This topic describes the prerequisites and requirements for the deployment of Office Communications Server 2007 R2 Enterprise Edition. This topic also lists requirements for a hardware load balancer deployed in an Office Communications Server 2007 R2 Enterprise pool.

You can deploy Enterprise Edition in your network after your Active Directory Domain Services (AD DS) has been prepared for Office Communications Server 2007 R2. We recommend that you deploy at least one Office Communications Server 2007 R2 pool or server in your internal network before you deploy any other servers in an Office Communications Server 2007 R2 topology. At any time, you can deploy new Enterprise Edition servers in your environment by adding a server to an existing pool or by creating a new pool for new servers.

In this release, unified communications applications are automatically installed. The applications can be activated when you deploy Enterprise Edition, but you can also activate unified communications applications later.

If you plan to deploy Office Communications Server 2007 R2 Archiving Server or Office Communications Server 2007 R2 Monitoring Server to enable archiving or monitoring, you can deploy either server before you deploy Enterprise Edition. If you deploy Archiving Server or Monitoring Server before you configure your pool, you can configure the archiving and monitoring settings during pool configuration.

You can deploy unified communications clients and devices in your environment before or after you deploy Office Communications Server, but we recommend that you deploy clients after you deploy at least one Office Communications Server or pool to host users. Clients cannot be used until servers are configured and running and user accounts have been enabled for Office Communications Server.

Prerequisites for Enterprise Edition

Office Communications Server 2007 R2 is available only in a 64-bit edition, which requires 64-bit hardware and the 64-bit edition of Windows Server. A 32-bit edition is not available with this release. The exception is Office Communications Server Administrative Tools, which is available both in a 64-bit and a 32-bit edition.

The following operating system updates are prerequisites for deploying Office Communications Server 2007 R2:

  • Microsoft Knowledge Base article 953582, "You may be unable to install a program that tries to register extensions under the IQueryForm registry entry in Windows Server 2008 or in Windows Vista" at http://go.microsoft.com/fwlink/?LinkId=131392 .

    This update must be installed before you install Office Communications Server 2007 R2 Administrative Tools onlyin the following situations:

    • On computers running Windows Vista, on which you install Remote Server Administration Tools (RSAT).

    • On computers running Windows Server 2008, if the server role Active Directory Domain Services role is added.

  • Microsoft Knowledge Base article 953990, “AV at mscorwks!SetAsyncResultProperties” at http://go.microsoft.com/fwlink/?LinkId=131394 .

    This update applies to Windows Server 2003 with SP2 and Windows Server 2008.

For details about Enterprise Edition operating system and hardware requirements, see Office Communications Server Infrastructure Requirements.

AD DS must be prepared for Office Communications Server 2007 R2 before you can deploy Office Communications Server 2007 R2, Enterprise Edition. Enterprise Edition also requires that the following be deployed in your environment:

  • Domain Name System (DNS)

  • Public key infrastructure (PKI)

  • Microsoft .NET Framework 3.5 (64-bit)

  • Microsoft Visual C++ 2008 redistributable

  • IPv4 addresses and networking protocols

  • Hardware load balancer

You must prepare certificates using the PKI so that you can configure mutual TLS (MTLS) between Office Communications Servers. Setup prompts you to install the .NET Framework and the Visual C++ 2008 redistributable, and it automatically installs them if they are not already installed on the computer.

For details about these prerequisites, see Environmental Requirements.

Prerequisites for a Load Balancer Connecting to a Pool

A hardware load balancer is required in an Enterprise pool that has more than one Enterprise Edition server. The load balancer performs the critical role of delivering scalability and high availability across multiple servers that are connected to a centralized database on the Office Communications Server Back-End Database.

Before a hardware load balancer can connect to the Office Communications Server Enterprise pool, you must configure the following:

  • A static IP address for servers within your pool.

  • Source network address translation (SNAT). Using a load balancer in the destination network address translation (DNAT) configuration is not supported. Using a load balancer in SNAT mode is required. However, be aware that each SNAT IP address on the load balancer limits the maximum number of simultaneous connections to 65,000. If you deploy load balancer in SNAT mode, ensure that you configure a minimum of one SNAT IP address for each group of 65,000 users. (The open number of connections generally corresponds to the number of active users.) For example, in a deployment supporting 100,000 users, you would configure two SNAT IP addresses.

    Note:
    Although DNAT is not supported for the Enterprise pool or for Communicator Web Access, both DNAT and SNAT are supported for Edge Servers and HTTP.
  • A VIP address and associated DNS record for the load balancer. For details, see DNS Requirements for Servers.

    Important:
    The following requirements apply to all load balancers that are deployed in an Office Communications Server 2007 R2 Enterprise pool. For details about configuring and deploying a particular brand and model of hardware load balancer, see the documentation that is included with the product of your choice.

A load balancer for an Enterprise pool must meet the following requirements:

  • Expose a VIP Address through Address Resolution Protocol (ARP). The VIP must have a single DNS entry called the pool FQDN and must be a static IP address.

  • Allow multiple ports to be opened on the same VIP. The following ports are required.

    Table 1. Hardware Load Balancer Ports That Are Required for Office Communications Server 2007 R2

    Port required Virtual IP Port use

    5060

    Load balancer VIP used by the Front End Servers

    Client to server SIP communication over TCP

    5061

    Load balancer VIP used by the Front End Servers

    Client to Front End Server SIP communication over TLS

    SIP communication between Front End Servers over MTLS

    5065

    Load balancer VIP used by the Front End Servers

    Used for incoming SIP listening requests for application sharing over TCP

    5069

    Load balancer VIP used by the Front End Servers

    Used by QoE Agent on Front End Servers, needs to be open only if this pool sends QoE data to Monitoring Server

    135

    Load balancer VIP used by the Front End Servers

    To move users and perform other pool level Windows Management Instrumentation (WMI) operations over DCOM

    444

    Load balancer VIP used by the Front End Servers

    Communication between the internal components that manage conferencing and the conferencing servers

    443

    Load balancer VIP used by the Web Components Server

    HTTPS traffic to the pool URLs

    Note:
    If you deploy a load balancer for computers that are running applications such as Conferencing Attendant, Conferencing Announcement Service, Response Group Service, and Outside Voice Control, you must also configure the load balancer with the ports used by each application, as described in Dial-In Conferencing Support, Response Group Service Support, and Outside Voice Control, respectively.
  • Provide TCP-level affinity. This means that the load balancer must ensure that TCP connections can be established with one Office Communications Server in the pool and all traffic on that connection will be destined for that same Office Communications Server.

  • Have an IP address on each Front End Server that is directly routable within the internal network (specifically to allow communications between Front End Servers across different pools).

  • Ensure that the load balancer provides a configurable TCP idle-timeout interval with its value set to 20 minutes or greater. This value must be 20 minutes or higher because it should be above the following values:

    • Maximum SIP connection idle timeout of 20 minutes (this is the major determining value).

    • SIP Keep-alive interval 5 minutes.

    • Maximum REGISTER refresh interval of 15 minutes in absence of keep-alive checks.

  • Enable TCP resets on idle timeout.

  • Ensure that Front End Servers within a pool behind a load balancer are capable of routing to each other. There can be no NAT device in this path of communication. Any such device will prevent successful RPC between Front End Servers within a pool.

  • Ensure that Front End Servers behind a load balancer have access to the Active Domain Directory Services environment.

  • Ensure that Front End Servers have static IP addresses that can be used to configure them in the load balancer. In addition, these IP addresses must have DNS registrations (referred to as Front End FQDNs).

  • Ensure that any computer running Office Communications Server 2007 R2 administrative tools is able to route through the load balancer to both the Pool FQDN and the Front End FQDN of every Front End Server in the pool or pools to be managed. In addition, there can be no NAT device in the path of communication to the Front End Servers to be managed. Again, this is a restriction enforced by the usage of the RPC protocol by DCOM.

  • Use a load balancer that allows for adding and removing servers to the pool without shutting down.

  • Use a load balancer that supports a least-connections-based load balancing mechanism. This means that the load balancer will rank all Office Communications Server servers based on the number of outstanding connections to each of them. This rank will then be used to pick the Office Communications Server to be used for the next connection request.

  • Use a load balancer that is capable of monitoring server availability by connecting to a configurable port for each server.

    Important:
    The monitor for ports 135 and 444 should open TCP connections to port 5060 or 5061 for determining server availability. Attempting to monitor ports 135 and 444 on the servers will cause the load balancer to incorrectly detect these servers to be available, because these ports are open even though Office Communications Server is not running.

Best Practices

We strongly recommend that you read Planning and Architectureto determine the features, functionality, and topology required by your organization before you begin deploying Enterprise Edition.

Deployment Process

The deployment process for Enterprise Edition is described in the following table.

Table 2. Enterprise Edition Deployment Process

Phase Steps Permissions Documentation

Install prerequisite software.

Manually install Windows Updates, and then automatically install prerequisite software using Office Communications Server 2007 R2 Setup.

RTCUniversalServerAdmins group

DomainAdmins group

Environmental Requirements

Internal Office Communications Server Component Requirements

Prepare AD DS.

Prepare the schema, forest, and domain for Office Communications Server 2007 R2.

Member of Schema Admins group and Administrator rights on the schema master

Member of EnterpriseAdmins group for the forest root domain

Member of EnterpriseAdmins or DomainAdmins group

Preparing Active Directory Domain Services for Office Communications Server 2007 R2in the Deployment documentation

Prepare Windows for Setup.

Install required Windows Updates, configure Windows Firewall, and then disable all services not required by Office Communications Server.

Administrators group

Prepare Windows for Setupin Deploying Office Communications Server 2007 R2 for Internal User Access in the Deployment documentation

Install SQL Server.

Install SQL Server 2008 or SQL Server 2005 with Service Pack 2 (SP2) on a dedicated computer to host the Office Communications Server 2007 R2 Back-End Database.

Local Administrator

Install SQL Serverin Deploying Office Communications Server 2007 R2 for Internal User Access, Deploying Office Communications Server 2007 R2 Enterprise Edition, in the Deployment documentation

Internal Office Communications Server Component Requirements

Configure SQL Server for Office Communications Server.

Configure SQL Server trace flags. If you installed SQL Server on the Windows Server 2008 operating system, configure the Windows Firewall for SQL Server access.

SQL Server administrator

Local administrator

Configure SQL Server for Office Communications Serverin Deploying Office Communications Server 2007 R2 Enterprise Edition

Optionally, configure a load balancer for your pool.

If you plan to deploy more than one Enterprise Edition server in a pool, deploy and configure a load balancer according to the load balancer settings described earlier in this topic.

Load balancer administrator

Documentation included with your hardware load balancer

Configure a Load Balancer for Your Poolin Deploying Office Communications Server 2007 R2 Enterprise Edition

Create and verify DNS records.

Configure DNS A and SRV records as described in DNS Requirements for Servers.

DNS Admins group

Domain Name System (DNS) Requirements

Create and Verify DNS Records for Your Server or Poolin Deploying Office Communications Server 2007 R2 Enterprise Edition

Create the pool.

On the computer where you installed SQL Server, run Office Communications Server 2007 R2 Setup to create an Enterprise pool to which you will later add servers.

RTCUniversalServerAdmins group

DomainAdmins group

Create the Poolin Deploying Office Communications Server 2007 R2 Enterprise Edition

Configure the pool and applications.

Configure settings that will apply to all servers in the pool, including SIP domain and client logon settings. Optionally, activate any unified communications applications that you want to deploy.

RTCUniversalServerAdmins group

Configure Pool and Applicationsin Deploying Office Communications Server 2007 R2 Enterprise Edition

Add servers to the pool.

On the server in the domain that you want to add to your new or existing pool, run Setup to install and activate Office Communications Server Enterprise Edition.

Administrators group

RTCUniversalServerAdmins group

DomainAdmins group

Supported Server Role Collocation

Add Servers to the Poolin Deploying Office Communications Server 2007 R2 Enterprise Edition

Configure certificates for Office Communications Server.

Request a mutual TLS (MTLS) certificate for Office Communications Server, and then assign the certificate to each server in the Enterprise pool by using both Setup and Internet Information Services (IIS) Manager.

Administrators group

RTCUniversalServerAdmins group

Create a New Certificate

Assign an Existing Certificate

Configure the Web Components Server IIS Certificatetopics in Deploying Office Communications Server 2007 R2 Enterprise Edition

Start the services.

Confirm that AD DS replication has completed, and then start Office Communications Server services.

RTCUniversalServerAdmins group

Start the Servicesin Deploying Office Communications Server 2007 R2 Enterprise Edition

Validate your server and pool configuration.

With the services running, run the validation wizard to verify the configuration of each server role. In a consolidated configuration, the validation wizard verifies all server roles configured on the computer.

RTCUniversalServerAdmins group

Validate Your Server and Pool Configurationin Deploying Office Communications Server 2007 R2 Enterprise Edition

Optionally, configure audio/video and Web conferencing.

Configure one or more meeting policies to enable users to organize and invite other users to Web conferences that are hosted on your own on-premises servers.

RTCUniversalServerAdmins group

Configure Audio/Video Conferencing and Web Conferencingin Deploying Office Communications Server 2007 R2 Enterprise Edition

Create and enable users.

Enable users in AD DS so that they can connect to Office Communications Server 2007 R2, and then configure user settings to enable access to features of Office Communications Server.

To create users, DomainAdmins group

To enable users and configure user accounts for Office Communications Server, RTCUniversalServerAdmins group

Create and Enable Users for Office Communications Server

Configure Userstopics in Deploying Office Communications Server 2007 R2 Enterprise Edition

Deploy clients.

Deploy the unified communications clients that will connect to Office Communications Server 2007 R2.

Administrators group

Deploy Clients and Additional Featuresin Deploying Office Communications Server 2007 R2 Enterprise Edition