Migrating to One-Touch Join for Pexip Service

This guide explains how Pexip Service customers who have currently implemented One-Touch Join using a dedicated Pexip Infinity deployment can migrate to the Pexip Service's own One-Touch Join feature.

For information on migrating from One-Touch Join for Pexip Service to a dedicated Pexip Infinity deployment, see Migrating to One-Touch Join for Pexip Infinity.

To ensure a smooth migration with minimal loss of service, we recommend you complete the required steps in the following order:

  1. Ensure you have met the required Prerequisites, including obtaining the necessary licenses for One-Touch Join for Pexip Service and ensuring you have access to Microsoft 365 as a calendar provider, along with the usual prerequisites for implementing One-Touch Join.

  2. Reconfiguring your calendar service.

  3. Configuring a calendar provider.

  4. Configuring mailboxes.

  5. Configuring meeting processing rules.

  6. Reconfigure your endpoints to obtain meeting information from One-Touch Join for Pexip Service instead of Pexip Infinity.

Prerequisites

Obtaining licenses

Endpoints used for One-Touch Join don't need to be registered to the Pexip Service. However, each endpoint must have an appropriate Endpoint License in order for it to be managed from within Pexip Control Center (PCC).

You'll need to purchase a One-Touch Join Room License Service license, and cancel your existing Pexip Infinity One-Touch Join licenses.

For information on licensing, see One-Touch Join (OTJ): trial, orderability and enablement or contact your Pexip account manager.

Microsoft 365 calendar provider

Although One-Touch Join supports meetings created in Microsoft Outlook, Google Calendar, and most other calendar providers, the room resources and mailboxes associated with your OTJ endpoints must be created in Microsoft 365 tenants only (on-premises mailboxes are not supported, even in Exchange hybrid deployments). This feature uses the Graph API to authorize access to the mailboxes used for OTJ.

  • If your Pexip Infinity One-Touch Join deployment already uses Microsoft 365, you can continue to use these mailboxes. However, you will need to reconfigure the mail enabled security group, because this will use a different app ID. For full information, see Reconfiguring your calendar service.

  • If your Pexip Infinity One-Touch Join deployment uses another calendar service, you must set up a Microsoft 365 tenant and associated mailboxes before you can use OTJ for the Pexip Service.

The Microsoft 365 domain must be verified by the Pexip Service. For information on how to do this, see Verifying Microsoft 365 tenant domains.

Other One-Touch Join prerequisites

You should also ensure you have met the following requirements:

  • The endpoints you want to include in One-Touch Join are already added in the Pexip Control Center and can connect with the Pexip Service.
  • In Pexip Control Center, you have the OTJ Admin role towards the company you want to configure, and that company is enabled for One-Touch Join.
  • You have the Global Admin role for your organization's Office 365 account. If you don't, a user who does have this role will need to provide consent on your behalf to the tenant being accessed by One-Touch Join.
  • You have verified your Microsoft 365 tenant domain by adding a DNS TXT record for your Microsoft 365 domain — see Verifying Microsoft 365 tenant domains for instructions.
  • Each physical room that will have a One-Touch Join endpoint in it has an associated room resource and mailbox. All room resources and mailboxes associated with your OTJ endpoints must be created in Microsoft 365 tenants only (on-premises mailboxes are not supported, even in Exchange hybrid deployments). This feature uses the Graph API to authorize access to the mailboxes used for OTJ.

Firewall configuration

Ensure you have configured your firewall appropriately (the full set of firewall rules is available here).

These are the port usage rules for One-Touch Join for Pexip Service:

Source Transport Service/Application Destination ports Rule Destination
Endpoints TCP HTTPS 443 Outgoing 185.94.240.0/22
185.124.96.0/22
Endpoints * UDP NTP 123 Outgoing 176.58.109.199/32

* For OTJ to display meetings at the correct time, the endpoint must have a synched clock. You may use your own NTP server instead of the one provided by Pexip above (and thus you do not need to allow this range), however you must inform your Pexip authorized support representative.

These are the domains that may need to be safelisted to allow traffic to pass without interference:

Domain Service/Application
otj.pexip.io for One-Touch Join for Pexip Service (Cisco & Poly)
auth.otj.pexip.io
cisco-macros.pexip.io
for One-Touch Join for Pexip Service (Cisco only)

Reconfiguring your calendar service

You must reconfigure the existing mail-enabled security group in Microsoft 365, because this uses a different app ID for the Pexip Service than it does for Pexip Infinity.

To do this, connect to Exchange Online PowerShell and update the application security policy for the mail-enabled security group used for One-Touch Join, using the PowerShell command below.

You must change the PolicyScopeGroupId and can optionally change the description.

Copy to clipboard
New-ApplicationAccessPolicy -AppId 5b19f2a2-1969-4db2-9882-f7497a0bb6d2 -PolicyScopeGroupId <email of the mail-enabled security group> -AccessRight RestrictAccess -Description "Restrict Pexip OTJ app to selected room resource mailboxes"

Changes to application access policies can take up to 2 hours to start receiving OTJ meetings for an endpoint.

Configuring a calendar provider

You must provide consent for One-Touch Join to access your Microsoft O365 tenants. To do this, follow the steps in Configuring a calendar provider.

Configuring mailboxes

You must now configure which video conferencing systems are supported by this One-Touch Join implementation. To do this, follow the steps in Configuring mailboxes.

To check that mailboxes have been added correctly, in PCC go to Settings > One-Touch Join and scroll down to Mailbox Configuration. The mailbox should have a status of Online.

Configuring meeting processing rules

To configure how calendar invitations in your One-Touch Join environment are processed and what meeting information is displayed on endpoints, follow the steps in Configuring meeting processing settings.

Reconfiguring your endpoints

Both One-Touch Join for Pexip Infinity and One-Touch Join for Pexip Service require that every endpoint used for OTJ has an associated calendar and mailbox. In both cases the OTJ service reads the calendars of each meeting room endpoint, parses information about all the meetings to which the endpoint has been invited, and then provides this information to the endpoint. However, the mechanism by which the information is provided to the endpoint depends on the service and endpoint type:

  • Cisco endpoints

    • for Pexip Infinity, OTJ pushes the meeting information to the endpoint using the endpoint's API

    • for Pexip Service, OTJ works via an individual macro that you create in Pexip Control Center and install on each endpoint.

  • Poly endpoints

    • for Pexip Infinity, the endpoint connects to the OTJ service on a Conferencing Node and pulls the meeting information.

    • for the Pexip Service, the endpoint connects to the OTJ service and pulls the meeting information.

For this reason, you will need to reconfigure any endpoints used for One-Touch Join so that they obtain meeting information from the appropriate service as per the instructions below.

Cisco endpoints

To migrate Cisco endpoints to use One-Touch Join on the Pexip Service, you should first remove the endpoint from the Pexip Infinity deployment and then enable it for use on the Pexip Service.

To remove the endpoint from Infinity:

  1. From the Pexip Infinity Administrator interface, go to One-Touch Join > OTJ Endpoints.

  2. Select the endpoints to remove, and then from the Action drop-down select Delete selected OTJ Endpoints.

Then to enable the endpoint for One-Touch Join on the Pexip Service, follow the steps in Enabling OTJ on Cisco endpoints.

Repeat the process for every endpoint you wish to migrate.

Poly endpoints

To migrate Poly endpoints to use One-Touch Join on the Pexip Service, you must associate the endpoint with a mailbox in PCC and create credentials for it, and then configure the endpoint with the credentials.

Full details of how to do this are given in Enabling OTJ on Poly endpoints.