Professional Documents
Culture Documents
Brkcol 2101
Brkcol 2101
• Simplified Sizing
• Key Takeaways and Q&A
What is “Preferred
Architecture”?
Collaboration Preferred Architecture Strategy
• Preferred Architecture provides prescriptive design guidance that simplifies
and drives design consistency for Cisco Collaboration deployments
• The Preferred Architecture is divided into five sub-systems
o Makes the overall architecture easier to understand
o Allows products to be categorised based on function
Sub-Systems:
Bandwidth Edge
Call Control Conferencing Applications
Management Services
Endpoints
Collaboration Solutions Design Guidance
Available at www.cisco.com/go/ucsrnd
Preferred Architecture Solution Reference Cisco Validated
Overview Network Design (SRND) Design (CVD)
CUBE Cisco
WebEx
Unity Connection
Prime Licensing
Manager Applications
DMZ Mobile/Teleworker
Unified
Instant Message Communications Expressway-C
and Presence Manager
Internet
MPLS WAN
Remote Site
Conferencing Collab Edge
Endpoints
Call Control – Cisco Unified Communications Manager
The Heart of Cisco Collaboration
Design Objectives
• Centralised Call Processing
• Centralised IM&P Services
• Consolidated Endpoint
Registration
Voice Video
MoH Pair
Publisher Subscriber • Single MoH
Primary Secondary Sub-Cluster #3 Subscriber Pair
…
Subscriber Pair #8
Up to Publisher Subscriber
21 Nodes Primary Secondary Up to 6 Nodes
Dial Plan
What is a Dial Plan About?
Design Objectives
• Endpoint Addressing
• Dialing Habits
• Call Routing
• Directory Integration
Directory
• Class of Services (CoS) - Restrictions
Mobile
Restrictions
Endpoint Addressing
Design Objectives
Publisher • Use fully qualified E.164
DN: +61 2 6216 0600 Number with leading “+”
TFTP Pair Subscriber Pair #1 as Directory Numbers
(DN)
Primary Secondary
• Provision up to five (5)
DN: +61 7 3238 1111 Subscriber Pair #2
SIP URI: tracy@company.com.au MoH Pair alphanumeric SIP URIs
as aliases to primary DN
Primary Secondary
CUCM Cluster
Route Patterns
User Dials 1XXX
“1200”
12XX
(SIP) Route
Pattern
Route List
Route Route
Group 1 Group 2
Trunks or Gateways within the Route
Top down or Top down or Group are selected based on a top
circular circular down or circular rotation
PSTN PSTN
SIP Trunk SIP Trunk
Gateway Gateway
Directory Integration
Design Objectives
• Integrate into organisation's corporate LDAP directory to enable:
o User Provisioning
o User Authentication
o SIP URI
Directory Integration – User Synchronisation
Class of Service (CoS)
Design Objectives
• Classes of Service (CoS)
are used to control access
to “Services”
• Minimise number of
differentiated Classes of
Service (CoS)
• Define CoS in CUCM
using:
o Partitions
o Calling Search Spaces
(CSS)
SIP Trunking
SIP Trunks – Why are they important ?
Unity
Connection
CUBE
Collab Edge
Conferencing
SIP TDM
SIP Trunk Recommendations
Design Objectives
• Minimise number of SIP profiles
o Consider default profiles first
o Provision SIP profile per group of
equivalent trunks
• Recommended SIP profile
settings:
o Set “Use Fully Qualified Domain
Name in SIP Requests” on all
trunks
o Enable “SIP OPTIONS Ping” for
real-time status monitoring
o Enable “Best Effort” Early Offer
Support
Use of FQDN in SIP Requests – Example
10.10.10.1 10.10.10.2
Cloud Services
B2B
QoS- 1. Mobile, Software-Based
Endpoints
capable 2. Unmanaged networks
B2C
Managed
WAN Internet
MPLS DMVPN
VPN
P5 P5
P1 P3 P1
P2 P4 P2 P4
... ... ... ...
Encoder Decoder
?
OOS (P4) ACK LTRF1
Encoder Decoder
LTRF 0111010001
1000011001
R1 FEC
Repair-P R1 0001100
1001000100
0011001011
1011110
FEC
1110010101
R2
• Build a Self-Regulating
• Consolidate mechanisms to • Use Media Resilience to
system supporting supporting
identify and classify reduce impact of packet loss
“Opportunistic Video”
collaboration media • Apply Rate Adaptation to
• Use Call Admission Control
• Simplify policies for Queuing reduce network congestion
(CAC) as last option
and Scheduling
Bandwidth Management – “Smart” Media Techniques
Media Adaptation and Resilience Implementation (MARI)
Goals Mechanisms
CUBE Cisco
WebEx
MPLS WAN
Remote Site
Conferencing Collab Edge
Endpoints
Conferencing – Design Objectives
Flexible Architectures to support various conference types such as:
Ad-hoc (Instant), Rendezvous (Permanent) and Scheduled
8-core MM410v
Rack-Mount MM310
1 to 24 ports at 720p
1 to 48 ports at 720p per cluster
1 to 20 ports at 720p
Note: For simplicity, only capacity for 720p is shown. TS is capable of many other resolutions and frame rates with differing limits on capacity.
All numbers represent remotely managed mode (Conductor required) capability. See release notes for further detail.
Telepresence Server Multistream – User Experience
Dual Screen Systems
• Provides “People +
People” Experience
Single Screen System
• Supports “Active Without Multistream
Presence” Experience Without Multistream
With Multistream
With Multistream
TelePresence Conductor – What is it used for ?
• Conference Virtualisation
• Resource management for greater scale
• Intelligent bridge selection and Automatic Cascading for large conferences
• Centralised Conference provisioning and administration
Shared
multipoint
resources
Added Conductor
Individual
SIP trunk in UCM configuration
bridges
TelePresence Management Suite (TMS)
• TMS in active/passive
mode
Network Load • External SQL Server used
Balancer
Scheduling Single virtual by both TMS nodes
request IP address
Exchange Active
Servers SQL Directory address for • TMSPE is co-resident with
management
TMS
• TMSXE must be deployed
separately
TMSXE TMS/TMSPE
Passive Nodes
TelePresence Multiparty Licensing Overview
• Conductor centrally manages licenses for all
TelePresence Servers (TS)
TelePresence Conductor o Screen Licenses no longer required on individual TelePresence
Servers
TMS/PE
• Two types of multiparty licenses are supported:
o Personal Multiparty (PMP)
All Multiparty Licenses o Shared Multiparty (SMP) – Can be used for Room-Based
Systems or Sharing amongst users
TelePresence
Endpoint creates TelePresence
Unified CM initiates Unified CM routes Conductor routes
an instant Conductor creates
an instant the call(s) to the call(s) to the
conference the conference on
conference on TelePresence TelePresence
requesting to join a TelePresence
Conductor Conductor Server hosting the
three participants Server
relevant conference
Other
Participants
Service Preference on
Conductor for this
template
PMP or SMP
Expressway-C Expressway-E
• Require a certificate signed
Internet by a trusted Root Certificate
Conductor
Authority on Expressway-E
• Supports WebEx, PSTN or
Cisco TMS
TSP audio options
• Supports Scheduled or
TelePresence
Server Pool Non-Scheduled
Conferences
SIP Media+Content HTTP(s)
Spark & WebEx Conferencing TP Server (Multiparty Licensing) Acano + CUWL (Optional)
Collaboration Edge
Headquarters
Prime Collaboration TelePresence
Deployment Management Suite Expressway-E
CUBE Cisco
WebEx
Unity Connection
Prime Licensing
Manager Applications
DMZ Mobile/Teleworker
Unified
Instant Message Communications Expressway-C
and Presence Manager
Internet
MPLS WAN
Remote Site
Conferencing Collab Edge
Endpoints
Cisco Collaboration Edge Architecture Components
• Cisco Expressway
Expressway-E
o Business-to-Business (B2B)
o Mobile and Remote Access
Cisco
(MRA) WebEx
CUBE
o External IM&P Federation
(XMPP)
DMZ Mobile/Teleworker
• Gateways
Expressway-C Internet
o SIP-based PSTN Connectivity –
Cisco Unified Border Element
(CUBE) Integrated/Aggregated Third-Party Solution
Services Router PSTN
o TDM-Based PSTN Connectivity
– Integrated Services Router Integrated
Services Router
(ISR) ISDN Video Gateway
Unified Internet
CM
Expressway-C Firewall Expressway-E Firewall
Signaling
Media
1. Expressway-E is the traversal server installed in DMZ. Expressway-C is the traversal client installed inside the
enterprise network.
2. Expressway-C initiates traversal connections outbound through the firewall to specific ports on Expressway-E with
secure login credentials.
3. Once the connection has been established, Expressway-C sends keep-alive packets to Expressway-E to maintain the
connection
4. When Expressway-E receives an incoming call, it issues an incoming call request to Expressway-C.
5. Expressway-C then routes the call to Unified CM to reach the called user or endpoint
6. The call is established and media traverses the firewall securely over an existing traversal connection
B2B Calls Flow Example DNS
Hierarchy
SIP-to-SIP Calls
Expressway-C
• Encryption Modes:
Expressway-E
o Force encrypted
o Force unencrypted
o Auto: Dependent on endpoint request
o Best Effort: will fall back to unencrypted if encryption is not available
• SIP: Media encryption mode can be configured
• H.323: Does not work with “forced encrypted” or “force unencrypted”
o Separate H.323 from SIP traversal zones if “force encrypted” is to be configured
* For Expressway zone type descriptions, refer to the “Zones and Neighbours” section of the Cisco Expressway Administrator Guide
B2B Call Media Encryption Example Inbound zone
Mixed Encryption Settings
Default Zone
Expressway-C Expressway-E
Not configurable
CM Neighbor Traversal Traversal Auto
Zone Client Zone Server Zone
TLS TLS TLS Outbound zone
Best Effort Force encr Force encr
DNS Zone
Not configurable
Best Effort
Internet RTP
TLS/SRTP TLS/SRTP TCP/RTP
Remote
• “Best Effort” and “Force Encrypted” will engage B2BUA on Edge
Expressway-C and Expressway-E
• Third media leg between Expressway-E and Remote Edge falls back to unencrypted
since Remote edge does not support encryption
• Lock icon shows closed only if all the call legs are encrypted with the exception of the
Remote Edge to endpoint call leg
Mobile and Remote
Access
Mobile and Remote Access (MRA) Overview
• Secure VPN-Less access for Jabber Clients and Hardware-Based Endpoints
Conferencing
MX Endpoints SX Endpoints
✗ Not Found
CUCM
Collaboration DNS SRV lookup _collab-edge._tls.example.co.nz
Services Public DNS
✓ expwyAKL.example.co.nz
CUCM IM&P
Expressway-C Expressway-E
Unity Connection
Conferencing
TLS Handshake, trusted certificate verification
HTTPS:
get_edge_config?service_name=_cisco-
uds&service_name=_cuplogin
Voice and Video
Gateways
Voice and Video Gateways Portfolio
ISR 4451-X
TelePresence ISDN
2900 Series ISR-G2 GW MSE 8321
(2901, 2911, 2921, 2951)
TelePresence
800/1861 ISR ISDN GW 3241
CUBE Cisco
WebEx
MPLS WAN
Remote Site
Conferencing Collab Edge
Endpoints
Core Applications
Key Benefits
» Cisco Unity Connection enables voicemail and unified messaging
across a wide-range of end-user platforms
.iso
.iso
.iso
•
Prime Collaboration Deployment (PCD) •
x
x
• x
• x
Core Applications – Prime Licensing Manager (PLM)
Architecture Overview
Unified CM Unity Connection
• Cisco Prime License Manager (PLM)
enables license fulfilment:
Publisher
» Electronic [requires Internet connectivity]
Publisher
OR
» Manual license file request
• Final identity check fails if host connects to an IP address, because cert subjects
(typically) are domain names
• Certificates with IP address subject alternate name not an option
• CA validation of IP addresses questionable
• Incorrect treatment of IP address SANs by some browsers
• Pros:
• Solves certificate validation problems
• Solves multi-domain problems
• Cons:
• Creates DNS dependency
• DNS becomes critical foundation service for UC
• Identification
• Cluster ID: unique cluster identification
• Service URLs: make sure that URLs refer to FQDNs
• Call Routing
• URI Lookup Policy: RFC 3261 URI case sensitivity
• set to “Case Insensitive”
• Organisation Top Level Domain (OTLD): routing of numeric SIP URIs
• set to main domain, e.g. “company.com.au”
• Cluster Fully Qualified Domain Name (CFQDN): routing of numeric SIP URIs
• space separated list of all Unified CM nodes in the cluster
• Wildcarded if all cluster members are in same domain/zone (example: *.us-
cluster.company.com.au)
Always Set CFQDN and OTLD
• DNS SRV load balancing only used for intial UDS request.
• Further UDS requests are load balanced by Jabber over all UDS nodes in
cluster learned from UDS
• Example:
_cisco-uds._tcp.company.com.au 86400 IN SRV 10 10 8443 sub1a.anz-uc.company.com.au
_cisco-uds._tcp.company.com.au 86400 IN SRV 10 10 8443 sub1b.anz-uc.company.com.au
_cisco-uds._tcp.company.com.au 86400 IN SRV 10 10 8443 sub2a.anz-uc.company.com.au
_cisco-uds._tcp.company.com.au 86400 IN SRV 10 10 8443 sub2b.anz-uc.company.com.au
Call Control – Certificate Management
Certificate Requirements
Base Concepts
• Options:
• Users ignore certificate validation pop-ups and accept certs invalidates security
concepts
• Install above certificates in the Enterprise Trust store of all clients
• Use CA (public/private) issued certificates: only trust with CA has to be established
Certificate Recommendations
• CA issued certificates simplify the deployment
• With self-signed certificates to establish trust all certificates have to be cross-imported
or deployed to clients via GPO
• Use multi-server certificates to minimise the management overhead
• Private CA avoids policy constraints of public CAs; e.g. single certificate per
FQDN
Bandwidth Management
Bandwidth Management – Traffic Flow Identification
CUCM Service Parameters and SIP Profile Configuration
System Service Parameters Cisco CallManager Service Device Device Settings SIP Profile
Conferencing
Conductor Platforms
Free TelePresence
Conductor [Essentials]
(VM only)
1 x standalone TS
NO
(Use communities & forums)
• Ability to upgrade from Free Conductor -> Midmarket Conductor -> Full Conductor
• Same software shared across all variants. Option keys used to differentiate types of Conductor.
TelePresence Conductor
Configuration Concepts
#1 Pool TS TS
(can be used in
multiple SP’s)
TS TS
Prioritised
#2 Pool TS TS
Conductor Clustering
Unified CM Instant Conductor
Media Resource Group
Conductor 1
Media Bridge1 10.1.1.1 10.1.1.1
Template
Service
Preference
MRGL
Pool
MRG
Route
Pattern
Route
Template
List
Route Service
Group Preference
SIP Pool
Location
Trunk
Endpoint
TelePresence
TelePresence
Server
Servers
Mobile and Remote
Access
MRA – Protocol Workload Summary
expwy.us.example.com expwy.jp.example.com
US Europe Asia SIP Trunk
expwy.uk.example.com
SIP Line
Expressway
Expressway Traversal
edge access
Asia SME
SME global EU SME
aggregation US SME
Unified CM
regional
clusters RTP PAR LON TKY
CBR BGL
LRG_PSTN_2
Calling Search Space
MELInternational
CBR_GW
Route Group Trunk
Partition PSTNInternational
GW_CBR_PSTN Trunk_To_CBR_GW
Device Pool set to
GW_MEL_PSTN Trunk_To_MEL_GW
MELPhone MEL_GW
Phone in MEL First choice for CBR users Backup for CBR users
• Unified CM Integration
» Dual SIP trunks, route group with ‘Top Down’ algorithm for call routing: Unity Connection
subscriber 1st (primary), publisher 2nd (backup).
» Visual Voicemail – UC Service: Set the Unity Connection publisher as the primary
voicemail service and subscriber as the secondary service within the UC service profile.
• Capacity Planning
» Reserve 20% of total system ports for dial out/non-answering operations (message
notification, MWI, etc.)
Refer to the
Core Applications – Deployment Overview CVD
1. Provision the Unity Connection Cluster – Deploy two node cluster for high availability
Alternatively » Determine OVA configuration size (based on number of users) and network and security parameters for
use Prime each node (hostname, IP address/mask, default gateway, DNS, NTP, username/password, etc.).
Collaboration
Deployment » Deploy/install publisher, add subscriber details under cluster configuration, then deploy the subscriber.
2. Configure Unified CM for Unity Connection Integration – Configure SIP trunks, call routing, and
voicemail settings for integration to Unity Connection cluster.
» Configure two SIP trunks (one per Unity Connection node) and call routing constructs (Route Pattern/List/
Group).
» Configure voicemail constructs (Voicemail Pilot number, MWI on/off, Voicemail Profile).
3. Unity Connection Base Configuration – Configure Unity Connection to enable Unified CM
integration, user provisioning, and voicemail capabilities.
» Configure phone systems settings, ports (port codec, port groups), and call routing to enable integration
with Unified CM.
» Enable directory sync with Active Directory and configure templates for user provisioning of mailboxes
and self enrollment.
Refer to the
CVD
Core Applications – Deployment Overview
4. Enable Single Inbox – Unified messaging feature enabling synchronisation of voice messages
in Unity Connection with user’s Microsoft Exchange mailbox.
» Configure Unified Messaging Services account and role in Active Directory/Exchange, and configure Unity
Connection settings (SMTP, authentication method/protocol, and user enablement).
» Install ViewMail for Outlook (available at Cisco.com), configure email account and Unity Connection server.
5. Enable Visual Voicemail – Provide visual access to voicemail boxes for listing and playing messages
» Configure appropriate Unity Connection settings: Class of service (CoS) and API options settings
» On Unified CM configure voicemail UC service for each Unity Connection node and add the services to a
UC Service Profile.
6. Voicemail in SRST Mode – Configure branch ISRs with SRST to route calls to Unity Connection voicemail
system via PSTN when IP WAN is down.
» Configure call forward no answer/busy and POTS dial-peer to route calls via the PSTN to Unity Connection.
» Ensure Redirected Dialed Number Information Service (RDNIS) is configured and carrier propagates so that
callers are directed to the appropriate voicemail box rather than the automated attendant prompt.
7. HTTPS Interworking of two or more Unity Connection Clusters – Configure HTTPS networking to
enable directory information sharing and message exchange between multiple clusters.
Simplified Sizing
Simplified Sizing – Additional Tools
Virtual Machine Placement Tool (VMPT)
http://www.cisco.com/go/vmpt
Simplified Sizing – Additional Tools
Cisco UC Virtualisation DocWiki
http://docwiki.cisco.com/wiki/Unified_Communications_in_a_Virtualized_Environment
Simplified Sizing – Additional Tools
Collaboration Design Zone
• Cisco Collaboration Solutions Design Guidance:
http://www.cisco.com/go/ucsrnd
» Cisco Collaboration Systems 10.x Solution Reference Network Designs (SRND)
» Cisco Collaboration Systems 11.0 Solution Reference Network Designs (SRND)