Unified Communications with Microsoft

Sounds too good to be true, but… it is. I was doing some research on Public Certificate issuer (after all, I am running all this from home and am on budget as well) and found www.startcom.org. They offer all Validation Levels certificates and the lowest, Class 1, is free – a perfect scenario to test your Exchange and (hopefully) OCS public connectivity environment. Here is the comparison chart for their services:

I found that the free edition does not support SAN and so, you might need another cert. for autodiscover.your_domain but… not a big deal. Class 2 and above will do it and can’t beat their prices… I will seriously reconsider changing over when our production cert. expires.

Here are the steps to provision your Exchange Server with startcom.org SSL certificate.

***Windows Explorer 7 (or was it will NOT work. Save yourself time and frustration, get Firefox to complete this task…

Go to this link: https://www.startssl.com/?app=12

Click on Sign-Up button

Fill in the form… 

…and click Continue. An email with validation code will be sent to the email address you’ve used on the form. Enter it and continue. You will be taken to your toolbox.

First thing to do here is to verify your domain – click Check DNS of Domain link. Enter your domain name and TLD, and click Check. Another validation email will follow – you know the drill. Once your domain is verified, it will appear here:

Now it is time to create your Exchange 2010 CSR (Certificate Signing Request). Go to your Exchange server, start EMC and go to Server Configuration. Click New Exchange Certificate on right pane. Give it a name first

Do not enable Wild Card – we cannot issue it any way.

Because we want (and can only) test some basic functionality, not all options will be used here:

On the next screen you will see some SAN’s but… StartSSL free edition will disregard it any way…

On the next screen you need to enter some info (again – it will be disregarded) and also a location – where the CSR will be saved. In this case – c:\NewReq.req

Click “Next” on the last screen and the request will be processed.

Locate .req file, open it with text editor and copy the text.

The next step will be to submit the CSR to StartSSL for digital signing. Go back to your StarSSl’s Control Panel, click “Certificate Wizard” and select “Web Server SSL…” from the drop down menu.

Click Continue.

***Make sure you click “Skip” button (since we generated the key on our exchange server).

On the next screen paste the text we copied from the .req file.

…and click Continue. Once the certificate is signed, you will receive an email with instructions now to retrieve it.

Go to the Toolbox, Click “Retrieve Certificate” link, select your certificate from the drop down menu and click Continue.

Copy the text in the box – this is your certificate.

Go to your Exchange server, create new text file name it MyCert or so, paste the text and save it. ***NOTE. Change the file extension to .cer to avoid confusion later.

Before we proceed with the Certificate import, there is one more step – we must import the StartSSL Root CA to our Exchange server. Go to your  StarCom’s Toolbox and click StartCom CA Certificates link. You will be presented with this screen:

You need to save “Server Certificate Bundle with CRLs (PEM encoded)” to a location accessible from your exchange server. Go back to your exchange server, locate the file “ca-bundle.cer” if you used the default name, right click over it and select Install Certificate. Accept the default settings.

Once the Root CA is installed, we can now complete the Certificate Request. On EMC, highlight the Request you created earlier (this where the Friendly name comes handy), and click Complete Pending Request on the right pane.

Complete the steps in the wizard (you will have to select the .cer file you created earlier), assign the services associated with this certificate and… I restarted the server just in case…

It worked:

Hopefully by now you are already convinced that Unified Communications concept has great practical application(s) in EDU sector. It is time to look closer as of how it was implemented in GMC.

***If you expect to see a screenshots of installation and configuration – this is not happening. OCS 2007 R2 and Exchange 2007 (including UM role) is very well documented, you can find it all over Internet and having it here (again) would be a waste of time. My idea is to share the path, the line of thinking and the steps we went through in order to complete the deployment.

Oh, once Microsoft lifts the NDA over Wave 14, it will be different story…

The first challenge – extensions schema. Current users of Centrex or any hosted PBX are familiar with the Enterprise Extensions concept. Basically, the user dials three or four digits and connects to another user in the same location. What happens is: a normalization rule takes place to “convert” the 4 digit number to “full”, in some cases E.164 format, phone number. For example – 2704 was converted to 478-445-2704, a match is found and the called party is ringed. This is because all numbers are typically within the same PBX (remember, NPA-NXX-XXXX) where XXXX is the “internal” extension.

This is valid for all our offices. However, one problem – user in Milledgeville dials 4 digits to call colleague in Milledgeville, user in Valdosta dials 4 digits to call colleague in Valdosta, while calls cross-campus required fill 10 digit number. Of course, a long distance charge would occur due to the fact they reside in different Local Calling Area.

Since we will now host (and control) the environment, we wanted to make “dial by extension” available for cross-campus calls as well.  OCS is E.164 compliant. In order a call to be processed, the number must be presented as +1 NPA NXX XXXX. A call (as we know it at home) is typically 7 digits (445 2704) for local calls, 10 digits (478 225 2704) for some local area calls and 11 digits (1 478 445 2704) for long distance. OCS uses RegEx (Regular Expressions) to capture, evaluate and manipulate the input and convert it to E.164 format. For example:  ^(\d{7})$ to be translated to +1478$1

On English, this means “Match numbers that are exactly 7 digits long. Prepend ‘+1478′.” With other words, when users dial 4452704, the number will be presented as +12784452704 for further processing.

Now, we know that Local Area Codes/Prefixes are different for our remote offices, for example 478-387-XXXX for Milledgeville and 229-269-XXXX for Valdosta. So, if I assign a “location” code for every campus (2 for Milledgeville, 3 for Warner Robins, 4 for Valdosta and so on), I could build a RegEx to capture 5 digits input and translate it to E.164:

^4(\d{4})$ to be translated to +1229269$1 i.e. “Match numbers that start with ‘4′ and are a total of 5 digits long. Remove 1 digits from the beginning and add ‘+1229269′.” Now Milledgeville user would dial 40001 and call Valdosta user whose phone number is actually (229) 269-0001.

Number manipulation is a very powerful tool. A full deployment of UC, including Exchange UM, introduces Auto Attendant feature which can be used as “Dial by name” – the caller speaks the name of the called party and if match is found, the call is connected without further interaction. This come very handy especially in our case (we changed ALL phone numbers – a very downing task indeed, and a separate post will be dedicated to it). We created a RegEx to translate *99 to the Auto Attendant’s E.164 number and so, while in the middle of the changeover confusion, our users found easier to dial *99 and dial by name vs. wander around if the user’ number was changed yet or not.

Our remote offices are connected to Main Campus with VPN links (as to any other campus as well), and so, since now the calls are placed over the IP Network, the LD charges which normally occurred in the past, were completely eliminated. Furthermore, by carefully evaluation the Local Calling Areas and creating proper call routes, a further reduction of LD charges was achieved. Now is this possible:

We established already that (in US), there is something called Local Call (free), where IF the caller and the called party are within the same Local Calling Area, no charges will occur. So, with RegEx, we evaluate the number against the Call Routing table and forward the call to the (most) appropriate gateway:

When a user from Valdosta dials ANY number beginning with 478-387, the system will determine that the most appropriate gateway is the one in Milledgeville because the call will be FREE since appears to ordinate from Milledgeville. Translate this to a large business with office(s) on another continent… This is, by the way, the magic behind dialing US number and “John” with Indian accent takes your customer support call…

And the President said, Let there be Voice: and there was Voice.
Indeed. The much needed Enterprise Voice… for many reasons. Extraordinary savings, complete integration with our existing services, new, unseen before features and… the age’s old question – “Can I do it.” Don’t get me wrong, the latter is strictly personal. As a Professional, I will never jeopardize my Institution’s operations just to see what I am made of.

Implementing VoIP is not an easy task. There are many factors to be considered – from pure technical details to, yes, the “psychology of change”. Do you remember when I said “Beware what you wish” in my first post? Although I have been testing OCS EV for almost 18 months and had 100% confidence in my ability to pull this in GMC, I underestimated the ability of our users to fight “change in the work place” with any means. Can’t blame them, though – when a three star General (our President) say “I want it and I want it now”, my military training kicks in, the “common sense” receives “Shut up and do it” command and… Let me explain:

First – why I talk singular. GMC have five major locations, two extensions office and five offices in military bases throughout the State of Georgia. Total of 1,300 computers, 500 FT users, 4,000 – 6,000 students – all this maintained with 9 (nine) IT folks. I am responsible for the entire network and all servers (all 60 of them). Because of this, I take my role in the Institution VERY seriously since there are no “shared” responsibilities and so, “I” is the expression of pride and curse in the same time.

Second, the deployment was completed in 45 days. Now, this might look a lot of time and yet, it was quite not enough in terms of working with the users to explain the upcoming changes and mainly, to setup the new service as close as possible in order to mimic their current work flow while greatly enhancing it. Even though the Management realized the benefits of the migration, some of our end-users (still) see it as “twisting hands”… Can’t make everybody happy…

EDU sector is like nothing else out there. It has its own dynamics, rules, and in many cases the complexities of the work flow well exceed “normal” business operations. Just a few percent of the US economy can claim tens of thousands “new customers” every semester while obligated to maintain all records in perfect state.

Throwing new technologies in to the work flow not necessarily makes it more efficient. It least, not in the beginning… Let’s face it – the vision of the feature often contradicts with the reality of today. It is always been my opinion that IT folks (in EDU sector) should undergo a training course in “psychology of the work space”. We love to see our self as “the computer gods” and all our users as “that part of the earth population with only one legacy – to make our life miserable”. Well, the truth is, this is how they see us as well.

Having said that, the concept of “seamless integration” looks the best solution to satisfy both Institutional goals and end-user requirements. If you are reading this blog, most probably you are IT person. You have been there already. Just remember the last time when someone said “but I have been doing it THIS way for the last 10 years, why I have to change my 8-to-5 habits?”

I haven’t been born Microsoft’s fan. I work very hard on myself to stay away from prejudice in my professional decisions. I spent few hours every month in the business office areas, just hanging around with cup of coffee and trying to “feel” the work flow, talking to the colleagues about the current procedures and collecting “off the record” opinions. Then, I go to the drawing board and see how or if the newest IT technologies can fit in the current work flow, not override it. How this translates to GMC’s current state…

When I took this job 5 years ago, GMC had 5 (five) servers. HP UX for the college system, one UNIX web server and another for email, one Windows server (for something I don’t remember) and Novel file server. Blah! All computers with Windows XP OS. I got to think backwards – if my computing environment is Windows OS, shall I continue to make it work with different platforms thus spending most (or all) of my time keeping up with the changes in each, or simply unify the entire computing environment under one platform? Wouldn’t my Institution benefit more from the conceptual unity of present and feature rather than “keeping the environment running”? The only logical conclusion was to go Active Directory environment.

The breakthrough was implementing Exchange 2007 as email solution. The reason (partially) was my desperation to get rid of MailCall, which is pain in the hiney anyway. I have seen many of our users using Yahoo calendar and different chat services as collaboration tool already (I not know about you, but as Net Admin, any waste of bandwidth makes me lose sleep for days) and so, being myself, I set an exchange server in Production, migrated IT department to it and began selling the solution. I did not run to CEO right away, no… I knew I can sale this in a split second. I worked “from the first floor and up” until everybody had “wet dreams” about it and wanted it more than a Democrat wants a credit card. Exchange opened the doors of unseen till now collaboration. I will skip the details, ya’ll know it. So you know the early days of LCS 2005. I have to confess – LCS was the next step mainly because of two reasons – preserving bandwidth and “what happens in GMC must stay in GMC”. I don’t like the idea that someone out there was logging my user’s conversations…

Then came OCS 2007. I still had my doubts of the value of OCS as voice solution. The rest, however, was beautiful. OCS brought the collaboration in our environment to a whole new level. Needless to say, because of the Campus Agreement, all I needed was money for the hardware. Our users now had the ultimate collaboration tool at their discretion.

We are IT. We can say “I am not playing game on my work computer. I am doing research as of now playing games on my work computer impacts my work performance” and get by with it! Not the same in the business areas, though. Or faculties – they have their own “demons” as well. In environment where every minute is precious, unifying all means of communications is vital for dealing the constantly increasing work load.

OK, we already established the fact UC is a must in every mid-to-large scale business. Now, what would be the logical approach to realize this? Shall I let X_company System Integrator to invade my environment with their proprietary servers, software requirement, patches, service contracts, etc.? Do I have to bite my lips, run a sacred ritual and spit in the four directions every time when I install updates on my windows environment, hopping that I don’t have to talk to “Scott” with the awful accent… again? Or, upon deployment of the new server and/or service, I will wait for AD replication to complete, then restart my test machine and verify is the new feature is available? Which scenario makes more sense to you?

Some readers might get the impression I go to church every Sunday and do Bible study on Wednesdays. Uhm, no. I am Bulgarian, Eastern Orthodox and go to church on two occasions – to find my inner peace before I make an important decision or… to get away from my wife… just kidding. “Amen” for me is what “Eureka” was for Archimedes – “I got it”!

Enough said on this, let’s move on.

Georgia Military College is a two-year liberal arts junior college, a high school and a middle school. The main campus is located in Milledgeville, GA. We have campuses in every major city in the state and recruiting centers in every military base as well. Everybody in the Educational area knows what the telephony is as a part of the business flow… I am constantly amazed by the ability of our staff members to joggle between the kid on the counter, keyboard and the phone. I personally will not last a full day in this environment. As IT person, however, I am responsible to provide the tools available out there to optimize the business process, with other words, to get more work done with the same staff for the same working hours as yesterday. The good old capitalist way to “work people to death” is not an option (any more) and so, optimizing the work flow by introducing the concept of Unified Communications seems one very logical choice.

Let’s look the following example (the EDU people will recognize the situation right away):

A student in Valdosta campus goes to the business office to inquiry about his/her degree. Because the degree processor is located in the Main campus in Milledgeville, Valdosta folks have option to either:

     1. Say “Can you stop by this afternoon for an answer” (bad customer service – hell knows no fury as a student mistreated in the Business Office)
     2. Jump on the (PSTN) phone and dial Milledgeville (Long Distance charges) and hope:
           a) The other party is there
           b) It is not on the phone already (busy signal)
           c) It is not busy (“I have enough of my stuff to deal with”) with something else
           d) It is not in a bad mood in the moment
           e) Send an email to Milledgeville and… go back to a)

We can extrapolate from here to eternity the possible outcomes. However, the key here is – user A attempted to communicate with user B while they are physically separated by location and network. The essentials from the example above are:

     1. Is the user at his/her desk (Presence)

     2. Is it already on the phone (Availability for a particular task – a phone call in this case)

     3. Was anyone else tasked with this work flow

By introducing this part of Unified Communications concept (part of Office Communications Server 2007), we just solved one fundamental problem:

     1. We located the right person

     2. Asked the question

     3. Received an answer and served the student