Sunday, 26 November 2017

Cisco DX80 Registers to CUCM Via Expressway non-secure

Cisco DX80 Registers to CUCM Via Expressway non-secure
  • Register normally with standard SIP Non-Secure Device Secure Profile
  • MRA Zone is up and running

Upload CA to endpoint

Reboot system
Start provisioning


Provision status




Posted by at No comments:
Labels: ,

Friday, 27 October 2017

Jabber SIP B2B URI calls

Jabber SIP B2B URI calls
This diagram shows how Expressways convey calls between inbound and outbound. In Cisco document, please check here:
https://www.cisco.com/c/dam/en/us/support/docs/unified-communications/expressway/200928-Jabber-SIP-URI-calls-over-MRA-00.jpeg
The example I use is to let Expressways transmit outgoing calls to WebEx CMR and specific business partners.

SIP Trunk Security Profile on CUCM

In case of using MRA, please make a different incoming port 5065 instead of default 5060.

SIP Trunk Configuration on CUCM

My case has two expressway C’s in a cluster. I put in two IPs of them with 5060 destination port.

SIP Route Patterns to Expressway C

9-digit simplified WebEx CMR dial-pattern

Unified CM Neighbor Zone (B2B) on Expressway C

Why port 5060? see here Registration issue 

Due to 5060/5061 is used for your MRA, change the SIP port on the SIP Trunk Security Profile that is applied to the existing SIP trunk configured in CUCM and the Expressway-C neighbor zone for CUCM to a different port such as 5065.
A diagnostic log from Expressway-C shows a SIP/2.0 405 Method Not Allowed message in response to the Registration request sent by the Jabber client. This is likely due to an existing Session Initiation Protocol (SIP) trunk between Expressway-C and CUCM using port 5060/5061.

TraversalClient (B2B) Traversal client zone on Expressway C

URI Outbound Search rules on Expressway C

9-digit WebEx Outbound Search rules on Expressway C

Inbound domain call Search rules on Expressway C

DNS Zone on Expressway E

TraversalServer (B2B) Zone on Expressway E

B2B outbound call search rule on Expressway E

I configured only one rule to simply my configuration. It only accepts calls from Server zone on VCS-Core server.

B2B inbound call search rule on Expressway E



Posted by at No comments:
Labels: ,

Saturday, 23 September 2017

SQL 2014 Express based Jabber IM Compliance Option

SQL 2014 Express based Jabber IM Compliance
Option
Legal compliance of internal and external communications are vital in regulated industries like the finance sector. When management and the compliance team asks for a Jabber IM compliance solution, the rarely mean ’we need to store chats somewhere’.
They require a complete solution that supports the legal compliance team and ensures that the Compliance Officer in the company can reasonably demonstrate to any regulator. That safeguards, audits, privacy controls and effective search and analysis capabilities are in place, and therefore regulatory requests can be answered timely.
When you need Jabber IM compliance, you have essentially two options to achieve that. Both are Cisco supported standard design:
Database based – sending IM transactions into a database.
Compliance Server based – using a third-party Compliance Server that connects to the Cisco IM and Presence Server.
Database
Using the database solution is useful and when it is done, you are one step closer to IM compliance: you can point to a database that stores all your IM messages. However, that is how far you got. There a couple of more bases to cover inmost organizations. Some highlights of the database solution:
  • Requires an external database( cisco provides help for setting up PostgreSQL on a Linux server in Database Setup Guide for Cisco Unified Presence)
  • You configure one or more external database per Cisco cluster(see Configuring an External Database on Cisco Unified Presence chapter in the above database setup guide)
When you connect Presence Server to database it will create the correct database schema automatically. Accessing the database requires direct access to database. There are web-based solution to access database, however those are providing low level access and is not really suitable for your compliance team.

Install SQL 2014 Express

Restart

Create databases

External database in Presence server

Compliance settings

Group Chat and Persistent Chat Settings

Activate Cisco XCP Message Archiver

Cisco XCP Message Archiver – Started



Add snippet to jabber-config.xml

  <Persistent_Chat_Enabled>true</Persistent_Chat_Enabled>
  <pChatShare>true</pChatShare>
  <pChatMeeting>true</pChatMeeting>

Posted by at 1 comment:
Labels:

Monday, 18 September 2017

Cisco Meeting Server – Integrating Core and Edge CMA and WebRTC

Cisco Meeting Server – Integrating Core and Edge CMA and WebRTC

How’s call flow going to work in a diagram

In this Lab, services work in Core server:
  • XMPP
  • Call Bridge
  • Webadmin
In the Edge, there is no license required:
  • Loadbalancer
  • TURN
  • Web Bridge
  • SIP Edge

Certificates

CMS-Edge
CMS-Core

Enable Loadbalancer on CMS-Edge

edge1.voicelab.ca> loadbalancer create Edge1toLB
edge1.voicelab.ca> loadbalancer auth Edge1toLB voicelab.key voicelab.cer voicelab.cer
edge1.voicelab.ca> loadbalancer trunk Edge1toLB a:4999
edge1.voicelab.ca> loadbalancer public Edge1toLB a:5222 lo:5222
edge1.voicelab.ca> loadbalancer enable Edge1toLB
edge1.voicelab.ca>  loadbalancer list
*** Edge1toLB
Trunk interface         : a:4999
Public interface        : a:5222
Public interface        : lo:5222
Enabled                 : true
TLS private key         : voicelab.key
TLS public cert         : voicelab.cer
TLS trusted certs       : voicelab.cer

Enable TURN on CMS-Edge

edge1.voicelab.ca> turn credentials turnuser PASSWORD voicelab.ca
edge1.voicelab.ca> turn list a
edge1.voicelab.ca> turn public-ip PUBLIC_IP
edge1.voicelab.ca> turn enable
edge1.voicelab.ca> turn
Enabled       : true
Username      : turnuser
Password      : YOUR_TURN_PASSWORD
Realm         : voicelab.ca
Public IP     : PUBLIC_IP
Relay address : 10.38.0.41
Listen interface a
If the credential is incorrect, the debug message will show on the Core Server
call 1353: ICE failure 4 (unauthorized - check credentials)

Enable Webbridge on CMS-Edge

edge1.voicelab.ca> webbridge certs voicelab.key voicelab.cer voicelab_root.cer
edge1.voicelab.ca> webbridge trust voicelab.cer
edge1.voicelab.ca> webbridge listen a
edge1.voicelab.ca> webbridge http-redirect enable
edge1.voicelab.ca> webbridge
Enabled                 : true
Interface whitelist     : a:443
Key file                : voicelab.key
Certificate file        : voicelab.cer
CA Bundle file          : voicelab_root.cer
Trust bundle            : voicelab.cer
HTTP redirect           : Enabled
Clickonce URL           : none
MSI download URL        : none
DMG download URL        : none
iOS download URL        : none

Enable SIPEdge on CMS-Edge

edge1.voicelab.ca> sipedge public a:5061
edge1.voicelab.ca> sipedge public-ip EDGE_PUBLIC_IP
edge1.voicelab.ca> sipedge private a:3061
edge1.voicelab.ca> sipedge certs voicelab.key voicelab.cer
edge1.voicelab.ca> sipedge
Enabled                 : true
Public interface        : a:5061 (NAT address XXX.XXX.XXX)
Private interfaces      : a:3061
Certificate             : voicelab.cer
Key                     : voicelab.key
Trusted certificates    : voicelab_root.cer

Enable Trunk on CMS-Core

callbridge1.voicelab.ca> trunk create trunktoEdge1 xmpp
callbridge1.voicelab.ca> trunk auth trunktoEdge1 voicelab.key voicelab.cer voicelab.cer
callbridge1.voicelab.ca> trunk edge trunktoEdge1 edge1.voicelab.ca 4999
callbridge1.voicelab.ca> trunk enable trunktoEdge1
callbridge1.voicelab.ca> trunk list
*** trunktoEdge1
Enabled                 : true
Edge name               : edge1.voicelab.ca
Edge port               : 4999
Local port              : 5222
TLS private key         : voicelab.key
TLS public cert         : voicelab.cer
TLS trusted certs       : voicelab.cer
callbridge1.voicelab.ca> trunk debug trunktoEdge1
Trying to connect to trunk local service, port 5222
Success
Resolved name edge1.voicelab.ca to the following:
10.38.0.41:4999
Trying to connect to 10.38.0.41:4999
Connection created [10.38.0.41:4999 -> 10.41.40.116:60116]
Diagnostics request written to edge
Reading diagnostics
{
   "0": {
       "core": {
           "connection": "[::ffff:10.41.40.116:60112 -> ::ffff:10.38.0.41:4999]"
       }
   },
   "process": {
       "memory": {
           "size": "11875",
           "resident": "1817",
           "share": "1581",
           "text": "196",
           "lib": "0",
           "data": "345",
           "dt": "0"
       }
   }
}

Enable XMPP on CMS-Core

callbridge1.voicelab.ca> xmpp
Enabled                 : true
Clustered               : false
Domain                  : voicelab.ca
Listening interfaces    : a
Key file                : voicelab.key
Certificate file        : voicelab.cer
CA Bundle file          : voicelab_root.cer
Max sessions per user   : unlimited
STATUS                  : XMPP server running

Public DNS

Loadbalancer A record:
XMPP to loadbalancer
Webbridge


Posted by at 7 comments:
Labels:
Subscribe to: Comments (Atom)