Forward
This guide will walk you through the quickest path to installing, integrating, configuring, and deploying Cisco Unified Communications in any environment.
The objective of this paper is to document a method that will empower Cisco Partners and Customers to provide a repeatable, low-risk, method of deploying a sizable Cisco Unified Communications pilot at any site quickly and smoothly.
While this guide will go into the details of deploying the solution. You may also wish to review the “Jabber for Everyone Solution Overview” document on Cisco.com here for further explanation and details around the deployment:
Table of Contents
Forward
Introduction
Review Documentation (prerequisite)
CUP Integration Guides for Microsoft Exchange – 69 pages
Instant Message Compliance Guide – 16 pages
(External) Database Setup Guide – 21 pages
CUP Installation Guide – 48 pages
Cisco Jabber for Windows Administration Guide – 110 pages
Cisco Jabber for Android Installation Guide – 36 pages
CUP Deployment Guide – 288 pages
CUP Release Notes – 36 pages
Gather Licenses, Software, and Hardware (1 hour)
Licenses
Software
Hardware
Scripts
Prepare Environment (< 5 hours)
LDAP Directory (< 0.5 hours)
Network Services (< 0.5 hours)
Cisco Unified Communications Manager (CUCM) (< 1.5 hours)
Cisco WebEx SaaS Meeting Center (< 0.5 hours)
External Database for Instant Messaging Compliance (< 1 hour)
Web Server (< 0.5 hour)
Microsoft Office (< 0.5 hour)
Microsoft Exchange (< 1 hour)
Server Installation (< 1.5 hours)
Generate an Answer File
Install Software
Configure with the Answer File
Remove Answer File and DVD image
Post-install guide
Server Configuration (< 1 hour)
Certificate Store
Presence Settings
Messaging Settings
Application > Cisco Unified Personal Communicator
Activate CUP Services
BAT assign end-user Profiles
Reboot
Client Installation and Configuration (< 0.5 hours)
Software Delivery
Cisco VT Camera Driver
Cisco Jabber for Windows
Cisco Jabber for Mobile
Validation Testing (< 0.5 hours)
LDAP Authentication
User Preferences
Instant Message between Jabber clients
Escalation to group chat
Escalation to audio call
Telephony Presence
Escalation to video call
Escalation to WebEx conference
Exchange Presence
Introduction
The scope of this document is to empower Cisco Partners and Customers to quickly and easily integrate a 200 end-user pilot of Cisco Unified Communications (UC) into an existing Cisco Telephony customer site. For purposes of this paper, we are going to assume the following is already installed, deployed, and functional in the environment:
- Cisco Unified Communications Manager 8.5.1.10000-26
- Any supported Cisco IP Phone
- Microsoft Active Directory 2008
- Microsoft Exchange 2010
- Microsoft Windows XP or 7
- Google Android 2.2
- Co-located on same LAN, no firewalls, VPN, or other special network considerations
With the above pre-requisites already in place, we are going to enable the following basic Cisco UC features to the environment to give the pilot end-users a taste of Cisco UC:
- Messaging (Chat / IM)
- Desktop (softphone) Audio and Video Communication
- Media Escalation (IM-audio-video-conference)
- Telephony, Messaging, and Calendaring Presence
- Mobility
To achieve the above features, needed to install, integrate, configure, and deploy the following software:
- Cisco Unified Presence 8.5.3.10000-59
- Cisco Jabber for Windows 9.0.1
- Cisco Jabber for Android 8.6.1
- Cisco WebEx SaaS Meeting Center 27.25.0.10481 (T27L10NSP25)
It is worth mentioning that for the pilot, we are leaving out some of the more complicated features available in Cisco UC, as the intent is to focus on simply getting the basic features up and functional for a pilot. As such, this paper will not explore the following features. If your pilot wants to explore implementing these features, please refer to the documentation on Cisco.com:
- High-availability
- Redundancy
- Federation
Review Documentation (prerequisite)
Unified Communications (UC) is the integration of real-time communication services, where collections of products provide a consistent unified end-user interface across multiple devices, and is not a single product. As such, there are a lot of technologies and components involved to deliver UC.
Cisco Unified Presence (CUP) provides documentation on how each of these technologies and components integrate with each other, and it’s worth reviewing if you have no prior experience. The combined documentation reaches near 600 pages of content, so it may take awhile to review and comprehend everything.
Alternatively, you could skip over the documentation and simply follow the steps outlined in this paper to install, integrate, configure, and deploy Cisco UC.
Solution Reference Network Design – 1356 pages (optional)
CUP – 44 pages
LDAP Directory – 28 pages
CUP Integration Guides for Microsoft Exchange – 69 pages
Instant Message Compliance Guide – 16 pages
(External) Database Setup Guide – 21 pages
CUP Installation Guide – 48 pages
Cisco Jabber for Windows Administration Guide – 110 pages
Cisco Jabber for Android Installation Guide – 36 pages
CUP Deployment Guide – 288 pages
CUP Release Notes – 36 pages
GatherLicenses, Software, and Hardware (1 hour)
Licenses
Cisco Unified Presence Software Feature
CUP provides a 90-day evaluation software feature license after the date of installation. For a pilot running under 90-days, you do not need to procure a software feature license for CUP, as all features are enabled after installation in evaluation mode.
After the 90-day evaluation license expires, the CUP features will be disabled and you must purchase and upload a valid CUP Software Feature license.
Cisco Device User License (DUL)
You can use the License Calculator and License Report that is integrated into CUCM to calculate the amount of additional DUL that the site may need. If you’re participating in the Jabber for Everyone Solution, you only need to consider the DUL count if you are enabling softphone features on the clients; as the Jabber for Everyone COP file provides the CUP/CUPC license for IM & Presence for you.
As a general rule, you will need at a minimum of 4 DUL per end-user you wish to UC-enable, or as high as 9 DUL per end-user if you cannot use Adjunct licensing. Adjunct licensing allows you to associate 2 softphone devices with 1 physical deskphone device; and only consumes 1 DUL when the Primary Device is associated in CUCM. If you have more than 2 softphones associated to the same deskphone, it will consume the full DUL specified in the License Calculator without Adjunct licensing.
For our pilot of 200 end-users, this means we need between 800 to 1800 DUL available on the associated CUCM server to use the core basic features of Cisco UC. However, you could get away with only 3-6 DUL per end-user if you only enable one softphone device per end-user; although this may subtract from the overall Cisco UC experience.
Cisco Unified Personal Client End User Feature License (1 DUL)
This is needed to allow an end-user to be able to be a “watcher” and observe/subscribe to presence events on presence entities. This is provided to you “free” if you install the Jabber for Everyone COP file on your CUCM server.
Cisco Unified Presence Server End User Feature License (1 DUL)
This is needed to allow an end-user to be able to publish any presence event on to any “watchers”. This is provided to you “free” if you install the Jabber for Everyone COP file on your CUCM server.
Cisco Unified Client Services Framework or Cisco Unified Personal Communicator (1-3 DUL)
This is needed to allow an end-user to use a desktop softphone within CUPC
Cisco Dual Mode for iPhone or Cisco Dual Mode for Android (1-4 DUL)
This is needed to allow an end-user to use a mobile softphone
Software
Cisco Unified Presence 8.5 or later
You can download the install ISO from Cisco.com, in the Software Download section. If you do not have the appropriate permissions to download this file, or need a Bootable ISO, you may need to obtain the software from your Account Team, or purchase the physical media.
Cisco VT Camera Driver
The camera drivers are available on Cisco.com, in the Software Download section. You can download the Executable Installer (exe), which includes all the pre-requisite software, or the Windows Installer (msi), which can be easily deployed through various software deployment tools. The file extensions may appear as a file collection (zip), which you can download and extract locally to launch your installer of choice.
Cisco Jabber for Windows 9.0.1 or later
The Jabber client is available on Cisco.com, in the Software Download section. It’s recommended for this guide to download the CiscoJabber-Admin-ffrand CiscoJabber-Install-ffrfiles, as this includes all the additional COP files we’ll need to install on CUCM.
Cisco Jabber for Android 8.5 of later
If you have CUCM 8.5 or earlier, you will need to obtain the Android device COP file from your Account Team. Later we will install this COP file onto the CUCM server(s) to make the Cisco Jabber for Android device available.
The Cisco Jabber client is available in the Android Market Place. You can access this directly from the mobile device.
Cisco Mobile for iPhone 8.5 or later
The Cisco Mobile for iPhone client is available in the Apple App Store. You can access this directly from the mobile device.
Obtain Jabber for Everyone COP file
In order to take advantage of the free IM and Presence offering of Jabber for Everyone, you will need to obtain the license COP file (ciscocm-free_im_v1.0.cop.sgn). This file can be obtained directly from Cisco.com, in the Utilities folder of your specified Cisco Unified Communications Manager product. For example, version 8.5.1 is at this link:
Obtain Linux distribution with PostgreSQL 8.3 or later
For this paper, I’m using Ubuntu Linux 11.04 (free), which includes the install for PostgreSQL version 8.4. You can obtain Ubuntu here:
Or if you prefer to setup PostgreSQL on an existing server, you can obtain the PostgreSQL software here:
Hardware
Cisco Unified Presence
Supported hardware for CUP can be found in the Compatibility Matrix at this site. For the pilot, we’re focusing on under 1000 end-users:
If you wish to deploy using VMware, you may download the VMware OVA template file from Cisco.com following the instructions on this site:
External Database for Instant Messaging Compliance
If you do not already have a PostgreSQL release 8.3.x or 8.4.x server in the environment, and are in a jurisdiction that requires Instant Messaging Compliance you will need to install a new server along with CUP.
For the external PostgreSQL database that is required for Instant Messaging Compliance, it is recommended that you have identical hardware to that of the CUP server that will be using it. So follow the same hardware procurement procedure as documented for Cisco Unified Presence above.
Scripts
To make the basic installation process simpler and reproducible, I’ve created a handful of scripts that we can use. These are not officially Cisco supported, but if you encounter any issues with them, I will offer assistance in recovering and finding a solution to the problem. You can download the script files from the Cisco Support Community site:
- CUCM/CUPS Provisioning script – cup_user.py -
- CUPS external database script - cup_postgresql.sh -
- CUPS Exchange permissions script - cup_exchange.ps1 -
- Jabber Config File Generator – j4wconfig.html -
- PRT Log Server Example – prt_post.zip -
Prepare Environment (< 5 hours)
LDAP Directory (< 0.5 hours)
Cisco Unified Presence (CUP) relies on Cisco Unified Communications Manager (CUCM) to retrieve end-users and devices. Then Cisco Unified Personal Communicator (CUPC) uses the LDAP Directory to perform various client functions. To provide a truly unified experience, it is highly recommended that you configure the associated CUCM server and CUPC clients to integrate with the same LDAP Directory.
CUCM LDAP Directory integration is a one-way pull of a small collection of attributes for end users in the specified Search Base. To do this, CUCM requires a Service Account in the LDAP Directory with “read” permissions allowed for all user objects in the specified Search Base. To simplify configuration, we can re-use this same account with the CUPC clients; which also need “read” access for a given Search Base.
Create Service Accounts
In your LDAP Directory administration, create a Service Account for CUCM/CUP/CUPC to use to read use objects and attributes. If the site security allows, you can specify to “never expire” the password. Otherwise, whenever you change the Service Account password, you will need to update this password in CUCM/CUP/CUPC for it to continue to function.
For the basic installation we will need three service accounts created in the LDAP environment, you can name them whatever you wish, and we will refer to them later in this guide:
- CUCM DirSync (used to sync end-users into CUCM)
- CUP DirSync (used for CUPC to communicate with LDAP)
- CUP ExchangeSync (used for CUP to communicate with Exchange)
LDAP Attribute Mappings
CUCM, CUP, and CUPC are capable of reading various LDAP Attributes from the LDAP Directory. To maintain a consistent end-user experience, it’s highly recommended that you re-use the same attribute mappings between the products. These can be viewed in the respective LDAP Attribute configuration pages for each product. We mention this here to bring to your attention that this is configured in multiple locations, and you should verify that they are all consistent.
Indexing attributes
To enhance LDAP Directory performance, CUP relies on the following attributes to be indexed and unique. Your LDAP Directory documentation should cover how to index various attributes:
- telephoneNumber
- sAMAccountName
- uid
Identifying the Search Base
A Search Base is the highest level, or starting point, in the LDAP Directory where you wish CUCM/CUP/CUPC to search. For small directories, you can typically get away with using the “root” OU as the Search Base. However, in complex environments you may need to further refine the Search Filter in CUCM, select multiple sub-OU Search Bases, or improve the performance of the LDAP server to handle the number of objects within each OU.
Assign Permissions
After you have the Service Account created, you will want to assign “read” permissions on each of the LDAP Attributes that were identified in the mapping above. Typically this can be set at a high-level OU, or the Search Base, which will then propagate down to all sub-OU and objects contained. You will only be able to import users that allow the Service Account to read its attributes. If you wish to omit certain OU, or sub-OU from CUCM/CUP, you can “deny” the “read” permission for the Service Account on those OUs or Objects, and CUCM/CUP will not be able to sync with it.
End-User Photographs
If you wish to have end-users photographs appear in the client while viewing a contact, you will need to have an LDAP Attribute that is capable of holding a binary JPEG image for each end-user; however this could lead to undesirable performance on your LDAP server. A recommended solution is to use a web server that hosts JPEG images of each end-user named on the globally unique identifier specified in the CUCM/CUP/CUPC LDAP configuration. For example where “szelenka” matches the UID of an end-user in the LDAP Directory.
Network Services (< 0.5 hours)
DNS Servers
For CUP to install you must have a DNS record in the forward and reverse lookup zones for the DNS name and IP address you will be configuring CUP to use. If you do not have this information in the DNS server, the installation will fail.
We need to verify each of these servers is configured with a lookup and reverse-lookup on your DNS server:
- CUP Server
- CUCM Publisher and Subscriber Server(s)
- LDAP Directory Server(s)
- Microsoft Exchange Server(s)
- External PostgreSQL Database Server(s)
- Optional: End-User Photograph Web Server(s)
In addition to the server names, you will also need a DNS SVR record for the CUP service for the Jabber clients to locate the configuration server (_cuplogin) which is different from the XMPP login server (_xmpp-client), adjusting each parameter to match your environment:
_cuplogin._tcp.company.com
priority = 0
weight = 0
port = 8443
svr hostname = cupserver.company.com
internet address = 10.10.10.10
NTP Servers
For CUP to install, you must have a valid NTP server in the network. The CUP system will automatically use the CUCM as the NTP source, so it’s a good idea to verify that your CUCM server is setup properly for NTP.
- sshadminuser@cucmfqdn
- utilsntp status
This site offers some common help for verification:
Web Server Environment (< 0.5 hours)
Jabber for Windows takes advantage of multiple web technologies to make your life as an Administrator easier. This includes upgrade servers, PRT Repository, forgotten passwords, etc.: