hpe reference configuration for microsoft skype for ... · hpe reference configuration for...
TRANSCRIPT
HPE Reference Configuration for Microsoft Skype for Business Server 2015 Hybrid design considerations
Reference Architecture
Reference Architecture
Contents Executive summary ................................................................................................................................................................................................................................................................................................................................ 3 Solution overview ..................................................................................................................................................................................................................................................................................................................................... 3
Key decision points for choosing a Skype for Business 2015 deployment model ................................................................................................................................................................ 4 Deploying highly available Skype for Business Server 2015 setup .................................................................................................................................................................................................... 7 Components required for connecting to Microsoft cloud services for Identity and Hybrid SfB configuration ........................................................................................... 8 High-level steps for setting up Skype for Business 2015 for Hybrid............................................................................................................................................................................................ 11 Enterprise Voice with Skype for Business Hybrid ........................................................................................................................................................................................................................................... 13
Solution components ........................................................................................................................................................................................................................................................................................................................ 15 HPE hardware used in this RC .......................................................................................................................................................................................................................................................................................... 16 Software used in this RC ......................................................................................................................................................................................................................................................................................................... 20
Summary ...................................................................................................................................................................................................................................................................................................................................................... 21 Implementing a proof-of-concept ......................................................................................................................................................................................................................................................................................... 21 Appendix A: Ports and protocols ........................................................................................................................................................................................................................................................................................... 21 Appendix B: SfB client login flow ........................................................................................................................................................................................................................................................................................... 22 Resources and additional links ................................................................................................................................................................................................................................................................................................ 24
Reference Architecture Page 3
Executive summary This Reference Configuration (RC) is intended to assist companies to effectively navigate design decisions and deployment options when considering a Microsoft® Skype for Business (SfB) Hybrid architecture, incorporating both on-premises components and leveraging online services using HPE ProLiant DL380 Gen9 servers, storage and networking products for 5,000 on-premises users. Skype for Business (SfB) Server 2015 provides collaboration and meetings that are integrated with Microsoft Office products, and use the Skype for Business desktop, web and mobile clients, along with the Aruba Network Optimizer SDN Application to provide users with the required Quality of Service in real time communications.
This RC outlines three key decision points for choosing a Skype for Business 2015 deployment: the business and legal/regulatory requirements, how to deploy a highly available Skype for Business 2015 server setup, and the high-level steps for setting up Skype for Business 2015 in a Hybrid environment. This white paper provides some level of flexibility for customer customization. When there is customization, the Hewlett Packard Enterprise field or partner engineers should verify the hardware and software versions that are different from the documented solution.
Enterprises are faced with three deployment choices for implementing Skype for Business Server 2015 as listed below.
• Skype for Business Server 2015 on-premises deployment involves installing Skype for Business Server 2015 in the organization’s data center or a third-party data center. This type of deployment provides options for customization, third-party integration and adherence to compliance, legal and regulatory requirements. For more detail, visit: https://docs.microsoft.com/en-us/SkypeForBusiness/skype-for-business-server-2015
• Skype for Business Online is part of a “Software as a Service (SaaS)” offering from Microsoft commonly referred to as Office 365 (O365). Skype for Business Online provides most (but not all) of the functionality of the Skype for Business Server 2015 (on-premises) deployment on a per user, per month subscription model without having to deploy Skype for Business Server 2015 on-premises. This offering can offer a lower TCO, 99.9% service uptime SLA, and features not available in on-premises deployments, such as large meeting support for more than 250 participants, etc. For more details, visit: https://products.office.com/en-us/business/microsoft-office-365-frequently-asked-questions
• Skype for Business Hybrid enables administrators to deploy a portion of their Skype for Business environment on-premises for technical and business reasons, and leverage the benefits of the Skype for Business Online offering for part of the users. This type of deployment provides the maximum number of features for real-time communication and collaboration. For more details, visit: https://products.office.com/en-us/skype-for-business/server-hybrid
Target audience: This RC is intended to assist IT decision makers, LOB Managers and Collaboration administrators, Skype for Business Server 2015 architects and Microsoft Windows® engineers engaged in the planning, deployment and management of a physical, highly available Skype for Business Server 2015 infrastructure using HPE ProLiant servers with HPE networking components and an F5 Load Traffic Manager.
Document purpose: The purpose of this RC is to provide a reference configuration to assist in the successful implementation of a 5,000 seat Skype for Business Server 2015 Hybrid solution in a customer’s environment along with the utilization of the Aruba Network Optimizer SDN Application to provide the Quality of Service (QoS) required for media traffic for on-premises internal users.
This white paper describes a project developed by Hewlett Packard Enterprise in August 2016.
Disclaimer: Products sold prior to the separation of Hewlett-Packard Company into Hewlett Packard Enterprise Company and HP Inc. on November 1, 2015 may have a product name and model number that differ from current models.
Solution overview The reference configuration discussed in this document is based on the following parameters:
• Discuss key decision points for choosing a Skype for Business 2015 deployment
• Describe the design for a highly available SfB 2015 Hybrid setup
– Use Microsoft SQL Server 2014 to meet compliance and legal needs for SfB on-premises users
– Network High Availability (HA) including HPE Intelligent Resilient Fabric (IRF)
– Enterprise Voice features for on-premises users
– Persistent Chat features for on-premises users
• Discuss components required for connecting to Microsoft Online cloud services for Identity and Hybrid configuration
Reference Architecture Page 4
Key decision points for choosing a Skype for Business 2015 deployment model As stated previously, an organization has three deployment choices for implementing Skype for Business Server 2015. The decision to use a specific deployment model can be complex and involve requirements from multiple departments as well as internal and external drivers. It is possible to arrive at a solution that uses a hybrid configuration while keeping all of your users homed on-premises. In this case, the use of hybrid provides access to features that are only available from the Office 365 SfB deployment such as large meeting support. A different deployment of hybrid moves a portion of users to the Office 365 SfB deployment while retaining some users on-premises due to geographic, regulatory or security concerns. Planning for the design of the on-premises portion of SfB should follow the Microsoft best practices and guidelines for the level of high availability and disaster recovery your company needs to provide to their business users. If SfB is your primary means of communication and it is required to be available at all times, you should deploy it in a highly available and disaster resilient fashion. This may mean that you deploy a minimum number of servers and network components based on the separation of failure domains and not on the number of users that must be supported. For the on-premises portion of this RC, HPE leveraged a previous configuration, discussed in HPE Reference Architecture for Microsoft Skype for Business Server 2015 for 5,000 users using Aruba Network Optimizer SDN Application, to demonstrate a minimum quantity of hardware components which are recommended by Microsoft to ensure that the SfB on-premises portion of the deployment has no single points of failure and conforms to Microsoft best practices.
Skype for Business Hybrid enables administrators to deploy part of the SfB environment on-premises for technical and business reasons, and still leverage the benefits of the Skype for Business Online offering for part of the users. This type of deployment provides the maximum number of features for real-time communication and collaboration. Prior to opting for a Skype for Business Server 2015 environment there are a few decision points the SfB Administrator must consider. Figure 1 lists examples of typical decisions that should be considered when deciding if your organization should deploy or enable hybrid functionality for SfB 2015.
Choosing a Skype for Business deployment, just like any other application, begins by collecting the business requirements. These requirements can be broadly classified into technical requirements, business and legal/regulatory requirements. The following sections look at some these keys requirements that have major impact on the SfB deployment decision making process.
Technical requirements Table 1 lists key technical features of SfB Server 2015 to consider prior to choosing a SfB Hybrid deployment.
Table 1. Key technical features to consider prior to choosing a SfB Hybrid deployment
Skype for Business 2015 Features Components Supported on-premises only
Supported in Online only
Enterprise Voice Features
Branch Survivability Yes No
Location-Based Routing Yes No
Call Admission Control Yes No
Call Via Work Yes No
Private Line Yes No
Response Group Services (RGS) Yes No
Call Park Service (CPS) Yes No
Media Bypass Yes No
Persistent Chat
Compliance Yes No
Chat Yes No
Video Interop Server
Connectivity Yes No
Skype Meeting Broadcast
Large Broadcast Meeting Support No Yes
Reference Architecture Page 5
Skype for Business 2015 Features Components Supported on-premises only
Supported in Online only
Customization or Third-Party Integration with SfB 2015
Lync Server 2013 Persistent Chat SDK Yes No
Lync Server 2013 SDK Yes No
UCMA (Unified Communications Managed API) Yes No
Web SDK Yes No
Third-party application or API that requires connection using the SfB 2015 pool FQDN
Yes No
SharePoint Integration
Skill Based Search Yes
Skill Based Search feature using SharePoint My Site data is only available if SharePoint and Skype for Business 2015 servers are on-premises
No
Note The information presented in the above table is accurate at time of writing this document. For up-to-date information, visit: https://support.office.com/en-us/article/Office-365-for-business-%e2%80%93-Admin-Help-17d3ff3f-3601-466e-b5a1-482b31cfb791?ui=en-US&rs=en-US&ad=US
Business and legal/regulatory requirements Business and legal/regulatory requirements revolve around the specifics of internal business policies and capabilities as well as the government rules and regulations that your company is subject to.
Key business and legal/regulatory requirements that have major impact on the SfB deployment decision making are described below.
• Data security requirements: These requirements cover norms mostly under the control of business rules but may also be enforced by the government. Data security requirements include norms such as how and where customer or business data can be stored, whether in a local data center or a third-party data center, onshore, offshore, etc. It may also cover how data must be transported between locations, etc.
• Adherence to local regulation: These requirements cover government rules and regulations. Are the features of SfB 2015 such as Enterprise Voice available and legal to use in your region? For example, in certain countries around that world VoIP calls from a soft client to a hard phone number or a cellular phone number is not considered legal. Personal Identifying Information (PII), Health Information such as HIPPA, financial information or proprietary data stored or captured by the business is regulated information; how must this data be protected to conform to government rules.
• Compliance requirements: These requirements cover things mostly under the control of business rules but may also be enforced by the government. The data collected must be stored and available to access for a specific length of time. After this data retention period, how will the data be destroyed or reused, etc.
Reference Architecture Page 6
Figure 1. Choosing a preferred SfB deployment overview
Note Prior to choosing a SfB Online or SfB Hybrid deployment, verify the requested service or feature is offered in your geographic area. For up-to-date information, visit: https://support.office.com/en-us/article/Contact-Office-365-for-business-support-Admin-Help-32a17ca7-6fa0-4870-8a8d-e25ba4ccfd4b
Once the decision has been made to deploy Skype for Business Server 2015 in a hybrid or on-premises configuration, the first step involves installing the on-premises SfB 2015 servers to support the on-premises users. If you already have SfB Server 2015 deployed on-premises, you can skip the first step and move to step two. Step two involves setting up the components required for connecting to Microsoft Online cloud services for Identity and Hybrid configuration.
Reference Architecture Page 7
Deploying highly available Skype for Business Server 2015 setup In this RC, HPE uses HPE ProLiant DL380 Gen9 physical servers to support the Skype for Business server functionality deployed in a highly available physical configuration. Figure 3 shows a logical configuration with the necessary SfB server roles. The Skype for Business architecture detailed in this document provides a highly available (HA) design for 5,000 users deployed on physical servers with the following server and networking roles:
• Microsoft Skype for Business Server 2015 Front-end pool (with Mediation, Monitoring and Archiving roles collocated)
• Microsoft SQL Server 2014 Enterprise with Service Pack 1 (the Skype for Business Server 2015 Backend SQL servers are configured using the SQL AlwaysOn Availability Group feature)
• Microsoft Skype for Business Server 2015 Edge pool
• Office Web Apps Server Farm
• Microsoft Skype for Business Server 2015 Persistent Chat (PChat) pool
• Microsoft SQL Server 2014 Enterprise with Service Pack 1 (the Skype for Business Server 2015 PChat and Compliance SQL servers are configured using SQL Mirroring)
• Microsoft Skype for Business Server 2015 Director pool
• Microsoft Skype for Business SDN Manager 2.2
• Aruba Virtual Application Networks (VAN) SDN Controller 2.6
• Aruba Network Optimizer SDN Application
• HPE Modular Services Router (MSR) / Public Switched Telephone Network (PSTN) Gateway
• F5 BIG-IP Local Traffic Manager 10200v
Note Each of the servers that holds application roles is hosted on a physical HPE ProLiant DL380 Gen9 rack-mounted server.
For detailed information on installing a SfB 2015 server setup for 5,000 on-premises users along with setting up QoS using Aruba Network Optimizer SDN Application for SfB including the SfB Persistent Chat feature without the identity hybrid components using the solution parameters shown in Table 2 visit: “HPE Reference Architecture for Microsoft Skype for Business Server 2015 for 5,000 users using Aruba Network Optimizer SDN Application” at http://h20195.www2.hpe.com/V2/GetDocument.aspx?docname=4AA6-4898ENW
Table 2. On-premises solution parameters
Description Value
SfB enabled Users 5,000
Active Users 100%
Central Sites One
Remote Sites None
Instant Messaging and Presence Yes
Audio/Video, Dial-in and Web Conferencing Yes
Application Sharing and Data Collaboration Yes
Persistent Chat and Compliance 20%
Reverse Proxy Yes
Office Web Apps Yes
Monitoring Yes
Archiving Yes
Reference Architecture Page 8
Description Value
PSTN Gateway Yes
Enterprise Voice-enabled Users 30%
PSTN Calls per Hour / Trunk Type 4-12 Calls Per Hour
Phone calls using media bypass 0%
Remote User Connectivity / External Users Yes / 30%
Physical Infrastructure Yes
Skype for Business Server 2015 version Enterprise Edition
High Availability Yes
Storage Server Internal HDD
Components required for connecting to Microsoft cloud services for Identity and Hybrid SfB configuration When deploying Skype for Business in a hybrid configuration, additional components and configuration are required to synchronize the on-premises and Office 365 Skype for Business environments. The key components to synchronize the organizational information and the end user’s identity require the implementation or modification of the following components:
• Public DNS records
• Skype for Business 2015 Edge Server Role
• Microsoft Active Directory Federation Services (ADFS) Farm
• Microsoft Azure Active Directory (AD) Connect Server
• ExpressRoute (optional)
Public DNS records The communication between SfB 2015 servers on-premises and the SfB Online setup is dependent heavily on the public DNS record for your SIP domain and is required for the SfB client to locate its services. Table 3 shows some of the key DNS records for a SfB Hybrid deployment. For more detail on DNS requirements for Skype for Business 2015 Hybrid configurations, visit: https://docs.microsoft.com/en-us/skypeforbusiness/skype-for-business-hybrid-solutions/plan-hybrid-connectivity
Table 3. SfB Hybrid DNS records
Record Type Value Pointing
SRV _sipfederationtls._tcp.<Domain> SfB Edge server Pool external FQDN and IP address for the SIP Access service
SRV _sip._tls.<domain> SfB Edge server Pool external FQDN and IP address for the SIP Access service
A sip. <domain> SfB Edge server Pool external IP address for the SIP Access service
A lyncdiscover.<domain> SfB Autodiscover service pointing to the external Web services IP for SfB Front-End or Director Pool on the Reverse proxy
Skype for Business 2015 Edge server role Communication between SfB 2015 servers on-premises and SfB Online happens via the Skype for Business 2015 Edge server role as part of the federation communication. For more detail on Skype for Business 2015 Edge server role, visit: https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/edge-server-deployments/edge-server-deployments
Reference Architecture Page 9
Microsoft Azure Active Directory Connect server To enable users to continue using their on-premises Active Directory User Name and Password, the on-premises administrator must synchronize the information from the internal Active Directory to Azure Active Directory using the Azure Active Directory Connect tool which is the replacement for the old DirSync tool from Microsoft; this requires a Windows server. For more information, visit: https://docs.microsoft.com/en-us/azure/active-directory/active-directory-whatis
Figure 2. Authentication using ADFS and Azure AD Connect
Microsoft Active Directory Federation Services (ADFS) Farm To provide Single-Sign-On functionality for users, the on-premises administrator must deploy Active Directory Federation Services. High availability for Active Directory Federation Services can be achieved by deploying an ADFS Farm with multiple ADFS servers. Single-Sign-On is very useful for signing into the O365 portal to view or configure Skype for Business Online services. For more information, visit: https://docs.microsoft.com/en-us/windows-server/identity/active-directory-federation-services
Reference Architecture Page 10
ExpressRoute (optional) This component is optional as it is based on the availability of the service in regions throughout the world and on customer preferences. ExpressRoute is a part of the Azure Services offering from Microsoft that enables administrators to set up a private network connection between the customer’s data center and Microsoft Cloud data center. This connection offers low latency along with high security, speed and reliability. For more information on ExpressRoute, visit: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-faqs. It is also possible to enable QoS for voice and video traffic using ExpressRoute, for more information, refer to: https://docs.microsoft.com/en-us/azure/expressroute/expressroute-qos
Figure 3. Logical solution diagram of a Skype for Business 2015 Hybrid deployment with HA for 5000 users
Reference Architecture Page 11
High-level steps for setting up Skype for Business 2015 for Hybrid The high-level steps discussed in Table 4 assume that Skype for Business 2015 is set up and configured appropriately on-premises.
Table 4. High-level setup SfB Hybrid
Number Steps Description
1 Set a tenant account for Office 365 and enable Skype for Business Online services
Set up Skype for Business Online. For more information, visit: https://docs.microsoft.com/en-us/SkypeForBusiness/set-up-skype-for-business-online/set-up-skype-for-business-online
2 Add your domain and verify its ownership In the Office portal documentation your domain is also referred to as your vanity domain. To proceed with Office 365 with the domain of your choice, you must add your domain to your Office 365 tenant, and then follow the steps to validate the domain with Office 365. This is done to confirm that you are the owner of the entered domain in the portal. For more information, visit: https://support.office.com/en-us/article/Get-help-with-Office-365-domains-28343f3a-dcee-41b6-9b97-5b0f4999b7ef?ui=en-US&rs=en-US&ad=US
3 Configure Active Directory synchronization Active Directory synchronization keeps your on-premises Active Directory continuously synchronized with Office 365. For a hybrid setup you should synchronize the AD accounts for all Skype for Business users in your organization between your on-premises and online Skype for Business deployments.
4 Set up Active Directory Federation Services (ADFS)
Set up the Active Directory Federation Services farm on-premises along with the F5 BIG-IP as ADFS Proxy. This involves setting up certificates that are used for identity federation with Office 365. For more information on F5, visit: https://devcentral.f5.com/articles/big-ip-and-adfs-part-1-ndash-ldquoload-balancing-the-adfs-farmrdquo
https://devcentral.f5.com/articles/big-ip-and-adfs-part-2-ndash-ldquoapmndashan-alternative-to-the-adfs-proxyrdquo
https://devcentral.f5.com/articles/big-ip-and-adfs-part-3%E2%80%93adfs-apm-and-the-office-365-thick-clients
5 Set up Skype for Business Edge Server Configure the Skype for Business Edge Server setting to allow communication with Skype for Business Online services, visit: https://docs.microsoft.com/en-us/skypeforbusiness/skype-for-business-hybrid-solutions/plan-hybrid-connectivity
6 Move pilot users to Skype for Business Online After you have completed the steps to prepare and configure your environment for Skype for Business Online, you can start moving pilot users to Skype for Business Online. For more information on moving users to Skype for Business Online in Skype for Business Server 2015, visit: https://docs.microsoft.com/en-us/skypeforbusiness/skype-for-business-hybrid-solutions/deploy-hybrid-connectivity/move-users-from-on-premises-to-skype-for-business-online
7 Managing users in a hybrid deployment For details about administering users in a hybrid Skype for Business Server 2015 deployment, visit: https://technet.microsoft.com/en-us/library/jj204967.aspx
Reference Architecture Page 12
Figure 4. Sample network diagram of a Skype for Business 2015 Hybrid deployment using Internet connectivity
Reference Architecture Page 13
Figure 5. Sample network diagram of a Skype for Business 2015 Hybrid deployment using ExpressRoute
Enterprise Voice with Skype for Business Hybrid In a Skype for Business Server 2015 on-premises deployment, the Enterprise Voice feature offers a software/hardware based Voice over IP (VoIP) solution, this includes rich integration with Outlook and Exchange, and enables features such as Response Groups, Call Park, Team Calling, Group Call Pickup, and Enhanced Emergency E9-1-1 support. Enterprise Voice users can use an audio device such as a headset connected to their computer, or a VoIP-enabled phone. For additional details, visit: https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/enterprise-voice-solution/enterprise-voice
Reference Architecture Page 14
In a Skype for Business Server 2015 Hybrid deployment, a portion of the users are homed on–premises, and a portion of users are homed in SfB Online. The users that are homed in SfB Online can communicate with the PSTN/Cellular subscribers using Cloud PBX feature in O365. For more information, visit: https://technet.microsoft.com/en-us/library/mt631190.aspx
There are two offerings available as a part of the O365 Cloud PBX offering:
• Cloud PBX with PSTN Calling
• Cloud PBX with On-Premises PSTN Connectivity
Note At the time of writing this document, the following features of Enterprise Voice are not available with Cloud PBX:
• Branch Survivability
• Location-Based Routing
• Call Admission Control
• Call via Work
• Private Line
• RGS/Call Park Service (CPS)
• Media Bypass
Cloud PBX is currently being offered in specific geographies only. Please verify the availability of the Cloud PBX services in your region prior to planning a deployment.
Cloud PBX with PSTN calling Cloud PBX with PSTN calling provides the features of PBX as an O365 feature. This helps eliminate the need for an on-premises PBX solution. Using O365, companies can purchase their phone numbers from Microsoft or port their existing numbers to SfB Online for everyday use. Managing and assigning phone numbers can be done via the O365 portal. For more information, visit: https://support.office.com/en-us/article/What-is-PSTN-calling-3dc773b9-95e0-4448-b2f1-887c54022429
Figure 6. High-level call flow using Cloud PBX with PSTN calling
Reference Architecture Page 15
Cloud PBX with on-premises PSTN connectivity Cloud PBX with on-premises PSTN connectivity is for a business that has an existing telephony infrastructure such as an IP PBX, Session Border Controller, etc. that they want to continue using for any user that is homed in SfB Online. For more information, visit: https://technet.microsoft.com/en-us/library/mt455212.aspx
Figure 7. High-level call flow using Cloud PBX with on-premises PSTN connectivity
Solution components The following table discusses the components of the SfB Hybrid solution used in this Reference Configuration document.
Table 5. Key on-premises components of the SfB Hybrid solution
Qty Component Description
Three Microsoft Skype for Business Server 2015 Front-end server pool (with Mediation, Monitoring and Archiving roles collocated)
Microsoft Skype for Business Server 2015 Front-end servers in the pool (HPE ProLiant DL380 Gen9 servers). As per Microsoft recommendations, a minimum of three front-end servers are required to provide high availability in the pool.
Two Microsoft SQL Server 2014 Enterprise Service Pack 1 AlwaysOn availability group (Skype for Business Server 2015 Backend servers)
Microsoft SQL Server 2014 Enterprise Service Pack 1 (Skype for Business Server 2015 Backend servers) set up as a 2-node AlwaysOn availability group (HPE ProLiant DL380 Gen9 servers)
Two Microsoft Skype for Business Server 2015 Edge pool
Microsoft Skype for Business Server 2015 Edge servers in the pool (HPE ProLiant DL380 Gen9 servers). As per Microsoft recommendations, a minimum of two edge servers are required to provide high availability in the pool.
Two Office Web Apps Farm Office Web Apps Server in the Farm (HPE ProLiant DL380 Gen9 servers). Office Web Apps Server delivers browser-based versions of Word, PowerPoint, Excel, and OneNote for sharing in Skype for Business 2015.
Two Microsoft Skype for Business Server 2015 Persistent Chat pool
Microsoft Skype for Business Server 2015 Persistent Chat Servers in Active Passive and set up with Compliance enabled (HPE ProLiant DL380 Gen9 servers).
Reference Architecture Page 16
Qty Component Description
Two Microsoft SQL Server 2014 Enterprise Service Pack 1 Mirroring Enabled for Persistent Chat and Persistent Chat Compliance Databases
Microsoft SQL Server 2014 Enterprise Service Pack 1 Mirroring Enabled for Persistent Chat and Persistent Chat Compliance Databases (HPE ProLiant DL380 Gen9 servers)
Two Microsoft Skype for Business Server 2015 Director Pool
Microsoft Skype for Business Server 2015 Director servers in the pool (HPE ProLiant DL380 Gen9 servers). As per Microsoft recommendations, a minimum of two director servers are required to provide high availability in the pool.
One Aruba Virtual Application Networks (VAN) SDN Controller
Aruba Virtual Application Networks (VAN) SDN Controller. A software-defined networking (SDN) controller is an application in that enables intelligent networking traffic flow.
One Aruba Network Optimizer SDN Application for Skype for Business
Aruba Network Optimizer SDN Application for Skype for Business. This the application that resides on the VAN SDN controller to provide intelligent networking traffic flow for Skype for Business traffic.
Two Microsoft Skype for Business SDN Manager Microsoft Skype for Business SDN Manager 2.2 servers. This interface collects the information from the front-end server SDN API and forwards the same to the Network Optimizer software.
One HPE FlexNetwork Modular Services Router (MSR) HPE FlexNetwork Modular Services Router (PSTN Gateway) / Voice Gateway, HPE FlexNetwork MSR3064. This connects the Skype for Business 2015 Mediation server to the PSTN infrastructure.
Two Active Directory Federation Services (ADFS) ADFS enables simplified, secured identity federation and Web single sign-on (SSO) ability for users who need access applications within an AD secured enterprise, in federation partner organizations, or in the cloud.
Two Azure AD Connect Server Azure Active Directory Connect is the latest tool from Microsoft to integrate an on-premises identity solution like Windows Server Active Directory with Azure Active Directory and help users to connect to Office 365, Azure, etc. (1 Active and 1 Staging)
Two HPE branch networking switches that are IRF compliant
HPE FlexFabric 5900CP switches (IRF paired). These provide highly available network connections between various Skype for Business Server 2015 roles
One Aruba 5406R zl2 Used for end-user client connectivity to the Skype for Business Server 2015 roles
One F5 BIG-IP Local Traffic Manager 10200v F5 BIG-IP Local Traffic Manager 10200v load balancer. This is used to load balance http/https traffic for Skype for Business internal users. This also serves as reverse proxy for external Skype for Business internal users.
HPE hardware used in this RC The following hardware configuration was used for the set up of this RC. It assumes 20% of users will be enabled for Persistent Chat and at least 30% of users will be enabled for Enterprise Voice. High-level descriptions of each of the HPE products used in this RA are described in the following sections.
Servers – HPE ProLiant DL380 Gen9 HPE ProLiant DL380 Gen9 servers, used in this RC, include:
• The HPE Smart Array P440ar controller provides the required performance for all SfB workloads and the flexibility for the customer to choose the desired amount of resilience in the various RAID configurations.
• Two sockets with 6-core processors, using Intel® Xeon® E5-2620 v3 processors, provide the performance required for the SfB workloads.
• The HPE iLO Management Engine on the servers contains HPE Integrated Lights-Out 4 (iLO 4) and features a complete set of embedded management features for HPE Power/Cooling, Agentless Management, Active Health System, and Intelligent Provisioning which reduce node and cluster level administration costs.
• A selection of 1 GbE and 10 GbE network interface cards, which provide a variety of capabilities and the ability to change the cards as requirements evolve. The HPE FlexFabric 10 GbE 2-port 556FLR-SFP+ adapter, with 10 GbE bandwidth, helps accelerate IT services and increases data center efficiency.
Reference Architecture Page 17
Figure 8. HPE ProLiant DL380 Gen9 server
Server hardware used for Skype for Business Server 2015 roles and Identity management components The following tables discuss the server hardware required to host Skype for Business Server 2015 roles and Identity management components.
Table 6. Server hardware used for each Front-end server with collocated Archiving Services, Monitoring Services and Mediation server role
Hardware Component Description
CPU x64 Two
Intel Xeon E5-2620 v3 (2.4 GHz/6-core/15MB/85 W)
Chipset Intel C610 Series Chipset
Memory 32 gigabytes (GB) HPE SmartMemory
Disk Internal drives in the HPE ProLiant DL380 Gen9, configured as the following volumes:
• System (OS) Volume: RAID1 – 2 x 300GB SAS 10K SFF HDD – usable capacity 279 GB
• Database Volume: RAID10 – 4 x 300GB SAS 10K SFF HDD – usable capacity 558 GB
• Log Volume: RAID1 – 2 x 300GB SAS 10K SFF HDD – usable capacity 279 GB
Network One HPE FlexFabric 10GbE 2-port 556FLR-SFP+ adapter with two ports teamed using Windows Teaming
Table 7. Server hardware used for each Persistent Chat Front-end, Office Web App, Director Server and Edge server roles
Hardware Component Description
CPU x64 Two
Intel Xeon E5-2620 v3 (2.4 GHz/6-core/15MB/85 W) – Hyper-Threading enabled
Chipset Intel C610 Series Chipset
Memory 16 gigabytes (GB) HPE SmartMemory
Disk Internal drives in the HPE ProLiant DL380 Gen9, configured as the following volumes:
• System (OS) Volume: RAID1 – 2 x 300GB SAS 10K SFF HDD – usable capacity 279 GB
Network One HPE FlexFabric 10GbE 2-port 556FLR-SFP+ adapter with two ports teamed using Windows Teaming
The Edge servers require two network interfaces that are dual-port network adapters:
1) Internal – One HPE FlexFabric 10GbE 2-port 556FLR-SFP+ adapter with two ports teamed using Windows Teaming
2) External – One HPE Ethernet 10Gb 2-port 560SFP+ adapter with two ports teamed using Windows Teaming
Reference Architecture Page 18
Table 8. Server hardware used for each Backend SQL database server using AlwaysOn Availability Group
Hardware Component Description
CPU x64 Two
Intel Xeon E5-2620 v3 (2.4 GHz/6-core/15MB/85 W) – Hyper-Threading enabled
Chipset Intel C610 Series Chipset
Memory 96 gigabytes (GB) HPE SmartMemory
Disk Internal drives in the HPE ProLiant DL380 Gen9, configured as the following volumes:
• System (OS) Volume: RAID1 – 2 x 300GB SAS 10K SFF HDD – usable capacity 279 GB
• Database (Backend) Volume: RAID10 – 4 x 300GB SAS 10K SFF HDD – usable capacity 558 GB
• Log (Backend) Volume: RAID1 – 2 x 300GB SAS 10K SFF HDD – usable capacity 279 GB
• Database (Archiving/Monitoring) Volume: RAID10 – 4 x 300GB SAS 10K SFF HDD – usable capacity 558 GB
• Log (Archiving/Monitoring) Volume: RAID1 – 2 x 300GB SAS 10K SFF HDD – usable capacity 279 GB
Network One HPE FlexFabric 10GbE 2-port 556FLR-SFP+ adapter with two ports teamed using Windows Teaming
Table 9. Server hardware used for each Persistent Chat Backend Database server using SQL Mirroring
Hardware Component Description
CPU x64 Two
Intel Xeon E5-2620 v3 (2.4 GHz/6-core/15MB/85 W) – Hyper-Threading enabled
Chipset Intel C610 Series Chipset
Memory 32 gigabytes (GB) HPE SmartMemory
Disk Internal drives in the HPE ProLiant DL380 Gen9, configured as the following volumes:
• System (OS) Volume: RAID1 – 2 x 300GB SAS 10K SFF HDD – usable capacity 279 GB
• Database (Persistent Chat/Compliance) Volume: RAID10 – 4 x 300GB SAS 10K SFF HDD – usable capacity 558 GB
• Log (Persistent Chat/Compliance) Volume: RAID1 – 2 x 300GB SAS 10K SFF HDD – usable capacity 279 GB
Network One HPE FlexFabric 10GbE 2-port 556FLR-SFP+ adapter with two ports teamed using Windows Teaming
Table 10. Server hardware used for each ADFS and Azure AD Connect server for up to 100,000 Active Directory Objects
Hardware Component Description
CPU x64 Two
Intel Xeon E5-2620 v3 (2.4 GHz/6-core/15MB/85 W) – Hyper-Threading enabled
Chipset Intel C610 Series Chipset
Memory 16 gigabytes (GB) HPE SmartMemory
Disk Internal drives in the HPE ProLiant DL380 Gen9, configured as the following volumes:
• System (OS) Volume: RAID1 – 2 x 300GB SAS 10K SFF HDD – usable capacity 279 GB
Network One HPE FlexFabric 10GbE 2-port 556FLR-SFP+ adapter with two ports teamed using Windows Teaming
HPE networking switches The proposed network contains two HPE FlexFabric 5900CP IRF switches as the backbone of the network. This configuration provides the infrastructure necessary for testing the Aruba Network Optimizer SDN Application with Skype for Business Server 2015.
Aruba 5406R zl2 The Aruba 5400R zl2 switch series is an industry-leading mobile campus access solution with HPE Smart Rate multi-gigabit ports for high-speed connectivity and bandwidth for next wave 802.11ac devices. It brings enterprise-class resiliency and innovative flexibility and scalability to converged campus networks.
Reference Architecture Page 19
Using leading switching ASIC technology, hitless failover, QoS, and security with full L3 features and flexible connectivity options, including 40 Gigabit Ethernet ports and full PoE+, the Aruba 5400R switches require no add-on software licensing and are SDN ready with OpenFlow support.
Figure 9. Aruba 5400R zl2 switch
HPE FlexFabric 5900CP switch The HPE FlexFabric 5900CP switch provides, data center switch architecture that offers wire once for Fibre Channel over Ethernet (FCoE) converged environments. With 48 converged ports that support 1/10GbE and 4/8 FC, the HPE FlexFabric 5900CP delivers versatile convergence for connecting FC, iSCSI and FC SANs. Resilience and ease of management come hand-in-hand with the HPE FlexFabric 5900CP switch. While IRF reduces management complexities by up to 88%, it also delivers less than 50 milliseconds convergence time.
Figure 10. HPE FlexFabric 5900CP switch
HPE FlexNetwork MSR3000 router series The HPE FlexNetwork MSR3000 router series is a family of high-performance medium to large branch routers that deliver integrated routing, switching, security, and SIP in a single box. With its integrated infrastructure and modular design, the HPE FlexNetwork MSR3064 reduces complexity and simplifies your network while enabling faster time to service and enhanced performance. The HPE FlexNetwork MSR3064 increases flexibility and agility by delivering support for a wide range of virtualized applications on the Open Application Platform module. It offers lasting investment protection, and helps reduce capital and operating expenses.
Reference Architecture Page 20
Figure 11. HPE FlexNetwork MSR3064 router
HPE networking with IRF HPE Intelligent Resilient Fabric (IRF) is an HPE Ethernet fabric solution for enterprise data centers. HPE IRF delivers enterprise resiliency that enables customers to build agile networks that are simpler to manage, ready for cloud deployments, and software defined networking. For information on HPE Intelligent Resilient Fabric (IRF), visit: https://support.hpe.com/hpsc/doc/public/display?docId=mmr_sf-EN_US000005162
Software used in this RC Operating system Table 11. Operating system
Product Update Vendor Licenses Required
Windows Server® 2012 R2 Standard Edition Latest Microsoft Yes
Application software Table 12. Application software
Product Update Vendor Licenses Required
Skype for Business Server 2015 Enterprise Latest Microsoft Yes
Aruba Network Optimizer for Microsoft Skype for Business Latest Aruba Yes
Skype for Business, SDN Manager Interface 2.2 N/A Microsoft No
Microsoft SQL Server 2014 Enterprise Cumulative Update 6 or later Microsoft Yes
Microsoft Azure Active Directory Connect 1.0.9125.0 or later Microsoft No
Office Web Apps Server 2013 Latest Microsoft Yes (only for online editing)
Reference Architecture Page 21
Summary Skype for Business 2015 is a business critical and real-time network dependent Microsoft application. This document provided information to assist with understanding the deployment choices available for your Skype for Business 2015 environment. It provided high-level deployment configuration of Skype for Business 2015 in a hybrid configuration. It outlined the hardware and software necessary to support a highly available, on-premises Skype for Business 2015 infrastructure that supports 5,000 users with typical workloads that would be used in an enterprise deployment. Skype for Business 2015 Hybrid deployment provides the maximum amount of features to users, while leveraging lower TCO, 99.9% uptime SLA and advanced features such as large meeting (more than 250 participant), etc. associated with Skype for Business Online services offering.
The Skype for Business 2015 on-premises deployment was shown using the latest HPE ProLiant DL380 Gen9 servers. The Aruba VAN SDN Controller provides centralized control and automation for your SDN-optimized network. The VAN SDN Controller works in conjunction with Skype for Business and the SfB SDN features to automatically manage policy and forwarding decisions, which are communicated to the HPE OpenFlow-enabled switches in the data center or campus network to make the best use of the available bandwidth. The Skype for Business 2015 deployment as described in this reference configuration was planned using Microsoft and HPE best practices and used best-in-class HPE ProLiant servers, storage and networking platforms which make it stand apart from the rest.
Implementing a proof-of-concept As a matter of best practice for all deployments, HPE recommends implementing a proof-of-concept using a test environment that matches as closely as possible the planned production environment. In this way, appropriate performance and scalability characterizations can be obtained. For help with a proof-of-concept, contact an HPE Services representative (hpe.com/us/en/services/consulting.html) or your HPE partner.
Appendix A: Ports and protocols Below is a list of ports and protocols required for communication between Skype for Business Server 2015 on-premises deployment and Skype for Business Online:
Table A1. Port and Protocol
Protocol / Port Applications
TCP 443 Open inbound
• Active Directory Federation Services (federation server role)
• Active Directory Federation Services (proxy server role) either on-premises or in Azure.
• Microsoft Online Services Portal
• My Company Portal
• Outlook Web App
• Client (communication between Skype for Business Online and your on-premises deployment)
TCP 80 and 443 Open inbound
• Microsoft Azure AD Connect Tool
TCP 5061 Open inbound/outbound on the Edge Server
PSOM/TLS 443 Open inbound/outbound for data sharing sessions
STUN/TCP 443 Open inbound/outbound for audio, video, application sharing sessions
STUN/UDP 3478 Open inbound/outbound for audio and video sessions
RTP/TCP 50000-59999 Open outbound for audio and video sessions
For more detail information on Office 365 URLs and IP address ranges to allow through the firewall, visit: https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2
Reference Architecture Page 22
Appendix B: SfB client login flow Scenario – SfB Hybrid configuration login flow for a user enabled for SfB online This section describes an example of a user who has a local Active Directory account and is enabled for SfB Online service. This is a SfB 2015 Server Hybrid setup.
User on the Internet enters a SIP address in the SfB 2015 client and the login flow is as follows. (The following numbers correspond to the numbers in Figure B1.):
1. Based on the user’s SIP domain, the SfB client will perform DNS query for the “lyncdiscover.<domain>”. This record will point to the reverse proxy in the SfB 2015 Server on-premises.
2. The autodiscover DNS record will assist the client in locating the Access proxy FQDN for user’s SIP domain.
3. Client will send SIP register request to the Access proxy FQDN; this points to the SfB 2015 Edge server or Pool.
4. SfB 2015 Edge Server will forward the request to the SfB 2015 Director Server if present or to SfB 2015 Front-end server.
5. SfB 2015 Director Server performs authentication on the user.
6. The SfB 2015 Director Server looks up the Active Directory attribute “msRTCSIP-DeploymentLocator” for the user. If “HostingProvider” value is set to “sipfed.online.lync.com” then the SfB 2015 Director Server redirects the SfB 2015 client to SfB Online services.
7. This redirect is forwarded via the SfB 2015 Edge Server.
8. The SfB 2015 Edge Server sends the redirect to the SfB client.
9. The SfB 2015 client will connect to the SfB Online Service, which will authenticate the user and redirect him to the appropriate SfB Online pool and User Login is complete.
Figure B1. SfB Hybrid client login flow for SfB Online user
Reference Architecture Page 23
Scenario – SfB Hybrid configuration login flow for an external user enabled for SfB on-premises This section describes an example of a user who has a local Active Directory account and is enabled for SfB on-premises service. This is a SfB 2015 server Hybrid setup.
User on the Internet enters a SIP address in the SfB 2015 client and the login flow is as follows. (The following numbers correspond to the numbers in Figure B2.):
1. Based on the user’s SIP domain, the SfB client will perform DNS query for the “lyncdiscover.<domain>”. This record will point to the reverse proxy in the SfB 2015 server on-premises.
2. The autodiscover DNS record will assist the client in locating the Access proxy FQDN for user’s SIP domain.
3. Client will send SIP register request to the Access proxy FQDN; this points to the SfB 2015 Edge server or Pool.
4. SfB 2015 Edge server will forward the request to the SfB 2015 Director Server if present or to SfB 2015 Front-end server.
5. SfB 2015 Director Server performs the authentication of the user.
6. The SfB 2015 Director Server looks up the Active Directory attribute “msRTCSIP-DeploymentLocator” for the user. If “HostingProvider” value is set “SRV” then the SfB 2015 Director Server proxies the SfB 2015 client to appropriate SfB On-premises Pool.
7. This request is forwarded via the User’s On-premises SfB pool.
8. The SfB 2015 Front-end server responds back the SfB client via the SfB Director server.
9. The SfB Director Server forwards the request to the SfB 2015 Edge server.
10. The SfB 2015 Edge server will forward the response from the SfB Director server to SfB 2015 client completing the login.
Figure B2. SfB Hybrid Client login flow for SfB On-premises External User
Reference Architecture Page 24
Sign up for updates
© Copyright 2016-2018 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Microsoft, Windows Server, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Intel and Xeon are trademarks of Intel Corporation in the U.S. and other countries.
4AA6-6984ENW, May 2018, Rev. 1
Resources and additional links HPE resources HPE and Microsoft, hpe.com/partners/microsoft
HPE Reference Architectures, hpe.com/info/ra
HPE ProLiant servers, hpe.com/info/proliant
HPE ProLiant Networking, hpe.com/us/en/product-catalog/servers/server-adapters.hits-12.html
HPE Networking resources, hpe.com/networking
Aruba Solutions for Microsoft Mobile UCC, arubanetworks.com/solutions/microsoft-mobile-ucc
HPE Sizer for Microsoft Skype for Business Server 2015, hpe.com/solutions/microsoft-skype-for-business-sizer
Aruba Network Optimizer SDN Application Series QuickSpecs, https://h20195.www2.hpe.com/v2/GetDocument.aspx?docname=c04227647
Microsoft resources Technical diagrams for Skype for Business Server 2015, https://docs.microsoft.com/en-us/skypeforbusiness/technical-diagrams
Plan for your Skype for Business Server 2015 deployment, https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/plan-your-deployment
Deploy Skype for Business Server 2015, https://docs.microsoft.com/en-us/skypeforbusiness/deploy/deploy
Install Skype for Business Server 2015, https://docs.microsoft.com/en-us/skypeforbusiness/deploy/install/install
Upgrade to Skype for Business Server 2015, https://docs.microsoft.com/en-us/skypeforbusiness/deploy/upgrade-to-skype-for-business-server
Manage Skype for Business Server 2015, https://docs.microsoft.com/en-us/skypeforbusiness/manage/manage
To help us improve our documents, please provide feedback at hpe.com/contact/feedback.