Solutions in this chapter:
Microsoft Office Communications Server (OCS) 2007 is Microsoft’s latest version of Live Communications Server 2005. The product provides management for all synchronous communications that take place in real time. This includes instant messaging (IM), voice over IP (VoIP), and audio conferencing and videoconferencing. It will work with your company’s existing telecommunications systems without major hardware upgrades. This means your business can deploy advanced VoIP and conferencing without tearing out its preexisting legacy telephone network.
OCS 2007 also provides improved presence control, a key benefit of the Microsoft unified communications package, which unites all the contact information stored in Active Directory with the various technologies that people communicate with today. Presence provides you with instant information regarding whether someone is available and allows you to contact people with a click of the mouse via IM, a phone call, or videoconferencing.
OCS 2007 is actually the first public version of this product. It builds on the underlying promises and capabilities of Live Communications Server 2005, but OSC 2007 is really much, much more.
OCS 2007 builds on the foundations that Live Communications Server 2005 and Microsoft Office Communicator (MOC) 2005 delivered—namely, presence and IM, federated communications, and remote call control. Newly available key features in OCS 2007 include a number of improvements to the IM and presence capabilities. Some of these improvements include integration with Microsoft Exchange Server distribution lists, as well as the addition of software-powered VoIP that allows users to make, receive, and manage voice (phone) calls using MOC 2007 running on their computers (as well as Universal Serial Bus [USB] telephone devices), and multiparty on-premises audio/video and Web conferencing. OCS 2007 also supports the Interactive Connectivity Establishment (ICE) framework of protocols. This allows your users to take advantage of the aforementioned new communications capabilities from wherever they are located—such as a hotel or a coffeehouse—without needing to establish a virtual private network (VPN) connection. Let’s look at some of these new features a little more closely.
OCS 2007 now provides enterprise users, both inside and outside the firewall, the ability to create and join real-time Web conferences that are hosted on your organization’s internal servers. Meetings such as these are also referred to as on-premises conferences and can be scheduled or unscheduled. In other words, both scheduled (preplanned) meetings and unscheduled (on-demand) meetings can be hosted on your internal servers. These meetings can also include IM, audio, video, application sharing, slide presentations, and other forms of data collaboration, just like outside, hosted services.
We all know that for years now, Microsoft has offered hosted Live Meeting services via the Web. With the introduction of OCS 2007, Microsoft now allows you to bring that same functionality in-house. You or any other enterprise user can also invite external users to join in. An external user is anyone who doesn’t have an Active Directory Domain Services account. People who are employees of your business’s partners, with secure and authenticated identities in your partners’ domain, can also join your conferences and, if invited to do so, can even act as presenters. Thus, many of those meetings you’ve previously outsourced to Microsoft or other companies (e.g., WebEx) can now be maintained inside your network. In addition, an Outlook plug-in, as seen in Figure 2.1, lets you use Outlook’s familiar scheduling interface to set up conferences.
Figure 2.1. Outlook 2007 with Live Meeting Toolbar Plug-in (area enclosed in the rectangle in the upper left section)
By using your own in-house server-based conferencing solution, you can provide your users with a more secure, controlled, and cost-effective collaboration experience. Adding RoundTable, another Microsoft product that we’ll be discussing at length shortly, creates a totally immersive environment by providing a 360-degree view of the location including wideband audio and video by which the participants of your meeting communicate in real time. It’s the closest thing to face-to-face interaction that you can experience.
The first question that comes to mind when I hear the words group IM is “What the heck is it?” Microsoft’s documentation says that group IM refers to an IM conversation that takes place among three or more people. Anyone who has ever used Microsoft, AOL, or Yahoo! Instant Messenger knows that you can create a group IM session in one of three different ways:
You can start a conversation with one person and then invite additional parties to that initial two-person IM conversation.
You can send an IM to multiple individuals at the same time.
Within a domain, you can send an IM to a Microsoft Exchange Server distribution list.
You can now also add Microsoft Exchange Server distribution lists as contacts. The MOC 2007 client allows you to expand your distribution lists through a Web service that’s been exposed on the server. This allows you to invite one or more members of a distribution list group to your IM session. Now your distribution groups of up to 1,000 users can be expanded, and your IM session can include as many as 100 different people.
Also new is the fact that OCS 2007 now supports multiparty audio/video (A/V) conferencing. You and the other users can now specify A/V when scheduling your conference or you can add audio or video to an existing IM conversation or conference call. Management of multiparty audio and video sessions is the responsibility of the A/V Conferencing Server.
Where the A/V Conferencing Server is located doesn’t really matter. It can be colocated with the pool Front-End Server or deployed in the pool on a separate computer for greater scalability. Keep in mind, though, that when deployed on a separate computer, the A/V Conferencing Server can support up to 250 participants within a single session.
As mentioned earlier, OCS 2007 also extends audio conferencing and videoconferencing to external users. The Audio/Video Edge Server performs as a relay for audio and video traffic through your enterprise network and corporate firewalls. Because of this information transfer, it’s now possible for you to share audio and video with external users. As with the A/V Conferencing Server, where the A/V Edge Server is located doesn’t really matter. It can be colocated with the Access Edge Server or it can be installed on a separate computer in the perimeter network. The MOC 2007 client supports peer-to-peer A/V communication for users both inside and outside the organization’s firewall.
The question arises as to when you might use A/V conferencing as opposed to Live Meeting. Most IMs and the included A/V conferencing arise out of spur-of-the-moment communications (at least for me they do). Generally, my group has used it for small, last-minute, unplanned discussions, but I prefer using Live Meeting for meetings with planned agendas and larger groups of participants. A/V conferencing is limited to 250 participants when deployed on a single server. Also, if you are allowing external users access to the meeting and you don’t have an A/V Edge Server, you will need to go with Live Meeting.
Another of these new features is provided through the MOC 2007 client. This new feature is called Enterprise Voice, Microsoft’s software-powered VoIP solution. MOC 2007 now offers Enterprise Voice, the IP telephony component of Microsoft’s Unified Communications solution. Enterprise Voice combines software and telephony to give you what Microsoft calls a full-featured “softphone.” With Enterprise Voice, MOC 2007 can become your main telephone in that it allows you to use your computer as your primary business phone.
Although MOC 2007 is the recommended application for use here, it is not the only one. The Tanjay phone is a stand-alone device that can be used, although the underlying code is based on the MOC 2007 application. We’ll discuss client applications more fully shortly.
The combination of IM, conferencing, audio/video features, full integration with Outlook and Exchange Unified Messaging (UM), and Enterprise Voice allows you to choose the most appropriate way to communicate with your colleagues throughout your business. From your PC, you can place a call by simply clicking on an Outlook or Communicator contact. You can receive calls simultaneously on all your registered user endpoints; how you choose to answer your calls is up to you. You can also receive calls on your mobile phone or other mobile devices using this feature.
Enterprise Voice offers a large number of options that allow you to manage your everyday communications. Think about how Communicator’s call control features, such as call holding, call resume, and call transfer, enable you to manage multiple phone calls at the same time. Each call is handled through a separate Conversation window, so you can efficiently manage your calls.
Enterprise Voice also provides robust call-forwarding and Do Not Disturb features integrated with the rich presence model available in Communicator. These features give you greater control of your time and your workday. For instance, you can manually set your presence state to Do Not Disturb and Communicator will then automatically forward to your voice mail all calls that originate from people other than your team members. Call-forwarding options allow you to forward all your calls to another phone, contact, or voice mail, or even simultaneously ring another number. To top it all off, using Enterprise Voice, you can add context to a call by adding a Subject line and an Importance indicator.
Here are some of the features available to you with Enterprise Voice. First, with Enterprise Voice any calls made to your work phone numbers are automatically converted to VoIP calls. You get VoIP calling features, but you still use the same familiar methods of placing calls to other work numbers.
Second, using Enterprise Voice you can manage multiple calls. Think about it. When you answer an incoming call, all other active calls are automatically put on hold. When you’re finished with the one call, you can then easily resume any call on hold by simply selecting the Resume button in the Conversation window that represents that particular call.
Next, when you set your presence state to Do Not Disturb, you can control how many times you get interrupted during a given period. Keep in mind too that MOC 2007, by default, automatically redirects to voice mail incoming calls other than those from the specific team members you’ve chosen.
Imagine clicking a link within an e-mail and being able to call someone—with Enterprise Voice that’s possible too. Also, just right-click the Presence button in an Outlook item and a context menu object will be displayed. That object will allow you to call a specified contact or contacts involved in the e-mail discussion.
As far as call forwarding and redirect to voice mail are concerned, there are new settings for both of these features that you can control. You can set call forwarding to automatically forward all your calls to voice mail if that’s what you want. You can also control the time interval that an incoming call will ring before it is forwarded to voice mail. Another new feature allows you to redirect your incoming calls to voice mail from Communicator’s actionable call alerts.
The MOC 2007 client also offers call-forwarding rules that are easy to configure. For instance, you can set call-forwarding settings to:
Forward call to. All of your incoming calls can be forwarded to another number. That number could be your mobile phone, a new phone number that you specified, or another contact number or voice mail.
Simultaneously ring this additional number. You can also set the call-forwarding settings to ring an additional number at the same time your default phone number rings if you’re mobile or away from your desk. This feature also helps you to ensure that you receive your phone calls on your mobile phone, even if you’re not logged into the MOC 2007 client on your computer.
Redirect unanswered calls. With MOC 2007 you now can configure call-forwarding settings to specify that if a call is not accepted within a specified time interval, the call is redirected to another number, contact, or voice mail.
Apply call-forwarding rules only during working hours. If you’re running Outlook 2007 and Exchange 2007, you can configure your working hours in the Outlook Work Calendar by selecting Tools | Options | Calendar Options in Outlook. Then you can use the Call-Forwarding Settings dialog box in MOC to apply the call-forwarding settings only during the work hours you set in the Outlook Work Calendar.
Add Subject and Importance to a call. As mentioned previously, you can also add a conversation subject and an importance flag to a call, enabling the call recipient to quickly determine the reason for and urgency of the call.
Using Enterprise Voice, you can participate in IP voice sessions that cross through network address translators (NATs) and firewalls. This means that when you are working at home or on the road you can still call the enterprise from anywhere an Internet connection is available, without incurring long-distance charges or resorting to a VPN. You will be able to receive call notifications on your computer, configure call forwarding in MOC, and access voice mail either from your computer or by calling an access number. And best of all, you can enjoy these features without having to change your existing phone number and with minimal client configuration.
For business customers, Enterprise Voice also provides the following benefits beyond the productivity enhancements users can use. Keep in mind that only minimal hardware additions, and no extensive alterations to existing OCS 2007 and telephony infrastructures, are required. You don’t have to lose the familiarity of your PBX system to enjoy the advantages of Enterprise Voice, as it can be partly or fully integrated with existing PBX systems. You can back out of it on user machines easily as your situation may require. Smart, least-cost routing algorithms are used for calls to the PSTN. VoIP infrastructure management is fully integrated with existing OCS 2007 administrative tools. And finally, bottlenecks and single points of failure in traditional communication networks are eliminated via a distributed architecture.
OCS 2007 supports the Microsoft RoundTable communications and archival system, Microsoft’s new 360-degree surround A/V conference room device that turns an online meeting into a true face-to-face experience. Attending a video conference by using RoundTable is much the same as attending a meeting in person. When you use RoundTable in conjunction with Microsoft OCS 2007 or Live Meeting 2007, a 360-degree view of the conference room, wideband audio, and video are provided to the participants, while the system tracks the flow of conversation among multiple speakers. The audio and video of your entire conference room are delivered to a remote meeting location for your co-workers to interact with in real time.
RoundTable offers the following features:
It’s immersive and participatory. Everyone involved, no matter where they are, converses and shares information as though they are physically in the same room.
It’s collaborative and affordable. Plug-and-play functionality makes RoundTable extremely easy to set up. No need for techies in most cases.
It makes your meetings valuable. Have you ever tried to remember what was said at a certain place in your notes where the coffee stain has all but wiped them out? No problem now. Simply record those meetings for later use both by yourself for note-taking purposes and by those who weren’t able to make it to the meeting. These viewers will have the same meeting experience that those who attended had, plus they’ll be able to fast-forward and rewind.
MOC 2007 now provides new presence state levels to more accurately reflect your willingness and ability to communicate with others. It also now gives you more control over access to your presence information by assigning specific contacts to specified access levels. Let’s take a closer look at some of these new features.
MOC 2007 introduces new presence states and icons. You now have many more options when it comes to presence states, including Inactive and Busy (Inactive) states. The actual presence state in now more accurately represented with the introduction of new presence buttons. Also, presence states now transition from Available, to Inactive, to Away. Intermediate Inactive states are determined by an idle-time setting you set. This setting monitors user activity on the computer to determine the transitions.
According to Microsoft Office Online (http://office.microsoft.com/en-us/help/HA102064651033.aspx), improved presence management allows various levels of access to be assigned to your contacts. This enables you to control who can see your contact information and how much of this information is visible. In other words, you can set up some of your people with certain access to your presence information. This determines what they can and can’t see. You could, for example, set up John and Mary to let them see your mobile phone number and to let them interrupt you with an IM or phone call when you’re in the Do Not Disturb mode. Meanwhile, you can give everybody else company-level access. That way, they see your work phone number, but not your mobile phone. Also, they can’t interrupt you when you’re in Do Not Disturb mode.
Remember that you can assign a Team access level to other contacts. This allows you to set a level of interruption management. This is simply a list of people who can contact you when your Presence status is set to Do Not Disturb. You’re now also able to manually set your Presence status to Do Not Disturb. You can also do this for any incoming IM, Call, or Conference alerts. Remember, though, that when you have set your Presence state to Do Not Disturb, you’ll only be able to see urgent alerts from team members.
Location status is now available from the Presence menu in MOC 2007. You can select either the Home or the Office location, or you can enter a custom location. When you set the Location option, your location information becomes available on your Contact Card. Anyone to whom you’ve granted Personal or Team access levels can now see it.
To explain further, OCS 2007 provides the underlying structure on which client applications, such as MOC 2007, publish and subscribe to the various levels of presence information. This underlying structure includes categories and containers. We can define categories as pieces of information, such as status, location, or calendar state, pertaining to presence. In a similar way, containers are the logical carrier where client applications publish pieces of presence information. When that presence changes, client applications can publish just the individual category instead of the entire presence document.
Nine levels of presence are now available for use with the client applications. Those levels are:
Available
Inactive
Away
Busy (Inactive)
Busy
Do Not Disturb
Offline
Unknown
Blocked
Also remember that six different categories of presence information are now available:
Name/e-mail (your name and e-mail address)
Basic contact information (your title and company)
Detailed contact information (your work phone, work address, office number, SharePoint site, free/busy schedule, notes [out of office], and notes [personal])
Additional numbers (mobile phone, home phone, and other phone)
Location (current location, time away, and working hours)
Meeting details
In MOC 2007, you can assign your contacts to one of the several presence levels mentioned earlier. Which level you choose depends on how much information about yourself you want each contact to see. Keep in mind that each presence level in this structure corresponds to one of the containers we discussed previously. Also remember that each container is associated with a particular amount of information about a user. You may want to assign some people to one level where they may be able to see only your name, job title, company, and e-mail address. At the same time, you might want other people to be assigned to another level where they might, for example, be able to see only your home and mobile phone numbers.
OCS 2007 keeps all of its clients notified of all presence-level changes, depending on the containers for which each client has permission. For example, as you move from one part of town to another as you travel, your supervisor and your spouse can be notified of your movements, whereas everyone else without those necessary permissions for that container are not notified. OCS 2007 supports this capability through the use of access control lists (ACLs) that are based on these containers and categories we’ve discussed.
There are five basic ACLs, listed here from most restrictive to least restrictive:
Blocked. Here, only the name and e-mail information can be seen by those you’ve given access.
Public. With this ACL, only the name/e-mail and basic contact information can be seen.
Company. Here, the name/e-mail, basic contact information, and detailed contact information are available to those who have access.
Personal. In this case, the name/e-mail, basic contact information, detailed contact information, additional numbers, and location can be seen by those you have given access.
Team. Finally, in this least restrictive ACL, the name/e-mail, basic contact information, detailed contact information, additional numbers, location, and meeting details can be seen. Also, these contacts are allowed to interrupt you should they need to talk to you.
OCS 2007 supports all the federation and remote user scenarios that were previously enabled in Live Communications Server 2005. In addition, OCS 2007 introduces the following enhancements to existing federation support:
Federated conferencing
Support for partners with multiple domain names
Improved monitoring and throttling capabilities for federated connections
Let’s take a closer look at these three enhancements. Your company works closely with other companies on certain projects. At those companies, you have people who don’t belong to your domain but still need to be allowed to access your conferences. Those users in those federated domains are considered to be authenticated as far as joining one of your on-premises conference is concerned. There is a difference, though. That difference is that those federated users can’t join a meeting as presenters. They can still be presenters, but they must first join the conference as a participant; once they’ve joined, you can promote them to presenter status during the meeting. Keep in mind, though, that these users can’t organize conferences hosted in your domain.
But what do you do if you have multiple domains in your enterprise? Simple: Enhanced federation now also uses subject alternate names (SANs) in certificates. If you want to make your domain capable of enhanced federation, all you have to do is install a certificate that supports SANs on your Live Communications Server 2005 SP1 Access Proxy or your OCS 2007 Access Edge Server.
Finally, with OCS 2007, you can actively monitor all connections made to your federated domains. This means you can limit traffic from any federated domain that’s not on your Allow list. Additionally, OCS 2007 limits the number of internal users with which these federated domains can communicate. Monitoring of this activity takes place on your Access Edge Server using the Open Federation tab on the Status pane in the OCS 2007 Computer Management snap-in. If you find that a federated domain has a legitimate, but higher than average, volume of communications with your organization, you can add the domain to your Allow list. If you suspect malicious activity, you can block the domain.
Client applications are the tools that your users access, and they use the IM, presence, and conferencing features that are made possible by OCS 2007. Keep in mind that OSC 2007 and these client applications are symbiotic. Without the clients, the features exist as mere potential. Without the server, the clients can do nothing. Let’s talk more about the OCS 2007 client applications.
As I mentioned earlier, MOC 2007 is not the only client available for use with OCS 2007. With that said, according to Microsoft, it is the recommended Unified Communications client for it. MOC 2007 exposes to the end-user the presence, IM, and multimodal conferencing features that OCS 2007 supports. That includes the expanded presence information and the ability to control who sees it, group IM based on Exchange Distribution Lists, and the addition of audio and video to IM conversations. But what other clients are out there that we could choose instead?
If you are more comfortable making calls using a phone than from the MOC 2007 software client, Microsoft has developed the MOC Phone Edition telephone. For the most part, this is a physical version of MOC 2007, with a similar user interface and similar functionality. Like MOC 2007, with the MOC Phone Edition you can place a call either by using the numeric touchpad or by simply clicking one of your contacts. The MOC Phone Edition also supports enhanced presence, Session Initiation Protocol (SIP) signaling, and a user experience similar to that of MOC 2007, all in a desktop telephone. You can also use the MOC Phone Edition to connect either from home or from the office.
Another client you could choose is the Live Meeting 2007 client. This client is the data collaboration and A/V client for both OCS 2007 and the Hosted Live Meeting service. This is important. Think about it—one client that provides a unified collaboration experience across both server-based and service-based conferencing products. That cuts down on software clutter on the client machine.
Finally, the Microsoft Outlook Add-in we talked about earlier is the conference scheduling client for OCS 2007. It’s compatible with Microsoft Office Outlook 2000, 2002, 2003, and 2007.
To make deployment and administrative tasks much simpler, quicker, and easier, Microsoft has overhauled OCS 2007’s setup and management tools, procedures, and capabilities. We’ll discuss several of these improvements in this section.
OCS 2007 features improved scalability via a new, expanded Enterprise pool configuration that supports a single Front-End Server without a load balancer. Expanded load-balancer support now includes offerings from F5, Cisco, Foundry, and WebMux. New server roles can be deployed and managed for conferencing, media, VoIP, and external-user support. Users also now are able to delegate permissions setup, server management, user management, and other administrative tasks where read-only access is adequate. Other improvements include support for disjointed domain name system (DNS) namespaces and for Universal Groups.
Installation improvements to OCS 2007 include integrated setup and management of multiple server roles on a single computer. A new Deployment Wizard clarifies deployment by specifying prerequisites and providing guidance at every step. Scenario-based deployment options guide you from absolute zero to a functional system without having to leave the Deployment Wizard, and new wizards simplify configuration and reduce configuration mistakes. A new Streamlined Certificate Wizard provides step-by-step guidance through the certification process. A single computer running OCS now requires only a single certificate regardless of the number of colocated components, resulting in greatly streamlined certificate management. Deployment has been simplified by eliminating the need for Domain Add. Adding a server to a pool is much simpler, and a domain controller is no longer required to be available in the root domain of the forest.
Management improvements include new conferencing and VoIP policies for specifying and managing usage entitlements; enhanced in-band provisioning for soft clients and devices; and a redesigned Status pane in the OCS 2007 administrative snap-in that makes configuration settings readily available without having to access individual property pages. New database queries and event logs are available through the Status pane of the snap-in.
Administration improvements to OCS 2007 include enhanced intelligent IM filter client version checking, for the purpose of allowing or blocking certain client versions and devices; improved archiving controls that enable global administrators to delegate per-user archiving; new call detail records (CDRs) that provide a way to collect IM, VoIP, and meeting usage statistics; new resource kit tools for CDR querying and reporting; and new resource kit tools for OCS 2007 environment discovery.
Monitoring and troubleshooting improvements include an enhanced MOM pack, which includes support for new server roles. A new tracing and logging tool, OCSLogger, for troubleshooting and debugging is available with the OCS 2007 administrative snap-in. You can use this tool to enable logging, collect and analyze logs, and package logs for sending to Microsoft Customer Support Services. This tool replaces the Flat File logging functionality in Live Communications Server 2005 SP1. A new log analysis tool, Snooper, is available from the resource kit tools for advanced analysis of protocol traffic (SIP, CCCP), troubleshooting voice call signaling, and viewing user and conference state information. A runtime diagnostics module monitors problems (such as server connection and DNS failures, certificate validation failures, client authentication failures, and domain validation issues) and raises MOM-enabled alerts. More detailed error information is conveyed by the server and client. Each error is associated with a unique ID, reason, and detailed parameters. RouteHelper is a resource kit tool that offers an alternative to the administrative snap-in for viewing, modifying, and testing Enterprise Voice number normalization rules, location profiles, voice policy, and routes.
The new OCS 2007 deployment tool provides you with an end-to-end deployment solution that makes your life much simpler. This new tool provides step-by-step guidance not only through your installations, but also through the configuration and activation of all your server roles, as well as validation of the installed deployments.
The deployment tool will guide you through the end-to-end deployment process by means of a variety of new wizards that take most of the guesswork out of your normal, common deployment tasks. Those new wizards include the Setup Delegation Wizard, Certificates Wizard, Create Enterprise Pool Wizard, Deploy Server Wizard, Add Server to Pool Wizard, Server Configuration Wizard, Activation Wizard, and Validation Wizard.
The Setup Delegation Wizard allows you permissions on the various Active Directory objects to delegate the various setup tasks, even when you aren’t authorized.
The Certificates Wizard helps you to configure a certificate for your local server based on the selected server role and any earlier deployment configurations you may have set. Using this wizard, you can create a new certificate request, import a certificate, export a certificate, or assign an existing certificate. You can then either create the certificate request online and transmit it when completed or create and save the certificate request offline for submission at a later time. You are in control.
The Create Enterprise Pool Wizard allows you to create various Active Directory objects and the pool’s backend databases.
The Deploy Server Wizard helps you to install and activate the Front-End Server and all conferencing server components on a single Standard Edition server.
The Add Server to Pool Wizard provides assistance with the installation and activation of the Front-End Server and all conferencing server components on a single Enterprise Edition: Consolidated Configuration server.
The Server Configuration Wizard provides step-by-step procedures for configuring each server role and pool.
The Activation Wizard requests the user input that is necessary to activate local servers.
And finally, the Validation Wizard provides easy-to-follow, step-by-step testing procedures allowing you to know for sure that a deployment has been installed, configured, and activated correctly. It also then checks for you to make sure that the deployment is working properly.
You can manage your installation much more easily now that the OCS 2007 snap-in for the Microsoft Management Console (MMC) has been redesigned. Some of these changes include eliminating clutter, making descriptive text more specific, improving discoverability, and reducing the number of exposed settings to only those that administrators require for normal operations. The Status pane of this snap-in allows you to configure your forest, domains, pools, servers, and users with ease. You no longer have to navigate through the MMC to find the specific settings you’re looking for. The Status pane also features a new Database tab. This tab allows you to query a pool’s backend user and conferences databases. Each query is then displayed as an expandable item in a list.
An important fact to remember is that OCS 2007 supports the native mode Universal Groups available in the Microsoft Windows Server 2003 and Windows 2000 Server operating systems. This means that as a member of any of these Universal Groups you can include other groups and accounts from any domain in the domain tree or forest. You’ll also be able to be assign permissions in any domain in the domain tree or forest. Universal Group support, combined with administrator delegation, greatly simplifies management of your OCS 2007 deployment.
You’re also now able to customize your clients to meet the needs of your installation. Your control over enabling or disabling features you want is centralized and can be chosen according to your security policy and network infrastructure. This happens through in-band provisioning. This also provides a way to configure all your roaming clients, those outside the reach of your Group Policy. In-band provisioning is also now extensible. More settings are now provided by the server too.
The big question in my mind after reading all about this in Microsoft’s preliminary literature was “What’s it used for?” The answer is simple. OCS 2007 uses in-band provisioning to pass user identity and server configuration information to the client. The information conveyed in the user identity category is used to display the username and e-mail address in the client. The server configuration category contains such information as Address Book Server download URLs, group expansion Web service URLs, console installation URLs, and conference troubleshooting URLs.
I know you’ve been sitting there with this question burning in the back of your mind and you wanted to ask but were afraid. The question? How do MOC 2007 clients get their Global user information? The answer is that it’s provided via the Address Book Server. “But,” you say, “in Live Communications Server 2005 SP1, Address Book Server was optional.” You’re correct. If you remember, it also had to be installed separately from the server. In OCS 2007, Address Book Server is required and is a fully integrated Front-End Server component. It’s installed by default automatically as part of both Standard Edition and Enterprise Edition setups, so you can rest easier now.
Come to think of it, your job just got a whole lot easier with OCS 2007. As an administrator, you can now easily define a global meeting policy using the OCS 2007 administrative snap-in. An OCS 2007 meeting policy determines the maximum allowed meeting size, color definition for application sharing, types of supported media, and whether and how programs and desktops can be shared with federated and/or anonymous users. You can choose from one of five freely available predefined policies or you can define a custom policy.
Are you one of those people who need to know how your network communications are being used? Although some people gather this type of information simply to justify their own existence (and in this time of paper-pushing bureaucrats who have no idea what IT means, it is sometimes necessary), being prepared for surges in network use and allotting the correct amount of resources to the heaviest uses are justifiable reasons for gathering this type of data. CDRs capture data about your users’ activities, such as participating in IM conversations and starting and joining conferences. CDRs make it easy to collect both IM and meeting data and to then generate reports on their use. This data can then be used to determine network bandwidth load, employee usage patterns, and return on investment.
Now it comes down to choosing what data to capture. You, as the network administrator, can choose and specify which IM and conferencing usage data you want. IM data includes call details, file transfers, audio and video calls, and remote assistance calls. Meeting data includes the number of meetings, number of participants joining a meeting, number of data and A/V instances joining a meeting, and details about peer-to-peer IM sessions and group IM sessions.
CDRs also allow you to monitor the amount of IM and conferencing activity you want for the purpose of developing data and metrics about how productive your employees are and how they are using the network. Then you, as I said earlier, can use this data to justify your technology investments. You can also use it to determine the return on investment to show your bosses how good you are.
Some Independent Advice
An important thing to keep in mind when planning your installation is that if there is an outage, disruption, or other degradation of the power, network, or telephone services at your location, the voice, IM, presence, and other features of OCS 2007 and any device connected to OCS 2007 may not work properly. Voice communications via OCS 2007 depend on the availability of the server software and the proper functioning of the voice clients or the hardware phone devices connecting to the server software. Anywhere you install a voice client (e.g., a PC running MOC 2007 or a MOC Phone Edition device), you should make sure you maintain a backup option for users to call emergency services (911, 999, etc.) in case of a power failure, network connectivity degradation, telephone service outage, or other problem that may inhibit operation of OCS 2007, MOC 2007, or the Phone Edition devices. Such alternative options could include a telephone connected to a standard PSTN line or a cell phone.
Another thing you need to be aware of in your planning is that the use of a multiline telephone system (MLTS) may be subject to U.S. (state and/or federal) and foreign MLTS laws that require the MLTS to provide a caller’s telephone number, extension, and/or physical location to applicable emergency services when a caller makes a call to emergency services (e.g., when dialing an emergency access number such as 911 or 999). Keep in mind that OCS 2007, MOC 2007, and MOC Phone Edition devices do not provide the caller’s physical location to emergency services when a caller dials those emergency services. Compliance with such MLTS laws is the sole responsibility of the purchaser of OCS 2007, MOC 2007, and MOC Phone Edition devices.
Both OCS 2007 and MOC 2007 are filled with new and improved features that enhance your enterprise communications. For MOC 2007, new sign-in improvements include:
Manual configuration of server name
Sign-in user interface integration into a single screen
Event logging
Let’s look at these improvements more closely. Now you can manually configure both internal and external server names for how you will connect to OCS 2007 from both inside and outside the firewall. The sign-in user interface for the client is centralized now so that the sign-in address, username, and password are handled on one screen. It now also provides event logging of sign-in errors, complete with the how and why and even suggested steps you should take to make troubleshooting much easier.
At the same time, there are improvements to tabs in MOC 2007. Those improvements include:
Improved user interface for tabs
Contextual information
When you look at these two areas of improvement more closely, the tabs in the MOC 2007 client window are now more tightly wrapped into the Communicator user interface. Now the client user interface displays in the upper portion of the application’s main window and tabbed content displays in the lower portion. This allows you to expand and collapse the content area for tabs as necessary (this is available with both the Remote Call Control [RCC] and Unified Communications [UC] configurations).
Also, developers can now send contextual information to a tabbed page in the client. This is possible by invoking a script in the tab page rather than using the traditional GET/POST method. This method enables a faster page refresh, but it also means that passing contacts by HTTP GET/POST is no longer supported. Support is available to pass contacts, groups, and distribution groups, or any combination thereof. Anyone using or wanting to use this feature must implement this script (this is also available with both the RCC and UC configurations).
The following improvements for audio and video devices are also available in the client:
Support for audio USB devices
A USB handset display
A speakerphone button in the Conversation window
Automatic audio and video setup
Let’s look at these improvements a little more closely. MOC 2007 now supports telephony-class USB audio devices, including handsets and headsets. We talked about one of them earlier in the chapter. The client also now supports USB handsets with displays that show call alerts, call subject, and caller information and timer. Sounds are now integrated with USB handset displays to enhance your calling experience. A speakerphone button has been added to the client Conversation window. This means you can toggle your call audio between speakers and a USB handset or headset. Finally, the audio and video setup experience is significantly improved. Some of those new improvements include:
Automatic detection and selection of devices. This improved feature automatically detects and selects audio and video devices. That includes USB handsets and headsets, speakers and microphones, and Web cameras. As with other plug-and-play applications, if one of the devices is detached/reattached or a new device is attached, Set Up Audio and Video automatically reconfigures the devices for you.
Option to use high-fidelity speakers for call audio instead of speakerphones. If you have USB handsets and headsets, Set Up Audio and Video provides you the option of selecting an alternative device (other than the USB handset or headset) for playing audio from calls. This allows you to play the audio from that call from your boss, for example, on high-fidelity speakers to make him sound better.
Option to select the device to play program sounds. Finally, you can also now use Set Up Audio and Video to select a device (other than the default audio device) to play program sounds such as a ring for an incoming call or an IM. This allows you to put it on those speakers and really annoy the person in the next cubicle.
One of the things you are going to get with MOC 2007 is improved manageability. You now have at your disposal new server configuration settings and policies allowing you far superior administrative control than you’ve had before. Telephony modes, location profile (for outbound call routing), the Uniform Resource Identifier (URI) for the A/V Authentication Service, the voice mail URI, and the Exchange UM URI can all now be configured and managed using the server Windows Management Instrumentation (WMI) settings.
Status and notification alerts are now combined into a single setting. Also, the busy mode alert has been discontinued and you don’t have to worry about that anymore. Your alerts can also now be configured so that you receive conversation alerts, but not notification alerts.
You also have new logging options available now. You can choose to enable logging and to document how the MOC 2007 client performs. The client now provides a Turn on Logging in Communicator option. This goes hand in hand with the EnableTracing Group Policy. There is also a Turn on Windows Event Logging for Communicator option. This corresponds with the EnableEventLogging Group Policy. When turned on, errors are written to the system event log. You can then view them in the Windows Event Viewer.
The auto-archiving (DisableAutoArchive) policy is now separated into two policies: the IMAutoArchiving policy and the CallLogAutoArchiving policy. This provides you even more control over your archiving decisions.
Allowing access for users from outside your domain is now easier too. Settings to enable IPAudio, IPVideo, and AVConferencing, previously available only as Group Policy objects, can now be set up and provisioned in-band.
With MOC 2007, the connectivity between the client and the server is strengthened. When you first log on, your SIP URI is auto-populated. Connectivity between the client and the server for various DNS configurations is also strengthened. This is accomplished by retrying all servers returned by DNS.
The way error messages are handled has also been significantly improved. Error Message Reporting for both Enterprise Voice and Conferencing is now available. You can now just click a link in the error message and open a Web page for additional details and how you might be able to fix the error.
Client applications are the tools with which end-users access and use the IM, presence, and conferencing features that are made possible by OCS 2007. Without the clients, the features exist as mere potential. Without the server, the clients have nothing to do.
OCS 2007 supports the following client applications:
MOC 2007 is the recommended Unified Communications client for OCS 2007. The MOC 2007 client exposes to the end-user the presence, IM, and multimodal conferencing features that OCS 2007 supports. This includes expanded presence information and user control over who sees it, group IM based on Exchange Distribution Lists, and the addition of audio and video to IM conversations. The MOC 2007 client is the application for synchronous communication. Synchronous means the communication takes place in real time. Examples of this include phone conversations as well as face-to-face conversations. MCO 2007 is therefore the primary tool for obtaining presence and directory information, IM, telephone calls, and A/V conferencing.
MOC 2007 is an all-in-one client solution that helps you get more done by allowing you to communicate easily with clients and co-workers in different places and time zones using a variety of communication options, including IM, voice, and video. Integration with programs across the 2007 Microsoft Office system—including Word, Excel, PowerPoint, OneNote, Groove, and SharePoint Server—gives you many different ways to communicate with other information workers via a consistent and simple user experience.
MOC 2007’s innate and natural design makes it easy for you to use. Features including click-to-call and the ability to shift conversations from IMs to phone or videoconferences on the fly make it very easy to use. The client also helps you control incoming communications with alerts, automatic call forwarding, and the ability to manually set your status light. For example, you can set your status to Busy when you need to focus on something specific, and MOC 2007 will route all your incoming calls to voice mail.
MOC 2007 also integrates the entire communications experience into the Microsoft Office system. Presence information appears wherever a contact’s name appears: in a document workspace, on a Microsoft Office SharePoint Server site, or in an e-mail string. Also, with MOC Mobile 2007, you can have tools such as presence and click-to-call on your Windows Mobile-powered devices.
So, while MOC 2007 is Microsoft’s preferred UC client for OCS 2007, as I said earlier, it is not the only one. Here are some others.
MOC Phone Edition As mentioned earlier, Microsoft has developed the MOC Phone Edition telephone for organizations or users who are more comfortable making calls from a phone-like device than from the MOC software client. Again, for most purposes, the MOC Phone Edition phone is a physical version of MOC 2007, with a similar user interface and comparable functionality. Like MOC 2007, the MOC Phone Edition allows you to place a call either by using a numeric touchpad or by clicking one of your contacts. Just like the software client, the MOC Phone Edition also supports enhanced presence, SIP signaling, and a user experience similar to that of MOC, all in a desktop telephone. Again, you can use the MOC Phone Edition to connect from home or in the office.
Microsoft Office Live Meeting 2007 client The Live Meeting 2007 client is the data collaboration and A/V client for both OCS 2007 and the Hosted Live Meeting service. It provides a unified collaboration experience across both server-based and service-based conferencing products.
Microsoft Outlook Add-in The Microsoft Outlook Add-in is the conference scheduling client for OCS 2007. It is compatible with Microsoft Office Outlook 2000, 2002, 2003, and 2007.
Like its predecessor, Live Communications Server 2005, OCS 2007 is available in two editions: Standard Edition and Enterprise Edition. Both support the full suite of IM, presence, conferencing, and VoIP features. Let’s look at each one now.
The Standard Edition server hosts all the necessary server components and services, as well as the database for storing the user and conference information, on a single Front-End Server. Because it requires a minimal hardware investment and minimal management overhead, the Standard Edition configuration is ideal for small and medium-size businesses as well as for branch offices. It is intended for deployments with fewer than 5,000 users either in total or at a particular location where high availability is not a requirement. The Standard Edition provides full functionality for small organizations.
The Enterprise Edition of OCS 2007 separates the server functionality from data storage to achieve higher capacity and availability. An Enterprise Edition pool typically consists of two or more Front-End Servers, each fronted by a hardware load balancer and connected to a backend database. (If needed, it is also possible to deploy a single Front-End Server without a load balancer.) Optionally, certain conferencing components can be deployed on separate computers for higher capacity and availability. The Enterprise Edition is appropriate for medium, large, and very large organizations.
Enterprise Edition: Consolidated Configuration is a pool configuration in which all the server components are colocated on the pool’s Front-End Servers (the only exception is the placement of the backend database that must reside on a separate dedicated computer). Consolidated Configuration provides scalability and high availability while still being relatively easy to plan, deploy, and manage.
Enterprise Edition: Expanded Configuration, on the other hand, offers maximum capacity, performance, and availability for large organizations. Expanded Configuration enables your organization to scale up specific A/V or Web conferencing requirements independently from other Enterprise Edition server components. For example, if your A/V traffic increases more rapidly than other traffic, you can meet this increase by deploying only additional A/V Conferencing Servers rather than entire Front-End Servers.
OCS 2007 conferences provide rich multimedia experiences that include data collaboration, group IM, audio and video, and multiparty audio conferencing. For each media type there is a corresponding conferencing server, or multipoint control unit (MCU), that manages and coordinates the use of that media type during the course of a meeting. OCS 2007 ships with four conferencing servers:
IM Conferencing Server. Provides server-managed group IM
Web Conferencing Server. Enables multiparty data collaboration
A/V Conferencing Server. Enables audio conferencing and videoconferencing
Telephony Conferencing Server. Enables audio conference integration with audio conferencing providers (ACPs)
The IM Conferencing Server and Telephony Conferencing Server always run as separate processes on the Standard Edition server or Enterprise Edition Front-End Server. The Web Conferencing Server and A/V Conferencing Server can optionally be deployed on separate computers within an Enterprise pool.
With both the OCS 2007 Standard and Enterprise editions, the Front-End Server is responsible for the following tasks:
Handling signaling among servers and between servers and clients
Authenticating users and maintaining user data, including all user endpoints
Routing VoIP calls within the enterprise and to the PSTN
Initiating on-premises conferences and managing conference state
Providing enhanced presence information to clients
Routing IM and conferencing traffic
Managing conferencing media
Hosting applications
Filtering SPIM (unsolicited commercial IM traffic)
An edge server is an OCS that resides in the perimeter network and provides connectivity for external users and public IM connections. Each edge server has one or more of the following roles: Access Edge Server, Web Conferencing Edge Server, or A/V Edge Server.
Edge servers enable your internal and external users to communicate using the MOC 2007 or Live Meeting 2007 client. Depending on your needs, you install edge servers in one or more of the following roles:
Access Edge Server. This used to be known as the Access Proxy. The main thing to know here is that this server handles all SIP traffic across your corporate firewalls. This SIP traffic is required to set up and validate connections. It doesn’t handle data transfer and it doesn’t authenticate users. Active Directory access is required to perform authentication. Authentication of inbound traffic is performed by the Director or the Front-End Server. A Director is an OCS 2007 Standard Edition server or Enterprise pool that doesn’t host users and that resides inside an organization’s firewall. Having a Director is not mandatory, but it is strongly recommended. Keep in mind that the Director role is used to route traffic to the proper pool or server. It also acts as a middleman between the Access Proxy role and other front-end servers. If a hacker manages to get in and compromises an Access Proxy server, he can’t bring down Active Directory or any of the front-end servers. That’s because the Director role takes the main force of any potential denial-of-service (DoS) attack. If a Director isn’t deployed, this authentication is performed by the Front-End Server on the pool or on a Standard Edition server that you’ve designated to do so. Edge servers don’t have Active Directory access because they’re deployed in the perimeter network outside Active Directory. If you’re using conferencing, remote user access, federation, or public IM connectivity in your enterprise, you must have an Access Edge Server.
Web Conferencing Edge Server. In relatively simple terms, the Web Conferencing Edge Server enables data collaboration with external users. It proxies Persistent Shared Object Model (PSOM) traffic between the Web Conferencing Server and the external clients. The Web Conferencing Edge Server has to approve any traffic from outside the domain before it ever sees it. The Web Conferencing Edge Server requires users outside the domain to use TLS connections and to obtain a conference session key.
A/V Edge Server. This server provides a single trusted connection point where both inbound and outbound media traffic can securely cross NATs and firewalls. Basically, it enables audio conferencing and videoconferencing and A/V peer-to-peer communications with external users who are equipped with the MOC 2007 client. Peer-to-peer communications travel between the clients and don’t go through the A/V Conferencing Server. ICE is the industry-standard solution for multimedia traversal of firewalls. ICE is based on the Simple Traversal Underneath NAT (STUN) and Traversal Using Relay NAT (TURN) protocols. The A/V Edge Server is a STUN server. All users are authenticated to secure both access to the enterprise and use of the firewall traversal service that the A/V Edge Server provides. To send media inside the enterprise, an external user must be authenticated and must have an authenticated internal user agree to communicate with him or her through the A/V Edge Server. The media streams are exchanged by using the Secure Real-time Transport Protocol (SRTP), which is an industry standard for real-time media transmission and reception over IP.
Keep in mind that you can install these edge servers on a single computer or on separate computers. For reasons of economy and simplicity, the recommended deployment for most organizations is to colocate the Web Conferencing Edge Server with the Access Edge Server but to install the A/V Edge Server, which requires greater bandwidth, on a separate computer. Group IM and data collaboration with external users also require deploying an HTTP reverse proxy in the perimeter network.
The OCS 2007 Mediation Server provides signaling and media translation between the VoIP infrastructure and a basic media gateway. A Mediation Server also links OCS 2007 with a PBX in both the departmental deployment and PBX integration topologies.
The Mediation Server is deployed as a stand-alone application inside the firewall. On the OCS side, the Mediation Server listens on a single mutual TLS transport address. On the gateway side, the Mediation Server listens on a single Transmission Control Protocol/Internet Protocol (TCP/IP) transport address.
The main functions of the Mediation Server are as follows:
Translating SIP over TCP (on the gateway side) to SIP over mutual TLS (on the Enterprise Voice side)
Encrypting and decrypting SRTP on the OCS side
Translating media streams between OCS and the media gateway
Connecting clients that are outside the network to internal ICE components, which enable media traversal of NAT and firewalls
Acting as an intermediary for call flows that a gateway does not support, such as calls from remote workers on an Enterprise Voice client
From the perspective of the Enterprise Voice infrastructure, the combination of the basic media gateway and Mediation Server appears as a single entity. Together, they are the logical and functional equivalent of an advanced media gateway. When advanced media gateways become available, enterprises that deploy them no longer need a dedicated Mediation Server. Meanwhile, the basic-hybrid media gateway provides an interim solution for organizations that prefer to avoid deploying and managing a gateway and Mediation Server separately. A typical organization supports multiple gateway–Mediation Server combinations, depending on the number of office locations, the number and distribution of Enterprise Voice users, network traffic, and performance requirements.
The Archiving and CDR Server provides the following capabilities:
Archiving of all IM conversations for all users or for individual users that you specify
Archiving of CDRs for all users
Messages from the OCS Front-End Server are sent through the Windows Server Message Queuing service to the Archiving and CDR Server, which uses a Microsoft SQL Server database to store archived information. An Archiving and CDR Agent is installed as part of every OCS Standard Edition server or Enterprise Edition server.
Although the Archiving and CDR Agent is automatically installed, to archive IM traffic and call data you must configure the Archiving and CDR Agent and the Archiving and CDR Server to which the Archiving and CDR Agent connects.
The Archiving and CDR Server receives the IMs and call data from the Archiving and CDR Agent and stores the information in a SQL database. The Archiving and CDR Server consists of three components:
Destination queue, which is managed by Microsoft Message Queuing
Archiving and CDR Service component
Archiving backend database
The Archiving and CDR Server component reads messages from the Archiving and CDR Agent in the destination queue and writes the messages to the archiving backend database.
What about Web access? What about a messaging client you can use that doesn’t require anything more than a Web browser? Enter the 2007 version of MOC Web Access. By combining the power of Microsoft Exchange Server 2007 and Microsoft OCS 2007, this software provides access, presence, and IM anywhere to anyone with Web access. The application looks and feels like the desktop version of MOC 2007. Keep in mind too that the 2007 version of Communicator Web Access builds on the foundations laid by Live Communications Server 2005 with SP1 and the 2005 version of Communicator Web Access.
Using Communicator Web Access is as easy as typing a URL into your browser. That means you can access it from just about anywhere you have access to the Internet; from home, from the road, or even from a public Web kiosk. Keep in mind that there’s no need for additional software or hardware.
Other than being able to access it from the Web, what other features does this application offer? Some of the features include:
Zero installation. As I said earlier, there’s no additional software or hardware to be installed. You simply log in using a supported browser. Wonders never cease; you don’t even have to install any ActiveX controls.
Multiple browser and operating system support. Remember, you will need a supported browser to use Communicator Web Access. Table 2.1, from the “Getting Started with MOC Web Access (2007 release)” document, discusses the supported operating systems, browsers, and authentication mechanisms. Notice that although Linux isn’t supported, Communicator Web Access does work.
Table 2.1. Supported Operating Systems and Browsers
Operating System
Browser
Authentication Mechanism
Windows 2000 SP4
Microsoft Internet Explorer 6 SP1
NTLM
Kerberos
Forms-based
Custom
Windows XP SP2
Internet Explorer 6 SP2
NTLM
Windows Internet Explorer 7
Kerberos
Forms-based
Custom
Mozilla Firefox 2.0 and later
Forms-based
Custom
Windows Vista, Enterprise
Internet Explorer 7
NTLM
Edition
Kerberos
Forms-based
Custom
Mozilla Firefox 2.0.0.3 and later
Forms-based
Custom
Mac OS × 10.4.9
Apple Safari 2.0.4
Forms-based
Firefox 2.0 and later
Custom
Digital certificate security (MTLS/SSL). Remember that all communications between Communicator Web Access and OCS 2007 can be, and perhaps should be, secured with Secure Sockets Layer (SSL).
And those are only a few of the features available to you. But what can you do with all these features? Some of the tasks you can perform include:
Manage contacts
Set your presence
View presence for others
Write a personal note
Send and receive IMs
Forward incoming calls
Redirect incoming audio calls
Other requirements you should consider include the operating system. At a minimum, Microsoft recommends using Windows Server 2003 SP1R, but you should consider going ahead with Windows Server 2003 R2. The minimum supported configuration for Active Directory is Windows 2000 SP4 in Native Mode. Version 2 of the .NET Framework is required by OCS 2007, and any server running IIS must be running Version 6. The minimum version of SQL Server is SQL Server 2000 SP4 or SQL Server 2005 SP1. The recommended version is SQL Server 2005 SP2.
We all know that planning is essential to successful deployment. In fact, it is always good to keep in mind the Seven Ps: Prior Planning and Practice Prevent Pretty Poor Performance. (For those of you familiar with the Seven Ps, I’ve modified the fifth P to make it suitable for a general audience.) The new OCS 2007 deployment tool, combined with new wizards for many of the more common, everyday tasks such as configuring pools and obtaining certificates, greatly simplifies the process of installing, configuring, and activating OCS 2007. But the deployment tool and wizards don’t take the place of planning (keep in mind those Seven Ps); they simply make it much easier to carry out your plans. Microsoft’s OCS Planning Guide suggests that you follow these steps when planning your installation:
Determine key planning decisions The first thing you and your staff need to consider before choosing your topology is your main decision points.
Select your topology You should probably consider several different sample deployments based on the size and functionality you’re seeking. This process should guide you through the possible options available to you while planning your deployment.
Plan your deployment path Develop an overview of the deployment process and summarize all the important things you need to remember when you begin your OCS 2007 deployment.
Prepare your infrastructure What are your requirements for Active Directory Domain Services, certificates, DNS, automatic client sign-in, and ports? Make sure you’ve taken them into consideration.
Review system and network requirements Make a list of all your hardware and software requirements for all OCS 2007 server roles and clients.
Plan for external user access Develop a set of guidelines you will follow in deploying OCS 2007, especially when considering your perimeter network for the purpose of supporting messaging, presence, and conferencing with users connecting from outside your organization’s firewall.
Plan for deploying load balancers Make sure you examine your hardware load-balancer requirements and configurations for an Enterprise pool. You should also evaluate the advantages of using hardware load balancers with edge server arrays.
Plan for VoIP Look at all the factors, requirements, and configuration tasks you’ll need to consider to deploy Microsoft’s software-powered VoIP solution.
Plan for the Address Book Server Examine the requirements of supporting the Address Book Server, including IIS, network file sharing, and required disk space.
Plan for high availability and fault tolerance Develop a set of guidelines to follow to ensure high availability. You should also determine which OCS 2007 features you’ll need to optimize availability and fault tolerance.
Plan for database storage Determine your storage requirements for the databases and file shares that OCS 2007 will require. This should include all storage requirements for archiving and CDRs, databases, and new messaging support for rich text format. You’ll also want to examine your requirements for Redundant Array of Inexpensive Disks (RAID; DAS), NAS, and SAN trade-offs, as well as basic calculations of disk space you’ll need per meeting and per pool, based on the numbers of users.
Plan for compliance and usage analysis Finally, you’ll need to determine how you’re going to meet compliance requirements for archiving and CDR.
Let’s take a few minutes now to discuss how to perform a new installation and an upgrade.
Let’s discuss in a bit more depth what you need to do to prepare for a new installation. Microsoft says the first step is to determine what your key planning decisions are. What does that mean? Basically, it means you need to do two things: Determine what features you want in your installation and examine your business environment for specific needs.
The basic installation of the Standard Edition server or Enterprise pool will include IM, presence, and conferencing for users within your organization. Next, it’s just a matter of deciding what bells and whistles you want to add. For instance, although no additional components are required for the Standard Edition should you want on-premises Web conferencing, A/V conferencing, or Address Book Server, you’ll need the Web Conferencing Server and Web Components Server for Web conferencing, the A/V Conferencing Server for A/V conferencing, and the Web Components Server for Address Book Server in the Enterprise pool. If you want archiving and CDRs you’ll need to install the Archiving and CDR Server. External user access, federation, and public IM connectivity will require installation of the Access Edge Server and an HTTP reverse proxy. If you want to include external users in your Web conferencing you’re going to need both the Web Conferencing Edge Server and the HTTP reverse proxy, whereas A/V conferencing with external users will require an A/V Edge Server. If you want to provide IM with presence through a browser you’ll need to install Communicator Web Access Server. Finally, if you want to use Enterprise Voice you’ll need to install one of the following three options. Your first option is to install the Mediation Server and a basic media gateway. Your second option is the basic-hybrid media gateway where the Mediation Server is colocated with the basic media gateway. Your third option is the advanced media gateway, where the Mediation server logic is incorporated into the gateway design (not yet available at the time of this writing), and the A/V Edge Server (where the A/V authentication service is colocated).
Once you’ve decided what features of OCS you want to install, your next step is to evaluate your organization’s requirements. The four main points you need to address regarding your organization’s requirements are:
How important is high availability to your organization?
Where are the various components of your organization located?
Do you plan to support external user access?
Do you plan to deploy Enterprise Voice?
Let’s look at the availability question first. Is high availability a requirement for your organization? Only you can make this call. Is this component of your business going to be mission-critical? If clients and customers are going to be using it, your answer should be “yes.” If internal training is using it, you must decide how important internal training is. No book or high-priced consultant is going to answer this for you. This is your decision. If you need high availability, the Enterprise pool is appropriate. On the other hand, if high availability is not a requirement and simplicity and economy are more important, the Standard Edition server would be more appropriate. We discussed the differences between these two options earlier in this chapter, so we won’t rehash the pros and cons of the two options here.
The next question you need to ask is where your staff is located. Microsoft recommends that if your organization is geographically dispersed and connected across various wide area networks (WANs), you should place a Standard Edition server or an Enterprise pool in each local site. I agree. The addition of new and expanded audio and video features in OCS 2007 requires greater bandwidth. You can achieve a better user experience with a local server or pool than you can by using the centralized model servicing remote sites, as in Live Communications Server 2005.
Another reason you might want to go with local servers at your sites is if you have more than 100 users at each site. Again, bandwidth is the main consideration here, as it is if you want to allow external users access to internal Web conferences and A/V conferences. In this case, you should probably deploy a local Web Conferencing Edge Server and A/V Edge Server due to the higher bandwidth requirements of this traffic.
Keep in mind that anytime you allow external user access you’re going to need an Access Edge Server. You will also need an HTTP reverse proxy for those external users to download Address Book files, expand distribution lists, and download meeting content for Web conferences. Supporting external user participation in Web conferencing requires a Web Conferencing Edge Server. Making media such as audio and video available to external users means that you need to deploy an A/V Edge Server. Of course, all three edge server roles can be colocated on a single computer for a small deployment, or you might want to use a load balancer with multiple servers to support even more users.
The last of our four major considerations is whether you are going to enable Enterprise Voice. If so, you’ll need two things: a media (IP/PSTN) gateway to handle calls between users enabled for VoIP and the PSTN, and an OCS 2007 Mediation Server to handle the traffic between the gateway and your internal Communications Server infrastructure.
As discussed previously, there are three ways to deploy a Mediation Server and media gateway. Those three options are to install a basic media gateway and a separate Mediation Server; install a basic-hybrid gateway, in which the basic gateway and Mediation Server are colocated on a single computer; and install an advanced media gateway, where the Mediation Server logic is incorporated inside the gateway software.
You’ll also need to plan for the normalization of the phone numbers you have stored in your Active Directory and then create dial plans for each location where your organization does business. To provide call answering, subscriber access, and auto-attendant services, you’re also going to need to deploy Microsoft Exchange Server 2007 UM and then configure Exchange UM and Communications Server to work together. You have two main deployment scenarios when it comes to Enterprise Voice. You can choose stand-alone configurations in greenfield or departmental scenarios, or PBX coexistence.
The next step in your planning phase should be to select a topology. Microsoft, in its Office Communications Server 2007 Planning Guide, presents three examples of OCS 2007 topologies that provide IM and conferencing functionality and other features: small to medium-size deployment, centralized enterprise deployment, and global deployments. I won’t discuss these in detail here. The point is that you should download the Planning Guide and carefully examine these three scenarios. Depending on your requirements, you can combine the different pieces of these example deployments to meet your company’s needs.
The next step concerns how to plan your deployment path. There are three areas of concern:
Things you need to know before deploying
An overview of the deployment process
Permissions required for deployment
There are some important things you need to know about the OCS 2007 requirements before you start. First, a PKI is required for OCS 2007. If you don’t have an internal PKI, you’ll need to use a public certificate authority (CA). Also, all domains where you deploy OCS 2007 require Windows 2000 native mode minimum (Windows Server 2003 native mode is strongly recommended). OCS 2007 can’t be installed in a mixed-mode domain. You’ll need a certificate issued by a public CA for federation and public IM connectivity; also, keep in mind that public IM connectivity is going to require an additional license.
If you are considering using voice, you need to know what to do in case of power, network, or telephone service outages. Remember than enterprise voice depends on server availability and voice client and hardware operability. You should also consider a secondary or backup method of contacting emergency services. Also remember that neither OCS 2007 nor any of its components provide a caller’s physical location to emergency services when a caller dials emergency services. This may be required in some states or locations.
Things you should keep in mind when considering Web conferencing are fragmentation and virus scanning. You need to defrag the drives where meeting content is located from time to time. This is considered a best practice by Microsoft and just plain common sense by some of the rest of us. You also shouldn’t run real-time antivirus scanning on the shares where meeting content, meeting content metadata, and meeting compliance data is stored. This can negatively impact performance for Web conferencing. Microsoft recommends scanning for viruses only when the server has little or no load and that antivirus protection be enabled on client computers at all times. Again, some might just call this common sense.
Edge servers have their own concerns. Face it. The biggest concern is that edge servers just don’t scale well. You can’t load-balance multiple edge servers at all in the consolidated topology. The only way you’re going to load-balance your site is if you require one or more dedicated computers with colocated Access Edge Servers with Web Conferencing Edge Servers and one or more dedicated computers with A/V Edge Conferencing Servers. So, if you’re going to deploy the consolidated edge topology at first and then later decide that you want to scale, you’re going to have to deploy an entirely new edge topology. This is a major issue you need to think about before you start.
But that’s not the only issue with edge servers. If you want to support public IM connectivity and federation, you need to make sure you have an external DNS SRV record for your Access Edge Server.
You can use only one Access Edge Server or array of Access Edge Servers for public IM connectivity and federation. This means that an Access Edge Server or an array of Access Edge Servers can be in only one physical location. Your remote sites can’t deploy Access Edge Servers.
You’ll need to make sure you have a reverse HTTP proxy for remote users to download Address Book files and expand distribution lists, and to allow external users access to meeting content for Web conferences.
The network interfaces of your A/V Edge Servers have to be directly addressable at the IP layer. You can’t use NAT with them.
Finally, there are several other general concerns you need to be aware of. First, the Standard Edition server requires enough disk space on your local drive for any meeting content you may have. You can’t install any OCS 2007 role on a domain controller. It’s just not supported. There are also several general issues regarding fully qualified domain names (FQDNs) that you should familiarize yourself with. Microsoft lists many of these gotchas in its Planning Guide.
But as we’re not going to get down and dirty here with a sample installation, but rather are going to continue to discuss general issues you need to be prepared for when deploying OCS 2007, let’s turn our attention to the next area of concern: the deployment process. The first step of your deployment process should be to determine storage requirements, and to create file shares to store the following:
Presentations to be downloaded or streamed by meeting attendees
Information used internally by the pool’s Web Conferencing Server
Information used by the Address Book Server
Content logged for any compliance requirements
Make sure you have the following already installed and ready to go:
Microsoft Windows Server 2003 SP1 or R2 or later for OCS
Microsoft Windows 2000 SP4 or later for Active Directory Domain Services
Active Directory in Windows 2000 Server or later native mode in all domains involving OCS 2007 (Windows Server 2003 native mode is recommended)
For Enterprise Edition, Microsoft SQL Server 2005 with SP2 (recommended) or SQL Server 2005 SP1, SQL Server 2000 with SP4 on the computer where the backend database will be deployed DNS
An Enterprise (recommended), Standalone, or public CA
IIS 6.0 on each computer where Standard Edition or Enterprise Edition Front-End Server will be installed (or, if deploying Enterprise Edition: Expanded Configuration on computers that are to serve as your Web farm)
Active Server Pages components of IIS 6.0 on each computer where a Web Components Server will be installed (for Standard Edition, the computer running Standard Edition server; for Enterprise Edition: Consolidated Configuration, all Front-End Servers); for Expanded Configuration, all dedicated IIS servers)
The next step in your preparation should be to review your Active Directory infrastructure. The deployment tool is going to run Schema Prep, Forrest Prep, and Domain Prep as the first three steps in your installation and deployment. After your Active Directory infrastructure for OCS is ready, you’ll need to create the DNS A records and SRV records that allow the OCS 2007 Standard Edition server or Enterprise Edition pool to be found.
You’ll now be ready to begin the installation. The process of installing OCS 2007 will depend on what edition, configuration, and server roles you’ve chosen. The Microsoft Office Communications Server 2007 Standard Edition Deployment Guide and the Enterprise Edition Deployment Guide are available for download and provide easy-to-follow, step-by-step instructions on the setup tasks involved in deploying these two software applications. After the files are installed, the next step will be to configure the server or pool. Next, you must configure the certificates on each Standard Edition or Enterprise Edition server you’re installing. The next step will be to verify that the Active Directory changes have been replicated, and after that you can start the services, making sure that your server or pool configuration performs as required.
Now will be the best time to install any front-end servers and other components, such as IIS for Web Component servers. Next, create your users and enable them, deploy the clients, and then install and configure your edge servers. The final phase of installation will be to install Enterprise Voice.
Make sure you have the required permissions to perform the installation before you start this process. Membership in the Domain Admins group is required to deploy or activate a server that is joined to an Active Directory domain.
The next phase in the planning process is to prepare the infrastructure. Before you start the deployment, you need to verify that your Active Directory is deployed with all the necessary prerequisites. You also need to make sure a certificate infrastructure is in place for all server-to-server and client-to-server communications. Make sure you know of all the DNS records that your installation will need for servers and pools to communicate and clients to locate their server or pool.
The fifth phase involves reviewing your systems and network requirements. After you’ve decided which features and components your OCS 2007 deployment will have, you need to decide whether your existing infrastructure will meet the platform requirements for OCS 2007 and, if not, what changes or additions you will need to make before you start installation. More than likely, you’re going to have changes to make or things to add because OCS 2007 includes many new components that were not present in its predecessor, Live Communications Server 2005 with SP1.
You should examine the capacity planning section of the Planning Guide. The user model and network requirements are good topics to examine also. Network requirements will include things such as A/V and Web conferencing bandwidth requirements. Don’t forget to look at your hardware, software, and operating system requirements too. The various types of servers to be installed may have different hardware and operating system requirements.
The next phase deals with planning for external users. Depending on your configuration’s needs, you may or may not need to install edge servers. Remember that edge servers allow both internal and external users to communicate using Communicator or the Live Meeting 2007 client. Also remember that there are three basic types:
Access Edge Server
Web Conferencing Edge Server
A/V Edge Server
So, anytime you are dealing with external users you are going to need one of these edge servers. The Planning Guide goes into detail about when each needs to be installed, and as I’ve suggested several times, you should spend considerable time during this phase becoming familiar with the information in this document.
The seventh phase of our planning scenario deals with planning for load balancing. Before you deploy OCS 2007, you need to have one or more hardware load balancers ready, in place, and configured appropriately. Again, we’re not just talking about the primary servers but everything down to the edge servers.
Planning for VoIP is the eighth phase. This is a different type of consideration in that you must consider the impact on both your telephony and IP infrastructures. The one thing you won’t have to consider here, though, is replacing your existing PBX.
Considerations you’ll want to evaluate include:
How many and where are your users?
What deployment best suits your organization?
How many media gateways are needed and where should they be located in your organization?
What are the routing rules and user privileges for your Enterprise Voice deployment?
Carefully develop your plan for call notification, voice mail, and other call services provided by Exchange UM.
How will you migrate your users to Enterprise Voice?
The ninth phase in the planning process is to plan for the Address Book Server. Remember, the main reason the Address Book Server exists is to provide global address list information from Active Directory to the MOC 2007 client. If Communicator accessed Active Directory directly, it would affect your network performance. The Address Book Server is installed on every Front-End Server.
The tenth phase is to plan for high availability and fault tolerance. Remember that you can think of high availability as a system’s capability to keep downtime to a minimum while continuing normal operation in the event of disruptions due to hardware, software, or service requirements. Fault tolerance, on the other hand, refers to reducing the risk of service disruption in the event of system or component failure. Earlier we talked about deciding whether high availability was important to your organization. If you chose to install the standard server, this question is moot to a certain degree. Then again, fault tolerance should be built into your systems to a certain degree, even for your workstations.
In the next phase, you should plan your database storage. Planning you database storage solution requires that you know what types of data are being generated and where each type is being stored. Spend some time on this aspect of your planning, as nothing can bring your OCS 2007 installation down as fast as poor storage planning. In your planning, make sure you balance three criteria: capacity, availability, and performance. The choices you make in this regard as you plan and implement your storage solution will affect the cost associated with administration and maintenance of your OCS 2007 environment.
The final phase is to plan for compliance and usage analysis. We all know how our companies and organizations are being required to retain more and more information, including both e-mail and IM conversations. And now these requirements are being extended to conferencing, and that includes meeting content. The OCS 2007 Archiving and CDR Server allows you to comply with any laws and/or policies that require retention of IM communications.
We’ve touched on some of the issues important to a new installation. Now let’s take a look at upgrading.
If you are running Live Communications Server 2003, you’ll first need to migrate your installation to Live Communications Server 2005 with SP1. Microsoft has supplied a migration guide, which you can download at www.microsoft.com/downloads/details.aspx?familyid=20f67afc-6af5-4a03-99bf-4150def36457&displaylang=en. You can then complete your migration to OCS 2007.
When you have Live Communications Server 2005 with SP1 Access Proxies deployed, your only choice is to migrate your environment from the outside in. Think about it. OCS 2007 uses Access Edge Servers, not Access Proxies. To perform the upgrade you’re going to have to start by upgrading the Access Proxies. So, the first thing you need to do is replace your Access Proxies with OCS 2007 Access Edge Servers, and only then can you migrate to OCS 2007 in your internal environment.
If you follow a phased approach such as described here in which you upgrade all the servers of a particular type at one time, you’ll be able to save yourself a great deal of system downtime. The supported order is as follows:
Replace all your Access Proxies in the perimeter network with Access Edge Servers.
Replace the Directors.
Install Enterprise pools and Standard Edition servers.
Install Archiving and CDR Servers as necessary.
Why? Again, it’s the logical progression. Replacing and installing servers in this order is supported. Not following this process means that files won’t be installed in the proper order.
At this point, you should have some users test the behavior of IM and presence in the new environment. At this point, you have two operational installations: one Live Communications Server 2005 and one OCS 2007. Move the users from the Live Communications Server 2005 installation to the OCS 2007 and have them test IM and presence information in the MOC 2007 client. After you’re sure that IM and presence are working correctly in your new environment, you can deploy Web Conferencing Edge Servers and A/V Edge Servers in your perimeter network. After you’ve made sure that Web conferencing and A/V conferencing are working properly, you can move the rest of your users to the new deployment and take the Live Communications Server offline.
Remember, planning your upgrade to OCS 2007 should include the following:
Understanding the basic migration process
Understanding coexistence issues
Planning user migration
Determining your requirements for additional hardware
Before you begin either your deployment or your upgrade, you need to spend some time with the OCS 2007 Planning Guide. It goes into considerable detail concerning each step for new installations. You can find the planning guide at www.microsoft.com/down-loads/details.aspx?familyid=723347c6-fa1f-44d8-a7fa-8974c3b596f4&displaylang=en.
Microsoft OCS 2007 manages all real-time communications including IM, VoIP, and audio conferencing and videoconferencing. The system will work with your existing telecommunications systems so that you can deploy advanced VoIP and conferencing without tearing out your current telephone system.
 | OCS 2007 builds on the foundations and services that Live Communications Server 2005 and MOC 2005 delivered. |
| OCS 2007 is now integrated with Exchange Server distribution lists. |
| OCS 2007 now supports the ICE framework of protocols, allowing users to take advantage of its new features wherever those users are located. |
| The Standard Edition provides full functionality for small organizations. |
| The Enterprise Edition: Consolidated Configuration provides scalability and high availability while at the same time being relatively easy to plan, deploy, configure, and maintain. |
| The Enterprise Edition: Expanded Configuration offers maximum capacity, performance, and availability for large organizations. |
| The Front-End Server is responsible for handling all signaling among and between servers and clients. |
| The Edge Server resides in the perimeter network and provides connectivity for external users and public IM connections. |
| The Mediation Server provides signaling and media translation between the VoIP infrastructure and a basic media gateway. |
| The Archiving and CDR Server provides archiving for all IM conversations and for all CDRs for all users. |
| Determine your key planning decisions. |
| Select your topology. |
| Plan your deployment path. |
| Prepare your infrastructure. |
| Review your system and network requirements. |
| Plan for your external users. |
| Plan for deploying load balancers. |
| Plan for VoIP. |
| Plan for Address Book Server. |
| Plan for high availability and fault tolerance. |
| Plan for database storage. |
| Plan for compliance and usage analysis. |