Expressway Edge Deployment
Demo(screenshots)
1. Deployment Guide
https://drive.google.com/open?id=0B5tzzJsbkWkIc0dwZHdNcVgtZzg&authuser=0
1.1 Topology
1.2 IP allocations
Domain: uc.dc.com
| ||||||
Server
|
Domain name
|
IP address
| ||||
CUCM(Internal)
|
cm10.uc.dc.com
|
172.17.20.110/24
| ||||
IM&P(Internal)
|
imp10.uc.dc.com
|
172.17.20.112/24
| ||||
ad-inside.uc.dc.com
| ||||||
AD/DNS(Internal)
|
172.17.20.120/24
| |||||
Expressway-Core(Internal) expc.uc.dc.com
|
172.17.20.121/24
| |||||
Expressway-Edge(
| ||||||
External)
|
expe.uc.dc.com
| |||||
10.10.10.121/24
| ||||||
DNS (External)
|
dns-outside.uc.dc.com
|
10.10.10.1/24
| ||||
- AD/AD Certificate/DNS
- Install Windows Server 2008 R2 Enterprise
- Deploy Virtual Machines
2.1.2 Install Windows Server 2008 R2 Enterprise
2.1.3 Create Administrator
2.1.4 Change hostname->AD-INSIDE
9
2.2 Deploy AD/DNS/AD Certificate
2.2.1 Install AD, Create Domain (uc.dc.com)
2.2.1.1 Service Manager->Add Roles
10
2.2.1.2 Select Server Roles->Active Directory Domain Services
11
2.2.1.3 Install AD and DNS
12
13
14
15
16
17
18
19
20
21
2.2.2 Internal DNS
2.2.2.1 Configure CM/IMP/EXPC/EXPE Domain Resolve
22
 | ||||||||
2.2.2.2 Configure SRV Record
| ||||||||
Service
|
Protocol
|
Port number
|
Host offering this service
| |||||
_cisco-phone-http
|
_tcp
|
8443
|
cm10.uc.dc.com.
| |||||
_cisco-uds
|
_tcp
|
8443
|
cm10.uc.dc.com
| |||||
_cuplogin
|
_tcp
|
8443
|
imp10.uc.dc.com
| |||||
_sip
|
_tcp
|
5060
|
cm10.uc.dc.com
| |||||
_sips
|
_tcp
|
5061
|
cm10.uc.dc.com
| |||||
_sips
|
_udp
|
5060
|
cm10.uc.dc.com
| |||||
23
24
25
26
27
2.2.3 InstallAD Certificate
2.2.3.1 Service Manager->Add Roles
2.2.3.2 Select Server Roles->Active Directory Certificate Services | Web Server (IIS)
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
http://172.17.20.120/certsrv/
username:administrator | password:vwic-2mft
47
2.2.4 AD and AD Certificate ‘s Configure
2.2.4.1 In AD add user
Active Directory Users and Computers ->uc.dc.com ->new - >Organizational
Unit
48
collaboration ->new ->user
49
50
2.2.4.2 useradd number
51
2.2.4.3 create certificate template
Active Directory Certificate Services ->Certificate Templates ->Web
Server
->Duplicate Template
52
Template display name: Web Server and Client
53
Extensions ->Application Policies ->Edit ->Add ->Client Authentication and
Server Authentication
54
2.2.4.4 publish certificate template
Active Directory Certificate Services ->uc-AD-INSIDE-CA - >Certificate
Templates ->New ->Certificate Templates to Issue
55
56
57
2.2.5 external DNS ‘s Configure 2.2.5.1 Configure external DNS Resolve
2.2.5.1.1Configure Expressway Edge DomainResolve:
58
 | ||||||||
2.2.5.1.2Configure SRV Record
| ||||||||
Service
|
Protocol
|
Port number
|
Host offering this service
| |||||
_collab-edge
|
_tls
|
8443
|
expe.uc.dc.com.
| |||||
_sips
|
_tcp
|
5061
|
expe.uc.dc.com
| |||||
59
60
61
62
3. vRouter install deployment
3.1 vRouter ‘s install
vRouter ‘s install referrer to 《vRouter install guide》
3.2 vRouter ‘s Configure
vrouter is used to imitate real router isolating external and internal networks
3.2.1 Configure interface
63
3.2.2 Configure IP address
64
65
4. CUCM ‘s install与Configure
4.1 CUCM ‘s install
10.0.1.10000-24
4.2 CUCM 与 AD integration
step 1 choose Cisco Unified CM Administration > System > LDAP > LDAP System. step 2 choose Add New.
step 3 choose Enable Synchronizing from LDAP Server.
66
step 4 choose Cisco Unified CM Administration > System > LDAP > LDAP Directory
step 5 click “Add new”,
67
“Save”, execute “Perform Full Sync Now”
step 6 choose Cisco Unified CM Administration > System > LDAP > LDAP Authentication
68
4.3 SIP Trunk Profile
choose Cisco Unified Communications Manager Administration > System
| |
step 1
|
>
|
Security > SIP Trunk Security Profile.
| |
69
 | ||
step
|
2
|
choose Find.
|
step
|
3
|
choose Non Secure SIP Trunk Profile.
|
step 4 copy SIP Trunk Profile,
70
step 5 choose :
Accept Presence Subscription Accept Out-of-Dialog REFER Accept Unsolicited Notification Accept Replaces Header
71
step 6 choose Save.
4.4 SIP Trunk setttings
choose Cisco Unified Communications Manager Administration > Device > Trunk.
choose Add New.
72
put peer CUPS server ’s hostname Domain address choose for CUPS ‘s Non Secure SIP Trunk Profile choose Standard SIP Profile from the SIP Profile menu
choose Save.
73
4.5 Presence
step 1 choose Cisco Unified Communications Manager Administration > System >
Service Parameters.
step 2 choose Cisco Unified Communications Manager server from the Server menu.
step 3 choose Cisco CallManager from the Service menu.
step 4
74
step 5 choose Save.
4.6 UC Service and Service Profile
add a Service Profile,
75
76
77
4.7 End User Service Profile
4.8 create Phone Security Profile
System > Security > Phone Security Profile
78
find Cisco Unified Client Services Framework - Standard SIP Non-Secure
Profile, click Copy,
change Cisco Unified Client Services Framework - Standard SIP Secure Profile, change security mode 。
79
4.9 Jabber Phone use Phone Security Profile
Phone and User。
Device Security Profile choose create ’s SIP Secure Profile, save 。
80
81
- IM and Presence integration
- IM and Presence ‘s Install
82
add Sub ‘s address , choose CUCM IM and Presence。
5.2 integration CUCM ‘s setttings
83
84
85
- Expressway-Core Configure
- deployment VCS virtual machine
- change system name
6.1.2 active system
86
6.1.3 DomainConfigure
6.1.4 DNS Configure
87
6.2 certificate
6.2.1 generate Root certificate
to certificate server ( internal AD server )generate certificate 。
http://172.17.20.120/certsrv/
88
89
6.2.2 upload Root certificate to Exp-C
restart
90
6.2.3 generate Exp-C Server Certificate
91
copy PEM file all content , to certificate server to generate Exp-C server certificate ;
92
PEM file content
93
download certificate ,rename certificate to expcCA.pem,
94
6.2.4 upload Server Certificate to Exp-Core
95
6.3 Tunnel
Configuration > Zones > Zones > New
choose Traversal client,
96
Unified Communications server In Configuration > Unified
Communications > Configuration in Unified Communications Mode open Mobile
97
Location Peer add Expressway-E ‘s hostname 加Domain。Save.
Server Active.
6.4 Remote and Acess Configure
6.4.1 open Remote Acess
Configuration > Unified Communications > Configuration
98
6.4.2 CUCM create AXL SOAP user
Create a new User Group "AXL Group" in User Management > User Setting > Access Control Group. Add New.
Save.
On the top right drop down list "Related Links", select "Assign Role to User Group" and assign the previously created Role to the new User Group "AXL Group".
99
100
Create a new Application User “AXL” in User Management > Application User.
Add New.
101
6.4.3 add CM Server
create’s Application User.
102
CUCM status : TCP.Active.
6.4.4 add IMP Server
IMP status : Active
Configure allow list “Configure HTTP server allow list”
6.4.5 verify Configure
Status > Unified Communications
103
104
- Expressway-Edge Configure
- deployment VCS virtual machine
- change system name
7.1.2 active
105
7.1.3 DNS Configure
- certificate
- create tunnel
Configuration > Zones > Zones > New
106
add ’s user。
Create user
107
TLS verify subject name add Exp-C ‘s hostname 加Domain。Save.
Created : active
7.4 Remote and Acess Configure
Configuration > Unified Communications > Configuration
108
109
8. Test
110
111
No comments:
Post a Comment