PVT 2012 Lab Cisco Jabber

Cisco Jabber Lab Page 1

Cisco Jabber Lab

Lab Guide version 3.2 Collaboration SE VT Meeting May 2012


Lab Guide authors

For any feedback or questions please contact the following persons:

Fabio Chiesa ([email protected]) - CSE, EMEAR Theatre Technical Services Team

Tobias Neumann ([email protected]) – TSA, EMEAR Central Collaboration Team

Lab Topology

Lab topology is shown on a diagram below. Each student has his own set of terminals in his POD.

mailto:[email protected]

mailto:[email protected]


Lab Hosts, IP Addresses, Usernames, Passwords

Servers, PC and Infrastructure - Hostnames and IP addresses

SERVER Hostname IP address

(Private)

AD DC (WS2008R2) ad01-bc.bootcamp.com 10.52.226.68

CUCM 9.0 cucm01-bc.bootcamp.com 10.52.226.70

IM&Presence 9.0 cup01-bc.bootcamp.com 10.52.226.71

Exchange 2010 exchange01-bc.bootcamp.com 10.52.226.73

PC 1(AADAMS)

10.52.226.76

PC 2(BBANKS)

10.52.226.77

PC 3(CCHUNG)

10.52.226.78

Servers, PC and Infrastructure – Credential to use to logon

SERVER Username Passsword

AD DC (WS2008R2) bootcamp\administrator C1sc0,123

CUCM 9.0 cucmadmin C1sc0,123

IM&Presence 9.0 cucmadmin C1sc0,123

Exchange 2010 bootcamp\administrator C1sc0,123

PC 1(AADAMS) bootcamp\aadams cisco,123

PC 2(BBANKS) bootcamp\bbanks cisco,123

PC 3(CCHUNG) bootcamp\cchung cisco,123

Note: the AD domain is “Bootcamp”, the email domain is “Bootcamp.com”.

Lab Numbering Plan

General principles of lab Dialplan inside each POD

Device IM address (XMPP) Extension (Private) Extension (E164)

Alice Adams [email protected] 100 +498115543100

Bob Banks [email protected] 200 +498115543200

Cathy Chung [email protected] 300 +498115543300

Tobias Neumann [email protected] 400 +498115543400

Fabio Chiesa [email protected] 500 +498115543500


Agenda

1. CUP/CUCM 9.0 - infrastructure configuration

a. CUCM 9.0 and the new Enterprise Licensing Manager

b. Check configuration on IM&Presence node

c. Check configuration on CUCM side

2. DNS configuration

a. Host Names and SRV resolution for automatic client logon

b. How to check SRV record configuration is correct?

3. Basic AD Integration & Tuning

a. Check AD Configuration for Users

b. CUCM AD/LDAP sync and authentication

c. EDI configuration (Default)

d. E164 Number Normalization (Translation Pattern)

4. CUCM/CUP - User & Device configuration

a. Define Service Profile for Policy setting (EDI)

b. Define new CSF devices for the users

c. User activation for IM/Presence/Audio/Video/BFCP

5. Jabber installation and logon

a. Standard client installation on first two PC

b. Client Logon and Test (Buddy list, chat, call, Desktop Sharing using BFCP)

c. MSI Customization during Install on Third PC

d. Client Logon and Test (Buddy list, chat, call, Desktop Sharing using BFCP)


6. Photo integration Option 1

a. Upload Binary Object in AD using Exchange MMS

b. Binary Object for Photo in AD – default behavior

7. Photo integration Option 2

a. Upload Photo on Web Server

b. Configure URL Substitution method for Photo retrieval

c. Force user Alice Adams to use this method

8. Exchange & Outlook Integration

a. Run AD script for User SIP attribute

9. Directory Lookup Rules to complete Photo Integration in alerting and connected call status.

a. Define Directory Lookup rules and apply to all the users

10. Using CUCM User Data Service (UDS) for Directory Integration and Photo Lookup

a. UDS Service Profile configuration

b. Change Bob Banks’s Service Profile to force the use of UDS

c. Force Bob Banks to use method 2 for photo retrieval customized for UDS

11. Adding Custom Embedded Tab

12. New Provisioning method to enable User for IM&Presence and deploy CSF devices

a. Define Universal Device Template

b. Define Feature Group Template

c. Enable User for IM&Presence and create CSF device using the new provisioning method


Cisco Jabber Lab – Module 1

CUP/CUCM 9.0 - infrastructure configuration

Important NOTE: Due to small amount of time we have for the lab, this chapter has been already pre-configured for you so please follow the guide, check the configuration on the machines but not change or repeat the configuration itself.

CUCM 9.0 Cluster - Enterprise Licensing

CUCM version 9.0 provides a new licensing mechanism called Enterprise Licensing Manager (ELM). ELM

comes as a service which runs on a CUCM node in the cluster. It provides a single place of licensing control

for the entire system. It includes the user licensing for CUCM, CUCM IM & Presence, Cisco Unity Connection.

Accessing ELM and adding feature servers to the license manager

For the purpose of the lab we have a single node CUCM cluster (publisher). This machine also runs ELM. To

access ELM go to the base URL http://cucm01-bc.bootcamp.com (http://10.52.226.70), from there you can

select the ELM web-interface.

1. Main CUCM 9.0 browser interface

ELM can be accessed via the logon screen shown below utilizing the CUCM administrator ID and password.

http://cucm01-bc.bootcamp.com/

http://10.52.226.70/


2. CUCM 9.0 Enterprise License Manager Logon Screen

After logon the ELM dashboard provides an overview of the configured components and the licenses in use.

3. CUCM 9.0 Enterprise License Manager Dashboard

First task is to add the product instances aka server components such as CUCM clusters or Cisco Unity

Connection servers to the inventory. Select Inventory -> Product Instances from the left navigation menu.

After a fresh install there should not be any entries. Choose Add from the top row to add our CUCM

instance. In the dialog shown below the parameters are entered to define what product is added to ELM and

the required information for ELM to connect to this instance is provided.


4. Add Product to ELM Dialog

The Test Connection button provides the means to verify that all parameters have been entered correctly.

5. ELM Add Product Test Connection

Product instances now show a new instance of CUCM that is not yet synchronized (Synchronization Status

column).

6. ELM Product Instance overview

Select the row with CUCM01-BC and press the Synchronize Now button to initiate the synchronization.

1. ELM Add Product Test Connection successful


7. ELM Product Instance Synchronization complete

CUCM IM & Presence (formerly known as CUP)

With the Cisco Collaboration System Release 9.0 IM and presence functionality are started to be integrated

into the CUCM cluster. Providing a single instance of control for IM, presence, voice and video. In release 9.0

the first steps have been taken to consolidate the server platforms - this will continue in future releases and

further reduce complexity resulting in better ROI and TCO. Certain changes in administrating the Cisco

Collaboration platform have been made to accommodate the architectural changes.

Configuration pre-9.0 and post 9.0 – Certain changes outlined in the following chapters describe how

the Cisco Collaboration platform is administered running version 9.0 and above (CUCM and CUCM

IM & Presence). It needs to be noted that the first version of Cisco Jabber for Windows (9.0.1) will

not fully pickup all the new configuration methods and the corresponding parameters. Full support

for the post-9.0 configuration methods is planned for a future release of Cisco Jabber for Windows.

In this guide where ever possible pre-9.0 and post-9.0 configuration methods are explained.

CUCM IM & Presence – basic post install configuration

In Cisco Unified Communications 9.0 continues to maintain a database synchronization between the CUCM

publisher and the first CUCM IM & Presence node. This is similar to the relationship between CUCM and CUP

in earlier versions.

CUCM Publisher – define CUCM IM & Presence Server, define Application User, Setup & Service

Activation

All nodes in the CUCM cluster utilize IPsec authenticated communication. Each new node has to be added to

the CUCM publisher before it can be activated.

https://cucm01-bc.bootcamp.com/ccmadmin navigate to System -> Application Server and select Add New

https://cucm01-bc.bootcamp.com/ccmadmin


8. CUCM publisher add application server CUCM IM & Presence

Database synchronization utilizes the CUCM AXL API for that reason the service needs to be activated and

started on the CUCM publisher node and an AXL enabled application user must be provided.

Warning!!! The default CUCM administration user created during install does have the required

privileges and could be utilized for this purpose. As a best practice this chapter shows the creation of

a distinct user that ONLY has the required privileges for this purpose.

From https://cucm01-bc.bootcamp.com/ccmadmin navigate to User Management -> Application User

1. CUCM Create Database-Sync AXL Application User

Select Add New and enter the parameters as show in the figure below.

https://cucm01-bc.bootcamp.com/ccmadmin


2. Add New Application User details

CUCM Serviceability – verify that the AXL service is activated (the other services shown are already activated

for other parts of the lab to function).

3. CUCM Services – Activation CM Service

4. CUCM Services – Activation Database and Admin Services

On the bottom of the page select Add to

Access Control Group

2. User Access Control Group

Select only the Standard TabSync User

group


5. CUCM Services – Directory Services

CUCM IM & Presence – Post Install Dialog

After the installation of CUCM IM & Presence is completed when logging into the administrative web-

interface (https://cup01-bc.bootcamp.com/cupadmin) for the first time the post-install dialog is presented.

Through this dialog the CUCM IM & Presence node is added to the CUCM cluster and synchronization is

established. First to pages of the dialog below show the connectivity parameters and the CUCM cluster

security password needs to be entered.

6. CUCM IM & Presence Post Install Page 1

Next the application user configured in the previous chapter is configured. Final screen shows the summary

of all parameters configured.



4. CUCM IM & Presence Post Install Summary

https://cup01-bc.bootcamp.com/cupadmin



IMPORTANT NOTE: ….YOU MUST CONFIGURE ALL THE ITEMS OF THIS CHAPTER ON THE MACHINES!

Service Discovery - DNS Configuration Cisco Jabber for Windows provides fully automatic service discovery. DNS SRV (Service Location) records are utilized to provide these capabilities. SRV allows a universal location of services, it can be seen as an evolutionary step form MX records which are used to locate SMTP (e-mail) hosts for the domains. The client needs to know the well-known service name (in our case it is _cuplogin) and a protocol (in our case _tcp). The result of SRV DNS query is a host name (or list of those), with parameters of priority, weight and port number. Notice the underscore character is used to avoid collisions in host names as per RFC2872 (“_” is illegal character for A and PTR DNS records). In this lab we run DNS Server on the Active Directory Domain Controller. You are supposed to configure it on that machine

Configuring DNS SRV

Configure the DNS SRV records based on a Microsoft Windows Server 2008 R2, as per example below. As the lab consists only of a single server deployment there is only one SRV entry. In environments where multiple servers are deployed additional SRV records provide redundancy. To do that please go in RDP to the AD/DC server where also DNS is running, launch the DNS management console. Right click the bootcamp.com domain and select Other New Records…, scroll down the list, select Service Location (SRV) and click Create Record… In the SRV record window enter the service name will be _cuplogin, protocol _tcp and port 8443. The port can be left to <Blank> to use the client’s default value (8443). In our case, the host offering this service is going to be cup01-bc.bootcamp.com, so please populate the related field with this value. Note: Please note that the “service” and “Protocol” field must be manually populated, you will not find the values pre-configured in the drop down menu items….


1. Windows Server 2008 R2 DNS SRV configuration

How to verify the DNS SRV configuration

NSLOOKUP can be used to verify that the SRV records are correctly configured. This is particular important in environments where DNS configuration is handled by different organizational entities. By default the NSLOOKUP tool queries either DNS A records - mapping a name to an IP address or PTR records mapping IP address to DNS names. First start nslookup (in the example for windows start a command prompts and enter nslookup). Next set the query type to SRV -> set type=SRV > _cuplogin._tcp.bootcamp.com This will return the DNS A records pointing to CUCM IM & Presence


2. DNS SRV records verification

The machine in the example above had IPv6 enabled, which is not required and can be ignored to the purpose of this exercise.



Basic AD Integration & Tuning

Important NOTE: Due to small amount of time we have for the lab, the first part of the chapter has been already pre-configured for you so please follow the guide, check the configuration on the machines but not change or repeat the configuration itself. In this module, the student will focus on integrating CUCM with the AD infrastructure. First we will configure the CUCM integration with AD for user sync and authentication and then we will start to configure one of the two possible mode (EDI/UDS) for contact search in AD from the Jabber client and in particular the default one (EDI). Let’s start with a basic AD integration for User Sync and Authentication. On the CUCM, create a new LDAP system under System -> LDAP -> LDAP System


Then go to the LDAP Directory configuration (System -> LDAP -> LDAP Directory ) and add a new profile with the following parameters:

Then go to the LDAP Authentication configuration (System -> LDAP -> LDAP Authentication ) and add a new profile with the following parameters:


Once configured go to previous menu (LDAP Directory) and force a manual update.

When the system has finished to sync go to the user page and check that all the users information has been synced. Check also the information that are synced from AD in the user page (email, Department, etc..)


Important NOTE: Pre-configured tasks stop here so ….Starting from the next step you have to configure all the items on the machines! As you can notice in the AD the phone number are in +E164 format. Being the extension associate to the

users a private one with 3 digits we need to configure a Translation Pattern to translate between the two

formats. This will permit us to use and the number that are in the AD, strip the prefix and map to the internal

extensions assigned to Jabber devices.

Go to the Translation Pattern (TP) menu under Call Routing menu and add a new one:



Now next step will be to define the new Service Profiles that will be downloaded from Jabber client and will

include several configuration parameters to be used for contact search and other stuff.



CUCM/CUP - User & Device configuration In this module, the student will focus on creating the CSF device for the two Jabber users plus creating all the other Policy and Template needed to pass the right parameters to the clients. Last, all these elements will be associated to the users.

Let’s start creating the CSF devices needed for Jabber to work in Softphone Mode. Add a new CSF device for User Alice Adams adding all the following parameters: NOTE that BFCP is active by default for CSF devices with CUCM 9.0 so you don’t need to modify the standard SIP Profile assigned to the device itself.



Here pay attention to enable/disable CSF for Video if this is a requirement.


Now you can add a new line (ext. 100) to the CSF device just created, clicking on the “Add a New DN” button

on the top left angle of the page:

You will now see the full Directory Number page configuration, you must change only the parameters

reported in the pages below, leaving the other to the default values:


After saving the line configuration (Pressing the Save button), scroll down to the end of the page and

associate the end user with the line.

Repeat the same steps for Bob Banks and Cathy Chung. All the related informations are reported in the User

Table at page 3.


Introduction to Service Profile Concept

A service profile is a logical collection of UC services defined by a UC administrator. A profile can be

comprised of one or more services and assigned to users.

The Administrator defines a service profile that includes voice mail, presence, conferencing, CTI

server information.

The Administrator synchronizes the users from LDAP directory (note this is not mandatory although

it is highly recommended).

For LDAP Synced users in 9.0, the “Home Cluster” and “IM and Presence Enable” flags must be done

manually via the End User Configuration Page or via BAT.

The Administrator should mark one service profile as the default so that all users will get this service

profile without having to do any per-user association.

Users that require profiles other than the default will need to be manually associated from either the

End User Configuration page or via BAT.

Service configuration is done in the UC Service configuration page accessed from the User Management

User Settings UC Service menu. Once services have been defined they can be added to an existing or new

service profile.

Service Profile configuration is done in the Service Profile configuration page accessed from User

Management User Settings Service Profile menu. Once created there is an check-box at the top of the

page to make this the default service profile for the system. It is recommended that this is done for at least

one service profile per cluster.

Therefore, first we need to create all the UC service element that will be inserted into the Service Profile and

at the end assigned to the end users.



Please note that in this case we are not defining any specific UC profile for AD integration because we are

using EDI, that is the default behavior and permit the client to connect to AD using native PC’s Domain

Logon information (DC, credential , etc..).

Now we will create the first Service Profile (for EDI users) selecting all the UC Service defined before:


Set the name of the profile and set it the default service profile for the system.

Make sure you UNCHECK “Use UDS…”


Now we need to associate the Service Profile just created to the user Alice Adams:


Here below the main point – we define that this is the CUCM Home cluster for the user, that this user is

enabled for IM and the Service Profile to associate is the one just created (Please note that for a CUCM bug

sometimes the settings are not full saved, the suggestion is to click anywhere on the page after you

selected the IM profile….and check that really have been saved):

At this point we need to associate the users to the csf devices created before. This is needed because:

When the client tries to register to the cucm it asks for the devices “associated” to the userid transmitted during the logon process

The cucm checks the association that we will configure now and reports back to the client the device-id.

Last, the client will ask to the TFTP server the configuration of the device-id just received and will try to register it to the cucm.

To achieve this click on device association button:

Search for available devices and select the CSF “csfaadams” just created:


Click on “Save Selected Changes”:

Click on “Go” near the “Back to User” links:

Now we need to associate the right line appearance to the user. Note, this is needed because only this line will be monitored by the Presence Engine and the related “Busy” status will be reflected on the client as “In A call..”. To achieve this click on the “Line Appearance Association for Presence” button:

Search for the available extension numbers and select the right one for Alice A. (Directory number 100). Click then “Save” to confirm the choice:


In the Directory Number Associations field select the Primary Extension among the possible choices. Note that in this case we have only one extension associated to the users but we need in any case to select it:

Last we need to assign to the users the right level of authorization to interact with the cucm and register

devices. To do it please select the option “Add to Access Control Group”:

Press “Find” to search for all available pre-defined access level and select “Standard CCM End Users”:


Click on “Add Selected” button:

Now you will go back to the main page of the user and you will see the following scenario:


Click on the “Save” Button:

If you scroll down again to the end of the page you should now see the following picture where the specifics

“roles” have been assigned to the user:

Remember you have configured CTI Profile previously. We are not going to control any phones in this lab but

in order to do so you would also need to add the user to Standard CTI Enabled and eventually to Standard

CTI Allow Control of Phones supporting Xfer and conf (if you are using 89xx or 99xx phones) groups.

Please verify user configuration and repeat same steps for the user Bob Banks and Cathy Chung, following

the information reported in the table @ page 3.

Last step is to go on the IM & Presence node (10.52.226.71) and add some the minimal information still

required from the client to logon to presence server and retrieve the IP address of the CUCM for TFTP and

CCMCIP services.

Go to Application – Legacy Client – Setting and add TFTP servers here:


Leave the other value as standard.


Now go to the to Application – Legacy Client – CCMCIP Profile and add the CCMCIP hosts as primary and

backup node. Select also the other options showed below:

The Server side configuration for the basic logon of the client is now ended.



Jabber Installation and Logon In this module, the student will focus on creating the CSF device for the two Jabber users plus creating all the other Policy and Template needed to pass the right parameters to the clients. Last, all these elements will be associated to the users. For the first user (Alice Adams) we will install the client and manually configure the connection parameters: Logon via RDP to the PC “Alice Adams”, go in the “Lab_Material” folder on the desktop and run the “CiscoJabberSetup.msi” install file from the installation zip file. When the installation finishes you will receive this welcome screen, fill in the fields as follows:

C

At this point click Save


and insert the logon credential for Alice Adams:

When the client logs on you will be able to search and add people to the buddy list but you will notice a

red error icon on the right Bottom side on the client – there are issue with CUCM registration!

At this point go to Options – Phone Accounts and fill with CUCM userid and Password for Alice Adams:

Note: go to “Advanced” and check that the CUCM IP address is reported there (from where has it been

taken?)


Click ok and you should go back to main buddy list view without the error notification received before.

At this point this client is active both for IM/Presence and Voice/Video.

Repeat now the same step for Bob Banks and when also Bob’s client is active you can start to make

some test of chat and audio/video calls. But for Bob, at the login screen you can now use the “use

default server” option for the “Login Server” menu because we configured the DNS SRV record before

so the client should be able to take the info from there, enhancing the logon user experience. In any case

remember to select the “Presence Server” as “Server Type”:

Please note that we are using VM and the Webcams are simulated using a Virtual Driver so you will only

get a sequence of photo rotated regularly as video on both side. To obtain this result you need to launch

the related program “VirtualCam” after the logon on the Jabber clients.

Last step is to install Jabber on the third PC (Cathy Chung). In this case we will test the new capability to

customize the MSI installation giving specific parameters.

You can in fact specify command line arguments to apply properties to Cisco Jabber for Windows during

installation. Please follow the following steps to test it:

Open a command line window.

Change the directory to the one where the Jabber MSI installation file is located

Specify the following command to install Cisco Jabber for Windows:

msiexec.exe /i CiscoJabberSetup.msi TYPE=CUP ADDRESS=10.52.226.71 DOMAIN=bootcamp.com

/quiet


Where:

TYPE=CUP specifies Cisco Unified Presence as the presence server type.

ADDRESS=10.52.226.71 specifies the IP address of the Presence Server

DOMAIN=bootcamp.com specifies the domain name of the presence server.

When the installation finish launch the client and verify that the parameters configured are there. Go to

File – change Connection Setting :



Photo integration using Binary Object in AD

In this module, the student will focus on the first method to retrieve photo – “Binary Object” information inserted in one of the AD attribute (thumbnailPhoto). Microsoft Office 2010 uses this attribute to display the user picture in the contact cards. Utilizing this attribute to store the pictures i.e. for use with Microsoft Office 2010 will automatically enable Cisco Jabber for Windows to consume these pictures without any configuration (in the default EDI mode). !!! WARNING !!! Adding large binary objects to Active Directory could have far reaching consequences as it affects the replication in distributed environments where consuming bandwidth and in certain scenarios over slow speed WAN links can impact other mission critical transmissions. Storage of large objects could also significant increase the directory partition size. All these aspects should be taken into account when considering this possible deployment method.

Uploading binary Pictures into Active Directory

In the past 3rd party tools where required to upload pictures in binary format into Active Directory. With Exchange 2010 there is now a command available from the Exchange management shell that allows an administrator to directly upload pictures into AD. The thumbnailPhoto directory attribute is used to store the picture information. Using the Exchange management shell method to upload the objects into AD, the maximum object size is 10k - pictures have to format to that limit.

Verifying Status of Pictures in Active Directory

Before uploading pictures into AD one might want to verify if there is already data in the thumbnailPhoto object. ADSIEdit does provide the means to very the status of directory attributes. !!! WARNING !!! Using ADSIedit does pose certain risks especially when used against a production environment. It provides object level access to components in Active Directory with only limited protection against “unintended consequences”! It’s strongly advised to ask a directory administrator to perform any changes or verification in none lab environments! So just for educational purposes here are the steps to operate ADSIedit:

Logon to via RDP to the AD DC server (RDP Shortcut on Windows 7 Desktop) and search for “ADSI edit”…


1. Launch ADSIedit

In the lab setup all users are in the container my-user. Right click on Alice Adams and select Properties

2. ADSIedit select user

The following dialog shows all the attributes configured for this user.

5. ADSIedit show all attributes


3. ADSIedit show user properties

By default ADSIedit only shows the attributes that have a value associated – if you can’t see thumbnailPhoto in the list of attributes there is no data associated. The previous figure shows how to change the filter settings to show all attributes.

Upload pictures with Exchange 2010 Management Shell

Logon to via RDP to the Exchange 2010 server (RDP Shortcut on Windows 7 Desktop) and launch the Exchange management shell.

Use the Import-RecipientDataProperty command to upload the pictures into Active Directory. The format and parameters of the command are as follows: Import-RecipientDataProperty –identity <username> -picture –filedata ([Byte[]]$(Get-Content –Path “<full qualified path to picture file>” –encoding byte –readcount 0)) Please modify the command according to the example below.

4. Example Exchange management shell upload picture


Verify Picture Upload in Active Directory

Depending on the structure and size of the Active Directory topology it can take some time to replicate to all domain controllers. To verify that the pictures are stored in the Active Directory object we can utilize again ADSIedit (please see previous paragraph for details). Figure below shows the thumbnailPhoto object populated with binary data.

5. ADSIedit thumbnailPhoto populated

Verify picture are downloaded by the Jabber client

Now, to verify that Jabber clients are able to download the Photos you should go in RDP to one of the PC and

follow these steps:

Logout from Jabber client

Login to Jabber client

Select the users in the buddy list, right click on it and force a profile update using the “view profile”

option



Photo integration using Web Server and URI substitution In this module, the student will focus on configuring Photo Search from Jabber client with the second possible method called “URL substitution”. Some additional info before jumping to config side:

Client will dynamically build a URL to a photo based on an admin defined URL template and the

contents of a directory attribute

Client can read a number image types including JPG,PNG& BMP

Recommended size is 128x128 pixels but client will resize images and crop images to display them

This method can the used only when the client is connected to a CUP server


As for the other configuration analyzed until now, the goal is to have everything configurable via policy

using CUCM. In this moment the CUCM and Jabber client are not ready yet to have this info passed using

inband policy so we will have to use the backup behavior of using an XML file created ad-hoc for this

reason. The Jabber client, at the startup will ask by default for a file with the name “Jabber-config.xml”.

Here below an example of the file:

In our case we are taking the photo from a web server co-resident with the Exchange machine (URL is

http://exchange01-bc.bootcamp.com/photo/photo_file_name.png).

The AD attribute used to make the search and match the photo’s file name is the “company”. The XML

file that we will use is the following:

<?xml version="1.0" encoding="utf-8"?>

<config version="1.0">

<Directory>

<PhotoURISubstitutionEnabled>True</PhotoURISubstitutionEnabled>

<PhotoURISubstitutionToken>company</PhotoURISubstitutionToken>

<PhotoURIWithToken>http://exchange01-bc.bootcamp.com/photo/company.png</PhotoURIWithToken>

</Directory>

</config>

http://exchange01-bc.bootcamp.com/photo/photo_file_name.png


In our case the goal is to enable only Alice Adams’s clients to retrieve and show the photo for the users

in the buddy list using this method instead of the default one (binary Object in AD). To be able to do it

only for Alice we will configure the client to download a specific xml file called “jabber-config-

group2.xml”:

To do this we will need to upload the xml file first to the CUCM so please logon on PC1, go to directory

“Lab Material” on the desktop and you will find the XML file (“Jabber jabber-config-group2.xml”) ready

to be uploaded. Go to the cucm console, select “Cisco Unified OS administration” from the right menu

and follow instructions to upload the xml file:

At this point you will need to restart the TFTP service on the CUCM so that CUCM “read” the new file.


Only thing missing now is to force the csf associate to Alice to download this file. To do this go to the CSF

device “csfaadams”:

Then in the Desktop Client Setting insert the following string that is telling to the client to download a

specific xml file called “jabber-config-group2.xml”:


For your reference the xml file is the following:

Now, to test the new integration go in RDP to Alice’s PC and follow these steps:


Clean the Photo cache going to the Photo shortcut folder that you find on the desktop and deleting

all the photos

Clean the Jabber Client History going to the related directory under the CSF shortcut you find on the

desktop and deleting the files under “CSF\History” folder


Select the users in the buddy list and force a profile update using the “view profile” option

You should notice that compared with other clients Pictures are different because in this case we are

forcing the use of an attribute (company) to make the URL substitution and we created on the web

server (Exchange machine) different picture files from the one uploaded in AD as binary object, with

names mapped to this attribute. The names of the photo files are “userid_corp” and the “company”

AD attribute is filled with this type of string.




Outlook Integration for Presence and Click to X

In this module, the student will focus on mandatory steps required to have a full working integration scenario with Outlook 2007 and 2010 for Presence and Click to X functionality. To enable Cisco Jabber for Windows integration with Microsoft Office, you must configure an attribute in Microsoft Active Directory to enable Cisco Jabber for Windows users to share presence. You need to add a new value to the proxyAddress attribute in the following format:

SIP:user_sip_uri Example: SIP:[email protected] To apply this change to multiple users (full organization if needed) very quickly we released a bulk update tool called “Cisco AD Wizard”. It is included in the Jabber administration pack, downloadable from CCO. To use in the lab please RDP to AD DC using administrator account, go to the “MSO10ADSWizard” folder that you can find on the desktop and you will find the tool to launch. At this point follow the wizard and you should receive a notification without errors:

sip:[email protected]


NOTE: As you are about to perfom that action from AD DC, it will refer to the administrator user, instead of the aadams user shown in the screenshot above.


(The LDIF filename is auto-generated and will be different, that’s fine) You can check the log files under the MSO10ADSWizard\LDIF_Files to see the users that has been found and changed:

To verify that the changes have been applied correctly open outlook, display a contact card, select the “outlook properties” option as reported in the following screen shot. You should receive a list of two elements in the Proxy Attribute field – one for SMTP email address and one for SIP address.

NOTE: It can take time to sync the new contact info so you can force the Outlook Offline Address Book creation on Exchange and the download from the client: 1. RDP to Exchange Server using Administrator account, open the Exchange Management Console and go

to the option to re-create the Offline Address Book


Select the Offline Address Book Tab, select the only item you find in the list, right click on it and select update:

2. After some minutes Open Outlook in the first client and go into the related option in the following menu

(File – Info – Account Setting – Download Address Book…):


Once download finishes repeat the previous check in the contact card. Now you can do the same process for the other users.


Note: an alternative way to check the script result would be to use the AD tool called “ADSI Edit”. To use it please do the following steps:

1. Logon on AD DC. 2. Start the ADSI Edit tool. 3. Expand the appropriate domain. 4. Open the organizational unit (OU) that contains the appropriate users. 5. Select one of the users 6. Right click on properties and search for the proxyAddress attribute 7. Verify the values associated to this attribute.



Directory Lookup Rules to complete Photo Integration in alerting

and connected call status.

In this module, the student will focus on some additional and optional configuration to complete the Jabber integration with Photo retrieval method. As you have noticed in the alerting pop-up and in the session window the photo and the additional user information are not showed. This is mainly because Jabber makes lookup search of the contact based on the calling number received during the alerting and connected phase of the call signaling setup. In our case the extensions are 3 digits long while the numbers in AD are full +E.164 so Jabber is not able to find the contacts…. Jabber need therefore a Directory Lookup Rules set to make a translation between the Private number that is receiving from the signaling path (XXX format) and the E164 number assigned to the users in AD (+498115543XXX). So we will need a Rules that add the Prefix “+498115543“ to the 3 digit extensions. To implement this step go to the CUCM admin page under Call Routing – Dial Rules – Directory Lookup Dial Rules:

Now create a dial rule for number 1XX, adding the prefix +498115543 as reported here:


Repeat the same steps for prefix 2XX, 3XX. At this point we need to apply a specific “.cop” file to tell cucm to “read” the application dial rules and public them on the TFTP to be downloaded by Jabber client. We already uploaded this file to a local FTP server, you would normally find it as part of the Jabber Admin pack available on CCO. To install the file, go to the CUCM interface - Cisco OS Administration section and follow the steps below. Use 10.52.226.73 as Server, “administrator” as username and “C1sc0,123” as password. There should only be one valid .cop.sgn file available to install.


Click next to access the FTP server. Now, from the list of file existing on the ftp server select the one related to the Dial Rules:

Select next and wait for the installation to finish. When is done you can go on the three PC, logout and login to the Jabber client and the client will download the rules just created. Try to make a call between the two of them and you will see alerting popup window and session window with name, roles and photo:




Using CUCM User Data Service (UDS) for Directory Integration and

Photo Lookup

In this module, the student will focus on an alternative method to enable Jabber integration with AD using CUCM User Data Service (UDS).

To test this scenario we need to force one of the clients to use the new UDS Service Profile to make lookup search in AD for contact resolution and photo retrieval. Now we will create the second Service Profile (for UDS users) selecting all the UC Service defined before and changing only one parameter, related to UDS obviously:


Here below you will see the important parameter to flag…the one called “Use UDS for contact resolution”:



Now we need to associate the Service Profile just created to the user Bob Banks:

NOTE: in the current deployment stage of Jabber the client is not able to retrieve this info from the cucm

so we will need to create and force the download of a specific xml file to Bob’s client. Same scenario will

be in any case needed for cucm version older then 9.X

Upload the file “jabber-config-group1.xml” from the Lab_Materials directory of Alices’ Win7 machine to TFTP

directory of CUCM & restart the TFTP server.


The xml file looks like this:

The File will tell to client to use the “uid” attribute of UDS (mapped to user’s userid) to make the complete

URL and will search on the specified Web Server for a file name “userid.png” to be used like photo image for

the users (note that the images here are different from the others we used until now for the same user….you

will discover which one are the new….).

Only thing missing is to force the csf associate to Bob to use it. To do this go to the CSF device “csfbbanks”:


Then in the Desktop Client Setting are please insert the following string that is telling to the client to

download a specific xml file called “jabber-config-group1.xml”:

Now, to test the new integration go in RDP to Bob’s PC and follow these steps:


Clean the Photo cache going to the Photo shortcut folder that you find on the desktop and deleting

all the photos


Select the users in the buddy list and force a profile update using the “view profile” option

You should notice a couple of differences compared with other clients

o we are missing some information due to fact that some attribute are not synced from AD

into CUCM Directory

o Pictures are different because in this case we are forcing the use of another attribute to

make the URL substitution (“userid” instead of “company”) and we created on the web

server (again the Exchange machine in our case) different picture files with names mapped

to userid attribute instead of company attribute.




Adding Custom Embedded Tab Embedded tabs allow to include a web page inside Jabber client. They can be useful for quick information or

a content which may be used by Jabber client to establish a communication (e.g. corporate directory).

In this example we will include a Twitter inside Jabber. Again the configuration is provided by XML file.

For your reference the file contains this:

Upload the file jabber-config-group3.xml to CUCM's TFTP directory and restart the TFTP server. Then go to

the Cathy Chung's CSF device and set the Cisco Support Field to configurationfile= jabber-config-

group3.xml.

Then exit from the Jabber client (do not just sign out) and start it again.

<?xml version="1.0" encoding="utf-8"?> <config version="1.0"> <Client> <jabber-plugin-config> <browser-plugin> <page refresh="true" preload="false"> <tooltip>Twitter</tooltip> <url>https://mobile.twitter.com</url> </page> </browser-plugin> </jabber-plugin-config> </Client> </config>



New Provisioning method to enable User for IM&Presence and

deploy CSF devices

In this module, the student will focus on a new and alternative method to deploy Jabber. This new Provisioning Method is based on the definition and utilization of two templates:

Universal Device Template

Feature Group Template

Once defined these two templates, we will be able to enable a specific user for Jabber and create in

automatic way also the CSF device to associate to him, with the correct extension number assigned to

the line.

First of All we have to define a new Universal Device Template, to do that you have to go to the menu

option “User Management – Universal Device Template”:

Click on “Add new”…..


Insert the appropriate info in the different fields, as reported in the following screen shot:


We can also pre-populate some information regarding the lines that will be created following this

device template:


As you can note it is possible to associate to some field a list of pre-defined parameter…these will be

substitute with real value taken from User’ info when the template will be used:

Change the device setting as reported below, leave the other field as default and then press “Save”:


Now we can jump back and start creating the “Feature Group Template”. To do it please go to the menu

reported below:


Now you can insert all the information that will be used as “Feature Template” later when we will create

users from scratch or we will enable users just imported from AD. Please follow the example below:


With this step we have done with the template creation. Next step will be using these templates for a

“new” user just imported from AD into CUCM.

Go to the alternative “End Users” option under the “User management - Quick User/Phone Add” sub-

menu:

In the list of imported users from AD you will have to select “Luca Pellegrini” that has never been

configured until now:

UDT_Template_1


Insert the following information, verifying that the values are really saved:


Now we have to assign one of the free extension numbers that are available to the Primary Extension

field (this value will be assigned to the line that will be created):


NOTE: if there are not free extension numbers in your POD you will have to create some

in the range 101-105 going to the following menu “Call routing – Directory Number”:



Click on “Add new”:

Once inserted you will be able to select in the user previous user page the extension 101:


Click anywhere on the page to be sure that all the value are maintained in the fields (possible cucm bugs

here..) and then Click on “Manage Device” to add a new device associated to this user:

The following empty table will appear:


Click on “Add new Phone” and insert the info related to the CSF device that will be created:

Click on the “Add Phone” blue button and verify that the device info has been saved:


At this point you can select the “Back to the User” menu option on the right side of the page and click the

Save Button.

Now what will happen is that all the info inserted will be used to modify the parameters associated to

the user Luca Pellegrini, create a CSF device, associate it to the same user, create a line on the device,

enable user for IM&Presence.

You can therefore go now around the menus verifying what the system has done automatically

for you!


Cisco Jabber Lab – Reference

Configure Automatic logon to CUCM using same credential as

IM&Presence Node

In this module we will quickly describe how to enhance the logon user experience removing the secondary manual logon needed to give the correct credential to CUCM for CSF registration. In our specific case, that is also a very common scenario for the customer, the same logon credential used for the IM&Presence node can be used to logon to the CUCM because both are synced from AD. Mainly, to instruct Jabber to use the same credential for both services we need to give to the client a specific parameter using again the xml file. Here below you can see the specific lines that we need to insert in the XML files that we created already for other reasons:

<?xml version="1.0" encoding="utf-8"?> <config version="1.0"> <CUCM> <PhoneService_UseCredentialsFrom>presence</PhoneService_UseCredentialsFrom> </CUCM> </config>

So, if you have still time left, you could now use one of the two xml files you have on the Pod’s PC under the “Lab_material” folder, add the lines just commented, save the file with the same name and upload it again on the CUCM using TFTP file upload menu. Once done you can logout and login again in the Jabber client associated to the XML file configuration that you modified (Alice or Bob) and you will notice the difference going in the “File – Option” Menu. Please look at the following two screen shots:


On the Left you see the standard view with the tab “Phone Account” where you must insert the CUCM credential, this is the view you had BEFORE the configuration change

On the Right you see the view you should have on the PC you have modified, where the “Phone Account” tab is not present anymore but the CSF device is still registered on the cucm correctly. You can see that everything is working fine because the icon in the right bottom angle of the client is without red alert….


You are done. Congratulations !

Documents

PVT 2012 Lab Cisco Jabber