White Paper: Deploying Exchange 2007 Unified Messaging - Part 2

 

Tony Smith, Senior Technical Writer, Microsoft Exchange Server

September 2007

Summary

This white paper provides the technical information, prescriptive guidance, and configuration steps that are required to successfully deploy Microsoft Exchange Server 2007 Unified Messaging in your organization. The following information is included in this white paper:

  • Overview of Unified Messaging in Exchange Server 2007.

  • Planning a Unified Messaging Deployment for your organization.

  • Deploying Unified Messaging within your organization.

Applies To

Microsoft Exchange Server 2007

Table of Contents

  • Introduction

  • Overview of Unified Messaging in Exchange Server 2007

    • Unified Messaging Features and Benefits
  • Planning a Unified Messaging Deployment

    • PBX, IP PBX, and IP Gateway Configurations
  • Deploying Unified Messaging

    • Verify Installation of the Mailbox, Hub Transport, and Client Access Server Roles

    • Configuring Telephony Components

    • Deploying IP Gateways

    • Installation of the Unified Messaging Server Role

    • Create and Configure UM Active Directory Objects

  • Securing Your UM Deployment

    • UM-Enabled User PIN Security

    • Securing Unified Messaging Network Traffic

    • Configuring Permissions for Unified Messaging

  • Conclusion

Introduction

The telephony functionality found in Exchange 2007 Unified Messaging (UM) is new to the Microsoft Exchange product line. Its introduction combines multiple messaging infrastructures into a single messaging infrastructure. Unified Messaging includes many features and benefits for end users and administrators.

Objectives and acknowledgements Much of the information in this white paper originally appeared in individual Help topics in the Exchange Server 2007 Help. In this white paper, we have combined these topics to provide an end-to-end, printable guide that you can use to deploy Unified Messaging.

Note

To print this white paper, click Printer Friendly Version in your Web browser.

The content of this white paper is divided into the following sections:

  • Overview of Unified Messaging in Exchange Server 2007

  • Planning a Unified Messaging Deployment

  • Deploying Unified Messaging

  • Securing Your UM Deployment

Overview of Unified Messaging in Exchange Server 2007

Exchange 2007 provides distinct server roles that align with the way a messaging system is typically deployed and distributed in an organization. A server role is a unit that logically groups the features and components that are required to perform a specific function in the messaging environment. The Unified Messaging server role is one of the Exchange 2007 server roles that can be installed on a computer that is running Microsoft Windows Server 2003 or that is running Windows Server 2003 and Exchange 2007.

Unified Messaging combines voice messaging, fax, and e-mail messaging in the Exchange store. Exchange 2007 Unified Messaging integrates Microsoft Exchange with telephony networks and brings the Unified Messaging features to the core of Exchange. Exchange 2007 Unified Messaging puts all e-mail, voice, and fax messages into one Exchange 2007 mailbox that can be accessed from a variety of devices. After Unified Messaging servers are deployed on the network, users can access their messages from a telephone by using Outlook Voice Access, from a mobile device, or from the computer of a user who is running Microsoft Windows XP.

The Unified Messaging server role requires that an Exchange 2007 server that is running the Mailbox, Hub Transport, and Client Access server roles be installed in your organization. These server roles can be installed before or while you install the Unified Messaging server role. The following figure illustrates the relationship between telephony network components in an organization and the Exchange 2007 server roles that are required to deploy your Exchange 2007 Unified Messaging system.

The relationship between telephony components and Exchange 2007 Unified Messaging

Overview of Exchange Unified Messaging Topology

In the previous figure, the Exchange 2007 Unified Messaging solution provides access to telephony systems by using standard Voice over IP (VoIP) protocols. These protocols include Session Initiation Protocol (SIP), Realtime Transport Protocol (RTP), and the T.38 protocol. The IP gateways provide interoperability for legacy Private Branch eXchange (PBX) systems.

Unified Messaging Features and Benefits

Today, employees of organizations frequently manage their voice and fax messages separately from their e-mail messages. Additionally, IT administrators frequently manage the voice mail or telephony networks and the e-mail systems or data networks as separate systems. In these situations, voice mail and e-mail are located in separate inboxes hosted on separate servers that are accessed through the desktop for e-mail and through the telephone for voice mail. Fax messages come to, and are sent from, physical stand-alone fax machines. Exchange 2007 Unified Messaging offers a single store for all messages, including e-mail, voice, and fax messages.

When you deploy Exchange 2007 Unified Messaging, your users will have access to their e-mail, voice mail, and fax messages from either Microsoft Office Outlook 2007 or the version of Outlook Web Access that is included with Exchange 2007. Additionally, users will be able to use the following features:

  • Access to Exchange information   To offer a seamless voice mail experience for the user, UM-enabled users can access a full set of voice mail features from Windows Mobile powered devices, Outlook 2007, and Microsoft Outlook Web Access.

  • Play on Phone   The Play on Phone feature lets UM-enabled users play voice messages over a telephone.

  • Voice mail form   The Outlook 2007 voice mail form resembles the default e-mail form. It gives users an interface for performing actions such as playing, stopping, or pausing voice messages, playing voice messages on a telephone, and adding and editing notes.

  • Fax receiving   Exchange 2007 Unified Messaging lets fax messages be delivered to a user's Exchange 2007 mailbox and also lets users receive fax messages in their mailbox. A fax message is sent to the user's mailbox as an e-mail message that has an image file with a .tif extension attached. Users who receive these messages in their mailbox can open the attached file by using a software application that can open and view image files that have a .tif extension. For more information about faxing in Unified Messaging, see Understanding Faxing in Unified Messaging.

  • User configuration settings   A user who is enabled for Unified Messaging can configure several voice mail options for Unified Messaging by using Outlook Web Access. For example, the user can configure telephone access numbers and the voice mail Play on Phone number, and can reset a voice mail access PIN.

  • Call answering   Call answering includes answering an incoming call on behalf of a user, playing their personal greeting, recording a message, and submitting it for delivery to their mailbox as an e-mail message.

  • Outlook Voice Access   Subscribers can use Outlook Voice Access when they access the Unified Messaging system from an external or internal telephone. They can use Outlook Voice Access to access their Exchange 2007 mailbox, including their personal e-mail, voice messages, and calendar information. Subscribers can listen to, reply to, create, and forward unread e-mail messages by using the telephone. For more information about subscriber access in Unified Messaging, see Understanding Unified Messaging Subscriber Access.

  • Auto attendant   An auto attendant is a set of voice prompts that gives external or internal users access to the Exchange 2007 Unified Messaging system. Users can use the telephone keypad or speech inputs to move through the auto attendant menu structure, place a call to a user, or locate a user and then place a call to that user.

Deploying Exchange 2007 Unified Messaging in your organization offers the following benefits:

  • A complete unified messaging solution   Exchange 2007 Unified Messaging offers a true unified messaging system by using a single store, transport, and directory infrastructure.

  • An Exchange 2007 deployment and administration model   By using the Exchange 2007 Unified Messaging solution, you take advantage of the Exchange 2007 server design. You can use your knowledge of Microsoft Exchange, including training and troubleshooting methodology, and apply it to managing your voice mail and fax messaging infrastructure.

  • An Exchange 2007 security model   The Microsoft Exchange Unified Messaging service runs as an Exchange server account. This means that you do not have to create or manage a super user account for Unified Messaging.

  • Consolidation of voice mail systems   Currently, most voice messaging systems require that all the voice messaging system components be installed in every physical office location in an organization. Unified Messaging lets you manage your voice mail system from a central location. To create a centralized management system for Unified Messaging, you can place all Unified Messaging servers in a datacenter or location, and then deploy IP gateways in each of your branch offices to replace the voice messaging system for each branch office. When you deploy a centralized voice messaging system in this manner, you can achieve a significant savings in hardware and administrative costs.

  • Speech enabled auto attendants   When internal or external callers call in to the Exchange 2007 Unified Messaging system, a series of voice prompts assists them in moving through the auto attendant menu system. For more information about auto attendants, see Understanding Unified Messaging Auto Attendants.

Return to top

Planning a Unified Messaging Deployment

During the Exchange 2007 deployment phase, you install Exchange 2007 in your production environment. Before you begin the deployment phase, you should plan your Microsoft Exchange organization. For information about how to plan your Exchange 2007 organization, see Planning and Architecture or Planning for Unified Messaging Servers.

Before you deploy Exchange 2007, it is important to know which of the following organization types best describes your existing Exchange organization, and also which of these types you want your organization to be after you deploy Exchange 2007. Any supported Exchange organization can be categorized into one of these four Exchange organization types:

  • Simple Exchange organization

  • Standard Exchange organization

  • Large Exchange organization

  • Complex Exchange organization

For more information about recommended Exchange deployments, see Recommended Deployments.

When you plan your Exchange 2007 Unified Messaging deployment, you must consider design and other issues that may affect your ability to reach your organizational goals when you deploy Unified Messaging. The following are some areas that you should consider and evaluate when planning for Exchange 2007 in your organization:

  • Your business needs for Unified Messaging

  • Your telephony network and your current voice mail system

  • Your current data network design

  • Your current Active Directory environment

  • The number of users who you must support

  • The number of Unified Messaging servers you will need

  • The storage requirements for users

  • The placement of IP gateways, telephony equipment, and Unified Messaging servers

PBX, IP PBX, and IP Gateway Configurations

An organization that owns and maintains its telephony network must buy the required telephony hardware components. An organization must also consider the day-to-day maintenance of the telephony equipment and the training that is required for its staff to support the telephony system. Integrating Exchange 2007 Unified Messaging with your company's telephony network is one of the most significant deployment challenges when you deploy Unified Messaging. Your organization's ability to interoperate with Exchange 2007 Unified Messaging will depend on your specific PBX or IP PBX configurations and may also require that you install IP gateways, purchase additional PBX hardware, or configure and enable features on your PBXs or IP PBXs.

There are three types of basic telephony configurations in organizations: legacy (or traditional) PBX, IP PBX, and IP PBX hybrid. Examples of these telephony configurations are shown below.

The following figure illustrates a typical telephony and data network that includes a legacy or traditional PBX configuration.

Legacy (or traditional) PBX configuration

Legacy PBX Configuration

The following figure illustrates a typical telephony and data network that includes the two types of IP PBX configurations.

IP PBX configuration

IP/PBX Configuration

IP PBX hybrid configuration

IP/PBX Hybrid Configuration

For more information about telephony configurations before you deploy Exchange 2007 Unified Messaging, see Understanding PBX and IP PBX Configurations. For more information about telephony concepts and components, see Overview of Telephony Concepts and Components.

Correctly configuring IP gateways for your organization is a difficult deployment task that must be completed to successfully deploy Exchange 2007 Unified Messaging. To help answer questions and give you the most up-to-date IP gateway configuration information, see the Telephony Advisor for Exchange Server 2007 Web site. This Web site gives you IP gateway configuration notes and files that you must have to correctly configure your IP gateways to work with Exchange 2007 Unified Messaging.

Bandwidth Considerations

Every incoming call that is received from an IP gateway will generate IP-based network traffic and will consume some amount of your available network bandwidth. Before you deploy Unified Messaging, you should perform an analysis of the network traffic to determine current usage patterns and identify any potential issues. On most networks, bandwidth demand is not evenly distributed throughout business hours. Because all the IP-based calls are routed directly to your Unified Messaging servers from the IP gateways on your network and this IP-based network traffic consumes some available bandwidth, you should follow these recommendations and guidelines:

  • Place your PBXs physically close to your IP gateways.

  • Place your IP gateways and your Unified Messaging servers on the same well connected network or within the same physical site.

  • Place your Unified Messaging servers on the same well connected network or within the same physical site as other computers that have Exchange 2007 server roles installed, including Mailbox, Hub Transport, and Client Access servers.

  • Terminate your Wide Area Network (WAN) connections close to where your telephony equipment is located.

  • In branch office scenarios or over WAN connections, use the G.723.1 codec instead of the G.711u or G.711A codec to minimize the network traffic that is passed between your IP gateways and your Unified Messaging servers.

For a recent list of supported IP gateways and other configuration information related to IP gateways, PBXs, and IP PBXs, see the Telephony Advisor for Exchange Server 2007 Web site. For more information about IP gateway, PBX and IP PBX support in Unified Messaging, see Supported IP Gateways or IP PBX and PBX Support.

Return to top

Deploying Unified Messaging

Exchange 2007 Unified Messaging provides an efficient and simple deployment model that is highly scalable but does not increase the complexity of the deployment. There are many deployment models for Unified Messaging in your organization. The recommended deployment model for Unified Messaging centralizes your Unified Messaging servers. All the available deployment options for Unified Messaging have several steps in common that are required to create a scalable and highly available system to support large numbers of Unified Messaging users. These steps are as follows:

  • Verify that you have correctly installed the Exchange 2007 server roles that are required by Unified Messaging.

  • Deploy and configure your telephony components for Unified Messaging.

  • Install the Unified Messaging server role.

  • Perform the required post-installation tasks.

  • Configure the required Unified Messaging Active Directory objects.

  • Securing your UM deployment.

Return to top

Verify Installation of the Mailbox, Hub Transport, and Client Access Server Roles

A variety of deployment paths are available for organizations that plan to deploy Exchange 2007. Although these paths all lead to the same end—a successful deployment of Exchange 2007—each path is slightly different because each customer's needs and starting points are different. Generally, however, there are common starting points and paths that cover all supported deployment scenarios, including new installations, transitions, and migrations. Because Unified Messaging relies on the functionality of other server roles found in Exchange 2007, the Unified Messaging server role will most likely be the last server role that you install in your Exchange 2007 organization. However, you must follow these steps to install the server roles other than Unified Messaging before you can install the Unified Messaging server role:

Return to top

Configuring Telephony Components

To successfully deploy an Exchange 2007 Unified Messaging server in an Exchange organization, the Exchange administrator must become knowledgeable about data networking concepts and telephony terminology and concepts and be able to correctly configure those telephony components. We recommend that all customers who plan to deploy Exchange 2007 Unified Messaging obtain the assistance of a Unified Messaging specialist. They will help make sure that there is a smooth transition to Unified Messaging from a legacy voice mail system. Performing a new deployment or upgrading a legacy voice mail system requires significant knowledge about PBXs and Exchange 2007 Unified Messaging. For more information about how to contact a Unified Messaging specialist, see the Microsoft Exchange Server 2007 Unified Messaging (UM) Specialists Web site.

Generally there are three tasks that must be completed to successfully configure the telephony components that are required by Unified Messaging:

  • Provision PBX lines   The first step in deploying a scalable UM solution is to provision PBX lines.

  • Organize channels   After you have provisioned PBX-based voice channels, you can organize the channels as hunt groups.

  • Deploy IP gateways   After you have organized your voice channels as hunt groups, you end these channels at IP gateways. IP gateways are used with a legacy PBX to convert the circuit-switched protocols found on a telephony network to IP-based packet-switched protocols.

For a recent list of supported IP gateways and other configuration information related to IP gateways, PBXs, and IP PBXs, see the Telephony Advisor for Exchange Server 2007 Web site. For more information about IP gateway, PBX, and IP PBX support in Unified Messaging, see Supported IP Gateways or IP PBX and PBX Support.

Return to top

Deploying IP Gateways

IP gateway devices are integral to deploying Exchange 2007 Unified Messaging in your organization. There are two types of IP gateway devices that you can use with Unified Messaging: an IP PBX and an IP gateway. Both types of devices can exist in a single organization. However, you must configure each IP gateway or IP PBX device correctly to successfully deploy Unified Messaging.

The IP PBX or the IP gateway devices in your organization are the intermediary components between your organization's telephony network and your organization's data network. IP PBXs and IP gateways act as a translator and are used to convert the circuit-switched protocols that are found in your telephony network to the IP packet-switched protocol that is found in your data network.

When you integrate your organization's telephony and data networks during the deployment of Exchange 2007 Unified Messaging, you must configure the telephony and data networking components correctly. You must configure the following components or interfaces to successfully deploy Unified Messaging:

For more information about telephony components, see Overview of Telephony Concepts and Components.

Return to top

Installation of the Unified Messaging Server Role

After you have completed the deployment of your IP gateways or IP PBXs on your network, you must install the Unified Messaging server role on one or more computers in your Exchange environment. Depending on the needs of your business, to provide a highly scalable and available Unified Messaging system, consider installing the Unified Messaging server role on more than one computer. For more information about how to plan and deploy a highly available and scalable Unified Messaging system, see Planning for Unified Messaging Availability and Scalability.

Follow these steps to install the Unified Messaging server role:

  • Review the Exchange 2007 system requirements before installation.

    Before you install the Unified Messaging server role, we recommend that you make sure that your network, hardware, software, clients, and other elements meet the requirements for Exchange 2007. For more information about the system resources that are required to install the Unified Messaging server role, see Exchange 2007 System Requirements.

  • Install the Unified Messaging server role.

    There is more than one way to install the Unified Messaging server role on a computer that is running Exchange 2007. The Unified Messaging server role can be installed on a single computer that has no other Exchange 2007 server roles installed, or on a computer that is running another Exchange 2007 server role. Before you install the Unified Messaging server role, you must install the Mailbox, Hub Transport, and the Client Access server roles. However, you can install the Mailbox, Hub Transport, Client Access and the Unified Messaging server roles on the same physical computer.

    For more information about how to install the Unified Messaging server role, see How to Install the Exchange 2007 Unified Messaging Server Role.

    For more information about how to perform a custom installation, see How to Perform a Custom Installation Using Exchange Server 2007 Setup.

  • Verify your Exchange 2007 installation.

    After you install Exchange 2007, we recommend that you verify the installation and review the server setup logs. If the Setup process fails or errors occur during installation, you can use the setup logs to track down the source of the problem. For more information about how to verify that you have successfully installed the Unified Messaging server role, see Verifying an Exchange 2007 Installation.

  • Use the Security Configuration Wizard to help secure Windows for Exchange server roles.

    The Security Configuration Wizard (SCW) is a tool that was introduced with Windows Server 2003 Service Pack 1. Use the SCW to minimize the attack surface for servers by disabling Windows functionality that is not required for Exchange 2007 server roles. For more information about the Security Configuration Wizard, see Using the Security Configuration Wizard to Secure Windows for Exchange Server Roles.

Return to top

Create and Configure UM Active Directory Objects

Active Directory objects are required for the deployment and operation of Exchange 2007 Unified Messaging. Active Directory Unified Messaging objects connect the telephony infrastructure and the Unified Messaging Active Directory environment. For more information about UM Active Directory objects, see Overview of Unified Messaging Active Directory Objects.

Exchange 2007 Unified Messaging requires that you create at least one UM dial plan and that the UM dial plan has a Unified Messaging server and a UM IP gateway associated with it. After you install the Unified Messaging server role on a computer that is running Exchange 2007, you must associate the UM server with at least one UM dial plan. You can also associate a single UM server with multiple UM dial plans. After the UM server is associated with a UM dial plan, you must create a UM IP gateway and associate it with the UM dial plan that you have created.

After you have successfully installed the Unified Messaging server role on at least one computer, perform the following tasks.

Step 1: Create and configure UM dial plans

UM dial plans are integral to the operation of Exchange 2007 Unified Messaging and are required to successfully deploy Unified Messaging on your network. Although Unified Messaging has many Active Directory objects that must be created and configured during deployment, UM dial plan objects are the central component of the Unified Messaging system.

By default, UM dial plans and the Unified Messaging servers that are associated with the dial plan send and receive data without using encryption. Therefore, they are configured in unsecured mode. In unsecured mode, the VoIP and SIP traffic will not be encrypted. However, the UM dial plans and the Unified Messaging server that are associated with the UM dial plan can be configured by using the VoIPSecurity parameter. The VoIPSecurity parameter configures the dial plan to encrypt the VoIP and SIP traffic by using Mutual Transport Layer Security (mutual TLS). After you enable VoIP security on a UM dial plan, any UM IP gateways that will be associated with the secure dial plan must be created by using a fully qualified domain name (FQDN) and not an IP address.

After you have installed the Unified Messaging server role, perform one of the following procedures to create a new UM dial plan.

To use the Exchange Management Console to create a new Unified Messaging dial plan

  1. In the console tree, expand the Organization Configuration node.

  2. In the result pane, click Unified Messaging.

  3. In the action pane, click New UM Dial Plan.

  4. In the New UM Dial Plan wizard, in the Name section, type the name of the dial plan. The UM dial plan name that you type must be unique.

    Important

    Although the field for the name of the dial plan can accept 64 characters, the name of the dial plan cannot be longer than 49 characters. If you try to create a dial plan name that contains more than 49 characters, you will receive an error message. The message will say that the dial plan name could not be created because a default UM mailbox policy name could not be generated because the UM dial plan name is too long. This happens because, when you create a dial plan, a default UM mailbox policy is also created that has the name <DialPlanName> Default Policy. Therefore, the name of the UM mailbox policy is 15 characters longer than the name of the dial plan. The name parameter for both the UM dial plan and UM mailbox policy can be 64 characters long.

  5. In the Number of digits in extension numbers section, type the number of digits in the extension numbers for the UM dial plan.

  6. In the New UM Dial Plan wizard, click New.

  7. Click Finish.

You can also use the Exchange Management Shell to create a new UM dial plan by using the New-DialPlan cmdlet.

To use the Exchange Management Shell to create a new Unified Messaging dial plan

  • Run the following command:

    New-UMDialplan -Name MyNewDialPlan -NumberofDigits 5
    

If you must create and configure a UM dial plan that uses VoIP security, perform the following procedure.

To use the Exchange Management Shell to create a new Unified Messaging dial plan that uses VoIP Security

  • Run the following command:

    New-UMDialplan -identity MySecureDialPlan -NumberofDigits 5 -VoIPSecurity SIPSecured
    

To use the Exchange Management Shell to enable VoIP security on an existing Unified Messaging dial plan

  • Run the following command:

    Set-UMDialPlan -identity MySecureDialPlan -VoIPSecurity SIPSecured
    

For more information about syntax and parameters, see Set-UMDialplan (RTM).

For more information about UM dial plans, see Understanding Unified Messaging Dial Plans.

For more information about how to manage UM dial plans, see Managing Unified Messaging Dial Plans.

Return to top

Step 2: Create and configure your UM IP gateways

Exchange 2007 Unified Messaging relies on the ability of the IP gateway to translate Time Division Multiplex (TDM) or telephony circuit-switched based protocols, such as Integrated Services Digital Network (ISDN) or QSIG, from a PBX to protocols based on VoIP or IP, such as SIP, RTP, or T.38 for real-time facsimile transport.

A UM IP gateway is an Active Directory container object that contains one or more Active Directory UM hunt group objects and other UM IP gateway configuration settings. UM IP gateways are created within Active Directory to logically represent a physical hardware device called an IP gateway. The UM IP gateway can represent either an IP gateway or an IP PBX. The combination of the UM IP gateway object and a UM hunt group object establishes a logical link between an IP gateway hardware device and a UM dial plan.

When you create the first UM IP gateway and do not specify a UM dial plan at the time that you create the UM IP gateway, a default UM hunt group is also created. Creating and associating these objects in Active Directory enables the Unified Messaging server to receive calls from the IP gateway and then process incoming calls for users who are associated with the UM dial plan. When a call comes in to the IP gateway, the IP gateway forwards the call to a Unified Messaging server, and the Unified Messaging server tries to match the extension number of the user to the associated UM dial plan.

If you have created or enabled VoIP security on a dial plan and the UM IP gateway that you will create by using one of the following procedures in this section will be associated with a UM dial plan that uses VoIP security, you must use a fully qualified domain name (FQDN) to create the UM IP gateway, and not an IP address. You must also configure the UM IP gateway to use TCP port 5061. To configure a UM IP gateway, run the following command: Set-UMIPGateway -identity MyUMIPGateway -Port 5061. You must also verify that any IP gateways or IP PBXs have also been configured to listen on port 5061 for mutual TLS.

To create a new UM IP gateway, perform one of the following procedures.

To use the Exchange Management Console to create a new UM IP gateway

  1. In the console tree of the Exchange Management Console, expand the Organization Configuration node.

  2. In the console tree, click Unified Messaging.

  3. In the result pane, click the UM IP Gateways tab.

  4. In the action pane, click New UM IP Gateway.

  5. In the New UM IP Gateway wizard, in the Name section, type the name of the UM IP gateway. This is the display name for the UM IP gateway.

  6. In the IP Address section, type the IP address for the UM IP gateway, and then click New.

    Note

    Alternatively, you can enter an FQDN for the UM IP gateway. If you choose to use an FQDN, you must add the appropriate host records with the correct IP addresses to the DNS zone. If you are configuring a UM IP gateway that will be associated with a dial plan that is operating in secure mode, you must create the UM IP gateway with an FQDN.

  7. On the New UM IP Gateway page, click New.

  8. On the Completion page, click Finish.

You can also use the Exchange Management Shell to create a new UM IP gateway by using the New-UMIPGateway cmdlet.

To use the Exchange Management Shell to create a new UM IP gateway

  • Run the following command:

    New-UMIPGateway -Name MyUMIPGateway -Address 10.10.10.1
    

For more information about syntax and parameters, see New-UMIPGateway.

For more information about Unified Messaging IP gateways, see Understanding Unified Messaging IP Gateways.

For more information about how to manage UM IP gateways, see Managing Unified Messaging IP Gateways.

Return to top

Step 3: Create and configure your UM hunt groups (optional)

Hunt group is a term that is used to describe a group of PBX or IP PBX resources or extension numbers that are shared by users. Hunt groups are used to efficiently distribute calls into or out of a given business unit. For example, a PBX or an IP PBX might be configured to have 10 extension numbers for the sales department. The 10 sales extension numbers would be configured as one hunt group. In a PBX or an IP PBX, hunt groups are used to efficiently locate an open line, extension, or channel when an incoming call is received.

If you have created a UM IP gateway and associated the UM IP gateway with a UM dial plan, a default UM hunt group is created. You can associate another UM hunt group with the same or a different UM IP gateway, depending on the number of UM IP gateways that you have created.

When you create a UM hunt group, you are enabling all Unified Messaging servers that are specified within the UM dial plan to communicate with an IP gateway. To create a new UM hunt group, perform one of the following procedures.

To use the Exchange Management Console to create a new UM hunt group

  1. In the console tree of the Exchange Management Console, expand the Organization Configuration node.

  2. In the result pane, click Unified Messaging.

  3. In the work pane, click the UM IP Gateways tab.

  4. In the work pane, select an UM IP gateway.

  5. In the action pane, click New Hunt Group.

  6. In the New UM Hunt Group wizard, in the Name field, type the name of the hunt group.

  7. In the Dial plan field, click Browse.

  8. On the Select Dial Plan page, click to select the UM dial plan, and then click OK.

  9. In the Pilot identifier field, enter the appropriate pilot identifier and then click New.

  10. Click Finish.

You can also use the Exchange Management Shell to create a new UM hunt group by using the New-UMHuntGroup cmdlet.

To use the Exchange Management Shell to create a new UM hunt group

  • Run the following command:

    New-UMHuntGroup -Name MyHuntGroup -PilotIdentifier 51234 -UMDialplan MyDialPlan -UMIPGateway MyIPGateway
    

For more information about syntax and parameters, see New-UMHuntGroup.

For more information about how to manage UM hunt groups, see Managing Unified Messaging Hunt Groups.

Return to top

Step 4: Create and configure a UM mailbox policy (optional)

Unified Messaging mailbox policies are required when you enable users for Exchange 2007 Unified Messaging. They are useful for applying and standardizing Unified Messaging configuration settings for UM-enabled users. You create UM mailbox policies to apply a common set of policies or security settings to a collection of UM-enabled mailboxes.

The mailbox of each UM-enabled user must be linked to a single UM mailbox policy. After you create a UM mailbox policy, you link one or more UM-enabled mailboxes to the UM mailbox policy. This lets you control PIN security settings such as the minimum number of digits in a PIN or the maximum number of logon attempts for the UM-enabled users who are associated with the UM mailbox policy. If you prefer, you can also control message text settings or dialing restrictions for the same or a different group of UM-enabled mailboxes.

The following figure illustrates how UM mailbox policies can be created to control dialing restrictions and PIN security settings for three groups.

Example of Unified Messaging mailbox policies

UM Policies

Every time that you create a UM dial plan, a UM mailbox policy will also be created. The UM mailbox policy will be named <DialPlanName> Default Policy. However, if you have to create a new UM mailbox policy, perform one of the following procedures.

To use the Exchange Management Console to create a new UM mailbox policy

  1. In the console tree, expand the Organization Configuration node.

  2. In the console tree, click Unified Messaging.

  3. In the work pane, click the UM Mailbox Policies tab.

  4. In the action pane, click New UM Mailbox Policy.

  5. In the New UM Mailbox Policy wizard, in the Name section, type the name of the UM mailbox policy. This is the display name for the UM mailbox policy.

    Note

    The name that you provide must be unique.

  6. Next to the Select associated dial plan box, click Browse.

  7. In the Select Dial Plan window, click the UM dial plan, and then click OK.

  8. On the New UM Mailbox Policy page, click New.

  9. On the Completion page, click Finish.

You can also use the Exchange Management Shell to create a new UM mailbox policy by using the New-UMMailboxPolicy cmdlet.

To use the Exchange Management Shell to create a new UM mailbox policy

  • Run the following command:

    New-UMMailboxPolicy -Name MyNewUMPolicy -UMDialPlan MyDialPlan
    

For more information about syntax and parameters, see New-UMMailboxPolicy.

For more information about Unified Messaging mailbox policies, see Understanding Unified Messaging Mailbox Policies.

For more information about how to manage UM mailbox policies, see Managing Unified Messaging Mailbox Policies.

Return to top

Step 5: Add a Unified Messaging server to dial plans

Although the operational status of the Exchange 2007 Unified Messaging server is set to enabled after installation, there is a logical status parameter that is used to control the operational status of the Unified Messaging server. The intention of the logical status variable is to let you stop call processing so that the Unified Messaging server can be taken offline in a controlled way.

Unified Messaging requires that you create at least one UM dial plan and that the UM dial plan has a Unified Messaging server and a UM IP gateway associated with it. After you install the Unified Messaging server role on a computer that is running Exchange 2007, you must add the UM server to a UM dial plan. After you add the UM server to a dial plan, the UM server can then start answering incoming calls that are forwarded from an IP gateway.

A Unified Messaging server can be associated with a single or multiple UM dial plans. However, a single UM server can use either mutual TLS (secured) or TCP (unsecured), but not both. This is a limitation of the SIP signaling stack. Therefore, a single UM server can only be associated with multiple dial plans that have the same security configuration.

To add a UM server to a dial plan, perform one of the following procedures.

To use the Exchange Management Console to add a Unified Messaging server to a UM dial plan

  1. In the console tree of the Exchange Management Console, expand the Server Configuration node.

  2. In the result pane, select the Unified Messaging server.

  3. In the action pane, click Properties.

  4. On the UM Settings tab, under the Associated Dial Plans section, click Add.

  5. In the Select Dial Plan window, select the dial plan that you want to add from the list of available dial plans, and then click OK.

  6. Click OK again to accept your changes.

You can also use the Exchange Management Shell to add a Unified Messaging server to a dial plan by using the Set-UMServer cmdlet.

To use the Exchange Management Shell to add a Unified Messaging server to a UM dial plan

  • Run the following command:

    Set-UMServer -Identity ExUMSrv -DialPlans MyDomainDialPlan
    

For more information about syntax and parameters, see Set-UMServer.

For more information about Unified Messaging servers, see Understanding Unified Messaging Servers.

For more information about how to manage Unified Messaging servers, see Managing a Unified Messaging Server.

Return to top

Step 6: Create and configure UM auto attendants (optional)

In telephony or unified messaging environments, an automated attendant or auto attendant menu system transfers callers to the extension of a user or department without the intervention of a receptionist or an operator. In many auto attendant systems, a receptionist or operator can be reached by pressing or saying zero. The automated attendant is a feature on most modern PBX and unified messaging solutions.

Exchange 2007 Unified Messaging enables you to create one or more UM auto attendants, depending on the needs of your organization. UM auto attendants can be used to create a voice menu system for an organization that lets external and internal callers move through the UM auto attendant menu system to locate and place or transfer calls to company users or departments in an organization.

A UM auto attendant lets callers move through the menu systems by using dual tone multi-frequency (DTMF) or voice inputs. However, for automatic speech recognition (ASR) or voice inputs to be used, you must speech-enable the UM auto attendant. For more information about how to speech-enable an auto attendant, see How to Speech-Enable a Unified Messaging Auto Attendant.

In the Active Directory directory service, each UM auto attendant that is created is represented as an object. There is no limit to the number of UM auto attendants that you can create in Active Directory. Each Exchange 2007 UM auto attendant can support an unlimited number of extensions. A UM auto attendant can reference one, and only one, UM dial plan. However, UM auto attendants can reference or link to other UM auto attendants. In Exchange 2007 Unified Messaging, you can create multiple UM dial plans and multiple UM auto attendants. A UM auto attendant object can be configured to use only a single UM dial plan. However, multiple auto attendants can be assigned to a single dial plan.

The following examples demonstrate how you can use UM auto attendants together with Exchange 2007 Unified Messaging:

Example 1: At a company called Contoso, Ltd., external customers can use three external telephone numbers: 425-555-1111 (Corporate Offices), 425-555-2222 (Product Support), and 425-555-3333 (Sales). The Human Resources, Administration, and Accounting departments have internal telephone extensions and must be accessed from the Corporate Offices UM auto attendant.

To create a UM auto attendant structure that supports this scenario, create and configure three UM auto attendants that have the appropriate external telephone numbers. Create three other UM auto attendants for each department in the Corporate Offices. Then configure each UM auto attendant based on your requirements, such as the greeting type or other navigational information.

The following figure is a graphical representation of how UM auto attendants can be used in Example 1.

How to configure multiple UM auto attendants with multiple outside business telephone lines

UM Auto Attendants

Example 2: At a company called Contoso, Ltd., external customers call one main number for the business, 425-555-1000. When an external caller calls the external number, the UM auto attendant answers and prompts the caller by saying, "Welcome to Contoso, Ltd. Please press or say 'One' to be transferred to corporate administration. Please press or say 'Two' to be transferred to product support. Please press or say 'Three' to be transferred to corporate information. Please press or say 'Zero' to be transferred to the operator." To create a UM auto attendant structure that supports this scenario, you create a UM auto attendant that has customized extensions that route the call to the appropriate extension number.

The following figure is a graphical representation of how UM auto attendants can be used in Example 2.

How to configure multiple UM auto attendants with a single outside business telephone line

Unified Messaging Auto Attendants

Creating and using auto attendants is optional in Exchange 2007 Unified Messaging. However, if you have to create a new UM auto attendant, perform one of the following procedures.

To use the Exchange Management Console to create a new auto attendant

  1. In the console tree of the Exchange Management Console, expand the Organization Configuration node.

  2. In the console tree, click Unified Messaging.

  3. In the work pane, click the UM Auto Attendants tab.

  4. In the action pane, click New UM Auto Attendant.

  5. In the New UM Auto Attendant wizard, in the Name text box, type the name of the auto attendant. This will be the display name for the auto attendant.

  6. In the Select associated dial plan section, click Browse.

  7. In the Select Dial Plan window, click the dial plan, and then click OK.

  8. In the New UM Auto Attendant wizard, in the Extension numbers text box, type the telephone extension number for the auto attendant, and then click Add.

  9. In the New UM Auto Attendant wizard, select the Create auto attendant as enabled if you want to enable the auto attendant as soon as the wizard is finished.

  10. In the New Auto Attendant wizard, select the Create auto attendant as speech-enabled if you want to enable speech recognition on the auto attendant as soon as the wizard is finished.

  11. On the New UM Auto Attendant page, click New.

  12. On the Completion page, click Finish.

You can also use the Exchange Management Shell to create a new auto attendant by using the New-UMAutoAttendant cmdlet.

To use the Exchange Management Shell to create a new auto attendant

  • Run the following command:

    New-UMAutoAttendant -Name MyNewAA -UMDialPlan MyDialPlan -PilotIdentifierList 51000 -Enabled True
    

For more information about syntax and parameters, see New-UMAutoAttendant.

After you have created a non-speech enabled or a speech-enabled auto attendant, you must create and configure key mappings so that the auto attendant can function correctly. If you do not enable key mappings for either business or non-business hours, callers will hear the voice prompts but will be unable to interact with the auto attendant. To create key mappings for an auto attendant, see the following topics:

For more information about UM auto attendants, see Understanding Unified Messaging Auto Attendants.

For more information about how to manage UM auto attendants, see Managing Unified Messaging Auto Attendants.

Return to top

Step 7: Enable users for Unified Messaging

By default, when an Exchange 2007 recipient is created, it is not UM-enabled. After the recipient is enabled for Unified Messaging, you can manage, modify, and configure the UM-related properties for the user. You can then view and modify UM-related settings such as the associated UM dial plan, the associated UM mailbox policy, and the extension number for the user. When you enable a user for Unified Messaging, the user must be associated with or linked to an existing UM mailbox policy and you must provide the extension number for the user.

After the user is enabled for Unified Messaging, all e-mail, voice, and fax messages will be delivered to the user's Inbox. By using Outlook 2007, Outlook Web Access, a mobile device that is enabled for Exchange ActiveSync, or a regular or cellular telephone, the user can access their e-mail, voice and fax messages, and calendaring information.

There are two locations in which UM properties are stored for a user: the Mailbox object and the user's Active Directory object. When you enable a user for Unified Messaging, you set the UM property on the user's Mailbox object. After the Mailbox property is set to enabled for Unified Messaging, the user can use the Unified Messaging features in Exchange 2007.

After a user is enabled for UM, the user's UM properties are stored in the user properties and the user's mailbox. The user's UM properties, such as the user's extension number, spoken name, and other properties for the user, are stored in the user's properties in Active Directory.

To enable a user for Unified Messaging, perform one of the following procedures.

To use the Exchange Management Console to enable a user for Unified Messaging

  1. In the console tree of the Exchange Management Console, expand the Recipient Configuration node.

  2. In the result pane, select the user mailbox that you want to enable for Unified Messaging.

  3. In the action pane, click Enable Unified Messaging.

  4. In the Enable Unified Messaging wizard, on the Enable Unified Messaging page, in the Unified Messaging Mailbox Policy box, click Browse.

  5. In the Select UM Mailbox Policy window, select the UM mailbox policy, and then click OK.

  6. To configure the extension numbering information select from the following options:

    • Automatically generated mailbox extension

      If you have configured an extension number for the user in the Business field on the Address and Phone tab in the user's properties, the extension number will be generated automatically.

    • Manually entered mailbox extension

      If you have not configured an extension number for the user, enter the extension number for the user in the Manually entered mailbox extension box.

  7. To configure the PIN settings for the user, select from the following options:

    • Automatically generate PIN to access Outlook Voice Access

    • Manually specify PIN

    • Require user to reset PIN at first telephone logon

  8. If you have configured an extension number for the user in the Business field on the Address and Phone tab in the user's properties, the extension will be generated automatically. If you have not configured an extension number for the user, enter the extension number for the user in the Manually entered mailbox extension box.

  9. In the Enable Unified Messaging wizard, on the Enable page, click Enable.

  10. In the Enable Unified Messaging wizard, on the Completion page, click Finish.

You can also use the Exchange Management Shell enable a user for Unified Messaging by using the Enable-UMMailbox cmdlet.

To use the Exchange Management Shell to enable a user for Unified Messaging

  • Run the following command:

    Enable-UMMailbox -Identity tonysmith@contoso.com -UMMailboxPolicy MyDomainUMPolicy
    

For more information about syntax and parameters, see Enable-UMMailbox (RTM).

For more information about Unified Messaging users, see Understanding Unified Messaging Users.

For more information about how to manage Unified Messaging users, see Managing Unified Messaging Users.

Return to top

Secure Your UM Deployment

There are three security-related areas to consider when you deploy Unified Messaging. You can help increase the level of protection for your network if you correctly plan a UM security strategy and then correctly configure the security settings that are available to administrators in the following areas:

UM-Enabled User PIN Security

When a subscriber or a UM-enabled user uses a telephone to connect to a computer that has the Unified Messaging server role installed, they use Outlook Voice Access to move through the UM menu system. However, before the user can access the UM system, the system prompts them to input their PIN.

A PIN is a numeric string that is used in certain systems, including unified messaging systems, so that a user can be authenticated and gain access. A PIN is a pass code that a user enters on the telephone to access their Microsoft Exchange mailbox. The strength of the PIN depends on its length, how well it is protected, and how difficult it is to guess. As the administrator, you can configure PIN settings and requirements and perform PIN management tasks.

In Exchange 2007 Unified Messaging, PIN policies are defined and configured on a UM mailbox policy. Multiple UM mailbox policies can be created depending on your requirements. When you enable a user for Exchange 2007 Unified Messaging, you associate the user with an existing UM mailbox policy. The UM PIN policies that are configured on the UM mailbox policy should be based on the security requirements of your organization. For more information about how to configure PIN settings for UM-enabled users, see Configuring Security for Unified Messaging Users.

To set PIN policies for UM users, you can either create a new UM mailbox policy or modify an existing UM mailbox policy. After a new UM mailbox policy is created, you can then configure the UM mailbox policy with the following PIN settings:

  • MinPasswordLength

  • PINLifetime

  • LogonFailuresBeforePINReset

  • MaxLogonAttempts

  • AllowCommonPatterns

  • PINHistoryCount

To configure PIN UM mailbox policy settings, perform one of the following procedures.

To use the Exchange Management Console to set PIN policies for Unified Messaging users

  1. In the console tree of the Exchange Management Console, expand the Organization Configuration node.

  2. In the result pane, click Unified Messaging.

  3. In the work pane, click the UM Mailbox Policies tab.

  4. In the work pane, click the UM mailbox policy that you want to change. This is the UM mailbox policy that is associated to the UM-enabled user.

  5. In the action pane, click Properties.

  6. In the UM mailbox policy Properties dialog box, click the PIN Policies tab.

  7. On the PIN Policies tab, configure the PIN settings for the UM mailbox policy, and then click OK to accept your changes.

You can also use the Exchange Management Shell configure PIN settings for UM-enabled users by using the Set-UMMailboxPolicy cmdlet.

To use the Exchange Management Shell to set PIN policies for Unified Messaging users

  • Run the following command:

    Set-UMMailboxPolicy -Identity MyUMMailboxPolicy -MinPasswordLength 8 -PINLifetime 30 -LogonFailuresBeforePINReset 3 -MaxLogonAttempts 7 -PINHistoryCount 10
    

For information about syntax and parameters, see Set-UMMailboxPolicy.

For more information about Unified Messaging mailbox policies, see Understanding Unified Messaging Mailbox Policies.

For more information about how to manage Unified Messaging mailbox policies, see Managing Unified Messaging Mailbox Policies.

Return to top

Securing Unified Messaging Network Traffic

There are several security methods that can help you protect the Unified Messaging servers and the network traffic in your organization. This includes traffic that is sent between your IP gateways and Unified Messaging servers and between your Unified Messaging servers and other Exchange 2007 servers in your organization. For more information about how to help secure the network traffic that is generated by Unified Messaging, see Securing Unified Messaging Network Traffic.

Unified Messaging can communicate with IP gateways, IP PBXs, and other Exchange 2007 computers in a secured or an unsecured mode, depending on how the UM dial plan has been configured and if the appropriate certificate trusts have been established between the IP gateways and Unified Messaging servers on your network. In unsecured mode, the VoIP and SIP traffic is not encrypted. However, the UM dial plans and the Unified Messaging servers that are associated with the UM dial plan can be configured by using the VoIPSecurity parameter. The VoIPSecurity parameter configures the dial plan to encrypt the VoIP and SIP traffic by using mutual TLS.

You must follow these steps to help secure your Unified Messaging environment and enable VoIP security between your Unified Messaging servers and IP gateways:

  1. Install the Unified Messaging server role.

  2. Create a UM dial plan and configure the UM dial plan to use VoIP security.

  3. Add the Unified Messaging server to a UM dial plan.

  4. Create and configure the UM IP gateways that are used to have a fully qualified domain name (FQDN).

  5. Export and import the required certificates to enable the Unified Messaging servers, IP gateways, IP PBXs, and other servers that are running Exchange 2007 to use mutual TLS. For more information about how to import and export certificates, see Importing and Exporting Certificates.

For more information about VoIP security with Unified Messaging, see Understanding Unified Messaging VoIP Security.

Configuring Permissions for Unified Messaging

In many organizations, there are separate administrators for Microsoft Exchange, Active Directory, and the telecommunications equipment. Therefore, administrative functions must be delegated to maintain distinct boundaries between different levels of administrative permissions. For more information about the security permissions that are related to Unified Messaging, see Configuring Unified Messaging Permissions.

Return to top

Conclusion

This white paper has provided you with the necessary technical information and prescriptive guidance and configuration steps to successfully deploy Exchange 2007 Unified Messaging in your organization.

Additional Information