Trained Administrators only!

The following procedure is to be performed by Luware-trained system administrators only. When uncertain about certain steps, don't hesitate to contact us

The "Topology" tab provides the possibility to define the machines, TM system components and mailboxes which will be used by the TM system.

Elements configured in the topology tab interact in the following way:

The correlation of the TM Configurator tabs

This page only covers parts of the basic setup. Make sure to complete Initial Topology Configuration first.

Server (System) Sub-Tab

The "Server (System)" tab provides the possibility to define the machines for the TM System.

  1. Open TM Configurator -> Topology -> Server (System) tab
  2. Register each machine where TM system components will be installed by filling the
    1. Name
    2. IP Address
    3. FQDN
    4. Application Pool (it should be configured previously on TM Configurator -> Services -> Trusted Application Pools tab)

The example of filled Luware-TM-Configurator Servers' settings

Components (Server) Sub-Tab

The "Components (Server)" tab provides the possibility to define and to configure TM system components for TM System.

Instructions on how to configure the Components (Server) tab for TM system administrators are given in the " TM System Components" chapter.


TM system components and configuration on the Components (Server) tab

Component Defaults Sub-Tab


The instructed TM system administrators are able to fill here the component default values before the TM system components configuration and installation. These values will be used as default pre-defined values on the TM Configurator -> Topology -> Components (Server) and it will simplify the process of the TM system components configuration.

The Component Defaults tab

System Settings tab

TM system allows to configure the Lync States of team members in order to define who is included into a team and available for calls and when the call goes to all team members immediately ignoring Team Call Group Default Delay Time value specified for the corresponding team.
TM system also allows to remove possibility to work with teams that have Call type.
These settings affect the teams with Call type. The settings are global and applied to all teams existing in the system.

Team Membership and Routing Behavior settings.


Changed settings and flag have effect only after restart of CIC and AC components .
The following settings and flag are presented on TM Configurator ->Topology -> "System Settings" tab:

Key in TM Configurator

Description

Default Value

User is member of the team in the following states

Set of Lync states of users who are included in the team, displayed in the list of team members in Lync Client and available for calls

Online, IdleOnline

User is not member of the team in the following states

Set of Lync states of users who are not included in the team, not displayed in the list of team members in Lync Client and not available for calls

None, Busy, IdleBusy, DoNotDisturb, Offline, BeRightBack, and Away

Call will ring first on the caller in the following states

Set of Lync states of team members who receive the call first. In this case the system takes into account the "Team Call Group Default Delay" value before the call rings to other team members

Online, IdleOnline

Call will ring in the team from the beginning in the following states

Set of Lync states of team members who receive the call from the beginning in case the Lync state of a team member receiving the call rings first is not included in the set of Lync states in "Call will ring first on the caller in the following states" column

None, Busy, IdleBusy, DoNotDisturb, Offline, BeRightBack, and Away.

Disable Team CallGroup

Allows to limit amount of team types that can be configured in TM.

With the flag set to "False" , teams of all three types can be created and configured:

  • TeamServiceOnly
  • TeamCallGroupOnly
  • TeamServiceandTeamCallGroup


    With the flag set to "True", only one type of teams can be created and configured:
  • TeamServiceOnly

False

Trusted Application Pools Sub-Tab

The "Trusted Application Pools" tab provides a possibility to define trusted application pools for the TM System.

TM Configurator -> Topology -> Trusted Application Pools tab

The further use of trusted application pools is described below:

  • After the trusted application pools are defined, they become available for further configuration on TM Configurator -> Topology -> Trusted Applications tab and are used for the configuration of trusted applications.
  • After the trusted application pools are defined, they become available for further configuration on TM Configurator -> Topology -> Server (System) tab and should be used for the configuration of the server.

Trusted Applications Sub-Tab

TM system supports multipool functionality and allows to define different trusted applications to Contact Objects (Services).  It provides safe work in case of some hardware failure and adds more flexibility to a company.

  • According to the selected Trusted Application a specific Trusted Application Endpoint (Service) is created on SfBusiness Server.
    After changing the Trusted Application, CIC runs a command to remove the existing Trusted Application Endpoint for the current Trusted Application:
    Remove-CsTrustedApplicationEndpoint -Identity "Endpoint 1"
    After that, CIC runs a command to create a new Trusted Application Endpoint for selected Trusted Application: New-CsTrustedApplicationEndpoint -ApplicationId tapp1 -TrustedApplicationPoolFqdn TrustPool.litwareinc.com -SipAddress sip:endpoint1@litwareinc.com
    If the endpoint is created successfully, ICH that is running on the new Trusted Application performs the following actions:
  • Establishes Contact Object (Service) to Active state
  • Establishes actual Contact Object"s (Service) state in SfBusiness client

If the endpoint is created unsuccessfully, CIC tries to create it 5 times every 5 minutes.
The "Trusted Applications" tab provides the possibility to define and configure trusted applications for the TM System
The system should be configured in the following way to get an appropriate behavior:

  • Create Trusted Application Pool in TM Configurator -> Topology -> Trusted Application Pools tab
  • Assign Trusted Application Pool to necessary Server in TM Configurator-> Topology ->Server (System) tab
  • Create Trusted Application in TM Configurator-> Topology -> Trusted Applications tab
  • Define necessary Trusted Application to Teams in TM Configurator -> Team -> Disabled Teams or Enabled Teams tabs

The table of settings:

Field Name

Description

Name

Enter the name of the application. The name can be found on Lync Server machine in the Microsoft Lync Server Control Panel -> Topology -> Trusted Application.
Format: urn:application:name
Example: urn:application:brown_agentcontrol

Port

Enter the port number of the application. The port number can be found on Lync Server machine in the Microsoft Lync Server Control Panel -> Topology -> Trusted Application.
Example: 6300

User Agent

Enter the user agent. The name can be found on Lync Server machine in the Microsoft Lync Server Control Panel -> Topology -> Trusted Application.
Format: name (without urn:application)
Example: brown_agentcontrol

Application Pool

Select from the dropdown the trusted application pool of the component.
Pre-conditions : the trusted application pool should be configured earlier on TM Configurator -> Topology -> Trusted Application Pools

Server Type

Select from the dropdown the system component.

TM Configurator -> Topology -> Trusted Application tab with configured trusted applications


The further use of trusted applications is described below:

  • After the trusted applications are defined and configured, they are used by AC, CR, andICH system components. These system components should be created and configured on TM Configurator -> Services -> Components (Server) tab.
  • After the trusted applications are defined and configured, they are assigned to teams in TM Configurator -> Teams -> Disabled Teams or TM Configurator -> Teams -> Enabled teams tabs.
  • A trusted application assigned to a Service Team is also available for review on TM Configurator -> Services -> Services tab.

TM Configurator -> Team -> Enabled Teams tab


Reviewing a trusted application assigned to a service

Frontend Pools Sub-Tab

The "Frontend Pools" tab provides a possibility to define frontend pools for the TM System. They are used in the Pool Awareness functionality. The Pool Awareness functionality allows TM to make a deal with a pool failover to survive a branch outage. System allows configuration of a redirection to the default endpoint in case Frontend Pool or ICH gets unavailable.
Frontend Pool is a high level of pools and has influence only on Trusted Application Pools. It can contain several Trusted Application Pools.
The hierarchy can be represented in the following way:

Pool Redirection Algorithm

The System listens to SIP responses targeted to service sip address and depending on the codes received from SfBusiness server. Calls are redirected according to the following algorithm:

  • In case of Trusted Application Pool outage the system searches for another available Trusted Application Pool within the same Frontend Pool and redirects the call to the DefaultEndpointSipAddress configured in ICH. If there are no available or configured Trusted Application Pools within the same Frontend Pool, the system continues searching within another Frontend Pool.
  • In case of Frontend Pool outage the system searches for another Frontend Pool and takes the first available Trusted Application Pool, redirects the call to the DefaultEndpointSipAddress configured in ICH. If there is no available or configured Trusted Application within Trusted Application Pool, system continues searching first within another Trusted Application Pool and then another Frontend Pool.
  • If there is no configured DefaultEndpointSipAddress in ICH, the call will not be redirected.
  • An already redirected call is not redirected in case of a failure.
  • If no codes are configured in SMD config file, the call will not be terminated.

When system has found an active ICH with configured DefaultEndpointSipAddress, then the settings of the original target (Contact Object) are copied and will be applied to this "DefaultEndpointSipAddress" value. According to the settings of original target the system finds Agents belonging to original target and the call rings at these Agents.

Create Frontend Pool on the TM Configurator -> Topology -> Frontend Pools tab

Pool Configuration

To configure the Pool Awareness functionality, use the following steps:

  1. Create Frontend Pool on the TM Configurator -> Topology -> Frontend Pools tab
  2. Create the Trusted Application Pool(s) on the TM Configurator -> Topology -> Trusted Application Pools tab
  3. Assign the Frontend Pool to Trusted Application Pool(s) on the TM Configurator -> Topology -> Trusted Application Pools tab
  4. Enable "PoolAwareness" property in SMD component on the TM Configurator -> Topology -> Components (Server) tab
  5. Set "DefaultEndpointSipAddress" value in ICH component(s) TM Configurator -> Topology -> Components (Server) tab
  6. Define codes in SMD config file:
  • key="PoolAwareness.SfbTrustedApplicationFailoverStatusCodes" value=""
  • key="PoolAwareness.SfbFEFailoverStatusCodes" value=""

      7. Restart ICH and SMD to apply the configuration changes

Assign Frontend Pool to Trusted Application Pool(s) in TM Configurator -> Topology -> Trusted Application Pools

Enable 'PoolAwareness' property in SMD on TM Configurator -> Topology -> Components (Server) tab

Set 'DefaultEndpointSipAddress' value in ICH(s) TM Configurator -> Topology -> Components (Server) tab

O365& Exchange


Support for Exchange Web Service (EWS) APIs for Exchange Online is being phased out by Microsoft1 in favor of OAuth 2.0 (via O365 credentials). TeamManager features already use Graph API and can be reconfigured. Check in your configuration that "O365" settings are used instead of "Exchange".

(tick) AREAS TO CHECK: Mailboxes, Calendars, Voicemail, Topology Settings. Note that "Mail Manager" as an exception will not get further Graph support.


1 https://techcommunity.microsoft.com/t5/exchange-team-blog/upcoming-api-deprecations-in-exchange-web-services-for-exchange/ba-p/2813925

The "O365&Exchange" tab provides the possibility to define and configure the tenants for the TM System. The tenants will be used for creating mailboxes in TM. There are two types of tenants available :

  • O365
  • Exchange

The following actions are available on the TM Configurator -> Topology -> O365&Exchange Tenants tab:

  • To define new tenant, click "add" buttons and fill the settings.
  • To delete existing tenants, select them  and click "remove" buttons.
  • To save the changes, click "save" button. No changes are applied until "save" button is clicked.
  • To roll back the changes, click "reject" or "refresh" button.

The table of settings for O365 tenants:

Settings

Description

Name

Enter any Name that you want to assign to a new O365 tenant.

O365 ClientId

Enter previously saved application id that were registered on Microsoft Application Registration Portal.

O365 Domain

Enter your Office 365 domain that can be found in your Office 365 Admin center. If you have more than one domain, you need to create a separate tenant for each domain.

O365 Graph AuthorityURI

Office 365 Graph AuthorityURI is used for authentication Default value can be used:

https://login.windows.net/Common

O365 Graph Private Key

Enter previously saved password that were created for the application on Microsoft Application Registration Portal.

O365 Graph TenantID

Enter Office 365 tenant ID that can be found in the Azure AD portal.You  need to be an Azure AD administrator.

O365 Graph PagingSize

Not used yet. Leave the field empty.

Organization Unit

 Select an organization unit that will be used for the newly created O365 tenant.

"Grant Application Permissions" button

Grants necessary rights that allows TM system to work with O365 accounts.
Note: It"s required to press "Grant Application Permissions" button after changes made for the application on Microsoft Application Registration Portal or for O365 Tenant in TM Configurator.

An example of the created O365 tenant


The table of settings for exchange tenants:

Settings

Description

Name

The name of the created tenant.

Location

The link to the ews interface.

Type

The type of the Exchange server on which the mailbox is created.

Organization

Select an organization unit that will be used for the newly created exchange tenant.

An example of the created exchange tenant

Configuring Exchange Tenant in Mailboxes

After the tenant definition they become available for further configuration on TM Configurator -> Services -> Mailboxes tab and may be used for the configuration of mailboxes.

'Tenant' fields on the 'Mailboxes' Tab

Credentials Sub-Tab

The "Credentials" tab provides the possibility to define and configure the credentials for mailboxes for the TM System.
The following actions are available on the TM Configurator -> Topology -> Credentials tab:

An example of the filled credentials


The table of settings :

Settings

Description

Username

The username of the email account created on the Exchange server.

Domain

The domain of the email account created on the Exchange server.

Password

The password of the email account created on the Exchange server.

Using Credentials in Mailboxes

After the credentials are defined they become available for further configuration on TM Configurator -> Services -> Mailboxes.

The Set/RemoveOpeningHoursBox for enabled service team

Mailboxes Sub-Tab

The "Mailboxes" tab provides the possibility to define and configure the  mailboxes for the TM System. The mailboxes will be used in mail services and for specific workflows and features.
The mailboxes should be created and configured on Exchange, before defining them in the TM System.
The following actions are available on the TM Configurator -> Topology -> Mailboxes tab:

  • To define new mailboxes, click "add" buttons in the  "Mailbox Credential" sections and fill the settings.
  • To delete existing mailboxes, select them in the "Mailbox Credential" section and click "remove" button.
  • To save the changes, click "save" button. No changes are applied until "save" button is clicked.
  • To roll back the changes, click "reject" or "refresh" button.

The table of settings:

Settings

Description

Credential

The username of the email account created on the Exchange server.

O365 Tenant

The tenant configured for  an O365 account.

Exchange Tenant

The type of the Exchange server on which the mailbox is created.

Use Impersonation

Option to allow TM to use impersonation and access a shared calendar (instead of using the built-in Opening Hours calendar).

Exchange On-Prem (EWS)Exchange Online (MS Graph)

An impersonated account is added in Exchange to a group with 'ApplicationImpersonation' role.

To use an impersonated account:

  1. select it from → 'Credential' drop down list. → (Credentials are described in the previous chapter)
    1. 'true' to use an impersonated account instead of original one.
    2. 'false' to use original account.

(info) Supported with TM V3.7. Refer to Azure and O365 ApplicationsConfigure Access Permissions

(tick) Precondition: If you want to use shared Exchange Online Calendars to you will need an additional delegated permission:

Permission

Type

Description

Calendars.Read.Shared

Delegated

Read user and shared calendars

To configure a user account to access a shared mailbox (calendar):

  1. Configure the user in the → Credentials (see previous chapter)
  2. Head to "Mailboxes" and create a new account
  3. Ensure the "Account" name of the user points to the address of the correct calendar
  4. Configure the shared mailbox  (O365 Tenant), and select the configured credentials (Topology → Credentials).
  5. Make sure the "Use Impersonation" checkbox is enabled


(tick) For the shared calendar to take effect, make sure to select it in the .

Account

The full email account created on the Exchange server.

Default Value

Default state of mailbox selected from a list of categories defined on CI server.

Organization Unit

The organization unit to which the selected mailbox belongs.


'Mailbox Credential' page


The further use of mailboxes is described below:

  • After the mailboxes definition they become available for further configuration on TM Configurator -> Team -> Disabled /Enabled Teams tab and may be used for the configuration of the "Opening Hours Box" feature.
  • After the mailboxes definition they become available for further view on TM Configurator -> Services -> Services tab in the "Opening Hours Box" field.
  • After the mailboxes definition they become available for further configuration on TM Configurator -> Services -> Recording tab and may be used for the configuration of the "Recording" feature.



'Set/Remove OpeningHoursBox' field on 'Enabled Teams' tab


'Mailbox' field on 'Recodring' tab

Settings

The Settings tab controls general TM settings 

'Settings' tab on TM Configurator

The "Settings" tab has the following options:

Field Name

Description

Hide customer data from logs

Set to "true" to hide customer information in log files.
Set to "false" to show customer information in log files.
The setting doesn"t affect TM parameters with "IsSensitive" flag.

Active Directory Settings


Use windows service account

Set to "true" to use windows service account to run CIC and query the Active Directory.
Set to "false" to use the configured CIC account for the Ldap Access.
By default set to "true".
CIC restart is required.

UserName

Username of the account that will be used instead of network service account.

Password

Password for the account that will be used instead of network service account.

OU team filter

Distinguished name where CIC synchronizes groups from the active directory.

TM System Administrator Group

To make TM Configurator more secure, an additional authentication setting has to be configured to limit the user"s access to TM Configurator. This setting allows specifying a group of users that will be able to run and use TM Configurator.
System Administrator Group (AD group) can be configured on Topology tab (Topology -> Credentials)

Reviewing a trusted application assigned to a service


"Current User" field displays the user currently signed in windows and "System Administrator Group" field to specify group of administrators. By default, the "System Administrator Group" value is empty. System Administrator Group needs to be verified before saving. A click on "Verify" button checks if the specified group exists in Active Directory.Verification process may take several seconds and as a result has three states:

  • "Verified" – if value is correct;
  • "Verified with Error" – if value is incorrect;
  • "Not Verified" – when the specified value is not verified yet.


Depending on whether System Administrator Group is set or not, the authentication rules will be applied for Configurator:

    • If AD group is empty, an authentication rule is not set;
    • If AD group is set, the running user in windows is used for authentication and allowed to use LC if he is a member in the SystemAdministrator Group:

If a user is not a member, a popup appears: "User is not allowed to use LC"
If a user cannot get to the group, another Error message appears: "Group cannot be accessed"

    • Cross AD Forest is possible

A distinguished name value must be set as System Administrator Group in format: CN=GroupNAme,OU= OrganizationalUnitName,OU= OrganizationalUnitName,DC= DomainComponent,DC= DomainComponent
Objects are located within Active Directory domains according to a hierarchical path which includes the labels of the Active Directory domain name and each level of container objects. The full path to the object is defined by the distinguished name (also known as a "DN"). The name of the object itself, separate from the path to the object, is defined by a relative distinguished name.

Object Class

Naming Attribute Display Name

Naming Attribute LDAP Name

User

Common-Name

cn

organizationalUnit

Organizational-Unit-Name

ou

Domain

Domain-Component

dc


'Active Directory' domains according to a hierarchical path and each level of container objects

There are a few tricky moments that should be kept in mind while configuring System Administrator Group:

    • If System Administrator Group does not exist in Active Directory or contains regex mistake, it can"t be saved.
    • If System Administrator Group value was removed or renamed in Active Directory, then Configurator can"t be run until record in DB is removed.
    • If there are groups in System Administrator Group (nested groups), the members of such groups should be considered System Administrators as well.

API Keys Sub-Tab

Luware API allows customers to get system information and reporting data using API GET methods. Luware API is an active – active component and may be installed on any machine that has IIS configured.
The "API Keys" tab has the following settings:

Key in TM Configurator

Description

Name

Enter a name for a new API key

API Key

Unique number generated by the system

Expiration Date

The key"s expiration date in format "dd.MM.yyyy hh:mm"
It can be left empty.

Description

Customer"s text

Generate new API key

A button to generate a new number for already created API key


'API Keys' tab on TM-Confgurator

More info on the API can be found on the TeamManager API page.