Federating Cisco Jabber Paul O Dwyer
Cisco Jabber Overview Federation Models What Business Case are you trying to solve? Protocol Flows Support and Feature Matrix What About Third Party Clients? Future of Federation 3
Cisco Jabber Overview
Cisco Jabber Clients Jabber Product Portfolio All-in-one UC Application Presence & IM Voice, Video, voice messaging Desktop sharing, conferencing Collaborate from Any Workspace PC, Mac, tablet, smart phone On-premises and Cloud Integration with Microsoft Office 5
Devices Share the same Infrastructure Cisco Jabber Cisco Jabber Call Control: SIP Presence & IM: XMPP Meetings, Conferencing Voice Messaging Unified Communications Manager (CUCM) Video Communication Server (VCS) Unified Presence WebEx Connect service (SaaS) WebEx (SaaS) TelePresence MCU Unity Connection 6
Cisco Jabber Federation Multi-Protocol Exchange of presence and IM carried over multi-protocol options XMPP and SIP dominant industry standards for federation of presence and IM services Unlocks many B2B and B2C federations 7
Domains Presence Domain versus Network Domain user@presence.com presence.com company.com (DNS) 8
Federation Models
Scenario 1 B2B & B2C Federation Inter-Domain Federation is the sharing of Enterprise Instant Messaging (IM) and Presence between corporate domains further lowering the boundaries to collaboration for both B2B and B2C XMPP Standard Cisco GoogleTa lk IBM SIP Unlock B2B and B2C Collaboration Microsoft AOL 10
Cisco Jabber Scenario 2A Intra-Enterprise: Multiple Environments Cisco Jabber Cisco Jabber also allows for communications between other Cisco Jabber or Microsoft environments within an enterprise Microsoft IM Inter-Domain Communication 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Cisco Jabber Scenario 2B Intra-Enterprise: Partitioned Intra-Domain Federation Microsoft IM Seamless Migration path from Microsoft to Cisco Partitioned Intra- Domain Federation is the sharing of Enterprise Instant Messaging (IM) and Presence between Unified Communication vendors within a single domain this model is used as a migration tool from Microsoft to Cisco Infrastructure 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
What Business Case are you trying to solve?
Inter-Domain Federation I want to communicate from our Jabber platform to partners and customers on a SIP platform for real time collaboration. Microsoft Access Edge (DEF.COM) Thank CUP you. (ABC.COM) Cisco ASA Microsoft Front-End Server SIP Jabber Lync 14
Inter-Domain Federation I want to communicate from our Jabber platform to partners and customers on a XMPP platform for real time collaboration CUP (ABC.COM) Thank you. Cisco ASA XMPP XMPP Based Vendor Edge (DEF.COM) XMPP Based Vendor Home Node XMPP Client 15
Inter-Domain Federation I want to communicate from our Jabber platform to partners and customers who exist on consumer grade platforms Thank you. CUP (ABC.COM) Cisco ASA XMPP SIP XMPP Jabber 16
Inter-Domain Federation I have Jabber cloud and I want to communicate to partners and customers Thank you. Jabber XMPP XMPP SIP XMPP 17
Inter-Domain Federation I need to collaborate between our corporate sub-domains as we have many independent remote branches Thank you. CUP (EMEA.ABC.COM) CUP (APAC.ABC.COM) XMPP Jabber Jabber 18
Inter-Domain Federation I need to collaborate between our corporate sub-domains as we have many independent remote branches Thank you. CUP (EMEA.ABC.COM) Lync (APAC.ABC.COM) SIP Jabber Lync 19
Partitioned Intra-Domain Federation (Migration Strategy) I have Microsoft deployed, I want to trial Cisco Jabber on-prem and migrate all users over to Cisco Thank you. CUP (ABC.COM) Lync FE Server (ABC.com) SIP Static Route Jabber Lync 20
Option 1 : Inter-Domain Federation Protocol Flows
SIP Profile Configured on CUP Scenario 1 On-Premise Inter-Domain Federation - SIP TLS Initiated to federated side ASA Initiates TLS to federated Edge Upon TLS success, message reaches federated side CUP (ABC.COM) Cisco ASA Microsoft Edge Server (DEF.COM) Microsoft Front End SIP *ASA is required for TLS Proxy TLS Proxy on ASA CUP Domain is Authorized host on Edge Lync 22
Scenario 1 On-Premise Multi-Cluster - SIP Standby CXN Active CXN CUP Cluster 1 (ABC.COM) Cisco ASA Microsoft Edge Server (DEF.COM) Microsoft Front End XMPP Lync CUP Cluster 1 (ABC.COM) *TLS is optional. With No TLS selected, regular TCP will follow this path. ASA is optional for XMPP Inter-Domain Federation. Generic Firewall will suffice 23
Scenario 1 On-Premise Inter-Domain Federation - SIP Service Type SIP Port FQDN of host offering SIP Service 24
Presence State Mappings SIP Jabber - Lync Cisco Jabber Lync Available Available Busy Busy Do Not Disturb Busy Offline Offline 25
Presence State Mappings SIP Lync - Jabber Lync Setting Third-Party XMPP Client Setting (Connected to IM & Presence Cisco Jabber Available Available Available Busy Away Busy Do Not Disturb Away Busy Be Right Back Away Away Away Away Away Offline Offline Offline 26
XMPP Node status enabled Scenario 1 On-Premise Inter-Domain Federation - XMPP TLS Initiated to federated side Connection is secured over TLS Upon TLS success, message reaches federated side CUP (ABC.COM) Cisco ASA XMPP IBM Gateway Server (DEF.COM) IBM Lotus Sametime Server TLS connection will be passed through port 5269 *TLS is optional. With No TLS selected, regular TCP will follow this path. ASA is optional for XMPP Inter-Domain Federation. Generic Firewall will suffice XMPP Node Status is enabled IBM Sametime 27
Scenario 1 On-Premise Multi- Cluster- XMPP Outbound Inbound CUP Cluster 2 (ABC.COM) CUP Cluster 1 (ABC.COM) Cisco ASA XMPP IBM Gateway Server (DEF.COM) IBM Lotus Sametime Server *TLS is optional. With No TLS selected, regular TCP will follow this path. ASA is optional for XMPP Inter-Domain Federation. Generic Firewall will suffice IBM Sametime 28
Scenario 1 On-Premise Inter-Domain Federation - XMPP When enabling XMPP federation, you must select security type. This depends on your organisation security requirements and that of the federated side No TLS TLS will NOT be attempted, the most basic form of security, server dial back, will occur TLS Optional A TLS handshake will occur first, if it fails, the connection will be allowed to fall back to server dialback TLS Required TLS will first be attempted, upon failure, the connection will be closed 29
Scenario 1 On-Premise Inter-Domain Federation - XMPP Service Type XMPP Port FQDN of host offering XMPP Service 30
Use of email address for Federation External Inter-Domain federation Enabled under presence settings When federating to an external domain, it is possible to mask your IM address with an associated email address as it appears in AD 31
Federation Compliance On-Premise 32
Scenario 1 Cloud Inter-Domain Federation - XMPP Inter-Domain Federation in the cloud is configured from the Organisation Administration Tool. TLS is not supported in the cloud, all communication is over TCP. Thank you. To enable Inter-domain federation in the cloud, simply publish the DNS SRV records to point at your federation service. For AOL Federation, this needs to be ordered; the Jabber cloud provisioning team will then configure it FQDN of host offering XMPP Service Service Type XMPP Port 34
Presence State Mappings XMPP Jabber - Other Cisco Jabber Federated Cisco Jabber Federated third party XMPP client (Connected to IM & P server) Cisco Jabber (WebEx Messenger) IBM ST Client Available Available Available Available Available Thank you. Do Not Disturb Do Not Disturb Do Not Disturb Do Not Disturb Do Not Disturb Busy Busy Away Idle Away Away Away Idle Idle Idle Offline Offline Offline Offline Offline 35
Presence State Mappings XMPP IBM ST - Jabber IBM ST 8.2 Setting Third-Party XMPP Client Setting (Connected to IM & Presence Cisco Jabber Available Available Available Thank you. Do not Disturb Do not Disturb Do not Disturb Available with status In a meeting Away Available with status In a meeting Away Available with Status Message Away with status message Offline Offline Offline 36
Federation Compliance WebEx Messenger Thank you. 37
Other B2C vendors? Thank you. Cisco Federations are free of charge Gtalk is also supported and free AOL charge $12 per user for federation service (OSCAR) Skype: Discussions underway this is now part of Microsoft relationship MSN: MSN being deprecated Yahoo IM: YahooIM is a locked down federation service. (MSFT Dropping support) 39
Additional federation services? Thank you. Nextplane is a third party service that provides additional federation capabilities Clearinghouse UC Exchange Directory Member vs. Community member Federation to other vendors on Nextplane Integration to Social Media (Yammer, Chatter, Twitter) Consider $$$ - To select a federation www.nextplane.net 40
Scenario 2 : Intra-Enterprise
Scenario 2A Intra-Enterprise (Direct Inter-Domain federation) CUP (EMEA.ABC.COM) Thank you. Jabber AD SIP Lync (APAC.ABC.COM) Lync Organisations with both Cisco and Microsoft deployed throughout different subdomains There is an option to establish direct federation between both environments For contact lookup, jabberconfig.xml will need to be configured to add contact using full JID (Jabber ID) 42
Scenario 2A Intra-Enterprise (Direct Inter-Domain federation) CUP (EMEA.ABC.COM) Thank you. Jabber AD XMPP CUP (APAC.ABC.COM) Jabber Organisations with both Cisco and Microsoft deployed throughout different subdomains There is an option to establish direct federation between both environments For contact lookup, jabberconfig.xml will need to be configured to add contact using full JID (Jabber ID) 43
Inter-Domain Federation Support and Compatibility
Inter-Domain Federation Security & Protocol Thank you. From Jabber On- Prem MS OCS No TLS TLS MS Lync No TLS TLS AOL No TLS TLS Protocol SIP XMPP (GW required) SIP XMPP (GW required) SIP Google Talk Server Dialback XMPP IBM Sametime Server Dialback TLS XMPP standard vendor Server Dialback TLS XMPP (GW required) XMPP 45
Inter-Domain Federation Security & Protocol Thank you. From Jabber Web Messenger MS OCS No TLS TLS MS Lync No TLS TLS AOL No TLS TLS Protocol XMPP (GW required) XMPP (GW required) SIP (GW required) Google Talk Server Dialback XMPP IBM Sametime Server Dialback TLS XMPP standard vendor Server Dialback TLS XMPP (GW required) XMPP 46
Scenario 2B : Partitioned Intra- Domain Federation (On-Premise Only) Routing & Migration
Scenario 2B Partitioned Intra-Domain Federation Example.com AD XMPP Thank you. CUP 8.6.4/ CUCM IM & P 9.X Both Jabber and Lync have full contact search SIP Static Route Lync SIP Microsoft Front End Static route for OCS added in CUP:.com.example.* Both servers are listening on TLS port 5061 (TCP) OCS adds CUP for host authorization (FQDN/IP) 48
Scenario 2B Both Models Co-Exist Example.com AD XMPP Thank you. CUP 8.6.4/ CUCM IM & P 9.X Both Jabber and Lync have full contact search SIP Static Route Lync SIP Microsoft Front End XMPP SIP 49
Scenario 2A & 2B Intra-Enterprise (Both Models) AD Lync (EMEA.ABC.COM) Thank you. SIP CUP (EMEA.ABC.COM) SIP Lync (APAC.ABC.COM) Lync Jabber Lync 50
Scenario 2B Partitioned Intra-Domain Federation How do I migrate users from Microsoft to Cisco? Example.com Thank you. CUP8.6.4/ CUCM IM & P 9.X SIP Static Route 1: GetContacts.exe Exports users contact lists to be imported to CUP using BAT 2: DisableCommunica tionsaccount.exe 3: DeleteUserData.exe 51
Scenario 2B Partitioned Intra-Domain Federation When planning Intra-Domain Federation, what should I look out for? When userid s are sync ed from LDAP, UCM/CUP will support: o samaccountname o UserPrincipleName (UPN) o Email Address Thank you. o employeenumber o telephonenumber **Consideration** UserID comes from UCM Database bobjones@example.com CUP will append presence domain to create full JID Email address can be mapped to UCM userid, that does not mean that userid equals email address. It will become <email-address>@<cupdomain>, e.g. bobjones@bar.com@example.com 52
What About Third party clients?
I have deployed Jabber, but a sub-section of my employees also use third party clients Third Party Clients can interoperate with a Jabber backend, as Jabber is XMPP standards compliant; any XMPP standards based client can log directly into either CUP or Jabber cloud Thank you. 55
Third Party Clients On-Premise To use third party clients with CUP, simply configure (from the respective client configuration): o Username and Password o CUP IP Address or FQDN Thank you. o Domain name o XMPP Client port: 5222 56
Third Party Clients Cloud To use third party clients with Jabber Cloud, simply configure DNS SRV: o _XMPP-client o Presence domain: <example.com> Thank you. o Port 5222 o Host: c2s.example.com.webconnect.com 57
The Future of Cisco Federation
10.0 and Beyond: Enhanced IM addressing capabilities (IM & P 10.0) Multi-domain support Multiple IM domains per CUP deployment Extended IM Address options IM address can match Email address Lync SIP URI In doing so, they aid in intradomain deployments and migration from Lync to IM & Presence Decouple presence domain from DNS domain 59
Call to Action Visit the Cisco Campus at the World of Solutions to experience Cisco innovations in action Get hands-on experience attending one of the Walk-in Labs Schedule face to face meeting with one of Cisco s engineers at the Meet the Engineer center Discuss your project s challenges at the Technical Solutions Clinics 60
61