Sunday, December 6, 2015

How to Turn a Polycom VVX/SoundPoint IP phone into Common Area Phone

Common Area Phone is really cool feature introduced in Microsoft Lync Server 2010. What is meant by common area phone? In the context of this blog a common area phone is a Polycom phone device located in an area such as a cafeteria, hotel/office lobby, meeting room or even a security entrance phone. It is a phone device located in an area where multiple people, whether authorized users or not, have access to the phone and the phone is not dedicated to a specific user.
Note: Cloud PBX with PSTN Calling doesn't support Common Area Phone

Network research says you have quite few options to purchase for this specific purpose. Those options are Polycom’s CX500, CX600, CX3000, CX5000 and Aastra’s 6721ip, 6725ip, HP's 4110 IP Phone. Let's demystify this.

My target goal

is to provision Common Area Phone for remote branch office without need to purchase additional phone devices and reuse existing ones. I have phones located in remote branch: Polycom SoundPoint IP 450, Polycom VVX models.

Prerequisites for Common Area Phone

  • Check if Skype for Business Server (Lync) is enabled for PIN authentication:
Get-CsWebServiceConfiguration | fl Identity, UsePinAuth, UseCertificateAuth
  • The DHCP 043/120 options which provide the ability to support PIN authentication (will be strict requirement for Common Area Phone accounts to authenticate via TLS-DSK) 
  • The DHCP 004/042 options (Time Server). Although the time server location will provide the accurate time required to perform authentication and registration processes the phone will display the time in GMT by default. To show the correct local time on the phone’s display the standard time offset DHCP 002 option (Time Offset, optional) can be used.
    Check your DHCP options presence on your DHCP server:
Get-DhcpServerv4OptionValue -ComputerName -ScopeId -All | ft OptionID,Name,Value,VendorClass
  • You can use NTP SRV DNS record as an alternative to Time Server DHCP options
    _ntp._udp.<SIP domain> pointed to NTP server;
  • PIN authentication is only supported for internal networks which can contact the internal web services on a Lync Front End server internally;
  • PIN Authentication doesn't work via Edge Server;
  • Phone ability to sign in via PIN authentication.
It is possible to internally provision a Common Area Phone and then take the phone off-site, but if the user signs out or the client certificate expires (or is revoked by the server) then the device will not be able to connect again without bringing it back inside the network.
As you probably noticed everything is spinning around phone and network support for PIN authentication:
I assume you can discover other SfB certified non-Polycom devices may behave like Common Area Phones (just check if they support PIN authentication).

Recommended settings for Polycom/Soundpoint IP models acting as Common Area Phones

If we are in the process of deploying a phone in a common area we will most likely want to disable some of the default features (it is not strict prerequisite but recommendation), functions and physical ports on the VVX/Soundpoint IP.
  1. Disable physical ports on the phone such as the USB and PC ports
  2. Disable the speakerphone hard key and speakerphone functionality
  3. Disable the Home hard key to limit access to menus such as the Settings menu
  4. Remove and/or limit soft key functions (New Call, Sign Out, etc.)
  5. Disable additional features.
  6. Force phone device to use PIN authentication
These parameters would be put into your XML configuration file that will be uploaded to the phone via a provisioning server or via the WebUI of the phone. All commands are case sensitive.

  1. Disable physical ports on the phone such as the USB and PC ports:
device.set = "1" = Disabled
device.auxPort.enable.set = "1"
device.auxPort.enable = "0"
feature.usb.power.enabled = "0"
  2. Disable the speakerphone hard key and speakerphone functionality:
up.handsfreeMode = "0"
  3. Disable the Home hard key to limit access to menus such as the Settings menu:
key.26.function.prim = null
  4. Remove and/or limit soft key functions (New Call, Sign Out, etc.):
feature.enhancedFeatureKeys.enabled = "1"
softkey.feature.basicCallmanagement.redundant = "0"
softkey.feature.forward = "0"
softkey.feature.simplifiedSignIn = "0"
softkey.feature.mystatus = "0"
softkey.feature.buddies = "0"
softkey.feature.newcall = "0"
softkey.feature.doNotDisturb = "0"
  5. Disable additional features:
video.enable = "0"
diags.pcap.enabled = "0"
feature.callRecording.enabled = "0"
feature.pictureFrame.enabled = "0"
dir.local.readonly = "1"
  6. Force phone device to use PIN authentication
reg.1.auth.usePinCredentials = "1"

If your particular Polycom phone model doesn't support mention XML settings phone will ignore it.

Further Common Area Phone provisioning for Skype for Business Server (Lync) is very standard process and fully described on Technet and it is PowerShell only based process. You can use UI based tool called "Lync Common Area Phone Management" tool. This tool was successfully tested with Skype for Business Server 2015.

There is another cool feature introduced with Common Area Phone called Hot-Desking. You can set up Common Area Phones as hot-desk phones. With hot-desk phones, users can log on to their own user account, and, after they are logged on, use Skype for Business Server features and their own user profile setting. But it is another topic for discussion.