Category: Voice over IP

How the PSTN Gateway Fits into Skype for Business

Entry #7 in the “How it Fits” series is…the PSTN Gateway!

Like the Reverse Proxy, a PSTN Gateway isn’t a dedicated Server Role in Skype for Business. However, that doesn’t mean it’s optional. In fact, it’s critical if you want to use Enterprise Voice.

Without one of these three options – PSTN Gateway, IP-PBX, or SIP Trunk – you can’t call out of the office. Nor can anyone calling you reach you.

PSTN Gateway Guard

I don’t let anyone pass unless they have a PSTN Gateway. Or a treat.
Photo by Szymon Fischer on Unsplash.

This post will explain why, and how to deploy a PSTN gateway for your Skype for Business Server.

The PSTN Gateway’s Primary Role

In a Skype for Business topology, the PSTN Gateway translates signals between VoIP and PSTN networks. This allows internal VoIP phones to connect out into the vast worldwide analog phone network. And vice versa.

Why would you need to do that? It’s due to the signal types used for voice calls.

The PSTN, or “Public Switched Telephone Network” uses analog signals to transmit your voice. However, Skype for Business uses a digital signal for its transmissions. Same with every other “Voice over IP” system.

These signal types are markedly different. If you tried to listen to a digital IP signal as-is, you’d get an ear-splitting howl!

That’s where the PSTN Gateway steps in. By converting one signal type to other, it allows for seamless voice communications.

It’s not the only solution—you can also use a SIP Trunk for the same purpose. I may do a post on SIP trunks as well, but for now, we’re focusing on the PSTN Gateway.

Main Components of the PSTN Gateway

  1. PSTN Interface: The necessary hardware/software to communicate with the external PSTN network.
  2. VoIP Interface: The necessary hardware/software to communicate with the internal IP network.
  3. Listening Port: The gateway has to listen for signals from the Mediation Server. When creating a topology, you set the port for said listening. Default installs use port 5066 for TCP, and port 5067 for TLS.
  4. DNS Load Balancing – In order to work in Skype for Business Server, a PSTN gateway must implement DNS load balancing. Since it may connect to a pool of Mediation Servers, it has to load-balance calls across the pool evenly.

Other Servers a PSTN Gateway Communicates With

Mediation Server. PSTN Gateways and Mediation Servers have a peer relationship. They’re both translating signals, within the topology and outside the network, to facilitate your conversations.

PBX. If you still have a legacy PBX, the Gateway can inter-operate with it. The Gateway essentially links the VoIP-enabled users into the PBX.

Skype for Business Voice Topology with PSTN Gateway

Example of PSTN Gateway working with Mediation Server. Illustration courtesy of Microsoft Docs.

How a PSTN Gateway Works in a Hybrid Environment

Let’s say you want to move users to Skype for Business Online, but you’ve already invested in an on-prem PSTN connection. Like a SIP Trunk or PSTN Gateway. Can you re-use that investment in any way?

Yes! You can configure Skype for Business to home users in the cloud, while still routing their voice calls through your existing PSTN connection. There are two ways: Use Cloud Connector Edition (CCE), or modify the on-prem deployment for hybrid PSTN.

The FlinchBot blog has done a good job outlining these scenarios: Skype for Business Hybrid deployment with On-Premise PSTN using Cloud PBX. Part: 3

I realize that Skype for Business Online has a retirement date. This option will not be viable very soon. Still, it’s useful to know, in case you need to take a similar approach with regard to Teams in the future.

The PSTN Gateway in Skype for Business & Teams

Obviously, the PSTN Gateway comes into play in an on-prem deployment. What’s the gateway’s equivalent in Teams? It’s Direct Routing: Voice Calling in Teams

From the Teams page:

“Microsoft Direct Routing enables people to use existing phone numbers with Direct Routing in Teams Phone System for a complete calling experience that includes dial tone.”

Software performing the role, as you’d expect in a cloud service. Now, you don’t have to use Direct Routing while using Teams; you can use one of Microsoft’s Calling Plans to make/receive calls too. Direct Routing exists if you have existing numbers and want to stay with your current telecom provider.

Where to Get a PSTN Gateway Appliance

As it’s not a Server Role, you’ll have to install an appliance to act as your PSTN Gateway. However, “where to get one” isn’t as easy a question to answer as it once was.

Why? With Teams rising and more businesses moving to cloud-based VoIP, the need for PSTN gateway devices has dropped. As such, some manufacturers have stopped making them.

Not all though. Sangoma makes VoIP gateways, as does Audiocodes. We’ve used both in deployments, and they will do the job.

PSTN Gateways Plug You Into the Global Phone Network

“Do you want to use a SIP trunk or a PSTN gateway?” I remember a co-worker asking one of our earlier Skype4B customers this, back in late 2015. Of course the customer didn’t know the difference.

After we explained though, they opted for the gateway. That customer is still on Skype for Business, in the same topology with the same gateway, today. Without the PSTN gateway, they’d have gone out of business years ago…because no one could ever call them!

The Mediation Server facilitates voice calls for Skype for Business users. A PSTN gateway makes sure those callers can understand each other.

PSTN gateway connectivity

The gateway is open! Go forth into the wide open PSTN!
Photo by Ágatha Depiné on Unsplash.

What do you think will happen to technology like the PSTN Gateway, as the cloud expands?

Facebooktwitterlinkedinmail

Skype for Business Q&A on Customization

Do you enjoy customizing everything about your desk? Your phone screen, posters, funny desktop gadgets…

Why not the same with your software? Judging by our search traffic, many of you would like to see more about customization for Skype for Business. I collected a whole group of search queries about customizing the Skype for Business client. So that’s what this post is about.

Again, these questions came from this blog’s Google Search Console data. Which means you – yes, you right there – may have submitted the question. Thanks!

Now, you’re no doubt curious. Let’s get to the answering part.

Group Post 2: Customization Questions & Answers

“How to Change Skype for Business Ringtone”
Some of us are OK with a phone’s default ringtone. Others will change it the second they can. For those of you in the latter crowd, it’s very easy to change your Skype for Business call ringtone.

In the Skype for Business client (I’m using the desktop version here), open up the Options window by clicking the gear at top right. Click “Ringtones and Sounds” in the window’s left-side menu.

Ringtone Choices in Skype for Business

You have four options for ringtone changes in the list: Your work number (the main line), your team/group calls, delegate calls, and Response Group calls. Chances are you’re just looking to change your work number’s ringtone. Click that line, and you’ll receive several choices. Click each one to hear it. If one of those sounds good to you, click OK at the bottom.

What if you don’t like any of them? Can you use a custom ringtone? You sure can. To set a custom ringtone (must be a .WAV file), click the “Sound Settings” button in this window. The Windows Sounds window will open.

Scroll down in the Sound’s “Program Events” box until you see the Skype for Business section. Click “Incoming Call” (see screenshot, in blue). With that selected, open the dropdown menu below it (in red).

Sounds Options for Skype for Business Client

These are available sounds within Windows. If you have your own sound file, click the “Browse” button to select it. Make sure it’s in a location where it won’t go anywhere, and that’s it in .WAV format. Click OK, and you have a custom ringtone!

(Note: This will only change the ringtone for you, on this one device.)

Mobile Skype for Business users – You can change your phone’s overall ringtone in your Settings app. The Skype for Business app should take its ringtone from there.

——

“How to Change Skype for Business Theme”
Do the normal white-on-gray app layouts hurt your eyes? Some of us have visual impairments that make normal layout colors uncomfortable. Or perhaps you just like the ‘dark theme’ option (right there with you). Either way, a darker theme would appease your eyes & make work easier.

Unfortunately, Skype for Business doesn’t have a theme selector available in its clients. We’re stuck on this one. But what you can do is voice your opinion. Here’s a suggestion thread on SkypeFeedback.com, requesting a ‘dark mode’ theme for Skype for Business clients.

——

“How to test Skype for Business connectivity”
If you’ve ever been in a webinar, then you know about the “Test Your Connection” process. Just before you join the webinar, you can click on a link to run a quick test of your speakers, microphone, video…and Internet connection.

Most of the time your connection’s fine. On the rare occasions it’s not though, you’re glad for the tester!

What if you want to do that for an on-prem Skype for Business Server? There are two easy ways to do that:

    1. Use one of the connectivity testers at https://testconnectivity.microsoft.com/.
      • The most relevant one is the Skype for Business Server Remote Connectivity Test. Enter your Skype4B account login, domain/username, and password. Verify your request and click “Perform Test.” That’s it.
Connectivity Test Skype for Business

Hmm, this customer needs a little support.

 

  • Start up a Skype Meeting – with yourself!
    Since the Skype Meeting’s communicating with the server to & from your client, it gives you a basic idea of connectivity. You can also rope a co-worker or two in. Bonus if said co-workers are in different offices.

 

This way you’re illustrating the ‘actual’ Meeting experience, without bothering customers. If you have a connectivity issue, it appears as you converse. Before any customers see it and think, “Well, this Skype thing’s not too stable…”

——

“Where do Skype for Business recordings go?”
It’s possible to record your video calls and Skype Meetings directly within Skype for Business! Useful for webinar recordings, documentation, and preservation of communications (e.g. for regulatory compliance).

To activate a recording in a Skype Meeting:

  • Launch the Skype Meeting.
  • In the lower right corner, click the More Options button (the one with three dots).
  • Click “Start Recording.”
  • When you’re done with the meeting, return to More Options and click “Stop Recording.”
  • Wait a moment. Depending on how long the meeting went, it may take Skype for Business a minute or two to save the recording file.

To activate a recording in a video call: Follow the same steps as above. Both recording types will save in MP4 format.

You can always refer to past recordings via the Recording Manager. This is under “Tools” in the main Skype for Business client.

The default location for storing these recordings is the user’s Videos > Lync Recordings folder. You can change this location, as well as the recording quality. See the next answer for steps.

——

“Can you change where Skype for Business recordings go?”
Of course! It’s an option you can set in your client. Go to Tools > Options, and click the Recordings options in the left-side menu. Click the “Browse” button next to the current folder, and navigate to the folder you want to use. I set mine to my Downloads folder.

The Skype4B administrator may change the default for all users, and/or disable users’ ability to change the default recordings location.

Skype for Business is OK on Customization

Customization isn’t as high of a priority for Skype for Business as privacy. Which does make sense; the content of your messages needs protection. If that means less attention paid to style, so be it.

That doesn’t mean you can’t do anything with it. Hopefully these answers provide a little more “fun” to your daily chats & meetings.

(I didn’t talk about emojis for one reason – you already know where those are!)

Do you have a question on Skype for Business to which you’ve never found an answer? Send it in! Let’s see what we can find out for you.

Facebooktwitterlinkedinmail

The ChatOps War: The Battle Rages

Three major powers clash over and over. Challengers appear on the horizon. The productivity of millions hangs in the balance. Welcome back to the ChatOps War.

The Current State of ChatOps

Messaging apps. Online chat. Collaboration tools. Call them what you will. ChatOps (as I’ll refer to them here) have exploded across the business world in only a few years.

As with every new frontier, there’s a sort of ‘Wild West’ period. A few businesses pop up early, grabbing much of the attention & pushing growth forward. Then upstarts appear to claim slices of the pie. Big names in related industries wade in to crush the upstarts, early-stagers gear up…and everyone fights for market share.

That’s where we are now. Fighting stage. The War is on.

ChatOps War

Some battles are more intense than others.
Photo by Vincent van Zalinge on Unsplash.

Why take the time to examine it though? What’s the advantage in surveying the battle scenes? As long as people can use their preferred messaging app, everything’s fine…right?

While true, there are two reasons. One, not everyone can use the ChatOps platform they want to. More on that below.

Two, it takes time & effort to move a company onto any platform. Especially if they’re already on another platform! Migrations take time, cause user frustration, and drive up support costs (temporarily at least).

When you decide to move onto a ChatOps platform, you need to make sure it’s one that will:

  1. Stick around
  2. Do what you need it to
  3. Work well for your user base, AND
  4. Remain affordable.

Hence my reason for this post. Let’s see what’s happening in the ChatOps War.

Who’s On Top?

We have up-to-date information to start us off—a December 2018 survey conducted by Spiceworks. Love those guys.

Business Chat Apps in 2018: Top Players and Adoption Plans

The biggest move came from Microsoft Teams. It surged ahead in 2018, surpassing Slack to become the #2 collaboration tool in the business world. (Microsoft’s moves to place Teams front and center in O365 certainly contribute to Teams’ growth.)

Who’s #1? Skype for Business, of course. For now at least…its own cousin wants the crown.

Wrestling with Messaging App Choices

Watch out, he’s going for the nose! What would the ‘nose’ be in a messaging app?
Photo by Chris Chow on Unsplash.

The Defeated

Workplace, Facebook’s entry into messaging apps, died out of the gate. It’s not a terrible chat offering, as I mentioned in my 2017 review. But it didn’t really hold its own against Slack or Skype for Business, and Facebook’s overall privacy problems kneecapped Workplace as well.

The Challengers Nipping at Heels

I became aware last year of several newer, standalone ChatOps services. I do plan more extensive reviews of the services later this year, but for now, let’s meet the ‘Challengers.’

TWISTTwist.com
This is a chat offering by the makers of Todoist, a popular to-do list app. You see this reflected in Twist’s structure: It’s somewhat like a group chat/email hybrid. Very similar to Teams in its Conversation-based structure. Twist’s makers tout its structure as superior to Slack, by using threaded conversations everywhere (thus making all communication easier to follow). It’s a subtle shift, but notable enough.

MATTERMOSTMatterMost.org
Mattermost acts a lot like Slack. With one MAJOR difference – it’s self-hosted. You run Mattermost on your own servers. It’s an on-prem chat platform!

The standard version is free, with a two-tier paid version that adds in Active Directory/LDAP integration, faster support, and several other useful tools. The Mattermost software runs on Linux, and has apps for Windows, Mac, iOS, Android…and of course Linux PCs.

Slack does have a Linux app, so this isn’t ‘Slack for Linux.’ It’s an open-source, on-prem alternative. Not quite as refined as Slack, but users report good experiences with it.

ZOOMZoom.us
Wait, Zoom? Don’t they just do video conferencing? Yes, and they do a pretty good job of it as I understand. But it turns out they have a messaging app bundled in too—Zoom Chat!

Zoom’s primary focus remains on conferencing, and rightfully so. The Chat app looks like Slack’s younger cousin. Useful, but meant as a supplement to the video tools. A good value-add.

———

These challengers for the most part have simpler feature sets and a nimbler approach to ChatOps. They’re definitely aiming for Teams/Slack’s heels as well. How much market share they win over will depend, I think, on two things:

  1. Which chat features/structures become the most popular among businesses
  2. Microsoft’s Teams expansion efforts
ChatOps Competitor

I will take your customers…and your treats!
Photo by Daniel Lincoln on Unsplash.

Skype4B’s Crown is Under Threat

At this point, Microsoft has forced Skype for Business almost completely out of the small business sector in favor of Teams. This will not get better. Skype4B will eventually lose its crown to Teams. We all knew this of course…but it’s here. It’s happening as you read this.

Enterprises still have the on-prem Skype for Business Server 2019 version, of course. I remain convinced that this will be the last on-prem version Microsoft will release though. By the time we’d roll around to a new server version—2021 or 2022—everyone using ChatOps will either be on Teams, Slack, or a challenger. They will all have full Enterprise Voice capability. Phones, video, and chat will all mesh together.

Now, let me give a prediction about Google Hangouts. You saw several ChatOps players in this post…but I’ll bet you noticed that Google Hangouts was not among them. That’s because I predict Google Hangouts won’t become a threat. Not to Skype for Business or to Teams.

The Spiceworks survey indicates that Google Hangouts use went up from 2016-2018…11% to 18% adoption rates, respectively. That’s because Google targets enterprise users with its Hangouts Chat and Hangouts Meet products. Moving away from smaller G-Suite customers and potentially alienating them. Thanks to challengers like Twist, Google can no longer make the ‘easier to use’ claim that kept them around.

I also think Google’s privacy concerns and business practices will scare off enterprises in next 2 years. The fact that Google split Hangouts in two, coupled with appealing value propositions from Teams, also throw some tacks on the road.

2019 Will Bring Winners and Losers in the ChatOps War

Now we know the state of the ChatOps War. But there’s plenty more to come!

2019 is a ‘Battle Year,’ where we’ll see promotion, feature adds/updates, rises and falls. I could easily see any of the following occur:

  • Microsoft shortens its Skype for Business sunset schedule (UPDATE: Microsoft announced that it will shut down Skype for Business Online on July 31, 2021.)
  • Google buys Slack (please don’t)
  • A challenger like Twist or Mattermost starts eating into Teams’ market share, due to their independent-of-Microsoft nature
  • Former HipChat engineers come out with something new & exciting
  • Workplace and/or Hangouts quietly dies

This is something on which I’ll keep as close an eye as I can. Directly—we’re fielding Teams requests in the office, and at least one customer uses Slack. All from businesses under 100 employees.

Next post I’ll go into choosing your own chat platform. If you’re looking at all these options and wondering what the best choice is for your business? The next post will help you make that determination. Check back soon!

Facebooktwitterlinkedinmail

How the Mediation Server Fits into Skype for Business

Our fifth entry in the “How It Fits” series is…the Mediation Server!

Mediation is a central element within Skype for Business. It’s arguably the most versatile Server Role in the Skype for Business topology too. There’s almost no end to the number of configurations you can deploy for it…collocate, standalone, or pool. SIP trunk or PSTN gateway. Multiple gateways. Multiple trunks. Call routes and bypasses.

The one thing all of these configurations have in common…is listening. Mediation Server listens and translates. Routes and connects. If you use Skype for Business at all for voice, you’re talking through a Mediation Server.

This post, like the previous posts in my “How it Fits” series, will give an overarching take on the Mediation Server’s function and value. I took a more agnostic approach, since we now have two versions of Skype for Business Server to consider (2015 and 2019).

How does Mediation Server work in both of them? Any differences between versions? Let’s find out.

The Mediation Server’s Primary Role

Mediation servers translate signals between your Skype for Business’ Enterprise Voice infrastructure, and the gateway your topology uses to reach the PSTN: either a PSTN gateway, a SIP trunk, or even a PBX. “Mediating” your voice communications, basically.

Mediation Server Signal Processing

The signaling protocols Mediation Server handles. Photo courtesy of Microsoft Docs.

Because of this critical function, Mediation Server is a required Server Role. It also helps facilitate E911, Call Admission Control, and Media Bypass.

This is one of the Server Roles for whom hardware quality matters. The higher the server’s processing capacity & available RAM, the more calls a Mediation Server can handle.

Main Components of the Mediation Server

  1. Signal Translation: The reason you must have a Mediation Server for Enterprise Voice. Without signal translation, nobody could understand each other on the phone. You’d either sound like 80s-era robots, or brain-scrambled demons!
  2. Call Routing: The server coordinates with your gateway of choice to route calls where they need to go. Peer-to-peer inside the network, out to a branch site, or out to a customer three states away on their cellphone.
  3. Media Bypass: Not really a component, but a capability. Skype for Business admins can configure a call route to flow AROUND the Mediation Server! The call route would travel directly between a user’s device and a PSTN Gateway. Why do this? It can reduce lag without traversing the Mediation Server. Media bypass improves call quality by reducing latency, unnecessary translation, possibility of packet loss, and the number of potential points of failure.
  4. Call Admission Control (CAC): A bandwidth management tool. Based on available bandwidth, the Mediation Server determines the best use for existing calls. The idea is to automatically prevent poor call quality as often as possible.NOTE: Media Bypass and CAC are mutually exclusive. If one’s in use for a particular call, the other is not.
Digital Voice Traffic VoIP

Basically, Mediation Server helps you avoid the digital voice equivalent of this.
Photo by Jens Herrndorff on Unsplash

Other Servers a Mediation Server Communicates With

Front End. Of course, Mediation communicates with the Front End Servers all the time. It employs Front End’s database for call routing, and performs a similarly-central role in voice communications Site-wide.

PSTN Gateway / SIP Trunk / IP-PBX. These are the gateway mechanisms, or “peers” for bringing calls to & from Skype for Business. This is where your defined call routes meet the Mediation Server.

Load Balancers. I mentioned in the How the Load Balancer Fits post that load balancers must communicate with servers they’re balancing AND the servers sending them traffic. Since almost all voice traffic must go through the Mediation Server, they’ll talk with load balancers frequently.

(The peers performing call routing to/from Mediation Server also act as load balancers, particularly when you deploy a Mediation Pool.)

How a Mediation Server Works in a Hybrid Deployment

What does a Mediation Server do in a hybrid topology with Office 365?

Fundamentally the same thing. If you’re hybridizing an existing Skype for Business Server deployment, you’ll enable synchronization for Active Directory and change call routes. You’ll have to reflect such changes in your on-prem Mediation Server.

There are too many options to the hybridization process to cover in 1 post. Suffice to say, it all depends on your gateways/SIP trunks, and how much of Office 365’s calling services you use.

Should You Collocate with Front End, or Use a Separate Mediation Pool?

By default, Skype for Business wants to collocate a Mediation Server with the Front End Server. Which is fine for smaller topologies.

If you’re using a SIP trunk though, I recommend the standalone approach. At least one Mediation Server, or a small pool. Microsoft also recommends this approach, but we’ve seen it borne out in the field. Each time we deployed a standalone Mediation Server for a customer location with a SIP trunk, we fielded fewer calls about latency issues (if any).

One caveat for you Skype for Business Server 2019 deployers: According to Brian Siefferman at Perficient, if you’re migrating your Skype4B topology from an existing deployment, it’s a good idea to collocate the legacy Mediation Server during initial deployment. Then you can decide whether to keep it collocated, or move to standalone, later in the process.

Will the Mediation Server Change in Skype for Business Server 2019?

Not fundamentally. It continues its role of call routing/media processing.

We even get a performance boost for Mediation’s call capacity. Paul Lange points out that that a standalone Mediation Server in 2019 will handle 2,000 concurrent calls, with hyper-threading enabled (it can handle 1,500 calls in Skype4B 2015).

Makes sense, since a few deprecated elements deal with messaging—XMPP Gateways, Persistent Chat. Mediation Server won’t need communications with them now, freeing up more processing power for concurrent calls.

Dog Licking Mediation Server

Still reliably doing what it’s ‘trained’ to do.
Photo by James Barker on Unsplash

A Good Listener to Facilitate Voice Calls

The Mediation Server has existed since the OCS 2007 days. Of course, It has grown as more VoIP options came into being. But like its Front End partner, it has continued to provide the same fundamental service for over 10 years.

As long as it has sufficient bandwidth & a reliable gateway available, Mediation Server makes voice calls happen. Which type of gateway you use with it, depends on your network and Site needs.

If you’d like further reference on deploying Mediation Server, try this guide: Mediation Server Deployment Guidelines – MS Docs

What kind of gateway does your Skype for Business’ Mediation Server talk to?

Facebooktwitterlinkedinmail

The 5 Most Useful Skype4B / Teams Posts in 2018

Let’s start 2019 with a refresher. 2018 was a busy year, with new content and updates for older, more evergreen content.

In today’s post I’ve listed our the 5 most popular posts in 2018, by number of unique visits.

If you’re a new reader, welcome! I hope these posts help start you on the road to broadening your Skype for Business/Teams expertise. If you’ve been here a while, glad you’re here. There’s plenty more to come in 2019.

The 5 Most Popular Skype for Business Insider Posts in 2018 (in order)

Can You Turn Off Skype for Business New Message Alerts?
This one definitely struck a chord. Many readers commented about their desire to turn off New Message alerts entirely, or control their appearance. Short version: You have some control over notifications when on mobile. But on desktop, you’re kind of stuck.

Pricing for Skype for Business and Teams: The 2017 Update
In 2015, the original pricing post had thousands of visits within 7 days of publication. When I did this 2017 update, it too garnered thousands of visits up front, and then maintained a streak of traffic all through 2018.

It seems like Microsoft’s pricing shifts keep accelerating…and obfuscating. The post remains accurate, though I’ll put up another pricing post soon to incorporate Skype for Business Server 2019 and current Teams costs.

Working Dog on Hay Bale

Always good to take pride in your work.
Photo by Aitor Romero on Unsplash.

Making Sure You See Skype for Business Notifications – No Matter What!
This post talked about SuperToast as a method of guaranteeing you’d see Skype for Business notifications. It has limitations—no Mac version, no guarantee of Teams compatibility—but it does prove useful. Commenters did point out that some businesses ban third-party add-ons as a precaution (and a valid one), which can hamper SuperToast’s usability.

3 Ways to Make Sure Contact Photos Display in Skype for Business
Essentially, this is me documenting a troubleshooting progress I didn’t need to undertake. I explored a couple of options for making contact photos appear…both of which can indeed resolve a display issue. Just not in my case.

However, I want to note: in April or May of 2018, we had a customer with the same issue. Troubleshooting Point 1, purging an old local cache file & forcing a server refresh, DID resolve the issue. So my meandering helped!

Lync on Linux: How to Access Lync Services from Linux Computers / How to Access Skype for Business and Teams Services on Linux Computers
Yes, this is two posts. The second is a follow-up on the same topic…accessing Skype for Business/Teams services on a Linux device. If you use an Android device, you’re in the best shape possible. A few more options do exist, in varying stages of usability.

Some of these date back as far as 2014. It’s rather heartening to see older posts still helping users!

Where the Blog Is As Of Now – Some Post Updating, Planning Out a Strong Year

I’ve gone through and made updates to each of these posts. A little additional content, including information from reader comments or emails, etc. New readers will get the most benefit…but if you read one of these posts in the past, it wouldn’t hurt to give it another look!

Refresher on Skype for Business

Ahhh, refreshing.
Photo by Tadeusz Lakota on Unsplash.

To give you a peek into my 2019 plans, here are some post titles on the roster:

  • Pricing for Skype for Business and Teams: 2019 Version
  • How the Mediation Server Fits into Skype for Business
  • The Path to Deploying Skype for Business Server 2019 (Series)
  • The ChatOps War: The Battles Raging
  • How to Preserve Unified Messaging

Have a topic you want to see covered? Leave it in a comment below, or drop me a DM on Twitter at @PlanetMagpieIT!

Facebooktwitterlinkedinmail

Device Review: Yealink T58A Skype for Business Phone

Today I’m reviewing the Yealink SIP-T58A desk phone. Like its little brother (which we reviewed last time), this is a softphone designed for Skype for Business users. I put it through the same paces as the T56, within the same Skype for Business deployment.

Not surprisingly, it had very similar results. But they’re not identical phones…and they aren’t meant for identical uses.

As promised, I’ve included some use cases in this post. Instances where one phone works better than the other. Consider this post as a ‘Part 2’ to the previous post.

Ready? Let’s get to the T58A review!

Initial Impressions

The Yealink T58A is, like you’d expect, just a slightly more feature-rich iteration. It has the same dimensions as the T56A, the same desk footprint, and the same standardized phone layout with touch screen.

Here they are side-by-side. Can you spot the difference?

Yealink T56 and T58 Phones

Hint: Look at the touch screens.

Design-wise, the only notable difference between the T56 and T58 is that the T58’s screen is adjustable. In nearly every other aspect, they are identical.

Yealink T58 Adjustable Screen

Because they’re so similar, I took a little more time with this model. Just in case it had any quirks only prolonged use reveals.

(Impromptu test: I accidentally dropped the handset before I could connect it to the cord. Luckily, nothing bad happened! It didn’t even scratch on our concrete floors.)

I did face the same sign-in challenge on the T58A as I did the T56A. It’s set to accept only Trusted Certificates by default. My contact at Yealink says they do this as a security measure. So it’s not really an issue as I said before…I can certainly envision topologies where this makes sense.

The same change we used last time worked here. Here’s the documentation again: Phone Cannot Get Provisioned with Certificate Error – Yealink Support

Once I flipped that switch, zero problems signing in to Skype for Business.

The Major Difference: Video Call Capability

If the T56 and T58 are so similar, why make two different models?

The answer is on the T58’s back. It has a vertical slot in its back, above the USB port. You can remove the cover over this slot and reveal a second, upward-facing USB port.

Yealink T58A Back

From Yealink.com’s page on the T58A:

“You can easily turn your SIP-T58A smart media phone into a video phone ready with an optional removable two-megapixel HD camera CAM50.”

Yealink T58A Camera USB Port

The T56A doesn’t have this slot available. A co-worker commented on the camera slot’s use of USB. It meant you could also plug a USB cable in, moving the camera to a better angle if desired.

Yealink T58A Camera USB Port from Above

It is a USB 2.0 slot, by the way.

Now we know why they made two models. One can take a video expansion module; the other cannot. This makes for a huge difference in use cases. I’ll go over that in a moment.

Please note: This is the SIP-T58A model. That means its camera works with SIP…NOT Skype for Business. Another phone version does that.

That said, let’s go through some testing!

Using Skype for Business on the T58A

Like its brother, the T58A shows favorited Skype contacts on its Home screen. The options, and simplicity of use, are the same too.

I also discovered that both models preserve account details. I disconnected both the T56A and T58A from PoE. Left them idle for a day. Then plugged them both into another PoE cable at a co-worker’s desk.

Both models saved my Skype4B account login. I only had to unlock the phone, and poof, there’s my Presence status & contacts. Nice going on this one Yealink.

Call Quality: Almost an exact mirror to the T56A. One thing I did notice was that the “Noise Proof” technology came through a little better on the T58. That could be due to my listening for it, though.

Voicemail: In a stroke of good luck, I had several voicemails come in succession one day. (Murphy’s Law, you walk away from your desk, and everybody calls…) This gave me a chance to test out the voicemail controls more heavily than before.

You reach voicemail on the T58A through its “Menu” button.

Yealink T58A Menu

I tried both ways of dialing into voicemail:

  • Dial in, then pick up handset
  • Pick up handset, then dial in

No trouble either way.

Bluetooth: The Yealink team encouraged me to test out Bluetooth on the phone. I had to update the firmware in order to do this; the version shipped with the phone didn’t have Bluetooth enabled yet.

(NOTE: A new firmware just came out a few days prior to my review. If you buy a Yealink after reading this, your phone’s screen will look different.)

Updating the firmware took 5 minutes. Well, 10, if you count the download time.
Yealink Support – T58A Downloads

Once I’d updated, Bluetooth appeared as a rocker switch in Settings. You can enable Bluetooth and WiFi from the Web admin menu, or directly on the phone.

Yealink T58A Bluetooth Setting

From there it’s the typical pairing process: Open the Bluetooth screen on the phone, wait for BT devices to show up in the “Available Devices” list, and tap to pair.

I paired my Jabra Motion Office headset. I keep its base wired to my laptop dock. To test, I disconnected the base from my dock, so it couldn’t field calls coming from my laptop.

Shortly afterward, two calls came in. The Jabra started beeping right away, just like it normally does.

I did notice a slightly shorter ‘walking range’ while taking these calls though. When my Jabra takes a call from the laptop, I can walk clear across the office and still have a nice clear call. When my Jabra took the calls through the T58, I got a little crackle of static when I walked about ten feet away.

Nothing huge. All in all, the phone did a good job of working with my Bluetooth headset.

Issues: Security/Hacking Concern

A reader messaged me after the T56 post went up. “Yealink phones get hacked all the time. Don’t use them!”

I checked on this, and did find several reports from people dealing with hacked Yealinks. All older models though. I searched specifically for the T56A and T58A, but didn’t come across hacking reports on them.

That doesn’t mean it’s impossible. Far from it! But the reader’s warning raises an extremely important point, not just about Yealink phones:

Whenever deploying a new VoIP phone, no matter the manufacturer, make sure it’s fully secured before issued to the user.

Default passwords changed. Firewall in place. Logging enabled. Ports closed. It’s another computer on the network…thus, a potential cyberattack vector. Treat it like one.

Use Cases for the T56A and T58A

Given how similar these phones are, it took me a while to determine separate use cases. They’re both solid phones, with an extremely useful Web administrative menu per device.

I did though! Here are some use cases where each of the Yealink T-Series phones would serve well.

T56A:

  • Run-of-the-mill desk workers.
  • Compliance-heavy workstations, if regulations prohibit display of certain materials in a video feed. Even accidentally.
  • Multiple branch offices, in a bulk deployment (especially if you manage the branch offices’ IT remotely).
  • Common Area Phone. Both models have a CAP function in their settings. I prefer the T56 here since it’s a simpler device with no video.

T58A: All of the above, as well as the following.

  • Branch Management phones, for frequent conferencing.
  • Sales/Marketing team phones, for quick video calls.
  • Customer Service phones…in case you really want to embody ‘customer-facing’!
  • Small-team conferencing phone (though Yealink does have a series of conferencing phones, called the “CP Series”).
  • Non-Skype for Business VoIP deployments. The camera add-on works with SIP video…but this version doesn’t work for Skype for Business video. That’s the Yealink T58A Skype for Business Edition.

Now, what are some use cases where Yealink makes a good choice, as opposed to other SIP phone brands (e.g. Polycom, AudioCodes)?

  • You run Skype for Business Server on-prem or hybrid.
  • Moving to Teams IS on your radar. Yealink has T56 and T58 models configured for Teams use.
  • You have multiple offices, but similar communications needs (which means you can standardize deployment & save time/money).

The Verdict: An Easy-to-Use, Expandable Desk Phone for Power Users

Now that I’ve completed my reviews, I handed the T58A over to the co-worker I mentioned last post. His turn to play. He’ll also put the phone through its interoperability paces, in our own network and at customer sites. It has to work within our security parameters before he’ll sign off on customer use.

Yealink T58A SIP Phone

I do like the T58A’s video expansion option. But I personally don’t use video much. It’s a nice-to-have for standard users. For power users though, it’s necessary. Which is why I say power users would get more value from the T58A than the T56A.

You can get the Yealink SIP-T58A from Jenne.com.

Does your office use Yealink SIP phones like these? Please share your impressions in the comments.

Facebooktwitterlinkedinmail

Device Review: Yealink T56A Skype for Business Phone

Time for a new device to review! This time we have a new desk phone: the SIP-T56A from Yealink. Matt at Jenne.com kindly sent me this unit for review, after we expressed interest in the Yealink line.

The T56A is designed for Skype for Business use. It does support expansion modules, as well as Bluetooth & Wi-Fi connectivity, and plays nice with Office 365.

Would Yealinks serve as a good alternative to Polycom phones, if we couldn’t get a Polycom (or the customer didn’t like them)? Will they stand up to the daily grind? How well do they work with Skype for Business?

Let’s find out!

Initial Impressions

I unboxed the T56A as soon as it arrived. Pulling it out, I did a quick comparison to the Polycoms we have around the office. The T56A weighs about the same as those, but it’s wider. You’ll need a little desk space for it.

Yealink Phone Unboxing
Yealink T56A Unboxed

It’s a pretty straightforward phone console. Buttons for hold, transfer, volume, mute, etc. Build quality’s solid; nothing about this feels flimsy or loose.

Yealink T56A Dialpad

The phone comes with a big touch screen attached. You can’t adjust the touch screen on the T56, but at least it’s low-glare. You can lower its brightness too, under Settings > Basic > Display > Backlight.

Yealink T56 Phone Setup

The T56 doesn’t need a separate power adapter if you use PoE (but one is optional). I plugged this in to a PoE network cable.

Issues: Signing In

The phone booted as soon as I plugged in the PoE cable. It brought me to a nice simple start window within about 20 seconds.

Yealink T56A Boot

Once the phone finished startup, it brought me to a Sign In menu right away. I had three choices: An Extension/PIN sign-in, a Skype for Business sign-in, or a Web sign-in.

Yealink T56A Skype for Business

(Side note: Since the phone sent me straight into Sign In, I didn’t realize for several minutes that I could just hit Back a few times and reach the phone’s main menu!)

Now, here’s where I had the one issue. I had some difficulty getting signed in. It wanted me to use an extension and PIN at first, but I didn’t have those. (I did try my previous phone’s extension and PIN, but alas, no use.)

Next I opted for the Skype User Sign In. We run Skype for Business Server 2015 on-prem, and this phone used a PoE cable to connect. Should be no problem at all, right?

I entered my sign-in address (email), username (the same email), and my Skype4B password. Took me a couple tries to figure this out; the instructions didn’t specify the format.

When I did get the right combination, I saw the following error: “Cert web service not found.”

Hmmm. Did we have an issue with our on-prem Front End? I checked with the Consulting team. No, the Front End’s fine.

I checked online and found the solution: In default settings, the T56A only accepts Trusted Certificates. This can inhibit initial sign-ins, even on secured Skype for Business Front Ends.

Luckily, the fix is simple. Yealink has it documented on their Support site: Phone Cannot Get Provisioned with Certificate Error – Yealink Support

The phone also has a Web administrative menu. You access it by entering the phone’s assigned IP into your web browser, like most such devices (e.g. “http://192.168.1.1”). The instructions contain the default login & password for this admin menu.

The fix involves disabling the Trusted Certificate Only option in the admin menu, under the Security tab. Once I did this, I discovered a very handy shortcut. Instead of returning to the phone and re-entering my login, I could sign into Skype4B right from the admin menu!

All I had to do was click the Account tab, enter my login & password, and boom. The phone recognized the sign-in and displayed its main screen. Ready for testing!

Using Skype for Business on the T56A

The T56A main screen shows favorited Skype contacts. You have a bottom toolbar with four options: Favorites, History, Contacts, and Menu. Menu gives you the Calendar, Voice Mail, Status, Setting, and Meet Now buttons. All styled consistently with Skype for Business.

Yealink T56A Main Screen

The phone’s DEAD-simple to work with (heh heh). I replaced my normal desk phone, a Polycom CX300, with it to test out. I anticipated some learning curve, of course…it would take me a couple days to familiarize myself with the different ways to make & handle calls, right?

Nope! Within minutes I had this phone down. Unlock PIN set, favorites configured, and I know where & how to change my Presence status in two taps.

I connected my Jabra Motion Office headset to the T56A as well, using the headset port on the back. No configuration necessary.

Yealink T56 with Jabra Headset

T56A hanging out with my Jabra headset.

Now, the most important aspect of a phone: Call Quality.

Since I replaced my Polycom with the T56A, it handled all my calls for the past week. The handset is marked HD, and judging by call quality, it’s true. Everyone’s voices came through as clear as could be, whether co-worker (internal) or customer (external).

(Even the recorded spam message came through nice and clear. No idea how they got my number…)

To illustrate the call quality, let me draw a comparison. When you talk with your co-workers on one device, and then switch to another, you can tell which device is clearer, can’t you? You already know their voice. Your brain knows how they should sound. So when one device carries their voice sharper than the other, you notice.

That’s what happened during my T56A testing. Voices came through sharper on the T56A than on my prior phone (the Polycom CX300).

I found out afterward that this happens, at least in part, due to Yealink’s “Noise Proof” technology. The phone actually blocks out background noise while you’re on a call. I’ve seen this demonstrated on other phones before. The fact that I didn’t think of it until well after my calls says Yealink did a good job with their own version.

The Web Admin Menu: Yealink’s Secret Superpower

The Web administrative menu is incredible on these phones…I can configure every aspect of the phone from my browser. From changing ringtones to upgrading firmware.

Yealink Web Admin

Not only does that save a HUGE amount of provisioning time, it means I can totally avoid hunching over the phone, tapping out letters on the touch screen.

Don’t get me wrong; it’s great that the T56A has a touch screen in the first place. The screen has a good response rate, analogous to an Android smartphone. But if I can save a few minutes typing on my laptop’s keyboard, so much the better!

Having a comprehensive Web admin menu makes a big difference for IT professionals. It means we can provision devices remotely, with ease.

All we need is the phone’s IP address when it’s plugged into the network. The IP address is under Settings > Status. With that, we can take care of Skype for Business configuration, security updates, directory control, and so on. The user just has to plug the phone in!

The Verdict: An Excellent Desk Phone for Skype for Business Users

I showed the T56A to a colleague. He handles hardware deployment for most of our Skype for Business customers. Most of the time he deploys Polycom phones, with Jabra or Plantronics headsets.

He saw what this device can do and his eyes almost popped out of his head! “Why didn’t we have this before?!” He started throwing out names of customer sites where he could place them. I stopped him at #5. He could have kept going. Coming from him, an IT pro who’s worked with dozens of device manufacturers over the past 25 years, I consider that high praise.

You can get the Yealink SIP-T56A from Jenne.com.

Next up I’ll test the T56A’s brother, the Yealink T58A. I’ll include a comparison of the two models, and good use cases for both. See you back here next time!

Facebooktwitterlinkedinmail

Software Add-on Review: SuperToast V3

Never Miss a Skype for Business Notification Again

In early 2016 I wrote a post titled, Making Sure You See Skype for Business Notifications—No Matter What!.

In said post I reviewed a notification app called SuperToast, made by Modality Systems. It remains one of the blog’s most-read posts today. Evidently lots of Skype for Business users miss notifications…

The other day, Louise at Modality asked if I’d like to review the new, redeveloped SuperToast V3. Of course I was happy to do so!

What is SuperToast?

The SuperToast app sits in your taskbar. Every time you miss a Skype for Business call or Instant Message, SuperToast displays a notification popup with details about the missed event.

Chat Notification

Someone is chatting with me!

SuperToast notifies you of missed Instant Messages, incoming audio/video calls, and missed audio/video calls.

Missed Call Notification

Can’t talk now, writing this post.

The notification windows only displays the first message someone sends. If for example you receive 4 messages in succession from one person (as my co-workers sometimes do), you’ll only see one SuperToast notification. Which is smart—nobody wants a stream of popup windows blocking other work!

The SuperToast settings could not be simpler. Here’s the entire settings window.

SuperToast Settings

The SuperToast Options window. Five settings. Nothing else needed.

You choose which communication types for which you want to receive SuperToast notifications via checkboxes. That’s it.

What’s New in V3

The new SuperToast has two main improvements over old versions.

  1. Full support for the latest Skype for Business clients.
  2. Bug Fixes:
    1. Notifications appearing despite you being active in the conversation window
    2. Not bringing the conversation window to the front when clicking on a notification

The UI is largely the same as before. Which helped it fold back into my day-to-day routine almost immediately. But after a few weeks’ testing, I can say V3 is more stable now.

Two Versions: Single-Use and Business-Wide

SuperToast comes in two versions:

  • SuperToast One is a single-user version.
  • SuperToast for Business is a business version with central management.

SuperToast One has a few limitations the Business version doesn’t. You can’t customize SuperToast One’s look & feel, no central admin, etc. Pretty much what you’d expect for a single-user.

SuperToast One costs $7/year. SuperToast for Business costs $7/year for 5-99 users, $5/year for 100-999 users, $2.50/year for 1000-2499 users, and $1/year for 2500+ users. So no matter which version you buy, or how many, you’re only paying a few dollars a user per year. You even get 24-hour support with this too.

They used to have a free version. Now there’s a free 30-day trial.

Incoming Call Notification

Hold on, better take this. Be right back.

Who Can/Should Use SuperToast?

Modality developed this app to support Skype for Business users. Like us, they didn’t like missing notifications from co-workers or customers. The app works with Skype for Business Server and Online (O365) deployments.

Lync 2013 users still hanging on? SuperToast will work for you too.

That said, here’s a brief mention of SuperToast’s limits. It has 3 that I can determine:

  1. No Mac version yet.
  2. I am not certain if SuperToast will work with the Teams desktop client.
  3. As many commenters pointed out on my 2016 post, this IS a third-party app. Some organizations block third-party apps from user’s devices on security grounds. That is perfectly valid—we see malware apps all the time on customer PCs!
    In such cases, I’d recommend using SuperToast for Business. Its central management and Modality’s reputation should dissuade any security concerns.

I do know that Modality continues to work on SuperToast. We may see these limits resolved fairly soon. If I hear of timetables for such, I’ll update this post accordingly.

SuperToast in Taskbar

Runs in the taskbar. Quiet. Unobtrusive.

Super for Putting Missed Calls/Conversations in Front of Your Eyes

SuperToast is a single-purpose app. It does one job…and it does it well. Plus it’s cheap to buy. I always like simple apps like this; they don’t require a high learning curve, and provide an immediate benefit.

For those who miss a lot of notifications in the course of a workday, SuperToast makes for a quick, valuable solution.

SuperToast Page – Modality Systems

Used SuperToast before? How was your experience?

Facebooktwitterlinkedinmail

The Skype for Business Quagmire Creeping Up on Enterprises

Skype for Business Server has one new version coming. After that, enterprises could get stuck between an economic rock & a financial hard place.

Skype for Business Server 2019 is coming. However, given all the pushes toward O365/Teams, it’s not unreasonable to presume that 2019 will be the last on-prem version of Skype for Business.

This presents a major problem for larger businesses. They will either have to move to Teams, or investigate another on-prem Unified Communications provider.

What’s wrong with moving to Teams? Nothing! …except possibly cost. When you scale up to enterprise-level user bases, a cloud service like Office 365 could really strain the budget. What if your business has 1,000 users? 5,000? 10,000+? Even if you’re paying a few dollars per user per month, the total monthly cost for all those O365 subscription licenses adds up fast!

Let’s look at the whole conundrum enterprises using Skype for Business will have to face. It’s a quiet, creeping financial snarl…and it’s coming in just a few years.

Does Teams Cost Less than Skype for Business Server? No, and Here’s Why.

First, let’s talk numbers. Microsoft touts Office 365 and Teams as its “Intelligent Communications” option for businesses, and wants everyone to move to the O365 platform. Okay, fine. How does that work out cost-wise for enterprises?

Let’s say we have three businesses—one with 1,000 users, one with 5,000 users, and one with 10,000 users. How much would these businesses spend if they all used Teams (and Office 365)?

I’ll use two subscription levels here: E1 and E5. Why these? Because we’re finding that our O365 customers, even smaller ones, need one of these two levels the most. They need the backend services E1-E5 gives them. If they already have Office licenses, they go to E1. If not, E5.

I am using the Office 365 ROI Calculator for the monthly cost per user. It gives slight discounts on the regular costs.

E1 Monthly Costs*:

  • $6.59 x 1,000 users = $6,590/month x 12 = $79,080/year
  • $6.38 x 5,000 users = $31,900/month x 12 = $382,800/year
  • $6.18 x 10,000 users = $61,800/month x 12 = $741,600/year

E5 Monthly Costs*:

  • $28.82 x 1,000 users = $28,820/month x 12 = $345,840/year
  • $27.93 x 5,000 users = $139,650/month x 12 = $1,675,800/year
  • $27.04 x 10,000 users = $270,400/month x 12 = $3,244,800/year

(*Monthly values do not include initial setup fees or hardware maintenance.)

These numbers quickly move from ‘doable’ to ‘ridiculous.’ Dropping 3 million a year for Office 365?

Let’s compare these numbers to the cost of an on-prem Skype for Business Server. I’ll use numbers from a previous post on this topic:

Skype for Business Server with 1,000 Users:

  • 1 Front End Server License (MSRP) – $3,646.00
  • 1,000 Standard User CALs – $36.00 each, or $36,000 total
  • 1,000 Enterprise User CALs (Conferencing & desktop sharing) – $124.00 each, or $124,000 total
  • 1,000 Plus User CALs (Voice & call management) – $124.00 each, or $124,000 total

Total: $287,646

Exchange Server (for voicemail):

  • 1 Exchange Server (Enterprise) License – $4,051
  • 1,000 Standard User CALs (MS Open License) – $5.00 each, or $5,000 total
  • 1,000 Enterprise User CALs (MS Open License) – $55.00 each, or $55,000 total

Total: $64,051

Grand Total for 1,000 users: $351,697
(This is a three-year cost, and assumes no discounts.)

 

Skype for Business License Cost

You’ll need a few stacks of these…

Photo by Pepi Stojanovski on Unsplash

So if an enterprise with 1,000 users opted for an on-prem Skype for Business Server, it would cost roughly the same as 1 year of Office 365 E5. Fair enough. But the Skype for Business Server has a three-year usability period…

Assuming a 5% maintenance cost (about $17,500) for Years 2 and 3, they would end up paying $386,697 over those three years. If they went with E5 and didn’t have any maintenance costs at all, they’d end up paying $1,037,520.

At enterprise-level, Teams actually costs more than its predecessor!

The Quagmire: Skype for Business is Going Away

This is a serious cost discrepancy. Big enough to push larger businesses away from Office 365, back to on-prem.

Now, some enterprises would have no problem paying these amounts. They also get additional value from the related O365 services (see Addendum below). If so, great, more power to them! However, Accounting usually likes to save money. These numbers may cause them to balk.

What will the enterprise do if they want to save money? At these user counts, an on-prem server actually saves money. Sticking with Skype for Business Server makes economic and organizational sense.

But what about after Skype for Business Server 2019? Microsoft has not clarified if another version is on the roadmap. Given their merging all Skype for Business tools into Teams, it does not look likely. If there’s no on-prem version coming after 2019, then enterprises are stuck! They’ll have three choices:

  1. Move to Teams anyway,
  2. Keep their Skype for Business Server running as long as possible, and/or
  3. Switch to another on-prem Unified Communications provider.

On-Prem Skype for Business Alternatives for Future Succession

I cannot accurately speculate the Unified Communications landscape in 2020 and beyond. All I can do is look at what’s available now, and prognosticate their future offerings.

 

On-Prem Unified Communications Choices

2019 is coming fast.
Photo by Eric Rothermel on Unsplash.

If all you need is video conferencing and the cloud is OK, you should still have alternatives like Join.me, Appear.in, Workplace, or Slack. I don’t think any of these will go anywhere.

If you’ll need an on-prem, full-capability Skype for Business Server successor, I expect the following will still be around:

I’m NOT saying these solutions are better than Skype for Business Server (or Office 365 for that matter). Just presenting alternatives that have staying power.

Enterprises: The Time to Start Thinking about your On-Prem Skype for Business is Now

Microsoft’s push away from on-prem to the cloud has merits, in many respects. That said, just because a larger business has the budget to spend on lots of cloud services, doesn’t mean it’s the best use of the money. Office 365 may just not be the choice for them.

Unfortunately that presents a serious financial quagmire. It’s not here yet…but it’s coming.

(By the way, we will gladly support on-prem Skype for Business Servers into 2020. And beyond!)

Enterprise IT employees, what’s your Unified Communications outlook for the future?


ADDENDUM 5-17-18: As Mark pointed out in the comments, I didn’t factor in other Office 365 services as a pricing justification. This is true, and a good point for him to make. Office 365 does come with more than Teams – Exchange, SharePoint, OneDrive, etc. It also reduces the need for on-prem hardware and staff.

I don’t want to minimize the value here. O365 can be a huge help for businesses who need full-fledged IT infrastructures, and may not have the budget to build them on-prem. That said, I’m still not sure enterprises would gain financially from an Office 365 move as opposed to on-prem. At least as far as Skype for Business is concerned.

(I may do a follow-up post to address this part of the situation in more detail. Stay subscribed!)


Facebooktwitterlinkedinmail

How to Prevent Malware Infections via Skype for Business

Like all computer systems, Skype for Business is vulnerable to cyberattack. Let’s talk about how to prevent one from happening.

What a Skype for Business Cyberattack Can Look Like

Skype for Business Down

We lost Skype AND email?!

Unfortunately, real-life circumstances prompted this post. We recently had to help a customer deal with a ransomware infection that affected most of their servers. (I’ll keep details private of course.)

The customer called us in a panic. They’d lost email, Skype for Business, and several client desktops. Someone had clicked a phishing link & triggered a Locky infection. We did have some backups available, but wound up having to wipe/replace a couple systems.

While this wasn’t the first time we’d helped resolve a ransomware infection, it was the first time the ransomware hit someone’s Skype for Business Server. I’m not sure the exact route Locky took to reach it, but I believe it got in via an abandoned administrator’s account. They had a systems admin leave the company a few months prior—but they hadn’t shut off his account!

The aftereffects: Four days of lost business, a bunch of angry clients, unknown number of emails lost, thousands spent on emergency support and replacement IT hardware.

(At least they didn’t have to pay the ransom on top of all that!)

Where Malware Can Reach Skype for Business

Skype4B isn’t just vulnerable through its Internet connection. As our example shows, it’s vulnerable from client-level too.

Here are the routes most malware/ransomware would take to reach & infect yours:

  • Front End Server. Where Skype4B lives.
  • Exchange Server. The server with which Skype4B interacts most often…which means the most potential routes for malware to take.
  • File Share. A BIG vulnerability. A shared folder through which users exchange files? It only takes one infected file, and your entire deployment’s in trouble.
  • End User Devices. Not just desktops/laptops now…even phones can carry malware into the office.

Malware Reaching Skype for BusinessNow we know where to watch. What kinds of protections do we put in place?

8 Ways to Protect your Skype for Business Server from Malware/Ransomware

1. Limit the number of Skype for Business admins.
Good admin practice extends to Skype for Business. Create ONLY the fewest number of administrator accounts as you need to manage the system. This includes admin accounts for all of the physical AND virtual servers on which Skype for Business runs.

2. Lock down permissions to the file share.
Controlling the file share’s permissions plugs that hole inside your Skype for Business Server. This blog post illustrates how to lock down the permissions: Keeping your Lync/Skype Business Environment safe from Ransomware – Enabling Technologies

3. Use intelligent routing in your perimeter network.
Restrict open ports on your Edge Server and Reverse Proxy to only those needed for Skype for Business traffic. Here are the port and protocol requirements.

4. Keep the Skype4B Server and its server components up-to-date.
Are you up to the March 2018 Cumulative Update? If not, here’s the download link: Skype for Business Server 2015 Cumulative Update KB3061064 – Download Center
Don’t forget the security patches & updates for your Windows Server as well. If nothing else, the security patches help keep those servers safe.

5. Secure all email servers with anti-malware software & monitoring.
Your Exchange Servers should have anti-malware protection too. The easiest method, of course, is to use a network-wide security gateways from providers like Sophos or F5.

6. Disable Office macros company-wide.
Not many malware apps use macros anymore. But that doesn’t mean it’s impossible. Use a Group Policy to block macros and forget about it.

7. Educate users about phishing/ransomware emails.
If you only do one of these, make it this one. User education goes further to prevent malware infections than any other factor. Users are typically the “weakest link” in cybersecurity…but it only takes some training to make them stronger.

(By the way—we offer cybersecurity education for businesses in the SF Bay Area. Just saying.)

8. Keep current backups.
Always, always keep backups! All servers should have two sets of automatic backups running…one kept on-site in case of a crash, and one kept off-site in case of malware infection. You probably do this already. But it’s too important to take for granted.

—-

“What if we use Skype for Business Online?” you might ask. Well, Microsoft has pretty decent security protections built into Office 365. But you can always make it better.

As Teams and Skype for Business are still on the path to merging, I don’t want to speculate too much on the anti-malware precautions you must take. That said, these stalwarts should always figure into your office’s IT infrastructure:

  • Limit the number of Office 365 admins
  • Use perimeter network protections
  • If you run a hybrid configuration, secure the on-prem server to the same level as your other servers
  • Educate users about phishing/ransomware
  • Keep current backups

Frustrated System AdminIf you’re already Teams users, strengthen Teams’ security with our post from December: 3 Ways to Protect Teams Users from Malware-Infected Files.

Don’t Make Skype for Business the Weak Link in Your Office’s Cybersecurity

It’s always harder to secure a server (any server!) after it’s already running. People don’t want to lose the service, even for a moment. If security updates cause an outage…well, we’ve all heard that particular scream, haven’t we?

That said, 15 minutes of downtime beats 4 days of lost business any day.

There are many layers to protect in Skype for Business: The Windows Servers on which it runs, the perimeter network, the Front End pool, inter-network traffic, and client devices. But, think of it this way…either you find the security holes, or a malware infection will.

Have you ever experience a malware infection on your Skype for Business Server? Please share your experience in the comments.

Facebooktwitterlinkedinmail