Disclaimer
The contents of the document may be revised by AT&T at any time without notice. Please consult the Service Guide for details of the service and features available with the product available at AT&T Unified Communications Service Guide.
© 2015 AT&T Intellectual Property
© 2015 AT&T Intellectual Property. All rights reserved. AT&T, AT&T Globe logo, and all other marks contained herein are trademarks or service marks of AT&T Intellectual Property and/or AT&T affiliated companies.
© 2015 AT&T Intellectual Property. All rights reserved. AT&T, AT&T Globe logo, and all other marks contained herein are trademarks or service marks of AT&T Intellectual Property and/or AT&T affiliated companies.15 of 15
Introduction
AT&T Unified Communications (UC) Federation allows companies to connect the Presence and Instant Messaging (IM) capabilities of their existing supported UC deployment to that of their partners. With this service, end users can use their current tools to contact end users at federated companies as easily as they do users in their local system.
Customer administrators can configure and manage the policies of AT&T UC Federation as well as monitor system performance by using the UC Federation portal. It allows administrators to control communication parameters by company, domains, groups, and users for all federated companies.
Industry standard methods are used to connect companies’ UC systems over an encrypted broadband connection to AT&T UC Federation. This document provides the steps required to configure your UC solution and related network components for connection to AT&T UC Federation. The steps are listed below and described in detail in the following paragraphs.
· Step 1: Provide AT&T with information about your company, requested order, and contact people
· Step 2: Configure your UC system(s)
· Step 3: Federate Microsoft® Exchange Calendar with UC Federation
· Step 4: Access the UC Federation portal
· Step 5: Verify the configuration
Current Order Level Confirmation
The undersigned, on behalf of Customer, acknowledges that the information provided by Customer within this Configuration and Order Guide is accurate information pertaining to the service order under the AT&T UC Pricing Schedule between the parties.
NOTE: The order quantity in this document sets the minimum subscription quantity for which Customer will be invoiced under the Pricing Schedule, according to its terms.
Customer(by its authorized representative)
By:
Name:
Title:
Date:
Step 1. Before Connecting
Please provide the following information to your AT&T sales representative.
Table 1. Company Information – Information about your company and the UC system(s) you will connect to the AT&T Federation service
Item / Customer Information /Company name
Vendor and version of the UC system(s) your company uses for Presence and IM
IP Address or FQDN (Fully Qualified Domain Name) for the Federation front end server
Conference service FQDN (XMPP based UCs only)
Domain(s) requested to be federated (please list all)
On-premises or hosted UC platform
Location of system gateway(s)
Vendor and version of Federated partner UC system(s)
Domain(s) of Federated partner
Table 2. Information about the Calendar system(s) you will connect to the AT&T Federation service
Item / Customer Information /Exchange Server IP (Internet Protocol) Address: Port
AD (Active Directory) Server IP Address: Port
Directory Search (No/Automatic/Scheduled)
Exchange FQDN
Exchange Certificate Authority
Valid e-mail address (user for Calendar Federation) for testing
Sample User SID (Security ID) for Calendar Federation Test and Turn Up (TTU) process
Location of calendar server(s)
Table 3. Current Selected Federation Subscriptions - Order Confirmation
Item / Customer Information /Federation Subscriptions (Quantity*): Basic
Federation Subscriptions (Quantity*): Standard
Federation Subscriptions (Quantity*): Premium
Federation Subscriptions (Quantity*):
Calendar add-on
* Maximum quantity of 25 total for Trial engagements.
Table 4. Primary Contact Person – Technical contact that will be working with AT&T
Item / Customer Information /Name
Office phone
Mobile phone
Work address
Comments
Table 5. Secondary Contact Person – Additional or alternative technical contact that will be working with AT&T
Item / Customer Information /Name /
Email /
Office phone /
Mobile phone /
Work address /
Comments /
Step 2. Configure Your UC Systems(s)
To configure your UC system(s) for interconnection with AT&T UC Federation:
1. SIP Based Unified Communication System
a. Configure your firewall to support the interconnection between the UC System and the AT&T UC Federation Gateway.
Outbound:
i. Source: Customer Unified Communication Server
ii. Destination: “ucfeds.uccentral.att.com”
iii. Port (TCP): 5061 and 443
Inbound:
i. Source: 12.130.2.100, 12.130.2.101, 12.130.2.102, and 12.130.2.103
ii. Destination: Customer Unified Communication front end Server
iii. Port (TCP): 5061 and 443
- Configure your UC system(s) to enable the Federation option and to route Federation traffic to the AT&T UC Federation domain.
c. Create public SRV records to allow your federated partner’s UC Enterprise server to locate the service per federated domain. Repeat this step for each federated domain:
_sip._tls.your_sip_domain.com IN SRV 10 10 443 sip. your_sip_domain.com
_sipfederationtls._ your_sip_domain.com IN SRV 10 10 5061 sip.your_sip_domain.com
sip.your_sip_domain.com IN CNAME ucfeds.uccentral.att.com
2. XMPP Based Unified Communication System
a. Configure your firewall to support the interconnection between the UC System and the AT&T UC Federation Gateway.
Outbound:
i. Source: Customer Unified Communication Server
ii. Destination: “ucfedx1.uccentral.att.com”, and “ucfedx2.uccentral.att.com”, and “ucfedx3.uccentral.att.com”
iii. Port (TCP): 5269
Inbound:
i. Source: 12.130.2.100, 12.130.2.101, 12.130.2.102, and 12.130.2.103
ii. Destination: Customer Unified Communication front end Server
iii. Port (TCP): 5269
- Configure your UC system(s) to enable the Federation option and to route Federation traffic to the AT&T UC Federation domain, ucfedx1.uccentral.att.com.
- Create public SRV records to allow your federated partner’s UC Enterprise server to locate the service per federated domain. Repeat this step for each federated domain:
_xmpp-server._tcp.your_xmpp_domain.com IN SRV 10 10 5269 ucfedx1.uccentral.att.com
For Microsoft Lync UC Systems
a) On your Lync server, enable federation and configure the following. Repeat this step for every federation partner.
· Add the federation partner’s domain in the Domain Name field or the FQDN field
· Add the AT&T UC Federation connection (ucfeds.uccentral.att.com) in the Access Edge Service field or the FQDN field, set port to 5061
b) To enable AT&T to obtain the required Trusted Certificate Authority to add your domain into the UC Federation SAN certificate, GeoTrust the Trusted Certificate Authority will contact your domain owner to get authorization to include the requested domain(s) to be added as a Subject Alternative Name in AT&T UC Federation certificate. Your publically listed domain owner will be notified and instructed by GeoTrust on how to complete the domain authorization form and submit in a timely manner.
Additional configuration help can be found on the Microsoft website at the following link: technet.microsoft.com. Search for “Setting up Lync Federation.”
For Microsoft Office 365 UC Systems
a) On your Office 365 server, enable federation and configure the following. Repeat this step for every federation partner.
· Add the federation partner’s domain in the Domain Name field or the FQDN field
· Add the AT&T UC Federation connection (ucfeds.uccentral.att.com) in the Access Edge Service field or the FQDN field, set port to 5061.
b) To enable AT&T to obtain the required Trusted Certificate Authority to add your domain into the UC Federation SAN certificate, GeoTrust the Trusted Certificate Authority will contact your domain owner to get authorization to include the requested domain(s) to be added as a Subject Alternative Name in AT&T UC Federation certificate. Your publically listed domain owner will be notified and instructed by GeoTrust on how to complete the domain authorization form and submit in a timely manner.
Additional configuration help can be found on the Microsoft website at: technet.microsoft.com. Search for “Setting up Office 365 Federation.”
For Cisco Jabber UC Systems
To redirect non-Federation traffic back to your existing server, use:
_ucfedxmpp._tcp.your_xmpp_domain.com IN SRV 10 10 5269 your_xmpp_domain.com
a) Under the Cisco Unified Communications Manager (CUCM) IM and Presence Administration settings, enable XMPP Federation under Inter-domain Federation configurations.
NOTE: Make sure to select “TLS Required” in the Security Mode.
b) Under the Cisco Unified IM and Presence Serviceability settings, activate the Cisco eXtensible Communications Platform (XCP) XMPP Federation Connection Manager service in Service Activation.
c) To enable AT&T to obtain the required Trusted Certificate Authority to add your domain into the UC Federation SAN certificate, GeoTrust the Trusted Certificate Authority will contact your domain owner to get authorization to include the requested domain(s) to be added as a Subject Alternative Name in AT&T UC Federation certificate. Your publically listed domain owner will be notified and instructed by GeoTrust on how to complete the domain authorization form and submit in a timely manner.
Additional configuration help can be found on Cisco’s website at the following link: Cisco.com. Search for “Configuring Cisco Unified Presence for XMPP Federation.”
For IBM Sametime UC Systems
a) On your Sametime Gateway, enable federation and configure the following:
· Add the federation partner’s domain in the Domains field
· Select Translation protocol for STGW
· Add the AT&T UC Federation STGW connection to ucfeds.uccentral.att.com, set port to 5061
b) To enable AT&T to obtain the required Trusted Certificate Authority to add your domain into the UC Federation SAN certificate, GeoTrust the Trusted Certificate Authority will contact your domain owner to get authorization to include the requested domain(s) to be added as a Subject Alternative Name in AT&T UC Federation certificate. Your publically listed domain owner will be notified and instructed by Geotrust on how to complete the domain authorization form and submit in a timely manner.
For Openfire UC Systems
a) To redirect non-Federation traffic back to your existing server, use:
_ucfedxmpp._tcp.your_xmpp_domain.com IN SRV 10 10 5269 your_xmpp_domain.com
b) In administration server, configure federation services with ucfedx1.uccentral.att.com, port 5269.
c) To enable AT&T to obtain the required Trusted Certificate Authority to add your domain into the UC Federation SAN certificate, GeoTrust the Trusted Certificate Authority will contact your domain owner to get authorization to include the requested domain(s) to be added as a Subject Alternative Name in AT&T UC Federation certificate. Your publically listed domain owner will be notified and instructed by GeoTrust on how to complete the domain authorization form and submit in a timely manner.
For Broadsoft UC Systems
a) To redirect non-Federation traffic back to your existing server, use:
_ucfedxmpp._tcp.your_xmpp_domain.com IN SRV 10 10 5269 your_xmpp_domain.com
b) In administration server, configure federation services with ucfedx1.uccentral.att.com, port 5269.
c) To enable AT&T to obtain the required Trusted Certificate Authority to add your domain into the UC Federation SAN certificate, GeoTrust the Trusted Certificate Authority will contact your domain owner to get authorization to include the requested domain(s) to be added as a Subject Alternative Name in AT&T UC Federation certificate. Your publically listed domain owner will be notified and instructed by GeoTrust on how to complete the domain authorization form and submit in a timely manner.
Step 3. Configure Your Systems for Calendar Federation
Configure your calendar system(s) for interconnection with AT&T UC Calendar Federation and to share calendar free/busy information by performing the following steps:
For Microsoft Exchange Systems
Extract CA (Certificate Authority) Certificate from your Exchange Server
AT&T UC Federation requires the Microsoft Exchange CA certificate in order to enable the calendar federation. The extracted certificated should be in *.cer format.
The certificate can be exported using the management console (mmc.exe) with the following steps:
a) Use Computer account in Certificates snap-in. Go to certificates, Trusted Root Certification Authorities and look for the CA named certificate.
b) Double click on the certificate and go to the Details tab, use the Copy To File button and export the certificate to the desktop.
c) The extracted certificate should be sent to the AT&T operation in order to complete the federation process.
Import Calendar Federation Certificate
The Microsoft Exchange Federation certificate will need to be installed in the Trusted Root Certifications Authorities store.
Customer is responsible to obtain their own Secure Sockets Layer (SSL) certificates from one of the major certificates authority.
Add Dedicated AT&T UC Federation User Account
In order to run the free/busy queries a dedicated user must be configured. The dedicated user should be configured on the AD.
Table 6: Active Directory Configuration Details
Field / Value /First name / attFB
Display name / attFB
User logon name / attFB
User logon password / F3d3r@t1on
User cannot change password / Checked
Password never expires / Checked
Member of / <domain>/Users
Enable remote control / Checked
Require user’s permission / Checked
Level of control / Interact with the session
Host File Change
The hosts file enables specific host resolving, overtaking the DNS settings. On Windows® systems the hosts file is located at the C:\Windows\System32\drivers\etc directory. Add to the hosts file of the exchange server an entry mapping the federated domain autodiscover FQDN (autodiscover.<federated_domain>) to the AT&T UC Federation calendar IP address.
12.130.2.100 autodiscover.target.com
12.130.2.100 target.com
Example:
companyA IT admin is configuring calendar federation with companyB. Therefore the following entries should be entered to the hosts file of the companyA exchange server.
12.130.2.100 autodiscover.companyB.com
12.130.2.100 companyB.com
Exchange Shell Commands
Using the Exchange Management Shell, configure Microsoft Exchange for federation. Execute an initial configuration to allow Microsoft exchange to integrate with UC Federation, and execute a dedicated configuration for each federated partner domain.
Initial Configuration for Federation
Open the Exchange Management Shell and run the following command:
Set-WebServicesVirtualDirectory -Identity "<exchange name>\EWS (Default Web Site)" -InternalUrl "https:// "<exchange name.domain>/EWS/exchange.asmx" -ExternalUrl "https:// <exchange name.domain>/EWS/exchange.asmx" -WSSecurityAuthentication $true -BasicAuthentication $true -WindowsAuthentication $true
Example:
[PS] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Exchange Server 2013>Set-WebServicesVirtualDirectory