jabber in the cloud · . on-premises on-demand ... (opensso) and other saml conformant systems

108

Upload: hoangkhue

Post on 01-Sep-2018

220 views

Category:

Documents


0 download

TRANSCRIPT

Jabber in the CloudPaul O’Dwyer. Technical Marketing Engineer, CTG

BRKCOL-2300

• Introduction to Jabber & Platform

• Basic Provisioning

• Hybrid Deployment: Mobile and Remote Access

• Service Discovery

• Plan the Right Route to Configuration

• IM Security

• Federating Cisco Jabber

• Feature Deep-Dive

• Customizing the Cloud with Jabber SDK for Web

• Jabber & Cisco Collaboration Cloud

Agenda

The Cisco products, service or features identified in this document may not yet be available or may not be available in all areas and may be subject to change without notice. Consult your local Cisco business contact for information on the products or

services available in your area. You can find additional information via Cisco’s World Wide Web server at

http://www.cisco.com. Actual performance and environmental costs of Cisco products will vary depending on individual

customer configurations and conditions. This is a confidential Cisco Internal launch document and not for external distribution.

Disclaimer

Introduction to Jabber

Experience Centric Flexible Deployment Value Extended

Collaboration Strategy

Cisco Jabber – The Power to Collaborate

All-in-one UC application Collaborate from any workspace

Presence and IM

Voice, video, and voice messaging

Desktop sharing and conferencing

PC, Mac, tablet, and smartphone

On-premises and cloud

Integration with 3rd party productivity tools

Rich, Real-time Collaboration with Cisco Jabber® Platform

WebEx Messenger Deployment FlexibilityStart with the features you need

Jabber IM Only, or

Jabber IM with P2P V/V*

Jabber Phone ModeMedia Termination

Cisco UC Manager

Jabber Full UCIM and Enterprise

Voice & Video

Cloud

Only

Prem Based

Voice & VideoFull UC:

Hybrid

Start Solution with… Start Solution with… Start Solution with…

Jabber / Messenger

WebEx platform is foundational for Cloud IM & Presence

UCM, Collab Edge

UCM as our call control platform

Collab edge provides DMZ traversal for collab products

Jabber / IM&P

Remains our premise soft client- it is required for “Traditional” persistent

chat capabilities as seen in FSI and other

verticals, with hooks into compliance and

archiving systems.

Extensive Service Options

Conferencing

Call Control

Collab Edge

Application

s

Internet

MPLS WAN

Headquarters

Remote Site

Mobile/Teleworker

TelePresence Server Conductor

Endpoints

Unified Communication

s Manager

Expressway-C

Instant Message & Presence

PSTN /

ISDN

Integrated Services Router

Integrated Services Router

DMZ

Unity Connection

TelePresence Management Suite

PrimeCollaboration

Expressway-E

3rd Party

Solution

http://www.cisco.com/c/en/us/solutions/enterprise/design-zone-collaboration/index.html

On-DemandOn-Premises

On-site control & access

Equipment & software owned & operated

Leveraged converged corporate network

Data behind firewall

Rapid deployment

No capex, predictable billing

Minimal admin and overhead

Redundancy & load balancing

Jabber XMPP

TechnologyCisco IM and Presence

Deployment Models for Cisco Jabber Clients

Jabber Cloud ComponentsSources of Configuration

Inside firewall (Intranet)

Outside firewall(Public Internet)

Internet

DMZ

Expressway

E

Expressway

C

Unified

CM

Collaboration

Services

Cloud Only Deployment*

1. WebEx Administration

Tool is the primary

source of configuration

Hybrid: Cloud IM&P, with

Enterprise Call Control

(UCM) (and other UC

services such as

voicemail)

1. WebEx Administration

Tool is primary source of

configuration

2. Jabber-config.xml

(optional) to customize

client

Hybrid

Cloud

Only*SUBJECT TO CHANGE:

Jabber 11 MR required for cloud only deployments with V/Vs

Basic Provisioning

Jabber Cloud Components WebEx Administration Tool - Policy

Instant Message

General IM

Contact List

IM Block Settings

XMPP IM Client

Upgrade Management

P2P Port Settings

Unified Communications

IM Federation

IM Archiving

System Settings

Organization Information

Domain

Resource Management

User Provisioning

File Settings

Password Settings

Security Settings

Profile Settings

Contact Settings

URL Configuration

Customization

Branding

Email Templates

Organization

Settings

XMPP

Service

Branding &

Email

Template

User CreationDefining your Jabber ID (JID)

• Consider your Jabber domain carefully, you’ll live with it for a while!

• Multi-modal communications address (Email, IM, Voice, Video & Federation)

[email protected]

Jabber ID or “JID”

“Jabber” DomainUserID

Configuring User Accounts

Manual Provisioning via WebEx Administration Tool

• Manually create and manage users via the Admin web interface

User File Import via WebEx Administration Tool

• Import a CSV file of users and groups into the database

Self Registration

• Accounts are created when users log in for the first time to Jabber

Single Sign-On

Options for Creating Users

WebEx Admin

New account using

web interface … and downloads Jabber

client onto their mobile or

desktop

WebEx sends

welcome email

to new users

email address

User

sets a

passwor

d for

WebEx

Account

….

Configuring User AccountsManual User Creation

Configure User Accounts

• Suitable for small group of users or pilot

• Admin Tab > Add User

• Account

• Profile

• Policy Group

• Unified Communications

Manual User Creation

Configure User Accounts

• WebEx Administration Tool provides library of email templates to enroll Jabber users

• Email templates are flexible, and may be customized for a particular company

• Company branding may also be added

Email Templates and Branding

Bulk Import of Users

• Provide method of bulk import of users to simplify provisioning

• Create CSV file with user information

• Full list of headers and mappings available in WebEx administration guide

CSV

Import field headers and value examples:

Field Value

employeeId 06355

displayName Tom James

firstName Tom

lastName James

email [email protected]

userName [email protected]

jobTittle Vice President

address1 Tasman

address2

city Santa Clara

state CA

zipCode 95134

ISOCountry USA

Field Value

phoneBusinessISOCountry +1

phoneBusinessNumber 4085551010

phoneMobileISOCountry +1

phoneMobileNumber 4085551010

fax 4085551111

policyGroupName Corporate

userProfilePhotoURL http:/server... Jpg

activeConnect

center my.webex.com

storageAllocated

CUCMClusterName cmovtme.com

IMLoggingEnable Yes

EndPointName

WebEx Administration Tool – CSV File Format:

http://www.webex.com/webexconnect/orgadmin/help/index.htm?toc.htm?17474.htm

Enable Self-Registration as a last option

User’s email address must match customer (site) domain

Security based upon user’s domain details and email

account

Account creation notification can be sent to Site Contact

User can register at www.webex.com/go/wc

Configuring User AccountsSelf Registration

Configuring User AccountsFederated Single Sign On (SSO)

• SAML 2.0 compliant or meets WS Federation 1.0 standard

• IdP – Identity Management System (on customer premise)

• Ping Identity, CA SiteMinder , ADFS, Oracle Access Manager (OpenSSO) and other SAML conformant systems

• WebEx Messenger site must be enabled by WebEx provisioning

• X.509 certificate uploaded to the WebEx Cloud

• URL for the corporate single sign-on service

• Client to be setup with a command line for SSO

1

2

3

4

51. User launches Client, sends request

2. Browser window opens to IdP for user

credentials

3. Credentials are challenged and validated

against

corporate directory

4. IdP sends assertion containing trusted user info

5. Central Authentication Service (CAS) validates

the user with the database and returns

validated user token to the Client

Jabber

Client

IdP

X509

Cert

Web Browser

Configuring User Accounts

• Plan your contact source information

• Contact sources provide Jabber with information to initiate communication.

• Rich data enhances user experience…

• Consider telephone formats, completenessof information and user photos etc….

Jabber Contact Source

WebEx Contact Source

Default for cloud based deployments

Local Contact Source

MS Outlook

Reverse contact

resolution

WebEx Administration ToolPolicy & Policy Groups

• Policy may be set in OrgAdmin at a global or group level

• Policy definitions may be created and assigned to admin defined groups

• Granular control for Organizational behavior

Hybrid DeploymentMobile and Remote Access

• Solution designed for and sold

exclusively with Unified CM 9.1 and

above (including Business Edition)

• Subset of X8.x features

• No additional cost for server software

licenses

X8.x Product Line Options

New

Offering

X8.x

“Expressway C”

Or Core

“Expressway E”

Or Edge

“VCS Control”

No Change

“VCS Expressway”

No Change

VCS Expressway

• Specialized video applications for

video-only customer base and

advanced video requirements

• Superset of X8.x features

• No changes to existing licensing

model

Collaboration Edge

umbrella term describing Cisco’s entire collaboration architecture for edge

... features and services that help bridge islands to enable any to any collaboration…

…collaborate with anyone anywhere, on any device….

Cisco VCS

Existing product line option providing advanced video and TelePresence applications

Includes VCS Control and VCS Expressway

Cisco Expressway

New product line option for Unified CM and Business Edition customers, providing firewall traversal & video interworking. Includes Expressway Core and Expressway Edge

Mobile and Remote Access

Feature available on both VCS and Expressway product lines with X8.1 s/w

Delivers VPN-less access to Jabber and Fixed Endpoints

Branding Terminology Decode

Cisco Jabber Remote Access Options

Unified CM

Expressway

Firewall

Traversal

AnyConnect

VPN

• Layer 3 VPN Solution

• Secures the entire device

and it’s contents

• AnyConnect allows users

access to any permitted

applications & data

• New Complementary

Offering

• Session-based firewall

traversal

• Allows access to

collaboration applications

ONLY

• Personal data not routed

through enterprise network

Hybrid Deployment - Cloud based IM&P

Inside firewall (Intranet)

Outside firewall(Public Internet)

Unified

CM

Internet

DMZ

webexMessenger

Protocol Security Service

SIP TLS Session Establishment –

Register, Invite, etc.

Media SRTP Audio, Video, Content

Share, Advanced Control

HTTPS TLS Logon,

Provisioning/Configuration,

Contact Search, Visual

Voicemail

XMPP TLS Instant Messaging,

Presence

Expressway

E

Expressway

C

Unity Connection

Conferencing Resources

Collaboration

Services

WebEx Messenger

Open Connectivity over ports 80 and 443 for the following domains

• webex.com

• webexconnect.com

• All sub-domains of webex.com and webexconnect.com

If using 3rd party XMPP clients

• Open 5222 (XMPP standard client port)

Network Requirements

WebEx Service Offered over IP Address Range(s)

64.68.115.0 64.68.115.255

64.68.116.0 64.68.116.255

66.163.32.0 66.163.63.255

173.243.12.0 173.243.12.255

WebEx Messenger

Item Port Type Port Number

A/V Server Port TCP 80 and 443

UDP 5101

STUN Server TCP 80

UDP 8070/8090

P2P Port (‘WebEx Connect’ Direct

Connection Only – Not applicable to

Jabber)

TCP Random

UCP Random

Port and Bandwidth for Voice/ Video

The UDP port 5101 is used to establish the server connection. If the connectivity fails,

ports 80/443 are used to establish connectivity.

Contact Search Considerations (Cloud based IM&P)

Inside firewall (Intranet)

Outside firewall(Public Internet)

Internet

DMZ

LDAP

webexMessenger

• Jabber allows for multiple contact source integrations

• LDAP Directory sync provides corporate directory to Unified CM

• Corporate directory is also exported to WebEx Messenger cloud

• All Jabber clients will use WebEx Messenger cloud as a contact source for contact search

Expressway

E

Expressway

C

Unified

CM

Collaboration

Services

Service Discovery

Service Discovery is for Cisco Jabber to…

Subscribe to…

UC Services

Discover…

UC Services Domain

Select…

Operating Mode

Cloud or On-Premises

Determine…

Operating Location

Inside or Outside

Service Discovery

Jabber now has two key pieces of information for Service Discovery

• “adam” for user authentication

• “ucdemolab.com” for service discovery

Jabber sends HTTP and DNS Queries• Jabber sends all requests (HTTP request & DNS

queries) simultaneously

• Among all returned, the record with the highest priority will be used for connecting to UC services

• Jabber will also evaluate returned responses to determine if it is inside or outside the organization

Priority Service HTTP Request / DNS SRV

1 WebEx Messenger HTTP CAS lookup

2 Unified CM 9.x _cisco-uds._tcp.<domain_name>

3 Cisco Presence 8.x _cuplogin._tcp.<domain_name>

4 Cisco Expressway _collab-edge._tls.<domain_name>

Messenger

http://loginp.webexconnect.com/cas/Fede

ratedSSO?org=[DOMAIN]

DNS SRV Lookups

DNS (internal

or external)

HTTP Request to

CAS*

DNS

Queries

* CAS: Connect

Authentication Service

Edge Detection

• Edge Detection determines whether Jabber is inside or outside the corporate firewall

• Based on SRV records returned from DNS

• If _cisco-uds SRV record lookup returns an address:• Jabber determines that it is inside the organisations network and it can connect to UC services directly

• If _collab-edge SRV record lookup returns an address:• Jabber determines that it is outside the organisations network

• Set directory integration to UDS mode

• HTTP transform all traffic and route through expressway-e

Jabber Establishes Services Domain

• Jabber needs to establish Services Domain name to send Service Discovery queries• Services Domain is usually the WebEx Messenger domain name or UC Manager domain name

• Jabber can establish the Services Domain in a number of ways• UPN discovery (Jabber for Windows only)

• Enduser input

• Preconfigure (Bootstrapping/MSI transformation or URL Configuration)

• jabber-config.xml

UPN Discovery

• Jabber for Windows will not prompt user to enter login credentials until the Windows machine is connected to a network

• Once a network connection becomes available Jabber will initiate service discovery

• Jabber for Windows will attempt to use User Principal Name (UPN) for service discovery

• e.g. [email protected]

• example.com is used as the Services Domain (_cisco-uds._ecp.example.com etc)

• “smiller” is used for home cluster discovery

Network becomes

available

End-User Input

• Jabber for Mac, Android and IOS will default to end-user input of Services Domain.

• Jabber for Windows will use UPN by default but this setting can be changed via a bootstrap key• Bootstrapping can be done using the mst file and a MSI editor or by using command line switches

• upnDiscoveryEnabled: true/false

• The enduser should enter an email like address

“username@domain”

• username : UC Manager UID

• domain : domain used for Service Discovery

Services Domain Preconfigure

• Jabber can be pre configured with Services Domain name prior to installation

• This can be used when:

• UPN domain does not match Services Domain

• Admins do not want endusers to enter Services Domain

• Services Domain can be pre-configured using

• Bootstrapping/MSI transformation (Windows)

• URL Configuration (Mac, Android, IOS)

• This allows a “zero-touch” configuration for endusers

Services Domain Preconfigure

• Jabber for Windows can be preconfigured with Services Domain via bootstrapping or MSI transformation

msiexec /i CiscoJabberSetup.msi SERVICES_DOMAIN=example.com

• Jabber for Mac, IOS and Android can be preconfigured with Services Domain via URL Configuration

ciscojabber://provision?ServicesDomain=example.com

Services Domain & Voice Services Domain

• In hybrid deployments, the WebEx Messenger domain may be different to the on premise UC domain

• WebEx Messenger domain : example.com

• On premise UC domain : uc.example.com

• Jabber will need to perform discovery on example.com to discover Messenger services

• Jabber may also need to perform discover on uc.example.com to perform Edge Detection and discover UC services via Mobile Remote Access (Expressway)

• Voice Services Domain can be used to perform discovery on a second domain

• Services Domain : example.com (used for WebEx Messenger HTTP lookup)

• Voice Services Domain : uc.example.com (used for DNS SRV lookups)

Configuring Voice Services Domain

• Voice Services Domain can be configured via

• Bootstrap/MSI Transformation (Windows only)

msiexec /i CiscoJabberSetup.msi SERVICES_DOMAIN=example.comVOICE_SERVICES_DOMAIN=uc.example.com

• URL Configuration

ciscojabber://provision?ServicesDomain=example.com&VoiceServicesDomain=uc.example.com

• jabber-config.xml

<ServicesDomain>example.com</ServicesDomain>

<VoiceServicesDomain>uc.example.com</VoiceServicesDomain>

Excluding Services

• Services can be excluded from Service Discovery

• Some organizations may have a WebEx Messenger domain but want to run Jabber in phone only mode

• WebEx Messenger can be excluded from Service Discovery

• Bootstrap/MSI Transformation (Windows only)

msiexec /i CiscoJabberSetup.msi SERVICES_DOMAIN=example.comEXCLUDED_SERVICES=WEBEX

• URL Configuration

ciscojabber://provision?ServicesDomain=example.com&ServiceDiscoveryExcludedServices=WEBEX

• Note that the Messenger HTTP request will still be sent but will not be used

Creating the SRV Records• Ensure each UC Manager node has an A-record DNS record

• The SRV record can point to multiple A-records for load balancing purposes

• Jabber clients will round-robin through A-records as they perform DNS lookups

• Jabber maintains an internal priority list for SRV records

• SRV record Priority and Weight do not need to be set

SRV lookup return

• Test the SRV record using nslookup tool

• SRV lookup using nslookup will return all associated A-records

• NOTE: this is a different system to previous example!!!

nslookup -type=srv _cisco-uds._tcp.cisco.com

Service Discovery and WebEx Messenger• If a WebEx Messenger HTTP lookup is successful during

Service Discovery

− Jabber will connect to the Messenger service regardless of the other lookup results

• For users who are provisioned with UC Manager services (including voicemail etc.)

− WebEx Messenger must be configured with the correct UC profile information (TFTP, CCMCIP, CTI) for each user and service

− WebEx Messenger UC Profile will take higher priority than UC Manager Service Profile

− Jabber will not use the _cisco-uds SRV record to connect to UC Manager (record still used for Edge Detection)

• Jabber will not perform Home Cluster discovery after connecting to WebEx Messenger

• The UC profile must detail the correct Home Cluster information for each user

Home UCM

Cluster

UC Manager

home cluster

address

1

2

Service Discovery – WebEx Messenger (inc. Hybrid)

WebEx Service

found via HTTP

CAS Lookup

http://loginp.webexconnect.com/cas/FederatedSSO?org=company.com

Service Discovery – Phone-Only Mode

Service

Discovery

lookup for

“Voice Services

Domain”, i.e.

Phone-Only

Mode

“Phone

Services”. I.e.

no Instant

message

capability

Jabber in the CloudConfiguration Sources

Service Profile Priority

UCM Service

Profile

Jabber-config.xml

ConfigurationOperating

Config

Bootstrap/Local

Plan the right route to configuration - HYBRID

Plan the right route to configuration

1. End-user is presented with login screen and enters IM address <user>@<domain> - This input is used for service discovery.

2. When Jabber executes service discovery, it runs 4 lookups:

a. HTTP CAS URL Lookup for <Domain> (WebEx Messenger)

b. cisco_uds - DNS SRV Lookup for <domain> (On-Net UCM 9.X or later)

c. cup_login - DNS SRV Lookup for <domain> (On-Net CUPS pre-9.X)

d. collab_edge - DNS SRV Lookup for <domain> (Off-Net UCM 9.X or later)

3. In a WebEx Messenger deployment, the service will be found via HTTP CAS URL. Jabber will subsequently ignore the other 3 DNS SRV lookups. Jabber populates HTTP CAS info into its configuration store

4. The user will then be taken to the next login screen, and prompted for username and password to authenticate against WebEx Messenger service.

Plan the right route to configuration

5. Jabber will examine the Messenger cloud for policy and configuration, and again update its configuration store with the info received. In a cloud-only deployment, this completes service discovery process.

6. As part of that policy received, there is optionally a UC profile which contains a setting “Enable UC Manager integration for Cisco IM Applications”, and in it will have a given users’ home cluster information (TFTP, CTI, CCMCIP). This step notifies Jabber there is a HYBRID deployment, and will trigger the secondary lookup for voice services based in UC Manager. i.e. “Enable HYBRID”

7. Jabber will try its secondary login based on that home cluster information and register directly to Cisco UCM for voice services.

8. Once registered, Jabber will retrieve Cisco UC Manager UDS service profile and jabber-config.xml.

Plan the right route to configuration

9. Jabber will populate its configuration store with the valid information from UDS service profile and jabber-config.xml

10. One of the settings in jabber-config.xml should be setting a “voice-services-domain”. This provides Jabber the information it needs to do edge detection when a user is off-net, and needs to find Cisco UCM via Mobile and Remote Access. This setting an also be achieved using a MSI installer switch or “configuration URL”, which means step 7 could happen either on-net or off-net.

11. Done!

Org Admin – Enable HYBRID

• General provides optional UCM integration for WebEx Connect – Not applicable for Cisco Jabber

• Voicemail – To enable Cisco Unity Connection, cluster settings much be populated in this tab. It is a global setting

• Clusters – Add Cisco Unified Communication Manager integration into Jabber (this enables HYBRID deployment, and must be enabled to kick off “Service Discovery” HYBRID lookup. In this section you may set:

• Cisco UCM server settings

• Voicemail pilot number

• Enable voicemail specific to a UCM cluster (Optional for granularity –Global setting is already configured)

Mandatory to enable HYBRID Service Discovery lookup

Optional – Must be enabled for voicemail.

Legacy settings - not applicable to Jabber in the cloud

Basic Feature Breakdown –Connection Status

Instant Message Security

Cisco WebExCollaboration Cloud

MULTI-LAYERED SECURITY MODELT

hird

Pa

rty A

udits

SSAE 16

ISO 270001

Encryption

Authentication

Policy Management

Physical Security

SSL - 128-bit EncryptionAES – 256-bit Encryption

SSOUnique ID

Access ControlSet policy for individuals, groups, org

Data Centre Secure Facility

Cisco WebEx Multilayer Security Model

Note: Instant Messages are not stored in the cloud at any point, except when IM Archiving is enabled

IM Encryption

• Jabber 9.0+ server connection to WebEx messenger cloud by default uses 128 bit SSL encryption.

• Data-at-rest is not encrypted which allows IM logging capabilities in the cloud.

• Data-at-rest is protected by means of stringent Data Centre security including SAS 70 Type II audits

SSL Encryption

IM Logging

Service

IM Routing

Service

IM Encryption (Optional)• Jabber encrypts XMPP traffic

• IM payload is encrypted using AES 256 bit

Point to Point

SSAE-16

ISO27001

• Server-side IM Logging

• Messages stored on customer premise, or cloud storage

• Messages only stored temporaily in Messenger cloud – deleted upon receipt of delivery

• “Logged” users will be shown disclaimer in IM conversation

• End to end encryption (256k AES) is not supported for logged users

Compliance - Cloud

HP Autonomy DRC-CM (formerly Iron Mountain) (3rd

Party Cloud storage)

Global Relay (3rd Party Cloud Stoage)

Secure SMTP (Integrate with email archiving)

• HP

IM communication

via a secure

channel (SSL)

Federating Cisco Jabber

Federating Cisco JabberAdd IM & Presence Federation DNS SRV

Service Type

XMPP

Port

FQDN of host

offering XMPP

Service

Inter-Domain Federation

XMPP

GatewayXMPP

Gateway

AOL

Gateway

IBM Sametime

IBM Sametime via XMPP

gateway server

Microsoft Lync

Microsoft Lync using XMPP

gateway role.

AOL

Public federation to AOL users

* requires addition order option

XMPP Standard Federation

Standards based XMPP

domains

including Cisco IM & Presence

server

Cisco Jabber

Cisco Jabber on-premise

via XMPP standards

Clearinghouse Vendor

• Nextplane is a third party service that

provides additional federation capabilities

• Clearinghouse “UC Exchange”

‒ Directory Member vs. Community member

• Federation to other vendors on Nextplane

• Integration to Social Media (Yammer,

Chatter, Twitter)

• Consider $$$ - To select a federation

• www.nextplane.net

Voice/ Video Jabber-to-Jabber Cloud-Based

Introducing

”Jabber to Jabber” Voice and Video calling

• “Jabber to Jabber” voice and video provides basic calling between clients without UC manager registration for both cloud and on premise deployments.

• Provides voice/video calling for IM enabled users (Jabber for everyone)

• Provides feature parity for customers migrating from WebEx Connect

• Architectures provides for both cloud and on premise deployment

• Single call only with no in call features

• Users can be enabled for both UC Manager and Jabber to Jabber calling

• Setup: SDP/XMPP or SDP/HTTPCodec: G.722 / H.264

Voice/Video

Subject to change

Jabber to Jabber Calling

Deployment Architectures

• Provide call setup over HTTPS

• Aligns to Collaboration Cloud Architecture

SDP/HTTPS

(Setup)

RTP

(Audio/Video

& Share)

Cloud Model

Subject to change

Jabber to Jabber Calling

Example Flow

User receives an incoming “Jabber to Jabber” call

Contact is resolved

Call shown as “Jabber Call”

Subject to change

Jabber to Jabber Calling

Example Flow

Mid call features not available with “Jabber to Jabber”calling

Mute Audio/Video

Hang-up

Subject to change

Single call only

If an additional call is presented user can hang up in progress call

UC manager call can be placed on hold

Jabber to Jabber Calling

Example Flow

Subject to change

• Delivers market requirement for low bandwidth / dirty network codec

• CTG cross endpoint alignment

• Requires UC Manager 11.0

• Mobile clients also adding support for G.722 in 11.0 release

Introducing

Opus Codec Support

Opus is a totally open, royalty-

free, highly versatile audio codec.

Opus is unmatched for interactive

speech and music transmission

over the Internet, but is also

intended for storage and

streaming applications. It is

standardized by the Internet

Engineering Task Force (IETF)

as RFC 6716 which incorporated

technology from Skype's SILK

codec and Xiph.Org's CELT

codec.

Subject to change

Desktop Share

Jabber Desktop Share• Jabber supports a number of desktop sharing capabilities

• Video Desktop Share (BFCP) (Jabber Windows and Mac, mobile platforms can receive)

• IM Only Screen Share (Jabber for Windows)

• WebEx Messenger Share (Jabber for Windows – Cloud mode only)

• A Video Desktop Share captures the desktop and sends the share as a video stream

• Video Desktop Share requires an active softphone mode call

• Video Desktop Share is enabled by default and can be disabled using the jabber-config.xml or the SIP profile

• Interoperable with Jabber, Telepresence and Video Bridges (TPS)

• IM Only Screen Share is available in Jabber for Windows 10.5 +

• No active call required

IM Only Screen Share• Screen share from an IM session

• No requirement for active call

• Support for multiparty screen share – up to 1 + 5 participants

• Support for Remote Desktop Control

• Independent of telephony mode

• Softphone mode and deskphone mode supported

• Protocols & Port Numbers

• IM Screen share capabilities negotiated through xmpp session

• IM Screen share media selects a random TCP port ranging from 49152 to 65535

Screen share

button

Recipient can accept or

decline the share invitation

• From an IM Session with another Jabber for Windows user:

• An IM only based screen share will be initiated

• From an IM session with a Jabber for Mac user

• A video desktop share will be initiated

• From an active softphone mode call:

• A video desktop share will be initiated

• If an IM only screen share has been initiated before a call:

• The IM only based screen share session will be maintained

• IM Screen share enabled by default

• Can be disabled using jabber-config.xml

Which Share is Initiated?

<Policies>

<enablep2pdesktopshare>False</enablep2pdesktopshare>

</Policies>

Desktop Share Priority

Video Desktop Share

IM Only Desktop Share

WebEx Messenger Desktop Share

Remote Desktop Control

• IM Only desktop share recipients can request to take control of desktop share initiators remote desktop

• Initiator is prompted to accept the remote control request

• Share recipient can release control

• Initiator can revoke control at any time

Cloud Based Desktop Share• Configuring Ad-hoc WebEx Desktop Share

• The remote party will receive an invitation to join the WebEx share

File Transfer

Types of File Transfer

• Basic P2P File Transfer• Send & receive files

• File share from desktop or mobile

• Screen Capture on desktop carried over file transfer

• Send & receive photos & videos (Mobile)• Stored on mobile devices

• Captured with camera (not saved on device)

• 3rd Party Cloud services (Mobile)• Box

• Google Drive

• iCloud

• Dropbox

• etc…

File Transfer P2P – Jabber with WebEx Messenger

XMPP/JINGLE

(Offer FT to remote user)

XMPP/SOCKS5Bytestr

eam

File is shared via proxy

Cloud Model

FT Proxy

XMPP/JINGLE

(Accepts FT, offers

transfer option (always

via proxy for Jabber) on

port 443)

File Transfer – Jabber with WebEx Messenger

// query if there is bytestream proxy (by Service Discovery at login)<iq to='proxy.<proxyhost>.webex.com' id='uid:5294102d:00007590:0000004a' type='get'>

<query xmlns='http://jabber.org/protocol/bytestreams'/></iq>

// jingle command to peer to initiate FT<iq to="[email protected]/wbxconnect" id="uid:5294102d:00004090:0000004b" type="set">

<jingle xmlns="urn:xmpp:jingle:1" action="session-initiate" initiator=”[email protected]/wbxconnect" sid="SID1">

<content creator="initiator"><description xmlns=" num="141" />

</content><x xmlns=">Start sending file 'policy2.ini(3 bytes)'.</x>

</jingle></iq>

File Transfer - Request

When initial query comes back

positive, Jabber will render “File

Transfer” image

File Transfer – Jabber with WebEx Messenger

// SI, offer possible transfer methods.<iq to=”[email protected]/wbxconnect" id="uid:5294102d:00002d5c:0000004c" type="set">

<si xmlns=" id="uid:5294102d:000018bf:0000004d" profile="><file xmlns=" name="policy2.ini" size="3" /><feature xmlns=">

<x xmlns="jabber:x:data" type="form"><field type="list-single" var="stream-method">

<option label="ibb"><value>http://jabber.org/protocol/ibb</value> // Direct (for use with legacy clients)

</option><option label="oob">

<value>jabber:iq:oob</value></option><option label="s5b">

<value>http://jabber.org/protocol/bytestreams</value> // Proxy (for use with Jabber)</option><value />

</field></x>

</feature></si>

</iq>

File Transfer - Request

File Transfer – Jabber with WebEx Messenger

// server responds with the proxy address and port<iq from=”<proxyhost>.webex.com" id="uid:5294102d:00007590:0000004a" to=”[email protected]/wbxconnect" type="result" xml:lang="en">

<query xmlns="><streamhost host=”<proxyhost>.webexconnect.com"

jid="proxy.<proxyhost>.webex.com" port=”443" /></query>

</iq>

// peer responds to the jingle.<iq from=”[email protected]/wbxconnect" id="uid:5294102d:00004090:0000004b" to=”[email protected]/wbxconnect" type="result" xml:lang="en" />

File Transfer - Request

File Transfer – Jabber with WebEx Messenger

// peer responds with the chosen transfer method to accept FT<iq from=”[email protected]/wbxconnect" id="uid:5294102d:00002d5c:0000004c" to=”[email protected]/wbxconnect" type="result" xml:lang="en">

<si xmlns="><feature xmlns=">

<x type="submit" xmlns="jabber:x:data"><field type="text-single" var="stream-method">

<value>http://jabber.org/protocol/bytestreams</value></field>

</x></feature>

</si></iq>// offer all the addresses and ports (always proxy for Jabber) to peer with the chosen method.<iq to="[email protected]/wbxconnect" id="uid:5294102d:00003bf3:00000053" type="set">

<query xmlns=" sid="uid:5294102d:00007cfd:00000052" mode="tcp"><streamhost jid="proxy.<proxyhost>.webex.com"

host=”<proxyhost>.webexconnect.com" port="443" /></query>

</iq>

File Transfer - Accept

The remote user is prompted to accept or

decline

File Transfer – Jabber with WebEx Messenger

// peer chooses FT via proxy. <iq from="[email protected]/wbxconnect" id="uid:5294102d:00003bf3:00000053" to=”[email protected]/wbxconnect" type="result"

xml:lang="en"><query sid="uid:5294102d:00007cfd:00000052" xmlns=">

<streamhost-used jid="proxy.<proxyhost>.webex.com" /></query>

</iq>

// notify server to activate the connection to proxy<iq to="proxy.<proxyhost>.webex.com" id="uid:5294102d:00000029:00000054" type="set">

<query xmlns=" sid="uid:5294102d:00007cfd:00000052"><activate>[email protected]/wbxconnect</activate>

</query></iq>

// server responds to the activation<iq from="proxy.<proxyhost>.webex.com" id="uid:5294102d:00000029:00000054" to=“[email protected]/wbxconnect" type="result"

xml:lang="en"><query sid="uid:5294102d:00007cfd:00000052" xmlns=">

<activate>[email protected]/wbxconnect</activate></query>

</iq>

File Transfer - Send

File Transfer – Jabber with WebEx Messenger

<iq from="[email protected]/wbxconnect" id="uid:5293f4a5:7473cd26" to=”[email protected]/wbxconnect" type="set" xml:lang="en">

<si notifyid="uid:5294102d:00007cfd:00000052" profile=" status="0" xmlns=" /></iq>

// jingle command to finish <iq to="[email protected]/wbxconnect" id="uid:5294102d:00005ab0:00000055" type="set">

<jingle xmlns="urn:xmpp:jingle:1" action="session-terminate" initiator="[email protected]/wbxconnect" responder=”[email protected]/wbxconnect" sid="SID2">

<content creator="initiator"><description xmlns=" num="141" />

</content><x xmlns=">Successfully sent file 'policy2.ini(3 bytes)'.</x>

</jingle></iq>

// peer responds to jingle command<iq from="[email protected]/wbxconnect" id="uid:5294102d:00005ab0:00000055" to=”[email protected]/wbxconnect" type="result" xml:lang="en" />

File Transfer - Send

Sent…

Received…

File Transfer – Jabber with WebEx Messenger3rd Party Cloud Service

Leverages cloud

storage open

API’s…

File Transfer Policy

• File transfer allows users to exchange files over IM

• Use Policy list to enable/disable and control domains

Control over file type

allowed for transfer is

managed from IM

admin

Customizing the Cloud

Business BenefitsCisco Jabber SDK for Web Toolkit

Easily and rapidly add collaboration into web applications and business processes

Increase productivity and maintain context of interactions for end users

Add incremental value to Cisco® Collaboration deployments

Your UC enabled web application

Web Phone

(AJAX)

CAXL

(AJAX)

WebEx

(URL/XML)

CUMI

(REST)

Video Audio Call Cntl PresencePub/SubIM/ChatVoice

MailMeeting

Cisco Ajax XMPP Library (CAXL)

• CAXL is a Web 2.0 JavaScript library for integration of instant messaging, presence and roster

• Evolution of Jabber’s former jabberwerx suite

• Common SDK for on-prem (CUCM IM & P) and off-prem (WebEx Messenger) integration

• Uses BOSH for server communication(Bidirectional streams over synchronous HTTP)

IM/Chat Presence Location

API Name: Cisco Ajax XMPP Library

API Interface: AJAX

CAXL – Cisco Ajax XMPP Library

1 - Navigates

to Web Page

2 – Web Page with

embedded IM & P client is

returned to web browser3 – IM & P

client registers

to Cisco UCM

IM & P

4 – Cisco UCM

IM & P/ Cisco WebEx

Messenger returns

buddy list and

associated presence,

including self

presence, as well as

IM capabilities

Web Application

HTTP Proxy

CAXL

Registration

and IM & PCisco UCM IM & P or

WebEx Messenger

provides user database,

presence engine and

XMPP IM capabilities

Generic Web ServerHost the customised

web application,

Including CAXL

BOSH

CAXL – Cisco Ajax XMPP Library• 1:1 Instant Messaging

• Ability to initiate and receive P2P IM• Supports xHTML-IM rich-text

• Multi-user chat room • Ability to create adhoc chat rooms• Ability to invite and be invited to chat rooms• Ability to search for existing chat rooms

• Pub/Sub Applications (e.g. for GeoLocation)• Personal Eventing Protocol - Ability to

create/publish/subscribe to pub/sub service nodes on a server

• User Authentication

• Roster Presence and Roster (Contacts List) management

• Ability to Add/Update/Remove Contacts

• Ability to move contacts between groups

• My presence• Ability to set device presence

• When integrated with CUP, SDK can be configured to set CAXL device presence to be the same as Presence engine composed presence

• Temporary Presence Subscriptions• Ability to create temporary subscriptions to users

who are not on your roster (“Quick Contacts”)

• Ability to do bulk subscribe/unsubscribe of temporary subscriptions. Useful in multi-page applications where each page may have a different list of users

Presence

enabled

IM / Chat

enabled

Click 2 Call

enabled

Click 2 WebEx

enabled

Jabber SDK APIs: XMPP (CAXL), Web Phone Video (AJAX, Plugin)

• UC, Collaboration, Video capabilities everywhere

• Example only – an ISV or IT Pro could do the project

Click 2 Video

enabled

Use Case … Cisco UC in Business Process Apps

Jabber and Cisco Collaboration Cloud

Traditional Unified Communications

Cisco Jabber

Introducing Agile Team Space

Cisco Spark

Adding Value to the Cloud

Powered by

Introducing Cisco Spark

Team Space -virtual rooms

An ‘team space’ app

that instantly creates a

virtual place for agile

teams to work together,

where their work can

live, and a way to stay

connected to it all

Persistent and secure messaging and file sharing

Face-to-face meetings with screen sharing

Superior business class experience

Making Teamwork Simpler.

For Additional Detail on Cisco Spark, please see:

BRKCOL-2607, Tuesday, June 9, 3.30pm

PSOCOL-2404, Tuesday, June 9, 12:30 p.m

Agile Team Productivity

Work together in unlimited virtual rooms that you can easily access

through a searchable, chronological list

Start collaborating with anyone by adding their name or e-mail address

Pull Everyone Together Simpler Way to Work With All Your TeamsConnect your calendar to create a Spark room

for any upcoming calendar entry. Join virtual meetings, including WebEx

meetings, in a single tap.

Cisco Jabber

• Jabber: the power of convergence

• Traditional Enterprise IM & Presence, Voice and Video, Conferencing, etc.

• Leverage Collaboration investments, in one soft-client experience

• Cisco UC Manager environment, WebEx Messenger, Telepresence etc.

• Spark & Jabber (with WebEx Messenger)

• Modern organizations are evolving with different end-users types • One size does not fit all!

• Agile and Traditional worker types

• Introduction of Spark into customer site is optional• Roadmap maintained for Jabber and WebEx Messenger backend

• ‘Messaging’ Inter-op being developed as base interop (see ‘Fusion’ for deeper integration)

• Inter-op for mix and match: depending on organization use case

• Licensing entitlement carry forward

Subject to change

See Related Sessions…• BRKUCC-2345 Tue, June 9 8:00 a.m., Cisco Jabber: Deploying Cisco Jabber On Premise, Bryan Morris

• BRKCOL-2344 Tue, June 9 3:30 p.m., Deploying Cisco Jabber on Mobile Devices, Seongho Hong

• BRKUCC-2086 Wed, June 10 3:30 p.m., Extend the Reach of Your Cisco Video Solution with Cisco Jabber Guest, Darin Dunlap

• BRKCOL-2607 Tue, June 9 3:30 p.m., Understanding Cloud and Hybrid Cloud Collaboration Deployment, Louis Pratt

• PSOCOL-2404 Tue, June 9 12:30 p.m., Cisco Spark and the Cisco Collaboration Cloud, Miroslav Polakovic

• BRKUCC-2801 Tue, June 9 8:00 a.m., Cisco Expressway at the Collaboration Edge design session, Kevin Roarty

• BRKCOL-2023 Thu, June 11 8:00 a.m., Architecting Unified Communications to enable Workspace Transformation, Vanessa Sulikowski

• BRKUCC-2444 Mon, June 8 1:00p.m., Directory Services and Single sign-on for the Cisco Collaboration Solution, Paulo Jorge Correia

Participate in the “My Favorite Speaker” Contest

• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)

• Send a tweet and include

• Your favorite speaker’s Twitter handle @paultodwyer

• Two hashtags: #CLUS #MyFavoriteSpeaker

• You can submit an entry for more than one of your “favorite” speakers

• Don’t forget to follow @CiscoLive and @CiscoPress

• View the official rules at http://bit.ly/CLUSwin

Promote Your Favorite Speaker and You Could Be a Winner

Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.

Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Table Topics

• Meet the Engineer 1:1 meetings

• https://www.linkedin.com/in/odwyerpaul

• Related sessions

Thank you

Collaboration Cisco Education OfferingsCourse Description Cisco Certification

CCIE Collaboration Advanced Workshop (CIEC) Gain expert-level skills to integrate, configure, and troubleshoot complex

collaboration networks

CCIE® Collaboration

Implementing Cisco Collaboration Applications

(CAPPS)

Understand how to implement the full suite of Cisco collaboration

applications including Jabber, Cisco Unified IM and Presence, and Cisco

Unity Connection.

CCNP® Collaboration

Implementing Cisco IP Telephony and Video

Part 1 (CIPTV1)

Implementing Cisco IP Telephony and Video

Part 2 (CIPTV2)

Troubleshooting Cisco IP Telephony and Video

(CTCOLLAB)

Learn how to implement Cisco Unified Communications Manager, CUBE,

and audio and videoconferences in a single-site voice and video network.

Obtain the skills to implement Cisco Unified Communications Manager in a

modern, multisite collaboration environment.

Troubleshoot complex integrated voice and video infrastructures

CCNP® Collaboration

Implementing Cisco Collaboration Devices

(CICD)

Implementing Cisco Video Network Devices

(CIVND)

Acquire a basic understanding of collaboration technologies like Cisco Call

Manager and Cisco Unified Communications Manager.

Learn how to evaluate requirements for video deployments, and implement

Cisco Collaboration endpoints in converged Cisco infrastructures.

CCNA® Collaboration

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact [email protected]