first, thank you for this great video I have one question, in case the enterprise network has different Vlans should I allow traffic on UDP ports for team ? for peer to peer call?
When you say the "high port range" are you referring to the 50,000 to 59,999 port range. Then if unable to connect to that high port range it will fall back to the 3478-3481 UDP port range instead?
High ports means here really 1,024-65,535 and they are completely optional. The client will indeed fall back to 3478-3481 and everything will continue to work. See also this discussion in the community: techcommunity.microsoft.com/t5/Microsoft-Teams/Meetings-High-Ports-Network-Planning-for-Microsoft-Teams/m-p/344490/highlight/true#M26247
How does one prevent media from traversing site to site VPNs in an enterprise with multiple locations linked by said VPNs? I am having this exact problem now. VPN is not the best medium for real time video traffic.
I solved this problem a while back. The issue is that traffic crossing site to site VPNs is not “internet traffic”. Also, split tunnel is not really a concept that is usually implemented with site to site VPNs. In any I case, I simply determined what ports peer to peer media traffic moves over in Teams. I then blocked those ports on our site to site VPNs. This left Teams no choice but to send media through Teams public servers for meeting participants that are in separate sites linked by site to site vpn. Since firewall rules only apply at the router this still allowed peer to peer media between participants inside the same physical network / in the same office building. It works.
Have any details about QoS changed since this video was published? There are Teams Rooms and Teams on Surface Hub 2S? How are they QoS-managed? Is QoS still not possible for the iOS and iPadOS and 'on the web' clients?
We just released new documentation on QOS. QOS should be possible on web client, as well as the iOS devices with port-based QOS tagging using ACL's on your layer-3 equipment: docs.microsoft.com/en-us/microsoftteams/qos-in-teams
@58:32 why the QoS is considered only with low bandwidth? Dont you think even if we have enough internet bandwidth, 1g endpoint, 1g wifi, 10g up links, 40g backbone, still should we consider QoS in order to stop worrying. We can't control the user behaviors on their computers specifically with random ports applications. In my environment, I've applied QoS at access switches, cores, endpoints using GPO for Lync.exe and Teams.exe, on firewall dedicated 10mbps for voip and Microsoft Teams IPs and Applications. IDP is disabled for all Microsoft Teams servers. Access Rule with voip 10mpbs object to Microsoft Teams only priortizd at the top rules. Off course, on Citrix VDI I have RTOP 2.8 installed, and Citrix audio policy is applied. Quality is great through out the whole sessions.
Please use our main documentation hub: aka.ms/SuccessWithTeams for our deployment and planning guidance. Also you should review our Deployment Advisor which will automatically provision a team with a full plan that you can customize. We think its best to plan Teams with Teams. Check that out here: ruclips.net/p/PLH5ElbTc1hWQz6Bw75ZMdtYNiwlGjYmTf
Fantastic Content! Thank you!
49:00 Hypnotized me for a minute!
lol thought it was just me.
Haha!!
first, thank you for this great video
I have one question, in case the enterprise network has different Vlans should I allow traffic on UDP ports for team ? for peer to peer call?
When you say the "high port range" are you referring to the 50,000 to 59,999 port range. Then if unable to connect to that high port range it will fall back to the 3478-3481 UDP port range instead?
High ports means here really 1,024-65,535 and they are completely optional. The client will indeed fall back to 3478-3481 and everything will continue to work. See also this discussion in the community: techcommunity.microsoft.com/t5/Microsoft-Teams/Meetings-High-Ports-Network-Planning-for-Microsoft-Teams/m-p/344490/highlight/true#M26247
where can i find these slides? I cannot see it in Teams Academy. Please reply
How does one prevent media from traversing site to site VPNs in an enterprise with multiple locations linked by said VPNs? I am having this exact problem now. VPN is not the best medium for real time video traffic.
Most SSL VPN's provide the option to do split tunneling, on a watchguard its a setting to separate internet traffic :)
I solved this problem a while back. The issue is that traffic crossing site to site VPNs is not “internet traffic”. Also, split tunnel is not really a concept that is usually implemented with site to site VPNs.
In any I case, I simply determined what ports peer to peer media traffic moves over in Teams. I then blocked those ports on our site to site VPNs. This left Teams no choice but to send media through Teams public servers for meeting participants that are in separate sites linked by site to site vpn. Since firewall rules only apply at the router this still allowed peer to peer media between participants inside the same physical network / in the same office building.
It works.
Have any details about QoS changed since this video was published? There are Teams Rooms and Teams on Surface Hub 2S? How are they QoS-managed? Is QoS still not possible for the iOS and iPadOS and 'on the web' clients?
We just released new documentation on QOS. QOS should be possible on web client, as well as the iOS devices with port-based QOS tagging using ACL's on your layer-3 equipment: docs.microsoft.com/en-us/microsoftteams/qos-in-teams
@58:32 why the QoS is considered only with low bandwidth? Dont you think even if we have enough internet bandwidth, 1g endpoint, 1g wifi, 10g up links, 40g backbone, still should we consider QoS in order to stop worrying. We can't control the user behaviors on their computers specifically with random ports applications. In my environment, I've applied QoS at access switches, cores, endpoints using GPO for Lync.exe and Teams.exe, on firewall dedicated 10mbps for voip and Microsoft Teams IPs and Applications. IDP is disabled for all Microsoft Teams servers. Access Rule with voip 10mpbs object to Microsoft Teams only priortizd at the top rules. Off course, on Citrix VDI I have RTOP 2.8 installed, and Citrix audio policy is applied. Quality is great through out the whole sessions.
So, if I understand the slide @36:52 correctly, the Microsoft relay will bypass Claims rules?
Excellent video, thanks!
Hi everyone, kindly advise what are main Teams Assessment Tools that can be used prior deployment ?
Please use our main documentation hub: aka.ms/SuccessWithTeams for our deployment and planning guidance. Also you should review our Deployment Advisor which will automatically provision a team with a full plan that you can customize. We think its best to plan Teams with Teams. Check that out here: ruclips.net/p/PLH5ElbTc1hWQz6Bw75ZMdtYNiwlGjYmTf
Great video, thanks
@38:12 I too remember the northern coasts of California