TECCOL-2982
Unified Collaboration Architecture Greg Schalmo – Senior Technical Solutions Architect Justin Jordan – Technical Solutions Architect Dennis Fogler– Senior Systems Engineering Manager Wes Wiley – Technical Solutions Architect Agenda • Introduction
• Preferred Architecture
• Identity and Collaboration Tools
• Premise Architecture
• Hybrid Architecture
• Cloud Architecture
• Licensing
• Customer Care
• Conclusions and Q&A
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Preferred Architectures What are Cisco Preferred Architectures?
• 30-40 page Documents
• Prescriptive design guidance
• Modular and scalable Design Base for Any Customer
What products to use to enable users for Unified Communications for simple deployments? Prescriptive Concise Tested best recommendations Documents practices
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Existing Documentation
• Cisco Validated Design Guides (CVDs) • Two types of CVDs: • Technology Guides • Solution Guides
• Solution Reference Network Design (SRND) • 1,200 page comprehensive document covering network, endpoints, and all UC applications. Focus on design considerations and guidelines.
• Product Configuration and Deployment Guides • Step by step instructions for deploying specific products or solutions. Updated with each software release.
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 How are the Architectures Organized?
Collaboration Sub-Systems
Applications
Mobile/Teleworker Call Control Internet Collab Edge
MPLS WAN Conferencing Remote Site
Endpoints PSTN / ISDN
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Cisco Preferred Architectures
• Cisco Preferred Architecture for Enterprise Collaboration
• Cisco Preferred Architecture for Mid-Market Collaboration
• Cisco Preferred Architecture for Mid-Market Voice
• Cisco Preferred Architecture for Video
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Where can I get them?
• Official URL:
• http://www.cisco.com/go/cvd/collaboration
• Shortcut:
• http://cs.co/pa4collab
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Identity One Source To Rule Them All Common Identity Overview
Access Provisioning Entitlements Secure Attribute Management (Manual, Directory Sync, (Enable & Disable Service Exchange SCIM, SAML JIT) for user, group or tenant) (Authentication & Authorization)
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 • Existing identity stores/syncs Current Identity Challenge • Existing contact stores • Existing contact/directory interfaces • Existing WebEx SSO mechanisms
CLIENTS • Existing UC SSO mechanisms • Existing authz token mechanisms
GUI/ HTTP/ EDI/LDAP SAML UDS GUI/ GUI/ XMPP SOAP/ SOAP XMPP TUI HTTP
SAML WEBEX SERVICES UC SERVICES
SAML TMS OpenAM API
IDENTITY IDENTITY MANAGEMENT .csv MANAGEMENT
FTP UNIFIED LDAP CAS/NMTG Prime API
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 What Does All This Mean? Identity Matters! • Cisco Collaboration Solutions are not owners of identity, they are consumers • Not multi-domain capable for all protocols and rolls, IM vs. SIP vs. Messaging • No password change or enforcement capabilities
• An Email address or UPN are the only fields that can be used for a UserID across the portfolio, although you can sync with this field it can cause other design changes if you are trying to deploy more than one role in the portfolio
• Single Sign-On and Edge solutions require unique left hand ID’s ([email protected]) across the entire portfolio that match in all systems if you want to use all of the auto provisioning and placement tools
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 Identity Considerations Why the concern • Communications Manager is capable of ingesting multiple domains, but can only point to two authentication source • All domains should be consolidated into a single digest system for authentication
• Communications Manager has a character limit on the domain field (255 characters) • May require multiple cluster depending on number and length of domains
• For multiple domain situations, Communications Manager 10.5.2 or later is required for Flexible JID
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Identity Breakdown
Mobile Workers Teleworkers LDAP Domain = sales.cisco.com = (right hand) B2B TDM or • Account = bob.smith = (left hand) CMR IP PBX • Email = [email protected] • PSTN Email Addresses can change Consumers Or • Department Transfers - sales engineering IP PSTN • Name Changes (marriage or by choice) Third Branch • If we use email address as the userID it Parties Office requires IT to delete and recreate a user in Cloud Analog all of the connected applications and tools if Services Devices any change happens
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Three Components of an Identity System • Account • An individual’s identifier: should be globally unique • Typically, this does not change • For example, Employee ID or User ID • Authentication • Mechanism used to identify the user is who they say they are • Can be based on any attribute supported by the directory vendor or the Identity Management System (IdMS) • Examples: • Active Directory supports authentication using SAM Account, UPN, or user logon name • IdMS can support SAM Account, Employee ID, Email, etc. • Authorization • A users ability, or permission, to access resources or services
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Identity Best Practices
• All users have a single TOP LEVEL Identifier that does not change • All other attributes are defined as variables under the user account on the IDP • Account or Logon – globally unique left hand • Telephone Number – 10 or 11 digit, E.164, or + Number ID • Email Address – derived from Acct and mail domain • IM Address – derived from Acct and IM domain • SIP Address – derived from Acct and video domain
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Identity Workflow Agency Microsoft Domains and Services IDENTITY MANAGEMENT ITS, TAX, ETC Top Level Domain (NY.GOV) Cloud Services
Standard Attributes Collaboration Tools Contained in Identity (NY.GOV) • ID – Emp ID or GUID • SaMAcct • Telephone # • SIP Address • IM Address • Email Address End User Applications Non Microsoft
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 One Name to Rule Them All Know The Rules • If you want SSO to work across the board
• Globally unique left hand user-id should be used (there can be only one bob!)
• Use a SAMLv2 IdP for all your local and cloud systems (Oasis Standard)
• Ensure all data is in your IdP, and ensure that it is correct • Unique left hand • Telephone Numbers (E.164 or + Number format recommended) • Proper Group Access and Assignment
• IdP must be accessible locally as well as from the internet
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Premise Architecture Agenda • Call Control and Core Services
• Messaging
• Conferencing
• Applications
• Network Considerations
• Remote Access
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 Cisco Collaboration Architecture
Cisco® Cisco Webex Service Collaboration Message | Meeting | Call Cloud
Cisco Hybrid
Cisco Collaboration Edge Architecture Cisco On-Premises and Unified Customer Partner-Hosted HCS Conferencing Communications Care Boardroom
End to End Security
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Call Control and Core Services Call Control Architecture and Deployment Models: Simplification • Recommendation: Centralized Call Processing Model (Single Call Processing Cluster)
• Full-Mesh Distributed Call Processing Deployment Model (Multiple Call Processing clusters) may be required. This model is based on multiple iterations of the Centralized Call Processing Deployment Model
IM&P UCM IM&P UCM IM&P UCM
Branch1 Branch2 Branch1 Branch2 Branch1 Branch2
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 Call Control Benefits • Single call control for voice, video, IM&P
• Collaboration-friendly dial plan which makes easy to add video to voice, IM&P to voice and video • Simplified deployment model, design, dial-plan, video, IM&P integration, sizing, etc.
• Modular architectural approach which enables better scalability
• Add additional services avoiding re-configuration costs
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 Single Cluster or Multi Cluster When and why to consider • Multiple Domains • Because many of the systems are not multi-domain capable for all functions and not all customers can deploy an IdP or consolidate domains
• Risk Averse Lines of Business • If you have critical business services that cause you to not upgrade on normal schedules because of fear of change or business impact
• International or High Latency Links • Any time latency between sites exceeds recommended deployment guidelines for real time communications or database replication
• Alpha clusters for user acceptance and testing – HIGHLY RECOMENDED
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 Reasons for Deploying a SME Cluster Functions that a SME Cluster Offer • Centralized Dial Plan • Mobility Features • Globalize and Normalize the called and • Offer Single Number Reach calling numbers used by al leaf systems functionality to devices on 3rd Party • Mange overlapping number ranges in UC systems Leaf systems • Offer Extend and Connect • Configure “find me” call routing using functionality to devices on 3rd Party Route List and Route Groups UC systems • Re-route calls via PSTN when the device cannot be reached via IP path • Normalization Scripting • PSTN trunk consolidation and dynamic • Allow you to modify inbound and re-routing outbound SIP message and SDP body content – simplifying interoperability with 3rd party UC systems
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 What is a Session Management Edition Cluster
• A CUCM cluster and a SME cluster use exactly the same software
• A CUCM cluster is typically used to register phones
• A SME cluster is typically used as a platform for Trunk and Dial Plan aggregation
• Both CUCM and SME support Voice, Video, and Encrypted calls
CUBE CUBE CUBE H323 Trunk MGCP Trunk SIP Trunk
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 Features to Utilize in a SME Cluster Design
• Extension Mobility Cross Cluster (EMCC) • Inter-Cluster Lookup Service (ILS) • Public Space Phones • Allows CUCM to learn about remote clusters without the need for an administrator to • Contact Center Agents manually configure connections between each • Hoteling cluster • TFTP (proxy TFTP Server) • ILS URI Replication feature enables ILS to exchange directory URI catalogs with the other • Allows all endpoints to point to a single TFTP clusters in an ILS network. URI Replication server and be redirected to the correct “home provides support for intercluster URI dialing server” for config and registration • RSVP Agent • PSTN Access • Allows local vs. home cluster media resources • PSTN Access for all cross cluster members for EMCC devices
• Location Bandwidth Manager (LBM) • Allows for full-mesh replication of their cluster topology
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 Communications Manager Architecture The center of the collaboration experience • All current and capable shipping endpoints register to CUCM • Soft-clients, Personal Endpoints, and Room Systems register here!
• Single SIP domain (cluster wide setting)
• CUCM is first and always is a directory number based system
• Always use FQDN • Put Hostnames, DNS servers, and Domains on systems when upgrading or installing • Install certificates on all internal and public facing systems (use a trusted CA, not self-signed or internal CA) • Turn ON Encryption on all UC infrastructure!!
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30 Premise Architecture with Video Registration Prime IP Phones UC Manager 11.X and Beyond (Combined Voice & Telepresence) Jabber Win, Expressway-C Expressway-E Mac, iOS and Android Internet
DX Series
SX and MX Any Endpoint Series DX/MX/SXJabber Win, Series Mac, iOS and IX Series Android TMS Lync
VCS Control PSTN Cisco Meeting Server
IP PSTN
• Multiparty bridging for audio and video, for all types of . More exciting new endpoints! conferences now consolidated under Conductor with SIP – DX series endpoints provide all of the “phone” features with CE TMS for scheduling and meeting management code H.323 – SVC/AVC and H.265 support in single-scree endpoints SCCP, MGCP, • Best Effort Early Offer and bridges ISDN • Full provisioning of TC and CE endpoint device-specific parameters
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Dial Plan Numbering Plan • Use +E.164 or + Numbering as DN Addressing – Benefit: compliance with the Jabber phone numbers in the contact list • Use 8 + 7 digit dialplan for inter-site calling – Benefit: use a normalized approach for inter-site calls • Use XXXX for intra-site – Benefit: allow for intra-site abbreviated dialing for intra-site • Implement translation patterns/transformation patterns for abbreviated dialing and maintain caller ID consistency • SIP URI alias for all endpoints and users • Non-DID offices will be addressed by using 8 + 7 digit dial plan • ILS and GDPR in multi-cluster deployments or 3rd party integration
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32 TP Calling Search Space (CSS) Inheritance “split personality” Translation Patterns • NormalizationCSSs translation patternsPartitions use the activatingRoute Lists CSS forRoute secondary Groups
lookup DN SJCInternational All IP Phone DNs (+E.164)
UStoE164 9011.!, Urgent, Pre-Dot, Prefix + 9011.!#, Urgent, Pre-Dot, Prefix + 9.1[2-9]XX[2-9]XXXXXX, XYZ RG Pre-Dot, Prefix +
PSTNInternational USPSTNNational Local Route LOC RL Group
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 TP CSS Inheritance “split personality” Translation Patterns CSSs Route Lists Route Groups • Normalization translation patternsPartitions use the activating CSS for secondary lookup DN SJCInternational All IP Phone DNs (+E.164) • A secondary lookup CSS following the activating CSS allows for re-use of
normalization UStoE164 9011.!, Urgent, Pre-Dot, Prefix + 9011.!#, Urgent, Pre-Dot, Prefix + 9.1[2-9]XX[2-9]XXXXXX, XYZ RG Pre-Dot, Prefix +
PSTNInternational SJCNational Local USPSTNNational Route LOC RL Group
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 TP CSS Inheritance “CSS Inheritance” forces digit analysis to go back to the activating CSS after CSSs Partitions Route Lists Route Groups •performing“split personality” the calling/called Translation party Patterns transformations defined on the translation pattern DN SJCInternational All IP Phone DNs (+E.164) Translation Pattern using CSS inheritance: secondary lookup uses activating CSS UStoE164 9011.!, Urgent, Pre-Dot, Prefix + Translation Patterns can be re-used 9011.!#, Urgent, Pre-Dot, Prefix + 9.1[2-9]XX[2-9]XXXXXX, Pre-Dot, Prefix + XYZ RG
SJCNational PSTNInternational USPSTNNational Local Route LOC RL Group
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 CSS Inheritance Configuration
• New translation pattern attribute (“Use Originator's Calling Search Space”)
CSS is empty!
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 Effect of CSS Inheritance
• W/o CSS Inheritance: dialing • W/ CSS Inheritance: dialing normalization patterns per CoS normalization re-used (and site)
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 Numbering Plan and Alias Cautions and Caveats • CUCM is a DN based system, even if you configure an alias • An alias is just an alias to a DN, you cant have one without the other • All DNs are converted to alias as well – Users can dial a SIP alias of [email protected] or [email protected] ([email protected]) • Alias and DNs can be published or restricted to ILS • Plan for scale with your dial plan, a little planning goes a long way as new technology and systems are integrated
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 Conferencing Cisco Meeting Server Capabilities
Video Conferencing
Interoperabilit Audio y Conferencing
Web Customization Recording Conferencing
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 Everyone is invited – audio, video, web
Enjoy One Consistent Meeting Experience From: . Standards-based video endpoint . Smartphone or laptop with Cisco Jabber . Browser with WebRTC . Cisco Meeting App for PC, Mac or mobile . Skype for Business
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 It’s Just a Meeting
Video Conferencing Audio Conferencing Web Conferencing
. Attend meetings on the move; . Feel as though you are really . Reduce complexity with a join from your browser as user or there with high quality video solution that integrates with your guest experiences existing dial plan . Fully participate with audio, . Make meetings more enjoyable . Give your users more flexibility video, content sharing, and with consistent experience on with: controls room, desktop, and mobile ‒ Multiple ways to join . No plug-in with WebRTC devices ‒ Customizable DTMF controls . Make the experience work for compatible browsers ‒ Interactive voice response (IVR) you with flexible layouts and . Maintain security with guest controls access PIN or user login
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 42 Meetings
. Virtual rooms for audio, video, and web . Unlimited spaces: as many as you want, for each project, and team . Always available . Follows your workflow . Connect with any device
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43 Personal, Scheduled or Ad-hoc Meetings
• Personal meetings: • Invite others to your personal meeting using your own join details • With Spaces – users are in control • Schedule meetings: • Leverage Cisco TelePresence Management Suite (including Microsoft Outlook integration) • One-Button-to-Push support • Ad hoc with UCM • Easily escalate your 1:1 calls to include more people
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 44 Meeting Scheduling
. Cisco TelePresence Management (TMS) Suite . Scheduling using Outlook, HTML Smart Scheduler, by helpdesk, or booking API . One Button to Push (OBTP) with Cisco video endpoints to easily join meetings . OBTP with Skype for Business Outlook plug- in with Meeting Server Dual Home solution . Co-exist with TelePresence Server & MCU
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 45 Meeting Recording
Recording Indicator . Record your meetings for later viewing . Integrated Record button, or automatic recording on meeting start, or triggered via DTMF; administrator defined . Store on Network File System (NFS) . MP4 file format . Direct Integration with VBrick REV for portal playback, speech to text, and other playback options.
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46 Cisco Meeting App/WebRTC
Cisco is Ending support of the Meeting app for Dekstop, IOS, and Android. • With the inclusion of WebRTC across most standard Web Browsers- Safari, Firefox, Chrome and Edge, WebRTC is the move forward plans for Mobile and Desktop Meeting support with Audio and Video. • WebRTC is now the Preferred and long term model for support on Mobile and Desktop Devices.
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 47 Layout Controls Meet the way you want Coming to Jabber Flexible In Meeting layouts Customizable Branding
Layout Families
Active Speaker Overlay onePlusN Equal NxN onePlusN and Equal layouts dynamically scale as more participants join
Customize • Backdrop image onePlus5 onePlus7 onePlus7 • On screen text • Audio Prompts
Equal 2x2 Equal 3x3 Equal 4x4 Equal 5x5 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48 Flexible Layouts Choose the Best Layout family for your Device
Active Speaker Overlay
Equal: 2x2, 3x3, 4x4, 5x5 onePlusN: N=5, 7 or 9
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 Skype for Business Integration
Key Features: . Seamlessly connects Skype for Business with other video systems . Skype video, audio, and content sharing . NEW - Schedule conferences from S4B with OBTP* . Bidirectional content sharing (RDP) . Direct Federation (including O365) . Integration Modes . Gateway, Spaces, Dual Home
* Requires TMS and Dual Home configuration TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 Skype for Business Integration Types
. Gateway: Allows calling between room endpoints and Lync/Skype for Business
. Spaces: Room endpoints and Lync/Skype for Business users all connect on Cisco Meeting Server for best experience & content sharing
. Dual Home Conferencing: Room endpoints connect on Meeting Server with connection to Lync/Skype for Business meetings as full- featured participants (video, audio, & content)
. Direct federation with Office 365
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51 Meeting Server hosts Skype for Business
Dial Conference Dial Conference Address Address LYNC LYNC
Cisco Meeting Server Lync/Skype Skype for Front End Business
Standards Based Video Systems Lync/Skype Clients
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 52 Dual Home Conferencing
. For Customers using Skype for Business as primary IM, video & voice PC client
. Users schedule meetings using Outlook no change to current work flow for everyone
. Dual Home Conferencing: Room endpoints connect on Meeting Server with connection to Lync/Skype for Business meetings as full-featured participants (video, audio, & content)
. OBTP from Cisco endpoints into meeting
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 53 Dual Home Conferencing
OBTP to Conference ID Dual Home Connection Click to Join LYNC LYNC
Video Systems Cisco Meeting Server Lync Server AVMCU Skype for Business
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 Dual Home Experience Highlights
. Initiate every meeting using the Skype for Business . Users are seen both on video endpoint or Skype for B. Outlook plug-in without change in process . Shared roster . Join using OBTP or via IVR from video or audio only . Meeting Server can send both RTV and H.264 SVC endpoints streams to the AVMCU
Cisco Endpoints Skype for Business
Dual Home Connection
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 55 API for Powerful Customization
. Cisco Meeting Server provides a powerful (RESTful) API to enable customers to integrate and customize the meeting experience . Use the API to customize: - Server branding - WebRTC experience - Dialing rules - DTMF for meeting controls - Creation of outbound SIP calls to users - Advanced Meeting Scenarios
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 56 Cisco Meeting Server – Investment Protection: Migration paths to Multiparty Licensing
Migrate From Cisco Meeting Server
CUWL Pro (with Personal Multiparty) CUWL Meetings (with Personal Shared Multiparty Multiparty Plus)/ Shared Multiparty Plus
TelePresence Server Screen Licenses Shared Multiparty Plus MCU Port Licenses
Acano Capacity Units / Perpetual User Personal / Shared Multiparty Plus
TP Multiparty EA Multiparty Add-on
• Migrations require current support contract & purchase of new contract • See migration guide for specific for details on SKUs, pricing etc
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 57 Scale Meetings to Include Everyone
. Key Features: ‒ Preserve the user experience as meetings scale seamlessly across servers in different locations ‒ Each user is connected to their local server; bandwidth is optimized between servers ‒ Servers can be deployed in redundant configurations . Key Benefits: ‒ Provide all users with their own virtual meeting space ‒ Optimal user experience and simplified management of meetings ‒ Video bandwidth savings ‒ Enhanced resilience
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 58 Resilience, Scale, Geographical Distribution, and Pooled Licensing
APAC North Features America . Co-location redundancy CMS CMS
. Different location redundancy CMS CMS . Up to 8 call bridge servers per cluster
APAC1 APAC2 NA1 NA2 NA3 NA4
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 59 Resilience, Scale, Geographical Distribution, and Pooled Licensing
APAC North EMEA Features 1.5 Mbps x 1 America 1.5 Mbps x 1 Max 4 PIP Max 4 PIP . Ability to add servers with increased CMS CMS CMS meeting usage CMS CMS CMS . Multiparty Licensing allows for deploying as many servers as needed . Resource management APAC1 APAC2 NA1 NA2 NA3 NA4 EMEA1 EMEA2 EMEA3 1.5 Mbps x 2 1.5 Mbps x 4 1.5 Mbps x 3 . Efficient bandwidth utilization in meetings across sites
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 60 Resilience, Scale, Geographical Distribution, and Pooled Licensing
APAC North EMEA Features 1.5 Mbps x 1 America 1.5 Mbps x 1 Max 4 PIP Max 4 PIP . Server resource geographical CMS CMS CMS
distribution CMS CMS CMS . Preservation of meeting experience while saving WAN bandwidth
. Flexible license management across APAC1 APAC2 NA1 NA2 NA3 NA4 EMEA1 EMEA2 EMEA3
all servers 1.5 Mbps x 2 1.5 Mbps x 4 1.5 Mbps x 3 [email protected]
NA1 EMEA3 NA2
APAC1 NA2 AMEA1 AMEA2 APAC1 NA2 AMEA1 AMEA2 APAC1 NA2 APAC2 NA4
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 61 4K Content Share
. Create a great presentation device . Share content wirelessly or by cable* . Use both screens of a dual-screen system to share and compare content when outside of a call
Supported on Room Kits only Note: 4K@30fps requires an HDMI 1.4 cable
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 62 Cisco Video Conferencing Management New generation Meeting Management
TMS Conference Control Center
. Integrated in TMS . MCU and TS only . Windows and Java based
Cisco Meeting Management
. Built on same platform as CMS . Future proof for adding more services . CMS only
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 63 Cisco Meeting Management 1.1
. Manage active Cisco Meeting Server meetings for white glove operator Executive Sample Meeting services . Future releases to include configuration services and CMS cluster dashboard . Simplify the deployment with easy to use tools . Use with Cisco TMS for scheduling and endpoint management . CMM is included with existing CMS licensing
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 64 Cisco Meeting Management Feature overview
Meeting Management In-conference controls • See list of active or recent meetings • Meeting details • Search by meeting title or individual • List of participants in a meeting participant • Change layout for all participants in a • Pin meeting at top of the list meeting • Access controls and see details for Cisco Meeting Server management individual participants • See connected Cisco Meeting Servers • View and download event log for a • Add and remove Call Bridge nodes or meeting clusters • Start and stop recording and streaming
Notifications and logs
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 65 Cisco Meeting Management Solution Architecture Single Meeting Management deployment
Single instance of Meeting Management can manage deployments from single Call Bridge to multiple Call Bridge Clusters
NTP servers synchronize Meeting Servers and Meeting Management instances
User access is authenticated via LDAP
External syslog server for system and audit logs
Meeting Manager does not require any specific configuration on UCM clusters or Expressway/VCS environment
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 66 Cisco Meeting Management and TMS
TMS CMM • Scheduling • White glove tool • Endpoint Management (Meeting Manager)
Schedule meetings using Monitor and manage ongoing TMS. OBTP to endpoints. meetings using Meeting Management.
NOTE: Information is not exchanged between Meeting Management and TMS in CMM 1.0. Planned for future release.
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 67 Applications Unity Connection and Messaging Interoperability
• LDAP user synchronization
• Single Inbox
• Partner-based Integrations • Google Mail, Domino, etc… • PIMG/TIMG Integrations
• VPIM Support
• Multiple phone systems supported simultaneously • Cisco UCM-SME allows for centralized deployment
• Rest-Based APIs allow for custom development
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 70 Security and Compliance
• Secure Messaging • No chance of forwarding a secure voice message • Securely streamed from Connection appliance (Message never leaves Connection)
• Secure Delete
• SE Linux enabled
• Disaster Recovery with Full data backup and restore
• Federal Information Processing Standards (FIPS) • Version 11.5(1) Incorporates FIPS Compliant Libraries
• Joint Interoperability Test Command (JITC) certification • Version 11.5 (1) JITC Certified and on APL
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 71 Unity Connection Scale
• Up to 20,000 users and 250 ports per server
• Active/Active Redundancy over LAN/MAN/WAN (up to 500 ports)
• 100,000 users across 20 digitally networked nodes
• VPIM Networking (100 locations, 100,000 users/contacts) • Blind addressing doesn’t count against contacts
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 72 Single Inbox - Design Considerations
Guaranteed bandwidth with no steady-state congestion: –For 50 voice messaging ports on each server—7 Mbps For more than 2000 users and/or more than 80 –For 100 voice messaging ports on each server—14 Mbps milliseconds of latency, see Design Guide. –For 150 voice messaging ports on each server—21 Mbps –For 200 voice messaging ports on each server—28 Mbps –For 250 voice messaging ports on each server—35 Mbps Exchange Network Exchange Unity Connection Mailbox Server Active/Active Cluster
Bandwidth/Latency CUCM Cluster
CUCM Cluster
WAN Main Office or Primary DC Branch Office or DR DC
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 73 Single Inbox - Design Considerations
Clustering over the WAN with Single Inbox Guaranteed bandwidth with no steady-state congestion: doubles the bandwidth requirements if –For 50 voice messaging ports on each server—14 Mbps Exchange is only accessible over the WAN –For 100 voice messaging ports on each server—28 Mbps connection –For 150 voice messaging ports on each server—42 Mbps –For 200 voice messaging ports on each server—56 Mbps –For 250 voice messaging ports on each server—70 Mbps Exchange Network Unity Connection Unity Connection 1/2 2/2
Bandwidth/Latency CUCM Cluster
CUCM Cluster
WAN Main Office or Primary DC Branch Office or DR DC
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 74 User Directory Synchronization/Authentication
• Synchronization with users in Active Directory 2008/2012/2016 11.5(1), 12.X Active/Active Cluster • No schema extensions necessary Server Pair • One-way synch of user data from LDAP (read only) • Distribution Lists and Contacts not supported
• Up to 20K users can be synchronized and authenticated Active Directory per server/cluster 2008/2012/2016 • Filters supported per synchronization agreement Stand-alone Server • Directory integrated users, standalone users, and CUCM AXL users can co-exist on Unity Connection server
• Standalone and AXL users can be converted to directory integrated users Active Directory 2008/2012/2016 • LDAP/AD Synchronization is NOT required
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 75 High Availability - Failure Unity Connection HA Pair Writeable DB Proxy to Primary
Up to 250 Ports Up to 250 Ports
Heartbeats
Database
Primary Secondary Messages
Security and Certificates
Up to 20,000 Users
Access to all User Interfaces (TUI, VUI, IMAP, Admin, etc…)
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 76 Integrations
• Supports Exchange 2016, 2010, 2007 and 2003
• Microsoft BPOS-D and Office 365 (8000 supported 11.5.(1))
• Google Mail via Donoma Software
• Domino integrations • Intelligent Notifications (Unity Connection 9.0 and later) • Donoma Unify (Partner Solution) • Esnatech CloudLink (Partner Solution)
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 77 Cisco Paging Server What is Cisco Paging Server?
• With every new CUCM and BE6000/7000 starting with 9.1, the Informacast Paging Software OVA is included with all shipments.
• Existing customers on CUCM 8.X and newer will be able to download Informacast Paging Features from the CCO access with a valid ESW Contract.
• ISO includes OVA for VM Deployment and production documentation as well.
• Fully supported as a Co-Resident virtual server alongside other Cisco approved voice applications.
• Limited functionality included in the basic licensing model. Advanced notification licensing can be purchased to un-lock the full features of Informacast.
• 60-Day trial of Advanced notification is available to determine if it’s a need for the environment.
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 79 What is the difference between Basic and Advanced?
• Basic Paging – Free Not Licensed
• Point to Point and Group Live Audio Paging to/from Cisco Phones
• Unlimited Group/Zones of endpoints as configured by admin
• Maximum of 50 endpoint devices per group
• Paging between sites is supported (Multicast over WAN)
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 80 What is the difference between Basic and Advanced?
• Advanced Notification- Optional and Licensed
• Pre-Recorded/Scheduled Broadcasts (bells, shift changes)
• Notification to Jabber (XMPP)
• Notification to Social Media
• Communication with mobile and remote users
• Triggered notification to/from other systems – M2M input/output (panic buttons, door locks, lights, etc.)
• Integration with existing overhead paging systems
• Text and Audio to Cisco IP Phones and other endpoints
• Broadcast to IP Speakers
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 81 What is the difference between Basic and Advanced?
• Advanced Notification- Additional Components
• Legacy paging integration with existing overhead paging systems
• 911/Emergency call monitoring/alerting/recording
• Weather and CAP Based Alerts
• Dynamically-triggered conference calls
• Notifications to desktop and Digital Signage
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 82 How does it work? Integration with CUCM
• Two methods of Page #1 Group communication – CTI and A Page #2 SIP Multicast Enabled Group B • Services required for backend connectivity – Virtualized Deployment Model- 1 VM per App SNMP and AXL Unity Paging UPM CCX IM&P VCS Plus other CXN Apps.. CUCM SIP Trunk • Phones require the or CTI Comm.
following features – HTTP AXL/ SNMP (web server) and RTP Multiple Apps can run co-res depending on virtualized server platform (BE6K, UC on (Multicast) UCS, etc.) Multicast Enabled Paging Originator
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 83 Advanced Notification
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84 On-Premise – IP Speakers Direct Support in Informacast • Speakers must be supported in Informacast • Manufacturers included Atlas Sound, Advanced Network Devices, Cyberdata, and Valcom, Algo.
• There are many styles/models of Speakers • Most are POE based, Single connection and require Class 3 Power over Ethernet • Some are One-Way, Some are Two-Way and some support dual registration with CUCM as a SIP endpoint for direct calling (Enhanced User connect license needed) • Outdoor, Indoor, Indoor with Display, Indoor with Display and Strobe, Ceiling Tile • More Information: IP Speaker Information
• Connect to existing Amplifiers with a Zone controller, which provides a line level output to existing over head speakers.
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 85 Additional, Including Off-Premise Notifications
• Singlewire Mobile notifications, subscription based
• Additional SMS and Phone dial out notifications via Cloud based options
• Notify users desktops, notify them via Jabber IM, or Webex
• Link to digital signage
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 86 Messaging Cisco Jabber -The Power to Collaborate
Rich, Real-time Collaboration with Cisco Jabber® Platform
All-in-one UC application Collaborate from any workspace . Presence and IM . PC, Mac, tablet, and smartphone . Voice, video, and voice messaging . On-premises and cloud . Desktop sharing and conferencing . Integration with 3rd party productivity tools
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 88 Jabber Chat Phone Mode Remote Access Multi-line Single Number Android Auto Bots SDK with Contacts Policy (MRA) Reach Support
Import Local UX Additional Biometric Jabber Softphone Outlook Calendar contacts (Mac) Enhancements Emoji Authentication for VDI integration (Mac)
Wireless Location Schedule Meeting HCS SNI New Device & New Headset Other Awareness (Windows) Support OS Support Support Enhancements
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 89 Cisco / Apple Partnership
• Jabber provides multiple features leveraging relationships with apple
Apple iOS10 Call-Kit Provides application integration API for calling functions
Apple iOS10 Siri-Kit Provides application integration API for voice control
Apple/Cisco Fast Lane Provides enhanced QoS functionality with Apple
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 90 Users Can Choose the Way They Connect Remotely Cisco AnyConnect VPN and Cisco Expressway
Cisco AnyConnect Cisco® Unified Communications Manager and . Layer 3 VPN solution Applications . Secures entire device and its contents Cisco . Allows users access to any AnyConnect® permitted applications and data VPN and/or… Cisco Expressway
. Session-based firewall traversal Cisco . Allows access to collaboration Expressway applications only through TLS . Personal data not routed through enterprise network
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 91 Configuration Update Service Discovery
• Users should never be prompted for configuration information!!!
• Service discovery allows Jabber to discover service configuration and operating location using DNS SRV records, Webex Cloud and UC Manager UDS services
Remember: CUP_LOGIN retired with Jabber 11.5
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 92 Configuration Update Understanding Domains….
When planning a Jabber deployment, domain configuration can be confusing. DNS Domains User Address Domains Service “Discovery Domain” Voice/Video Domain (SIP) Voice_Service “Discovery Domain” Presence Domain (XMPP)
UC Manager DNS domain Email Domain (SMTP) Expressway DNS domain Directory Domain (i.e. AD)
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 93 Expressway & Jabber Service Discovery
DNS SRV lookup _cisco- Inside firewall DMZ Outside firewall uds._tcp.example.com (Intranet) (Public Internet) ✗ Not Found
Collaboration DNS SRV lookup _collab- Services Public DNS edge._tls.example.com Unified CM Expressway Expressway expwyNYC.example.com C E ✓
TLS Handshake, trusted certificate verification HTTPS: get_edge_config?service_name=_cisco- uds&service_name=_cuplogin
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 94 Configuration Update Understanding Domains and Jabber
Services Domain
Edge Domain
UPN from AD can be used to seed Service_domain search
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Enhanced Diagnostics Tool
Enhanced Diagnostics tool now provides support for contact sources testing
Ctrl-Shift-D Show Diagnostics Ctrl-Shift-C Show Contacts tool
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 96 Diagnostics Tool for Mac
Configuration Diagnostics tool now available on Mac Client
Note: Contacts tool only available on windows
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 97 Jabber iOS APNs Support Minimum Software Requirements
IM/Chat APNs support Cisco Expressway (or Cisco VCS) X8.9.1 Available Unified CM & IM&P 11.5(1) SU2 Available Cisco Jabber for iPhone and iPad 11.8 MR Available
Voice APNs support Cisco Expressway (or Cisco VCS) X8.10.1 Available Unified CM 11.5(1) SU3 Available Cisco Jabber for iPhone and iPad 11.9 Available
Expressway Forward Proxy APNs support NEW Cisco Expressway (or Cisco VCS) X8.11 Targeting Q2 CY18 11.5(1) SU4 Available Unified CM & IM&P 12.5(1) Targeting 2H CY18
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 98 Prime Collaboration and Telepresence Management Suite Cisco Prime Collaboration
• Cisco Prime Collaboration Provisioning • Single point of Move/Add/Change Mechanism • LDAP is Required • Single pane of Glass and Multi-Levels of Administration (Help-Desk) • Template and Service Area Based • Start with Prime Provisioning, overlay on existing system can take more time • Auto-Provisioning from LDAP, User Portal • Virtual Server, with mutltiple sizing based. Linux based deployments
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 100 Cisco Prime Collaboration
• Cisco Prime Collaboration Assurance and Analytics
• Prime Collaboration Assurance • The former “Operations Manager and Service Monitor” • Assurance for one Cluster is included with all CUCM 10.X and above deployments • Analytics is a cost per “device” • Red light/Green light view of the voice and network portion • Great intermediary between the CUCM and a overall management platform.
• Prime Collaboration Analytics • Call quality and MOS score tool • Can actively provide analytics during call (1040 probe required)
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 101 Telepresence Management Suite
• Cisco TMS • Video Management and booking engine • Manage VCS/Expressway Health, Call Records, Issue management • Manage Endpoints, booking of Endpoints, booking of Bridging resources • Live View of conferencing resources, ability to add/remove users in a live conference • Multiple Extensions to enable Exchange resources booking, API integration, Provisioning for Endpoints/Jabber for Telepresence (MOVI). Third party bridging and endpoint support available as well (check the compatibility matrix) • Start with Prime Provisioning, overlay on existing system can take more time • Auto-Provisioning from LDAP, User Portal for simple scheduling. • WebEx CMR and CMR-Hybrid booking mechanism
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 102 Collaboration Edge Expressway Cisco Collaboration Edge Value Proposition Work anywhere with anyone on any device using any workload delivered from anywhere
Inside the Outside the organization organization
Intelligent Collaboration Ecosystem Increased Connect to productivity with customers, a connected partners, and community businesses
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 105 Portfolio & Where Used (X8.10)
Unified Simplified view Communications Services
Hybrid Connectors
UCM
Business to Business (B2B)
Cisco Meeting Server (op tional) Other Companies Cisco EXPWY-E B2B (Stds, MS, O365) Collaboration 1St & 3rd Cloud Integration Cisco Cloud
(Cisco, Polycom, Lifesize, DMZ Internet Avaya, SfB) SIP or H.323 EXPWY-C
3rd party Interop via Cloud CMR Mobile Remote Access (MRA) (SfB, Polycom, JabberGuest CMS WebRTC Lifesize, Avaya)
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 106 Fixed Endpoint Support On Cisco Expressway Available Today Spark Room Kit, Spark Room Kit, Spark Room Kit Plus Spark Room Kit Plus
Internal Network DMZ External Network
DX70, DX80 DX70, DX80 Internet
Expressway-C Expressway-E MX, SX, EX, C Series MX, SX, EX, C Series TelePresence Endpoints TelePresence Endpoints
Spark Room Kit, Spark Room Kit Plus, MX, SE, EX and C Series can also be registered directly to Cisco Expressway
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 107 Compute Platform Options
Spec-based Appliance Support Virtual Machine Support EXPRESSWAY 1200
OVA Size vCPU Reserved Disk NIC(s) RAM Space Small 2 x 1.8 4GB 132GB 1Gb (BE6K only) GHz Medium 2 x 2.4 6GB 132GB 1Gb • Appliance based on UCS C220 M5 GHz • Bare metal – no hypervisor Large 8 x 3.2 8GB 132GB 10Gb • Solution for customers with security policies that do GHz not allow VMware in the DMZ • Expressway application preloaded with licenses • Expressway Appliance SKUs EXPWY-1200-K9
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 108 Expressway X8 Scalability
Server Cluster
MRA Audio Only MRA Audio Only Platform Registration Video Calls Video Calls Calls Registrations Calls s Large OVA, CE1100 2,500 500 1,000 10,000 2,000 4,000 (10Gbps NIC) Medium OVA, CE1100 (w/o 2,500 100 200 10,000 400 800 10Gbps NIC) Small OVA 2,500 100 200 2,500 100 200 (BE6000)
New X8.10 will allow for large-scale capacity on Large OVA and EXPWY1200 with only 1Gbps NIC
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 109 Expressway Clustering, 4+2
• Cluster Expressways for scale and redundancy
• Expressway clusters support up to 6 peers (RTT – 30ms)
• Expressway-C and -E node types cannot be mixed in the same cluster
• Deploy equal number of peers in Expressway-C and -E clusters (applies to most Expressway deployments but not critical if Expressway handles New local registrations)
• Deploy same OVA sizes or appliances throughout cluster
• Customers can deploy multiple clusters for the same domain
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 110 Expressway Mobile Remote Access (MRA) Jabber Mobile Remote Access via Expressway
Use Case: Mobile / Teleworker Access visual voicemail
Inside firewall DMZ Outside firewall (Intranet) (Public Internet)
Collaboration Internet Instant Message Services and Presence
CUCM Expressway Expressway Core Edge Make voice and video calls
Launch WebEx Share content Search corporate directory
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 112 Expressway & Jabber Service Discovery
DNS SRV lookup _cisco- Inside firewall DMZ Outside firewall uds._tcp.example.com (Intranet) (Public Internet) ✗ Not Found
Collaboration DNS SRV lookup _collab- Services Public DNS edge._tls.example.com Unified CM Expressway Expressway expwyNYC.example.com C E ✓
TLS Handshake, trusted certificate verification HTTPS: get_edge_config?service_name=_cisco- uds&service_name=_cuplogin
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 113 Jabber MRA via Expressway AnyConnect comparison Cisco AnyConnect • Layer 3 VPN solution • Secures entire device and its contents Cisco Unified CM • Requires AnyConnect license & Applications • Allows users access to any permitted applications & data Cisco AnyConnect® VPN Cisco Expressway • Session-based firewall traversal • Allows access to collaboration applications only through TLS Cisco • Personal data not routed through Expressway enterprise network • No additional cost • Better user experience than VPN
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 114 MRA Client & Endpoint Support Webex Room 55, Available Today Webex Room 70, Webex Room Kit, Webex Room Kit Plus
Internal Network DMZ External Network DX650, DX70, DX80
Internet MX, SX, EX, C Series UCM Expressway-C Expressway-E TelePresence Endpoints
New! 12.1.1 require 8811, 8841, 8845, 8851, 8861, 8865 d 7832 & 8832 7811, 7821, 7841, 7861
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 115 Expressway-E certificate requirements DX, 78XX, 88XX specific requirements • Trust model based on broadly trusted Public Certificate Authorities DX650, DX70, DX80
• Endpoint firmware includes 135 trusted public root CA certificates
• No option to import and trust other root CA certificates on these endpoints 8811, 8841, 8851, 8861 • Expressway-E certificate needs to be signed by trusted public CA
7821, 7841, 7861
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 116 Expressway Business to Business (B2B) DNS Based Domain Services DNS Server
Cisco.com Example.com
Call sent to server1.cisco.com
Call sent to serverA.example.com
_sip._tcp.cisco.com IN SRV 10 1 5060 server1.cisco.com .SIP, H.323 service IN SRV 50 1 5060 .TCP or UDP protocol server2.cisco.com _sip._udp.cisco.com IN SRV 10 5 5060 server1.cisco.com .Multiple servers in record provide redundancy IN SRV 10 1 5060 .DNS SRV records use priority, weight for load server2.cisco.com balancing server1.cisco.com IN A 10.10.10.1 .DNS server needs to be highly available server2.cisco.com INPriority A 10.10.10.2 Weight .SIP Options ping for reachability
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 118 Expressway Firewall Traversal Basics (Inbound)
Enterprise Network DMZ Outside Network
Unified Internet CM Firewall Expressway Firewall Expressway Signalling C E Keep-alive Media 1. Expressway-E is the traversal server installed in DMZ. Expressway-C is the traversal client installed inside the enterprise network
2. Expressway-C initiates traversal connections outbound through the firewall to specific ports on Expressway-E with secure login credentials
3. Once the connection has been established, Expressway-C sends keep-alive packets to Expressway-E to maintain the connection
4. When Expressway-E receives an incoming call, it issues an incoming call request to Expressway-C
5. Expressway-C then routes the call to Unified CM to reach the called user or endpoint The call is established and media traverses the firewall securely over an existing traversal connection
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 119 Expressway Firewall Traversal Basics (Outbound)
Enterprise Network DMZ Outside Network
Unified Internet CM Firewall Expressway Firewall Expressway Signalling C E Keep-alive Media 1. Expressway-E is the traversal server installed in DMZ. Expressway-C is the traversal client installed inside the enterprise network
2. Expressway-C initiates traversal connections outbound through the firewall to specific ports on Expressway-E with secure login credentials
3. Once the connection has been established, Expressway-C sends keep-alive packets to Expressway-E to maintain the connection
4. When an endpoint behind Unified CM places a SIP URI call to a domain unknown by the Unified CM dial plan, the call is routed to the Expressway-C
5. Expressway-C then routes the call to Expressway-E to reach the called user or endpoint The call is established and media traverses the firewall securely over an existing traversal connection
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 120 SIP URI Dialing Flowchart
Does whole URI Does RHS Does whole URI no match one in the no no match a no Is LHS numeric? match one in Block call CSS and URI SIP Route ILS? table? Pattern?
yes yes yes yes No match
Route using SIP Route based on Route/block route patterns RHS to based on Offer call based on routing Expressway C existing numeric string provided rules by ILS (see next slide) Note: Assume only [email protected] is in URI table, Fallback for alpha-URIs not 1) alice@CUCM IP address will not route. 2) alice@CFQDN will not route local and not found in ILS! e.g. default routing user @ example.org
left-hand-side (LHS) right-hand-side (RHS)
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 121 IP Address Dialing Use Case: Business to Business
DMZ
Unified CM EXPCTRUNK Internet
Expressway Firewall Expressway Firewall Public H.323 Endpoint C E 126.126.126.126
1. User srogers dials the SIP URI 126.126.126.126@ip (RHS can be any keyword) DN:\+14085552001 2. Matches Unified CM SIP Route Pattern of * and routes to EXPCTRUNK device. [email protected] 3. Expressway C matches the URI with pre-search transform that strips the RHS @ip and forwards the call to Expressway E. 4. Expressway E matches identifies the destination as an IP address and forwards to the IP Address Zone and sends the call to the destination IP of 126.126.126.126.
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 122 Expressway Local Registration Support SIP & H.323 Video Call Control
Internal Network DMZ External Network
Internet
Expressway-C Expressway-E
H.323 Gatekeeper & SIP Registrar providing standards- based interop and video support for Cisco & 3rd party endpoints SIP signaling H.323 Signaling
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 123 Expressway-E Local Registration Support
• Beginning with X8.11 Expressway-E will support local SIP and H.323 video registration • Expressway-E no longer required to proxy SIP registrations • Allows for remote H.323 registrations
• Local SIP and H.323 registrations allowed on Expressway-C since X8.9
• UCL Enhanced License enables SIP Desktop Endpoints (DX70/80, EX60/90)
• TP Room System License required for all other systems including 3rd party and H.323
• Same option keys (Room System, Desktop System) used on both Expressway C & E
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 124 Jabber IM&P Federation with Expressway Now extending to organizations using Microsoft CMS is always recommended for integration with S4B Microsoft ® Office 365
Organizations with Skype™ for Internal Network DMZ External Network Business on premises
Internet WebEx Expressway-C Expressway-E IM&P Messenger Cloud
XMPP Standards Organizations SIP based XMPP service with Cisco Collab
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 125 Hybrid Architecture WebEx Hybrid Services See Sessions: BRKCOL-2607
Cisco Collaboration Cloud Message | Meeting | Call Hybrid Call Service • Room System Integration
Hybrid Calendar Service
Existing Services Hybrid Directory Service
Creating unique value by connecting on-premises and cloud services.
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 127 Deployment Guide: http://www.cisco.com/c/dam/en/us/td/docs/solutions/PA/maroon/hybridswp.pdf HTTPS CTI/AXL SIP Architecture SIP and API control Hybrid Services DMZ
Unified CM Expressway-C Expressway-E
Internet
New
Hybrid Service TMS CMS Expressway-C • Management Connector • Calendar Connector • Call Connector Minimum Exchange Minimum Cisco UCM Requirements: Requirements: Minimum Expressway . Exchange 2010 SP3 / 2013 / . For Unified CM 10.5(2)SU3 Requirements: 2016/O365 . For HCS 10.6.X . Version 8.8 or later . @WebEx requires T31+ & PMR
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 128 Hybrid Directory Service Hybrid Directory Service
Hybrid Directory Service - This service allows any WebEx customer to synchronize their current Active Directory with the Cisco Collaboration Cloud. This makes onboarding users to the Cisco Collaboration Cloud simple and consistent.
Ad Users: Ben Expressway - C WebEx Users: Katie Ben Melissa Katie Import Users Directory Connector Melissa installed on Windows Domain Server.
Directory Connector installed on Windows Domain Server (2003,2008 R2 or 2012, 2012 R2) with administrator user privileges
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 129 Hybrid Call Service Hybrid Call Service • Room System
Call Service Connect – integrates cloud registered room systems with premise based CUCM systems to allow inbound and outbound calling to and from cloud registered shared video systems
Calling Conference Room1
Conference Room 1
PSTN / ISDN
Katie
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 130 Webex RD Provisioning Through Expressway-C Connector Host
• Each UCM cluster needs to be provisioned on Call Connector
• UCM needs User an application user with: • Standard AXL API Access • Standard CTI Allow Control of All Devices • Standard CTI Enabled • Standard CTI Allow Control of Phones supporting Connected Xfer and conf • Standard CTI Allow Control of Phones supporting Rollover Mode
• Every device must have a directory URI Webex RD provisioned • CFQDN has to be set to a unique value automatically using single Device Pool, Location, Calling Search • Manual or Automatic Provisioning of Spark RD Space, Rerouting CSS • Remote Destinations always provisioned
through the Connector TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 131 Hybrid Calendar Service Hybrid Calendar Service
Hybrid Calendar Service: This service allows any WebEx customer to enable scheduling of WebEx meetings with an automatically created and associated Cisco Spark space. By adding @Spark to the location field of the Exchange appointment, all attendees of the appointment are automatically added to the Cisco Spark space. With @WebEx in the location field, the details of the WebEx personal meeting room of the inviting user are automatically added to the invitation sent for the appointment.
@webex Organizer’s Personal Room in Webex @spark Meeting information in the New virtual room Webex team space Meeting information in the calendar invite
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 132 Cisco WebEx Video Mesh (Formerly Hybrid Media Service)
Problem Internal • 1:1 meetings use a cloud resource to meet
• Multiparty meetings use a cloud resource to meet WebEx Teams App • Signaling and media go to and from the cloud 2 MB
• Increased bandwidth requirement for the Internet with adoption of Cisco Spark Meetings 2 MB WebEx Room Device Internet
2 MB Solution WebEx Teams App
Cisco Hybrid Media Service WebEx Teams AppWebEx Teams App
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 133 Cisco WebEx Video Mesh See Session: (Formerly Hybrid Media Service) Internet What is it? BRKCOL-1120
• A little of our cloud on your premises
• Cisco cloud basic meeting capabilities packaged in an OVA for on premise deployment
Video Mesh Node • Ability for any paid WebEx Teams customer to provide local media processing on the enterprise network.
• Customers can deploy media nodes across multiple locations, optimizing media quality within a location and Corporate Network bandwidth across locations
• Automatic overflow from on-premise media node to cloud nodes
• Automatic upgrades of media nodes (upgrade window)
• Single pane of glass for management, resource Hybrid Media Node Hybrid Media Node monitoring and usage metrics
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 134 Cisco WebEx Video Mesh Service
Corporate Network Hybrid Media Node Cascade Link Cisco Collaboration Cloud
Overflow: Cisco WebEx standards based registered devices SIP endpoints and and WebEx Teams Cisco WebEx, standards based app WebEx Teams app, SIP clients or Skype for Business
On-premise registered Cisco and 3rd-party Cisco WebEx registered Overflow: Cisco WebEx registered standards based SIP endpoints and standards devices, and any devices, WebEx Teams app based SIP clients standard based SIP/H.323 endpoints TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 135 HTTPS
SIPCTI/AXL
SIP and API control Architecture DMZ Hybrid Services Unified CM Expressway-C Expressway-E
Internet
Hybrid Service TMS CMS Expressway-C
OR
Video Mesh Node Video Mesh Node
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 136 HTTPS CTI/AXL SIP Architecture SIP and API control Hardware for Video Mesh
Expressway-C Expressway-E Cisco Multiparty Media410v server • 46vCPUs • 60GB main memory Internet • 250GB local hard disk space
Cisco Meeting Server 1000 • 70vCPUs • 60GB main memory
• 250GB local hard disk space Hybrid Service Expressway-C Specifications-based Configuration: • 46vCPUs • 60GB main memory OR • 250GB local hard disk space Video Mesh Node Video Mesh Node • 2.6GHz Intel Xeon E52600v3 or later processor • VMware ESXi 6 and vSphere 6 or later TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 137 Cisco Webex Hybrid Media Service New functionality
Corporate Network Video Mesh Node Cascade Link Cisco Collaboration Cloud
Overflow: Standards Cisco WebEx based SIP endpoints registered devices Cisco WebEx, and standards based and WebEx Teams WebEx Teams app, SIP clients app or Skype for Business
Cisco WebEx On-premise registered Cisco and 3rd-party registered devices, Overflow: Cisco WebEx standards based SIP endpoints and and any standard registered devices, WebEx standards based SIP clients based SIP/H.323 Teams app endpoints
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 138 Capacity on Multiparty Media 410v and Cisco Meeting Server 1000 Server (version) Max simultaneous calls per server
Cisco Spark only Standard based SIP endpoints and Cisco Spark app/devices
(720p | 1080p) (720p | 1080p) MM410v (Full version) 100 | 75 65 | 48
CMS 1000 (Full version) 100 | 75 80 | 60
Demo version 10 | 5 10 | 5
If all the meetings hosted on a given Video Mesh Node have only WebEx Team apps and WebEx registered devices, then the server can scale up to 100 participants at 720p. If all meetings have a mix of WebEx Teams app and SIP participants, then the scale goes up to 80 participants for the CMS 1000 server and 65 participants for the MM410v server.
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 139 Webex Edge Cisco Webex Edge Audio Architecture requirements Unified CM support only • 10.5 or later Webex Edge Cisco UCM registered IP phones Cisco Audio • Supporting G.711 or G.722 Unified Meetin CM Z g Expressway support only
Expressway C/E • X8.10 or later • Can use existing Expressway C/E deployment • Audio scale dependent on Expressway deployment and services enabled.
IP Webex site Phone • WBS 33.x or higher Customer • Included in Flex, A-WBX and A-SPK SKU need Signaling the Webex Edge Audio package Premises Media Path • Not available on CCA-SP, CCA-ENT or TSP sites. • Requires migration to Webex Audio Site Version 1.1
Requires a signed certification from a Cisco trusted
TECCOL-2982Certificate Authority© 2019 Cisco and/or (CA) its affiliates. All rights reserved. Cisco Public Cisco Webex Edge Audio Dial in Signaling Call Flow
Webex Edge Cisco Audio 1. Endpoint dials Webex Audio access 5 Unified Meetin number. g CM Z SIP Trunk 2. Cisco UCM matches the number and
2 3 4 routes as +E.164 through SIP trunk to Expressway C/E Expressway-C.
3. LUA script on SIP trunk to Expressway-C
1 Dials Webex Access Number applies transformations required for correct routing to Webex IP Phone 4. Expressway-C sends request to Expressway-E. Customer Signaling Premises 5. Expressway-E routes call to the Webex Media Path cloud.
6. Meeting resources are setup. Version 1.1
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 142 Cisco Webex Edge Audio Dial in Media Call Flow
Webex Edge Cisco Audio 1. The IP phone sends media to Expressway- 4 Unified Meetin C g CM Z 2. The Expressway-C sends media to 2 3 Expressway-E via the traversal zone Expressway C/E 1 3. The Expressway-E sends media to the Webex cloud.
4. IP phone’s audio is mixed into the meeting IP and it hears the other participants. Phone
Customer Signaling Premises Media Path
Version 1.1
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 143 Cisco Webex Edge Audio Dial in Signaling Call Flow with and without Edge Audio configuration
Webex Edge Webex Edge Audio Cisco Cisco Audio Unified Meetin Unified Meetin g g CM Z CM Z SIP Trunk
Expressway C/E Expressway C/E
IP IP PSTN Phone Phone PSTN GW
Customer Signaling Customer Signaling Premises Premises
User dials E.164 Webex Access number that does have an User dials E.164 Webex Access number that does not have an associated Edge Audio route pattern in Cisco UCM associated Edge Audio route pattern in Cisco UCM
Version 1.1
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 144 Cisco Webex Edge Audio Dial in Media Call Flow with and without Edge Audio configuration
Webex Edge Webex Edge Audio Cisco Cisco Audio Unified Meetin Unified Meetin g g CM Z CM Z
Expressway C/E Expressway C/E
IP IP PSTN Phone Phone PSTN GW Customer Customer Premises Premises Media Path Media Path
User dials E.164 Webex Access number that does have an User dials E.164 Webex Access number that does not have an associated Edge Audio route pattern in Cisco UCM associated Edge Audio route pattern in Cisco UCM
Version 1.1
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 145 Deployment Scenarios Single Site Call Back – Edge Audio not configured US – off net Meetin g SIP PSTN Webex Edge +1.408.555.6713 Audio Cisco
Unified Intern CM Z et
Expressway C/E Call back made to +1.408.555.6713 HTTP to Webex
+1.408.555.4478IP Laptop PSTN GW Phone Client # • Expressway-E configuration in Webex for callback is disabled or inactive Customer • Routing utilizes Webex PSTN connectivity to reach the Premises phone number USA Signaling Media Path Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 147 Call Back – Edge Audio not configured US – on net Meetin g SIP PSTN Webex Edge +1.408.555.6713 Audio Cisco
Unified Intern CM Z et
Expressway C/E Call back made to +1.408.555.4478 HTTP to Webex
+1.408.555.4478IP Laptop PSTN GW Phone Client # • Expressway-E configuration in Webex for callback is disabled or inactive Customer • Routing utilizes Webex PSTN connectivity to reach the Premises phone number USA Signaling Media Path Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 148 Single site Call Back – Endpoint offline US Meetin g PSTN Webex Edge +1.408.555.6713 Audio Cisco
Unified Intern CM Z et
Expressway C/E Call back made to Unregistered +1.408.555.4478
+1.408.555.4478IP Laptop PSTN GW Phone Client # • IP Phone is unregistered to Cisco UCM • Cisco UCM reroutes the call based on configuration (call Customer forward unregistered) to a secondary number which is offnet Premises USA Signaling Media Path Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 149 Single site with SME
Meetin g Webex Edge Audio Cisco Unified CM (SME) Intern Z SIP Trunk et
• Session Manager Edition is supported • +E.164 enterprise dial plan to route dial-in and call-back • Inter-cluster routing using ILS/GDPR • Apply LUA script on SME trunk for dial-in • Request and To: URI manipulation • Enterprise dial plan can support arbitrary dialing habits for dial-in • … as long as the number ultimately exposed to LUA Customer script is a valid +E.164 Webex dial-in number Premises USA Signaling Media Path Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 150 Single Country Call Back – Multiple Expressways
Meetin Cisco Site 1 Webex Edge g Unified CM Audio
Z Intern et exp-amer1.example.com
WAN
Site 2 DNS SRV: Cisco Webex Edge _sips._tcp.edge-amer.example.com Unified CM Audio DNS SRV Records
_sips._tcp.edge-amer.example.com. 60 IN SRV 0 5 5062 exp-amer1.example.com. Z _sips._tcp.edge-amer.example.com. 60 IN SRV 0 5 5062 exp-amer2.example.com.
exp-amer2.example.com • Expressway-E is configured in Webex for callback • +1 is defined in Webex callback settings Laptop Call back made to Client On net IP phone • SRV records along with DNS configuration will determine Customer cluster routing or load balancing Premises Signaling USA Media Path Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 151 Deployment Scenarios Multiple Sites Multisite Dial In PSTN Dials US and Germany +49.6196.773.9002 Germany Webex Access Number Meetin g Webex Edge Webex Edge Cisco Audio Audio Cisco Unified Unified CM CM Z Intern Z SIP Trunk SIP Trunk et
Expressway C/E Expressway C/E PSTN GW Dials Dials +1.408.525.6800 +49.6196.773.9002 US Webex Access Number Germany Webex Access Number IP IP Phone • Requires LUA script applied to the SIP trunk configuration Phone • Off Net participant uses PSTN to connect to Webex Customer • Media traverses Expressway C/E to the meeting for On net Customer Premises phones Premises USA Germany Signaling Media Path Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 153 Multisite Dial In PSTN Dials US, Germany and UK +44.20.8824.0117 UK Webex Access Number Meetin g Webex Edge Webex Edge Cisco Audio Audio Cisco Unified Unified CM CM Z Intern Z SIP Trunk SIP Trunk et
Expressway C/E Expressway C/E PSTN GW Dials Dials +1.408.525.6800 +49.6196.773.9002 US Webex Access Number Germany Webex Access Number IP IP Phone • Requires LUA script applied to the SIP trunk configuration Phone • Off Net UK participant uses PSTN to connect to Webex Customer • Media traverses Expressway C/E to the meeting for On Customer Premises net phones Premises USA Germany Signaling Media Path Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 154 Multisite Call Back PSTN Call back # US, Germany and UK +44.21.8824.6910
Meetin g Webex Edge Webex Edge Cisco Audio Audio Cisco Unified Unified CM CM Z Intern Z et
Expressway C/E Expressway C/E
Public DNS: PSTN GW
Call back # _sips._tcp.edge-amer.example.com. 60 IN SRV 0 5 5062 exp-amer.example.com. Call back # _sips._tcp.edge-emea.example.com. 60 IN SRV 0 5 5062 exp-emea.example.com. PST +1.408.555.4478 +49.6100.773.5678 N IP • One SRV domain per region IP Phone • One SRV record per Expressway-E associates Expressway-E to Phone region Customer • Global Callback enabled on Webex Customer Call back # • Webex routes call back calls to Expressway C/E then to the local +49.6100.773. Premises 8852 Premises Cisco UCM for on net numbers USA • Cisco UCM routes in country PSTN connection for unresolved in country Germany numbers. Local PSTN toll charges apply Signaling • Webex routes call to PSTN for out of country phones (UK) Media Path Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 155 Webex Edge Connect Webex Edge Connect Brings the power of the Webex backbone directly to your data center
Webex Edge Connect
• A direct peering at Equinix data centers • Bypasses the Internet by providing a direct connection1 to the Webex data center • All Webex media traffic traverses the dedicated link providing end-to-end QoS. (VoIP, video, content sharing) • When used with Video Mesh provides a more secure end-to-end experience Webex Edge
1 via a peering agreement with Equinix Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 157 Webex Edge Connect and ECX Locations
(Future)
(Future)
(Future)
Colocation Cisco WebEx Locations
Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 158 Customer Requirements
1. A cage and router in place at Equinix
2. A paid connection to the Equinix Cloud Exchange
3. Knowledge of BGP Routing Customer Equinix Cisco Webex 4. Public BGP Autonomous System Number Premises Cloud Exchange 5. Public provider independent IP block (ECX) • No RFC1918 addressing (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) • Customer may rent a /29 IP block from Equinix
6. Paid service to Cisco Webex
Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 159 Connectivity - Components
Equinix Network Details Cloud Exchange 1. Customer orders physical circuit to ECX fabric Layer 1 (1G/10G) 2. Customer provisions virtual circuit to Cisco WebEx using Layer 2 Equinix self-service portal (802.1q) AS13445 3. Customer completes WebEx Customer BGP network questionnaire Layer 3 Network (BGP) 4. Cisco enables BGP connection to the Customer to establish connectivity
Roles and Responsibilities
1. Layer 1 – Physical Connectivity Equinix responsibility: Physical link provisioning (cross connects) 2. Layer 2 – Ethernet Connectivity Virtual circuit monitoring reports & support
3. Layer 3 – IP connectivity Cisco responsibility: Peering provisioning and support Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 160 Cisco Webex Architecture ORD10-WXBB-CRT01 ORD10-WXBB-CRT02
• A customer setups up dual ORD10-WXBB-PE02 connections to Equinix for redundancy ORD10-WXBB-PE01
• Cisco Webex has redundant connection to Equinix at all colocations across the globe SE • BGP routing is used to route traffic PRI Intern C across the peering connection. et Equinix • Customers that have a global presence can choose which regions PRI SE to peer. C
• Customer’s Internet connection is used as fallback
Customer Premises Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 161 Signaling and Media Flow
• Media flows via Equinix peering connection.
Webex AS13445 • Webex Meetings app signaling Webex IP blocks: and media use the peering https://collaborationhelp. cisco.com/article/en- connection us/WBX000028782 • Signaling for cloud registered Internet devices and Webex Teams Signaling only uses the public Internet • Third party services accessed Z via the Internet Signaling
Media Path Customer
Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 162 Webex Edge Video Mesh Webex Edge Video Mesh On-premises video quality and bandwidth savings
Video Mesh Node local media kept local Video Mesh Node local media kept local
Webex Edge Video Mesh
• Software extends cloud to the premises - media stays local for on-premises attendees Video Mesh Node local media • Cloud simple: managed by & registered to Webex cloud kept local
• Automatic overflow if local capacity is full / unavailable
Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 164 Cisco Webex Edge Video Mesh Architecture
Webex Edge • Video Mesh is part of the Webex Edge Cisco Audio Unified Meetin solution CM g • Video Mesh functionality is the same, handling the Main Video, Speaker’s Audio ExpresswayZ C/E and Content being shared by the video devices in the meeting that can utilize Video Mesh Video Mesh • Video Mesh communicates directly to SIP Cloud Video Registered Webex cloud and terminates the media for Endpoint Video cloud registered device and SIP video Endpoint endpoints for dialing into Webex meetings. Customer Signaling Premises • Webex Teams, Webex registered devices Media Path and Cisco UCM registered SIP video endpoints use Video Mesh. Webex Meeting app or Webex Teams browser does not use Video Mesh. Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 165 Cisco Webex Edge Audio + Video Mesh Signaling and Media
Webex Edge • Video Mesh and Edge Audio work Cisco Audio Unified Meetin independently but are part of an overall CM g solution when connecting to a Webex SIP Trunk meeting.
Z Expressway C/E • IP phones dialing in or call back to the Webex meeting use +E.164 numbers and utilize the Expressway to connect to the Video Webex meeting. (Webex Edge Audio) Mesh IP SIP Cloud Phone Video Registered • Cisco UCM registered SIP video endpoints, Endpoint Video Webex registered devices and Webex Endpoint Teams app dial SIP URIs to the Webex Customer Signaling meeting and use Video Mesh for local media Premises Media Path processing.
• Webex Meeting app goes directly to the Webex Cloud.
Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 166 Webex Edge Audio, Video Mesh and Connect Cisco Webex Edge Audio + Video Mesh + Connect Architecture
Cisco Webex Edge • Webex Connect is a peering connection to Unified Meetin Cisco Webex. g CM • Both Video Mesh and Webex Edge Audio Expresswa Z can use the Webex Edge Connect peering y Connect service to connect media to the Webex Meeting, but it is not a requirement.
Video Mesh • Webex Teams signaling goes via the Internet link and all media goes via Webex SIP Video IP Laptop Laptop Internet Endpoint Phone Client Client Connect. • Webex Meetings app sends signaling and Customer Signaling media via Webex Connect. Premises Media Path • If the peering connection is not available all signaling and media traffic will flow via the Internet.
Version 1.1 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 168 Cloud Architecture Agenda Cloud Components
• Messaging
• Meetings
• Security
• Calling
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 170 Messaging and Teams WebEx Teams
The Cisco Webex™ application simplifies teamwork by making communication seamless. Send messages, share files, and meet with different teams, all in one place.
Making Teamwork Simpler.
Unlimited Persistent and secure Face-to-face meetings Superior business-class virtual rooms messaging and file sharing with screen sharing experience
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 172 Teams: An Easier Way to Get to Work
Pull Everyone Together Simpler Way to Work With All Your Teams
Start collaborating with Work together in unlimited virtual Connect your mobile calendar to create anyone by simply adding rooms that you can easily access a Webex room for upcoming calendar their name or e-mail through a searchable, sortable list entries. Join virtual meetings, including address WebEx meetings, in a single tap.
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 173 Webex Teams: Get It Done Faster
Consistent and Easy- Add Files Quickly Scan Get Caught Up to-Use Experience on Even While Mobile Shared Files Quickly Every Device
Share a photo or add a See files instantly without Review previously shared Cisco Webex for: file directly into your a download to get to the messages and files at any • iPad and iPhone rooms important information time • Android fast • Web • Windows • Mac • Windows Phone (BETA)
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 174 Teams: Accelerate Decision Making
Meet, Share, and Recall Broaden the Discussion
Start a meeting in your Share your Capture important Add a guest participant to join a rooms of up to 200 screen to gain details while you talk meeting on the fly people* from any device quick alignment that can be reviewed later
*Paid subscription feature
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 175 Webex Teams
• Group rooms by teams
• A team defines a set of users
• Same Webex experience once in a team room
• Better organization of rooms
• Open and Discoverable Rooms • Moderated, private, invite-only rooms also available
• Immediately connect new users with their team, projects & tasks
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 176 Teams Features
• Anyone can create a team • Teams are best for organizational structures or small projects • Anyone in a team can create rooms in a team • Rooms can be either be open or private • Rooms in a team can have invited guests • Guests can participate in the specific rooms in which they were invited • Guests cannot discover open rooms and are not a member of the team • A team creator is the default team moderator • Invite/remove people from the team, archive the team, and assign other moderators • Archive Team/Team Rooms • When finished with a team or room in a team, users can archive these constructs
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 177 Teams Screens
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 178 Additional Teams Features
• Rooms created with no team attached can be moved into a team • No loss of progress, messaging, or content
• Documented Teams APIs to create teams, add/remove people in a team, create rooms in a team, archive team/team rooms • https://developer.ciscoWebex.com
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 179 Teams Client
• Updated Native Windows and OSX desktop client updates
• Enhanced user experience
• Improved performance
• Greater stability
• Delivered via the same Teams update process
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 180 Cisco Webex Platform APIs
Make it easy for users to integrate Cisco Webex with the apps they love and give developers tools to transform collaboration experiences.
Native App Integration Platform Integrations Services APIs / SDKs
Teams unify Power-users Developers accelerate workstreams create their own apps the value of Webex in in a click in minutes their environments
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Webex APIs Extend Cisco Collaboration Cloud
‘Your App’ Now with
GET Cisco Collab!
/People POST /Memberships PUT /Rooms DELETE /Messages
/Webhooks
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 182 Powered by WebEx*
Meetings Webex Meetings Designed to deliver the best meeting experience in the industry Video-first user interface New desktop, mobile and web apps Integrations
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 184 ONE Platform, One Meeting Teams becomes the best way to start and join your meetings
Continuous Collaboration Messaging Whiteboarding ONE Meeting Files Bots / Integrations Cloud, Premises or Hybrid Proximity Meeting context Join - OBTP Meetings Video / Sharing Teams
Hybrid Media KMS Security
*Meeting, Event & Training Center Access Clients TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 185 Meetings Focus
• One meeting, chose your client
• Consistent in-meeting experience
• No migration
• The Teams advantage • Asynchronous communication • Persistent content • Hardware integration • Smart lobby • Multi-stream video
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 186 One Meeting The value of one cloud platform
Cisco Webex Teams Cisco Webex Meetings
Unified participant lists, controls, Stay in the Webex Teams app to Designed for simple recording host Webex Meetings customer evolution
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 187 A New Webex Meetings Experience
Modern video-first experience, New in-meeting control bar Simplified dashboard everyone can be seen no matter with one click to the most provides single view of your how they join common tools Webex meeting capabilities
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 188 New Desktop App Fastest Join Experience
One click to start or join Integrated calendar Proximity for device pairing and content share
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 189 A New Meeting Experience Mobile and Web Optimized
Reimagined mobile meetings equal Using WebRTC – no plug-ins to host or join a participation meeting
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 190 Cisco WebEx Teams The Preferred Entry Point to Your Meeting Experience
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Joining Meetings Made Easy
• One Button to Push (OBTP) to join WebEx, Teams or other SIP- based meetings
• Requires Cisco WebEx Teams Calendar services (Exchange, 0365, Google calendar)
• Device selection to join via Deskphone control, WebEx device in proximity or PSTN / TP (dial in / callback)
• One Button to Push (OBTP) on WebEx Shared and Personal Devices
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 192 Starting Personal Room Meetings from Teams
• Start a meeting in your Personal Room
• Jump on someone’s Personal Room or drop the link in a space
• Be notified on WebEx Teams when someone is in your Personal Room lobby
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 193 Bringing Context To Your Meetings
• See who is in the meeting so you can decide when to join! • Easily switch from a meeting to another
• Multitask or locate the file you need to share in the meeting
• Identify who is sitting in the conference room (WebEx devices)
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 194 Get on the same page The cloud-based Webex app lets every team member participate as if they’re in the room together. Share ideas and access all the same tools across mobile devices, laptops and the Webex Board. Every contribution from the team is automatically updated to the Webex room, so you can reach whenever you need it.
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 195 Cloud Security and Hybrid Data Security • Introduction – Webex Cloud Security Agenda • Realms of Separation • Identity Obfuscation • Synchronizing User IDs with the Webex Cloud & Single Sign On Support • Secure App and Device Connections
• Cloud based Data Security and Data Services • Secure Messages and Content • Secure Search and Indexing • E-Discovery Services
• Customer controlled Security • On Premise – Hybrid Data Security • Key Management Server Federation • Deployment Considerations
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 197 Webex Cloud Security - Realms of Separation
Identity Service Content Server
Key Mgmt Service Indexing Service E-Discovery Service
Data Center A Data Center B Data Center C Webex logically and physically separates functional components within the cloud Identity Services holding real user Identity (e.g. email addresses) are separated from Encryption, Indexing and E-Discovery Services, which are in turn separated from Data Storage Services
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 198 Realms of Separation – Encryption and Storage
messagexxxxxxxx
Identity Service Content Server
Key Mgmt Service Indexing Service E-Discovery Service
Data Center A Data Center B Data Center C
Webex logically and physically separates functional components within the cloud Data Services such as Encryption Key Generation, Secure Message Indexing for Data Search, and E-Discovery functions operate in different Data Centers from the Data Center that encrypted content is stored in
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 199 Realms of Separation – Identity Obfuscation
[email protected] Identity Service Content Server
Key Mgmt Service Indexing Service E-Discovery Service
Data Center A Data Center B Data Center C
Outside of the Identity Service - Real Identity information is obfuscated : For each User ID, Webex generates a random 128-bit Universally Unique Identifier (UUID) = The User’s obfuscated identity No real identity information transits the cloud
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 200 Webex – User Identity Sync and Authentication User Info can be synchronized to Webex from the Enterprise Active Directory
Multiple User attributes can Identity Service be synchronized
Scheduled sync tracks employee changes
Passwords are not synchronized - User : 1) Creates a Webes Directory password or Sync 2) Uses SSO for Auth
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 201 Webex – SAML SSO Authentication SSO for User Authentication :
Administrators can configure Webex to
Identity Service work with their existing SSO solution
Webex supports Identity Providers using SAML SSO Security Assertion Markup Language
Directory (SAML) 2.0 and OAuth Sync 2.0
IdP See Notes for list of supported IdPs
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 202 Teams App – Cloud connection
1) Customer downloads and installs teams App (with Trust anchors) 2) Teams App establishes a secure TLS connection with the Spark Cloud
Identity Service Webex Service 3) Webex Identity Service prompts User for an e-mail ID 4) User Authenticated by Spark Identity Service, or the Enterprise IdP (SSO) 5) OAuth Access and Refresh Tokens created and sent to Teams App • The Access Tokens contain details of the Spark resources the User is authorized to access 5) Teams App presents its Access Tokens to register with Webex Services over a secure IdP channel
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 203 Webex Device – Cloud Connection
1) User enters 16 digit activation code received via e-mail from the Webex provisioning service 2) Device authenticated by Identity Identity Service Webex Service Service (Trust anchors sent to device and secure connection established) 3) OAuth Access and Refresh Tokens created and sent to Webex Device • The Access Tokens contain details of the Webex resources the User is authorized to access 5) Webex Device presents its Access Tokens to register with Webex Services over a secure channel
1234567890123456 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 204 • Introduction – Webex Cloud Security Agenda • Realms of Separation • Identity Obfuscation • Synchronizing User IDs with the Webex Cloud & Single Sign On Support • Secure App and Device Connections
• Cloud based Data Security and Data Services • Secure Search and Indexing • E-Discovery Services
• Customer controlled Security • On Premise – Hybrid Data Security • Key Management Server Federation • Deployment Considerations
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 205 Cloud Based Security : Secure Messages and Content Teams - Encrypting Messages and Content
Key Management Service
Any messages or files sent by Content Server Key Mgmt Service an App are encrypted before being sent to the Webex Cloud
Teams App request a conversation encryption key
filefile from the Key Management message message message message Service Each Team Room uses a different Conversation Encryption key AES256-GCM cipher used for Encryption TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 207 Team - Decrypting Messages and Content
Key Management Service
Content Server Key Mgmt Service Encrypted messages sent by the App are stored in the Webex Cloud and also sent on to every other App in the Team Room The encrypted message also contains a link to the conversation message message message encryption key If needed, Teams Apps can retrieve encryption keys from the Key Management Service
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 208 Cloud Based Security : Secure Search and Indexing Searching Rooms : Building a Search Index Indexing Service
HashB95748FE Algorithm
The Indexing Service : Enables users to search for names and Search Service words in the encrypted messages stored in the
Content Server Indexing Service Key Mgmt Service Content Server without ################# messag decrypting content SparkSparkB9 IS IS57 the the FE message 48 ## e A Search Index is built by creating a fixed length hash* of each word in each message within a Room
################# Spark IS the message ## The hashed indexes for each Team Room are stored by the * A new (SHA-256 HMAC) hashing key (Search Key) is used for each room Content Service TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 210 Searching Rooms : Querying a Search Index Search for the word “Cisco” Indexing Service Hash4857FEB9 Algorithm
App sends search request Search Service over a secure connection to the Indexing Service Content Server Indexing Service Key Mgmt Service The Indexing Service uses ################# “Spark”Spark“B9”B9 ## Per Room search keys to B9 57 FE 48 hash the search terms The Search Service Search for the word “Cisco” searches the for a match in the hash tables and returns Cisco################# IS the Message matching content to the App “Spark”## * *A link to Conversation Encryption Key is sent with encrypted message TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 211 Cloud Based Security : E Discovery Services Teams E-Discovery Service : (1)
Indexing Service
X1GFT5YYHash Algorithm
Compliance Officer selects a Indexing Service Search Service group of messages and files JoJo“X1GFT5YY” Smith’sSmith’sX1GFT5YY ContentContent to be retrieved for E- Discovery e.g. : based on Content Server E-Discovery Service Key Mgmt Service ################# date range/ content type/ ## username(s) Jo Smith’s Content The Indexing Service requests a search of related hashed content
################# The Content Server returns Jo Smith’s Content ## matching content to the E- Spark Control Hub Discovery Service TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public Teams E-Discovery Service : (2)
E-Discovery Service E-Discov. Storage
################# ################# ################# ### The E-Discovery Service : Search Service Decrypts content from the Content Server, then
Content Server E-Discovery Service Key Mgmt Service compresses and re-encrypts Jo################# Smith’s Content it before sending it to the E- Jo#################Jo Smith’sSmith’s## Messages Content Discovery Storage Service #################and## Files Jo Smith’s Content ##### The E-Discovery Storage E-Discovery Service : Content Ready Sends the compressed and Jo Smith’s Messages and Files encrypted content to the Administrator on request Webex Control Hub TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 214 • Introduction – Webex Cloud Security Agenda • Realms of Separation • Identity Obfuscation • Synchronizing User IDs with the Webex Cloud & Single Sign On Support • Secure App and Device Connections
• Cloud based Data Security and Data Services • Secure Messages and Content • Secure Search and Indexing • E-Discovery Services
• Customer controlled Security • On Premise – Hybrid Data Security • Key Management Server Federation • Deployment Considerations
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 215 Customer Controlled Security : Hybrid Data Security
Part of Pro Pack for Cisco Webex Control Hub Webex– Hybrid Data Security (HDS)
Content Server Hybrid Data Services = On Premise : Key Management Server Indexing Server E-Discovery Service Key Mgmt Service Indexing Service E-Discovery Service
Secure Data Center Hybrid Data Security
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 217 Hybrid Data Security traffic and Firewalls Hybrid Data Services
Content Server make outbound connections only from the Enterprise to the Webex cloud, using HTTPS and Secure WebSockets (WSS)
Key Mgmt Service Indexing Service E-Discovery Service No special Firewall configuration required
Secure Data Center Hybrid Data Security Firewall
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 218 Hybrid Data Security - Scalability Hybrid Data Security
Content Server KeyKey MgmtMgmtServiceServer Multiple HDS servers can be provisioned for Scalability & Load Sharing
The Hybrid Data Security is
Secure Data Center managed and upgraded from Hybrid Data Security the cloud
Hybrid Data Security Customer’s can access usage information for the HDS Servers via the Spark Control
TECCOL-2982 © 2019 Cisco and/or its affiliates.Hub All rights reserved. Cisco Public Messaging– HDS: Key Management
Key Management Service
Content Server Key Mgmt Server The Hybrid Key Management Server performs the same functions as the Cloud based Key Management Server
Secure Data Center BUT Now all of the keys for
Key Mgmt Service messages and content are owned and managed by the Customer
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 220 HDS - Encrypting Messages & Content
Key Management Service
Team Apps request an encryption Content Server Key Mgmt Service key from the HDS Key Management Server Any messages or files sent by an App are encrypted before being Secure Data Center sent to the Spark Cloud messagemessage messagemessage Encrypted messages and content Key Mgmt Service stored in the cloud Encryption Keys stored locally
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 221 HDS - Decrypting Messages & Content
Key Management Service
Content Server Key Mgmt Service Encrypted messages from Apps are stored in the Webex Cloud These messages are sent to every other App in the Team Room and
Secure Data Center contain a link to their encryption key on the HDS Key Management Server message message
Key Mgmt Service If needed, Team Apps can retrieve encryption keys from the HDS Key Management Server
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 222 Hybrid Data Security – Secure App Connections Teams Apps establish a direct TLS connection to Webex Service the On Premise HDS node
Search Service and KMS service
This encrypted peer to peer Content Server session traverses the Webex Cloud
Secure Data Center
Hybrid Data Security Node
App to Cloud TLS connection App to HDS TLS connection
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 223 Hybrid Data Security: Search Indexing Service Indexing Service
Search Service
The Indexing Service : Enables Content Server users to search for names and ################# ################### words in the encrypted ## messages stored in the Content Server without decrypting content
Secure Data Center
HashB95748FE Algorithm
################# Indexing Service Key Mgmt Service Spark IS the message ## ## messag SparkSparkB9 IS IS57 the the FE message 48 e
* A new hashing key (Search Key) is used for each room TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 224 Hybrid Data Security: Querying a Search Inde Search for the word “Cisco” Indexing Service
Search Service
Content Server The Indexing Service sends ################# a hashed index of the App’s ## B9 57 FE 48 search request to the Search Service
Secure Data Center
Search for the word “Cisco” HashB9 Algorithm
Indexing Service Key Mgmt Service ################# Spark IS“Spark” the Message ## “Spark”Spark“B9”B9
*A link to Conversation Encryption Key is sent with the encrypted message TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 225 Messaging E-Discovery Service : (1) Indexing Service
Search Service The Indexing Service sends hashed search criteria to the Content Server Search Service ################# ## The Content Server returns Jo Smith’s Content matching content to the E- Discovery Service
Secure Data Center Compliance Officer selects a group of messages and X1GFT5YYHash Spark Control Hub files to be retrieved for E- Algorithm Discovery e.g. : based on date range/ content type/ username(s) E-Discovery Service Indexing Service Key Mgmt Service ################# Jo“X1GFT5YY” Smith’sX1GFT5YY Content Jo Smith’s## Content TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 226 Messaging E-Discovery Service : (2)
E-Discovery Service : Decrypts content from the Content Server, then compresses Search Service and re-encrypts it before sending it to the E-Discovery Storage Service Content Server E-Discov. Storage ################ E-Discovery Storage Service : ################ ################ Sends the compressed and ###### encrypted content to the Administrator on request
Secure Data Center
Spark Control Hub E-Discovery Service Key Mgmt Service E-Discovery ################Jo Smith’s Content Ready Jo Smith’s ################Jo Smith’s### ################JoContent Smith’s Messages and ################MessagesJo Smith’s### and Files ################Content Files Content#########
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 227 Customer Controlled Security : Key Management Server Federation HDS: Encryption Keys & Users in other Orgs Team Spaces with How do external users from multiple users retrieve Organizations can encryption keys from share encrypted the KMS of the
messages and Content Server Key Mgmt Service Organization that content owns the Spark Space ?
messagemessage message message?
Key Mgmt Service Key Mgmt Service
Organization A Organization B TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 229 HDS: Key Management Server Federation Hybrid Key Hybrid Key Management Management Servers in different Servers make Organizations can outbound
establish a Mutual Content Server Key Mgmt Service connections only : TLS connection via HTTPS, Web Socket the Spark Cloud Secure (WSS)
message message
Key Mgmt Service Key Mgmt Service
Organization A Organization B TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 230 HDS: Key Management Server Federation With a secure Mutually connection between Authenticated KMSs Key Management can request Room Servers… Encryption Keys from
Content Server Key Mgmt Service one another on behalf of their Users
message message
Key Mgmt Service Key Mgmt Service
Organization A Organization B TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 231 Calling WebEx Calling / BroadCloud
Meetings Teams Calling
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 233 Webex Calling Phase 2 User Client Experience
UC&C App Cisco Webex Meetings Only App (integrated calling, messaging & meetings) Calling App
Meetings Teams Calling
Meeting Knowledge Task Centric Worker Centric Workload Workload Workload
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 234 Cisco Webex Calling App
Webex Calling
• Bundled with Webex Teams • Sold with Webex Meetings • Enterprise Channels resells one of the PSTN options
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 235 Webex Calling Phase 2 (w/ Broadcloud) PSTN Options
Local Gateway to PSTN - Launch MVO – March ● Enterprise or VAR managed edge device for signaling and PBX functionality with PSTN calls routing through local gateway or UCM cluster via local SIP Trunk or PRI ● Partner facilitated deployment and configuration
Bring Your Own SIP Trunk - Roadmap ● Partner helps customer procure and provision PSTN, via certified SIP trunk provider interconnected directly to BroadCloud core. ● Enterprise level interconnect to Broadcloud core
Preferred Media Partner - Roadmap ● Single Network interconnect supporting all partners and customers ● Control Hub facilitated fulfillment process
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 236 Webex Calling w/ Local Gateway – Q1 CY2019 ✓ Allows Centralized or Decentralized PSTN
✓ PSTN calls from/to users @ Branch A route via SIP Trunk connected to HQ Local GW Branch A ✓ PSTN calls from/to users @ Branch B route via SIP Trunk connected to Local Internet GW.
✓ Calls between users hosted in the cloud are processed/routed in BroadCloud HQ CUCM ✓ Calls from hosted cloud users that are PSTN Network 'unknown' will route via LGW/PBX trunk @ HQ – Dial Plan’s are static and not like CUCM, interdigit timeout.
✓ Calls from HQ PBX users to cloud users Local GW Local GW are routed via LGW/PBX trunk @ HQ Branch B
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 237 Webex Calling Phase 2 Considerations
• Phone Behavior WILL be different
• Dial Plan Considerations • No configurable option for PSTN steering code • 2-6 Digit Internal dialing plan with DID’s • No configurable inter-digit timeout – Must use send code #, but will send Unknown to Local GW. • BroadCloud Calling / WebEx Calling end-user calling a room system URI is two different systems today. • MPP Phone URI dialing is peer to peer internal only • Lack of Unified Directory (Hybrid)
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 238 Management Convergence
Webex Control Hub Webex Calling Administration
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 239 Collaboration Licensing Flex Plan Licensing Available Cisco Collaboration Flex Plan Now
Subscription Cloud and Premises Simpler Selling
Easy OpEx purchasing Simplifying transitions: Separates buying Industry-leading from deploying Premises to Cloud
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 242 Collaboration Flex Plan Customer Journey
Enterprise Agreement Named User Active User for Cisco Collaboration (Flex Plan) (Flex Plan) Flex Plan
Individuals, team, MODIFY midterm MODIFY midterm department with Active User with EA Knowledge worker adoption 10%+ 40%+
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 243 Plan Overviews
• Named User. • Available for Meetings and Calling Plans • The “Named User” only has rights to use the software.
• Active User. • Available for Meetings only • License 15% of Knowledge Workers • Allows everyone access while only charging for “Power Users”
• Enterprise Agreement. • Available for Meetings and Calling Plans • License Knowledge Workers, Minimum 250 users • ”All In” Offer
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 244 Collaboration Flex Plan Quoting and ordering experience that enables mixing of buying models
Meetings Calling
Enterprise Enterprise Active User Named User Agreement Agreement Choose Choose between between
Customers can mix and match for maximum flexibility
1. Mix Enterprise Agreement Meetings with Named User Calling
2. Mix Active User Meetings with Named User Calling
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 245 Customer Care Before any Planning and Design is Made…..
• Who are the Business, Customer Service, and Technical Stakeholders?
• What are the Business and Operational Milestone Dates for System Acceptance and Full Production ?
• What Business Problem(s) are We Solving?
• What Current Customer Service Functionality Exists?
• Does Unified Contact Center Express Meet the Required Functional and Technical Requirements?
• Does the Customer Have all the Required Infrastructure and Unified
• Communications Applications?
• What is the Exit Criteria for the Completion of the Deployment?
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 247 CCX Limits – Inbound Only,HA Standalone Server Two-Server Cluster
OVA profile 3 2 1 3 2 1 BHCC 6000 5000 2000 6000 5000 2000 Agents 400 300 100 400 300 100 Supervisors 42 32 10 42 32 10 Agent E-Mail concurrent agents 120 120 30 120 120 30
Web Chat concurrent sessions 120 120 60 120 120 60 Web Chat volume 2400 2400 1200 2400 2400 1200 per hour Number of skills with which an agent can associate 50 50 50 50 50 50
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 248 UCCX Call Flow (1)
6 2 1 PSTN
6 4 3 Router/GW 2 3 5 5 4 5 Agent Stations 1. Inbound PSTN Call to Voice Gateway 2. VoIP leg to CUCM UCCX 3. CUCM routes call to UCCX CallManager 4. UCCX trigger Redirects call to CTI Port Cluster Supervisor Stations 5. UCCX CTI port answers call, instantiates script associated with the application and executes Agent ICD Extension 19001 6. UCCX identifies an available resource and the CTI Route Point 10000 CTI port Consult Transfers the call to the agent CTI Ports 10001-10010 phone. TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 249 Design Components
In planning and Design for Contact Center Express Systems, Three Key Design Components Are Considered: • Ingress Gateways / PSTN Trunks How the calls get into the CC Express system • UC Manager CTI Ports / CCX IVR and Queue Ports Virtual devices used by UC Manager and CC Express to handle calls coming into the system • Contact CenterAgents The people who answer the calls and handle the contacts
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 250 Ingress Gateway – PSTN Trunk
PSTN
Router/GW
5 Agent Stations
UCCX • Provide access to the PSTN CallManager Cluster Supervisor • TDM Implementation, T1/E1, PRI Stations • Number of trunks affects gateway hardware, performance • For Outbound check for CPA-supported routers
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 251 CTI Ports – IVR treatment
PSTN
Router/GW 5 • Unified Communications Manager device object Agent Stations • One CTI Port required for each call during script processing (terminates media) UCCX • IVR Port License, one required for each call CallManager Cluster during script processing Supervisor Stations • Each multi-line (up to 3 non-ACD) is one CTI Port
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 252 To Calculate CTI Port and IVR Port Licenses Required - Sum: Maximum number of calls using Call Treatment (CT) during prompt and collect phase of call Maximum number of calls in queue loop CTI port is released when: 1. Call is dropped from the CTI ports 2. Call is transferred to agent
Scenario 1 – If all Triggers point to Scenario 2 - If each Trigger points the same Call Control Group to a separate Call Control Group
Is there a • Starvation on some Triggers may • CTI Ports may go unused due to occur. different traffic patterns across correct • Example: If IT Help Desk and Triggers. way? Sales Triggers both point to the • Single Triggers can experience same CCG and there is an CTI Port starvation. outage in the IT infrastructure.
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 253 CTI Ports – Where Call treatment Occurs
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 254 What to Calculate?
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 255 Multi-site Centralized Call Processing
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 256 Agents
PSTN
Router/GW
5 Agent Stations
UCCX Agents required to handle calls CallManager Cluster Supervisor Stations Hold Time Talk Time Time in queue Wrap-up time
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 257 Design Component Usage for UCCX
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 258 Baseline Contact Center Metrics Measure
• Average Handle Time AHT • Talk time + wrap-up
IVR port • Prompts/menu treatment in script usage time
• Busy Hour Call Attempts BHCA • Average number of calls received in a busy hour.
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 259 Baseline Contact Center Metrics Risk appetite
Service • Goal for agents • Percentage of calls answered by agents Level within a specific number of seconds
• Percentage of calls that get a busy tone Grade of (no gateway trunks available) out of the service total BHCA
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 260 Erlang Calculations Agner Krarup Erlang
“The erlang (symbol E) is a dimensionless unit that is used in telephony as a measure of offered load or carried load on service-providing elements such as telephone circuits or telephone switching equipment. A single cord circuit has the capacity to be used for 60 minutes in one hour. Full utilization of that capacity, 60 minutes of traffic, constitutes 1 erlang.”
ErlangB: is a formula for the blocking probability that describes the probability of call losses for a group of identical parallel resources. -- Used to calculate number of trunks/lines/ports
ErlangC: originally used to calculate number of switchboard operators required. -- Used to calculate number of agents
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 261 Inbound Resources - Occupancy
IVR Call is Agent Agent Agent Answers Queued Answers Hangs-up Ready
Treatment Queue Agent TalkTime Wrap-upTime Time Trunk Is Occupied Time IVR Is Occupied Time Agent Is Occupied
Erlang B Erlang C
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 262 Inbound Trunks – How to Calculate
BHCA
Blockage %
AHT
Trunks
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 263 Inbound Trunks/Lines – BHCA, AHT available
Step1: Busy Hour Traffic (BHT) BHT = Average call duration (s) * BHCA/ 3600 BHCA 3253 BHT= 3253 *200 / 3600 BHT = 180.722 ~ 180 Blockage 1% % Step2: Use ErlangB calculator Many options. Used here: http://www.erlang.com/calculator/erlb/ AHT 200s
Trunks
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 264 Determine Average Handle Time Bank ABC uses ACD with legacy VRU, customer indicated that they want to replace their current VRU with Cisco UCCX. The bank has the following call flows
30%
40%
30% 300
What is the estimated average handle time that should be used to size the UCCX?
* 318 seconds * 420 seconds * 156 seconds * 232 seconds
Weighted Avg HT = = 30%*90 + 40% * 300 + 30% * 30 = 156 sec
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 265 Agents – How to Calculate
BHCA
SLG
AHT
Agents
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 266 Agents – How to Calculate
Input BHCA
SLG
Output AHT
Agents
http://www.erlang.com/calculator/erlc/
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 267 Determine Busy Hour Call Attempts ABC Corporation indicated that their monthly connected minutes is 750,000, they said that they have one shift a day, 8 AM to 5 PM, Monday through Friday. They also indicated that 17% of their traffic occurs between 12-1PM. What is the estimated BHCA? Traffic mix is listed in the diagram below
* ~8,7005 * ~2,220 * ~12,450 * ~22,450
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 268 Determine Busy Hour Call Attempts 1) Calculate AHT (weighted) ABC Corporation indicated that their monthly connected minutes is 750,000, AHT = 40% * 160 + 60% * (30 + 90 + 60) = 172 sec they said that they have one shift a day, 8 AM to 5 PM, Monday through Friday. They also indicated that 17% of their traffic occurs between 12-1PM. What is the estimated BHCA? Traffic mix is listed in the diagram below
2) Number of days in a month ( 4 weeks , 5 days a week )= 20 days 3) Estimated daily minutes = 750,000 / 20 = 37,500 minutes a day 4) Estimated daily calls = 37,500 * 60 / 136 = 13,081 calls
5) Estimated BHCA = 13,081 * 17% = 2223
* ~8,7005 * ~2,220 * ~12,450 * ~22,450 TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 269 Compensating for Lost Information – Hedging Risk
• When sizing call center IVR ports and PSTN trunks, it is better to over provision; cost of extra capacity is much cheaper than lost revenue, bad service or legal risk of not meeting SLA (if under provisioned)
• Consider the seasonal busy hour versus average busy hour; marketing campaigns where calls bunch up
• Consider agent staffing, availability, attendance, adherence to schedule, occupancy, different agent shifts, different time zone, reuse of facilities
• Provision extra IVR and GW ports for growth and unforeseen fluctuations— reserve about 20% extra capacity (reality will be different than modeling)
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 270 What More is Required?
• Now That You Know How Many ‘Ports’ Are Required for Your Call Center…
• Functional Requirements Which Drive ACD/CTI/IVR Selection (Standard/Premium Licensing) Inbound and Outbound Call Flow Caller Expected Input and Output Agent Interaction Requirements Non-Agent Customer Service Requirements
• Physical Systems Design Infrastructure Sizing Software Selection
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 271 Bandwidth sizing HAoWAN Calculations
. Provide site redundancy for disaster recovery . Latency: 80 ms RTT between Unified CCX nodes (same as CUCM CoW) . Bandwidth: 2 x T1 between sites (Not yet finalized, final bandwidth will base upon test result) 1st T1 for CCX intra-cluster communication and external communication with other components (see next slide for detail) 2nd T1 for database replication
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 273 Bandwidth Detail
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 274 Finesse Bandwidth Calculator
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/finesse/bandwidth_calculator/guide/Fines se_Bandwidth_Calculator_for_Unified_Contact_Center_Express.xlsx
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 275 Traffic Profiles and Requirements Provisioning for Data
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 276 Provisioning for Voice
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 277 Web Chat Feature
• 150ms delay Web Chat-CCX
• Bandwidth • CCX to Web Chat 100kbps • Web Chat to Agent 100kpbs • Customer Web server and Web Chat 100 kpbs
• Add additional for richer customer context
• Up to 50 concurrent chat sessions
• SSL Impacts
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 278 Designing for over the WAN
Deployment Between Between Model UCCX UCCX and nodes CUCM ACD 1.2 Mbps 800 kbps
IPIVR 1.2 Mbps 200 kbps
• Select UCCX deployment model as HAoWAN • Local CUCM should be primary provider • SSO requirement: UCCX(Ids) should be local to IdP
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 279 Cisco Webex Teams
Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the speaker after the session How 1 Find this session in the Cisco Events Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space cs.co/ciscolivebot#TECCOL-2982
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 280 Complete your online session survey
• Please complete your Online Session Survey after each session
• Complete 4 Session Surveys & the Overall Conference Survey (available from Thursday) to receive your Cisco Live T- shirt
• All surveys can be completed via the Cisco Events Mobile App or the Communication Stations
Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at ciscolive.cisco.com
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 281 Continue Your Education
Related Demos in Walk-in Meet the sessions the Cisco self-paced engineer Showcase labs 1:1 meetings
TECCOL-2982 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 282 Thank you