Cisco Jabber - Session Presentation

#CLUS

Shane LongTechnical Marketing EngineerBRKCOL-2221

Have you heard about the latest functionality?

Cisco Jabber

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS

Agenda

• Recent Highlights

• Configuration

• Security

• Media Enhancements

• Meeting Experience

• Jabber in VDI

• Jabber team messaging mode

• Looking ahead

• Summary

BRKCOL-2221 3

Questions? Use Cisco Webex Teams to chat with the speaker after the session

Find this session in the Cisco Live Mobile App

Click “Join the Discussion”

Install Webex Teams or go directly to the team space

Enter messages/questions in the team space

How

Webex Teams will be moderated by the speaker until June 16, 2019.

1

2

3

4


Cisco Webex Teams

cs.co/ciscolivebot#

4

BRKCOL-2221


Some highlights of recent Jabber releases

Jabber 12.0 Jabber 12.1 Jabber 12.5 Jabber 12.6

IM&P Persistent Chat

for Mobile

Chromebook support

Multiline

Phone Mode with Contacts

`

Active Control (CMS)

SIP OAuth

Team messaging

modeComing Soon

Jabber 12.7

Jabber config tool

Jabber VDI Update

`

Meeting Controls (Webex)

and much more…2018

MARCH

2019

AUGUST

BRKCOL-2221 5

Jabber Configuration


A Brief History of Cisco UC Client Configuration

IP Communicator• Manual• Virtual MAC Address

Unified Personal Communicator• Registry Keys• Unified Presence Server

Jabber 9.x-12.1• DNS SRV• jabber-config.xml (manual XML)• Service Profiles

Jabber + UC Manager12.5• DNS SRV• Service Profiles (including jabber

configuration)

New!

BRKCOL-2221 7


Jabber Premise Pre- UC 12.5 Configuration Architecture

End User

Group

CTI

Group

IM&P UC Service

CTI UC Service

VoicemailUC Service

ConferenceUC Service

Directory UC Service

Default

jabber-config.xml

FileIM&P

enabled

Devices

User

Service Profile

Group Membership

assigned

membership of group

membership of group

Mobile Device

CSF Device

Desk Phone

Home

Cluster“Desktop config”

XML File

“Mobile config”

XML File User

association to devices

• Can be complex to manage• User needs a device to have a

non default configuration

BRKCOL-2221 8


Jabber On Premise 12.5 Configuration Architecture

End User

Group

CTI

Group

IM&P UC Service

CTI UC Service

VoicemailUC Service

ConferenceUC Service

Directory UC Service

IM&P

enabled

Devices

User

Service Profile

Group Membership

User

association to devices

assigned

membership of group

membership of group

Mobile Device

CSF Device

Desk Phone

Home

ClusterJabber Client

Configuration New

in UCM 12.5

BRKCOL-2221 9


UC Manager Jabber Configuration Tool

• UC Manager based Jabber configuration tool

• No more error prone XML file editing

• Specify key and value

• User/Group based configuration using service profile

• Desktop and mobile specific configurations

• Cluster wide

BRKCOL-2221 10


UC Manager Jabber Configuration ToolCommon Settings

Desktop Specific Settings

Mobile Specific Settings

Service Profile User

Jabber desktop (CSF) will apply <Common> and <Desktop> specific configurations

Jabber mobile (TAB, TCT, BOT) will apply <Common> and <Mobile> specific configurations

1. UC Service for Commonand optionally for Desktopand Mobile

2. Apply each UC Service type to specific section in Jabber Client Configuration profile

3. Apply Configuration to the Service Profile

BRKCOL-2221 11


Jabber Configuration RetrievalJabber config

download begin

Jabber Client Configuration

Profile configured???

Jabber device specific configconfigured???

Use default jabber-config.xml

no

no

yes

yes

https://{cucm}:6972/JABXXX.cnf.xml

https://{cucm}:6972/userDefind.xml

https://{cucm}:6972/jabber-config.xml

Build Config URLDownload

config

• Jabber will download NEW Jabber Configuration Profile if available

• If Jabber Configuration is NOT available, Jabber will download

a) Device specific config (Cisco Support Field)

b) Default jabber-config.xml

• Jabber 12.5+ is backward compatible with default jabber-config.xml.

• UC Manager upgrade will not break existing config!

Generated by username, such as:6972/amckenzie.cnf.xml

BRKCOL-2221 12


Fast Login• After initial login, Jabber will read local config

cache and login to services in parallel

• Allows for faster login

• Allows for login even if some critical services are offline (offline login)

Cached

Settings

on device

Config

Refresh

BRKCOL-2221 13

• Background config refresh• ~0-5 mins of Jabber launch

• ~7-9 hours of active Jabber session

• All Jabber cache is encrypted! (config,

chat/call history, tokens etc)read

connect

• For testing/debugging purposes use

“Refresh configuration”

Security Update


Jabber Security FAQ Question 1

Q) What data does Jabber store on a device?

BRKCOL-2221 15

A) Jabber configuration, call/chat history, contact lists, cached user credentials/OAuth token

All files are ENCRYPTED before being written to disk(AES-256-CBC)

Windows: Domain Login/Windows APIMac/iOS: KeyChainAndroid: Keystore


OAuth Refresh Tokens

• UC Manager 11.5SU3+ provides support for OAuth Refresh tokens

• Once authenticated, Jabber is issued with

• Access Token

• Refresh Token

• The Access Token has a short lifetime (60 mins). The Access token is used to gain access to a service. e.g. Cisco UDS.

• The Refresh Token has a long life (60 days default). The Refresh Token is used to retrieve a new Access Token either before the current Access Token expires or at Jabber start up. The Refresh Token is stored on disk (encrypted) and is available across sessions (including non persistent VDI desktops)

UDS

XCP

UC Manager OAuth Service

OAuth Refresh Tokens can be deployed

independently of SSO (SSO is recommended!)

BRKCOL-2221 16


OAuth Flow (On Prem)

UC Manager

Authorisation

1. On a first time login, Jabber connects to UC Manager authorization service and is redirected to the configured authentication service (Jabber does not have an access token yet)CUCM

Auth

LDAP

Auth

SSO/IDP

Authentication

Authorised

Users Only

(Token required)

UC Manager

UDS Service

IM&P

Chat Service

Unity Connection

Voicemail

BRKCOL-2221 17



UC Manager

Authorisation

2. Jabber connects to authentication service. Authentication is performed – e.g. username/password, SSO auth etc. Jabber receives authentication assertionCUCM

Auth

LDAP

Auth

SSO/IDP

Authentication

Authorised

Users Only

(Token required)

UC Manager

UDS Service

IM&P

Chat Service

Unity Connection

Voicemail

authentication

BRKCOL-2221 18



UC Manager

Authorisation

3. Jabber uses assertion to request Access token and Refresh token from UC Manager authorisation service

CUCM

Auth

LDAP

Auth

SSO/IDP

Authentication

Authorised

Users Only

(Token required)

UC Manager

UDS Service

IM&P

Chat Service

Unity Connection

Voicemail

Refresh token

Access token

BRKCOL-2221 19



UC Manager

Authorisation

4. Jabber uses the Access token to gain access to configured services. Jabber can now use these services e.g. UDS, IM&P, voicemail

CUCM

Auth

LDAP

Auth

SSO/IDP

Authentication

Authorised

Users Only

(Token required)

UC Manager

UDS Service

IM&P

Chat Service

Unity Connection

Voicemail

Refresh token

Access token

BRKCOL-2221 20



UC Manager

Authorisation

5. The access token has a lifetime of 60 minutes. Jabber will use the Refresh token to request a new Access token at 0.75 times the Access token life (45 minutes)

CUCM

Auth

LDAP

Auth

SSO/IDP

Authentication

Authorised

Users Only

(Token required)

UC Manager

UDS Service

IM&P

Chat Service

Unity Connection

Voicemail

Refresh token

Access token

BRKCOL-2221 21



UC Manager

Authorisation

6. Jabber uses the renewed Access token to maintain access to configured services. The new Access tokens timer starts again (60 mins)

CUCM

Auth

LDAP

Auth

SSO/IDP

Authentication

Authorised

Users Only

(Token required)

UC Manager

UDS Service

IM&P

Chat Service

Unity Connection

Voicemail

Refresh token

Access token

BRKCOL-2221 22



UC Manager

Authorisation

7. The Refresh token expires after 60 days. The user will need to re authenticate once the Refresh token expires. One authentication has taken place, a new Refresh token and Access token will be grantedCUCM

Auth

LDAP

Auth

SSO/IDP

Authentication

Authorised

Users Only

(Token required)

UC Manager

UDS Service

IM&P

Chat Service

Unity Connection

Voicemail

authentication

BRKCOL-2221 23



• As the Refresh token is about to expire, the user will be prompted to refreshtheir session (Jabber will use its active Refresh token to retrieve a new Refresh token)

• The user is prompted once per day from 3 days out of expiry (for 60 day lifetime)

• If the Refresh token expires, the user will be prompted to renew their session. This will require a re-authentication

BRKCOL-2221 24


OAuth Refresh Tokens• OAuth Refresh tokens can be enabled from System > Enterprise

Parameters

• Observe the default timers!!

• For MRA, OAuth Refresh tokens can be enabled on Expressway

• OAuth tokens can be revoked (per user) from UC Manager

• OAuth will GREATLY ENHANCE the APNS experience

BRKCOL-2221 25


MRA Access Policy

• OAuth Access tokens define a scope of capabilities

• Ability to configure Users MRA capabilities using OAuth scope.

• Configurable on a per user basis

• MRA enablement

• Desktop MRA enablement

• Mobile MRA enablement

• IM&P, voice and video enablement

• UC Manager 12.5 and Expressway X8.10 required

BRKCOL-2221 26



27BRKCOL-2221

Q) Does Jabber support Multi Factor Authentication (MFA)?

A) Jabber can be deployed with MFA by enabling SSO and configuring the Identity Provider (IDP) to require 2 or more types of authentication. e.g. certificate and pincode.

Jabber offloads SSO authentication to the local OS (e.g. IE on Windows, Safari on Mac/iOS, OpenSSL on Android)



28BRKCOL-2221

Q) Can Jabber be locked down to corporate managed devices?

A) A device needs something unique to identify securely itself to a system. E.g. MAC address, certificate etc.SSO can be deployed with certificate based authentication. Certificates can be deployed to corporate devices only.


Jabber On Premise Interfaces – pre UCM 12.5

Expressway - MRA

UC Manager - UDS

IM&P – message, presence, contacts

Unity Cxn – visual voicemail

UC Manager – Softphone (Secure SIP)

Oauth Access token

CTL file (certificate)

BRKCOL-2221 29


Securing the SIP Interface

• UC Manager SIP interface is not secure by default (out of the box)

• When Jabber registers in softphone mode, SIP is sent over a TCP session (TCP 5060)

• Jabber will send voice, video and video desktop share over an unencrypted UDP stream

• In UC Manager pre 12.5, UC Manager would be need to be deployed in “Mixed Mode” to enable SIP and media over TLS (secure SIP and media)

• This is a cumbersome process for Jabber as the device needs to be CAPF enrolled by the user.

• May require an authentication string on first time login

• CAPF enrolment over MRA is not supported

• UC Manager 12.5 adds support for OAuth Access token based auth on the SIP interface

• This allows Jabber to send/receive SIP and media over TLS without CAPF enrolment

BRKCOL-2221 30


To Enable SIP OAuth (UC Manager 12.5 or later)

• OAuth Refresh Tokens must be enabled!

• From the UC Manager CLI run the following command

utils sipOAuth-mode enable

• System > Security > Phone Security Profile

• Set the Device Security Profile on each device (CSF, TAB, TCT, BOT)

BRKCOL-2221 31


SIP Oauth - Signalling

• Jabber will default to connecting to UC Manager (SIP interface) on TCP 5090/5091 when SIP OAuth is enabled (System>Cisco Unified CM)

• No more SIP in plaintext!

• Ensure TCP 5090/5091 is open on UC Manager

show open ports regexp 5090

TCP(cucm.domain.com:5090)

BRKCOL-2221 32


SIP OAuth - Media

• Jabber clients that establish a secure SIP session with UC Manager are capable of secure voice, video and video desktop share (sRTP)

• CAPF enrolled

• SIP OAuth

• Both endpoints in the call need to be sRTP enabled

• Look out for the lock icon!

• Media port range is still defined in the SIP Profile

BRKCOL-2221 33



34BRKCOL-2221

Q) What is the a security best practice for Jabber deployment while maintaining a great user experience

A) Enable SSO.Enable OAuth refresh tokens.Enable SIP Oauth.

Media Enhancements(and Proximity)


Jabber Media Flow over MRA

• Jabber MRA user calls a Jabber user on corporate network

Exp-EExp-C

Corporate Network

Internet

DMZ

Media Path

UC Manager

BRKCOL-2221 36

• Media will be routed via Expressway pair

Remote User


Remote User

Remote User

Jabber Media Flow over MRA – Pre UCM 12.5

Exp-EExp-C

Corporate Network

Internet

DMZ

Media Path

UC Manager

• Both Jabber clients are now registered via MRA

BRKCOL-2221 37

• Media will be hairpinnedvia the Expressway-C

• Added latency

• Bandwidth consumption at Edge


Remote User

Remote User

ICE Media Optimization – UCM 12.5

Exp-EExp-C

Corporate Network

Internet

DMZ

Media Path

UC Manager

• UC Manager 12.5 offers support for ICE media

• Both Jabber clients are registered via MRA

BRKCOL-2221 38

• By enabling ICE Support Media will be sent point to point – media does not traverse Expressway

• Typically less latency• Reduced bandwidth

requirements at the edge


ICE Media Requirements

• Both endpoints need to be running in secure SIP/RTP mode

CAPF enrolled device

OR

SIP OAuth device profile

• Server Requirements

• UC Manager 12.5+

• Expressway X8.12+

• Jabber 12.6+

• Jabber 12.6 now supports up to 1080p video!

BRKCOL-2221 39


Desktop Share Enhancements

• Improved Desktop Sharing Experience

• Single window mode

• Video Desktop Share Quality – Jabber now has frame rate adaption for desktop share

• Wireless Sharing (Proximity)

• Wireless screen share to premise registered endpoints

• Cisco MX, SX, DX and IX Series, and Room Series devices supported

BRKCOL-2221 40

Meetings Experience


New Meetings Experience for CMS and Webex

Jabber has added rich meeting controls for softphone

• Active Control for CMS

• Meeting Controls for Webex

Layout Controls

Meeting Roster

Participant controls

Recording controls

42BRKCOL-2221


Meetings Experience– Layout Controls

• Users can choose their meeting experience with multiple layout options

• Automatic

• Equal

• Prominent

• Single

• Overlay

Equal

OverlaySingle

Prominent

BRKCOL-2221 43


Meeting Experience - Participant List

• Joined participants and invited participants shown

• Participant Controls

• Mute

• Lock

• Drop

BRKCOL-2221 44


Active Controls – Jabber & CMS

FunctionJabber

Desktop

Jabber

Mobile

Show participant List Yes Yes

Change the Layout Yes Yes

Show the active Speakers Yes Yes

Show presenter Yes Yes

Add a participant Yes Yes

Mute/Unmute a participant Yes Yes

Drop a participant Yes Yes

Lock/Unlock conference Yes Yes

Start/Stop recording Yes Yes

Mobile Remote Access Yes Yes

BRKCOL-2221 45


Active Control DeploymentSIPMediaIX Protocol (Active Control)

CMS

Ensure iX is enabled on the SIP Profile of device and SIP Trunk to CMS

BRKCOL-2221 46


Configuring Jabber with CMS Space Address

• Administrator can pre-configure users CMS space SIP URI/DN in Jabber (so they can escalate to it)

• So your users do not have to do it!

• Example, create your CMS spaces with the schema of uid@domain

• Alice Holland (aholland) has a personal CMS space ([email protected])

• Add the following jabber config

[email protected]

Alice Hollands Space

BRKCOL-2221 47

<EnableBridgeConferencing>true<EnableBridgeConferencing><UserBridgeUriAdmin>%%uid%%@cms.example.com<UserBridgeUriAdmin>


Webex Meeting Controls

BRKCOL-2221 48

FunctionJabber

Desktop

Jabber

Mobile

Show participant List Yes Yes

Change the Layout Yes Yes

Show the active Speakers Yes Yes

Mute/Unmute a participant Yes Yes

Drop a participant Yes Yes

Lock/Unlock conference Yes Yes

Start/Stop recording Yes Yes

PIN meeting Yes Yes

Lobby Admit Yes No

Assign Host Yes No

Leave and assign host Yes No


Webex Meetings Controls Architecture

49BRKCOL-2221

SIP

Media

HTTPS (Meeting Controls)

Firewall Requirements (all outward)

*.wbx2.com TCP 443

*.webex.com TCP 443

*.ciscospark.com TCP 443

*.clouddrive.com TCP 443


How Jabber Populates its Calendar1. Service Profile details

Jabber Conference Service (Webex site)

2. Jabber retrieves calendar from Outlook (Google calendar and Lotus Notes also supported)

3. Jabber adds Webex dial into details from Webexschedule

4. User can join meeting using Jabber (voice/video or cross launch of WebexMeetings app)

Service Profile

1 3

2

4

BRKCOL-2221 50


Jabber Meeting Experience

• Did you know Jabber has One Button to Push (OBTP) capabilities?

• User presented with Meeting reminder 5 minutes before scheduled meeting

Add one to your jabber-config

<ConfMediaType>BridgeOnly<ConfMediaType>

<ConfMediaType>WebExOnly<ConfMediaType>

BRKCOL-2221 51

Q) Does 2 meeting join options

confuse your endusers?

Join via SIP

Cross launch Webex

Jabber in VDI


Problem: Softphone in VDI

53BRKCOL-2221

Virtual Desktop

Virtual Desktop

Cisco Unified

CM

Thin

Client

Display Protocol

Thin

Client

Media Flow

Data Center

Signalling

Signalling

Display Protocol

Media Flow

53

• Media Hairpinning• Decoded media

embedded inside display protocol

• Bandwidth Explosion• Latency• Jitter• Bad UX• QoS is impossible


Solution: Jabber VDI

54BRKCOL-2221

Virtual Desktop

Virtual Desktop

Cisco Unified

CM

Thin

Client

Display Protocol

Thin

Client

Media

Flow

Data Center

Signalling

Signalling

Display Protocol

JVDI

JVDI

• Media offloaded to the endpoint/thinclient

• Point to point media• No processing cost to

VDI architecture• No bandwidth

explosion• No media

processing on VDI


Jabber VDI – Deployment Topology

55BRKCOL-2221

Virtual Desktops

Infrastructure

Endpoints

Datacenter

Users

1. Infrastructure – CUCM, Expressway etc.

2. Virtual Desktops – VDI Agent, Jabber for Windows, JVDI Agent

3. Endpoints - VDI Client, JVDI Client


Jabber VDI Architecture Update

• VXME is now call JVDI

• JVDI 12.6 has undergone a re-architecture

• Faster to market with features

• User experience alignment

• Current available features include

• Mobile Remote Access

• Video Desktop Share (BFCP)

• Active Control/Webex Meeting Controls

• 64 bit Windows support

• SIP OAuth

• N-2 upgrade path

• More features coming soon!

BRKCOL-2221 56

Jabber VDI

Update

Supported with Citrix and VMware


Jabber VDI - Registration

57BRKCOL-2221

Endpoint(Thin Client or PC)

VDI

Cisco Jabber

VDI Agent

VDI Client

SIP Signaling

Display Protocol API / Virtual Channel RTP Media (Voice, Video)

Data Centre

CTI ManagerSIP Line

CTI Signalling

Virtual Channel Broker

Jabber VDI Client


Jabber VDI – Making a Call

58BRKCOL-2221 58BRKCOL-2221

Endpoint(Thin Client or PC)

Jabber VDI Client

VDI

Cisco Jabber

VDI Agent

VDI Client

SIP Signaling


Data Centre

CTI ManagerSIP Line

CTI Signalling



Jabber VDI - MRA

59BRKCOL-2221 59BRKCOL-2221 59BRKCOL-2221

VDI

Cisco Jabber

VDI Agent

SIP Signaling


Data Centre

CTI ManagerSIP Line

CTI Signalling


Endpoint

Jabber VDI Client

VDI Client

VDI Access

Jabber Headset Integration


Cisco Headsets

520 Series 530 Series 560 Series Standard Base

560 Series Multibase

Models in Series 521/522 531/532 561/562 561/562

Planned GA Now Shipping! Now Shipping! Now Shipping! Now Shipping!

Type Wired Wired with Quick Disconnect Wireless (DECT 6.0) Wireless (DECT 6.0)

Designed for Office Contact Center Office / Contact Center Office / Contact Center

Simultaneous connections 1 1 1 3

Connectors (included) 3.5mm and USB Adapter QD to RJ9 (for phones)or QD to USB Adapter

USB-A and RJ9/RJ11(Y cable)

2 USB-A and RJ9/RJ11(Y cable)

Firmware Update via UC

Manager & Jabber

BRKCOL-2221 61

Jabber team messaging mode


Jabber is Modular

Multiple Communication functions

Multiple Device Platforms

• Cisco Jabber is a flexible communications client

• Flexible operating modes means an organisation can configure the Jabber experience they need…

• Phone only mode• IM only mode• Full UC mode

• Jabber provides a new operating mode optimized for “team messaging”……

• Desktop and Mobile coming in Jabber 12.6

BRKCOL-2221 63


Jabber team messaging mode• Jabber uses Webex Teams platform for messaging (1:1 and spaces)

• Jabber uses on prem/hosted services for calling, voicemail, directory

• This is NOT the same as Jabber to Teams Interop (Hybrid Messaging)

Messaging Service

Presence Service

Contacts Service

UC Manager/HCS

Unity Connection

Corporate Directory

Mobile Remote AccessCisco Jabber

BRKCOL-2221 64


Today

UC Manager

Webex Meetings

IM&P Messaging

UC Manager

Webex Meetings

IM&P Messaging

UC Manager

Webex Messaging

Webex Meetings

Webex Calling

Webex Messaging

Webex Meetings

UC Manager

Webex messaging

Webex Meetings

BRKCOL-2221 65


Webex

DirectoryCallingMessaging Voicemail

UC Manager Unity Cxn LDAP/UDS

Jabber

Premise

MessagingContacts/Directory

Contacts

Meetings

Meetings

BRKCOL-2221 66


Features - Chats

• Recognizable Jabber conversation window experience

• Persistent 1:1 conversations

• Persistent Space conversations

• List of members can be toggled on/off

BRKCOL-2221 67


Features - Search

• New search capabilities

• Search for contacts

• Search for messages

• Search for files

BRKCOL-2221 68


Features - Contacts

• Personal Contact List

• Search Corporate, Outlook contacts

• Add/Delete contacts

• Contact card

• Migration of contacts from IM&P/Messenger to Jabber team messaging mode

• Contacts must be Webex Teams Users – exist in CI database

BRKCOL-2221 69


Features - Presence

• Webex Teams platform provides the Jabber client with presence

• Supports both

• Time based presence

• Active based presence(Phone presence is reported by Jabber Client)

Active

On a call

In a meeting

Do not disturb

Out of Office

Including Webex meeting

UC Manager based

UC Manager based

Active x minutes ago

BRKCOL-2221 70


Features - Files

• Persistent file sharing

• Post/download files

• Inline file preview

• New files tab

• List / Preview views

• Control Hub Policy

BRKCOL-2221 71


Features – Calling• Jabber will still use UC Manager/HCS

for calling capabilities• The calling feature set is not impacted

by moving messaging to team messaging

• Mode: Softphone, Deskphone, Extend & Connect

• Platforms: Desktop, Mobile, VDI• Features: Multiline, Hunt Groups,

Pickup, Far End Camera Control, Built in Bridge, Active Control etc

BRKCOL-2221 72


Features - Calling

• Leverage Jabber’s rich telephone features

Answer Decline Mute

History

Hold Call Forward

Headset Voicemail

Call Transfer Conference

Far EndCameraScreen ShareCall Pickup Hunt Group

CallRecord

CallMonitor

CTI ControllableSoft Phone

Mobile Remote Access Multi-Line

Many more feature provided by UC Manager

VDI

BRKCOL-2221 73


Configuration1. Services>Message

Enable Jttm in Control Hub (admin.webex.com)

2. Wizard to configure UC Manager integration opens.

Is your Webex Teams domain the same as your UC Manager domain?

(voice service domain)

If Yes:

Check the box.

You are done!

If No:

Do not check the box.

The wizard will continue

DNS_cisco-uds._tcp.example.com_collab-edge._tls.example.com

Voice Services Domain=example.com

BRKCOL-2221 74


Configuration – Voice Services Domain

• If your Voice Services Domain is NOT the same as the Webex Teams domain

• Create a profile and specify the Voice Services Domain

• Jabber will perform SRV queries for UDS and COLLAB-EDGE using this domain

DNS_cisco-uds._tcp.barcelona.example.com_collab-edge._tls.barcelona.example.com

Voice Services Domain=barcelona.example.com

[email protected]

BRKCOL-2221 75


Configuration – User Enablement

• Team messaging mode enabled at a user level

• Users>Services>Messaging

Contact Migration Required

• Only enable if users XMPP contacts need to be migrated to team messaging mode (discussed later in this presentation)

Enable Jabber calling

• Required to enable calling in Jabber when in team messaging mode

• Bulk user provision for Jabber team messaging mode can be done via CSV file

BRKCOL-2221 76


Architecture - Service Discovery

1

IDP2

3IDP

4

1. Jabber queries Webex Teams Service for domain tmedemo.com and user jvalluri

2. Webex Teams service redirects Jabber to IDP

3. User authenticates and receives IDP cookie.

4. IDP cookie sent to WebexTeams service. Jabber logs into team messaging mode

TMEdemo.com WebexTeams org is SSO enabled (recommended)

Webex

TeamsWebex

Teams

BRKCOL-2221 77



DNS5

5. Jabber performs DNS SRV queries based on Voice Services Domain and discovers cisco-uds

6. Jabber connects to UC Manager and uses IDP cookie to gain access (and retrieve OAuth tokens).

7. Jabber downloads Service Profile from UC Manager. Jabber performs a SIP registration/CTI connection with UC Manager – telephony will become available at this stage. (Telephony requires “Enable Jabber calling” setting in Control Hub)

8. Jabber then connects to configured services e.g. Directory, Voicemail, Meetings, CTI Server. (Recommended to SSO enable Voicemail and Meetings for the best experience).

HIGHLY RECOMMENDED SSO enable Webex Teams and UCM – with the same IDP!

_cisco-uds._tcp.tmedemo.com_collab-edge._tls.tmedemo.com

6

Webex

Meetings

LDAP

8

7

8

8

BRKCOL-2221 78



• If SSO is not enabled on Webex Teams and UC Manager

• Your enduser will need to perform a manual sign in to UC Manager to enable phone services.

• OAuth tokens will not be available in this mode

• No Refresh Token login flow

• No SIP OAuth capabilities

• Enable SSO on all platforms for the best experience

BRKCOL-2221 79


Architecture- Directory Integration

LDAP or

UDS

• Jabber will connect to Webex Teams contact source

AND on-premise contact source

• Comprehensive detail in the contact card

• Webex Teams service providesDisplay NameEmailAvatar

• Jabber will then perform additional query against on prem contact source (LDAP or UDS)

• On Prem directory service will provide JabberPhone NumbersJob TitleCompany Name

Webex

Teams

LDAP

BRKCOL-2221 80

1 2



LDAP or

UDS

1. Search for contact against Webex Teams contact service

2. Contact Service returns Email, Display Name and Avatar

3. Jabber queries premise contact source via email address.

4. Premise contact service returns Job Title, Phone Numbers etc.

5. Jabber combines the information to provide inside the contact card

Webex Teams

12

3

4

5

+12345678

BRKCOL-2221 81

“chuck robb…”



• By default Jabber will perform directory queries against Webex Teams and then on premise

• ContactSearchSource

Specifies which service Jabber will perform predictive search on

• ContactProfileSource

Specifies the service Jabber will resolve contacts against

82BRKCOL-2221

<ContactSearchSource>CI-UDS-LDAP</ContactSearchSource>

<ContactProfileSource>CI-UDS-LDAP</ContactProfileSource>

Example:

<ContactSearchSource>CI<ContactSearchSource><ContactProfileSource>CI-UDS-LDAP<ContactProfileSource>

Jabber will only search for contacts in CI. Jabber will only find contacts that are synced to WebexTeams platform.Jabber will resolve the contact list using CI and UDS/LDAP. This will provide the most comprehensive contact card


Jabber team messaging mode - checklist

To do Status

Teams org and UC Manager enabled for SSO

User account created in Control Hub and UC Manager

Jabber toggles enabled in Control Hub

SRV Records deployed for UC Manager and MRA

UC Manager Service Profiles created for Meetings, CTI, Voicemail and Directory

WE CANNOT DO A FLASH CUT. WHAT ABOUT INTEROP?

BRKCOL-2221 83


Interop – IM&P to Webex Teams

• Hybrid Messaging Service is deployed as a connector on Expressway C

• AXL used to access User DB on IM&P

• XMPP used for IM&P Messaging

• HTTPS/TLS used for Teams

Webex Teams

Expressway

UC Manager

IM&Presence

XMPP

AXLMessage

Calendar

BRKCOL-2221 84


Interop – IM&P to Webex Teams

1:1 Messaging between Jabber and Webex Teams

Presence Mapping: Teams Presence will be mapped into Jabber presence

Notifications: Message, Message Read, “is Typing”, Missed Messages (in Teams), Message deleted

File transfer: Not supported. (Teams user can post file, Jabber will receive notification to get file in teams web client)

BRKCOL-2221 85


Interop – Webex Messenger

To use Messenger-Teams Interop…

1. Must be Webex Messenger Org*

2. Webex Messenger Org must be enabled for Common Identity (CI)

3. All users must be enabled for WebexTeams & Jabber (free or licensed)

4. Machine account must be provisioned for Jabber access to Webex Teams Spaces (contact your Cisco Team)

Webex Teams

BRKCOL-2221 86


Jabber team messaging mode - checklist

To do Status

Teams org and UC Manager enabled for SSO

User account created in Control Hub and UC Manager

Jabber toggles enabled in Control Hub

SRV Records deployed for UC Manager and MRA

UC Manager Service Profiles created for Meetings, CTI, Voicemail and Directory

Interop is turned on

WHAT ABOUT CONTACT LISTS?

BRKCOL-2221 87


Contact List Migration

Friday Monday

Webex Teams

Contacts

Migrated to Teams

0-5 mins after Jabber start up7-9 hours if Jabber is active

BRKCOL-2221 88


Basic trial of Jabber team messaging mode

• You can trial Jabber team messaging mode without enabling the toggle in Control Hub

• If you do not have access to Control Hub

• Webex Messenger is used in production

1. Reset Jabber

2. Select Advanced settings. (On Windows, you will need to reinstall Jabber and disable UPN Discovery to see Advanced settings)

3. Select Team Messaging and Save. Sign in.

NOTE: Calling will not be available in this mode

msiexec /i CiscoJabberSetup.msi UPN_DISCOVERY_ENABLED=false CLEAR=1 /quiet

BRKCOL-2221 89


Upgrade Management

• Control Hub provides Jabber upgrade management

• Mobile clients still manged from App Stores

90BRKCOL-2221


Considerations to Migrate to team messaging modeConsideration Notes

Management Control Hub & UC Manager

Authentication SSO Enablement recommended

Directory Integration Teams and Prem Directory

Presence Activity Based

Desktop Share Video Desktop Share

Compliance Enterprise Compliance

Federation Federation with Teams Orgs.

Analytics Rich Analytics in Control Hub

Platform APIs Modern REST API service

Software Upgrades Cloud Infrastructure

Security Teams End to End security

BRKCOL-2221 91

Other Information


CIPC EOL Important Dates

https://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/ip-communicator/eol-notice-c51-740383.html

BRKCOL-2221 93


What’s next for Jabber?

BRKCOL-2221 94

• Application Share• Send Voicemail• Team Messaging Mode Enhancements• Multiline for JVDI• CTI Monitoring on Mobile• UX Alignment• And much more…


Jabber UX Alignment – 12.7

95BRKCOL-2221

Dark Mode, Classic View



96BRKCOL-2221

Dark Mode, Modern View



97BRKCOL-2221

Default Mode, Modern View


Summary

• Jabber 12.5 has delivered many on premise feature enhancements

• SIP OAuth provides the best security/user experience

• Jabber is the default CMS application now. Active Controls enhance the meeting experience.

• Jabber config tool makes the administrators life easier!

• Jabber will continue to deliver features for on premise deployments

• 12.6 will see a large investment in Jabber VDI

• Alignment to JCF architecture

• Jabber team messaging mode provides a mechanism for Jabber customers to migrate their messaging workload to the Webex Teams platform. Endusers will maintain the consistent Jabber user experience and UC Manager telephony set.

BRKCOL-2221 98

Complete your online session evaluation

• Please complete your session survey after each session. Your feedback is very important.

• Complete a minimum of 4 session surveys and the Overall Conference survey (starting on Thursday) to receive your Cisco Live water bottle.

• All surveys can be taken in the Cisco Live Mobile App or by logging in to the Session Catalog on ciscolive.cisco.com/us.

Cisco Live sessions will be available for viewing on demand after the event at ciscolive.cisco.com.

© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public#CLUS BRKCOL-2221 99

http://ciscolive.cisco.com/us

https://ciscolive.cisco.com/


Continue your education

100BRKCOL-2221

Related sessions

Walk-in labsDemos in the Cisco campus

Meet the engineer 1:1 meetings

Thank you

#CLUS

Cisco Jabber - Session Presentation

Documents

Transcript of Cisco Jabber - Session Presentation