Sunday, December 6, 2015

How to Turn a Polycom VVX/SoundPoint IP phone into Common Area Phone

Common Area Phone is really cool feature introduced in Microsoft Lync Server 2010. What is meant by common area phone? In the context of this article a common area phone is a Polycom phone device located in an area such as a cafeteria, hotel/office lobby, meeting room or even a security entrance phone. It is a phone device located in an area where multiple people, whether authorized users or not, have access to the phone and the phone is not dedicated to a specific user.
As of today: Cloud PBX with PSTN Calling doesn't support Common Area Phone

Scenario:

Target goal is to convert existing Polycom SoundPoint IP, Polycom VVX phone to Common Area Phone without need to purchase additional phone devices.

Solution:
  • Check if Skype for Business Server (Lync) is enabled for PIN authentication:
Get-CsWebServiceConfiguration | fl Identity, UsePinAuth, UseCertificateAuth
  • The DHCP 043/120 options which provide the ability to support PIN authentication (will be strict requirement for Common Area Phone accounts to authenticate via TLS-DSK) 
  • The DHCP 004/042 options (Time Server). Although the time server location will provide the accurate time required to perform authentication and registration processes the phone will display the time in GMT by default. To show the correct local time on the phone’s display the standard time offset DHCP 002 option (Time Offset, optional) can be used.
    Check your DHCP options presence on your DHCP server:
Get-DhcpServerv4OptionValue -ComputerName yourdhcpserver.com -ScopeId 172.20.0.0 -All | ft OptionID,Name,Value,VendorClass
  • You can use NTP SRV DNS record as an alternative to Time Server DHCP options
    _ntp._udp.<SIP domain> pointed to NTP server;
  • PIN authentication is only supported for internal networks which can contact the internal web services on a Lync Front End server internally;
  • PIN Authentication doesn't work via Edge Server;
  • Phone ability to sign in via PIN authentication.
It is possible to start internally with Common Area Phone and then take the phone off-site, but if the user signs out or the client certificate expires (or is revoked by the server) then the phone won't be able to connect again without bringing it back inside the network.
As you probably noticed everything is spinning around phone and network support for PIN authentication:

Recommended settings for Polycom/Soundpoint IP models acting as Common Area Phones

If we are in the process of deploying a phone in a common area we will most likely want to disable some of the default features (it is not strict prerequisite but rather recommendation), functions and physical ports on the VVX/Soundpoint IP.
Put these parameters into your XML configuration file that will be uploaded to the phone via Polycom provisioning server or via the WebUI of the phone.

  1. Disable physical ports on the phone such as the USB and PC ports:
device.set = "1"
device.net.etherModePC = Disabled
device.auxPort.enable.set = "1"
device.auxPort.enable = "0"
feature.usb.power.enabled = "0"
  2. Disable the speakerphone hard key and speakerphone functionality:
up.handsfreeMode = "0"
  3. Disable the Home hard key to limit access to menus such as the Settings menu:
key.26.function.prim = null
  4. Remove and/or limit soft key functions (New Call, Sign Out, etc.):
feature.enhancedFeatureKeys.enabled = "1"
softkey.feature.basicCallmanagement.redundant = "0"
softkey.feature.forward = "0"
softkey.feature.simplifiedSignIn = "0"
softkey.feature.mystatus = "0"
softkey.feature.buddies = "0"
softkey.feature.newcall = "0"
softkey.feature.doNotDisturb = "0"
  5. Disable additional features:
video.enable = "0"
diags.pcap.enabled = "0"
feature.callRecording.enabled = "0"
feature.pictureFrame.enabled = "0"
dir.local.readonly = "1"
  6. Force phone device to use PIN authentication
reg.1.auth.usePinCredentials = "1"

Common Area Phone object provisioning on Skype for Business Server (Lync) is very standard process:

New-CsCommonAreaPhone -LineUri "tel:+12065551219" -RegistrarPool "pool.contoso.com" -OU "OU=Phones,dc=contoso,dc=com" -DisplayName "Building 14 Lobby"

Set-CsClientPin –Identity “Building 14 Lobby” -Pin 123123

You can also use UI based tool called "Lync Common Area Phone Management" tool. The tool was successfully tested with Skype for Business Server 2015.

Another cool feature introduced with Common Area Phone called Hot-Desking. You can set up Common Area Phones as hot-desk phones. With hot-desk phones, users can log on to their own user account, and, after they are logged on, use Skype for Business Server features and their own user profile setting.

New-CsClientPolicy -Identity "CommonAreaPhonePolicy" -EnableHotdesking $True -HotdeskingTimeout 00:10:00
Grant-CsClientPolicy -Identity "Building 14 Lobby" -PolicyName "CommonAreaPhonePolicy"

Per my understanding phones of other vendors may behave like Common Area Phones. Just check if they support PIN authentication.

References: