Jabber Design

1 Cisco Jabber
Jabber overview
Cisco Jabber integrates a wide array of communications applications and services into a single desktop
computer application. It provides access to a variety of communications tools, including voice-mail (Cisco
Unity Connection), video (engine based on Cisco Movi Precision video engine), web conferencing (Cisco
Webex), call management (Unified CM), directories (LDAP), and presence (Unified Presence)
information.
Cisco Jabber operates in Desk Phone (CTI control of the users desk phone for Click to Call) and Soft
Phone (software client operation) modes, and is supported on Apple Macintosh and Microsoft Windows
platforms. There are also mobile clients available on iOS(iPhone, iPad), Android and BlackBerry.
Jabber offers the following key features and benefits for the end-users:
Instant Message/Chat over XMPP including:

o Rich text formatting
o File transfer
o Screen capture
o Group chat
o Emoticons
Desk phone control
Software phone calling
High definition video
Video desktop sharing
Visual voicemail
WebEx Integration
Exchange Calendaring Integration
Microsoft Office integration
Directory integration
Click to Call Functionality support for Microsoft Applications
Cisco Jabber for mobile clients includes:
Instant Message/Chat over XMPP

Software phone calling
Visual voicemail
WebEx Integration
Figure below shows the components that make up the Jabber solution.
Figure 1
Jabber Components
UCM LDAP Directory

The integration is accomplished by means of the following two separate processes:
LDAP synchronization
o Synchronization of Unified CM with a corporate LDAP directory allows reuse of
user data stored in the LDAP directory and allows the corporate LDAP directory
to serve as the central repository for that information. Unified CM has an
integrated database for storing user data and a web interface within Unified CM
Administration for creating and managing user data in that database. When
synchronization is enabled, that local database is still used, but the Unified CM
facility to create user accounts becomes disabled
LDAP authentication
o This process enables the IMS library to authenticate user credentials against a
corporate LDAP directory. When this feature is enabled, End User passwords are
authenticated against the corporate directory, while Application User passwords
are still authenticated locally against the Cisco Unified Cisco Unified
Communications Manager database. Cisco Extension Mobility PINs are also still
authenticated locally.
1.2.1 LDAP System Configuration

Administrators use this window to enable LDAP synchronization and to set up the LDAP server
type and the LDAP attribute name for the user ID.
After an LDAP Directory configuration for the DirSync service gets created or the LDAP user
authentication is enabled, the settings in the LDAP System window become read-only.
The Active Directory sAMAccountName attribute will be used for the User ID synchronization.
This will provide the user to a similar experience to working with their domain login credentials.
Table 1 LDAP System Settings
Parameter
Value
Enable Synchronizing from LDAP Server

LDAP Server Type
LDAP Attribute for User ID
Yes (Checked)
Microsoft Active Directory
sAMAccountName
This section will outline the design and implementation of the Cisco Jabber solution and
Collaboration edge Mobile and Remote Access (MRA), including IM/P, Expressway and Cisco
Jabber.
Home Depot requirements around enrolling Cisco Jabber as a product are on 2 fronts
1. Jabber in Phone-only mode
a. Jabber phone-only mode does not rely or even need the IM/P servers or its services. The
Jabber devices register directly to the UCM and can be used to either control a users IP
Phone on the desk (deskphone-control mode) or can work as an independent phone
client (softphone mode).
2. Jabber in Full-UC mode
Table 2 Voicemail UC service

Install Mode
Jabber Full UC
Jabber Phone mode
Standards based Instant Messaging and Presence
User managed Contact list with groups
Directory search (Active Directory/LDAP)
MS Outlook Contact search
Soft phone Standards based Voice and Video Calling
Commented [PK(1]: To be updated
Jabber Full UC
Jabber Phone mode
Desk Phone Control
Install Mode
Desk phone Control with video support
Extend and Connect 3rd party PBX/PSTN phone control
Video Desktop Sharing (BFCP Standards based)
Visual Voicemail (Unity Connection)
Call History
WebEx Meetings Integration
(incl support for Outlook, Notes, Google)
Admin/User defined custom DHTML Tabs
Microsoft Office Integration (Office 2007/2010)
Both of these modes are supported on the Enterprise segment as well as when Jabber clients
register over the MRA architecture. Given that we have UCM v10.5 deployed, the IM/P portion
will be designed on separate servers that are specifically deployed as IM/P nodes and run the
IM/P services. As a client. Jabber will be deployed over Windows/MAC and mobile devices
running iOS and Android Operating System.
Irrespective of the phone modes mentioned above following are the common design criteria
1. DNS SRV (DNS Service Record) records are used for automatic discovery of the UC servers and
the different services.
2. AD (Active Directory) attribute modification is required to enable Presence in Office applications
3. Cisco Jabber Client retrieve contact photo from AD thumbnailPhoto field, which needs to be preloaded into AD. That is Home Depots responsibility to provide photo standards, employee photo
will be updated by AD support team.
4. User Search - There are three options: EDI, BDI, and UDS
a. EDI Enhanced Directory Integration requires no configuration by default. If you install
the Cisco Jabber for Windows on a workstation that is registered to an Active Directory
domain, Cisco Jabber for Windows automatically discovers the directory service and
connects to a Global Catalog in the domain.
b. BDI Basic Directory Integration is an LDAP-based contact source for Android, iPhone,
Mac, iOS integration and will be utilized for these devices
c. UDS User Data Service is an interface in Cisco Unified Communications Manager that
makes contact information available to Cisco Jabber for VPN-less connectivity through
Expressway-Edge server and is the only option available when users connect using the
Cisco MRA solution.
5. Cisco Jabber Integration with Unity Connection
a. Cisco Unity Connection provides Cisco Jabber users with the ability to view, play, sort,
and delete voicemail messages.
6. Cisco recommends converting all phone numbers be reformatted in AD to +E.164 format, with the
exception of the Internal Dial Plan phone number (700xxxxyyyyy) .
a. Regarding contact number display, Jabber is just the passive receiving end, as long as
those four AD attributes got populated with expected format, Jabber will display it in
contacts information. Note that any extra formatting (dashes) will automatically be
stripped out when presented in Jabber.
7. Application Dial Rules will be implemented as Home Depot desires Jabber to be able to dial 10digit local or 11-digit Long Distance PSTN calls.
Cisco Jabber Voice Architecture

1.3.1 Jabber and CUCM
At initial login, Jabber downloads its configuration profile from the Cisco Presence server via
AXL SOAP. The configuration file contains the primary and backup TFTP addresses of the
CUCM cluster.
When configured as Softphone, Jabber will download its configuration file from CUCM. In
Softphone mode, the Jabber is created in the CUCM DB as a SIP CSF device type endpoint.
Similarly to an IP-Phone, the configuration file downloaded from the CUCM TFTP contains the
list CUCM primary and failover server addresses and the transport protocol for Jabber to use in
softphone mode to connect to CUCM. This list is based on the Device Pool of the CSF defined
on the CUCM.
The client will receive services information via the service profile configured under the enduser
configuration in CUCM and gets downloaded from the CUCM TFTP services. With those UC
services now available from the TFTP download the Jabber client will now connect to the CUCM
CTI Managers, to take control of its IP-Phone when using the DeskPhone mode.
The Jabber client speaks native QBE with the CUCM CTI Manager, and thus there is no need to
load TSP or JTAPI plugin on the PC.
If the CTI connection to CUCM is lost while Jabber is operating in desk phone mode, the
application tries to re-establish the connection to the primary and then to the backup servers.
Connection attempts continue on a round-robin basis, beginning again with the primary server.
Successive attempts to reconnect to a server occur at intervals of 4, 8, 16, 32, and 60 seconds
(maximum) until a connection is re-established.
1.3.2 Jabber and Cisco Unity Connection Voicemail

Jabber can retrieve, listen, and delete Voicemail stored on the CUC virtual servers via IMAP, or
securely via TLS.
The IP addresses and TLS settings are learned from the users CUCM Service Profile in 10.x
which has the voicemail server defined. Also the Jabber client user can simply dial voice-mail
from the client to interact with the voice messaging system.
Home Depot does use Cisco Unity Connection voicemail and will be using the visual voicemail
feature in the Jabber client.
CUCM Configuration for Jabber Voice

1.4.1 UC Service profiles for Jabber client
All the UC services like LDAP, Voicemail, CTI, etc are now configured on CUCM and assigned
to the end user in CUCM. Under UC Service, configure the following services for Cisco Jabber
Voicemail feature.
1.4.2 UC Service
The UC services that can be given to a user are as follows:
1.
2.
3.
4.
5.
Voicemail
Mailstore (not deployed in Home Depot)
Conferencing (not deployed in Home Depot)
IM and Presence
CTI
There will be 2 service profiles created, one for the Phone-only mode deployment and another
for Full-UC mode deployment. Typically the only difference in the Service profiles will be the use
of IM and Presence services between these 2 deployment methods.
1.4.2.1 Voicemail UC Service

Table 3 Voicemail UC service
Configuration Parameter
Value
Product Type
Unity Connection
Name
VM_SVC
Description
Voicemail Service
Hostname/IP Address
atl-nsv-cuc01.homedepot.com
Port
443
Protocol
HTTPS
Name
VM_SVC2
Description
Voicemail Service
Hostname/IP Address
aus-nsv-cuc01.homedepot.com
Port
443
Protocol
HTTPS
1.4.2.2 Mailstore
This service is not designed for or implemented in Home Depot environment.
1.4.2.3 Conferencing Server

This service is not designed for or implemented in Home Depot environment.
1.4.2.4 CTI UC Service

For CTI access to devices users need access to a CTI server. We can configure multiple CTI
servers for redundancy.
Table 4 CTI UC Service
Configuration
Value
Product Type
CTI
Name
CTI_SVC
Description
CTI Service
Hostname/IP Address
atl-nsv-cucm-services01.homedepot.com
Port
2748
Product Type
TCP
Name
CTI_SVC2
Description
CTI Service
Hostname/IP Address
aus-nsv-cucm-services01.homedepot.com
Port
2748
Protocol
TCP
1.4.2.5 Directory UC Service

Table 5 Directory UC Service
Configuration
Value
Product Type
Directory
Name
DIR_SVC
Description
Directory Service
Hostname/IP Address
atl-nsv-cucm-services01.homedepot.com
Port
389
Protocol
TCP
Name
DIR_SVC
Description
Directory Service
Hostname/IP Address
aus-nsv-cucm-services01.homedepot.com
Port
389
Protocol
TCP
Name
GC-Amer
Description
Global Catalog
Hostname/IP Address
amer-gc.amer.homedepot.com
Port
3269
Protocol
TCP
1.4.2.1 IM and Presence UC service

This UC service is only applicable in Full-UC mode. Phone-only Mode users do not have this
service applied through their service profile
Table 6 IMP Server Service

Configuration
Value
Product Type
IM and Presence
Name
IMP_SVC_Primary
Description
CUCM IMP Service
Hostname/IP Address
atl-nsv-cups01.homedepot.com
Name
IMP_SVC_Secondary
Description
CUCM IMP Service
Hostname/IP Address
aus-nsv-cups01.homedepot.com
1.4.3 Service Profiles

UC services are assigned to users via service profile. There will be 2 service profiles created,
one for Phone-only mode and another for Full-UC mode. Home Depot will decide and
communicate the assignments for their users and then these profiles will be assigned
accordingly on the End-User page.
1.4.3.1 Phone-Only mode UC Service profile

Following Service profile is created for the Phone-only mode deployment of Jabber at
Home Depot. This is set as the default profile in Home Depot as there will be large number
of users who would need this functionality as compared against Full UC mode.
Table 7
UC Service Profile Phone-Only mode
Configuration
Value
Name
THD-Service Profile-PhoneMode
Description
THD-PhoneMode profile
Make this the default service profile for the

system
Checked
Voicemail Profile
Primary
VM_SVC
Secondary
VM_SVC
Tertiary
<None>
Credential source for voicemail service
Unified CM IM and Presence
Mailstore Profile
Primary
<None>
Secondary
<None>
Tertiary
<None>
Conferencing Profile
Primary
<None>
Secondary
<None>
Tertiary
<None>
Directory Profile
Primary
<None>
Secondary
<None>
Tertiary
<None>
Use UDS for Contact Resolution
Unchecked
Use Logged On User Credential
Unchecked
Username
N/A
Password
N/A
Search Base 1
N/A
Search Base 2
N/A
Search Base 3
N/A
Recursive Search on All Search Bases
Checked
Search Timeout (seconds)Required Field
Base Filter (Only used for Advance

Directory)
N/A
Predictive Search Filter (Only used for

Advance Directory)
N/A
IM and Presence Profile

Primary
<None>
Secondary
<None>
Tertiary
<None>
CTI Profile
Primary
CTI_SVC
Secondary
CTI_SVC2
Configuration
Value
Tertiary
<None>
1.4.3.1 Full-UC mode UC Service profile

Following Service profile is created for the Full-UC mode deployment of Jabber at Home
Depot and will be applied on a case-case basis only to specific users as identified.
Table 8
UC Service Profile Full-UC mode
Configuration
Value
Name
THD-Service Profile-FullMode
Description
THD-FullUC profile
Make this the default service profile for the

system
Unchecked
Voicemail Profile
Primary
VM_SVC
Secondary
VM_SVC
Tertiary
<None>
Credential source for voicemail service
Unified CM IM and Presence
Mailstore Profile
Primary
<None>
Secondary
<None>
Tertiary
<None>
Conferencing Profile
Primary
<None>
Secondary
<None>
Tertiary
<None>
Directory Profile
Primary
<None>
Secondary
<None>
Tertiary
<None>
Use UDS for Contact Resolution
Unchecked
Use Logged On User Credential
Unchecked
Username
N/A
Password
N/A
Search Base 1
N/A
Search Base 2
N/A
Search Base 3
N/A
Recursive Search on All Search Bases
Checked
Search Timeout (seconds)Required Field
Base Filter (Only used for Advance

Directory)
N/A
Predictive Search Filter (Only used for

Advance Directory)
N/A
IM and Presence Profile

Primary
IMP_SVC_Primary
Secondary
IMP_SVC_Secondary
Tertiary
<None>
CTI Profile
Primary
CTI_SVC
Secondary
CTI_SVC2
Configuration
Value
Tertiary
<None>
Cisco Jabber Configuration

To enable Cisco Jabber Voice and Video feature, Cisco Jabber device must to be added to
UCM as soft phone device. Different Cisco Jabber platform requires corresponding Phone type
and Device name, below table provides the details.
Table 9 Cisco Jabber Platform and associated device name
Cisco Jabber Platform
Phone Type
Device Name
Windows
Cisco Unified Client Services

Framework
CSF<Userid>
MAC
Cisco Unified Client Services

Framework
CSF<Userid>
iPhone
Cisco Dual Mode for iPhone
TCT<Userid>
iPad
Cisco Jabber for Tablet
TAB<Userid>
Android
Cisco Dual Mode for Android
BOT<Userid>
The below table will use Cisco Jabber CSF as the example to demonstrate the parameters
needed to register a Cisco Jabber CSF device.
Table 10
Cisco Jabber Client Configuration
Configuration Data
Value
Phone Type
Cisco Unified Client Services Framework
Device Name
CSF<userid> (ex. CSFIOB01)
Description
Firstname Lastname CSF
Device Pool
DP-<sitecode>
Phone Button Template
Standard Client Services Framework
Common Phone Profile
Standard Common Phone Profile
Calling Search Space
CSS-Device-<sitecode>
Location
LOC-<sitecode>
Primary Phone
Owner User ID
Select appropriate userid (ex.iob01)
Allow Control of Device from CTI
Checked
Presence Group
Standard Presence Group
Device Security Profile
Cisco Unified Services Framework
Configuration Data
Value
Standard SIP
SUBSCRIBE Calling Search Space
<none>
SIP Profile
Standard SIP Profile for Jabber
Checked
Video Calling
Enabled
Line [1] Directory Number
Shared Line with HW Phone
Line [1] Route Partition
Shared Line with HW Phone
Line [1] Allow Control of Device from

CTI
Checked
Users Associated with Line
<userid> (ex. Jdoe)
Table 11
Cisco Jabber Client DN and User to Line Association
Directory Number
Associated Devices
Display Name
ASCII Display
700xxxxyyyyy
Userid (configure the UserID here)
CSFiob01
Firstname Lastname
Firstname Lastname
1.5.1 Jabber for iPhone

Table below shows the common parameters needed to register a Jabber for iPhone client as a
softphone.
Table 12 Jabber for iPhone configuration on UCM

Configuration Data
Value
Phone Type
Cisco Dual Mode for iPhone
Device Name
TCT<userid> (ex. TCTJDOE)
Device Pool
DP-<sitecode>
Standard Dual Mode for iPhone
Location
LOC-<sitecode>
Primary Phone
Owner User ID
Select appropriate userid (ex.iob01)
Checked
Configuration Data
Value
Presence Group
Cisco Dual Mode for iPhone Standard SIP Non-Secure Profile
SIP Profile
Standard SIP Profile for Mobile

Device
XXXXXXXXXX
XXXXXXXXXX
Line [1] Allow Control of Device

from CTI
Checked
Line [1] Presence Group
<userid> (ex. Jdoe)
1.5.2 Jabber for iPad

Table below shows the common parameters needed to register a Jabber for iPad client as a
softphone.
Table 13 Jabber for iPad configuration

Configuration Data
Value
Phone Type
Cisco Jabber for Tablet
Device Name
TAB<userid> (ex. TABJDOE)
Device Pool
DP-<sitecode>
Standard Jabber for Tablet
Location
LOC-<sitecode>
Primary Phone
Owner User ID
Select appropriate userid (example iob01)
Allow Control of Device from

CTI
Checked
Presence Group
Cisco Jabber for Tablet - Standard SIP

Non-Secure Profile
SIP Profile
Standard SIP Profile
Configuration Data
Value
XXXXXXXXXX
XXXXXXXXXX
Line [1] Allow Control of

Device from CTI
Checked
<userid> (ex. Jdoe)
1.5.3 Jabber for Android

Table below shows the common parameters needed to register a Jabber for Android client as a
softphone.
Table 14 Jabber for Android configuration
Configuration Data
Value
Phone Type
Cisco Dual Mode for Android
Device Name
BOT<userid> (ex. BOTJDOE)
Device Pool
XXXXXXXXXX
Standard Dual Mode for Android
Location
LOC-<sitecode>
Primary Phone
Owner User ID
Select appropriate userid (example -iob01)
Checked
Presence Group
Cisco Dual Mode for Android - Standard SIP NonSecure Profile
SIP Profile
Standard SIP Profile for Mobile Device
XXXXXXXXXX
XXXXXXXXXX
Line [1] Allow Control of Device

from CTI
Checked
1.5.4 End Users Cisco Jabber related configuration

Update the End-User with the following configurations and associate a user with the service
profile.
Keep all other values as what have already been set except the ones called out below.
Table 15
Cisco Jabber Clients with Hard phone Associations
Parameter
Value
UserID
userid
Service Settings
Home Cluster
Checked
Enable User for Unified CM IM and Presence

(Configure IM and Presence in the associated
UC Service Profile)
Unchecked
Include meeting information in presence
Unchecked
UC Service Profile
Use System Default (THD-Service Profile-PhoneMode)
Device Associations
SEPAABBCCDDEE01
CSFuserid
TCTuserid
TABuserid
BOTuserid
Primary Extension
700xxxxyyyy
User Groups
Standard CCM End Users

Standard CTI Allow Control of Phones supporting
Connected Xfer and conf
Standard CTI Enabled
1.5.5 Application Dial Rules

Home Depot has expressed a desire that their users would use 10-digit local calling or 11-digit
LD calling to PSTN from the Jabber clients. This is especially applicable for calling people in
their Personal Contact list in MS Outlook application or from a browser. Application dial rules
are implemented in Home Depot environment to achieve this 10-digit or 11-digit calls to PSTN.
The ipPhone attribute is in the correct format and will not use the ADRs in the directory are in a
format that can be directly dialed.
Table 16
Application Dial Rules Local Calls

Parameters
Value
Name
JabberX
Number begins with
Number of Digits
10
Total Digits to be removed
Prefix with Pattern
91
Where X = numbers 2 to 9
Table 17
Application Dial Rules LD Calls

Parameters
Value
Name
Jabber LD Calls
Number begins with
Number of Digits
11
Total Digits to be removed
Prefix with Pattern
1.5.6 Jabber Video Desktop Sharing Configuration

To configure video desktop sharing in version 9.x of CUCM the BFCP configuration element is
natively installed and does not require the install of a COP file.
Table 18
Enable BFCP Jabber SIP profile

Parameter
Value
Name
Standard SIP Profile for Jabber
Description
SIP profile for CSF devices
Allow Presentation Sharing using BFCP
Checked
The Jabber SIP Profile is a copy of the standard SIP profile with the above BFCP parameter
checked. All other parameters on this profile will remain as is. Assign this Jabber SIP profile to
SIP Trunk to CUPS and CSF devices created for Jabber
1.5.6.1 Jabber desktop video

There is no separate configuration required to enable video sharing on CSF devices. It is
enabled by default. For this feature, to work Home Depot users need to
1. be on active calls to user desktop sharing capabilities. Video desktop sharing sessions can be
initiated only from active calls.
2. enable video desktop sharing only on soft phone devices. Video desktop sharing cannot be
enabled on desk phone devices.
1.5.7 Cisco Jabber - Cisco Jabber-config.xml file

Home Depot has requested to disable certain features and functions on the Jabber clients. The
XML File is how Jabber customizes certain configuration elements and features. To achieve
this, certain values in the jabber-config file have been modified. Additionally to achieve LDAP
BDI integration to work for MAC/iOS/Android devices, certain values have been changed. Below
Cisco Jabber-config.xml file will be used to change default Cisco Jabber behavior.
---------------------------------------------------------------------------------------------------------------------<?xml version="1.0" encoding="utf-8"?>

<config version="1.0">
<Client>
<Persistent_Chat_Enabled>true</Persistent_Chat_Enabled>
<spell_check_enabled>true</spell_check_enabled>
<Location_Enabled>false</Location_Enabled>
</Client>
<Options>
<ShowOfflineContacts>false</ShowOfflineContacts>
<Location_Mode>DISABLED</Location_Mode>
</Options>
<Phone>
<EnableDSCPPacketMarking>true</EnableDSCPPacketMarking>
<EnableCallPark>false</EnableCallPark>
<MakeCallHotKey>CTRL+Alt+D</MakeCallHotKey>
</Phone>
<Policies>
<InitialPhoneSelection>deskphone</InitialPhoneSelection>
<File_Transfer_Enabled>false</File_Transfer_Enabled>
<Meetings_Enabled>false</Meetings_Enabled>
<TelemetryEnabled>false</TelemetryEnabled>
<CiscoTelProtocolPopupWindowEnabled>false</CiscoTelProtocolPopupWindowEnabled>
<ServicesDomainSsoEmailPrompt>OFF</ServicesDomainSsoEmailPrompt>
<CalendarIntegrationType>0</CalendarIntegrationType>
</Policies>
<Directory>
<PrimaryServerName>ldap.amer.homedepot.com</PrimaryServerName>
<BDIPrimaryServerName>ldap.amer.homedepot.com</BDIPrimaryServerName>
<ServerPort1>389</ServerPort1>
<BDIServerPort1>389</BDIServerPort1>
<BusinessPhone>ipphone</BusinessPhone>
<BDIBusinessPhone>ipphone</BDIBusinessPhone>
<SipUri>mail</SipUri>
<BDISipUri>mail</BDISipUri>
<SearchBase1>OU=THD Accounts,DC=amer,DC=homedepot,DC=com</SearchBase1>
<BDISearchBase1>OU=THD
Accounts,DC=amer,DC=homedepot,DC=com</BDISearchBase1>
<UseSIPURIToResolveContacts>true</UseSIPURIToResolveContacts>
<BDIUseSIPURIToResolveContacts>true</BDIUseSIPURIToResolveContacts>
<PhotoSource>thumbnailPhoto</PhotoSource>
<BDIPhotoSource>thumbnailPhoto</BDIPhotoSource>
<PresenceDomain>homedepot.com</PresenceDomain>
<BDIPresenceDomain>homedepot.com</BDIPresenceDomain>
</Directory>
</config>
----------------------------------------------------------------------------------------------------------------------
Current Versions / Devices Supported

The below table details the latest versions of the Jabber clients and the system requirements for
installing them on the respective platforms.
Table 19
Jabber Clients System requirements

Client
Current Versions
Jabber for Windows
11.0
System Requirements
Operating system
Microsoft Windows 10 (Desktop OS x86)
Medianet MSI and Deskphone Video capabilities are not
currently supported on Windows 10.
Microsoft Windows 8.x, 32 and 64 bit
Microsoft Windows 7 SP1 or later, 32 and 64 bit
Minimum CPU speed and type
Mobile AMD Sempron Processor 3600+ 2 GHz
Intel Core2 CPU T7400 at 2. 16 GHz
Intel Atom
Installed RAM
2-GB RAM (Windows 7 and Windows 8)
Free physical memory
128 MB
Disk space
256 MB
Graphics Processing
DirectX11 (Windows 7)
I/O ports
When using USB cameras and audio devices, USB 2.0
is required.
Jabber for iPhone and

iPad
11.0
iPhone 4s, 5, 5c, 5s, 6, and 6 Plus

iPad 2, iPad with Retina display (3rd and 4th
generation), iPad Air, iPad mini, or iPad mini with
Retina display, iPad Air 2, and iPad mini 3
iPod touch 5th generationiOS versions:
iOS 8.0 and later (public releases)
Jabber for Android

Device
Cisco DX
Device Model
70
80
Operating System
10.2.x version
10.2.x version
Client
HTC
Google Nexus
LG
Motorola
Samsung Galaxy
Sony Xperia
Huawei Ascend
Sonim
Xiaomi
Current Versions
650
One M7
One M8
One Max
5
6
7
9
10
G2
G3
Moto G
Note II
Note III
Note IV
Note Edge
Note Pro 12.2
Rugby Pro
SII
SIII
S4
S4 mini
S5
S5 mini
Tab 3 8-inch
S6
S6 Edge
Tab 4 7-inch, 8inch, and 10.1inch
Tab PRO 8.4-inch
and 10.1-inch
Tab S 8.4-inch &
10.5-inch
Note 10.1-inch
2014 Edition
M2
Z1
Z2
Z2 tablet
Z3
ZR/A
Z3 Tablet
Compact
G6
Mate 7
XP7
4
System Requirements
10.2.x version
Android OS 4.4.2 or later
Android OS 4.4 or later

Android OS 4.4.x
Android OS 4.4.4
Android OS 4.4.x
Jabber and Quality of Service

End-End QoS policies and strategic direction around desktop traffic marking needs to be
considered for future deployment beyond this pilot deployment of Jabber clients
1.7.1 QoS Policies in Microsoft Windows

UC clients receive the DSCP marking settings to use for Audio and Audio/Video calls from their
Cisco Unified Communication Manager (CUCM) when they register to the CUCM as a
(soft)phone client.
It marks with the values specified in Cisco Unified Communication Manager: The Client
Services Framework marks all signalling with a CS3 classification. The media associated with
audio-only calls is marked EF, and video calls are marked with a DSCP value of AF41 for both
audio and video.
This can be configured for following Microsoft OSs:
Windows XP: any user

Windows Vista: Administrator user with User Account Control off
Windows 7: Administrator user with User Account Control off
Windows 8: QoS Group policies can be applied to the workstation. You can create a
GPO which specifies the CSF application is allowed to mark traffic in specific port ranges.
Home Depot can configure group policies in Microsoft Windows so that Windows clients
automatically apply Differentiated Services Code Point (DSCP) values to media streams for
Cisco Jabber for Windows. The policies you configure should match the CiscoJabber.exe
application, the UDP protocol, and a source port range. In most cases, you should configure
one policy to apply DSCP values to the audio call port range and another policy to apply DSCP
values to the video call port range.
Personal computer traffic is typically untrusted, and the network will strip DSCP markings made
by an application from the PC unless the above items are implemented.
1.7.2 Port Ranges on Cisco Unified Communications Manager

Cisco Unified Communications Manager lets you define one port range for Cisco Jabber for
Windows. Cisco Jabber for Windows divides this port range equally and uses the lower half for
audio calls and the upper half for video calls. For example, you define a port range of 1000 to
3000 in Cisco Unified Communications Manager. Cisco Jabber for Windows uses a port range
of 1000 to 2000 for audio calls and a port range of 2000 to 3000 for video calls.
1.7.3 Allocation of video and media ports for Jabber

For CSF devices, you can specify a range of numbers available to be used for media ports in
the SIP profile of the device in Cisco Unified Communications Manager. Use the Start Media
Port and Stop Media Port fields to specify this range.
The audio port for SIP devices is allocated randomly in the first half of this range, and the video
port for SIP devices is allocated randomly in the second half of this range.
So, an audio only call will be in range 16384-24576 and if it is a video call it will be in range
24577-32767 for both the video media and audio media. For Home Depot, the Jabber devices
should be treated as a trusted entity from the PC and put in the tier 3 video class of AF41 for
video (video with audio) and EF for the audio only calls; signaling will be marked as CS3. The
CSF SIP Signaling port is TCP/UDP 5060.
There is no change in how video and audio ports are allocated for the devices used when you
are using your desk phone. Audio is terminated on the desk phone itself, and video always uses
the following ports:
Supported LDAP Directory Services

Cisco Jabber for Windows v11.x supports integration with the following directory services:
1.
2.
3.
4.
Active Directory Domain Services for Windows Server 2012 R2

Active Directory Domain Services for Windows Server 2008 R2
OpenLDAP 2.4 and later
Active Directory Lightweight Directory Service (AD LDS) or Active Directory Application Mode
(ADAM)
Microsoft Active Directory 2008 R2 is used by Home Depot.
1.8.1 AD attributes and Cisco Jabber fields

Table 20 AD Phone attributes and Cisco Jabber fields mapping
AD Attribute
Cisco Jabber Field
telephoneNumber
Work
Mobile
Mobile
homePhone
Home
otherTelephone
Other
ipPhone
ipPhone
DNS SRV Records for Cisco Jabber Login

Configure the following Internal and External DNS SRV records for Cisco Jabber login.
Table 21
Internal DNS SRV Records for Cisco Jabber Auto Login
Domain
Service
Proto
col
Port
Priority
Weight
TTL
Host
homedepot.com
_cuplogin
_tcp
8443
10
10
86400
homedepot.com
_cisco-uds
_tcp
8443
10
10
86400
atl-nsv-cucm01.homedepot.com
homedepot.com
_cisco-uds
_tcp
8443
10
10
86400
aus-nsvcucm02.homedepot.com
Table 22
External DNS SRV Records for Cisco Jabber Auto Login
Domain
Service
Proto
col
Port
Priority
Weight
TTL
Host
homedepot.com
_collabedge
_tls
8443
10
10
86400
uc-remote.homedepot.com
homedepot.com
_sips
Tcp
5061
10
10
86400
uc-remote.homedepot.com
Integration with Microsoft Outlook and Office 2010

Microsoft Exchange integration with the IM and Presence Service allows users to incorporate
their calendar/meeting status from Microsoft Outlook into their availability status on the IM and
Presence Service. The table below shows the reachability mappings, and how the IM and
Presence Service correlates the status of meetings (as shown in Microsoft Outlook calendar) in
the availability status of users on the IM and Presence Service.
Client side integration for Outlook and Office integration allows Home Depot users to perform
Click2Call from these applications.
Cisco Jabber Auto Login Procedure

In an Active Directory integrated environment, the Cisco Jabber client auto login consists of the
following three key steps:
1. Cisco Jabber client gets a Service domain;
2. Cisco Jabber client discovers available service;
3. Cisco Jabber client authenticate with AD and apply Service profile to Cisco Jabber client.
1.11.1 Cisco Jabber Client gets a service domain.

The user is prompted to enter a Cisco Jabber user account which will be used to determine the
services domain in Home Depot scenario, user Cisco Jabber user account format is:
sAMAccountName@homedepot.com or UserID@homedepot.com
The following steps are an example of how the client gets a services domain after a new
installation
1.
2.
3.
4.
John Doe launches Cisco Jabber for the first time.

Cisco Jabber prompts Joe to enter his login account.
Assuming Joes sAMAccountName is jdoe, Mike enters jdoe@homedepot.com.
The client extracts service domainhomedepot.com from the above sign-in address.
1.11.2 Cisco Jabber client discovers available service

The client requests the following SRV records:
1. _cisco-uds
2. _cuplogin
3. _collab-edge
If the name server returns: _cisco-uds or _cuplogin

The client detects it is inside the corporate network and connects to one of the following:
Cisco Unified Communications Manager - if the name server returns _cisco-uds.

Cisco IMP - if the name server returns _cuplogin.
_collab-edge
The client attempts to connect to the internal network through Expressway Mobile and Remote
Access (Mobile and Remote Access (MRA)) and discover services.
If the DNS has no response for SRV queries, the client prompts users to manually enter setup
and sign in details.
1.11.3 Cisco Jabber client authenticates with AD and applies Service

profile
Based on the discovered service, Cisco Jabber client will take following actions:
1. _cisco-uds
The client does the following:

a) Prompt the user for credentials to authenticate with AD.
b) Retrieve the service profile. The service profile provides the client with the authenticator as well
as client and UC service configuration.
2. _cuplogin
The client does the following:

a)
b)
c)
d)
Determine that Cisco IMP is the primary source of authentication.

Automatically connects to the server.
Prompts the user for credentials, authenticates with AD
Retrieve client and service configuration.
3. _collab-edge
If the name server returns the _collab-edge SRV record, the client does the following:
a) Send internal SRV request (_cisco-uds and _cuplogin) to Expressway-E
b) Expressway-E forward the request to Expressway-C
c) Expressway-C looks up the internal SRV records and provides the records to the Expressway-E
and then Expressway-E responses clients request.
d) After the client gets the internal SRV records, it retrieves service profiles from CUCM. The service
profiles then provide the client with the users home cluster, the primary source of authentication.
Collaboration Edge Design

Collaboration Edge is an umbrella term to describe Ciscos entire collaboration architecture. The
goal of Collaboration Edge Architecture is to help bridge islands to enable any to any
collaboration no matter what size your organization is.
Collaboration Edge Architecture Core Products Includes
1.
2.
3.
4.
5.
6.
Cisco Expressway
Cisco UCM
Cisco Jabber
CUBE
Gateway
SRST
Cisco Mobile and Remote Access (MRA) (Mobile Remote Access)/VPN-Less access for Cisco
Jabber is a core part of the Cisco Collaboration Edge Architecture. It allows endpoints such as
Cisco Jabber to have their registration, call control, provisioning, messaging and presence
services provided by Cisco UCM when the endpoint is not within the enterprise network. The
rest of this chapter will focus on Mobile Remote Access/VPN-Less access for Cisco Jabber.
The overall solution provides:

1.
2.
3.
4.
Off-premises access for Cisco Jabber and EX/MX/SX Series clients

Secure business-to-business Communications
Service: WebEx, Voice messaging, Audio/Video Call
Gateway and interoperability services
1.12.1 Mobile and Remote Access (MRA) Overview

Expressway is based on the existing Cisco Telepresence Video Communication Server (VCS).
Both products share the same codebase. The installed option keys (license) decide in which
mode the code operates. A Cisco Expressway solution consists of two entities: Expressway-C
and Expressway-E.
Expressway-C is deployed inside the enterprise network. It serves as a SIP-Proxy and a

communications gateway for Cisco Unified CM. Expressway-C is configured as a Unified
Communications traversal Client to communicate with Express-E to allow inbound and
outbound calls to traverse the device. In the Home Depot setup, Expressway-C and
Expressway-E is deployed in a cluster for redundancy and scalability.
Expressway-E cluster is deployed in the DMZ. It is also a SIP-Proxy and it is configured as

a Unified Communications traversal server to receive communication from the
Expressway-C. In Home Depots environment the Expressway-E is configured with two
network interfaces (this requires Advanced Networking option key to be installed on the
Expressway-E system. One NIC is connected to the internal network and one is connected
to DMZ network which is facing the internet). The external facing NIC/DMZ NIC has an
externally resolvable name of (uc-remote.homedepot.com) which resolves to a public IP
address (207.11.113.60) by the external/public DNS servers.
Expressway-C initiates traversal connections outbound through the firewall to specific ports on
Expressway-E with secure login credentials. Once the connection has been established,
Expressway-C sends keep-alive packets to Expressway-E to maintain the connection. When
Expressway-E receives an incoming call, it issues an incoming call request to Expressway-C.
Expressway-C then routes the call to CUCM to reach the called user or endpoint and then the
call will be established.
Figure 2
Jabber MRA architecture
1.12.2 Mobile and Remote Access (MRA) Setup

Prior to MRA deployment, make sure you have already completed basic configuration
Expressway-C and Expressway-E such as DNS, NTP, etc.
1.12.3 Communication Protocols and Communication Security

Accordingly, below TCP/UDP ports need to be opened in DMZ outside firewall.
Table 23
Inbound from public internet to Expressway-E (DMZ)
CONNECTION
TYPE
SOURCE
ENVIRON
MENT
SOURCE
(Session
initiation)
PORTS/
PROTOCOL
DESTINATION
ENVIRONMENT
DESTINATION
(Session
destination)
PORTS/
PROTO
COL
Comments
Internal
Production
151.140.142.0/23
TCP/
>=1024
DMZ
192.168.52.27
TCP/ 443
HTTPS Management of VCS-E

[pg. 4]
Internal
Production
151.140.142.0/23
TCP/
>=1024
DMZ
192.168.52.27
TCP/ 22
SSH Management of VCS-E [pg.

4]
Internal
Production
151.140.130.0/23
TCP/
>=1024
DMZ
192.168.52.27
TCP/ 443
HTTPS Management of VCS-E

[pg. 4]
Internal
Production
151.140.130.0/23
TCP/
>=1024
DMZ
192.168.52.27
TCP/ 22

4]
CONNECTION
TYPE
SOURCE
ENVIRON
MENT
SOURCE
(Session
initiation)
PORTS/
PROTOCOL
DESTINATION
ENVIRONMENT
DESTINATION
(Session
destination)
PORTS/
PROTO
COL
Comments
Internal
Production
151.140.12.80
TCP/
>=1024
DMZ
192.168.52.27
TCP/ 22

4]
Internal
Production
151.140.12.80
UDP/
>=1024
DMZ
192.168.52.27
UDP/
161
SNMP Management of VCS-E

[pg. 4]
Internal
Production
172.26.50.157
TCP/ 2500029999
DMZ
192.168.52.27
TCP/
7001
SIP Signaling [pg. 8,28]
Internal
Production
172.26.50.157
UDP/ 3600240999
DMZ
192.168.52.27
UDP/
3600240999
Internal
Production
172.26.50.157
TCP/ 3000035999
DMZ
192.168.52.27
TCP/
7400
XMPP (IM and Presence) [pg.

28,33]
Internal
Production
172.26.50.157
TCP/ 3000035999
DMZ
192.168.52.27
TCP/
2222
SSH (HTTPS tunnels) [pg. 28]
Internal
DMZ
192.168.52.27
UDP / 123
Production
165.130.1.7
UDP/
123
NTP [pg. 5]
Internal
DMZ
192.168.52.27
TCP/ 3000035999
Production
165.130.210.1
27
TCP/ 636
LDAPS [pg. 5]
Internal
DMZ
192.168.52.27
TCP/ 3000035999
Production
165.130.143.2
38
TCP/ 636
LDAPS [pg. 5]
Internal
DMZ
192.168.52.27
UDP/ 3000035999
Production
165.130.1.10
UDP/
514
Splunk [pg. 5]
Internal
DMZ
192.168.52.27
UDP/
>=1024
Production
165.130.1.9
UDP/ 53
DNS [pg. 7]
Internet
DMZ
192.168.52.19
TCP/ 2500029999
Internet
ANY
TCP/
>=1024
SIP Signaling [pg. 9]
Internet
DMZ
192.168.52.19
UDP/ 3600240999
Internet
ANY
UDP/
>=1024
RTP/RTCP [pg. 9,29]
Internet
Internet
ANY
TCP/
>=1024
DMZ
192.168.52.19/
207.11.113.60
TCP/
5222
XMPP (IM and Presence) [pg.

29]
Internet
Internet
ANY
TCP/
>=1024
DMZ
192.168.52.19/
207.11.113.60
TCP/
8443
UDS (phone and provisioning)

[pg. 29]
Internet
Internet
ANY
TCP/
>=1024
DMZ
192.168.52.19/
207.11.113.60
TCP/
5061
SIP Signaling [pg. 9,29]
Internet
Internet
ANY
UDP/
>=1024
DMZ
192.168.52.19/
207.11.113.60
UDP/
3600240999
1.12.4 Expressway Security Certificates requirement

Expressway needs certificates for:
HTTPS Connectivity
TLS connectivity for SIP signaling, endpoints
Connections to other systems such as CUCM and IMP.
Below certificates are required:
RTP/RTCP [pg. 8,28]
RTP/RTCP [pg. 9,29]
Certificate for Expressway-C server (Must include Webserver and Client Authentication
extension)
o Private certificates issued by Home Depot CA are deployed. This is the same CA that
issues UCM certificates
Certificate for Expressway-E server (Must include Webserver and Client Authentication
extension)
o Private certificates issued by Entrust CA are deployed. This is the external CA for
Expressway-E
Root Certificate of CA server
1.12.5 Setting up the Expressway-C

To enable Unified Communications for Mobile and Remote Access (MRA) on Expressway-C
navigate to:
Configuration > Unified Communications > Configuration, Select Mobile and remote access
Table 24
Mobile and Remote access
Parameter
Value
Unified Communications mode
Mobile and remote access
You must configure the domains for which registration, call control, provisioning message and
presence services are to be routed to Unified CM.
Table 25
Expressway Core Domains
Parameter
Value
Domain
homedepot.com
SIP registrations and provisioning on Unified CM
On
IM and Presence services on Unified CM
On
XMPP federation
Off
To provide provisioning, SIP registration and IMP services Expressway-C needs to be aware of
the deployed IMP and CUCM Servers.
Table 26
Discover CUCM Server
Parameter
Value
Unified CM Publisher address
atl-nsv-cucm.homedepot.com
Username
administrator
Password
*******
TLS verify mode
Off
To configure the IMP servers used for remote access, on Expressway-C, navigate to:
Configuration->Unified Communications > IM and Presence servers
Click New Button to add a new IMP server, below table details the configured values
Table 27
Discover IMP Server
Parameter
Value
IM and Presence publisher address
Username
administrator
Password
*******
TLS verify mode
On
Since Home Depot will use CA-signed certificates, the Expressway-Cs trusted CA list must
include the root CA of the issuer of the tomcat certificate.
Note: the status of the IMP server will show as Inactive until a valid traversal zone connection
between the Expressway-C and the Expressway-E has been established (this step is detailed in
following section)
To support mobile and remote access feature, there must be a secure traversal zone
connection between the Expressway-C and Expressway-E.
To set up a secure traversal zone, configure your Expressway-C as follows:

1. Go to Configuration>Zones>zones.
2. Click New
3. Configure the fields as follows:
Table 28
Unified Communications Traversal Zone Parameters
Parameter
Value
Name
Expressway_Traversal_Zone
Type
Unified Communications traversal
Username
thdmratzauth
Password
*******
H.323 Mode
Off
Sip Section
Mode
On
Port
7001
Accept proxied registrations
Allow
ICE Support
Off
SIP poison mode
Off
Parameter
Value
Authentication section
Authentication policy
Treat as authenticated
Location section
Peer 1 address
atl-nsv-vcse01.homedepot.com
1.12.6 Setting up the Expressway-E

To enable Unified Communications for Mobile and Remote Access (MRA) on Expressway-E,
navigate to
Configuration > Unified Communications > Configuration
Select Mobile and remote access
Table 29
Parameter
Value
Unified Communications mode
To disable TURN services on Expressway-E, navigate to

Configuration>Traversal>TURN
Ensure that TURN services are off
To support mobile and remote access feature, there must be a secure traversal zone
connection between the Expressway-C and Expressway-E.
1. To set up a secure traversal zone, configure your Expressway-E as follows:
2. Go to Configuration>Zones>zones.
3. Click New
Configure the fields as follows:

Table 30
Unified Communications Traversal Zone Parameters
Parameter
Value
Name
Mobile and Remote Access (MRA) Traversal

Zone
Type
Unified Communications traversal
Username
mra
Password
Click Add/Edit local authentication database,

then in the popup dialog click New and enter
Name (mra) and Password (XXXXX) and click
Create Credential.
H.323 Mode
Off
Sip Section
Mode
On
Parameter
Value
Port
7001
Transport
TLS
Unified Communications Services
Yes
TLS verify mode
On
TLS verify subject name
Expressway-Cs FQDN
Media encryption mode
Force encrypted
Authentication section
Authentication policy
Do not check credentials
Location section
Peer 1 address
N/A
Peer2Z6 address
N/A
1.12.7 Summary of supported and Unsupported Cisco Jabber feature

for Mobile and Remote Access (MRA)
Table 31
Summary of Supported Jabber feature for Mobile and Remote Access (MRA)
Service
Supported
Unsupported
Directory
UDS directory search
LDAP directory search

Directory photo resolution
X
X
* Need Web server
Intradomain federation
Interdomain federation
Instant Messaging and Presence

On-premises
Cloud
Chat
Group chat
High Availability: On-premises deployments
File transfer: On-premises deployments

File transfer: Cloud deployments
X
X
Desktop clients, some
file transfer features
are supported for
mobile clients.
Service
Supported
Video desktop share - BFCP
X (Cisco Jabber for

mobile clients only
support BFCP receive.)
Unsupported
Audio and Video

Audio and video calls
X
* Cisco Unified
Communications
Manager 9.1(2) and
later
Deskphone control mode (CTI)
Extend and connect
Dial via Office - Reverse
Session persistency
Early media
SelfCare Portal access
Voicemail
Visual voicemail

Jabber Design

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Jabber Design

Uploaded by

Copyright:

Available Formats

1 Cisco Jabber

Instant Message/Chat over XMPP including:

Cisco Jabber for mobile clients includes:

Instant Message/Chat over XMPP

UCM LDAP Directory

1.2.1 LDAP System Configuration

Enable Synchronizing from LDAP Server

Table 2 Voicemail UC service

Jabber Phone mode

Standards based Instant Messaging and Presence

User managed Contact list with groups

Directory search (Active Directory/LDAP)

MS Outlook Contact search

Soft phone Standards based Voice and Video Calling

Commented [PK(1]: To be updated

Jabber Phone mode

Desk Phone Control

Desk phone Control with video support

Extend and Connect 3rd party PBX/PSTN phone control

Video Desktop Sharing (BFCP Standards based)

Visual Voicemail (Unity Connection)

WebEx Meetings Integration

(incl support for Outlook, Notes, Google)

Admin/User defined custom DHTML Tabs

Microsoft Office Integration (Office 2007/2010)

Cisco Jabber Voice Architecture

1.3.2 Jabber and Cisco Unity Connection Voicemail

CUCM Configuration for Jabber Voice

1.4.2.1 Voicemail UC Service

1.4.2.3 Conferencing Server

1.4.2.4 CTI UC Service

Table 4 CTI UC Service

1.4.2.5 Directory UC Service

1.4.2.1 IM and Presence UC service

Table 6 IMP Server Service

CUCM IMP Service

CUCM IMP Service

1.4.3 Service Profiles

1.4.3.1 Phone-Only mode UC Service profile

UC Service Profile Phone-Only mode

Make this the default service profile for the

Credential source for voicemail service

Unified CM IM and Presence

Use UDS for Contact Resolution

Use Logged On User Credential

Recursive Search on All Search Bases

Search Timeout (seconds)Required Field

Base Filter (Only used for Advance

Predictive Search Filter (Only used for

IM and Presence Profile

1.4.3.1 Full-UC mode UC Service profile

UC Service Profile Full-UC mode

Make this the default service profile for the

Credential source for voicemail service

Unified CM IM and Presence

Use UDS for Contact Resolution

Use Logged On User Credential

Recursive Search on All Search Bases

Search Timeout (seconds)Required Field

Base Filter (Only used for Advance

Predictive Search Filter (Only used for

IM and Presence Profile

Cisco Jabber Configuration

Cisco Unified Client Services