Bill & Greg's Most Excellent Adventure

Planning for OCS 2007 Part I

Alot of people ask me "How many servers do I need for OCS? How should they be deployed?" etc. The first thing to understand in deploying OCS is to understand the scenarios you want to accomplish with OCS. OCS is a very powerful software collaboration tool. Understanding the scenarios helps you understand the server roles that are required to support your configuration. So if we focus on scenarios we have the following:

1. Instant Messaging (IM) and Presence - IM for Internal users only (Staff/Faculty)
2. Conferencing with Audio/Video - Conferencing for Internal users only (Staff/Faculty)
3. Remote Access Scenario for IM and Presence - IM collaboration without Barriers (Students/Staff/Faculty can collaborate) Note - all users using Microsoft Office Communicator (MOC)
4. Remote Access Scenario for A/V and Conferencing - full collaboration without Barriers (Students/Staff/Faculty can colloborate on and off campus)
5. Federation Scenario - setup relationships with other schools or organizations and securely collaborate with them.
6. Public IM Connectivity (PIC) scenario - AOL/MSN/Yahoo integration with your instituation. This allows scenarios such as perspective students to talk to faculty and staff that are using MOC.
7. Phone Control Scenario (RCC) - Remote call control - work with phone system. phone system anchors call.
8. Enterprise Voice Scenario - OCS intiates and anchors call for users.

Sounds like alot. It is. So we need to understand how our school intends to use OCS.

So if we use the above scenarios we can start to see what servers are required to meet the scenarios needs:

1. OCS Standard or Enterprise Edition
2. A/V and Web Conferencing server
3. Access Edge Server
4. Access Edge Server, Web Conferencing Server Edge Server, and A/V Conferencing Edge Server
5. Access Edge Server, Web Conferencing Server Edge Server, and A/V Conferencing Edge Server
6. Access Edge Server, Web Conferencing Server Edge Server, and A/V Conferencing Edge Server
7. 3rd party PBX
8. Mediation Server

At this point we have started to identify servers needed for deployment. What we need next to understand what topology we need for deployment. I'll talk about that in my next post.

Adding favorites programmatically to OWA

In OWA you can provide access to documents and control those permissions for private and public access. What my customers are asking is how can I prepopulate these favorites. There isn't a really easy way or supported way to do this today but it can be done programmatically. One of my collegues has outlined the procedures to do this here: http://gsexdev.blogspot.com/2007/10/adding-document-favorite-links-for.html

This is unsupported but is really cool.

Load Balancers

One of the big differences between LCS and OCS is the need for hardware load balancers for the Enterprise pool. You can use a load balancer that supports SNAT (source network address translation) or DNAT (destination network address translantion). SNAT is recommended due to ease of deployment. SNAT is also limited to 65K users so if you have more users you need to have an SNAT IP address for each group of 65K users. So if you were deploying OCS for 100K users you would need two SNAP IP addresses.

Why not NLB? http://blogs.technet.com/toml/archive/2005/05/03/404430.aspx 

Timeout values and best practices: http://blogs.technet.com/toml/archive/2005/08/06/408754.aspx 

If you are deploying in an expanded pool configuration the FE servers are placed in a distinct IP subnet, the Web Conf, A/V and Web Component servers must reside outside this subnet.

A load balancer for an Office Communications Server 2007, Enterprise Pool must meet the following requirements:

• Expose a VIP Address through ARP (Address Resolution Protocol). The VIP must have a single DNS entry, called the pool FQDN and must be a static IP address.
  
• Allow multiple ports to be opened on the same VIP. The following ports are required.
  

  Hardware load balancer ports that are required for Office Communications Server 2007

  Port Required	Virtual IP	Port Use
  5060	Load balancer VIP used by the Front End Servers	Client to server SIP communication over TCP
  5061	Load balancer VIP used by the Front End Servers	Client to Front End Server SIP communication over TLS SIP Communication between Front End Servers over MTLS
  135	Load balancer VIP used by the Front End Servers	To move users and perform other "pool" level WMI operations over DCOM
  444	Load balancer VIP used by the Front End Servers	Communication between the internal components that manage conferencing and the conferencing servers
  443	Load balancer VIP used by the Web Components Server	HTTPS traffic to the pool URLs

• Provide TCP-level affinity. This means that the load balancer must ensure that TCP connections can be established with one Office Communications Server in the pool and all traffic on that connection will be destined for that same Office Communications Server.
  
• Each Front End Server must have an IP address that is directly routable within the internal network (specifically to allow communications between Front End Servers across different pools).
  
• The load balancer must provide a configurable TCP idle-timeout interval with its value set to 20 minutes or greater. This value must be 20 minutes or higher because it should be above the following values:
  
  • Maximum SIP connection idle timeout of 20 minutes (this is the major determining value).
    
  • SIP Keep-alive interval 5 minutes.
    
  • Maximum REGISTER refresh interval of 15 minutes in absence of keep-alive checks.
    
• Enable TCP resets on idle timeout; also disable TCP resets when servers are detected to be down.
  
• Front Ends within a pool behind a load balancer must be capable of routing to each other. There can be no NAT device in this path of communication. Any such device will prevent successful RPC between Front End Servers within a pool.
  
• Front Ends behind a load balancer must have access to the Active Directory environment.
  
• Front Ends must have static IP addresses that can be used to configure them in the load balancer. In addition, these IP addresses must have DNS registrations (referred to as Front End FQDN).
  
• Any computer running Office Communications Server 2007 administrative tools must be able to route through the load balancer to both the Pool FQDN as well as the Front End FQDN of every Front End in the pool(s) to be managed. In addition, there can be no NAT device in the path of communication to the Front Ends to be managed. Again, this is a restriction enforced by the usage of the RPC protocol by DCOM.
  
• The load balancer should support a least-connections-based Load balancing mechanism. This means that the load balancer will rank all Office Communications Server servers based on the number of outstanding connections to each of them. This rank will then be used to pick the Office Communications Server to be used for the next connection request.
  
• The load balancer must allow for adding and removing servers to the pool without shutting down.
  
• The load balancer should be capable of monitoring server availability by connecting to a configurable port for each server.
  

  Important:
  The monitor for ports 135 and 444 should open TCP connections to port 5060 or 5061 for determining server availability. Attempting to monitor ports 135 and 444 on the servers will cause the load balancer to incorrectly detect these servers to be available because these ports are open even though Office Communications Server is not running.

   

Office 2008 for Mac SP1 is here

Office 2008 for the Mac Service Pack 1 is available. http://www.microsoft.com/mac/downloads.mspx?pid=Mactopia_Office2008&fid=395D1487-A3A6-4106-A0F8-4D6E1D6D89D2#viewer 

This update contains several improvements to enhance security, stability, and performance, including fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer's memory with malicious code. For detailed information about this update, please visit the Microsoft Web site.

Cached Mode

Cached Exchange Mode was introduced with Outlook 2003. When an Outlook account is configured to use Cached Exchange Mode, Outlook works from a local copy of a user's Exchange mailbox stored in an Offline Folder file (OST file) on the user's computer, along with the Offline Address Book (OAB). The cached mailbox and OAB are updated periodically from the Exchange server. At the same time, Outlook 2003 maintains an online connection to a remote copy of your mailbox in Exchange Server.

The time that is required to complete the initial synchronisation between Outlook 2003 and Exchange Server 2003 depends primarily on the size of the mailbox and on the speed of the connection to the Exchange Server 2003 computer.

Access to all data is not available until the initial synchronization is complete. Therefore, it is recommended that a fast connection is used when Cached Exchange Mode is started for the first time for each user.

After the initial synchronisation is complete, Outlook 2003 would keep the local copy up to date automatically. If a change was made to the data on the server, Outlook 2003 would be notified to synchronise the changes. Changes on the server may occur if a new message was received, or if another client made a change to existing data. If changes are made to the local data, Outlook 2003 synchronises those changes with the server automatically. This process occurs in real time and does not require user intervention.

Outlook 2003 Cached Exchange Mode offers the following benefits:

·         After messages have been cached locally, typical user operations do not cause interactions that block the server. Marking a message as read, replying, and editing require a small amount of data to be pushed up to the server to keep the mailboxes synchronised. However, the pushing of data occurs in the background. This behaviour causes much faster access to messages and to attachments, because work is done from the local copy instead of the server copy.

·         Cached Exchange Mode causes no loss of conventional functionality. New e-mail notifications, full Global Address List details, free/busy lookup, public folder access, and delegate support function as expected. However, this is true only when a network connection to an Exchange Server computer is present. 

·         Cached Exchange Mode provides intelligent use of bandwidth. This functionality is enabled by synchronising only headers on slow connections (connections that are slower than 128 kilobits per second [Kbps]). This functionality works only when a network connection is present. 

Additionally, Cached Exchange Mode offers administrators the following benefits:

·         Reduced server load. After messages are cached locally, re-opening the same message does not require server transactions. 

·         Reduced network load. After messages have been pulled over the network one time, subsequent access to those messages does not cause additional network traffic. Because messages are also compressed, there is an additional reduction on network load. 

 

When and who should run cache mode? It all depends on the cache size and performance of the local pc.

http://technet.microsoft.com/en-us/library/bb738147.aspx

 

Effect of Online Mode Clients

Unlike Cached Exchange Mode clients, all Online Mode client operations occur against the database. As a result, read I/O operations will increase against the database. Therefore, the following guidelines have been established if the majority of clients will operate in Online Mode:

• 250 MB Online Mode clients will increase database read operations by a factor of 1.5 when compared with Cached Exchange Mode clients. Below 250 MB, the impact is negligible.
  
• As mailbox size doubles, the database read IOPS will also double (assuming equal item distribution between key folders remains the same).
  

The following graph illustrates IOPS based on mailbox size.

Database read IOPS increases as mailbox size increases

 

Testing has also shown that increasing the database cache beyond 5 MB per mailbox will not significantly reduce the database read I/O requirements. The following graph depicts 2-GB mailboxes using Online Mode clients and the effect increasing the cache beyond 5 MB has on reducing the database read I/O requirements.

Database read IOPS decreases cache size per mailbox increases

 

As a result of this data, two recommendations can be made:

• Deploy cached mode clients where appropriate. See the "Item Count per Folder" section below for more information.
  
• Ensure that the I/O requirements are taken into consideration when designing the database storage.
  

For additional IOPS factors, such as third-party clients, see Optimizing Storage for Exchange Server 2003.

 

 

PST/OST Encryption

The best way to secure a PC is physical access. If someone can gain access to your PC then the job of hacking has been made easier. If a user gains access to a PC that is part of a network and logged in then what access do they have? Everything. This includes mail. Outlook is logged in with pass-through authentication and users can gain access to mail. If this computer is not joined then user credentials are provided to login to Outlook. One of my customers just asked if they had access to PST/OST files can they open? Yes they can be opened. PST/OST provide compression (which can obscure data) but they do not provide encryption. Encryption should be accomplished on the drive with EFS, Bit Locker or some 3rd party hard drive encryption tool.

OCS Ignite Tour (IT PROS)- Get Trained!!

As a valued member of the Microsoft community, we would like to extend to you an official invitation to an Office Communications Server 2007 Ignite event! 

This 2-day hands-on technical workshop is intended to provide you with key information regarding Office Communications Server 2007.

Topics:

Event Dates:

So how do I scale OCS conferencing?

This question always comes up during the ADS. The problem is there isn't a magic bullet. Each customer will have a different user model that will dictate scale for their environment. The product team on development of OCS looked at core customer data to determine sizes of web conferences. Most conferences are quite small (4-6 participants). In fact in mining data from Live Meeting we found that over 80% of meetings had 20 or fewer participants. Beyond that we found that 99% of all meetings had under 100 participants. So that being said we looked at a model with 250 participants. This is not hard-coded and meetings can be more. In order to test and have a user model we used 250 users. How did we determine this? We too the total number of users (50,000) and multiply that by concurrency rate (5%). That gives us the total number of users we expect at any given time. This was 2500 users. If we have two Conferencing servers this 1250 users per server. One scenario we did with this was to use 6 participants per meetings and we could scale 610 meetings per server.

You will probably hear that 250 is the limit. It isn't. If I have a conference with 250 users and I add one more to the conference all is fine. The limitations of conferencing are your CPU and memory. When we tested we used dual proc/dual core systems with 4 gigs of memory.

You can have large amounts of web conferences in your OCS architecture and it can be scaled well beyond our tested architecture. Other limits to be aware of are things like IT resources. If you have large 1000 participant meetings do you have a helpdesk to support these request. So there is a lot more than just looking at server scale for this...

Take care till next time.

Let's have a little Focus

I figured I'd talk a little about the OCS conferencing architecture in this blog. The OCS Conf architecture consist of 3 main components: The focus, focus factory, and the MCUs. The Focus is the traffic cop. It is a conference state server that coordinates all aspects of a conference. The focus runs in the user services module on all FE servers. A separate instance is used for each "active" conference. The Focus is responsible for authenticating particpants for a conference, managing roles, managing conference state, calling for the MCUs, Maintaining SIP signaling between participants and MCUs, activating conferences, and accepting subscriptions to conference.

When a new media type is introduced into a conference the focus is responsible for calling the MCU and establishing connections for the new client and new media. This happens to all clients when new media is introduced.

The focus factory is used to create, delete, and modify meetings in the conference database. The focus factory receives a SIP SERVICE message with C3P cmds in payload from the client. The focus factory updates the database with a new meeting and sends the conference URI to the client.

There are 4 different MCU or conferencing servers for OCS:

• A/V
• Web Conferencing
• IM Conferencing
• Telephony Conferencing.

The A/V provides for multilparty audio and video mixing and relaying using RTP.

For IM the MCU provides for multiparty IM. Up to 100 participants.

For Web Conferencing this server component manages all aspects of the web conference including the ppts, document sharing, whiteboarding, app sharing, polling, q&a, etc. The web conferencing server using PSOM (Persistent Shared Object Model), a live meeting protocol, for operations including slide uploading to the web conference.

Mac Client for OCS Released

The Beta period is over. Mac client has released. It can be downloaded here; http://www.microsoft.com/mac/downloads.mspx?pid=Mactopia_Messenger 

The key features for both Corporate and Personal are:
Corporate Features:
•    For corporate Mac users, increased support for Office Communications Server 2007 make it easy to search a corporate address book from within Messenger and quickly find internal contacts.
•    Corporate Mac users with Office Communications Server and Messenger for Mac 7 installed on their corporate network, can participate in face-to-face meetings with co-workers.
•    New features and “presence” enhancements in Messenger for Mac 7 include the ability to add a personal message to corporate Mac users contact information.
•    With an improved connection to an organization’s Global Address List, users can search the corporate address book from Messenger for Mac 7 to quickly find internal contacts.
•    Take advantage Mac OS X Bonjour instant networking technology to let you see which contacts are available to connect on your local network.

Personal Features:  
•    Conveniently and instantly share files and gather feedback.
•    Messenger for Mac 7 takes advantage Mac OS X Bonjour instant networking technology to let users see any available contacts located on their local network.
•    Find a contact, just search, click and connect using the new contact search tool.  
•    Keep track contacts by assigning nicknames even as friend/family members are changing their screen names.

Wild Card vs. UC Certificates

Exchange 2007 and Office Communications Server 2007 have strict requirements for x.509 certificates..Wild card Certificates can't be used as these will break TLS for the edge servers. The edge servers need FQDN for proper operation. This can be accomplished with SANs. Multiple SANs can be supported with UC certificates.

Our KB article (kb929395) lists some of the providers of these UC certs....http://support.microsoft.com/kb/929395

iPhone Enterprise Beta

Quality of Experience with OCS

The Quality of Experience (QoE) Monitoring Server enables you to perform near real-time monitoring and service assessment of unified communications media. http://www.microsoft.com/downloads/details.aspx?FamilyID=09115944-625f-460b-b09c-51e3c96e9f7e&displaylang=en

The QoE Monitoring Server is a new server role for Microsoft Office Communications Server 2007 Standard Edition or Enterprise Edition. It provides the information that you need in order to better understand the media quality that your users are experiencing in your Office Communications Server 2007 deployment. With QoE Monitoring Server, you can do the following:

Gather statistics on media quality of locations or based on a grouping of subnets

• Proactively monitor and troubleshoot media quality of experience issues
• Perform diagnostics to diagnose VoIP user complaints
• View trends which can help you with post-deployment growth and measure results against the service level agreement

The QoE Monitoring Server collects quality metrics at the end of each VoIP call from the participant endpoints, including IP phones, Microsoft Office Communicator 2007, the Microsoft Office Live Meeting 2007 client, and Microsoft Office Communications Server 2007 A/V Conferencing Server and Mediation Server. These quality metrics are aggregated and stored in a SQL database. The data can then be used to alert you to abnormal media quality conditions and also to generate routine media quality reports.

What's New for Entourage 2008

Entourage 2008 has shipped and my customers are asking questions. What's new? How can deploying Entourage 2008 for my Mac community help me? I would first direct you to Amir's Blog. Amir did an excellent writeup on Entourage 2008. http://blogs.technet.com/amir/archive/2008/01/27/entourage-2008-new-features.aspx

 The key updates for Exchange:

• Free/Busy - can use Availability Service vs. WebDAV
• Delegated Rights Management via CAS instead of direct MAPI
• Support for Managed Folders
• Support for Message Classification.

Client Data for Exchange 2007

In Outlook 2003/Exchange 2003 we had a great whitepaper on bandwidth and network requirements. It's here: Exchange 2003 Whitepaper.

We've updated our guidance for Outlook/Exchange 2007 - it is available at http://msexchangeteam.com/archive/2008/04/10/448668.aspx