This topic describes how to connect Cisco Unified Communications IM and Presence Service clusters that are in different domains.
Interdomain federation parameters:
- Two different DNS domains
- Cisco ASA appliance in DMZ
Cisco Unified Communications IM and Presence Service allows for business-to-business communications by enabling interdomain federation, which provides the ability to share presence and IM communications between different domains.
Federation is a term that describes data servers in different domains that can securely connect to one another. Interdomain federation requires that two explicit DNS domains are configured, as well as a security appliance (Cisco ASA adaptive security appliance) in the DMZ to terminate federated connections with the enterprise.
The figure shows a basic interdomain federation deployment between two different domains, indicated by domain A and domain B. The Cisco ASA adaptive security appliance in the DMZ is used as a point of demarcation into the enterprise. XMPP traffic is passed through, whereas SIP traffic is inspected. All federated incoming and outgoing traffic is routed through the Cisco Unified Communications IM and Presence Service node that is enabled as a federation node, and is routed internally to the appropriate server in the cluster where the user resides. For multicluster deployments, intercluster peers propagate the traffic to the appropriate home cluster within the domain. Multiple nodes can be enabled as federation nodes within large enterprise deployments, where each request is routed based on a round-robin implementation of the data that is returned from the DNS server lookup.