Shawn Harry | Lab configuration for CCE in Azure notes
662
single,single-post,postid-662,single-format-standard,ajax_fade,page_not_loaded,,qode_grid_1300,qode_popup_menu_push_text_top,qode-content-sidebar-responsive,qode-theme-ver-10.0,wpb-js-composer js-comp-ver-4.12.1,vc_responsive

Lab configuration for CCE in Azure notes

Background

This post is a follow up from the “Nested Virtualisation in Azure” post detailing some of the steps taken for configuring a functional installation of CCE in Azure. This post covers my engineering notes and is not a prescriptive guide on all steps required to install a functional CCE successfully in Azure.

A full walkthrough for installing CCE is already covered here:

http://www.ucprimer.com/tech-blog/cloud-connector-edition-cce-141-deployment-walkthru-part-1

http://www.ucprimer.com/tech-blog/cloud-connector-edition-cce-141-deployment-walkthru-part-2

The topology is as follows: –

cce

Cloud Connector .ini config – installation answer file

; Build number 6.0.9319.377 – Keep this comment for diagnostic purpose

;;;;;;;;;;;;;; Common (topology-wide) parameters. ;;;;;;;;;;;;;

[Common]

 

;Domain(s) of SIP URIs used by company users.

;Domain(s) registered on O365.

;Support multiple domains seperated by space. First domain is the default used.

;for phone URI.

SIPDomains=shcce.uk

 

;Domain DNS suffix for the Skype for Business Cloud Connector Edition itself.

;Virtual machines CMS, Mediation server join this domain.

;Can be local (e.g. does not need to be in public DNS)

;MUST be different with domain(s) registered on O365

VirtualMachineDomain=shcce.local

 

;AD Server Name

ServerName=SHCCE-AD

 

;AD Server IP address

IP=192.168.2.5

 

;O365 Online service FQDNs

;No need to change for world-wide O365 instance. For other instances, go to domain settings page in O365 portal to get the right Fqdns.

OnlineSipFederationFqdn=sipfed.online.lync.com

 

;Must update SiteName before deployment. Rigster-CcAppliance cmdlet uses SiteName to register current appliance to an existing or new site.

;If you want to register the appliance to an new site, SiteName must be unique and different from any other existing site in your Office 365 tenant configuration.

;If you want to register the appliance to an existing site, SiteName must match the site name defined in your Office 365 tenant configuration.

;If you are copying configuration file from one site to another, make sure you update the SiteName for each site correctly.

SiteName=Site1

 

;Optional site parameters

CountryCode=UK

City=London

State=Essex

 

;The IP address of the VM that prepares base VM image

;This setting is only necessary for Convert-CcIsoToVhdx

;Leave this blank if DHCP is supported

BaseVMIP=

 

;The address of Windows Server Update Service – an intranet server to host updates from Microsoft Update

;Leave them blank if WSUS is not needed and we’ll update from Windows Update site on the Internet instead

WSUSServer=

WSUSStatusServer=

 

;Type of hardware. The default value is Normal.

;You can also set to Minimum for smaller deployments that can support up to 50 simultaneous calls.

HardwareType=Minimum

 

;;;;;;;;;;;;;;;;;;;; Parameters for a pool of VM network. ;;;;;;;;;;;;;;;;;;;;

[Network]

 

; For corpnet IPs

CorpnetIPPrefixLength=24

 

; For Edge external IPs

InternetIPPrefixLength=24

 

; The hyper-V switch names for corpnet and internet connectivity.

CorpnetSwitchName=NATswitch

InternetSwitchName=NATswitch

 

;Default gateway in Corpnet

;Corpnet default gateway enables automatic updating the servers from the Corpnet

;It must be configured for Convert-CcIsoToVhdx to convert windows ISO file to VHDX file

;Corpnet default gateway will allow BaseVM to connect to internet and install window update packs

CorpnetDefaultGateway=192.168.2.1

 

;Internet default gateway to enable edge server to connect O365 servers

;Remove or leave it as blank if don’t want to configure default gateway

InternetDefaultGateway=192.168.2.1

 

;DNS IP addresses for corpnet. Use space as separator if there are multiple addresses

;This setting is necessary for OS update when WSUS servers are not configured, or they are specified using domain names

;This DNS IP address will be added as a forwarder on the AD server

;During Convert-CcIsoToVhdx, this DNS IP address will be assigned to corpnet connection network adapter

CorpnetDNSIPAddress=208.67.222.222

 

;Internet DNS IP address for resolving _sipfederationtls._tcp.<domain> and _sip._tls.<domain>

;This DNS IP address will be assigned to internet connection network adapter on Edge server

;The Edge server must be able to resolve public DNS records for the O365 Sip Domain

;If Gateway FQDN uses O365 Sip Domain in name for TLS purposes, be sure to set this IP Address to allow Edge to resolve these records

InternetDNSIPAddress=208.67.220.220

 

; The management switch to provide network connectivity of host and VMs.

; ManagementIPPrefix in MUST be configured as different subnet from other internal IPs.

; Just as the default value shown, ManagementIPPrefix is 192.168.213.0, while AD IPAddress is 192.168.0.238

; The ManagementIPPrefixLength should be a value in range [8, 29].

ManagementSwitchName=tmp_ManagementSwitch

ManagementIPPrefix=192.168.3.0

ManagementIPPrefixLength=24

 

;;;;;;;;;;;;; Parameters for Primary Central Management Service. ;;;;;;;;;;;;;

[PrimaryCMS]

 

;Server name which will be used to generate Server fqdn. It can NOT contain .<DomainName>

;Pool name will be the same as server name.

ServerName=CMSServer

 

;Server IP address

IP=192.168.2.6

 

;File share name for Primary CMS File Store Service.

;Must be created on the Primary CMS server (used for replication of CMS data

;to other servers and backup CMS)

ShareName=CmsFileStore

 

;;;;;;;;;;;;;;;;;;;; Parameters for a pool of Mediation Servers. ;;;;;;;;;;;;;;;;;;;;

[MediationServer]

 

;Server name which will be used to generate server fqdn. It can NOT contain .<DomainName>

ServerName=MediationServer

 

;Pool name which will be used to generate pool fqdn. It can NOT contain .<DomainName>

PoolName=mspool

 

;Server IP address

IP=192.168.2.7

 

;;;;;;;;;;;;;;;;;;;; Parameters for a pool of Edge Servers. ;;;;;;;;;;;;;;;;;;;;

[EdgeServer]

 

;Server name which will be used to generate server fqdn. It can NOT contain .<DomainName>

InternalServerName=EdgeServer

 

;Pool name which will be used to generate pool fqdn. It can NOT contain .<DomainName>

;FQDN of the Edge Pool internal interface must resolve to IP addresses on

;internal interfaces of all edge servers (one A record per server)

InternalPoolName=edgepool

 

;Internal IP addresses of servers in Edge Server Pool.

InternalServerIPs=192.168.2.8

 

;Pool name which will be used to generate pool fqdn. It can NOT contain .<DomainName>

;FQDN of the Edge Pool external interface for SIP traffic must resolve to

;IP addresses on external interfaces of all edge servers (one

;A record per server) or to the VIP of HLB (if HLB is used for SIP traffic).

;The suffix of this FQDN should be the default (first) internal domain.

;The “sip” prefix is not allowed.

ExternalSIPPoolName=ae

 

;External IP addresses of servers in Edge Server Pool for SIP traffic.

;Public IP addresses if there is no NAT (firewall or HLB),

;NAT-ed addresses otherwise.

ExternalSIPIPs=192.168.2.9

 

;Pool name which will be used to generate pool fqdn. It can NOT contain .<DomainName>

;FQDN of the Edge Pool external interface for media traffic must resolve to

;IP addresses on external interfaces of all edge servers (one

;A record per server) or to the VIP of HLB (if HLB is used for media traffic).

;Can be the same FQDN as External SIP FQDN (since there is no client

;SIP traffic in this topology there is no conflict for port 443).

ExternalMRFQDNPoolName=mr

 

;External IP addresses of servers in Edge Server Pool for Media traffic.

;Public IP addresses if there is no NAT or firewall or HLB,

;NAT-ed addresses otherwise.

;Can be the same IPs as External SIP IPs (since there is no client SIP traffic

;in this topology there is no conflict for port 443).

ExternalMRIPs=192.168.2.9

 

;Public External IP addresses of servers in Edge Server Pool for Media

;traffic. Should only be specified if NAT (firewall or HLB) is used.

;If NAT is not used, keep this element here and leave the value as blank.

;Single IP addresses in case of HLB, multiple addresses (one per edge)

;in case of DNS LB.

ExternalMRPublicIPs=52.232.x.x

 

;Public External port range for Media Relay (AV Edge role)

;MR port start from 50000, the range should be even number from 100 to 10000

;For both TCP and UDP

;Each concurrent call need 2 ports

;So the concurrent call capability in MR should be range / 2

;Note: concurrent call number also depends on the capability of PSTN Gateway

ExternalMRPortRange=10000

 

;Parameters for gateway

;If only one Gateway is needed, remove entire [GateWay2] section. Don’t keep it but leave values empty.

;If Gateway FQDN uses O365 Sip Domain in name for TLS purposes, be sure to set InternetDNSIPAddress to allow Edge to resolve these records

[Gateway1]

 

; Gateway FQDN

FQDN=acvsbc.shcce.local

 

;Gateway IP address

IP=192.168.2.20

 

;Gateway Port

Port=5060

 

;Protocol for SIP traffic (TCP or TLS)

Protocol=TCP

 

;List of voice routes used by this gateway.

;Routes are defined in the next section.

VoiceRoutes=LocalRoute

 

;;;;;;;;;;;;;;;;;;;; Parameters for hybrid voice routing ;;;;;;;;;;;;;;;;;;;;

[HybridVoiceRoutes]

;Named voice route to be used by one or more gateways

LocalRoute=.*

 

;;;;;;;;;;;;;;;;;;;; Parameters for TrunkConfiguration ;;;;;;;;;;;;;;;;;;;;

[TrunkConfiguration]

;Whether Gateways support Refer. It is used for Call Transfer scenario.

;The value can be “true” or “false”. Default value is “true”.

;EnableReferSupport set to “true” means the Gateway(s) support Refer which can handle all the call transfer stuffs.

;EnableReferSupport set to “false” means the Gateway(s) don’t support Refer. Then Mediation Server will handle all the call transfer stuffs.

EnableReferSupport=true

 

  • For ease of installation both corpnet and internet networks were put on the same vSwitch.
  • Internal and external Edge interfaces are in the 192.168.2.0/24 range
  • NAT was used for the vSwitch
  • The Management vSwitch is created by the installer during installation of the CCE. This switch can be deleted once the installation is finished.
  • A fixed Azure public IP was assigned to the Hyper-V host. This address was configured in the .ini file as the ExternalMRPublicIPs for media relay.
  • Sipgate.co.uk ITSP was used to connect the ‘CCE’ to the PSTN via sip trunk to Sipgate.
  • AudioCodes vSBC was used to terminate the Sipgate trunk.

 

Azure Firewall Configuration

 

ccefwrules

A static mapping was used to forward these ports to the CCE Edge Server. Example command for access edge:-

Add-NetNatStaticMapping -NatName “NATNetwork” -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 192.168.2.9 -InternalPort 443 -ExternalPort 443

Add-NetNatStaticMapping -NatName “NATNetwork” -Protocol UDP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 192.168.2.9 -InternalPort 3478 -ExternalPort 3478

Add-NetNatStaticMapping -NatName “NATNetwork” -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 192.168.2.9 -InternalPort 5061 -ExternalPort 5061

To add the 50K range the cmdlets were created with Excel. There doesnt appear to be an integer limit on the number of Static Mappings that can be added as over 10,000 ports have been configured  in the lab for media with no issues.

Add-NetNatStaticMapping -NatName NATNetwork -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 192.168.2.9 -InternalPort 50000 -externalPort 50000 (50,000 through to 59,999)

Add-NetNatStaticMapping -NatName NATNetwork -Protocol TCP -ExternalIPAddress 0.0.0.0 -InternalIPAddress 192.168.2.9 -InternalPort 59999 -externalPort 59999

Calls to/from Sipgate via the CCE in Azure complete succesfully.