© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CIscoEXPO 1
Techtorial Collaboration
Tomáš Horák Jaroslav Martan Jiří Rott Ivan Sýkora
2
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Program
11:00 – 12:00 - UC@UCS - Ivan Sýkora
12:00 – 12:20 – Mobilita – Tomáš Horák
<oběd>
13:30 – 14:00 – Intercompany Media Engine (IME) - Tomáš Horák
14:00 – 15:00 – Service Advertisemnet Framework – Jiří Rott
<přestávka>
15:15 – 15:45 – Presence a Instant Messaging – Ivan Sýkora
15:45 – 16:05 – Contact Center Express – Tomáš Horák
<přestávka>
16:20 – 16:50 – Bezpečnostní Prvky UC – Jaroslav Martan
16:50 – 17:30 – UC API, CUAE – Jaroslav Martan
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CIscoEXPO 3
Bezpečnostní prvky UC
Jaroslav Martan CCIE #5871 e-mail/xmpp: [email protected]
4
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Agenda
VPN client on IP Phones
Trusted Relay Point
5
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
VPN Client for IP Phones
6
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Cisco VPN Client
Endpoint support
7942G, 7945G, 7962G, 7965G, and 7975G SCCP Devices Only, IPv4 Only
Deployment mode
IP Phone Remote Access
Services secured
Voice
Data (Phone Services)
Licenses VPN Concentrator License
IP Phone DLUs
VPN Concentrators
Cisco ASA 5500 Series
Cisco ISR with IOS SSL VPN
Encryption Technology
Secure Socket Layer (SSL)
Deployment Considerations
No additional hardware needed at remote location other than IP Phone
Concurrently running IP Phone Services Reduced When Enabled (i.e. no midlets)
VPN Client for IP Phones
CUCM
Internet
Small Business, Branch Office, Enterprise Network
Home, Hotel Room, Anywhere
VPN Concentrator
• Easy to Deploy – All settings configured via CUCM administration
Easy to Use – After configuring the phone within the Enterprise, user takes it home and plugs in into their broadband router for instant connectivity. No difficult menus to traverse.
Easy to Manage – Phone can receive firmware updates and configuration changes remotely
Secure – VPN tunnel only applies to voice and IP phone services. PC connected to PC port responsible for authenticating and establishing own tunnel with VPN client software
7
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
VPN Client for Phones Configuration
Setup the VPN Concentrators for each VPN Gateway
Upload the VPN Concentrator Certificates
Configure the VPN Gateways
Create a VPN Group using the VPN Gateways
Create a VPN Feature Configuration
Create a VPN Profile (optional)
Assign a VPN Group and Profile in the Common Phone Profile
Phone needs to be running firmware release 9.0(2) or higher
8
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Upload VPN Concentrator Certificates
Upload the VPN certificates to a new Phone-VPN-Trust
Cisco Unified OS Administration ► Security ► Certificate Management
9
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
VPN Gateway Configuration Cisco Unified CM Administration ► Advanced Features ► VPN ► VPN Gateway
Up to 10 certificates can be assigned to a VPN Gateway. At least one must be assigned to each gateway. Only certificates associated with the VPN role shall show in the available VPN Certificates list. The URL should be for the main concentrator in the gateway.
10
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
VPN Group Configuration
Up to 3 VPN Gateways can be added to a VPN Group.
The total number of certificates in the VPN Group can not exceed 10.
Cisco Unified CM Administration ► Advanced Features ► VPN ► VPN Group Configuration
11
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
VPN Feature Configuration Cisco Unified CM Administration ► Advanced Features ► VPN ► VPN Feature Configuration
Where overlapping, VPN Profile fields override these, if set Client Authentication Method – User and Password, Password
Only, or Certificate (LSC or MIC)
12
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
VPN Profile Configuration
Enable Auto Network Detect - If enabled, the VPN client will only be able to run if it detects that it is out of the corporate network
Enable Host ID Check - If enabled, the VPN gateway's certificate's subjectAltName or CN must match the URL to which the VPN Client has connected
Enable Password Persistence - If enabled, a user's password will be saved in the phone until a failed login or a user clears it
Cisco Unified CM Administration ► Advanced Features ► VPN ► VPN Profile Configuration
13
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Assign a VPN Group and Profile in the Common Phone Profile
Cisco Unified CM Administration ► Device ► Device Setttings ► Common Phone Profile
By associating a phone to a Common Phone Profile, a phone is assigned a specific VPN Group and VPN Profile
14
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
VPN Client on the IP Phone
Settings ► Security Configuration ►VPN Configuration
15
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
VPN Client on the IP Phone
Settings ► Network Configuration
Settings ► Status ► Network Statistics
16
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Trusted Relay Point (TRP)
17
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Agenda
Overview
Secure SoftPhone Connectivity (TRP)
Secure UC and Firewalls (TRP)
Virtual Networking (Segmentation) (TRP and VRF)
18
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
WAN Aggregation
Branch Router
Distribution/ Core Switch
Access Switch
Access Switch IP WAN
Branch Router
Access Switch
Software Client
IP Phones
Software function that runs on Cisco network devices such as campus switches and routers (similar to an MTP)
Inserted in the call flow by CUCM 7.0 (or CUCME 4.0) based on config
Provides trusted anchoring point for media to enable several functionalities (QoS enforcement, Trusted VLAN traversal, ...)
Data VLAN
UC VLAN
UC Trusted VLAN Traversal
UC Trusted Firewall Control
UC Trusted QoS Enforcement
UC Manager
Trusted Relay Point (TRP) Overview
19
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
TRP Functionality and Benefits
MTP-like function Network/transport media traversal services
Resides in an external (for CUCM) or internal (CME) IOS platform
Dynamically inserted into a call flow by CUCM/CME
Provides a trusted anchoring point for media, enabling
QoS trusted edge (shipping) Virtual/Segmented (VLAN) traversal (shipping) Firewall traversal (12.4.22T for CME; roadmap
for CUCM) Virtual/Segmented (VRF) traversal (12.4.22T) Monitoring/Recording (future) Media Conversion
SRTP to RTP (future) IPv4-IPv6 (future)
+
+
+
+
+
Router
Switch
Firewall
Wireless Access Point
WLAN Controller
Potential TRP Devices
20
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
IOS MTP (ISRs)
Endpoints (anything that terminates media) Media Termination Points (MTPs)
selection based on MRG/MRGL
Configurating TRP Features in CUCM 7.0
21
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
UC-trusted (TRP) Implementation
UC-trusted QoS Control
US-trusted VLAN Control
UC-trusted FW Control VRF
CUCM CUCM 7.0 TRP Standard MTP configuration on router
CUCM 7.0 TRP Standard MTP configuration on router
Future CUCM 7.0 TRP CUCM is VRF-unaware, but can connect into VRF-segmented networks aided by IOS TRP 12.4.22T IOS
CME Implicit in CME B2BUA Ephone “mtp” option
Implicit in CME B2BUA Ephone “mtp” option
CME + IOS FW collocated on same platform, 12.4.22T
Multi-VRF and VRF traversal in 12.4.22T
SRST N/A N/A N/A Single-VRF SIP SRST:
12.4.15T SCCP SRST:
12.4.22T
22
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
TRP Basic Functionality, Places in the Network
MTP-like Device Source and Destination
Address NAT Flow Awareness (Non
NAT) Payload Source
IP/UDP Payload
IP and UDP headers translated in both directions
Destination IP/UDP
Source IP/UDP
Destination IP/UDP
IP WAN
Internet
Currently TRP is implemented only on the ISR branch office routers
The implementation can be extended to other infrastructure devices
Campus
Branch
Reference
23
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
If multiple functions are required for a given call (Xcoder, TRP, RSVP Agent, DTMF relay...), CUCM will first attempt to select an MTP that can fulfill them all
If that is not possible, the TRP will be placed ‘closest’ to the endpoint
TRP supports SRTP and video (“pass-through” codec) If a call is placed on hold, TRP stops streaming media, but
resource is kept If CUCM is unable to allocate a TRP for a call, the call will
fail or not depending on the service parameter “Fail Call if Trusted Relay Point allocation fails” (default is true)
G.729 G.711 DTMF
Use TRP
CUCM TRP Insertion “Rules” Reference
24
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Agenda
Introduction
New Features Overview
Secure SoftPhone Connectivity (TRP) UC-trusted QoS Enforcement
UC-trusted VLAN Traversal
Secure UC and Firewalls (TRP)
Virtual Networking (Segmentation)
25
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
UC-Trusted QoS Enforcement
WAN Aggregation Branch
Router
Distribution Switch
Access Switch Access
Switch
IP WAN
SoftPhone
Access switch does not trust QoS from PC
CUCM configured to insert TRP for all “untrusted” devices
TRP is trusted and marks QoS EF/CS4 for CUCM-controlled call flow
IP Phone CUPC
IP Phone
UC media marked best-effort from PC to TRP
QoS and Call Admission Control applied across WAN
Feature may be enabled for all “untrusted” endpoints that register to CUCM/CME (software-based, video, 3rd party, ...)
To minimize number of MTPs involved in a call, ensure the same network device can perform all needed functions (TRP, RSVP Agent, Xcoder, ...)
Use a plain MTP configuration on the router – no changes in router config. CUCM 7.0 allows “Use TRP” checkbox
26
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
CUCM’s existing codec and CAC mechanisms are used to enforce how much and what type of media is allowed to access the network
Media Packets sent with no or incorrect QoS marking from application registered with CUCM
Media Packets sent via TRP with QoS marking as instructed by CUCM
Media Packets leaving switch are marked Best Effort as they do not come from a TRP
Media Packets sent with no or incorrect QoS marking from an application NOT registered with CUCM
UC-Trusted QoS Enforcement Reference
27
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
UC-Trusted VLAN Traversal Controlling Access to UC VLANs (1)
UC VLAN
Data VLAN
Mechanisms based on ACLs rely on port numbers—no way to ensure only ‘trusted’ media enters UC VLAN
28
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
UC VLAN
Data VLAN
UC-Trusted VLAN Traversal Controlling Access to UC VLANs (2)
TRP enables you to limit entry into UC VLAN only to media streams controlled by CUCM or CME
Provides an effective and simple mechanism to control access to UC VLANs
Mechanisms based on ACLs rely on port numbers—no way to ensure only ‘trusted’ media enters UC VLAN
29
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Access Switch
Access Switch IP WAN
CCME Access Switch
Softphone in Data Segment
Calls between Segments bridged by TRP – same TRP can be used for QoS enforcement
Branch Router
CME
TRP enables Secure IP Phone Connectivity by securely bridging only “authorized” (CUCM or CME) media from Data to UC VLAN
TRP can also remark the QoS for “authorized traffic” from the Softphone
CUCM 7.0 and CME 4.0 (12.4.9T)
CUCM configured to insert TRP for devices in Data VLANs (PC clients)
ACL only allows packets coming from TRP into UC VLAN
UC-Trusted VLAN Traversal
30
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
TRP Configuration
The CME “mtp” designation forces all media to that endpoint to be “flow-through” on CME, i.e. CME proxies the media and can then do functions like QoS remarking and VLAN traversal
Introduced in CME 4.0 (12.4.9T)
CUCM 7.0 Phone (Endpoint/Device) Configuration CME 4.0 Ephone Configuration
ephone 1 description xxx mac-address 0012.8055.D2EE mtp
31
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Agenda
Introduction
New Features Overview
Secure SoftPhone Connectivity (TRP)
Secure UC and Firewalls (TRP)
Virtual Networking (Segmentation)
32
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
UC-Trusted Firewall Control
IOS Firewall
Access Switch
IP WAN Router with TRP
Access Switch Endpoint
CUCM
IOS Firewall
Router with TRP Endpoint
Shared secret configured in TRPs and FWs
STUN/ICE message with crypto token
FW opens pinhole after verifying crypto token
Cisco UC cooperates with Cisco firewalls to enable trusted media control
Innovative Cisco solution based on STUN/ICE standards
Implemented on CME and IOS FW in 12.4.22T
Future (roadmap) on CUCM and other Firewalls
33
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
FW looks at the signaling to determine what media ports to open
If you upgrade a Voice application server the FW might be affected
If the FW does not see signaling (encrypted, asymmetric path) then media ports cannot be opened
FW may not support the latest voice protocols (SIP, MGCP, H.323), call flows or video
CUCM A A CUCM
Signaling
FW ALG UC-Trusted FW Control
RTP
I see signaling, maybe valid call? Open media ports???
Signaling
RTP
TRP
Valid Authorized Call Details
FW receives a hashed STUN message with details of an authorized call
Protocol version independent Secures encrypted signaling paths Secures asymmetric signaling and
media paths
UC-Trusted Firewall Control
34
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
UC-Trusted FW – STUN Protocol
Authentication of FW open port request
Only call agent authorized flows are allowed through FW
Asymmetric signaling/media paths
Encrypted signaling supported (i.e. more secure)
Ports open only for session length – opened and closed by call agent/TRP for valid session duration only
A CUCM TLS (Encrypted signaling
TRP
RTP
Setup
Engage TRP
Setup
STUN (open ports)
RTP through FW
STUN (keepalive)
Reference
35
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
IP
CME, TRP and IOS Firewall are co-located on the same router Different router could be used in future, but this is not yet implemented
in 12.4.22T FW opens a port dynamically when it receives a STUN request
for a media flow Request is authenticated/authorized by the FW to open pinholes only
for genuine calls sanctioned by the call agent (CME) FW extracts a Token from the STUN request, validates the Token and
opens the pinhole If the FW sees no validated keepalive messages for a user-configured
interval (30 seconds), the pinhole is closed
Implementation: CME + IOS FW
36
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
CME TRP Configuration UC-trusted FW Traversal
A FW-traversal TRP requires the following information: Authorization agent-id Shared secret CAT (Token) life Keepalive interval
voice class stun-usage <tag> stun usage firewall-traversal flowdata
voice service voip stun stun flowdata agent-id <id> stun flowdata keepalive <interval> stun flowdata catlife <lifetime> keepalive <interval>
dial-peer voice <tag> voip voice-class stun-usage <tag>
STUN usage attached to VoIP dial-peer:
STUN usage is enabled:
STUN parameters are defined:
Reference
37
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
voice service voip stun stun flowdata agent-id 15 stun flowdata shared-secret ciscopasswd1234 stun flowdata keepalive 5 ! voice class stun-usage 10000 stun usage firewall-traversal flowdata ! dial-peer voice 1 voip destination-pattern 2... voice-class stun-usage 10000 session protocol sipv2 session target ipv4:9.13.23.6 codec g711ulaw
Reference
Define stun flowdata parameters: agent-id, shared-secret and keepalive interval (default is 10 sec)
Define a voice class for FW traversal
Apply the FW voice-calss to the required dial-peer (the leg which has to traverse FW)
CME UC-trusted FW Traversal Configuration
38
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
CUCM UC-trusted FW Traversal Configuration
UC-Trusted FW control is not yet supported on CUCM – it will be in a future release
This slide shows only the IOS TRP configuration that would be used once CUCM support US-Trusted FW traversal
Reference
voice service voip stun stun flowdata agent-id 15 stun flowdata shared-secret ciscopasswd1234 stun flowdata keepalive 5 ! dspfarm profile 1 mtp codec g711ulaw trp firewall-traversal maximum sessions software 10 associate application SCCP sdspfarm units 1 sdspfarm tag 1 TRP1
Define stun flowdata parameters: agent-id, shared-secret and keepalive interval (default is 10 sec)
Enable TRP-based FW traversal for the MTP profile
39
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
TRP Show Commands
Without the detail keyword, the following is displayed: Call ID Source IP address Source port Destination IP address Destination port
With the detail keyword, the following additional is displayed: GUID Authentication tag UHK EHK Number of open pinhole messages sent Time at which the last open pinhole message was sent Time at which the next open pinhole message is scheduled Number of keepalive messages sent Time at which the last keepalive message was sent
show voip trp session [call-id <id> | source-address <ip-address> source-port <port> | destination-address <ip-address> destination-port <port>] [detail]
Reference
40
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
TRP Clear Command
If a SIP BYE is lost or there is a bug, it can result in hung/stale TRP sessions and leave the firewall pinholes open
The following command clear TRPs sessions and closes any open pinholes
show voip trp session [call-id <id> | source-address <ip-address> source-port <port> | destination-address <ip-address> destination-port <port> | force] [force]
Reference
41
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Agenda
Introduction
New Features Overview
Secure SoftPhone Connectivity (TRP)
Secure UC and Firewalls (TRP)
Virtual Networking (Segmentation)
42
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
VRF Concepts
VRF —Virtual Route Forwarding Network segmentation technology A mechanism to define multiple “virtual” routers in a single
physical router Provides convergence/sharing of facilities/infrastructure but
logical isolation of traffic VLAN: L2 segmentation VRF: L3 segmentation
Technologies that utilize VRF MPLS — Multi Protocol Label Switching
MPLS uses labels to make packet forwarding decisions
DMVPN – Dynamic Multi-point Virtual Private Network Dynamic establishment of secure tunnels between sites for data
exchange
43
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Why is Segmentation important to Customers?
Enterprises need to group securely systems and applications by business criticality or function without the overhead of maintaining physically separate networks Examples: Guest Access; Partner Access; Outsourcing services (India
ITS model); Universities; inter-company collaboration teams Growing requirement for businesses to comply with regulations
for separation of sensitive data and are looking for solutions without the overhead of maintaining physically separate networks Examples: Financial Banking/Trading; Healthcare services
State and Federal Governments worldwide have various isolated agencies that need to work together on a network that allows dynamic and controlled sharing of information on an as-needed basis Examples: Department of Homeland Security; closed user groups
Requirement for securely “hosting” external services on a converged network Examples: Bank ATMs, kiosks or pharmacies in retail stores; airport
“virtual” gates
44
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Regulatory Separation of Banking, Analysts
Mergers and Acquisitions
Automation of Production Plants
Integration of Sales Sites, Suppliers and Partners
Kiosks
Public Wi-Fi Access
Virtual Network Customer Use Cases Enterprise Trends across Verticals
Manufacturing/Retail
Individual “Hotel” Services for Patients
Isolated medical Networks for Records, Services
Healthcare
Shared Buildings and Facilities across different Agencies:
Police
Fire Department
Tax Administration
Financial
Separate Departments
Inter-University Research Programs
Student Devices
Government Education
45
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
VRF Overview What is a VRF (Virtual Routing and Forwarding)?
Typically all route processes and static routes are populating one routing table
All interfaces are part of the global routing table
router eigrp 1 network 10.1.1.0 0.0.0.255 ! router ospf 1 network 10.2.1.0 0.0.0.255 area 0 ! router bgp 65000 neighbor 192.168.1.1 remote-as 65000 ! ip route 0.0.0.0 0.0.0.0 140.75.138.114
global routing table
Reference
46
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
VRF Overview What is a VRF (Virtual Routing and Forwarding)?
VRFs allow dividing up your routing table into multiple virtual tables
Routing protocol extensions allow binding a process/address family to a VRF
Interfaces are bound to a VRF using ip vrf forwarding <vrf-name>
router eigrp 1 network 10.1.1.0 0.0.0.255 ! router ospf 1 vrf orange network 10.2.1.0 0.0.0.255 area 0 ! router bgp 65000 address-family ipv4 vrf blue … ! ip route vrf green 0.0.0.0 0.0.0.0 …
global routing table
VRF routing tables
Reference
47
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
VRF Overview How are VRFs used?
VRFs can be used by themselves (multi-VRF or VRF-lite) or within an MPLS VPN
VRF-lite (aka Multi-VRF CE)
MPLS VPNs
• Defines from which VRF traffic was sourced / for which VRF traffic is destined • FIB table needs to have this information for each prefix
VLAN ID
L2 Header IP SRC PAYLOAD IP DST 802.1q
TAG
MAC DST
MAC SRC
ETHERTYPE 0x8100
802.1p CoS CFI Label
(VPN ID) MAC DST
MAC SRC
ETHERTYPE 0x8847
L2 Header
MPLS Label IP SRC PAYLOAD MPLS
Label IP DST
EXP TTL S
MPLS 802.1q
Reference
48
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Security with Virtual Networks
You cannot attack what you cannot reach Virtualization allows multiple “networks” to share physical
infrastructure without being visible to each other
Segment HR
Segment Finance
Secure Server
Segment Voice
Global
HR Secure Server
Softphones, Video, MPlace, Webex and other applications need to be visible to both Data and Voice Segments. TRP can bridge the gap with VRF traversal.
Finance SP
A
Voice
49
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Use Case 1: SP SIP-Controlled Retail Branch
SIP-SRST MPLS CE Router
Voice Services Provided by SP
Fax
FXO
Segmentation of traffic required for isolation of Retailer’s network from the Kiosk and other Vendor
SP requires MPLS labels to be applied at the CE to route traffic to the appropriate server/network ATM machine traffic (blue) goes
to Bank X Kiosk traffic goes to Pharmacy Y Voice traffic goes to SIP SP Z
SIP IP Phones registered/controlled by SP SIP softswitch
– SIP-SRST provides failover voice services
– SRST must be in same VRF as the other voice elements (PSTN, Fax and Phones)
50
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
ip cef ! ip vrf vrf-srst rd 90:1 ! no ip dhcp use vrf connected ! ip dhcp pool vrf-srst vrf vrf-srst network 11.1.1.0 255.255.255.0 default-router 11.1.1.20 option 150 ip 10.1.1.3 dns-server 172.18.196.38 domain-name mh.cisco.com class vrf-srst address range 11.1.1.220 11.1.1.235 ! ip dhcp class vrf-srst ! voice vrf vrf-srst ! voice service voip allow-connections sip to sip sip bind control source-interface GigabitEthernet0/0 bind media source-interface GigabitEthernet0/0 registrar server expires max 600 min 60
voice register pool 1 id mac 000F.23FC.A595 call-forward b2bua noan 3001 timeout 10 codec g711ulaw ! interface GigabitEthernet0/0 ip vrf forwarding vrf-srst ip address 11.1.1.20 255.255.255.0 duplex auto speed auto ! ip route vrf vrf-srst 0.0.0.0 0.0.0.0 11.1.1.1 ! dial-peer voice 2 pots destination-pattern 9000 port 2/0/0 ! sip-ua retry invite 3 registrar ipv4:10.1.1.3 expires 3600 !
VRF Configuration: SIP-SRST Reference
51
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Use Case 2: Multi-VRF CME with SIP Trunk
CME endpoints can support up to 5 VRFs Hardphones in Company-VRF
Hardphones in Guest-VRF Softphones in the Data VRF
CME routes calls (VRF traversal) between the different endpoint VRFs, and between endpoints and SIP Trunk VRF
Inter-site calls are routed via the SIP trunk in the Voice VRF (global voice VRF)
CME, MPLS CE Router CME, MPLS CE Router
MPLS SP
SIP Trunk in global Voice VRF
52
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
CME
SoftPhone
Finance Department Sales Department
Voice VRF
Data VRFs (FINANCE & SALES)
Ethernet Ports on CME Router associated with VRF
Separating the networks by creating separate VRFs – one CME becomes multiple virtual CMEs
VRFs are tagged with the interfaces:
Voice VRF: VOICE
Data VRF: FINANCE
Data VRF: SALES
Virtual CUCME Virtual CUCME
VRF-Aware CME
VG224
SP
53
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
CME VRF Configuration (1) ip vrf vcme1 ip vrf vcme2 ip vrf vcme3 ip vrf vcme4 ip vrf vcme5 ! voice vrf vcme2 ! interface GigabitEthernet0/0.301 encapsulation dot1Q 301 ip vrf forwarding vcme1 ip address 10.1.10.1 255.255.255.0 ! interface GigabitEthernet0/0.302 encapsulation dot1Q 302 ip vrf forwarding vcme2 ip address 10.2.10.1 255.255.255.0 ! interface GigabitEthernet0/0.303 encapsulation dot1Q 303 ip vrf forwarding vcme3 ip address 10.3.10.1 255.255.255.0 ! interface GigabitEthernet0/0.304 encapsulation dot1Q 304 ip vrf forwarding vcme4 ip address 10.4.10.1 255.255.255.0
interface GigabitEthernet0/0.305 encapsulation dot1Q 305 ip vrf forwarding vcme5 ip address 10.5.10.1 255.255.255.0
Define the 5 CME VRFs
Define the global Voice VRF (SIP Trunk)
Define the VRFs on the various interfaces/subinterfaces on the CME router
54
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
CME VRF Configuration (2)
interface Service-Engine1/0 ip vrf forwarding vcme2 ! telephony-service group 1 vrf vcme1 ip source-address 10.1.10.1 port 2000 group 2 vrf vcme2 ip source-address 10.2.10.1 port 2000 group 3 vrf vcme3 ip source-address 10.3.10.1 port 2000 group 4 vrf vcme4 ip source-address 10.4.10.1 port 2000 group 5 ip source-address 12.5.10.1 port 2000 ! ephone 232 device-security-mode none mac-address 001A.A246.05AC username "kshang" password 7001 group phone 1 type 7970 keep-conference button 1:232
Tie VRFs to CME “groups” of phones/users
Designate specific ephones (soft or hard phones) to belong to a specific group (i.e. VRF)
Define the VRF that CUE (if present) belongs to
55
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
rtr(config)#telephony-service rtr(config-telephony)#group <tag> [vrf <vrfname>] rtr(conf-tele-group)#ip source-address <ip-addr> [port <port] [secondary <ip-addr> [rehome
<seconds>]] rtr(conf-tele-group)# cnf-file <tftp:> <TFTP URL> rtr(conf-tele-group)# url <info | messages | services | directories | idle | authentication | proxy-
server> <url string> [idle-timeout <timeout>]
Summary VRF Configuration Steps for CME
Define a VRF group
Assign a VRF group to an ephone
rtr(config)#ephone 1 rtr(config-ephone)#group phone <group tag> [tapi <group tag>]
Assigning a VRF group to an ephone-template
rtr(config)#ephone-template 1 rtr(config-ephone-template)#group phone <group tag> [tapi <group tag>]
56
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Use Case 3: CUCM Segmented Network TRP for VRF-Traversal between Endpoints
Create a Services-VRF visible to all the VRFs to be bridged
There is no direct path between the Data and Voice VRFs and endpoints on these VRFs can not ping each other
CUCM connects a TRP to do VRF-traversal TRP does this via the Services-VRF
TRP Router
Segment Data
Segment Voice
VLAN-Data
VLAN-Voice
IP Data-VRF
Voice-VRF
A
CUCM (VRF-unaware)
Data-VRF export Data-VRF import Services-VRF ! Services-VRF export Service-VRF import Data-VRF import Voice-VRF ! Voice-VRF export Voice-VRF import Services-VRF
57
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Use Case 4: CUCM Segmented Network Media Resources in VRFs
Put DSP resources for Conf/Xcod in a separate Resources-VRF so that the TRP (via a Services-VRF) can bridge any endpoint (from any VRF) to access the shared resources, w/o create a direct ping path between the endpoints
TRP Router
Segment Data
Segment Voice
VLAN-Data
VLAN-Voice
IP
A
CUCM (VRF-unaware)
Xcod
Conf
Segment Resources
Resource-VRF
Data-VRF
Voice-VRF
Data-VRF export Data-VRF import Services-VRF ! Services-VRF export Service-VRF import Data-VRF import Voice-VRF import Resource-VRF ! Voice-VRF export Voice-VRF import Services-VRF ! Resource-VRF export resource-VRF import Services-VRF
58
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
interface GigabitEthernet0/0.801 encapsulation dot1Q 801 ip vrf forwarding VRFdata ip address 21.22.21.1 255.255.255.0 ip helper-address 21.20.10.11 ! interface GigabitEthernet0/0.802 encapsulation dot1Q 802 ip vrf forwarding VRFvoice ip address 21.22.22.1 255.255.255.0 ip helper-address 21.20.10.11 ! interface GigabitEthernet0/0.803 encapsulation dot1Q 803 ip vrf forwarding VRFservice ip address 21.10.3.1 255.255.255.0 ! interface GigabitEthernet0/0.804 encapsulation dot1Q 804 ip vrf forwarding VRFvoicesig ip address 21.10.4.1 255.255.255.0 ! interface GigabitEthernet0/0.805 encapsulation dot1Q 805 ip vrf forwarding VRFresource ip address 21.10.5.1 255.255.255.0
interface GigabitEthernet0/1 ip vrf forwarding VRFvoicesig ip address 21.20.10.1 255.255.255.0 duplex auto speed auto ! sccp local GigabitEthernet0/1 sccp ccm 21.20.10.11 identifier 2 version 6.0 sccp ! sccp ccm group 2 bind interface GigabitEthernet0/0.805 associate ccm 2 priority 1 associate profile 103 register CFB00175a378101 ! sccp ccm group 3 bind interface GigabitEthernet0/0.805 associate ccm 2 priority 1 associate profile 101 register MTP00175a378101 associate profile 105 register softmtp-3825
VRF Configuration for CUCM Conf/Xcod Reference
59
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
VRF Caveats/Notes Single-VRF support for TDM GWs
MGCP and SCCP are not supported Multi-VRF Support for CME and CUCM DSP resources (conf/
xcod/MTP) only Other components (SRST, Voice GW, CUBE…) are single-VRF
capable only VRF-configuration per dial-peer is not supported Connecting calls between different VRFs require CME flow-
through mode, even for local SCCP-SCCP calls No video support for VRF FW traversal and VRF traversal are mutually exclusive
Not supported at the same time on the same platform RSVP (and RSVP-Agent) is not VRF-aware GK is not VRF-aware
If GK is co-resident with VRF-aware Voice GW or CUBE configuration, then they cannot communicate with each other
60
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
VRF-Aware Voice Gateway
VRF-aware voice components use the global VRF ID when referencing a routing table
Awareness for a single VRF in voice components H323, SIP and CUBE signaling components can
reference routing table with the VRF ID RTP Media is sent using VRF ID SIP SRST allows phones in Voice VRF to fall back
Single global voice VRF configuration
VRF PC VRF ATM VRF Voice
MPLS PSTN
Single router deployment now possible as voice gateway source traffic is VRF aware
Example: Segmentation required to isolate and protect traffic from ATM and PCs from the other devices in the network
Reference
61
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
ip cef ! ip vrf red ! isdn switch-type primary-net5 ! voice vrf red ! voice service voip fax protocol t38 ls-redundancy 0 hs-redundancy 0
fallback none modem passthrough none codec g729r8 pre-ietf ! controller E1 7/1 pri-group timeslots 1-31 ! interface Loopback0 ip vrf forwarding red ip address 4.4.4.4 255.255.255.255 h323-gateway voip interface h323-gateway voip id GK1 ipaddr 9.13.32.52 1719 h323-gateway voip h323-id CE2 h323-gateway voip tech-prefix 1# h323-gateway voip bind srcaddr 4.4.4.4
interface Serial7/0:0 ip vrf forwarding red ip address 14.1.1.2 255.255.255.0 ! router ospf 99 vrf red log-adjacency-changes capability vrf-lite network 4.4.4.4 0.0.0.0 area 0 network 14.1.1.0 0.0.0.255 area 0 ! dial-peer voice 10 pots destination-pattern 26682... no digit-strip direct-inward-dial port 7/1:D ! dial-peer voice 1 voip destination-pattern 9.T session target ipv4:2.3.3.2 (session protocol sipv2)
VRF Configuration: H.323/SIP GW Reference
62
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Voice VRF Show Commands
router#sh ip route vrf red Routing Table: red Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
2.0.0.0/8 is variably subnetted, 3 subnets, 3 masks O 2.2.2.2/32 [110/101] via 14.1.1.1, 1d00h, Serial7/0:0 O E2 2.3.0.0/16 [110/20] via 14.1.1.1, 1d00h, Serial7/0:0 O 2.3.3.0/24 [110/101] via 14.1.1.1, 1d00h, Serial7/0:0 4.0.0.0/32 is subnetted, 1 subnets C 4.4.4.4 is directly connected, Loopback0 5.0.0.0/32 is subnetted, 1 subnets O IA 5.5.5.5 [110/70] via 14.1.1.1, 1d00h, Serial7/0:0 9.0.0.0/24 is subnetted, 1 subnets O IA 9.13.32.0 [110/70] via 14.1.1.1, 1d00h, Serial7/0:0 11.0.0.0/24 is subnetted, 1 subnets C 14.1.1.0 is directly connected, Serial7/0:0
Reference
63
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Voice VRF Show Commands router#sh ip route vrf vrf-srst
Routing Table: vrf-srst Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
Gateway of last resort is 11.1.1.1 to network 0.0.0.0
11.0.0.0/24 is subnetted, 1 subnets C 11.1.1.0 is directly connected, GigabitEthernet0/0 S* 0.0.0.0/0 [1/0] via 11.1.1.1
router#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
Reference
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CIscoEXPO 64
Vývoj UC aplikací
Jaroslav Martan CCIE #5871 e-mail/xmpp: [email protected]
65
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Obsah
CUCM API
CUP API
Cisco Unified Application Environment
66
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Horizontal Half
CUCM APIs
67
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
APIs for CUCM
• Serviceability Interfaces
– Serviceability XML - PerfMon, Real-time Device/CTI feed, Log Collection, Service Control, Call Detail Records
– SNMP/MIBs
• Provisioning Interfaces – Administration XML
– Extension Mobility Service API
• Device Monitoring & Call Control Interfaces
– Cisco TAPI & Cisco Wave Driver
– Cisco JTAPI
– Cisco WebDialer
68
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Administrative XML Interface (AXL)
Enables remote provisioning of Cisco Unified Communication Manager
• Users, Devices, Lines, Gateways, Hunt Groups, Trunks…literally everything is an object in the UC Mgr. database.
• XML, SOAP-based
• Each object has attributes
• AXL enables applications to Create, Read, Update, and Delete these objects
69
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
AXL documentation on the server
Cisco CallManager AXL SQL Toolkit is available in the Plugin list
contains complete schema definition: AXLAPI.wsdl, AXLEnums.xsd, axlmessage.xsd, axlsoap.xsd,
axl.xsd
70
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
What is the Extension Mobility API
An XML-based HTTP interface that allows applications to remotely invoke the Extension Mobility feature on behalf of a user.
Check In
Check out
User: Paulo Correia DN: 253123456 Premier Guest Language set to Portuguese
User: Room 901 DN: 90001 Internal & 911 access
User A checks into hotel
App Server provisions room phone
71
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
APIs for CUCM
• Serviceability Interfaces
– Serviceability XML - PerfMon, Real-time Device/CTI feed, Log Collection, Service Control, Call Detail Records
– SNMP/MIBs
• Provisioning Interfaces – Administration XML
– Extension Mobility Service API
• Device Monitoring & Call Control Interfaces
– Cisco TAPI & Cisco Wave Driver
– Cisco JTAPI
– Cisco WebDialer
72
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Cisco TAPI – Telephone Service Provider
Provides 1st Party Call Control (1PCC) Perfect fit for desktop softphones and server-based IVR applications
Provides 3rd Party Call Control (3PCC) Perfect fit for server or desktop applications that perform screen pops
for incoming calls and click-to-connect from Windows applications
Provides ability to interact with Media Layer Allows applications to terminate media, play announcements, record
calls Cisco TAPI provides a Wave Driver that allows 1PCC applications to
easily interact with call audio using standard Windows sound APIs
Programming in C and C++
Conforms to Microsoft TAPI 2.1 standard
73
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Cisco JTAPI
Provides 1st Party Call Control Perfect fit for desktop softphones and server-based IVR
applications
Provides 3rd Party Call Control Perfect fit for server or desktop applications that perform screen
pops for incoming calls and click-to-connect from Windows applications
Provides all the hooks necessary to integrate with standard or custom RTP libraries (for example: Java Media Framework), but does not provide a specific audio implementation
Conforms to Sun JTAPI 1.2 standard
74
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
What is WebDialer? A CUCM service responsible for processing MakeCall
requests on behalf of SOAP and HTTP based applications
Efficiently uses CTI resources • Limited to MakeCall. Other
functions such as Hold, Transfer, Conference, etc are not supported (use CTI, TAPI, JTAPI)
• Classified as a Macro-API because the Developer is abstracted from many of the details compared to standard CTI (TAPI, JTAPI).
75
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Architecture
HTTPS
User Phone
Connect/End Call
3rd Party App
SOAP Service Requester
Web Browser
UCM DB
Tomcat Web Dialer and
Redirector Servlet WSDL Doc
CTI Manager
Subscribers
HTTPS
Web Browser
76
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
APIs for CUCM
• Serviceability Interfaces – Serviceability XML - PerfMon, Real-time Device/CTI feed,
Log Collection, Service Control, Call Detail Records
– SNMP/MIBs
• Provisioning Interfaces – Administration XML
– Extension Mobility Service API
• Device Monitoring & Call Control Interfaces
– Cisco TAPI & Cisco Wave Driver
– Cisco JTAPI
– Cisco WebDialer
77
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Serviceability Interfaces
Log Collection – collects and packages UC Mgr trace files and logs for troubleshooting and analysis
Call Detail Record on Demand – provides applications with CDR files based on search criteria
SNMP/MIBs – provides management consoles with SNMP/Trap events specific to Cisco UC Mgr. and Cisco MCS hardware.
Perfomance Monitoring - PerfMon is a simple but very usable performance monitoring tool for network element. It's high performance polling engine uses very little cpu processing and can handle multiple unreachable elements without locking up.
78
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Serviceability SOAP APIs
SOAP Client
Cisco Serviceability SOAP includes: • Access Perfmon Counters • Query Device Information (CTI, CCM &
GWs) • Log Collection Service • CDR on Demand Service • Control Center Service SOAP client can run on different OS
An extensible SOAP-based XML web service
SOAP
Serviceability Backend
79
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Performance Monitoring (PerfMon) Allow clients to perform the following tasks:
Collect perfmon counter data Session-based and single-transaction
– Retrieve a list of all perfmon objects and counter names installed on a particular host
– Retrieve a list of the current instances of a perfmon object
– Retrieve textual description of a perfmon counter
https://<server>:8443/perfmonservice/
80
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
SNMP Architecture
SysAppl Agent
SNMP Application
SNMP Manager
SNMP/R Master Agent
SNMP Packets
SNMP Master Agent listens on port 161 and forwards SNMP packets to appropriate agents
Ccm Agent
MIB2 Agent
Host Resource Agent
Native Agent Adapter
Platform (HP/IBM/Dell) MIB Agents
SysAppl Agent
SNMP Manager talks to SNMP/R Master Agent on each node
SNMP Packets
SysLog Agent CDP Agent
81
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Documentation on Cisco.com
Products, Communications Manager, Configure, Programming Guides
you will get AXL programming guide
CDR definitions
JTAPI developer guide
TAPI developer guide
Data Dictionary
...
82
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Horizontal Half
CUP APIs
83
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
CUP API Developer Use case:- First time resolution.. In health care…
Mobile working is key to the successful operation of health care
Rapid resolution is key in Healthcare to drive, effective health care and immediacy of service.
In emergency situations the typically questions asked are:
Who’s got the skill to help? What’s their availability / presence? Who is closest to the emergency? How can I contact them?
The solution.. Cisco Unified Presence with Communication Manager and WLAN Location Services
SOAP REST SIMPLE
CUP Who is available?
How can I contact?
Where are they?
CUMA
WLAN Location Services
Access Point
Location Engine
84
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Enterprise Business Applications MS Exchange/ IBM Sametime / Siebel / PeopleSoft
SIP
SIMPLE
SIP Network with various SIP / SIMPLE vendor applications
Cisco Unified Application Environment
Media Server
Application Server
Applications
Visual Designer
Cisco Unified Presence
/ SIMPLE / SOAP / REST SIMPLE / SOAP /REST
Partner Applications
Cisco Unified Presence
CUP provide presence related information via SOAP and REST to 3rd development environments
SIMPLE provides presence and IM related information to 3rd party developers
Native integration or via Cisco Unified Application Environment (CUAE)
85
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Which Interface to Use & When
Ease of use
Performance / scale
REST & SOAP
SIP / SIMPLE
• Web Centric • Scale to 2000 users / 20
buddies • Effectively a layer on top of
SIP / SIMPLE
• More native • Greater scale 5000 users /
100buddies • IM ability • Partner developed solutions
as opposed to web solutions
2,000 users * 5,000 users * * Capacity numbers are “indicative” and dependant on application, server type etc..
86
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Which Interface to Use & When
Interface / attribute SIP / SIMPLE REST / SOAP
Ease of use Native Protocol Web Centric and Web Developer oriented
Presence Yes Yes
IM / Presence Yes Presence (Yes)
IM (No)
Performance / Scale * 5,000 users / 100 buddies
2,000 users / 20 buddies
* Capacity numbers are “indicative” and dependant on application, server type etc..
87
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
CUPS Configuration Interface Capabilities
Client Configuration Interface (SOAP related) Get System Configuration Information
Contact (Buddy List) Management
Get/Set/Delete Presence Rules
Publish/UnPublish long-term presence
Get Dialing Rules and Communications History
Get, Add, Delete Access Control Lists
Get/Set Calendaring
88
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Cisco Unified Presence new XMPP interfaces Presence/Instant Message/Roster Interface (Desktop) XMPP
Presence/Instant Message/Roster Interface (Browser) XMPP using JabberWerx AJAX API
The JabberWerx AJAX library sends and receives XMPP messages to/from the XCP BOSH interface using standard XSF publications.
BOSH http://www.xmpp.org/extensions/xep-0124.html XMPP BOSH http://www.xmpp.org/extensions/xep-0206.html BOSH Script http://www.xmpp.org/extensions/xep-0252.html
Third Party Open API Additional Interfaces
89
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Cisco Unified Presence Developer Guide Client Configuration Web Service Presence Web Service
Third Party Reference Application Source Code, Build Script Provided Eclipse Project
Cisco Unified Presence Developer Cookbook
All of these are accessible through Developer Services
http://developer.cisco.com/web/cup
Third Party Open API Developer Support
90
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Horizontal Half
Messaging APIs
91
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Web Service
Standard SOAP, XML over HTTP/HTTPS
Authentication required (authorization too)
Implemented using Apache AXIS (Tomcat/Java)
Installed and running by default
92
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Documentation and Support
Unified Communications Forum Support is available on the Cisco Unified Communications
Forum at http://forums.cisco.com.
Database Help File Comprehensive information about the database –
structure, stored procedures, errors, etc. currently exists. This is installed in the Unity TechTools folder: TechTools\Docs\UnityDirDb.chm.
It includes a chapter on the web service API.
93
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Documentation and Support (continued)
CUDLE (on box) “Data Link Explorer” allows viewing data, executing queries,
and includes descriptions of database objects.
CUDLE includes descriptions of the tables and columns.
http://www.ciscounitytools.com/App_CUDLE.htm
Apache Axis web site - http://ws.apache.org/axis/ The Apache Axis web site has good general information on their
web service implementation and tools (such as WSDL2Java).
94
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Cisco Unified Application Environment
95
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Cisco Unified Application Environment Customer Challenges
Applications run directly against the Cisco Unified Communications Manager
Significant threat to reliability and performance of dial tone
Manageability an afterthought
Lack of lifecycle management tools
No standard way for development, QA, and operations to handle deployment, configuration, capacity, performance management
Complexity
Telephony protocols, media processing, a plethora of UC products/versions/APIs and other unique requirements
Building everything from scratch
No experience, steep learning curve
Reliability Lifecycle Mgmt
96
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
CUAE Versus Native APIs
Native APIs offer the complete power of the native technology, but leave it up to the developer to determine the deployment model.
CUAE offers an abstracted interface to the native APIs and also includes a deployment and configuration model.
Native APIs are best for full featured standalone applications that focus on a single technology.
CUAE is best for applications that combine multiple technologies or in situations where the learning curve for a specific technology is too steep to justify the requirements of the application.
97
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Cisco Unified Application Environment The Solution
What does it offer? - Platform to develop, deploy & manage enterprise applications that
integrates with Unified Communication suite of products & services.
- Simplifies application development by abstracting complexities involved in communicating with various UC services by way of SDK and Application Designer
What are the components? – Cisco Unified Application Server – Cisco Unified Media Engine – Cisco Unified Application Designer – Etch Framework
98
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
High Level Architecture
SQL SIP H.323 SCCP JTAPI AXL/ SOAP IMAP LDAP
IP Phone Service
RTP ANY
Unified Communications
Application Environment
Other Technologies
IP Phone CUCM Presence Unity/Cxn Active
Directory Database Web
Service
SOAP
ANY
CUAE APIs
Developer Any IDE Application Designer
99
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Component Architecture
• Software implementation of DSP • Originates and terminates audio streams for apps. • Tightly integrates with App. server
• C# client • Visually construct communication business logic • Abstracts complex Telephony protocols into simplified API calls • 1-click deployment
• Manages applications, plug-ins, telephony servers • User Management • Diagnostics
• C#, Java server • Core of the platform where apps are stored & executed • VM manages application execution • Facilitates communication with external systems via “Providers” • Scripts are assembled from XML into in-memory compiled code ready to execute
100
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
• Applications and plug-ins run anywhere • Any language or IDE you want • Now: Java or C#. Next: Javascript etc.
Major Themes in Etch Release 2.5+
Language Independence
Management Architecture
Expanded Cisco UC Plug-in Support
• New java web app, redesigned UI • No more PHP, simplified SDK experience • Solid foundation for future enhancements
• New APIs for other Cisco UC products • Continuous process, modular releases • Now: Messaging. Next: Collaboration
All of this while making no core application server architecture changes and still providing 100% API
compatibility
101
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
CUCM CDS CUP/Jabber CHS MP Unity/Unity Cnx
Browser-based UC Application (Cisco or 3rd Party)
UC Enabled Service or Desktop Application (Cisco or 3rd Party)
Web Service Gateway
Etch Router
Messaging Call Control Presence
3rd Party UC Service Provider
CUAE Service Providers (plug-ins)
CUAE 8.0
Etch
Web 2.0
Service Specific
Java, C# Java, C#
CUAE 8.0 Architecture
102
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Horizontal Half
Etch
103
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
What is Etch?
Network Service Description Language, Compiler & Runtime
Service Description specifies abstracted service definition
Compiler generates language binding
Runtime responsible for sending the message across the wire.
Etch was developed by Cisco
Etch is open source
Etch is part of the apache foundation http://cwiki.apache.org/ETCH/
104
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Why Etch?
Language independence
Transport independence
Small and quick – high performance
Alternatives (i.e. SOAP/REST) too verbose, not suited for real time communication
Symmetric
105
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Etch Language Messages
int add( int x, int y )
Native types boolean, byte, short, int, long, float, double,
string, object, List, Map, Set
Structured data types
struct Point( double x, double y, double z )
External data types
@Extern( java, “com.company.User”, … )
extern User Constants
const int ZERO = 0 Enumerations
enum PrimaryColor ( RED, GREEN, BLUE ) Exceptions
exception LoginFailed( int code, string msg )
• Attributes – @Direction( which ) – server, client, both – @Oneway – @Timeout( millis ) – @AsyncReceiver( which ) – none, queued,
free – @Authorize( method, args … )
• Formal Comments /** * Adds two numbers together. * @param x the first number. * @param y the second number. * @return the sum of the arguments. */ int add( int x, int y )
• Mixins Service Foo {
mixin Bar mixin Baz
}
106
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Etch Language Example (plug-in)
module com.acme
service GeoFun {
const double DEFAULT_HOW_FAR = 10 // miles
const int DEFAULT_NUM_LANDMARKS = 20
struct Point( double latitude, double longitude )
struct Landmark( Point where, string description )
void addLandmark( Landmark landmark )
void removeLandmark( Landmark landmark )
Landmark[] searchLandmarks( Point where, double how_far, int count )
}
107
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Etch Roadmap
Javascript, Python, Ruby & other language support
More transports and transport modes
Web Services Gateway
Better Integration with IDEs, Maven
108
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Cisco Unified Application Designer
109
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO
Developer Resources
Application Designer or other Java and C# based IDEs (Eclipse, Visual Studio, Netbeans).
Developer Portal: http://developer.cisco.com/web/cuae/home
Forums, Wiki, Blogs, Videos, Sample Code, Developer alias ([email protected])
Advance Services Training course Myriad Java,C# developer courses/resources
110
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Public CiscoEXPO