Professional Documents
Culture Documents
Lab Guide
version 3.2
Collaboration SE VT Meeting May 2012
Page 1
Lab Topology
Lab topology is shown on a diagram below. Each student has his own set of terminals in his POD.
Page 2
Page 3
Agenda
1. CUP/CUCM 9.0 - infrastructure configuration a. CUCM 9.0 and the new Enterprise Licensing Manager b. Check configuration on IM&Presence node c. Check configuration on CUCM side 2. DNS configuration a. Host Names and SRV resolution for automatic client logon b. How to check SRV record configuration is correct? 3. Basic AD Integration & Tuning a. Check AD Configuration for Users b. CUCM AD/LDAP sync and authentication c. EDI configuration (Default) d. E164 Number Normalization (Translation Pattern) 4. CUCM/CUP - User & Device configuration a. Define Service Profile for Policy setting (EDI) b. Define new CSF devices for the users c. User activation for IM/Presence/Audio/Video/BFCP 5. Jabber installation and logon a. Standard client installation on first two PC b. Client Logon and Test (Buddy list, chat, call, Desktop Sharing using BFCP) c. MSI Customization during Install on Third PC d. Client Logon and Test (Buddy list, chat, call, Desktop Sharing using BFCP)
Page 4
6. Photo integration Option 1 a. Upload Binary Object in AD using Exchange MMS b. Binary Object for Photo in AD default behavior 7. Photo integration Option 2 a. Upload Photo on Web Server b. Configure URL Substitution method for Photo retrieval c. Force user Alice Adams to use this method 8. Exchange & Outlook Integration a. Run AD script for User SIP attribute 9. Directory Lookup Rules to complete Photo Integration in alerting and connected call status. a. Define Directory Lookup rules and apply to all the users 10. Using CUCM User Data Service (UDS) for Directory Integration and Photo Lookup a. UDS Service Profile configuration b. Change Bob Bankss Service Profile to force the use of UDS c. Force Bob Banks to use method 2 for photo retrieval customized for UDS 11. Adding Custom Embedded Tab 12. New Provisioning method to enable User for IM&Presence and deploy CSF devices a. Define Universal Device Template b. Define Feature Group Template c. Enable User for IM&Presence and create CSF device using the new provisioning method
Page 5
Accessing ELM and adding feature servers to the license manager For the purpose of the lab we have a single node CUCM cluster (publisher). This machine also runs ELM. To access ELM go to the base URL http://cucm01-bc.bootcamp.com (http://10.52.226.70), from there you can select the ELM web-interface.
1.
ELM can be accessed via the logon screen shown below utilizing the CUCM administrator ID and password.
Page 6
2.
After logon the ELM dashboard provides an overview of the configured components and the licenses in use.
3.
First task is to add the product instances aka server components such as CUCM clusters or Cisco Unity Connection servers to the inventory. Select Inventory -> Product Instances from the left navigation menu. After a fresh install there should not be any entries. Choose Add from the top row to add our CUCM instance. In the dialog shown below the parameters are entered to define what product is added to ELM and the required information for ELM to connect to this instance is provided.
Page 7
4.
The Test Connection button provides the means to verify that all parameters have been entered correctly.
1.
5.
Product instances now show a new instance of CUCM that is not yet synchronized (Synchronization Status column).
6.
Select the row with CUCM01-BC and press the Synchronize Now button to initiate the synchronization.
Page 8
7.
CUCM IM & Presence (formerly known as CUP) With the Cisco Collaboration System Release 9.0 IM and presence functionality are started to be integrated into the CUCM cluster. Providing a single instance of control for IM, presence, voice and video. In release 9.0 the first steps have been taken to consolidate the server platforms - this will continue in future releases and further reduce complexity resulting in better ROI and TCO. Certain changes in administrating the Cisco Collaboration platform have been made to accommodate the architectural changes.
Configuration pre-9.0 and post 9.0 Certain changes outlined in the following chapters describe how the Cisco Collaboration platform is administered running version 9.0 and above (CUCM and CUCM IM & Presence). It needs to be noted that the first version of Cisco Jabber for Windows (9.0.1) will not fully pickup all the new configuration methods and the corresponding parameters. Full support for the post-9.0 configuration methods is planned for a future release of Cisco Jabber for Windows. In this guide where ever possible pre-9.0 and post-9.0 configuration methods are explained.
CUCM IM & Presence basic post install configuration In Cisco Unified Communications 9.0 continues to maintain a database synchronization between the CUCM publisher and the first CUCM IM & Presence node. This is similar to the relationship between CUCM and CUP in earlier versions.
CUCM Publisher define CUCM IM & Presence Server, define Application User, Setup & Service Activation All nodes in the CUCM cluster utilize IPsec authenticated communication. Each new node has to be added to the CUCM publisher before it can be activated. https://cucm01-bc.bootcamp.com/ccmadmin navigate to System -> Application Server and select Add New
Page 9
8.
Database synchronization utilizes the CUCM AXL API for that reason the service needs to be activated and started on the CUCM publisher node and an AXL enabled application user must be provided.
Warning!!! The default CUCM administration user created during install does have the required privileges and could be utilized for this purpose. As a best practice this chapter shows the creation of a distinct user that ONLY has the required privileges for this purpose.
1.
Select Add New and enter the parameters as show in the figure below.
Page 10
CUCM Serviceability verify that the AXL service is activated (the other services shown are already activated for other parts of the lab to function).
3.
4.
Page 11
5.
CUCM IM & Presence Post Install Dialog After the installation of CUCM IM & Presence is completed when logging into the administrative webinterface (https://cup01-bc.bootcamp.com/cupadmin) for the first time the post-install dialog is presented. Through this dialog the CUCM IM & Presence node is added to the CUCM cluster and synchronization is established. First to pages of the dialog below show the connectivity parameters and the CUCM cluster security password needs to be entered.
Next the application user configured in the previous chapter is configured. Final screen shows the summary of all parameters configured.
7.
4.
Page 12
Page 13
1.
How to verify the DNS SRV configuration NSLOOKUP can be used to verify that the SRV records are correctly configured. This is particular important in environments where DNS configuration is handled by different organizational entities. By default the NSLOOKUP tool queries either DNS A records - mapping a name to an IP address or PTR records mapping IP address to DNS names. First start nslookup (in the example for windows start a command prompts and enter nslookup). Next set the query type to SRV -> set type=SRV > _cuplogin._tcp.bootcamp.com This will return the DNS A records pointing to CUCM IM & Presence
Page 14
2.
The machine in the example above had IPv6 enabled, which is not required and can be ignored to the purpose of this exercise.
Page 15
Page 16
Then go to the LDAP Directory configuration (System -> LDAP -> LDAP Directory ) and add a new profile with the following parameters:
Then go to the LDAP Authentication configuration (System -> LDAP -> LDAP Authentication ) and add a new profile with the following parameters:
Page 17
Once configured go to previous menu (LDAP Directory) and force a manual update.
When the system has finished to sync go to the user page and check that all the users information has been synced. Check also the information that are synced from AD in the user page (email, Department, etc..)
Page 18
Important NOTE: Pre-configured tasks stop here so .Starting from the next step you have to configure all the items on the machines!
As you can notice in the AD the phone number are in +E164 format. Being the extension associate to the users a private one with 3 digits we need to configure a Translation Pattern to translate between the two formats. This will permit us to use and the number that are in the AD, strip the prefix and map to the internal extensions assigned to Jabber devices. Go to the Translation Pattern (TP) menu under Call Routing menu and add a new one:
Page 19
Page 20
Now next step will be to define the new Service Profiles that will be downloaded from Jabber client and will include several configuration parameters to be used for contact search and other stuff.
Page 21
Lets start creating the CSF devices needed for Jabber to work in Softphone Mode. Add a new CSF device for User Alice Adams adding all the following parameters: NOTE that BFCP is active by default for CSF devices with CUCM 9.0 so you dont need to modify the standard SIP Profile assigned to the device itself.
Page 22
Page 23
Page 24
Now you can add a new line (ext. 100) to the CSF device just created, clicking on the Add a New DN button on the top left angle of the page:
You will now see the full Directory Number page configuration, you must change only the parameters reported in the pages below, leaving the other to the default values:
Page 25
After saving the line configuration (Pressing the Save button), scroll down to the end of the page and associate the end user with the line.
Repeat the same steps for Bob Banks and Cathy Chung. All the related informations are reported in the User Table at page 3.
Page 26
Introduction to Service Profile Concept A service profile is a logical collection of UC services defined by a UC administrator. A profile can be comprised of one or more services and assigned to users. The Administrator defines a service profile that includes voice mail, presence, conferencing, CTI server information. The Administrator synchronizes the users from LDAP directory (note this is not mandatory although it is highly recommended). For LDAP Synced users in 9.0, the Home Cluster and IM and Presence Enable flags must be done manually via the End User Configuration Page or via BAT. The Administrator should mark one service profile as the default so that all users will get this service profile without having to do any per-user association. Users that require profiles other than the default will need to be manually associated from either the End User Configuration page or via BAT.
Service configuration is done in the UC Service configuration page accessed from the User Management User Settings UC Service menu. Once services have been defined they can be added to an existing or new service profile. Service Profile configuration is done in the Service Profile configuration page accessed from User Management User Settings Service Profile menu. Once created there is an check-box at the top of the page to make this the default service profile for the system. It is recommended that this is done for at least one service profile per cluster. Therefore, first we need to create all the UC service element that will be inserted into the Service Profile and at the end assigned to the end users.
Page 27
Page 28
Please note that in this case we are not defining any specific UC profile for AD integration because we are using EDI, that is the default behavior and permit the client to connect to AD using native PCs Domain Logon information (DC, credential , etc..). Now we will create the first Service Profile (for EDI users) selecting all the UC Service defined before:
Page 29
Set the name of the profile and set it the default service profile for the system.
Page 30
Now we need to associate the Service Profile just created to the user Alice Adams:
Page 31
Here below the main point we define that this is the CUCM Home cluster for the user, that this user is enabled for IM and the Service Profile to associate is the one just created (Please note that for a CUCM bug sometimes the settings are not full saved, the suggestion is to click anywhere on the page after you selected the IM profile.and check that really have been saved):
At this point we need to associate the users to the csf devices created before. This is needed because: When the client tries to register to the cucm it asks for the devices associated to the userid transmitted during the logon process The cucm checks the association that we will configure now and reports back to the client the device-id. Last, the client will ask to the TFTP server the configuration of the device-id just received and will try to register it to the cucm. To achieve this click on device association button:
Search for available devices and select the CSF csfaadams just created:
Page 32
Now we need to associate the right line appearance to the user. Note, this is needed because only this line will be monitored by the Presence Engine and the related Busy status will be reflected on the client as In A call... To achieve this click on the Line Appearance Association for Presence button:
Search for the available extension numbers and select the right one for Alice A. (Directory number 100). Click then Save to confirm the choice:
Page 33
In the Directory Number Associations field select the Primary Extension among the possible choices. Note that in this case we have only one extension associated to the users but we need in any case to select it:
Last we need to assign to the users the right level of authorization to interact with the cucm and register devices. To do it please select the option Add to Access Control Group:
Press Find to search for all available pre-defined access level and select Standard CCM End Users:
Page 34
Now you will go back to the main page of the user and you will see the following scenario:
Page 35
If you scroll down again to the end of the page you should now see the following picture where the specifics roles have been assigned to the user:
Remember you have configured CTI Profile previously. We are not going to control any phones in this lab but in order to do so you would also need to add the user to Standard CTI Enabled and eventually to Standard CTI Allow Control of Phones supporting Xfer and conf (if you are using 89xx or 99xx phones) groups. Please verify user configuration and repeat same steps for the user Bob Banks and Cathy Chung, following the information reported in the table @ page 3. Last step is to go on the IM & Presence node (10.52.226.71) and add some the minimal information still required from the client to logon to presence server and retrieve the IP address of the CUCM for TFTP and CCMCIP services. Go to Application Legacy Client Setting and add TFTP servers here:
Page 36
Now go to the to Application Legacy Client CCMCIP Profile and add the CCMCIP hosts as primary and backup node. Select also the other options showed below:
The Server side configuration for the basic logon of the client is now ended.
Page 38
Page 39
When the client logs on you will be able to search and add people to the buddy list but you will notice a red error icon on the right Bottom side on the client there are issue with CUCM registration! At this point go to Options Phone Accounts and fill with CUCM userid and Password for Alice Adams:
Note: go to Advanced and check that the CUCM IP address is reported there (from where has it been taken?) Cisco Jabber Lab Page 40
Click ok and you should go back to main buddy list view without the error notification received before. At this point this client is active both for IM/Presence and Voice/Video.
Repeat now the same step for Bob Banks and when also Bobs client is active you can start to make some test of chat and audio/video calls. But for Bob, at the login screen you can now use the use default server option for the Login Server menu because we configured the DNS SRV record before so the client should be able to take the info from there, enhancing the logon user experience. In any case remember to select the Presence Server as Server Type:
Please note that we are using VM and the Webcams are simulated using a Virtual Driver so you will only get a sequence of photo rotated regularly as video on both side. To obtain this result you need to launch the related program VirtualCam after the logon on the Jabber clients. Last step is to install Jabber on the third PC (Cathy Chung). In this case we will test the new capability to customize the MSI installation giving specific parameters. You can in fact specify command line arguments to apply properties to Cisco Jabber for Windows during installation. Please follow the following steps to test it: Open a command line window. Change the directory to the one where the Jabber MSI installation file is located Specify the following command to install Cisco Jabber for Windows:
CiscoJabberSetup.msi TYPE=CUP ADDRESS=10.52.226.71 DOMAIN=bootcamp.com
msiexec.exe /i /quiet
Page 41
Where: TYPE=CUP specifies Cisco Unified Presence as the presence server type. ADDRESS=10.52.226.71 specifies the IP address of the Presence Server DOMAIN=bootcamp.com specifies the domain name of the presence server.
When the installation finish launch the client and verify that the parameters configured are there. Go to File change Connection Setting :
Page 42
Page 43
1.
Launch ADSIedit
In the lab setup all users are in the container my-user. Right click on Alice Adams and select Properties
2.
The following dialog shows all the attributes configured for this user.
5.
Page 44
3.
By default ADSIedit only shows the attributes that have a value associated if you cant see thumbnailPhoto in the list of attributes there is no data associated. The previous figure shows how to change the filter settings to show all attributes.
Upload pictures with Exchange 2010 Management Shell Logon to via RDP to the Exchange 2010 server (RDP Shortcut on Windows 7 Desktop) and launch the Exchange management shell.
Use the Import-RecipientDataProperty command to upload the pictures into Active Directory. The format and parameters of the command are as follows: Import-RecipientDataProperty identity <username> -picture filedata ([Byte[]]$(Get-Content Path <full qualified path to picture file> encoding byte readcount 0)) Please modify the command according to the example below.
4.
Page 45
Verify Picture Upload in Active Directory Depending on the structure and size of the Active Directory topology it can take some time to replicate to all domain controllers. To verify that the pictures are stored in the Active Directory object we can utilize again ADSIedit (please see previous paragraph for details). Figure below shows the thumbnailPhoto object populated with binary data.
5.
Verify picture are downloaded by the Jabber client Now, to verify that Jabber clients are able to download the Photos you should go in RDP to one of the PC and follow these steps: Logout from Jabber client Login to Jabber client Select the users in the buddy list, right click on it and force a profile update using the view profile option
Page 46
Page 47
As for the other configuration analyzed until now, the goal is to have everything configurable via policy using CUCM. In this moment the CUCM and Jabber client are not ready yet to have this info passed using inband policy so we will have to use the backup behavior of using an XML file created ad-hoc for this reason. The Jabber client, at the startup will ask by default for a file with the name Jabber-config.xml. Here below an example of the file:
In our case we are taking the photo from a web server co-resident with the Exchange machine (URL is http://exchange01-bc.bootcamp.com/photo/photo_file_name.png). The AD attribute used to make the search and match the photos file name is the company. The XML file that we will use is the following:
<?xml version="1.0" encoding="utf-8"?> <config version="1.0"> <Directory> <PhotoURISubstitutionEnabled>True</PhotoURISubstitutionEnabled> <PhotoURISubstitutionToken>company</PhotoURISubstitutionToken> <PhotoURIWithToken>http://exchange01-bc.bootcamp.com/photo/company.png</PhotoURIWithToken> </Directory>
</config>
Page 48
In our case the goal is to enable only Alice Adamss clients to retrieve and show the photo for the users in the buddy list using this method instead of the default one (binary Object in AD). To be able to do it only for Alice we will configure the client to download a specific xml file called jabber-configgroup2.xml: To do this we will need to upload the xml file first to the CUCM so please logon on PC1, go to directory Lab Material on the desktop and you will find the XML file (Jabber jabber-config-group2.xml) ready to be uploaded. Go to the cucm console, select Cisco Unified OS administration from the right menu and follow instructions to upload the xml file:
At this point you will need to restart the TFTP service on the CUCM so that CUCM read the new file. Cisco Jabber Lab Page 49
Only thing missing now is to force the csf associate to Alice to download this file. To do this go to the CSF device csfaadams:
Then in the Desktop Client Setting insert the following string that is telling to the client to download a specific xml file called jabber-config-group2.xml:
Page 50
Now, to test the new integration go in RDP to Alices PC and follow these steps: Logout from Jabber client Clean the Photo cache going to the Photo shortcut folder that you find on the desktop and deleting all the photos Clean the Jabber Client History going to the related directory under the CSF shortcut you find on the desktop and deleting the files under CSF\History folder
Login to Jabber client Select the users in the buddy list and force a profile update using the view profile option You should notice that compared with other clients Pictures are different because in this case we are forcing the use of an attribute (company) to make the URL substitution and we created on the web server (Exchange machine) different picture files from the one uploaded in AD as binary object, with names mapped to this attribute. The names of the photo files are userid_corp and the company AD attribute is filled with this type of string.
Page 51
Page 52
Page 53
NOTE: As you are about to perfom that action from AD DC, it will refer to the administrator user, instead of the aadams user shown in the screenshot above.
Page 54
(The LDIF filename is auto-generated and will be different, thats fine) You can check the log files under the MSO10ADSWizard\LDIF_Files to see the users that has been found and changed:
To verify that the changes have been applied correctly open outlook, display a contact card, select the outlook properties option as reported in the following screen shot. You should receive a list of two elements in the Proxy Attribute field one for SMTP email address and one for SIP address.
NOTE: It can take time to sync the new contact info so you can force the Outlook Offline Address Book creation on Exchange and the download from the client: 1. RDP to Exchange Server using Administrator account, open the Exchange Management Console and go to the option to re-create the Offline Address Book
Page 55
Select the Offline Address Book Tab, select the only item you find in the list, right click on it and select update:
2. After some minutes Open Outlook in the first client and go into the related option in the following menu (File Info Account Setting Download Address Book):
Page 56
Once download finishes repeat the previous check in the contact card. Now you can do the same process for the other users.
Page 57
Note: an alternative way to check the script result would be to use the AD tool called ADSI Edit. To use it please do the following steps: 1. 2. 3. 4. 5. 6. 7. Logon on AD DC. Start the ADSI Edit tool. Expand the appropriate domain. Open the organizational unit (OU) that contains the appropriate users. Select one of the users Right click on properties and search for the proxyAddress attribute Verify the values associated to this attribute.
Page 58
Now create a dial rule for number 1XX, adding the prefix +498115543 as reported here: Cisco Jabber Lab Page 59
Repeat the same steps for prefix 2XX, 3XX. At this point we need to apply a specific .cop file to tell cucm to read the application dial rules and public them on the TFTP to be downloaded by Jabber client. We already uploaded this file to a local FTP server, you would normally find it as part of the Jabber Admin pack available on CCO. To install the file, go to the CUCM interface - Cisco OS Administration section and follow the steps below. Use 10.52.226.73 as Server, administrator as username and C1sc0,123 as password. There should only be one valid .cop.sgn file available to install.
Page 60
Click next to access the FTP server. Now, from the list of file existing on the ftp server select the one related to the Dial Rules:
Select next and wait for the installation to finish. When is done you can go on the three PC, logout and login to the Jabber client and the client will download the rules just created. Try to make a call between the two of them and you will see alerting popup window and session window with name, roles and photo:
Page 61
Page 62
Page 63
Here below you will see the important parameter to flagthe one called Use UDS for contact resolution:
Page 64
Page 65
Now we need to associate the Service Profile just created to the user Bob Banks:
NOTE: in the current deployment stage of Jabber the client is not able to retrieve this info from the cucm so we will need to create and force the download of a specific xml file to Bobs client. Same scenario will be in any case needed for cucm version older then 9.X Upload the file jabber-config-group1.xml from the Lab_Materials directory of Alices Win7 machine to TFTP directory of CUCM & restart the TFTP server.
Page 66
The File will tell to client to use the uid attribute of UDS (mapped to users userid) to make the complete URL and will search on the specified Web Server for a file name userid.png to be used like photo image for the users (note that the images here are different from the others we used until now for the same user.you will discover which one are the new.). Only thing missing is to force the csf associate to Bob to use it. To do this go to the CSF device csfbbanks:
Page 67
Then in the Desktop Client Setting are please insert the following string that is telling to the client to download a specific xml file called jabber-config-group1.xml:
Now, to test the new integration go in RDP to Bobs PC and follow these steps: Logout from Jabber client Clean the Photo cache going to the Photo shortcut folder that you find on the desktop and deleting all the photos Login to Jabber client Select the users in the buddy list and force a profile update using the view profile option You should notice a couple of differences compared with other clients o we are missing some information due to fact that some attribute are not synced from AD into CUCM Directory o Pictures are different because in this case we are forcing the use of another attribute to make the URL substitution (userid instead of company) and we created on the web server (again the Exchange machine in our case) different picture files with names mapped to userid attribute instead of company attribute.
Page 68
Page 69
Upload the file jabber-config-group3.xml to CUCM's TFTP directory and restart the TFTP server. Then go to the Cathy Chung's CSF device and set the Cisco Support Field to configurationfile= jabber-configgroup3.xml. Then exit from the Jabber client (do not just sign out) and start it again.
Page 70
Once defined these two templates, we will be able to enable a specific user for Jabber and create in automatic way also the CSF device to associate to him, with the correct extension number assigned to the line. First of All we have to define a new Universal Device Template, to do that you have to go to the menu option User Management Universal Device Template:
Insert the appropriate info in the different fields, as reported in the following screen shot:
Page 72
We can also pre-populate some information regarding the lines that will be created following this device template:
Page 73
As you can note it is possible to associate to some field a list of pre-defined parameterthese will be substitute with real value taken from User info when the template will be used:
Change the device setting as reported below, leave the other field as default and then press Save:
Page 74
Now we can jump back and start creating the Feature Group Template. To do it please go to the menu reported below:
Page 75
Now you can insert all the information that will be used as Feature Template later when we will create users from scratch or we will enable users just imported from AD. Please follow the example below:
Page 76
UDT_Template_1
With this step we have done with the template creation. Next step will be using these templates for a new user just imported from AD into CUCM. Go to the alternative End Users option under the User management - Quick User/Phone Add submenu:
In the list of imported users from AD you will have to select Luca Pellegrini that has never been configured until now:
Page 77
Insert the following information, verifying that the values are really saved:
Page 78
Now we have to assign one of the free extension numbers that are available to the Primary Extension field (this value will be assigned to the line that will be created):
Page 79
NOTE: if there are not free extension numbers in your POD you will have to create some in the range 101-105 going to the following menu Call routing Directory Number:
Page 80
Page 81
Once inserted you will be able to select in the user previous user page the extension 101:
Page 82
Click anywhere on the page to be sure that all the value are maintained in the fields (possible cucm bugs here..) and then Click on Manage Device to add a new device associated to this user:
Page 83
Click on Add new Phone and insert the info related to the CSF device that will be created:
Click on the Add Phone blue button and verify that the device info has been saved:
Page 84
At this point you can select the Back to the User menu option on the right side of the page and click the Save Button. Now what will happen is that all the info inserted will be used to modify the parameters associated to the user Luca Pellegrini, create a CSF device, associate it to the same user, create a line on the device, enable user for IM&Presence. You can therefore go now around the menus verifying what the system has done automatically for you!
Page 85
So, if you have still time left, you could now use one of the two xml files you have on the Pods PC under the Lab_material folder, add the lines just commented, save the file with the same name and upload it again on the CUCM using TFTP file upload menu. Once done you can logout and login again in the Jabber client associated to the XML file configuration that you modified (Alice or Bob) and you will notice the difference going in the File Option Menu. Please look at the following two screen shots:
Page 86
On the Left you see the standard view with the tab Phone Account where you must insert the CUCM credential, this is the view you had BEFORE the configuration change On the Right you see the view you should have on the PC you have modified, where the Phone Account tab is not present anymore but the CSF device is still registered on the cucm correctly. You can see that everything is working fine because the icon in the right bottom angle of the client is without red alert.
Page 87
Page 88