John Miller / / Categories: Best Practices, Technical View, Microsoft Teams, E911, Microsoft Teams Calling

Dynamic 911 with Teams - Lessons Learned

Introduction

Over the past few months, Enabling Technologies has helped our customers deploy Teams Dynamic 911 and to get ready for Teams Dynamic 911 for Work from Home. Over that time, we have learned quite a bit more about the “Art” of deploying this functionality and developed some best practices that we recommend to our customers.

Following are three (3) of these lessons:

    1. Best use of the “Description” and “Organization Name” fields in the Teams Emergency Addresses
    2. Deploying Teams Emergency Calling Policies dynamically
    3. Add “Switch” and “Port” Network element records to Teams

Lesson 1. Description and Organization Name fields

Background

    • Microsoft has recently changed how the fields for the “Emergency Addresses” in the Teams Admin Center are displayed
    • The “Description” field is displayed first and the “Organization Name” last
      911less1
    • The “Organization Name” is passed on to the Public Safety Answering Point (PSAP) and the first responders
    • The information in the “Description” field is not passed on
    • The default value for the “Organization Name” field is pulled from the name provided when a Microsoft 365 tenant is created. It may not be the Company Name used at the Emergency Address’s actual location. In other words, it may not be the name on the “Front of the Building,” nor the name used in the Building Directory, or the name known to the security desk personnel in a multi-tenant building.

Recommendation

    • Think about the information that would be provided to the PSAP and first responders should someone call emergency services from each of your Company’s buildings
    • The “Description” and “Organization Name” fields do not require unique values. Every one of your “Emergency Addresses” can have the same value for “Organization Name”
    • For purposes of sorting and listing the “Emergency Addresses” by “Organization Name” and clarity, consider making sure that each “Organization Name” is unique
    • Place the name that is used for each building “at the building” in the Organization Name field. It should begin with the Company Name that the Emergency Responders will look for and need to be able to find when they arrive on the scene
    • If the Organization Name is “Enabling Technologies Corp” but is referred to as “ETC” at the location on “10 Main Street, Anywhere, US 11111”, then use “ETC” as the Organization name for that “Emergency Address” record
    • Some examples of “Organization Names” for Enabling’s buildings might be:
      • Enabling Technologies – HQ
      • ETC – Support Center
      • ETC - Sales
    • Use the “Description” field to help you clearly, uniquely, and unambiguously identify the building for your users and System Administrators
    • When assigning Calling Plan numbers to users, you can search for a location based on the Description of the Emergency Address
    • Use the names used for the buildings as they are known to your personnel in the Description field. Your users might refer to the Headquarters building as “Estero” or “The Murphy Building” or the “Tower”. Use the vernacular your users are used to in the “Description” field
    • Use the same naming logic when setting up records for Automatic Line Identification (ALI) with the Emergency Response Service Providers (ERSP) and similar services when using Teams Direct Routing

911less2

Lesson 2. Dynamically Assigned Emergency Calling Policies

Background

    • Teams Emergency Calling Policies are needed to provide compliance with the second tenet of Kari’s Law. This is the section that requires a notification be sent to a location where someone is likely to see or hear the notification
    • The intent of the notification is to facilitate entry to a Company’s facility by first responders and to assist them in getting to the location of an emergency services caller
    • These policies apply to both Teams Calling Plan and Teams Direct Routing users
    • Additional information on Kari’s Law as it relates to Teams Dynamic 911 can be found in an earlier article in this series
    • From working with several customers, it has become clear that if a Company has Teams Voice Users in more than one (1) building, the Emergency Calling Policy should be assigned to the user based on the building that they are currently located. In other words, the assignment of the Emergency Calling Policy should be dynamic and not static. There are some cases where a static assignment of an Emergency Calling Policy is appropriate

Policy Assignment

    • There are three (3) ways an Emergency Calling Policy is applied to Teams users:
      1. Global (Default) – This assignment has the lowest priority. The Global policy will be assigned to users who do not get a policy through site level or direct assignment. This policy is static in nature. It does not change for the user even if the user is working from different buildings on the Corporate Campus
      2. Site Level – This policy is assigned dynamically based on the building in which the Teams endpoint is currently signed in. If you are signed into the Headquarters building, you will get the policy specific to the Headquarters building. If you are in the Warehouse, you will get the Warehouse’s policy. This policy is dynamic in nature. This takes priority over the Global policy but would be superseded by a directly assigned user level policy. These policies are associated with a defined Tenant Network Site. Please see the earlier article in this series on Scoping Teams Emergency Policies
      3. User Level – These policies are assigned directly to the user. They are static in nature. The user will use the same policy in all Company buildings. If assigned to a user, it has the highest priority and will be the effective policy for the user

Why should Emergency Calling Policies be dynamically assigned?

    • This boils down to two (2) simple questions:
      1. Does the Company have Teams users working in more than one Company building?
      2. If the answer to the first question is yes, will the same parties be notified if someone places a call to emergency services from any of these buildings?
    • If you answered “Yes” to the first and “No” to the second, you would need to dynamically assign the Emergency Calling Policy to your users
    • If you have a single building, you probably don’t need more than one Emergency Calling Policy and can use the Global (Default) policy
    • Customers with multiple buildings should create:
      • Teams Tenant Trusted IP Addresses
      • Teams Tenant Network Regions
      • Teams Tenant Network Sites
      • Teams Tenant Network Subnets
    • It is a best practice to have a Tenant Network Site for each of a Company’s buildings. Yes, you could consolidate several buildings into a single Tenant Network Site, but at some point, in the future, there is a good chance that it will come back to haunt you!
    • Tenant Network Sites for each building will allow you to associate building specific Emergency Calling Policies with each building
    • Presuming that each building has a specific set of parties to be notified when an emergency services call is made in the building, having a policy for each building becomes an obvious design decision
    • There will be some cases where there could be separate notification parties for the same building. The Boeing Everett Production facility is where the 747, 767, 777 and 787 airliners are built. The manufacturing building covers 98.3 acres and is over 1 km long x ½ km wide. It is very likely that for a building this size, there are multiple notification parties for different sections of the building. Using Multiple Tenant Network Sites and Emergency Calling Policies for this single building would be appropriate

How are Emergency Calling Policies applied to Work from Home and other externally connected users?

    • The notification tenet of Kari’s Law does not directly address these users
    • Common sense suggests that the notification requirement does not apply to these users. It is highly unlikely that there would be any Corporate personnel who could “facilitate building entry” to a location not owned by the Company such as a user’s home
    • If you have configured your environment to use dynamically assigned policies, your users working from home or other outside locations would use the Global (Default) Emergency Calling Policy
    • In some cases, the Corporate Human Resources personnel may want to be notified when an employee dials emergency services. If this is a requirement, add these personnel to the notification targets for all your policies, even the Global (Default). The Human Resources personnel will likely want to know about these calls whether an employee is on or off site

Lesson 3: Documenting Network Switches and Ports and their assigned Locations

    • Some Companies will have to use the Teams Location Information System (LIS) Network Switches or Ports network elements to derive locations for user’s placing calls to emergency services
    • These Companies are compelled to use these, instead of the Subnets or Wireless Access Points (WAPs) because the Company’s business dynamic 911 rules dictate that locations must be specific down to the office or cube number
    • In some cases, the dynamic 911 rules may require precision to the floor but due to how the networks and subnets are setup, the Switches or Ports still would needed be used to satisfy this requirement
      • Consider a customer who occupies three (3) non-contiguous floors in a multi-tenant building 
      • They have a single IP subnet in use on all three (3) floors. They also have a second subnet for their Conference Room equipment 
      • Devices are connected to network switches dedicated to each floor. The Conference Room equipment, which is on each floor, is cross connected to a common network switch 
      • They wanted to use floor level precision for their devices 
      • To meet the requirement, the floor level locations were assigned to the switches on each floor 
      • The floor level locations were assigned to the ports on the common Conference Room switch individually
    • For some Companies, implementing dynamic 911 and having to use the network Ports to determine a location can be a major undertaking
    • It is common for Companies to not have accurate (or any) documentation detailing the switch port that a specific network jack is connected to
    • If you are in this situation, you are going to have to map this out. This will be, almost without exception, a manual process with a significant requirement for manpower

Defining Teams Locations for Network Switch Ports

    1. Verify that your network switches can provide Link Layer Discovery Protocol – Media Endpoint Discovery (LLDP-MED) information to your Teams endpoints and to turn it on
      • LLDP-MED is a vendor neutral protocol that is like the well-known Cisco Discovery Protocol (CDP)
      • It appears that the IEEE first wrote about it in 2009
      • Microsoft Teams clients “listen” for LLDP-MED information and can use it to derive a dynamic 911 location
      • Most business class network switches manufactured in the last ten (10) years should support this protocol. My Netgear ProSAFE non-business class switch doesn’t while my Cisco 2960 does
      • In most cases, it will be turned off by default
      • Check with the vendor to see if your switch supports it and how to turn it on
    2. Discover the format of the LLDP-MED Chassis ID and Port information from the switches being presented to the Teams endpoints
      • You should get a sample of this information from an example of every switch in your network. It is worthwhile to do this even if you have different models of switch from the same vendor
      • Different versions of firmware on the same model of switch could produce differently formatted LLDP-MED information. It would be a good idea to spot check identical switches with different levels of firmware
      • You may find this information in the manuals for the switch
      • Take a WireShark (or similar tool) network trace from your endpoints
        • Start a trace and let it run for a few minutes
        • Stop the trace and apply the filter “lldp” to the captured packets
        • In the example below, the switch was sending the LLDP information to the endpoint every thirty (30) seconds
        • The Chassis ID of the switch is “30:37:a6:33:f7:2a”
        • The Port ID is “Gi0/42”
911less3
    • Use the PSDiscoveryProtocol Windows PowerShell Module
      • Download and Install the module on a Teams endpoint
      • Open an Administrator level PowerShell Session
      • Run the command:
        • Invoke-DiscoveryProtocolCapture -Type LLDP | Get-DiscoveryData
        • The Chassis ID of the switch is “3037a633f72a”
        • The Port ID is “Gi0/42”

911less43

     3. Create an Excel table, database table, etc. to capture the required information

911less5

    4. Capture the required information for all locations. There may be some network testing tools that could aid in      the process. This will require a lot of time and manpower to get an accurate map

    5. Once you have the map, make a rule for your network administrators that they should never move a cable to      another switch port without accurately documenting it. It might be a good idea to require a Change Control for        these types of moves
    6. Add all required Emergency Addresses and Places to Teams. You will need a Place\Location record for each          individual office. Use PowerShell to load the Places into Teams
    7. Add several test Port records to Teams
      • The Ports can be added through the Teams Admin Center
        • You cannot use the “/” character in the Port field in the Admin Center
        • While the hyphen “-“ will work, the information from the LLDP-MED, “Gi0/42” will not match “Gi0-42”
      • In Teams PowerShell, use the Set-CsOnlineLISPort command to add new records
        • You will need the Location ID corresponding to the office that is connected to the Port
        • The ChassisID can be added in any of these formats
          • “3037a633f72a”
          • “30:37:a6:33:f7:2a”
          • “30-37-a6-33-f7-2a”
          • The PowerShell command will permit the “/” character in the “Port” attribute
   8. In the Teams client, go to Settings->Calls and scroll down to verify that the Teams client is able to derive an           accurate dynamic 911 location based on its Port. If it doesn’t, you will have to perform some “trial and error”              methodology to determine a format that will work.

911less6

     9. Add the rest of the Port records to Teams through PowerShell

 

A Tip from Experience

  • Several years ago, I managed a relocation of the Company I was working for
  • After the architect designed the space, we reviewed the blueprints and verified\specified the locations of voice and data jacks
  • Every room on the blueprint had a room number defined by the architect
  • With the blueprints in hand, we put the cabling job out to bid
  • Some of the requirements we had for the job were:
    • All runs should be labeled with an identifier for the jack on the wall and an identifier for the patch panel in the wiring closet
    • The jack identifier included the room number from the blueprint. We were able to look at the blueprint and see every jack that we needed to be installed
    • Full CAT 5 testing was to be performed on every run and the vendor was required to provide the results to us
  • The vendor put multiple identical labels on every cable run spacing them every ten (10) to twenty (20) feet
  • In addition to knowing that all the runs tested good, we ended up with a list that mapped each of the network jacks in the offices to a port on one of the patch panels in the wiring closet
  • Using this information, we added the switch and port that each of the patch panel connections was connected to. We ended up with a list that we could have used for Teams dynamic 911

Suggestions

  • See if your network administrators or facilities personnel have similar documentation from when the office space was built out
  • If you have this information, you can follow the patch cord from the patch panel to the network switches and create a table showing the port on the patch panel and the switch port it was connected to and merge it with the wiring inventory. The combination of the lists would result in your having a mapping of network switch ports to office locations
  • This will save you from creating the inventory by physically visiting every network jack in your space
  • If your wiring closet looks like this, now would be a good time to pull all the patch cords out, rewire and document as you go:

911less7.png

  • Bottom line:
    • Try to track down accurate blueprints for your office space
    • See if you have an inventory from the network wiring contractor of the runs that they installed
    • Look at the back of your wireframe and the patch panels. See if there are labels on them and if the information corresponds to your office numbering scheme. If you don’t have the wiring inventory, the labels may still be helpful

Summary

  • Lesson 1:
    • Use the “Description” and “Organization Name” fields in the Teams Emergency Addresses to provide the first responders with information that will help them respond to an emergency location quickly
    • Use the “Description” field to clearly identify the buildings for your administrators when assigning Calling Plan phone numbers to users and when setting up ALIs for Direct Routing users
  • Lesson 2:
    • If you have more than one building or more than one emergency services notification “entity” in your Company, use the Teams Network Topology information to dynamically assign the Emergency Calling Policies to users
  • Lesson 3:
    • If you need to use the “Ports” network element to derive a user’s dynamic 911 location, it will be a painful but not impossible task to gather the needed documentation. The good news is once you have it, it’s easy to load tens of thousands of Port records into Teams through PowerShell

Register for our blog updates for deep dive implementation and general informational blogs.

 

 

Work with our team of Cloud Computing Consultants who have done this so many times they know all of the “minefields” to prevent missteps.

ref:_00D80KtFf._5000y1WwWQD:ref