it’s a foundamental feature of Skype for Business to allow clients to access it’s services from Internet (via SfB EDGE) without a VPN connection.
It’s also very uncommon the need for a Call Center Agent to connect to the Call Center System from outside the Company network, or at least an Agent could use a VPN to achive that.
So, how to mix these two scenario and needs when the PBX is Skype for Business On-Prem and the Call Center System is an Enghouse Interactive Communication Center (EICC ex Zeacom)?
Simple: install and configure an EICC EDGE Server!
In this article I’ll explain the correct deployment and configuration of a EICC EDGE Server in a Skype for Business On-Prem deployment.
In this article I assume that:
- SfB is correctly deployed with Enterprise Voice enabled (Standard or Enterprise Front-End Pool, SfB EDGE Server, Reverse Proxy, a certified Voice Gateway for PSTN connectivity)
- at least one EICC Server is installed and integrated with SfB
- one Public IP is available
EDGE Server installation
EICC EDGE Server standard configuration:
- Windows Server 2012 R2 Standard
- 4 vCPU, 8 GB RAM
- Disk C: around 60-80 GB
- Workgroup (non domain-joined)
- 1 NIC in DMZ External, with a 1:1 NAT with a dedicated Public IP
Step 1: Setup
Copy the EICC Setup folder on the EDGE Server and run “<EICC Setup folder>Zeacom Microsoft Lync\Additional CTI Modules\Auxiliary Services\AuxiliaryServices.msi
Go through setup wizard
Select both Web Chat and Edge Server Deployment if you want to use the EDGE Server for Web Chat also.
Step 2: Configure FQDN and record DNS
Choose an External FQDN for EICC EDGE that is different from EICC Server Internal FQDN.
eiccinternal.uclab.com A <EICCServerIP>
eiccexternal.uclab.com A <EICCEDGEPublicIP>
Add EICC Server Internal FQDN record to internal DNS only (like lyncdiscoverinternal)
Add EICC EDGE External FQDN record to external DNS only (like lyncdiscover)
In this way, TouchPoint clients will connect via EICC Server internally, and via EICC EDGE from Internet.
Based on these informations, the updated example scenario is the following
Step 3: Firewall rules
Firewall rules are quite simple:
- Create the NAT 1:1 (bi-directional) between the EICC EDGE dedicated Public IP and the EICC EDGE DMZ IP. In our example between 22.214.171.124 and 192.168.1.11
- Allow inbound TLS traffic from Internet to EICC EDGE DMZ IP on port 3126
- Allow outbound traffic from EICC EDGE DMZ IP to EICC Server on port 3124
- Allow DNS traffic and remote management
Step 4: generate new certificate
You have to create a new certificate to be used on EICC EDGE Server.
It should be generated using the same Internal Enterprise PKI used with SfB deployment, thrusted by clients and without costs.
Create a standard single name certificate with external EICC EDGE FQDN only, so in our example eiccexternal.uclab.com.
Load it on EICC EDGE Server and take care to load CA Chain certificates also.
Step 5: create the EICC EDGE Instance
We are now ready to create the EICC EDGE Instance.
On the EICC EDGE Server open a PowerShell console and execute this command:
New-EdgeMessagingInstance -InstanceName <EDGE Instance Name> -MessagingGroup <EICC CTI Server Messaging Group Name> -OutboundServerPeerAddress <EICC CTI Server FQDN> -InboundPort 3126 -InboundSecurity TLS -InboundTlsServerCertName <EICC EDGE External FQDN>
So in our example the command will be:
New-EdgeMessagingInstance -InstanceName EDGE -MessagingGroup EICC -OutboundServerPeerAddress eiccsrv.uclab.local -InboundPort 3126 -InboundSecurity TLS -InboundTlsServerCertName eiccexternal.uclab.com
To remove the Instance:
Remove-EdgeMessagingInstance -InstanceName EDGE
Step 6: update the Client Configuration File
Last but not least, there is the foundamental step where we instruct TouchPoint Clients to use EICC EDGE server also.
I always suggest to use the networksettings.ini file placed in the same TouchPoint Clients setup folder, so it will be copied in “%ALLUSERSPROFILE%\Telephony” folder during client setup and used immediately.
networksettings.ini is a simple text file like this one:
to use EICC EDGE Server we need to add few lines
and that’s all!
Note that current clients need to be updated with this new networksettings.ini to allow them to use the new EICC EDGE Server.
As always, I hope this guide could help some of you!