Teccol 2444 Aa PDF

Collaboration Anywhere on
Any Device
TECCOL-2444
Vanessa Sulikowski – Distinguished Systems Engineer
Darren Henwood – Technical Solutions Architect
Shane Long – Technical Marketing Engineer
Tobias Neumann – Technical Solutions Architect
Agenda
• Introduction – Cisco Collaboration & Cisco
Jabber
• Instant Messaging & Presence - on
premise
• Instant Messaging & Presence – cloud
• Unified Communications (Audio/Video)
• Additional Advanced Features and
Functionalities
• Summary
Introduction
Cisco Collaboration and
Cisco Jabber
Cisco Jabber – The Power to Collaborate
Rich, Real-time Collaboration with Cisco Jabber® Platform
All-in-one UC application Collaborate from any workspace

 Presence and IM  PC, Mac, tablet, and smartphone
 Voice, video, and voice messaging  On-premises and cloud
 Desktop sharing and conferencing  Integration with 3rd party productivity tools
Cisco Jabber
Consistent User Experience Across Broad Rang of Platforms and Devices
Desktop Tablet Smartphone Web

Collaboration Architecture
Head Office / Data Centre
Additional Smart
Prime Apps Connected Apps
UC App S+C
Applications Federation
Expressway-E
IM and
Presence Unified CM
DMZ
Internet
Expressway-C
Call Control Mobile Workers
TS Conductor
MPLS WAN
IGW
Conferencing Edge
Remote Sites
Endpoints
PSTN
SIP
Instant Messaging and
Presence
On Premise
Instant Messaging and Presence – On Premise
What we’ll cover in this section…
• Overview of basic configuration Cisco Unified Communications Manager IM&P
– Cluster design and new functionality in UCM IM&P
• Basic Service Discovery
• Flexible JabberID (JID) – advanced configuration
• Contacts, Directories and Search
• Persistent Chat
• Managed File Transfer
• Federation
Cisco Unified Communications Manager Cluster
Cisco UC Manager Cluster 9.x >
A/V Call Control Nodes Single configuration

interface for all
collaboration services
IM&P Control Nodes
Significant operations improvements with version 9.0 and higher – single place of administration and
configuration
New template based creation of user configuration cross all collaboration services
Call Control and Presence platform close in sync
New model enables auto discovery of services for single and multi cluster environments
Prime Collaboration License Manager allows streamlined administration and license management
…especially in multi cluster environments
Cisco Unified Communications Manager Cluster 10.5
System Administration manages all

server instances
Drill down information available from

UCM System administration screen
independent of node type
Serviceability functions for all nodes

available across all nodes
Scaling Solution to Customer Requirements
Max number of IM users Single Cluster
UC Manager Cluster
Single node 25.000 IM only users
15.000 Collaboration users
Dual node High availability
Sub Cluster 50.000 IM only users
30.000 Collaboration users All Components Virtualised
Sub Cluster 75.000 IM only users
45.000 Collaboration users
Multi Cluster deployment for scale…

Centralised License Management
Solution can be deployed using Cisco Unified Computing System

Tested Reference Configuration (TRC)
Prime License Manager
Jabber Solution
Specs. Based support for other virtualised compute platforms
http://docwiki.cisco.com/wiki/Unified_Communications_in_a_Virtualized_Environment
Basic Service Discovery
US Cluster EMEA Cluster APJ Cluster
Where is my IM&P
Service?
Enterprise Network
Internet
DNS SRV Records deployed for Auto Discovery - Internal & External
Additional options and more details covered later in the presentation
• Manual client configuration
• Customized installer
Instant Messaging and Presence - On Premise
Basic Service Discovery – Configuring Required DNS SRV Records
• SRV records created in DNS
• Split brain DNS for internal and
external SRV resolution
Internal: _cisco_uds._tcp.<domain>
Domains External: _collab-edge._tls.<domain>
(Covered in later chapter in detailed)
• Multiple records for redundancy
• When utilising multiple presence
domains SRV records have to be
configured for each domain
Presence domain independent from DNS
A record domain, points to primary UCM
cluster nodes, not UCM IM&P
DNS A Record
• For backward compatibility pre Cisco
Jabber 9.6
_cuplogin._tcp.<domain>
legacy records must point to A record of
UCM IM&P node!
Basic Service Discovery – verifying DNS SRV Records
• From windows CMD prompt launch nslookup
(interactive mode)
• Change type of query to SRV with “set type=srv”
• Enter SRV to be verified
Example: _cisco-uds._tcp.global.de
• DNS server returns all records configured for this
SRV
Example shows multiple redundant A records for UCM
cluster
• Verify additional SRV records for configured
presence domains
Example shows system configured for presence
domains global.de and global.com
Basic Service Discovery – multiple clusters & redirection
US Cluster EMEA Cluster APJ Cluster
Enterprise Network
Where is my IM&P
Service?
US DNS CUCM01-US CUCM01-EMEA CUCM01-APJ
query SRV _cisco-uds.
cucm01-us.global.de
Sign in with cucm01-us

Alice not local
User – ILS query other clusters
alice@global.de
EMEA User
http redirect to cucm01-emea Alice @home here
Sign in with cucm01-emea
Configuring Users
• User URI becomes multi modal communication
Directory (LDAP or Microsoft Active Directory address: email, instant messaging, presence,
audio and video
Example: alice@global.de
LDAP(S) Sync
Cisco UCM LDAP Directory configuration • Default user URI derived from
sAMAccountname@<presence domain>
• UCM IM&P 10.0+ allows for flexible configuration
DB Sync of user URI
msRTCSIP-primaryuseraddress – important for migration from
OCS or Lync
mail
• Requires Cisco Jabber 10.6 clients
Advanced Presence Configuration – flexible User URI and multi domain
• Configure Directory URI synchronisation in Cisco UCM LDAP sync statement
(shown previous slide)
• Configure Cisco UCM IM&P Advanced Presence Settings
• Set IM Address Scheme to Directory URI
Note! To make changes to these
settings the listed services must be in
stopped state!
• System will automatically learn presence domains
from Directory URIs imported from LDAP
Security considerations
• When accessing the service Cisco Jabber will
verify that the system is authoritative for the
presence domain of the users
Right hand side of user URI – global.de
alice@global.de
• The domain must be present as a Subject
Alternate Name (SAN) in the server certificate
bob@global.ch • For multi domain operations all domains must be
added as SANs to the server certificate
• Cisco UCM 10.0+ certificate handling significantly
improved – only Multi Server SAN per service
required
Basic System configuration – Cisco UCM 9.0+
• User import – LDAP directory sync recommended
• Create IM&P UC Service
• Create Service Profile
• Enable users for IM&P Server
Default System Service Profile
Manually through Cisco UCM End User Configuration Screen
Cisco UCM Templates
• Configure System Policies – Enable/Disable individual features
System wide, Group of Users, Individuals
Server Side Feature Policies
Jabber-Config.XML for advanced configurations
• Configure Cisco UCM Publish trunk for phone presence
Things to consider for HA environments…
Please see appendix for detailed description of each step…

Overview Cisco Jabber Contact Sources
• Clients use the configured contact source(s) to add contacts, resolve contacts
and phone numbers
• What directory does the organisation use? Do they use more than one?
• Which Jabber Contact Source(s) are going to be deployed?
• Topics that need to be clarified about the directory infrastructure:
 Directory Architecture (Microsoft Active Directory?, Domain?, Forest)
 Attribute Usage / Mapping (customer attributes)
 Connection Parameters (LDAP, LDAPS, Directory Controller “DC”/ Global Catalog
“GC”, Ports)
 Data completeness / Data quality (Phone number formats?)
Phone numbers should not include space, dash or bracket etc.
LDAP based contact source (on premise default)
Active Directory default for Windows (EDI). Generic LDAP default for all other
clients (BDI). Can be customised to accommodate different directory
environments (LDAPv3 compliant)
HTTP/REST based contact source (on premise)
Built into Cisco UCM User Data Service (UDS) – provides alternative to LDAP
integration over https. Utilised for Cisco Expressway deployments for users
outside the corporate network (Mobile Remote Access – MRA).
Custom contacts (Jabber for Windows on premise only)

Non directory based contacts stored on IM&P Server
Microsoft Outlook Contact Source (Windows only)

Search local contacts in users personal address book
Webex Contact Source (cloud only)

Default for cloud based deployments
Information flow on start up of Cisco Jabber client
Download
Configuration & Multiple configuration sources
Contact List
During start-up Jabber clients will take
configuration from multiple sources
Service Profile
Jabber retrieves contact information from Jabber builds a local configuration which is
defined contact source(s) populated from different sources
Client will cache information locally Configuration sources have different
priorities with Service profiles being
IM&P SOAP highest
Example: Active Directory Operating configuration can made up from
different configuration sources
Outlook jabber-config.xml via http Configuration is created at parameter level

e.g. LDAP Host from jabber-
config.xml
LDAP user ID from Service Profile
Bootstrap configuration
LDAP password from Service
XXX XXXXX XX XXXX
Profile
XXX XXXXX XX XXXX
XXX XXXXX XX XXXX
XXX XXXXX XX XXXX
Enhanced Directory Integration (EDI) Contact Sources
Cisco Jabber for Windows operating on premise (within the corporate network) will use by
default auto-discovery for directory access (EDI-mode).
The workstation must be a member of the Windows Domain for auto-discovery to work!
Client connects to a Global Catalog server in the current domain (Windows service discovery
selects best available GC – geographic adjacency, distribution of load)
Client uses encrypted authentication to directory based on current logged on Windows
machine user (Domain-User)
Ambiguous name resolution (ANR) us used to search, ANR is more efficient and uses less
server resources than other search methods.
It is crucial that the attributes used for contact search are indexed in the GC
Enhanced Directory Integration (EDI) Contact Sources – Customer Configuration
Administrator can customise many elements of EDI operation for different deployment
environments
The administrator creates a customer XML configuration file for directory access
Configuration information is downloaded via http
Default Filename: jabber-config.xml
Client checks for
Customer configuration
Best practice – only configure non default items http download

<?xml version="1.0" encoding="utf-8"?>
<config version="1.0">
<Directory>
Client connects to
<DirectoryServerType>EDI</DirectoryServerType> directory
<PrimaryServerName>D1.test.lab</PrimaryServerName>
<ServerPort1>1234</ServerPort1>
</Directory> Active Directory
</config>
Alternative Directory Access
EDI can connect to a single AD forest. If connection to multiple forests is required Microsoft
AD Application mode / lightweight directory services is supported
ADAM/LDS is commonly used to build an aggregated directory from multiple AD forests
Cisco Jabber in EDI mode supports ADAM/LDS using proxy authentication
Microsoft AD LDS is a server role that can be
Active Directory Active Directory Active Directory
added to an existing domain controller or can be
deployed on a standalone server
Organisation A Organisation B Organisation C
Use Microsoft Server Manager for deploying this
role
AD LDS
Cisco Jabber
Clients
Example Configurations (EDI)
• Connect to Domain Controller (DC) not Global Catalog (GC)
<config version="1.0“>
<Directory>
<DirectoryServerType>EDI</DirectoryServerType>
<ConnectionType>1</ConnectionType>
</Directory>
</config>
• Manual Server selection See appendix for more examples...

<config version="1.0“>
<Directory>
<DirectoryServerType>EDI</DirectoryServerType>
<PrimaryServerName>primary_server_name.domain.com</PrimaryServerName>
<SecondaryServerName>secondary_server_name.domain.com</SecondaryServerName>
</Directory>
</config>
Instant Messaging andPresence – On Premise
Directories Supported (EDI & BDI)
• LDAP Directory Sources supported with Cisco Jabber solution
 Active Directory Domain Services for Windows Server 2012 R2
 Active Directory Domain Services for Windows Server 2008 R2
 OpenLDAP
 Active Directory Lightweight Directory Service (AD LDS) or Active
Directory Application Mode (ADAM)
• Cisco Jabber clients (cross platform) support the LDAPv3 standard
Any directory server compliant with LDAPv3 should be compatible as a
contact source for the Cisco Jabber solution
When using legacy versions of Cisco Jabber clients please check the release notes for details.
Contact Sources and Directory URI, Multi Domain (EDI & BDI)
Jabber needs to be configured to use SIP URI to resolve contacts when
flexible JID is used (Directory URI)
/* Example for use with msRTCSIP-primaryuseraddress
<config version="1.0”>
<Directory>
<UseSIPURIToResolveContacts>True</UseSIPURIToResolveContacts>
<UriPrefix>sip:</UriPrefix>
</Directory>
<Policies>
<EnableSIPURIDialling>True</EnableSIPURIDialling>
</Policies>
</config>
Configuration for prefix sip: is required when using the msRTCSIP-primaryuseraddress because
the attribute is stored in the directory as sip:<user>@<domain> i.e. sip:alice.adams@global.de
The configuration of the prefix parameter instructs the client to remove the prefix from the
directory attribute received.
Please see appendix for example when using the mail attribute
Cisco User Data Service Contact Record Source
Active Directory
• When using the UDS Contact Record Source
the client performs contact resolution against
LDAP sync communication manager
• Contact information available in Cisco UCM can
be sourced from the following options:
 LDAP Directory Sync (recommended)
 Bulk Administration Tool (BAT)
http based UDS contact  Manual configuration
resolution
• UDS provides cross cluster contact service
supporting up to 160,000 contacts (> 80k limits
UCM to 10 LDAP sync statements
Cisco Jabber Clients
• Contact picture objects not stored in UDS
Cisco Jabber Clients 10.6 have been enhanced to allow
UDS contact resolution when using DirectoryURI and Contact photos available via http(s) source
multi domain (presence) deployments.
• UDS is required as contact source when
deploying Mobile Remote Access (MRA)
See appendix for UDS configuration example
…. more on that later in the MRA section
Custom Contacts (non directory based contacts) … the famous pizza guy!
Users can create individual contacts not sourced

from either a directory or Microsoft Office
The contacts are added to the buddy list available to
initiate communications
Currently only available on Cisco Jabber for
Windows in an on premise deployment
Microsoft Outlook Personal Address Book Contact Source
Besides utilising corporate directory resources to
resolve contacts Cisco Jabber additionally allows for
resolution of contacts from the Users personal
address book in Microsoft Outlook
Example:
 Users creates personal contact in Outlook
 Screenshot shows contact information including
picture is resolved when searching in Cisco
Jabber
 Incoming call notification resolves local Outlook
contacts
Important: for incoming call notification to work
phone numbers in Outlook personal contacts must
be formatted to match caller ID of incoming call
Contact Photo Sources
Cisco Jabber does provide photos to be displayed
with contact information. There are several
methods for retrieval to support many different
customer environments
 Active Directory Binary Objects – on premise default
(no configuration required)
retrieve photo from thumbnailPhoto directory attribute
 PhotoURL Attribute – on premise
http://photo.example.com/staff/msmith.jpg
 URL Substitution / Macro style – on premise
http://photo.example.com/staff/%uid%.jpg
 Cisco WebEx Contact Photo – cloud default
See appendix for Photo Source configuration
example and how to upload pictures into Active Photo can be JPG, PNG or BMP
Directory using Exchange PowerShell – pretty
handy for lab or PoC setup… Recommended size 128x128 (Cisco Jabber will resize)
When using MRA URL based method required
can be combined with internal AD method
Location: Display Current Location
User can assign a Location name, address
& timezone for each network* location
detected by Jabber to show contacts
where they are working
Feature can be disabled by both
administrator and user. User can choose
which locations to publish
Most recent active client will be the
published location
Alert on Available
• Feature allows user to request an alert
when a contact becomes available
• Feature activated using right click menu
and selecting “Alert when available”
• When contact becomes available a
persistent notification is shown on users
screen until acknowledged
• Once notified, alert will be reset
Spellcheck
• Spellcheck support had now been
extended to Windows 7 and
enhanced
• Language can be personalised for
each contact
• User can build a custom dictionary
• Support confirmed for US English,
UK English, German, French and
Spanish. Other languages to be
added for FCS (under test)
• Additional language dictionaries
can be installed by administrator
Enterprise Groups
AD integrated Groups (On Premise)
• On Premise Enterprise groups allows users to search for and add a group of users to their
contact list based on AD distribution groups
• Groups are dynamically updated based
on group membership changes
• Supported across portfolio (Windows,
Mac, iOS, Android)
• Requires CUCM 11.0, IM&P 11.0 and
Jabber 11.0 clients
Predictive search
when using LDAP
Note: Admin defined/static enterprise groups still supported
in cloud deployment (not linked to AD)
• Cisco UCM LDAP Configuration
• Check User Group Sync

Presence
Federation
Instant Messaging and Presence
Capabilities
Cisco UCM IM&P Expwy-C Expwy-E (XMPP)
Jabber Cisco Collaboration on premise
ASA TLS Proxy (SIP)
(SIP/XMPP)
Internet
XMPP SIP/XMPP SIP/XMPP
Cisco
Cisco Collaboration Cloud
Jabber
Cisco Webex Messenger IM&P
Cloud Service (XMPP)
Internet
XMPP
Business to Business (Interdomain Federation) – SIP-SIMPLE
Lync Client Lync Front End Lync Edge Domain company.com
Recommended deployment
SIP SIP SIP
alice@company.com
Internet
Cisco Jabber UCM IM&P ASA TLS
Proxy (SIP)
XMPP SIP SIP
bob@biloxi.com Domain biloxi.com

Business to Business (Interdomain Federation) – XMPP
Not recommended for Cisco
XMPP Gateway on-premise deployment
Standard XMPP federation
SIP XMPP XMPP
alice@company.com
Internet
Cisco Jabber UCM IM&P Expwy-C Expwy-E
XMPP XMPP XMPP
bob@biloxi.com Domain biloxi.com

Business to Business (Interdomain Federation) – XMPP Cloud
Only supported via XMPP
XMPP Gateway
Please see caveats in
appendix…
SIP XMPP XMPP
alice@company.com
Internet
Cisco Jabber
Cisco Webex
Messenger Cloud
Service
XMPP
Domain biloxi.com
Within a Business (Partitioned Intradomain Federation)
Lync Client Lync Front End UCM IM&P Cisco Jabber Domain company.com
Single domain for both systems
SIP SIP XMPP
alice@company.com bob@company.com
• Partitioned Intra Domain Federation allows for migration or long term coexistence
• Only available for Cisco UCM IM&P on premise deployments
• Uses standard SIP routing mechanism
• Topology can be extended to include audio and video interoperability
(BRKCOL-2016 Microsoft Interoperability – covers fully integrated solution for IM&P, audio and video)
Definition of Partitioned Intradomain Federation
Lync Client Lync Front End UCM IM&P Cisco Jabber
XMPP Gateway
Partitioned Intradomain
Federation
SIP SIP XMPP User only exists in one
system – either Microsoft
Lync or Cisco UCM

XMPP Gateway Union Federation
User entity exists in both
system – Microsoft Lync
and Cisco UCM
✖
SIP SIP XMPP
alice@company.com
Presence Model
• XMPP and SIP SIMPLE do share the same common split brain problems
Both protocols follow the same basic presence model (RFC 2778)
• Single authoritative presence service for each presentity
• Authoritative presence server is source for authoritative presence state to be
consumed by watcher
• Multiple presence services (presence domains) might be connected through
federations
 Inter-Domain: identification of authoritative presence service based on host
portion of presentity identification
 Intra-Domain: mapping from presentity to presence service
Instant Messaging and Presence - Migration
Within a Business (Partitioned Intradomain Federation)
Domain company.com
Active Directory
SIP SIP XMPP
• Full Contact Search available to each end-user regardless of whether they exist on Cisco or Microsoft
• The end-user is not aware what back end the buddy resides on
• Temporary Presence subscription’s not working in both directions (during search the user’s
presence is “not available”) unless user is added to the buddy list
• Once added to the buddy list, users can exchange presence and instant messaging
• Recommended to utilise “msRTCSIP-primaryuseraddress” attribute as IM contact address
• LDS supporte for complex AD scenario
Migration – Quick Start Guide:
① Prior to any migration, set Max Contacts/Watchers to ⑤ Run once from any Front-End Server
unlimited on UCM IM&P DisableAccount-exe –s/{AD server} –f/{Input file} –I/debug –
This is to ensure all contact lists are successfully migrated r/NORMAL
② Provision Migrating users on UCM IM&P ⑥ Validate that the account update has propagated to
OCS/Lync
③ Use the OCS/Lync tool to backup migrated users’s
contact lists ⑦ Run from one Front-End Server in each pool:
OCS/Lync 2010 use dpimpexp.exe, Lync 2013 use Export- DisableAccount.exe –s/{DB Instance} –I/debug –r/NORMAL
CSUserData
⑧ Import contacts into UCM IM/P using BAT tool
④ Run once from any Front-End Server
⑨ Reset max contacts/watchers limit on UCM IM&P after
ExportContacts.exe –s/{AD Server} –f/{Input file} – I/debug –
r/NORMAL
import
⑩ Migrated users now able to log into into UCM IM&P
Documentation
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/10_5_1/CUP0_BK_I07B7052_00_integration-
guide-interdomain-federation-105.html
Software Download – Migration utility

https://software.cisco.com/download/release.html?mdfid=286269517&flowid=50462&softwareid=282074312&release=10.5(2a)&relind=AVAILABL
E&rellifecycle=&reltype=latest
Partitioned Intradomain Federation – configuration details
Domain company.com
Active Directory
msRTCSIP-prim.u.addr. msRTCSIP-prim.u.addr.
carol@company.de dave@company.de
ldap(s)/https
SIP Routing
SIP Static route *@company.com -> XMPP
<- Static route *@company.com
Static route *@company.de ->
https <- Static route *@company.de bob@company.com
alice@company.com
Address Book
Server
Partitioned Intradomain Federation – message routing UCM (advanced routing)
① Client requests to initiate
Active Directory
communication with
1 alice@company.com
3
② UCM IM&P identifies user as not
4 local from user database
5 ③ With advanced routing UCM

IM&P queries existence of users
from directory – reducing
unnecessary traffic (mistyped
Lync Client Lync Front End UCM IM&P Cisco Jabber URI etc.)
2 ④ Upon positive response from
directory UCM IM&P routes SIP
SIP Routing messages to Lync front-end
SIP XMPP
⑤ Lync Front-End delivery
bob@company.com message to Lync client
alice@company.com
Partitioned Intradomain Federation – external federation
Domain company.com
Active Directory
• Both systems are using the

same DNS SRV records for
SIP SIP XMPP
external federation
• Required protocol based
Lync Edge
Expwy-E
records have to be owned by a
ASA TLS proxy
single system
DNS SRV Records
Who handles DNS SRV Records • User experience impacted
_sipfederationtls._tcp. federation for
_sipfederationtls._tcp.
when split by protocol
_xmppserver._tcp. company.com?
_xmppserver._tcp.
Internet
john@example.com
Presence
Compliance and Logging
Logging and Compliance
Cisco UCM IM&P provides two methods for logging and
compliance:
• Both solutions allow logging of
Logging to a SQL database instant messaging traffic between
users (internal and external)
UC Cluster Postgress SQL Database • Customer build applications can
Linux, Windows access data in SQL database for
further processing
• 3rd party solution provides legal and
Logging to a 3rd party compliance server regulatory compliance, includes
operations and reporting capabilities
UC Cluster 3rd party compliance • 3rd party solution can be setup that
Server (i.e. actiance Vantage
– formerly FaceTime)
messages are only delivered after
they have been successfully
archived
Example: Logging to Postgress SQL on Windows
UC Cluster
Required steps:
1.) Install Postgress
Not that easy on Windows  setup.exe has to be run as local
Administrator. Will always throw and error with domain admin account!
2.) Configure Postgress

Windows 2008 R2 Postgress Documentation - http://www.postgresql.org/docs/
Postgress 9.1 (64 bit) Cisco UCM IM&P – Database Setup Guide
http://www.cisco.com/en/US/partner/docs/voice_ip_comm/cucm/im_presence/database_setup/9_1_1/CUP0_BK_D01C1669_00_database-
setup-guide-imp-91.html
Postgress Database Configuration File <database-path>pg_hba.conf
Do yourself a favor…
Don’t use special characters
in db password! i.e. $
Example: Logging to Postgress SQL on Windows
UC Cluster
Required steps:
3.) Configure Database in UCM IM&P 4.) Assign Database to IM&P Node(s)
Windows 2008 R2
Postgress 9.1 (64-bit)
Demo
BREAK
Persistent Chat Rooms &
Managed File Transfer
Concepts: Chat Types
• Jabber supports a number of different chat types
Neela
Sue Charles
Point to Point Chat Ad-Hoc Group Chat Chat Room

• Ad-hoc • Ad-hoc group chat • Admin enabled Feature
• Person to person • initiator defined subject • Pre-defined Chat Room
• Non-Persistent • Non-Persistent (Room) • Users enter, leave and re-
enter room.
• Conversation Persistent
Concepts: Chat Rooms
• A Jabber Chat room is XMPP persistent text chat function
provided by the Cisco Unified IM & Presence server
• Rooms have a discussion subject i.e. “Currency trading”
• Members gather and have text conversations inside the room
• Rooms can be public or restricted (closed).
• Rooms may require a password for access.
• Rooms can be created by Admins or Users (based on policy)
"eventplanning358951823618 • Persistent Chat rooms are supported by Jabber for Windows
236@conference-2-
standalonecluster764bb.aus-
and Jabber for Mac (requires version 11 for Mac)
cisco.com"
Concepts: User Types
• Users can have different roles/ affiliations to a room
– OWNER (Typically an Administrator)
Owner is creator of chat room
Has full management of the chat room
– MODERATOR
Manage Users (Add, Block, Mute, Remove Users)
– MEMBER
Contribute Chat and content to room
• Administrators
– Administration takes place at a system level or room level
– Administrator control policy for room creation and settings
– An Administrator may be a Room Owner
Concepts: File Transfer
• Persistent Chat can support IM&P Managed file transfer(MFT)
• Jabber provides several operating modes for File Transfer
– Point to Point File Transfer
– Managed File Transfer (MFT)
– Hybrid Managed File Transfer (HMFT)
• MFT is Optional feature that is enabled/configured by admin
• Allows room members to post documents into a room for later
download
• Allows room members to share screen captures to chat rooms
• Note: Managed file transfer supported on Windows, Mac,
IOS and Android
User Experience
Chat Rooms Example – Event Planning Flow
Neela (APAC)
Charles (USA) Sue (Europe)
Marketing Manager
Marketing Manager Marketing Director
User Experience
Jabber Hub View – Chat Room Tab
• Chat rooms can be enabled for clients
running in On Premise mode.
• The required backend infrastructure must be
in place (Database servers)
• The administrator enables the chat room
feature in the Jabber clients via the XML
Chat Icon configuration file
with badge
• The Chat rooms Icon will appear on Jabber
hub view.
• A Badge indicates Chat Room activity
User Experience
Jabber Hub View – Chat Room Tabs
All Rooms: Catalogue of My Rooms: Rooms that I Filters: User defined filtered
all rooms defined in am a member of. chat/room views.
deployment
Architecture
Architecture for Persistent Chat & File Transfer Database
Server

Unified Communications
Persistent Chat
Database Cisco File
Manager Server IM&P Server
ODBC
ODBC
SSH
Cisco IM& Presence:

IM&P server 10.0 (File xfer reqs 10.5.2+)
External Database Server:
Postgres or Oracle External Database
Jabber for Windows Jabber for Windows External File Server

Client Client Linux (CentOS) server providing file storage
Infrastructure Components : Services
XCP Text Conference Manager
• The XCP Text Conference Manager manages multi-party chat sessions
• Manages the ad-hoc non persistent chat function by default
• If Persistent chat room function is enabled TC Manager will also manage chat
rooms Unified IM & Presence
XCP Text XCP File

Conference Transfer
Manager Manager
XCP Router
XCP Connection Manager
XMPP
HTTPS/REST
Jabber for
Windows
client
Infrastructure Components : Persistent Chat
XCP Text Conference Manager
• When using persistent
chat a database
connection is required
• Messages will be written
DB connection
PostgreSQL (optional SSL with Oracle) to the database
Database*
• Messages history will be
Database XCP Text XCP File retrieved from the
External Database Settings Assignment
Conference Transfer database and pushed to
Name tcmadb Manager Manager
client
Type PostgreSQL
XCP Router
User tcmadb
• Admin defines a External
Password ????????
XMPP
Database and associates
Host 10.1.1.1 Unified IM
HTTPS/REST
it with service
& Presence
Port 5432 Jabber for
Windows
client
Infrastructure Components : Persistent Chat
Database Requirements
• Database node requirements are based on IM Traffic level and storage
capability of node.
• Persistent group chat —Each node requires its own logical PostgreSQL or
Oracle database instance, but nodes can share the same physical database
installation.
• Managed file transfer — Each node requires its own logical PostgreSQL or
Oracle database instance database instance, but nodes can share the same
physical database installation.
XCP File Transfer Manager
• Files are stored on an external Linux file server (example

CentOS 6.5)
• Customer provides and maintains file server and is

responsible for managing file storage and disk usage
• A file server partition/directory is mounted on the IM&P
directory used to store files
• 1:1 mapping of IM&P node to file server directory
• Connection to file server is encrypted using SSHFS
• File Server must support ext4 file system and SSHv2
• File transfer activity details are written to the database
Infrastructure Components : Managed File Transfer
XCP File Transfer Manager
/opt/mftrepo
SSHFS access Public
as “mftuser” Key
DB connection
(optional SSL with Oracle)
PostgreSQL SSH
Database*
Public File Share
Key
Database XCP Text XCP File File Server

External Database Settings Assignment Assignment External File Server Settings
Conference Transfer
Name tcmadb Manager Manager Name FS1
Type PostgreSQL Host fs1.example.com
XCP Router
User tcmadb User mftuser
Password ???????? Public Key [SSH-RSA Key]
XMPP
HTTPS/REST
Host 10.1.1.1 Unified IM Directory /opt/mftrepo
& Presence
Port 5432 Jabber for
Windows
client
Infrastructure Components : Managed File Transfer
XCP File Transfer Manager – Workflow
6. IM with file information
1. POST File 7. REQUEST File

File in request body
8. Request validated over XMPP
2. Request validated over XMPP
11. File download
File sender 5. POST confirmation File recipient
Response body contains file URI File in response body
IM&P
3. File stored in repository 4. Audit log written to DB for upload
9. File retrieved from repository 10. Audit log written to DB for download
External File Server External Database

Configuration – Persistent
Chat
What do I need to enable Chat Rooms & File Transfer
• Persistent Chat
o IM&P Server 10.0+ (10.5+ recommended)
o PostgreSQL or Oracle Database
o Jabber for Windows 9.7+ (10.5+ recommended)
o Jabber for Mac 11.0+
o End Users that Persistently Chat….
• File Transfer
o IM&P Server 10.5.2+
o PostgreSQL or Oracle Database
o Linux Host with SSH v2
o Jabber (all OS’s) 10.6
Installing PostgreSQL Database
• PostgreSQL database can be installed on Linux, Windows, BSD, Solaris and OS
X based machines (alternatively Oracle can be used)
• PostgreSQL can be downloaded from http://www.postgresql.org/download/
• Administrator uses pgAdmin3 to manage the database
• This presentation will detail installation and configuration
of PostgreSQL 9.1 on a Windows Server 2008 R2
• NOTE: Installation of PostgreSQL on a Linux host is detailed at
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/
database_setup/10_0_1/CUP0_BK_D42EAF32_00_database-setup-guide-imp-
100/CUP0_BK_D42EAF32_00_database-setup-guide-imp-100_chapter_00.html
• PostgreSQL service will be started automatically after install.

• Database Name can be set after installation using PostgreSQL client pgAdmin III
• Create “tcuser” as superuser with password
• Create “tcmadb” database with “SQL_ASCII” encoding
• Configure PostgreSQL so that it can be accessed from a remote location
• Remote access locations configured in pg_hba.conf file
(located in C:\Program Files\Postgres SQL\9.1\data\ if default install location
defaults accepted at install time)
• Configure the IPv4 local connections section and save
Configure PostgreSQL Database
• Set the following in Restart the

postgresql.conf and save PostgreSQL service
(same directory as pg_hba.conf)
• escape_string_warning = off
• standard_conforming_strings = off Note: additional information available
In documentation
Configure IM Server Database Settings
Messaging -> External Server Setup -> External Databases
Database name
PostgreSQL or Oracle
Database service account

username & password
Database host
address & Port
• Database server reachability

test should pass
• Database server connectivity
tests will not pass yet
Enabling Persistent Chat & Associating Database
Messaging -> Group Chat and Persistent Chat
• Enable Persistent Chat
• Assign the external database to the IM & Presence Node and Save
External database
connectivity tests should
now pass
Enabling Chat Room on Windows Clients
• Administrator must enabled Persistent Chat rooms for Jabber clients
• <Persistent_Chat_Enabled> is added to the jabber-config.xml file
Configuration – Managed
File Transfer
Understanding Managed File Transfer (MFT)
Messaging -> File Transfer
• Jabber File Transfer can operate in different modes of operation
• Peer-to-Peer : Classic operating mode, files transfer between clients without

server interaction. (NOT supported for Group Chat/Chat Rooms)
• Managed File Transfer: File Transfer is performed via server and file server
• Hybrid: Uses Managed where possible with fallback to Point-to-Point. Used
where mixture of clients and cluster versions / feature support.
• For Chat Rooms we need to have MFT for file transfer
Creating SSH access account for IM&P node
• A User is required to access the share using SSH
• Create a User (process depending in Linux flavor)
# useradd -m mftuser
# passwd mftuser
• Create the directory MFT is going to use
# mkdir -p /opt/mftFileStore/
• Configure / Confirm correct permissions exist for share
# chown mftuser:mftuser /opt/mftFileStore/
# chmod 700 /opt/mftFileStore/
• As the new user create a node folder in the MFT directory

$ mkdir /opt/mftFileStore/node1
Linux File Server and Directory Structure
• Administrator Installs Linux File server including SSHv2.
(Example: CentOS6.5 )
• Administrator creates a folder on the file server for each

IM&P node which will use the server
/opt/mft/FileStore/IMPnode1/files/chat_type/YYYYMMDD/HH/filename
Admin defined directory • IM&P node will create a files folder

for IM&P node access • If will organize chats by type in a folder
• File are store by date and then by time of day
Each node requires unique • Folders contain a maximum of 1000 files,
directory if shared resource additional are then created
SSH Key Requirements – File Server Key
Public Key
File
IM & Presence Server
Public Key
Server
• Key must be exchanged between the IM&P node and the File server
• The following steps are required to add the File Server key to the IM&P Server
external server settings
Select Messaging > External Server Setup > External File server $ ssh-keyscan -t rsa gwydlvm1160
# gwydlvm1160 SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1
gwydlvm1160 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4
hqDBMlSRh1DJuBAxJzQTOiL9rR7h+yIg+gXRIlrKO3hUr4Pb6oyVxB
nhGJfID0OTwgxcxIlWTRgiYxmbHhsbsoGnsEE9EXX+J126LF/GaDYi
yYILa1a7DzJaXsBQjcg+UmbMFaDMr+UZ0oJHBaOUz0CUSsZ....<s
nip>
SSH Key Requirements – IM Server Key
Public Key
File
IM & Presence Server
Public Key
Server
• Key must be exchanged between the IM&P node and the File server
• The following steps are required to add the IM&P key to the File Server SSH
configuration.
Select Messaging > FileTransfer > PublicKey Add IM&P Key to “authorized_keys” for the IM&P user
/home/[user]/.ssh
# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAv8c496/w//aNm
FysXfOStTdgjkjSr/7zyjnqWKgqK93RCDOUq/6beGPQofzsRWlfVL1U
+cHTaGvA8u5X9xvSI/vUS3dBljqLO0Q6tGaFOMQWQYMAdMA5Eh
NU7hAMVVmpueK/cQUGkF7hNLViNLI66SYiUt/PsSgHOSm8b/PoFP
xn7xh6A/WplZF7t+Slx....<snip>.......Lt7ycQ==
imp@cup105.cisco.com
Enabling File Transfer Service
Checking File Transfer Service Status
Messaging -> External Server Setup -> External File Server
Once configured the External File Server Status provide a heath view of configuration
General Operations
Selected Chat Room Policy Settings
Messaging -> Group Chat and Persistent Chat
Maximum number of chat rooms
Maximum number of rooms supported TC Manager (Ad-hoc + Rooms)
History
Settings
Defining Who can create Chat Rooms
• Admin defines if only defined group chat admins can create rooms
• Admin can define users as Group Chat System Administrators

Block File Types
jabber-config.xml
Specify file extensions that are blocked from file transfer.
<Policies>
<Disallowed_File_Transfer_Types>.exe;.mp3<Disallowed_File_Transfer_Types>
</Policies>
SQL linkage
Select * from aft_log
Base64 of
Folder/file
folder/file
Post/Get Real filename Timestamp

General Housekeeping
• An Administrator needs to manage database
and file server space
• IM&P is able to generate alerts using RTMT
• RTMT also provides counters for service
• Administrator needs to manage space on file
server.
• This can be perform using shell scripts / cron
jobs etc
find ./my_dir -mtime +30 -type f –delete

Demo
Service Discovery
Service Discovery is for Cisco Jabber to…
Select… Subscribe to…
Operating Mode UC Services
Cloud or On-Premises
Determine…
Discover…
Operating
UC Services Domain
Location
Inside or Outside
Jabber sends HTTP and DNS Queries
• Jabber sends all requests (HTTP request & DNS * CAS: Connect
queries) simultaneously Authentication Service
• Among all returned, the record with the highest priority

will be used for connecting to UC services
Messenger
• Jabber will also evaluate returned responses to HTTP Request to

determine if it is inside or outside the organisation CAS*
http://loginp.webexconnect.com/cas/Fede
ratedSSO?org=[DOMAIN]
Priority Service HTTP Request / DNS SRV

1 WebEx Messenger HTTP CAS lookup DNS SRV Lookups
2 Unified CM 9.x _cisco-uds._tcp.<domain_name>
_cuplogin._tcp.<domain_name> DNS
3 Cisco Presence 8.x
Queries DNS (internal
4 Cisco Expressway _collab-edge._tls.<domain_name> or external)
Edge Detection
• Edge Detection determines whether Jabber is inside or
outside the corporate firewall
• Based on SRV records returned from DNS
• If _cisco-uds SRV record lookup returns an address:

• Jabber determines that it is inside the organisations network and it
can connect to UC services directly
• If _collab-edge SRV record lookup returns an address:
• Jabber determines that it is outside the organisations network
• Set directory integration to UDS mode
• HTTP transform all traffic and route through expressway-e
Jabber Establishes Services Domain
• Jabber needs to establish Services Domain name to send
Service Discovery queries
• Services Domain is usually the WebEx Messenger domain name
or UC Manager domain name
• Jabber can establish the Services Domain in a number of
ways
• UPN discovery (Jabber for Windows only)
• Enduser input
• Preconfigure (Bootstrapping/MSI transformation or URL
Configuration)
• jabber-config.xml
UPN Discovery
• Jabber for Windows will not prompt user to
enter login credentials until the Windows
machine is connected to a network
• Once a network connection becomes available
Network becomes
available
Jabber will initiate service discovery

• Jabber for Windows will attempt to use User
Principal Name (UPN) for service discovery
e.g. smiller@example.com
example.com is used as the Services Domain
(_cisco-uds._ecp.example.com etc)
“smiller” is used for home cluster discovery

Enduser Input
• Jabber for Mac, Android and IOS will default to
enduser input of Services Domain.
• Jabber for Windows will use UPN by default but this
setting can be changed via a bootstrap key
– Bootstrapping can be done using the mst file and a MSI
editor or by using command line switches
– upnDiscoveryEnabled: true/false
• The enduser should enter an email like address
“username@domain”
• username : UC Manager UID
• domain : domain used for Service Discovery
Services Domain Preconfigure
• Jabber can be pre configured with Services Domain
name prior to installation
• This can be used when:
– UPN domain does not match Services Domain
– Admins do not want endusers to enter Services Domain
• Services Domain can be pre-configured using

– Bootstrapping/MSI transformation (Windows)
– URL Configuration (Mac, Android, IOS)
• This allows a “zero-touch” configuration for endusers

Services Domain Preconfigure
• Jabber for Windows can be preconfigured with Services Domain via
bootstrapping or MSI transformation
msiexec /i CiscoJabberSetup.msi SERVICES_DOMAIN=example.com
• Jabber for Mac, IOS and Android can be preconfigured with Services
Domain via URL Configuration
ciscojabber://provision?ServicesDomain=example.com
Services Domain and Voice Services Domain
• In hybrid deployments, the WebEx Messenger domain may be
different to the on premise UC domain
– WebEx Messenger domain : example.com
– On premise UC domain : uc.example.com
• Jabber will need to perform discovery on example.com to discover
Messenger services
– Jabber may also need to perform discover on uc.example.com to perform
Edge Detection and discover UC services via Mobile Remote Access
(Expressway)
• Voice Services Domain can be used to perform discovery on a second
domain
– Services Domain : example.com (used for WebEx Messenger HTTP lookup)
– Voice Services Domain : uc.example.com (used for DNS SRV lookups)
Configuring Voice Services Domain
• Voice Services Domain can be configured via
– Bootstrap/MSI Transformation (Windows only)
VOICE_SERVICES_DOMAIN=uc.example.com
– URL Configuration
ciscojabber://provision?ServicesDomain=example.com&VoiceServicesDomain
=uc.example.com
– jabber-config.xml
<ServicesDomain>example.com</ServicesDomain>
<VoiceServicesDomain>uc.example.com</VoiceServicesDomain>
Excluding Services
• Services can be excluded from Service Discovery
– Some organisations may have a WebEx Messenger domain but want to run
Jabber in phone only mode
– WebEx Messenger can be excluded from Service Discovery
– Bootstrap/MSI Transformation (Windows only)

EXCLUDED_SERVICES=WEBEX
– URL Configuration
ciscojabber://provision?ServicesDomain=example.com&ServiceDiscoveryExcluded
Services=WEBEX
• Note that the Messenger HTTP request will still be sent but will not be used
Assigning Users to Home Cluster
• UC Manager users need to be assigned
a Home Cluster
• This is the cluster Jabber clients will connect
to for service
• During the Service Discovery process the
ILS service will use this setting to locate a
users’ Home Cluster
• Home Cluster can be assigned via
• Manually via End User page
• LDAP sync agreement
• BAT
• Ensure users are only assigned to a
single Home Cluster!!!
Home Cluster Discovery jsmith’s
homecluster is
Cluster 2
Cluster 2
DNS 4
3
1 ILS
Service
2
Cluster 1 Cluster 3
– DNS SRV returns a node in Cluster 1
– Jabber connects to node in Cluster 1 and asks for homecluster of “jsmith”
– Cluster 1 queries other clusters for “jsmith” home cluster via ILS Service and returns
Cluster 2 to Jabber
– Jabber connects to Cluster 2 for service
Creating the SRV Records
• Ensure each UC Manager node has an A-record DNS record
• The SRV record can point to multiple A-records for load balancing purposes
• Jabber clients will round-robin through A-records as they perform DNS lookups
• Jabber maintains an internal priority list for SRV records
• SRV record Priority and Weight do not need to be set
SRV Lookup Return
• Test the SRV recordusing nslookup tool
nslookup -type=srv _cisco-uds._tcp.cisco.com
• SRV lookup using nslookup will return

all associated A-records
• NOTE: this is a different system to

previous example!!!
Jabber Home Cluster Request
• Jabber will be returned a UC Manager node to connect to
• This can be any UC Manager in any cluster in the deployment as long as the ILS service
is configured and running for all clusters
• Jabber sends a request to the UC Manager node with UC Manager UID to locate
the users Home Cluster
https://ccm-sjcvtg-091.cisco.com:8443/cucm-uds/clusterUser?username=shalong
• The following XML document is returned to Jabber with Home Cluster information
Jabber Servers Request
• Jabber sends a “servers” request to the returned Home Cluster node to retrieve
list of nodes in the cluster
https://ccm-gwyvtg-021.cisco.com:8443/cucm-uds/servers
• The following XML document is returned to Jabber with cluster servers

information
• Jabber will select one of these nodes at random and use that node for UDS
directory integration
TFTP and UC Manager Group
• Jabber will retrieve TFTP server information from a UDS API and will connect to
one of the TFTP nodes at random
• Only nodes running the TFTP service will be used
• Jabber will register to a node in the cluster based UC Manager groups
• CSF device assigned to Device Pool
• Device Pool assigned a UC Manager Group
• The UC Manager group contains the available nodes for CSF registration
Service Discovery and WebEx Messenger
• If a WebEx Messenger HTTP lookup is successful
during Service Discovery
− Jabber will connect to the Messenger service regardless of
the other lookup results
• For users who are provisioned with UC Manager
services (including voicemail etc.)
− WebEx Messenger must be configured with the correct UC
profile information (TFTP, CCMCIP, CTI) for each user and
service
− WebEx Messenger UC Profile will take higher priority than
UC Manager Service Profile
− Jabber will not use the _cisco-uds SRV record to connect to Home UCM
UC Manager (record still used for Edge Detection) Cluster
• Jabber will not perform Home Cluster discovery after

connecting to WebEx Messenger 1
UC Manager
• The UC profile must detail the correct Home Cluster home cluster
information for each user address 2
Jabber Security
Jabber Certificate Management
• To enhance the security environment of the Cisco
Collaboaration solution Cisco Jabber clients will Self Signed Certificate Auth
validate all server certificates in order to establish Deployment Deployment
secure connections between client and server.

• Helps prevention of Man in the Middle attacks
• Administrators need to decide if they want to deploy
CA signed certificates to services used by Jabber.
• Jabber clients with this enhancement will end prompt
users if a invalid or self signed certificate is
presented by a service.
• In UC Manager 10.5 +, the Multi Server SAN feature,
greatly reduces the amount of effort required in
deploying CA signed certs to a cluster
Certificate Management – Self Signed Option
• When Jabber is
UC Manager IM&P UCxn CWMS
presented with a new
certificate it will prompt
the user to accept each
certificate
• If the user accepts the
certificate it will be added
to the users device cert
store.
• On Windows, self signed
certs will be added to the
Enterprise Trust Store
• For Mac, self signed certs
will be added to the
keychain
Certificate Management
• The best experience is

that the user is NOT
prompted with this
window
• Administrator should
setup Jabber environment
so that this is not
displayed
Certificate Management – Private/Public CA Option
Private or Public Trusted CA issued
UC Manager IM&P UCxn CWMS certificates installed on
Cert Authority
each server in cluster
UC Manager
Tomcat Cert
IM & P
Tomcat and XMPP Cert
Unity Connection
Tomcat Cert
• With CA issued certificates in
place mean users are not WebEx Meeting Server
prompted to accept certificates Tomcat Cert

Trusted Root
Cert distributed iPhone
to Client, can be CAPF functionality

via policy uses CTL files so
not affected by this
change
Certificate Management - CUCM
TOMCAT / HTTP / CUCM TOMCAT / HTTP / CUP XMPP / IM&P
cucm9.example.com
cup9.example.com
cucm9.example.com cup9.example.com cup9.example.com

Deploying CA Signed Certificates
Install CA Install Deploy

Generate Process
root cert signed CA root
CSR for CSR with
to service cert to cert to
service CA
trust store service endpoints
e.g. e.g. CSR e.g. send e.g. e.g. well

Tomcat for Tomcat CSR to upload known CA
trust public CA signed certs may
cert to already be
Tomcat installed on
endpoints
Multi Server SAN (Subject Alternate Name)
• In UC Manager 10.5 +, the Multi Server SAN feature
allows admins to create one CSR per service per
cluster – all other nodes in that cluster are
automatically added as a SAN in the CSR.
• In a cluster with x UC Manager nodes and y IM &
Presence nodes, only 1 CSR needs to be generated
for the Tomcat service – all UC Manager and IM &
Presence nodes are added to the CSR by way of
SAN
• When the cert is signed by the CA, the cert SAN
field will contain all nodes within the cluster
• The cert can be uploaded to any node in the cluster
and will be automatically propagated to all other
nodes in the cluster
Invalid Certificate Behaviour (Jabber 11.0)
• Jabber behaviour when presented with an invalid certificate can be configured
• Configuration added via bootstrap/URL configuration
• INVALID_CERTIFICATE_BEHAVIOUR
• Configuration can be set as

• RejectandNotify
• PromptPerSession
• Default
msiexec /i CiscoJabberSetup.msi INVALID_CERTIFICATE_BEHAVIOUR=RejectandNotify

ciscojabber://provision?InvalidCertiticateBehaviour=RejectandNotify
Certificate Management – What Do I Need To Know…
• Jabber clients validate infrastructure certificates (UC manager, Unity, IM&P etc)
• Jabber also validates WebEx Messenger certificates – WebEx Messenger uses a well
know public CA signed certificate
• Administrators have two options
Self Signed Certificates Public/Private CA issued certificates
(Less Configuration) (Most Secure)
Jabber user accepts certificates using • Administrator replaces infrastructure
Jabber prompt and Jabber adds to into self signed certs with public or private
enterprise certificate store. CA issued certificates
-- OR -- • Administrator installs CA certificates
Admin pre distributes all self signed on each node within a cluster
certificates to users certificate store • Root Certificate from CA needs to be
published to user workstations
• To distribute certificate an administrator can use tools such as Microsoft group policies.
• When deploying Jabber pre plan how you will manage certificates
Jabber for Windows 11.0 Updates
• Encrypted PRT • Secure TFTP File download (jabber-
• Administrator can choose to encrypt config.xml)
Jabber PRT (at creation time) • File downloaded from port 6972 over
• PRT encrypted with public certificate HTTPS
• PRT decrypted with a tool using private • Requires CUCM
certificate (tool located in Jabber
• NGE support for SIP and RTP
Program Files directory)
• 256 bit AES
• Logging (admin controllable) • Requires CUCM 10.5.2+
• Log at DEBUG level • XMPP already supports AES 256 bit
• Allow endusers to set logging level
• Do not log to disk (log to memory)
Jabber Cloud
Deployments
Deployment Models for Cisco Jabber Clients
Jabber XMPP
Cisco IM and Presence Technology
On-Premises On-Demand
On-site control & access Rapid deployment
Data behind firewall Minimal admin and overhead
Leveraged converged corporate network No capex, predictable billing
Equipment & software owned & operated Redundancy & load balancing
Jabber Cloud Solution Architecture
Internet
XMPP
Partners, Customers
HTTPS Inter-Domain Federation
WebExAdmin
TLS/SSL (XMPP)
SIP (Softphone) / HTTPS

CTI (Desk phone) / HTTPS
Directory
HTTP
Jabber Client
Windows, Mac,
IOS, Android
CUCM Unity
IM Archiving
Connection
Cisco WebEx Multilayer Security Model
MULTI-LAYERED SECURITY MODEL
SSL - 128-bit Encryption

Encryption
AES – 256-bit Encryption
Third Party Audits

SSO
Authentication
Unique ID
Policy Access Control

Management Set policy for individuals, groups, org
SSAE 16
Physical Security
Data Centre Secure Facility ISO
270001
Cisco WebEx
Collaboration Cloud
Note: Instant Messages are not stored in the cloud at any point, except when IM Archiving is enabled
Instant Messaging
• IM Point to Point Chat
• IM Group Chat
• IM Protocol
• IM File Transfer
• IM Logging
• IM Encryption
• IM Federation
Cloud Based Desktop Share
• Cisco Jabber provides two methods of Desktop Sharing
 WebEx Ad-hoc Desktop Share • Video Desktop Share

– Available in Cloud deployment only • Available in both On Premise and
– Interoperable with Jabber clients Cloud deployment
– Provide annotation and remote • Uses BFCP Standard to send video
control image of screen
• Interoperable with Jabber,
TelePresence and MCU’s
Cloud Based Desktop Share
• Configuring Ad-hoc WebEx Desktop Share
• The remote party will

receive an invitation to
join the WebEx share
Jabber Cloud Solution Architecture
• Service Components
• Web API (WAPI)

• Organisation Management
• User Management
• Authentication
• Authorisation (Privileges/Policies)
• Metrics/Activity capture
• eXtensible Communications Platform (XCP/Jabber)

• IM & Presence
• Contact list management (Roster)
• IM logging
• IM federation gateways
• IMDS (IM Dispatch Server)

• Dispatches IM’s to 3rd party archiving service
WebEx Administration Tool
Access Administration Tool
http://webex.com/go/connectadmin
Site is provisioned:
Customer “Administrator” receives
a Welcome email with
instructions to reset password
Logs in:
– username@domain.com
– Newly set password
WebEx Administration Tool
Organisation Configuration
System Settings
Client Settings
External Services
User Configuration
Configuring Jabber Domain
Domain configured
for this site
Trusted domains
Configuring User Policy
• Messenger can use default settings which doesn’t apply policy restrictions
• If Policies used then Policies are assigned to ALL users
OR
• Users are assigned to Policy Groups which link to Policy lists/items
Policy Policy Policy Edit Profile

Group List Item
Policy File Transfer
Item
Policy
Jabber User Item
Screen Capture
Example Policy Items

Configuring User Policy
A policy list can be

applied to all users
or applied to a
group of users
Policy Editor allows administrator to create policy lists

Options for Creating User Accounts
• Manual Provisioning via WebEx Administration Tool

o Manually create and manage users via the Admin web interface
• User File Import via WebEx Administration Tool

o Import a CSV file of users and groups into the database
• Self Registration
o Accounts are created when users log in for the first time to Jabber
• Single Sign-On
Manual User Creation
‒Admin Tool: User tab > Add
Tabs: Account settings, Profile information, Policy Group Assignment, Unified
Communications
Simple method for a small number of users or pilot scenario
Account Profile Unified Communications

Welcome Email
• Welcome Email
• After administrator creates an

account the user will receive a
welcome email.
• The user must create a
password
• The user can download WebEx
and Jabber software
Email Templates and Branding
• WebEx administration tool

provides access to library of
email templates
• Administrator can create
organisation specific email
templates based on different
service requirements
• Administrator can also add
company branding to site.
Configuring User Accounts
Admin Tool: Import/Export
 Create a CSV file with user information – CSV fields/formats are available
in WebEx Messenger Admin Guide
 Simple method, saves admin time by adding and making changes in bulk
 If Directory Integration and/or SSO is enabled, manual user import is not
an option
If it is not the first time importing users

from a CSV file, it is vital that you first
export your users. This will give a
complete set of data in csv format
Configuring User Accounts
• User Import Based upon .CSV
Import field headers and value examples:
Field Value Field Value
employeeId 06355 phoneBusinessISOCountry +1
displayName Tom James phoneBusinessNumber 4085551010
firstName Tom phoneMobileISOCountry +1
lastName James phoneMobileNumber 4085551010
email tomj@test.com fax 4085551111
userName tomj@test.com policyGroupName Corporate
jobTittle Vice President userProfilePhotoURL http:/server... jpg
address1 Tasman activeConnect
address2 centre my.webex.com
city Santa Clara storageAllocated
state CA CUCMClusterName myCUCM.com
zipCode 95134 IMLoggingEnable Yes
ISOCountry USA EndPointName
Self Registration
• Enable Self-Registration as a last option

• User’s email address must match customer (site) domain
• Security based upon user’s domain details and email account
• Account creation notification can be sent to Site Contact (and approved)
WebEx
Admin
Self Registration
SSO Account Creation / Update
Admin Tool:
Configuration tab >
Security Settings
• For auto-account
creation, check the
appropriate boxes
Must be enabled when
the organisation is
provisioned and
configured
Jabber Contact Source
• Plan your contact source information

• Contact sources provide Jabber with
information to initiate communication.
• Rich data enhances user experience…
• Consider telephone formats, completeness Reverse contact
of information and user photos etc…. resolution
WebEx Contact Source

Default for cloud based deployments
Local Contact Source User policy controls
MS Outlook users ability to edit
data
General Settings
Unified Communications
Configuration tab > Unified Communications > Voicemail tab
Unified Communications Setup

Unified Communications must be
enabled
1. Voicemail tab – Visual Voicemail

Enable Visual Voicemail
Enter the server information
2. Clusters tab – Call Control
3. Set up Unified Communications

Manager devices
File Transfer Policy
• File transfer allows

users to exchange
files over IM Control over file type
allowed for transfer is
• Use Policy list to managed from IM
enable/disable and admin
control domains
IM Logging (Server side)
IM communication
via a secure
channel (SSL)
Logged User (TLS)
• Captures IMs and transmits logs to archiving IM Archiving

services through one of two models:
o Email Archiving: On-prem SMTP server
o 3rd Party: HP Autonomy or Global Relay
• “Logged” users cannot use 3rd party clients – set by policy
• Federated buddy cannot host a group chat that includes a logged user
• End to end encryption (AES) is not supported for logged users
IM Encryption
• Jabber 9.0+ connection to
IM Logging
Service
WebEx messenger cloud by
default uses 128 bit SSL
IM Routing
encryption.
Service • Data-at-rest is not encrypted
which allows IM logging
capabilities in the cloud.
SSL Encryption
• Data-at-rest is protected by
means of stringent Data Centre
security including SAS 70 Type
II audits
Jabber for Jabber for
Windows Client Windows Client
IM Encryption (Option)
Point to Point • Jabber encrypts XMPP traffic
• IM payload is encrypted using AES 256
bit
SSAE-16
ISO27001
IM Federation
XMPP Standard Federation
DNS SRV Standards based XMPP domains
Other Messenger For XMPP resolution including Cisco IM & Presence
domains
server
Federation Service
Nextplane.net
Internet (Yahoo, Lync, Skype, Facebook, Google)
IBM Sametime
Sametime IBM Sametime via XMPP
XMPP
Gateway gateway server
Microsoft Lync
Microsoft Lync using XMPP
XMPP gateway role.
Gateway
AOL
Cisco Jabber Public federation to AOL users
* requires addition order option
Clients
IM Federation
DNS SRV Provisioning
For external federation
the administrator needs
to update organisations
DNS service with SRV
Federation SRV records for XMPP
Records are shown in

3rd Party XMPP client SRV WebEx administrator
Example ISP DNS configuration
Software Deployment
Update Management
• WebEx admin tool provides
client upgrade management
• Default operation upgrades
users to latest code version
• Custom Mode allows
administrators to defined
version.
• On Premise tools can also
be used for software
management
Webex Integration
Jabber – Click to Start Meeting
• Cisco WebEx Meeting Centre
is a cost-effective alternative
to face-to-face meetings. Use
it to:
• Collaborate with customers,
partners, and employees
worldwide
• Share information
• Enhance productivity
• Meet anywhere, anytime, on
any device
Jabber – Webex Calendar Integration
• Jabber will show a schedule of WebEx meetings and
other appointments in a Jabber Tab.
• Meetings information is retrieved from WebEx Meetings
services as well as a choice between Microsoft Outlook,
Lotus Notes or Google calendar.
Integration with WebEx Meetings
• Introduction
• Cisco WebEx Meeting

Centre is a cost-
effective alternative to
face-to-face meetings.
Use it to:
• Collaborate with
customers, partners,
and employees
worldwide
• Share information
• Enhance productivity
• Meet anywhere,
anytime, on any device
• Personal Rooms are part of every Meeting Center package.
• Jabber 11.0 will escalate WebEx Personal Rooms rather
than ad-hoc WebEx Meeting Escalations
• Supports escalation from contacts view, meetings view and
conversation window.
Attendee
User
Experience
CLOUD CMR Jabber provides both SIP(Video) and
WebEx(http) access to meeting rooms
Cross portfolio feature supported on
Web Entry Video Entry desktop and mobile clients
Jabber clients can join a meeting using
either Video or WebEx interface
Supports both dedicated and dynamic/ad-
hoc resource rooms
Administrator can customize client to select
default action (video or web)
Jabber Clients Note: admin configures Bridge or CMR escalation
Users will receive a
toast with join /
decline options
Default operation is
to join CMR using
video
Join using WebEx
will join using web
interface
Additional attendees
receive “Join” button
Room participants
join integrated
conversation
window
Additional
participants added
to chat session
are presented with
one click join
option.
Attendees
alternatively
join using
WebEx
experience
Administrator
can select
WebEx as
default flow
Integration with WebEx Meetings
• On Premise Architecture
WebEx Meetings can be

deployed using cloud or
Federated
on premise solutions. Organisation
Internet
Active Directory Unity Federated
WebEx Meetings
(Options) UC Manager UC Manager Connection Organisation
Server
Call Control IM & Presence (optional) (optional)
Home
Office
Sync &
authentication
Jabber Mobile
Jabber Desktop Jabber Desktop Jabber Desktop & Tablet TelePresence TelePresence
(Desk Phone mode) (Soft Phone Mode) (Soft Phone Mode) Endpoint Room
Cloud Configuration
• With the latest

version of WebEx
Messenger and
Meetings users share
to the same account
• To enable a user for
meetings toggle
“Enterprise Edition”
On Premise Configuration
• For on premise deployment the administrator must defined
and associate a service profile to the user.
UC Services
Service IM & Presence
Profile Profile
CTI Profile
Voicemail
Profile
Conferencing
Profile
In Client Configuration
• Administrator or User defined WebEx Account
• If no WebEx account defined, user can define account.

Microsoft Integration
Outlook Integration
• Outlook contact source
further enhances the rich
integration Jabber provides
with Microsoft Office 2010
and 2013 (incl Office 365)
• Presence
• Easily start
• Chat
• Group Chat
• Easily escalate to
• Voice
• Video
• Web Share
Contact Card Integration
• Cisco Jabber for Windows uses published Microsoft Office APIs to provide Cisco
communications tasks directly from Office applications
Presence
Instantly view the
availability of
your contacts
Chat / IM Voice/Video
Launch Jabber chat Launch Jabber high definition
sessions directly from video calls directly from Office
Office Contact Card Contact Card
• Organisation view allows • Expanded contact card view
further navigation and exposes further call enabled
communications options options.
Additiona
l Contact
Voice Card
& Video
Ribbon Bar Integration
Call Work +61 2 8446 6000

Call Mobile +61 401 555 123
Call all
Escalation to point to
point and group chat Escalation to point to point voice/video calling as
Function well as escalation to multiparty ad-hoc
conferencing
Global Address Book
Global Address List
• Uses native Microsoft
communication controls
• View Availability and
Presence
• Instant Message/Chat
• Initiate Voice/Video calls
• Search and communicate
through organisation structure
Personal Contacts
• Personal contact integration
• Initiate calls
• Initiate IM (federation required)

Microsoft SharePoint Integration
Personal Contacts
• Use native Microsoft
controls in SharePoint sites
• Start IM conversations to
federated contacts
Adam McKenzie
• Call contacts using Jabber
• Support SharePoint
2010/2013
Outlook Contacts Within
Jabber
Cisco Jabber for Windows
Outlook Contact Search
LDAP based contact Source (On Prem Default)
Active Directory by default but can be customised for
other directory environments
HTTP/REST based contact Source (On Prem)

Built into UC Manager 8.6(2)+ and provides
and alternative to LDAP integration
WebEx Contact Source (cloud)
Default for cloud based
deployments
NEW in Jabber 9.1
MS Outlook Contacts
Search local contacts
from Jabber (req 9.1)
Contact Source Within Jabber
Address Book
Contacts that have been found in local
Microsoft Outlook 2010 or 2013 personal
contacts
Directory
Contacts that have been found the
organisation online directory. Source is
dependant on administrator configuration
Import Outlook Fields into Jabber
Jabber uses contact name and
communication addresses including:
• Email address
• IM Address
• Business Phone
• Mobile Phone
• Home Phone
• Thumbnail photos can also be
retrieved (size limit exists)
Adding Outlook Contacts to Jabber
From the Jabber contact
list a user can initiate a
call to an Outlook contact
From the search function an Outlook contact can

be added to contact group if they have an email
address
Federated Contact Support
• If a federated contact details exist in Outlook
details will be merged.
• This enables additional communication
modalities for federated contacts
Chat and Availability to

federated contact via XMPP or
SIP
Contact name, telephone
details and photograph from
Outlook Contact Source
Click To Call From Any
Application
Jabber 11.0 Features
Click-to-Call Keyboard Shortcut
• New global hotkey functionality allows a user to select text
in any application and send the dial string to Jabber for
windows
Admin can define the key to use they

wish to use in their organisation
Configuration is via jabber-config.xml
Enable default CTRL+Q, admin

defined
<Options>
<MakeCallHotKey>true</MakeCallHotKey>
</Options>
<Options>
<MakeCallHotKey>CTRL+SHIFT+J</MakeCallHot
Key>
</Options>
Save Chat To Outlook
Conversations Saved in Outlook
• Transferred to Outlook when chat window closes
• Allows searching from Outlook to span emails and chats
Save Chat to Outlook
• Jabber for Windows 10.6 allows chat history to be automatically stored in a
Microsoft Exchange folder which can be viewed through Outlook
– Jabber connects to Exchange via Exchange Web Services (EWS)
• Supported with Exchange 2010 and 2013
• Jabber can discover Exchange server via
– Autodiscovery based on Services Domain
– jabber-config.xml file
– Manual entry (enduser)
• Jabber can authenticate with Exchange using
– OS level SSO
– Credential Syncing with UC Service
– Manual authentication (enduser)
• Feature can be enabled/disabled by an administrator or enduser
Save Chat to Outlook - Configuration
Demo
BREAK
Real-time
Communications
Integration
Jabber Real-time Communications
voice calls
visual voicemail
video calls
Share content
Deskphone Mode /
Deskphone Video
Soft Phone Mode Extend & Connect Mode
Jabber client controls 3rd Party PBX Phone to
Audio uses sound devices on workstation. Video is
make calls. UC manager must be
displayed on workstation, audio is via headset
connected to PBX via SIP/Telco trunk
(recommended) or PC/Mobile Speaker
• Jabber Desktop Clients can be configured for all modes of operation

• Can also be configured for Phone Only Mode (no IM&P)
Jabber Phone Mode
• Phone mode was made available in Jabber for Windows 9.2.1
and 10.5 for Mobile, 10.6 for Mac
• Phone mode allows Jabber to be deployed in voice and VIDEO
mode, voicemail without Docked Window
Instant messaging and Presence.
• Phone mode deployment is made easier with UCM 9.x+
Service Discovery and Service Profiles
• _cisco-uds SRV record to discover CUCM location
• No IM & P service profile so Jabber will not connect to CUCM IM&P / WebEx Hub
Messenger
View
• Installer transformations and manual configuration also supported
• Click to X can be disabled at install time of Jabber for Windows

• Office integration can be disabled using install switches
msiexec.exe CLEAR=1 /i CiscoJabberSetup.msi CLICK2X=DISABLE

Jabber Mobile and Mac Phone Only Mode
• Key Functionality
• Voice (VoIP) & video
• Dial via Office
• Contact integration (native and directory search)
• Recents with contact resolution
• Visual Voicemail with contact resolution (optional)
• Services Supported:
• Primary: CUCM
• 2ndary Services: Unity Connection, supported Directory Services
• Contact Integration
• Pre-populate with native contacts
• Ability to add contacts
• Edit/delete not supported from Jabber (use native interface)
Jabber Operation Modes
Voice and Video Unified Communication Manager
User User
Data Data
Call
Jabber User Control Server
[User@XMPP Domain]
IM &
Presence
Server
Jabber
Client
Jabber connects to
UC Manager UDS to
Populate device list
If connecting in
Soft phone mode If connecting in
Jabber connects as Desk phone mode / E&C
a SIP / CSF endpoint Jabber connects to UC
manager with CTI
Desktop and Mobile Desktop Desktop
Base Configuration
Client Configuration Requirements (UC Manager)
Jabber ID or “JID”
Service Profile Devices User Rights
Profile for UC Services Device Types – eg CSF, TAB, BOT, TCT User Roles, Rights and Associations
Configure Profiles Add Devices Assign Rights

Jabber Client Configuration – Service Profiles
• All Jabber clients are now using Service Profile IM&P
UC Service
service profiles to a greater extent. assigned
CTI
UC Service
• Service profile now directs clients Voicemail

UC Service
User
to IM&P service. Conference
UC Service
• Service profiles can be used to XML File

Directory
UC Service
delivery different feature sets IM&P
enabled
• Phone mode (Windows)
• Full UC Mode
• The goal is to have the xml config file
• Directory Service supports basic required by exception only (for specific
settings recommendation (use Jabber- custom use cases). We plan to continue
config.xml for advanced features) to add support for additional cucm
service profile settings
Service Profiles – Configuration Steps
Service Profile for UC Services
UC Services
IM & Presence Instant Messaging and
Service Profile Profile Presence
Directory * Jabber-config.xml file still
Profile* recommended
Jabber ID or “JID” CTI Profile

Required for desk phone
and Extend and Connect
Voicemail Required for desk phone and
Profile Extend and Connect
Conferencing
WebEx Meetings Configuration
Profile
• UC Services for Service Profile created on UC

manager from 9.x
• Prior to UC Manager 9.x Profiles created on

Presence Server
User Management > User Settings > UC Services

Jabber User Configuration (Voicemail and Conferencing)
Jabber User Configuration (Voicemail and Conferencing) ***Notes
Jabber User Configuration (Directory Configuration)
Jabber User Configuration (IM&P and CTI)
* Full step by step config for Service Profile and UC Services in appendix
Jabber User Configuration on UCM 9.x / 10.x
1 2
Cluster A
Cluster B
Cluster C
Home IM&P
Cluster enabled
Jabber User Configuration
• Service profiles don’t provide access to all settings,
the client will download jabber configuration file
<Directory>
<BDIPrimaryServerName>dir.example.com</BDIPrimaryServerName
>
<BDIServerPort1>3268</BDIServerPort1>
<BDISearchBase1>dc=example,dc=com</BDISearchBase1>
<BDIConnectionUsername>cholland@example.com</BDIConnection
Username>
<BDIConnectionPassword>cisco</BDIConnectionPassword>
</Directory>
<Policies>
<EnableSIPURIDialling>True</EnableSIPURIDialling> • Keep your XML file simple!!!
</Policies>
</config>tip • Only specify the settings you need.
• Don’t specify default values.
• Test your XML file using a browser
You can view the current jabber-config.xml file at: • Test XML file operation with
http://{cucm}:6970/jabber-config.xml jabber-config-user.xml file.
Jabber Configuration – Configuration Sources
• During start-up Jabber clients will take
Service Profile Priority configuration from multiple sources
• Jabber builds a local configuration which is
IM&P SOAP populated from different sources
• Configuration sources have different priorities
Jabber-config.xml
with Service profiles highest
• Operating configuration can made up from
Bootstrap/Local
different configuration sources
• Configuration is created at parameter level
Configuration eg. LDAP Host from Jabber-config.xml
Operating LDAP user ID from Service profile
LDAP password from Service profile
Config
Cisco Jabber
Client Device Configuration
CUCM Trunks /
Devices Parameters
TFTP &
CCMCIP Settings
Jabber ID or “JID” Softphone

Configuration
CSF, TAB, BOT or TCT Device
3rd Party 3rd Party phone and CTI Remote Device

E&C Device
Device Types: Desk phone

Configuration
Cisco Phone / End point Association
CSF TAB TCT BOT CTIRD

Installing the Latest COP File Cisco always recommends to
install the latest COP file
Jabber for iPhone and iPad Jabber for Android

• COP File Name • COP File name
• iPhone: cmterm-iphone-install- • cmterm-
141122.cop.sgn android_9.6.0v11.cop.sgn
• Tablet: cmterm-jabbertablet-
141122.cop.sgn • Changes it makes:
• Adding the following devices settings: Video
Capabilities with the default value set to Enabled;
Dial via Office with the default value set to Disabled;
Secure phone related settings, e.g. CAPF
information
Creating CSF Devices on UC Manager
CSF Device (Soft Phone)
Example Device Names
CSFvsulikow
• Device Naming Convention
• Free form for Desktop (Any character [A-Z,0-9] up to 15 characters) CTIRDvsulikow
• CTIRD For E&C, BOT for Android and TCT for iPhone, TAB for Tablets
BOTVSULIKOW
• Required Device Parameters
• Parameters without default values TABVSULIKOW
(must be explicitly set)
• Device Name TCTVSULIKOW
• Device Pool, Phone Buttons Template, Device Security Profile, SIP Profile, Owner ID*
• Optional for Mobile: On-Demand VPN URL – Preset WiFi
Creating CSF Devices on UC Manager 10.x
CSF Device - Owner ID
• CUCM 10.x requires when you add a CSF / any device that you choose an owner ID
Extend and Connect – Requirements
• CTI Remote Device – device type represents User’s off-cluster phones. Device
type configured with one or more lines and remote destinations.
• Directory Number – numerical line address on CTI Remote Device (typically

User’s primary work number (e.g. 2000 or +1 408 200 2000).
• Remote Destinations – numerical address that represents User’s other phones

(e.g. Home, other PBX phone). May be any off-cluster device.
• DVO-R – Dial-via-Office-Reverse – call flow used to process new call requests

originated from remote destinations
*Detailed Config in Appendix

CSF Devices – Product and Client Settings
CSF Device (Soft Phone)
Settings:
• Video Calling
• File Type to Block
• URLS to Block
• Start in Phone Mode
• Control Tethered Phone
• Update URLs
Granular customisation can be done in jabber-config.xml file

Jabber Configuration – Policy Settings
Jabber Configuration file provides an increasing number of customisation settings.
• Update URL • Video Enable

• Persistent Chat Enable • Phone Selection
• URI dialling enable • Accessories Control
• Inactivity Status / Timeout • Local Address Book Search
• Away on OS Lock • Desktop share enabled
• Start Call with Video • Meetings Enabled
• Load on OS Start • Telephony Enabled
• Custom Tabs Controls • Voicemail Enabled
• Show Contact Pictures • Chat History Enabled
• Show Offline Contacts
• Docked Window
• Screen Capture Enable
• File Transfer controls
Configuring Associations
Device / Profile / Line Association (Deskphone Mode)
 Device and Service Profile must be associated to user

 Standard CCM User required for UDS / CCMCIP access
 Devices needs to be associated to user (created devices)

Cisco Jabber – On Premise Deployment
Client Configuration – User Rights
User Rights Groups
End user rights

Roles
Device control rights
Jabber ID or “JID”
Devices must be associated to user

Line needs to be associated to user
 Line Presence (this is configured on device)
Configuring Permissions on UC Manager
Group/Role Membership (Soft & Deskphone/Extend and Connect Mode)
 User be given required permissions on UC Manager
 Soft Phone required permissions

 Standard CCM End Users – Allows access to UDS / CCMCIP Service
 Desk Phone Control and Extend and Connect required permissions

 Standard CCM End Users – Allows access to UDS / CCMCIP Service
 Standard CTI Enabled
 Standard CTI allow control of Phones supporting connected xfer/conf
 Standard CTI Allow control of phones supporting Rollover mode
Dial Plan
Dial Plan Considerations
Directory Number Destination Number

+14085253777 883777
• If UC Manager dial plan does not match the LDAP dial plan you may need to use rules or translation
patterns.
• When initiating calls we
need convert E.164 numbers Application Dial Rules
to the UC manager dial plan Translation Patterns
• When receiving calls we
need to extend internal Directory Lookup Rules
numbers to E.164 PhoneLookupMasks
• Rules are created on CUCM and downloaded using TFTP
• A COP file must be applied to update dial rules
*Detailed config examples in appendix

SIP URI Dialling Overview
• URI can be a well known address such as email
address, IMAddress or UPN
• Cisco recommends using the same address for SIP
URI, email and IM
• No need to create number translation patterns
• Simplified Route Patterns
• Business to Business voice and video calling
• SIP URI calls can be initiated from search bar, contact
list, call history, Microsoft Office Contact Cards, TEL:
protocol handler, etc.
• Can be set as Call Forward address
• MUST BE ENABLED IN JABBER
Jabber Clients
SIP URI Dialling Use Cases
• Hub search area

• Drop down call menus
• Profile Window
• Call History
• Call forward
• Outlook integration
• Click2X Outlook integration
• Voicemail
• Tel: protocol handler
SIP URI Dialling Requirements
• CSF Device must be associated with a DN
• SIP URI is associated to DN and user
• 5 URIs can be associated to each CSF device
for receiving URI calls
helpdesk@example.com
• Tel protocol supported
• SIP protocol supported
sip:cholland@example.com
• SIP URI as Call forward address
• CUCM 9.1.2 and above

URI Dialling for Jabber – Config Requirements
• Assign URI either through directory sync (recommended) or

manually
• Assign/Create approriate Partitions and Calling Search Spaces
• Create Customised SIP Profile for URI Dialling
• Set Primary Extension Number
• Turn on URI Dialling
SIP URI Dialling - Directory Integration
• When a directory search is performed a
user’s SIP URI is returned
• Jabber will perform the search against a
LDAP WebEx
set attribute depending on directory Messenger
integration mail mail
• By default “mail” is the attribute used for msRTCSIP-primaryuseraddress imaddress

(must be prefixed with sip:)
SIP URI directory lookup
workphone
homephone
mobilephone
• If a different attribute is required for
directory lookup, it must be specified in
jabber-config.xml <Policies>
<DirectoryURI>sip:msrtcsip-primaryuseraddress</DirectoryURI>
</Policies>
URI Dialling Syncing from Active Directory
Directory URI associated with DN synced against mail or msrtcsip-primaryuseraddress
• mail – email address attribute

• Use when no Lync/OCS in domain
• msRTCSIP-primaryuseraddress-
Lync/OCS SIP URI attribute
• Only available where Lync/OCS installed
• May be useful in migration federation
scenario or Jabber-Lync interop via VCS
URI Dialling - After Sync with AD
• Non directory sync:

URIs assigned
manually
Directory URI
field
populated
Directory URI Alias Partition
• Route partition must be assigned to “Directory URI Alias
Partition” in Enterprise Parameters
• One single partition for all SIP URI Dialling
• SIP URI routing managed by SIP Route Pattern
• All SIP URIs (*.*) not found in CUCM cluster sent out to VCS cluster
• e.g. Jabber calling
Device Line Configuration
• Each CSF device requires a DN
• Even if using SIP URI Dialling Exclusively!!!
• Assign the appropriate Route Partition
• Assign the appropriate Calling Search Space

SIP Profile for URI Dialling
• Assign SIP profile created for URI Dialling to CSF device
• In SIP profile set
• Dial string Interpretation
• Set FQDN for SIP requests
• Enable any desired services

User Config…
Set primary extension number
Use Dn for configured route partition
Finally…
Enable SIP URI Dialling in Jabber config file (CSF device page if multiple
jabber-config profiles)
<Policies>
</Policies>
Making a SIP URI Call
Call toast
Calling a SIP URI

Example URI Dialling Options
Adding Visual Voicemail to Jabber
• Cisco Jabber can visually display voice Unity Connection
messages from Cisco Unity Connection (voicemail server &
mailstore)
• Voicemail Profile defines voicemail server &
HTTP connection information (user login)
VMREST / HTTPS
• MailStore Profile defines message store &
IMAP or HTTP (VMREST) TCP port
information
UC Services
IM & Presence
Service Profile Profile
Directory
Profile
CTI Profile
Voicemail
Profile
Conferencing
Profile
Recently Added
Telephony Features
Jabber 10.5+ Hunt Groups
• “Hunt Groups enable incoming calls to be directed to a

group of users”
• New tab to access Hunt Group Log in/Out checkbox
• Enabled via jabber-config.xml
• Tab also used for Call Pickup and Group Pickup
feature
Logged into Hunt Groups
Not logged into Hunt Groups

Jabber 10.5+ Hunt Groups
The incoming calls directed to a group of users, can
be routed based on a number of different schema,
including
• first available
• longest Idle
• broadcast hunting
• circular hunting
Hunt Groups can be used with deskphones, Jabber

client or a mix of both.
Hunt group login can be managed from Jabber client
Hunt Group Configuration
Call Routing -> Route/Hunt
1. Create Line Group

Set Hunt Options
Add DNs to Line Group
2. Create Hunt List and assign

Line Group
3. Create Hunt Pilot

Set Alerting Name
Set Route Options
Hunt Group Enablement and User Interaction
• Enabled by a new jabber-config key Logged into Hunt Groups
Not logged into Hunt Groups
<Options>
<EnableHuntGroup>True</EnableHuntGroup>
</Options>
Call Pickup / Group Pickup / Directed Group Pickup
• Call Pickup allows users to pick up incoming calls

within their own group.
• Group Pickup allows users to pick up an incoming
call to another associated group
• Directed Call Pickup allows users to pick up
incoming calls to another group by way of group DN
• Utilises same tab as Hunt Group
• Hunt Group is not a requirement
• Enabled in jabber-config.xml
Call Pickup Enablement
• Enabled by a new jabber-config key
<Options>
<EnableCallPickup>True</EnableCallPickup>
<EnableGroupCallPickup>True</EnableGroupCallPickup>
<EnableOtherGroupPickup>True</EnableOtherGroupPickup>
</Options>
Call Pickup Configuration
Call Routing -> Call Pickup Group
1. Create Call Pickup Group

2. Assign Call Pickup Group Number
used for Directed Call Pickup
3. Specify Alert
Audio and/or Visual Alert
4. Set Notification Timer
5. Set Call Display Information
Show Caller Information?
Show Called Party Information?
Device -> Phone -> Line Other available call pickup groups
1. Add line to Call Pickup Group that can be associated for Group
Pickup
Pickup a Call
Call Pickup
Pickup a call to a user in the same group
Click “Pickup” on toast or Hub Tab
Group Pickup / Other Pickup

Pickup a call to a user in another associated group
Call Pickup Group Number must be associated with
your Call Pickup Group on CUCM
Click “Other Pickup” on the Hub Tab
Directed Call Pickup

Pickup a call to a user in another
group (not associated)
Type the Call Pickup Group
Number into the text box and
click pickup
Recents list provides last 10 pickup numbers for quick access
Deskphone Mode Conversation Window Control
•In deskphone control mode, lifting a

deskphone handset may display Jabber
conversation window
•Display of the conversation window is now

configurable
•Admin configured or user preference to

show for all calls, video calls only or never
Deskphone Mode Conversation Window
• Avoid ‘Call window’ popup on off hook,
make call or answer call actions
• Admin/Enduser can specify one of three

preferences
Show conversation window on calls
Show conversation window on video calls
Never show conversation window
<CTIWindowBehaviour>onCalls</CTIWindowBehaviour>
jabber-config settings <CTIWindowBehaviour>onVideo</CTIWindowBehaviour>
(choose one) <CTIWindowBehaviour>Never</CTIWindowBehaviour>
Hide Call Toasts
• Hide “Sounds and Alerts” tab “Display alerts for…”
• “All incoming calls (if unchecked answer on another device)”
• If unchecked, call toasts for all incoming calls (including Hunt groups and Call pickup
toasts/notifications) will no longer be shown.
• Instead the user will be expected to answer the call on either another accessory/headset or
their deskphone.
• Jabber-config.xml key:
• ShowCallAlerts (Value: true/false)
This feature is unrelated to DND. It will effect your call toasts regardless of what your presence state is.
Hide Call Toasts
Call Alerts: Do Not Disturb
• Do Not disturb (red) presence state now applies to incoming calls

• No Ringer and no visual call notifications when in DND, call will appear as a missed call
in call history
• Both admin and user can change both ringer and notifications DND preferences
• For admin control Jabber-config.xml keys:
• DNDHideAlerts (true/false)
• DNDMuteRingtones (true/false)
*Currently independent of CUCM DND – setting DND on deskphone or CUCM self care
may not set Jabber DND
Do Not Disturb – User Controls
1.) “Do not show

incoming call alerts
when in “Do not
Disturb”
2.) “Do not play a

ringtone when in
“Do Not Disturb”.
Mute Before Answer
When in a calling state (i.e. before remote party has answered), you have the ability now to
Mute the call before it is answered by clicking on the mute button. Screenshot shows call in
ringing state before and after the mute button has been pressed.
Call in Ringing State Call in Ringing State with Mute button pressed
Native Jabber Accessory Support
• No separate plugins required for Jabra and
Logitech
• Including…
• Jabra Speak 450
• Jabra Handset 450
• Logitech C920-C
• Logitech K725-C
• Plugins add ~4MB to msi

• 10.5 – New plugin added for Plantronics
devices!!!
Plugins included in Jabber installer

Call Park on Mobile
• Parity feature with Jabber Voice 9.1

• Active call can be parked/retrieved on the
mobile device (smartphones & tablets)
• Supported in both full UC & phone-only mode - User dials the call
park directory number
• Directed Call Park* is not supported to retrieve the call.
- User parks the active call.

- Call park directory number
is displayed.
* Directed Call Park allows a user to transfer a call to an available user-selected directed call park number.
Demo
Video Features
Adding Video to Jabber
Cisco Jabber Video Engine (Desktop and Mobile)
 Cisco Jabber Video Engine is a H.264 AVC

standard based media engine
 Engine provides full HD interoperability
between Jabber desktop clients and
TelePresence solutions.
 Provides standard based audio
(G.711a/u, G.722.1, G.722, G.729a)
 Provides Video rate adaption and support for Cisco
ClearPath Media Resilience Mechanisms (Rate adaption requires RTCP)
 Supports frame sizes from QCIF to 720p HD at up to 30 frames per second.
Unified Communications Video
Cisco Jabber Video Engine
• Supported Encoding for transmit QCIF (176 x 144) @30fps

CIF (352 x 288) @30fps
w288p(512 x 288) @30fps
q720p (640 x 360) @30fps
VGA (640 x 480) @30fps
w448p(768 x 448) @30fps
w576p(1024 x 576) @30fps
w720p (1280 x 720) @30fps
• Client will decode any resolution within negotiated H.264 level

• Factors which influence video frame rates
• Camera / Light Conditions - Rate encoded by sender
• Network conditions - UC Manager configuration
• CPU and load on receiver - Rate Adaption (RTCP)
Video: Features
• Point to point video calling
• Ad hoc & Rendezvous multiparty video calling
(media resource must be presented)
• Video call over Wi-Fi or 3G/4G1
• Viewing shared desktop as composite video on
video conference bridge (BFCP Mobile support
with 10.6)
• Native interoperability with other Cisco video
endpoints from video enabled IP Phones to
TelePresence units
1 Video over mobile data network is disabled by default. It can be enabled in the client settings.
Updated Video Self View
• Ability to move self view video window

• Ability to resize self view video window
• Position and size remembered after sign
out of Jabber
Video GPU Offload and Audio Enhancement
• Jabber video rendering can be offloaded to system GPU
• Provides better quality video
• HW accelerated bi-cubic interpolation (smoother edges)
• CPU no longer used for video rendering
• Allows higher video resolution
• Frees up CPU power for other applications
• Decode/Encode is still performed by the CPU/software
• Requires
• DirectX 10/11 compliant GPU
• DirectX 11
• Windows 7 +
• If DirectX 10/11 compatible GPU not available
• Video rendering falls back to CPU/software based rendering
• Not supported on XP/Vista
• G.722 Codec support – wideband audio
Mobile Video: Codec and Resolution
• H.264 AVC standard based iOS Device Max Incoming Max Outgoing
iPhone 5S, iPad Air, iPhone 6,
1280*720@20fps, 1024kbps 1280*720@20fps, 1024kbps
• Audio codecs iPhone 6 Plus
iPhone 5, iPhone 5c, iPad 3, iPad 4,
• G.711a/u, G.722.1, G.729a 640*360@20fps, 512kbps 640*360@20fps, 512kbps
iPad mini 2
• Optimised for best video quality iPad 2, iPad mini, iPhone 4S, iPod 5 480*360@20fps, 384kbps 480*360@20fps, 310kbps
• Bandwidth Adaption
Android Device Max Incoming Max Outgoing
• Cisco ClearPath Media Resilience
Note Pro 12.2 1024*576@30fps, 384kbps 640*360@15fps, 384kbps
Mechanisms Tablet
Nexus 10 1024*576@30fps, 384kbps 256*144@15fps, 384kbps
• Mobile Architecture Optimisation
Note 3, S5, Note 2, S4,
S3(quad core), Nexus 5,
• Factors which influence video Xperia Z1/ZR/A/Z2, LG
640*360@15fps, 384kbps 640*360@15fps, 384kbps
quality G2, Moto G
• Network conditions Phone Xperia M2, Rugby Pro,
640*360@30fps, 384kbps 448*252@15fps, 384kbps
S4 mini
• CPU load
S3 (dual core) 448*252@30fps, 384kbps 448*252@15fps, 384kbps
• Unified CM configuration
S2 448*252@30fps, 384kbps 256*144@15fps, 257kbps
• Light conditions
Others 640*360@30fps, 384kbps 640*360@15fps, 384kbps
Real-time Call Statistics
• Active Call Statistics

• Dynamically Updates
• Audio
• Video
• Desktop Share
• Button to copy to Clipboard
• To launch…
• Conversation window must be in focus
• Ctrl + Shift + S
Real-time Audio/Video Call Statistics
• Display real-time call statistics while in call*
• Support in either portrait or landscape mode
• End user can:
• Take screenshot to save as a photo
• Copy/paste statistics data
• Email statistics from the statistics screen
* Once the call is ended, Problem Report is the

only option to retrieve the call stats.
Adding Video to Jabber
Desk Phone Video
• Jabber uses CDP protocol to

discover tethered Cisco Phone.
• CAST protocol is used to
negotiate video sessions based
on call setup (lip sync)
• Jabber controls the phone using

CTI protocol in desk phone mode
• CDP/CAST support is provided

by Cisco Medianet MSI installer.
(must be present)
Adding Video Desktop Sharing to Jabber
Configuring Video Desktop Share
• Jabber for Windows, Mac and Tablets* supports Binary Floor Control
Protocol (BFCP) for desktop sharing (RFC 4582).
• BFCP will encode a video stream of the senders desktop, this can be in
addition to a camera video stream.
• Video desktop sharing can be between Jabber client and Cisco Video
endpoints
• Requires UC Manager 8.6 and based
on version may require COP file
Device
Camera Video Stream Jabber
Client
Configuration or
SIP profile
Desktop Video Stream
EX
Series
Jabber Client
BFCP-Based Desktop Sharing on Tablets
• Can view BFCP-based desktop sharing on tablets

• Point to point or on a multiparty video bridge
Can quickly toggle

between the main Pinch the sharing
video screen & screen to zoom in/out
desktop sharing
screen by sliding the
screen left & right
Far End Camera Control (FECC)
Pan, Tilt, Zoom remote camera
Control remote camera from Jabber

(Far End must offer FECC
capabilities)
 Pan, Tilt, Zoom
Secure FECC
 FECC traffic is encrypted (NGE
based) when using TLS
Feature available on Desktop and

Tablet
Desktop platforms also support

keyboard short-cuts for camera
control, Control can be re-positioned
on screen
Subject to change
Conference Experience Enhancement
Bridge Escalations
• Jabber 11.0 clients provides enhanced
conference escalation
• Administrator can enable escalation
from group chat to bridge (DN/URI)
• Single click to escalate to conference,
user doesn’t need to merge individual
participants
• Escalation to single conversation view
(on supporting platforms)
• Example scenario: Telepresence server
with Conductor and TMS
(alterative bridge could be used)
Subject to change
Conference Experience Enhancement
Bridge Escalations
UC • Jabber sends
Manager conference join over
IM & XMPP with bridge
Presence
Escalate to Server DN/URI (transparent
5000@jab.com
(carried over XMPP)
Telepresence
to user)
Bridge
• Bridge destination can
be defined by admin
SIP:
Call to or user
5000@jab.com
• DTMF enhancement
enables pin entry
• Pre-11.0 Jabber
• User simply clicks call to escalate
clients receive IM
to bridge.
based join message
Subject to change
Admin enables feature in jabber-
config.xml file
Option 1
• User defines DN/URI
• User defines PIN (if required)
Option 2
• Admin defines static room naming
convention to clients
i.e. Meet%%UID%%@jab.com
Jabber-config.xml file provides
mask to construct room URI
• User defined PIN (if required)
No TMS integration at this time (future)
Subject to change
Jabber For Windows
Desktop Sharing
Jabber for Windows Sharing Options
1. Video Desktop Share (BFCP)
• Allows content sharing with video endpoints and in video sessions
• Only supported in Softphone mode
• Requires an Active Call
2. Desktop Screen Share
• Allows screen sharing and remote control of desktop in P2P session
• Works in all Jabber for Windows modes (deskphone, IM-only)
3. Desktop Share (Messenger)
• Works in Cloud mode* allows desktop share and remote control
JFW Screen Share (IM Only and Deskphone Mode)
Screen
• Screen share from an IM session share
• No requirement for active call button
• Support for multiparty screen share – up to 5

participants
• Support for Remote Desktop Control
• Independent of telephony mode
• Softphone mode and deskphone mode supported
• Protocols & Port Numbers

• IM Screen share capabilities negotiated through xmpp
session
• IM Screen share media selects a random TCP port
ranging from 49152 to 65535
Recipient can accept or
decline the share invitation
Jabber for Windows - Screen Share
• Sharer
• Notification displays who has joined the share
• Stop sharing button attached to top of screen
• Recipients - Share is displayed in a new

window
Ability to take over sharing (invite is sent)
Ability to request remote control – take over

sharing.
Ability to go full screen

Remote Desktop Control
• IM Only desktop share recipients can request to take

control of desktop share initiators remote desktop
• Initiator is prompted to accept the remote control
request
• Share recipient can release control
• Initiator can revoke control at any time
Jabber for Windows – Screen Share Behaviour
• From an IM Session:
• An IM only based screen share will be initiated
• From an active softphone mode call:

• A BFCP based screen share will be initiated (if enabled)
• If an IM only screen share has been initiated before a call:

• The IM only based screen share session will be maintained
• IM Screen share enabled by default

• Can be disabled using jabber-config.xml
<Policies>
<enablep2pdesktopshare>False</enablep2pdesktopshare>
</Policies>
Jabber for Windows – Share Screen
Share Screen
Now when:
- IM only mode
- Deskphone
mode
Jabber for Windows – Share Screen
Control of Share
available via
Docked Window
Take over Share

via Request
Control
Jabber for Windows Messenger Mode Sharing
• Client will receive pop-up
Options in the drop down are:

• Invite guest to share his or her desktop
• Invite guest to control my cursor
Jabber for Windows does not have the ability to share individual applications and will
share the entire desktop screen once data sharing begins
Demo
Automatic Configuration
Templates
Automatic Configuration with Templates
Overview
Manual Configuration UC Cluster
Administrator
Firstname: Alice Automatic Configuration

Lastname: Adams Based on AD information
Email: aadams@example.com
Phone: +49 811 5543 100 UC Cluster
Mobile: +49 172 0070071
Administrator
Automatic Configuration Templates
Device, Line and Feature Group Templates
• Universal Device Template – Device Specific Features, ie Device Pool, SIP Profile
• Universal Line Template – Line Specific Settings, ie Partition, VM Profile, CSS
• User Profile – Set the device and Line Templates
• Feature Group Template – Features, ie Service Profile, CTI enable, Mobility and EM
Creating Required Templates – Universal Device Template
Configure default values

and features for devices
Information can be
substituted with directory
information
Owner will be assigned

automatically
For Your
Automatic Configuration with Templates Reference
Universal Device Template Options
Automatic Configuration with Templates (10.x)
Creating Required Templates – Universal Line Template
• Line Description
• Route Partition
• Voice Mail Profile
• CSS
• Alerting Name
Plus other line specific settings ie DN and MoH
Automatic Configuration with Templates For Your
Reference
Universal Line Template Options
Automatic Configuration with Templates (10.x)
Creating required templates – User Profile
Assign Device and Line Templates to

the User Profiles
Feature Group Template
• Identify Home Cluster and

Enable Service Profile
• Set Service Profile
• Set CTI Control
• Enable Mobility
LDAP Synchronisation Agreement (10.x)
• Synchronise
attribute data.
• Assign Users to
Feature Group
Template
• Assign
extensions
based on
synchronised
phone number
Let’s Use the Templates to Enable a New User…
Let’s Use the Templates to Enable a New User…
Quick add allows to add multiple device for a user based on the template…
Now what has Happened in the Background?
Automatically assigned shared line and

device description and alerting name
Enabled IM&P and assigned profile,

device association and rights
BREAK
Mobile and Remote
Access
Cisco Expressway
A new gateway solving & simplifying business relevant use cases
Mobile
Teleworkers
• For Unified CM & Business Workers
TDM or
Edition environments B2B IP PBX
• Based on Cisco VCS Consumers

PSTN or
IP PSTN
Technology
Branch
• Standards-based
3rd
Parties Office
interoperability Cloud Analog

Devices
Services
X8.x Product Line Options
X8.x
VCS New Expressway

Offering
“VCS Control” “VCS Expressway” “Expressway C” “Expressway E”

No Change No Change Or Core Or Edge
• Specialised video applications for • Solution designed for and sold

video-only customer base and exclusively with Unified CM 9.1 and
advanced video requirements above (including Business Edition)
• Superset of X8.x features • Subset of X8.x features
• No additional cost for server software
• No changes to existing licensing
licenses
model
Branding Terminology Decode
Collaboration Edge
umbrella term describing Cisco’s entire collaboration architecture for edge
... features and services that help bridge islands to enable any to any collaboration…
…collaborate with anyone anywhere, on any device….
Cisco VCS
Existing product line option providing advanced video and TelePresence applications
Includes VCS Control and VCS Expressway
Cisco Expressway
New product line option for Unified CM and Business Edition customers, providing firewall traversal &
video interworking. Includes Expressway Core and Expressway Edge
Mobile and Remote Access
Feature available on both VCS and Expressway product lines with X8.1 s/w
Delivers VPN-less access to Jabber and Fixed Endpoints
Mobile and Remote Collaboration with Expressway
Simple, Secure Collaboration:
It just works...inside and outside the
network, no compromises
Jabber @
the café
Inside firewall DMZ Outside firewall Easy to use, easy to deploy:
(Intranet) Works with most firewall policies
Expressway
Collaboration
Services Internet Jabber @ True Hybrid: Supports on-
Home premise and cloud offerings
Unified Expressway Expressway simultaneously
CM C E
Jabber @ Standards-based
work Interoperability, Widely Adopted
Jabber @
Protocols
SFO, LHR
or PVG
Application Driven Security:
Fixed Remote Endpoints Allow the application to establish
(TC Series) security associations it needs
Cisco Jabber Remote Access Options
• Layer 3 VPN Solution
• Secures the entire device
and it’s contents
• AnyConnect allows users
access to any permitted
AnyConnect applications & data
VPN
• New Complementary
Unified CM Offering
• Session-based firewall
traversal
• Allows access to
Expressway collaboration applications
Firewall ONLY
Traversal • Personal data not routed
through enterprise network
Expressway Firewall Traversal Basics
Enterprise Network DMZ Outside Network
Unified Internet
CM
Expressway Firewall Expressway Firewall
C E Signalling
Media
1. Expressway E is the traversal server installed in DMZ. Expressway C is the traversal client installed inside the
enterprise network.
2. Expressway C initiates traversal connections outbound through the firewall to specific ports on Expressway E with
secure login credentials.
3. Once the connection has been established, Expressway C sends keep-alive packets to Expressway E to maintain the
connection
4. When Expressway E receives an incoming call, it issues an incoming call request to Expressway C.
5. Expressway C then routes the call to Unified CM to reach the called user or endpoint
6. The call is established and media traverses the firewall securely over an existing traversal connection
What can a Jabber Client do with Expressway?
A rich featured client outside the network
Access visual
voicemail
Inside firewall DMZ Outside firewall

(Intranet) (Public Internet)
Collaboration Instant Message

Internet
Services and Presence
Unified Expressway Expressway

CM C E Make voice and
video calls
Launch a web
conference
Share content
Search corporate
directory
Split DNS SRV Record Requirements
• _collab-edge record needs to be available in Public DNS
• Multiple SRV records (and Expressway E hosts) can be deployed for HA
• A GEO DNS service can be used to provide unique DNS responses by
geographic region
_collab-edge._tls.example.com. SRV 0 0 8443 expwy1.example.com.
_collab-edge._tls.example.com. SRV 0 0 8443 expwy2.example.com.
• _cisco-uds record needs be available only in internal DNS (available to

Expressway C at a minimum)
_cisco-uds._tcp.example.com. SRV 0 0 8443 ucm1.example.com.
_cisco-uds._tcp.example.com. SRV 0 0 8443 ucm2.example.com.
Protocol Workload Summary

(Intranet) (Public Internet) Protocol Security Service
SIP TLS Session Establishment –
Collaboration Internet Register, Invite, etc.
Services
Media SRTP Audio, Video, Content
Share, Advanced Control
CM C E HTTPS TLS Logon,
Unified CM IM&P Provisioning/Configuration,
Contact Search, Visual
Voicemail
Unity Connection
XMPP TLS Instant Messaging,
Presence
Conferencing Resources
HTTP Allow List
• By default all Jabber traffic to UC Manager and IM & Presence will be allowed to
traverse Expressway (SIP, XMPP, HTTP, RTP all over TLS)
• Jabber can connect to other services over HTTP
• Visual Voicemail
• Custom tabs
• Non UC Manager and IM & Presence HTTP services need to be added to the
HTTP server allow list on the Expressway-C so that the HTTP traffic can
traverse Expressway
Hybrid Deployment - Cloud Based IM&P

(Intranet) (Public Internet) Protocol Security Service
SIP TLS Session Establishment –
Collaboration Internet Register, Invite, etc.
Services
Media SRTP Audio, Video, Content
Share, Advanced Control
CM C E HTTPS TLS Logon,
Provisioning/Configuration,
webex Contact Search, Visual
Messenger Voicemail
Unity Connection
XMPP TLS Instant Messaging,
Presence
Conferencing Resources
Contact Search Considerations (on-premise IM&P)
• Jabber allows for multiple contact source
integrations
• LDAP Directory sync provides corporate

directory to Unified CM
(Intranet) (Public Internet) • User Data Services (UDS) is a Unified CM
RESTful API allowing for contact search,
among other things
Collaboration Internet
Services • All Jabber clients connecting via
Expressway will use UDS for contact
search
CM C E • Jabber clients deployed on-premise will
use LDAP or UDS for directory search
• Jabber clients will automatically use UDS

for directory search when connecting via
Expressway
LDAP • The entire corporate directory needs to be

sync’d on every Unified CM cluster for best
contact search experience
Contact Search Considerations (Cloud based IM&P)
• Jabber allows for multiple
contact source integrations
Inside firewall DMZ Outside firewall • LDAP Directory sync
(Intranet) (Public Internet) provides corporate directory
to Unified CM
Services
• Corporate directory is also
exported to WebEx
Messenger cloud
CM C E
• All Jabber clients will use
webex WebEx Messenger cloud as
Messenger a contact source for contact
search
LDAP
Media Path Summary Media Traversal
Unified CM provides call control for both mobile and on-premise endpoints • “C” calls “A” on-premise
• Expressway solution provides firewall
traversal for media
B • Expressway C de-multiplexes media
Inside firewall DMZ Outside firewall and forwards toward “A”
(Intranet) Media Relay
• “C” calls “B” off-premise
Services C • Media is relayed via Expressway C
Unified Expressway Expressway Optimised Media (roadmap ICE
CM C E support)
• “B” calls “D” off-premise
SIGNALLING
D
MEDIA • Both “B” and “D” are ICE-enabled
• STUN binding success
A
• Media flows are optimised between
endpoints
AnyConnect & Expressway Coexistence
• Customers that have deployed AnyConnect can also deploy Expressway Mobile
& Remote Access feature
• For the best end user experience, prevent all Jabber traffic from using the
AnyConnect tunnel
•  Active calls going though Expressway will be dropped if AnyConnect tunnel is
established mid-call
•  Expressway can provide Jabber client access to on-prem collaboration
services even with an active AnyConnect tunnel established
• Requirements to keep Jabber traffic going through Expressway
1. AnyConnect split tunnel providing connectivity to internal enterprise network only (not
including Expressway E)
2. Deny access (ASA DNS inspection) to the internal DNS SRV records (_cisco-uds &
_cuplogin) to AnyConnect clients
Jabber Telemetry Service
Telemetry Overview
• Jabber 10.5 introduced a new Jabber Analytics Capability, available for
Windows, Mac, Android, iOS
• Cisco is collecting anonymous usage data to monitor trends in Jabber
deployment, usage and performance to enhance and improve the product for its
Customers.
• Anonymous event driven Telemetry data is optionally sent from each Jabber
Client to Cisco’s own Analytics Service
• Replaces existing Google Analytics capability for Mac, Android, IOS \
• Privacy Statement - The Cisco Systems, Inc. Online Privacy Statement can be
accessed via the below URL
http://www.cisco.com/web/siteassets/legal/privacy.html
Jabber Telemetry Record Summary
Telemetry Record Description
Login Details of how long login took, login type, how services were discovered, discovery duration
Call Information about each call: duration, audio vs video, features used
media stream performance (resolutions, packet loss, codecs),
Voicemail Number of voicemails in inbox, number received, number played, number secure messages
IM&P Chat Type of chat (P2P, group, persistent) participant count, count of messages sent and received, number of file transfers and
screen captures
IM&P Session Number of Presence changes made (manual vs. automatic), number of status changes received, number of persistent chat
rooms created, joined, member of
IM Only Desktop Share Type of participant (viewer/sharer), number of viewers, resolutions, number of connection failures
Contacts Size of contact list, number of groups, number of Customer contacts, number and size of enterprise groups
Process Uptime, termination type (normal, crash), peak memory usage, platform resource usage
Upgrade Logged when version changes for new installs and upgrades. Captures old & new s/w version numbers
Idle Captures running but inactive clients. Logged if no other record is sent by the client in previous 24 hours.
Opt-Out Single event logged when an individual client disables Telemetry.
Install Installation success/failure, duration. (Jabber for Windows only)

Telemetry Record
Jabber Telemetry Data
Context
• Each Telemetry Record includes:
• Record Type Body
• Timestamp
• Context – information about the client that submitted the data including:
• Jabber product version
• Operating system version and platform information
• A unique identifier of the Jabber installation
• An optional customer identifier
• Body – the actual payload of data fields
Privacy
• Sending Telemetry data is optional at the Enterprise and Individual level – BOTH
Enterprise and Individual have to allow before data is sent
• No personally identifiable information is captured or sent – only a random unique
ID for each installed instance of Jabber client software.
• No Personal ID or Jabber account info. No Passwords.
• No location or domain information
• No dialled numbers or calling party info
• No Message destinations or originators
• No Call or Message content
• No Contact details
• Enterprises can optionally identify their own telemetry data
• All data is sent only to Cisco over a secure link using HTTPS. No option to send
data elsewhere
• Data is not shared with any third party
Analysis
• Aggregated data is used by Cisco to understand:-
• Adoption rates & trends in how Jabber is deployed
• Has Cisco provided sufficient value in the latest release?
• What are Customer trends in deployment models?
• On Premise vs Cloud?
• Desktop vs Mobile?
• Usage of various Jabber capabilities

• Which capabilities are most used
• How do Jabber users prefer to use the capabilities available?
• Where should Cisco invest to maximise Customer Value?
• Trends in Product Performance

• Are performance improvements delivering as expected
• Are there any unforeseen areas or situations where need improving?
Telemetry Service
• Telemetry is enabled by default in Jabber 10.5
The following root certificate must be present in the local machines’ certificate store to use the
Telemetry feature - GoDaddy Class 2 Certification Authority Root Certificate
• Telemetry service can be disabled

• Via Jabber installer transformation/configuration
• Via jabber-config.xml file
• Via Jabber file menu (end user disablement)
• A Unique Customer Identifier can be set so that telemetry data can be

filtered based on source of analytic information
• ID based on a string that identifies a customer or a common source of information
without identifying the customer
• If no unique identifier is set, Cisco cannot filter data based on deployment site
Telemetry Configuration (Disablement)
• Disabling telemetry at install time:
MSI transformation/bootstrapping (Windows),
msiexec /i CiscoJabberSetup.msi Telemetry_Enabled=False
URL Configuration (Mac, Android, iOS)
ciscojabber://provision?TelemetryEnabled=false
• Telemetry can be disabled any time via the jabber-config

<Policies>
<TelemetryEnabled>False</TelemetryEnabled>
</Policies>
• Telemetry can be disabled manually (enduser)

Telemetry Configuration (Setting Customer ID)
• A Unique Telemetry Customer ID can be set at install time:
MSI transformation/bootstrapping
msiexec /i CiscoJabberSetup.msi TelemetryCustomerID=CUSTOMER_GUID
URL Configuration (Mac, Android, iOS)
ciscojabber://provision?TelemetryCustomerID=CUSTOMER_GUID
• Telemetry Customer ID can be set via the jabber-config.xml file

<Policies>
<TelemetryCustomerID>Customer_GUID</TelemetryCustomerID>
</Policies>
Telemetry Configuration (Setting Unique ID)
• Telemetry Unique ID should be set so that Cisco can identify a complete unique
data set from a specific site
• Cisco recommends that Unique ID is set using one of two ways
• Reverse domain pattern
• Can be used to identify a specific data set
• Can be further utilised to identify specific geographic locations or functions within a unique site
• Global Unique Identifier (GUID)
• Randomly generated 32 digit hexadecimal string
• Can be used to identify a specific data set
• The benefits of setting a Unique ID include

• Customers can work with Cisco to determine Jabber deployment information and usage
statistics based customers sites telemetry data
Telemetry Configuration Examples
• Example 1 : Setting reverse domain based Unique ID via MSI installation/URL configuration
• Reverse domain method used to specify Americas and EMEA based locations within Example.com deployment
msiexec /i CiscoJabberSetup.msi TelemetryCustomerID=com.example.amer

msiexec /i CiscoJabberSetup.msi TelemetryCustomerID=com.example.emea
ciscojabber://provision?TelemetryCustomerID=com.example.amer
ciscojabber://provision?TelemetryCustomerID=com.example.emea
• Example 2: Setting GUID based Unique ID via jabber-config.xml

• GUID generated via http://guid.us. A number of GUID generation utilities are also available for Windows, Mac, Android and iOS.
<Policies>
<TelemetryCustomerID>b1382a2e-19dc-4a5f-878a-cb23adc72fe9</TelemetryCustomerID>
</Policies>
Telemetry Configuration
• On mobile devices telemetry service can be disabled when the device is
connected to a cellular network
• Disable telemetry service when on a cellular network via jabber-config.xml
<Policies>
<TelemetryEnabledOverCellularData>False</TelemetryEnabledOverCellularData>
</Policies>
• When this configuration is set, telemetry data will only be sent when the device
is connected to a Wi-Fi network
How Telemetry Data is Sent
• Telemetry data is temporarily stored in an internal event store
• Internal event store may be volatile memory or disk depending on size of data
• Transmission of telemetry data occurs when either
• Count of stored events reaches a threshold level
• Oldest stored event reaches a threshold age
• If transmission of data fails (cannot reach telemetry cloud service or

transmission is disabled by policy)
• Events will be stored in the event store for future transmission
• When transmission of data is successful events are erased from memory and
local disk
Telemetry Data Transmission Flow Data threshold
level reached
Store data Within

NO policy
to send
data?
YES
Event Store Send data
NO
YES
Data sent
Erase data successfully
?
Privacy Statement
• The Cisco Systems, Inc. Online Privacy Statement can be accessed via the
below URL
http://www.cisco.com/web/siteassets/legal/privacy.html
Jabber in Virtual
Environments
Deploying Jabber in a Virtual Environment
• Jabber for Windows can be deployed in Citrix and VMware environments
• IM & Presence and CTI deskphone control are supported in virtual deployments
– For softphone capabilities, VXME is required
Vendor Application *Version
Citrix XenDesktop 7.6, 7.5, 7.1,
Citrix **XenApp 7.6, 7.5, 6.5
VMware Horizon View 6.0, 5.3, 5.2
*Based on Jabber for Windows 10.6
**XenApp Published Desktop only
• Jabber stores configuration settings and call/chat history in local and roaming folder locations
– C:\Users\%current_user%\Cisco\Unified Communications\
– C:\Users\%current_user%\AppData\Roaming\Cisco\Unified Communications\
– These files should be written to file storage at the end of each session in non-dedicated VDI
deployments
Voice, Video, Virtual Desktop Challenge
• Hairpin Effect • Voice/Video embedded in
Data Centre the display protocol
Virtual Desktop • Media flow goes all the way
Display Protocol
back to data centre and
Media Flow back
Thin
Client • Heavy processing on virtual
Signalling
desktop in data centre
Cisco
Unified WAN • Bandwidth explosion
CM
• Latency and jitter
Signalling
• Display protocol and
Display Protocol
possible endpoint become
Media Flow unstable
Thin
Virtual Desktop Client
Convergence of VDI, Video, and Voice
Virtual Desktop User 1
Desktop Virtualisation
Display Protocol
VXME
Call Control
Signalling
RTP Media
WAN
Cisco Unified
CM
Call Control
Signalling
Desktop Virtualisation VXME

Display Protocol
Virtual Desktop User 2
Cisco Virtualisation Experience Media Engine
Data Centre Hardware Client – User 1
(Thin Client or PC)
HVD – User 1
Display
Virtual Channel Broker HVD
Agent
Virtual
Channel
Protocol
SIP
Cisco Jabber
Broker
Receiver
Virtualisation Experience VXME Plugin
Media Engine
Unified Presence
User 2
SIP
CTI Manager
Line
XMPP Signalling
CTI Signalling
Unified CM SIP Signalling
RTP Media (Voice, Video)
Display Protocol API / Virtual Channel
Citrix XenDesktop
DATA CENTRE
INSTALLED ON…
Citrix XenDesktop
Citrix Virtual Desktop Agent

Jabber
(VXME_Utils)
ICA/HDX
Citrix Reciever
VXME VXME (VXME)
Citrix XenApp Published Desktop
DATA CENTRE
INSTALLED ON…
Citrix XenApp Farm
Controller
Citrix XenApp Presentation

Server
Jabber
ICA/HDX (VXME_Utils)
Citrix Reciever
VXME VXME (VXME)
VMware View
DATA CENTRE
INSTALLED ON…
VMware Horizon View
Server
VMware Horizon View

Agent
Jabber
PCoIP (VXME_Utils)
VMware Horizon View
VXME VXME Client
(VXME)
Deploying VXME
• VXME can be deployed on Linux or Windows based endpoints
Operating System Platform Jabber/VXME version
Suse Linux D50D, Z50D, D50Q, Z50Q, Z50QQ 10.6
Windows 7, 8, 8.1 Hardware specifications based 10.5+
Windows Embedded Hardware specifications based 10.5+

7 (32/64 bit), 8 (64 bit)
• VXME 10.6 will require the following VDI receivers/clients

– Citrix 4.2
– VMware 3.2
• Minimum specs for Windows and Windows Embedded can be found in VXME
product documentation
– Video capabilities are dependent on CPU specifications
Single Sign-on
Users Think Jabber is Great…
…After the user is up & running
Login
* Dramatized for effect…

Jabber Setup Depends Too Much On User
• User must know….
• Their (different) password for:
• Jabber, CUCM, Unity, WebEx Meeting
• Details different depending on which Service variant

• CUCM
• IM & Presence
• Unity
• Webex
• After initial setup is finally working, Configuration breaks again with:
• Passwords change
• Infrastructure change
• User Moves, Adds, Changes
• User device replacement, refresh, re-image
Single Sign-On Definition
Single Sign-On (SSO) is a session/user authentication process that permits a user
to provide credentials only once in order to access multiple applications. The
process authenticates the user for all the applications they have been given rights
to and eliminates further prompts when they switch applications during a particular
session.
With SSO the barriers for deploying stronger authentication is much lower.
Authentication and Authorization
(AuthN and AuthZ)
The process of authorization is distinct from that of authentication. Whereas authentication is the process of
verifying that "you are who you say you are", authorization is the process of verifying that "you are permitted to
do what you are trying to do".
Your room key is your

authorization token to enter
My hotel room
your room and any
resource that you are
entitled in the Hotel
Me After authentication has

taken place, the
receptionist gives you a
room key.
Which Protocols Do We See in SSO Today
SAML is a set of standards that have been defined to share information
about who a user is, what his set of attributes are, and give you a way to
grant/deny access to something or even request authentication. Two
different organisation want to establish trust relations without exchanging
passwords
OAuth is more about delegating access to something. You are basically

allowing an application to impersonate you. It is used to grant access to
API's that can do something on your behalf. For example you want to
write an application that will use other applications like twitter, Gmail and
Google Talk.
More Terms…
• Identity Provider (IdP)
o A centralized indentification service
IdP: Identity
o Trusted service Provider
o Backended by Directory (AD, etc)
User
• Service Provider (SP)
o A service using the IdP to authenticate users
• User
o Wants to use the SP’s service SP: Service Provider
Eg CUCM
SAML Protocol Deep Dive
Firefox is Your Friend
Firefox allow you to have an add-on that can

decode SAML called SAML tracer
It allow you to get the flow of your SSO

interaction and also decodes SAML
CUCM SSO Configuration
System – SAML Single Sign On
SAML 2.0 Flow
Trust Agreement
IdP Identity
Provider
Metadata Exchange
SP Service Provider
Eg: CUCM
Obtaining Metadata
• CUCM - can be obtained from SSO Admin page or…
• https://[serverAddr]:8443/ssosp/ws/config/metadata/sp
• ADFS
• https://[serverAddr]/FederationMetadata/2007-06/FederationMetadata.xml
• OpenAM
• https://[serverAddr]:8443/openam/saml2/jsp/exportmetadata.jsp?entityid=https://[s
erverAddr]:8443/openam&realm=/
• Ping Federate (via Admin)
• “Manage all the SP”
• Export Metadata
CUCM SSO Configuration
System – SAML Single Sign On
SAML 2.0 Flow
Resource Request
IdP Identity
Provider
1
1. Resource Request
SP Service Provider
Eg: CUCM
SAML 2.0 Flow
Redirect with Authentication Request
3.GET with SAML

authentication request
IdP Identity
Provider
3
2. Redirect with SAML

authentication request
SP Service Provider
Eg: CUCM 2
SAML 2.0 Flow
Redirect with Authentication Request
3
SAML 2.0 Flow
Identify the User
4. Challenge the client for

credentials
IdP Identity
5. Provide credentials
Provider
• The mechanism for challenge the users is something

broader than just collaboration, it should comply to
the security policy for the application in the
organisation
4 5
• Any authentication mechanism, single or multi factor,
supported by the IdP will be supported by the
SP Service Provider
collaboration applications
Eg: CUCM
SAML 2.0 Flow
Post a Signed Response
IdP Identity
Provider
6. Signed response in HTML form

( this includes any attributes that are contracted )
7. POST signed response

7
SP Service Provider
Eg: CUCM
User Experience With
Different Mechanisms
On Premise Jabber Optimisations
• Jabber consumes services from different Cisco Applications ( CUCM,
connections, Webex ) .
• We can configure the service profile to use the same login credentials for
connecting to all the Cisco Applications.
• For WebEx meeting Centre or CWMS you need to make sure using SAML,
WebEx API’s or manual process the passwords are the same and you use
the same userID
Embedded Browser
OS Windows MAC iOS Android

Embedded Browser Iweb WebView UIWebView WebView
Browser Control API Browser2
Underlying IE Safari WebKit WebKit

browser
technology
Control shares Yes Yes NO NO

cookies with
native OS
browser
• Browser is a reasonable way that a Cisco

Login into Jabber  allows automatic Client can talk to IdP
login to other browser based • Browser delegates the authentication process
applications from the client to the browser
What SSO with Kerberos authentication will bring us ?
• Customer is only looking for Jabber for windows, and is not
planning to deploy any other version of Jabber
• Customer is not going to use in the future Jabber outside the
corporate firewall.
• The users login to their PC that is part of a AD Domain.
User Experience
• It’s is just magic credentials aren’t asked at all.
• If credentials are changed in AD there isn’t any need to provide
new credentials to the Collaboration clients
What SSO with certificate authentication will bring us ?
• Will require that the customer uses it own Enterprise CA or buy
certificates from a public CA.
• Specially useful for deploy in Mobile devices that run Cisco
Collaboration applications, assuming the customer already own and
MDM that will help in the certificates deployment.
User Experience
• It’s is just magic credentials aren’t
asked at all.
• If credentials are changed in AD there
isn’t any need to provide new
credentials to the Collaboration clients
What SSO with SmartCards authentication will bring us?
• Most secure way of providing authentication, but requires the OS
capabilities of “read” the smartcards.
• Smartcard isn’t much different from certificate authentication, major
difference is that the certificate isn’t local to the device but it is store in
the smartcard itself.
• Another difference is that a smartcard solution always use two factor
authentication, and needs a PIN, password or pass phase for the
second factor authentication.
User Experience
• A Pin/Password/Pass Phrase needs to be provided for the second factor
authentication.
• If credentials are changed in AD nothing changes in the normal login
process of the user.
What SSO with selecting different authentication
mechanisms based on device/OS/client will bring us?
• SAML is a HTTP based which means that all the authentication
request to the IdP comes with an User-Agent, based on that user
agent we can select different kind of authentication.
• Will remove restrictions that we had on specific some
authentication protocols on specific Devices/Operating Systems.
• Best compromise from user experience considering, security and
variety of devices that our collaboration clients run on
User Experience
• Depends what which authentication mechanism is chosen for each
device/application
Single Sign On with MRA
Edge SSO Solution  SAML 2.0 compliant IdP
IdP Overview  Must be externally reachable

 Deployment options include IdP proxy
or federated identity service.
Collaboration Services
Unified Call Manager (UCM) Internal Network DMZ External Network

Unified CM IM&P
AD DNS
Unity Connection
Conferencing Resources EXPWY-C EXPWY-E

Identity Internet
Infrastructure
UCM
Jabber 10.6
IdP IdP
Proxy
OpenAM
example SAML 2.0 IdPs

Edge SSO Solution Components
Minimum Software Requirements
Component Min Software Version

Cisco Expressway or Cisco VCS X8.5
Unified CM 10.5(2)
Unified CM IM&P 10.5(x)
Unity Connection 10.5(x)
Jabber for Windows 10.6
Jabber for iPhone and iPad 10.6
Jabber for MAC 10.6
Jabber for Android 10.6
Cisco Jabber Guest &
SDK
Jabber Guest vs Jabber SDK
Jabber Guest Jabber SDK
Any external customer Internal employee
(CUCM registered)
Jimmy Kimmel Live!
Guest & Fan Appearances via Jabber Guest
http://blogs.cisco.com/news/jimmy-kimmel-live-reimagines-the-fan-experience-with-cisco
Jabber Guest External Directory
http://www.barkwood.org/Directory.html
Jabber Guest Call Flow
Home Internet DMZ Enterprise
Expressway Edge/ Expressway Core/
VCS -E VCS -C
Jabber® Guest
Cisco UCM
HTTP-based Jabber Guest …

call control (ROAP)
SIP • Serves up Javascript call control based on URL
RTP/SRTP • For mobile, uses Cisco app from app store or integrates it into third-party app
STUN/TURN • For laptop browsers, initiates H.264 plugin install as needed for Cisco or 3rd-party Web app
• Converts HTTP call request to SIP INVITE
Pervasive Cisco UC in Business Process Applications
 Jabber SDK APIs: XMPP (CAXL) & Web Phone (AJAX)
• UC, Collaboration, Video capabilities everywhere
• Example only – an ISV or IT Pro could do the project
Presence
enabled
IM / Chat
enabled
Click 2 WebEx
enabled
Click 2 Call
enabled
Click 2 Video*
enabled
Cisco Jabber Video Capabilities
• Single voice and video call control platform
• H.264 AVC standard based media library
o Designed to handle voice and video tasks
o Developed by Tandberg for the Movi offer
o Using in Jabber Clients and Jabber Web SDK
• Business Benefits
o HD Video of extraordinary quality
o Use common PCs & Macs (dual core)
o Resilient adaptation in wide variety of network conditions (e.g. ClearPath)
o Audio codecs; G.711a/u, G.722, G.729a
o Frame size QCIF to 720p based on attached camera
Video-enable Web Pages in 5 Minutes
http://developer.cisco.com/web/jabber-developer/uc-enabel-your-webpage-under-5-minutes-video
Jabber
Anywhere
Anytime
Continue Your Education
• Demos in the Cisco Campus
• Walk-in Self-Paced Labs
• Meet the Expert 1:1 meetings
Q&A
Complete Your Online Session Evaluation
• Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner
will receive a $750 Amazon
gift card.
• Complete your session surveys
though the Cisco Live mobile
app or your computer on
Cisco Live Connect.
Don’t forget: Cisco Live sessions will be available
for viewing on-demand after the event at
CiscoLive.com/Online
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
• Related sessions
Thank you
Presence
On Premise - Appendix
Instant Messaging & Presence – On Premise
Configuring Cisco UCM LDAP Sync – Example: Microsoft Active Directory
Configure directory type and LDAP attribute for User ID
By default Cisco UCM will use the User ID as the left-hand portion of the user’s URI
<User ID>@<default domain>
Cisco UCM Advanced Configuration (Directory URI) allows independent between User ID and User URI
sAMAccountname = tneumann, User ID = tneumann
Mail = tobias.neumann@global.de, User URI = tobias.neumann@global.de
Configure LDAP sync statement
Additional custom fields can be imported
Example shows Cisco UCM Advanced Configuration
(Directory URI) mapped to mail attribute in LDAP
mail = tobias.neumann@global.de
User URI = tobias.neumann@global.de
Cisco UCM supports multiple LDAP sync

statements to accommodate complex
environments
Optional: Configure authentication against corporate
directory
When not using Single Sign-On (SSO), recommended to
configure Directory Authentication
Single authentication connection for all configured LDAP
sync statements
When multiple LDAP sync statements are used
authentication configuration must be able to authenticate
all synchronised users.
Directory trust configuration potentially required when
synchronising with multiple directory controllers
Configuring Cisco UCM IM&P Base Services
Create an UC Service for Instant Messaging and
Presence
Recommended to use FQDN of UCM IM/P Node
For High Availability repeat this step, creating an
additional UC Service for redundant nodes
Configuring Cisco UCM IM&P Base Services
Create Service Profile
For Instant Messaging and Presence only the that
section of the Service Profile needs to be configured
Associate the UC Services created in the pervious step
with the Service Profile
Configuring Cisco UCM SIP Publish Trunk
Cisco UCM provides presence information about a users communication devices to the presence
engine. This information is independent of the users logon status. A user can be shown offline (not
logged into Cisco Jabber). The system will still show if the user is making a phone call on one of his
associated devices.
Create SIP trunk between Cisco UCM and UCM IM&P
SIP Publish Trunk

Cisco UCM Service Parameter – Select Publish Trunk
In a single server environment the publish trunk can be

configured using destination UCM IM&P FQDN or IP address.
For a multi node HA environment a “little” more configuration is
required… (see next slides)
Configuring Cisco UCM SIP Publish Trunk – Multi Node Environment
SIP Publish Trunk using DNS SRV records allows for bi-directional redundancy
cucm01-bc.bootcamp.com cup01-bc.bootcamp.com
Redundant
SIP Publish Trunk
SIP Trunk Destination SRV presence.bootcamp.com
cucm02-bc.bootcamp.com cup02-bc.bootcamp.com
Required DNS configuration: Required DNS configuration:

Domain bootcamp.com Sub-Domain presence.bootcamp.com
SRV_sip._tcp.bootcamp.com SRV_sip._tcp.presence.bootcamp.com
A cucm01-bc.bootcamp.com A cup01-bc.bootcamp.com
A cucm02-bc.bootcamp.com A cup02-bc.bootcamp.com
Configuring Cisco UCM IM&P Enabling Users for Instant Messaging & Presence
Following options are available to enable users for IM&P services:
 Template configuration upon import from LDAP directory (configured in the LDAP sync statement)
 Enable User for IM&P from Cisco UCM End User Configuration
 Bulk Administration Tool
When enabled from the End User the administrator can:

 Specify a Service Profile for the user
 When not specified the system will use the Default Service Profile configured
Activation of licensed features from the End User configuration page will automatically assign the required
licenses from the Prime License Manager. Instant Messaging and Presence users are free of charge
under the Cisco Jabber for Everyone program.
Configuring Cisco UCM IM&P Policy Configuration
Policy can be managed by the administrator Functionalities availble:
 Template configuration upon import from LDAP directory (configured
in the LDAP sync statement)
 Enable User for IM&P from Cisco UCM End User Configuration
 Bulk Administration Tool
When enabled from the End User the administrator can:

 Specify a Service Profile for the user
 When not specified the system will use the Default Service Profile
configured
Activation of licensed features from the End User

configuration page will automatically assign the required
licenses from the Prime License Manager. Instant
Messaging and Presence users are free of charge under
the Cisco Jabber for Everyone program.
Enhanced Directory Integration – Customer Directory Access Parameters
Connection Attribute Map Authentication

Settings CommonName Nickname UseWindowsCredentials
FirstName PostalCode ConnectionUsername
Connection Type
LastName State ConnectionPassword
UseSecureConnection
EmailAddress StreetAddress
UseSSL
PrimayServerName
SipUri PhotoURI
Search
BusinessPhone CompanyName
Port1 SearchBase1
HomePhone UserAccount
SecondaryServerName SearchBase2
OtherPhone Domain
Port2 SearchBase3
PreferredNumber Location
BaseFilter
Title
Contact Source Example Configurations
• Common access account
<UseWindowsCredentials>0</UseWindowsCredentials>
<ConnectionUsername>ldap_user</ConnectionUsername>
<ConnectionPassword>ldap_password</ConnectionPassword>
• Search specified OU
<SearchBase1>ou=employee,dc=example,dc=com</SearchBase1>
• Exclude defined entry based on attribute

<BaseFilter>(&(objectCategory=person)(UserAccountControl:1.2.840.113556.1.4.803:=2)</BaseFilter>
• Use alternative attribute for phone

<BusinessPhone>aNonDefaultTelephoneNumberAttribute</BusinessPhone>
<MobilePhone>aNonDefaultMobileAttribute</MobilePhone>
<HomePhone>aNonDefaultHomePhoneAttribute</HomePhone>
<OtherPhone>aNonDefaultOtherTelephoneAttribute</OtherPhone>
• Note: Jabber-config.xml file also holds a number of other configuration

parameters, alternative files can also be defined by administrator.
Contact Sources and Directory URI, Multi Domain (EDI & BDI)
Jabber needs to be configured to use SIP URI to resolve contacts when flexible
JID is used
<Directory>
<UseSIPURIToResolveContacts>True</UseSIPURIToResolveContacts>
<SipUri>mail</SipUri>
</Directory>
<Policies>
</Policies>
</config>
Contact Source Example Configurations
UDS Record source is configured in Cisco UCM via jabber-config.xml file
<Directory>
<DirectoryServerType>UDS</DirectoryServerType>
<UDSPhotoURISubstitutionEnabled>True</UDSPhotoURISubstitutionEnabled>
<UDSPhotoURISubstitutionToken>uid</UDSPhotoURISubstitutionToken>
<UDSPhotoURIWithToken>http://10.53.54.240/staff/%%uid%%.jpg</UDSPhotoURIWithToken>
</Directory>
</config>
Contact Photo Sources
EDI Photo Service Configuration – XML file settings
• Number / Name resolution should be configured/operational
• Use custom configuration settings to configure photos
• Directory method
Photo Parameters Example Value
PhotoSource Client will parse attribute to binary object or URI
• Substitution method
Photo Parameters Example Value
PhotoUriSubstitutionEnabled True
PhotoUriWithToken http://photosvr/dir/sAMAccountName.jpg
PhotoUriSubstitutionToken sAMAccountName
Contact Photo Sources – Uploading Pictures into AD using Ex2010 PowerShell
Exchange 2010 or higher provides a PowerShell cmdlet to upload pictures into Active Directory as
binary objects – no 3rd party tools requried
• When used in production environments please verify implications on directory partition size and
directory replication
• Pictures can have a maximum size of 10 KB
Import-RecipientDataProperty –identity <username> -picture –filedata ([Byte[]$(Get-Content –Path “<full
qualified path to picture file>” –encoding byte –readcount 0))
Example: Username
Path to picture file

Verify correct upload of pictures into Active Directory
User either Active Directory – Users and Computers or ADSI Edit to access the directory attribute editor
Word of Warning! Edit access to AD objects without many safeguards – handle with care & use @own risk
Before Upload of Pictures After Upload of Pictures
thumbnailPhoto – populated with

binary picture data
thumbnailPhoto – empty
Make sure filter is not checked
Partitioned Intradomain Federation – message routing Lync
① Client requests to initiate
Active Directory
communication with
1 bob@company.com
② Lync identifies user as not local
3 from user database
4 ③ Lync routes all none local users
via SIP trunk (incl. mistyped
URIs) – Cisco UCM will handle
possible routing loops
Lync Client Lync Front End UCM IM&P Cisco Jabber ④ Cisco UCM IM/P deliver
message after conversation
from SIP to XMPP to Jabber
SIP Routing client
SIP
2 XMPP
bob@company.com
alice@company.com
Partitioned Intradomain Federation – Lync address book
New Cisco Jabber user

Active Directory UCM Cluster
LDAP sync john@company.com
Lync enabled users

imported to addressbook
Lync only imports RTC enabled into
addressbook
Lync Adressbook
Server For new Cisco Jabber users never
LDAP configured on Lync before migration –
msRTCSIP-primaryuseraddress must be set
Addressebook download to
client User imported with msRTCSIP… attribute
Lync Client Cisco Jabber imported into Lync addressbook – new Cisco
Jabber user searchable for Lync users
User imported with msRTCSIP… attribute
imported into Cisco UCM via LDAP sync
alice@company.com
Real-time
Communications
Appendix
Cisco Jabber – Cisco UCM Solution Create UC Profiles –
IM&P Profile
An IM&P Profile defines the different IM&P nodes which users can be assigned.
Creating
Service Directory
Profile – Directory
Service Service UC Services
IM & Presence
• Specific Directory Source to use Directory
Profile*
• If using both EDI and BDI recommended to add two directory services
one for EDI and one for BDI CTI Profile
• Add EDI as primary and BDI as secondary in Service Profile
Voicemail
Profile
Conferencing
Profile
User Management > UC Settings > UC Service (Directory)

Service Profile – CTI Service
Creating CTI Service
UC Services
• Desk phone and E&C require CTI configuration Service Profile

IM & Presence
Profile
• Additional profiles can be created to distribute Directory
CTI Load Profile*
• Users must have CTI group membership (Standard CTI)
CTI Profile
• Users must be associated to a profile (unless default)
Voicemail
Profile
Conferencing
Profile
Presence Server 8.x

CTI Profile created on CUP
Presence Server 9.x
CTI Profile created as part of
UC Service profile on UC
User Management > UC Settings > UC Service (CTI) manager
Service Profile – Voicemail Service
Creating Voicemail Service
UC Services
IM & Presence
• Voicemail Service provides access to Unity
Connection messages Directory
Profile*
• Users must have appropriate Class of Service
CTI Profile
configured to access messages
Voicemail
Profile
Conferencing
Profile
User Management > UC Settings > UC Service

(Voicemail) (MailStore)
Service Profile – Conferencing Service
Creating Conferencing Service
UC Services
• Conferencing Service can be created to use IM & Presence
Service Profile
WebEx or MeetingPlace Profile
Directory
• Can optionally use WebEx SSO Profile*
CTI Profile
Voicemail
Profile
Conferencing
Profile
User Management > UC Settings > UC

Service (Conferencing)
Service Profile for UC Services
Service Profile
UC Services
• Services chosen and config details added for IM&P, IM & Presence
Service Profile Service
Directory, CTI, Voicemail and Conferencing Directory
Service
CTI Service
Voicemail
Service
Conferencing
Service
User Management > UC Settings > Service

Profile
UC Services
Configure Primary, Secondary and Tertiary CTI Service Profile
IM & Presence
Services (CTI Services) for CTI load balancing and Service
redundancy Directory
Service
CTI Service
Voicemail
Service
Conferencing
Service
Service Profile – Voicemail Service
UC Services
• Configure voicemail and mailstore parameters Service Profile
IM & Presence
Service
• Choose voicemail service created, credentials source, Directory
inbox, trash and polling interval Service
• Uncheck dual folder mode if want to force single folder CTI Service
Voicemail
Service
Conferencing
Service
Service Profile – Conferencing Service
UC Services
• Chose Conferencing Services Service Profile
IM & Presence
Service
• Certificate Verification can be self signed or keystore or Directory
keystore only Service
• Choose credentials source if not set can be configured in CTI Service

client
Voicemail
Service
Conferencing
Service
Cisco Jabber – Cisco UCM Solution Create Service Profiles
Fitting it all together – the administrator can create service profiles for different groups
of users allowing them access to different UC services.
Creating Config Profiles on Presence Server
CCMCIP Service - [ Configured on Presence Server for On-Premises]
No longer required when UDS and _cisco-uds SRV record is available
• CCMCIP service is used to learn about the devices associated to the logged in user.
• The CCMCIP provides an HTTPS based service for user/device association information.
• A profile is required to define where the CCMCIP services are located.
• To login to CCMCIP user must be a member of “standard CCM User group”
• Users must be associated to profile (unless default)

Creating Config Profiles on Presence Server
Configuring TFTP Server – [Configured on Presence Server for On-Premises]
No longer required when UDS and _cisco-uds SRV record is available
• Configured on CUP server in CUPC Settings

• TFTP Server is used to download:
• CNF configuration file when using soft phone mode
• Custom Configuration file for Enhanced Directory integration
• Application Dial rules (if configured)
• Directory Lookup rules (if configured)
Extend and Connect – Configuration
Some Definitions
• CTI Remote Device – device type represents User’s off-cluster phones. Device
type configured with one or more lines and remote destinations.
• Directory Number – numerical line address on CTI Remote Device (typically

User’s primary work number (e.g. 2000 or +1 408 200 2000).
• Remote Destinations – numerical address that represents User’s other phones

(e.g. Home, other PBX phone). May be any off-cluster device.
• DVO-R – Dial-via-Office-Reverse – call flow used to process new call requests

originated from remote destinations
CTI Remote Device
User Enabled for Mobility
• User accounts need

Mobility Enabled
• Check ‘Enable Mobility’
under Mobility
Information
Creating CTI Remote Device on UC Manager
CTI Remote Device (Extend and Connect)
CTIRDvsulikow
(automatically created)
• CTI Remote Device type represents user’s remote device(s)
• Select the Owner User ID
• User ID can only be selected if enabled for mobility
• Owner ID
• Device Pool
• CSS (optional in 10.x)
CTI Remote Device on UC Manager
Calling Search Space
• To receive and place calls from the CTI Remote Device,

configure the Rerouting Calling Search Space (CSS), which
may be the same as the device CSS (required in 9.x)
CTI Remote Device –
Add Remote Destination
• Remote Destinations represent User’s off-

cluster devices
• Users have ability to Add/Edit/Delete
Remote Destinations directly from Jabber
client
Destinations added from Cisco Jabber are verified
to be routable (using Application Dial Rules and the
Dial-plan) before they are saved
• Administrators may pre-configure Remote

Destinations on behalf of the User, if desired
Destinations added CCMAdmin are not verified
Name must be set as ‘JabberRD’ to use with
Jabber clients
Add Remote Destination
Outbound Call Dial-via-Office Timers
• Answer Too Soon Timer:
When an outbound DVO call to the
Remote Destination is answered
before the too soon timer expires, the
call on the Remote Destination will be
disconnected.
• Answer Too Late Timer:
When an outbound DVO call to the
Remote Destination is not answered
before too late timer expires, the call
on the Remote Destination will be
disconnected.
• Delay Before Ringing Timer:
Delay before calls are routed to the
Remote Destination.
Extend and Connect – Client Settings
• Select “Use other number for calls” to start Extend &
Connect mode
• New mode appears after CTI Remote Device is added to Unified CM
• “Use default number” specifies use Administrator configured

remote destination
• “Edit number” allows User to configure new remote
destination
Use default from

Unified CM Administration User can Edit Number
Determining Active Remote Destination
Cisco Jabber – Extend and Connect
• New Icon indicates Extend & Connect mode

• Option appears after Administrator creates the CTI Remote
Device type and associates it with the UserID
• Active Remote Destination is indicated with a

check mark
Determining Active Remote Destination
Unified CM Administration – Extend and Connect
• Administrators can determine which (if any) remote destinations the Jabber
client has set as ‘Active’ from Unified CM Administration UI
DVO-Reverse
Dial via Office – Reverse
• Make business calls over mobile voice network using company's telephony infrastructure
• Signalling through IP interface while call media traverses the mobile voice network
1. User selects the contact or dials the destination

PSTN number
2. Cisco Jabber signals to Unified CM over the IP
interface
5
3. Unified CM makes a call to the configured Mobility 2
Identity number (usually the user’s mobile number)
3 4
4. After the user answers the call from Unified CM,
Unified CM makes another call to the destination 1
PSTN number the user dialed
5. Once the call is answered at the destination PSTN
number, the user and the destination PSTN number
get connected
Jabber Mobile DVO Support
Dial via Office 1 – Cisco Jabber for iPhone/Android/E&C
• Set up Unified CM to support DVO

 Set up Enterprise Feature Access Number
 Set up Mobility Profile
 Verify device COP file version
 Create Application Dial Rule to allow correctly route calls
• Set up DVO for each device
 Add a Mobility Identity for each user
 Enable DVO on each device
 Verify Mobile Connect works
1 The Dial via Office feature is available on Unified CM Release 8.6 and later. Only DVO-R is supported by jabber at the moment
Mobility Identity
Mobile Identity provides the mobile device settings

Suggested Timers:
Answer Too Soon – 3000
Answer Too Late – 20000
Check the enable mobile connect boxes

DVO-R Experience on Jabber1
• Calling Options
• Preset to Voice over IP by default
• Select Mobile Voice Network to always
use DVO-R
• Select Autoselect to use VoIP when
connects to Wi-Fi and DVO-R when
connects to 3G/4G
• DVO Callback Number
• Preset to the Mobility Identity (typically
configured as users’ mobile phone
number)
• User can change to an alternate number
• When DVO-R call is placed, the user

will receive the callback from CUCM
1 Not supported when connecting over the expressway
DVO-R Alternate Callback Number
1. User selects the contact or dials the destination
PSTN number
2. Cisco Jabber signals to Unified CM over the IP
interface
2 5 4
3. Unified CM makes a call to the user defined
alternate callback number 1
4. After the user answers the call from Unified CM, 3
Unified CM makes another call to the destination
PSTN number the user dialed
5. Once the call is answered at the destination PSTN
number, the user and the destination PSTN number
get connected
Mobile Feature Access Number and Mobility Profile
Dial via Office - Reverse
Call Routing > Mobilty > Enterprise Feature Access Number
Call Routing > Mobilty > Mobility Profile

TAB Device (Tablet Softphone)
Example Device
Names
TABVSULIKOW
• Device must start with TAB and be in all caps or numeric (username)
• Parameters without default values
• Device Name, Device Pool, Button template
• On-Demand VPN URL – Preset WiFi *
TCT Device (iPhone - Softphone)
TCTVSULIKOW
(username)
• Device must start with TCT and be in all caps or numeric

• Device Name, Device Pool, Button template
• On-Demand VPN URL – Preset WiFi *
BOT Device (Android - Softphone)
BOTVSULIKOW
(username)
• Device must start with BOT and be in all caps or numeric BOT112442
• Required Device Parameters (workstation name)
(must be explicitly set) BOT489232
(Directory Number)
• Device Name
• Device Pool, Phone Buttons Template, Device Security Profile, SIP Profile
SIP Profiles for Jabber Mobile Clients
Voice/video calling with Unified CM – Dedicated SIP Profile
SIP Profile Jabber for iPad SIP Jabber for iPhone Jabber for Android
Parameters Profile SIP Profile SIP Profile
Timer Register Delta
120 Use Default 120
(seconds)
Timer Register 720
720 720
Expires (seconds)
Timer Keep Alive
720 720 720
Expires (seconds)
Timer Subscribe
21600 21600 21600
Expires (seconds)
Timer Subscribe
15 Use Default 15
Delta (seconds)
New SIP Profile for Mobile Devices available in CUCM 10.x

UC Manager Dial Plan Considerations
Dial Plan Mapping
CUCM 10.x CSS Inheritance Configuration
• New translation pattern attribute (“Use Originator's Calling Search Space”)
CSS is empty!
Effect of CUCM 10.x CSS Inheritance
• W/o CSS Inheritance: dialing • W/ CSS Inheritance: dialing
normalisation patterns per CoS normalisation re-used
(and site)
UC Manager Dial Plan Considerations
Using Phone Masks for Formatted Strings
• A phone mask can be used if your directory has formatted number strings
in phone attributes
• A phone mask can be used to add brackets, spaces, dashes and other
character to a number string before a search
• +(1) 408 555 0100
• +1-510-5550101
• A phone mask is a client configuration parameter and is part of the EDI
custom directory configuration
Phone mask
PhoneNumberMasks +1408|+(#) ### ### ####|+1510|+#-###-#######
• Single parameters supports multiple masks, format is area code (pipe)

mask. Use pipe for additional masks.
Video Rate Adaption
Enabling RTCP on UC Manager
• Device > Device Settings > Common Phone Profile
The Product specific

configuration layout on
certain devices allows
this to be overridden.
Example 9971 has a

device level RTCP
option.
Adding Voice & Video to Jabberr
Multi-Party Voice & Video Calling
• Jabber clients support multi-party

conferences
• Ad-hoc conference uses Media
groups in UC Manager
• Conference capability will depend on
DSP architecture available in media
resource group
• Audio only
• Audio and video
• DSP provided by
• Software bridge only
• Router DSP Farm
• Multi-point conference unit
• Virtual or dedicated TelePresence Server
• Scheduled video conferences call also supported
Adding Multi-party Adhoc Video Resources
Media Resources > Conference Bridge
Add to Media Resource Group

Adding Multi-party Adhoc Video Resources
Media Resources > Media Resource Group List
Add MRGL directly to devices or to device pool

Voice and Video for Mobile Clients
System SIP Parameters (Mobile devices)
• SIP Trying Timer: 1000ms
• It specifies the maximum time that Unified CM will wait to receive a 100 response to an
INVITE request
• SIP Dual Mode Alert Timer: 4500ms
• It controls if and when to reroute the call via the configured mobility Identity
System -> Service Parameters -> Cisco CallManager

Clusterwide Parameters (Device – SIP)
UC Configuration on WebEx Messenger Admin
Administrator can define

multiple “cluster” profiles
Cluster profile contains UC manager

and Voicemail settings
For advanced clusters individual server

nodes can be defined for TFTP, CTI and
CCMCIP
Device Requirements for Jabber Mobile Clients
Voice/video Calling with Unified CM – Setting up the Mobile Devices
Jabber for iPad Jabber for iPhone Jabber for
Android
Phone Type Product Type Cisco Jabber for Cisco Dual Mode for Cisco Dual Mode
Tablet iPhone for Android
Device Protocol SIP SIP SIP
Device Name TAB<UserID> TCT<UserID> BOT<UserID>
e.g. TABVSULIKOW e.g. TCTVSULIKOW e.g. BOTVSULIKOW
SIP Profile (created by admin) iPad SIP Profile iPhone SIP Profile Android SIP Profile
Enable LDAP User Enable Enable Enable

Authentication 1
LDAP Username 1 Common user with Common user with read- Common user with read-
read-only Permission only Permission only Permission
LDAP Password 1
LDAP Server 1 LDAP server IP Address LDAP server IP Address LDAP server IP Address
LDAP Search Base 1 LDAP search base LDAP search base LDAP search base
Directory Number Extension Extension Extension

1 Keep it blank when deploying together with IM & Presence
Appendix A – IdP
Configuration
ADFS Claim Rules
ADFS Claim Rules
See following slide

ADFS Claim Rules – Custom Rule
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType =
c.ValueType,
Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] =
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifier"] =
"http://ad0a.identitylab.us/adfs/com/adfs/services/trust",
Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"]
= "cucm0a.identitylab.us");
Jabber SDK Appendix –
Use Cases
Pervasive Cisco UC in Business Process Applications
 Jabber SDK APIs: XMPP (CAXL), Web Phone (AJAX), Video* (PVE)
• UC, Collaboration, Video capabilities everywhere
• Example only – an ISV or IT Pro could do the project
Presence
enabled
IM / Chat
enabled
Click 2 WebEx
enabled
Click 2 Call
enabled
Click 2 Video*
enabled
Jabber SDK with Gmail and Google Apps for Business
• Cisco UC Enable Gmail and Google Apps for
Business
• Cisco Jabber APIs
• Web Softphone (AJAX)
• IM / Presence (CAXL)
Corporate Directory • User Capabilities

Presence and IM
• View Presence
gadget enabled
• Click 2 IM
• Click 2 Call
Corporate
• Flash Demo: Completed Integration
Softphone
gadget enabled • http://www.youtube.com/watch?v=pIGyEubjBrU
Esnatech: Messaging for Gmail / Zimbra
• Jabber SDK APIs: Unity Connection Visual Voicemail (REST), User Provisioning (CUPI)
• Use Case: Elegantly integrates disparate IPT vendor components into email accounts
User
Provisioning
Unified
Messaging
Esnatech Integrates Cisco with Google
“Office-LinX Cloud Connect helped us

solve our Cisco Unity Connection voice
mail integration challenges during
Eagle County’s conversion to Google
Gmail.”
Esnatech leverages the Jabber
Scott Lingle SDK to integrate Cisco Unified
IT Director Communications with Google
Eagle County, CO Apps and Gmail.
Cisco UC enabled Corporate Directory Portal
 Jabber SDK APIs: XMPP (CAXL), Web Phone (AJAX), Video* (PVE)
• Search and connect: real-time collaboration within corporate directories
• User Capabilities: Presence, Click 2 Call / IM / WebEx today, Click 2 Video* (1H2012)
Presence
enabled
IM / Chat
enabled
Click 2 WebEx
enabled
Click 2 Call
enabled
Click 2 Video*
enabled
Salesforce.com Cisco UC Integration
• Use Cases: Real-time collaboration with relevant people for a SFDC transaction inside
the SFDC workflow and approval processes.
Presence
enabled
IM / Chat
enabled
Click 2 Call
enabled
Click 2 Video*
enabled
Salesforce.com - IM Session
Presence
enabled
IM / Chat
enabled
Click 2 Call
enabled
Click 2 Video*
enabled
Salesforce.com – Video Call
Presence
enabled
IM / Chat
enabled
Click 2 Call
enabled
Click 2 Video*
enabled
Cisco Jabber SDK
Jabber Across Devices
What’s it All About? What’s in it For You?
• Easily embed voice, video, presence, IM, New User
Experiences
Voicemail and WebEx into web applications and
with Cisco
line-of-business applications Jabber
• Enabler to build on Cisco technology
• Increase productivity and maintain context of
interactions for end users
• Deployment flexibility and choice
• Add incremental value to your Cisco Collaboration
deployment based on your unique needs
• Unique offering - No other enterprise UC provider
has voice, video Web plug-in/SDK
Communications-enabled Processes
Voice Video
Easily add
IM/Chat Presence
collaboration
to web
applications
Voice mail & business
processes
Web
Conferencing
www.jabberdeveloper.com
Collaboration-enable Web Applications
Jabber SDK Toolkit
Web Phone Library
• API Name: Web Phone API
Audio Call Cntl • API Interface: AJAX / jQuery
• Web Phone provides two operating modes
• Control of a physical desk phone
o Make call, hang-up and mid call feature
• Soft Phone
o Desktop Media termination with calling features
• Web phone uses a JavaScript library
• Web phone requires an installed plug-in for media termination
Cisco Jabber Video Capabilities
• Single voice and video call control platform
• H.264 AVC standard based media library
o Designed to handle voice and video tasks
o Developed by Tandberg for the Movi offer
o Using in Jabber Clients and Jabber Web SDK
• Business Benefits
o HD Video of extraordinary quality
o Use common PCs & Macs (dual core)
o Resilient adaptation in wide variety of network conditions (e.g. ClearPath)
o Audio codecs; G.711a/u, G.722, G.729a
o More resolutions supported, offering greater interoperability
o Frame size QCIF to 720p based on attached camera
Web Phone Library
Web Cisco Unified

Server Communications
Manager
Client installs
browser plug-in Registration &
and downloads Call Control
JavaScript
Web Desk Phone

Soft Phone Device
Media Phone
controlled from
termination web application
on desktop
Web Browser
Web Phone Library – Browser Plugin
• Device Support
o Operating Systems:
• Windows 8.1
• OSX 10.10
o Browsers:
• Internet Explorer
• Firefox
• Chrome
• Safari
• License Considerations
o CUCM License required for Soft phone
Cisco XMPP Library
• API Name: Cisco Ajax XMPP Library
IM/Chat Presence Location • API Interface: AJAX
• CAXL is a Web 2.0 JavaScript client DK for integration of Instant messaging,

Presence and Roster services
• Evolution of Jabbers former jabberwerx suite
• Common SDK for on-prem (CUP) and off-prem (Webex) integration
• Uses BOSH for server communication
(Bidirectional streams over synchronous HTTP)
Cisco XMPP Library
• 1:1 Instant Messaging • Roster Presence and Roster
• Ability to initiate and receive P2P IM (Contacts List) management
• Supports xHTML-IM rich-text • Ability to Add/Update/Remove Contacts
• Ability to move contacts between groups
• Multi-user chat room (including
Persistent Chat) • My presence
• Ability to create adhoc and persistent chat rooms • Ability to set device presence
• Ability to invite and be invited to chat rooms. • When integrated with CUP, SDK can be
• Ability to search for existing chat rooms configured to set CAXL device presence
to be the same as Presence engine
composed presence.
• Pub/Sub Applications (e.g. for • Temporary Presence

GeoLocation) Subscriptions
• Personal Eventing Protocol - Ability to • Ability to create temporary subscriptions
create/publish/subscribe to pub/sub service to users who are not on your roster
nodes on a server. (“Quick Contacts”)
• Ability to do bulk subscribe/unsubscribe
• User Authentication of temporary subscriptions. Useful in
multi-page applications where each page
may have a different list of users
Cisco Unity Connection REST
• API Name: Cisco Unity Connection REST
Voice mail
• API Interface: REST
• Web 2.0 interface for accessing Cisco Unity Connection Voicemail
• CUMI – Cisco Unity Messaging interface for retrieving and managing
messages
• CUNI – Cisco Unity Notifications interface for managing notifications
• CUTI – Cisco Unity Telephony interface for telephone record and playback
WebEx Library
• API Name: WebEx Meeting API
Collaboration • API Interface: URL based
• The Webex Library provides a simple URL based interface to execute Webex
Meeting functionality in a browser
• Cisco recommends Using the URL API for:
o Authentication to the WebEx Page
o Immediately starting/joining WebEx sessions
o URL API Version Coincides with WBS Version
• Cisco also provides an advanced XML interface to Webex Meeting Centre

WebEx Library
• Account Admin and Login
• User account login
• User account log out
• User account creation
• User account editing
• User Profile
• Manage meetings
• My WebEx features
• Schedule meetings
• Delete meetings
Customer • Host meetings
Application • Join meetings
• List meetings
• Start meetings
Example in 5min
Video-enable Web Pages in 5 Minutes (step 1)
Click here to learn how!

http://developer.cisco.com/web/jabber-developer/uc-enabel-your-webpage-under-5-minutes-video
Additional Information…
Ordering and Localisation
• Cisco Jabber SDK

o SDK is freely available from CDN (Cisco DevNet)
o Voice / Video Plugin Pricing: UCL Enhanced or CUWL
o See Cisco Unified Communications Ordering Guide for details
• Localisation
o Application Developers can freely insert localisation resource files if require
Getting Started –Cisco Developer Network
• SDK, Samples, Instructional Videos, Community

• http://jabberdeveloper.com
Jabber Guest
Revolutionise Consumer-to-Business Collaboration
Consumer Business
Imagine the Possibilities…
Business Benefits
• Promote intimate customer interactions
• Simplify experience
• Improve competitive advantage

Simply Deployment Model
Consumer Public Internet Business
Enterprise
Expressway
Jabber Guest
virtual machine
Cisco UCM or
Business
Edition
Example Call Flow
Home Internet DMZ Enterprise
Expressway Edge Expressway Core
Reverse Proxy
Jabber Guest CUCM
Jabber Guest …
HTTP-based
call control (ROAP) • Serves up Javascript call control based on URL
SIP • For mobile, Cisco app from app store or integrated into 3rd-party app
RTP/SRTP • For laptop browsers, initiates H.264 plugin install as needed for Cisco
STUN/TURN or 3rd-party Web app
* Expressway X8.1 or later required
• Converts HTTP call request to SIP INVITE
Scalability, High Availability and Redundancy
• Target scalability = 2000 concurrent Cluster
sessions via standalone VM
Expressway/VCS E Expressway/VCS C
• VM deployment models
• Standalone VM
• Cluster for high availability,
redundancy
• Cluster is 3 VMs
• Same scale as Standalone VM Standalone VM Cluster
• Clusters are independent of each
other
• One standalone VM or cluster per OR
Expressway/VCS cluster Jabber Guest Jabber Guest Jabber Guest Jabber Guest
Primary Secondary Secondary
• Setup and manage cluster via VM
CLI
Making Calls
• Jabber® Guest can use “Ad-hoc” calling or admin managed
links.
• Some examples:
̶ URI dialing: http://example-

jabberc.com/call/janedoe@example.com
̶ Four-digit Directory Number: http://example-

jabberc.com/call/1234@example.com
̶ Eight-digit Directory Number: http://example-

jabberc.com/call/12345678@example.com
• http://example-jabberc.com/...: Location of enterprise
• …/call/1234@example.com: URI or Directory Number of

Cisco® UCM registered endpoint
“Timed” URL Configuration
• A time-bound link may be created
• Link only valid during time specified in admin console
• Helps manage time of in-house expert
• RESTful API may be used to manage link timing from third
party scheduling software
Client Experiences
Browser Experience
User Experience
• Video
Point-to-point video via Plugin (H.264 AVC)
Point to video conference
• Mid-call control
Keypad
Mute audio or video
Full-screen
Camera or audio device selection
Self-view
• Call control – WebRTC Standard (ROAP)
• Media
Browser plug-in (desktop web)
Future – WebRTC for media
* Images for illustration purpose only. Final UI subject to change.
iOS Mobile Client Experience
User Experience
• Video
o Point-to-point video
o Point to video conference
• Mid-call control
o Keypad
o Mute audio or video
o Full-screen
o Camera or audio device selection
o Self-view
• Call control – WebRTC Standard (ROAP)
• Media
o Native apps (mobile)
o Future – WebRTC
Widgets and SDKs
Customisation
• Desktop browser SDK

Sample HTML and Javascript provided to create
video widget and set up event handler
• Mobile native application SDK

iOS framework
Includes sample projects, tutorials, API reference, etc
• Developer Portal
http://jabberdeveloper.com

Licensing and Availability
Licensing
• Consumers – no cost!
• Enterprise
• Concurrent session license @ $0
• Rights to use software & SDKs
• Expressway rich-media sessions @ $1500

MSRP
• Required for firewall/NAT traversal
• Limited Promotion – 2 sessions of both Jabber

Guest & Expressway rich-media sessions at no
cost for CUCM 9.0+ (ESW/UCSS required)
Use Cases
Use Cases
• Retail
o Enhance Customer Interactions
o Make Experts easy to find
• Healthcare
o Improve physician and nurse resource efficiencies
o Extend business reach
o Improve ROI of Telepresence investments
• Financial Services
o Enable up-sell, cross-sell, and increase share of wallet
o Increased high-touch personal interaction
o Creates a competitive advantage
Jabber Guest External Directory
Jabber Guest in an App

Teccol 2444 Aa PDF

Uploaded by

Copyright:

Available Formats

Teccol 2444 Aa PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Teccol 2444 Aa PDF

Uploaded by

Copyright:

Available Formats

What are the main features of Cisco Jabber?

What are the main features of Cisco Jabber?

How does Cisco Jabber provide a consistent user experience across different devices?

How does Cisco Jabber provide a consistent user experience across different devices?

Collaboration Anywhere on

All-in-one UC application Collaborate from any workspace

Desktop Tablet Smartphone Web

A/V Call Control Nodes Single configuration

IM&P Control Nodes

System Administration manages all

Drill down information available from

Serviceability functions for all nodes

Multi Cluster deployment for scale…

Solution can be deployed using Cisco Unified Computing System

Sign in with cucm01-us

Please see appendix for detailed description of each step…

Custom contacts (Jabber for Windows on premise only)

Microsoft Outlook Contact Source (Windows only)

Webex Contact Source (cloud only)

Outlook jabber-config.xml via http Configuration is created at parameter level

Best practice – only configure non default items http download

• Manual Server selection See appendix for more examples...

Users can create individual contacts not sourced

• Check User Group Sync

SIP SIP SIP

XMPP SIP SIP

bob@biloxi.com Domain biloxi.com

SIP XMPP XMPP

XMPP XMPP XMPP

bob@biloxi.com Domain biloxi.com

SIP XMPP XMPP

SIP SIP XMPP

Lync Client Lync Front End UCM IM&P Cisco Jabber

SIP SIP XMPP

Software Download – Migration utility

5 ③ With advanced routing UCM

• Both systems are using the

2.) Configure Postgress

Point to Point Chat Ad-Hoc Group Chat Chat Room

Managed File Transfer

Cisco IM& Presence:

Jabber for Windows Jabber for Windows External File Server

XCP Text XCP File

• Files are stored on an external Linux file server (example

• Customer provides and maintains file server and is

Database XCP Text XCP File File Server

6. IM with file information

1. POST File 7. REQUEST File

3. File stored in repository 4. Audit log written to DB for upload

External File Server External Database

• PostgreSQL service will be started automatically after install.

• Set the following in Restart the

Database service account

• Database server reachability

• Peer-to-Peer : Classic operating mode, files transfer between clients without

• As the new user create a node folder in the MFT directory

• Administrator creates a folder on the file server for each

Admin defined directory • IM&P node will create a files folder

Maximum number of chat rooms