Skype for Business and Enghouse Interactive Communication Center: how to publish the EICC EDGE Server

Hi All,

it’s a foundamental feature of Skype for Business to allow clients to access it’s services from Internet (via SfB EDGE) without a VPN connection.
It’s also very uncommon the need for a Call Center Agent to connect to the Call Center System from outside the Company network, or at least an Agent could use a VPN to achive that.

So, how to mix these two scenario and needs when the PBX is Skype for Business On-Prem and the Call Center System is an Enghouse Interactive Communication Center (EICC ex Zeacom)?
Simple: install and configure an EICC EDGE Server!

In this article I’ll explain the correct deployment and configuration of a EICC EDGE Server in a Skype for Business On-Prem deployment.



In this article I assume that:

  1. SfB is correctly deployed with Enterprise Voice enabled (Standard or Enterprise Front-End Pool, SfB EDGE Server, Reverse Proxy, a certified Voice Gateway for PSTN connectivity)
  2. at least one EICC Server is installed and integrated with SfB
  3. one Public IP is available

EDGE Server installation

EICC EDGE Server standard configuration:

  • Windows Server 2012 R2 Standard
  • 4 vCPU, 8 GB RAM
  • Disk C: around 60-80 GB
  • Workgroup (non domain-joined)
  • 1 NIC in DMZ External, with a 1:1 NAT with a dedicated Public IP

Step 1: Setup
Copy the EICC Setup folder on the EDGE Server and run “<EICC Setup folder>Zeacom Microsoft Lync\Additional CTI Modules\Auxiliary Services\AuxiliaryServices.msi
Go through setup wizard


Select both Web Chat and Edge Server Deployment if you want to use the EDGE Server for Web Chat also.




Step 2: Configure FQDN and record DNS
Choose an External FQDN for EICC EDGE that is different from EICC Server Internal FQDN.
For example:      A           <EICCServerIP>     A           <EICCEDGEPublicIP>

Add EICC Server Internal FQDN record to internal DNS only (like lyncdiscoverinternal)
Add EICC EDGE External FQDN record to external DNS only (like lyncdiscover)

In this way, TouchPoint clients will connect via EICC Server internally, and via EICC EDGE from Internet.

Based on these informations, the updated example scenario is the following


Step 3: Firewall rules
Firewall rules are quite simple:

  1. Create the NAT 1:1 (bi-directional) between the EICC EDGE dedicated Public IP and the EICC EDGE DMZ IP. In our example between and
  2. Allow inbound TLS traffic from Internet to EICC EDGE DMZ IP on port 3126
  3. Allow outbound traffic from EICC EDGE DMZ IP to EICC Server on port 3124
  4. Allow DNS traffic and remote management

Step 4: generate new certificate
You have to create a new certificate to be used on EICC EDGE Server.
It should be generated using the same Internal Enterprise PKI used with SfB deployment, thrusted by clients and without costs.

Create a standard single name certificate with external EICC EDGE FQDN only, so in our example
Load it on EICC EDGE Server and take care to load CA Chain certificates also.


Step 5: create the EICC EDGE Instance
We are now ready to create the EICC EDGE Instance.
On the EICC EDGE Server open a PowerShell console and execute this command:

New-EdgeMessagingInstance -InstanceName <EDGE Instance Name> -MessagingGroup <EICC CTI Server Messaging Group Name> -OutboundServerPeerAddress <EICC CTI Server FQDN> -InboundPort 3126 -InboundSecurity TLS -InboundTlsServerCertName <EICC EDGE External FQDN>

So in our example the command will be:
New-EdgeMessagingInstance -InstanceName EDGE -MessagingGroup EICC -OutboundServerPeerAddress eiccsrv.uclab.local -InboundPort 3126 -InboundSecurity TLS -InboundTlsServerCertName

To remove the Instance:
Remove-EdgeMessagingInstance -InstanceName EDGE

If you check the EICC Application Manager Console on the EICC CTI Server, you will find something like this (Application list may vary based on your licenses)eicc_9

Step 6: update the Client Configuration File
Last but not least, there is the foundamental step where we instruct TouchPoint Clients to use EICC EDGE server also.

I always suggest to use the networksettings.ini file placed in the same TouchPoint Clients setup folder, so it will be copied in “%ALLUSERSPROFILE%\Telephony” folder during client setup and used immediately.

networksettings.ini is a simple text file like this one:


to use EICC EDGE Server we need to add few lines

Security= TLS

and that’s all!
Note that current clients need to be updated with this new networksettings.ini to allow them to use the new EICC EDGE Server.

As always, I hope this guide could help some of you!
Best Regards


3 thoughts on “Skype for Business and Enghouse Interactive Communication Center: how to publish the EICC EDGE Server

Add yours

  1. Hi Luca, Great breakdown.
    We’d recommend using MTLS rather than TLS so that the client can be challenged by the trust of their own certificate. This description will encrypt the traffic but not challenge the users connection with any method of authentication when connecting, thus opening a hole into the LAN.


    1. Hi Grum,
      thank you for your kind reply.
      MTLS is better, agree, maybe I’ll write a post on MTLS on EICC 🙂
      Authentication is based on SfB client rather then on EICC.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a free website or blog at

Up ↑

%d bloggers like this: