WebEx Event Center Mobile Support

Yes, it must be a sure sign of the apocalypse. Event Center is finally supported on iOS and Droid. Imagine being able to join an event center hosted Webex meeting from the road… I’ve only been asking for this for the last five years. ūüôā

Upgrade to Webex 7.0 client and WBS 29.8 and life will be as sweet as candy.

The more important feature in 7.0 is management of your Personal Meeting Room (WBS 29.11).

I’ll detail PMR soon, but it is a huge step forward in making it easy for people to join Webex. Your PMR meeting ID/URL is always stays the same. No pesky meeting IDs to remember. You can join from video phone, TP unit (think DX, EX, SX, etc.), or any Webex client.

Advertisements

Intelligent Proximity for Telepresence endpoints

TC 7.1.2 code was recently posted to CCO.¬† This version of code supports the experimental (or feature preview) “Intelligent Proximity” feature.¬† This feature allows your Apple iPad or iPhone (iOS 7+) to pair with the endpoint (C, EX, SX, MX-series) using “ultrasound” (~21kHz), perform simple call control (dial/answer), and view content being shared by the device on your iPad/iPhone.

Administrator Configuration

  • Login as administrator to the telepresence codec that you want to enable the feature on.
  • Make sure it is on 7.1.2 code.
  • Under System Configuration search for byod
  • Turn the Mode to On

Note: the ultrasound volume is independent of the normal audio volume.¬† There are CLI configuration commands to change the volume of the ultrasound pairing signal.¬† The default is optimized for stand-alone (e.g. MX-series) room units.¬† I’ve had no problems making it work on a C40, SX20, Profile 55, MX 300 G2, and MX200.¬† If your codec is connected to an amplified room audio system, you may need to change the volume if you are having inconsistent results.

Ultrasound is used just for the pairing of the iOS device, not for content sharing or codec control.  Those functions are done over IP via the WiFi network.  Therefore, your iOS device will need to be on a WiFi network that has connectivity to the codec.

The ultrasound signal runs at about 21kHz which typically is a high enough frequency to stay in a single room.  It actually contains an encoded security token that validates that you are in the room currently.  If the ultrasound signal is no longer sensed, the IP connectivity will be dropped.  This is to prevent a user from seeing content on their iOS device without being present in the room.

 

End-user configuration/usage

Search for Proximity on the App Store and install it (free application).

Join a WiFi network that has connectivity to the Telepresence Codec.

Enter the room that the codec is in they want to pair with.  The Proximity app asks for permission to use their microphone.  This is a requirement so that the iOS device can detect the ultrasound signal from the codec.  If they deny permission to use the microphone the app will not work.

When the app hears the ultrasound it will connect via IP to the codec.  IF the codec is not in a call they will be allowed to dial or answer.  If the codec is in a call and content is being shared, they will see the content on their device.  Depending on the number of snapshots configured in the BYOD section, the user will be allowed to scroll back to see content they may have missed (if they came into the meeting late), or want to refer back to.

It’s very cool!

CUBE SIP Lineside Phone Proxy Configuration

Today I finally worked through getting a Cisco 9971 SIP phone to register to CUCM via CUBE lineside SIP proxy for a tech session I am presenting in a few weeks.¬†¬† A few notes follow…

Go grab IOS 15.3(3)M2 code and put it on the router you’re using.

The CUBE Cisco Unified Communications Manager Line-Side Support¬†configuration guide is a train wreck and has multiple errors and omissions.¬† Work through it but make the following changes…

From the Guide…

In the Configure a PKI Trustpoint section make on step enter the line as “crypto pki trustpoint self-trustpoint” (or another unique name that will be used below in a later step).

There is a critical step missing in this section. ¬† Step 8 which actually enrolls the trustpoint.¬† Type “crypto pki enroll self-trustpoint” (or the unique name yo used when defining the trustpoint.

In the Importing the CUCM and CAPF Key section don’t forget to repeat the process twice, once for the CallManager.pem certificate, and once for the CAPF.pem certificate.¬† Call the CAPF trustpoint “capf-trustpoint.”

In the Creating a CTL File section Step 2 – the name of the trustpoint is “self-trustpoint” (ignore the 6s), or the unique name you assigned above.

In Step 3 the capf-trustpoint name is “capf-trustpoint” (ignore the 6s)

 

Quit following the configuration guide at this point.

Now bail on the configuration guide and add this to your configuation.  Please note, if you are alreadying doing CUBE or SIP turnks to you gateway YOU MAY NOT WANT TO PASTE THIS IN TO A PRODUCTION VOICE GATEWAY!!

Enable CUBE (recall this is a licensed feature from Cisco)

voice service voip
no ip address trusted authenticate¬† !- DANGER DANGER DANGER — This is disabled by default and enabling this could open your gateway to TOLL FRAUD.¬† My system is isolated, and I used this command to allow CUBE to pass RTP from the outside to the inside in my lab environment.¬† Consult Cisco documentation before enabling this on a CUBE that is exposed to the internet!
allow-connections sip to sip
sip
header-passing
registrar server
nat auto
pass-thru headers unsupp
pass-thru subscribe-notify-events all
pass-thru content unsupp
registration passthrough
extension cucm
!
!

Define your URIs that will be modified

This is the outside interface of CUBE
voice class uri 1 sip
host ipv4:10.21.1.1

This is the inside interface of CUBE

!
voice class uri 2 sip
host ipv4:10.25.1.20

This is the CUCM Publisher

!
voice class uri 3 sip
host ipv4:10.25.1.60

Build the requisite SIP profiles – These can be cut and pasted EXCEPT for the part in Bold that needs to be changed to your CUCM PUB IP address before pasting

voice class sip-profiles 10
request INVITE peer-header sip contact copy “>(;.*)” u01
request REGISTER peer-header sip contact copy “>(;.*)” u02
request INVITE sip-header Cisco-Guid remove
request INVITE sip-header Contact modify “(.*)” “\1\u01”
request REGISTER sip-header Contact modify “(.*)” “\1\u02”
!
voice class sip-profiles 11
request INVITE peer-header sip contact copy “>(;.*)” u01
request INVITE peer-header sip SIP-Req-URI copy “sip:([^@]*@)” u02
response 200 peer-header sip contact copy “>(;.*)” u03
request CANCEL peer-header sip SIP-Req-URI copy “sip:([^@]*@)” u04
request INVITE sip-header Cisco-Guid remove
request INVITE sip-header Contact modify “(.*)” “\1\u01”
request INVITE sip-header SIP-Req-URI modify “.*” “INVITE sip:\u0210.25.1.60 SIP/2.0″
response 200 sip-header Contact modify “(.*)” “\1\u03”
request CANCEL sip-header SIP-Req-URI modify “.*” “CANCEL sip:\u0410.25.1.60 SIP/2.0″
!
voice class sip-hdr-passthrulist 10
passthru-hdr Remote-Pary-ID
passthru-hdr Call-Info
passthru-hdr Content-ID
passthru-hdr supported
passthru-hdr require
passthru-hdr Referred-By
!
voice class sip-copylist 10
sip-header SIP-Req-URI
sip-header contact
!
voice class sip-copylist 11
sip-header contact

 

Build the Phone Proxy – Modify anything below in Bold to your IP addresses

voice-phone-proxy cubepp
tftp-server address ipv4 10.25.1.60 local-addr ipv4 10.25.1.20 acc-addr ipv4 10.21.1.1
ctl-file ct1
access-secure
service-map server-addr ipv4 10.25.1.60 port 8443 acc-addr ipv4 10.21.1.1 port 8443
service-map server-addr ipv4 10.25.1.60 port 8080 acc-addr ipv4 10.21.1.1 port 8080
service-map server-addr ipv4 10.25.1.60 port 3804 acc-addr ipv4 10.21.1.1 port 3804
complete

 

voice-phone-proxy tftp-address ipv4 10.21.1.1
port-range 40000 50000
voice-phone-proxy tftp-address ipv4 10.25.1.20
port-range 40000 50000
voice-phone-proxy file-buffer size 30

Build your Dial Peers to proxy registrations

dial-peer voice 2 voip
description DP_facing_CCM
session protocol sipv2
session target ipv4:10.25.1.60
session transport tcp
destination uri 1
incoming uri via 3
voice-class sip extension cucm
voice-class sip call-route url
voice-class sip profiles 11
voice-class sip pass-thru headers 10
voice-class sip copy-list 11
dtmf-relay rtp-nte
codec transparent
!
dial-peer voice 1 voip
phone-proxy cubepp signal-addr ipv4 10.21.1.1 cucm ipv4 10.25.1.60
description DP_Access_Side
session protocol sipv2
session target registrar
session transport tcp tls
destination uri 2
incoming uri request 1
voice-class sip call-route url
voice-class sip profiles 10
voice-class sip registration passthrough registrar-index 1
voice-class sip pass-thru headers 10
voice-class sip copy-list 10
dtmf-relay rtp-nte
codec transparent

Enable the SIP User Agent

sip-ua
timers connection aging 60
registrar 1 ipv4:10.25.1.60 expires 3600 refresh-ratio 100 tcp

 

Test it out

Connect a phone to the inside of the network and register it successfully to your CUCM.  Perform a test call to make sure audio is working.

Move it to the outside (in my case I created VLAN21 and only had it routed on the outside interface of the CUBE router) and delete the CTL/ITL.  Change the TFTP to the outside IP address of CUBE (in my case 10.21.1.1).

If phone proxy is working it will register.  It can take a couple minutes.

 

Some debugging commands

  • show sip registration passthrough status
  • Debug voice dial-peer inout
  • Debug voice phone-proxy all

 

The Relevant Bits of my Lab Router Config

IP Address Scheme:

CUCM – 10.25.1.60

CUBE Inside – 10.25.1.20 (ip routable inside to CUCM)

CUBE Outside – 10.21.1.1 (typically this would be a public IP or natted to the outside)

 

Cisco 2951 Config

version 15.3

!
hostname C2951-LAB
!
crypto pki trustpoint cucm_trustpoint
enrollment terminal
revocation-check none
!
crypto pki trustpoint cucm_capf
enrollment terminal
revocation-check none
!
crypto pki trustpoint self-trustpoint
enrollment selfsigned
serial-number
subject-name CN=C2951-LAB
subject-alt-name 8945_SEC.lab.domain.com
revocation-check crl
rsakeypair pp_uno
!
!
crypto pki certificate chain cucm_trustpoint
certificate ca 6749FF335ACDECF99948DB3A35527681
308202A4 3082020D A0030201 02021067 49FF335A CDECF999 48DB3A35 52768130
0D06092A 864886F7 0D010105 05003064 310B3009 06035504 06130255 53311630
14060355 040A130D 43697363 6F6F6F6F 6F6F6F6F 6F310C30 0A060355 040B1303
534C4331 14301206 03550403 130B534C 434C4142 32352D36 30310B30 09060355
04081302 5554310C 300A0603 55040713 0353434C 301E170D 31333130 32353035
33343236 5A170D31 38313032 34303533 3432355A 3064310B 30090603 55040613
02555331 16301406 0355040A 130D4369 73636F6F 6F6F6F6F 6F6F6F31 0C300A06
0355040B 1303534C 43311430 12060355 0403130B 534C434C 41423235 2D363031
0B300906 03550408 13025554 310C300A 06035504 07130353 434C3081 9F300D06
092A8648 86F70D01 01010500 03818D00 30818902 818100A3 54BD2EFD D87226F1
CDAAC4BA 8567040A 9814A2A3 8057E803 57AD56E4 6933D2E0 05B392F4 0091ECA6
B9609FE8 DC386317 75844DCD 5F78E8BB 055E77D4 AC03B99A EBE4184C A432D784
AB2CAEEB 539DEC55 409D1CC6 EE1E45C4 A8E1F89B 128ABAD9 C80D8DF0 5DD761FB
16B27305 49545567 F53B65E1 4461CF25 1CF5BE53 B8059F02 03010001 A3573055
300B0603 551D0F04 04030202 BC302706 03551D25 0420301E 06082B06 01050507
03010608 2B060105 05070302 06082B06 01050507 0305301D 0603551D 0E041604
14F5EC15 F22A21B2 02EB351E 2F7E9DB7 21226E3D 8F300D06 092A8648 86F70D01
01050500 03818100 321D20AB C0980512 2A9843BC 33D78624 A62E82AC C0CE9387
23EA2E5D 9BE12EFE 1A63114E 316A42B5 F36D73E5 68C93053 902D1FCB 86F0FA59
A14E7845 610F8590 4132D0A9 1A10D393 61D7A14C 6E8DAEEB BF33950F 676F7EE2
A0699D96 7E7121DE 820FE5BB F0332E61 1BDE9F43 D2FEB42C 2623A1B5 E768501D
B624BEBC 49C9500B
quit
crypto pki certificate chain cucm_capf
certificate ca 6109543C30968DE66EB25CE2C58CD0A7
3082029E 30820207 A0030201 02021061 09543C30 968DE66E B25CE2C5 8CD0A730
0D06092A 864886F7 0D010105 05003066 310B3009 06035504 06130255 53311630
14060355 040A130D 43697363 6F6F6F6F 6F6F6F6F 6F310C30 0A060355 040B1303
534C4331 16301406 03550403 130D4341 50462D30 61666333 39323031 0B300906
03550408 13025554 310C300A 06035504 07130353 434C301E 170D3133 31303235
30353334 32395A17 0D313831 30323430 35333432 385A3066 310B3009 06035504
06130255 53311630 14060355 040A130D 43697363 6F6F6F6F 6F6F6F6F 6F310C30
0A060355 040B1303 534C4331 16301406 03550403 130D4341 50462D30 61666333
39323031 0B300906 03550408 13025554 310C300A 06035504 07130353 434C3081
9F300D06 092A8648 86F70D01 01010500 03818D00 30818902 818100A9 F234D83D
13CA75FE 2F9C6041 921DB77A 869CA6E3 29AC94E3 8EBB099F 2C33AE51 A5EFEC3D
B151D31A C2A1A02D 79727287 6F2910E3 DC308D1D E4841409 F6B7131C 5D0A40CA
DA4DDF8A 49682465 2BCA05F5 D3B8CF86 DC2D5136 2CB0F6F6 35747B7D 696AEE6C
F0947654 8A49D275 1D8501CA 1808F948 BAB32B37 8B5AD708 E122E902 03010001
A34D304B 300B0603 551D0F04 04030202 A4301D06 03551D25 04163014 06082B06
01050507 03010608 2B060105 05070305 301D0603 551D0E04 160414DF D666E78A
FCE19727 F039EF69 B44BA2DF B59D3730 0D06092A 864886F7 0D010105 05000381
81003667 BD568296 1280E5EF 26F22309 0901B655 1A694158 4731AAE7 E6EFD071
0FF1D024 F180A918 BC98DAF8 61DBB2BE FFD1A75B 56D49325 F49F75EB E22CB3C0
94447F2D 5E89B4D7 E511E554 374F4E52 7983A054 4F9B9EA3 4305042B EDB15EBD
3B5EDB8D FF4C8C83 5B0FF139 D5D7DD0D 001445F2 93E3DE30 5612DFF0 112B4214 783C
quit
crypto pki certificate chain self-trustpoint
certificate self-signed 01
308202A1 3082020A A0030201 02020101 300D0609 2A864886 F70D0101 05050030
59311530 13060355 0403130C 43323935 312D534C 434C4142 31403012 06035504
05130B46 54583137 3431414B 534B302A 06092A86 4886F70D 01090216 1D433239
35312D53 4C434C41 422E736C 636C6162 2E636973 636F2E63 6F6D301E 170D3134
30343038 31383032 31395A17 0D323030 31303130 30303030 305A3059 31153013
06035504 03130C43 32393531 2D534C43 4C414231 40301206 03550405 130B4654
58313734 31414B53 4B302A06 092A8648 86F70D01 0902161D 43323935 312D534C
434C4142 2E736C63 6C61622E 63697363 6F2E636F 6D30819F 300D0609 2A864886
F70D0101 01050003 818D0030 81890281 8100A67C DB60E221 6621A5B2 2F691BFC
5956086E 6B9AE741 885CAB9D B6898DFC C328A19C E4A4A981 DF0A76EB 1CA33CDA
016E1DE5 FD68FF6F 85F1CEBE 1F5A7D2B CD00F5BB DE3080D7 035A69DD 0C260447
0957E19D 2F27A9ED 0B1F6DE4 45AAACCB 16EE480C 1B7D1F51 7E652D36 DB208A00
F05956C4 07A7483D 1EC310AC F1D05346 CEB90203 010001A3 79307730 0F060355
1D130101 FF040530 030101FF 30240603 551D1104 1D301B82 19383934 355F5345
432E736C 636C6162 2E636973 636F2E63 6F6D301F 0603551D 23041830 16801464
E3A180EB 3CA73479 7E3AF3B7 E1181782 CB0B9630 1D060355 1D0E0416 041464E3
A180EB3C A734797E 3AF3B7E1 181782CB 0B96300D 06092A86 4886F70D 01010505
00038181 00A11F68 786EA2B2 EA741486 EF863E81 BF646077 DBE5CBDC 41159E24
15535334 9CF2427C A8A5271B 4D0D406B 4AB8E2D0 07F0ABCC E369616F 859CC789
EC25802C A34F89DC 2233A7D9 DD7EAE9D 0E2D831D 781D0B0B 54F43C8F 7F8FF899
6184A6D2 E882EF4B 3D2D5EC3 6475ACD5 72E4428D 71A9F0AF 43CB5F74 0CDD97D3
3CD36B8A 6B
quit
!
!
!
!
!
ip dhcp excluded-address 10.21.1.1 10.21.1.99
!
ip dhcp pool VLAN21
network 10.21.1.0 255.255.255.0
option 150 ip 10.21.1.1
default-router 10.21.1.1
!
!
!
ip domain name lab.domain.com
!
!
voice service voip
no ip address trusted authenticate
allow-connections sip to sip
sip
header-passing
registrar server
nat auto
pass-thru headers unsupp
pass-thru subscribe-notify-events all
pass-thru content unsupp
registration passthrough
extension cucm
!
!
voice class uri 1 sip
host ipv4:10.21.1.1
!
voice class uri 2 sip
host ipv4:10.25.1.20
!
voice class uri 3 sip
host ipv4:10.25.1.60
voice class sip-profiles 10
request INVITE peer-header sip contact copy “>(;.*)” u01
request REGISTER peer-header sip contact copy “>(;.*)” u02
request INVITE sip-header Cisco-Guid remove
request INVITE sip-header Contact modify “(.*)” “\1\u01”
request REGISTER sip-header Contact modify “(.*)” “\1\u02”
!
voice class sip-profiles 11
request INVITE peer-header sip contact copy “>(;.*)” u01
request INVITE peer-header sip SIP-Req-URI copy “sip:([^@]*@)” u02
response 200 peer-header sip contact copy “>(;.*)” u03
request CANCEL peer-header sip SIP-Req-URI copy “sip:([^@]*@)” u04
request INVITE sip-header Cisco-Guid remove
request INVITE sip-header Contact modify “(.*)” “\1\u01”
request INVITE sip-header SIP-Req-URI modify “.*” “INVITE sip:\u0210.25.1.60 SIP/2.0”
response 200 sip-header Contact modify “(.*)” “\1\u03”
request CANCEL sip-header SIP-Req-URI modify “.*” “CANCEL sip:\u0410.25.1.60 SIP/2.0”
!
voice class sip-hdr-passthrulist 10
passthru-hdr Remote-Pary-ID
passthru-hdr Call-Info
passthru-hdr Content-ID
passthru-hdr supported
passthru-hdr require
passthru-hdr Referred-By
!
voice class sip-copylist 10
sip-header SIP-Req-URI
sip-header contact
!
voice class sip-copylist 11
sip-header contact
!
interface GigabitEthernet0/1
ip address 10.25.1.20 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 10.21.1.1 255.255.255.0
duplex auto
speed auto
!
voice-ctl-file ct1
record-entry selfsigned trustpoint self-trustpoint
record-entry capf trustpoint cucm_capf
record-entry cucm-tftp trustpoint cucm_trustpoint
complete
voice-phone-proxy cubepp
tftp-server address ipv4 10.25.1.60 local-addr ipv4 10.25.1.20 acc-addr ipv4 10.21.1.1
ctl-file ct1
access-secure
service-map server-addr ipv4 10.25.1.60 port 8443 acc-addr ipv4 10.21.1.1 port 8443
service-map server-addr ipv4 10.25.1.60 port 8080 acc-addr ipv4 10.21.1.1 port 8080
service-map server-addr ipv4 10.25.1.60 port 3804 acc-addr ipv4 10.21.1.1 port 3804
complete
voice-phone-proxy tftp-address ipv4 10.21.1.1
port-range 40000 50000
voice-phone-proxy tftp-address ipv4 10.25.1.20
port-range 40000 50000
voice-phone-proxy file-buffer size 30
!
dial-peer voice 2 voip
description DP_facing_CCM
session protocol sipv2
session target ipv4:10.25.1.60
session transport tcp
destination uri 1
incoming uri via 3
voice-class sip extension cucm
voice-class sip call-route url
voice-class sip profiles 11
voice-class sip pass-thru headers 10
voice-class sip copy-list 11
dtmf-relay rtp-nte
codec transparent
!
dial-peer voice 1 voip
phone-proxy cubepp signal-addr ipv4 10.21.1.1 cucm ipv4 10.25.1.60
description DP_Access_Side
session protocol sipv2
session target registrar
session transport tcp
destination uri 2
incoming uri request 1
voice-class sip call-route url
voice-class sip profiles 10
voice-class sip registration passthrough registrar-index 1
voice-class sip pass-thru headers 10
voice-class sip copy-list 10
dtmf-relay rtp-nte
codec transparent
!
!
sip-ua
timers connection aging 60
registrar 1 ipv4:10.25.1.60 expires 3600 refresh-ratio 100 tcp
!

 

 

8945 Firmware 9.4(1) – Worthwhile New Features – Use Caution Upgrading

Summary

9.4(1) Firmware was just released for the 8941/8945.  This release adds several features that the platform has been needing for sometime.  The two major features that customers have been asking me about are Electronic hookswitch capability, and Firmware file sharing.

The release notes have the complete list of features here.

Please note, the firmware is the first build in the 9.4 train, and shows a significant number of open caveats.

Major Features

Electronic Hookswitch has been sorely needed.¬† The addition allows for certain Platronics wireless models to answer the phone from the headset without a lifter. –¬† From Plantronics: Announcing New Cisco EHS Cables
APC-42 EHS for Cisco 6945 phone will be available at the end of February 2014. APC-82 EHS cable for Cisco 8945 phones, samples and customer shipments were available as of January 2014.

Peer Firmware Sharing allows for an 8945 at a remote site to cache and share its firmware with other phones at that site.  This is a huge feature for customer upgrading firmware at sites that have multiple phones over slow WAN links.  This will save a significant amount of bandwidth and time in upgrading remote sites.  (This feature requires the latest Devpack be installed on CUCM to enable CUCM to take advantage of that feature on the phone firmware.)

Gateway Recording for SIP – One major feature in CUCM 10.0 is the ability for CUCM to fork calls to the recording server from teh gateway rather than the BiB in the phone.¬† This makes sense in cases where there are remote phones, or phone models that don’t have a BiB.¬† The voice gateway will need to be converted from h.323 or MGCP to SIP to take advantage of this feature, and all phones will need to be upgraded to a firmware level that supports it.

Upgrading – Use Caution

I followed the typical – OS Admin install cop file, restart TFTP, and reboot a test phone, then reboot all of the phones process.

Unfortunately I had several phones completely hang and get stuck in a loop upgrading.¬† The fix required physical intervention.¬† Several phones, after initiating the reboot, got stuck at the “Upgrade in Progress” screen.¬† The phones in this state quit doing CDP and were no longer in the CAM table of the switch they were plugged into, so I had no way to figure out which ports they were plugged into remotely to shut them off.¬† They had to be physically bounced.¬† The problem is that they would go right back to the “Upgrade in Progress” hung state.¬† Infinite loop…

To cure them, I had to:

1) Manually specify the previous code in device’s Phone Load Name field (e.g. SCCP8941_8945.9-3-4-17) (in CUCM – Phone Device Settings)

2) Physically unplug and replug the phone.

After it rebooted it pulled the old code back down rebooted itself and registered to CUCM.

3) Removed the Phone Load Name specified in 1) from the configuration so it would pick the default (9.4.1) and rebooted the phone again (from CUCM this time).

The second time around the phone upgraded successfully.  I had to do this process for every one of the hung phones.

Conclusion

Worthwhile new features, but you might want to be on-site in case some of the phones don’t successfully take the upgrade.

CUCM 10.0 Phone Self-provisioning with PLAR

Summary

Self-provisioning is a feature in CUCM 10 which allows users to add phones with minimal effort.¬† The general idea would be to use this function to automate the addition the typical employee phone.¬† It creates an IVR that a user can call into, enter their ‚Äúsubscriber ID‚ÄĚ and a PIN (if desired) and add a new or additional phones to the system. ¬† (It also allows a user to provision the phone via a Idle URL app if desired.)¬† It is similar in functionality to TAPS, but does not require CCX to implement.¬† More information can be found here.

I decided to build a lab utilizing this feature and PLAR (private-line auto ringdown ‚ÄĒ a way to have a phone automatically call a certain number as soon as it is taken off-hook) to make it as easy as possible to add a new phone.

The basic steps being:

  • Administrator assigns an extension to the user via Active Directory/LDAP.
  • User is synced to CUCM.
  • User gets a new phone out of the box and plugs it in.
  • It auto-registers to CUCM with an extension set to PLAR to the self-provisioning IVR.
  • When the user goes off-hook it calls the IVR, they enter their assigned extension and the phone reboots with their personalized configuration.

In order to set this up there are several settings in CUCM that need to be configured:

  • The first component is to configure self-provisioning, the associated universal device/line templates, user templates and IVR settings.
  • The second component is PLAR, it‚Äôs partitions, CSS auto-registration pool and auto-registration universal device/line templates.

Configuring CUCM Self-provisioning

1) Create a CTI Route-point and assign an extension that’s in an accessible partition (typically the internal Line partition)

self1

2) Create a self-provisioning application user that has the CTI route-point assigned as a controlled device.  Add it to the Standard CTI Enabled group.

3) Under User-management | Self-provisioning select the authenticathion method (I set mine to No Auth to make it very easy to add a phone, requiring the PIN is likely the best way to deploy this in production.  However the challenge with that is there is no way to sync the PIN from LDAP, you can just set a default in CUCM to assign users, or manually edit this after the user is synced over.)

self2

4a) Under User Management | User/Phone Add | Universal Device Template load the Sample Device Template with TAG usage examples¬†and edit the settings that you want customized for a phone that is added.¬† Things that you’ll typically want to change would be the Device Pool, CSS, Subscribe CSS, Softkey template, Phone button template, etc. to match the settings that you want a typical phone to have.

self3

4b) Create additional Universal Device Templates for other types/configurations of phones that you want to allow to be self-provisioned.   For a multi-site deployment where device pools need to be unique, you will need to create one for each device pool.

5) Likewise, Under User Management | User/Phone Add | Universal Line Template load the Sample Line Template with TAG usage examples.  Edit settings like the Partition and anything unique to the phones.

5b) You may need to create additional Universal Line Templates for other configurations of phones that you want to allow to be self-provisioned.

6) Under User Management | User Management | User Profile load the Standard (Factory Default) User Profile and modify the name to reflect the phone model, device pool, etc.  For example, HQ-8945-User Profile.  Assign the appropriate Universal Device and Line Templates, and check the box to allow self-provisioning.

self4

6b) Create any other User Profiles needed for other sites, and select the approprate UDT/ULTs for those profiles

7) (Optional for automated CUP/Jabber setup) Under User Management | User Phone/Add | Feature Group Template specify the User Profile and Service Profile (which specifies the CUP server settings).

8) Add a user in LDAP, making sure to specify the IPPhone or Telephone number field that you use for the extension and sync the user to CUCM, (or alternately create a local user making sure to assign a Self-service User ID and Telephone Numer) to test self provisoning.

When the user is synced, the Self-service User ID will automatically be synced to the field that you sync the phone number from (typically IPPhone or Telephone Number).

Modify the User Profile if it needs to be different from the default (for a user who is at a different location or who has a different phone type/service as discussed above).

9) Activate the Self-provisioning IVR service in CCM Serviceability

10) Test by calling the Self-provisioning IVR from a phone that you’ve plugged in.¬† The IVR should answer, you’ll enter the extension (Self-service User ID), confirm, and the phone will reboot with the new configuration.

If the IVR responds with an error that the phone cannot be provisioned check that the user has a Self-service User ID, and that the User Profile is specified.  

Configuring Auto-registration with PLAR

Using auto-registration with PLAR will enable the phone to auto-register to CUCM with a dummy extension in a PLAR parition/CSS and automatically call the IVR when it goes off-hook.¬† This way the new user doesn’t have to know the self-provisioning IVR extension.

Information about configuring PLAR can be found here, but I’ll include the summary steps below:

1) Create a PLAR1 partition, and a PLAR CSS that has only the PLAR1 partition in it

2a) For SCCP phones: Create a blank (or null) Translation Pattern whose CSS can see the internal Line partition that the self-provisioning IVR CTI Route Point is in.  Typcially this is an Internal CSS or Restricted CSS.  Set the Called Party Transformation Mask to the extension of the IVR.   This essentially sets it up so that any phone that has the PLAR CSS, when it goes off-hook, will hit this null xlate and get told to dial the self-provisoning IVR.

2b) For SIP phones (9900 series, etc.) you must create a SIP Dial Rule (found under Call Routing > Dial Rules > SIP Dial Rules) to accomplish the same thing as the Translation Patten did for the SCCP phones above.  Add a new rule, the Dial Pattern is 7940_7960_Other, call it PLAR1, and add the IVR extension in the Pattern Description field.

3) As we did above, create a new Universal Device Template and call it Auto-registration Device Template. In the Device Routing section select PLAR1 in the SIP Dial Rules field, and PLAR_CSS in the Calling Search Space field.  Any new device that is auto-registered will now be set to PLAR to the IVR.

3b) Remove the IDLE URL from the Universal Device Template if you don’t want the user using the application on the phone’s screen to self-provision.¬† I found it preferable to use the IVR and PLAR.

4) As we did above, create a new Universal Line Template and call it Auto-registration Line Template. Set the Route Partition to PLAR1 and CSS to PLAR_CSS.

5) Under System | Cisco Unified CM, select the CallManager server that you want to use for auto-registration.  Select the Auto-registration Device Template, and the Auto-registration Line Template under the Appropriate UDT/ULT fields.  Give it a range of dummy extensions to register to, and make sure the Auto-registration Disabled on this Cisco Unified Communications Manager checkbox is not selected.

Now when phones auto-register they will pickup the PLAR UDT/ULT settings and automatically call the IVR when the go off-hook.¬† After the user enters their extension the phone will reboot with the new settings.¬† I’ll add a video of my system in action shortly.

Please ask any questions that you’d like about the setup and usage.

Collaboration Edge – VCS X8.1 released, TC 7.0 firmware released

Collaboration Edge is an umbrella term for an architecture.  It allows Jabber clients (Win/Mac/iOS/Droid) to be proxied though a server (Expressway E) in the DMZ back to Expressway C and then CUCM.  Collaboration Edge also includes the ability to proxy remote CUCM registered video endpoints (SX20, EX90, etc.).

Currently Collaboration Edge components are/will be:

  • VCS X8.1 software (called VCSc, VCSe, Expressway C, or Expressway E depending on deployment model.¬† It’s one actual piece of software.)
  • Jabber 9.6/9.7 software (depending on platfrom)
  • TC 7.0 video endpoint firmware
  • CUCM 9.1

Expressway C and Expressway E is analogous of the VCS Control/VCS Express model, except that it is only for CUCM registered endpoints.¬† It is actually VCS software.¬†¬† VCS Control is called “Expressway C” and VCS Expressway called “Expressway E” when deployed as Collaboration Edge (Jabber proxy, and endpoint proxy to CUCM) only.¬† Depending on size, scale and deployment model it may run co-resident if you already have VCS deployed, or you may need to stand up two new VMs to run it.

VCS X8.1 is now out – the terminology it uses for the Collaboration Edge functionality is “Mobile and Remote Access”¬† It is called a feature preview in 8.1, and will be prime-time in 8.1.1. – Release notes have some details here – http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/release_note/Cisco-VCS-Release-Note-X8-1.pdf

Download here – http://software.cisco.com/download/release.html?mdfid=283733603&flowid=46003&softwareid=280886992&release=X8.1&relind=AVAILABLE&rellifecycle=&reltype=latest

DX650 10.1(1) Firmware available

This is the cool release that adds BT Smartphone pairing (your iPhone/Droid shows up at a second line on the DX650, with contacts and call history lists), updates android OS (albeit to 4.1.1), enables multi-user android functionality, allows a corporate background image, and adds the ability to keep the device unlocked during work hours.

Remember a few settings to make the DX650 much more functional:

In device settings:

  • Make sure “Allow Bluetooth Mobile Handsfree Mode” is enabled (as well as Allow Bluetooth Contacts Import) to enable BT Smartphone pairing.¬† This already is the default.
  • Uncheck “Enforce Screen Lock During Display-On Time” (remember the potential security implications for the end users privacy)
  • Check “Allow Applications from Google Play” to let users install cool apps like Pandora, TuneIn Radio, IP Cam Viewer, etc.

On the phone itself:

Select Settings, and then Security on the left side.

  • Lengthen the “Automatically Lock” timer to something more reasonable.¬† (Remember if you disable the above “Lock During Display-on Time” this won’t be that important except for after hours.)
  • Check “Phone app – Device will display phone app when locked” box.¬† This will allow the phone to be dialed when it is still locked, like any typical phone in an office.¬† In my opinion having this option disabled by default is completely backwards.¬† You want the phone to be convienent to use as any other office phone.