Академический Документы
Профессиональный Документы
Культура Документы
Lab Guide
version 3.2
Collaboration SE VT Meeting
May 2012
Lab Topology
Lab topology is shown on a diagram below. Each student has his own set of terminals in his POD.
IP address
SERVER Hostname
(Private)
AD DC (WS2008R2) ad01-bc.bootcamp.com 10.52.226.68
CUCM 9.0 cucm01-bc.bootcamp.com 10.52.226.70
IM&Presence 9.0 cup01-bc.bootcamp.com 10.52.226.71
Exchange 2010 exchange01-bc.bootcamp.com 10.52.226.73
PC 1(AADAMS) 10.52.226.76
PC 2(BBANKS) 10.52.226.77
PC 3(CCHUNG) 10.52.226.78
Extension
Device IM address (XMPP) Extension (Private) (E164)
Alice Adams aadams@bootcamp.com 100 +498115543100
Bob Banks bbanks@bootcamp.com 200 +498115543200
Cathy Chung cchung@bootcamp.com 300 +498115543300
Tobias Neumann tneumann@bootcamp.com 400 +498115543400
Fabio Chiesa fchiesa@bootcamp.com 500 +498115543500
2. DNS configuration
b. Client Logon and Test (Buddy list, chat, call, Desktop Sharing using BFCP)
d. Client Logon and Test (Buddy list, chat, call, Desktop Sharing using BFCP)
9. Directory Lookup Rules to complete Photo Integration in alerting and connected call status.
10. Using CUCM User Data Service (UDS) for Directory Integration and Photo Lookup
c. Force Bob Banks to use method 2 for photo retrieval customized for UDS
12. New Provisioning method to enable User for IM&Presence and deploy CSF devices
c. Enable User for IM&Presence and create CSF device using the new provisioning method
ELM can be accessed via the logon screen shown below utilizing the CUCM administrator ID and password.
After logon the ELM dashboard provides an overview of the configured components and the licenses in use.
First task is to add the product instances aka server components such as CUCM clusters or Cisco Unity
Connection servers to the inventory. Select Inventory -> Product Instances from the left navigation menu.
After a fresh install there should not be any entries. Choose Add from the top row to add our CUCM
instance. In the dialog shown below the parameters are entered to define what product is added to ELM and
the required information for ELM to connect to this instance is provided.
The Test Connection button provides the means to verify that all parameters have been entered correctly.
Product instances now show a new instance of CUCM that is not yet synchronized (Synchronization Status
column).
Select the row with CUCM01-BC and press the Synchronize Now button to initiate the synchronization.
Configuration pre-9.0 and post 9.0 – Certain changes outlined in the following chapters describe how
the Cisco Collaboration platform is administered running version 9.0 and above (CUCM and CUCM
IM & Presence). It needs to be noted that the first version of Cisco Jabber for Windows (9.0.1) will
not fully pickup all the new configuration methods and the corresponding parameters. Full support
for the post-9.0 configuration methods is planned for a future release of Cisco Jabber for Windows.
In this guide where ever possible pre-9.0 and post-9.0 configuration methods are explained.
CUCM Publisher – define CUCM IM & Presence Server, define Application User, Setup & Service
Activation
All nodes in the CUCM cluster utilize IPsec authenticated communication. Each new node has to be added to
the CUCM publisher before it can be activated.
https://cucm01-bc.bootcamp.com/ccmadmin navigate to System -> Application Server and select Add New
Database synchronization utilizes the CUCM AXL API for that reason the service needs to be activated and
started on the CUCM publisher node and an AXL enabled application user must be provided.
Warning!!! The default CUCM administration user created during install does have the required
privileges and could be utilized for this purpose. As a best practice this chapter shows the creation of
a distinct user that ONLY has the required privileges for this purpose.
Select Add New and enter the parameters as show in the figure below.
CUCM Serviceability – verify that the AXL service is activated (the other services shown are already activated
for other parts of the lab to function).
Next the application user configured in the previous chapter is configured. Final screen shows the summary
of all parameters configured.
7. CUCM IM & Presence Post Install Page 3 4. CUCM IM & Presence Post Install Summary
IMPORTANT NOTE: ….YOU MUST CONFIGURE ALL THE ITEMS OF THIS CHAPTER ON
THE MACHINES!
To do that please go in RDP to the AD/DC server where also DNS is running, launch the DNS management
console. Right click the bootcamp.com domain and select Other New Records…, scroll down the list, select
Service Location (SRV) and click Create Record… In the SRV record window enter the service name will be
_cuplogin, protocol _tcp and port 8443. The port can be left to <Blank> to use the client’s default value
(8443).
In our case, the host offering this service is going to be cup01-bc.bootcamp.com, so please populate the
related field with this value.
Note: Please note that the “service” and “Protocol” field must be manually populated, you will not find
the values pre-configured in the drop down menu items….
By default the NSLOOKUP tool queries either DNS A records - mapping a name to an IP address or PTR
records mapping IP address to DNS names.
First start nslookup (in the example for windows start a command prompts and enter nslookup).
Next set the query type to SRV -> set type=SRV
> _cuplogin._tcp.bootcamp.com
This will return the DNS A records pointing to CUCM IM & Presence
The machine in the example above had IPv6 enabled, which is not required and can be ignored to the
purpose of this exercise.
In this module, the student will focus on integrating CUCM with the AD infrastructure. First we will configure
the CUCM integration with AD for user sync and authentication and then we will start to configure one of the
two possible mode (EDI/UDS) for contact search in AD from the Jabber client and in particular the default
one (EDI).
Let’s start with a basic AD integration for User Sync and Authentication.
On the CUCM, create a new LDAP system under System -> LDAP -> LDAP System
Then go to the LDAP Authentication configuration (System -> LDAP -> LDAP Authentication ) and add a
new profile with the following parameters:
When the system has finished to sync go to the user page and check that all the users information has been
synced. Check also the information that are synced from AD in the user page (email, Department, etc..)
Go to the Translation Pattern (TP) menu under Call Routing menu and add a new one:
In this module, the student will focus on creating the CSF device for the two Jabber users plus creating all the
other Policy and Template needed to pass the right parameters to the clients. Last, all these elements will be
associated to the users.
Let’s start creating the CSF devices needed for Jabber to work in Softphone Mode. Add a new CSF device for
User Alice Adams adding all the following parameters:
NOTE that BFCP is active by default for CSF devices with CUCM 9.0 so you don’t need to modify the
standard SIP Profile assigned to the device itself.
You will now see the full Directory Number page configuration, you must change only the parameters
reported in the pages below, leaving the other to the default values:
Repeat the same steps for Bob Banks and Cathy Chung. All the related informations are reported in the User
Table at page 3.
The Administrator defines a service profile that includes voice mail, presence, conferencing, CTI
server information.
The Administrator synchronizes the users from LDAP directory (note this is not mandatory although
it is highly recommended).
For LDAP Synced users in 9.0, the “Home Cluster” and “IM and Presence Enable” flags must be done
manually via the End User Configuration Page or via BAT.
The Administrator should mark one service profile as the default so that all users will get this service
profile without having to do any per-user association.
Users that require profiles other than the default will need to be manually associated from either the
End User Configuration page or via BAT.
Service configuration is done in the UC Service configuration page accessed from the User Management
User Settings UC Service menu. Once services have been defined they can be added to an existing or new
service profile.
Service Profile configuration is done in the Service Profile configuration page accessed from User
Management User Settings Service Profile menu. Once created there is an check-box at the top of the
page to make this the default service profile for the system. It is recommended that this is done for at least
one service profile per cluster.
Therefore, first we need to create all the UC service element that will be inserted into the Service Profile and
at the end assigned to the end users.
Now we will create the first Service Profile (for EDI users) selecting all the UC Service defined before:
At this point we need to associate the users to the csf devices created before. This is needed because:
When the client tries to register to the cucm it asks for the devices “associated” to the userid
transmitted during the logon process
The cucm checks the association that we will configure now and reports back to the client the
device-id.
Last, the client will ask to the TFTP server the configuration of the device-id just received and will
try to register it to the cucm.
Search for available devices and select the CSF “csfaadams” just created:
Now we need to associate the right line appearance to the user. Note, this is needed because only this line
will be monitored by the Presence Engine and the related “Busy” status will be reflected on the client as
“In A call..”.
To achieve this click on the “Line Appearance Association for Presence” button:
Search for the available extension numbers and select the right one for Alice A. (Directory number 100). Click
then “Save” to confirm the choice:
Last we need to assign to the users the right level of authorization to interact with the cucm and register
devices. To do it please select the option “Add to Access Control Group”:
Press “Find” to search for all available pre-defined access level and select “Standard CCM End Users”:
Now you will go back to the main page of the user and you will see the following scenario:
If you scroll down again to the end of the page you should now see the following picture where the specifics
“roles” have been assigned to the user:
Remember you have configured CTI Profile previously. We are not going to control any phones in this lab but
in order to do so you would also need to add the user to Standard CTI Enabled and eventually to Standard
CTI Allow Control of Phones supporting Xfer and conf (if you are using 89xx or 99xx phones) groups.
Please verify user configuration and repeat same steps for the user Bob Banks and Cathy Chung, following
the information reported in the table @ page 3.
Last step is to go on the IM & Presence node (10.52.226.71) and add some the minimal information still
required from the client to logon to presence server and retrieve the IP address of the CUCM for TFTP and
CCMCIP services.
The Server side configuration for the basic logon of the client is now ended.
In this module, the student will focus on creating the CSF device for the two Jabber users plus creating all the
other Policy and Template needed to pass the right parameters to the clients. Last, all these elements will be
associated to the users.
For the first user (Alice Adams) we will install the client and manually configure the connection parameters:
Logon via RDP to the PC “Alice Adams”, go in the “Lab_Material” folder on the desktop and run the
“CiscoJabberSetup.msi” install file from the installation zip file. When the installation finishes you will receive
this welcome screen, fill in the fields as follows: C
When the client logs on you will be able to search and add people to the buddy list but you will notice a
red error icon on the right Bottom side on the client – there are issue with CUCM registration!
At this point go to Options – Phone Accounts and fill with CUCM userid and Password for Alice Adams:
Note: go to “Advanced” and check that the CUCM IP address is reported there (from where has it been
taken?)
Repeat now the same step for Bob Banks and when also Bob’s client is active you can start to make
some test of chat and audio/video calls. But for Bob, at the login screen you can now use the “use
default server” option for the “Login Server” menu because we configured the DNS SRV record before
so the client should be able to take the info from there, enhancing the logon user experience. In any case
remember to select the “Presence Server” as “Server Type”:
Please note that we are using VM and the Webcams are simulated using a Virtual Driver so you will only
get a sequence of photo rotated regularly as video on both side. To obtain this result you need to launch
the related program “VirtualCam” after the logon on the Jabber clients.
Last step is to install Jabber on the third PC (Cathy Chung). In this case we will test the new capability to
customize the MSI installation giving specific parameters.
You can in fact specify command line arguments to apply properties to Cisco Jabber for Windows during
installation. Please follow the following steps to test it:
When the installation finish launch the client and verify that the parameters configured are there. Go to
File – change Connection Setting :
!!! WARNING !!! Adding large binary objects to Active Directory could have far reaching consequences as it
affects the replication in distributed environments where consuming bandwidth and in certain scenarios
over slow speed WAN links can impact other mission critical transmissions. Storage of large objects could
also significant increase the directory partition size. All these aspects should be taken into account when
considering this possible deployment method.
!!! WARNING !!! Using ADSIedit does pose certain risks especially when used against a production
environment. It provides object level access to components in Active Directory with only limited protection
against “unintended consequences”! It’s strongly advised to ask a directory administrator to perform any
changes or verification in none lab environments!
So just for educational purposes here are the steps to operate ADSIedit:
Logon to via RDP to the AD DC server (RDP Shortcut on Windows 7 Desktop) and search for “ADSI
edit”…
In the lab setup all users are in the container my-user. Right click on Alice Adams and select
Properties
The following dialog shows all the attributes configured for this user.
By default ADSIedit only shows the attributes that have a value associated – if you can’t see
thumbnailPhoto in the list of attributes there is no data associated. The previous figure shows how
to change the filter settings to show all attributes.
Use the Import-RecipientDataProperty command to upload the pictures into Active Directory. The format
and parameters of the command are as follows:
Client will dynamically build a URL to a photo based on an admin defined URL template and the
contents of a directory attribute
Client can read a number image types including JPG,PNG& BMP
Recommended size is 128x128 pixels but client will resize images and crop images to display them
This method can the used only when the client is connected to a CUP server
In our case we are taking the photo from a web server co-resident with the Exchange machine (URL is
http://exchange01-bc.bootcamp.com/photo/photo_file_name.png).
The AD attribute used to make the search and match the photo’s file name is the “company”. The XML
file that we will use is the following:
<config version="1.0">
<Directory>
<PhotoURISubstitutionEnabled>True</PhotoURISubstitutionEnabled>
<PhotoURISubstitutionToken>company</PhotoURISubstitutionToken>
<PhotoURIWithToken>http://exchange01-bc.bootcamp.com/photo/company.png</PhotoURIWithToken>
</Directory>
</config>
To do this we will need to upload the xml file first to the CUCM so please logon on PC1, go to directory
“Lab Material” on the desktop and you will find the XML file (“Jabber jabber-config-group2.xml”) ready
to be uploaded. Go to the cucm console, select “Cisco Unified OS administration” from the right menu
and follow instructions to upload the xml file:
At this point you will need to restart the TFTP service on the CUCM so that CUCM “read” the new file.
Then in the Desktop Client Setting insert the following string that is telling to the client to download a
specific xml file called “jabber-config-group2.xml”:
Now, to test the new integration go in RDP to Alice’s PC and follow these steps:
In this module, the student will focus on mandatory steps required to have a full working integration
scenario with Outlook 2007 and 2010 for Presence and Click to X functionality.
To enable Cisco Jabber for Windows integration with Microsoft Office, you must configure an attribute in
Microsoft Active Directory to enable Cisco Jabber for Windows users to share presence. You need to add a
new value to the proxyAddress attribute in the following format:
SIP:user_sip_uri
Example:
SIP:msmith@cisco.com
To apply this change to multiple users (full organization if needed) very quickly we released a bulk update
tool called “Cisco AD Wizard”. It is included in the Jabber administration pack, downloadable from CCO.
To use in the lab please RDP to AD DC using administrator account, go to the “MSO10ADSWizard” folder that
you can find on the desktop and you will find the tool to launch. At this point follow the wizard and you
should receive a notification without errors:
To verify that the changes have been applied correctly open outlook, display a contact card, select the
“outlook properties” option as reported in the following screen shot. You should receive a list of two
elements in the Proxy Attribute field – one for SMTP email address and one for SIP address.
NOTE: It can take time to sync the new contact info so you can force the Outlook Offline Address Book
creation on Exchange and the download from the client:
1. RDP to Exchange Server using Administrator account, open the Exchange Management Console and go
to the option to re-create the Offline Address Book
2. After some minutes Open Outlook in the first client and go into the related option in the following menu
(File – Info – Account Setting – Download Address Book…):
1. Logon on AD DC.
2. Start the ADSI Edit tool.
3. Expand the appropriate domain.
4. Open the organizational unit (OU) that contains the appropriate users.
5. Select one of the users
6. Right click on properties and search for the proxyAddress attribute
7. Verify the values associated to this attribute.
In this module, the student will focus on some additional and optional configuration to complete the Jabber
integration with Photo retrieval method. As you have noticed in the alerting pop-up and in the session
window the photo and the additional user information are not showed. This is mainly because Jabber makes
lookup search of the contact based on the calling number received during the alerting and connected phase
of the call signaling setup. In our case the extensions are 3 digits long while the numbers in AD are full +E.164
so Jabber is not able to find the contacts….
Jabber need therefore a Directory Lookup Rules set to make a translation between the Private number that
is receiving from the signaling path (XXX format) and the E164 number assigned to the users in AD
(+498115543XXX). So we will need a Rules that add the Prefix “+498115543“ to the 3 digit extensions. To
implement this step go to the CUCM admin page under Call Routing – Dial Rules – Directory Lookup Dial
Rules:
Now create a dial rule for number 1XX, adding the prefix +498115543 as reported here:
At this point we need to apply a specific “.cop” file to tell cucm to “read” the application dial rules and public
them on the TFTP to be downloaded by Jabber client. We already uploaded this file to a local FTP server, you
would normally find it as part of the Jabber Admin pack available on CCO.
To install the file, go to the CUCM interface - Cisco OS Administration section and follow the steps below.
Use 10.52.226.73 as Server, “administrator” as username and “C1sc0,123” as password. There should only
be one valid .cop.sgn file available to install.
Select next and wait for the installation to finish. When is done you can go on the three PC, logout and login
to the Jabber client and the client will download the rules just created. Try to make a call between the two of
them and you will see alerting popup window and session window with name, roles and photo:
Using CUCM User Data Service (UDS) for Directory Integration and
Photo Lookup
In this module, the student will focus on an alternative method to enable Jabber integration with AD using
CUCM User Data Service (UDS).
To test this scenario we need to force one of the clients to use the new UDS Service Profile to make lookup
search in AD for contact resolution and photo retrieval. Now we will create the second Service Profile (for
UDS users) selecting all the UC Service defined before and changing only one parameter, related to UDS
obviously:
NOTE: in the current deployment stage of Jabber the client is not able to retrieve this info from the cucm
so we will need to create and force the download of a specific xml file to Bob’s client. Same scenario will
be in any case needed for cucm version older then 9.X
Upload the file “jabber-config-group1.xml” from the Lab_Materials directory of Alices’ Win7 machine to TFTP
directory of CUCM & restart the TFTP server.
The File will tell to client to use the “uid” attribute of UDS (mapped to user’s userid) to make the complete
URL and will search on the specified Web Server for a file name “userid.png” to be used like photo image for
the users (note that the images here are different from the others we used until now for the same user….you
will discover which one are the new….).
Only thing missing is to force the csf associate to Bob to use it. To do this go to the CSF device “csfbbanks”:
Now, to test the new integration go in RDP to Bob’s PC and follow these steps:
In this example we will include a Twitter inside Jabber. Again the configuration is provided by XML file.
For your reference the file contains this:
Upload the file jabber-config-group3.xml to CUCM's TFTP directory and restart the TFTP server. Then go to
the Cathy Chung's CSF device and set the Cisco Support Field to configurationfile= jabber-config-
group3.xml.
Then exit from the Jabber client (do not just sign out) and start it again.
In this module, the student will focus on a new and alternative method to deploy Jabber. This new
Provisioning Method is based on the definition and utilization of two templates:
Once defined these two templates, we will be able to enable a specific user for Jabber and create in
automatic way also the CSF device to associate to him, with the correct extension number assigned to
the line.
First of All we have to define a new Universal Device Template, to do that you have to go to the menu
option “User Management – Universal Device Template”:
Change the device setting as reported below, leave the other field as default and then press “Save”:
With this step we have done with the template creation. Next step will be using these templates for a
“new” user just imported from AD into CUCM.
Go to the alternative “End Users” option under the “User management - Quick User/Phone Add” sub-
menu:
In the list of imported users from AD you will have to select “Luca Pellegrini” that has never been
configured until now:
Once inserted you will be able to select in the user previous user page the extension 101:
Click on the “Add Phone” blue button and verify that the device info has been saved:
Now what will happen is that all the info inserted will be used to modify the parameters associated to
the user Luca Pellegrini, create a CSF device, associate it to the same user, create a line on the device,
enable user for IM&Presence.
You can therefore go now around the menus verifying what the system has done automatically
for you!
In this module we will quickly describe how to enhance the logon user experience removing the secondary
manual logon needed to give the correct credential to CUCM for CSF registration. In our specific case, that is
also a very common scenario for the customer, the same logon credential used for the IM&Presence node
can be used to logon to the CUCM because both are synced from AD.
Mainly, to instruct Jabber to use the same credential for both services we need to give to the client a specific
parameter using again the xml file. Here below you can see the specific lines that we need to insert in the
XML files that we created already for other reasons:
So, if you have still time left, you could now use one of the two xml files you have on the Pod’s PC under the
“Lab_material” folder, add the lines just commented, save the file with the same name and upload it again
on the CUCM using TFTP file upload menu.
Once done you can logout and login again in the Jabber client associated to the XML file configuration that
you modified (Alice or Bob) and you will notice the difference going in the “File – Option” Menu. Please look
at the following two screen shots: