MCE Standalone Configuration

MCE standalone overview#

MCE can be configured to run independently without the need for a Skype for Business (SfB) Topology. Running MCE as standalone currently requires HTTP header based authentication using the user's linked identity.

As Skype for Business and Communities of Interest are disabled via the Management Center, running MCE standalone will disable the integration of third-party attribute servers. Consequently, security contexts must be added using Active Directory OUs or Groups. The settings for synchronizing these attributes are included in the advanced debug keys below. Please refer to the PowerShell Management section for more information on how to manage the MCE deployment, including how to add security contexts and users.

For all other configurations see MCE Configurations.

Management center configuration#

You must configure a standalone MindLink Anywhere installation before configuring the MCE system. Your must disable the following in your Management Center configuration:

In the Skype for Business configuration, you must fill out required settings with dummy values. This means that you can enter any values that the Management Center considers valid input. These values will not be used by MCE but are required as the Management Center’s validation process does not yet support MCE standalone. The rest of the settings in the Management Center can be configured to the user's requirements following the Anywhere Management Center guide.

The configuration of MCE relies upon the advanced configuration section of the Management Center:

Required configuration#

Once a MindLink Anywhere installation is deployed, the following configuration will host a MCE standalone configuration on a single machine:

KeyValueDescription
global.service.modulesWeb,Mce,MceAdminEnables Web, MCE and the MCE administration services respectively.
debug.mce.clientenabledtrueEnables the MCE connector for Web, overridden to true when the "MceAdmin" module is enabled.
debug.mce.databaseconnectionstringServer=\<ServerName>\<ServerInstance>;
Database=\<DatabaseName>;Integrated Security=true
Specifies the database connection for all MCE operations, including cluster membership.
debug.mce.file.server.path.\<mce file server identifier>C:\mce\filesThe path to where file uploads should be stored when the specified \<file server identifier> is configured as the active file server, this should be a network path accessible to all MLA hosts. This key allows for recording multiple file paths onto which files have been uploaded, the currently "active" path (onto which new files will be uploaded) can be switched with the debug.mce.file.server.activeid key
debug.mce.file.server.activeidmcefileserver1The desired mce file server identifier, defined via using the debug.mce.file.server.path.\<mce file server identifier> debug flag
debug.mce.clusteridmceSpecifies the identity of the cluster.
debug.mce.clusteraddressmce.company.comSpecifies the DNS name of the cluster, this is used for certificate
debug.mce.trustedaddressesmce.company.comA comma-separated list of subject names that are trusted. One or more SANs in the certificate used to connect to the cluster must appear in this list.
debug.connector.types.enabledmceSpecifies the enabled connectors, accepted values are "mce" and "ucma". MCE is required for a standalone deployment with the omission of UCMA.
debug.connector.mce.groupsecuritycontextrequiredtrueEnforces that a security context must be specified when creating a group
debug.connector.mce.groupclassificationrequiredfalseEnforces that a classification must be specified when creating a group
debug.mceadmin.validissuersADSpecifies the issuers that can be used to specify COI attributes. Value AD = Active Directory. Alternatively, the value for your third-party attribute service can be used.
debug.mceadmin.coreuserattributeissuerADSpecifies the attribute issuer to use as the linked user identity.
debug.mceadmin.coreuserattributenamemsRTCSIP-PrimaryUserAddressSpecifies the attribute to synchronize as the linked user identity.
debug.mce.user.attribute.name.emailaddressmailThe AD attribute name for the email address.
debug.mce.user.attribute.name.displaynamedisplayNameThe AD attribute name for the display name.
debug.mceadmin.synchronization.activedirectory.reminderintervalminutes240Specifies the reminder interval, in minutes, for synchronizing the Active Directory attributes. We recommend a value between 4-6 hours.
debug.mceadmin.synchronization.attributeprovider.reminderintervalminutes240Specifies the reminder interval, in minutes, for synchronizing the user attribute provider attributes. We recommend a value between 4-6 hours.
debug.mceadmin.synchronization.activedirectory.propertiess, st, displayName, distinguishedName, mail, msRTCSIP-PrimaryUserAddressSpecifies the active directory properties to synchronize for users (ensure the distinguished name and primary user address are synchronized). Only string type AD properties are supported.
debug.mceadmin.synchronization.activedirectory.groupsandous.enabledtrueEnables Active Directory Groups and OUs for synchronization.
debug.mceadmin.admin.upnuser@domain.comThe UPN of an administrator account, used to connect with the Powershell and manage MCE.

Optional configuration#

KeyValueDescription
debug.mce.fileupload.disabledtrueDisabled file upload functionality in MCE groups
debug.mce.clustercertificatethumbprintABCD...0123Specifies the certificate thumbprint of a certificate in the Windows Machine Certificate Store to use to secure TLS communication between the cluster nodes
debug.mce.orleansdashboard.enabledtrueEnables the monitoring dashboard for the MCE cluster
debug.mce.orleansdashboard.port8033Specifies the port to host the monitoring dashboard over HTTP
debug.mce.endpoint.advertisedipaddress127.0.0.1Specifies the IP address this cluster node can be reached on from other cluster nodes
debug.mce.endpoint.gatewayport30000Specifies the port this cluster node will accept client connections on
debug.mce.endpoint.siloport11111Specifies the port this cluster node will accept peer cluster node connections on
debug.mceadmin.admin.attributecois=AdminsThe security attribute name=value of administrator accounts
debug.mceadmin.admin.adgroupCN=MceAdministrators, DN=Groups, DC=company, DC=comThe Active Directory distinguished name of a Security Group for administrator accounts
debug.mceadmin.admin.tokenexpirationminutes15The number of minutes an administrator access token is valid
debug.mce.management.group.name.duplicationscopeNoneThe scope of validation against group name duplication. Can be "Global", "SecurityContext", "SecurityContextAndClassification", or "None". Will default to "None" if not provided.