Prerequisites
This section outlines environmental requirements which are applicable to all aspects of the RealConnect Service, regardless of which Microsoft unified communications services are to be used. Additional requirements specific only to either Microsoft Teams or Skype for Business will be covered later in the applicable sections.
Microsoft Office 365
In order to utilize the Poly RealConnect Service a valid Microsoft Office 365 tenant is required and a user with the Global administrator role assigned. All topologies of Microsoft Exchange and Skype for Business are currently supported, as is Microsoft Teams.
Unsupported Regions
The RealConnect Service is currently available globally to Microsoft Office 365 tenants homed in any country, with the following exceptions. Note this requirement only applies to the region that the tenant is homed in, not the user specifically. So, a tenant homed in North America can still utilize the service with users located in any region.
| Service | Region |
|---|---|
| RealConnect for Microsoft Teams | "cn", "China", "ru", "Russian Federation" |
| RealConnect for Office 365 (Skype for Business) | "cn", "China", "ru", "Russian Federation", "kp", "North Korea", "ao", "Angola", "bw", "Botswana", "cm", "Cameroon", "cp", "Cape Verde", "ci", "Côte d'Ivoire", "et", "Ethiopia", "gh", "Ghana", "ke", "Kenya", "mu", "Mauritius", "na", "Namibia", "ng", "Nigeria", "rw", "Rwanda", "sn", "Senegal", "tz", "Tanzania", "ug", "Uganda","zm", "Zambia" |
Network Configuration
This section outlines IP communication requirements for network firewalls or standards-based video conferencing traversal solutions to successfully allow outbound calls from video endpoints to reach the various Microsoft Azure datacenter locations, where the Poly RealConnect Service resides.
If corporate security policies and/or existing firewall products support the use of DNS resolution against a DNS hostname, then this approach is preferred over manually managing a list of IP addresses.
Note: It may not be required to manually configure anything if the network where the endpoints reside, already allows outbound traffic to any host on the Internet over the required ports and protocols. If that is the case, then skip ahead to the Test Call section. If the test call fails then return here to validate the proper network communications are allowed.
DNS Hostnames
There are three automatically updated DNS records which can be leveraged by firewall policies to allow traffic into the RealConnect Service:
- edge-teams.plcm.vc can be used to allow outbound calls with a dial string of @t.plcm.vc which are destined for the RealConnect Service for Microsoft Teams.
- edge-sfb.plcm.vc can be used to allow calls outbound calls with dial strings of @v.plcm.vc and @h.plcm.vc which are destined for the RealConnect Service for Skype for Business.
- edge-global.plcm.vc simply includes all IP addresses from both records shown above and should be used when leveraging the RealConnect Service for both Teams and Skype for Business.
IP Addresses
The RealConnect Service currently resides in the following Azure datacenter regions and IP addresses. Bold IP addresses denote the front-end load balancer for a region.
| Azure Region Name | Azure Region ID | Microsoft Teams IP Addresses | Skype for Business IP Addresses |
|---|---|---|---|
| East US 2 | AzureCloud.eastus2 | 13.68.91.113 40.70.7.163 52.167.114.43 52.167.114.107 52.247.27.134 52.247.70.49 52.247.70.60 20.114.234.194 20.114.234.9 | |
| South Central US | AzureCloud.southcentralus | 13.65.201.101 23.100.126.112 40.74.244.20 40.74.245.115 40.124.6.108 52.171.128.190 104.215.77.58 104.210.212.181 70.37.77.35 | 13.65.254.254 13.85.8.48 52.171.141.90 104.215.94.223 |
| West US 2 | AzureCloud.westus2 | 13.66.206.244 13.77.175.139 52.143.127.44 52.191.165.159 52.191.184.234 52.229.60.57 52.250.7.26 20.83.98.145 20.83.96.75 | |
| North Europe | AzureCloud.northeurope | 23.100.54.229 23.100.55.51 23.100.55.142 23.101.48.200 23.102.19.53 23.102.22.241 40.115.119.97 23.102.32.103 20.238.125.85 | |
| Australia Southeast | AzureCloud.australiasoutheast | 13.70.140.93 13.70.141.2 13.77.56.231 40.115.73.118 40.127.69.62 40.127.71.243 40.127.74.66 20.70.74.215 20.70.78.130 | |
| Germany West Central | AzureCloud.germanywestcentral | 20.79.204.14 20.79.222.223 20.79.252.14 20.113.37.3 20.113.60.1 20.113.60.9 20.113.60.34 20.79.219.197 20.79.218.194 |
To download the list of IP addresses, see Poly RealConnect Cloud Service IPs.
As shown above, the RealConnect Service is hosted on different IP addresses for supporting Teams meetings than for supporting Skype meetings. It is only necessary to allow connectivity to the set of addresses applicable to which service(s) are being utilized. When using IP addresses in firewall security policies it is recommended to add all addresses from all regions in this list to avoid potential call failures.
DNS queries performed against the DNS records listed in the previous section will often return additional IP addresses which are not included in the table above. Those addresses are assigned to staging and testing instances of the RealConnect service and under normal circumstances do not need to specifically be included in a firewall policy. Note: Be aware that when contacting Poly for customer support it may be requested to temporarily add some of those addresses to assist in troubleshooting.
Calls placed to the RealConnect Service from a standards-based video conferencing system will be directed via a geographic DNS response containing one of the bold IP addresses (which denotes the front-end load balancer for that region). For best performance, the DNS query response is based on a latency measurement performed by Azure Traffic Manager against the source of the DNS query performed by the calling endpoint or the endpoint’s registrar. This will direct the call to the available region with the lowest measured latency at the time of the call. Once the call is placed and reaches the service the front-end load balancer will immediately redirect the call to a different IP contained in the list above. This will typically be another IP address within the same region which received the call, yet it is possible for the call to be redirected to an IP address in a different region based on service availability at the time of the call.
Note: If for some reason it is desired to prevent a call from landing in an undesired geographical region then that can be accomplished by placing the desired regions on an "allow list" or placing the undesired regions on a "block list". Note that doing so would result in a failed call if it is initially directed or redirected to a blocked IP address.
In the event that additional addresses are added to the service, then that information is updated here as well as communicated directly to existing customers, who are subscribed to service alerts via the status.plcm.vc page. These IP addresses are static assignments and are rarely, if ever removed. Changes typically occur when the service is deployed into a new region or additional addresses are added to an existing region for increased scale.
Ports and Protocols
Configure any outbound firewall rules to match the settings listed below for the desired protocol(s).
| Protocol | Ports | IP Protocol | Use |
|---|---|---|---|
| SIP | 5060 | TCP | Signaling |
| 5061 | TCP | Secure Signaling | |
| 15001-16000 | TCP | BFCP Content Sharing Media (Skype for Business Only) | |
| 20002-30001 | UDP | Audio, Video, and BFCP Content Sharing Media | |
| H.323 | 1719 | UDP | H.255 RAS Signaling |
| 1720 | TCP | Q.931 Signaling | |
| 10001-13000 | TCP | H.245 Signaling | |
| 20002-30001 | UDP | Audio/Video/H.239 Content Sharing |
- For example, if only SIP calls are to be allowed then only the top ports in the table are needed (5060-5061, 15001-16000 TCP & 20002-30001 UDP)
- Alternatively, if only H.323 calls are to be allowed then the bottom half of the table is applicable (1719, 20002-30001 UDP & 1720, 10001-13000 TCP)
Poly Environments
If the environment contains any video conferencing infrastructure components like Polycom DMA and RPAD then further configuration may be required to correctly route calls to the RealConnect Service. For detailed information about how to use the RealPresence DMA system, see the Polycom RealPresence DMA System Administrator Guide.
Cisco Environments
If the environment contains either Cisco endpoints and/or Cisco infrastructure components, then further configuration may be required to correctly route calls to the RealConnect Service.
Additionally, a Poly Cloud Relay virtual server will need to be deployed on-premises in order to support the Poly One Touch Dial (OTD) capability which is compatible with several Cisco’s native One Button to Push (OBTP) feature. It is recommended to perform the Cloud Relay deployment and configuration prior to advancing any further with the RealConnect Service configuration and license activation steps.
Verify the configuration settings on your Cisco TelePresence Video Communication Server (VCS). For detailed information about configuring the Cisco TelePresence Video Communications Server, see the Cisco support site.
Verify Zone Configuration
Within Cisco VCS verify the DNS and Traversal zones are Active and that either one or both SIP and H.323 are enabled (On).
Navigate to Configuration > Zones > Zones.
Verify the Status for both H.323 and SIP are On.
- Select DNS Zone and verify the State is Active.
- Select Traversal Zone and verify the State is Active.
Verify DNS Configuration
Verify that VCS can correctly resolve the plcm.vc domain in order to route calls to the RealConnect service from registered endpoints.
Navigate to System > DNS.
Verify that at least one DNS server has been provided which can resolve the public
plmc.vcdomain name.
Cisco VTCs Configured with a H.323 Alias
Cisco VTCs should be configured with a H.323 Alias in order to place H.323 CVI calls to RealConnect Service.
Test Call
Once the environment configuration is validated then place a test call from one or more video endpoints using either SIP or H.323 with the following dial string:
7357@test.plcm.vc
For example, if using a Poly Group Series endpoint connect to the device’s IP address using a web browser and then select the Place a Call menu. Expand Manual Dial, select the desired options, enter the test dial string, and then click Call.
If the call is successful, the following inbound video image should appear on the system’s monitor.
Also, select the Call Statistics button at the top of the page to confirm that both audio and video communications are each reporting successful transmit (TX) and receive (RX) channels.
