There are some specific use cases where customers would like to prevent P2P traffic between SfB/Lync endpoints to avoid any-to-any relations, primarily due to security and firewall issues. The following list summarizes the key features:
- Built on top of the Verba system. It can be deployed as a relay-only solution or or as a mixed environment with recorded and relay-only users.
- Standard AD sync profiles can be configured for specific users, where relay-only "recording mode" can be configured for the associated extensions/addresses.
- When the Verba Filter Service recognizes a voice/video call for a configured user, it will update the SDP and relay the call through a Verba Proxy Server. Verba Proxy Servers can be deployed in a resilient fashion providing load balancing and failover functions. The same proxy server can be used for recording as well.
- The system does not store any information about relay-only calls besides the standard log entries related to the filter and relay services.
- The Verba Proxy Server currently has the following limitations:
- It can only relay UDP streams, TCP is not supported
- It cannot support endpoints behind NAT (this will be resolved soon)
- Using AD sync, Verba stores the configuration of the users and their associated SIP URIs / phone numbers in an SQL Server. The configuration is automatically pushed down to all Verba servers, including the SfB FE filter applications. SfB FE filter applications store a local, cached copy of the configuration.
- A configured SfB user starts a voice/video call.
- The Verba Filter service detects the call for the configured user based on SIP URI/phone number. It forwards call setup messages to a Verba Proxy Server based on the load balancing and failover configuration.
- The Verba Proxy Server allocates relay ports and rewrites ICE candidates, then sends back the updated SDP to the filter application. Endpoints will connect via the relay port, internal routing logic will forward received RTP/RTCP packets to the other endpoint.
QoS and Firewall requirements
- Dedicated A dedicated port range for voice and for video calls can be specified
- DSCP/Diffserv TOS marking can be achieved by Windows QoS management: https://technet.microsoft.com/en-us/library/cc771283.aspx
- Firewall The firewall should allow inbound traffic from SfB endpoints (phones, mediation, AVMCU, ...) to relay port range and outbound traffic from relay ports to these endpoints
- One stream (voice or video) allocates 4 ports on the relay server (caller RTP+RTCP, callee RTP+RTCP).
- Skype for Business is now able to multiplex RTP and RTCP on the same port, even so, due to backward compatibility, we follow the “RTP on even, the RTCP on the next odd port number” rule
- By default the service listens on:
- UDP 16384-65535 – relay port range
- TLS 10201 – SfB filter connections
- More information: Port range and QoS settings for proxy based recording
Step 1 - In the Verba web interface click on Administration > Users / Extensions.
Step 2 - Select the extension you would like to be a relay-only extension.
Step 3 - Under Under Recording Settings change change the Recording Mode dropdown drop-down value to Relay Only.
Step 4 - Scroll down to the bottom of the page and click the Save button.
Step 5 5 - Follow the instruction in the yellow stripe above the extensions list to to apply changes to to Verba services.