Cisco Interoperability With Microsoft

Cisco Interoperability with Microsoft
Part 1 Collaboration
Tobias Neumann
BRKCOL-2610
Agenda
Architecture Microsoft Lync / Skype for Business

Enterprise Voice
IM & Presence Business to Business Federation
IM & Presence Partitioned Intradomain Federation
Migration
Application Interoperability
What about Cisco Spark?
Architecture Microsoft Lync / Skype
for Business
Microsoft Lync / Skype for Business
Architecture Overview on-premise
Communication
Modalities
Mediation Director Many moving

Edge Archiving Role parts
Reverse Proxy
Persistent Chat
Archiving Front-End Persistent Chat
Monitoring Front-End
SQL Server Office Web
XMPP Gateway AV Conferecing Apps
DNS Load Balancer Storage Compute Additional 3rd

Survivable Branch Appliance Video Devices party components
Phones Gateways
Transcoders Hardware Load Balancer
BRKCOL-2610 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Microsoft Lync / Skype for Business
Interoperability and specifics Lync 2010 / Lync 2013 / Skype for Business
Audio:
RCC no longer supported with Skype for Business, replaced by
Mediation Server (Enterprise Voice) Call via Work significantly different features and capabilities
Remote Call Control (RCC)

Instant Messaging and Presence:
SIP/SIMPLE Federation
XMPP Federation
For Microsoft Lync 2010 and Office Communication Server 2007 via a separate OCS 2007 R2 XMPP
Gateway
For Microsoft Lync 2013 via the XMPP Proxy (Edge), XMPP Gateway (Front-End)
(only tested and supported by Microsoft for federation with Google Talk
https://technet.microsoft.com/en-us/library/jj205134(v=ocs.15).aspx)
Microsoft Skype for Business RCC Reference: https://technet.microsoft.com/en-us/library/gg558658.aspx
Microsoft Lync
Video interoperability with Lync 2010 / Lync 2013
Microsoft Lync supports point to point and multipoint video capabilities
A complex set of integrations are available to interoperate Microsofts vendor specific video
implementation with a h.264 AVC standards based video environment
Please see BRKCOL-2611 Cisco Interoperability with Microsoft Part 2 (Video
Interoperability) for details
Microsoft Skype for Business
Video interoperability with Skype for Business Video Interop Server (VIS) Role
Basic dial in capabilities for standard h.264 AVC video systems to join A/V MCU
Basic call capabilities from Video Room System to Skype for Business client
Long List of Caveats
No support for calls from Skype for Business to Video Room System
No support for Desktop-Sharing
No support for Continuous Presence or Gallery View
No calls and/or presence from Skype/S4B to the TP-System
No external calls to the TP-System via VIS
No Drag and Drop of TP-Systems into Skype-Meetings
Very limited scalability approx. 16 concurrent calls per Video Interop Server
On-Premise role only !!!
Please see BRKCOL-2611 Cisco Interoperability with Microsoft Part 2

(Video Interoperability) for further details
Microsoft Skype for Business VIS Reference Known Limitations, Sizing:
https://technet.microsoft.com/en-us/library/ms.lync.plan.videointerop.aspx
Microsoft Skype for Business Online Office 365
Architecture Overview - SaaS
Communication capabilities
of Skype for Business as a
cloud-based service
Presence, instant
messaging, audio and video
calling, rich online meetings
web conferencing
capabilities
PSTN connectivity
Where available, hybrid
Closed community
no standards based interoperability
(i.e. IM & Presence or Video)
Instant Messaging and Presence
Capabilities
Interoperability only supported with OCS,
Lync or Skype for Business on premise
Internet systems
SIP No standards based federation interface
supported by Microsoft
Microsoft Office 365 Skype for Business Online Federation and Public IM Connectivity:
https://technet.microsoft.com/en-us/library/skype-for-business-online-federation-and-public-im-conectivity.aspx
Enterprise Voice - Plus CAL
Enterprise Voice Call Routing
Call Routing depends on the dialing habit of user AND license
User has multiple option to initiate call
Depending on dialing habit
Called party
License purchased
Different result
When dialing either SIP URI or phone number of Lync user (reverse number lookup), Lync to Lync call is
initiated
Number is called, only available when Plus CAL has been purchased, called party is NOT Lync user, call
routed via mediation server
Video call initiated, when called SIP URI is another Lync user Lync to Lync call, if domain of SIP URI is
not on Lync call routed via SIP routing logic (SIP static route, TrustedApplicationPool)
SIP Trunk / Direct SIP Options 1/2
OCS 2007 / Lync 2010 & 2013 (no media bypass)
Lync Client Lync Front End Lync Med. Server Cisco UCM
RTaudio G.711
OCS 2007 / Lync 2010 & 2013 (no media bypass), none G.711 on IP-PBX
Lync Client Lync Front End Lync Med. Server Cisco UCM IOS Transcoder
RTaudio G.711 G.729/iLBC
Flows show the SIP signaling and media paths in a SIP-trunk interoperability scenario
Lync Mediation Server only supports G.711, requires additional transcoding resources if any other codec is
used by devices connected through SIP-trunk
Scenarios shown do not require the usage of a Media Termination Point (MTP)
SIP Trunk / Direct SIP Options 2/2
Lync 2010 & 2013 (with media bypass)
Lync Client Lync Front End Lync Med. Server Cisco UCM
G.711 G.711
With the introduction of Media Bypass in Lync 2010 the Lync client can initiate direct G.711 media streams.
Media paths is not hair pinned through the Lync Mediation Server, no transcoding. Signaling still has to
flow via the Mediation Server.
Review Microsoft guidance regarding Media Bypass http://technet.microsoft.com/en-us/library/gg412740.aspx
Straight forward in a centralized (single site) topology without WAN links.
More complicated in a distributed topology with one or more branch - check the following:
Media Bypass shall only be utilized between WAN sites without bandwidth constrains
Media Bypass and Call Admission Control (CAC) are mutually exclusive
Media Bypass mandatorily requires all media to be represented by a single IP address the
reason why in the above example a Media Termination Point (MTP) has to be inserted.
Lync Media Bypass Design Considerations
Dynamic decision to bypass mediation server based on comparing bypass IDs of Lync client and
gateways media processor IP
Media Bypass can be activated globally in two ways:
Always Bypass:
All subnets mapped to one and only one bypass ID
Not compatible with MSFT CAC
Use Site and region information:
Supports interaction with CAC
Single unique bypass ID per region
WAN connected site w/o BW constraint inherits regions bypass ID
WAN connected site w/ BW constraint gets unique bypass ID
Subnets associated w/ site inherit sites bypass ID
Lync Media Bypass and CAC
Media bypass and CAC both based on same site and region information
For media bypass and CAC to work media bypass has to to be set to Use Site and Region Information
Media Bypass CAC Result
Use Site and Region Information On/Off Bypass decision based on bypass ID. CAC only for calls that
are not bypassed b/c media bypass assumes LAN like
connection to peer. CAC only applied if CAC is enabled AND
bypass IDs do not match
Always Bypass On Invalid
Always Bypass Off All calls bypass (single bypass ID), no CAC applied
Off On Mediation server always employed; CAC applied
Cisco UCM SIP trunk characteristics for Direct SIP
Lync requires Early Offer inbound/outbound
Although UCM now can do early offer w/o relying on an MTP
SIP profile setting:
Media resource still has to be allocated (single media address in Lync GW definition)
Trunk setting: MTP required
For every trunk a dedicated MRGL/MRG and single media resource required
On UCM SIP trunk configure IP addresses of possible mediation server peer addresses
Multiple inbound SIP trunk with the same peer IP required different local signaling ports
Inbound trunk selection on UCM based on remote peer and local signaling port
Local signaling port defined in SIP trunk security profile
Multiple Site example (Lync to Cisco UCM)
Site 1
Site 2
Site 1
Central
Central
Mediation
Lync Front-End
Site 2
server pool
server pool
To keep media local to a site each site requires a local media resource
Alternate media IP definition in Lync trunk configured matches IP address of single media resource in MRGL/MRG of the trunk on Cisco UCM side
Multiple sites require multiple trunks

and multiple MRGs, MRGLs and media resources
and multiple SIP security profiles, because unique identification of each trunk on Cisco UCM based on the signaling port
(UCM side trunk identification based on peer IP address and local signaling port)
Multiple Site example (Lync to Cisco UCM) with redundancy
Site 2b
Site 2a
Site 1
Site 1b
Site 1a
Central
Site 2
Lync Front-End
Mediation server pool
server pool
Two sites with Lync to Unified CM SIP trunk redundancy already require:
4 trunks, 4 MTPs/TRPs
4 MRGS, 4 MRGLs
2 SIP trunk security profiles
Lync Media Bypass implications on redundancy
Fixed media IP configuration for GW on Lync forces 1:1 relation between inbound SIP trunk on Unified CM
and MTP
Can not use MRG and MRGL for intelligent MTP selection (scalability, redundancy)
Availability of SIP trunk depends on SIP signaling peer and MTP availability
which can not be monitored via SIP OPTIONS ping
Only indication of failing MTP allocation for inbound EO call from Lync:
If UCM fails to allocate a MTP call can be signaled failed and left to Lync to reroute using different SIP
trunk
Outbound calls from Unified CM need to be EO and have to be via MTP (MTP required Media Bypass)
Multiple Site example
Site 1
Site 2
Site 1
Central
WAN
Site 2
Lync Front-End
server pool
Unified selects trunk to Lync based on called destination (+E.164 prefix)
MTP (assumed) local to Lync client selected
Alternate media IP definition in Lync trunk configured in same site as Lync client -> bypass activated
Local media
Site 1
Site 2
Site 1
Site 2
Lync Front-End
server pool
Unified selects trunk to Lync based on called destination (+E.164 prefix), but Lync client moved to other site
MTP (assumed) local to Lync client selected
Alternate media IP definition in Lync trunk configured not in same site as Lync client -> no media bypass
Mediation server in media path
Media hairpins through central site
Site 1
Site 2
Site 1
Site 2
Lync Front-End
server pool
False assumption about Lync client location could lead to even worse media path:
Unified CM selects trunk with MTP local to (assumed) location of Lync client: Site 2
Lync rejects media bypass, because MTP not local to IP address of Lync client
Mediation server in media path, Media hairpins through remote and central site
Media hairpinning: Root Cause Analysis
MSFT Lync trunk architectural limitations
MTP required to enable media bypass
MTP needs to be local to Lync client
Only call control authoritative for endpoint is aware of client location

Source call control aware of source client location
Destination call control aware of destination client location
Problem: what if destination client (Lync) locations determines required MTP location, but source call
control (Unified CM) is not aware of the location?
Fundamental limitation of Lync that can not be solved by Unified CM
or any other call control
unless Always bypass is configured which prohibits MSFT CAC (and still requires MTPs)
Federation - Interdomain
Business to Business Interdomain Federation (SIP SIMPLE)
Lync Lync Lync Cisco ASA Cisco UCM Cisco Jabber

Client Front End Edge TLS Proxy IM&Presence
Internet
SIP SIP SIP SIP XMPP

alice@atlanta.com bob@biloxi.com
Messaging & Presence
Domain atlanta.com Domain biloxi.com
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/11_0_1/CUP0_BK_IA5F4
4AB_00_interdomain-federation-110.html
Instant Messaging and Presence Breaking News!
Expressway X8.9
Business to Business Interdomain Federation (SIP SIMPLE)
Lync Lync Lync Expressway-E Expressway-C Cisco UCM Cisco Jabber

Client Front End Edge IM&Presence
Internet
SIP SIP SIP SIP XMPP
Recommended deployment
http://www.cisco.com/c/en/us/support/unified-communications/expressway-series/tsd-products-support-series-home.html
Support for IM&P Federations requires Cisco UCM IM&P 11.5.1SU2 please check release notes for transition from preview
status to GA http://www.cisco.com/c/en/us/support/unified-communications/expressway/model.html#ReleaseNotes
Business to Business Interdomain Federation (XMPP Cisco UCM on premise)
Lync Lync 2013(*) Lync Cisco Cisco UCM Cisco Jabber

Client Front End Edge Expressway IM&Presence
XMPP GWY
Internet
SIP XMPP XMPP XMPP XMPP

Not recommended for Cisco UCM IM & Presence on premise deployments

Standard XMPP federation, works with IBM Sametime and other XMPP server
Issues observed with Lync 2013
(*) Lync 2010 and OCS 2007/2007 R2 use standalone OCS 2007 XMPP Gateway, no longer maintained
Microsoft tested and supported only for Google Talk https://technet.microsoft.com/en-us/library/jj205134(v=ocs.15).aspx
Business to Business Interdomain Federation (XMPP Cisco Webex Messenger)
Lync Lync 2013(*) Lync Cisco Webex Messenger Cisco Jabber

Client Front End Edge Cloud Service
XMPP GWY
Internet
XMPP
bob@biloxi.com
SIP XMPP XMPP
alice@atlanta.com
Cisco Webex Messenger cloud service only supports XMPP Federation

Standard XMPP federation, works with IBM Sametime and other XMPP server
Issues observed, see next slide for additional reference
(*) Lync 2010 and OCS 2007/2007 R2 use standalone OCS 2007 XMPP Gateway, no longer maintained
Microsoft tested and supported only for Google Talk https://technet.microsoft.com/en-us/library/jj205134(v=ocs.15).aspx
Business to Business Interdomain Federation (XMPP Cisco Webex Messenger)
Caveats
Connection lost under load
Connection are lost when Lync XMPP Gateway is under load. The gateway will close the connection, log that there was an error talking
to the far side but give no explanation as to why. Under modicum of load (around 90 messages/second), connections can be lost as far
as every 2.3 minutes. Increasing the load to around 250 messages/second connections can be dropped every 10 seconds. This leads to
delays in delivery and outright packet loss.
No id-on-xmppAddr support (RFC3920)
The Lync XMPP Gateway does not look for id-on-xmppAddr in the certificate. Information will be ignored.
No presence update after a subscription
Intermittent: Directly after the Lync contact accepts the Webex Messenger user subscription, an unavailable is sent from the Lync
contact, no available presence is sent until the Lync contact resigns in.
Messages routed to wrong client
Lync XMPP Gateway does not follow the XMPP rules for addressing of messages which can lead to messages unexpected delivered to
the wrong client in a multiple client per user situation.
Webex Messenger user showing as offline when online
Lync XMPP Gateway does not correctly track presence with multiple clients logged in for a single user. If a user has two clients
connected and the Lync user sess him as online, then logs out one of the clients the Lync user will see Webex Messenger user as
offline.
No Group Chat support
Lync XMPP Gateway does not understand MUC or Group Chat protocol. Lync users can not join or be invited to a group chat session.
Federation - Intradomain
Within in a Business (Partitioned Intra Domain Federation)
Lync Lync 2013 Cisco UCM Cisco Jabber Same domain for
Client Front End IM&Presence both systems
SIP SIP XMPP

alice@atlanta.com bob@atlanta.com
carol@atlanta.de dave@atlanta.de
Domain atlanta.com
Partitioned Intra Domain solution for migration and long term coexistence
Only available with Cisco UCM IM & Presence for on premise deployments
Uses standard SIP routing mechanism
Cisco UCM 10.x supports multiple distinct presence domains
Cisco Expressway X8.8 supports full integration of IM & Presence with Audio/Video calling
Partitioned Intra Domain Federation Deep Dive (1/13)
Same domains
Lync Lync 2013
for both systems
Active Directory Cisco UCM Cisco Jabber
Client Front End IM&Presence Domain(s)
atlanta.com
atlanta.de
atlanta.au
SIP SIP XMPP

alice@atlanta.com bob@atlanta.com
carol@atlanta.de dave@atlanta.de
Full Contact Search available to each end-user regardless of whether they exist on Cisco or Microsoft
The end-user is not aware what back end the buddy resides on
Temporary Presence subscriptions not supported in both directions (during search the users
presence is not available) unless user is added to the buddy list
Once added to the buddy list, users can exchange presence and instant messaging
Recommended to utilize msRTCSIP-primaryuseraddress attribute as SIP/IM address
LDS supported for complex AD scenario
New functionality in Cisco UCM 10.x why do I care?
Use email address as your SIP aka multimodal communication address for messaging,
presence audio and video calling
Most Lync server deployments map email address as attribute for SIP communication
Require more than one presence/SIP domain to match email domains (atlanta.com,
atlanta.de, atlanta.au)
Pre 10.x default URI format sAMAccountName@<domain>

Pre 10.x only single presence domain supported on cluster
New functionality in Cisco UCM 10.x why do I care?
msRTCSIP-primaryuseraddress or mail directory attribute supported as JabberID
Multiple domains supported on single UCM IM&P system
Single or multi server environment
Post 10.x advanced configuration allows for selecting either msRTCSIP-primary

useraddress or mail as URI
Multiple domains supported including for partitioned intra domain federation
Security Certificates enhanced to reflect multi domain operations
Cisco Jabber version 10.6 or higher of clients required
Advanced Presence Configuration - Cisco UCM IM & Presence 10.x+
Configure directory URI mapping in Cisco UCM Active Directory LDAP Sync Statement
msRTCSIP-primaryuseraddress recommended for Partitioned Intra Domain Federation
Configure Cisco UCM IM & Presence

Advanced Presence Settings
IM Address Schema Directory URI
Systems will automatically import all
domains configured in Active Directory
Required Configuration Steps
Configure certificates on Lync and Cisco UCM
Highly recommended to use CA based certificates on both systems (Enterprise CA)
Configure security parameters on Cisco UCM IM&P (ACL, TLS peer, TLS context)
Configure SIP static route(s) on Cisco UCM IM&P
Configure security parameters on Microsoft Lync (Trusted Application, Computer, etc.)
Configure SIP static route(s) on Microsoft Lync
This sounds awfully complicated
Introducing Intradomain Federation Setup Wizard - Cisco IM & Presence 11.5
One stop shop to configure Intradomain federation
Provides detailed Lync powershell commands for configuration required on Lync
Intradomain Federation Setup Wizard - Cisco IM & Presence 11.5
Example uses a Lync 2013 Standard Server without

Load Balancer
Wizard does support Lync 2013 Enterprise Pools.
Additional parameters must be configured depending
on the configured topology.
Wizard allows to specify additional
servers (example single Lync 2013
Standard Server). In case topology
uses Lync SBA/SBS these need
to be added here.
Wizard will list all domains configured

on Cisco UCM for use with Intradomain
federation. Static routes will be created
based this configuration screen.
Wizard review configuration screen
Required steps for Certificate Management
Wizard provided Lync Server PowerShell configuration commands to

enable Intradomain Federation
Cisco IM & Presence Service Restart
After the wizard is complete certain Cisco IM & Presence services require a restart
A word on Certificates..
Cisco UCM 11.5 introduces support for strong cryptography
(Elliptic Curve Diffie-Hellman)
Lync 2013 does NOT support EC cipher cryptography!
To accommodate this new capabilities Cisco UCM 11.5 supports distinct certificates for RSA and EC cryptography.
The primary RSA certificate is using a default common name (cn) equal to the DNS full qualified domain name (FQDN). The
EC certificate is using a cn of fqdn with a suffix of -EC, including the DNS FQDN as subject alternate name (SAN).
Even with Lync not supporting EC cipher TLS negotiation with Lync doesnt work as Lync will not accept communication
because the DNS FQDN and the certificate common name do not match. Per RFC/TLS standard this should not be the
case as the SAN contains the FQDN. Never the less to overcome this issue the san including the EC suffix needs to be
added to the Cisco UCM IM & Presence CUP C certificate.
Please see next slides for an example how to achieve this
Intradomain Federation Certificates - Cisco IM & Presence 11.5
Add additional Subject Alternate Name to Cisco UCM IM & Presence CUP Service EC Certificate
Example uses a Windows Server 2012 R2 Microsoft Enterprise CA
Create new certificate signing request for CUP service
Cisco UCM Platform Administration does provide the

capability to add SANs to the CSR directly.
Download the CSR for submission to the CA
Intradomain Federation Certificates - Cisco IM & Presence 11.5
Through the Microsoft CA Web Enrollment site submit the request to the CA
By default the CA policy does NOT allow to add attributes such as SANs to the CSR
The following commands can be used to change the CA policy
Certutil setreg policy\Edit Flags +EDITF_ATTRIBUTESUBJECTALTNAME2

Net stop certsrv
Net start certsrv
In the additional Attributes dialog enter:

san:dns=<hotsname>-EC.<dns-domain>&dns=<hostname>.<dns-domain>
Suggested changes to CA policy might be considered to

have adverse security implications, verify before
production use. san:dns=cup01-EC.bootcamp.com&dns=cup01.bootcamp.com
Partitioned Intra Domain Federation User Experience
Partitioned Intra Domain Federation Additional Topics to Consider
Lync Address Book Contact resolution
Lync only imports RTC enabled

Lync 2013 Active Directory Cisco UCM
Front End user into addressbook
For new Cisco Jabber users
Lync Enabled Users LDAP never configured on Lync before
msRTCSIP. Sync migration msRTCSIP-
Imported to Addressbook primaryuseraddress must be set
User imported with msRTCSIP
Address book attribute imported into Lync
LDAP
Download addressbook new Cisco Jabber
user searchable for Lync users
Cisco Jabber
User imported with msRTCSIP
attribute imported into Cisco UCM
via LDAP sync
Federation Intradomain
What about Audio/Video at the

same time?
Partitioned Intra Domain Federation Messaging, Presence and Audio/Video
Remember this picture?
To split IM & Presence traffic from Audio/Video a additional VCS was required running a CPL script
Complicated to configure and resource incentive
No longer supported with Expressway above version X7.x
Breaking News! Cisco Expressway X8.8 SIP Broker Call Flow Lync to Cisco Jabber Instant Messaging
Lync Lync 2013 Cisco Expressway X8.8 Cisco UCM Cisco UCM
Client Front End Cisco Jabber
IM&Presence
SIP Broker
1 SIP
MSFT
Gateway
2 SIP
3 SIP
4 XMPP
5 SIP
6 SIP
Messaging Session
Cisco Expressway X8.8 SIP Broker Call Flow Jabber to Lync Instant Messaging
IM&Presence
SIP Broker
MSFT
Gateway
1 XMPP
2 SIP
3 SIP
4 Message Session
Cisco Expressway X8.8 SIP Broker - Call Flow Lync to Cisco Jabber A/V Call
IM&Presence
SIP Broker
1 SIP
MSFT
Gateway
2 SIP
3 SIP
4 SIP
SIP 5 SIP
6
7 SIP
7 Audio/Video Session
Cisco Expressway X8.8 SIP Broker - Call Flow Cisco Jabber to Lync A/V Call
IM&Presence
SIP Broker
MSFT
Gateway
1 SIP
2 SIP
3 SIP
4 SIP
5 Audio/Video Session
Cisco Expressway X8.8 SIP Broker Configuration Steps
Instructions assume that Cisco UCM IM & Presence Intradomain Federation is already configured
Configuration steps for Cisco Expressway X8.8 SIP Broker (1/2)
Cisco UCM
Configure Secure SIP Trunk Profile
Configure Secure SIP Trunk to Expressway
Configure SIP Route Pattern for URI Routing
Configure UCM Cluster Mixed Mode for End to End Encrypted Calls (SRTP) (not covered in the reference material)
Cisco UCM IM & Presence
Configure Incoming ACLs for traffic from Expressway
Configure TLS Peer Subject for Expressway
Configure TLS Context for Expressway
Cisco Expressway X8.8
Configure required certificates for SIP signaling over TLS
Enable SIP Broker / Trusted Hosts
Configure Zones and Search Rules
Configuration steps for Cisco Expressway X8.8 SIP Broker (2/2)
Microsoft Lync
Modify SIP static route to send all traffic to Expressway SIP Broker
Configure Trusted Application Pool for Expressway
Configuration steps for Cisco Expressway X8.8 SIP Broker
Cisco UCM (1/2)
Configure Secure SIP Trunk Profile Configure Secure SIP Trunk to Expressway
Cisco UCM (2/2)
Configure SIP Route Pattern
In a multi domain environment this step needs to be

repeated for each SIP domain.
Cisco UCM IM & Presence (1/2)
Configure Incoming ACL
Add the DNS FQDN and the Expressway IP address to

the incoming ACLs
Cisco UCM IM & Presence (2/2)
Configure TLS Peer Subject Configure TLS
Context
Cisco Expressway (1/3)
Configure Neighbor Zone Configure Microsoft
Interoperability
Configure Trusted Hosts Configure Dialplan Search Rules
When using Lync SBA/SBS add as One search rule required per domain and
trusted hosts direction (CUCM to Lync and Lync to CUCM)
Search Rule CUCM to Lync Search Rule Lync to CUCM
Replicate both rules
for each domain
serviced by the
system
Microsoft Lync (1/2)
Verify existing SIP routing configuration with Lync PowerShell command:
Get-CsStaticRoutingConfiguration -Identity global | Select-Object -ExpandProperty Route | Where-Object {$_.MatchUri -eq <domain>}
Output bellow shows the SIP static route(s) that have been configured
Example:
Transport :
TransportChoice=Certificate=Microsoft.Rtc.Management.WritableConfig.Settings.SipProxy.UseDefaultCert;Fqdn=cup01sevt.bootcamp.com;Port=5061
MatchUri : bootcamp.com
MatchOnlyPhoneUri : False
Enabled : True
ReplaceHostInRequestUri : False
Element : <Route xmlns="urn:schema:Microsoft.Rtc.Management.Settings.SipProxy.2008"
MatchUri="bootcamp.com" MatchOnlyPhoneUri="false" Enabled="true"
ReplaceHostInRequestUri="false">
<Transport Port=5061">
<TLS Fqdn=cup01sevt.bootcamp.com">
<UseDefaultCert />
</TLS>
</Transport>
</Route>
Microsoft Lync (2/2)
Delete existing SIP route configuration with Lync PowerShell command:
x$ = Get-CsStaticRoutingConfiguration -Identity global | Select-Object -ExpandProperty Route | Where-Object {$_.MatchUri -eq <SIP
domain>}
Set-CsStaticRoutingConfiguration Identity global -Route @{Remove=$x}
(this has to be repeated for each domain configured on the system)
Add a new SIP static route that points the Lync server to send traffic to Expressway SIP Broker
$tlsRouteNo1 = new-csstaticroute -TLSRoute -Destination <expressway FQDN> -p 65072 -usedefaultcertificate $true -matchURI <SIP
domain>
Set-CsStaticRoutingConfiguration -Route @{Add=$tlsRouteNo1}
(Expressway SIP broker listens for traffic from Lync on non-standard port 65072)
Create TrustedApplicationPool for Cisco Expressway
New-CsTrustedApplicationPool -Identity <expressway FQDN> -Registrar <Lync Server FQDN> -Site 1 -TreatAsAuthenticated $true -
ThrottleAsServer $true -RequiresReplication $false -OutboundOnly $false
Add Cisco Expressway to TrustedApplication
New-CsTrustedApplication -ApplicationID interop.bootcamp.com -TrustedApplicationPoolFqdn exp02sevt.bootcamp.com -port 5061
Verify Configuration Cisco Expressway Microsoft B2BUA / SIP Broker
Partitioned Intra Domain Federation SIP Broker User Experience
Migration
Partitioned Intra Domain Federation Migration...
Remember the Command Line Migration Tools ?
ExportContacts.EXE, DisableAccount.EXE, DeleteAccount.EXE
More Breaking News! Cisco UCM IM & Presence 11.5 Provides New GUI Based Migration Tool
Replaced 3 tools with one easy to use Windows application

Old tools had to be run on EVERY server in the deployment with multiple command line
arguments
New application is run on the Front-End server. Will connect remotely to all of the other
servers in the deployment .
Added progress bars/counters for each stage of the migration
Error handling / reporting has been greatly improved
Added support for validating user accounts, before they get migrated:
Validates that accounts exist and are enabled in Active Directory
Validates that accounts exist and are enabled on the LCS/OCS/Lync server
Partitioned Intra Domain Federation Migration...
Added validation at every step of the process
Does not let the admin continue without validating previous stages
Contextual tool tip help guides the admin through the process
Migration and External Federation

Partitioned Intra Domain Federation Adding External B2B Federation
Both Solutions Cisco and Microsoft do support external Business to Business Federation via SIP
SIMPLE
SIP Federation is based on DNS SRV records. DNS SRV for a particular SIP domain can only be
represented by one of the two solution Highlander: There can be only one!
Domain company.com
Lync Edge Expwy-E
ASA TLS proxy

Who handles
DNS SRV Records federation for DNS SRV Records
company.com?
_sipfederationtls._tcp. _sipfederationtls._tcp.
Internet Standards based A/V external

john@example.com
federation for _sip. and _sips as
well as XMPP federation can still
be terminated to Cisco Expressway
for B2B federation
External SIP B2B Federation during Migration
Lync Lync 2013 Cisco Expressway X8.8 Cisco UCM
IM&Presence
alice@atlanta.com
Alice on Lync initiates or

receives communication with
Cisco UCM Bob Lync @ external domain
DNS SRV Records
_sipfederationtls._tcp.atlanta.com
Internet
bob@biloxi.com
IM&Presence
MSFT
Gateway
alice@atlanta.com
Alice migrated to Jabber

initiates communication
Cisco UCM
Audio/Video call with Bob
Lync @ external domain
DNS SRV Records
Internet
bob@biloxi.com
IM&Presence
Outgoing IM bypasses Expressway

alice@atlanta.com
Alice migrated to Jabber

Cisco UCM initiates chat communication
with Bob Lync @ external
DNS SRV Records
domain
Internet
bob@biloxi.com
IM&Presence
SIP
Broker
alice@atlanta.com
Bob Lync @ external domain

Cisco UCM initiates chat communication
with Alice migrated to Jabber
DNS SRV Records
Internet
bob@biloxi.com
IM&Presence
SIP
Broker
alice@atlanta.com
MSFT Bob Lync @ external domain

Gateway initiates Audio/Video
Cisco UCM
communication with Alice
DNS SRV Records
migrated to Jabber
Internet
bob@biloxi.com
External SIP B2B Federation during Migration - Configuration
Cisco UCM
Configure SIP Route Pattern for External Domain URI Routing
Configure Calling Search Space for incoming/outgoing class of
service
Cisco UCM IM & Presence
Configure SIP Federated Domain
Add Static Route for Federated Domain via Lync Front End
Cisco Expressway X8.8
Add search rules for outgoing federated communication via Lync
Front End
Microsoft Lync Server
External Federation should already be in place screenshots
provided for documentation purpose
Cisco UCM Cisco UCM IM & Presence
Cisco Expressway
Cisco Expressway does allow for wildcard routing it is
recommended to configure explicit routes for externally
federated domains
Microsoft Lync Server
SIP Federation Next Hop

FQDN discovered through
_sipfederationtls DNS SRV
record
Migration and External Federation

Cisco to Microsoft Federation
Instant Messaging and
Presence
IM & Presence Translate Video and
IM to IM&P
Server RDP<->BFCP
XMPP
Cisco Meetings
Server B2B
IM to IM&P
Federated
Alice Jabber Media Partner
Clients Transcoding
& Adaption
(Lync) Bob
RDP
SIP/BFCP SIP/BFCP
RDP RDP RDP
Voice/Video 5061
Communication Expressway C Expressway E Lync Lync

Manager Edge Front End
Share Federate Jabber / Skype user with

Voice/Video & Desktop Share
Configuring Cisco SIP B2B Federation with Microsoft
SIP Trunk
SIP Trunk Security Profile
Configure Cisco SIP B2B Federation with Microsoft
SIP Route Pattern for Federated Domain
Expressway C Neighbor Zone for CUCM (Audio/Video)
Expressway C Neighbor Zone for CUCM IM&P
Expressway C Neighbor Zone for Cisco Meeting Server
Expressway C Traversal Zone
Expressway C Search Rule routing A/V inbound Microsoft traffic to CMS
Regex must match

all internal domains
Expressway C Search Rule routing A/V inbound traffic from CMS to UCM
Expressway C Search Rule routing outbound A/V traffic from UCM to CMS
Regex must match external

federated domain
Expressway C Search Rule routing outbound A/V traffic from CMS to Expressway E
Expressway C Search Rule routing inbound IM/P traffic to UCM IM&P
Expressway C Search Rule routing outbound IM/P traffic from UCM IM/P
Expressway C Additional configuration currently required for Presence
New zone per CUP server
Expressway C Additional configuration currently required for Presence
Search Rule for Presence
FQDN or IP address
Expressway E Traversal Zone, B2B DNS Zone
Expressway E Search Rules
Outbound Route
Inbound Route
Cisco UCM IM&P Configuration
TLS Peer Subject Configuration for Expressway C
TLS Context Configuration
TLS Peer Subject Configuration for Expressway C
TLS Context Configuration
SIP Federation Domain Configuration
Needs to be configured for

each B2B federated domain
SIP Federation Route Configuration
Needs to be configured for each B2B federated domain
External DNS Configuration
Microsoft specific DNS Federation SRV record for your domain
In case of multi domain deployment make sure

that you have configured SRV for each domain
Cisco UC Integration for Microsoft Lync
Skype for Business 64-bit Support
Same Lync client integration points now supported on
the 64-bit Skype for Business 2015 & 2016 clients!
NOTE: Previous version was 32-bit only support.
Integration Points:
Presence
Audio and Video Calling
Instant WebEx Meetings
Click to Call
Cisco UC Integration for Microsoft Lync
Release 11.6 Highlights
Platform Features New Voice and Video Features Accessibility
Skype for Business 64-Bit Support Appear Offline Presence Support Windows notification sound played when a
Survivable Remote Site Telephony Support contact search returns a result
Microsoft Office 2016 Support
Opus Codec Support User Interface Updates
Click-to-Call for Office - 64Bit Applications
Far End Camera Control High DPI
Windows 10 Support
DTMF Digit Management
Intel Atom Support Security Features
Headset Selection from Hub Window
IPv6 Support Encryption and Decryption of PRTs
Display Call Duration
Classic Ringtone PRT Logging Levels
Audio and Video Bridge Conferencing Invalid Certificate Behavior

Sign Out on Inactivity Timer Customer Signature for Installer
Protocol Rate Limiting
Microsoft Office client and server side interoperability
Cisco Jabber Collaboration

Solution Cisco Jabber 11.x support
Fully integrated into

Microsoft Office, on-premise
or Office 365(*)
(*) Check Release Notes for supported Office 365 deployment models
Functionality available at the application level
Cisco Jabber can integrate with the Microsoft Office suite
Click-to-X (click-to-call, click-to-IM, click-to-conference)
Presence light up of Microsoft Contact card
Store Instant Messaging conversation history in Outlook/Exchange
Microsoft Exchange integration (Exchange on-premise and Exchange online)

Calendar integration (client or server side)
Unified Messaging integration Cisco Unity Connection
Microsoft SharePoint integration (SharePoint on-premise and SharePoint online)

Click-to-X (click-to-call, click-to-IM, click-to-conference)
Presence light up of Microsoft Contact card
Additional integrations powered by Cisco Jabber
Jabborate integrations with

Cisco Jabber Web SDK
Web based user experience
cross multiple platforms
Microsoft SharePoint
IBM Connections
SAP
www.jabborate.com
Organizations moving commodity workloads to the cloud
PSTN B2B
C2B
Internet
Collaboration services integrated with cloud based applications (i.e. Exchange, SharePoint)
while maintaining todays required telephony functionality and PSTN access
while enhancing communication services with standards based interoperable business to
business and consumer functionality
Organizations moving commodity workloads to the cloud
PSTN B2B
C2B
ProxyAddresses Internet
AD attribute
EWS
Active Directory proxyAddresses attribute required for Office integration and light up
Cisco Unity Connection messaging integration with Exchange Online via Exchange Web
Services (EWS)
What about Cisco Spark?
Cisco Spark Hybrid Service - Connected Calling
Cisco Cisco
On-Premises & Collaboration
Partner Hosted HCS Cloud
Call Service Connect - connects Cisco Spark & the enterprise phone system so they behave as one
Your Spark app becomes an enterprise softphone

Provides voice and video interoperability between Jabber and Spark
User benefits:
Choice: use Jabber or Spark to call anyone without worrying about which you or the other person is using
One number: be reached on Spark, Jabber, or a deskphone. Choose to take the call on whichever suits you best at that moment
Reach everyone: call company extensions, PSTN numbers, Spark only users, and even video bridge numbers
Company dial plan: dial from the Spark app as you would from your deskphone - call PSTN numbers via enterprise phone system
Make the most of video assets: en-route to the office start a call on a mobile device and hand off to a room system when you arrive
113
BRKCOL-2610 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Spark Hybrid Service - Connected Calling
When Cisco Spark User is enabled for Hybrid Call Service Connect Business to Business
Calls are routed via the Enterprise (Cisco UCM, Expressway B2B)
Combining Cisco Spark Hybrid Call Service Connect with Expressway X8.9 Cisco to
Microsoft B2B Federation, Cisco Spark Users can call Lync 2013, Skype for Business
or Skype for Business Online Users (audio, video and two way screen sharing)
At this point there is no messaging interoperability available
Call Routing from Spark via Hybrid Service
Configuration Outgoing to O365
Expressway Hybrid Services
http REST
Connectors
Cisco Collaboration
SIP call from Spark (Hybrid) signaled to Enterprise CC
Cloud
Destination URI Bob@<office365 domain> AXL
Routed through Spark Traversal Zone
SIP Route Pattern <office365 domain>

towards Expressway-C
Search Rule Search Rule Search Rule <office365 domain>

<office365 domain> <office365 domain> to to CMS
to DNS Zone B2B/MRA Traversal Zone
Incoming Call
DNS lookup for _sipfederationtls._tcp.<office365 domain> Forwarding <office365 domain>
Outbound Call
<office365 domain> as Lync call
Expressway-C
Call Routing from S4B (O365) to Spark via Hybrid
Configuration incoming from O365
Expressway Hybrid Services
http REST
Connectors
Cisco Collaboration
SIP call to Spark, destination cloud
Cloud
URI Alice@<xyz>.ciscospark.com AXL
Through Spark Traversal Zone
SNR / Hybrid Services
Search Rule
Incoming Search Rule Search Rule <customer domain>
Type MSFT SIP
<customer domain> from CMS to UCM
<customer domain>
To B2B Traversal Zone
to CMS
Incoming Call
Forwarding <customer domain>
Outbound Call
DNS lookup for _sipfederationtls._tcp.<customer domain>
<customer domain> as standard SIP
Call Expressway-C
Summary
Cisco Interoperability with Microsoft
Many options to interoperate
Identify your requirements and select the right scenario for your environment
User experience
Technical feasibility
Complexity
Operational implications
Understand the pros and cons of the selected scenario
Mileage of certain functionalities might vary when applied to a real life environment
Media Bypass in multi site deployment
Thoroughly evaluate (PoC)
Cisco remains committed to support interoperability scenarios
How to get hands on experience?
Cisco UCM 11.5, Jabber 11.7 and Expressway X8.8 hands on lab
available in Cisco dCloud demo and lab environment
Cisco UCM 11.5, Jabber 11.7 and Expressway X8.9 hands on lab
available @CL Berlin and via Cisco dCloud
Go to http://dcloud.cisco.com (CCO login required)
Complete Your Online Session Evaluation
Please complete your Online
Session Evaluations after each
session
Complete 4 Session Evaluations &
the Overall Conference Evaluation
(available from Thursday) to receive
your Cisco Live T-shirt
All surveys can be completed via
the Cisco Live Mobile App or the
Dont forget: Cisco Live sessions will be available
Communication Stations for viewing on-demand after the event at
CiscoLive.com/Online
Continue Your Education
Demos in the Cisco campus
Walk-in Self-Paced Labs
Lunch & Learn
Meet the Engineer 1:1 meetings
Related sessions
Q&A
Thank You

Cisco Interoperability With Microsoft

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Cisco Interoperability With Microsoft

Hochgeladen von

Copyright:

Verfügbare Formate

Cisco Interoperability with Microsoft

Architecture Microsoft Lync / Skype for Business

Mediation Director Many moving

DNS Load Balancer Storage Compute Additional 3rd

Remote Call Control (RCC)

Microsoft Skype for Business RCC Reference: https://technet.microsoft.com/en-us/library/gg558658.aspx

Please see BRKCOL-2611 Cisco Interoperability with Microsoft Part 2

RTaudio G.711 G.729/iLBC

Media Bypass CAC Result

Off On Mediation server always employed; CAC applied

Multiple sites require multiple trunks

Only call control authoritative for endpoint is aware of client location

Lync Lync Lync Cisco ASA Cisco UCM Cisco Jabber

SIP SIP SIP SIP XMPP

Lync Lync Lync Expressway-E Expressway-C Cisco UCM Cisco Jabber

SIP SIP SIP SIP XMPP

Lync Lync 2013(*) Lync Cisco Cisco UCM Cisco Jabber

SIP XMPP XMPP XMPP XMPP

Not recommended for Cisco UCM IM & Presence on premise deployments

Lync Lync 2013(*) Lync Cisco Webex Messenger Cisco Jabber

Cisco Webex Messenger cloud service only supports XMPP Federation

SIP SIP XMPP

SIP SIP XMPP

Pre 10.x default URI format sAMAccountName@<domain>

Post 10.x advanced configuration allows for selecting either msRTCSIP-primary

Configure Cisco UCM IM & Presence

This sounds awfully complicated

Example uses a Lync 2013 Standard Server without

Wizard will list all domains configured

Required steps for Certificate Management

Wizard provided Lync Server PowerShell configuration commands to

Cisco UCM Platform Administration does provide the

Download the CSR for submission to the CA

Certutil setreg policy\Edit Flags +EDITF_ATTRIBUTESUBJECTALTNAME2

In the additional Attributes dialog enter:

Suggested changes to CA policy might be considered to

Lync only imports RTC enabled

What about Audio/Video at the

In a multi domain environment this step needs to be

Add the DNS FQDN and the Expressway IP address to

Replaced 3 tools with one easy to use Windows application

Migration and External Federation

Lync Edge Expwy-E

ASA TLS proxy

Internet Standards based A/V external

Alice on Lync initiates or

Alice migrated to Jabber

Outgoing IM bypasses Expressway

Alice migrated to Jabber

Bob Lync @ external domain

MSFT Bob Lync @ external domain

SIP Federation Next Hop

Migration and External Federation

Communication Expressway C Expressway E Lync Lync

Share Federate Jabber / Skype user with

SIP Trunk Security Profile

SIP Route Pattern for Federated Domain

Regex must match

Regex must match external

TLS Context Configuration

TLS Context Configuration

Needs to be configured for

Needs to be configured for each B2B federated domain