quality of service for skype for business/lync ... · pdf filequality of service for skype for...

14
Quality of Service for Skype for Business/Lync configuration and best practice Guide V1 Overview: As you know that Microsoft Skype for Business is great product which has multiple features which help enterprise users to communicate and collaborate effectively from anywhere. To get Skype for Business to work correctly for internal and external users, is complex task as we are dealing with vast product. Improving quality of service is very important. So, this admin guide help you to configure end to end Quality of Service. Also, this document mainly focusing on why we need Quality of Service and how we can configure this. Basically, Quality of Services is not a only solution of every quality problem, however QoS is combination of networking technologies that enables companies to optimize the end-user experience for real time audio, video and application sharing communications. QoS is commonly used when network bandwidth is limited and when network congestion, in practice bandwidth limitation and network congestion always there so we must have QoS configure correctly to optimize end-users experience. Author: Balu Ilag Microsoft MVP (Office Servers and Services) © 12.21.2016, Balu Ilag, System Administrator, Microsoft MVP Office Servers and Services. Version 1.0 Contact me at: [email protected] Blog: http://communicationsknowledge.blogspot.com/ . This document covers how to deploy quality of services and why we need it. Target audience for this admin guide are Skype for Business / Lync Administrator, Skype for Business Online (Office365) Administrator, Network Engineer and System Administrator who manages Skype for Business and Lync server 2013 environment.

Upload: lykhanh

Post on 14-Feb-2018

261 views

Category:

Documents


6 download

TRANSCRIPT

Page 1: Quality of Service for Skype for Business/Lync ... · PDF fileQuality of Service for Skype for Business/Lync configuration and best ... for Business / Lync configuration and best practice

Quality of Service for Skype for Business/Lync configuration and best practice Guide

V1

Overview:

As you know that Microsoft Skype for Business is great product which has multiple

features which help enterprise users to communicate and collaborate effectively from

anywhere. To get Skype for Business to work correctly for internal and external users, is

complex task as we are dealing with vast product. Improving quality of service is very

important. So, this admin guide help you to configure end to end Quality of Service.

Also, this document mainly focusing on why we need Quality of Service and how we can

configure this.

Basically, Quality of Services is not a only solution of every quality problem, however

QoS is combination of networking technologies that enables companies to optimize the

end-user experience for real time audio, video and application sharing communications.

QoS is commonly used when network bandwidth is limited and when network

congestion, in practice bandwidth limitation and network congestion always there so we

must have QoS configure correctly to optimize end-users experience.

Author: Balu Ilag Microsoft MVP (Office Servers and Services) © 12.21.2016, Balu Ilag, System Administrator, Microsoft

MVP Office Servers and Services. Version 1.0

Contact me at: [email protected]

Blog: http://communicationsknowledge.blogspot.com/ . This document covers how to deploy quality of services and why we need it. Target audience for this admin guide are Skype for Business / Lync Administrator, Skype for Business Online (Office365) Administrator, Network Engineer and System Administrator who manages Skype for Business and Lync server 2013 environment.

Page 2: Quality of Service for Skype for Business/Lync ... · PDF fileQuality of Service for Skype for Business/Lync configuration and best ... for Business / Lync configuration and best practice

Quality of Service for Skype for Business / Lync configuration and best practice Guide

V1

Why QoS required?

Quality of Services (QoS) is a combination of networking technologies that enables

companies to optimize the end-user experience for real time audio, video and

application sharing communications.

QoS is commonly used when network bandwidth is limited and when network

congestion, in practice bandwidth limitation and network congestion always there so we

must have QoS configure correctly to optimize end-users experience.

QoS can be configure as end to end, it more useful your media traffic traverse over Wide

Area Network because on Local Area Network you might not have network congestion

and bandwidth issues.

When we talk about WAN, were most of organization uses Multi-Protocol Label

Switched (MPLS). MPLS network is a L3 WAN built by a service provider to sell its

bandwidth to many customers and allows to guarantee a quality of service (QoS). With

that said means QoS is always required

How QoS is working?

Basically, all port range provided to Skype for Business/Lync client via in band

provisioning. This means that once your Skype for Business / Lync client signs in, they

will start using these locked down port ranges which configured on Skype for Business/

Lync Server and this ports pushed down to Skype for Business/ Lync clients. So, when

client initiate the media traffic using applications like lync.exe, communicator.exe and

attendeeconsole.exe. This means that all applications that utilize the Audio/Video,

Application sharing, file transfer ports, which will get DSCP (Differentiated Services Code

Point), markings stamped by Operating System via GPO (Group Policy Object).

Operating System like, Windows Vista, Windows 7, Windows 8 and Windows 10 utilize

the Policy based QoS. Policy based QoS has the benefit that you can restrict the QoS at

the application level. This means that all client applications that utilize the Audio/Video

Application sharing, file transfer ports that we configure for Audio/Video, Application

sharing, file transfer will get DSCP markings stamped.

Page 3: Quality of Service for Skype for Business/Lync ... · PDF fileQuality of Service for Skype for Business/Lync configuration and best ... for Business / Lync configuration and best practice

Below is the client application with their executable file name:

• Office Communicator 2007/R2 and Lync 2010 – communicator.exe

• Lync 2010 and Lync Attendant Console - attendantconsole.exe

• Lync 2013, Skype for Business 2015 and Skype for Business 2016 – Lync.exe

Below are the port ranges and DSCP values with their Media type:

Media Type

Communication Port Range Port Count

DSCP Values

Audio Conferencing Server

49152 - 57500

8348 46

Audio Mediation Server 49152 - 57500

8348

Audio Clients 50020 - 50059

40 46

Video Conferencing Server

57501 - 65535

8034 34

Video Clients 58000 - 58019

20 34

App Sharing

Conferencing Server

40803 - 49151

8348 24

App Sharing

Clients 42000 - 42019

20 24

File Transfer

Clients 40783 - 40802

20 14

Signaling Client and Server 5060-5061 2 46

Note: All mobility clients, like iOS, Android, Windows, Skype for Business/ Lync 2013

Mobility clients will not utilize this QoS capability as it is only applicable to Skype for

Business Windows and Skype for Business for Mac clients and IP phone devices which

are registered directly to an internal Skype for Business / Lync pool Server on managed

networks; QoS is not applicable for traffic routed over the Internet.

Microsoft recently released Skype for Business on Mac client, which can tag traffic, but

the OS X does not support. Microsoft is working with Apple to support tagged traffic.

However as of now it not working.

Let us start with QoS configuration:

1. Enable QoS for all clients, which is disabled by default:

Page 4: Quality of Service for Skype for Business/Lync ... · PDF fileQuality of Service for Skype for Business/Lync configuration and best ... for Business / Lync configuration and best practice

Quality of Services (QoS) is not enabled by default on Skype for Business / Lync

Server.

You can run Get-CsMediaConfiguration command from PowerShell and see if

“EnableQoS” shows “True” or “False”. By default, it shows as False.

To Enable QoS globally, run the below PowerShell command:

Set-CsMediaConfiguration -EnableQoS $True

In case you want to enable QoS per site wise then run the below command let

Set-CsMediaConfiguration -Identity Site:<sitename> -EnableQoS $True

2. Configure the port ranges for Conferencing and peer-to-peer media traffic:

For Quality of Service work correctly, you should configure identical port ranges

for audio, video, file transfer and application sharing on your Conferencing,

Application, and Mediation servers; furthermore, those port ranges must not

overlap in any ways. E.g. if you use ports 57501 through 65535 for video on your

Conferencing servers. That means that you must also reserve ports 57501

through 65535 for video on your application servers. If you do not, QoS will not

work as expected.

You must use Power Shell to configure Port ranges. You can verify the existing

port ranges for your Conferencing, Application, and Mediation servers by running

power shell commands.

Get-CsService -ConferencingServer | Select-Object Identity, AudioPortStart,

AudioPortCount, VideoPortStart, VideoPortCount, AppSharingPortStart,

AppSharingPortCount

Get-CsService -ApplicationServer | Select-Object Identity, AudioPortStart,

AudioPortCount

Get-CsService -MediationServer | Select-Object Identity, AudioPortStart,

AudioPortCount

Page 5: Quality of Service for Skype for Business/Lync ... · PDF fileQuality of Service for Skype for Business/Lync configuration and best ... for Business / Lync configuration and best practice

Note: Application server and Mediation server only support QoS for audio; you

do not need to change video or application sharing ports in your Application

servers or Mediation servers.

As you can see in the below commands, each port type – audio, video, and

application sharing – is assigned two separate property values; the port start and

the port count. The port start indicates the first port used for that modality; e.g. if

the audio port start is equal to 49152 that means that the first port used for

audio traffic is port 49152. If the audio port count is 8348 that means that 8348

ports are allocated for audio. If the first port is port 49152 and last ports 57500

(port ranges should be contiguous). Thus, the port range for audio would be ports

49152 through 57500.

To make changes in all Pool Servers:

Get-CsService -ConferencingServer | ForEach-Object {Set-CsConferenceServer -

Identity $_.identity -AppSharingPortStart "40803" -AppSharingPortCount "4348" -

AudioPortStart "49152" -AudioPortCount "4348" -VideoPortStart "57501" -

VideoPortCount "8034"}

To modify Instant messaging SIP port in all Pool Server (optional):

Get-CsService -ConferencingServer | ForEach-Object {Set-CsConferenceServer -

Identity $_.Identity -ImSipPort 5062}

You can make changes to mediation and application server audio port ranges.

To set on all Edge Server:

With Edge servers, you do not have to configure separate port ranges for audio,

video, and application sharing; likewise, the port ranges used for Edge servers do

not have to match the port ranges used with your Conferencing, Application, and

Mediation servers.

Get-CsService -EdgeServer | ForEach-Object {Set-CsEdgeServer -Identity

$_.Identity -MediaCommunicationPortStart 50000 -

MediaCommunicationPortCount 10000}

Configure client port ranges for peer-to-peer media:

You can run below command to find existing media client ports:

Page 6: Quality of Service for Skype for Business/Lync ... · PDF fileQuality of Service for Skype for Business/Lync configuration and best ... for Business / Lync configuration and best practice

Get-CsConferencingConfiguration | fl Client*

To make changes in client port ranges:

Set-CsConferencingConfiguration -ClientMediaPortRangeEnabled $True -

ClientAudioPort "50020" -ClientAudioPortRange "40" -ClientVideoPort "58000" -

ClientVideoPortRange "20" -ClientAppSharingPort "42000" -

ClientAppSharingPortRange "20" -ClientFileTransferPort "40783" -

ClientFileTransferPortRange "20"

3. Now configure separate Group Policy Object for Client and Server:

After defining port ranges you must also create Quality of Service policies that

specify the DSCP code to be associated with each port range

Simply, restricting a set of ports to a specific type of traffic does not result in

packets traveling through those ports being marked with the appropriate DSCP

code. In addition to defining port ranges you must also create Quality of Service

policies that specify the DSCP code to be associated with each port range.

This DSCP values association with port ranges can be achieve via GPO which has

policy based QoS.

If you already have all port ranges and DSCP value with communication type then

processed below, if not then decide port ranges and follow the step two for

configure port ranges.

Microsoft outline complete steps https://technet.microsoft.com/en-

us/library/jj205076(v=ocs.15).aspx

a. You must have consolidated all your computer object to single OU

(Organization Unit). E.g. Computer.

b. Login to the Domain Controller or computer which have Group Policy

Management installed.

Page 7: Quality of Service for Skype for Business/Lync ... · PDF fileQuality of Service for Skype for Business/Lync configuration and best ... for Business / Lync configuration and best practice

c. Open Group Policy Management tool (run > gpmc.msc) and then right click

the OU (Computer) and then click “Create a GPO in this domain, and Link it

here” to create a new GPO. E.g. SfBLyncClient-QoS. You must have required

permission (Domain Admin) or like create and link policy object.

d. Select the newly created Group Policy Object and right click on it and select

Edit to Open Group Policy Management Editor > expand Computer

Configuration > expand Policies > expand Windows Settings > right click

Policy-based QoS > then click ‘Create new policy’.

e. In Policy-based QoS page > give policy name as "Lync2013-Audio" > Select

Specify DSCP Value: "46" > click Next.

Below screenshot shows Policy name and DSCP value information:

(screenshot shows exiting policy)

Page 8: Quality of Service for Skype for Business/Lync ... · PDF fileQuality of Service for Skype for Business/Lync configuration and best ... for Business / Lync configuration and best practice

f. On next page > Select "Only applications with this executable name:

"lync.exe" > click Next.

Note: This simply ensures that Lync.exe application will match packets from the

specified port range with the specified DSCP code.

Below screenshot shows Application name information: (screenshot shows

exiting policy)

Page 9: Quality of Service for Skype for Business/Lync ... · PDF fileQuality of Service for Skype for Business/Lync configuration and best ... for Business / Lync configuration and best practice

g. On next page, make sure that both Any source IP address and Any

destination IP address are selected > then click Next.

Note: These two settings ensure that packets will be managed regardless of

which computer (IP address) sent those packets and which computer (IP

address) will receive those packets.

Below screenshot shows IP address configuration information: (screenshot

shows exiting policy).

Page 10: Quality of Service for Skype for Business/Lync ... · PDF fileQuality of Service for Skype for Business/Lync configuration and best ... for Business / Lync configuration and best practice

h. On next page select TCP and UDP > select ‘From this source port or range’.

Note: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol)

are the two networking protocols most-commonly used by Skype for

Business/ Lync Server and its client applications.

Also, typed port range reserved for audio transmissions.

Below screenshot shows protocol and port range configuration information:

(screenshot shows exiting policy).

Page 11: Quality of Service for Skype for Business/Lync ... · PDF fileQuality of Service for Skype for Business/Lync configuration and best ... for Business / Lync configuration and best practice

i. Follow step e to h and create new policy object as “Lync2013-Signaling,

Lync2013-AppShare, Lync2013-File Transfer and Lync2013-Video” with above ports ranges and DSCP values.

j. After you configuring all policy object, it will look like below:

k. Open Group Policy Management and then right click the OU (Server) and then

click ‘Create a GPO in this domain, and Link it here’ to create a new GPO. E.g.

SfBLync-Server-QoS. You must add your Skype for Business / Lync Server to

Server OU. Then repeat step d to I and create policy object for Server as well.

After you configuring all policy object for server, it will look like below screen.

Page 12: Quality of Service for Skype for Business/Lync ... · PDF fileQuality of Service for Skype for Business/Lync configuration and best ... for Business / Lync configuration and best practice

4. Finally test the QoS, as a best practice you must validate QoS configuration and

DSCP tagging quarterly basis.

Test1:

a. First, we need test GPO policy correctly applied or not, after newly

created GPO applied and linked to OU where Computer and Server object

stored (separate OU). Before testing you can force the policy by running

"gpupdate.exe /force" on testing computer and server which will refresh

the policy.

b. After policy refresh on client computer > Start > Run > cmd (open as

administrator) > type Gpresult /h result.htm

c. You will all policy result in result.htm file and find your QoS policy.

Test2:

a. Enable Skype for Business/ Lync client log > then sign-in to Skype for

Business / Lync client > then open Skype/ Lync (UCCAPILOG) logs in

Notepad or Snooper tool. See the qosenabled shows true and verify all

client port numbers. Below are log file locations.

• Skype for Business 2015/Lync2013 client:

%userprofile%\appdata\local\Microsoft\Office\15.0\Lync\Tr

acing\

• Skype for Business 2015 client:

%userprofile%\appdata\local\Microsoft\Office\16.0\Lync\Tr

acing\

Below screenshot shows correct client ports.

Page 13: Quality of Service for Skype for Business/Lync ... · PDF fileQuality of Service for Skype for Business/Lync configuration and best ... for Business / Lync configuration and best practice

Test3:

Make audio call with another internal user and capture network traffic to verify,

if QoS tagging shows correctly of not.

Verify two way packets and see DSCP value shows correctly.

Below screenshot shows UDP traffic DSCP: FE (Expedited Forwarding (46), which

is correct tagging.

Best practices:

1. Every quarterly audit QoS policies and see tagging.

2. Check with WAN (Wide Area Network) provider (MPLS) for QoS plane.

Page 14: Quality of Service for Skype for Business/Lync ... · PDF fileQuality of Service for Skype for Business/Lync configuration and best ... for Business / Lync configuration and best practice

3. You must validate QoS end-to-end because sometime incorrectly configured

network devices (routers, wireless access points, switches) which might set or

change DSCP markings to something you did not intend or strip DSCP

markings to 0 (set to 0).

Thank you.