateway 2 Port # Port that the Voice Gateway SIP trunk will listen on, e.g. 5060.

Voice Gateway 1 Protocol for SIP Traffic

TCP or TLS.

Voice Gateway 2 Protocol for SIP Traffic (copy this row if you have more than 2 gateways)

TCP or TLS.

External Media port range for traffic to and from Edge component

TCP/UDP port range for media traffic to and from external interface of edge. Must always start from 50 000. Refer to “Ports and Protocols” for more information.

50000 - 59 999

Media port range to communicate to/from the Mediation component via the internal firewall

UDP port range that the Mediation component will use to communicate to clients and gateways (recommendation 4 ports per call).

Media port range to communicate to/from Skype for Business client via internal firewall

For planning purposes, cannot be changed. Ports need to be opened in the internal firewall to communicate between Skype for Business clients within the internal network and with the Mediation component.

50 000- 50 019

Public Certificate password Must be provided in the script.

Safe Mode Administrator Password

Safe mode administrator password for internal CC domain.

Cloud Connector Domain Administrator password

Password for Cloud Connector Domain Administrator (different from your production domain). User name is Administrator. You cannot change the user name.

Virtual Machines Administrator Password

Will be used to configure management network during the deployment. User name is Administrator. You cannot change the user name.

Enable REFER support This will define whether refer support is enabled or disabled on the trunk configuration to your IP/PBX. The default value is true. If your IP/PBX Gateway supports refer support, please leave this as true. If it does not, this value needs to be changed to False. If you are not sure if your gateway supports refer, please reference Microsoft Unified Communications Open Interoperability Program for Qualified IP-PBXs & Gateways, https://technet.microsoft.com/en-us/office/dn788945.

If applicable: Legal footer, registration and trademark information, copyrights, restrictions, pub

number and pub date.

cloud connector configuration guide with sonus cloud link

Technology