My diary of software development

Posts tagged ‘Office 365’

Moving to the Clouds Part II–Getting IP Phones Working With TMG

Part I

In Part I I talked about moving my church’s office and network resources to the cloud because they decided to sell their building to build a new site and had dispersed from working in their old office to a temporary office as well as work from their homes.

My church decided to move their phone numbers to Phone.Com to use IP phones and soft phones for their communications after their move from their old office. In this post, I’m going to talk about my struggle to get their IP phones working through Microsoft TMG.

Why Microsoft TMG?

I’ve been asking myself that question a lot lately. At the office I had them setup with a Cisco PIX for their firewall but I chose to move them to TMG since it’s a lot easier for me to manage. In addition I believe it will help me with the Office 365 identity integration with their Active Directory. But right now I’m just trying to get their IP phones working.

The First Experience

I didn’t know how IP phones worked when I started this, since at the church office, they had a phone provider who brought in the lines to a PBX and then to the offices. There was nothing for me to manage.

At the temporary office, everything worked for the IP phones as long as I used the Verizon FIOS router but stopped as soon as I switched over to TMG. Nice. Time for me to go and study how IP phones are supposed to work.

After poking around on the Internet’s resources reading about the SIP and RTP protocols, I discovered a really slick wizard in TMG which allowed me to create rules for VOIP. I went through the wizard and ended up with three new firewall policy rules:

Rules

This made sense so I grabbed an IP phone and dialed someone. The call went through (yippee!!!) but I couldn’t hear them and they couldn’t hear me (sigh).

So that would mean the SIP protocol went through fine but the RTP protocol which would handle the voice didn’t go through.

What The TMG Log Showed

I started a log query on TMG restricted to just the IP phone’s IP address and made another prank call. This is what the log showed me:

Log 1

There are two things I see wrong here. The first and obvious is that the connection was denied. The second is that the protocol name is ‘Phones 6060’ which was an old protocol I had defined earlier when I was working through my ignorance of how IP phones worked but have since deleted.

I see that the destination port is an even port number. According to the RTP protocol, the data is sent over an even port number and the corresponding data would be carried over the next higher port number which would be an odd number. So this log is telling me that the phone was trying to perform RTP communications over the even port number 32746 but the attempt was denied and that would be why I don’t see communications over port 32747 which would be data coming back.

But why is the protocol ‘Phones 6060’ showing up in the logs? I know I deleted it and have even rebooted the TMG server since then so there’s no reason for it to show up in the logs. The fact that this deleted protocol is showing up and the fact that TMG is not allowing the IP phones out even after I created the proper firewall rules makes me less confident that what I see in the TMG UI is not actually what TMG is doing under the covers. Thanks Microsoft.

Well, it’s a rainy and stormy day today so this is as good a day as any to work through this…

Advertisements

Moving to the Clouds Part I

 

The decision

My church has decided to sell their land and buildings in order to build and move into a new location about 20 miles away. This new site will not be completed for about a year so in the mean time, they’ll be working out of temporary offices and their homes in a much more loosely coupled fashion.

Since I handle their email, file shares, networking, and various other IT stuff on the side, I decided it was time to look at moving their data to the cloud.

 

Where to put all those files?

They easily have over 400GB of files on their network shares. Google Docs was the first place I looked and found that I’d have to convert all those files to GD format and the docs could not be cached locally so the user would have to be online to get to their documents. That was a non-starter for me so I nixed GD.

Next I took a look at Amazon S3. Amazon makes it very easy to get this many documents up to S3, I just send them a USB drive with all of the docs on it. And the pricing was perfect because at $0.14/GB plus the estimated number of requests and data transfer size, they would be looking at about $100/month.

 

What about the email?

I began to prepare the files for shipping to Amazon by locking their file shares down to read-only access and copying the files to a removable drive over a period of several days. As I was in the middle of doing this, I began to hear and read about Microsoft’s Office 365 and realized that would be perfect for their email. I wouldn’t have to manage a mail server any longer or be a liaison to their current mail provider.

For way less than the cost they were paying their current provider they could have their email in Exchange and their working office files in SharePoint in the cloud. I researched the O365 plans and set them up with the E4 plan. With this plan, they’ll be able to use and upgrade to the latest version of Office with each release, have multiple GB of mail storage, and have tens of GB of SharePoint storage.

 

To be continued…

I’ll continue this series with information on moving their email, setting up their contacts, and moving their files to Office 365 and Amazon.