Configuring a Mediation Server
Topic Last Modified: 2009-09-17
You must configure Mediation Server to communicate with Office Communications Server 2007 on one side and, either media gateways or a Session Initiation Protocol (SIP) trunking service provider on the other. For details about SIP trunking, a new feature in Office Communications Server 2007 R2, see SIP Trunking Topology in the Technical Overview in the Getting Started documentation.
To configure a Mediation Server, you must specify the following:
The SIP transport used to communicate with a media gateway. There are two choices: Transport Layer Security (TLS) or Transmission Control Protocol (TCP).
- TLS is the recommended transport, which provides encrypted signaling between the Mediation Server and the media gateway that is connected to the public switched telephone network (PSTN). If you configure your gateway link for TLS, calls to and from the PSTN are encrypted end-to-end.
- It is possible to configure the Mediation Server to use TCP instead of TLS, but it is not recommended. If you configure the gateway link for TCP, that link presents a potential security vulnerability. For this reason, it is good practice to install two network interface cards, one facing the media gateway and the other facing the internal network.
Important
The link between Mediation Server and the internal Communications Server 2007 infrastructure is always configured for TLS, even in cases where the gateway link is configured for TCP. This requirement means that you must always configure a certificate on the Mediation Server. If you configure the gateway link for TLS, you must also configure a certificate on the gateway.
The IP addresses on which the Mediation Server listens for call traffic from Communications Server on one side and media gateways or SIP trunking providers on the other. The Communications Server listening IP address is the IP address of the internal (that is, the Communications Server-facing) edge of the Mediation Server. The Gateway or SIP-trunk listening IP address is the IP address of the external (that is, the gateway- or SIP-trunk-facing) edge of the Mediation Server.
The fully qualified domain name (FQDN) of the collocated A/V Edge Server and Media Relay Authentication Server for this Mediation Server.
The default location profile used by this Mediation Server.
The default Media port range.
The FQDN and port of the Communications Server internal next hop. In most cases, this server is a Director, a Standard Edition server, or an Enterprise Edition Front End Server.
The FQDN or the IP address and port for the media gateway or SIP trunk to which this Media Server is connected.
To configure Mediation Server you must be a member of the RTCUniversalServerAdmins group or have been delegated to perform this task by a member of that group.
To configure Mediation Server
Log on to a Communications Server 2007 Mediation Server.
Click Start, point to Administrative Tools, and then click Office Communications Server 2007.
Expand the appropriate forest node.
Expand the Mediation Servers node, right-click the Mediation Server to be configured, click Properties, and then click the General tab.
In the FQDN box, make sure the FQDN listed matches that of the Mediation Server you have selected.
Open a command prompt, change to the root directory, and type nslookup <FQDN of Mediation Server>, using the FQDN displayed on the Mediation Server General tab, and then press ENTER.
Note
You should configure only the Office Communications Server-facing IP address for dynamic DNS registration. Otherwise, the FQDN resolves to both IP addresses, which causes connections to fail unpredictably.
From the list of IP addresses displayed in the Communications Server listening IP address list, select the IP address returned in step 6.
Important
If the IP address selected in step 7 does not match the IP address in step 6, Communications Server traffic will be directed toward an interface that is not listening for such traffic and away from the one that is.
From the list of two IP addresses displayed in the Gateway listening IP address list, select the other IP address (that is, the one not already selected in step 7).
Note
The address selected in step 8 can be that of either a media gateway or a Private Branch Exchange (PBX).
From the A/V Edge Server list, select the A/V Edge Server that hosts the A/V Authentication Service for this Mediation Server.
Important
If the A/V Edge Server that hosts the A/V Authentication Service for this Mediation Server does not appear in the list, then the A/V Edge Server on which the service is collocated has not been entered into the A/V Edge Servers list on the Edge Servers tab of the Global Properties page. You need to add the A/V Edge Server to the previous list before it appears in the A/V Edge Server list on the Mediation Server tab. For details, see Office Communications Server 2007 R2 Edge Server Deployment Guide in the Deployment documentation.
In the Default location profile list, select the default location profile for this Mediation Server.
In Media port range accept the default range of 60,000 to 64,000.
Important
By reducing the port range greatly, you reduce server capacity. An administrator who is knowledgeable about media port requirements and scenarios should do this only for specific reasons. For this reason, altering the default port range is not recommended.
Organizations that employ Internet Protocol security (IPSec) for packet security are advised to disable it for media ports because the security handshake required by IPSec delays call setup. IPSec is unnecessary for media ports because Secure Real-Time Transport Protocol (SRTP) encryption secures all media traffic between the Mediation Server and the internal Communications Server network.Click the Next Hop Connections tab, and then under Office Communications Server next hop, do the following:
In the FQDN list, select the FQDN of the next-hop internal server.
Note
This server could be a Director or pool.
In the Port box, accept the default of 5061 for TLS.
On the Next Hop Connections tab, under PSTN Gateway next hop, do the following:
- In the Address box, specify the IP address or FQDN of the PSTN Gateway or the PBX associated with this Mediation Server. If TLS is enabled, you must specify an FQDN.
- In the Transport box, select TLS if the SIP signaling between the IP Gateway and the Mediation Server is protected by TLS. If you are not using TLS, select TCP.
- In the Encryption Level box, select the level of SRTP that you want to use to protect media traffic:
- If you do not want to use SRTP, click Do not support encryption. If you clicked TCP in the Transport box, this is the only option that is available.
- To specify that SRTP must be used, click Require encryption.
- To specify that SRTP should be attempted but no encryption should be used if negotiation for SRTP is not successful, click Support encryption.
- In the Port box, accept the default of 5060 for TCP or TLS.
Click OK.
Optional Configuration
If you want the Mediation Server to strip the plus sign (+) prefix from the Request Uniform Resource Identifier (URI), the To URI, and the From URI of outgoing calls to the gateway, set the Windows Management Instrumentation (WMI) setting called RemovePlusFromRequestURI to TRUE (the default value is FALSE).
To Strip the plus sign(+) prefix from the Request, To, and From URIs of outgoing calls
Log on to a Communications Server 2007 Mediation Server.
Click Start, click Run, and then type. wbemtest.
In the Windows Management Instrumentation Tester dialog, click Connect.
In the Connect dialog, verify that root\cimv2 appears in the Namespace text box, and then click Connect.
In the Windows Management Instrumentation Tester dialog, click Enum Classes….
In the Superclass Info dialog, ignore the Enter superclass name text box, and then click Recursive and OK.
In the Query Result list box, scroll down and double-click MSFT_SIPMediationServerConfigSetting, and then click Add.
In the Object editor for SIPMediationServerConfigSetting dialog, click Instances.
In the Query Result dialog, double click the Mediation Server instance whose configuration you want to change.
In the Object editor for SIPMediationServerConfigSetting dialog, select RemovePlusFromRequestURI, and then click Edit Property.
In the Property Editor dialog, change the Value from FALSE to TRUE, click Not NULL, and then click Save Property.
In the Object editor for SIPMediationServerConfigSetting dialog, click Save Object.
If you want to enable Quality of Service (QoS) marking on the Mediation Server, set the WMI setting called QoSEnabled to TRUE (the default value is FALSE).
To enable Quality of Service (QoS) marking on the Mediation Server
Log on to a Communications Server 2007 Mediation Server.
Click Start, click Run, and then type. wbemtest.
In the Windows Management Instrumentation Tester dialog, click Connect.
In the Connect dialog, verify that root\cimv2 appears in the Namespace text box, and then click Connect.
In the Windows Management Instrumentation Tester dialog, click Enum Classes….
In the Superclass Info dialog, ignore the Enter superclass name text box, and then click Recursive and OK.
In the Query Result list box, scroll down and double-click MSFT_SIPMediationServerConfigSetting, and then click Add.
In the Object editor for SIPMediationServerConfigSetting dialog, click Instances.
In the Query Result dialog, double click the Mediation Server instance whose configuration you want to change.
In the Object editor for SIPMediationServerConfigSetting dialog, select QoSEnabled, and then click Edit Property.
In the Property Editor dialog, change the Value from FALSE to TRUE, click Not NULL, and then click Save Property.
In the Object editor for SIPMediationServerConfigSetting dialog, click Save Object.