Collab VCE

Cisco Enterprise Mobile
Collaboration
Matt Jordy, Technical Marketing Engineer
(mjordy@cisco.com)
BRKUCC-2060
Cisco Spark
Ask Question, Get Answers www.ciscospark.com
Use Cisco Spark to communicate with the speaker after the event!
What if I have a question after visiting Cisco Live? ... Cisco Spark
How
1. Go to the Cisco Live Mobile app
2. Find this session
3. Click the join link in the session description
4. Navigate to the room, room name = Session ID
5. Enter messages in the room
Spark rooms will be available until July 29, 2016
BRKUCC-2060 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
BRKUCC-2060: Cisco Enterprise Mobile Collaboration
Session Overview
This session explores in detail how Cisco mobile collaboration improves productivity
of mobile users by extending enterprise features and applications to mobile devices
anytime anywhere.
This session covers:
Fixed mobile convergence (FMC) with Cisco Unified Communications
Manager Unified Mobility feature set
Fixed mobile substitution (FMS) with Cisco mobile clients and solutions
for smartphones and tablets including Cisco Jabber
These collaboration applications and services provide a comprehensive set of mobility
features and functions for enterprise workers in motion delivering enterprise connectivity
and persistent reachability to mobile users regardless of their location.
Capabilities include: single number reach, automated enterprise dialing, mobile voicemail
avoidance, voice and video over IP calling, voicemail and directory integration, instant
messaging & presence, file share, and secure enterprise access.
BRKUCC-2060: Cisco Enterprise Mobile Collaboration
Session Logistics
Attendees should have some familiarity with Cisco enterprise mobility solutions. Attendees
should also have a good understanding of IP telephony and familiarity with Cisco Unified
Communications Manager's features and functions.
Appendix slides (additional solutions information).
Session time: 120 minutes
Please consult the latest applicable
Please ask questions as we go product documentation for specific
Questions I'll answer feature, software version, and
hardware version support requirements
Questions I'll defer to later in the session
Questions I don't know the answer to, outside the scope of our session, or those that
consume too much time
Come see me after the session or send me an email or Spark message

(mjordy@cisco.com) with your question and I will get back to you.
Complete Your Online Session Evaluation
Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 Amazon gift card.
Complete your session surveys
through the Cisco Live mobile
app or from the Session Catalog
on CiscoLive.com/us.
Dont forget: Cisco Live sessions will be available

for viewing on-demand after the event at
CiscoLive.com/Online
BRKUCC-2060
Agenda
BRKUCC-2060
Cisco Enterprise Mobile Collaboration Solutions Overview
Fixed Mobile Convergence with Cisco Unified Mobility
Fixed Mobile Substitution with Cisco Mobile Client Solutions
Unified Mobility Integration
Mobile Client and Collaboration Service Deployment
Enterprise Secure Remote Attachment
Design and Deployment Considerations
Cisco Enterprise Mobile Collaboration Solutions Summary

Collaboration Solutions Overview
Cisco Enterprise Mobile Collaboration Cisco Unified CM
Overview PSTN
PSTN Gateway
Cisco Mobile Collaboration

Mobile Voice
solutions include: Network
(Carrier)
Cisco Unified Mobility WLAN
Fixed Mobile (802.11) Cisco Unity
Connection
Convergence (FMC) DMZ
Cisco ASA
Cisco Mobile Clients Mobile Devices Public/
Directory
Fixed Mobile Private Cisco IM & P
Mobile Data WLAN
On-Premise Enterprise and
Substitution (FMS) Network Collaboration Applications
(Carrier)
Enables access to Cisco Internet
collaboration applications and
services for mobile users: Inside Cisco Cisco
Expressway-E Expressway-C
Cisco Voice (cellular)
and outside the enterprise Data/signaling
Spark / WebEx /media
Cloud-based Collaboration Services
Cisco Enterprise Mobile Collaboration
Fixed Mobile Convergence (FMC): Linking Users Enterprise Line to Mobile Device
What is fixed mobile

PSTN
convergence?
Mobile Voice
Network
(Carrier)
Integrating or linking a
Mobile Device Enterprise Line user's enterprise line
with their mobile device
Fixed Mobile Substitution (FMS): Enabling User's Enterprise Line on Mobile Device

PSTN
substitution?
Mobile Voice
Network
(Carrier)
Moving or enabling the

Mobile Device Enterprise Line enterprise line on the
user's mobile device
Fixed Mobile Substitution (FMS): Enabling User's Enterprise Line on Mobile Device

Considerations:
Software/application required on
PSTN
substitution?
the mobile device. What
Mobile Voice
device(s) do I need?
Network
(Carrier) WLAN or Mobile Data or both?
Mobile Data Substitution: Do I need an
Network enterprise device?
(Carrier)
WLAN
(802.11) Moving or enabling the
Mobile Device Enterprise Line enterprise line on the
Enterprise Line
user's mobile device
Anytime, Anywhere Collaboration!
11 AM
8:30 AM 1:15 PM
3 PM
7 AM
9 PM
4 PM
7 PM 5:30 PM
Fixed Mobile Convergence
with Cisco Unified Mobility
FMC with Cisco Unified Mobility
Overview
WAN/
Cisco Unified
Cisco Unified Mobility PSTN Internet Mobility User
Gateway
Cisco Unified
Mobility User
PSTN
Cisco Unified Mobility includes the following
Cisco Unified benefits:
Communications
Manager Single enterprise number for all calls whether handled by
enterprise desk phone or mobile phone
Cisco Unified Mobility links a Enterprise dialing from mobile devices for toll reduction, mobile
users enterprise phone phone number masking, access to non-DID enterprise
extensions.
(or enterprise directory number) Cisco Unified
Features delivered on any Mobility
mobileUser
phone regardless of mobile
to their mobile device platform or provider with no requirement for software on the
device or a mobile data plan.
Feature Overview Cisco Unity
Receiving Calls: Connection
Single Number Reach (SNR)

Call Filtering Carrier
Voicemail
X Cisco Unified CM
Mobile Voicemail
Mobile Voice
Avoidance Network
(Carrier) PSTN
Making Calls:
2-Stage Dialing PSTN
Gateway
Mobile Voice Access (MVA) IVR
Enterprise Feature
Access (EFA) non-IVR
Single Number
Other Features: Reach
Mobile Voicemail
Move Active Call Unified Mobility
Avoidance
User 2-Stage Dialing

Mid-Call Features
Move Call
High Availability
Unified Mobility features: Unified CM cluster-based high availability
Publisher-dependent features: Mobile Voice Access, Single Number Reach On/Off No
redundancy
Scalability/Capacity Planning
Maximum of 40,000 Remote Destinations per Cisco Unified CM cluster *
PSTN Utilization Increase
To reduce impact of Unified Mobility on PSTN gateway utilization
One remote destination per user
Configure SNR call filtering (caller ID/time of day)
Disable SNR when not in use PSTN
PSTN Connectivity
Requirement: PRI (TDM-based PSTN) or SIP Trunk (IP-based PSTN)
* Unified CM 9.1(2)SU1 or later.
Fixed Mobile Substitution
with Cisco Mobile Client Solutions
FMS with Cisco Mobile Client Solutions
Cisco
Overview Cisco Unity
Connection
Unified CM PSTN Gateway Enterprise
Mobile WLAN
Cisco mobile clients enable Voice
mobile users to leverage
Cisco PSTN
enterprise collaboration ASA
Cisco IM & P Cisco Mobile Clients
applications and
services Cisco
WAN/ Spark / WebEx

Voice & video calling Cisco Expressway
Internet
Enterprise
Enterprise IM & WLAN
Public/
Mobile Private Wi-Fi
presence, and file
Data
sharing services
Enterprise voicemail,
meetings, and directory
services
Enterprise secure remote attachment Moving/enabling the enterprise
line on the mobile device (FMS)
11 AM
8:30 AM 1:15 PM
3 PM
7 AM
9 PM
4 PM
7 PM 5:30 PM
Please consult the latest
applicable product documentation
FMS with Cisco Mobile Client Solutions for specific feature, software
version, and hardware version
support requirements
Cisco Jabber, Cisco Spark, and Other Mobile Clients
Cisco Jabber for Android
and iOS provides SIP-based
voice & video over IP calling,
XMPP-based IM & presence,
visual voicemail, file and screen Cisco
sharing, secure remote enterprise WebEx Mobile Cisco AnyConnect
Cisco Jabber attachment. Other Cisco Mobile Clients
Cisco WebEx Meeting Meetings
Cisco Spark for Android and iOS client for Android, Apple iOS,
provides 1-to-1 & 1-to-many BlackBerry 10, Windows Phone 8
cloud-based collaboration rooms mobile devices
enabling voice/video over IP
Cisco AnyConnect VPN client for
calling, secure persistent Android & Apple iOS mobile devices
messaging, file & screen sharing.
Cisco Spark BRKUCC-2060 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Mobile Clients: 1:1 to Team Collaboration
Cisco
WORKSTYLES & COLLABORATION TOOLS Collaboration Cloud
Team Persistent Conversations

Small Team Collaboration Pervasive
Time Shifted Team Collaboration
Rapid Iteration
Cisco Spark
Audio, Video, Web
Structured Meetings
Real-Time Conferencing
Share Content
Cisco Webex
Phones and IM
1:1 Premise-based communication Unified
Real-Time Communications
Messaging and Calling
Cisco Jabber
Cisco Spark and Collaboration Cloud Architecture
Cisco Collaboration Cloud

COMPUTE Cisco
Analytics / Reporting Internet
File / Data Spark
Storage Billing / Provisioning Cloud
Infrastructure
Management Content Sharing Messaging

Identity / SSO Calendar Calling Media / Transcode
Cloud Services
Voice and Video over IP Calling with Unified CM or Collaboration Cloud Cisco
Mobile Client Unified CM
Cisco Jabber mobile clients Device Mobile
Audio: G.711, G722.1, G.729, Opus
Voice Network
register to Unified CM: Video: H.264
(Carrier) PSTN
Mobile device = enterprise phone

SIP
Enterprise
Signaling is SIP / Media is (S)RTP Mobile WLAN
Data Network VVoIP
Cisco Spark mobile clients register (Carrier)
VVoIP
to the Collaboration Cloud: Public/Private
Internet
WiFi Cisco Expressway
Mobile device = cloud-based phone REST Cisco
Signaling is REST (HTTPS) / Collaboration

Cloud
Media is (S)RTP Signaling (SIP)
VVoIP (RTP)
Signaling
IP signaling/media over 802.11 Mobile Client
Audio: Opus (REST/HTTPS)
WLAN (enterprise/public/private) Device Video: H.264
OR mobile data network BRKUCC-2060 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Instant Messaging (IM) and Presence: On-Premise or Collaboration Cloud
Unified CM
Mobile Client IM & Presence
Cisco Jabber mobile clients enable Device Mobile
(ON-PREMISE)
Voice Network
instant messaging, presence, (Carrier) PSTN
and file sharing services:
XMPP
XMPP-based flows with on- Enterprise
Mobile WLAN
premise IM & P or cloud-based Data Network
WebEx Messenger (Carrier)
REST XMPP
Internet
Cisco Spark mobile clients enable Public/Private
Cisco Expressway
WiFi
instant messaging and file Cisco
sharing services: Collaboration WebEx Messenger
Cloud (CLOUD)
REST (HTTPS)-based
XMPP
Collaboration Cloud services
REST/HTTPS
Mobile Client
XMPP and REST over 802.11 WLAN Device
(enterprise/public/private) OR mobile data network BRKUCC-2060 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Agenda
BRKUCC-2060
Cisco Jabber
Cisco Spark


Cisco Unified Mobility Configuration: Standard and Jabber Dual-Mode
Remote Destination Profile
Standard Unified Mobility for SNR 919 555-1212
Virtual Phone
Remote Destination Profile with Remote Destination #1
Maximum of
Enterprise DN (shared line with DN: 12345
10 per user
enterprise device*)
408 555-1212
1 10 Remote Destinations
Remote Destination #10
Jabber Dual-Mode + Unified Dual-mode

only
Mobility for SNR
Client Device Type
Client Device with Enterprise DN
919 555-1212
(shared line with enterprise device*)
- No Remote Destination Profile DN: 12345 Mobility Identity
Maximum of
1 Mobility Identity + up to 9 Remote 10 per user
Destinations Dual Mode for Android 408 555-1212
Dual Mode for iPhone
No Remote Destination Profile Remote Destination #9
* If provisioned
Cisco Unified Mobility Configuration: Standard and Jabber Dual-Mode
Mobility
Standard Unified Mobility forIdentity
SNR Remote
What'sDestination Profile
so special? 919 555-1212
Virtual Phone
Remote Destination Enables
Profile with
dual-mode handoff (moving call from WLAN toDestination
Remote cellular)#1and
Maximum of
Enterprise DN (shared
Dialline with (DVO)
via Office DN: 12345
10 per user
enterprise device*)
Dual-ring avoidance: SNR engaged *ONLY* when client
408 555-1212
device is not
1 10 Remote Destinations
registered to Unified CM Remote Destination #10
Jabber Dual-Mode + Unified Dual-mode

only
Mobility for SNR
Client Device Type
Client Device with Enterprise DN
919 555-1212
(shared line with enterprise device*)
- No Remote Destination Profile DN: 12345 Mobility Identity
Maximum of
1 Mobility Identity + up to 9 Remote 10 per user
Destinations Dual Mode for Android 408 555-1212
Dual Mode for iPhone
No Remote Destination Profile Remote Destination #9
* If provisioned
Cisco Unified Mobility: Mobility Identity Characteristics
Mobility Identities have the same
configuration and behavioral REVIEW
characteristics as Remote
Destinations
High availability and

capacity considerations
are the same for Mobility
Identities.
Maximum total of 40,000
Remote Destinations AND
Mobility Identities
Cisco Unified Mobility and Cisco Jabber
Cisco Unified Mobility Integration: Dual Mode Dual-Ring Avoidance
Call: Call: 51234
Incoming calls are NOT 408 555-1234
routed to Mobility Cisco Unified CM
1st: VoIP Identity via SNR when PSTN
Gateway
client device is PSTN
registered to Unified CM Mobile Enterprise
Voice Network WLAN
(Carrier) Cisco Unified
Mobility User
Incoming calls ARE Enterprise Number

(408) 555-1234
routed to Mobility
2nd: SNR Mobility Identity Enterprise
Identity via SNR when (Mobile Line) Line
* NO Enterprise * Enterprise
client device is not Registration *
Same
Device
Registration *
registered to Unified CM Mobile Client WITHOUT Mobile Client WITH

Enterprise Registration Enterprise Registration
NOTE: Incoming calls directly to the mobile phone number will ring the mobile voice/
cellular interface even when the dual mode phone isBRKUCC-2060
registered to Unified
2016 CM
Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Cisco Spark Hybrid Services: Call Service Connect
The Cisco Spark Hybrid Services Call Service Connect integration leverages the
Unified CM Unified Mobility framework.
New device type: Spark Remote Device (RD)
Early deployments leverage device type: CTI Remote Device (RD)
Functionality relies on Unified Mobility
capabilities including:
Inbound caller ID matching
Automatic inbound call anchoring
Single number reach call routing
Spark (CTI) RDs are not counted against
overall cluster RD / MI count.
Agenda
BRKUCC-2060
Cisco Jabber
Cisco Spark


Cisco Jabber Enterprise Architecture Overview
Call Control Applications Edge
Unified CM Mobile Hybrid
PSTN Voice Network On-Premise Enterprise
Unity (Carrier)
IM & P Connection PSTN GW
Collaboration Services /
Cloud-based
Directory
802.11 Collaboration Services
On-Premise Expressway-C
WLAN
Conferencing
Enterprise Collaboration
Applications & Services TelePresence
Mobile
Conductor
Internet Data Network
TelePresence (Carrier)
Expressway-E
Server
Mobile
Cisco call control,
Data Network applications, and
(Carrier) edge
Cloud Internet WebEx IM &
Collaboration Services WebEx Messenger /
presence, and
Meeting / Cloud CMR
802.11 conferencing
WLAN
Cisco Spark Enterprise Architecture Overview
Call Control Applications Edge
Unified CM Active Directory
Mobile Hybrid Services
(LDAP) PSTN Voice Network On-Premise Enterprise
(Carrier)
PSTN GW
Collaboration Services /
Cloud-based
Exchange
(Calendar) 802.11 Collaboration Services
On-Premise WLAN
Expressway-C
Enterprise Collaboration
Applications & Services Mobile
Internet Data Network
(Carrier)
Expressway-E
Mobile Cisco call control,

Data Network enterprise identity,
(Carrier) enterprise calendar,
Cloud secure edge.
Collaboration Services Spark Message / Meet / Internet
Call Spark message/meet
802.11 for team collaboration
WLAN
Cisco Jabber
Cisco Jabber Deployment: Service Discovery Flow - On-Premise, Full UC Mode
This flow assumes Unified CM
Jabber 10.x and later in Download UC
Services Profile and IM & P
Full UC mode with 9.x
or above servers jabbber-config.xml
5 6 **
IP addresses for Unified CM User
UDS, IM &P* TFTP
Address for authentication
2 home Unified
CM TFTP 7
4 7
1 Unified CM
3 Subscriber Connect and
DNS SRV lookup: register to
_cisco-uds._tcp DNS Find home cluster additional services
_cuplogin._tcp* and TFTP server (call control,
Corporate DNS address Unified CM Unity voicemail, etc.)
UDS Connection
* IM Only or Full UC product modes with 8.x server deployments
** Authentication source is Unified CM for Phone-only product mode
Cisco Jabber Deployment: Service Discovery Flow - Cloud and Hybrid
HTTP request to WebEx
cloud (example.com) 2 User log-in to WebEx
Cisco UC Services
1 WebEx 3 Hybrid: UC settings
Profile andsent to client
jabbber-config.xml
Hybrid: Client connects/
4
5
registers to on-premise services
IP addresses for Unified CM
UDS, IM &P 4
TFTP
Address for
2 home Unified
CM TFTP 4
4 Connect and
1 Unified CM register to
3 Subscriber additional services
DNS SRV lookup:
(call control
_cisco-uds._tcp DNS Find home cluster
_cuplogin._tcp and TFTP server Unity voicemail, etc.)
Connection
Corporate DNS address Unified CM
UDS
Cisco Jabber Deployment: Administrator Tasks Provision Devices
Administrators must enable, configure, and associate Jabber device types.
Three Jabber device types:
Cisco Jabber for Tablet
Cisco Dual Mode for Android Cisco Dual Mode for iPhone (iPad or Android)
Configured like other endpoints in Unified CM Jabber

specific configuration under product specific settings.
Depending on version of Unified CM, COP file install may be required to enable device
type. Refer to latest product release notes for requirements and download location
Associate user to Jabber device
Cisco Jabber Deployment: Administrator Tasks Provision UC Services
Administrators should prepare for service discovery configure UC services, assign to
service profile(s), and associate profile(s) to user(s).
END USER
Configure and upload a jabber-config.xml file to

Unified CM for service customization (user policies/options, directory integration, etc.).
Cisco Jabber Deployment: Administrator Tasks DNS SRV and Directory Integration
Administrators should configure corporate DNS SRV records to ensure service
discovery works properly. Unified CM / UDS User Data Services
_cisco-uds._tcp.example.com = LDAP
_cisco-uds._tcp ucm.example.com Directory
Sync
Unified CM
_cuplogin._tcp
Unified CM IM & P* HTTPS/ UDS
_cuplogin._tcp.example.com =
imp.example.com
REST LDAP
(UDS)
Administrator should
determine Jabber contact source
and configure appropriately Basic
Directory
Basic Directory Integration (BDI)** LDAP
Integration
(Active Directory,
Unified CM User Data Services (UDS) AD/LDS,
!! OpenLDAP) LDAP Corporate
!! CAUTION Directory
UDS reduces Unified CM endpoint capacity. Each Jabber * 8.x and earlier server versions
client leveraging UDS counts as 2 endpoint registrations! ** Default on-premise directory source
Unified CM 11.5 introduces
_cisco-uds._tcp.example.com =
UDS-to-LDAP Proxy LDAP
LDAP proxy capabilities for UDS. Sync
Unified CM
_cuplogin._tcp
When UDS-to-LDAP Proxy is
Unified CM IM & P* HTTPS/ UDS> 160K Users
enabled, client directory queries UDS
_cuplogin._tcp.example.com = Unified CM
REST
UDS
are sent by UDS toimp.example.com
LDAP. (UDS)
LDAP
Query results are received HTTPS/ LDAP
by UDS and relayed back REST LDAP
and configure appropriately
to the client (UDS) Basic
Directory
Basic Directory Integration
Enables client (BDI)**
searches against corporate LDAP
(Active Directory, Integration
directories with more than 160,000 users AD/LDS,
Unified CM User Data Services (UDS)
_cisco-uds._tcp.example.com = LDAP
WebEx Messenger/WebEx Sync
Cisco Unified CM
cloud is the Jabber contact
_cuplogin._tcp
source with hybrid deployments WebEx
Unified CM IM & P*
_cuplogin._tcp.example.com =
HTTPS/ UDS
imp.example.com
REST LDAP
(UDS)
and configure appropriately Basic
Directory
Basic Directory Integration (BDI)** LDAP
(Active Directory, Integration
Unified CM User Data Services (UDS) AD/LDS,
Cisco Jabber Deployment: User Tasks - Download and Install
Download and install the Jabber client from appropriate public application store.
Jabber for Android Jabber for iPhone and iPad At first time launch:
Available on Google Play Available on Apple App Store Jabber prompts user for username@domain.
Jabber uses service discovery to connect
and configure
Jabber prompts user for credentials
If service discovery is not configured or fails,

user can manually configure service(s)
Cisco Spark
Cisco Spark Deployment: Provisioning
Onboarding Users
Management Portal: https://admin.ciscospark.com Add users to a managed/paid
organization via the Cisco Spark
Management portal
Add users by creating a new room
user@company.com Provisioning/invite email sent to user
user@company.com
Cisco Spark Deployment: End User
1. User acquires the Cisco Spark application:
https://download.ciscospark.com
Desktop: Download and installer for
Window and Mac
Mobile: Email with redirect link to

appropriate application store
(Android, iOS)
Web: Open in browser

(https://web.ciscospark.com/)
2. User logs in with email address

Cisco Spark Hybrid Services
Cisco Spark Hybrid Services Connectors on the host
communicate with the
cloud using HTTPS Enterprise Hybrid Service
DMZ enterprise integration
HTTPS is facilitated by an
on-premise
Internet Expressway-C
Connector host
Expressway
E/C
Expressway-C
Connector Host
Cisco Spark Hybrid Services enable integration Expressway

of enterprise on-premise identity, calendar, and X8.7.1 or later
calling services with cloud-based collaboration
services provided by the Cisco Collaboration
Cloud.
Cisco Spark Hybrid Services: Enterprise Directory Integration Cisco Directory
Connector is a
service that is installed
Enterprisewith domain
DMZ administrator rights on
HTTPS a Windows Domain
server and uses a
Internet read-only account to
import user contact
Expressway
information from the
E/C enterprise Microsoft
User information (once Active Directory
synchronized from the
Cisco
enterprise directory via
Directory
LDAP) is pushed from
Connector
the Directory Connector
via HTTPS to the cloud
Cisco Spark Hybrid Services enables identity store of the
synchronization of the corporate enterprises cloud
LDAP
services organization.
directory with the Cisco Collaboration
Microsoft
Cloud identity services. Active
Directory
Cisco Spark Hybrid Services: Enterprise Directory Integration (cont.) Cisco Directory
Connector is a
service that is installed
Enterprisewith domain
DMZ administrator rights on
HTTPS a Windows Domain
server and uses a
Internet read-only account to
import user contact
Expressway
information from the
E/C enterprise Microsoft
User information (once Active Directory
synchronized from the
Cisco
enterprise directory via
Directory
LDAP) is pushed from
Connector
the Directory Connector
via HTTPS to the cloud
Cisco
HybridSpark Hybrid
Services Services
Directory enables
Connector allows: identity store of the
synchronization of the corporate
Spark users to search
enterprises cloud
for contacts in their corporate directory. LDAP
services organization.
directory with the Cisco Collaboration
Administrator to assign user roles, manage user capabilities, and entitle Microsoft
or
Cloud identity services. Active
activate imported enterprise users for specific cloud services.
Directory
Cisco Spark Hybrid Services: Enterprise Calendar Integration Calendar Connector
pushes user meeting
information via HTTPS to
Enterprise
the cloud calendar
DMZ service for the
HTTPS enterprises cloud
organization.
Internet
Internet
Expressway-C
Calendar Connector is a
Expressway
service that runs on the
E/C Connector Host
Expressway-C
Connector Host and Calendar Call
imports user meeting and Connector Connector
calendar information from
enterprise Microsoft Common Connector Framework
Exchange Web Services
using EWS (HTTPS)
Cisco Spark Hybrid Services enable
HTTPS
integration and synchronization of the (Exchange
enterprise calendar with the Cisco Web Services)
Microsoft
Collaboration Cloud calendar service. Exchange
Cisco Spark Hybrid Services: Enterprise Calendar Integration (cont.) Calendar Connector
pushes user meeting
information via HTTPS to
Enterprise
the cloud calendar
DMZ service for the
HTTPS enterprises cloud
organization.
Internet
Internet
Expressway-C
Calendar Connector is a
Expressway
service that runs on the
E/C Connector Host
Expressway-C
Connector Host and Calendar Call
imports user meeting and Connector Connector
calendar information from
enterprise Microsoft Common
Hybrid Services Calendar Connector enables collaboration
Exchange Web Servicesbefore, during, and Connector Framework
after a meeting:
using EWS (HTTPS)
Cisco
@spark Added
Spark HybridtoServices enable
the meeting location field allows Spark users to automatically create
HTTPS
integration and synchronization
Spark collaboration rooms based of
on the
the titles and attendees for a scheduled meeting.
(Exchange
enterprise calendar with the Cisco
@webex Added to the meeting location field allows Spark Microsoft
Web Services)
users to automatically add
Collaboration Cloud
WebEx personal calendar
meeting room service.
to the meeting invite and the Spark room
Exchange
Cisco Spark Hybrid Services: Enterprise Calling Call Connector (on the
Expressway-C Connector
Media and signaling traverse
Host) and communicates with
the enterprise firewall using
Unified CM using AXL to
Expressway-E / C pairs DMZ
validate and provision user and
HTTPS CTI to provide enterprise device
monitoring/control to the cloud.
Internet
Internet
Expressway-C
Expressway
E/C Connector Host
Calendar Call
Connector Connector
RTP
Common Connector Framework
Cisco Spark Hybrid Services RTP media and SIP
enables integration of Unified CM- signaling are
exchanged between AXL / CTI
based enterprise calling with the Unified CM, the SIP
Cisco Collaboration Cloud calling endpoints, and the
Collaboration Cloud Unified
and media services. calling and media CM
services.
Cisco Spark Hybrid Services: Enterprise Calling (cont.) Call Connector (on the
Expressway-C Connector
Media and signaling traverse
Host) and communicates with
the enterprise firewall using
Unified CM using AXL to
Expressway-E / C pairs DMZ
validate and provision user and
HTTPS CTI to provide enterprise device
monitoring/control to the cloud.
Internet
Internet
Expressway-C
Expressway
E/C Connector Host
Calendar Call
Connector Connector
RTP
Hybrid Services Call Connector enables call integration between enterprise
Commonand Spark clients
Connector Framework
Cisco Spark Hybrid Services RTP media and SIP
Call Service Aware Cisco Spark enables unified call history as well as one button to
enables integration of Unified CM- signaling exchanged
are
between AXL / CTI
share between Spark clients
based enterprise calling with the when Spark users make calls with their enterprise phone.
Unified CM, the SIP
Cisco
Call Collaboration
Service Connect Enables
Cloud callingCiscoendpoints, and theto make and receive calls from
Spark users
Collaboration Cloud Unified
andenterprise call control (Unified CM)
media services. calling and media CM
services.
Cisco Spark Hybrid Services: Call Service Connect Single Number Reach
The call rings both Bobs desk User Jane selects
phone and Spark client. He can contact or dials
answer at either device, however in number for Bob (1001
this case he is out of the office and / bob@example.org). jane@example.org
answers using Spark on his mobile.
Expressway-C
DN: 2001
Expressway Connector Host
Bob Cisco Collaboration Cloud E/C
4
1
Internet
bob@example.org Spark Hybrid Services Unified CM receives
call setup and
Unified CM extends call to Bobs
Unified CM extends call to Bobs
Spark RD (shared line) which 3 enterprise phone
engages SNR and forks call to 2
Call Service Connect Bobs Spark Hybrid Services URI
enables calling between
cloud-based Spark clients Spark Remote Shared DN: 1001
DN: 1001
Device Line
and enterprise devices bob@example.org
RD: bob@example.call.ciscospark.org
Cisco Spark Hybrid Services Deployment: Provisioning Cloud
The organization administrator uses the Cisco
Collaboration Cloud Management portal
(https://admin.ciscospark.com) to provision and
manage Cisco Spark Hybrid Services and activate
users for these services
expr-c-spark.example.com
Cisco Spark Hybrid Services Deployment: Provisioning Expressway-C
Calendar Connector
Cisco Spark Hybrid Services Deployment: Provisioning Expressway-C
Call Connector
Agenda
BRKUCC-2060
Cisco Jabber
Cisco Spark


Enterprise Secure Remote Attachment Architecture: VPN
Enterprise secure remote attachment Cisco Unified CM
PSTN
enables secure remote connectivity to PSTN Gateway
the enterprise for Cisco routers,

Mobile
endpoints, and clients. Devices
VPN with the Cisco ASA DMZ

Cisco Unity
Connection
VPN IOS router (e.g. Cisco Virtual Office) Cisco ASA
Public/Private
Cisco AnyConnect VPN software WLAN Cisco IM
client for mobile devices. (802.11) and Presence
Mobile Data Internet

Network
(Data Channel)
Cisco Cisco
Expressway Expressway
-E -C
Enterprise Secure Remote Attachment Architecture: VPN-less Collaboration Edge
Enterprise secure remote attachment Cisco Unified CM
PSTN
enables secure remote connectivity to PSTN Gateway
the enterprise for Cisco routers,

Mobile
endpoints, and clients. Devices
Call signaling (SIP)

VPN with the Cisco ASA DMZ (XMPP)
IM & Presence
Cisco Unity
Connection
Visual voicemail, directory (HTTPS)

VPN IOS router (e.g. Cisco Virtual Office)
Cisco ASA
Voice/video media (RTP / sRTP)
Public/Private
Cisco AnyConnect VPN software WLAN Cisco IM
client for mobile devices. (802.11) and Presence
Collaboration Edge (VPN-less) Internet

Mobile Data
Cisco Expressway mobile and Network
(Data Channel)
remote access Cisco
Expressway
Cisco
Expressway
-E -C
Expressway
Collaboration flows
All other traffic

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
BRKUCC-2060
Cisco Expressway: Firewall Traversal Basics
Enterprise Network DMZ Public Network
Unified
CM Internet
Expressway-C Firewall Expressway-E Firewall Signaling
Media
1. Expressway-E is the traversal server installed in DMZ. Expressway-C is the traversal client installed inside the
enterprise network.
2. Expressway-C initiates traversal connections outbound through the firewall to specific ports on Expressway-E with
secure login credentials.
3. Once the connection has been established, Expressway-C sends keep-alive packets to Expressway-E to maintain the
connection
4. When Expressway-E receives an incoming call, it issues an incoming call request to Expressway-C.
5. Expressway-C then routes the call to Unified CM to reach the called user or endpoint
6. The call is established and media traverses the firewall securely over an existing traversal connection
Download UC Unified CM
IM & P
REVIEW Services Profile and
jabbber-config.xml
5 6 **
IP addresses for Unified CM
UDS, IM &P* TFTP User log-in
Address for
2 home Unified
CM TFTP 7
4 7
1 Unified CM
UDS Connection
Cisco Jabber and Expressway Mobile and Remote Access: DNS SRV Queries
Unified CM
Unified CM (ucm.example.com)
IM & P
(imp.example.com) Internet
Expressway-C Firewall Expressway-E Firewall
(expressway.example.com)
DNS
DNS Jabber
Jabber
outside Public DNS
inside Corporate Split
DNS the
the DNS
V enterprise
enterprise
_cisco-uds._tcp.example.com ? = ucm.example.com _cisco-uds._tcp.example.com ? = No resolution
_cuplogin._tcp.example.com ? = imp.example.com _cuplogin._tcp.example.com ? = No resolution
_collab-edge._tls.example.com ? = No resolution _collab-edge._tls.example.com ? = expressway.example.com
Cisco Jabber and Cisco AnyConnect VPN: DNS SRV Queries
Unified CM
IM & P
DNS
Public DNS
DNS Adaptive Security Jabber outside
Appliance the enterprise with
Corporate (ASA) AnyConnect VPN
DNS
_cisco-uds._tcp.example.com ? = ucm.example.com
Same as
on-premise DNS _cuplogin._tcp.example.com ? = imp.example.com
resolution
_collab-edge._tls.example.com ? = No resolution
Cisco Expressway Mobile and Remote Access: Design Considerations (1 of 2)
DNS
DNS configuration is critical for successful deployments of Jabber over Expressway:
Inside the enterprise Ensure Jabber clients only receive corporate DNS SRV
records (_cisco-uds._tcp., _cuplogin._tcp.) Split
DNS DNS
Outside the enterprise Ensure Jabber clients only receive public DNS SRV
records (_collab-edge._tls.)
Certificates
Public CA signed certificate and public key infrastructure (PKI) required for
Expressway deployments:
Public CA signed certificates required for Expressway-E nodes.
All other nodes (Expressway-C, Unified CM, IM & P) may use
public CA or self-signed/enterprise-signed CA certificates.
Capacity
Large Expressway OVA or CE1100* supports the following maximum capacities:
Maximum of 10,000 proxy device registrations per Expressway cluster / 2,500 per node
Maximum of 2,000 concurrent video calls per Expressway cluster / 500 per node
Maximum of 4,000 concurrent voice calls per Expressway cluster / 1,000 per node
Unified CM endpoint capacity must also be considered
High Availability
Like Unified CM, Expressway nodes are clustered for redundancy and scale.
Expressway-C and E nodes and clusters must deployed in equal numbers and sizes
Expressway nodes cluster in up to 4:2 redundancy scheme (4 primary nodes and 2 backup nodes)
Jabber Expressway connections including clients registrations are re-established
via alternate node(s) given failure of an Expressway node
* Expressway appliance
Capacity
Large Expressway OVA or CE1100* supports the following maximum capacities:
Maximum of 10,000 proxy device registrations per Expressway cluster / 2,500 per node
Maximum of 2,000 concurrent video calls per Expressway cluster / 500 per node
Maximum of 4,000 concurrent voice calls per Expressway cluster / 1,000 per node
Unified CM endpoint capacity must also be considered
High Availability
Like Unified CM, Expressway nodes are clustered for redundancy and scale.
Expressway-C
CAUTION: and E nodes
All enterprise and clusters
collaboration must deployed
services are NOTin equal numbers
highly andover
available sizesMRA.
IMExpressway nodes cluster
& P node failures: Jabberin up towill
client 4:2failover
redundancy scheme
to active node (4
forprimary nodes
messaging andand 2 backup
presence nodes)
services
Unified
JabberCM and Unity Connection
Expressway connectionsnode failures:
including Jabber
clients client will
registrations areNOT failover to active node for
re-established
voice/video and
via alternate voice messaging
node(s) services.
given failure of an Expressway node
* Expressway appliance
FMS with Cisco Mobile Client Solutions For
Your
Reference
Enterprise Secure Remote Attachment Architecture: Expressway or VPN?
Cisco AnyConnect VPN Cisco Expressway Mobile and Remote Access
Supported All workflows, full enterprise access Collaboration work flows only: voice/video, IM and
workflows not just collaboration presence, visual voicemail, directory access
Per session/connection VPN license + No additional licensing beyond collaboration
Licensing
collaboration user/endpoint licensing user/endpoint licensing
All traffic traverses/hairpins at the All collaboration traffic traverse/hairpins at the
Media/data path Adaptive Security Appliance (ASA) / Expressway-C node(s). No point-to-point media.
VPN head-end All other traffic remains on the local network/Internet
All collaboration features supported Active call hand-out, CAPF enrollment, LDAP directory
Collaboration including active WLAN to cellular hand- access NOT supported.
feature support off, CAPF enrollment, LDAP directory Note: UDS is forced for directory/contact source over
services Expressway
No secure remote access per user /device
restrictions.
Other Per user enablement for enterprise
No session persistency calls/connections cleared
considerations secure remote access.
when network path lost or changed.
Reduced endpoint capacity due to UDS
Your
Reference
Enterprise Secure Remote Attachment Architecture: Expressway or VPN?
Cisco AnyConnect VPN Cisco Expressway Mobile and Remote Access
Supported All workflows, full enterprise access Collaboration work flows only: voice/video, IM and
workflows not just collaboration presence, visual voicemail, directory access
Each deployment is different
Per session/connection VPN license + No additional licensing beyond collaboration
Licensing
in order to determine the best enterprise secure remote attachment method consider:
collaboration user/endpoint licensing user/endpoint licensing
Remote/mobile users
All traffic traverses/hairpins at the All collaboration traffic traverse/hairpins at the
Media/data path Adaptive Security Appliance (ASA) / Expressway-C node(s). No point-to-point media.
Required
VPN head-end
work flows Just collaboration or other applications/traffic?
All other traffic remains on the local network/Internet
Location and devices
All collaboration On the move
features supported Activeor
callfixed location?
hand-out, CAPF enrollment, LDAP directory
Collaboration including
Existing active WLAN to cellular hand- access NOT supported.
deployments
feature support off, CAPF enrollment, LDAP directory Note: UDS is forced for directory/contact source over
Isservices
VPN already in place? Expressway
Are both solutions needed? No secure remote access per user /device
See the Appendix
restrictions.
Consider Expressway and VPN split-tunnel for split-tunnel
No session design
Other Per user enablement for enterprise
persistency calls/connections cleared
considerations secure remote access.
when network path lost or changed.
design information
Reduced endpoint capacity due to UDS
Agenda
BRKUCC-2060
Cisco Jabber
Cisco Spark


Dial via Office: Cisco Jabber for Android and iPhone
The Dial via Office (DVO) feature enables Cisco mobile client running on
dual-mode devices to automatically dial an outgoing call through the enterprise
All voice media traverses the mobile voice network and PSTN
All voice signaling (SIP) traverses the IP connection (802.11 WLAN or mobile data)
between the client and Unified CM.
DVO provides improved voice quality and reliability for workers on the move
PROBLEM #1: IP path DOES NOT provide PROBLEM #2: IP path DOES NOT provide
ample bandwidth/throughput to ensure reliable connection to prevent call disconnects
good voice quality SOLUTION: DVO audio traverses the
SOLUTION: DVO moves audio to the mobile voice network/PSTN ensuring
mobile voice network/PSTN ensuring audio is maintained even when IP
high quality voice connection is lost
Dial via Office: Cisco Jabber for Android and iPhone
The Dial via Office (DVO) feature enables Cisco mobile client running on
dual-mode devices to automatically dial an outgoing call through the enterprise
All voice media traverses the mobile voice network and PSTN
All voice signaling (SIP) traverses the IP connection (802.11 WLAN or mobile data)
between the client and Unified CM.
The Cisco Jabber DVO feature provides the following benefits:
Improved User Experience: Automated enterprise dialing eliminates manual 2-stage dialing
with ability to dial internal-only (non-DID) enterprise extensions.
Mobile phone number masking: System sends users enterprise number as caller ID
Cost savings: International and in some cases long distance calls made at reduced cost.
Enterprise call anchoring: Enables desk phone pickup and DTMF-based enterprise mid-call
features
FMS with Cisco Mobile Client Solutions After the user answers at
the mobile device, Unified
CM extends a call to the
Dial via Office Reverse (DVO-R) number the user dialed.
The user begins to hear
+1 (408) 555-7890 ring-back.
Cisco Jabber for Android/
Once the call is
iPhone supports Dial via answered at the
target number,
3
Unified CM extends a
call to the mobile
PSTN
Office Reverse (DVO-R) Unified CM anchors PSTN Gateway number (Mobility
the call in the Identity) of the Cisco
enterprise gateway Mobile Jabber client device.
DVO-R calls are set up by Voice Network
(Carrier)
4
the Unified CM system Call Media

(Voice)
2 Cisco
Unified CM
calling the user's mobile
number (configured as a 1 Enterprise
WLAN
Mobility Identity)
Cisco Expressway
Public/
Mobile Private
Data Network WiFi
(Carrier) 1
User selects contact or dials DMZ
number +1 408 555 7890.
Cisco Jabber client signals
Internet Call signaling
to Unified CM over the IP Call Signaling Voice media

path (WLAN or mobile (SIP)
data) Cisco ASA
FMS with Cisco Mobile Client Solutions After the user answers at
the mobile device, Unified
CM extends a call to the
DVO-R Using Alternate Callback Number number the user dialed.
The user begins to hear
+1 (408) 555-7890 ring-back.
Cisco Jabber for Android/
iPhone supports Dial via 3
Unified CM extends a
call to the alternate
PSTN
Office Reverse (DVO-R) PSTN Gateway number configured
within the Cisco
Mobile Jabber client.
DVO-R calls are set up by Voice Network
(Carrier)
the Unified CM system Call Media
(Voice)
2 Cisco
Unified CM
calling the user's mobile
number (configured as a 1 Enterprise
WLAN
Mobility Identity)
Cisco Expressway
DVO-R calls may also be Mobile
Public/
Private
setup using a user-specified Data Network WiFi
(Carrier) 1
alternative callback User selects contact or dials
number number +1 408 555 7890.
Cisco Jabber client signals
Internet Call signaling
to Unified CM over the IP Call Signaling Voice media

NOTE: DVO-R calls using an alternate path (WLAN or mobile (SIP)
callback number are not anchored data) Cisco ASA
Cisco Unified Mobility Integration: Multiple Mobile Client Devices
When deploying multiple Cisco mobile clients for a single user:
You must configure/
associate the Cisco Dual Mode
for iPhone/ Android
Mobility Identity
919 555-1212
with the dual-mode
Mobility Identity
client device
408 555-1212 IP Phone
Always configure/ No Remote Destination Profile
Remote Destination #2
associate any other
Remote
XXX XXX-XXXX Cisco Jabber for
Destinations on the Tablet Shared Line
Remote Destination N
client device with
the Mobility Identity. Maximum of 10
Mobility Identities /
Remote Destinations
per user
Dial Plan: Call Routing - Originate and Terminate
Jabber Device and Remote Destination Profile Calling
Search Space (CSS) configuration settings
2-stage
Call Origination: CSS (device-level)
(MVA/EFA) Determines call routing to target Cisco Unified CM
PSTN
DVO when Unified Mobility / Jabber user Gateway
makes a call (in concatenation PSTN
Voice/video
over IP w./ line-level CSS) Mobile Voice
Network
(Carrier)
Call Termination: Rerouting CSS

SNR Determines call routing
DVO-R to mobile when Unified Mobility/ Call Origination
call leg Jabber user receives a call Call Termination
Unified Mobility
User
Dial Plan: Call Routing - Originate and Terminate
Jabber Device and Remote Destination Profile Calling
Search Space (CSS) configuration settings
Call Origination: CSS (device-level) Dual-mode
2-stage
PSTN
DVO when Unified Mobility / Jabber user Gateway
makes a call (in concatenation PSTN
Voice/video
over IP w./ line-level CSS) Mobile Voice
Network
(Carrier)

Unified Mobility
SNR Determines call routing
DVO-R to mobile when Unified Mobility/ Call Origination
call leg Jabber user receives a call Call Termination
Unified Mobility
User
Dial Plan: Cisco Spark Call Routing - Originate and Terminate
Spark Remote Device / CTI Remote Device Calling Search
Space (CSS) configuration settings
2-stage
Call Origination: CSS (device-level)
PSTN
DVO when Spark user makes a call Gateway
(in concatenation w./ line-level CSS) PSTN
Voice/video
over IP Mobile Voice
Network
(Carrier) Spark RD / CTI RD
Determines Single Number
Reach call routing to Spark
SNR
DVO-R Call Origination
call leg Call Termination
Unified Mobility
User
Design Considerations: Cisco Jabber Emergency Calling
Calls for emergency services from mobile client devices should be routed via the
mobile provider network whenever possible.
Mobile provider networks typically provide more accurate location information
than enterprise or public WLAN networks.
Unified CM provides a mechanism for escaping or forcing of emergency calls
from Jabber clients directly over the cellular voice network of the device.
Dual Mode Client Device Configuration
Avoids enterprise call routing (VoIP or DVO)
Applies to Cisco Jabber for iPhone and Android
Design Considerations: Cisco Spark Emergency Calling
Calls for emergency services from mobile client devices should be routed via the
mobile provider network whenever possible.
Mobile provider networks typically provide more accurate location information
than enterprise or public WLAN networks.
With Cisco Spark Hybrid Services Call Service Connect deployments,
emergency calls from Cisco Spark client are routed using enterprise call
control and PSTN gateway.
Design and Deployment Considerations: Cisco Jabber
Maximum of 40,000* Mobility Identities + Remote Destinations per Unified CM cluster
Maximum of 40,000 registered/configured devices per Cisco Unified CM cluster
Maximum of 10,000 Cisco Expressway mobile and remote access proxy
registrations, 2,000 simultaneous video or 4,000 simultaneous audio-only
calls per Expressway-C/E cluster
High Availability
Client registration/feature sets are highly available based on Unified CM clustering
and device pool/CM group configuration
Dual mode devices fall-back to SRST** or the mobile voice/cellular network when
Unified CM is unavailable
* Unified CM 9.1(2)SU1 and later.
** Jabber 10.6 and later
Design and Deployment Considerations: Cisco Spark
Initial Provisioning
After provisioning user must set account password via web browser or desktop client.
Unlimited users. Unlimited rooms
Maximum of 25 participants on voice/video call (paid) /
3 participants on voice/video call (free)
High Availability
Cisco Collaboration Cloud services are generally redundant and highly available
Cisco Spark Hybrid Services: Clustered Expressway-C Connector Hosts ensure high
availability
Dual mode devices fall-back to mobile voice/cellular network if IP connection is
unavailable
Design and Deployment Considerations: 802.11 WLAN
Conduct 802.11 WLAN site survey to verify radio frequency design and
identify / mitigate interference so that WLAN is optimized for real-time traffic
802.11 WLAN RF (radio frequency) Design
Channel cell radius of -67 dBM
(minimize packet loss)
Same channel cell separation of 19 dBm
(minimize co-channel interference)
Non-adjacent channel cell overlap of at least 20%
(ensure seamless roaming between access points)
Call Capacity (per 802.11 channel cell)
Maximum of 27 simultaneous voice calls* per 802.11a/g/n/ac
channel cell
Maximum of 8 simultaneous voice/video calls* per 802.11a/g/n/ac channel cell
5GHz or no Bluetooth
* Bi-directional streams
Collaboration Solutions Summary
Review
BRKUCC-2060


Cisco Jabber
Cisco Spark

11 AM
8:30 AM 1:15 PM
3 PM
7 AM
9 PM
4 PM
7 PM 5:30 PM
Cisco Enterprise Mobile Collaboration For
Your
Reference
Application Feature Matrix (1 of 2)
Cisco Jabber Cisco Spark Cisco WebEx Cisco

Feature
for Android and Apple iOS for Android and Apple iOS, Mobile AnyConnect
Single Number Reach

(via Unified Mobility) (Hybrid Services: Call Service
(Smartphone only)
Connect)
Voice / Video over WLAN/Mobile Data
Hand-out (WLAN to Cellular) Manual

Hand-in(smartphone
(Cellular toonly)
WLAN) X
Single Sign-On
File share
Instant Messaging / Chat
Supported X Not Supported Support Not Applicable

Your
Reference
Application Feature Matrix (2 of 2)
Cisco Jabber Cisco Spark Cisco WebEx Cisco

Feature
for Android and Apple iOS for Android and Apple iOS Mobile AnyConnect
Dial via Office

(Dual-mode only)
Presence *
Visual Voicemail X
Corporate Directory/Contact Access

Enterprise Secure Remote
Attachment
Hybrid Services: Call Service
Connect
WebEx Meetings
Supported X Not Supported Support Not Applicable * Read receipts, responding indication
Your
Reference
Additional Resources (1 of 3)
For additional information on Cisco Mobile Collaboration solutions consult the
following resources:
Cisco Unified Mobility: Features & Services Guide for Cisco Unified CM
http://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-callmanager/products-
maintenance-guides-list.html (Cisco Mobility chapter)
Cisco Jabber: Product documentation

Jabber for iPad and iPhone: http://www.cisco.com/c/en/us/support/customer-collaboration/jabber-
iphone-ipad/tsd-products-support-series-home.html
Jabber for Android: http://www.cisco.com/c/en/us/support/unified-communications/jabber-android/tsd-

products-support-series-home.html
Cisco Expressway: Product/solution documentation http://www.cisco.com/c/en/us/support/unified-

communications/expressway-series/tsd-products-support-series-home.html
Cisco Spark: Product documentation https://support.ciscospark.com

Your
Reference
following resources (cont.):
Cisco Spark Hybrid Services:
http://www.cisco.com/c/dam/en/us/td/docs/solutions/PA/maroon/hybridswp.pdf
Mobile and Remote Access via Cisco Expressway Deployment Guide:

http://www.cisco.com/c/en/us/support/unified-communications/expressway-series/products-installation-and-configuration-
guides-list.html
Cisco AnyConnect Secure Mobile Client: Product documentation

http://www.cisco.com/c/en/us/support/security/anyconnect-secure-mobility-client/tsd-products-support-series-home.html
Cisco Identity Service Engine: Product documentation

http://www.cisco.com/c/en/us/support/security/identity-services-engine/tsd-products-support-series-home.html
WebEx Meetings mobile client: Product documentation

http://www.webex.com/products/web-conferencing/mobile.html
Your
Reference
following resources (cont.):
Solution Design Guides:
Cisco Collaboration Systems SRND: Mobile Collaboration chapter
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab11/collab11/mobilapp.html
Real-time Traffic over Wireless LAN (RToWLAN) SRND:

http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/RToWLAN/CCVP_BK_R7805F20_00_rtowlan-
srnd.html
Cisco Validated Design:

Cisco Unified Access (UA) and Bring Your Own Device (BYOD) CVD
http://www.cisco.com/c/en/us/solutions/enterprise/data-center-designs-cloud-computing/own_device.html
Want More Mobility?
BRKCOL-2607 Understanding Cloud and Hybrid Cloud Collaboration Deployment
Date/time: Monday, July 11th / 4 PM
BRKUCC-2344 Understanding Cisco Jabber Service Discovery & Client Configuration

Date/time: Tuesday, July 12th / 4 PM
BRKCOL-2275 Real-time Traffic Applications and Service over WLAN

Date/time: Wednesday July 13th / 4 PM
PSOCOL-2404 Cisco Spark and the Cisco Collaboration Cloud

Date/time: Thursday, July 4th / 2 PM
Sessions earlier this week:
BRKEWN-2000 Design and Deployment of Wireless LANs for Mobile Applications
Complete Your Online Session Evaluation
Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 Amazon gift card.
Complete your session surveys
through the Cisco Live mobile
app or from the Session Catalog
on CiscoLive.com/us.
Dont forget: Cisco Live sessions will be available

for viewing on-demand after the event at
CiscoLive.com/Online
Continue Your Education
Demos in the Cisco campus
Walk-in Self-Paced Labs
Lunch & Learn
Meet the Engineer 1:1 meetings
Matt Jordy Walk-in MTE

Monday (today), 1 - 3 PM
Thursday, 2 3 PM
Related sessions
19,000+
Members
Join the Customer Connection Program Strong
Influence product direction

Join in World of Solutions
Access to early adopter & beta trials
Collaboration zone
Monthly technical & roadmap briefings
Join at the Customer Connection stand
Connect in private online community New member thank-you gift *
CCP ribbon for access to NDA sessions
Exclusive perks at Cisco Live
Collaboration NDA Roadmap Sessions Mon & Tues
Q&A Open Forum with Collaboration Product
Management Tues 4:00 5:30 Join Online
Reserved seats at Collaboration Innovation Talk www.cisco.com/go/ccp
Thurs 8:00am 9:00am
Come to Collaboration zone to get your
2 new CCP tracks launching at Cisco Live:
ribbon and new member gift
Security & Enterprise Networks
* While supplies last
Please join us for the Service Provider Innovation Talk featuring:
Yvette Kanouff | Senior Vice President and General Manager, SP Business
Joe Cozzolino | Senior Vice President, Cisco Services
Thursday, July 14th, 2016

11:30 am - 12:30pm, In the Oceanside A room
What to expect from this innovation talk

Insights on market trends and forecasts
Preview of key technologies and capabilities
Innovative demonstrations of the latest and greatest products
Better understanding of how Cisco can help you succeed
Register to attend the session live now or

watch the broadcast on cisco.com
Thank you
Collaboration Cisco Education Offerings
Course Description Cisco Certification
CCIE Collaboration Advanced Workshop (CIEC) Gain expert-level skills to integrate, configure, and troubleshoot complex CCIE Collaboration
collaboration networks
Implementing Cisco Collaboration Applications Understand how to implement the full suite of Cisco collaboration CCNP Collaboration
(CAPPS) applications including Jabber, Cisco Unified IM and Presence, and Cisco
Unity Connection.
Implementing Cisco IP Telephony and Video Learn how to implement Cisco Unified Communications Manager, CUBE, CCNP Collaboration
Part 1 (CIPTV1) and audio and videoconferences in a single-site voice and video network.
Implementing Cisco IP Telephony and Video Obtain the skills to implement Cisco Unified Communications Manager in a
Part 2 (CIPTV2) modern, multisite collaboration environment.
Troubleshooting Cisco IP Telephony and Video Troubleshoot complex integrated voice and video infrastructures
(CTCOLLAB)
Implementing Cisco Collaboration Devices Acquire a basic understanding of collaboration technologies like Cisco Call CCNA Collaboration
(CICD) Manager and Cisco Unified Communications Manager.
Implementing Cisco Video Network Devices Learn how to evaluate requirements for video deployments, and implement
(CIVND) Cisco Collaboration endpoints in converged Cisco infrastructures.
For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com
Cloud Cisco Education Offerings
Understanding Cloud Fundamentals Learn how to perform foundational tasks related to Cloud computing, and the essentials
(CLDFND) of Cloud infrastructure
CCNA Cloud
Introducing Cloud Administration Learn the essentials of Cloud administration and operations, including how to provision,
(CLDADM) manage, monitor, report and remediate.
Implementing and Troubleshooting the Learn how to implement and troubleshoot Cisco Cloud infrastructure: compute,
Cisco Cloud Infrastructure (CLDINF) network, storage.
Learn how to design private and hybrid Clouds including infrastructure, automation,
Designing the Cisco Cloud (CLDDES)*
security and virtual network services
CCNP Cloud
Automating the Cisco Enterprise Cloud Learn how to automate Cloud deployments provisioning IaaS (private, private with
(CLDAUT)* network automation and hybrid) and applications, life cycle management
Building the Cisco Cloud with Application Learn how to build Cloud infrastructures based on Cisco Application Centric
Centric Infrastructure (CLDACI)* Infrastructure, including design, implementation and automation
Learn how to manage physical and virtual infrastructure using orchestration and
UCS Director Foundation (UCSDF)
automation functions of UCS Director.
* Available Q2CY2016

Wireless Cisco Education Offerings
Designing Cisco Wireless Enterprise Networks Professional level instructor led trainings to prepare candidates to conduct CCNP Wireless Version 3.0
Deploying Cisco Wireless Enterprise Networks site surveys, implement, configure and support APs and controllers in
Troubleshooting Cisco Wireless Enterprise converged Enterprise networks. Focused on 802.11 and related (Available March 22nd, 2016)
Networks technologies to design, deploy, troubleshoot as well as secure Wireless
Securing Cisco Wireless Enterprise Networks infrastructure. Course also provide details around Cisco mobility services
Engine, Prime Infrastructure and wireless security.
Implementing Cisco Unified Wireless Network Prepares candidates to design, install, configure, monitor and conduct CCNA Wireless
Essential basic troubleshooting tasks of a Cisco WLAN in Enterprise installations. (Available Now)
Understanding of the Cisco Unified Wireless Networking for enterprise
deployment scenarios. In this course, you will learn the basics of how to
Deploying Basic Cisco Wireless LANs (WDBWL) install, configure, operate, and maintain a wireless network, both as an 1.2
add-on to an existing wireless LAN (WLAN) and as a new Cisco Unified
Wireless Networking solution.
The WDAWL advanced course is designed with the goal of providing
learners with the knowledge and skills to successfully plan, install,
Deploying Advanced Cisco Wireless LANs configure, troubleshoot, monitor, and maintain advanced Cisco wireless
1.2
(WDAWL) LAN solutions such as QoS, salt and pepper mobility, high density
deployments, and outdoor mesh deployments in an enterprise customer
environment.
Deploying Cisco Connected Mobile Experiences WCMX will prepare professionals to use the Cisco Unified Wireless
Network to configure, administer, manage, troubleshoot, and optimize 2.0
(WCMX) utilization of mobile content while gaining meaningful client analytics.
Appendix
Thank you
Automatic Caller ID Matching
For all inbound calls to Cisco Unified CM the caller ID is automatically compared against all
configured remote destinations
Cisco Unified
CM Cluster Configured Remote
Destinations:
PSTN 408 555 1234
Gateway
408 555 5678
408 555 0987
PSTN .
.
.
919 444 6789
919 555 2345
Inbound caller ID:
MATCH 919 555 8765
919 444 6789
If a match is found, user is identified and call is anchored in the enterprise

Anchoring alters the caller ID of the inbound call by replacing the original calling number
(users remote destination/mobile number) with the calling users enterprise number.
Enterprise Call Anchoring: Mobility Calls
1 8 * All calls made or received on behalf of users
Single Number Mid-Call Remote Destination(s) are automatically
Reach Features
Inbound Calls Answered anchored through the enterprise gateway
at Desk Phone or at DTMF
Remote Destination Phone
PSTN
In-Progress Gateway
Mobile Voice Access Call
Outbound Calls Generated
from ACTIVE
Remote Destination Phone PSTN
Enterprise Feature
Access
Outbound Calls Generated
from Cisco Unified
Remote Destination Phone CM
Inbound Calls from Desk

Remote Destination Phone
Incoming Calls from Pickup
Configured Remote
Destination Phone
Mobile Voicemail Avoidance: Single Enterprise Voicemail Box
Unanswered calls to user's
enterprise number always Mobile provider
end up in the enterprise voicemail
voicemail box instead of Enterprise

mobile voicemail box PSTN PSTN voicemail
Gateway
STOP
Two methods to ensure that Mobile Voice
mobile voicemail is avoided:

1) Timer Control: Answer
Network
(Carrier)
X Cisco Unified
Communications
Too Soon/Late timers Manager
2) User Control: Cisco Unified

Mobility User
Prompted DTMF Mobile Device Enterprise Line/Device
confirmation on answer User Control method requires
DTMF propagation from PSTN/
BRKUCC-2060 2016 provider
Cisco and/or its affiliates. to Cisco
All rights reserved. Cisco Unified
Public 106CM
Mobile Voicemail Avoidance: Single Enterprise Voicemail Box
Unanswered calls to user's
1. On answer, prompt played to user
enterprise
requesting number always Mobile provider
key press.
endpresses
2. User up inkeythe enterprise
generating DTMF to
voicemail
voicemail
Unified boxpath
CM and voice instead of
is cut-through. Enterprise
3. If mobile
DTMF tonevoicemail box CM
not received, Unified PSTN PSTN voicemail
Gateway
disconnects outbound call leg and routes STOP
Two call
inbound methods to ensure that Mobile Voice
X
to enterprise voicemail
Network
mobile voicemail is avoided: (Carrier)
Cisco Unified
1) Timer Control: Answer Communications
Too Soon/Late timers Manager
2) User Control: Cisco Unified

Mobility User
Prompted DTMF Mobile Device Enterprise Line/Device
confirmation on answer User Control method requires
BRKUCC-2060 2016 provider
Cisco and/or its affiliates. to Cisco
All rights reserved. Cisco Unified
Public 107CM
Enterprise Voicemail Integration with Unity Connection
Cisco Jabber mobile clients enable
enterprise voicemail services from Cisco
Mobile Client Unified CM
Unity Connection: Device Mobile
Voice Network
Message waiting indication (Carrier) PSTN
(MWI) with new/unread message count
Visual voicemail Enabling Enterprise
Mobile WLAN
visual navigation of the enterprise voicemail Data Network
(Carrier) REST
box via REST (HTTPS)
Messages downloaded on demand and Internet
Public/Private
Cisco Expressway
played via phone no need to navigate TUI WiFi
Cisco Unity
If enterprise IP connectivity is not REST over 802.11 WLAN
Connection
available, voicemail can still be Voice/TUI

(enterprise/ public/private)
accessed via PSTN. Visual voicemail
OR mobile data network (REST/HTTPS)
Web and Video Conferencing with WebEx Meetings
Cisco WebEx Mobile clients enable video
and web conferencing capabilities from Mobile
Voice Network
the WebEx cloud: (Carrier) PSTN
Host, join, start, and schedule
meetings
Mobile
Share, view meeting roster and Data Network
VVoIP
(Carrier)
shared content Mobile Client HTTPS WebEx
Device Internet
PSTN voice or voice and video Enterprise/
Meeting Center
over IP via RTP Public/PrivateVVoIP
WiFi PSTN Voice
Signaling and web conferencing via HTTPS Signaling, Web
(HTTPS)
Flows over 802.11 WLAN (enterprise/public/ private) VVoIP (RTP)
or mobile data network
Collaboration Service Deployments: On-Premise, Cloud, Hybrid
On-Premise Cloud Hybrid
On-Premise Collaboration
Enterprise Collaboration Collaboration Services
Services Services + Cloud-based
PSTN
Collaboration Services
Gateway Unified CM PSTN
Gateway Unified CM
Spark WebEx Spark WebEx
Conferencing /
MCU
Unity
Connection
Expressway-C
+ Conferencing /
MCU
Unity
Expressway-C
Connection
Directory IM & P Expressway-E

Directory IM & P Expressway-E
This flow assumes Unified CM
Jabber 10.x in Full Download UC
Services Profile and IM & P
UC mode with 10.x or
above servers jabbber-config.xml
5 6 **
IP addresses for Unified CM User
UDS, IM &P* TFTP SSO
Address for authentication
2 home Unified
CM TFTP 7
4 7
1 Unified CM
UDS Connection
Enabling Dial via Office: Cisco Unified CM Device Configuration
iPhone
Android
Jabber DVO: Client Calling Options
!
Caution
The Cisco Jabber DVO

client calling option not only
determines the enterprise
call origination method,
but also the enterprise
call termination method.
Mobility Identity or
user specified alternate
callback number
Jabber DVO: Client Calling Options Outbound
Cisco Jabber DVO Calling Options
Autoselect Mobile Voice Network Voice over IP
Cisco Jabber
Call Direction Outbound Inbound Outbound Inbound Outbound Inbound
Device
IP Connection
802.11 WLAN
(Corporate/
enterprise)
Voice over IP Voice over IP
802.11 WLAN
Dial Via Office SNR Voice over IP Voice over IP
(Non-corporate)
Mobile Data Dial via Office SNR
Outbound: Native Cellular

No IP
Inbound: Single Number Reach (SNR)
Jabber DVO: Client Calling Options Inbound
Cisco Jabber DVO Calling Options
Autoselect Mobile Voice Network Voice over IP
Cisco Jabber
Call Direction Outbound Inbound Outbound Inbound Outbound Inbound
Device
IP Connection
802.11 WLAN
(Corporate/
enterprise)
Voice over IP Voice over IP
802.11 WLAN
Dial Via Office SNR* Voice over IP Voice over IP
(Non-corporate)
Mobile Data Dial via Office SNR*
*NOTE: Dual-ring avoidance (VoIP, then SNR) does Outbound: Native Cellular
No IP
not apply when DVO calling is enabled as all inbound Inbound: Single Number Reach (SNR)
calls are routed by SNR BRKUCC-2060 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Dial via Office Client Calling Options: Usage Models for End-Users
Which Cisco Jabber calling option? Depends on the end-user profile
Always Use DVO
Typical Profile: User is highly mobile, almost never has WLAN coverage
Mobile data does not provide acceptable voice quality and reliability
Always Use Internet
Typical Profile: User is mobile within the office (home or enterprise) but enterprise calling
not typically needed outside the enterprise.
Cost is an important consideration (e.g. employee-owned device/BYOD)
Automatically Select (default)
Typical Profile: User is mobile both within and outside the office.
Provides potential least cost routing by taking advantage of VoIP when Wi-Fi is available
and falls back to mobile voice/data network (DVO/SNR) when Wi-Fi is not available
Dial via Office Reverse: Voicemail Avoidance On answer the called party may
end up in the mobile voicemail
+1 (408) 555-7890 box of the calling user leading to
poor experience
Voicemail avoidance is POOR
EXPERIENCE
important for optimum PSTN PSTN
3
Gateway
DVO-R experience. 4
Mobile
Mobile
User Control (DTMF-
based) method is
voicemail
Voice Network
(Carrier) X 2 Cisco
Unified CM
recommended with
Unified CM 9.x and later.
Public/
With User Control voicemail Mobile Private
Cisco ASA
avoidance, if no DTMF digit Data Network WiFi

(Carrier) 1 Call signaling
is received by Unified CM,
Internet
call will be disconnected. User Control method requires
Voice media

provider to Cisco Unified CM
Cisco Jabber Deployment: Cisco Jabber Device Cisco Option (COP) Files
COP file installation may be required depending on version of Unified CM
Device COP file must be loaded on each node of the cluster.

Each node must be rebooted before adding new devices or making new
configurations changes to existing devices. !
COP file download: Caution
https://software.cisco.com/download/release.html?mdfid=283812787&flowid=45928&softwareid=284006014&
release=10.6%280%29&relind=AVAILABLE&rellifecycle=&reltype=latest (Android)
release=10.6%280%29&relind=AVAILABLE&rellifecycle=&reltype=latest (Tablet iOS, Android)
release=10.6%280%29&relind=AVAILABLE&rellifecycle=&reltype=latest (iPhone)
Consult product documentation for COP file requirements

Cisco AnyConnect VPN and Expressway Mobile and Remote Access
Layer 3 TLS VPN
Cisco AnyConnect
Secures entire device
VPN Mobile Client All traffic traverses the DMZ
enterprise network Cisco ASA
Cisco Unified CM
ALL TRAFFIC
Cisco Jabber and

Internet
Cisco Expressway
Cisco Unity
Connection
COLLABORATION
TRAFFIC
Expressway Expressway
TLS Session-based firewall traversal -E -C
Cisco IM
Secures Jabber application ALL OTHER Cisco Expressway and Presence
Only collaboration traffic traverses the TRAFFIC
enterprise network
Cisco Expressway Mobile and Remote Access: Unified CM Considerations
Cisco Expressway mobile and remote access is mostly transparent
to Unified CM
SIP line integration. Not a SIP trunk
No requirement to build a SIP trunk on Unified CM to Expressway-C or E
No dial plan changes required
Remote Jabber clients connecting through Expressway will register to Unified
CM with Expressway-C IP address.
Design and Deployment Considerations: Cisco Jabber
Remote Secure Enterprise Connectivity
Connection reliability and voice/video quality over Internet connections including
public or private Wi-Fi hotspots and mobile data networks varies depending on the
quality of the network connection
**** Cisco does not provide support to troubleshoot voice/video quality or
connectivity issues for secure remote enterprise client connections. ****
Cisco ASA Cisco
(AnyConnect VPN) Unified CM
Internet
Cisco Expressway
(Mobile and remote access)
Cisco Jabber and Expressway with Cisco AnyConnect VPN Split-Tunnel Design
Unified CM
IM & P
DNS
DNS Public DNS

ASA Jabber outside
Corporate
DNS
the enterprise with
AnyConnect VPN
Seamless co-resident split-tunnel design forces/
maintains Jabber connection over Cisco Expressway
Depends on two deployment principles:
1. DNS filtering on ASA to force resolution and connectivity over Expressway
2. Excluding Expressway access through AnyConnect VPN tunnel
Cisco Jabber/Expressway with AnyConnect VPN Split-Tunnel: DNS Filtering
Unified CM
Design
Requirement

IM & P Matching collab-edge
(imp.example.com) Internet DNS SRV record(s)
Expressway-C Firewall Expressway-E Firewall must be configured in
(expressway.example.com) both public and
corporate/ internal DNS
DNS
DNS request filtering DNS

configured on ASA. Corporate
X ASA Jabber outside
Public DNS
DNS
the enterprise with
When mobile DNS filter list: AnyConnect VPN
device is connected to _cisco-uds._tcp.example.com
_cisco-uds._tcp.example.com ? = No resolution [FILTERED]
enterprise via AnyConnect
_cuplogin._tcp.example.com
VPN: _cuplogin._tcp.example.com ? = No resolution [FILTERED]
Jabber connects (or maintains existing connection) _collab-edge._tls.example.com ? = expressway.example.com

over Expressway because _collab-edge._tls is the
only DNS request resolved
Cisco Jabber/Expressway with AnyConnect VPN Split-Tunnel: Exclude Expressway
Unified CM
Unified CM (ucm.example.com) 64.100.100.11
IM & P Split-tunnel
X (expressway.example.com)
DNS
Expressway external DNS Public DNS

IP address(es) ASA Jabber outside
Corporate
the enterprise with
added to ASA DNS
Exclude list: AnyConnect VPN
VPN destination address 64.100.100.11
[expressway.example.com] _cisco-uds._tcp.example.com ? = No resolution [FILTERED]
exclude list.
When mobile device is connected to enterprise via _cuplogin._tcp.example.com ? = No resolution [FILTERED]
AnyConnect VPN:
_collab-edge._tls.example.com ? = expressway.example.com
Expressway/Jabber traffic streams forced to
split-tunnel and flow via Expressway independent of the AnyConnect VPN tunnel
Your
Reference
Cisco Jabber and Expressway with Cisco AnyConnect VPN Design Details
For more information on Cisco Jabber deployments with AnyConnect VPN and
Cisco Expressway:
Refer to the Mobile and
Remote Access Collaboration

with Cisco Expressway Series
chapter of the Cisco Unified
Access (UA) and Bring Your
Own Device (BYOD) CVD
available at the Design Zone
for BYOD
http://www.cisco.com/c/en/us/solutions/enterprise/data-center-designs-cloud-computing/own_device.html
Cisco Identity Services Engine (ISE) and Mobile Device Management (MDM)
ISE has limited awareness of device posture.
For example, ISE cannot detect if PIN-lock is enabled, if the device has been
jailbroken or rooted, etc.
MDM platforms/applications provide posture information, however, MDM
capacity to enforce enterprise network policies is limited
ISE receives device compliance information from the MDM in order to
make network access policy decisions
ISE is also able to push administrative device actions (such as remote-
wiping) via the MDM
Service Providers
Cisco Jabber: Single Sign-On with SAML (v2) Redirect with
SAML auth. (SP)
request
Cisco Jabber supports Security Assertion Unified
Markup Language 2.0 (SAML v2) OAuth access token +
access granted
CM
Single Sign-On (SSO) Access request
Unified
2
Service providers (SPs) including 1 7 CM IM & P
LDAP
Unified CM and Unity Connection sync
LDAP
redirect authentication requests to 6 Unity
Directory
identity provider (IdP) Connection
HTTP POST
IdP authenticates user/client and 3 of response
Trust
provides signed SAML assertion IdP signed
response relationship
response. Client posts response. SAML auth. 4
4 User
request
authentication
IdP and SP have pre-established
Authentication/
trust agreement and SP sends OAuth credential exchange 5 Identity
access token and grants access. Provider (IdP)
Single Sign-On: Subsequent access requests to other resources or SPs are automatically authorized
using the OAuth access token because user has already authenticated
BRKUCC-2060 with theCiscoIdP
2016 and/or previously
its affiliates. All rights reserved. Cisco Public 127
Service Providers
Expressway: Single Sign-On with SAML (v2) (SP)
Cisco Jabber also supports SSO over Expressway-E / Expressway-C
Unified
Expressway mobile and remote access CM
Access & authentication requests Unified

from Cisco Jabber connecting DMZ
CM IM & P
over Expressway are proxied.
Unity
IdP SAML authentication flow is Connection
brokered by an HTTPS reverse proxy Reverse
located in the enterprise DMZ. Proxy
Trust
SAML assertion response post and OAuth relation-
ship
flows are brokered by Expressway-E and C.
LDAP
Supported IdPs: Directory
Ping Federate
SAML + OAuth
Microsoft ADFS Identity
SAML
Open Access Manager BRKUCC-2060
Provider (IdP)
2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
Intelligent Proximity and Mobile Device Enablement: What is Intelligent Proximity?
Intelligent Proximity leverages proximity-based technology to connect mobile devices
to fixed desk and room-based endpoints for richer collaboration experiences.
Intelligent Proximity for Mobile Voice
Bluetooth pairing to the Cisco IP Phone series 8851/8861 and DX series
endpoints enabling high fidelity audio and mobile contact & call history
sharing.
Intelligent Proximity for Content Sharing

Proximity-based pairing to Cisco TelePresence MX200/300 G2,
MX700/800, and SX series endpoints enabling users to view,
control, and capture content on their mobile device wirelessly
while in the meeting room with the Cisco Proximity application
for Android and Apple iOS.
Business Collaboration Is Increasingly Taking Place on Smartphones and Tablets
How the heck

do I manage all
these mobile
devices?
Mobile Device Management (MDM) Models
Increasing Security & Compliance Requirements
Basic Enhanced Advanced
MDM + App Store

No MDM MDM + App Store + Secure Container
Native application experience Native application experience Containerized application

(email, calendar, Jabber, etc.) (email, calendar, Jabber, etc.) experience
Device wipe via ActiveSync MDM for security, policy, MDM for security, policy,
All applications via public compliance and reporting compliance and reporting
application store Applications accessible through Secure container for private
enterprise application store applications/ documents
Mobile Device Management (MDM) Details
MDM + App Store+ Secure
No MDM MDM + App Store
Container
User Experience Native Native Containerized
Personal and Corporate

Co-existing Co-existing Separated
Data
Data Leakage Protection Secure container to access email,
N/A N/A
(DLP) documents and private apps
Enterprise App Store N/A Yes Yes
Secure Apps N/A N/A Yes
Lock, Locate, and Wipe Full wipe Full or selective wipe Full or selective wipe
Device and app level security, Device and app level security,
Policy & Compliance N/A
location and compliance policies location and compliance policies
Mobile Device Management (MDM) Application wrapping
required in order to
distribute and secure
via private enterprise
Jabber accessible from application store
private enterprise
application store, but
downloaded from public
application store.
More IT visibility
and control
Mobile Collaboration
App Packages are
Wrapped,
Business Mobile Collaboration
Distributed, and
Collaboration Apps are Distributed
Secured via Private
Users Download Mobile Devices are to Users via Private
App Stores
Mobile Collaboration Controlled by Mobile App Stores
Apps from Public Device Management
App Stores (MDM) Platform

Cisco Mobile Application Management (MAM) Wrapping with MDM
Growth of BYOD and increasing use of mobile applications in the enterprise means
companies are using Mobile Application Management (MAM) solutions. MDM
Wrapping mobile applications and distributing using MDM-managed private
enterprise application stores enhances security, policy management,
and distribution of applications.
Ciscos approach to mobile collaboration application wrapping is to use a
partner/customer forum
Delivered through the Cisco Customer Connection Program, a private online community
Provides members with access to Jabber and WebEx mobile packages at no charge ($0)
for distribution from private application stores
Requires MAM software license agreement with Cisco
Wrapped application management & distribution with many industry leading MDM vendors.
*** Contact your Cisco account team to enroll and participate ***
Jabber/WebEx Mobile Application MAM Wrapping: Cisco & Customer Responsibilities
Responsibilities after the customer signs the MAM Software License Agreement:
Cisco
Provides application software (unsigned object code) to customer - visually different from
application store versions but identical functionally
Provides standard support for the unwrapped (unmodified) version of the shipping
product (according to the support contract in place with the customer/end user)
Customer
Responsible for wrapping the software. When Cisco provides a new version of the
application, customer agrees to provide a new wrapped version to users within 2 weeks
Responsible for supporting the wrapped software
Standard support protocol is followed for issues isolated to the Cisco software
Wrapped software is intended for customer internal distribution only. Cisco
retains the right to distribute software via public app stores
Cisco ISE and MDM Integration: Onboarding
Step 1: User/Device on-boarding
Step 1E: Device/user re-
directed to MDM to enroll.
When completed, device re- MDM
Step 2: MDM compliance check authenticates and ISE REST
query response from MDM
Jailbroken? indicates device is registered
Rooted? Step 1C: Device
PIN lock? connects to secure
Employee SSID Step 1D: ISE uses
REST API to query
MDM to determine if
device is registered
Step 3: Secure access granted 802.11 Cisco ISE
WLAN
Step 1B: ISE guides user
through registration / on-
Step 1A: Device boarding (push profiles /
connects to On- certificate to device)
Boarding SSID
Cisco ISE and MDM Integration: Onboarding (cont.)
Step 1: User/Device on-boarding
MDM
Step 2: MDM compliance check Step 3: If device is compliant,
device is granted access to
Jailbroken? the network (full, partial, or
No access, internet-only) based on
Rooted?
quarantine device network access policy
PIN lock? Step 2A: ISE uses
REST API to query
MDM for device
posture and MDM
Step
Step 3:
3: Secure
Secure access
accessgranted
granted 802.11 Cisco ISE compliance status
WLAN
Step 2B: If device is not
compliant device is quarantined
and user is notified that
additional steps are required to
become compliant
Cisco ISE and MDM Integration: Post-Onboarding
Cisco ISE regularly queries MDM via REST API to check
device compliance.
Compliance failure results in quarantine MDM
ISE periodically
queries MDM to
If device falls out
of compliance,
device is
quarantined
X 802.11 Cisco ISE
WLAN
ensure device
compliancy

Collab VCE

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Collab VCE

Загружено:

Авторское право:

Доступные форматы

Cisco Enterprise Mobile

Come see me after the session or send me an email or Spark message

Dont forget: Cisco Live sessions will be available

Cisco Enterprise Mobile Collaboration Solutions Summary

Cisco Mobile Collaboration

What is fixed mobile

What is fixed mobile

Moving or enabling the

What is fixed mobile

Single Number Reach (SNR)

User 2-Stage Dialing

WAN/ Spark / WebEx

Team Persistent Conversations

Cisco Collaboration Cloud

Management Content Sharing Messaging

Mobile device = enterprise phone

Signaling is REST (HTTPS) / Collaboration

Enterprise Secure Remote Attachment

Cisco Enterprise Mobile Collaboration Solutions Summary

Jabber Dual-Mode + Unified Dual-mode

Jabber Dual-Mode + Unified Dual-mode

High availability and

Incoming calls ARE Enterprise Number

registered to Unified CM Mobile Client WITHOUT Mobile Client WITH

Enterprise Secure Remote Attachment

Cisco Enterprise Mobile Collaboration Solutions Summary

Mobile Cisco call control,

Configured like other endpoints in Unified CM Jabber

Configure and upload a jabber-config.xml file to

If service discovery is not configured or fails,

user@company.com Provisioning/invite email sent to user

Mobile: Email with redirect link to

Web: Open in browser

2. User logs in with email address

Cisco Spark Hybrid Services enable integration Expressway

Enterprise Secure Remote Attachment

Cisco Enterprise Mobile Collaboration Solutions Summary

the enterprise for Cisco routers,

VPN with the Cisco ASA DMZ

VPN IOS router (e.g. Cisco Virtual Office) Cisco ASA

Mobile Data Internet

the enterprise for Cisco routers,

Call signaling (SIP)

Visual voicemail, directory (HTTPS)

Collaboration Edge (VPN-less) Internet

All other traffic

_cisco-uds._tcp.example.com ? = ucm.example.com _cisco-uds._tcp.example.com ? = No resolution

_cuplogin._tcp.example.com ? = imp.example.com _cuplogin._tcp.example.com ? = No resolution

_collab-edge._tls.example.com ? = No resolution _collab-edge._tls.example.com ? = expressway.example.com

Enterprise Secure Remote Attachment

Cisco Enterprise Mobile Collaboration Solutions Summary

the Unified CM system Call Media

to Unified CM over the IP Call Signaling Voice media

to Unified CM over the IP Call Signaling Voice media

Call Termination: Rerouting CSS

call leg Jabber user receives a call Call Termination

Call Termination: Rerouting CSS

call leg Jabber user receives a call Call Termination

call leg Call Termination

Fixed Mobile Substitution with Cisco Mobile Client Solutions

Mobile Client and Collaboration Service Deployment

Enterprise Secure Remote Attachment

Design and Deployment Considerations

Cisco Jabber Cisco Spark Cisco WebEx Cisco