Skype for Business 2019

Skype for Business server 2019 is now available from Microsoft for public preview as of July 24th. 

It will be available for general release toward the end of the year with a hybrid mode deployment enabling the on-premise infrastructure to leverage Cloud services including;

• Cloud Voicemail (when Exchange Sever 2019 is deployed.)
• Automated process for migrations to Microsoft Teams which will ultimately become the single communication & collaboration toolset for Microsoft.
• Cloud Auto Attendant.
• Cloud Call Data Connector, no need to store and provision QoE databases on premise, this data is now uploaded to Microsoft's cloud and accessed via the Call Quality Dashboard (QCD.)

Microsoft Office 2019 will ship in the final quarter of the year and includes a new Skype for Business client to use with the server toolset.

Support lifecycle has been aligned with the rest of the 2019 products with mainstream support ending in 2023 (5 years) and extended support until 2025.
Will this be the last Skype for Business client / server application Microsoft release? Who knows, but customers that do not wish to migrate to Teams have at least another five years on the SfB platform with guaranteed supportability.

Microsoft Teams Phone System Coexistence

Microsoft Teams Direct Routing is finally out of preview and available now for customer solutions providing an important new architecture for voice routing.

To make use of PSTN calling within Teams users must either have the Phone System add-on license for their O/M365 plan or a plan that incorporates Phone System such as E5. This is the same as it was for Skype for Business online however up until now Teams PSTN calling could only be achieved in a pure cloud model using Calling Plans for Office 365 – Telstra Calling. The issue here being Calling Plans are available only for certain territories ruling out much of the globe from PSTN capabilities within Teams. Calling plans can prove expensive especially for larger businesses as each user effectively leases a single trunk whereas with an on premise solution we may provide one trunk per ten users. It also presents no option for coexistence between the legacy on premise platforms increasing cost and risk during migrations, especially when it's a slow, phased migration with parallel run needs measured in years.

With Skype for Business we had a potential although less than ideal solution with the Cloud Connector Edition (CCE.) This later became an embedded option within the ASM modules of leading session border controller vendors Audiocodes and Ribbon (Sonus.) CCE allowed office 365 homed Skype for Business users to route their calls via local SBC appliances and either onto SIP services or interwork with existing PABX’s. Teams does not make use of CCE which is a good thing but there is also no option for Skype for Business to use Direct Routing. To be able to route Teams PSTN calls via local SIP services Direct Routing is required. Microsoft have established a SIP Proxy service within Office 365 that facilitates connection of the SIP trunk (bring your own SIP trunk as it used to be known.) To connect with the service a certified Session Border Controller is required, currently only models from Audiocodes and Ribbon are supported and it’s only a firmware update, so existing SBC’s can provide Direct Routing. This also includes models that incorporate CCE such as Ribbons CloudLink and Audiocodes CloudBond systems and that’s good news because we can now support Skype for Business online users and Teams users that both require on premise PSTN integration from the same appliance as shown below.

Courtesy of Ribbon

Users must be provisioned with a PSTN number that terminates on premise but other users in the organisation can be assigned DDI’s from a Microsoft Calling Plan. The use of an optimised SBC with Direct Routing support means we have great flexibility in transitioning a customer to Teams Phone System and retaining interoperability with Skype for Business and legacy communications users. This is important as Teams is best suited to collaborative worker types and until we have supported desk phones, attendant console and contact centre the bulk of a user base will not wish to transition to Teams for their communications tool.

There are still key issues to address and media bypass is at the top of that list. With the current implementation all call media will route via Microsoft cloud based infrastructure meaning in most cases call legs will traverse the Internet limiting scope for end to end QoS and adding unnecessary hops to the call. However this feature, along with others, is on the horizon and should not be an issue for most considering adoption in the near future.

Polycom Phones for Microsoft Teams

As customers consider their options for migration to Microsoft Teams modern Phone System it’s worth observing that Polycom, Microsoft leading AV partner, have made several key announcements recently. 

All Polycom devices certified for Skype for Business online are supported by Teams. So Teams will support both the VVX range of business media phones and the Trio 8800 & 8500 conference phones. Although the Trio can be considered an audio video conference device it was only ever certified on Microsoft’s audio track. If ordering new devices it is best to procure the “Microsoft edition” versions as these will arrive preinstalled with the correct profile and license (SKU’s ending with 019.)

Polycom did originally announce that LPE phones would also be supported but this is now no longer the case for several reasons; mainstream support has already ended for LPE and O365 enforces TSL 1.2 from November this year. Polycom will release new software for existing phones and a Teams native mode for the Trio 8800 conference phone was presented at partner connect in March, see graphic below.

The user experience will remain the same when a user is migrated from Skype to Teams with the following points: 

Polycom Trio 8800 - Teams (Landis Technologies LLC (c))

·       All Skype for Business sign-in capabilities will remain unchanged

·       Skype for Business users will be able to make and receive calls on their phones with no change to their current experience

·       Presence information will work

·       Users will still have access to their corporate and local directories 

·       All existing Skype for Business meeting capabilities will continue to work

Microsoft have announced that when a user is migrated additional features will be realised:

·       Incoming/outgoing P2P calls (when calling a Teams-enabled Skype for Business phone user)

·       In-call controls via UI (mute, hold/resume, transfer, end call)

·       Phone notifications about upcoming meetings

·       Calendar access and meeting details

·       One-click join for prescheduled meetings

·       Mute/unmute for conferences

·       List of meeting participants

·       Hold/resume for conferences

·       Hang up from conference calls

·       Ability for IP phones to add another Skype for Business user to an ongoing meeting   by using the ‘Add Participant’ feature

In addition to the existing line-up already Teams ready, Polycom will introduce a new range of desk phones for Teams in 2019. These will be designed with the features that are on the Microsoft roadmap in mind and provide a similar user experience to that of the Teams mobile client, specifically touch driven input.

Anywhere 365 Contact Centre for Microsoft Phone System Architecture

Anywhere365 Universal Contact Centre is a native Skype for Business on premise and Cloud PBX (Modern Phone System) solution. It’s a great product and the guys at Workstream People are developing it rapidly so we have answers for every request that our customers can make.

For deployments against on premise Skype for Business the GoLive section of their website features detailed architectural reference models which are extremely useful but for deployments against Microsoft Modern Phone System things aren’t so clear.

An Anywhere UCC is deployed into the Skype for Business topology as a trusted application server and for Skype for Business online the topology is controlled by Microsoft so we can’t do this therefore pure public cloud solutions are not supported. This is important when we think to the future and Direct Routing with Teams. 

So how do we approach the increasing number of customers wanting to migrate into Microsoft cloud for a range of services including Phone System to maximise their E5 usage but also require cloud contact centre in as neat a packaged service as possible?

Although Cloud Connector Edition (CCE) is supported as far as the PSTN routing is concerned, CCE does not contain a front end server and while Audiocodes CloudBond OPCH does and may seem like an option it’s not. Both active and queued calls in Anywhere, like most Skype for Business native contact centres, are delivered as audio conferences. This consumes resources that the lightweight OPCH appliance does not have.

Anywhere365 Cloud Model

The solution is to deploy a Skype for Business topology within the datacentre as a hosted solution that can be scaled as required. This topology will not home any users and can be used for multiple UCC customers. This is because UCC supports federated agents, yes there are a few minor feature limitations, but this allows the customers to migrate to Microsoft cloud voice and still adopt Anywhere as their contact centre solution. Each customer can be provisioned with one or more UCC servers as required against the single Skype for Business topology and their data kept separate within dedicated SQL databases for each UCC. Simply add the required Skype online federated users to the required UCC’s and its ready to go. Each UCC will operate independently and be configured from its own SharePoint site.

There is still the issue of the Interceptor to address. This is an Anywhere application service installed onto the Front end server designed to hook any direct inbound or outbound calls to agent SIP URI’s and initiate call recording. Only with Microsoft Phone System the agents are Skype for Business online users so the Interceptor will not know if calls are made to or by them. Luckily there is a workaround, Anywhere can be used exclusively by agents from the Skype for Business soft client – chat commands control agent sign-in / out and status etc. But Workstream have built the inflight Snapper which can be run on any agent’s machine. The snapper can show a mini wallboard, various stats, includes buttons for reason codes, sign-in / out but also a dialler. If the agents use this dialler for outbound calls they will be captured and recorded. So we are only left with direct incoming calls to agents that cannot be recorded and most customers tend to exclude these from their compliance requirements anyway.

If Anywhere is needed for just a single customer then a consolidated Skype for Business deployment could be considered using Standard Edition to keep the server count and cost much lower.

For now, it seems we have a workable solution for many customers moving to Microsoft cloud voice, but with no more active development for their online Skype for Business service and Teams being positioned as the future for communications and collaboration how will both Microsoft and the Contact Centre partners ensure customer are investing in a future fit service?

Microsoft Lync Zero Day Attack

On 5th November the Microsoft zero-day vulnerability was reported by McAfee Labs senior security researcher Haifei Li. The bug affects a range of products including Lync clients. Microsoft have been informed of on-going targeted attacks mostly in the Middle East and South Asia that have exploited this flaw.

The vulnerability is due to a bug in the handling of TIFF files and results in memory corruption which can be exploited to gain elevated access to the targeted system.

Lync products affected include:

Microsoft $100,000 Bug Reward

Lync 2010 x86, x64
Lync 2010 Attendee
Lync 2013 x86, x64
Lync Basic 2013 x86, x64
Office 365 is not affected by the exploit.

Microsoft have released a temporary patch to block rendering of the TIFF format using the registry mod below: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Gdiplus\DisableTIFFCodec = 1

Microsoft advise installing EMET (the Enhanced Mitigation Experience Toolkit) that is able to mitigate this exploit in advance when any of the following mitigations are enabled for Office binaries:
Multiple ROP mitigations (StackPointer, Caller, SimExec, MemProt) available in EMET 4.0
Other mitigations (MandatoryASLR, EAF, HeapSpray ) included in EMET 3.0 and 4.0

EMET can be deployed via group policy or SCCM for blanket coverage of all vulnerable clients.

Lync is Microsoft Fastest Growing Business – ComputerWorld got it Wrong

ComputerWorld published an article earlier this month entitled “Microsoft pushes into crowded Unified Communications market”. The article provides a reasonably balanced view of the current state however there are a few caveats I have, in one section it states:

Lync - Revenue exceeds $1Bn

“In the crowded UC market, it (Lync) competes against offerings from vendors including Cisco, IBM, Avaya, Siemens, Alcatel-Lucent, Mitel and ShoreTel.
However, Lync isn't being hailed as a product that stands out from the rest in any significant way nor that is blazing trails of innovation in this UC market.”

I disagree, Lync does stand out from the rest in one very important and deal-making way; Lync is fully integrated with the more traditional Microsoft products, it embeds itself into Office, SharePoint and Exchange making Lync an extension of the existing business worker stack. It was designed from the outset to operate in this way, Microsoft intended the deep integration that Lync provides into existing workflows and indeed only they can achieve this as they produce all of the other software as well.
The competition developed its products to be competitors for traditional telephony, a separate isolated system, only producing the allusion of integration using applications such as CUCILync.

Lync is now Microsoft’s fastest growing business with 30% growth this year to exceed the billion dollar revenue mark.
There are also a billion registered users of Microsoft Office out there and Exchange is an immensely popular corporate e-mail platform; a large percentage of this user base will migrate from either old PBX systems or other VoIP systems onto Lync as the benefits to that coupling are great and enterprise licensing cost outlay is minimal. In addition if they are already using Office and Exchange then they are a Microsoft shop and likely to be in a position to adopt the technology faster and with better in-house support. Lync has a lot of growing to do and a lot of market cap to take.

Voice engineers I talk to accept that the products they work with are separate systems and are quite happy to keep developing these for their clients. They just don’t get it that voice has no future as a stand-alone product with its own dedicated infrastructure. Voice is already part of unified communications stacks and for a system to have a future it must provide all of the core communication modalities equally well with transition between IM, e-mail, voice, video and application / desktop sharing being as seamless as possible. Only Lync currently comes anywhere close to offering this.

Cisco rely on their rock solid reputation as justification to buy into their systems; telephony is mission critical so you must have the most reliable platform with its own dedicated everything.
But Lync is the only system thus far to pass the Miercom Sip torture test for reliability.

Zeus Kerravala, founder and principal analyst with ZK Research was quoted in the article referring to Lync, stating "It's a good, competitive, traditional UC tool." The most important thing is that Lync isn’t traditional, it’s ground breaking.

The significance of the Lync – Skype integration was skimmed over in the article. They mention that it will allow support teams to move into an era of customer partnership models, but Skype is also a readymade global VoIP network and it’s free. Almost all of us have devices that can run Skype; its user base is already huge giving Microsoft a distinct advantage in the UC market place and decisions as to which UC platform to migrate to, will in part depend on the answer to the question “is it compatible with our Skype customers?” Cisco realise this as a serious threat, hence the pending legal case between them.
See http://www.reuters.com/article/2013/05/28/cisco-microsoft-court-idUSL5N0E933220130528

It’s clear in this new UC landscape those clutching at the past and pushing products that see voice as a separate entity to be placed on the desk alongside the ubiquitous in-trays of the world will be relegated to history. Some very big players in the market today that initially claimed Lync as a non-threat will be pushed out of that market by the very same product.

The UC space may be crowded with products but saturation is still only at 51% globally and 90% of the fortune 100 already have Lync investment that is surely only going to grow as they retire more traditional systems many of which are listed among the competition. The big blow here for them will be the loss of those very lucrative support and maintenance contracts.

Microsoft have done a rare thing; produced a world beating product in a space where they have very little experience and in a comparatively short period of time.

Lync is going to be very big. Don’t believe me? Then check back here in two years and leave your comments then.

Lync Server 2013 CU2 Paired Pool Update

On Monday 1st July 2013 Microsoft released their second cumulative update for Lync server 2013. Unlike the first which involved breaking SQL mirrors for Enterprise edition it seems like Microsoft have listened and improved the Lync upgrade process; now fully supporting SQL mirrors and no need to rebuild your HA arrangements afterward.
However, all is not as simple as it may seem.

Technet guidelines on deploying the Lync CU's are causing confusion, the following is an extract from the site:

Lync Server 2013 Update Installer

"The front end servers in an Enterprise Edition pool are organized into upgrade domains. These upgrade domains are subsets of front end servers in the pool. Upgrade domains are created automatically by Topology Builder.
You must upgrade one upgrade domain at a time, and you must upgrade each front-end server in each upgrade domain. To do this, take one server in an upgrade domain offline, upgrade the server, and then restart it. Then, repeat this process for each server in the upgrade domain. Make sure that you record which upgrade domain and servers that you have upgraded".

Fairly straightforward so far. Unlike Lync 2010, 2013 uses the Windows fabric, organises its users into groups and its FE servers into upgrade domains; logical constructs which contain one or more FE servers. Use the following command to see which FE servers have been assigned to which upgrade domains (numbered 1,2,3 etc):

Get-CsPoolUpgradeReadinessState

If the command returns a status of True against each upgrade domain it is ready for upgrade. Proceed to upgrade each server listed in turn by firstly draining the server with:

Stop-CsWindowsService –Graceful

Then once active sessions on that server have ceased, launch the upgrade package, LyncServerUpdateInstaller.exe.

Once the upgrade on the first server is complete, restart all Lync services and verify it's status prior to proceeding onto the next server.

Once all servers within the first upgrade domain have been upgraded proceed to the next upgrade domain and repeat the above process.

However,Technet goes on to state the following if the status returned by upgrade readiness status is not True:

"If the State value of the pool is Busy, wait for 10 minutes, and then try to run the Get-CsPoolUpgradeReadinessStatecmdlet again. If you see Busy for at least three consecutive times after you wait 10 minutes in between each attempt, or if you see any result of InsufficientActiveFrontEnds for the State value of the pool, there is an issue with the pool. If you cannot resolve this issue, you may have to contact Microsoft Support. If this pool is paired with another front end pool in a disaster recovery topology, you must fail the pool over to the backup pool, and then update these servers in this pool".

It seems that this is being interpreted in one of two ways;

Firstly if uprgade readiness returns "busy" or anything other than "true" persists then you must contact Microsoft for assistance unless you are running paired pools in which case you can invoke failover and then commence the upgrade.

Secondly regardless of busy or true states for upgrade readiness, if you are running a paired pool topology then you must invoke a pool failover to be able to upgrade prior to failing the pool back to upgrade the second pool of the pair.

The first interpretation is correct and there's a supporting flowchart on Technet to confirm it.
If the upgrade readiness command returns true then regardless of anything else your environment can be updated. However, replies from Microsoft support for clarification have suggested that "you must fail over the FE pool to it's DR pair to perform the upgrade, then fail back and upgrade the DR pool". This is not correct and is in conflict with the procedure on Technet. Come on Microsoft, if your own people aren't on the same page here then how are we expected to manage.

Regardring the rest of the CU2 update, once all FE servers are upgraded you now have the remaining Lync infrastructure to tackle including the backend.

Microsoft have also posted a warning that if you install the CU2 update and then roll back to CU1 your Lync databases will revert to the RTM version, please see the link below for further details:

http://support.microsoft.com/kb/2819565