Hot-Desking and Common Area Phones in Skype for Business

May 10, 2018 by · 2 Comments 

This article is intended to explain the differences in new capabilities brought to both Skype for Business Online and the latest firmware releases for Polycom UCS-based IP phones.  While both Hot-desking and Common Area Phone (CAP) features were first provided in Lync Server these concepts are both handled quite differently in Office 365.

Essentially the Hot-Desking topic discussed in this article is referring to existing functionality in Lync and Skype for Business Server that VVX phones now support, while the Common Area Phone topic is brand new functionality brought only to Skype for Business Online which VVX phones can leverage immediately.  These capabilities are available in the Polycom UCS family of devices starting with VVX phones in the recent 5.7.0 firmware release.

It is important to understand that these Hot-desking and Common Area Phone (CAP) concepts are complimentary capabilities which are often confused with each other or incorrectly treated as one in the same.

  • Hot-desking provides a method for a ‘guest’ user to sign into a phone that is already registered with a ‘host’ user, without permanently signing out the original ‘host’ user.  Without this feature to switch user accounts on a phone a new user would have to completely sign out the current user, and to return that phone to the original state someone would have to manually sign back in again with the original user’s credentials.  Hot-desking allows the original credentials to stay cached in the phone to be used again to automatically re-register to Skype for Business.  This capability is nothing new to Skype for Business Server as hot-desking has been around since Lync Server 2010 and was added originally for Lync Phone Edition (LPE) devices.  
        
  • Common Area Phone (CAP) support refers to a new provisioning and licensing model specific to Skype for Business Online.  So this feature comes from both updates to the VVX firmware and new capabilities brought by Microsoft into Office 365.  Microsoft has added a new provisioning portal to be used in conjunction with accounts which have been assigned a new Office 365 license.  This new functionality is entirely different than the CAP implementation already in Lync/SfB Server platform.

These are two distinctly different feature sets which can, but are not required to, be used in conjunction. Any user account type (standard or CAP) can be used in hot-desking scenarios, although there are some limitations today based on where the accounts are homed.  Some of this works only for Skype for Business Server users homed on-premises and other parts are only applicable to Skype for Business Online users.  These caveats are outlined in the following sections.

Also it is still a recommended practice to disable device updates when registering phones to Skype for Business Online as Microsoft continues to publish older firmware versions.  At the time of posting this article UCS 5.7.1 is the most recent version available from Polycom, yet 5.6.0 is what is still being provided via the Device Update Service in Skype for Business Online .  So, after upgrading a phone to 5.7.x and configuring the features shown in this article the phone will automatically ‘update’ to the published, older version thus removing the new capabilities.

Hot-Desking Support

True hot-desking functionality has been added to the VVX platform to not just mimic what has been available in the Lync Phone Edition platform but to provide even more flexibility than what those older devices can do.  This capability is enabled by default in UCS starting in the 5.7.0 release (feature.HotDesking.enabled="1"), yet it is not usable unless hot-desking is also enabled on the Skype for Business platform that the phone is registered to.

This added functionality now allows for two different sets of credentials to be registered on the same phone, but not at the same time.  A ‘host’ user account is signed in first, typically by an administrator, and then a ‘guest’ user account can be signed in later on, typically by an end-user.  When the guest user is either signed out, either manually by someone or automatically due to the configured hot-desking timeout, then the host user is automatically signed back into the phone used saved credentials.

For Lync Server and Skype for Business Server deployments hot-desking behavior can be controlled as described in this older article, including enabling/disabling it at a global or custom level as well as controlling the timeout value.

However, hot-desking is not currently available for Skype for Business Online, which can be confirmed by running the following Skype for Business Online PowerShell cmdlet.

Get-CsClientPolicy | ft Identity,*hotdesk*

image_thumb21

Notice that the EnableHotdesking parameter is not set to ‘True’ in any of the available online client policies.

In Skype for Business Hybrid environments it is possible for online users to sign in as the ‘guest’ as long as the ‘host’ account which is first registered on the phone is an on-premises user.  If an online user signs in first as the ‘host’ then hot-desking is not available for that account and thus no Guest soft key will appear on the phone.

Usage

Enabling Hot-desking for Lync or Skype for Business Server deployments is unchanged and either a CAP account or a regular user account can be used.

When a Skype for Business Server-homed user account with an assigned policy that has Hot-desking enabled is registered to a phone then a Guest soft key will appear on the home screen.

image

Selecting the Guest bottom prompts to sign the Host user out fro the phone. 

image

After (temporarily) signing out the host user the phone automatically returns to the Sign In window so a user can then select the available method they want to use for signing in with their own credentials.  If no options are selected after about 30 seconds then the phone drops to the home screen where both the Guest and Host soft keys are displayed.  If still no sign-in actions are performed and the phone is left idle for about 3 minutes then it will automatically sign the Host user back into the phone and return to the previously registered state.

But if a user signs in with a different account as a Guest then that account will stay registered on the phone until the HotdeskingTimeout value in their assigned Skype for Business client policy is reached, which is a default of 5 minutes.  At that threshold of inactivity the phone will automatically sign out the Guest account and sign the Host account back in.

Common Area Phones in Skype for Business Online

A mixture of new capabilities in the VVX firmware and new functionality in the Skype for Business Online platform now provides a new way to license and register online accounts for common area use-cases.

The term Common Area Phone means two entirely different things when talking about Lync and Skype for Business Server deployments versus Skype for Business Online.

  • In server-based environments a Common Area Phone (CAP) account is a special type of user account which in essence is simply an Active Directory Contact Object that is enabled in Lync/SfB Server differently than standard AD User objects.  This model was first introduced in Lync Server 2010 with the advent of the Aries model family of the Lync Phone Edition platform and leverages only Certificate-based Authentication (TLS-DSK) via PIN Authentication and DHCP Options 43/120.  These accounts are not Exchange mailbox-enabled and thus address a simple goal: the ability to register a phone using generic credentials, provisioned and managed by an administrator, which is intended solely to provide basic ‘dial-tone’ features to a handset or conference phone.  These CAP accounts then also provide the hot-desking capability to the registered device so that a fully-featured user can temporarily sign-in with their own account.

  • With Skype for Business Online though the CAP terminology is completely different as this is currently related only to licensing and device provisioning.  A new, dedicated Office 365 license has been added to reduce the overall cost for common-use IP phones and a new Web Sign-in method specific to these common-area use cases as also been added.  There is no special account type like with the server platform as any standard online user account can be used with the new license, meaning that Exchange calendaring is available for phones registered using a CAP-enabled account.  Registering a phone to Skype for Business online is also completely different than the server-only PIN Authentication method.

Also note that one major difference between the LPE and VVX device models is that in the LPE Aries family there existed the concept of a specific Common Area Phone model.  These were special models (e.g. Polycom CX500) which were designed only for use with CAP accounts (due to the lack of a USB-B port) but could still be used with any account which was enabled for PIN Authentication.  These devices cannot be registered with Skype for Business Online because PIN Authentication was never provided in Office 365.  (More importantly all LPE devices will cease to function with Office 365 on October 31st, 2018 when TLS 1.2 is enforced by Microsoft.)

Comparatively the VVX phones which leverage the UCS platform software do not have these limitations.  Firstly, full user credentials can be entered directly into the phone or remotely without the need for USB, unlike LPE devices which can only use the standard authentication mode via USB-pairing to a PC.  Secondly, all VVX devices support the new Web Sign-in method that Skype for Business Online provided as a replacement for the older server-only PIN Authentication method.  Essentially any VVX phone model can ‘be’ a Common Area Phone in either server or online platforms.

Licensing

The new Common Area Phone license is simply a new subscription plan available in Office 365.  It is not a Skype for Business Add-on subscription like calling plans are as it does not go with an existing subscription plan; it replaces the need for other subscription plans.  As covered in this past article devices typically require the Skype for Business Online Plan 2 subscription at a minimum to perform most Skype for Business meeting-related functions.  As phones typically require PBX feature and PSTN connectivity then the additional cost of potential add-in licenses like Phone System (formerly Cloud PBX) can add up.  Alternatively Enterprise plans have been used in the past which include licenses for so many other unrelated Office 365 services.

Thus the creation of a dedicated license provides the needed Skype for Business core licensing, Skype for Business Online (Plan 2), as well as a Phone System license.  No differently than the other Enterprise subscriptions this new license also does not include a Phone Calling plan; those must always be added at an additional cost.

image

As the Common Area Phone license includes a Skype for Business Online license then a separate Business or Enterprise license should not also be assigned to the same user as that would literally be a waste of money.

It is important to understand that this subscription plan is simply a license and accounts provided this license will function in Skype for Business Online no differently than an account assigned to another plan that includes Skype for Business Online Plan 2 (e.g. Enterprise E3) or if the a standalone Skype for Business Online license itself is assigned directly to the user.  In essence the only difference here is the monthly cost for that user account.

Provisioning Portal

Microsoft has added a new portal to the existing Web Sign-in methodology which was added previously to address the lack of PIN Authentication support in Skype for Business Online.  The new provisioning process for Common Area Phones is almost identical to the previous Web Sign-in process used for regular users, but with a few distinct differences.

  • Instead of a user authenticating using their own account credentials an administrator will sign into the new provisioning site.  This allows that administrator to provision any phones using only the code provided by the phone, the password of the desired account is not required.  When the desired account is selected its password will automatically be reset to a unique, unknown value.

  • While this process was created for Common Area ‘accounts’ it is not limited to only accounts with the Common Area Phone license.  As mentioned before the new license functions no differently as the underlying Skype for Business Online Plan 2 is what drives the actual functionality.  Thus any user licensed for Skype for Business, be it through a standalone license, a Business plan, or Enterprise plan, can technically be provisioned on a phone by an administrator using this new portal.  Be aware that doing this on any user account will reset the password and effectively lock that user out of their own systems, thus this process should really only be used with accounts that are assigned to regular users.

Acquire Common Area Phone Subscription

The new licensing subscription can be purchased or trialed in the Office 365 Admin Center.

  • Sign-in to the Office 365 portal using an administrative account for the desired tenant and then open the Admin Center.

  • Browse to Billing > Subscriptions > Add Subscriptions and then expand the Other Plans section.

  • Locate and select the Common Area Phone option and select either Buy Now or Start Free Trial.

image

  • Once the new plan has been purchased or selected for a 30-day trial then navigate to Billing > Subscriptions to validate that the new plan has been added to the tenant.

image

The screenshot above indicates that the tenant used in this article is currently in an existing trial period which includes 25 licenses for 30 days. (One licensee has already been assigned and the trial is nearing expiration in this example tenant.)

Assign Common Area Phone License

At this point either a new account can be created for the device or an existing account can be enabled with the license.  For the purposes of this article a new account will be created and enabled.

  • Create a new user account (e.g. kitchen@jdskype.net) in the Office 365 Admin Center and assign a Common Area Phone license, and if applicable, a Calling Plan.

image

Configure Phone

In order to provision a device using the Common Area Phone model a Polycom VVX running at least 5.7.0 USC firmware is required.  The following steps were performed on a VVX 601 running version 5.7.1.2205.

  • Press the Home button on the phone and navigate the followings menus: Settings > Advanced > Enter Admin Password (default is ‘456’) > Administration Settings > Common Area Phone Settings.

  • Set the CAP and CAP Admin Mode settings both to Enabled.

image_thumb17

  • Press the back arrow and then select Save Config.

The two settings above perform two different tasks.  The CAP setting simply enables the Common Area Phone feature on the device but does not provide for a way to sign in directly on the phone.  This is by design, to prevent end-users from attempting to provision a phone using their own standard accounts.  Yet, to register the phone to Skype for Business directly from the handset it must also have the CAP Admin Mode enabled.  Without this setting turned on then no Sign In button will appear on the phone and it can only be registered remotely or via a provisioning platform.

The CAP (but not the CAP Admin Mode) setting can also be changed remotely using the Web Configuration Utility (Settings > Skype for Business Settings > Common Area Phone Settings).

image

Once back at the main screen the Sign In button will appear if the CAP Admin Mode setting was enabled directly on the phone.  At this point the unregistered phone will display a "CAP is enabled" message on the main screen.  (If the phone was already registered to Skype for Business then it may report that device lock is disabled or alter other options previously available.)

image_thumb30

If the phone is left alone in this mode too long then the following message will appear, indicating that it is not currently registered.

image_thumb31

Register Phone

  • To register the phone using the new process select the Sign In soft key to show the available sign-in options.

image_thumb19

  • Select the Web Sign-in (CAP) option and the resulting screen will display.

image_thumb33

Note that while this screen looks identical to the previous Web Sign-in process the provided URL is actually different.  The standard Web Sign-in process for regular users to self-provision a phone is http://aka.ms/sphone where the new admin provisioning portal is http://aka.ms/skypecap.

  • Using a web browser on any Internet-connected PC or mobile device go to http://aka.ms/skypecap as instructed above to complete the provisioning process.      
         
  • Sign in using a tenant administrator account for the Office 365 tenant to access the Tenant Admin Common Area Phone Provisioning Portal. Do not sign in with the credentials of the user account which is to be assigned to the specific phone.
        
  • Enter the partial (e.g. ‘k‘) or complete (e.g. ‘kitchen‘) account name or SIP URI (e.g. kitchen@jdskype.net) to search for the desired CAP account.  The example below shows a less-specific search that returns all matches (wildcard characters are not valid).
          
  • Deselect the Search for Common Area Phones only setting as this option is not currently functional and will return no results, regardless of the user type. (This article will be updated when the behavior of this setting is fixed.)

  • Enter the alphanumeric code provided by the phone into the Pairing Code field adjacent to the desired account name and then click Provision.

image_thumb37

At this point the phone will automatically proceed to sign-in and the provisioning is complete.  As noted earlier the account’s password will have been automatically changed to a unique, unknown value during the process so to use this same account again with anything other than a Common Area Phone the password would need to be reset by an administrator.

Note that this new Common Area Phone feature set in Skype for Business Online is not yet fully featured and still has some additional capabilities not yet delivered.  Given the focus on Microsoft Teams it is hard to say if and when this feature set will become complete at it is currently only applicable to Skype for Business Online.

Q2 2018 Skype and Teams UG Meetings

May 9, 2018 by · Leave a Comment 

The next round of quarterly Skype and Teams Users Group meetings has been announced and scheduled starting this month.

image_thumb2

Latest News

This quarter we welcome Boston to the Skype and Teams User Group family. This brings the national total up to 22 regional events per quarter approaching nearly 100 meetings a year!

Event Details

This quarter’s events will be conducted in our typical multi-session format:

Session 1: Enterprise Connect Recap – In this session, we will get you up to speed on all the important announcements that occurred at Enterprise Connect 2018.   This will include announcements from all our sponsors and Microsoft.  If you missed anything, this is your chance to catch up!

Session 2: Microsoft Teams Roadmap Update – In this session, we take a look at several of the updates to the Roadmap, as well as other changes that may not be clearly called out on the Roadmap. At the rate that Teams is ramping up, this session is a definitely a great way to get caught up!

Session 3: Open Discussion – In feedback from previous sessions, the Open Discussions are always really popular sessions. Given the large amount of news and changes over this last quarter, we felt that taking a bit of time in the Q2 Meeting to openly discuss would be very beneficial to all. Bring your thoughts and questions!

Industry Experts will be on-site to deliver these presentations and help answer any questions related to Skype for Business.  Food, beverages and additional door prizes will be provided courtesy of the Skype for Business Users Group and its official sponsors.


Western U.S.

Central U.S.

Southern U.S.

Eastern U.S.


For a full schedule of regional events the Skype and Teams Users Group Meetups page lists all planned event locations with links to the associated registration page for each regional group.  For anyone who is not yet a member and would like to participate simply visit the site listed above and register for your local group, this will automatically create a new user account for you to use again for all future event registrations..


Chicago Event

Continuing the recent schedule of alternating locations each quarter places our Q1 event back downtown in the Aon Building. 

Food will be ready at 5:30pm so come early if you can to spend time socializing with the group before the presentations begin at 6:00pm.

Date Location Address
Tuesday, May 29th
5:30PM – Food and Networking 
6:00 PM – Presentation Kickoff
Chicago Suburban Event Microsoft Midwest District Office
3025 Highland Pkwy., Suite 300
Downers Grove, IL 6051

Polycom UCS 5.7 for VVX Phones

April 29, 2018 by · 2 Comments 

The latest release of the Polycom VVX 5.7 UCS firmware is available for Lync and Skype for Business (SfB) environments. This release includes some minor enhancements alongside a few major changes in look and behavior.

For additional assistance with updating phones the following articles are provided as references.

  • Perform a Factory Reset – This is an optional, but recommended step when working with individual test devices for validating new firmware in an established deployment.

  • Deploy Software – Once testing is complete then this firmware can be added to the Lync or Skype for Business Device Update service for on-premises deployments.

  • Online Updates – For Skype for Business Online customers this update automatically be published once it has passed qualification.  Use this article to control this behavior if automatic updates are not desired.

Upgrading a Phone

This section will cover the basic steps to upgrade a single phone using the Polycom-hosted public server to directly download and apply the firmware to the phone.  In order to perform this process the phone’s internal web server must be enabled.  Depending on the selected Base Profile the web server may need to be manually enabled.

Set Base Profile

As explained in many earlier VVX articles the phone must be set to the proper Base Profile when registering to various SIP platforms.  Depending on the original purchasing SKU and/or current status of the phone it will be set to one of two options by default: Generic or Lync.  (Note that “Lync” base profile was renamed to “Skype” in version 5.5.1, but they function the same.)  When a VVX phone is set to Generic then the Web Configuration Utility will be enabled by default, but as this phone is or will be used with Lync/SfB environments it is best to set or confirm this parameter before doing anything else.

  • From any screen simply depress and hold the the following Multiple Key Combo (MKC) of: 1, 4, 9.

  • When prompted after 3 seconds enter the Admin password. (The default is “456”).

  • If the current value is set to Generic then select Skype and the phone will immediately reboot.  If Skype was already selected then simply hit the Home button to exit the menu.

image_thumb6

Enable Web Configuration Utility

Back when UCS 5.3 was released a new default behavior was defined for the Lync (now Skype) base profile which automatically disabled the embedded web server.  This can be re-enabled on the VVX phone for testing or administration purposes if so desired.  To perform many of the steps in this article it must be enabled.

  • Press the Home key and navigate to the following menu: Settings > Advanced > Administration Settings > Web Server Configuration.

  • If not already configured then the Web Server parameter to Enabled and Web Config Mode to HTTP/HTTPS.  (If only encrypted connections are desired then set this to HTTPS Only).

image_thumb8

  • Select the back arrow and choose Save Config to apply the changes and reboot the phone.

  • After the phone has rebooted press and hold (for 3 seconds) the following keys: 1, 4, 7.  This handy MKC brings up the Phone Details menu which can be used to quickly find useful information like the device’s assigned IP address or current firmware version.

image_thumb10

  • Using a web browser connect to the IP address of the phone. (e.g. http://192.168.1.188).

  • Enter the Admin password (default is “456”) and verify that the Home page successfully loads.

image_thumb43

Update Firmware

This phone must have access to the Internet in order to connect to the public hosted Polycom update server and perform the update described in this section.

  • Using the Web Configuration Utility browse to the Utilities > Software Upgrade menu and make sure that Polycom Hosted Server is selected as the Server Type.

  • Click Check for Updates which should be followed by a response of “Successfully fetched available software from the Polycom Hosted server.”

  • Select the desired firmware version number (e.g. 5.7.1.2205) and then click Install.  The currently installed version will be displayed in blue with older versions in red and newer versions in green.

image

  • Confirm the action to reboot the phone and trigger the update.  Once the phone completes the update process it will return to whatever registration state it was in before the update. 

The following sections outline any Skype for Business related enhancements from previous firmware versions which may change the phone’s behavior or user experience.

Hot-Desking and Common Area Phone Support

The two most important features added in this release are complimentary capabilities which are often confused with each other.  This separate blog article covers these new features in detail.

Manual BToE Pairing

The available Better Together over Ethernet (BToE) feature set has previously been limited to pairing a phone with only the workstation that is wired directly into the phone’s uplink port.  With support for a new manual procedure the phone and PC can now be paired over any routable IPv4 network.

  • Install the latest version (3.7) of the Polycom Better Together over Ethernet Connector application on the desired Windows PC.

  • On the unregistered phone that is to be paired with the PC press the Home button and navigate to Settings > Features > BToE PC Pairing to check the current BToE pairing status.

image

The Pairing Mode will be set to Auto by default which is used only for physical Ethernet uplinks.

  • To utilize the new functionality change the Pairing Mode to Manual and then take note of the supplied Pairing Code (e.g. nOiD11kg)

image

  • Open the Polycom BToE Connector on the PC, deselect Auto Mode and then enter the Pairing Code.

image

This pairing code is essentially the phone’s IP addressed hashed into an alphanumeric string, thus there is no discovery process being invoked.  The workstation is essentially being told exactly what host IP to connect to find the phone and initiate pairing.  If for some reason the phone’s IP address is changed then pairing will be lost and need to be manually reestablished.

As long as the workstation has routable TCP/IP connectivity to the phone and the following ports are open on any firewalls which may sit between them then the pairing functionality should work no differently than before as these are the same communications used previously in the directly-connected Automatic implementation.


Description Type PC Direction Phone
Pairing and secure communications TCP Dynamic –> 22
Discovery Packet Broadcasts UDP 2081 <– 2081
Streaming Audio UDP 24802 <–> 24802


BToE Widget

A new parameter, which is enabled by default, controls the addition of a new Home menu option called BToE.  This menu option provides a shortcut to the BToE menu which is normally found under Settings > Features > BToE PC Pairing.

image

SILK Audio Codec Support

Support for leveraging the SILK audio codec with Skype for Business clients is now available in four specific sampling frequencies (8 kHz, 12 kHz, 16 kHz, and 24 kHz).  The new codec options are not enabled by default, which can be confirmed by reviewing the Settings > Codec Priorities using the Web Management UI.

Note that only the Polycom VVX 501 and VVX 601 models currently support the SILK codec.

image

As originally pointed out in this article the Skype for Business client which support SILK only utilize the 16kHz and 8kHz versions, so when it is only really necessary to enable the SILK (16 kHz) and SILK (8 kHz) codecs in the phone.  While there is no single-best codec ordering for all applications one recommendation would be to mimic the ordering that the Skype for Business clients utilize, which can be accomplished placing the wideband SILK codec above G.722 and the narrowband SILK codec below the G.711 codecs as demonstrated below.

image

The codec’s implementation is highly customizable and all of the new parameters made available to control various encoder options can be modified using the phone’s Web Management UI from the Settings > Codec Profiles > Audio page.

image

Additionally all the configuration parameters which control the settings above can be found in the UCS Administrators Guide 5.7.0 documentation here.

Phone Number Display

The defined Tel URI for the registered Skype for Business account is now displayed on the Home and Lock screens of VVX 300 and up models. 

image

image

This feature was enabled by default starting in 5.7.0 and the later 5.7.1 release added the following two configuration parameters to control the display behavior.


Parameter Value Description
up.DIDFormat NumberAndExtension (Default) Displays the DID and any defined extension. 
For example "tel:+15551237890;ext=7890"
appears as +15551237890 x7890
NumberOnly Displays only the DID and will omit any defined extension from also appearing.
up.showDID AllScreens (Default) The DID number appears on all available screens.
None Is hidden on all available screens.
LockedScreen Appears only on the Lock screen.
StatusScreen Appears only on the Status/Idle screen.
IncomingOSD Appears only on the Incoming On Screen Display (OSD).
LockedScreenIncomingOSD Appears only on the Lock and Incoming OSD screens.
LockedandStatusScreen Appears only on the Lock and Status screens.
StatusScreenIncomingOSD Appears only on the Status and Incoming OSD screens.


Web Proxy Auto Discovery (WPAD) Support

The VVX phones are now compatible with Proxy Auto Configuration (PAC) files which can be provided via a provisioning server, DHCP, or DNS-A.  Once the configuration information is discovered the phones can then authenticate using either Digest or NTLM authentication methods to a web proxy server.  This scenario is mostly applicable to connecting to Skype for Business Online and/or Exchange Online.

Related diagnostic information can be located via the phone’s Web Management UI on the Diagnostics > Skype for Business Status page under the Web Proxy Auto Discovery (WPAD) section.

image

What is RealConnect?

February 26, 2018 by · 12 Comments 

Over the years this blog has covered the general topic of interoperability between the various Microsoft Communications Server UC platforms and industry standards-based video conferencing equipment found all over the world.  These Video TeleConferencing (VTC) systems are in no way a legacy platform as although the standards have been around for a long time there are several manufacturers producing new products based on the same open standards.

Thus the idea of interoperability between those platforms and the Lync/Skype for Business platforms, both on-premises and online, continues to be a popular topic.  While much has changed over time in terms of workflows and feature capabilities the overall need is no less important than before.  And as the Polycom RealConnect approach has grown more flexible with various methods of deliverability the scope has also grown to cover numerous different topologies.  This article is intended to explain not only the core of the RealConnect workflow but compare in detail the different topologies along with specific requirements and procurement guidance.

Background

Interoperability is hardly a foreign concept throughout this blog. Several past articles have covered older offerings and how they worked back with earlier Office Communicator and Lync versions. RealConnect as a concept was also covered back in early 2015 as a step away from traditional singular MCU methods of meeting in the middle for cross-platform conferences.

Each of these articles are detailed and cover several scenarios including newer cloud offerings like Skype for Business Online, so for a fuller understanding of the overall story it is recommended to give them each a read before moving on here. But if one is already familiar with the concepts and terminology used throughout then by all means read on.

Most importantly, RealConnect is not the name of an individual product or service offering. It is a name that has been used to describe a patented simplistic workflow which can bring any standards-based VTC into a Lync or Skype for Business meeting.

This workflow is defined by its unique behavior of three specific concepts: Scheduling, Joining, and Cascading

  • Scheduling – Primarily all meetings are scheduled using the Skype for Business Outlook plugin no differently than the normal Microsoft workflow.  A new meeting is created using Outlook and enabled as a Skype Meeting using the standard Office plug-in. There are no changes to this process and no additional software plugins required at the end-user level.  After introducing a RealConnect solution to an existing Lync or Skype for Business deployment the users do not change how they book meetings and resources in any way.

image

  • JoiningThe second concept is the fact that multiple different manufacturer’s VTCs can leverage a simple One Touch Dial approach to join the scheduled meeting just like other native Lync or Skype for Business clients and devices, eliminating the need to manually enter any complex dial strings used in traditional H.323 or SIP conferencing platforms.  (This is an optional, yet desirable capability as the VTCs can always be dialed into the meetings using traditional H.323 or SIP methods.)

image     image

  • CascadingThe third is that the solution utilizes a cascading of two conference bridges, or Multipoint Control Units (MCU) so that the meeting is in essence two separate conference platforms working in concert to appears as one.  The standards-based side is run on a traditional Polycom virtual or physical MCU while the Microsoft UC side runs on a Lync or Skype for Business Front End Server on Skype for Business Online. Audio, video, and content sharing streams are transcoded between the bridges (this cascading behavior is sometimes incorrectly referred to as ‘barbelling’).  Additional information like participant lists, conference controls, and more are also shared between the two platforms.

     image

    As discussed in other articles the benefits of the above workflow far outweighed past methods of trying to bend the Microsoft workflow to match legacy conferencing experiences which for the most part were no natively user friendly.  The ease-of-use inherent in the Microsoft platforms need not be hamstrung anymore and thus the RealConnect story immediately resonated on several levels.  The response was such that even partial facsimiles of this unique workflow were eventually brought to market in the form of Acano’s Dual-Homed offering (which is now part of Cisco Meeting Server) and Pexip’s Infinity solution.  These other solutions lack the vendor-neutral approach providing ubiquitous one-touch join, some advanced features, and official Microsoft support across multiple deployment topologies that RealConnect has.

    With the growing cloud consumption of a Microsoft UC platform which was originally designed for on-premises server deployments the next steps were to provide RealConnect into more environments by addressing hybrid and cloud-only topologies.  This is where the story started to become more complicated as with so many different offerings how is one to clearly understand which, if any are applicable to their specific environment?  Or what happens if that environment is in flux and is slowly, or rapidly, migrating from one scenario to another?

    The easy answer is that RealConnect can be utilized in any possible configuration of Skype for Business and Exchange topologies from on-premises server deployments, to hybrid configurations, to cloud-only Office 365 tenants.

    Solution Offerings

    As mentioned RealConnect is not a product but instead a workflow provided by leveraging core Polycom products.  The existing products can be consumed in one of two ways: either as on-premises server deployments or simply as a cloud service.  Throughout this article the traditional method of deploying and managing physical and/or virtual server components on-premises is referred to as Polycom Servers where the overall cloud offering is referenced as the Polycom Service.

    Today the cloud service offers only some of what the on-premises deployment does.  The entire RealConnect workflow and capabilities are provided, but not all of the additional standards-based video capabilities that come with the Polycom Servers unrelated to RealConnect.  So where the cloud service can provide meeting interoperability between standards-based devices and the Microsoft UC platforms it does not provide VTC registration and management, call routing, firewall transversal, or any of the other services available with the larger Polycom Server offering.  To summarize, outside of RealConnect there are vast differences between the server and service models, but RealConnect itself is nearly identical between the two models.

    Polycom Servers

    As mentioned there are many different Polycom servers which provide a range of capabilities across various platforms.  Among these are four core components that provide the RealConnect workflow. These are individual on-premises server installations, some of which started as hardware appliances and were later also released as virtual servers, while others have been virtual servers since their inception.  At this point all the components covered below are available as software, where the MCU component could alternatively be deployed as hardware if desired.

    The full RealConnect experience is provided by leveraging four unique on-premises components which will be referred to as thePolycom Core’ throughout this article:

    • Workflow Server is an optional application server which can host several different Polycom application-based solutions.  For RealConnect this server has two potential purposes: hosting the One Touch Dial (OTD) application for VTCs and/or supporting connectivity to Skype for Business Online meetings.
           
    • Distributed Media Appliance (DMA) is a core component which, for the purposes of RealConnect, primarily handles the signaling between each component and an on-premises Lync or Skype for Business Server Front End server or pool.  The DMA also provides for VTC endpoint registration and manages Polycom MCUs.

    • Collaboration Server (a.k.a. Real Media eXperience, RMX) is the aforementioned MCU which handles all of the media transcoding between standards-based VTCs and the streams coming from and going to the Lync/SfB MCU.  This MCU transcodes audio and video sessions between various protocols like H.264 AVC and X-H264UC.  Where the DMA could be referred to as the brains of the conferencing operation the RMX is the heart, doing the majority of the work.

    • ContentConnect (a.k.a. Content Sharing Server or CSS) is an additional software-only MCU that was created solely to transcode content sharing sessions between standards-based protocols like H.239 and Binary Floor Control Protocol (BCFP) into Microsoft’s sharing protocols like Video-based Screen Sharing (VbSS) and Remote Desktop Protocol (RDP).

    image

    Essentially what the Polycom Core provides is a platform for a VTC to register to via H.323 and/or SIP and then place a call over either protocol directly to a standards-based MCU which will then connect to the associated Lync/SfB meeting MCU and bi-directionally transcode audio, video, and content sharing streams.  Additionally a user can start the scheduled meeting from within the reserved conference room by simply tapping on or selecting a ‘Join Meeting’ button.

    These components are also part of the larger Collaboration Infrastructure family (also referred to as the RealPresence Platform) which includes additional optional servers that handle various other standards-based conferencing tasks outside of what is needed for the RealConnect experience.  The entire suite is sold using a simple licensing model called Polycom RealPresence Clariti, with the exception of Workflow Server which is purchased separately and deployed by qualified consulting services.  Endpoint management, call routing, firewall traversal, and other needs can be met by the entire suite that goes above and beyond the core RealConnect interoperability workflow discussed in this article.

    Polycom Service

    This offering of RealConnect utilizes an in-place globally redundant cloud deployment in the Microsoft Azure cloud.  At the time of posting this article RealConnect is available as a service in multiple countries worldwide by leveraging a deployment hosted by Microsoft and managed by Polycom in five Azure datacenters across the planet.

    As this is a cloud offering then the individual components are essentially irrelevant, but understand that it is not just the Polycom Core server components shown above dropped into Azure virtual machines.  This service offering was created by essentially pulling apart those components and rewriting a lot of code, creating new components, and basically building an entirely new cloud architecture designed for cloud scale and availability.  The Internet-facing perimeter includes a few entry points which provide connectivity for accessing the Polycom web portals for service provisioning and configuration tasks, signaling services for VTC calls, and load balanced MCU IPs for media negotiation.

    The main difference between these offerings though is that for on-premises server deployments the MCU cascading is 1:1 where a single Polycom MCU connects to a meeting on a single SfB MCU.  Once that cascade is established then SfB clients and VTCs each have one native entry-point into that meeting.  But with the cloud offering every single VTC will be routed to a dedicated Polycom virtual MCU sized appropriately for a single VTC connection.  All of these individual MCUs then connect back to the same SfB MCU hosting the meeting, essentially creating 1:n cascades.  This architecture allows for the VTCs to connect to the closest available Polycom MCU regardless of where the SfB Meeting is actually hosted, reducing transit time over the Internet as much as possible.

    image

    Although the primary components of this solution are cloud-based, as with any cloud solution there is sometimes a requirement for an on-premises application to handle some specific communications between the cloud services and certain on-premises components or clients.

    One scenario where this is evident is with One Touch Dial.  In the earlier on-premises server model the Workflow Server that hosts the OTD application provides the meeting invitation locally to both Polycom and compatible Cisco endpoints. But in the cloud model the solution is different as the Polycom and Cisco endpoints do not use the same methodology for Exchange compatibility.  This will be explained more further on in the article but for now understand that Polycom VTCs can go directly to the OTD Service running in Azure, but Cisco endpoints cannot; they require a local gateway to provide that connectivity.  Thus the cloud offering is made up of two components: the OTD Service running in Azure and the OTD application which must run on-premises and communicate directly with the Cisco VTCs.  In short if an environment has only Polycom VTCs then the on-premises application is not required, but the inclusion of any Cisco VTCs means that it is required if rolling out a one touch join experience is desired.

    To address the on-premises need the Polycom Cloud Relay was created.  The Cloud Relay is a lightweight virtual server available for download that Polycom cloud customers can self-deploy and then easily connect to the cloud.  It is available as either a VMware OVA or HyperV image and is essentially an on-premises gateway between various Polycom cloud services and whatever on-premises components are leveraged by the desired application.  Cloud Relay can host different applications for various Polycom service offerings and two of those are specifically related to RealConnect.  The first is One Touch Dial (OTD) as outlined in the previous paragraph, and the second is the RealConnect Hybrid application which will be explained in a later section.

    Topologies

    Now that the different offerings have been introduced and discussed the next step is to break down the various ways that RealConnect can be deployed or consumed.  As mentioned earlier there are no architectural limitations on the environment’s current or future state such as that either Lync Server 2013 or Skype for Business Server 2015 is deployed, and/or Skype for Business Online is involved.  Additionally any version of Exchange Server 2010 through 2016 is supported as well as Exchange Online.  Hybrid deployments of Exchange and/or Skype for Business are also supported in all RealConnect topologies.

    The following diagram offers a simplistic view of the various ways that RealConnect can be leveraged across four common scenarios. Understand that this is not a complete diagram of mandatory or optional components but is meant to depict where the two conferences are hosted in each by indicating only the MCU placements.  Dashed lines indicate signaling and media communications between each client/device and their respective native MCU, while the solid green lines indicate the cascading media sessions which travel between both MCUs.

    image

    Among the four individual topologies listed above the the On-Premises models utilize a Polycom server deployment for the primary meeting interoperability, whereas the Cloud models leverage the global Polycom services deployed in Microsoft Azure.

    RealConnect On-Premises

    The first two models both consist of the same Polycom core server software installation which would be integrated with an on-premises Lync Server 2013 or Skype for Business Server 2015 pool.  These models support providing the RealConnect experience to any meeting hosted in a Skype or Business Server, Hybrid, or Online environment.

    Skype for Business Server

    The simplest and original offering of RealConnect is a topology of all Polycom and Microsoft server components installed on-premises.

    image

    The Polycom Core includes the four on-premises servers described earlier that provide the RealConnect workflow, some of which are integrated with Lync or Skype for Business Server via the Trusted Application model.  The Polycom Edge represents an optional server called RealPresence Access Director (RPAD) which would support external VTCs attempting to join RealConnect meetings.

    Deployment is straightforward using the Trusted Application model between the DMA, RMX, and Lync/SfB Front End server/pool.  Signaling communications between each are encrypted over TLS 5061 in both directions.  Media communications for audio and video are directly between the RMX and Lync/SfB AVMCU and application sharing media is directly between the ContentConnect Server and the Lync/SfB ASMCU.  All media types utilize the standard Microsoft ports and protocols used by all other Lync and SfB clients.

    Also potentially included in the Polycom Core is the One Touch Dial (OTD) application by deploying an instance of Workflow Server on-premises.  This is an optional component here as if there is no need or ability to support this feature for meetings then it does not need to be deployed.  In regards to Exchange this deployment can leverage mailboxes stored in either Exchange Server or Exchange Online.  In hybrid Exchange deployments where some conference room mailboxes may reside in both locations then the OTD application would support two side-by-side configurations with 2 unique hostnames for VTCs to point to as their calendaring service.  One FQDN would be used by VTCs with their mailboxes hosted on a local Exchange Server while the other FQDN would be used by VTCs with their mailboxes hosted in Exchange Online.

    In this model the meeting invitations are unchanged and as long as Dial-In Conferencing has been enabled on the Lync/SfB Server then the audio Conference ID created by the Lync/SfB Server is also used as the video conference ID.

    image

    Users can either dial that conference ID from any VTC or select a "Join Meeting" button on the system if leveraging One Touch Dial.  This meeting invitation format is applicable to all RealConnect topologies except for one, which is explained later on.

    Skype for Business Hybrid & Online

    This topology uses the same on-premises Polycom Server components but extends supports to Skype for Business Hybrid and Online deployments where a meeting is running in Skype for Business Online..

    image

    This model functions a bit differently than when everything is installed on-premises across both sides.  In order to support interoperability with any Skype Meetings hosted in Office 365 a important requirements have been added:

    • Even if all Skype for Business users have been migrated to Skype for Business Online a single Front End Server and Edge Server must still be left on-premises to leverage the Trusted Application integration between the on-premises Polycom Core servers and Skype for Business Online.  (This Trusted Application model cannot be used directly with Office 365.)  This on-premises server installation can be either Lync Server 2013 or Skype for Business Server 2015.  An existing Split-Domain configuration can be utilized for permanent Hybrid deployments. Alternatively a new federated installation of Lync/SfB Server in a separate forest could be deployed for cloud-only deployments that do not currently have any on-premises servers. Cloud Connector Edition (CCE) cannot be used for this connectivity as that solution was only designed for telephony integration and does not support all the signaling and media negotiation needs for audio, video, and content sharing.
           
    • The Workflow Server must be deployed as it is an integral part of how scheduled Skype Online Meetings are discovered and located for the the RealConnect cascades to be established with Skype for Business Online MCUs.  If this server is omitted then RealConnect would function only for meetings scheduled by on-premises Lync/SfB users; connectivity to Skype for Business Online meetings would not be possible.  (Even if there is no desire for One Touch Dial in a specific deployment the Workflow Server is still mandatory in this model for the reasoning above.)

    Otherwise the rest of the solution is the same as the full on-premises model.  Scheduling and joining meetings is no different between each and media flows are unchanged for on-premises user’s meetings.  For any online meetings the Polycom MCU will utilize the on-premises Edge Server to relay cascaded media streams to the proper Skype for Business Online MCU.

    Meeting invitations in this model are the same for all users regardless of whether they are homed on-premises or online and look identical to the example invitation shown in the previous topology.

    RealConnect Cloud

    The other two models are completely different from the first two as these instead leverage the Polycom Services available in the cloud. Just as with the server approach the services models can provide the RealConnect experience to any meeting hosted in a Skype or Business Server, Hybrid, or Online environment.

    Skype for Business Server

    In this model the Polycom services in the cloud communicate with an on-premises deployment of Skype for Business Server by way of the aforementioned Cloud Relay server.

    image

    The Cloud Relay server fills two roles today which are specific to RealConnect.  One of these is providing an on-premises application capable of bridging the signaling communications path between the Polycom Service in Azure to the Skype for Business Server deployment on-premises by way of the familiar Trusted Application model.  This RealConnect Hybrid application that runs on the Cloud Relay server is configured through Polycom customer portal once the Cloud Relay server has been deployed and connected to the cloud service. (Note that the usage of the word ‘Hybrid’ here refers to the pairing of Polycom cloud services and Skype for Business on-premises servers;  it is not referring to the Skype for Business Hybrid/Split-Domain deployment model.)

    The Cloud Relay is a prerequisite installation for this topology and the same deployed instance can also host the OTD application to handle the required on-premises TMS emulation for any Cisco VTCs.

    Again, the meeting invitations in this model are identical to each scenario discussed thus far as the solution continues to leverage the audio Conference ID as the traditional meeting number.

    Skype for Business Online

    This is the inverse of the full on-premises topology as now everything is hosted online in Microsoft’s Office 365 cloud.  The Polycom Services deployed in Azure are adjacent to the Skype for Business Online services in the same Office 365 datacenters.  Signaling and media connectivity between them is a direct and fast as possible, providing for a latency-free, robust route for cascaded meeting traffic.

    image

    While there are no Microsoft server components required on-premises their may still be a need for some standards-based infrastructure to still be installed on-premises, hence the "Optional H.323/SIP Infrastructure" object in the diagram above.  This potential need is due to the fact that a standard VTC is only provided access to RealConnect meetings in this model, it does not receive SIP or H.323 registration from the Polycom Service, configuration or firmware management, firewall traversal assistance and so on.  This optional infrastructure could be provided by Polycom’s RealConnect Access Suite (RCAS), which is basically the same things you get with Clariti minus the MCU.  These traditional on-premises management and routing functions could also be performed by existing infrastructure like Cisco VCS or Call Manager deployments.  The goal here is to simple allow a VTC to place a call off-network to the Internet and reach the MCUs hosted in Azure.

    Aside from conferencing services the other capability provided by this cloud offering is One Touch Dial.  But instead of leveraging Workflow Server it has been deployed in Azure as a service.  Polycom VTCs like the HDX and Group Series can connect directly to this cloud service as they natively support Exchange Web Services (EWS) and will retrieve meeting invitations automatically.

    But the same is not true for Cisco VTCs which support Cisco’s One Button To Push (OBTP) feature.  While this feature also leverages Exchange Server to access the meeting invitations sent to a conference room’s mailbox the retrieval method is different.  A Cisco VTC is designed to rely on a configured Cisco TelePresence Management Suite (TMS) server to retrieve the mail on its behalf and then push the message to it.  For RealConnect this requires the deployment of an on-premises gateway to handle opening outbound connections to the cloud service as well as being able to directly connect to local Cisco VTCs.  To address this need of deploying a lightweight OTD application locally a new virtual server called the Polycom Cloud Relay is utilized.

    The main difference between the aforementioned Workflow Server and this new Cloud Relay is that Workflow Server is a purchased professional services deployment of a virtual server that is designed for use with the on-premises Polycom Server model, but the Cloud Relay is a free, lightweight virtual server which can easily be self-deployed and is intended for anyone leveraging the cloud Polycom service offering.

    The difference in the meeting invitation format for this specific topology means that Skype for Business users who schedule meetings must be a using a supported Office 2016 Click-to-Run (C2R) version for either Windows or Mac.  As of February 2018 all release channels other than Deferred include the prerequisite code in the Outlook and Skype for Business clients to generate additional information in the meeting invitation required by VTCs to join the meeting.

    image

    The highlighted information above can be used to manually dial into a RealConnect meeting, but the One Touch Dial solution also parses this data to create the join button for supported VTCs.  Within this additional information a unique VTC Conference ID is created for every new meeting which is different from any audio Conference ID which may or may not already exist in the invite.

    The invitations for RealConnect look like the above for only this all cloud topology, meaning only when Skype for Business Online is used with the Polycom Service.  Notice that this invitation differs from the one shown previously because in the Skype for Business Online multitenant environment it is not possible to reuse individual audio conference ID for the purposes of video interoperability.  Also there needs to be no reliance on having an Audio Conferencing or Audio Conferencing Partner (ACP) licenses assigned to the scheduling user.  These requirements lead to the creation of new functionality put directly into the Office software by Microsoft which was only developed in the C2R model and not placed into the older MSI packages.

    Skype for Business Hybrid

    Providing RealConnect to a Skype for Business Hybrid deployment is different here in the Cloud topologies than outlined earlier in the On-Premises topologies.  While a single topology utilizing Polycom Servers supports both Skype for Business Hybrid and Online-only deployment methodologies when leveraging the Polycom Service a single model is not applicable; both models are used in conjunction.  As explained in the next section the licensing is the same so consuming both Cloud models is essentially transparent.  If Skype for Business users are migrated from server to online then the RealConnect experience is essentially unchanged, with the one exception related to the meeting invitation requirements and configuration outlined for Skype For Business Online users.

    Choosing a Solution

    After reviewing all of this information the next logical step is to outline which model or models can be utilized in a single environment.  Where some of these models can cover an entire topology others can be used together to address other potential needs.

    The following matrix lists which models support the various potential components in a Microsoft UC-enabled environment.


    RealConnect On-Premises RealConnect Cloud
    Skype for Business
    Server
    Skype for Business
    Hybrid, Online
    Skype for Business
    Server
    Skype for Business
    Online
    Exchange Server X X X X
    Exchange Hybrid X X X X
    Exchange Online X X X X
    Office 2013 X X X X
    Office 2016 X X X C2R Required
    Dial-In Conferencing Required Optional (Hybrid) Optional N/A
    Audio Conferencing N/A Recommended N/A Optional


    Given the few limitations above many environments will actually be able to choose from multiple topologies, so it becomes not a question of which can be used but instead which should be used.  That answer will depend largely where it video interoperability solution is most desired.  Some will prefer a cloud service whenever possible to reduce deployment complexity and lifecycle management, meanwhile others may be more concerned with controlling the conferencing communications end-to-end by selecting on-premises components across the board.

    Some key things to think about when making this decision include:

    • Where will the meeting MCU sit and what options are available to control the media delivery?  Using a full cloud service introduces the inherent latency and loss of Quality of Service capabilities of traversing the public Internet for some or all of the potential traffic.  This may be considered ‘good enough’ when balancing the business needs versus the business costs.  Obviously choosing to put one or both MCUs on-premises offers complete control of the available options in the respective platforms and is the model of choice when focusing on an ‘executive class’ experience

    • How are Skype for Business Hybrid environments used with the Polycom Service?  For Hybrid deployments where some Skype for Business users are homed on-premises with SfB Server yet others are homed in SfB Online then both topologies will essentially be consumed.  A single licensing model covers both of these topologies so where the users are homed does not matter as they can be migrated between at any time if desired.  The invitations will look different, as outlined in sections above and the users homed on-premises can utilize any version of Outlook.  It is the users homed in SfB Online which have the Office C2R requirement, so pay special attention to this if using RealConnect for SfB Server users who are scheduling meetings on version of Office other than 2016 C2R.  RealConnect will work from those users now but if they are migrated to SfB Online then it will stop working for their meetings until they are upgraded to the required Office software.

    • Does it matter where my Exchange mailboxes reside?  All topologies support all methods of Exchange mailbox storage.  The mailboxes for both the scheduling users and room resources can be stored on any arrangement of Exchange Server, Online or Hybrid configurations.  Polycom endpoints can utilize native Exchange Web Services connections over HTTPS (TCP 443) to access the OTD application running on a Workflow Server (in On-Premises topologies) or go directly to the OTD Service in Azure (for Cloud topologies).  Cisco endpoints obviously can only communicate with an on-premises Workflow Server or Cloud Relay server, depending on the selected topology.

    • What roles do Dial-In Conferencing and Audio Conferencing play in RealConnect?  For users homed on-premises the Skype for Business Server configuration would need Dial-In Conferencing enabled to insure that the requisite audio Conference ID is included in all invitations.  For SfB Online users the Audio Conferencing (formerly PSTN Conferencing) Skype add-in license controls that behavior.  RealConnect in the Cloud model has no reliance on the existence of audio conferencing information in the invitation, so it is irrelevant.  The Cloud model when used with Skype for Business Online user is unique though as the Audio Conferencing information is optional.  If the SfB Online user has been assigned an Audio Conference license then Workflow Server will utilize the existing audio Conference ID for VTC connectivity into RealConnect meetings.  But if the user is not licensed and thus has no audio Conference ID in their invitations then Workflow Server will dynamic create a unique ID for RealConnect to utilize.  The key here is that dynamically generated ID is only ever seen by the room resources which are booked in the meeting by utilizing the ‘Join Meeting’ button.  IT is not possible to inject that ID into the Skype Meetings invitation which was already sent to numerous possible other attendees.  In short, One Touch Dial configuration is a requirement for meetings created by SfB Online users without an audio Conference ID provided in their original Skype Meeting; ad-hoc numeric dialing would not be possible.

    Licensing

    Purchasing RealConnect is actually quite simple once the differences between the server and services approaches are understood. While there are several possibilities depending on the engagement it is very easy to break down the offerings into two categories.  Both will use an example company of 4000 Skype for Business users with 80 standards-based VTCs deployed throughout the environment.  A generous high-water mark of 25% concurrent VTC utilization will be used for the estimates shown below.

    Polycom Servers

    Both On-Premises topologies utilize the same Polycom Server components and thus can be purchased using the same RealPresence Clariti licensing model in addition to optional professional services engagements.

    • RealPresence Clariti – includes 3 of the 4 Polycom Core Server components for RealConnect.

    • Workflow Server – optional fourth component purchased through a professional services engagement.

    • SfB Server Deployment – another professional services engagement that includes deployment and potential remote management of a lightweight Skype for Business Front-End and Edge server components required for leveraging Skype’s Trusted Application integration with the Polycom Core.  (This is only applicable to supporting Skype for Business Online meetings and only if there is not already an existing Lync or SfB Server Hybrid deployment.)

    Clariti licenses are ‘per user’ in that a user essentially an active connection, meaning this is a concurrency-based licensing model. (The terms license, user, connection, and resource are all basically interchangeable here.)  Sizing exercises would include calculating the desired VTC concurrency limit and adding that the estimated meeting concurrency limit.  Connections are consumed both by every connected VTC and every cascaded meeting, where a VTC consumes a single license but each meeting cascade can consume 1, 2, or 3 licenses.  The first is for the initial cascade establishment itself and any number of audio and video streams.  The second would be dynamically consumed if and when application sharing content is active in the meeting.  A third license per cascade would be used if an optional Polycom MCU feature is enabled to show additional VTCs and/or Immersive Telepresence layouts in the panorama video stream in RealConnect meetings.

    So, if 20 VTCs are all in the same RealConnect meeting at the same time then the solution would need to include 23 licenses (20 VTCs + 3 for a single cascade) to support all potential workloads.  More realistically it is possible that those same 20 VTCs may instead be joining 10 different RealConnect meetings at the same time which may utilize up to 50 licenses (20 VTC + 30 for ten unique cascades).

    Polycom Services

    Both Cloud topologies share a single Enterprise-Wide Licensing (EWL) model.  This model is also concurrency based, similar to Clariti, but is even simpler to calculate the desired number of licenses.

    • Enterprise Wide License – allows consumption of the Polycom video interoperability service.

    • Cloud Relay – free virtual server to provide support for the One Touch Dial application (for Cisco VTCs) and/or support the RealConnect Hybrid application required when supporting Skype meetings hosted on an on-premises for Business Server.

    • RealConnect Access Suite – provides optional on-premises traditional video infrastructure components to handle any desired VTC managing and routing calls to the Azure-based Polycom Service.

    When using the services only the VTC connections are counted; there are no additional numbers that need to be figured in based on MCU cascading.  Calculating the number of required licenses requires estimating the same desired high-water mark of concurrent VTC utilization (e.g. a 25% target).  Thus, if at most 20 VTCs need to join meetings at the same then 20 licenses is all that needs to be purchased.  It does not matter if all of those VTCs are joining a single RealConnect meeting or 20 different concurrent meetings, due to the cloud service architecture the amount of cascades is irrelevant.  (By looking closer at the media flow diagram shown earlier in this article under the Polycom Service description one can see that every single VTC is assigned its own dedicated MCU resource which means that there will be multiple cascades when multiple VTCs join the same meeting, no differently than if they join separate meetings.)

    The limiting factor here then is that the purchased licenses control how many VTCs can concurrently connect to any of the meetings scheduled by any licensed user in the company.  Additional licenses can easily be purchased later on to increase that concurrency limit and added to instantly raise that that threshold.

    That covers the ability for VTCs to leverage the cloud video interoperability services in Azure, yet a RealConnect meeting must first be scheduled for that to happen.  To utilize RealConnect with these meetings scheduled by a Skype for Business Online user an additional Microsoft Office 365 license comes into play.  As covered earlier in this article any users homed in Skype for Business Online need to be running Office 2016 C2R in order to generate the required meeting information for VTCs to join, and the way that information is populated in the invitation is by programmatically checking the scheduling user’s current Office 365 licensing and looking for an assigned Skype Meeting Video Interop for Skype for Business add-in license, highlighted below.

    image

    This secondary Microsoft license ensures that the scheduling user’s own meetings can be joined by any VTC by including the video interoperability-specific details in the invite.  Enough of these licenses will be provided to allow all SfB Online users to be assigned one so that every user’s scheduled Skype Meetings will include the required meeting information for any VTCs to either dial in manually or configured VTCs to leverage One Touch Dial to connect to the meeting.  In this example although only 20 concurrency licenses may have been purchased this customer would still receive 4000 user licenses to cover all potential SfB Online users.

    Remember that while these Skype for Business add-in licenses are only applicable to Skype for Business Online users enough can be provided to address any Skype for Business Server users which will eventually be migrated to the cloud.  In the example above it could assumed that this environment may be using a Skype for Business Hybrid deployment and have to dat only migrated 264 users to Skype for Business Online while the remaining 3,736 users are still homed on Skype for Business Server.  As they are migrated to the cloud they can be assigned one of those available licenses and continue to leverage RealConnect for their Skype meetings which are now hosted online.

    Q1 2018 Skype and Teams UG Meetings

    February 26, 2018 by · Leave a Comment 

    The next round of quarterly Skype and Teams Users Group meetings has been announced and scheduled starting this month.

    image

    Latest News

    A year year brings a couple new national sponsors to the user group in AVST and Embrava.

    Event Details

    This quarter’s events will be conducted in our familiar two-session format:

    Session 1: Advanced Phone System Capabilities – In this session, we will cover the more advanced features and capabilities of Phone System, including updated Call Queues & Auto Attendants, Call Plan & Phone Number management, Number Porting procedures, custom Dial Plans & Calling Policies, & more.

    Session 2: Bots & Development Capabilities in Microsoft UC  – In this session, we will learn about working with Bots in Microsoft Teams, how Bots can be used, Telehealth Templates, & other emerging Development opportunities within the Office 365 UC realm.

    Industry Experts will be on-site to deliver these presentations and help answer any questions related to Skype for Business.  Food, beverages and additional door prizes will be provided courtesy of the Skype for Business Users Group and its official sponsors.


    Western U.S.

    Central U.S.

    Southern U.S.

    Eastern U.S.


    For a full schedule of regional events the Skype and Teams Users Group Meetups page lists all planned event locations with links to the associated registration page for each regional group.  For anyone who is not yet a member and would like to participate simply visit the site listed above and register for your local group, this will automatically create a new user account for you to use again for all future event registrations..


    Chicago Event

    Continuing the recent schedule of alternating locations each quarter places our Q1 event back downtown in the Aon Building. 

    Food will be ready at 5:30pm so come early if you can to spend time socializing with the group before the presentations begin at 6:00pm.

    Date Location Address
    Tuesday, March 20th         
    5:30PM – Food and Networking 
    6:00 PM – Presentation Kickoff
    Chicago Downtown Event Microsoft Technology Center         
    200 East Randolph Drive, Suite 300
    Chicago, IL 60601

    Polycom Group Series with Skype for Business Online

    December 11, 2017 by · 2 Comments 

    A past article covered several facets of registering and using a Polycom RealPresence Group Series video conferencing system with Skype for Business 2015 Server deployments. In that article it was mentioned that support for Skype for Business Online was imminent.

    That support arrived this past summer in the form of official Microsoft qualification of the Group Series platform for Skype for Business Online, as reflected on the Skype for Business Solutions Catalog.

    The guidance in the previous on-premises-focused article is basically no different whether the Group Series is registering to Skype for Business Server or Online.  Updating the firmware, enabling the required Options Key, most of the configuration, and validating the overall experience are the same.  That article should continue to be used to gain an in-depth understanding of the scenarios, where this shorter article will focus on the minor differences when registering a Group Series endpoint directly to Skype for Business Online.  It is recommended to read through the previous article first to gain the foundational understanding of using a Group Series with Skype for Business.

    Requirements

    The prerequisite listed in this section only apply to registration with Skype for Business Online.  Some details are the same when using the Group series with an on-premises Skype for Business 2015 Server deployment while others are different or unique to Office 365 registration (e.g. Microsoft licensing).

    Software

    When official qualification and support was attained back in June the minimum required firmware version for support was release 6.1.1.  As of the posting of this article the latest Group Series software release is currently up to 6.1.4, although the more recent releases have not gone through the same qualification program.  This does not indicate that the newer releases are not supported, only that not every minor release needs to be requalified.  Requalification will happen with future major updates; for example when 6.2 is eventually released that version will go through the Microsoft qualification process. The most impactful result of becoming an officially qualified release is that Microsoft will then post that specific version in the Skype for Business Online Device Update service, allowing any registered devices to automatically receive and apply the new firmware directly, just as qualified IP phones have supported for some time.  Other manual or programmatic update processes can still be used to apply the desired version of firmware even if that is not what the device update currently has published.

    The newer minor releases are typically recommended though as they include additional hotfixes as well as one important change which is explained in the previous article and in the official Polycom Release Notes for the 6.1.2 release.  With the original 6.1.1 release in order to successfully register the Group Series to a Skype for Business Online account there must be a paired RealPresence Touch Panel which is configured with the Skype UI enabled.  The Additional Settings section of the previous article covers this configuration. 

    But with 6.1.2 and later releases this is no longer a prerequisite as support was added for using the supplied remote control or when controlling the Group Series through third-party customized devices like Creston or AMX room control panels.  The preferred in-room experience which most closely matches the rest of the Skype for Business meeting room devices out there today though is still provided by using the RealPresence Touch Panel with the Skype UI enabled, so it is still recommended to go this route when possible.

    Licensing

    As with any device that is registering to Skype for Business Online, be it a phone or video system, a licensed Office 365 account is required.  This can be a standard Skype for Business user or a special Meeting Room account.  Generally it is best practice to use the latter which affords the registered device some unique capabilities and behaviors, but it is not a requirement.  This previous article focusing on Online Meeting Room Accounts covers in detail the different configuration options and guidance around each.

    On the Polycom side the only license that is required is the aforementioned Skype for Business Interoperability License Options Key which is covered in the previous Group Series article linked at the beginning of this page.  As explained in that article the license is not required to successfully register to Skype for Business, but without it no other protocol or codec support is enabled, thus there would be no ability for the Group Series to handle video calls, meetings, content sharing, etc.  This is critical information when troubleshooting call failures on a registered system.

    On the Microsoft side see this companion article which attempts to explain the nuances of the Office 365 licensing options and which would be ideal or at least sufficient for various use-cases.

    This example account has been assigned an Office 365 Enterprise E3 license.

    image

    Expanding that E3 license shows all of the Office 365 services provided within it, including the critical Skype for Business Online plan.

    image

    At this point the desired account is sufficient to attempt registering the Group Series to Office 365.

    SIP Registration

    The detailed registration configuration steps outlined in the previous article are all applicable here.  The same general concepts are unchanged including best practices on username formats and guidance on using automatic configurations.

    The main difference is how to manually configure the target registration servers.  With on-premises deployments these are server names which would need to be known to an administrator or manually discovered.  But with the single world-wide Office 365 offering of Skype for Business Online there is a defined hostnames for the different services which can always be used in the event that autodiscovery is not working for some reason.

    Automatic Discovery

    The preferred method of SIP registration is to simply leverage autodiscovery as outlined in the previous article.  In most cases this will be sufficient to successfully locate and register to the online services, following the same guidance as provided for use with Skype for Business Server.

    Manual Configuration

    In the event that the automatic process does not result in a successful registration than the first step is to take the automatic discovery process out of the equation.  This can easily be done by hardcoding the target server in the configuration.  But what is this target’s name?

    This Microsoft support article details the various DNS records published for Skype for Business Online which provide registration, federation, and discovery services.  The DNS record information shown in the following table was taken from that article.


    Type Service Protocol Host Name Destination
    SRV _sip _tls <DomainName> sipdir.online.lync.com
    SRV _sipfederationtls _tcp <DomainName> sipfed.online.lync.com
    CNAME sip.<DomainName> sipdir.online.lync.com
    CNAME lyncdiscover.<DomainName> webdir.online.lync.com


    It is also very easy to query for these defined destination hostnames for Skype for Business Online tenants.

    • Using Windows PowerShell or a Command Prompt issue the following nslookup command with the desired domain name of the Office 365 tenant (e.g. jdskype.net) to resolve the published Service Locater (SRV) record.

    nslookup -q=srv _sip._tls.jdskype.net

    image

    • Also issue this nslookup command with the desired domain name of the Office 365 tenant (e.g. jdskype.net) to resolve the published Alias (CNAME) record.

    nslookup sip.jdskype.net

    image

    In both instances the same Fully Qualified Domain Name (FQDN) of sipdir.online.lync.com was returned.  It would be a good idea to simply just commit this FQDN to memory at this point as this single hostname can be used to register any SIP client or device directly to Skype for Business Online from anywhere in the world.

    Understand that this process should result in the above names for pure online-only tenants, while any hybrid deployments of Skype for Business should have been configured by their administrators to properly point to the on-premises service (e.g. Edge and Reverse Proxy).  In hybrid deployments these on-premises servers will then redirect any client registration attempts for accounts which are actually homed online.  For this reason it becomes important to understand how to manually, and forcefully, point a device directly to Skype for Business Online using the above hardcoded hostnames.  Otherwise when troubleshooting a registration failure it may not be possible to resolve the issue if the device is unable to negotiate the discovery process and/or redirection correctly.  Pointing the device directly to the cloud registration servers, even in a Hybrid deployment, will often result in a successful registration by bypassing any on-premises components.  Obviously this requires that the SfB account that the device is registering as is hosted online, which is the entire point of this article.

    Armed with this newly discovered information it is now time to enter the manual configuration and attempt registration.

    • Using the Group Series web management interface navigate to the Admin Settings > Network > IP Network menu, or simply search for “sip” and then select the SIP result.

    • Expand the SIP section click Enable SIP if it is not already enabled.

    • Change the SIP Server Configuration to Specify.

    • Set the Transport Protocol to TLS.

    • In the Sign-In Address field enter the SIP URI of the desired Lync or Skype for Business user account (e.g. gs500@jdskype.net). 

    • In the User Name field enter the User Principal Name (UPN) of the same account (e.g. gs500@jdskype.net).  In online-only tenants the user account’s SIP URI and UPN should be the same, but that may not be the case if the AD accounts where originally migrated .  (The legacy NetBIOS format of “DOMAIN\username” cannot be used with Office 365 accounts.)

    • Click the Password box to expand the Enter Password and Confirm Password fields.  Enter the user account’s password in each field.

      • In the Registrar Server field enter the string "sipdir.online.lync.com:443".  It is important to include the :443 suffix after the hostname as the Group Series will attempt TLS registration by default to port 5061 which would not be correct.  The Skype for Business Online server will only accept registration attempts destined for port 443.

      • The Proxy Server field should be left blank.  Registration can still work if the exact same value as the Registrar Server field is entered but this is redundant and normally should not be populated.  Unlike some standard SIP platforms the Microsoft SIP platform contains the proxy and registrar services in the same server roles.  (This field is not used for pointing to an outbound web proxy server, that is configured in a different section.)

    • Set the Registrar Server Type to Microsoft.       
            
           
    • Finally click Save to attempt to sign in.

    image

    Address Book Registration

    Nothing here is any different than when dealing with Skype for Business Server, so the directions in the previous article are applicable here as well.

    • Set the Server Type to Microsoft.

    • In the Domain Name field enter the SIP domain for the the currently registered user’s environment (e.g. jdskype.net).

    The Registration Status will  initially continue to be displayed as “Registration Failed” but within 30 seconds or less the status should update to Registered.

    Calendar Registration

    In the other article it was stated that the Group Series has supported Exchange Online mailboxes for some time now, so again nothing new to see here.  Same guidance and instructions as was previously covered; default to using the auto discovery process first and if that fails then the following configuration example outlines the manual settings.

    This Microsoft support article outlines the various FQDNs for Exchange Online services, with the important hostname being outlook.office365.com which is used to access Exchange Web Services online by the Group Series.

    image

    Media Port Range Behavior on Polycom Devices

    November 8, 2017 by · 5 Comments 

    An older, now partially outdated article covered in depth how to configure Quality of Service (QoS) on Polycom VVX phones for use with Lync Server.  Much of the guidance in that article is still applicable and even extends to newer Trio conference phones as well as the newer Skype for Business Server and Online platforms.

    What has changed since that article was published was how the Polycom UCS-based devices leverage defined media port ranges.  Previously this had to be handled out-of-band by either manually configuring the phones or using a provisioning server to perform the configuration in bulk.  That configuration required discovering the static media ports ranges defined in the Lync/SfB server platform and then duplicating as close as possible the same configuration on the phones. That manual configuration is typically no longer necessary as more recent firmware releases for the VVX and Trio have added support for picking up and configuring the media port ranges automatically.  During registration to Lync or Skype for Business any defined ranges which have always been passed in-band in the client provisioning information are now properly parsed and applied to the phone configuration.

    But there was still an important limitation to that behavior as while the phones could automatically use that information they could not use all of it.  At the time the firmware did not yet support defining separate source port ranges for audio, video, and content sharing streams.  As the vast majority of these devices in the field are VVX IP phones which only support audio communications with Lync/SfB then this gap was not a major issue though.  The media port range for audio ports defined in an environment was correctly utilized by the phones without additional configuration and thus any QoS management of that traffic worked identically between SfB clients and VVX phones.

    Yet with the growth of Trio phone deployments with the Visual+ component which added video and content sharing streams meant this gap needed to be addressed.  In later firmware releases this was in fact dealt with by introducing a new set of parameters which allowed the phones to define source listening ports in up to three different ranges to separate the audio, video, and content sharing media channels.  Additionally other compatible video conferencing platforms like the Polycom Group Series also need to be factored in to these environments.  This article will review the behavior and any configuration (if applicable) for each of these family of devices.

    With the server platforms if no static media port ranges have been defined then the phones will operate with in their factory default port ranges.  All devices registering directly to Skype for Business Online will be configured with the same globally-defined client port ranges that Microsoft controls for online clients.  Understand that although Microsoft has recently simplified the required port ranges for Skype for Business online clients this does not change the client’s listening port configuration.  Those changes are focused on outbound media connections from internal clients to Microsoft’s data centers.  Yet for environments which may include firewalls separating even some internal networks then peer-to-peer media communications between these clients still needs to be allowed for no differently than has always been the case in Office Communicator, Lync, and Skype for Business.

    As mentioned above server platforms can range from no configuration to any variety of custom port ranges, while the Office 365 offering uses a very specific set of defined port ranges.  The examples shown throughout this article will leverage Skype for Business Online which currently assigns the following dedicated port ranges for each media type to registered clients and devices. 


    Media Type Port Range
    Start
    Port Range
    End
    Audio 50000 50019
    Video 50020 50039
    Application Sharing 50040 50059

    The configuration above is provided in the <provisionGroup name="ServerConfiguration" > section of provisioning data sent to a registering client.  This following details can be captured by a SIP trace run during the SfB client registration process or by looking through Lync-UccApi-*.UccApilog files found in the workstation’s Tracing folder.

    <ucMinAudioPort>50000</ucMinAudioPort>
    <ucMaxAudioPort>50019</ucMaxAudioPort>

    <ucMinVideoPort>50020</ucMinVideoPort>
    <ucMaxVideoPort>50039</ucMaxVideoPort>

    <ucMinAppSharingPort>50040</ucMinAppSharingPort>
    <ucMaxAppSharingPort>50059</ucMaxAppSharingPort>

    Trio

    As of the recent September release of 5.5.2 the Trio will both utilize the in-band port configuration received during SfB registration and also takes advantage of new parameters specifically for content sharing traffic so that it is no longer sharing the same port range with video streams as was the case in earlier releases.

    There are a few ways to validate the current configuration of a Trio that has already been registered to a Lync or Skype for Business platform.  As stated earlier the devices used in this article are registered to Skype for Business Online so the media port configuration seen will match the table shown above.  The simplest way to see the configuration is to utilize the phone’s embedded web management UI to export the current configuration to a text file and then search for the specific parameters which store this information.

    Enable Web Management UI

    To perform the steps below it may be required to first enable the web UI on the device as it would have been disabled by default when set to the Skype for Business base profile.

    • Using the Trio touch interface navigate to the Settings > Advanced > Administration Settings > Web Server Configuration menu.  (When prompted for a password the default is ‘456‘.)

    • Turn on the Web Server setting and then select the desired Web Config Mode (e.g. HTTP/HTTPS).

    • Tap the Back arrow and select Save Config.  And changes applied above will trigger an immediate reboot of the phone.

    Export Configuration

    Once the phone has rebooted the web UI can be used to export the current configuration to a text file.

    • Using the Trio touch interface tap the hamburger menu in the upper left corner to easily find the device’s current IP address.

    • Using a web browser connect to the device IP address using either http or https (whichever options were enabled in the previous steps) and enter the same Admin password as before (default is ‘456‘).

    • Browse to the Utilities > Import & Export Configuration menu and then expand the Export Configuration section.

    • Leave the default selection of All Configuration (except Device Settings) and then click the Export button.

    image

    • Save and open the downloaded Export_all.cfg file in any text editor, or an XML editor of choice if available.  Scan through the results or search for the string "port.rtp.lync" to locate the desired parameters.

    image

    As seen above the Trio utilizes the following six parameters to store the configuration provisioned by the registrar.

    tcpIpApp.port.rtp.lync.audioPortRangeStart="50000"

    tcpIpApp.port.rtp.lync.audioPortRangeEnd="50019"

    tcpIpApp.port.rtp.lync.videoPortRangeStart="50020"
    tcpIpApp.port.rtp.lync.videoPortRangeEnd="50039"

    tcpIpApp.port.rtp.lync.contentPortRangeEnd="50059"
    tcpIpApp.port.rtp.lync.contentPortRangeStart="50040"

    Query Configuration

    Another way to locate this information is by connecting to the phone via Telnet and looking up the parameters by name to see not only the provisioned values but also the device’s factory default values.  This is a more advanced process and may be of interest to some readers for future reference and requires prior knowledge of the specific parameter names.

    The phone’s embedded Telnet server is disabled by default so it must be enabled first by importing a configuration parameter into the phone.  Obviously this process also requires that the web management UI is enabled as shown above.  Also be aware that enabling the Telnet server on the phone is a static setting and will stay enabled though reboots, requiring either a factory reset or being manually turned back off.

    • Create a new text file named "enable_telnet.cfg" in any text editor and paste the following text into a single line in the file.

    <telnet diags.telnetd.enabled="1"></telnet>

    image

    • Using the web UI browse to the Utilities > Import & Export Configuration menu and then click the Choose File button under the Import Configuration section.

    • Browse for the newly created enable_telnet.cfg file and then select Import.  The results should be reported as "Configuration file imported successfully".

    image

    • Connect to the device IP address using any Telnet client over port 1023. 

    telnet 192.168.1.165 1023

    image

    • When prompted for credentials enter the default admin username of ‘Polycom‘ and password of ‘456‘.

    • At the Admin> prompt enter the command cfgParamName followed by the name of valid configuration parameter. For example "cfgParamName reg.1.address" would return the SIP address of the currently registered user.

    cfgParamName reg.1.address

    image

    In the results shown above there are several values returned for a specific parameter.  Most importantly valDefault shows the factory default setting for any parameter, which would be null for this type of parameter.  The valWeb value is what was used to store the registered user’s SIP address and this was because the phone was originally registered using the Skype for Business SignIn option in the web UI.

    • Using the cfgParamName command the various media port parameters can be queried to find both the default and current settings.

    cfgParamName tcpIpApp.port.rtp.lync.audioPortRangeStart
    cfgParamName tcpIpApp.port.rtp.lync.audioPortRangeEnd

    cfgParamName tcpIpApp.port.rtp.lync.videoPortRangeStart
    cfgParamName tcpIpApp.port.rtp.lync.videoPortRangeEnd

    cfgParamName tcpIpApp.port.rtp.lync.contentPortRangeStart
    cfgParamName tcpIpApp.port.rtp.lync.contentPortRangeEnd

    image

    Notice that while the factory default values shown above as still stored in valDefault the custom values for these parameters are instead stored in valPpsSip which indicates the custom settings originally came from a SIP provisioning process; in this case during registration to SfB Online.

    As mentioned earlier it may be desired to disable the Telnet server on the phone once completed.  Follow these steps to reverse that configuration.

    • Create a new text file named "disable_telnet.cfg" in any text editor and paste the following text into a single line in the file.

    <telnet diags.telnetd.enabled="0"></telnet>

    image

    • Import this file into the phone using the same process shown earlier in this section.

    Validation

    To validate that the configuration discovered above in the various processes is actually functional the following Wireshark traces were captured during a peer to peer call between a Skype for Business 2016 Windows client and the Trio 8800 with video enabled and the SfB client actively sharing its desktop to the Trio.  Both endpoints were located on the same internal network so any media streams traveled directly between each host’s local IP.  Traffic flows shown below are all from the SfB client (192.168.1.193) to the Trio (192.168.1.165) as the port configuration this article is focused on is applicable to how the Trio opens up listening ports intended for inbound connections from the other endpoint.

    The audio stream seen below was sent from the SfB client over UDP to port 50004 on the Trio which is in-between 50000 ad 50019.

    image

    Meanwhile the video stream from the SfB client was directly to UDP 50038 on Trio, correctly falling within the 50020-50039 range.

    image

    Lastly the the shared desktop of the SfB client was sent to the Trio over TCP to port 50049 which is also within the new content sharing range of 50040-50059.  Note that the application sharing session was utilizing Remote Desktop Protocol (RDP) which only supports TCP transmission.

    image

    VVX

    As both the VVX and Trio device families are based on the same core Unified Communications Software (UCS) platform then the behavior here is the same.  Any configuration, as explained above, is no longer required as it is all automatic now when registering to Lync Server, Skype for Business Server, or even Skype for Business Online.  That being said the actual configuration utilizes slightly different parameters based on the fact that the VVX line does not support content sharing as it is only a phone.  While video calling is not yet supported with Skype for Business clients it is functional directly between SfB-registered VVX phones in peer calls only, thus correct utilization of the video port range is still important.

    Using the same instructions shown above in the Trio section the configuration can be exported or queried on the VVX phone.  Note that the standard Telnet port of 23 is used on the VVX phone, where the Trio uses port 1023 as shown in the examples above.

    Using the configuration export process the following parameters were found on the VVX phone registered to the same SfB Online tenant. 

    tcpIpApp.port.rtp.mediaPortRangeStart="50000"
    tcpIpApp.port.rtp.mediaPortRangeEnd="50019"

    tcpIpApp.port.rtp.videoPortRangeStart="50020"
    tcpIpApp.port.rtp.videoPortRangeEnd="50039"

    Note that the parameter names here are different than on the Trio.  Firstly the Trio parameters include the additional *.lync.* text in the names and secondly the audio port parameters on the VVX are entitled ‘media‘ instead of ‘audio‘.

    Using the Telnet process the two parameter sets query results are as follows:

    cfgParamName tcpIpApp.port.rtp.mediaPortRangeStart
    cfgParamName tcpIpApp.port.rtp.mediaPortRangeEnd

    cfgParamName tcpIpApp.port.rtp.videoPortRangeStart
    cfgParamName tcpIpApp.port.rtp.videoPortRangeEnd

    image

    This time the valDefault values differ from what was seen on the Trio, indicating different factory default port ranges between the phone families, yet the active port ranges have been provisioned correctly as seen in valPpsSip.

    Outside of these configuration differences the registered VVX phone will now function identically a Trio registered to the same environment for audio (and video) streams.

    The following table can be used as a quick reference for the defined UCS parameters between VVX and Trio phones.


    Media Type Trio VVX
    Audio tcpIpApp.port.rtp.lync.audioPortRangeStart
    tcpIpApp.port.rtp.lync.audioPortRangeEnd
    5tcpIpApp.port.rtp.mediaPortRangeStart
    tcpIpApp.port.rtp.mediaPortRangeEnd
    Video tcpIpApp.port.rtp.lync.videoPortRangeStart
    tcpIpApp.port.rtp.lync.videoPortRangeEnd
    5tcpIpApp.port.rtp.videoPortRangeStart
    tcpIpApp.port.rtp.videoPortRangeEnd
    Application Sharing tcpIpApp.port.rtp.lync.contentPortRangeStart
    tcpIpApp.port.rtp.lync.contentPortRangeEnd
    N/A



    Group Series

    The Polycom Group Series platform does not currently behave like the phones.  While the Group Series does support native registration to Lync Server 2013, Skype for Business Server 2015, and Skype for Business Online platforms it does not utilize the in-band provisioning settings for media port ranges.  Additionally the Group does not currently separate audio, video, and content streams into different port ranges, although it does allow for some limited customization to approximate the desired configuration.

    An allowed custom configuration supports defining a starting port for two separate media port ranges for TCP and UDP traffic, which can overlap if desired.  The port range for TCP traffic is hardcoded to 11 contiguous ports with 61 contiguous ports allowed for UDP traffic.  As the Group currently supports an array of audio and video protocols with Lync/SfB then the audio and video communications will typically be over UDP, unless negotiation fails and the fallback to TCP process is used for these streams.  Also as the Group currently supports only the RDP protocol for content sharing then all supported inbound content sharing streams will arrive over TCP.

    This leaves a dilemma for the administrator to address. While the smaller TCP port range can easily be assigned within the larger 20 port ranges typically used in Skype for Business the much larger UDP range will extend beyond that range and potentially up into other ranges.  For example if the Group is configured with a starting port of 50000 it will automatically set 50061 as the ending port.  This means that inbound media streams from SfB clients could potentially travel over any of the defined 50000-50059 range used in Skype for Business Online, resulting in possibilities like video traffic landing in the audio queue, or vice versa.

    Now for SfB Online this may not actually be a problem as all meeting traffic will be destined for the Internet and thus attempting to place that traffic in QoS queues internally will more or less be moot once that traffic hits the Internet.  But for Server deployments where the majority of media streams are staying on-premises then it is suggested to look at the overall QoS and media port configuration and potentially adjust the ranges to work better with the current Group Series behavior.  Or it may be desired to treat these dedicated conference rooms differently and thus place traffic destined for those devices in different ranges and queues altogether.

    Manual Configuration

    The example configuration used here would put the TCP ports up in the Application Sharing range based on the assumption that all inbound TCP media will be RDP traffic and UDP will successfully be leveraged for all audio and video traffic.  But because the UDP ports could contain audio or video then it may be ideal to select a different media port range that is not in use by SfB and then configure the additional range for QoS as desired.

    • Connect to the IP address of the Group Series endpoint using a web browser.

    • Navigate to the Admin Settings > Network > IP Network menu and then expand the Firewall section.

    • Enable the Fixed Ports setting.

    • Set the desired starting port in TCP Ports (e.g. 50000) and the desired starting port in UDP Ports (e.g. 49938).  (Starting ports must be even integers.)

    • Click Save to apply the configuration changes.

    Fixed Ports = On
    TCP Ports = 50040-50051
    UDP Ports = 49938-49999

    image

    This example configuration will put all UDP media outside the current SfB ranges, creating a new range of 49938-49999 which can be assigned to whatever QoS queue is desired.

    Note that this only impact inbound media sessions to the Group Series.  outbound media sessions will travel over the proper media port ranges as the far-end (clients and servers) will be advertising their listening ports correctly within the SfB configuration.

    Validation

    When capturing the traffic between an SfB client (192.168.1.193) and a Group Series (192.168.1.9) with both cameras turned of it is easy to isolate the audio traffic.  In the capture below the audio traffic sent from the SfB client to the Group Series arrives on port 49944 via UDP.  This port falls within the defined UDP range above of 49938-49999.

    image

    By muting the microphone and turning on the outbound video from the SfB client the majority of the capture will now show the video traffic.  the following series of packets show UDP traffic from the SfB client destined to the Group Series over port 49948.  This port also falls within the same defined UDP range above of 49938-49999.  On the surface there is no definitive way to determine this video traffic is any different than the previous audio traffic, other than possibly using the packet size as an indicator (224 vs. 1193).

    image

    Lastly a desktop sharing session was started from the SfB client after stopping the video and muting the microphone.  The most active results at this point were TCP packets sent from the client to the Group Series destined for port 50043.  This port is in the preferred range for application sharing traffic of 50040-50051 as previously defined for TCP traffic.

    image

    Note that throughout these captures the SfB client is still correctly sending from and receiving to the port ranges defined in Skype for Business.

    Q4 2017 Skype and Teams UG Meetings

    November 4, 2017 by · Leave a Comment 

    The next round of quarterly Skype and Teams Users Group meetings has been announced and scheduled starting this month.

    image

    Latest News

    Please welcome members to our newest group in Tampa Bay, Florida.  Also note that the group has expanded the name to include Teams which will clearly be an integrate part of Microsoft’s UV story after the resent announcements at the Ignite conference.

    Event Details

    This quarter’s events will be conducted in our familiar two-session format:

    Session 1: Microsoft Ignite Recap – In this session, we will get you up to speed on all the important announcements that occurred at Microsoft Ignite 2017.  This will include announcements from all our sponsors and Microsoft.  If you missed anything, this is your chance to catch up!

    Session 2: The Future of Intelligent Communication – Learn about Microsoft’s vision for Intelligent Communications and how we will bring together the learnings and experiences of SFB communications into Teams Collaborations.

    Industry Experts will be on-site to deliver these presentations and help answer any questions related to Skype for Business.  Food, beverages and additional door prizes will be provided courtesy of the Skype for Business Users Group and its official sponsors.


    Western U.S.

    Central U.S.

    Southern U.S.

    Eastern U.S.


    For a full schedule of regional events the Skype and Teams Users Group Meetups page lists all planned event locations with links to the associated registration page for each regional group.  For anyone who is not yet a member and would like to participate simply visit the site listed above and register for your local group, this will automatically create a new user account for you to use again for all future event registrations..


    Chicago Event

    Our local member Anthony Caragol will be assuming host responsibilities for the suburban Chicago location this quarter.  We will continue the current plan of alternating locations each quarter but are setting the stage to potentially host events next year in both locations to better serve the greater Chicagoland region.

    Food will be ready at 5:30pm so come early if you can to spend time socializing with the group before the presentations begin at 6:00pm.

    Date Location Address
    Thursday, November 30th         
    5:30PM – Food and Networking 
    6:00 PM – Presentation Kickoff
    Chicago Suburban Event Microsoft Midwest District Office
    3025 Highland Pkwy., Suite 300
    Downers Grove, IL 6051

    Understanding Office 365 Licensing for Meeting Devices

    August 21, 2017 by · 14 Comments 

    The purpose of this article is to explain what type of Office 365 licenses can or should be used with any of the various phones and meeting devices qualified by Microsoft for Skype for Business Online.  These products can natively register to Skype for Business Online using resource accounts which must be assigned the correct licensing.  This covers equipment like the many different IP Phones from five different partners or the several different Meeting Room platforms like the older Lync Room Systems, newer Skype Room Systems, or even the recently qualified Polycom Group Series to name a few.

    The guidance covered in this article is not necessarily applicable to desk phones which are assigned to a specific user, as those users would already have an assigned Office 365 license which applies to any client and devices they sign into with their own credentials.  It is the meeting room solutions and other similar shared resources like conference room phones or common area phones which utilize their own dedicated account which are the focus of this article.

    Requirements

    As with any device that is registering to Skype for Business Online, be it a phone or video system, a licensed Office 365 account is required.  This can be a standard Skype for Business user or a special Meeting Room account.  Generally it is a best practice to use the Meeting Room account which affords the registered device some unique capabilities and behaviors, but it is not a requirement.  This previous article focusing on Online Meeting Room Accounts covers in detail the different configuration options and guidance around each type.

    Once an account is created for the device then a valid Office 356 license needs to be allocated to it before it can be used to register a device.  Typically an empty meeting room might already have an Exchange Online Room Mailbox configured for it which incurs no cost and consumes no license in Office 365, but that is only for room reservation capabilities.  Once that meeting room is equipped with a dedicated Skype for Business device then a Skype for Business license must be assigned to that account, which is not free.

    This means that the devices need only to be concerned with the Skype for Business Online portion of licensing.  The Exchange Online portion of the device’s account is still only a Room Mailbox, so then there is no need for Exchange Online plans to be assigned.  That being said many of the Office 365 licensing plans already include Exchange Online licensing so unless dealing with a standalone plans this point is moot.

    Office 365 Plans

    For those unfamiliar with the various Office 365 licensing plans the following is a list of the current plans which provide Skype for Business Online services in them.  The items in red are the default recommended options in each class and the reasoning for each is explained below.

    Standalone Plans

    • Skype for Business Online Plan 1
    • Skype for Business Online Plan 2

    Business Plans

    • Business Essentials
    • Business Premium

    Enterprise Plans

    • Enterprise E1
    • Enterprise E3
    • Enterprise E5

    The absolute minimum Office 365 license required for a device would be a standalone Skype for Business Online Plan 1 license.  But that plan is not recommended based on its limitation of only being able to join other meetings and not create ad-hoc or scheduled meetings.  On the surface this may not seem like a problem as users would not be sending meeting invitations from device’s account, they create or schedule meetings using their own Skype for Business account.  But what about when a user walks into a conference room that is not booked and simply wants to start an ad-hoc meeting?  Or what about adding new participants into an active meeting from the device itself?  Scenarios like those are covered under the Meeting Scheduler capabilities which are included in the standalone Skype for Business Online Plan 2 tier, hence this being the recommended minimum Office 365 license. 

    But most Office 365 subscribers today are typically not using the a la carte style standalone plans and are instead leveraging a Business or Enterprise plan.  All of the Business and Enterprise plans listed above automatically include Skype for Business Online Plan 2 in them, as illustrated by the following example showing an Enterprise E3 license expanded to list some of the includes services.

    image_thumb[4][3]

    Note the Skype for Business Online (Plan 2) option listed above.  Because all Business and Enterprise plans with Skype for Business leverage Plan 2 capabilities then any of these are sufficient to support joining scheduled meeting and creating ad-hoc meetings as explained earlier. This also illustrates why it is usually incorrect to assign a redundant standalone Skype for Business Online Plan license to an account which is already assigned one of the supported Business or Enterprise plans.

    Now, when only a handful of shared devices are deployed in an environment it can be less administrative work to simply assign licenses to these accounts which are already available in the tenant.  Yet from a a cost-savings standpoint it can be overkill to assign a license which may include many additional features that the device is not capable of leveraging and never would be.

    For example some of the plans listed above include licenses for Office applications which device do not need.  The reason that Business Essentials is recommended over Business Premium is that the more costly Premium license allows the account to install the Office suite software on multiple workstations, but a device-only account would never be used for that.  This same reasoning is why Enterprise E1 is generically recommended over the more costly E3 and E5 licenses as, like Business Essentials, it does not include the Office suite of applications.

    That being said there are other arguments for using Enterprise licensing due to bundled add-on licenses.  In fact there are scenarios where even Business licenses are not valid and would need to be transitioned to Enterprise licenses.  These reasons will be explored in the next section.

    Skype for Business Add-On Licenses

    Some of the following value-add licensing options can provide additional capabilities to the solution depending on what the device is and needs to do.

    Currently the available add-on licenses for Skype for Business Online are:

      • PSTN Conferencing: The Dial-In Conferencing services for joining meetings from a PSTN phone.
      • Cloud PBX: Traditional PBX functionality and support for integration with a traditional PBX system.
      • PSTN Calling: PSTN connectivity hosted directly by Microsoft Office 365.

    Here is one area where Microsoft does have some official guidance available online when dealing with licensing Skype for Business devices.  This Office support article includes both details on the various Skype for Business add-on licenses as well as how they are applicable to the newer Skype Room System v2 platform.  Taking that one step further the various Skype Room System scenarios covered in the article can be extrapolated to any device.  Again this is not specific to a single conferencing product, any meeting device follows the same requirement and guidance.

    That article includes a table which granularly lists various in-room scenarios and which licenses are required to perform those specific tasks.  As already mentioned there are differences between joining meetings and creating meetings from within the conference room itself.  The information on that support article may be a bit confusing to understand at first glance so the important information has been reworded for simplicity’s sake in the table below.


    Standalone Business Enterprise
    Join a
    scheduled
    meeting
    Skype for Business Online Plan 1 Business Essentials
    Business Premium
    Enterprise E1/E3/E5
    Initiate an
    ad-hoc
    meeting
    Skype for Business Online Plan 2 Business Essentials
    Business Premium
    Enterprise E1/E3/E5
    Invite PSTN
    participants
    via dial-out
    Skype for Business Online Plan 2
    + PSTN Conferencing
    N/A Enterprise E1/E3 + PSTN Conferencing
    Enterprise E5
    Assign an
    Enterprise Voice
    phone number
    to the device
    Skype for Business Online Plan 2
    + Cloud PBX
    + PSTN Calling
    N/A Enterprise E1/E3 +Cloud PBX + PSTN Calling
    Enterprise E5 + PSTN Calling


    The table above outlines how, for example, a video conferencing system may only need to be licensed for the basic ability to join meetings, but if it or a conference phone needs to also support the typical use-cases of placing PSTN calls or adding PSTN participants into a live Skype for Business meeting then additional licensing may be required.

    • The first two scenarios are already covered in the Meeting Scheduling capabilities included in any plan equivalent to Skype for Business Online Plan 2.  This underscores why using Plan 1 is not ideal as the second scenario is a common task performed in Skype for Business meetings.

    • The third scenario introduces the need for a PSTN participants to be invited on-demand to the meeting.  As mentioned earlier these meetings are typically scheduled by regular users who may already be granted a PSTN Conferencing licensing and the PSTN dial-in conferencing information would have been included in the invitation email.  A PSTN caller can use that information to manually dial into a conference as usual.  But this third scenario in the table above is something different, it is the ability for the someone in a conference room that is already connected to a meeting to use the device itself to manually add a new participant to the meeting and then use a PSTN phone number to call out to that desired attendee.  This action is performed on the device but the call comes from the Skype for Business server (not the meeting room device) and the callee is brought directly into the meeting when the answering on their PSTN phone.  Assigning a PSTN Conferencing add-on license to a supported plan or using an Enterprise E5 license will provide this capability.

    • The fourth scenario is not related to Skype for Business meetings at all.  This is simply the ability to assigned a PSTN phone number directly to the device so that it can place and receive peer-to-peer calls to and from the PSTN.  Including Cloud PBX is the step, followed by either getting a PSTN Calling plan directly from Microsoft or connecting to a traditional PBX with PSTN connectivity. 

    Important details to further understand the guidance in this table are that (1) the Enterprise E5 plan already includes the PSTN Conferencing and Cloud PBX licenses and (2) that while all three add-on licenses can be used with Standalone and Enterprise plans they cannot be used with any of the Business plans.

    So, if an account with a Business plan needs to leverage some Skype for Business PSTN features there are two potential paths. The recommended option is to simply transition to an Enterprise license for that account.  An alternative might be to instead purchase a standalone Skype for Business Online Plan 2 license and assign it to a account which already has Business Essentials or Premium, further allowing the additional of the add-on licenses.  But that is redundant, as pointed out earlier in this article, as well as more expensive.  For example a Business Essentials license and a Skype for Business Online Plan 2 licenses together cost more than the single Enterprise E1 license does.

    Disclaimer

    Please understand that Microsoft licensing can be very fluid and change over time so the comments in this article are not indicative of any official support statements from Microsoft or any partners.  The information is simply guidance meant to assist the community with successfully navigating what can be a confusing topic so that meeting devices like IP phones or video conferencing systems can be properly deployed.  As these comments are based on my own understanding of the topic gathered from navigating several different sources of information then some or all of this may be at some point rendered inaccurate or invalid.

    Q3 2017 SkypeUG Meetings

    August 10, 2017 by · Leave a Comment 

    The next round of quarterly Skype for Business Users Group meetings has been announced and scheduled starting this month.

    newlogo_title

    Latest News

    Please welcome members to our newest group in Spokane, Washington.

    Event Details

    This quarter’s events will be conducted in our familiar two-session format:

    The first session will cover Microsoft Teams with an In-Depth Demonstration (Chat, A/V, & Meetings). Our second session will focus on Hybrid Architectures & Related Migration Strategies.  We’ll also have a preview of Microsoft Ignite.

    Industry Experts will be on-site to deliver these presentations and help answer any questions related to Skype for Business.  Food, beverages and additional door prizes will be provided courtesy of the Skype for Business Users Group and its official sponsors.


    Western U.S.

    Central U.S.

    Southern U.S.

    Eastern U.S.


    For a full schedule of regional events the Skype for Business Users Group Meetups page lists all planned event locations with links to the associated registration page for each regional group.  For anyone who is not yet a member and would like to participate simply visit the site listed above and register for your local group, this will automatically create a new user account for you to use again for all future event registrations..


    Chicago Event

    As usual I will be hosting the Chicago event which will be held in downtown Microsoft office this quarter.  We will continue with the current plan to alternate locations each quarter between the downtown and suburban Microsoft offices.

    Food will be ready at 5:30pm so come early if you can to spend time socializing with the group before the presentations begin at 6:00pm.

    Date Location Address
    Thursday,August 31st         
    5:30PM – Food and Networking 
    6:00 PM – Presentation Kickoff
    Chicago Users Group Microsoft Technology Center
    200 East Randolph Drive, Suite 200
    Chicago, Illinois, 60601

    Next Page »