Deploying Multistream Conferencing with vTS and CUCM

With the release of CE8 code for Cisco video endpoints (like the SX10 (8.1), SX20 (also MX200-G2 and MX300-G2) and SX80-based endpoints like the SX80, MX700 and MX800), and the appropriate infrastructure components, multistream video is a possibility.  Multistream video allows an endpoint to send multiple resolution video streams and have the bridge pass the most appropriate streams to the far-end video units.  The far end video unit would receive a full resolution stream of the active speakers, and then low quality streams of the other participants.  The most useful feature of multistream video is the ability to use both screens of a dual-screen video unit to see remote participants (when doing single-stream transcoded mode, you can only do single screen video, and secondary screen content.)  Multistream also allows for ActiveControl layout, which allows the endpoint to choose the video layout vs. the video bridge determining the layout of the participants (which has rudimentary DTMF layout control).

Components used in my lab configuration:

  • SX10 (CE8.1)
  • MX800 (CE8.0.1)
  • (2) 8845 video phones (used to inject more video streams — these endpoints do not support multistream, they do single stream and receive their layout from the bridge)
  • Conductor XC4.1
  • vTS 4.2(4.23)
  • CUCM 11.0(1)21900-11 (Latest and greatest version is a requirement) -or- VCS X8.7.1

This guide assumes you’ve already setup a Rendezvous (aka MeetMe) number/URI that is routed to Conductor/vTS and you’re able to to normal conference calls.  We’ll modify settings to enable multistream.

Guide to configure endpoints and CUCM SIP Profile – http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/solutions/cmrpremises/cmr-premises-deployment-guide-r6-0.pdf

The relevant portion of this configuration is to make sure your SIP trunk to conductor is in a Location that supports full quality video.  I sent the inter-region bandwidth to UNLIMITED in my test system.  Cisco recommends a minimum of 1mpbs per screen, otherwise the vTS bridge may kick that video unit down to single-stream transcoded mode.

Configure the endpoint to support multistream

In CUCM the setting is in the device specific settings, Multistream Mode needs to be set to Auto.  Despite some of the documentation reading otherwise, Auto will attempt to do multistream, there is not actually an On setting.

Configure CUCM

Configure the SIP Profile used by the SIP trunk to Conductor to include the following settings:

  • Allow iX Application Media and Allow multiple codecs in answer SDP are checked on.
  • SDP Transparency Profile is set to Pass all unknown SDP attributes

In System > Service Parameters > Call Manager Service > click advanced > set SIP Maximum Incoming Message Size to 18000.

Configure Conductor

On the Conductor server, under the Conference Template you’re using for your conference, select advanced template parameters and add:

  • Enable iX protocol – True and the box checked
  • Multiscreen layout – ActivePresence and the box checked

No settings on vTS need to be changed, it will automatically do multistream if the endpoints meet the requirements, and CUCM (or VCS) and Conductor are properly configured.

When you join with a multi-stream endpoint you will see the following on vTS Conferences page:

 

vts1

You’ll notice the endpoints that support multistream show Multistream, and the 8845 phone named “Mike White” is Standard because it only supports a single stream.

If we look at the statistics for 5580 (the SX80) you’ll see multiple video streams being sent and received:

vts2

 

Lastly if we look at the call statistics from the video endpoint itself, we see the same information:

endpoint1

 

The touchpanel now shows more details in the layout.  You can see each participant in the conference and the active speaker.

IMG_5313

 

While you can select from several canned layout modes (same typical layouts are you’re used to), this version doesn’t yet support complete drag and drop layout of individual participants where you want them.  If you select a particular participant, you can see information about any of the participants and boot them if you are meeting organizer:

IMG_5314

 

Overall its very cool, and sets the groundwork for much more flexibility in the future with layout control.

 

IMG_5315

Advertisements

DX 10.2(5) Firmware Released

Are you about ready to throw your DX out the window because dialing with the Phone app is an unresponsive nightmare as it tries to do a lookup on every call it’s ever made?  🙂

Well the fix is out.  The Phone app is revamped and actually doesn’t suck.

I’ve been running the 10.2(5) beta firmware for a few weeks and have been much happier with my DX80 and 650.  The final build is now out.

Would you like the DX to stay on your PC input when a call comes in?  It finally does!

Would you like HDMI audio from your PC to actually come out the DX speakers?  You got it!

Release notes are here.

One thing to note for MRA users.  The DX only trusts public CA certs like the 8800 series now.  So if you’ve deployed your Expressway-E with private certs, you’ll bust MRA on the DX if you dont move to public certs.

Registering an SX-10 (and TC-based endpoints) through Collab Edge MRA

Recently I worked on an MRA deployment using SX-10, MX-300 and DX-series (650/70/80) endpoints.

I had Expressway-C and E working successfully for 8800 series MRA, but needed to get the TC-based and DX-based endpoints to register.  This turned out to to involve some issues that I wasn’t expecting.

TC-based endpoint registration

There isn’t a lot of documentation  for TC endpoint registration through MRA (since traditionally it’s been registered to VCS through VCS-E).  The best documentation that I could find was here:  http://www.cisco.com/c/en/us/support/docs/unified-communications/expressway/118696-config-cucm-00.html

I began the deployment by registering the MX-300 I use directly to CUCM to make sure I had it successfully working before attempting registration through MRA.  I’d previously had it registered to a VCS-C.

MRA requires TC 7.3 code, so I decided to deploy 7.3.4 since it is the latest bugfix version.  I downloaded and deployed the COP file to CUCM since CUCM will be in control of what version of software the TC endpoint will use once it’s registered to CUCM (like typical phones get firmware).

Note that TC 7.3.3 or greater firmware have different functionality for remote screen monitoring of systems!  TC 7.3.3 introduces the requirement to have an option key for remote system/screen monitoring of the TC endpoint.  You’ll need to work with TAC/Cisco to get option keys cut if you are doing remote screen monitoring before going to 7.3.3+.

Registration to CUCM was straightforward.  I defined the device on CUCM as you would normally define a phone, picking the appropriate SIP profiles.  I didn’t do secure registration as this is optional.   (The documentation above does mention that secure registration is optional, but the example works through a secure registration.)

I made sure to set the device association my end user in CUCM.  This is important for MRA later.

Once the MX-300 was registered and making calls successfully through CUCM, I moved it out to a general internet connection to work on MRA.

On the touchpanel I launched the Provisioning wizard and selected Cisco UCM via Expressway.  After putting in my credentials I was greeted with this error:

IMG_4257 copy

After doing quite a bit of research and looking at the detailed error logs from the MX-300, it turns out that your Expressway-E certificate must also include a SAN for the domain name itself (e.g.  yourdomain.com).  The error actually indicates that it wants a collab-edge.yourdomain.com SAN:

Edge TLS verification failed: Edge domain ‘yourdomain.com’ and corresponding SRVName ‘collab-edge._tls.yourdomain.com’ not found in certificate SAN list.

The challenge I had is that the certificate I’d bought from GoDaddy for Expressway-E (that was working with 8800 MRA) wasn’t a UCC or multi-SAN certificate and you need to have at least the Expressway-E as the CN and the domain as a SAN.

At this point I decided that it was time to move from GoDaddy to DigiCert since they have unlimited resigning of certificates without having to revoke any of them.  This essentially allows you to create as many certificates as you want without having to keep buying more like GoDaddy.  I bought the Wildcard Plus certificate and used it to create a multi-SAN certificate for my Expressway-E.  The CN is always *.yourdomain.com, but you can add a bunch of SANs (like 20 or so.)

I generated the certificate with the following SANs – edge.yourdomain.com, yourdomain.com, collab-edge._tls.yourdomain.com and _collab-edge._tls.yourdomain.com.   One of the partner engineers that I talked to said that he got it working without having to add either collab-edge SAN.  (I’ve not looked into why/when we’ll need the collab-edge SAN and if it is actually be collab-edge as the error indicates, or if it needs the preceding underscore on collab-edge like the SRV records have.)

After applying the certificate to Expressway-E and rebooting it I tried the provisioning wizard on the touchpanel again and was greeted with the SAME ERROR.

It turns out that I hadn’t included the DigiCert root and the DigiCert Intermediate cert in the list of Trusted CAs on the endpoint itself.  The documentation indicates how to install it here – http://www.cisco.com/c/en/us/support/docs/unified-communications/expressway/118696-config-cucm-00.html#anc10  Make sure you have both root and intermediate (if the CA you used signs with an intermediate) on the TC endpoint.

After this the MX-300 registered like a champ and is able to do calls.  I followed this same process to get an SX-10 registered as well.

The partner engineer I talked to said he had to work through a couple issues on his test:  1) Endpoint rejecting the user credentials when running through the provisioning wizard.  Make sure the endpoint is associated with the End User and that the end user has CTI Enabled and CCM End user.   2) Getting an http download error after getting through the initial expressway authentication and that it was caused by the endpoint needing to do a _cisco-uds.yourdomain.com lookup internally to find out where CUCM is to download it’s configuration.   He was in a split domain situation and didn’t have a _cisco-uds record for the external domain on the inside.

I’ll detail the adventure for the DX-series on another post.

 

 

 

 

WebEx Event Center Mobile Support

Yes, it must be a sure sign of the apocalypse. Event Center is finally supported on iOS and Droid. Imagine being able to join an event center hosted Webex meeting from the road… I’ve only been asking for this for the last five years. 🙂

Upgrade to Webex 7.0 client and WBS 29.8 and life will be as sweet as candy.

The more important feature in 7.0 is management of your Personal Meeting Room (WBS 29.11).

I’ll detail PMR soon, but it is a huge step forward in making it easy for people to join Webex. Your PMR meeting ID/URL is always stays the same. No pesky meeting IDs to remember. You can join from video phone, TP unit (think DX, EX, SX, etc.), or any Webex client.

Intelligent Proximity for Telepresence endpoints

TC 7.1.2 code was recently posted to CCO.  This version of code supports the experimental (or feature preview) “Intelligent Proximity” feature.  This feature allows your Apple iPad or iPhone (iOS 7+) to pair with the endpoint (C, EX, SX, MX-series) using “ultrasound” (~21kHz), perform simple call control (dial/answer), and view content being shared by the device on your iPad/iPhone.

Administrator Configuration

  • Login as administrator to the telepresence codec that you want to enable the feature on.
  • Make sure it is on 7.1.2 code.
  • Under System Configuration search for byod
  • Turn the Mode to On

Note: the ultrasound volume is independent of the normal audio volume.  There are CLI configuration commands to change the volume of the ultrasound pairing signal.  The default is optimized for stand-alone (e.g. MX-series) room units.  I’ve had no problems making it work on a C40, SX20, Profile 55, MX 300 G2, and MX200.  If your codec is connected to an amplified room audio system, you may need to change the volume if you are having inconsistent results.

Ultrasound is used just for the pairing of the iOS device, not for content sharing or codec control.  Those functions are done over IP via the WiFi network.  Therefore, your iOS device will need to be on a WiFi network that has connectivity to the codec.

The ultrasound signal runs at about 21kHz which typically is a high enough frequency to stay in a single room.  It actually contains an encoded security token that validates that you are in the room currently.  If the ultrasound signal is no longer sensed, the IP connectivity will be dropped.  This is to prevent a user from seeing content on their iOS device without being present in the room.

 

End-user configuration/usage

Search for Proximity on the App Store and install it (free application).

Join a WiFi network that has connectivity to the Telepresence Codec.

Enter the room that the codec is in they want to pair with.  The Proximity app asks for permission to use their microphone.  This is a requirement so that the iOS device can detect the ultrasound signal from the codec.  If they deny permission to use the microphone the app will not work.

When the app hears the ultrasound it will connect via IP to the codec.  IF the codec is not in a call they will be allowed to dial or answer.  If the codec is in a call and content is being shared, they will see the content on their device.  Depending on the number of snapshots configured in the BYOD section, the user will be allowed to scroll back to see content they may have missed (if they came into the meeting late), or want to refer back to.

It’s very cool!

Upgrading to VCS X8.1

If you’re upgrading an existing system, you’ll need:

  • VCS X8.1 upgrade tar file (as opposed to the ova file for a fresh deplyoment) – Found Here
  • New VCS 8.x release keys from Cisco – request via PUT

Once you’ve baked up your systems (VCSc and VCSe), and you’re in a maintenance window (this will disrupt all system registrations and calls), SSH in to each machine and put the system in Maintenance Mode:  xConfiguration SystemUnit Maintenance Mode: On

Initiate the upgrade in the GUI, and add the new release keys.

My VCSc upgrade failed with an error:

System error: tar zxf /tmp/tandberg-image.tar.gz: Execution failed: tar (child): /tmp/tandberg-image.tar.gz: Cannot open: No such file or directory

I rebooted VCSc and attempted the upgrade a second time and it succeeded.

Collaboration Edge – VCS X8.1 released, TC 7.0 firmware released

Collaboration Edge is an umbrella term for an architecture.  It allows Jabber clients (Win/Mac/iOS/Droid) to be proxied though a server (Expressway E) in the DMZ back to Expressway C and then CUCM.  Collaboration Edge also includes the ability to proxy remote CUCM registered video endpoints (SX20, EX90, etc.).

Currently Collaboration Edge components are/will be:

  • VCS X8.1 software (called VCSc, VCSe, Expressway C, or Expressway E depending on deployment model.  It’s one actual piece of software.)
  • Jabber 9.6/9.7 software (depending on platfrom)
  • TC 7.0 video endpoint firmware
  • CUCM 9.1

Expressway C and Expressway E is analogous of the VCS Control/VCS Express model, except that it is only for CUCM registered endpoints.  It is actually VCS software.   VCS Control is called “Expressway C” and VCS Expressway called “Expressway E” when deployed as Collaboration Edge (Jabber proxy, and endpoint proxy to CUCM) only.  Depending on size, scale and deployment model it may run co-resident if you already have VCS deployed, or you may need to stand up two new VMs to run it.

VCS X8.1 is now out – the terminology it uses for the Collaboration Edge functionality is “Mobile and Remote Access”  It is called a feature preview in 8.1, and will be prime-time in 8.1.1. – Release notes have some details here – http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/release_note/Cisco-VCS-Release-Note-X8-1.pdf

Download here – http://software.cisco.com/download/release.html?mdfid=283733603&flowid=46003&softwareid=280886992&release=X8.1&relind=AVAILABLE&rellifecycle=&reltype=latest