implement the quality of service (qos) for microsoft teams ... · implement quality of service...
TRANSCRIPT
Implement the Quality of Service (QoS) for Microsoft Teams V1
Overview:
As you know that Microsoft Teams is great product which has multiple features which
help enterprise users to communicate and collaborate effectively from anywhere in
real-time. To get Microsoft Teams to work correctly for managed and unmanaged
network (users), is complex task as we are dealing with vast product. Improving quality
of service is very important. So, this admin guide helps you to configure end to end
Quality of Service. Also, this document mainly focusing on why we need Quality of
Service and how we can configure this.
Microsoft Teams is latency-sensitive application, to provide optimal experience using
Teams audio, video and application sharing you must prioritize the Teams real-time
traffic against lower priority traffic.
Basically, Quality of Services is not an only solution of every quality problem, however
QoS is combination of networking technologies that enables companies to optimize the
end-user experience for real time audio, video and application sharing communications.
QoS is commonly used when network bandwidth is limited and when network
congestion, in practice bandwidth limitation and network congestion always there so we
must have QoS configure correctly to optimize end-users experience.
Author: Balu Ilag Microsoft MVP (Office Servers and Services) © 8.27.2018, Balu Ilag, System Administrator, Microsoft MVP
for Office Apps and Services. Version 1.0
Contact me at: [email protected]
Blog: http://bloguc.com/ . This document covers how to deploy quality of
services and why we need it. Target audience for this admin guide are Microsoft Teams Administrator, Consultant, Skype for Business Administrator, Office365 Administrator, Network Engineer and System Administrator who manages Microsoft Teams and Skype for Business environment.
Implement Quality of Service (QoS) for Microsoft Teams
As you know that Microsoft Teams is Collaboration and Unified Communication
application, means Teams provides Real-Time Communication including Persistent Chat,
Audio/ Video call (Voice Over IP), Meetings, application Sharing, PSTN calls, content
sharing etc. these capabilities will increases the traffic on your existing network, it is
increasingly important for you to balance network performance with the cost of service.
Since these all modalities includes signaling and media traffic and this real-time traffic is
latency-sensitive. Microsoft Teams is latency-sensitive application, to provide optimal
experience using Teams audio, video and application sharing you must prioritize the
Teams real-time traffic against lower priority traffic.
There are different ways to prioritize network traffic, but the most common way by
using Differentiated Services Code Point (DSCP) markings. DSCP values can be applied or
tagged based on port ranges and also via Group Policy objects (GPOs). Since Microsoft
Teams is available across platform including Windows, MacOS, iOS, Android etc.
applying port ranges via GPO will not work for non-windows devices. It is recommended
that you use DSCP tagging based on port ranges on network layer because it will work
for all devices including MacOS, iOS and Android devices. In fact, combination of Group
Policy Object and DSCP tagging at network layer will work better.
QoS is more beneficial when you configure a QoS-capable connection from end to end
means from Computer to network switches to routers to the cloud (Office 365 Service),
because any part of the path that fails to support QoS can degrade the quality of the
entire call.
QoS works well when implemented end-to-end that connect caller to callee and vice
versa. If you use QoS on the internal network and a user signs in from a remote location,
you can only prioritize Teams traffic within your internal (managed network).
Since Microsoft Teams is cloud only service, so you don't have end-to-end control on
network because when network traffic leaves your management network you will be
dependent on internet where you don't have much control. Basically, the interconnect
network will be an unmanaged network internet connection, which is showed in below
image. One option available to address end-to-end QoS is Azure ExpressRoute which
cost additional investment.
QoS will help to enhance user experience using Teams, so you can implement QoS in
your organization when you are deploying Teams, or you already deployed Teams.
Even though you will not have end-to-end control on network, but it is recommended
that you implement QoS on the portions of the network you have control over, namely
you’re on-premises network. This will increase the quality of real-time communication
workloads throughout your deployment and improve chokepoints in your existing
deployment.
Teams is great product, applying QoS policies will gives optimal experience to your end
user, this user guide will help you to implement QoS and validate the same.
How to setup Quality of Service for Microsoft Teams?
As I mention earlier for Teams traffic you should use Group Policy Object and DSCP
marking using port ranges to accommodate windows and non-windows devices. This
guide is covering Quality of Services setting at endpoint level as well network layer.
It is best practice to use a Group Policy Object to catch the majority of clients, and also
use port-based DSCP tagging to ensure that mobile, Mac, and other clients will still get
QoS treatment (at least partially).
Below mentioned DSCP values and client source port ranges are recommended for
Microsoft Teams media traffic.
DSCP Marking and Teams Client Source port ranges:
Client source port range Protocol Media category
DSCP value DSCP class
50,000–50,019 TCP/UDP Audio 46 Expedited Forwarding (EF)
50,020–50,039 TCP/UDP Video 34 Assured Forwarding (AF41)
50,040–50,059 TCP/UDP Application/Desktop Sharing 18
Assured Forwarding (AF21)
Apply DSCP Marking at network Layer (L2):
Port-based DSCP tagging by using access control lists (ACLs) on network devices
(Switches and routers, basically the network team marks the Teams Audio, Video and
Application sharing traffic at the ingress/egress routers typically located on the Wide
Area Network (WAN) based on the client source port ranges defined for each modality.
Although this works across platforms, it only marks traffic at the WAN edge—not all the
way to the client machine—and therefore incurs management overhead.
To setup this you can discuss and share Teams client source port ranges with DSCP Class
and Value with your network team.
DSCP marking at endpoint level using Policy-based QoS:
QoS policies are applied to a user login session or a computer as part of a Group Policy
object (GPO) that you have linked to an Active Directory container, such as a domain,
site, or organizational unit (OU). QoS traffic management occurs below the application
layer, which means that your existing applications do not need to be modified to benefit
from the advantages that are provided by QoS policies.
For Microsoft Teams, we need setup QoS policies for Computer configuration so that
whoever login to computer and use Teams client will get policy applied.
GPO Path: Default Domain Policy | Computer Configuration | Policies| Windows
Settings | Policy-based QoS
Follow the below steps to implement policy-based QoS for Teams:
1. First define the Teams client source port ranges on Teams Admin Center modern
portal:
URL: https://admin.teams.microsoft.com/policies/meetings
a. Turn on “Insert Quality of Service (QoS) markers for real-time media
traffic”, refer the below image.
b. Select “Select a port range for each type of real-time media traffic”, refer
the below image.
c. Update starting and ending port ranges with media traffic type. Refer
below the image.
You may setup port range using PowerShell as well.
2. Configure separate Group Policy Object for each modality:
After defining port ranges in Teams Admin portal, you have to create Quality of
Service policies that specify the DSCP values to be associated with each port
range
Simply, restricting a set of ports to a specific type of traffic does not result in
packets traveling through those ports being marked with the appropriate DSCP
value. In addition to defining port ranges you must also create Quality of Service
policies that specify the DSCP value to be associated with each port range.
This DSCP values association with port ranges can be achieve via GPO which
called as policy based QoS. With QoS Policy, you can configure and enforce QoS
policies that cannot be configured on routers and switches. QoS Policy provides
the following advantages:
• QoS Policies are easier to configure a user-level QoS policy on a domain
controller and propagate the policy to the user’s computer.
• QoS policies are flexible regardless of where or how a computer connects
to the network, QoS policy is applied - the computer can connect using
WiFi or Ethernet from any location.
• Some QoS functions, such as throttling, are better performed when they
are closer to the source. QoS Policy moves such QoS functions closest to
the source.
If you already have all port ranges and DSCP value with media category type then
processed below, if not then decide port ranges and follow the step two for
configure port ranges. Microsoft outline complete steps and port ranges here:
https://docs.microsoft.com/en-us/microsoftteams/qos-in-teams
a. You must have consolidated all your computer object to single OU
(Organization Unit). E.g. Computer to apply GPO correctly.
b. Login to the Domain Controller or computer which have Group Policy
Management installed.
c. Open Group Policy Management tool (run > gpmc.msc) and then right click
the OU (Computer) and then click “Create a GPO in this domain and Link it
here” to create a new GPO. E.g. TeamsClient-QoS. You must have required
permission (Domain Admin) or like create and link policy object permission.
d. Select the newly created Group Policy Object and right click on it and select
Edit to Open Group Policy Management Editor > expand Computer
Configuration > expand Policies > expand Windows Settings > right click
Policy-based QoS > then click ‘Create new policy’. Refer below image.
e. In Policy-based QoS page > give policy name as "Teams Audio" > Select Specify
DSCP Value: "46" > click Next.
Below screenshot shows Policy name and DSCP value information:
f. On next page > Select "Only applications with this executable name:
"Teams.exe" > click Next. Below screenshot shows Application name
information:
Note: This simply ensures that Teams.exe application will match packets from the
specified port range with the specified DSCP code.
g. On next page, make sure that both Any source IP address and Any
destination IP address are selected > then click Next.
Note: These two settings ensure that packets will be managed regardless of
which computer (IP address) sent those packets and which computer (IP
address) will receive those packets. Below screenshot shows IP address
configuration information
h. On next page select TCP and UDP > select ‘From this source port or range’.
Note: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol)
are the two networking protocols most-commonly used by Microsoft Teams
Service and its client applications. Also, typed port range reserved for audio
transmissions (50000 to 50019) and select “To any destination port”.
Below screenshot shows protocol and port range configuration information:
i. Follow step “e” to “h” and create new policy object as “Teams Video and
Teams Sharing” with above ports ranges and DSCP values. j. After you are configuring all policy object, it will look like below:
3. Finally test the QoS, as a best practice you must validate QoS configuration and
DSCP tagging quarterly basis.
How to verify QoS policies applied and working?
There are multiple ways to verify the QoS:
1. Using Registry on Windows Local computer: Once GPO pushed and applied to
computer, you can force the GPO to local computer by running command
“gpudate.exe /force”, and then visit below path to verify QoS policies applied.
You will see result like below image. It shows Teams Audio, Video and Sharing
policy with port ranges and DSCP Values. Registry Path:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\QoS\
Teams Audio
a. Validate using Packet capture: Start teams audio/video meeting and capture
the network traffic via Wireshark tool (it is freeware tool, you can download
and install on your computer). Below shows Teams audio traffic (source is
10.0.0.207 and destination 104.42.192.49) protocol UDP with port number
“50018” this packet shows DSCP marking as EF (expedite forwarding as DSCP
46 ). Verify the two-way traffic to get QoS benefits.
Thank you.