Federated Deployment

This topic describes how to connect Cisco Unified Communications IM and Presence Service clusters that are in different domains.

Interdomain federation parameters:

  • Two different DNS domains
  • Cisco ASA appliance in DMZ

Cisco Unified Communications IM and Presence Service allows for business-to-business communications by enabling interdomain federation, which provides the ability to share presence and IM communications between different domains.

Federation is a term that describes data servers in different domains that can securely connect to one another. Interdomain federation requires that two explicit DNS domains are configured, as well as a security appliance (Cisco ASA adaptive security appliance) in the DMZ to terminate federated connections with the enterprise.

The figure shows a basic interdomain federation deployment between two different domains, indicated by domain A and domain B. The Cisco ASA adaptive security appliance in the DMZ is used as a point of demarcation into the enterprise. XMPP traffic is passed through, whereas SIP traffic is inspected. All federated incoming and outgoing traffic is routed through the Cisco Unified Communications IM and Presence Service node that is enabled as a federation node, and is routed internally to the appropriate server in the cluster where the user resides. For multicluster deployments, intercluster peers propagate the traffic to the appropriate home cluster within the domain. Multiple nodes can be enabled as federation nodes within large enterprise deployments, where each request is routed based on a round-robin implementation of the data that is returned from the DNS server lookup.

Advertisements

Multicluster Deployment

This topic describes how to connect Cisco Unified Communications IM and Presence Service clusters within the same domain.

Interclustering features:

  • Connect Cisco Unified Communications IM and Presence Service clusters in the same domain.
  • AXL synchronizes user information for home cluster association.

To extend presence and IM capability and functionality, these standalone clusters can be configured for peer relationships, thus enabling communication between clusters within the same domain. The figure represents the peer relationship between Cisco Unified Communications IM and Presence Service clusters when multiple clusters or sites are interconnected. This functionality provides the ability for users in one cluster to communicate and subscribe to the presence of users in a different cluster within the same domain.

To create a fully meshed presence topology, each Cisco Unified Communications IM and Presence Service cluster requires a separate peer relationship with each of the other Cisco Unified Communications IM and Presence Service clusters within the same domain. The address that is configured in this intercluster peer could be a DNS server FQDN that resolves to the remote Cisco Unified Communications IM and Presence Service cluster nodes. The address could also simply be the IP address of the Cisco Unified Communications IM and Presence Service cluster nodes.

The interface between Cisco Unified Communications IM and Presence Service clusters is twofold—an AXLSOAP interface and a signaling protocol interface (SIP or XMPP). The AXL-SOAP interface manages the synchronization of user information for home cluster association, but it is not a complete user synchronization. The signaling protocol interface (SIP or XMPP) manages the subscription and notification traffic, and it rewrites the host portion of the URI before forwarding if the user is on a remote Cisco Unified Communications IM and Presence Service cluster within the same domain.

Enterprise Instant Messaging

This topic describes enterprise instant messaging (EIM).

Cisco Unified Communications IM and Presence Service supports the following:

  • EIM features of Jabber XCP
  • Multidevice user experience (SIP to XMPP)
  • Text conferencing (or multiuser chat)
    1. Ad hoc group chat
    2. Persistent group chat
Feature Stored in
Offline instant messaging Cisco Unified Communications IM and Presence Service node IDS database
Ad hoc group chat Cisco Unified Communications IM and Presence Service node memory
Persistent chat External database to store rooms and conversations

IDS = intrusion detection system.

Cisco Unified Communications Manager IM and Presence Service incorporates the supported EIM features of the Cisco Jabber Extensible Communications Platform (XCP), while allowing for modifications to enhance support for the multidevice user experience. Text conferencing, sometimes referred to as multiuser chat, is defined as ad hoc group chat. Persistent group chat is supported as part of the Jabber XCP feature set. In addition, offline IM (storing IMs for users who are currently offline) is also supported as part of the Jabber XCP feature set. Cisco Unified Communications Manager IM and Presence Service manages storage for each of these IM features in different locations as shown in the table.

Note

The supported external databases are PostgreSQL (see http://www.postgresql.org/) and Oracle (see http://www.oracle.com).

If persistent chat is enabled, ad hoc rooms are stored on the external PostgreSQL database for the duration of the ad hoc chat. This procedure allows a room owner to escalate an ad hoc chat to a persistent chat; otherwise, these ad hoc chats are purged from PostgreSQL at the end of the chat. If persistent chat is disabled, ad hoc chats are stored in volatile memory for the duration of the chat

Cisco Jabber Port Usage

This topic describes the different ports that Cisco Jabber uses to communicate.

Port Protocol Description
53 UDP/TCP DNS traffic
69/6790 UDP TFTP/HTTP Config Download
80/443 TCP HTTP/HTTPS to Cisco Unity Connection or WebEx
143 TCP IMAP (TLS or plain TCP) to Cisco Unity Connection
389/636 TCP LDAP/LDAPS
993 TCP IMAP (over SSL) to retrieve and manage voice messages
2748 TCP CTI gateway
3268/3269 TCP Global Catalog/LDAPs
5060 UDP/TCP SIP call signaling
5061 TCP Secure SIP call signaling
5070 UDP Binary Floor Control Protocol (BFCP) for video desktop sharing
5222 TCP XMPP
7993 TCP IMAP (over TLS) access to secure voice messages

CTI = computer telephony integration; DNS = Domain Name System; IMAP = Internet Message Access Protocol; LDAP = Lightweight Directory Access Protocol; LDAPS = Lightweight Directory Access Protocol over Secure Sockets Layer/Transport Layer Security; SIP = Session Initiation Protocol; XMPP = Extensible Messaging and Presence Protocol.

Port Protocol Description
8191 TCP SOAP web services
8443 TCP HTTPS for CCMCIP profiles and UDS
16384-32766 UDP RTP media streams for audio and video

CCMCIP = Cisco Unified Communications Manager IP Phone service; RTP = Real-Time Transport Protocol; SOAP = Simple Object Access Protocol; UDS = User Data Service.

As shown in the table, Cisco Jabber uses a number of protocols for communication. In addition, these protocols may be used and are listed here for your reference:

  • Port 7080: Protocol TCP (HTTPS); used for Cisco Unity Connection for notifications of voice messages (new message, message update, and message deletion)
  • Port 37200: Protocol SOCKS5 Bytestreams; used for peer-to-peer file transfers. In on-premises deployments, the client also uses this port to send screen captures.

Quality of Service

This topic describes the Cisco Jabber quality of service issues with trust boundaries.

  • Cisco Jabber marks Layer 3 IP packets via DSCP:
    1. Call signaling traffic is marked with a DSCP value of 24.
    2. Voice media traffic is marked with a DSCP value of 46.
  • Computer traffic is typically untrusted. The network device will remove DSCP markings made by an application on the PC.
  • Routers and switches must allow these DSCP markings for the port ranges that are used by Cisco Jabber.
Application IP-Precedence PHB DSCP CoS
Voice 5 EF 46 5
Video 4 AF41 34 4
Call signaling 3 CS3 24 3

CoS = class of service.

The Cisco Jabber client marks call-signaling traffic with a DSCP value of 24, or a PHB value of CS3, and it marks RTP media traffic with a DSCP value of 46 (PHB value of EF). Video traffic will be marked with a PHB value of CS4 (DSCP value of 32).

Typically, networks are configured to strip DSCP markings from computer traffic. Therefore, if the administrator wants Cisco Jabber traffic to be marked, the administrator must configure switches and routers to apply DSCP markings to computer traffic based on the port ranges that the application uses.

Service Discovery

This topic describes how Cisco Jabber discovers services to register.

Establish the user domain for service discovery.

When the Cisco Jabber client is opened the first time after a standard installation, you are asked to enter your email address. Based on the domain in your email address, Cisco Jabber asks the DNS server for server records for _cisco-uds._tcp.example.com as shown in the figure. The answer includes the IP address of a Cisco Unified Communications Manager cluster server. Cisco Jabber contacts the Cisco Unified Communications Manager server and requests the home cluster and service profile information that is required to reach the other application servers. Additional information is received via the jabber-config.xml file from the TFTP server in the Cisco Unified Communications Manager cluster.

Cisco Unified Communications Manager Deployment Options

This topic describes how to deploy Cisco Unified Communications IM and Presence Service in different scenarios.

Supported IP telephony deployment models:

  • Single-site deployment
  • Multisite WAN with centralized call processing
  • Clustering over the IP WAN
  • Multisite WAN with distributed call processing and Cisco Unified Communications IM and Presence intercluster peers

Cisco IM and Presence is supported with all Cisco Unified Communications Manager deployment models. However, Cisco recommends locating the Cisco Unified Communications Manager IM and Presence Service publisher in the same physical data center as the Cisco Unified Communications Manager publisher because of the initial user database synchronization. All on-premises Cisco Unified Communications Manager IM and Presence Service nodes should be physically located in the same data center within the Cisco Unified Communications Manager IM and Presence Service cluster, with the exception of geographic data center redundancy and clustering over the WAN.

A Cisco Unified Communications Manager cluster can only connect to a single Cisco Unified Communications IM and Presence Service cluster. When you have a distributed Cisco Unified Communications Manager deployment with two or more Cisco Unified Communications Manager clusters, you also need two or more Cisco Unified Communications IM and Presence Service clusters per site. These Cisco Unified Communications IM and Presence Service nodes can be connected using intercluster peers, when the clusters are in the same domain. If the Cisco Unified Communications IM and Presence Service clusters use different domains, a federation must be set up.