Federating Cisco Jabber
advertisement
Federating Cisco Jabber Valid for CUP 8.6(X) / CUCM IM & P 9.0 Paul O’Dwyer: Technical Marketing Engineer - Jabber Solution July 2012 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Cisco Jabber Overview Federation Models What Business Case are you trying to solve? Support and Feature Matrix Inter-Domain Federation Protocol Flows Partitioned Intra-Domain federation Routing and Migration What About Third Party Clients? © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 All-in-one UC Application Presence & IM Voice, Video, voice messaging Desktop sharing, conferencing © 2011 Cisco and/or its affiliates. All rights reserved. Collaborate from Any Workspace PC, Mac, tablet, smart phone On-premises and Cloud Integration with Microsoft Office Cisco Confidential 3 Cisco Jabber Cisco Jabber Call Control: SIP • Unified Communications Manager (CUCM) • Video Communication Server (VCS) © 2011 Cisco and/or its affiliates. All rights reserved. Presence & IM: XMPP Meetings, Conferencing • Unified Presence • WebEx (SaaS) • WebEx Connect service (SaaS) • TelePresence MCU Voice Messaging • Unity Connection Cisco Confidential 4 4 Lower Boundaries to Collaboration GoogleTalk XMPP Standard Cisco Jabber Enterprise Microsoft SIP IBM © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Inter-Domain Federation is the sharing of Enterprise Instant Messaging (IM) and Presence between corporate domains – further lowering the boundaries to collaboration for both B2B and B2C XMPP Standard GoogleTalk SIP IBM Unlock B2B and B2C Collaboration © 2011 Cisco and/or its affiliates. All rights reserved. Microsoft Cisco Confidential 7 Cisco Jabber Microsoft IM Seamless Migration path from Microsoft to Cisco © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 ‘Inter-Domain Federation’ is the sharing of Enterprise Instant Messaging (IM) and Presence between 2 or more corporate domains – further lowering the boundaries to collaboration for B2B. CUP (ABC.COM) Cisco ASA Microsoft Access Edge (DEF.COM) Microsoft Front-End Server SIP Jabber © 2011 Cisco and/or its affiliates. All rights reserved. MOC/Lync Cisco Confidential 10 ‘Inter-Domain Federation’ is the sharing of Enterprise Instant Messaging (IM) and Presence between 2 or more corporate domains – further lowering the boundaries to collaboration for B2B. CUP (ABC.COM) XMPP Based Vendor Edge (DEF.COM) Cisco ASA XMPP XMPP Based Vendor Home Node XMPP Client © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 ‘Inter-Domain Federation’ is the sharing of Enterprise Instant Messaging (IM) and Presence between 2 or more corporate domains – further lowering the boundaries to collaboration for B2C. CUP (ABC.COM) Cisco ASA XMPP SIP XMPP Jabber © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 ‘Inter-Domain Federation’ is the sharing of Enterprise Instant Messaging (IM) and Presence between 2 or more corporate domains – further lowering the boundaries to collaboration for B2C. XMPP SIP XMPP Jabber © 2011 Cisco and/or its affiliates. All rights reserved. XMPP Cisco Confidential 13 ‘Inter-Domain Federation’ is also applicable in this case, as the presence treats each “presence domain” as an independent environment. CUP (EMEA.ABC.COM) CUP Cisco (APAC.ABC.COM) ASA Cisco ASA XMPP Jabber © 2011 Cisco and/or its affiliates. All rights reserved. Jabber Cisco Confidential 14 ‘Partitioned Intra-Domain Federation’ is the sharing of Enterprise Instant Messaging (IM) and Presence with the same presence domain – providing a seamless migration path from Microsoft to Cisco Infrastructure with minimal impact to the end-user CUP (ABC.COM) LCS/OCS R2 Home Server (ABC.com) SIP Static Route Jabber © 2011 Cisco and/or its affiliates. All rights reserved. MOC Cisco Confidential 15 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Jabber On-Prem Jabber Cloud TLS** Cost? Google Talk XMPP XMPP No No AOL SIP SIP Yes Yes – Licensed MS OCS SIP XMPP Yes No MS Lync SIP XMPP Yes No IBM Sametime XMPP XMPP Yes No Jabber Cloud XMPP Local Yes No Jabber OnPrem Local XMPP Yes No **TLS is for on-prem only, Jabber Cloud does not support TLS in any federation. This approach is common for cloud providers © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 Jabber On- Jabber Prem Cloud TLS** LCS SIP No Yes MS OCS R1 No No NA MS OCS R2 SIP No Yes MS Lync Roadmap* No NA IBM Sametime No No NA Jabber Cloud No Local NA Jabber OnPrem Local No NA *Support for Microsoft Lync scheduled for CUCM IM & P 9.0(2) (and CUP 8.6(X)) in Q4 CY’12 – Subject to Change **TLS is for on-prem only, Jabber Cloud does not support TLS in any federation. This approach is common for cloud providers © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 J Jabber On-Prem P2P IM Presence Multi-Party Chat OCS R1 & R2 Lync IBM Same time Jabber Cloud GoogleTalk AOL XMPP Standard Vendor (e.g. Openfire) © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 J Jabber Cloud P2P IM Presence Multi-Party Chat OCS R1 & R2* Lync* IBM Same time Jabber On-Prem GoogleTalk AOL XMPP Standard Vendor (e.g. Openfire) *Support for Inter-Domain federation from Jabber Cloud to Microsoft is based on the use of Microsoft XMPP gateway © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 ASA Initiates TLS to federated Edge TLS Initiated to federated side SIP Profile Configured on CUP CUP (ABC.COM) Upon TLS success, message reaches federated side Microsoft Edge Server (DEF.COM) Cisco ASA Microsoft Front End SIP TLS Proxy on ASA CUP Domain is Authorized host on Edge MOC *ASA is required for TLS Proxy © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 Service Type SIP Port FQDN of host offering SIP Service © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 TLS Initiated to federated side XMPP Node status enabled CUP (ABC.COM) Upon TLS success, message reaches federated side Connection is secured over TLS IBM Gateway Server (DEF.COM) Cisco ASA IBM Lotus Sametime Server XMPP TLS connection will be passed through port 5269 XMPP Node Status is enabled IBM Sametime *TLS is optional. With No TLS selected, regular TCP will follow this path. ASA is optional for XMPP Inter-Domain Federation. Generic Firewall will suffice © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 • When enabling XMPP federation, you must select security type. This depends on your organisation security requirements and that of the federated side No TLS – TLS will NOT be attempted, the most basic form of security, server dial back, will occur TLS Optional – A TLS handshake will occur first, if it fails, the connection will be allowed to fall back to server dialback TLS Required – TLS will first be attempted, upon failure, the connection will be closed © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 Service Type XMPP Port FQDN of host offering XMPP Service © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26 • For detailed configuration steps on Inter-Domain federation, please ALWAYS use this guide: http://www.cisco.com/en/US/docs/voice_ip_comm/cups/8_6/english /integration_notes/Federation/CUP_8.6_Interdomain_Federation. html • For useful debugging information for this integration, please see: http://www.cisco.com/en/US/docs/voice_ip_comm/cups/8_6/english /integration_notes/Federation/Debugging_reference.html © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27 ‘Inter-Domain Federation’ in the cloud is configured from the Organisation Administration Tool. Service Type TLS is not supported in the cloud, all communication is over TCP. To enable Inter-domain federation in the cloud, simply publish the DNS SRV records to point at your federation service. For AOL Federation, this needs to be ordered; the Jabber cloud provisioning team will then configure it © 2011 Cisco and/or its affiliates. All rights reserved. XMPP Port FQDN of host offering XMPP Service Cisco Confidential 28 • For detailed configuration steps on Inter-Domain federation, please ALWAYS use this guide: http://www.webex.com/webexconnect/orgadmin/help/cs_im_fed.htm © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30 Example.com AD XMPP Both Jabber and MOC have full contact search SIP SIP Static Route CUP8.6/ CUCM IM & P 9.0 Static route for OCS added in CUP: .com.example.* © 2011 Cisco and/or its affiliates. All rights reserved. Both servers are listening on port 5060 (TCP) OCS adds CUP for host authorization (FQDN/IP) Cisco Confidential 31 How do I migrate users from Microsoft to Cisco? Example.com SIP Static Route CUP8.6/ CUCM IM & P 9.0 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32 When planning Intra-Domain Federation, what should I look out for? When userID’s are sync’ed from LDAP, UCM/CUP will support: osAMAccountName oUserPrincipleName (UPN) bobjones@example.com oEmail Address oemployeeNumber otelephoneNumber **Caveat Alert**: UserID comes from UCM Database CUP will append presence domain to create full JID Email address can be mapped to UCM userID, that does not mean that userID equals email address. It will become <emailaddress>@<cupdomain>, e.g. bobjones@bar.com@example.com © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33 • For detailed configuration steps on Partitioned Intra-Domain federation, please ALWAYS use this guide: http://www.cisco.com/en/US/docs/voice_ip_comm/cups/8_6/english /integration_notes/Federation/Intradomain_Federation/Partitioned _Intradomain_Federation.html For useful debugging information for this integration, please see: http://www.cisco.com/en/US/docs/voice_ip_comm/cups/8_6/english /integration_notes/Federation/Intradomain_Federation/Troublesho oting_chapter.html © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35 ‘Third Party Clients’ can interoperate with a Jabber backend, as Jabber is XMPP standards compliant; any XMPP standards based client can log directly into either CUP or Jabber cloud © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36 To use third party clients with CUP, simply configure (from the respective client configuration): o Username and Password o CUP IP Address or FQDN o Domain name o XMPP Client port: 5222 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37 To use third party clients with Jabber Cloud, simply configure DNS SRV: o _XMPP-client o Presence domain: <example.com> o Port 5222 o Host: c2s.example.com.webconnect.com © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38 Thank you.
