The below is a step by step guide to deploying Pexip Infinity in Microsoft Azure. Please check the latest documents at docs.pexip.com for the latest information.
Deploying Pexip in Azure – Part One – Prepare Azure
First of all we are starting with a clean fresh Azure portal.
Step One – Create a Resource Group
First of all we need to create a new Resource Group and we do this by clicking on Resource Groups and click + Add
We need to decide which region you are going to deploy Pexip in, so you can see the regions and the locations here.
One you have decided on your region, you can then populate the fields of the Resource Group Name, your subscription and finally which region you would like. Then click create.
If you had selected Pin to Dashboard, you will then see the Resource Group on the Dashboard as per below.
Step Two – Create a Virtual Network
Select New from the top left and then Networking > Virtual Network. Then ensure you have Resource Manager selected and click Create.
Now we can give our network a name, choose the IP range and then ensure you select your subscription, Resource Group and your location. I’ve chosen to pin mine to the dashboard, so you can now click on Create.
Step Three – Create a Storage Account
Select New > Data + Storage > Storage Account. Enter a unique name and Select Resource Manager as the Deployment Model. Then account kind of General Purpose and Replication set to LRS. Then select your Subscription and your Resource Group (created above) and finally your location. Always ensure you are deploying in the same region to start with.
Click on Pin to Dashboard and then Create. Now we have our pre initial setup elements.
Resource Group, Storage Account and Virtual Network.
Step Four – Create a Network Security Group
Pexip has created a simple template to create all the ports required to allow Pexip inbound and outbound access. Full details here.
Simply run this template URL and select your subscription, select your Resource Group and then provide the Management Network where you want to allow it from (depending on your deployment and IP Address and VPN to Azure etc, you could enter your own Public IP address such as 198.51.100.1/32, if you want to only you can access it). Then enter a name for the Security Group. Click OK and then click on the Review Legal Terms, select “Purchase” and then click on Create.
As of 22nd October 2016, there is a new look to the Security Group creation page, see below.
In summary we are now ready to start deploying Pexip within Azure. We have our Security Group, Network and Storage Account all within our same location of North Europe.
So this concludes part one of deploying Pexip in Azure. Part two will focus on preparing the virtual servers in Azure.
Deploying Pexip in Azure – Part Two – Preparing Virtual Servers
So in part one, we setup Azure with Networking, Security and a Resource Group. In this part of setting up Pexip in Azure, we will prepare the servers so that we have in them in our own subscription.
Preparing Virtual Servers
Step One – Prepare your Windows client
So we need to connect our local machine to Azure so we can run a PowerShell script. There is a guide here from Microsoft. Essentially, run PowerShell ISE as Administrator by right clicking on it and select Run as Administrator.
Once in PowerShell run the following two commands
# Install the Azure Resource Manager modules from the PowerShell Gallery
# Install the Azure Service Management module from the PowerShell Gallery
If you get any prompts, just select Y for Yes
Step Two – Preparing Disk Images for Pexip in Azure
Now we need to edit the PowerShell script from the Pexip Docs site that Prepares the disk images for use. You need to add in your Subscription Name (mine is Free Trial), Resource Group Name (mine is gwpex) and your Storage Account name (mine is gwpexstorage). Simply cut and paste the text from the docs site into text editor. You can see below where I have typed in my parameters and save the file as a .ps1 file.
Close the file and right click on it and select Run with PowerShell. You will be prompted to login, so just enter your Azure login credentials. The script will now run and copy the images over to your storage account. This will take approximately five minutes to copy across.
To visually see that the images have copied across, just go to your Azure dashboard and click on your Storage Account, then on Blobs > vm-images. You will then see the Pexip Management Node and Conference Node within your Azure subscription.
Step Three – Preparing the VM instance for the Pexip Nodes
Now we need to create a new container for the Pexip Management Node and Conference Node(s). To do this, it must be in the same storage account (gwpexstorage in my case). Just click on Blobs > + Container. Give it a unique name (such as pexmgr) and Access Type as Container (could also be a Blob) and click create.
Do the same for a conference node too now so that it’s all prepared for later. I’ve called mine pexconf1. If you need a 2nd conference node, call that say pexconf2.
Next we need to create a new Resource Group that is unique to the Pexip Management Node and each Conference Node.
Step Four – Gathering information for the deployment template
Over on the Pexip docs site, there is a table that explains all information required and what each piece is for.
There is a template available on the Pexip site where you can choose what sort of deployment you want in Azure. As I shall be connecting mine to Office 365, I will need a public IP. I will also use password based authentication.
Firstly, you will need to capture some information before clicking on the template. We need to know the URL of where you copied the management node. To find this, just navigate to your Storage Account > Blob server > vm-images. The click on the Management node. You can check this as it will be in the title under Blob properties as shown below. Next click on copy to clipboard icon.
To find your Storage Container Name, just navigate to your Storage > Blobs and then you will see the name you created in the previous step for Management Node container.
The other credentials require are straight forward, just need to remember you IP range and provide it an address (don’t use 10.0.0.1 as it is reserved and will fail), a DNS Host name, a password.
You then just need to find local your Network Name (which we created above), the Network Subnet Name, Network Security Group and the Network Resource Group, this is listed under Resource Groups, so as in the image below you can see mine is gwpex as that is the Resource Group where my network sits. All of these variables were created above.
Step Five – Run the template
Now you can run the template URL since you have all the requirements and then enter them all. You will also need to review the legal terms and “purchase”. Then click on Create.
This concludes part two of preparing the servers and in the next part we will begin the Pexip installation of the management node.
So in part one we prepared Pexip in Azure and in part two we prepared the virtual machines in Azure. We are now ready to start setting up Pexip Infinity Management Node.
Deploying Pexip in Azure – Part Three – Preparing Pexip Management Node
Step One – SSH to the Management Node
First ensure you have a SSH client, I use putty.exe which can be downloaded directly here. In the Azure Portal, navigate to the Management Node server and find the public IP address as seen below. You can now open a SSH session to this IP address. Select Yes to accept the certificate warning.
Once in the SSH session, you will be prompted for a login. The default in Pexip is admin. You will then be asked for the password you created earlier in a previous step. Once entered, the wizard will start and will ask you for the password again. If you want to accept the defaults, you can just press enter like I have done, otherwise enter a new IP Address etc.
Once all details are correct, DNS and Time Server are critical for Pexip to operate, so ensure DNS is working and you can reach a time server. It will check the time server and then reboot.
Step Two – Log into the Pexip Management Node
Now that the management node has rebooted, you can close putty and open up your web browser and browse to the IP Address of the management node. Just login with admin and the username you set during your SSH session. Personally I keep the passwords all in sync so you don’t forget your Pexip password for SSH or web.
So there we have the management node installed and working ready to deploy the conferencing node in the next step.
In this step we are now going to create the Pexip in Azure Conference node. This is the server that does all the transcoding of the various media such as H.323, SIP, MS-SIP, H.239 and BFCP for content sharing.
Deploying Pexip in Azure – Part Four – Preparing Pexip Conference Node
Step One – Deploy the Conference Node Template in Azure
Similar to the previous step of deploying the management node, we need to run the template again. Choose the template from the Pexip site. I am going to use the same public IP template for my deployment.
I just need to get the URL of the conferencing node by going to Resource Groups > gwpex > gwpexstorage > Blob service > vm-images. Then click on the image and ensure it is the conference node image. Copy the URL to the clipboard.
Enter all the details in the fields, remembering that Resource Group is unique to each server you run. Also you need to create a folder under the storage account for the conference node (via Blob service). However, network resource and security groups will be the same. Click OK, review the legal terms and click Create. One thing to note that because I am on a trial account, I can only select a Standard D2 VMSize as it is limited to the number of cores. This will give me 2 HD calls which is fine for experimenting/testing. You will need to have a full Azure account if you were to select the D4_V2 which will give you approximately 15HD calls.
As of 22nd October 2016http://www.graham-walsh.com/wp-content/uploads/2016/05/Screen-Shot-2016-10-23-at-00.50.03.png, Azure has changed the Custom Deployment template a little, so the updated image is below.
In your Azure dashboard you will see it deploying the template.
In the next part of this guide, we will run through configuring the Pexip Conference Node from the Management Node.
Deploying Pexip in Azure – Part Five – Configuring the Pexip Conference Node
In the previous posts,we covered setting everything up, now this is about the penultimate step for deploying the Pexip in Azure conference node.
Configuring the Pexip Infinity Conference Node
Step Zero – Log into the Management Node
First log into the management node. To find the IP address of this, just look in the Azure Portal for the Public IP address of the management node, once you have opened a web page to it, log in with your credentials.
Step One – Configuring the Conference Node in Pexip Infinity Manager
To setup the conference node in Pexip you can follow the guide here. Just log back into the Pexip Infinity Manager and go to Platform Configuration > Conferencing Nodes > Add Conferencing Node
Select Generic (configuration only) from the drop down menu and click Next
Enter the basic information like your Conference Name, IP address and subnet, default gateway and the DNS Host name and DNS Domain name.
Next click on the green plus icon to create a location. For now, we just need to provide a location name, DNS servers and the NTP servers. Scroll to the bottom and click Save.
Scroll to the bottom and enter a SSH password you would like to use for this conference node. Remember to keep the password safe in case you need SSH into the conference node. Then click Finish.
Next download the configuration file to your local machine. It will be a XML file.
Step Two – Applying the config file to the Conferencing Node in Pexip in Azure
Jump into the Azure Dashboard and find the conference node (hopefully you pinned it) and browse to and then browse to the virtual machine.
Like before, you will be able to copy the public IP address.
Now navigate to the IP address and remember to include :8443 at the end e.g.: https://220.127.116.11:8443
You will be presented with a very simple page. Find the downloaded XML by clicking on Choose file and then click Upload.
The Conferencing Node will apply the configuration and then reboot. When it has rebooted, it will connect to the Management Node. You can close the browser window used to upload the file.
Step Three – Check the Conference Node can chat to the Management Node
Navigate back to the Pexip management node and go to Status > Conference Nodes. You should see the last contacted state as green which means it is online and talking to each other.
Step Four – Apply a static NAT config to the Conference Node
As our Azure deployment has a private addressing scheme, but we also have a public IP address assigned, we need to apply the Static NAT IP to the conference node as that is where all the media goes.
Navigate to Platform Configuration > Conferencing Nodes and select your conference node and click on it. Scroll down to the IPv4 static NAT address field and enter the public IP address from the Azure Dashboard. Then click on Save.
It will take one minute for the changes to replicate.
That is it, we know have a fully deployed Pexip Infinity platform in Azure. In the final part of the blog post series, we will create a test call to ensure everything is working.
Deploying Pexip in Azure – Part Six – Testing out the Pexip Azure Deployment
Testing out Pexip Infinity in Azure
Step One – Create a test meeting
Now for us to test out Pexip on Azure we are going to create a test meeting room. Just go to Service Configuration > Virtual Meeting Rooms and click on Add Virtual Meeting Room.
Quite simply just enter a test name of anything and scroll down to the Alias section and enter an alias. I’ve just used test and test for quickness. You could also user a numeric ID here too.
Step Two – Dialling into the Pexip in Azure Test Meeting
You can now browse to the public IP address (remember the one we put in the static NAT above) of conference node and you will see the dialogue box of someone to call. Just enter your alias you created above and a name and click on Connect.
You will be prompted to ask for permission for using your camera/microphone in your browser. You will then be asked to select your camera and microphone. You can tick the box to say don’t ask again. Then click Start.
You now have video call running in Azure. Oh, and OTRC with Pexip Happy days
To make full use of your Pexip Infinity platform, you now need to license it. Contact Pexip for your license key. For a trial license key, just fill in the form here on the Pexip website.
Deploying Pexip in Azure – Part Seven – Integrating Skype for Business in Office 365
Since we now have a fully working platform within Microsoft Azure, the next natural integration would be with Skype for Business in Office 365. With Pexip Infinity we make this super easy and working today. No hybrid deployment of Skype for Business required.
Pexip in Azure and Skype for Business in Office 365
Step One – Planning DNS Names
If you already have your domain name in use by Office 365 such as example.com, you will have sip.example.com associated with that. Now if your Pexip deployment will be using the same domain name, then it must have a sub domain so there is no conflict. For the Pexip DMZ node, you will need to use something like pex.example.com or vc.example.com. Then for your DNS entries, you will need sip.pex.example.com and for the SIPFederationTLS you will need _.sipfederationtls._tcp.pex.example.com. You will then need an A record of sip.pex.example.com pointing to the DMZ conference node. As we have our deployment in Azure with a static NAT address, we can publicly reach the conference node.
In the setup below, the domain name is different to my Office 365 Domain so it is straightforward, but many deployments will have the same domain name.
Step Two – Certificates
First you need to have publicly signed certificates, you can get a trial one from www.ssl.com or www.comodo.com if you are just doing a lab setup. Just remember that the trial certificates are not SAN certificates, so the conference node SIP TLS FQDN much match the Common Name (CN) of the certificate.
First import the Trusted CA from your provider.
You will now see I have all trusted certificates from the CA.
Then import the actual certificate for the management and conference node. You will see the built in certificates in the list.
When you add the certificate, just click on select the file find the .crt you got back from your CA provider. Then select your private key which you will have on your machine from doing say the openssl to generate the csr. You can also select which server you want to apply this to, so I have chosen the management node as this is what this cert is for. Click Save.
You can now re-open your browser using the DNS name that is in the certificate and you should see the green padlock to show that it is secure.
Now do the same for the conference node if that is using a single certificate too.
Step Three – Configure Conference Nodes
Depending on the your certificate and number of nodes, you can either set the SIP TLS FQDN as the FQDN of the conference node (as that should be in the SAN certificate) or if you only have one node and one standard certificate, you just set it to the Common Name (CN) of the certificate.
Step Four – Setting the Skype for Business Domain in Pexip
You must specify the name of the SIP domain that is routed from Skype for Business to Pexip Infinity for this deployment. This domain is inserted into the From header in outbound calls from Pexip Infinity to SfB, and ensures that SfB can route messages back to Pexip Infinity when, for example, initiating content sharing.
You specify this by going to Platform configuration > Global settings and configuring the Lync MSSIP domain setting:
Step Five – Setup a DNS SRV Record
Depending how your DNS is managed, it may be similar to mine below where I create the SRV record.
Step Six – Setup an A Record for the Conference Node(s)
Now we need to configure an A record as we’ve told the SRV record to point at sip.x.x.x in my example above. You also need to ensure you have A records for your conference nodes too.
Step Seven – Add a full DNS name to a Meeting
In part six, we created a test meeting room which was fine for Pexip testing. As we want to dial the full name from Skype for Business, we need to append the DNS name, so just head to Service Configuration > Virtual Meeting Rooms and click on your test meeting. Then add in another alias with the full domain name as shown below.
Step Eight – Check Location Settings
Next we need to ensure that our location is not associated with the Skype for Business server as we need to use DNS to route to your Office 365 deployment. There would only be a SfB server defined if you had an on-premise deployment. Just go to Platform configuration > Locations. Select each location in turn and ensure that nothing is entered in the Lync/SfB server field.
Step Nine – Test Drive it
Now you should be able to call from your Office 365 Skype for Business account to a Virtual Meeting Room or for example, a user could browse to the conference node and utilise WebRTC and make a call to the Office 365 Skype for Business user (once the gateway rules are all configured). Apologies for using my Mac Lync 2011 client, but the SfB Mac preview is only for online meetings. We will cover that in another post, but already been testing with that as you can see here.
In the next guide, I will cover using Pexip Infinity with Skype for Business as a gateway, so that the workflow is consistent to the SfB gallery view when users want to call legacy video endpoints such as Cisco, Polycom etc and bring them into the workflow of Skype for Business.