Microsoft Office Communications Server 2007 R2 – Part I

Office Communications Server, which provides integrated voice, conferencing, IM, and telephony, is one of those products that are difficult to explain in simple terms. It takes a brave man to take on the task, and to provide a simple guide to installing it: Luckily for us, Johan is that man. In the first of a series, he explains what it is, how it benefits your enterprise, and how to make it happen.

What can you do with it?

With Office Communications Server, OCS for short, you are able to provide instant messaging, presence and enterprise voice functionality to your users. Well you may think, “that’s nice but what does it really mean?” In this series of articles I will explain the various features of OCS and how you can install and use them.

History

First let’s jump back in time, because OCS has a history. On the 29th of January 2003 Microsoft launched Live Communications server. You may wonder why Microsoft did this? In Exchange 2000 there was the Exchange Instant Messaging Service which provided only instant messaging functionality to users, but since Exchange 2003 the capability is removed from Exchange. That’s why Microsoft launched Live Communications Server (LCS).

The first version of LCS was called LCS 2003 and did have instant messaging, presence, and voice functionality. Windows Messenger 5.0 was the client that users used to connect to the LCS server.

The next version of LCS was called LCS 2005 and was launched in 2005. The big difference between 2003 and 2005 was that it provided remote user access and had the option to store the database on a SQL server. Also this version of LCS was the first one that was available in standard and enterprise edition. With this version Microsoft also made a new client available the Microsoft Office Communicator (MOC) 2005. The difference between the Windows Messenger and the MOC is that it included more functionality for the enterprise which Windows Messenger didn’t have.

In 2007 Microsoft decided to rebrand Live Communication Server to Office Communications Server and launched OCS 2007. This version introduced a lot of new features:

  • Web conferencing
  • Integration with current phone system or connect it to a PSTN via a gateway
  • Video conferencing, in LCS this was only available in a user-to-user call
  • All traffic between clients and server-to-server communication is encrypted
  • Allows synchronization between Exchange, OCS and other enterprise applications
  • Presence information can be seen by other applications such as SharePoint and Exchange

Also with this version Microsoft and partners such as LG-Nortel and Polycom introduced hardware telephones. Some of these modules included a build-in OCS client, like the CX-700.

939-JV1.JPG

Figure 1 Polycom CX700

In February 2009 Microsoft released OCS 2007 R2. This is the first OCS version supported on a 64-bit platform and brought some new features which a lot of people asked for:

  • Response groups
  • Call delegation
  • Team Call
  • SIP Trunk
  • Dial-in conference
  • Group Chat

Terms

Enough about the history of OCS. Let’s explain some terms that are used in OCS:

Instant messaging (IM) is a functionality which can be used to perform real-time communication between users using text messages.

Presence makes it possible for other users to see your current state before they will contact you. States available in the MOC are:

  • Available
  • Busy
  • Do-not-disturb
  • Be-Right-Back
  • Away
  • Offline

SIP (Session Initiation Protocol) is used to perform telephone calls via OCS. SIP is used by almost many other VOIP systems such as Cisco’s Callmanager. Since SIP is unsecure Microsoft recommends using Secure SIP whenever possible. An example of where this can be used is the communication between the Exchange UM server and OCS when a user wants to listen to his/her voice-mail messages. The default port used for SIP is TCP/UDP port 5060, for Secure SIP, also called SIP/MTLS (Secure Initiation Protocol/Mutual Transport Layer Security), this is port 5061.

RTSP stands for Real Time Streaming Protocol and is used in combination with SIP for video-conferencing. RTSP also has a secure variant which is called SRTSP (Secure Real Time Streaming Protocol).  Since Exchange 2007 SP1, Microsoft supports this on the Exchange UM server so both signaling and media can be secured.

QoE, Quality of Experience, is used for monitoring the quality of both audio and video from the end-user perspective.

Direct SIP-Trunk since OCS 2007 R2 it’s possible to connect the Mediation Server directly to a SIP-trink delivered by an Internet Telephony Service Providers. This has as advantage that you don’t need to buy a voice gateway yourself.  Although you have to keep in mind that you may need to support some analog devices such as a fax and maybe internet backing software which only works with an ordinary modem.

Besides these terms, there are a lot other terms in OCS, they will be explained as they are used during the rest of this article.

Client Devices and Software

To use the functionalities of OCS you will need a client, either a hardware device or software installed in your computer/phone. Below you will find a short overview of available clients:

  • OCS certified hardware, these are hardware devices that are certified by Microsoft for using it together with OCS, for example: LG-Nortel Phones, Polycom phones, Plantronics head-sets.
  • OCS Client, also called MOC which is available for systems running Windows XP SP2, Windows Vista and Windows 7.
  • OCS Attendant R2, this client is designed to be used by attendants who must handle multiple phone-lines and transfer calls to other persons.
  • Communicator Phone Edition, as earlier explained there are hardware devices which contain a software OCS client. This software is called the Communicator Phone Edition and is used on the Polycom CX700 phone, among others.
  • Communicator Mobile, can be installed on several mobile phones and makes limited OCS functionality available on mobile telephones.
  • Communicator Web Access, also called CWA makes it possible to deliver OCS access via a Web application. This has an advantage that not each client has to install the client on his/her computer.

Server roles

As with Exchange, OCS has also several roles to deliver services to end-users, in the following chapters I will give a short overview of the server roles and what the functionality of each role is:

Front End server

An OCS environment can have one or more Front End servers. These servers are responsible for delivering instant-messaging, presence and enterprise-voice to the end-user. All OCS enabled users will be placed on a Front End server. There is one exception for this, when using the Front End server as a director it will only do user authentication and therefor will not have any user hosted on it. With the director you can create an extra layer of security by letting only the Edge Server communicate with the Director. The director will then contact the Front End server(s) where the user is hosted.

Delivering OCS services is done by publishing services/applications. The pool can publish the following services/applications:

  • Front End, provides login functionality, IM and voice capabilities to users and ensures that calls are routed to the Exchange 2007/2010 Unified Messaging Server Role when configured.
  • IM Conferencing, provides server-managed group IM, this is used if you add multiple people to one instant messaging chat.
  • Telephony Conferencing, provides audio conference integration so users can setup telephony conferencing
  • QoE agent, this application can be used to monitor the Quality of Experience. For this you will need a monitoring service deployed in your OCS environment.
  • Conferencing Attendant, makes it possible for users to dial-in to a conference for the audio part.
  • Conferencing Announcement Service, this application will play sounds when users enter/leave the conference and will let users know if their microphone is muted/unmuted.
  • Response Group Services, makes it possible to route calls to the correct persons and has the option to create queues. This will add an extra web-based administrative tool which will let administrators or delegates create and modify queues.
  • Outside Voice Control. Provides call control functionality for mobile phones that are not enabled for enterprise voice. If you want to offer this functionality then first implement this before installing the clients on the mobile devices.

Mediation server

The mediation server is responsible for the communication between the voice gateway and the Front-End server(s). The mediation server will convert traffic which comes from the Front-End server(s) from SIP/MTLS to SIP/TCP and decodes SRTP to RTP.

In OCS 2007 R2 it’s also possible to connect your OCS environment to a direct SIP-trunk which has an advantage that the voice gateway is not necessary anymore at a customer site but will be provided by an Internet Telephony Service Provider. The SIP-trunk must be from one of the OCS certified providers.

Edge server

Just as like the Edge Transport server in Exchange, the Edge server from OCS must be placed in a DMZ. This will be secure by a reverse proxy in front of the Edge server. On the Edge server several services are running:

  • Access Edge Service, this service will give internal and external users the possibility to connect to each other via one secured connection.
  • Web Conferencing Edge Service, this service will make it possible to invite external users for Live Meetings.
  • A/V Edge Service, this services makes it possible to share audio and video with external users, this service will also give users the capability to share their desktop with external users and vice versa.

Communicator Web Access server

This server makes it possible to publish a web based OCS client for internal and external users. This makes it possible for users who don’t have the OCS client installed to use some OCS functionalities.

Archiving server

Some companies are bound to compliance rules and therefor will need to archive e-mails, documents, etc. For these companies, there is the archiving server which makes it possible to archive instant messaging conversations. These conversations are saved in a separate SQL database. In the previous version of OCS this database was used by both Call Detail Records (CDR) and archiving.

Monitoring server

This is a new server role in OCS 2007 R2. It’s responsible for monitoring the OCS environment. Besides this the CDR is placed on this server and will give you the following features:

  • Direct access to an overview of placed/received calls
  • Possibility to generate reports
  • Possibility to export data to other systems for billing purposes.

All data is written to a SQL database.

Group Chat server

Along with the Monitoring server, the Group Chat server is also a new role in OCS 2007 R2. This server will make it possible to create chat groups that are always available. This has the advantage that the content which is placed in the chat groups is always available. When you use a group IM chat, this is not the case.

To use this functionality you have three parts:

  • OCS 2007 R2 Group Chat server, this will offer the Group Chat functionality to users the advantage, compared with IM group chat, is that the content of the group chat will remain available. This will give users who join the chat a few hours later the possibility to have a look what was discussed in the group chat previously.
  • OCS 2007 R2 Group Chat Administration tool, administrators can use this tool to create chat rooms and to configure which users have access to it. This tool also can be used by users who are delegates for chat rooms to manage them.
  • OCS 2007 R2 Group Chat, this is a special client which can be used to connect to the Group Chat server.

You can optionally install extra services to archive the content of the chat rooms, which may be necessary for compliance rules.

Building your OCS environment

In the following sections I will describe the steps you will need to perform to build your own OCS environment.

Before starting the implementation have a look at the requirements listed in this Technet document.

Besides those articles, have a look at the Microsoft Office Communications Server 2007 R2 Planning Tool which can be downloaded for free.

Let’s build

In Figure 2 there’s an overview of the environment we are going to build:

939-JV2.JPG

Figure 2 Overview of environment

Before implementing the OCS servers we have the following servers already in place:

  • OCSDC, which is the domain controller for the ocs.local domain
  • OCSIS, the ISA server which protects the corporate network

Keep in mind that when you would like to use OCS on the internet you must select a publicly visible SIP domain and not an internal only visible SIP domain.

In the following chapters we will add the following servers:

  • OCSSTD, the OCS 2007 R2 Front End Server
  • OCSMED, the OCS 2007 R2 Mediation Server
  • OCSEDG, the OCS 2007 R2 Edge Server

Front End server

We will start with the implementation of the Front End server named OCSSTD. Before starting the setup we will install the prerequisites using the script below:

Ocsprereq.cmd

ServerManagerCmd -i Web-Server
ServerManagerCmd -i Web-Metabase
ServerManagerCmd -i Web-Lgcy-Mgmt-Console
ServerManagerCmd -i Web-Mgmt-Compat
ServerManagerCmd -i Web-Windows-Auth
ServerManagerCmd -i Web-Asp-Net
ServerManagerCmd -i MSMQ

If you make the script a lot easier that make it like this:

Ocsprereq.cmd

Servermanagecmd -I web-server web-metabase web-lgcy-mgmt-console web-mgmt-compat web-windows-auth web-asp-net msmq

After this you may also decide to install the Remote Server Administration Tools if you would like to run the schema, forest and domain prep from the OCSSTD server. This can be done by running the following command:

ServerManagerCmd -i RSAT-ADDS -restart

When the remote administration tools have been installed you will need to reboot the server.

Once rebooted we can start installing OCS, so mount the ISO image or put the CD in the server and just let autorun do the work.

After a few seconds Internet Explorer will open with the following screen:

939-JV3.JPG

Figure 3 OCS setup screen

Just click the link Standard Edition to start the setup. It will give you some warnings and will ask for confirmation if you really want to execute this file, acknowledge all the alerts so setup can start.

During the startup process of setup it will check if Visual C++ 2008 runtime is already installed, if not you will be prompted to do so:

939-JV4.JPG

Figure 4 Prompt to install Visual C++ 2008

Confirm that you want to install it, don’t expect to see something happening and just wait till the setup continues to load.  After running some checks to determine the status of the environment, setup will present you the following screen:

939-JV5.JPG

Figure 5 OCS Standard setup

As you can see it gives you an overview of options that are available and the one we need to start with has the color red an is called Prepare Active Directory. Just click it and after a short check setup will open another screen which presents the steps that need to be performed:

939-JV6.JPG

Figure 6 Prepare AD

Before running the first step I recommend to make a backup of your Active Directory this because a “bad” schema update can ruin whole your forest.  First step in preparing the active directory is preparing the schema. For this you will need to be a member of the Schema Admins group. When performing this task from a remote machine, as I do, also ensure that you can access the server that holds the Schema Master FSMO role. When that’s the case, you can just press run to begin the schema preparation.

A wizard will open which will guide you through the schema preparation process. Accept all default settings and then wait till the schema preparation has finished. Once the task is completed click finish to close the window, you will be returned to the previous screen and will see that the task is marked as completed.

Perform the same steps for the forest prep, but have a good look when you select the domain and SIP domain. If you have multiple DNS domains please ensure that you select the correct one to prepare.

939-JV7.JPG

Figure 7 Select SIP domain

After both the forest and domain are prepared for OCS you will see that both tasks will be marked as completed. When you have multiple Domain Controllers in your environment you may want to force replication between the dc’s or just wait till replication has occurred. In our environment this is not necessary because we only have one Domain Controller.

Optionally, you can configure delegates if you like but for now we will leave this setting at the default and will return to the previous setup screen.

In the setup screen you will see that the task to prepare the Active Directory has been marked as completed and so we can continue with Deploy Standard Edition Server.

But before doing this please download this fix for a known issue which may cause the setup program to fail. Once the fix is installed, continue with the steps in the newly opened window.

First we will install the software, for this you need to be a member of the Domain Admins group (or the Enterprise Admins group, or both). During the startup of this installation, setup will check if the Windows Media Format Runtime is installed and if not, setup will prompt you to install it. After it’s installed you can continue with the setup by accepting the license agreement and default path. When you provided the requested information you get one last question, and that is which applications you wish to install on the server:

939-JV8.JPG

Figure 8 Application Configuration

Accept the default and install all of them or just select the ones you need and press Next.

The setup will prompt you to create 2 accounts:

  • RTCService, which will be used as service account for most services
  • RTCComponentService, which will be used to run conferencing, Web component and other server components

Provide a strong password for both of them and keep the passwords in a secure place.

In some environments it may be necessary to configure the account so the password won’t expire. If you don’t do this then you will get in to trouble once the password has expired.

One of the last steps is to provide the FQDN for both the internal and external OCS Farm, if you don’t know the external URL at this moment keep it empty and press Next to continue. Before starting to copy the files, setup wants to know where the database and log files need to be placed. Since OCS Standard Edition uses SQL Express SP2 this will be on the disks of the server itself, keep this default or change it if you like it. Once provided this information, setup will start copying the files.

After a few minutes, setup will finish and will let you know if it succeeded or not. In some cases it won’t, and gives you the possibility to have a look at the log files which can be viewed with Internet Explorer.

Next step will be Configure Server. During these steps we will tell OCS for which SIP domains it’s responsible, it’s possible to add SIP domains if you like, for example the external domain name which you are using. If you have multiple OCS Front End servers, this is also the time to tell OCS if it is responsible for authenticating and redirecting user logons. If you only have one server, please keep the default settings. If necessary, make adjustments in the next step so only specific SIP domains are authenticated by this server or just keep the defaults.

One of the last steps is to decide if you like to configure external access or do it later. Select the option which satisfies your requirements and press Next two times to start the configuration.

Once the configuration is done, it’s time for the certificates which the setup will help you with pretty well. First, generate a certificate request by using the “Create New Certificate” task, this will give you the option to send a request immediately or save it to a CSR file. Fill in the fields with the required information but be careful when providing the subject alternate names. This field needs to contain every name the server will use when providing services to end-users. If not, this will cause issues when users try to connect.

Depending on the option you have chosen, you’ve got a request already sent to a Certificate Authority (CA) or you’ve got a CSR file whose content you will need to provide when requesting a certificate.

When you have received the certificate from the CA you can install it via the task process an offline certificate request and import the certificate. This will open a wizard which will guide you through the steps to install the certificate. After the wizard completes, it will tell you immediately if the certificate is correctly installed or not.

Besides installing the certificate using setup, you also need to assign it via IIS. Just open IIS Manager and select the default website, select the bind option in the right part of the screen, add https and select the same certificate in the SSL certificate part as you just installed.

After replication has completed in Active Directory, it’s time to start the OCS services. Just press the option Start Services and follow the steps the wizard presents to you. When everything goes OK it will give you the following screen:

939-JV9.JPG

Figure 9 Front End services started

Strangely enough the setup won’t install the Administrative Tools by default so if you like to have them installed on the server itself just click the link and install it. With these tools you can only manage the Standard Edition and mediation server. The Edge can be managed via Computer Management.

Once everything is installed I recommend installing the latest available updates. Updates can be downloaded via the Microsoft website or by using Microsoft Update, this last one is an addition to Windows Update.

You will now have a working OCS Standard Edition server which you could use for instant messaging inside the company.  In the next article I will talk about the OCS Mediation Server and the OCS Edge Server which make it possible to connect ‘outside’ your organization and connect to a SIP trunk provider to configure Internet phone services.