Simple hybrid voice deployments with Sonus

Simple Hybrid Voice Deployments

Matt Hurst

Technical Director EMEA

Firstly…..Why CCE Hybrid?

SfB with PSTN/EV Deployment Options

“Cloud PBX”in Office 365

PSTN services provided by

Microsoft

User homed on ‘Cloud PBX’ in

Office 365

PSTN via On Prem CCE &

SBC

Skype for Business Server

and PSTN services 100% on-premises

Online Hybrid On Premises

TDM PBX/IP-PBX &

Voicemail

Analog phones

Analog fax

machine

Local SIP

Carrier

PSTN

SIP Trunk

to ITSP #2

“Drop in” installation

Painless interconnect to PBX and Skype for

Business O365, enabling co-existence and simple

migration using AD

Legacy Support

Analogue and FAX tightly integrated

SBC Functionality

Security & Demark Protocol and transcoding

support

SIP Registrar

Standard SIP devices can register and interconnect

CCE

Office 365Microsoft Office and Exchange

Hybrid Benefit - Integration & Migration

5

ITSP UK

Multi-Site, Multi-Country, Mixed Deployments

Multi-Site Deployments using Hybrid

• Meet local regulatory requirements

• Provide integration to each site’s needs

• Maintain or choose provider country by country

CCEOffice 365

Microsoft Office and Exchange

London

ITSP

Japan

CCE

TokyoPSTN

New York

6 Confidential and Proprietary – NDA use only

• Set of 4 VMs (Domain Controller, Central Management Store, Mediation and Edge server) installed on customer hardware

• Enables Cloud PBX users to use on-premises PSTN / PBX resources

• Supports up to 50 or 500 concurrent calls

Microsoft Cloud Connector Edition

(CCE) is software that provides PSTN and PBX connectivity

through Office 365

• Windows Server 2012 R2 ISO image (Standard or Data Center edition)

• Local server administrator account with permissions to install / configure Hyper-V on host servers

• Qualified SBC/Gateway (minimum of two recommended)

• Internet / Express Route connection for deployment

General Requirements

What is Microsoft Cloud Connector Edition (CCE)?


User and call control in O365

Mediation server and SBC/GW on premise

Placed in DMZ

2 NICs’ one DMZ, other internal for media

One CCE per Tenant

Media is kept local provided the recommended firewall rules are used

CCE Architecture


A Minimal Topology (minTop)– The minimum components required to run a

Mediation server

No SBA

No local users / registrar

Could change in future releases

– Fixed set of 4 VM’s

– Automatically updates

– 100% managed through O365

No local administration other than deployment

– Independent from Company AD etc

Separate dedicated forest and DNS zone

CCE Virtual Machine Details


CCE is stateless– Calls are load balanced across

multiple CCE’s in a site

– If the CCE goes down the calls are re-built on the remaining devices

– SBC/GW’s work in Active / Active to CCE

High Availability


Each user is configured with “Gateway Affinity”

All calls will be made and received through the users home site, even when traveling

Multiple Sites


Internal Firewall Rules

Source IP Destination IP Source Port Destination Port

Cloud Connector

Mediation component

SBC/PSTN Gateway Any TCP 5060**

SBC/PSTN Gateway Cloud Connector

Mediation component

Any TCP 5068/ TLS 5067

Cloud Connector

Mediation component

SBC/PSTN Gateway UDP 49 152 – 57 500 Any***

SBC/PSTN Gateway Cloud Connector

Mediation component

Any*** UDP 49 152 – 57 500

Cloud Connector

Mediation component

Internal clients TCP 49 152 – 57 500* TCP 50,000-50,019

(Optional)

Cloud Connector

Mediation component

Internal clients UDP 49 152 – 57 500* UDP 50,000-50,019

Internal clients Cloud Connector

Mediation component

TCP 50,000-50,019 TCP 49 152 – 57 500*

Internal clients Cloud Connector

Mediation component

UDP 50,000-50,019 UDP 49 152 -57 500*

Firewall Considerations

External Firewall Rules

Source IP Destination IP Source port Destination port

Any Cloud Connector

Edge External

Interface

Any TCP 5061

Cloud Connector

Edge External

Interface

Any Any TCP 5061

Cloud Connector

Edge External

Interface

Any Any TCP 80

Cloud Connector

Edge External

Interface

Any Any UDP 53

Cloud Connector

Edge External

Interface

Any Any TCP 53

Cloud Connector

Edge External

Interface

Any UDP 3478 UDP 3478

Any Cloud Connector

Edge External

Interface

TCP 50,000-59,999 TCP 443

Any Cloud Connector

Edge External

Interface

UDP 3478 UDP 3478

Cloud Connector

Edge External

Interface

Any TCP 50,000-59,999 TCP 443

From Skype for Business On Premiseto Cloud PBX with CCE

13

Skype for Business On Premise

Confidential and Proprietary

Skype for BusinessUser


Front-End role

PSTN PSTN GWSonus EDGE

Mediation role

DomainController

CentralManagement Store (CMS)

EDGE role


External

Firewall

14

From OnPrem to Cloud Connector Edition




Front-End role

PSTN PSTN GWSonus EDGE

Mediation role

DomainController

CentralManagement Store (CMS)

EDGE role


DomainController

Skype for BusinessOnline user in

internal network

Skype for BusinessOnline user in internet

Skype for BusinessOnline infrastructure

External

Firewall

Internal

Firewall

Cloud PBX

Sonus CloudLink


Sonus Cloud Link Appliance

Independently tested, award winning low to mid-range capacity Session Border Controllers for enterprise premise deployments

SBC 1000 & SBC 2000CCE Offering

Up to 500 CCE sessions on a single appliance

– COM Express module (“ASM”) with state of the art server class CPU, memory, SSD

– SBC capacity up to 600 sessions

Unparalleled TDM and analog port options

– 16 PRI, 48 FXS in single appliance

– Rich PRI, FXS, FXO, BRI port mix

Easy configuration wizard to speed CCE deployment

Secure architecture to minimize service disruption


Sonus SBC 1000/2000

CCE ASMSBC

Ethernet

Private protocol over internal Ethernet

Web Server

WS2012 R2 Base OS

FXS FXO BRI PRI

How Does Sonus Cloud Link Work?

UX Comms runs on the base OS– Deploys and manages the VM’s

– Provides information back to the SBC UI for operational status

UX

Comms


Sonus SBC 1000/2000

CCE ASMSBC

Ethernet

Private protocol over internal Ethernet

Web Server

WS2012 R2 Base OS

FXS FXO BRI PRI

Auto Update - Sonus Cloud Link CCE

4 VM’s are running on the previous release

Host CCE process downloads new VM’s

New VM’s are brought up – grace license. Old VM’s are shut down

V-Switch is moved to the new VM’s

UX Comms is notified about the update – UI is updated

UX

Comms X

20

ASM CPU:

– 8 Cores, 16 thread “Broadwell” Xeon® CPU

for embedded platforms

– SSD 512GB HDD

• ASM Server blade CPU is LATEST Technology

• We offer 16 threads within the Broadwell CPU

• We can allocate enough vCPU threads to the Mediation server (Media Transcode for CCE)

• We allocate 1 x vCPU thread for the other 3 MV’s

• + 1vCPU x 4VM during Auto-Update = 16 vCPU threads

• Therefore we can SCALE correctly to the 500 sessions (vCPU threads to Mediation VM determines

this) even during auto-update – no performance impact during auto-update.

• No sharing of vCPU threads (Thread sharing between VM’s can have serious performance impact)

Application Solution Module (ASM) for Cloud Link Cloud Connector Edition Deployments

21

Cloud Connector Edition – SBC1k Architecture

22

Cloud Connector Edition – SBC 2k Architecture

CCE Appliance Benefits

24

Non-Sonus Cloud Connector Edition Installation is Lengthy

* Source: https://blogs.technet.microsoft.com/nexthop/2016/05/11/cloud-connector-edition-smaller-hardware


Installation understand process follows Microsoft® Cloud Connector Edition installation instructions

– Get CCE bits (Hyper-V, CloudConnector.msi, Windows Server ISO) on Host Server (~40 min)

– Create virtual switch adapter (5 min)– Create VHD using CloudConnector.msi and

WS2012R2 ISO (4 hours)– Complete an answer file (.ini) with customer

information (45 fields, 20 min)– Create file share to host certificate and

configuration exchange between Host/VM and HostHA1/HostHA2 (10 min)

– Import certificate for CCE EDGE (~45 min)– Deploy the CCE VM on the host (2 hours)– Configure gateway– Activate your O365 tenant for hybrid capability– Create a PSTN site to assign the user

Install procedure may take 7+ hours at every site (Increased OPEX)

https://blogs.technet.microsoft.com/nexthop/2016/05/11/cloud-connector-edition-smaller-hardware/

25

Sonus Cloud Link – CCE solution 6.1


Faster deployment

CCE Setup Wizard

End User oriented

Partner oriented

HA support

Pre-loaded Package

Easy configuration template

More secure and reliable

Preconfigured firewall

Environment validator

Logs helper

26

Sonus Cloud Link – CCE Setup Wizard

5 straightforward tabs to click through

Key configuration settings

– ASM Configuration

– Generate CSR or Import Signed CSR Easily

– Configure CCE Assign external IP addresses for

Mediation and Edge servers

Configure number of concurrent calls

Configure CCE High Availability (HA)

HA Master

HA Slave

Deploy CCE VM!

Sonus Cloud Link may reduce CCE install time by 5+ hours, with no additional

software downloadsConfidential and Proprietary

27

Enhanced SBC Config Wizards

New SBC Cloud Connector Edition template

Inherits information from CCE– Minimizes time and errors

Customized for your CCE deployment

Optimized for CCE performance

Optimized for CCE security

28

Preparing for CCE deployment

29 Confidential and Proprietary – FOR INTERNAL INFORMATION PURPOSES ONLY

CCE – Network Architecture

External

Firewall

Internal

Firewall


CCE – Network Architecture

External

Firewall

Internal

Firewall


Cloud Tenant, Public Domain and DNS

An Office 365 Tenant with E5, or E3 + Cloud PBX option

Licenses

– Microsoft subscription

A Global or Skype Online Administrator Account on your

Office 365 Tenant

– Can be configured when creating your Office365 account

A public Domain Name associated with your Office 365

Tenant.

– From any vendor and associated on Office365 portal

A public IP for the CCE (Edge External Side).

– Delivered by customer IT or Internet Provider

A DNS Record on the Public Domain forwarding to this

public IP.


CCE Firewall

Internal firewall

– From Intern User to CCE

UDP/TCP 49 152 - 57 500

– From CCE to Intern User

TCP 50,000-50,019

UDP 50,000-50,019

External firewall

– From Public to CCE

TCP 5061

TCP 443

UDP 3478

– From CCE to Public

TCP 5061

TCP 80

UDP/TCP 53

UDP 3478

External

Firewall

Internal

Firewall


Certificate

A certificate (X509) is:

– An electronic “passport" signed by an Authority

– Allowing to exchange information securely over a network

– Using a Trusted Chain (PKI).

– Allowing to link a Public Key to an FQDN (or an email)

A certificate contains:

– The Name (FQDN) of the Authority that sign it

– A validity

Not Before

Not After

– The Name (FQDN or email) of the computer or user

– The public Key of the computer or user

CCE Call Flows

36

Cloud Connector Edition


37

CCE – Incoming Call to an Internal User


38

CCE – Outgoing Call from an Internal User


40

CCE – Extern User With Recommended Firewall


Redundancy, Multi Site and Auto-Updates

42 Confidential and Proprietary

CCE – Deployment scenarios

Multi site deployment

45

O365 Tenant organization


HybridPSTN

Site

Tenant

HybridPSTN

Appliance

SiteName

FQDN EDGE

Update Managment

HybridPSTN

Appliance

HybridPSTN

Site

HybridPSTN

Appliance

CCE Hostname

Deployment state

Update state

User 2User 1

46

O365 Tenant organization


HybridPSTNSite and HybridPSTNAppliance are created

automatically when registering CCE during deployment

They can be display and managed from Office365 Tenant

Powershell:

All the HybridPSTNAppliance on a site are High Availability

– User will use randomly the HybridPSTNAppliance

All the HybridPSTNSite are independant

– If all the Appliance on a HybridPSTNSite are down, User assigned to

this HybridPSTNSite loses service

47

Auto-Update – IMPORTANT!!

User configures the tenant HybridSite with time window

Can NOT be stopped – Default is ANYTIME!

Will be executed 1by1 on HA deployment

Windows Update

– Apply update VM

– Drain Call

– Reboot VM

– Apply Update Host

– Reboot Host

CCE Update

– Build a new set of 4 VM from scratch

– Once new set is ready, retire the previous version pack of VM

https://support.sonus.net/display/UXDOC61/Managing+Your+Office+365+Tenant

UPDATE!

Manual Windows OS Updates now

supported:

https://technet.microsoft.com/EN-

US/library/mt740658.aspx

https://technet.microsoft.com/EN-US/library/mt740658.aspx

48

O365 Tenant Portal – Checking Update Status


Basic information about Site and Appliance:

Basic User management:

Thank You

Simple hybrid voice deployments with Sonus

Business

Transcript of Simple hybrid voice deployments with Sonus