Topology Tab
Trained Administrators only!
The following procedure is to be performed by Luware-trained system administrators only. When uncertain about certain steps, don't hesitate to contact us.
The "Topology" tab provides the possibility to define the machines, TM system components and mailboxes which will be used by the TM system.
Elements configured in the topology tab interact in the following way:
This page only covers parts of the basic setup. Make sure to complete Initial Topology Configuration first.
Server (System) Sub-Tab
The "Server (System)" tab provides the possibility to define the machines for the TM System.
- Open TM Configurator -> Topology -> Server (System) tab
- Register each machine where TM system components will be installed by filling the
- Name
- IP Address
- FQDN
- Application Pool (it should be configured previously on TM Configurator -> Services -> Trusted Application Pools tab)
Components (Server) Sub-Tab
The "Components (Server)" tab provides the possibility to define and to configure TM system components for TM System.
Instructions on how to configure the Components (Server) tab for TM system administrators are given in the " TM System Components" chapter.
Component Defaults Sub-Tab
The instructed TM system administrators are able to fill here the component default values before the TM system components configuration and installation. These values will be used as default pre-defined values on the TM Configurator -> Topology -> Components (Server) and it will simplify the process of the TM system components configuration.
System Settings tab
TM system allows to configure the Lync States of team members in order to define who is included into a team and available for calls and when the call goes to all team members immediately ignoring Team Call Group Default Delay Time value specified for the corresponding team.
TM system also allows to remove possibility to work with teams that have Call type.
These settings affect the teams with Call type. The settings are global and applied to all teams existing in the system.
Changed settings and flag have effect only after restart of CIC and AC components .
The following settings and flag are presented on TM Configurator ->Topology -> "System Settings" tab:
Key in TM Configurator | Description | Default Value |
---|---|---|
User is member of the team in the following states | Set of Lync states of users who are included in the team, displayed in the list of team members in Lync Client and available for calls | Online, IdleOnline |
User is not member of the team in the following states | Set of Lync states of users who are not included in the team, not displayed in the list of team members in Lync Client and not available for calls | None, Busy, IdleBusy, DoNotDisturb, Offline, BeRightBack, and Away |
Call will ring first on the caller in the following states | Set of Lync states of team members who receive the call first. In this case the system takes into account the "Team Call Group Default Delay" value before the call rings to other team members | Online, IdleOnline |
Call will ring in the team from the beginning in the following states | Set of Lync states of team members who receive the call from the beginning in case the Lync state of a team member receiving the call rings first is not included in the set of Lync states in "Call will ring first on the caller in the following states" column | None, Busy, IdleBusy, DoNotDisturb, Offline, BeRightBack, and Away. |
Disable Team CallGroup | Allows to limit amount of team types that can be configured in TM.
| False |
Trusted Application Pools Sub-Tab
The "Trusted Application Pools" tab provides a possibility to define trusted application pools for the TM System.
The further use of trusted application pools is described below:
- After the trusted application pools are defined, they become available for further configuration on TM Configurator -> Topology -> Trusted Applications tab and are used for the configuration of trusted applications.
- After the trusted application pools are defined, they become available for further configuration on TM Configurator -> Topology -> Server (System) tab and should be used for the configuration of the server.
Trusted Applications Sub-Tab
TM system supports multipool functionality and allows to define different trusted applications to Contact Objects (Services). It provides safe work in case of some hardware failure and adds more flexibility to a company.
- According to the selected Trusted Application a specific Trusted Application Endpoint (Service) is created on SfBusiness Server.
After changing the Trusted Application, CIC runs a command to remove the existing Trusted Application Endpoint for the current Trusted Application:
Remove-CsTrustedApplicationEndpoint -Identity "Endpoint 1"
After that, CIC runs a command to create a new Trusted Application Endpoint for selected Trusted Application: New-CsTrustedApplicationEndpoint -ApplicationId tapp1 -TrustedApplicationPoolFqdn TrustPool.litwareinc.com -SipAddress sip:endpoint1@litwareinc.com
If the endpoint is created successfully, ICH that is running on the new Trusted Application performs the following actions: - Establishes Contact Object (Service) to Active state
- Establishes actual Contact Object"s (Service) state in SfBusiness client
If the endpoint is created unsuccessfully, CIC tries to create it 5 times every 5 minutes.
The "Trusted Applications" tab provides the possibility to define and configure trusted applications for the TM System
The system should be configured in the following way to get an appropriate behavior:
- Create Trusted Application Pool in TM Configurator -> Topology -> Trusted Application Pools tab
- Assign Trusted Application Pool to necessary Server in TM Configurator-> Topology ->Server (System) tab
- Create Trusted Application in TM Configurator-> Topology -> Trusted Applications tab
- Define necessary Trusted Application to Teams in TM Configurator -> Team -> Disabled Teams or Enabled Teams tabs
The table of settings:
Field Name | Description |
Name | Enter the name of the application. The name can be found on Lync Server machine in the Microsoft Lync Server Control Panel -> Topology -> Trusted Application. |
Port | Enter the port number of the application. The port number can be found on Lync Server machine in the Microsoft Lync Server Control Panel -> Topology -> Trusted Application. |
User Agent | Enter the user agent. The name can be found on Lync Server machine in the Microsoft Lync Server Control Panel -> Topology -> Trusted Application. |
Application Pool | Select from the dropdown the trusted application pool of the component. |
Server Type | Select from the dropdown the system component. |
The further use of trusted applications is described below:
- After the trusted applications are defined and configured, they are used by AC, CR, andICH system components. These system components should be created and configured on TM Configurator -> Services -> Components (Server) tab.
- After the trusted applications are defined and configured, they are assigned to teams in TM Configurator -> Teams -> Disabled Teams or TM Configurator -> Teams -> Enabled teams tabs.
- A trusted application assigned to a Service Team is also available for review on TM Configurator -> Services -> Services tab.
Frontend Pools Sub-Tab
The "Frontend Pools" tab provides a possibility to define frontend pools for the TM System. They are used in the Pool Awareness functionality. The Pool Awareness functionality allows TM to make a deal with a pool failover to survive a branch outage. System allows configuration of a redirection to the default endpoint in case Frontend Pool or ICH gets unavailable.
Frontend Pool is a high level of pools and has influence only on Trusted Application Pools. It can contain several Trusted Application Pools.
The hierarchy can be represented in the following way:
Pool Redirection Algorithm
The System listens to SIP responses targeted to service sip address and depending on the codes received from SfBusiness server. Calls are redirected according to the following algorithm:
- In case of Trusted Application Pool outage the system searches for another available Trusted Application Pool within the same Frontend Pool and redirects the call to the DefaultEndpointSipAddress configured in ICH. If there are no available or configured Trusted Application Pools within the same Frontend Pool, the system continues searching within another Frontend Pool.
- In case of Frontend Pool outage the system searches for another Frontend Pool and takes the first available Trusted Application Pool, redirects the call to the DefaultEndpointSipAddress configured in ICH. If there is no available or configured Trusted Application within Trusted Application Pool, system continues searching first within another Trusted Application Pool and then another Frontend Pool.
- If there is no configured DefaultEndpointSipAddress in ICH, the call will not be redirected.
- An already redirected call is not redirected in case of a failure.
- If no codes are configured in SMD config file, the call will not be terminated.
When system has found an active ICH with configured DefaultEndpointSipAddress, then the settings of the original target (Contact Object) are copied and will be applied to this "DefaultEndpointSipAddress" value. According to the settings of original target the system finds Agents belonging to original target and the call rings at these Agents.
Pool Configuration
To configure the Pool Awareness functionality, use the following steps:
- Create Frontend Pool on the TM Configurator -> Topology -> Frontend Pools tab
- Create the Trusted Application Pool(s) on the TM Configurator -> Topology -> Trusted Application Pools tab
- Assign the Frontend Pool to Trusted Application Pool(s) on the TM Configurator -> Topology -> Trusted Application Pools tab
- Enable "PoolAwareness" property in SMD component on the TM Configurator -> Topology -> Components (Server) tab
- Set "DefaultEndpointSipAddress" value in ICH component(s) TM Configurator -> Topology -> Components (Server) tab
- Define codes in SMD config file:
- key="PoolAwareness.SfbTrustedApplicationFailoverStatusCodes" value=""
- key="PoolAwareness.SfbFEFailoverStatusCodes" value=""
7. Restart ICH and SMD to apply the configuration changes
O365& Exchange
Support for Exchange Web Service (EWS) APIs for Exchange Online is being phased out by Microsoft1 in favor of OAuth 2.0 (via O365 credentials). TeamManager features already use Graph API and can be reconfigured. Check in your configuration that "O365" settings are used instead of "Exchange".
AREAS TO CHECK: Mailboxes, Calendars, Voicemail, Topology Settings. Note that "Mail Manager" as an exception will not get further Graph support.
The "O365&Exchange" tab provides the possibility to define and configure the tenants for the TM System. The tenants will be used for creating mailboxes in TM. There are two types of tenants available :
- O365
- Exchange
The following actions are available on the TM Configurator -> Topology -> O365&Exchange Tenants tab:
- To define new tenant, click "add" buttons and fill the settings.
- To delete existing tenants, select them and click "remove" buttons.
- To save the changes, click "save" button. No changes are applied until "save" button is clicked.
- To roll back the changes, click "reject" or "refresh" button.
The table of settings for O365 tenants:
Settings | Description |
Name | Enter any Name that you want to assign to a new O365 tenant. |
O365 ClientId | Enter previously saved application id that were registered on Microsoft Application Registration Portal. |
O365 Domain | Enter your Office 365 domain that can be found in your Office 365 Admin center. If you have more than one domain, you need to create a separate tenant for each domain. |
O365 Graph AuthorityURI | Office 365 Graph AuthorityURI is used for authentication Default value can be used: https://login.windows.net/Common |
O365 Graph Private Key | Enter previously saved password that were created for the application on Microsoft Application Registration Portal. |
O365 Graph TenantID | Enter Office 365 tenant ID that can be found in the Azure AD portal.You need to be an Azure AD administrator. |
O365 Graph PagingSize | Not used yet. Leave the field empty. |
Organization Unit | Select an organization unit that will be used for the newly created O365 tenant. |
"Grant Application Permissions" button | Grants necessary rights that allows TM system to work with O365 accounts. |
The table of settings for exchange tenants:
Settings | Description |
---|---|
Name | The name of the created tenant. |
Location | The link to the ews interface. |
Type | The type of the Exchange server on which the mailbox is created. |
Organization | Select an organization unit that will be used for the newly created exchange tenant. |
Configuring Exchange Tenant in Mailboxes
After the tenant definition they become available for further configuration on TM Configurator -> Services -> Mailboxes tab and may be used for the configuration of mailboxes.
Credentials Sub-Tab
The "Credentials" tab provides the possibility to define and configure the credentials for mailboxes for the TM System.
The following actions are available on the TM Configurator -> Topology -> Credentials tab:
The table of settings :
Settings | Description |
---|---|
Username | The username of the email account created on the Exchange server. |
Domain | The domain of the email account created on the Exchange server. |
Password | The password of the email account created on the Exchange server. |
Using Credentials in Mailboxes
After the credentials are defined they become available for further configuration on TM Configurator -> Services -> Mailboxes.
Mailboxes Sub-Tab
The "Mailboxes" tab provides the possibility to define and configure the mailboxes for the TM System. The mailboxes will be used in mail services and for specific workflows and features.
The mailboxes should be created and configured on Exchange, before defining them in the TM System.
The following actions are available on the TM Configurator -> Topology -> Mailboxes tab:
- To define new mailboxes, click "add" buttons in the "Mailbox Credential" sections and fill the settings.
- To delete existing mailboxes, select them in the "Mailbox Credential" section and click "remove" button.
- To save the changes, click "save" button. No changes are applied until "save" button is clicked.
- To roll back the changes, click "reject" or "refresh" button.
The table of settings:
Settings | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Credential | The username of the email account created on the Exchange server. | ||||||||||
O365 Tenant | The tenant configured for an O365 account. | ||||||||||
Exchange Tenant | The type of the Exchange server on which the mailbox is created. | ||||||||||
Use Impersonation | Option to allow TM to use impersonation and access a shared calendar (instead of using the built-in Opening Hours calendar).
| ||||||||||
Account | The full email account created on the Exchange server. | ||||||||||
Default Value | Default state of mailbox selected from a list of categories defined on CI server. | ||||||||||
Organization Unit | The organization unit to which the selected mailbox belongs. |
The further use of mailboxes is described below:
- After the mailboxes definition they become available for further configuration on TM Configurator -> Team -> Disabled /Enabled Teams tab and may be used for the configuration of the "Opening Hours Box" feature.
- After the mailboxes definition they become available for further view on TM Configurator -> Services -> Services tab in the "Opening Hours Box" field.
- After the mailboxes definition they become available for further configuration on TM Configurator -> Services -> Recording tab and may be used for the configuration of the "Recording" feature.
Settings
The Settings tab controls general TM settings
The "Settings" tab has the following options:
Field Name | Description |
---|---|
Hide customer data from logs | Set to "true" to hide customer information in log files. |
Active Directory Settings | |
Use windows service account | Set to "true" to use windows service account to run CIC and query the Active Directory. |
UserName | Username of the account that will be used instead of network service account. |
Password | Password for the account that will be used instead of network service account. |
OU team filter | Distinguished name where CIC synchronizes groups from the active directory. |
TM System Administrator Group
To make TM Configurator more secure, an additional authentication setting has to be configured to limit the user"s access to TM Configurator. This setting allows specifying a group of users that will be able to run and use TM Configurator.
System Administrator Group (AD group) can be configured on Topology tab (Topology -> Credentials)
"Current User" field displays the user currently signed in windows and "System Administrator Group" field to specify group of administrators. By default, the "System Administrator Group" value is empty. System Administrator Group needs to be verified before saving. A click on "Verify" button checks if the specified group exists in Active Directory.Verification process may take several seconds and as a result has three states:
- "Verified" – if value is correct;
- "Verified with Error" – if value is incorrect;
- "Not Verified" – when the specified value is not verified yet.
Depending on whether System Administrator Group is set or not, the authentication rules will be applied for Configurator:
- If AD group is empty, an authentication rule is not set;
- If AD group is set, the running user in windows is used for authentication and allowed to use LC if he is a member in the SystemAdministrator Group:
If a user is not a member, a popup appears: "User is not allowed to use LC"
If a user cannot get to the group, another Error message appears: "Group cannot be accessed"
- Cross AD Forest is possible
A distinguished name value must be set as System Administrator Group in format: CN=GroupNAme,OU= OrganizationalUnitName,OU= OrganizationalUnitName,DC= DomainComponent,DC= DomainComponent
Objects are located within Active Directory domains according to a hierarchical path which includes the labels of the Active Directory domain name and each level of container objects. The full path to the object is defined by the distinguished name (also known as a "DN"). The name of the object itself, separate from the path to the object, is defined by a relative distinguished name.
Object Class | Naming Attribute Display Name | Naming Attribute LDAP Name |
User | Common-Name | cn |
organizationalUnit | Organizational-Unit-Name | ou |
Domain | Domain-Component | dc |
There are a few tricky moments that should be kept in mind while configuring System Administrator Group:
- If System Administrator Group does not exist in Active Directory or contains regex mistake, it can"t be saved.
- If System Administrator Group value was removed or renamed in Active Directory, then Configurator can"t be run until record in DB is removed.
- If there are groups in System Administrator Group (nested groups), the members of such groups should be considered System Administrators as well.
API Keys Sub-Tab
Luware API allows customers to get system information and reporting data using API GET methods. Luware API is an active – active component and may be installed on any machine that has IIS configured.
The "API Keys" tab has the following settings:
Key in TM Configurator | Description |
Name | Enter a name for a new API key |
API Key | Unique number generated by the system |
Expiration Date | The key"s expiration date in format "dd.MM.yyyy hh:mm" |
Description | Customer"s text |
Generate new API key | A button to generate a new number for already created API key |
More info on the API can be found on the TeamManager API page.