Good morning! Back for day 3. (You can see my day 2 notes here.)
09:13: Back when I first started doing OCS, the vision included “hybrid“ gateway devices which included the Mediation Server role functionality in the gateway. Well, they exist now — partners have been busy! (source http://technet.microsoft.com/en-us/office/bb735838.aspx)
10:25: User provisioning can be fun. When provisioning users, you need to populate the msRTCSIP-line attribute with their phone number in E.164 format. OCS doesn’t look at the regular Active Directory phone attributes. You can populate the msRTCSIP-line attribute from the AD attribute, but you need to make sure that you normalize the numbers to E.164 format first. Best case: normalize your AD phone numbers! (source http://technet.microsoft.com/en-us/library/bb870372.aspx)
10:47: WMI is the preferred interface for writing user provisioning scripts — this allows you to do it in the language of your choice, including (yay!) PowerShell (via PowerShell’s WMI provider). The Resource Kit gives you lots of useful scripts (yes, including PowerShell) and samples as a starting point. (source http://www.microsoft.com/downloads/details.aspx?FamilyID=b9bf4f71-fb0b-4de9-962f-c56b70a8aecd&displaylang=en and http://blogs.technet.com/jamesone/archive/2007/08/19/powershell-and-paradigms-of-vb.aspx)
10:51: Mmm. These brownie-walnut-tart thingies are TASTY.
11:04: Kevin’s all hooked up for pictures, so you can see the brownie-walnut-tart thingies for yourself.
12:22: About to jump into more tasty crunchy labs, but before I do, one word of advice — bone up on regular expressions. (source http://technet.microsoft.com/en-us/library/bb803637.aspx, http://www.microsoft.com/downloads/details.aspx?FamilyID=b9bf4f71-fb0b-4de9-962f-c56b70a8aecd&displaylang=en, and http://www.microsoft.com/technet/technetmag/issues/2008/02/OCSTelephony/default.aspx)
14:28: RTP (Realtime Transport Protocol, not RealTime Protocol as many people think) is cool! There’s some clever engineering going on here, although the comparitive size of the header and the payload is pretty skewed, especially once you get all the UDP, IP, and physical link overhead in there – remember the overhead from 09:38 in the day 2 notes? That’s where it comes from. (source http://tools.ietf.org/html/rfc3550, http://forums.microsoft.com/unifiedcommunications/ShowPost.aspx?PostID=2697675&SiteID=57)
15:35: Even though a lot of the OCS conceptual diagrams show the three Edge server roles on separate machines, it is not supported to install these three roles on separate machines. You can deploy all three roles on a single machine OR you can have A/V Edge on one server and Access Edge + Web Conferencing Edge on another server. Each of these servers can also be load balanced server configurations. You can’t load balance a consolidated single server (all three Edge roles) configuration. I’m guilty of getting this one wrong, so if you saw me speak at one of the UC roadshows last fall, make note! (source http://technet.microsoft.com/en-us/library/bb663789.aspx)
15:44: Note that while a reverse proxy (such as ISA) is not a required part of the whole remote access deployment, by not using it you will lose functionality from external clients that aren’t using a VPN connection: you won’t be able to expand AD groups and get their memberships, you won’t be able to download the address book information (which contains all of that lovely normalized phone number information you went to such pains to configure), and you won’t be able to download meeting content in Live Meeting conferences. By reverse proxy, think something like ISA 2006 (which is recommended) or other equivalent applications or appliances. (source http://technet.microsoft.com/en-us/library/bb803627.aspx)
15:51: Contrary to popular belief, the Access Edge server does not perform authentication of incoming remote connections. They do provide validation of incoming SIP requests (filtering out requests to invalid SIP URIs, etc.), but they don’t authenticate. Authenticaton happens either by the OCS Standard Edition server, the OCS Enterprise Edition Front-End pool, or the optional (but highly recommended) Director role. Director roles can be load balanced for greater reliability. (source http://technet.microsoft.com/en-us/library/bb663752.aspx)
17:36: Byron Spurlock has a fantastic blog on OCS at http://blogs.msdn.com/byrons/default.aspx — the only flaw is that Byron needs to update more frequently! Great stuff!
17:42: Want to find the latest and greatest list of UC-compatible certificates? Look no further than KB 929395. However, be aware that this KB doesn’t seem to have been updated recently, and it doesn’t help you figure out which certificates will automatically be trusted by Windows Mobile devices or Office Communicator Phone Edition devices. The key sentence is If the OCS 2007 servers use public certificates they will most like be automatically trusted by the device, since it contains the same list of trusted CA’s as Windows CE.