Jabber design and configuration

Local Edition

Jabber Design and Configuration

John Rosinski

Collaboration Consulting Systems Engineer

© 2014 Cisco and/or its affiliates. All rights reserved.Presentation_ID Cisco PublicLocal Edition

Agenda

• Introduction

• Jabber Update

• Service Discovery

• Persistent Chat

• Federation Overview

• Conclusion

2

Local Edition

Introduction


4

What is Jabber?

• Named after 2008 acquisition of Jabber, Inc. who helped create the XMPP protocol.

• Jabber is not a product.

• Jabber is a family of products with common capabilities on a range of devices

• Offers choice of delivery mechanism.

• Enables users to work anywhere on most common devices available


• Investment in client alignment is enabling greater commonality in terms of deployment, configuration and features

Jabber Client FrameworkCommon Client Codebase

Jabber forWindows

Jabber forMac

Jabber foriOS

Jabber for Android

Service Discovery& Configuration

ContactSearch

Remote Worker(VPN less)

SSO andIdentity

Cisco JabberClient Feature and Framework Alignment

Local Edition

Jabber Update


Key New Features in Cisco Jabber 10.5 ReleaseVisual refresh (Windows / Mac*)

SSO Support

Hunt Group Login (Windows)

G.722 Wideband Support

Persistent Chat (Windows)

SIP URI Support

Windows 7/8/8.1 32/64bit Support

* Late September FCS for Mac

[email protected]


Single Sign On• Jabber 10.5 supports SAMLv2 based SSO

• Supported in cloud, on premise and hybrid deployments– Supported with UC Manager 10.5 +

• Jabber users need to authenticate once with an Identity Provider (IdP) to gain authorization and access to provisioned services– Users no longer required to provide credentials

multiple times for UC services

• Supported IdPs’– Ping Federate 6.10.0.4– Microsoft AD Federation Services (ADFS) 2.0– OpenAM 10.1

• Embedded browser (form based), Smart card and Kerberos Authentication supported


Current Versions

10.5 on Windows (Aug 2014)• Persistent chat• Custom contacts• Group chat enhancement• Accessories support• Targeted FCS – March, 2014

9.6.1 on Mac• Mavericks support• CWMS support• Desktop alignment (screen capture, IM

archiving notification, etc.)• Targeted FCS – April, 2014

9.6.1 on iPhone & iPad• Universal client• iOS 7 UE update*• Secure phone (SIP over TLS & sRTP)• Admin control over user saving password

on the device• Targeted 9.6.1 FCS – Early April, 2014

9.6.2 on Android Smartphone• Unified client with video• Secure phone (SIP over TLS & sRTP)• Admin control over user saving password

on the device• Targeted FCS – Early April, 2014

* Jabber for iPhone and iPad 9.6.1 or later


Cisco Jabber Voice 9.1

• Rebranded from previous Jabber for iPhone/Android

• Separate apps in App Store/Google Play (no auto-update)

• In maintenance mode (no new features)

• Registers directly to Unified CMVoice only (no video support)

• No IM/presence service

• No Cisco Expressway support

Cisco Jabber Video 9.3

• Rebranded from previous Jabber for iPad

• Separate app in App Store (no auto-update)

• In maintenance mode (no new features)

• Without presence service,– Registers to VCS* as phone only mode

– Registers to Unified CM as phone only mode

• No Cisco Expressway support

“Jabber Voice” & “Jabber Video”

Local Edition

Service Discovery


What is Service Discovery?

• Jabber’s cross platform initiative– Windows, Mac OSX, iOS & Android

• Enables Jabber to automatically acquire client configuration using Service Discovery Process– UC services domain

– Operating mode (on-premises, cloud or hybrid)

– Operating location (inside or outside corporate network)

– Home cluster in multi-cluster environment

Cloud orOn-Premises

(Mode Detection)

ClientLocation

(Edge Detection)

???

UC Service(Cluster &

Profile Detection)

Benefits

• Enhanced end user experience– No prompt to ask for configurations

• Reduced chance of support calls due to misconfiguration by the end user


Cisco Jabber & UC Services

• To subscribe UC services, Jabber needs to know:– Where the services are

– How to authenticate the user

• Such information can be provided by:– Service discovery (automatic)

– Bootstrap or URL Configuration provided by the system admin

– Manual entry by the end user during first time login

Service Discovery

URL ConfigurationBest End User Experience


What Triggers Service Discovery Process on Jabber?

• First time user login– When no locally cached information available

• Network change events– When the user moves from outside to inside corporate network

• Transport errors (SIP, XMPP & HTTP)– When the user moves from inside to outside corporate network

Note: DNS SRV lookup is performed only when there is a real-time network activity to save battery life on mobile platforms.


UC Services Domain Discovery at First Login Options • Must discover the UC services domain on the very

first run of Jabber

Option 1– Jabber can prompt end user to enter User ID with domain

name (form of email address or Jabber ID)

– Jabber will use domain portion of data entered by user to resolve service type (on-premises or cloud)

– Jabber will cache domain information for future logins

Option 2 (Better user experience)– Administrator can provide the domain information via

either Windows Installer or URL Configuration

– End user is not prompted to enter the domain information (email address)

– Jabber will cache domain information for future logins

[email protected]


Service Discovery at Subsequent Logins

• Jabber will use the ‘cached’ information to connect to UC services– No service discovery process

– End user will not get prompted for email address (UC services domain)

• If the connection to the login service is failed, service discovery will be triggered


Operating Mode Selection

Priority Service HTTP Request / DNS SRV

1 WebEx Messenger HTTP CAS lookup

2 Unified CM 9/10.x _cisco-uds._tcp.example.com

3 Cisco Presence 8.x _cuplogin._tcp.example.com

4 Cisco Expressway _collab-edge._tls.example.com

Messenger

http://loginp.webexconnect.com/cas/FederatedSSO?org=[DOMAIN]

DNS SRV Lookups

DNS (internal or external)

Jabber uses service discovery to learn about the operating mode

• The highest priority returned record will be used for connecting to UC services

• Jabber sends all requests (HTTP request & DNS SRV Lookup) simultaneously no matter what is returned from each request

HTTP Request to CAS

DNS Queries


Determining Operating Location

• Jabber can automatically determine if it is inside or outside the corporate network

• JCF Service Discovery component issues:– DNS queries for _cisco-uds & _cuplogin– A HTTP request to WebEx CAS

• DNS SRV lookup for Expressway is initiated by JCF Edge Detection component– DNS query for _collab-edge to be made

even if other records are present

Internal DNS_cisco-uds_cuplogin_collab-edge

_cisco-uds_cuplogin

HTTP request to WebEx CAS

External DNS_cisco-uds_cuplogin_collab-edge

_collab-edge

HTTP request to WebEx CAS


Service Discovery Flow – On-Premises Deployment

Messenger

clopez @ example.com

Internal DNS

Central UCM UDS

Home UCM Cluster

UCM IM/P

Unity Connection

WebEx Meetings Server

DNS SRV lookup

HTTP Request to CAS URL for example.com

example.com is not WebEx domain

Look for home UCM cluster

Home UCM cluster address

2

2

3 5

6

4

3 UC Profiles via TFTP

_cisco-uds_cuplogin

Central UCM UDS address

7 User log in

UCM Call Control

Connect/Register8

1


Service Discovery Flow – Outside Corporate Network External DNS Expressway-E Firewall Expressway-C Internal DNS Home UDS Home TFTP IM & P

DNS queries

_collab-edge

Establish TLS connection

Request for edge configRequest for edge config

DNS queries

_cisco-uds

User authentication

Respond with edge config dataRespond with edge config data

….

Cisco Jabber

All subsequent messages

….

UCM, TFTP, IM/P SRVSIP, XMPP, HTTP edgeEtc.

Jabber determines whether it’s inside or outside using the results from DNS SRV lookups.Outside if neither _cisco-uds or _cuplogin returns

DNS SRV lookups


Customized Installer for Windows Platform

• Pre-populate with UC services domain so the “email” prompt is not displayed

• Provide separate services domains for on-premises or edge services

• Settings can be specified either using:– Command Line Switches– MSI installer packaging/transformation

using MST file

SERVICES_DOMAINSet to domain for login service (WebEx Messenger, Unified CM or IM and Presence Service)

VOICE_SERVICES_DOMAINSet to domain used for discovering Cisco Expressway infrastructure (_collab-edge)

AUTHENTICATORSet to authentication service name if service discovery is not used or fails (WEBEX, Unified CM or IM and Presence Server)

TFTPUnified CM TFTP address if Service Discovery is not used or fails

Orca MSI Editor Shown


URL Configuration for Non-Windows Platforms

• For Mac, Android & iPhone/iPad

• End user needs to download/install Jabber client prior to executing URL configuration

• During download/installation, Jabber registers the ciscojabber protocol handler

• Administrator creates URL & sends to users using email or wikiciscojabber://provisionServicesDomain=example.com&VoiceServicesDomain=video.example.com

• Then the user clicks the URL, Jabber is cross-launched & the information in the URL will be provided for service discovery


Manual Configuration• When service discovery is not used or fails

• User can specify operating mode & server addresses

• Manual configuration is not available for remote access operation via Cisco Expressway

Manual configuration option should be considered as a last resort. It will NOT provide the best end user experience.


Important Unified CM Configurations for Service Discovery

• Home Cluster & UC Service Profile assignment in End User Configuration

• Owner User ID Assignment in Phone Configuration (for Unified CM 9.x)


Excluding WebEx Service for On-Premises DeploymentIssue

– User will be asked to sign in to WebEx Messenger even in on-premises UC deployment (IM and Presence service)

Reason– Organization is currently subscribing or previously

demoed/piloted WebEx services (web conferencing or Messenger)

– HTTP request to WebEx CAS will return as a WebEx domain

Solution*– Use ‘SERVICEDISCOVERYEXCLUDEDSERVICES’

parameter in MST file or in URL Configuration string to exclude WebEx

Messenger

clopez @ example.com

DS SRV lookup

HTTP Request to CAS URL for example.com

_cisco-uds_cuplogin

Central UDS address

Exclude WebEx service

Local Edition

Persistent Chat


Persistent Chat is Back and … even Better

• Implemented features & capabilities requested by customers

• More configuration granularity in IM and Presence Administration GUI

• Enhanced UI design (still similar to standard group chat)

• Additional database support (Oracle)

• Only end-user functions in Pre-10.5 (administrator functions in Jabber with 10.5)


Summary of Requirements

• Supported only with on-premises IM and Presence Service 10.0 or higher (Not for WebEx Messenger)

• Must be enabled & configured in IM and Presence Service – Otherwise, the chat room will not show up on Jabber

• Requires external database– PostgresSQL 8.3.x – 9.1.1– Oracle 11G, 10G, or 9G

• Disabled in Jabber by default– To enable, use “Persistent_Chat_Enabled” key under Policies in

jabber-config.xml

• Requires a standard-compliant XMPP client for administration Pre-10.5*– Recommends MomentIM client

* In 10.5 release, as part of Persistent Chat Phase 2, the admin is able to use Jabber to create/manage persistent chat rooms.

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=7RuDlCB9V_QYBM&tbnid=EJC4_vcP9E-qLM:&ved=0CAUQjRw&url=http://bsnyderblog.blogspot.com/2011/09/installing-postgresql-90-on-mac-os-x.html&ei=TlKSUbjEGqfk4APE-YC4Cg&psig=AFQjCNHfVUQn7OTca8Npa3J4gTKSPclU8g&ust=1368630073482523


Cisco IM and Presence Compliance

• Three compliance vendors support the Cisco IM & Presence offering– Actiance Vantage– Verba– DataParser

• Actiance and Verba provide a compliance solution that does an integration with the IM&P Event Broker interface and stores IM within their own backend DB environment

• DataParser uses IM messaging that has been stored in PostgreSQL (and Oracle starting in 10.0) via the IM&P message archiver interface. It transcribes the IM sessions so that they can be stored in the company email archiving environment. They support interfaces to most of the major email archiving systems.


User vs. Group Chat AdministratorU

ser • Browse/join chat rooms

• Refresh the room list• Show/hide participants list• Pop-out conversation tabs• Load all the messages from

the beginning of the chat room

• Filter & aggregate incoming chat messages (using user-defined keywords) A

dmin

istr

ator • Create chat rooms

• Invite users to chat rooms• Kick or ban users• Ban – Remove users from a

room permanently & won’t let them re-enter the room

• Kick – Remove users from a room temporarily but let them re-enter the room

• Revoke Voice – Allow users for read-only access to the room


Rooms Tabs

• The catalog of chat Rooms on the server• User can refresh list• Open or Closed rooms• Icon indicates the rooms you’re a member of

• The list of rooms you’re a member of• Shows the name of the room & the subject• Listed alphabetically by room name• Shows the timestamp of the last message sent into that room• Badges/bolding indicates unread messages• Double click to open a chat room

All roomsMy rooms


Chat Room Conversation

• Integrated into Jabber conversation window• Tab icon differentiates Chat Rooms from Group

Chats• Font & emoticons as normal• Ability to show/hide the participant list• Support participant list of up to 300

• Pop-out IM conversation tabs in separate windows

• Not limited to chat rooms• Each tab remembers size &

position• Multi-monitor support

• Loads more message history from the server

• Retrieves ~100 messages at a time to the beginning


Notifications

33

Notification service on hub window

Notification on “My Mentions”

Multiple Notifications


Filters

• Able to filter & aggregate incoming messages

• User specified criteria• Label• Keywords and/or senders

• Apply to all rooms in “My rooms”• Apply from point of creation onwards• Match messages sent even when offline

Creating a filter for the phrase “SEVT”

• Aggregates matched content across all chat rooms

• Shows matched terms highlighted• Filter matches listed

chronologically• Click a filter match to load original

chat to read context


Mentions

• While typing in the IM input box, press “@” to bring up

“mention dialog”• Search Contacts/Recents and Directory for contact• Click to start P2P chat• Can be sent in any IM conversation• When people mention me in any chat rooms in which I’m

a member, that IM goes into “My mentions” filter.


Local (Cached) Chat History Encryption

• Chat room history is cached locally on the client in SQLite databases

• All cached chat room content is encrypted with AES 256-bit encryption

• No mechanism to inspect the contents

• Data location on disk:– C:\Users\<WindowsLogin>\AppData\Local\Cisco\Unified

Communications\Jabber\CSF\History\<Username>\

• If data is deleted, Filter data will be lost


Key IM and Presence Service Configurations

• Configure database servers on IM and Presence

• Enable Persistent Chat & assign database server per IM and Presence node

• Configure Group Chat Administrators


Persistent Chat Architecture

Database Sync

IDS Global User Data Replication

Unified CM Publisher

Unified CM IM and Presence Service Cluster

Sub-cluster 1 Sub-cluster 4Sub-cluster 2

Sub-cluster 3

ODBC

Important: Each node in the Unified CM IM and Presence Service cluster requires a separate database instance for persistent chat. The database instances can share the same hardware, but are not required to.

Unique Separate Database Instance

Unique Database Instance

PostgresSQL or Oracle database


Database Configuration in IM and Presence Service

• Choose Postgres or Oracle as Database Type (Postgres by default)

• When Oracle is selected, Tablespace needs to be specified

• The external database can be assigned to IM and Presence Service for Persistent Chat or Message Archiver

Messaging > External Server Setup > External Databases

Note: IM and Presence Service does not provide a secure TLS/SSL connection to the external database.

Local Edition

Federation Overview


41

Federation Protocols

• Exchange of presence and IM carried over multi-protocol options

• XMPP and SIP – dominant industry standards for federation of presence and IM services

• Unlocks many B2B and B2C federations

3rd Party


User Identification

[email protected] ID or “JID”

“Jabber” DomainCluster UserID

• Consider your Jabber domain carefully, you’ll live with it for a while!

• Multi-modal communications address (Email, IM, Voice, Video & Federation)

• User created on UC Manager (can be synced from LDAP, AD Server)

• Presence domain is configured on IM & Presence Server


Know your domains

Deployment of a single domain via Default Domain or multiple domains via DirectoryURI

43

IM and Presence Service Default Domain: cisco.comUser: John SmithUserid/sAMAccountName: js12345mailid: [email protected] URI: [email protected]

IM Address Format Directory URI Mapping IM Address

User_id@default_domain N/A [email protected]

Directory URI mailid [email protected]

Directory URI msRTCSIP-PrimaryUserAddress [email protected]

Local Edition

Federation Models

44


External Federation is the sharing of Enterprise Instant Messaging (IM) and Presence between corporate domains – further lowering the boundaries to collaboration for both B2B (Business to Business) and B2C (Business to Consumer)

Unlock B2B and B2C Collaboration


Internal Federation allows for communications between other Cisco Jabber or Microsoft based domains within your enterprise

Sub-domains, subsidiaries or partner domains that you control

Cisco Jabber Branch Domain

Cisco JabberDomain

Microsoft IM Branch Domain


Partitioned Intra-Domain Federation is the sharing of Enterprise Instant Messaging (IM) and Presence between Unified Communication vendors within a single presence domain – this model is used as a migration tool from Microsoft to Cisco Infrastructure or as a permanent federation deployment.

Cisco Jabber

Microsoft IM

Seamless migration path from Microsoft to Cisco

Local Edition

Planning Cisco Jabber FederationWhich federation model?


External Federation to a 3rd party SIP domain

Federated Vendor

• Microsoft OCS R2

• Microsoft Lync

• AOL

• No Federation options provided by MSFT for Lync Cloud

Can utilize XMPP if Microsoft

XMPP gateway or Lync 2013 XMPP service

is installed

SIP Recommended as it’s Natively supported on Microsoft

Requires partner to have

Microsoft XMPP gateway

installed

Requires AOL XMPP/SIP Gateway

49

On-Prem IM&P


50

External Federation to a 3rd party XMPP domain

Federated Vendor

GoogleTalk?

IBM Sametime

OpenFire

Other Cisco Jabber

XMPP Standards based vendor

On-Prem IM&P


51

Partitioned Intra-Domain Federation to Microsoft

Known as Partitioned Intra-Domain Federation

On–premise only

SIP Based

Jabber to– Microsoft OCS 2007 R2– Microsoft Lync 2010– Microsoft Lync 2013

On-Prem IM&P


IM & Presence Multi-Domain Federation

• More than a single domain for federation can be configured– Domains are automatically discovered when using DirectoryURI, or manually added by the

administrator

• DNS SRV records need to be published for each email domain– Each DNS SRV record should resolve to an identical set of results, where XMPP federation

is a list of all XMPP federation nodes and SIP federation is the Public FQDN of the Routing IM & Presence node

• Federation with multiple email domains also requires regeneration of the security certificates cup-xmpp (certificate presented to XMPP clients) and cup-xmpp-s2s (certificate presented to federated systems)– For both certificates, all domains must be included as Subject Alt Name (SAN) entries– A manual administrative configuration gives the administrator the option to pre-populate the

domains to avoid having to regenerate the certificates every time a new domain automatically gets discovered

Local Edition

Conclusion


Key Takeaways• Cisco Jabber supports URI Dial• Service Discovery allows for easier client configuration• Persistent Chat provides Jabber for Windows users with manageable static chat

room capabilities• Federation capabilities have expanded to include inter-domain as well as

partitioned intra-domain support for Microsoft Lync• Overall success of Jabber deployment, for both internal and external use cases

hinges on DNS configuration


DNS SRV Record Reference Examples

_xmpp-client._tcp.example.com SRV 0 5 5222 c2s.example.webexconnect.com (for clients)

_xmpp-server._tcp.example.com SRV 0 1 5269 c2s.example.webexconnect.com (for peer servers)

_cuplogin._tcp.example.com SRV 0 1 8443 cup.example.com

_cisco-uds._tcp.example.com SRV 1 5 8443 cucm1.example.com (Publisher)

_cisco-uds._tcp.example.com SRV 2 20 8443 cucm2.example.com (Subscriber 1)

_cisco-phone-tftp._tcp.example.com SRV 0 0 69 cucm.example.com (TFTP)

_cisco-phone-http._tcp.example.com SRV 0 0 80 cucm.example.com (CCMCMIP)_sip._tcp.example.com SRV 0 0 5060 vcsc.example.com (VCS Control – Internal)_sip._tcp.example.com SRV 0 0 5060 vcse.example.com (VCS Expressway – External)

_ciscowtp._tcp.jabber.com SRV 0 0 443 boot.ciscojabbervideo.com (Free Jabber Video)

_collab-edge._tls.example.com SRV 0 0 8443 expe.example.com (Expressway E)


Collaboration SRND: http://www.cisco.com/go/ucsrnd IM & Presence Product Page: http://www.cisco.com/en/US/products/ps6837/ http://www.cisco.com/c/en/us/products/unified-communications/unified-presence/index.html Inter-Domain Federation 10.0:http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/10_0_1/CUP0_BK_I0607EF2_00_integration-guide-interdomain-federation-100.html Inter-Domain Federation 9.1:http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/9_1_1/CUP0_BK_IB27169T_00_interdomain-federation-integration-guide-9_1_1.html Inter-Domain Federation 8.6:http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_6/english/integration_notes/Federation/CUP_8-6_Interdomain_Federation.html Partitioned Intra-Domain Federation 10.0:http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/intradomain_federation/10_0_1/CUP0_BK_I264FBF0_00_integration-guide-intradomain-federation-100.html Partitioned Intra-Domain Federation 9.1: http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/intradomain_federation/9_1_1/CUP0_BK_PFB0D200_00_partitioned-intradomain-guide-911.html Partitioned Intra-Domain Federation 8.6: http://www.cisco.com/en/US/docs/voice_ip_comm/cups/8_6/english/integration_notes/Federation/Intradomain_Federation/Partitioned_Intradomain_Federation.html

UC, IM&P and Federation Resources

http://www.cisco.com/go/ucsrnd

http://www.cisco.com/go/ucsrnd

http://www.cisco.com/en/US/products/ps6837/

http://www.cisco.com/c/en/us/products/unified-communications/unified-presence/index.html

http://www.cisco.com/c/en/us/products/unified-communications/unified-presence/index.html

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/10_0_1/CUP0_BK_I0607EF2_00_integration-guide-interdomain-federation-100.html



http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/9_1_1/CUP0_BK_IB27169T_00_interdomain-federation-integration-guide-9_1_1.html



http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_6/english/integration_notes/Federation/CUP_8-6_Interdomain_Federation.html



http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/intradomain_federation/10_0_1/CUP0_BK_I264FBF0_00_integration-guide-intradomain-federation-100.html



http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/intradomain_federation/9_1_1/CUP0_BK_PFB0D200_00_partitioned-intradomain-guide-911.html



http://www.cisco.com/en/US/docs/voice_ip_comm/cups/8_6/english/integration_notes/Federation/Intradomain_Federation/Partitioned_Intradomain_Federation.html




Expressway ResourcesCisco Expressway Main Page: http://www.cisco.com/c/en/us/solutions/collaboration/collaboration-edge-architecture/index.html

Cisco Expressway Admin Guide: http://www.cisco.com/en/US/docs/voice_ip_comm/expressway/admin_guide/Cisco-Expressway-Administrator-Guide-X8-1.pdf

http://www.cisco.com/c/en/us/solutions/collaboration/collaboration-edge-architecture/index.html



http://www.cisco.com/en/US/docs/voice_ip_comm/expressway/admin_guide/Cisco-Expressway-Administrator-Guide-X8-1.pdf




Local Edition

Technology

Jabber design and configuration