Deploying Cisco Jabber on Mobile Devices

Similar documents
Deploying Cisco Jabber on Mobile Devices

Deploying Cisco Jabber on Mobile Devices Seongho Hong, Technical Marketing Engineer BRKCOL-2344

Deploying Cisco Jabber on Mobile Devices

User Management. Jabber IDs

Users. LDAP Synchronization Overview

Deploying Jabber Desktop Clients BRKUCC-2345

Mobile and Remote Access Through Cisco Expressway

User Management. Jabber IDs

Designing Workspace of the Future for the Mobile Worker

You can provide that information to the client with the following methods:

Unified Communications Mobile and Remote Access via Cisco Expressway

Unified Communications Mobile and Remote Access via Cisco VCS

Expressway for Mobile and Remote Access Deployments, page 1 Cisco AnyConnect Deployments, page 9 Survivable Remote Site Telephony, page 17

Configure Mobile and Remote Access

Configure Cisco Jabber

Cisco Jabber for Mac Installation and Configuration Guide 9.2(1)

Configure Centralized Deployment

Unified Communications Mobile and Remote Access via Cisco Expressway

On-Premises Deployment for Cisco Jabber 11.7

Configure Voice and Video Communication

Mobile and Remote Access Through Cisco Video Communication Server

You can use the following directory servers with Cisco Jabber:

Jabber Deployment Revisited

Deployment and Installation Guide for Cisco Jabber, Release 10.5

Mobile and Remote Access Through Cisco Expressway

Cisco Jabber 10.6 Deployment and Installation Guide

SAML-Based SSO Solution

Service Discovery. About Service Discovery

Known Issues, Limitations, and Important Notes

Configure the Clients

SAML-Based SSO Configuration

Limitations and Restrictions

Mobile and Remote Access Through Cisco Expressway

Cisco Jabber for iphone and ipad 9.6 Installation and Configuration Guide

Mobile and Remote Access Through Cisco Expressway

Federating Cisco Jabber

Where are we now? Cisco Jabber újdonságok, bevezetés, tervezés. Mihályfi Márton mérnök tanácsadó, collaboration február 27.

Empower, Engage & Innovate with Cisco Collaboration System Release 10

Security and Certificates

Push Notifications (On-Premises Deployments)

Mobile and Remote Access Through Cisco Expressway

SAML-Based SSO Configuration

Deploying OAuth with Cisco Collaboration Solution Release 12.0

Set Up Certificate Validation

Setup for Cisco Unified Communications Manager

Manage SAML Single Sign-On

Cisco DX Series Video Endpoints: Best Practices for Desktop Collaboration Enablement David Scott Technical Marketing Engineer BRKCOL-2608

Mobile and Remote Access Through Cisco Video Communication Server

Mobile and Remote Access Through Cisco Expressway

Cisco Enterprise Mobile Collaboration

Mobile and Remote Access Through Cisco Video Communication Server

Command or Action Step 1 with Cisco Jabber, on page 2. Configure Retrieval and Redirection, on page 3. Apply a Voic Service, on page 5

Cisco Jabber: Deploying Cisco Jabber On Premise

Mobile and Remote Access Through Cisco Expressway

Release Notes for Cisco Jabber for Mac 11.9

SAML-Based SSO Solution

Integrate with Directory Sources

Cisco Jabber 11.0 Deployment and Installation Guide

Release 8.6, page 2 Configure Cisco Unity Connection for Use with Cisco Jabber, page 3

Cisco Jabber for Windows 9.7(7) Release Notes

Common Policies. Parameters Reference Guide for Cisco Jabber

Hardware Requirements for Cisco Jabber for Mac. Intel Core 2 Duo or later processors in any of the following Apple hardware:

Command or Action Step 1. Create and Configure Cisco Jabber Devices, on page 1. Configure a SIP Trunk, on page 6

Jabber for Windows - Quick Start Guide

Cisco Jabber Features and Options

Configure Service Discovery

Cloud and Hybrid Deployments for Cisco Jabber 11.6

BRKCOC-2399 Inside Cisco IT: Integrating Spark with existing large deployments

Cisco Hosted Collaboration Solution (HCS) and Cisco Collaboration Cloud

Cisco Unified Communications XMPP Federation

Cisco Jabber for Android 10.5 Quick Start Guide

Community Manager Guide: Jive Jabber Add-on

Command or Action Step 1. Create and Configure Cisco Jabber Devices, on page 1

Configure Push Notifications for Cisco Jabber on iphone and ipad

Cloud UC. Program Downloads I WOULD LIKE TO... DOWNLOADING THE CLIENT SOFTWARE

Cisco Jabber includes a broad range of features. As indicated in the following table, some features are client-specific. Alert When Available

CAPPS: Implementing Cisco Collaboration Applications v1

Release Notes for Cisco Jabber for Mac 11.7.x

Implementing Jabber with VCS-Expressway and MRA

Cisco Expressway at the Collaboration Edge Design Session

Integrate with Directory Sources

Features and Options for Cisco Jabber 11.5

Cisco Collaboration Mid-Market architecture with BE6K and BE7K

HCS Update Business, Architecture, And Evolution

SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 12.0(1)

Integrate Microsoft Office Communicator and Microsoft Lync Clients for Cisco UC

Cisco Jabber Deployment for Multiple CUCM and IMP clusters using single Expressway-E and C.

SIMPLE (SIP for Instant Messaging and Presence Leveraging Extensions Used by CM-IMP. XMPP (extensible Messaging and Presence Protocol) Used by CM-IMP

Interdomain Federation Guide for IM and Presence Service on Cisco Unified Communications Manager, Release 11.5(1)SU2

Cisco Jabber IM for iphone

Cisco Unified Presence 8.0

Cisco Jabber for ipad Administration Guide

IM and Presence Service Network Setup

Requirements. System Requirements

Enabling External Collaboration and Federation with Expressway

IM and Presence Service Configuration for XMPP Federation

Unity Connection Version 10.5 SAML SSO Configuration Example

cisco. Number: Passing Score: 800 Time Limit: 120 min

Configuration and Administration for the IM and Presence Service, Release 11.5(1)SU5

BlackBerry UEM Configuration Guide

Transcription:

Deploying Cisco Jabber on Mobile Devices Seongho Hong Technical Marketing Engineer

Session Agenda Product, Feature & Architecture Overview Deploying Cisco Jabber for Mobile Flexible JID & Multiple IM Address Domain SAMLv2 Single Sign-On (SSO) File Transfer Security Features Distributing Cisco Jabber for Mobile Closing Thoughts 3

Overview of Cisco Jabber for Mobile

Cisco Collaboration Architecture People Enterprise Users Remote Workers Customers & Business Partners Experience Services Voice Video Conference Desktop Share Presence/IM Contact Search Voicemail Delivery On Premises Hybrid Cloud 5

Introducing Cisco Jabber for Mobile Single application turning your mobile device into a collaboration endpoint Works over public/home Wi-Fi, wireless LAN or mobile data network Supports smartphones & tablets running Apple ios or Android Instant access to UC workload Subscribes to services on-premises or in the cloud 6

Core Features of Cisco Jabber for Mobile Voice/Video Web Conferencing & Desktop Sharing Directory Search/ Contact Management Visual Voicemail IM/Chat Presence 7

What s New in Jabber 10.5 for Mobile Available Today SAMLv2 Single Sign-On (SSO) Phone-only mode More Android smartphones & tablets HD quality video on iphone & ipad Answer hunt group calls Visual design refresh Reset Jabber Telemetry service support 8

What s New in Jabber 10.6 for Mobile Available SOON SAMLv2 SSO over Cisco Expressway Flexible Jabber ID (JID) & multiple IM address domain support File transfer with 3rd party cloud storage system integration BFCP-based desktop sharing (receive only on tablets) Answer without unlocking on ios Real-time audio/video statistics Call Park SRST Failover More smartphones & tablets (including iphone 6 & 6 Plus) Cisco DX Series support New Android tablets: Samsung Galaxy Tab Pro 8.4 & 10.1 Samsung Galaxy Tab S 8.4 & 10.5 Samsung Galaxy Tab 3 8.0 Samsung Galaxy Tab 4 7.0, 8.0 & 10.1 Google Nexus 7 Sony Xperia Z2 Tablet Cisco DX Series New Android smartphones: Samsun Galaxy S5 Mini Samsung Galaxy Note 4 Sony Xperia Z3 HTC One Max HTC One M7 & M8 LG G3 Android 5.0 Lollipop support 9

Cisco Jabber Solution Architecture

Cisco Jabber On-Premises Deployment Home/public 802.11 Wi-Fi Mobile Data Network Internet Expressway-E Expressway-C Directory Server Unified IP Phones DX80 3G/4G or LTE Cisco ASA IM and Presence Unified CM Cluster (UDS) Enterprise 802.11 Wi-Fi MX700 Cisco Jabber 3G/4G or LTE Mobile Voice Network PSTN Cisco Jabber Unity Connection Enterprise Network WebEx Meeting Server 11

Cisco Jabber Hybrid Deployment Home/public 802.11 Wi-Fi Mobile Data Network Internet Expressway-E Expressway-C Directory Server Unified IP Phones DX80 3G/4G or LTE Cisco ASA Unified CM Cluster (UDS) Enterprise 802.11 Wi-Fi MX700 Cisco Jabber 3G/4G or LTE Mobile Voice Network PSTN Cisco Jabber Unity Connection Enterprise Network 12

Three Modes of Operation Full UC Mode Phone-Only Mode IM-Only Mode 13

User & Device

Cisco Jabber User Centric Architecture Unified CM Home Cluster Devices Service Profile Directory Number or SIP URI Policies & UC Settings Jabber User Permissions Groups & Roles 15

What is User? User is Person who carries the device Logical entity in: Unified CM (& IM and Presence) WebEx Messenger service User must exist regardless of the mode of operation! 16

Adding User in Unified CM IM and Presence IM and Presence User Authentication Unified CM Call Control Directory Server DB Sync LDAP Sync Jabber User Jabber ID (JID) Jabber User User Fields (UserID & Directory URI) Highly recommended User LDAP Attributes 17

Adding User in WebEx Messenger Service Directory Server User Data Enterprise Network Unified CM User Data Identity Management System (IdP) SSO When SSO is enabled, user will authenticate via SSO process. Option 1 Import using.csv File WebEx OrgAdmin Option 2 Manual Creation User Data User will be authenticated directly to WebEx Messenger unless SSO is enabled. Option 3 Self Registration Option 4 SSO Account Creation Jabber User [User@XMPP Domain] 18

What is Device? Device is What user carries Where Cisco Jabber runs A logical entity in Unified CM Required only when voice/video is needed Can be added via Admin GUI or via BAT Jabber User Unified CM 19

Device Type in Unified CM Platform ipad & Android Tablet w/o Cellular Voice Capability iphone Android Smartphone & Tablet w/ Cellular Voice Capability Product Type (Device Type) Cisco Jabber for Tablet Cisco Dual Mode for iphone Cisco Dual Mode for Android Device Protocol SIP SIP SIP Device Name TAB<USERID> e.g. TABKJONES TCT<USERID> e.g. TCTKJONES BOT<USERID> e.g. BOTKJONES COP File A COP file is required for all supported versions of Unified CM A COP file is required for all supported versions of Unified CM A COP file is required for all supported versions of Unified CM 20

User & Device Association Map Don t forget! User Line association Jabber User User Group association Line (Directory Number) Devices Groups & Roles Line Device association Soft Phone Soft Phone User Device association Standard CCM End User Group Line Device association Desk Phone Desk Phone User Device association Unified CM Web Access Role 21

New in 10.6 Flexible JID & Multiple IM Address Domain

Formatting Jabber ID (JID) with Flexible JID Structure Jabber ID (JID) User Fields LDAP Attributes Jabber 10.6 or later DB Sync LDAP Sync Jabber 10.5 or earlier IM/P UCM samaccountname LDAP mail UserID@PresenceDomain UserID employeenumber telephonenumber Jabber User (JID) or or userprinciplename or Directory URI (e.g. first.last@domain) Directory URI mail msrtcsip-primaryuseraddress 23

Flexible JID Structure Example UserID (UID): smiller JID: sue.miller@example.com Without Flexible JID, Sue s JID would have been: smiller@example.com. Jabber User (Sue Miller) Jabber-config.xml <BDIUseSIPURIToResolveContact s>true</bdiusesipuritoresolvec ontacts> <BDISipUri>mail</BDISipUri> Unified CM LDAP Directory Settings IM and Presence Default Domain: example.com DB Sync JID = URI: sue.miller@example.com Unified CM Advanced Presence Settings LDAP Sync UserID: smiller URI: sue.miller@example.com Directory Sue Miller samaccountname=smiller mail= sue.miller@example.com 24

User Login Old Behavior without Flexible JID Structure UserID: smiller Directory URI: sue.miller@example.com 1. Sign in over SOAP using UCM UserID smiller 2. Retrieve domain from IM and Presence server example.com IM and Presence Jabber User (Sue Miller) 3. Connect over XMPP to IM and Presence server combining UserID & the retrieved domain as JID: smiller@example.com Default Domain: example.com 25

User Login New Behavior with Flexible JID Structure Always use UCM UserID to sign in! UserID: smiller Directory URI: sue.miller@example.com 1. Sign in over SOAP using UCM UserID smiller 2. Retrieve IM address from IM and Presence server sue.miller@example.com IM and Presence Jabber User (Sue Miller) 3. Connect over XMPP to IM and Presence server using the retrieved IM address as JID: sue.miller@example.com Default Domain: example.com 26

Contact Search Old Behavior without Flexible JID Structure 1. Search for Anita against LDAP LDAP UserID: aperez Directory URI: anita.perez@example.com Jabber User (Sue Miller) UserID: smiller Directory URI: sue.miller@example.com 2. LDAP returns samaccountname= aperez Use the retrieved value that matches with UserID to build JID. UCM UserID is synced off samaccountname. So, JID=aprez@example.com 3. Add the roster entry using the combined JID: aprez@example.com IM and Presence Default Domain: example.com 27

Contact Search New Behavior with Flexible JID Structure 1. Search for Anita against LDAP LDAP UserID: aperez Directory URI: anita.perez@example.com Jabber User (Sue Miller) UserID: smiller Directory URI: sue.miller@example.com 2. LDAP returns mail= anita.prez@example.com Use the retrieved value that matches with Directory URI as JID. Directory URI is synced off mail. So, JID=anita.perez@example.com 3. Add the roster entry using the retrieved JID: anita.prez@example.com IM and Presence Default Domain: example.com 28

Multiple IM Address Domain Support Jabber 10.6 for mobile supports multiple IM address domains Allows JIDs with different domains in a single IM/presence deployment e.g. seongho@cisco.com, sally.kim@webex.com & bobcook@meraki.cisco.com Requires IM Address Scheme to be set to Directory URI Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, 10.0(1)/10.5(1) 29

Enabling UC Services for User

Where Does Cisco Jabber Get Configuration? Device Configuration jabberconfig.xml IM & Presence On-Premises Deployment URL Configuration Hybrid Deployment UC Service Profile End User Input Local Cache jabberconfig.xml UC Cluster Settings in OrgAdmin Device Configuration 31

UC Services & Service Profile in Unified CM Unified CM 9.x or higher Service Profile IM & Presence Profile CTI Profile* Voicemail Profile Jabber User * In general, CTI Profile is not needed for the current Cisco Jabber mobile clients as they do not support the desk phone control. Conferencing Profile Directory Profile UC Services in Service Profile 32

Directory Profile Defines parameters for Jabber s directory integration Takes higher priority over jabberconfig.xml Does not specify: Custom LDAP attribute mappings URI substitution for contact photos Should not be enabled unless UDS is only the contact source. Cisco highly recommends that jabber-config.xml be used to configure Jabber directory integration as currently a limited subset of directory parameters can be defined in directory profile. 33

Enabling UC Services for User in Unified CM Assign Unified CM home cluster Enable IM and Presence service Assign a UC Service Profile Unified CM Home Cluster UC Service Profile ( Master Profile ) 34

Enabling UC Services for User in WebEx Messenger Create Cluster(s) in Unified Communications menu Voicemail needs to be defined before Cluster(s) gets added Assign the Cluster(s) to User in Add or Edit User configuration page 35

Deploying Jabber in Phone-Only Mode IM and Presence service is not required Registers directly to Unified CM as a SIP device Via service discovery or manual sign in BOT, TCT or TAB associated with user Directory number or SIP URI Supports both voice & video Disable IM & presence for user in Unified CM User must exist in Unified CM Sign-in with DeviceID is currently not supported 36

IM-Only Mode with Unified CM IM and Presence End user should be enabled for IM and Presence in Unified CM No device association is required Parameters to hide telephony UE components on Jabber On URL configuration string, ciscojabber://provision?servicesdomain=cisco.com&telephony_enabled=false In jabber-config.xml, <Telephony_Enabled>false</Telephony_Enabled> Higher priority than URL Config String 37

Integrating with Contact Source

Selecting Contact Source for Cisco Jabber LDAP based Contact Source (On Prem Default) Active Directory by default or other LDAP directory environments Contact source is a MUST in every Jabber deployment! HTTPS/REST based Contact Source (Expressway Default or On Prem Alternative) UDS built into Unified CM 8.6(2)+ WebEx Messenger Contact Source (Cloud Default) WebEx Messenger service database Device Local Phone Contacts Search only; cannot be added as contact in Jabber 39

User Data Service (UDS)* as Jabber s Contact Source Sync Directory Server Resolve Cisco Jabber resolves contact lookups against UDS Unified CM Clusters aperez@example.com Anita Perez 555-325-1010 Recommend that UDS get synced from corporate directory Unified CM 9.1(2) or higher is required for UDS to support Jabber as contact source jabber-config.xml is a must Jabber automatically selects only UDS when via Cisco Expressway * UDS is a web service on Unified CM providing RESTful API for consumers such as Jabber to display or manage user s data or preference settings. 40

What is jabber-config.xml File? Global configuration file for Jabber clients Admin creates & uploads to TFTP server Jabber downloads as user signs in Customizes or configures directory integration Enhanced Directory Integration (EDI)* Basic Directory Integration (BDI) A group configuration file can be assigned to a group of devices** Highly recommended jabberconfig.xml Keep it minimal! Add only what you need! TFTP restart is not required! TFTP group_configration _file_iphone.xml New in 10.6 * Only for Windows; jabber-config.xml is optional for EDI. ** New in Jabber 10.6 for mobile 41

Basic Directory Integration (BDI) for Contact Source Jabber s integration method for LDAP directories (incl. AD) For on-premises deployment No auto directory discovery mechanism Supported by Jabber clients on non-windows platforms jabber-config.xml is highly recommended! <?xml version="1.0" encoding="utf-8"?> <config version="1.0 > <!-- LDAP Directory configuration for non-windows platform clients --> <Directory> <DirectoryServerType>BDI</DirectoryServerType> <BDIPhotoURISubstitutionEnabled>True</BDIPhotoURISubstitutionEnabled> <BDIPhotoURISubstitutionToken>sAMAccountName</BDIPhotoURISubstitutionToken> <BDIOtherPhone>telephoneNumber</BDIOtherPhone> <BDIEmailAddress>mail</BDIEmailAddress> <BDIPresenceDomain>jabber.net</BDIPresenceDomain> <BDILDAPServerType>AD</BDILDAPServerType> <BDIPrimaryServerName>10.1.1.1</BDIPrimaryServerName> <BDIServerPort1>389</BDIServerPort1> <BDISearchBase1>CN=Users,DC=example,DC=com</BDISearchBase1> <BDIConnectionPassword>jabber</BDIConnectionPassword> </Directory> </config> Sample only 42

SAMLv2 Single Sign-On (SSO)

SSO User Experience Design Concept for Jabber Option 1 Jabber will display embedded browser page from IdP to get login credentials from user. Jabber starts & continues the service discovery process. Option 2 Jabber will cross launch a native browser. Jabber signing in; no additional credentials is requested. Signed in for all provisioned UC services; no need to enter additional credentials for the UC services. 44

SAMLv2 SSO Architecture for On-Premises Deployment Corporate DMZ Identity Management Cisco Jabber on Mobile SAMLv2 OAuth SAMLv2 IM/P 10.5 CWMS 2.5 CUC 10.5 UCM 10.5 Single credentials for all SSO enabled UC services UC services will directly integrate with IdP via SAML New in Cisco Expressway 10.6 or AnyConnect is required if outside enterprise network 3 rd Party Identity Provider LDAP Sync SSO Enabled On-Prem UC Services UCM: Cisco Unified CM IM/P: Cisco Unified CM IM and Presence CWMS: Cisco WebEx Meeting Server CUC: Cisco Unity Connection Directory 45

SAMLv2 SSO Architecture for Hybrid Deployment Corporate DMZ Identity Management Cisco Jabber on Mobile SAMLv2 OAuth SAMLv2 Jabber 10.6 with WebEx Messenger using the same IdP should be able to login to SSO enabled on-premises UC services using same credentials AnyConnect or Cisco Expressway is required to access on-premises UC servers if outside enterprise network SAMLv2 New in 10.6 UCM 10.5 CUC 10.5 3 rd Party Identity Provider SSO Enabled On- Prem UC Services LDAP Sync Directory.cvs FTP Messenger Meeting Center WebEx Cloud Services 46

Jabber SSO Flow over Expressway Summary 1 2 3 Edge & SSO Detection via Service Discovery Authentication & Authorization via SSO Edge Configuration & Device Registration 47

Edge Detection & SSO Check Jabber Web DNS IdP Exp-E Exp-C UDS Authz UCM 1. Determine if outside 2. Ask if SSO is enabled 3. Find home cluster 4. Find if SSO is enabled 5. SSO is enabled; where to send authorization request 48

Authenticated & Authorized via SSO Jabber Web DNS IdP Exp-E Exp-C UDS Authz UCM 1. Request for authorization 2. Redirected to IdP with SAML Request 3. Authenticated & get SAML Assertion 4. Ask for access token with SAML Assertion 6. Jabber gets access token 5. Swap SAML Assertion with access token 49

Getting Edge Configuration & Registering Device Jabber Web DNS IdP Exp-E Exp-C UDS Authz UCM 1. Request for edge configuration 2. Receive edge configuration 3. Request for UDS access to get device data 4. Validate token 5. Receive device data 50

Requirements for SAMLv2 SSO Cisco Jabber 10.5 or higher* 3rd Party Identity Providers Microsoft AD Federation Services 2.0 OpenAM 10.1 Ping Federate 6.10.0.4 On-Premises UC Services Unified CM & IM and Presence 10.5* Unity Connection 10.5* WebEx Meeting Server 2.5 WebEx Cloud Services WebEx Messenger Service WebEx Meeting Center The following is also required: NTP server DNS server Directory server (AD or LDAP based) Cisco Expressway X8.5 or higher* * To support SSO over Cisco Expressway, the following is required: Jabber 10.6 or higher Unified CM & IM and Presence 10.5(2) or higher Cisco Expressway X8.5 or higher 51

File Transfer

File Transfer in Cisco Jabber 10.6 for Mobile Users can share photos, files & screen captures In a 1:1 chat or a group chat* Integration with 3rd party cloud file storages Save received files on mobile devices Android received files in SD card ios sent/received files in Jabber app folder File transfer events can be logged for compliance purpose* * File transfer in group chats & compliance logging require Managed File Transfer turned on. 53

Support for Managed File Transfer (MFT) Only with Unified CM IM and Presence IM and Presence 10.5(2)+ running XCP File Transfer Manager Allows file transfer in a group chat Enables event logging for compliance & audit purposes Requires external database & external file server PostgreSQL or Oracle external database server Linux (CentOS) file server providing file storage & distribution External File Server External Database IM and Presence 54

Jabber File Transfer Flow with MFT Enabled Jabber - Sender Jabber - Receiver IM and Presence External File Server External Database 1. Sender uploads a file via HTTP 2. File stored in repository 3. Audit log written to database for upload 4. IM and Presence sends back a URI for the file 5. IM with the URI for file 6. Requests the file via HTTP 7. Retrieves the file from repository 8. Audit log written to database for download 9. Downloads the file via HTTP 55

File Transfer Policies & Settings WebEx Messenger Unified CM IM and Presence In jabber-config.xml, File_Transfer_Enabled Disallowed_File_Transfer_Types (file extension such as.exe) Diasallow_FileTransfer_On_Mobile P2P_File_Transfer_MaxSize_KB In IM and Presence Admin GUI, File Transfer Type : Enabling MFT Disabled (system-wide) Peer-to-Peer Managed File Transfer Managed File Transfer Configuration : Maximum File Size 56

Security in Cisco Jabber

Secure Communications with UC Services Active Directory or LDAP Server Voice or Video Cisco Unified CM Web Server for Contact Photos Cisco Unified CM UDS Server Cisco Unity Connection VMREST/HTTPS Cisco Unified CM TFTP Server Cisco Jabber Cisco Unified CM IM and Presence Meeting Center 58

Signaling & Media Encryption over Expressway SIP (or SIP over TLS) Secure RTP XMPP (or XMPP over TLS) Expressway-E Firewall Expressway-C SIP line side (not trunk) UCM Call Control (Mixed Mode) UCM Mixed Mode is required to secure SIP & RTP within the enterprise. Secure RTP between Expressway-C and endpoints including Jabber requires Expressway X8.2 or higher. Secure XMPP between Expressway-C & UCM IM/P is not supported. Encrypted Cisco IP Phone Cisco Jabber Encrypted only when UCM is Mixed Mode; Jabber requires CAPF enrollment IM and Presence Cisco Jabber 59

UC Server Certificate Validation Jabber validates all certificates from UC application servers End user will get prompted if validation fails Certificate is invalid (self signed certificates) Certificate not matching with one in the cache End user has to choose: Continue or Decline Not the best user experience! Cisco Jabber Unity Connection (Tomcat) <Protocols> HTTPS & XMPP over TLS <Servers> UCM CCMCIP, IM and Presence XMPP/SOAP Unity Connection Unified CM Cluster (Tomcat) IM and Presence (Tomcat & XMPP) Note: CWMS requires a valid certificate to deploy. Jabber assumes the certificate is valid. If it is not, the connection fails. 60

Pre-installing Root CA Certificate Enhance end user experience by pre-installing root CA certificate on mobile devices Cisco Jabber will not prompt to validate server certificates Options for distributing root CA certificate As an attachment in email SCEP (Simple Certificate Enrollment Protocol) ios: User taps on the attachment to install the certificate Android: User downloads/saves the certificate in local SD card or its subfolder; opens the certificate from the saved location Admin emails the certificate as attachment 61

Cisco Jabber for Mobile in App Sandbox App Sandbox Application X App Sandbox Application Y App Sandbox Application Z App Sandbox Cisco Jabber App User Data User Credentials* Server Addresses Contacts List Avatar Files Favorites User Settings Chat History*** Certificates** Log Files Voicemail Recents Jabber app & user data get sandboxed unencrypted. Everything in the sandbox will be removed when Jabber is deleted by user. * On Android, user credentials are encrypted using AES-128 before they get stored in the sandbox. On ios, user credentials are stored only in the ios Keychain (encrypted container), not in the sandbox. ** Server certificates are stored encrypted on ios; stored unencrypted on Android. *** Chat history gets stored only when enabled by the system admin. 62

Distributing Cisco Jabber for Mobile

Where to Find the Latest FCS Software Cisco Jabber is a free download Recommended that end users download/upgrade directly from App Store or Google Play Store 3 rd party MDM/MAM* solution may be used to wrap/distribute Jabber within the organization * MDM (Mobile Device Management) / MAM (Mobile Application Management) 64

Community Based App Wrapping Support Looking to building out an on-line community in Customer Connection Program (CCP) to support for Jabber wrapping Distribute software outside of App Store while staying in Apple s developer license agreement For customers & partners (invitation only) Starting with several leading MAM/MDM makers but plan to expand to cover more vendors 65

Closing Thoughts

Key Takeaways Cisco Jabber for mobile can provide the core UC features with video on most commonly used mobile devices Cisco Jabber for mobile can be deployed either on-premises or in the cloud Cisco Jabber for mobile can operated in three different modes: full UC, phone-only & IM-only Cisco Jabber for mobile has added and will be adding more capabilities and functionality to provide more deployment flexibility for system admins and better user experience for end users 67

Call to Action Visit the World of Solutions for Cisco Campus Mobile Experience at Collaboration area Meet the Engineer Seongho is available for walk-ins on Wednesday (9-11am) & Thursday (10-12am) Email seongho@cisco.com to arrange a meeting anytime until EoB Thursday Recommended Reading: for reading material and further resources for this session, please visit www.pearson-books.com/clmilan2015 68

Complete Your Online Session Evaluation Please complete your online session evaluations after each session. Complete 4 session evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt. All surveys can be completed via the Cisco Live Mobile App or the Communication Stations 69

IPv6-only Experimental SSID (with NAT64) SSID: IPV6ONLYEXP PASS: iknowbesteffort Addressing: SLAAC + stateless DHCPv6 Offsite NAT64 (Thanks to Go6 Institute) Questions/support: @ayourtch Hashtag: #IPV6ONLYEXP SLA: it s in the password 70

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback