[cisco-voip] CUCM SU release cycle
Hi Group, in the past , the SU release is every 6 months (usually longer than that, approximately twice a year maximum) but now Cisco is changing to every 2 months? Reference : Page 20 of the link https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/PSOCOL-1000.pdf -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Uplinx Report Tool?
Hi Stephen, actually for your product, I wonder if it is an existing feature or will there be a roadmap so perform automated scripted testing? It will be very useful for system integrator out there to perform UAT (user acceptance test) in a very effective way as this will cutdown a lot of time. Especially for overseas deployment where the lead engineer is in 1 location while we have a FE onsite. Typically this FE might not be voice trained so it take him a long time to read the step by step instructions. Whole UAT might take 8 to 12 hours to complete... Regards, Ki Wi On Sat, Aug 3, 2019 at 6:51 PM Stephen Welsh wrote: > Hi Nick, hope you are well. > > Yes I do follow this email group (among many other communities) for an > excellent insight to what’s happening in the world of Cisco UC, however > modesty is not my strong point ;) > > I’m partial to a bit of guerrilla marketing, sometimes I go a bit far. > Once I did get banned from the Cisco Community site, so I apologise if this > self promotion offends. > > [Guerrilla Marketing On] > > PhoneView 7.0 (http://download.unifiedfx.com/PhoneView) introduces more > unique features: > * Virtual Cisco Endpoints (register multiple Jabber devices on a single PC) > * Soft phone and MRA phone support (see call activity & control calls) > * UCCX Integration (see and set real-time agent state) > > PhoneView 7.1 (beta due Sept) > * AutomationFX/PhoneFX policy feature > * AutomationFX Community Edition (Free): > Exposes Cisco UCM CTI, AXL & RISPort via REST API > Automate, Develop and Test easily with Cisco UC > Create custom Cisco UC applications > Python SDK (https://github.com/unifiedfx/automationfx-python ) > > [Guerrilla Marketing Off] > > Kind Regards > > Stephen Welsh > > Sent from my iPad > > On 3 Aug 2019, at 07:35, Nick Britt wrote: > > > uplinx is brilliant, I am sure Stephen Welsh is skulking around here > practicing his modesty. I will continue to push customers to buy it. > > On Sat, Aug 3, 2019 at 12:46 AM Fares Alsaafani > wrote: > >> Hi Matthew, I have used remote control for Cisco phone software was great >> saved my day on remote site upgrade cutover. >> >> On Fri, Aug 2, 2019 at 6:16 AM Matthew Loraditch < >> mloradi...@heliontechnologies.com> wrote: >> >>> https://www.uplinx.com/reporttool-usd/ >>> >>> >>> >>> Anyone heard of/used these folks? >>> >>> >>> >>> >>> >>> Matthew Loraditch >>> Sr. Network Engineer >>> p: *443.541.1518* <443.541.1518> >>> w: *www.heliontechnologies.com* <http://www.heliontechnologies.com/> | >>> e: *mloradi...@heliontechnologies.com* >>> >>> >>> >>> <http://www.heliontechnologies.com/> >>> >>> >>> <https://facebook.com/heliontech> >>> >>> >>> <https://twitter.com/heliontech> >>> >>> >>> <https://www.linkedin.com/company/helion-technologies> >>> ___ >>> cisco-voip mailing list >>> cisco-voip@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/cisco-voip >>> >> -- >> Best Regards >> >> *FARES ALSAAFANI* >> ___ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> > > > -- > - Nick > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] PCI DSS compliance for Cisco IPT/UCCX
Hi Group, thanks! I think TLS 1.2 is pretty tricky and since it is not compulsory now then I will avoid it. TLS 1.1 seems good enough for now. The main problem will revolve around enable voice encryption on existing cluster. This will be quite a major effort. If this is deem necessary, I will get customer to create a standalone cluster just for UCCX else potentially it will cost them more $$ to enable end to end encryption on all existing sites. The PCI compliance consultant they have hired, recommended them to go digital phones or analogue phones which is kind of weird. Regards, Ki Wi On Tue, Jan 22, 2019 at 11:56 PM Ryan Ratliff (rratliff) wrote: > BRKCOL-2009 is a good Cisco Live session entirely dedicated to the impact > of PCI requirements on collab (TLS 1.2 particularly). > > Transport Layer Security (TLS) 1.0 is being deprecated and may not provide > the level of security required by an organization anymore. The Payment Card > Industry Data Security Standard (PCI DSS) is for example requiring vendors > to use newer versions of TLS for encrypted communications. This session > will discuss the support of TLS 1.2 in the Cisco On-Premises Collaboration > products. It will also cover the ability to disable TLS 1.0 and/or TLS 1.1, > the interfaces that are affected by this, and the implications on the Cisco > Collaboration solution. Finally, it will discuss limitations when older > phones are still used in a environment where TLS 1.0 has been disabled. > > > - Ryan Ratliff > > On Jan 22, 2019, at 8:18 AM, Lamont, Joshua > wrote: > > The complete guide is located here: > https://www.pcisecuritystandards.org/documents/Protecting_Telephone_Based_Payment_Card_Data_v3-0_nov_2018.pdf > > This was updated in November for the first time in seven years. If you are > a business accepting credit cards this is definitely something you should > read through. > > Joshua Lamont > Senior Telecommunications Engineer > Brown University > office (401) 863-1003 > cell(401) 749-6913 > > > On Tue, Jan 22, 2019 at 7:36 AM Ryan Huff wrote: > >> At a high level I’d think you’ll need to look into SRTP (aka voice >> encryption) enabled system-wide, no call recording (which you can’t do with >> SRTP anyway) and possibly no call monitoring too (at least on the PII >> calls). >> >> Then adhere to all the physical access rules for servers that store or >> transmit PII (personally identifiable information). >> >> You may need to research database storage requirements as it relates to >> PCI. I’m assuming the UCCX environment is what will be dealing with the >> PII; while UCCX doesn’t have the capacity to outright store CC info, it may >> be possible that some of that info is captured in logs, depending on how >> your environment is set up. >> >> You’d have to do a lot of dry runs in the UCCX environment and run all >> the calling scenarios that interact with PII to ensure traces of it do not >> get logged. >> >> Obviously nothing can be done to the UCCX database outside of what Cisco >> supports, like encrypt table values that aren’t encrypted.. etc >> >> Sent from my iPhone >> >> > On Jan 22, 2019, at 01:23, Ki Wi wrote: >> > >> > Hi Group, >> > I have a customer who is querying on how can we make their existing >> Cisco IPT (with UCCX) PCI DSS compliance since the new upcoming site we are >> planning to deploy will handle sensitive data such as credit cards >> information. >> > >> > Any folks out there have experience doing this? >> > >> > Do we need voice encryption? Turn on TLS v1.1 ? etc? >> > >> > -- >> > Regards, >> > Ki Wi >> > ___ >> > cisco-voip mailing list >> > cisco-voip@puck.nether.net >> > >> https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7Cb9218ac35b024bba75db08d680321fbe%7C84df9e7fe9f640afb435%7C1%7C0%7C636837350098382558&sdata=%2Fb%2BfDpOqy2BHdBZ%2F%2F%2B%2BYB7FyBrE4lznDiRI1dlwChC4%3D&reserved=0 >> ___ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > > > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] PCI DSS compliance for Cisco IPT/UCCX
Hi Group, I have a customer who is querying on how can we make their existing Cisco IPT (with UCCX) PCI DSS compliance since the new upcoming site we are planning to deploy will handle sensitive data such as credit cards information. Any folks out there have experience doing this? Do we need voice encryption? Turn on TLS v1.1 ? etc? -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Phone Deprecation going forward
Hi Lelio, great to hear that. I thought that there's some new announcement that Jabber inbound calls will stop working on iphone which I could have missed out. Regards, Ki Wi On Fri, Jan 4, 2019 at 12:44 PM Lelio Fulgenzi wrote: > Sorry, I do t think I answered your question. > > APNS makes everything work. IM and calls. > > *-sent from mobile device-* > > > *Lelio Fulgenzi, B.A.* | Senior Analyst > > Computing and Communications Services | University of Guelph > > Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | > N1G 2W1 > > 519-824-4120 Ext. 56354 <519-824-4120;56354> | le...@uoguelph.ca > > > > www.uoguelph.ca/ccs | @UofGCCS on Instagram, Twitter and Facebook > > > > [image: University of Guelph Cornerstone with Improve Life tagline] > > On Jan 3, 2019, at 10:34 PM, Ki Wi wrote: > > Hi Lelio, > we don't have APNS enabled yet but users feedback that their iphone > notification stopped working recently after upgrading to latest iOS > software. > > Does that mean that even with APNS, only IM notification will come in, > call notification will not? > > Regards, > Ki Wi > > On Wed, Jan 2, 2019 at 2:12 PM Lelio Fulgenzi wrote: > >> >> Looks like Cisco has made an interesting announcement regarding phone >> deprecation going forward. >> >> In my opinion, this is on the level of the announcement that basically >> said, “Jabber inbound calls on iPhone will stop working. If you need >> inbound calls please use Spark.” >> >> Together we banded together and voiced our opinion and I believe this >> helped to changed their plan and continued to support inbound calling on >> Jabber on iPhone. >> >> Please visit below for details (since material is NDA). >> >> >> https://community.cisco.com/t5/collaboration-ccp-documents/presentation-and-q-amp-a-cisco-unified-communications-manager/ta-p/3771144 >> >> >> *-sent from mobile device-* >> >> >> *Lelio Fulgenzi, B.A.* | Senior Analyst >> >> Computing and Communications Services | University of Guelph >> >> Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | >> N1G 2W1 >> >> 519-824-4120 Ext. 56354 <519-824-4120;56354> | le...@uoguelph.ca >> >> >> >> www.uoguelph.ca/ccs | @UofGCCS on Instagram, Twitter and Facebook >> >> >> >> [image: University of Guelph Cornerstone with Improve Life tagline] >> ___ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> > > > -- > Regards, > Ki Wi > > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Phone Deprecation going forward
Hi Lelio, we don't have APNS enabled yet but users feedback that their iphone notification stopped working recently after upgrading to latest iOS software. Does that mean that even with APNS, only IM notification will come in, call notification will not? Regards, Ki Wi On Wed, Jan 2, 2019 at 2:12 PM Lelio Fulgenzi wrote: > > Looks like Cisco has made an interesting announcement regarding phone > deprecation going forward. > > In my opinion, this is on the level of the announcement that basically > said, “Jabber inbound calls on iPhone will stop working. If you need > inbound calls please use Spark.” > > Together we banded together and voiced our opinion and I believe this > helped to changed their plan and continued to support inbound calling on > Jabber on iPhone. > > Please visit below for details (since material is NDA). > > > https://community.cisco.com/t5/collaboration-ccp-documents/presentation-and-q-amp-a-cisco-unified-communications-manager/ta-p/3771144 > > > *-sent from mobile device-* > > > *Lelio Fulgenzi, B.A.* | Senior Analyst > > Computing and Communications Services | University of Guelph > > Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | > N1G 2W1 > > 519-824-4120 Ext. 56354 <519-824-4120;56354> | le...@uoguelph.ca > > > > www.uoguelph.ca/ccs | @UofGCCS on Instagram, Twitter and Facebook > > > > [image: University of Guelph Cornerstone with Improve Life tagline] > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Call Quality for Cisco 7821
Hi Group, I'm aware that for Cisco 7821 is unable to generate the mos score. Along the way, if it passes through the voice gateway, potentially the mos score can be generated or seem. If it is peer to peer, is there a way to get a mos score? Do I really need to implement a sniffer or something for this purpose? -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] SBC and M-MOH
Hi Folks, In the past, most sites will have a PSTN voice gateway. MMOH will be used for the users co-locating with a PSTN voice gateway. Now, more and more providers in Europe/US/Canada are providing SIP trunk now. As we know, certain music will tend to be distorted when we used G.729. When we move over to SIP trunk, what's the best design for MOH for various scenario? Scenario 1 Local voice gateway is available (acting as SBC). Preferably, MMOH will be playback for local user and PSTN users. Is there any special CUBE configuration to convert MMOH playback locally to unicast MOH traffic before sending to SIP provider? Or I can only unicast MOH from CUCM and send it towards the SIP provider? Scenario 2 Site without voice gateway. The service provider SBC can directly integrate with CUCM via SIP trunk. SBC (1 leg - connected to PSTN service provider network, 1 leg - connected to customer LAN) and CUCM sits in different site. In this case, how can I provide MOH to the SIP trunk provider? Unicast via G.711? Is there better option out there? I feels that in this case, it's wasting of bandwidth when all my regular on-net calls are using G.729 only. -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] BE6K Starter Pack behavior/limitation
Hi Group, If I purchased 2 x BE6k starter packs of 35 CUWL Standard license for installation with 2 different clusters. There are located in 2 different part of the world, there's latency issues so we have to do this although number of users are low. How will it show up in PLM? 70 CUWL STD license? Can it be shared among the 2 clusters? Let's say 1 cluster will be using 45 CUWL standard licenses while another one use like 25 CUWL ? Will this lead to any license violation in the PLM? -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] UC server performance and UCCX agent in reserve
t; *Disclaimer: Today was a long cutover, and I'm tired* >>> >>> PS Ryan amazes me too. >>> >>> >>> On Thu, Dec 14, 2017 at 10:32 PM Terry Oakley >>> wrote: >>> >>>> Thank you again Ryan. I think I found the issue. One of the tests >>>> showed a problem with AXL services. Restarted Tomcat and we appear to be >>>> much better. >>>> >>>> >>>> >>>> -- >>>> *From:* Terry Oakley >>>> *Sent:* Thursday, December 14, 2017 5:29:31 PM >>>> *To:* Ryan Huff >>>> >>>> *Cc:* cisco-voip@puck.nether.net >>>> *Subject:* Re: [cisco-voip] UC server performance and UCCX agent in >>>> reserve >>>> >>>> Thanks Ryan.. .I will have a look tonight.. >>>> >>>> >>>> PS i don't know how you find all the time to respond to all of us but I >>>> am very thankful that you do. 😊 >>>> -- >>>> *From:* Ryan Huff >>>> *Sent:* Thursday, December 14, 2017 5:26:53 PM >>>> *To:* Terry Oakley >>>> *Cc:* cisco-voip@puck.nether.net >>>> *Subject:* Re: [cisco-voip] UC server performance and UCCX agent in >>>> reserve >>>> >>>> Just based on that description alone, I’d say it might be possible you >>>> have some LAN congestion? >>>> Everything you’re talking about here is riding http/https. >>>> >>>> - Any recent QoS policy changes? >>>> >>>> - Is other non-UC web traffic slower than normal from those PCs? >>>> >>>> - Run *utils diagnose test* on the CLI of each server and see if you >>>> find any goodies ... >>>> >>>> -Ryan >>>> >>>> On Dec 14, 2017, at 7:18 PM, Terry Oakley >>>> wrote: >>>> >>>> For the past week and a bit I have noticed a decline in UC (Call >>>> Manager) response time when editing/adding a device. The message >>>> 'loading' stays on for 5 to 10 seconds or even longer. Page refresh is >>>> also really slow. In looking at RTMT the CPU/Memory/disk space are all >>>> around 50% or less with no apparent spikes. Any suggestions on where this >>>> lag could be? >>>> >>>> >>>> On another but may be related , a couple of our agents (but not all) >>>> both have had their phones restart while in use, and today both had their >>>> agent go into Reserved state for a couple of minutes before finally >>>> connecting and allowing them service. Again any suggestions on where >>>> one would look would be appreciated. >>>> >>>> >>>> UC 11.5 SU3 >>>> >>>> UCCX 11.5 >>>> >>>> IMP 11.5 SU3 >>>> >>>> O365 >>>> >>>> Unity Connection 11.5 >>>> >>>> >>>> Terry >>>> >>>> >>>> ___ >>>> cisco-voip mailing list >>>> cisco-voip@puck.nether.net >>>> https://puck.nether.net/mailman/listinfo/cisco-voip >>>> >>>> ___ >>>> cisco-voip mailing list >>>> cisco-voip@puck.nether.net >>>> https://puck.nether.net/mailman/listinfo/cisco-voip >>>> >>> >>> ___ >>> cisco-voip mailing list >>> cisco-voip@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/cisco-voip >>> >>> >> ___ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] FXO hang due to connectivity loss?
The team reported that when there's an minor WAN outage, the FXO ports will not get disconnect by itself even disconnect tone is defined and working fine normally. Regardless it is calling or called party hang up, I'm expecting the voice gateway to put the FXO port to on-hook status whenever the predefined disconnected tone is detected. If there's no definite answer, might need to open a TAC case to conclude this. On Thu, Dec 14, 2017 at 1:41 AM, Norton, Mike wrote: > Are you sure that the gateway is properly detecting the tone and hanging > up when connectivity *is* working? FXO disconnect is terribly hit-and-miss > even at the best of times. Disconnect supervision on FXO is more of a > best-effort attempt than an actual thing. > > If the disconnect signal is properly interpreted by the gateway then like > you I would expect the gateway to end that leg of the call regardless of > SIP reachability. But I consider that a pretty big if! > > -mn > > *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On Behalf > Of *Ki Wi > *Sent:* December 13, 2017 12:34 AM > *To:* cisco-voip@puck.nether.net > *Subject:* [cisco-voip] FXO hang due to connectivity loss? > > > > Hi Folks, > > If the voice gateway is defined with disconnect tone/ cadence,etc. Should > a loss of connectivity (SIP signaling between VG and CUCM) cause the FXO > port not to hang up ? > > > > To me , SIP is peer to peer signaling. It should not affect the voice > gateway decision for going on-hook when a disconnect tone is detected even > there is a loss of connectivity to CUCM. > -- > > Regards, > > Ki Wi > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] FXO hang due to connectivity loss?
Hi Folks, If the voice gateway is defined with disconnect tone/ cadence,etc. Should a loss of connectivity (SIP signaling between VG and CUCM) cause the FXO port not to hang up ? To me , SIP is peer to peer signaling. It should not affect the voice gateway decision for going on-hook when a disconnect tone is detected even there is a loss of connectivity to CUCM. -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] let's encrypt for local admin gui pages
Hi Group, technically it can be done but it's too troublesome. Without "auto" update, you will have to go manual which is to create special DNS (TXT record) entry for each URL during the renewal. On personal basis, I was doing that for my vpn boxes on google cloud. End up, I just spend $42 usd recently to get a wildcard SSL (1 year) to solve all the trouble. I'm lazy. https://www.ssl2buy.com/alphassl-wildcard.php Regards, Ki Wi On Wed, Sep 27, 2017 at 8:58 AM, Nathan Reeves wrote: > I've been using it on Lab boxes without issue. The 90 day expiry is a > pain but for lab acceptable atm. > > In terms of generating / renewing the certs, you can use the web server > validation process outlined by Ryan, but you can also use DNS record > validation (which is what I've been doing). Whether you're able to do that > for your environment is the question. > > For reference, the certs load up fine and all services appear to work as > far as my testing goes (it is a standard cert of course). Expressways and > Phone Reg via MRA also works fine when using the LE Certs. Wasn't sure it > was going to due to the specific list of certs the devices registering via > MRA can support, but all worked well. > > I did come across https://www.yarnlab.io/certmate/ (though not actually > tested it) which appeared (at least on the Expressways) to do the renewal > process automatically using the available api's. > > Nathan > > On Tue, Sep 26, 2017 at 10:28 PM, Lelio Fulgenzi > wrote: > >> >> >> Thanks – you outlined the issues as I suspected them. >> >> >> >> I was thinking more about the admin gui for things like CIMC, and other >> non-client facing services. But again, the same issues apply. >> >> >> >> Hopefully they modify their model slightly for appliance based systems >> –or- the partners that are participating build a Let’s Encrypt option for >> the certificates in their products. >> >> >> >> >> >> --- >> >> Lelio Fulgenzi, B.A. >> >> Senior Analyst, Network Infrastructure >> >> Computing and Communications Services (CCS) >> >> University of Guelph >> >> >> >> 519-824-4120 Ext 56354 <(519)%20824-4120> >> >> le...@uoguelph.ca >> >> www.uoguelph.ca/ccs >> >> Room 037, Animal Science and Nutrition Building >> >> Guelph, Ontario, N1G 2W1 >> >> >> >> *From:* Ryan Huff [mailto:ryanh...@outlook.com] >> *Sent:* Tuesday, September 26, 2017 10:24 AM >> *To:* Lelio Fulgenzi; voyp list, cisco-voip (cisco-voip@puck.nether.net) >> *Subject:* Re: let's encrypt for local admin gui pages >> >> >> >> Its theoretically possible to take the CUCM tomcat CSR and use it to get >> LE to sign a cert, then take the resulting cert and attempt to upload it to >> CUCM however; if it worked, LE only signs certificates for 90 days. So if >> you did get it to work, you'd have to do it every 90 days (the built in LE >> package on other Linux distros have built in tools to auto manage the >> renewal process, but no way to do it with CUCM). >> >> >> >> ... but thats if the moon is blue and you have a winning lotto ticket. To >> even get to that point, would be a feat; let me explain. >> >> >> >> The way LE for Linux signs certs is to install local software on the web >> server that will do an automatic Internet based FQDN check (meaning it >> automatically looks up the FQDN from the perspective of the Internet) >> during the signing request. Once it finds the domain, it queries for a >> specific item within the web path to verify that domain belongs to the same >> person that started the certification signing request (this isn't a lot >> different than the way Google or GoDaddy does it). However, the CSR must >> exist in a specific location on the server you are trying to sign the cert >> for. Once all criteria is met, LE automatically creates a vaild SSL >> certificate for the web server that is signed for 90 days and installs it >> on the web server. >> >> >> >> So in order to even try and get this to sign a cert for a CUCM CSR you'd >> have to; >> >>- Create an Internet facing Linux web server that mimics all the >>network details of the CUCM server and try to get LE to sign the CUCM CSR >>on that web server (you'd take CUCM's CSR and upload it to the Linux Web >>Server). >>- Extract the signed .pem from the web server and attempt to upload >>to CUCM as a tomcat (
Re: [cisco-voip] Jabber/Apple IOS 11 - Push Notification
The "action" was removed by iOS 11 I guess. https://communities.cisco.com/community/technology/customer-connection/ccp-private/ccp-collaboration/blog/2017/04/17/important-update-to-jabber-for-ios-push-notifications You can refer to this website where cisco stated that customers are recommended to upgrade by june 2018* *Historical date for WWDC and beta availability of the next major iOS release. On Thu, Sep 21, 2017 at 5:15 PM, Jon Fox - CISCO IPT wrote: > > Hello all > > I was under the impression that when users update to version 11 of IOS on > Ipad/iphone the Jabber app would no longer recieve call/notifcations when > the app is running in the background? > > We only have a handful of users using Jabber on Iphone/ipad so we didnt > see the point in rushing through an upgrade. > > Yesterday, I upgraded to IOS11 (iphone/ipad) and my jabber still works > exactly as it did before? > > The spill i read and was told below. > > -Jabber to no longer run in background for an extended period > -Jabber terminated if not running in foreground after some time > > > Can anyone shed a light on this? Have i missed something? > > Thank you. > > JF > > > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] OT: 4000 ISR and service containers...
Have not tried it yet but it looks like you will have to upgrade from default 4gb ram/4gb flash to 8gb ram/8gb flash. >From there, purchase a 200gb ssd. This cost as much as buying a EN140 (NCE) equipped with 200 GB SSD. I'm keen to know anyone tried it as well. On Wed, Sep 6, 2017 at 5:26 AM, Lelio Fulgenzi wrote: > > So in my investigation of new platforms for CUE, I came across the service > container feature of the ISR 4000. Is it as simple as this model having > spare CPUs available to quickly spin up a KVM based virtual guest in > seconds/minutes? > > It's quite impressive. Anyone using this in the field? > > --- > Lelio Fulgenzi, B.A. > Senior Analyst, Network Infrastructure > Computing and Communications Services (CCS) > University of Guelph > > 519-824-4120 Ext 56354 > le...@uoguelph.ca > www.uoguelph.ca/ccs > Room 037, Animal Science and Nutrition Building > Guelph, Ontario, N1G 2W1 > > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] SIP option ping prioritization
Hi All, thanks ! Got it. We already have acl matching tcp 5060 and udp 5060. TLS is not used in our environment so tcp 5061 is not included. Looks like they will need to investigate on the CAC as we place signaling and voice into the same queue. ( Only 5 class of service in WAN) On Tue, Aug 29, 2017 at 1:23 AM, Anthony Holloway < avholloway+cisco-v...@gmail.com> wrote: > I should have also mentioned that interface binding is very important not > only from where you'll source your OPTIONS messages, but also from where > you'll reply to them. I've seen the layer 4 and down be correct due to > where the OPTIONS was received, but then layer 5 was displaying a different > IP address. Make sure you bind on all dial-peers, but you only need > OPTIONS configured on outgoing dial-peers. > > On Mon, Aug 28, 2017 at 12:12 PM Anthony Holloway < > avholloway+cisco-v...@gmail.com> wrote: > >> 1) It's a SIP Message, specifically the OPTIONS message >> >> 2) Typically you only prioritize voice traffic and not signaling, but you >> should still reserve bandwidth for signaling to ensure it's not starved. >> CUBE marks all signaling traffic as AF31 by default, but CS3 is the newer >> standard to go with. Make sure you're QoS policy is matching on AF31 >> and/or CS3 and reserving bandwidth for it. >> >> 3) In the absence of a session transport command, the default is UDP, >> that's typical for carrier facing SIP trunks. >> >> 4) I have not seen OPTIONS prioritized before. It's treated with the >> level of service as all SIP and therefore all signaling >> >> On thing people forget is to use a profile on dial-peers which reference >> server groups. >> >> See here for a little more info on that: >> https://supportforums.cisco.com/t5/video-over-ip/sip- >> options-ping-and-session-server-group-on-dial-peer/td-p/2994584 >> >> >> On Sun, Aug 27, 2017 at 9:56 PM Ki Wi wrote: >> >>> Hi Group, >>> I would like to find out if SIP option ping is a "ping" or a "sip >>> message" ? >>> >>> From the documents, it seems like it is a sip messages. >>> >>> My customer is facing issue with the dial-peers getting busy out during >>> WAN congestion. We would like to prioritize those messages as a WAN >>> provider but they are not able to give us the exact commands for the CE >>> router. >>> >>> Currently this is the command on all their managed "voice gateway" >>> * voice-class sip options-keepalive up-interval 120 down-interval 120 >>> retry 2 >>> >>> This means the "transport" mode is default. This make things more >>> complex, I have no idea it is TCP or UDP or ??? >>> >>> With no access to customer network (unable to do wireshark), I would >>> like to see if there's anyone having the experience to prioritize those SIP >>> option ping packets? >>> >>> >>> -- >>> Regards, >>> Ki Wi >>> ___ >>> cisco-voip mailing list >>> cisco-voip@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/cisco-voip >>> >> -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] SIP option ping prioritization
Hi Saranyan, thanks! I would like to know how can I compose an access-list to detect SIP option ping and prioritize it. On Mon, Aug 28, 2017 at 11:20 AM, saranyan k wrote: > Hi Ki Wi, > > OPTIONS ping is a SIP message. Ideally the transport mode of the message > is TCP or UDP based on the configuration done under voice service voip -> > sip. > Otherwise, we can configure a keepalive profile so that we can specify the > mode of transport for the OPTIONS keepalive messages. > > ! > > voice class sip-options-keepalive 1 > > transport tcp > > ! > > Map the profile to any dial-peer: > > ! > > dial-peer voice 1 voip > > session protocol sipv2 > > incoming called-number 299 > > * voice-class sip options-keepalive profile 1* > > dtmf-relay rtp-nte sip-notify > > codec g711ulaw > > no vad > > ! > > Say if the router is set to use UDP, its worth to give it a try with TCP. > > Please let me know if this helps. > > > Regards, > > Saranyan > > > > > > On Mon, Aug 28, 2017 at 8:26 AM, Ki Wi wrote: > >> Hi Group, >> I would like to find out if SIP option ping is a "ping" or a "sip >> message" ? >> >> From the documents, it seems like it is a sip messages. >> >> My customer is facing issue with the dial-peers getting busy out during >> WAN congestion. We would like to prioritize those messages as a WAN >> provider but they are not able to give us the exact commands for the CE >> router. >> >> Currently this is the command on all their managed "voice gateway" >> * voice-class sip options-keepalive up-interval 120 down-interval 120 >> retry 2 >> >> This means the "transport" mode is default. This make things more >> complex, I have no idea it is TCP or UDP or ??? >> >> With no access to customer network (unable to do wireshark), I would like >> to see if there's anyone having the experience to prioritize those SIP >> option ping packets? >> >> >> -- >> Regards, >> Ki Wi >> >> ___ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] SIP option ping prioritization
Hi Group, I would like to find out if SIP option ping is a "ping" or a "sip message" ? >From the documents, it seems like it is a sip messages. My customer is facing issue with the dial-peers getting busy out during WAN congestion. We would like to prioritize those messages as a WAN provider but they are not able to give us the exact commands for the CE router. Currently this is the command on all their managed "voice gateway" * voice-class sip options-keepalive up-interval 120 down-interval 120 retry 2 This means the "transport" mode is default. This make things more complex, I have no idea it is TCP or UDP or ??? With no access to customer network (unable to do wireshark), I would like to see if there's anyone having the experience to prioritize those SIP option ping packets? -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] E164 routing loop
I think I got the answer. I suppose this problem is there since day 1. Never encounter this before as those dial-peer towards PSTN usually I will put 9T. In this specific gateway, it's .T . New learning experience for me. On Mon, Aug 14, 2017 at 1:22 PM, Ki Wi wrote: > Hi Brian/Sreekanth, > thanks for the recommendation. > > The managed service guys gotten the fix from TAC using > 1) "no voice hunt unassigned-number" > 2) "huntstop" on dial-peer level. > > Previously when I was dealing with h323 or mgcp, this problem doesn't > seems to be there? > > Is it something new due to SIP gateway configuration? > > > On Mon, Aug 14, 2017 at 11:46 AM, Sreekanth wrote: > >> Have you tried the 'huntstop' command on DP 200 so that the IOS stops >> hunting for more dial-peers after matching DP 100 and DP 200? >> >> On 14 August 2017 at 09:09, Brian Meade wrote: >> >>> You can do things like "no voice hunt unassigned-number" and "no voice >>> hunt invalid-number" on IOS to keep it from trying more dial-peers. >>> >>> On Sun, Aug 13, 2017 at 10:47 PM, Ki Wi wrote: >>> >>>> Hi Group, >>>> I have encountered this interesting problem on customer PBX. Didn't >>>> work on live system for a long time but I am pretty sure this shouldn't be >>>> a default behavior. >>>> >>>> When external PSTN caller calls an unassigned number in the DID range, >>>> CUCM returns with error code 27 ( destination out of order). >>>> >>>> This causes the voice gateway to retry other dial-peers. >>>> >>>> There's 3 dial-peer which matches this e164 number. >>>> 1)Dial-peer 100 goes CUCM (longest match, most specific) >>>> 2)Dial-peer 200 goes CUCM (longest match, most specific) >>>> 3)Dial-peer 300 goes to PSTN (the destination-pattern is .T) >>>> >>>> When dial-peer 100 and 200 "fails", the voice gateway will dial-out to >>>> PSTN via dial-peer 300. Once again, PSTN route back to the customer VG. >>>> This causes a routing loop and it can fills up all the available E1 >>>> channels quickly. >>>> >>>> >>>> *Just wondering if anyone encounter the following issue and have a >>>> explanation to it? Just the engineering side of me want to get down to the >>>> root cause. * >>>> >>>> The CUCM have "stop routing on unallocated number" turns off (false). >>>> Just in case it matters. >>>> >>>> I tried to google around but can't seems to find any article that talks >>>> about >>>> 1) dial-peer behaviors (on voice gateway side) - on what error code >>>> will cisco voice gateway retry other dial-peers? >>>> 2) why CUCM returns error code 27? >>>> >>>> It's a managed service system so I'm unable to do a deep dive >>>> troubleshooting. >>>> >>>> The current workaround introduced is to create a dial-peer 250 with a >>>> higher preference that matches the DID range and block it. >>>> >>>> This means that incoming dialed number will match to 4 dial-peers (100, >>>> 200, 250 and 300) >>>> >>>> After failing on 100 and 200, the call gets block on dial-peer 250. >>>> >>>> -- >>>> Regards, >>>> Ki Wi >>>> >>>> ___ >>>> cisco-voip mailing list >>>> cisco-voip@puck.nether.net >>>> https://puck.nether.net/mailman/listinfo/cisco-voip >>>> >>>> >>> >>> ___ >>> cisco-voip mailing list >>> cisco-voip@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/cisco-voip >>> >>> >> > > > -- > Regards, > Ki Wi > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] E164 routing loop
Hi Brian/Sreekanth, thanks for the recommendation. The managed service guys gotten the fix from TAC using 1) "no voice hunt unassigned-number" 2) "huntstop" on dial-peer level. Previously when I was dealing with h323 or mgcp, this problem doesn't seems to be there? Is it something new due to SIP gateway configuration? On Mon, Aug 14, 2017 at 11:46 AM, Sreekanth wrote: > Have you tried the 'huntstop' command on DP 200 so that the IOS stops > hunting for more dial-peers after matching DP 100 and DP 200? > > On 14 August 2017 at 09:09, Brian Meade wrote: > >> You can do things like "no voice hunt unassigned-number" and "no voice >> hunt invalid-number" on IOS to keep it from trying more dial-peers. >> >> On Sun, Aug 13, 2017 at 10:47 PM, Ki Wi wrote: >> >>> Hi Group, >>> I have encountered this interesting problem on customer PBX. Didn't work >>> on live system for a long time but I am pretty sure this shouldn't be a >>> default behavior. >>> >>> When external PSTN caller calls an unassigned number in the DID range, >>> CUCM returns with error code 27 ( destination out of order). >>> >>> This causes the voice gateway to retry other dial-peers. >>> >>> There's 3 dial-peer which matches this e164 number. >>> 1)Dial-peer 100 goes CUCM (longest match, most specific) >>> 2)Dial-peer 200 goes CUCM (longest match, most specific) >>> 3)Dial-peer 300 goes to PSTN (the destination-pattern is .T) >>> >>> When dial-peer 100 and 200 "fails", the voice gateway will dial-out to >>> PSTN via dial-peer 300. Once again, PSTN route back to the customer VG. >>> This causes a routing loop and it can fills up all the available E1 >>> channels quickly. >>> >>> >>> *Just wondering if anyone encounter the following issue and have a >>> explanation to it? Just the engineering side of me want to get down to the >>> root cause. * >>> >>> The CUCM have "stop routing on unallocated number" turns off (false). >>> Just in case it matters. >>> >>> I tried to google around but can't seems to find any article that talks >>> about >>> 1) dial-peer behaviors (on voice gateway side) - on what error code will >>> cisco voice gateway retry other dial-peers? >>> 2) why CUCM returns error code 27? >>> >>> It's a managed service system so I'm unable to do a deep dive >>> troubleshooting. >>> >>> The current workaround introduced is to create a dial-peer 250 with a >>> higher preference that matches the DID range and block it. >>> >>> This means that incoming dialed number will match to 4 dial-peers (100, >>> 200, 250 and 300) >>> >>> After failing on 100 and 200, the call gets block on dial-peer 250. >>> >>> -- >>> Regards, >>> Ki Wi >>> >>> ___ >>> cisco-voip mailing list >>> cisco-voip@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/cisco-voip >>> >>> >> >> ___ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] E164 routing loop
Hi Group, I have encountered this interesting problem on customer PBX. Didn't work on live system for a long time but I am pretty sure this shouldn't be a default behavior. When external PSTN caller calls an unassigned number in the DID range, CUCM returns with error code 27 ( destination out of order). This causes the voice gateway to retry other dial-peers. There's 3 dial-peer which matches this e164 number. 1)Dial-peer 100 goes CUCM (longest match, most specific) 2)Dial-peer 200 goes CUCM (longest match, most specific) 3)Dial-peer 300 goes to PSTN (the destination-pattern is .T) When dial-peer 100 and 200 "fails", the voice gateway will dial-out to PSTN via dial-peer 300. Once again, PSTN route back to the customer VG. This causes a routing loop and it can fills up all the available E1 channels quickly. *Just wondering if anyone encounter the following issue and have a explanation to it? Just the engineering side of me want to get down to the root cause. * The CUCM have "stop routing on unallocated number" turns off (false). Just in case it matters. I tried to google around but can't seems to find any article that talks about 1) dial-peer behaviors (on voice gateway side) - on what error code will cisco voice gateway retry other dial-peers? 2) why CUCM returns error code 27? It's a managed service system so I'm unable to do a deep dive troubleshooting. The current workaround introduced is to create a dial-peer 250 with a higher preference that matches the DID range and block it. This means that incoming dialed number will match to 4 dial-peers (100, 200, 250 and 300) After failing on 100 and 200, the call gets block on dial-peer 250. -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] CUE support for CUCM 11.5
Hi Group, anyone run into problem of "current" generation of CUE not supported by CUE 9.x ? Therefore , unable to support CUCM 11.5? For instance, ISM-SRE-300-K9 got their EOL announced just in 2016. Still orderable from Cisco yet can't upgrade to newer version which supports CUCM 11.5 . -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] LLQ Qn on policing
Thanks guys. The part I'm concern on this if I put in violation as remark, the policing have "no upper limit", will this starve other class ? or each class are guarantee to receive their "minimum" share when bandwidth is configured? On Fri, Jun 2, 2017 at 6:55 AM, Terry Cheema wrote: > Yes Brian is right. > > > > However, to be more clear: > > > > 1)Explicitly configured Policer is active all the time, you will > never be allowed to go above the configured limit i.e. interface congested > or not > > 2)But if you use LLQ – *priority* command, it has an implicit > Policer, that *does not* kick in unless the TX ring is filled or in other > words interface is congested. > > So the priority queue can go above the configured limit unless there is > congestion on the interface, in which case it will start policing the > traffic. > > On Fri, Jun 2, 2017 at 12:22 AM, Brian Meade wrote: > >> Policing always applies even if no congestion. >> >> You can set the exceed-action to remark DSCP and transmit. There's also >> a conform-action which just applies to burst traffic you can configure. >> There's no upper limit if you configure the exceed-action to remark and >> transmit. >> >> On Thu, Jun 1, 2017 at 2:29 AM, Ki Wi wrote: >> >>> Hi Group, >>> I have a question on policing. >>> >>> Under CBWFQ (or LLQ), each policy map class can be configured >>> with bandwidth command which acts as the minimum bandwidth commitment for >>> each traffic class. >>> >>> For policing, I understand that it sets the upper limit for each traffic >>> class. >>> >>> Now my question is >>> 1) policing only kicks in when there's congestion? >>> >>> 2) if the policing command is configured to remark traffic only (no >>> drop) for violate action. What will happen? Traffic will still flow, no >>> upper limit? >>> >>> Will it starve other policy map? >>> >>> -- >>> Regards, >>> Ki Wi >>> >>> ___ >>> cisco-voip mailing list >>> cisco-voip@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/cisco-voip >>> >>> >> >> ___ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] LLQ Qn on policing
Hi Group, I have a question on policing. Under CBWFQ (or LLQ), each policy map class can be configured with bandwidth command which acts as the minimum bandwidth commitment for each traffic class. For policing, I understand that it sets the upper limit for each traffic class. Now my question is 1) policing only kicks in when there's congestion? 2) if the policing command is configured to remark traffic only (no drop) for violate action. What will happen? Traffic will still flow, no upper limit? Will it starve other policy map? -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Mediasense Replacement
Thanks guys! Will reach out to them. On Tue, Apr 18, 2017 at 6:37 AM, Dana Tong wrote: > This is correct. It’s based upon CentOS. And quite cost effective. > > > > *From: *cisco-voip on behalf of Doug > Anderson > *Date: *Tuesday, 18 April 2017 at 1:44 am > *To: *Anthony Holloway , Ki Wi < > kiwi.vo...@gmail.com>, "cisco-voip@puck.nether.net" < > cisco-voip@puck.nether.net> > *Subject: *Re: [cisco-voip] Mediasense Replacement > > > > If memory serves Zoom is linux-based. > > > > *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On Behalf > Of *Anthony Holloway > *Sent:* Monday, April 17, 2017 10:40 AM > *To:* Ki Wi; cisco-voip@puck.nether.net > *Subject:* Re: [cisco-voip] Mediasense Replacement > > > > If you have access to the MediaSense EoL FAQ page > <https://urldefense.proofpoint.com/v2/url?u=https-3A__communities.cisco.com_docs_DOC-2D72287&d=DwMFaQ&c=PzM68gSF_5r1R7BCE75oeA&r=hQ7Y9fvsloUWQHYj7qGqG5hffs295XiJJ8LDEng4H5s&m=PYZN0nDm3MXp90DiHcCmqKez0qn6bD0_tNggzs8E07U&s=5is6TTSp9E58m9ArU1skQuzvAcWfdKNdOyqW0PLVH2c&e=>, > you'll see alternatives listed. I don't have experience with any linux > based solutions. > > > > On Mon, Apr 17, 2017 at 12:50 AM Ki Wi wrote: > > Hi Group, > > Since Mediasense have announced EoS. Is there any Linux based voice > recording system in the market? > > > > > > -- > > Regards, > > Ki Wi > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > <https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_cisco-2Dvoip&d=DwMFaQ&c=PzM68gSF_5r1R7BCE75oeA&r=hQ7Y9fvsloUWQHYj7qGqG5hffs295XiJJ8LDEng4H5s&m=PYZN0nDm3MXp90DiHcCmqKez0qn6bD0_tNggzs8E07U&s=LGc99mYENcDntI_ha53ExEOJv2JNYcviSFMMRP_FHf8&e=> > > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Mediasense Replacement
Hi Group, Since Mediasense have announced EoS. Is there any Linux based voice recording system in the market? -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] CUE Virtual
Hi Group, anyone tried CUE virtual? Does that means that now I can have CUE virtual + mediasense running on the same module if there is enough CPU cores, memory, disk space, etc? I'm looking at UCS-EN120S M2. Seems like it is Intel Pentium B925C (2.0Ghz). Can find any document to indicate that it have sufficient power to run CUE virtual. The VM indicates that it needs minimum 1Ghz but doesn't indicate the processor type... -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Multi-tenant Model for SIP trunking
Hi Group, what's the best approach for providing multi-tenant model? The scenario is the building owner will subscribe all the ISDN numbers/circuits. The tenant within the same building must subscribe the telephone service from them. What's the recommended setup? Example : CUCM + ISDN VG to connect to ISDN/SIP trunk with the provider. (Backend) At the tenant side, 1) VG (with CUBE function) at respective tenant. Let's say the tenant have their own IP PBX with their own subnet addressing scheme. The intention is to place a VG with 1 LAN connection to the tenant's subnet and 1 LAN connection to the building owner's subnet. Performing the SIP NAT-ing. 2) VG without CUBE , converting to E1 connection for non-IP PBX or IP PBX with incompatible SIP/h.323 signaling issues. Is there a better way to save on software/hardware? Like having CUBE over at the building owner's backend? The only worry is the NAT-ing part when the tender prefer to stick to their own IP addressing scheme. Non-cisco setup is welcome! -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] CUCM LDAP Authentication Redundancy
Hi Ryan, Thanks for giving the insight on how they actually works! Regards, Ki Wi On Fri, Aug 19, 2016 at 5:24 PM, Ryan Huff wrote: > The DirSync service only runs on the publisher and, as you pointed out, > handles LDAP directory synchronization. This capability will only issue > requests from the publisher. > > LDAP authentication is a separate component that actually uses the tomcat > service on the node that issues a bind request the the LDAP authentication > sever. LDAP authentication BIND requests can potentially come from any node > (assuming you have LDAP Authentication enabled); although Directory > Synchronization (DirSync) will only com from the publisher. > > Thanks, > > Ryan > > On Aug 19, 2016, at 3:56 AM, Ki Wi wrote: > > Hi Guys, > Anyone know how this LDAP DirSync works? > > Besides sync directory (as per their name), does this very same > service does the authentication with the LDAP servers? > > Will there be any subscribers be taking over if the publisher is > down? Does the subscribers need the DirSync service to be running? > If so,how do we determine which will be the next one taking over? > > > Regards, > Ki Wi > > On Fri, Aug 5, 2016 at 11:36 PM, Daniel Pagan wrote: > >> Nice find, Anthony, and a good read. >> >> >> >> A while back I worked a case where LDAP synchronizations would not >> complete when the synchronize button was pressed by the customer. While >> looking into it, I found it interesting that CUCM would attempt A-record >> resolution on **all** FQDN server entries before starting the sync task >> (scheduled and forced), and now it makes even more sense if you’re seeing a >> three-way TCP handshake and bind request across the board. Seems like CUCM >> is using the same entry-by-entry verification steps built into a simple >> click of “Save” during every directory sync job. >> >> >> >> >> >> *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On >> Behalf Of *Anthony Holloway >> *Sent:* Friday, August 05, 2016 9:51 AM >> *To:* Cisco VoIP Group >> *Subject:* Re: [cisco-voip] CUCM LDAP Authentication Redundancy >> >> >> >> I'll also add that a "show open ports" on the publisher CLI does show the >> TCP socket switching to a new port every so often, so my theory as to why >> it was hanging on to this server is squashed. I should have thought about >> the life span of a TCP session, before making that hypothesis. >> >> >> >> On Fri, Aug 5, 2016 at 8:34 AM, Anthony Holloway < >> avholloway+cisco-v...@gmail.com> wrote: >> >> Something small to note for you layer 4 geeks out there. >> >> >> >> When CUCM initiates a Directory Sync, a packet capture shows the pub >> going through a TCP three-way handshake with each of the LDAP servers, in >> order I might add, and also initiating a simple bind request to each one, >> finally settling on performing the search request on the first LDAP server. >> >> >> >> When CUCM initiates an Authentication, a packet capture shows the pub not >> going through a TCP three-way handshake, but instead, using an already open >> TCP connection. Perhaps the CUCM Auth code is written this way because >> authentication requests are more frequent than dir sync, and so it saves on >> overhead to reuse a connection rather than setup/teardown connections for >> each request. That might explain why she's stuck using that one server, >> but of course it doesn't explain why it started using that one server to >> begin with. >> >> >> >> >> >> >> >> On Thu, Aug 4, 2016 at 12:59 PM, Anthony Holloway < >> avholloway+cisco-v...@gmail.com> wrote: >> >> All, >> >> >> >> I'm working on an issue where my CUCM 11.0 system is configured with 3 >> LDAP servers under LDAP Authentication AND LDAP Directory. >> >> >> >> What I'm see is, for packet captures of CUCM when a login attempt is >> made, the CUCM server sends the BIND request to the last server in the list >> of three servers. However, when performing a directory sync, CUCM server >> sends the requests to the first server in the list. >> >> >> >> I'm trying to read up on what the expected behavior is, as I've always >> thought of it as top = primary; middle = secondary; bottom = tertiary. In >> fact, a few years ago there was an issue with CAD logins, when the primary >> server was unreachable and CAD would timeout before CUCM tried the >>
Re: [cisco-voip] CUCM LDAP Authentication Redundancy
Hi Guys, Anyone know how this LDAP DirSync works? Besides sync directory (as per their name), does this very same service does the authentication with the LDAP servers? Will there be any subscribers be taking over if the publisher is down? Does the subscribers need the DirSync service to be running? If so,how do we determine which will be the next one taking over? Regards, Ki Wi On Fri, Aug 5, 2016 at 11:36 PM, Daniel Pagan wrote: > Nice find, Anthony, and a good read. > > > > A while back I worked a case where LDAP synchronizations would not > complete when the synchronize button was pressed by the customer. While > looking into it, I found it interesting that CUCM would attempt A-record > resolution on **all** FQDN server entries before starting the sync task > (scheduled and forced), and now it makes even more sense if you’re seeing a > three-way TCP handshake and bind request across the board. Seems like CUCM > is using the same entry-by-entry verification steps built into a simple > click of “Save” during every directory sync job. > > > > > > *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On Behalf > Of *Anthony Holloway > *Sent:* Friday, August 05, 2016 9:51 AM > *To:* Cisco VoIP Group > *Subject:* Re: [cisco-voip] CUCM LDAP Authentication Redundancy > > > > I'll also add that a "show open ports" on the publisher CLI does show the > TCP socket switching to a new port every so often, so my theory as to why > it was hanging on to this server is squashed. I should have thought about > the life span of a TCP session, before making that hypothesis. > > > > On Fri, Aug 5, 2016 at 8:34 AM, Anthony Holloway < > avholloway+cisco-v...@gmail.com> wrote: > > Something small to note for you layer 4 geeks out there. > > > > When CUCM initiates a Directory Sync, a packet capture shows the pub going > through a TCP three-way handshake with each of the LDAP servers, in order I > might add, and also initiating a simple bind request to each one, finally > settling on performing the search request on the first LDAP server. > > > > When CUCM initiates an Authentication, a packet capture shows the pub not > going through a TCP three-way handshake, but instead, using an already open > TCP connection. Perhaps the CUCM Auth code is written this way because > authentication requests are more frequent than dir sync, and so it saves on > overhead to reuse a connection rather than setup/teardown connections for > each request. That might explain why she's stuck using that one server, > but of course it doesn't explain why it started using that one server to > begin with. > > > > > > > > On Thu, Aug 4, 2016 at 12:59 PM, Anthony Holloway < > avholloway+cisco-v...@gmail.com> wrote: > > All, > > > > I'm working on an issue where my CUCM 11.0 system is configured with 3 > LDAP servers under LDAP Authentication AND LDAP Directory. > > > > What I'm see is, for packet captures of CUCM when a login attempt is made, > the CUCM server sends the BIND request to the last server in the list of > three servers. However, when performing a directory sync, CUCM server > sends the requests to the first server in the list. > > > > I'm trying to read up on what the expected behavior is, as I've always > thought of it as top = primary; middle = secondary; bottom = tertiary. In > fact, a few years ago there was an issue with CAD logins, when the primary > server was unreachable and CAD would timeout before CUCM tried the > secondary server. > > > > The SRND is no help with only the following passage: > > > > *High Availability* > > *Unified CM LDAP Synchronization allows for the configuration of up to > three redundant LDAP servers for each directory synchronization agreement. > Unified CM LDAP Authentication allows for the configuration of up to three > redundant LDAP servers for a single authentication agreement. You should > configure a minimum of two LDAP servers for redundancy. The LDAP servers > can be configured with IP addresses instead of host names to eliminate > dependencies on Domain Name System (DNS) availability.* > > > > Source: CUCM 11.0 SRND > <http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab11/collab11/directry.html?bookSearch=true#pgfId-1085451> > > > > So, what do you know, or what can you share, that states one way or the > other, why CUCM might use a server in the listing, other than the first > one, assuming the first server is healthy and accessible? > > > > I did search the bug toolkit and didn't see any defects matching this > scenario. > > > > Thanks. > > > > > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Expressway Design for new startup
Guys, any comment? Ideally going spark is the best but the lack of voice gateways/ direct sip trunk support seems to force us back to hybrid model? Regards, Ki Wi On Mon, Jun 6, 2016 at 3:49 PM, Ki Wi wrote: > Hi James, > you are right regarding the phone registration on Spark directly. However, > for the voice gateway connectivity for voice countries, looks like we will > have to go via Hybrid method. :( > > If that's the case + customer have MPLS today. I will prefer to have the > voice traffic over MPLS. At least we can tell them that when using > deskphone, quality is guarantee. > > Regards, > Ki Wi > > On Mon, Jun 6, 2016 at 3:12 PM, James Buchanan > wrote: > >> Hello, >> >> I don't believe that's the case. According to Cisco, you register the >> phones directly to Spark. Check out >> http://www.cisco.com/c/en/us/solutions/collateral/unified-communications/hosted-collaboration-solution-hcs/datasheet-c78-736823.html#_Toc444123188 >> . >> >> This could eliminate the need for a UCM at all as well as voice gateways >> if I understand it correctly. >> >> Thanks, >> >> James >> >> On Mon, Jun 6, 2016 at 2:30 AM, Ki Wi wrote: >> >>> Hi James, >>> It definitely make more sense. However, if this is to go to spark, I >>> will need similar equipment upfront as well. >>> >>> First create a UCM cluster. >>> Establish hybrid spark connectivity (this requires additional expressway >>> C instance for host connector stuff on top of expressway C&E pair) >>> >>> Since I have 3 locations with voice gateways, it make sense to have 3 >>> expressway (C&E) at least? If not, I can imagine that when I'm in US >>> calling someone US, the spark will connect to the UCM cluster located in >>> SG via that only expressway located in SG. The voice quality will be very >>> bad due to latency. The PSTN option directly via spark is very limited >>> currently. >>> >>> The setup is more or less the same eventually. Most likely we might be >>> able to save on CUWL license cost if those roaming users doesn't need a >>> phone profile in CUCM? >>> >>> On Mon, Jun 6, 2016 at 2:16 PM, James Buchanan < >>> james.buchan...@gmail.com> wrote: >>> >>>> Hello, >>>> >>>> I wonder if a cloud-based solution such as Spark wouldn't make more >>>> sense than implementing an on-premise system. >>>> >>>> James >>>> >>>> On Mon, Jun 6, 2016 at 2:14 AM, Ki Wi wrote: >>>> >>>>> Hi Group, >>>>> I have this customer requirement where they have 3 locations >>>>> (Singapore, US and UK) . Majority of their users will be on the move >>>>> (around the world). Users have to connect to the phone system via >>>>> Internet. >>>>> >>>>> The intention is to have the UCM cluster in Singapore and have the >>>>> expressway C/E pair in all the 3 locations mentioned. With the help of >>>>> GeoDNS solution, the jabber shall be able to look for the nearest >>>>> expressway to connect to. Optimize resource assignment (ie. >>>>> CFB/xcoder) nearest to them shall be taken care of by configuring device >>>>> mobility related profiles. >>>>> >>>>> Will this work? Since they have small amount of users, having multiple >>>>> clusters might not make sense and the users will be roaming across cluster >>>>> often + I don't see any benefits by doing so? >>>>> >>>>> >>>>> -- >>>>> Regards, >>>>> Ki Wi >>>>> >>>>> ___ >>>>> cisco-voip mailing list >>>>> cisco-voip@puck.nether.net >>>>> https://puck.nether.net/mailman/listinfo/cisco-voip >>>>> >>>>> >>>> >>> >>> >>> -- >>> Regards, >>> Ki Wi >>> >> >> > > > -- > Regards, > Ki Wi > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Expressway Design for new startup
Hi James, you are right regarding the phone registration on Spark directly. However, for the voice gateway connectivity for voice countries, looks like we will have to go via Hybrid method. :( If that's the case + customer have MPLS today. I will prefer to have the voice traffic over MPLS. At least we can tell them that when using deskphone, quality is guarantee. Regards, Ki Wi On Mon, Jun 6, 2016 at 3:12 PM, James Buchanan wrote: > Hello, > > I don't believe that's the case. According to Cisco, you register the > phones directly to Spark. Check out > http://www.cisco.com/c/en/us/solutions/collateral/unified-communications/hosted-collaboration-solution-hcs/datasheet-c78-736823.html#_Toc444123188 > . > > This could eliminate the need for a UCM at all as well as voice gateways > if I understand it correctly. > > Thanks, > > James > > On Mon, Jun 6, 2016 at 2:30 AM, Ki Wi wrote: > >> Hi James, >> It definitely make more sense. However, if this is to go to spark, I will >> need similar equipment upfront as well. >> >> First create a UCM cluster. >> Establish hybrid spark connectivity (this requires additional expressway >> C instance for host connector stuff on top of expressway C&E pair) >> >> Since I have 3 locations with voice gateways, it make sense to have 3 >> expressway (C&E) at least? If not, I can imagine that when I'm in US >> calling someone US, the spark will connect to the UCM cluster located in >> SG via that only expressway located in SG. The voice quality will be very >> bad due to latency. The PSTN option directly via spark is very limited >> currently. >> >> The setup is more or less the same eventually. Most likely we might be >> able to save on CUWL license cost if those roaming users doesn't need a >> phone profile in CUCM? >> >> On Mon, Jun 6, 2016 at 2:16 PM, James Buchanan > > wrote: >> >>> Hello, >>> >>> I wonder if a cloud-based solution such as Spark wouldn't make more >>> sense than implementing an on-premise system. >>> >>> James >>> >>> On Mon, Jun 6, 2016 at 2:14 AM, Ki Wi wrote: >>> >>>> Hi Group, >>>> I have this customer requirement where they have 3 locations >>>> (Singapore, US and UK) . Majority of their users will be on the move >>>> (around the world). Users have to connect to the phone system via Internet. >>>> >>>> The intention is to have the UCM cluster in Singapore and have the >>>> expressway C/E pair in all the 3 locations mentioned. With the help of >>>> GeoDNS solution, the jabber shall be able to look for the nearest >>>> expressway to connect to. Optimize resource assignment (ie. >>>> CFB/xcoder) nearest to them shall be taken care of by configuring device >>>> mobility related profiles. >>>> >>>> Will this work? Since they have small amount of users, having multiple >>>> clusters might not make sense and the users will be roaming across cluster >>>> often + I don't see any benefits by doing so? >>>> >>>> >>>> -- >>>> Regards, >>>> Ki Wi >>>> >>>> ___ >>>> cisco-voip mailing list >>>> cisco-voip@puck.nether.net >>>> https://puck.nether.net/mailman/listinfo/cisco-voip >>>> >>>> >>> >> >> >> -- >> Regards, >> Ki Wi >> > > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Expressway Design for new startup
Hi James, It definitely make more sense. However, if this is to go to spark, I will need similar equipment upfront as well. First create a UCM cluster. Establish hybrid spark connectivity (this requires additional expressway C instance for host connector stuff on top of expressway C&E pair) Since I have 3 locations with voice gateways, it make sense to have 3 expressway (C&E) at least? If not, I can imagine that when I'm in US calling someone US, the spark will connect to the UCM cluster located in SG via that only expressway located in SG. The voice quality will be very bad due to latency. The PSTN option directly via spark is very limited currently. The setup is more or less the same eventually. Most likely we might be able to save on CUWL license cost if those roaming users doesn't need a phone profile in CUCM? On Mon, Jun 6, 2016 at 2:16 PM, James Buchanan wrote: > Hello, > > I wonder if a cloud-based solution such as Spark wouldn't make more sense > than implementing an on-premise system. > > James > > On Mon, Jun 6, 2016 at 2:14 AM, Ki Wi wrote: > >> Hi Group, >> I have this customer requirement where they have 3 locations (Singapore, >> US and UK) . Majority of their users will be on the move (around the >> world). Users have to connect to the phone system via Internet. >> >> The intention is to have the UCM cluster in Singapore and have the >> expressway C/E pair in all the 3 locations mentioned. With the help of >> GeoDNS solution, the jabber shall be able to look for the nearest >> expressway to connect to. Optimize resource assignment (ie. >> CFB/xcoder) nearest to them shall be taken care of by configuring device >> mobility related profiles. >> >> Will this work? Since they have small amount of users, having multiple >> clusters might not make sense and the users will be roaming across cluster >> often + I don't see any benefits by doing so? >> >> >> -- >> Regards, >> Ki Wi >> >> ___ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> > -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Expressway Design for new startup
Hi Group, I have this customer requirement where they have 3 locations (Singapore, US and UK) . Majority of their users will be on the move (around the world). Users have to connect to the phone system via Internet. The intention is to have the UCM cluster in Singapore and have the expressway C/E pair in all the 3 locations mentioned. With the help of GeoDNS solution, the jabber shall be able to look for the nearest expressway to connect to. Optimize resource assignment (ie. CFB/xcoder) nearest to them shall be taken care of by configuring device mobility related profiles. Will this work? Since they have small amount of users, having multiple clusters might not make sense and the users will be roaming across cluster often + I don't see any benefits by doing so? -- Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Cisco UCM with Skype for Business
Hi Daniel, I guess the intra-domain federation is not the way to go as long as the "jabber for everyone" work for field staffs who doesn't need telephony function. Simple IM function fits their requirement. Thanks for the tips on MFA. I will explore more on this. Regards, Kin Wai On Thu, Apr 7, 2016 at 2:07 PM, wrote: > Hi KiWi, > > Intra-domain federation definitely covers the scenario where some users > are on 1 system while others are on another. In-fact it was designed more > as a migration tool to eventually migrate everyone to Cisco. If user kiwi > is IM enabled on SfB/Lync, he/she must not be IM enabled on Cisco > IM/Presence. If the hard phone is controlled by CUCI-Lync, then CUCI-Lync > can instruct Lync to change to status to Orange/Busy but that is coming > from Lync and nothing to do with CUPS. > > MFA on ADFS 3.0 works really well as does OpenAM - you could have 1st > factor as username/password, 2nd factor as TOTP time based token code (like > Google Authenticator). With regards to Client Certificates, they themselves > should be treated as a 2nd factor as if you were to logon to another device > that did not have the cert, login would fail. But more traditional 2FA > would use TOTP which can be integrated with both ADFS and OpenAM. > > > > On 2016-04-07 15:48, Ki Wi wrote: > > Daniel, > for 2 ways intra-domain federation. I suppose if covers scenario whereby > some users are on Jabber and some users are on SfB as documented. > > For example user "Ki Wi, k...@mycompany.com" uses SfB clients and uses > cisco hardphone. I answered on my hardphone. Will IM&P update SfB that Ki > Wi is busy/on the phone? > > If everyone is using SfB clients only then it will be fine but most of the > time, the client already have a lot of hard phones deployed or they simply > prefers hardphone. > > Multi-factor authentication via ADFS 3.0 . Anyone tried it? What is > choosen? > I believe on mobile client, it might be a challenge to present additional > "factor" such as client certificate. > > Regards, > Ki Wi > > On Thu, Apr 7, 2016 at 12:01 PM, wrote: > >> No Worries KiWi >> >> Regarding Presence, Partitioned Intra-Domain Federation supports two-way >> IM and Presence so you should be covered there. Regarding your security >> concerns, this can also be done. For example, you can achieve Multi-Factor >> Authentication out of the box using SAML SSO products (ADFS 3.0 and OpenAM >> both support MFA) which is supported over Expressway. If using Client >> Certificates for said authentication, you could have an MDM solution like >> Mobile Iron be the only way to distribute the certificates using SCEP. DDoS >> protection can always be achieved by ASA or 3rd Party Firewall. >> >> On 2016-04-07 13:08, Ki Wi wrote: >> >> Hi Matt, Alastair & Daniel, >> thanks! >> >> Looks like the deployment choices doesn't change much since OCS days >> except the additional of VCS option now only. >> For presence, seems like there's this product but I'm not sure it is 1 >> way or 2 way sync. Seems like UCM to Lync only. >> >> http://www.bridgeoc.com/products/licc/licc.htm >> >> Jabber is a fantastic application which client is using now. However, >> when it comes to Jabber on mobile via expressway. It is lacking of security >> measures in place. >> >> The client I have is very concern about identify theft for higher >> management. Therefore, single factor authentication is not sufficient. They >> wanted every client authenticating via expressway to be MDM managed. This >> is not available today and SFB apparently have a lot of 3rd party >> applications doing this. One of them is skypeshield which I found online. >> >> Jabber for everyone users are able to use expressway for free right? I >> saw on other threads here. Someone answered yes. >> >> Regards, >> Ki Wi >> >> On Wed, Apr 6, 2016 at 9:15 PM, Matt Slaga (AM) < >> matt.sl...@dimensiondata.com> wrote: >> >>> Another option, although not perfect, is using a hardware device like a >>> Kuandobox. >>> >>> >>> >>> http://www.plenom.com/products/kuandobox/ >>> >>> >>> >>> Works well in cube environments, but not so well in offices, or places >>> where users use speakerphone often. >>> >>> >>> >>> >>> >>> >>> >>> *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On >>> Behalf Of *Alastair Watts >>> *Sent:* Wednesday, April 6, 2016 8:28 AM >&
Re: [cisco-voip] Cisco UCM with Skype for Business
Daniel, for 2 ways intra-domain federation. I suppose if covers scenario whereby some users are on Jabber and some users are on SfB as documented. For example user "Ki Wi, k...@mycompany.com" uses SfB clients and uses cisco hardphone. I answered on my hardphone. Will IM&P update SfB that Ki Wi is busy/on the phone? If everyone is using SfB clients only then it will be fine but most of the time, the client already have a lot of hard phones deployed or they simply prefers hardphone. Multi-factor authentication via ADFS 3.0 . Anyone tried it? What is choosen? I believe on mobile client, it might be a challenge to present additional "factor" such as client certificate. Regards, Ki Wi On Thu, Apr 7, 2016 at 12:01 PM, wrote: > No Worries KiWi > > Regarding Presence, Partitioned Intra-Domain Federation supports two-way > IM and Presence so you should be covered there. Regarding your security > concerns, this can also be done. For example, you can achieve Multi-Factor > Authentication out of the box using SAML SSO products (ADFS 3.0 and OpenAM > both support MFA) which is supported over Expressway. If using Client > Certificates for said authentication, you could have an MDM solution like > Mobile Iron be the only way to distribute the certificates using SCEP. DDoS > protection can always be achieved by ASA or 3rd Party Firewall. > > On 2016-04-07 13:08, Ki Wi wrote: > > Hi Matt, Alastair & Daniel, > thanks! > > Looks like the deployment choices doesn't change much since OCS days > except the additional of VCS option now only. > For presence, seems like there's this product but I'm not sure it is 1 way > or 2 way sync. Seems like UCM to Lync only. > > http://www.bridgeoc.com/products/licc/licc.htm > > Jabber is a fantastic application which client is using now. However, when > it comes to Jabber on mobile via expressway. It is lacking of security > measures in place. > > The client I have is very concern about identify theft for higher > management. Therefore, single factor authentication is not sufficient. They > wanted every client authenticating via expressway to be MDM managed. This > is not available today and SFB apparently have a lot of 3rd party > applications doing this. One of them is skypeshield which I found online. > > Jabber for everyone users are able to use expressway for free right? I saw > on other threads here. Someone answered yes. > > Regards, > Ki Wi > > On Wed, Apr 6, 2016 at 9:15 PM, Matt Slaga (AM) < > matt.sl...@dimensiondata.com> wrote: > >> Another option, although not perfect, is using a hardware device like a >> Kuandobox. >> >> >> >> http://www.plenom.com/products/kuandobox/ >> >> >> >> Works well in cube environments, but not so well in offices, or places >> where users use speakerphone often. >> >> >> >> >> >> >> >> *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On >> Behalf Of *Alastair Watts >> *Sent:* Wednesday, April 6, 2016 8:28 AM >> *To:* kiwi.vo...@gmail.com; dan...@ohnesorge.me >> *Cc:* cisco-voip@puck.nether.net >> *Subject:* Re: [cisco-voip] Cisco UCM with Skype for Business >> >> >> >> >> >> I echo Daniel's comments below regarding the Lync/SfB integration, and >> recommend that you look at the reasons why you're choosing to integrate SfB >> - particularly with voice/video or with SfB mobile clients. >> >> >> >> In the last few months, Cisco acquired Acano, whose portfolio of products >> can assist with bridging SfB and CUCM when joining the two is required. >> >> >> >> I strongly recommend reviewing the Cisco Live talk that was presented >> earlier this year in Melbourne (available at >> https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=89886) >> , which goes into integration options between Lync/SfB and Cisco, including >> limitations, and includes the Acano product set and how it can assist with >> the integration. >> >> >> >> Al >> >> >> >> On 6 Apr 2016, at 17:10, Daniel Ohnesorge via cisco-voip < >> cisco-voip@puck.nether.net> wrote: >> >> >> >> You have a few options but none will suit your needs: >> >> >> >> - Partitioned Intra-Domain Federation from CUPS to Lync will provide >> IM/Presence >> >> - Direct SIP Trunk to Lync Mediation Server will provide the ability to >> call Enterprise Voice enabled Lync clients (no video) >> >> - VCS/Expressway to Lync Mediation Server with/without Media Bypass will >> provide v
Re: [cisco-voip] Cisco UCM with Skype for Business
Hi Matt, Alastair & Daniel, thanks! Looks like the deployment choices doesn't change much since OCS days except the additional of VCS option now only. For presence, seems like there's this product but I'm not sure it is 1 way or 2 way sync. Seems like UCM to Lync only. http://www.bridgeoc.com/products/licc/licc.htm Jabber is a fantastic application which client is using now. However, when it comes to Jabber on mobile via expressway. It is lacking of security measures in place. The client I have is very concern about identify theft for higher management. Therefore, single factor authentication is not sufficient. They wanted every client authenticating via expressway to be MDM managed. This is not available today and SFB apparently have a lot of 3rd party applications doing this. One of them is skypeshield which I found online. Jabber for everyone users are able to use expressway for free right? I saw on other threads here. Someone answered yes. Regards, Ki Wi On Wed, Apr 6, 2016 at 9:15 PM, Matt Slaga (AM) < matt.sl...@dimensiondata.com> wrote: > Another option, although not perfect, is using a hardware device like a > Kuandobox. > > > > http://www.plenom.com/products/kuandobox/ > > > > Works well in cube environments, but not so well in offices, or places > where users use speakerphone often. > > > > > > > > *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On Behalf > Of *Alastair Watts > *Sent:* Wednesday, April 6, 2016 8:28 AM > *To:* kiwi.vo...@gmail.com; dan...@ohnesorge.me > *Cc:* cisco-voip@puck.nether.net > *Subject:* Re: [cisco-voip] Cisco UCM with Skype for Business > > > > > > I echo Daniel’s comments below regarding the Lync/SfB integration, and > recommend that you look at the reasons why you’re choosing to integrate SfB > - particularly with voice/video or with SfB mobile clients. > > > > In the last few months, Cisco acquired Acano, whose portfolio of products > can assist with bridging SfB and CUCM when joining the two is required. > > > > I strongly recommend reviewing the Cisco Live talk that was presented > earlier this year in Melbourne (available at > https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=89886) > , which goes into integration options between Lync/SfB and Cisco, including > limitations, and includes the Acano product set and how it can assist with > the integration. > > > > Al > > > > On 6 Apr 2016, at 17:10, Daniel Ohnesorge via cisco-voip < > cisco-voip@puck.nether.net> wrote: > > > > You have a few options but none will suit your needs: > > > > - Partitioned Intra-Domain Federation from CUPS to Lync will provide > IM/Presence > > - Direct SIP Trunk to Lync Mediation Server will provide the ability to > call Enterprise Voice enabled Lync clients (no video) > > - VCS/Expressway to Lync Mediation Server with/without Media Bypass will > provide voice and video to Enterprise Voice enabled Lync clients > > - RCC (with Enterprise Voice disabled) will give you deskphone control of > your Cisco phones from Lync client > > - CUCILync (with Enterprise Voice disabled) will give you voice/video > softphone as well as deskphone control > > > > All of the above solutions cater different needs but you are limited with > mobile support. You can run Jabber on mobile devices in Phone-only mode and > then have separate Lync client for IM but that would be a bad user > experience. > > > > Unless there is a specific reason to use Lync/SFB, if you already have a > CUCM you may want to go Jabber and choose one of the above options. > > > > This is always a good read: > https://social.technet.microsoft.com/Forums/office/en-US/cef0dd13-1092-46ec-9d1c-6679511d2206/lync-cisco-cucm-rcc?forum=ocsvoice > > > > and: > http://www.justin-morris.net/cuci-lync-and-why-you-should-think-twice/ > > > > and finally: > https://supportforums.cisco.com/discussion/11500646/cupsjabberlynccucilynciphoneandriod-head-spinning > > > > Sent from my iPhone > > > On 6 Apr 2016, at 17:06, Ki Wi wrote: > > Hi Group, > > anyone have experience integrating ? > > > > The objective is to use Skype for business client for IM & voice/video > call. > > > > It seems like the legacy approach is to use CUCILYNC. However, that's for > windows desktop. If we use Skype for mobile clients, there's no such plug > in. > > > > Is there a way to achieve presence synchronization between UCM and Skype > presence service? > > Assuming they are using the same URI ? > > + > > Able to leverage on UCM to receive and initial calls. > > > > Rega
[cisco-voip] Cisco UCM with Skype for Business
Hi Group, anyone have experience integrating ? The objective is to use Skype for business client for IM & voice/video call. It seems like the legacy approach is to use CUCILYNC. However, that's for windows desktop. If we use Skype for mobile clients, there's no such plug in. Is there a way to achieve presence synchronization between UCM and Skype presence service? Assuming they are using the same URI ? + Able to leverage on UCM to receive and initial calls. Regards, Ki Wi ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Collaboration Edge for Jabber
Anyone tested it with VCS 8.1 Release? Does Jabber functions properly when connected to public internet without VPN? Any function which is not working at this "preview" release ? ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip