You must configure Mediation Server to communicate with Office Communications Server 2007 on one side and, either media gateways or a Session Initiation Protocol (SIP) trunking service provider on the other. For details about SIP trunking, a new feature in Office Communications Server 2007 R2, see in the Technical Overview in the Getting Started documentation.
To configure a Mediation Server, you must specify the following:
- The SIP transport used to communicate with a media gateway.
There are two choices: Transport Layer Security (TLS) or
Transmission Control Protocol (TCP).
- TLS is the recommended transport, which provides encrypted
signaling between the Mediation Server and the media gateway that
is connected to the public switched telephone network (PSTN). If
you configure your gateway link for TLS, calls to and from the PSTN
are encrypted end-to-end.
- It is possible to configure the Mediation Server to use TCP
instead of TLS, but it is not recommended. If you configure the
gateway link for TCP, that link presents a potential security
vulnerability. For this reason, it is good practice to install two
network interface cards, one facing the media gateway and the other
facing the internal network.
Important: The link between Mediation Server and the internal Communications Server 2007 infrastructure is always configured for TLS, even in cases where the gateway link is configured for TCP. This requirement means that you must always configure a certificate on the Mediation Server. If you configure the gateway link for TLS, you must also configure a certificate on the gateway.
- TLS is the recommended transport, which provides encrypted signaling between the Mediation Server and the media gateway that is connected to the public switched telephone network (PSTN). If you configure your gateway link for TLS, calls to and from the PSTN are encrypted end-to-end.
- The IP addresses on which the Mediation Server listens for call
traffic from Communications Server on one side and media gateways
or SIP trunking providers on the other. The Communications Server
listening IP address is the IP address of the internal (that is,
the Communications Server-facing) edge of the Mediation Server. The
Gateway or SIP-trunk listening IP address is the IP address of the
external (that is, the gateway- or SIP-trunk-facing) edge of the
- The fully qualified domain name (FQDN) of the collocated A/V
Edge Server and Media Relay Authentication Server for this
- The default location profile used by this Mediation Server.
- The default Media port range.
- The FQDN and port of the Communications Server internal next
hop. In most cases, this server is a Director, a Standard Edition
server, or an Enterprise Edition Front End Server.
- The FQDN or the IP address and port for the media gateway or
SIP trunk to which this Media Server is connected.
To configure Mediation Server you must be a member of the RTCUniversalServerAdmins group or have been delegated to perform this task by a member of that group.
To configure Mediation Server
Log on to a Communications Server 2007 Mediation Server.
Click Start, point to Administrative Tools, and then click Office Communications Server 2007.
Expand the appropriate forest node.
Expand the Mediation Serversnode, right-click the Mediation Server to be configured, click Properties, and then click the Generaltab.
In the FQDN box, make sure the FQDN listed matches that of the Mediation Server you have selected.
Open a command prompt, change to the root directory, and type nslookup < FQDN of Mediation Server >, using the FQDN displayed on the Mediation Server Generaltab, and then press ENTER.
Note: You should configure only the Office Communications Server-facing IP address for dynamic DNS registration. Otherwise, the FQDN resolves to both IP addresses, which causes connections to fail unpredictably.
From the list of IP addresses displayed in the Communications Server listening IP addresslist, select the IP address returned in step 6.
Important: If the IP address selected in step 7 does not match the IP address in step 6, Communications Server traffic will be directed toward an interface that is not listening for such traffic and away from the one that is.
From the list of two IP addresses displayed in the Gateway listening IP addresslist, select the other IP address (that is, the one not already selected in step 7).
Note: The address selected in step 8 can be that of either a media gateway or a Private Branch Exchange (PBX).
From the A/V Edge Serverlist, select the A/V Edge Server that hosts the A/V Authentication Service for this Mediation Server.
Important: If the A/V Edge Server that hosts the A/V Authentication Service for this Mediation Server does not appear in the list, then the A/V Edge Server on which the service is collocated has not been entered into the A/V Edge Serverslist on the Edge Serverstab of the Global Propertiespage. You need to add the A/V Edge Server to the previous list before it appears in the A/V Edge Server list on the Mediation Server tab. For details, see Deploying Edge Servers for External User Accessin the Deployment documentation.
In the Default location profilelist, select the default location profile for this Mediation Server.
In Media port rangeaccept the default range of 60,000 to 64,000.
Important: By reducing the port range greatly, you reduce server capacity. An administrator who is knowledgeable about media port requirements and scenarios should do this only for specific reasons. For this reason, altering the default port range is not recommended.
Organizations that employ Internet Protocol security (IPSec) for packet security are advised to disable it for media ports because the security handshake required by IPSec delays call setup. IPSec is unnecessary for media ports because Secure Real-Time Transport Protocol (SRTP) encryption secures all media traffic between the Mediation Server and the internal Communications Server network.
Click the Next Hop Connectionstab, and then under Office Communications Server next hop, do the following:
- In the
FQDNlist, select the FQDN of the next-hop internal server.
Note: This server could be a Director or pool.
- In the
Portbox, accept the default of 5061 for TLS.
- In the FQDNlist, select the FQDN of the next-hop internal server.
On the Next Hop Connectionstab, under PSTN Gateway next hop, do the following:
- In the
Addressbox, specify the IP address or FQDN of the PSTN
Gateway or the PBX associated with this Mediation Server. If TLS is
enabled, you must specify an FQDN.
- In the
TLSif the SIP signaling between the IP Gateway and the
Mediation Server is protected by TLS. If you are not using TLS,
- In the
Encryption Levelbox, select the level of SRTP that you want
to use to protect media traffic:
- If you do not want to use SRTP, click
Do not support encryption. If you clicked
Transportbox, this is the only option that is available.
- To specify that SRTP must be used, click
- To specify that SRTP should be attempted but no encryption
should be used if negotiation for SRTP is not successful, click
- If you do not want to use SRTP, click Do not support encryption. If you clicked TCPin the Transportbox, this is the only option that is available.
- In the
Portbox, accept the default of 5060 for TCP or TLS.
- In the Addressbox, specify the IP address or FQDN of the PSTN Gateway or the PBX associated with this Mediation Server. If TLS is enabled, you must specify an FQDN.
If you want the Mediation Server to strip the plus sign (+) prefix from the RequestUniform Resource Identifier (URI), the ToURI, and the FromURI of outgoing calls to the gateway, set the Windows Management Instrumentation (WMI) setting called RemovePlusFromRequestURIto TRUE (the default value is FALSE). For details about this setting, see the "New Configuration Option in Mediation Server" section in in the Planning and Architecture documentation.
If you want to enable Quality of Service (QoS) marking on the Mediation Server, set the WMI setting called QoSEnabledto TRUE (the default value is FALSE). For details about this setting, see the "New Configuration Option in Mediation Server" section in in the Planning and Architecture documentation.