Core Prerequisites

Service Accounts

In order to install Anywhere365 a number of Service Accounts need to be created in Active Directory. These accounts must have a password policy set to never expire.

Installation Account

Parameter	Value
Display Name	A365 Installation Account
Pre-Windows 2000 Log-on name	domain\username
User Principal Name	username@domain.extension
Password	Required
Description	Account used to install the Anywhere365 software
Security Group Membership	Domain Users CsAdministrator RTCUniversalServerAdmins
Other Requirements	Local Administrator on all Anywhere365 servers Local Administrator on all Skype-for-Business server file shares Content Manager on SQL Reporting Services Home Folder RDP Access to all Anywhere365 and Skype-for-Business Servers Super Admin privileges to the SQL Instance housing the CDR Database

Unified Contact Center Service Account

Parameter	Value
Display Name	A365 Service Account
Pre-Windows 2000 Log-on name	domain\username
User Principal Name	username@domain.extension
Password	Required
Description	Service account used to start and stop the UCC A Unified Contact Center, or UCC, is a queue of interactions (voice, email, IM, etc.) that are handled by Agents. Each UCC has its own settings, IVR menus and Agents. Agents can belong to one or several UCCs and can have multiple skills (competencies). A UCC can be visualized as a contact center “micro service”. Customers can utilize one UCC (e.g. a global helpdesk), a few UCC’s (e.g. for each department or regional office) or hundreds of UCC’s (e.g. for each bed at a hospital). They are interconnected and can all be managed from one central location. server services and connection to the CDR database
Security Group Membership	Domain Users RTCUniversalReadOnlyAdmins
Other Requirements	Log on as a Batch Job and Log on as a Service right on the local security policy of each Anywhere365 server Site Administrator permission on Anywhere365 SharePoint site DB Data Writer on CDR Database DB Data Reader on CDR Database Protect from Accidental Deletion Local Administrator on all Anywhere365 servers

Reporting Service Account (optional)

Parameter	Value
Display Name	A365 Reporting Service
Pre-Windows 2000 Log-on name	domain\username
User Principal Name	username@domain.extension
Password	Required
Description	Service account for SQL Reporting Service to access the CDR database for report generation
Security Group Membership	Domain Users
Other Requirements	DB Data Reader on CDR Database Protect from Accidental Deletion

Security Groups

In order to configure roles based access control to the Anywhere365 system a number of Active Directory Security Groups are required. Please provide the following.

Note: : Naming conventions can be changed to suit company policy. In the event of a change, please change accordingly in this document.

System Administrators

Parameter	Value
Security Group Display Name	A365 Administrators
Description	Security Group where members will be able to administer the system
UPN In Windows Active Directory, a User Principal Name (UPN) is the name of a system user in an email address format. A UPN (for example: john.doe@domain.com) consists of the user name (logon name), separator (the @ symbol), and domain name (UPN suffix).	UCC-ADMINS
Members	All Telephony Admins All Managed Services Members All Technical Consultants A365Install

Report Viewers

Parameter	Value
Security Group Display Name	A365 Report Viewers
Description	Security Group containing members who are allowed to view reports
UPN	UCC-RPT-VIEW
Members	UCC-ADMINS UCC-MNGR-UCC Name (of each Contact Center)

UCC Groups

It advised to create two Security Groups for each UCC. The first group contains the Contact Center Managers, the second group contains the Contact Center Agents.

The Contact Center Manager Security Groups should be added to the Report Viewer Security Group

Parameter	Value
Security Group Display Name	A365 UCC Name Managers
Description	Security Group containing the managers of the contact center UCC Name
UPN	UCC-MNGR-UCC Name
Members	All Contact Center Managers of the UCC UCC Name

Parameter	Value
Security Group Display Name	A365 UCC Name Agents
Description	Security Group containing the Agents of the contact center UCC Name
UPN	UCC-AGT-UCC Name
Members	All Contact Center Agents of the UCC UCC Name

Anywhere365 Server Pre-Requisites

The following section details how each Anywhere365 application server should be built. To ensure an efficient deployment, it is your responsibility (together with your partner(s) if needed) to implement these prerequisites before Anywhere365 is installed. Your dedicated Anywhere365 project lead can answer any questions you may have about the prerequisites.

Detailed Server Requirements

Windows Features

Windows Server with OS 2012 – 2012 R2

Windows Features installed:
- Web-Asp-Net
- Web-Mgmt-Console
- Web-Static-Content
- MSMQ
- Desktop-Experience
- NET-Framework-Core
- NET-HTTP-Activation
- NET-WCF-HTTP-Activation45
- Web-Asp-Net45
- Web-WebSockets

Run the following PowerShell command to install all required features W2012r2:

Copy

PowerShell

Install-WindowsFeature Web-Asp-Net, Web-Mgmt-Console, Web-Static-Content, MSMQ, Desktop-Experience, NET-Framework-Core, NET-HTTP-Activation, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-WebSockets

Note: Install .NET Framework 4.7.2 (separate installer)
https://go.microsoft.com/fwlink/?LinkID=863265

Windows Server with OS 2016

Windows Features installed:
- Web-Asp-Net
- Web-Mgmt-Console
- Web-Static-Content
- MSMQ
- NET-Framework-Core
- NET-HTTP-Activation
- NET-Framework-45-Core
- NET-WCF-HTTP-Activation45
- Web-Asp-Net45
- Web-WebSockets

Run the following PowerShell command to install all required features on W2016:

Copy

PowerShell

Install-WindowsFeature Web-Asp-Net, Web-Mgmt-Console, Web-Static-Content, MSMQ, NET-Framework-Core, NET-HTTP-Activation, NET-Framework-45-Core, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-WebSockets

Note: Install .NET Framework 4.7.2 (separate installer)
https://go.microsoft.com/fwlink/?LinkID=863265

Note: As of Bundle DC2024.01 Install .NET Framework 4.8 (separate installer)
https://dotnet.microsoft.com/en-us/download/dotnet-framework/net48

Windows Server with OS 2019

Windows Features installed:
- Web-Asp-Net
- Web-Mgmt-Console
- Web-Static-Content
- MSMQ
- NET-Framework-Core
- NET-HTTP-Activation
- NET-Framework-45-Core
- NET-WCF-HTTP-Activation45
- Web-Asp-Net45
- Web-WebSockets

Run the following PowerShell command to install all required features on W2019:

Copy

PowerShell

Install-WindowsFeature Web-Asp-Net, Web-Mgmt-Console, Web-Static-Content, MSMQ, NET-Framework-Core, NET-HTTP-Activation, NET-Framework-45-Core, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-WebSockets

Note: .NET Framework 4.7.2 comes pre-installed on Windows Server 2019

Note: As of Bundle DC2024.01 Install .NET Framework 4.8 (separate installer)
https://dotnet.microsoft.com/en-us/download/dotnet-framework/net48

Skype Components

Application Server is setup as a Lync Microsoft Lync (formerly Microsoft Office Communicator) is an instant messaging program designed for business use and is the successor of Windows Messenger. In order to use Lync, a Microsoft Lync Server is required./Skype trusted application server/pool
Lync/Skype installation ISO is mounted on Application Server
Run Lync / SfB Deployment Wizard on Application Server
Finished all 4 steps of Lync/Skype Server Deployment wizard on Application Server
Certificates are assigned during step 3 of the Lync/Skype Server Deployment wizard
CMS Replication is active and running on Application Server

Security

Note: : Any intrusion detection and/or (deep) packet inspection protocols need to be optimized not to cause any detrimental latency to real time voice, video and data communication that Anywhere365 relies on.

Opened Firewall ports for A365 (if applicable; check table for a complete overview)

Port	Source	Destination	Remark
TCP 80	Client Machines	Anywhere365	A365 web services over http
TCP 443	Client Machines	Anywhere365	A365 web services over https
TCP 445	Front End	Anywhere365	Skype CMS Replication
TCP 1433	SQL	Anywhere365	SQL Connectivity
TCP & UDP 3389	Client Machines	Anywhere365	Remote Desktop Connection
TCP 5061	Front End	Anywhere365	SIP The Session Initiation Protocol, or SIP, is a protocol for multimedia communication (audio, video and data communication). SIP is also used for Voice over IP (VoIP). SIP has interactions with other Internet protocols such as HTTP and SMTP. communications
TCP 6000-6100	Front End	Anywhere365	Port range for Trusted Applications
TCP 10000	Front End	Anywhere365	A365 Interceptor The Interceptor is a service installed on Anywhere365. It monitors all calls during set-up on endpoints of active Agents. By intercepting that call set-up and redirecting it to an Anywhere365 UCC it lets you manage the direct inbound and outbound dialogues of the contact center agents.
TCP & UDP 41000-65535	Front End	Anywhere365	Media flow; please note this is the default port range, it can differ in your deployment

Port	Source	Destination	Remark
TCP & UDP 53	Anywhere365	AD	DNS Queries
TCP 80	Anywhere365	SharePoint	SharePoint over http
TCP 80	Anywhere365	SQL Reporting	SQL Server Reporting Services over http
TCP 135	Anywhere365	SQL	SQL Server Management Studio
TCP 443	Anywhere365	SharePoint	SharePoint over https
TCP 443	Anywhere365	SQL Reporting	SQL Server Reporting Services over https
TCP 443	Anywhere365	Edge	SRTP, ICE, STUN & TURN
TCP 448	Anywhere365	Front End	Bandwidth Policy Service
TCP 1433	Anywhere365	SQL	SQL Connectivity
TCP & UDP 1434	Anywhere365	SQL	SQL Dedicated Admin Connectivity
TCP & UDP 1434	Anywhere365	SQL Reporting	SSRS Dedicated Admin Connectivity
TCP 2382	Anywhere365	SQL	Analysis Services
UDP 3478	Anywhere365	Edge	Edge Connectivity
TCP 4022	Anywhere365	SQL	Service Broker
TCP 5061	Anywhere365	Front End	SIP communications
TCP 8057	Anywhere365	Front End	Web Conferencing
TCP & UDP 41000-65535	Anywhere365	Front End	Media flow; please note this is the default port range, it can differ in your deployment

Added Anti-Virus exclusions (if applicable; check table for the required exclusions)

Folder	Default	Remark
Anywhere365 Install folder	C:\Program Files\Anywhere365	Folder containing the A365 application
Anywhere365 Data folder	C:\Program Data\Anywhere365	Folder containing the A365 service cache, logs and config files
Web Application Root folder	C:\inetpub\wwwroot	Folder containing all A365 web services
RTCReplicaRoot folder	C:\RTCReplicaRoot	Folder containing the Skype Replica
Pagefile Location	C:\Pagefile.sys	Folder used as overflow for physical memory

Monitoring

CPU above 90%
Memory above 95%
Hard Disk Free Space less than 12 GB on C:\
Hard Disk Free Space less than 5GB on D:\
Hard Disk Read / Write Latency less than 5ms
Network Receive less than 500Mbps
Network Send less than 500Mbps
Unified Contact Center Windows Service: Running
Anywhere365 Heartbeat KPI, repeated for each UCC, should be 1 for online, 0 (zero) for offline
Anywhere365 SharePoint Connected KPI, repeated for each UCC, should be 1 for online, 0 (zero) for offline
Anywhere365 Not Established Endpoints KPI, repeated for each UCC, should be 0 (zero) for active, greater than 0 for inactive
Anywhere365 Concurrent Audio Calls KPI, summed for each UCC, should be lower than 500 with recommended specs; 200 if call recording is enabled)
Anywhere365 Last Conference Creation Time KPI, repeated for each UCC, should be lower than 1500
Anywhere365 Last App Join Time KPI, repeated for each UCC, should be lower than 1500
Anywhere365 Last Customer Join Time KPI, repeated for each UCC, should be lower than 1500
Event Viewer Monitoring Applications and Services Logs > Unified Contact Center
Optionally Log File Monitoring D:\Program Files\Anywhere365\Core\Log\UCC_Log.txt – monitor for ERROR events

Skype-for-Business Pre-Requisites

The installation requires a working Skype-for-Business Server Front End Server Pool (or Microsoft Lync 2013). It is assumed that this is already configured and in a production state prior to installation of Anywhere365.

Please ensure that your Skype-for-Business configuration meets the following requirements:

Mandatory Requirements

At least one Skype-for-Business Front End Pool (or Microsoft Lync 2013)
At least one Skype-for-Business Mediation Pool (collocated acceptable; or Microsoft Lync 2013)
Latest Skype for Business Cumulative Update applied to all servers
A connection to the PSTN network
An unused PSTN Number for each contact center to be deployed
Skype-for-Business AVMCU has enough capacity to support additional conference workload (max 500 additional concurrent conferences per front-end pool available)

Mandatory DR Requirements (if DR required)

Pool pairing configured and tested
Mediation Server located in DR location
PSTN connection in DR location from same carrier as primary (note: for inter-continental failover a global SIP provider may be required)
Skype-for-Business Enterprise Voice multi-path failover configured

Optional Requirements (unless otherwise stated)

At least one Skype-for-Business Edge Server (for media relay, external access, mobility and federation When using Anywhere365 in combination with Federation you can add agents working with a Skype for Business or Teams account to your UCC.)
At least one Reverse Proxy Server
Skype-for-Business Enterprise Voice Global Dial Plan configured to convert any number to E.164 The E.164 phone number format is an international (ITU) standard for dialing telephone numbers. Loosely formulated, only "+" and upto 15 digits (0-9) are allowed For example: +4433221100 (For number notation/display and storage see the E.123 standard) (outbound dialing)

DNS Requirements

For Skype for Business DNS is essential. UCMA Microsoft Unified Communications Managed API (UCMA) is used primarily to build middle-tier applications that work with the Skype for Business Server. (and therefore Anywhere365) requires “Legacy” DNS discovery configured so this must be configured correctly for all features to work. UCMA ( the Skype/Lync API), like legacy client authentication, will discover and process DNS in the following order:

SRV: _sipinternaltls._tcp.domain.com
SRV: _sip._tls.domain.com
A: sipinternal.domain.com *
A: sip.domain.com
A: sipexternal.domain.com

See https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/network-requirements/dns for more information.

The Anywhere365 server/pool is always in your internal network so requires at least 1. and 4. to exist and 3. is optional but if used needs to be configured correctly*.

* if sipinternal.domain.com is configured in your internal DNS it needs to be included in in the SAN list of the FE server (or rather Director-role) certificate (See https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/requirements-for-your-environment/environmental-requirements#Certs).

Without sipinternal.domain.com, sip.domain.com will be used but then must be in an internal DNS zone for the SIP domain to point to your internal FEPool and of course also be included in the FE server certificate SAN list. For more information on very specific DNS configurations (like loadbalancing, split-brain dns or the need for pin-point (dedicated) zones) see: https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/edge-server-deployments/advanced-edge-server-dns#WalkthroughOfSkype

Optionally SQL Server Database for Anywhere365: (on the database server)

By default SQL Server Express will be installed on the application server to host the database required for Anywhere365. It is also possible to host the database on a separate database server, in this case at least a SQL Server 2016 database should be created (optionally in a separate SQL Instance).

SQL Server 2016 Database or higher
SQL Instance (optional)

Configure a New Trusted Application Server

To successfully publish, enable, or disable a topology when adding or removing a server role, you should be logged on as a user who is a member of the RTCUniversalServerAdmins and Domain Admins groups. It is also possible to delegate the proper administrator permissions and rights for adding server roles. For details, see Delegate Setup Permissions in the Deployment documentation. For other configuration changes, only membership in the RTCUniversalServerAdmins group is required.

To configure a trusted application server

Run on the first Front End Server in the Topology

Start Topology Builder as a member of the Domain Admins group and the RTCUniversalServerAdmins group.
Note: If Topology Builder is not available, install or run on another Skype for Business Server.
Select Download topology from existing deployment, and then click OK.
In the Save Topology As dialog box, click the Topology Builder file you want to use, and then click Save.
In the left pane, right-click Trusted application servers, and then click New Trusted Application Pool.
Enter the Pool FQDN FDQN stands for Fully Qualified Domain Name and specifies the exact location in the tree hierarchy of the Domain Name System (DNS). An example for [hostname].[domain].[top level domain] is [www].[microsoft].[com] of the trusted application pool, select whether it will be a single-server or multiple-server, and then click Next.
On the Select the next hop page, from the list, select the Front End pool.
Click Finish.
Select the top node and then, from the Actions menu, click Publish Topology.

Continue on the Anywhere365 Application Server

Run Bootstrapper from Skype for Business DVD, to install Deployment Wizard.
Run Deployment Wizard installer
Click "Install or Update Skype for Business Server System"
Complete all four steps of the Lync/Skype Deployment Wizard

The Trusted Application Pool should have been created successfully and associated with the correct Front End pool.