This posting is provided "AS IS" with no warranties, and confers no rights.The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway. Please use the Microsoft Forums for support requests.
In my job, I do a lot of UC pilots. Before heading to a potential customer, I usually write a small technical document with the hardware and software requirements.
Over time, I noticed that these pilots are very similar, that's why I decided to write this post. My objective is to list a small Bill of Materials for a UC pilot capable of delivering the following features:
The image below depicts the reference architecture for a pilot like this:
Finally, here's a table with the recommended Bill of Materials:
The architecture figure shows a single Edge server, because, for simplicity, we use the consolidated edge topology: the Access Edge Server, Web Conferencing Edge Server, and A/V Edge Server are collocated on a single computer.
Since the Edge server is placed on a perimeter network (or DMZ), the firewalls must be configured in order to allow the OCS network traffic. All the required ports are depicted on the next picture (the different Edge roles are shown as separate machines for better understanding, but only one server will be used).
Although Exchange Server 2007 is part of the Microsoft Unified Communications portfolio, it isn't listed here. I intentionally left it out, because usually the Exchange infrastructure is already in place. And after all don't forget, this is just for reference, there isn't such a thing as 2 equal customers with equal business needs.
What are the next steps? The immediate one is to gather the necessary technical information. I strongly recommend the following documents:
This pretty much covers the requirements for a successful UC pilot. If you already have all this stuff in place, hey, give me a call and I'll pay you a visit!
Communication between the Communicator Phone Edition and Office Communications Server 2007 is by default encrypted using TLS and SRTP. Therefore the device needs to trust certificates presented by Communications Server 2007 servers. If you're using a well known Public Root CA (see table below), the certificate will automatically be trusted by the device.
If you're using your own private Root CA the device may or may not trust the certificate. Communicator Phone Edition will query AD for objects of category certificationAuthority (CN=Certification Authorities, CN=Public Key Services, CN=Services, CN=Configuration, DC=<domain>, DC=<tld>). If the query does not return any object or if the objects have empty caCertificate attributes the device will search for AD objects of category pKIEnrollmentService.
If you deployed Windows Certificate Services on a domain member server, that server will probably be already published. If not, to have the Root CA certificate placed in the caCertificate attribute, use the following command:
certutil -f -dspublish <Root CA certificate in .cer file> RootCA
Jens Trier Rasmussen has a nice blog post about this procedure.
But now imagine that you use a private certificate with a deep certificate path, how would you add the full certificate chain to AD?
I first came up with this problem recently, when I had to use a certificate from Saphety, a Portuguese public Certification Authority. Although Saphety certificates are generally trusted, since they are signed by ValiCert, this particularly long certification path (see figure below) was causing problems when used with Communicator Phone Edition. The symptoms were the same as if the certificate was not trusted.
The solution is to publish the whole certificate chain (both the Root CA and all subordinated CAs) in Active Directory. Here are the detailed steps:
And that's it. Communicator Phone Edition should now be able to download the certificate from OCS and trust it. For more information, read Microsoft Communicator Phone Edition Deployment Guide.
Unified. Now.
This is the tagline for the Microsoft Unified Communications (UC) offer for FY'09. You may remember other taglines, such as "Unified. Simplified.", which was last year's tagline or "VoIP As You Are", Microsoft's approach to enterprise VoIP.
Each of these taglines represent Microsoft vision for Unified Communications, where presence is the heart of UC and software is the power that leverages complete communications across the applications and devices that people use every day.
As of today, this blog will be dedicated to Microsoft Unified Communications, covering technical aspects of the solution, news and announcements, tools, tips and personal experiences with all the UC products: Office Communications Server, Exchange Server, Office Communicator and Live Meeting.
My name is Rui Silva, I'm a Technology Solution Professional (TSP) - Core UC - at Microsoft and my status is "Available" to contribute for the technical community. Before joining Microsoft I was nominated MVP in Exchange Server for 3 years and I'm also the author of 3 other blogs: http://msmvps.com/blogs/ehlo, http://blogs.msexchange.org/silva and http://ehlo.blogspot.com (Portuguese).
Welcome to my new blog! Feedback is always welcome.