UCPrimer
  • Tech Blog
  • About UCPrimer.com

Cloud Connector Edition (CCE) 1.4.1 Deployment Walkthru Part 1

8/31/2016

7 Comments

 
Picture
On Aug 22, Microsoft released version 1.4.1 of the Skype for Business Cloud Connector Edition with several new features such as a smaller hardware specification that supports 50 concurrent calls, as well as support for REFER and Forwarding PAI from Mediation Server to PSTN Gateway. Just as a recap, Cloud Connector Edition is a minimum topology of Skype for Business Server comprising of 4 VMs per instance that allows Office365 Skype for Business Online users to leverage existing on-premise PSTN connectivity. This is particularly useful for users in countries where PSTN Calling Service from Microsoft is not yet available, or in cases where users still want to leverage existing on-premise PSTN infrastructure. This blog post is the first part of a series that walks through the setup and configuration of CCE1.4.1 in a lab environment for testing and learning purposes and deploys a single instance of CCE with a single SIP domain.
1. Pre-Requisites
To host a single CCE instance of 4 VMs, the host server needs to be running Windows Server 2012 R2 Datacenter Edition with Hyper-V. Note that VMWare hypervisors are not supported. For a instance of CCE 1.4.1 with minimal hardware supporting 50 concurrent calls, we need the following:

Host Server Hardware:
Intel i7 4790 quad core with Intel 4600 Graphics (no high end graphics needed)
32 GB DDR3-1600 non ECC RAM
2 x 1TB 7200RPM SATA III (6 Gbps) in RAID 0 Storage
2 x 1 Gbps Ethernet (RJ45) network

Host Server Software:
Windows Server 2012 R2 Datacenter Edition running on the host machine
Windows Server 2012 R2 Standard Edtion ISO image file to build the VMs
Skpe for Business Online Powershell Module - download from http://www.microsoft.com/en-us/download/details.aspx?id=39336
CCE 1.4.1 installer - download from http://aka.ms/getcce141

In this lab we are using a 60-day trial Office365 E5 tenant which can be obtained from the Microsoft website. We also need a public DNS domain for our tenant which we obtained from GoDaddy. One of the first tasks here is to add the public DNS domain to our tenant by clicking on the "Add a Domain" button in the Office365 Admin Portal home page and a wizard will guide you through the setup which is fairly straightforward. The advantage of using a DNS domain from GoDaddy is that the setup process can automatially create the necessary DNS records if you enter the GoDaddy admin credentials. Once completed, you should have the following DNS records created in your DNS Zone:
Picture
A public SSL certificate is required on the Edge Server VM's external network interface. In this lab, we are using DigiCert as our SSL Cert provider and they provide a great free tool called the DigiCert SSL Utility for creating and managing SSL cerfificates. For this external Edge SSL certificate, we cannot use sip.<sipdomain.com> as the SN as that is reserved by the Office 365 infrastructure. For this lab, the certificate details are simply:
        SN: ap.sgpolycomlab.com
        SAN: sip.sgpolycomlab.com, ap.sgpolycomlab.com
We can use the DigiCert util to first create the CSR and then submit the CSR to DigiCert:
Picture
After DigiCert has issued the SSL certificate, we import it back into the DigiCert Utility and then epxort the cert along with the private key as a .pfx file. We then save this file to the host server for use later during VM preparation:
Picture
On the host server, we need to enable the Hyper-V role and assign 2 NICs to the virtual switch. The host server should sit in the peimeter network with one NIC connected to the internal corporate network and the other NIC to the internet facing network. The firewall rules for the internal and external firewalls are well documented in this article https://technet.microsoft.com/en-us/library/mt605227.aspx and thus not repeated here. We use the recommended names for the NICs as follows:
Picture
Finally, its worthwhile noting that CCE1.4.1 does not support any on-premise dial plans as there is no registrar component in the instance. All CCE users must be assigned the online dial plan by running the following cmdlet on the tenant:
    set-CsHybridTenantConfiguration -tenant <TenantID> -useOnPremDIalPlan $false
Picture
2. Preparing to Deploy CCE
Once we have installed the CCE bits on our host machine, we can run several powershell commands to make sure the installation was successful. The following commands will return a list of CCE related cmdlet as well as retrieve the default directory locations used by CCE such as SiteDirectory and the ApplianceDirectory:
Picture
Now is also a good time to place the Windows Server 2012 R2 Standard ISO image file and the SSL certificate .pfx file into the root directory C:\users\administrator\CloudConnector but of course you can choose any other desired directory. Then set the certificate path by running Set-CcExternalCertificateFilePath -Path <Full path to External certificate, including file name> cmdlet.

Next, we can start downloading the necessary CCE bits using the Start-CcDownload cmdlet. Note that the SfB CCE Corpnet Swtich must have internet connectivity for this to work. This may take some time so feel free to go for a lunch break after initiating the download:
Picture
 3. Customizing the CloudConnector.ini file
The .ini file should be located in the ApplianceRoot directory and we can start customizing it using the sample .ini file created earlier. The full description and explanation of the parameters can be found in this article https://technet.microsoft.com/en-us/library/mt740649.aspx and we have used the defaults for many of these parameters and hence only the important ones will be highlighted here:

For the minimum hardware configuration supporting 50 concurrent calls:
[Common]
HardwareType=Minimum

Specify the local AD domain and SIP domain. The recommendation is to use .local for the AD domain
;Domain(s) of SIP URIs used by company users.
;Domain(s) registered on O365.
;Support multiple domains seperated by space. First domain is the default used.
;for phone URI.
SIPDomains=sgpolycomlab.com

;Domain DNS suffix for the Skype for Business Cloud Connector Edition itself.
;Virtual machines CMS, Mediation server join this domain.
;Can be local (e.g. does not need to be in public DNS)
;MUST be different with domain(s) registered on O365
VirtualMachineDomain=sgpolycomlab.local

Set the default gateway and DNS for Corpnet Switch to be able to download the necessary bits for building the VMs
;Default gateway in Corpnet
;Corpnet default gateway enables automatic updating the servers from the Corpnet
;It must be configured for Convert-CcIsoToVhdx to convert windows ISO file to VHDX file
;Corpnet default gateway will allow BaseVM to connect to internet and install window update packs
CorpnetDefaultGateway=<Default GW for Corpnet>

;DNS IP addresses for corpnet. Use space as separator if there are multiple addresses
;This setting is necessary for OS update when WSUS servers are not configured, or they are specified using domain names
;This DNS IP address will be added as a forwarder on the AD server
;During Convert-CcIsoToVhdx, this DNS IP address will be assigned to corpnet connection network adapter
CorpnetDNSIPAddress=10.222.210.51

Set the DNS server for the Edge external interface. This should ideally point to a DNS Server in the perimeter that can resolve internet addresses. If we do not set this, the default DNS will be the CCE AD DNS server. This may cause issues if the PSTN Gateway is also using the same FQDN as the SIP Domain and the CCE AD DNS server will make it authoritative for that zone
;Internet DNS IP address for resolving _sipfederationtls._tcp.<domain> and _sip._tls.<domain>
;This DNS IP address will be assigned to internet connection network adapter on Edge server
;The Edge server must be able to resolve public DNS records for the O365 Sip Domain
;If Gateway FQDN uses O365 Sip Domain in name for TLS purposes, be sure to set this IP Address to allow Edge to resolve these records
InternetDNSIPAddress=10.222.209.51

Set the name of the Edge Pool which must match the SN of the SSL certificate created earlier:
;Pool name which will be used to generate pool fqdn. It can NOT contain .<DomainName>
;FQDN of the Edge Pool external interface for SIP traffic must resolve to
;IP addresses on external interfaces of all edge servers (one
;A record per server) or to the VIP of HLB (if HLB is used for SIP traffic).
;The suffix of this FQDN should be the default (first) internal domain.
;The "sip" prefix is not allowed.
ExternalSIPPoolName=ap

The remaining parameters are for defining the PSTN Gateway and Voice Routes. In this lab we are using an Asterisk IP-PBX to emulate a gateway and using a LocalRoute to route calls to it. Since we are only using 1 gateway we remove the section for the 2nd gateway. 
;Parameters for gateway
;If only one Gateway is needed, remove entire [GateWay2] section. Don't keep it but leave values empty.
;If Gateway FQDN uses O365 Sip Domain in name for TLS purposes, be sure to set InternetDNSIPAddress to allow Edge to resolve these records
[Gateway1]

; Gateway FQDN
FQDN=changipstngw.ucprimer.local

;Gateway IP address
IP=10.222.210.70

;Gateway Port
Port=5060

;Protocol for SIP traffic (TCP or TLS)
Protocol=TCP

;List of voice routes used by this gateway.
;Routes are defined in the next section.
VoiceRoutes=LocalRoute


;;;;;;;;;;;;;;;;;;;; Parameters for hybrid voice routing ;;;;;;;;;;;;;;;;;;;;
[HybridVoiceRoutes]
;Named voice route to be used by one or more gateways
LocalRoute=.*

Our PSTN Gateway Asterisk does not support REFER but we can send PAI
;;;;;;;;;;;;;;;;;;;; Parameters for TrunkConfiguration ;;;;;;;;;;;;;;;;;;;;
[TrunkConfiguration]
;Whether Gateways support Refer. It is used for Call Transfer scenario.
;The value can be "true" or "false". Default value is "true".
;EnableReferSupport set to "true" means the Gateway(s) support Refer which can handle all the call transfer stuffs.
;EnableReferSupport set to "false" means the Gateway(s) don't support Refer. Then Mediation Server will handle all the call transfer stuffs.
EnableReferSupport=false

;Whether forward PAI from Mediation Server to Gateways
;The value can be "true" or "false". Default value is "true".
ForwardPAI=true

4. Conclusion
The remaining customzatons of the CloudConnector.ini file is mainly to specify the IP addresses of the 4VM components of CCE as well as their host names which can be default. This concludes part 1 of this series and in the next blog, we will start building the actual VMs and configuring them for use with our Office365 tenant.
7 Comments
Wojciech
9/14/2016 02:13:29 am

Hi

I have a problem with deploing. Im doing as you describe, but have all the time the same problem.
I got the communicate
"Creating base virtual machine...
Starting base virtual machine..."

and

" Installing operating system. Elapsed time: XXX seconds...
Processing"
and nothing happend. I checked and base VM has bee created started and nothing is happend.
Where can be the problem?

BR

Wojciech

Reply
Brennon link
9/19/2016 11:03:05 pm

Hi Wojciech

The process you described will be explained in Part 2 of this series of blog posts. It will be posted very soon so please read it and then see if it helps to resolve your problem.

Reply
Wojciech
9/21/2016 04:52:32 am

Thanks. I'm waiting , it is very frustrating , I tried to build so many times, changed so many things and still stack in the same place.

Reply
Greg
10/6/2016 07:21:25 pm

Why when I run the cloudconnector.msi installer does it not create all the cmdlets as per the Technet guide. Installer works, and service is created and running but no cmdlets via Get-commands *-Cc*

Reply
Brennon link
10/8/2016 01:05:04 am

Hi Greg

The cmdlets should be in the
C:\Program Files\WindowsPowerShell\Modules\CloudConnector

directory. If they are missing I would suggest uninstalling and reinstalling the CloudConnector.msi and see if that helps

Reply
SkypeCCENoob
11/18/2016 03:30:44 am

Bravo,
Wow Microsoft actually need to give this guy a job.
As the documentation over at MS is decentralized and so in-consistent and incomplete it beggars belief.
This is the first place where sanity actually reigns with a decent walkthough.
Well done

Reply
John
11/29/2016 02:07:54 am

Can you deploy successfully with CCE 1.4.1 recently?
I prepare VM have 10GB only and window update not good... .net 3.5 can't be install. Many error on 1.4.1.

Reply

Your comment will be posted after it is approved.


Leave a Reply.

    Picture
    Picture

    Important Links

    Microsoft Teams Docs
    Microsoft Learn

    ​Microsoft MVP Blogs

    Michael Tressler’s Blog
    Michael’s MTR Quick Tip Videos
    Jimmy Vaughan’s Blog
    Jeff Schertz
    Adam Jacobs
    James Cussen
    ​Damien Margaritis

    Archives

    September 2022
    August 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    June 2021
    April 2021
    March 2021
    December 2020
    October 2020
    September 2020
    August 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    March 2019
    November 2018
    October 2018
    September 2018
    August 2018
    June 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    August 2017
    July 2017
    April 2017
    March 2017
    February 2017
    January 2017
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    January 2016
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    September 2012
    August 2012

    Categories

    All
    Edge
    Exchange 2013
    Hybrid
    Lpe
    Lync 2010
    Lync 2013
    Mobility
    Oauth
    Office365
    Polycom
    Ucs

    RSS Feed

    This website uses marketing and tracking technologies. Opting out of this will opt you out of all cookies, except for those needed to run the website. Note that some products may not work as well without tracking cookies.

    Opt Out of Cookies