locked
Cloud Connector (CCE) 2.0 - DNS and Certificate RRS feed

  • Question

  • Hi,

    We are going to configure two Cloud Connectors ( 2.0) in each site and have 5 PSTN sites. I need some help on DNS and certificate.


    1. How do I request External and Internal DNS record for the below configuration.

    PSTN SITE 01: 

    host1 : 192.168.1.10  (Access edge and Media)
    host2 : 192.168.1.11  (Access edge and Media)


    Edge: APUSA.SIPdomain.com  

    DNS Record: APUSA.SIPdomain.com  

    Need help on the blow questions.

    1. should i add all the above public IPS in the record? 
    2. Do we need any internal DNS records to be created? if so,
    3. Physical servers should be in domain? or be in standard alone?
    4. Certificate 
       Can i use wildcard certificate: SN: *.SIPdomain.com, SAN, SIP.sipdomain.com
    per MS, we cna use SN = FQDN and SAN=

    Thank you,

    Regards,
    Madhu


    • Edited by MAdhuSri01 Wednesday, July 26, 2017 2:34 PM
    Wednesday, July 26, 2017 8:27 AM

Answers

  • Hi MAdhuSri01,

    Question1:

    Yes, you need to create external DNS record for access Edge.

    Question2:

    Yes, you need to create internal DNS records.

    As each CCE deploys one ADDS, therefore all the internal DNS records will point to deployed CCE internal DNS.

    Question3:

    With Cloud Connector Edition, you deploy a set of packaged VMs that contain a minimal Skype for Business Server topology—consisting of an Edge component, Mediation component, and a Central Management Store (CMS) role. You will also install a domain controller, which is required for the internal functioning of Cloud Connector. These services are configured for hybrid with your Office 365 tenant that includes Skype for Business Online services. But for the physical host machine, don’t add it to the domain.

    Question4:

    For the certificate, you can choose either SAN certificate with multiple entries or wildcard certificate, for details, please refer to the following document https://insidemstech.com/2016/04/29/skype-for-business-cloud-connector-edition-public-dns-ip-and-certificates-requirements/

    Here is also a blog about CCEhttps://technet.microsoft.com/en-us/library/mt605227.aspx
    https://technet.microsoft.com/en-us/library/mt605228.aspx

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by MAdhuSri01 Tuesday, August 1, 2017 10:58 AM
    Thursday, July 27, 2017 5:17 AM
  • Hi MAdhuSri01,

    Question1:

    Yes, you need to add two CCE public IP address to external DNS record, you don’t need to create Media relay DNS record separately.

    Question2:

    Question3:

    In my opinion, you could use this wildcard certificate.


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by MAdhuSri01 Tuesday, August 1, 2017 10:56 AM
    Tuesday, August 1, 2017 9:26 AM

All replies

  • Hi MAdhuSri01,

    Question1:

    Yes, you need to create external DNS record for access Edge.

    Question2:

    Yes, you need to create internal DNS records.

    As each CCE deploys one ADDS, therefore all the internal DNS records will point to deployed CCE internal DNS.

    Question3:

    With Cloud Connector Edition, you deploy a set of packaged VMs that contain a minimal Skype for Business Server topology—consisting of an Edge component, Mediation component, and a Central Management Store (CMS) role. You will also install a domain controller, which is required for the internal functioning of Cloud Connector. These services are configured for hybrid with your Office 365 tenant that includes Skype for Business Online services. But for the physical host machine, don’t add it to the domain.

    Question4:

    For the certificate, you can choose either SAN certificate with multiple entries or wildcard certificate, for details, please refer to the following document https://insidemstech.com/2016/04/29/skype-for-business-cloud-connector-edition-public-dns-ip-and-certificates-requirements/

    Here is also a blog about CCEhttps://technet.microsoft.com/en-us/library/mt605227.aspx
    https://technet.microsoft.com/en-us/library/mt605228.aspx

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by MAdhuSri01 Tuesday, August 1, 2017 10:58 AM
    Thursday, July 27, 2017 5:17 AM
  • Hi Alice,

    Thank you so much for the reply. But still i'm looking for the answers.

    Question1

    We have two CCE sites, Do we need to add two CCE's public IP address to the external DNS record ?  

    And do we need to create Media relay DNS record separately

    Question 2:

    DNS records for Office 365 already  in place, what type of internal records for CCE to be created?

    Question 4: 

    Certificate: 

    Customer is already having wildcard certificate, with CN= *.sipdomain.com, SAN = sip.sipdomain.com. can we use this for CCE?

    Once again thank you for your valuable inputs.

    Thank you,

    MadhuSri






    • Edited by MAdhuSri01 Thursday, July 27, 2017 7:42 AM
    • Marked as answer by MAdhuSri01 Tuesday, August 1, 2017 10:58 AM
    • Unmarked as answer by MAdhuSri01 Tuesday, August 1, 2017 10:58 AM
    Thursday, July 27, 2017 7:37 AM
  • Hi MAdhuSri01,

    Question1:

    Yes, you need to add two CCE public IP address to external DNS record, you don’t need to create Media relay DNS record separately.

    Question2:

    Question3:

    In my opinion, you could use this wildcard certificate.


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by MAdhuSri01 Tuesday, August 1, 2017 10:56 AM
    Tuesday, August 1, 2017 9:26 AM
  • Thank you so much Alice. Its really help full. 
    Tuesday, August 1, 2017 10:57 AM
  • Hi Alice,

    One more last question. When we setup cloud connector, will S4B client can get "Dial-pad"  with E5 license?  or i need to buy any add-ons like PSTN calling? 

    Thanks,
    MadhuSri

    Tuesday, August 1, 2017 3:44 PM
  • Hi MAdhuSri01,

    If your country is not supported for PSTN calling for SFB online, after you established the CCE, you could use PSTN service with SFB on premise.

    Here is a blog for your reference
    https://support.office.com/en-us/article/Skype-for-Business-add-on-licensing-3ed752b1-5983-43f9-bcfd-760619ab40a7


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 3, 2017 8:05 AM