Cisco Jabber Have You Heard About the Latest Functionality?

Cisco Jabber Have You Heard About the Latest Functionality?

#CLUS Cisco Jabber Have you heard about the latest functionality? Shane Long Technical Marketing Engineer BRKCOL-2221 #CLUS Agenda • Recent Highlights • Configuration • Security • Media Enhancements • Meeting Experience • Jabber in VDI • Jabber team messaging mode • Looking ahead • Summary #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Cisco Webex Teams Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Live Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space Webex Teams will be moderated cs.co/ciscolivebot#BRKCOL-2221 by the speaker until June 16, 2019. #CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Some highlights of recent Jabber releases ` IM&P Active Control Team Persistent Chat Multiline (CMS) messaging for Mobile mode Coming Soon ` SIP OAuth Jabber Jabber Meeting Phone Mode Chromebook config tool with Contacts VDI Update Controls support (Webex) Jabber 12.0 Jabber 12.1 Jabber 12.5 Jabber 12.6 Jabber 12.7 2018 2019 MARCH and much more… AUGUST #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Jabber Configuration A Brief History of Cisco UC Client Configuration IP Communicator Unified Personal Communicator Jabber 9.x-12.1 Jabber + UC Manager12.5 • Manual • Registry Keys • DNS SRV • DNS SRV • Virtual MAC Address • Unified Presence Server • jabber-config.xml (manual XML) • Service Profiles (including jabber • Service Profiles configuration) New! #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Jabber Premise Pre- UC 12.5 Configuration Architecture Service Profile IM&P UC Service assigned CTI UC Service Mobile Device Voicemail User UC Service “Mobile config” Conference XML File User UC Service association to devices Directory Default UC Service jabber-config.xml Home IM&P File CSF Device Cluster enabled “Desktop config” XML File Desk Phone membership of group End User Devices Group membership of group CTI • Can be complex to manage Group • User needs a device to have a Group Membership non default configuration #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Jabber On Premise 12.5 Configuration Architecture Service Profile IM&P UC Service assigned CTI UC Service Mobile Device Voicemail User UC Service Conference User UC Service association to devices Directory UC Service Home IM&P CSF Device Cluster enabled Jabber Client Configuration New in UCM 12.5 Desk Phone membership of group End User Devices Group membership of group CTI Group Group Membership #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 UC Manager Jabber Configuration Tool • UC Manager based Jabber configuration tool • No more error prone XML file editing • Specify key and value • User/Group based configuration using service profile • Desktop and mobile specific configurations • Cluster wide #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 UC Manager Jabber Configuration Tool Common Settings Jabber desktop (CSF) will apply <Common> and <Desktop> specific configurations Jabber mobile (TAB, TCT, BOT) will apply <Common> and <Mobile> specific configurations 1. UC Service for Common Desktop Specific Settings and optionally for Desktop and Mobile 2. Apply each UC Service type to specific section in Jabber Client Mobile Specific Settings Configuration profile 3. Apply Configuration to the Service Profile Service Profile User #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Jabber Configuration Retrieval • Jabber config Jabber will download NEW Jabber download Configuration Profile if available begin • If Jabber Configuration is NOT Generated by username, such as available, Jabber will download :6972/amckenzie.cnf.xml Jabber Client a) Device specific config (Cisco Configuration yes Support Field) Profile configured??? https://{cucm}:6972/JABXXX.cnf.xml b) Default jabber-config.xml • Jabber 12.5+ is backward compatible no with default jabber-config.xml. • UC Manager upgrade will not break Jabber device yes specific config existing config! configured??? https://{cucm}:6972/userDefind.xml no Use default Build Config URL jabber-config.xml Download config https://{cucm}:6972/jabber-config.xml #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Fast Login • After initial login, Jabber will read local config cache and login to services in parallel Config Refresh • Allows for faster login • Allows for login even if some critical services are offline (offline login) • Background config refresh • ~0-5 mins of Jabber launch • ~7-9 hours of active Jabber session connect read • All Jabber cache is encrypted! (config, chat/call history, tokens etc) Cached Settings • For testing/debugging purposes use on device “Refresh configuration” #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 Security Update Jabber Security FAQ Question 1 Q) What data does Jabber store on a device? A) Jabber configuration, call/chat history, contact lists, cached user credentials/OAuth token All files are ENCRYPTED before being written to disk (AES-256-CBC) Windows: Domain Login/Windows API Mac/iOS: KeyChain Android: Keystore #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 OAuth Refresh Tokens OAuth Refresh Tokens can be deployed independently of SSO • UC Manager 11.5SU3+ provides support for (SSO is recommended!) XCP OAuth Refresh tokens • Once authenticated, Jabber is issued with • Access Token UC Manager OAuth Service • Refresh Token • The Access Token has a short lifetime (60 mins). The Access token is used to gain access to a service. e.g. Cisco UDS. • The Refresh Token has a long life (60 days default). The Refresh Token is used to retrieve a UDS new Access Token either before the current Access Token expires or at Jabber start up. The Refresh Token is stored on disk (encrypted) and is available across sessions (including non persistent VDI desktops) #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 OAuth Flow (On Prem) SSO/IDP 1. On a first time login, Jabber connects to UC Manager authorization service and is redirected to LDAP Auth the configured authentication service (Jabber does CUCM not have an access token yet) Auth Authentication UC Manager Authorisation IM&P Chat Service Unity Connection Voicemail Authorised Users Only UC Manager (Token required) UDS Service #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 OAuth Flow (On Prem) SSO/IDP 2. Jabber connects to authentication service. Authentication is performed – e.g. LDAP Auth username/password, SSO auth etc. Jabber receives CUCM authentication assertion Auth Authentication UC Manager authentication Authorisation IM&P Chat Service Unity Connection Voicemail Authorised Users Only UC Manager (Token required) UDS Service #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 OAuth Flow (On Prem) SSO/IDP 3. Jabber uses assertion to request Access token and Refresh token from UC Manager authorisation LDAP Auth service Refresh token CUCM Auth Access token Authentication UC Manager Authorisation IM&P Chat Service Unity Connection Voicemail Authorised Users Only UC Manager (Token required) UDS Service #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 OAuth Flow (On Prem) 4. Jabber uses the Access token to gain access to SSO/IDP configured services. Jabber can now use these LDAP services e.g. UDS, IM&P, voicemail Auth Refresh token CUCM Auth Access token Authentication UC Manager Authorisation IM&P Chat Service Unity Connection Voicemail Authorised Users Only UC Manager (Token required) UDS Service #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 OAuth Flow (On Prem) 5. The access token has a lifetime of 60 minutes. SSO/IDP Jabber will use the Refresh token to request a new LDAP Access token at 0.75 times the Access token life (45 Auth minutes) Refresh token CUCM Auth Access token Authentication UC Manager Authorisation IM&P Chat Service Unity Connection Voicemail Authorised Users Only UC Manager (Token required) UDS Service #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 OAuth Flow (On Prem) 6. Jabber uses the renewed Access token to maintain SSO/IDP access to configured services. The new Access LDAP tokens timer starts again (60 mins) Auth Refresh token CUCM Auth Access token Authentication UC Manager Authorisation IM&P Chat Service Unity Connection Voicemail Authorised Users Only UC Manager (Token required) UDS Service #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 OAuth Flow (On Prem) SSO/IDP 7. The Refresh token expires after 60 days. The user will need to re authenticate once the Refresh token LDAP Auth expires. One authentication has taken place, a new CUCM Refresh token and Access token will be granted Auth Authentication UC Manager authentication Authorisation IM&P Chat Service Unity Connection Voicemail Authorised Users Only UC Manager (Token required) UDS Service #CLUS BRKCOL-2221 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 OAuth Flow (On Prem)

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    102 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us