Beruflich Dokumente
Kultur Dokumente
Ciscos Collaboration Edge is an umbrella term describing Ciscos entire collaboration architecture for
edge access. The core products that make up the Collaboration Edge Architecture include:
Cisco Expressway
CUBE
TDM & Analog Gateways
SRST
One of the most highly desired features enabled with the Collaboration Edge is the ability to use Jabber
clients from outside of the enterprise network without VPN technology. This capability is specifically
enabled by the Cisco Expressway product and is referred to as Unified Communications at the feature
level. This feature is delivered in the X8.1.1 software release of the Expressway product. This lab will
guide you through configuring the remote and mobile access features to use with Jabber for Windows.
While this lab guide focuses specifically on Jabber, this capability also exists for TelePresence endpoints
that run TC software (i.e. C/EX/MX/SX/Profile-series endpoints).
How Expressway Traversal Works:
1. Expressway E is the traversal server installed in DMZ. Expressway C is the traversal client
installed inside the enterprise network.
2. Expressway C initiates traversal connections outbound through the firewall to specific ports on
Expressway E with secure login credentials.
3. Once the connection has been established, Expressway C sends keep-alive packets to
Expressway E to maintain the connection
4. When Expressway E receives an incoming call, it issues an incoming call request to Expressway
C.
5. Expressway C then routes the call to UCM to reach the called user or endpoint
6. The call is established and media traverses the firewall securely over an existing traversal
connection
UCM provides call control for both mobile and on-premise endpoints
Media Traversal
C calls A on-premise
Media Relay
C calls B off-premise
B calls D off-premise
A GEO DNS service can be used to provide unique DNS responses by geographic region
The lab is based on Expressway X8.1.1, CUCM 10.0, and Jabber for Windows 9.7. Note that ICE
(STUN/TURN) support is planned for the CUCM 10.5 release.
Lab Topology
For this lab you will be accessing your Jabber PCs via Remote Desktop. There are two PCs available on
the inside of the network (PC1 & PC3), and an Edge PC (ePC) located outside the firewall. You will need
to utilize Cisco AnyConnect in order to access your pods infrastructure. You will be able to access the
administrative web interfaces for the CUCM and Expressway C & E via your computer or via Remote
Desktop. If you have not connected yet to your pod please see the remote access instructions
document at http://ciscovideolab.com.
NOTE: Please be aware that once you are VPNed into your
pod you will have access to the Expressway E and ePC for ALL
pods. Please make sure that you are only accessing the
devices that are associated for your pod.
DNS Setup
As you read earlier in the Technical Overview DNS is critical to how the Collaboration Edge solution
works with Jabber. As such, the first item you will need to configure will be DNS SRV records that enable
automatic service discovery for the Jabber clients. The service discovery feature allows Jabber to
determine several items:
Your internal DNS server for lab is a Microsoft Windows Active Directory Server. Lets connect to it to
begin configuration:
Login Credentials:
Username: COLLAB\administrator
Password: Cisco12345
Domain: COLLAB
3. Once you are in the DNS Manager expand the Forward Lookup Zones folder
4. Expand collab.com
5. Click on the _tcp folder
6. Right click on _tcp and select Other New Records
7. Select Service Location (SRV) from the resource record type list and click Create Record
8. Enter the following information in the New Resource Record dialog box:
Service _cisco-uds
Protocol _tcp
Port Number 8443
Host offering this service cucm.collab.com. (note the period)
9. Press OK to save the _cisco-uds SRV record.
10. The Resource Record Type dialog box window should still be open. Press Create Record again
ensuring that the record type is still set to Service Location (SRV).
11. Enter the following information in the New Resource Record dialog box:
Service _cuplogin
Protocol _tcp
Port Number 8443
Host offering this service cups.collab.com. (note the period)
15. For this lab we have already pre-configured the external DNS (you will not see this in your DNS
server, this is in the service providers DNS) records for the Collaboration Edge feature to work.
For your reference these are the parameters that were used to setup the _collab-edge SRV
record.
Service _collab-edge
Protocol _tls
Port Number 8443
Host offering this service vcse.collab.com. (note the period)
Communications Manager Setup
Next, we will want to configure the CUCM system to support the Collaboration Edge configuration.
For this lab we have pre-configured a SIP Trunk from the CUCM to the Expressway C simulating a
customer that has already integrated a CUCM and VCS together. You will be extending that existing
integration to support the new Unified Communications remote access features. This deployment
scenario however creates a potential issue with Communications Manager; CUCM SIP Trunks do not
support registration for line-side devices (i.e. Phone Endpoints/Softphones). To work around this issue,
we are going to change the ports that are used between the CUCM and Expressway SIP trunks. We will
switch this SIP Trunk to use port 5560 rather than the default 5060. Note that if you do not make this
change, endpoints connected to the Expressway Edge will not be able to register to CUCM successfully.
7. Click Save
8. Navigate to Device > Trunk
9. Click Find
10. Click on VCSTrunk. Note that there are multiple VCSTrunk entries in the search results, it does
not matter which one you select.
11. Change the SIP Trunk Security Profile to Custom Expressway SIP Trunk Profile
13. You will receive an alert confirming your trunk changes. Click OK to continue.
14. Press the button to reset the SIP trunk. Press the button on the pop-up
window.
Next, we will want to configure Communications Manager to associate domain URIs (i.e.
user@domain.com) with the end users on the system. Note that by default URIs are case sensitive and
this can create user experience issues. We suggest disabling case sensitivity as shown in the instructions
below.
Note: This configuration enables the Communications Manager cluster, in our case, to apply the domain of collab.com to
the users that are configured in communications manager. This is a CLUSTERWIDE configuration.
6. Navigate to User Management End Users
7. Click "Find" to display all of your end users
8. Click "tstark" and verify that his Directory URI is listed as in the figure below
9. Scroll down to "Directory Number Associations" and select the Primary extension
10. Click Save
The CUCM system is now configured to correctly route inbound/outbound URI calls for all users on the
system. We will test this functionality later on in this lab.
Expressway E Setup
Next, we will want to configure the Expressway E to support the Collaboration Edge. The items you are
going to do are:
3. Change the NTP Server by selecting System > Time and set NTP server 1 to 173.36.113.58. Click
Save. After approximately 60 seconds you will see the State change to Synchronized.
4. Create a new Traversal Zone by selecting Configuration > Zones > Zones and press the New
button.
5. Enter the following information in the Zone configuration:
7. To disable the secondary NIC, navigate to System > IP and set Use dual network interfaces to
No. Click Save.
8. After pressing Save, the Expressway will ask you to restart the system to enable the changes.
Click restart. Click OK when prompted to confirm the restart.
The system will provide a restart status window. You can proceed to the next section
(Expressway-C setup) while the Expressway-E restarts.
Expressway C Setup
Next, we will configure the Expressway C to support the Collaboration Edge. The items you are going to
do are:
3. Next we will need to configure the IM and Presence, Unified CM and TFTP servers. Navigate to
Configuration > Unified Communications > Configuration
4. Set Unified Communications mode to Mobile and remote access
5. Click Save
7. Click New
8. Enter the following information on the page:
11. Verify that your found Unified CM node shows status as TCP: Active
12. Click Discover IM and Presence servers in the Related tasks window
13. Press the New button
14. Enter the following information on the page:
29. Notice the CEtcp zone that was created automatically for your Communications Manager
30. Click New to create a client Zone for Firewall Traversal to your Expressway E server.
32. You will see a notification that the Zone has been saved. The newly created Traversal Zone
status should show as Active. Note that it may take a few seconds to become Active, wait a few
seconds and Refresh the page if this is the case.
33. Navigate to Status > Unified Communications to verify the Collaboration Edge Status matches
the picture shown below. Specifically, note the collab.com domain that is associated with your
Traversal Zone.
34. Navigate to Configuration > Zones > Zones
35. Click View/Edit on the CUCM Zone
36. Change the SIP Port to 5560 (to match what we configured in CUCM)
37. Click Save
38. Verify that the CUCM Zone SIP status field still shows as Active
39. Note: In a production deployment the next step would be to generate a SSL Certificate Signing
Request (CSR). CSRs are generated from the Expressway E and would need to be sent on to a
trusted Certificate Signing Authority to be issued. For this lab we are using self signed
certificates, which will cause warning messages to be displayed in the Jabber clients.
40. You have now completed the necessary server side setup to enable the Collaboration Edge
functionality.
Jabber Client Setup
1. Initiate a Remote Desktop Session to your edge PC podX-ePC.collab.com (replace X with your
Pod #).
2. Login as Username: COLLAB\dblake and Password: Cisco12345 Domain: COLLAB
3. Upon login the VCam Manager application will pop up on the screen. Minimize this application
(do not close it) as it will be used later with Jabber to simulate a video call.
Note: For the purposes of this lab we are sharing the collab.com domain between all of the pods. In
order for this to work, we need to create a static host entry on your Edge PC to be able to connect to
the correct Expressway E. You would not need to do this in a standard customer deployment.
4. Right click the hosts file shortcut on the Desktop and select Edit with Notepad++
#173.36.117.x vcse.collab.com
https://vcse.collab.com:8443/Y29sbGFiLmNvbQ/get_edge_config?service_name=_cisco-
uds&service_name=_cuplogin
9. You should be prompted with an authentication dialog box
10. Enter dblake as the User Name, and Cisco12345 as the Password.
11. You should see an XML file displayed; note the service information for _cuplogin and _cisco-uds.
The server addresses should point to cups.collab.com and cucm.collab.com, respectively.
12. At this point, we have validated our configurations and should be able to test everything out.
13. Launch Cisco Jabber from the Desktop
14. Notice that Jabber 9.7 only asks for a username. The Jabber for Windows client now supports
automatic service discovery both on and off the corporate network using DNS SRV records.
15. Enter dblake@collab.com as your username and press Continue
16. You will then be prompted to enter your password (Cisco12345). Press Sign In
17. You should be prompted to accept the server certificate. Press Accept
18. You will now see that you are logged into the Jabber client. Note that contact photos are
displayed, and that Jabber is connected in soft phone mode (picture in lower right corner).
19. Click Help > Show Connection Status. Note the Softphone, Presence, and Voicemail status are
using the Expressway for connectivity to the corporate network.
20. In order to fully test out the Jabber capabilities we need to login on a second desktop PC.
21. Initiate a Remote Desktop Session to PC1.collab.com. This remote desktop session is to an
internal PC that is located on the internal corporate network.
22. Login as Username: COLLAB\SRogers and Password: Cisco12345 Domain: COLLAB
23. Upon login the VCam Manager application will pop up on the screen. Minimize this application
(do not close it) as it will be used later with Jabber to simulate a video call.
24. Jabber for Windows should auto launch and you will be logged in as Steve Rogers. Your buddy
list is pre-configured and you should see Donald Blake online.
25. Send an Instant Message to Donald Blake to see IM work from inside the firewall to outside the
firewall.
26. Note that features like typing indications work.
27. Note that Screen Capture and File Transfer do not work yet in the initial release of the
Collaboration Edge.
28. Escalate your IM session to a call by pressing the Phone icon in the upper right hand corner of
your IM session. Your call will establish with video capabilities. Since we are using Jabber within
a Remote Desktop session for this lab, weve replaced the live video with pictures to simulate
the experience.
Inside PC:
External PC:
29. Note that On a Call status works for clients inside and outside the firewall.
You have now successfully completed setup and testing of Jabber with the Collaboration Edge! If you
are experiencing any problems, please see the troubleshooting section below. If everything is working
you can still review the troubleshooting section as it provides insight that can be useful if you are
helping a customer deploy this solution.
Troubleshooting
Issues with Jabber hanging, crashing and doing other odd things:
Understanding how the Reverse Proxy URLs are used by Jabber is very helpful to troubleshoot
configuration issues. The URLs have Base64 encoded sub-URLs that contain the actual URL we want to
access. It is useful to leverage http://www.base64decode.org/ to encode/decode these URLs for
troubleshooting purposes.
Below is an example that will pull the jabber-config.xml file from the CUCM server:
https://vcse.collab.com:8443/Y29sbGFiLmNvbS9odHRwL2N1Y20uY29sbGFiLmNvbS82OTcw/jabber-
config.xml
If we look at this URL step by step, we are connecting to the Reverse HTTP Proxy server at
https://vcse.collab.com:8443.
collab.com refers to the traversal zone we are going to cross in the Expressway
http refers to the protocol to use. This could be http or https
cucm.collab.com is the host we are going to connect to
6970 is the HTTP port on cucm.collab.com that we are connecting to. In this case, 6970 is the
HTTP port to pull configuration files from CUCM.
Lastly /jabber-config.xml refers to the file that we will be loading from the server above.
Now that you understand how the Reverse Proxy URLs work, below are some useful Test URLs and
their corresponding responses from a working configuration. If you are prompted for authentication,
you can use Username: dblake and Password: Cisco12345.
Test DNS SRV Records for Service Discovery
https://vcse.collab.com:8443/Y29sbGFiLmNvbQ/get_edge_config?service_name=_cisco-
uds&service_name=_cuplogin
Query CUCM UDS server for a users Home CUCM Cluster:
https://vcse.collab.com:8443/Y29sbGFiLmNvbS9odHRwcy9jdWNtLmNvbGxhYi5jb20vODQ0Mw/
cucm-uds/clusterUser?username=dblake
Query CUCM for the jabber-config.xml file stored in CUCMs TFTP directory:
https://vcse.collab.com:8443/Y29sbGFiLmNvbS9odHRwL2N1Y20uY29sbGFiLmNvbS82OTcw/jab
ber-config.xml