Professional Documents
Culture Documents
Lab
Guide
version
9.5
SEVT
March
2014
INDEX ............................................................................................................................................................... 2
3.5 Cisco Jabber/Cisco UCM Service Discovery (Inside the Company) .................................................................. 20
4 JABBER LOGON AND TESTING OF THE NEW DEFAULT CAPABILITIES ............................ 23
4.2 Verify the server configuration -‐ Logon on Jabber .......................................................................................... 23
5.5 Additional info on MomentIM Group Chat management ............................................................................... 48
6 CONFIGURING AND TESTING THE MOBILE REMOTE ACCESS (MRA) CAPABILITY ...... 50
6.2 How to Configure the Expressway Solution for MRA ...................................................................................... 51
6.3 Setting up Secure Traversal Zone (Expressway-‐C & -‐E) ................................................................................... 61
6.4 Testing the Mobile Remote Access (MRA) capability on Jabber 9.7 ................................................................ 69
6.5 How to configure Photo Lookup from Outside the Firewall (MRA scenario) ................................................... 74
7 INTRA-‐DOMAIN FEDERATION FOR IM/P BETWEEN JABBER AND LYNC ........................ 78
7.4 Testing Intra-‐domain federation between the different clients ...................................................................... 88
8.5 Additional AD Contacts to permit calls from Lync users toward Jabber users ............................................... 107
8.6 Test audio calls between the different clients .............................................................................................. 108
9.2 Export of contact lists for migrating user ..................................................................................................... 111
9.4 Delete user data from database for migrating users .................................................................................... 116
9.8 Import contact lists for migrating users into IM and Presence ...................................................................... 120
9.9 Logon on Jabber and test the result of the migration ................................................................................... 121
1.1 Authors
For
any
feedback
or
questions
please
contact
the
following
persons:
• Fabio
Chiesa
(fchiesa@cisco.com)
-‐
CSE,
EMEAR
Theatre
Technical
Services
Team
• Tobias
Neumann
(tneumann@cisco.com)
–
TSA,
EMEAR
Central
Collaboration
Team
• Marc
Dionysius
(mdionysi@cisco.com)
–
TSA,
EMEAR
Central
Collaboration
Team
Lab topology is shown on a diagram below. Each student has his own set of terminals in his POD.
IP address
SERVER Hostname
(Private)
AD DC – CA - Internal DNS ad01-‐bc.bootcamp.com
10.52.226.68
CUCM A/V 10.0 Node 1 cucm01-‐bc.bootcamp.com
10.52.226.70
Exchange 2010 exchange01-‐bc.bootcamp.com
10.52.226.73
Cisco Expressway-C expressway-‐c.bootcamp.com
10.52.226.74
PC 1 (Alice Adams) (Internal Lan) -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
10.52.226.76
PC 2 (Bob Banks) -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
10.52.226.77
PC 3 (Cathy Chung) -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
10.52.226.78
CUCM IM&P 10.0 Node 1 cup01-‐bc.bootcamp.com
10.52.226.80
Lync 2010 lync01-‐bc.bootcamp.com
10.52.226.82
Postgres SQL database sql01-‐bc.bootcamp.com
10.52.226.83
Cisco Expressway-E (Internal DMZ Lan) expressway-‐e.bootcamp.com
10.1.238.74
Cisco Expressway-E (External DMZ Lan) -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
10.1.239.80
PC 1 (Alice Adams) (Public Internet Lan) -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
172.16.100.76
Cisco Expressway-E (Public Internet Lan)
172.16.100.80
External DNS (Public Internet Lan)
172.16.100.253
Note:
the
Active
Directory
(AD)
domain
is
“bootcamp.com”
for
all
the
users.
The
same
happens
for
the
email
and
IM
Domains
–
they
are
both
“bootcamp.com”.
Jabber Users:
Lync Users:
The
IP-‐Addresses
reported
in
the
previous
tables
reflect
POD-‐internal
addressing
and
you
are
supposed
to
access
them
from
WITHIN
your
POD
after
you
RDP
into
one
of
the
Windows
7
machines
from
the
LabOps
Portal!!
To
make
the
soft
client
work
in
the
correct
way
you
need
to
configure
your
RDP
client
to
leave
the
audio
on
remote
device
instead
of
trying
to
use
local
device.
To
save
time
and
help
you
complete
the
lab
on
time,
some
configuration
steps
are
already
in
place.
These
pre-‐configured
steps
are
also
documented
in
the
“Appendix”
Lab
Guide
and
you
can
use
it
for
reference
and
review
the
settings.
At
high
level,
your
POD
has
the
following
baseline
configuration
in-‐place:
• Basic
configuration
between
CUCM
A/V
Nodes
and
IM&Presence
nodes
are
done.
• UC
Service
and
Service
Profile
created
on
CUCM
• CUCM
3rd
party
CA
based
certificates
are
pre-‐configured
• CUCM
CTL
configuration
and
enabling
Cluster
in
Mixed-‐Mode
(Security)
• CUCM
IM&Presence
server
side
presence
integration
with
Microsoft
Exchange
2010
• User
display
pictures
are
loaded
on
to
the
AD
and
on
to
the
Web
Server
• 2
x
Windows
7
is
setup
with
Jabber
9.7
Client
• 1
x
Windows
7
is
setup
with
Lync
Client
2010
• Cisco
RTMT
is
available
on
PC
3
• Lync
Server
Logging
tools
are
installed
on
the
Lync
Server
box
• Moment
IM
is
installed
on
PC
3
to
manage
Persistent
Chat
room
We
found
specific
issue
when
accessing
CUCM
and
CUP
using
IE
11.
In
order
to
have
the
fully
functional
Admin-‐Interface
please
either
use
Chrome
(Preferred
option)
or
add
the
bootcamp.com
Domain
into
the
“Compatibility
Settings”
of
IE.
3.1 Introduction
In
this
chapter
we
will
implement
all
the
configuration
needed
on
the
CUCM
cluster
to
permit
you
to
logon
on
two
Jabber
Client
inserting
only
the
user’s
email
address
and
then
username
and
password.
We
will
also
describe
the
new
automatic
provisioning
capability
on
the
CUCM
server
that
improve
speed
and
quality
of
the
Jabber
deployment.
Cisco
UCM
uses
UC
Services
(CTI,
IM&P,
directory,
conferencing,
etc.)
which
can
be
combined
into
Service
Profiles
to
provide
certain
configuration
to
groups
of
Jabber
users.
Please
see
the
Lab
Guide
Appendix
document
for
a
detailed
description
of
the
steps
required,
that
have
been
pre-‐configured
for
you
in
this
Lab
to
reduce
time
and
focus
on
the
new
automatic
provisioning
capabilities.
To
enable
specific
non
default
behaviors
on
the
Jabber
client
we
need
to
use
an
XML
config
file.
The
main
three
items
are:
On
the
client
machines
Win7
PC01
(aadams)
and
Win7
PC02
(bbanks)
a
first
jabber-‐config.xml
file,
which
include
the
first
two
items,
has
been
prepared
for
you.
All
Jabber
clients
in
this
setup
are
utilizing
the
same
configuration,
therefore
uploading
the
default
Jabber-‐Config.XML
to
the
Cisco
UCM
Tftp-‐Server
will
allow
all
clients
to
access
the
configuration.
In
the
chapter
related
to
MRA
will
we
use
another
XML
config
file
that
includes
also
the
third
item
(Photo
lookup
in
UDS)
Please
verify
the
correct
format
of
the
Jabber-‐Config.XML
file
by
opening
the
file
stored
in
the
following
path:
This should display the properly XML formatted configuration in a browser window.
Every change to any file stored on the TFTP Server needs a restart of the TFTP service to take effect.
A
major
deliverable
of
Cisco
UCM
10.0
is
simplification
of
provisioning
and
configuration.
For
this
purpose
the
LDAP
synchronization
has
been
enhanced
not
only
to
allow
the
import
of
end
user
data,
but
also
additional
information
and
the
ability
to
use
this
information
to
create
and
configure
directory
numbers
and
other
capabilities.
Some
limitations
apply
to
these
capabilities
in
the
version
10.0
of
CUCM
(improvements
are
planned
for
next
releases):
• Cisco
UCM
supports
a
maximum
of
5
LDAP
sync
statements,
limiting
the
number
of
groups/location
that
can
be
mapped
to
a
distinct
Feature
Group
Template
• +E.164
Directory
number
format
is
not
yet
supported
for
import
and
DN/line
creation
• Variable
length
Directory
numbers
are
not
yet
supported
In
this
Lab
all
the
templates
have
been
pre-‐configured
for
you.
You
can
find
all
the
steps
to
do
it
in
the
Appendix
Document.
Please
note
that
in
the
Feature
Group
Template
we
have
not
select
the
option
“Enable
User
for
Unified
CM
IM
and
Presence”
because
there
are
some
user
migrating
from
Lync
to
Jabber
and
we
want
to
be
able
to
enable
users
on
Jabber
selectively,
one
by
one….but
meantime
be
able
to
search
them
in
the
CUCM
directory
Having
all
the
templates
pre-‐configured,
the
first
real
step
you
will
have
to
do
is
to
create
an
LDAP
sync
statement
to
import
user
from
AD
and
create
in
automatic
the
associated
lines
to
use
later
with
the
CSF
devices.
We
will
create
an
LDAP
customer
filter
to
show
you
the
possibility
to
import
only
a
SUBSET
of
the
users
from
AD,
because
for
example
you
would
need
to
create
lines
with
specific
CSS,
Device
pools
or
other
parameters.
3. Create
the
custom
LDAP
filter
related
to
the
user
in
San
Jose
with
following
details
(please
note
that
the
users
are
assigned
to
a
specific
AD
security
group
called
“SJC-‐Users”):
o Filter
Name:
SJC
User
Filter
o Filter:
(memberOf=cn=SJC-‐Users,ou=my-‐user,dc=bootcamp,dc=com)
In
this
lab
we
are
using
administration
account
to
sync
AD
with
CUCM.
However,
in
a
production
setup
we
do
NOT
require
administrative
access
to
the
Windows
AD
setup.
Any
domain
user
account
would
suffice
for
CUCM
to
“Read”
AD
user
entries.
1. Go
to
System
>
LDAP
>
LDAP
Directory
>
Add
New
2. Create
a
new
LDAP
Directory
Sync
Partnership
with
following
parameters:
Configuration
Name:
SJC-‐Users
LDAP
Manager
Distinguished
Name:
cn=Administrator,cn=Users,dc=bootcamp,dc=com
LDAP
Password:
C1sc0,123
LDAP
User
Search
Base:
ou=my-‐user,
dc=bootcamp,
dc=com
LDAP
Customer
Filter:
select
SJC
User
Filter
Access
Control
Group:
select
as
shown
in
screenshot
Feature
Group
Template:
select
SJC
FG
Template
Check
“Apply
Mask
to
synched
telephone
numbers”
and
enter
XXXXXXXXXXX
(11
times
the
character
“X”)
LDAP
Server
Information:
ad01-‐bc.bootcamp.com
4) Press “Save” and then select Perfom Full Sync Now, to start the sync process.
5)
Go
to
User
Management
-‐>
End
User
to
check
if
Alice
Adams,
Bob
Banks,
Cathy
Chung
and
Harry
Hong
are
imported
correctly
and
are
active.
2) Change/check the imported directory number details as shown in the screenshot below
Please
note
that
CUCM
will
not
create
Cathy’s
Line
in
automatic
because
the
AD
User
doesn’t
include
a
directory
number.
We
decided
to
do
it
because
during
the
lab
exercise
you
will
make
a
call
from
Alice
to
Cathy
while
Cathy
is
still
on
Lync
and
if
we
would
create
the
line
in
CUCM
with
the
URI
address
associated
to
it
the
call
will
never
be
routed
outside
CUCM
toward
Lync….
Using
feature
group
templates
users
are
automatically
created
with
the
corresponding
directory
numbers
including
the
directory
URI.
Currently
the
CSF-‐Device
required
for
Cisco
Jabber
in
softphone
mode
needs
to
be
created.
This
can
be
done
manually,
using
the
BAT
update
process
or
the
new
Quick
Add
capability
in
Cisco
UCM.
This
chapter
explains
how
to
use
Quick
Add,
using
Alice
Adams
as
example:
1) Navigate to User Management > User/Phone Add > Quick User/Phone Add
3) In
the
Quick
User/Phone
Add
dialog
the
parameters
are
pre-‐configured
based
on
the
templates
configured
earlier
for
the
directory
synchronization.
Now,
Select
Manage
Devices
4) From
the
Manage
Devices
dialog
select
Add
New
Phone
6) Don’t
forget
to
repeat
the
same
steps
to
create
a
CSF
Device
for
Bob
Banks.
7) Please
note
that
the
user
template
doesn’t
enable
the
user
for
the
IM/P
service,
so
you
will
have
to
do
it
manually
for
both
users.
To
do
it
go
to
the
menu
User
Management
!
End
User,
search
for
the
users
Alice
Adams
&
Bob
Banks
and
then
enable
them
for
IM/P
flagging
the
following
checkboxes.
Once
done,
press
Save.
We
are
NOT
enabling
the
user
Cathy
Chung
for
IM/P
now
because
in
our
Lab
scenario
this
user
is
still
enabled
on
Lync
so
it
would
be
a
mistake
to
enable
him
also
on
Jabber.
We
will
do
it
later,
after
disabling
her
on
Lync.
Significant
improvements
have
been
made
to
further
simply
the
provisioning
of
services
and
auto
discovery
of
those
services
in
Cisco
UCM
10.0.
As
described
in
a
previous
chapter
(3.2),
profiles
and
corresponding
services
are
configured
centrally
on
Cisco
UCM.
Earlier
versions
required
some
parameters
to
be
configured
on
the
Cisco
UCM
(v2)
nodes
and
some
on
the
IM&P
nodes.
Cisco
Jabber
Clients
are
capable
of
using
DNS
to
auto
discover
the
services
created
on
CUCM.
This
will
work
when
the
Jabber
users
within
the
corporate
network
or
even
while
connecting
from
the
internet
(using
the
new
Remote
Access
Capability).
This
chapter
covers
the
aspects
of
service
discovery
and
it’s
configuration
for
internal
deployments
only.
For
deployments
utilizing
the
Cisco
Expressway
product
please
refer
to
the
documentation
or
attend
the
separate
lab
that
covers
all
aspects
of
remote
working.
Service
discovery
is
based
on
Domain
Name
Service
(DNS)
Service
Records
(SRV).
For
full
automatic
discovery
the
administrator
has
to
configure
these
SRV
records
to
enable
Cisco
Jabber
Clients
to
resolve
them
while
searching
for
service.
For
discovery
inside
the
corporate
network
Cisco
Jabber
utilizes
the
_cisco-‐uds._tcp.<domain-‐
name>
SRV
record.
The
following
steps
explain
how
to
configure
the
required
SRV
DNS
records.
In
this
exercise
a
Microsoft
Windows
2008
R2
server
is
providing
the
DNS
service,
when
using
other
DNS
servers
please
consult
the
required
documentation
–
steps
bellow
should
provide
a
good
understanding
of
the
concepts
and
the
required
tasks.
We will start now with the SRV records associated to the sip domain “bootcamp.com”:
5) Select
Service
Location
(SRV)
from
the
type
of
records
to
be
added
and
enter
the
following
details:
Enter
the
following
details
for
the
Cisco
UDS
Services
Discovery
Service
:
_cisco-‐uds
Protocol
:
_tcp
Priority
:
<Leave
Blank>
(Priority
is
an
optional
parameter,
the
lower
the
priority
the
higher
the
clients
will
rank
this
SRV
record)
Weight
:
<Leave
Blank>
Port
:
8443
Host
offering
this
service:
cucm01-‐bc.bootcamp.com
In
case
of
wrong
information
reported
as
result
it
could
be
a
good
idea
to
clean
the
local
DNS
cache.
To
do
it
use
the
following
command:
ipconfig
/flushdns
4.1 Introduction
In
this
chapter
we
will
guide
you
through
the
testing
of
most
of
the
new
end
user
capabilities
introduced
with
Jabber
9.6
and
Jabber
9.7.
We
will
test
later
in
dedicated
chapters
the
Persistent
Chat
and
the
MRA
capabilities.
1) Logon
to
workstation
Win7
PC
01
with
the
user
Alice
Adams
and
launch
the
Cisco
Jabber
client
from
the
desktop.
(Please
note
that
in
this
moment
Alice’s
PC
is
connected
to
the
internal
LAN).
2) Enter
full
email
address
for
Alice
Adams:
aadams@bootcamp.com
The
email
address
is
used
for
service
discovery
(auto
discover).
Cisco
Jabber
will
use
the
right
hand
side
of
the
email
address
(bootcamp.com)
and
look-‐up
the
DNS
for
SRV
records
to
locate
the
CUCM
services
for
this
domain.
If
you
get
an
error
saying
“Cannot
communicate
with
server”.
Try
logging
on
to
CUCM
IM/P
Serviceability
Page
and
restart
the
“Cisco
Client
Profile
Agent”
service
under
select
Cisco
Unified
IM
and
Presence
Serviceability
>
Tools
>
Control
Center
–
Network
Services:
4) After
user
is
logged
in
to
Jabber,
verify
that
the
phone
service
(CSF
Device)
is
registered
correctly.
You
can
also
go
to
Help
>
Show
Connection
Status
to
verify
if
all
services
are
up
and
running.
Repeat
the
same
steps
for
the
use
Bob
Banks.
To
do
it
logon
on
the
workstation
Win7
PC
02
with
the
right
credential
and
launch
the
Cisco
Jabber
client
from
the
desktop.
Now,
to
see
URI
dialing
working
you
have
multiple
way,
one
of
these
is
to
use
the
“call”
arrow
on
the
right
of
the
user
in
buddy
list:
You
will
see
that
in
addition
to
the
normal
phone
numbers
there
is
now
a
line
related
to
the
URI
address
associated
to
the
user
(equal
to
the
IM/P
presence
address).
Clicking
on
it
will
start
the
call
and
from
there
the
behavior
is
the
standard
one
associated
also
to
number
dialing.
Last
new
feature
introduced
into
the
software
since
Jabber
for
Windows
9.6,
you
will
find
the
capability
to
keep
the
video
window
always
on
top,
ensuring
that
your
active
video
window
will
always
be
in
the
focus
of
your
desktop.
To enable it, please select the View-‐Menu and check the “Video call always on top” option.
Place
a
call
from
Alice
to
Gary
or
vice-‐versa
to
verify
that
no
other
application
will
cover
the
active
call
window.
You can click on the pop-out icon to move any chat window into a separate window. You can pop-out a one-to-one
conversation, a group chat, and persistent chat room window.
Another
new
functionality
you
will
find
in
Jabber
for
Windows
9.7
is
the
“Custom
Contact”
aka.
Pizza
Guy
.
While
you
could
already
have
your
personal
Outlook
contacts
displayed
and
searched
in
Jabber
for
quite
a
while,
it
is
now
also
possible
to
manually
add
contacts
to
your
buddy
list
without
having
them
anywhere
else
defined
(Corporate
Directory,
Outlook
Contacts
etc.
)
Please
be
aware
that
we
use
a
pre-‐FCS
build
of
the
9.7
version,
so
the
code
might
still
contain
some
defects.
Just
go
and
play
a
little,
adding
a
contact
of
your
choice
to
the
buddy
list
or
follow
the
next
screenshot.
You
will
find
that
only
the
fields
containing
information
will
be
displayed.
Similar
to
the
personal
Outlook
Contacts,
you
would
be
able
to
get
presence
information
for
a
custom
contact
if
your
company
does
allow
federations.
5.1 Introduction
In
this
chapter
we
will
guide
you
through
the
configuration
of
the
Persistent
Chat
capability
on
CUCM
IM/P
and
the
testing
of
the
same
feature
using
the
Jabber
for
Windows
9.7
release.
Please
be
aware
that
we
use
a
pre-‐FCS
build
of
the
9.7
version,
so
the
code
might
still
contain
some
defects
and
not
all
aspects
of
the
new
functionality
are
yet
available.
Also
to
use
Persistent
Chat
with
Jabber
for
Windows
9.7,
a
CUCM
IM&P
server
running
on
version
10.x
is
a
mandatory
requirement.
Persistent
Chat
functionality
itself
consists
of
three
components:
Cisco
Unified
Communications
Manager
IM&Presence,
a
external
database
to
actually
store
the
chat
rooms
and
content
as
well
as
the
client
to
access
this
functionality.
CUCM
IM&Presence
does
support
either
a
Postgres
SQL
database
or
an
Oracle
database
for
this
integration.
In
this
lab,
we
decided
to
use
the
Postgres
SQL
option
and
to
reduce
the
time
to
implement
the
full
capability
we
had
to
preconfigure
the
Postgres
database
for
you.
Note
that
Persistent
Chat
capabilities
in
Jabber
for
Windows
are
disabled
by
default.
Therefore
they
have
to
be
explicitly
enabled
using
the
following
parameter
in
<Client>
section
of
the
jabber-‐config.xml
file:
<Persistent_Chat_Enabled>True</Persistent_Chat_Enabled>
To save you some time, this command was already included in the config-‐file you uploaded in Chapter 3.
You
will
now
have
to
configure
the
integration
into
CUCM
IM&Presence
as
well
as
create
the
Persistent
Chat
rooms
using
a
complementary
IM
client.
As
the
external
Postgres
Database
has
already
been
preconfigured
for
you
the
next
step
will
be
adding
the
database
to
CUCM
IM&P.
5. Hit
Save.
You will notice two status messages after creating the database:
Next up we will enable Persistent Chat and map the database created above to this service:
Please ensure you also UNCHECK the automatic alias creation option, which is at the beginning of the page:
As
the
automatic
alias
creation
has
been
disabled
in
the
step
above,
you
will
now
need
to
specify
an
alias
manually.
Navigate
to
Messaging
-‐>
Group
Chat
Server
Alias
Mapping
and
add
a
new
alias
named
“Bootcamp-‐Chat-‐
Rooms”
which
is
mapped
to
cup01-‐bc.bootcamp.com
In
order
use
Persistent
Chat
via
Expressway,
the
Chat
Server
Alias
has
to
be
specified
as
a
Subject
Alternate
Name
(
SAN
)
in
the
certificate
installed
on
the
Expressway-‐E.
This
step
has
been
preconfigured
for
you.
To
do
so,
please
open
a
new
Tab
to
go
to
https://cucm01-‐bc.bootcamp.com/ccmadmin
,
navigate
to
User
Management
-‐>
End
User
and
choose
Harry
Hong
from
the
list
of
users.
Enable
IM&Presence
capabilities
for
this
user
and
hit
Save.
Now
we
can
move
back
to
the
CUCM
IM&Presence
Administration
and
navigate
to
Messaging
-‐>
Group
Chat
System
Administrators.
Finally,
in
order
for
the
changes
to
become
active,
please
navigate
to
the
CUCM
IM&Presence
Servicability
page
and
restart
the
Cisco
XCP
Text
Conference
Manager
under
Tools
-‐>
Feature
Services
-‐>
cup01-‐
bc.bootcamp.com.
If
you
now
log
Alice
Adams
and
Bob
Banks
out
of
Cisco
Jabber
and
sign
back
in,
you
should
be
presented
with
a
new
icon
on
the
sidebar:
Congratulations, you have successfully enabled Persistent Chat functionality. Now let’s move on.
As
stated
above,
not
all
functions
are
yet
fully
available
in
Cisco
Jabber
for
Windows.
The
ability
to
create
and
administer
Persistent
Chat
rooms
has
been
defined
to
be
part
of
the
“Phase
2”
implementation
of
Persistent
Chat
and
will
be
available
in
Jabber
for
Windows
10.0.
For
now
we
have
to
use
a
complementary
IM
client
to
do
the
administration.
This
could
be
CUPC,
but
also
some
native
XMPP
Client
like
Pidgin
or
(as
we
use
it
here
)
Jabber
MomentIM.
1. Logon
to
workstation
Win7
PC
3
with
the
user
Cathy
Chung
and
launch
the
Jabber
MomentIM
client
from
the
desktop
2. Click
the
preconfigured
profile
of
“hhong”
to
connect
4. Create
a
new
room
as
described
in
the
screenshot
below
and
click
Finish.
Cisco
Jabber
Lab
Page
39
5. The
new
room
will
open
and
you
will
be
presented
the
room
configuration
dialog.
Please
ensure
you
check
the
“Make
the
room
persistent”
option.
Otherwise
the
room
will
NOT
be
displayed
in
Jabber.
In
this
case
we
will
also
check
the
“Only
members
can
enter
the
room”
option
to
make
this
a
closed
room.
NOTE:
Please
do
NOT
check
the
“Password
is
required
to
enter”
option
or
specify
any
password.
The
current
version
of
Jabber
is
not
yet
supporting
passwords
for
rooms.
In this case we will put “Human Resources – Closed User Group” as the Subject
Right
click
inside
the
conference
room
and
select
to
“Bookmark
Conference
Room”
for
easier
access
later.
7. Now
check
the
Jabber
Client
of
either
Alice
or
Bob
for
the
newly
created
room
Once
you
click
the
“All
rooms”
tab,
you
will
be
presented
with
a
list
of
the
currently
defined
rooms.
Please
note
the
lock
icon
next
to
the
“Human
Resources”
group
indicating
that
this
is
a
closed
group
by
invitation
only.
Cisco
Jabber
Lab
Page
42
Repeat
the
Step
3
and
4
above
and
create
another
room
with
name
“Bootcamp
Corp.
Public”
as
describe
in
the
screenshot,
but
this
time
leave
the
“Only
members
can
enter
the
room”
unchecked:
Specify
a
subject
for
the
new
room,
bookmark
it
and
hit
refresh
on
the
room
list
in
Jabber.
The
new
public
room
should
be
available
to
Join
now:
Now
you
are
ready
to
play
a
little
with
the
new
capabilities.
For
example
use
MomentIM
to
add
Bob
to
the
“Human
Resources”
closed
group:
Bob will now receive a notification about his new membership in the Human Resources room:
If
you
check
the
list
of
available
rooms
or
Bob’s
rooms,
you
will
now
find
the
membership
granted
and
Bob
able
to
enter
the
chat
room:
Feel
free
to
create
more
rooms,
leave
chats
and
also
test
the
option
to
define
personal
filters.
In
all
cases,
please
be
aware
that
this
is
still
a
non-‐FCS
build
that
might
not
work
100%
as
expected.
If
you
would
like
to
modify
settings
of
an
already
existing
room,
or
potentially
delete
a
room
permanently,
you
can
do
so
by
entering
the
room
in
the
MomentIM
client
–
>
Right
Click
in
the
chat
-‐>
Admin
and
either
select
“Configure
Conference
Room”
or
“Destroy
Conference
Room”.
Note: Please be aware that the “Destroy” can NOT be reverted.
Please
note
that
in
case
you
did
not
assign
a
bookmark
to
the
rooms
you
created
with
MomentIM,
you
will
need
to
select
the
following
option
to
show
them
again:
At
this
point
you
will
get
this
page
with
the
Room
list:
6.1 Introduction
Cisco
Expressway
is
the
solution
to
provide
Mobile
Remote
Access
(MRA)
to
Jabber
Clients
and
Video
Endpoints.
In
this
chapter
you
will
review
the
overall
architecture
of
the
Cisco
Expressway
Solution
and
deploy
it
for
use
with
a
Cisco
Jabber
for
Windows
9.7
client
machine
in
your
pod.
Cisco
Expressway
is
based
on
the
existing
Cisco
Telepresence
Video
Communication
Server
(VCS).
Both
products
share
the
same
codebase.
The
installed
option
keys
(licenses)
decide
in
which
mode
the
code
operates.
A
Cisco
Expressway
solution
consists
of
two
entities:
Expressway-‐C
and
Expressway-‐E.
Expressway-‐C
is
deployed
inside
the
enterprise
network
and
is
a
SIP-‐Proxy
and
a
communications
gateway
for
Cisco
Unified
CM.
Expressway-‐C
is
configured
with
a
traversal
client
zone
to
communicate
with
the
Expressway-‐E
to
allow
inbound
and
outbound
calls
to
traverse
the
NAT
device.
Both
components
can
be
deployed
in
a
cluster
for
redundancy
and
scalability.
Customers
can
deploy
multiple
expressway
solutions
at
different
Internet
access
points.
Geo-‐DNS
can
be
deployed
to
serve
clients
the
closest
entry
point
into
the
corporate
network
(i.e.
users
in
the
continental
United
States
will
use
an
expressway
deployed
at
an
Internet
DMZ
in
their
territory
where
European
or
APJC
users
will
have
their
respective
expressway
deployments
in
their
theater.
Expressway-‐E
is
deployed
in
the
DMZ.
Also
a
SIP-‐Proxy
it
is
configured
with
a
traversal
server
zone
to
receive
communication
from
the
Expressway-‐C
in
order
to
allow
inbound
and
outbound
calls
to
traverse
the
NAT
device.
Expressway-‐E
has
a
public
network
domain
name.
For
example,
in
this
lab
setup
the
Expressway-‐E
is
configured
with
two
network
interfaces
(this
requires
a
separate
option
key
to
be
installed
on
the
Expressway-‐E
system.
One
network
interfaces
is
connected
to
the
internal
DMZ
network
and
one
is
connected
to
the
Internet
facing
external
DMZ
network).
The
external
facing
network
interface
has
an
externally
resolvable
name
of
expressway-‐e.bootcamp.com
(which
resolves
to
the
IP
address
of
A.B.C.D
by
the
external/public
DNS
servers.
http://software.cisco.com/download/release.html?mdfid=283733603&softwareid=280886992&release=X8.
1&relind=AVAILABLE&rellifecycle=&reltype=latest
Please
note
that
the
section
6.2.1.
is
already
PRECONFIGURED
for
you.
Starting
section
6.2.2
you
will
start
the
configuration.
(Note: in this setup the internal DNS server is co-‐located with the Active Directory service)
Expressway
relies
on
certificates
for
several
security
related
features
and
functionalities.
Ensure
that
all
expressway
systems
are
synchronized
to
a
reliable
time
source.
To
configure
the
required
NTP
parameters
navigate
to:
Depending
on
specific
requirements
the
default
public
NTP
servers
can
be
utilized.
Alternatively
a
NTP
time
source
in
the
enterprise
network
can
be
used.
Turn “Mobile and remote access” to ON and hit save.
You
must
configure
the
domains
for
which
registration,
call
control,
provisioning
messaging
and
presence
services
are
to
be
routed
to
Unified
CM.
Navigate
to:
Cisco
Jabber
Lab
Page
53
Enter
the
parameters
as
shown
on
the
screenshot
above:
SIP registration: ON
IM and Presence: ON
In
a
hybrid
deployment
where
IM&P
services
are
provided
by
Cisco
Webex
Messenger
as
a
cloud
service
IM
and
Presence
setting
on
this
configuration
screen
needs
to
be
left
in
the
OFF
position.
Also
note
that
the
Jabber
Guest
feature
is
a
technical
preview
in
X8.1.
It
is
not
supported
to
enable
Jabber
Guest
in
conjunction
with
providing
SIP
registration
and
IM&P
services
on
Unified
CM.
To
provide
provisioning,
SIP
registration
and
IM&P
services
Expressway
needs
to
be
aware
of
the
deployed
topology
of
servers.
On
the
Expressway-‐C
the
administrator
needs
to
enter
the
necessary
connection
parameters
and
credentials.
Note
that
the
IM&P
server
configuration
is
not
required
when
in
a
hybrid
(Cisco
Webex
Messenger)
deployment.
Username: cucmadmin
Password: C1sc0,123
Username: cucmadmin
Password: C1sc0,123
The same comments apply as outlined in the previous section for configuring IM&P servers.
Expressway-‐C
automatically
generates
non-‐configurable
zones
between
itself
and
each
discovered
Unified
CM
node.
A
TCP
zone
is
always
created,
and
a
TLS
zone
is
created
also
if
the
Unified
CM
node
is
configured
with
Cluster
Security
Mode
=
Mixed
Mode.
Each
zone
is
created
with
a
name
in
the
format
‘CEtcp-‐<node-‐
name>’
or
‘CEtls-‐<node-‐name>’.
A
non-‐configurable
search
rules,
following
the
same
naming
convention,
is
created
automatically
for
each
zone.
Section
6.2.3
has
been
PRECONFIGURED,
please
double-‐check
what
we
have
done
and
move
on
to
6.2.4
Please refer to the previous chapter for configuring DNS and NTP on Expressway-‐E
As
outlined
in
the
introduction
this
setup
utilizes
the
dual
network
option
on
Expressway-‐E.
Utilizing
dual
network
interfaces
on
Expressway-‐E
requires
extra
steps
to
ensure
that
IP
connectivity
towards
the
public
Internet
and
the
internal
enterprise
network
is
correctly
routed
out
the
respective
interfaces
and
to
the
correct
next
hop
addresses.
For
configuration
of
network
parameters
navigate
to:
Expressway-‐E
can
be
deployed
behind
a
static
NAT.
With
the
emphasis
on
static
as
dynamic
NAT
configuration
are
not
supported.
When
deploying
behind
a
NAT
device
(i.e.
Firewall)
NAT
mode
must
be
set
to
ON
and
the
publicly
visible
address
that
is
used
by
expressway-‐e
must
be
configured.
With
this
configuration
in
place
the
Expressway-‐E
would
be
able
to
reach
the
Internet
via
the
default
gateway
configured.
For
the
dual
network
option
Expressway-‐E
has
to
be
configured
with
a
static
route
to
reach
the
internal
enterprise
network
via
the
LAN
1
internal
interface.
This
needs
to
be
done
from
the
Expressway
CLI
either
on
the
VM
console
or
by
SSH
login.
Similar to Expressway-‐C, Expressway-‐E has to be configured for Unified Communications. Navigate to:
On the Unified Communications configuration page, set Mobile and remote access to ON.
A
secure
traversal
zone
connection
must
be
configured
between
the
Expressway-‐C
and
Expressway-‐E,
but
before
doing
it
we
need
to
create
a
local
user
to
authenticate
the
traversal
connection.
When
Expressway-‐C
(traversal
client)
establishes
the
connection
to
Expressway-‐E
(traversal
server)
a
userID
and
password
is
exchanged
for
authentication.
On
Expressway-‐C
these
info
will
be
entered
in
the
traversal
zone
configuration.
On
Expressway-‐E
the
credentials
must
be
configured
in
the
local
authentication
database.
To
do
it
logon
on
the
Expressway-‐E
box
and
go
to
the
menu
Configuration
–
Authentication
–
Local
Database:
At this point you can create a new local user with the following credential:
• Userid:
traversal-‐admin
• Password:
C1sc0,123
The
screen
shots
below
show
on
the
left
hand
side
the
configuration
on
Expressway-‐C
and
on
the
right
hand
side
shows
the
configuration
on
Expressway-‐E:
Expressway-‐C Expressway-‐E
Go to the menu Status – Unified Communications on both device (C & E):
6.3.3 Configuring
Service
Discovery
on
the
external
(public
Internet
facing
DNS)
For
MRA
and
automatic
service
discovery,
aka
switching
Jabber
between
internal
network
and
external
network
mode,
it
is
required
to
deploy
DNS
SRV
records
in
the
internal
and
external
DNS
infrastructure.
In
the
previous
chapter
the
internal
DNS
SRV
records
have
already
been
deployed.
This
chapter
will
explain
how
the
external
DNS
server
needs
to
be
setup.
It
is
a
mandatory
requirement
that
Jabber
clients
connected
outside
the
corporate
network
are
not
capable
to
resolve
the
internal
_cisco-‐uds._tcp.<domain>
SRV
record.
The
lab
topology
provides
a
DNS
record
located
on
the
“Public
Internet”.
To
configure
the
required
DNS
SRV
records
please
RDP
to
the
internal
AD/DNS
server.
On
the
Windows
Desktop
is
a
shortcut
on
the
Windows
DNS
Management
Console.
For
ease
of
configuration
the
management
console
has
the
internal
DNS
(AD
Server)
and
the
external
DNS
registered.
As
shown
on
the
screen
shot
the
DNS
A-‐record
for
expressway
has
already
been
configured
for
you
(when
using
NAT
this
A-‐
record
has
to
point
to
the
IP
address
that
is
visible
on
the
Internet!)
Right
click
on
the
domain
bootcamp.com
show
underneath
the
external-‐dns
in
the
Forward
Lookup
Zone
folder.
Scroll down the and select “Service Location (SRV)” then create record
Service: _collab-‐edge
Protocol: _tls
To
verify
that
the
external
DNS
server
does
correctly
answer
queries
for
the
create
SRV
record
we
use
the
nslookup
tool.
It
is
important
to
understand
that
nslookup
by
default
would
query
the
DNS
server
configured
on
the
local
machine
(since
we
are
RDPed
into
the
AD
server
it
would
query
the
internal
DNS
server).
To
change
this
behavior
we
need
to
start
nslookup
with
an
additional
parameter
to
point
the
queries
to
the
external
DNS
server.
Nslookup
will
start
and
shows
the
address
of
the
server
that
queries
are
send
to
as
172.16.100.253
(the
external
DNS).
Issued the command: set type=SRV (we are only interested in SRV records)
Type _collab-‐edge._tls.bootcamp.com
The DNS server should respond with SRV and the parameters configured before.
Result: expressway-‐e.bootcamp.com internet address= 172.16.100.80 (the publicly visible NATed address)
6.4 Testing
the
Mobile
Remote
Access
(MRA)
capability
on
Jabber
9.7
In
the
provided
lab
setup
PC1
(user
Alice
Adams)
is
configured
with
2
network
interfaces.
One
allows
Jabber
to
run
within
the
enterprise
network.
The
second
interface
simulates
Jabber
connected
via
the
“Internet”
and
using
Expressway-‐E
and
–C
for
MRA.
In
previous
exercises
the
internal
network
connection
was
used.
With
Expressway
MRA
full
configured
the
Jabber
client
can
now
be
moved
to
the
“Internet”.
On
PC1
bottom
right
of
the
desktop
right
click
on
the
network
card
interface
and
select
“Open
Network
and
Sharing
Center”
From the Network and Sharing Center dialog select from the left “Change adapter settings”
A
word
of
caution
–
in
the
next
step
we
will
disable
and
enable
network
adapters
to
move
the
machine
from
the
internal
network
to
the
“Internet”.
You
will
see
3
adapters
–
the
reason
is
since
we
are
enabling
and
disabling
the
adapters
that
Jabber
uses
to
communicate
there
is
a
3rd
adapter
clearly
marked
today
for
you
with
the
name
RDP.
This
3rd
adapter
is
your
RDP
interface
through
which
the
remote
desktop
connection
is
running.
Over
millennia
not
only
lumberjacks
have
learned
–
many
times
the
hard
way
-‐
how
bad
an
idea
it
is
to
saw
off
a
tree
branch
one
is
sitting
on!
;-‐)
With
that
said
PLEASE
DO
NOT
DISABLE
THE
RDP
INTERFACE!!!
To move PC1 into MRA mode – right click on the adapter named “Internal Network” and select disable
Next enable the “Internet” by right click on the adapter named “Public Internet” and select enable
If
you
have
kept
Jabber
running
while
you
were
switching
the
network
interfaces
you
should
see
the
client
reregister
after
a
moment
–
congratulations!
you
are
now
working
via
Expressway
;-‐)
You
can
see
further
details
about
remote
clients
registered
via
Expressway
by
logging
into
the
Expressway-‐E
admin
interface
and
navigate
to:
Now
you
can
IM
between
Bob
on
the
internal
network
and
Alice
on
the
external
network.
Escalate
from
IM
session
and
start
a
call.
This
will
create
a
video
call
between
Alice
and
Bob
via
the
Expressway
infrastructure.
Leave
the
call
running
and
look
at
the
information
in
the
Expressway-‐E
admin
interface.
Navigate
to:
Select the active call from the list, you can further drill down into call details and media information
Before
doing
any
test
on
the
photo
lookup
when
the
client
is
connected
via
MRA
we
need
to
clean
the
local
Photo
cache
on
Alice’s
PC
by
opening
the
related
folder
and
deleting
all
the
pictures
contained
there.
• At
this
point
you
can
logon
again
on
Jabber,
search
for
Bob
and
display
his
profile.
The
result
should
be
like
the
one
reported
below
on
the
left,
compared
with
the
profile
on
the
right,
which
you
get
if
the
client
is
connected
inside
the
company
(using
therefore
EDI):
In
the
next
chapter
we
will
see
how
to
resolve
this
issue,
changing
the
default
configuration
for
Photo
Lookup.
6.5 How
to
configure
Photo
Lookup
from
Outside
the
Firewall
(MRA
scenario)
The
issue
you
have
seen
before
is
due
to
the
fact
that
when
the
client
is
outside
the
Firewall
there
is
no
way
to
make
direct
query
in
AD
for
Photo
lookup,
which
is
the
default
behavior.
We
need
therefore
to
introduce
a
Web
Server
as
repository
for
the
Photo,
tell
Jabber
to
use
it
and
allow
this
new
traffic
through
the
Expressway
using
the
“HTTP
allow
list”.
Let’s
start
with
the
configuration
on
the
Expressway
solution
to
allow
the
traffic
from
the
Jabber
client
towards
the
internal
web
server
that
is
hosted
on
the
Exchange
VM
in
our
lab.
An
important
note
is
that
we
need
to
make
this
configuration
only
on
the
Expressway-‐C
box,
which
is
the
MRA
policy
controller
for
the
Inbound
Http
traffic.
Now
you
can
insert
the
information
related
to
the
internal
web
server
(exchange01-‐bc.bootcamp.com)
where
the
Photos
are
hosted
and
press
“Save”:
Last
step
is
to
give
instruction
to
the
Jabber
client
to
retrieve
the
photos
from
the
web
server
when
it
is
in
UDS
mode
(UDS
is
the
automatic
behavior
when
the
client
is
connected
from
outside
through
Expressway).
We
need
to
use
also
in
this
case
an
XML
config
file.
On
the
client
machines
Win7
PC01
(aadams)
and
Win7
PC02
(bbanks)
a
second
jabber-‐config.xml
file,
which
include
all
the
items
needed
(Alphanumeric
URI
Dialing,
Persistent
Chat
and
photo
in
UDS
mode)
has
been
prepared
for
you.
All
Jabber
clients
in
this
setup
are
utilizing
the
same
configuration;
therefore
uploading
the
default
Jabber-‐Config.XML
to
the
Cisco
UCM
Tftp-‐Server
will
allow
all
clients
to
access
the
configuration.
Please
verify
the
correct
format
of
the
Jabber-‐Config.XML
file
by
opening
the
file
stored
in
the
following
path:
This should display the properly XML formatted configuration in a browser window.
Every change to any file stored on the TFTP Server needs a restart of the TFTP service to take effect.
If
you
now
go
to
Alice’s
PC
and
try
to
force
a
picture
refresh
viewing
the
Bob
Bank’s
profile
you
will
see
that
a
“Special”
photo
is
retrieved
from
the
web
server
inside
the
company.
Please
note
that
to
differentiate
the
UDS
behavior
from
the
default
EDI
behavior
we
decided
to
force
the
lookup
toward
a
different
picture
set
for
the
same
user……☺:
7.1 Introduction
In
this
module
the
student
will
focus
on
the
tasks
needed
to
configure
Intra-‐domain
federation
between
Jabber
and
Lync
2010
environments.
The
Lync
2010
setup
we
have
in
this
lab
is
quite
simple
being
based
on
a
single
Front
End
Server
(Standard
Edition)
but
is
able
to
provide
all
the
capabilities
needed
to
test
this
scenario.
Implementing
the
same
scenario
in
a
more
complex
Lync
Environment
will
need
further
steps
to
take
into
account
the
multiple
servers
included
in
the
Lync
Pool
(equivalent
to
our
“CUCM
cluster”)
and
the
Load
Balancer
in
front
of
them,
but
will
not
change
anything
of
the
pre-‐requisite
steps,
the
concepts
related
to
route
IM/Presence
between
the
two
environments
and
the
tasks
needed
to
migrate
users
from
Lync
to
Jabber.
The
high
level
steps
needed
are:
• Assign
and/or
verify
Certificate
to
Cisco
IM/Presence
nodes
• Change
the
default
ports
assigned
to
the
Application
Listeners
on
Cisco
IM/Presence
node
• Enable
Intra-‐domain
federation
on
cisco
IM/Presence
cluster
• Configure
Cisco
IM/Presence
nodes
to
trust
Lync
servers
• Setup
Routing
rules
from
Cisco
IM/Presence
nodes
towards
Lync
Front
End
nodes
• Assign
and/or
verify
Certificate
to
Microsoft
Lync
Front
End
nodes
• Enable
Federal
Information
Processing
Standard
Compliance
on
Lync
(please
see
important
note
later
in
the
chapter
regarding
this
step)
• Configure
Microsoft
Lync
Front
End
nodes
to
trust
Cisco
IM/Presence
servers
• Setup
Routing
rules
from
Lync
Front
End
nodes
towards
Cisco
IM/Presence
nodes
• Verify
that
the
needed
specific
AD
attributes
(Presence
URI
address)
are
correctly
populated
• Logout
and
Login
from
all
clients
• Test
the
interoperability
scenario
adding
to
the
buddy
list
users
that
are
registered
to
the
“other”
system
• [optional]
Migrate
users
from
Lync
to
Jabber
using
the
specific
utility
that
Cisco
released
IMPORTANT
NOTES:
• The
step
“Assign
and/or
verify
Certificate
to
Cisco
IM/Presence
nodes”
has
been
already
done
for
you
and
we
have
described
it
in
the
chapter
“CUCM
Security
configuration
in
the
appendix
manual.
• All
the
steps
needed
on
Lync
side
have
been
pre-‐configured
for
you
and
documented
in
one
chapter
in
the
appendix
manual.
This
is
due
to
the
facts
that
first
they
are
quite
time
consuming
and
we
would
have
risked
to
not
permit
you
to
arrive
at
the
end
of
all
the
exercises
and,
second,
most
of
them
are
long
PowerShell
command
to
digit
so
it
would
be
a
big
“source”
of
possible
typing
mistake….
7.2.1 Change
the
default
ports
assigned
to
the
Application
Listeners
on
Cisco
IM/Presence
node
This
step
is
mainly
a
sequence
of
parameter
changes
to
arrive
at
the
scenario
reported
here
below
where
the
services
are
allocate
to
the
right
ports
needed
for
Lync
interoperability.
We
need
this
because
the
default
association
is
not
ok
for
this
interoperability
scenario.
Here
the
steps
to
do:
• Select
Cisco
Unified
Communications
Manager
IM
and
Presence
Administration
>
System
>
Application
Listeners.
• If
they
are
not
already
displayed,
select
Find
to
display
all
application
listeners.
• Select
Default
Cisco
SIP
Proxy
TLS
Listener
–
Server
Auth.
• Change
the
Port
value
to
5063.
• Select
Save
and
select
OK
on
the
popup
window
that
appears.
• From
the
Related
Links
drop-‐down
list,
select
Back
to
Find/List
and
select
OK
to
return
to
the
Application
Listeners
list.
• Select
Default
Cisco
SIP
Proxy
TLS
Listener
–
Peer
Auth.
• Change
the
Port
value
to
5061.
• Select
Save
and
select
OK
on
the
popup
window
that
appears.
• From
the
Related
Links
drop-‐down
list,
select
Back
to
Find/List
and
select
OK
to
return
to
the
Application
Listeners
list.
• Select
Default
Cisco
SIP
Proxy
TLS
Listener
–
Server
Auth.
• Change
the
Port
value
from
5063
to
5062.
• Select
Save.
Note:
Officially
we
should
restart
the
SIP
Proxy
service
on
all
IM
and
Presence
nodes
in
the
cluster
at
this
point,
but
to
reduce
the
amount
of
time
needed
to
configure
the
full
federation
story
we
will
do
it
one
time
at
the
end
of
the
chapter.
You
can
see
the
final
result
Selecting
again
Cisco
Unified
Communications
Manager
IM
and
Presence
Administration
>
System
>
Application
Listeners:
Now
we
need
to
repeat
the
same
action
for
the
outgoing
ACL:
Go
to
System
!
Security
-‐>
Outgoing
ACL
and
add
the
following
two
entries
(one
for
the
Hostname
and
one
for
the
IP
address),
related
to
the
Lync
Front
End
server:
• Description
“Lync
FE
IP
Address”
-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
Address
Pattern
“10.52.226.82”
• Description
“Lync
FE
FQDN”
-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
Address
Pattern
“lync01-‐bc.bootcamp.com”
Now
we
need
to
config
the
TLS
“trust”
to
specify
the
certificate
entries
that
the
Presence
server
will
accept
as
valid.
Please
go
to
System
!
Security
-‐>
TLS
Peer
Subject
and
add
the
following
entry:
Peer
Subject
name
“lync01-‐bc.bootcamp.com”
-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐
Description
“Lync
FE
Hostname”
NOTE:
if
you
copy
the
string
from
the
PDF
please
pay
attention
that
all
the
characters
are
copied
without
errors….
Select
the
different
options
as
reported
below
to
associate
the
policy
to
the
TLS
peer
subject
we
just
created
and
then
press
save:
NOTE:
Please
flag
the
“Disable
Empty
String”
option
are
reported
below
Restart
the
SIP
Proxy
service
on
all
IM
and
Presence
nodes
in
the
cluster.
To
restart
the
SIP
Proxy
service,
Select
Cisco
Unified
IM
and
Presence
Serviceability
>
Tools
>
Control
Center
–
Feature
Services,
for
both
servers,
as
reported
here:
Note
-‐
Due
to
a
CUCM
defect
in
the
Pre-‐FCS
version
used
in
this
lab
it
could
happen
that
you
will
see
the
following
“strange”
alert
message…please
ignore
it!
8.1 Introduction
In
this
module
the
student
will
focus
on
the
tasks
needed
to
configure
a
SIP
trunk
for
audio
between
Cisco
Jabber
and
Microsoft
Lync
2010.
High
Level
Configuration
Steps
• CUCM
Configuration:
Configure
CUCM
to
forward
voice
traffic
to
Lync
Server
via
the
Expressway
• Expressway
Configuration:
Configure
Expressway
Lync
Gateway
to
route
traffic
(1)
From
CUCM
to
Lync
Server,
(2)
From
Lync
Server
to
CUCM
• Lync
Configuration:
Configure
Lync
Server
to
forward
voice
traffic
to
CUCM
via
the
Expressway
Lync
Gateway
IMPORTANT
NOTES:
All
steps
needed
on
Lync
side
have
been
pre-‐configured
for
you
and
documented
in
one
chapter
in
the
appendix
This
is
due
to
the
facts
that
first
they
are
quite
time
consuming
and
we
would
have
risked
to
not
permit
you
to
arrive
at
the
end
of
all
the
exercises
and,
second,
most
of
them
are
long
PowerShell
command
to
digit
so
it
would
be
a
big
“source”
of
possible
typing
mistake.
As
described
in
the
official
MRA
Deployment
Guide
we
need
to
change
the
default
port
used
by
the
CUCM
to
accept
Sip
trunk
from
other
entity.
This
is
due
to
the
fact
that
we
have
already
a
“connection”
to
the
Expressway
box
used
for
Remote
Device
registration
using
the
default
port
5060.
The
two
type
of
traffic
(line
side
registration
and
trunking)
would
overlap
and
create
conflicts,
so
we
will
change
the
port
of
the
sip
trunk
from
the
default
5060
to
5090.
Here
we
need
to
create
a
new
Sip
Profile
with
the
option
enabled
to
send
full
Alpha
Numeric
URI,
including
the
domain
portion,
toward
Lync.
This
is
important
otherwise
we
will
send
to
Lync
something
that
is
not
“meaningful”
for
it…..
• Press “Save”
Cisco
Jabber
Lab
Page
97
Just as side note, to enable the Lync interoperability we added two items to the Expressway-‐C box:
Click
“New”
and
insert
the
information
reported
below.
Please
note
that
there
is
now
a
specific
Zone
Profile
for
CUCM
that
you
can
select
(Cisco
Unified
Communication
Manager
8.6.1
or
later)
and
it
is
quite
useful
because
it
will
automatically
set
all
the
parameters
needed
by
CUCM
for
a
correct
interop.
Note
1:
Pay
attention
to
insert
correctly
the
value
for
the
parameter
“Peer
1
Address”
that
is
“cucm01-‐
bc.bootcamp.com”.
Note
2:
You
cannot
see
correctly
the
description
field
in
the
screen
shot
below–
you
can
use
whatever
you
want
but
we
suggest
“cucm01-‐bc.bootcamp.com
(Trunk
to
CUCM)”
Last
step,
to
check
that
the
service
is
running
and
the
B2BUA
is
able
to
communicate
with
Lync
you
can
go
to
the
B2BUA
status
page
(Status
–
Applications
–
Lync
B2BUA)
and
you
should
see
the
page
below
with
the
two
“legs”
active.
The
first
leg
is
between
the
B2BUA
and
the
local
Expressway
SIP
service,
while
the
second
leg
is
the
one
between
the
B2BUA
and
the
Lync
Server
specified
in
the
configuration.
8.5 Additional
AD
Contacts
to
permit
calls
from
Lync
users
toward
Jabber
users
NOTE:
we
have
pre-‐configured
this
step
for
you,
so
you
will
only
need
to
check
what
we
have
done
reading
the
descriptions
below,
to
be
able
to
understand
the
behavior
that
you
will
see
later
playing
with
the
clients.
This
is
a
critical
activity
because
as
we
have
explained
before
Lync
cannot
use
the
main
URI
address
UserID@bootcamp.xxx
to
call
a
Jabber
user,
having
already
assigned
that
domain
to
the
static
route
used
for
IM/P.
We
will
use
therefore
a
dedicated
URI
address
for
A/V
routing,
with
the
format
UserID@audio.bootcamp.xxx.
We
created
a
new
contact
for
each
user
migrated
to
Jabber,
and
to
simplify
the
search
from
the
Lync
interface
we
used
a
different
Display
Name
with
a
reference
to
the
“Audio”
path
(Example
–
“Bob
Banks
(Audio)“).
In
this
way
when
a
Lync
user
will
search
for
Bob,
He
will
receive
back
two
contacts
–
one
for
the
main
IM/P
communication
and
one
for
the
A/V
sessions.
It
is
not
perfect
but
this
is
what
is
possible
today.
Below
you
can
see
a
screen
shot
of
the
Lync
client
with
the
two
items
in
the
buddy
list
for
the
user
“Bob
Banks”
Note:
We
are
working
(as
Cisco)
on
future
enhancements
on
this
topic
that
we
hope
to
be
able
to
implement
and
let
you
test
in
the
next
version
of
this
Lab!
• Calling
from
Lync
to
Jabber
users.
You
should
see
two
items
for
each
user
on
Jabber–
one
for
the
main
IM/Presence
contact
(@bootcamp.com)
and
one
for
the
Audio
call
contact
(@audio.bootcamp.com),
as
reported
below.
In
case
you
miss
one
or
both
of
them
you
can
search
for
that
user
and
after
receiving
the
two
results
you
can
add
them
to
the
buddy
list.
Clicking
on
the
Lync
native
“call”
icon
will
start
the
call,
as
reported
below:
And
this
is
what
the
Jabber
client
will
report
as
alerting
info:
9.1 Introduction
In
this
module
the
student
will
focus
on
migrating
one
of
the
Lync
user
(Cathy
Chung)
to
Jabber,
trying
to
minimize
the
user
impact
in
terms
of
buddy
list,
Presence
URI
Address,
etc..
Note:
We
will
use
this
file
later
to
run
other
commands
for
this
specific
user.
Please
also
note
that
in
this
specific
case
the
only
user
enabled
for
Lync
is
Cathy.
If
you
had
multiple
users
you
should
have
removed
from
the
file
all
of
them
except
the
one
who
you
want
to
migrate
to
Lync
in
this
moment.
The
second
file
is
related
to
the
Exported
User
List
and
is
called
“UserListxxxxxxxxxxxxxxxx.txt”.
In
this
file
you
will
see
the
list
of
all
the
users
enabled
for
Lync
with
the
associated
SIP
URI
address
(the
screen
shot
below
is
only
an
example,
the
real
list
of
users
could
be
different):
Please
remove
all
the
lines
of
the
file
leaving
only
the
one
related
to
Cathy
Chung,
who
is
the
user
we
want
to
migrate
to
Jabber
in
this
moment:
Note:
We
will
use
this
file
later
to
run
other
commands
for
this
specific
user.
Now
to
see
the
results
of
the
command
please
open
the
log
files
“DisableAccountLogxxxxxxxxxxxxxxxxxxxx”
just
created
by
the
tool
in
the
same
directory:
Lync/OCS/LCS
provides
an
administrative
way
to
delete
a
user
from
the
Lync/OCS/LCS
database.
However,
if
you
delete
a
user
from
the
database
in
this
way,
the
user
is
removed
from
other
user’s
contact
lists.
To
prevent
the
user
being
removed
from
the
contact
lists
of
other
Microsoft
Lync
or
Microsoft
Office
Communicator
users,
Cisco
provides
an
alternative
means
of
deleting
the
user
from
the
Lync/OCS/LCS
database.
This
alternative
tool
(DeleteAccount.exe)
allows
you
to
delete
migrating
users
so
that
presence
requests
for
these
users
are
later
routed
to
IM
and
Presence.
This
tool
also
ensures
that
the
deleted
users
are
not
removed
from
the
contact
list
of
any
users
that
remain
on
Lync/OCS/LCS.
Running
the
Delete
Account
tool
is
the
second
step
in
a
two-‐step
process
to
disable
a
migrating
user
on
Lync/OCS/LCS.
The
two-‐step
process
is
as
follows:
1. Disable
Lync/OCS/LCS
account
for
migrating
user.
2. Delete
Lync/OCS/LCS
user
data
for
migrating
user.
In
our
environment
run
the
following
command
with
the
options
reported
below,
pointing
to
the
main
Lync
RTC
Database
(please
note
that
the
name
of
the
input
file
with
the
list
of
users
to
disable
is
again
the
output
from
the
previous
step):
DeleteAccount.exe
-‐s/LYNC01-‐BC\RTC
-‐f/UserLisxxxxxxxxxxxxxxxxx.txt
-‐l/info
Repeat
the
same
command
for
another
Lync
Database
(RTClocal):
DeleteAccount.exe
-‐s/LYNCFE01-‐BC\RTClocal
-‐f/UserListxxxxxxxxxxxxxxxxxxx.txt
-‐l/info
After
both
steps
you
can
check
the
related
log
file
to
see
the
status
of
the
update
just
made:
At
this
point
the
user
has
been
completely
disabled
and
removed
from
Lync
but,
very
important
to
highlight,
all
the
other
Lync
clients
still
have
his
reference
in
their
buddy
list
so
there
will
be
no
impact
for
them
when
the
same
user
will
start
to
use
Jabber.
The
next
step
would
be
to
enable
Cathy
for
Jabber
but
before
doing
it
we
need
to
create
the
line
and
the
CSF
device
that
will
be
used
by
Cathy
to
register
on
CUCM
and
have
a
full
UC
client
active.
We
need
to
do
it
now
because
we
excluded
Cathy
from
the
automatic
provisioning
process
at
the
beginning,
otherwise
we
would
not
be
able
to
call
her
from
Jabber
while
She
was
still
on
Lync.
In
fact
the
CUCM
would
have
found
Cathy’s
URI
address
defined
locally,
stopping
any
additional
routing
steps.
To
create
the
CSF
device
we
will
follow
the
same
steps
done
for
the
other
two
Jabber
Users
(Quick
User/Phone
Add
menu):
8) Navigate to User Management > User/Phone Add > Quick User/Phone Add
9) Find
and
Select
the
user
Cathy
Chung
from
the
list
of
available
users
10) In
the
Quick
User/Phone
Add
dialog
the
parameters
are
pre-‐configured
based
on
the
templates
configured
earlier
for
the
directory
synchronization.
11) Select
the
line
you
just
created
as
Extension
Number
(+39028789728),
to
associate
the
line
with
Cathy.
12) Now,
Select
Manage
Devices
13) From the Manage Devices dialog select Add New Phone
9.8 Import
contact
lists
for
migrating
users
into
IM
and
Presence
You
can
use
two
options
to
import
Lync/OCS/LCS
contacts
into
Jabber:
• Use
the
IM
and
Presence
Bulk
Assignment
Tool
(BAT)
to
import
the
buddy
lists
exported
with
the
“migration
tools”
explained
in
the
previous
chapters
• Use
a
new
capability
available
with
Jabber
9.6
called
“local
import”.
The
idea
is
that
you
can
create
an
XML
file
formatted
in
a
pre-‐defined
way
and
then
with
an
end
user
option
you
can
open
it
with
Jabber
and
import
the
contacts
contained
in
it.
9.9 Logon
on
Jabber
and
test
the
result
of
the
migration
We
can
now
logon
on
PC
2
changing
the
default
user
from
Bob
Banks
to
Cathy
Chung,
launch
Jabber
and
start
using
it.
Logon
via
RDP
to
the
PC2
with
the
user
“Cathy
Chung”,
go
on
the
desktop
and
launch
Jabber.
When
prompted
to
do
it
please
insert
the
logon
credential
for
Cathy
–
first
the
email
address
(cchung@bootcamp.com)
and
the
userid/password
(cchung/cisco,123).
Leave
the
server
selection
to
automatic,
in
this
way
the
client
will
use
the
new
service
discovery
mechanism
that
we
configured
before:
When
the
client
completes
the
logon
process,
you
should
see
an
empty
buddy
list
structure.
To
import
a
buddy
list
example
(could
be
the
same
you
had
in
Lync
if
you
need…)
please
use
the
following
option
in
the
Jabber
menu:
Once
clicked
on
it
you
can
select
the
xml
file
called
“Contatti.xml”
available
in
the
folder
“Lab_Material\Jabber-‐Contacts-‐Import”
on
PC2’s
desktop.
At
this
point
you
should
see
the
buddy
list
structure
populated
with
several
users.
You
can
then
start
playing
with
the
Jabber
client
and
see
how
it
interacts
with
other
users
already
on
Jabber
(Alice
&
bob).