Cisco Collaboration and Contact Center Solutions - Messages for September 2021 year

Aurus Blog

This blog is to share our expertise in Cisco UCM, UCCX/UCCE and Cisco Meeting Server

  • Archive

    «   March 2024   »
    M T W T F S S
            1 2 3
    4 5 6 7 8 9 10
    11 12 13 14 15 16 17
    18 19 20 21 22 23 24
    25 26 27 28 29 30 31
                 

How to record Cisco Webex calls

How to record Cisco Webex calls?

The answer to this question depends on what to mean by “Webex” and “calls”.

First, let’s agree that by “Webex” we mean “Webex Suite”.

Webex is actually the umbrella name given by Cisco to its array of cloud communication tools. The biggest part of it is Webex Suite which is, as Cisco says, “everything your business needs to collaborate”. And this is true, Webeх Suite provides messaging, calling, video conferencing, webinars etc.

EXCEPT collaboration with customers.

For contact centers Cisco offers a cloud Webex Contact Center software which has nothing to do with Webex Suite. Webex Contact Center provides a native option to record calls with customers.

So hereinafter we’ll be talking about Webex Suite, but not Webex Contact Center.

Second, let’s set aside group collaboration

The key element of Webex Suite is Webex App, the “all in one” collaboration tool that provides employees with:

  • messaging – text messages, file sharing, public and private team spaces etc,
  • calling – 1-1 audio/video calling,
  • meetings – video conferencing, webinars etc

Group collaboration (incl. online meetings, webinars and events) is what Webex had been providing long before it was acquired by Cisco. And till now Webex Meetings has its own native recording option.

So the question is how to record Webex App audio/video calls (just typical 1-1 calls and not calls to video meetings or webinars).

Cloud or on-prem – this is what matters

In the “pure cloud” Webex deployment all the communications (including calling) are hosted in the cloud. Obviously, there should be some cloud recording option. And there is. Cisco exclusively partners with Dubber to provide Webex cloud users with call recording.

However, to encourage on-prem clients to move to Webex cloud Cisco supports hybrid deployments.

With hybrid deployment, audio/video calling may be hosted on-premises. In that case Webex App is registered with CUCM and all the calls are made through Unified CM environment. Those who prefer hard phones may even configure Webex App to control their Cisco IP phone.

This is what they call “Calling in Webex App (Unified CM)”.

So, if Webex App is SIP registered with Cisco UCM, will its calls be recorded just as any other calls in UCM environment?

Sure! You may record it with any typical recording methods - with SPAN mirroring, SIPREC option, CUBE forking and guess what? Webex App has a built-it bridge embedded.

And the answer is…

For pure cloud Webex deployments Dubber is embedded as a standard feature for Webex Calling.

For Webex App registered with Cisco UCM you may use any call recording software compatible with Cisco UC. Check PhoneUP – a call recording solution approved* by Cisco.

* PhoneUP is tested in a Cisco lab and has an official Cisco Compatible status

Cisco Jabber and Skype for Business

In this article we’ll discuss the task of smooth transitioning from Skype for Business to Cisco Jabber and/or Cisco Webex without overloading the company’s technical support and creating excessive distress for the users. In our case, we needed to implement the scheme of calls, conferences of all types, messaging and screen sharing between Cisco Jabber / Cisco Webex and S4B users via SIP URI, digital numbering was not important.

Let’s suppose that CUCM, IM&P, Expressway-C and CMS clusters are already configured.

CUCM 12.5 SU6
IM&P 12.5 SU6
Expressway 14.0.6
CMS 3.3.2
S4B FE Standard
S4B Edge

Transition Options

Instantly disable S4B for users and immediately transition to Cisco Jabber/Webex

Advantages and disadvantages:

The advantages of this approach are that there is no need to waste your time and resources on configuring integration between S4B and Cisco Jabber.

The disadvantages are: immense strain on the technical support of the organization (especially if there are thousands of users), a flurry of requests and users’ discontent.

Smooth transition with an additional dedicated domain for Cisco Jabber/Cisco Webex users

In many organizations domain names are a mess. Sometimes an organization has a bunch of third-level domains, or even different domains, and users are hosted anywhere. And in order to level this condition, you can perform the transition within those domains (not necessarily two of them), but Cisco Jabber will require one more additional domain.

Advantages and disadvantages:

The advantages of this approach are: simplicity of the transition (both Cisco Jabber / Cisco Webex and S4B clients can work for one user), there is no flurry of requests from users, and the load on the technical support of the organization is low.

Disadvantages: first of all, the future task of moving users to a single domain (it is assumed that Cisco Jabber will initially have a second-level domain) with the cost of reconfiguration and service failure during this transition, which is critical in itself. Another huge disadvantage is that it is impossible to add an additional user contact to the client card on S4B, which basically prevents S4B users from calling since no one wants to dial anything manually. However, you can simply “disable” users on S4B and “enable” them on Cisco Jabber / Cisco Webex while changing in the user accounts in Active Directory the required field (e.g. MSRTCSIP or IPPHONE) which is used to form the Directory URI in CUCM (configured in the LDAP settings), setting a new value for Cisco Jabber/Cisco Webex, which is used to generate the SIP URI.

Smooth transition without an additional dedicated domain for Cisco Jabber/Cisco Webex users

Advantages and disadvantages:

The advantage of this approach is the simplicity of transition. Disable S4B for a user and enable Cisco Jabber/Cisco Webex. And you don’t even need to change anything in user accounts in Active Directory.

The only disadvantage is the impossibility to exchange messages between Cisco Webex and S4B clients due to architectural features. Enabling the hybrid messaging service does not solve the problem, and setting up SIP Federation is impossible due to the fact that the same domain is being used everywhere. However, everything works fine between Cisco Jabber and S4B clients.

In this article we’ll talk about the last option (transition without an additional domain), inline.com has been chosen as a test domain.

Calls

Call signaling will work according to the following diagram.

A call from Cisco Jabber/Cisco Webex comes from CUCM to CMS in the standard SIP format, then it is translated into a Microsoft standard call and sent to Expressway-C, then to Skype for Business (blue arrows on the diagram).

A call from Skype for Business in Microsoft SIP format is sent to Expressway, then to CMS, which sends the call back to Expressway, and Expressway routes it back to S4B. S4B does not find the recipient and re-sends it to the Expressway, which sends it to the CMS again. CMS understands this is a loop and breaks it, sending the call in the Standard SIP format to the Expressway according to the second rule, and the Expressway sends the call to CUCM. This transitions are marked in red on the diagram.

The scheme has been made so complex because we couldn’t find another way to resolve Standard and Microsoft SIP calls, provided that users with the same domain can be located both in S4B and on CUCM.

The logic is that if the Cisco Jabber profile on CUCM does not have a Directory URI specified, then the user with the correct SIP URI is in S4B. In this case, it is impossible for a user with the same SIP URI to work in both S4B and CUCM at the same time.

Generally, you can also create a direct SIP Trunk between CUCM and S4B to route SIP URI calls through it, and route Dual-Home conferences through CMS. This would simplify routing because Dual-Home conferences are always call-by-number, i.e. one Route Pattern towards CMS and one SIP Route Pattern towards S4B would be enough, but we are not looking for easy ways.

Next, let’s set up:

1. Create SIP Trunk Security Profiles

For Expressway:

For CMS:

For IM&P:

2. Create SIP Trunks

For Expressway:

For CMS:

For IM&P:

3. Create SIP Route Patterns on CUCM

4. Create a CMS Conference Bridge

5. Fill in the Organization Top Level Domain for Enterprise

6. Create UC Services and Service Profile

7. Set up the Cisco Jabber Configuration File

You need to add these parameters, otherwise, when you add a contact to the Cisco Jabber contact list, the chat address in the added contact card will be incorrect, the contact suffix will contain the user domain this contact adds to itself, and, as a result, messaging and status transfer won’t work.

8. Import MS AD Users to CUCM

In our case it doesn’t matter which LDAP fields to import Directory URI and Phone Number from.

9. Create Rules for Incoming Calls and Call Forwarding on CMS

10. Create Rules for Outgoing Calls with Corresponding Priorities

11. Set up Microsoft Interoperability on Expressway

12. Create Zones on Expressway

13. Create Search Rules on Expressway

Sending Messages and Presence Statuses

Messaging between Cisco Jabber and S4B users will work through so-called IntraDomain federation. However, we manually change the route that is automatically created on IM&P servers towards S4B directly, redirecting it towards Expressway.

IMP&P also requires an address scheme in the Directory URI form.

Now configure IM&P:

1. Security Settings

2. Incoming ACL

3. Outgoing ACL

4. Application listeners

5. Routing Settings

6. Static Routes

7. TLS Context Configuration

8. TLS Peer Subjects

Setting up Skype for Business

Setting up trust relationships with Cisco servers

1.1. Setting up trust with CMS

Create a CMS pool:

New-CsTrustedApplicationPool -Identity cms.inline.com -Registrar sfbfe01.inline.com -Site 1 -RequiresReplication $false -ThrottleAsServer $true -TreatAsAuthenticated $true -ComputerFqdn cms01.inline.com

Add CMS servers to the pool:

New-CsTrustedApplicationComputer -Identity cms02.inline.com -Pool cms.inline.com
New-CsTrustedApplicationComputer -Identity cms03.inline.com -Pool cms.inline.com

Create a CMS application:

New-CsTrustedApplication -ApplicationId CiscoCMS -TrustedApplicationPoolFqdn cms.inline.com -Port 5061

1.2. Setting up trust with CUPS

Create a CUPS pool:

New-CsTrustedApplicationPool -Identity cups.inline.com -Registrar sfbfe01.inline.com -Site 1 -RequiresReplication $false -ThrottleAsServer $true -TreatAsAuthenticated $true -ComputerFqdn cups01.inline.com

Add CUPS servers to the pool:

New-CsTrustedApplicationComputer -Identity cups02.inline.com -Pool cups.inline.com

Create a CUPS application:

New-CsTrustedApplication -ApplicationId CiscoImPres -TrustedApplicationPoolFqdn cups.inline.com -Port 5061

1.3. Setting up trust with Expressway-C

Create an Expressway-C pool:

New-CsTrustedApplicationPool -Identity expc.inline.com -Registrar sfbfe01.inline.com -Site 1 -RequiresReplication $false -ThrottleAsServer $true -TreatAsAuthenticated $true -ComputerFqdn expc01.inline.com

Add Expressway-C servers to the pool:

New-CsTrustedApplicationComputer -Identity expc02.inline.com -Pool expc.inline.com

Create an Expressway-C application:

New-CsTrustedApplication -ApplicationId CiscoExpWay -TrustedApplicationPoolFqdn expc.inline.com -Port 5061

1.4. Applying settings

Save topology settings:

Enable-CsTopology

Restart services on Front End servers:

Stop-CsWindowsService
Start-CsWindowsService

Setting up routes

2.1. Setting up the root domain

$x1 = New-CsStaticRoute -TLSRoute -Destination 'expc.inline.com' -MatchUri 'uc.inline.com' -Port 5061 -UseDefaultCertificate $true
Set-CsStaticRoutingConfiguration -Identity Global -Route @{Add=$x1}

2.2. Setting up additional domains

If it is necessary to add routes to additional domains, change the MatchUri field value:

$x2 = New-CsStaticRoute -TLSRoute -Destination 'expc.inline.com' -MatchUri '' -Port 5061 -UseDefaultCertificate $true Set-CsStaticRoutingConfiguration -Identity Global -Route @{Add=$x2}

2.3. Applying settings

Saving topology settings:

Enable-CsTopology

Restarting services on Front End servers:

Stop-CsWindowsService
Start-CsWindowsService

Configuring trusted certificates

3.1. On Front End servers, open the MMC Certificates snap-in (Computer).

3.2. Proceed to the Trusted Root Certification Authorities section.

3.3. Make sure that the certificate of the root CA that issued the certificate for Cisco servers is present.

3.4. If it is missing, import the required root certificate.

Checking SFB Server Settings

4.1. Address book settings

It is recommended to make the address book policy settings WebSearchOnly. View the current settings:

Get-CsClientPolicy | ft Identity,AddressBookAvailability

Change settings:

Set-CsClientPolicy Global –AddressBookAvailability WebSearchOnly

4.2. Media traffic encryption support settings

It is recommended to set the media traffic encryption settings to SupportEncryption. View the current settings:

Get-CsMediaConfiguration | ft Identity,EncryptionLevel

Change settings:

Set-CsMediaConfiguration global -EncryptionLevel SupportEncryption

Moving a user to another UC system

5.1. Disabling a user on SFB.

Use PowerShell (or any other method) to prepare lists of user IDs. The ID can be UPN, SIP Address, sAMAccountName, Display Name:

$SfbUsers = Get-CsUser –ResultSize Unlimited | ?{$_.SipAddress –like "*@uc.inline.com" –and $_.Enabled –like «True»} | select sAMAccountName,SipAddress,Enabled

Disable those users:

foreach($UcUser in $SfbUsers) {Disable-CsUser –Identity $UcUser.sAMAccountName –Confirm:$false}

5.2. Enabling msRTCSIP-PrimaryUserAddress attribute

After disabling users on SFB servers, fill in their msRTCSIP-PrimaryUserAddress attribute with the appropriate address that is used on the Cisco servers:

foreach($UcUser in $SfbUsers) {Set-AdUser –Identity $UcUser.sAMAccountName –Replace @{«msRTCSIP-PrimaryUserAddress»='sip:'+$($UcUser.sAMAccountName)+'@uc.inline.com'}}

The configuration process is complete.

Debugging Cisco UCCE 12.x Agent Greeting Feature

Hello!

Today I’d like to share our experience in debugging Agent Greeting feature on Cisco UCCE.

This is a popular feature, but if something is not working correctly, it can be hard to find relevant information on troubleshooting.

It began quite simply: agent’s greeting wasn’t working, though the script has been tested and used before in other working environments.

Let’s discuss several issues I’ve faced while debugging this feature.

Issue #1

The first problem with auto agent greeting feature was caused by the lack of RTP stream (actually it was one-sided). In order for an agent’s phone (physical device, Jabber, IP Communicator) to play a greeting, an RTP stream should be created between VVB (voice browser) and the agent’s phone. After RTP connection is established, a subscriber can hear a greeting played by VVB through the agent’s phone.

In our case, VVB was playing a greeting, but neither subscriber nor agent could hear it.

It was obvious that there’s a problem with RTP, so I started looking for it. I decided to collect a dump of network traffic from VVB to see if there is an RTP stream. I used Putty to connect to VVB CLI and executed the following commands:

utils network capture-rotate file <name> size ALL sizePerFile 100 maxFiles 25 – activate network traffic capturing and wait for a call to an agent that has a problem with greeting.

After the agent has answered the call, you can click Ctrl+C to stop capturing.

file get activelog platform/cli/*.cap* recurs compress reltime hours 1 – this command collects the previously captured traffic for the last hour (change “1 hours” parameter as needed – minutes/hours)

To delete unneeded capture files from VVB, so they don’t occupy its space, execute the following command:

file delete activelog platform/cli/*.cap*

You can also collect Engine logs from VVB to see if the voice browser has received from CVP a command to play a greeting and if it has started playing it.

I use Wireshark to analyze the network traffic. You can find your call in Telephony > VoIP Calls menu. Check “Time of Day” to simplify the search.

Below you can see two diagrams, one of them showing a normal call in with a greeting, and the other showing a problematic call in which no greeting has been played.

SIP diagram of a call with a greeting:

You can see an established RTP stream between VVB and a phone. As a result, agent’s greeting has been played to the subscriber.

SIP diagram of a call in which a greeting has not been played:

There’s no RTP stream, and the subscriber can’t hear the greeting.

The problem turned out to be in our customer’s firewall rules. RTP ports were open from VVB subnet to phones’ subnet, but there was no rule in the reverse direction. After the ports were opened from the phones’ subnet to VVB, the subscribers became able to hear the greeting.

Issue #2

This happened when I deployed agent greeting on our customer’s second contact center. Considering the previous experience, I though it’s the same problem once again, but it wasn’t the case. In VVB logs I saw that it didn’t get a request for greeting playback from CVP.

To analyze this problem, I went through the call flow of the agent greeting from the very beginning:

  • Agent PIM sends Route request to DN "PlayAgentGreeting"
  • Router replies with VRU label for CUCM
  • AgentPIM requests phone to addMediaStream
  • Call is initiated from the phone BIB to the DN specified in the addMediaStream request
  • CVP sends Request Instruction message to RTR
  • Router replies with RunExtScript PM, -a
  • CVP creates wav file name and instructs VVB to play it

You will need the following logs: rtr, jgw, agent pim, CVP, VVB capture, ccm and sdl logs from CUCM.

You can see "PlayAgentGreeting" route request to DN in agent pim log. If everything works correctly, you will find the event that is shown on the screenshot below:

In our case, agent pim didn’t send a route request to DN, so I knew there's a mistake in the script. I checked the script and saw that a block with Call.AgentGreetingType variable is missing. This variable is responsible for the selection of agent's greeting. Without this variable, greeting hasn’t been selected, and route request has never been sent. After the variable was added, the greeting began working correctly.

I hope that my experience will be useful.

Thank you for your attention.

Cisco CMS Ad-Hoc Conferencing with CUCM

Ad Hoc is a widely used conferencing type that can implement trilateral or multilateral conferences. CMS can be used as a conferencing bridge resource.

We’re going to use CUCM 11.5SU1 and CMS 2.3.3 for experimental purposes. Please use a proper configuration according to your own environment.

Note

CUCM versions prior to 11.5 SU3 use TLS 1.0, and CMS 2.3 and later versions use TLS1.2. If a CUCM version earlier that 11.5 SU3 is integrated with CMS 2.3+, you should modify the CMS TLS version information. Use the following command for CMS:

tls webadmin min-tls-version 1.0
tls sip min-tls-version 1.0

The configuration process includes the following steps:

  • Certificate-related configuration;
  • CMS-related configuration;
  • CUCM-related configuration;
  • Testing.

Certificate-related configuration

CUCM and CMS should trust each other to implement Ad Hoc conferencing, so you’ll need a certificate application (CA or OpenSSL).

(1) Certificates for CUCM Side

A. Download the root certificate from CA or OpenSSL, as shown below (CA is used for this example):

B. Upload the root certificate to callmanger-trust.

Log in to CUCM > Cisco Unified OS Administration > Security > Certificate management, click Upload Certificate / Chain Certificate, fill in the parameter fields and click upload.

  • Certificate Purpose: CallManager-trust
  • Description (friendly name): CUCM trust ROOTCA from CA
  • Upload file: rootca.cer (select your file)

C. CUCM uploads the certificate and applies it to Call Manager.

1. Create a request:

Generate a Certificate Signing Request
  Certificate Purpose: CallManager
    Distribution field: default
    Common Name field: default
  Subject Alternate Names (SANs)
    Parent domain: cms.bv.lab (domain name)
  Key Type: RSA
    Length field: default (2048)
    Hash Algorithm field: default (SHA256)

2. Upload the generated CSR.

3. Generate a certificate.

Log in to CA http://10.79.246.137/certsrv > Certificate Request > extended certificate request, click Submit.

4. Upload the certificate to CUCM.

Log in to CUCM > Cisco Unified OS Administration > Security > Certificate Management, click Upload Certificate / Chain Certificate, fill in the parameter fields and click Upload.

(2) CMS Certificate

A. Create a CSR and upload cama.csr:

pki csr cmsa
CN:cms.bv.lab (domain name)
subjectAltName:cmsa.cms.bv.lab,cmsb.cms.bv.lab,cmsc.cms.bv.lab,10.79.246.177,10.79.246.178,10.79.246.185 (all domain
names and addresses in the CMS cluster)
pki list
User supplied certificates and keys:
cmsa.key
cmsa.csr

B. Generate Certificate

Log in to CA http://10.79.246.137/certsrv > Certificate Request > extended certificate request, click Submit.

C. Upload root certificate and CMS certificate

pki list
User supplied certificates and keys:
cmsa.cer
rootca.cer

CMS-related Configuration

A. Configure a Call Bridge

cmsa > callbridge
Listening interfaces : a
Preferred interface : none
Key file : cmsa.key
Certificate file : cmsa.cer
Address : none
CA Bundle file : rootca.cer

B. Configure Webadmin

cmsa > webadmin
Enabled : true
TLS listening interface : a
TLS listening port : 8443
Key file : cmsa.key
Certificate file : cmsa.cer
CA Bundle file : rootca.cer
HTTP redirect : Disabled
STATUS : webadmin running

C. Configure Incoming Call Handling

CUCM-related Configuration

A. Upload the CMS webadmin certificate to callmanager-trust
B. Create a trunk
C. SIP profile

  • Use Fully Qualified Domain Name in SIP Requests
  • Conference Join Enabled
  • Deliver Conference Bridge Identifier
  • Enable OPTIONS Ping to monitor destination status for Trunks with Service Type "None (Default)" – optional
  • Allow Presentation Sharing using BFCP
  • Allow iX Application Media
  • Allow multiple codecs in answer SDP – optional

D. Add a conference bridge
  • HTTP port is a port number for CMS webadmin access. (Note: for CUCM 11.5.1 SU3 or newer, you can choose “Cisco Meeting Server” conference bridge type; for older versions you can only use “Cisco Telepresence Conductor”.)

Cisco Official link for certificate: https://www.cisco.com/c/en/us/support/docs/conferencing/meeting-server/213820-configure-cisco-meeting-server-and-cucm.html

Cisco Expressway 12.5.5. Remote Videoconferencing without VPN (Part 3)

TURN

TURN stands for Traversal Using Relays around NAT. Basically, it’s a device that is publically accessible from the Internet and can send and receive multimedia. To function properly, it must be accessible for external devices on the Internet as well as for internal devices (such as CMS), so audio and video traffic can come in and out the organization. In such case, the TURN server acts as an anchor point for the media that is trusted by the firewall.

By the way, the CMS server can be deployed as an edge device and function as a TURN server, but since the Expressway-E has TURN server capabilities as well, it seems reasonable to configure it in Expressway instead of creating extra CMS servers or increasing the load on the existing CMS server. Regardless of which device is used as a TURN server to anchor media, the TURN server must be configured in the CMS database so that the Call Bridges know where to send media and, since the TURN server is on the public internet, the web client can know where to send its traffic. An Expressway-E, acting as a TURN server, will bridge the traffic received on its internal and external interfaces together so that users can establish two-way communication.

For any device to use a TURN server, authentication is required. You should configure a set of authentication credentials on the Expressway-E to use for TURN.

Create a “Traversal…” user account.

Configure the Expressway-E TURN server.

TURN in CMS

If there’s no cluster, you can simply specify the TURN CMA and TURN CMS addresses in CMS web interface.

Port 5222 or port 5223

It’s better to use the secure port 5223 in ServerAddress field. However, in this case we are using port 5222 because we have a wildcard certificate in CMS, and it can only have a domain and “*.domain” in CN and SAN. So, the actual address of CMS web portal doesn’t coincide with CN and SAN in the certificate, which means we can’t use 5223, only 5222.

TURN CMS (serverAddress) — The IP address that CMS should expect to get traffic from when clients connect to a conference.

TURN CMA (clientAddress) — The address that clients (both internal and external ones) should send traffic to in order to take part in a conference.

TURN CMA (clientAddress) and TURN CMS (serverAddress) can be one and the same address if Expressway-E has a public IP address and is not located behind any NAT. If Expressway-E is behind a NAT device, then TURN CMA is the public IP address that Expressway is being translated into. TURN CMS (serverAddress) is a local IP address in the corporate network. For the same reason port 3478 should be open from Cisco Meeting Server towards Expressway-E.

If Expressway-E is located behind a NAT, then you should configure NAT Reflection on your firewall. Basically, it makes it possible for internal clients and/or devices to be rerouted to Cisco Meeting Server address as they connect to a conference using TURN CMA (clientAddress).

NAT Reflection is also needed for MRA, because if Expressway-C initiates connection with Expressway-E by “knocking” on the private IP address of Expressway-E, then Expressway-C will require an RMS license for calls from/to a jabber device that is outside the corporate network (i.e. calls will be treated as B2B). To avoid this, you should create an A record in your internal DNS pointing at the public address of Expressway-E, and NAT Reflection will reroute the traffic towards Expressway-E to the private IP address.

Working with NAT

For a cluster, use Postman to configure TURN on any of CMS cluster nodes, and these settings will be applied to other nodes automatically.

Create TURN servers and fill in the following parameter values:

  • serverAddress
  • clientAddress
  • username
  • password
  • type

We have already discussed the first and second parameters. Third and fourth are the login and password for the user account we have created in Expressway-E. The last parameter is the type of TURN server (in our case that’s Expressway, but it could be CMS as well).

For a cluster, two or more TURN servers should be created (the number equals the number of Expressway servers in a cluster).

In status, we can see if TURN is available for CMS and so on, see below.

Specify CMS

In order for Expressway-C to see CMS cluster, you should configure your internal DNS server. In the external domain zone (if you have a Dual Domain scenario), create a join directory with a _tls subdirectory. Inside the _tls subdirectory, create three DNS SRV records named _cms-web with corresponding priorities, pointing at DNS A records: cms01.internal-domain.com, cms02.internal-domain.com, cms03.internal-domain.com.

Enter “join.[external]-example.com”, so Expressway will see all servers in a CMS cluster:

Now turn on MRA (Mobile and Remote Access).

Turn On MRA

On Expressway-C:

On Expressway-E:

It’s recommended to change the default Expressway-E port from 443 (for example, to 445). If Expressway-E is clustered, perform this action for each of them. If you leave the port number unmodified, your external users will connect to Expressway-E Web Admin instead of CMS.

Note that your firewalls must have the following ports open:

Follow your URL: join.example.com to check if the web portal is available from outside.

There are different ways to configure call routing:

  • Route calls to Cisco UCM;
  • Route calls to Cisco Expressway-C (preferable).

The difference is what acts as the central call routing node. You can also perform a flexible configuration using CMS and Expressway priorities.

In our case, it will be the second option. See the picture below (it was taken from the Deployment guide, so please disregard everything that’s outside the firewall).

Routing on CMS

Incoming calls

Outbound calls

You can set CUCM as a SIP proxy (as a first option), but it requires the CUCM itself being properly configured (trunks, SIP Rout Patterns, Route Lists, etc).

Business to Business calls

Business to Business (B2B) calls are the major feature of Expressway. B2B enables performing video calls, calls from/to organizations, external video services and clients on Internet, while safely bypassing corporate firewalls.

B2B calls are based on a possibility of call routing through Expressway. This can also be achieved through domains, CUCM and most of the other SIP call management objects, but Expressway also has the concept of a DNS zone. You don’t have to identify the remote destination of a call explicitly. Instead, Expressway DNS finds the call destination outside the organization network. Our DNS zone is already configured.

Create a search rule for incoming calls on Expressway-E

In our company, you can only perform an incoming call to a special conference with the following SIP-URI: meeting@example.com

We’ll create a regular expression: meeting@example\.com\.*

You can read more about these parameters in the documentation or use the tips in Expressway.

To put it simply, an incoming SIP call from DefaultZone, that has meeting@example.com in its destination address, will be routed to UC Traversal zone.

Create a search rule for outgoing calls on Expressway-E

We’ll create a regular expression: "(?!.*@%localdomains%.*$).*"

An incoming SIP call (coming from Expressway-C side) from UC Traversal zone that has a non-local domain(s) after @ in its destination address will be routed to the DNS zone for a destination lookup (matching the value after @ with its IP address on the Internet) and a successful call.

Transforms

If you have Dual Domain, then the external domain must be transformed into internal. The following regular expressions can be used: "(.*)external.com((:|;).*)?" and "1\@internal.com"

Create a search rule on Expressway-C

Regular expressions:

  • .*@example.com
  • .*@example.com
  • .*@example.com
  • .*@(cucm-01\.|cucm-02\.)?example\.com\.*
  • .*@(cucm-01\.|cucm-02\.)?example\.com\.*
  • (?!.*@(cucm-01\.|cucm-02\.)?example\.com\.*

Transforms

You should also add transformations for correct call routing.

  • Strip :5060 from Outgoing URIs
  • Transform destination aliases to URI format
  • Replace IP within Domain dialing from CUCM-Publisher
  • Replace IP within Domain dialing from CUCM-Subscriber
  • Let’s make test calls. Call a conference with Cisco RoomKit Mini from inside the organization, from outside (using a B2B call with Cisco RomKit Plus), and connect through the web as well.

    Connect to the conference through web:

    Call from outside:

    Call from inside:

    The conference has been gathered.

    For the record, 1900@external.com and 999@internal.com are registered on their CUCMs.

    What was it like for Expressway and CMS:

    Incoming call on Expressway-E:

    Details of the call passing through Expressway-E:

    Incoming call on Expressway-C:

    Details of the call passing through Expressway-C:

    Incoming call on CMS:

    Sources:

    Read also:

    Cisco Expressway 12.5.5. Remote Videoconferencing without VPN (Part 2)

    Certificates

    Expressway servers need certificates to communicate with each other. That’s why root and intermediate certificates of the CAs that issued certificates for your servers must be listed as trusted.

    Proceed to Maintenance menu > Security > Trust CA certificate. Upload those root and intermediate certificates.

    In our case, the certificate for Expressway-C was issued by a local CA, which is equivalent to self-signed, and Expressway-E has a certificate issued by Let’s Encrypt (a free certificate that must be renewed every 3 months). Expressway has an auto renewal feature that will be described below.

    Concerning the free Let’s Encrypt certificates:

    • Open intermediate certificate and root certificate links.
    • To be accepted by Expressway, a .p7b chain must be converted into a root certificate.
      In Windows 10:
      a. Right click on this file and select Open with > Crypto Shell Extensions
      b. Right click on DST Root CA X3, select All Tasks, Export and Save.
      In Linux, convert p7b to pem using this command:
      openssl pkcs7 -inform der -in dstrootcax3.p7c -print_certs -out dstrootcax3.pem
    • Copy the internals of an intermediate certificate into notepad and save it.
    • Upload both certificates to Expressway-E, Trust CA section.

    Root and intermediate certificates of a local CA are marked in red.

    Root and intermediate certificates of Let’s Encrypt CA are marked in blue.

    • Generate a certificate signing request for Expressway-C.

    No subject alternative names are needed for Expressway-C.

    In Unified CM phone security profile names, you should enter the Phone Security Profiles created in Unified CM, but this setting is only needed for TLS interactions between Expressway-C and CUCM. In our scenario, it is not needed.

    • Send the request to the private CA, get a certificate and upload it to Expressway-C.
    • Generate a certificate signing request for Expressway-E in a similar way. Add a SAN: join.example.com, example.com or collab-edge.example.com, if there’s a DNS A record for example.com pointing at your corporate website IP address. You also have to create a DNS A record for collab-edge.example.com in the external DNS server, or the request will be rejected.

    Without example.com or collab-edge.example.com, Cisco Jabber clients will give you ‘unreliable certificate’ warnings.

    • Click Deploy Pending Cert.
    • If everything has been done correctly, it should look like this.

    Note: in version 12.5.6, there’s a BUG concerning this matter. Versions 12.5.7 and 12.5.8 have been retracted due to security problems, so please upgrade to 12.5.9.

    Zones

    A zone is an abstract set of anything (domains, IP addresses, devices, services) with a certain set of rules. You can use zones to configure bandwidth, call routing and authentication, and apply these settings to everything within a zone. When you create Dial plans, you select zones the call should be passed to/from (instead of selecting domains).

    There are several types of zones.

    • Neighbor — a zone for connectivity with CMS, CUCM or other Expressway-C.
    • Localzone — a zone including devices registered to Expressways.
    • ENUM — for E.164 requests.
    • DNS — for DNS requests.
    • Webex — for scenarios with calls being passed from a corporate network to the Internet and then to a cloud. Similarly, calls from a Webex meeting are routed through the Internet and passed to the local routing system.
    • Traversal (Client, Server) — for firewall traversal during call routing between Expressway-C and Expressway-E.
    • UC Traversal — for Jabber with all its features to be reachable from the Internet.
    • Default — whatever doesn’t belong to any other zone, falls here and works according to Default zone rules (if you have no rules, everything will be rejected).

    So, let’s proceed to Expressway-C and create Neighbor zones for CUCM and Cisco Meeting Server.

    Zones for CUCM

    There should be a separate zone for each of CUCM servers in publisher and subscriber cluster(s). If you create a single zone and specify all servers in address fields, then only one in N calls will pass, with N standing for the number of servers in the CUCM cluster. Same for CMS.

    In our case, there are only two servers.

    The first zone:

    The second zone:

    You should also create a SIP Trunk Security Profile and a Trunk from CUCM to Expressway.

    SIP Trunk Security Profile

    Please note that you should set the incoming port to 5065, or it won’t work.

    Trunk

    Now you should set the port number to 5060. If you use 5065, it will work, but the trunk’s status won’t change to Full Services and will always stay Unknown. You should also specify the correct CSS (depending on your configuration), and set the previously created SIP Trunk Security Profile and Standard SIP Profile for Cisco VCS as SIP Profiles.

    Zones for CMS

    If it’s just a single server and not a cluster, you can leave the Zone Profile Default.

    If you have a cluster, you should fill the address fields with FQDNs of all clustered servers and set Meeting Server load balancing to ON.

    UC Traversal Zone (Expressway-C)

    In our case, H.323 protocols are not used, so we create a UC Traversal Zone, not just Traversal.

    On Expressway-C, configure a client connection in UC Traversal zone. In relation to traversal tunnel between Expressway-C and Expressway-E, Expressway-C is a client. It establishes a tunnel from local network to Expressway-E (which is in DMZ), so that signaling can be passed through the corporate firewall in both ways. That’s why we should enter the login/password that will be created on Expressway-E (where we configure the server part of UC Traversal zone).

    Now, on Expressway-C, it should look like this:

    Neighbor zones (and rules for that zones) CEtcp… will be created automatically if you explicitly set a CUCM in Expressway-C (Configuration > Unified Communications > Unified CM servers).

    In CUCM 12.5, an Expressway will be created automatically as well.

    UC Traversal Zone (Expressway-E)

    Usually, Expressway-E is located in the DMZ and has an interface that is accessible from the Internet (sometimes this interface address is behind NAT). Most firewall policies don’t allow incoming connections from the DMZ to the local network. However, most firewall policies allow outgoing connections from the local network to the DMZ and the Internet. Expressway-E is configured as a traversal server, being able to accept connections from firewall traversal clients (such as Expressway-C) which are inside the local network. These connections are used for two-way communication between Expressway-E and Expressway-C.

    On Expressway-E, you should create a user for the traversal connection. Let’s call it uctraversal.

    Configure the UC Traversal Zone.

    DNS Zone

    First of all, DNS Zone is for searching DNS SRV records in order to find the destination for a called domain. For SIP, it looks for _sips._tcp. domain and/or _sip.tcp. domain, depending on encryption and security settings. You can configure Expressway to perform standard A record requests, too, in order to find a call's destination if a search for SRV records fails. Such calls make it possible for Expressway to route calls to destinations that aren’t defined explicitly. You can simply register the corresponding DNS SRV records in a public DNS server, and then get calls from external clients automatically and/or call them if they have performed the same action. That’s called open federation or Business-to-Business (B2B) calls.

    In the next part of this article, we’ll talk about TURN configuration and Business to Business (B2B) calls.

    Read also:

    Cisco Expressway 12.5.5. Remote Videoconferencing without VPN (Part 1)

    It’s time to make corporate communication services available remotely with no additional efforts like using Cisco Anyconnect and/or creating VPN tunnels.

    In this article, we’ll tell you how to configure Cisco Expressway server to make videoconferencing work from outside your office as well.

    Cisco Expressway provides a secure firewall for voice and video sharing, and supports many features, such as B2B calls, mobile and remote access (MRA), and also TURN server capabilities (Traversal Using Relay NAT). So, this can be called a Single Edge solution which is a preferable borderline solution for unified communications and Cisco Meeting Server.

    Licensing

    Cisco Expressway servers can be deployed as Core (Expressway-C) and Edge (Expressway-E). If they are being deployed from scratch, they are not Expressways at first, they are simply VCS servers. You must install the required licenses to make them Expressway servers.

    Each server (no matter Edge or Core) requires a LIC-SW-EXP-K9 license (to put it simple, a Release key).

    Core servers require the following licenses:

    • LIC-EXP-GW
    • LIC-EXP-SERIES

    Edge servers require the following licenses:

    • LIC-EXP-GW
    • LIC-EXP-SERIES
    • LIC-EXP-E
    • LIC-EXP-TURN

    Optionally, you can add the following licenses:

    • LIC-EXP-MSFT-PMP — Microsoft Interoperability Option (for Expressway-C), it is required for interactions with Skype for Business;
    • LIC-EXP-RMS-PMP — Rich Media Session licenses (for both Expressway-C and Expressway-Е);
    • LIC-EXP-DSK — Expressway Desktop Endpoint license (for Expressway-C), to register personal endpoints to Expressway;
    • LIC-EXP-ROOM — Expressway ROOM license (to register video codecs to Expressway);
    • LIC-TP-ROOM — to register codecs to CUCM (optionally includes LIC-EXP-ROOM);
    • LIC-EXP-AN — Advanced Networking option, an additional network interface (for both Expressway-C and Expressway-Е)

    Rich Media Session license consumption depends on the connection type:

    • Connections to/from Expressway Registered Endpoints;
    • Connections to/from Expressway Non-Registered Endpoints;
    • Connections to/from through Traversal Zone;
    • Connections to/from Cisco Cloud Service;
    • Connections to/from UCM, Conductor, CMS or Expressway through Neighbor Zone.

    In my case, the virtual machines have been already deployed and network interfaces have been configured.

    Looking forward, there are different scenarios of Expressway-C and Expressway-E bundle deployment.

    In terms of domains, there are two options:

    1. Single domain (if you have a single domain, e.g. example.com, to be used both inside and outside your network).

    2. Dual domain (internal domain is example.local, external domain is example.com).

    In terms of topology, it’s recommended to use two network interfaces, one for each separate DMZ. However, we’ll consider two options:

    1. DMZ with a single local network interface for Expressway-E.

    You can use a public IP address given by your internet provider. No need to configure NAT Reflection at your firewall to make Cisco Meeting Server work outside your network.

    2. DMZ with two local network interfaces for Expressway-E.

    To use this feature, you should have Advanced Networking option active in Option keys section.

    Besides, in both cases you have to specify whether this IP address will be visible from outside the NAT.

    DNS

    You should create the following external/internal DNS records (depending on whether you are deploying a clustered or non-clustered, Single or Dual Domain server):

    Single Domain

    DNSTYPERecordPurpose
    ExternalAexp-e. external-example.comExpressway-E internet address. You can use any other name.
    ExternalAjoin. external-example.comPoints to Expressway-E address. Required for connecting to CMS conference via WebRTC.
    ExternalSRV_collab-edge._tls. external-example.comPoints to Expressway-E address. Required for telephony, messenger and voice mail services to be discovered by Jabber client app. Port 8443.
    ExternalSRV_sip._tcp. external-example.comPoints to Expressway-E address. Required for incoming calls. Port 5060.
    ExternalSRV_sip._udp. external-example.comPoints to Expressway-E address. Required for incoming calls. Port 5060.
    ExternalSRV_sips._tcp. external-example.comPoints to Expressway-E address. Required for encrypted incoming calls. Port 5061.
    InternalSRV_cisco-uds._tcp. internal-example.comPoints to Cisco UCM’s A record. Required for telephony services to be discovered by Jabber client app. Port 8443.
    InternalSRV_cuplogin._tcp. internal-example.comPoints to Cisco UP’s A record. Required for messenger services to be discovered by Jabber client app. Port 8443.
    InternalSRV_xmpp-client._tcp. external-example.comPoints to Cisco Meeting Server’s A record. Required for clients to find XMPP server.
    InternalSRV_xmpp-server._tcp. external-example.comPoints to Cisco Meeting Server’s A record. Required for CallBridges to find XMPP server.

    Dual Domain

    DNSTYPERecordPurpose
    ExternalAexp-e. external-example.comExpressway-E internet address. You can use any other name.
    ExternalAjoin. external-example.comPoints to Expressway-E address. Required for connecting to CMS conference via WebRTC.
    ExternalSRV_collab-edge._tls. external-example.comPoints to Expressway-E address. Required for telephony, messenger and voice mail services to be discovered by Jabber client app. Port 8443.
    ExternalSRV_sip._tcp. external-example.comPoints to Expressway-E address. Required for incoming calls. Port 5060.
    ExternalSRV_sip._udp. external-example.comPoints to Expressway-E address. Required for incoming calls. Port 5060.
    ExternalSRV_sips._tcp. external-example.comPoints to Expressway-E address. Required for encrypted incoming calls. Port 5061.
    InternalSRV_cisco-uds._tcp. internal-example.comPoints to Cisco UCM’s A record. Required for telephony services to be discovered by Jabber client app. Port 8443.
    InternalSRV_cisco-uds._tcp. external-example.comPoints to Cisco UCM’s A record. Required for telephony services to be discovered by Jabber client app. Port 8443.
    InternalSRV_cuplogin._tcp. internal-example.comPoints to Cisco UP’s A record. Required for messenger services to be discovered by Jabber client app. Port 8443.
    InternalSRV_cuplogin._tcp. external-example.comPoints to Cisco UP’s A record. Required for messenger services to be discovered by Jabber client app. Port 8443.
    InternalSRV_xmpp-client._tcp. external-example.comPoints to Cisco Meeting Server’s A record. Required for clients to find XMPP server.
    InternalSRV_xmpp-server._tcp. external-example.comPoints to Cisco Meeting Server’s A record. Required for CallBridges to find XMPP server.

    Please note that if you have a Dual Domain server, you should create a zone with an external domain in your internal DNS, and then create the red-marked records in it. So, the users will be able to use the same login for their Cisco Jabber apps, whether they are logging in from inside or outside the corporate network (with an external domain, login names usually coincide with corporate email addresses).

    You should also create domains and select the services to be supported for this domains.

    Services

    • SIP registrations and provisioning on Expressway — indicates if Expressway is trusted for this SIP domain. Expressway acts as a SIP registrar and presence server for this domain, and also accepts registration requests from all SIP clients trying to register with an alias that includes this domain.
    • SIP registrations and provisioning on Unified CM — indicates if Expressway acts as a gateway for CUCM to provide safe pass through a firewall and support endpoint registration to CUCM.
    • IM and Presence Service — indicates if Expressway acts as a gateway for IMP and supports messenger and presence services.
    • XMPP federation — for a local domain that requires XMPP federation services (a domain that participates in federation with any other domains).

    Please note that if you need static routes for federated external domains, they should be configured on Expressway-E.

    If you are using Dual Domain scenario, you should enter both domain names in Expressway-C and Expressway-E configuration sections (or all domain names, if there are more than two of them).

    In the next part of this article, we’ll go on with Expressway configuration (specifically, we’ll talk about certificates and zones).

    Read also:

    Cisco call recording, silent monitoring and whisper coaching over MRA

    Work from home is the New Normal for workers around the world. Cisco IP phones are gathering dust in the half-empty offices. Cisco Jabber deployed on remote devices (home PC, personal mobiles etc) and registered with CUCM over MRA (Mobile and Remote Access) through Cisco Expressway - this is how the typical Cisco voice infra looks like these days.

    But what about call recording and agent coaching features (silent monitoring and whispering)? In this article we'll let you know the software versions you need to get this working, various limitations of these features in the MRA mode and some best practices.

    If you're going to support remote workers with your on-premise Cisco Collaboration platform OR you're planning a call recording deployment for your MRA/Expressway configuration, the following might be useful.

    First, the good news is that everything is supported assuming that your UCM/Expressway/Jabber versions are up to date.

    The minimum configuration you need for the Built-in Bridge (or "Active";) call recording over MRA is:
    - Cisco Jabber 11.9 (for Windows, for Mac, for Adroid or for iPhone/iPad)
    - Cisco UCM Enterprise 11.5 (1) SU3
    - Cisco Expressway X8.11.1

    This min configuration has several major limitations:
    a) with UCM 11.5 a mobile Jabber is not CTI-controlled which doesn't allow CUCM call recording software to determine the direction (incoming/outgoing) of a call though it can be recorded.
    b) Recording only works for direct person-to-person calls and not for conferences.
    c) Recording is not currently supported for Silent Monitoring and Whisper Coaching features.

    Though you can record Cisco Jabber calls and access call recordings within Cisco Jabber.

    In Cisco Collaboration Systems Release 12.0 the mobile Jabber became a CTI-cotrolled endpoint and the limitaion "a" from the point 2 was lifted.

    Now, as Cisco Expressway is the crucial component of the MRA deployment all the limitations depend on its version. And with every new version of Cisco Expressway things are getting better. Lets take a look.

    1 Cisco Expressway X12.5
    Still there are major limitations for recording over MRA:
    - recording does NOT work for conferences
    - Silent Monitoring and Whisper Coaching are NOT supported at all
    - in the case of call recording for Cisco Jabber endpoints, Jabber does not support injecting recording tones into the media streams.

    2 Cisco Expressway X12.6
    - starting from X12.6.1 Silent Monitoring is supported
    - Whisper Coaching and Whisper Announcements are supported from X12.6.2.
    The recording tones do not work for Jabber clients.

    3 Cisco Expressway X12.7
    No improvements to call recording, monitoring and whispering over MRA.

    4 Cisco Expressway X14.0
    MRA supports recording tones for Cisco Jabber clients and Webex Unified CM registered applications.

    So, now you know exactly what call recording features are supported with your Mobile and Remote Access deployment.

    Active Call Recording Configuration for Cisco UCM (CUCM)

    In this article we’re going to tell you about active call recording configuration for Cisco UCM (CUCM). In a few words, active recording is a more comfortable, flexible, scalable and efficient call recording tool for Cisco devices (with BiB support). “Comparing to what?” you may ask. The answer will be: comparing to passive recording. Passive recording is performed by the means of traffic mirroring (using SPAN/RSPAN/ERSPAN).

    It works like this: the recorder server collects a call’s metadata through API (in CUCM, JTAPI is a part of CTI), and RTP stream comes from a phone through BiB (Built-In Bridge) directly.

    Active recording is supported by such vendors as Nice, ZOOM, Verint, STC (Speech Technology Center) and others. Let us turn now to configuration.

    Configuring CUCM Application User

    Log in to IP PBX interface. Proceed to User Management → Application User.

    Click Add New. The following form appears:

    • Fill in the User ID
    • Enter the user’s password in the Password field. Enter the same password in “Confirm Password”.

    Select available devices to be added to Controlled Devices.

    Click Add to User Group to add roles.

    This application user should be able to control users in order to record their phones. Assign the following roles:

    • Standard CTI Allow Park Monitoring
    • Standard CTI Allow Call Recording Standard CTI Allow Control of Phones supporting Connected Xfer and conf
    • Standard CTI Allow Control of Phones supporting Rollover Mode
    • Standard CTI Enabled

    Click Add Selected.

    Click Save. The Application User configuration is over. Now let’s configure a SIP trunk.

    Configuring a SIP trunk

    Proceed to Device → Trunk.

    Then click Add New.

    Set the Trunk Type = SIP trunk, Device Protocol = SIP.

    Enter the Device Name for the trunk, enter its Description, select a Device Pool (a set of common parameters), set SIP Trunk Security Profile to Non Secure SIP Trunk Profile, set the SIP Profile to Standard SIP Profile.

    Now, you should configure a Route Pattern (a route to the trunk).

    Configuring CUCM Route Pattern

    Enter a number that is not occupied in the dial plan. E.g. 1111. In the Gateway/Route List, select the trunk you have created.

    Recording Profile

    Proceed to Device → Device Setting → Recording Profile. Click Add New.

    • Enter the name of the profile;
    • Enter the number you have used for the Route Pattern configuration (in our case, that’s 1111).

    Now you only have to configure recording for a phone line (turning on BiB), assign a Recording Profile to the phone, turn on Allow Control of Device from CTI option and set the Recording Option to Automatic Call Recording Enabled.

    How to Reset Cisco IP Phone to the Factory Default

    When using Cisco IP Phones, you may face some problems that can only be solved by a factory reset of the phone. The procedure itself is ridiculously simple.

    Reset Cisco IP Phone 7900 series

    During the factory reset procedure, the following information will be erased:

    • CTL (Certificate Trust List) file;
    • LSC (Locally Significant Certificate) file;
    • Call history (incoming, outgoing, missed);
    • Phone applications.

    The following parameters will be set to factory defaults:

    • User configuration settings (ringing sound, screen brightness, volume level, etc);
    • Network configuration settings.

    Before Resetting a Cisco IP Phone

    Please bear in mind that IP Phones lose all configuration files and phone applications after the factory reset. You should configure your CUCM or CME so that an IP Phone will be able to get new information (configuration and application files) after the reset is over, or else you won’t be able to use the IP phone. This is a necessary step of Cisco IP Phone hardware upgrade, too.

    Note that the instructions in the current article were created for devices in a clean lab environment. All the devices have a default configuration. If you are working in a corporate network, please make sure that you understand the possible effect of all commands.

    Cisco 7920 Wireless IP Phone

    By default, system parameters in Network Configuration and Phone Settings menu are hidden to prevent users making changes that can compromise the phone functionality. To access those parameters, you need to launch the phone in administration mode.

    Accessing the Administration Mode

    To access the system parameters and hidden phone settings on the Cisco Unified Wireless IP Phone 7920, perform the following steps:

    • Press the Menu key;
    • Press the star (*) key. Press the pound (#) key twice;
    • Press the green receiver (:f09f939e:) key to access the admin mode.

    Note: To hide those parameters, reboot the phone or press any of these keys while being in the first level menu, and then press the green receiver (:f09f939e:) key:

    • Any key between 0 and 9;
    • Star (*) key;
    • Pound (#) key.

    Resetting Cisco 7920 Wireless IP Phone

    To reset Cisco 7920 Wireless IP phone to the factory default, perform the following steps:

    • Proceed to Menu > Phone Settings > Factory Default;
    • The phone will display the «Restore to Default?» message;
    • Press OK. All settings are deleted now.

    Proceed to Menu > Network Config to change the wireless network parameters.

    Cisco 7940 and 7960 (also 7911, 7975)

    Perform the following steps:

    • Proceed to main Date/Time window;
    • Press **# to unlock the network configuration;
    • The network configuration symbol should be unlocked now. If it is not, leave the main window and press **# again;
    • Press 3 key (or scroll) to move to «Network Configuration» option;
    • Press 33 (or scroll) to move to «Erase Configuration» option;
    • Press Yes;
    • Press Save.

    Sometimes you may need to perform a factory reset of a phone when the password is set. Let’s go through the reset process using Cisco IP Phone 7975 as an example:

    • Cut the power to the phone (unplug the power cable, or Ethernet cable in case you have PoE);
    • Push the pound (#) key and turn the power on while holding it;
    • Wait for a while. The phone begins its power up cycle;
    • Some buttons (Headset | Mute | Speaker) will start flashing. Then you can release the “#” key;
    • After that, you will see a prompt to enter something on the screen on your phone;
    • You have 60 seconds to enter the key sequence: 123456789*0#. It commands the device to reset all parameters;
    • After you have entered the sequence correctly, the phone will display the following message: “Keep network cfg? 1 = yes 2 = no” Press 2 to reset the phone network configuration. Press 1 to keep the current network settings;
    • The phone has been reset. Over time, it will reboot, connect to TFTP server, download the required firmware and register with CUCM again;
    • If you entered a wrong code (instead of 123456789*0#), the phone will be started normally without resetting. If you accidently enter any key in a sequence twice in a row, e.g. 1234456789*0#, the phone will accept this code and start the reset procedure anyway;
    • If you didn’t enter anything, after 60 seconds the phone will be started normally.

    Cisco 7941 and 7961

    To reset Cisco 7941 and 7961, perform the following steps:

    • Unplug the power cable and the plug it in again;
    • Immediately push the pound (#) key and hold it;
    • After Headset, Mute and Speaker buttons will start flashing, release the # key;
    • The phone is waiting for the reset sequence;
    • To reset the phone, enter the key sequence: 123456789*0#;
    • If you accidently enter any key in a sequence twice in a row, the phone will start the reset procedure anyway. If you enter a wrong code, the phone will be started normally without resetting;
    • If you have entered the sequence correctly, the phone starts the reset procedure and displays the following message: “Upgrading”.

    Cisco 7942 and 7962

    To reset Cisco 7942 and 7962, perform the following steps:

    • Unplug the power cable and the plug it in again;
    • Immediately (before the speaker button starts flashing) push and hold the pound (#) key;
    • Hold it until line buttons start flashing yellow;
    • Release # and enter 123456789*0#;
    • If you accidently enter any key in a sequence twice in a row, the phone will start the reset procedure anyway. If you enter a wrong code, the phone will be started normally without resetting;
    • The line buttons start flashing red, and phone begins the reset procedure;
    • Don’t turn off the phone until it completes the factory reset and displays the main screen.

    Reset Phones with 3CX Phone System Support

    If your 3CX Phone System supporting phone doesn’t work and you would like to start the configuration process from scratch, you can reset your phone to factory default.

    Cisco 303, Cisco 502g, Cisco 504g, Cisco 508g, Cisco 509g, Cisco 525g

    Proceed to the phone menu > select Option 14 to reset phone settings > press OK.

    Grandstream GXP 2100, GXP 2110, GXP 2120, GXP 2124, GXP 1405, GXP 1400, GXP 1450

    Proceed to the phone menu > Settings > Reset to factory. Press OK to confirm factory reset.

    Grandstream GXP 2010, GXP 2000, GXP 2020

    Proceed to the phone menu > Settings > Reset to factory. Enter the MAC address of the device and press OK.

    Yealink SIP-T20, SIP-T22, SIP-T26, SIP-T28, SIP-T32, SIP-T38

    Press OK and hold it for 10 seconds. Then press OK to confirm factory reset.

    Or proceed to the phone menu > Settings > Advanced Settings > Enter the phone password (the default password: admin) > Select “Reset to Factory”, and press OK. Confirm the factory reset.

    Polycom IP 301, 501, 550, 601, 650 and 670

    Press 4, 6, 8 and * keys and hold them. You’ll have to enter the admin password to perform the factory reset (the default password: 456).

    Polycom IP 320, 321, 330, 331, 335, 430, 450, 560 and 7000

    Press 1, 3, 5 and 7 keys and hold them. You’ll have to enter the admin password to perform the factory reset (the default password: 456).

    Polycom IP 4000, 5000 and 6000

    Press 6, 8 and * keys and hold them. You’ll have to enter the admin password to perform the factory reset (the default password: 456).

    Polycom VVX 1500

    Press 2, 4 and 6 keys and hold them. You’ll have to enter the admin password to perform the factory reset (the default password: 456).

    That’s it. Now you can easily reset your problematic phone.

    Good luck.

    Cisco Secure Remote Working Tools

    With pandemic in the picture, the interest in remote working tools has noticeably increased. But, as it turned out, not all tools can provide the required level of security and confidentiality. These features are exactly what Cisco’s communication solutions are aiming at. The company has conducted a series of webinars on such systems.

    A Kiev Cisco system engineer Igor Sukaylo has started his presentation with several examples of the perpetrators’ ways to mess with your communications. E.g., spoofing their number to call anyone from “your” phone. Voice recognition problem has also been solved. In December, 2019 there has been a not so loud announcement on AI being able to imitate a subscriber’s voice. A Ukrainian start-up has created a piece of software that was able to replace a subscriber’s voice with any other voice on the fly. Combining these two possibilities, you can give any order to anyone. Actually, no public means of communication can be trusted. So, many companies and departments have started using corporate unified communications (UC).

    The speaker has considered several measures that can be taken in this situation. One of them was implementation of cloud services. Cisco can deploy an infrastructure on customer’s site, or even implement a hybrid system combining cloud and local infrastructures. In particular, WebEx Rich components belong to hybrid infrastructures, enabling integration of a cloud service not only with a calendar, directories and corporate Key Management System, but also with phone and video components, located on a company’s site.

    As a pilot project, Cisco can implement a full spectrum of remote and collaborative working tools: Jabber, Expressway, conferences. There will be almost no limitation to the number of participants and conferences, held simultaneously or altogether, without any functional restrictions. Restrictions may only arise due to the computing resources, though the requirements are really modest.

    Concerning Jabber and MRA (Mobile and Remote Access) development: since version 12.5, the voice traffic between devices has been being passed through a point-to-point protocol. So, there is no “ground - cloud” transition for two communication devices. No delays, zero packet loss, higher quality. Voice and signaling traffic is being encrypted with a 264-bit key, which is sufficiently break-proof for today.

    Nowadays you can simply bring home any video phone, any video terminal, literally any device that has been connected to the corporate infrastructure. And the public Internet access will remain.

    According to the speaker, Cisco flagship video conferencing tool Meeting Server is the cheapest as well as the most advanced solution. It is also compatible with any device, and it can be deployed on a virtual server. Licensing is implemented not by the number of participants, but by the number of concurrent conferences.

    Since self-isolation is important for all organizations, the question of interdepartmental contacts raises. You can’t visit your colleagues, and simple phone calls are not as efficient as personal interactions. Cisco can build unified interdepartmental communications, and a regular DNS on the Internet may serve as a central node. The connection is encrypted, of course.

    Banking has been chosen for practical examples. In banks, there are services that require visual identification. To avoid personal visits, you can deploy Cisco Meeting Server (CMS) in a bank. A manager sends a client a link with a password. The client follows this link, a browser prompts them to enter the password, and a video session with the manager starts.

    Banking also requires some protection from spoofed calls. You can build your own channel for that using a WebEx Teams-based cloud service. It provides an open API, so customers can embed the required WebEx Teams components into their own mobile applications. Clients can call a corporate contact center, send a message, start a video call, and (which is unique for now) a bank can call the client’s mobile app.

    Distant meetings are important, too. They can’t be implemented with plain video conferences. That’s not enough. One of Cisco partners has a Meeting system, and Cisco has integrated its video conference in it. So, remote participants are going to have projects, resolutions and other documents. The whole process will be recorded on video.

    Going back to WebEx, the speaker has noted its main advantages. First of them was the ease of use; second, a possibility to be integrated with different office applications, e.g. CRM systems; third, being able to work with external participants as well as with internal ones. You can use any device to connect to WebEx. In fact, WebEx is a universal platform.

    WebEx is not just a remote meeting tool. It also includes WebEx Meetings, WebEx Training Center, WebEx Event Center and WebEx Support Center. All these products are optimized for specific functions. Such specialization has appeared more than 10 years old, in order to meet the requirements of Cisco clients.

    WebEx can be integrated with several business applications, including Slack, which is a relatively popular communication platform. However, you can’t use Slack for video conferencing. WebEx Meetings is integrated with Slack on the level of commands. You can also integrate Slack with Google Gmail. If a customer has G Suite, native integration with G Suite is possible. And integrating WebEx Meeting with Google Class creates a kind of a light version of Learning Management System, increasing the usability for the teachers and students.

    WebEx (specifically, WebEx Meetings) can also be integrated with some Microsoft products. When you are planning a conference or a meeting via Outlook, you can simply enter “@WebEx” in the “Location” field. Cisco calendar connector, integrated with the corporate environment, will send this request to WebEx, and all participants will get a corresponding link. Essentially, WebEx can be integrated with Skype for business. WebEx Meetings and Microsoft Teams integration is also possible.

    Many customers are interested in video device integration, since Microsoft has changed its video protocols (without backward compatibility, as usual). There are several options. First of all, Cisco has made an agreement with Microsoft about integrating Microsoft Teams and Cisco terminals via CVI (Cloud Video Interop). The second option, already mentioned above, is integrating Microsoft Teams and WebEx Meetings. The last option is integration through CVI, connecting two clouds (WebEx cloud and Microsoft Teams cloud) that have a connector with a transcoder between them. As you plan a meeting, the calendar sends a request to WebEx cloud. On each terminal you can see “One Button to Push”. Click it to join the video conference. The video terminal calls Microsoft Teams, and Microsoft Teams clients can participate in this conference. However, all calls pass through the WebEx cloud before being transferred to Microsoft Teams.

    So, what’s the difference between CVI connection and WebRTC (Web Real Time Communications) connection? In the first case, you can only participate in meetings within your company. In the second case, customers can join any Microsoft web conference. However, CVI performs two-sided content transmission, and WebRTC will only pass the information from Microsoft to customers. All devices support CVI, and only modern devices support WebRTC. There are other differences, particularly, the registration procedure.

    Concerning the corporate infrastructure integration, you can connect computers and mobile software, use any video terminal to call WebEx, perform a callback to any SIP and video terminal. And, as the speaker has emphasized, you can integrate with any corporate PBX for free. There are also paid services, such as callback and accepting calls from landline numbers.

    Finally, new WebEx devices have been presented. The old system has been replaced with a new three-screen system. Two of the screens are for video. Such solution is intended for important negotiations. For the first time, a handy co-working tool for video conferences has been implemented. It was achieved by involving one more camera that is being set up against the video terminal. However, this product is for big meeting rooms. You can also use WebEx cloud service to share your notebook’s content on the board. According to Igor Sukaylo, the hit of 2020 will be the integration of WebEx Room Kit Mini with Samsung Flip TV, which has a special built-in software turning a TV into a full-blown video terminal for collaborative working.

    Besides that, another new device has been released: WebEx Room Kit USB. It is basically a light version of Room Kit Mini with no touch pad, just a remote control device. It can be used as an advanced web camera. You can also upgrade it to Room Kit Mini, if need be.

    A new Cisco device named WebEx Desk Pro is designed for personal work. Unlike DX80, it is for one or two persons only. It is not a replacement, DX80 is going to remain on sale. WebEx Desk Pro features include wireless access to content, getting and sharing content, and a 27-inch display with 4K resolution. It comes with a USB-C port, which makes it a dock station, and a main monitor with sensor routing options. There are also a command mode (in English only), sensor routing to Windows PCs, auto crop and background replacement.

    This solution can be used as a web camera as well as a remote collaborative working tool, e.g., for telemedicine.

    Cisco Finesse Basic Features: Operator / Supervisor Web App

    In this article we’ll describe the most important features of Cisco Finesse agent & supervisor workspace. This software was designed to work with the “hearts” of UCCX and UCCE-based contact centers.

    Connecting to Extension Mobility

    To access Extension Mobility from a phone:

    • Click Services button;
    • Enter your User ID and PIN;
    • Confirm.

    The phone will be restarted and will get a new profile and number. Similarly, you can log off.

    Launching Finesse Agent App

    • Launch a compatible web browser;
    • Enter the URL of your Finesse application;
    • On the authorization page, enter:
      • ID – the agent’s ID;
      • Password;
      • Extension – the agent’s phone number;

    • Sign in.

    That’s it. If you need to log off, you should change your status to “Not ready”, “End of shift” or similar status indicating the end of work. Then click “Sign Out” in the upper right corner.

    Finesse Manager Interface

    Finesse Agent Interface

    The queue statistics shows the number of incoming calls waiting in the contact center’s queue. This section also shows the longest waiting time.

    The Team summary report section shows other agents, their status and unavailability reason as a numeric code.

    Agent Statuses

    This is relatively simple. If an agent is not ready, the status looks like this (red indicator):

    If an agent is ready to work, the indicator is greed .

    Changing Agent’s Status

    As you could have already noticed, the agent’s status has a dropdown list. You can select any of the ready/busy statuses:

    Answering a Call

    First of all, your status must be “ready”. After a call comes to your desktop, your status automatically changes to “reserved”. The Call Status area (see the Finesse Agent Interface screenshot above) widens and shows different call options. To answer a call, click the Answer button. It is green.

    Call Processing in Finesse

    During a conversation with a client, an agent can see the following:

    Call Transfer

    To transfer a call:

    • Click the Consult button (shown on the screenshot above);
    • Enter the extension number;
    • Talk to the addressee. If they are ready to accept the call, click Transfer.

    Conference

    To create a conference:

    • Click the Consult button;
    • Enter the number;
    • Click Call;
    • Talk to the contact. If they are ready, click Conference.

    Outgoing Calls

    To make an outgoing call from Cisco Finesse:/

    • Set your status to Not Ready to stop accepting incoming calls;
    • Click Make a New Call.

    • Select the addressee in your contact list or use the key pad to enter a number:

    • Click Call;
    • To end the call, click End.

    Cisco Unified Intelligence Center

    Reports are important, aren’t they? Especially, in a major contact center, with thousands of operators working and SLA control being a crucial business aspect.

    In this article, we'll discuss the features, architecture and specific terms of Cisco Unified Intelligence Center (CUIC).

    What for?

    CUIC can work with historical data and real-time data. You can install it at a standalone server, or deploy it in a cluster using up to 8 servers.

    In CUIC, you can add different reports, including customized ones, modify the repots’ presentation, create diagrams, charts, permalinks, dashboards and use many other features.

    Architecture

    In terms of high-level architecture, CUIC works like this:

    1. A user (supervisor) requests report generation in CUIC via a web browser;
    2. The request is being processed by a web server in Unified Intelligence Center cluster;
    3. Data is parsed through a Data Source;
    4. The data source presents real-time or historical reports from UCCE or CVP reporting server.

    You can also connect CUIC to UCCX data.

    When you configure the connection to UCCE (CUIC has a separate Data Sources configuration section), you enter AWDB (Administrative Workstation DB) server connection parameters. This is, basically, a SQL connection on port 1433 (unless you have changed it).

    As we have already mentioned, CUIC is basically a data visualizer for DB sources. The initial setup includes configuring data sources.

    Now let’s look at the interface.

    What does it look like?

    The authorization form is pretty standard:

    We have already mentioned Data Source creation form. Here it is:

    This is simply a DB connection.

    Reporting. On the screenshot below, you can see the system dashboard. Please note that there are reports, notes (they can be used to pin important data), frames for important web resources:

    CUIC, as of Version 12

    In version 12, Cisco has improved the interfaces of its contact center products. Finesse agent desktop interface has also been modified. Please look at the previous screenshot once again. Now you can see the changes in CUIC user interface:

    Cisco Packet Tracer Download and Installation Guide

    Cisco Packet Tracer is a software tool for network simulation. You can use it to design both simple and relatively complex network topologies. You can also configure virtual machines, routers, commutators and other network devices to check network topologies in Packet Tracer.

    Cisco Packet Tracer can also simulate wireless networks, VoIP networks and many others.

    If you aim at Cisco certification (e.g. CCENT, CCNA, etc.), you can use Cisco Packet Tracer to configure Cisco network devices (such as commutators and routers) via Cisco IOS.

    Cisco Packet Tracer is free to download. All you need is registration to Cisco Network Academy. You can create a Cisco Network Academy account for free.

    In Packet Tracer 7, a user authentication feature has been introduced. A Network Academy user must log in at the first launch of Packet Tracer. Unregistered users can save their topologies three times only. However, they can use a guest access button to sign up for a free self-education course "Introduction to Packet Tracer" and get a netacad.com account with full access to Packet Tracer. "Introduction to Packet Tracer" course will help you to familiarize yourself with basic Packet Tracer features.

    To create a Cisco Network Academy account, proceed to https://www.netacad.com/courses/packet-tracer/introduction-packet-tracer and see the following page. Click Sigh up today! to download Packet Tracer.

    Select English in the dropdown menu. Fill in the form and click Submit.

    After you sign up and confirm your account, proceed to https://www.netacad.com/ to the following page. Click Log In -> Login.

    After you log in, click Resource -> Download Packet Tracer in the menu.

    On this page, select and download the required version (for Windows, Linux, MacOS, Android or iOS).

    Install and run. Use you netacad account to sign in upon the first launch. To sign in without an account, click Guest Login in the right bottom corner of the screen, wait for the countdown and click Confirm Guest button.

    That’s it! Now you can begin.

    Cisco Unified Communication Manager. From Unrestricted to Restricted.

    Let me share the experience of moving from Unrestricted to Restricted CUCM version. The reasons for migrating were: a possibility to use Cisco Jabber to transfer files through MRA (Mobile and Remote Access), encryption and other security features, and also a solution for the double ringing signal problem during Cisco Jabber calls through MRA to PSTN. According to the compatibility matrix, this problem has arisen because Cisco Expressway were too new (12.6.1) for CUCM (11.0). By the way, CUCM was running in full-fledged production mode, so the migration was risky for business in terms of subsequent normal functioning. This was not an easy process, so having an experienced colleague nearby happened to be helpful.

    Cisco doesn’t support rolling up backups from Unrestricted version to Restricted, and updating from Unrestricted to Restricted also isn’t an option, so you’ll have to perform a fresh installation from scratch.

    The following entities should be created/deployed step-by-step:

    Stage 1

    1) DNS records:

    A records: cucm01.example.com, cucm02.example.com, cups01.example.com, cups02.example.com
    SRV records in internal DNS: _cisco-uds._tcp.example.com, _cuplogin._tcp.example.com

    2) Deployment of the new virtual machines.

    .

    In our case, that have been 11.5 versions of the last CUCM and CUPS releases (2 nodes per cluster).

    Note that if Alerting Names of your phone numbers are not in English, you have to install the required language locales, or the names won’t be shown during calls (within a cluster as well as between clusters).

    Besides that, we have set the virtual disk to 120Gbytes instead of 80Gbytes to avoid potential problems with overfull partitions.

    3) Sending certificate signing requests and uploading certificates to CUCMs and CUP servers.

    Use two templates to issue certificates: Web Client and Web Server, or SIP trunks on port 5061 between the new cluster and other Cisco infrastructure won’t work.

    4) Import the certificates from the old and new clusters to each other.

    a. On each cluster, configure SFTP server to import/export certificates.

    b. On each cluster, export all certificates.

    c. On each cluster, import all certificates.

    d. Click Consolidate.

    e. Make sure both clusters’ certificates are in Trust List.

    f. Restart Cisco Tomcat service on each cluster.

    Stage 2

    Export settings and configurations from old CUCM and CUPS servers.

    1. Export all cluster settings except Advanced Features section and Enterprise Parameters, Server, Cisco Unified Communications Manager, Cisco Unified Communications Manager Group and Service Parameters.

    Download the generated file.

    We are migrating a production server, so, even if we copy those settings as well, we’ll get a conflict with ILS, since the same users will have a home cluster. We also don’t need some parameters to be set to the old cluster’s values.

    We highly recommend checking the values of Ad Hoc and Meetme conference participant numbers.

    2. Export Line Appearance.

    Download the file we’ve generated.

    Line appearance is responsible for user statuses (On call, on meeting, etc). All users well be “offline” in jabber unless you import these settings.

    3. Export contact lists from CUPS.

    Users’ own contact lists are stored on CUPS. They should be exported/imported separately, since users’ jabbers are being moved.

    Chose "all assigned users in the cluster".

    Note that the contact list file formats are slightly different, State field has been added in new CUCM.

    Old format:

    New format:

    You should edit the downloaded file (for instance, in MS Excel). Add State column and fill it with “1” values, or this contact list won’t be imported.

    4. On the new CUCM cluster, set a cluster name that’s different from the old one.

    5. If needed, change localization parameters in Enterprise Parameters.

    6. On the new IMP cluster, change domain and scheme (if they are different), make InterCluster settings same as the old ones.

    7. Download jabber-config.xml from the old cluster and upload it to the new one. Restart Cisco TFTP service. (If you are migrating to version 12.5 or higher, this is not necessary, you can configure this file in UC service and link it to Service Profile).

    Stage 3

    The third stage is highly recommended to be performed outside office hours, so users won’t lose their connection to telephony services.

    1. Import everything you’ve exported during the second stage.
    2. Remove the old UCM and IMP nodes from Expressways.
    3. Disconnect the old CUCM cluster (or change its mode to standalone if Disconnect doesn’t work for some reason) in ILS Configuration section.

    4. Configure ILS on the new CUCM cluster.

    5. Remove the old CUCM cluster from PLM, add the new CUCM cluster.

    6. Change option 150 (or 66, depending on your configuration) on DHCP server to the new CUCM cluster IP address, then Reset and Restart all phones from old cluster. They must register with the new CUCM cluster.

    7. On Expressway, add the new UCM and IMP clusters.

    8. Edit trunks to other PBXs, replacing the cluster IP addresses.

    That’s it!

    This article is a translation of a guide originally created by S. Dubinin, Telecommunications Specialist - https://habr.com/ru/post/524772/

    Управление логистикой

    [URL=http://richcall.aurus5.com/services/avtomatizatsiya-biznesa/upravlenie-logistikoy/]Управление логистикой[/URL]

    Автоматизируем управление заказами и закупками, снабжение и сбыт, управление запасами, складами, а также работу с поставщиками.

    Онлайн-кассы – новая реальность ecommerce-бизнеса в России

    [URL=http://richcall.aurus5.com/news/novosti/onlayn-kassy-novaya-realnost-ecommerce-biznesa-v-rossii/]Онлайн-кассы – новая реальность ecommerce-бизнеса в России[/URL]

    Что будет, если не использовать онлайн-кассы и как избежать штрафов.

    How to enable video in Cisco UCCX/UCCE

    Since Cisco Remote Expert Mobile/Cobrowse solution reached its end-of-sale there is no native app adding video channel to a Cisco-based contact center.

    A great alternative is Aurus RichCall for Cisco UCCX/UCCE, which offers a best-in-class support for Cisco environment. There are 3 points of integration - Cisco UCM, Cisco UCCX and Cisco Finesse.

    Here is the call flow explaining how we achieved that.

    1. A customer initiates an online call

    Customer uses a widget embedded into a website.

    2. RichCall server makes a SIP call to CUCM

    RichCall server uses the preconfigured SIP trunk to make a SIP call to the UCCX CTI port configured in Cisco UCM.

    3. UCCX routes the call to an agent

    UCCX places the call to one of UCCX queues and routes it to one of the available agents.

    4. An agent answers the call

    An agent answers the call using his Cisco endpoint. One of UCCX call variables indicates that the incoming call is a video call.

    5. RichCall establishes interactive session

    RichCall established an interactive video-enabled session. The agent uses RichCall Agent UI embedded in Cisco Finesse for video and web-collaboration with the client.

    More about Aurus RichCall for Cisco contact center

    Notes on Cisco Meeting Server Setup

    In this article I’ll gather some notes and tricks on Cisco Meeting Server setup.

    Cisco Meeting Server Web Client

    Web Client makes it possible for persons without any client at all (except for web browser) to join a conference. In a room you can get an invitation link and a PIN to be transferred to a meeting participant. However, this feature won’t work immediately after the installation. You have to add callbridge certificate to webbridge’s trusted services. Use the following command:

    webbridge trust <CallBridge certificate>

    Then you’ll be able to pass links from CMS client to your partners, and they will be able to enter a conference room using just their names.

    The clients will see the following form:

    And then, the “contents” of the room.

    The connections number restriction in Skype for Business

    During a regular conference, we faced a restriction to the number of external Skype for Business participants. New participants ended up disconnected before entering the room. After we consulted specialists, we decided to increase the number of CMS registration at S4B servers.

    To achieve that, we created 5 AD users for CMS and registered that accounts in Skype for Business. The pattern is username[1-9]. So, if we increase the number of connections up to 5, we have to add 5 users (username1, username2, username3, username4 and username5) and register the corresponding accounts in S4B.

    After that, enter the required number of connections in CMS settings.

    As you can see on the picture above, we have created 5 users: cms1, cms2 .. cms5. After this simple operation we have never faced restrictions to the number of connections in a room again. We have had up to 25 participants.

    Cisco Meeting Server Setup

    Cisco Meeting Server is an audio and video conferencing solution. You can join clients from different software products (SIP, Cisco UCM, Skype for Business (Lync), etc.) in a single conference. This article includes some notes based on the results of the work done, with no claim to comprehensiveness.

    Cisco Meeting Server Usage Scenario

    Our environment includes Skype for Business (S4B) and federations with several external partners. We often have to conduct meetings with many remote participants. S4B can only provide 5 simultaneous video streams in a conference, which is not enough. Cisco Meeting Server (CMS) can bypass that restriction, with additional possibility to adjust the layout of video streams in S4B interface for the clients. Like that, for example:

    CMS virtual rooms allow not only to invite participants, but also to add clients that don’t have any compatible software at all, using a WebRTC client or a plain telephone call.

    Cisco Meeting Server Installation

    CMS can be deployed as a standalone piece of hardware as well as a VM. We used a template to deploy a VM on VMWare ESXi. There is also a Hyper-V template. The deployment process is trivial. The only trick, recommended in CMS documentation, is to set the required number of CPU cores (vCPU).

    After the deployment is over, open the server console and log in. The default CMS login/password is admin/admin. The system will prompt you to change the password.

    Now you should configure the network parameters. If you have DHCP, you can use ipv4 a command to check the issued address at once.

    a” is the name of the first network interface. In CMS, they are named with letters. The next one will be “b”, etc.

    You should also save the MAC address from this command’s output. You’ll need it to get a trial or permanent license for CMS.

    If DHCP server is unavailable for CMS, you should set an IP address manually. Use the following command:

    ipv4 a add x.x.x.x/y z.z.z.z

    with x.x.x.x standing for the address, y — the net mask, z.z.z.z — the default gateway. For example:

    ipv4 a add 192.168.1.250/24 192.168.1.1

    The next step is to configure the DNS server. Use the following command:

    dns add forwardzone . y.y.y.y

    with y.y.y.y standing for the address of your DNS server with Active Directory zone. The dot means forwarding all requests to the specified server. Use dns command to view the DNS settings.

    The network configuration is over. Now you can ping the specified address and log in to CMS via ssh.

    CMS Webadmin Configuration

    The next step is to configure CMS administration panel. First of all, get an SSL certificate. There are 2 options: to issue a self-signed certificate, or to sign a certificate in your domain certification service (local CA). (You can purchase a certificate as well).

    To issue a self-signed certificate, execute the following command:

    pki selfsigned webadmin

    (webadmin is the name for your key and certificate, you will need it later).

    Personally, we decided to issue a certificate signed by a local CA, using a single certificate for all CMS services.

    When you are planning a deployment, you have to choose a domain for CMS and host. For example, if domain.com is your domain where S4B is deployed, then it would be better to deploy CMS in a subdomain (e.g. vc.domain.com), so you can configure call routing from S4B to CMS. You should keep this decision in mind while creating a certificate for all services.

    The command is:

    pki csr onecert CN:cms.vc.domain.com

    with onecert standing for the certificate name, CN:cms.vc.domain.com – the CMS host address configured in DNS.

    Now you should copy the CSR file to your computer via SSH and issue a certificate for this file. Then upload the resultant certificate with .cer extension to CMS.

    Now you can configure webadmin:

    webadmin cert onecert.key onecert.cer
    webadmin listen a 445
    webadmin restart
    webadmin enable

    We have chosen port 445 because the standard port 443 may be needed later for a webrtc client for guest access.

    Now you can access the admin panel using a URL like this one: https://cms.vc.domain.com:445

    Cisco Meeting Server License Installation

    After you have entered CMS webadmin, you’ll see the following warning:

    You have to get and install a license file. Send the previously obtained MAC address to Cisco and wait for an answer with a license file.

    Save that file and rename it into cms.lic, then upload it to CMS via an ssh client (e.g. WinSCP).

    Now you should configure and run callbridge. You will need a certificate again. We used a single certificate for all services, so the configuration commands looked like this:

    callbridge certs onecert.key onecert.cer
    callbridge listen a
    callbridge restart

    If you log in to webadmin now, you’ll see that the warning is gone.

    The first part of configuration is done.

    Cisco Meeting Server Cluster: Scalability and Resilience deployment with meeting recording - PART 3

    In the previous part of this article we’ve described the configuration of database, Call Bridge and XMPP clusters, as well as Web Admin service. We have also connected Call Bridge to XMPP and performed the Web Bridge configuration.

    In this part of the article, we’ll finish discussing the details of CMS clustered deployment and configuration.

    Call Bridge Groups

    By default, CMS may use the available conferencing resources inefficiently.

    For example, in a meeting with three participants, all participants may end up being on three different Call Bridges. For these participants to be able to communicate, Call Bridges will automatically create connections between all servers and clients using a single Space, so it will look as though all clients are using the same server. Unfortunately, such conference of 3 participants will take 9 media ports. This is inefficient resource usage. Besides that, when Call Bridge is really overloaded, the default procedure is to go on accepting calls and provide lower-quality service to all Call Bridge subscribers.

    These problems can be solved with Call Bridge Group feature. This feature was introduced in Cisco Meeting Server 2.1 and extended to support load balancing for incoming and outgoing calls, Cisco Meeting App (CMA), including WebRTC participants.

    There are three load limits to be configured for each Call Bridge:

    • LoadLimit — maximum load value for a Call Bridge. Each platform has a recommended load limit, e.g. 96000 for CMS1000 and 1.25 GHz per virtual CPU for a virtual machine. Different calls require different amount of resources depending on the participant’s resolution and frame rate.
    • NewConferenceLoadLimitBasisPoints (by default, 50% of loadLimit) — maximum server load above which new conferences will be rejected.
    • ExistingConferenceLoadLimitBasisPoints (by default, 80% of loadLimit) — server load value above which new participants trying to join an existing conference will be rejected.

    This feature was created for load balancing and call distribution. Other groups, such as TURN servers, Web Bridge servers and recording devices, can also be assigned to Call Bridge Groups, so they can also be grouped correctly for optimal usage. If any of these objects is not assigned to a call group, it is considered available to all servers without any priority.

    These parameters can be configured here: cms.example.com:445/api/v1/system/configuration/cluster

    For each Call Bridge, set the Call Bridge Group it belongs to.

    The first Call Bridge:

    The second Call Bridge:

    The third Call Bridge:

    So, you have configured a Call Bridge Group for better usage of Cisco Meeting Server cluster resources.

    Importing Active Directory Users

    Web Admin Service has LDAP configuration section, but it doesn’t provide complex configuration parameters, and the information won’t be saved in the clustered database, so you’ll either have to perform the configuration manually on each server via Web interface, or do it through API. Let’s do it through API to save the time.

    Use the URL: cms01.example.com:445/api/v1/ldapServers

    Create a LDAP Server object with the following parameters:

    • server IP address
    • port number
    • username
    • password
    • secure

    Set Secure to true or false depending on the port number: 389 — not secure, 636 — secure.

    Map LDAP source parameters to attributes in Cisco Meeting Server:

    • jidMapping
    • nameMapping
    • coSpaceNameMapping
    • coSpaceUriMapping
    • coSpaceSecondaryUriMapping

    Attribute description

    JID is an identifier for CMS login. It will be mapped onto sAMAccountName in LDAP, which is user’s login identifier in Microsoft Active Directory. Note that you should take sAMAccountName and append the domain name conf.pod6.cms.lab. This is the login name for your CMS users.

    nameMapping maps the contents of Active Directory displayName field onto CMS user’s name.

    coSpaceNameMapping creates CMS Space name based on the displayName field. This attribute along with coSpaceUriMapping is required for each user’s Space creation.

    coSpaceUriMapping defines the user’s part of URI, associated with user’s personal Space. Some domains can be configured for dialing into a space. If the user’s part matches this field for one of those domains, the call will be routed into this user’s Space.

    coSpaceSecondaryUriMapping defines a second URI to reach the Space. You will use this to add a numeric alias to route calls into the imported user's Space as an alternative to the alphanumeric URI defined in the coSpaceUriMapping parameter.

    LDAP server and mapping are configured. Now you should create a LDAP source to bind them together.

    Use the URL: cms01.example.com:445/api/v1/ldapSource
    Create a LDAP Source object with the following attributes:

    • server
    • mapping
    • baseDn
    • filter

    Now the LDAP configuration is over, so you can perform manual synchronization. You can either do it in each server’s Web interface (Active Directory section > Sync now button) or through API using a POST command (URL: cms01.example.com:445/api/v1/ldapSyncs).

    Ad Hoc Conferences

    What’s that?

    In traditional Unified CM telephony, ad-hoc conferencing is a call by which two participants are talking directly to one another when one party (using a device registered to the Unified CM) presses the Conference button, calls a different person, and after talking to that 3rd party, presses the Conference button again to join everyone into a 3-party conference.

    What makes this feature different than a scheduled or permanent conference is that an adhoc conference is not simply a SIP call to the CMS. When the conference initiator presses the Conference button the second time to bring everyone into the same meeting, Unified CM must make an API call to CMS to create a conference on the fly, to which all the calls are then transferred. All this happens transparently to the participants.

    This means that Unified CM needs to have the API credentials and Web Admin address/port configured, as well as a SIP trunk directly to the CMS server in order to extend the call.

    When required, CUCM can then dynamically create a Space on CMS, so that each call can be extended directly to CMS and match an Incoming call rule that targets Spaces.

    Integration with CUCM is similar to the described in an earlier article, but this time you must create three CMS trunks and three Conference Bridges, enter three Subject Names in SIP Security Profile, configure Route Group, Route List, Media Resource Group and Media Resource Group List correspondingly, and add some routing rules on Cisco Meeting Server.

    SIP Security Profile:

    Trunks:

    Each trunk looks similarly:

    Conference Bridge

    Each Conference Bridge looks similarly:

    Route Group

    Route List

    Media Resource Group

    Media Resource Group List

    Call Routing Rules

    Unlike more advanced call management systems (Unified CM or Expressway), CMS only looks at the domain in the SIP Request-URI field. So if the SIP INVITE is destined to sip:user@domain.com, CMS only cares about the domain.com. CMS follows these rules for determining where to route a call:

    • 1. CMS tries to match the SIP domain to those configured on the Incoming call matching rules. Those calls can then be routed to any configured Spaces, logged-in users, internal IVRs, or to look up a conference on a Microsoft Lync / Skype for Business (S4B) integration.
    • 2. If there is no match on the Incoming call matching rules, CMS will try to match a domain configured in the Call forwarding table. If a match is made, the rule can explicitly reject a call or forward a call. At that time, CMS can re-write the domain, which is sometimes useful for calls to Lync domains. You can also choose to pass through the call, meaning that none of the fields will be further modified, or to use the internal CMS dial plan. If there is no match in the Call forwarding rules, the default behavior is to reject the call. Keep in mind that forwarding will still anchor the call at CMS, so you're essentially placing CMS in the middle of the call flow.
    • 3. Only forwarded calls are then subject to the Outbound call rules. These settings define the destinations where to send the calls, the trunk type (whether or not the new call will be Lync or standard SIP), and any transformations that may be performed, if pass-through is not selected in the call forwarding rule.

    Here is a log of what’s happening during an Ad Hoc conference:

    The Ad Hoc conference itself:

    Incoming Call Rules

    Configuring Incoming Call Settings is required to be able to receive a call on CMS. As you saw in the LDAP setup, all the users were imported with the domain conf.pod6.cms.lab. So at minimum, you want calls to that domain to target the Spaces. You will also need to set up rules for anything destined to the fully qualified domain name (and potentially even the IP address) of each of the CMS servers. Our external call control, Unified CM, will be configured with SIP trunks targeting each of the CMS servers individually. Depending on whether or not the destination of those SIP trunks is an IP address or the FQDN of the server will determine whether or not the CMS needs to be configured to accept calls destined to its IP address or FQDN.

    The domain that has the highest priority Inbound rule is used as the domain for any user's Spaces. When users are synchronized via LDAP, CMS automatically creates Spaces, but only the user part of the URI (the coSpaceUriMapping), say user.space. The @domain part of the full URI is constructed based on this rule. In fact, if you were to log into Web Bridge at this point, you would see the Space URI has no domain. By setting this rule as the highest priority, you are setting the domain for the generated Spaces to conf.example.com.

    Outbound Call Rules

    To allow for users to make outbound calls to the Unified CM cluster you must configure an Outbound rule. The domain of your Unified CM-registered endpoints, such as Jabber, is example.com. Calls to this domain should be routed as standards-based SIP calls to the Unified CM's call processing nodes. These are cucm-01.example.com as the primary, and cucm-02.example.com as the secondary.

    The first rule sets simple call routing between the cluster nodes.

    The Local from domain field contains the domain part of a caller’s SIP-URI (the part after the “@” symbol) to be displayed at receiving side. If you leave it empty, then it will be substituted with an IP address of CUCM the call has passed through. This field is required to make callback possible, as it will be impossible to call the SIP-URI name@ip-address.

    Calling with a Local from domain set:

    Calling without a Local from domain:

    Make sure to set the incoming calls to be Encrypted or Unencrypted, because it won’t work with Auto value.

    Recording

    The CMS Recorder provides the capability to record meetings. It appears to be just another Cisco Meeting Server. Recorder license is needed and must be applied on the CallBridge component, and not on the Recorder server.
    The Recorder behaves like an Extensible Messaging and Presence Protocol (XMPP) client, so the XMPP server must be enabled on the server that hosts the Call Bridge.

    We have a cluster, so a license must be distributed to all three clustered servers. In your personal area, proceed to licenses and associate (add) MAC addresses for A-interfaces of all CMS nodes.

    It should look like this on each server in a cluster.

    There are several scenarios of Recorder deployment. We’ll stick to the following:

    Before you set Recorder up, make sure you have enough space for the recordings. Here’s a link to a thorough guide to Recording configuration. I’ll make a few important notes for you:

    • It’s best to use the first cluster node’s certificate.
    • The “Recorder unavailable” error may occur if you have specified a wrong certificate in the recorder trust.
    • The recording may fail if the directory you have set for recordings is not a root directory.

    Sometimes there’s a need to record a single user’s or Space’s conferences automatically. This requires two Call Profiles:

    With disabled recording feature:

    And with automatic recording:

    Assign the Call Profile with automatic recording to the chosen Space:

    If a call profile is explicitly assigned to some Space or Spaces, then this call profile will only be applied to these specific Spaces. However, if it is not assigned to any spaces, it will be applied to the spaces that do not have any call profiles assigned.

    Sources:

    Read also:

    This article is a translation of a guide originally created by S. Dubinin, Telecommunications Specialist - https://habr.com/ru/post/434240/

    Cisco Meeting Server Cluster: Scalability and Resilience deployment with meeting recording - PART 2

    In the previous part of this article we’ve discussed the basic configuration and certificate installation process.

    In this part we’ll continue getting into the details of CMS deployment in a failover cluster.

    Database Cluster

    You have uploaded all certificates to your CMS servers. Now you can set up and turn the database clustering on for 3 nodes. The first step is to choose one server as a master database node and set it up.

    Master Database

    The first step of database replication setup is to select the certificates that will be used for the database. Use the following command:

    database cluster certs <server_key> <server_crt> <client_key> <client_crt> <ca_crt>

    Now configure the interface that will be used for DB clustering:

    database cluster localnode a

    Now initialize the cluster’s database on the master server:

    database cluster initialize

    Client Database Nodes

    Perform the same actions, but use the following command instead of database cluster initialize:

    database cluster join <ip address existing master>

    with <ip address existing master> standing for the IP address of CMS server where the cluster was initialized (master server).

    Check the database cluster status on all servers:

    database cluster status

    The same for the third server.

    The first server will be the master server; two others will be slave servers.

    Web Admin Service

    Turn on the Web Administrator service:

    webadmin listen a 445

    Port 445 has been chosen because port 443 is used for users' access to web client.

    Configure the certificate files for Web Admin service:

    webadmin certs <keyfile> <certificatefile> <ca bundle>

    Enable Web Admin:

    webadmin enable

    If everything is right, you’ll get SUCCESS lines saying that Web Admin certificates and network have been configured correctly. Use your web browser to make sure that the service is working: enter the Web Admin address, e.g. cms.example.com:445

    Call Bridge Cluster

    Call Bridge is the only service that is included in every CMS deployment. Call Bridge is the main conferencing tool. It also provides SIP interface, so calls can be routed to or from it, by Cisco Unified CM, for example.

    The following commands should be executed on each server with corresponding certificates.

    Link certificates with Call Bridge service:

    callbridge certs <keyfile> <certificatefile>[<cert-bundle>]

    Bind Call Bridge services to the required interface:

    callbridge listen a

    And restart the service:

    callbridge restart

    Now, with Call Bridges configured, we can set up Call Bridge clustering. It is different from database or XMPP clustering. Call Bridge Cluster may support from 2 to 8 nodes without any restrictions. It provides redundancy as well as load balancing, so conferences can be actively distributed between Call Bridge servers. CMS has additional features, Call Bridge groups and associated features that can be useful for further management.

    Bridge clustering is mostly set up through Web Admin interface.

    The following procedure should be performed on each server in the cluster.

    1. Proceed to Web Admin: Configuration > Cluster.

    2. In Call Bridge identity: enter callbridge[01,02,03] (corresponding to the server name) as a Unique name. You can use any names that are unique for this cluster. They are descriptive, because they indicate the server identifiers (01,02,03).

    3. In Clustered Call Bridges: enter your clustered servers’ Web Admin URLs in the Address field: cms[01,02,03].example.com:445. Make sure to specify the port number. You can leave Peer link SIP domain field empty.

    4. Add the certificate bundle (file containing all your servers’ certificates) as a trusted certificate for each server’s Call Bridge:

    callbridge trust cluster <trusted cluster certificate bundle>

    And restart the service:

    callbridge restart

    So, for each server it should look like this:

    XMPP Cluster

    In CMS, XMPP service is used to process all registration and authentication for Cisco Meeting Apps (CMA), including CMA WebRTC web client. Call Bridge also functions as XMPP client for authentication purposes, so it should be configured the same way as the other clients. XMPP fault tolerance is a feature that is supported in enterprise environments starting from version 2.1.

    The following commands should be executed on each server with corresponding certificates.

    Link certificates with XMPP service:

    xmpp certs <keyfile> <certificatefile>[<cert-bundle>]

    Set the interface to listen:

    xmpp listen a

    XMPP service needs a unique domain name. It is used for users’ authentication. When users try to log in via CMS application (or a WebRTC client), they enter userID@logindomain. In our case, it is userid@conf.example.com. Why isn’t it just example.com? In this specific deployment we have chosen example.com as the Unified CM domain for Jabber users, so we need another domain for CMS users, so calls from and to CMS can be routed through SIP domains.

    Set XMPP domain:

    xmpp domain <domain>

    Enable XMPP service:

    xmpp enable

    In XMPP service, you should create a user account for each Call Bridge. These accounts will be used for XMPP registration. You can use any names (they are not related to the unique names you have configured for Call Bridge clustering). You should add 3 call bridges on one XMPP server, and then enter the same authentication data on other clustered XMPP servers, because this configuration won’t be placed into the clustered database. Later we’ll configure each Call Bridge to use that name and secret for XMPP registration.

    Now we should configure XMPP service on the first server. There are three Call Bridges: callbridge01, callbridge02 and callbridge03. Each account will get a random secret. Those secrets will be used later on other Call Bridge servers to log in to this XMPP server. Enter the following commands:

    xmpp callbridge add callbridge01

    xmpp callbridge add callbridge02

    xmpp callbridge add callbridge03

    Check the result:

    xmpp callbridge list

    You should get the same picture on other servers after you perform the following actions.

    Create identical accounts on two other servers:

    xmpp callbridge add-secret callbridge01

    xmpp callbridge add-secret callbridge02

    xmpp callbridge add-secret callbridge03

    Be careful not to put unnecessary spaces in secrets.

    So, you should get the following picture on all servers:

    Add the certificate bundle (file containing all your servers’ certificates) as a trusted certificate on each clustered server:

    xmpp cluster trust <trust bundle>

    Enable XMPP cluster mode on each clustered server:

    xmpp cluster enable

    Initialize XMPP cluster on the first server in the cluster:

    xmpp cluster initialize

    Join XMPP clusters on other servers:

    xmpp cluster join <ip address head xmpp server>

    Check the XMPP cluster status on each server:

    xmpp status

    xmpp cluster status

    The first server:

    The second server:

    The third server:

    Connecting Call Bridge to XMPP

    Now your XMPP cluster is online. The next step is to configure Call Bridge services to connect to the XMPP cluster. This configuration step should be performed via Web Admin.

    On each server you should proceed to Configuration > General and fill the Unique Call Bridge name field with the corresponding names: callbridge[01,02,03]. The Domain is conf.example.com, and secrets can be listed on any server in the cluster:

    xmpp callbridge list

    Leave the Server address field empty. Call Bridge will search DNS SRV records for _xmpp-component._tcp.conf.example.com to find an available XMPP server. The IP addresses used to connect to XMPP may be different on each server, depending on the values that will be found for _xmpp-component._tcp.conf.example.com for each Call Bridge, which depends on the priority settings for this DNS record.

    Now proceed to Status > General to make sure that Call Bridge service has successfully established a connection to XMPP service.

    Web Bridge

    Enable Web Bridge service on each clustered server:

    webbridge listen a:443

    Set up the certificates for Web Bridge service:

    webbridge certs <keyfile> <certificatefile> <ca bundle>

    Web Bridge supports HTTPS. It will redirect HTTP to HTTPS if http-redirect is enabled.

    Use the following command to enable it:

    webbridge http-redirect enable

    Use the following command to make Web Bridge trust the connections from Call Bridge:

    webbridge trust <certfile>

    with <certfile> standing for the certificate bundle (file containing all your clustered servers’ certificates).

    So, you should get the same picture on each server:

    Now create a user with appadmin role. You need this user to configure your cluster with settings being applied to each server automatically instead of configuring each server separately.

    Use Postman (https://www.postman.com/downloads/) for further configuration.

    Choose Basic Auth in the Authorization section.

    Set the correct encoding for the commands sent to CMS.

    Configure a POST command for Web Bridges with url parameter set to cms.example.com:

    Set the required parameters for each WebBridge: guest access, secure entry mode, etc.

    So, we have configured database, Call Bridge and XMPP clusters, as well as Web Admin service. We have also connected Call Bridge to XMPP and performed the Web Bridge configuration.

    In the last part of the article, we’ll finish discussing the details of CMS clustered deployment and configuration.

    Read also:

    This article is a translation of a guide originally created by S. Dubinin, Telecommunications Specialist - https://habr.com/ru/post/434240/

    Cisco Meeting Server Cluster: Scalability and Resilience deployment with meeting recording - PART 1

    In this article, we’ll go into the details of CMS deployment in a failover cluster.

    Theoretics

    Basically, there are 3 types of CMS deployment:

    • Single Combined with all services running on a single server. In most cases, this deployment type is only applicable for systems with internal clients, or for small environments with scalability and redundancy restrictions not being crucial, or for the situation when CMS only carries out certain functions, such as CUCM special conferences.
      Approximate working scheme:
    • Single Split extends the previous deployment type with a separate server for external access. In outdated deployments this meant having CMS server deployed in DMZ (demilitarized zone) where external clients can access it, and another CMS server in core layer for the local clients. This specific deployment model is being replaced with so-called Single Edge type with Cisco Expressway servers that have (or will have) most firewall bypassing techniques, so clients won’t have to add a separate CMS edge server.
      Approximate working scheme:
    • Scalable and Resilient type includes redundancy for each component, so the system can grow along with your needs up to the maximum capacity, providing redundancy in case of a failure. It also uses Single Edge conception to provide safe external access. This is the type we are going to discuss here. If we know how to deploy this type of cluster, not only will we understand other deployment types, but we also will be able to understand how to create CMS server clusters taking into account the potential requirement increases.

    Before we discuss the deployment, we should clarify some basic ideas.

    Basic CMS Program Components

    • Database: helps to combine some configurations, such as subscriber groups, user spaces and users. Supports high availability clustering only (one master).
    • Call Bridge: audio and video conferencing service that implements full control and processing of calls and multimedia processes. Supports high availability and scalable clustering.
    • XMPP server: controls registration and authentication for the clients that use Cisco Meeting Application and/or WebRTC (real-time communication, used in browser), and intercomponent signaling. Supports high availability clustering only.
    • Web Bridge: provides WebRTC access for the clients.
    • Load balancer: provides a unified connection point for Cisco Meeting Applications in Single Split mode. It listens on an external interface and port for incoming connections. The load balancer also accepts incoming TLS connections from an XMPP server and transfers incoming TCP connections from external clients. It won’t be used in our scenario.
    • TURN server: provides firewall bypassing technique that allows launching our CMS behind a Firewall or NAT with external clients using Cisco Meeting App or SIP devices. It won’t be used in our scenario.
    • Web Admin: administration interface and API access (for Unified CM special conferences as well).

    Configuration Approaches

    Unlike most Cisco products, Cisco Meeting Server supports 3 configuration approaches, allowing you to perform any deployment type:

    • Command line interface (CLI), also known as MMP, can be used for initial configuration and certificate management.
    • Web admin: mostly for Call Bridge-related configuration tasks, especially for the configuration of a single non-clustered server.
    • REST API: for the most complicated configuration tasks and for clustered database-related tasks.

    Besides that, you can use SFTP protocol for transferring files, including licenses, certificates and logs, to/from your CMS server.

    Practice

    Cisco deployment guides say in cold print that in the context of databases, a cluster must consist of 3 nodes at least, since the new database Master selection mechanism can only work with an odd number of nodes:

    Note: It's recommended to have an odd number of DB cluster nodes as it is important for the master selection and the active failover mechanism. Another reason for this is that the master DB node would be the node that has connections to the most of the DB in the cluster. You can have a maximum of 5 nodes in a DB cluster.

    Indeed, as practice shows, 2 cluster nodes are not enough. The master selection snaps into action at the Master reset, and a Slave server becomes Master only after a rebooted server launches. However, if a Master server goes down in a cluster of two servers, then the Slave won’t become a Master. And if the Slave goes down, then the remaining Master will become a Slave, too.

    Speaking of XMPP, a cluster should consist of 3 servers, indeed. If you stop XMPP service on the server that has XMPP in Leader status, then XMPP will stay in Follower status on the remaining server, and Call Bridges will be disconnected, because a Call Bridge can only connect to XMPP with Leader status. And this is critical, because no calls will go through.

    These deployment guides also show a cluster with a single XMPP server.

    In view of the aforementioned, it’s clear: it works in failover mode.

    In our case, XMPP server will be running on all three nodes.

    Suppose that all three servers are up.

    DNS Records

    Before we proceed to the servers’ configuration, the following A and SRV DNS records must be created:

    Record typeRecordDescription

    A

    servername-01.example.com
    servername-02.example.com
    servername-03.example.com
    Resolving the name of each server in our cluster into its IP address.
    A join.example.com
    join.example.com
    join.example.com
    Three identical records resolved into the corresponding servers’ IP addresses. Users can enter this DNS name in a browser to access a conference from web.

    SRV

    _xmpp-client._tcp.conf.example.com
    _xmpp-client._tcp.conf.example.com
    _xmpp-client._tcp.conf.example.com
    Three identical records referring to A records: servername-0x.example.com, allowing the servers’ port 5222. Cisco Meeting App clients use these records to find XMPP server.

    SRV

    _xmpp-component._tcp.conf.example.com
    _xmpp-component._tcp.conf.example.com
    _xmpp-component._tcp.conf.example.com
    Three identical records referring to A records: servername-0x.example.com, allowing the servers’ 5223 port. Call Bridges use these records to detect XMPP server, if it is not defined explicitly.

    Note that our DNS records have 2 domains: example.com and conf.example.com. Example.com can be used in URIs by all subscribers of Cisco Unified Communication Manager (which most likely is or will be used in your infrastructure). Or: example.com is the same domain that is used for email addresses. Or: Jabber client on your notebook can have the following URI: user@example.com.

    Conf.example.com is the domain to be configured for all Cisco Meeting Server users. The Cisco Meeting Server domain will be conf.example.com, and Jabber users should use user@conf.example.com URI to log it to Cisco Meeting Server.

    Basic Configuration

    The configuration process will be described for a single server, but it should be performed for each server in a cluster.

    QoS

    Since CMS produces real-time traffic that is sensitive to delays and packet loss, in most cases it’s recommended to set up quality of service (QoS). CMS supports marking packets with DSCP (differentiated services code points). DSCP-based traffic prioritizing depends on the way the traffic is processed by the network components in your infrastructure. We are going to configure our CMS with typical DSCP prioritizing that is based on best QoS practices.

    Enter the following commands on each server:

    dscp 4 multimedia 0x22
    dscp 4 multimedia-streaming 0x22
    dscp 4 voice 0x2E
    dscp 4 signaling 0x1A
    dscp 4 low-latency 0x1A

    So, all video traffic will be marked with AF41 (DSCP 0x22), all voice traffic will be marked with EF (DSCP 0x2E), other low-latency traffic types, such as SIP and XMPP, will be marked with AF31 (DSCP 0x1A).

    Let’s check:

    NTP

    Not only is network time protocol (NTP) important for providing precise timestamps for the calls, but also for certificate verification.

    Use the following command to add your NTP servers:

    ntp server add <server>

    In our case, there are two of them, so the command will be executed twice.

    Let’s check:

    Set the time zone for your server.

    DNS

    Use the following command on CMS to add DNS servers:

    dns add forwardzone <domain-name> <server ip>

    In our case, there are two of them, so the command will be executed twice.

    Let’s check:

    Network Interface Configuration

    Use the following command to create a network interface:

    ipv4 <interface> add <address>/<prefix length> <gateway>

    Let’s check:

    Hostname

    Use the following command to set the hostname:

    hostname <name>

    Then reboot the system.

    The basic configuration is over.

    Certificates

    Theoretics

    Cisco Meeting Server uses an encrypted connection between different components, therefore X.509 certificates are required for all CMS deployments, so servers and services know if they can trust each other.

    Each service needs a certificate, but creating a separate certificate for each service may lead to confusion and excessive complexity. Fortunately, we can generate a public and private certificate key pair and then use it for several services. In our case, one and the same certificate will be used for Call Bridge, XMPP server, Web Bridge and Web Admin. So, we only have to create a public/private key pair for each server in a cluster.

    Database clustering, however, has special requirements to the certificates, so it needs separate certificates that are different from the other services’ certificates. CMS utilizes a server certificate that is similar to other servers’ certificates, but there also is a client certificate to be used for database connections. Database certificates are used for authentication and encryption both. Instead of providing a username and password to connect a client to the database, it provides a client certificate that is trusted by the server. Each server in a database cluster uses one and the same public/private key pair. So, any server in a cluster can create encrypted data that can be decrypted by any other server that uses the same key pair.

    In order for reservation to work properly, a database cluster should consist of three servers at least and five at most, with maximum signal transmission time of 200 ms between any two nodes. This limit is more restrictive than Call Bridge limits, so it usually becomes the limiting factor in geographically distributed deployments.

    CMS database role has several specific requirements. Unlike other roles, it requires client and server certificates, with client certificate having the CN field specified to be presented to the server.

    CMS uses postgres database with one main server and several identical replications. Every single moment there is only one main database (“database server”). Other nodes are replications or “database clients”.

    A database cluster requires a dedicated server certificate and a client certificate. They must be signed, usually by an internal private CA. Since any node in a database cluster can become the main one, the certificates for database server and client (public/private key pairs) must be copied on each server, so it can become a database client or server. Besides that, the root CA certificate must be uploaded, so the client and server certificates can be verified.

    Certificate Requests

    So, use the following command to create a certificate request for all server services except database (it will require a separate request):

    pki csr hostname CN:cms.example.com
    subjectAltName:hostname.example.com,example.com,conf.example.com,join.example.com

    CN should contain the common name of our servers. For example, if the hostnames are: server01, server02, server03, the CN should be server.example.com.

    Do the same for both other servers with the corresponding hostnames used in commands.

    Create two request for the certificates that will be used by the database service:

    pki csr dbclusterserver CN:hostname1.example.com
    subjectAltName:hostname2.example.com,hostname3.example.com

    pki csr dbclusterclient CN:postgres

    where dbclusterserver and dbclusterclient are the names of our request and future certificates, and hostname1(2)(3) are the corresponding server names.

    Perform this procedure on one server only, and upload the certificates and corresponding .key files to the other servers.

    Enable AD CS to Issue “Client and Server” Certificates

    Merge Certificates

    Merge all servers’ certificates into one file:

    In *NIX:

    cat server01.cer server02.cer server03.cer > server.cer

    In Windows/DOS:

    copy server01.cer + server02.cer + server03.cer server.cer

    And upload the following files to each server:

    • The server's certificate.
    • Root certificate (with intermediate ones if they exist).
    • Database certificates (“server” and “client” ones) and .key files that have been created upon the request for “server” and “client” database certificates. These are the same files for all servers.
    • All servers’ certificates.

    You should get a similar set of files on each server:

    In the next part of this article we’ll continue discussing the details of CMS clustered deployment.

    Read also:

    This article is a translation of a guide originally created by S. Dubinin, Telecommunications Specialist - https://habr.com/ru/post/434240/

    CUCM Backup and Recovery via Command Line

    Cisco Unified Communications Manager (CUCM) graphic interface has a Disaster Recovery System (DRS) for backup creation and system restore. But sometimes GUI is unavailable, for example, because of network problems. In this case, backup and restore can be performed via CLI. In this article, we’ll tell you how to do that.

    Backup Creation

    Before this procedure you have to configure a SFTP server to store the CUCM backup there.

    First of all, add a server to store the backup. Execute the following command:

    utils disaster_recovery device add network [backup_device_name path] [server_name/ip_address] [username] [number_of_backups]

    • backup_device_name – name of the device to store the backup;
    • path – path to the backup on this device;
    • server_name/ip_address – hostname or IP address of the device;
    • username – username to be used to access the server;
    • number of backups – number of backups to be created.

    After this command, you’ll be prompted to enter the password for the accessing user (in our case the user is ccmadmin):

    admin: utils disaster_recovery device add network backupdevice ./ 10.20.30.123 ccmadmin
    Please enter password to connect to network server 10.20.30.123:****
    drfCliMsg: Backup Device has been saved successfully.

    Use the following command to make sure the backup device has been successfully added:

    utils disaster_recovery device list

    You should see the device you have added:

    admin:utils disaster_recovery device list
    Device Name    Device Type    Device Path
    --------------------------------------------------------------
    backupdevice    NETWORK    ./

    Wonderful! Now you can perform the backup. Use the following command:

    utils disaster_recovery backup network [featurelist] [path] [backup_device_name] [username]

    • backup_device_name – the hostname or IP address of the device where the backup will be stored;
    • username – username to be used to access the server;
    • featurelist – the list of features for the copy;
    • path – path to the archive.

    To show the list of features available for backup, use the following command:

    utils disaster_recovery show_registration [servername],

    where servername specifies the server for which you want to display the information.

    admin:utils disaster_recovery backup network UCM,CDR_CAR,PLM backupdevice
    drfCliMsg: Backup initiated successfully. Please run 'utils disaster_recovery status backup' command to see the status

    Done! To check the backup status, enter:

    utils disaster_recovery status backup

    admin:utils disaster_recovery status backup

    Status: SUCCESS :Backup Completed...
    Tar Filename: 2019-10-12-04-21-37.tar
    Storage Location: NETWORK
    Operation: backup
    Percentage Complete: 100
    PLM CCM01 ELM-AGENT SUCCESS Sat Oct 12 04:17:25 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_b_ ccm01_plm_elm-agent.log
    PLM CCM01 ELM-SERVER SUCCESS Sat Oct 12 04:17:26 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_b_ ccm01_plm_elm-server.log
    CDR_CAR CCM01 CAR SUCCESS Sat Oct 12 04:17:27 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_b_ ccm01_cdr_car_car.log
    UCM CCM01 BAT SUCCESS Sat Oct 12 04:19:23 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_b_ ccm01_ucm_bat.log
    UCM CCM01 CCMPREFS SUCCESS Sat Oct 12 04:19:25 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_b_ ccm01_ucm_ccmprefs.log
    UCM CCM01 PLATFORM SUCCESS Sat Oct 12 04:19:30 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_b_ ccm01_ucm_platform.log
    UCM CCM01 TCT SUCCESS Sat Oct 12 04:19:34 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_b_ ccm01_ucm_tct.log
    UCM CCM01 SYSLOGAGT SUCCESS Sat Oct 12 04:19:35 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_b_ ccm01_ucm_syslogagt.log
    UCM CCM01 CDPAGT SUCCESS Sat Oct 12 04:19:36 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_b_CCM01_ucm_cdpagt.log
    UCM CCM01 CLM SUCCESS Sat Oct 12 04:19:37 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_b_ ccm01_ucm_clm.log
    UCM CCM01 CCMDB SUCCESS Sat Oct 12 04:19:37 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_b_ ccm01_ucm_ccmdb.log
    UCM CCM01 TFTP SUCCESS Sat Oct 12 04:21:37 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_b_ ccm01_ucm_tftp.log
    UCM CCM01 ANN SUCCESS Sat Oct 12 04:21:33 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_b_ ccm01_ucm_ann.log
    UCM CCM01 MOH SUCCESS Sat Oct 12 04:21:34 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_b_ccm01_ucm_moh.log

    That's it, the backup is ready!

    Recovery Procedure

    To recover CUCM configuration from a backup, first of all, check the backup files available of the remote server:

    admin:utils disaster_recovery show_backupfiles backupdevice
    2019-10-12-04-21-37
    2018-12-25-21-52-19

    Select the required backup and enter the following command:

    admin:utils disaster_recovery restore network 10.20.30.123 2019-10-12-04-21-37 backupdevice
    drfCliMsg: WARNING! There are nodes in current production cluster but NOT present in the backup. These nodes will be removed if you restore the Publisher. If you want to keep these nodes, you will need to manually re-add them after the restore.
    Do you want DRS to perform a SHA-1 File Integrity Check of your backup archives y/n ?(n) : y
    Please enter the comma seperated features you wish to restore. Valid features for server CCM01 are PLM,CDR_CAR,UCM:PLM,CDR_CAR,UCM
    Do you want to restore database from the subscriber y/n ?(n) : n
    drfCliMsg: Restore initiated successfully. Please run 'utils disaster_recovery status restore' command to see the status
    ALERT: Please restart the server(s) before performing the next restore for changes to take effect. In case of a cluster, restart the entire cluster.

    Now check the recovery status:

    admin:utils disaster_recovery status restore

    Status: SUCCESS :Restore Completed...
    Tar Filename: 2019-10-12-04-21-37.tar
    Storage Location: NETWORK
    Operation: restore
    Percentage Complete: 100
    CDR_CAR CCM01 CAR SUCCESS Sun Oct 13 11:20:15 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_r_ccm01_cdr_car_car.log
    PLM CCM01 ELM-AGENT SUCCESS Sun Oct 13 11:24:34 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_r_ccm01_plm_elm-agent.log
    PLM CCM01 ELM-SERVER SUCCESS Sun Oct 13 11:24:34 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_r_ccm01_plm_elm-server.log
    UCM CCM01 BAT SUCCESS Sun Oct 13 11:25:06 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_r_ccm01_ucm_bat.log
    UCM CCM01 CCMPREFS SUCCESS Sun Oct 13 11:37:06 CEST 2019 activelog/platform/drf/log/2019-10-12-15-20-01_r_ccm01_ucm_ccmprefs.log
    UCM CCM01 PLATFORM SUCCESS Sun Oct 13 11:37:13 CEST 2019 activelog/platform/drf/log/2019-10-12-15-20-01_r_ccm01_ucm_platform.log
    UCM CCM01 TCT SUCCESS Sun Oct 13 12:11:10 CEST 2019 activelog/platform/drf/log/2019-10-12-15-20-01_r_ccm01_ucm_tct.log
    UCM CCM01 SYSLOGAGT SUCCESS Sun Oct 13 12:14:19 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_r_ccm01_ucm_syslogagt.log
    UCM CCM01 CDPAGT SUCCESS Sun Oct 13 12:14:39 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_r_ccm01_ucm_cdpagt.log
    UCM CCM01 CLM SUCCESS Sun Oct 13 12:17:03 CEST 2019 activelog/platform/drf/log/2019-10-12-04-21-37_r_ccm01_ucm_clm.log
    UCM CCM01 CCMDB SUCCESS Sun Oct 13 12:17:05 CEST 2019 activelog/platform/drf/log/2019-02-16-04-21-37_r_ccm01_ucm_ccmdb.log
    UCM CCM01 TFTP SUCCESS Sun Oct 13 12:25:12 CEST 2019 activelog/platform/drf/log/2019-02-16-04-21-37_r_ccm01_ucm_tftp.log
    UCM CCM01 ANN SUCCESS Sun Oct 13 12:26:38 CEST 2019 activelog/platform/drf/log/2019-02-16-04-21-37_r_ccm01_ucm_ann.log
    UCM CCM01 MOH SUCCESS Sun Oct 13 12:26:39 CEST 2019 activelog/platform/drf/log/2019-02-16-04-21-37_r_ccm01_ucm_moh.log

    What are you missing in Cisco Meeting Server?

    This post is to list some of the gaps of Cisco Meeting Server highlighted by our customers migrating from Cisco TelePresence Server to Meeting Server and partners who deploy Cisco videoconferencing solutions. 


    1) UI to configure users and spaces
    As you know most of the configuration options are only available via CMS API 

    2) Camera snapshots in conference control
    The Cisco Meeting Manager tool does not provide camera snapshots. See CMM 2.6 user guide for video operators for more.

    3) Monitoring and reporting tool
    CMS servers provide API and CDR records but no native reporting tool is available.

    4) Lecture mode with hand raising
    There used to be a native lecture more for Telepresence Server conferences. Though there are guides about how to configure it with API (see https://kb.acano.com/content/9/68/en/how-do-i-set-up-%E2%80%9Clecture-mode%E2%80%9D.html) the hand raising feature is missing.

    5) UI to access meeting recordings
    CMS can record meetings (special license is required) but it only stores recording on a NFS. No interface to play recordings, manage access rights etc.

    6) Ad-hoc meetings with automatic dial-out
    Lots of clients want to start a meeting with a push of a button and have a predefined list of participants to be dialed and joined automatically.

    7) Streaming Server
    CMS meetings can be streamed to a predefined IP, but you have to deploy some 3rd party media streaming engine to capture it and broadcast to users.

    If you feel something major is missing in this list, please give us a shout.

    Integration of Cisco Meeting Server with CUCM 11 – PART 3


    The last part is about SIP trunking, сonference bridge, route patterns and users.

    SIP trunk security profile

    Now create a SIP trunk security profile.

    If the calls won’t be encrypted, select the values specified below. Enter Call Bridge certificate CN (your CMS server FQDN).

    Check Accept Replaces Header if you are going to use conference call bridges.

    Conference Bridge

    Create a Conference Bridge as described below. Enter username and password of the user with appadmin role (we have created this user in the very beginning).

    Create a Media Resource Group and add your Conference Bridge there.

    Create Media Resource Group List and add your Media Resource Group there.

    Proceed to Standard SIP Profile For TelePresence Conferencing and make sure that Allow iX Application Media, Use Fully Qualified Domain Name in SIP Requests, and Allow Presentation Sharing use BFCP options are checked.

    SIP Trunk

    Now create a SIP Trunk to CMS server.

    You should set the correct Calling Search Space, so calls will be successful. Otherwise, CMS won’t be able to find the required phone number. Both the device and the phone number have to be added to the Calling Search Space.

    Media Resource Group List — select the one you have created.

    SRTP Allowed flag allows encrypted calls. You can disable it.

    SIP Information > Destination address — enter your CMS FQDN or IP address.
    SIP Information > Destination Port — standard SIP port is 5060, 5061 is for encrypted calls.
    SIP Trunk Security Profile — select the one you have created.
    SIP Profile — select Standard SIP Profile For TelePresence Conferencing
    Normalization Script — don’t set. It is only needed for encrypted calls. Set cisco-telepresence-conductor-interop if you are using encryption.

    Pay attention to the green marked parameters. You should gain an understanding of Calling Search Spaces to fill them correctly.

    Leave other fields with default values.

    SIP Route Pattern

    Create a SIP Route Pattern for calls to SIP addresses like smith.j@example.com

    Check CMS and CUCM:

    The trunk is up.

    However, the Conference Bridge is down due to the difference in TLS versions on CUCM and CMS. This issue can be solved by TLS 1.0 installation on CMS:

    tls webadmin min-tls-version 1.0
    webadmin restart

    Check the Conference Bridge:

    Our configuration is being performed on trunks without Media Termination Point (MTP).
    Disable MTP if it won’t affect your services.

    Disbling MTP can affect your services if your phones use SCCP protocol and you have to send DTMS to CMS.

    If this is true for your services, you may have to increase MTP capacity on CUCM depending on the number of simultaneous calls.

    Importing Active Directory Users

    Now import the users from Active Directory.

    Proceed to Configuration -> Active Directory, fill out the fields (see the figure below).

    Filter is a very important field. You can enter your own filter or use the filter shown on the picture.

    Look through the logs.

    Everything is right.

    Proceed to Status -> Users to make sure that all users have been imported.

    Availability check

    We got to the best part.

    To perform a call, access the web interface: cms.example.com
    Enter an Active Directory user login and password to log in.

    Now let’s check a video call from an IP Phone (we are using Cisco E20) to our user account.

    I have web and desktop Cisco Meeting clients running, and both are calling.

    You can also test the video call from your user account to IP Phone. In our case, the video call was successful in both directions.

    Encrypted calls can bring in some complications, but that’s a story for another day.

    See also:

    Read also:

    This article is a translation of a guide originally created by S. Dubinin, Telecommunications Specialist - https://habr.com/ru/post/433528/

    Integration of Cisco Meeting Server with CUCM 11 – PART 2


    Part 2 explains call settings, Incoming and Outbound calls configuration, spaces and CUCM certificates

    Basic Call Settings Configuration

    Proceed to Configuration > Call settings and set the values as given below:

    Incoming Call Handling Configuration

    Proceed to Configuration > Incoming calls and set the values as specified below:

    This configuration determines the way of incoming SIP calls handling on CMS. Any call routed to CMS will have a verified alias. The rules in call matching table determine where CMS will look for potential matches. Each rule can be set to match any combination of users, IVR or MicrosoftSkype / Lync. To handle incoming calls, Cisco Meeting Server tries to match the value after "@" sign with the values in “domain name” column.

    Outbound Call Handling Configuration

    Proceed to Configuration > Outbound calls.
    Domain name: leave empty (to match all domains)
    SIP Proxy to use: enter your CUCM FQDN (IP address is admissible, but FQDN is recommended)
    Local contact domain: leave empty, it is only needed for Skype for Business SIP Trunk configuration.
    Local from domain: enter Cisco Meeting Server SIP domain (e.g. cms.example.com)
    Trunk type: Standard SIP
    Behavior: Continue
    Priority: 1
    Encryption: Auto or Unencrypted
    Click Add New to save the changes.

    Space Creation

    Create a space where the users will be stored.

    Proceed to Configuration > Spaces

    The Secondary URI should be a E.164 value compatible with your dial plan that will be routed to CMS. The CallID can be any number that is not used yet. In this example we use the same value as for Secondary URI.

    Configure Web Bridge for Call Bridge

    To allow guest access to Web Bridge, configure Call Bridge to set Web Bridge address.

    Proceed to Configuration > General

    Configure a HTTPS CMS URL address for a guest account. For example:
    meetingserver.example.com

    Fill External Access field if you want to add Cisco Expressway web proxy. This address will be used in invites for external users.

    CUCM Certificates

    Perform the requests for Tomcat (CUCM web server) and CallManager services.
    Proceed to Cisco Unified OS Administration > Security-Certificate Management and click Generate CSR.

    First, select Tomcat in the Certificate Purpose field, so you won’t get errors in your browser.

    Click Generate.

    Then select CallManager, so CMS and CUCM will check each other’s certificates for Conference Bridge registration.

    Click Generate.

    Now download the certificate signing request files for CA.


    Upload root and intermediate certificates for Tomcat-trust and CallManager-trust, either one by one (root certificate first) or as a single file (as described above).

    Click Upload.

    Upload the CA certificate files formed upon your request.

    Now restart Cisco Tomcat, Cisco CallManager and Cisco TFTP services.

    Restart Cisco Tomcat from the command line.

    The other ones can be restarted from web interface.


    Click Restart and wait for the services to be restarted.

    Read also:

    This article is a translation of a guide originally created by S. Dubinin, Telecommunications Specialist - https://habr.com/ru/post/433528/

    Integration of Cisco Meeting Server with CUCM 11 – PART 1


    The first part covers network settings, CMS License and Certificates, Call Bridge, Web admin, XMPP, Web Bridge.

    This article is about CMS (Cisco Meeting Server) and its integration with CUCM (Cisco Unified Communications Manager).

    Suppose that CMS and CUCM have already been deployed on virtual machines.

    Before the configuration, make the following preparations:

    • Create a DNS record for CMS IP address with an alias to be used by end users. For example:
      meetingserver.example.com
    • XMPP Domain Name: the name that will be used to log in to Cisco Meeting App. In our case, it will be the user’s sAMAccountName, imported from Active Directory.
    • To support Cisco Meeting App users, add a DNS SRV record for XMPP domain name. SRV record for _xmpp-client._tcp.<xmpp domain> needs TCP port 5222.
    • Note: you don’t need this if you use the desktop application only.
      SIP domain for the meeting server.

    Suppose you are using a sub-domen, for example, meet.example.com.

    IP address, mask, gateway, DNS, NTP, new user

    First of all, enter the valid IP address of your service (CMS has several interfaces, select the first one: "a";).

    Add DNS addresses for your zone (if needed). Use "dns" command to check the configuration.

    Set CMS hostname and reboot.

    It’s recommended to create separate administrator accounts for safety purposes. «Admin» account is not safe enough. Besides that, it’s recommended to have 2 administrator accounts in case you lose one of the administrator passwords. In this situation, you’ll still be able to log in as the second administrator and reset the lost password.

    Username: «root», role: «admin».

    Getting ahead of it, create another user with role "appadmin", so CUCM will be able to configure CMS on application level via Web Admin interface (i.e. for Conference Bridge registration).

    Now set your NTP server and timezone and reboot.

    CMS License and Certificates

    Now you have to form a request for CMS certificates.

    Cisco Meeting Server services use x.509 certificates for TLS connections and for some authentication purposes. In our case, the certificate is needed for Call Bridge, XMPP, Web Bridge and Web Admin services. Certificates can be self-signed or signed by internal or external CA.

    Self-signed certificate is admissible, but not recommended, as it causes errors on web pages and prevents registering CMS Conference Bridge on CUCM.

    Generate a request:

    pki csr Cert CN:example.com subjectAltName:callbridge.example.com,xmpp.example.com,webbridge.example.com

    Since we are using one certificate for all services, AltName should contain this services’ names.

    Download, install and run WinSCP to get your request file and to put the license file on your CMS server.

    To get the license (a 90-days demo version), apply to some Cisco partner and piteously ask for a demo license for education or demonstration purposes, or buy a full license and add your interface MAC address to your piteous letter.

    Get the MAC address with the following command: "iface a"

    Suppose you get lucky and obtain the license file with .lic extension. Rename it to "cms.lic"

    Now run WinSCP. Create a connection to CMS.

    Connect:

    Save cms.lic and Cert.csr to CMS.

    To create a full chain certificate file (because our CMS won’t use .p7b file), do the following:

    In a command line:

    a. In UNIX OS: cat “intermediate certificate 1” “intermediate certificate 2” “intermediate certificate 3” “root certificate” > ca-bundle

    b. In Windows/DOS: copy “intermediate certificate 1” + “intermediate certificate 2” + “intermediate certificate 3” + “root certificate” ca-bundle

    Use WinSCP to load the resultant file and the CMS certificate file to CMS.

    Reboot, check the license:

    Call Bridge, Web admin, XMPP, Web Bridge

    Call Bridge

    Configure Call Bridge to listen on a interface:

    callbridge listen a

    Configure Call Bridge to use the certificate, key and CA bundle files:

    callbridge certs <keyfile> <certificatefile> <ca bundle>

    Restart callbridge:

    callbridge restart

    Web Admin

    Setup Web Admin service:

    webadmin listen a 445

    Port 445 has been chosen because 443 is already used for web access.
    Configure the certificate files for Web Admin service:

    webadmin certs <keyfile> <certificatefile> <ca bundle>

    And turn it on:

    webadmin enable

    If everything is right, you'll get SUCCESS messages telling about Web Admin certificate and network parameters being correctly configured. To check if the service is available, enter the web administrator address in your web browser, for example: cms.example.com:445

    XMPP

    Setup XMPP service:

    xmpp listen a

    Configure the certificate files for XMPP service:

    xmpp certs <keyfile> <certificatefile> <ca bundle>

    Set XMPP deployment domain:

    xmpp domain <domain name>

    Turn the service on:

    xmpp enable

    Check CMS and CUCM:

    Add Call Bridge to XMPP server:

    xmpp callbridge add

    Copy the Secret and paste it to XMPP server settings, configure the other parameters (see the figure below)

    Web Bridge

    Setup Web Bridge service:

    webbridge listen a:443

    Configure the certificate files for Web Bridge service:

    webbridge certs <keyfile> <certificatefile> <ca bundle>>

    Web Bridge supports HTTPS. If it is configured to use httpredirect, then HTTP will be redirected to HTTPS. To enable HTTP redirection, use the following command:

    webbridge http-redirect enable

    Use the following command to make Web Bridge trust Call Bridge connections with the certificate previously issued by a certification center:

    webbridge trust <certfile>

    Read also:

    This article is a translation of a guide originally created by S. Dubinin, Telecommunications Specialist - https://habr.com/ru/post/433528/

    Is Cisco going to discontinue all its software communication tools except Webex Teams?

    1. Cisco Jabber transforms to Teams.

    With Cisco Jabber 12.7 release Cisco announced the "Modern Design view" which mirrors the look and feel of Webex Teams user interface.

    They say the strategy is to unify its collaboration portfolio to simplify the experience for users and IT administrators.

    Ok, but at the same time...

    2. Webex Teams App is now available for on-prem deployments with Cisco UCM

    The new "Calling in Webex Teams" solution lets you register Webex Teams to the on-prem Cisco UCM (Enterprise, BE 6000/7000, or HCS partner solution).

    Here are the details - https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cloudCollaboration/wbxt/ucmcalling/unified-cm-wbx-teams-deployment-guide/unified-cm-wbx-teams-deployment-guide_chapter_01.html

    Will it just replace Cisco Jabber in couple of years?

    3. Webex Teams and Webex Meetings are getting merged

    Until recently Webex Teams and Webex Meetings were separate products relying on different cloud platforms.

    Now Cisco brings them closer together - https://searchunifiedcommunications.techtarget.com/news/252465007/Cisco-unifies-Webex-calling-messaging-and-meetings

    4. Cisco IP communicator, my love, reaches its end of life

    And even more... The end-of-sale and end-of-life dates are announced for Cisco IP Communicator.

    5. Is Cisco Meeting App next?

    Now rumors are that Cisco Meeting App which is the software endpoint for Cisco Meeting Server is also going away soon.

    If this is really going to happen, guess what will the replacement be?

    CUCM SIP CUBE: Manipulations with INVITE Field

    Some SIP providers prefer to work with INVITE field, while CISCO CUBE traditionally works with From: and To: fields.

    Let’s take MSN provider as an example.

    An incoming call header looks like this:

    In this case, login is 48879800, and it is contained in INVITE field only.

    Cisco translation-profile and translation-rule can only operate with numbers, and the complex header in To: field complicates the situation.

    You can use sip-profiles to copy the number from INVITE field to To: field.

    The structure should be the following:

    voice service voip
      sip
        sip-profiles inbound
    !
    voice class sip-profiles 10
        request INVITE sip-header SIP-Req-URI copy "sip:(.*)@" u01
        request INVITE sip-header To modify ".*@(.*)" "To: voice translation-rule 10
      rule 1 /^48879800$/ /1401/
    !
    voice translation-rule 20
      rule 1 /^8\(..........$\)/ /+7\1/
    !
    !
    voice translation-profile ITSP_Incoming
      translate calling 20
      translate called 10
    !
    dial-peer voice 1 voip
      description incoming from MCN-1
      translation-profile incoming ITSP_Incoming
      session protocol sipv2
      session target sip-server
      incoming called-number 48879800
      voice-class codec 1
      voice-class sip profiles 10 inbound
      voice-class sip bind control source-interface GigabitEthernet0/0/0.300
      voice-class sip bind media source-interface GigabitEthernet0/0/0.300
      dtmf-relay rtp-nte digit-drop
      no vad
    !
    dial-peer voice 500115 voip
      description To CUCM
      preference 5
      destination-pattern 48879800
      session protocol sipv2
      session target ipv4:10.7.20.251
      voice-class codec 1
      voice-class sip bind control source-interface GigabitEthernet0/0/1.200
      voice-class sip bind media source-interface GigabitEthernet0/0/1.200
      dtmf-relay rtp-nte digit-drop
      ip qos dscp cs3 signaling
      no vad
    !

    Then the number 48879800 can be sent to CUCM.

    In the end, the call will look like this:

    CUCM DRS Management Using Command Line

    Command Line Recovery

    Hello! In a recent article we have shown you how to create a backup for Cisco Unified Communications Manager (CUCM) using Disaster Recovery System (DRS). Today we'll discuss backup and recovery in command line interface (CLI) that can be used when it’s impossible to use graphical interface.

    Backup Creation

    First of all, select the device to store the backup (SFTP server). Execute the following command:

    utils disaster_recovery device add network [devicename path] [server_name/ip_address] [username] [number_of_backups]

    • devicename – name of the device to store the backup;
    • path – path to the backup;
    • server_name/ip_address – hostname or IP address of the device where the backup will be stored;
    • username – username to be used to access the server;
    • number_of_backups – number of backups to be created (optional). The default value is 2;

    Example:

    admin: utils disaster_recovery device add network networkDevice /root 192.168.1.1 root 3

    The following command shows the list of devices:

    utils disaster_recovery device list

    Now create a backup copy:

    utils disaster_recovery backup network [featurelist] [path] [servername] [username]

    • featurelist – the list of features for the copy, separated by comma;
    • path – path to the archive;
    • servername – the hostname or IP address of the device where the archive will be stored;
    • username – username to be used to access the server;

    The following command shows the feature list:

    utils disaster_recovery show_registration

    Check the backup status:

    utils disaster_recovery status backup

    Recovery

    First of all, check whether there are backup files on SFTP server:

    utils disaster_recovery show_backupfiles [name]

    • name – the name of backup device;

    Select a backup file from the list:

    utils disaster_recovery restore network [restore_server] [tarfilename] [devicename]

    • restore_server – the hostname or IP address of the device where the archive will be stored;
    • tarfilename – backup file name;
    • devicename – the name of backup device;

    Example:

    utils disaster_recovery restore network 192.168.1.1 2019-05-15-15-35-28 networkDevice

    When asked if you really want to restore the system, say “y”.

    Now check the system recovery status:

    utils disaster_recovery status restore

    Integrating Cisco UCCX with a Database Using a Script

    If you have UCCX (Cisco Unified Contact Center Express) premium license, one of the best features is possible integration and requests to database. These requests can use any information provided by the caller, or the caller’s number, etc.

    It’s very important to create a reasonable initial script design and to take the server load into account. Big and heavy scripts with many database handles increase the load greatly. If the DB is on a remote server and there is a net lag, it may influence your business and the calling client's loyalty.

    CISCO UNIFIED CCX SCRIPT EDITOR Review

    There is a special tool in UCCX to create and manage IVR scripts: Cisco Unified CCX Editor. Here you can manage visual blocks responsible for this or that action. It looks like this:

    Let’s look at the Database section. It has 4 items:

    • DB Get – map the data from DB to the script variables;
    • DB Read – connect to the server and send a request;
    • DB Release – close the connection with DB;
    • DB Write – use Write method if changes in DB are required;

    On the screenshot above, you can see that each script begins with Start event and ends with End event. As the script is being executed during a call, we can perform as many DB requests as we need. Each request has its own sequence of steps that are listed above.

    We recommend you to test all SQL requests, access to the system and other factors before releasing to the enterprise environment.

    As an example, let's look into DB Read block:

    These fields are available for configuration:

    • DB Resource Name – marker of the request;
    • Data Source Name – data source specified in UCCX console (Cisco Unified CCX Administration Database);
    • Timeout (in sec) – request execution timeout. This timeout protects your system from database disconnection. If you set it to 0, the request won’t have any time limitations;

    Now proceed from General tab to Field Selection:

    • Write the SQL request you want to execute. For example: SELECT fld1, fld2 from tbl where fld1 = $variable – select two fields from the table, where the first field’s value is equal to a variable that we have initialized earlier in our script.
    • Test (button) – click this button to check the request syntax and the database connection;
    • Number of rows returned – number or rows returned by the request after the Test button was clicked;
    • Show all fields (select table/view) – show all fields of the used tables;

    Now let’s look into DB Get block:

    • DB Resource Name – label or name of this request;
    • Data Source Name – database name (configured in Cisco Unified CCX Administration panel);
    • Refresh Database Schema (button) – click this button to load database data and tables to CCX Editor;

    Proceed to Field Selection tab:

    • Table/View – name of the DB table that was selected on General tab (see above);
    • Table fields:
    • Field Name – field name in the selected table;
    • Data Type – data type (string/number, etc.);
    • Local Variable – script variable that will store the corresponding field value;
    • Add/Modify (buttons) – buttons responsible for field modification (except for data type, which is read-only);

    The obtained data can be used in the script, for example, to vocalize (using TTS) the client’s phone number or the entered digits (e.g. order number).

    Deprecated Cisco IP Phones in CUCM 14

    Remember this mess with several tens of Cisco IP phones available on the market (not counting video endpoints)?
    There were:

    • old-school 7900 series,
    • intermediate 6900, 8900 and 9900 models,
    • newly introduced 7800 and 8800 IP phones,
    • finally some experiments like 3905, Android-based DX650 etc

    So these times are over.

    For the past couple of year Cisco step by step cleaned up the IP phones portfolio: In Cisco Unified Communications Manager 11.5 they deprecated 7902, 7905, 7910, 7912, 7920, Conference Station 7935.
    The following models were deprecated in Cisco UCM 12 - wireless IP Phone 7921, 7970 and 7971.

    And now the MAJOR CLEANUP is coming with Cisco Unified Communications Manager, Release 14 affecting CUCM 14, Cisco BE 6000 / 7000.

    Just take a look. The phone models to be deprecated in Release 14 are:
    - Cisco Unified SIP Phone 3911
    - Cisco Unified SIP Phone 3951
    - Cisco Unified IP Phone 6911
    - Cisco Unified IP Phone 6921
    - Cisco Unified IP Phone 6941
    - Cisco Unified IP Phone 6945
    - Cisco Unified IP Phone 6961
    - Cisco Unified IP Phone 7906G
    - Cisco Unified IP Phone 7911G
    - Cisco Unified Wireless IP Phone 7925
    - Cisco Unified Wireless IP Phone 7925G-EX
    - Cisco Unified Wireless IP Phone 7926
    - Cisco Unified IP Phone 7931
    - Cisco Unified IP Conference Station 7936
    - Cisco Unified IP Conference Station 7937G
    - Cisco Unified IP Phone 7940
    - Cisco Unified IP Phone 7941
    - Cisco Unified IP Phone 7960
    - Cisco Unified IP Phone 7961
    - Cisco Unified IP Phone 7985
    - Cisco Unified IP Phone 8941

    If you are using any of these phone models and you upgrade to Release 14, you will not be able to use these phones after the upgrade.

    After you switch over to CUCM 14, registration of these phone models will be blocked.

    So, better check the phones you use and plan the migration to 7800 and 8800 series in advance.

    Field notice from Cisco - https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/trouble/14_0_1/fieldNotices/cucm_b_deprecated-phones-14.html

    Enabling Cisco UCM CDR Collection

    Yes, CUCM can collect CDR (Call Detail Record). This article will show you how to enable this feature (disabled by default).

    Enabling CDR

    Open Cisco Unified CM Administration interface:

    Proceed to System → Service Parameters and select the following parameters:

    • Server — select the node to be manipulated,
    • Service — select Cisco CallManager (Active).

    In the Parameters section that appears, find System and select:

    • CDR Enabled Flag * — True. This parameter indicates the call manager to create and store CDR records for each call passing through this UCM;
    • CDR Log Calls with Zero Duration Flag * — True. Enabling this parameter makes the server save the unsuccessful calls and calls that were shorter than 1 second (helpful for troubleshooting).

    Don’t forget to apply the changes. Repeat this actions for each node in a cluster (if you have more than one server in System → Service Parameters → Server menu).

    Additional configuration

    Now let’s explore advanced parameters. On the configuration toolbar, click Advanced:

    Select the following options:

    • Call Diagnostics Enabled – Enabled Only When CDR Enabled Flag is True. This parameter switches on so-called Call Management Records (CMR), which are very helpful for troubleshooting;
    • Display FAC in CDR – True. This parameter indicates whether Forced Authorization Code (FAC) should be displayed in CDR. Generally, this parameter depends on your security policies. We chose to display it;
    • Show Line Group Member DN in finalCalledPartyNumber CDR Field – True. Briefly, this parameter shows DN (directory number) of the group member that answered a call, instead of the group’s number;
    • Show Line Group Member Non Masked DN in finalCalledPartyNumber CDR Field – basically, the same as the previous one.

    Open Cisco Unified Serviceability page, proceed to Tools → CDR Analysis and Reporting section. Now you can select CDR tab to use Search or export the data. Enjoy!

    CUCM 12.5 and CUBE - media forking to multiple recorders simultaneously

    For years call recording software vendors all over the world utilized network-based recording to record CUCM phone calls. The “network-based” approach is also known as “active recording” or “SPAN-less recording” and is actually based on media-forking feature supported by the most of Cisco IP phones and also Cisco Unified Border Element (CUBE).

    The media forking approach is loved by all call recording vendors:

    • it is easy to configure – you just enable it in CUCM without the need to create a SPAN port on each router,
    • it provides more context about the call,
    • it provides high-availability – you can configure several receivers in CUCM and when the primary recorder is down CUCM automatically switches to the alternative.

    But still, till now Cisco IP phones and CUBE only forked media to one destination. This is finally changed in Cisco CSR 12.5!

    Cisco Collaboration Systems Release 12.5 (Callisto) supports media forking to multiple destinations.

    Media forking to multiple recorders is a new CUBE feature supported by IOS XE 16.10.1 or later. What’s the idea?

    The new CUBE feature is called “media-proxy” and allows CUBE to receive media forked by Cisco IP phones (equipped with built-in bridge) or voice gateway and stream the received media to several destinations simultaneously in real-time. You can configure up to 5 destinations which will receive the forked media.

    This provides:

    • more options and flexibility to high-availability deployments – you can now record calls by 2 recorders simultaneously (will be supported in the next release of PhoneUP Call Recording),
    • the ability to use several applications processing media in real time – for example, two different call recording systems AND real-time speech analytics software.

    The requirements are:

    • Cisco Unified Communications Manager 12.5
    • Cisco IOS XE 16.10.1 available on:
      • Cisco 4000 Series-Integrated Services Routers (ISR G3 - ISR4331, ISR4351, ISR4431, ISR4451)
      • Cisco Aggregated Services Routers (ASR - ASR1001-X, ASR1002-X, ASR1004 with RP2, ASR1006 with RP2)
      • Cisco Cloud Services Routers (CSR1000V series)

    What is also important:

    • CUBE media-proxy does not support colocation with CUBE,
    • video recording is NOT supported also.

    Cisco Meeting Server (CMS) and Skype for Business (Lync) Integration – Basics and Hints

    On S4B front-end server, configure a trusted application and routing. Execute the following commands in PowerShell:

    • New-CsTrustedApplicationPool -Identity cms.vc.domain.com -ComputerFqdn cms.vc.domain.com -Registrar S4BFE.domain.com -Site 2 -RequiresReplication $false -ThrottleAsServer $true -TreatAsAuthenticated $true
    • New-CsTrustedApplication -Applicationid cms -TrustedApplicationPoolFqdn cms.vc.domain.com -Port 5061
    • New-CsStaticRoutingConfiguration -Identity "Service:Registrar:S4BFE.domain.com"
    • $route = New-CsStaticRoute -TLSRoute -Destination "cms.vc.domain.com" -Port 5061 -MatchUri "vc.domain.com" -UseDefaultCertificate $true
    • Set-CsStaticRoutingConfiguration -Identity "Service:Registrar:S4BFE.domain.com" -Route @{Add=$route}
    • Set-CsMediaConfiguration -MaxVideoRateAllowed Hd720p15M
    • Enable-CsTopology

    On CMS proceed to Configuration\General and enter the S4B front-end server address and the username to be used to register.

    In General Incoming Calls section, enter the CMS local domain name.

    In General\Outbound Calls, enter the domain names to be called from Cisco Meeting. To allow calls to any domains, leave the Domain field empty. It will be set to ⟨match all domains⟩.

    The Local From Domain field contains different domain names to be used to call domain.com and other domains. Calls from CMS will be transferred to the domains federated with yours in Skype for Business. However, it can be possibly configured differently. The last step is to configure encryption in General\Call Settings section.

    That’s it. Now your Cisco Meting App clients and Skype for Business (Lync) clients should be able to call each other.

    HINT: Limitation of the number of registrations in Skype for Business

    During one of our conferences, we faced a limitation of the number of external Skype for Business participants. New participants would just disconnect, never visiting the room.

    After talking to specialists, we decided to increase the number of CMS registrations on S4B servers.

    First of all, we created 5 AD users for CMS and registered these accounts in Skype for Business. The accounts meet the following template: username[1-9]. So, to increase the number of participants up to 5, you should create 5 users: username1, username2, username3, username4 and username5, and add corresponding accounts to S4B.

    Then you should enter the required number of registrations in CMS configuration:

    After this simple manipulation you shouldn't face this kind of limitation anymore.

    Disaster Recovery System in Cisco UCM

    Evading disasters

    In this article we study the Cisco Unified Communications Manager (CUCM) failure recovery system that is called Disaster Recovery System (DRS). You can use it to create system backups stored on SFTP server to be used for system recovery, if needed.

    DRS includes the following components:

    • Cisco Unified Communications Manager database (CCMDB), including Cisco Unified Communications Manager/CDR Analysis and Reporting/Call Detail Records);
    • Platform;
    • Music On Hold (MOH);
    • BAT Bulk Provisioning Service (BPS);
    • CCM Preference Files (CCMPREFS);
    • TFTP Phone device files (TFTP);
    • SNMP Syslog Component (SYSLOGAGT SNMP);
    • SNMP CDP Subagent (CDPAGT SNMP);
    • Trace Collection Tool (TCT);
    • Cluster Manager (CLM);
    • Cisco Extended Functions (CEF);

    Configuration

    First of all, you have to deploy an SFTP server to create a backup. Cisco recommends using such clients as Cygwin, Titan FTP, GlobalSCAPE EFT, but you can use other clients as well. Download a client of your choice, install it on the workstation that will use an SFTP server, configure the connection parameters, select the root directory and run the service.

    Now open the CUCM configuration page. Select Disaster Recovery System in a dropdown menu in the upper right corner.

    Then proceed to Backup → Backup Device and click Add New. In the form that appears, enter the backup name in Backup device name field. Select Network Directory in Select Destination section and enter the SFTP server IP address in Host name/IP address field. Enter the user credentials in User name and Password fields. Enter the path to store the data in Path name field (type ’’\’’ if the data should be stored in the root directory). Then click Save. If the SFTP server is available, you’ll see the message: Update Successful.

    Now you can create a backup. Open Backup → Manual Backup, select the previously chosen backup parameters and click Start Backup.

    To create a backup schedule, proceed to Backup → Scheduler and click Add New. Select a backup, enter the time of archiving and click Save. Then click Enable Schedule at the top of the screen.

    Let’s look into system recovery, which is called Restoring a Node or Cluster to a Last Known Good Configuration (No Rebuild). To restore the system from a previously created backup, proceed to Disaster Recovery System → Restore → Restore Wizard. Select Backup Device, then click Next and choose one of the available files.

    Select the features to be restored.

    Then select the servers and click Restore.

    The system recovery will begin. You can see the current recovery status here: Disaster Recovery System → Restore → Status. After the system is restored, you’ll have to reboot the server. You can check the replication status using either CUCM Unified RTMT (Call Manager → Database Summary → Replication Status, the status should be same for all the nodes) or CUCM Unified Reporting (Unified Reporting → System Reports → Unified CM Database Status, look for “All servers have a good replication status” line), or through CLI (execute the following command: utils dbreplication status to get “No Errors or Mismatches found. Replication status is good on all available servers” as the result).

    Connecting THIRD PARTY SIP to CUCM

    Hello! In this article, we’ll tell you how to connect Third Party SIP Phones (i.e. other vendors’ phones and softphones that support RFC3261) to Cisco Unified Communications Manager (CUCM). As an example, we’ll use a popular free softphone named X-Lite.

    CUCM Configuration

    First of all, create a user in CUCM.

    Proceed to User Management → End User. Provide the following information:

    • User ID
    • Password (not used in X-Lite, but should be specified)
    • PIN (not used in X-Lite)
    • Last Name
    • Digest Credentials (this field is used as a password in X-Lite)

    Now add a SIP Phone. To do this, proceed to Device → Phone and click Add. Select Third-party SIP Device in the Phone Type field. Basic option only supports a single line, Advanced supports up to 8 lines.

    Now fill out the following fields:

    • MAC Address – enter a unique address (if you are using X-Lite, enter any address, because it won’t be used for authorization);
    • Device Pool – Default;
    • Phone Button Template – Third-party SIP Device;
    • Security Device Profile – standard Third-party SIP Device Profile;
    • SIP Profile – standard SIP Profile;
    • Owner User ID and Digest User – the End User we have created;

    Then click Save and proceed to the phone configuration screen. Click Line [1] – Add a new DN and fill the Directory Number field with the number to be used. Go back to User Management → End User, find the created user and check whether the SIP Phone is listed in the Controlled Devices field. If it's not listed, click Device Association and select the SIP Phone we have created. It should appear in the Controlled Devices list.

    Softphone Configuration

    Open X-Lite and proceed to Account Settings menu.

    Fill out the following fields:

    • Display Name – the name to be displayed in X-Lite;
    • User Name – Directory Number (DN) in CUCM;
    • Password – Digest Credentials in CUCM;
    • Authorization user name – User ID in CUCM;
    • Domain – CUCM server address;

    Now click OK. The softphone should be registered.

    How to Record CUCM (CallManager) Calls

    CUCM call recording is one of the most popular topics in the world of Cisco Unified Communications. For companies that deployed Cisco Unified Communications Manager there are several approaches to phone call recording offered by a dozen of Cisco Solution Partners.

    Which one to choose and why? Let’s consider briefly.

    Call Recording Methods

    • SPAN-based recording (“passive recording”) – is one of the oldest methods of CUCM voice recording. This type of recording software connects to the SPAN (Switched Port Analyzer) port to monitor all network (or VLAN only) traffic and pick out the VoIP packets to store them as audio files.
    • Built-in Bridge recording (“BIB recording”) – is the approach that uses the conference bridge embedded in almost each Cisco IP phone (and Cisco Jabber for Windows as well). With the proper CUCM configuration a Cisco IP phone forks the phone call audio streams to the CUCM recording software that mixes these streams and saves to the audio file.

    In the beginning of 2011 Cisco introduced its own recording platform Cisco MediaSense. This solution records audio streams forked by Cisco IP Phones (BIB-recording) or (this is important!) Cisco ISR routers.

    Why is it important? Along with Cisco MediaSense Cisco released the new IOS ( Cisco ISR router firmware) that supports the media forking capability. Supplied with this feature, the Cisco gateway can fork the media of conversations to the recording server.

    Which leads us to the 3rd method:

    • CUBE recording – the same as BIB-recording, but the media is forked by Cisco CUBE (the software that runs on Cisco ISR router). If Cisco MediaSense can receive and store forked audio streams, why 3rd party recorders cannot?

    So, what method to use and which solution to choose for Cisco CallManager recording?

    Choosing the Call Recording Approach

    Improve the MediaSense user experience with free PhoneUP promo-license which includes MediaSense Gateway module for unlimited number of seats.

    Use BIB recording for all endpoints with built-In bridge on board. Without doubts this is the most reliable approach which also provides the more detailed info about a call.

    Use CUBE recording for recording the other media (3rd party SIP devices, analogue phones connected with the voice gateway, CTI-ports, etc.) if your Cisco router supports media forking.

    Use SPAN in all other cases, for example – when you don’t have a forking CUBE or you need to record internal calls of endpoints without BIB (the voice traffic is not going through the Cisco gateway).

    Choosing the Recording Server

    If you have to use the SPAN-recording method you are forced to choose a CUCM recording 3rd party solution.

    If IP phone built-in bridges and CUBE can fork everything you need to record, then Cisco MediaSense looks like quite a tempting choice. But from the users’ perspective it only provides a very simple “Search and Play” web-interface - a password-protected web page with call recordings list and basic search capabilities. It is enough for small installations, but most of deployments need a 3rd party call recording solution that integrates with Cisco MediaSense and provides the more convenient user interface with additional features like access rights management, advanced search capabilities and so on.

    Some of call recording software vendors added the Cisco MediaSense connector to their solutions. This allows using a 3rd party call recording app to manage Cisco MediaSense recordings and provide users with the rich-featured interface.

    CUCM 12: What’s New?

    Recently Cisco has released the 12th version of Cisco Unified Communications Manager. In this article, we’ll tell you about 5 main features included in the 12th release.

    Mixed (Hybrid) Installation Support

    It’s 2018, and cloud solutions are getting more and more integrated into business, becoming a part of infrastructure race. Cisco keeps up, with its unified communication solutions being based on a cloud platform named Cisco Hosted Collaboration Solution (HCS).

    It’s important to notice that the 12th CUCM release supports mixed architecture, so a CUCM instance deployed on a company’s own servers and a CUCM instance in a cloud can communicate with each other without any complications.

    This architecture helps to perform internal calls in the corporate environment where the CUCM instance is deployed.

    Unsupported phones

    Planning to upgrade to CUCM 12? Note that the following phones won’t be supported since 12.0:

    • 7905
    • 7970G
    • 7921G
    • 7935
    • 7902
    • 7910
    • 30 VIP
    • 12 SP+
    • 7912
    • 7920
    • 7971G-GE
    • 7910SW

    New Licensing Technologies

    CUCM 12 doesn’t support the traditional Product-Activation Key (PAK) licensing technology. Instead, Cisco runs Smart Software Licensing, with licenses being associated with a Cisco account, not with a specific device.

    IPV6 Support

    The 12th version makes it possible to have IPv6-only PBX installation.

    TLS Version Definition

    What TLS should be used? Which version is safer? This topic tends to be arguable. Cisco engineers decided to end this holy war. With CUCM 12, you can choose which TLS version to use for selected UC devices to communicate: TLS 1.0, 1.1 or 1.2.

    SCCP (Skinny Client Control Protocol)

    Today we’ll tell you about Cisco Systems’ proprietary protocol named SCCP – Skinny Client Control Protocol. It was created for corporate phone networks based on Cisco products, such as:

    • IP Phone series 7900
    • Cisco IP Communicator softphones
    • Cisco Unified Communications Manager
    • Cisco Unity

    Notice that there’s another protocol with the same abbreviation: Signaling Connection and Control Protocol (SCCP). However, this protocol belongs to Signaling System №7 (CCSS7), while SCCP (Skinny Client Control Protocol) works in TCP/IP stack.

    In VoIP, SCCP occupies the same place as SIP, H.323 and MGCP and performs the same functions. However, unlike all the listed protocols, SCCP has much easier syntax and requires less processing power.

    Like most VoIP protocols, SCCP was designed for exchange of signaling messages between client and server during call establishment and call termination.

    SCCP doesn’t take part in audio data transfer, there’s another protocol for this purpose: RTP (Real-Time Transport Protocol). It’s also important to note that SCCP doesn’t use RTCP (Real-Time Transport Control Protocol) that transfers diagnostic information about the current connection. SCCP has its own mechanism for this purpose.

    As mentioned above, SCCP has very simple syntax. You can easily define the exact status of the current connection by any message header. This makes SCCP very convenient for trouble shooting. The well-known TCP (Transmission Control Protocol) port 2000 is used for SCCP messages transmission.

    A connection via SCCP can’t be discussed without a server (usually CUCM). SCCP has a great number of messages to be sent to server for every single reason in order to get a guide to action. It looks like this:

    • IP Phone: StationInit: Someone picked up the receiver
    • Server: StationD: Turn on the buzzer
    • Server: StationD: Show “Enter the phone number” message on the screen
    • IP Phone: StationInit: Beginning to call the subscriber, the first digit of the number is “4”
    • IP Phone: StationInit: The second digit is “7”

    Each event is being registered until the server receives a message saying the receiver has been hung up.

    Notice that SCCP messages are being sent to client and server both, so there are identifiers that define the message source: StationInit if client is the source; StationIniD if server is the source. So, any call performed inside a corporate network can be traced in detail.

    Here’s an example of some SCCP messages:

    • 0x0000 - Keep Alive Message – a message sent from server to client immediately after the registration
    • 0x0001 - Station Register Message – a request for registration on server
    • 0x0002 - Station IP Port Message – UDP port number for an RTP session (sent by a client)
    • 0x0006 - Station Off Hook Message – a phone picked up (sent by a client)
    • 0x0099 - Station Display Text Message – shows “Enter the number” message on the screen
    • 0x0082 - Station Start Tone Message – turns the buzzer on
    • 0x27 - Station Soft Key Event Message (new call/end call) – if it's the start of a call, this message contains the first digit of the subscriber’s number. It can also contain middle digits and a request to drop the connection (call end)
    • 0x107 - Station Connection Statistics Request Message – a request for diagnostic information (delays, media packet loss, jitter buffer, accepted and sent packets, etc.) sent by a client. This mechanism makes up for the RTCP absence

    You can see that each MessageID describes the corresponding event, so reading SCCP traces is usually a straightforward process.

    It’s also important to note that some voice solutions developing companies, such as Digium, SocketIP and Symbol Technologies, have added SCCP support in their products.

    Packet Sniffing in Cisco UCM

    Hello! In this article, we’ll tell you how to capture packets on Cisco phones connected to Cisco Unified Communications Manager (CUCM).

    Packet capture is useful for troubleshooting. This article will show you how to do this by connecting a phone to PC via the built-in PC port. In this case, the copy of the traffic coming to the phone’s SWITCH port will be forwarded to PC port (sometimes this is called mirroring). You can obtain these packets with any traffic-sniffing software.

    Connecting and Configuring Cisco IP Phone

    First of all, let’s connect up the Cisco IP phone. The phone’s back panel has several ports. Find the port named SWITCH and plug the switch cable here. Connect the port named PC to the network adapter on your PC.

    Now proceed to your CUCM, select Device → Phone and find your phone. In the Product Specific Configuration Layout section, find PC Port parameter and select Enabled. Then find Span to PC Port and select Enabled. Some phones do not have Span to PC Port parameter, in this case all data is automatically forwarded to the PC port.

    Now open your packet sniffer (WireShark, for instance), select the network interface the phone is connected to, and click Start.

    That’s it! Now you can start analyzing packets.

    Cisco UCM PBX database tables overview

    This article describes the practical details of handling the databases in Cisco Unified Communications Manager (CUCM) PBX and Voice Operating Systems (VOS) in general.

    The article is recommended for engineers with more than a year’s CUCM administration experience.

    In 2006, when CUCM 5.0.1 (the first VOS-based version) was released, IBM Informix Database was chosen for a configuration storage.

    The database contains a few hundred tables that contain the dialing plan as well as the configuration data for the phones, gateways and users. An administrator can use Tomcat web server to make changes in the database tables. It’s highly recommended not to use SQL requests to modify the data directly.

    Technical support engineers often have to create SQL SELECT requests to obtain the required information and export it in text format. I’ll briefly describe the table types and give examples of the most frequently used requests.

    Note that since version 7.0 when the main PBX process starts, the database configuration is being copied into RAM (in-memory database, IMDB) to speed up. The main process (Cisco Call Manager) basically uses the data from IMDB instead of the database tables.

    We would mark out a few types of database tables for VOS products:

    • type (dictionary)
    • system
    • dynamic
    • functional
    • mapping

    This classification is to be used for educational purposes only.

    We recommend to copy the output of SQL commands to Notepad++ or a similar text editor to look through it.

    Type tables

    The contents of «type» tables are being created during the system installation and cannot be altered by the administrator or users. These tables contain data formatted as key-value and can be referred by the tables of other types.

    A few examples are given below. The first one (typemodel) shows the list of phone models supported by a specific CUCM version.

    admin:run sql SELECT enum,name,moniker FROM typemodel WHERE enum IN ('110','90','131','437','493')
    enum name moniker
    ==== ======================= ================
    110 Media Termination Point MODEL_MTP
    90 Route List MODEL_ROUTE_LIST
    131 SIP Trunk MODEL_SIP_TRUNK
    437 Cisco 7975 MODEL_CISCO_7975
    493 Cisco 9971 MODEL_Cisco_9971
    ...

    The following example shows the types of entries in the enumeration order:

    admin:run sql SELECT enum,name FROM typepatternusage
    enum name
    ==== ======================================
    0 CallPark
    1 Conference
    2 Device
    3 Translation
    4 Call Pick Up Group
    5 Route
    ...

    The protocols supported on Cisco UCM server:

    admin:run sql SELECT enum,name FROM typedeviceprotocol
    enum name
    ==== ============================
    0 SCCP
    1 Digital Access PRI
    2 H.225
    3 Analog Access
    4 Digital Access T1
    5 Route Point
    6 Unicast Bridge
    7 Multicast Point
    8 Inter-Cluster Trunk
    9 RAS
    10 Digital Access BRI
    11 SIP
    12 MGCP
    ...

    System tables

    System tables are the ones like typetableinfo, typefieldinfo, treecontrolgroupnodes.

    The first two tables form the database schema, describing the tables and their fields. The third one stores web server pages.

    admin:run sql SELECT enum,tablename FROM typetableinfo
    enum tablename
    ==== ================================
    1 Device
    ...
    13 DevicePool
    ...
    18 H323Device
    22 MediaMixer
    24 NumPlan
    ...
    46 TypeDeviceProtocol
    ...
    77 DeviceNumPlanMap
    79 TypeModel

    Dynamic tables

    The contents of dynamic tables can be altered by a system administrator as well as by the end users (which actually happens more often). The users can utilize such features as Call Forwarding, DND (do not disturb), hunt group, extension mobility and other. The current call forwarding status for a selected user’s line number is stored in the database along with all the other parameters.

    The following request shows all the line numbers (it happens to be a single line 1411) with unconditional forwarding (CFA) to the line 5000.

    admin:run sql SELECT c.pkid,c.cfadestination,n.dnorpattern line,n.fkroutepartition pt,c.datetimestamp FROM callforwarddynamic c INNER JOIN numplan n ON n.pkid==c.fknumplan WHERE c.cfadestination='5000'
    pkid cfadestination line pt datetimestamp
    ==================================== ============== ==== ==== =============
    7ded9e18-f706-4d7b-8f96-aa54fa3898c6 5000 1411 NULL 1493195338

    Configuration tables

    The last type of tables is for storing the current system configuration. It can only be altered by the system administrator.

    This request shows all phone numbers configured by the administrator, i.e. phone routing table.

    admin:run sql SELECT pkid,dnorpattern num,fkroutepartition pt,tkpatternusage FROM numplan
    pkid num pt tkpatternusage
    ==================================== =========== =========== ==========================
    00ee7548-6ac0-1828-0b6c-d542d63f445a 1110 NULL 2
    87398763-efa2-8a8c-9693-745300db3b72 134X NULL 5
    f2856fc5-dcbe-1a7a-f4dc-a7685d4ac0cd 1411 NULL 2
    a4dd3b81-dc2e-8b59-6ae1-032f5df8e829 1461 NULL 2
    fb0471f2-01d0-2a2a-f1cc-d45b16bb5573 5111 NULL 7
    7916b98d-3974-6e8e-5dc8-6e1aa4ec6ecd 1120 NULL 2
    2c30de37-cf1d-6060-dc0c-7e2959e34c9a 5102 NULL 2
    4d3de192-6692-37d5-aaad-63cfc5cfdd24 1100 NULL 2
    a16d29ba-b0c0-c0cf-35ec-63abbaa38009 1011 NULL 2

    Another example that shows the list of configured devices: phones, SIP trunks, CTI Route Points and media resources.

    admin:run sql SELECT pkid,name,tkmodel,tkdeviceprotocol proto FROM device WHERE pkid NOT IN ('7248bc9-53a8-4940-90df-1a2335c76a72','1ecbc4f3-eef3-45c5-9be1-7756bbdf1bd8','59765051-833a-435d-9d9d-783eab0297a6','27abd0a0-c549-4656-9f96-67c8308f610c','07248bc9-53a8-4940-90df-1a2335c76a72')
    pkid name tkmodel proto
    ==================================== ==================== ======= =====
    ee4c9f70-ea2b-45d5-8ffe-31fb4e9681a6 MTP_2 110 6
    0d874bc4-c7bc-4949-a140-58e640d94629 CFB_2 50 6
    47bb29fe-4e71-4dd9-b057-4520c1b6c548 ANN_2 126 0
    f1c32bf7-e309-47db-931c-a6219a0c792a MOH_2 70 0
    474729f0-f3da-ffcd-d289-271f441445a3 std-hl 90 0
    2633e474-b883-4cbe-8f07-3a7dddd4f7bc SEP005056996F7E 30016 0
    9f86b82f-89c4-72bd-c04b-a24cc3adaee8 7962-em-5102 404 0
    d76b4ce1-3da3-cd1c-6f07-841fdc3302e0 ICM-TR-Trig1380 73 0
    34de5b13-d98a-47f6-a35b-9427c1c2f5eb SEPA45630BB07AF 437 0
    5a358a31-80b7-6a8a-cfe3-487624d49a09 ICM_RP_1120 73 0
    4f03ff2f-d89a-415b-8262-2d775230dddc SEPA45630BB06F9 437 0
    36f07a4d-74f8-2ee0-5779-460caa1ed923 SEP0024142DDF24 437 0
    87655d65-0317-5ac1-1a4e-7a7bbc1b278f ccx15_1464 72 0
    00984b02-3c20-46ae-aa5d-bd3ed3b2179d ccx15_1465 72 0
    3e17cd58-1731-cfb8-92b2-707f4b34b8ab ccx215_1460_aa 73 0
    0aa53d21-b192-436d-8d56-f77cd508fca5 SEPA45630BB0387 437 0

    Mapping tables

    Mapping tables can be mentioned as a sub-type. They are necessary for associating lines with phones and users with phones, and in some other cases as well.

    Here’s an example of an association based on keys. Note the device id (fkdevice) and the number if (fknumplan) and compare with the output of the commands above.

    admin:run sql SELECT pkid,fkdevice,fknumplan FROM devicenumplanmap WHERE fkdevice='34de5b13-d98a-47f6-a35b-9427c1c2f5eb' AND fknumplan='f2856fc5-dcbe-1a7a-f4dc-a7685d4ac0cd'
    pkid fkdevice fknumplan
    ==================================== ==================================== ====================================
    018ab5e8-9218-48ef-a55d-9dcc84ec8f81 34de5b13-d98a-47f6-a35b-9427c1c2f5eb f2856fc5-dcbe-1a7a-f4dc-a7685d4ac0cd

    Here’s an example of the same association that’s more convenient for the administrator. There’s a phone with MAC A45630BB07AF. The phone’s 1st line is associated with the line 1411 in partition NULL.

    admin:run sql SELECT m.pkid,d.name device,n.dnorpattern line,m.numplanindex pos,p.name FROM devicenumplanmap m INNER JOIN device d ON d.pkid=m.fkdevice INNER JOIN numplan n ON n.pkid=m.fknumplan LEFT JOIN routepartition p ON p.pkid=n.fkroutepartition WHERE n.dnorpattern LIKE '%1411%'
    pkid device line pos name
    ==================================== =============== ==== === ====
    018ab5e8-9218-48ef-a55d-9dcc84ec8f81 SEPA45630BB07AF 1411 1 NULL

    Frequently used requests

    Below you can find a few helpful SQL requests that can be used to analyze different problems.

    Show all phone lines with their current call recording parameters:

    admin:run sql select rd.pkid,n.dnorpattern,n.fkroutepartition AS pt,trec.name AS recflag from recordingdynamic AS rd INNER JOIN devicenumplanmap AS mdn ON mdn.pkid==rd.fkdevicenumplanmap INNER JOIN numplan AS n ON n.pkid==mdn.fknumplan INNER JOIN typerecordingflag AS trec ON trec.enum==rd.tkrecordingflag WHERE rd.pkid!='4ef381b2-ff24-47f9-bdb2-022b7e8fcaf9'
    pkid dnorpattern pt recflag
    ==================================== =========== ==== ================================
    c5611b10-c5d4-4365-b55c-23edb300fbbb 101X NULL Call Recording Disabled
    f52ea03c-fffe-4787-a4d6-b070a580ce4e 5035 NULL Call Recording Disabled
    c6c3263e-281c-4bb4-b75b-e5ad8fef0506 5034 NULL Automatic Call Recording Enabled
    88d28cd8-0580-46cb-a523-724f69dd9998 3014 NULL Automatic Call Recording Enabled

    Show the current CUCM logging parameters:

    admin:run sql select ts.name,p.servername,p.enable AS traceon,p.tracelevel,p.numfiles,p.maxfilesize,p.numlines,p.numminutes from processnodeservice AS p INNER JOIN typeservice AS ts ON ts.enum==p.tkservice
    name servername traceon tracelevel numfiles maxfilesize numlines numminutes
    ================================================= ============ ======= ========== ======== =========== ======== ==========
    Cisco CallManager 10.48.47.143 t 1 1 2 10000 1440
    Cisco CallManager 10.48.47.136 t 127 1 2 10000 1440
    Cisco Tftp 10.48.47.143 t 127 1 2 10000 1440
    Cisco Tftp 10.48.47.136 t 127 1 2 10000 1440

    The phones subscribed to XML services:

    admin:run sql select mt.pkid,d.name as device,mt.servicename,mt.fktelecasterservice from telecastersubscribedservice as mt INNER JOIN device as d ON d.pkid==mt.fkdevice
    pkid device servicename fktelecasterservice
    ==================================== ==================== =========== ====================================
    ab11d152-fdba-0cc6-a6dc-b6658e8a8ae7 7962-em-5102 EM 49ce7246-de87-1eb4-e768-ddc34f2b9ccf
    a2c8399c-89a0-3169-d914-93eebaceb948 SEPA45630BB07AF FIPPA dbb3533c-7301-8175-7e03-616b9e4f100f
    491a4ec1-2d4b-c2b0-93c4-edf97df84c09 milnagy 8861 Profile EM 49ce7246-de87-1eb4-e768-ddc34f2b9ccf

    The following request may help to solve certificate issues.

    admin:run sql select c.pkid,c.servername,c.ipv4address,c.serialnumber,tctr.name AS role,tsc.name AS type,c.subjectname,c.issuername,c.timetolive from certificate AS c INNER JOIN certificatetrustrolemap as ctr ON ctr.fkcertificate==c.pkid INNER JOIN certificateservicecertificatemap AS sc ON sc.fkcertificate==c.pkid INNER JOIN typecertificateservice AS tsc ON tsc.enum==sc.tkcertificateservice INNER JOIN typetrustrole AS tctr ON tctr.enum==ctr.tktrustrole
    pkid servername ipv4address serialnumber role type subjectname issuername timetolive
    ==================================== ========== ============ ====================================== ================================ ================= ================================================================================================================================================ ====================================================================================================================================================================== ==========
    9e045d3a-be58-6e75-690e-0086541b1632 ucm11-1 10.48.47.143 360000005923e9c225e8f6d963000100000059 CallManagerTFTP CallManager CN=ucm11-1.allevich.local,OU=TAC,O=Cisco,L=Krakow,ST=Malopolskie,C=PL CN=allevich-DC12-CA,DC=allevich,DC=local NULL
    9e045d3a-be58-6e75-690e-0086541b1632 ucm11-1 10.48.47.143 360000005923e9c225e8f6d963000100000059 CallManagerTFTP CallManager-trust CN=ucm11-1.allevich.local,OU=TAC,O=Cisco,L=Krakow,ST=Malopolskie,C=PL CN=allevich-DC12-CA,DC=allevich,DC=local NULL
    9e045d3a-be58-6e75-690e-0086541b1632 ucm11-1 10.48.47.143 360000005923e9c225e8f6d963000100000059 CallManagerTFTP Phone-SAST-trust CN=ucm11-1.allevich.local,OU=TAC,O=Cisco,L=Krakow,ST=Malopolskie,C=PL CN=allevich-DC12-CA,DC=allevich,DC=local NULL
    9e045d3a-be58-6e75-690e-0086541b1632 ucm11-1 10.48.47.143 360000005923e9c225e8f6d963000100000059 SAST CallManager CN=ucm11-1.allevich.local,OU=TAC,O=Cisco,L=Krakow,ST=Malopolskie,C=PL CN=allevich-DC12-CA,DC=allevich,DC=local NULL
    9e045d3a-be58-6e75-690e-0086541b1632 ucm11-1 10.48.47.143 360000005923e9c225e8f6d963000100000059 SAST CallManager-trust CN=ucm11-1.allevich.local,OU=TAC,O=Cisco,L=Krakow,ST=Malopolskie,C=PL CN=allevich-DC12-CA,DC=allevich,DC=local NULL
    9e045d3a-be58-6e75-690e-0086541b1632 ucm11-1 10.48.47.143 360000005923e9c225e8f6d963000100000059 SAST Phone-SAST-trust CN=ucm11-1.allevich.local,OU=TAC,O=Cisco,L=Krakow,ST=Malopolskie,C=PL CN=allevich-DC12-CA,DC=allevich,DC=local NULL
    9e045d3a-be58-6e75-690e-0086541b1632 ucm11-1 10.48.47.143 360000005923e9c225e8f6d963000100000059 TFTP CallManager CN=ucm11-1.allevich.local,OU=TAC,O=Cisco,L=Krakow,ST=Malopolskie,C=PL CN=allevich-DC12-CA,DC=allevich,DC=local NULL

    We hope this information will be useful, and not only to Cisco technical support engineers.

    Configuring Dialed Number Analyzer in CUCM

    This article tells about the Dialed Number Analyzer in Cisco Unified Communications Manager (CUCM). Why do you need it? Suppose you are configuring a complicated dial plan on your server. There are CSS, Partitions, Route Groups, Route Lists, Route Patterns, etc. How should you test it to find mistakes? Here comes the Dialed Number Analyzer. It helps you to analyze a dial plan and gives the full call flow information for the dialed digits.

    Configuration

    First of all, proceed to the Cisco Unified Serviceability menu → Tools → Service Activation. Now check Cisco Dialed Number Analyzer and click Save.

    Now proceed to Tools → Dialed Number Analyzer, or open the following URL: https://[cm-machine]/dna. In the window that appears, open Analysis → Analyzer.

    Here you should fill out three fields:

    • Calling Party – the caller’s phone number for the test call;
    • Dialed Digits – the dialed digits;
    • CSS – Calling Search Space for the test phone.

    After that, click Do Analysis. You will see what happens to a call under the specified conditions.

    To analyze gateways, phones and trunks separately choose Gateway, Phone or Trunk in the Analysis menu.

    Time of the Day Routing in CUCM

    This article is about routing in Cisco Unified Communications Manager (CUCM). Today’s topic is Time of the Day routing. This feature helps you to distribute calls depending on the time of day and day of the week. For example, you can forbid international calls during nonworking hours and on weekends, and reroute intercity calls to a different trunk for this time period.

    Time of Day Routing can be used together with CSS, Partitions and routing technologies like Route Pattern and Route List/Route Group.

    If you are going to use it with Partitions, specify the required time period in Time Schedule and link it to a partition. This partition will only be active during the specified time period. For the rest of the time it will stay invisible.

    To manage routing depending on the time, create several Partitions and set their priority using the CSS list (the first partition on the list has the highest priority). Then create several Route Patterns and put them into different partitions.

    Configuration

    First of all, configure time periods. Proceed to Call Routing → Class of Control → Time Period and click Add New. Enter the name for your time period, start and end time, time zone and repetition parameters. Click Save.

    Now create a time schedule. Proceed to Call Routing → Class of Control → Time Schedule and click Add New. Fill out the Name field, click Save. Then the Time Period Information field will appear. Select the required time periods.

    Now configure partitions. Proceed to Call Routing → Class of Control → Partition, select a partition to edit (or create a new one). Select the Time Schedule you have created.

    Proceed to Call Routing → Class of Control → Class of Control and move your partitions to a CSS. A partition’s priority depends on its position on the list.

    Then add partitions to Route Patterns that are located here: Call Routing → Route/Hunt → Route Pattern.

    Now you can distribute calls in your system depending on the time.

    Configuring Callback feature in CUCM

    This article will show you the CallBack feature in Cisco Unified Communications Manager (CUCM). The CallBack feature is used to inform the caller when the called party line becomes available.

    First, open Cisco Unified Serviceability menu → Tools → Service Activation. Then select your server and make sure that Cisco Extended Functions option is checked.

    Now configure Softkey. Proceed to Cisco Unified CM Administration menu → Device → Device Settings → Softkey Template. Then click Add New, select the Standard User template and click Copy. Enter the name and description for the new template. Then select Configure Softkey Layout in a dropdown menu in the upper right corner and click Go. In the field that appears, move Call Back from Unselected Softkeys to Selected Softkeys using the right arrow button. Repeat for On Hook, Connected Transfer and Ring Out states (select a call state to configure in the corresponding field).

    Then apply the softkey template to a phone. Proceed to the Phone tab and select the phone to apply the template to. Select your template in the Softkey Template field, then click Save and Apply Config.

    The CallBack button will appear at the bottom of the screen.

    Let’s see how it works.

    Make a call from phone A to phone B while phone B is busy. Press CallBack on the phone A.

    Then press OK. The message will change to CallBack is activated. Press Exit to quit this screen. To deactivate the function, click Cancel.

    As soon as phone B becomes available, a window with an audio signal and a notification about phone B being available will appear on phone A. To call phone B, press Dial.

    Call Tracing in CUCM Using RTMT

    This article will show you how to gather traces in Cisco Unified Communications Manager (CUCM). This information can be useful for trouble shooting. It is also needed in a request for Cisco TAC engineers.

    To collect traces, you will need to install Real-Time Monitoring Tool application. You can find an installation guide on the official Cisco website.

    First of all, proceed to Cisco Unified Serviceability menu -> Trace -> Configuration. Now select your server in the Sever field, select CM Services for the Service Group, select Cisco CallManager for the Service. You can see a screenshot with the default parameters below:

    Make sure that Trace On is checked. Select Detailed in the Debug Trace Level dropdown menu.

    If you are using a clustered environment, repeat this for each server in the cluster.

    Now launch RTMT and connect to your server. Proceed to the System menu -> Tools -> Trace & Log Central -> Collect Files. In the window that appears, check Cisco CallManager for the required servers.

    Click Next. On the next screen, check Event Viewer -> Application Log and Event Viewer -> System Log services.

    Now you should select the time range in the Collection Time field. Select the directory for the log files in the Download File Options section.

    Now click Finish. After the information is gathered, all the needed files will be placed into the specified directory.

    Caller’s Alerting Name in Cisco UCCX

    UCCX is possibly the only commercial call center platform that never makes you say “sorry, this is technically not feasible”. But it also has its disadvantages.

    One of them is the caller’s number. Instead of the caller’s phone number, a call center phone gets the number of the CTI port that accepted the call. Actually, this behavior is correct: a call in a queue is placed on hold. As soon as an operator connects, the call is forwarded from the CTI port to the operator’s phone. When the operator picks it up, the caller’s phone number is already displayed. It often confuses contact center employees.

    Since the version 10, UCCX has a function that helps to pass the caller’s number to a phone in a pop-up window. To do this, connect to UCCX via ssh (or connect to a terminal session directly) and enter the following command:

    • utils uccx icd clid enable

    You can change the pop-up window title:

    • utils uccx icd clid header HEADER_LINE

    And the prefix text to be displayed in front of the caller’s number:

    • utils uccx icd clid prefix PREFIX_LINE

    After these changes you should restart Cisco Unified CCX Engine. It is located in Cisco Unified CCX Serviceability\Tools\Control Center - Network Services.

    If you are using an HA environment, these actions should be repeated for each node in a cluster.

    Actually, this function meets the requirements of a call center working with external clients. However, what shall we do if a contact center works with the company’s internal users and the operators want to see the names the numbers are resolved into?

    There is a certain number of requests for this function on supportforums.cisco.com, but at the time of version 10.6 it wasn’t even declared as planned, so we’ll create workarounds.

    There are two options: one is easier, the other is more difficult.

    We can either use a CUCM function: Corporate Directory (this is the easy option), or create a phone directory of our own based on CUCM DB (this is more difficult).

    Create the following variables in the UCCX script:

    Add “Call Contact\Get Call Contact Info” action to the script:

    Set the CUCMDirURL variable to the following value:

    • http://CUCM_address:8080/ccmcip/xmldirectorylist.jsp – if you are using Corporate Directory;
    • http://web-server/output_phone_directory_list.xml – if you are using your own directory.

    Create a URL document: Document\Create URL Document.

    For Corporate Directory (pass a parameter named “n” with a value of “CallingNumber”):

    You don’t have to pass any parameters for your own directory:

    Create an XML document: Document\Create XML Document.

    Assign a name that corresponds to the phone to the AlertingName variable (Document\Get XML Document Data). The XML request for Corporate Directory: ″//DirectoryEntry/Name″

    For your own directory: ″/return/row[dn='″+CallingNumber+″‘]/alertingname″

    All output information will be displayed in CAD. First, create a variable for the name of the agent’s template: Settings\Expanded Call Variables…

    Create a Scalar variable named user.layout.

    Then, after our XML manipulations, you should add a Call Contact\Set Enterprise Call Info action. On the General tab, add two variables named Call.PeripherialVariable (with numbers that have never been used in the script before). Assign the following values: CallingNumber and AlertingName. On the Expanded Call Variables tab, add a variable named “user.layout”. Set Array Indexes to Scalar, set the value to the name of the displaying template for CAD.

    We’re done with the script now.

    Now proceed to Cisco Desktop Administrator\Services Configuration\Enterprise Data\Fields. Find the Call Variables with the numbers you have set in Set Enterprise Call Info. Change the Display Names to something meaningful (for example, Calling Number for 1, Name for 10).

    Proceed to Cisco Desktop Administrator\Services Configuration\Enterprise Data\Layout List and create a new Layout with the name specified in Set Enterprise Call Info. Add Call Variable 1 and Call Variable 10 to the Selected field.

    If you are using Corporate Directory, then everything is ready for use. However, you should keep in mind that CUCM gets the data from your directory server. If it doesn’t contain all the data on the company’s phones or the data is cluttered for some reason, then your only option is to create an XML phone directory using the data downloaded from the CUCM database. You may also want to use a “directory or your own” if you have a database with your external clients’ numbers and other data that can be used to display specific information about the calling party in CAD.

    The required data will be obtained through a SOAP request. Create an XML file with the following contents:

    <?xml version=″1.0″ encoding=″UTF-8″?>
    <soapenv:Envelope xmlns:soapenv=″http://schemas.xmlsoap.org/soap/envelope/″ xmlns:ns=″http://www.cisco.com/AXL/API/10.5″>
    <soapenv:Header/>
    <soapenv:Body>
    <ns:executeSQLQuery>
    <sql>
    select distinct n.alertingname, n.dnorpattern as DN
    from device as d, numplan as n, devicenumplanmap as dnpm
    where dnpm.fkdevice = d.pkid and dnpm.fknumplan = n.pkid and d.tkmodel != 72 and ( d.tkclass = 1 or d.tkclass = 20 or d.tkclass = 254);
    </sql>
    </ns:executeSQLQuery>
    </soapenv:Body>
    </soapenv:Envelope>

    The SQL request is marked in yellow. Basically, we pick alertingname and number fields. We only use the active phone numbers with associated IP phones, device profiles or remote destination profiles (d.tkclass = 1 or d.tkclass = 20 or d.tkclass = 254) and make sure that the device model is not a CTI Port (d.tkmodel != 72).

    Make sure that Cisco AXL Web Service is activated on your CUCM (Cisco Unified Serviceability\Tools\Service Activation\Database and Admin Services).

    Create a user on CUCM (Cisco Unified CM Administration\User Management\End User) with the “Standard AXL API Access” role.

    Now you can use cURL to send the following request to CUCM:

    curl -k -u username:password -H ″Content-type: text/xml;″ -H
    ″SOAPAction:CUCM:DB ver=10.5″ -d @/path/to/xml/file/with/request.xml
    https://cucm.local:8443/axl/ | awk ‘{print substr($0,202,length-264)}’

    As a result, every phone number is going to look like:

    <row>
    <alertingname>Name</alertingname>
    <dn>8800</dn>
    </row>

    CUCM forms the output enclosed in tags:

    <?xml version=″1.0″ encoding=″UTF-8″?>
    <soapenv:Envelope xmlns:soapenv=″http://schemas.xmlsoap.org/soap/envelope/″>
    <soapenv:Body>
    <ns:executeSQLQueryResponse xmlns:ns=″http://www.cisco.com/AXL/API/10.5″>
    <return>
    //output
    </return>
    </ns:executeSQLQueryResponse>
    </soapenv:Body>
    </soapenv:Envelope>

    In fact, everything is correct, but UCCX’s built-in XML parser crashes while working with namespaces. These tags will be cut out by the awk script marked in yellow.

    You can add this command to the scheduler, so it will be executed automatically, and redirect the output to an XML file available via http.

    That’s it.

    Call Recording Topic on CCIE Collaboration Exam v2.0

    Cisco teaches how to record CUCM calls even without having its own call recording solution. Why?

    That's interesting. As we're all aware Cisco MediaSense reached its EOL in 2017 with no replacement available from Cisco. All the call recording solutions on the market are developed by 3rd party Cisco Solution Partners. But take a look at CCIE Collab exam topics for 2018 - https://learningnetwork.cisco.com/community/...

    The 6.7 section is all about designing and implementing call recording architecture, including SIP recording, built-in bridge and network-based approaches etc etc.

    Why? Any suggestions?

    Updating CUCM 8.6 to 11.5 on UCS C220 M3S step by step

    Based on the documentation:
    https://www.cisco.com/c/en/us/td/docs/voice...

    The prerequisites (hardware and software) are the following:

    • 2x UCSC-C220-M3SBE
    • VMWare ESXi 5.1
    • CUCM (two Subscriber nodes, Publisher, version 8.6.2.25900-8)
    • CUCM (up to 1000 users)
    • CUCM Guest: 2vCPU, 4096Mb vRAM, 80Gb virtual disk
    • UCCX: one node, version 8.5.1.11004-25

    Upgrading the Publisher

    The Subscriber should be alive.

    1. Take a Backup (1) – shut down the VM and make a copy.
    2. Install V3 RSA keys via SFTP: Software Upgrade > ciscocm.version3-keys.cop.sgn
    3. Use the following command to shut down CUCM: utils system shutdown
    4. In this example the hardware was 2vCPU, 4096Mb vRAM, one 80Gb virtual disk. The following Guest VM Settings changes were required in order to upgrade to CUCM 11.5 (with 1000 users): https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/uc_system/virtual...
    a. Guest OS: switch to 64-bit Red Hat Enterprise Linux 6
    b. vRAM settings: increase the RAM size to 6 Gb
    c. Configure the Network Adapter:
    - Take a screenshot of the MAC address

    • Browse the datastore. Locate the *.vmx file and download it
    • Edit it. Add the following string at the end: ethernet0.virtualDev = "vmxnet3"
    • Upload the modified vmx file to the VMWARE folder
    • Remove the machine from the inventory
    • Add it to the inventory again
    • The network adapter parameters will be updated:

    5. Run the Virtual Machine with the new settings. Wait for about 20 minutes for the machine to start all the services, so the CPU stabilizes.
    6. Upload the new ISO image and map it to the CUCM VM.
    7. Make sure that now you have 6 Gb RAM:

    8. Open the operating system administration panel. Proceed to Software Upgrades > Install / Upgrade.

    • Source: DVD
    • UCSInstall_UCOS_UNRST_11.5.1.12900-21.sgn.iso
    • Choose “"Do not switch to new version after upgrade"
    • A refresh upgrade takes about 3 hours (Publisher: Started at 11.47, Completed at 13.35; Subscriber Started at 15.15)

    9. Take a fresh Backup (2) – shut down the VM and make a copy.

    Upgrading the Subscriber

    The Publisher should be alive.
    Perform the steps 1 to 8.

    Configuring Self-Provisioning in CUCM

    Self-Provisioning is another function that makes CUCM deployment and user management much easier.

    It helps the user to automatically associate and configure the phone.

    Let's look into the process of configuring this function.

    The users already have been imported from Active Directory. Integrating CUCM with AD is described in the previous article.

    First of all, configure device and line templates for auto-registration: Cisco Unified CM Administration > User Management > User/Phone Add > Universal Device Template and Cisco Unified CM Administration > User Management > User/Phone Add > Universal Line Template

    Universal Device Template

    Universal Line Template

    Here you can configure the route partition for the lines to be placed in, CSS, alerting name, the user's locale and other parameters.

    Now enable auto-registration.

    Proceed to Cisco Unified CM Administration > System > Cisco Unified CM.

    Select the server to enable auto-registration. Uncheck "Auto-registration Disabled on this Cisco Unified Communications Manager" and select the templates you have configured.

    Now the first step is over. New phones will be automatically registered with DNs from the range specified in the Auto-registration Information section.

    Now you should let the users configure the phones for themselves.

    Create a CTI Route Point.

    Cisco Unified CM Administration > Device > CTI Route Point

    Add a DN for this CTI Route Point.

    Create an Application User: Cisco Unified CM Administration > User Management > Application User

    Add your CTI Route Point to the Controlled Devices. Add the user to Standard CTI Allow Control of All Devices and Standard CTI Enabled groups.

    Configure the Self-Provisioning parameters in Cisco Unified CM Administration > User Management > Self Provisioning

    Configure the User Profile in Cisco Unified CM Administration > User Management > User Settings

    The configuration is complete.

    Now a user can make a call from a phone to your CTI Route Point. The IVR will take up the call and prompt the user to enter the Self Service User ID and PIN. Then the phone will restart automatically and after the launch it will be configured for this user.

    The phone will be bound to the user's DN, the owner will be specified and the phone will be added to the user's Controlled Devices.

    The following DN parameters will also be configured: CSS, Alerting Name, Caller ID and Line Text Label.

    So, after you've configured Self-Provisioning, you can completely exclude the administrator from the process of setting up new phones.

    Cisco logo history and evolution

    Why do companies change their logos?

    Here are some reasons skipping obvious ones like M&A, change in the name etc:

    There are a number of reasons, most often brought about by a combination of external cultural changes and shifts along with internal company shifts that now warrant ensuring that the company is NOT being pigeon-holed into "something from its past."

    David Brier, Brand identity specialist, award-winning designer

    Companies change their typefaces to keep them up to date, or because an old logo no longer fits with a new business strategy… this could range from a small refinement to a complete redesign.

    David Airey, graphic designer, author of Logo Design Love

    Sometimes companies change their logos for the wrong reasons…Sometimes they change it because there’s a new marketing person in charge…. Sometimes companies make very small changes – almost infinitesimal changes to their logos – which, quite rightly, are derided by the general public… But quite often those little refinements do a good job of making the company seems that little bit more up to date, that little bit more modern. And if you look back over the logo over time, you'll see that those little incremental changes were actually quite important.

    Patrick Burgoyne, editor of Creative Review

    Cisсo Systems

    So, Cisco Systems… one of the largest manufacturers of networking equipment and software, headquartered in Silicon Valley with more than 70K employees all over the world and revenue of U.S. $48 billion in 2017.

    Founded 33 years ago the company has grown from on-product vendor into a recognized worldwide leader in networking business.

    Here's a rundown of the Cisco logo design evolution, along with some key highlights of the company history.

    1984 – Golden Gate Bridge | San FranCISCO

    Founded in December 1984, Cisco actually started operations in 1987 after the battle with Stanford over charges that the founders used technology that belonged to Stanford to start their business.

    "Cisco" was actually derived from the city name San Francisco and initially the company's engineers insisted on using the lower case "cisco". The initial logo depicts the shape of the Golden Gate Bridge, the famous landmark from San Francisco.

    1996 – Digital Signal

    The growth of the Internet and wide adoption of the IP (Internet Protocol) changed the telecom landscape. Cisco acted promptly to use the new opportunity and quickly became the leading provider of routers and switches.

    The evolved logo is appended with the company's name "Cisco Systems". It consists of the same bridge but with a different silhouette and enclosed in a box. It now gets a second meaning - a digital signal that reflects the company's business.

    2006 – The Human Network

    Cisco launched the "Human Network" campaign, which centered on the impact of Internet networks on people and businesses.

    This campaign (actually Cisco's largest one) shifted the company's image from a tech vendor to the company that changes the world and the way people communicate. Cisco became the leader in communication and collaboration technologies – VoIP, video conferencing, online collaboration.

    The logo also changed and became much more simple – the bridge consists of only 9 bold strokes, the 'systems' is removed and the remaining "cisco" gets updated to be in the same case and height.

    The Cisco logo comes in red and blue. The red color symbolizes responsibility, passion, and readiness to work hard for further success; the blue color represents tranquility, optimism, fame, and prosperity.

    2013 – Tomorrow Starts Here

    Already the leader, with its CEO John Chambers on the Forbes magazine cover, Cisco started pushing the IoT concept and starts the new "Tomorrow start here" campaign: "Today, more than 99% of our world is still not connected to the Internet. But we're working on it."

    Tolleson and Cisco changed the logo colors to blue.

    Yes, this is the brand agency that defines Cisco's visual center – Tolleson. BTW guest where it is located?

    Basic check-up of a CUCM server

    This article presents a small set of commands for Cisco Voice Operation System (VOS) based servers. These commands help to reveal most problems caused by the platform. Each command comes with a brief description. The most important output data is marked with bold.

    1. show status

    If you need to analyse any problem, this is the first command to begin with. It displays the server’s name, its version and uptime. Since Cisco VOS servers are built on the basis of Linux Red Hat (RH), it may be handy to know your RH version, which in this case is 6.0. Average processor load above 60-70%, IOWAI above 1-2% and disk usage above 95% for any partition may indicate potential problems with this server.

    admin:show status

    Host Name : ucm11-1
    Date : Mon Feb 13, 2017 22:24:14
    Time Zone : Central European Time (Europe/Warsaw)
    Locale : en_US.UTF-8
    Product Ver : 11.0.1.20000-2
    Unified OS Version : 6.0.0.0-2

    Uptime:
    22:24:19 up 20 days, 10:34, 1 user, load average: 0.27, 0.16, 0.13

    CPU Idle: 94.94% System: 02.78% User: 02.28%
    IOWAIT: 00.00% IRQ: 00.00% Soft: 00.00%

    Memory Total: 8062356K
    Free: 147272K
    Used: 7915084K
    Cached: 3739040K
    Shared: 451788K
    Buffers: 288744K

    Total Free Used
    Disk/active 20173692K 7107128K 12860280K (65%)
    Disk/inactive 20173692K 7443172K 12524236K (63%)
    Disk/logging 70515112K 21109572K 45816884K (69%)

    2. show tech network hosts

    This command can be used to get the list of servers in a cluster in a convenient format. The main purpose is to understand the scale of a system: 1 server means no fault tolerance, 8 servers mean that the system serves a lot of users and any changes must be carefully thought out and coordinated with the customer. The output of this command must be the same for all the servers in your cluster. Otherwise, there may be problems with database replication.

    admin:show tech network hosts
    ——————– show platform network ——————–

    /etc/hosts File:
    #This file was generated by the /etc/hosts cluster manager.
    #It is automatically updated as nodes are added, changed, removed from the cluster.

    127.0.0.1 localhost
    ::1 localhost
    10.48.47.136 ucm11-2.allevich.local ucm11-2
    10.48.47.143 ucm11-1.allevich.local ucm11-1

    3. utils ntp status

    Synchronization with an NTP server is mandatory for all the devices in your network. Timestamps help with malfunction diagnostics, especially in complicated cases. Informix DB replication won’t be stable without NTP synchronization. This command can also be used to indicate the date and time when the commands in a saved text file were executed.

    admin:utils ntp status
    ntpd (pid 8524) is running…


    remote refid st t when poll reach delay offset jitter
    ==============================================================================
    *172.18.108.15 .GPS. 1 u 583 1024 377 106.518 0.283 1.045

    synchronised to NTP server (172.18.108.15) at stratum 2
    time correct to within 131 ms
    polling server every 1024 s

    Current time in UTC is : Mon Feb 13 21:24:23 UTC 2017
    Current time in Europe/Warsaw is : Mon Feb 13 22:24:23 CET 2017

    4. utils service list

    This command is necessary if you need to check the state of all services running on a certain server in a cluster. This is also the simplest way to find the Publisher server in a cluster: it will have the directive “primary node=true”.

    admin:utils service list
    Requesting service status, please wait…
    System SSH [STARTED]
    Cluster Manager [STARTED]
    Name Service Cache [STARTED]
    Entropy Monitoring Daemon [STARTED]
    Cisco SCSI Watchdog [STARTED]
    Service Manager [STARTED]
    HTTPS Configuration Download [STARTED]
    Service Manager is running
    Getting list of all services
    >> Return code = 0
    A Cisco DB[STARTED]
    A Cisco DB Replicator[STARTED]
    Cisco AMC Service[STARTED]
    Cisco AXL Web Service[STARTED]
    Cisco Audit Event Service[STARTED]
    Cisco Bulk Provisioning Service[STARTED]
    Cisco CAR DB[STARTED]
    Cisco CAR Scheduler[STARTED]
    Cisco CAR Web Service[STARTED]
    Cisco CDP[STARTED]
    Cisco CDP Agent[STARTED]
    Cisco CDR Agent[STARTED]
    Cisco CDR Repository Manager[STARTED]
    Cisco CTIManager[STARTED]
    Cisco CTL Provider[STARTED]
    Cisco CallManager[STARTED]
    Cisco CallManager Admin[STARTED]
    Cisco CallManager SNMP Service[STARTED]
    Cisco CallManager Serviceability[STARTED]
    Cisco CallManager Serviceability RTMT[STARTED]
    Cisco Certificate Authority Proxy Function[STARTED]
    Cisco Certificate Change Notification[STARTED]
    Cisco Certificate Expiry Monitor[STARTED]
    Cisco Change Credential Application[STARTED]
    Cisco DHCP Monitor Service[STARTED]
    Cisco DRF Local[STARTED]
    Cisco DRF Master[STARTED]
    Cisco Database Layer Monitor[STARTED]
    Cisco DirSync[STARTED]
    Cisco E911[STARTED]
    Cisco ELM Client Service[STARTED]
    Cisco Extended Functions[STARTED]
    Cisco Extension Mobility[STARTED]
    Cisco Extension Mobility Application[STARTED]
    Cisco IP Manager Assistant[STARTED]
    Cisco IP Voice Media Streaming App[STARTED]
    Cisco Intercluster Lookup Service[STARTED]
    Cisco License Manager[STARTED]
    Cisco Log Partition Monitoring Tool[STARTED]
    Cisco Prime LM Admin[STARTED]
    Cisco Prime LM DB[STARTED]
    Cisco Prime LM Server[STARTED]
    Cisco RIS Data Collector[STARTED]
    Cisco RTMT Reporter Servlet[STARTED]
    Cisco SOAP – CDRonDemand Service[STARTED]
    Cisco SOAP – CallRecord Service[STARTED]
    Cisco Serviceability Reporter[STARTED]
    Cisco Syslog Agent[STARTED]
    Cisco TAPS Service[STARTED]
    Cisco Tftp[STARTED]
    Cisco Tomcat[STARTED]
    Cisco Tomcat Stats Servlet[STARTED]
    Cisco Trace Collection Service[STARTED]
    Cisco Trace Collection Servlet[STARTED]
    Cisco Trust Verification Service[STARTED]
    Cisco UXL Web Service[STARTED]
    Cisco Unified Mobile Voice Access Service[STARTED]
    Cisco User Data Services[STARTED]
    Cisco WebDialer Web Service[STARTED]
    Host Resources Agent[STARTED]
    MIB2 Agent[STARTED]
    Platform Administrative Web Service[STARTED]
    SNMP Master Agent[STARTED]
    SOAP – Diagnostic Portal Database Service[STARTED]
    SOAP -Log Collection APIs[STARTED]
    SOAP -Performance Monitoring APIs[STARTED]
    SOAP -Real-Time Service APIs[STARTED]
    System Application Agent[STARTED]
    Cisco Dialed Number Analyzer[STOPPED] Service Not Activated
    Cisco Dialed Number Analyzer Server[STOPPED] Service Not Activated
    Cisco Directory Number Alias Lookup[STOPPED] Service Not Activated
    Cisco Directory Number Alias Sync[STOPPED] Service Not Activated
    Cisco Location Bandwidth Manager[STOPPED] Service Not Activated
    Cisco Prime LM Resource API[STOPPED] Service Not Activated
    Cisco Prime LM Resource Legacy API[STOPPED] Service Not Activated
    Self Provisioning IVR[STOPPED] Service Not Activated
    Primary Node =true

    5. utils dbreplication runtimestate

    Many problems, especially the ones that are difficult to reproduce, originate from Informix database replication malfunction. To ensure that the replication is working correctly, pay attention to the marked fields. All the tables should be synchronized, basic check-ups should be successful (“Y” status), the status of each node should be equal to 2. Another useful piece of information is the timeout between the nodes in a cluster (in ms). For the servers that are located in different data centers far from each other it is usually above 10 ms.

    admin:utils dbreplication runtimestate
    Server Time: Mon Feb 13 22:24:51 CET 2017

    Cluster Replication State: BROADCAST SYNC ended at: 2016-02-25-08-48
    Sync Result: SYNC COMPLETED on 692 tables out of 692
    Sync Status: All Tables are in sync
    Use CLI to see detail: ‘file view activelog cm/trace/dbl/20160225_084649_dbl_repl_output_Broadcast.log’

    DB Version: ccm11_0_1_20000_2
    Repltimeout set to: 420s
    PROCESS option set to: 1

    Cluster Detailed View from ucm11-1 (2 Servers):

    PING DB/RPC/ REPL. Replication REPLICATION SETUP
    SERVER-NAME IP ADDRESS (msec) DbMon? QUEUE Group ID (RTMT) & Details
    ———– ———- —— ——- —– ———– ——————
    ucm11-2 10.48.47.136 2.860 Y/Y/Y 0 (g_3) (2) Setup Completed
    ucm11-1 10.48.47.143 0.038 Y/Y/Y 0 (g_2) (2) Setup Completed

    6. run sql SELECT count(*) from enduser

    To analyze any problem, a Cisco TAC engineer has to know the number of users in your system. It helps to understand its size and estimate the business impact of this service.

    admin:run sql SELECT count(*) from enduser
    (count(*))
    ==========
    11

    Other VOS-based servers usually store user data in a separate Informix DB.
    Commands for other servers (CUIC, Unity Connection) are given below.

    run sql SELECT count(*) from cuic_data:cuicuser
    run cuc dbquery unitydirdb SELECT count(*) FROM tbl_user

    7. utils core active list

    Checking memory dumps of the processes is a part of the initial diagnostics. An example of Call Manager process memory dump is given below. Analyzing memory dumps is Cisco TAC engineers’ work, as it requires the knowledge of the product’s software architecture.

    admin:utils core active list
    Size Date Core File Name
    =================================================================
    233860 KB 2017-02-02 09:28:40 core.20919.6.ccm.1486023981

    8. file dump install system-history.log

    This command is irreplaceable for the analysis of any problem. It displays the events that have occurred on a node: restarts, installation of components (COP files, locales), successful and failed backups.



    file dump install system-history.log
    =======================================
    Product Name – Cisco Unified Communications Manager
    Product Version – 11.0.1.20000-2
    Kernel Image – 2.6.32-504.12.2.el6.x86_64
    =======================================
    05/18/2015 17:49:21 | root: Install 11.0.0.99833-4 Start
    05/18/2015 23:28:40 | root: Boot 11.0.0.99833-4 Start
    05/19/2015 09:55:13 | root: Install 11.0.0.99833-4 Success
    05/19/2015 09:55:17 | root: Boot 11.0.0.99833-4 Start
    06/17/2015 17:51:57 | root: Shutdown 11.0.0.99833-4 Start
    06/18/2015 12:37:00 | root: Boot 11.0.0.99833-4 Start
    08/16/2015 08:18:19 | root: Boot 11.0.0.99833-4 Start
    09/09/2015 08:47:37 | root: Boot 11.0.0.99833-4 Start
    12/02/2015 16:18:19 | root: Cisco Option Install cm-locale-de_DE-11.0.1.1000-1.cop Start
    12/02/2015 16:20:34 | root: Cisco Option Install cm-locale-de_DE-11.0.1.1000-1.cop Success
    12/02/2015 16:22:58 | root: Restart 11.0.0.99833-4 Start
    12/02/2015 16:23:32 | root: Boot 11.0.0.99833-4 Start
    12/02/2015 16:31:51 | root: Restart 11.0.0.99833-4 Start
    12/02/2015 16:32:15 | root: Boot 11.0.0.99833-4 Start
    12/08/2015 17:33:35 | root: Shutdown 11.0.0.99833-4 Start
    12/08/2015 22:47:20 | root: Boot 11.0.0.99833-4 Start
    12/28/2015 21:59:19 | root: Upgrade 11.0.1.20000-2 Start
    12/28/2015 22:57:54 | root: Upgrade 11.0.1.20000-2 Success
    12/28/2015 22:58:22 | root: Switch Version 11.0.0.99833-4 to 11.0.1.20000-2 Start
    12/28/2015 23:01:06 | root: Switch Version 11.0.0.99833-4 to 11.0.1.20000-2 Success
    12/28/2015 23:01:06 | root: Product Version 11.0.1.20000-2
    12/28/2015 23:01:06 | root: Kernel Image 2.6.32-504.12.2.el6.x86_64
    12/28/2015 23:01:09 | root: Restart 11.0.1.20000-2 Start
    12/28/2015 23:01:10 | root: Restart 11.0.0.99833-4 Start
    12/28/2015 23:03:12 | root: Boot 11.0.1.20000-2 Start
    01/31/2016 12:54:02 | root: Cisco Option Install dp-ffr.3-1-30.GB.k3.cop Start
    01/31/2016 12:55:11 | root: Cisco Option Install dp-ffr.3-1-30.GB.k3.cop Success
    02/07/2016 11:09:46 | root: Cisco Option Install cm-locale-ru_RU-11.0.1.1000-1.cop Start
    02/07/2016 11:11:41 | root: Cisco Option Install cm-locale-ru_RU-11.0.1.1000-1.cop Success
    02/07/2016 11:37:46 | root: Restart 11.0.1.20000-2 Start
    02/07/2016 11:38:19 | root: Boot 11.0.1.20000-2 Start
    03/30/2016 12:39:11 | root: Restart 11.0.1.20000-2 Start
    03/30/2016 12:39:38 | root: Boot 11.0.1.20000-2 Start
    04/16/2016 13:21:04 | root: DRS Backup UCMVersion:11.0.1.20000-2 Start
    04/16/2016 13:23:37 | root: DRS Backup UCMVersion:11.0.1.20000-2 Success
    04/28/2016 13:59:03 | root: DRS Backup UCMVersion:11.0.1.20000-2 Start
    04/28/2016 14:03:06 | root: DRS Backup UCMVersion:11.0.1.20000-2 Success
    05/03/2016 11:03:46 | root: Shutdown 11.0.1.20000-2 Start
    05/03/2016 11:08:43 | root: Boot 11.0.1.20000-2 Start
    05/14/2016 20:10:29 | root: Restart 11.0.1.20000-2 Start
    05/14/2016 20:10:57 | root: Boot 11.0.1.20000-2 Start
    01/17/2017 12:44:09 | root: Restart 11.0.1.20000-2 Start
    01/17/2017 12:44:59 | root: Boot 11.0.1.20000-2 Start
    01/22/2017 01:00:05 | root: DRS Backup UCMVersion:11.0.1.20000-2 Start
    01/22/2017 01:07:36 | root: DRS Backup UCMVersion:11.0.1.20000-2 Success
    01/24/2017 11:49:36 | root: Restart 11.0.1.20000-2 Start
    01/24/2017 11:50:14 | root: Boot 11.0.1.20000-2 Start
    01/29/2017 01:00:11 | root: DRS Backup UCMVersion:11.0.1.20000-2 Start
    01/29/2017 01:21:57 | root: DRS Backup UCMVersion:11.0.1.20000-2 Success
    02/05/2017 01:00:05 | root: DRS Backup UCMVersion:11.0.1.20000-2 Start
    02/05/2017 01:10:58 | root: DRS Backup UCMVersion:11.0.1.20000-2 Success
    02/12/2017 01:00:05 | root: DRS Backup UCMVersion:11.0.1.20000-2 Start
    02/12/2017 01:12:51 | root: DRS Backup UCMVersion:11.0.1.20000-2 Success

    Even if the data acquired by these commands doesn’t show the problem’s source, it significantly improves the engineer’s knowledge of the system, its current state, version, addresses and services.

    P.S. This list doesn’t include the following command because it may take a long time to produce the output. If the DNS reverse records are not configured correctly, this command will take 300 seconds longer to execute.

    utils diagnose test

    This article is a translation of a guide originally created by Alex Levichev, a Cisco UC TAC engineer - https://gblogs.cisco.com/ru/author/allevich/

    Integrating CUCM and Active Directory

    Integrating CUCM and Active Directory can make administration much easier. Correct configuration may help you to automate new phone registration in the future.

    This article will help you to get the most out of using CUCM in a bundle with AD.

    First of all, you should activate the Cisco DirSync service.
    Proceed to Cisco Unified Serviceability > Tools > Service Activation > Directory Services > Cisco DirSync

    Enable synchronizing from a LDAP server.
    Cisco Unified CM Administration > System > LDAP > LDAP System

    Now you should configure integration with a specific LDAP directory. Let's look into this stage.

    LDAP Configuration Name – a name of your choosing.

    LDAP Manager Distinguished Name – an Active Directory user's name. It's recommended to create a separate user account for CUCM. The user account must have read access.

    LDAP User Search Base – a user search base. In this case, the search will be performed in SMTH organizational unit in smth.int domain.

    Mapping the standard fields:

    We recommend you to map Directory URI to mail attribute. It will help you to avoid some problems while configuring XMPP Federation through Expressway later.

    Access Control Group – a list of groups an imported user will be automatically added to.

    Feature Group Template – a set of additional features to be enabled for a user, for example, IM & Presence, Conference Now and some user parameters.

    The template itself can be configured here: Cisco Unified CM Administration > User Management > User/Phone Add > Feature Group Template

    Apply mask to synced telephone numbers to create a new line for inserted users – a mask for automated DN creation for imported users. The information will be obtained from the Phone Number field.

    LDAP Server Information – a server to synchronize with. It's recommended to add several servers, because when LDAP Authentication is on, all users’ authorization requests are redirected to AD. So if the server is down, the users won't be able to authorize.

    When the configuration is over, click Perform Full Sync Now.

    Now you can see your users listed here: Cisco Unified CM Administration > User Management > End users.

    And the automatically created DNs should be here: Cisco Unified CM Administration > Call Routing > Directory Number.

    The users are already configured according to your settings.

    The users have been created. All you need to do now is configure authentication through Active Directory.

    Cisco Unified CM Administration > System > LDAP > LDAP Authentication

    Now you can proceed to Auto-Registration and Self-Provisioning settings.

    Basic check-up of a CUCM server

    This article presents a small set of commands for Cisco Voice Operation System (VOS) based servers. These commands help to reveal most problems caused by the platform. Each command comes with a brief description. The most important output data is marked with bold.

    1. show status

    If you need to analyse any problem, this is the first command to begin with. It displays the server’s name, its version and uptime. Since Cisco VOS servers are built on the basis of Linux Red Hat (RH), it may be handy to know your RH version, which in this case is 6.0. Average processor load above 60-70%, IOWAI above 1-2% and disk usage above 95% for any partition may indicate potential problems with this server.

    admin:show status

    Host Name    : ucm11-1
    Date    : Mon Feb 13, 2017 22:24:14
    Time Zone     : Central European Time (Europe/Warsaw)
    Locale    : en_US.UTF-8
    Product Ver   : 11.0.1.20000-2
    Unified OS Version : 6.0.0.0-2

    Uptime:
    22:24:19 up 20 days,    10:34,    1 user,    load average: 0.27, 0.16, 0.13

    CPU Idle:    94.94%    System:    02.78%    User:    02.28%
    IOWAIT:    00.00%    IRQ:    00.00%    Soft:    00.00%

    Memory Total:     8062356K
    Free:     147272K
    Used:     7915084K
    Cached:     3739040K
    Shared:     451788K
    Buffers:     288744K

    Total     Free     Used
    Disk/active     20173692K     7107128K     12860280K (65%) Disk/inactive     20173692K     7443172K     12524236K (63%) Disk/logging     70515112K     21109572K     45816884K (69%)

    2. show tech network hosts

    This command can be used to get the list of servers in a cluster in a convenient format. The main purpose is to understand the scale of a system: 1 server means no fault tolerance, 8 servers mean that the system serves a lot of users and any changes must be carefully thought out and coordinated with the customer. The output of this command must be the same for all the servers in your cluster. Otherwise, there may be problems with database replication.

    admin:show tech network hosts
    ——————– show platform network ——————–

    /etc/hosts File:
    #This file was generated by the /etc/hosts cluster manager.
    #It is automatically updated as nodes are added, changed, removed from the cluster.

    127.0.0.1 localhost
    ::1 localhost
    10.48.47.136 ucm11-2.allevich.local ucm11-2
    10.48.47.143 ucm11-1.allevich.local ucm11-1

    3. utils ntp status

    Synchronization with an NTP server is mandatory for all the devices in your network. Timestamps help with malfunction diagnostics, especially in complicated cases. Informix DB replication won’t be stable without NTP synchronization. This command can also be used to indicate the date and time when the commands in a saved text file were executed.

    admin:utils ntp status
    ntpd (pid 8524) is running…

    remote    refid    st t when poll reach    delay    offset jitter
    ==============================================================================
    *172.18.108.15    .GPS.    1 u    583    1024    377    106.518    0.283 1.045

    synchronised to NTP server (172.18.108.15) at stratum 2
    time correct to within 131 ms
    polling server every 1024 s


    Current time in UTC is : Mon Feb 13 21:24:23 UTC 2017
    Current time in Europe/Warsaw is : Mon Feb 13 22:24:23 CET 2017

    4. utils service list

    This command is necessary if you need to check the state of all services running on a certain server in a cluster. This is also the simplest way to find the Publisher server in a cluster: it will have the directive “primary node=true”.

    admin:utils service list
    Requesting service status, please wait…
    System SSH [STARTED]
    Cluster Manager [STARTED]
    Name Service Cache [STARTED]
    Entropy Monitoring Daemon [STARTED]
    Cisco SCSI Watchdog [STARTED]
    Service Manager [STARTED]
    HTTPS Configuration Download [STARTED]
    Service Manager is running
    Getting list of all services
    >> Return code = 0
    A Cisco DB[STARTED]
    A Cisco DB Replicator[STARTED]
    Cisco AMC Service[STARTED]
    Cisco AXL Web Service[STARTED]
    Cisco Audit Event Service[STARTED]
    Cisco Bulk Provisioning Service[STARTED]
    Cisco CAR DB[STARTED]
    Cisco CAR Scheduler[STARTED]
    Cisco CAR Web Service[STARTED]
    Cisco CDP[STARTED]
    Cisco CDP Agent[STARTED]
    Cisco CDR Agent[STARTED]
    Cisco CDR Repository Manager[STARTED]
    Cisco CTIManager[STARTED]
    Cisco CTL Provider[STARTED]
    Cisco CallManager[STARTED]
    Cisco CallManager Admin[STARTED]
    Cisco CallManager SNMP Service[STARTED]
    Cisco CallManager Serviceability[STARTED]
    Cisco CallManager Serviceability RTMT[STARTED]
    Cisco Certificate Authority Proxy Function[STARTED]
    Cisco Certificate Change Notification[STARTED]
    Cisco Certificate Expiry Monitor[STARTED]
    Cisco Change Credential Application[STARTED]
    Cisco DHCP Monitor Service[STARTED]
    Cisco DRF Local[STARTED]
    Cisco DRF Master[STARTED]
    Cisco Database Layer Monitor[STARTED]
    Cisco DirSync[STARTED]
    Cisco E911[STARTED]
    Cisco ELM Client Service[STARTED]
    Cisco Extended Functions[STARTED]
    Cisco Extension Mobility[STARTED]
    Cisco Extension Mobility Application[STARTED]
    Cisco IP Manager Assistant[STARTED]
    Cisco IP Voice Media Streaming App[STARTED]
    Cisco Intercluster Lookup Service[STARTED]
    Cisco License Manager[STARTED]
    Cisco Log Partition Monitoring Tool[STARTED]
    Cisco Prime LM Admin[STARTED]
    Cisco Prime LM DB[STARTED]
    Cisco Prime LM Server[STARTED]
    Cisco RIS Data Collector[STARTED]
    Cisco RTMT Reporter Servlet[STARTED]
    Cisco SOAP – CDRonDemand Service[STARTED]
    Cisco SOAP – CallRecord Service[STARTED]
    Cisco Serviceability Reporter[STARTED]
    Cisco Syslog Agent[STARTED]
    Cisco TAPS Service[STARTED]
    Cisco Tftp[STARTED]
    Cisco Tomcat[STARTED]
    Cisco Tomcat Stats Servlet[STARTED]
    Cisco Trace Collection Service[STARTED]
    Cisco Trace Collection Servlet[STARTED]
    Cisco Trust Verification Service[STARTED]
    Cisco UXL Web Service[STARTED]
    Cisco Unified Mobile Voice Access Service[STARTED]
    Cisco User Data Services[STARTED]
    Cisco WebDialer Web Service[STARTED]
    Host Resources Agent[STARTED]
    MIB2 Agent[STARTED]
    Platform Administrative Web Service[STARTED]
    SNMP Master Agent[STARTED]
    SOAP – Diagnostic Portal Database Service[STARTED]
    SOAP -Log Collection APIs[STARTED]
    SOAP -Performance Monitoring APIs[STARTED]
    SOAP -Real-Time Service APIs[STARTED]
    System Application Agent[STARTED]
    Cisco Dialed Number Analyzer[STOPPED] Service Not Activated
    Cisco Dialed Number Analyzer Server[STOPPED] Service Not Activated
    Cisco Directory Number Alias Lookup[STOPPED] Service Not Activated
    Cisco Directory Number Alias Sync[STOPPED] Service Not Activated
    Cisco Location Bandwidth Manager[STOPPED] Service Not Activated
    Cisco Prime LM Resource API[STOPPED] Service Not Activated
    Cisco Prime LM Resource Legacy API[STOPPED] Service Not Activated
    Self Provisioning IVR[STOPPED] Service Not Activated
    Primary Node =true

    5. utils dbreplication runtimestate

    Many problems, especially the ones that are difficult to reproduce, originate from Informix database replication malfunction. To ensure that the replication is working correctly, pay attention to the marked fields. All the tables should be synchronized, basic check-ups should be successful (“Y” status), the status of each node should be equal to 2. Another useful piece of information is the timeout between the nodes in a cluster (in ms). For the servers that are located in different data centers far from each other it is usually above 10 ms.

    admin:utils dbreplication runtimestate
    Server Time: Mon Feb 13 22:24:51 CET 2017

    Cluster Replication State: BROADCAST SYNC ended at: 2016-02-25-08-48
    Sync Result: SYNC COMPLETED on 692 tables out of 692
    Sync Status: All Tables are in sync
    Use CLI to see detail: ‘file view activelog cm/trace/dbl/20160225_084649_dbl_repl_output_Broadcast.log’

    DB Version: ccm11_0_1_20000_2
    Repltimeout set to: 420s
    PROCESS option set to: 1

    Cluster Detailed View from ucm11-1 (2 Servers):

    PING    DB/RPC/    REPL.    Replication     REPLICATION SETUP    
    SERVER-NAME    IP ADDRESS     (msec)    DbMon?    QUEUE    Group ID    (RTMT) & Details
    ———– ———- —— ——- —– ———– ——————
    ucm11-2     10.48.47.136    2.860    Y/Y/Y    0     (g_3)    (2) Setup Completed
    ucm11-1    10.48.47.143    0.038    Y/Y/Y    0    (g_2)    (2) Setup Completed

    6. run sql SELECT count(*) from enduser

    To analyze any problem, a Cisco TAC engineer has to know the number of users in your system. It helps to understand its size and estimate the business impact of this service.

    admin:run sql SELECT count(*) from enduser
    (count(*))
    ==========
    11

    Other VOS-based servers usually store user data in a separate Informix DB.

    Commands for other servers (CUIC, Unity Connection) are given below.

    run sql SELECT count(*) from cuic_data:cuicuser
    run cuc dbquery unitydirdb SELECT count(*) FROM tbl_user

    7. utils core active list

    Checking memory dumps of the processes is a part of the initial diagnostics. An example of Call Manager process memory dump is given below. Analyzing memory dumps is Cisco TAC engineers’ work, as it requires the knowledge of the product’s software architecture.

    admin:utils core active list
    Size    Date    Core File Name
    =================================================================
    233860 KB    2017-02-02 09:28:40    core.20919.6.ccm.1486023981

    8. file dump install system-history.log

    This command is irreplaceable for the analysis of any problem. It displays the events that have occurred on a node: restarts, installation of components (COP files, locales), successful and failed backups.

    file dump install system-history.log
    =======================================
    Product Name – Cisco Unified Communications Manager
    Product Version – 11.0.1.20000-2
    Kernel Image – 2.6.32-504.12.2.el6.x86_64
    =======================================
    05/18/2015 17:49:21 | root: Install 11.0.0.99833-4 Start
    05/18/2015 23:28:40 | root: Boot 11.0.0.99833-4 Start
    05/19/2015 09:55:13 | root: Install 11.0.0.99833-4 Success
    05/19/2015 09:55:17 | root: Boot 11.0.0.99833-4 Start
    06/17/2015 17:51:57 | root: Shutdown 11.0.0.99833-4 Start
    06/18/2015 12:37:00 | root: Boot 11.0.0.99833-4 Start
    08/16/2015 08:18:19 | root: Boot 11.0.0.99833-4 Start
    09/09/2015 08:47:37 | root: Boot 11.0.0.99833-4 Start
    12/02/2015 16:18:19 | root: Cisco Option Install cm-locale-de_DE-11.0.1.1000-1.cop Start
    12/02/2015 16:20:34 | root: Cisco Option Install cm-locale-de_DE-11.0.1.1000-1.cop Success
    12/02/2015 16:22:58 | root: Restart 11.0.0.99833-4 Start
    12/02/2015 16:23:32 | root: Boot 11.0.0.99833-4 Start
    12/02/2015 16:31:51 | root: Restart 11.0.0.99833-4 Start
    12/02/2015 16:32:15 | root: Boot 11.0.0.99833-4 Start
    12/08/2015 17:33:35 | root: Shutdown 11.0.0.99833-4 Start
    12/08/2015 22:47:20 | root: Boot 11.0.0.99833-4 Start
    12/28/2015 21:59:19 | root: Upgrade 11.0.1.20000-2 Start
    12/28/2015 22:57:54 | root: Upgrade 11.0.1.20000-2 Success
    12/28/2015 22:58:22 | root: Switch Version 11.0.0.99833-4 to 11.0.1.20000-2 Start
    12/28/2015 23:01:06 | root: Switch Version 11.0.0.99833-4 to 11.0.1.20000-2 Success
    12/28/2015 23:01:06 | root: Product Version 11.0.1.20000-2
    12/28/2015 23:01:06 | root: Kernel Image 2.6.32-504.12.2.el6.x86_64
    12/28/2015 23:01:09 | root: Restart 11.0.1.20000-2 Start
    12/28/2015 23:01:10 | root: Restart 11.0.0.99833-4 Start
    12/28/2015 23:03:12 | root: Boot 11.0.1.20000-2 Start
    01/31/2016 12:54:02 | root: Cisco Option Install dp-ffr.3-1-30.GB.k3.cop Start
    01/31/2016 12:55:11 | root: Cisco Option Install dp-ffr.3-1-30.GB.k3.cop Success
    02/07/2016 11:09:46 | root: Cisco Option Install cm-locale-ru_RU-11.0.1.1000-1.cop Start
    02/07/2016 11:11:41 | root: Cisco Option Install cm-locale-ru_RU-11.0.1.1000-1.cop Success
    02/07/2016 11:37:46 | root: Restart 11.0.1.20000-2 Start
    02/07/2016 11:38:19 | root: Boot 11.0.1.20000-2 Start
    03/30/2016 12:39:11 | root: Restart 11.0.1.20000-2 Start
    03/30/2016 12:39:38 | root: Boot 11.0.1.20000-2 Start
    04/16/2016 13:21:04 | root: DRS Backup UCMVersion:11.0.1.20000-2 Start
    04/16/2016 13:23:37 | root: DRS Backup UCMVersion:11.0.1.20000-2 Success
    04/28/2016 13:59:03 | root: DRS Backup UCMVersion:11.0.1.20000-2 Start
    04/28/2016 14:03:06 | root: DRS Backup UCMVersion:11.0.1.20000-2 Success
    05/03/2016 11:03:46 | root: Shutdown 11.0.1.20000-2 Start
    05/03/2016 11:08:43 | root: Boot 11.0.1.20000-2 Start
    05/14/2016 20:10:29 | root: Restart 11.0.1.20000-2 Start
    05/14/2016 20:10:57 | root: Boot 11.0.1.20000-2 Start
    01/17/2017 12:44:09 | root: Restart 11.0.1.20000-2 Start
    01/17/2017 12:44:59 | root: Boot 11.0.1.20000-2 Start
    01/22/2017 01:00:05 | root: DRS Backup UCMVersion:11.0.1.20000-2 Start
    01/22/2017 01:07:36 | root: DRS Backup UCMVersion:11.0.1.20000-2 Success
    01/24/2017 11:49:36 | root: Restart 11.0.1.20000-2 Start
    01/24/2017 11:50:14 | root: Boot 11.0.1.20000-2 Start
    01/29/2017 01:00:11 | root: DRS Backup UCMVersion:11.0.1.20000-2 Start
    01/29/2017 01:21:57 | root: DRS Backup UCMVersion:11.0.1.20000-2 Success
    02/05/2017 01:00:05 | root: DRS Backup UCMVersion:11.0.1.20000-2 Start
    02/05/2017 01:10:58 | root: DRS Backup UCMVersion:11.0.1.20000-2 Success
    02/12/2017 01:00:05 | root: DRS Backup UCMVersion:11.0.1.20000-2 Start
    02/12/2017 01:12:51 | root: DRS Backup UCMVersion:11.0.1.20000-2 Success

    Even if the data acquired by these commands doesn’t show the problem’s source, it significantly improves the engineer’s knowledge of the system, its current state, version, addresses and services.

    P.S. This list doesn’t include the following command because it may take a long time to produce the output. If the DNS reverse records are not configured correctly, this command will take 300 seconds longer to execute.

    utils diagnose test

    Integrating ASTERISK and CUCM

    Integrating Asterisk and CUCM via SIP makes it possible to combine several phone pools or, for instance, to use Asterisk as an IVR (interactive voice response system). This article gives instructions on connecting Asterisk and Cisco Unified Communications Manager through a SIP trunk.

    Configuring CUCM

    First of all, proceed to Cisco UCM configuration page. To create a new SIP trunk, select Device -> Trunk in the menu and click Add New. We are creating a SIP trunk, so fill out the Trunk Type and Device Protocol fields, as the screenshot shows:

    After the parameters are specified, click Next. On the page that appears, fill out the following fields:

    • Device Name – enter the name of the SIP trunk to be created. This field is required.
    • Description – describe the connection to be created.
    • Device Pool – select a device pool for the SIP trunk. It should coincide with the devices routed through this trunk. This field is required.

    Scroll down to the section titled Inbound Calls and fill out the following field:

    • Calling Search Space – CSS name for the SIP trunk. It should coincide with the devices routed through this trunk.

    To finish the system configuration, proceed to the section titled SIP Information, sub-section Destination. Fill out the following fields:

    • Destination Address – enter the IP address of your Asterisk server. This field is required. Note that the default destination port is 5060. If your Asterisk server has a different SIP listen port, enter it in the Destination Port field.
    • SIP Trunk Security Profile – select Non Secure SIP Trunk Profile. This field is required.
    • Rerouting Calling Search Space – select the same CSS that you have selected in Inbound Calls section.
    • Out-Of-Dialog Refer Calling Search Space – similarly to the previous item, select the same CSS.
    • SUBSCRIBE Calling Search Space – select the same CSS.
    • SIP Profile – select Standard SIP Profile.

    Click Save. You can use patterns (see Route Pattern settings) to configure routing to the SIP trunk.

    Configuring Asterisk

    You can carry out SIP trunk configuration process on the side of Asterisk through the FreePBX 13 graphical environment. To configure a trunk, proceed to Connectivity -> Trunks. Click Add Trunk to create a new SIP trunk.

    On the General tab, enter the trunk name. Then proceed to the pjsip Settings tab. We don’t use username/password authentication to configure a SIP trunk between Asterisk and CUCM, so select the following options:

    • Authentication – select None. As mentioned before, we won’t need username/password authentication.
    • Registration – select None.
    • SIP Server – enter the Cisco UCM IP address.
    • Context – enter from-internal context

    Proceed to the Advanced tab:

    • Qualify Frequency – enter 60. This is the delay (in seconds) between the keep-alive messages being sent to check the trunk’s state.
    • From Domain – enter your CUCM IP address.

    Click Submit and then Apply Config.

    As the final step, you should configure call routing for this trunk.

    The end-of-life for Cisco TMS in 2018?

    Guys, I bet we'll hear the end-of-sale and end-of-life announcement for Cisco TelePresence Management Suite till the end of 2018. Here's the thing…

    • CMS (former Acano) has nothing to do with TMS.

      When Cisco acquired Tandberg back in 2010 TMS (former Tandberg Management Suite) and hardware Cisco MCU (former Tandberg MCU) were inseparable components of a single unified offer.

      In 2014 Cisco introduced the virtual offer "Telepresence Servers + Conductor" which was replaced by CMS offer after the acquisition of Acano. So Cisco Meeting Server is a completely different platform that has nothing to do with the obsolete TMS.

    • Video endpoints don't need TMS.

      Again, Tandberg video-conferencing worked on its own having video endpoints registered to TMS. But later the registration and provisioning functions were transferred to Cisco UCM.

    • TMS conference control center doesn't support CMS.

      And it's not going to change. Instead, Cisco is developing a new software to control meetings.

    So, seems like the only important TMS feature left is the meeting scheduler, but….

    • Meeting schedulers are dying.

      For years we used special applications to schedule upcoming conferences and reserve the necessary volume of ports on the conference bridge. But the world is moving to the new paradigm of "personal meeting rooms" – personal, persistent and secure. Cisco supports this model for both audio meetings (the CUCM "Conference Now" feature) and video conferences (CMS). The Cisco Meeting Server licensing is not even based on "ports".

    So, IMHO, TMS doesn't have much time left. Cisco will continue offering video-endpoints (both software and hardware) with the registration to CUCM, Cisco Meeting Server acting as conference bridge and XYZ application they're developing to kill the Cisco Meeting App.

    Those who need more (like meeting scheduling app, integration to some enterprise software etc) are welcome to use the CMS API which is great thanks to Acano legacy.

    How to clean out the CUCM HDD common partition

    As you go through RTMP logs on a Call Manager server, sometimes you can come across a critical warning of the following type: LogPartitionLowWaterMarkExceeded.

    Despite the critical status, in most cases this problem doesn't affect the system's functioning, but the disk overfill may interfere with some installation or upgrade.

    Common (log) partition is mostly filled with traces, CDRs and files from TFTP server. LogPartitionLowWaterMarkExceeded alarm is generated when the used disk space percentage in Log partition reaches the configured Low WaterMark value. This alarm should be taken as an early notification for an administrator to clean up the disk space. CUCM won't start an automated cleanup process until the High WaterMark value will be reached.

    To free some space in the Common partition, you can try to:

    • Reduce the values of LogPartitionLowWaterMarkExceeded to 40% and LogPartitionHighWaterMarkExceeded to 45%, restart "Cisco Log Partition Monitoring Tool" service and after 2-3 hours check whether the used space decreased;
    • Use RTMT Trace/Log Central to collect logs/traces with "Delete Collected Log Files from Server" option (for active and inactive partitions);
    • Delete the old unused files from the TFTP server (old phone software);
    • Use ciscocm.free_common_space_v1.1.cop.sgn – this file runs a script that deletes all files from an inactive Common partition. After using it you won't be able to switch CUCM version to the previous one.

    To reduce the partition usage, you can try to:

    • Deactivate Detail/Debug trace level;
    • Reduce the number of trace files to be stored;
    • For CDR: reduce the High Water Mark, reduce the occupied disk space, reduce the number of preservation days.

    How to clear the hung calls on CUBE

    There are different reasons that can cause call getting hung on CUBE. It was noticed that the calls get hung more often in case of a sudden loss of connection. They have an "incomplete" state, having one or two call legs.

    cube#show call active voice compact
    A/O FAX T Codec type Peer Address IP R:
    Total call-legs: 2
    126523 ANS T74411 g711ulaw VOIP P79033956416 188.234.136.49:18724
    126524 ORG T74411 g711ulaw VOIP P3500 172.16.127.50:21284

    To go into the details:
    show sip calls

    Now delete the call:
    clear call voice causecode 17 calling-number 79033956416

    Auto attendant implementation based on Cisco solutions

    When we call almost any company, we usually can hear a sweet (or not so sweet) voice naming the company we have reached and asking us to perform certain actions. That means we’ve reached an automated attendant. An auto attendant (AA) usually is the simplest form of Interactive Voice Response (IVR) system that allows you to enter the extension number, leave a voice message, send a fax, or connect to a secretary.

    In this article I'd like to introduce you to the possible implementations of an auto attendant based on Cisco solutions. There are at least four of them, and people often ask what exactly this feature should be implemented on while deploying Cisco unified communication solutions. Let's go through the advantages and disadvantages of each of them.

    1. Developing or using existing TCL and VXML scripts

    This is a software-only solution. The required features are built into Cisco IOS. The solution is supported on routers with Unified Communications (UC) features enabled. There are many examples of IVR scripts for Cisco equipment.

    The advantages of this solution are the following:

    • No hardware needed, except for a Cisco router with UC features.
    • A long line of supported platforms:1861, 2800, 3800, 2900, 3900, 4000, AS5000.
    • You can create a script implementing any algorithm you need — branching, submenu, multiple languages, working/nonworking hours, etc. It supports integration with speech recognition and synthesis systems (ASR, TTS) and much more.
    • This solution has the largest number of supported codecs for greetings in case you use VXML. There's another supported feature that is almost never used: greetings created with different codecs can be combined inside one application.
    • Direct access to the gateway and its resources. For example, you can detect fax tone during an incoming call and switch over to a fax straightaway, or find out (with some probability) who answers the phone during an outbound call: a human or an auto attendant.
    • VXML is an open standard widely supported by VoIP solution developers (Audiocodes, Huawei, D-Link, Digium).
    • There already exists quite a functional Cisco script based on TCL: Basic automatic call distribution (B-ACD) and auto-attendant (AA) service.


    If its algorithm is suitable to you, take it, set it up and use.

    The disadvantages of this solution:

    • If you are using TCL, you need programming skills and knowledge of Cisco Voice Gateway API (VGAPI). For VXML, the threshold of programming skills is way lower, especially if you are already familiar with XML, and knowledge of Cisco VGAPI is not required.
    • Cisco IOS doesn't use transcoder for the calls processed by TCL applications, so you have to use the same voice codec for the application input and output both.
    • Relatively low scalability: from 7 (2800 series) to 360 (AS5400XM) simultaneous sessions (calls).
    • No fault tolerance.
    • Cisco IOS Voice XML Browser licensing limits the number of simultaneous calls (the price* for one session FL-VXML-1 = $150, for 12 sessions FL-VXML-12 = $1440). FL-VXML license type is Right to Use, which means that you only get a document on usage rights, without any serial numbers and activation codes ("honor based";).

    * all the prices in this article are from Cisco GPL

    This solution is suitable for minor load (small number of simultaneous calls) and can be integrated with any PBX (not only Cisco).

    2. Using Cisco Unity Express (CUE)

    This version is implemented as a module (for example, SM-SRE-700-K9) for the following Cisco router series: 1861, 2800, 2900, 3800, 3900. IVR script can be created in Cisco Unified Communications Express Editor. This solution is quite functional, and the process of script creation is pretty much similar to the old UCCX-based solution that will be analysed below. Cisco Unity Express can be integrated with Cisco Unified Communications Manager and Cisco Unified Communications Manager Express, and it also can work as an auto attendant in standalone mode.

    The advantages of this solution are the following:

    • A handy web-interface Cisco Unity Express — Administration.
    • A rich feature set.
    • Convenient scheduling with holidays.


    • IVR script development in Cisco Unified Communications Express Editor is quite simple and similar to visual programming with moving the required blocks around and configuring their properties.


    • There is a web-editor for scripts that's even more simple: Editor Express. It supports basic actions:


    • There are built-in system phrases in multiple languages, as well as a ready-to-use auto attendant script (aa.aef).
    • Cisco Unity Express is a voice mail server, so in addition to the auto attendant features, CUE deployment also provides voice mail features for a router.

    The disadvantages of this solution:

    • Low scalability. A hard limit on the number of sessions (10 for ISM-SRE-300-K9 and 32 for SM-SRE-700 — SM-SRE-910).
    • The only supported codec for greetings is G.711 u-law.
    • No fault tolerance.
    • Setup, configuration and integration are required.
    • Prices for the module and for the licenses for voice ports (simultaneous calls):
      • The module itself: for example, ISM-SRE-300-K9=$1000, including a non-portable license for 2 voice ports FL-CUE-NR-PORT-2.
      • License for 5 mailboxes: FL-CUE-MBX-5=$100.
      • License for 2 additional voice ports: FL-CUE-PORT-2=$500.
      • License for IVR voice ports: FL-CUE-IVR-2=$1400 (it is only necessary if you use advanced IVR features, such as sending emails and faxes, accessing external databases, running VXML scripts inside of CUE IVR scripts, etc.).

    This solution is the most suitable one for the companies that use Cisco Unified Communications Manager Express for PBX, or for branch offices, if the head office uses Cisco Unified Communications Manager for PBX and fault tolerance for the branch offices is being ensured by Cisco Unified Survivable Remote Site Telephony (SRST). Like the TCL/VXML variant, this solution can also be integrated with any PBX as a standalone auto secretary.

    3. Using Cisco Unity Connection (CUC)

    This solution is a voice mail server. It should be deployed on a separate virtual machine. Two VMs with CUC can be united into a fault tolerant cluster. CUC tools allow you to implement auto attendant logic. There are also built-in call handlers.

    The advantages of this solution are the following:

    • High scalability and fault tolerance — up to 250 simultaneous sessions (calls) for a single server, up to 500 in an active/active cluster.
    • Relatively large set of supported codecs (G.711 a/u-law, G.722, G.729, iLBC) and built-in transcoding tools. It's worth noticing that transcoding is always performed in CUC.
    • Convenient scheduling with holidays.
    • Built-in ASR and TTS in multiple languages.
    • Cisco Unity Connection is a voice mail server, so in addition to the auto attendant CUC deployment enables voice mail features in a VoIP system.
    • Integration with third-party (non-Cisco) PBX is possible.

    The disadvantages of this solution:

    • Poor functionality. Auto attendant utilizes built-in default handlers, so you can only implement limited functionality.
    • Built-in phrases (e.g. "called party is busy";) can't be replaced.
    • Setup, configuration and integration are required.
    • License price for one voice mail user (mailbox): UNITYCN11-STD-USR=$78.75

    This solution is suitable for companies that need a heavy load (in terms of the number of simultaneous calls) and fault tolerance.

    4. Based on a contact center (Cisco Unified Contact Center Express or Cisco Unified Contact Center Enterprise)

    This is the most functional and flexible solution. UCCX, as well as CUC, should be deployed on a separate virtual machine. Two VMs can be integrated to create a fault tolerant cluster. You only need to configure IP IVR features to set up an auto attendant. You can create an IVR script in Cisco Unified CCX Editor. UCCX should be integrated with Cisco Unified Communications Manager. The number of simultaneous sessions is limited by the virtual server capacity (VM template) and the number of acquired licenses.

    The advantages of this solution are the following:

    • High scalability and fault tolerance.
    • Support of the most widely used codecs G.711 a/u-law, G.729.
    • Rich feature set.
    • Management web interface: Cisco Unified CCX Administration.
    • Developing an IVR script in Cisco Unified CCX Editor is relatively easy and resembles visual programming.


    • Built-in system phrases in multiple languages and a ready-to-use auto attendant script (aa.aef).

    The disadvantages of this solution:

    • Setup, configuration and integration are required.
    • Price of the solution: minimal promo set of 5 contact center agents (operators) and 100 voice ports (simultaneous calls): $1044.75

    UCCX is a full-blown contact center that supports progressive contact center building technologies, so using it only to create an auto attendant is like using a sledge-hammer to crack a nut. This solution is for companies with high demands on functionality, performance and reliability.

    We have examined different means of auto attendant creation. The choice in many respects depends on the solution that is being used or deployed (CUCMe, CUCM, BE6K or a third-party PBX), and on the functionality, performance and reliability requirements.

    Conclusion

    The most simple choice is an IVR based on TCL/VXML, and the most functional and productive choice — based on Cisco Unified Contact Center Express/Enterprise.

    Cisco Unity Connection solution undeservedly often gets ignored. Usually Cisco Unity Connection comes with acquired licenses on Cisco unified communication products (for example, it comes with UWL licenses, as well as with Cisco Business Edition family). In this case, auto attendant implementation won't require any additional purchases.

    Cisco Unity Express solution helps you to reduce (comparing to the TCL/VXML-based solution) the call processing load on the router. It takes the middle position between IOS scripting solutions and standalone server solutions. It is quite simple and handy, suitable for creating an auto attendant by the company's IT department, as it has a simple built-in web-editor for scripts with basic actions.

    There are also auto attendant solutions for Cisco VoIP systems integrated with third party software, but that's another story.

    SIP gateway monitoring. SIP Trunk. CUBE.

    This article is about practical monitoring that helps answering such questions as call activity, the calls passing through a trunk, etc.

    Call activity on CUBE

    • Active calls:
          show call active voice compact
    • The active calls summary by the number of call legs:
          show call active voice summary
    • Recent calls:
          show call history voice compact

    Call activity on CUBE from the point of view of CUCM

    You can view the CUBE load in CAR:
    https://cucm_ip:8443/car
    Proceed to: Device Reports -> Trunk -> Utilization
    Find your trunk and specify the report.
    This report can only give you the notion about the trunk load in general, without any details.

    Monitoring CUBE activity through SNMP

    This is a very useful feature that allows you to perform online monitoring without any commands and reports. You can monitor the calls and connections through SNMP and view this information in PRTG. The most useful MIB is:
    CISCO-VOICE-DIAL-CONTROL-MIB
    We are interested in the following OIDs here:

    • CISCO-VOICE-DIAL-CONTROL-MIB/cv call volume/cv call vol conn total active connections
    • CISCO-VOICE-DIAL-CONTROL-MIB/cv call vol if: Loopback0/cv call vol media incoming calls
    • CISCO-VOICE-DIAL-CONTROL-MIB/cv call vol if: Loopback0/cv call vol media outgoing calls

    Loopback0 is an inside interface on which all internal dial peers are bound, for example, like this:

    dial-peer voice 500124 voip
    description internal to CUCM
    preference 3
    destination-pattern [1-4]...
    session protocol sipv2
    session target ipv4:10.190.65.12
    voice-class codec 1
    voice-class sip bind control source-interface Loopback0
    voice-class sip bind media source-interface Loopback0
    dtmf-relay rtp-nte
    ip qos dscp cs3 signaling
    no vad

    Directory numbers in trunk calls

    Suppose that after PRTG monitoring a call activity surge aroused our interest. There are two ways to know what subscribers took part in it:

    • RTMT
      Proceed to: Call Manager -> Call Process -> Session Trace
      Here we can specify the time period and determine the gateway we are interested in using Called Named Device field.
      Session Trace is useful for obtaining up-to-date information on all the calls in cluster nearly in real time.
    • CDR
      And, of course, we always can get the information on the calls from a CDR file.
      - Log in to Cisco Unified CallManager CAR interface: https://:8443/car/
      - CDR > Export CDR/CMR
      - Select the time period and click Export to file.
      - On the next screen you can download the file.
      - Then open the file in MS Excel to analyze it.
      For your convenience you should do the following:
      - Select the first line (legend), then in MS Excel menu click Data -> Filter -> AutoFilter, and then Format -> Column -> AutoFit.

    The fields of interest are:
    origDeviceName
    destDeviceName
    You can also find the trunk by its name.

    You can find the field descriptions here: Cisco Call Detail Records Field Descriptions

    Notice the date and time format in dateTimeOrigination field. This is the number of seconds beginning from the midnight (00:00:00) of January 1, 1970. To make this readable, you can insert a column, format it as Date and use the following formula: =((E2 + 14400) / 86400) + 25569.

    CUCM Traces Analysis: CUCM Architecture

    This is another guest post that we find quite useful for our readers. The author discusses briefly the CUCM architecture in order to understand better the CUCM traces.

    CUCM is a C++ application working on the Red Hat Linux OS.

    There are SDL (Signal Distribution Layer) processes within the application interacting with each other. Some of these objects exist permanently while some of them are being created and destroyed as needed.

    All SDL processes can be classified into several logical layers:

    • Feature Layer
    • Call Control Layer
    • Media Control Layer
    • Device Layer

    As the figure shows, there also are Aggregator Layer and Link Layer. For the purpose of this article we'll consider the first one as a part of the Call Control Layer. The Link Layer is responsible for network interaction on TCP/UDP level, which isn't our concern here.

    CUCM Process Classification

    Let's explain the CUCM process classification by the example of the Feature Layer.

    • Parent Processes live in the system permanently. They are being created at the Call Manager application launch. These processes are: Transfer Manager, Forward Manager, Conference Manager, Recording Manager. They are responsible for ALL conferences and transfers in the system.
    • Child Processes are being created during a certain operation. For example, the Forward operation creates a Forwarding sub-process that lives until the transfer is over (then this process will be destroyed).

    Device Layer Processes

    • Edge Processes. are responsible for signaling protocols. These processes are Parent Processes and each of them exists in a single copy on each node. For example, if we have 50 SCCP phones, then all of them will interact with a single StationInit process.
      • StationInit (SCCP)
      • SIPHandler (SIP)
      • H225Handler (H323)
      • MgcpHandler (MGCP)
      • MgcpBhHandler (MGCP PRI)
    • Control Processes exist in several instances. For example, for each registered SCCP phone a separate StationD process will be created that controls this phone. So, there will be 50 StationD processes created for 50 phones.
      • SipStationD
      • SIPD
      • StationD

    If there are 20 SIP phones, then one SipHandler process, an intermediate SipStationInit process and 20 SipStationD processes will be created on the node. SIPD processes are used for SIP Trunks (one for each trunk).

    Now let's look into what happens when a user picks up the phone:

    The phone transmits a message to CUCM, and then the following events occur: StationInit transmits a message to the phone StationD process. StationD creates StationCdpc process. StationCdpc process is responsible for a single call from a certain phone (CallDependent) and will be destroyed after the call is over.

    Similarly, if the phone is turned off and its registration is lost, its StationD process will be destroyed.

    Call Control Layer Processes

    Call Control layer processes come into play to process the dialed phone number. These processes take part in establishing the call and handling it:

    • Call Control (CC) is responsible for all the calls passing through the CUCM node (1 process for a node).
    • Call Dependent Call Control (CdCc) is responsible for a single call. Every new call creates a new process.
    • DA - Digit Analysis: here all the translations are being performed, the corresponding CSS and Partitions applied, and the destination for a particular call to be routed to is being defined.
    • Device Manager (DM) – contains the tables with all the devices connected to a CUCM cluster (phones, trunks, gateways, route lists). DM makes it possible to define where the call should be physically routed.
    • Line Control process is responsible for all the DNs registered in the system.

    Let's look into how a call is handled, step by step:

    Call Control (CC) creates a separate Call Dependent Call Control (CdCc) process for the call. The dialed digits are passed to this process.

    CdCc passes the numbers to DA for the necessary translations to be performed and the privileges to be defined for this call.

    Then the call is passed to the Device Manager (DM) which determines the device the call should be transferred to.

    The information from the DM is sent back to DA and then to CDCC.

    Then the call establishment will begin (CcSetupReq) and the end device will be chosen through the RouteListControl > RoutelistCdrc chain.

    Notice the Line Control process here – it is responsible for all the DNs registered.

    So, the phone starts ringing, the user picks it up, and the next step is setting up a media or RTP stream. Now we're moving one layer lower and pass the call to the Media Layer.

    Media Layer Processes

    As we have already mentioned, this layer hosts the processes that are responsible RTP streams.

    There are permanent processes: ConnectionManager and MediaCoordinator.

    And there are MediaManager and MediaExchange processes are being created and destroyed along with the calls. They are responsible for all the call parameters - DTMF, codecs etc.

    There are also Int processes - interfaces that interact with the devices directly. These processes are responsible for the interaction between the Media Layer and Device Layer: they pass the codecs, IP addresses, ports, etc., to the devices.

    Codec mismatch

    When the "codec mismatch" happens the MediaManager and MediaExchage processes define the transcoder to be used. Then the separate MediaExchange (MX) process is created to ensure the connection between the first phone and the transcoder and between the transcoder and the second phone.

    After the call is over, all the processes will be destroyed, except for ConnectionManager and MediaCoordinator.

    Process Identifier (PID)

    Each process in SDI and SDL Traces is marked in a certain way:

    Process Type is the process type identifier (37 for a StationD process)

    Process Instance is the process ID. In this case "50" means there are at least 50 phones registered, and the current phone is the 50th. This value is always equal to 1 for Parent Processes.

    CUCM Architecture Summarized

    Suppose that the phone A is calling the phone B.

    • The Device Layer hosts the StationD and StationCdpc processes that are responsible for the interaction with the phone directly.
    • After the handset is picked up (the Device Layer process this), the call info is being passed to the Call Control Layer where the Digit Analysis is located. Here all the translations are being performed and the corresponding CSS and Partitions applied to identify the destination the call. At the same time a request to the Feature Layer will be sent to transfer the call to user B.
    • The Call Control Layer passes a message to the Device Layer - this time to the phone B process. Phone B rings.
    • Phone B is picked up and the Media set up begins. To define the codec the Connection Manager and the Media Coordinator create Media Manager and Media Exchange processes that will interact with the phones through Interfaces.
    • The conversation begins.

    Configuring CUCM Single Number Reach feature

    This article is about configuring Single Number Reach (aka Mobile Connect) feature in Cisco Unified Communications Manager (CUCM).

    When you receive an incoming call on an extension number in a cluster, the Single Number Reach (SNR) enables rerouting the call not only to a DN, but also to a remote number. For example, that can be an employee's cell phone. If needed, you can configure rerouting to a group of remote numbers that belong to an employee.

    This explains the name of this feature: Single Number Reach. After you dial the employee's extension number, you can reach this employee even if he or she is not in office. The SNR enables call routing to a specified group of numbers, so a subscriber can answer any of them.

    Let's have a look at how SNR (Mobile Connect) actually works.

    Let's assume that the subscriber with the number 479-555-15-55 dials the number 151-15-55-2001. The call is routed to a voice gateway and then to a CUCM cluster. Suppose that the last 4 digits of a public number correspond to an employee's extension number. After that the phone with the extension number 2001 will ring. Besides, if the number has the SNR feature configured, the call will be redirected to another number as well, for example, to the employee's cell phone number 408-555-10-01.

    Basically, Mobile Connect provides functionality similar to Shared Line. The difference is that in this case a shared line is organized between an office phone and some remote device that isn't necessary in a cluster, not between the phones within a cluster.

    The figure below illustrates this configuration:

    On this figure you can see that Mobile Connect creates a shared line between an office phone and a Remote Destination Profile (RDP). RDP reflects remote numbers in CUCM configuration. You can bind several Remote Destination numbers to a single DN using RDP. Note that Remote Destination Profile and Remote Destination are essential parts of Mobile Connect. Apart from them we'll also use the following entities: User, IP phone, Softkeys, Access list.

    The User entity defines an end user registered in CUCM with Mobile Connect features enabled. Generally, the most important thing in CUCM is a user, not a device, because the services are provided to people, not to devices. That's why in the system a user is associated with an office phone and RDP.

    Next, IP phone and Softkeys. A phone has to be associated with a certain user. The Mobile softkey provides an employee with an opportunity to redirect an active call to an office phone, if this call is coming to a cell phone. To add the Mobile button to the phone interface in on-hook mode, you'll need a Softkey Template.

    Access list enables filtering incoming calls by the caller's phone number. This feature isn't necessary, but it can be handy. At first an Access list is created in the configuration parameters and then it is bound to a certain RDP.

    Configuring Mobile Connect is relatively easy. First of all, you should create an End User that will be the center of all the system logic. There are several ways to create a user, but in any case the Enable Mobility option should be checked, as the figures show.

    Here you can also define a limit for the quantity of remote phone numbers associated with this user. After that you should associate the user with the office phone number that he or she uses. For that purpose you can use Owner User ID in the phone parameters.

    Now you can configure the entities that are essential for Mobile Connect. At first, you should create a Remote Destination Profile. To do this, proceed to Device -> Device Settings -> Remote Destination Profile.

    You must specify the same End User (User ID field). Note the Rerouting Calling Search Space field. Here you can specify CSS that will be used for outgoing calls to Remote Destination numbers while processing an incoming call to an office phone. This CSS will ensure Route Pattern availability while routing an outgoing call to a Remote Destination.

    Please save the RDP information. After that you'll be able to create lines. Specify the number used on the office phone that should have the calls redirected via Mobile Connect as one of the lines.

    Follow the "Add a New Remote Destination" link. The Remote Destination Configuration form will appear.

    Let's have a look at the parameters we can specify. "Answer Too Soon Timer" defines the minimal time for a call to be transmitted to a Remote Destination before the user answers. This parameter helps to prevent the call from being sent to voice mail when the user's cell phone is switched off or out of coverage area. "Answer Too Late Timer" defines the maximum response timeout for a call to a Remote Destination. "Delay Before Ringing Timer" defines the delay before the CUCM redirects an incoming call to a Remote Destination. All these parameters are specified in milliseconds. It is necessary to set the Line Association mark for the number that will be associated with a remote number. It is also necessary to switch the Enable Mobile Connect option on. The Mobile Connect option enables redirecting an active incoming call from a mobile phone to a landline office phone by clicking the Mobility button on the office phone.

    If needed, use the Access List Configuration to configure the filtering for the calls to a Remote Destination. To do this, proceed to the menu: Call Routing -> Class of Control -> Access List. Select the access list type: blacklist or whitelist (Blocked or Allowed). Then use the Add Member button to fill the list with the corresponding numbers.

    Now you should bind the Access List on the Remote Destination Configuration page. You can select one of the following options: transmit the call to a remote device if the subscriber is on the list, or the opposite. You can also specify the Ring Schedule, which can permit redirecting calls to a remote number during the working hours only, for example.

    You should remember that if you configure both the schedule and call filtering, then the schedule will be checked first. So if the time is inappropriate, the access list won't be even checked.

    As you can see, configuring Single Number Reach presents no great difficulty. After you configure this feature, your employees will be able to accept incoming calls on the office phone numbers not only in the office, but on their mobile and home phones as well, no matter where the call is coming from.

    Video Chat – the Wrong Name for a Contact Center Channel

    Have you already seen the 2016 Global Contact Centre Benchmarking Report Summary by Dimension Data? Almost a third of contact centers plan to deploy the "Video Chat" channel within 1 year.

    I'll put my comments on this figure in the next post, but in this one I want to talk about the terminology. The thought I want to share today is this – the "Video Chat" is the completely wrong and obsolete name for the channel we're talking about.

    It's not about the "video" and it's not about the "chat", it's about Live Online Assistance. Now, a bit more in details…

    Where did the "Video Chat" came from?

    Back in the 2000s the contact center industry adopted the text chat technology that provides online assistance to users of a website. This software typically consists of a text box on the website and an operator console, which allows contact center agents to respond to the chat. There are several names used for this channel, like "live help", "live support" etc but the most useful ones are "live chat" or "web chat". This is where the "chat" came from.

    Now, what about the "video"? As far as I remember the "Video in Contact Center" topic was started about 4-5 years ago when several world leaders in communication solutions started making bets on business video. At the same time (in May 2011) Google released an opensource project for browser-based communication known as WebRTC.

    As it often happens, some vendors decided to merge these two hot trends to introduce the super-killer-feature. They failed because you cannot mix the text chat with voice communications in contact center (some agents speak well but have poor writing skills while the other ones are vice versa). But since then we have the "video chat" channel. And as I said earlier…

    …it's not about the "video" and it's not about the "chat"

    You can find a lot of marketing texts about the body language and the video increasing trust and confidence. Rubbish. The PURE video in contact center is still a solution looking for a problem (Dimension Data) and the technology that searches for relevance in the contact center (No Jitter).

    It's not about the chat either – you will hardly type something when you can say that (except rare text messages with credit card numbers, various IDs, emails, addresses etc).

    What really matters is the Live Online Assistance

    My point is that the most important part of the "video chat" are web-collaboration options like co-browsing, application and screen sharing, remote control. These are the features used in real life examples, like:

    • customer support
    • sales support
    • IT troubleshooting

    Can the videocall without the web-collaboration improve FCR? Or reduce the abandonment rate? Or minimize the channel escalation? Not sure.

    But, I can easily imagine:

    • an agent guiding a website visitor through the complex online process,
    • a sales person pushing product photos and videos to new client,
    • a consultant performing tech support with app sharing and remote control features.

    Bulk Change Cisco IP Phone Background Image

    The company my friend works for has changed its logo recently, so he was asked to update the logo on all the users' phones.

    In general, this is an easy task with the solution described in many places, but almost always that's a description of a manual update using a TFTP server.

    Besides that, there is a native Cisco utility Cisco Phone Designer that can be downloaded from the official site. It makes the process easier, but you still have to choose the phone and the picture manually, push the button and so on.

    What we needed to do is to update the picture on a large number of Cisco IP phones.

    There are third-party software products that provide this function but you can do it on your own.

    There is a great article here – http://www.netcraftsmen.com/pushing-backgrounds-to-a-cisco-ip-phone-using-xml/
    It gives an example of a script for doing this and we only had to modify this script a little.

    So, the solution was as follows...

    Requirements:
    PC with Windows OS and any web-server.
    Images that will be uploaded to the phones. Here you can find the image file parameters (file format and resolution, depending on the IP phone model).
    You will also need a text file with a list of IP addresses of the phones that should have the image updated.
    You'll have to sort the phones by model manually. You should run the script once for each model with the proper image file specified.

    The steps are:
    1. Enable personalization on all IP phones that should have the image updated. This can be done manually on each phone (Device->Phone->Phone Personalization = Enable), but it would be better to use the Common Phone Profile.
    2. You'll need an End user created in CUCM. The "Controlled devices" list of this user should contain all the phones that should have the image updated.
    3. Upload the image files to the web-server.
    4. Run the script with the following parameters:

    • File name of the list of Cisco IP phones
    • URL of the http server where the image files are located
    • Icon file name
    • Image file name
    • User name
    • Password

    5. Now the script is running in the background. You'll get a message when the process is over. The results will be available in a log file.

    Useful CUCM CLI SQL Queries for DN and CSS

    Recently I needed to collect the detailed information on Cisco IP phones, extension numbers, CSS and other parameters. The communication network was really huge but no inventory had been performed for years.

    Lots of phones and extension numbers with no common attributes. Actually, I was given the list of extensions for which I had to return the detailed info.

    This is where the CLI SQL Queries can hardly be underestimated. With CLI you can query the CUCM database directly. A query can be executed from the command line if you access the CUCM server via SSH.

    To execute the SQL query, run the following command:
    run sql <query body>

    For example:
    run sql select dnorpattern from numplan where dnorpattern like '1%'

    The result will contain all the directory numbers, route patterns and translation patterns beginning with "1".

    More examples:

    Show the DNs assigned to the phones on the list:
    run sql select n.dnorpattern as DN from device as d, numplan as n, devicenumplanmap as dnpm where dnpm.fkdevice =d.pkid and dnpm.fknumplan = n.pkid and d.tkclass = 1 and (d.name in ('SEP7C96F3C9ACDC' , 'SEPB8BEBA229A9E';))

    Show the CSS configured for the DNs on the list:
    run sql select css.name from numplan as np join callingsearchspace as css on np.fkcallingsearchspace_sharedlineappear=css.pkid where np.dnorpattern in ('6229' , '3118';)

    Check if the DNs on the list are members of any Line Groups:
    run sql select lg.name as LineGroup,n.dnorpattern,dhd.hlog from linegroup as lg inner join linegroupnumplanmap as lgmap on lgmap.fklinegroup=lg.pkid inner join numplan as n on lgmap.fknumplan = n.pkid inner join devicenumplanmap as dmap on dmap.fknumplan = n.pkid inner join device as d on dmap.fkdevice=d.pkid inner join devicehlogdynamic as dhd on dhd.fkdevice=d.pkid where n.dnorpattern in ('2480' , '1601';)

    Check if the DNs are members of any Call PickUp Groups and show that groups:
    run sql select np.dnorpattern, pg.name from pickupgrouplinemap as pgl join numplan as np on pgl.fknumplan_line=np.pkid join pickupgroup as pg on pg.pkid=pgl.fkpickupgroup where np.dnorpattern in ('' , '3118' , '5109';)

    Find out if there is a line assigned to a phone and if the line has an External Phone Number Mask configured:
    run sql select dnpm.e164mask as EPNM from devicenumplanmap as dnpm join device as d on dnpm.fkdevice=d.pkid where d.name in ( 'SEP1CAA07E2060D' , 'SEPF07F06B8D6B2';)

    You can obtain the information as well as modify the data in the database. For example, you can modify the device description:
    run sql update device set description = 'MARK_PHONE' where name in ('SEPD8CB8A379237', 'SEP80E86F23F5E7';)

    This list of examples can go on endlessly. Actually, the direct access to the database is a tool of almost unlimited flexibility, suitable for obtaining information and making massive data changes.

    LinkedIn as a Global Directory for Skype?

    Satya Nadella and Jeff Weiner on Microsoft Acquiring LinkedIn Satya Nadella and Jeff Weiner on Microsoft Acquiring LinkedIn

    The LinkedIn acquisition by Microsoft opens up the endless possibilities for speculations for the IT world including collaboration experts and I can't stop myself from sharing my thoughts.

    LinkedIn – over 430 million accounts (see more facts below).

    Skype – over 300 million of active users (see more facts below).

    Just imagine that each LinkedIn account is matched to a Skype user. Its gonna be the whole new collaboration universe for professional with LinkedIn as a global directory for Skype and Skype as a collaboration tool for LinkedIn members.

    You’ll be able to share your presence status to your network. LinkedIn messaging will be substituted by Skype chat, which can be escalated to video call, and then to conference call.

    You will have the ability to make impromptu calls to your network and even to those you’re not connected to (of course after the approval of some sort). For example… a service team rep may send a call request to the client who has posted a complaining message in the LinkedIn group, a recruiter may call the candidate he is interested in, and so on.

    Some features will be available for all, another one will likely be part of the paid Premium offering as one of the ways to monetize the acquisition.

    LinkedIn facts:

    • 433,000,000+ registered members;
    • Over 200 countries and territories;
    • Revenue: $2.99 billion;
    • Net income: $166 million;
    • LinkedIn Common Stock: $190.80 (June 20, 2016);
    • Employees: 9,732 (March 2016);
    • Founded: December 14, 2002; 13 years ago;
    • Headquarters: Mountain View, California, U.S.

    Skype facts:

    • Active users: 300,000,000+;
    • Initial release: 29 August 2003; 12 years ago;
    • Type: Videoconferencing, VoIP and Instant messaging;
    • Available in 38 languages.

    The Updated Paging Solution for Cisco UCM Reaches Anyone, Anywhere

    The new Aurus PhoneUP 3.11, the bundle of apps for Cisco UCM, is released this week! Congrats to the R&D team!

    As for me, the main killer feature of the new version is the integration of its Paging module with our Outbound solution. Finally, we can offer a paging solution that reaches employees wherever they are.

    See how it works:

    1. When a new message (text, audio or hybrid) is sent to the predefined group of employees, it first goes to their Cisco IP phones. Every IP phone of the group plays the audio alert, shows the text message on its display and plays the audio message through the speakerphone.

    2. Then the message waits for the employee to confirm the receipt with one of the following methods:

    • pressing the “Confirmed” soft button on the IP phone;
    • entering the PIN code on the IP phone;
    • recording the voice confirmation with the IP phone;

    3. Those employees who have not acknowledged the receipt are sent to Aurus Outbound along with the message content.

    4. Aurus Outbound starts the pre-configured “voice drop” outbound campaign to call each employee and play the audio message.

    5. After listening to the message employees confirm the receipt by sending a DTMF code or recording the voice message.

    6. Once the outbound campaign is over, the PhoneUP generates the combined report and sends it to the message originator by email.

    There is a number of ways you can leverage such a notification system:

    • an intruder has been identified in the building;
    • severe weather is approaching;
    • production line stops;
    • emergency calls;
    • ad hoc conference calls notifications;
    • shift changes;
    • upcoming IT system shutdown.

    You’re welcome to try our new products in your lab. We’ll provide the demo licenses, docs, install video guides and tech support.

    Cisco Jabber vs Spark and Acano - The Steadfast Tin Soldier

    For several years Jabber has been the Cisco's UC answer to Microsoft. A little bit late but still successful one. But in 2015 Cisco gave birth to two Jabber's cousins:

         1) in the beginning of 2015 Cisco announces Cisco Spark
         2) in the end of 2015 Cisco acquired Acano

    Both Spark and Acano projects have its own clients for collaboration, so this is a fruitful theme for speculation on which product will supersede/swallow another one.

    Cisco Spark vs Jabber

    Spark is the real Cisco vision for collaboration that fits the Trollope's vision for, so called, Workstream Communications and Collaboration (WCC).

    WCC is considered as a new form of communication that comes up to take the UC's place. WCC tools include asynchronous messaging, real-time voice and video, content and context. Most of leading vendors in enterprise communication world jumped in this WCC train almost simultaneously – Cisco (Spark), Interactive Intelligence (PureCloud), Mitel (MiTeam), Unify (Circuit), Avaya (Zang) just to name a few.

    But is it going to replace Jabber? Nope. And the reasons are:

    • Cisco Jabber has a large customer base, which would be easier to continue to support rather than to transition to another app;
    • Spark is a pure cloud solution which may not appeal to some verticals where everything has to be on premise;
    • the UC transition to WCC is not going to be a quick one, and until it isn't over Cisco still needs to compete with Microsoft.

    So, I think for the next several years there will still be two clients – Jabber for traditional presence bubbles, buddy list, UC integration and Spark for team collaboration, workflow, persistence etc.

    Currently there are business cases for both solutions even to be running simultaneously at the same company.

    Acano vs Cisco Jabber

    The Steadfast Tin SoldierAcano, acquired by Cisco in Nov 2015, is the best known of its truly interoperable video/audio bridge. On my opinion, this bridge was the primary Cisco's target and Acano is going to replace Cisco Telepresence Server and Conductor in Cisco's business video offering.

    But besides the server component Acano provides the client app with contacts (no buddy list though), presence, very good persistent group chats, workflow and some other useful things. And that makes it another threat for Cisco Jabber.

    Still I think Jabber will stand, because the primary task will be to digest the Acano's bridge, not the client. For example:

    • Cisco Telepresence Server replacement;
    • integration with Cisco Spark to power it with interop video meetings;
    • probably, integration with Cisco Webex.

    So, my prediction is we'll live with Cisco Jabber and Spark and Acano at least until the next decade. Then all the platforms will be merged as well as client applications.

    Co-Browsing in the Contact Center – the Details Matter

    The new version of Aurus RichCall product provides the co-browsing option that allows contact center agent to see the client's browser window (while talking with him on phone) and use the "pointer" to instruct him on what to do. This allows agent to better understand the context of the client's issue and solve it appropriately.

    Before starting the co-browsing development we interviewed our clients interested in this option to analyze their business cases and develop exactly those features needed to fit their requirements.

    You may be interested in learning what real clients want from the co-browsing option. Below are some of the requirements that we had to meet.

    No Downloads

    Of course no downloads for the customer. The client must be able to start the co-browsing session instantly. No apps, no Java, no browser plug-ins.

    Client Controls the Action

    Service reps should not be able to make mouse clicks or keyboard entries in the client's browser. The agent must have the ability to see what happens and point (see "The Pointer" below) the client what to do but not to interact with him on the same page.

    The "Pointer"

    Though the agent cannot interfere with customer actions, he must be able to draw the customer attention to certain areas of the page:

    • "Please click this button..."
    • "Here is the section with the info you need…"

    We call it "the Pointer" tool – an arrow that appears in the customer browser on top of the main content.

    Secure Pages Support

    The co-browsing session must support secure pages (the ones that require client's login). When we interviewed our clients, only two of them reported their need to guide visitors around public pages to help them find products or other public info. The rest want to support their clients in working with the secure online self-service tools, which require user's authentication.

    Starting the Co-Browsing Session by Code

    The client is not required to make an online call, or to be in a chat with the agent to start the co-browsing session. Even if the client has made a regular phone call to the contact center, he must be able to enhance it with the co-browsing session if (and when) he needs it. With Aurus RichCall the agent may generate the unique 5-digits code and say it to the client who then uses it to initiate the co-browsing.

    Mobile Browser Support

    The co-browsing feature should support mobile browsers and provide the same functionality ("pointer", secure pages support etc).

    Video in Contact Center – Why? For Whom? How?

    According to the "Global Contact Center Benchmarking Report 2015" by Dimension Data the number of video-enabled contact centers is going to rise threefold in 2016.

    Who adds video-channel to the contact center and why? Guys from Aurus, a software vendor offering video chat solution for contact centers, shared with me some info about their customers.

    The first question they ask everyone asking to try their software is "Why?". So, the stats is:

    Now, in details…

    Video to improve the company's image

    One of ten companies interested in video channel is going to enable video call service on their website as a part of the company's image building. By doing this they send messages like:

    • "We're a modern company and we follow the trends in the client servicing. So you can be sure our products are also built with top-notch technologies."
    • "We're rich enough to equip our contact center with special workplaces and hire good-looking contact center agents. So you can trust us."

    Sometime video call is only available for VIP clients and then the message is "We really value you and your money".

    These companies pay a lot of attention to the client interface - high-quality video of the agent, branded UI and so on.

    Video to higher sales

    This is where video becomes optional and may be replaced with a good photo of the agent, but the features that come to the fore are:

    • co-browsing – to help the client find the right info on the website and assist him with the payment process,
    • pushing product images and videos – to convince the customer to buy,
    • text chat – to provide the client with product spec, shop addresses, agreement templates etc.

    The important note is that this approach only works when the products are quite unique and the company is ready to spend as much time as required to get a new client. For example, you can talk as much as needed about your jewelry or sofa or car to persuade the client to buy. But you cannot afford that if you're, say, a travel agency – you won't spend half an hour talking about your offer to Bora Bora, knowing that after you finish the customer will start surfing the net for the cheapest option.

    Video for better support

    Yeh, this is the leader of "live assist" use cases. The video is not required at all and web-collaboration features become critical ones:

    • text chat supporting images and files,
    • co-browsing that works in those spaces that require user authentication,
    • app sharing with annotations,
    • screen snap shots,
    • mobile SDK (remember the Amazon MayDay hype?).

    Providing remote experts with the web-collaboration tools may significantly improve the time to resolution indicator.

    Another important feature is the ability to add the web-collaboration session on the fly to any phone initiated customer support call. This increases the first call resolution rate.

    Cisco UCCX Wallboard/Dashboard Vendor List

    Do you manage a Cisco Contact Center? Are you looking for a solution to get a more detailed second by second view of what is happening?

    Wallboard solutions enable you to monitor your contact center activity and performance in real-time displaying calling stats, KPI info and goals against actuals. Depending on the dashboard’s purpose it may contain calls waiting, average waiting time, calls answered/dropped/abandoned, longest/average waiting time, abandon rate and lots of other indicators.

    Wallboard is also an excellent way to communicate with your contact center staff – supervisors may push text messages to inform agents about important events and changes.

    Most of wallboards/dashboards for Cisco UCCX / UCCE are developed by 3rd party software vendors, most of them are Cisco Solution partners.

    So here is the list…

    1. 2Ring DASHBOARDS & WALLBOARDS is a solution for calculating & displaying real-time data in contact centers. For every team, create a unique layout with KPIs based on contact center, ERP or ticketing system data, pictures, message tickers / marquees, youtube videos, flash and web content, and even PowerPoint slides.

    2Ring DASHBOARDS & WALLBOARD

    2. Comstice has a great Wallboard. It shows real time stats and has different views to show: box view/ agent states/ dashboard view/ team view. And, it offers Team Voicemail.

    Comstice Wallboard

    3. Inova Contact Center Digital Signage delivers key performance metrics and important business information, along with rich, multimedia content on crystal-clear, high-definition monitors that keep your team motivated, informed and empowered to better serve your customers.

    Call data awareness = agent empowerment = higher customer sat

    Inova Contact Center Digital Signage

    4. Atea Systems UCCX Agent State Wallboard (UAW) allows organizations to concurrently display many different views of customer configured real time data for UCCX queues and agents on any browser capable device.

    Easy config, many different views!

    Atea Systems Wallboard

    5. ccInfo is a powerful wallboard application for customer contact centers to visually aid supervisors and agents with real-time statistics on call traffic and handling.

    CcInfo Wallboard

    6. Tenox Wallboard – free Wallboard for Cisco Unified Contact Center Express (UCCX/CCX).

    It's a small .exe, is simple to set up, and can work with the old Windows platform or the new Linux/Informix combination in UCCX8.0 plus.

    Tenox Wallboard

    7. Inova Solutions Dashboards and Wallboards is a real-time reporting solutions that deliver critical metrics to your team via customized views for wallboards, dashboards and mobile devices. Inova real-time performance management solutions provide consolidated reporting across multiple systems through customized wallboards and readerboards, multimedia digital displays, web-based dashboards and desktop applications.

    Inova Solutions Wallboard

    Configuring Cisco Jabber 11 for iOS and Android Mobile Devices

    If we have Cisco IM and Presence server and Cisco UCM in our corporate environment, as well as unhandy wi-fi Cisco 7925 telephones, which are heavy and consume the battery as fast as a Formula One car, then sooner or later we’ll think about switching to Cisco Jabber on a mobile phone.

    This article tells what you need for that.

    Before all experiments, make sure you have the following things:

    • Cisco Unified Communications Manager 8.6.2 or higher (preferably the latest version)
    • Cisco IM and Presence (integrated with CUCM, of course)
    • Wi-Fi Wireless Access Point, already set up by an administrator to distribute wireless internet (don’t mix it up with Wi-Fi Router, since if you have Router, your phones will be hidden behind NAT and RTP streams and it will be complicated to route correctly)
    • CUCM и IM&Presence Administrator kind enough to make us a CUCM and Presence user
    • Android 4.x or higher, better and faster (iPhone will do as well)

    You can discard Cisco IM and Presence and configure Cisco Jabber for CUCM phone services only. It will be a dull and sad client (as an alternative to Jabber: what can possibly prevent you from registering an Android phone as a SIP third-party device on CUCM?), but you’ll be able to call anyway.

    Proceed to Google market (or Apple Store for iPhone)

    https://play.google.com/store/apps/details?id=com.cisco.im

    And install the app.

    But we won’t be able to run it until we perform the configuration steps in our Unified Communication infrastructure. So, led by the craving for launching Cisco Jabber on our phone, we go to the CUCM web interface and add our device.

    Use the menu: Device - Phone - Add new – select "Cisco Dual Mode for Android"

    Now we configure our precious, paying attention to the following aspects:

    Device Name – in case of Android device it should start with BOT prefix (TCT in case of iPhone) and include name in upper case (BOT <NAME>). Allowed characters: a–z, A–Z, 0–9, (.), (_), (-). Total name length is limited to 12 characters. My device name is BOT-ATYRIN.

    Description – specify or shyly conceal the phone model (or write any kind of nonsense)

    Media Resource Group List – either specified explicitly or assigned through the Device Pool

    Optionally specify User Hold MOH Audio Source и Network Hold MOH Audio Source

    Owner – select User

    Owner User ID – select yourself from the list of CUCM users

    Device Security ProfileCisco Dual Mode for Android – Standard SIP Non-Security Profile

    SIP ProfileStandard SIP Profile for Mobile Device

    If necessary, in Product Specific Configuration Layout section you can turn video support on, and specify a list of SSID Wi-Fi access point names, separated with ( /), if you wish to connect to the specified access points only.

    After that we can add a line (DN) to our device.


    Associate yourself with this line.

    Take notice that since Cisco Jabber 11.0.1 and CUCM 10.5(2)su2 versions you can use conversation recording and listening features!

    Quoting the documentation: Silent Monitoring and Call Recording (Built-in Bridge) — In 11.0.1 Cisco Jabber for Android supports silent monitoring and call recording using Cisco Unified Communications Manager 10.5(2) su2 and later releases.

    After that proceed to User Management – End User and give yourself the rights to use this device (Device Association)

    Don’t forget to ensure that you are an IM and Presence user:

    And have the necessary rights:

    Last but not least, a bit of Cisco magic without which you may not be able to run anything:

    Jabber on Android doesn’t support HOSTNAME in Android kernel before version 4.4.4, and it’s possible that the integration with Call Manager phone services won’t happen. So, you’ll only see chat and presence features.

    To solve this problem, first of all it’s necessary to specify FQDN or IP address everywhere in Jabber settings.

    Secondly, in System – Enterprise Parameters menu in CUCM you should fill the initially empty Organization Top Level Domain field (initially empty) with the enterprise domain value.

    Now cross your fingers and pray to Cisco gods as we proceed to the most exciting part: the first launch and configuration of Cisco Jabber on your phone.

    It launches, which is good enough. Let’s open “Advanced settings” and presume that we are clever enough to explore them. Fill out IM and Presence server address and press OK:

    Fill out your username and password (End User credentials in CUCM, IM and Presence). If you haven’t made any mistakes, you may rejoice and shed tears of happiness:

    Now you can use mobile Jabber:

    All Possible Ways to Set Up PIN for CUCM Meet-Me Conference

    • "How to configure Meet-Me video conference with PIN?"
    • "We need to configure Meet-Me conference with PIN…"
    • "CUCM 10.x Meet-Me with Name announcement and Pin number…"

    - try to search the Cisco Support Forum and you'll get dozens of similar tickets.

    Yes, the built-in Meet-Me conferencing feature doesn't support PIN authentication, so here goes the list of all possible ways to set it up.

    Before we start, let's agree that we only consider Cisco Unified Communications Manager Enterprise or Cisco BE 6000/7000. If you've got CUCM/CallManager Express (CME) you can play with TCL IVR scripts, but that’s definitely another story.

    So you're enjoying Cisco UCM Meet-Me conferencing, but you want attendees to hear the voice prompt asking for a PIN needed to join the meeting. You’ve got 4 options:

    1. Cisco Unity Express/Connection

    If you have Cisco Unity deployed you can use it to achieve the Meet-Me authentication. The attendees call should be transferred via CUC and the User System Transfer Conversation should be used to authenticate the caller (a user is created on CUC). The conversation prompts the caller to sign in to CUC with his CUC ID and PIN and then transfers the call to Meet-Me conference number.

    Looks like a kludge? Still it gets the job done.

    2. Cisco Unified Contact Center Express (UCCX)

    You can use UCCX as an audio front end to Meet-Me conferences. You may find several UCCX scripts around the web which prompt the caller for meeting ID and password and then transfer the call to the MeetMe bridge. Meeting IDs and PINs are set up by UCCX admin.

    This works, but since UCCX is used for something that it’s not initially designed for, this workaround isn’t as feature-rich as you users may require and hard to maintain.

    3. The "Conference Now" feature of CUCM 11

    The "Conference Now" feature is introduced in Cisco UCM v.11 released in the summer of 2015. It's not the replacement for Meet-Me feature, but allows users to create their personal conference rooms protected (optionally) by the access code. The attendee has to call your conference room number, enter the access code and listen to the music until you start the meeting by joining it.

    Quite promising feature but the access code stays the same until you change it, so if I participated in your meeting once, I can use it to join the next time even if I wasn’t invited. Also, no scheduler and conference control tool are available.

    4. The “Conference” module of “Aurus PhoneUP” suite

    The CUCM Meet-Me conferencing solution from Aurus is designed specifically for CUCM conferencing and allows you to:

    • schedule Meet-Me conferences with a web-interface;
    • use the MS Outlook plugin to schedule the meetings from the Outlook calendar;
    • use the same phone number for meetings (the PIN entered is used to define which meeting you're joining);
    • protect meetings with a randomly generated PIN (the PIN is automatically added to the meeting invitation sent to invitees);
    • control the conference with the web-interface – the meeting host can see the list of participants, join a new attendee and disconnect anyone;
    • start the meeting from any phone - without the necessity to use a Cisco IP phone to initiate the meetme bridge;
    • control the resources of the conference bridge.

    So, these are 4 options to secure your Meet-Me conferences. Which one works better for you, depends on your business requirements and Cisco products used. Hopefully, this article will help you to evaluate the pros and cons of each option in relation to your environment.

    Configuring Cisco Jabber for Android / iOS with a shared line

    This article explains how to configure a shared line for Cisco IP phone and Cisco Jabber for mobile (Android or iOS). This will allow your employees to use their gadgets (BYOD) to receive calls made to their Cisco IP phones and make outgoing calls (the smartphone with Cisco Jabber for iOS / Android application installed must be connected to the enterprise Wi-Fi).

    Note that this will require additional DLUs (for CUCM 8.x) or enhanced plus licenses (for CUCM 9.x and higher).

    Cisco Jabber is supported in CUCM 8.6 and higher.

    First, you will need the appropriate COP file (Cisco Options Package) for your gadget.

    You can download it from the Cisco website https://software.cisco.com/download/navigator.html?mdfid=278875338&flowid=45928 for the required version of CUCM.

    The step by step procedure of CUCM configuration is:

    • download the required COP file and put it on an FTP or SFTP server that is accessible from your CUCM servers,
    • sign in to CUCM Administration page,
    • go to System > Service Parameters,
    • choose your server,
    • select Cisco CallManager (Active),
    • scroll to the Clusterwide Parameters (System - Mobility) section,
    • increase the SIP Dual Mode Alert Timer value to 4500 milliseconds,
    • click Save.

    If after increasing the SIP Dual Mode Alert Timer value, incoming calls are still terminated you can increase the SIP Dual Mode Alert Timer value. 4500ms is the lowest recommended value.

    1. Create the appropriate SIP Profile

    Device > Device Settings > SIP Profile

    Create a new SIP profile or copy an existing SIP profile. Enter a suitable name for the new profile, for example, Jabber SIP Profile.

    Scroll down and set the following values in the new SIP profile:

    • Timer Register Delta to 30
    • Timer Register Expires to 660
    • Timer Keep Alive Expires to 660
    • Timer Subscribe Expires to 660
    • Timer Subscribe Delta to 15

    Save settings.

    2. Add the user device

    Verify that the device pool to which the Jabber device will be added is associated with a region that includes the support for the G.711 codec.

    Follow these steps:

    • Sign in to Cisco Unified Communications Manager Administration.
    • Go to Device > Phone.
    • Click Add New.
    • From the Phone Type drop-down list, select Cisco Dual Mode for iPhone (Cisco Dual Mode for Android - for Samsung).

    Click Next.

    Enter the parameters of Device-Specific Information:

    Enter the DeviceName. The Device Name:

    • For iPhone name must start with TCT.
    • For Android name must start with BOT.
    • Must be in upper case.
    • Can contain up to 15 characters.
    • Can include only the following characters: A to Z, 0 to 9, hyphens (-) or underscore (_).

    Select Standard Dual Mode for iPhone (for iPhone) in the Phone Button Template field.

    Select Standard Dual Mode for Android (for Android) in the Phone Button Template field.

    Configure the following settings in order to prevent confusion for the person the user calls:

    • Media Resource Group List
    • User Hold MOH Audio Source
    • Network Hold MOH Audio Source

    Select the desk phone as the primary phone, if the user has a desk phone.

    Enter the parameters for Protocol Specific Information, as described below:

    In the Device Security Profile drop-down list select Cisco Dual Mode for iPhone - Standard SIP Non-Secure Profile. (Or the same for Android).

    In the SIP profile drop-down list select the SIP profile you just created in the Create dedicated SIP profile section.

    Note: Select the SIP profile for all Cisco Dual-Mode devices that are running Jabber.

    Click Save.

    Click Apply Config.

    Click [Line n] - Add a new DN.

    Enter the phone number (DN) of this device.

    Note: This can be a new DN. In this case, a desk phone with the same DN is not required.

    Click Save.

    Go to the end user page for the user.

    Associate Standard Dual Mode device for iPhone (or for Android) that you just created for this user.

    Click Save.

    Querying CUCM Database from the Command Line

    Why?

    Some operations on CUCM objects could be made much easier and faster through CUCM database, for example - to get a list of devices, to add several devices to the list of devices controlled by some axl-user, etc.

    How?

    1. Download CURL for Windows - http://curl.haxx.se/download.html
    2. Then any AXL-request can be executed from the command line:
    curl.exe -k -u axluser:axlpass -H "Content-type: text/xml;" -H "SOAPAction: CUCM:DB ver=8.5" -d @axlreauest.xml https://ccm9.bcs-it.loc:8443/axl/

    where:

    a) axluser:axlpass - login and password of the CUCM Application User
    b) https://ccm9.somedomain.loc:8443/axl/ - CUCM AXL Service address
    c) axlreauest.xml - the file with the request, for example:

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/8.5">
        <soapenv:Header/>
        <soapenv:Body>
      <ns:executeSQLUpdate sequence="?">
    <sql>
    insert into applicationuserdevicemap (description, fkdevice, fkapplicationuser, tkuserassociation)
    values ('', 'f37738df-222b-473c-813f-7872709ab221', '1abf2126-3339-5946-e755-6d59f368a7a5', 1)
    </sql>
      </ns:executeSQLUpdate>
        </soapenv:Body>
    </soapenv:Envelope>

    Queries to CUCM tables are performed with the executeSQLQuery. Modification of data (insert / delete / update) – with executeSQLUpdate.

    What is CUCM DB?

    It is actually Informix.

    To find out the exact version of the database server you can perform this query:

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://www.cisco.com/AXL/API/8.5">
        <soapenv:Header/>
        <soapenv:Body>
      <ns:executeSQLQuery sequence="?">
    <sql>
    select DBINFO('version', 'full') from systables where tabid=1
    </sql>
      </ns:executeSQLQuery>
        </soapenv:Body>
    </soapenv:Envelope>

    Read more about Informix here: http://publib.boulder.ibm.com/infocenter/idshelp/v111/index.jsp

    The structure of the database

    1. CUCM 6: http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cucm/datadict/6_0_1/dd601.pdf
    2. CUCM 7: http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cucm/datadict/7_0_1/DD_701.pdf
    3. CUCM 8: http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cucm/datadict/8_0_1/datadictionary_801.pdf
    4. CUCM 9: http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cucm/datadict/9_1_1/datadictionary_911.pdf
    5. CUCM 10: http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cucm/datadict/10_0_1/datadictionary_1001.pdf

    Ask Cisco about the structure of the other databases: http://tools.cisco.com/search/results/en/us/get#q=Communications+Manager+Data+Dictionary

    Reference

    Here's our friend having fun on CUCM SQL quieries: http://www.ucguerrilla.com/2012/03/cucm-sql-queries-series.html

    Examples of requests

    Get the list of All CUCM devices
    select * from device

    Get the list of devices controlled by the user (returns identifiers)
    select * from applicationuserdevicemap
    where fkapplicationuser = 'a59e7a1c-3527-c5e4-89d8-edb3e0c10dab'

    Remove a bunch of devices from the “controlled devices” list
    delete from applicationuserdevicemap where fkapplicationuser = 'a59e7a1c-3527-c5e4-89d8-edb3e0c10dab'
    and fkdevice in (select pkid from device where name like 'zCTIPort%' and name[9,15] > 5565400)

    Add a bunch of device to the “controlled devices” list
    into applicationuserdevicemap (description, fkdevice, fkapplicationuser, tkuserassociation)
    select '', pkid, 'a59e7a1c-3527-c5e4-89d8-edb3e0c10dab', 1 from device where name like 'zCTIPort%' and name[9,15] > 5565402

    RIS Service

    To test the RIS the "/ realtimeservice / services / RisPort" path should be used in the URL instead of "/ axl".

    The example of the RIS-query:

    <soapenv:Envelope
         xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
         xmlns:xsd="http://www.w3.org/2001/XMLSchema"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Body>

    <ns1:SelectCmDevice soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
      xmlns:ns1="http://schemas.cisco.com/ast/soap/">
      <StateInfo xsi:type="xsd:string"/>
      <CmSelectionCriteria href="#id0"/>
    </ns1:SelectCmDevice>

    <multiRef id="id0" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
      xsi:type="ns2:CmSelectionCriteria"
      xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
      xmlns:ns2="http://schemas.cisco.com/ast/soap/">

      <MaxReturnedDevices xsi:type="xsd:unsignedInt">200</MaxReturnedDevices>
      <Class xsi:type="xsd:string">>Phone</Class>
      <Model xsi:type="xsd:unsignedInt">255</Model>
      <NodeName xsi:type="xsd:string" xsi:nil="true"/>
      <SelectBy xsi:type="xsd:string">Name</SelectBy>

      <SelectItems soapenc:arrayType="ns2:SelectItem[1]" xsi:type="soapenc:Array">
    <item href="#id1"/>
      </SelectItems>

    </multiRef>

    <multiRef id="id1" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
      xsi:type="ns3:SelectItem"
      xmlns:ns3="http://schemas.cisco.com/ast/soap/"
      xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/">

      <Item xsi:type="xsd:string">test</Item>
    </multiRef>

        </soapenv:Body>
    </soapenv:Envelope>

    Cisco’s Conferencing Options Explained

    With a wide range of conferencing products offered by Cisco it may be hard to figure out what are the options and what each of them is designed for. This post is going to help you to get a sense of what is happening in the Cisco’s conferencing world.

    Audio Conferencing

    Cisco UCM has several conferencing features on-board:

    • Ad-Hoc - to escalate the current phone call to audio-conference,
    • Meet-Me – for permanent conferences,
    • ConferenceNow (introduced in CUCM 11) – for personal conference rooms.

    All of them are audio only and use either the software conference bridge (CUCM service) or hardware conferencing resources (most often – DSP modules in Cisco ISRs). Hardware DSP modules are required to enable the transcoding feature as the software bridge only supports G711.

    Since CUCM is not a conferencing platform, these three options only provide basic conferencing features, but may be enhanced with 3rd party add-ons to CUCM. For example, Aurus PhoneUP operates on top of the CUCM conferencing engine providing extra functionality like:

    • meeting scheduler,
    • PIN and Caller ID security,
    • conference control tools.

    But still only audio conferencing is available. If you meetings require web collaboration and/or video you have to deploy additional Cisco products.

    Web-conferencing and Collaboration

    Cisco’s web-conferencing portfolio is based on the Cisco WebEx platform that provides audio/video conferencing as well as web-collaboration tools – white board, presentations, application sharing, chat and so on.

    You can join the WebEx meeting over IP (PC or mobile devices) as well as by dialing the call-in number from any phone.

    The WebEx platform is available in cloud (Cisco WebEx Meeting Center) or on-premises (Cisco WebEx Meeting Server).

    Similar to Cisco UCM conferencing options, WebEx meetings can be:

    • started instantly,
    • scheduled,
    • always available (Cisco Collaboration Meeting Rooms).

    HD-Video Conferencing

    Finally, for the best user experience Cisco offers Cisco TelePresence architecture, which provides high-quality HD video conferencing.

    The core components of Cisco TelePresence offer are:

    • video-endpoints - desktop, room and immersive,
    • video-conferencing bridges - Cisco TelePresence Serverand obsolete Cisco TelePresence MCU,
    • Cisco Telepresence Conductor - orchestrates the allocation of conferencing resources,
    • Cisco TelePresence Management Suite (TMS) – manages the Cisco TelePresence infrastructure providing engineers with provisioning, meeting control, resource management and meeting scheduling features.

    There are also several optional components available from both Cisco and its technology partners like:

    • Cisco TelePresence Recording Server – to record conferences,
    • Cisco Expressway – to allow users outside the firewall to join the meetings,
    • Aurus U-Meet – to improve the meeting scheduling and conference control.

    How to Extend CUCM (CallManager) Features

    Cisco Unified Communications Manager (CallManager) is the leading IP PBX in the worldwide market. Only certified professionals can deal with its rich functionality. Nevertheless, dozens of software vendors develop products that empower CUCM (Cisco Unified Communications Manager) functionality with new features.

    Aurus, the official Cisco Solution Partner, invites you to learn what new features the Aurus PhoneUP product brings to Cisco IP PBX (Cisco Unified Communications Manager or Cisco BE 6000/7000).

    Enterprise Phone Directory for Cisco CallManager

    The "Directory" module of the PhoneUP application bundle provides the enterprise phone directory service for employees, and is an alternative to built-in CUCM phone directory. The main differences between the "Directory" module and the out-of-the-box Cisco CallManager directory are:

    CUCM"Directory" module
    Number of directoriesOneUnlimited number with access control for groups of employees
    Integration with external systemsADAD, LDAP, IBM Lotus Notes, CSV, XML, CUCM, SQL database
    External contacts supportNoYes
    Caller IDInternal numbers onlyAny phone number
    Incoming call detailsName / Last Name / CompanyFlexible data that may contain an employee photo
    Notification of missed calls via e-mailOnly with UnityYes
    DTMF support NoYes
    Personal directoriesOne (edited manually or imported from Outlook)Unlimited number of directories synchronized with external sources
    Auto-redial featureNoYes


    The "Directory" module is integrated with Cisco Jabber. Using the standard contact search field of Cisco Jabber not only you can find an employee, but also search for client, partner and any other contact imported from external datasource. Also, when you get a call from the contact (client for example) stored in the directory Cisco Jabber will show the client's name, status and any other information from the CRM system.

    Phone Call Recording (CUCM)

    Cisco offers its own solution, Cisco MediaSense for call recording that captures and stores audio, forked by Cisco IP phone bridge or CUBE (Cisco Unified Border Element). But MediaSense is a recording platform that only provides basic features to manage call recordings. Cisco officially recommends using 3rd party solutions developed by technology partners that provide additional functionality.

    For example, the "Record" module of PhoneUP can be integrated with Cisco Mediasense to bring you extra-features not implemented in Mediasense:

    • flexible management of user access to call recordings;
    • rich search and filter tools;
    • call recording rules (for example, recording only external calls);
    • IP phone user interface to search and play the call recording;
    • playing the recording into the current phone call;
    • and much more.

    Attendant Console

    Cisco actively promotes Cisco Jabber, the enterprise collaboration tool. At the same time, some business units need a wider range of call control features including specific ones, for example:

    • top manager assistants need to monitor chief's phone lines and intercept calls during his absence;
    • reception staff and contact center need a visual control of the call queues not to miss client calls or VIP calls that should not be left unanswered;
    • top managers need an intuitive, time-saving interface allowing to perform basic call control actions with easy to use UI supporting drag-n-drop.

    In these cases you should pay attention to the "Console" module.

    Group paging via Cisco IP phones

    Features of Cisco Unified Communications Manager (CUCM) and Cisco IP-phones, as well as API Cisco provides its technology partners, allow to use the IP telephony network for text and audio notifications to employee groups.

    Cisco's collaboration product line doesn't include such a solution, and clients need to turn to 3rd party vendors. The "Paging" module of PhoneUP bundle supports both text and audio paging to Cisco IP phones as well as live broadcasting through speakerphones.

    Features that improve the security of IP telephony network built on Cisco Unified Communications Manager (CUCM)

    Cisco CallManager (CUCM) provides users with the Meet-Me conferencing feature – each conference has its phone number that needs to be dialed to join the meeting. But the "built-in" Meet-Me conferences do not provide the necessary security. Anyone who knows the number of conference room can dial it and join. To avoid this you can use the "Conference" module that works on top of CUCM conferencing feature and protects meetings with PIN.

    The "Lock" module is used to lock Cisco IP phone while its owner is away to prevent abuses and frauds. In some ways this is similar to the "Extension Mobility" feature implemented in Cisco Unified Communications Manager, but is designed to improve the security. Unlike Extension Mobility a phone locked with PhoneUP:

    • stays registered to CUCM;
    • can receive incoming calls;
    • is allowed to make outgoing calls to a limited set of directions;
    • denies the access to the personal address book, call history, call recording, etc .;
    • gets locked and unlocked automatically when you log in/out the PC.

    XML-services for Cisco IP phones

    Cisco Systems provides technology partners with rich capabilities for development of custom XML-applications for Cisco IP phones - with which users can interact via the IP phone keypad and display. The "Inform" and "Hotel" modules of the PhoneUP bundle may be considered as examples of such applications.

    Predictive vs Progressive – Outbound Dialers Test Results

    We are now beta testing our brand new math algorithm for predictive dialer to be used in Aurus Outbound product. The algorithm was recently developed by our engineers in collaboration with the Institute of Mathematics and the first test results make a killer impression.

    Here are some figures…

    We performed 3 synthetic tests with the following input parameters:

    • client’s time to answer: varies from 15s to 25s;
    • The success rate (percentage of calls answered by live person): 80%;
    • the number of agents involved in the campaign: 50;
    • the campaign duration: 58 min;
    • call duration range:
      • test 1: 40-60s – to emulate campaigns with short call time, for example address verification, appointment reminders etc,
      • test 2: 60-120s – for campaigns like subscription renewals, mass mailing follow-ups, “welcome calls” and so on,
      • test 3: 500-600s – for sales campaigns, surveys, market research and so on.

    Agent Occupancy

    The agent occupancy calculated in the tests above:

    Predictive vs Progressive – Agent Occupancy

    As expected, the agent occupancy in progressive campaigns depends on the average call duration – the more the talk time is the less failed calls influence the total agent utilization. However, when using predictive dialer the agent occupancy is over 90% in all tests.

    Abandonment Rate

    Another important metric is the call abandonment rate which indicates the percentage of “nuisance” calls – the ones where the client answers but no agent is immediately available to talk to him.

    In our tests the abandonment rates are:

    Predictive Dialer Abandonment Rates

    The highest average abandonment rate is achieved in the 3rd test because of the highest (500-600 sec) and the most spread out (100 sec) call duration.

    Having high call duration variance we may get too high abandonment rate which is unacceptable due to regulations like Ofcom and FCC (Federal Communications Commission). This can be illustrated by 2 others tests:

    • the call duration is 400-600 (variance - 200s)
    • the call duration is 400-700 (variance - 300s).
    Predictive Dialer Abandonment Rates (high variance)

    To avoid this our new predictive algorithm allows to setup the max abandoned rate input parameter. So, when the abandonment rate of the active campaign gets closer to the max value specified, the algorithm reduces the number of calls.

    Predictive Dialer in Low-Volume Campaigns

    It has been argued that predictive approach is only effective when used in high-volume (30+ agents) and long-lasting campaigns to get enough statistics for proper prediction.

    We performed a couple of tests with low-volume campaign parameters and higher variance:

    • the campaign duration: 10 min (in opposite to 58 min in the tests above);
    • the number of agents: 10;
    • call duration:
      • test 1: 60-120 sec
      • test 2: 60-180 sec
    Predictive vs Progressive in Low-Volume Campaigns

    As we can see the effectiveness of predictive algorithm in low-volume campaigns reduced by 10%, but still it provides extra 10% of agent utilization when comparing to progressive approach.

    The new predictive algorithm will be included into the nearest release of Aurus Outbound (Jan 2016), so you’re welcome to try it.

    Phone Auto Registration on CUCM

    So, phone auto registration on CUCM. The topic is easy and most likely well-known.

    A small prehistory. My colleague received a request to connect the phone for the new employee yesterday. The task is easy and repeated several times every day.

    In our company auto registration on CUCM is always enabled. Yes, I know that Cisco does not recommend to keep it constantly enabled for security reasons, but so we have decided, because all the sockets in which you can plug the phone are in the closed area and outsiders do not have access to them.

    My colleague, taking a new phone out of the box and turning it on to the network, instead of the expected signs 'Your current options' and numbers from the pool for auto registration, saw the following:
    Registration Rejected: Security Error.

    Then I began to research CUCM logs. And I saw the line in the SDL traces:

    AddDevice returns "There are no free autoreg DN in the system free DN between 1010 and 1099".

    It means that the auto registration process of CUCM unable to create a new DN within a predetermined range and a predetermined Partition. Why it could not do? Because these DN-s are already in the system! They can be viewed in the section Call Routing -> Directory Number.

    The solution of the problem is elementary – to change the range in auto registration settings or remove unnecessary DN-s. Because the auto registration is usually used in order to do not enter the MAC address manually. After auto registration the phone is configured manually.

    And now a few words about how to configure the auto registration.

    • Go System -> Enterprise Parameters. Specify which protocol will be used for auto registration in the Enterprise Parameters Configuration section in the Auto Registration Phone Protocol parameter. SCCP is used by default.
    • Create a Partition for auto registration. Theoretically, you don't have to do it, but it would be more correct to create it. Generally Partitions and Calling Search Space is a very powerful tool in CUCM.
    • Configure Device pool (if it’s not configured).
    • Go Device -> Device Settings -> Device Defaults and then specify the default device pool for all used types of phones, for example, the one that is configured previously.
    • Select the server in System -> Cisco Unified CM, on which we enable auto registration. Specify the range of numbers, Partition, and External Phone Number Mask in Auto-registration Information section. The main thing is to disable Auto-registration Disabled on this Cisco Unified Communications Manager checkbox. So it is possible to set up multiple servers for auto registration. It is preferable to specify for them the different ranges of DN.
    • Check CM groups in System -> Cisco Unified CM Groups. Auto registration can be enabled on the one group only! If you want to enable it on the other group, then go to the group settings and select the Auto-registration Cisco Unified Communications Manager Group item.

    All appropriate services should be enabled in Cisco Unified Serviceability for auto registration process; i.e. Cisco CallManager at least, on those nodes, on which auto registration is configured.

    Now a little bit more information:

    • Do not try to create a DN for auto registration manually in advance! CUCM creates them itself! Otherwise, you will get the same mistake on the phone screen that my colleague got.
    • Auto registration can be configured on multiple servers, but! Only one group of servers may be available for auto registration. If the group consists of several servers with enabled auto registration, then keep in mind that an automatic transition to a different server will not be set if there's no range of DN-s. For example, there are two servers - cucm1 with DN server for auto registration from 1000 to 1049 and cucm2 with DN from 1050 to 1099. If cucm1 will be listed as the primary cucm server, then phones will be registered on it. Once the phone with DN 1049 will be registered, then next phone will receive Reject. To register phones on cucm2, they need to specify it as the primary cucm. Therefore it is better to configure the auto registration on the one server only.
    • If SIP is specified in Enterprise Parameters, as the default protocol for auto registration, when you try to automatically register SCCP-phone, it will start to update firmware on SIP! And it also works backwards - if the SCCP is specified as the default protocol, the SIP phone will update firmware on SCCP. If the phone knows the one protocol only (for example, CP-9951 or DX650 knows SIP only), it will be registered on SIP, even if the default protocol is Skinny.
    • If CUCM cluster is in the mixed mode (a mode that allows to include the encryption of voice traffic), then the auto registration will not work for security reasons.
    • And finally, Cisco Systems recommends using the auto registration only if you need to add less than 100 phones; if you need to add more, then use Bulk Administration Tool. For security reasons it is also not recommended to keep auto registration always enabled, you should enable it only as needed, so Cisco says.

    That's all. I hope this article will be useful. If you have any questions, please, write them in the comments.

    Implementing Unified Enterprise Directory in Heterogeneous UC Environment

    Despite the fact that PhoneUP is designed for Cisco UCM its “Directory” module can be used to provide the unified enterprise phone directory with Caller ID support in heterogeneous multivendor communication infrastructure.

    Here is the case study.

    The holding with 15+ companies has a multivendor enterprise communications network with IP PBXs of different vendors (Cisco UCM, CME, Siemens, Asterisk etc) connected with SIP trunks:

    Managing 15+ local directories were too labour-intensive and did not provide the unified contacts directory available for every employee of the holding.

    The solution implemented includes:

    • Cisco Unified Communication Manager which proxies all the calls of the communications network;
    • PhoneUP “Directory” app integrated with new CUCM and all sources of employee details.

    So, what are the benefits achieved?

    1. Unified always up to date enterprise directory available for everyone.
    PhoneUP Directory is synchronized with the employee database of each company. A set of built-in connectors allowed to integrate it with various datasources like AD, CUCM, HR software etc. The public web-interface is available for any employee and provides sort/filter/group features for fast contact search.

    2. Caller ID for any IP endpoint.
    Integrated with CUCM PhoneUP Directory supplements each call with the Caller ID string which is displayed on any SIP-endpoint with no matter to IP PBX that receives the call.

    If you want to know more tech details about the project, contact us and we’ll share our experience with you.

    Guide to Integrate Cisco MCU with Skype for Business. Part 3 – CUCM Configuration


    The CUCM configuration consists of two parts: creating a trunk to VCS Control and a trunk the VIS.

    In CUCM proceed to CM Administration->System->Security->SIP Trunk Security Profile, select "Non Secure SIP Trunk Profile", and click Copy.

    SIP Trunk Security Profile Configuration

    Enter the name for the new trunk, for example 'SIP Trunk Profile CUCM video', set the Incoming Port to 5065, check 'Accept unsolicited notification' and 'Accept replaces header', and click Save.

    SIP Trunk Security Profile Configuration

    Now proceed to Device-> Device Settings-> SIP Profile and configure the Standard SIP Profile For Cisco VCS as the screenshot shows. Depending on the CUCM version this profile may have different parameters.

    Standard SIP Profile For Cisco VCS

    Create a partition for VCS Control: Call Routing->Class of Control->Partition

    Partition Information

    And for S4B:

    Partition Information

    Create a Calling Search Space: Call Routing->Class of Control->Calling Search Space:

    Calling Search Space

    Create a new trunk: Device -> Trunk. Replace 'CUCM IP' with your VCS Control IP address.

    After you save the trunk settings, click Reset.
    Then proceed to VCS Control Configuration->Zones to create a new zone.
    Replace 'CUCMIP' with your CUCM IP address.

    Save the form, create a Dial Plan for calling S4B users. In this case, the domain name suffix is used as a pattern. This rule is configured in such way that if a user user1@test.com is dialed, the CUCM Video trunk is used. You can use a regular expression as a pattern.

    Configuration->Dial Plans-> Search Rules

    The trunk between the CUCM and VCS Control is configured, now configure the trunk between the CUCM and S4B.

    Create a new Calling Search Space: Call Routing->Class of Control->Calling Search Space

    Calling Search Space

    Create a security profile: SIP System->Security->SIP Trunk Security Profile

    SIP Trunk Security Profile

    Create a SIP Profile: Device->Device Settings->SIP Profile

    SIP Profile

    SIP Profile

    SIP Profile

    After you save the form, click Reset.
    Create a trunk to VIS: Device->Trunk, replace 'VIS IP' with the VIS IP address

    Device Information

    Create a pattern for sending calls to the S4B trunk. It is important to specify the IPv4 pattern: you should give the full domain name, for example, domain1.com, and also select the Route Partition and SIP Trunk.

    Proceed to Call Routing->SIP Route Pattern and enter your SIP domain

    That's it. It's time to test.

    Guide to Integrate Cisco MCU with Skype for Business. Part 2 – the VIS role


    You'll need a separate server to setup the VIS role. You can use either a VM or a physical server, depending on how many calls you are planning to handle simultaneously.

    Launch the setup from the disc image: \Setup\amd64\setup.exe
    Once the prerequisites have been installed, the Skype for Business Server Deployment Wizard will be launched. You should select the Install Administrative Tools option.

    After the installation you should launch the Skype for Business Topology Builder and download the current topology:

    Topology Builder

    A new section called Skype for Business 2015 will appear in the Topology Builder. You should proceed to the Video Interop Server pools folder and define a new pool:

    On the first screen, enter the domain name of the VIS or the pool (if necessary):

    Create a new Video Interop Server pool

    Select the Front End server:

    Create a new Video Interop Server pool

    On the next screen, select the Edge server. Then the trunk configuration wizard will be launched.
    Enter the CUCM IP address or FQDN:

    Define new Video gateway

    If the VIS uses several IP addresses, you can choose a specific one:

    Define new Video gateway

    On the next screen, set the Listening port to 5060. Keep the TLS protocol (it will be changed later):

    Define new Video gateway

    In properties of the created VIS, enable TCP protocol:

    Edit Properties

    And then select the TCP protocol in the VIS properties:

    Edit Properties

    Publish the topology.

    After the topology was successfully published, install the Local Configuration Store, VIS role, request and install the certificates and launch the services. I won't describe these steps in details; they don't have any parameters to configure. After the services are launched, open PowerShell and enter the following command with the trunk name changed:

    New-CsVideoTrunkConfiguration -Identity "Service:VideoGateway:trunk name" -GatewaySendsRtcpForActiveCalls $false -GatewaySendsRtcpForCallsOnHold $false -EnableMediaEncryptionForSipOverTls $false

    Now the VIS configuration is over. The TechNet guide from Microsoft suggests creating a Dial Plan and normalization rules. This is necessary for E.164 calls, but I'm going to call using the SIP Address.

    Guide to Integrate Cisco MCU with Skype for Business. Part 1 – Prerequisites


    This set of articles describes how to integrate Cisco MCU with Skype for Business and make available calls from MCU to S4B users. This is a guest post that we found very useful to our audience.

    Let's start with the description of the infrastructure.

    MCU1-MCUn – multipoint control units – the hardware to host video audio/video conferences. It is responsible for the connection and encoding. The connection means sending video/audio stream from one endpoint to all the others. Encoding means encoding and decoding video/audio stream between the endpoints.

    E1-En – video endpoints: desk endpoints, room endpoint, IP phones, software clients.

    VCS Control – provides video call and session control, endpoint registration, call routing. VCS stands for Video Control Server. This is a sip-server and a controller for H.323 zones. Also used for integration with third-party applications: IP PBX, Microsoft OCS, Lync 2010, Lync 2013 (an additional license is required). B2BUA for S4B support hasn't been announced yet.

    VCS Express Way – server to connect with external video endpoints. It helps the remote clients to connect from outside the firewall.

    CUCM – Call Manager – the Cisco IP PBX.

    ME1 – Lync 2013 mediation server used for integration with third-party telephony.

    Edge1 – Lync 2013 edge server used for connecting remote clients.

    FE1 – front end Lync server used for registering clients, exchanging presence statuses and messages, creating audio and video conferences.

    Ei and Li – Cisco and Lync clients respectively on the internet.

    VCS Control supports B2BUA role for connecting to a Lync 2013 front end server, but the separate Microsoft Interoperability option key is required. It's also possible to install the Cisco CUCILync plug-in on the Lync clients, but in our case this won't be convenient, and separate licenses are also required.

    In April 2015, Microsoft released the next Lync version called Skype for Business. It has the new Video Interop Server role that enables integrating third-party videoconferencing systems with S4B users. Jeff Schertz gives a very detailed description of the new topologies in his blog. Microsoft only supports integration with CUCM starting from the version 10.5, VCS Control support was not announced. MCU and Cisco Telepresence Server support wasn't announced as well, only calls from endpoints to S4B subscribers are supported. The endpoints should be registered on CUCM, and the MCU isn't actually used in this scenario. The list of endpoints is also very limited:

    • Cisco TelePresence Codecs (C40, C60, C90)
    • Cisco TelePresence MX Series (MX200, MX300)
    • Cisco TelePresence EX Series (EX60, EX90)
    • Cisco TelePresence SX Series (SX20)

    In our case, the videoconferencing system is one of the crucial business software applications, and in addition to room endpoints we need other clients to connect to meetings.

    We have decided not to upgrade all the Lync servers, but to upgrade the topology only and to add the VIS role. The Cisco-S4B topology would look as follows:

    The only difference with the previous topology was the VIS role with the trunk to CUCM.

    The basic integration aspects are the following:

    • only the calls from MCU to S4B are supported, not the other way around,
    • in Lync/S4B topology a separate server has to be deployed for the VIS,
    • trusted certificates are not required,
    • you won't be able to create a conference with an MCU participant on the S4B side; the meeting has to hosted on the MCU,
    • an S4B user won't be able to share the desktop send documents,
    • the CUCM version should be 10.5 or higher.

    CUCM On-Board Conferencing Options Overview and Restrictions

    Cisco Unified Communications Manager has several native conferencing options. All of them are quite simple, “getting started” implementations. If you need more, you have to switch to one of full-featured conferencing platform described, for example, here, on Cisco’s website.

    But in this post we’re going to review only on-board options shipped with CUCM.

    Ad-Hoc Conference

    Ad-hoc (also referred to as “instant”) conference is an impromptu conference that is not scheduled before. A point-to-point call may be escalated to an ad-hoc conference using Cisco IP phone, Cisco Jabber, or some 3rd party CTI application like attendant console.

    The originator of the conference may add / remove participants, no other conference control features are available.

    Meet-Me Conference

    Meet-Me (also referred to as “permanent”) conferencing suggests that a range of directory numbers are allocated for exclusive use of the conference. The meet-me conference begins when the host connects. After that anyone who calls the conference number joins the conference.

    Limitations:

    • the host must use a Cisco endpoint to start the conference,
    • no scheduling tool is available,
    • no authentication is available ,
    • no conference control options.

    Conference Now Feature

    The Conference Now feature is available on CUCM 11 and higher and is going to replace the Meet-Me option. It allows user to create their personal meeting rooms (with DN associated) protected with PIN. Anyone who calls the host’s meeting number is asked for the PIN to join the conference. The conference starts when the host joins the meeting, till that everyone receive MOH (Music On Hold) provided by basic IVR implemented in CUCM 11.

    Limitations:

    • no scheduling tool,
    • the PIN is managed by host and is not generated automatically,
    • no participants list is available for the host,
    • no conference control options.

    Conference Bridges

    All CUCM conferencing options use the conference bridge configured in CUCM.

    Software conference bridge

    The CUCM software conference bridge is available out of the box and only supports G.711 codec (ALaw & ULaw). If there is a codec mismatch between the calling device and the software conference bridge, a transcoder is needed.

    The software conference bridge can handle up to 128 audio streams (48 if the Cisco IP Voice Media Streaming Application service runs on the same server as the Cisco CallManager service) and supports max 100 conferences per CUCM server.

    Hardware conference bridges

    To obtain the transcoding feature and increase the capacity of conferencing resources you need to switch to hardware conference bridge.

    For example, Cisco 1700, Cisco 2600, Cisco 2600XM, Cisco 2800, Cisco 3600, Cisco 3700, and Cisco 3800 series voice gateway routers (DSP modules are required) provide conferencing and transcoding capabilities for Cisco Unified Communications Manager.

    Cisco Jabber 11 – “And I admit, it's getting better…”

    We suppose our readers don’t need to be told what Cisco Jabber is. This article is about the corporate environment it was introduced to, where it is extremely important to support TelePresence devices, work with VDI, let mobile users stay online, quickly create complicated meetings and conferences. And also to conform to a whole lot of rules and security policies.

    In June 2015, Cisco Collaboration 11 was released, and Jabber, as a part of it, has changed for the better and acquired a lot of helpful features.

    In brief:

    • Support of all main desktop and mobile operating systems except Linux;
    • Interface unification even for Cisco TelePresence devices;
    • Safe access for mobile users (an encrypted channel is created after Jabber launches);
    • A p2p analogue for VDI stations without excessive transfers from terminal to server;
    • Simple guest access for browser-only users.
    Now let’s go into more details.

    Supported devices

    Cisco made Jabber client suitable almost for every device: Windows, OS X, iOS, Android, and also browsers and VDI thin clients. There’s no Linux and Windows Phone support yet. This variety provides maximum accessibility for users and allows them to use their favorite device for communications.

    Licensing for a heterogeneous device park becomes easier and more intelligible.

    After transition from Personal Communicator (Jabber’s predecessor) to Jabber the application design has become almost identical on all devices. You can see the same interface even on TelePresence terminals (personal and group ones) which provide high communication quality. That helps users to adjust and start using the services.

    The features available in Cisco Jabber for Windows are:

    • Presence – real-time availability of employees within and outside the enterprise network
    • Instant messaging – including p2p chat, group chat, chat rooms
    • Phonebook – contains only AD and MS Outlook contacts, but you can integrate Cisco Jabber with CRM and any enterprise DB to make other contacts available in Jabber phonebook
    • Desktop sharing – the whole screen, not the certain app only
    • Conferencing – voice and web meetings
    • Integrated video – with media escalation
    • Security features – encryption, single sign-on, enterprise policy management

    Mobile clients provide a bit less functionality.

    UC outside the office

    Only two or three years ago it wasn’t easy to provide mobile and remote employees with access to corporate communication services. There has always been a choice between using VPN connections and restricting functionality. It may seem easy to build a VPN tunnel, but in reality it created a lot of obstacles and issues: organizational (VPN and UC are usually managed by different departments), technical (encryption matters) and user problems. The last ones could nullify all the efforts to overcome the others, because it was simply unhandy to establish a VPN connection every time you leave your office. In any case, the solution turned out to be expensive and complicated.

    After the Mobile and Remote Access (MRA) function was created, everything got better. The function name speaks for itself: it allows providing mobile and remote users with a secure access to UC services. The users can use Jabber anywhere without thinking about their location or changing any settings. All they have to do is to launch the application, and Jabber will find the required server by itself. What makes this function even more attractive is that it is completely free. Software for the edge servers that provide Jabber functioning outside a corporate network costs $0, and Jabber clients don’t require a license for internal calls. Perhaps this is one of the most useful and important functions, that is implemented today in every project where Jabber is used.

    Guest access

    In the end of 2013 Jabber Guest solution was introduced. It allows to simply send a link to a remote party or place it online. The remote subscriber can connect from a browser or a mobile device using this link, and an employee can use the accustomed means of communication. This function is very helpful for HR, communicating with natural persons and small companies, or recruiting experts from the outside.

    Cloud and VDI

    Jabber can be used together with Cisco WebEx cloud services and newly created Collaboration Meeting Rooms (CMR) Cloud service which also is based on WebEx Cloud. Joint usage of Jabber and these services provides an opportunity to use the client to take part in cloud arrangements and also initiate them with a single click. The last version of Jabber introduced an opportunity to start a WebEx or CMR session directly from the chat window without planning, inviting participants, etc.

    There used to be a problem with VDI, because a workstation with an operating system would be situated in a data center, and the peripheral devices (monitor, web-camera, microphone, speakers) in the office would be connected to a thin client. This caused a significant delay in voice and video transmission to/from the data center. Standard video conferencing and UC applications can’t work in these circumstances. However, a special intermediate for Jabber, installed on a thin client, allows to overcome this limitation. Audio and video data is being transmitted directly between the thin client and a remote subscriber, avoiding the workstation in data center.

    Cisco IP Phones End-of-Sale Matrix

    For the past several years Cisco experimented a lot with its IP phone portfolio. There have been several IP phone series launched after the good old 7900 and some of them only lived for a couple of years.

    BTW, even in the movies of 2015 Cisco still presents 7900 (not 7800 or 8800) IP phone, check "Spy" by Paul Feig.

    So It was quite difficult to follow Cisco’s brave marketing guys and to puzzle out what to sell and what is too late to sell :-). It is finally settled. Cisco’s IP phone portfolio is:

    • 7800 series – cost-effective devices for common purposes,
    • 8800 series – HD video phones for the top brass.

    I have not listed:

    • 3905 – I doubt that this low-cost SIP phone without XML-services, JTAPI and AXL-control is a truly Cisco product,
    • Cisco 8945, 9951, 9971 - the end of sale announcement has not arrived yet, but I think it is a matter of several months (you're welcome to argue with me:),
    • DX650 – though this device is a phone-looking one, still it’s a representative of the DX series that belongs to the collaboration species.

    Forget all other IP phones, they're no longer available:

    Cisco IP Phone ModelEnd-of-Sale Date
    Cisco Unified SIP Phone 3900 Series
    Cisco Unified SIP Phone 3905None Announced
    Cisco Unified SIP Phone 3911July 23, 2010
    Cisco Unified SIP Phone 3951July 23, 2010
    Cisco Unified IP Phone 6900 Series
    Cisco Unified IP Phone 6911July 30, 2014
    Cisco Unified IP Phone 6921July 30, 2014
    Cisco Unified IP Phone 6941July 30, 2014
    Cisco Unified IP Phone 6945July 30, 2014
    Cisco Unified IP Phone 6961July 30, 2014
    Cisco Unified IP Phone 7900 Series
    Cisco Unified IP Phones 7902November 29, 2006
    Cisco Unified IP Phones 7905May 22, 2006
    Cisco Unified IP Phones 7906July 23, 2010
    Cisco Unified IP Phones 7911February 6, 2012
    Cisco Unified IP Phones 7912May 27, 2007
    Cisco Unified IP Phones 7914March 31, 2009
    Cisco Unified IP Phones 7915February 1, 2016
    Cisco Unified IP Phones 7920June 14, 2007
    Cisco Unified IP Phones 7921January 30, 2012
    Cisco Unified IP Phones 7926February 1, 2016
    Cisco Unified IP Phones 7931July 30, 2014
    Cisco Unified IP Phones 7935November 14, 2004
    Cisco Unified IP Phones 7936July 23, 2010
    Cisco Unified IP Phones 7937March 31, 2014
    Cisco Unified IP Phones 7940July 23, 2010
    Cisco Unified IP Phones 7941January 19, 2010
    Cisco Unified IP Phones 7942February 1, 2016
    Cisco Unified IP Phones 7960July 23, 2010
    Cisco Unified IP Phones 7961August 1, 2008
    Cisco Unified IP Phones 7962February 1, 2016
    Cisco Unified IP Phones 7970August 1, 2008
    Cisco Unified IP Phones 7971August 1, 2008
    Cisco Unified IP Phones 7985September 24, 2010
    Cisco Unified IP Phone 8900 Series
    Cisco Unified IP Phone 8941May 31, 2014
    Cisco Unified IP Phone 8945None Announced
    Cisco Unified IP Phone 8961July 9, 2015
    Cisco Unified IP Phone 9900 Series
    Cisco Unified IP Phone 9951None Announced
    Cisco Unified IP Phone 9971None Announced

    Working with Cisco Unified RTMT

    Cisco Unified RTMT (Real-Time Monitoring Tool) is used to monitor various CUCM parameters, Performance Counters, and to collect Traces.

    Performance Counters contain simple information on the system and devices on the system, such as number of registered phones, number of active calls, number of available conference bridge resources etc.

    RTMT requires a PC running Windows or Linux and uses HTTPS and TCP to monitor the Device Status, System Perfomance, Device discovery, CTI Applications in the CUCM cluster.

    Not only the CUCM admin can work with RTMT: it’s enough to include any user in the standard Standard CCM Server Monitoring group.

    RTMT offers a wide range of features but we won’t review all of them here. In everyday life we need a much smaller number of counters which we will list in the next section.

    Useful Performance Counters

    CountersPathDescription

    General information on the system:

    • Memory Usage
    • CPU Usage
    • HDD Usage

    System > System summaryThese parameters give an overview of the system status
    The processes running on the serverSystem > Server > ProcessTo understand which process causes the high CP load

    General information on CUCM:

    • Registered Phones
    • Call InProgress
    • Active MGCP Ports

    Call Manager > Call Manager SummaryThe abrupt changes of these parameters may be a sign of some problem

    Call processing activity:

    • Call Activity
    • Gateway Activity
    • Trunk Activity
    • Sip Activity

    Call manager > Call ProcessThese graphs give an idea about the total number of calls and the gateway activity

    Device information:

    • Phone
    • Gateway Devices
    • H.323 Devices
    • Media Resources
    • SIP Trunk

    Call Manager > Device

    The very useful information that provides and the detailed parameters of each device.


    For example – device models, firmware versions, IP addresses, user association etc.
    Conference Bridge resources

    Stand Alone Cluster -> node name -> Cisco HW Conference Bridge Device

    Stand Alone Cluster -> node name -> Cisco SW Conference Bridge Device

    • HWConferenceActive – the number of active conferences
    • ResourceActive – the number conference participants
    • ResourceAvailable - the number of available resources

    Gives an idea about the Conference Bridge activity, but not for each conference

    Alerts

    RTMT supports Alerts, which are triggered under certain conditions.

    RTMT includes the set of pre-installed Alerts (System > Tools > Alert > Alert Central) which provide a great benefit in terms of a quick inspection of the system.

    If you see "alarm" in this list it certainly makes sense to check what caused them.

    In addition to pre-installed ones, you can create your own Custom Alerts.

    Let's create the Alert, which is triggered when the resources of the Hardware Conference Bridge are over. This one is useful to monitor the availability of CUCM conferencing features Meet-Me, Ad-Hoc and Conference Now (implemented in CUCM 11).

    We will use the ResourceAvailable Counter mentioned in the table above.

    So, to create Alert:

    1. Open the appropriate counter, select it, then right-click on it and choose Set Alert / Properties
    2. Select the alarm level and enter its description
    3. Set the triggering condition - "Under 1".
    4. The next screen allows to set up the Alert frequency. In order to keep e-mail box from being hammered we will choose no more than once per hour.
    5. Next step is to configure the e-mail address for notification
    6. Do not forget to configure e-mail server properties:
    System > Tools > Alert > Config Email Server

    That’s it.

    Syslog Viewer

    Syslog Viewer is the analogue of Windows Event Viewer. If something is wrong with the system it’s one of the first interface to look at.

    System > Tools > Syslog Viewer

    Syslog Viewer allows you to view the messages from the following logs:

    • System Logs - everything that concerns hardware and OS.
    • Application Logs – CUCM logs
    • Security Logs - user login attempts.

    Trace & Log Central

    Trace & Log Central collects and displays various traces and log files:

    • CUCM SDL and SDI traces
    • SDI (System Diagnostic Interface) are used for log analysis
    • SDL (Signal Distribution Layer) are mainly used when opening cases in the Cisco Technical Assistance Center (TAC).
    • CUCM application logs (for example, BAT logs)
    • System logs

    Trace & Log Central works in the following modes:

    • Remote Browse - displays files directly from remote servers.
    • Collect Files – collects traces and downloads them to the PC with RTMT installed.
    • Query wizard – work with trace files containing the query string.
    • Schedule Collection - scheduled trace collection
    • Local Browse - view traces collected on the local drive
    • Collect Erash Dump
    • Real time Trace - trace view in the real-time

    The Trace & Log Central can collect tons of data. You can use the following tools to simplify the SDI files analysis.

    Performance Monitor and Data Logging

    As already mentioned, Performance monitor contains a lot of different counters.

    We have already learned to configure Alert to be triggered on the certain Counter by the right-clicking on the counter.

    In addition, we can setup the counter logging – right click on the counter and select

    • Start Counter Logging

    Once the logging is configured you’ll be able to view logs with Performance Log Viewer.


    How We Improved Our CUCM (CallManager) Phone Directory

    Hi, I’m Kirill Basikhin, international key account manager from Aurus. Here, at Aurus, we develop a bundle of applications for Cisco Unified Communications Manager. And, yes, we do use our products, because they help us work faster, smarter and easily.

    This post is not going to be a promotional one, I’ll just describe the way we setup the enterprise CUCM directory with our product. Each paragraph below is a real-life daily use-case.

    The important feature used in all cases below is that our phone directory is integrated with CRM, so every contact I create in CRM automatically appears in the enterprise CUCM directory with phone numbers, manager (me or one of my colleagues) name, city, products purchased (or interested in).

    Incoming Calls from my Clients Get Routed Directly to Me

    We’ve got UCCX installed that receives any incoming call. A simple UCCX script sends the caller’s phone number to the CUCM directory software (PhoneUP Directory). The phone directory searches its database for the client number provided and sends the response to UCCX containing the phone number of manager (me), responsible for this client. UCCX then just forwards the call to me.

    So, every time my client calls Aurus he reaches me automatically. Cool? Yep!

    What if the Caller is Unknown?

    If UCCX does not receive the phone number to transfer the call to, it routes it to the reception (actually one of the marketing managers, we’re not a huge company). The girl receiving the incoming call gets a CAD (yeh, we still use the old-school Cisco Agent Desktop) popup with the list of employees to whom calls from the calling party were transferred most often (PhoneUP Operator).

    So when my aunt from Germany calls Aurus again (she doesn’t call my mobile, its expensive) the girl receiving the call gets a list with my name only (cause my aunt called previously and asked for me). Then she just clicks my name to forward the call.

    How do I Handle Calls from my Clients

    When the call reaches me, my Cisco IP phone shows the client name, the city and the product(s) purchased (remember, the CUCM phone directory is synchronized with our CRM).

    So I can greet the client, saying “Hi John, Kirill speaking. I can’t believe you finally tested PhoneUP!”.

    After all I’m a sales man and every smile on my client’s face will finally turn to another penny in my pocket.

    How do I Call my Client

    Our Cisco UCM phone directory provides the search interface on Cisco IP phone, but typing the client name using the IP phone keypad makes me wanna die (though several my clients do use it!). I usually make calls in 2 ways:

    • when I work with client card in CRM, I just click the client’s phone number to call him; this is the simple click2call feature but what is REALLY useful is that our click2call supports DTMF – even if the phone number is stored unformatted (like “+1 (408) 526-7209 ext.. 4576”) the CUCM directory software calls the PSTN number, waits for the answer and then dials the DTMF;
    • when I just want to call some person, I push “Ctrl-Q” to activate the “PhoneUP Agent” and use it to search the contact and make a call, the DTMF also works.

    My colleagues use Cisco Jabber and its phonebook is also integrated with CRM, but I’m old and I use the old-fashioned IM client.

    How do I Lunch


    When I’m quitting for the lunch, I just lock my PC. What happens then is that my Cisco IP phone automatically locks its keypad (PhoneUP Lock feature) and activates the “Forward All” mode.

    So, all calls from my clients are forwarded to my mobile.

    When back to my workplace I unlock my PC and my Cisco IP phone goes to the normal mode.

    How do I Manage Missed Calls

    At the end of working day I do not setup the Forward All, cause most of my clients do not bother themselves about the time shift.

    When I’m back to the office the next day, my Cisco IP phone shows the list of missed calls (XML-service provided by PhoneUP Directory).

    What is important, this list contains names of clients called. So I know who called me and I can check the CRM before calling back.

    How to Improve the Enterprise Security with Cisco UC Applications

    Secured Meet-Me conferences

    The Meet-Me conferencing functionality is provided by Cisco Unified Communications Manager in such a way that it's enough to dial-in to the conference to join it. Unless you deployed the latest CUCM v11 you can’t secure your Meet-Me conferences.

    The "Conference" module is developed to close this gap protecting the Meet-Me conferences:

    • by PIN – you need to know the PIN to join the meeting;
    • or by Caller ID – your phone number must be included into the predefined group for you to join the meeting.

    In addition the "Conference" module provides the meeting scheduler functionality (web-calendar or MS Outlook plugin) and conference control tool.

    Locking Cisco IP phone

    The "Lock" module restricts access to IP phone functions while his owner is away. The phone may be locked either manually or automatically when user's PC is locked or turned off. When locked, the IP phone:

    • denies the access to IP phone services (personal phone directory, information services, calls history and the list of missed calls, recorded calls archive and etc.);
    • allows only emergency calls to be made;
    • forwards all incoming calls to user's mobile.

    To unlock the IP phone its owner must unlock the PC or enter the PIN using the IP phone keypad.

    Extension Mobility automatic authentication

    Mobile employees working in different locations use the Extension Mobility functionality for authentication on IP phones and loading their profile (phone number, settings, etc.). To authenticate the employee has to enter his User ID and PIN, which he should always remember.

    A more convenient way is to use automatic authentication - when an employee logs in to PC his Extension Mobility profile is loaded automatically to the IP phone associated with this working place. When an employee leaves this location the current configuration of the device is replaced by the logout profile.

    Special call control features

    The "Forced Connection" feature enables top managers to get in touch with an employee even when the employee's phone is busy. When activated, the current call is put on hold and the employee gets connected to his manager.

    "Monitor", "Whisper", and "Barge" features are useful, for example, in the commercial department:

    • the team supervisor can silently listen to agents' calls with customers or others to ensure the high quality of service or sales is delivered;
    • using the "Whisper" feature he is able to privately coach the agent without the customer hearing what he says;
    • when monitoring the call a supervisor may join it to switch the call to a conference, where all three parties can hear each other.

    Cisco IP Phone: Lacking Features

    Employee, for the first time getting Cisco IP Phone, discovers all the delights of the enterprise IP telephony described in numerous articles by Cisco Systems and its partners.

    Indeed, the high call quality, audio / video conferencing tools and other collaboration services (voice mail, presence indication) make enterprise communications more convenient and efficient.

    However, your Cisco IP phone can be supplemented with additional features Cisco doesn't provide, which will increase the ROI of your new enterprise communications network.

    Let's start.

    Phone directory and Caller ID info

    The alternative solution to the out of the box CUCM phone directory allows you to synchronize all company contacts (employees, clients, partners and so on) into the one, always up to date enterprise directory, that provides users with fast search, Caller ID, click to call, call control and other features.

    When receiving an incoming call the display of your Cisco IP phone shows the detailed Caller ID info even when the call has come from mobile, PSTN etc.

    The list of missed calls contains not just phone numbers, but also the caller info – contact or company name. This allows user to identify the really important missed calls and call them back on time.

    These features of Cisco IP phone are provided by the "Directory" module of the PhoneUP bundle.

    Cisco IP phone for enterprise paging

    The "Paging" module allows using Cisco IP phones for group paging to enterprise employees.

    The ability to send text and audio messages to the group of Cisco IP phones allows you to use your IP telephony network for employee notifications. Unlike email and IM, the message sent to IP phone won't be overlooked due to the sound alarm played by the IP phone.

    Cisco IP phones can also be used for emergency announcements. With just one button you can put all phone calls on hold and broadcast your message through speakerphones with the max volume.

    Pre-recorded text and audio messages can be sent manually or on schedule. The paging may also be triggered by a third-party system (for example alarm system, manufacturing process monitoring tool etc) no notify the group of employees about the incident occurred.

    Special call control features

    The "Priority" module of the PhoneUP suite provides several special features for managers.

    The Forced Connection feature allows top manager to contact any employee even if his phone line is busy – the current call is put on hold and the employee gets connected to the manager.

    Silent Monitoring is another useful feature, which helps evaluating the quality of customer service. The supervisors' interface shows the client names sales managers are talking to and allows to listen to any conversation.

    Using the Whisper feature the supervisor is able to connect to any call and talk to the agent without making the client aware of the supervisors' presence. With the Barge feature the supervisor is able to add himself to the sales managers' call.

    Images from video cameras on the Cisco IP phone display

    Even if your Cisco IP phone doesn't support video, its display can still show video frames grabbed from the camera. For example, with just one push of a button the security officer will see who is at the door before opening it, any employee will access the video from the parking lot, the technologist will monitor the manufacturing area from anywhere in the enterprise, etc.

    Frequently used info on the Cisco IP phone display

    Cisco IP phones are able to display any data from the enterprise software in the real-time mode. For example:

    • exchange rates – for bank cahier,
    • KPI – for top managers,
    • agent performance data – for contact center supervisor.

    The benefit of using the IP phone for this purpose is that you only need to push one button to see the data without launching the software and navigating to the certain interface.

    This opportunity is provided by the "Inform" module of the PhoneUP bundle.

    Cisco IP Phone as an interface to enterprise software

    In some cases IP phone can be used to provide the user interface to 3rd party enterprise app. This is useful when the PC is unavailable, but the user interface is simple enough to be run on the IP phone display.

    For example, employees can use Cisco IP phone to maintain records of the working time - by pressing a few buttons the employee registers the start / end of the work, and the entered data is transferred to the enterprise software.

    Another example - the employee who issues goods needs to enter the order number to verify its status and configuration, confirm the issuance and print necessary documents – these operations don't require a PC, the IP phone with a large display will be enough.

    System Requirements

    The PhoneUP bundle integrates with Cisco Unified Communications Manager (CallManager) providing Cisco IP phones with all the features described above.

    Supported IP PBX and IP phones:

    IP-PBX Cisco:

    • Cisco Unified Communications Manager (CUCM) 6.X, 7.X, 8.X, 9.X,10.X;
    • Cisco BE 6000 / 7000.

    Cisco IP phones and other endpoints:

    • Cisco 6900 Series (6911, 6921, 6941, 6945, 6961);
    • Cisco 7800 Series (7821, 7841, 7861);
    • Cisco 7900 Series (7906, 7911, 7914, 7915, 7916, 7921, 7925, 7931, 7937, 7941, 7942, 7945, 7961, 7962, 7965, 7970, 7971, 7975);
    • Cisco 8900 Series (8941, 8945, 8961);
    • Cisco 9900 Series (Cisco Unified IP Phone 9971, Cisco Unified IP Phone 9951);
    • Cisco IP Communicator;
    • Cisco Jabber for Windows.

    CUCM Troubleshooting: Availability Issues

    In this article we discuss some issues of the CUCM environment troubleshooting.

    This time we will consider the aspects of CUCM availability.

    So, your CUCM responds slowly or doesn’t respond at all. Why?

    CUCM does not respond to endpoint requests

    When the Primary CUCM slows down or even dies IP phones and/or gateways lose the registration. When taking the receiver off the hook the tone appears with delay or does not appear at all.

    The most likely reasons for this are:

    • The CUCM server hung on the OS level and requires a reboot.
    • The Cisco Call Manager service hung. Also, there may be problems with the Cisco TFTP Server service responsible for the phone configuration loading. Check the status of both services (Serviceability > Tools > Control Center> Feature Services). Causes of the problems can be found in System logs .
    • High CPU load of the CUCM server. Check the CPU Usage to understand what process should be blamed.
    • A memory leak - you need to check the memory usage.

    CUCM System logs

    CUCM is an appliance based on Linux, and it does not provide a regular access to a full Linux console, therefore System log can only be viewed through RTMT.

    We need a Syslog Viewer - the analogue of Windows Event Viewer. If something is wrong with the system it’s one of the first interfaces to look at.

    System > Tools > Syslog Viewer

    Syslog Viewer allows you to view the messages from the following logs:

    • System Logs – everything that concerns hardware and OS
    • Application Logs – CUCM logs
    • Security Logs – user login attempts etc.

    Read more about working with RTMT here: Working with Cisco Unified RTMT

    If you have problems with the Cisco Call Manager service, then the following messages can appear.

    When the connection with the service is lost:

    The Cisco CallManager service terminated unexpectedly. It has done this one time. The following corrective action will be taken in 60000 ms. Restart the service.

    Timeout 3000 milliseconds waiting for Cisco CallManager service to connect.

    If you have problems with the launch:

    The service did not respond to the start or control request in a timely fashion.

    High CPU

    Cisco Call Manager service may stop responding because of a system resources (processor or memory) overloading.

    Most often it occurs at a high CPU load.

    We can monitor the CPU load in two ways:

    • CPU monitoring in CLI.
      The average CPU load can be seen by executing:
      show stats io
      show perf query class Processor

      CPU load by processes:
      show perf query counter Process "% CPU Time"
      show process load
    • CPU monitoring in RTMT
      This can be checked in the general information on the system:
      System > System summary

    CUCM Administration page is not displayed

    If the CUCM admin page (https:///ccmadmin) does not open:

    • First try to clear the browser’s cache
    • Check the network settings, try to ping the CUCM IP
    • If the CUCM is accessed by name, check the DNS, and whether the name resolves correctly
    • Make sure the Cisco Tomcat service is running
    • Check Firewall and Access Lists settings
    • Check the CPU load on the CUCM node

    Checking Cisco Tomcat service

    Use CLI to check the status of the service:

    utils service list

    Launch it if necessary:

    utils service start Cisco Tomcat

    Slow Server response

    The slow server response may cause: the delay to receive the dial tone, delays in opening the admin/user web-interfaces, delays in dialing.

    The possible reasons are:

    • The CUCM server and the switch have different Speed / Duplex.
      Check the settings on the server and the switch. Try to set Auto for both.
    • High CPU load or Memory leak. Check the CPU usage.
    • Also, the wrong Dial plan may cause delays in dialing.

    Network Settings

    The CUCM network settings may be checked with the CLI command:

    show network eth0

    You can change the value of the duplex or speed in CUCM by executing:

    set network nic eth0

    To view the switch network settings execute:

    show interface fa 1/0