Cisco Unified Presence, Release 7.x -- How to Configure Cisco Unified Presence for Federation

From DocWiki

Jump to: navigation, search

Main page: Cisco Unified Presence, Release 7.x

Contents

Previous Topic



Adding a Federated Domain

When you add a Federation Domain entry on Cisco Unified Presence, the presence gateway and the incoming ACL for the federated domain entry are automatically added. Note that you cannot see the presence gateway that is associated with a federated domain on the Cisco Unified Presence GUI. You can see the incoming ACL associated with a federated domain on the Cisco Unified Presence GUI, but you cannot modify or delete it. You can only delete the incoming ACL when you delete the (associated) Federated Domain entry.


Procedure
  1. Select Cisco Unified Presence Administration > Presence > Inter Domain Federation.
  2. Click Add New.
  3. Enter the federated domain name in the Domain Name field.
  4. Enter a description that identifies the federated domain in the Description field.
  5. Select CUP to LCS/OCS from the Integration Type menu.
  6. Click Save.
Notes
  • If you are federating between one Cisco Unified Presence enterprise deployment and another, select CUP to CUP as the integration type.
  • The text string you enter in the Description field is displayed to the user in the Cisco Unified Personal Communicator privacy preferences available from the Manage Domains tab. Therefore make sure you enter a domain name that is easily-recognizable to the end user in this field.
Figure: Adding a Federated Domain
271522.jpg


Related Topics


What To Do Next


Enabling Email for Federation

When you enable Cisco Unified Presence to use the email address for interdomain federation, Cisco Unified Presence changes the SIP URI of each federated contact from `userid@domain' to the email address of the contact.


Before You Begin

Before enabling Cisco Unified Presence to use the email address for interdomain federation, note the following:

  • If you have not yet attempted to federate with the foreign domain, and you wish to enable email for federation, we recommend that you enable this setting before the end users begin to add any federated contacts.
  • You must alert the system administrator of the foreign domain that you are using email address for federation, and that the end users in the foreign domain must specify an email address when adding a federated contact to their contact list.
  • If you are already federating with the foreign domain, and you wish to enable email for federation, before enabling this setting, you must alert the system administrator of the foreign domain that the end users in the foreign domain must remove the existing federated contacts in their contact list, and add these federated contacts again specifying an email address.


Procedure
  1. Select Cisco Unified Presence Administration > Presence > Settings.
  2. Check Enable Email ID for Federation.
  3. Read the warning message, and click OK.
  4. Click Save.


Related Topics


Configuring the Federation Routing Parameter

Before You Begin
  • When you first install Cisco Unified Presence, the federation routing parameter is automatically set to the FDQN of the publisher node and is then passed down to each subscriber node.
  • If you are upgrading (to Cisco Unified Presence 7.0.3 or later) from a previous version, the federation routing parameter is automatically set to the FDQN of the publisher node only if the value was not already set.


Procedure
  1. Select Cisco Unified Presence Administration > System > Service Parameters.
  2. Select the Cisco Unified Presence server from the Server menu.
  3. Select Cisco UP SIP Proxy from the Service menu.
  4. Enter the FQDN value for the Federation Routing CUP FQDN parameter in the Federation Routing Parameters (Clusterwide) section.

Notes:

  • This FQDN value must be a public FQDN, and it cannot have the same value as the actual FQDN of the routing Cisco Unified Presence server if you have users assigned to the routing Cisco Unified Presence server.
  • This FQDN value must correspond to the _sipfederationtls entry in the public DNS for that Cisco Unified Presence domain.

5. Click Save.


Related Topics


Creating a new TLS Peer Subject

When you import the Cisco Adaptive Security Appliance security certificate onto Cisco Unified Presence, the Cisco Adaptive Security Appliance is automatically added as a TLS Peer Subject on Cisco Unified Presence. Therefore you do not need to manually add Cisco Adaptive Security Appliance as a TLS peer subject on Cisco Unified Presence.


Procedure
  1. Select Cisco Unified Presence Administration > System > Security > TLS Peer Subjects.
  2. Click Add New.
  3. Enter the external FQDN of the Access Edge Server in the Peer Subject Name field. This value must match the subject CN of the certificate that the Microsoft Access Edge server presents.
  4. Enter the name of the Access Edge or Access Proxy server in the Description field.
  5. Click Save.


Related Topics


What To Do Next

Adding the TLS Peer to the Selected TLS Peer Subjects List


Adding the TLS Peer to the Selected TLS Peer Subjects List

Before You Begin

Create a new TLS peer subject.


Procedure
  1. Select Cisco Unified Presence Administration > System > Security > TLS Context Configuration.
  2. Click Find.
  3. Click Default_Cisco_UPS_SIP_Proxy_Peer_Auth_TLS_Context.
  4. Select all cyphers from the list of available TLS ciphers.
  5. Click the down arrow to move these cipher selections to Selected TLS Ciphers.
  6. From the list of available TLS peer subjects, click the TLS peer subject that you configured in the previous section.
  7. Click the down arrow to move the selected TLS peer subject to Selected TLS Peer Subjects.
  8. Check Disable Empty TLS Fragments if you are federating with Microsoft OCS.
  9. Click Save.


Related Topics


What To Do Next

DNS Configuration


DNS Configuration

In the local Cisco Unified Presence enterprise, Cisco Unified Presence must publish a DNS SRV record for the Cisco Unified Presence domain to make it possible for other domains to discover the Cisco Unified Presence server through DNS SRV. The Microsoft enterprise deployment requires Cisco Unified Presence to publish a DNS SRV record for the Cisco Unified Presence domain because you configure Cisco Unified Presence as a Public IM Provider on the Access Edge server.


In the Cisco Unified Presence enterprise deployment, you need to configure a DNS SRV record that points to _sipfederationtls._tcp.<CUP_domain> over port 5061where <CUP_domain> is the name of the Cisco Unified Presence domain. This DNS SRV should point to the public FQDN of the routing Cisco Unified Presence server.


In order for Cisco Unified Presence to discover the foreign domain, a DNS SRV record must exist in the DNS server of the foreign domain that points to the FQDN of the external interface of the foreign domain.


Tip Use this sequence of commands for performing a DNS SRV lookup:

nslookup
set type=srv
_sipfederationtls._tcp.<domain>


Related Topics


Configuring Static Routes Using TLS

If the Cisco Unified Presence server cannot discover the external domain using DNS SRV, you must configure a static route on Cisco Unified Presence that points to the external interface of the foreign domain.


Procedure

1. Select Cisco Unified Presence Administration > Presence > Routing > Static Routes.

2. Configure the static route parameters as follows:

  • The Destination Pattern value needs to be reversed. It must be in the following format `.com.domain.*', for example `.com.cisco.*'.
  • The Next Hop value is the external Access Edge FQDN or IP address.
  • The Next Hop Port number is 5061.
  • The Route Type value is domain.
  • The Protocol Type is TLS.

3. Click Save.


Related Topics


Configuring the Cisco Unified Presence Domain from the CLI

If you have not enabled DHCP, use this procedure to configure the Cisco Unified Presence domain from the CLI.


Procedure

1. Log in to the administrator CLI on Cisco Unified Presence.

2. Enter this command to display the current network settings:

show network eth0

3. If the domain is not configured and DHCP is disabled, configure the domain to be the same as the Cisco Unified Presence proxy domain. Enter this command:

set network domain <domain name>

4. Enter y at the prompt to confirm the changes.

This server automatically restarts. This can take up to 5 minutes.

5. When the sever had restarted, enter this command to confirm you have configured the domain:

show network eth0


Related Topics

Rating: 0.0/5 (0 votes cast)

Personal tools