Ways to Improve the Enterprise Security with Cisco UCM Apps

Being one of the UC market leaders, Cisco thoroughly supports its partner ecosystem providing Cisco Solution Partners with APIs and SDKs, labs and sandboxes to build UC-enabled solutions. Hundreds of Cisco technology partners worldwide develop software on top of Cisco Unified Communications Manager that helps employees to collaborate, sell, support and… among the CUCM-integrated apps you can find solutions improving the enterprise security.

These apps either increase the security of the CUCM-based communications network or use Cisco UC solutions to provide the enterprise security features. Here are several  examples to get you an idea of what can be achieved with 3rd party apps integrated with Cisco UCM. Continue reading ‘Ways to Improve the Enterprise Security with Cisco UCM Apps’ »

VMware+GNS3 Based Collaboration CCIE Lab

I have been using this lab for casual testing & verification in my daily-work as well as Collaboration CCIE preparation during past 2 years. It should enable you to play with most basic features though emulating any hardware (like E1 or DSP etc) is still impossible. This platform was subjected to frequent changes and refinements in past 2 years, plus I have not touched it for quite a long time since I passed my Collaboration CCIE, so you might need to tweak it a bit before it can work perfectly for you.

CCIE Collaboration Lab Topology

Continue reading ‘VMware+GNS3 Based Collaboration CCIE Lab’ »

Decrypt HTTPS traffic from UC Servers using wireshark

During the login of jabber client, it communicates with several UC servers like CUPS, CUCM, UnityConnection etc for authentication, config file downloading, registering. Most of those traffic is carried through HTTPS/XML. Therefore, in order to have a deep dive into the Jabber client login sequences and have an idea about what exactly is happening during Jabber login, decrypting HTTPS traffic between Jabber client and UC Servers is required. 2 steps to get it done, which are downloading the private key from UC Server, and inputting the private key into wireshark for decryption.

Continue reading ‘Decrypt HTTPS traffic from UC Servers using wireshark’ »

Jabber for Windows 9.2.x Overview

Method for Installing Jabber for windows

Methods for jabber for windows 9.2.x installation

“User the Command Line”or “Create a Custom Installer”aims to specifying some login & system-level config parameters (such as whether clear existing bootstrap file, Server Type[CUP, Webex or CUCM], Server IP address, Domain, Install Language, Phone Mode, etc) during Installation. All those parameters are stored in a Bootstrap file (jabber-bootstrap.properties file – location: C:\ProgramData\Cisco Systems\Cisco Jabber) which will be read by Jabber for every login attempt.

Command Line Arguments for CLI Install Method

“Run the MSI Manually”suits for a fresh install without any login & config parameters specified. When user logins, he has to manually select server type, server IP address etc. Note that, this install method will not clear local existing Bootstrap file and that might result in unexpected login results.

The jabber-bootstrap.properties file enables you to change login or system-level configs for Jabber client even when jabber is already installed. For example, edit jabber-bootstrap.properties file (location: C:\ProgramData\Cisco Systems\Cisco Jabber) and type UseLanguageID:1033 to change the client language.

Properties for modification in Bootstrap file. Continue reading ‘Jabber for Windows 9.2.x Overview’ »

Cisco Unified Presence Server 8.x (CUPS)

CUPS Overview

CUPS is a cisco UC component which provides IM, Presence, Group Chat (Ad-hoc or Persistent) and also allows seamless integration with other UC components. There are basically 3 roles in Presence work flow. Watcher(could be a phone, client, trunk etc), Presence Entity, and Presence Server.The presence entity publishes its current status to the presence server by using a PUBLISH or REGISTER message(SIP/SIMPLE clients), or by using an XML Presence Stanza (XMPP clients).

CUPS Interfaces

CUPS Architecture – CUCM SRND 8.x

Presence Server
Continue reading ‘Cisco Unified Presence Server 8.x (CUPS)’ »

Cisco CUCM Tricks for Active Directory & LDAP

What is Active Directory

Database Structure of Active Directory
Common Database Schemas of LDAP Server

Active Directory (AD): is Database storing all kinds of Objects and Policies which apply to the interoperations between Objects.
Object: It is the minimum component in the database that AD manipulates and each Object is associated with a set of mandatory and optional attributes or properties. Object can stand for User, Computer, Printer, Shared Folders or any other resources that used in a organization. Typical Objects in AD include Forest / Domain / OU / User / Group / Contact / Computer / Shared Folder / Printer / Site / Subnet etc.

Object types:

Both Container Object & Leaf Object are identified in its own Organization Unity or Container by Common Name (CN) which is also termed Relative Distinguish Name (RDN). However, globally throughout the domian, each object is uniquely identified by Distinguished Name (DN).

Search Description: cn=users, dc=uclab, dc=com

  • Container Object: Objects which can contain other Container Objects or Leaf Objects. Default Pre-installed Container Objects are Domain Controllers / Computers / Users / Builtin / Foreign Security Principals.
  • Leaf Object: Objects that can not contain other Objects.
  • Security Principal Object: used for security control purpose, such as authentication, authorization, access control etc. Continue reading ‘Cisco CUCM Tricks for Active Directory & LDAP’ »

CUCM BAT Operation Tips

Bulk Import or Update using CUCM BAT could be quite tricky if you initially taste it without review its long official user guide and possess very little hands-on experience of it. This post entails the critical tips that you have to bear in mind for BAT transaction, and walks you through the practice-verified BAT transaction procedure derived from my experiences in those cisco UC projects. Hopefully, this post can significantly reduce your time wasting in coping with all kinds of format errors, character encoding issues etc encountered during the BAT operation.

Rules to Keep in mind

  • The text-based CSV (Comma Separated Value) file which will be uploaded to CUCM for BAT operation should be encoded in Unicode UTF-8 format, otherwise, you might run into some characters not rendered correctly after BAT transaction. This rule is even more strict when your CSV file isn’t in purely alphanumeric format. In other words, Chinese characters are included for example. But if you CSV file contains only alphanumeric (letters & numbers) characters, the Unicode UTF-8 encoding restriction could be loosen little bitter, because alphanumeric-only CSV files encoded other than Unicode UTF-8 could, still possibly be correctly rendered by CUCM BAT. (This is why you can still use Microsoft Excel to edit CSV file and upload to CUCM only when CSV file is a purely alphanumeric one.) Continue reading ‘CUCM BAT Operation Tips’ »

Gatekeeper & CUBE Summary

Why GK & CUBE

Gatekeeper was initially introduced to interconnected several CUCM clusters in a simple and efficient way in large scale IPT network. Call Routing on GK is a 2-matching-steps (Zone Prefix & Technology Prefix) deal. Apart from that, GK also provides supplementary functions such as BW management, Call Admission Control, Name resolution etcs. Besides, GK also provides faster inter-cluster trunk failover than the scenario in which CUCM clusters inter-connected without GK.

CUBE (IPIPGW+SBC) was introduced to replace existing TDM-based (E1/T1) interconnection between Enterprise voice network and PSTN with pure IP-base connection (SIP Trunk). CUBE expands pure IP-based multimedia communication from Enterprise level to Service Provider Level. It also enables pure IP-based interconnection between 2 independent VoIP networks with better interoperatibility, flexibility and compatiblity. How does CUBE achieve that? It is actually done through signaling & medial interworking (terminate & re-orginate), interconnecting VoIP dial peers. Furthermore, as a device in voice network border (SBC: session border controller), it also provides Security features (NAT, NAT Traversal, AAA with RADIUS), QoS and Bandwidth Management.

Continue reading ‘Gatekeeper & CUBE Summary’ »

Modify License MAC of Linux-based appliances on VM

This post entails the procedure of modifying License MAC address of any Linux-based Cisco UC appliances in Lab environment.

Procedures Overview.

  1. Customize BIOS of VM to boot from Red Hat Enterprise LINUX 5.
  2. Enter rescue mode, and enable root remote ssh access to Linux OS
  3. Access LicenseMac.sh with root privilege and change License MAC to desired value.

Pre-requisites: Bootable image or CD of Red Hat Enterprise LINUX 5.

Detailed Step-by-Step Tutorial:

  1. Enable BIOS access by modify *.vmx file of VMware virtual machine.
    [For VMware Workstation only: close VMware Workstation application or VM’s Tab, then add bios.bootDelay = “5000″ to *.vmx file, which will introduce 5 seconds delay for system boot to let you press “ESC” to select the boot location.]
    Use VMware vSphere client to access ESXi host, navigate to Summary tab, right click datastore1 and select Browse Datastore…, download *.vmx to local PC, edit it by adding below line;
    bios.forceSetupOnce = “TRUE”;
    then upload it again to let the change take effect.
    NOTE that this parameter only takes effect only for one single instance of “power on” because “bios.forceSetupOne” will return to FALSE after you enter BIOS every single time. You will need to manually change “Enter BIOS of VMware Virtual Machine” to “TRUE” again if you want to enter BIOS for the second time. But, you changes in BIOS remains there permanently. Continue reading ‘Modify License MAC of Linux-based appliances on VM’ »