Thursday, February 2, 2017

MsIgnite BRK3061 - Ready Your Network for Skype for Business Online

Presented by Hao Yan

What impacts Call Quality & Reliability?
 
Environment – noisy environment (the Skype for Business media stack provides noise reduction and echo cancellation, but that is not enough to solve all acoustic disturbances.)
Devices – 50% of the problem and easy to fix!
Use high quality devices (certified devices) instead of laptop built-in devices, please do not be penny wise and pound foolish considering the investment you already made.
Network – 50% of the problem and hard(er) to fix, still most organizations is looking into this without addressing the device issue. Use the Skype for Business Online Call Quality Dashboard to verify device and network impact on call quality.

The Microsoft network have more than 100 Points of Presence worldwide and every 5 minutes performance is monitored from any point to any point; Skype for business as a part of Office 365 lives in this network.


Office 365 networking


1. A user from the internet must reach Office 365.
2. Authentication / Directory Sync must go between your network and Office 365.
3. DNS and certificate services must be reached from your network.
4. Express route (optional) is a dedicated private connection with predictable bandwidth that can replace nr 2. It is not a security solution, but can improve network performance and allow for end-to-end Quality of Service.


Networking is a teamwork between you, your ISP and Microsoft. If there are issues we must break it down and find out where we can improve. See Tune Skype for Business Online performance for more information.


How can we measure network performance?

Use the tools recommended in the "Determine Network Readiness" section of the Skype Operations Framework. Target Skype’s world wide Anycast IP – 13.107.8.2 this will find the closest peering point between your network and the Microsoft network. Measure the network before, during and after the Skype for business implementation.


Routing and firewall configuration

Allow outbound UDP/TCP traffic to all Office 365 URLs and IP address ranges. URLs and IP address ranges are updated monthly, subscribe to the RSS feed to get change notifications.


Outbound destination port openings

  • Minimum: TCP 443
  • Better: TCP 443 + UDP/TCP 3478
  • Best: TCP 443 + UDP/TCP 3478 + UDP/TCP 50,000 - 59,999

The use of a Http proxy is supported, but direct IP routing is better since the proxy does not add anything for Skype for business traffic - all content is encrypted anyway. If a proxy must be used make sure to turn off deep packet inspection for Skype for business media traffic and update the PAC file to allow all Office 365 URLs and IP address ranges.


Virtual Private Networks

Skype for business over VPN is not supported. A VPN will encrypt the already encrypted Skype for business media traffic, this is of no use and will only add latency. Call over a VPN is 2 times more likely to drop and have a 0,1 to 0,4 lower MOS score than a non-VPN call. The solution to this is to bypass the VPN for Skype for business traffic by implementing split-tunnel.

Quality of Service (QoS)

QoS can been seen as insurance. First plan so that you never get network congestions, but if you do get congestions it is important to prioritize the important traffic (real-time Skype for business media) over non-essential emailing and web browsing. Bandwidth planning and QoS goes hand-in-hand. Therefore, enable QoS in your all your internal networks, Wifi, LAN and WAN.