Deploying Pexip in Azure — Part Seven — Integrating Skype for Business in Office 365

Since we now have a fully working platform within Microsoft Azure, the next natural integration would be with Skype for Business in Office 365. With Pexip Infinity we make this super easy and working today. No hybrid deployment of Skype for Business required.

Pexip in Azure and Skype for Business in Office 365

Step One — Planning DNS Names

If you already have your domain name in use by Office 365 such as example.com, you will have sip.example.com associated with that. Now if your Pexip deployment will be using the same domain name, then it must have a sub domain so there is no conflict. For the Pexip DMZ node, you will need to use something like pex.example.com or vc.example.com. Then for your DNS entries, you will need sip.pex.example.com and for the SIPFederationTLS you will need _.sipfederationtls._tcp.pex.example.com. You will then need an A record of sip.pex.example.com pointing to the DMZ conference node. As we have our deployment in Azure with a static NAT address, we can publicly reach the conference node.

In the setup below, the domain name is different to my Office 365 Domain so it is straightforward, but many deployments will have the same domain name.

Step Two — Certificates

First you need to have publicly signed certificates, you can get a trial one from www.ssl.com or www.comodo.com if you are just doing a lab setup. Just remember that the trial certificates are not SAN certificates, so the conference node SIP TLS FQDN much match the Common Name (CN) of the certificate.

First import the Trusted CA from your provider.

azure49
azure50
azure51

You will now see I have all trusted certificates from the CA.

Then import the actual certificate for the management and conference node. You will see the built in certificates in the list.

azure52

When you add the certificate, just click on select the file find the .crt you got back from your CA provider. Then select your private key which you will have on your machine from doing say the openssl to generate the csr. You can also select which server you want to apply this to, so I have chosen the management node as this is what this cert is for. Click Save.

azure53

You can now re-open your browser using the DNS name that is in the certificate and you should see the green padlock to show that it is secure.

azure55

Now do the same for the conference node if that is using a single certificate too.

Step Three — Configure Conference Nodes

Depending on the your certificate and number of nodes, you can either set the SIP TLS FQDN as the FQDN of the conference node (as that should be in the SAN certificate) or if you only have one node and one standard certificate, you just set it to the Common Name (CN) of the certificate.

azure56

Step Four — Setting the Skype for Business Domain in Pexip

You must specify the name of the SIP domain that is routed from Skype for Business to Pexip Infinity for this deployment. This domain is inserted into the From header in outbound calls from Pexip Infinity to SfB, and ensures that SfB can route messages back to Pexip Infinity when, for example, initiating content sharing.

You specify this by going to Platform configuration > Global settings and configuring the Lync MSSIP domain setting:

azure60

Step Five — Setup a DNS SRV Record

Depending how your DNS is managed, it may be similar to mine below where I create the SRV record.

azure57

Step Six — Setup an A Record for the Conference Node(s)

Now we need to configure an A record as we’ve told the SRV record to point at sip.x.x.x in my example above. You also need to ensure you have A records for your conference nodes too.

azure58

Step Seven — Add a full DNS name to a Meeting

In part six, we created a test meeting room which was fine for Pexip testing. As we want to dial the full name from Skype for Business, we need to append the DNS name, so just head to Service Configuration > Virtual Meeting Rooms and click on your test meeting. Then add in another alias with the full domain name as shown below.

azure59

Step Eight — Check Location Settings

Next we need to ensure that our location is not associated with the Skype for Business server as we need to use DNS to route to your Office 365 deployment. There would only be a SfB server defined if you had an on-premise deployment. Just go to Platform configuration > Locations. Select each location in turn and ensure that nothing is entered in the Lync/SfB server field.

azure61

Step Nine — Test Drive it

Now you should be able to call from your Office 365 Skype for Business account to a Virtual Meeting Room or for example, a user could browse to the conference node and utilise WebRTC and make a call to the Office 365 Skype for Business user (once the gateway rules are all configured). Apologies for using my Mac Lync 2011 client, but the SfB Mac preview is only for online meetings. We will cover that in another post, but already been testing with that as you can see here.

azure62
azure63

In the next guide, I will cover using Pexip Infinity with Skype for Business as a gateway, so that the workflow is consistent to the SfB gallery view when users want to call legacy video endpoints such as Cisco, Polycom etc and bring them into the workflow of Skype for Business.

Blog Series Links

Part One | Part Two | Part Three | Part Four | Part Five | Part Six | Part Seven


Originally published at Graham Walsh | Blog.