cuma 70 install admin

Installation and Administration Guide for Cisco Unified Mobility Advantage Release 7.0

Revised Date: October 27, 2009

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706 USAhttp://www.cisco.comTel: 408 526-4000

800 553-NETS (6387)Fax: 408 527-0883

http://www.cisco.com

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

CCDE, CCSI, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco WebEx, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0903R)

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

Installation and Administration Guide for Cisco Unified Mobility Advantage © 2008-2009 Cisco Systems, Inc. All rights reserved.

Installation and Administration Guid

C H A P T E R 1
Preparing to Install or Upgrade Cisco Unified Mobility Advantage
Revised Date: April 17, 2009

Before you install Cisco Unified Mobility Advantage or upgrade from Release 3.x, perform the following preinstallation procedures and gather the required information. For upgrades from Release 7.0(1), you do not need to change or add to existing settings unless you are adding or changing functionality or enterprise servers.

• Order of Installation, Upgrade, and Configuration Tasks, page 1-1

• Tasks with Long Lead Times, page 1-2

• Cisco Unified Mobility Advantage in the Network, page 1-2

• Obtaining IP Addresses and DNS Names from IT, page 1-3

• Opening Firewall Ports, page 1-5

• Your Network and Related Servers Must Be Functioning Properly, page 1-6

• Preparing Information Required for Installation and Configuration

Order of Installation, Upgrade, and Configuration Tasks For new installations of Cisco Unified Mobility Advantage Release 7.x:

Follow the order of the chapters in this book through the chapter on the Configuration Wizard, except where noted. For example, all procedures required to configure the Cisco Adaptive Security Appliance are near the beginning of the book, in Chapter 2, “Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage.” However, although you should start configuring the Cisco Adaptive Security Appliance before you install and configure Cisco Unified Mobility Advantage, you cannot complete the Cisco Adaptive Security Appliance setup until after you have installed, configured, and started Cisco Unified Mobility Advantage, and this fact is noted in the appropriate sections.

After you complete the Configuration Wizard, follow the remaining operations specified at the end of that chapter.

After you install and configure Release 7.0(1), upgrade to Release 7.0(2).

For upgrades from Cisco Unified Mobility Advantage Release 7.0(1) to Release 7.0(2):

1-1e for Cisco Unified Mobility Advantage, Release 7.0

Chapter 1 Preparing to Install or Upgrade Cisco Unified Mobility Advantage Tasks with Long Lead Times

Follow the instructions in Upgrading from Release 7.0(1) to Release 7.0(2), page 5-19.

For upgrades from Cisco Unified Mobility Advantage Release 3.x to Release 7.0(1):

Follow the instructions in Chapter 5, “Upgrading Cisco Unified Mobility Advantage.” Links will take you to topics throughout the document as needed.

Related Topics

• Chapter 7, “Using the Configuration Wizard in Cisco Unified Mobility Advantage”

• Chapter 5, “Upgrading Cisco Unified Mobility Advantage”

Tasks with Long Lead Times Some preinstallation requirements have relatively long lead times. We recommend starting the following processes early:

• Obtaining IP addresses

• Opening ports in firewalls.

• Obtaining a signed SSL certificate for the Cisco Adaptive Security Appliance.

Related Topics

• Obtaining IP Addresses and DNS Names from IT, page 1-3

• Opening Firewall Ports, page 1-5

• Required and Recommended Signed Certificates, page 9-2

Cisco Unified Mobility Advantage in the Network The illustration below shows how Cisco Unified Mobility Advantage works in the network.

• Cisco Unified Mobility Advantage is deployed behind the enterprise firewall and serves as the integration point for all enterprise services.

• A Cisco Adaptive Security Appliance (ASA) serves as proxy server for communications between clients and server. Cisco Unified Mobile Communicator communicates with Cisco Unified Mobility Advantage through the Cisco Adaptive Security Appliance.

• Cisco Unified Communications Manager provides Cisco Unified Mobility features such as unified voice messaging, MobileConnect, and Dial via Office, as well as call log management.

• Cisco Unified Presence supplies availability status and some contact list management.

• Cisco Unity or Cisco Unity Connection provides visual Voicemail.

Your network must provide IP connectivity between:

• Cisco Unified Mobile Communicator and the Cisco Adaptive Security Appliance

• The Cisco Adaptive Security Appliance and Cisco Unified Mobility Advantage

• Cisco Unified Mobility Advantage and the Enterprise Services

1-2Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0

Chapter 1 Preparing to Install or Upgrade Cisco Unified Mobility Advantage Obtaining IP Addresses and DNS Names from IT

If your Information Technology department requires information about data flows, see the Appendix.

Figure 1-1 Cisco Unified Mobility Advantage Architecture

Obtaining IP Addresses and DNS Names from IT You must obtain the necessary IP addresses and DNS host names before you can configure the Cisco Adaptive Security Appliance and Cisco Unified Mobility Advantage.

Procedure

Step 1 Obtain the following IP addresses and DNS hostnames from your IT department:

2052

59

Cisco AdaptiveSecurity Appliance

with TLS Proxy

Cisco UnifiedMobility

Advantage

Mobile DataNetwork (GPRSData Channel)

PSTN

MP

Conferencing

Voice mail

Cisco Unified Presence

M

Cisco UnifiedCommunications Manager

ExchangeActive Directory

Enterprise Services

Fire

wal

lMMP/SSL/TLS

Voice Channel

MMP/SSL/TLS

Cisco Unified MobileCommunicator


Chapter 1 Preparing to Install or Upgrade Cisco Unified Mobility Advantage Obtaining IP Addresses and DNS Names from IT

Step 2 Print this section and note the values in Your Value column of the table.

You will need this information for configuration.

Step 3 Verify that each DNS host name resolves to its associated IP address.

Related Topics

• About Cisco Adaptive Security Appliance Deployment Options, page 2-2

• How to Obtain and Install a Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8

Required IP Addresses and Host Names Your Value

Externally-accessible IP address and its corresponding externally-visible DNS name.

This IP address or host name serves as the following:

• The Cisco Adaptive Security Appliance outside (external) interface

• The fully qualified domain name (FQDN) on the signed certificate that resides on the Cisco Adaptive Security Appliance. You will obtain this certificate when you configure the Cisco Adaptive Security Appliance.

• The world-routable IP address for the Cisco Unified Mobility Advantage server.

• The Proxy Host Name to which Cisco Unified Mobile Communicator clients will connect.

• The value you will enter into the Proxy Host Name field in Cisco Unified Mobility Advantage Admin Portal under System Management > Network Properties.

You will configure NAT rules to translate this IP address to the private IP address of the Cisco Unified Mobility Advantage server.

IP Address:

Host Name:

IP address that serves as both of the following:

• The Cisco Adaptive Security Appliance inside (internal) interface. This is the source address for Cisco Adaptive Security Appliance to connect to Cisco Unified Mobility Advantage.

• Shared IP address for consolidating client communications for passing to Cisco Unified Mobility Advantage.

IP Address:

Private IP address for the server on which Cisco Unified Mobility Advantage is installed.

DNS host name for this server.

IP Address:

Host Name


Chapter 1 Preparing to Install or Upgrade Cisco Unified Mobility Advantage Opening Firewall Ports

Opening Firewall PortsThe figure below illustrates the required communication paths through the corporate firewalls. Cisco Unified Mobility Advantage Release 7.x restricts the communication port ranges for security reasons. The required bidirectional ports must be open.

If you are upgrading from Release 3.1.2, port requirements are different in Release 7.x than in Release 3.1.2, so your communication ports (in the Admin Portal, in System Management > Network Properties) will be set during the upgrade to the default values indicated in the table in this section. You may need to have your IT department open new ports in the firewalls.

Procedure

Step 1 Ask your IT security administrator to open the following bidirectional ports in the specified ranges:

2051

53

DMZ

Provisioningport

Provisioningport (HTTP)

Clientconnection

port

Clientconnection port

(TCP/TLS)

Out

er fi

rew

all

Inne

r fir

ewal

l

CiscoAdaptiveSecurity

Applianceproxy server

CiscoUnified MobileCommunicator

CiscoUnifiedMobility

Advantage

Firewall Purpose Port Range Default Your Value

Outer firewall

The Cisco Adaptive Security Appliance communicates with the Cisco Unified Mobile Communicator client using these ports.

Proxy Client Connection Port (TCP) — —

Proxy Client Download Port (HTTP) — —

Inner firewall Cisco Unified Mobility Advantage communicates with the Cisco Adaptive Security Appliance using these ports.

Client Connection Port (TCP) 5400-5500 5443

Client Download Port (HTTP) 9000-9100 9080


Chapter 1 Preparing to Install or Upgrade Cisco Unified Mobility Advantage Your Network and Related Servers Must Be Functioning Properly

Step 2 Print this section and note the opened port numbers that you receive from IT in the Your Value column of the table.

You will need this information for configuration.

Related Topics

• Configuring Server Setup Network Configuration, page 7-21.

Your Network and Related Servers Must Be Functioning Properly

Before you install or upgrade Cisco Unified Mobility Advantage, the environment into which you will deploy it must be configured and working correctly. Configure switches and routers and verify that the other enterprise servers are reachable from the network location where Cisco Unified Mobility Advantage is installed. Cisco Unified Communications Manager should be able to route calls, and voicemail and presence must be functioning properly before you add Cisco Unified Mobility Advantage to the network.

Cisco Unified Mobility Advantage cannot operate, and troubleshooting will be far more difficult, if the underlying network and dependencies are not functioning properly.

Preparing Information Required for Installation and Configuration

Gather and record information required for installation and configuration.

Before You Begin

• Print the following sections of this book so that you can complete the tables with required values for your deployment:

– Obtaining IP Addresses and DNS Names from IT, page 1-3

– Opening Firewall Ports, page 1-5

– Chapter 6, “Installing Cisco Unified Mobility Advantage”

– (For new installations) Information in Chapter 7, “Using the Configuration Wizard in Cisco Unified Mobility Advantage” for the enterprise servers you will deploy.

– (For upgrades from Release 3.x) Information in Appendix A, “Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage” for the enterprise servers you will deploy.

• Review the guidelines for the application dialing rules and directory lookup settings you will need to configure:

– Application Dialing Rules, page 3-6

– Recommended Directory Lookup Settings, page 3-7


Chapter 1 Preparing to Install or Upgrade Cisco Unified Mobility Advantage Preparing Information Required for Installation and Configuration

Procedure

Step 1 Learn your IT information security requirements, if any, for connections between servers inside the firewall:

• Can connections be TCP (nonsecure)? Or must they be TLS or SSL (secure)?

• If connections must be secure, what certificates must Cisco Unified Mobility Advantage provide?

Step 2 Gather the required information based on the tables in the sections you printed.

Step 3 Note your values in the tables so that you can refer to them as you install and configure Cisco Unified Mobility Advantage.

Step 4 Work with your Cisco Unified Communications Manager administrator to determine the application dialing rules and directory lookup rules you will need to configure.

Related Topics

• Chapter 9, “Managing Server Security in Cisco Unified Mobility Advantage”


Chapter 1 Preparing to Install or Upgrade Cisco Unified Mobility Advantage Preparing Information Required for Installation and Configuration



C H A P T E R 2
Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage
Revised Date: October 27, 2009

A Cisco Adaptive Security Appliance (ASA) is required for new installations and for upgrades, to provide secure connections to the Cisco Unified Mobility Advantage server.

Note For upgrades from Release 3.x, the Cisco Adaptive Security Appliance replaces the Proxy Server in Cisco Unified Mobility Advantage Release 3.x.

This chapter provides instructions for a basic configuration.

• Cisco Adaptive Security Appliance Documentation, page 2-2

• About Cisco Adaptive Security Appliance Deployment Options, page 2-2

• Using the Cisco Adaptive Security Appliance Command-Line Interface, page 2-4

• Configuring the Inside and Outside Interfaces Using the Command-Line Interface, page 2-5

• Specifying NAT Rules, page 2-5

• Setting Static Routes, page 2-7

• Allowing Traffic Through to the Cisco Unified Mobility Advantage Server, page 2-7

• How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance, page 2-8

• Setting up the TLS Proxy, page 2-15

• Defining MMP Inspection, page 2-15

• Testing Your Cisco Adaptive Security Appliance Configuration, page 2-16

• Troubleshooting the Cisco Adaptive Security Appliance, page 2-16


Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Cisco Adaptive Security Appliance Documentation

Cisco Adaptive Security Appliance Documentation For complete information on configuring Cisco Adaptive Security Appliance, see the Cisco Adaptive Security Appliance documentation, including:

• The Cisco ASA 5580 Adaptive Security Appliance Command Line Configuration Guide, Version 8.0.

This book has a chapter on Configuring Cisco Unified Communications Proxy Features as well as useful information about configuring certificates and trustpoints.

Cisco Unified Mobility Advantage may be referred to as “Cisco UMA.”

Cisco Unified Mobile Communicator may be referred to as “Cisco UMC.”

• The Cisco Security Appliance Command Reference for version 8.0(4).

Find Cisco Adaptive Security Appliance documentation at http://cisco.com/en/US/products/ps6120/tsd_products_support_series_home.html.

About Cisco Adaptive Security Appliance Deployment Options In this deployment, the Cisco Adaptive Security Appliance has two interfaces, one internal-facing and one external-facing. These two interfaces must be connected to two different subnets (or VLANs) within the DMZ.

Cisco Unified Mobile Communicator clients send requests to a world-routable IP address for the Cisco Unified Mobility Advantage server in subnet 1 of the DMZ. The DMZ gateway sends this request to the Cisco Adaptive Security Appliance. The Cisco Adaptive Security Appliance translates the IP address to the private IP address of the Cisco Unified Mobility Advantage server in the intranet.

The Cisco Adaptive Security Appliance also translates all client source IP addresses coming from outside the network to a shared client IP address in subnet 2 of the DMZ, in order to route communications between the client and Cisco Unified Mobility Advantage.

The Cisco Adaptive Security Appliance can be installed on your network in one of two ways:

• Cisco Adaptive Security Appliance Installed as a Firewall, page 2-2

• Cisco Adaptive Security Appliance Installed as a Proxy Server Only, page 2-3

Cisco Adaptive Security Appliance Installed as a Firewall

Figure 2-1 shows Cisco Adaptive Security Appliance as a firewall.


http://cisco.com/en/US/products/ps6120/tsd_products_support_series_home.html

Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage About Cisco Adaptive Security Appliance Deployment Options

Figure 2-1 Cisco Adaptive Security Appliance Installed as a Firewall

Cisco Adaptive Security Appliance Installed as a Proxy Server Only

You can install the Cisco Adaptive Security Appliance in the DMZ to act solely as a proxy server. Configurations in this chapter are based on this option.

Figure 2-2 shows an example of this process.

2052

01


with TLS Proxy

Cisco UnifiedMobility

Advantage

Mobile DataNetwork (GPRSData Channel)

PSTN

MP

Conferencing

Voice mail

Cisco Unified Presence

M

Cisco UnifiedCommunications Manager

ExchangeActive Directory

Enterprise Services

Fire

wal

l

MMP/SSL/TLS

Voice Channel

MMP/SSL/TLS

Cisco Unified MobileCommunicator

IP Address:10.1.1.2

Port: 5443

IP Address:10.1.1.1

Hostname:cuma.example.com

IP Address: 192.0.2.140Port: 5443


Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Using the Cisco Adaptive Security Appliance Command-Line Interface

Figure 2-2 Cisco Adaptive Security Appliance Installed in the DMZ as Proxy Only

Using the Cisco Adaptive Security Appliance Command-Line Interface

Configurations in this chapter use the Cisco Adaptive Security Appliance command line interface.

Procedure

Step 1 Open an SSH or HyperTerminal session.

Step 2 Enter the following commands to access all configuration commands:

enable

2052

02


with TLS Proxy

IP Address:172.16.27.41

(DMZ routable)

DMZ

MP

Conferencing

Voice mailCisco Unified Presence

M

Cisco UnifiedCommunications

Manager

Exchange

ActiveDirectory

Internal Network

CorporateFirewall

Enterprise Network

Internet

Cisco Unified Mobile Communicator

CiscoUnifiedMobilityAdvantage

Client connects tocuma.example.com

(192.0.2.41)

insideoutside 192.0.2.41 10.1.1.2

ISPGateway


Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage Configuring the Inside and Outside Interfaces Using the Command-Line Interface

(no password)

configure terminal

Configuring the Inside and Outside Interfaces Using the Command-Line Interface

Before You Begin

Obtain necessary IP addresses. See Obtaining IP Addresses and DNS Names from IT, page 1-3.

Procedure

Step 1 Access the Cisco Adaptive Security Appliance command-line interface.

Step 2 Enter show run to see the list of interfaces for your Cisco Adaptive Security Appliance model.

For example, Cisco Adaptive Security Appliance 5505 calls the interfaces Vlan1 and Vlan2. For Cisco Adaptive Security Appliance 5520 and 5550, the interface name format is GigabitEthernetX/Y.

Step 3 Assign the IP address to the inside interface:

interface <inside interface name for your Cisco Adaptive Security Appliance model>

nameif inside

security-level 100

ip address <IP address of inside interface; in this example 10.1.1.2> <subnet mask>

Step 4 Assign the IP address to the outside interface:

interface <outside interface name for your Cisco Adaptive Security Appliance model>

nameif outside

security-level 0

ip address <IP address of outside interface; in this example 192.0.2.41> <subnet mask>

Specifying NAT Rules This section is required only if your Cisco Adaptive Security Appliance is configured solely as a proxy server. Skip this section if your Cisco Adaptive Security Appliance is configured as a firewall.

This solution helps secure your internal servers by shielding their real IP addresses and open port numbers from direct external access by allowing external access only to proxy IP addresses and port numbers. Network Address Translation (NAT) and Port Address Translation (PAT) rules translate these public addresses and ports to private addresses and ports.

Configure the following rules for this solution:

• Translate the public IP address and ports of your Cisco Unified Mobility Advantage server to the private IP address and ports.


Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Specifying NAT Rules

• Create a dynamic NAT rule to translate the source IP address of any Cisco Unified Mobile Communicator client to a single IP address that is allowed through the internal firewall. Cisco Unified Mobility Advantage sends responses back to the same IP address.

For example:

The client connects to the world-routable IP address of the Cisco Unified Mobility Advantage server: 192.0.2.41.

A NAT rule translates this address to the private IP address of the Cisco Unified Mobility Advantage server: 172.16.27.41.

Another NAT rule translates communications from all clients to a single IP address that the Cisco Adaptive Security Appliance will use for sending all client communications to the Cisco Unified Mobility Advantage server: 10.1.1.2.

For more information about NAT and PAT, see the configuration documentation for your Cisco Adaptive Security Appliance.

Before You Begin

Make sure that the necessary ports in the firewalls are open. See Opening Firewall Ports, page 1-5.

Procedure


Step 2 Translate all client IP addresses to a single source IP address for routing through the firewall to Cisco Unified Mobility Advantage:

global (<inside interface name>) <nat_id> <shared ip address to which all client ip addresses will be translated> netmask <subnet mask>

nat (<outside interface name>) 1 0 0 outside

Note that because the IP address that all clients share is the same as the inside interface, you can use interface instead of specifying the IP address.

Example:

global (inside) 1 interface

nat (outside) 1 0.0.0.0 0.0.0.0 outside

Step 3 Translate the world-routable IP address of the Cisco Unified Mobility Advantage server to the private IP address of the Cisco Unified Mobility Advantage server:

static (<inside interface name,outside interface name>) tcp <world routable ip address of Cisco Unified Mobility Advantage server> <proxy client connection port> <private IP address of Cisco Unified Mobility Advantage server> <client connection port> netmask <subnet mask>

static (<inside interface name,outside interface name>) tcp <world routable ip address of Cisco Unified Mobility Advantage server> <proxy client download port> <private IP address of Cisco Unified Mobility Advantage server> <client download port> netmask <subnet mask>

Note that because the world-routable IP address of the Cisco Unified Mobility Advantage server is the same as the outside interface, you can use interface instead of specifying the IP address.

Example:

static (inside,outside) tcp interface 5442 172.16.27.41 5443 netmask 255.255.255.255


Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage Setting Static Routes

static (inside,outside) tcp interface 9079 172.16.27.41 9080 netmask 255.255.255.255

Setting Static Routes If your network architecture has the Cisco Adaptive Security Appliance installed as a proxy in the DMZ, you must specify static routes to the default gateways for the inside and outside interfaces.

Note If your Cisco Adaptive Security Appliance is installed as a firewall, you do not need to set a static route.

You may need to set two static routes, one to the default gateway of the subnet to which Cisco Adaptive Security Appliance is connected through its outside interface, and one to the default gateway to which Cisco Adaptive Security Appliance is connected through its inside interface. This is especially true if the private IP address of Cisco Unified Mobility Advantage is in a different network (for example, the internal corporate network) from the Cisco Adaptive Security Appliance server (for example, a DMZ network).

Procedure


Step 2 Specify a static route to the default gateway for each interface:

route <outside interface name> 0.0.0.0 0.0.0.0 <ip address of the default gateway of the outside subnet> 1

route <inside interface name> <private ip address of the Cisco Unified Mobility Advantage server> <netmask> <ip address of the default gateway of the inside subnet> 1

Example:

route outside 0 0 10.10.10.1 1

route inside 192.168.1.0 255.255.255.0 10.1.1.1 1

Allowing Traffic Through to the Cisco Unified Mobility Advantage Server

Create access lists to allow traffic through to the Cisco Unified Mobility Advantage server.

Procedure


Step 2 Allow traffic through:

access-list <id> extended permit tcp any host <world routable ip address of Cisco Unified Mobility Advantage server> eq <proxy client connection port>


Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance

access-list <id> extended permit tcp any host <world routable ip address of Cisco Unified Mobility Advantage server> eq <proxy client download port>

access-group <id> in interface <name of outside interface>

Example:

access-list permit_cuma extended permit tcp any host <cuma proxy ip> eq 5443

access-list permit_cuma extended permit tcp any host <cuma proxy ip> eq 9080

access-group permit_cuma in interface outside

How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance

Perform all of these procedures to deploy the required and recommended certificates on and from the Cisco Adaptive Security Appliance. You must perform additional procedures in Cisco Unified Mobility Advantage in conjunction with each of these procedures on the Cisco Adaptive Security Appliance.


• Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage, page 2-12

• Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance, page 2-14

How to Obtain and Install a Cisco Adaptive Security Appliance-to-Client Certificate

When Cisco Unified Mobile Communicator connects to the Cisco Adaptive Security Appliance, it requires the Cisco Adaptive Security Appliance to present a certificate signed by a recognized Certificate Authority (supported authorities are Verisign and GeoTrust).

• (For Upgrades from Release 3.x) Importing the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8

• (For New Installations) How to Obtain and Import the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-10

(For Upgrades from Release 3.x) Importing the Cisco Adaptive Security Appliance-to-Client Certificate

Use this procedure if you are upgrading and are reusing the signed certificate from the Proxy Server you used with Release 3.1.2.

Restrictions

You can reuse the Proxy Server certificate only if you meet the restrictions detailed in Saving the SSL Certificate from the Proxy Server, page 5-8.


Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance

Otherwise, follow the procedure in (For New Installations) How to Obtain and Import the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-10.

Before You Begin

You must upgrade Cisco Unified Mobility Advantage before you can import this certificate. Make sure that you have completed the following pre- and post-upgrade procedures:

• Saving the SSL Certificate from the Proxy Server, page 5-8

• Uploading the Proxy Server Certificate to Release 7.x, page 5-13

• Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14

Procedure

Step 1 Import the signed certificate to the Cisco Adaptive Security Appliance in PKCS12 format using the import commands:

crypto ca import <trustpoint-cuma-signed> pkcs12 <passphrase>

[paste the contents of the ssl64.p12 file here]

Include the following lines. Make sure that there are no extra spaces at the end.

----BEGIN CERTIFICATE----

----END CERTIFICATE----

Step 2 Import the intermediate certificate:

crypto ca trustpoint <trustpoint-cuma-signed>

enrollment terminal

crypto ca authenticate <trustpoint-cuma-signed>

[paste the contents of the intermediate certificate here]

The intermediate certificate is the second certificate in your_pemcert.pem, the PEM file that you created from the file you downloaded from the Cisco Unified Mobility Advantage during the prerequisites for this procedure.




Step 3 Import the root certificate:

crypto ca trustpoint <trustpoint-cuma-root>

enrollment terminal

crypto ca authenticate <trustpoint-cuma-root>

[paste the contents of the root certificate here]

The root certificate is the third and last certificate in the PEM file your_pemcert.pem.


-BEGIN CERTIFICATE----



--END CERTIFICATE----

(For New Installations) How to Obtain and Import the Cisco Adaptive Security Appliance-to-Client Certificate

This procedure is required unless you are upgrading from Release 3.1.2 and reusing your signed certificate from your Proxy Server.

This procedure has several subprocedures:

• Generate a Certificate Signing Request, page 2-10

• Submit the Certificate Signing Request to the Certificate Authority, page 2-11

• Upload the Signed Certificate to the Cisco Adaptive Security Appliance, page 2-12

Generate a Certificate Signing Request

Before You Begin

• Obtain the IP address and fully qualified domain name for the Proxy Host Name as specified in Obtaining IP Addresses and DNS Names from IT, page 1-3.

• Determine required values for your company or organization name, organizational unit, country, and state or province. See the table in Creating Security Contexts, page 9-7. You must enter identical values in the Cisco Adaptive Security Appliance and in the relevant security context in Cisco Unified Mobility Advantage.

Procedure

Step 1 Enter configuration mode:

conf t

Step 2 Generate a key pair for this certificate:

crypto key generate rsa label <keypair-cuma-signed> modulus 1024

You will see a “Please wait...” message; look carefully for the prompt to reappear.

Step 3 Create a trustpoint with the necessary information to generate the certificate request:

crypto ca trustpoint <trustpoint-cuma-signed>

subject-name CN=<Proxy Host Name of the Cisco Unified Mobility Advantage server. Use the Fully Qualified Domain Name.>,OU=<organization unit name>,O=<company or organization name as publicly registered>,C=<2 letter country code>,St=<state>,L=<city>

(For requirements for the Company, organization unit, Country, and State values, see the values you determined in the prerequisite for this procedure.)

keypair <keypair-cuma-signed>

fqdn <Proxy Host Name of the Cisco Unified Mobility Advantage server. This value must exactly match the value you entered for CN above.>

enrollment terminal

Step 4 Get the certificate signing request to send to the Certificate Authority:

crypto ca enroll <trustpoint-cuma-signed>



% Start certificate enrollment.

% The subject name in the certificate will be:CN=<Proxy Host Name of the Cisco Unified Mobility Advantage server>,OU=<organization unit name>,O=<organization name>,C=<2 letter country code>,St=<state>,L=<city>

% The fully-qualified domain name in the certificate will be: <Proxy Host Name of the Cisco Unified Mobility Advantage server>

% Include the device serial number in the subject name? [yes/no]: no

% Display Certificate Request to terminal? [yes/no]: yes

Step 5 Copy the entire text of the displayed Certificate Signing Request and paste it into a text file.




Step 6 Save the text file.

What To Do Next

• Submit the Certificate Signing Request to the Certificate Authority, page 2-11

Submit the Certificate Signing Request to the Certificate Authority

You can obtain signed certificates for Cisco Unified Mobility Advantage from the following Certificate Authorities: VeriSign and GeoTrust. These certificates are supported because they are generally available on all mobile devices.

Before You Begin

• Generate a Certificate Signing Request, page 2-10

• Visit the web site of your chosen Certificate Authority to learn about the requirements and procedures for obtaining and deploying a signed 128-bit SSL certificate. If you are unsure which certificate to purchase, contact the Certificate Authority. Information about available certificates is subject to change.

Also, check the requirements for extending the certificate so that you maintain the necessary records.

Procedure

Step 1 Visit the Certificate Authority web site and follow their instructions.

You will need the CSR you generated above.

This process may take up to 24 hours.

Step 2 Wait for the signed certificate to arrive by email.

Step 3 Comply with any instructions that arrive with the certificate.

For example, you may need to copy an intermediate certificate from the certificate authority web site.



What To Do Next

• Upload the Signed Certificate to the Cisco Adaptive Security Appliance, page 2-12

Upload the Signed Certificate to the Cisco Adaptive Security Appliance

Before You Begin

• You will need the signed certificate that you requested in Submit the Certificate Signing Request to the Certificate Authority, page 2-11.

• Follow any deployment instructions from the Certificate Authority. For example, obtain any required intermediate certificate from the Certificate Authority web site.

Tip If you use a VeriSign certificate, information on obtaining root and intermediate certificates is here: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO4785

Procedure

Step 1 Authenticate the trustpoint by importing the intermediate certificate:

crypto ca authenticate <trustpoint-cuma-signed>

Paste the contents of the intermediate certificate from the CA authority.




End with the word “quit” on a line by itself.

Step 2 Import the signed certificate:

crypto ca import <trustpoint-cuma-signed> certificate

Paste the contents of the signed certificate from the CA authority.

End with the word “quit” on a line by itself.

Step 3 Add the root certificate:

crypto ca trustpoint <trustpoint-cuma-root>

enrollment terminal

crypto ca authenticate <trustpoint-cuma-root>

Paste the contents of the root certificate

Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage The Cisco Adaptive Security Appliance requires a certificate in order to trust Cisco Unified Mobility Advantage.


https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO4785


The Cisco Adaptive Security Appliance does not automatically trust certificates signed by a recognized certificate signing authority, so perform this procedure even if you deploy a signed certificate on Cisco Unified Mobility Advantage.

Before You Begin

• Determine whether a self-signed certificate meets your needs. See options at Required and Recommended Self-Signed Certificates, page 9-3.

• Install or upgrade Cisco Unified Mobility Advantage.

• Perform one of the following:

– After upgrade from Release 3.1.2, if you did not have a signed certificate on your Managed Server: See Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15.

– After a new installation: After you complete the Configuration Wizard, perform the procedure in Downloading the Self-Signed Certificate (After Running the Configuration Wizard), page 7-25.

– After any installation: Generate a self-signed certificate from Cisco Unified Mobility Advantage by Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11

Procedure

Step 1 Open the self-signed certificate from Cisco Unified Mobility Advantage in WordPad (not Notepad.)

Step 2 Import the certificate into the Cisco Adaptive Security Appliance trust store:

crypto ca trustpoint <trustpoint-cuma-selfsigned>

enrollment terminal

crypto ca authenticate <trustpoint-cuma-selfsigned>

Select All and copy the contents of the certificate from WordPad.

Include the following lines. Make sure there are no extra spaces at the end.



Paste into the Cisco Adaptive Security Appliance command-line interface window.

Related Topics

• Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4

What To Do Next

• Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance, page 2-14



Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance

We recommend that you configure Cisco Unified Mobility Advantage to require a certificate from the Cisco Adaptive Security Appliance. Use this procedure to provide the required self-signed certificate.

Procedure

Step 1 Enter configuration mode:

conf t

Step 2 Generate a key pair:

crypto key generate rsa label <keypair-asa-cuma-selfsigned>

You will see a “Please wait...” message; look carefully for the prompt to reappear.

Step 3 Create the certificate:

crypto ca trustpoint <trustpoint-asa-cuma-selfsigned>

enrollment self

keypair <keypair-asa-cuma-selfsigned>

crypto ca enroll <trustpoint-asa-cuma-selfsigned>

incl device serial number in the subject name - n

Gen self signed - y

Step 4 Export the certificate:

crypto ca export <trustpoint-asa-cuma-selfsigned> identity-certificate

Step 5 Copy and paste the text into WordPad.

Include the following lines. Make sure there are no extra spaces at the end.



Step 6 Save the file as a text file.

Troubleshooting Tip

If you need to retrieve the certificate text later, use this command: crypto ca export <trustpoint-name> identity-certificate

Related Topics


What To Do Next

After you install or upgrade Cisco Unified Mobility Advantage, import the certificate into the Security Context that is specified on the System Management > Network Properties page in the Admin Portal in Cisco Unified Mobility Advantage. If you used, or will use, the Configuration Wizard, this is the cuma Security Context. See Importing Self-Signed Certificates from Trusted Servers, page 9-10.


Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage Setting up the TLS Proxy

Setting up the TLS ProxyUse the Cisco Adaptive Security Appliance command-line interface to set up the TLS proxy. This procedure creates a TLS proxy instance for Cisco Unified Mobile Communicator client connections and for Cisco Adaptive Security Appliance communications with Cisco Unified Mobility Advantage.

Before You Begin

• Import the signed certificate to present to clients. See How to Obtain and Install a Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8.

• Generate a self-signed certificate from Cisco Adaptive Security Appliance and import it into Cisco Unified Mobility Advantage. See Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance, page 2-14.

Procedure

Step 1 Run these commands to set up the TLS Proxy on the Cisco Adaptive Security Appliance:

tls-proxy <tls-proxy-name>

server trust-point <trustpoint-cuma-signed>

This is the trustpoint that holds the signed certificate that Cisco Adaptive Security Appliance will present to the mobile clients, which you imported above.

client trust-point <trustpoint-asa-cuma-selfsigned>

This is the trustpoint that holds the self-signed certificate that Cisco Adaptive Security Appliance will present to Cisco Unified Mobility Advantage, which you generated above and imported into Cisco Unified Mobility Advantage.

no server authenticate-client

In this release, the Cisco Adaptive Security Appliance must automatically trust the mobile client. Cisco Adaptive Security Appliance will not authenticate client connections.

client cipher-suite aes128-sha1 aes256-sha1

Related Topics


Defining MMP InspectionThis procedure validates the Mobile Multiplexing Protocol (MMP), a proprietary protocol.

Procedure


Step 2 Run these commands to define MMP inspection:

access-list mmp_inspect extended permit tcp any any eq <Proxy Client Connection Port>


Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Testing Your Cisco Adaptive Security Appliance Configuration

class-map cuma_proxy

match access-list mmp_inspect

exit

policy-map global_policy

class cuma_proxy

inspect mmp tls-proxy <tls-proxy-name>

exit

exit

service-policy global_policy global

Testing Your Cisco Adaptive Security Appliance Configuration Perform the following basic tests to be sure your configuration can successfully route communications internally and externally.

Procedure

Step 1 Ping the private IP address of the Cisco Unified Mobility Advantage server from the Cisco Adaptive Security Appliance.

Step 2 Ping an IP address on the internet.

What To Do Next

If either test is unsuccessful, see Fixing Unsuccessful Pings, page 2-18.

Troubleshooting the Cisco Adaptive Security Appliance • Useful Commands, page 2-16

• Fixing Unsuccessful Pings, page 2-18

• SSL Handshake Failures, page 2-18

• Debugging TLS-Proxy and MMP Configurations, page 2-18

Useful CommandsThe following are useful commands for troubleshooting your Cisco Adaptive Security Appliance configuration.

You may need to be in a particular mode, such as privileged EXEC, in order to use some of these commands.

For complete information on any command, see the Cisco Security Appliance Command Reference.


Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage Troubleshooting the Cisco Adaptive Security Appliance

Related Topics

• No Connectivity On Initial Tests, page 19-3

• Some Clients Cannot Connect on Initial Tests, page 19-3

To Use These Commands

Enable logs for troubleshooting • logging timestamp

• logging list loglist message 711001

• logging list loglist message 725001-725014

• logging list loglist message 717001-717038

• logging buffer-size 1000000

• logging buffered loglist

• logging debug-trace

Show the current logging configuration show logging

Clear logs clear logging buffer

Show the current configuration settings show running-config

Show existing keypairs to see if a keypair has been generated.

sh crypto key mypubkey rsa

Display certificate information to verify that it was entered and imported correctly.

sh crypto ca certificate <certificate_name>

Check configuration of all certificates on the Cisco Adaptive Security Appliance

sh crypto ca certificates

Check configuration of the certificate from Cisco Unified Mobility Advantage that you imported into the Cisco Adaptive Security Appliance

sh crypto ca trustpoints

Clear a command or remove a configured item, such as a trustpoint, to reconfigure it

no <command to clear>

Clear a configuration under a specific command so that you can reconfigure it

clear configure <command>

Example: To delete the tls proxy:

clear configure tls-proxy

Use the following commands to see what happens on the Cisco Adaptive Security Appliance when you try to connect using the client:

Show the information about the current tls-proxy session

sh tls-proxy session detail

Show debug messages for TLS proxy inspection debug inspect tls-proxy

Show a list of active MMP sessions show mmp

Display inspect MMP events debug mmp


Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Troubleshooting the Cisco Adaptive Security Appliance

Fixing Unsuccessful Pings

Procedure

SSL Handshake Failures Note the following:

• SSL handshake errors can result from problems with the connection between the client and the Cisco Adaptive Security Appliance or between the Cisco Adaptive Security Appliance and Cisco Unified Mobility Advantage. Check both sets of configurations.

• This error is benign: %ASA-7-725014: SSL lib error. Function: SSL3_READ_BYTES Reason: ssl handshake failure,

• If a SSL Handshake error message causes the tls-proxy session to close, then check certificate configuration:

sh crypto ca certificates

sh crypto ca trustpoints

• If any of the trustpoints shows as “Not configured”, revisit the certificate portion of the configuration.

Debugging TLS-Proxy and MMP Configurations Try this procedure if connections are unsuccessful.

Procedure

Step 1 Use the following commands to enable debugging:

debug inspect tls-proxy all

debug mmp

Step 2 Use the following commands to check if MMP inspection is happening:

If Do This

You cannot ping the private IP address of the Cisco Unified Mobility Advantage server from the Cisco Adaptive Security Appliance

a. Use the following command to check if the first hop is your default router: traceroute <private IP address of the Cisco Unified Mobility Advantage server> source inside

b. Check the routing commands for the inside interface

c. Make sure that you have configured the access-list to allow traffic to go through the inside interface

Ping an IP address on the internet from the Cisco Adaptive Security Appliance.

Check the routing commands for the outside interface.


Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage Troubleshooting the Cisco Adaptive Security Appliance

show mmp

show tls-proxy

Step 3 Check if the inspection port is correct, if you see MMP messages on the logs but no tls-proxy messages.


Chapter 2 Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Troubleshooting the Cisco Adaptive Security Appliance



C H A P T E R 3
Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage
Revised Date: June 30, 2009

Configure Cisco Unified Communications Manager to provide features to Cisco Unified Mobility Advantage.

Note Specific instructions for these procedures may vary depending on your release of Cisco Unified Communications Manager. See the documentation for your release for the instructions for your release.

• How to Configure Call Log Monitoring

• How to Configure Dial Via Office

• Configuring Prerequisites for Transfer of Active Calls Between Phones, page 3-13

• How to Configure Server Security for Connections with Cisco Unified Communications Manager, page 3-13

• Backup Cisco Unified Communications Manager Server Configuration, page 3-18

• Changes to Cisco Unified Communications Manager Configurations, page 3-18

• How to Configure Cisco Unified Communications Manager for Each User and Device, page 3-19

How to Configure Call Log Monitoring In addition to the basic configurations required to run Cisco Unified Mobility Advantage (such as configuring the Cisco Adaptive Security Appliance, configuring users in Cisco Unified Mobility Advantage, and installing the client on the mobile phone), perform the following steps that are specific to this feature.

• Configuring Call Log Monitoring, page 3-2

• Creating CTI-Enabled “Super User” Accounts, page 3-3

• Ensuring That the CTI Service Is Running, page 3-5

• Configuring Standard AXL API Access to Retrieve User Information, page 3-5


Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Call Log Monitoring

• Application Dialing Rules, page 3-6

• Recommended Directory Lookup Settings, page 3-7

• Configuring Directory Lookup Rules in Cisco Unified Communications Manager, page 3-8

Configuring Call Log Monitoring

Procedure

To See

Step 1 If you are making changes to a running system, stop Cisco Unified Mobility Advantage.

Note that this will impact users.

Stopping Cisco Unified Mobility Advantage, page 11-1

Step 2 Configure system-level requirements in Cisco Unified Communications Manager.


• Ensuring That the CTI Service Is Running, page 3-5


• Application Dialing Rules, page 3-6

If you are using Cisco Unified Communications Manager Release 5.x or later:


• Directory Lookup Settings, page A-8


Step 3 Make sure users and their devices are configured properly in Cisco Unified Communications Manager.

• Requirements for Configuring Devices in Cisco Unified Communications Manager (For All Cisco Unified Communications Manager Features), page 3-19

• Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled “Super User”, page 3-19

• Configuring User Accounts in Cisco Unified Communications Manager, page 3-20



Related Topics

• How to Solve Call Log Problems, page 19-8

Creating CTI-Enabled “Super User” Accounts Cisco Unified Mobile Communicator lets users view call logs that include calls to their desk phones, in addition to calls on their mobile phones. You must create up to four “super user” accounts to support this feature. These will be End User accounts, but they are distinct from the accounts for each human user.

Because Cisco Unified Communications Manager limits End User accounts to support for 250 devices, you may need to create up to four separate accounts to accommodate the maximum 1000 Cisco Unified Mobility Advantage users. You will associate these accounts with the primary directory number (usually the desk phone) for each user of Cisco Unified Mobile Communicator.

Procedure

Step 1 Sign in to the Cisco Unified Communications Manager Admin interface.

Step 4 After you install Cisco Unified Mobility Advantage, configure Cisco Unified Mobility Advantage to connect to Cisco Unified Communications Manager.

If this is a new installation, you will perform these procedures when you run the Configuration Wizard after installation.

If this is an upgrade from Release 3.x, or you are changing your release of Cisco Unified Communications Manager for a running system:

• Viewing and Changing Enterprise Adapter Settings, page 10-4

• About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6

• Server Settings, page A-7

Step 5 If you are using Cisco Unified Communications Manager Release 4.x, configure directory lookup rules in Cisco Unified Mobility Advantage.



• Configuring Directory Lookup Settings in Cisco Unified Mobility Advantage, page 10-5

Step 6 Enable call log monitoring in Cisco Unified Mobility Advantage.

If this is a new installation, you will perform this procedure when you run the Configuration Wizard after installation.

If this is an upgrade from Release 3.x, or you are adding or changing this feature on a running system:

• Enabling Call Log Monitoring and Configuring Options, page 12-2

Step 7 Start Cisco Unified Mobility Advantage if you are reconfiguring a running system.

Starting Cisco Unified Mobility Advantage, page 11-1

To See



Step 2 Select User Management > End User.

Step 3 Select Add New.

Step 4 Add the primary phone (usually the desk phone, but not the mobile phone) for each Cisco Unified Mobile Communicator user to the Controlled Devices list in the Device Information section.

Tip You can add one device now for testing purposes, then add the remainder of the devices later, when you are configuring Cisco Unified Communications Manager for each user and device.

Step 5 Assign the End User to the proper groups and roles:

Step 6 Configure the remaining fields as needed for your deployment. They are not specifically used by Cisco Unified Mobility Advantage.

Step 7 Select Save.

Step 8 Note the user IDs and passwords for these accounts.

You will need this information when:

• you configure Cisco Unified Mobility Advantage.

• you add support for additional users.

Related Topics


In Cisco Unified Communications Manager Release Do This

4.x Select Enable CTI Application Use on the User Configuration window.

5.1 • Assign the user to the Standard CTI Enabled group.

• Make sure user is assigned to the Standard CCM End Users group.

• From the End User Configuration window, select Allow Control of Device from CTI for this user. (This is the default.)

6.0

7.0 1. Add the following Groups into the Permissions Information section:

– Standard CTI Enabled

– Standard CCM End Users.

2. Select Save.

3. Verify that the following Roles appear:

– Standard CTI Enabled,

– Standard CCMUSER Administration


4. Select Allow Control of Device from CTI.



Ensuring That the CTI Service Is Running Make sure that the CTIManager service is activated and running, or call logs will not be updated.

These instructions apply to Cisco Unified Communications Manager Release 5.x and later. For Release 4.x, see your Cisco Unified Communications Manager documentation.

Procedure

Step 1 Open the Cisco Unified Communications Manager Admin interface but do not sign in.

Step 2 Select Cisco Unified Serviceability from the list box in the upper right corner of the page.

Step 3 Select Go.

Step 4 Sign in with your platform credentials.

Step 5 Select Tools > Service Activation.

Step 6 Select the publisher server.

Step 7 Select Cisco CTIManager.

Step 8 Select Save.

Step 9 Restart Cisco Unified Mobility Advantage if it is running.

Configuring Standard AXL API Access to Retrieve User Information You must create an application user account with AXL API access in order to allow Cisco Unified Mobility Advantage to retrieve user information such as the primary line from Cisco Unified Communications Manager.

This topic applies to Cisco Unified Communications Manager releases 5.x through 7.0 only.

(For Cisco Unified CallManager release 4.x, Cisco Unified Mobility Advantage determines which line to monitor for call log monitoring by using the attribute you specify for “Work Phone” in the Advanced Settings tab of the Enterprise Adapter page for Active Directory. By default, this is the “telephoneNumber” attribute. This attribute must contain a unique value for each user.)

Procedure


Step 2 Select User Management > Application User.


Step 4 Enter information for this application user.

Step 5 Add the Standard CCM Super Users Group into the Permissions Information section.

Step 6 Select Save.

Step 7 Verify that the Standard AXL API Access role appears.

Step 8 Configure the remaining fields as needed for your deployment. They are not specifically used by Cisco Unified Mobility Advantage.

Step 9 Select any item in the Permissions Information > Roles list, then select View Details.



Step 10 Scroll to the bottom of the detailed Roles view, then select Add New.

Step 11 Select Cisco Call Manager AXL Database from the list and select Next.

Step 12 Enter a name and description for this new role.

Step 13 Select Allow to use API.

Step 14 Select Save.

Step 15 Note the user ID and password for this account.

What To Do Next

After you install Cisco Unified Mobility Advantage or upgrade from Release 3.x, enter this Application User ID and its associated password into the Server Settings page of the Enterprise Adapter configuration for Cisco Unified Communications Manager. For Release 7.0(2), enter the information into the “Web Services Information” section; for Release 7.0(1), enter the information into the "SOAP Information" section. See About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6.

Application Dialing Rules Because people dial numbers from mobile phones differently than the way they dial numbers from desk phones, you must configure Cisco Unified Communications to accommodate the different dialing rules.

For example, in the United States, there are several dialing prefixes that employees generally must use when dialing from desk phones, which users of mobile phones normally do not use:

• Calls from desk phones to numbers outside the company in the same telephone area code must begin with “9”.

• Calls from desk phones to numbers outside the company in a different telephone area code must begin with “91”.

• Calls from desk phones to numbers outside the company and outside the country must begin with “9011”, while international calls from mobile phones often begin with a “+”.

To allow users to dial from mobile devices without using these additional digits, define appropriate Application Dial Rules for your country or location.

These dialing rules also apply to the mobile device phone numbers you specify when provisioning users.

Note These dialing rules do not apply to alternate callback numbers that the user specifies in Cisco Unified Mobile Communicator. Users must enter alternate callback numbers in the format they would use if they were dialing from their desk phones.

For information about configuring application dialing rules, see the online help in Cisco Unified Communications Manager. Work with your Cisco Unified Communications Manager administrator to configure these rules.

Note Restart Cisco Unified Mobility Advantage if you make changes to a running system.



Recommended Directory Lookup Settings Call logs in Cisco Unified Mobile Communicator can display the name as well as the phone number of callers and called parties who are in the corporate directory. Cisco Unified Mobility Advantage finds these names by searching for the phone number in the directory. However, callers can successfully dial numbers that do not exactly match the pattern of the numbers in the directory, so you should create Directory Lookup rules to accommodate dialed numbers with formats that do not match the format in the directory.

For example, if the user dials 95551111 (9-555-1111) to reach a person whose number appears in the directory as 5551111, you must create a rule that strips the 9 from the beginning of the number before searching, so that it matches the entry in the directory.

Use Directory Lookup rules to transform the following numbers into the number as it appears in the directory:

• Numbers dialed from the primary desk phone of the user

• (For Cisco Unified Communications Manager 7.0 only) Numbers dialed from the mobile phone using the Dial-via-Office feature

• Numbers of corporate callers who call the primary office number of the user.

Include rules to accommodate all numbers that can successfully be connected, including numbers as users may dial them when roaming outside their home area code or country. For example, account for the following within the United States:

• the extension only

• numbers within the home area code

• dialing from other area codes

• dialing from other country codes

• dialing prefixes such as:

– 011 and + (International direct dialing prefix - for dialing international numbers from the United States)

– 1 (National direct dialing prefix - for dialing numbers in another area code in the United States)

– 8 or 9 (Dial out prefix - required for dialing numbers outside of many companies)

Create your rules so that only one rule can apply to each phone number, or order the rules so that the intended number matches before any other possible match. For example, list 54321 before 543 to ensure that 54321 does not match 543 instead of 54321.

Configure separate rules for incoming and outgoing calls.

Tip To help determine which Directory Lookup rules you will need, look at your Application Dial Rules in Cisco Unified Communications Manager.

Examples of rules for outgoing calls:



Cisco Unified Mobility Advantage tests each phone number against each rule in the order in which it appears. When Cisco Unified Mobility Advantage finds an applicable rule, it applies the rule to the phone number, searches the directory for the resulting number, retrieves any matching name, and includes the name in the call log in Cisco Unified Mobile Communicator. If no match is found, Cisco Unified Mobility Advantage looks to see if another rule applies. If no rules apply, Cisco Unified Mobility Advantage searches the directory for the unmodified number.

Related Topics


Configuring Directory Lookup Rules in Cisco Unified Communications Manager Cisco Unified Mobility Advantage can identify callers and called parties by name in the user call logs, if you configure directory lookup rules to match the dialed number to the associated name in the directory.

Because the numbers dialed to and from mobile phones may be in different formats from the numbers dialed from desk phones, the directory lookup rules for mobile calls may differ from existing directory lookup rules configured in Cisco Unified Communications Manager. You must add directory lookup rules to handle calls to and from mobile devices.

Any time you change the directory lookup rules, restart Cisco Unified Mobility Advantage if it is running.

Restrictions

For Cisco Unified Communications Manager versions 5.x through 7.0, configure directory lookup rules in Cisco Unified Communications Manager using the procedure in this topic.

For Cisco Unified CallManager release 4.x, configure the Directory Lookup Settings in Cisco Unified Mobility Advantage. See Configuring Directory Lookup Settings in Cisco Unified Mobility Advantage, page 10-5.

Before You Begin

Determine the directory lookup settings you need to add. See the following:

Setting

Number Dialed Is:1111


Number Dialed Is: 95551111



Number Dialed Is:+14085551111

Number Begins With

— No rule is needed.

9555 408555 91408555 001408555

Number of Digits 4 8 10 12 12

Total Digits To Be Removed

— 1 3 5 5

Prefix With Pattern 555 — — — —

Result = Number in the directory

5551111 5551111 5551111 5551111 5551111 5551111


Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Dial Via Office



For more information about configuring directory lookup rules in Cisco Unified Communications Manager, see the online help in Cisco Unified Communications Manager.

Procedure


Step 2 Choose Call Routing > Dial Rules > Directory Lookup Dial Rules.


Step 4 Enter specifics for the rule.

• For rules to be applied to incoming calls to the mobile device, the Rule Name MUST begin with indir. For example, indir_international.

• For rules to be applied to outgoing calls from the mobile device, the Rule Name MUST begin with outdir. For example, outdir_internal.

Step 5 Select Save.

Step 6 Repeat to create each rule.

Step 7 Select any rule name in the list

Step 8 Use the arrows to position each rule in order to ensure correct matching.

Step 9 Select Save.


How to Configure Dial Via Office Cisco Unified Communications Manager Release 7.0(1) Service Update 1 or higher is required for dial via office.

Dial via Office allows users to make calls from their mobile phone as if they were dialing from their desk phone.

• Configuring Dial Via Office, page 3-9

• Configuring the Enterprise Feature Access Directory Number, page 3-11

• Important Information About DTMF Access Codes, page 3-12

• Device Pool Requirements, page 3-12

Configuring Dial Via Office In addition to the basic configurations required to run Cisco Unified Mobility Advantage (such as configuring the Cisco Adaptive Security Appliance, configuring users in Cisco Unified Mobility Advantage, and installing the client on the mobile phone), perform the following steps that are specific to this feature.



Tip Configuring this functionality is complex. Perform these procedures carefully to ensure that you do not omit or misconfigure anything.

Procedure

To See




Step 2 Configure system-level requirements in Cisco Unified Communications Manager.

If you configured Cisco Unified Communications Manager for call log monitoring, you have addressed the first two already.






Step 3 Configure each user and device in Cisco Unified Communications Manager.

If you configured Cisco Unified Communications Manager for call log monitoring, you may have addressed the first three already.




• Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager, page 3-21

Step 4 After you install Cisco Unified Mobility Advantage, configure Cisco Unified Mobility Advantage to connect to Cisco Unified Communications Manager.


If this is an upgrade from Release 3.x, or you are changing your Cisco Unified Communications Manager release with a running system:





Related Topics

• How to Solve Problems With the Dial Via Office Feature, page 19-10

Configuring the Enterprise Feature Access Directory Number If the Enterprise Feature Access Directory Number is already configured, you do not need to make further changes.

The Cisco Unified Mobility Advantage uses the Enterprise Feature Access Directory Number for the caller ID when Cisco Unified Communications Manager calls back the user in Dial-via-Office calls. This number appears in the native call log on the mobile phone, but does not appear in the call logs within Cisco Unified Mobile Communicator.

If you want Cisco Unified Mobile Communicator users to be able to use DTMF codes to access mid-call features such as hold, resume, park, and conference when they use the Dial via Office feature, configure Enterprise Feature Access using the instructions in the Cisco Unified Communications Manager documentation. Otherwise, use the procedure in this topic.

Procedure


Step 2 Select Call Routing > Mobility Configuration.

Step 3 Enter values for the following fields:

Step 5 Enable the Dial via Office feature in Cisco Unified Mobility Advantage.


If this is an upgrade from Release 3.x, or you are adding or changing this feature on a running system:

• Enabling the Dial-Via-Office Feature and Options, page 12-3



To See



Important Information About DTMF Access Codes This topic applies to Cisco Unified Communications Manager release 7.0.

All DTMF access codes that you configure in Cisco Unified Communications Manager must be mutually exclusive. Make sure the default mobility DTMF access codes do not overlap with other mid-call DTMF access codes.

For example, by default mobility features and Cisco Unity both use the asterisk (*) for midcall features, which prevents DTMF features in both applications from working properly.

This issue is not specific to Cisco Unified Mobility Advantage, but will affect Cisco Unified Mobile Communicator users when they access voicemail or use mid-call features.

To configure DTMF access codes, see the documentation for your release of Cisco Unified Communications Manager.

Related Topics


Device Pool Requirements When you configure mobile devices for each user in Cisco Unified Communications Manager, each Cisco Unified Mobile Communicator device must be associated with a device pool that includes the Cisco Unified Communications Manager server to which Cisco Unified Mobility Advantage will point. For simplicity, consider creating a dedicated device pool for this purpose.

Option Description

Handoff Number This value is required in order to create an Enterprise Feature Access partition; if you do not otherwise require a Handoff Number, enter a dummy internal unused DN that is associated with a valid partition.

Handoff Number Partition This value is required in order to create an Enterprise Feature Access partition.

This partition should be present in the Remote Destination inbound Calling Search Space, which points either to the inbound Calling Search Space of the Gateway or Trunk or to the Remote Destination Calling Search Space.

Enterprise Feature Access Directory Number

Enter the Direct Inward Dial (DID) number that is required for enterprise feature access.

This number must be unique.

Enterprise Feature Access Directory Number Partition

This partition should be present in the Remote Destination inbound Calling Search Space, which points either to the inbound Calling Search Space of the Gateway or Trunk or to the Remote Destination Calling Search Space.


Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage Configuring Prerequisites for Transfer of Active Calls Between Phones

If you will specify a primary and a backup Cisco Unified Communications Manager server in Cisco Unified Mobility Advantage, list the servers in that order (first primary, then secondary) in the Cisco Unified Communications Manager group associated with this device pool.

For information about Device Pools, see the Cisco Unified Communications Manager documentation.

Related Topics


Configuring Prerequisites for Transfer of Active Calls Between Phones

This feature is only available with Cisco Unified Communications Manager Releases 6.x and 7.0.

To allow users to transfer calls in progress between their desk phones and their mobile phones, configure the mobility handoff functionality (also referred to as the Desktop Call Pickup feature) in Cisco Unified Communications Manager.

Procedure


Step 2 Select Device > Device Settings > Softkey Template.

Step 3 Create a new template or modify an existing template.

Step 4 Select Configure Softkey Layout from the Related Links menu in the upper right corner of the window.

Step 5 Select Go.

Step 6 Select Connected for Select a call state to configure.

Step 7 Add Mobility to the selected Softkeys.

Step 8 Select Save.

Related Topics

• Adding the Softkey Template to the Primary Desk Phone of Each User, page 3-21

How to Configure Server Security for Connections with Cisco Unified Communications Manager

Server security features are available only with Cisco Unified Communications Manager Release 7.0(1) Service Update 1 or later.

Secure connections between internal servers are not required by default for Cisco Unified Mobility Advantage to operate. However, your Cisco Unified Communications Manager configuration and your corporate security policies may require a secure connection between Cisco Unified Mobility Advantage and Cisco Unified Communications Manager.


Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Server Security for Connections with Cisco Unified Communications Manager

• Configuring Secure Connections with Cisco Unified Communications Manager, page 3-14

• Cisco Unified Mobility Advantage Server Security Profile, page 3-15

• Obtaining a Certificate from Cisco Unified Communications Manager, page 3-16

• Importing Certificates into Cisco Unified Operating System Servers, page 3-16

Configuring Secure Connections with Cisco Unified Communications Manager This procedure set describes how to deploy self-signed certificates for secure connections between Cisco Unified Mobility Advantage and Cisco Unified Communications Manager.

You must perform some of these steps after you install Cisco Unified Mobility Advantage.

Before You Begin

• If you want to familiarize yourself with server security concepts for Cisco Unified Mobility Advantage, see Chapter 9, “Managing Server Security in Cisco Unified Mobility Advantage.”

• Determine whether this procedure fits into your Cisco Unified Communications Manager security plan. Security configuration in Cisco Unified Communications Manager is quite complex. See the Cisco Unified Communications Manager Security Guide for complete information.

• We recommend that you verify that the Dial via Office, MobileConnect, and call log monitoring features function properly before you configure server security.

Procedure

Do This For Instructions, See




Step 2 In Cisco Unified Mobility Advantage, create a Security Context that specifies Trusted Certificates for the Trust Policy.

You can use this Security Context for all enterprise servers that have the same security requirements.

If you will follow the instructions for the Configuration Wizard you can use the cuma Security Context.

Creating Security Contexts, page 9-7

Step 3 Stop Cisco Unified Mobility Advantage if it is running.


Step 4 In the Enterprise Adapter for Cisco Unified Communications Manager, select TLS as the Transport Type, then specify the Security Context that you created in an earlier step in this table.



Step 5 In Cisco Unified Communications Manager, require secure communications.

Cisco Unified Mobility Advantage Server Security Profile, page 3-15



Cisco Unified Mobility Advantage Server Security Profile This section applies only to Cisco Unified Communications Manager Release 7.0.

To create a security profile for the Cisco Unified Mobility Advantage server in Cisco Unified Communications Manager, see the “Configuring a Cisco Unified Mobility Advantage Security Profile” chapter in the Cisco Unified Communications Manager Security Guide at http://cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.html?q= .

Essentially, you will set the Transport Type to TLS, by specifying “Authenticated” or “Encrypted” as the Device Security Mode on the “CUMA Server Security Profile” page.

Keep the following points in mind:

• You can associate only one Cisco Unified Mobility Advantage server with each Cisco Unified Communications Manager cluster.

• If you allow a TCP (non-secure) connection, you are not limited to a single Cisco Unified Mobility Advantage per Cisco Unified Communications Manager server.

• When you configure a Security Context in Cisco Unified Mobility Advantage for the Cisco Unified Communications Manager enterprise adapter, the connection type must be the same as the connection type you specify in Cisco Unified Communications Manager.

• If you require authenticated or encrypted connections, you must provide the required certificate to Cisco Unified Communications Manager.

• The X.509 value you need to supply is generally the hostname of the Cisco Unified Mobility Advantage server.

Related Topics



Step 6 Download a self-signed certificate from Cisco Unified Mobility Advantage.

Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11

Step 7 Import this certificate to the trust store of Cisco Unified Communications Manager.

Importing Certificates into Cisco Unified Operating System Servers, page 3-16

Step 8 Generate a certificate from Cisco Unified Communications Manager.

Obtaining a Certificate from Cisco Unified Communications Manager, page 3-16

Step 9 Import this certificate to the trust store of Cisco Unified Mobility Advantage.

Importing Self-Signed Certificates from Trusted Servers, page 9-10

Step 10 If you configure a backup Cisco Unified Communications Manager server, repeat this procedure for the backup server.

—





http://cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.html?q=


Obtaining a Certificate from Cisco Unified Communications Manager This topic applies only if you are using Cisco Unified Communications Manager Release 7.0 and is not required unless you configure Cisco Unified Mobility Advantage to require a self-signed certificate for identity verification when connecting to Cisco Unified Communications Manager.

Before You Begin

• Create a Security Context in Cisco Unified Mobility Advantage and set the Trust Policy to Trusted Certificates. See Creating Security Contexts, page 9-7.

• Assign that Security Context to the Enterprise Adapter for Cisco Unified Communications Manager. See Viewing and Changing Enterprise Adapter Settings, page 10-4.

Procedure

Step 1 Open the Cisco Unified Communications Manager Admin interface but do not sign in.

Step 2 Select Cisco Unified OS Administration from the list box in the upper right corner of the page.

Step 3 Sign in using the platform administration credentials for the Cisco Unified Communications Manager server.

Step 4 Select Security > Certificate Management.

Step 5 Select Find to display all certificates.

Step 6 Select CallManager.pem.

Step 7 Select Download.

Step 8 Save the .cer file to your desktop.

Step 9 Return to the list of certificates.

Step 10 Select tomcat.pem.

Step 11 Select Download.

Step 12 Save the .cer file to your desktop.

What To Do Next

• Continue with remaining procedures in How to Configure Server Security for Connections with Cisco Unified Communications Manager, page 3-13.

• Continue with other procedures in this chapter for deploying Cisco Unified Communications Manager with Cisco Unified Mobility Advantage.

Importing Certificates into Cisco Unified Operating System ServersIf your IT security policies require Cisco Unified Communications Manager, Cisco Unified Presence, or Cisco Unity Connection servers to require a self-signed certificate from Cisco Unified Mobility Advantage, use this procedure to import that certificate.

For more information about uploading the required certificates to the trust store of the Cisco Unified Communications Manager or other server, see the Security chapter of the Cisco Unified Communications Operating System Administration Guide for that server.



Before You Begin

• Determine whether the server requires a certificate from Cisco Unified Mobility Advantage. For Cisco Unified Communications Manager, see Cisco Unified Mobility Advantage Server Security Profile. For other servers, see the documentation for those servers. By default, a certificate is not required.

• Obtain a certificate from Cisco Unified Mobility Advantage. See Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11.

Procedure

Step 1 Open the Admin interface of the server in a browser window.

Step 2 Select Cisco Unified OS Administration in the top right corner of the window.

Step 3 Select Go.

Step 4 Sign in.

Step 5 Select Security > Certificate Management

Step 6 Select Upload Certificate.

Step 7 Enter information:

Step 8 Select Browse and select the certificate file from Cisco Unified Mobility Advantage.

For example, if you generated a self-signed certificate, locate the .cer file you saved.

Step 9 Select Upload File.

Step 10 Restart the service:

a. Select Cisco Unified Serviceability from the list box in the top right corner of the window.

b. Select Go.

c. Sign in using your platform administrator credentials.

d. Select Tools > Service Activation.

e. For Cisco Unified Communications Manager:

Restart the CiscoCallManager service.

f. For Cisco Unified Presence:

Restart the Presence Engine Service and the Proxy Service.

Item Description

Certificate Name For the Cisco Unified Communications Manager server:

Select CallManager-trust from the list.

For the Cisco Unified Presence server:

Select sipproxy-trust from the list.

For Cisco Unity Connection:

Select tomcat-trust from the list.

Root Certificate Enter a name for the Cisco Unified Mobility Advantage certificate.

Description Enter a description.


Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage Backup Cisco Unified Communications Manager Server Configuration

g. For Cisco Unity Connection:

Restart the Connection IMAP Server and Connection SMTP Server services.


What To Do Next

Complete certificate deployment requirements for your server:

• For Cisco Unified Communications Manager, see How to Configure Server Security for Connections with Cisco Unified Communications Manager, page 3-13.

• For Cisco Unified Presence, see How To Configure Server Security for Cisco Unified Presence, page 4-3.

• For Cisco Unity Connection, see Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5.

Backup Cisco Unified Communications Manager Server Configuration

If you will specify a backup Cisco Unified Communications Manager server, make sure it is configured identically to the primary Cisco Unified Communications Manager server.

Changes to Cisco Unified Communications Manager Configurations

If you change the user ID or password of any of the CTI-enabled “super user” accounts, or of the Application User account to which you assigned AXL API access, update the Enterprise Adapter for Cisco Unified Communications Manager in the Admin Portal of Cisco Unified Mobility Advantage,.

Before you make any changes in this adapter, stop Cisco Unified Mobility Advantage, then start Cisco Unified Mobility Advantage again after you submit your changes.

Stopping Cisco Unified Mobility Advantage will log all users out of Cisco Unified Mobile Communicator.

Related Topics




• Stopping Cisco Unified Mobility Advantage, page 11-1

• Starting Cisco Unified Mobility Advantage, page 11-1


Chapter 3 Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage How to Configure Cisco Unified Communications Manager for Each User and Device

How to Configure Cisco Unified Communications Manager for Each User and Device

Provision each user in Cisco Unified Communications Manager.




• Adding the Softkey Template to the Primary Desk Phone of Each User, page 3-21


• Configuring a Presence Account for Each User in Cisco Unified Communications Manager, page 3-24

Requirements for Configuring Devices in Cisco Unified Communications Manager (For All Cisco Unified Communications Manager Features)

• Each user must already have a functioning account with a primary desk phone number configured in Cisco Unified Communications Manager.

• These instructions assume the Primary Extension is the desk phone directory number. Make sure the Owner User ID is configured for the desk phone.

• You have configured all applicable system-level requirements in Cisco Unified Communications Manager documented earlier in this chapter.

• If you are using Cisco Unified Communications Manager Release 7.x and users of the Release 3.x client for Nokia Symbian phones will use the same mobile phone number after they migrate to Release 7.x of the client, you must delete their existing Remote Destination profile before you configure the user and device in Cisco Unified Communications Manager following instructions in this section.

Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled “Super User”

This topic applies to all deployments.

Add the primary phone (usually the desk phone, but not the mobile phone) of each Cisco Unified Mobile Communicator user to the Device Information section of one of the CTI-enabled “super users” that you created above.

Before You Begin

You will need the usernames of the “super user” accounts you created in Creating CTI-Enabled “Super User” Accounts, page 3-3.



Procedure



Step 3 Select Find.

Step 4 Select the appropriate End User in the list.

Step 5 Scroll to the Device Information section.

Step 6 Double-click the desk phone device (not the mobile phone) in the Available Devices list.

The phone will move to the Controlled Devices list.

Step 7 Repeat for each device to add.

Step 8 Select Save.


Troubleshooting Tip

If you do not see the phone in the Available Devices list, select Find More Phones. See the online help for Cisco Unified Communications Manager for more information.

Configuring User Accounts in Cisco Unified Communications Manager This topic applies to all deployments.

(For Cisco Unified Communications Manager Release 6.x and later) Enabling mobility features enables MobileConnect (which rings the mobile phone when callers call the desk phone number), and in-call features such as the ability to transfer and hold calls.

[For Cisco Unified Communications Manager Release 7.0(1) Service Update 1] Enabling mobility also enables Dial via Office.

Enabling mobility may consume device license units (DLUs). For details, search the online help in Cisco Unified Communications Manager for “Enable Mobility.”

Procedure



Step 3 Find the user to configure.

Step 4 Select Allow Control of Device from CTI.

Step 5 Set the Primary Extension in the Directory Number Association to the directory number of the primary line, usually the desk phone.

Step 6 (For Cisco Unified Communications Manager Releases 6.x and 7.0) Select Enable Mobility.

Step 7 Assign the user to the proper groups and roles:

Add the following into the Permissions Information section:

• Groups:



– Standard CTI Enabled


• Roles:

– Standard CTI Enabled,

– Standard CCMUSER Administration


Step 8 Select Save.

Adding the Softkey Template to the Primary Desk Phone of Each User This feature is only available with Cisco Unified Communications Manager Releases 6.x and 7.0.

This procedure allows users to transfer active calls between their desk phones and their mobile phones.

Before You Begin

• Complete the procedure in Configuring Prerequisites for Transfer of Active Calls Between Phones, page 3-13.

• If you have configured a common device configuration that is assigned to the desk phones of all of your mobile users, modify that common device configuration instead of each individual phone as described in this procedure.

Procedure


Step 2 Navigate to the page associated with the primary desk phone of a Cisco Unified Mobile Communicator user.

Step 3 Look for the Softkey Template field.

Step 4 Select the softkey template you created for transferring active calls between phones.

Step 5 Select Save.

Step 6 Repeat this procedure for each Cisco Unified Mobile Communicator user.

Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager

This procedure applies to Cisco Unified Communications Manager Release 7.0(1) Service Update 1 only.

For Cisco Unified Communications Manager Release 6.x, follow the instructions in the Cisco Unified Communications Manager documentation for configuring Remote Destinations and enabling the MobileConnect feature.



Before You Begin

• You have addressed all requirements and completed all configurations previously described in this chapter.

• The MobileConnect feature (formerly known as Single Number Reach) must be working independently of Cisco Unified Mobility Advantage.

• If the phone number that you will use for the Cisco Unified Mobile Communicator device is already configured in Cisco Unified Communications Manager as a Remote Destination, delete the Remote Destination for that number before you perform this procedure.

• Familiarize yourself with the Device Pool Requirements, page 3-12.

Procedure


Step 2 Add the mobile phone:

a. Select Device > Phone.

b. Select Add New.

c. Select Cisco Unified Mobile Communicator as the Phone Type.

d. Select Next.

e. Enter values:

Option Description

Device Name Descriptive name (up to 15 characters)

Device Pool If you created a dedicated Device Pool when you reviewed the device pool requirements, choose that Device Pool.

If you did not create a dedicated Device Pool, specify a Device Pool that includes in the Cisco Unified Communications Manager Group the Cisco Unified Communications Manager server that you will specify later in Cisco Unified Mobility Advantage (in the Enterprise Adapter for Cisco Unified Communications Manager).

Phone Button Template Select Standard Cisco Unified Mobile Communicator.

Calling Search Space This Calling Search Space must include the set of destination numbers that you want to allow users to use with the Dial-via-Office feature. This is typically the same Calling Search Space associated with the Desk Phone, assuming you want the same calling privileges to apply to both devices.

Owner User ID The User ID of the user.

Mobility User ID The User ID of the user.



f. Select Save.

Step 3 Associate the mobile phone with the primary desk phone number of the user.

a. Select Line [1] - Add a New DN.

b. Enter the Directory Number of the primary desk phone.

c. Enter the Route Partition, if applicable.

d. Press Tab.

The remaining fields on the page will automatically populate.

e. Select Save.

Step 4 Return to the Cisco Unified Mobile Communicator device page:

a. Scroll to the Associated Devices list.

b. Select the Cisco Unified Mobile Communicator device.

c. Select Edit Device.

Step 5 Identify the mobile phone:

a. Scroll down and select Add New Mobile Identity.

b. Enter values:

Reroute Calling Search Space

Ensure that the Rerouting Calling Search Space in the Cisco Unified Mobile Communicator device configuration includes both of the following:

• The partition of the desk phone extension of the user

(This requirement is used by the system to provide the Dial via Office feature, not for routing calls.)

• A route to the mobile identity number and any Remote Destinations.

The route to the mobile identity (i.e., the Gateway/Trunk partition) must have a higher preference than the partitions of the enterprise extension of the Cisco Unified Mobile Communicator device.

Note that Cisco Unified Mobile Communicator allows users to specify an alternate callback number besides the mobile identity, and the Rerouting Calling Search Space controls which alternate callback numbers are reachable.

All others Accept the defaults, or follow your company conventions or instructions in the online help.

Option Description



c. Select Save.

Note Add any additional remote destinations by using the Remote Destination Profile of the user (Device Settings > Remote Destination Profile), not on this page.

Step 6 Configure Caller ID:

a. For the device that represents the primary line of the user (usually the desk phone), verify Caller ID information (Name or phone number) for the following fields, as desired:

• Display (Internal Caller ID)

• ASCII Display (Internal Caller ID)

• External Phone Number Mask

b. Select the boxes for the Caller ID values to enable for shared device (these include Cisco Unified Mobile Communicator).

c. Select Propagate Selected.

Step 7 Configure any other information that is required or desired for all devices at your organization.

What To Do Next

See Adding Each Primary Phone to the Controlled Devices List for a CTI-Enabled “Super User”, page 3-19.

Configuring a Presence Account for Each User in Cisco Unified Communications Manager

If you will integrate the presence feature in Cisco Unified Mobile Communicator, configure a Cisco Unified Presence account for each user in Cisco Unified Communications Manager.

Option Description

Destination Number The mobile phone number, without any digits prefixed (for example, no dial-out prefix).

This value must exactly match the phone number you enter for this user in the Cisco Unified Mobility Advantage Admin portal.

This number must be unique among Cisco Unified Mobile Communicator devices and Remote Destinations.

This is the default number that the Dial-via-Office feature will call.

Enable Mobile Connect

Select this box.

All others Depend on settings in your company. Accept the defaults, or follow your company conventions or instructions in the online help.



Procedure


Step 2 Select Device > Phone.


Step 4 Select Cisco Unified Personal Communicator as Phone Type.

Step 5 Select Next.

Step 6 Enter the device information.

Step 7 Select Save.

Step 8 Associate the mobile phone with the primary desk phone number of the user.

a. Select Line [1] - Add a New DN.

b. Enter the Directory Number of the primary desk phone.

c. Enter the Route Partition, if applicable.

d. Press Tab.

The remaining fields on the page will automatically populate.

e. Select Save.

Step 9 Assign Capabilities to the End User.

a. Select System > Licensing > Capabilities Assignment.

b. Find the user.

c. Select Enable CUP.

d. Select Enable CUPC.

e. Select Save.

Option Description

Device Name UPC+uppercase <USERID>

Owner User ID Select the User ID of the user.



C H A P T E R 4
Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage

If you will integrate Cisco Unified Presence with Cisco Unified Mobility Advantage to allow users to exchange availability status, perform the procedures in this chapter.

For limitations related to presence integration, see the Release Notes for Cisco Unified Mobility Advantage Release 7.0(1) and 7.0(2) at http://www.cisco.com/en/US/products/ps7270/prod_release_notes_list.html.

• Presence and Cisco Unified Mobile Communicator, page 4-1

• Configuring Essential Settings for Presence Integration, page 4-1

• How To Configure Server Security for Cisco Unified Presence, page 4-3

• Configuring Additional Settings for Presence Integration, page 4-5

Presence and Cisco Unified Mobile Communicator The Cisco Unified Presence server manages availability status for Cisco Unified Mobile Communicator and other clients that support presence. Users can set their status on any supported client and it will display on all supported clients.

Exchange of presence with federated contacts is not supported.

Contacts added from the corporate directory on any client appear in the contact list on all supported clients. Personal contacts are specific to each client.

Text messaging from Cisco Unified Mobile Communicator is supported only with other Cisco Unified Mobile Communicator clients.

Configuring Essential Settings for Presence Integration Create an Application User account in order to allow Cisco Unified Mobility Advantage to access Cisco Unified Presence to obtain presence information for users.


http://www.cisco.com/en/US/products/ps7270/prod_release_notes_list.html


Chapter 4 Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage Configuring Essential Settings for Presence Integration

Restrictions

• The Proxy domain of the Cisco Unified Presence server should be the same as the domain of the Cisco Unified Mobility Advantage server.

• All users on the Cisco Unified Mobility Advantage server must be configured on a single Cisco Unified Presence server. However, those users can see the presence of users on other Cisco Unified Presence servers in the same cluster.

Before You Begin

Make sure that you have configured Cisco Unified Presence to support all of the functionality that is not specific to Cisco Unified Mobile Communicator but that users will also use in Cisco Unified Mobile Communicator. For example, if availability status will be drawn from the Exchange calendar of each user, follow the instructions in the Integration Note for Configuring Cisco Unified Presence Release 7.0 with Microsoft Exchange.

Your Cisco Unified Presence deployment and all users must already be configured and functioning properly.

For complete information about configuring Cisco Unified Presence, see the documentation for that product, at http://cisco.com/en/US/products/ps6837/tsd_products_support_series_home.html.

Procedure

Step 1 Sign in to the Cisco Unified Presence Administration Admin Portal.

Step 2 Select User Management > Application User.


Step 4 Enter the Application User Information in the appropriate fields.

This must be a unique account assigned for exclusive use by a single Cisco Unified Mobility Advantage server.

Step 5 Select Standard Presence Group for the Presence Group.

Step 6 Add the group Admin-CUMA in the Groups field under Permissions Information.

Step 7 Select Save.

Step 8 Select System > Security > Incoming ACL to set the Access Control List.


Step 10 Enter a description.

Step 11 Enter the IP address of the Cisco Unified Mobility Advantage server in the Address Pattern field.

Step 12 Select Save.

What To Do Next

• If you have a backup Cisco Unified Presence server that you will specify in Cisco Unified Mobility Advantage, configure an identical Application User account on that server.

• If you will use a secure connection between Cisco Unified Mobility Advantage and Cisco Unified Presence, you will need to configure security on both servers. See How To Configure Server Security for Cisco Unified Presence, page 4-3.



Chapter 4 Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage How To Configure Server Security for Cisco Unified Presence

• If you will integrate with Cisco MeetingPlace or Cisco MeetingPlace Express, make sure that you have enabled Outlook integration in Cisco Unified Presence. See the documentation for Cisco Unified Presence, for example the Integration Note for Configuring Cisco Unified Presence Release 7.0 with Microsoft Exchange at http://www.cisco.com/en/US/docs/voice_ip_comm/cups/7_0/english/integration_notes/ExchInt.html.

How To Configure Server Security for Cisco Unified Presence Secure connections between internal servers are not required by default for Cisco Unified Mobility Advantage to operate. However, your corporate security policies may require them.

We suggest that you verify that presence features function properly before you introduce server security to your configuration. This approach will simplify troubleshooting should it be necessary.

This procedure set describes one option for configuring server security, using self-signed certificates.

• Configuring Server Security for Cisco Unified Presence, page 4-3

• Downloading Certificates from Cisco Unified Presence, page 4-4

• Configuring the TLS Context on Cisco Unified Presence, page 4-4

Configuring Server Security for Cisco Unified PresenceYou must perform some of these steps after you install Cisco Unified Mobility Advantage.

Procedure




If you will follow the instructions for the Configuration Wizard you can use the cuma Security Context.

Creating Security Contexts, page 9-7.

Step 2 In the Enterprise Adapter for Cisco Unified Presence, select TLS as the Transport Type, then specify the Security Context that you created in an earlier step in this table.

• Viewing and Changing Enterprise Adapter Settings, page 10-4.

• About Cisco Unified Presence Enterprise Adapter Settings, page A-10

Step 3 In Cisco Unified Presence, require secure communications.

Configuring the TLS Context on Cisco Unified Presence, page 4-4

Step 4 Generate a self-signed certificate from Cisco Unified Mobility Advantage.

Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11.

Step 5 Import this certificate to the trust store of the Cisco Unified Presence server.

Importing Certificates into Cisco Unified Operating System Servers, page 3-16.


http://www.cisco.com/en/US/docs/voice_ip_comm/cups/7_0/english/integration_notes/ExchInt.html


Chapter 4 Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage How To Configure Server Security for Cisco Unified Presence

Downloading Certificates from Cisco Unified Presence Perform this procedure only if your IT security policies require Cisco Unified Mobility Advantage to require a self-signed certificate from Cisco Unified Presence. This procedure generates the required certificates.

Procedure

Step 1 Sign in to Cisco Unified Operating System Administration on the Cisco Unified Presence server.

Step 2 Select Security > Certificate Management.

Step 3 Select Find to display the list of certificates.

Step 4 Select sipproxy.pem.

Step 5 Select Download and save the file to your local computer.

Step 6 Return to the list of certificates,

Step 7 Select tomcat.pem.


Step 9 Return to the list of certificates,

Step 10 Select PresenceEngine.pem.


What To Do Next

Perform remaining required steps in How To Configure Server Security for Cisco Unified Presence, page 4-3.

Configuring the TLS Context on Cisco Unified Presence Perform this procedure only if your IT security policies require the Cisco Unified Presence server to require a self-signed certificate from Cisco Unified Mobility Advantage.

Before You Begin

• Upload the certificate from Cisco Unified Mobility Advantage to the Cisco Unified Presence server. See Importing Certificates into Cisco Unified Operating System Servers, page 3-16.

Procedure

Step 1 Sign in to Cisco Unified Presence Administration.

Step 6 Generate a certificate from Cisco Unified Presence. Downloading Certificates from Cisco Unified Presence, page 4-4





Chapter 4 Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage Configuring Additional Settings for Presence Integration

Step 2 Select System > Security > TLS Context Configuration.

Step 3 Select Find.

Step 4 Select Default_Cisco_UPS_SIP_Proxy_Peer_Auth_TLS_Context.

Step 5 Select the Cisco Unified Mobility Advantage certificate in the list of available TLS peer subjects.

Step 6 Move this TLS peer subject to Selected TLS Peer Subjects.

Step 7 Select Save.

Step 8 Select Cisco Unified Presence Serviceability > Tools > Service Activation.

Step 9 Restart the Cisco Unified Presence SIP Proxy service.

What To Do Next

Perform remaining required steps in How To Configure Server Security for Cisco Unified Presence, page 4-3.

Configuring Additional Settings for Presence Integration Procedures

To Do This

Step 1 Configure an enterprise adapter for Cisco Unified Presence

For new installations:

You will configure this adapter while running the Configuration Wizard. See Configuring the Connection to Cisco Unified Presence, page 7-19.

For upgrades from Release 3.x or for existing deployments:

See Chapter 10, “Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage” and About Cisco Unified Presence Enterprise Adapter Settings, page A-10.

Step 2 Enable the presence feature in Cisco Unified Mobility Advantage

For new installations:

You will configure this while running the Configuration Wizard.

For upgrades from Release 3.x or for existing deployments:

See Enabling Exchange of Presence, page 12-5.


Chapter 4 Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage Configuring Additional Settings for Presence Integration

Related Topics

• How to Solve Problems with Availability Status (Presence), page 19-14

Step 3 Create a presence account for each user in Cisco Unified Communications Manager

See Configuring a Presence Account for Each User in Cisco Unified Communications Manager, page 3-24

Step 4 Allow presence display to reflect user meeting schedules

See Obtaining Calendar Information for Meeting Notifications and Presence Integration, page 12-6. Pay special attention to the Before You Begin section.

To Do This



C H A P T E R 5
Upgrading Cisco Unified Mobility Advantage

• Upgrade Sequence, page 5-1

• How to Upgrade Release 3.0.4 to Release 3.0.9, page 5-1

• How to Upgrade Release 3.0.9 to Release 3.1.2, page 5-4

• How to Upgrade Release 3.1.2 to Release 7.0(1), page 5-7

• Upgrading from Release 7.0(1) to Release 7.0(2), page 5-19

Upgrade Sequence Each release upgrades only from the release that immediately preceded it. If you are upgrading from a release that did not immediately precede the release you are installing, you must sequentially upgrade each release. Follow the instructions in each applicable section of this chapter.

How to Upgrade Release 3.0.4 to Release 3.0.9To upgrade Cisco Unified Mobility Advantage from Release 3.0.4 to Release 3.0.9, upgrade the Managed Server and Cisco Unified Mobility Advantage Proxy Server applications only. Do not upgrade the operating system.

• Completing Preinstallation Steps

• Installing the Server

• Applying Changes

• Completing the Upgrade

Completing Preinstallation Steps

Procedure

Step 1 Sign in as root on the machine on which Cisco Unified Mobility Advantage Server is installed.

Step 2 Open a command terminal.


Chapter 5 Upgrading Cisco Unified Mobility Advantage How to Upgrade Release 3.0.4 to Release 3.0.9

Step 3 Sign in as an "informix" user and create a backup directory for the database export:

su - informix

mkdir /tmp/cumabk

Step 4 As root, stop the Cisco Unified Mobility Advantage Servers (Proxy Server, Enterprise Server, Node Manager Server, and Managed Server):

/sbin/service cuma_proxy stop

/sbin/service cuma_cuma stop

/sbin/service cuma_nm stop

/sbin/service cuma_admin stop

Step 5 Back up the configuration files located under $CUMAROOT/conf/admin/ directory.

The default $CUMAROOT is /opt/cuma. The following examples use /opt/cuma, Replace /opt/cuma with your install directory.

cd /opt/cuma/conf

cp -R admin /tmp/cumabk/

Step 6 Back up the database startup script file /etc/init.d/cuma_db:

cp /etc/init.d/cuma_db /tmp/cumabk/

Step 7 Stop the Cisco Unified Mobility Advantage Servers and take an export dump of the database by executing the following commands as an "informix" user on the server where the database is installed:

su - informix

export INFORMIXDIR=/opt/cuma/informix

export INFORMIXSERVER=mcs

export PATH=$PATH:/opt/cuma/informix/bin

cd $INFORMIXDIR/bin

dbexport cumcsdb -ss -o /tmp/cumabk

Step 8 Back up the orative.keystore file on the Managed Server to a temporary location:

cp /opt/cuma/conf/orative.keystore /tmp/cumabk/

Installing the Server

Procedure

Step 1 Sign in as root and uninstall the Cisco Unified Mobility Advantage Server Release 3.0.4 without uninstalling the underlying database by invoking the uninstaller program using the following command:

/opt/cuma/Uninstall/uninstall -DIDS=false -i silent

Step 2 As root, install the Cisco Unified Mobility Advantage Server Release 3.0.9 without reinstalling the database:



Caution You must be running an X-client if you are installing remotely. If you need an X-client, use WRQ Reflection.

cd $cd_image_root/Disk1 (the default location is: cd /media/cdrom/Disk1)

./install.bin -DIDS=false

Step 3 Restore the backed up configuration files to the new installation location:

cd /tmp/cumabk

cp -R admin /opt/cuma/conf/

Enter Yes for all the overwrite prompts

cp orative.keystore /opt/cuma/conf

cp cuma_db /etc/init.d/

Step 4 Register the database so that it starts automatically, and then restart the database if it has not already been started:

/sbin/chkconfig --add cuma_db

/sbin/service cuma_db start

Applying Changes

Procedure

Step 1 Copy the jtapi jar file that corresponds to the version of Cisco Unified Communications Manager installed in your system to the lib directory on the Managed Server.

The following example is for Cisco Unified Communications Manager version 6.0:

cp /opt/cuma/var/jtapi/6/cisco_jtapi-6.jar /opt/cuma/jboss-4.0.1sp1/server/cuma/lib/

Step 2 Start the Cisco Unified Mobility Advantage Admin Server and Node Manager Server:

/sbin/service cuma_admin start

/sbin/service cuma_nm start

Completing the Upgrade

Procedure

Step 1 Sign in to the Cisco Unified Mobility Advantage Admin Portal.

For example, http://mycompany.com:7080/adminportal.

Step 2 Upload the orative.keystore file that you backed up earlier to the server.

You may need to download this file to your PC first before uploading it to the server.



Step 3 Upload the Cisco Unified Mobile Communicator .oar files in the Admin Portal. This must be done even if there are no new .oar files.

Step 4 Start the Managed Server.

Step 5 Uninstall Cisco Unified Mobility Advantage Release 3.0.4 from the Proxy Server, and then install Release 3.0.9. Use the old SSL keystore file and ports that you originally used for the Proxy Server installation.

Step 6 Make sure the Managed Server is running, and then start the Proxy Server.

How to Upgrade Release 3.0.9 to Release 3.1.2 To upgrade Cisco Unified Mobility Advantage, upgrade the Cisco Unified Mobility Advantage Server and Cisco Unified Mobility Advantage Proxy Server applications only. Do not upgrade the operating system.

• Completing Preinstallation Steps

• Installing the Server

• Applying Changes

• Completing Upgrade Tasks

Completing Preinstallation Steps

Procedure

Step 1 Before you begin the upgrade, make sure that you have up-to-date port configuration information for the Cisco Unified Mobility Advantage Server and the Cisco Unified Mobility Advantage Proxy Server.

Step 2 Sign in as root on the machine where the Proxy Server is installed.


Step 4 As root, stop the Proxy Server:

/sbin/service cuma_proxy stop

Step 5 Sign in as root on the machine where the Cisco Unified Mobility Advantage Server is installed.


Step 7 Sign in as an "informix" user and create a backup directory for the database export:

su - informix

mkdir /tmp/cumabk

exit

Step 8 As root, stop the Cisco Unified Mobility Advantage Server, Node Manager Server, and Managed Server:

/sbin/service cuma_cuma stop

/sbin/service cuma_nm stop

/sbin/service cuma_admin stop



Step 9 Back up the configuration files located under $CUMAROOT/conf/admin/ directory.

The default $CUMAROOT is /opt/cuma. The following examples use /opt/cuma. Replace /opt/cuma with your install directory.

cd /opt/cuma/conf

cp -R admin /tmp/cumabk/

Step 10 Back up the database startup script file /etc/init.d/cuma_db:

cp /etc/init.d/cuma_db /tmp/cumabk/

Step 11 Stop the Cisco Unified Mobility Advantage Servers and take an export dump of the database by executing the following commands as an "informix" user on the server where the database is installed:

su - informix

export INFORMIXDIR=/opt/cuma/informix

export INFORMIXSERVER=mcs

export PATH=$PATH:/opt/cuma/informix/bin

cd $INFORMIXDIR/bin

dbexport cumcsdb -ss -o /tmp/cumabk

Step 12 Back up the orative.keystore file on the Managed Server to a temporary location:

cp /opt/cuma/conf/orative.keystore /tmp/cumabk/

Step 13 Back up the .WAR files:

cp /opt/cuma/jboss-4.0.1sp1/server/admin/deploy/blackberry-admin.war /tmp/cumabk

cp /opt/cuma/jboss-4.0.1sp1/server/admin/deploy/symbian-admin.war /tmp/cumabk

cp /opt/cuma/jboss-4.0.1sp1/server/admin/deploy/blackberry-user.war /tmp/cumabk

cp /opt/cuma/jboss-4.0.1sp1/server/cuma/deploy/blackberry-user.war /tmp/cumabk

cp /opt/cuma/jboss-4.0.1sp1/server/cuma/deploy/symbian-user.war /tmp/cumabk

Installing the Server

Procedure

Step 1 Sign in as root and uninstall the Cisco Unified Mobility Advantage Server Release 3.0.9 without uninstalling the underlying database by invoking the uninstaller program using this command:

/opt/cuma/Uninstall/uninstall -DIDS=false -i silent

Step 2 As root, install the Cisco Unified Mobility Advantage Server Release 3.1.2 without reinstalling the database:

Caution You must be running an X-client if you are installing remotely. If you need an X-client, use WRQ Reflection.

cd $cd_image_root/Disk1 (the default location is: cd /media/cdrom/Disk1)

./install.bin -DIDS=false


Step 3 Restore the backed up configuration files to the new installation location:

cd /tmp/cumabk

cp -R admin /opt/cuma/conf/

Enter Yes for all the overwrite prompts

cp orative.keystore /opt/cuma/conf

cp cuma_db /etc/init.d/

Step 4 Restore the backed up .WAR files:

cp /tmp/cumabk/blackberry-admin.war /opt/cuma/jboss-4.0.1sp1/server/admin/deploy/

cp /tmp/cumabk/symbian-admin.war /opt/cuma/jboss-4.0.1sp1/server/admin/deploy/

cp /tmp/cumabk/blackberry-user.war /opt/cuma/jboss-4.0.1sp1/server/cuma/deploy/

cp /tmp/cumabk/symbian-user.war /opt/cuma/jboss-4.0.1sp1/server/cuma/deploy/

Step 5 Register the database so that it starts automatically, and then restart the database if it has not already been started:

/sbin/chkconfig --add cuma_db

/sbin/service cuma_db start

Applying Changes

Procedure

Step 1 Sign in as a root user on the server that is running Cisco Unified Mobility Advantage.

Step 2 Open a command terminal and edit the following file using the vi editor:

vi /opt/cuma/conf/admin/admin.xml

Step 3 Change the value of node <vm_system_email_pattern> in <voicemail_from_email_filter> for  to:

.*?(UNITY|unity|VPIM|vpim) .*

Step 4 Add node after <move_on_delete>true</move_on_delete> in <voicemail_from_email_filter> for :

<voice_introduction>introduction</voice_introduction>

Step 5 Open a command terminal and edit the following file using the vi editor:

vi /opt/cuma/conf/admin/managed_server.xml

Step 6 Change the value of node <vm_system_email_pattern> in <voicemail_from_email_filter> for  to:

.*?(UNITY|unity|VPIM|vpim) .*

Step 7 --Add node after <move_on_delete>true</move_on_delete> in <voicemail_from_email_filter> for :

<voice_introduction>introduction</voice_introduction>

Step 8 Start the Cisco Unified Mobility Advantage Admin Server and Node Manager Server.

Chapter 5 Upgrading Cisco Unified Mobility Advantage How to Upgrade Release 3.1.2 to Release 7.0(1)

/sbin/service cuma_admin start

/sbin/service cuma_nm start

Completing Upgrade Tasks

Procedure

Step 1 Sign in to the Cisco Unified Mobility Advantage Admin Portal. For example, http://mycompany.com:7080/adminportal.

Step 2 Upload the orative.keystore file that you backed up earlier to the server. You may need to download this file to your PC first before uploading it to the server.

Step 3 Upload the Cisco Unified Mobile Communicator .oar files in the Admin Portal. This must be done even if there are no new .oar files.

Step 4 Go to Enterprise Adapters and select Edit for the Cisco Unified Communications Manager adapter.

Step 5 Make sure the Cisco Unified Communications Manager version is set properly.

Step 6 Select Submit on the Cisco Unified Communications Manager adapter page whether or not you make any changes.

Step 7 Start the Managed Server.

Step 8 Uninstall Cisco Unified Mobility Advantage Release 3.0.9 from the Proxy Server, and then install Release 3.1.2. Use the old SSL keystore file and ports that you originally used for the Proxy Server installation.

Step 9 Make sure the Managed Server is running, and then start the Proxy Server.

How to Upgrade Release 3.1.2 to Release 7.0(1) To upgrade Cisco Unified Mobility Advantage release 3.1.2 to release 7.0(1), perform the following sets of operations:

• How to Prepare To Upgrade, page 5-7

• How to Configure Release 7.x to Run with Release 3.x Functionality After Upgrade, page 5-10

• Adding New Functionality, Client Software, and Users After Upgrade, page 5-16

How to Prepare To Upgrade • Preinstallation Tasks, page 5-8

• Saving the SSL Certificate from the Proxy Server, page 5-8

• Creating a Backup File of Your Release 3.1.2 Data, page 5-9



Preinstallation Tasks

Perform these tasks even if you will upgrade to Release 7.0(2).

Caution We recommend that you install Cisco Unified Mobility Advantage Release 7.0(1) on a new server. Installing Release 7.0(1) formats the hard drive.

Procedures

Saving the SSL Certificate from the Proxy Server

In Cisco Unified Mobility Advantage Release 7.x, a Cisco Adaptive Security Appliance performs the functions that the Proxy Server performed in Release 3.1.2. If you meet the restrictions for this section, you can reuse the certificate from the Proxy Server on the Cisco Adaptive Security Appliance.

(The certificate on the Managed Server will be transferred automatically during the upgrade.)

Task For Information, See

Obtain necessary firewall ports from your IT security department.

Port requirements have changed for Cisco Unified Mobility Advantage Release 7.x.

Opening Firewall Ports, page 1-5

If you will reuse the signed certificate from your Proxy Server on the Cisco Adaptive Security Appliance:

Perform the first procedure required to reuse the signed certificate from your Release 3.1.2 Proxy Server on the Cisco Adaptive Security Appliance.

You will complete the processes required to reuse the certificate after you install Release 7.0(1).

Saving the SSL Certificate from the Proxy Server, page 5-8

If you cannot reuse the signed certificate from your Proxy Server on the Cisco Adaptive Security Appliance:

Obtain a new certificate for the Cisco Adaptive Security Appliance.

(For New Installations) How to Obtain and Import the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-10.

Create a backup file of Release 3.1.2. Creating a Backup File of Your Release 3.1.2 Data, page 5-9

Notify users that existing voicemail notifications will no longer appear on their mobile devices after you install the upgrade. However, the messages are still available from Microsoft Exchange or Outlook, and from the Telephone User Interface (TUI).

—



Restrictions

• The hostname of the Cisco Unified Mobility Advantage server in Release 7.0(1) must be the same as the hostname of the Managed Server in Release 3.1.2 (and the same as the hostname on the certificate.)

• You must know your certificate password. For security reasons, it is not possible to discover this password from Cisco Unified Mobility Advantage. If you do not know this password, you may be able to obtain a replacement certificate from the Certificate Authority; visit their web site to learn your options.

Before You Begin

If your situation does not meet the restrictions above, skip the rest of this section and follow the instructions in (For New Installations) How to Obtain and Import the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-10.

Procedure

Step 1 Note the password for the certificate on your Proxy Server.

Step 2 Locate the keystore file on the Proxy Server.

The file is located in: /opt/cuma/conf/orative.keystore

Step 3 Copy the keystore file from the Proxy Server to a safe location.

What To Do Next

After you install the upgrade, do the following in order:

1. Uploading the Proxy Server Certificate to Release 7.x, page 5-13

2. Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14

3. (For Upgrades from Release 3.x) Importing the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8

Creating a Backup File of Your Release 3.1.2 Data

This backup captures your Release 3.1.2 data for import later into your Release 7.0(1) installation.

This procedure is required for all upgrades.

Before You Begin

We recommend storing your backup on an SFTP server, but you can also use an FTP server or a tape backup system. Make sure the volume can accommodate the backup file, which will be 600-700 MB.

Certificate From Your Password

Proxy Server



Procedure

Step 1 Obtain a copy of the Cisco Unified Mobility Advantage 7.x installation DVD.

Step 2 Copy the cuma_backup_restore.sh backup script located on the DVD to the Cisco Unified Mobility Advantage 3.1.2 server. The backup script is located on the DVD at: ${DVD_MOUNT_POINT}/RedHat/APPRPMS/cuma_backup_restore.sh

Step 3 As root, execute the following script to create a backup tar.gz file of the Cisco Unified Mobility Advantage 3.1.2 server:

./cuma_backup_restore.sh -b /opt/cuma /tmp/mybackup

This command creates a backup tar file /tmp/mybackup.tar.gz on the Cisco Unified Mobility Advantage 3.1.2 server.

For example:

cuma_backup_restore.sh [-b <cuma_dir> {backup_file}] [-r <restore_file>] [-v <restore_file]

• -b — Creates a backup of cuma_dir. If backup_file is not specified, then a unique time stamped backup file will be created in /common.

• -r — Restores a backup, specified by restore_file.

• -v — Displays the server version of the restore_file.

Caution If you will install Release 7.0(1) on this server, do not leave the .tar file on this server.

You will import this data file at the end of the Release 7.0(1) install process.

What To Do Next

Run the installer to perform the upgrade. See Chapter 6, “Installing Cisco Unified Mobility Advantage.”

How to Configure Release 7.x to Run with Release 3.x Functionality After Upgrade

Because of changes in port configuration and in the way server security, presence, and voicemail integration are provided in Cisco Unified Mobility Advantage Release 7.x, your existing deployment will not work after upgrade until you make configuration changes. We recommend that you make the required configurations to restore your Release 3.x functionality before you configure new features and devices. This approach will simplify troubleshooting should it be necessary.

• Configuring Release 7.x to Run With Release 3.x Functionality, page 5-11



• Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15



Configuring Release 7.x to Run With Release 3.x Functionality

After you run the installer, perform the following steps to run Cisco Unified Mobility Advantage with Release 3.x functionality.

Restriction

The following must be true:

• Your enterprise servers have not changed.

• The hostname of the Cisco Unified Mobility Advantage server is the same as the Managed Server.

Before You Begin

Install the upgrade to Release 7.0(1). See Chapter 6, “Installing Cisco Unified Mobility Advantage.”

Procedure

Do This For Information, See

Step 1 Sign in to the Admin Portal using your credentials from Release 3.1.2.

Logging In to the Admin Portal, page 8-1

Note that in Cisco Unified Mobility Advantage Release 7.x the Admin Portal port is fixed at 7080.

Step 2 Select System Management > Network Properties and specify the required port numbers, if they are different from the defaults.

You obtained these ports in Opening Firewall Ports, page 1-5.

Step 3 Prepare the required certificate to be presented to the clients.

If you will use the existing certificate from the Proxy Server:

• See Uploading the Proxy Server Certificate to Release 7.x, page 5-13 and then


If you must obtain a new certificate signed by a Certificate Authority:


Step 4 Determine whether you can re-use a signed certificate from the Managed Server, if you had one in Release 3.1.2.

If you can reuse the certificate, you do not need to do anything in order to use it.

See Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15.

If the Managed Server did not have a signed certificate that you want to reuse, see Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15

Step 5 Configure the Cisco Adaptive Security Appliance.

Chapter 2, “Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage”



Uploading the Proxy Server Certificate to Release 7.x

In Cisco Unified Mobility Advantage Release 7.x, the Cisco Adaptive Security Appliance performs the same function that the Proxy Server provided in Release 3.x. If you choose to re-use the certificate from the Proxy Server on the Cisco Adaptive Security Appliance, you must perform several procedures in order to convert the certificate.

Step 6 (For Cisco Unified Communications Manager Release 7.x only) Update the Cisco Unified Communications Manager adapter:

Select cuma for the Security Context.



Step 7 Create the Cisco Unity or Cisco Unity Connection adapter.

The voicemail integration has changed for Cisco Unified Mobility Advantage Release 7.x; the voicemail settings used in Cisco Unified Mobility Advantage Release 3.x will not work for Release 7.x.

• Adding a New Enterprise Adapter, page 10-3

• About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14

• Enabling and Configuring Voicemail, page 12-4

Step 8 Start Cisco Unified Mobility Advantage using the single control in Server Controls > Cisco > Control Server.

—

Step 9 Notify existing users of Release 3.x clients that:

• BlackBerry users should upgrade their client software.

• Users of Nokia Symbian phones who use the French, German, Spanish, or Italian client do not need to upgrade from Release 3.x.

• Users of Nokia Symbian phones who use the English version of the client should upgrade to client Release 7.0 in order to use the new features. However, they cannot use the standard upgrade procedure. Instead, they must delete their existing phones from the User Portal, then add their phones again as new phones. When they sign in to the new client, their data will be restored on the new client. For best results, they should connect to the server immediately before they delete their phones in order to ensure that no data that was added to their client since the last connection is lost.

• If voicemail credentials are not the same as Cisco Unified Mobile Communicator credentials, they must set their voicemail usernames and passwords in the User Portal before they can access voicemail from their mobile devices.

They can access their voicemail from other standard methods regardless, such as from their desk phones.

Step 10 Verify that Release 3.x functionality is working properly with existing Release 3.x clients.

Note that the availability feature will not work until you add Cisco Unified Presence in a later section.

—

Step 11 Add new functionality. Adding New Functionality, Client Software, and Users After Upgrade, page 5-16Step 12 Add new users and devices.

Step 13 Have users of client Release 3.x for Nokia Symbian phones upgrade to client Release 7.x.




In order to convert the Proxy Server certificate for use on the Cisco Adaptive Security Appliance, you must first create a security context to store certificate and then upload it.

You do not need to upload the Managed Server certificate; it is uploaded automatically during the upgrade.

Before You Begin

You must have performed the procedure in Saving the SSL Certificate from the Proxy Server, page 5-8.

Procedure

Step 1 Sign in to the Admin Portal using your password from Release 3.1.2.

Step 2 Select Security Context Management > Security Contexts.

Step 3 Select Add Context.

Step 4 Select Upload for Do you want to create/upload a new certificate?


Step 6 Select Submit.

What To Do Next

Perform the procedure in Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14.

Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance

You must download and modify this certificate before you can upload it to the Cisco Adaptive Security Appliance.

Before You Begin

• Perform the procedure in Uploading the Proxy Server Certificate to Release 7.x, page 5-13.

• Obtain OpenSSL software. For information, visit www.openssl.org.

Option Value

Context Name Enter information that describes the certificate, such as its source and type (signed.) Description

Certificate Type JKS

Trust Policy Keep the default.

Client Authentication Policy Keep the default.

Certificate Navigate to and choose the Proxy Server certificate that you saved before performing the upgrade.

Certificate Password Enter the password.


www.openssl.org


Procedure

Step 1 Download the certificate file that was originally on the Proxy Server from Cisco Unified Mobility Advantage Release 7.0(1) and save it with a .p12 extension:

a. Select Security Context Management > Security Contexts.

b. Select Download in the row of the Security Context that holds the former Proxy Server certificate.

The file downloads in PKCS12 format.

c. Save the file.

d. Change the filename extension from .keystore to .p12.

Step 2 Convert the PKCS12 file to PEM format using OpenSSL:

You can run OpenSSL commands through an SSH session on any Linux machine, such as the Cisco Unified Mobility Advantage Release 3.1.2 managed server or Proxy Server.

Run the following OpenSSL command:

openssl pkcs12 -in your_p12cert.p12 -out your_pemcert.pem

Step 3 Open the PEM file in WordPad.

Step 4 Identify each section of the PEM file:

This PEM file generally includes several certificates, each clearly marked with BEGIN CERTIFICATE and END CERTIFICATE labels:

• The server certificate that you must manipulate using the rest of the steps in this procedure, along with its private key information.

• An intermediate certificate that you will copy and paste into the Cisco Adaptive Security Appliance command-line interface later. If this certificate is not included, you can obtain it later from your Certificate Authority web site.

• The root certificate that you will copy and paste into the Cisco Adaptive Security Appliance command-line interface later. If this certificate is not included, you can obtain it later from your Certificate Authority web site.

Step 5 Copy and save the private key section, including the following lines, to a new text file (for example, yourserver_key.txt).

--BEGIN ENCRYPTED PRIVATE KEY----

--END ENCRYPTED PRIVATE KEY----

Step 6 Copy and save the server certificate, including the following lines, to a new text file (for example, yourserver_cert.txt).

--BEGIN CERTIFICATE----

--END CERTIFICATE----

Step 7 Use OpenSSL to combine the key and certificate text files into a new file in PKCS12 format:

openssl pkcs12 -in yourserver_cert.txt -inkey yourserver_key.txt -nodes -passin pass:<cert_password> -passout pass:<cert_password> -export -out sslout.p12

Step 8 Convert the output file to base64:

openssl base64 -in sslout.p12 -out ssl64.p12



What To Do Next

• Obtain any applicable intermediate and root certificates from the web site of your Certificate Authority, if they were not included in the PEM file in this procedure.

• Upload all required certificates to the Cisco Adaptive Security Appliance using the procedure in (For Upgrades from Release 3.x) Importing the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-8.

Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance

If the Managed Server (as distinct from the Proxy Server) had a certificate that was signed by a recognized Certificate Authority (this release supports VeriSign and GeoTrust), this certificate was automatically uploaded into the “cuma” Security Context in Cisco Unified Mobility Advantage Release 7.0(1) during the upgrade.

If the hostname of the Cisco Unified Mobility Advantage server after upgrade is the same as the hostname of the Managed Server in Release 3.1.2 (and on the certificate), you can reuse this signed certificate for Cisco Unified Mobility Advantage Release 7.x without any further action.

If the Managed Server did not have a signed certificate, you have several options:

• You can generate a self-signed certificate from Cisco Unified Mobility Advantage for import into the Cisco Adaptive Security Appliance. Users will see an “untrusted certificate” warning when they access the User Portal, but this warning does not prevent access or represent an actual security risk.

• You can also choose to obtain and deploy a new signed certificate now.

• You use a self-signed certificate for initial testing and then obtain and deploy a signed certificate later.

Before You Begin

Determine whether you need to perform this procedure. See Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15.

Procedure

Step 1 Select Security Context Management > Security Contexts in the Admin Portal.

Step 2 Select Manage Context beside the cuma security context.

Step 3 Select Download Certificate.

Step 4 Open the certificate in WordPad (not Notepad.)

Step 5 Copy the certificate text.

Related Topics


• Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5

• How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-12

• About Secure Connections and SSL Certificates, page 9-1



• Explanation of Security Contexts, page 9-4


What To Do Next

Import this certificate into the Cisco Adaptive Security Appliance. See Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage, page 2-12.

Adding New Functionality, Client Software, and Users After Upgrade After you have verified that the upgrade has been successful, add new features and new users as desired.

Restrictions

• See the Restrictions and Limitations in the Release Notes for this release at http://www.cisco.com/en/US/products/ps7270/prod_release_notes_list.html. Note that there may be separate release notes for the client and for the server.

• Some features require certain versions of enterprise servers. See the System Requirements in the Compatibility Matrix at http://www.cisco.com/en/US/products/ps7270/products_device_support_tables_list.html.

• New features are available only for Release 7.x clients.

Before You Begin

If you are upgrading to Release 7.0(2), install that upgrade before you complete this section. See Upgrading from Release 7.0(1) to Release 7.0(2), page 5-19.

Procedure


Step 1 Create additional security contexts, if desired, and manage any additional certificates.

During the upgrade, the certificate that was on the Managed Server in Release 3.1.2 is uploaded and a security context named cuma is created for it. Its Trust Policy defaults to All Certificates, and Client Authentication Policy defaults to None. You can assign this Security Context to any and all enterprise adapters that you create, so that you do not need to import or export certificates. You can change security requirements later to require certificates for added security.

Chapter 9, “Managing Server Security in Cisco Unified Mobility Advantage.”



http://www.cisco.com/en/US/products/ps7270/products_device_support_tables_list.html


Step 2 Configure settings for Cisco Unified Communications Manager, including the Dial Via Office and integrated call logs features.

a. Configure Cisco Unified Communications Manager.

b. Update the adapter in the Enterprise Configuration > Enterprise Adapter pages in the Admin portal. See information about the fields in the appendix. Be sure to specify a Security Context.

For Release 7.0(2), enter the Web Services information. For Release 7.0(1), enter the “SOAP information.”

c. Enable the call log monitoring and Dial via Office features and choose options.

d. Configure users in Cisco Unified Communications Manager and in Cisco Unified Mobility Advantage.

Chapter 3, “Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage”

Be sure to complete the following for each feature you want to enable:

• Operations in Before You Begin sections.

• Operations in What To Do Next sections.

Step 3 If the following are true:

• You are using Cisco Unified Communications Manager Release 7.x.

• There are existing users of the Release 3.x client on Nokia Symbian phones who will migrate to Release 7.x of the client.

• These users will use the same mobile phone number with client Release 7.x.

Then you must delete the existing Remote Destination profile in Cisco Unified Communications Manager, then configure the user and device following the instructions for Release 7.x.

How to Configure Cisco Unified Communications Manager for Each User and Device, page 3-19

Step 4 If you will integrate with Cisco Unified Presence:

a. Configure the Cisco Unified Presence server.

b. Create the enterprise adapter.

Be sure to specify a Security Context.

c. Enable the availability feature.

d. Configure each user.

Chapter 4, “Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage”

Be sure to complete the following:

• Operations in any Before You Begin sections.

• Operations in any What To Do Next sections.

• Procedures in Additional Required Configurations sections.

Step 5 If you will integrate with Cisco Unified MeetingPlace or Cisco Unified MeetingPlace Express so that users receive alerts when meetings are about to begin, enable notifications.

Enabling Conference Notifications, page 12-5



Chapter 5 Upgrading Cisco Unified Mobility Advantage Upgrading from Release 7.0(1) to Release 7.0(2)

Upgrading from Release 7.0(1) to Release 7.0(2) Follow the instructions in this procedure whether you are upgrading from an existing installation of Release 7.0(1) or you have just installed Release 7.0(1) in preparation to upgrade to Release 7.0(2).

You can upgrade to Cisco Unified Mobility Advantage Release 7.0(2) while Release 7.0(1) continues to operate. Two partitions exist on the server: an active, bootable partition and an inactive, bootable partition. The system boots up and operates entirely on the partition that is marked as the active partition.

You install the upgrade on the inactive partition. The system continues to function normally while you are installing the software. When you are ready, you activate the inactive partition and reboot the system with the newly upgraded software. The current active partition becomes the inactive partition after the system restarts. The current software remains in the inactive partition until the next upgrade.

Your configuration information migrates automatically to the upgraded version in the active partition.

Step 6 Upload the new .oar file to Cisco Unified Mobility Advantage.

Uploading a Cisco Unified Mobile Communicator Release, page 13-2

Step 7 Specify the service providers and phones that you will support.

Determining Supported Devices and Service Providers, page 13-2

Step 8 Activate new users. • Activating Users, page 14-1

Step 9 Ensure that user access will not be blocked when Cisco Unified Mobility Advantage checks for Device IDs.

By default, Release 3.x clients cannot connect. You must disable either the system-level checking or the setting for each user.

For the system:

• Enabling Device ID Checking, page 12-1

For each user:

• Restricting Access By Device, page 14-2

Step 10 Restart Cisco Unified Mobility Advantage. • Stopping Cisco Unified Mobility Advantage, page 11-1


Step 11 Have users of client Release 3.x for Nokia Symbian phones upgrade to client Release 7.x.

• User documentation for Cisco Unified Mobile Communicator for Nokia Symbian at http://cisco.com/en/US/products/ps7271/products_user_guide_list.html

• Chapter 17, “Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones”

Step 12 Provision new users. • Chapter 15, “Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage”

• Chapter 16, “Deploying Cisco Unified Mobile Communicator on BlackBerry Devices”


Step 13 Give users the information they need to use Cisco Unified Mobile Communicator.

Information to Give to Users, page 14-3



http://cisco.com/en/US/products/ps7271/products_user_guide_list.html



If for any reason you decide to back out of the upgrade, you can restart the system to the inactive partition that contains the older version of the software. However, you will lose any configuration changes that you made since upgrading the software.

Before You Begin

• If this is a new installation of Cisco Unified Mobility Advantage and you have just installed Release 7.0(1), do both of the following before you upgrade to Release 7.0(2):

– Complete the Configuration Wizard in Release 7.0(1) See Using the Configuration Wizard in Cisco Unified Mobility Advantage, page 7-1.

– Start Cisco Unified Mobility Advantage and verify that it is running.

• If you are upgrading from Release 3.x:

– Upgrade, if necessary, to Release 3.1.2 using the appropriate procedures in this chapter.

– Prepare to upgrade to Release 7.0(1): Perform the procedures in How to Prepare To Upgrade, page 5-7.

– Upgrade to Release 7.0(1). See Chapter 6, “Installing Cisco Unified Mobility Advantage.”

– Perform essential operations after upgrading to Release 7.0(1): See How to Configure Release 7.x to Run with Release 3.x Functionality After Upgrade, page 5-10.

– Stop the server and verify that the server is not running before you continue. See Stopping Cisco Unified Mobility Advantage, page 11-1.

• If you will upgrade from an image of the installer that is on a remote filesystem, make sure that you have SFTP access to the image.

• Back up your data. See Backing Up Your Cisco Unified Mobility Advantage Server, page 11-3.

• If you download the Cisco Unified Mobility Advantage software from Cisco.com, copy or note the MD5 value in the table on the page from which you download the image.

Procedure

Step 1 If you will upgrade using a DVD, insert the DVD into the disc drive of the Cisco Unified Mobility Advantage server.

Step 2 Go to the sign-in page of the Admin Portal.

Step 3 Select Cisco Unified OS Administration from the list box in the top right corner of the window.

Step 4 Select Go.

Step 5 Sign in using your platform administrator credentials.

Step 6 Select Software Upgrades > Install/Upgrade.

Step 7 Choose the location of the installer image from the Source list box.

Step 8 Enter required information:



Step 9 Select Next.

Step 10 Choose the software image to install, if prompted, then select Next.

Step 11 Wait for the software to download, if you are installing from a remote volume.

This may take some time.

Step 12 If you are installing from a remote volume, verify that the MD5 Hash Value that you see in the window matches the MD5 value on the page from which you downloaded the software image.

Step 13 Choose one of the following:

Field Installations From DVD Installations From Remote Filesystem

Directory Directory on the DVD that holds the installer.

If the file is in the root directory, enter a slash (/).

Directory on the SFTP server that holds the installer.

If the file is in the root directory, enter a slash (/).

Server — Hostname or IP address of the SFTP server

User Name Credentials for an account that has access to the SFTP server. User Password

Transfer Protocol Choose SFTP.



Related Topics

• For Upgrades from Release 7.0(1): Reverting to a Previous Version of Cisco Unified Mobility Advantage, page 19-22

What To Do Next

• If this is an upgrade from Release 3.1.2: Follow the procedures in Adding New Functionality, Client Software, and Users After Upgrade, page 5-16.

• If you are upgrading from Release 7.0(1):

– You do not need to change existing Release 7.0(1) configurations unless you are adding or changing functionality or enterprise servers.

– Upload the new .oar file for the latest client software. See How to Make Client Software Available for Use, page 13-1.

– Restart Cisco Unified Mobility Advantage.

To Do This

Reboot immediately after upgrade and make the new software active.

1. Choose Reboot to upgraded partition.

2. Select Next.

3. Wait for the system to reboot.

This may take some time. The system does not notify you when the process is complete.

4. Sign in to the Admin Portal when it is available.

Install the upgrade and then manually reboot later to the upgraded partition.

1. Choose Do not reboot after upgrade.

2. Select Next.

3. Scroll down periodically in the Installation Log and look for a message that the process is complete.

This process may take some time.

4. Select Finish.

To activate the upgrade:

a. Sign into the Cisco Unified OS Administration page with your platform credentials.

b. Choose Settings > Version.

c. Select Switch Version.

d. Wait for the system to reboot.

This may take some time. The system does not notify you when the process is complete.

e. Try periodically to access the Admin Portal.



C H A P T E R 6
Installing Cisco Unified Mobility Advantage

Use the following procedure to install the operating system and Cisco Unified Mobility Advantage Release 7.0(1) on the Cisco MCS server.

Note If you are installing Release 7.0(2), you must first install, configure, and successfully start Release 7.0(1), then upgrade to Release 7.0(2). This is true even if you install on a Cisco MCS server that was not supported under Release 7.0(1).

Before You Begin

Caution The server on which you install Cisco Unified Mobility Advantage will be reformatted during the installation.

For Do These Things

Upgrades from Release 3.1.2 to Release 7.0(1)

Perform the procedures in How to Prepare To Upgrade.


Chapter 6 Installing Cisco Unified Mobility Advantage

Procedure

Step 1 Insert the Cisco Unified Mobility Advantage DVD into the DVD-ROM drive of the server on which you are going to install Cisco Unified Mobility Advantage.

Step 2 Boot the computer from the DVD.

Step 3 Select Yes to perform a media check on the DVD.

The media check can take up to 10 minutes.

If the media check fails, contact Support.

Step 4 Select OK on the Product Deployment panel.

Step 5 Verify the Cisco Unified Mobility Advantage version to be installed and note that the hard disk will be overwritten.

Step 6 Select Yes to continue.

Step 7 Select Proceed on the Platform Installation Wizard panel to begin the installation.

Step 8 Select whether to import data from a 3.x Cisco Unified Mobility Advantage version:

• Select No if this is a new installation, then Continue.

• Select Yes if you want to perform an upgrade and you have created a 3.1.2 backup file.

You will import the backup file later in this procedure.

• Select Back, then Cancel if you are upgrading and you have not yet made a backup data file.

Make the backup file, then start the installer again.

Step 9 Set the Time zone for the system:

a. Scroll through the list of time zones.

b. Select the time zone that best represents the location of this server.

c. Select OK.

New installations of Release 7.x

• Perform the following procedures:

– Chapter 1, “Preparing to Install or Upgrade Cisco Unified Mobility Advantage”.

– Chapter 2, “Configuring the Cisco Adaptive Security Appliance (ASA) for Use With Cisco Unified Mobility Advantage” (Except certificate operations that cannot be performed before installing Cisco Unified Mobility Advantage and the sections on TLS and MMP.)

– Chapter 3, “Configuring Cisco Unified Communications Manager for Use With Cisco Unified Mobility Advantage” (Except certificate operations that cannot be performed before installing Cisco Unified Mobility Advantage.)

– (If applicable) Chapter 16, “Deploying Cisco Unified Mobile Communicator on BlackBerry Devices”

– Note the values in the Your Value column of all tables in the installation procedure.

For Do These Things



Step 10 Select Yes on the Auto Negotiation Configuration screen to enable automatic negotiation of ethernet NIC speed and duplex.

Step 11 Select No for Dynamic Host Configuration Protocol (DHCP) Configuration.

You will enter a static address in the next screen.

Step 12 Enter Static Network Configuration values for this server. All fields are required.

Step 13 Select OK.

Step 14 Select Yes to enable Domain Name System (DNS) Client.

Step 15 Enter values:

Step 16 Select OK.

Step 17 Enter values for the platform Administrator Login:

Step 18 Enter your company information for the certificate information.

This information is used internally by the platform and is not relevant to any other certificate procedure in this guide.

There are no restrictions on these values.

Step 19 Select OK.

Step 20 Select Yes to set up external Network Time Protocol servers.

Field Description Your Value

Host Name Host name of this machine (do not include the domain)

IP Address IP address assigned to the host

IP Mask Subnet mask for the host

GW Address IP address of the default gateway


Primary DNS IP address of the primary DNS server

Secondary DNS (Optional) IP address of the secondary DNS server

Domain Domain component of the FQDN


Administrator ID Administrator ID to sign in to the computer.

(This is distinct from the Cisco Unified Mobility Advantage Admin Portal sign-in information.)

This does not need to match any existing value.

Password The password for the Administrator ID.

Confirm Password Confirm the password for the Administrator ID.



Note We recommend synchronizing the date and time of the server automatically using Network Time Protocol (NTP). A time server (computer that sends accurate date and time settings to other servers through the network) must be available to use NTP.

a. Enter the NTP server host name or IP address in the NTP Server field.

b. Select OK,

Step 21 Enter the correct date and time to set the hardware clock.

You must do this even if you synchronize the clock using an NTP server.

Step 22 Enter a security password for the internal database.

Step 23 Select OK.

Step 24 Select No for the SMTP Host Configuration.

Step 25 (For upgrades only) Retrieve your backup data:

a. Select the Data Migration Retrieval Mechanism that matches your backup.

b. Enter the backup file location and information.

The table below assumes you used the recommended SFTP for your backup.

Values are case-sensitive:

c. Select OK.

Step 26 Enter a password for accessing the Cisco Unified Mobility Advantage Admin Portal.


NTP Server Host name or IP address of the NTP server with which to synchronize the Cisco Unified Mobility Advantage server.


Database password Enter any value.

Setting Description Your Value

Remote Server Name or IP

Host name or IP address of the SFTP server that has the Release 3.1.2 backup file

Remote File Path Directory on the server that contains the Release 3.1.2 backup file

Remote File Name Release 3.1.2 backup filename

Remote Login ID User sign-in ID used for SFTP file transfer

Remote Password User password used for SFTP file transfer

Confirm Password Confirm user password



Step 27 Select OK.

Step 28 Select OK to complete the installation.

This is your last opportunity to cancel the installation.

Formatting begins, and then the installation starts.

The installation can take from 45 minutes to one hour to complete.

The server will reboot at least once.

You will see a message when installation is complete.

Step 29 Wait a few minutes for the system to be ready for you to sign in to the Admin Portal.

What To Do Next

• If this is a new installation, whether or not you plan to upgrade to Release 7.0(2): Follow the instructions in Using the Configuration Wizard in Cisco Unified Mobility Advantage, page 7-1.

• If this is an upgrade from Release 3.x to Release 7.0(1): Follow the instructions in How to Configure Release 7.x to Run with Release 3.x Functionality After Upgrade, page 5-10.

– Do not run the configuration wizard if you are performing an upgrade.


Cisco Unified Mobility Advantage Administrator password

Password required to sign in to the Cisco Unified Mobility Advantage Admin Portal.

This does not need to match any existing value.

For upgrades, this information will be ignored. Use your password from the previous release.

(The user ID is always Admin.)



C H A P T E R 7
Using the Configuration Wizard in Cisco Unified Mobility Advantage

After you install, configure Cisco Unified Mobility Advantage using the configuration wizard.

• Logging in to the Admin Portal for the First Time, page 7-1

• How to Use the Configuration Wizard, page 7-2

• Downloading the Self-Signed Certificate (After Running the Configuration Wizard), page 7-25

• Performing Additional Required Procedures, page 7-25

Logging in to the Admin Portal for the First Time Before You Begin

• Make sure that you have the Cisco Unified Mobility Advantage Administrator password you specified during installation.

Procedure

Step 1 Enter the following URL into a supported web browser:

http://hostname or IP Address of the Cisco Unified Mobility Advantage server:7080/adminportal

For example: http://mycompany.com:7080/adminportal

Step 2 Enter the password

The username is admin; you cannot change it.

Step 3 Select Login.

Step 4 Select Next to start the configuration wizard.

Troubleshooting Tip

If you see a “Page Not Found” error, the system may not yet be ready. Try waiting a few more minutes.


Chapter 7 Using the Configuration Wizard in Cisco Unified Mobility Advantage How to Use the Configuration Wizard

How to Use the Configuration Wizard The Configuration Wizard prompts you through the steps required to configure Cisco Unified Mobility Advantage for your system.

The main sections of the configuration wizard are:

• Configuring Security Context Management, page 7-2

• Configuring the Connection to Active Directory, page 7-5

• Configuring the Connection to Microsoft Exchange, page 7-11

• Configuring the Connection to the Voicemail Server, page 7-12

• Configuring the Connection to Cisco Unified Communications Manager, page 7-16

• Configuring the Connection to Cisco Unified Presence, page 7-19

• Viewing Configuration Summaries for Connections to Enterprise Servers, page 7-20

• Completing the System Configuration Screen, page 7-20

• Configuring Server Setup Network Configuration, page 7-21

• Uploading the Client Software to the Server, page 7-23

• Managing Provisioning Options, page 7-24

• Finishing the Configuration Wizard, page 7-24

Caution Gather, note, and print the information you will need to complete this Configuration Wizard. See Preparing Information Required for Installation and Configuration, page 1-6.

Note Do not select the Back button in your browser window or you will lose any unsaved information you have entered.

Tip You can stop running the wizard at any time and your changes will be saved. When you next sign in, the wizard will resume where you stopped.

Configuring Security Context Management Security Contexts manage security policies and server identity-verification certificates for connections between Cisco Unified Mobility Advantage and other enterprise servers.

Configuring server security can be quite complicated. The simplest recommended configuration is documented here. After Cisco Unified Mobility Advantage is up and running and you have verified that all functionality and features are working correctly, you can modify the security configuration if you require greater security.

You will create two Security Contexts in this procedure. Use one for the relationship with the Cisco Adaptive Security Appliance and use the other for relationships with all other enterprise servers. You will configure these relationships later in the Configuration Wizard when you configure the adapters for each enterprise server.



Before You Begin

• Obtain the ISO country code for the country where your company is located. Visit http://www.iso.org/iso/country_codes/iso_3166_code_lists/english_country_names_and_code_elements.htm.

Procedure

Step 1 Select Create for Do you want to create/upload a new certificate?

Step 2 Enter information. All information is required.

Step 3 Select Next.

Step 4 Ignore this instruction: “Please submit a request to the certificate signing authority (CSA) with the following CSR” and select Next.

You see this question: Is there any certificate that needs to be imported?

Step 5 Select No.

Step 6 Select Next.

Field Values For The First Security Context Your Value

Context Name Enter cuma cuma

Description Enter trusted_certificates trusted_certificates

Trust Policy Select Trusted Certificates Trusted Certificates

Client Authentication Policy

Select None. None

Certificate Password

Enter the password you want to assign to this certificate. The password must be at least six characters in length.

Note this password in a safe place. You may need it later.

Server Name Enter the fully qualified hostname of this server.

Department Name Enter the name of the department that will be using Cisco Unified Mobility Advantage, if restricted to one department.

This value must match the OU value you entered when you generated the Certificate Signing Request for the signed certificate from the Cisco Adaptive Security Appliance.

Company Name Enter your company name.

City Enter the city where the department or company is located.

State Enter the state or province where the city is located.

For locations in the United States and Canada, the Certificate Authorities require that you spell out the full name. For example: California (not CA).

For other locations, there are no restrictions on this value.

Country Code Enter the two-letter ISO country code for the country where the company is located.


http://www.iso.org/iso/country_codes/iso_3166_code_lists/english_country_names_and_code_elements.htm


Step 7 Select Yes to the question Do you want to create one more context?

Step 8 Select Next.

The Security Context is created with a self-signed certificate. You will return to this later.

Step 9 Select Next.

Step 10 Select Create for Do you want to create/upload a new certificate?


Step 12 Select Next.

Step 13 Skip this instruction: “Please submit a request to the certificate signing authority (CSA) with the following CSR.”


Step 15 Select No to the question: Is there any certificate that needs to be imported?


Step 17 Select No to the question Do you want to create one more context?


The Security Context is created with a self-signed certificate. You will return to this later.


Related Topics


Field Values for The Second Security Context

Context Name Enter cuma_trust_all

Description Enter trust_all_certificates.

Trust Policy Select All Certificates

Client Authentication Policy

Select None

Certificate Password

Enter the password you want to assign to this certificate. The password must be at least six characters in length.

Server Name This information should be the same as for the Security Context you just configured. Department Name

Company Name

City

State

Country Code



Configuring the Connection to Active Directory Active Directory acts as both the repository for corporate contact information and the authenticating authority for user sessions.

Configure Cisco Unified Mobility Advantage to communicate with Active Directory.

Note Accept the default values where they appear unless you have specific reasons to change them.

Procedure

Step 1 Select and enter your corporate directory server information:

Step 2 Select Next.

Step 3 Enter the host name or IP address of the corporate directory server:

Step 4 Select Next.

Step 5 Select a Base DN from the list or select Edit if to add or modify the Base DN:

Field Description

Corporate Directory Type Select Active Directory.

Other directory types are not supported in this release.

Adapter Name Enter a name you want to assign to the corporate directory adapter.

Description Enter a description for the corporate directory adapter.


Active Directory

Hostname or IP Address

Hostname or IP address of the Active Directory server.

Active Directory Port

LDAP port of the corporate directory server. Cisco Unified Mobility Advantage uses this port to connect to the corporate directory for user directory listing and searches.

Default is 389.

The wizard attempts to detect this port; if successful, do not change it.



Step 6 Select Next.

Step 7 Change the additional information that appears, if necessary.


Base DN Distinguished name of the root node in your corporate directory server.

This is the level in the corporate directory hierarchy at which Cisco Unified Mobility Advantage starts searches.

If you are deploying Cisco Unified Mobility Advantage for the entire company, set this value to the base level for the company. For example:

DC=example,DC=com

If you are deploying Cisco Unified Mobility Advantage for a single organizational unit, you may choose the base level for this organizational unit. For example:

OU=Sales,DC=example,DC=com

Microsoft recommends that Organizational Units be limited to fewer than 1000 entries.


Filter Criteria Criteria that distinguish employees from other resources in Active Directory, such as conference rooms that can be “invited” to meetings.

Do not change the default value unless you have a specific reason to do so.

Follow Referral Determines if Cisco Unified Mobility Advantage follows referrals from the authoritative Active Directory server to cascaded Active Directory servers, for example for subdomains, when searching.

The default value is True.

Polling Period (days)

Frequency (in days) with which Cisco Unified Mobility Advantage checks the corporate directory server for updates.

The default is 1 day.



Step 8 Select Next.

Step 9 Enter information for the account that Cisco Unified Mobility Advantage Server uses to read data from your corporate directory server:

Phone Number Format

The format you enter here must match the format of the following phone numbers:

• For releases of Cisco Unified Communications Manager later than 4.x: The primary directory number for each person in Cisco Unified Communications Manager.

• For Cisco Unified Communications Manager Release 4.x: Phone numbers in Active Directory in the attribute you specify for the Work Phone field in the Advanced Settings described in the table below.

Be careful not to include any extra spaces, especially at the beginning or end of your number format.

The correct phone number format enables the system to identify callers by name if the phone numbers in your Active Directory do not use the North American Numbering Plan.

By default, Cisco Unified Mobility Advantage formats numbers using the North American Numbering Plan, (###) ###-####, where each # represents a digit. Up to ten digits will be formatted according to this pattern, starting from the right. Therefore:

• If a number has five digits (for example, 12345), Cisco Unified Mobility Advantage searches Active Directory for the number in the format 1-2345.

• If a number has six digits (for example, 123456), Cisco Unified Mobility Advantage searches Active Directory for the number in the format 12-3456.

If you do not use any punctuation at all, the number format for the same number of digits as the default would be ##########.

If you need to change this value after Cisco Unified Mobility Advantage is running, restart Cisco Unified Mobility Advantage after you make this change.

Connection Type Type of connection to use between Cisco Unified Mobility Advantage and the Active Directory server.

Select SSL for secure connections.

Select Plain for nonsecure connections.

This should match the connection type that Active Directory requires.

Security Context This field appears if you selected SSL for Connection Type.

Select the cuma_trust_all Security Context that you created at the beginning of the wizard.





You see the fields in Active Directory that hold directory information for each user.

Step 11 Select Edit only if you have a specific reason to change the default values.



Admin DN Enter the distinguished name of the account that Cisco Unified Mobility Advantage uses to read data from your corporate directory server.

For example:

CN=CUMA Read Only User,CN=Users,DC=department,DC=example,DC=com

This account must have at least read-only permissions in your corporate directory server.

It must also have a valid Exchange mailbox.

Password The password for the Admin DN account.

Append Base DN If you entered the short form of the Admin DN (Domain name/User ID) instead of the long form including the container name, check the box to append the Base DN to the Admin DN.


Distinguished Name Attribute name in Active Directory that represents the distinguished name of a user. For example:

distinguishedName

First Name Attribute name in Active Directory that represents the first name of a user. For example:

givenName

Last Name Attribute name in Active Directory that represents the last name of a user. For example:

sn

User ID Attribute name in Active Directory that represents the corporate name of a user. For example:

sAMAccountName

Email Attribute name in Active Directory that represents the email address of a user. For example:

mail



You see information that Cisco Unified Mobility Advantage uses to determine which Microsoft Exchange server at your company holds the information for each user:


Contact Adapter Enter the name of the attribute within the corporate directory that identifies the logical Exchange server resource name for a user.

For example:

msExchHomeServerName

DNS Host Name Enter the name of the attribute within the corporate directory that identifies the DNS host name of a server machine.

For example:

dNSHostName



Step 13 Select Edit only if you have a specific reason to change the default values.


Step 15 Review the information on the Corporate Directory Configuration Summary screen.

To change any setting, select Reset. Otherwise, select Next.

Contact Adapter DN Mask

Enter a mask for the Contact Adapter DN value. The format of the DN Mask is:

??,CN=Computer,DC=department,DC=example,DC=com

Cisco Unified Mobility Advantage will use the value of the Contact Adapter field (entered above) in combination with this DN Mask to search for the DNS hostname of a user's Exchange Server.

?? is substituted with the CN=<hostname of the Exchange server>. The following part is used to complete the DN. This complete string is then used to retrieve details about the user's Exchange host.

The hostname is retrieved from Active Directory using the Contact Adapter attribute of the user entry. Contact Adapter (msExchHomeServerName).

For example, if in Active Directory for user test1, the msExchHomeServerName is "myExchange" and the DN Mask is configured as ??, CN=Computer, DC=myDivision, DC=somecompany, DC=com, then the Cisco Unified Mobility Advantage Enterprise server will lookup the following entry in Active Directory to get details about the Exchange server and use it to store personal contacts of the test1 user:

CN=myExchange, CN=Computer, DC=myDivision, DC=somecompany, DC=com

Contact Adapter Search Base

Enter the Distinguished Name of the root node that contains your Exchange Server's information in your corporate directory. For example:

CN=Computers,DC=department,DC=example,DC=com

Cisco Unified Mobility Advantage searches the Exchange Server from this root node.

Use the lowest node that includes the necessary names. Using a higher node will create a larger search base and thus reduce performance if the directory is very large.

Microsoft retrieves up to 1000 results per search.




Configuring the Connection to Microsoft Exchange Cisco Unified Mobility Advantage uses Microsoft Exchange for:

• Directory Lookup for personal contacts of users

• Caller identification of people who are in the personal contact list of users

• Triggering meeting notifications

Configure Cisco Unified Mobility Advantage to communicate with the Exchange server.

Procedure

Step 1 Select or enter personal contact server information.

Step 2 Select Next


Step 4 Select Next.


Field Description

Personal Contact Server Type

Select MS Exchange 2000/2003.

Other personal contact servers are not supported in this release.

Adapter Name Enter a name that you want to assign to this adapter.

Description Enter a description for this adapter.


Hostname/IP Address The hostname or IP address of the Exchange server.

If Microsoft Exchange is clustered, use the hostname associated with the Outlook Web Access (OWA) bridgehead.

Transport Type TLS is the secure transport type. Select TLS if Exchange is running SSL.

TCP is the nonsecure transport type. Select TCP if Exchange is not running SSL.


Port The port used to connect the Cisco Unified Mobility Advantage Server to the Exchange server. This is the Outlook Web Access (OWA) port of the Exchange server.

The default port for SSL connections is 443.

The default port for non-SSL connections is 80.



Step 6 Select Next.

Step 7 Specify whether Cisco Unified Mobility Advantage will integrate with your conferencing application (Cisco Unified MeetingPlace or Cisco Unified MeetingPlace Express):

Step 8 Select Next.

Step 9 Review the information on the summary screen. To change any setting, select Reset.


Configuring the Connection to the Voicemail Server

Procedure

Step 1 Select Yes to configure a voicemail adapter if Cisco Unified Mobility Advantage will connect to Cisco Unity or Cisco Unity Connection.

Step 2 Select Next.

Exchange Domain The domain for this instance of the Exchange server. For example, CORP.

This is the domain that users use when logging into their Windows desktops.

User Name Suffix The suffix that is appended to usernames to complete corporate email addresses.

Leave this field blank unless you have a specific reason to change it, for example if you have email addresses with subdomains such as sales.yourcompany.com that resolve to a single domain such as yourcompany.com.

If email addresses cannot be determined from Active Directory, obtain this value from your Exchange administrator.

This suffix must be a fully qualified DNS domain name. It is often, but not always, yourcompany.com. Do not include the @ character.


Enable Conference Integration

Specify whether or not to provide conference notifications to Cisco Unified Mobile Communicator users.

Polling Period (sec) These values apply when you integrate Cisco Unified Mobility Advantage with your conferencing system.

Do not change the default values. Max Threads

Polling Offset (min)




• If you selected Yes, continue with this procedure.

• If you selected No, skip the rest of this procedure.

Step 3 Select or enter the voicemail server information:

Step 4 Select Next.


Field Description

Voicemail Adapter Type

Select the type of voicemail server that your company uses. For example, Cisco Unity.

Adapter Name Enter a name that you want to assign to the voicemail adapter.

Description Enter a description for the voicemail adapter.


IMAP Information

Unity Exchange Hostname/IP Address

For Cisco Unity: Hostname of the Exchange server.

If you have users on more than one Exchange server, create a separate Cisco Unity adapter for each Exchange server.

For Cisco Unity Connection: IP address of the Cisco Unity Connection server.

If you have users on more than one Cisco Unity Connection server, create a separate adapter for each Cisco Unity Connection server.

Transport Type Choose the connection type for connections to the Exchange server (for Cisco Unity) or to the Cisco Unity Connection server.

This setting must match the setting on the Exchange or Cisco Unity Connection server.

Select TLS for secure connections (SSL on Exchange or TLS on Cisco Unity Connection).

Select TCP for nonsecure connections.

Security Context You see this option only if you chose TLS as the Transport Type and you are connecting to Cisco Unity Connection.

Choose cuma_trust_all.



Port If Transport Type is TCP:

• For Cisco Unity: Default is 143.

• For Cisco Unity Connection: Default is 7993

If Transport Type is TLS:

• For Cisco Unity: Default is 993


Polling Period (sec) Enter the frequency with which Cisco Unified Mobility Advantage checks for new voice messages.

The default is every 600 seconds.

Very frequent polling may impact performance.

Are the Voicemail credentials for the user the same as the corporate credentials?

Select Yes if the user ID and password for the user account on the voicemail system are the same as in Active Directory.

Select No otherwise.

Unity Version This field applies only if you are connecting to Cisco Unity.

Select the Unity server version.

If your version is Cisco Unity 7.x, enter the following SOAP information.

SOAP Information

Information in this section applies only if you are connecting to Cisco Unity Version is Release 7.x.

Unity Host Name/ IP Address

Enter the host name or IP address of the Cisco Unity server.

This may or may not be the same as the Unity Exchange Host Name/IP Address which hosts the voice messages that are retrieved by IMAP, which you entered above.

Transport Type Select TLS for SSL connections.


This must match the connection type you specify in Cisco Unity.

Port Enter the SOAP port. The default port for TLS is 443, and the default for TCP is 80.

Unity Backup Host Name/ IP Address

Enter the host name or IP address of a back up Cisco Unity server if you have one.

Application User Name

Enter the Unity Application User ID. This is the same user ID that you use to sign in to the Cisco Unity Administration page.

Application Password Enter the Password for the Unity Application User.




Step 6 Select Next.

Step 7 Accept the default values for the following fields unless you have specific reason to change them.

Step 8 Select Next.

Step 9 Select options for voicemail integration.



Domain Enter the Microsoft Exchange or NT domain of the Cisco Unity inbox.

Note This is not the Fully Qualified Domain Name domain.

Additional Information

Security Context Choose cuma_trust_all.


Phone number search field name

Field to search the phone number of a caller.

Default is Subject.

We recommend that you do not change the default value.

Phone number search pattern

Regular expression for the search pattern that should be used in the Phone Number Search Field Name field.

This information is used to identify callers by matching information from Cisco Unity and Cisco Unified Communications Manager with existing contact information in Exchange and Active Directory.

Default is the regular expression [0-9]{4,}



Enable Corporate Voicemail Integration

Determine whether or not the Cisco Unified Mobility Advantage Server integrates with your corporate voicemail system and provides voice message viewing and listening capabilities on Cisco Unified Mobile Communicator.

Maximum Expiry of Voicemails (days)

The maximum number of days that voice messages will be listed in the client.

Default is 30.





Configuring the Connection to Cisco Unified Communications Manager Configure Cisco Unified Mobility Advantage to integrate with Cisco Unified Communications Manager to provide call-related features such as unified call logs, MobileConnect, and Dial via Office. Available features and exact configuration depend on your version of Cisco Unified Communications Manager.

Before You Begin

You will need the following information:

• The usernames and passwords for the CTI-enabled “super user” accounts you created in Creating CTI-Enabled “Super User” Accounts, page 3-3.

• (For Cisco Unified Communications Manager Release 5.x through 7.x) The AXL User ID and password in Configuring Standard AXL API Access to Retrieve User Information, page 3-5.

• (For Cisco Unified Communications Manager Release 4.x) The Directory Lookup rules you will need. You determined these in Preparing Information Required for Installation and Configuration, page 1-6.

Procedure

Step 1 Select Yes at the prompt to configure a call control adapter.

Step 2 Select Next.


Step 4 Select Next.

Step 5 Enter information for Cisco Unified Communications Manager. The exact fields you see depend on the Cisco Unified Communications Manager version. Be sure to scroll down in the wizard to see all fields.

Field Description

Call Control Server Type Select Cisco Unified Communications Manager.

Adapter Name Enter a name of your choice.

Description Enter a description.


Address Information

Primary Host Name Enter the hostname or IP address of the primary Cisco Unified Communications Manager server on which you configured the CTI-enabled “super user” account or accounts.

Primary Server Port Enter the port used to communicate with the primary Cisco Unified Communications Manager server.

The default is 5060.



Step 6 Select Next.

Backup Host Name (Optional) Enter the backup server host name or IP address.

Backup Server Port Enter the port used to communicate with the backup Cisco Unified Communications Manager server.

CTI User Credentials

User Name Enter the CTI-enabled “super user” you created in Cisco Unified Communications Manager.

If you created more than one “super user,” select Add More to add each.

Password Enter the password or passwords associated with the user ID or names above.

SIP Information

Transport Type Select TLS for secure connections.

Select TCP for normal connections.

Select UDP for connections without error correction.

The default transport type is TCP.

This must match the setting in the “CUMA Server Security Profile” on the Cisco Unified Communications Manager server.

Communications Manager Version

Select the version of Cisco Unified Communications Manager.

For Release 7.0(1): SOAP Information

(In the Admin Portal in Release 7.0(2), this label is Web Services Information)

The following fields appear only if you choose Cisco Unified Communications Manager Release 7.x.

Https Port Enter the SIP port number of the Cisco Unified Communications Manager server. This is often the same secure port that runs the Cisco Unified Communications Manager Administration page.

Cisco Unified Communications Manager runs the AXL interface on this port.


User Name Enter the Cisco Unified Communications Manager Application User ID to which you assigned standard AXL API access.

Password Enter the Password for the user in the row above.


Security Context This field appears only if you selected TLS for Transport Type.

Select cuma_trust_all.




Step 7 Select Next on the Dial Rule Instructions page if you are using any version of Cisco Unified Communications Manager other than Release 4.x.

Step 8 (For Cisco Unified Communications Manager Release 4.x only) Enter the directory lookup rules you planned earlier.

Step 9 Select Next.

Step 10 Select options for Cisco Unified Communications Manager integration.



The “Dial Rule Configuration” section is referring to the Directory Lookup configuration.

Field Description

Enable Corporate PBX Integration

Select Yes:

• To allow users to view in Cisco Unified Mobile Communicator lists of calls they make and receive on all of their office phones

• To enable the Dial via Office feature.

Select No to allow users to view in Cisco Unified Mobile Communicator only the calls they make and receive on Cisco Unified Mobile Communicator, and to disable the Dial via Office feature.

Enable Dial Via Office This option is available only for Cisco Unified Communications Manager Release 7.x and only if you enable corporate PBX integration.

Select Yes to enable the Dial via Office feature on Cisco Unified Mobile Communicator.

To enable Dial Via office, both "Enable Corporate PBX Integration" and "Enable Dial Via Office" must be set to Yes.

Dial Via Office Policy This option is available only for Cisco Unified Communications Manager Release 7.x, and only if you enable Dial Via Office.

Select User Option to allow users to choose whether to use the Dial via Office feature for dialing calls.

Select Force Dial Via Office to require all users to dial all calls as if they were coming from the office.

Dial Via Office Emergency Numbers

This option is available only for Cisco Unified Communications Manager Release 7.x, and only if you enable Dial Via Office.

Enter phone numbers that will always be dialed directly from the mobile phone and never be dialed via the office.

These can be emergency numbers or other numbers such as directory information numbers.

For example, in the United States these might include 911 and 411.

Maximum Expiry of Call Logs (days)

Indicates the maximum value that a user can select for the number of days within which call logs will be sent to the client.

Default is 30.




Configuring the Connection to Cisco Unified Presence This server allows Cisco Unified Mobile Communicator users to see the availability status of other users.

Configure Cisco Unified Mobility Advantage to communicate with Cisco Unified Presence to provide this service.

Procedure

Step 1 Choose Yes if you want to integrate Cisco Unified Mobility Advantage with a Cisco Unified Presence server.

Step 2 Select Next.

• If you selected Yes, continue with this procedure.

• If you selected No, skip the rest of this procedure.

Step 3 Enter the Cisco Unified Presence Server adapter information:

Step 4 Select Next.


Field Description

CUP Server Type Select Cisco Unified Presence.

Adapter Name Enter a name that you want to assign to the Cisco Unified Presence Server adapter.

Description Enter a description for the Cisco Unified Presence Server adapter.


Host Name/IP Address Hostname or IP address of the Cisco Unified Presence server to which all Cisco Unified Mobility Advantage users are assigned.

Port Port on which Cisco Unified Mobility Advantage will communicate with Cisco Unified Presence.

(The port of the SOAP Web Service interface that Cisco Unified Presence listens on to accept user sign-in requests.)


Backup Host Name/ IP Address

(Optional) Hostname or IP address of the backup Cisco Unified Presence Server, if you have one.

Application User Name The user ID of the Application User you created in Cisco Unified Presence for Cisco Unified Mobility Advantage.



Step 6 Select Next.

Step 7 Accept the default SIP settings for the Cisco Unified Presence Server, unless you have specific reasons to change them.

Step 8 Select Yes to enable users to share availability status information.

Step 9 Select Next.



Viewing Configuration Summaries for Connections to Enterprise Servers

Procedure

Step 1 Select the Host Name/IP Address of any server for which you want to view a configuration summary.

Step 2 Select Next when you are satisfied with your configurations.

You see the System Configuration screen

Completing the System Configuration Screen The System Configuration screen allows you to determine the Cisco Unified Mobility Advantage Server domain information and SMTP server information. The Cisco Unified Mobility Advantage Server uses the SMTP server to send out device provisioning to BlackBerry clients.

Application Password Password for this Application User.

Security Context Select cuma_trust_all.


Default Subscription Interval

Default is 3600.

Transport Type Default is TCP.

If you configured Cisco Unified Presence to require a TLS connection, you must select TLS here.

Listen Port Default is 5060.

Min Connections Default is 5.

Max Connections Default is 20.

Max Load Per Connection

Default is 200.




Before You Begin

The SMTP Server must allow relaying from Cisco Unified Mobility Advantage. For information, contact your SMTP server administrator or see the documentation for your SMTP server.

Procedure


Step 2 Select Next.

Configuring Server Setup Network Configuration Configure Cisco Unified Mobility Advantage to communicate with the Cisco Adaptive Security Appliance and Cisco Unified Mobile Communicator clients.


General

Domain Enter a domain name for this instance of the Cisco Unified Mobility Advantage Server. This forms the address of the Cisco Unified Mobile Communicator user. For example:

cisco.com

This should match the Proxy domain of the Cisco Unified Presence server.

Session Timeout (days)

Enter the number of days after which users must sign in again to Cisco Unified Mobile Communicator.

SMTP Server Configuration

Host Name Enter the hostname of your SMTP gateway. This must be the same as your Exchange hostname if you use the Exchange server as your SMTP gateway.

Port Enter the port number for the SMTP gateway. Usually, this is 25.

Authentication Required

Specify whether or not your organization requires authentication for access to the SMTP server.

Admin Email Enter the email address of the Cisco Unified Mobility Advantage administrator.

Cisco Unified Mobility Advantage uses this email address to send provisioning messages and alerts to users.

SMTP Authentication Password

If you selected True for Authentication Required, enter the password associated with the account you entered for the Admin Email address in the previous row of this table.



Before You Begin

• You will need the Proxy Host Name that you obtained in Obtaining IP Addresses and DNS Names from IT, page 1-3.

• You will need the port numbers you obtained in Opening Firewall Ports, page 1-5.

Procedure



Proxy Server Information

Proxy Host Name Host name that clients will use to connect through the Cisco Adaptive Security Appliance to Cisco Unified Mobility Advantage. You obtained this value when you completed preinstallation steps.

The hostname must be routable from the Internet.

The Proxy Host Name should resolve to the external IP address that you received from your IT administrator.

Proxy Client Connection Port

Enter the port that is used for secure communication between the Cisco Unified Mobile Communicator client and the Cisco Adaptive Security Appliance.

Proxy Client Download Port

Enter the port through which clients connect to the Cisco Adaptive Security Appliance for wireless downloads of Cisco Unified Mobile Communicator.

For BlackBerry-only deployments:

This field is not used for BlackBerry clients if you will distribute the client software only through the BlackBerry Enterprise Server. However, you must enter a value. Enter any number within the allowed range.

Managed Server Information

Client Connection Port

Enter the port that Cisco Adaptive Security Appliance uses to connect to Cisco Unified Mobility Advantage.

The Cisco Adaptive Security Appliance translates this port to the Proxy Client Connection Port for Cisco Unified Mobile Communicator client connections to the Cisco Adaptive Security Appliance.

User Portal Port Enter the port users will use to access the Cisco Unified Mobile Communicator User Portal.

The range is 9400-9500.

The default value is 9443.

For security, this port should be available only behind your corporate firewall.



Step 2 Select Next.

The Server Setup Summary screen appears.

Step 3 Review the information. To change information, select Reset.

Step 4 Select Next.

Uploading the Client Software to the Server You must upload the Cisco Unified Mobile Communicator client software onto the Cisco Unified Mobility Advantage server for distribution to user devices. All client software for this release is distributed in a single file with a .oar filename extension.

Before You Begin

Obtain the Cisco Unified Mobile Communicator software .oar file for this release.

Cisco Unified Mobile Communicator is provided on a separate CD from Cisco Unified Mobility Advantage, or you can download it from Cisco.com. The CD or downloaded software file contains Cisco Unified Mobile Communicator software for supported mobile phone technologies and information for configuring supported phones.

You should be looking at the Handset Platform Management window in the Configuration Wizard.

Procedure

Step 1 Browse to or enter the location of the Cisco Unified Mobile Communicator software.

Step 2 Select Next.

When the upload is successful, you see a list of the handset platforms and versions of Cisco Unified Mobile Communicator now installed in Cisco Unified Mobility Advantage.

Step 3 Select Next.

Client Download Port

The port on which users will download the client software.

This port is translated to the Proxy Client Download Port for client connections to the Cisco Adaptive Security Appliance.

For BlackBerry-only deployments:

This field is not used for BlackBerry clients if you will distribute the client software through the BlackBerry Enterprise Server. However, you must enter a value. Enter any number within the allowed range.

Security Context Select the cuma Security Context that you created at the beginning of the wizard.




Managing Provisioning Options Choose the country, mobile phone service providers, and supported handset models your deployment will support.

Procedure

Step 1 Select the arrow beside a country to view the supported mobile service providers in that location.

Step 2 Select the arrow beside a provider to view the devices that provider supports.

Step 3 Select the country, mobile phone service providers, and supported handset models for your deployment.

Checking a box selects each box in the list under that entity, whether or not you see the list. Uncheck boxes as needed, or start by checking each device to support.

Windows Mobile is currently available in English only.

On Nokia Symbian phones, Release 7.0 is available in English, while French, German, Spanish, and Italian are supported in Release 3.x.

BlackBerry clients have separate installers for each supported language:

• de = German

• en = English

• es = Spanish

• fr = French

• it = Italian

Step 4 Select Next.

Finishing the Configuration WizardThe Summary screen displays your Cisco Unified Mobility Advantage settings.

Procedure

Step 1 Review the configuration summary. Select Reset under any area to make changes to that area.

Step 2 Select Finish.

Step 3 Select No if you see a prompt to start the Managed Server (Cisco Unified Mobility Advantage).

What To Do Next

Continue with the remaining sections in this chapter.


Chapter 7 Using the Configuration Wizard in Cisco Unified Mobility Advantage Downloading the Self-Signed Certificate (After Running the Configuration Wizard)

Downloading the Self-Signed Certificate (After Running the Configuration Wizard)

You must import this certificate into the Cisco Adaptive Security Appliance.

Procedure


Step 2 Select Security Context Management.

Step 3 Select Security Contexts.

Step 4 Select Manage Context beside the cuma security context.

This is the first Security Context you created above.


Step 6 Save the file.

What To Do Next

See Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage.

Performing Additional Required Procedures Before Cisco Unified Mobile Communicator clients can connect, you must also perform the following procedures in order.

Procedure

To More Information

Complete essential security configuration.

All remaining procedures in Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance.

Depending on the security requirements of your other enterprise servers, download certificates from Cisco Unified Mobility Advantage and import them into the relevant servers.

• Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11.

• Importing Certificates into Cisco Unified Operating System Servers, page 3-16.

• For other enterprise servers (such as Active Directory or Cisco Unity), see the documentation for those servers.

Start Cisco Unified Mobility Advantage


Activate users • Activating Users, page 14-1



Chapter 7 Using the Configuration Wizard in Cisco Unified Mobility Advantage Performing Additional Required Procedures

Provision devices • Chapter 15, “Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage”


Give users the information they need in order to use Cisco Unified Mobile Communicator

Information to Give to Users, page 14-3

Consider obtaining and deploying a signed certificate on the Cisco Unified Mobility Advantage server

This is recommended but not required, and you can do it later, after your system is running and you have tested it. See About Required and Recommended SSL Certificates, page 9-2.

To More Information



C H A P T E R 8
Accessing Cisco Unified Mobility Advantage
Revised Date: May 4, 2009

Use the Cisco Unified Mobility Advantage Admin Portal to manage Cisco Unified Mobility Advantage and Cisco Unified Mobile Communicator. There is no command-line interface access for this release.

• Logging In to the Admin Portal, page 8-1

• How to Change the Admin Portal Password, page 8-2

Logging In to the Admin PortalThe Cisco Unified Mobility Advantage Admin Portal is accessible using these web browsers:

• Internet Explorer 6.0

• Mozilla Firefox 1.5

You can sign in to the Admin Portal from any computer that has access to the server. The portal is designed for viewing at 96 DPI.

Procedure

Step 1 Open a web browser and enter the Admin Portal URL:

http://hostname or IP address of your Cisco Unified Mobility Advantage server:7080/adminportal

For example: http://mycompany.com:7080/adminportal

Step 2 Enter the Admin user ID and password.

The username is admin and cannot be changed.

Step 3 Select Login to display these options:


Chapter 8 Accessing Cisco Unified Mobility Advantage How to Change the Admin Portal Password

How to Change the Admin Portal Password • Changing the Password from the Admin Portal, page 8-2

• Changing the Password Without the Current Admin Portal Password, page 8-3

Changing the Password from the Admin Portal If you are able to log into the Admin Portal, you can change the password from the Admin Portal.

Procedure

Step 1 Sign in to the Admin Portal.

Step 2 Select the [+] beside System Management.

Step 3 Select System Properties.

Step 4 Enter the new password in the Admin Password and Confirm Admin Password fields.

Option Description

End Users Activate, deactivate, and manage users.

Provision new mobile phones and upgrade Cisco Unified Mobile Communicator on mobile phones.

Delete Cisco Unified Mobile Communicator data from mobile phones.

Enterprise Configuration Configure Cisco Unified Mobility Advantage to communicate with Active Directory, Microsoft Exchange, Cisco Unity, Cisco Unified Presence, and Cisco Unified Communications Manager servers.

Configure voicemail, call control, and conference integration.

Handset Platform Management View supported mobile phone platforms and versions of Cisco Unified Mobile Communicator installed on your system.

Install an upgrade version of Cisco Unified Mobile Communicator.

Download Cisco Unified Mobile Communicator to your desktop computer for provisioning purposes.

Server Controls Start or stop Cisco Unified Mobility Advantage and specify server settings required for operation.

System Management View or edit system properties, set configuration information (for log files and calendar and SMTP Server connections), and view a summary of Cisco Unified Mobility Advantage server ports.

Security Context Management Manage client-server security within the Cisco Unified Mobility Advantage deployment.

Reports Generate and view server statistics and summaries.




Step 6 Restart Cisco Unified Mobility Advantage.

Changing the Password Without the Current Admin Portal Password If you have forgotten the Admin Portal password but you know the platform administrator credentials, you can change the Admin Portal password from the command-line interface.

Procedure

Step 1 Use SSH to access the Cisco Unified Mobility Advantage server using your platform administrator credentials.

Step 2 Enter the following command to reset the password:

set password cuma

Step 3 Enter the following command to restart Cisco Unified Mobility Advantage and activate the new password:

utils service restart CUMA Admin



C H A P T E R 9
Managing Server Security in Cisco Unified Mobility Advantage

This chapter describes the concepts and processes for establishing server identity.


• About Required and Recommended SSL Certificates

• Explanation of Security Contexts, page 9-4



• Creating Security Contexts, page 9-7

• Importing Self-Signed Certificates from Trusted Servers, page 9-10

• Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11


• Certificate Uploads and Downloads, page 9-15

• Viewing Certificate Details, page 9-16

• Deleting Security Contexts And Certificates, page 9-17

About Secure Connections and SSL Certificates In order for a client to connect securely to a server, the client generally requires that the server verify its identity. A client can be a browser, a mobile device running Cisco Unified Mobile Communicator, or any server that initiates a connection with another server. Servers can have both client and server relationships with each other.

A client connects securely to a server using SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocol. Secure connections require digital certificates to verify the identity of the server.

Several types of digital certificates can be used to establish trust between a client and a server:

• Self-signed certificates are generated from the server; a copy of the certificate must reside on the client. When a client connects to a server, it compares the certificate that the server presents to the copy of the certificate in its own trust store.


Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage About Required and Recommended SSL Certificates

• Certificates signed by a recognized Certificate Authority (CA) such as VeriSign enable clients to trust servers without having a to import a certificate from each server onto the client, as long as the client recognizes certificates that are signed by the particular Certificate Authority.

• Certificates can be signed by other authorities, such as an in-house corporate signing authority that guarantees servers within the corporate firewall.

You can also configure each server behind the your corporate firewall to trust the identity of other servers behind the same firewall without explicitly requiring certificates.

Signed Certificate InformationSigned certificates generally consist of up to three sub-certificates:

• A root certificate which declares the identity of the signing Certificate Authority.

• An intermediate certificate, which is provided by many certificate authorities to accompany a signed certificate.

• The signed certificate which identifies the server being authenticated.

Certificates signed by a corporate signing authority may also include root and intermediate certificates.

About Required and Recommended SSL Certificates • Required and Recommended Signed Certificates, page 9-2

• Required and Recommended Self-Signed Certificates, page 9-3

Required and Recommended Signed Certificates Some clients (such as Cisco Unified Mobile Communicator or standard web browsers) require or request certificates that are signed by a recognized Certificate Authority in order to connect to a server.

Necessity Description For Do This

Required For the Cisco Adaptive Security Appliance.

Cisco Unified Mobile Communicator clients require this certificate.

New installations

You must purchase this certificate after you configure the Cisco Adaptive Security Appliance, but before you can test Cisco Unified Mobility Advantage.

It may take up to 24 hours to receive your certificate from the signing authority.

See (For New Installations) How to Obtain and Import the Cisco Adaptive Security Appliance-to-Client Certificate, page 2-10.

Upgrades from Release 3.x

You may be able to reuse the signed certificate from the proxy server in Cisco Unified Mobility Advantage Release 3.1.2.

Before you upgrade Cisco Unified Mobility Advantage from Release 3.x, review the restrictions and process overview in Saving the SSL Certificate from the Proxy Server, page 5-8, then perform the procedure if applicable.


Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage About Required and Recommended SSL Certificates

Related Topics


• How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance, page 2-8

Required and Recommended Self-Signed Certificates If your company has a corporate signing authority, you can use certificates signed by the corporate authority instead of self-signed certificates.

Recommended For the Cisco Unified Mobility Advantage server.

This certificate prevents users from seeing an “Untrusted certificate” warning when they access the User Portal.

Browsers generate this warning when they connect to a server that does not have a signed certificate.

New installations

You must install Cisco Unified Mobility Advantage before you can obtain a signed certificate for this purpose.

You can use a self-signed certificate for initial configuration and testing, and then obtain and deploy a signed certificate later.

See How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-12.

Upgrades from Release 3.x

If you had a signed certificate on the managed server in Cisco Unified Mobility Advantage Release 3.1.2, you may be able to reuse this certificate.

See:

• Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15

• Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15.

Necessity Description For Do This

Certificate More Information

A certificate (self-signed or signed) from Cisco Unified Mobility Advantage is required for the Cisco Adaptive Security Appliance to communicate with Cisco Unified Mobility Advantage.

Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4

If you followed the instructions for the Configuration Wizard in Chapter 7, “Using the Configuration Wizard in Cisco Unified Mobility Advantage,” you must import a certificate from the Cisco Adaptive Security Appliance to Cisco Unified Mobility Advantage.

This configuration is recommended for all deployments.

Cisco Unified Mobility Advantage does not require certificates from other enterprise servers in order to run, but your corporate security requirements and settings on other servers may require you to deploy certificates in both directions.

See Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5.


Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage Explanation of Security Contexts

Explanation of Security Contexts Each client and server may have security policies that govern the type of identity verification required for connections with other clients and servers. In Cisco Unified Mobility Advantage, you specify security policies in one or more Security Contexts. You then associate one Security Context with each enterprise server that Cisco Unified Mobility Advantage connects to. In addition, each enterprise server may have security policies of its own that require Cisco Unified Mobility Advantage to verify its identity. Servers verify their identities using certificates.

Security Contexts in Cisco Unified Mobility Advantage do the following:

• Determine the level and type of identity verification that Cisco Unified Mobility Advantage requires from each server and client with which it connects.

For example, servers behind your corporate firewall (most enterprise servers with which Cisco Unified Mobility Advantage communicates) may require less stringent identity verification because they are already in a presumably secure environment. Communications with a server in a DMZ (for example, the Cisco Adaptive Security Appliance) generally require stricter identity verification because a DMZ environment is less secure.

• Store copies of trusted certificates. Depending on your security choices, certificates that other servers present must match their corresponding certificates stored in the Security Context that you assigned to that server.

• Store the certificate that Cisco Unified Mobility Advantage presents when identifying itself to other servers.

• Collect the information needed to create certificates, and use that information to generate certificates to provide to other servers for their store of trusted certificates, or to generate a Certificate Signing Request for a signed certificate.

In general, if you set the Connection Type for an enterprise server to TLS or SSL (secure), you must specify a Security Context for connections with that server. You specify the certificate requirements in the Security Context.

Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance

Use the following set of procedures to deploy self-signed certificates for communications between Cisco Unified Mobility Advantage and the Cisco Adaptive Security Appliance.

Before You Begin

Determine your certificate needs. See How To Deploy Required And Recommended Certificates for the Cisco Adaptive Security Appliance, page 2-8.


Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage Deploying Self-Signed Certificates for Internal Servers: Example

Procedure

Deploying Self-Signed Certificates for Internal Servers: Example

Secure connections between internal servers are not required by default for Cisco Unified Mobility Advantage to operate. However, your corporate security policies may require them.

If you assign a Security Context that has the Trust Policy set to Trusted Certificates for an enterprise server, then you must deploy a certificate to verify the identity of that server. Generally, if your security policies are consistent, this will be a reciprocal requirement, so you will also need to provide a certificate from Cisco Unified Mobility Advantage to verify its identity to the other server.



If you followed the instructions for the Configuration Wizard in Chapter 7, “Using the Configuration Wizard in Cisco Unified Mobility Advantage,” you have already created the cuma Security Context.


Step 2 In System Management > Network Properties, specify the Security Context from Step 1 in this table.

If you followed the instructions for the Configuration Wizard, you have already completed this step.

—


If you followed the instructions for the Configuration Wizard:


Otherwise:

• Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11.

Step 4 Import this certificate to the trust store of the Cisco Adaptive Security Appliance.

Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage, page 2-12.

Step 5 Generate a self-signed certificate from the Cisco Adaptive Security Appliance.

Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance, page 2-14.

Step 6 Import this certificate into the trust store of Cisco Unified Mobility Advantage.


Step 7 In the Cisco Adaptive Security Appliance, complete remaining configurations

Setting up the TLS Proxy, page 2-15 and the remaining procedures in that chapter.


Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage Deploying Self-Signed Certificates for Internal Servers: Example

You can use self-signed certificates or certificates signed by an in-house corporate signing authority to verify the identities of servers behind the corporate firewall.

This configuration example describes one option to configure security for internal servers, using self-signed certificates. Use the same basic procedure for each enterprise server that supports secure connections.

Before You Begin

• We recommend that you verify that all features that you deployed are functioning properly before you introduce security to the configuration.

• For the following servers, use different instructions instead of this topic:

– For Cisco Adaptive Security Appliance, see Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4.

– For Cisco Unified Communications Manager, see How to Configure Server Security for Connections with Cisco Unified Communications Manager, page 3-13.

– For Cisco Unified Presence, see How To Configure Server Security for Cisco Unified Presence, page 4-3.

Procedure




If you followed the instructions for the Configuration Wizard you can use the cuma Security Context.


Step 2 In the Enterprise Adapter for the server, select TLS or SSL as the Transport Type, then specify the Security Context from Step 1 in this table.


• Appendix A, “Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage”

Step 3 On the enterprise server, require secure communications.

See the documentation for the server.


Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11.

Step 5 Import this certificate to the trust store of the enterprise server.

See the documentation for the server.

Step 6 Generate a certificate from the enterprise server. See the documentation for the server.




Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage Creating Security Contexts

Creating Security Contexts Security Contexts manage security policies and server identity-verification certificates for connections between Cisco Unified Mobility Advantage and other enterprise servers. You can use them to generate and store digital certificates that verify server identity.

• Create a security context for each different type of security you require in order to allow other servers to communicate with Cisco Unified Mobility Advantage.

For example, if you require no imported certificates from internal servers and a self-signed certificate from the Cisco Adaptive Security Appliance in the DMZ, create two Security Contexts. If you followed the documentation for the Configuration Wizard, you created these two Security Contexts.

• You can use a single security context to govern relationships with multiple servers, if the requirements are the same for all of those servers.

• You may need to create multiple security contexts in order to satisfy the security requirements of all enterprise servers. For example, some servers may require Cisco Unified Mobility Advantage to present a trusted certificate.

Before You Begin

Determine the two-letter ISO country code for the location of your Cisco Unified Mobility Advantage server. Visit http://www.iso.org/iso/country_codes/iso_3166_code_lists/english_country_names_and_code_elements.htm.

Procedure

Step 1 Sign in to the Cisco Unified Mobility Advantage Admin portal.

Step 2 Select the [+] beside Security Context Management.


Step 4 Select Add Context.


Field Description

Context Name Enter a name for the certificate.

The name cannot contain spaces or special characters.

Description Enter a description for the certificate.


http://www.iso.org/iso/country_codes/iso_3166_code_lists/english_country_names_and_code_elements.htm


Trust Policy This value determines the type of certificate Cisco Unified Mobility Advantage requires of an enterprise server with which it initiates communication, such as Cisco Adaptive Security Appliance and Cisco Unified Communications Manager.

Options are:

• Trusted Certificates— The other server must present one of the following:

– A self-signed certificate that you will have already imported into Cisco Unified Mobility Advantage.

– A certificate signed by a recognized Certificate Authority that Cisco Unified Mobility Advantage supports.

– A certificate signed by another authority, such as a corporate signing authority. In this case, you must import the certificates of the signing authority into Cisco Unified Mobility Advantage.

• All Certificates — Choose this option if you do not want to verify certificates that each server presents.

Cisco Unified Mobility Advantage trusts certificates from each server whose enterprise adapter is associated with this Security Context. You do not need to import certificates in this case.

• Default — All servers must present certificates that are signed by a recognized Certificate Authority.

Client Authentication Policy This setting determines whether Cisco Unified Mobility Advantage requires a certificate from clients or other servers that initiate a connection to it.

Typically, communications using the TLS protocol do not require a certificate in this situation.

Cisco Unified Mobility Advantage uses the Client Authentication Policy when it is acting as a server (for example, in communications with the Cisco Adaptive Security Appliance.)

Options are:

• None — Cisco Unified Mobility Advantage does not request a certificate from the client.

• Optional — Cisco Unified Mobility Advantage requests but does not require a certificate from the client.

• Required — Cisco Unified Mobility Advantage requires a certificate from the client.

The type of certificate required is specified in the Trust Policy field, described above.

Field Description




What To Do Next

• For each enterprise server that requires a TLS or SSL connection, specify an appropriate Security Context. A single Security Context can be associated with multiple servers if the security requirements are the same for all.

– For the Cisco Adaptive Security Appliance: Assign a Security Context on the System Management > Network Properties page.

Certificate Password Enter the password you want to assign to this certificate. The password must be at least six characters in length.

If you are upgrading from Release 3.x and you upload a certificate from Cisco Unified Mobility Advantage Release 3.x, you must enter the same password, which you noted before you performed the upgrade.

Note this password in a safe place. You may need it later.

Server Name Enter the fully qualified hostname of this server.

Department Name Enter the name of the department that will be using Cisco Unified Mobility Advantage, if restricted to one department.

For the Security Context that you will associate with the Cisco Adaptive Security Appliance, this value must match the OU value you entered when you generated the Certificate Signing Request for the signed certificate from the Cisco Adaptive Security Appliance.

Company Name Enter your company name.

If you will use the information in this Security Context to obtain a signed certificate, use the name under which your company or organization is officially registered to conduct business. VeriSign validates this name against official business registration documents.

If the company name includes symbols requiring the shift key, see instructions at your Certificate Authority website.

City Enter the city where the department or company is located.

State Enter the state or province where the city is located.

Check with your supported Certificate Authority to determine exact requirements for this value. At publication, the requirements are:

• For locations in the United States and Canada, spell out the full name. For example: California (not CA).

• For other installations, there are no restrictions on this value.

Country Code Enter the two-letter code for the country where the company is located.

You obtained this value while completing the prerequisites for this procedure.

Field Description


Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage Importing Self-Signed Certificates from Trusted Servers

– For other enterprise servers: Assign an appropriate Security Context on the Enterprise Adapter page for each server. See Appendix A, “Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage” and Chapter 10, “Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage.”

• If the Trust Policy is Trusted Certificates and you will use self-signed certificates to establish trust:

– See Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4

– Deploying Self-Signed Certificates for Internal Servers: Example, page 9-5

• If the Trust Policy is Trusted Certificates and you will use a certificate signed by a nonrecognized authority such as an in-house corporate signing authority:

– Follow the procedures at your company to obtain the required certificate chain.

– Import the certificates into Cisco Unified Mobility Advantage. See Importing Intermediate Certificates, page 9-14 and Importing Certificates Signed by a Certificate Authority, page 9-15.

– Import the root certificate into the trust store of the other server.

• If the Trust Policy is Default or Trusted Certificates and you will use a certificate signed by a recognized certificate authority, follow the instructions in How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-12.

Importing Self-Signed Certificates from Trusted Servers Use this procedure:

• To import a self-signed certificate from the Cisco Adaptive Security Appliance.

• To import self-signed certificates from other enterprise servers, if you specified for any Enterprise Adapter TLS connection, and the associated server will present a self-signed certificate.

You can import multiple certificates into a single Security Context.

Before You Begin

• Generate a self-signed certificate from each enterprise server whose Enterprise Adapter in Cisco Unified Mobility Advantage has a Security Context that specifies Trusted Certificates for the Trust Policy.

– For the Cisco Adaptive Security Appliance, see Generate a Certificate for Cisco Unified Mobility Advantage from the Cisco Adaptive Security Appliance, page 2-14.

– For Cisco Unified Communications Manager, see Obtaining a Certificate from Cisco Unified Communications Manager, page 3-16.

The certificate files will be named CallManager.pem and tomcat.pem.

– For Cisco Unified Presence, see the documentation for that product.

There are three separate certificates:

- sipproxy.pem

- tomcat.pem (You can rename this file to a unique name to avoid confusion.)

- PresenceEngine.pem

– For Cisco Unity Connection, you need the tomcat.pem file. (You can rename this file to a unique name to avoid confusion.)

– For other servers, see the documentation for each server.


Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage

• Identify the name of the Security Context that is associated with the server whose certificate you want to import:

– For the Cisco Adaptive Security Appliance: This is the Security Context specified on the System Management > Network Properties page.

– For other servers: This is the Security Context specified on the Enterprise Adapter page of the server whose certificate you want to import.

• Make sure the Security Context has the Trust Policy set to Trusted Certificates.

Procedure

Step 1 Open the certificate in WordPad (not Notepad).

Step 2 Select the [+] beside Security Context Management in the Admin Portal.


Step 4 Select Manage Context for the Security Context into which you want to import the certificate.

If you used the Configuration Wizard, this is the cuma security context.

Step 5 Select Import on the Trusted Certificate(s) line.

Step 6 Enter the certificate name (no spaces).

Step 7 Copy and paste the text from the certificate into the Certificate field.




Step 8 Select Import.


Related Topics



Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage

If any server with which Cisco Unified Mobility Advantage communicates requires identity verification, you can create and deploy a self-signed certificate.

The Cisco Adaptive Security Appliance requires identity verification.

This procedure downloads a PEM- encoded certificate with a .cer filename extension.

Before You Begin

• Make sure that a self-signed certificate meets your needs. See Required and Recommended Self-Signed Certificates, page 9-3.


Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server

• Create at least one security context. Complete all fields in the form.

• Note that this procedure is different from the procedure for downloading a keystore file, as described in Certificate Uploads and Downloads, page 9-15 and Downloading the Proxy Server Certificate and Preparing It for Use on the Cisco Adaptive Security Appliance, page 5-14.

Procedure



Step 3 Select Manage Context beside the security context that holds the certificate to download.


If the certificate is a chain (has associated root or intermediate certificates), only the first certificate in the chain is downloaded. This is sufficient for self-signed certificates.

Step 5 Save the file.

Related Topics


• Creating Security Contexts, page 9-7




What To Do Next

Import this certificate to the server or servers that require it:

• For the Cisco Adaptive Security Appliance: See Importing a Self-Signed Certificate from Cisco Unified Mobility Advantage, page 2-12.

• For Cisco Unity: See the documentation for the Internet Information Server (IIS) on the platform on which Cisco Unity is installed.

• For other Cisco products: See Importing Certificates into Cisco Unified Operating System Servers, page 3-16.

• For other servers: See the documentation for each server for instructions.

How to Obtain and Deploy a Signed Certificate for the Cisco Unified Mobility Advantage Server

• Obtaining and Deploying a Signed Certificate for the Cisco Unified Mobility Advantage Server, page 9-13

• Creating a Certificate To Be Signed by a Certificate Authority, page 9-13

• Importing Intermediate Certificates, page 9-14

• Importing Certificates Signed by a Certificate Authority, page 9-15



Obtaining and Deploying a Signed Certificate for the Cisco Unified Mobility Advantage Server

There are two ways to obtain signed certificate, depending on your situation:

Related Topics

• Required and Recommended Signed Certificates, page 9-2

Creating a Certificate To Be Signed by a Certificate Authority You can obtain signed certificates for Cisco Unified Mobility Advantage from the following Certificate Authorities: VeriSign and GeoTrust. These certificates are supported because they are generally available on all mobile devices.

Before You Begin

• Determine your certificate needs. See About Required and Recommended SSL Certificates, page 9-2.

• Visit the web site of your Certificate Authority (VeriSign or GeoTrust) to determine the process and requirements for purchasing a signed certificate.

• We recommend that you become generally familiar with the policies of the Certificate Authority. For example, check the requirements for extending the certificate so that you maintain the necessary records.

Procedure

Step 1 Create or navigate to a security context that is associated with a server which requires a signed certificate.

If you followed the instructions for the Configuration Wizard, use the cuma Security Context.

Step 2 Select Manage Context.

Step 3 Select Retrieve CSR to generate a Certificate Signing Request.

The CSR appears.

To Do This

(If you upgraded from Release 3.1.2) Determine whether you can re-use an existing signed certificate

See Downloading a Self-Signed Certificate from Cisco Unified Mobility Advantage for Import into the Cisco Adaptive Security Appliance, page 5-15.

Obtain a signed certificate for Cisco Unified Mobility Advantage

Follow these procedures in order, as applicable:

1. Creating a Certificate To Be Signed by a Certificate Authority, page 9-13

2. Importing Intermediate Certificates, page 9-14

3. Importing Certificates Signed by a Certificate Authority, page 9-15



Step 4 Follow the instructions on the web site of the Certificate Authority to purchase the signed certificate.

You will need the CSR you just retrieved.

You will receive an email message with the signed certificate information.

This process may take up to 24 hours.

Step 5 Note your certificate password in a safe place for future reference.

What To Do Next

When you receive the signed certificate from the Certificate Authority, follow the instructions in Importing Intermediate Certificates, page 9-14.

Importing Intermediate Certificates Before you import a signed certificate, you may need to import an intermediate certificate if the signing Certificate Authority tells you to do so.

Before You Begin

• Determine whether your Certificate Authority requires an intermediate certificate.

• Follow the procedure in Creating a Certificate To Be Signed by a Certificate Authority, page 9-13.

• Receive the signed certificate by email from the Certificate Authority. This email message may also contain information about an intermediate certificate if one is required.

• Review any instructions from the Certificate Authority.

• Identify the name of the Security Context that is associated with the server that requires a signed certificate from Cisco Unified Mobility Advantage. For the Cisco Adaptive Security Appliance, this is the Security Context specified on the System Management > Network Properties page. You must import the certificate into this Security Context.

Procedure



Step 3 Select Manage Context beside the Security Context into which you will import the signed certificate.

If you followed the instructions for the Configuration Wizard, this will be the cuma Security Context.

Step 4 Select Import in the Trusted Certificates bar.

Step 5 Paste the intermediate certificate text.

Step 6 Name the certificate.


What To Do Next

Import the signed certificate. See Importing Certificates Signed by a Certificate Authority, page 9-15.


Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage Certificate Uploads and Downloads

Importing Certificates Signed by a Certificate Authority After you receive the signed certificate from the Certificate Authority, you must import it into Cisco Unified Mobility Advantage.

You do not need to import it into any other server.

Before You Begin

• Follow the procedure in Creating a Certificate To Be Signed by a Certificate Authority, page 9-13.

• Receive the signed certificate by email from the Certificate Authority. This email message may also contain information about an intermediate certificate if one is required.

• Review any instructions from the Certificate Authority.

• Identify the name of the Security Context that is associated with the server that requires a signed certificate from Cisco Unified Mobility Advantage. For the Cisco Adaptive Security Appliance, this is the Security Context specified on the System Management > Network Properties page. You must import the certificate into this Security Context.

• Import the intermediate certificate, if required. See Importing Intermediate Certificates, page 9-14

Procedure



Step 3 Select Manage Context beside the Security Context into which you will import the certificate.

If you followed the instructions for the Configuration Wizard this will be the cuma Security Context.

Step 4 Select Import CA Reply.

Step 5 Name the certificate.

Step 6 Paste the certificate text.


You do not need to import a signed certificate for Cisco Unified Mobility Advantage into any other server.

Certificate Uploads and Downloads You can upload or download certificates, for example certificates that Cisco Unified Mobility Advantage uses to verify its identity to other servers.

These features are particularly useful if you are upgrading from Cisco Unified Mobility Advantage Release 3.x and you want to reuse the signed certificate from the Proxy Server.


Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage Viewing Certificate Details

Related Topics




• Downloading Self-Signed Certificates from Cisco Unified Mobility Advantage, page 9-11

Viewing Certificate Details You can view certificate information such as expiration date.

Procedures

Operation Details

Uploading certificates If you have an existing signed certificate that is valid for this server, you can upload the existing certificate instead of creating a new certificate.

Supported file formats are JKS and PKCS12.

The security context into which you upload the certificate cannot have the Trust Policy set to All Certificates.

Uploading is different from importing certificates from trusted servers.

Downloading certificates This process downloads a keystore file in PKCS12 format.

Do not use this process for generating self-signed certificates.

To View Procedure

Certificates Cisco Unified Mobility Advantage shows to other servers

1. Navigate to the Security Context that holds the certificate.

2. Select Manage Context.

3. Look at the server certificate information in the Key Entry section.

4. Select View Certificate Chain to view any intermediate and root certificates associated with this server certificate.


Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage Deleting Security Contexts And Certificates

Deleting Security Contexts And Certificates Procedures

Related Topics


Imported certificates from trusted servers

1. Navigate to the Security Context that holds the certificate.


3. Select the [+] beside the certificate name under Trusted Certificates.

Any certificate resident on the server

1. Select the [+] beside Security Context Management.

2. Select Certificate Utility.

3. Browse to the certificate.

4. Select the certificate type.

5. Enter the certificate password.

6. Select View.

To View Procedure

To Delete Do This

A security context and any associated certificates.

You cannot delete a security context that is specified in any Enterprise Adapter or the Network Properties page.

1. Consider downloading and saving any signed certificates associated with this security context. Be sure to use the Download button, not the Download Certificate button.

2. Select the [+] beside Security Context Management.

3. Select Security Contexts.

4. Select Delete beside the appropriate security context.

An imported certificate for a trusted server 1. Navigate to the Security Context that holds the certificate.


3. Select Delete beside the certificate name under Trusted Certificates.


Chapter 9 Managing Server Security in Cisco Unified Mobility Advantage Deleting Security Contexts And Certificates



C H A P T E R 10
Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage

Configure Cisco Unified Mobility Advantage to connect to the other servers in your network.

Enterprise Adapters manage the information needed to allow Cisco Unified Mobility Advantage to connect to other enterprise servers that provide features and functionality.

You can configure this information in the Configuration Wizard, or in the Admin Portal using the instructions in this chapter.

• Configuring Connections to Clients through the Cisco Adaptive Security Appliance, page 10-1



• Deleting an Enterprise Adapter, page 10-5

• Configuring Directory Lookup Settings in Cisco Unified Mobility Advantage, page 10-5

Configuring Connections to Clients through the Cisco Adaptive Security Appliance

Enter the information required in order for the Cisco Adaptive Security Appliance and Cisco Unified Mobile Communicator clients to communicate with Cisco Unified Mobility Advantage, and to allow users to access the User Portal.

Before You Begin

• You will need the Proxy Host Name that you obtained in Obtaining IP Addresses and DNS Names from IT, page 1-3.

• You will need the port numbers you noted in Opening Firewall Ports, page 1-5.

• Create a security context that establishes the type of identity verification that Cisco Unified Mobility Advantage will require from the Cisco Adaptive Security Appliance. See Creating Security Contexts, page 9-7. If your Cisco Adaptive Security Appliance is in the DMZ, we recommend the overall configuration described in Deploying Self-Signed Certificates: Cisco Adaptive Security Appliance, page 9-4.


Chapter 10 Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage Configuring Connections to Clients through the Cisco Adaptive Security Appliance

• Stop Cisco Unified Mobility Advantage if it is running. See Stopping Cisco Unified Mobility Advantage, page 11-1.

Procedure


Step 2 Select Network Properties.



Proxy Server Information

Proxy Host Name Host name that clients will use to connect through the Cisco Adaptive Security Appliance to Cisco Unified Mobility Advantage.

The hostname must be routable from the Internet.

The Proxy Host Name should resolve to the external IP address that you received from your IT administrator.

Proxy Client Connection Port

The port that is used for secure communications between the Cisco Unified Mobile Communicator client and the Cisco Adaptive Security Appliance.

Proxy Client Download Port

The port through which clients connect to the Cisco Adaptive Security Appliance for wireless downloads of Cisco Unified Mobile Communicator.

This field is not used for BlackBerry clients. However, you must enter a value even if you will deploy only to BlackBerry devices.

Managed Server Information

Client Connection Port

The port that Cisco Adaptive Security Appliance uses to connect to Cisco Unified Mobility Advantage.

The Cisco Adaptive Security Appliance translates this port to the Proxy Client Connection Port for Cisco Unified Mobile Communicator client connections to the Cisco Adaptive Security Appliance.

User Portal Port The port users will use to access the Cisco Unified Mobile Communicator User Portal.

The range is 9400-9500.


For security, this port should be available only behind your corporate firewall.


Chapter 10 Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage Adding a New Enterprise Adapter


Step 5 Start Cisco Unified Mobility Advantage (in Server Controls > Cisco > Control Server) when you are done making configuration changes.

Adding a New Enterprise Adapter Add an enterprise adapter for each enterprise server in your deployment except Cisco Adaptive Security Appliance.

You can have multiple adapters for each for the following server types:

• Active Directory

• Exchange

• Cisco Unity

For details, see the settings information for each adapter.

Before You Begin

Prepare the information you will need in order to configure the adapter or adapters you need. See

• About Active Directory Enterprise Adapter Settings, page A-1



• About Microsoft Exchange Enterprise Adapter Settings, page A-11


Procedure

Step 1 Select the [+] beside Enterprise Configuration.

Step 2 Select Enterprise Adapters.

Step 3 Select Add new adapter.

Step 4 Enter or select the requested information.


Client Download Port

The port on which users will download the client software.

This port is translated to the Proxy Client Download Port for client connections to the Cisco Adaptive Security Appliance.

This field is not used for BlackBerry clients. However, you must enter a value even if you will deploy only to BlackBerry devices.

Security Context Select the Security Context that governs connections with the Cisco Adaptive Security Appliance.



Chapter 10 Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage Viewing and Changing Enterprise Adapter Settings

Step 6 Select the server you have added.

Step 7 Enter a name and description.


Step 9 Do the following for each tab:

a. Enter configuration information using the information you gathered while completing the prerequisites for this procedure.

b. For Release 7.0(2): Select Test Config to make sure the connection settings you entered are valid.

Look for the test result at the top of the page, just below the tabs.

Correct any errors indicated.

c. Select Submit.

Step 10 Restart Cisco Unified Mobility Advantage when you are done making configuration changes.

Viewing and Changing Enterprise Adapter Settings Before You Begin

• Prepare the information you will need in order to configure the adapter or adapters you need. See

– About Active Directory Enterprise Adapter Settings, page A-1

– About Cisco Unified Communications Manager Enterprise Adapter Settings, page A-6

– About Cisco Unified Presence Enterprise Adapter Settings, page A-10

– About Microsoft Exchange Enterprise Adapter Settings, page A-11

– About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14

• Stop Cisco Unified Mobility Advantage before you make changes. See Stopping Cisco Unified Mobility Advantage, page 11-1.

Procedure



Step 3 Locate the adapter you want to view or change, and then select Edit.

Step 4 Select the appropriate tab.

Step 5 Change settings as desired.

Step 6 For Release 7.0(2): Check your configuration:

a. Select Test Config for each tab to make sure the connection settings you entered are valid.

b. Look for the test result at the top of the page, just below the tabs.

c. Correct any errors indicated.

Step 7 Select Submit for each tab to save changes.


Chapter 10 Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage Deleting an Enterprise Adapter

To discard changes, select Reset.

Step 8 Start Cisco Unified Mobility Advantage.

Deleting an Enterprise Adapter Procedure



Step 3 Locate the adapter to be deleted, and select Delete next to it.

You may see a notice that you need to stop Cisco Unified Mobility Advantage before you can delete the adapter.

Configuring Directory Lookup Settings in Cisco Unified Mobility Advantage

Directory Lookup settings are used to identify employees who call and are called by mobility users. Unidentified callers are listed in Cisco Unified Mobile Communicator by phone number only.

Restrictions

Follow this procedure if you are using Cisco Unified Communications Manager Release 4.x.

If you have a different release of Cisco Unified Communications Manager, see Configuring Directory Lookup Rules in Cisco Unified Communications Manager, page 3-8 instead.

Before You Begin

Plan your required directory lookup rules. See:



Procedure



Step 3 Select Edit beside your Cisco Unified Communications Manager adapter.

Step 4 Select Directory Lookup Settings.

Step 5 Select Add New Rule.

Step 6 Enter specifics for the rule.



Chapter 10 Configuring Connections to Enterprise Servers from Cisco Unified Mobility Advantage Configuring Directory Lookup Settings in Cisco Unified Mobility Advantage

Step 8 Repeat Step 5 through Step 7 to add rules to account for all possible successful calls for all users in your system.

Step 9 Select the up or down arrow beside each rule in the list to order the rules so that no rule is inadvertently applied when a different rule should be applied first.

For example, if the number of digits in the number is the same, a rule for a number beginning with 823 must be above a rule for a number beginning with 82, otherwise numbers beginning with 823 would all be processed by the rule for numbers beginning with 82.


Related Topics




C H A P T E R 11
Managing and Maintaining the Cisco Unified Mobility Advantage Server

Use these procedures to stop and start the server, to back up and maintain the server.


• Stopping Cisco Unified Mobility Advantage, page 11-1

• Viewing Version and Configuration Information, page 11-2

• Accessing the Cisco Unified Operating System Administration Portal, page 11-2

• Backing Up Your Cisco Unified Mobility Advantage Server, page 11-3

Starting Cisco Unified Mobility Advantage Procedure


Step 2 Select the [+] beside Server Controls.

Step 3 Select Cisco.

Step 4 Select Control Server.

Step 5 Select Start next to Change Status.

Cisco Unified Mobility Advantage has started when Server Status changes to Running.

Stopping Cisco Unified Mobility Advantage In general, when you make system-level changes to Cisco Unified Mobility Advantage or associated enterprise servers, you must stop and then start Cisco Unified Mobility Advantage before the changes take effect.


Chapter 11 Managing and Maintaining the Cisco Unified Mobility Advantage Server Viewing Version and Configuration Information

Before You Begin

Consider warning users that you will restart the system, that they will lose access, and that they must sign in again to Cisco Unified Mobile Communicator after you restart.

Procedure





Step 5 Select Stop next to Change Status.

Cisco Unified Mobility Advantage is stopped when Server Status changes to Not Running.

Viewing Version and Configuration Information You can review your Cisco Unified Mobility Advantage version and configuration information. You will need this information if you contact Cisco support.

Procedure

Accessing the Cisco Unified Operating System Administration Portal

Use this portal to access your operating system configuration. For more information, see the online Help in this portal.

To View Do This

The installed version of Cisco Unified Mobility Advantage

Select the [+] beside System Management, then select System Properties.

A summary of the ports and other configuration information for Cisco Unified Mobility Advantage

Select the [+] beside System Management, then select Configuration Summary.

The installed version of Cisco Unified Mobile Communicator on a client

In the Admin Portal:

1. Select the [+] beside End Users, then select Search/Maintenance.

2. Select Edit for the user.

3. Select Phone Maintenance.

On the client:

• Select Menu > Help > About.


Chapter 11 Managing and Maintaining the Cisco Unified Mobility Advantage Server Backing Up Your Cisco Unified Mobility Advantage Server

Before You Begin

You will need the platform administrator sign-in credentials you entered during installation. These are distinct from the Admin Portal sign-in credentials.

Procedure

Step 1 Go to the Admin Portal URL, or sign out of the Admin Portal if you are signed in.

Step 2 Select Cisco Unified OS Administration from the list box at the top right of the page.

Step 3 Select Go.

Step 4 Sign in.

Backing Up Your Cisco Unified Mobility Advantage Server The Disaster Recovery System assists you in preparing for and recovering from disasters that might affect your Cisco Unified Mobility Advantage server.

We recommend that you back up your server using this procedure.

Before You Begin

• The backup destination volume must be on the network and accessible through SFTP.

• The account that is used to access the SFTP server on which the backup is stored must have write permission for the selected path on that volume.

• Keep in mind that you will need to restore the backup to a server that has the identical version of the operating system and Cisco Unified Mobility Advantage installed.

Procedure

Step 1 Go to the Admin Portal URL:

Step 2 Select Disaster Recovery System from the list box at the top right of the page.

Step 3 Select Go.

Step 4 Sign in with the platform credentials you entered while installing Cisco Unified Mobility Advantage.

Step 5 Select Backup > Backup Device.


Step 7 Enter information about your backup server:

Option Value

Backup Device Name Enter a name that contains only alpha numeric characters, spaces ( ), dashes (-) and underscores (_). No other characters are allowed.

You will use this value to specify this server in subsequent steps.

Select Destination Network Directory


Chapter 11 Managing and Maintaining the Cisco Unified Mobility Advantage Server Backing Up Your Cisco Unified Mobility Advantage Server

Step 8 Select Save.

Step 9 Back up:

Step 10 Follow guidance on the page.

This procedure creates a .tar file.

Related Topics

• How To Recover From Server Failure, page 19-20

Server Name IP address or hostname of the backup server

Path name Location on the backup server of the directory where you want to store the .tar file that holds your backup.

Use a unique directory for each server to back up.

User name Credentials to access the server.

Password

Number of Backups to store Specify a value high enough to ensure that the backups you want to keep are not overwritten.

To Back Up Do this

Manually Select Backup > Manual Backup.

Automate on a schedule Select Backup > Scheduler.

Option Value



C H A P T E R 12
Enabling Features and Options in Cisco Unified Mobility Advantage

Enable features and their options in Cisco Unified Mobility Advantage. Be sure to perform the prerequisites noted at the beginning of each procedure.



• Enabling the Dial-Via-Office Feature and Options, page 12-3


• Enabling Conference Notifications, page 12-5

• Enabling Exchange of Presence, page 12-5

• Obtaining Calendar Information for Meeting Notifications and Presence Integration, page 12-6

• Modifying the Maximum Search Results, page 12-7

Enabling Device ID Checking Restrictions

• This feature is not available for Release 3.x clients. You must configure each user on a Release 3.x client as follows: In End users > Search/Maintenance, set Allow any Device on the Device Identity Maintenance page for the user to True.

• Some mobile phone service providers cannot support this feature. For details, see the Restrictions and Limitations section of the Release Notes for this release at http://www.cisco.com/en/US/products/ps7270/prod_release_notes_list.html.

Procedure



Step 3 Set Enforce Device ID Check to True.




Chapter 12 Enabling Features and Options in Cisco Unified Mobility Advantage Enabling Call Log Monitoring and Configuring Options


What To Do Next

• Configure the account of each user, regardless of device. See Restricting Access By Device, page 14-2.

Enabling Call Log Monitoring and Configuring Options Cisco Unified Mobility Advantage integrates with Cisco Unified Communications Manager to provide office phone call log viewing capabilities on Cisco Unified Mobile Communicator.

Before You Begin

Configure requirements for supporting this feature. See How to Configure Call Log Monitoring, page 3-1.

Procedure


Step 2 Select Manage Adapter Services.

Step 3 Select Call Control Service.



Step 6 Stop and then start Cisco Unified Mobility Advantage.

Related Topics


Setting Description


Select Yes to allow Cisco Unified Mobile Communicator users to view lists of calls they make and receive on all of their office phones.

Select No to allow Cisco Unified Mobile Communicator users to view only the calls they make and receive on Cisco Unified Mobile Communicator.

If you set this to No, you will also disable the Dial-via-Office feature.

Maximum Expiry of Call Logs (days)

Enter the maximum number of days that users can keep call log data on their mobile phones before automatic cleanup.


Chapter 12 Enabling Features and Options in Cisco Unified Mobility Advantage Enabling the Dial-Via-Office Feature and Options

Enabling the Dial-Via-Office Feature and Options This feature allows users to make calls from their mobile phones as if they were dialing from their desk phones.

Restrictions

• This feature is supported only with certain versions of Cisco Unified Communications Manager. Check the Compatibility Matrix for supported versions: http://www.cisco.com/en/US/products/ps7270/products_device_support_tables_list.html.

• This feature is not supported for Cisco Unified Mobility Advantage Release 3.x clients.

Before You Begin

• Configure requirements for supporting this feature. See How to Configure Dial Via Office, page 3-9.

Procedure



Step 3 Select Call Control Service.

Step 4 Set options:

Setting Description


Select Yes to provide the Dial-via-Office feature for Cisco Unified Mobile Communicator.

If you set this to No, you will also disable office phone call log viewing capabilities.

Enable Dial via Office Select Yes or No.

Dial Via Office Policy Select an option:

• Force Dial Via Office to require all users to make all mobile phone calls via their office numbers.

If calls cannot be dialed via office for any reason, they can be dialed directly from the mobile device.

• User Option to allow users to choose which calls they dial direct and which they dial via office.

Dial via Office Emergency Numbers

Specify numbers that will always be dialed direct from the mobile phone and never via the corporate PBX system.

Separate the list with a comma between each number.

Enter the numbers as they would be dialed directly from the mobile phone, for example 112,911,999.

These should include emergency numbers and can include numbers such as directory information.

Include emergency numbers from all countries to which your users will travel.


http://www.cisco.com/en/US/products/ps7270/products_device_support_tables_list.html

Chapter 12 Enabling Features and Options in Cisco Unified Mobility Advantage Enabling and Configuring Voicemail



Related Topics


Enabling and Configuring Voicemail Cisco Unified Mobility Advantage integrates with your corporate voicemail system, and provides voicemail viewing and downloading capabilities on Cisco Unified Mobile Communicator.

Before You Begin

• Deploy your voicemail server and verify that it works independently of Cisco Unified Mobility Advantage.

• If applicable, configure Cisco Unity to allow Cisco Unified Mobility Advantage to provide secure voice messages to clients. See “How to Install and Configure Voicemail Web Services” at http://www.cisco.com/en/US/docs/voice_ip_comm/cupa/visual_voicemail/7.0/english/install/guide/install.html#wp1095897. Voicemail Web Services is a separate installer and was introduced in Cisco Unity Release 7.0(2) ES21.

• Configure an enterprise adapter for your voicemail server. See About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings, page A-14

• Make sure the DTMF code for accessing voicemail is unique in Cisco Unified Communications Manager. See Important Information About DTMF Access Codes, page 3-12.

Procedure



Step 3 Select Voicemail Service.




Setting Description

Enable Corporate Voicemail Integration

Select whether or not Cisco Unified Mobility Advantage connects to your corporate voicemail system and provides voicemail viewing and downloading capabilities on Cisco Unified Mobile Communicator.

Maximum Expiry of Voicemails (days)

Enter the maximum number of days that voice messages will be listed in Cisco Unified Mobile Communicator.


Chapter 12 Enabling Features and Options in Cisco Unified Mobility Advantage Enabling Conference Notifications

Related Topics

• How to Solve Voicemail Problems, page 19-12

Enabling Conference Notifications Cisco Unified Mobility Advantage integrates with your Cisco Unified MeetingPlace or Cisco Unified MeetingPlace Express conferencing system, and provides conference notifications and viewing capabilities on Cisco Unified Mobile Communicator.

Cisco Unified Mobility Advantage takes conference information from user calendars in Microsoft Exchange. You do not need to configure anything additional in your conferencing application or create an adapter for the conferencing server.

Procedure



Step 3 Select Conference Service.

Step 4 Select whether or not Cisco Unified Mobility Advantage provides conference notifications and viewing capabilities on Cisco Unified Mobile Communicator.

Do not change the other options unless users are experiencing problems with conferencing notifications.



Related Topics

• Conference Alerts Not Arriving Correctly, page 19-16


Enabling Exchange of Presence Users can view the availability status of other users to help them determine when and how to effectively reach each other. They can set their own status to manage interruptions.

Restrictions

This feature requires a Cisco Unified Presence server.

Before You Begin

Make sure that you have completed the following:

• Chapter 4, “Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage”

• Configuring an enterprise adapter for Cisco Unified Presence. See About Cisco Unified Presence Enterprise Adapter Settings, page A-10.



Chapter 12 Enabling Features and Options in Cisco Unified Mobility Advantage Obtaining Calendar Information for Meeting Notifications and Presence Integration

Procedure



Step 3 Select Presence Service.

Step 4 Set Enable Presence Service to Yes.



Related Topics



Obtaining Calendar Information for Meeting Notifications and Presence Integration

You can configure Cisco Unified Mobility Advantage to get calendar appointments in order to update the availability status of users and to provide conference notifications for activated users from the Exchange Server.

Note Cisco recommends that you do not change the settings below unless users are experiencing problems that can be clearly tied to these settings.

Before You Begin

Make sure that you have enabled Outlook integration in Cisco Unified Presence. See the documentation for Cisco Unified Presence, for example the Integration Note for Configuring Cisco Unified Presence Release 7.0 with Microsoft Exchange at http://www.cisco.com/en/US/docs/voice_ip_comm/cups/7_0/english/integration_notes/ExchInt.html.

Procedure



Step 3 Select Conference Service.


Item Description Default

Polling Period (sec) Polling period for the calendar in seconds. 600



Chapter 12 Enabling Features and Options in Cisco Unified Mobility Advantage Modifying the Maximum Search Results



Modifying the Maximum Search Results You can change the default maximum number of contacts to display on the client when a user searches the directory.

Procedure



Step 3 Enter the number of results to display in Max Search Results.


Max Threads Maximum number of concurrent threads used to fetch appointments.

25

Polling Offset (min) Amount of “scan ahead” time used by the server to scan conference appointments ahead of time.

10

Item Description Default


Chapter 12 Enabling Features and Options in Cisco Unified Mobility Advantage Modifying the Maximum Search Results



C H A P T E R 13
Managing Cisco Unified Mobile Communicator Client Software in Cisco Unified Mobility Advantage

Use the information in this chapter to make client software available for use and upgrade, and to set provisioning and connection options.

• How to Make Client Software Available for Use, page 13-1

• How To Manage Client Software, page 13-3

• How To Control User Access, page 13-5

How to Make Client Software Available for Use • Obtaining Client Software and Upgrades, page 13-1

• Uploading a Cisco Unified Mobile Communicator Release, page 13-2

• Determining Supported Devices and Service Providers, page 13-2

Obtaining Client Software and Upgrades Cisco Unified Mobile Communicator client software for all platforms, devices, service providers, and languages supported in each release is distributed as a single file with a .oar filename extension.

Each .oar file includes:

• Cisco Unified Mobile Communicator software files

• Information about supported service providers

• Information about supported mobile phone models and operating system versions

You can obtain the .oar file on disk or download it from Cisco.com using the procedure below.

Procedure

Step 1 Visit:


Chapter 13 Managing Cisco Unified Mobile Communicator Client Software in Cisco Unified Mobility Advantage How to Make Client Software Available for Use

http://tools.cisco.com/support/downloads/go/Model.x?mdfid=281001428&mdfLevel=Software%20Family&treeName=Voice%20and%20Unified%20Communications&modelName=Cisco%20Unified%20Mobile%20Communicator&treeMdfId=278875240

Step 2 Download the relevant client release to a volume that is accessible from your Cisco Unified Mobility Advantage server.

What To Do Next

Upload this .oar file into Cisco Unified Mobility Advantage to enable users to install individual clients. See Uploading a Cisco Unified Mobile Communicator Release, page 13-2.

Uploading a Cisco Unified Mobile Communicator Release When you obtain a new release of Cisco Unified Mobile Communicator, upload the .oar file to Cisco Unified Mobility Advantage to make individual client software versions available for installation.

Before You Begin

Obtain the client software. See Obtaining Client Software and Upgrades, page 13-1.

Procedure

Step 1 Select the [+] beside Handset Platform Management.

Step 2 Select Upload New Version.

Step 3 Select Browse and locate the Cisco Unified Mobile Communicator release.

This file has a .oar filename extension.


When the upload is complete, you will see a summary of the supported clients

Step 5 Select Here to exit the summary.

Determining Supported Devices and Service Providers Choose supported devices for Release 7.x and Release 3.x clients.

Devices that Cisco Unified Mobility Advantage supports for Release 3.x clients vary by country and service provider. Use this procedure to view and select from available device options.

You can restrict the countries, service providers, and devices that you will support. More supported variations adds flexibility for your users, while fewer supported variations simplifies control and management of your client base.

Before You Begin

Perform the operation in Uploading a Cisco Unified Mobile Communicator Release, page 13-2.




Chapter 13 Managing Cisco Unified Mobile Communicator Client Software in Cisco Unified Mobility Advantage How To Manage Client Software

Procedure


Step 2 Select Provisioning Management.

Step 3 Select Provisioning Configuration.

Step 4 Select a country to view supported service providers there.

For Release 7.0(2): Choose Other if you do not see your country.

Step 5 Select a service provider to view the devices that that provider supports.

For Release 7.0(2): Choose Other if you do not see your provider.

Nokia Symbian clients include Release 7.0 (for English) and Release 3.x (for other languages.)

BlackBerry devices that run Release 3.x client software languages other than English are followed by a code that indicates the language:

• de = German

• en = English

• es = Spanish

• fr = French

• it = Italian

Step 6 Select each country, service provider, and device to support.

Selecting an entity selects each item in the list under that entity, whether or not you see the list. Deselect items as needed, or start by selecting each device to support.


What To Do Next

• Installing the Client on Nokia Symbian Phones from Your Computer, page 17-3

• Chapter 15, “Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage”


• How to Make the Client Application Available to Users, page 16-3.

How To Manage Client Software • Viewing Your Uploaded Cisco Unified Mobile Communicator Versions, page 13-3

• Managing Support for Obsolete Devices, page 13-4

Viewing Your Uploaded Cisco Unified Mobile Communicator Versions See which Cisco Unified Mobile Communicator versions you have uploaded to the Cisco Unified Mobility Advantage server.

If you support multiple locations, service providers, device models, or languages, you may have more than one installer for each platform.


Chapter 13 Managing Cisco Unified Mobile Communicator Client Software in Cisco Unified Mobility Advantage How To Manage Client Software

Procedure


Step 2 Select Version Management.

Step 3 View information:

Related Topics


Managing Support for Obsolete Devices In the future, current phone models may become obsolete. If a phone model is no longer included in a newly-uploaded .oar file, it appears in a list of unsupported devices.

Use this procedure to identify users of unsupported devices and to disable the client application on their obsolete devices, in preparation for moving them to supported devices. After you delete a device using this procedure, the user can no longer use Cisco Unified Mobile Communicator and the phone no longer appears in the Admin Portal or the User Portal.

Before You Begin

Notify affected users that Cisco Unified Mobility Advantage no longer supports their devices, that you will disable Cisco Unified Mobile Communicator on those devices, and that the users will no longer be able to use Cisco Unified Mobile Communicator or access any personal contact information or information in text messages.

Procedure


Step 2 Select Provisioning Management.

Step 3 Select Unsupported Phone Maintenance.

Step 4 Select a phone model in the list, or enter a phone model and select Search.

Field Description

Installer Installer for the specified country, service provider, device model, and language, if any are specified.

For BlackBerry, each language requires a different installer. For Nokia Symbian, there are separate choices for Release 7.0 and for Release 3.x.

The installation method and the installation instructions displayed during provisioning may differ between different installers for the same generic platform.

Platform Operating system of the mobile device

Version Installed version of Cisco Unified Mobile Communicator for the selected platform.


Chapter 13 Managing Cisco Unified Mobile Communicator Client Software in Cisco Unified Mobility Advantage How To Control User Access

Step 5 Delete all unsupported devices, or select individual users and delete their devices.

How To Control User Access • Changing the PIN Expiry Period (For Client Downloads), page 13-5

• Changing Required Frequency for Signing In, page 13-5

Changing the PIN Expiry Period (For Client Downloads)Determine the number of days after the phone is added to Cisco Unified Mobility Advantage that users can wirelessly download and install the client on the phone (Windows Mobile and Nokia Symbian phones only). This expiration period does not affect manual provisioning; users can download and install from their computers at any time.

Procedure



Step 3 Enter a number for Max PIN Expiry (days).


Changing Required Frequency for Signing In You can specify how often users must sign in to Mobile Communicator. For example, you might want them to sign in more frequently for greater security, or less frequently for ease of use.

Procedure



Step 3 Enter a number of days for the Session Timeout.



Chapter 13 Managing Cisco Unified Mobile Communicator Client Software in Cisco Unified Mobility Advantage How To Control User Access



C H A P T E R 14
Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage

Use the information in this chapter to perform operations for each user and for devices associated with each user.

• How To Add Users and Prepare to Add Their Devices, page 14-1

• How To View or Change User and Device Configuration, page 14-4

How To Add Users and Prepare to Add Their Devices Perform the following tasks to enable each user and prepare user accounts for the addition of devices.

• Activating Users, page 14-1


• Information to Give to Users, page 14-3

Activating Users You must activate users in Cisco Unified Mobility Advantage before they can install the client.

Before You Begin

• Make sure each user is in an Active Directory server for which you have configured an adapter.

• Each user must have an activated email account on the network.

• Make sure that your Cisco Unified Mobility Advantage system is fully configured, enterprise servers are configured and operational, and desired features supported by your system are enabled and configured.

• (BlackBerry only) Configure the BlackBerry Enterprise Server for use with Cisco Unified Mobility Advantage. See How to Configure the BlackBerry Enterprise Server for Use With Cisco Unified Mobility Advantage, page 16-1.


Chapter 14 Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage How To Add Users and Prepare to Add Their Devices

Procedure


Step 2 Select the [+] beside End Users.

Step 3 Select User Activation/Deactivation.

Inactive users appear in the Search Results list. Activated users appear in the Member List.

Step 4 Select a directory to search using the Find Users In drop-down menu.

Step 5 Enter a name or partial name in the Search For field, or leave the field blank to produce every name in the selected directory.

Step 6 Select Search.

Found names appear in the Search Results window.

Note Search looks for unactivated users only. A maximum of 1,000 inactive users can be listed. If you do not see the user you want to activate in the list, refine your search. To search for activated users, you must manually scroll through the list. The list of active users is not limited to 1,000.

Step 7 Select a name or names to activate in the Search Results list.

Control-click to select multiple names.

Step 8 Select Add.

The user or users are placed in the active Member List.


What To Do Next

• Set options to restrict access by device. See Restricting Access By Device, page 14-2. (Cisco Unified Mobility Advantage Release 7.0 only) By default, new users of Release 3.x clients will not be able to connect.

Restricting Access By Device For each user, you choose whether any devices associated with that user can connect to Cisco Unified Mobility Advantage, or whether only a specific phone can connect, based on the International Mobile Equipment Identity/Electronic Serial Number (IMEI/ESN Number) of the phone. Mobile phones are uniquely identified by their IMEI/ESN number.

Restrictions

• Do not enable this feature for users of Release 3.x clients.

• Some mobile phone service providers cannot support this feature. For details, see the Restrictions and Limitations section of the Release Notes for this release at http://www.cisco.com/en/US/products/ps7270/prod_release_notes_list.html.

Before You Begin

• Activate each user. See Activating Users, page 14-1.



Chapter 14 Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage How To Add Users and Prepare to Add Their Devices

• Enable this feature for the system. See Enabling Device ID Checking, page 12-1.

Procedure


Step 2 Select Search Maintenance.

Step 3 Search for a user

Step 4 Select Edit for the user.

Step 5 Select Device Identity Maintenance.

Step 6 Set these settings:


What To Do Next

Add a phone for each user. See the following:

• Chapter 15, “Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage”


• Provisioning and Installing on BlackBerry Devices, page 16-9

Information to Give to Users Give users the tools and information they need in order to use Cisco Unified Mobile Communicator.

• Their user IDs and passwords to sign in to the User Portal and Cisco Unified Mobile Communicator.

• The URL of the User Portal

The User Portal URL follows this example: https://192.0.2.100:9443/jsp/index.jsp, where 192.0.2.100 is the IP address of your Cisco Unified Mobility Advantage server and 9443 is the value you entered for User Portal Port in the Network Properties page.

Option Description

Allow Any Device Select True:

• To allow any device to connect with the credentials of this user.

• If the service provider does not support this feature, as described in the Restrictions section of this topic.

• If the user will use Release 3.x of the client application.

Select False to allow only the phone having the IMEI/ESN Number you specify to connect.

IMEI/ESN Number If you chose False above, enter the IMEI/ESN Number of the mobile phone, or the user will not be able to connect.


Chapter 14 Configuring and Managing Users and Their Devices in Cisco Unified Mobility Advantage How To View or Change User and Device Configuration

• User documentation or a link to it. See: http://www.cisco.com/en/US/products/ps7271/products_user_guide_list.html. Each device type has a slightly different set of user documentation.

• Instructions about which installation procedures in the documentation they need to follow in order to complete Cisco Unified Mobile Communicator setup, particularly if you have performed some of the procedures yourself.

• The format users should use to enter their phone numbers when adding and provisioning their phones. For example, with or without a country code, parentheses, hyphens, or spaces, depending on how phone numbers are configured in Cisco Unified Communications Manager.

• (For users of BlackBerry devices) The Admin email address that you entered while configuring the connection to the SMTP server, plus the instructions for configuring Microsoft Outlook so that it does not route provisioning and alert messages to the Junk Mail folder.

• (For upgrades from Release 3.x only) Notify existing users that:

– If voicemail credentials differ from Cisco Unified Mobile Communicator credentials, users must enter their voicemail usernames and passwords in the User Portal before they can access voicemail from their mobile devices.

Users can always access their voicemail from other standard methods, such as from their desk phones.

– BlackBerry users should upgrade their client software.

– Users of Nokia Symbian phones who use the French, German, Spanish, or Italian client do not need to upgrade from Release 3.x.

– Users of Nokia Symbian phones who use the English client should upgrade to client Release 7.0 in order to use the new features. However, they cannot use the standard upgrade procedure. Instead, they must delete their existing phones from the User Portal, then add their phones again as new phones. When they sign in to the new client, their data will be restored on the new client. For best results, they should connect to the server immediately before they delete their phones in order to ensure that no data that was added to their client since the last connection is lost.

Related Topics

• Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail, page 16-8

How To View or Change User and Device Configuration After you have added users and their devices have been added and provisioned, you can perform any of the following operations:

• Viewing User Information, page 14-5

• Changing the Active Directory Organizational Unit for Users, page 14-5

• Viewing Phone and Connection Information Per User, page 14-6

• Changing or Deleting a Mobile Device, Number, or Service Provider, page 14-7

• Desk Phone Number Changes, page 14-8

• Removing Cisco Unified Mobile Communicator Data from a Phone, page 14-8

• Forcing a User to Sign Out of Mobile Communicator, page 14-8

• Deactivating a User, page 14-9


http://www.cisco.com/en/US/products/ps7271/products_user_guide_list.html


Viewing User Information

Procedure


Step 2 Select Search/Maintenance.

Step 3 Search for the user by scrolling through the list or by searching by name or mobile phone number and selecting Search.

Step 4 Select Edit.


• User address

• Status in the system (Active or Inactive)

• User OU (Organization Unit in Active Directory)

• User Contact Server (Exchange server)

• Information about active mobile phones.

Related Topics

• Viewing Phone and Connection Information Per User, page 14-6


Changing the Active Directory Organizational Unit for Users If a user is reassigned to a different Organizational Unit in Active Directory, you must update the Organizational Unit for that user in Cisco Unified Mobility Advantage.

Procedure




Step 4 Select Edit next to the user ID.

Step 5 Select Change Organizational Unit.

Step 6 Select Change.

Step 7 Enter information.

Step 8 Select Change.



Viewing Phone and Connection Information Per User This is the same information that users see in the User Portal. Users use this information to provision their clients and connect to the server.

Procedure



The Search/Maintenance page displays activated users.

Step 3 Locate the user and choose Edit.

Step 4 View the keep-alive interval for each phone in the list.

Cisco Unified Mobile Communicator automatically adjusts the timeout interval to prevent unintended disconnects.

Step 5 Select Info for the phone you want to view.


Download Information Description

User ID The User ID that the user will use to sign in to Cisco Unified Mobile Communicator.

PIN

(Windows Mobile and Nokia Symbian only)

The PIN number the user will use to wirelessly download Cisco Unified Mobile Communicator.

This PIN is automatically generated and expires after the number of days you specify in System Management > System Properties.

URL

(Windows Mobile and Nokia Symbian only)

The URL the user will enter into the phone browser to wirelessly download Cisco Unified Mobile Communicator.

Download Select this button to download the client application to a computer for transfer to the mobile device using an application such as ActiveSync (for Windows Mobile) or Nokia PC Suite (for Nokia Symbian phones.)

Connection Information

Server Address The world-routable host name the user will enter into Cisco Unified Mobile Communicator to connect to Cisco Unified Mobility Advantage.

This is the same as the Proxy Host Name in System Management > Network Properties.

Server Port The externally-accessible port that the user will enter into the phone for Cisco Unified Mobile Communicator to connect to Cisco Unified Mobility Advantage.



Related Topics

• Changing the PIN Expiry Period (For Client Downloads), page 13-5

Changing or Deleting a Mobile Device, Number, or Service Provider In Cisco Unified Mobility Advantage Release 7.x, it is not possible to change device information. You must delete the existing device and add a new device.

Before You Begin

Make sure the user has salvaged information from Cisco Unified Mobile Communicator, such as manually-added contacts or copies of text messages.

Procedure

Recommended Access Point(s) Some service providers, particularly in the United States, require or recommend that users access the internet through a portal that the service provider provides.

This information is provided in the .oar file.

Phone Information

Country Country of the phone service provider

Service Provider Service provider for the phone

Phone Make/Model Phone make and model

Phone Number Phone number

Client Software Version Cisco Unified Mobile Communicator version installed on the phone

Download Information Description

Do This See Instructions:

Step 1 (If the phone number has changed) Configure Cisco Unified Communications Manager with the new number.

Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager, page 3-21

Step 2 Delete the existing mobile device.

This also removes all data from the device and deactivates Cisco Unified Mobile Communicator.

Removing Cisco Unified Mobile Communicator Data from a Phone, page 14-8

This procedure deletes the phone from Cisco Unified Mobility Advantage.

Step 3 Add and provision a new phone for the user. • Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage, page 15-1


• Adding Phones and Installing the Client on Nokia Symbian Phones Using the Mobile Network, page 17-2



Related Topics

• Deactivating a User, page 14-9

Desk Phone Number Changes If the primary line (generally the desk phone number) of a user changes in Cisco Unified Communications Manager, the user must reset the mobile device by logging out and then logging back in to Cisco Unified Mobile Communicator.

• You can force a user to sign out of Cisco Unified Mobile Communicator.

• You can tell users to sign out by selecting Work offline (for BlackBerry or Nokia Symbian clients) or Log off (for Windows Mobile) from the Home view menu. (They must select Work online or Log on to log back in.)

Related Topics

• Forcing a User to Sign Out of Mobile Communicator, page 14-8

Removing Cisco Unified Mobile Communicator Data from a PhoneIf a phone is lost or stolen, you can remove all of the corporate and personal data downloaded onto that phone by Cisco Unified Mobile Communicator, including contact information, call logs, voice messages, text messages, and conference alerts. This process also disables Cisco Unified Mobile Communicator.

The data will be erased the next time the Cisco Unified Mobile Communicator client connects to the server.

This process does not remove Cisco Unified Mobile Communicator from the phone or remove information on the phone that is outside of Cisco Unified Mobile Communicator.

This process also deletes the phone from the list of phones associated with the user in the Admin Portal.

Procedure



Step 3 Locate the user and select Edit.

Step 4 Locate the phone from which you want to remove data and select Melt.

Forcing a User to Sign Out of Mobile CommunicatorYou can log a user out of Cisco Unified Mobile Communicator. The user must sign in again to resume using the application. This can be useful when:

• You add or change an office phone for the user in Cisco Unified Communications Manager.

• A user cannot find the phone, but does not believe that the phone is lost.



Procedure



Step 3 Locate the user in the list and select Edit.

Step 4 Locate the phone from which you want to force the user to sign out, and select Force Logout.

Deactivating a User

Procedure



The User Activation/Deactivation page displays inactive users (under Search Results) and activated users (under Member List).

Step 3 Select a directory to search using the Find Users In drop-down menu.

Step 4 Enter a name or partial name in the Search For field, or leave the field blank to produce every name in the selected directory.

Step 5 Select Search.

Found names appear in the Member List window.

Step 6 Select or control-click the name or names to deactivate in the Member List window.

Step 7 Select Remove.


Related Topics

• Activating Users, page 14-1



C H A P T E R 15
Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage

• Provisioning Windows Mobile Phones for the First Time, page 15-1

• Upgrading Cisco Unified Mobile Communicator on Windows Mobile Phones, page 15-2

Provisioning Windows Mobile Phones for the First Time You can complete the provisioning process using the procedure in this section or users can complete it in the Cisco Unified Mobile Communicator User Portal. Instructions for users are in the Quick Start Guide for Cisco Unified Mobile Communicator for Windows Mobile Phones. In either case, complete the requirements in the Before You Begin section.

Before You Begin

• Upload the client software to Cisco Unified Mobility Advantage. See Uploading a Cisco Unified Mobile Communicator Release, page 13-2

• See How To Add Users and Prepare to Add Their Devices, page 14-1.

• Configure the device for the user. See Configuring Cisco Unified Mobile Communicator Devices in Cisco Unified Communications Manager, page 3-21.

• If you will provision the phone yourself, make sure the phone is with you and able to send and receive data.

Procedure


Step 2 Select Search Maintenance.

Step 3 Search for the user.

Step 4 Select Edit next to the user.

Step 5 Select Add Phone.

Step 6 Enter or select the required information:


Chapter 15 Provisioning Windows Mobile Phones in Cisco Unified Mobility Advantage Upgrading Cisco Unified Mobile Communicator on Windows Mobile Phones

Step 7 Turn on the phone.

Step 8 Select Next on the Admin Portal.

Step 9 Make note of the phone provisioning information displayed on the portal. This information is needed when you download and install Cisco Unified Mobile Communicator on the phone, as described next.

Step 10 Open the URL displayed on the portal on the phone:

a. Open the browser on the phone.

b. Enter the URL.

Step 11 Enter the user ID and PIN and select Submit.

Step 12 Select Yes when prompted to download Cisco Unified Mobile Communicator. When complete, you receive a message stating the installation was successful.

Step 13 Press the End or Back key on the phone to return to the main menu.

Step 14 Give the phone to the user. The user can now start and sign in to Cisco Unified Mobile Communicator. Refer users to the User Guide for Cisco Unified Mobile Communicator for Windows Mobile Phones.

Related Topics

• Chapter 16, “Deploying Cisco Unified Mobile Communicator on BlackBerry Devices.”

Upgrading Cisco Unified Mobile Communicator on Windows Mobile Phones

After you have performed the prerequisites in this section, upgrade the client software on each device.

To have Windows Mobile users perform the upgrade themselves, perform the prerequisites for this procedure, then have users follow the upgrade procedure in the Quick Start Guide for Cisco Unified Mobile Communicator for Windows Mobile Phones, Release 7.x.

Before You Begin

• Obtain the new client software. See Obtaining Client Software and Upgrades, page 13-1.

Option Description

Country Select the country of the service provider.

Service Provider Select phone service provider.

Phone Make/Model For Release 7.0(1): Select phone model.

For Release 7.0(2): Select your Windows Mobile operating system release.

Language Select language.

Phone Number Enter the area code and phone number for the phone you are adding in the following format: 5555555555. This phone number must exactly match the Destination Number you entered for the Mobile Identity when you configured the device for the user.



• Upload the Cisco Unified Mobile Communicator upgrade files for supported devices to the Cisco Unified Mobility Advantage server. See Uploading a Cisco Unified Mobile Communicator Release, page 13-2.

• If you will perform the upgrade, make sure:

– the device is with you and powered on

– the battery is charged

– the phone can connect to the internet

Procedure

Step 1 Select the [+] beside End Users in the Admin Portal.

Step 2 Select Search/Maintenance to display a list of activated users.



Step 5 Select Upgrade next to the phone you want to upgrade.

The Upgrade icon displays only when there is a newer version of Cisco Unified Mobile Communicator available on the server than the one installed on the phone.

Step 6 Select Yes to confirm the upgrade.

Step 7 Respond to the prompts to complete the software upgrade.

Step 8 Select Finish when the upgrade is complete.

Step 9 Give the mobile device to the user and tell the user to sign in to Cisco Unified Mobile Communicator.



C H A P T E R 16
Deploying Cisco Unified Mobile Communicator on BlackBerry Devices
Revised Date: August 13, 2009

BlackBerry devices running the latest Release 3.x version of Cisco Unified Mobile Communicator will run with Cisco Unified Mobility Advantage Release 7.x, but users will not have Release 7.x features. See the Release Notes for limitations.

Configure the BlackBerry Enterprise Server and Cisco Unified Mobility Advantage as follows:

• How to Configure the BlackBerry Enterprise Server for Use With Cisco Unified Mobility Advantage, page 16-1

• How to Make the Client Application Available to Users, page 16-3

• Configuring Cisco Unified Mobility Advantage to Send Provisioning Messages to BlackBerry Devices, page 16-7



How to Configure the BlackBerry Enterprise Server for Use With Cisco Unified Mobility Advantage

• Configuring IT Policies, page 16-1

• Configuring Software Configuration Policies, page 16-2

Configuring IT PoliciesConfigure the following IT Policy settings on the BlackBerry Enterprise Server to enable the installation of third-party applications.

Procedure

Step 1 Open the BlackBerry Manager.


Chapter 16 Deploying Cisco Unified Mobile Communicator on BlackBerry Devices How to Configure the BlackBerry Enterprise Server for Use With Cisco Unified Mobility Advantage

Step 2 Select the BlackBerry domain.

Step 3 Select Global tab > Edit Properties link > IT Policy.

Step 4 Select affected IT Policy, and select Properties.

Step 5 Select Security Policy Group.

Step 6 Set Disallow Third Party Application Download to False.

Step 7 Select TCP Policy Group.

Step 8 Set the following values for each GSM mobile phone service provider. In the U.S., these settings are:

T-Mobile:

• APN—wap.voicestream.com

• Username—leave blank

• Password—leave blank

AT&T/Cingular:

• APN—wap.cingular

• Username—[email protected]

• Password—leave blank

Note If you have multiple GSM mobile phone service providers, you must create multiple IT policies with different values in this field. For non-GSM mobile phone service providers, these values can be set to any value.

Configuring Software Configuration Policies

Procedure

Step 1 Open the BlackBerry Manager and select the BlackBerry domain.

Step 2 Select the Software Configurations tab.

Step 3 Select Manage Application Policies.

Step 4 Select Policy and select Properties

Step 5 Set these properties:

Policy Setting

Disposition Required

Internal Network Connection Allowed


Chapter 16 Deploying Cisco Unified Mobile Communicator on BlackBerry Devices How to Make the Client Application Available to Users

What To Do Next

• Install and configure Cisco Unified Mobility Advantage, and configure enterprise servers as applicable.

How to Make the Client Application Available to Users Perform the following procedures in order:

• Allowing Third Party Application Downloads from the BlackBerry Enterprise Server, page 16-3

• Downloading the BlackBerry Client Installer from Cisco Unified Mobility Advantage, page 16-4

• Placing the Client Software on the BlackBerry Enterprise Server, page 16-5

• Creating a Software Configuration File and Deploying it to Users, page 16-6

Allowing Third Party Application Downloads from the BlackBerry Enterprise Server

Note For security reasons, some BlackBerry Enterprise Server configurations do not allow third party application downloads. You must temporarily allow third party application downloads in order to deploy Mobile Communicator on BlackBerry Devices. For more information on policy and software configuration settings, see the BlackBerry Enterprise Server Policy Reference Guide.

Procedure

Step 1 Sign in to the BlackBerry Enterprise Server.

Step 2 Select Global.

Step 3 Select Edit Properties.

Step 4 Select IT Policies in the IT Policy Administration window.

Step 5 Highlight IT Policies and select the More button located on the far right of the screen. You should see any policies that have already been provisioned.

Step 6 Select Properties and find the Security Policy Group.

Step 7 Select on the Security Policy Group.



Step 8 Locate the Disallow Third Party Application Download setting and select False.

Step 9 Select OK.

Downloading the BlackBerry Client Installer from Cisco Unified Mobility Advantage

Before You Begin

Upload the client software to Cisco Unified Mobility Advantage. See Uploading a Cisco Unified Mobile Communicator Release, page 13-2

Procedure

Step 1 Select the [+] beside Handset Platform Management in the Admin Portal.




Step 3 Select Download next to the BlackBerry device to download the Cisco Unified Mobile Communicator.zip file to your system.

Step 4 Extract the .zip file.

Placing the Client Software on the BlackBerry Enterprise Server

Before You Begin

Complete the following:

• Allowing Third Party Application Downloads from the BlackBerry Enterprise Server, page 16-3

Procedure

Step 1 Browse to this location on the BlackBerry Enterprise Server to place the Cisco Unified Mobile Communicator files into a new share:

C:\Program Files\Common Files\Research In Motion

Step 2 Create a placeholder folder titled \Shared\Applications for the Cisco Unified Mobile Communicator files:

C:\Program Files\Common Files\Research In Motion\Shared\Applications

Step 3 Create a folder titled \cisco_umc within the \Applications folder:

C:\Program Files\Common Files\Research In Motion\Shared\Applications\cisco_umc

Step 4 Place the following two files in the \cisco_umc folder (XX represents the language):

• cisco_umc_XX.cod

• cisco_umc_XX.alx

Step 5 Run the loader.exe program:

a. Change to the Apploader directory:

C:\Program Files\Common Files\Research In Motion\Apploader

b. Run loader.exe /index.

Step 6 Set up the folder as a share:

a. Browse to this location:

C:\Program Files\Common Files\Research In Motion

b. Select Everyone under Group or user names on the Share Permissions folder.

c. Select Allow next to Read under Permissions for Everyone.

Step 7 Select OK.



Creating a Software Configuration File and Deploying it to Users

Note See the RIM document Creating a Software Configuration— BlackBerry Enterprise Server Quick Start Supplement for more information.

Procedure

Step 1 Sign in to the BlackBerry Manager-Security Administrator Authority.

Step 2 Select the Software Configurations tab on the BlackBerry Domain (near the top of the window).

Step 3 Select Add New Configuration.

Step 4 Type a name and description for the software configuration file that will contain the Cisco Unified Mobile Communicator application in the Configuration Name and Configuration Description fields.

For example, Mobile Communicator Deployment.

Step 5 Enter the UNC name (not the local file path) in the Device Software Share Location field.

Step 6 Select OK.

A list of device software and applications appears. The list includes the Cisco Unified Mobile Communicator application.

Step 7 Set the Delivery to Wireless Only.

Step 8 Select the Policies button.

Step 9 Set the Application Control policies as shown in this example:

Step 10 Select OK.

Step 11 Start the BlackBerry Handheld Manager.

Step 12 Select Users.


Chapter 16 Deploying Cisco Unified Mobile Communicator on BlackBerry Devices Configuring Cisco Unified Mobility Advantage to Send Provisioning Messages to BlackBerry Devices

Step 13 Select the user name.

Step 14 Select Assign Software Configuration under Device Management.

Step 15 Locate the name of the Cisco Unified Mobile Communicator software configuration file you created in Step 4.

For example, Mobile Communicator Deployment.

Step 16 Select OK.

The BlackBerry Enterprise Server polls BlackBerry Devices every four hours. At that time, the server deploys any new or missing applications to the BlackBerry Devices.

Configuring Cisco Unified Mobility Advantage to Send Provisioning Messages to BlackBerry Devices

Use SMTP Server Configuration to enable the Cisco Unified Mobility Advantage to send email messages to BlackBerry devices.

Before You Begin

Make sure that your SMTP Server allows relaying from Cisco Unified Mobility Advantage. For information, contact your SMTP administrator.

Procedure


Step 2 Select SMTP Server Configuration.


Item Description

Host Name Hostname of your SMTP gateway. This must be the same as your Exchange hostname if you use the Exchange server as your SMTP gateway.

Port Port number for the SMTP gateway. Usually, this is 25.

Authentication Required Identifies whether or not your organization requires authentication on the mail server. If the value for this field is True, you will need to enter a password apart from an Admin Email address (see next two fields).

Admin Email Email address for the administrator responsible for management of Cisco Unified Mobility Advantage.

Cisco Unified Mobility Advantage uses this email address to send provisioning emails and alerts to BlackBerry users.

SMTP Authentication Password Password associated with the Admin Email address.

Required only if the SMTP server requires authentication.


Chapter 16 Deploying Cisco Unified Mobile Communicator on BlackBerry Devices Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail


Step 5 Restart Cisco Unified Mobility Advantage to activate the settings.

Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail

Have users perform the following procedure to prevent Microsoft Outlook from treating BlackBerry provisioning email messages as junk mail.

Before You Begin

Note the Admin Email address in the Admin Portal under System Management > SMTP Server Configuration. You will provide this to users.

Procedure

Step 1 Open Microsoft Outlook.

Step 2 Open the Tools menu and select Options.

Step 3 Select Preferences.

Step 4 Select the Junk e-mail button, and then select the Safe Senders tab.

Step 5 Select Add.

Step 6 Enter the Admin email address, and select OK.

Step 7 Select OK again to complete the configuration.

Step 8 Continue to check your Junk mailbox and, if necessary, disable junk-mail blocking during provisioning.

Provisioning and Installing on BlackBerry Devices You can use the procedure in this section to:

• Add a phone for each user

• Install the client software

There are two ways to add phones:

• You can use the procedure in this topic.

• You can have users add their own phones in the User Portal. However, you must still complete the requirements in the Before You Begin section of this procedure. Refer users to the Cisco Unified Mobile Communicator 3.x Quick Start Guide for BlackBerry Devices.

There are three ways to install the client software on BlackBerry devices:

• You can automate installation from the BlackBerry Enterprise Server. However, each phone must still be associated with its user using one of the methods mentioned above.

• You can install the client manually on each phone using this procedure


Chapter 16 Deploying Cisco Unified Mobile Communicator on BlackBerry Devices Provisioning and Installing on BlackBerry Devices

• You can have users install the client on their own phones by using the User Portal. However, you must still complete the requirements in the Before You Begin section of this procedure. Refer users to the Cisco Unified Mobile Communicator 3.x Quick Start Guide for BlackBerry Devices.

Before You Begin

• In order to prevent provisioning email messages from being routed to the “Junk E-mail” folder in Outlook, give BlackBerry device users the Admin Email address and the procedure in Preventing Outlook From Treating BlackBerry Provisioning Email Messages As Junk Mail, page 16-8.

• (Cisco Unified Mobility Advantage Release 7.0 only) By default access is restricted by device. You must remove this restriction for BlackBerry devices. To remove this restriction for all devices on the system, see Enabling Device ID Checking, page 12-1.

• After loading Cisco Unified Mobile Communicator on the BlackBerry Enterprise Server as described in Placing the Client Software on the BlackBerry Enterprise Server, page 16-5, Cisco Unified Mobile Communicator is automatically pushed out within four hours to activated users with the appropriate BlackBerry device data service. When this is complete, you can provision Mobile Communicator on the BlackBerry device.

• Follow procedures in How To Add Users and Prepare to Add Their Devices, page 14-1

Procedure



Step 3 Select Search/Maintenance to display activated users.




Step 7 Edit the Add Phone properties:

Step 8 Select Next.

Step 9 Do one of the following:

Phone List Description


Service Provider Select the mobile phone service provider

Phone Make/Model Select the mobile phone make and model


Phone Number Enter the area code and mobile phone number

Use the format 5555555555.


Chapter 16 Deploying Cisco Unified Mobile Communicator on BlackBerry Devices Provisioning and Installing on BlackBerry Devices

What To Do Next

• (Cisco Unified Mobility Advantage Release 7.0 only) If you did not disable Device ID checking for the entire system, you must disable it for each BlackBerry device you add. See Restricting Access By Device, page 14-2.

• Give the BlackBerry device to the user. The user must open Cisco Unified Mobile Communicator on the device and enter his or her Cisco Unified Mobile Communicator password at the sign-in prompt.

• Evaluate the items in Information to Give to Users, page 14-3 and provide the user with instructions for the tasks that you have not already completed.

If Do This

You are distributing the client software through the BlackBerry Enterprise Server

Select Finish.

You need to manually install the client software on the BlackBerry device

1. Follow the prompts that you see to install Cisco Unified Mobile Communicator on the BlackBerry device.

2. Select Finish when installation is complete.



C H A P T E R 17
Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones

For Nokia phones running the Symbian OS, Cisco Unified Mobility Advantage Release 7.x supports both the Cisco Unified Mobile Communicator client for Release 7.x (for English only) and the latest Release 3.x client (for French, German, Spanish, and Italian). Release 3.x clients will not benefit from the new features available in Release 7.x. See the Release Notes for limitations.

You can add phones to user accounts, or users can add their own phones using the User Portal. There are several methods to install the client application on the phone.

• Upgrades of Nokia Symbian Phones from Client Release 3.x to Release 7.x, page 17-1

• Adding Phones and Installing the Client on Nokia Symbian Phones Using the Mobile Network, page 17-2

• Installing the Client on Nokia Symbian Phones from Your Computer, page 17-3

Upgrades of Nokia Symbian Phones from Client Release 3.x to Release 7.x

Client upgrades from Release 3.x to Release 7.x on Nokia Symbian phones do not follow the standard upgrade procedure.

Instead, you or the users must delete their Nokia Symbian phones from the user accounts, then add each phone again as a new phone.

When the user signs in to the new client release, the server will restore all data to the client on the phone. However, to ensure that no data is lost, users should be sure to connect to the server immediately before deleting the phone, in order to save any contacts or text messages they might have added since they last connected to the server.


Chapter 17 Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones Adding Phones and Installing the Client on Nokia Symbian Phones Using the Mobile Network

Adding Phones and Installing the Client on Nokia Symbian Phones Using the Mobile Network

Cisco Unified Mobile Communicator can be installed on a Nokia Symbian phone using one of two methods: wireless installation or manual installation. You or the user can perform these operations.

Before You Begin

Do the following:

• How to Make Client Software Available for Use, page 13-1

• How To Add Users and Prepare to Add Their Devices, page 14-1.

• You can follow this procedure, or users can perform the tasks described in this topic using instructions in the user documentation. If users will do the installation, provide them with the information they need:

– For Release 3.1.1 clients, refer users to the Cisco Unified Mobile Communicator 3.x Quick Start Guide for Symbian OS Phones for instructions.

– For Release 7.x clients, refer users to the user documentation documentation for Release 7.x of the client for Nokia Symbian phones.

User documentation is available from http://cisco.com/en/US/products/ps7271/products_user_guide_list.html.

Procedure


Step 2 Select Search/Maintenance to display activated users.




Step 6 Edit the Add Phone properties:

Step 7 Select Next.

Step 8 Follow the prompts on the Admin Portal to install Cisco Unified Mobile Communicator on the mobile phone.

Phone List Description


Service Provider Select the mobile phone service provider

Phone Make/Model Select the Nokia Symbian phone or series.


Phone Number Enter the area code and mobile phone number

Configuration Method Select Over Air.



Chapter 17 Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones Installing the Client on Nokia Symbian Phones from Your Computer

Step 9 When installation is complete, select Finish.

What To Do Next

Follow instructions in Information to Give to Users, page 14-3.

Installing the Client on Nokia Symbian Phones from Your Computer

This procedure provides an alternate method for installing the client application on Nokia Symbian phones.

Before You Begin

Do the following:


• How To Add Users and Prepare to Add Their Devices, page 14-1.

• Add phones to user accounts using the first part of the procedure in Adding Phones and Installing the Client on Nokia Symbian Phones Using the Mobile Network, page 17-2.

• Make sure that your computer and the Nokia Symbian phones are set up to use infrared, Bluetooth, or the Nokia PC Suite application. For information, see the documentation that came with your computer, your phone, and any additional hardware or software required for your chosen transfer method.

Procedure

Step 1 Select the [+] beside Handset Platform Management in the Admin Portal.


Step 3 Select Download next to the Nokia Symbian phone to download the Cisco Unified Mobile Communicator .sisx file to your computer.

Step 4 Transfer the .sisx file to Nokia Symbian phones using infrared, Bluetooth, or the Nokia PC Suite application.

Step 5 Install the application if it does not install automatically.

What To Do Next

Do one of the following:

• See Viewing Phone and Connection Information Per User, page 14-6 to obtain the information needed to provision the client application on each phone.

• Let users complete the provisioning process. Follow instructions in Information to Give to Users, page 14-3.


Chapter 17 Deploying Cisco Unified Mobile Communicator on Nokia Symbian Phones Installing the Client on Nokia Symbian Phones from Your Computer



C H A P T E R 18
Viewing Statistics and Reports for Cisco Unified Mobility Advantage

• Identifying Users Who Have Not Signed In, page 18-1

• Viewing Cisco Unified Mobility Advantage Server Statistics, page 18-1

• Viewing Call Reports, page 18-2

• Viewing Summary Reports, page 18-3

Identifying Users Who Have Not Signed In To identify users who have not signed in to either Cisco Unified Mobile Communicator or the User Portal:

Procedure



Step 3 Note the asterisk preceding the name of each user who has not signed in.

Viewing Cisco Unified Mobility Advantage Server StatisticsProcedure




Step 4 Select Statistics.

The statistics for Cisco Unified Mobility Advantage appear:


Chapter 18 Viewing Statistics and Reports for Cisco Unified Mobility Advantage Viewing Call Reports

Step 5 Select Refresh to update the display.

Related Topics

• How to View Error and Warning Logs, page 19-17

Viewing Call ReportsYou can view a summary of calls (received, placed, and missed) by users. The report can show the total number of calls on the system or totals for each user.

Procedure

Step 1 Select the [+] beside Reports.

Step 2 Select Usage Report.


Statistic Definition

Name Name of the Cisco Unified Mobility Advantage server.

Up Since Date that Cisco Unified Mobility Advantage was last started.

Free Memory Amount of available memory, in bytes, on Cisco Unified Mobility Advantage.

Number of Active Users Number of users who are actively using Cisco Unified Mobile Communicator on their phone or the Cisco Unified Mobile Communicator User Portal.

Number of Errors Total number of errors reported on Cisco Unified Mobility Advantage. To view these errors, search the log files for “FATAL” or “ERROR”.

Number of Warnings Total number of warnings reported on Cisco Unified Mobility Advantage. To view these warnings, search the log files for “WARN.”

Field Definition

From Specify the start date for the report.

To Specify the end date for the report.

Report Type Select the type of report:

• Total—Calls placed, received, and missed on all user phones

• By User—Calls placed, received, and missed on specific user phones


Chapter 18 Viewing Statistics and Reports for Cisco Unified Mobility Advantage Viewing Summary Reports


Viewing Summary Reports You can view the total number of provisioned users, the number currently signed in to Cisco Unified Mobile Communicator, and the summary of mobile phones installed on the system.

Procedure

Step 1 Select the [+] beside Reports.

Step 2 Select Summary Report.

Step 3 Wait a few moments while Cisco Unified Mobility Advantage generates the report.

Step 4 View the generated information:

Summary Report Definition

Total Number of Users - Provisioned Number of users with provisioned phones

Total Number of Users - Logged In Number of users who have signed in to Cisco Unified Mobile Communicator on their phone

Handset Summary Report Definition

Service Provider Service provider associated with the phone

Phone Make/Model Type and model of the phone

Client Version Version of Cisco Unified Mobile Communicator installed on the phone.

Number of Phones Number of phones installed


Chapter 18 Viewing Statistics and Reports for Cisco Unified Mobility Advantage Viewing Summary Reports



C H A P T E R 19
Troubleshooting Cisco Unified Mobility Advantage

Most problems arise from configuration errors or omissions, or problems with your network or mobile service providers.

• Where To Start Troubleshooting, page 19-1

• How to Solve Connection Problems, page 19-3

• How to Solve Problems with Activation, Download, and Provisioning, page 19-4

• How to Solve Problems Logging In to Client or User Portal, page 19-8

• Phone Battery Depletes Quickly, page 19-8



• How to Solve Voicemail Problems, page 19-12


• Conference Alerts Not Arriving Correctly, page 19-16

• BlackBerry Users Do Not Receive Alerts, page 19-16

• Lost or Stolen Mobile Device, page 19-17

• How to View Error and Warning Logs, page 19-17

• How To Recover From Server Failure, page 19-20

• Enabling Remote Account Access for Cisco TAC Personnel, page 19-23

Where To Start TroubleshootingProblem All problems.

Solution Try the following, which are applicable when troubleshooting many problems:

• Make sure that the client device is functioning and connecting to the network properly. See the troubleshooting section in the client documentation for users for the relevant device at http://www.cisco.com/en/US/products/ps7271/products_user_guide_list.html for a list of simple things to verify for all problems before doing anything else, if any.




Chapter 19 Troubleshooting Cisco Unified Mobility Advantage Where To Start Troubleshooting

• Try, or have the user try, any troubleshooting tactics for the particular problem in the troubleshooting section or sections of the client documentation for the relevant device.

• For Release 7.0(2): Select the Test Config button on each page for the relevant adapter in the Cisco Unified Mobility Advantage Admin Portal to check for configuration errors.

• For Release 7.0(1): Check your configurations in the Cisco Unified Mobility Advantage Admin Portal for errors.

• If you are using a secure connection between Cisco Unified Mobility Advantage and the relevant enterprise server, try temporarily changing the Connection Type to TCP, Plain, or nonsecure in the Enterprise Adapter for that server, and on the relevant enterprise server for connections to Cisco Unified Mobility Advantage. Then stop and restart Cisco Unified Mobility Advantage. Do not forget to switch all settings on all servers back to secure connections after you have resolved the problem, if required.

• Change the Trust Policy to All Certificates in the Security Context associated with the enterprise server that provides the inoperative functionality, or upload a certificate from each affected server to the trust store in Cisco Unified Mobility Advantage. Then stop and restart the server (under Server Controls).

• Check the security policy of the relevant enterprise server with which Cisco Unified Mobility Advantage connects, to be sure you have deployed the required certificate from Cisco Unified Mobility Advantage.

• Disable and then re-enable the problem feature in the Admin Portal: Select Enterprise Configuration > Manage Adapter Services, then select the tab for the enterprise server that provides the feature. Disable the feature, then select Submit. See the bottom of the portal page to see whether you must stop and start the server before your change takes effect. Then enable the feature and select Submit. Again, stop and then restart the server if necessary.

• Check the Cisco Unified Mobility Advantage log files for errors. To find relevant information in the logs, search for “exception” until you find one with a keyword that may be related to the problem you are experiencing. For example, for problems with presence, look for an exception with CUP (Cisco Unified Presence).

• Make sure that the date and time are synchronized on all servers and mobile devices. If you did not specify a Network Time Protocol server during Cisco Unified Mobility Advantage installation, do so now. In the Unified Communications Operating System Administration pages, select Settings > NTP servers. See the online Help in the Unified Communications Operating System Administration pages for more information.

• Revisit configurations in both the relevant enterprise server and in Cisco Unified Mobility Advantage and re-enter the configuration settings. Then stop and restart Cisco Unified Mobility Advantage. A typing error or entry mismatch will cause features to fail. Configuration requirements for each feature are listed in the “Enabling and Managing Features” chapter.

Related Topics


• Viewing Log Files, page 19-18

• Accessing the Cisco Unified Operating System Administration Portal, page 11-2

• Chapter 12, “Enabling Features and Options in Cisco Unified Mobility Advantage”


Chapter 19 Troubleshooting Cisco Unified Mobility Advantage How to Solve Connection Problems

How to Solve Connection Problems • No Connectivity On Initial Tests, page 19-3


• Frequent Disconnects, page 19-4

No Connectivity On Initial Tests

Problem You are testing your initial configuration, but connections are not successful.

Solution Check the following:

• In the Cisco Unified Mobility Advantage Admin Portal, verify:

– Enforce Device ID Check is False or

– (For each user of a Release 7.x client) Allow Any Device is True or you have entered an IMEI/ESN number.

– (For each user of a Release 3.x client) Allow Any Device is True.

Reprovision the device after making any change.

• Make sure that the client device is functioning and connecting properly to the wireless network. See the relevant troubleshooting section in the client documentation for the particular device for a list of simple things to verify for all problems before doing anything else.

• If you used the Configuration Wizard, make sure that you completed all procedures described in the chapter, particularly those required after you finish the wizard itself.

• From the Cisco Adaptive Security Appliance, ping an IP address on the internet.

• From the Cisco Adaptive Security Appliance, ping the private IP Address of the Cisco Unified Mobility Advantage server.

• Check your configurations against the instructions in the chapter on the Cisco Adaptive Security Appliance. Cisco Adaptive Security Appliance configuration errors are a likely source of connection problems.

Related Topics



• Performing Additional Required Procedures, page 7-25

• Fixing Unsuccessful Pings, page 2-18

• Troubleshooting the Cisco Adaptive Security Appliance, page 2-16


Some Clients Cannot Connect on Initial Tests

Problem Some clients are unable to connect.

Solution

• In the Cisco Unified Mobility Advantage Admin Portal, check the following:


Chapter 19 Troubleshooting Cisco Unified Mobility Advantage How to Solve Problems with Activation, Download, and Provisioning

– Enforce Device ID Check is False or

– (For each user of a Release 7.x client) Allow Any Device is True or you have entered an IMEI/ESN number.

– (For each user of a Release 3.x client) Allow Any Device is True.

Reprovision the device after making any change.

• Check the following on the Cisco Adaptive Security Appliance:

Frequent Disconnects

Problem Clients are unable to maintain connection to the server.

Solution

• If you will provision other users, check Cisco.com to see if there is a new .oar file. As Cisco collects data about optimal keep-alive values for the various countries, service providers, and device types, it may revise the initial keep-alive setting in the .oar file from which the client begins the adjustment.

• Extend the maximum time before the server ends the connection when there is no activity from the mobile device:



Step 3 Specify the Max Idle Time to Disconnect, in seconds.

For example, set the value to 15-20 minutes (900-1200 seconds).


Step 5 Repeat this procedure if needed, extending the time before disconnection.

How to Solve Problems with Activation, Download, and Provisioning

• User Activation, page 19-5

• Cannot Find User to Activate, page 19-5

• Searching Active Directory from User Activation/Deactivation Page Results in Errors, page 19-6

• All Users Unable to Download Client Software, page 19-6

• Some Users Unable to Download Client Software, page 19-6

• Cannot Provision Clients, page 19-6

To Use This Command on the Cisco Adaptive Security Appliance

Check the Maximum tls-proxy sessions set sh tls-proxy

Set a new maximum number of connections tls-proxy maximum-sessions <number>



• Client Disconnects Unexpectedly, page 19-7

• BlackBerry Provisioning and Alert Messages Not Received, page 19-7

User Activation

Problem User activation and deactivation are not working.

Solution

• Check the cuma.log file for problems connecting to LDAP (Active Directory) as Admin.

• Make sure that your Admin user DN and Password are correct.

• Check other settings, for example the Key field, in the Enterprise Adapter for Active Directory.

For Release 7.0(2): When you check the Active Directory adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button on each page.

• See if you can access LDAP with your credentials using a freeware LDAP browser:

Step 1 Get the browser from http://www-unix.mcs.anl.gov/~gawor/ldap/.

Step 2 Enter information into the LDAP browser:

.

Step 3 Select Fetch DNs.

Step 4 Select Save.

If you cannot connect and view the Active Directory structure, there is a problem with your access credentials.

Cannot Find User to Activate

Problem I am trying to activate users but some users are missing from the list of search results.

Solution

Tab Parameter Value

Name Name Any value.

Connection Host IP address or domain name of your Active Directory server, as entered into the Active Directory configuration in the Cisco Unified Mobility Advantage Admin Portal.

Anonymous Bind Uncheck this option.

Append Base DN Check this option.

User DN Admin User DN that you entered in the Active Directory configuration in the Cisco Unified Mobility Advantage Admin Portal.

Password Password for the Admin User.


http://www-unix.mcs.anl.gov/~gawor/ldap/


• Make sure that you have entered the correct Filter Criteria and Search Base into the Advanced Settings of the Active Directory configuration.

• Users whose configurations in Active Directory are missing required information do not appear in Cisco Unified Mobility Advantage. Add the first and last name, user ID, email address, and DN (or their equivalents as specified in the AD adapter configuration in Cisco Unified Mobility Advantage) into Active Directory.

• Only 1000 user IDs can be fetched from Active Directory.

Searching Active Directory from User Activation/Deactivation Page Results in Errors

Problem Searching AD from the User Activation/Deactivation page spins forever, and the logs show socket timeout exceptions.

Solution Do a dnslookup on the top level domain, and make sure that all resulting servers on the list are listening on port 389. Telnetting to this top level domain on port 389 will also fail. Remove the offending server from the DNS list and stop and restart Cisco Unified Mobility Advantage.

All Users Unable to Download Client Software

Problem All users cannot download the client software to their mobile devices.

Solution

• Verify the server address and port in the Admin Portal in System Management > Network Properties. These must match the IP addresses and ports configured in the Cisco Adaptive Security Appliance.

• See if this is a firewall issue: Verify that you can telnet to the host and port listed in the provisioning message. Use Telnet, not a PC-based web browser.

Some Users Unable to Download Client Software

Problem Some users cannot download the client software to their mobile devices.

Solution

• Have the user try the troubleshooting tips for installation issues in the documentation for users.

• Check settings for that user in the Admin Portal in End Users > Search Maintenance. Also select the Info button on that page to Make sure that the phone information is correct.

Cannot Provision Clients

Problem Connection errors while provisioning the client. Download was successful.

Solution

• (For each user of a Release 7.x client) Make sure that the IMEI number is entered correctly in the Device Identity Maintenance tab for the user, or set Allow Any Device to True, then attempt to reprovision.

• (For each user of a Release 3.x client) Set Allow Any Device to True, then attempt to reprovision.



• This problem can occur with mobile device service providers that have a signing requirement in addition to “Mobile2Market” for Windows Mobile Standard Edition devices. These providers include, but are not limited to, Orange and South Korea Telecom. Set Allow Any Device to True in the Device Identity Maintenance tab for the user.

• Have the user try the solutions in the Troubleshooting section of the user documentation for the relevant device, if any.

Client Disconnects Unexpectedly

Problem Cisco Unified Mobile Communicator disconnects unexpectedly.

Solution This may occur occasionally when the mobile device is initially provisioned, as Cisco Unified Mobile Communicator automatically adjusts the keep-alive interval to prevent such disconnects. The optimal interval can vary significantly between countries, service providers, and device types.

• Modify the Max Idle Time to Disconnect parameter on the System Management > System Properties page. For example, set the value to 15-20 minutes (900-1200 seconds). Continue to modify as needed.

• If you will provision other users, check Cisco.com to see if there is a new .oar file. As Cisco collects data about optimal keep-alive values for the various countries, service providers, and device types, it may revise the initial keep-alive setting in the .oar file from which the client begins the adjustment.

Related Topics

• Obtaining Client Software and Upgrades, page 13-1

BlackBerry Provisioning and Alert Messages Not Received

Problem BlackBerry users do not receive provisioning or alert messages.

Solution These messages are sent by email. Users must configure Microsoft Outlook to ensure that Cisco Unified Mobility Advantage alerts are sent to their BlackBerry device instead of to the “Junk E-mail” folder in Outlook.

Give users the following information:

• The Admin email address in System Management > SMTP Server Configuration.

• The following procedure.

Procedure

Step 1 Launch Microsoft Outlook on your computer.

Step 2 Select Tools > Options.

Step 3 Select Preferences.

Step 4 Select Junk e-mail

Step 5 Select Safe Senders.

Step 6 Select Add.

Step 7 Enter the Admin email address.

Step 8 Select OK.


Chapter 19 Troubleshooting Cisco Unified Mobility Advantage How to Solve Problems Logging In to Client or User Portal

Step 9 Select OK again.

Step 10 Continue to check your Junk mailbox; if necessary, disable junk-mail blocking during provisioning.

How to Solve Problems Logging In to Client or User Portal • User Cannot Sign In, page 19-8

• Users Receive Security Warning When Accessing the User Portal, page 19-8

User Cannot Sign In

Problem User credentials are not valid.

Solution Make sure to update Cisco Unified Mobility Advantage with any changes to the Organizational Unit.

Related Topics


Users Receive Security Warning When Accessing the User Portal

Problem When users access the User Portal, they see a security alert that there is a problem with the security certificate. They can enter the portal, however.

Solution Obtain and deploy a signed certificate for the Cisco Unified Mobility Advantage server.

Related Topics

• About Required and Recommended SSL Certificates, page 9-2

Phone Battery Depletes Quickly Problem The phone battery seems to discharge more quickly when Cisco Unified Mobile Communicator is running.

Solution When the phone is initially provisioned, Cisco Unified Mobile Communicator automatically detects and adjusts the keep-alive interval to avoid unintended disconnects from the server. This problem should resolve itself soon.

Related Topics

• Client Disconnects Unexpectedly, page 19-7

How to Solve Call Log Problems • No Call Logs for Any Users, page 19-9


Chapter 19 Troubleshooting Cisco Unified Mobility Advantage How to Solve Call Log Problems

• No Call Logs for One User, page 19-9

• Native Call Logs Show Dial Via Office Calls As Incoming, page 19-9

• Calls Missing from Call Logs, page 19-9

• Release 7.0(2): Call Logs Do Not Identify Internal Callers, page 19-10

No Call Logs for Any Users

Problem Call log monitoring is not working at all.

Solution Check all configurations required for call log monitoring, as described in the Related Topic. For Release 7.0(2): When you check the Cisco Unified Communications Manager adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button.

Note After making any configuration changes in either Cisco Unified Communications Manager or Cisco Unified Mobility Advantage, and before testing each change on a mobile device, do the following:

• Restart Cisco Unified Mobility Advantage.

• Have the user sign out of Cisco Unified Mobile Communicator and then log back in.

Related Topics

• How to Configure Call Log Monitoring, page 3-1

No Call Logs for One User

Problem No call logs appear for one or a few users.

Solution Make sure that you have added the desk phone to the Controlled Devices list for one of the “super users” for which you enabled CTI in Cisco Unified Communications Manager.

Related Topics


Native Call Logs Show Dial Via Office Calls As Incoming

Problem Dial via Office calls appear as incoming calls in the native call log on the mobile device.

Solution This is inherent in the way the feature works. Cisco Unified Communications Manager calls the mobile device as well as the number dialed, then connects the two calls.

Calls Missing from Call Logs

Problem Calls are missing from the call logs in Cisco Unified Mobile Communicator.

Solution Check the following:


Chapter 19 Troubleshooting Cisco Unified Mobility Advantage How to Solve Problems With the Dial Via Office Feature

Note After making any configuration changes in either Cisco Unified Communications Manager or Cisco Unified Mobility Advantage, and before testing each change, do the following:



• Have the user check the troubleshooting section of the user documentation for Cisco Unified Mobile Communicator for their device.

• Carefully revisit all information and procedures in each Related Topic for this section. Step through the configurations again and check for errors. Be sure not to overlook any Before You Begin or What To Do Next sections in the procedures.

• If you are using Cisco Unified Communications Manager Release 4.x, make sure that you have identified the correct Active Directory attribute for Work Phone in the Advanced Settings tab of the Active Directory adapter configuration. This value must be unique for each person configured in Active Directory.

• Verify that the adapter configuration for Cisco Unified Communications Manager is correct.

For Release 7.0(2): Select the Test Config button at bottom of the page.

• Make sure Enable Corporate PBX integration is set to Yes in Manage Adapter Services for Cisco Unified Communications Manager. Also see whether the expiry time affects the missing messages.

Related Topics

• How to Configure Call Log Monitoring, page 3-1




Release 7.0(2): Call Logs Do Not Identify Internal Callers

Problem Calls in the call logs are not identified by name; only the phone number appears.

Solution Make sure that the phone number format that Cisco Unified Mobility Advantage is searching for matches the phone number format of the directory. Verify this format in the Phone Number Format field on the Basic Settings page of the Active Directory adapter. See the description for the Phone Number Format field for details.

Related Topics

• Basic Settings, page A-2

How to Solve Problems With the Dial Via Office Feature • Dial Via Office Feature is Not Working For All Users, page 19-11

• Dial Via Office Feature is Not Working For One or More Users, page 19-12


Chapter 19 Troubleshooting Cisco Unified Mobility Advantage How to Solve Problems With the Dial Via Office Feature

Dial Via Office Feature is Not Working For All Users

Problem The Dial Via Office feature is not working for all users.

Solution Cisco Unified Communications Manager provides this feature this using the Reverse Callback type of Dial-via-Office.

How the feature works: When the user makes a call from Cisco Unified Mobile Communicator using the Dial-via-Office feature, Cisco Unified Communications Manager calls the user back at the number the user specifies, then calls the number that the user dialed, and then connects the call.

Try the following:

Note After making any configuration changes in either Cisco Unified Communications Manager or Cisco Unified Mobility Advantage, and before testing each change, do the following:



• Verify that the MobileConnect feature is working correctly independently of Cisco Unified Mobility Advantage. This ensures that Cisco Unified Communications Manager can reach the device, based on the configured mobility identity number and the rerouting calling search space on the device configuration page.

• Verify that the call log monitoring feature functions properly. If not, check the configurations for that feature first.

• If you change a CTI user ID and password in Cisco Unified Communications Manager, then you must change the corresponding CTI user ID and password in the Enterprise Adapter for Cisco Unified Communications Manager in Cisco Unified Mobility Advantage. Stop Cisco Unified Mobility Advantage before making this change, or your change will not be saved.

For Release 7.0(2): When you check the Cisco Unified Communications Manager adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button at the bottom of the page to be sure you have entered the changes correctly.

• For Release 7.0(1): If you change the CTI user ID and password in the Enterprise Adapter for Cisco Unified Communications Manager, this also overwrites the username in the “SOAP Information” section) of the adapter configuration. You must change this to the username of the Application User to which you assigned the AXL API access in Cisco Unified Communications Manager. Stop Cisco Unified Mobility Advantage before making this change, or your change will not be saved.

• Verify that you have entered the ports correctly in the Cisco Unified Communications Manager adapter.

• Try disabling secure connections between Cisco Unified Communications Manager and Cisco Unified Mobility Advantage by temporarily setting the transport type to a nonsecure type on each server. If the problem is resolved, revisit your server security configurations.

• Carefully revisit all information and procedures required for this feature. Step through the configurations again and check for errors. Be sure not to overlook any Before You Begin or What To Do Next sections in the procedures. For Release 7.0(2): When you check the Cisco Unified Communications Manager adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button.


Chapter 19 Troubleshooting Cisco Unified Mobility Advantage How to Solve Voicemail Problems

• If you change the cluster security mode in Cisco Unified Communications Manager to mixed mode, you must restart Cisco Unified Communications Manager to re-enable the dial-via-office feature.

Related Topics

• How to Configure Dial Via Office, page 3-9


Dial Via Office Feature is Not Working For One or More Users

Problem Dial Via Office is not working for all users, or for users at particular locations or having particular mobile phone service providers.

Solution

• There may be a networking issue with the local GSM mobile data connection leading to timeouts.

• Carefully revisit all information and procedures in each Related Topic for this section. Step through the configurations again and check for errors. Be sure not to overlook any Before You Begin or What To Do Next sections in the procedures.

• Have the user check the Cisco Unified Mobile Communicator settings on the phone.

• Have the user sign out of Cisco Unified Mobile Communicator and then sign in again.

• If nothing else works, reset Cisco Unified Mobile Communicator in the Cisco Unified Communications Manager User Options web page: Select User Options > Device, then select your mobile device for Device Name. Select Reset. (This will not erase any data in Cisco Unified Mobile Communicator.)

Related Topics





How to Solve Voicemail Problems • Unable to Access Voicemail, page 19-13

• Unable to Access Voicemail Using DTMF, page 19-13

• BlackBerry Users Cannot Access Voicemail After Upgrade from Release 3.x, page 19-13

• Error On Accessing Voicemail, page 19-13

• Missing Voice Messages, page 19-14

• Some Users Do Not Receive Voice Messages, page 19-14

• Users Cannot Receive Secure Voice Messages, page 19-14


Chapter 19 Troubleshooting Cisco Unified Mobility Advantage How to Solve Voicemail Problems

Unable to Access Voicemail

Problem Voicemail is not working.

Solution

• Verify that IMAP is enabled for the user in Microsoft Exchange (for Cisco Unity) or in Cisco Unity Connection.

• Check your configurations in the following Related Topics sections.

For Release 7.0(2): When you check the voicemail adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button at the bottom of the Basic Settings page.

• Have users sign out and sign in to Cisco Unified Mobile Communicator again after you make any changes.

Related Topics



Unable to Access Voicemail Using DTMF

Problem Entering the DTMF code to access voicemail does not route the call properly.

Solution Make sure that all DTMF access codes are unique in Cisco Unified Communications Manager.

Related Topics


BlackBerry Users Cannot Access Voicemail After Upgrade from Release 3.x

Problem BlackBerry users cannot access voicemail after upgrade from Cisco Unified Mobility Advantage Release 3.x.

Solution If the voicemail sign-in credentials differ from the sign-in credentials for Cisco Unified Mobile Communicator, upgraded BlackBerry users must set their voicemail usernames and passwords in the User Portal before they can access voicemail from their BlackBerry devices.

They can always access their voicemail using other standard methods regardless, such as by using their desk phone.

Error On Accessing Voicemail

Problem Error: “Unauthorized” when accessing voicemail.

Solution Check Cisco Unity or Cisco Unity Connection and see if the account has been locked as a result of too many incorrect sign-in attempts.


Chapter 19 Troubleshooting Cisco Unified Mobility Advantage How to Solve Problems with Availability Status (Presence)

Missing Voice Messages

Problem User sees some voice messages in Outlook that do not appear on Cisco Unified Mobile Communicator.

Solution The messages may be older than the expiry period configured in Cisco Unified Mobility Advantage in the Manage Adapter Services for the voicemail adapter.

Related Topics



Some Users Do Not Receive Voice Messages

Problem Some users receive voice messages but others do not.

Solution

• Make sure that the users are signed in to Cisco Unified Mobile Communicator.

• If the company has more than one voicemail or Exchange server, you must create an enterprise adapter for each.

For Release 7.0(2): You can check the configuration by selecting the Test Config button at the bottom of the adapter page.

• If client credentials differ from voicemail credentials, make sure that users have entered the voicemail credentials in the settings on the client or in the User Portal.

Related Topics


Users Cannot Receive Secure Voice Messages

Problem Users cannot receive secure messages.

Solution This feature is supported only with Cisco Unity Release 7.0 and Cisco Unity Connection Release 7.0. For Cisco Unity, check the adapter configuration and Make sure that the SOAP information and user ID and password are entered correctly.

For Release 7.0(2): You can check the configuration by selecting the Test Config button at the bottom of the Basic Settings page.

Related Topics


How to Solve Problems with Availability Status (Presence) • Presence Is Incorrect, page 19-15

• User Cannot Change Status from Idle to Available, page 19-15


Chapter 19 Troubleshooting Cisco Unified Mobility Advantage How to Solve Problems with Availability Status (Presence)

• Viewing the Sign-in Status of a Cisco Unified Mobile Communicator User on Cisco Unified Presence, page 19-16

Presence Is Incorrect

Problem Availability status is not showing correctly.

Solution

• Have the user verify the troubleshooting steps in the user documentation for the relevant device, if any.

• Make sure that presence is showing correctly on other devices, such as Cisco Unified Personal Communicator. The problem may not be specific to Cisco Unified Mobility Advantage.

• If a user reports that his availability status appears different on different clients, for example Cisco Unified Personal Communicator: Have the user sign out and in again to force the synchronization. You can also force the sign out in the Search Maintenance page for the user. (Roll your mouse over the icons to see which icon to select.)

See the documentation for Cisco Unified Presence, including but not limited to the section on integration with Cisco Unified Mobility Advantage and any troubleshooting information. See http://cisco.com/en/US/products/ps6837/tsd_products_support_series_home.html.

• Check that the configurations are correct in the following Related Topics.

For Release 7.0(2): When you check the Cisco Unified Presence adapter configurations in the Cisco Unified Mobility Advantage Admin Portal, be sure to select the Test Config button on each page.

Related Topics

• Chapter 4, “Configuring Cisco Unified Presence for Use With Cisco Unified Mobility Advantage”



• Enabling Exchange of Presence, page 12-5


• Viewing the Sign-in Status of a Cisco Unified Mobile Communicator User on Cisco Unified Presence, page 19-16

User Cannot Change Status from Idle to Available

Problem User cannot change availability status from Idle to Available.

Solution This is intended. Idle status results only when Cisco Unified Personal Communicator is running but the user is not using the computer. Since users cannot send instant messages between Cisco Unified Personal Communicator and Cisco Unified Mobile Communicator, this limitation ensures that other Cisco Unified Personal Communicator users do not mistakenly believe the user is available to receive instant messages in Cisco Unified Personal Communicator.



Chapter 19 Troubleshooting Cisco Unified Mobility Advantage Conference Alerts Not Arriving Correctly

Viewing the Sign-in Status of a Cisco Unified Mobile Communicator User on Cisco Unified Presence

Problem I need to see whether a mobility user appears as signed in on the Cisco Unified Presence server.

Solution When you have completed the integration between Cisco Unified Presence and Cisco Unified Mobility Advantage, you can obtain this information using this procedure:

Step 1 Sign in to Cisco Unified Presence Administration.

Step 2 Select Diagnostics > Presence Viewer.

Step 3 Enter a valid user ID.

Tip Select Search to find the ID for a user.


Step 5 Look at the Mobility Integration section for the status.

Conference Alerts Not Arriving Correctly Problem Conference alerts are not arriving, or are not arriving on time.

Solution

• Check your configurations in each of the following Related Topics.

Related Topics


• Enabling Conference Notifications, page 12-5


BlackBerry Users Do Not Receive Alerts Problem Alerts are sent to the Junk folder in Microsoft Outlook instead of to the BlackBerry device.

Solution You must provide users with:

• The procedure for preventing Outlook from treating these messages as junk mail.

• The Admin email address. The Admin email address can be viewed under System Management > SMTP Server Configuration.

Related Topics



Chapter 19 Troubleshooting Cisco Unified Mobility Advantage Lost or Stolen Mobile Device

Lost or Stolen Mobile Device Problem A mobile device is lost or stolen.

Solution You can remove all corporate information from Cisco Unified Mobile Communicator and disable the application.

Related Topics

• Removing Cisco Unified Mobile Communicator Data from a Phone, page 14-8

How to View Error and Warning Logs • Specifying Log Information, page 19-17

• Viewing Log Files, page 19-18

Specifying Log Information You can specify how log files and messages are collected and stored.

Procedure


Step 2 Select Log Configuration.



Chapter 19 Troubleshooting Cisco Unified Mobility Advantage How to View Error and Warning Logs


Viewing Log Files

Procedure

Step 1 Use a tool such as PuTTY to remotely access the server using SSH.

Step 2 Sign in as the platform administrator using the sign-in information that you entered during installation.

Step 3 Determine which type of log file to view:

Item Description

Log Level Determines the level of information captured for the log file.

Default is Info.

• Debug—Records the largest amount of information in the logs.

• Info—Records informational logs, warnings, errors, and fatal logs

• Warning—Records logs that are generated if the server encounters problems that impact a single user, more than one user, or impacts the system

• Error—Records logs that are generated if the server encounters problems that impact more than one user or impacts the system. If you select Error, only actual errors are displayed in the log.

• Fatal—Records logs that are generated if the server encounters problems that impact the Cisco Unified Mobility Advantage system

Log File Size (MB) Determines the size of each log file that is generated by the Admin Server and Managed Server.

Value of this field should be between 1 and 999.

Default is 20.

Number of Log Files Determines the maximum number of log files that are preserved by the Admin Server and the Managed Server.

Value of this field should be between 1 and 9999.

Default is 100.

For These Problems View This Type of Log

Problems with initial setup and configuration admin_init.log

Problems with the Admin portal admin.log

Problems after the system is up and running cuma.log

Most other problems cuma.log


Chapter 19 Troubleshooting Cisco Unified Mobility Advantage How to View Error and Warning Logs

There may be more than one instance of each log type. After a log file reaches the maximum size you specify in the Administration portal, the older information is separated into a separate file stamped with the date and time of the separation, for example admin.log<date and timestamp>.

Step 4 Use the command line interface (CLI) to find the logs to view:

Step 5 View a log file:

For Release 7.0(1) only:

Utility functions such as starting the Cisco Unified Mobility Advantage server

(These logs are rarely used.)

node_manager.log

node_manager_init.log


Utility functions such as starting the Cisco Unified Mobility Advantage server

(These logs are rarely used.)



For These Problems View This Type of Log

To For This Service Use This Command

List the files available for viewing

admin service

This service runs the Admin portal

file list admin *


node manager

file list node_manager *

managed server file list cuma *


Download a log file

(You must use SFTP)

admin service file get admin admin.log

where admin.log is one of the files in the list you viewed.


node manager

file get node_manager node_manager.log

where node_manager.log is one of the files in the list you viewed.

managed server file get cuma cuma.log

where cuma.log is one of the files in the list you viewed.


Chapter 19 Troubleshooting Cisco Unified Mobility Advantage How To Recover From Server Failure

Step 6 Search in the log file for exception until you find an exception associated with a keyword that indicates the source of the problem.

For example, if the problem is related to Presence, look for an exception with the Cisco Unified Presence server.

How To Recover From Server Failure • Obtaining a Disaster Recovery Disk, page 19-20

• Checking and Correcting Disk File System Issues, page 19-20

• Reinstalling the Operating System and Cisco Unified Mobility Advantage, page 19-21

• Restoring Cisco Unified Mobility Advantage Data From Your Backup, page 19-21

• For Upgrades from Release 7.0(1): Reverting to a Previous Version of Cisco Unified Mobility Advantage, page 19-22

Obtaining a Disaster Recovery Disk Obtain a recovery disk from the Software Downloads area on Cisco.com: http://tools.cisco.com/support/downloads/pub/Redirect.x?mdfid=281001413.

Checking and Correcting Disk File System Issues

Problem The server has failed.

Solution Use the Disaster Recovery Disk to check for and automatically correct disk file system issues.

Step 1 Insert the Disaster Recovery disk and restart the computer, so it boots from the CD.

Tail a log file

(View the last few lines of a log file in real time)

admin service file tail admin admin.log

where admin.log is one of the files in the list you viewed.


node manager

file tail node_manager node_manager.log

where node_manager.log is one of the files in the list you viewed.

managed server file tail cuma cuma.log

where cuma.log is one of the files in the list you viewed.

End the tail

(Stop viewing the tail)

All Press Control-C.



http://tools.cisco.com/support/downloads/pub/Redirect.x?mdfid=281001413


Step 2 Enter option [F]|[f] and wait while the process completes.

Step 3 Enter option [M][m] and wait while the process completes.

Step 4 Enter option [V]|[v] and wait while the process completes.

Step 5 Enter [Q]|[q] to quit this recovery disk program.

What To Do Next

If this does not resolve the problem, see Reinstalling the Operating System and Cisco Unified Mobility Advantage, page 19-21.

Reinstalling the Operating System and Cisco Unified Mobility Advantage

Problem The Cisco Unified Mobility Advantage server is completely unrecoverable. No other solution has solved the problem, including using the Disaster Recovery Disk to check for and automatically correct disk file system issues.

Solution Prepare the hard drive for a clean installation by wiping out the master boot record and reverting the BIOS settings to factory defaults.

Caution This procedure reformats your hard drive. You will lose all the data that is currently on your hard drive.

Step 1 Insert the Disaster Recovery disk and restart the computer, so it boots from the CD.

Step 2 Enter W for Windows preinstallation setup.

Step 3 Enter Yes to continue.

Step 4 Wait for reformatting to complete.

What To Do Next

• Reinstall the operating system and Cisco Unified Mobility Advantage. See Chapter 6, “Installing Cisco Unified Mobility Advantage”

• After reinstalling, restore from your backup file. See Restoring Cisco Unified Mobility Advantage Data From Your Backup, page 19-21

Restoring Cisco Unified Mobility Advantage Data From Your Backup

Problem The Cisco Unified Mobility Advantage server has failed.

Solution Restore from a recent backup:

Before You Begin

• An existing backup is required. See Backing Up Your Cisco Unified Mobility Advantage Server, page 11-3.

• You must restore onto a working server that meets the hardware requirements of your original Cisco Unified Mobility Advantage server.



• This server must be on the network and accessible using SFTP. The SFTP path must exist prior to the backup.

Step 1 Install on the new server the identical operating system and Cisco Unified Mobility Advantage version as your main Cisco Unified Mobility Advantage server. You must assign this server the same IP address as your original Cisco Unified Mobility Advantage server.

Step 2 Skip the Configuration Wizard and access the Admin Portal instead.

Step 3 Select Disaster Recovery System from the list box at the top right of the page.

Step 4 Select Go.

Step 5 Sign in with the platform credentials you entered while installing Cisco Unified Mobility Advantage.

Step 6 Select Restore > Restore Wizard.

Step 7 Select the Backup Device you named when setting up your backups.

Step 8 Select Next.

Step 9 Select the date and time of the backup file from which you want to restore.


Step 11 Select CUMA for Select Features.


Step 13 Select the original server name as the server to restore.

Step 14 Select Restore.

Step 15 Wait until the restore status shows Success.

Step 16 Select Cisco Unified OS Administration from the list box at the top right of the window.

Step 17 Sign in to the Cisco Unified OS Administration portal.

Step 18 Choose Settings > Version.

Step 19 Select Restart.

For Upgrades from Release 7.0(1): Reverting to a Previous Version of Cisco Unified Mobility Advantage

If an upgrade from Cisco Unified Mobility Advantage Release 7.x is unsuccessful, you can use the Disaster Recovery Disk to revert to the previously-installed release.

If you revert to a previous version of Cisco Unified Mobility Advantage, you will lose any configuration changes that you made using the upgraded software.

Before You Begin

See Obtaining a Disaster Recovery Disk, page 19-20.

Caution This procedure reformats your hard drive. You will lose all the data that is currently on your hard drive.

Step 1 Insert the Disaster Recovery disk and restart the system, so it boots from the CD.


Chapter 19 Troubleshooting Cisco Unified Mobility Advantage Enabling Remote Account Access for Cisco TAC Personnel

Step 2 Enter W for Windows preinstallation setup.

Step 3 Enter Yes to continue.

The Disaster Recovery disk formats your hard drive, so you can reinstall Cisco Unified Mobility Advantage.

Step 4 Install Cisco Unified Mobility Advantage according to the instructions elsewhere in this guide.

Step 5 Use the Backup and Restore Utility to restore the previously backed-up data to the servers.

Enabling Remote Account Access for Cisco TAC Personnel Problem Any problem that requires contacting Cisco TAC for support.

Solution If you contact Cisco TAC for support, the technician may ask you to enable remote account access for him or her. Only TAC personnel can use this access, and only if there is an open case. You specify the duration of this access when you enable it.

Before You Begin

You will need the platform administrator sign-in credentials you entered during installation. These are distinct from the Admin Portal sign-in credentials.

You should also have the information summarized in Viewing Version and Configuration Information, page 11-2.

Procedure

Step 1 Use SSH to access the Cisco Unified Mobility Advantage server and sign in as the platform administrator.

Step 2 Run the CLI command utils remote_account enable.

Step 3 Run the CLI command utils remote_account create [account name] [life] where account name is any value and life is the duration of this access in days (1 to 30).

Example: utils remote_account rootroot 30.

This command creates a remote account with name rootroot for a life of 30 days and generates the passphrase for it.

Step 4 Give the TAC technician the Account name and Passphrase that appear.

The technician will use this information to access the server remotely. Only TAC personnel can decrypt the passphrase and access the server.


Chapter 19 Troubleshooting Cisco Unified Mobility Advantage Enabling Remote Account Access for Cisco TAC Personnel


Installation and Administration Guide for C

A
P P E N D I X A Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage
Revised: May 6, 2009

You must configure an enterprise adapter for each enterprise server with which Cisco Unified Mobility Advantage connects. The values in the following tables are required for these configurations.

You should enter your values into these tables before you begin the installation or the upgrade from Release 3.x.

• About Active Directory Enterprise Adapter Settings, page A-1





About Active Directory Enterprise Adapter Settings Cisco Unified Mobility Advantage uses Active Directory for:

• User authentication for access to the User Portal and Cisco Unified Mobile Communicator.

• Directory search for contacts from Cisco Unified Mobile Communicator

• Number-to-name resolution for caller identification in the call logs in Cisco Unified Mobile Communicator.

• Locating user information in Microsoft Exchange

Restrictions

• At least one Active Directory server is required. Cisco Unified Mobility Advantage can connect to multiple Active Directory servers and to multiple OUs on the same Active Directory server, for example if you need to include users in different OUs. Create an adapter for each server or OU.

• Cisco Unified Mobility Advantage and Cisco Unified Personal Communicator must point to the same Active Directory server.

• All users sign in to Cisco Unified Mobile Communicator with their Active Directory passwords. These passwords cannot be longer 14 characters.

A-1isco Unified Mobility Advantage, Release 7.0

Appendix A Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Active Directory Enterprise Adapter Settings

The Active Directory adapter includes the following settings:


• Advanced Settings, page A-4

• Exchange Lookup, page A-5

Basic Settings These settings allow Cisco Unified Mobility Advantage to connect to Active Directory.


Host Name/ IP address

Hostname or IP address of the corporate directory server.

Port LDAP port of the corporate directory server. Cisco Unified Mobility Advantage uses this port to connect to the corporate directory for adding users to Cisco Unified Mobility Advantage and for user directory listing and searches.

Default is 389.

Admin DN The distinguished name of the account that Cisco Unified Mobility Advantage uses to read data from your corporate directory server.

For example:

CN=CUMA Read Only User,CN=Users,DC=department,DC=example,DC=com

This account must have at least read-only permissions in your corporate directory server. It must also have a valid Exchange mailbox.

Enter the DN in the long format including the container name. Do not use the short form (domain name/User ID).

Password The password for the Admin DN account.

Authentication Type

Simple.

Connection Type Type of connection to use between Cisco Unified Mobility Advantage and the corporate directory server.

Use SSL for secure connections.

Use Plain for nonsecure connections.

This should match the connection type that Active Directory requires.

A-2Installation and Administration Guide for Cisco Unified Mobility Advantage, Release 7.0


Related Topics

• Chapter 9, “Managing Server Security in Cisco Unified Mobility Advantage.”

Security Context This setting appears only if you choose SSL for Connection Type.

Select a Security Context for connections between Cisco Unified Mobility Advantage and Active Directory.

If you choose a security context that has the Trust Policy set to Trusted Certificates, you must validate the identity of the Active Directory server, for example by importing a self-signed certificate from Active Directory into the security context.

Polling Period (days)

Frequency (in days) with which Cisco Unified Mobility Advantage checks the corporate directory server for updates.

The default is 1 day.

Phone Number Format

The format you enter here must match the format of the following phone numbers:

• For Cisco Unified Communications Manager Release 4.x: Phone numbers in Active Directory in the attribute you specify for the Work Phone field in the Advanced Settings described in the table below.

• For other releases of Cisco Unified Communications Manager: The primary directory number for each person in Cisco Unified Communications Manager.

Be careful not to include any extra spaces, especially at the beginning or end of your number format.

This information is required in order to identify callers by name.

By default, Cisco Unified Mobility Advantage formats numbers using the North American Numbering Plan, (###) ###-####, where each # represents a digit. Up to ten digits will be formatted according to this pattern, starting from the right. Therefore:

• If a number has 5 digits (for example, 12345), Cisco Unified Mobility Advantage searches Active Directory for the number in the format 1-2345.

• If a number has 6 digits (for example, 123456), Cisco Unified Mobility Advantage searches Active Directory for the number in the format 12-3456.

If you do not use any punctuation at all, the number format for the same number of digits as the default would be ##########.

If you need to change this value after Cisco Unified Mobility Advantage is running, restart Cisco Unified Mobility Advantage after you make this change.




Advanced Settings Do not change Attribute Name values from the default unless you are certain that a different value is the correct value.

Setting Description

Attribute Names

Distinguished Name Attribute name in Active Directory that represents the distinguished name of a user. For example:

distinguishedName

First Name Attribute name in Active Directory that represents the first name of a user. For example:

givenName

Last Name Attribute name in Active Directory that represents the last name of a user. For example:

sn

User ID Attribute name in Active Directory that represents the corporate name of a user. For example:

sAMAccountName

Key Attribute name in Active Directory that uniquely identifies a user. For example:

distinguishedName

Home Phone Attribute name in Active Directory that represents the home phone number of a user. For example:

homePhone

Work Phone Attribute name in Active Directory that represents the unique office phone number of a user. For example:

telephoneNumber

If you use Cisco Unified Communications Manager Release 4.x, Cisco Unified Mobility Advantage uses this attribute to identify calls for user call logs.

Mobile Attribute name in Active Directory that represents the mobile phone number of a user. For example:

mobile

Email Attribute name in Active Directory that represents the email address of a user. For example:

mail

Search Settings



Exchange Lookup These settings allow Cisco Unified Mobility Advantage to determine which Microsoft Exchange server at your company holds the user information for each user.

Cisco Unified Mobility Advantage generally detects these values automatically. If you need to change these values, contact your Active Directory administrator.

Filter criteria Criteria that distinguish employees from other resources in Active Directory, such as conference rooms that can be “invited” to meetings.

Do not change the default value unless you have a specific reason to do so.

Search Base

This setting does not appear in the Configuration Wizard.

This is the Distinguished Name (DN) of the node in the directory below which Cisco Unified Mobility Advantage will search for users to be activated, and for which contacts can be searched for users.


Use the lowest node that includes the necessary names. Using a higher node will create a larger search base and thus reduce performance.

Follow Referral Determines if Cisco Unified Mobility Advantage follows referrals from the authoritative Active Directory server to cascaded Active Directory servers, for example for subdomains, when searching.

The default value is True.

Setting Description


Contact Adapter The name of the attribute within the corporate directory that identifies the logical Exchange server resource name for a user.

For example:

msExchHomeServerName

DNS Host Name The name of the attribute within the corporate directory that identifies the DNS host name of a server machine.

For example:

dNSHostName


Appendix A Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unified Communications Manager Enterprise Adapter Settings

About Cisco Unified Communications Manager Enterprise Adapter Settings

• Server Settings, page A-7


Contact Adapter DN Mask

The mask for the Contact Adapter DN value. The format of the DN Mask is:

??,CN=Computer,DC=department,DC=example,DC=com

Cisco Unified Mobility Advantage will use the value of the Contact Adapter setting (entered above) in combination with this DN Mask to search for the DNS hostname of a user's Exchange Server.

?? is substituted with the CN=<hostname of the Exchange server>. The following part is used to complete the DN. This complete string is then used to retrieve details about the user's Exchange host.

The hostname is retrieved from Active Directory using the Contact Adapter attribute of the user entry. Contact Adapter (msExchHomeServerName).

For example, if in Active Directory for user test1, the msExchHomeServerName is "myExchange" and the DN Mask is configured as ??, CN=Computer, DC=myDivision, DC=somecompany, DC=com, then the Cisco Unified Mobility Advantage Enterprise server will lookup the following entry in Active Directory to get details about the Exchange server and use it to store personal contacts of the test1 user:

CN=myExchange, CN=Computer, DC=myDivision, DC=somecompany, DC=com

Contact Adapter Search Base

The Distinguished Name of the root node that contains your Exchange Server's information in your corporate directory. For example:

CN=Computers,DC=department,DC=example,DC=com

Cisco Unified Mobility Advantage searches the Exchange Server from this root node.

Use the lowest node that includes the necessary names. Using a higher node will create a larger search base and thus reduce performance if the directory is very large.





Server Settings These settings allow Cisco Unified Mobility Advantage to connect to Cisco Unified Communications Manager in order to:

• Retrieve unified call log information to display in Cisco Unified Mobile Communicator.

This allows Cisco Unified Mobile Communicator users to view lists of calls to and from their main office phone number.

• Support the unified calling features, Dial-via-Office and Mobile Connect (formerly Single Number Reach)

Note Scroll down in the Admin Portal window to see all required settings.


Address Information

Primary Host Name The hostname or IP address of the primary Cisco Unified Communications Manager server that is running the CTI “super user” account or accounts that you created.

Primary Server Port The port used to communicate with the primary Cisco Unified Communications Manager server.


Backup Host Name (Optional) The backup server host name or IP address.

Backup Server Port The port used to communicate with the backup Cisco Unified Communications Manager server.

CTI User Credentials

User Name Enter the “super user” or “super users” you configured in Cisco Unified Communications Manager for call log monitoring or Dial via Office.

You can add up to four CTI User accounts.

Password Enter the password or passwords associated with the user name or names above.

SIP Information

Transport Type Select TLS for secure connections.

Select TCP for normal connections.

Select UDP for connections without error correction.

The default transport type is TCP.

This must match the setting in the “CUMA Server Security Profile” on the Cisco Unified Communications Manager server.

Communications Manager Version

If Cisco Unified Mobility Advantage is running, stop it before you change this value.

For Release 7.0(1): SOAP Information For Release 7.0(2): Web Services Information



Related Topics






Directory Lookup Settings If you have Cisco Unified Communications Manager Release 5.x through 7.0, you configure these settings in Cisco Unified Communications Manager. If you have Cisco Unified Communications Manager Release 4.x, this tab appears in Cisco Unified Mobility Advantage.

This table describes the settings and values required for both situations.

Https Port The SIP port number of the Cisco Unified Communications Manager server. This is often the same secure port that runs the Cisco Unified Communications Manager Administration page.

Cisco Unified Communications Manager runs the AXL interface on this port.


User Name The Cisco Unified Communications Manager Application User Name to which you assigned standard AXL API access.

Password The Password for the user in the row above.


Security Context

This option is available only with Cisco Unified Communications Manager Release 7.0.

Select a security context for the Cisco Unified Communications Manager server.

For the simplest configuration, choose a Security Context that has the Trust Policy set to All Certificates.

If you choose a security context that has the Trust Policy set to Trusted Certificates, you must deploy necessary certificates.




Setting Purpose Description

Rule Name This setting identifies the rule in the list.

Enter a descriptive name for this rule.

The name can contain up to 50 alphanumeric characters and can contain any combination of spaces, periods (.), hyphens (-), and underscore characters (_).

If you are performing this configuration in Cisco Unified Communications Manager:

• For rules to be applied to incoming calls, the Rule Name MUST begin with indir. For example, indir_international.

• For rules to be applied to outgoing calls, the Rule Name MUST begin with outdir. For example, outdir_internal.

You do not need the “indir ” and “outdir” prefixes if you are configuring lookup rules in Cisco Unified Mobility Advantage.

Rule Description

(Configurations in Cisco Unified Communications Manager only)

This setting describes the rule.

Enter a description of the rule.

Rule Type

(Configurations in Cisco Unified Mobility Advantage only.)

These settings identify the phone numbers to which this rule will apply.

To apply this rule to calls to the primary desk phone number, choose Incoming.

To apply this rule to calls dialed from the desk phone or (for Cisco Unified Communications Manager 7.0 only) from the mobile phone using Dial-via-Office, choose Outgoing.

Number Begins With Enter the digits at the beginning of the phone number to which this rule will apply.

Valid values include numeric digits (0 through 9), plus (+), asterisk (*), and pound (#).

Omit formatting such as spaces, dashes, or parentheses.

Number of Digits Number of digits in phone numbers to which this rule will apply.


Appendix A Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unified Presence Enterprise Adapter Settings

Related Topics


About Cisco Unified Presence Enterprise Adapter Settings Cisco Unified Presence provides the ability for users to share their availability status. You entered values into these tables while preparing to install or to upgrade from Release 3.x.


• Advanced Settings, page A-11

Basic Settings

Total Digits To Be Removed

These settings specify the transformation required for the dialed or received phone number to match the number for the correct person in the directory.

You must enter a value in at least one of these settings.

Enter the number of digits to strip from the beginning of the phone number.

You can also leave this setting blank to leave the number as it is.

Prefix With Pattern Enter the digits to prepend to the number, whether or not digits are removed.

Valid values include digits (0 through 9), plus (+), asterisk (*), and pound (#), or no value.

Setting Purpose Description


Host Name/IP Address Hostname or IP address of the Cisco Unified Presence server to which all Cisco Unified Mobility Advantage users are assigned.

Port Port on which Cisco Unified Mobility Advantage will communicate with Cisco Unified Presence.

(The port of the SOAP Web Service interface that Cisco Unified Presence listens on to accept user sign-in requests.)


Backup Host Name/ IP Address

(Optional) Hostname or IP address of the backup Cisco Unified Presence Server, if you have one.

Application User Name The user ID of the Application User you created in Cisco Unified Presence.


Appendix A Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Microsoft Exchange Enterprise Adapter Settings

Related Topics




Advanced Settings Do not change these values from the defaults unless you have specific reason to do so.

About Microsoft Exchange Enterprise Adapter Settings Cisco Unified Mobility Advantage uses Exchange for:

• Directory Lookup for personal contacts of users

• Caller identification of people who are in the personal contact of users

• Triggering meeting notifications in Outlook

Application Password Password for this Application User.

Security Context Select a security context for the Cisco Unified Presence server.





SIP Settings

Default Subscription Interval

Default is 3600.

Transport Type Default is TCP.

If you configured Cisco Unified Presence to require a TLS connection, you must select TLS here.

Listen Port Default is 5060.

Min Connections Default is 5.

Max Connections Default is 20.

Max Load Per Connection

Default is 200.



• Triggering availability status changes to In a Meeting based on meetings that appear in the Exchange calendar of each user

Meeting notifications and availability status changes are triggered only for Cisco Unified MeetingPlace or Cisco Unified MeetingPlace Express meetings that users schedule using the Outlook Plug-In for their respective conferencing product.

At least one Exchange server is required. Cisco Unified Mobility Advantage can connect to multiple Exchange servers. Create an adapter for each.

You entered values into these tables while preparing to install or to upgrade from Release 3.x.


• Connection Pooling, page A-13

Basic Settings


Hostname/IP Address The hostname or IP address of the Exchange server.

If Microsoft Exchange is clustered, use the hostname associated with the Outlook Web Access (OWA) bridgehead.

Transport Type TLS is the secure transport type. Select TLS if Exchange is running SSL.

TCP is the nonsecure transport type. Select TCP if Exchange is not running SSL.

Port The port used to connect the Cisco Unified Mobility Advantage Server to the Exchange server. This is the Outlook Web Access (OWA) port of the Exchange server.

The default port for SSL connections is 443.

The default port for non-SSL connections is 80.

Exchange Domain The domain for this instance of the Exchange server. For example, CORP.

This is the domain that users use when logging into their Windows desktops.



Connection Pooling Cisco Unified Mobility Advantage maintains a pool of connections to Exchange for use as needed, in order to minimize the need to continually reconnect to and disconnect from Exchange. This pool of connections is configured by settings in this tab.

You should not need to change these settings from the default.

These settings do not appear in the Configuration Wizard.

User Name Suffix The suffix that is appended to usernames to complete their corporate email address.

Leave this setting blank unless you have a specific reason to change it, for example if you have email addresses with subdomains such as sales.yourcompany.com that resolve to a single domain such as yourcompany.com.

If email addresses cannot be determined from Active Directory, obtain this value from your Exchange administrator.

This suffix must be a fully qualified DNS domain name. It is often, but not always, yourcompany.com. Do not include the @ character.

Polling Period (sec)

This setting does not appear in the Configuration Wizard.

Determines how frequently to poll the Exchange server for contact and unified voicemail updates.

Default setting is recommended. A short polling period can adversely affect the performance of the Exchange and Cisco Unified Mobility Advantage servers.


Connection Pooling Description Your Value

Max Connections Maximum number of concurrent connections between Cisco Unified Mobility Advantage and the Exchange server.

When Exhausted When the maximum number of connections is allocated, this determines whether the demand for more connections will grow the pool, or have the requests queued up.

• Block—the requests queue up

• Grow—the connection pool grows

Max Wait Time (sec)

Maximum allowable “wait” time (in seconds) before timeout, if “Block” is selected in the “When Exhausted” setting.

Max Idle Connections

Maximum number of connections that can remain idle at any given time. If the number goes above this, the server starts closing the connections.


Appendix A Page References: Enterprise Adapter Settings in Cisco Unified Mobility Advantage About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings

About Cisco Unity or Cisco Unity Connection Enterprise Adapter Settings

Cisco Unity and Cisco Unity Connection provide voicemail services to Cisco Unified Mobility Advantage.

If you have users on more than one Exchange or voicemail server, create a separate voicemail adapter for each Exchange server or voicemail store.

You entered values into these tables while preparing to install or to upgrade from Release 3.x.


• Voicemail Settings Tab, page A-16

Basic Settings


IMAP Information

Unity Exchange Hostname/IP Address

For Cisco Unity: Hostname of the Exchange server.

If you have users on more than one Exchange server, create a separate Cisco Unity adapter for each Exchange server.

For Cisco Unity Connection: IP address of the Cisco Unity Connection server.

If you have users on more than one Cisco Unity Connection server, create a separate adapter for each Cisco Unity Connection server.

Port If Transport Type is TCP:

• For Cisco Unity: Default is 143.


If Transport Type is TLS:

• For Cisco Unity: Default is 993


Polling Period (sec) The frequency with which Cisco Unified Mobility Advantage checks for new voice messages.

The default is every 600 seconds.

Very frequent polling may impact performance.



Transport Type The connection type for connections to the Exchange server (for Cisco Unity) or to the Cisco Unity Connection server.

This setting must match the setting on the Exchange or Cisco Unity Connection server.

Select TLS for secure connections (SSL on Exchange or TLS on Cisco Unity Connection).


Security Context Select a security context if you chose TLS as the Transport Type.


If you choose a security context that has the Trust Policy set to Trusted Certificates, you must deploy certificates.

Are the Voicemail credentials for the user the same as the corporate credentials?

Select Yes if the user ID and password for user account on the voicemail system is the same as in Active Directory.

Select No otherwise.

Unity Version If you are using Cisco Unity Release 7.x, enter the following SOAP information.

SOAP Information Information in this section applies only to Cisco Unity Release 7.x.

Unity Host Name/ IP Address

The host name or IP address of the Cisco Unity server.

This may or may not be the same as the Unity Exchange Host Name/IP Address which hosts the voice messages that are retrieved by IMAP, which you entered above.

Transport Type Select TLS for SSL connections.


This must match the connection type you specify in Cisco Unity.

Port The SOAP port. The default port for TLS is 443, and the default for TCP is 80.

Unity Backup Host Name/ IP Address

The host name or IP address of a back up Cisco Unity server if you have one.

Application User Name

The Cisco Unity Application user ID. This is the same user ID that you use to sign in to the Cisco Unity Administration page.

Application Password The Password for the Unity Application User.

Domain The Microsoft Exchange or NT domain of the Cisco Unity inbox.

Note This is not the Fully Qualified Domain Name domain.




Related Topics




Voicemail Settings Tab

Caution We recommend that you keep the default Unity voicemail settings. Do not change these settings unless recommended to do so by Cisco support.


Security Context Select a security context for the voicemail server.





Phone number search field name

Field to search the phone number of a caller.

Default is Subject.


Phone number search pattern

Regular expression for the search pattern that should be used in the Phone Number Search Field Name field.

This information is used to identify callers by matching information from Cisco Unity and Cisco Unified Communications Manager with existing contact information in Exchange and Active Directory.

Default is the regular expression [0-9]{4,}



cuma 70 install admin

Documents