(A future article will cover the additional configuration steps required to support Skype for Business Server or Hybrid deployments with the service.)Polycom One Touch Dial Service – explains what this ancillary service is, how it works, and provides detailed configuration steps for using it with Polycom VTCs. This article is the third in a series which covers Polycom’s RealConnect service, a Microsoft Azure-based video interoperability service for Skype for Business and Microsoft Teams meetings.RealConnect Service for Skype and Teams – introduces the overall solution and the steps to activate the service for use with Skype for Business Online meetings and/or Teams meetings. Device management and basic digital signage with Airtame Cloud Lite are available to all customers at no additional cost. Why Airtame?Airtame offers a combined solution for wireless screen sharing and digital signage. It’s a scalable solution with a clear return on investment, including decreased meeting downtime and IT maintenance.Internal and guest presenters can easily share their screen in an instant, improving the overall work and learning experience while encouraging productivity and engagement. Digital signage with Airtame Cloud helps organizations make the most of their screens.Airtame is the perfect match for everyday presenters, IT administrators, and managers.More than 20,000 companies and educational institutions use Airtame.By itself the server is useless as it must be paired with a customer tenant utilizing one or more licensed Polycom services. This component is a lightweight virtual machine based on Cent OS which is provided free of charge to Polycom customers in both VMware (.OVA) and HyperV (.VHD) formats. The Cloud Relay thus must sit on the private internal network like most other internal servers and not in a perimeter network to perform its duties. To address this sometimes an on-premises relay may be required to facilitate some forms of communication.This server’s primary function is to sit inside enterprise firewalls and open secure outbound connections to various Polycom services running in Microsoft Azure datacenters, meanwhile relaying messages from the cloud over to certain local resources. Essentially, when moving a solution or workflow from an on-premises server into a hosted service across the public Internet some capabilities may not be able to function entirely in the cloud. This on-premises server is an optional component to the RealConnect service, only needing to be deployed when using Skype for Business Server and/or supporting Cisco endpoints with the One Touch Dial service.The Polycom Cloud Relay is a relatively new component which was born out of the need to provide a lightweight server to handle various supportive tasks for multiple cloud services needs.Once this pairing step is completed by an administrator then the correct relay will be permanently linked to that tenant and begin pulling down any provisioned services which have already configured in the tenant. If these connections are successfully established then the new relay will then sit indefinitely in a holding pen, waiting to be manually integrated into a specific Polycom cloud tenant. When it is first brought online and configured on the local network it will then immediately attempt to connect to a handful of hardcoded Fully Qualified Domain Names (FQDNs) which point to several services running across multiple Azure datacenters.
But as this series of CVI articles is focused on the RealConnect service then the two applicable roles that the Cloud Relay serves is: For example the Polycom Device Management Service (PDMS) cloud offering leverages the Cloud Relay for some optional device management capabilities. Currently the Cloud Relay is used to perform several functions, most of which are applicable to the RealConnect service, but not all. But the majority of the various Polycom service offering’s features and functionality comes from the individual apps which are automatically updated as stated.Once these apps have been pushed down to the relay then it can start to perform its duties, whatever those may be. Currently the Cloud Relay itself is not updated so when new versions of the server image are released it would require the deployment of a new image, or replacement of the existing. Configuration changes and even software updates to the individual apps are all automatic. Vpn for mac p30downloadThis communications path is used by the cloud service to identify and locate the proper Skype Meeting URI for a given scheduled Skype meeting. To relay signaling messages from the Polycom RealConnect service to an on-premises Skype for Business Front End Server/Pool to establish the required connectivity to support RealConnect meetings in the cloud. So the Cloud Relay is used to receive that invitation from the cloud service and then establish a local connection directly to the Cisco endpoint to relay the message. Obviously if a Cisco VTC is sitting on an internal private network then it would not be possible to open a connection from the cloud directly to that endpoint without establishing a 1:1 static NAT through a corporate firewall, which is a poor and an unused practice. In the event that outbound connections to the Internet are limited by firewall policy then there are two configuration options typically leveraged. Do not actually open this port during deployment.)The role of the Cloud Relay is to provide a two-way communication path with the cloud services by opening the outbound connection and then keeping that connection open for the cloud to send information down as needed. (The official documentation does reference opening TCP 22 inbound from the Internet but that is only for remote SSH connectivity in the event that Polycom support needs to connect directly to the Cloud Relay console during a support call. But the less-common Advanced Messaging Queueing Protocol (AMQP) traffic leveraged by the Microsoft Azure Service Bus over port 5671 can often be blocked by corporate firewalls and will need to be allowed outbound.Communications from the Cloud Relay to the various Polycom Services are based on establishing secure connections to hardcoded FQDNs which, based on geography, will be directed to the nearest Azure datacenter where the services happen to be resident.As outlined in the official documentation the Cloud Relay will resolve and then attempt to connect to the following FQDNs via TCP over port 443:Additionally the Cloud Relay will need to establish connectivity to the Azure Service Bus via TCP over port 5671:All of these connections are established outbound and no ports need to be opened for inbound connections. In many environments outbound access to the Internet over 443 is open from any trusted network to untrusted networks and the majority of the traffic transverses here. It will attempt to securely open several outbound connections to Polycom services in Azure, all over two ports: 4. Polycom Cloud Access Download The ConfigurationFor communications with a Cisco VTC the Cloud Relay will need to be able to open a connection to the Cisco device over port 443 (or 80). The additional configuration for this outside of the prerequisite Cloud Relay deployment is covered in a separate article in this series, which is mentioned at the top of this article. For communications with a Skype for Business Front End Server/Pool the Cloud Relay will need to be able to open a connection over TLS 5061 using an assigned server certificate. As service in Azure can sometimes change IP address or subnetworks it is recommended to subscribe to service alerts in the case that any IP addresses will be changed in future upgrades or maintenance routines.With the prerequisite communications to the cloud successfully established the Cloud Relay will download the configuration and apps needed to further establish local communications with any on-premises Skype for Business Servers, Cisco VTCs, or (in the case of PDMS) Polycom IP phones like the VVX and Trio. But often domain names are not allowed in firewall policies and only IP addresses and subnetworks may be allowed via defined IT policies.
0 Comments
Leave a Reply. |
AuthorPaula ArchivesCategories |