Cisco Collaboration and Contact Center Solutions - Messages with tag "Skype for Business"

Aurus Blog

This blog is to share our expertise in Cisco UCM, UCCX/UCCE and Cisco Meeting Server

  • Archive

    «   March 2024   »
    M T W T F S S
            1 2 3
    4 5 6 7 8 9 10
    11 12 13 14 15 16 17
    18 19 20 21 22 23 24
    25 26 27 28 29 30 31
                 

Cisco Jabber and Skype for Business

In this article we’ll discuss the task of smooth transitioning from Skype for Business to Cisco Jabber and/or Cisco Webex without overloading the company’s technical support and creating excessive distress for the users. In our case, we needed to implement the scheme of calls, conferences of all types, messaging and screen sharing between Cisco Jabber / Cisco Webex and S4B users via SIP URI, digital numbering was not important.

Let’s suppose that CUCM, IM&P, Expressway-C and CMS clusters are already configured.

CUCM 12.5 SU6
IM&P 12.5 SU6
Expressway 14.0.6
CMS 3.3.2
S4B FE Standard
S4B Edge

Transition Options

Instantly disable S4B for users and immediately transition to Cisco Jabber/Webex

Advantages and disadvantages:

The advantages of this approach are that there is no need to waste your time and resources on configuring integration between S4B and Cisco Jabber.

The disadvantages are: immense strain on the technical support of the organization (especially if there are thousands of users), a flurry of requests and users’ discontent.

Smooth transition with an additional dedicated domain for Cisco Jabber/Cisco Webex users

In many organizations domain names are a mess. Sometimes an organization has a bunch of third-level domains, or even different domains, and users are hosted anywhere. And in order to level this condition, you can perform the transition within those domains (not necessarily two of them), but Cisco Jabber will require one more additional domain.

Advantages and disadvantages:

The advantages of this approach are: simplicity of the transition (both Cisco Jabber / Cisco Webex and S4B clients can work for one user), there is no flurry of requests from users, and the load on the technical support of the organization is low.

Disadvantages: first of all, the future task of moving users to a single domain (it is assumed that Cisco Jabber will initially have a second-level domain) with the cost of reconfiguration and service failure during this transition, which is critical in itself. Another huge disadvantage is that it is impossible to add an additional user contact to the client card on S4B, which basically prevents S4B users from calling since no one wants to dial anything manually. However, you can simply “disable” users on S4B and “enable” them on Cisco Jabber / Cisco Webex while changing in the user accounts in Active Directory the required field (e.g. MSRTCSIP or IPPHONE) which is used to form the Directory URI in CUCM (configured in the LDAP settings), setting a new value for Cisco Jabber/Cisco Webex, which is used to generate the SIP URI.

Smooth transition without an additional dedicated domain for Cisco Jabber/Cisco Webex users

Advantages and disadvantages:

The advantage of this approach is the simplicity of transition. Disable S4B for a user and enable Cisco Jabber/Cisco Webex. And you don’t even need to change anything in user accounts in Active Directory.

The only disadvantage is the impossibility to exchange messages between Cisco Webex and S4B clients due to architectural features. Enabling the hybrid messaging service does not solve the problem, and setting up SIP Federation is impossible due to the fact that the same domain is being used everywhere. However, everything works fine between Cisco Jabber and S4B clients.

In this article we’ll talk about the last option (transition without an additional domain), inline.com has been chosen as a test domain.

Calls

Call signaling will work according to the following diagram.

A call from Cisco Jabber/Cisco Webex comes from CUCM to CMS in the standard SIP format, then it is translated into a Microsoft standard call and sent to Expressway-C, then to Skype for Business (blue arrows on the diagram).

A call from Skype for Business in Microsoft SIP format is sent to Expressway, then to CMS, which sends the call back to Expressway, and Expressway routes it back to S4B. S4B does not find the recipient and re-sends it to the Expressway, which sends it to the CMS again. CMS understands this is a loop and breaks it, sending the call in the Standard SIP format to the Expressway according to the second rule, and the Expressway sends the call to CUCM. This transitions are marked in red on the diagram.

The scheme has been made so complex because we couldn’t find another way to resolve Standard and Microsoft SIP calls, provided that users with the same domain can be located both in S4B and on CUCM.

The logic is that if the Cisco Jabber profile on CUCM does not have a Directory URI specified, then the user with the correct SIP URI is in S4B. In this case, it is impossible for a user with the same SIP URI to work in both S4B and CUCM at the same time.

Generally, you can also create a direct SIP Trunk between CUCM and S4B to route SIP URI calls through it, and route Dual-Home conferences through CMS. This would simplify routing because Dual-Home conferences are always call-by-number, i.e. one Route Pattern towards CMS and one SIP Route Pattern towards S4B would be enough, but we are not looking for easy ways.

Next, let’s set up:

1. Create SIP Trunk Security Profiles

For Expressway:

For CMS:

For IM&P:

2. Create SIP Trunks

For Expressway:

For CMS:

For IM&P:

3. Create SIP Route Patterns on CUCM

4. Create a CMS Conference Bridge

5. Fill in the Organization Top Level Domain for Enterprise

6. Create UC Services and Service Profile

7. Set up the Cisco Jabber Configuration File

You need to add these parameters, otherwise, when you add a contact to the Cisco Jabber contact list, the chat address in the added contact card will be incorrect, the contact suffix will contain the user domain this contact adds to itself, and, as a result, messaging and status transfer won’t work.

8. Import MS AD Users to CUCM

In our case it doesn’t matter which LDAP fields to import Directory URI and Phone Number from.

9. Create Rules for Incoming Calls and Call Forwarding on CMS

10. Create Rules for Outgoing Calls with Corresponding Priorities

11. Set up Microsoft Interoperability on Expressway

12. Create Zones on Expressway

13. Create Search Rules on Expressway

Sending Messages and Presence Statuses

Messaging between Cisco Jabber and S4B users will work through so-called IntraDomain federation. However, we manually change the route that is automatically created on IM&P servers towards S4B directly, redirecting it towards Expressway.

IMP&P also requires an address scheme in the Directory URI form.

Now configure IM&P:

1. Security Settings

2. Incoming ACL

3. Outgoing ACL

4. Application listeners

5. Routing Settings

6. Static Routes

7. TLS Context Configuration

8. TLS Peer Subjects

Setting up Skype for Business

Setting up trust relationships with Cisco servers

1.1. Setting up trust with CMS

Create a CMS pool:

New-CsTrustedApplicationPool -Identity cms.inline.com -Registrar sfbfe01.inline.com -Site 1 -RequiresReplication $false -ThrottleAsServer $true -TreatAsAuthenticated $true -ComputerFqdn cms01.inline.com

Add CMS servers to the pool:

New-CsTrustedApplicationComputer -Identity cms02.inline.com -Pool cms.inline.com
New-CsTrustedApplicationComputer -Identity cms03.inline.com -Pool cms.inline.com

Create a CMS application:

New-CsTrustedApplication -ApplicationId CiscoCMS -TrustedApplicationPoolFqdn cms.inline.com -Port 5061

1.2. Setting up trust with CUPS

Create a CUPS pool:

New-CsTrustedApplicationPool -Identity cups.inline.com -Registrar sfbfe01.inline.com -Site 1 -RequiresReplication $false -ThrottleAsServer $true -TreatAsAuthenticated $true -ComputerFqdn cups01.inline.com

Add CUPS servers to the pool:

New-CsTrustedApplicationComputer -Identity cups02.inline.com -Pool cups.inline.com

Create a CUPS application:

New-CsTrustedApplication -ApplicationId CiscoImPres -TrustedApplicationPoolFqdn cups.inline.com -Port 5061

1.3. Setting up trust with Expressway-C

Create an Expressway-C pool:

New-CsTrustedApplicationPool -Identity expc.inline.com -Registrar sfbfe01.inline.com -Site 1 -RequiresReplication $false -ThrottleAsServer $true -TreatAsAuthenticated $true -ComputerFqdn expc01.inline.com

Add Expressway-C servers to the pool:

New-CsTrustedApplicationComputer -Identity expc02.inline.com -Pool expc.inline.com

Create an Expressway-C application:

New-CsTrustedApplication -ApplicationId CiscoExpWay -TrustedApplicationPoolFqdn expc.inline.com -Port 5061

1.4. Applying settings

Save topology settings:

Enable-CsTopology

Restart services on Front End servers:

Stop-CsWindowsService
Start-CsWindowsService

Setting up routes

2.1. Setting up the root domain

$x1 = New-CsStaticRoute -TLSRoute -Destination 'expc.inline.com' -MatchUri 'uc.inline.com' -Port 5061 -UseDefaultCertificate $true
Set-CsStaticRoutingConfiguration -Identity Global -Route @{Add=$x1}

2.2. Setting up additional domains

If it is necessary to add routes to additional domains, change the MatchUri field value:

$x2 = New-CsStaticRoute -TLSRoute -Destination 'expc.inline.com' -MatchUri '' -Port 5061 -UseDefaultCertificate $true Set-CsStaticRoutingConfiguration -Identity Global -Route @{Add=$x2}

2.3. Applying settings

Saving topology settings:

Enable-CsTopology

Restarting services on Front End servers:

Stop-CsWindowsService
Start-CsWindowsService

Configuring trusted certificates

3.1. On Front End servers, open the MMC Certificates snap-in (Computer).

3.2. Proceed to the Trusted Root Certification Authorities section.

3.3. Make sure that the certificate of the root CA that issued the certificate for Cisco servers is present.

3.4. If it is missing, import the required root certificate.

Checking SFB Server Settings

4.1. Address book settings

It is recommended to make the address book policy settings WebSearchOnly. View the current settings:

Get-CsClientPolicy | ft Identity,AddressBookAvailability

Change settings:

Set-CsClientPolicy Global –AddressBookAvailability WebSearchOnly

4.2. Media traffic encryption support settings

It is recommended to set the media traffic encryption settings to SupportEncryption. View the current settings:

Get-CsMediaConfiguration | ft Identity,EncryptionLevel

Change settings:

Set-CsMediaConfiguration global -EncryptionLevel SupportEncryption

Moving a user to another UC system

5.1. Disabling a user on SFB.

Use PowerShell (or any other method) to prepare lists of user IDs. The ID can be UPN, SIP Address, sAMAccountName, Display Name:

$SfbUsers = Get-CsUser –ResultSize Unlimited | ?{$_.SipAddress –like "*@uc.inline.com" –and $_.Enabled –like «True»} | select sAMAccountName,SipAddress,Enabled

Disable those users:

foreach($UcUser in $SfbUsers) {Disable-CsUser –Identity $UcUser.sAMAccountName –Confirm:$false}

5.2. Enabling msRTCSIP-PrimaryUserAddress attribute

After disabling users on SFB servers, fill in their msRTCSIP-PrimaryUserAddress attribute with the appropriate address that is used on the Cisco servers:

foreach($UcUser in $SfbUsers) {Set-AdUser –Identity $UcUser.sAMAccountName –Replace @{«msRTCSIP-PrimaryUserAddress»='sip:'+$($UcUser.sAMAccountName)+'@uc.inline.com'}}

The configuration process is complete.

Cisco Meeting Server (CMS) and Skype for Business (Lync) Integration – Basics and Hints

On S4B front-end server, configure a trusted application and routing. Execute the following commands in PowerShell:

  • New-CsTrustedApplicationPool -Identity cms.vc.domain.com -ComputerFqdn cms.vc.domain.com -Registrar S4BFE.domain.com -Site 2 -RequiresReplication $false -ThrottleAsServer $true -TreatAsAuthenticated $true
  • New-CsTrustedApplication -Applicationid cms -TrustedApplicationPoolFqdn cms.vc.domain.com -Port 5061
  • New-CsStaticRoutingConfiguration -Identity "Service:Registrar:S4BFE.domain.com"
  • $route = New-CsStaticRoute -TLSRoute -Destination "cms.vc.domain.com" -Port 5061 -MatchUri "vc.domain.com" -UseDefaultCertificate $true
  • Set-CsStaticRoutingConfiguration -Identity "Service:Registrar:S4BFE.domain.com" -Route @{Add=$route}
  • Set-CsMediaConfiguration -MaxVideoRateAllowed Hd720p15M
  • Enable-CsTopology

On CMS proceed to Configuration\General and enter the S4B front-end server address and the username to be used to register.

In General Incoming Calls section, enter the CMS local domain name.

In General\Outbound Calls, enter the domain names to be called from Cisco Meeting. To allow calls to any domains, leave the Domain field empty. It will be set to ⟨match all domains⟩.

The Local From Domain field contains different domain names to be used to call domain.com and other domains. Calls from CMS will be transferred to the domains federated with yours in Skype for Business. However, it can be possibly configured differently. The last step is to configure encryption in General\Call Settings section.

That’s it. Now your Cisco Meting App clients and Skype for Business (Lync) clients should be able to call each other.

HINT: Limitation of the number of registrations in Skype for Business

During one of our conferences, we faced a limitation of the number of external Skype for Business participants. New participants would just disconnect, never visiting the room.

After talking to specialists, we decided to increase the number of CMS registrations on S4B servers.

First of all, we created 5 AD users for CMS and registered these accounts in Skype for Business. The accounts meet the following template: username[1-9]. So, to increase the number of participants up to 5, you should create 5 users: username1, username2, username3, username4 and username5, and add corresponding accounts to S4B.

Then you should enter the required number of registrations in CMS configuration:

After this simple manipulation you shouldn't face this kind of limitation anymore.

Guide to Integrate Cisco MCU with Skype for Business. Part 3 – CUCM Configuration


The CUCM configuration consists of two parts: creating a trunk to VCS Control and a trunk the VIS.

In CUCM proceed to CM Administration->System->Security->SIP Trunk Security Profile, select "Non Secure SIP Trunk Profile", and click Copy.

SIP Trunk Security Profile Configuration

Enter the name for the new trunk, for example 'SIP Trunk Profile CUCM video', set the Incoming Port to 5065, check 'Accept unsolicited notification' and 'Accept replaces header', and click Save.

SIP Trunk Security Profile Configuration

Now proceed to Device-> Device Settings-> SIP Profile and configure the Standard SIP Profile For Cisco VCS as the screenshot shows. Depending on the CUCM version this profile may have different parameters.

Standard SIP Profile For Cisco VCS

Create a partition for VCS Control: Call Routing->Class of Control->Partition

Partition Information

And for S4B:

Partition Information

Create a Calling Search Space: Call Routing->Class of Control->Calling Search Space:

Calling Search Space

Create a new trunk: Device -> Trunk. Replace 'CUCM IP' with your VCS Control IP address.

After you save the trunk settings, click Reset.
Then proceed to VCS Control Configuration->Zones to create a new zone.
Replace 'CUCMIP' with your CUCM IP address.

Save the form, create a Dial Plan for calling S4B users. In this case, the domain name suffix is used as a pattern. This rule is configured in such way that if a user user1@test.com is dialed, the CUCM Video trunk is used. You can use a regular expression as a pattern.

Configuration->Dial Plans-> Search Rules

The trunk between the CUCM and VCS Control is configured, now configure the trunk between the CUCM and S4B.

Create a new Calling Search Space: Call Routing->Class of Control->Calling Search Space

Calling Search Space

Create a security profile: SIP System->Security->SIP Trunk Security Profile

SIP Trunk Security Profile

Create a SIP Profile: Device->Device Settings->SIP Profile

SIP Profile

SIP Profile

SIP Profile

After you save the form, click Reset.
Create a trunk to VIS: Device->Trunk, replace 'VIS IP' with the VIS IP address

Device Information

Create a pattern for sending calls to the S4B trunk. It is important to specify the IPv4 pattern: you should give the full domain name, for example, domain1.com, and also select the Route Partition and SIP Trunk.

Proceed to Call Routing->SIP Route Pattern and enter your SIP domain

That's it. It's time to test.

Guide to Integrate Cisco MCU with Skype for Business. Part 2 – the VIS role


You'll need a separate server to setup the VIS role. You can use either a VM or a physical server, depending on how many calls you are planning to handle simultaneously.

Launch the setup from the disc image: \Setup\amd64\setup.exe
Once the prerequisites have been installed, the Skype for Business Server Deployment Wizard will be launched. You should select the Install Administrative Tools option.

After the installation you should launch the Skype for Business Topology Builder and download the current topology:

Topology Builder

A new section called Skype for Business 2015 will appear in the Topology Builder. You should proceed to the Video Interop Server pools folder and define a new pool:

On the first screen, enter the domain name of the VIS or the pool (if necessary):

Create a new Video Interop Server pool

Select the Front End server:

Create a new Video Interop Server pool

On the next screen, select the Edge server. Then the trunk configuration wizard will be launched.
Enter the CUCM IP address or FQDN:

Define new Video gateway

If the VIS uses several IP addresses, you can choose a specific one:

Define new Video gateway

On the next screen, set the Listening port to 5060. Keep the TLS protocol (it will be changed later):

Define new Video gateway

In properties of the created VIS, enable TCP protocol:

Edit Properties

And then select the TCP protocol in the VIS properties:

Edit Properties

Publish the topology.

After the topology was successfully published, install the Local Configuration Store, VIS role, request and install the certificates and launch the services. I won't describe these steps in details; they don't have any parameters to configure. After the services are launched, open PowerShell and enter the following command with the trunk name changed:

New-CsVideoTrunkConfiguration -Identity "Service:VideoGateway:trunk name" -GatewaySendsRtcpForActiveCalls $false -GatewaySendsRtcpForCallsOnHold $false -EnableMediaEncryptionForSipOverTls $false

Now the VIS configuration is over. The TechNet guide from Microsoft suggests creating a Dial Plan and normalization rules. This is necessary for E.164 calls, but I'm going to call using the SIP Address.

Guide to Integrate Cisco MCU with Skype for Business. Part 1 – Prerequisites


This set of articles describes how to integrate Cisco MCU with Skype for Business and make available calls from MCU to S4B users. This is a guest post that we found very useful to our audience.

Let's start with the description of the infrastructure.

MCU1-MCUn – multipoint control units – the hardware to host video audio/video conferences. It is responsible for the connection and encoding. The connection means sending video/audio stream from one endpoint to all the others. Encoding means encoding and decoding video/audio stream between the endpoints.

E1-En – video endpoints: desk endpoints, room endpoint, IP phones, software clients.

VCS Control – provides video call and session control, endpoint registration, call routing. VCS stands for Video Control Server. This is a sip-server and a controller for H.323 zones. Also used for integration with third-party applications: IP PBX, Microsoft OCS, Lync 2010, Lync 2013 (an additional license is required). B2BUA for S4B support hasn't been announced yet.

VCS Express Way – server to connect with external video endpoints. It helps the remote clients to connect from outside the firewall.

CUCM – Call Manager – the Cisco IP PBX.

ME1 – Lync 2013 mediation server used for integration with third-party telephony.

Edge1 – Lync 2013 edge server used for connecting remote clients.

FE1 – front end Lync server used for registering clients, exchanging presence statuses and messages, creating audio and video conferences.

Ei and Li – Cisco and Lync clients respectively on the internet.

VCS Control supports B2BUA role for connecting to a Lync 2013 front end server, but the separate Microsoft Interoperability option key is required. It's also possible to install the Cisco CUCILync plug-in on the Lync clients, but in our case this won't be convenient, and separate licenses are also required.

In April 2015, Microsoft released the next Lync version called Skype for Business. It has the new Video Interop Server role that enables integrating third-party videoconferencing systems with S4B users. Jeff Schertz gives a very detailed description of the new topologies in his blog. Microsoft only supports integration with CUCM starting from the version 10.5, VCS Control support was not announced. MCU and Cisco Telepresence Server support wasn't announced as well, only calls from endpoints to S4B subscribers are supported. The endpoints should be registered on CUCM, and the MCU isn't actually used in this scenario. The list of endpoints is also very limited:

  • Cisco TelePresence Codecs (C40, C60, C90)
  • Cisco TelePresence MX Series (MX200, MX300)
  • Cisco TelePresence EX Series (EX60, EX90)
  • Cisco TelePresence SX Series (SX20)

In our case, the videoconferencing system is one of the crucial business software applications, and in addition to room endpoints we need other clients to connect to meetings.

We have decided not to upgrade all the Lync servers, but to upgrade the topology only and to add the VIS role. The Cisco-S4B topology would look as follows:

The only difference with the previous topology was the VIS role with the trunk to CUCM.

The basic integration aspects are the following:

  • only the calls from MCU to S4B are supported, not the other way around,
  • in Lync/S4B topology a separate server has to be deployed for the VIS,
  • trusted certificates are not required,
  • you won't be able to create a conference with an MCU participant on the S4B side; the meeting has to hosted on the MCU,
  • an S4B user won't be able to share the desktop send documents,
  • the CUCM version should be 10.5 or higher.