Microsoft Office Communications Server 2007 VoIP Test Set enables you to simulate a SIP endpoint to test connectivity.
Emulation options include the following:
Client emulation - To emulate a Microsoft Office Communicator client, you specify a SIP-enabled user account to register with Office Communications Server. This can be useful for troubleshooting problems with incoming or outgoing Enterprise Voice calls.
Server emulation - You can use VoIP Test Set to emulate a Mediation Server or a gateway. To emulate a server, you specify the IP address, port number, and other settings of the server to be emulated. This can be useful for emulating components during the setup of the Office Communications Server 2007 infrastructure to verify the functionality of components that have already been deployed.
Download here..Voip Test Tool
Backing up your OCS server and pool configurations are only a portion of a good recovery or disaster recovery (DR) plan. In todays blog I will concentrate more on the side of backing up your pool settings. Backing up your pool configs can defintely help with the recovery of your OCS infrastructure in the case of a recovery, but by all means its not the end all be all for a good DR plan.
The LCSCmd.exe command-line tool can be used to back up global-level settings, pool-level settings, and computer-level settings.
The LCSCmd.exe tool is automatically installed when Office Communications Server 2007 is installed. This tool is also available on any computer
where Office Communications Server 2007 Admins tools is installed.
Backing up the settings needed to restore Office Communications Server 2007 requires backing up the following:
Global-level and pool-level settings. This requires the following:
For a Standard Edition server environment, back up these settings on only one Standard Edition server.
For an Enterprise pool, back up these settings on only one front-end server.
Computer-level (machine-level) settings. Back up these settings on each Office Communications Server 2007 server in your deployment.
(The below instructions are pretty much step by step)
1. Log on to a Standard Edition server or a front-end server in an Enterprise pool, or to a separate computer on which Office Communications Server 2007 administrative tools have been installee, with an account that has RTCUniversalReadOnlyAdmins (at least), as well as write permissions for the
folder to which settings are to be backed up.
2. Open a command prompt. Click Start, click Run, type cmd, and then click OK. (maybe a little too detailed there)
3. At the command prompt, change to the directory containing the LCSCmd.exe tool (by default, <drive>:\Program Files\Common Files\Microsoft Office Communications Server 2007).
4. To export both levels of settings (global and pool), do one of the following:
To export global-level and pool-level settings in an Enterprise pool to a single configuration file (.xml file), type the following command:
lcscmd /config /action:export /level:global,pool /configfile: <drive>:\<path>\<filename>.xml /poolname:[name of pool for which settings are to be exported]
To export global-level and pool-level settings for a Standard Edition server to a single configuration file (.xml file), type the following command:
lcscmd /config /action:export /level:global,pool / configfile:<drive>:\<path>\<filename>.xml /poolname
Most people involved in deploying Windows have heard of the Microsoft Solution Accelerator for Business Desktop Deployment.
http://www.microsoft.com/technet/technetmag/issues/2007/11/ExtendingBDD/default.aspx
ADAM Role Provider
If you are looking for the ADAM role provider for SharePoint, you can download the ADAM role provider here.
The Active Directory Membership Provider and SharePoint Introduction
It is relatively common with a corporate environment to use Active Directory as the method of network user management, for authentication to a variety of applications, one of which is typically SharePoint. With the new version of SharePoint, there is the ActiveDirectoryMembershipProvider, which provides all the features that are exploited through the use of custom as well as the standard SQL provider that is shipped with Microsoft Office SharePoint Server (MOSS). While using the Active Directory membership provider, one can use either the full version of Active Directory or the lighter product Active Directory Application Mode (ADAM), and although the provider is quite similar to the default SQL provider that is shipped with MOSS, it clearly has some distinctions because of the way that it must interact with the directory server. It is important to keep in mind that although AD and ADAM appear to provide the same functionality, ADAM is a much lighter version of AD, and an architect must plan accordingly for the extra features that Active Directory will introduce into an environment. If you domain environment is rather complex, and a large forest with a large amount of trees, it is best to use a test environment when firstly setting up the ActiveDirectoryMembershipProvider, paying particular study and analysis to the domain that you plan on leveraging the provider in before implementing and binding it to your SharePoint environment.
LDAP and The Active Directory Membership Provider
The provider AD provider is also called the LDAP (Lightweight Directory Access Protocol provider because the AD/ADAM provider will in essence communicate with the directory using LDAP commands, this is how the provider is structured. It is quite different from the SQL membership provider in this because it will never return a tangible login token, the provider simply builds the structure by which SharePoint can make LDAP calls to the directory server and marshal back those returns back to SharePoint, there is never any security context that is bound to the actual thread.
Directory Containers
Operationally, the provider works with the directory containers. When examining the Active Directory provider, there is a separation yet common architectural consideration between AD and ADAM at this point since the two technologies are dissimilar, yet alike, in regards to extendibility and manageability. When using the provider against a full blown AD environment, it is important to realize that the provider will point to a singular domain, and within ADAM, the provider needs to be pointed at a single application partition, which is essentially a separate domain. It is however, possible to use the provider within an environment that has multiple domains, however the provider must be instantiated however many domains are going to be bound to the AD provider, i.e. if you have 4 domains you are going to have 4 provider instances.
Global Catalog and Connection Strings
Although the Active Directory provider may seem like a new way to interact with Active Directory at a variety of levels, there are some consideration in terms of what can be read and written when using the provider. Active Directory at its heart use the global catalog to manage all the queries that are done against it, particularly when there is a large domain forest with multiple domains that exist under it, it is the core portion that lets an administrator manage various types of user objects. There are however several assets that exist in the global catalog that are considered read only, and therefore are not good for the provider to interact with, such as modifying user information from the provider when prefixing the connection string with the global catalog conventions. Similar to how the SQL membership provider will work, so does the Active Directory membership provider, in that it also uses the concept of connection strings to know where it should point to. The provider connection strings are quite similar in structure as well:
< connectionStrings >
< add name=”adconnection” connectionString=”LDAP://SharePointDomain.dns.name”/ >
< /connectionStrings >
The exact connection string will vary however between Active Directory and ADAM, for example, you might find this connection string for a full AD environment:
LDAP://sharepointdc.mysharepoint.com/OU=SharePointOU,DC=mySharePoint,DC=com
Caveat Of Using ADAM
However when using ADAM, since it must be instead have the specific container information for it, it will looks slightly different. This differs from Active Directory because the provider when working with SharePoint can instead just be pointed to the at the domain, in which case the AD provider will use the user containers since it is the most common within an enterprise (this is the default option). This is however configurable, and the exact container that will be used can be set within the configuration in the connection string (similar to pointing the container for ADAM). If you require a more extendable option, one in which there are several containers, it is best that the containers are structured in the a hierarchal environment, in which there are parent containers with children ones. For most operations that the provider will use, this will prove to be an adequate architecture since it will search through the children containers when performing queries. This although may result in a complex container architecture, but is a powerful option to leverage if you must leverage several containers to use with the provider, and typically much easier to set up than a more complex multiple instance situation with the provider. It is however important to realize that certain actions within this type of environment are not legal, and will fail unless you do setup those separate instances. If the users aren’t pre-existing, and you require operations for deleting existing users, this is a poor architecture to use, since these operations will not be successful because these operations cannot transverse through several levels. All users that are created or deleted must exist at a specific location in order for user creation and deletion to be successful. Nesting containers, regardless of methods lost when integrating containers that exist outside the one specifically named, is still a powerful mechanism for the SharePoint architect to use. The methods that are being lost typically will fail because as these types of methods are executed against the directory server, it requires that the user object firstly be acquired, in which case a larger search scope cannot be applied in order to gain access to the user object. It is important to realize the child and parent relationship as well, the search query will allows being at the parent and then crawl down into the child OU’s, unless you explicitly name the child container in the connection string, however this would negate the idea of nested containers since there would be no down crawl into the children OU’s.
With regards to connection strings, they will also vary heavily with ADAM since we are pointing a specific container, as opposed to an entire domain that will be default use the User container, this looks like the below:
LDAP://sharepointadam.mysharepoint.com/OU=OU,O=organization,DC=mysharepoint,DC=com
Security Attributes When Using the Active Directory Membership Provider
There are as well some security attributes that are associated when connecting using the Active Directory provider to whatever SharePoint AD or ADAM instance you are leveraging. This is a very simple attribute, connectionProtection, and luckily, it isn’t very complicated to implement because it is a Boolean value, either you want it on or you don’t. This attribute just provides a method by which there can be a secure connection that exists between your directory server and the Active Directory membership provider, and by default it will take the attribute value of Secure, as opposed to None. It is a best practice to use Secure in all environment besides development environments where production level data wouldn’t risk being exposed. In a production environment it is poor practice to leave the connectionProtection attribute set to None since various operations require that a secure connection be established, however for ADAM sometimes it will use the None attribute because it requires setting up SSL certificates. The last attribute that deserves attention is it is also possible for one to add the username and password that they would like to use when connecting to the directory server, otherwise it will connect through the credentials that are bound to the worker process.
Create and Verify DNS SRV and A Records for Client Automatic Client Sign-in
You must create DNS SRV records in your internal DNS for every SIP domain. The procedure assumes that your internal DNS has zones for your SIP user domains.
To create a DNS SRV record
· On the DNS server, click Start, click Control Panel, click Administrative Tools, and then click DNS.
· In the console tree for your SIP domain, expand Forward Lookup Zones, and then right-click the SIP domain in which your Office Communications Server will be installed.
· Click Other New Records.
· In Select a resource record type, click Service Location (SRV), and then click Create Record.
· Click Service, and then type _sipinternaltls.
· Click Protocol, and then type _tcp.
· Click Port Number, and then type 5061.
· Click Host offering this service, and then type the FQDN of the pool.
· Click OK.
· Click Done.
After you have created the DNS SRV record, create a DNS A for each pool FQDN and URL FQDN that is not the same as the server FQDN.
To create a DNS A record
· Click Start, click Control Panel, click Administrative Tools, and then click DNS.
· In the console tree for your domain, expand Forward Lookup Zones, and then right-click the domain in which your Office Communications Server will be installed.
· Click New Host (A).
· Click Name (uses parent domain name if blank), and then type the name of the pool.
· Click IP Address, and then enter the VIP of the load balancer. If you will deploy only one Enterprise Edition Server that is connected to the back-end without a load balancer, type the IP address of the Enterprise Edition server. (A load balancer is required if you deploy more than one Enterprise Edition server in a pool). Click Add Host, and then click OK.
· To create an additional A record, repeat steps 4 and 5.
· When you are finished creating all the A records that you need as described earlier in click Done.To verify that the required records have been created successfully, wait for DNS replication (if you have just added the records), and then verify that the records were created as described in the next procedure.
To verify the creation of a DNS SRV record
Log on to a client computer in the domain with an account that is a member of the Administrators group or has equivalent permissions.
· Click Start, and then click Run. In the Open box, type cmd, and then click OK.
· At the command prompt, type nslookup, and then press ENTER.
· Type set type=srv, and then press ENTER.
· Type _sipinternaltls._tcp.example.com, and then press ENTER. The output displayed for the TLS record is as follows:
Server: <dns server>.corp.example.com
Address: <IP address of DNS server>
Non-authoritative answer:
_sipinternaltls._tcp.example.com SRV service location:
priority = 0
weight = 0
port = 5061
svr hostname = poolname.example.com
poolname.example.com internet address = <virtual IP Address of the load balancer> or <IP address of a single Enterprise Edition Server for pools with only one Enterprise Edition Server>
5. When you are finished, at the command prompt, type exit.
After you configure the DNS records, verify that the FQDN of the Enterprise pool can be resolved by DNS.
To verify that the FQDN of the Enterprise pool can be resolved
1) Log on to a client computer in the domain.
2) Click Start, and then click Run. In the Open box, type cmd, and then click OK.
3) At the command prompt, type ping <FQDN of the pool>, and then press ENTER.
4) Verify that you receive a response similar to the following, where the IP address returned is the IP address of the load balancer for your Enterprise pool or, in the case of an Enterprise pool with a single Enterprise Edition Server, the IP address of the Enterprise Edition Server.
Reply from 172.27.176.117: bytes=32 time<1ms TTL=127
Reply from 172.27.176.117: bytes=32 time<1ms TTL=127
Reply from 172.27.176.117: bytes=32 time<1ms TTL=127
Reply from 172.27.176.117: bytes=32 time<1ms TTL=127
How Client DNS Queries Work
During DNS lookup, SRV records are queried in parallel and returned in the following order to the client.
_sipinternaltls._tcp.<domain> - for internal TLS connections
_sipinternal._tcp. <domain> - for internal TCP connections (performed only if TCP is allowed)
_sip._tls. <domain> - for external TLS connections
_sip._tcp.<domain> - for external TCP connections
where <domain> is the SIP domain used by your internal clients
The client uses the SRV record that is returned and is successful and does not try any other SRV records.
After the SRV record is returned, a query is performed for the DNS A record for the host name that is returned by the SRV record. If no records are found during the DNS SRV query, the client performs an explicit lookup of sip.<domain>. If the explicit lookup does not produce results, the client performs a lookup for sipinternal.<domain>. If the client does not find sipinternal.<domain>, it performs a lookup for sipexternal.<domain>.
If your DNS infrastructure prohibits configuration of these DNS records, you can manually edit the client registry to point to the appropriate home server.
■ version and the deployment of OCS
OCS version of the Standard Edition and the deployment of OCS, Enterprise Edition yireoge two versions. Therefore, the number of users it off let's look at what constituted deployment.
□ Standard Edition: supports up to 5,000 users
□ Enterprise Edition: How to deploy two offers.
** Back-end database must be installed on a separate physical machine. Any machine that is installed in the same role and OCS will not support it. Add a small server applications and OCS are not shared with other instances of SQL is required.
-- Enterprise Edition (Consolidated):
Up to 25,000 user support, all of the features you insert one server deployment. So, one of the largest, distributing simple
- Enterprise Edition(Extended) : -- Enterprise Edition (Extended):
■ OCS functional server role
Back in the previous LCS-end, front-end, Access Proxy, Director, Proxy, the same functional category, which was present at the logical server roles we remember. Here counterparts, the role of OCS, the new name of the server line. Conferencing capabilities because of the addition of multiple servers has been added to this role, especially in the sectors that are to be distributed DMZ Access Proxy server roles are now multiple granular xxxEdge name changed. That is what is what Edge server distributed to all sectors DMZ server role as a support for external users of the things that exist.
Below is a feature to provide additional information about the distribution server role. Of course, back-end, front-end, the base should be deployed.
|
Provide capabilities |
Add to the server role. |
Client |
|
Provides status information for internal users and IM |
No additional server roles required. No additional server roles required. |
Communicator 2005 or 2007 Communicator 2007 is required for enhanced presence Communicator 2005 or 2007 Communicator 2007 is required for enhanced presence |
|
On-premise Web Conferencing On-premise Web Conferencing |
Standard Edition: No additional server roles required. Standard Edition: No additional server roles required.
Enterprise Edition: Web Conferencing Server and Web Components Server Enterprise Edition: Web Conferencing Server and Web Server Components |
Communicator 2007 Live Meeting 2007 client Outlook add-in for scheduled conferences Live Meeting 2007 Communicator 2007 client add-in for Outlook conferences scheduled |
|
On-premise Web Conferencing On-premise Web Conferencing |
Standard Edition: No additional server roles required. Standard Edition: No additional server roles required.
Enterprise Edition: Web Conferencing Server and Web Components Server Enterprise Edition: Web Conferencing Server and Web Server Components |
Communicator 2007 Live Meeting 2007 client Outlook add-in for scheduled conferences Live Meeting 2007 Communicator 2007 client add-in for Outlook conferences scheduled |
|
Address Book Server Address Book Server |
No additional server roles required. No additional server roles required.
Enterprise Edition: Web Components Server Enterprise Edition: Web Server Components |
No requirement No requirement |
|
Archiving and Call Detail Records Archiving and Call Detail Records |
Archiving and CDR Service Archiving and CDR Service |
No requirement No requirement |
|
Access to external users |
Access Edge Server * Edge Access Server *
HTTP reverse proxy* HTTP reverse proxy * |
Communicator 2005 or 2007 Communicator 2005 or 2007 |
|
(Federation) Union (Federation) |
|
Public IM Connectivity(PIC) Public IM Connectivity (PIC) |
|
Web conferencing External users with Web conferencing |
Web Conferencing Edge Server* Edge Server * Web Conferencing
HTTP reverse proxy* HTTP reverse proxy * |
Communicator 2007 Live Meeting 2007 client Live Meeting 2007 Communicator 2007 client |
|
Audio/Video Conferencing External users with the Audio / Video Conferencing |
A/V Conferencing Edge Server* A / V * Conferencing Server Edge |
Communicator 2007 Live Meeting 2007 client Live Meeting 2007 Communicator 2007 client |
|
Web browser-based client that provides information about the status and IM |
Communicator Web Access Server Communicator Web Access Server |
Communicator Web Access Communicator Web Access |
|
Enterprise Voice Enterprise Voice |
Mediation Server and basic media gateway Mediation Server and basic media gateway
OR
basic-hybrid media gateway (Mediation Server is collocated with basic media gateway) Basic-hybrid media gateway (Mediation Server is collocated with basic media gateway)
OR
advanced media gateway (Mediation server logic incorporated in gateway design; available soon) Advanced media gateway (Mediation server logic incorporated in gateway design; Available soon)
A/V Edge Server (on which the A/V Authentication Service is collocated) A / V Edge Server (on which the A / V Authentication Service is collocated) |
Communicator 2007 OR Office Communicator 2007 Phone Experience Office Communicator 2007 OR 2007 Communicator Phone Experience |
Director: Director server roles are still present in the user authentication process can be adapted Pool in front. . Specifically, the role of the external server, user support and deployment scenarios, which are recommended. This old host users, but it is not, as a domain member server to access the AD user authentication process to carry them outside, but also within the Pool appropriate front-end server, which acts as a traffic routing.
|
Server Server |
Required to Support Required to Support |
Corresponding Internal Server Required Corresponding Internal Server Required |
Protocol Protocol |
|
Access Edge Server Edge Access Server |
Public IM, Federation,Conference, Voice Public IM, Federation, support for internal users remote access, externally or internally by the Conference, features Voice Link for support |
Office Communications Server 2007 server or pool and, optionally, a Director Office Communications Server 2007 server or pool and, optionally, a Director |
Session Initiation Protocol (SIP) Session Initiation Protocol (SIP) |
|
Web Conferencing Edge Server Edge Web Conferencing Server |
External Web conferencing External Web conferencing |
Web Conferencing Server Web Conferencing Server |
Persistent Shared Object Model (PSOM) Persistent Shared Object Model (PSOM) |
|
A/V Edge Server A / V Server Edge |
A/V conferences with external users Point-to-point A/V calls with external users A / V Point-to-point conferences users with external A / V calls with external users |
A/V Conferencing Server A / V Conferencing Server |
RTP/RTCP, Simple Traversal of UDP through NAT (STUN)/ RTP / RTCP, Simple Traversal of UDP through NAT (STUN) / |
|
Reverse Proxy Reverse Proxy |
Group Expansion(. Expansion Group (extended deployment group) and the address book file downloads required.(ppt) Web conferencing for meeting the need for access to materials (ppt) |
Web server (IIS) Web server (IIS) |
HTTP(s) HTTP (s) |
Certificate requirements by server role
Ports and Protocols Used by Office Communications Server and Clients
|
Topology Topology |
Server Role Server Role |
Recommended CA Recommended CA |
Subject Name/ Subject Name /
Common Name Common Name |
SAN SAN |
Comments Comments |
|
Standard Edition server Standard Edition server |
All server roles (which are collocated) All server roles (which are collocated) |
Enterprise CA. |
FQDN of the Standard Edition Server FQDN of the Standard Edition Server |
If you have multiple SIP domains and have enabled automatic client configuration, the certificate wizard detects and adds each supported SIP domain FQDNs. If you have multiple SIP domains and have enabled automatic client configuration, the certificate wizard detects and adds each supported SIP domain FQDNs. (The wizard detects any SIP domains you specified during setup and automatically adds them to the SAN) (The wizard detects any SIP domains you specified during setup and automatically adds them to the SAN) |
Additionally, you must use the IIS administrative snap-in to assign the certificate used by the Web Component Server Additionally, you must use the IIS administrative snap-in to assign the certificate used by the Web Component Server |
|
Enterprise pool: consolidated Enterprise pool: consultants |
All server roles. All server roles. Certificate configured on each Enterprise Edition Server Certificate configured on each Enterprise Edition Server |
Enterprise Enterprise CA. |
FQDN of the pool FQDN of the pool
For the Web Components Server role, the certificate must have the URL of the internal Web farm in the SN or SAN. For the Web Components Server role, the certificate must have the URL of the internal Web farm in the SN or SAN. |
If you have multiple SIP domains and have enabled automatic client configuration, the wizard detects the SIP domains, adds them to the SAN, and then adds each supported SIP domain FQDN. If you have multiple domains and SIP have enabled automatic client configuration, the wizard detects the SIP domains, adds them to the SAN, and then adds the SIP supported each domain FQDN.
(The wizard detects any SIP domains you specified during setup and automatically adds them to the SAN) (The wizard detects any SIP domains you specified during setup and automatically adds them to the SAN)
For the Web Components Server role, the certificate must have the URL of the internal Web farm in the SAN (if the FQDN is different from the pool FQDN). For the Web Server Components role, the certificate must have the URL of the Web farm in the internal SAN (FQDN if the pool is different from the FQDN). |
Certificate must be installed on each server in the pool. Certificate must be installed on each server in the pool.
Additionally, you must use the IIS administrative snap-in to assign the certificate used by the Web Component Server. Additionally, you must use the IIS administrative snap-in to assign the certificate used by the Web Component Server. |
|
Enterprise pool: expanded Enterprise pool: expanded |
Front End Front End |
Enterprise CA |
FQDN of the pool FQDN of the pool |
If you have multiple SIP domains and have enabled automatic client configuration, add each supported SIP domain FQDN. If you have multiple SIP domains and have enabled automatic client configuration, add each supported SIP domain FQDN.
(The wizard detects any SIP domains you specified during setup and automatically adds them to the SAN) (The wizard detects any SIP domains you specified during setup and automatically adds them to the SAN) |
Certificate must be installed on each server in the pool Certificate must be installed on each server in the pool |
|
Web Conferencing Web Conferencing |
Enterprise CA |
FQDN of the pool FQDN of the pool |
|
Certificate must be installed on each server in the pool Certificate must be installed on each server in the pool |
|
A/V Conferencing A / V Conferencing |
Enterprise CA |
FQDN of the pool FQDN of the pool |
|
Certificate must be installed on each server in the pool Certificate must be installed on each server in the pool |
|
Web Components Web Components |
Enterprise CA |
FQDN of the VIP (virtual IP) of the load balancer used by the Web Components Server FQDN of the VIP (virtual IP) of the load balancer used by the Web Components Server |
SAN must contain the URL of the internal Web farm in the SAN (if the FQDN is different from the pool FQDN) SAN must contain the URL of the internal Web farm in the SAN (if the FQDN is different from the pool FQDN) |
A certificate has to be configured in IIS on the all servers that are running the Web Component Services A certificate has to be configured in IIS on the all servers that are running the Web Component Services |
|
Director, Director,
Standard Edition Standard Edition |
Director |
Enterprise CA |
FQDN of Standard Edition Server FQDN of Standard Edition Server |
If you have multiple SIP domains and have enabled automatic client configuration and all clients use this Director for logon, add each supported SIP domain FQDN. If you have multiple SIP domains and have enabled automatic client configuration and all clients use this Director for logon, add each supported SIP domain FQDN.
(The wizard detects any SIP domains you specified during setup and automatically adds them to the SAN) (The wizard detects any SIP domains you specified during setup and automatically adds them to the SAN) |
|
|
Director, Director,
Enterprise pool Pool Enterprise |
Director |
Enterprise CA |
FQDN of the pool FQDN of the pool |
If you have multiple SIP domains and have enabled automatic client configuration and all clients use this Director for logon, add each supported SIP domain FQDN. If you have multiple SIP domains and have enabled automatic client configuration and all clients use this Director for logon, add each supported SIP domain FQDN. |
. |
|
Array of Standard Edition Directors Array Standard Edition of Directors |
Director |
Enterprise CA. |
FQDN of the Director Server Director of the FQDN Server |
FQDN of Director Server and the FQDN of the virtual IP ( FQDN Director of Server and the FQDN of the virtual IP ( VIP) used by the array VIP) used by the array.
If you have multiple SIP domains and have enabled automatic client configuration and all clients use this Director for logon, add each supported SIP domain FQDNs. If you have multiple SIP domains and have enabled automatic client configuration and all clients use this Director for logon, add each supported SIP domain FQDNs. |
FQDN of the server is in the SUBJECT field FQDN of the server is in the SUBJECT field
FQDN of the Director Director of the FQDN VIP and the FQDN of the server must be in the SUBJECT_ VIP and the FQDN of the server must be in the SUBJECT_ ALT_NAME as DNS values ALT_NAME as DNS values |
Ports and Protocols Used by Office Communications Server and Clients
|
Component (Server role or client) Component (Server role or client) |
Port Port |
Protocol Protocol |
Notes Notes |
|
Front End Servers Front End Servers |
5060/5061 |
TCP
MTLS |
Used by Standard Edition Servers and Used by Standard Edition and Servers Enterprise pools for all internal SIP communications between servers and between servers and Office Communicator Enterprise pools for all internal SIP communications between servers and between servers and Office Communicator |
|
Front End Servers Front End Servers |
443 |
HTTPS |
Communication from front-end servers to the Web farm FQDNs (the URLs used by Web Components) Communication from front-end servers to the Web farm FQDNs (the URLs used by Web Components) |
|
Front End Servers Front End Servers |
444 |
HTTPS |
Communication between the focus (Office Communications Server component that manages conference state) and the conferencing servers Communication between the focus (Office Communications Server component that manages conference state) and the conferencing servers |
|
Front End Servers Front End Servers |
135 |
DCOM and RPC DCOM and RPC |
Used when a load balancer is deployed, port 135 is used by the Front End Servers for WMI operations and moving users (a remote DCOM-based database operation) Used when a load balancer is deployed, port 135 is used by the Front End Servers for WMI operations and moving users (a remote DCOM-based database operation) |
|
Web Components Web Components |
443 |
TCP |
HTTPS traffic to the pool URLs HTTPS traffic to the pool URLs |
|
Web Conferencing Server Web Conferencing Server |
443 |
TLS |
HTTPS communications to Web Components Servers Components HTTPS communications to Web Servers |
|
Web Conferencing Server Web Conferencing Server |
444 |
TLS |
HTTPS between the Web Conferencing Server and the Front End Server HTTPS between the Web Conferencing Server and the Front End Server |
|
Web Conferencing Server Web Conferencing Server |
8057 |
TLS |
Used to listen to direct PSOM connections from Live Meeting client Used to listen to PSOM direct connections from client Live Meeting |
|
A/V Conferencing Server A / V Conferencing Server |
5063 |
TCP |
Used for incoming SIP listening requests Used for incoming SIP listening requests |
|
A/V Conferencing Server A / V Conferencing Server |
49152 – 65535 media port range 49152 - 65535 media port range |
UDP |
Port range used for media requests sent. Port range used for media requests sent. |
|
Reverse Proxy Reverse Proxy |
443 |
TCP |
Used for SIP/TLS communications from external users on both the internal and external firewalls for external user access Used for SIP / TLS communications from external users on both the internal and external firewalls for external user access |
|
Access Edge Server Edge Access Server |
5061 |
TCP |
Used for SIP/MTLS communication for remote user access or federation. Used for SIP / MTLS communication for remote user access or federation. |
|
Access Edge Server Edge Access Server |
443 |
TCP |
Used for SIP/TLS communication for remote user access Used for SIP / TLS communication for remote user access |
|
Web Conferencing Edge Server Edge Web Conferencing Server |
8057 |
TCP |
Used to listen for PSOM/MTLS communications from the Web Conferencing Server on the internal interface of the Web Conferencing Edge Server Used to listen for PSOM / MTLS communications from the Web Conferencing Server on the internal interface of the Web Conferencing Edge Server |
|
Web Conferencing Edge Server Edge Web Conferencing Server |
443 |
TCP |
Used for inbound communications for access of remote, anonymous and federated users to access internal Web conferences Used for inbound communications for access of remote, anonymous and federated users to access internal Web conferences |
|
A/V Edge Server A / V Server Edge |
443 |
TCP |
Used for STUN/TCP inbound and outbound media communications to allow external users to access media and A/V sessions Used for STUN / TCP inbound and outbound media communications to allow external users to access media and A / V sessions |
|
A/V Edge Server A / V Server Edge |
5062 |
TCP |
Used for SIP/MTLS authentication of A/V users. Used for SIP / MTLS authentication of A / V users. Communications flow outbound through the internal firewall. Communications flow outbound through the internal firewall. |
|
A/V Edge Server A / V Server Edge |
3478 |
UDP |
Used for STUN/UDP inbound and outbound media communications Used for STUN / UDP inbound and outbound media communications |
|
A/V Edge Server A / V Server Edge |
50,000-59,999 50000-59999 |
RTP/TCP RTP / TCP |
Used for inbound and outbound media transfer through the external firewall. Used for inbound and outbound media transfer through the external firewall. |
|
Office Communicator Office Communicator |
5060 |
TCP (SIP) TCP (SIP) |
Used by Office Communicator for SIP communications internally Used by the Office Communicator for SIP communications internally |
|
Office Communicator Office Communicator |
5061 |
TCP (SIP) TCP (SIP) |
Used by Office Communicator for SIP communications internally and for SIP/MTLS authentication of A/V users. Used by the Office Communicator for SIP communications internally and for SIP / MTLS authentication of A / V users. Communications flow outbound through the internal firewall Communications flow outbound through the internal firewall |
|
Office Communicator Office Communicator |
443 |
TCP (HTTP) TCP (HTTP) |
Used by Communicator clients connecting from outside the intranet for SIP communications Used by Communicator clients connecting from outside the intranet for SIP communications |
|
Office Communicator Office Communicator |
1024-65535 |
UDP/TCP UDP / TCP |
Port range used for inbound and outbound media transfer through the external firewall. Port range used for inbound and outbound media transfer through the external firewall. |
|
Office Communicator Office Communicator |
6891-6901 |
TCP |
Port ranged used by Office Communicator for file transfer. Port ranged used by Office Communicator for file transfer. |
|
Live Meeting 2007 client Live Meeting 2007 client |
443 |
TCP |
Used by Live Meeting 2007 clients connecting from outside the intranet for: Used by Live Meeting 2007 clients connecting from outside the intranet for:
SIP traffic sent to the Access Edge Server SIP traffic sent to the Access Edge Server
PSOM traffic sent to the Web Conferencing Edge Server PSOM traffic sent to the Web Conferencing Edge Server |
|
Live Meeting 2007 client Live Meeting 2007 client |
8057 |
TCP |
Used for outgoing PSOM traffic sent to the Web Conferencing Server Used for outgoing PSOM traffic sent to the Web Conferencing Server |
|
Live Meeting 2007 client Live Meeting 2007 client |
5061 |
TCP |
Used for SIP/TLS communication between Live Meeting and the Front End Servers or the Access Edge Server and for SIP/MTLS authentication of A/V users. Used for SIP / TLS communication between Live Meeting and the Front End Servers or the Access Edge Server and for SIP / MTLS authentication of A / V users. Communications flow outbound through the internal firewall Communications flow outbound through the internal firewall |
|
Live Meeting 2007 client Live Meeting 2007 client |
1024-65535 |
UDP/TCP UDP / TCP |
Port range used for inbound and outbound media transfer through the external firewall Port range used for inbound and outbound media transfer through the external firewall |
|
Live Meeting 2007 client Live Meeting 2007 client |
6891-6901 |
TCP |
Port ranged used by Live Meeting for file transfer Port ranged used by Live Meeting for file transfer |
Maximum Supported Users for each Topology
|
Topology Topology |
Servers Required Required Servers |
Maximum Users Supported Maximum Users Supported |
|
Standard Edition Server Standard Edition Server |
1 Standard Edition server A Standard Edition server
(Optional) Archiving Server collocated (Optional) Archiving Server collocated |
5,000 |
|
Enterprise pool: Consolidated Configuration Enterprise pool: Consolidated Configuration |
4 Enterprise Edition Front-End servers running all server roles 4 Enterprise Edition Front-End servers running all server roles
1 Backend 1 Backend SQL Server SQL Server
(Optional) 1 Archiving Server Archiving Server (Optional) 1 |
30,000 |
|
Enterprise pool: Expanded configuration Enterprise pool: Expanded configuration
With Mid-Range Performance SQL Backend With Mid-Range Performance SQL Backend |
4 Front-End Servers 4 Front-End Servers
2 Web Conferencing Servers 2 Web Conferencing Servers
2 A/V Conferencing Servers 2 A / V Conferencing Servers
2 IIS Servers 2 IIS Servers
1 Backend SQL Server A SQL Server Backend
(Optional) 1 Archiving Server Archiving Server (Optional) 1 |
50,000 |
|
Enterprise pool: Expanded configuration Enterprise pool: Expanded configuration
With High Performance SQL Backend With High Performance SQL Backend |
8 Front-End Servers 8 Front-End Servers
4 Web Conferencing Servers 4 Web Conferencing Servers
4 A/V Conferencing Servers 4 A / V Conferencing Servers
2 IIS Servers 2 IIS Servers
1 Backend SQL Server A SQL Server Backend
(Optional)2 Archiving Servers (Optional) 2 Archiving Servers |
125,000 |
Edge server topologies assume 10 percent of the total user base will be connected from outside the intranet Edge server topologies assume 10% of the total user base will be connected from outside the intranet
|
Topology Topology |
Supported Performance Supported Performance |
|
Stand-alone Access Edge Server Stand-alone Edge Access Server |
15,000 client connections 15,000 client connections |
|
Stand-alone Web Conferencing Edge Server Stand-alone Web Conferencing Server Edge |
3,000 client connections 3,000 client connections |
|
Stand-alone A/V Edge Server Stand-alone A / V Server Edge |
1,500 concurrent audio/video sessions 1,500 concurrent audio / video sessions |
|
Collocated Access Edge & Web Conferencing Edge Server Edge Access Server & Web Conferencing Collocated Edge |
Access Edge Server: 5,000 client connections Edge Access Server: 5,000 client connections
Web Conferencing Edge Server: 1,500 client connections Web Conferencing Server Edge: 1,500 client connections |
|
Collocated Access Edge, Web Conferencing Edge & A/V Edge Servers (Consolidated Edge Topology) Collocated Access Edge, Edge Web Conferencing & A / V Edge Servers (Consolidated Edge Topology) |
Access Edge Server: 5,000 client connections Edge Access Server: 5,000 client connections
Web Conferencing Edge Server: 1,000 client connections Web Conferencing Server Edge: 1,000 client connections
A/V Edge Server 500 concurrent audio/video sessions A / V Edge Server 500 concurrent audio / video sessions
Note A/V experience may be degraded if sessions approach the maximum limit. Note A / V experience may be degraded if sessions approach the maximum limit. We recommend that you deploy a separate A/V Edge Server for the optimal A/V experience We recommend that you deploy a separate A / V Edge Server for the optimal A / V experience |
As you may already knew that Microsoft discarded its Content Management product line and make its new SharePoint product as the content management platform. Almost all MCMS elements and terms that current MCMS developers familiar with are changed. To make me learn the new things easier, I did a comparison in following list:
|
MCMS 2002 |
Sharepoint 2007 |
|
Development Tools |
Visual Studio 2003, Visual Studio 2005 |
Visual Studio 2005, Sharepoint Designer |
|
Framework |
.NET 1.1, .NET 2.0 |
.Net 2.0 |
|
Master file |
Supported in SP2 and developed by VS 2005. The master file stays in the virtual directory of web server. |
Master file can be created by Sharepoint Designer and VS 2005. But the master file is a ghost page need to be uploaded via Sharepoint admin page. |
|
Template |
CMS Template. It’s stored in template gallery. It contains list of placeholders, list of custom properties and links to a template page (aspx file) |
Content Type. Content Type contains a list of columns. |
|
Template page |
An aspx page stays on file system. |
Page Layout. Created based on the Content Type. Aspx file but stays on Sharepoint server, it’s editable by Sharepoint Designer and VS 2005. |
|
Content place holder |
Placeholder. CMS has some build-in placeholders such as html placeholder, xml placeholder, image placeholder and attachment placeholder |
Column / Filed. Sharepoint 2007 has more types like single line text, numeric, date, time, currency, html, picture, attachment file… I couldn’t find the xml type which is very useful in current MCMS 2002. But there are a lot other useful column types like lookup, business data … |
|
Place holder control |
The build-in placeholder web control used in template aspx page for content editing in authoring mode and content rendering in publishing mode is in Microsoft.ContentManagement.
Publishing.Extension.Placholders
You are also be able to create your own custom web controls. |
Sharepoint 2007 also has many web controls for content editing and rendering. They are in Microsoft. Sharepoint.Publishing. Those controls are automatically added to the page layout aspx when drag the fields in Sharepoint Designer.
I believed you are able to create the custom controls and add to your own page as well. |
|
Page |
Posting. Posting will be able to be created and managed in web interface. The posting is stored in CMS database. |
Page. Page can be created in Sharepoint admin web UI based on the selected page layout. You are able to use Sharpoint designer to unghost (customize) the page. |
|
Folder |
Channel. It’s just a simple container contains a set of postings. |
Site. It should be an WSS site including a set of lists, doc libraries and other contents. |
|
Resource |
Resource gallery. No versioning support |
Document library, picture library … support versioning |
|
Publishing workflow |
Build-in workflow. No alert, hard to customize |
Based on Windows workflow framework, very flexible. |
|
Security |
Windows AD account only. Only control to channel level |
Can control to page level, support AD account, LDAP, and database. |
|
Versions |
Simple |
Very good |
Sharepoint 2007 also includes other benefits which you couldn’t find in MCMS 2002 out-of-box. For example: the out-of-box navigation bar support, search functions, personalization and user profiles…
Exchange 2007 Resources
There are not many books available out there for Exchange 2007 yet. The good part is Microsoft has everything out there waiting for you to download. I am listing all these free download below. These Microsoft white papers are great and they have tons of good information in them. I recommend you all to download these and start reading them. (TechNet).These download also available on Microsoft site.
|
|
|
Exchange 2007 downloads links |
|
TechNet |
|
Release notes for Exchange Server 2007
The Microsoft Exchange Server 2007 Release Notes contain late breaking information for Exchange Server 2007. |
|
Microsoft Exchange Server 2007 Help
Exchange Server 2007 Help can help you in the day-to-day administration of Exchange. Use this information to guide you through Exchange Server 2007 features, tasks, and administration procedures. |
|
Deploying a Standard Exchange Server 2007 Organization
Of the four defined organizational models for Exchange 2007 (simple, standard, large, and complex), the standard Exchange organization represents the most common topology into which Exchange 2007 is deployed. This document provides descriptions and overviews of features, guidelines for planning, and steps for deploying a standard Exchange 2007 organization. |
|
Deploying a Simple Exchange Server 2007 Organization
The simple Exchange organization represents the most basic topology into which Exchange 2007 can be deployed. This document provides descriptions and overviews of features, guidelines for planning, and steps for deploying a simple Exchange 2007 organization. |
|
Deploying a Large Exchange Server 2007 Organization
The large Exchange organization is the largest organization model that can be deployed in a single Active Directory and directory service forest environment. This document provides descriptions and overviews of features, guidelines for planning, and steps for deploying a large Exchange 2007 organization |
|
Deploying a Complex Exchange Server 2007 Organization
As its name implies, a complex Exchange organization represents the most intricate topology into which Exchange 2007 is deployed. The complex Exchange organization is the only model that includes multiple Active Directory and directory service forests or the use of synchronization technology. This document provides descriptions and overviews of features, guidelines for planning, and steps for deploying a complex Exchange Server 2007 organization. |
|
Managing Transport in Exchange Server 2007
This guide documents the message transport components of a computer that runs Exchange 2007 and has the Hub Transport server role or the Edge Transport server role installed. It provides overviews of the transport components and the tasks you must perform to manage and configure them. |
|
Configuring Permissions in Exchange Server 2007
This document helps you to plan, implement, and manage the permissions model in your Exchange 2007 organization |
|
Operations Management and Monitoring of an Exchange Server 2007 Organization
This document provides information, including checklists for daily, weekly, and monthly tasks, related to operations management of an Exchange Server 2007 organization. In addition, guidance is provided for using Microsoft Operations Manager 2005 Service Pack 1 to monitor an Exchange organization. |
|
Managing Mailbox Features in Exchange Server 2007
The purpose of this document is to help you manage and configure Microsoft Exchange Server 2007 Mailbox servers. The information and procedures in this document focus specifically on the mailbox features of an Exchange 2007 computer that has the Mailbox server role installed. |
|
Technical Architecture of Exchange Server 2007
This document discusses the technical architecture of Exchange Server 2007, including descriptions of server roles, topologies, and the transport architecture. |
|
Exchange Server 2007 Planning
This document provides guidance on planning for the supported Exchange 2007 organization models. Information is also provided to help plan for the use of Active Directory and directory service and Exchange 2007 server roles. A planning checklist is included |
Problem: You use an SSL/HTTPS secure connection with your SharePoint site and have created a site using the Knowledge Base application template. When you click on the link to "Write an Article" you receive an authentication prompt or Access Denied error.
Background: The Knowledge Base application template was not QA'd against an SSL or secure HTTPS sessions – there are absolute paths to HTTP content referenced therefore Internet Explorer senses a domain change and throws a warning or authentication prompt depending on your configuration.
Solution: The best solution is to use the Knowledge Base application template with an HTTP connection. This eliminates the authentication prompt and allows you to save the new knowledge base article that you are trying to create
This paper discusses the strategy for building the role-based My Site templates and takes an in-depth look at the common features and Web Parts that make up each of the templates. The paper also provides guidelines for branding, extending, and deploying the My Site Templates and covers a comprehensive set of scenarios that include collaboration, business process management, reporting, document lifecycle management, and project management.
http://www.microsoft.com/downloads/details.aspx?FamilyID=8248ab85-3ef7-4dd2-a5a6-2615683f6f6d&DisplayLang=en
Best Practice Analyzer for WSS 3.0 and MOSS 2007 Released
Just in case you missed it. The BPA for WSS 3.0 and MOSS 2007 has been released
The Microsoft Best Practices Analyzer for Microsoft Windows SharePoint Services 3.0 and the 2007 Microsoft Office System creates detailed reports to help administrators achieve greater performance, scalability, and uptime. Download it here
The SharePoint Products and Technologies 2007 Customization Policy white paper is a starting point for companies to develop their own policies for implementing and managing customizations in a SharePoint based environment. A version of this document is currently being used as a key component of the hosting policy for SharePoint customizations within Microsoft’s internal SharePoint hosting team, which manages what may be the world's largest SharePoint environment. This document was designed to act as a bridge between system administrators and developers so that both sides could evaluate SharePoint customizations with an emphasis on administration concerns such as supportability, performance, and deployment issues. This document will be added to over time as new information and best practices become available.
http://go.microsoft.com/fwlink/?LinkId=92311&clcid=0x409
