Integration with MS Communications Server

[DanReid]

Hi,

 

Does anyone know if it is possible to integrate pbxnsip with Microsoft Office Communications Server 2007? If so, are there any instructions for doing so?

 

My company is looking to replace our aging pbx with a new IP-PBX and integration with OCS 2007 has already been deemed a necessity.

 

Thanks,

 

Dan.

[Vodia PBX]

Unfortunately, OCS uses the "NTLM" authentication scheme. The problem is that there is no documentation on how to use it and Microsoft did not tell us yet... It is clearly on the radar, but technically at the moment a big problem.

[DanReid]

If it is of any help, OCS also uses kerberos authentication. You can choose between one, the other or both.

 

Also, I believe if you use an OCS mediation server, you can bypass authentication entirely and use it as a simple sip gateway to route traffic between OCS and any other sip source (although I might be mistaken on this.)

 

If this isn't possible at present, do you see it as something that will be an option in the future? I would imagine if Exchange 2007 integration is possible, then OCS integration should not be too hard. There's no authentication settings required when integrating Exchange and OCS.

[Vodia PBX]

Sure, we have a big interest in talking to OCS. We need to act like a endpoint, because IMHO the most intesting case are branch offices or departments that run the PBX locally, but want to be part of the whole organization. I think an endpoint always has to authenticate itself. Maybe one day Microsoft will also support Digest authentication, as all other vendors do and then it will probably no problem.

 

Kerberos might in fact be easier, it is documented well.

[DanReid]

Thanks for all the prompt responses. That is exactly the sort of scenario we are looking at, with head office and larger branch offices running IP-PBXs and OCS to integrate the entire organisation. The tight integration with the Office 2007 suite that you get with OCS is also very important to us.

 

I don't know if digest authentication will ever appear. I hope it does, too, but MS aren't always the best when it comes to standardising their software. I think we're lucky they decided to use sip instead of a proprietry protocol!

 

I hope this will be a capability that will surface in the near future.

[Jan Boguslawski]

Hi @all,

 

its possible. Place pbxnsip in front of the OCS mediation server. It talks SIP over TCP and pbxnsip can this too, like with Exchange 2007:

No authentification, no encryption - its the same like the gateways from AudioCodes, Dialogic, Vegastreams,... do. Only the communication between OCS and OCS Mediation Server is SIP over MTLS. You need to use a Windows Public Key Infrastructure or commercial certificates, dont use selfsigned certificates!

 

Create a Trunk in pbxnsip: SIP-Gateway

 

Domain: your-ocs-mediation-server-ip-adress

no password + accept redirect

 

You need to place the same numbers in pbxnsip, you like to call from within OCS. Its important to use E.164 numbers, because OCS will only accept this and it will only call outside with E.164 numbers.

 

To call any number from the real world in Office Communicator, please wait for the next pbxnsip-version. It will support Trunk to Trunk calls. So you can use a trunk to your prefered VoIP-Provider and call from OCS with unknown numbers will be transfered.

 

For now, give the test-version a try with OCS.

 

best regards,

 

Jan

[SOSAGES]

Hi,

 

interesting post. Does anyone have any experience in getting PBXNSIP working with speech server 2007?

[Fred Gaston]

Hi @all,

 

its possible. Place pbxnsip in front of the OCS mediation server. It talks SIP over TCP and pbxnsip can this too, like with Exchange 2007:

No authentification, no encryption - its the same like the gateways from AudioCodes, Dialogic, Vegastreams,... do. Only the communication between OCS and OCS Mediation Server is SIP over MTLS. You need to use a Windows Public Key Infrastructure or commercial certificates, dont use selfsigned certificates!

 

Create a Trunk in pbxnsip: SIP-Gateway

 

Domain: your-ocs-mediation-server-ip-adress

no password + accept redirect

 

You need to place the same numbers in pbxnsip, you like to call from within OCS. Its important to use E.164 numbers, because OCS will only accept this and it will only call outside with E.164 numbers.

 

To call any number from the real world in Office Communicator, please wait for the next pbxnsip-version. It will support Trunk to Trunk calls. So you can use a trunk to your prefered VoIP-Provider and call from OCS with unknown numbers will be transfered.

 

For now, give the test-version a try with OCS.

 

best regards,

 

Jan

 

Jan:

1. Presume you are referring to v2.1x as next version from your July post? Have you confirmed dialing externally from OC client works in 2.1?

2. Can you elaborate please on how & where to setup (same) E.164 numbers in pbxnsip? Do you mean extensions or outside numbers, or both? Is this obviated by trunk to trunk in 2.1 & now unnecessary?

3. Did you have to synch dial plans in pbxnsip & OCS and can you provide examples?

4. Do you have integrated with Exchange UM and if so were you able to do without SP1, which MS doesn't advocate applying to production server.

Thanks, Fred

[Vodia PBX]

Does anyone have any experience in getting PBXNSIP working with speech server 2007?

 

Yes there was someone using it with the speech server and it worked. The setup was prettys much the same as with Exchange - I guess they are using the same underlying components.

[Fred Gaston]

Yes there was someone using it with the speech server and it worked. The setup was prettys much the same as with Exchange - I guess they are using the same underlying components.

Thanks. Can you comment on the Trunk to Trunk feature in 2.1 and how that would get around the need for adding numbers per Jan's post. Is there any configuration necessary for this feature, if OCS is sending in E.164 format? Thanks, Fred

[Vodia PBX]

Can you comment on the Trunk to Trunk feature in 2.1 and how that would get around the need for adding numbers per Jan's post. Is there any configuration necessary for this feature, if OCS is sending in E.164 format? Thanks, Fred

 

When the Exchange server wants to initiate a call (e.g. through the address book), it must tell the PBX to initiate an outbound call through another trunk. That is a tunk-initated outbound call. We believed that this would not be neccessary (and it is a significant security risk), but that's the way does it and we enabled that feature. You don't need to change anything in the configuration, because this feature is enabled when you click on the "allow redirect" button in the trunk settings.

 

The E.164 problems revolve around the pattern matching in the dial plan. In 2.0, you could do that but would break your fingers eith the extended regular expressions. In 2.1, you can do this also with the simplified dial plan. For example, the pattern "+49*" is now a valid simple pattern.