Skype for Business and Enghouse Interactive Communication Center: how to publish the EICC EDGE Server

Hi All,

it’s a foundamental feature of Skype for Business to allow clients to access it’s services from Internet (via SfB EDGE) without a VPN connection.
It’s also very uncommon the need for a Call Center Agent to connect to the Call Center System from outside the Company network, or at least an Agent could use a VPN to achive that.

So, how to mix these two scenario and needs when the PBX is Skype for Business On-Prem and the Call Center System is an Enghouse Interactive Communication Center (EICC ex Zeacom)?
Simple: install and configure an EICC EDGE Server!

In this article I’ll explain the correct deployment and configuration of a EICC EDGE Server in a Skype for Business On-Prem deployment.

Scenario

eicc_1

In this article I assume that:

  1. SfB is correctly deployed with Enterprise Voice enabled (Standard or Enterprise Front-End Pool, SfB EDGE Server, Reverse Proxy, a certified Voice Gateway for PSTN connectivity)
  2. at least one EICC Server is installed and integrated with SfB
  3. one Public IP is available

EDGE Server installation

EICC EDGE Server standard configuration:

  • Windows Server 2012 R2 Standard
  • 4 vCPU, 8 GB RAM
  • Disk C: around 60-80 GB
  • Workgroup (non domain-joined)
  • 1 NIC in DMZ External, with a 1:1 NAT with a dedicated Public IP

Step 1: Setup
Copy the EICC Setup folder on the EDGE Server and run “<EICC Setup folder>Zeacom Microsoft Lync\Additional CTI Modules\Auxiliary Services\AuxiliaryServices.msi
Go through setup wizard

eicc_3

Select both Web Chat and Edge Server Deployment if you want to use the EDGE Server for Web Chat also.
eicc_4

eicc_5

eicc_6

eicc_2

Step 2: Configure FQDN and record DNS
Choose an External FQDN for EICC EDGE that is different from EICC Server Internal FQDN.
For example:
eiccinternal.uclab.com      A           <EICCServerIP>
eiccexternal.uclab.com     A           <EICCEDGEPublicIP>

Add EICC Server Internal FQDN record to internal DNS only (like lyncdiscoverinternal)
Add EICC EDGE External FQDN record to external DNS only (like lyncdiscover)

In this way, TouchPoint clients will connect via EICC Server internally, and via EICC EDGE from Internet.

Based on these informations, the updated example scenario is the following

eicc_7

Step 3: Firewall rules
Firewall rules are quite simple:

  1. Create the NAT 1:1 (bi-directional) between the EICC EDGE dedicated Public IP and the EICC EDGE DMZ IP. In our example between 1.2.3.4 and 192.168.1.11
  2. Allow inbound TLS traffic from Internet to EICC EDGE DMZ IP on port 3126
  3. Allow outbound traffic from EICC EDGE DMZ IP to EICC Server on port 3124
  4. Allow DNS traffic and remote management

Step 4: generate new certificate
You have to create a new certificate to be used on EICC EDGE Server.
It should be generated using the same Internal Enterprise PKI used with SfB deployment, thrusted by clients and without costs.

Create a standard single name certificate with external EICC EDGE FQDN only, so in our example eiccexternal.uclab.com.
Load it on EICC EDGE Server and take care to load CA Chain certificates also.

eicc_8

Step 5: create the EICC EDGE Instance
We are now ready to create the EICC EDGE Instance.
On the EICC EDGE Server open a PowerShell console and execute this command:

New-EdgeMessagingInstance -InstanceName <EDGE Instance Name> -MessagingGroup <EICC CTI Server Messaging Group Name> -OutboundServerPeerAddress <EICC CTI Server FQDN> -InboundPort 3126 -InboundSecurity TLS -InboundTlsServerCertName <EICC EDGE External FQDN>

So in our example the command will be:
New-EdgeMessagingInstance -InstanceName EDGE -MessagingGroup EICC -OutboundServerPeerAddress eiccsrv.uclab.local -InboundPort 3126 -InboundSecurity TLS -InboundTlsServerCertName eiccexternal.uclab.com

To remove the Instance:
Remove-EdgeMessagingInstance -InstanceName EDGE

If you check the EICC Application Manager Console on the EICC CTI Server, you will find something like this (Application list may vary based on your licenses)eicc_9

Step 6: update the Client Configuration File
Last but not least, there is the foundamental step where we instruct TouchPoint Clients to use EICC EDGE server also.

I always suggest to use the networksettings.ini file placed in the same TouchPoint Clients setup folder, so it will be copied in “%ALLUSERSPROFILE%\Telephony” folder during client setup and used immediately.

networksettings.ini is a simple text file like this one:

[Telephony\IPCClient]
[Telephony\IPCClient\autodiscoveryinterfaces]
Interfacelist=
[Telephony\IPCClient\PrimaryInterfaces]
Interfacelist=Primary,Backup
[Telephony\IPCClient\PrimaryInterfaces\Primary]
IsBroadcastSocket=0
[Telephony\IPCClient\PrimaryInterfaces\Primary\Outboundsocket]
Peeraddress= eiccinternal.uclab.com

to use EICC EDGE Server we need to add few lines

[Telephony\IPCClient]
[Telephony\IPCClient\autodiscoveryinterfaces]
Interfacelist=
[Telephony\IPCClient\PrimaryInterfaces]
Interfacelist=Primary,Backup
[Telephony\IPCClient\PrimaryInterfaces\Primary]
IsBroadcastSocket=0
[Telephony\IPCClient\PrimaryInterfaces\Primary\Outboundsocket]
Peeraddress= eiccinternal.uclab.com
[Telephony\IPCClient\PrimaryInterfaces\Backup]
IsBroadcastSocket=0
[Telephony\IPCClient\PrimaryInterfaces\Backup\Outboundsocket]
Peeraddress= eiccexternal.uclab.com:3126
Security= TLS
TlsClientCertIssuer= eiccexternal.uclab.com

and that’s all!
Note that current clients need to be updated with this new networksettings.ini to allow them to use the new EICC EDGE Server.

As always, I hope this guide could help some of you!
Best Regards
Luca

Advertisements

One thought on “Skype for Business and Enghouse Interactive Communication Center: how to publish the EICC EDGE Server

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s