Product Documentation

How to Use Microsoft Skype for Business StyleBook in Business Enterprises

Mar 09, 2017

The Skype for Business 2015 application relies on several external components to function. The Skype for Business network consists of various systems, such as servers and their operating systems, databases, authentication and authorizing systems, networking systems and infrastructure,and telephone PBX systems. Skype for Business Server 2015 is available in two versions, Standard Edition and Enterprise Edition. The primary difference is in support for high-availability features that are only included in the Enterprise Edition. To implement high availability, multiple Front-End servers must be deployed to a pool and SQL servers must be mirrored.

An Enterprise Edition deployment enables the creation of multiple servers with different roles.

The primary components in Skype for Business 2015 application are:

  • Front-End servers
  • Edge servers
  • Director servers
  • Database (SQL) servers

The following figure diagrammatically represents the deployment of Skype servers in the network:

localized image

Skype For Business Front-End Servers

The Skype for Business Front-End server is the core server in your network. It provides the links and services for user authentication, registration, presence, address book, A/V conferencing, application sharing, instant messaging, and web conferencing.  If you are deploying Skype for Business 2015 Enterprise edition, the topology typically consists of at least two Front-End servers load balanced in a Front-End pool with a database server that hosts the SQL Server instance holding the Skype for Business database.

Skype For Business Edge Servers

Deploying Edge servers for Skype for Business is necessary if external users who are not logged into your organization's internal network need to be able to interact with internal users. These external users could be authenticated and anonymous remote users, federated partners, or other mobile clients.

There are four types of roles in Skype For Business Edge server:

  • Access Edge, which handles SIP Traffic and authenticates external connections, allows remote connection, and allows federation Connection
  • Web Conferencing, which handles Data Conferencing Packets, and allows external users to access Skype for Business
  • A/V Conferencing, which handles A/V Conferencing Packets, and extends audio and video, app sharing and file transfer to external users
  • XMPP Proxy, which handles XMPP packets, and allows XMPP based servers or clients to connect to Skype for Business.

Skype For Business Director Servers

The main function of the Director server in Skype for Business 2015 is to authenticate endpoints and "direct" the users to the pool that contains their account. In Skype for Business 2015, the Director is a completely dedicated and specific role on a standalone server. This facilitates security by making it easier to deploy or remove the configurations.

Directors are most useful where multiple pools exist, because they provide a single point of contact for authenticating endpoints. Also, for remote users, a Director serves as an extra hop between the Edge pool and Front-End pool, adding an extra layer of protection against attacks.

The following table lists the IP addresses used in the sample configuration included in the instructions below:

Skype for Business Servers

Virtual IP Address

Server IP Addresses

NetScaler Instance

Front-End Servers

10.10.10.10

10.10.10.11

10.10.10.12

10.102.29.60

Edge Servers

External VIP - 192.20.20.20

192.20.20.21

192.20.20.22

 

10.106.76.199

 

Internal VIP - 10.10.10.20

10.10.10.21

10.10.10.22

Director Server

10.10.10.30

10.10.10.31

10.10.10.32

10.102.58.78

Note: Deploy each Skype for Business server on a different NetScaler instance.

Configuring Front-End Servers by using StyleBook

In NetScaler MAS, navigate to Applications > Configuration, and click Create New. The Choose StyleBook page displays all the StyleBooks available for your use in NetScaler MAS. Scroll down and select the Microsoft Skype for Business 2015 StyleBook (Front-End Server). The StyleBook opens as a user interface page on which you can enter the values for all the parameters defined in this StyleBook.

Enter the IP address for the virtual Front-End server (VIP) that is to be created for the Skype for Business Front-End servers. Also enter the IP addresses of all the Skype for Business Front-End servers in the network.

The List of Ports section lists the default port numbers and protocols used by servers, load balancers, and clients in a Skype for Business Front-End server deployment. Each port listed here must be open on each Front-End server role. You can retain the default port numbers or edit them. However, make sure that these ports are reachable on the Front-End servers.

The following table lists the 14 default ports and protocols on the Front-End server:

Label

Port

Protocol

Description

HTTP Port

80

HTTP

Used for communication from Front-End Servers to the web farm FQDNs when HTTPS is not used.

HTTPS Port

443

HTTPS

Used for communication from Front-End Servers to the web farm FQDNs.

AutoDiscover Internal Port

4443

HTTPS

HTTPS (from Reverse Proxy) and HTTPS Front-End inter-pool communications for AutoDiscover sign-in.

RPC Port

135

DCOM and remote procedure call (RPC)

Used for DCOM based operations such as moving users, user replicator synchronization, and address book synchronization.

SIP Port

5061

TCP (TLS)

Used by Front-End servers for all internal SIP communications.

SIP Focus Port

444

HTTPS, TCP

Used for HTTPS communication between the Focus (the component that manages the Skype conference state) and the individual servers.

SIP Group Port

5071

TCP

Used for incoming SIP requests for the response group application.

SIP AppSharing Port

5065

TCP

Used for incoming SIP listening requests for application sharing.

SIP Attendant Port

5072

TCP

Used for incoming SIP requests for the attendant (that is, for dial-in conferencing).

SIP Conf Announcement Port

5073

TCP

Used for incoming SIP requests for the Skype for Business server conferencing announcement service (that is, for dial-in conferencing).

SIP CallPark Port

5075

TCP

Used for incoming SIP requests for the CallPark application.

SIP Call Admission Port

448

TCP

Used for call admission control by the Skype for Business server bandwidth policy service.

SIP Call Admission TURN Port

5080

TCP

Used for call admission control by the bandwidth policy service for Audio/Video Edge TURN traffic.

SIP Audio Test Port

5076

TCP

Used for incoming SIP requests for the audio test service.

Click Target Instances and select the NetScaler instance on which to deploy the Skype for Business configuration for Front-End servers. Click Create to create the configuration on the selected NetScaler instance. 

Note: You can first select Dry Run to check the objects that will be created on the target instance.

When the configuration is successfully created, the StyleBook creates 14 load balancing virtual servers. That is, for each port, one load balancing virtual server is defined along with one service group, and the service group is bound to the load balancing virtual server. The configuration also adds the Front-End servers as service group members and binds them to the service group. The number of service group members created is equal to the number of Front-End servers created.

The following figure shows the objects created for one port:

localized image

Configuring Edge Servers for Skype in Enterprise Business by Using StyleBook

In NetScaler MAS, navigate to Applications > Configuration, and click Create New. The Choose StyleBook page displays all the StyleBooks that are available in your NetScaler MAS for your usage. Scroll down and select the Microsoft Skype for Business 2015 StyleBook (Edge Server) for Edge servers.

Enter the following virtual IP (VIP) addresses and IP addresses of all the Edge servers in the network.

  • External VIP address and IP addresses for the Edge servers that will be used for access Edge, web conferencing Edge and A/V Edge.
  • Internal VIP address and IP addresses for the Edge servers that will be connected with the internal network.

Create at least two external and two internal Edge servers in your network.

The List of Ports section provides a list of default port numbers and protocols in a Skype for Business Edge server deployment.

The following table lists the 7 default ports - four external ports and three internal ports - and protocols on the Edge server:

Label

Port

Protocol

Description

HTTPS External Port

443

HTTPS

Used for external ports for SIP/ TLS communication for remote user access, accessing internal Web conferences, and STUN/TCP inbound and outbound media communications for accessing internal media and A/V sessions.

HTTPS Internal Port

443

HTTPS

Used for internal ports for SIP/ TLS communication for remote user access, accessing internal Web conferences, and STUN/TCP inbound and outbound media communications for accessing internal media and A/V sessions.

SIP External Remote Access Port

5061

TCP

Used for external ports for SIP/MTLS communication for remote user access or federation.

SIP Internal Remote Access Port

5061

TCP

Used for internal ports for SIP/MTLS communication for remote user access or federation.

SIP External STUN UDP Port

3478

UDP

Used for external ports for STUN/ UDP inbound and outbound media communications.

SIP Internal STUN UDP Port

3478

UDP

Used for internal ports for STUN/UDP inbound and outbound media communications.

SIP Internal IM Port

5062

 

Used for internal ports for SIP/MTLS authentication of IM communications flowing outbound through the internal firewall.

Click Target Instances to select the NetScaler instance on which to deploy the Skype for Business configuration for Edge servers. Click Create to create the configuration on the selected NetScaler instance.  You can also select Dry Run to check the objects that would be created on the target instance.

When the configuration is successfully created, the StyleBook creates seven load balancing virtual servers, that is, for each port one load balancing virtual server is defined along with one service group and the service group is bound to the load balancing virtual server. The configuration also adds the Edge servers (either internal or external) as service group members and binds them to the service group. Note that the names of the load balancing virtual servers and the other objects created depends on whether they are created on external or internal ports.

For example, the following load balancing virtual server is created on an external port:

Type: lbvserver

  ipv46: 192.20.20.20

  name: sfb-edge-externalsip-lb

While, the following load balancing virtual server is created on an internal port:

Type: lbvserver

  ipv46: 10.20.20.23

  name: sfb-edge-internalsip-lb

The following image displays the objects created for one external port and one internal port:

localized image

Configuring Director Servers for Skype in Enterprise Business by Using StyleBook

In NetScaler MAS, navigate to Applications > Configuration, and click Create New. The Choose StyleBook page displays all the StyleBooks that are available in your NetScaler MAS for your usage. Scroll down and select the Microsoft Skype for Business 2015 StyleBook (Director) for Director servers.

Enter the virtual IP address (VIP) for the Director servers  that is to be created for the Skype for Business application. Enter the IP addresses for all the Skype for Business Director servers in the network. Create at least two Director servers for high-availability.

The List of Ports section provides a list of default port numbers and protocols in a Skype for Business Director server deployment.

The following table lists the 4 default ports and protocols on the Director server:

Label

Port

Protocol

Description

HTTP Port

80

TCP

Used for initial communication from Directors to the web farm FQDNs.

HTTPS Port

443

HTTPS

Used for communication from Directors to the web farm FQDNs.

AutoDiscover Internal Port

4443

HTTPS

Used for HTTPS (from Reverse Proxy) and HTTPS Director inter-pool communications for AutoDiscover sign-in.

SIP Internal Port

5061

TCP

Used for internal communications between servers and for client connections.

Click Target Instances to select the NetScaler instance on which to deploy the Skype for Business configuration for Director servers. Click Create to create the configuration on the selected NetScaler instance.  You can also select Dry Run to check the objects that would be created on the target instance.

When the configuration is successfully created, the StyleBook creates four load balancing virtual servers, that is, for each port one load balancing virtual server is defined along with one service group and the service group is bound to the load balancing virtual server. The configuration also adds the Director servers as service group members and binds them to the service group. The number of service group members created is equal to the number of Director servers created.

The following image displays the objects created for one port on a Director server:

localized image