Chapter 10
Online and Hybrid

With the advent of Office 365 and the first incarnations for Skype for Business Online (based on Lync Server 2010), customers have been asking for the ability to host voice in the cloud as well as the ability to have some infrastructure on premises and some in the cloud (the hybrid model).

Microsoft Office 365 Lync 2010 Online delivered the power of cloud productivity to businesses of all sizes, helping them free up valued resources by not having to maintain an on-premises Lync server infrastructure (in other words, patching, rack space, data center power, high availability, and disaster recovery planning).

Skype for Business Online provides cloud-based instant messaging, presence, and online meeting experiences with PC audio, videoconferencing, and screen sharing, as well as the promise of Cloud PBX. At the time of writing, the Cloud PBX functionality is in beta with a Technology Adoption Program (TAP) underway.

In this chapter, you will learn to

  • Understand the hybrid architecture model
  • Understand the capabilities of a hybrid deployment
  • Understand the call flow for media in different scenarios
  • Understand the required steps to configure a hybrid deployment

Putting Skype for Business Online in Context

When Skype for Business Online was first released, it did not offer an Enterprise Voice service, which is essentially the ability to call the public switched telephone network (PSTN); the only voice capability was for calling other Skype for Business Online users. Eventually, for small businesses only, Skype for Business Online was enabled to provide PSTN calling. The service was called Lync-to-Phone, and connectivity provided Skype for Business Online users with the ability to have their Enterprise Voice capability hosted in the cloud. This option was discontinued around the time of the Lync Server 2013 release.

Audio conference providers (ACPs) enabled dial-in conferencing to be hosted in the cloud, which meant organizations could primarily offer instant message/presence to users but supplement the conferencing with the ability to join via PSTN connections.

The speedy evolution of the online environments and demands from customers have led to Enterprise Voice capability coming with Skype for Business. This will be true Enterprise Voice capability, albeit initially it’s likely to have a reduced feature set. Still, with the fast deployment of additional cloud features, it will not be long before it is on par with an on-premises deployment. This functionality is expected to be widely available in 2016.

In this chapter, we use the following terminology:

Skype for Business Online An environment where everything is hosted in the cloud.

Skype for Business Online User A user who is hosted in a cloud-based infrastructure. This may be part of a wider hybrid infrastructure configuration.

Skype for Business Hybrid (or Hybrid Voice) An environment that leverages some Skype for Business Online (in the cloud) infrastructure but also has some on-premises infrastructure, both of which share the same SIP domain.

Skype for Business Hybrid Voice User A user whose account is located in the cloud but leverages some on-premises infrastructure for making PSTN calls.

Skype for Business On-Premises A Skype for Business infrastructure wholly deployed on premises for an organization. (This may also be a hosted infrastructure; however, the distinction then becomes that it is a dedicated hosted environment and not shared. In other words, the servers are the same as they would be if the organization deployed them; they are simply in another location.)

Skype for Business On-Premises User A user whose account is located on on-premises infrastructure—whether this infrastructure is part of a wider hybrid deployment or not.

Cloud PBX The in-cloud environment providing PSTN services by Microsoft, including billing and calling plans.

Please be aware these naming conventions are valid only for this chapter. Microsoft may (and often does) change the terminology or the meaning behind the terminology, so some phrases may refer to different configurations/scenarios on final release.

Understanding Hybrid Voice and Cloud PBX

Many organizations are seeking to actively move enterprise services such as Exchange Server, SharePoint Server, and Skype for Business Server to the cloud. With Skype for Business, the move is made much easier with the option to support a Hybrid Voice environment and even easier still with the Cloud PBX offering.

Hybrid Voice

Hybrid Voice allows organizations to take advantage of any investments they have already made with their on-premises Enterprise Voice environment, such as deploying PSTN media gateways or integrating with PBX/IP-PBX deployments, but still move users to the Skype for Business Online environment to take advantage of all the benefits of a cloud-based infrastructure (such as no capital purchase costs, paying only for capacity that has been used, and so on).

This means they can “sweat” their existing assets and not lose any prior investment made but still take advantage of the cloud offering. Skype for Business Hybrid Voice users can use the on-premises voice infrastructure as though they were on-premises Enterprise Voice users. Their inbound and outbound calls are routed through the PSTN infrastructure that forms part of the on-premises Skype for Business Server deployment.

Figure 10.1 shows a typical Hybrid Voice infrastructure.

Diagram shows hybrid voice infrastructure deployment with Office 365, internet, Skype Edge servers, PSTN, Media Gateway, Skype for Business Pool et cetera.

FIGURE 10.1 Typical Hybrid Voice Infrastructure deployment

In Figure 10.1, Keith is a Skype for Business–enabled user who is configured as on premises; in other words, his SIP registrar is a server that is part of the Skype for Business on-premises pool. David and Rob are Skype for Business–enabled users who are configured as Hybrid Voice users; in other words, their SIP registrar server is part of a Skype for Business pool in the Skype for Business Online cloud. David is signed on from within the corporate network, and Rob is working remotely. Both the on-premises and online environments have Skype for Business Edge Servers deployed.

The other exciting developments regarding Hybrid Voice are that on-premises and online users can now share the same SIP domain and that users can be in both infrastructure locations.

Hybrid Voice is configured and kept in sync with the on-premises Active Directory by using Active Directory synchronization. A typical Hybrid Voice deployment will consist of an on-premises Skype for Business pool (Standard or Enterprise Edition) with a colocated Mediation Server role (or, possibly, a stand-alone Mediation Server pool dedicated to call routing), an on-premises Skype for Business Edge Server (or pool), and some on-premises PSTN infrastructure, such as PSTN gateways.

The organization will have an Office 365 tenant with Skype for Business Hybrid users signing in from the corporate network or the Internet. You’ll see later in this chapter how to configure hybrid environments.

Features such as call park, response group, and remote call control are not available for Skype for Business Online users enabled for Hybrid Voice. Organizations that require all users to be able to use these features must go with on-premises Enterprise Voice. If an organization requires a contact center solution, this will have to be on premises, and Hybrid Voice users will not be able to act as agents for it if it relies upon deep Skype for Business server integration or indeed the response group functionality.

Voice resiliency refers to the lack of backup SIP registrar capability and survivable branch appliance support for Hybrid Voice users. If the network connection between the organization and the Skype for Business Online service is unavailable, the Skype for Business Online service will be unavailable to users who are enabled as Hybrid Voice users, even if they are accessing Skype for Business Online from the Internet (e.g., outside the corporate network).

The advantage of Skype for Business Hybrid Voice is that it removes many of the barriers to cloud adoption, allowing organizations to more rapidly move users to Skype for Business Online in a controlled, phased manner. Once the users are moved, they can then validate the features, functionality, security, quality, and reliability of Skype for Business Online as Hybrid Voice users.

Cloud PBX

Microsoft uses the Cloud PBX terminology to describe a scenario where the user is hosted in Office 365 and the PSTN calling functionality (via SIP trunking in the cloud) is provided by Microsoft. This scenario will have the advantage that continued administration will be via the Office 365 portal, so the administrators will be working with a familiar interface.

The features that will be available at launch are as follows:

  • Call answer/initiate (by name and number)
  • Call hold/retrieve
  • Call history
  • Call delegation and call on behalf
  • Call transfer (blind, consult, and mobile)
  • Camp-on
  • Caller ID
  • Call waiting
  • Call forwarding and simul-ring
  • Device switching
  • Distinctive ringing
  • Do-not-disturb routing and call blocking
  • Enterprise calendar call routing
  • Integrated dial-pad
  • Music on Hold
  • Skype and federated calling
  • Team calling
  • Video call monitor
  • Voice mail
  • Clients for PC, Mac, and mobile
  • Qualified IP desk phone support

As mentioned, the cloud environment is fast moving, so this feature set is likely to increase quickly.

Voice Mail

Both hybrid and cloud environments support hosting voice mail in Exchange Online. With an on-premises deployment of Skype for Business, you can provide hosted voice mail by having the user’s mailbox in Exchange Online. Chapter 22, “Exchange, SharePoint, and Office Web Applications Server,” covers the on-premises configuration of Exchange, and later in this chapter you’ll see how to configure the Exchange Online aspects.

Configuring for Office 365

The majority of this book is focused on the on-premises deployment; some of this will carry into a hybrid configuration, but for now we’ll take a step back to a pure Office 365 environment.

In this case, all infrastructure is managed by Microsoft via the Office 365 data centers. Users and configuration are managed via the Office 365 portal, shown in Figure 10.2.

Screenshot shows Skype for Business Admin center with dashboard menu selected along with details about User statistics and organization information and links provided under Resources and Community.

FIGURE 10.2 Office 365 portal showing Skype for Business configuration options

There’s not a lot involved. Configuration here consists of the following options:

  • Users
  • Organization
  • Dial-In Conferencing
  • Meeting Invitation
  • Tools

Please note, while writing this chapter, Microsoft was starting to promote a “new admin experience” with a portal redesign, and with the release of new features, this is likely to change.

With the E3 licensing option, the functionality choices are limited to the following:

  • Enable/Disable Users
  • Enable/Disable Federation
  • Enable/Disable Privacy
  • Enable/Disable Push Notifications
  • Enable And Configure Audio Conference Providers
  • Customize The Meeting Invitation

You can achieve all of this via PowerShell by remoting into the Office 365 environment and importing the Skype for Business Online PowerShell module, as shown here:

$credentials = Get-Credential [email protected]
$session = New-CsOnlineSession –Credential $credentials
Import-PsSession $session

From a user perspective, there is no visible difference. Figure 10.3 shows the configuration information. There’s some obvious information (if you know what to look for), such as specific server/pool names, that indicate an Office 365 environment.

Screenshot shows a window displaying Skype for Business Configuration Information along with Copy, Refresh and Close buttons.

FIGURE 10.3 Skype for Business client configuration information for Office 365

With Skype for Business purely online, all DNS records will point to the online infrastructure—typically sipfed.online.lync.com (you’ll see this address appear quite regularly).

Configuring Skype for Business Online for Hybrid

One of the steps for setting up Skype for Business Hybrid is to federate the on-premises Edge servers with the Skype for Business Online Edge servers. This important step is explained in the following sections. The Edge federation is used to explain many of the scenarios discussed in the next sections of the chapter.

You will learn how Skype for Business Hybrid works and how it is configured. You’ll also look at some call flow examples as well as how advanced features such as Media Bypass and E9-1-1 work when a user is enabled for Hybrid Voice.

First you need to configure both the on-premises and in-cloud environments before you can start to look at clients.

Configuration for Hybrid

With Lync Server, configuration with the cloud was a manual process. Skype for Business has introduced a wizard as part of the Skype for Business Control Panel, so it’s now possible to enable the configuration in a few simple clicks.

Of course, there are always a few prerequisites to be checked off prior to starting.

  • An on-premises deployment (including Edge servers)
  • An Office 365 tenant, with Skype for Business Online enabled
  • Single sign-on enabled between on-premises Active Directory and Office 365
  • Directory synchronization solution between Office 365 and Active Directory
  • Skype for Business Administrative tools installed
  • Skype for Business Online, with Windows PowerShell Module installed (download from http://go.microsoft.com/fwlink/?LinkId=294688)

SETTING UP THE INTERNAL CORPORATE NETWORK FOR SKYPE FOR BUSINESS ONLINE

For users to be able to access Skype for Business Online from within the corporate network, specific ports and URLs need to be allowed via firewalls or forward-facing proxies. Table 10.1 shows the required ports on the corporate reverse proxy servers and external firewalls.

TABLE 10.1 Required firewall ports and protocol configuration

PORT PROTOCOL DIRECTION USAGE
443 STUN/TCP Outbound Audio, video, and application-sharing sessions
443 PSOM/TLS Outbound Data-sharing sessions
3478 STUN/UDP Outbound Audio and video sessions
5223 TCP Outbound Mobile push notifications (if Mobile clients are deployed)
50000–59999 RTP/UDP Outbound Audio and video sessions

Configure an exception for Microsoft Online Services URLs and applications from the proxy or firewall. Create these rules/exceptions on the external firewall that apply to all users on the organization’s network:

  • Allow outgoing connections to the following URLs:
    • *.microsoftonline.com.
    • *.microsoftonline–p.com.
    • *.onmicrosoft.com
    • *.sharepoint.com
    • *.outlook.com
    • *.lync.com
    • *.verisign.com
    • *.verisign.net
    • *.public-trust.com
    • *.sa.symcb.com
  • Allow TCP and HTTPS.
  • Set the HTTPS/SSL timeout to eight hours.

If the firewall being used does not accept URLs such as *.lync.com, then exclude the IP address ranges that are used by Skype for Business Online. The following TechNet article lists the IP ranges:

https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US

Any Internet proxy access needs to be unauthenticated so that the sign-on process is seamless. The preferred approach is to bypass the proxy because a proxy will typically force all traffic to be TCP (potentially impacting call quality).

SKYPE FOR BUSINESS ONLINE TENANT (PREPARING ONLINE SERVICES)

When you create an online tenant, you will be assigned a domain such as, for example, rlscomms.onmicrosoft.com; you will then need to add your vanity domain, which is actually your on-premises domain name (such as rlscomms.net).

To create an online tenant, you will need to visit the Office 365 online services website.

www.microsoft.com/office/preview/en/office-365-proplus

These are the next high-level steps:

  1. Enter your email address, physical address, and contact telephone number.
  2. Create an administrator account in the online domain; it will be automatically populated—for example [email protected].
  3. Add your vanity domain (e.g., rlscomms.net).
  4. You will then have to verify your domain.
  5. Enable federation for Skype for Business Online.
  6. Activate Active Directory synchronization online (this step must be completed before installing the Directory Synchronization Tool).

 

WORKING THROUGH THE CONFIGURATION STEPS

You access the wizard via the Skype for Business Control Panel home screen; it requires a login account with Global Admin rights on the Office 365 Tenant, shown in Figure 10.4.

Screenshot shows Skype for Business Server 2015 Control panel with Home tab selected. Links are provided under Top Actions, Connection to Skype for Business Online, Getting Help, Community and Getting started.

FIGURE 10.4 Launching the hybrid setup wizard

Figure 10.4 shows the screen prior to signing in and shows a link to the sign-in prompt. You can launch the wizard without signing in; it’ll simply prompt you to sign in as part of the process. There is a separate sign-in step on this screen simply to allow you to sign in and then go ahead and manage users.

To enable the sign-in to Office 365 to be successful, the Front End servers need to have Internet access, and the lyncdiscover.<domain> record needs to be pointing to the on-premises servers.

Figure 10.5 shows the errors returned in each of these cases.

Screenshot shows Office 365 sign in window displaying error message along with Ok and Cancel button

FIGURE 10.5 Errors when signing in to Office 365 using the wizard

Once you get through the initial connectivity check screens, the wizard will run the configuration checks and provide feedback on the current state. For environments that have been operational with previous versions of Lync Server deployed, you’re most likely going to encounter the feedback shown in Figure 10.6.

Screenshot shows Hybrid setup wizard window with description and Close button.

FIGURE 10.6 Initial hybrid configuration status

If you haven’t configured federation or are using closed federation (no DNS record exists for _sipfederationtls._tcp.<domain>), you will see the first entry marked with a red X. Click Next to have the wizard do all the configurations required in the background. One thing to note is that the wizard will make the required changes only to the Office 365 and local on-premises Skype for Business environments. It is not able to make changes to DNS or firewalls.

Figure 10.7 shows the completed wizard with the check marks all green.

Screenshot shows Hybrid setup wizard window with description and Close button.

FIGURE 10.7 The completed hybrid setup wizard

Each of these steps can be carried out manually using the following configuration steps:

  1. Enable federation. You might need to make a topology change to enable federation on the Edge servers, as well as opening port 5061 on the network. You need to make DNS changes to configure the _sipfederationtls._tcp.<domain> record and make the following configuration change:

    Set-CsAccessEdgeConfiguration
–AllowFederatedUsers $true
–EnablePartnerDiscovery $true

  2. Federate with Office 365. With the local on-premises PowerShell, run the following:

    New-CsHostingProvider
-Identity SkypeforBusinessOnline
-ProxyFqdn "sipfed.online.lync.com"
-Enabled $true
-EnabledSharedAddressSpace $true
-HostsOCSUsers $true
-VerificationLevel UseSourceVerification -IsLocal $false
-AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

  3. Set up the Office 365 tenant with federation enabled. Using remote PowerShell to the Office 365 tenant, run the following:

    Set-CsTenantFederationConfiguration
–AllowedFederatedUsers $true

  4. Set up the Office 365 tenant with a shared SIP address space. Using remote PowerShell to the Office 365 tenant, run the following:

    Set-CsTenantFederationConfiguration
-SharedSipaddressSpace $true

Although these steps show PowerShell configuration, you can also achieve this via the portal (for Office 365) or via the Skype for Business Control Panel. Figure 10.8 shows step 3 of the configuration via the Office 365 admin portal.

Screenshot shows Skype for Business Admin center with External access, public IM connectivity, blocked or allowed domains and buttons for save and cancel.

FIGURE 10.8 Enabling tenant federation via the Office 365 portal

Now that you have configured federation, you can move users to the online environment.

Within the Skype for Business Control Panel, the user management options have now changed. Search for and select a user and then select the Action menu. You will see some new options (shown in Figure 10.9).

  • Move Selected Users To Skype for Business Online
  • Move Selected Users From Skype for Business Online
Screenshot shows expanded action menu with an oval drawn around the option Move selected users to Skype for Business Online.

FIGURE 10.9 Moving a user within Skype for Business Control Panel

Depending on the current location of the user, only one option will be highlighted.

The Move Selected Users From Skype for Business Online option will provide status updates and feedback on the user move. If the environment still has legacy Edge servers deployed and they are the primary route for federation, you may receive the error shown in Figure 10.10.

Screenshot shows a box displaying an error message with a cross icon.

FIGURE 10.10 Error moving users when legacy Edge servers are in use

You can resolve this by using PowerShell with the –ProxyPool parameter defined.

Move-CsUser -Identity <userid> -Target sipfed.online.lync.com -HostedMigrationOverrideUrl https: //<webhost>.online.lync.com/HostedMigration/hostedmigrationservice.svc -ProxyPool <skypeforbusinesspoolname>

The <webhost> entry is the URL specified in your online tenant portal. This a shared name across many tenants, used to load balance the management portals across Office 365.

To verify that the user was successfully moved, you can use a Get-CsUser command in the on-premises Skype for Business Management Shell and look to make sure the output shows that HostingProvider is set to sipfed.online.lync.com.

Now that you’re set up, how does it work?

Sign-in/Registration Process

The registration process for a Hybrid Voice user is essentially the same as for on-premises Skype for Business Server. When a user is moved from on-premises to Office 365, the Deployment Locator attribute of their Active Directory user account is updated to reflect that they are hosted in the cloud. Figure 10.11 shows this attribute on an Active Directory user.

Screenshot shows Skype properties window with Attribute Editor tab opened displaying the list of attributes with its corresponding value along with buttons provided for Edit, Filter, OK, Cancel, Apply and Help.

FIGURE 10.11 Deployment Locator attribute

When a user who is a member of the rlscomms.net domain signs in to Skype for Business and is using automatic configuration, the Deployment Locator attribute allows the on-premises server to redirect the user to their correct Online pool for registration. Figure 10.12 shows this process.

Flow diagram shows the steps involved in Skype user sign-in process with DNS, internet, media gateway et cetera.

FIGURE 10.12 Skype for Business user sign-in process

In Figure 10.12, Keith logs into his computer, and his Skype for Business client is configured to automatic configuration. For automatic login, there will be an SRV record created on the internal DNS for this purpose, such as _sipinternaltls._tcp.rlscomms.net or lyncdiscover.rlscomms.net. Then the following occurs:

  1. Keith’s client performs a DNS SRV record lookup.
  2. Because Keith is accessing from inside the corporate network, the internal DNS SRV record will be returned. This resolves to the on-premises Skype for Business deployment. Keith will then authenticate to the on-premises pool.
  3. The Skype for Business on-premises pool will redirect Keith with a SIP 301 to the Skype for Business Online service. It knows to do this because Keith’s Active Directory user account is stamped with the Deployment Locator attribute.
  4. Keith will then register against the Skype for Business Online environment.

For Keith to successfully register with the Skype for Business Online service, he needs to have access to the Internet so that he can reach the service.

If Keith was accessing Skype for Business from outside the corporate network (such as from the Internet because he was working remotely), his client would find the DNS SRV record that had been created in the organization’s external DNS, which resolves to the Access Edge service of the on-premises Skype for Business Edge server. His client would then follow the same process and would be redirected to the Skype for Business Online service.

Call Flow Scenarios

To get a good understanding of the various possible call flows, you’ll take a step-by-step look at a number of different scenarios.

  • Scenario 1: Two Hybrid Voice users logged on to the corporate network (peer to peer)
  • Scenario 2: Two users logged on to the corporate network, one on-premises user and one Hybrid Voice user
  • Scenario 3: Incoming PSTN call to Hybrid Voice user (peer to peer)
  • Scenario 4: Incoming PSTN call to Hybrid Voice user who is logging on remotely (from the Internet)
  • Scenario 5: Hybrid Voice user making an outgoing PSTN call while logged on from the internal corporate network
  • Scenario 6: Hybrid Voice user making an outgoing PSTN call while logged on remotely (from the Internet)

Remember, in all these cases, registration has already occurred and the users are logged in. We’re not covering complex cases where local firewalls restrict direct traffic and media has to flow via an Edge server.

SCENARIO 1

In this scenario, two Hybrid Voice users are logged on to the corporate network (peer to peer). See Figure 10.13.

Flow diagram shows steps involved in peer to peer communication between two hybrid voice users including Office 365, media gateway, internet, PSTN et cetera.

FIGURE 10.13 Two Hybrid Voice users logged on to the corporate network (peer to peer)

Scenario: Linda is a Hybrid Voice user in the office. Rob is a Lync Hybrid Voice user in the same office.

  1. Linda initiates a call to Rob by dialing his extension or clicking Work in the client.
  2. The Skype for Business Online infrastructure, on which both Linda and Rob are registered, will perform a reverse number lookup that determines that the number Linda dialed resolves to Rob.
  3. All the SIP signaling flows through the Skype for Business Online infrastructure. A SIP INVITE is sent to Rob’s endpoint.
  4. When Rob answers the call, the media flows directly between the two clients (peer to peer) because they are both on the corporate network.

SCENARIO 2

In this scenario, two users are logged on to the corporate network, one on-premises user and one Hybrid Voice user (peer to peer). See Figure 10.14.

Flow diagram shows steps involved in peer to peer communication between two hybrid voice users including Office 365, media gateway, internet, PSTN et cetera.

FIGURE 10.14 Two users logged on to the corporate network, one on-premises user and one Hybrid Voice user (peer to peer)

Scenario: David is an on-premises user in the office. Rob is a Hybrid Voice user in the same office.

  1. David, who is an on-premises user, initiates a call to Rob, who is a Hybrid user, by dialing his extension or clicking Work in the client.
  2. The Lync on-premises infrastructure knows that Rob has an Active Directory object on-premises. The reverse number lookup can look at Rob’s on-premises object and determine that Rob is in the federated Skype for Business Online infrastructure.
  3. The SIP signaling (the call) is then routed over the federation route via the Edge server up to the Skype for Business Online infrastructure.
  4. The SIP signaling returns from the Skype for Business Online infrastructure to Rob’s endpoint.
  5. When Rob answers the call, the media flows directly between the two clients (peer to peer) because they are both on the corporate network.

SCENARIO 3

This scenario details an incoming PSTN call to a Hybrid Voice user. See Figure 10.15.

Flow diagram shows steps involved in incoming PSTN call to an user including Office 365, media gateway, internet, PSTN et cetera.

FIGURE 10.15 Incoming PSTN call to Hybrid Voice user

Scenario: Rob is a Hybrid Voice user in the office.

  1. A PSTN call is placed to Rob’s phone number; the call is received on the on-premises PSTN media gateway.
  2. The on-premises media gateway directs the call to the Skype for Business Mediation server, which is colocated on the on-premises Lync 2013 pool.
  3. The Skype for Business on-premises infrastructure knows that Rob has an Active Directory object on premises. The reverse number lookup can look at Rob’s on-premises object and determine that Rob is in the federated Skype for Business Online infrastructure.
  4. The SIP signaling (the call) is then routed over the federation route via the Edge server up to the Skype for Business Online infrastructure.
  5. The SIP signaling is sent from the Skype for Business Online infrastructure to Rob’s endpoint.
  6. When Rob answers the call, media is established and flows between the on-premises mediation server/PSTN infrastructure and Rob’s client. This could be using Media Bypass if configured, or the media may flow via the Mediation server if Media Bypass is not configured.

SCENARIO 4

In this scenario, there is an incoming PSTN call to a Hybrid Voice user who is logging in remotely (from the Internet). See Figure 10.16.

Flow diagram shows steps involved in incoming PSTN call to an user including Office 365, media gateway, internet, PSTN et cetera.

FIGURE 10.16 Incoming PSTN call to Hybrid Voice user who is logging in remotely (Internet)

Scenario: Rob is a Hybrid Voice user working remotely.

  1. A PSTN call is placed to Rob’s phone number. The call terminates at the on-premises PSTN media gateway.
  2. The on-premises media gateway directs the call to the Skype for Business Mediation server, which is colocated on the on-premises pool.
  3. The Skype for Business on-premises infrastructure knows that Rob has an Active Directory object on premises. The reverse number lookup can look at Rob’s on-premises object and determine that Rob is in the federated Skype for Business Online infrastructure.
  4. The SIP signaling to set up the call is then routed over the federation route via the on-premises Edge server to the Skype for Business Online infrastructure.
  5. The SIP signaling is sent from the Skype for Business Online infrastructure to Rob’s endpoint.
  6. When Rob answers the call, media is established and flows through the on-premises Edge server through to the next hop, which is the on-premises pool. Media Bypass cannot happen because the user is working remotely and therefore is not on the same subnet as the media gateway.

SCENARIO 5

In this scenario, a Hybrid Voice user is making an outgoing PSTN call while logged on from the internal corporate network. See Figure 10.17.

Flow diagram shows steps involved in outgoing PSTN call by an user including Office 365, media gateway, internet, PSTN et cetera.

FIGURE 10.17 Hybrid Voice user making an outgoing PSTN call while logged on from the internal corporate network

Scenario: Rob is a Hybrid Voice user in the office.

  1. Rob places a PSTN call. The SIP INVITE with the dialed PSTN telephone number is sent to the Skype for Business Online infrastructure. Skype for Business Online is synchronized with user and contact objects from the on-premises AD. This means that reverse number lookup will work for all on-premises and online Enterprise Voice–enabled objects.
  2. The reverse number lookup will take place on the online infrastructure and will fail because the telephone number is an external PSTN number and not associated with any objects within the on-premises or online infrastructure.
  3. The SIP INVITE will be routed to the on-premises Skype for Business infrastructure. The call routing and authorization decisions will be made on premises.
  4. Rob’s voice routing policy is examined, and based on this, a PSTN media gateway on premises is selected, and the call is allowed to proceed.
  5. Media is established and flows using the optimal path between the on-premises Mediation server/PSTN infrastructure and the PSTN device. This could be using Media Bypass if configured, or the media may flow via the Mediation server if Media Bypass is not configured.

SCENARIO 6

In this scenario, a Hybrid Voice user is making an outgoing PSTN call while logged on remotely (from the Internet). See Figure 10.18.

Flow diagram shows steps involved in outgoing PSTN call by an user including Office 365, media gateway, internet, PSTN et cetera.

FIGURE 10.18 Hybrid Voice user making an outgoing PSTN call while logged on remotely (Internet)

Scenario: Rob is a Skype for Business Online user working remotely.

  1. Rob places a PSTN call. The SIP INVITE with the dialed PSTN telephone number is sent to the Skype for Business Online infrastructure. Skype for Business Online is synchronized with user and contact objects from the on-premises AD. This means that reverse number lookup will work for all on-premises and online Enterprise Voice–enabled objects.
  2. Reverse number lookup will take place on the online infrastructure and will fail because the telephone number is an external PSTN number and not associated with any objects within the on-premises or online infrastructure.
  3. The SIP INVITE will be routed to the on-premises Skype for Business infrastructure. The call routing and authorization decisions will be made on premises.
  4. Rob’s voice routing policy is examined, and based on this, a PSTN media gateway on premises is selected.
  5. Media is established and flows through the on-premises Edge server through to the next hop, which is the on-premises pool. Media Bypass will not happen because the user is working remotely and therefore is not on the same subnet as the media gateway.

E9-1-1 and Media Bypass

For a Hybrid Voice user to be able to use advanced features such as Media Bypass and E9-1-1, an on-premises Skype for Business pool must be deployed.

Media Bypass essentially works in the same way for Hybrid Voice users as it does for on-premises users. Media Bypass occurs when the Hybrid Voice user and PSTN media gateway are in the same network location and have matching Bypass IDs. How the client discovers its Bypass ID in a Hybrid Voice scenario is the only difference (shown in Figure 10.19).

Flow diagram shows steps involved in Online client discovery of Media Bypass ID including Office 365, media gateway, internet, PSTN et cetera.

FIGURE 10.19 Skype for Business Online client discovery of Media Bypass ID

Scenario: Rob is a Hybrid Voice user, logging in from the office.

  1. The Office 365 tenant administrator is responsible for configuring an internally and externally accessible URL that resolves to the provisioning web service, which is hosted on the on-premises Skype for Business pool.
  2. This URL is passed to the Skype for Business client via in-band provisioning during sign-in.
  3. The client will perform an HTTP POST to the URL and in return receives its Bypass ID, location policy, and LIS URL.
  4. This allows the Skype for Business client, when logged in to by a Hybrid user, to identify which network site it is in because site and subnet definitions are not configurable using Skype for Business Online in Office 365.

Note that the previous steps assume the user is signing in from the organization’s corporate network, not the Internet. Media Bypass will not work across the Internet. Although the user client will still follow the process defined and the user will resolve the URL via the reverse proxy, the Media Bypass ID will not match the subnet ID.

E9-1-1 works the same way as for an on-premises Skype for Business user. The location information and policy of Hybrid Voice users is automatically retrieved by the Skype for Business client via the provisioning web service (described earlier) and transmitted during an emergency call. When an E9-1-1 call is placed, the Skype for Business Online infrastructure routes the request through to the on-premises Skype for Business Server infrastructure. The on-premises Skype for Business Server infrastructure then routes the E9-1-1 call to the E9-1-1 provider.

If a Skype for Business Hybrid Voice user is logged on remotely (e.g., from the Internet) and makes an E9-1-1 call, the location cannot be automatically determined; in this case, the user will be prompted to enter an address manually. This address is then passed to the E9-1-1 provider.

Conferencing

Once a user is moved to Skype for Business Online, their conferencing data, meeting content, and scheduled meetings are not migrated with their user account. These users must reschedule their meetings after their accounts have been moved to Skype for Business Online.

Users homed on premises or online can join each other’s Skype meetings as before; if a user is enabled for Hybrid Voice, there are some different requirements, and also how the meeting location is determined is different from how it’s determined for an on-premises user.

Once users have been enabled for Hybrid Voice, they can no longer use the on-premises infrastructure for dial-in conferencing. Hybrid Voice users who require dial-in and dial-out access for meetings that they organize must be set up with dial-in conferencing accounts with an audio conference provider. ACPs provide dial-in conference capability for the cloud solution. This is because once users are moved to the online service, they will be using the online pools for hosting their conferences, and these pools do not have native on-premises dial-in and dial-out capabilities; they will leverage the ACP configuration numbers.

Figure 10.20 shows how a conference that is hosted online is located.

Flow diagram shows steps involved in Online conference discovery and connectivity including Office 365, media gateway, internet, PSTN et cetera.

FIGURE 10.20 Online conference discovery and connectivity

In Figure 10.20, the first getConference SIP/C3P request goes to the on-premises Skype for Business Server pool, which checks Rob’s Deployment Locator attribute on his AD user account object. This identifies Rob as a Lync Hybrid user, so the SIP/C3P request gets proxied from the on-premises Skype for Business Server pool, via the Edge, to the cloud to find Rob’s conferencing pool.

Implementing Cloud PBX

Soon, ideally by the time this book is available, Microsoft will have implemented connectivity from Office 365 to the PSTN for users, not just for the audio conference providers as it is today. As this book is being written, the functionality is in beta testing, and as with any unreleased content, it is subject to change between now and the time of release. The aim of this section is to give you an idea of what functionality will be available without necessarily the detailed configuration steps and options, as these are the items most likely to change.

Simply put, Office 365 users will be able to make and receive calls with no on-premises infrastructure, and Microsoft will provide a regular bill for this feature as well as a usage charge. The specifics of the usage charge may differ from country to country; it may be a calling plan with a number of minutes included, or you may get charged for each call.

Most currently supported clients are expected to be supported.

  • Office clients (both PC and Mac)
  • Mobile clients (Windows Phone, iOS, and Android when released)
  • IP phones (both Phone Edition and 3PIP)

The VDI plug-in is not expected to be supported at this stage. Conferencing users will have the ability to use a native Office 365 conference dial-in number or continue with existing ACPs if required. At launch, the service is expected to have local dial-in capabilities in 45 countries.

Cloud PSTN Calling

Figure 10.21 shows the relatively simple call flow for a user making a PSTN call.

Diagram shows a telephone, a user and a mobile phone connected with office 365 via Option ExpressRoute which is further connected to PSTN.

FIGURE 10.21 Call flow for Cloud PBX PSTN calling

Microsoft recommends deploying the ExpressRoute service to ensure call quality is maintained from the customer premises to the Office 365 environment. However, this isn’t available in all regions, nor practical for smaller customers. It will give the benefit of being a managed network and being able to have quality of service applied to ensure bandwidth availability.

New numbers can be requested, along with the ability to port your existing numbers into the Office 365 environment, in the same way that it is possible to port numbers from one provider to another today.

On-Premise PSTN Calling

Figure 10.22 shows the call flow for Cloud PBX when using on-premises infrastructures.

Diagram shows a telephone, a user and a mobile phone connected with office 365 and PSTN through On-Premises Skype for Business and telephony Infrastructures.

FIGURE 10.22 Call flow for Cloud PBX on-premises PSTN calling

The ability to have hosted Office 365 users but continue to leverage local infrastructure enables organizations to continue using existing hardware and potential carrier contracts without having to write off that investment with a replacement approach. More details will be released over the next few months.

Migrating to Hosted Voicemail

Rather than move all the users’ Skype for Business capability into the cloud from the start, many customers are starting with migrations of email to Office 365. This also has the advantage in that email, being non-real-time, is easier to manage remotely, and the Exchange portions of Office 365 are much more mature and feature comparable.

Prior to the Cloud PBX offering, there were significantly more features available with the on-premises deployments of Skype for Business or Lync Server. As a result of this leading by email approach, some customers are continuing with Skype for Business on premises but moving the voicemail aspects (Exchange Unified Messaging) to the cloud.

This is relatively straightforward to configure. You simply need to create the dial plans for Exchange in the cloud, and then rather than run the OCSUMUtil.exe application to create contact objects for the dial plans (see Chapter 22), you need to create the contacts manually (using PowerShell).

You also need to set the HostedVoiceMail values on the user account to ensure that the on-premises infrastructure knows to direct the traffic to Office 365.

Configuring Office 365 Dial Plans

From within the admin portal of Office 365, you need to create a new dial plan for Unified Messaging. This will be found in the Exchange Admin Center, under the Unified Messaging section.

The dial plan should be a SIP URI dial plan and configured to match your phone extension’s digit length. Once created, edit the dial plan and select Configure (see Figure 10.23).

Screenshot shows UM Dial Plan window with Name, dial plan type, extension length, configure button, UM auto attendant et cetera.

FIGURE 10.23 Editing the Office 365 UM dial plan

The next window that opens shows a summary of the dial plan configuration and has some additional configuration items on the left side. Select Outlook Voice Access to configure the numbers to be used to access voicemail. This number will be used later when configuring the contact object for Skype for Business.

Figure 10.24 shows the numbers needed to be configured. The top number must be in E.164 format, and the numbers below are simply text fields so can contain any logical display of numbers, in this case providing the national dialing number of the United Kingdom (0) as well as the E.164 number. These are included in the Unified Messaging welcome email sent to users when they are enabled for Unified Messaging.

Screenshot shows UM Dial Plan window with Outlook Voice Access menu opened along with fields to fill telephone number, change buttons for default greeting and informational announcement and buttons for Save and cancel.

FIGURE 10.24 Defining the Outlook Voice Access numbers in Office 365

Multiple numbers can be entered on this page if required; each will need contact objects created in Skype for Business.

The users can be enabled or disabled for Unified Messaging in the Recipients section of the Exchange Admin Center. Figure 10.25 shows an account as enabled and where to change it.

Screenshot shows Exchange admin center window with recipients menu selected. It shows a searchbox along with search results on bottom. A link is also provided for disabling phone and voice features.

FIGURE 10.25 Enabling or disabling users for Office 365 Unified Messaging

Now that you’ve configured Office 365 with a dial plan and enabled users, you need to tell the Skype for Business environment where and how to route calls to voicemail.

Configuring On-Premises Skype for Business

You first need to ensure federation is enabled with the correct settings. The configuration should have the following:

  • AllowFederatedUsers set to True
  • EnablePartnerDiscovery set to True
  • RoutingMethod set to UseDnsSrvRouting

Use Get-CsAccessEdgeConfiguration to confirm and modify as necessary using the following:

Set-CsAccessEdgeConfiguration -AllowFederatedUsers $true -EnablePartnerDiscovery $true -UseDnsSrvRouting

You then need to define the Office 365 Exchange environment as a hosting provider using the following PowerShell:

New-CsHostingProvider -Identity "Exchange Online" -Enabled $True -EnabledSharedAddressSpace $True -HostsOCSUsers $False -ProxyFqdn "exap.um.outlook.com" -IsLocal $False -VerificationLevel  UseSourceVerification

At this stage, you’ve configured Skype for Business for federated access and also the location of the Office 365 UM gateways.

Next, you need to define the Hosted Voicemail policy, which will be applied to the users whose mailboxes are being moved.

New-CsHostedVoicemailPolicy -Identity Office365UM -Destination exap.um.outlook.com -Description "Office 365 Voicemail" -Organization "rlscomms.onmicrosoft.com"

Here, you’ve defined the policy, Office365UM, and the destination FQDN, exap.um.outlook .com, as well as the organization, rlscomms.onmicrosoft.com. The organization must be your .onmicrosoft.com domain associated with your Office 365 tenant.

Finally, the last infrastructure configuration step is to configure the contact object associating the Outlook Voice Access number with the online environment. Using the same E.164 number as defined in the Office 365 dial plan, create the contact.

New-CsExUmContact -DisplayNumber +445551231234 –SipAddress sip:ex365um@rlscomms .net -RegistrarPool se01.rlscomms.net -ou "OU=Contacts,DC=rlscomms,DC=net"

Then apply the Hosted Voice Mail policy to the contact object.

Grant-CsHostedVoicemailPolicy -Identity sip:[email protected] -PolicyName Office365UM

Once these steps are all completed, the on-premises infrastructure is able to find and route to the Office 365 Unified Messaging infrastructure. The only tasks remaining are to apply the Hosted Voice Mail policy to the user accounts that have been moved and to enable it for hosted voice mail.

Grant-CsHostedVoicemailPolicy -Identity sip:[email protected] -PolicyName Office365UM
Set-CsUser -Identity sip:[email protected] -HostedVoicemail $true

The Bottom Line

Understand the hybrid architecture model. Skype for Business introduces the new capability of a hybrid model that allows hosting some users of an organization on premises in the traditional way of having an on-premises infrastructure deployed but also hosting other members of the organization in a cloud solution.

Master It Lync Server 2013 (and previous versions) provides support for multiple SIP domains in the same deployment within an Active Directory forest. What change to this model does the hybrid deployment in Skype for Business require?

Understand the capabilities of a hybrid deployment. Users can be hosted either online in the cloud or on premises on a local infrastructure. Each location provides a common set of features, but not all are available when users are using Skype for Business Online.

Master It Which features are available only in an on-premises deployment?

Understand the call flow for media in different scenarios. Skype for Business can be a complex product when it comes to understanding signaling flows and media flows. Using Edge servers adds additional complexity, and having an additional pool hosted in the cloud adds a level of complexity beyond simple Edge servers!

Master It Describe the call flow path between two users, Linda and Rob. Linda is calling from a cell phone to Rob’s Skype for Business phone number. Rob is a Skype for Business Online user and is located currently on the corporate network.

Understand the required steps to configure a hybrid deployment. Introducing a hybrid scenario to a local Skype for Business environment requires a number of additional configuration items to be carried out. Some are as basic (and expected) as firewall port configuration, while others are significantly more complex, such as ADFS configuration.

Master It You are configuring your organization for a hybrid scenario and need to configure rules for the proxy exceptions list. What do you need to configure?

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.43.122