People Communicate

Microsoft Unified Communications Blog

Monthly Archives: July 2011

Welcome To My Page

welcome to my page Pictures, Images and Photos

Add an Edge Server to Lync Server 2010

Deploying an Edge Server with Lync 2010

For this article I am going to add an Edge server and an XMPP gateway to an existing Lync environment. All articles moving forward will be built on the RTM bits of Lync, but to build the Front End server for this environment I followed the original article here, the only difference is the name of the server and the domain. The lab has the following servers and IPs:

Server Name

Role

IP Address

LyncDC.lyncguy.local

Domain Controller/DNS/CA

10.255.106.160

LyncFE.lyncguy.local

Lync Standard Edition Front End

10.255.106.161

Lyncedge.lyncguy.local

Lync Edge server – not domain joined

10.255.106.162 (internal NIC)

The active directory domain name for this lab is LyncGuy.local, with the public sip domain LyncGuy.com. I prefer to do these labs with different name spaces for AD and the public domain because that is the most common scenario I’ve run into in the real world. To make this work you have to have an internal copy of the public zone and an external copy; this is commonly referred to as “split brain DNS”.

To start with I have to create a copy of my public zone on my internal DNS server so internal clients can reach the Lync server directly. To accomplish this I’ve created the following records in DNS:

Record Type

DNS Entry

IP Address

A

meet.lyncguy.com

10.255.106.161

A

dialin.lyncguy.com

10.255.106.161

A

sip.lyncguy.com

10.255.106.161

We also need to create an SRV record for client automatic sign-in. The new record will be for “_sipinternaltls._tcp.lyncguy.com” and will point to sip.lyncguy.com on port 5061.

clip_image001

***Note – you can utilize another name here such as the Front End servers name, however the domain must match the sip domain. You also must have a SAN entry on the front end certificate to match this entry***

clip_image002

Now that our DNS zone is in order we can plan for our edge server. In this example I will be using 1 internal IP, 3 DMZ IPs and 3 Public IPs. Instead of placing the public IPs directly on the edge servers public NIC, I will NAT the public IPs to the private IPs with my lab ASA. I’ve also matched the last octet of the address to make it easier to manage at a glance.

Public Name

Public IP

DMZ IP

Sip.lyncguy.com

XX.102.182.163

10.255.110.163

Webconf.lyncguy.com

XX.102.182.164

10.255.110.164

Av.lyncguy.com

XX.102.182.165

10.255.110.165

Here is what the design looks like:

clip_image003

To start we need to add an edge to our topology, on the front end server (lyncfe) open “Lync Server Topology Builder”. Then we need to expand our topology, right click “Edge Pools” and choose “New Edge Pool”

clip_image004

Click “Next” on the “Define Edge Pool” page

clip_image005

Enter the FQDN you will be using for your edge and select “Single Computer Pool”

clip_image006

Next we have a screen offering 3 options:

§ “Use a Single FQDN & IP Address” – this option will not be selected because we have plenty of public IPs to use. If you only have 1 IP this is a good option – however this will force you to use ports other than 443 which aren’t always open outbound from corporate networks and may cause usability issues on networks you cannot control.

§ “Enable Federation (port 5061) – this option will configure the edge server to listen on port 5061 of the access edge IP for inbound federation traffic from other Lync and OCS environments

§ “The external IP address of this edge pool is translated by NAT” – this option tells Lync the IP addresses on the outside interface of the edge are not the actual public IP addresses. Putting the edge behind another firewall can give an extra layer of security and help prevent the server from being compromised.

For this scenario we have selected “Enable Federation (port 5061)” and “The external IP address of this edge pools is translated by NAT”

clip_image007

Next we define our public names for the edge roles, notice all roles use port 443. I would highly recommend using this method if possible.

clip_image008

Now we set the IP address for the internal network of our edge server. In this scenario I have placed the internal NIC on the same subnet as the domain controller and front end server. Because of limited resources in my lab I have configured the environment this way, whenever possible I recommend placing this NIC in another DMZ that has a higher security level than the DMZ for the outside interfaces.

clip_image009

At this point we specify the DMZ IP addresses of our edge server

clip_image010

In the next box we will enter the Public IP address of the A/V edge services (av.lyncguy.com). In OCS 2007 R2 we had to make sure the edge server could resolve the public name to the public IP, however, this box allows that requirement to be removed and we can just enter the IP here.

clip_image011

Next we select our next hop server (the front end server)

clip_image012

clip_image013

Next we click “Finish” and the wizard completes, we can now see our newly defined edge server in the Topology.

clip_image014

Now we can publish our topology.

clip_image015

clip_image016

clip_image017

Before we move on to working on the edge server we need to open the Lync Server Control Panel and configure our External User Access policies.

Under External Access Policy>Global Policy: Modify the existing policy to allow remote user access, federation and public IM connectivity (all of these are optional). Click “Commit” when you have selected the options that are right for your environment

clip_image018

Now under Access Edge Configuration>Global Policy: Modify the existing policy to Enable Federation, remote user access and anonymous access to meetings. I’ve also enabled dynamic domain discovery. This allows our Lync users to automatically add Lync/OCS users from other environments without requiring administrative configuration. This option may not be right for all environments, if it isn’t right for your environment you’ll want to use the “Federated Domains” tab to define the allowed domains and uncheck this option. Next click “Commit”

clip_image019

Now that our environment is ready, we need to export the topologies configuration to a file which we we’ll import during the Edge install. On the front end server open “Lync Server Management Shell” and run the command:

Export-csconfiguration –filename c:\topology_export.zip

clip_image020

The file “topology_export.zip” will now be on the C drive of your front end server. This file will need to be copied to the edge server.

clip_image021

Now that the topology has been updated we need to log into our edge server and configure it.

First we need to make sure that all the IP Addresses get assigned to the appropriate NIC.

On the internal NIC we will use only an IP Address and subnet mask, we cannot put a default gateway on this interface.

clip_image022

Next, on the external NIC we will fill in an IP address, subnet mask, default gateway and DNS, do not click “OK” yet

clip_image023

We also need to bind our other 2 IP addresses to the external NIC, to do this click the “Advanced” button and then click “Add” under “IP Addresses” and add each IP address

clip_image024

At this point we’ll want to add a route back to any internal networks the internal NIC. For this example I will be adding a route back to an internal network of 10.255.200.0/24, this could be another client or server subnet that the edge server will need to know how to route to. The edge’s internal interface must be able to route to all internal networks via a gateway on the same network as its internal NIC, so if you have multiple networks you will have to add them all. To do this we will use the route add command from a command prompt (Run As Administrator):

Route add –p 10.255.200.0 mask 255.255.255.0 10.255.106.1

The “-p” portion of this command makes the route persistent, “10.255.106.1” is the next hop router to reach the other internal networks.

clip_image025

Next we need to configure hostname of our edge server. When we configure this value we must also add a primary DNS suffix. This is different than adding the computer to the domain, but it does tell the computer it’s full name (i.e. LyncEdge.lyncguy.local).

clip_image026

clip_image027

Once you have updated the name and primary DNS suffix and you click “OK” you will be prompted to reboot the edge server.

While the edge server is rebooting we can add a DNS entry on the domain controller so all internal resources know how to reach the server by its “FQDN” – it’s not actually an FQDN because it isn’t domain joined, but the rest of the systems will need to be able to route to it like it is.

clip_image028

Once the edge has rebooted we will need to add the feature “Microsoft .NET Framework 3.5”, to do this open Server Manager, go to Features, click “Add Features” and choose “Microsoft .NET Framework 3.5”.

clip_image029

You can click “next” through all other screens and then click “Install”. Once the install completes we can move on to starting the Lync install. First we need to copy the topology_export.zip file created above to the C drive of the edge server.

Now we can run the CD, we will immediately be prompted to install the “Microsoft Visual C++ 2008 Redistributable”, click OK here:

clip_image030

The install window for Lync will pop up when the C++ install completes

clip_image031

Click “Install” and then accept the terms and click “OK”

Now we are back in the familiar Lync Server Deployment Wizard

clip_image032

Click on “Install or Update Lync Server System”

Under Step 1 we click “Run”

clip_image033

Select the topology_export.zip file from the C drive and click “Next”. This will allow the edge server to gather its settings from the export file.

clip_image034

A number of pre-requisites are installed at this point. When this completes click “Finish”

clip_image035

Now click “Run” under Step 2

clip_image036

Click “Next” and a number of pre-requisites are installed

clip_image037

Once the install completes we can open up the Services snap-in and see the Lync Services are now present

clip_image038

Before we can move on to Step 3 (Requesting Certificates), we need to make it possible for the edge server to resolve names of the internal servers it will talk to. This will include the CA because we will need to request the certificate for the internal interface from the internal CA. Also, we will need to trust the internal CA so we will need to export its certificate and install it on the edge server.

To allow the edge server to resolve some internal names but not all we have a few options, a DNS server in the DMZ is one, but for this article we will be editing the host file. The reason I’ve chosen not to utilize the internal DNS servers is to limit the number of servers the edge server can look up in case it is compromised.

The host file is located at “C:\windows\system32\drivers\etc”, the best method of editing this file is to run Notepad as administrator and then open this file (You’ll have to switch to “All Files” in the file type selection box)

clip_image039

For this scenario I will add entries for the CA and the Front End server:

clip_image040

Now that we can resolve the CA, we’ll use the web enrollment page to download the Root CA chain.

Open IE and go to https://lyncdc.lyncguy.local/certsrv, you may have to authenticate, if you do use your domain account. Click on “Download a CA Certificate, Certificate Chain, or CRL”

clip_image041

Click on “Download CA Certificate”

clip_image042

Save the file to the desktop or another location on the edge server.

Open the certificates snap-in for the local computer, expand “Trusted Root Certificate Authorites”, right click “Certificates” and choose “Import”

clip_image043

Browse to the file you download in the last step and click “Open”

clip_image044

This will import the certificate into the trusted store for the local computer.

Now we move on to Step 3 in the Deployment Wizard, requesting and installing certificates

Highlight “Edge Internal” and click “Request” – this will allow us to request the certificate for our internal communications between the edge server and the front end.

clip_image045

I won’t cover every step in this wizard; you should be using all defaults here other than information specific to your environment. I will however strongly suggest you do not add any SANs to this certificate. One other thing of note, you will want to do this certificate request online, specifying your internal CA as show below

clip_image046

You will also have to provide domain credentials to request the certificate

clip_image047

Once the request is completed the wizard will automatically take you to the next wizard to assign the certificate. Again, this is a next-next-finish scenario.

Because this is a lab scenario and I will not be requesting public certificates I will just re-run this wizard select “External Edge Certificate” for the second certificate. If you are using public certificates you will want to choose “Prepare Request now but send later (offline request)” for your request.

clip_image048

***One important difference between OCS 2007 R2 and Lync is the edge roles can now all share one certificate with a subject (CN) of only the access edge, you no longer need to re-generate the certificate for each role, utilizing that roles FQDN as the subject name. For information on how that worked in OCS 2007 R2 please see this article***

The new certificate will have the following fields automatically, unless you are configuring multiple sip domains there is no need to modify this or add additional SANs.

Subject (Common Name)

Sip.lyncguy.com

SAN 1

Webconf.lyncguy.com

SAN2

Sip.lyncguy.com

Now we can run Step 4 to start the services and our edge server should be up and running.

Once this process is complete the NATs and access lists must be created on the firewall to allow the appropriate traffic in and out. I have only covered the inbound rules in the table below, please see the edge server documentation or the Lync Server Planning Tool for more detail.

Rule 1

Public IP

Private IP

Allowed Protocol – Port

Access Edge (client access)

XX.102.182.163

10.255.110.163

TCP – 443

Access Edge (federation)

XX.102.182.163

10.255.110.163

TCP – 5061

Web Conferencing Edge

XX.102.182.164

10.255.110.164

TCP – 443

A/V Edge

XX.102.182.165

10.255.110.165

TCP – 443

A/V Edge

XX.102.182.165

10.255.110.165

UDP – 3478

A/V Edge

XX.102.182.165

10.255.110.165

TCP – 50,000 through 59,999

A/V Edge

XX.102.182.165

10.255.110.165

UDP – 50,000 through 59,999

After the firewall changes are made we need to create the A records for each of our services on the public DNS server

Record Type

Name

IP Address

A

Sip.lyncguy.com

XX.102.182.163

A

Webconf.lyncguy.com

XX.102.182.164

A

Av.lyncguy.com

XX.102.182.165

You will also need to create an SRV record for auto sign-in on the domain and federation. For automatic sign-in you can create an SRV record for _sip._tls.lyncguy.com pointing to your access edge server (sip.lyncguy.com) on port 443. For federation you will need to createn an SRV record for _sipfederationtls._tcp.lyncguy.com pointing to your access edge server on port 5061.

Now we can test the server using https://www.testocsconnectivity.com/ and get ready to deploy reverse proxy. For that I’m going to point you to Randy Wintle’s article on the subject.

Step By Step For Installing Lync Server 2010 consolidated standard edition server

Pre-requirements

I will base this server one Windows 2008 R2 Standard and it is placed on a Hyper-V 2008 R2 host. First we need to start with installing the pre-requirements. Please make sure that you have installed all available updates from Microsoft Update before you continue. To start the requirements installation we can use PowerShell.

To import the Server manager module run the following command:

Import-Module ServerManager

image

Now we can start the actual installation of all required components with the following command:

Add-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Static-Content,Web-Default-Doc,Web-Http-Errors,Web-Http-Redirect,Web-Asp-Net,Web-Net-Ext,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Http-Logging,Web-Log-Libraries,Web-Http-Tracing,Web-Windows-Auth,Web-Client-Auth,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools -Restart

After the installation the server will restart automatically since we added the –Restart parameter.

image

Also, install Microsoft Silverlight, this is needed to run the Lync Server 2010 installation GUI. Silverlight can be found here: http://www.microsoft.com/getsilverlight/Get-Started/Install/Default.aspx

The installation of Silverlight is very straight forward, after the download run Silverlight.exe and click on Install now. The installation process will start and when finished click Next and then Close.

We also need to create a file share on the Lync server 2010 server. I will place my directly under C: and name it LyncShare.

image 

Share the folder and make sure that everyone has full control.

image

We will also be needing a number of DNS entries. Add the following records to your domain controllers DNS servers.

Name

Target

meet.sundis.local

<Lync 2010 Server IP>

admin.sundis.local

<Lync 2010 Server IP>

dialin.sundis.local

<Lync 2010 Server IP>

Now we are ready for the fun stuff!

Installing Lync Server 2010

Insert your Lync Server 2010, if AutoPlay does not start, navigate to your drive \Setup\amd64 and execute setup.exe. The first thing you will need to do is to install Microsoft Visual C++ 2008 Redistributable Package, click Yes to proceed.

image

When Microsoft Visual C++ 2008 Redistributable Package is installed you will need to choose the installation directory. The default location will be just fine for me, change the location to match your preferences and then click Install.

image

Next you need to accept the license agreement, check I accept the terms in the license agreement and then click Ok.

image

Now the Deployment Wizard launches and you will have a number of choices. We will start with Prepare Active Directory.

image 

We will now have number of steps to complete, go through each of them starting from the top with Prepare Schema, click Run to start the wizard.

image

When the wizard starts click Next to continue.

image

The schema preparation is automatic, click Finish when the Task Status says Completed.

image

The next step is to Prepare Current Forest, click Run to start the wizard.

image

When the wizard starts click Next to continue.

image

We will configure the local domain, click Next to continue with defaults.

image

The forest preparation is also automatic, click Finish when the Task Status says Completed.

image

The last preparation wizard we need to run is Prepare Current Domain, click on Run to start the wizard.

image

When the wizard starts click Next to continue.

image

Again, the preparation is automatic, click Finish when the Task Status says Completed.

image

The last step is to grant access to the Microsoft Lync Server 2010 Control Panel, do the following:

  1. Log on as a member of the Domain Admins group or the RTCUniversalServerAdmins group.
  2. Open Active Directory Users and Computers, expand your domain, right-click the Users container, and then click Properties.
  3. In CSAdministrator Properties, click the Members tab.
  4. On the Members tab, click Add. In Select Users, Contacts, Computers, Service Accounts, or Groups dialog, locate the Enter the object names to select. Type the user name(s) or group name(s) to add to the group CSAdministrators. Click OK.
  5. On the Members tab, confirm that the users or groups that you selected are present. Click OK.

After completing all the steps, click on Back to return to the Deployment Wizard.

Moving on, The Topology Builder is next and with this tool we create a topology that we use to deploy the actual Lync Server 2010 system. To start the installation click on Install Topology Builder.

image

The installation will now run and it is automatic, when it is finished we will move on to Preparing the first Standard Edition server.

image 

On the introduction screen click Next to continue.

image

The installation will begin and when completed click Finished to close the wizard.

image

Now it is time to start with some configuration, locate the Lync Server Topology Builder on the Start Menu.

image

The first thing we need to do is to select if we have a topology we want to open or if we want to create a new one. Choose New Topology and click Ok.

image

Choose where to save your topology files, I will save my files in C:\Lync Server 2010 Topology Builder and call it sundis.tbxml. When you are finished choosing name ad location click Save.

image

Then enter a SIP domain that matches your preferences, I will enter sundis.local. This is the internal domain name in my family domain and will work well for the purpose of this installation, click Next to continue.

image

We will not add any additional SIP domains at this point, click Next to continue.

image

Enter a name for you default site, I will enter Sundis, then click Next to continue.

image

Enter your City, State and country and click Next to continue.

image 

We want to continue to configure a front end pool so click Finish. When the New Front End Pool wizard starts click Next to continue.

image

Now we must define a FQDN for our Front End Pool. Wine this is a simple single server installation I will use the servers FQDN sundis-lync01.sundis.local. Chose Standard Edition Server and click Next to continue.

image

We will chose the following components for this installation:

  • Conferencing (without Dial-in for now)
  • Enterprise Voice
  • Call Admission Control

Check those options and then click Next to continue.

image

We will collocate the mediation server, check Collocate Mediation Server and then click Next.

image

We will not enable any more components, click Next to continue.

image

We have already installed SQL server on the Lync Server 2010 server and the wizard finds it automatically. Click on Next to continue.

image

Now we will enter the share name we used when creating the file share earlier. I named the share LyncShare, enter your share name and click Next to continue.

image

We will not enter a public FQDN at the moment and will leave it as default, click Next  when finished.

image

We will not add a gateway at this moment, click on Finish to end the wizard.

image

When the wizard closes you will be presented with the Topology builder, Take a moment to go through the configuration, then go back to the original screen an click on Edit Topology.

image

In the left pane, select Simple URLs, in the main pane, enter a URL in the field Administrative access URL. In my case this is https://admin.sundis.local, then choose the Front end server to install Central Management Server on. If all is well you should only have one choice here, click Ok when done.

image

Now it is time to publish our topology to the management server. Back in the topology builder, click on Publish Topology in the Actions Pane.

image

When  the wizard has loaded, click on Next to start the publishing.

image

You should only have one Central Management Server, make sure it is selected in the drop-down list and then click Next.

image

When the wizard completes, make sure that all steps are successful an then click Finish.

image

Thanks for reading, I hope that you find it helpful!

Microsoft Lync 2010, Asterisk and Skype installation and integration guide

Trixbox is a great distribution of Asterisk, however it does break certain Asterisk standards and you can’t beat a good command line – yes in Asterisk’s case the command line is easier than a web interface.

So why not plain old Asterisk? AsteriskNOW makes light work of the install and I’m by no means a Linux guru! You can still opt for the FreePBX front end – but we will choose to not go down this dark path – trust me on this!

So let’s talk objectives…

  1. Setup AsteriskNOW, configuring a SIP extension and corresponding dial-plan
  2. Install and configure Skype for Asterisk (SFA), ensuring the SIP extension above can route in/out
  3. Take the Lync 2010 Server install performed here and integrate it with AsteriskNOW
    • Make calls to and from the Asterisk SIP extension (Lync & SFA)
    • Make calls to and from the Lync client (SIP & SFA)

So here is an idea of how this will all piece together:

clip_image002

Sounds like a tall order right? Wrong. With AsteriskNOW and Lync Server 2010, it is reasonably straight forward and I will endeavor to document the end-to-end setup process.

Before I begin let me talk about SFA…

Skype as you may or may not be aware offers two SME level VoIP integrations:-

  1. Skype for SIP (now re-branded as Skype Connect) – essentially a way of integrating Skype’s cloud of PSTN in/out connectivity including the capability to call Skype users (22.5k online as I type) to an SIP enabled IP PBX – for supported vendors see here.
  2. Skype for Asterisk (SFA) – an add-on Asterisk channel driver which allows for Skype-to-Skype calls and access to Skype’s as cheap calling rates via your Asterisk end-point.

If you are already running an Asterisk based PBX you will probably want to know the difference. From a high level it comes down to the following:-

  1. Cost – Skype Connect is subscription-based, you pay $6.95 per channel plus calling costs – not cheap for those who want to use this for a lab sized implementation.
  2. Functionality – SFA is not channel-based, it is user-based, for a one off charge of $66 you get a single user license – sounds a bit more digestible, right? A single license would give you one channel. In this guide we will enable a single license be configured to route out from either SIP or Lync end points. From an inbound perspective you could create a Lync response group or Asterisk call group to broadcast inbound calls to multiple users.

One (or should i say three?) last caveat before we get on with the good stuff:-

  1. Lync is currently in release candidate, it is unlikely to change on a grand scale, but be aware it is not supported by Microsoft
  2. Lync (or OCS) + Asterisk integrations are not supported by Microsoft
  3. This is a “just for fun” guide or lab setup only

Okay, with that over with let’s look at requirements

  1. I’ll be using Windows Server 2008 R2 with Hyper-V to run Lync Server 2010 RC & AsteriskNOW
  2. I have assigned 2gb of memory to Lync Server 2010 RC and 512mb to AsteriskNOW (I know this seems minimal but it is enough for this small test setup)
  3. You’ll need to setup a Skype business account as SFA will not work with regular consumer accounts (you can route Skype-to-Skype calls between business and consumer accounts)
  4. Once you have setup a free Skype business account you’ll need credit as without credit it won’t route out to PSTN. I suggest you test the account by adding it to a Skype software client first (if you hit any roadblocks further down the line you’ll be pleased to have ruled this potential issue out)
  5. Buy an SFA single channel license which can be purchased directly from Digium, the makers of Asterisk, via their online store (currently at $66) – you’ll get a license key that we will activate later…

Let’s begin…

Download a copy of AsteriskNOW, I have opted for the 64-bit version here, whilst this is downloading (it is approximately 600mb), let’s setup our VM.

Create a name:

clip_image004

Set memory:

clip_image006

Don’t connect it to your virtual network, we’ll need to create a legacy network adaptor as we are using Linux

clip_image008

I’m going to accept the default options when configuring my virtual disk (this isn’t usually recommended for performance, but for AsteriskNOW it’ll be sufficient)

clip_image010

Once your bootable AsteriskNOW ISO is downloaded, select this as the operating system to boot from within Hyper-V Manager

clip_image012

Our summary, click Finish

clip_image014

Before we kick off the install, you’ll need to go to your settings and add one hardware component, the legacy network adaptor mentioned earlier – and make sure this is connected to your virtual network

clip_image016

Let’s start our VM! Fingers-crossed the AsteriskNOW ISO will boot and the install commences, select option 5 – Asterisk 1.6 only (we need Asterisk 1.6 for TCP support, a SIP trunk requirement for OCS and Lync)

clip_image018

Select yes, to accept the creation of partitions and wiping of data

clip_image020

The default partition scheme is fine, select next. Set your region, select next and create a root (or Administrator) password then click next.

clip_image022

The install will now commence, in my case I’m going to grab some breakfast…!

clip_image024

I’m back and the install is complete, eject your ISO via the Hyper-V toolbar, Select Media -> DVD Drive -> Eject. Then click reboot

clip_image026

During the boot sequence you’ll see a ton of text, which will all (hopefully) end with [   OK   ]. Upon completion you will see a Setup Agent, quit this and you will be presented with the screen below.

clip_image028

Login with your root account and start the network configuration utility, type system-config-network. You will then be presented with the screen below

clip_image030

Edit your network device “eth0 – Digital Equipment Corporation DECchip 21140 [FasterNet]“, remove the DHCP option and set a static address, in my case 192.168.10.30

clip_image032

Save and now edit your DNS configuration. In my case I have a local DNS server (192.168.10.253) but set this to suit your needs. I have also set my host name as ast.jacobs.local (jacobs.local is my local domain name) and set the search to my local domain. Then Save & Quit.

clip_image034

Once you are back to the command line type: shutdown –r now this will result in a reboot of the system. Once the system has completed a restart, login again as root. You should now be able to ping from this system to another address on your local network including the Internet (to check this, ping www.bing.com to ensure internet connectivity is working) – if you can’t then something has gone wrong! In some cases I have found that you need to head back into the network settings and re-input the DNS, this issue shouldn’t re-occur.

Now you are back to your Asterisk command line, type yum install register, you’ll be prompted to download the package, accept this by inputting Y and hitting enter. YUM is an abbreviated word for Yellow dog Updater Modified, it is a command line package management tool. The Register package is used to activate your SFA license.

clip_image036

Next we’ll update our version of AsteriskNOW, type yum update asterisk16, accept the upgraded packages (as detailed within our previous step)

clip_image038

Once completed, we’ll install SFA, type yum install asterisk16-skypeforasterisk, accept the package download. Once installed reboot, type shutdown –r now.

clip_image040

Once the reboot has completed login and we’ll register the SFA module (using the license key received from Digium). Login as root and type, register. Select option 1 (Digium Products), then option 7 Skype for Asterisk. Next you will be prompted to enter you SFA key, enter the key and register now. Click the space bar to run through the license agreement (does anyone read these?) and accept the agreementComplete your personal details and your license should be written to /var/lib/asterisk/licenses/ (you should back this up – I’ll explain this next). But one last reboot first, type shutdown –r now, our Asterisk install is now complete, next we’ll need to configure it!

clip_image042

To configure our Asterisk PBX we need to edit a number of text files, there are Linux-based editors, but in my experience they are not that user friendly and I like to perform this remotely using my friendly Windows PC, to do this you need an SSH client – I use WinSCP. Download a free copy via their website here. Once installed add a new site (see below)

clip_image044

Then change the default remote directory (as per the illustration below) and save the site.

clip_image046

Once saved click login. The first time you connect you will be prompted to save your Asterisk server key, click yes to add the host key to your cache. Finally enter your password, once connected an explorer type view of your Asterisk’s file system will be displayed – I have changed to a detailed view (choose view -> details)

clip_image048

Back-up your SFA license by copying the file from /var/lib/asterisk/licenses – there should only be one .lic file in there, just right click and copy to your desktop to save locally. Now head back to the folder /etc/asterisk – this is where our Asterisk config files are located.

We will be editing three files: (right click and “edit” within WinSCP)

  1. Sip.conf – for main Asterisk settings (trunks/extensions)
  2. Extensions.conf – for dial plans
  3. Chan_skype.conf – SFA settings

First sip.conf, replace the content of your file with the following settings (you should probably backup your original conf files before)

[general]

context=default ; Default context for incoming calls

allowoverlap=no ; Disable overlap dialing support. (Default is yes)

udpbindaddr=0.0.0.0 ; IP address to bind UDP listen socket to (0.0.0.0 binds to all)

bindport=5060

bindaddr=0.0.0.0

tcpenable=yes ; Enable server for incoming TCP connections (default is no)

tcpbindaddr=0.0.0.0 ; IP address for TCP server to bind to (0.0.0.0 binds to all interfaces)

srvlookup=yes ; Enable DNS SRV lookups on outbound calls

notifyhold = yes ; Notify subscriptions on HOLD state (default: no)

[1001] ; A locally attached SIP extension

type=friend

callerid=1001

canreinvite=no

dtmfmode=rfc2833

mailbox=1001

disallow=all

allow=ulaw

transport=udp

secret=password

host=dynamic

context=default

[Lync_Trunk] ; Our Lync trunk

type=friend

port=5068 ; This is the default Lync Server TCP listening port

host=192.168.10.29 ; This should be the IP address of your Lync Server

dtmfmode=rfc2833

context=from-lync

qualify=yes

transport=tcp,udp

Next extensions.conf, replace the content of your file with the following settings

[general]

static=yes

writeprotect=no

[globals]

[default]

;dialling other extensions starting with 1 followed by three digits

exten=>_1XXX,1,Dial(SIP/${EXTEN},20)

exten=>_1XXX,n,hangup()

;send every digit after 9 to Skype for Asterisk

exten=>_9.,1,Dial(Skype/${EXTEN:1},20)

exten=>_9.,n,hangup()

;dialling other extensions starting with 2 followed by three digits

exten=>_2XXX,1,Dial(SIP/Lync_Trunk/${EXTEN},20)

exten=>_2XXX,n,hangup()

[from-lync]

;dialling other extensions starting with 1 followed by three digits

exten=>_1XXX,1,Dial(SIP/${EXTEN},20)

exten=>_1XXX,n,hangup()

;send other calls to Skype for Asterisk

exten=>_.,1,Dial(Skype/${EXTEN},20)

exten=>_.,n,hangup()

This dial plan will enable call routing between Lync , Asterisk & SFA. Finally configure your chan_skype.conf

You will need to change the default_user to represent your Skype ID, in my case:

;default_user=james_bond changed to (general section)

default_user=imapcblog

update the password

;secret=goldeneye changed to (user section)

secret=myskypepassword

change the default context to match your dial plan

;context=demo changed to (user section)

context=default

route the inbound calls to your Lync extension, in my case 2001

;exten=s changed to (user section)

exten=2001

Once you have configured all three config files reboot Asterisk, type shutdown –r now. Congratulation, your Asterisk configuration is complete! Next we need to configure Lync and pre-supposing you followed my previous Lync install guide here, you will need to head back into the Lync Topology Builder – we didn’t add a PSTN gateway previously. Download your Topology from the existing deployment and save the file locally, then add a PSTN gateway (see both steps below)

clip_image050

clip_image052

Once you have added the PSTN gateway you will have to re-publish the Topology, this will update the existing Topology with the new configuration settings, click finish

clip_image054

To permit call flow between both Lync and Asterisk worlds we need to define our Voice Routing within Lync Server 2010. Open the Lync Server Control Panel and access the Voice Routing options, we’ll need to configure our Dial Plan, Voice Policy, Route and PSTN Usage. I won’t walk you through this configuration (some is based upon location preferences, in my case UK), but I will show you the resulting configuration within the Lync Control Panel.

First the dial plan summary (pay close attention to my normalization rules) – this will route 1xxx to Asterisk, +44xxxxxxxxx to Asterisk and 2xxx internally (treated as local extension)

clip_image056

Next the Voice Policy, the default Global Policy should have the following PSTN usage records (these rules will handle our calls destined for Asterisk)

clip_image058

and the routes, as follows

clip_image060

Finally the PSTN usage, as follows

clip_image062

In my previous guide we created a test user, that user should now have his or her telephone details set, in our scenario tel:2001 (this is not best practice in a production deployment of Lync/OCS, but as a lab setup with a single PSTN number we should be given a free pass!) typically in production we would assign individual PSTN number and normalize to an internal DDI range i.e. +44208 555 2001 would normalize to 2001 when dialed.

clip_image064

With these settings committed successfully your setup should be complete, calls can now be made between both Asterisk and Lync, to setup a SIP based client I recommend X-Lite (for download and setup instruction follow my previous guide here)

Here we can see X-Lite to Lync

clip_image066

And the reverse Lync to X-Lite

clip_image068

Finally, let’s SkypeOut, first from Lync! (this illustration won’t mean a lot, but you will have to trust me – it works!)

image

That’s it, whilst I’m sure there are better ways of achieving PSTN breakout from OCS or Lync (with hardware/gateways), there is a certain amount of self-gratification from 100% software based VoIP.

I’m sure my configuration could have been applied in a number of different ways and you’ll probably notice that whilst X-Lite will permit Asterisk-to-Skype calls (dial 9 + Skype name), at this time Lync will not – only numbers can be passed (I’m happy to take suggestions on this). Otherwise let me know if you have spotted any errors or need guidance on issues (I’ll be moderating the comments below) and above all good luck and have some fun!