UC Valley: 2016

Saturday 26 November 2016

List TelePresence devices Existing in CUCM using Python

I recently programmed a python script that shows all of the telepresence devices in my CUCM using AXLAPI. it's easy and fast to know the codec login IPs and registration status.

python 3 keeps lots of potential troubles from you and install library as below. I am sure it's not a difficulty if you had a Linux and python experience before.

#!/usr/bin/python3.4
import ssl
import urllib
import sys, getopt, re, requests
from suds.transport.https import HttpAuthenticated
from suds.client import Client
from suds.sax.element import Element
from xml.etree import ElementTree
from suds.xsd.doctor import Import
from suds.xsd.doctor import ImportDocto
import pickle
import pandas as pd
import numpy as np

next, you need to download AXLAPI.wsdl from CUCM. where it is? see here:

ris_data = []

def pk():
    pickle_in = open("/home/credential/pwds","rb")
    dict = pickle.load(pickle_in)
    return dict

def createClient():
        cmserver = 'YOUR CUCM IP'
        cmport = '8443'
        username = 'AXL ADMIN USERNAME'
        pwd = pk()
        password = pwd[1]
        location = 'https://' + cmserver + ':' + cmport + '/realtimeservice/services/RisPort70?wsdl'
        t = HttpAuthenticated(username=username, password=password)
        t.handler=urllib.request.HTTPBasicAuthHandler(t.pm)
        ssl_def_context = ssl.create_default_context()
        ssl_def_context.check_hostname = False
        ssl_def_context.verify_mode = ssl.CERT_NONE
        t1=urllib.request.HTTPSHandler(context=ssl_def_context)
        t.urlopener = urllib.request.build_opener(t.handler,t1)
        wsdl ='file:///opt/tempfile/axlsqltoolkit/schema/current/AXLAPI.wsdl'
        imp = Import('http://schemas.xmlsoap.org/soap/encoding/')
        doctor = ImportDoctor(imp)
        client=Client(url=location, transport=t, doctor=doctor)
        return client

ris_data list stores all results

in pk(), I put all of the AD password in a file and serialised them into a file

createClient() create a session to CUCM with credenticals

def parse(tp):
        for node in tp['SelectCmDeviceResult'].CmNodes:
            for dev in node.CmDevices:
                name = dev.Name
                desc = dev.Description
                dirn = dev.DirNumber
                ip = "http://" + dev.IPAddress[0][0] + "/web/signin"
                global ris_data
                ris_data.append([desc,name,dirn,ip])

def tpIPsx10(client):
        tp = client.service.SelectCmDevice("", {'SelectBy':'Name', 'Status':'Any', 'Class':'Any',
                                                'NodeName':'sampleName.acme.com','Model':'682'})
        parse(tp)
 
def tpIPsx80(client):
        tp = client.service.SelectCmDevice("", {'SelectBy':'Name', 'Status':'Any', 'Class':'Any',
                                                'NodeName':'sampleName.acme.com','Model':'688'})
        parse(tp)

def tpIPmx300(client):
        tp = client.service.SelectCmDevice("", {'SelectBy':'Name', 'Status':'Any', 'Class':'Any',
                                               'NodeName':'sampleName.acme.com','Model':'690'})
        parse(tp)
      
def tpIPmx800branch(client):
        tp = client.service.SelectCmDevice("", {'SelectBy':'Name', 'Status':'Any', 'Class':'Any',
                                                   'NodeName':'sampleName.acme2.com','Model':'36208'})
        parse(tp)

def tpIPmx800(client):
        tp = client.service.SelectCmDevice("", {'SelectBy':'Name', 'Status':'Any', 'Class':'Any',
                                                   'NodeName':'sampleName.acme.com','Model':'36208'})
        parse(tp)
   
def tpIPmx700branch(client): 
        tp = client.service.SelectCmDevice("", {'SelectBy':'Name', 'Status':'Any', 'Class':'Any', 
                                                   'NodeName':'sampleName.acme2.com','Model':'36207'})            
        parse(tp)

def tpIPmx800dual(client):
        tp = client.service.SelectCmDevice("", {'SelectBy':'Name', 'Status':'Any', 'Class':'Any',
                                                'NodeName':'sampleName.acme.com','Model':'36227'})
        parse(tp)

parse() parses results from a client object and puts desired data into ris_data list. the client objects are with each different of telepresence models I have in CUCM.

it's important to know all of the model numbers. issuing the SQL in SSH of CUCM will get them all:

admin:run sql select enum, name from typemodel
enum  name                                              
===== ==================================================
15    EMCC Base Phone                                   
20    SCCP Phone                                        
30    Analog Access                                     
40    Digital Access                                    
42    Digital Access+                                   
43    Digital Access WS-X6608                           
47    Analog Access WS-X6624                            
50    Conference Bridge                                 
51    Conference Bridge WS-X6608                        
62    H.323 Gateway                                     
70    Music On Hold                                     
71    Device Pilot                                      
73    CTI Route Point                                   
80    Voice Mail Port                                   
90    Route List                                        
100   Load Simulator                                    
110   Media Termination Point                           
111   Media Termination Point Hardware                  
120   MGCP Station                                      
121   MGCP Trunk                                        
122   GateKeeper                                        
125   Trunk                                             
126   Tone Announcement Player                          
254   Unknown MGCP Gateway                              
255   Unknown                                           
52    Cisco IOS Conference Bridge (HDV2)                
53    Cisco Conference Bridge (WS-SVC-CMM)              
83    Cisco IOS Software Media Termination Point (HDV2) 
84    Cisco Media Server (WS-SVC-CMM-MS)                
112   Cisco IOS Media Termination Point (HDV2)          
113   Cisco Media Termination Point (WS-SVC-CMM)        
131   SIP Trunk                                         
132   SIP Gateway                                       
133   WSM Trunk                                         
85    Cisco Video Conference Bridge (IPVC-35xx)         
522   BlackBerry MVS VoWifi                             
640   Usage Profile                                     
598   Ascom IP-DECT Device                              
599   Cisco TelePresence Exchange System                
36041 Cisco TelePresence Conductor                      
61    H.323 Phone                                       
72    CTI Port                                          
134   Remote Destination Profile                        
30027 Analog Phone                                      
30028 ISDN BRI Phone                                    
2     Cisco 12 SP+                                      
3     Cisco 12 SP                                       
4     Cisco 12 S                                        
1     Cisco 30 SP+                                      
5     Cisco 30 VIP                                      
9     Cisco 7935                                        
6     Cisco 7910                                        
7     Cisco 7960                                        
8     Cisco 7940                                        
10    Cisco VGC Phone                                   
11    Cisco VGC Virtual Phone                           
48    VGC Gateway                                       
12    Cisco ATA 186                                     
124   7914 14-Button Line Expansion Module              
336   Third-party SIP Device (Basic)                    
374   Third-party SIP Device (Advanced)                 
115   Cisco 7941                                        
119   Cisco 7971                                        
20000 Cisco 7905                                        
302   Cisco 7985                                        
307   Cisco 7911                                        
308   Cisco 7961G-GE                                    
309   Cisco 7941G-GE                                    
335   Motorola CN622                                    
348   Cisco 7931                                        
358   Cisco Unified Personal Communicator               
365   Cisco 7921                                        
369   Cisco 7906                                        
375   Cisco TelePresence                                
376   Nokia S60                                         
30002 Cisco 7920                                        
30006 Cisco 7970                                        
30007 Cisco 7912                                        
30008 Cisco 7902                                        
30016 Cisco IP Communicator                             
30018 Cisco 7961                                        
30019 Cisco 7936                                        
30032 SCCP gateway virtual phone                        
30035 IP-STE                                            
404   Cisco 7962                                        
412   Cisco 3951                                        
431   Cisco 7937                                        
434   Cisco 7942                                        
435   Cisco 7945                                        
436   Cisco 7965                                        
437   Cisco 7975                                        
446   Cisco 3911                                        
550   Cisco ATA 187                                     
631   Third-party AS-SIP Endpoint                       
36049 BEKEM 36-Button Line Expansion Module             
484   Cisco 7925                                        
586   Cisco 8941                                        
645   Universal Device Template                         
688   Cisco TelePresence SX80                           
609   Cisco TelePresence Quick Set C20                  
585   Cisco 8945                                        
228   7915 24-Button Line Expansion Module              
36042 Cisco DX80                                        
620   Cisco TelePresence TX9200                         
86    Cisco IOS Heterogeneous Video Conference Bridge   
642   Carrier-integrated Mobile                         
468   Cisco Unified Mobile Communicator                 
36208 Cisco TelePresence MX800                          
611   Cisco TelePresence Profile 42 (C60)               
557   Cisco TelePresence 200                            
36207 Cisco TelePresence MX700                          
613   Cisco TelePresence Profile 52 (C60)               
608   Cisco TelePresence Codec C40                      
564   Cisco 6945                                        
547   Cisco 6901                                        
562   Cisco Dual Mode for iPhone                        
690   Cisco TelePresence MX300 G2                       
606   Cisco TelePresence Codec C90                      
652   Cisco Jabber for Tablet                           
597   Cisco TelePresence MCU                            
594   VKEM 36-Button Line Expansion Module              
497   Cisco 6961                                        
496   Cisco 6941                                        
520   Cisco TelePresence 1100                           
592   Cisco 3905                                        
36213 Cisco 7811                                        
36043 Cisco DX70                                        
558   Cisco TelePresence 400                            
503   Cisco Unified Client Services Framework           
612   Cisco TelePresence Profile 52 (C40)               
36217 Cisco 8811                                        
577   Cisco 7926                                        
521   Transnova S3                                      
590   Cisco TelePresence 500-32                         
493   Cisco 9971                                        
689   Cisco TelePresence MX200 G2                       
227   7915 12-Button Line Expansion Module              
683   Cisco 8841                                        
682   Cisco TelePresence SX10                           
540   Cisco 8961                                        
604   Cisco TelePresence EX60                           
633   Cisco TelePresence Profile 42 (C40)               
230   7916 24-Button Line Expansion Module              
647   Cisco DX650                                       
229   7916 12-Button Line Expansion Module              
610   Cisco TelePresence Profile 42 (C20)               
616   Cisco TelePresence Profile 65 Dual (C90)          
253   SPA8800                                           
584   Cisco TelePresence EX90                           
588   Generic Desktop Video Endpoint                    
614   Cisco TelePresence Profile 52 Dual (C60)          
681   Cisco ATA 190                                     
617   Cisco TelePresence MX200                          
615   Cisco TelePresence Profile 65 (C60)               
478   Cisco TelePresence 1000                           
623   Cisco 7861                                        
580   Cisco E20                                         
685   Cisco 8861                                        
481   Cisco TelePresence 500-37                         
622   Cisco 7841                                        
634   Cisco VXC 6215                                    
575   Cisco Dual Mode for Android                       
87    Cisco IOS Guaranteed Audio Video Conference Bridge
648   Cisco Unified Communications for RTX              
635   CTI Remote Device                                 
480   Cisco TelePresence 3200                           
582   Generic Single Screen Room System                 
36210 Cisco TelePresence IX5000                         
659   Cisco 8831                                        
505   Cisco TelePresence 1300-65                        
626   Cisco TelePresence SX20                           
548   Cisco 6911                                        
537   Cisco 9951                                        
627   Cisco TelePresence MX300                          
232   CKEM 36-Button Line Expansion Module              
684   Cisco 8851                                        
36232 Cisco 8851NR                                      
36227 Cisco TelePresence MX800 Dual                     
621   Cisco 7821                                        
583   Generic Multiple Screen Room System               
628   IMS-integrated Mobile (Basic)                     
607   Cisco TelePresence Codec C60                      
596   Cisco TelePresence TX1310-65                      
88    Cisco IOS Homogeneous Video Conference Bridge     
479   Cisco TelePresence 3000                           
495   Cisco 6921                                        
619   Cisco TelePresence TX9000                         
591   Cisco TelePresence 1300-47                        
632   Cisco Cius SP                                     
593   Cisco Cius                                        
36224 Cisco 8845                                        
36225 Cisco 8865

My version of CUCM is 10.5, you may get a difference.

def main(argv):
    CLIENT1 = createClient()
    CLIENT2 = createClient()
    CLIENT3 = createClient()
    CLIENT4 = createClient()
    CLIENT5 = createClient()
    CLIENT6 = createClient()
    CLIENT7 = createClient()
    tpIPsx10(CLIENT1)    
    tpIPmx300(CLIENT2)
    tpIPmx800branch(CLIENT3)
    tpIPmx800(CLIENT4)
    tpIPmx700branch(CLIENT5)
    tpIPmx800dual(CLIENT6)
    tpIPsx80(CLIENT7)
    print(len(ris_data), " Found:")
    pd.set_option('display.max_rows', 500)
    pd.set_option('display.max_columns', 500)
    pd.set_option('display.width', 1000)
    df = pd.DataFrame(ris_data)
    df.index = np.arange(1, len(df) + 1)
    df.columns = ['Room Name', 'Device Name', 'Number-Status', 'Codec Login']
    print (df)

main() function here is to run all of searching methods and panda shows them all in a nice format.

if __name__=='__main__':
        main(sys.argv[1:])

Run my code. if you have any question feel free to leave your comments below.

Cisco AP operational status shows down

Cisco AP operational status shows down in: Cisco Aironet Access Point

Uncheck “Power Injector State” and click apply then reboot AP (Under Wireless > Access Points > All AP’s > Advanced)

Reboot AP by clicking on “reset AP Now” (Under Wireless > Access Points > All AP’s > General)

Then once AP is back up after reboot. Select Power Injector State box and select “Installed” in drop down box and click apply. Which set it to Foreign and but in the MAC address automatically. (Under Wireless > Access Points > All AP’s > Advanced)

Wednesday 26 October 2016

Cisco Conductor Works with WebEx CMR (Unscheduled)

This is to discuss how WebEx CMR can be integrated into Cisco Conductor / Telepresence Server environment. To do so, make sure that you have already a pair of expressway E/C to WebEx CMR.

In case you have enough knowledge in different types of Screen license required per call, Here is the TP datasheet:

http://www.cisco.com/c/en/us/products/collateral/conferencing/telepresence-server/datasheet-c78-736947.html

Make a dedicated Conference alias for WebEx CMR

Conference Template

No to allow multiscreen & 720 3fps will consume ½ license per call

Auto-dialed participants

Fill in your CMR enabled WebEx account name in ABC@DEF.webex.com format

Enable CMR feature

Go to WebEx administration page > editor user >check Collaboration Meeting Room for the user.

Because unscheduled meting template doesn’t give TP the ability to dial PIN number. We have to host meeting from a laptop first.

Use a telepresence unit to call in alias number. This will have TPS start a bridge and call and join WebEx CMR as a participant. Then go to Conductor and check utilization of TPS resource is reaching 10%(2 calls, TP + WebEx)

Monday 10 October 2016

Installation UCS E140S M2

Installation

After physically installing it, must reboot the router.

2921A#show diag | include FRU

Product (FRU) Number : CISCO2921/K9

Product (FRU) Number : PWR-2921-51-AC

Product (FRU) Number : UCS-E140S-M2/K9

Config CIMC port

In this step, we make use of 1/0 as the internal interface, which gives us the advantage of working on installing UCS-E server in a hurry because we can access CIMC right away once we slide it in the router.

interface ucse1/0

ip unnumbered Port-channel1

imc ip address 10.11.0.177 255.0.0.0 default-gateway 10.11.0.101

imc access-port shared-lom console

ip route 10.11.0.177 255.255.255.255 ucse1/0

Config CIMC

Web GUI login with default admin / password, change it after login.

Managing RAID

Enable RAID 1 to be a boot drive

Add image:

$Machine generated alternative text: cisco Integrated Cisco INC Hostname: istged n as: Summary Inventory Sensors Remote Presence BIOS Power Policies Faults and Logs Host Image Mapping Troubleshooting Add Image Delete Selected Image Lir Download Dialog Download image from: rrp Server liii Enter the FTP Server and file information, then click ‘Download to begin the download. After the image has been downloaded please refresh the Host Image Mapping Page. FTP server ip address 10.41.31.139 FTP file path I\vMwa-vMv50r-In5ta1-6.0.0pdate02 Username: Icisco Password: Cancel Download$

Changing Boot order

Install ESXi 6 from KVM

GE2 is an external physical interface which only can be seen by the hypervisor. Using this external interface dodge potential IOS malfunctioning, such as high CPU.

EXSi Configure Management Network to GE2

Choosing GE2

In case you want to know where to get EXSi Free license:

www.vmware.com/go/get-free-esxi

Monday 22 August 2016

Jabber Persistent Chat and Managed File Transfer

Persistent Chat

Instant messaging is an important communication option that lets you efficiently interact in today's multitasking business environment. Cisco Unified Presence provides personal chat, group chat, and persistent chat capabilities so you can quickly connect with individuals and groups and conduct ongoing conversations.

Personal and Group chat have been available for some time without any special configuration however these interactions are temporary (are deleted when all participants leave the chat.).

The Persistent Chat feature provides a richer set of capabilities allowing users to create permanent chat rooms and manage privacy and group membership settings. Persistent Chat offers users ongoing access to a discussion thread or other topic. It is available even if no one is currently in the chat and remains available until explicitly removed from the system.

Additional administrative configuration options were recently added to the Collaboration Systems portfolio including the ability to limit the creation of rooms to designated Group Chat Administrators.

Managed File Transfer

Managed file transfer (MFT) allows an IM and Presence Service client, such as Cisco Jabber, to transfer files to other users, ad hoc group chat rooms, and persistent chat rooms. The files are stored in a repository on an external file server using SSHFS to secure file transfer operations and the transaction is logged to an external database.

Unlike Peer-to-Peer file transfers, Managed File Transfer may be used in conjunction with Group and Persistent Chat to share files in a multi-user environment.

Installation of PostgreSQL Server 9.4.1

Edit the YUM Repository

For procedural documentation visit: https://wiki.postgresql.org/wiki/YUM_Installation

1. Log into the target CentOS 7 host with Root Privileges or as a user with sudo privileges.

2. To edit the YUM repository configuration file on CentOS type.

nano /etc/yum.repos.d/CentOS-Base.repo

3. Locate the [base] and [updates] section of the file and append the line exclude=postrgres*.

4. Save the file and exit the nano editor.

Download Installation Packages and Dependencies with YUM

1. Download the PostgreSQL server and package dependencies by typing:

yum localinstall http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/pgdg-centos94-9.4-1.noarch.rpm

2. Observe the following output:

3. Check for a list of resolved packages and dependencies by entering the following command:

Note that postgresql94-serverx86_64 is returned as part of the command. We are ready to install the postgresql server software.

Install PostgreSQL Server 9.4.1 and Dependencies

1. Initiate the installation by issuing the following command:

yum install postgresql94-server

2. If PostrgreSQL 9.4.1 installation is successful, output should appear as follows (some output omitted).

Installed:

postgresql94-server.x86_64 0:9.4.4-1PGDG.rhel7

Dependency Installed:

postgresql94.x86_64 0:9.4.4-1PGDG.rhel7 postgresql94-libs.x86_64 0:9.4.4-1PGDG.rhel7

Complete!

Initialize PostgreSQL and Start Services

Next, we must initialize the Postgres SQL Server Software

1. Type the following command to initialize the PostgreSQL database with default parameters.

/usr/pgsql-9.4/bin/postgresql94-setup initdb

2. Confirm that the command returns the following result: Initializing database ... OK.

Enable Automatic Service Statrup

1. To enable automatic service startup with OS Boot, type the following command:

chkconfig postgresql-9.4 on

Start PostgreSQL Services

Services must be started for the first time to begin interacting with the software.

1. Type the following command to start the PostgreSQL server:

service postgresql-9.4 start

2. Output will appear as follows to indicate successful entry.

Redirecting to /bin/systemctl start postgresql-9.4.service

3. Check to ensure that the PostgreSQL process is actively running:

ps -ef | grep pgsql

4. At least one server process should be running as below:

postgres 8654 1 0 15:57 ? 00:00:00 /usr/pgsql-9.4/bin/postgres -D /var/lib/pgsql/9.4/data

5. Notice that the process is running as OS user postgres, which is automatically created during the package installation.

Configure Authentication and Access

Set the Password for Database User postgres

On Windows and OS X, the default password is postgres. However, on Linux systems, there is no default password set. This is required to gain superuser access to create and modify databases and users.

1. Switch User to postgres.

su postgres

2. Use the psql client utility to connect to the PostgreSQL instance which is accessible locally, as user postgres with no password.

psql postgres

3. Use the \password <username> command to the set the postgres user password.

postgres=# \password postgres

Enter new password: <yourpasswordhere>

Enter it again: <yourpasswordhere>

4. Quit the psql client utility by typing \q.

postgres=# \q

5. Exit the postgres user shell to return to Root.

Allow Local and Remote Connections via PW authentication by editing the pg_hba.conf

Use the following command to edit the authentication parameter file to enable password based authentication for local and remote connections.

1. Use the nano editor to make the following modifications to the pg_hba.conf file.

nano /var/lib/pgsql/9.4/data/pg_hba.conf

2. Items in bold red typeface where added/modified.

# TYPE DATABASE USER ADDRESS METHOD

# "local" is for Unix domain socket connections only

local all all md5

# IPv4 local connections:

host all all 127.0.0.1/32 md5

host all all 192.18.133.0/24 md5

# IPv6 local connections:

host all all ::1/128 md5

3. Pres Ctrl+Shift+X to exit and save when prompted.

Edit PostgreSQL Configuration File postgresql.conf

Modify the configuration to allow connections from remote hosts, confirm the TCP listening port, set global parameters required for integration with Cisco Unified IM and Presence.

1. Use the nano editor to make the following modifications to the postgresql.conf file.

nano /var/lib/pgsql/9.4/data/postgresql.conf

2. Edit the listen_addresses parameter by uncommenting and setting the value to ‘*’ to enable listening on all configured IP interfaces.

listen_addresses = '*'

3. Confirm that the TCP port is set to 5432.

port = 5432

4. Set the escap_string_warning and standard_confirming_strings values to off. This is a requirement for using PostgreSQL to provide external database services for Cisco Unified IM and Presence.

escape_string_warning = off

standard_conforming_strings = off

5. Restart PostgreSQL for configuration changes to take effect.

service postgresql-9.4 restart

Add a Firewall Rule in CentOS

The built-in firewall process in CentOS Linux iptables must be updated to permit incoming IP connections on TCP port 5432 in order for database connectivity between Cisco Unified IM and Presence and the PostgreSQL server.

1. Type the following command to make a permanent iptables permit for TCP/5432.

firewall-cmd --permanent --add-port=5432/tcp

2. Reload the iptables process to make the configuration changes effective.

firewall-cmd –reload

or you can disable Firewall

Pre-Flight Check

These instructions are intended specifically for stopping and disabling firewalld CentOS 7.
I’ll be working from a Liquid Web Self Managed CentOS 7 server, and I’ll be logged in as root.

Disable Firewalld

To disable firewalld, run the following command as root:

systemctl disable firewalld

Stop Firewalld

To stop firewalld, run the following command as root:

systemctl stop firewalld

PostgreSQL Database Setup

Launch the PSQL Client

1. Launch the psql utility by typing: psql –U postgres

2. At the Password prompt type: postgres

Create Database Users

3. Create the Persistent Group Chat database user with permissions by typing:

CREATE ROLE tcuser LOGIN CREATEDB SUPERUSER;

4. Press Enter.

5. Create the Managed File Transfer database user with permissions by typing:

CREATE ROLE mftuser LOGIN CREATEDB SUPERUSER;

6. Press Enter.

Create Databases

7. Create the Persistent Group Chat database tcmadb by typing:

CREATE DATABASE tcmadb WITH OWNER tcuser ENCODING 'UTF8';

8. Press Enter.

9. Create the Managed File Transfer database mftadb by typing:

CREATE DATABASE mftadb WITH OWNER mftuser ENCODING 'UTF8';

10. Press Enter.

11. Confirm database creation by typing :

\list

12. Press Enter.

13. Confirm that both the tcmadb and mftadb databases are listed in the command output.

Set DB User Passwords

14. Set the password for tcuser by typing:

ALTER ROLE tcuser WITH PASSWORD 'tcuser';

15. Press Enter.

16. Set the password for mftuser by typing:

ALTER ROLE mftuser WITH PASSWORD 'mftuser';

17. Press Enter.

Set Persistent Chat Database Parameters

18. Type the following to connect to the tcmadb (Persistent Chat Database) as the postgres user.

\connect tcmadb

19. Press Enter. Observe the status message: You are now connected to database "tcmadb" as user "postgres".

20. Type the following to create a required function:

CREATE FUNCTION plpgsql_call_handler () RETURNS LANGUAGE_HANDLER AS '$libdir/plpgsql' LANGUAGE C;

21. Press Enter. Confirm that command output matches the graphic below.

Set Managed File Transfer Database Parameters

22. Type the following to connect to the mftadb (Managed File Transfer Database) as the postgres user.

\connect mftadb

23. Press Enter. Observe the status message: You are now connected to database "mftadb" as user "postgres".

24. Enter the password postgres to authenticate.

25. Type the following to create a required function:

CREATE FUNCTION plpgsql_call_handler () RETURNS LANGUAGE_HANDLER AS '$libdir/plpgsql' LANGUAGE C;

26. Press Enter. Confirm that command output matches the graphic below.

27. Command Success Output

28. Type the following command to quit the psql session:

29. Press Enter.

Set Up External Database Entries on the IM and Presence Service

Set Up an External File Server for MFT

Type the following command to search the /etc/ssh/sshd_config file for the values described above.

cat /etc/ssh/sshd_config | grep Authentication

Press Enter.

Multiple lines are returned however, the output depicted in the graphic indicates that the default value of these two parameters is set to yes.

Add and Configure a User for Managed File Transfer

Type the following command to create a user name mftuser:

useradd -m mftuser

Press Enter.

Switch to the mftuser by typing:

su mftuser

Press Enter.

Create a .ssh directory under the mftuser home directory that is used as a key store by typing:

mkdir ~mftuser/.ssh/

Press Enter.

Create an authorized_keys file under the .ssh directory that is used to hold the public key text for each IM and Presence Service node. Type the following:

touch ~mftuser/.ssh/authorized_keys

Press Enter.

Set the correct permissions for passwordless SSH to function by typing the following commands. Press Enter after each command.

chmod 700 ~mftuser

chmod 700 ~mftuser/.ssh/

chmod 700 ~mftuser/.ssh/authorized_keys

Type exit to return to the root shell.

Create a Directory Structure for MFT

Next, we will create a file directory structure where files transferred using the MFT feature will be stored. We will ensure that the user created in the previous step has ownership and the permissions needed to read, write, and delete files.

To create a top-level directory named mftFileStore to hold sub directories for all of the IM and Presence Service nodes that have managed file transfer enabled. Type the following:

mkdir -p /opt/mftFileStore/

Press Enter.

Give ownership of the newly created /opt/mftFileStore directory to user mftuser.

chown mftuser:mftuser /opt/mftFileStore/

Press Enter.

Specify directory permissions that permit Read, Write, and Execute by the mftuser account only by typing:

chmod 700 /opt/mftFileStore/

Press Enter.

Create a subdirectory under /opt/mftFileStore/ for each managed file transfer enabled node. In our case, this is 142.100.64.15. Type the following commands one per line and press Enter after each:

su mftuser

mkdir /opt/mftFileStore/imp1

To verify the previous exercise enter the following commands and compare the output with the graphic provided. Commands are entered one per line and the Enter key should be pressed after each.

ls -al ~/.ssh/

ls -al /opt/mftFileStore/

Confirm that the output displayed in PuTTY matches the highlighted lines in the graphic. This validates that all required files and directories have been created and assigned permissions correctly.

Obtain the Server Public Key

In order to implement key-based SSH authentication for the mftuser for file transfers between centos.dcloud.cisco.com and imp1.dcloud.cisco.com, both servers will need to be aware of the Public Key provided by the other. In this step, we will obtain the Public Key of the MFT server, which will be provided to imp1.dcloud.cisco.com during the configuration process.

1. Obtain the public key of the centos.dcloud.cisco.com file server by typing:

ssh-keyscan -t rsa centos.dcloud.cisco.com

2. Press Enter.

3. Copy the result of the ssh-keyscan command. Highlight the desired text and left-click the mouse to copy the selection to the buffer. Be certain to copy the entire key value, from the server hostname, FQDN, or IP address to the end. Consult the graphic below for reference.

Configure Persistent Group Chat

Check Persistent Chat Database Connectivity

Assign Group Chat Administrator Privileges

Upload Jabber-Config.xml

</Policies>

<Persistent_Chat_Enabled>True</Persistent_Chat_Enabled>

</Client>

<BusinessPhone>ipphone</BusinessPhone>

</Directory>

</config>

Restart IM and Presence Services

Cisco XCP Text Conference Manager.

Cisco XCP Router

Configure Managed File Transfer

While Peer-to-Peer file transfer between Jabber clients has been available for some time, Managed File Transfer is new feature introduced beginning with the Jabber 10.6 client with Collaboration System release 10.5(2).

Managed File Transfer provides the following key capabilities:

• Support for File Transfer operations in Group Chat/Persistent Chat Rooms

• Compliance and Policy Control for File Transfers

• Administrative control of maximum file transfer size

Enable Managed File Transfer in Unified IM and Presence

[mftuser@localhost 20]$ ssh-keyscan -t rsa 142.100.64.28

# 142.100.64.28 SSH-2.0-OpenSSH_6.6.1

142.100.64.28 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKHU4Mgmt/YoueRH2NL39WV+CoOTRnUSV75pqS/CkbkCFVpdKNLluphMA/z5kle8eHBk4dmBY8ZYiAeQgyELdhBHn33luUHkbaN9UMBFFz9MPjIoFpCv4DdKF58fQXs3hHygIqGmlSPDeEN8NVGrMshmrmgXcfrFC/rryXt+IEkeXT+vhGn0OEaqpW4XSPIh2OAmLEiG67uZBdDG7PizVYm1bKrCpoTkAl7ujxc1mWJjC/zXKhkp/1RxJnM2TfBbaFZkRqbBLxXqQYupL9FQYwVoOlyi2sO7VJI2KpE31SDKReUMkNXVsaX8N+PwdimhTWC29eYcXWY3Te/o1bHdM7

Click Close to exit the View Node Public Key dialog.

Switch focus to the PuTTY session currently connected to centos.dcloud.cisco.com. (left open from earlier in this module)

Ensure that you are logged on as user mftuser. To check type the following command followed by the Enter key.

whoami

If the result is anything other than mftuser, type su mftuser, followed by the Enter key, otherwise move on to the next step.

Use the nano editor to add the Public Key of the imp1.dcloud.cisco.com IM and Presence node to the authorized_keys file created earlier by typing:

nano /home/mftuser/.ssh/authorized_keys

Right click the mouse anywhere inside the PuTTY console to paste the contents of the copy buffer into the editor. The output should be similar to the graphic below.

cat /home/mftuser/.ssh/authorized_keys

[mftuser@localhost 20]$ cat /home/mftuser/.ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA4pC+ic6tIrFPeoSiOlcxkHcSlkTdzEJQdSogw6RdzIljvmuXq+mqvJvfeZhgGEQk8TpocHMVXWocP5CO0xZfx9xyxAmQ7yCbgeW604+FNaA+1n8EdCCnPa4KsRKgTQh+OoEKH4wpRUrwRVlxG83xdv7w7j0ibrPOs5CAzYQs3hmOjr6d4HO/+vXV256zSScNZAOAQSgrqQ54koWD/V3s76arkhn4gAnuUv5ot2VgwtFkFSPqsXeo4Ocrn+6JElc2hwip3yZYCYqcktxehWQd7dXrYYMCyIpzTJY6JTfSgzumHTuguo1yoeC4ePTZ4+Qrk4MUjiPGN6S/wsc45Whqfw== imp@cups.ad.crs

Activate the XCP File Transfer Manager Service