Professional Documents
Culture Documents
Meeting Room
• CMR
Premises
• CMR
Hybrid
• CMR
Cloud
These exercises are intended to demonstrate one way to configure Cisco’s Collaboration Meeting Room
solutions, to meet the specified requirements of this lab. There are various ways that this can be
accomplished, depending on the situation and the customer's goals/requirements. Please ensure that you
consult all current official Cisco documentation before proceeding with a design or installation. This lab is
primarily intended to be a learning tool, and may not necessarily follow best practice recommendation at
all times, in order to convey specific information.
No infringement is intended in the use of the two characters from Peter Robinson’s Inspector Alan Banks novels and
the Left Bank Pictures television for ITV network series DCI Banks.
User Information
o Cisco VCS/Cisco Expressway and CUCM via SIP Trunk Deployment Guide (CUCM 8,9,10 and
X8.5)
http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide
/X8-5/Cisco-VCS-SIP-Trunk-to-Unified-CM-Deployment-Guide-CUCM-8-9-10-and-X8-5.pdf
o Cisco TelePresence Management Suite Extension for Microsoft Exchange Deployment Guide
– Version 4.1
http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/tmsxe/install_gui
de/Cisco-TMSXE-deployment-guide-4-1.pdf
o Create and Manage Room Mailbox – Exchange Server 2013 and Office 365
https://technet.microsoft.com/en-us/library/jj215781%28v=exchg.150%29.aspx
" Simple: Intuitive controls allow you to create, launch, and join meetings easily
" Proven: Take advantage of industry-leading Cisco video and web conferencing
" Scalable: Superior scale can enable over 500 participants to join a single meeting
" Global: Enjoy global reach with consistent quality
" Flexible: CMR is available in cloud, on-premises, and hybrid deployment options
1
Slide courtesy of Richard Murphy – TME / Cisco live! Session BRKEVT-2803 CMR
1
Information obtained from www.cisco.com/go/cmr
Solutions Readiness Engineers Version 5.1 Page 8 of 46
Collaboration Meeting Room Cloud Lab
CMR Premises is just that. All components to create and join a meeting in a user’s reserved virtual
meeting room are within the organization’s environment. Cloud services do not come into play. Cisco
TelePresence Conductor, Cisco TelePresence Management Suite, and Cisco TelePresence Management
Suite Provisioning Extension (TMSPE) are configured to facilitate CMR Premises. Conductor utilizes two
databases to do alias matches (Direct Match or Regex) and leverages a new provisioning API to allow it to
integrate with TMS, and by extension TMSPE. As of the early part of 2015, the minimum version
requirements were: Conductor (XC3.0), TelePresence Server (4.1) and/or MCU (4.5), TMSPE (1.4), and
TMS (14.6).
CMR Hybrid leverages an organization’s investment of on premise call control and Cisco TelePresence;
and ties that into WebEx for video rich conferencing. Configuring CMR Hybrid is dependent on Cisco call
control - whether it’s a Voice Communication Server (VCS) centric or Cisco Unified Communications
Manager (CUCM) centric type of deployment. Several components are key to this deployment model,
including TMS (14.6+), TelePresence Server (4.1+) and/or MCU (4.5+) conference bridges, Conductor
(XC3.0+), VCS Control and Expressway (or Expressway-C and Expressway-E) (X8.2.2+ but X8.5+
recommended) and/or CUCM (9.1(2)SU2 or 10.5(2)).
CMR Cloud provides rich video conferencing in the cloud. Sold as an add-on to Cisco WebEx, CMR Cloud
users are able to dial a public URI (SIP or H.323) from any standard video endpoint to join a CMR Cloud
meeting in a WebEx user’s personal room (now known as a collaboration meeting room (CMR). It does
not mandate any call control technology on an organization’s premises. A WebEx Meeting Center site
must be running release WBS29 to support CMR Cloud.
This lab will take the participant through the steps of deploying CMR Premises, CMR Hybrid, and CMR
Cloud.
Our lab starts off with two Cisco TelePresence SX20 Quick Set video endpoint systems, registered to two
different call control systems within the same organization. One SX20 belongs to a fictitious user – Alan
Banks. This endpoint is registered to a Cisco Unified Communications Manager (CUCM). Alan Banks’
SX20 is configured on CUCM with directory number 3040, and is reachable via SIP dialing to the URI of
3040@srevideoX.goldlabs.ciscosystems.com (where the X is your pod number). The second SX20 belongs
to another fictitious user – Annie Cabbot. Annie Cabbot’s SX20 is registered to a Cisco TelePresence Video
Communication Server (VCS) (as its SIP Proxy Server) and is configured with the SIP URI of
4041@srevideoX.goldlabs.ciscosystems.com (again, where the X is your pod number).
The two call control systems (CUCM and VCS) are not fully configured; nor are they linked, so there is no
way for 3040 and 4041 to call one another.
Step 1: From CMR-WS01-PodX, launch Firefox via either the icon on the desktop or the taskbar.
Step 2: Browse to https://video-cucm/ccmadmin.
Step 3: Login with:
a. Username ! Administrator
b. Password ! C!sc0123
CUCM presents a warning message when first logged in. In the lab a backup device is not
configured and as such this message can be ignored.
Note:
Press Ctrl+F (Windows) or Command ⌘+F (MAC) and search for Clusterwide to locate
Hint:
this parameter faster.
There are a few reasons why copies of the default SIP Profiles are created. Firstly, the
default profiles cannot be modified. Copies can be modified with only those changes that
are necessary. Also, creating copies and assigning them to specific duties makes
Why? troubleshooting quicker by not having to search through and making changes to a single
profile that is being used for multiple purposes. Changes made to a common profile
shared by many devices could result in other functionality no longer working - thus
compounding a troubleshooting session.
Solutions Readiness Engineers Version 5.1 Page 12 of 46
Collaboration Meeting Room Cloud Lab
Step 9: From the main menus select Device ! Device Settings ! SIP Profile.
Step 10: Click Find.
Step 11: Locate the Standard SIP Profile for Cisco VCS and from the right side click on the Copy
symbol.
Step 12: Give the copied profile the following name ! CMR Standard SIP Profile for Cisco VCS.
Step 13: Continue under SIP Profile Information and verify the following:
a. Default MTP Telephony Event Payload Type ! 101
b. Redirect by Application ! Verify the box is checked
c. Use Fully Qualified Domain in SIP Requests ! Verify the box is checked
Step 15: Under SIP OPTIONS Ping verify that Enable OPTIONS Ping to monitor destination
status for Trunks with Service Type “None (Default)” is checked.
Step 21: Scroll down almost to the bottom of the screen to SDP Information within Trunk Specific
Configuration.
Step 22: Verify that the check box for Allow Presentation Sharing using BFCP is checked.
Step 38: Give it the new name of CMR Non Secure SIP Trunk Profile.
As this is a new Profile and not assigned to any Trunks, it’s not necessary to click Reset at
this time.
☐
Clear this check box if any video phones registered to CUCM are to make or receive
Note: video calls with endpoints registered to VCS.
# Select this check box if only audio devices are registered to CUCM.
Step 49: Scroll down to Call Routing Information ! Inbound Calls and check Redirecting
Diversion Header Delivery – Inbound.
Step 50: Scroll down and configure the SIP Information fields as follows:
a. Destination address is an SRV ! Do not select this box
b. Destination address ! vcsc.srevideoX.goldlabs.ciscosystems.com
c. Destination port ! 5060
d. SIP Trunk Security Profile ! Select the profile copied and modified earlier CMR Non
Secure SIP Trunk Profile
e. SIP Profile ! CMR Standard SIP Profile for Cisco VCS
Allow numeric dialing from CUCM registered phones to VCS C registered phones
Step 56: From the main menus select Call Routing ! Route/Hunt ! Route Pattern.
Step 57: Click Add New.
Step 58: Create the Route Pattern as follows:
a. Route Pattern ! 4XXX (In this instance the XXX’s do not indicate pod information.)
b. Description ! Route 4XXX extensions to VCS
c. Gateway/Route List ! CMR_VCS_SIP_Trunk
d. Call Classification ! OnNet
Step 61: Click OK in the Update to the Route Pattern notification pop up window.
Step 69: Open a new tab in the browser and browse to https://vcsc or to https://10.10.1.5
Step 70: If presented with the This Connection is Untrusted warning click ! I Understand the
Risks.
Step 71: Click Add Exception.
Step 72: Click Confirm Security Exception.
The port number and transport used here must match what will be set in CUCM when
Note:
configuring the SIP Trunk from CUCM to VCS-C (or VCS Expressway Core).
If the trunk is not in Full Service there are two places to check:
• Ensure the SIP port numbers are configured for 5060 on both CUCM and VCS.
Note: • On the SIP Trunk on CUCM, ensure the Destination field is configured with the full
VCS-C name: vcsc.srevideoX.goldlabs.ciscosystems.com. If the vcsc host name is
missing the trunks will display No service on CUCM and as Active on VCS-C.
Step 88: From the main menus navigate to Configuration ! Dial plan ! Search rules.
Step 89: Click New.
Step 105: Scroll down to H.323 and set the Mode to Off.
Step 106: Configure the SIP parameters as follows (These must match later on the VCS-E):
a. Port ! 7001
b. Set Media encryption mode ! Auto
Step 108: Click Create zone. (This Zone will not become Active until the peer, VCS-E, is configured
further in the lab.)
Step 120: Under the Participants section, you should see the call being placed. The status should
progress from Dialing to Connecting; and then the call-control buttons should appear to
indicate that the call is in place.
Step 121: If you desire to do so, switch to the other SX20 web interface and click on Call Control
there to see that the call shows as in place there.
The web interface on the SX20s will not show the real-time video feed from the camera or
presentation source, nor will you be able to see the video from the other endpoint on the
web interface. If you click on the Main Source screen, you will be shown a snapshot of
Note:
the camera feed for 10 seconds. If you click on the Presentation Source screen, you will
be shown a snapshot of the presentation feed for 10 seconds – which will be a black
screen, because no PC is connected to either SX20.
Step 122: Click the End all or the single End Call button (the call control
button with the red handset icon) on either SX20 to disconnect the
call.
Step 123: (Optional) If you desire to do so, place a call from the other SX20,
back to the SX20 that you originated the call on in Step 110, to ensure that calls are able to
be made in both directions. Remember to also end this call when you are satisfied that two-
way calling is working.
The TelePresence Video Communication Server Expressway or Edge is an important and necessary
component to the deployment of CMR Hybrid. In order to configure the VCS the following, at minimum,
must be in place:
• The VCS Expressway must be running firmware X8.5 or a later release.
• Endpoints are registered to VCS-C, VCS Expressway, and/or CUCM.
• Must be assigned a static IP Address.
• Firewall must have port 5061 open to allow access to VCS Expressway
• Conference Bridge(s) to be used (MCU or TelePresence Server) are already operational within the
network.
• The VCS-C or Expressway-Core is in the private network.
• The VCS Expressway or Expressway-Edge is in the DMZ and has access to the Internet.
• Set zones and pipes appropriately (according to your network’s requirements) to allow a minimum
of 1.1 Mbps for WebEx calls.
• If endpoints are registered to Cisco VCS-C it must be configured as the SIP Registrar/H.323
gatekeeper.
An important step in configuring CMR Hybrid/Cloud is ensuring the VCS Expressway has a WebEx
supported publicly signed certificate. Self-signed certificates are NOT supported.
WebEx supports certificates that are issued by specific Root Certificate Authorities. Certificate providers
may have multiple Root Certificate Authorities and not all may be supported by WebEx. Your certificate
must be issued by one of the following Root Certificate Authorities (or one of their Intermediate Certificate
Authorities) or the call from your Cisco Expressway-E or Cisco VCS Expressway will not be accepted by
WebEx:
• entrust_ev_ca • equifax_secure_ca
• digicert_global_root_ca • entrust_2048_ca2
• verisign_class_2_public_primary_ca_-_g3 • verisign_class_1_public_primary_ca_-_g3
• godaddy_class_2_ca_root_certificate • ca_cert_signing_authority
• Go Daddy Root Certification Authority - G2 • geotrust_global_ca
• verisign_class_3_public_primary_ca_-_g5 • globalsign_root_ca
• verisign_class_3_public_primary_ca_-_g3 • thawte_primary_root_ca
• dst_root_ca_x3 • geotrust_primary_ca
• verisign_class_3_public_primary_ca_-_g2 • addtrust_external_ca_root
This list may change over time. For the most current information, contact WebEx or review the
information at the following link: https://kb.webex.com/WBX83490.
2
To use a certificate generated by entrust_2048_ca with Cisco VCS Expressway upgraded from X7.2, you must
replace the Entrust Root CA certificate in the trusted CA list on the Cisco VCS Expressway with the newest version
available from Entrust. You can download the newer entrust_2048_ca.cer file from the Root Certificates list on the
Entrust web site (https://www.entrust.net/downloads/root_index.cfm).
(If the Fallback Transport Protocol is left at UDP it will produce an alarm in the lab environment.)
Step 135: Click Create zone.
CMR Cloud allows participants to join a meeting from the WebEx web application, from a phone, or from
any standards-based video device. Video devices negotiate all media (main video, content, and audio) to
and from the WebEx cloud. This media flows are setup via either SIP or H.323 (SIP is recommended).
Cisco TelePresence infrastructure may be used for call control and firewall traversal, but is not required.
WebEx offers multiple audio solution options for WebEx application users and phone participants. For CMR
Cloud, available options are WebEx Audio (including Cloud Connected Audio) and Teleconferencing Service
Provider (TSP) audio that has been verified compatible with CMR Hybrid/CMR Cloud.
Recommended Network Infrastructure for CMR Cloud Deployments include:
• Call control, device registration
o Cisco Unified Communications Manager (tested releases: 9.1(1), 9.1(2) and 10.5)
o Cisco VCS-C and Cisco VCS Expressway (tested release X8.1)
• Firewall traversal, mobile and remote access
o Cisco Expressway-C and Cisco Expressway-E (tested release: X8.1)
o Cisco VCS-C and Cisco VCS Expressway (tested release: X8.1)
Version X8.1/X8.1.1, calls to the WebEx cloud will fail if you configure the Cisco
Note: Expressway-E or Cisco VCS Expressway for static NAT and enable media encryption. To
secure calls when using static NAT, we recommend upgrading to X8.2 or later.
When a WebEx user is set up for CMR Cloud, they will be assigned a nine-digit pilot number that
identifies their meeting room. Participants can dial into a particular meeting room by dialing the
URI formatted as <nine-digit-pilot>@<cmr site name>.webex.com.
If your organization has endpoints that are not capable of URI dialing, you can allow those
Notes:
endpoints to still dial into CMR Cloud by creating a CUCM route pattern that identifies a
particular numeric (using 0-9, * or # on the dialpad) prefix, followed by a nine-digit pilot
number; and routes that string to the VSCc. In our lab, we’ll create a route pattern that looks
for the prefix of 8, followed by nine digits, to route those calls to , to be forwarded to CMR Cloud
Step 163: We’ve already created a SIP route pattern for CUCM to route calls with SIP URIs to the VCS-
C, however, this pattern was srevideoX.goldlabs.ciscosystems.com. We need to either
modify the existing pattern or add another pattern to route all SIP URI calls to the VCS-C.
Under the Find and List SIP Route Patterns section, click the Find button to list all SIP
route patterns.
Step 166: Note that this pattern is already forwarding traffic to the VCS-C via a SIP trunk. Change the
IPv4 Pattern to be *.* to match all SIP URI dialing. Then, Save the pattern.
For this lab, all pods are sharing the same WebEx site – cloud-srelab.webex.com.
As a result of the configuration above, when a CUCM endpoint dials 8123456789, CUCM will
forward the call to the VCS-C. The VCS-C will transform the called number and will
Notes:
ultimately route the call to 123456789@cloud-srelab.webex.com. An endpoint registered
directly to the VCS-C can also dial the same pattern (8 followed by nine-digits) and the
VCS-C will perform the same transform and forward the call.
Solutions Readiness Engineers Version 5.1 Page 37 of 46
Collaboration Meeting Room Cloud Lab
Create a CUCM SIP Route Patterns to Support SX20 Dialing Restrictions
Step 184: Click Save. As a result of this configuration, CUCM will route calls where the dialed pattern
has sre (or SRE) as the domain part (the part after the @ sign) to the VCS-C.
Step 185: The WebEx site administrator can enable personal Collaboration Meeting Rooms (also
referred to as Personal Rooms) at the site level and can then enable or disable them for
each user. An administrator can also suspend a personal CMR, which blocks host and guest
access, until the owner changes his or her host PIN. Open a web browser to your pods CMR
Cloud WebEx Site – using the URL of https://cloud-srelab.webex.com/admin.
This WebEx site is a public site and as such can be accessed from your own browser. Since
Note: it is a public site access is via a read only Administration account. In the following WebEx
Admin steps you will only verify configuration.
Step 186: When prompted, log in as username podX (where X is your pod number) with password
C!sc0123
Step 188: Click on Edit User List in the left navigation pane and then click on Pod Number X to view
your pod user’s configuration options.
Step 189: Scroll down the configuration settings page to the General section. There, note that your
pod user has both Personal Room and Collaboration Meeting Room enabled on its account.
Personal Rooms are part of every Meeting Center package. Personal room owners share
the link to their permanent, personalized video conferencing space. Personal Room
meetings can be scheduled ahead of time or the room owner leave their room open and let
Notes: people drop in.
Collaboration Meeting Rooms are similar to Personal Rooms, but Collaboration Meeting
Rooms allow participants to connect from any standard video conferencing hardware or
software.
Step 190: Logout of the WebEx Site Administration page; and redirect your browser to the standard
WebEx user login page. You can get there by modifying the URL in your web browser menu
bar by removing everything after webex.com. (https://cloud-srelab.webex.com)
Step 194: If you’re prompted to Install WebEx Productivity Tools, close the reminder box.
Step 195: From the main WebEx page, note the multiple ways that participants can join your pod
user’s room:
1. Users can open a web browser to https://cloud-srelab.webex.com/meet/podX - this is
the traditional way of joining a personal room – opening a browser and loading the
WebEx client.
2. The nine digit number shown is the pilot number for this user (in this example, it is
382139478).
3. A video conferencing system can dial podX@cloud-srelab.webex.com to go straight into
the meeting room. This is the Collaboration Meeting Room functionality. Note that
video conferencing systems can also dial 382139478@cloud-srelab.webex.com to go
straight into the meeting room.
4. Audio-only endpoints (phones) can call the access numbers through the PSTN and then
provide the same pilot number (identified here as the access code) to connect into the
room
Step 197: Click the Enter Room button to enter your pod user’s Personal Room. If you’re prompted
to install WebEx client software, please allow the installation.
Step 198: You will be joined into the pod user’s personal room.
Step 199: Leave the WebEx client open; and from CMR-WS01-PodX return to the browser tab to the
SX20 registered to the CUCM at 10.10.x.40 (where x is your pod number). Log into the
SX20 web interface with username admin. There is no password configured on the SX20.
Remember:
The @SRE at the end of the dial number is to keep the SX20 from appending its own domain to
Note:
the number.
VCS-C will transform the @SRE to be @cloud-srelab.webex.com
Step 203: Return to the WebEx Meeting Room – you should see that
3040@srevideox.goldlabs.ciscosystems.com has joined the meeting, and you should also
see the video from the SX20’s camera.
Step 204: Leave the WebEx client open; and from CMR-WS01-PodX return to the browser session to
the SX20 registered to the VCS-C at 10.10.x.41 (where x is your pod number). Log into the
SX20 web interface with username admin. There is no password configured on the SX20.
Step 205: Dial the meeting pilot number to call into the meeting room from the second SX20.
Step 206: Returning to the WebEx Meeting Room again, you should see that
4041@srevideox.goldlabs.ciscosystems.com has also joined the meeting.
Step 207: To test content sharing, return to one of the two SX20s, and change the Presentation
Source from PC to Camera.
Step 210: Quickly return to the WebEx client. You should now see the camera output of the SX20
showing in the presentation area of the WebEx meeting room.
We used a camera as the presentation source – just to demonstrate that presentation is working
in the CMR Cloud meeting room. If you like, you can change the presentation source back to
Notes: PC. A blank screen will show in the presentation area of the meeting because no PC is
connected to the SX20. If you do this, the presentation will time out after a few seconds
because there is nothing being presented. This is normal behavior.
Step 211: As the pod user on the WebEx client, click the Leave Room button (you may have to click
on the Quick Start tab to get to the button. When you are warned about the meeting
ending for all participants, click the other Leave Room button.
Step 212: After a few seconds, you should see the call clear from both SX20s.
This concludes the CMR Cloud lab. Thank you for participating. Please
remember to complete the survey for this session.
Appendix
A
Certificate
Installation
on
VCS
Expressway
Before installing the server certificate on the Cisco Expressway-E or Cisco VCS Expressway,
Note: make sure it’s in the .PEM format. If the certificate you received is in a .CER format
change the file extension to .PEM to convert it.
Server Certificate
Step 1: From the main menus select Maintenance ! Security certificates ! Server
certificates.
Step 2: Under Upload new certificate click on Browse….
Trusted CA Certificate(s)
Step 5: From the main menus navigate to Maintenance ! Security certificates ! Trusted CA
certificates.
Step 6: Under Upload click on Browse….
Step 7: Select the Trust certificate <filename.pem>.