Planning Tech

To achieve the full benefits from your OCS environment you need to give the users the ability to hear one another and enable them to communicate from your external network. To do so log in to you Office Communication Server 2007 a run the Setup.exe located in the server folder under the I386 folder.

Key Benefits:

1.  Work with TLS encryption with a unique port (5060) to reduce attacks.
2. Connecting clients that are outside the network to internal ICE.

Prerequisites (you have more I only give you the ones we don’t already configure):

1. At least media Gateway available for deployment.
2. You cannot have NAT or FIREWALL between the Mediation Server and the Media gateway.
3. Additional Server to install the Mediation Server (You cannot install the Mediation server in the same server running the OCS).
After the GUI will Pop-Up you should chose to “Deploy Other Server Roles”,
In the next screen you arrive you need to choose “Deploy Mediation Server” 
Mediation Server
 
This role enables you to use Voice capabilities in your environment using IP/PSTN gateways and OCS services.
Now after you chose, to install this role you will arrive to 4 steps you need to accomplish:

Step1: Install files for Mediation Server
Here you only need to press the “Install Button”.

Step2: Activate Mediation Server
After you press the “Run” a new wizard will open,
In the credentials section use the same account you used when install the OCS, Next.

In this step new attributes will be written in you Active Directory.
Step3: Configure Mediation Server – here you don’t need to do anything, simply pass to step 4.
Step4: Configure Certificate – Because we work with Security issues we need to set another certificate used by the Mediation Server.
Let’s configure!!

1. Run and Next afterwards.
2. Create a NEW certificate.
3. Chose the Send the Request…..options (The first one!).
4. Next all the ways with the same configuration you configures when you create the first certificate.

Note!
You can see the Certificate on your Certificate Authority Server under “Issued Certificates”.

First you need to have two different clients with outlook 2007 configured on their machines , check co

 Environment connectivity to the exchange and the coactivity between the two users.

You need to verify it on those two because before you deploy the OCS and all is features to clients you must first create all the tests you can create to get the best configuration on your production enviorment.

Step 1: Enabling users on the OCS2007

On the OCS server or on your DC open command line:

Type: dsa.msc

Now you need to see you Active Directory open, all you need to do now is to choose the organization unit with the user you want to add and Right click on the OU and chose “Enable Users for communication Server”.

A wizard will open and we need to configure it:

1. Next.
2. Select Server or Pool – here you will see the default server name, just verify and click, next.
3. Specify Sign-IN Name – here we need to set the way users will connect to the OCS -  as you will see you can set the E-mail account of users or Lastname+First name it doesn’t matter just chose the correct policy you want .
4. Enable Operation Status – Here you can verify the users SIP creation, you will see both Success and Failures regarded the SIP creation.

Note!

You can see the users you just add in the OCS console:

Open OCS Mmc ->Expand the Forest -> Open Users.

Here I want to talk about updates at your environment, as you know to keep our computers and server’s up to date Microsoft relist updates Avery few weeks, its Hailey recommended to use them because it’s save us a lot from our admin work, the wsus server help us to create centralized environments for those updates an give us the option to select which updates we want to deploy and which we not.
We can choose which updates we want to download and for that we have the following criteria:
• By operating system (Example: Office\Server2003\Xp).
• We can choose the update importance (Drivers\Critical updates).
• By language (Frances\English).
What are the Installation requirements?
- we need to install it on Windows Server2003SP1
- IIS (6.0) – because all computers connected to the server with http address we need to use iis to enable this connection.
- Microsoft .NET framework Version 2.0.
- The minimum and recommended disk space :
1. 1 GB for Boot Drive (C).
2. 3 GB for database. (D).
3. Because the server downloads and save updates on the server we need to have minimum 0f 25 GB to store those updates (E).
- NTFS partition.
- Database SQL.

When to synchronize….?

One of the good things that I love about this product is the time we want him to work. We can choose when the Wsus server will connect to the Microsoft servers and download all updates that we choose and keep them until you (The big admin…) chose what to install on your clients machines.

What I need to download….?

In this version (3.0 Sp1) the server can scan your enviornmant and determine which commuter and the update that he needs. We have 2 ways to see that information:

1. We can see it on the server Manu.
2. And the preferred way is to generate an automatically report, yes with the morning coffee you also have all the update that you missing and all you need to do is to approve it.
What if you have many departments…?
Here the answer is very easy, because you can create groups so you can choose how to deploy your updates to entire group or maybe to specific computers. We can create that group in active directory (With GPO) or on the wsus server.
How I create groups for entire bunch of computers….?
As you already know tasks like this we have the administrative console and it’s easy to manage, so let’s follow the process step by step:
1. Expend computers and select all computers.
2. Right click on all computers or go to Actions and press Add Computer Group.
3. Now when we created the group we can assign computers in it:
• In administration console go to computers.
• Choose the computer group you want to move.
• Choose from the list you open the computers you want to move.
• Right –Click on Change Membership.
• Now you will see a dialog box says “Set Computer Group Membership” with all your groups.
• Simply check the new group you want to assigns the computers in it.

How we install it…?

1. Go to your WSUS directory and press WSUSSetup.exe.
2. Click next.
3. Now you need to choose the “installation mode selection” here my recommended is to choose the full server installation + administration console.
4. Accept License agreement and click next.
5. Now you need to choose the “update Source” – here you chose where to place the downloaded updates so your clients can sync and download them. Click “store update locally” and chose the 30GB partition that we arranged before we started the installation process.
6. On the database options stay with the default options and click next.
7. Now we need to see the “Web Site Selection” accept default options (The first option IIS) to use port 80, Next.
8. In the next screen click again next.
9. Finish.
Note!
If you have firewall between the wsus and the internet you need to open ports 80 and 443 because that’s the ports the server needs to get updates.

How to choose the way the server will download updates…?
1. Go to the configuration wizard (after you get Microsoft improvement program) and click next.
2. Now you need to select if you want to sync and get updates from Microsoft server or from another Wsus server that you have in your environment. So for now we will choose the first option (Microsoft Server) and click next.

How I manage the server …?

We manage the server with the administrator console for wsus to open it follow this:
Start->All programs ->Administrative tools ->Windows server updates services 3.0.

How I can configure my updates and the server sync…?
1. Open management console.
2. Go to “Set Sync Schedule.
3. Now we need to chose what type we want to work with:

- Manual – if you chose this option you need to initiate the sync from the wsus console.
- - Automatic – if we chose this option the server will create the sync process at specific intervals, all we need to do is to choose when the server creates the intervals (Send and Forget).
How I define the update to a specific product…?
1. Open console.
2. Options and select “update files and languages”.
3. Now you need to see 2 tabs :

- Update Files – here we can chose if we want to store all our updates locally on the server or the client commuters will download from Microsoft update.
- Update languages – here we can configure the updates Lang’
4. Now press OK and save all settings.

How I sync manually…?

1. Open Administrative console.
2. Select Synchronizations.
3. Press right click on “Actions”
4. Sync Now.

How to configure automatic updates…?

1. Go to group policy and configure a new policy.
Computer Configuration -> Administrative Templates -> Windows Component ->Windows Update.
2. Click “Configure Automatic Updates”.
3. Click Enabled and configure the following options :

- Notify for download and notify for install – notify the admin when before the server download update and before the installation of the update.
- Auto download and notify for install – updates will download automatically and notify before install it.
- Auto download and schedule the install – if we configure automatics updates we can schedule installation, so we need to choose the time for the installation.
- Allow local admin to chose setting – local admins can use automatic updates in the control panel (the can chose scheduled time for updates installation).
4. After you finish all configuration press OK.

How I create the connection between the clients to the new server….?
Because we work with 3000 computers… we can apply the update configuration with GPO, it’s very simple to do and I will explain it so you can manage all clients easy as possible:
1. Open GPMC.
2. Create new GPO.
Computer Configuration -> Administrative Templates -> Windows Component ->Windows Update.
3. Now choose “Specify Internet Microsoft Update Service Location “.
4. Press “Enabled” and configure the following :
You need to give your Wsus HTTPURL (IIS Remember…) for example:
Http://Wsus90 (You need to put it in both boxes!!!!!).
5. Click OK.

Note!
After you configure the policy and deploy it on client’s computers you will start to see clients computers add to your server at the administrative console at estametly 30 minutes.
If you cannot wait 30 minutes you can speed the process by pressing the following command on client computers:
Goupdate /force – this command will apply the Wsus policy immediately.

Note!
You have another option to make the clients computers connect to the wsus by pressing the following on client’s computers:
“Wuauclt.exe /detectnow “.

O.k. I have the update but how I approve them…?

To approve the updates you want to deploy follow the following process:
1. Open Admin Console.
2. Go to Updates and a dialog will open and show you all the updates that you have on your server with criteria :
• All Updates.
• Critical Updates.
• Wsus Updates.
• Security Updates.
3. Now choose the type of updates you want to deploy.
4. Select the updates from the criteria that you choose (If you want to choose multiple contiguous Update press and hold Shift button, If you want to choose multiple updates that noncontiguous press Ctrl while choose your Updates).
5. Press approves and a dialog box will appear.
6. Select the group you want to deploy the updates you just choose (for examples “Sales”) and choose one of the following:
• Approve for install – choose this option!!!
• Approve for Removal.
• Not approve.
• Deadline.
• Same as parent
• Apply to children.
7. Now you will see a progress bar start to show you the tasks that you ask from the server.
8. Close.

Note!
If you want to see the status of the updates follow the easy few steps:
1. Admin console.
2. Reports -> Update Status Summery -> Update Report Window.
3. Here you can create filters if you like.
4. Press on “Run Report”.
So now after you finish to read my document I’m shore you can go to your bosses and offer the your great solution and the ones that already have this wonderful server I hope I can help in something, so if you have any questions please contact me or live your comment and I try to come back and help you as soon as possible.