Deploying Cisco Jabber on Mobile Devices

Similar documents
Deploying Cisco Jabber on Mobile Devices

Deploying Cisco Jabber on Mobile Devices

You can provide that information to the client with the following methods:

Cisco Jabber: Deploying Cisco Jabber On Premise

Service Discovery. About Service Discovery

Mobile and Remote Access Through Cisco Expressway

Configure Mobile and Remote Access

Configure Cisco Jabber

Cisco Jabber for iphone and ipad 9.6 Installation and Configuration Guide

User Management. Jabber IDs

Unified Communications Mobile and Remote Access via Cisco VCS

Unified Communications Mobile and Remote Access via Cisco Expressway

Known Issues, Limitations, and Important Notes

Expressway for Mobile and Remote Access Deployments, page 1 Cisco AnyConnect Deployments, page 9 Survivable Remote Site Telephony, page 17

Configure Service Discovery

Cisco Jabber 10.6 Deployment and Installation Guide

Designing Workspace of the Future for the Mobile Worker

Unified Communications Mobile and Remote Access via Cisco Expressway

Configure Voice and Video Communication

Deployment and Installation Guide for Cisco Jabber, Release 10.5

Cisco Jabber Deployment for Multiple CUCM and IMP clusters using single Expressway-E and C.

User Management. Jabber IDs

Users. LDAP Synchronization Overview

Cisco Jabber for Mac Installation and Configuration Guide 9.2(1)

Where are we now? Cisco Jabber újdonságok, bevezetés, tervezés. Mihályfi Márton mérnök tanácsadó, collaboration február 27.

Command or Action Step 1. Create and Configure Cisco Jabber Devices, on page 1. Configure a SIP Trunk, on page 6

Deploying Cisco Jabber on Mobile Devices Seongho Hong, Technical Marketing Engineer BRKCOL-2344

You can use the following directory servers with Cisco Jabber:

Cisco Jabber 11.0 Deployment and Installation Guide

Mobile and Remote Access Through Cisco Video Communication Server

Configure Centralized Deployment

Mobile and Remote Access Through Cisco Expressway

Setup for Cisco Unified Communications Manager

Cisco Jabber for Windows 9.7(7) Release Notes

Release Notes for Cisco Jabber for Mac 11.9

Requirements. System Requirements

Implementing Jabber with VCS-Expressway and MRA

Federating Cisco Jabber

Cisco DX Series Video Endpoints: Best Practices for Desktop Collaboration Enablement David Scott Technical Marketing Engineer BRKCOL-2608

Configure the Clients

Cisco Enterprise Mobile Collaboration

On-Premises Deployment for Cisco Jabber 11.7

CAPPS: Implementing Cisco Collaboration Applications v1

Jabber for Windows - Quick Start Guide

Common Policies. Parameters Reference Guide for Cisco Jabber

Hardware Requirements for Cisco Jabber for Mac. Intel Core 2 Duo or later processors in any of the following Apple hardware:

Jabber Deployment Revisited

Deploying B2B URI Dialing with Cisco UC Manager and VCS Expressway Solution

Deploying Jabber Desktop Clients BRKUCC-2345

Deploying TelePresence and Video Endpoints on Unified Communications Manager

Limitations and Restrictions

Security and Certificates

Cisco Jabber includes a broad range of features. As indicated in the following table, some features are client-specific. Alert When Available

Release 8.6, page 2 Configure Cisco Unity Connection for Use with Cisco Jabber, page 3

Mobile and Remote Access Through Cisco Expressway

Cisco Expressway Session Classification

Cloud and Hybrid Deployments for Cisco Jabber 11.6

Command or Action Step 1. Create and Configure Cisco Jabber Devices, on page 1

Mobile and Remote Access Through Cisco Expressway

Integrate with Directory Sources

Integrate with Directory Sources

Mobile and Remote Access Through Cisco Expressway

Mobile and Remote Access Through Cisco Expressway

Mobile and Remote Access Through Cisco Video Communication Server

SIMPLE (SIP for Instant Messaging and Presence Leveraging Extensions Used by CM-IMP. XMPP (extensible Messaging and Presence Protocol) Used by CM-IMP

Cisco Expressway Options with Cisco Meeting Server and/or Microsoft Infrastructure

Mobile and Remote Access Through Cisco Expressway

Empower, Engage & Innovate with Cisco Collaboration System Release 10

Install the Clients. Install Cisco Jabber for Windows. Use the Command Line. Before You Begin

Set Up Certificate Validation

Mobile and Remote Access Through Cisco Video Communication Server

Cisco Hosted Collaboration Solution (HCS) and Cisco Collaboration Cloud

Deploying OAuth with Cisco Collaboration Solution Release 12.0

Integrate Microsoft Office Communicator and Microsoft Lync Clients for Cisco UC

Migrating from VCS to CUCM

cisco. Number: Passing Score: 800 Time Limit: 120 min

Command or Action Step 1 with Cisco Jabber, on page 2. Configure Retrieval and Redirection, on page 3. Apply a Voic Service, on page 5

Release Notes for Cisco Jabber for Mac 11.7.x

Integrate Microsoft Office Communicator Client and Microsoft Lync Client for Cisco UC

Cisco Unified Communications XMPP Federation

Cisco Jabber for ipad Administration Guide

Cisco Jabber Video for ipad Frequently Asked Questions

Configure Directory Integration

TLS Setup. TLS Overview. TLS Prerequisites

Planning Your Deployment

Cisco Jabber for Android 10.5 Quick Start Guide

Push Notifications (On-Premises Deployments)

Release and General Information

Interdomain Federation Guide for IM and Presence Service on Cisco Unified Communications Manager, Release 11.5(1)SU2

Cisco TelePresence Conductor with Cisco Unified Communications Manager

Troubleshooting Jabber Like a TAC Engineer Robbie Horgan Test Engineer BRKUCC-2347

Cisco Unified Communications Domain Manager manual configuration

IM and Presence Service Configuration for XMPP Federation

BRKCOC-2399 Inside Cisco IT: Integrating Spark with existing large deployments

INTEGRATING CISCO UNIFIED COMMUNICATIONS APPLICATIONS

Cisco Jabber Features and Options

Frequently Asked Questions: Cisco Jabber Voice 9.1(4) for Android

Install the Clients. Install Cisco Jabber for Windows

Cisco Jabber Reference Information

Telepresence solution design,features, updates

Transcription:

Deploying Cisco Jabber on Mobile Devices Seongho Hong Technical Marketing Engineer

Session Objectives At the end of the session, participants should be able to: List the latest offerings of Cisco Jabber on mobile devices Articulate how service discovery helps improving the first time end user experience of Cisco Jabber Explain how Cisco Jabber works with Cisco Expressway Mobile and Remote Access feature Understand the new security enhancements for Cisco Jabber mobile clients 3

Session Agenda Update for Cisco Jabber on Mobile Service Discovery in Detail User Data Service (UDS) Service Profile & jabber-config.xml Service Discovery Scenarios Working with Cisco Expressway Security Enhancements Key Takeaways 4

Update for Cisco Jabber on Mobile

Cisco Jabber in a Comprehensive Architecture People Enterprise Users Remote Workers Customers & Business Partners Experience Services Voice Video Conference Desktop Share Presence/IM Contact Search Voicemail Delivery On Premises Hybrid Cloud 6

Cisco Jabber for iphone and ipad & Android 9.6 Single unified client for iphone, ipad & Android smartphones Full UC capabilities with video Voice, video, presence & IM within a single client Interoperable with Cisco TelePresence endpoints Key new features Cisco Expressway support* Unified CM UDS support* Service discovery SIP URI dialing SIP over TLS & srtp Admin control of saving password Available NOW Session s Focus * Requires Cisco Jabber for iphone and ipad 9.6(1) or higher. 7

Cisco Jabber Voice for iphone & Android 9.1 Rebranded from previous Jabber for iphone/android As different app in App Store/Google Play In maintenance mode (no new features) EoS/EoL is being planned Registers directly to Unified CM Voice only (no video support) No IM/presence service Cisco Expressway Mobile and Remote Access feature is not supported Available NOW On iphone On Android Smartphone 8

Cisco Jabber Video for ipad 9.3 Rebranded from previous Jabber for ipad As different app in App Store In maintenance mode (no new features) EoS/EoL is being planned for the Unified CM mode Without presence service, Registers to VCS* as phone only mode Registers to Unified CM as phone only mode Cisco Expressway Mobile and Remote Access feature is not supported Available NOW * Cisco Video Communication Server 9

Service Discovery in Detail

Cisco Jabber User Centric Architecture Unified CM Home Cluster Devices Service Profile Directory Number Policies & UC Settings Cisco Jabber User Permissions Groups & Roles 11

Service Discovery is to Select Operating Mode Subscribe to UC Services Cloud or On-Premises Determine Operating Location Discover UC Services Domain Inside or Outside 12

Why Service Discovery? Completely NEW way for Cisco Jabber to start up Cisco Jabber s cross-platform initiative Minimizes the chance for misconfiguration Reduces end user support calls Enhances the first time user experience 13

NOT the Best First Time Jabber Experience! 14

What Triggers Service Discovery on Cisco Jabber? First time user login When no locally cached information available Network change events When the user moves into the corporate network Transport errors (SIP, XMPP & HTTP) When the user moves out from the corporate network Note: DNS SRV lookup is performed only when there is a real-time network activity to save battery life on mobile platforms. 15

Network Transition Scenarios in Detail Cisco Jabber detects network loss Network comes back with same IP address OR Keeps the media path until user hangs up Starts service discovery to decide if the edge is needed Reconnects IM/presence Puts active call in preservation mode Starts monitoring network interfaces Starts counting with timer OR Disconnects the call Starts service discovery to decide if the edge is needed Reconnects to IM/presence & reregisters for voice/video User needs to manually disconnect the preserved call 16

Setting Service Discovery Domain at First Login Local cache in the device Already stored in cache from previous login Migration case Manual entry by end user username@<domain_name> May or may not be user s email address Preset by administrator Auto-populated via URL Configuration cpaige@ example.com 17

Subsequent Login Process Cisco Jabber uses the cached information to connect to UC services No service discovery End user will not get prompted for username@<domain_name> If the connection to the login service is failed, service discovery will be triggered 18

Starting Service Discovery CAS: Connect Authentication Service http://loginp.webexconnect.com/ cas/federatedsso?org=[doma IN_NAME] Manual entry by user OR Domain name Domain name(s) Via URL Configuratio n Service Discovery Component Edge Detection Component HTTP Request to WebEx CAS SRV Lookup: _collab-edge SRV Lookup: _cisco-uds _cuplogin Note: DNS query for _collab-edge will be issued regardless of responses from DNS queries by Service Discovery component. Messenger DNS Internal or External 19

Determining Operating Location via Service Discovery Inside or outside the corporate network? HTTP Request to WebEx CAS DNS SRV Lookup Cisco Jabber determines the location using the returns from DNS SRV lookups Inside network _cisco-uds _cuplogin Internal DNS HTTP Request to WebEx CAS DNS SRV Lookup Outside network _collab-edge External DNS 20

Selecting Operating Mode via Service Discovery Where is the IM/presence service from? Priority Service HTTP Request / DNS SRV 1 WebEx Messenger HTTP CAS lookup 2 Unified CM 9.x _cisco-uds._tcp.<domain_name> 3 Cisco Presence 8.x _cuplogin._tcp.<domain_name> 4 Cisco Expressway _collab-edge._tls.<domain_name> Among all responses (HTTP response & DNS SRV lookup results), the record with the highest priority will be used. Important: When connected to WebEx Messenger, UC settings from OrgAdmin are used to connect to the remaining UC services. 21

Home Cluster & Service Discovery Flow Example Jabber User john DNS SRV Lookup Corporate DNS Central UCM Cluster UDS Remote UCM Cluster-1 UDS Remote UCM Cluster-1 TFTP Remote UCM Cluster-1 UCM Remote UCM Cluster-2 UDS Central UCM Address Where is my home cluster? I am not. Are you john s home cluster? Are you john s home cluster? Yes I am. No I am not. Your home cluster is Remote UCM Cluster-1. Login request with password Authenticated Request for the location of the configuration for john Location of the configuration file for john When Jabber has already learned about UDS address Request for the configuration file for john Send the configuration file for john Register device 22

Service Discovery Flow On-Premises Deployment HTTP Request to CAS URL for corp.example.com 2 Messenger Home UCM Cluster 1 corp.example.com is not WebEx domain 3 cpaige DNS SRV @ lookup 2 corp.example.com _cisco-uds Inside the office 3 Central UCM UDS address Internal DNS Look for home UCM cluster 6 4 Service Profile & jabber-config from TFTP 5 7 User log in Home UCM cluster address UCM IM/P Central UCM UDS 8 Connect/ Register UCM Call Control Unity Connection WebEx Meetings Server 23

Service Discovery Flow Hybrid Deployment 2 HTTP Request to CAS URL for example.com 3 example.com is WebEx domain Ignores response from DNS Messenger 4 User log in 5 UC settings from OrgAdmin Home UCM Cluster 3 Central UCM UDS address 6 Connect/ Register Unity Connection 1 cpaige @ example.com Inside the office DNS SRV lookup 2 _cisco-uds Internal DNS Meeting Center 24

Service Discovery Flow Outside Corporate Network Cisco Jabber External DNS Expressway-E Firewall Expressway-C Internal DNS Home UDS Home TFTP IM/Presence DNS queries _collab-edge Establish TLS connection Request for edge config UCM, TFTP, IM/P SRV SIP, XMPP, HTTP edge Etc. Respond with edge config data Request for edge config Respond with edge config data DNS queries _cisco-uds.. User authentication DNS SRV lookups Jabber determines whether it s inside or outside using the results from DNS SRV lookups. Outside if neither _cisco-uds or _cuplogin returns All subsequent messages 25

URL Configuration for Further Simplification URL is sent to users via email or wiki ciscojabber://provision?servicesdomain=example.com&voiceservicesdomain=corp.example.com Download/install Cisco Jabber client prior to executing URL configuration During installation, Cisco Jabber registers the ciscojabber protocol handler As user clicks the URL, Cisco Jabber will be cross-launched & information in the URL will be auto-populated for service discovery User will not be asked to enter username@<domain_name> Service Discovery URL Configuration Best End User Experience 26

Services Domain vs. Voice Services Domain Manual Entry by End User Only one domain name is obtained from user s manual entry HTTP Request to WebEx CAS for corp.example.com Jabber uses the same domain name for VoiceServicesDomain cpaige @ corp.example.com ServicesDomain= VoiceServicesDomain =corp.example.com DNS SRV Lookup _cisco-uds._tcp.corp.example.com _cuplogin._tcp.corp.example.com _collab-edge._tls.corp.example.com 27

Services Domain vs. Voice Services Domain (Cont.) Via URL Configuration ServicesDomain & VoiceServicesDomain can be set differently HTTP Request to WebEx CAS for example.com ciscojabber://provision?servicesdo main=example.com& VoiceServicesDomain= corp.example.com DNS SRV Lookup _cisco-uds._tcp.corp.example.com _cuplogin._tcp.corp.example.com _collab-edge._tls.corp.example.com 28

Excluding UC Service(s) during Service Discovery Challenge User will be asked to sign in to WebEx Messenger in on-premises UC deployment (Unified CM IM and Presence service) Reason Organization is currently subscribing or previously demoed/piloted WebEx services (WebEx web conferencing or Messenger) HTTP request to WebEx CAS will return as WebEx domain Solution Use ServiceDiscoveryExcludedServices parameter in URL Configuration Exclude WebEx service cpaige @ example.com HTTP Request to CAS URL for example.com DNS SRV lookup Central UCM UDS address Messenger Internal DNS _cisco-uds._tcp. example.com 29

UC Service & Service Profile in Unified CM End User Unified CM 9.x or higher Service Profile UC Services in Service Profile IM & Presence Profile CTI Profile* Voicemail & MailStore Profile Conferencing Profile * In general, CTI Profile is not needed for the current Cisco Jabber mobile clients as they do not support the desk phone control. Directory Profile 30

Directory Profile Defines parameters for directory integration Takes higher priority over jabberconfig.xml Does not specify: Custom LDAP attribute mappings URI substitution for contact photos Use UDS for Contact Resolution should not be enabled unless UDS is only the contact source. Cisco highly recommends that jabber-config.xml be used to configure directory integration as currently only a limited subset of directory parameters can be specified in directory profile. 31

Voicemail & MailStore Profile Cisco Jabber 9.6 or higher on mobile supports only Unity Connection as voicemail server MailStore Profile is needed to enable voicemail UE components on current Cisco Jabber 9.6 Cosmetic inheritance from the old architecture. MailStore should point to Cisco Unity Connection, not Exchange. 32

End User Configuration for Service Discovery Assign Unified CM home cluster Enable IM and Presence service Assign a UC Service Profile 33

Device Configuration for Service Discovery In Unified CM 9.x, Service profile maintained on IM and Presence server The default service profile will be used if: Owner User ID is not specified IM only users In Unified CM 10.x, UDS provides the service profile for the user (no device association required) 34

CCMCIP Profile in IM and Presence Not true! Important: CCMCIP Profile is a must for Cisco Jabber 9.6 on mobile running service discovery to subscribe the phone service. IM and Presence 10.x IM and Presence 9.x 35

Service Discovery Scenarios

Scenario 1: On-Premises Deployment example.com Jabber outside External DNS SRV Record _collab-edge._tls.corp.example.com Jabber inside corp.example.com Internal DNS SRV Record _cisco-uds._tcp.corp.example.com All UC services including IM & presence from on-premises Unified CM 37

Initial Login from Inside example.com On-premises Deployment cpaige@corp.example.com 38

Initial Login from Outside Using URL Configuration example.com On-premises Deployment cpaige ServicesDomain=corp.example.com 39

Scenario 2: Hybrid Deployment IM & presence service from WebEx Messenger example.com Jabber outside Messenger example.com External DNS SRV Record _collab-edge._tls.corp.example.com Jabber inside corp.example.com Internal DNS SRV Record _cisco-uds._tcp.corp.example.com Other UC services from Unified CM on-premises 40

Initial Login from Outside example.com Hybrid Deployment cpaige@example.com 41

Initial Login from Outside Using URL Configuration example.com Hybrid Deployment cpaige@example.com ServicesDomain=example.com VoiceServicesDomain=corp.example.com 42

Integrating with Contact Source

Selecting Contact Source for Cisco Jabber LDAP based Contact Source (On Prem Default) Active Directory by default or other LDAP directory environments HTTPS/REST based Contact Source (Expressway Default or On Prem Alternative) UDS built into Unified CM 8.6(2)+ WebEx Messenger Contact Source (Cloud Default) WebEx Messenger service database Device Local Phone Contacts Search only; cannot be added as contact in Jabber 44

What is Unified CM UDS (User Data Service)? A web service running on Unified CM Provides RESTful API for consumers* to display or manage user s data or preference settings Active & running by default on all Unified CM nodes (can be stopped but not deactivated) All communication with UDS is performed securely over HTTPS Unified CM User Data Service Database * Consumers can be Cisco IP Phones, Cisco Jabber, or Self Care Portal. Self Care Portal Cisco Jabber Cisco IP Phone 45

Unified CM UDS Provides User search In Unified CM database only Local or cross-cluster* user lookup Available in Unified CM 8.6(2) or higher Self-provision API User & device management Fully supports functionality provided by CCMCIP & CCMPD** services * To make cross cluster user look up work, ILS (Inter-Cluster Lookup Service) must be enabled. ** CCMCIP = CCM Cisco IP Phone CCMPD = CCM Personal Directory 46

Unified CM UDS as Contact Source Sync Directory Server Resolve Cisco Jabber resolves contact lookups against UDS Unified CM Clusters aperez@example.com Anita Perez 555-325-1010 Can be synced from corporate directory such as Active Directory Unified CM 9.1(2) or higher is required for UDS to support Cisco Jabber as contact source Requires Cisco Jabber 9.6 or higher* for full UDS support Cisco Expressway can support only UDS as contact source jabber-config.xml is a must * For only mobile clients; Jabber for iphone and ipad 9.6.1 or Jabber for Android 9.6.0 47

What is jabber-config.xml File? Configuration file for Cisco Jabber clients Admin to create/upload to TFTP server Jabber to download over TFTP (or HTTP) Customizes or configures directory integration Enhanced Directory Integration (EDI)* Basic Directory Integration (BDI) Highly recommended for Jabber for iphone and ipad & Android 9.6** <?xml version="1.0" encoding="utf-8"?> <config version="1.0"> <!-- LDAP Directory configuration for Windows clients --> <Directory> <DirectoryServerType>EDI</DirectoryServerType> </Directory> <!-- LDAP Directory configuration for non-windows clients <Directory> <DirectoryServerType>BDI</DirectoryServerType> </Directory> </config> * Only for Windows; jabber-config.xml is optional for EDI. ** jabber-config.xml is optional when deployed with WebEx Messenger service. 48

Basic Directory Integration (BDI) for Contact Source Jabber s integration method for LDAP directories (incl. AD) For on-premises deployment No auto directory discovery mechanism Supported by Jabber clients on non-windows platforms Jabber for Mac 9.6 Jabber Video for ipad 9.3 Jabber for iphone and ipad & Android 9.6 <?xml version="1.0" encoding="utf-8"?> <config version="1.0 > <!-- LDAP Directory configuration for non-windows platform clients --> <Directory> <DirectoryServerType>BDI</DirectoryServerType> <BDIPhotoURISubstitutionEnabled>True</BDIPhotoURISubstitutionEnabled> <BDIPhotoURISubstitutionToken>sAMAccountName</BDIPhotoURISubstitutionToken> <BDIOtherPhone>telephoneNumber</BDIOtherPhone> <BDIEmailAddress>mail</BDIEmailAddress> <BDIPresenceDomain>jabber.net</BDIPresenceDomain> <BDILDAPServerType>AD</BDILDAPServerType> <BDIPrimaryServerName>10.1.1.1</BDIPrimaryServerName> <BDIServerPort1>389</BDIServerPort1> <BDISearchBase1>CN=Users,DC=example,DC=com</BDISearchBase1> <BDIConnectionPassword>jabber</BDIConnectionPassword> </Directory> </config> Sample only 49

jabber-config.xml for Mixed Client Environment Example 1: BDI parameters only <?xml version="1.0" encoding="utf-8"?> <config version="1.0 > Example only <Directory> <DirectoryServerType>BDI</DirectoryServerType> <BDIPrimaryServerName>10.1.1.2</BDIPrimaryServerName> </Directory> </config> Jabber for Windows does not require jabber-config.xml Jabber for Windows will ignore BDI parameters 50

jabber-config.xml for Mixed Client Environment (cont.) Example 2: BDI and EDI parameters <?xml version="1.0" encoding="utf-8"?> <config version="1.0"> <Directory> <DirectoryServerType>EDI</DirectoryServerType> </Directory> Example only Only when Jabber for Windows is not in the domain or needs customizations Jabber for Windows will ignore BDI parameters <Directory> <DirectoryServerType>BDI</DirectoryServerType> <BDIPrimaryServerName>10.1.1.2</BDIPrimaryServerName> </Directory> </config> 51

jabber-config.xml for Mixed Client Environment (cont.) Example 3: UDS parameters <?xml version="1.0" encoding="utf-8"?> <config version="1.0"> Example only <Directory> <DirectoryServerType>UDS</DirectoryServerType> </Directory> </config> Important: 1. When defined in jabber-config.xml, UDS becomes the only contact source for all clients regardless of their location. Any EDI or BDI directory parameters in jabber-config.xml will not be used. 2. Cisco Jabber does not need the UDS parameters in jabberconfig.xml to support Cisco Expressway Mobile and Remote Access. 52

Secure Remote Access via Cisco Expressway

Secure Remote Access Options for Cisco Jabber Backend Infrastructure Client-side Application Session-based Firewall Traversal Expressway-E & Expressway-C None Layer 3 VPN Solution Cisco ASA Cisco AnyConnect Secures Only traffic from Jabber All traffic from the entire device Allows access to Only collaboration applications All enterprise applications authorized for the user Works with Expressway AnyConnect Supported by Cisco Jabber 9.6 or higher on mobile* Any Jabber client versions * Requires Jabber for iphone and ipad 9.6(1) or higher. 54

Secure Remote Access Options for Cisco Jabber Backend Infrastructure Other application on user s device Session-based Firewall Traversal Cisco Expressway-E & Cisco Expressway-C None Layer 3 VPN Solution Cisco ASA Cisco AnyConnect Secures Only traffic from Cisco Jabber All traffic from the entire device Allows access to Only collaboration applications All enterprise applications authorized for the user Works with Cisco Expressway AnyConnect Supported by Cisco Jabber 9.6 or higher* Any Cisco Jabber client versions * Requires Jabber for iphone and ipad 9.6(1) or higher; Jabber for Windows 9.7 or higher 55

Cisco Jabber & Expressway Unified CM Cluster Expressway Core Expressway Edge Cisco Expressway Media & signaling firewall traversal Remote/mobile B2B & C2B Cloud access Jabber @ Cafe Internet Jabber @ Home Jabber @ Airport A new edge product highly optimized for remote mobile access to voice/video, presence/instant messaging, visual voicemail, desktop sharing & conferencing 56

Seamless Network Transition across the Edge Internet Expressway-E Expressway-C Directory Server 3G/4G or LTE Mobile Data Network Unified CM Cluster (UDS) Unity Connection Enterprise 802.11 Wi-Fi Cisco Jabber Enterprise Network 57

Seamless Network Transition across the Edge Internet Expressway-E Expressway-C 3G/4G or LTE Mobile Data Network Unified CM Cluster (UDS) Unity Connection Cisco Jabber Jabber stays logged in & automatically reconnect to the services via Expressway (No longer connects to directory server but UDS automatically becomes contact source) Enterprise 802.11 Wi-Fi Enterprise Network 58

Signaling & Media Encryption over Cisco Expressway SIP (or SIP over TLS) RTP (or srtp) XMPP (or XMPP over TLS) Expressway-E Firewall Expressway-C SIP line side (not trunk) UCM Call Control (Mixed Mode) Mixed Mode not required unless to secure signaling between UCM and Jabber. Secure XMPP between Expressway-C and UCM IM/P is not supported. Secure RTP between Expressway-C and endpoints including Jabber is not supported. Cisco Jabber Cisco IP Phone Encrypted Encrypted only when UCM is Mixed Mode; Jabber requires CAPF enrollment IM & Presence Cisco Jabber 59

Security Enhancements in Cisco Jabber

Server Certificate Validation Cisco Jabber prompts end user to validate the identity of UC application servers End user may choose Continue or Decline when prompted No prompt will show if either: Certificate matches with existing one, or Certificate is validated* Cisco Jabber will remember the end user s choice until: Signed out if Decline was chosen Uninstalled if Continue was chosen Note: CWMS requires a valid certificate to deploy. Therefore, Jabber will assume the certificate is valid and never prompt the user. <Protocols> HTTPS, XMPP over TLS, LDAP over TLS <Servers> UCM UDS, IM and Presence XMPP/SOAP, Unity Connection, LDAP (AD or OpenLDAP) 61

Server Certificate Validation Flow Self Signed or Invalid Jabber User Jabber for iphone iphone ios UC App Server Log in Request for server certificate during TLS negotiation Does this match with what I have already? Yes No Prompt user Continue or Decline? Connect API Call: Is certificate valid? Certificate is not valid Forward server certificate Certificate validation When user chooses Continue When user chooses Decline Continue Decline Store certificate Stop connecting to server Connect 62

Server Certificate Validation Flow CA Issued or Valid Jabber User Jabber for iphone iphone ios UC App Server Log in Request for server certificate during TLS negotiation Does this match with what I have already? Yes No Connect API Call: Is certificate valid? Certificate is valid Forward server certificate Certificate validation Connect 63

Pre-installing Root CA Certificate May enhance end user experience by preinstalling root CA certificate on mobile devices Cisco Jabber will not prompt its user to validate server certificates Options for distributing root CA certificate As an attachment in email SCEP (Simple Certificate Enrollment Protocol)* ios: User taps on the attachment to install the certificate * Note: Not all the certificate distribution options have been tested/supported for Cisco Jabber on mobile devices. Android: User downloads/saves the certificate in local SD card or its subfolder; opens the certificate from the saved location Admin emails the certificate as attachment 64

SIP over TLS & srtp to Secure Audio & Video Security enhancement for Cisco Jabber on mobile devices Choice of Authenticated or Encrypted SIP signaling (over TLS) Audio/video stream (srtp) Supports two authentication modes by NULL string by Authentication string Encrypted mode is required to secure media (audio/video)* Security must be turned on in Unified CM cluster (i.e. Mixed Mode) 65

Cisco Jabber CAPF Enrollment Process Cisco Jabber UCM CAPF UCM Call Control Generate public/private key pair Request for CAPF certificate Forward CAPF certificate Replicate CAPF certificate within UCM cluster Establish TLS session to send public key, identification & authentication string (option) Forward LSC Create LSC CAPF enrollment process is required to support secure voice/video! Install LSC Register to UCM CAPF: Certificate Authority Proxy Function LSC: Locally Significant Certificate 66

Cisco Jabber for iphone and ipad/android & UC Services Active Directory or LDAP Server Voice or Video Cisco Unified CM Web Server for Contact Photos Cisco Unified CM UDS Server Cisco Unity Connection VMREST/HTTPS Cisco Unified CM TFTP Server Cisco Jabber 9.6 Cisco Unified CM IM and Presence Meeting Center 67

Cisco Jabber for iphone and ipad in App Sandbox App Sandbox Application X App Sandbox Application Y App Sandbox Cisco Jabber App App Sandbox Application Z Cisco Jabber User Data Usernames Chat History Contacts List Recents Log Files* Cisco Jabber app & its user data in App Sandbox are not encrypted but protected by the ios Sandbox mechanism Everything in App Sandbox will be removed when Jabber is deleted by user Database Favorites Avatar Files User Settings Server Addresses *.wbt log file is encrypted. 68

Cisco Jabber for iphone and ipad User Login Credentials Access to UC services requires valid user credentials WebEx Messenger service Unified CM IM and Presence UDS service Visual voicemail Directory service Jabber stores server address & login credentials together in the iphone s native ios Keychain as user's account is authenticated by server ios Keychain Cisco Jabber for iphone uses cache to temporarily store the following information to increase its performance: LDAP query results, voicemails, Server configuration Address, data, Username, log files. Password The cached data gets automatically erased when the Server application Address, is uninstalled Username, or can Password be deleted manually by the user. Server Address, Username, Password.. Server Address, Username, Password ios Keychain is an encrypted container! 69

Key Takeaways

Key Takeaways Starting Release 9.6, Cisco Jabber discovers UC services in a completely difference way Service discovery helps greatly improving the first time user experience Cisco Expressway provides seamless & secure remote access to on-premises UC services Cisco Jabber is now much more secure with the new security enhancements 71

Complete Your Online Session Evaluation Give us your feedback and you could win fabulous prizes. Winners announced daily. Complete your session evaluation through the Cisco Live mobile app or visit one of the interactive kiosks located throughout the convention center. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online 72

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback