Topic Last Modified: 2010-07-18
This section describes the hardware, port, DNS, DHCP, and security configurations that must be in place before you deploy IP phones and analog devices. These requirements are in addition to the required components described in Required Communications Server 2010 (Beta Refresh) Components for Devices. For more information on analog devices, please refer to the qualified Gateway section of document.
|Be sure to review the manufacturer’s data sheet for the devices that you are deploying to learn about additional requirements.|
IP phones running Microsoft Communicator “14” Phone Edition support Link Layer Discovery Protocol-Media Endpoint Discovery (LLDP-MED) and Power over Ethernet (PoE). To take advantage of LLDP-MED, the switch must support IEEE802.1AB and ANSI/TIA-1057. To take advantage of PoE, the switch must support PoE802.3AF or 802.3at.
To enable LLDP-MED, the administrator must enable LLDP by using the switch console window and set the LLDP-MED network policy with the correct voice VLAN ID.
In addition, if your deployment includes analog devices, you must configure the analog gateway to use Microsoft Communications Server 2010, and the gateway must be one of the following:
- An analog telephone adapter (ATA)
- A SIP-PSTN analog gateway
- A Survivable Branch Appliance that includes a SIP-PSTN analog
- A Survivable Branch Appliance that includes a SIP-PSTN gateway
that communicates with an ATA
To learn how to configure an analog gateway, see Appendix B: Configuring Analog Gateways and Devices.
|You can configure the switch for Enhanced 9-1-1 (E9-1-1), if the switch supports this.|
IP phones use port 443 for the Device Update service.
|To configure ports for analog devices, use the Gateway Management Console, as described in <information to come.>|
IP phones require certain DNS records. The following table describes the records that you must create and publish to a DNS service, within the corporate network, if you’re deploying IP phones. For information about the DNS records that are required for external IP phones, see Table 3, later in this topic.
Table 1. DNS Records for External Devices
FQDNs for the pool(s) hosting the Enhanced Registrars
The new Communications Server 2010 DNS load balancing feature
requires you to specify the server FQDN and the pool FQDN, using
the same IP address, for each server in the pool and to create A
records for all pools that contain an Enhanced Registrar. For
example: RegistrarServerOneInPool.<SIP domain>: 18.104.22.168,
RegistrarPool.<SIP domain>: 22.214.171.124,
RegistrarServerTwoInPool.<SIP domain>: 126.96.36.199, and
RegistrarPool.<SIP domain>: 1.2. 3.5.
Specifies the two SIP FQDNs for internal routing, one for communications over TCP, and one for TCP communications secured by TLS.
Specifies the Web Services portion of the Device Update services URL. The device will append “:443/RequestHandler/ucdevice.upx”. Make sure the HLB translates external requests to use “:443/RequestHandler/ucdevice.upx.” (The external port is 443.)
|If the pool is already deployed, this information can be referenced from the Communications Server Control Panel Topology tab by selecting the Edge server properties.|
IP phones require the Web Services URL and Enhanced Registrar FQDN from the DHCP server, for connectivity. To make sure that the DHCP server can provide IP phones with this information:
- Turn on this functionality by using this Communications Server
Management Shell command:
set-CsRegistrarConfiguration –EnableDHCPServer $true
- Ensure that broadcast packets from devices can reach the DHCP
server(s) by configuring DHCP relay agents to forward DHCP packets
to the Communications Server DHCP servers.
- For internal communications, ensure that the following options
are set up on the organization’s DHCP servers:
Table 2. DHCP Options for Internal IP Phones
Option Value Note
CS Pool Certificate Provisioning Service URL
Specify the internal URL in the form https://ocsWebPoolFQDN:443/CertProv/CertProvisioningService.svc*
FQDN for the CA Pool Registrar
Specify the FQDN of the pool that will be the first logon server for the device. Typically this is a Director pool. If you do not deploy a Director pool, then this is the Front End Pool FQDN. The pool FQDN suffix must match the user's SIP URI.*
We strongly recommended that you use a VLAN. However, if you decided not to use a VLAN for unified communications, or if you use LLDP-enabled switches in the enterprise to provide VLAN IDs, then don’t set this option. Note that option 43 is not an independent option. Depending on the Vendor Class ID it is configured for, the option may have different values. The client identifies the vendor for which it wants the information as option 60 in the DHCP Request.
Tip: If you’re not allowing external access, set up DHCP option 4 (TimeServer).
We strongly recommend that you deploy Communications Server DHCP servers in subnets where the Communications Server servers are located and that you use Communications Server DHCP servers in the central site and in small branch sites where Communications Server clients and servers are in the same subnet.
If you’re allowing external access for IP phones, a PKI infrastructure must be in place, and devices must have a valid Communications Server certificate, which they obtain when they log on and is issued from a public CA (recommended) or a private CA that allows the devices to connect to the Device Update service from outside the intranet. For more information, see Certificate Infrastructure Requirements, in this guide.
Edge Server Requirements
If you’re allowing external access for IP phones, deploy Edge servers by following the instructions in Deploying Edge Servers for External User Access, at the TechNet website, but during the Set up the Infrastructure for Edge Servers process, use the following configuration information to enable external access to the Device Update service:
- In the Configure a Reverse Proxy step, configure the reverse
HTTP proxy to use the Device Update service virtual directory
https://<external Server FQDN>:443 for the external URL for
Web Services and the Device Update service.
- In the Configure DNS step, use the following information:
Table 3. DNS Records for External Devices
Type Value Note
Edge server:_sipexternal._tls.<SIP domain>, and _sipexternaltls.<SIP domain>
Allows external devices to connect via SIP over TLS to the Enhanced Registrar internally.
Reverse proxy FQDN:<server name>.<SIP domain>
Allows external devices to connect via TLS over HTTP to the Update Service.
Note: If the Edge server is already deployed, this information can be referenced from the Communications Server Control Panel Topology tab by selecting the Edge server properties.
Mediation Server Requirements
If your deployment includes analog fax machines, you must enable media bypass in Mediation Server. Mediation Server does not support faxes. Also verify that the analog device is correctly marked as fax in the contact object configuration, as described in “Contact Objects,” in Required Communications Server 2010 (Beta Refresh) Components for Devices.
Fax devices must be connected to a gateway with PSTN connectivity for inbound and outbound calls.