OCS R2 does introduce new schema classes and attributes to accommodate for some of the new roles. So a schema update is required to deploy OCS R2 regardless if you have prepped for OCS RTM or not. Here are list of the Classes that are new (this is not a full list of classes):
msRTCSIP-ApplicationServer - holds entry for SCP for UC Application Server (UCAS) msRTCSIP-ApplicationServerService - class provides an association from a specific pool to its application server msRTCSIP-ApplicationServerSettings - aux class to msRTCSIP-Application Server holds attributes for application servers msRTCSIP-ConferenceDirectories - class is a container for multiple instances of conference directories and doesn't contain any attributes itself msRTCSIP-ConferenceDirectory - this class holds attributes representing settings for a specific conference directory msRTCSIP-DefaultCWABank - aux class holds settings for CWA bank. msRTCSIP-LocationContactMapping - class is created by conference auto attendant (CAA) and holds attributes used to categorize conference numbers by region msRTCSIP-LocationContactMappings - class is container for multiple contact mappings. Doesn't hold attributes itself. msRTCSIP-MonitoringServer - class hold attributes that represent settings for a single monitor server.
These are the ones that I've seen so far. I'll publish the link to the Active Directory OCS R2 Reference document when it's published.
Keep in mind that the schema prep is run once against the schema master for each AD Forest where you plan to deploy OCS Servers. In a resource forest then run in the resource forest not the user forest. In a central forest run only on central forest not in user forest.
So for the installation it's similar to past installs with schema prep, forest prep, and domain prep. The forest prep creates global settings and universal groups that are used by OCS, and domain prep adds permissions on objects to be used by members of universal groups.
Do I have to migrate server or client to R2 first?
Migrate the servers first and then clients. The preferred server option is called a side by side migration. More on that below.
What server options do I have to migrate to R2?
You have two options:
The first option is the preferred option called a side by side migration which provides the least amount of downtime but requires additional hardware.
The second option is where you export data, tear down production, and then rebuild R2 on the same hardware if it is 64-bit capable. The final step is to re-import the user data. This saves money on hardware but requires downtime to make the switch.
Side by side migration
For a side by side migration, the recommended approach is called an inside out migration since you internal components first and then you migrate Edge roles. The steps are as follows:
Note1: R2 users can continue to use R1 director and R1 Edge roles
Note1: R2 users can continue to use R1 director and R1 Edge roles
Note2: You can move back to R1 from the R2 pool if needed
Note2: You can move back to R1 from the R2 pool if needed
How do you move LCS 2005?
You can move LCS 2005 SP1 users as well to an R2 pool – Note: Don't enable enhanced presence to still use LCS client - if you want to use enhanced presence upgrade client
What if users are logged into LCS or R1?
This is okay as users will be re-logged in after they are moved.
Export data migration
This is the second choice in R2 migration options but if HW is limited, etc this may be an alternative:
In the next post, Greg will post about how to migrate Edge, CWA, and Mediation servers to R2.
I got this question from a Colorado customer. They were getting this pop when installing R2:
The question they had was:
Where should I store the OCS R2 global settings in the System or Configuration containers?
The answer is of course it depends and here is a useful flowchart from the R2 deployment guide to help you decide:
In my customer’s case they had an empty root domain, so my recommendation was to move them from the System container to the Configuration container.
Why should I care where my OCS global settings reside?
For the most part you shouldn’t but what we have seen is some cases if you selected System container and the root domain was unavailable it created some problems with OCS performance. Due to this we now default to the Configuration container for OCS global settings. We also throw a pop up (above screen shot) if you are selected the System container prior.
The rule of thumb is if you can switch your global settings to the Configuration container do so since once you continue the R2 install with the settings in the System container it cannot be reversed.
How do I move the OCS global settings from System container to Configuration container?
Here are the steps from the R2 deployment guide:
You can run any of the following steps in read-only test mode by appending the /Check parameter to the MigrateOcsGlobalSettings command. This parameter prints the status of target objects and properties without making updates.
If any of the following steps fails to complete successfully due to network, replication, or permission issues, you can rerun the step until it completes successfully.
Before you begin the migration process, use the Office Communications Server snap-in to stop all Office Communications Server services on all Office Communications Servers.
To migrate global settings to Configuration container
1. Copy the global settings tree structure to the Configuration container by opening a command prompt and then running the following command:
cscript MigrateOcsGlobalSettings.vbs /Action:MigrateGlobalSettingsTree
2. Copy the global settings attributes to the Configuration container as follows:
cscript MigrateOcsGlobalSettings.vbs /Action: MigrateGlobalSettingsProperties
3. For Office Communications Server 2007 and Live Communications Server 2005 with SP1, run forest preparation to set permissions as follows:
Do not use the Office Communications Server Prep Forest wizard for this step. The wizard will show that the forest is already prepared, although the ACEs are not in the new container yet.
LcsCmd /Forest /Action:ForestPrep /global:configuration
For Live Communications Server 2005 with SP1, also run domain preparation in every domain the runs Live Communications Server as follows:
LcsCmd /Domain /Action:DomainPrep
Wait for the global settings tree to replicate to most forest global catalogs before proceeding to the next step.
4. Update server distinguished name (DN) references to the new global settings tree as follows:
cscript MigrateOcsGlobalSettings.vbs /Action: MigrateServerDnReferences /SearchBaseDN:<server search base DN>
Where /SearchBaseDN specifies the migration scope for servers.
5. Update DN references for user, contact, and inetOrgPerson objects to point to new global settings tree as follows:
cscript MigrateOcsGlobalSettings.vbs /Action: MigrateUserDnReferences /SearchBaseDN:<user search base DN>
Where /SearchBaseDN specifies the migration scope for users.
Wait for this step to complete before proceeding to the next step (for example, with stable network connectivity, it takes about one hour to migrate 30,000 users).
Use the Office Communications Server snap-in to restart the Office Communications Server services.
6. Try to send instant messages and perform some conferencing tasks to verify that the migration was successful.
Remove the original global settings tree structure from the System container as follows:
Do not perform this step until steps 5 and 6 are complete.
cscript MigrateOcsGlobalSettings.vbs /Action: DeleteSystemGlobalSettingsTree
These are a set of voicemail questions coming from a university in Chicago:
Does a call made from the UM server through PBX have the originators number as the caller (play on phone option)?
For Play on Phone, it depends on which number you pick. For example, in our case we also have OCS voice as our primary voice therefore it defaults to my SIP URI for Play on Phone and I basically call myself with my Caller-ID. If I pick my cell, for Play on phone, however it shows the Outlook Voice Access pilot number calling me.
Can I get a list of vendors offering an MWI application with Exchange integration?
Two main vendors I have seen used for lighting the red lamp: Geomant and Enabling Technologies.
I have also seen universities write their own MWI solution using Exchange Web Services. Typically, what I have seen during Exchange UM pilots is the value of the little red light on the phone gets greatly diminished since you are getting voicemails directly in your inbox.
What happens when multiple people have the same extension in Exchange? Does it create a auto-menu of sorts?
You do need a unique extension and a unique SIP URI in order receive an Exchange voicemail. It will not let you provision additional UM users with the same extension.
I have seen where you can have a single voicemail mailbox for multiple users or you can use an autoattendant and then have subtrees for each user.
Can I get some documents on system architecture and menu administration (phone tree)?
OVA phone tree is here.
UM system architecture here.
Does it do time of day menus?
Yes, you can have different autoattendants based on business hours, non-business hours, and holidays. More here and here.
Can you have a “Zero Option” for you voicemail (where a caller is given the option to press a number to forward to a predefined number like an assistant instead of going to voicemail?
Yes, there is a personal operator extension per user.
Is there documentation on setting up the system attendant for the tree answer hierarchy?
Here and here.
The topology for OCS architecture has changed for R2. We know support three topologies:
Consolidated Edge – in RTM We needed a Public IP address for the outside edge. In R2 we’ve changed that if you are using a single consolidated edge. In this scenario you can NAT the external IP address. This will help with small installations of OCS.
Load Balanced Edge – NATing can’t be done as we have multiple External Edge and the H/W load balancer wouldn’t not which Edge to route traffic to. In this scenario the External Edge will need Public IP Addresses. For most schools this isn’t an issue but a very important distinction.
Finally we have multi-site Consolidated Edge Configuration
We have made significant changes in the design of the edge for A/V which reduce the external edge external firewall ports from 20K to 2. No inbound TCP/UDP port range is required on external firewall. Also the outbound UDP port range is not required. So 3478 and 443 are only ports needed. There are restrictions such as federation with an OCS RTM A/V Edge server. In this scenario the same ports are required as for RTM. This is important if your plans are to federate with other schools.
Reverse Proxy also has more responsibilities in an R2 configuration. If you support external devices the Device Update Service requires a reverse proxy. The reverse proxy must be configured to publish these directories:
We didn’t discuss certs here but the last thing I’ll mention today is the desktop sharing. Desktop sharing requires both CWA and AV Edge. CWA needs to have reverse proxy and media traversal for desktop sharing happens via the AV Edge.
The Planning Tool is great for helping you with an initial design for OCS R2. The wizard will guide you through the process including discovery of design parameters such as web conferencing, enterprise voice, VoIP gateway, Mediation, etc.
It uses this to draw a topology for you such as the one below. This one was for 10,000 users with Group Chat, Web Conferencing, Enterprise Voice, External users and Federation, Archiving and Monitoring. When hovering over each server it gives you the recommended hardware specs needed for deployment. The tools also gives you links to planning guides as well as useful information such as our server user model to understand the params we use to profile user base for the modeling. http://technet.microsoft.com/en-us/library/dd425159(office.13).aspx
You can download the tool here.
Since the launch we have had plenty of good R2 info coming in. Here is just sample:
‘Time to Ebay the PBX’ NetworkWorld Podcast and article
I also thought this was a great Podcast interview of Terry Gold, founder of Gold Systems, from Mitchell Ashley at NetworkWorld. The interview was about Gold’s internal OCS R2 deployment. We have used Gold as a voice partner with several education OCS/UM rollouts and some large Fortune 500 companies.
What I found most interesting is how much Gold is planning on saving per month ($5k+) for 100 users by moving to R2. Their goal is to retire their PBX, 3rd party conferencing, T1 voice and long distance lines with our OCS R2 SIP Trunking, etc within 3 months.
Here is the Podcast.
Here is the article.
$214 million saved annually per year at Microsoft with our UC platform
Another good read is our internal 3 year 240% ROI study based on what we have saved with our UC platform by deploying OCS R2 enterprise voice to 40,000 users (no PBX) and Exchange voicemail to 75,000 users
Here is the study.
University of Kentucky OCS R2 Case Study
The team at University of Kentucky is really getting some great OCS 2007 benefits on their campus. Here.
Forester study on the Total Economic Impact study of our Microsoft UC platform:
Here is the Forester study showing the huge savings on travel, telephony costs, productivity, voicemail, etc. Note: The data used in the ROI calculation is non-education pricing so the ROI would be even higher in education.
Here are some useful March 2009 R2 whitepapers:
Office Communications Server: What’s New in Office Communications Server 2007 R2
Office Communications Server 2007 R2 introduces not only a number of brand-new features, it also delivers some significant enhancements to existing functionality. Here’s an overview of some of the most important new features and functions you’ll find in this latest release. Stephanie Pierce
Office Communications Server: How Remote Call Control Powers OCS 2007 R2
The Remote Call Control capabilities in OCS can be used to extend your R2 deployment to legacy devices. Find out how to configure Remote Call Control to provide rich OCS capabilities in an environment with a PBX system. Rajesh Ramanathan
Office Communications Server: Securing OCS with ISA Server
To securely extend your OCS 2007 infrastructure to remote users and organizations, you need to deploy one or more Edge Servers and provide reverse proxy access to these servers. Here’s what you need to know to use and configure ISA Server 2006 as a reverse proxy for your OCS deployment. Alan Maddison
Office Communications Server: Managing OCS 2007 R2 from the Command Line
Though you can configure Office Communications Server using wizards, there are times it makes sense to work from the command line. Explore the LCSCmd command-line tool and see how you can use it to set up OCS 2007 R2. Greg Stemp and Jean Ross
A common request for RFP is support for TTY. What is it? A TTY is a device that enables people who are deaf, hard of hearing, or speech-disabled to use the telephone by typing messages back and forth to one another instead of talking back and forth. In order to communicate, a TTY is required at both ends of the conversation, unless the call is placed through Relay. OCS now supports integration with TTY with OCS R2.
Under options you can turn on tty mode and connect a keyboard to a device such as the Catalina phones for OCS. I haven’t seen documentation on this yet but I’ll post when I know more.
Forefront Security for OCS Beta 3 Now Available
The Beta 3 for Forefront Security for Office Communications Server (FSOCS) is now publicly available for download. FSOCS provides fast and effective protection against malware and out-of-policy content in IM conversations and attachments for Office Communications Server 2007 (OCS) environments. This new release includes:
- Support for OCS 2007 R2
- Support for OCS 2007 Enterprise Edition server roles
- Integration with OCS 2007 Access Edge role to add protection from external public IM threats
Like other Forefront server security products, FSOCS uses multiple engine scanning to provide superior detection of latest threats over single engine solutions. The FSOCS RC is shipping with five antimalware engines from Microsoft and industry-leading security partners.
The scanning of IM for viruses includes Public IM (Sametime integration, Yahoo, MSN, AOL), Group IM, and IM Based file transfers. Scanning does require the servers to proxy peer to peer communications so that the servers can capture the IM traffic.
Download the Beta today!
I think it’s important to point out that Desktop sharing can be done with Communicator Web Access across multiple platforms. Keep in mind that only IE, Firefox on Windows can host the session but it can be viewed on a variety of formats.