This topic describes the prerequisites and requirements for the deployment of Office Communications Server 2007 R2 Enterprise Edition. This topic also lists requirements for a hardware load balancer deployed in an Office Communications Server 2007 R2 Enterprise pool.
You can deploy Enterprise Edition in your network after your Active Directory Domain Services (AD DS) has been prepared for Office Communications Server 2007 R2. We recommend that you deploy at least one Office Communications Server 2007 R2 pool or server in your internal network before you deploy any other servers in an Office Communications Server 2007 R2 topology. At any time, you can deploy new Enterprise Edition servers in your environment by adding a server to an existing pool or by creating a new pool for new servers.
In this release, unified communications applications are automatically installed. The applications can be activated when you deploy Enterprise Edition, but you can also activate unified communications applications later.
If you plan to deploy Office Communications Server 2007 R2 Archiving Server or Office Communications Server 2007 R2 Monitoring Server to enable archiving or monitoring, you can deploy either server before you deploy Enterprise Edition. If you deploy Archiving Server or Monitoring Server before you configure your pool, you can configure the archiving and monitoring settings during pool configuration.
You can deploy unified communications clients and devices in your environment before or after you deploy Office Communications Server, but we recommend that you deploy clients after you deploy at least one Office Communications Server or pool to host users. Clients cannot be used until servers are configured and running and user accounts have been enabled for Office Communications Server.
Prerequisites for Enterprise Edition
Office Communications Server 2007 R2 is available only in a 64-bit edition, which requires 64-bit hardware and the 64-bit edition of Windows Server. A 32-bit edition is not available with this release. The exception is Office Communications Server Administrative Tools, which is available both in a 64-bit and a 32-bit edition.
The following operating system updates are prerequisites for deploying Office Communications Server 2007 R2:
- Microsoft Knowledge Base article 953582, "You may be unable to
install a program that tries to register extensions under the
IQueryForm registry entry in Windows Server 2008 or in Windows
Vista" at
http://go.microsoft.com/fwlink/?LinkId=131392 .
This update must be installed before you install Office Communications Server 2007 R2 Administrative Tools onlyin the following situations:
- On computers running Windows Vista, on which you install Remote
Server Administration Tools (RSAT).
- On computers running Windows Server 2008, if the server role
Active Directory Domain Services role is added.
- On computers running Windows Vista, on which you install Remote
Server Administration Tools (RSAT).
- Microsoft Knowledge Base article 953990, “AV at
mscorwks!SetAsyncResultProperties” at
http://go.microsoft.com/fwlink/?LinkId=131394 .
This update applies to Windows Server 2003 with SP2 and Windows Server 2008.
For details about Enterprise Edition operating system and hardware requirements, see Office Communications Server Infrastructure Requirements.
AD DS must be prepared for Office Communications Server 2007 R2 before you can deploy Office Communications Server 2007 R2, Enterprise Edition. Enterprise Edition also requires that the following be deployed in your environment:
- Domain Name System (DNS)
- Public key infrastructure (PKI)
- Microsoft .NET Framework 3.5 (64-bit)
- Microsoft Visual C++ 2008 redistributable
- IPv4 addresses and networking protocols
- Hardware load balancer
You must prepare certificates using the PKI so that you can configure mutual TLS (MTLS) between Office Communications Servers. Setup prompts you to install the .NET Framework and the Visual C++ 2008 redistributable, and it automatically installs them if they are not already installed on the computer.
For details about these prerequisites, see Environmental Requirements.
Prerequisites for a Load Balancer Connecting to a Pool
A hardware load balancer is required in an Enterprise pool that has more than one Enterprise Edition server. The load balancer performs the critical role of delivering scalability and high availability across multiple servers that are connected to a centralized database on the Office Communications Server Back-End Database.
Before a hardware load balancer can connect to the Office Communications Server Enterprise pool, you must configure the following:
- A static IP address for servers within your pool.
- Source network address translation (SNAT). Using a load
balancer in the destination network address translation (DNAT)
configuration is not supported. Using a load balancer in SNAT mode
is required. However, be aware that each SNAT IP address on the
load balancer limits the maximum number of simultaneous connections
to 65,000. If you deploy load balancer in SNAT mode, ensure that
you configure a minimum of one SNAT IP address for each group of
65,000 users. (The open number of connections generally corresponds
to the number of active users.) For example, in a deployment
supporting 100,000 users, you would configure two SNAT IP
addresses.
Note: Although DNAT is not supported for the Enterprise pool or for Communicator Web Access, both DNAT and SNAT are supported for Edge Servers and HTTP. - A VIP address and associated DNS record for the load balancer.
For details, see
DNS Requirements
for Servers.
Important: The following requirements apply to all load balancers that are deployed in an Office Communications Server 2007 R2 Enterprise pool. For details about configuring and deploying a particular brand and model of hardware load balancer, see the documentation that is included with the product of your choice.
A load balancer for an Enterprise pool must meet the following requirements:
- Expose a VIP Address through Address Resolution Protocol (ARP).
The VIP must have a single DNS entry called the pool FQDN and must
be a static IP address.
- Allow multiple ports to be opened on the same VIP. The
following ports are required.
Table 1. Hardware Load Balancer Ports That Are Required for Office Communications Server 2007 R2
Port required Virtual IP Port use 5060
Load balancer VIP used by the Front End Servers
Client to server SIP communication over TCP
5061
Load balancer VIP used by the Front End Servers
Client to Front End Server SIP communication over TLS
SIP communication between Front End Servers over MTLS
5065
Load balancer VIP used by the Front End Servers
Used for incoming SIP listening requests for application sharing over TCP
5069
Load balancer VIP used by the Front End Servers
Used by QoE Agent on Front End Servers, needs to be open only if this pool sends QoE data to Monitoring Server
135
Load balancer VIP used by the Front End Servers
To move users and perform other pool level Windows Management Instrumentation (WMI) operations over DCOM
444
Load balancer VIP used by the Front End Servers
Communication between the internal components that manage conferencing and the conferencing servers
443
Load balancer VIP used by the Web Components Server
HTTPS traffic to the pool URLs
Note: If you deploy a load balancer for computers that are running applications such as Conferencing Attendant, Conferencing Announcement Service, Response Group Service, and Outside Voice Control, you must also configure the load balancer with the ports used by each application, as described in Dial-In Conferencing Support, Response Group Service Support, and Outside Voice Control, respectively. - Provide TCP-level affinity. This means that the load balancer
must ensure that TCP connections can be established with one Office
Communications Server in the pool and all traffic on that
connection will be destined for that same Office Communications
Server.
- Have an IP address on each Front End Server that is directly
routable within the internal network (specifically to allow
communications between Front End Servers across different pools).
- Ensure that the load balancer provides a configurable TCP
idle-timeout interval with its value set to 20 minutes or greater.
This value must be 20 minutes or higher because it should be above
the following values:
- Maximum SIP connection idle timeout of 20 minutes (this is the
major determining value).
- SIP Keep-alive interval 5 minutes.
- Maximum REGISTER refresh interval of 15 minutes in absence of
keep-alive checks.
- Maximum SIP connection idle timeout of 20 minutes (this is the
major determining value).
- Enable TCP resets on idle timeout.
- Ensure that Front End Servers within a pool behind a load
balancer are capable of routing to each other. There can be no NAT
device in this path of communication. Any such device will prevent
successful RPC between Front End Servers within a pool.
- Ensure that Front End Servers behind a load balancer have
access to the Active Domain Directory Services environment.
- Ensure that Front End Servers have static IP addresses that can
be used to configure them in the load balancer. In addition, these
IP addresses must have DNS registrations (referred to as Front End
FQDNs).
- Ensure that any computer running Office Communications Server
2007 R2 administrative tools is able to route through the load
balancer to both the Pool FQDN and the Front End FQDN of every
Front End Server in the pool or pools to be managed. In addition,
there can be no NAT device in the path of communication to the
Front End Servers to be managed. Again, this is a restriction
enforced by the usage of the RPC protocol by DCOM.
- Use a load balancer that allows for adding and removing servers
to the pool without shutting down.
- Use a load balancer that supports a least-connections-based
load balancing mechanism. This means that the load balancer will
rank all Office Communications Server servers based on the number
of outstanding connections to each of them. This rank will then be
used to pick the Office Communications Server to be used for the
next connection request.
- Use a load balancer that is capable of monitoring server
availability by connecting to a configurable port for each server.
Important: The monitor for ports 135 and 444 should open TCP connections to port 5060 or 5061 for determining server availability. Attempting to monitor ports 135 and 444 on the servers will cause the load balancer to incorrectly detect these servers to be available, because these ports are open even though Office Communications Server is not running.
Best Practices
We strongly recommend that you read Planning and Architectureto determine the features, functionality, and topology required by your organization before you begin deploying Enterprise Edition.
Deployment Process
The deployment process for Enterprise Edition is described in the following table.
Table 2. Enterprise Edition Deployment Process
Phase | Steps | Permissions | Documentation |
---|---|---|---|
Install prerequisite software. |
Manually install Windows Updates, and then automatically install prerequisite software using Office Communications Server 2007 R2 Setup. |
RTCUniversalServerAdmins group DomainAdmins group |
Internal Office Communications Server Component Requirements |
Prepare AD DS. |
Prepare the schema, forest, and domain for Office Communications Server 2007 R2. |
Member of Schema Admins group and Administrator rights on the schema master Member of EnterpriseAdmins group for the forest root domain Member of EnterpriseAdmins or DomainAdmins group |
|
Prepare Windows for Setup. |
Install required Windows Updates, configure Windows Firewall, and then disable all services not required by Office Communications Server. |
Administrators group |
|
Install SQL Server. |
Install SQL Server 2008 or SQL Server 2005 with Service Pack 2 (SP2) on a dedicated computer to host the Office Communications Server 2007 R2 Back-End Database. |
Local Administrator |
Internal Office Communications Server Component Requirements |
Configure SQL Server for Office Communications Server. |
Configure SQL Server trace flags. If you installed SQL Server on the Windows Server 2008 operating system, configure the Windows Firewall for SQL Server access. |
SQL Server administrator Local administrator |
|
Optionally, configure a load balancer for your pool. |
If you plan to deploy more than one Enterprise Edition server in a pool, deploy and configure a load balancer according to the load balancer settings described earlier in this topic. |
Load balancer administrator |
Documentation included with your hardware load balancer
|
Create and verify DNS records. |
Configure DNS A and SRV records as described in DNS Requirements for Servers. |
DNS Admins group |
Domain Name System (DNS) Requirements
|
Create the pool. |
On the computer where you installed SQL Server, run Office Communications Server 2007 R2 Setup to create an Enterprise pool to which you will later add servers. |
RTCUniversalServerAdmins group DomainAdmins group |
|
Configure the pool and applications. |
Configure settings that will apply to all servers in the pool, including SIP domain and client logon settings. Optionally, activate any unified communications applications that you want to deploy. |
RTCUniversalServerAdmins group |
|
Add servers to the pool. |
On the server in the domain that you want to add to your new or existing pool, run Setup to install and activate Office Communications Server Enterprise Edition. |
Administrators group RTCUniversalServerAdmins group DomainAdmins group |
Supported Server Role Collocation
|
Configure certificates for Office Communications Server. |
Request a mutual TLS (MTLS) certificate for Office Communications Server, and then assign the certificate to each server in the Enterprise pool by using both Setup and Internet Information Services (IIS) Manager. |
Administrators group RTCUniversalServerAdmins group |
|
Start the services. |
Confirm that AD DS replication has completed, and then start Office Communications Server services. |
RTCUniversalServerAdmins group |
|
Validate your server and pool configuration. |
With the services running, run the validation wizard to verify the configuration of each server role. In a consolidated configuration, the validation wizard verifies all server roles configured on the computer. |
RTCUniversalServerAdmins group |
|
Optionally, configure audio/video and Web conferencing. |
Configure one or more meeting policies to enable users to organize and invite other users to Web conferences that are hosted on your own on-premises servers. |
RTCUniversalServerAdmins group |
|
Create and enable users. |
Enable users in AD DS so that they can connect to Office Communications Server 2007 R2, and then configure user settings to enable access to features of Office Communications Server. |
To create users, DomainAdmins group To enable users and configure user accounts for Office Communications Server, RTCUniversalServerAdmins group |
|
Deploy clients. |
Deploy the unified communications clients that will connect to Office Communications Server 2007 R2. |
Administrators group |
|