TECCOL-2225.Pdf

TECCOL-2225

Microsoft Skype for Business and Cisco Collaboration Best Practices for a successful coexistence and migration

Davide Preti - Technical Marketing Engineer Fabio Chiesa – Technical Solutions Architect What this Technical Seminar is and what it is not.

We think it’s important to start from a common base knowledge for this session. This session is about INTEROPERABILITY. It isn’t about COMPETITIVE. What does this mean? It means that we are not going to discuss what you should buy. We are not comparing our solution with the Microsoft solution. We are not going into “why one should opt for one solution or the other, migrate or not”. This is a Technical Seminar and we will discuss TECHNICAL aspects.

Having said that… our solution is 1000 times better, of course!

In order to answer as many answers as we can we kindly ask you to use Webex Teams where the other speaker will be actively answering questions during the session.

NOTE: At the end of this presentation there are several Appendixes with additional information for your reference.

At the end of the session, you should be able to: Design the best interoperable architecture for your environment Integrate Instant Messaging & Presence, Voice and Video Understand how to plan and execute a migration from Skype for Business to a Cisco Unified Communications solution

…or they failed in implementing it

• Customer Scenario

• Solution Prerequisites

• IM&P integration

• Voice/Video Integration

• Middle Server

• Users Migration

• B2B Federations

• Summary

• Future Direction

• Customer Scenario

• Solution Prerequisites

• IM&P integration

• Voice/Video Integration

• Middle Server

• Users Migration

• B2B Federations

• Summary

• Future Direction

Intracompany Federation - a federation between users/systems part of the same company. Intracompany federations can be: • Partitioned Intradomain Federation - a federation between users sharing the same PRESENCE domain. Users are PARTITIONED between different systems. • Interdomain Federation - a federation between users belonging to different domains (i.e. @holding.com; @subsidiary.com B2B Intercompany Federation - a federation between users belonging to different companies. Tipically over internet. Intercompany federations are Interdomain by nature. Our today case is based on a migration between two different platforms. All users belong to the same organization (INTRAcompany) and share the same domain (INTRAdomain). Users can’t co-exist on both platforms at the same time (i.e. User John having SfB desktop client on his PC and Jabber Mobile client on his smartphone). That would be a UNIONED Intradomain Federation and is not available as solution.

Skype for Business Server would route all the Payloads for a domain to a single destination. In order to route different Payloads to the appropriate Back End, we need a middle server able to analyze, recognize and route traffic accordingly. Cisco provides two possible “Middle Server” solutions. Both based on Expressway-C

SIP Broker Traffic Classification Expressway-C

@company.com CUCM Expressway-C Lync Gateway A/V @company.com CUCM SfB Pool A/V CUCM IM/P SfB Pool CUCM IM/P CMS Call Bridge Legacy Solution Target Solution

Traffic Classification is a powerful tool of Expressway X8.9+. First available for Business to Business Federation and now available for Intracompany too. Traffic is recognized and classified in “SIP Variants”. It can be classified as: • Standard-based • All Microsoft Variants • Microsoft AV&Share only • Microsoft SIP IM&P only. Search Rules take SIP Variants into consideration to route traffic accordingly. An external transcoder, Cisco Meeting Server, is needed for video interoperability with Skype for Business.

Not all the company domains need to match Often Companies have different AD/DNS/Email domains • i.e. email: [email protected] • i.e. AD userid: company\bbanks • i.e. DNS internal domain: company.local

Jabber supports complex scenarios where network domains are misaligned

If all the domains are the same, life is easy (Perfect Italian Coffee)…..

Service DNS EDGE Presence SIP (Voice) AD SMTP Domain Domain Domain Domain Domain Domain Domain (XMPP) BUT…If domains are different, we can design a workable solution

If all the domains are the same, life is easy (Perfect Italian Coffee)…..

Service DNS EDGE Presence SIP (Voice) AD SMTP Domain Domain Domain Domain Domain Domain Domain (XMPP) BUT…If domains are different, we can design a workable solution

Services DNS EDGE Presence SIP (Voice) AD SMTP Domain Domain Domain Domain Domain Domain Domain

• Customer Scenario

• Solution Prerequisites

• IM&P integration

• Voice/Video Integration

• Middle Server

• Users Migration

• B2B Federations

• Summary

• Future Direction

Company.com is a European company with 10,000 Employees. They have Unified CM and Cisco phones, plus several TelePresence endpoints. Years ago they adopted Microsoft Skype for Business as UC platform for Instant Messaging and Presence. Two sw releases later they’ve realized that platform will never become standard and interoperable. They recently evaluated a migration to O365 but quickly found out that integration with their IP Telephony system, TelePresence Endpoints and B2B calls with standard endpoints were key to them. That’s why they are now migrating to Cisco Jabber, instead. They’re changing platform but want to keep the existing company domain and URIs.

Many customers have a combined solution in place. Skype for Business as IM&P, Audio/Video Peer to Peer client, plus a Cisco environment for IP Phones and/or TelePresence devices.

Less often customers have both Jabber in Full Mode (which means SoftPhone + IM&P) and Skype for Business. Typically these are different subsidiaries of the same company using different solutions and requiring internal federation.

In that case we talk about coexistence of the two solutions. Coexistence can be interdomain or intradomain.

Then we have customers approaching migrations. As said above ’’They’re changing platform but want to keep the existing company domain and URIs’’

Migrations are typically intradomain.

What is the difference in planning a coexistence vs a migration? Almost none. A Migration is a time-limited coexistence. In fact, 99% of the tasks needed to migrate from one solution to the other are about the coexistence of the two platforms. Once you have implemented the interop solution, you are ready to migrate users.

Recap: You first implement the coexistence (interoperability) and then you migrate.

Assumptions: But we also support: CUCM 12.5 single cluster Multiple CUCM clusters AD Integration for Authentication and Contacts Search AD-LDS Jabber 12.5 Expressway X12.5 Skype for Business 2015 Enterprise Edition SfB Standard Edition Skype for Business 2015 Single Pool Multiple Pools Skype for Business users in one SIP/PRESENCE Domain SIP/PRESENCE Multidomain Skype for Business Users are enabled for IM&P+Video Enterprise Voice Microsoft B2B Federations in place

DMZ Skype for Consumer B2B and TURN AD & DNS Certification SIP Integration happens here Authority

Remote SfB Users

SfB Edge

Federated Shared Storage for Front End Back End Office Web Businesses SQL & File Share Pool & (SQL Cluster) Application AV-MCU Scheduling integration

Reverse Proxy

PSTN Exchange

Media Gateway Director Mediation Server

• Customer Scenario

• Solution Prerequisites

• IM&P integration

• Voice/Video Integration

• Middle Server

• Users Migration

• B2B Federations

• Summary

• Future Direction

Interoperability requires constant updates. Improvements and Fixes are released on a quarterly basis across our product porfolio (i.e. Expressway; CMS; IM&P Server) Even if earlier sw versions provide Microsoft interoperability, we strongly suggest to upgrade at least to:

• CUCM/IM&P 11.5.1SU4+

• Jabber UC client 11.5

• VCS/Expressway X8.11+

• CMS 2.3+

• Lync 2013/Skype for Business2015 (SfB 2019 validation in progress - Targeted April 2019*)

• Skype for Business Online (O365) *Subject to change

Microsoft Teams is not based on SIP and the previous Interoperability solution is not working anymore During Q4 CY18 Microsoft released «VTC interop Services» provided by few named ecosystem partners. Only at that point they opened the «Team Collaboration API» to the broader developer community. Cisco is fully committed to continue to provide an Interoperable solution with Microsoft, as reported in this public blog - https://blogs.cisco.com/collaboration/cisco-microsoft-integration We are currently working in two directions:  Extending the Microsoft Teams User Interface with plug-in and automated Bot (available now)  Investigating on requirements, architecture and capabilities of the new API with the goal to achieve native video interoperabliity (roadmap, with timeline TBD but targeting 2HCY19)

• Customer Scenario

• Solution Prerequisites

• IM&P integration

• Voice/Video Integration

• Middle Server

• Users Migration

• B2B Federations

• Summary

• Future Direction

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 IM&P Integration - Partitioned Intradomain Migration to a Jabber Environment – How? Flash Cut End user “leaves on Friday using the old client, when they come in on Monday, they uninstall the old client and download the new client” or it is done automatically using software management. Parallel Deployment End user running the old client installs the new client in parallel IT sends out a notice that on certain date the old client will no longer be supported Slow Roll Involves having both environments interacting with each other via federation Issues with migrating contacts (also needed for flash cut and parallel), setting up routing between environments, and keeping contacts current at each step of the migration The most challenging, but what most customers expect

Jabber Both servers look up at the Skype for Business XMPP same User base (LDAP SIP Integration)

SIP Static Routing Microsoft Unified CM IM & Presence Front End

Static routing is needed on both platforms to route their own PRESENCE domains externally

Partitioned Intradomain federation provides two routing modes to route SIP requests from IM and Presence Service to the Microsoft servers:

• Basic Routing (default) IM and Presence Service routes a request to SfB if the request recipient is within any of the domains in the IM and Presence Service cluster but is not a licensed IM and Presence Service user • Advanced Routing When Advanced Routing is enabled, IM and Presence Service routes the request to the Microsoft server when both of the following conditions are met: • The request recipient is within one of the IM and Presence Service domains but is not a licensed IM and Presence Service user • The request recipient has a valid Microsoft SfB or Microsoft Office Communicator SIP address stored in the IM and Presence Service database

NOTE: Advanced Routing is supported only when you have a single-cluster IM and Presence Service deployment

Instant Messaging • Point-to-point Message Exchange (IM) • Plain text IM format • Typing indication • Basic emoticons Note: Due to the proprietary nature of Microsoft server group chat functionality, partitioned intradomain federation does not support group chat between Jabber clients and Microsoft Skype for Business clients Presence CUCM IM/P maps the two different set of user’s states following the rules reported in the next slides

Cisco Jabber Skype for Business

Available Available

Busy Busy

Do Not Disturb Busy

On the Phone Away

Offline Offline

Skype for Business Cisco Jabber

Available Available

Busy Busy

Do Not Disturb Busy

Be Right Back Away

Away Away

In a call Busy

Offline Offline

In order to migrate from Skype, users’s Jabber Identifier (JID) must match with Skype URIs. SfB store its users’s URIs in the msRTCSIP-PrimaryUserAddress AD attribute. Jabber Identifier (JID) can be the default user@default_domain or can be based on the DirectoryURI. Unified CM IM & Presence supports DirectoryURI as an option for IM Address Schema. This can be mapped to mail or msRTCSIP-PrimaryUserAddress AD attribute. DirectoryURI mapping is configured in the Unified CM LDAP Directory administration. DirectoryURI is a global configuration; therefore, all clients in the deployment must be able to handle it.

1. LDAP Sync

Attributes: * mail LDAP 3. DirectoryURI is used as * msRTCSIP-PrimaryUserAddress the JID for the user 2. IM&P Sync of Unified CM DirectoryURI

company.com msRTCSIP-PrimaryUserAddress LDAP msRTCSIP-PrimaryUserAddress [email protected] [email protected]

Jabber Both Jabber and Skype for Business SfB have full XMPP contact search SIP

SIP Static Route SfB Unified CM IM & Presence Front End

true mail

Jabber-config.xml file LDAP Mapping Advanced Presence Settings in MUST match LDAP & IM&P In UC Manager select the required IM&P Server config Schema configuration mapping for the Directory URI field. The JID schema configuration is Note: Config settings is mapped to Directory URI. SipURI in Jabber! Default option is msRTCSIP-PrimaryUserAddress Changing this setting will Configuration required for regenerate ALL User JID & LDAP & UDS Contact lists ALL three configuration steps must be completed

New Configuration GUI for ALL Jabber configuration:

• Replaces requirement to create “jabber-config.xml”

• Automatically publishes config to TFTP servers User Group based Jabber Configurations are supported

Define Jabber Assign Service Assign to Configuration Profile User

When planning a Jabber deployment, domain configuration can be confusing.

Server Domains User Address Domains

Voice/Video Domain (SIP) Service “Discovery Domain” Presence Domain (XMPP)

UC Manager DNS domain Email Domain (SMTP) Expressway DNS domain Directory Domain (i.e. AD)

Jabber connection flow

DNS SRV

Search for Services

Find DNS SRV for service

User must input an address: • It usually matches email address in order to provide unique user’s identity (user@domain). Use of email addresses is a best practice, not a requirement • can be auto-populated taking hint from AD UPN or configuration (jabber config file) TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Quick guide to Jabber domains….

Jabber connection flow

DNS SRV

Search for Connect to SSO User Service Services Infrastructure Discovery Authentication Registration

Find DNS SRV Get FQDN from Check if CUCM Authenticate using Learn XMPP and for service DNS and connect using SSO CUCM userid SIP Domains NO “@DOMAIN” May match DNS, Tipically AD or SMTP but SamAccountName not required Can be LDAP Sync

Web based creation of Jabber configuration (replaces XML files) Jabber configuration automatically published to TFTP service Group based configuration using service profile

Services Domain

UPN from AD can be used to seed Service_domain search

Enhanced Diagnostics tool provides support for contact sources testing

Ctrl-Shift-D - Show Diagnostics Ctrl-Shift-C - Show Contacts tool

Skype for Business clients have local Address Book (pushed by SfB servers). Skype for Business Address Book are synced with AD overnight.

Jabber relies on a Contact Source to get contact details. The buddy list holds the JID for each contact. It doesn’t hold other attributes such as full name and communication addresses like telephone, email, SIP URI etc. Cisco UDS (i.e. used when Jabber clients are over MRA) relies on CUCM Directory. That’s why syncing CUCM Directory with AD/LDAP is key.

Always used for cloud Option for on premise Used for Expressway for deployments. deployment Cisco IM&P Users (Active Directory, OpenLDAP) Data administered in Service provided by UC OrgAdmin Tool or by user Richest data manager based on End User information updates Jabber queries LDAP server Can be imported using directly Use needs to be factored into UCM cluster scaling OrgAdmin tool Service profile can be used for basic configuration Can’t be combined with Can be used in combination with LDAP other contact sources Jabber-config file is used for CS when on premise more complex / custom configuration

Local Outlook / Lotus contact sources also exist

Jabber for Windows only Expanding the list of sources for the user to importing contacts Import from: Microsoft Outlook Contacts, Google Contacts, IBM Notes Support vCards and CSV files Will automatically add a group name if not provided by the user

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46 How to search new Jabber users from Skype AD attribute must be populated for any new Jabber User (i.e. new hire) created during the migration and never enabled before on Skype for Business. This will make these users searchable from Skype for Business.

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 47 Buddy Lists and Outlook integration Full Contact Search available to each end-user regardless of whether they exist on Cisco or Microsoft Jabber users search for “msRTCSIP-primaryuseraddress” attribute and use that as IM contact address. (NOTE: requires configuration) Presence and Click-to-Call Integration Calendar Integration (i.e. “in a meeting” status) Adding “Custom Contacts” is not supported. Contacts should be added via Directory lookup / Company Contacts Lack of Temporary Subscription support affects both Contact Search and Outlook integration (see following slides)

When searching for a user “not in my buddy list” in SfB client, predictive search will show all federated Jabber contacts as Presence Unknown. A possible workaround is to add all Jabber federated contacts to the buddy list A fix is currently under investigation for a subsequent 12.5SU

When searching for a user “not in my buddy list” in Jabber predictive search will show the actual Presence Status. This is currently Feature Preview, proper support is planned for a subsequent 12.5SU

On Premise Enterprise groups allows users to search for and add a group of users to their contact list based on AD distribution groups Groups are dynamically updated based on group membership changes

Require LDAP sync on UC Directory Group feature must Manager 11.0 to sync Users be enabled on IM & Presence and Groups from LDAP Server. 11.0 server

sync sync

Administrator creates distribution group in Active Active UC IM & Directory Manager Directory (or existing group) Presence Server

Automatic configuration of IM&P settings

Skype for Business commands generated on the fly Commands are “copy&paste” ready for the SfB Management Shell

Links to correct documentation for out of band steps

User does not need to search through docs to find the correct section

Temporary Presence Subscription (Bidirectional Fix planned) Open Federation (Under investigation for Expressway 12.6 – Subject to Change) Mixed Group Chat - not available Persistent Chat migration – existent chats can’t be migrated Voice Mail migration – existent VM messages can’t be migrated File Transfer – not available between Skype for Business and Jabber Desktop Sharing and Desktop Remote Control not available from IM sessions unless using Webex (details to follow) NOTE: Exchange UM Integration breaks Partitioned Intradomain Federation. Traffic is intercepted by Exchange and the static route on the Front End is never hit.

• Customer Scenario

• Solution Prerequisites

• IM&P integration

• Voice/Video Integration

• Middle Server

• Users Migration

• B2B Federations

• Summary

• Future Direction

Video Audio Web Recording and Interoperability Customization conferencing conferencing conferencing streaming

Personal meetings: • Invite others to your personal meeting using your personal or team spaces Scheduled meetings: • Leverage Cisco TelePresence Management Suite • Scheduling using Outlook, HTML Smart Scheduler, by helpdesk, or booking API for custom applications • One Button to Push (OBTP) with Cisco video endpoints to easily join meetings • OBTP with Skype for Business scheduling via Outlook Ad hoc with Cisco UCM • Easily escalate your 1:1 calls to include more people

Virtual Meeting Room CMA All Participants Dial the Immersive space Address Endpoints Users can have multiple Spaces Lync/SfB Users Devices join a space and Desktop System get the best experience

Audio/Video/Content

WebRTC access Telepresenc Jabber e Endpoints User

Other Vendor Guest Users phone Endpoints via WebRTC

Enable anyone to create and join meetings with the Cisco® Meeting App: • Fully participate with the benefit of exceptional video quality from any location on any device • Easily invite guests to join on Windows, Mac OS, Apple iOS, and for browsers using WebRTC • Control your experience with • Layout controls • Mute audio and video • Add/Remove participants • Meeting Lock/Unlock • Select who to view as important • Recording and Streaming controls • Wireless content sharing with 30fps • Meeting Control Only (no media)

Jabber Versus CMA/WebRTC Strategy

Single App for UC and • Updated UX Jabber Meetings • CMS meeting controls 12.5

WebRTC Meeting • Self serve user portal Join • Create Spaces • Manage Spaces Backlog CY19* Web User Portal • Host / guest PINs • Default layout

*Subject to change

TMS CMM • Scheduling • White glove tool • Endpoint Management (Meeting Manager)

Schedule meetings using Monitor and manage ongoing TMS. OBTP to endpoints. meetings using Meeting Management.

Cisco Meeting Server

TMS CMM • Scheduling • White glove tool • Endpoint Management (Meeting Manager) Recording

Analytics

Schedule meetings using Monitor and manage ongoing TMS. OBTP to endpoints. meetings using Meeting Management Management.

Cisco Meeting Server

TMS CMM

CMS CMS CMA Core Edge

WebRTC

B2B Endpoints (SIP/H323) CUCM EXP-C EXP-E Internet

3rd Party / Cisco Mobile Endpoints SIP Endpoints (MRA) H323 (SIP/H323) XMPP WebRtc

1. Gateway: Allows Point to Point calling between Room Endpoints and Skype for Business users 2. Spaces: Room Endpoints and Skype for Business users all connect on Cisco Meeting Server Virtual Meeting Rooms 3. Dual Homed Conferencing: Room Endpoints Meet on Cisco Meeting Server with an connection to Skype for Business meetings as full-featured participants

• Video Codec:  H.264UC-SVC  RTVideo • Bi-directional RDP Transcoding for Content Sharing * • Multi-party conferencing (Microsoft CCCP protocol support) • Drag and Drop escalation from SfB client • Scheduled conferences using SfB plugin (including O365) • Participant list integration

*VBSS not supported today but it’s a roadmap item – planned for CY19 NOTE: Support for Skype for Business 2019 is currently targeted for April 2019 – Subject to change

I can ONLY call a SIP URI… if ( (SIP URI) match one of SfB User) then route locally

elseif ( (SIP URI) and (destination == remote domain) ) /* SIP Trunk Routing

Only one possible Front End Interoperability routing behavior for SfB Pool “Gateway“ outgoing calls.

CUCM Interoperability SfB Pool “Gateway“ BFCP VBSS/RDP

SIP SIP SIP SIP

• Cisco uses BFCP for Content Sharing • Microsoft uses VBSS/RDP for Content Sharing • A transcoding service is needed to interoperate correctly  Bi-Directional RDP transcoding is supported today for both on-prem & cloud Cisco solutions  VBSS support is a roadmap item, but with no committed timeline yet

CMS Call CUCM Bridge *@company.lab

*@company.lab

SIP Microsoft SIP [email protected] H264 AVC H264 UC-SVC or RTV

Lync Server . Media always flows through the CMS Call Bridge . Bi-directional RDP/BFCP Transcoding for Content Sharing

[email protected] . Expressway-C not in the path because Video Only . As best practices one may use different SIP Domains to avoid loops

• For each shared Video Device a contact can be created in AD, mapping the AD attribute to the endpoint’s Sip URI

• Lync/SfB users will be able to search Video Endpoint, add them to the buddy list and call them when needed

• Note: Presence is available but reflects only partially the real Endpoint’s status

• Native Experience is preserved for each endpoint • Best Audio/Video quality for each Cisco Endpoint endpoint is provided (up to HD, Experience 30 fps)

SfB Clients Experience

• Users share the way they are familiar:

Cisco Endpoint • SfB users select desktop Experience share or app share • Cisco video users can leverage wireless sharing (Proximity) or plug in the cable • Dual Streams supported in both directions

SfB Clients Experience

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84 Integration Type 2 – Spaces Dial-in Call Routing – How it works for calls to CMS Spaces [email protected] CUCM *@space.company.lab CMS Call Bridge

TMS

TMS-XE Lync Server SIP Microsoft SIP H264 AVC • CMS acts as full MCU here, with Enhanced Video Layouts H264 UC-SVC or RTV • Bi-directional RDP/BFCP Transcoding for Content Sharing • Space’s “Presence” published into Lync/SfB clients

Scheduled Conferences (including OBTP)  Users can schedule a meeting by using:

o TMS Smart Scheduler web GUI

o TMS Administrator Interface

o Outlook Calendar & TMS-XE integration  Lync/SfB users join the meeting clicking on the hyperlink in the Calendar invite Personal Space (always on, permanent address)

 Host can send his Personal Space’s address in the calendar invite

o Lync/SfB Attendee will copy the meeting address (URI) into the Client

 Personal Spaces could also be listed into the Lync/SfB Address Book

Send invite Invite participants & Rooms (Video Endpoints)

Click on the “Video” Address to cross-launch SfB Client

Join info updated in original invite Any calendar client for O365 & Google

Cisco Meeting • OWA & Mobile etc • Optional Windows Outlook Add-in @Meet Popular join options • OBTP on-prem and cloud registered • Click to Join (WebRTC, SfB, Jabber) • Dial In Enables future migration to cloud

Requires TMS15.7 and Expressway-C with Webex Calendar Connector Webex Cloud Room systems get big green join Hybrid Calendar Services button Users are imported to Common Identity and have calendar service Calendar Customers On-Premises enabled Connector App on Expressway-C Coexists with existing TMS TMS B-API CMS scheduling Cluster(s) Existing TMS scheduling

OBTP as today User Experience – in Meeting (Video Layout) Flexible in Meeting Layouts Same Layout for SIP/H323 Endpoints, CMA & WebRTC clients, Microsoft Lync&SfB clients Layout Families

Active Overlay onePlusN Equal NxN Speaker

onePlusN and Equal layouts dynamically scale as more participants join

Possibility to pre-configure the initial Layout and/or change it on the fly using DTMF/Active- onePlus5 onePlus7 onePlus8 Control (see next slides)

Equal 2x2 Equal 3x3 Equal 4x4 Equal 5x5

• Dual Homed Conferencing is an optimal solution for coexistence. Users can schedule their meetings through Outlook and the SfB Plug-in inviting Cisco clients and devices. This still requires a brief user training (i.e. how to join a DH meeting; how to book endpoints and resources in addition to users; etc).

• Migrations are about customers «moving away» from the Microsoft user experience while Dual Homing would «preserve» it. Scheduling meetings after the migration requires a different process (i.e. @meet). That’s why we often see customers promoting the new experience since the beginning in order to facilitate the adoption of the new solution and avoiding to train users twice.

Targeted for customers using SfB as their primary meeting tool Users schedule meetings using the SfB Outlook plug-in (no change to current work flow) SfB clients have a click-to-join link Join Meeting using OBTP from Cisco video endpoints Dial IVR + Conference ID from any Audio or Video endpoint It requires the Dial-In feature activated and configured on the Lync/SfB Pool

SIP ...is «41238» a Lync/SfB Conference ID? Microsoft SIP H264 AVC CUCM [email protected] H264 UC-SVC or RTV CMS Call Bridge

TMS A/V MCU Query & Connection

[email protected]

TMS-XE Lync Server + A/V MCU

• TMS-XE will generate the OBTP Sip address with format: “Conference_ID@Video_Domain” • Conference_ID is the one provided by the Microsoft A/V MCU • “Video Domain” can be the same used for Video Endpoint and 41238 CMS Spaces or a dedicated one

CMS dual-home enables • Room users to enjoy the benefits of Cisco’s large screens, and Cisco Endpoint better use of real estate to see Experience everyone in the meeting, while enabling integration with SfB clients • SfB users can still join a meeting and keep their native clients experience

SfB Clients Experience

• Users share the way they are familiar: • SfB users select desktop share Cisco Endpoint or app share Experience • Cisco video users can leverage wireless sharing or plug in the cable • Bi-directional RDP/BFCP Transcoding for Content Sharing

SfB Clients Experience

• SfB participants not able to support high resolutions could have a negative impact on the quality of experience for other SfB participants capable of 720p

• In the past CMS was sending only the lower resolution negotiated with AVMCU

• CMS sends now (CMS 2.4+) a high and a low resolution stream for each participant to SfB AVMCU.

• Participants capable of 720p streams do not lose resolution when participants sending lower resolutions are in the call

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 98 TURN Server Considerations and thoughts Lync/SfB Remote Access support - Background Lync Pool SIP Microsoft SIP media (Direct) media (TURN Tunnel)

Lync Edge Server CMS Call Bridge

Internet CUCM

• Lync/SfB clients can register to the Lync Pool from Internet, through Microsoft Edge • Local Firewalls and Multiple NAT are quite common scenario to deal with • How will be A/V media streams able to traverse all these obstacles?

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 100 Lync/SfB Remote Access support – Why do we need TURN? Lync Pool SIP Microsoft SIP media (Direct) media (TURN Tunnel) TURN Server TURN client

Lync Edge Server CMS Call Bridge

Internet CUCM

ICE - Interactive Connectivity Establishment (RFC 5245), TURN and STUN are the answer Lync/SfB Edge provides TURN Service to CMS (TURN client) CMS advertises the Lync Edge’s external IP address as «media» candidate into the SDP Expr-C/Exp-E (Firewall Traversal chain) are not involved in the TURN connection Follow the official Microsoft guideline for firewall configuration Multiple media paths, depending on ICE negotiation, are possible (see next slide for an example)

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 101 Lync/SfB Remote Access support – Media Flow Example Lync Pool SIP Microsoft SIP media (Direct) media (TURN Tunnel) TURN TURN client Server TURN client

Lync Edge Server CMS Call Bridge

Internet CUCM

In this example the A/V media is flowing through: 1. Lync client <-> TURN Server on the Lync Edge (Encapsulated) 2. TURN Server on the Lync Edge <> Loopback (Direct) 3. TURN server on the Lync Edge <-> CMS (Encapsulated) 4. CMS <-> Video Endpoint (Direct)

Lync/SfB Edge provides TURN Service to CMS (TURN client) Insert the «Lync/SfB’s Front End Pool address» in the Server address field (NOT the Lync/SfB Edge...) Lync/SfB «Service» Users are needed to register CMS to the Front End Pool and ask for TURN access right Each Service User will be able to allocate 12 concurrent A/V sessions on the TURN servers  Create multiple users on the Lync/SfB side to scale more  Specify the number of users created in the «Number of registrations» field  Users’s name must follow a pre-defined structure

Webex Meetings

Webex Teams Jabber Simple schedule & join

One Meeting Video / mobile first experience Experience SIP & H.323 Powered by Webex registered devices Webex devices Efficient management

Innovations

Skype for Business

• Supports Office 365, Skype for Business Server 2015, Lync 2010 and Lync 2013 Server • Delivers native two-way audio, video, and content sharing * • Enables SfB users to start meeting as host and join before host • New option to insert the Microsoft specific dial-in SIP address in the calendar invite **

* Bi-Directional content sharing (RDP Transcoding) released in December 2018

** Link to Webex knowledge base article https://cisco-support.webex.com/guest/articles/en_US/Usability_FAQs/WBX000024630/

SfB Pool SIP Microsoft SIP @lync.Webex.com

SfB Edge

Webex Platform

@*.Webex.com

CUCM EXP-C EXP-E

Each solution must use his own Firewall Traversal technology to join the CMR Cloud session: • Microsoft - route domain lync.Webex.com through the Lync Edge (as federated domain) • Cisco - route domains *.Webex.com through the Expressway C/E

WebEx

Note – this requires the Webex Productity Tools

Multiple «actions» available as commands for the Bot

Simple Webex Commands to share meeting URLs within Microsoft Team’s Channels (based on Bot)

Clicking on the hyperlink will cross-launch the Webex Meeting client

• Extend the native UI with an additional Webex icon • Possibility to share your Webex PMR address or any other Webex Meeting URLs

Webex Meeting Tab provides these capabilities: • Start a Meeting inside your Personal Meeting Room • Join any scheduled Meeting • Schedule a Meeting without switching to other clients or contexts

Credit for content used in this section – Tobias Neumann, BRKCOL2610 (Microsoft IM/P and Ent. Voice Interoperability) Microsoft “Enterprise Voice” Call Routing

User has multiple options to initiate a call depending on: • License purchased • Called party • Depending on dialing habit

Different results • When dialing either SIP URI or phone number of SfB user (reverse number lookup), a “Skype to Skype” call is initiated • If a number is called and the called party is NOT a SfB user - call routed via mediation server (Enterprise Voice Routing) • If an Audio/Video call is initiated and the called SIP URI is not another SfB user – call routed via SIP routing logic (SIP static route)

no media bypass Lync Client Front End Med. Server Cisco UCM

RTaudio G.711 no media bypass, no G.711 on IP-PBX Lync Client Front End Med. Server Cisco UCM IOS Transcoder

RTaudio G.711 G.729/iLBC Flows show the SIP signaling and media paths in a SIP-trunk interoperability scenario Mediation Server only supports G.711, requires additional transcoding resources if any other codec is used by devices connected through SIP-trunk

http://www.cisco.com/c/en/us/solutions/enterprise/interoperability-portal/networking_solutions_products_genericcontent0900aecd805b561d.html

Front End Med. Server Cisco UCM Before Migration 1XXX Ext. 1001 Ext. 1000 Before migration Cisco UCM will not find ext. 1001 locally and will route the call toward the Mediation Server

Front End Med. Server Cisco UCM After Migration Ext. 1001 Ext. 1000 After migration Cisco UCM will find ext. 1001 locally and will not route the call toward the Mediation Server

Ext. 1001

Ext. 1001 Front End Med. Server Cisco UCM Before Migration 881XXX Ext. 881001 Ext. 1000 Before migration Cisco UCM will extend the call toward the Mediation Server using SNR

Front End Med. Server Cisco UCM After Migration Ext. 881001 Ext. 1000 After migration Cisco UCM will not extend the call toward the Mediation Server because the SNR will be disabled for ext. 1001

Ext. 1001 (now shared line)

There are multiple solutions for interoperability and in some cases also various scenarios to implement

Expressway Lync Gateway is still a supported solution, but CMS is the leading solution going forward

Choose the best scenario to implement considering your environment (i.e. Cloud Vs CMS on-prem) and the expected User Experience

Supported capabilities using Jabber terminology: • Video Desktop share (BFCP)  Supported using RDP<->BFCP Transcoding • IM desktop share with remote control (RDP based)  Not supported due to different implementations on Cisco & Microsoft side • Escalation to Cisco Webex  Supported  It provides Remote Desktop Control, application share, whiteboard annotation

• Customer Scenario

• Solution Prerequisites

• IM&P integration

• Voice/Video Integration

• Middle Server

• Users Migration

• B2B Federations

• Summary

• Future Direction

Skype for Business would route all the Payloads for a domain to a single destination. In order to route different Payloads to the appropriate Back End, we need a middle server able to analyze, recognize and route traffic accordingly. Cisco provides two possible “Middle Server” solutions. Both based on Expressway-C

SIP Broker Traffic Classification Expressway-C

@company.com CUCM Expressway-C Lync Gateway A/V @company.com CUCM SfB Pool A/V CUCM IM/P SfB Pool CUCM IM/P CMS Call Bridge Legacy Solution – not developed anymore Target Solution

In order to support more than 10 Skype for Business participants in a single Dual Homed Conference you must adjust the «SIP max size» setting on Expressway: • Configuration->Protocols->SIP • Range is 1 to 1048576. Default is 32768 (approx 10 users) • This configuration will affect the SIP buffer for any communication. Not only MSFT interop

For your reference: 40 users (in the same conference) will require approx 128kb of buffer

SIPXMPP

SfB Front End CUCM

IM&P ) 4 CUCM

IMXMPP( invite Expressway-C Traffic Classification

SIP invite Video (3&4) Video Transcoding [email protected] [email protected] CMS Call Bridge SfB FE will have a static route pointing to Expressway-C Traffic Flows are symmetric in both directions © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Expressway Traffic Classification–Jabber to SfB

XMPPSIP

SfB Front End CUCM

IM&P ) 1 CUCM

IMXMPP( invite Expressway-C Traffic Classification

SIP invite Video (3&4) Video Transcoding [email protected] [email protected] CMS Call Bridge

1 2 3 4 5

Search Rules consider FIVE parameters to determine a destination zone (target): Protocol (i.e. SIP/H.323) Source zone (i.e. a trunk) Authentication (yes/no) Pattern string (i.e. destination domain) SIP Variant (key element for Microsoft Interop Federations) TIP: Always specify Source Zones to avoid loops and make troubleshooting easier

4 1 2 4 3

Skype user [email protected] calls a user already migrated to Jabber, [email protected] (Expressway-C process Search Rules in priority order) 1. Call comes from “SfB” zone 2. It matches the CUCM domain 3. It’s recognized as “Microsoft AV&Share” SIP Variant 4. Rule number 1 perfectly matches: call is then targeted to CMS zone

2 1

4 5 Exp-c.company.com 6

CMS dialplan is based on outbound, incoming calls handling and call forwarding. Outbound means “calls leaving CMS”. Incoming means “calls targeting CMS”. In order to allow calls from SfB to CUCM via Expressway we need: 1) A forwarding dial rule rule 2) matching the CUCM domain(s) 3) An outbound dial rule 4) matching the CUCM domain(s) 5) pointing traffic back to Expressway-C or our Call Control platform (i.e. CUCM) 6) as Standard SIP (this will force the transcoding of a MSFT call to Standard SIP)

4 1 2 4 3

CMS will generate a new call leg. Now transcoded to Standards-based Video. 1. Call comes from “CMS” zone 2. It matches the CUCM domain (still) 3. It’s recognized as “Standards-based” SIP Variant 4. Rule number 2 perfectly matches: call is then targeted to CUCM zone

4 1 2 4 3

Jabber user [email protected] sends an IM to a colleague still using SfB, [email protected] (Expressway-C process Search Rules in priority order) 1. SIP SIMPLE message comes from “IMP Server” zone 2. It matches the SfB domain 3. It’s recognized as “Microsoft SIP IM&P” SIP Variant 4. Rule number 4 perfectly matches: call is then targeted to SfB zone

Endpoints XMPP/SIP: company.com CUCM Cluster The focus of this section is: • SIP trunks between CUCM, CMS and the

CUCM Expressway-C used for Traffic Classification CUCM IM&P • The Call Routing between them

TURN Server In case of multiple Expressway-C the CUCM Route list & Route Group structure should be used as best practice Internet

Expressway-E Cisco Meeting Server Expressway-C NOTE: There isn’t a single best practice for all the deployment models. For example: • If Spaces are indentified by numeric aliases or specific Endpoints subdomain(s) you could potentially route them directly SFB FE Pool from CUCM to CMS (best practice) • If the majority of your endpoints is registered to CUCM SFB Edge you may want to route the CUCM domain directly from CMS to CUCM

SIP: company.com

• Caller identity has the format “UserID@Sip_Domain” (Ex. [email protected])

• Policy on the CUCM<->Expressway trunk definition to specify info sent as Caller Identity • Default: “DN only…” (send only extension number assigned to the device)

• Recommended: “Deliver URI and DN…” (send both Primary Directory URI & DN)

• Caller identity should have format “UserID@Sip_Domain” (Ex. [email protected]) • Policy on CUCM<->VCS trunk SIP Profile to specify Sip_Domain format • Default: «not flagged» (send IP address of CUCM as “domain” – like [email protected])

• Recommended: «flagged» (send alphanumeric string as “domain”)

CUCM

CMS Expressway-C

SFB FE Pool

CUCM

CMS Expressway-C

SFB FE Pool

• “Directory URI” field can be defined on end-user page

• “Directory URI” field can also be synced from an AD/LDAP directory

• If the Primary extension of the user is set, the Directory URI value is automatically assigned to the DN as Primary URI

2 3

Auto-generated directory URI are in partition “Directory URI” “Directory URI” partition is predefined and can not be changed/deleted To be reachable this partition needs to be member of calling identity’s CSS An already existing partition can be defined as alias for “Directory URI” partition  URIs in Directory URI partition can be reached by all CSS which have the alias partition Good candidate: already existing DN partition

Endpoints XMPP/SIP: company.com CUCM Cluster Bidirectional Symmetric call flow

CUCM CUCM IM&P

Internet

Expressway-E Cisco Meeting Server Expressway-C

Endpoint SFB FE Pool s

SFB Edge Standard SIP Microsoft SIP SIP: company.com XMPP MS SIP SIMPLE

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 147 Wizard and “Middle Server” Manual Configuration needed Current Release of the IM&P Server Partitioned Intradomain Federation Wizard doesn’t take “middle server” into consideration. It configures the IM&P Server to speak directly with the SfB Front End. This requires us to add some manual configuration.

Manual Configuration: - Expressway Traffic Classification must be trusted in the INCOMING ACL

Manual Configuration:

- Expressway C must be trusted in the INCOMING ACL

- Expressway C must be added as TLS PEER SUBJECT

Manual Configuration:

- Expressway C must be trusted in the INCOMING ACL

- Expressway C must be added as TLS PEER SUBJECT

- Expressway C must be selected in the TLS PEER CONTEXT

Manual Configuration:

- Expressway C must be trusted in the INCOMING ACL

- Expressway C must be added as TLS PEER SUBJECT

- Expressway C must be selected in the TLS PEER CONTEXT Now we’ll have to edit the Static Route added by the Federation Wizard. - Expressway-C must be the next hop for the SfB domain.

Explyncgwd01.companyd.lab

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 159 Licensing for Intracompany Federations Licensing for Intracompany federations – major changes On Expressway: • Intracompany federations via CMS don’t consume RMS licenses*. This is key when you deploy CMS+Expressway topologies such as: CUCM<->CMS<->Exp-C<->Front End

On CMS:  Every Point-to-Point call will consume 1/6 of an SMP  Every Meeting will consume 1SMP (both Spaces and Dual Homed Conferences)

*due to a known bug Expressway X8.11 and X12.5 consume RMSs. A fix is planned for X12.5.2 (targeted for April – Subject to change). In the meantime you can obtain free temporary licenses contacting your Cisco account team.

• Customer Scenario

• Solution Prerequisites

• IM&P integration

• Voice/Video Integration

• Middle Server

• Users Migration

• B2B Federations

• Summary

• Future Direction

Coexistence is now in place. As we said at the beginning “Once you have implemented the interop solution you are ready to migrate users’’: Run the ‘’migration utilities’’ tools to disable and delete users accounts from SfB Create the Jabber devices and import the contact lists

Recap: You first implement the coexistence (interoperability) and then you migrate.

Migration Utility tool is run on the Front-End server. Will connect remotely to all of the other servers in the deployment. It shows progress bars/counters for each stage of the migration Error handling / reporting has been greatly improved Validation of user accounts, before they get migrated: • Validates that accounts exist and are enabled in Active Directory • Validates that accounts exist and are enabled on the LCS/OCS/Lync/SfB server

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 165 Users Migration – CUCM 12.5 Overview • Added validation at every step of the process • Does not let the admin continue without validating previous stages • Contextual tool tip help guides the admin through the process

NOTE: Skype for Business validation in progress. Targeted for 12.5SU1

Once SfB users have been disabled and deleted from the Microsoft backend we need to enable them for Jabber on the CUCM side:

1. Create users if not already existing in the CUCM database [BAT or manual]

2. Enable users for CUCM IM and Presence service [BAT or manual]

3. Create the Jabber CSF device(s) for each of them [BAT or manual]

4. Create the Phones device(s) for each of them [BAT or manual]

5. Assign each device to the right «owner» user [BAT or manual]

6. Import the SfB buddy lists into the CUCM IM/P database [BAT]

This section covers the new User Experience provided by Jabber. It will show how the user experience they had with, SfB before the migration, is now provided with Jabber.

• Customer Scenario

• Solution Prerequisites

• IM&P integration

• Voice/Video Integration

• Middle Server

• Users Migration

• B2B Federations

• Summary

• Future Direction

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 170 B2B Federations: Migration Phase B2B IM&P federations – Migration Phase Existing SfB B2B Federations (i.e. with O365 business partners) can be “extended” to the Jabber users • IM&P and A/V Federations are supported via Traffic Classification

Supported Features • Point to point IM&P chat only (no mixed groupchat) • Typing indicators • Basic Emoticons • Presence

NOTE: SIP IM&P Open Federation is not supported (Backlog item) therefore SIP B2B Domains must be statically routed to Expressway-C.

SIP Trunk

Business Partner

Internet Standard Endpoints CMS Expressway-C Expressway-E SIP: company.com

Business Partner Standard SIP Microsoft SIP XMPP MS SIP SIMPLE

SFB FE Pool SFB Edge SFB CLIENTS MS SIP: company.com Skype Client Both IM&P and AV federations are supported with symmetric flow Lync Client Public SRV records share the same domain for different Services

• Microsoft SIP Federations require an SRV targeting _sipfederationtls._tcp.company.com

• Standard SIP Federations require two SRV records _sip._tcp.company.com; _sips._tcp.company.com

Therefore there are NO overlapping SIP SRV Records between our Cisco solution and any Microsoft Skype for Business environment

Confusion comes from an SRV record used by OCS R1 (more than 10 years ago) for _sip._tcp. - for external TCP connections. This SRV record may be present in your customer environment but it’s not needed anymore and they can remove it. Microsoft documentation is pretty clear about that.

All users have now been migrated to Jabber and Skype for Business has been decomissioned

Endpoints XMPP/SIP: company.com Business partners using Standard or Microsoft CUCM Cluster clients can join your conferences, call your users or chat with them via B2B Federations

CUCM CUCM IM&P  _sipfederationtls._tcp.company.com SRV record must be moved to Expressway-E TURN Server Business Partner/MRA Internet

Standard Endpoints Expressway-E CMS Expressway-C

XMPP/SIP: company.com Business Partner

SfB Clients

Similarly to what we do with H.323/SIP calls we can’t know upfront if a destination address is “Microsoft flavor” or “Standard SIP”, we must try both. Interoperability and interworking rely on “fallback mechanisms”. When a user places a call, Expressway searches for SIP/H.323/MSFT-SIP (plus various tcp/tls/udp transport protocols) Typically we try Standard SIP/H.323 at first and, if it’s not found, we continue by involving CMS for transcoding. Starting with X8.9+ Expressway-E DNS Enhanced zone is now able to lookup for the Microsoft SRV Record (_sipfederationtls._tcp.company.com) when SIP Variant is recognized as “Microsoft SIP” NOTE: CMS is required for MS B2B Video Federations. Expressway Lync Gateway CAN’T provide B2B Federations.

1. [email protected] places a call to [email protected] 2. Expressway-E performs a lookup for _sips._tcp.partner.com and all the subsequent relevant SIP and H.323 records. User or domain are not found. 3. Next search rule in dial plan involves CMS for transcoding 4. CMS generates a Microsoft SIP call leg Endpoints XMPP/SIP: company.com 5. Expressway-E, according to the call SIP VARIANT, performs a CUCM Cluster lookup for _sipfederationtls._tcp.partner.com Domain is now found. [email protected] 6. Amy’s Skype for Business client rings. CUCM

Business Partner/MRA _sips._tcp.partner.com Internet _sip.tcp.partner.com

Standard Endpoints _h323xs._tcp.partner.com Expressway-E Cisco Meeting Server Expressway-C

Business Partner _sipfederationtls._tcp.partner.com Standard SIP Microsoft SIP Amy@partnercom FOUND

Standard SIP Microsoft SIP Endpoints XMPP/SIP: company.com XMPP CUCM Cluster MS SIP SIMPLE

CUCM CUCM IM&P

TURN Server Business Partner/MRA Internet

Standard Endpoints Expressway-E CMS Expressway-C

Business Partner

XMPP/SIP: company.com SfB Clients

A basic B2B interop federation scenario requires at least 6 Search Rules on Expressway-C: • 3 Search Rules for Video - 2 Outbound; 1 Inbound • 3 Search Rules for IM&P – 1 Outbound; 2 Inbound

A basic B2B interop federation scenario requires no specific Search Rules on Expressway-E. Rules can match “any” SIP Variant. Satisfying Standard AND Microsoft traffic routing at the same time. However, in order to make configurations “clean” and “easy to manage”, one could create rules based on specific SIP Variants. I.e. Standards-based; Microsoft Video; Microsoft IM&P

1 3 2

Cisco User John calls a Business Partner: [email protected] (Skype for Business)

1. John’s device is registered to CUCM. CUCM sends SIP invite to Expressway-C 2. Expressway-C recognizes this as “Standards-based” SIP Variant 3. According to the 5 parameters (protocol; source; authentication, pattern string and SIP Variant) a “Target Zone” is determined. Call is then routed to Expressway-E

Expressway-E

5 5 5 5 6 4

4. Expressway-E recognizes the call as “Standards-based” SIP Variant 5. According to the call parameters a “Target Zone” is determined 6. The call is routed to the DNZ Zone

Expressway-E will then lookup for “Standard SRV records” (i.e. _sips._tcp.federateddomain.com) It won’t find the destination user/domain returning a “404 – Not Found” back to the Expressway-C.

7 7 9 8

11 10

7. Expressway-C will match the next relevant rule (in priority order) 8. Traffic is still classified as “Standards-based” 9. As sort of “fallback mechanism” we now hit a Search Rule involving CMS for transcoding 10. CMS generates a new call leg, now transcoded to Microsoft AV&Share traffic. 11. According to the call parameters a “Target Zone” is determined Call is now routed to Expressway-E as “Microsoft AV&Share

13 13 13 13 14 12

12.Expressway-E recognizes the call as “Microsoft AV&Share” SIP Variant 13.According to the call parameters a “Target Zone” is determined 14.The call is routed to the DNZ Zone

Expressway-E will now lookup for the “Microsoft SRV Record” (i.e. _sipfederationtls._tcp.federateddomain.com) [email protected] is found.

Standard SIP Microsoft SIP Endpoints XMPP/SIP: company.com XMPP CUCM Cluster MS SIP SIMPLE

CUCM CUCM IM&P

TURN Server Business Partner/MRA Internet

Standard Endpoints Expressway-E Cisco Meeting Server Expressway-C

Business Partner

XMPP/SIP: company.com SfB Clients

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 186 SRV (among others): _h323xs._tcp.company.com - B2B Standard Federations B2B Architecture for MS Interop _sip._tcp.company.com - B2B Standard Federations _sips._tcp.company.com - B2B Standard Federations SRV and combined features _xmpp-server._tcp.company.com - XMPP Federations _collab-edge._tls.company.com – MRA _xmpp-client._ tcp.example.com – CMA registration XMPP/SIP: company.com Endpoints _sipfederationtls._tcp.company.com - MSFT Interop CUCM Cluster

CUCM CUCM IM&P

TURN Server Business Partner/MRA Internet

Standard Endpoints Cisco Meeting Server Expressway-C Expressway-E

Business Partner

Lync/SfB Clients A single pair of Expressway-C/E can provide all federation, calling and registration services

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 187 DNS Records and Certificates Certificate Requirements If the Expressway-E is not clustered: Subject Common Name = Primary FQDN of Expressway-E Subject Alternate Names = Primary FQDN of Expressway-E; all additional aliases* If the Expressway is clustered, with individual certificates per Expressway: Subject Common Name = Primary FQDN of Expressway-E Subject Alternate Names = Primary FQDN of Expressway; FQDN of cluster; all additional aliases*

*Due to Microsoft requirements Exp-E FQDN (A-record) must be part of the SIP domain(s) namespace You’ll need an alias for EVERY SIP domain. All these aliases must be listed in the SAN. (i.e. expressway-e.sipdomain.com; expressway-e.sipdomain2.com; etc)

Primary FQDN

FQDN of Expressway-E

FQDN of Expressway-E cluster

Primary FQDN DNS:expe1.milan.ciscolabs.com Additional FQDN alias

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 190 B2B IM&P federations – post migration Microsoft IM&P B2B Federations via Expressway are supported from CUCM IM&P Server 11.5.1SU2 Both O365 and Skype for Business on prem federations are supported SIP IM&P Open Federation is not supported (improvement planned for X12.6*). Therefore SIP Domains must be statically routed to Expressway-C.

Supported Features • Point to point IM&P chat only (no mixed groupchat) • Typing indicators • Basic Emoticons • Presence

If Microsoft XMPP Gateway was deployed (unlikely) existing SRV records must be moved to Expressway-E (i.e. _xmpp-server._tcp.company.com)

*Subject to change

Every B2B call consumes 1 RMS on Expressway-E node Audio only calls and Audio/Video calls consume 1 RMS each VCS Control & VCS Expressway still consume Traversal call licenses CMS needs SMP/PMP licenses. Every GW’ed call consumes 1/6 of an SMP.

GENERAL RULE: All B2B calls are handled the same way. We don’t care if it is Audio/Video/Standard/Microsoft: It’s 1 RMS for each call.

In B2B scenarios all the hard work is done by CMS. So, no need for Microsoft Interop Option Key on Expressway/VCS. Expressway/VCS just do call routing and possibly, interworking (i.e. H323/SIP; encryption on-behalf of)

IM&P traffic doesn’t consume call licenses. It doesn’t require any specific license at all.

• Customer Scenario

• Solution Prerequisites

• IM&P integration

• Voice/Video Integration

• Middle Server

• Users Migration

• B2B Federations

• Summary

• Future Direction

Endpoints XMPP/SIP: company.com CUCM Cluster

CUCM CUCM IM&P

WebRTC

TURN Server Business Partner/MRA Internet

Standard Endpoints Cisco Meeting Server Expressway-C Expressway-E

Business Partner

SfB Clients XMPP/SIP: company.com

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 195 Post Migration considerations All users have now been migrated to Jabber. Intracompany calls between clients and endpoints now use standard protocols. No need for interop constraints anymore. Business partners using Lync/SfB/O365 can join your conferences, call your users or chat with them. All B2B Federations are now provided by Expressway + CMS: • Standard SIP/H323 Audio and Video Federations • XMPP IM&P Federations • MS SIP Audio, Video and IM&P Federations Adding a CMS to the architecture brings other features like: • Personal Rooms (Spaces) • WebRTC support • CMA Client / Jabber meeting controls

• Customer Scenario

• Solution Prerequisites

• IM&P integration

• Voice/Video Integration

• Middle Server

• Users Migration

• B2B Federations

• Summary

• Future Direction

Microsoft Teams Office 365 Interoperability for Dual Homed Conferencing scenario (QuickJoin) High Frame Rate Content Sharing (VBSS) Microsoft Office 365 Hybrid scenarios Webex Teams Interoperability (chat, P2P calls, etc…) IM&P Open Federation and Temporary Subscription support Microsoft Video Interoperability Certification

Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the speaker after the session How 1 Find this session in the Cisco Events Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space cs.co/ciscolivebot#TECCOL-2225

• Please complete your Online Session Survey after each session

• Complete 4 Session Surveys & the Overall Conference Survey (available from Thursday) to receive your Cisco Live T- shirt

• All surveys can be completed via the Cisco Events Mobile App or the Communication Stations

Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at ciscolive.cisco.com

Related Demos in Walk-in Meet the sessions the Cisco self-paced engineer Showcase labs 1:1 meetings

Appendix 1

Integration Workflow Integration Workflow - Considerations

Before approaching the actual migration process we should make sure that some assumptions are met: A. CUCM and CUCM IM&P Server environment is up and running.

B. Jabber clients can call and message each other. C. Video environment is up and running. TP Endpoints and phones on CUCM (if any) can call endpoints on VCS/Expressway (if any) and vice versa.

D. SfB existing environment is perfectly working and: • There’s no Exchange UM integration • There’s no O365 Hybrid setup in place (AKA: SfB environment is 100% on-prem)

Integration with Traffic Classification IM&P Server: • Routing Mode choice • Directory URI (Flexible JID) • Contact Sources • Partitioned Intradomain Federation Wizard • Manual changes for Expressway-C Traffic Classification SfB Server: • Trustedapplication(s) (Expressway-C) • Trustedapplicationpool(s) (Expressway-C)

• TLSRoute pointing to Expressway-C

Integration with Traffic Classification - continue Expressway-C • Zones (i.e. trunk to CUCM) • Search rules CMS Setup • Dial Plan configuration • Turn Server configuration (Expressway-E)

COEXISTENCE IS DONE. INTEROP SHOULD BE WORKING

Migration Utilities

SIP Broker SIP Broker Vs Expressway Traffic Classification

SIP Broker is a “legacy solution”: • Still available and supported but not developed anymore. • A sort of “light interop solution” for customers who can’t deploy CMS.

Expressway Traffic Classification + CMS is our target architecture for Business to Business and Intracompany Federations going forward.

SIP Broker is an Expressway feature first available with X8.8. It’s needed in order to make Lync/SfB and Jabber fully interoperable, with Voice/Video AND IM&P.

It’s embedded in the Expressway/VCS B2BUA service and requires the Microsoft Interoperability Option Key

SIP Broker receives traffic (intracompany) coming from the Lync/SfB Front Ends SIP Broker splits traffic according to the MessageType advertised in the SIP header: • Messages are sent to CUCM IM&P Server • Audio and Video calls are sent to CUCM

IM&P Integration Basic Routing Mode

Basic Routing is the default routing mode for Partitioned Intradomain federation and is the preferred option today IM and Presence Service routes a request to SfB if the request recipient is within any of the domains in the IM and Presence Service cluster but is not a licensed IM and Presence Service user For recipients who are not provisioned on either the IM and Presence Service or a Microsoft server, any such request that is forwarded to the Microsoft server is in turn returned by the Microsoft server to IM and Presence Service. IM and Presence Service has built-in loop detection to reject any requests that loop back from the Microsoft server in this manner

[email protected] [email protected]

IM to Check if user [email protected] [email protected] m Is licensed on IM&P

User Bob is not licensed on IM&P. Route to Lync Check if user [email protected] Is licensed on Lync

User Bob is on Lync, route IM to Lync

When Advanced Routing is enabled, IM and Presence Service routes the request to the Microsoft server when both of the following conditions are met: • The request recipient is within one of the IM and Presence Service domains but is not a licensed IM and Presence Service user • The request recipient has a valid Microsoft Lync/SfB or Microsoft Office Communicator SIP address stored in the IM and Presence Service database Ensures less traffic between CUCM IM/P and Lync/SfB in deployments in which there are a large number of unprovisioned contacts (users with no Lync/SfB or Jabber account) The list of users synchronized from Active Directory must include all Microsoft Lync/SfB users. This does add an additional storage overhead on the CUCM IM/P cluster Advanced Routing is supported only when you have a single-cluster IM and Presence Service deployment. When more than one IM and Presence Service cluster is deployed, you must use the default basic routing method.

[email protected] [email protected]

IM to Check if user [email protected] [email protected] m Is licensed on IM&P User Bob is not licensed on IM&P.

Check if user [email protected] m Is licensed on Lync User Bob is licensed on Check if user Lync. Route to Lync [email protected] Is licensed on Lync

User Bob is on Lync, route IM to Lync

[email protected] [email protected]

IM to [email protected]

Check if user Alice is enabled for Lync

User Alice is not on Lync, route to IM&P Check if user [email protected] is licensed on IM&P

User Alice is licensed on IM&P, route IM to Jabber

Lync and Skype for Business only support one routing mode. They route any “not enabled” user to IM&P Server. IM&P Server is able to handle routing loops.

Change to IM Schema must be performed on as flash cut on ALL clusters at the same time.. CUCM CUCM IM&P Jabber Client

Change LDAP Stop IM&P Change Update “jabber- Restart Upgrade all settings Services Presence config” IM&P clients (and re-sync if all nodes/all IM/JID file on ALL Services required) clusters Schema clusters

All clients must Select sync attribute Stop Presence Change IM Create/Update Start Presence be upgraded to for Directory URI Engine, SIP Proxy, address jabber-config.xml Engine, SIP Proxy, Jabber 10.6 or field XCP router, Address file on each tftp XCP router, Sync later in LDAP directory Sync agent and scheme to use server/cluster agent and client settings client profile Directory URI supporting profile agent. in UC Manger. agent. jabber-clients

Classic UDS Operation UDS Proxy Operation

Search performed Search forwarded to AD / LDAP Server against CUCM end LDAP v3 user database Can search beyond LDAP 160,000 limit Maximum contacts Provides same attributes possible 160,000 as classic UDS operation Jabber 11.7 Support HTTPS HTTPS

Warning: Using UDS does lower device capacity of CUCM

• New menu LDAP> LDAP Search

• Directory type and Username attribute taken from LDAP sync directory

• Server address defined as UC service as used by service profiles

• DirectoryURI mappable for flexibleJID/Multi-domain

• Feature is available for on premise deployments

• Administrator must enable the feature (Jabber-config.xml setting)

• Maximum Roster size remains at 1000 contacts (default size)

• Group contacts count is subtracted from overall roster size

• LDAP(EDI/BDI) and UDS searching supported (predictive with LDAP only)

• Presence only displayed for groups with 100 or less users

• User warned if roster limit exceed at login

Post Migration User Experience User Experience and Features Multi-Party Voice & Video Conferencing

• Call into scheduled meeting • Single click escalation from a group chat conversion to a video conference (Ad-Hoc Meeting). • Drag & Drop escalation to a conference • On Premise conferencing resources requested to UC manager • Cisco Cloud collaboration meeting rooms (CMR)

• Shares your Windows/Mac Desktop • Video Desktop share (BFCP) • Jabber Desktop/mobile clients • Telepresence endpoints • Video bridges • IM desktop share with remote control and multi-party (Windows only) • Escalation to Cisco WebEx provides a further platform for desktop sharing.

• Stream live meetings to large audiences and record to access later • Automatically push recordings from NFS to VBrick with defined owner who is notified so they can edit/distribute • Easily access live stream using third-party video portal, such as Vbrick Rev

Jabber provides a rich integration with the Microsoft Office suite (2013/16) Microsoft Office Contact card with presence and click to call capability Search personal contacts in Microsoft Outlook Save Chat History to Outlook folder Presence/Contact integration with Microsoft SharePoint

Cisco has been working with Microsoft to add include a presence API in office 2016 Mac. Jabber for Mac users now have presence and communication launch from office contact card

• Show Presence • Start Chat Session Office 2016 • Make Voice/Video Calls V15.33 and later

... And customers using Office 365 Outlook Web access can also launch Jabber Chat and calls… Start Chat Chat icon can now launch Jabber Make a Call Click telephone numbers to call

No presence in OWA

Continue to use Jabber away from Office • VPN-less Connectivity for Jabber clients with Cisco Mobile & Remote Access (MRA) • Auto detects when to use MRA • Uses Cisco Expressway for Chat, Voice and video services.

• User can request an alert when a contact becomes available • Feature activated using right click menu and selecting “Alert when available” • When contact becomes available a notification is shown on users screen until acknowledged • Once notified, alert will be reset

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 229 New on Jabber for Windows Publish my Location • User can assign a Location name, address for each network location* detected by Jabber to show contacts where they are working.

• Feature can be disabled by both admin and user. User can choose which locations to publish

• Most recent active client will be the published location *Network location - Each unique subnet & Default gateway Mac address pair. Multiple network locations can be assigned to a single Location name

Jabber provides protocol handlers to allow conversation launch from browsers and other applications. Protocol handlers provides to launch chat, group chat, voice/video and voice/video conferencing.

Example: xmpp:[email protected] sip:[email protected]

• CallKit is a new framework in iOS 10 that allows VoIP apps like Jabber to integrate tightly with the native Phone UI

• Key features • Answer Jabber calls without unlocking screen • Make calls with Jabber from the native Contacts • Call back to contacts with Jabber in the native Recents • Call waiting between Jabber VoIP call and cellular call

• Persistent Chat Rooms are available for on-premise deployments • P-Chat rooms are available for desktop clients only today • P-Chat rooms require an external database (PostgreSQL, Oracle, or Microsoft SQL Server) • You don’t need to add a database to every node in every cluster/clusters • P-Chat rooms only support MFT for file transfer

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 233 Single Sign-on Update SSO makes the login experience simple • Jabber SSO using SAML 2.0 provides a streamlined login experience

Web Form Kerberos Strong Basic authentication Kerberos uses ticket Alternative factor using issued at login time to hardware tokens etc authenticate UC services

TECCOL-2225 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 234 Single Sign-on Update SSO makes the login experience simple • Jabber SSO using SAML 2.0 provides a streamlined login experience

Web Form Kerberos Strong Basic authentication Kerberos uses ticket Alternative factor using issued at login time to hardware tokens etc authenticate UC services

• Basic logging (Message Archiver) Compliance

Verba/Actiance OR

MSG NOT delivered Until confirmation of logging.

• Example: Compliance PLUS Ethical Wall • Alice Adams is not allowed to communicate with Bob Banks

or Policy Rules

Message logged AND communication policy checked

• Jabber 11.9 delivers on the Phase 2 of APNS support

• Delivered in combination with UC Manager release 11.5SU3

• Provides Push notification for incoming voice calls when Jabber in background/not running.

• Complements IM/Chat Push notifications delivered in Jabber 11.8MR

Jabber iOS customers should plan to migrate to push model before June 2018

IM&P / UC Manager Node IM&P / Messenger Messenger Platform Platform UC Manager Node

SIP XMPP HTTPS

Cisco Collaboration Apple APNs Keep Alive Incoming Chat Notification/ Jabber call Jabber Jabber Process JABBER in Process JABBER in FOREGROUND BACKGROUND