XMPP Cisco Webex Messenger)

Home , Skype for Business, Spark (XMPP client), XMPP

Cisco Interoperability with Microsoft Part 1 – Collaboration

Tobias Neumann BRKCOL-2610 Cisco Spark

Questions? Use Cisco Spark to chat with the speaker after the session

How 1. Find this session in the Cisco Live Mobile App 2. Click “Join the Discussion” 3. Install Spark or go directly to the space 4. Enter messages/questions in the space

Cisco Spark spaces will be cs.co/ciscolivebot#BRKCOL-2610 available until July 3, 2017.

• Enterprise Voice

• IM & Presence Business to Business Federation

• IM & Presence Partitioned Intradomain Federation

• Migration

• Application Interoperability

• What about Cisco Spark? Architecture Microsoft Lync / Skype for Business Microsoft Lync / Skype for Business Architecture Overview – on-premise

Communication Modalities

Mediation Director Many moving Edge Archiving Role parts Persistent Chat Reverse Proxy Archiving Front-EndPersistent Chat Monitoring Front-End SQL Server Office Web XMPP Gateway AV Conferecing Apps

DNS Load Balancer Storage Compute Additional 3rd Survivable Branch Appliance Video Devices party components Phones Gateways Transcoders Hardware Load Balancer

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Microsoft Lync / Skype for Business Interoperability and specifics Lync 2010 / Lync 2013 / Skype for Business . Audio: RCC no longer supported with Skype for Business, replaced by • Mediation Server (Enterprise Voice) Call via Work – significantly different features and capabilities • Remote Call Control (RCC) . Instant Messaging and Presence: • SIP/SIMPLE Federation • XMPP Federation For Microsoft Lync 2010 and Office Communication Server 2007 via a separate OCS 2007 R2 XMPP Gateway For Microsoft Lync 2013 via the XMPP Proxy (Edge), XMPP Gateway (Front-End) (only tested and supported by Microsoft for federation with Google Talk https://technet.microsoft.com/en-us/library/jj205134(v=ocs.15).aspx)

Microsoft Skype for Business RCC Reference: https://technet.microsoft.com/en-us/library/gg558658.aspx

Video interoperability with Lync 2010 / Lync 2013 • Microsoft Lync supports point to point and multipoint video capabilities • A complex set of integrations are available to interoperate Microsoft’s vendor specific video implementation with a h.264 AVC standards based video environment • Please see BRKCOL-2611 – Cisco Interoperability with Microsoft Part 2 (Video Interoperability) for details

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Microsoft Skype for Business Video interoperability with Skype for Business – Video Interop Server (VIS) Role • Basic dial in capabilities for standard h.264 AVC video systems to join A/V MCU • Basic call capabilities from Video Room System to Skype for Business client • Long List of Caveats . No support for calls from Skype for Business to Video Room System . No support for Desktop-Sharing . No support for Continuous Presence or Gallery View . No calls and/or presence from Skype/S4B to the TP-System . No external calls to the TP-System via VIS . No Drag and Drop of TP-Systems into Skype-Meetings . Very limited scalability – approx. 16 concurrent calls per Video Interop Server . On-Premise role only !!!

Please see BRKCOL-2611 – Cisco Interoperability with Microsoft Part 2 (Video Interoperability) for further details

Microsoft Skype for Business VIS Reference Known Limitations, Sizing: https://technet.microsoft.com/en-us/library/ms.lync.plan.videointerop.aspx

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 Microsoft Skype for Business Online – Office 365 Architecture Overview - SaaS • Communication capabilities of Skype for Business as a cloud-based service • Presence, instant messaging, audio and video calling, rich online meetings web conferencing capabilities • PSTN connectivity Where available, hybrid • Closed community no standards based interoperability (i.e. IM & Presence or Video)

NOT SUPPORTED today and there are NO plan to test/support this scenario!

Interoperability only supported with OCS, Lync or Skype for Business on premise Internet systems SIP No standards based federation interface supported by Microsoft

Microsoft Office 365 Skype for Business Online Federation and Public IM Connectivity: https://technet.microsoft.com/en-us/library/skype-for-business-online-federation-and-public-im-conectivity.aspx

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 Enterprise Voice - Plus CAL Enterprise Voice Call Routing Call Routing depends on the dialing habit of user AND license User has multiple option to initiate call Depending on dialing habit Called party License purchased

Different result When dialing either SIP URI or phone number of Lync user (reverse number lookup), Lync to Lync call is initiated Number is called, only available when Plus CAL has been purchased, called party is NOT Lync user, call routed via mediation server Video call initiated, when called SIP URI is another Lync user – Lync to Lync call, if domain of SIP URI is not on Lync call routed via SIP routing logic (SIP static route, TrustedApplicationPool)

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Enterprise Voice Call Routing SIP Trunk / Direct SIP Options 1/2 OCS 2007 / Lync 2010 & 2013 / Skype for Business (no media bypass) Lync Client Lync Front End Lync Med. Server Cisco UCM

RTaudio G.711 OCS 2007 / Lync 2010 & 2013 / Skype for Business (no media bypass), none G.711 on IP-PBX Lync Client Lync Front End Lync Med. Server Cisco UCM IOS Transcoder

RTaudio G.711 G.729/iLBC Flows show the SIP signaling and media paths in a SIP-trunk interoperability scenario Lync Mediation Server only supports G.711, requires additional transcoding resources if any other codec is used by devices connected through SIP-trunk Scenarios shown do not require the usage of a Media Termination Point (MTP)

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Enterprise Voice Call Routing SIP Trunk / Direct SIP Options 2/2 Lync 2010, Lync 2013, Skype for Business (with media bypass)

Lync Client Lync Front End Lync Med. Server Cisco UCM

G.711 G.711 With the introduction of Media Bypass in Lync 2010 the Lync client can initiate direct G.711 media streams. Media paths is not hair pinned through the Lync Mediation Server, no transcoding. Signaling still has to flow via the Mediation Server.

Review Microsoft guidance regarding Media Bypass http://technet.microsoft.com/en-us/library/gg412740.aspx Straight forward in a centralized (single site) topology without WAN links. More complicated in a distributed topology with one or more branch - check the following: Media Bypass shall only be utilized between WAN sites without bandwidth constrains Media Bypass and Call Admission Control (CAC) are mutually exclusive Media Bypass mandatorily requires all media to be represented by a single IP address – the reason why in the above example a Media Termination Point (MTP) has to be inserted.

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Enterprise Voice Call Routing Lync Media Bypass Design Considerations Dynamic decision to bypass mediation server based on comparing “bypass IDs” of Lync client and gateway’s media processor IP Media Bypass can be activated globally in two ways: Always Bypass: All subnets mapped to one and only one bypass ID Not compatible with MSFT CAC Use Site and region information: Supports interaction with CAC Single unique bypass ID per region WAN connected site w/o BW constraint inherits region’s bypass ID WAN connected site w/ BW constraint gets unique bypass ID Subnets associated w/ site inherit site’s bypass ID

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 Enterprise Voice Call Routing Lync Media Bypass and CAC Media bypass and CAC both based on same site and region information For media bypass and CAC to “work” media bypass has to to be set to “Use Site and Region Information”

Media Bypass CAC Result

Use Site and Region Information On/Off Bypass decision based on bypass ID. CAC only for calls that are not bypassed b/c media bypass assumes “LAN like” connection to peer. CAC only applied if CAC is enabled AND bypass IDs do not match Always Bypass On Invalid

Always Bypass Off All calls bypass (single bypass ID), no CAC applied

Off On Mediation server always employed; CAC applied

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Enterprise Voice Call Routing Cisco UCM SIP trunk characteristics for Direct SIP Lync requires Early Offer inbound/outbound Although UCM now can do early offer w/o relying on an MTP SIP profile setting: Media resource still has to be allocated (single media address in Lync GW definition) Trunk setting: “MTP required” For every trunk a dedicated MRGL/MRG and single media resource required On UCM SIP trunk configure IP addresses of possible mediation server peer addresses Multiple inbound SIP trunk with the same peer IP required different local signaling ports Inbound trunk selection on UCM based on remote peer and local signaling port Local signaling port defined in SIP trunk security profile

Site 1

Site 2 Site Central Site 1 Site

Central

Mediation Lync Front-End Site 2 server pool server pool To keep media local to a site each site requires a local media resource Alternate media IP definition in Lync trunk configured matches IP address of single media resource in MRGL/MRG of the trunk on Cisco UCM side Multiple sites require multiple trunks … and multiple MRGs, MRGLs and media resources … and multiple SIP security profiles, because unique identification of each trunk on Cisco UCM based on the signaling port (UCM side trunk identification based on peer IP address and local signaling port)

Site 1 Site2b

Site 2a Site Central

Site 1b Site Site 1a Site

Site 2

Lync Front-End Mediation server pool server pool Two sites with Lync to Unified CM SIP trunk redundancy already require: 4 trunks, 4 MTPs/TRPs 4 MRGS, 4 MRGLs 2 SIP trunk security profiles

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Enterprise Voice Call Routing Lync Media Bypass implications on redundancy Fixed media IP configuration for GW on Lync forces 1:1 relation between inbound SIP trunk on Unified CM and MTP Can not use MRG and MRGL for intelligent MTP selection (scalability, redundancy) Availability of SIP trunk depends on SIP signaling peer and MTP availability … which can not be monitored via SIP OPTIONS ping Only indication of failing MTP allocation for inbound EO call from Lync: If UCM fails to allocate a MTP call can be signaled failed and left to Lync to reroute using different SIP trunk Outbound calls from Unified CM need to be EO and have to be via MTP (MTP required – Media Bypass)

Site 1

Site 2 Site Central Site 1 Site

WAN Site 2

Lync Front-End Mediation server pool server pool Unified selects trunk to Lync based on called destination (+E.164 prefix) MTP (assumed) local to Lync client selected Alternate media IP definition in Lync trunk configured in same site as Lync client -> bypass activated Local media

Site 1

Site 2 Site Site 1 Site

Site 2

Lync Front-End Mediation server pool server pool Unified selects trunk to Lync based on called destination (+E.164 prefix), but Lync client moved to other site MTP (assumed) local to Lync client selected Alternate media IP definition in Lync trunk configured not in same site as Lync client -> no media bypass Mediation server in media path Media hairpins through central site BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 Enterprise Voice Call Routing Multiple Site example

Site 1

Site 2 Site Site 1 Site

Site 2

Lync Front-End Mediation server pool server pool False assumption about Lync client location could lead to even worse media path: Unified CM selects trunk with MTP local to (assumed) location of Lync client: Site 2 Lync rejects media bypass, because MTP not local to IP address of Lync client Mediation server in media path, Media hairpins through remote and central site

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 26 Enterprise Voice Call Routing Media hairpinning: Root Cause Analysis MSFT Lync trunk architectural limitations MTP required to enable media bypass MTP needs to be “local” to Lync client Only call control authoritative for endpoint is aware of client location Source call control aware of source client location Destination call control aware of destination client location Problem: what if destination client (Lync) locations determines required MTP location, but source call control (Unified CM) is not aware of the location? Fundamental limitation of Lync that can not be solved by Unified CM … or any other call control … unless “Always bypass” is configured which prohibits MSFT CAC (and still requires MTPs)

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 Instant Messaging and Presence Federation - Interdomain Instant Messaging and Presence Business to Business – Interdomain Federation (SIP SIMPLE)

Lync Lync Lync Cisco ASA Cisco UCM Cisco Jabber Client Front End Edge TLS Proxy IM&Presence

Internet

SIP SIP SIP SIP XMPP [email protected] [email protected] Messaging & Presence Domain atlanta.com Domain biloxi.com

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/im_presence/interdomain_federation/11_0_1/CUP0_BK_IA5F4 4AB_00_interdomain-federation-110.html

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 Breaking News! Instant Messaging and Presence Expressway X8.9 Business to Business – Interdomain Federation (SIP SIMPLE)

Lync Lync Lync Expressway-E Expressway-C Cisco UCM Cisco Jabber Client Front End Edge IM&Presence

Internet

SIP SIP SIP SIP XMPP [email protected] [email protected] Messaging & Presence Domain atlanta.com Domain biloxi.com Recommended deployment

http://www.cisco.com/c/en/us/support/unified-communications/expressway-series/tsd-products-support-series-home.html

Support for IM&P Federations requires Cisco UCM IM&P 11.5.1SU2 please check release notes http://www.cisco.com/c/en/us/support/unified-communications/expressway/model.html#ReleaseNotes

Lync Lync 2013(*) Lync Cisco Cisco UCM Cisco Jabber Client Front End Edge Expressway IM&Presence XMPP GWY Internet

SIP XMPP XMPP XMPP XMPP [email protected] [email protected] Messaging & Presence Domain atlanta.com Domain biloxi.com Not recommended for Cisco UCM IM & Presence on premise deployments Standard XMPP federation, works with IBM Sametime and other XMPP server Issues observed with Lync 2013… (*) Lync 2010 and OCS 2007/2007 R2 use standalone OCS 2007 XMPP Gateway, no longer maintained Microsoft tested and supported only for Google Talk https://technet.microsoft.com/en-us/library/jj205134(v=ocs.15).aspx

Lync Lync 2013(*) Lync Cisco Webex Messenger Cisco Jabber Client Front End Edge Cloud Service XMPP GWY Internet XMPP [email protected] SIP XMPP XMPP [email protected] Messaging & Presence Domain atlanta.com Domain biloxi.com Cisco Webex Messenger cloud service only supports XMPP Federation Standard XMPP federation, works with IBM Sametime and other XMPP server Issues observed, see next slide for additional reference… (*) Lync 2010 and OCS 2007/2007 R2 use standalone OCS 2007 XMPP Gateway, no longer maintained Microsoft tested and supported only for Google Talk https://technet.microsoft.com/en-us/library/jj205134(v=ocs.15).aspx

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 32 Instant Messaging and Presence Business to Business – Interdomain Federation (XMPP Cisco Webex Messenger) Caveats • Connection lost under load Connection are lost when Lync XMPP Gateway is under load. The gateway will close the connection, log that there was an error talking to the far side but give no explanation as to why. Under modicum of load (around 90 messages/second), connections can be lost as far as every 2.3 minutes. Increasing the load to around 250 messages/second connections can be dropped every 10 seconds. This leads to delays in delivery and outright packet loss. • No id-on-xmppAddr support (RFC3920) The Lync XMPP Gateway does not look for id-on-xmppAddr in the certificate. Information will be ignored. • No presence update after a subscription Intermittent: Directly after the Lync contact accepts the Webex Messenger user subscription, an unavailable is sent from the Lync contact, no available presence is sent until the Lync contact resigns in. • Messages routed to wrong client Lync XMPP Gateway does not follow the XMPP rules for addressing of messages which can lead to messages unexpected delivered to the wrong client in a multiple client per user situation. • Webex Messenger user showing as offline when online Lync XMPP Gateway does not correctly track presence with multiple clients logged in for a single user. If a user has two clients connected and the Lync user sess him as online, then logs out one of the clients the Lync user will see Webex Messenger user as offline. • No Group Chat support Lync XMPP Gateway does not understand MUC or Group Chat protocol. Lync users can not join or be invited to a group chat session.

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 Instant Messaging and Presence Federation - Intradomain Instant Messaging and Presence Within in a Business (Partitioned Intra Domain Federation)

Lync Lync 2013 Cisco UCM Cisco Jabber Same domain for both Client Front End IM&Presence systems

SIP SIP XMPP [email protected] [email protected] [email protected] [email protected] Domain atlanta.com

• Partitioned Intra Domain solution for migration and long term coexistence • Only available with Cisco UCM IM & Presence for on premise deployments • Uses standard SIP routing mechanism • Cisco UCM 10.x supports multiple distinct presence domains • Cisco Expressway X8.8 supports full integration of IM & Presence with Audio/Video calling

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 Instant Messaging and Presence Partitioned Intra Domain Federation – Deep Dive … (1/13) Same domains for both systems Lync Lync 2013 Active Directory Cisco UCM Cisco Jabber Client Front End IM&Presence Domain(s) atlanta.com atlanta.de atlanta.au

SIP SIP XMPP [email protected] [email protected] [email protected] [email protected] • Full Contact Search available to each end-user regardless of whether they exist on Cisco or Microsoft • The end-user is not aware what back end the buddy resides on • Temporary Presence subscription’s not supported in both directions (during search the user’s presence is “not available”) unless user is added to the buddy list • Once added to the buddy list, users can exchange presence and instant messaging • Recommended to utilize “msRTCSIP-primaryuseraddress” attribute as SIP/IM address • LDS supported for complex AD scenario BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 Instant Messaging and Presence Partitioned Intra Domain Federation – Deep Dive … (2/13) New functionality in Cisco UCM 10.x – why do I care? • Use email address as your SIP aka multimodal communication address for messaging, presence audio and video calling • Most Lync server deployments map email address as attribute for SIP communication • Require more than one presence/SIP domain to match email domains (atlanta.com, atlanta.de, atlanta.au)

• Pre 10.x default URI format sAMAccountName@ • Pre 10.x only single presence domain supported on cluster

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 Instant Messaging and Presence Partitioned Intra Domain Federation – Deep Dive … (3/13) New functionality in Cisco UCM 10.x – why do I care? • msRTCSIP-primaryuseraddress or mail directory attribute supported as JabberID • Multiple domains supported on single UCM IM&P system Single or multi server environment • Post 10.x advanced configuration allows for selecting either msRTCSIP-primary useraddress or mail as URI • Multiple domains supported including for partitioned intra domain federation • Security Certificates enhanced to reflect multi domain operations • Cisco Jabber version 10.6 or higher of clients required

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 Instant Messaging and Presence Partitioned Intra Domain Federation – Deep Dive … (4/13) Advanced Presence Configuration - Cisco UCM IM & Presence 10.x+ • Configure directory URI mapping in Cisco UCM Active Directory LDAP Sync Statement msRTCSIP-primaryuseraddress recommended for Partitioned Intra Domain Federation

• Configure Cisco UCM IM & Presence Advanced Presence Settings IM Address Schema – Directory URI Systems will automatically import all domains configured in Active Directory

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Instant Messaging and Presence Partitioned Intra Domain Federation – Deep Dive … (5/13) Required Configuration Steps … • Configure certificates on Lync and Cisco UCM Highly recommended to use CA based certificates on both systems (Enterprise CA) • Configure security parameters on Cisco UCM IM&P (ACL, TLS peer, TLS context) • Configure SIP static route(s) on Cisco UCM IM&P • Configure security parameters on Microsoft Lync (Trusted Application, Computer, etc.) • Configure SIP static route(s) on Microsoft Lync

This sounds awfully complicated …

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 Instant Messaging and Presence Partitioned Intra Domain Federation – Deep Dive … (6/13) Introducing Intradomain Federation Setup Wizard - Cisco IM & Presence 11.5 • One stop shop to configure Intradomain federation • Provides detailed Lync powershell commands for configuration required on Lync

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 Instant Messaging and Presence Partitioned Intra Domain Federation – Deep Dive … (7/13) Intradomain Federation Setup Wizard - Cisco IM & Presence 11.5

Example uses a Lync 2013 Standard Server without Load Balancer Wizard does support Lync 2013 Enterprise Pools. Additional parameters must be configured depending on the configured topology.

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 42 Instant Messaging and Presence Partitioned Intra Domain Federation – Deep Dive … (8/13) Intradomain Federation Setup Wizard - Cisco IM & Presence 11.5 Wizard allows to specify additional servers (example single Lync 2013 Standard Server). In case topology uses Lync SBA/SBS these need to be added here.

Wizard will list all domains configured on Cisco UCM for use with Intradomain federation. Static routes will be created based this configuration screen.

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 43 Instant Messaging and Presence Partitioned Intra Domain Federation – Deep Dive … (9/13) Intradomain Federation Setup Wizard - Cisco IM & Presence 11.5 Wizard review configuration screen

Required steps for Certificate Management

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 44 Instant Messaging and Presence Partitioned Intra Domain Federation – Deep Dive … (10/13) Intradomain Federation Setup Wizard - Cisco IM & Presence 11.5

Wizard provided Lync Server PowerShell configuration commands to enable Intradomain Federation

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 45 Instant Messaging and Presence Partitioned Intra Domain Federation – Deep Dive … (11/13) Intradomain Federation Setup Wizard - Cisco IM & Presence 11.5 Cisco IM & Presence Service Restart After the wizard is complete certain Cisco IM & Presence services require a restart

A word on Certificates.. Cisco UCM 11.5 introduces support for strong cryptography (Elliptic Curve Diffie-Hellman) Lync 2013 does NOT support EC cipher cryptography!

To accommodate this new capabilities Cisco UCM 11.5 supports distinct certificates for RSA and EC cryptography. The primary RSA certificate is using a default common name (cn) equal to the DNS full qualified domain name (FQDN). The EC certificate is using a cn of fqdn with a suffix of -EC, including the DNS FQDN as subject alternate name (SAN). Even with Lync not supporting EC cipher TLS negotiation with Lync doesn’t work as Lync will not accept communication because the DNS FQDN and the certificate common name do not match. Per RFC/TLS standard this should not be the case as the SAN contains the FQDN. Never the less to overcome this issue the san including the –EC suffix needs to be added to the Cisco UCM IM & Presence CUP –C certificate. Please see next slides for an example how to achieve this…

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 46 Instant Messaging and Presence Partitioned Intra Domain Federation – Deep Dive … (12/13) Intradomain Federation Certificates - Cisco IM & Presence 11.5 Add additional Subject Alternate Name to Cisco UCM IM & Presence CUP Service –EC Certificate Example uses a Windows Server 2012 R2 Microsoft Enterprise CA Create new certificate signing request for CUP service

Cisco UCM Platform Administration does provide the capability to add SANs to the CSR directly.

Download the CSR for submission to the CA

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 47 Instant Messaging and Presence Partitioned Intra Domain Federation – Deep Dive … (13/13) Intradomain Federation Certificates - Cisco IM & Presence 11.5 Through the Microsoft CA Web Enrollment site submit the request to the CA By default the CA policy does NOT allow to add attributes such as SANs to the CSR The following commands can be used to change the CA policy

Certutil –setreg policy\Edit Flags +EDITF_ATTRIBUTESUBJECTALTNAME2 Net stop certsrv Net start certsrv

In the additional Attributes dialog enter: san:dns=-EC.&dns=.

Suggested changes to CA policy might be considered to have adverse security implications, verify before

production use. san:dns=cup01-EC.bootcamp.com&dns=cup01.bootcamp.com

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 Instant Messaging and Presence Partitioned Intra Domain Federation – Additional Topics to Consider Lync Address Book – Contact resolution

Lync only imports RTC enabled Lync 2013 Active Directory Cisco UCM Front End user into addressbook For new Cisco Jabber users Lync Enabled Users LDAP never configured on Lync before msRTCSIP…. Sync migration – msRTCSIP- Imported to Addressbook primaryuseraddress must be set User imported with msRTCSIP… attribute imported into Lync Address book LDAP Download addressbook – new Cisco Jabber user searchable for Lync users Cisco Jabber User imported with msRTCSIP… attribute imported into Cisco UCM via LDAP sync

What about Audio/Video at the same time? Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video

Remember this picture?

To split IM & Presence traffic from Audio/Video a additional VCS was required running a CPL script Complicated to configure and resource incentive No longer supported with Expressway above version X7.x

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 52 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Breaking News! Cisco Expressway X8.8 SIP Broker – Call Flow Lync to Cisco Jabber Instant Messaging Lync Lync 2013 Cisco Expressway X8.8 Cisco UCM Cisco UCM Cisco Jabber Client Front End IM&Presence

SIP Broker 1 SIP

MSFT Gateway

2 SIP 3 SIP 4 XMPP

5 SIP 6 SIP

Messaging Session

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 53 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Cisco Expressway X8.8 SIP Broker – Call Flow Jabber to Lync Instant Messaging Lync Lync 2013 Cisco Expressway X8.8 Cisco UCM Cisco UCM Cisco Jabber Client Front End IM&Presence

SIP Broker

MSFT Gateway

1 XMPP 2 SIP 3 SIP

4 Message Session

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Cisco Expressway X8.8 SIP Broker - Call Flow Lync to Cisco Jabber A/V Call Lync Lync 2013 Cisco Expressway X8.8 Cisco UCM Cisco UCM Cisco Jabber Client Front End IM&Presence

SIP Broker 1 SIP

MSFT Gateway

2 SIP 3 SIP 4 SIP 5 6 SIP SIP 7 SIP

7 Audio/Video Session BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 55 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Cisco Expressway X8.8 SIP Broker - Call Flow Cisco Jabber to Lync A/V Call Lync Lync 2013 Cisco Expressway X8.8 Cisco UCM Cisco UCM Cisco Jabber Client Front End IM&Presence

SIP Broker

MSFT Gateway

1 SIP 2 SIP 3 SIP 4 SIP

5 Audio/Video Session BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 56 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Cisco Expressway X8.8 SIP Broker – Configuration Steps Instructions assume that Cisco UCM IM & Presence Intradomain Federation is already configured Configuration steps for Cisco Expressway X8.8 SIP Broker (1/2) Cisco UCM Configure Secure SIP Trunk Profile Configure Secure SIP Trunk to Expressway Configure SIP Route Pattern for URI Routing Configure UCM Cluster Mixed Mode for End to End Encrypted Calls (SRTP) (not covered in the reference material) Cisco UCM IM & Presence Configure Incoming ACLs for traffic from Expressway Configure TLS Peer Subject for Expressway Configure TLS Context for Expressway Cisco Expressway X8.8 Configure required certificates for SIP signaling over TLS Enable SIP Broker / Trusted Hosts Configure Zones and Search Rules

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 57 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Cisco Expressway X8.8 SIP Broker – Configuration Steps Instructions assume that Cisco UCM IM & Presence Intradomain Federation is already configured Configuration steps for Cisco Expressway X8.8 SIP Broker (2/2) Microsoft Lync Modify SIP static route to send all traffic to Expressway SIP Broker Configure Trusted Application Pool for Expressway

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 58 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Cisco Expressway X8.8 SIP Broker – Configuration Steps Instructions assume that Cisco UCM IM & Presence Intradomain Federation is already configured Configuration steps for Cisco Expressway X8.8 SIP Broker Cisco UCM (1/2) Configure Secure SIP Trunk Profile Configure Secure SIP Trunk to Expressway

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 59 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Cisco Expressway X8.8 SIP Broker – Configuration Steps Instructions assume that Cisco UCM IM & Presence Intradomain Federation is already configured Configuration steps for Cisco Expressway X8.8 SIP Broker Cisco UCM (2/2) Configure SIP Route Pattern

In a multi domain environment this step needs to be repeated for each SIP domain.

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 60 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Cisco Expressway X8.8 SIP Broker – Configuration Steps Instructions assume that Cisco UCM IM & Presence Intradomain Federation is already configured Configuration steps for Cisco Expressway X8.8 SIP Broker Cisco UCM IM & Presence (1/2) Configure Incoming ACL

Add the DNS FQDN and the Expressway IP address to the incoming ACLs

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 61 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Cisco Expressway X8.8 SIP Broker – Configuration Steps Instructions assume that Cisco UCM IM & Presence Intradomain Federation is already configured Configuration steps for Cisco Expressway X8.8 SIP Broker Cisco UCM IM & Presence (2/2) Configure TLS Peer Subject Configure TLS Context

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 62 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Cisco Expressway X8.8 SIP Broker – Configuration Steps Instructions assume that Cisco UCM IM & Presence Intradomain Federation is already configured Configuration steps for Cisco Expressway X8.8 SIP Broker Cisco Expressway (1/3) Configure Neighbor Zone Configure Microsoft Interoperability

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 63 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Cisco Expressway X8.8 SIP Broker – Configuration Steps Instructions assume that Cisco UCM IM & Presence Intradomain Federation is already configured Configuration steps for Cisco Expressway X8.8 SIP Broker Cisco Expressway (2/3) Configure Trusted Hosts Configure Dialplan Search Rules

When using Lync SBA/SBS add as One search rule required per domain and trusted hosts direction (CUCM to Lync and Lync to CUCM)

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 64 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Cisco Expressway X8.8 SIP Broker – Configuration Steps Instructions assume that Cisco UCM IM & Presence Intradomain Federation is already configured Configuration steps for Cisco Expressway X8.8 SIP Broker Cisco Expressway (3/3) Search Rule CUCM to Lync Search Rule Lync to CUCM Replicate both rules for each domain serviced by the system

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 65 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Cisco Expressway X8.8 SIP Broker – Configuration Steps Instructions assume that Cisco UCM IM & Presence Intradomain Federation is already configured Configuration steps for Cisco Expressway X8.8 SIP Broker Microsoft Lync (1/2) Verify existing SIP routing configuration with Lync PowerShell command: Get-CsStaticRoutingConfiguration -Identity global | Select-Object -ExpandProperty Route | Where-Object {$_.MatchUri -eq “”} Output bellow shows the SIP static route(s) that have been configured Example: Transport : TransportChoice=Certificate=Microsoft.Rtc.Management.WritableConfig.Settings.SipProxy.UseDefaultCert;Fqdn=cup01sevt.bootcamp.com;Port=5061 MatchUri : bootcamp.com MatchOnlyPhoneUri : False Enabled : True ReplaceHostInRequestUri : False Element :

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 66 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Cisco Expressway X8.8 SIP Broker – Configuration Steps Instructions assume that Cisco UCM IM & Presence Intradomain Federation is already configured Configuration steps for Cisco Expressway X8.8 SIP Broker Microsoft Lync (2/2) Delete existing SIP route configuration with Lync PowerShell command: x$ = Get-CsStaticRoutingConfiguration -Identity global | Select-Object -ExpandProperty Route | Where-Object {$_.MatchUri -eq “”} Set-CsStaticRoutingConfiguration –Identity global -Route @{Remove=$x} (this has to be repeated for each domain configured on the system) Add a new SIP static route that points the Lync server to send traffic to Expressway SIP Broker $tlsRouteNo1 = new-csstaticroute -TLSRoute -Destination -p 65072 -usedefaultcertificate $true -matchURI Set-CsStaticRoutingConfiguration -Route @{Add=$tlsRouteNo1} (Expressway SIP broker listens for traffic from Lync on non-standard port 65072) Create TrustedApplicationPool for Cisco Expressway New-CsTrustedApplicationPool -Identity -Registrar -Site 1 -TreatAsAuthenticated $true - ThrottleAsServer $true -RequiresReplication $false -OutboundOnly $false Add Cisco Expressway to TrustedApplication New-CsTrustedApplication -ApplicationID interop.bootcamp.com -TrustedApplicationPoolFqdn exp02sevt.bootcamp.com -port 5061

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 67 Instant Messaging and Presence Partitioned Intra Domain Federation – Messaging, Presence and Audio/Video Cisco Expressway X8.8 SIP Broker – Configuration Steps Instructions assume that Cisco UCM IM & Presence Intradomain Federation is already configured Configuration steps for Cisco Expressway X8.8 SIP Broker Verify Configuration – Cisco Expressway Microsoft B2BUA / SIP Broker

Migration… Instant Messaging and Presence Partitioned Intra Domain Federation – Migration...

Remember the Command Line Migration Tools ? ExportContacts.EXE, DisableAccount.EXE, DeleteAccount.EXE More Breaking News! Cisco UCM IM & Presence 11.5 Provides New GUI Based Migration Tool • Replaced 3 tools with one easy to use Windows application • Old tools had to be run on EVERY server in the deployment with multiple command line arguments • New application is run on the Front-End server. Will connect remotely to all of the other servers in the deployment . • Added progress bars/counters for each stage of the migration • Error handling / reporting has been greatly improved • Added support for validating user accounts, before they get migrated: • Validates that accounts exist and are enabled in Active Directory • Validates that accounts exist and are enabled on the LCS/OCS/Lync server

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 71 Instant Messaging and Presence Partitioned Intra Domain Federation – Migration... • Added validation at every step of the process • Does not let the admin continue without validating previous stages • Contextual tool tip help guides the admin through the process

Migration and External Federation Instant Messaging and Presence Partitioned Intra Domain Federation – Adding External B2B Federation

Both Solutions Cisco and Microsoft do support external Business to Business Federation via SIP SIMPLE SIP Federation is based on DNS SRV records. DNS SRV for a particular SIP domain can only be represented by one of the two solution – Highlander: “There can be only one!“

Domain company.com

Lync Edge Expwy-E

ASA TLS proxy Who handles DNS SRV Records federation for DNS SRV Records company.com? _sipfederationtls._tcp. _sipfederationtls._tcp. Internet Standards based A/V external federation for _sip. and _sips as [email protected] well as XMPP federation can still be terminated to Cisco Expressway for B2B federation

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 74 Instant Messaging and Presence Partitioned Intra Domain Federation – Adding External B2B Federation External SIP B2B Federation during Migration Lync Lync 2013 Cisco Expressway X8.8 Cisco UCM Cisco Jabber Client Front End IM&Presence

[email protected]

Alice on Lync initiates or receives communication with Cisco UCM Bob Lync @ external domain

DNS SRV Records _sipfederationtls._tcp.atlanta.com

Internet

[email protected]

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 75 Instant Messaging and Presence Partitioned Intra Domain Federation – Adding External B2B Federation External SIP B2B Federation during Migration Lync Lync 2013 Cisco Expressway X8.8 Cisco UCM Cisco Jabber Client Front End IM&Presence

MSFT Gateway [email protected]

Alice migrated to Jabber initiates communication Cisco UCM Audio/Video call with Bob Lync @ external domain DNS SRV Records _sipfederationtls._tcp.atlanta.com

Internet

[email protected]

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 76 Instant Messaging and Presence Partitioned Intra Domain Federation – Adding External B2B Federation External SIP B2B Federation during Migration Lync Lync 2013 Cisco Expressway X8.8 Cisco UCM Cisco Jabber Client Front End IM&Presence

Outgoing IM bypasses Expressway [email protected]

Alice migrated to Jabber Cisco UCM initiates chat communication with Bob Lync @ external domain DNS SRV Records _sipfederationtls._tcp.atlanta.com

Internet

[email protected]

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 77 Instant Messaging and Presence Partitioned Intra Domain Federation – Adding External B2B Federation External SIP B2B Federation during Migration Lync Lync 2013 Cisco Expressway X8.8 Cisco UCM Cisco Jabber Client Front End IM&Presence

SIP Broker [email protected]

Bob Lync @ external domain Cisco UCM initiates chat communication with Alice migrated to Jabber DNS SRV Records _sipfederationtls._tcp.atlanta.com

Internet

[email protected]

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 78 Instant Messaging and Presence Partitioned Intra Domain Federation – Adding External B2B Federation External SIP B2B Federation during Migration Lync Lync 2013 Cisco Expressway X8.8 Cisco UCM Cisco Jabber Client Front End IM&Presence

SIP Broker [email protected]

MSFT Bob Lync @ external domain Gateway Cisco UCM initiates Audio/Video communication with Alice migrated to Jabber DNS SRV Records _sipfederationtls._tcp.atlanta.com

Internet

[email protected]

External SIP B2B Federation during Migration - Configuration Cisco UCM Configure SIP Route Pattern for External Domain URI Routing Configure Calling Search Space for incoming/outgoing class of service Cisco UCM IM & Presence Configure SIP Federated Domain Add Static Route for Federated Domain via Lync Front End Cisco Expressway X8.8 Add search rules for outgoing federated communication via Lync Front End Microsoft Lync Server External Federation should already be in place screenshots provided for documentation purpose

External SIP B2B Federation during Migration - Configuration Cisco UCM Cisco UCM IM & Presence

External SIP B2B Federation during Migration - Configuration Cisco Expressway Cisco Expressway does allow for wildcard routing – it is recommended to configure explicit routes for externally federated domains

External SIP B2B Federation during Migration - Configuration Microsoft Lync Server

SIP Federation Next Hop FQDN discovered through _sipfederationtls DNS SRV record

Migration and External Federation Instant Messaging and Cisco to Microsoft Federation Presence

IM & Presence Translate Video and IM to IM&P Server RDP<->BFCP XMPP Cisco Meetings

Server B2B IM to IMto IM&P Federated Jabber Alice Media Partner Clients Transcoding (Lync) Bob & Adaption

RDP

SIP/BFCP SIP/BFCP RDP RDP RDP Voice/Video 5061

Communication Expressway C Expressway E Lync Lync Manager Edge Front End

Share Federate Jabber / Skype user with Voice/Video & Desktop Share

SIP Trunk Security Profile

SIP Route Pattern for Federated Domain

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 91 Configure Cisco SIP B2B Federation with Microsoft Expressway C – Search Rule routing A/V inbound Microsoft traffic to CMS

Regex must match all internal domains

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 92 Configure Cisco SIP B2B Federation with Microsoft Expressway C – Search Rule routing A/V inbound traffic from CMS to UCM

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 93 Configure Cisco SIP B2B Federation with Microsoft Expressway C – Search Rule routing outbound A/V traffic from UCM to CMS

Regex must match external federated domain

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 94 Configure Cisco SIP B2B Federation with Microsoft Expressway C – Search Rule routing outbound A/V traffic from CMS to Expressway E

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 95 Configure Cisco SIP B2B Federation with Microsoft Expressway C – Search Rule routing inbound IM/P traffic to UCM IM&P

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 96 Configure Cisco SIP B2B Federation with Microsoft Expressway C – Search Rule routing outbound IM/P traffic from UCM IM/P

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 97 Configure Cisco SIP B2B Federation with Microsoft Expressway C – Additional configuration currently required for Presence New zone per CUP server

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 98 Configure Cisco SIP B2B Federation with Microsoft Expressway C – Additional configuration currently required for Presence Search Rule for Presence

FQDN or IP address

Outbound Route

Inbound Route

TLS Peer Subject Configuration for Expressway C

TLS Context Configuration

TLS Peer Subject Configuration for Expressway C

TLS Context Configuration

SIP Federation Domain Configuration

Needs to be configured for each B2B federated domain

SIP Federation Route Configuration

Needs to be configured for each B2B federated domain

Microsoft specific DNS Federation SRV record for your domain

In case of multi domain deployment make sure that you have configured SRV for each domain

Same Lync client integration points now supported on the 64-bit Skype for Business 2015 & 2016 clients! NOTE: Previous version was 32-bit only support.

Integration Points: . Presence . Audio and Video Calling . Instant WebEx Meetings . Click to Call

Platform Features New Voice and Video Features Accessibility

• • Skype for Business 64-Bit Support Appear Offline Presence Support • Windows notification sound played when a contact search returns a result • Microsoft Office 2016 Support • Survivable Remote Site Telephony Support • Opus Codec Support User Interface Updates • Click-to-Call for Office - 64Bit Applications • Far End Camera Control • Windows 10 Support • High DPI • DTMF Digit Management • Intel Atom Support Security Features • Headset Selection from Hub Window • IPv6 Support • Encryption and Decryption of PRTs • Display Call Duration

• Classic Ringtone • PRT Logging Levels

• Audio and Video Bridge Conferencing • Invalid Certificate Behavior

• Sign Out on Inactivity Timer • Customer Signature for Installer

• Protocol Rate Limiting

Cisco Jabber Collaboration Solution Cisco Jabber 11.x support

Fully integrated into Microsoft Office, on-premise or Office 365(*)

(*) Check Release Notes for supported Office 365 deployment models

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 110 Jabber 11.9 Integrations Office 2016 for Mac Cisco has been working with Microsoft to add include a presence API in office 2016 Mac. Jabber for Mac users now have presence and communication launch from office contact card

• Show Presence • Start Chat Session Office 2016 • Make Voice/Video Calls V15.33 and later

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 111 Jabber 11.9 Integrations Office 365 Outlook Web Client ... And customers using Office 365 Outlook Web access can also launch Jabber Chat and calls… Start Chat Chat icon can now launch Jabber Make a Call Click telephone numbers to call

No presence in OWA

BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 112 Application Interoperability Functionality available at the application level • Cisco Jabber can integrate with the Microsoft Office suite Click-to-X (click-to-call, click-to-IM, click-to-conference) Presence light up of Microsoft Contact card Store Instant Messaging conversation history in Outlook/Exchange • Microsoft Exchange integration (Exchange on-premise and Exchange online) Calendar integration (client or server side) Unified Messaging integration – Cisco Unity Connection • Microsoft SharePoint integration (SharePoint on-premise and SharePoint online) Click-to-X (click-to-call, click-to-IM, click-to-conference) Presence light up of Microsoft Contact card

PSTN B2B C2B

Internet

Collaboration services integrated with cloud based applications (i.e. Exchange, SharePoint) …while maintaining today’s required telephony functionality and PSTN access …while enhancing communication services with standards based interoperable business to business and consumer functionality

PSTN B2B C2B

ProxyAddresses Internet AD attribute

EWS

• Active Directory proxyAddresses attribute required for Office integration and light up • Cisco Unity Connection messaging integration with Exchange Online via Exchange Web Services (EWS)

Cisco Cisco On-Premises & Collaboration Partner Hosted HCS Cloud

Call Service Connect - connects Cisco Spark & the enterprise phone system – so they behave as one

Your Spark app becomes an enterprise softphone Provides voice and video interoperability between Jabber and Spark

User benefits: • Choice: use Jabber or Spark to call anyone without worrying about which you or the other person is using • One number: be reached on Spark, Jabber, or a deskphone. Choose to take the call on whichever suits you best at that moment • Reach everyone: call company extensions, PSTN numbers, Spark only users, and even video bridge numbers • Company dial plan: dial from the Spark app as you would from your deskphone - call PSTN numbers via enterprise phone system • Make the most of video assets: en-route to the office start a call on a mobile device and hand off to a room system when you arrive

When Cisco Spark User is enabled for Hybrid Call Service Connect Business to Business Calls are routed via the Enterprise (Cisco UCM, Expressway B2B)

Combining Cisco Spark Hybrid Call Service Connect with Expressway X8.9 Cisco to Microsoft B2B Federation, Cisco Spark Users can call Lync 2013, Skype for Business or Skype for Business Online Users (audio, video and two way screen sharing)

At this point there is no messaging interoperability available

Expressway Hybrid Services http REST Connectors

Cisco Collaboration SIP call from Spark (Hybrid) signaled to Enterprise CC Cloud Destination URI Bob@ AXL Routed through Spark Traversal Zone

SIP Route Pattern towards Expressway-C

Search Rule Search Rule Search Rule to to CMS to DNS Zone B2B/MRA Traversal Zone

Incoming Call DNS lookup for _sipfederationtls._tcp. Forwarding Outbound Call as Lync call Expressway-C BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 119 Call Routing from S4B (O365) to Spark via Hybrid Configuration incoming from O365

Expressway Hybrid Services http REST Connectors

Cisco Collaboration SIP call to Spark, destination cloud Cloud URI Alice@.ciscospark.com AXL Through Spark Traversal Zone

SNR / Hybrid Services

Search Rule Incoming Search Rule Search Rule Type MSFT SIP from CMS to UCM To B2B Traversal Zone to CMS

Incoming Call Forwarding DNS lookup for _sipfederationtls._tcp. Outbound Call as standard SIP Call Expressway-C BRKCOL-2610 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 120 Summary Cisco Interoperability with Microsoft Many options to interoperate • Identify your requirements and select the right scenario for your environment  User experience  Technical feasibility  Complexity  Operational implications • Understand the pros and cons of the selected scenario • “Mileage” of certain functionalities might vary when applied to a real life environment …Media Bypass in multi site deployment • Thoroughly evaluate (PoC) • Cisco remains committed to support interoperability scenarios

Cisco UCM 11.5, Jabber 11.7 and Expressway X8.8 hands on lab available in Cisco dCloud demo and lab environment Cisco UCM 11.5, Jabber 11.7 and Expressway X8.9 hands on lab available via Cisco dCloud Go to http://dcloud.cisco.com (CCO login required)

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card. • Complete your session surveys through the Cisco Live mobile app or on www.CiscoLive.com/us.

Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at www.CiscoLive.com/Online.

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Lunch & Learn

• Meet the Engineer 1:1 meetings

• Related sessions