This was a question from a national vocational university. They wanted to know if they needed multiple NICs/VLANs and a Perimeter for OCS R2 Edge since they didn’t have one already.
One or two NICS?
The answer is two NICs are now required for OCS R2 Edge where you could get away with a single NIC in R1.
Multiple VLANs or Perimeter needed?
With two NICs, you also need multiple VLANs to accommodate this. Placing the Edge in a firewalled Perimeter is strongly recommended.
Two sample Edge VLAN configurations
Single Consolidated Edge server:
Sample Load Balanced Consolidated Edge VLAN:
What are the Edge roles I need to deploy again and what do they do?
Do I need a unique IP for each role in consolidated Edge?
Yes, a unique IP is required per role (3 per External NIC).
Can I NAT the A/V Edge role?
If you are deploying a single consolidated Edge server you can NAT the A/V Edge role IP however it is not the recommended method of deployment. The sample VLANs above show the recommended method.
If you are deploying a load balanced consolidated Edge array NAT is not supported and an external routed IP is required. See VLAN sample above.
How many certificates do I need for Edge?
Internal NICs need one cert:
Go here for more info.
External NICs need two certificates:
Note: I heard these could be combined by adding the FQDN of Access and Web Conf roles to the same SAN cert.
Other certificates for Edge:
With load balanced Edge consolidated servers can I use software load balancers?
No, a hardware load balancer is required.
What firewall ports do I need to open with Edge?
More info go here.
Other Edge Best Practices
•Have 2 NICs in both your Edge and ISA servers
•Put them on completely different networks
•Have the default GW on the external facing NIC only (and pointed outside)
•Use 3 IP addresses associated with the external facing Edge NIC
•Create a persistent static route between the DMZ and corpnet if the internal facing Edge NIC is not on the same network as the Pool FE
•If you use a split zone DNS make sure there is no overlap in how names resolve internally and externally when dealing with Edge interfaces
•Confirm that firewall rules allow contact with the correct set of devices internally and externally, that they are open in the correct direction and associated with the correct protocols
•Make sure you assign a dedicated AV Auth cert
•Make sure the Edge server knows about the pool and the pool knows about each of the Edge roles and that AV didn’t accidentally default to 443
A session border controller is a device that can provide signaling and media streams in voice over IP networks. It’s usually involved in setting up, conducting, and tearing down sessions (or telephone calls) as well as other interactive media communications.
In this case border is typically a demarcation between one network or another. Just as a firewall demarcs the end of the campus network the SBC provide security and manage session flow data across borders.
So this black box is typically viewed as a security box for VoIP communications. It’s use is on the rise and I’m sure we will think of other methods of implementation in the future.
One implementation is between Office Communications Server (OCS) IBM Lotus Sametime. The job of an SBC, then, is to sit in amongst the streams of SIP, and facilitate voice, video, IM and presence, which could mean protection against denial-of-service (DoS) attack at the SIP interface, but could equally mean just simply overcoming connectivity difficulties such as getting past NAT or firewall devices.
Today we typically see SBC’s in use with Service providers but new devices are bringing this to the masses. Convergence and BorderWare are using typical server specs to bring SBC Software to the masses. So SBCs can and probably will be used by customers on-premise to connect to external services.
Today Microsoft is using SBCs with Service providers to provide SIP Trunking for OCS R2. This trunking provides ability of OCS to connect to the IP Telephony Service Provider for PSTN connectivity. We currently have Sprint and Global Crossing qualified for SIP trunking.
There are some nice banners, posters, stickers, etc to use for your rollout.
There is also some nice end user leave behinds you can use:
Grab the material here.
More R2 Communicator specific training here.
More Live Meeting training here.
The Unified Communications Adoption and Training Kit is slated to be available here starting around April 2009.
New Conversion Tool
A new conversion tool just came out that takes a Live Meeting recording package (service or OCS server) and converts it to a WMV file. This allows you to stream your OCS meeting to playback. Benefits include multi-cast support, multiple bit-rate playback, easier SharePoint integration using “Links” web part.
Coverts standard LM recording such as this:
To a single video file:
Download the tool here.
I tested a OCS 2007 recording yesterday (audio only, no video) and came up with the following results:
Meeting length: 1 hr 16m
Audio-only recording with some app-sharing:
· 1024x768 741mb (default), 10mb/min
· 640x480 371mb, 5mb/min
· 320x240 128mb, 1.7mb/min
Lecture On Demand
I have seen a lot of interest in Education for playback of Live Meeting lectures and meetings. Some schools are posting the Live Meeting lectures to SharePoint and and using technologies like VidiTalk or Windows Media Services to stream the lecture to a PC or a mobile device on demand.
I have also seen schools incorporate recorded Live Meeting Lectures with the free Pod Casting Kit for SharePoint (above) to enable students to download the lecture to their iPod or Zune players.
FSOCS provides protection against malware in IM communications and is designed for OCS 2007 and OCS 2007 R2. It has multiple scanning engines to facilitate scanning. It also can use content filtering in schools to provide protection against inappropriate content. This is a 64-bit release and supports the OCS 2007, OCS 2007 R2, and Access Edge roles to protect IM internally as well as from external federated channels. FSOCS was featured in the OCS R2 virtual launch sessions that you should check out. There is new content on FSOCS including a new demo walk though, case studies, and a datasheet.
This was a question I was asked from a university in the Midwest who was interested in moving from another email platform to Exchange in the cloud.
As you may or may not know, we are extending Exchange Server and Office Communications Server into the cloud as part of our Software+Services vision. For Exchange, we have three Exchange cloud offerings to choose from.
Where do I begin?
First you should identify what are the key email service requirements for your school district or campus.
An example of some requirements:
What factors are driving me to the cloud?
Do we require service level agreements? What are they? Do we have Exchange in house expertise? What are my mobile device needs? Do we have archiving needs? Do we have backup needs? Do I want to host just students, faculty and staff, or both? Are you currently on Exchange or another email system? Do you currently have OCS? What do I need to migrate? Do I want other cloud services now or in the future such as conferencing, IM, SharePoint, etc? What is my unified communications roadmap? Does it include OCS voice? Do I need voicemail?
Do we require service level agreements? What are they?
Do we have Exchange in house expertise?
What are my mobile device needs?
Do we have archiving needs?
Do we have backup needs?
Do I want to host just students, faculty and staff, or both?
Are you currently on Exchange or another email system?
Do you currently have OCS?
What do I need to migrate?
Do I want other cloud services now or in the future such as conferencing, IM, SharePoint, etc?
What is my unified communications roadmap? Does it include OCS voice?
Do I need voicemail?
Other requirements
What are the Exchange offerings?
1) Exchange Online Standard – which most Education customers will more than likely use for faculty and staff. This provides you most Exchange functionality (Spam filtering, Outlook anywhere, Activesync, OWA, etc), SLAs, 5GB quota, backups. It also has archiving, and Blackberry support at additional cost per month if needed. It is a lower cost point since it is multi-tenant. Note: The site linked above does not reflect Education pricing.
2) Exchange Online Dedicated – which only very large Education customers will use with 20,000 mailboxes or larger. This is more geared towards enterprise customers and therefore more cost effective for Education customers with larger number of mailboxes. This is a higher cost point since it is dedicated servers for just your mailboxes, dedicated administrators, etc. Note: The site linked above does not reflect Education pricing.
3) Outlook Live – which is an email option of Live@Edu and is free for Students and Alumni and can also host faculty and staff. We are currently hosting over 4 million students on the platform. A perfect fit for students and alumni since students can use Outlook Anywhere, iPhones, etc and it relieves the pressure off of your current email platform (rackspace, storage, viruses, etc).
For faculty and staff, it may or may not be a good fit based on your requirements above. Since it is free, there are no hard SLAs, no backups, no archiving and no BES support at this time. You do get a larger quota 10GB, and it is on Exchange14 beta so you get some new feature benefits.
4) On premise Exchange – This provides you the most flexibility since you can also have Exchange voicemail, custom transport rules, etc. This also allows you a richer on premise OCS experience for voice and conferencing.
5) Hybrid combination of cloud and on premises
You may have a need to have some on-premise Exchange and some cloud based Exchange. I have seen where executives may have a local Exchange server and everyone else is in the cloud.
What is BPOS?
BPOS stands for Business Productivity Online Suite (Standard). It consists of Exchange Online, OCS Online, Live Meeting Online, and SharePoint Online. You can get sign up for all these services per individual or mix and match services per individual need.
Here is a breakdown of the BPOS features:
Does OCS Online have every feature of OCS on premises?
At this point in time, it does not have federation and enterprise voice.
Which Exchange offering should I use?
For students, I think Outlook Live/Live@Edu is a no brainer since it is free and allows you to synchronize with on-premise Exchange if needed. Lots of interest to move students to the cloud.
For faculty and staff, this all depends on your core email service requirements. A lot of customers considering this want to move from an alternate email platform and do not want to hire in house Exchange experts for example. Other customers want to cut costs and gain stability by using our Microsoft Exchange administrators in our datacenters.
You certainly should think about your OCS voice strategy and how that plays into your strategy since placing Exchange in the cloud will greatly reduce the OCS on premise experience.
In my opinion at this point in time, I think most education customers will either stay with Exchange on premises or go with Exchange Online Standard. The benefits of Exchange Online over Outlook Live are you get SLAs, BES, Archiving, etc. at the time of this post.
Another benefit customers have told me with Exchange Online is they like having the flexibility of using the other BPOS services such as SharePoint Online, OCS Online, and LiveMeeting Online. They also like the fact you can mix various offerings (e.g. 500 full BPOS, 1000 Exchange and MOSS Online, and 500 Exchange only) and even a deskless worker option which is a reduced Exchange experience (OWA only).
Feel free to post what your school is considering as I would be interested in what direction education customers are thinking.
For an Exchange Online Standard 30-day trial you can try it here.
One of the things we did in R2 is review the edge topology and made significant changes in operation. We went from 20,002 inbound traffic from the Internet to 2 ports for inbound traffic. OCS provided UDP and TCP ports for Federated Audio/Video. We have re-engineered this sequencing to provide federated audio over 3478. Keep in mind if you plan to federate with another school and they aren’t running OCS R2 then you’ll have to use the OCS 2007 method as the old server won’t recognize the traffic change.