Guest

Design Zone for Retail

Cisco Unified Communications Store Workforce Connection Design and Implementation Guide

  • Viewing Options

  • PDF (2.6 MB)
  • Feedback
Cisco Unified Communications Store Workforce Connection Design and Implementation Guide

Table Of Contents

Cisco Unified Communications Store Workforce Connection Design and Implementation Guide

Store Workforce Connection Solution Overview

Components Overview

Solution Description

Target Audience

Solution Benefits

Store Workforce Connection Solution Framework

Application Layer

Unified Communication Manager and VOIP Phones

Workforce Management Application

Integrated Network Services Layer

Network Systems Layer

Intelligent Retail Network

Small Store

Medium Store

Large Store

Store Workforce Connection Solution—Components and Services

Solution Components

Data Center

Stores

Hardware/Software

Services and Functionality

Designing the Store Workforce Connection Solution

Deployment Scenario

Component Design Considerations

Data Center Location

Store Location

Services Design Considerations

Implementing and Configuring the Solution

Configuration Task Lists

Infor Workforce Management Configuration

WBCS Admin Console

Clock Server

Data Population

Cisco Unified Communications Manager

Cisco Unified Application Environment

Cisco Application eXtension Platform (AXP)

Cisco Services Configuration

Testing

Scope of the Solution Testing

Testing Tools

Test Topology

Test Plan

Test Results

Limitations and Caveats

Summary and Recommendations

Appendix A— Lab Validation Device Configurations

SRST

CME

AXP

QoS

Appendix B—Lab Validation Network Diagrams

Large Store

Medium Store

Small Store

Data Center

Service Provider

Appendix C—Infor Installations

Installing WBCS on a Windows PC

Cisco Validated Design


Cisco Unified Communications Store Workforce Connection Design and Implementation Guide


Cisco Validated Design

July 21, 2008

Retail companies depend on Human Capitol Management (HCM) to efficiently run the daily operation of their stores' workforce. The Cisco Store Workforce Connection solution integrates the Infor HCM Workforce Management Application, Cisco Unified Communications Manager, and Cisco Unified IP phones. This combination offers retailers new functionality that dramatically increases efficiency, making significant difference to their bottom-line.

This document provides guidance on how to implement the Cisco Unified Communications Store Workforce Connection solution.

Store Workforce Connection Solution Overview

The Store Workforce Connection solution integrates the Cisco Unified Communication platform and the Infor Workforce Management (WFM) application used by retailers to monitor, manage, and control labor costs. This integration offers new workforce management functionality by integrating the existing application features with voice services and hardware.

Components Overview

Infor Workforce Management (WFM)—Time and attendance and workforce scheduling application.

Infor Store Clock Server Application.

Cisco Unified Communication Manager and Cisco Unified IP phones.

Cisco Unified Application Environment.

Cisco Application eXtension Platform (AXP).

Figure 1 provides an overview of the components in the solution and their functional relationship.

Figure 1 Store Workforce Connection Solution Architecture - Conceptual

Solution Description

The Store Workforce Connection solution provides employees the ability to use the store's IP phones as an interface to the company time and attendance application to perform the following tasks:

Clock in/out for shifts and breaks.

Change the current job type or department that hours are being logged against.

View personal balances (i.e., vacation, sick, and total hours worked).

Real-time overrides of exceptions such as clocking in for unscheduled shifts or breaks.

Voice collaboration between supervisor and employee.

Employees are no longer restricted by the number or location of conventional time clocks. Every phone extension becomes a data capture and an interaction points with an organization's workforce management system. By allowing employees to complete workforce management transactions through their IP phones and interact in real-time with supervisors at the employee's point-of-work, there is no lost time commuting to clocks. As a result, employers can capture more timely and granular job information to gain insight into critical labor data and dramatically enhance the link between corporate goals and workforce operations.

Target Audience

The target users of this document are engineers that have retail accounts interested in using an IP telephony environment or expanding the utility of their existing IP telephony investment. It is assumed that administrators of the Store Workforce Connection solution have experience with installation and acceptance of the products covered by this network design. In addition, it is assumed that the administrators understand the procedures required to upgrade and troubleshoot networks at a basic level.

Other users of this guide include the following:

Retail customers with technical networking/telephony background and experience.

System administrators who are familiar with the fundamentals of IP telephony.

Sales engineers responsible for supporting retail accounts.

Customers for Store Workforce Connection solution include retailers who are considering migrating to IP telephony or with existing IP telephony, and customers that are already using the Workforce Management application or are considering migrating to a new time and attendance application.

Solution Benefits

The Store Workforce Connection solution facilitates technical benefits to the retailer:

Standard services platform for voice and application service integration through the Cisco Unified Communications Manager (CUCM) and the Cisco Unified Application Environment (CUAE).

Application eXtension Platform (AXP) server integration into the store router conserves resources (e.g., power rack space and switch ports).

Standard XML browser for application accessibility via Cisco Unified IP Phones, managed and maintained centrally.

Multi-platform deployment models enabling flexibility and resiliency.

Reduced cost and improved accuracy over legacy (e.g., paper time cards, mechanical clocks) human capitol management methods.

The Store Workforce Connection solution facilitates many business benefits to the retailer and employees. Benefits to the store employee include:

Accessibility to clock in/out features and personal scheduling information anywhere within the store.

More time spend on the floor and within department and less time traveling to the backroom (or off the floor).

Less time spent locating store management when a work rule violation occurs (for example, clocking in early for shift).

Less work rule violations and editing by store management.

Benefits to the retailer include:

Affordable end devices for flexible placement and mobility throughout the store.

Greater control of store payroll investment by preventing unscheduled shifts from occurring and providing visibility to time clocked by employees.

Potential reduction of entire line of systems by removing the need for time clocks entirely.

Store Workforce Connection Solution Framework

The Store Workforce Connection solution was developed and tested using the Cisco Service Oriented Network Architecture (SONA) framework. The SONA model depicts the relationships between applications such as the Infor WFM application and the network infrastructure. Figure 2 represents the solution framework.

Figure 2 Store Workforce Connection Solution Framework

The solution framework is divided into three functional layers:

1. Application—Business and collaboration applications connect users and business process to the infrastructure.

2. Integrated Network Services—Unified Communications, identity, and security services extend and virtualize from the network to the applications.

3. Network Systems—Intelligent retail store architectures serve as the adaptable, secure platform.

Application Layer

Figure 3 Application Layer

Business and collaboration applications connect users and business processes to the infrastructure. The application layer of the framework includes the business and collaboration applications from Infor and Cisco.

Unified Communication Manager and VOIP Phones

The Cisco Unified Communication Manager enables collaboration through XML-based applications such as the Infor Workforce Management. These applications are enhanced through the Cisco Unified 7970 series color IP phones, which have touch-screen enabled displays.

Workforce Management Application

The Infor Workforce Management application delivers time and attendance and task management functions to enterprise and mid-market retailers with hundreds to thousands of stores. The application is split into a clock server that runs in the store and the workforce application that runs in the central data center. Retailers can transform the Cisco Unified 7970 Series IP phone into an employee productivity device that provides a cost-effective way to perform daily store operations procedures (such as time card clocking and task management).

Figure 4 shows an example of how the Store Workforce Connection solution delivers voice service and application feature integration when a store worker clocks in at an unscheduled time and the supervisor is contacted for approval.

Figure 4 Supervisor Override Feature Example—Conceptual Workflow

Application services are the connection from the applications layer to the shared services of the integrated network services layer.

Integrated Network Services Layer

Within the SONA framework, the integrated network services layer (see Figure 5) is where filtering, caching, and protocol optimization interact with applications or application middleware services to optimize the performance from the network to the end user. Process control is simplified by using common infrastructure services such as collaboration, security, and identity. These are key advantages that aid in operational reporting and security policy enforcements.

Figure 5 Integrated Network Services Layer

Fewer services that are shared across more intelligent devices increase the operational efficiency of the whole system:

Voice and collaboration services—Created by adding the Cisco IOS voice service to the store routers as well as adding the Cisco Unified Communication Manager and application servers to the data center.

Network virtualization —Cisco Integrated Services Routers (ISRs), virtualized store security appliances, routers, switches, and voice and application services into intelligent IT appliances that are centrally managed and monitored.

Security services —Are used extensively in the IRN architectures. These services are a combination of in-store security services shared across multiple physical devices, central management in the data center, and virtual access to the security control plane from anywhere in the retail network.

Identity services —Are used to ensure that access to each application is allowed only for authenticated and authorized management users. A central Microsoft Active Directory enhances secure identity services to both Cisco and Infor suites.


Note For more information about securing IRN architectures, refer to the PCI Solution for Retail Design and Implementation Guide at the following URL http://www.cisco.com/web/strategy/retail/pci_imp.html. This guide describes services that can be used to provide a secure posture for the Store Workforce Connection solution.


Cisco Unified Application Environment

The Cisco Unified Application Environment is a development and runtime platform designed for creating, deploying, and executing converged voice and data applications. It is integrated with the Cisco Unified Communications Manager. The Unified Communications Store Workforce Connection solution demonstrates voice and application integration by allowing real-time overrides to be accomplished between employees and supervisors. As the employee clocks into an unscheduled shift on the IP phone, the application rejects the employee stating that his/her shift is unscheduled. Soft buttons on the phone allow the employee to forward the request to the supervisor. The supervisor receives a phone call from the application stating the employee is attempting to clock-in for an unscheduled shift, complete with the requisite details. The supervisor can then accept the override by pressing 1 on his phone keypad or any other number to reject. The override transaction is then automatically updated into the application, avoiding the need for manual update at a later time by the supervisor.

The integrated network services layer provides services that are distributed across the infrastructure layer.

Network Systems Layer

Figure 6 Network Systems Layer

The Network Systems Layers is where the infrastructure resides. The Intelligent Retail Network (IRN) references architectures were used as a contextual backdrop to test the interoperability of the features and functionality of integration between Infor's application and the Cisco Unified Communications products. Using the SONA framework, the Intelligent Retail Network reference architectures serve as the foundation of the Network Systems Layer. These network architectures exhibit best practices for retail networks and provide the robust foundation for higher-level services and applications. Each of these architectures contain additional products and features beyond what is necessary for the Store Workforce Connection solution (e.g., wireless products, kiosks and application acceleration), but are depicted because they are common in many enterprise networks.

For more information about IRN, see the following URL:

http://www.cisco.com/web/strategy/retail/irn.html.

Intelligent Retail Network

Small Store

The small store reference architecture (see Figure 7) is a powerful platform for running an enterprise retail business that requires simplicity and a compact form factor. This combination appeals to many different retail formats that can include the following:

Mall-based retail stores

Quick-serve restaurants

Convenience stores

Specialty shops

Discount retailers who prefer network simplicity over other factors

This network architecture is widely used and consolidates many services into fewer infrastructure components. The small store also supports a variety of retail business application models because an integrated Ethernet switch supports high-speed LAN services.

Figure 7 Small Store Network Design

Primary Design Requirements

Primary design requirements are as follows:

Store size averages between 2000 to 6000 square feet.

Fewer than 25 devices requiring network connectivity.

Single router, integrated Ethernet switch, and AXP advanced interface module (AIM) card houses the Infor application.

Preference for integrated services within fewer network components because of physical space requirements.

Advantages

Advantages are as follows:

AXP AIM card allows for the store's clock server to reside within the router chassis, eliminating the need for an additional external server, adhering to the primary design requirements restricted physical space.

Lower cost per store.

Fewer parts to spare.

Fewer software images to maintain.

Lower equipment maintenance costs.

Limitations

Limitations are as follows:

Decreased levels of network resilience.

Greater potential downtime because of single points of failure.

Medium Store

The medium retail store reference architecture (see Figure 8) is designed for enterprise retailers who require network resilience and increased levels of application availability over the small store architecture and its simple, single-threaded approach. As more mission-critical applications and services converge onto the IP infrastructure, network uptime and application availability are more important. The dual-router and dual-LAN switch design of the medium store supports these requirements. Each of the ISR routers can run Cisco IOS security services and other store communication services simultaneously. Each of the ISR routers is connected to a dedicated WAN connection. Hot-Standby Routing Protocol (HSRP) is used to ensure network resilience in the event that the network connection fails.

The access layer of the network offers enhanced levels of flexibility and more access ports compared to the small store. The distributed Cisco Catalyst switches can support a combination of larger physical buildings or a larger number of endpoints than the small store.

Figure 8 Medium Store Network Design

Primary Design Requirements

Primary design requirements are as follows:

Store size averages between 6,000 to 18,000 square feet.

Physical size of store is smaller than a large store, so a distribution layer of network switches is not required.

Number of devices connecting to the network averages between 25 and 100 devices.

Advantages

Multiple routers for primary and backup network requirements

AXP network module integrates the Infor application into the primary router eliminating the need for an additional external server.

Adaptive access layer with support for a greater number of endpoints and more diverse building requirements (multiple floors, sub-areas, and so on).

Improved network resilience through parallel device design.

Improved network and application availability through parallel paths.

Limitations

The limitation is of this architecture is that there is no distribution layer between core layer (the ISR) and the access layer switches.

Large Store

The large retail store reference architecture (see Figure 9) adapts the Cisco campus network architecture recommendations to a large retail store environment. Network traffic can be segmented (logically and physically) to meet business requirements. The distribution layer of the large store architecture improves LAN performance while offering enhanced physical media connections. A larger number of endpoints can be added to the network to meet business requirements. This type of architecture is widely used by large-format retailers globally. Dual routers and distribution layer media flexibility improves network serviceability because the network is highly available and scales to support the large retail store requirements. Routine maintenance and upgrades can be scheduled and performed more frequently, or during normal business hours, through this parallel path design.

Figure 9 Large Store Network Design

Primary Design Requirements

Primary design requirements are as follows:

Store size averages between 15,000 to 150,000 square feet.

More than 100 devices per store requiring network connectivity.

Multiple routers for primary and backup network requirements.

Preference for a combination of network services distributed within the store to meet resilience and application availability requirements.

Three-tier network architecture within the store; distribution layer switches are used between the central network services core and the access layer connecting to the network endpoints (point-of-sale, wireless APs, servers, etc.).

Advantages

Highest network resilience based on highly available design.

Port and fiber density for large retail locations .

Increase segmentation of traffic.

Scalable to accommodate shifting requirements in large retail stores.

Infor Workforce Application server resides on an existing external server, but could also be deployed on AXP module, eliminating the need for an additional external server.

Limitations

The limitation of this architecture is the higher associated cost because of network resilience based on highly available design.

Store Workforce Connection Solution—Components and Services

Solution Components

The following components are used in the Store Workforce Connection solution.

Data Center

Infor HCM Workforce Management Application—World class time, attendance and workforce scheduling application

Cisco Unified Communications Manager—Core call-processing software for Cisco IP telephony. It builds call processing capabilities on top of the Cisco IP network infrastructure. Cisco Unified Communications Manager software extends enterprise telephony features and capabilities to packet telephony network devices such as IP phones, media processing devices, voice gateways, and multimedia applications.

Cisco Unified Application Environment—Integrates the call processing of Unified Communications Manager and Infor's application features.

Stores

Infor HCM Workforce Management Clock Server— Store located clock server that has the flexibility to be deployed on a router's integrated AXP AIM card, AXP network module or on a standalone server.

Cisco Unified 7970 IP phone—Offers all the functions expected from a telephone as well as additional advanced features including the ability to access XML-based applications. The Cisco Unified 7970 IP phone includes a color display and touch screen.

Cisco Unified 7940IP phone— Offers all the functions expected from a telephone as well as additional advanced features including the ability to access XML-based applications.

Hardware/Software

Table 1 lists the products installed for the Store Workforce Connection solution, including the software versions tested during validation.

Table 1 Hardware/Software installed 

 
Solution Component
Software Version
Solution Location

Infor HCM Workforce Management Application

5.0.3.0

Data center

Cisco Unified Communications Manager

5.1.2.1000-11

Data center

Cisco Unified Application Environment

2.4

Data center

Infor Workforce Management Clock Server

5.0.3.0

All stores

Cisco Unified IP Phone 7970G

SCCP70.8-2-2SR2S

All stores

Cisco Unified IP Phone 7940

P00308000500

All stores

Optimization Component
Software Version
Solution Location

AXP AIM Card

0.0.8

Small store

AXP Network Module

0.0.8

Small store - CME

AXP Network Module

0.0.8

Medium store

Cisco ISR 3845

12.4.9T-Adv IP Services

Large store

Cisco ISR 3825

12.4.9T-Adv IP Services

Medium store

Cisco ISR 2821

12.4.9T-Adv IP Services

Small store

Catalyst 4500

12.2(20)EW 3

Large store

Catalyst 3750G

12.2.25-SEE2-IP Services + Web-based Dev Mgr

Large and Medium store

Microsoft Products
Software Version
Solution Location

Microsoft Active Directory on Windows 2003 Server

5.2.3790.3959

Windows 2003 Server in data center

Internet Explorer 6

6.0.2900.2180 with SP2

XP SP2 desktop in data center and stores

Internet Explorer 7

7.0.5730.11CO

Windows 2003 Server in data center

Microsoft Windows 2003 Server Standard Edition SP2

5.2 R2 Build 3790.srv03_sp2_gdr.070304-2240

Solution servers


Services and Functionality

Table 2 lists the services that were enabled to optimize Workforce Management within the Cisco network environment.

Table 2 Services

 
Cisco Optimization Service
Software Version
Solution Location
 

SRST

4.0.0.0

Small, Medium and Large Stores

 

CME

4.0.0.0

Small Store

 

QoS

ISR 2821, 3825 and 3845

IOS 12.4.9T

Data Center and Stores

 

Designing the Store Workforce Connection Solution

Deployment Scenario

Figure 10 depicts the Unified Communications Store Workforce Connection deployment scenario. The Cisco Unified IP phones communicate using XML to the local store clock server. The clock server communicates via HTTP to the centralized Cisco Unified Application Environment server and via Web Services to the central Infor HCM Workforce Management server. Using a local database, each clock server is able to operate independently and synchronize periodically with the central server.

Figure 10 Store Workforce Connection Deployment Scenario

Component Design Considerations

Data Center Location

Infor Workforce Management Application

The Workforce Management central application is dependent on three separate layers: web layer, application layer, and database layer.

The web layer serves as the user interface.

The application layer handles the logic processing and serves as a web server to display JavaServer Pages (JSPs) screens to the user. The application layer leverages Java classes as well as JSP logic in its processing and displaying functions.

The database layer stores all application data to be retrieved and processed by the application layer.

There is only one instance of the central application running at any given time. With this setup, the central application has proven to be scalable enough to service some of the largest retail organizations in North America. For more information about Infor and their HCM Workforce Management Application, visit http://www.infor.com/solutions/hcm/workforce/.

Cisco Unified Communications Manager

The Unified Communications Manager implementation was a default installation of version 5.1. This version was selected because it represents the most common retail deployment. It is assumed that an actual retailer would implement a clustered implementation of Cisco Unified Communication Manager. For additional guidance on the Cisco Unified Communications, see the following URL: http://www.cisco.com/en/US/products/sw/voicesw/ps556/prod_installation_guide09186a0080792e5e.html.

Cisco Unified Application Environment

The Cisco Unified Application Environment provides a common interface for applications to interact directly with unified communications resources and other applications. The Cisco Unified Media Engine can scale up to 400 concurrent connections per system, subject to the server's processing and memory capacity. It can be clustered using multiple systems for greater capacity and high availability. The media engine in this solution was used for the text-to-speech rendering of messages sent from the clock server to a supervisor via an active call for automated clock override requests. For more information about the Cisco Unified Media Engine, visit http://www.cisco.com/go/mediaengine/.

Store Location

Intelligent Retail Network

The small, medium, and large stores were built to the specifications of the Intelligent Retail Network reference architectures for the purpose of providing a test platform to validate the functionality of the Store Workforce Connection Solution upon. Each store consists of access routing, switching, and security services. For additional information on the Intelligent Retail Network, see the following URL: http://www.cisco.com/web/strategy/retail/irn.html.

Infor Clock Server Application

The Infor Clock Server (formerly known as WorkBrain Clock Server or WBCS) is a service that runs in either a Windows or Linux-based environment. Its function is to collect the information from a set of clocking devices, in this case IP phones. It is recommended that no more than 250 devices per-clock server be configured for performance reasons. The Infor Clock Server has been designed in such a way that configuration files can be swapped in and out of various platforms that are running the Clock Server without any change in functionality. Therefore, regardless of what platform is chosen, the same install process can be followed.

Cisco Application eXtension Platform (AXP)

The Cisco AXP module is a Linux server that is installed within an ISR router as an internal AIM module or modular network expansion module (NME). WBCS application Version 5.3 is packaged to operate on this module and provide services in the store even in the event of a WAN circuit failure.

Cisco Unified IP Phones 7970 and 7940

The solution used G.729a as the compression protocol for phone calls over the WAN and Skinny Call Control Protocol (SCCP) as the telephony control protocol. SCCP is required because the firmware image is smaller than the SIP firmware image. Older phones lack sufficient memory to support XML applications in the larger SIP image.

Services Design Considerations

Survivable Remote Site Telephony

Cisco Unified Survivable Remote Site Telephony (SRST) provides Cisco Unified Communications Manager with fallback support for Cisco Unified IP Phones that are attached to a Cisco router on the local network. Cisco Unified SRST enables routers to provide call-handling support for Cisco IP phones when they lose connection to remote primary, secondary, or tertiary Cisco Unified Communications Manager installations or when the WAN connection is down.

Cisco Unified Communications Manager supports Cisco Unified IP phones at remote sites attached to Cisco multiservice routers across the WAN. Prior to Cisco Unified SRST, when the WAN connection between a router and the Cisco Unified Communications Manager failed or when connectivity with Cisco Unified Communications Manager was lost for some reason, Cisco Unified IP phones on the network became unusable for the duration of the failure. Cisco Unified SRST overcomes this problem and ensures that Cisco Unified IP Phones offer continuous (although minimal) service by providing call-handling support for phones directly from the Cisco Unified SRST router. The system automatically detects a failure and uses Simple Network Auto Provisioning (SNAP) technology to autoconfigure the branch office router to provide call processing for Cisco Unified IP Phones that are registered with the router. When the WAN link or connection to the primary Cisco Unified Communications Manager is restored, call handling reverts back to the primary Cisco Unified Communications Manager.

When the Cisco Unified IP phones lose contact with primary, secondary, and tertiary Cisco Unified Communications Managers, they must establish a connection to a local Cisco Unified SRST router to sustain the call-processing capability necessary to place and receive calls. The Cisco Unified IP Phone retains the IP address of the local Cisco Unified SRST router as a default router in the network configuration area of the settings menu. Having an active standby connection established with a Cisco Unified SRST router, the fallback process takes 10 to 20 seconds after connection with the Cisco Unified Communications Manager is lost. For more information on Cisco Unified SRST, refer to the following URL:

http://www.cisco.com/en/US/products/sw/voicesw/ps2169/products_documentation_roadmap09186a008018912f.html

Cisco Unified Communications Manager Express

The Cisco Unified Communications Manager Express (CME) is a call-processing application in the Cisco IOS software that enables Cisco routers to deliver key-system or hybrid PBX functionality for enterprise branch offices or small businesses. Cisco Unified CME is a feature-rich entry-level IP telephony solution that is integrated directly into Cisco IOS software. Cisco Unified CME allows small business customers and autonomous small enterprise branch offices to deploy voice, data, and IP telephony on a single platform for small offices, thereby streamlining operations and lowering network costs.

Cisco Unified CME is ideal for customers who have data connectivity requirements and also have a need for a telephony solution in the same office. Whether offered through a service provider's managed services offering or purchased directly by a corporation, the Cisco Unified CME offers most of the core telephony features required in the small office as well as many advanced features not available with traditional telephony solutions. The ability to deliver IP telephony and data routing by using a single converged solution allows customers to optimize their operations and maintenance costs, resulting in a significantly cost-effective solution that meets office needs.

A Cisco Unified CME system is extremely flexible because it is modular. A Cisco Unified CME system consists of a router that serves as a gateway and one or more VLANs that connect IP phones and phone devices to the router. The Cisco Unified CME system can support up to 240 IP phone devices depending on the router platform and licensing. For more information on Cisco Unified Communications Manager Express, visit http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/srnd/design/guide/cmesrnd.html

Quality of Service (QoS)

The Store Workforce Connection solution should be integrated into a retailer's enterprise quality of service scheme. The use of QoS protects the retailer's enterprise PoS, voice, and media traffic from being disturbed by other forms of consumptive traffic. The following configurations were used consistently across the small, medium, and large stores.

QoS in this solution is implemented as Class-Based Weighted Fair Queuing (CBWFQ) with priority express forwarding for the voice traffic (see Table 3). Policy maps are used to classify traffic inbound on LAN interfaces and to queue traffic outbound on WAN interfaces. Common performance issues today are often the result of misbehaving applications generating excessive traffic. By properly classifying and queuing network traffic, performance can be greatly improved. Through the use of QoS and multicast, retailers can remain extremely conservative on their WAN bandwidth provisioning.

The method of QoS used in the testing lab was based on the Cisco Enterprise Quality of Service reference design as shown in Table 3. For more information on QoS, refer to the following URL: www.cisco.com/univercd/cc/td/doc/solution/esm/qossrnd.pdf

Table 3 Cisco Enterprise Quality of Service

 
QoS Baseline Model
Description

Voice

Voice in Low Latency Queue - Priority

Interactive-Video

Video conferencing in Low Latency Queue - Priority

Streaming-Video

IPTV Streaming Video

Call-Signaling

Bandwidth guaranteed for Call-Signaling

IP Routing

Routing bandwidth guarantee

Network-Management

Network Management bandwidth guarantee

Mission-Critical Data

Identified Mission Critical Data (i.e., POS, timeclock, etc.)

Transactional Data

Transactional Data Applications (i.e., Workforce Management, Remote desktop, etc.)

Bulk Data

General background transfer traffic (i.e., File Transfers, E-mail, TFTP, etc.)

Best-Effort

All other traffic not identified

Scavenger

Undesired traffic (i.e., point-to-point file sharing, napster, etc.)


Security

Security is an integral component of all retail networks requiring adherence to industry regulations such as the Sarbanes-Oxley Act of 2002 (SOX) and Payment Card Industry (PCI). Additional retail-focused security recommendations are provided in the PCI Solution for Retail Design and Implementation Guide at the following URL:

http://www.cisco.com/web/strategy/retail/pci.html

Segmentation for security purposes occurs in all locations. Within each store, retail traffic is segmented by type (such as point-of-sale, wireless, voice, and so on), and assigned an appropriate VLAN. The store ISR protects these segments with integrated Cisco IOS security features, such as packet filtering, stateful inspection firewall, NAT, IPS, and other services, applied as appropriate. Within the data center, segmentation and firewalling is implemented between data center services such as Workforce Management Directory, Cisco Unified Communications Manager, DNS, NTP, and so on. Management of network devices is secured using Access Control Server and Active Directory.

This guide identifies the ports and protocols used by IP telephony with Cisco Unified Communications Manager and the Infor Workforce Management application. These services can then be accommodated in specific implementations as needed.

Implementing and Configuring the Solution

This section provides detailed configurations, guidance, and reference information for the implementation of solution components:

Infor HCM Workforce Management Application

Infor Workforce Management Clock Server

Cisco Unified Communications Manager (CUCM)

Cisco Unified Application Environment (CUAE)

Cisco Application eXtension Platform (AXP)

Cisco Services

Configuration Task Lists

Infor Workforce Management Configuration

The Workforce Management application installation is typically performed by Infor's Professional Services Organization because of the complexity and tuning that enhances the performance. The following steps are provided for users interested in understanding what these services comprise.

Database

The type of database can be Oracle, SQL Server, or DB2. Each type of database is being used by many existing retailers who are currently in production. In solution testing, Oracle was used. The database installation files as well as the Workforce Management database files are required.

The following is a list of configuration steps. Note that this is not meant to be exhaustive nor does all the steps apply to all databases:


Step 1 Install Oracle 10g (e.g. 10.2.0.1.0).

Step 2 Create the database user and schema. Infor provides scripts to do these functions for each database.

Step 3 Populate database with default data. There is a data loader tool that Infor uses to read from XML files and insert data into the database.

Step 4 Create an Oracle listener. Open up the Oracle Configuration and Migration Tools folder and start up Net Configuration Assistant. Check Listener configuration and click Next. Use all the defaults in the installation.

Step 5 Configure the listener for the database in the network/admin folder of the Oracle install. The file to modify is listener.ora. In the following example, WB50FP25 is used as the database name. This step is required only if the database is accessed remotely. Usually, the SID is the same as the database name.

SID_LIST_LISTENER =
  (SID_LIST =
    (SID_DESC =
      (SID_NAME = PLSExtProc)
      (ORACLE_HOME = C:\oracle\oracle10)
      (PROGRAM = extproc)
    )
    (SID_DESC =
      (GLOBAL_DBNAME = WB50FP25)
      (ORACLE_HOME = C:\oracle\oracle10)
      (SID_NAME = WB50FP25)
    )

The database service name must be registered to access the database.

Step 6 Start up the Oracle Net Configuration Assistant, which should be found in the Oracle program group. Select Local Net Service Name configuration and click Next (see Figure 11).

Figure 11 Oracle Net Configuration Assistant

Step 7 Ensure Add is selected and click Next (see Figure 12).

Figure 12 Oracle Net Configuration Assistant—Net Service Name Configuration

Step 8 Enter the service name of the database created in Step 7 (see Figure 13).

Figure 13 Oracle Net Configuration Assistant—Service Name

Step 9 Ensure TCP is highlighted and click Next (see Figure 14).

Figure 14 Oracle Net Configuration Assistant—Select Protocols

Step 10 Enter the host name of the machine that is running the database and click Next (see Figure 15).

Figure 15 Oracle Net Configuration Assistant—Hostname

Step 11 Attempt to perform the test to verify your settings (see Figure 16).

Figure 16 Oracle Net Configuration Assistant—Test Verification

Step 12 You may get the error message shown in Figure 17 if the login credentials are incorrect. Click Change Login to change these settings and try again.

Figure 17 Oracle Net Configuration Assistant—Login Error Message

Step 13 Leave the Net Service Name (see Figure 18) as the default, which is the same as the database name specified earlier.

Figure 18 Oracle Net Configuration Assistant—Net Service Name


Step 14 When prompted with the option of creating another one, ensure No is selected and click Next (see Figure 19).

Figure 19 Oracle Net Configuration Assistant—Another Net Service Name Option

Step 15 Click Next to finish up the process and exit (see Figure 20).

Figure 20 Oracle Net Configuration Assistant—Net Service Name Configuration Done

The following entry should exist in the tnsnames.ora file found in network/admin of the Oracle installation. WB50FP25 is the name of the database created.

(SID_DESC =
(GLOBAL_DBNAME = WB50FP25)
(ORACLE_HOME = C:\oracle\oracle10)
(SID_NAME = WB50FP25)
)

Step 16 Restart the database service in Windows Services (execute the services.msc command on the run window).

Step 17 Restart the listener (enter the lsnrctl reload command on the command line).


Application Server

Infor officially supports WebLogic and Websphere as its application servers. For solution testing, WebLogic was used on a Windows 2003 server. For this section, the file workbrain.ear, which contains all the Java classes and JSPs, is needed in addition to installation files for the programs required.


Step 1 Install JDK 1.4.2_13 with the JDK patch; this was the supported version at the time of testing. The JDK may need to be patched for timezone changes.

Step 2 Install WebLogic and configure it. This step sets up the application server to process the logic, serve pages to the web user, and connect with the database.

Step 3 Check the following:

a. The URL attribute of the JDBCConnectionPool tag is appropriate for the database type and name being connected to.

b. TaskScheduler/jndi.txt refers to the correct database name.

c. workbrain.ear has been properly expanded in "C:\bea81sp4\user_projects\domains\wbdomain1\applications" (or similar). It should contain 3 folders: lib, meta-inf, and war.

d. Modify C:\bea81sp4\user_projects\domains\wbdomain1\applications\workbrain\META-INF\application.xml so that "<web-uri>workbrain.war</web-uri>" becomes "<web-uri>war</web-uri>"

Ensure that C:\bea81sp4\user_projects\domains\wbdomain1\startWeblogic.cmd has the right ojdbc14.jar referenced. E.g. set CLASSPATH=C:\oracle\product\10.2.0\db_1\jdbc\lib\ojdbc14.jar;%CLASSPATH% to point to correct folder containing ojdbc14.jar

Ensure that the C:\bea81sp4\user_projects\domains\wbdomain1\startWeblogic.cmd file has the following correct: set JAVA_HOME=c:\j2sdk1.4.2_03

Make sure this points to the right folder

Modify startWeblogic.cmd so that the listener and database services are properly named. Look for the "net start" lines in the file. This guarantees that the Oracle services are running.

Step 4 Run C:\bea81sp4\user_projects\domains\wbdomain1\startWeblogic.cmd from the command line.

Step 5 If you get an error saying that config.xml cannot be found in the path even though it is definitely in the right place, you may have write permission issues. Ensure the entire domain folder and all its files is not read-only.

Step 6 Task Scheduler has its own start script called startScheduler.bat. Modify this file so that the following refers to the right ojdbc14.jar for the database being connected to.

set SCHED_CLASSPATH=C:\oracle\product\10.2.0\db_1\jdbc\lib\ojdbc14.jar

Step 7 run startScheduler.bat.


WBCS Admin Console

The Admin Console is the GUI for the Clock Server (see Figure 8). This tool allows the user to view what is stored in the Clock Server database, kick off processes, and modify settings. The Admin Console can access any Clock Server remotely as long as a network connection can be made. By default, Clock Servers are installed to allow the Admin Console access through TCP port 1500. There is only one step to setting up the Admin Console and that is to simply run the installer in Windows.

The dbupdate schedule/interval is frequent enough to pick up files or right-click on dbupdate and select restart to have it immediately do the update. This can be found under the Debug tab and Daemon Threads. Restarts will load the employees into the Clock Server once they are set up in the main application correctly. To verify this later, click on the Employees tab and then the Reload button.

Figure 21 WBCS Admin Console Debug Menu


Clock Server

The Infor Clock Server can reside on multiple platforms including Windows and Linux. To test various setups, testing included deploying the Infor Clock Server on both Windows 2003 and AXP platforms.

The steps for configuring the Infor Clock Server is as follows:


Step 1 (Windows only) Run the WBCS Windows Installer with the steps listed in Appendix C—Infor Installations.


Note Select HTTP as one of the clocks to install and the validations desired.


Step 2 (AXP only) While running install, it is meant to mirror the same options as the Windows Installer. Refer to Appendix C—Infor Installations.


Note Do not forget about the change history triggers. Import and Process Job Scheduler Tasks is also needed.


Step 3 for input choices:

a. Create Package from Linux Red Hat install.

b. Copy in strings command file so that startup script can use it.

c. make modifications to LAX file such that absolute paths are used to refer to the included JRE.

d. It may also be necessary to have the ClockServer.lax file modified so that -Djava.library.path="/root/wbcs/lib;" is removed from the following setting:

lax.nl.java.option.additional=-Djava.library.path="/root/wbcs/lib;" -Xms128m -Xmx1024m

Step 4 Add in cisco/cisco.conf so that you have c:\wbcs\cisco\cisco.conf or similar.

Step 5 Add in cisco handler settings into settings.conf:

class.reader.CISCO = com.workbrain.clocks.server.handlers.cisco.ReaderHandler
#port for http reader 
reader.CISCO.port = 8080
#configuration file
reader.CISCO.config = cisco/cisco.conf
#Heartbeat time
reader.CISCO.interval = 20000
#Heartbeat time
thread.CISCO.interval = 20000
            
#What PrePostSwipeProcessing class to use for the cisco clocks
class.swipe.process.CISCO = 
com.workbrain.clocks.server.validation.PrePostSwipeProcessing

Step 6 Map the supervisor phone number field. This depends on the supervisorPhone = ^&6 setting in cisco.conf. The setting is to be added to settings.conf: wbsynch.mapping.EMPLOYEE.udf6 = EB.EMPBDG_UDF5.

Step 7 Map the supervisor badge number field correctly. This depends on the supervisorBadge = ^&5 setting in cisco.conf. The setting is to be added in settings.conf: wbsynch.mapping.EMPLOYEE.udf5 = EB.EMPBDG_UDF4.

Step 8 Connect to WBCS using the Admin Console (see Figure 22).

Figure 22 Connecting to WBCS using Admin Console

Step 9 Click on the Settings tab on the left. Click on reload settings. See Figure 23.

Figure 23 Reload Setting Selection

Step 10 Click Update Settings for a light restart (see Figure 24).

Figure 24 Update Setting

Step 11 Take a look at the Log tab to see if any errors occurred. If there is a connect error, it may be due to the machine name not being able to be connected to. From the Clock Server machine, try the following in a web browser: http://localhost:port/axis/services.

Step 12 Swipes cannot occur unless there is at least one validation. In the WBCS Installer, as of 5.0.3.0, CISCO had yet to be added and thus it is not possible to have validation classes automatically assigned in the settings.conf file. Therefore, the best way is to select the HTTP handler during the WBCS install and copy those validation class settings. They are in the following format: class.validation.HTTP.003 = com.workbrain.clocks.server.validation.BadgeValidation. The HTTP should be replaced with CISCO in the copied lines, or you can simply copy the following into settings.conf for a rough set of validations. All of them may not be necessary depending on the business needs of the retailer:

class.validation.CISCO.001  = 
com.workbrain.clocks.server.validation.SupervisorValidation
class.validation.CISCO.002  = 
com.workbrain.clocks.server.validation.SupervisorEmployeeValidation
class.validation.CISCO.003  = com.workbrain.clocks.server.validation.BadgeValidation
class.validation.CISCO.005  = 
com.workbrain.clocks.server.validation.ScheduleValidation
class.validation.CISCO.006  = 
com.workbrain.clocks.server.validation.BreakLengthValidation
class.validation.CISCO.007  = 
com.workbrain.clocks.server.validation.ConsecutiveTypesValidation
class.validation.CISCO.008  = com.workbrain.clocks.server.validation.JobValidation
class.validation.CISCO.009 = com.workbrain.clocks.server.validation.DocketValidation
class.validation.CISCO.010 = com.workbrain.clocks.server.validation.TimeCodeValidation
class.validation.CISCO.011 = 
com.workbrain.clocks.server.validation.DepartmentValidation
class.validation.CISCO.012 = com.workbrain.clocks.server.validation.ProjectValidation
class.validation.CISCO.013 = com.workbrain.clocks.server.validation.StatusValidation
class.validation.CISCO.014  = com.workbrain.clocks.server.validation.JobAreaValidation
class.validation.CISCO.015 = 
com.workbrain.clocks.server.validation.DocketAreaValidation
class.validation.CISCO.016 = 
com.workbrain.clocks.server.validation.TimeCodeAreaValidation
class.validation.CISCO.017 = 
com.workbrain.clocks.server.validation.DepartmentAreaValidation
class.validation.CISCO.018 = 
com.workbrain.clocks.server.validation.ProjectAreaValidation

e. (Optional and for informational purposes only) If you want to use XML files instead, comment out the following parameters in settings.conf to use the default, which is XML files.

class.communication.inbound and class.communication.outbound

Web Services is recommended as it eliminates one layer of redundancy. During testing, this method was used initially to ensure that the IP phones could retrieve information. The XML file parameters in settings.conf must also have values to know where to store the files:

         #Location for the archived xml files
         file.location.xml.archive = xml/archive
         #Location for bad xml files (could not be processed)
         file.location.xml.bad = xml/bad
         #Location for new inbound xml files 
         file.location.xml.inbound = xml/inbound
         #Location for new outbound xml files
         file.location.xml.outbound = xml/outbound

Step 13 Double check the web services settings in settings.conf. Note that ServerName must be identical to that set in the main application. This is mentioned again in a later step. The username and password should also work to access the application through the front-end web interface:


class.communication.inbound = 
com.workbrain.clocks.server.wbsynch.webservice.WSXmlController
class.communication.outbound = 
com.workbrain.clocks.server.wbsynch.webservice.WSXmlController
wbsynch.webservice.clientName = DEFAULT
wbsynch.webservice.pageSize = 1000
wbsynch.webservice.password = %7F
wbsynch.webservice.serverName = WBCS-SMALL
wbsynch.webservice.tableDumpRetries = 3
wbsynch.webservice.timeOut = 60000
wbsynch.webservice.url = http://wbas.cisco-irn.com:8444/axis/services
wbsynch.webservice.username = workbrain

Step 14 If you get an error message that reads Missing Configuration, it may be due to the settings.conf file(s) being all on one line. The settings parser depends on end of line characters. Ensure there is only one setting per line. This may have been modified by a text editor.


Data Population

At this point in the setup, all the pieces are in place and connected, but no data has flowed to the Infor Clock Server. Consequently, the Infor Clock Server does not know which employees to accept, which labor metrics to show, or even the IP address of the phones to expect connections from.

The steps for data populations are as follows:


Step 1 In Firefox or Internet Explorer, navigate to the URL and port designated for the main application.

Step 2 Access the main application using the username/password (workbrain/1 by default) and click on the LOGIN button (see Figure 25).

Figure 25 Infor Login

Step 3 In the Workbrain application, add in employees using the Employee Import Interface. (More documentation is available from Infor.)

Step 4 The following steps are found in Maintenance -> Reader Setup (see Figure 26).

Figure 26 Reader Setup

a. Add an appropriate Reader Server Type.

1. Click on Reader Server Types.

2. Click on Create New Entry.

3. Enter in the following values and click on Save.

b. Create a new Reader Server. Note that the name you give it must match the ServerName assigned in settings.conf of the WBCS.

1. Click on Reader Server.

2. Click on Create New Entry and enter the following information:

3. Click Save.

c. Reader Groups help determine which employees can clock into which phones. Several reader groups can belong to a Clock Server (aka Reader Server) .Create a Reader Group and use the newly created Reader Server as the Server.

1. Click on Reader Group.

2. Click on Create New Entry.

3. Assign a name to the Reader Group, provide a description, and select the Reader Server previously created. Click Save.

d. Create a Reader with the IP address of the phone you will use and associate it with the reader group you crated.

1. Click on Readers.

2. Click on Create New Entry.

3. Fill in the following entries. Take note that the timezone and IP address will likely differ. (For settings not shown here, they can be left blank.)

4. Click Save.

Step 5 For any employees that need to use the clocking functions at the phone, they need to be associated with the reader group.

a. Navigate to Maintenance -> Employee -> Employees.

b. Search for the employee and click on Edit.

c. For an employee, click on the Employee Reader Group link.

d. Add in the reader group we created. Click Save.

Step 6 For any labor metrics (e.g. jobs, departments, etc) that need to be used at the IP phone, they need to be added and associated with a reader group as well. They can be found under Maintenance -> Labor Metrics. The steps are similar to adding a reader group to an employee profile in that you would find the labor metric to be modified: click on the Reader Groups link near the top, select the reader group from the drop down, and click Save.

Step 7 Time code BRK must be associated with the reader group.

a. Navigate to Maintenance -> Payroll Settings ->Time Codes.

b. Select the Time Code to be modified and click on Edit.

c. Click on the Time Code Reader Groups link.

d. Select the Reader Group we created earlier and click Save.

Step 8 Each employee must have a badge to log in to the phone. A PIN should also be assigned. Also, use UDF5 as the supervisor phone number/extension field. This must be done manually. Use UDF4 to identify the supervisor's badge number. (For our client project teams, this data would be populated using an interface task.)

a. Navigate to Maintenance -> Employee -> Employee Badge.

b. Click on Create New Entry.

c. (At this stage, there may be some configuration required to be able to input the Supervisor Badge and Supervisor Phone number.) Here, the badge number and PIN would be the input the user would need to provide to access the system.

d. For each employee, enter in a badge number and click Save.

Processing Clock information in the Main Application

At this point, transactions is read, stored, and uploaded to the main application's database in a staging table. The transactions still need to be processed and displayed on an employee's timesheet. The steps for that is as follows:


Step 1 Create a clock processing task

a. Navigate to Maintenance -> System Administration -> Job Scheduler and click on Add Schedule.

b. Enter in a name for the task as well as selecting the appropriate type.

c. To have the task automatically run periodically, select the Daily radio button and enter in the interval amount. In the following example, the task is configured to run every 5 minutes.

d. To test our new task to ensure it is running, click on Run Now for our new task:

e. You should see the Last Run Time and Next Run Time advance forwards upon a refresh of the page. If this is not the case, it indicates that the scheduler process is not running.

Step 2 Now when transactions are done and sent up to Workbrain, the processing takes in the transactions and they are displayed on the Timesheet.


Tip Possible reasons that the Host Not Found message could display on the phone when selecting WBCS from the services list:

Cisco.conf file is not present (check clock.log)

The URL is wrong in the CCM Admin under Phone Services

No terminals of type CISCO have been added to the clock server (do a "netstat /a" to see if 8080 is being listened on).

Cisco Unified Communications Manager


Note For the local clock service to be available in the event that phone operation switches to SRST mode (i.e., if the Cisco Unified Communications Manager in the data center is not reachable) , the services should be defined using the local clock server IP address and assigned directly to the services button on each IP phone.


Cisco Unified Communications Manager was installed using the current implementation guide available at the following URL: http://www.cisco.com/en/US/products/sw/voicesw/ps556/prod_installation_guide09186a0080792e5e.html.

The following steps outline the setup of Cisco Unified Communications Manager:


Step 1 Installed Cisco Unified Communications Manager server 5.1.1.3000 and added service pack 5.1.2.1000 using MCS7845-H server.

Step 2 Create device pools representing each store location. For Lab testing small, medium, and large store pools were created.

Step 3 Add gateway routers and endpoint ports for store routers (e.g., small, medium, and large).

Step 4 Add phones and assign appropriate dial plan, partitions, translations, locations and SRST settings.

Step 5 Configure SNMP settings.

Step 6 Create service URLs for each store's local Clock Server (e.g., http://wbcs-small.cisco-irn.com:8080/, http://wbcs-medium.cisco-irn.com:8080/, http://wbcs-large.cisco-irn.com:8080/).

Step 7 Assign the appropriate clock server service to each store phone.


Note Configuration changes made from this context are immediately enacted by the router. In other words, there is no secondary commit command or something similar to enable a new configuration to take place - it happens immediately.


Cisco Unified Application Environment

A standard complete installation of Cisco Unified Application Environment was performed on a Cisco MCS 7845 H2 server. Both the application server and media engine were installed on the same server hardware. The media engine requires direct access to the Intel chipset features; therefore, it should not be installed in a virtual environment or on non-Intel hardware.

For more information regarding the installation of Cisco Unified Application Environment, refer to the following guide: http://www.cisco.com/en/US/docs/voice_ip_comm/cuae/2_4/english/install/guide/uaein.html

The steps for installing the Cisco Unified Application Environment are as follows:


Step 1 Install Cisco Unified MCS OS Core Addendum.

Step 2 Install Cisco Unified Platform Services.

Step 3 Install Cisco Unified Application Server.

Step 4 Install Cisco Unified Media Engine.


After the server set up is complete:


Step 1 Add the Call Manager as a Telephony Server to CUAE (see Figure 27).

Figure 27 Adding CallManager as Telephony Server

Step 2 Add a media engine in the CUAE Management Console (see Figure 28).

Figure 28 Adding Media Engine

Step 3 Add in the Workforce Management CUAE application (MCA file).

Step 4 Configure/verify parameters for the CUAE application (see Figure 29).

Figure 29 Configure Verify Parameters

Step 5 Add the CUAE Gateway address to the Unified Communications Manager (see Figure 30).

Figure 30 Adding CUAE Gateway Address

Cisco Application eXtension Platform (AXP)

At the time of publication of this document, only developer resources are externally available for AXP at http://www.cisco-isr.com/

The following steps were completed to set up the AXP modules and install the Infor Clock Server application:


Step 1 Configure router to communicate with AXP module.

Step 2 Upgrade AXP operating system.

Step 3 Copy and install Clock Server Application Package.

Step 4 Configure and test Clock Server.


Configure Router with AXP module

In order to gain IP connectivity to the AXP service module, first configure IP parameters from within the context of the ISR. Provide the AXP a default gateway that it can use to ensure full connectivity of your application.

You must first enter the ISR's configuration mode so that you can make changes to the current running-config file.


Note the segment represented by the gigabit Ethernet connection between the ISR and AXP service module in Figure 31must be given its own routable IP subnet (different than the IP subnet used for the ISR's LAN and serial interfaces).


To enter into configuration mode, type the following:


RSMALL-1# configure terminal <enter>
RSMALL-1 (config)#

Note that the prompt has changed to indicate that you are now in config mode.

Since you wish to configure the ISE0/0 interface, you must enter into the specific configuration context for that interface by typing:


RSMALL-1(config)# interface Service-Engine 0/0 <enter>
RSMALL-1(config-if)#

Note that the prompt has changed once again to indicate that you are now in config-if mode (the `if' stands for interface).

In this step, we are simply configuring IP on the service module for basic IP connectivity, which means there are only a few commands that need to be consider here.


Note The service-module ip default-gateway IP address is the ISR interface. In other words, the AXP service module sends outgoing traffic by default to the ISR across the internal gigabit Ethernet connection (see Figure 31).



Step 1 Assign an IP address to the ISR side of the ISE0/0 connection. Type the following:

RSMALL-1(config-if)# ip address 10.10.30.21 255.255.255.252 <enter>

Step 2 Assign an IP address to the service module side of the ISE1/0 connection. Type the following:


RSMALL-1(config-if)# service-module ip address 10.10.30.22 255.255.255.252 <enter>

Step 3 Assign an IP default-gateway that your AXP service module can use. Type the following:


RSMALL-1(config-if)#service-module ip default-gateway 10.10.30.21 <enter>

Note since there is not one configured yet, the password is blank and you just hit <enter>.


Step 4 Enable the ISE0/0 interface by taking it out of its default state of shutdown. This is an administrative function that keeps an interface "down" such that no IP packets will be transmitted or received. Type the following:


RSMALL-1(config-if)# no shutdown <enter>

From the ISR's perspective, the AXP service module (ISE0/0) is connected via IP.

Step 5 After making configuration changes, save them.

Step 6 To exit configuration mode and save changes, type:


RSMALL-1(config-if)# end <enter>
RSMALL-1#
RSMALL-1#write memory <enter>
Building configuration...
[OK]
RSMALL-1#
RSMALL-1#copy running-config startup-config <enter>
Destination filename [startup-config]? <enter>
Building configuration...
[OK]
RSMALL-1#

Figure 31 is a conceptual representation of the relationship between the AXP module and the ISR router.

Figure 31 IP Addressing Configured for ISE0/0 and eth0


Upgrade AXP Module


Step 1 Log into router and session to the AXP module.

Connect to the AXP service module by executing a session command from the ISR CLI prompt. This essentially creates a reverse telnet session between the ISR and the AXP service module. To do this, type:


RSMALL-1#service-module Service-Engine 0/0 session <enter>
Trying 192.168.2.1, 2066 ... Open <enter>
SmallStoreAXP>

Note that the context is very similar to the ISR logon context in that you see the `>' character after the hostname. Recall that this implies that you are not currently in enable mode. To enter into enable mode, type:


SmallStoreAXP> enable <enter>
Password: <enter>
SmallStoreAXP#

Note the above warning always shows up, and for good cause. Enter into the exec-appservice context again after the bind command is issued.


Step 2 Check the current configuration and software version:


SmallStoreAXP# show software version
Foundation version (0.0.6)
Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco 
Systems, Inc.

Step 3 From a different router session, reload the service module:

RSMALL-1#service-module service-Engine 0/0 reload
Do you want to proceed with reload?[confirm]y

Step 4 Return to previous session to interrupt boot up.


Initializing memory.  Please wait. ... 256 MB SDRAM detected
BIOS Version: Cisco SE-AIM 01.02
BIOS Build date: 08/14/03
System Now Booting ...
[BOOT-ASM]

Updating flash with bootloader configuration
1.2.3.4.5.6.7.8.9.10.11.12.done.

Step 5 During boot up, press *** when prompted to enter boot-loader mode:

Please enter '***' to change boot configuration: ***

 ServicesEngine Bootloader Version : 2.1.14

Step 6 Check boot-loader configuration:

ServicesEngine boot-loader> show config
IP addr:                10.10.30.22
Netmask:                255.255.255.252
TFTP server :           10.10.16.92
GW IP addr:             10.10.30.21
Default boot:           disk
Bootloader Version:     2.1.14
Default Helper-file:    appre-helper.aim.0.0.6
Default BIOS:           secondary
Default bootloader:     secondary
Default cpu throttle:   No Throttle

Step 7 Change the boot-loader settings, helper file and TFTP server as necessary:


ServicesEngine boot-loader> config

IP Address [10.10.30.22] >
Subnet mask [255.255.255.252] >
TFTP server [10.10.16.92] >
Gateway [10.10.30.21] >
Default Helper-file [appre-helper.aim.0.0.6] >inap-rescue.aim.0.0.8
Default Boot [none|disk] [disk] >
Default BIOS [primary|secondary] [secondary] >
Default bootloader [primary|secondary] [secondary] >
Updating flash with bootloader configuration
1.2.3.4.5.6.7.8.9.10.11.12.done.

Step 8 Boot the new helper configuration:

ServicesEngine boot-loader> boot helper

        Welcome to Cisco Systems Service Engine Helper Software
Please select from the following
1       Install software
2       Reload module
3       Disk cleanup
(Type '?' at any time for help)
Choice: 1

Step 9 Select choice 1 and provide package name and FTP server information:

Package name: inap.aim.0.0.8.pkg
Server url: ftp://10.10.16.92
Username: ftpuser
Password: ftppassword

Step 10 System downloads package and install, reload, and return to the system prompt after about 20 minutes. Enter enable mode and check software version to verify:


SmallStoreAXP> en
Password: {blank}
SmallStoreAXP# show software version 
AppRuntimeEnvironment version (0.0.8)
Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco 
Systems, Inc.




Install Clock Server


Step 1 The install procedure is simple. From the AXP service module enabled CLI context, type the following:


SmallStoreAXP# software install add url ftp://192.168.42.140/ wbcs.8.2.1.pkg username 
<username> password <password> <enter>

The *.pkg file is the file that is actually pointed to from the install command above. The AXP installer uses the data packaged into this file to subsequently download the larger of the two files, namely the *.prt1 file. Once the installer downloads both files, it creates a vserver instance on the AXP service module automatically and unpacks the contents into the vserver's own / directory.

Observe the AXP service module automatically rebooting, which is normal.

Step 2 Once the AXP service module is through rebooting, type the following to see that the application is now on the system:


SmallStoreAXP# show app-service <enter>

You should see the application listed and "online." It may take a minute or so before the application reads "online."

Step 3 Once the application is "online" as per the show app-service command, type the following to enter into the discrete CLI context for the newly created application vserver instance.


SmallStoreAXP# app-service wbcs <enter>
SmallStoreAXP(exec-wbcs)#

One important command at this stage of the overall application deployment is the show state command. The output will be the same as that seen from the AXP service module context above, but for convenience, the state of the application can be viewed from this context as well. Type the following to observe the state of the application:

SmallStoreAXP(exec-wbcs)# show state <enter>

Step 4 To see the individual resource allocation (set during the packaging step) for this particular program by typing the following:


SmallStoreAXP(exec-wbcs)# show resource limits <enter>

Note that this is essentially the same command line passed from the parent AXP service module CLI context. The only difference is that in this context, there is less visibility into the overall system resources. These resource assignments were specified when the package was originally created.

By default, a newly created application is NOT bound to a particular IP interface, which implies that the application will remain in isolation from a network perspective until it is configure to use a specific IP interface.

In order to configure the application to bind to a specific existing interface in the AXP environment, enter into the vserver context where of the application, and then type the following:


SmallStoreAXP(exec-wbcs)# end <enter>
SmallStoreAXP# configure terminal <enter>
SmallStoreAXP(config)# app-service wbcs <enter>
SmallStoreAXP(config-wbcs)# bind eth0 <enter>
WARNING!!! Reset the hosting environment
WARNING!!! for binding to take effect

Note No messages are printed to screen indicating that the system is resetting.


SmallStoreAXP(config-wbcs)# end <enter>
SmallStoreAXP# app-service wbcs <enter>
SmallStoreAXP(exec-wbcs)# reset <enter>


Note This last ping attempt proves that the application environment has IP network connectivity through the ISR and out to the FTP server's interface and presumably the rest of the network.


Step 5 Check to ensure the vserver environment and the application is online by typing:


SmallStoreAXP(exec-tcptrace)# show state <enter>

The bind command binds the application (note that this is performed from within the specific configuration context for the application) to an IP interface that IP traffic can be sent to/from the application.

Typically the network utility ping is used to test IP connectivity across a network from a specific device. Likewise, the ping utility can be used to test the application's connectivity from the vserver environment to the rest of the network.

Each vserver instance has its own Linux shell context and is completely isolated from other vserver instances to provide for virtual application isolation. To enter into the Linux Shell context for the application, make sure to switch to the vserver context for the application that was installed. Type the following from the AXP enable prompt:


SmallStoreAXP # app-service wbcs <enter>
SmallStoreAXP (exec-wbcs)#

Step 6 Type the following to enter into the Linux shell for the application (vserver instance shell).

SmallStoreAXP(exec-wbcs)# connect console <enter>
console-2.05b#

Step 7 Type the following to ping the local interface (this is the interface that bound the application using the bind command in the previous section of this document). Use the <ctrl + c> keys to stop the ping command from continuing.

console-2.05b# ping 10.10.30.22 <enter>
PING 10.10.30.22 (10.10.30.22) 56(84) bytes of data.
64 bytes from 10.10.30.22: icmp_seq=1 ttl=64 time=0.063 ms
64 bytes from 10.10.30.22: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from 10.10.30.22: icmp_seq=3 ttl=64 time=0.061 ms

[1]+  Stopped                 ping 10.10.30.22
console-2.05b#

Step 8 Now attempt to ping the ISR side of the ISE0/0 interface (router side) by typing:


console-2.05b# ping 10.10.30.21 <enter>
PING 10.10.30.21 (10.10.30.21) 56(84) bytes of data.
64 bytes from 10.10.30.21: icmp_seq=1 ttl=255 time=2.31 ms
64 bytes from 10.10.30.21: icmp_seq=2 ttl=255 time=0.822 ms
64 bytes from 10.10.30.21: icmp_seq=3 ttl=255 time=0.799 ms

[2]+  Stopped                 ping 10.10.30.21
console-2.05b#




Step 9 Now attempt to ping the FTP server (where the application AXP package files were located) by typing:


console-2.05b# ping 192.168.42.140 <enter>
PING 192.168.42.140 (192.168.42.140) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=254 time=3.59 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=254 time=1.68 ms

[1]+  Stopped                 ping 192.168.42.140
console-2.05b#

Note that the prompt is a standard Linux shell prompt. From this point on, it appears as if logged into a Linux machine, complete with a unique directory.

Step 10 When through working in the linux shell environment in the vserver instance, exit this context and the AXP module by typing the following:


console-2.05b# exit <enter>
SmallStoreAXP(exec-wbcs)# exit <enter>
SmallStoreAXP# exit <enter>
SmallStoreAXP> exit <enter>
RSMALL-1#

Note that you are now back at the ISR enable mode context.

Step 11 In order to have a consistent set of time stamps for logs, development authorization and the like between the ISR and the AXP service module, an administrator must configure the AXP service module to get its NTP clock source from the an appropriate enterprise source. Configure the AXP service module's NTP service to point to the NTP servers as the source by typing:


SmallStoreAXP(config)# ntp server ntp1.cisco-irn.com <enter>
SmallStoreAXP(config)# ntp server ntp2.cisco-irn.com <enter>
SmallStoreAXP(config)# exit <enter>
SmallStoreAXP# write memory <enter>
SmallStoreAXP#

Step 12 Finally, configure the timezone on your AXP service module to be that of the site location timezone (in this example it is PDT).


SmallStoreAXP(config)# clock timezone <enter>
Please identify a location so that time zone rules can be set correctly.
Please select a continent or ocean.

...<list of continents or oceans>...

#? 2 <enter>
Please select a country.

...<list of countries>...

#? 45 <enter>
Please select one of the following time zone regions.

...<list of zone regions>...

#? 16 <enter>

The following information has been given:

        United States
        Pacific Time

Therefore TZ='America/Los_Angeles' will be used.
Is the above information OK?
1) Yes
2) No
#? 1 <enter>

Local time is now:      Wed Nov 21 14:25:51 PST 2007.
Universal Time is now:  Wed Nov 21 22:25:51 UTC 2007.
Save the change to startup configuration and reload the module for the new timezone to 
take effect.
SmallStoreAXP(config)# end <enter>
SmallStoreAXP# write memory <enter>
SmallStoreAXP# reload <enter>

...<system reload>...

SmallStoreAXP#

See Appendix A— Lab Validation Device Configurations for complete configuration.

Start Clock Server Service


Step 1 To start the Clock Service change to the wbcs context and connect to the Linux console. Move to the wbcs directory and execute the startup script.

SmallStore# app-service wbcs
SmallStore(exec-wbcs)# connect console
console-2.05b# cd /root/wbcs
console-2.05b# start_wbcs.sh &

Running WBCS Start script
Check if WBCS is running.
Clock Server is not running.
Starting Clock Server.


Step 2 Verify that the Clock Service is running, list the running services:

console-2.05b# ps -aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.2   1968   616 ?        S    Oct23   0:35 init [4]
root      2642  0.0  0.3   2244   812 ?        Ss   Oct23   0:11 /usr/bin/syslog
root      2643  0.0  0.2   1952   536 ?        Ss   Oct23   0:00 /bin/logmgr /va
root      3726  0.3  0.5   2580  1288 pts/0    Ss   14:34   0:00 /bin/console
root      3806 22.9 20.4 1216724 52048 pts/0   S    14:34   0:22 /root/wbcs/jre/
root      3854  0.0 20.4 1216724 52048 pts/0   S    14:34   0:00 /root/wbcs/jre/
root      3855  2.9 20.4 1216724 52048 pts/0   S    14:34   0:02 /root/wbcs/jre/
root      3856  0.0 20.4 1216724 52048 pts/0   S    14:34   0:00 /root/wbcs/jre/
root      3857  0.0 20.4 1216724 52048 pts/0   S    14:34   0:00 /root/wbcs/jre/
root      3858  0.0 20.4 1216724 52048 pts/0   S    14:34   0:00 /root/wbcs/jre/
root      3859  0.0 20.4 1216724 52048 pts/0   S    14:34   0:00 /root/wbcs/jre/
root      3860  5.4 20.4 1216724 52048 pts/0   S    14:34   0:05 /root/wbcs/jre/
root      3861  0.0 20.4 1216724 52048 pts/0   S    14:34   0:00 /root/wbcs/jre/
root      3862  0.0 20.4 1216724 52048 pts/0   S    14:34   0:00 /root/wbcs/jre/
root      3868  0.0 20.4 1216724 52048 pts/0   S    14:34   0:00 /root/wbcs/jre/
root      3885  0.0 20.4 1216724 52048 pts/0   S    14:34   0:00 /root/wbcs/jre/
root      3888  0.0 20.4 1216724 52048 pts/0   S    14:34   0:00 /root/wbcs/jre/
root      3889  0.0 20.4 1216724 52048 pts/0   S    14:34   0:00 /root/wbcs/jre/
root      3890  0.0 20.4 1216724 52048 pts/0   S    14:34   0:00 /root/wbcs/jre/
root      3912  0.0 20.4 1216724 52048 pts/0   S    14:35   0:00 /root/wbcs/jre/
root      3957  0.8 20.4 1216724 52048 pts/0   S    14:35   0:00 /root/wbcs/jre/
root      3958  5.0 20.4 1216724 52048 pts/0   S    14:35   0:03 /root/wbcs/jre/
root      3959  0.3 20.4 1216724 52048 pts/0   S    14:35   0:00 /root/wbcs/jre/
root      3960  5.0 20.4 1216724 52048 pts/0   S    14:35   0:03 /root/wbcs/jre/
root      3961  0.1 20.4 1216724 52048 pts/0   S    14:35   0:00 /root/wbcs/jre/
root      3962  0.0 20.4 1216724 52048 pts/0   S    14:35   0:00 /root/wbcs/jre/
root      3964  0.0 20.4 1216724 52048 pts/0   R    14:35   0:00 /root/wbcs/jre/
root      3965  0.3 20.4 1216724 52048 pts/0   S    14:35   0:00 /root/wbcs/jre/
root      3966  1.1 20.4 1216724 52048 pts/0   S    14:35   0:00 /root/wbcs/jre/
root      4194  0.0  0.3   3068   976 pts/0    R+   14:36   0:00 ps -aux
console-2.05b#

Once the Clock Server is installed and started it can be managed via the WBCS Admin Console GUI. To copy the settings.conf and Cisco.conf files from an FTP server, the following commands can be used from the Linux console prompt of the wbcs context:

console-2.05b#curl ftp://msexchange.cisco-irn.com/cisco.conf -o 
/root/wbcs/cisco/cisco.conf
console-2.05b#curl ftp://msexchange.cisco-irn.com/settings.conf -o 
/root/wbcs/conf/settings.conf

Existing Resources

The following resources were previously deployed in the test environment:

Microsoft Active Directory Domain controller server (Windows 2003 Server)

Microsoft DNS and DHCP Services Server

Linux NTP Servers

Cisco Services Configuration

Survivable Remote Site Telephony Implementation

The Cisco ISR routers in the stores used a typical configuration for their implementation of SRST and take over the in-store call control in the event that the centralized Cisco Communications Manager is unreachable. For complete configurations, refer to Appendix A— Lab Validation Device Configurations.

For information on SRST, refer to the following URL: http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/admin/configuration/guide/cmesrst.html

Cisco Unified Communications Manager Express Implementation

The only configuration detail in the CME configurations specific to the testing performed for the Store Workforce Connection solution is that the services button for the phones is mapped to the in store Clock server by IP address:

url services http://10.10.78.22:8080/

By using this technique access to the store timeclock application can be maintained through a greater scope of outage scenarios including DNS failure or a network WAN failure.

For more information on installation and configuration of CME, refer to the following URL:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/admin/configuration/guide/cmeover.html

Quality of Service Implementation

The use of QoS protects the retailer's enterprise POS, voice, and media traffic from being disturbed by other forms of consumptive traffic. The following configurations were used consistently across the small, medium, and large stores.

This implementation of QoS is based on the recommended QoS guideline from Cisco. For more information, refer to the following URL:

http://www.cisco.com/en/US/products/ps6558/prod_white_papers_list.html

!
ip access-list extended BULK-DATA-APPS
 remark ---File Transfer---
 permit tcp any eq ftp any
 permit tcp any eq ftp-data any
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 remark ---E-mail traffic---
 permit tcp any any eq smtp
 permit tcp any any eq pop3
 permit tcp any any eq 143
 permit tcp any eq smtp any
 permit tcp any eq pop3 any
 permit tcp any eq 143 any
 remark ---other EDM app protocols---
 permit tcp any any range 3460 3466
 permit tcp any range 3460 3466 any
 remark ---messaging services---
 permit tcp any any eq 2980
 permit tcp any eq 2980 any
 remark ---Microsoft file services---
 permit tcp any any range 137 139
 permit tcp any range 137 139 any
ip access-list extended MISSION-CRITICAL-SERVERS
 remark ---POS Applications--- 
 permit ip 192.168.52.0 0.0.0.255 any
 permit ip any 192.168.52.0 0.0.0.255
ip access-list extended NET-MGMT-APPS
 remark - Router user Authentication - Identifies TACACS Control traffic
 permit tcp any any eq tacacs
 permit tcp any eq tacacs any
ip access-list extended TRANSACTIONAL-DATA-APPS
 remark ---Infor Application---
 remark --Small Store Clock Server to Central Clock Application
 permit tcp host 10.10.30.22 host 192.168.46.72 eq 8444
 remark --Small store Clock Server to CUAE
 permit tcp host 10.10.30.22 host 192.168.45.185 eq 8000
 remark ---Remote Desktop---
 permit tcp any any eq 3389
 permit tcp any eq 3389 any
!
!
class-map match-any BRANCH-BULK-DATA
 match protocol tftp
 match protocol nfs
 match access-group name BULK-DATA-APPS
class-map match-any BULK-DATA
 match ip dscp af11  af12 
class-map match-all INTERACTIVE-VIDEO
 match ip dscp af41  af42 
class-map match-any BRANCH-TRANSACTIONAL-DATA
 match protocol citrix
 match protocol ldap
 match protocol telnet
 match protocol sqlnet
 match protocol http url "*SalesReport*"
 match access-group name TRANSACTIONAL-DATA-APPS
class-map match-all BRANCH-MISSION-CRITICAL
 match access-group name MISSION-CRITICAL-SERVERS
class-map match-all VOICE
 match ip dscp ef 
class-map match-all MISSION-CRITICAL-DATA
 match ip dscp 25 
class-map match-any BRANCH-NET-MGMT
 match protocol snmp
 match protocol syslog
 match protocol dns
 match protocol icmp
 match protocol ssh
 match access-group name NET-MGMT-APPS
class-map match-all ROUTING
 match ip dscp cs6 
class-map match-all SCAVENGER
 match ip dscp cs1 
class-map match-all NET-MGMT
 match ip dscp cs2 
class-map match-any BRANCH-SCAVENGER
 match protocol napster
 match protocol gnutella
 match protocol fasttrack
 match protocol kazaa2
class-map match-any CALL-SIGNALING
 match ip dscp cs3 
class-map match-all TRANSACTIONAL-DATA
 match ip dscp af21  af22 
!
!
policy-map BRANCH-LAN-EDGE-OUT
 class class-default
policy-map BRANCH-WAN-EDGE
 class VOICE
  priority percent 18
 class INTERACTIVE-VIDEO
  priority percent 15
 class CALL-SIGNALING
  bandwidth percent 5
 class ROUTING
  bandwidth percent 3
 class NET-MGMT
  bandwidth percent 2
 class MISSION-CRITICAL-DATA
  bandwidth percent 15
  random-detect
 class TRANSACTIONAL-DATA
  bandwidth percent 12
  random-detect dscp-based
 class BULK-DATA
  bandwidth percent 4
  random-detect dscp-based
 class SCAVENGER
  bandwidth percent 1
 class class-default
  bandwidth percent 25
  random-detect
policy-map BRANCH-LAN-EDGE-IN
 class BRANCH-MISSION-CRITICAL
  set ip dscp 25
 class BRANCH-TRANSACTIONAL-DATA
  set ip dscp af21
 class BRANCH-NET-MGMT
  set ip dscp cs2
 class BRANCH-BULK-DATA
  set ip dscp af11
 class BRANCH-SCAVENGER
  set ip dscp cs1
!
interface Service-Engine0/0
 ip address 10.10.30.21 255.255.255.252
 service-module ip address 10.10.30.22 255.255.255.252
 service-module ip default-gateway 10.10.30.21
 service-policy input BRANCH-LAN-EDGE-IN

interface Serial0/0/0:0
 description RSMALL-1 CONNECTION TO RSP-1
 no ip address
 encapsulation frame-relay IETF
 frame-relay traffic-shaping
 max-reserved-bandwidth 100
!
interface Serial0/0/0:0.1 point-to-point
 description RSMALL-1 CONNECTION TO RWAN-1
 ip address 10.10.30.9 255.255.255.252
 ip pim sparse-dense-mode
 ip multicast boundary BlockMLocal
 frame-relay interface-dlci 101   
  class fr_qos
!
interface Serial0/0/1:0
 description RSMALL-1 CONNECTION TO RSP-2
 no ip address
 encapsulation frame-relay IETF
 frame-relay traffic-shaping
 max-reserved-bandwidth 100
!
interface Serial0/0/1:0.1 point-to-point
 description RSMALL-1 CONNECTION TO RWAN-2
 ip address 10.10.30.13 255.255.255.252
 ip pim sparse-dense-mode
 ip multicast boundary BlockMLocal
 ip ospf cost 1000
 frame-relay interface-dlci 201   
  class fr_qos
!
interface Vlan11
 description POS
 ip address 10.10.16.1 255.255.255.0
 ip helper-address 192.168.42.130
 ip pim sparse-dense-mode
 ip route-cache flow
 service-policy input BRANCH-LAN-EDGE-IN
!
map-class frame-relay fr_qos
 frame-relay fragment 160
 frame-relay traffic-rate 1536000 1536000
 frame-relay adaptive-shaping becn
 service-policy output BRANCH-WAN-EDGE

Security

Security is an integral part of all retail enterprise networks. Table 4 lists the ports and protocols used by the Store Workforce Connection solution.

Table 4 Communication protocols 

Source Device
Source port
Destination Device
Destination Port
Protocol
Comments

Clock Server

<HIGH>

Workforce Management Server

8444

TCP

Data Update and Configuration

<HIGH>

CUAE

8000

TCP

Application Integration

Unified Communications Manager

<HIGH>

Phone

2000

TCP

SCCP Call Control

Clock Server Administrator Client

<HIGH>

Clock Server

1500

TCP

Default administration port

Web client users

<HIGH>

Workforce Management Server data center

80

TCP

Web client interface

Workforce Management Server data center

<HIGH>

Active Directory

389

TCP

Server performing an LDAP lookup

<HIGH>

Phones

<HIGH>

UDP

Workforce Management sending unicast audio stream

<HIGH>

Active Directory

53

UDP

DNS lookup

Cisco Unified Application Environment

<HIGH>

Unified Communications Manager

H.323

TCP

 

Phones

<HIGH>

Clock Server

8080

TCP

Phones to Local in store clock server.

68

255.255.255.255

67

UDP

DHCP request for services

<HIGH>

Cisco Unified Communications Manager

69 (high)

UDP

Check phone load file

<HIGH>

Cisco Unified Communications Manager

6970

TCP

Register with Cisco Unified Communications Manager

<HIGH>

Cisco Unified Communications Manager

2000

TCP

Register with Cisco Unified Communications Manager-SCCP

<HIGH>

Cisco Unified Communications Manager

8080

TCP

Check services, directory


Testing

Scope of the Solution Testing

The testing that was performed by Cisco and Infor validates the interoperability of Infor's Workforce Management application in a Cisco IP telephony environment. The Infor Workforce Management Server provides a wide variety of services. Cisco did not test every service that is available on the Infor Workforce Management Application Server.

The Unified Communications Store Workforce Connection solution was deployed and tested within three retail network environments: small, medium, and large stores. These three store models were constructed using Cisco Intelligent Retail Network reference architectures. Each store model has varying degrees of redundancy and resiliency. The Unified Communications Store Workforce Connection solution was tested at the Cisco lab in San Jose, CA.

Wireless, WAN acceleration and content caching are major components of the Intelligent Retail Network reference architectures. However, none of these components included features required in this release of the Store Workforce Connection solution.

Testing Tools

Table 5 lists and describes the testing tools used.

Table 5 Table 5 - Testing tools

Testing Tool
Function

IPerf

IPerf is a traffic generation utility. It was used to create both multicast UDP traffic as well as session-based TCP traffic simulating an FTP file transfer and web traffic stream.

Ethereal

Network traffic analyzer


Test Topology

The small, medium, and large Intelligent Retail Network (IRN) reference architectures provide a "real world" retail contextual backdrop for the testing of this solution. Each IRN store was centrally connected to a data center with traditional data center services such as domain name service (DNS) and Network Time Protocol (NTP), as well as Cisco Unified Communications Manager and the Infor Workforce Management Application. The logical topology of the lab validation are represented in Figure 32 and Figure 33.

For specific places in the network details, see Appendix B—Lab Validation Network Diagrams.

Figure 32 Test Lab Logical Topology

Figure 33 Stores Logical Topology

Test Plan

The testing of the Store Workforce Connection solution was divided into three categories: employees, supervisor, and quality control. Each of the following tests was performed to validate functionality of the solution. Table 6 lists the test cases and decryption.

Table 6 Test Cases 

Test Case Number
Test Case Description
Pass/Fail
1

Employee logs in at every phone in each store for small, medium and large with badge and PIN.

Pass
2

Employee clocks in at the small, medium, and large stores on every phone.

Pass
3

Employee goes on break.

Pass
4

Employee comes off of break.

Pass
5

Employee clocks out.

Pass
6

Employee changes the job type that he is logging hours against.

Pass
7

Employee changes department; succeeds.

Pass
8

Employee wishes to view vacation, personal and sick days that he/she has left.

Pass
9

Employee tries to clock onto a shift that is not assigned to him/her.

Pass
10

Employee fails to clock in and goes "back" in menu.

Pass
11

Employee fails clock-in, calls supervisor using "Call" button to a predefined supervisor number.

Pass
12

Employee tries to clock into an unscheduled shift, pushes request service to enable the application and phone system to dial the supervisor with employee work request details and allows for immediate authorization. Supervisor does not answer the call.

Pass
13

Employee tries to clock into an unscheduled shift, pushes request service to enable the application and phone system to dial the supervisor with employee work request details and allows for immediate authorization. Supervisor answers call and approves override.

Pass
14

Employee tries to clock into an unscheduled shift, pushes request service to enable the application and phone system to dial the supervisor with employee work request details and allows for immediate authorization. Supervisor answers call and does not approve override.

Pass
15

Supervisor logs in at every phone in each store for small, medium, and large with badge and PIN.

Pass
16

Supervisor clocks in the employee at the small, medium, and large stores on every phone.

Pass
17

Supervisor selects "Starts Break" for employee.

Pass
18

Supervisor overrides the employee break-end time.

Pass
19

Supervisor selects "Shift End" for employee

Pass
20

Supervisor selects "Changes Jobs" for Employee.

Pass
21

Supervisor selects "Changes Department" for Employee.

pass
22

Supervisor wishes to view vacation, personal and sick days for Employee.

pass
23

Enable QoS markings to prioritize Infor traffic as appropriate. Use IPerf Tool to Generate additional traffic.

Pass
24

Test the Infor application (cases #9-14) clocking in while not scheduled and requesting supervisor automated override while the CUAE server not available.

Pass
25

Employee selects "Clock IN" while WAN is failed.

Pass
26

Restored WAN, verify renewed central/remote clock server synchronization.

Pass

Test Results

The previous test cases 1 through 26 were all successfully performed.

The following observations were noted when building the test environment and executing the prescribed tests:

The messages that the application displays when a function is executed is configurable. The messages that were displayed in the lab were not intuitive. For example, if an employee performs a valid action such as "clock in", the message that is returned to the user is "You are active". This same message is repeated for any valid function executed. A retailer should customize these "function acknowledgements" to conform to the context of the functions that are being used. For example, a more appropriate message might be "You are now clocked on".

In test case #12, when an employee requests for a supervisor override, and the supervisor does not answer, and the employee exits the application, the supervisor phone continues to ring until it completes three sets of ring cycles. This took roughly three minutes of continuous calling of the supervisor phone in the lab before timeout occurred.

With the use of local clock servers in each store, very little WAN traffic is generated. Most all transactions occur over the in store local LAN and have very low bandwidth utilization. WAN Traffic includes incremental database updates for journal items such as clock punches and job changes, and are in the range of 2-4 KB in batch. Calls to the CUAE server are only a few HTTP messages containing contact information and response message codes 1-3KB on average.

Periodically, over several days, the Clock Server application on both AXP modules (AIM and NME) would die and need to be restarted. No log information as to why the process halts is yet available. This anomaly was not observed on the Windows Clock Server installation.

Limitations and Caveats

This solution does not introduce any additional known caveats or limitations to existing product documentation.

Summary and Recommendations

The Store Workforce Connection solution successfully performed as an enterprise class distributed common interface for employees and supervisors to perform daily workforce management tasks and escalations. The user application interface in the IP phones was simple and intuitive. When using the phone interface, employees and supervisors could securely identify themselves with their employee ID number and a password.

The automated calls were performed using a high quality text-to-speech voice that was easy to understand when performing supervisor overrides via the automated request process.

The Infor HCM Workforce Management application used in the Store Workforce Connection solution demonstrates the additional value that can be achieved with an IP phone deployment in contrast to traditional PBX systems, legacy workforce management techniques and products.

Appendix A— Lab Validation Device Configurations

SRST

voice-card 0 
dspfarm 
dsp services dspfarm
!
application 
global 
service alternate default
!
call fallback active
!
ccm-manager fallback-mgcp 
ccm-manager mgcp
! 
mgcp
mgcp call-agent 192.168.45.181 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode cisco
mgcp rtp unreachable timeout 1000 action notify
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp sdp simple
mgcp bind control source-interface loopback 0
mgcp bind media source-interface loopback 0
!
mgcp profile default
!
dial-peer cor custom 
name nr
!
dial-peer cor list nr 
member nr
!
dial-peer voice 1 voip
!
dial-peer voice 2 pots
!
dial-peer voice 18 pots 
service mgcpapp 
direct-inward-dial 
port 0/3/0
!
call-manager-fallback 
max-conferences 2 gain -6 
transfer-system full-consult 
ip source-address 10.10.50.2 port 2000 strict-match 
max-ephones 10 
max-dn 20 
cor incoming nr 1 8001 - 8999
!

CME

!
voice service voip
 h323
!
interface Loopback0
 ip address 10.10.78.1 255.255.255.255
 h323-gateway voip interface
 h323-gateway voip bind srcaddr 10.10.78.1
!
tftp-server flash:P0030702T023.bin
tftp-server flash:P0030702T023.loads
tftp-server flash:P0030702T023.sb2
tftp-server flash:P0030702T023.sbn
tftp-server flash:P00405000700.bin
tftp-server flash:P00405000700.sbn
tftp-server flash:apps70.1-1-3-30.sbn
tftp-server flash:cnu70.3-1-3-30.sbn
tftp-server flash:cvm70sccp.8-0-3-32.sbn
tftp-server flash:dsp70.1-1-3-30.sbn
tftp-server flash:jar70sccp.8-0-3-32.sbn
tftp-server flash:SCCP70.8-0-4SR2S.loads
tftp-server flash:term70.default.loads
tftp-server flash:term71.default.loads
!
dial-peer voice 1 voip
 destination-pattern 7........
 session target ipv4:192.168.45.181
 no vad
!
telephony-service
 load 7910 P00405000700
 load 7960-7940 P0030702T023
 load 7971 term71.default
 load 7970 term70.default
 max-ephones 5
 max-dn 1
 ip source-address 10.10.78.1 port 2000
 auto assign 1 to 1
 url services http://10.10.78.22:8080/
 keepalive 45
 max-conferences 8 gain -6
 moh music-on-hold.au
 web admin system name cisco password cisco
 dn-webedit
 time-webedit
 transfer-system full-consult
 create cnf-files version-stamp 7960 Nov 06 2007 17:50:31
!
ephone-dn  1
 number 1000
!
ephone  1
 no multicast-moh
 device-security-mode none
 mac-address 0017.E035.5BCD
 type 7971
 button  1:1
!
ephone  2
 device-security-mode none
 mac-address 0001.6CD4.E20F
 type CIPC

AXP



SmallStore# show running-config
Generating configuration:


clock timezone America/Los_Angeles

hostname SmallStore

ip domain-name cisco-irn.com

system language preferred "en_US"

ip name-server 192.168.42.130

ntp server ntp1.cisco-irn.com prefer
ntp server ntp2.cisco-irn.com

software download server url "ftp://127.0.0.1/ftp" credentials hidden 
"6u/dKTN/hsEuSAEfw40XlF2eFHnZfyUTSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfG
WTYHfmPSd8ZZNgd+Y9J3xlk2B35j0nfGWTYHfmP"

no service password-encryption

interface eth0
 ip address 10.10.30.22 255.255.255.252
 exit

ip ssh server

app-service wbcs
 bind interface eth0
 hostname wbcs-small
 ip domain-name cisco-irn.com
 ip name-server 192.168.42.130
 exit

end

QoS

All STORES


ip access-list extended MISSION-CRITICAL-SERVERS
remark ---POS Applications--- 
permit ip any 192.168.52.0 0.0.0.255 

ip access-list extended TRANSACTIONAL-DATA-APPS  
remark ---Infor Application---
permit ip host 192.168.46.92 any
permit ip any host 192.168.46.92
remark --—Mcast server---
permit ip any 239.192.0.0 0.0.0.255 
permit ip any host 239.255.255.250
ip access-list extended BULK-DATA-APPS
	remark ---File Transfer---
permit tcp any any eq ftp 
permit tcp any any eq ftp-data 
remark ---E-mail traffic---
permit tcp any any eq smtp 
permit tcp any any eq pop3 
permit tcp any any eq 143 
remark ---other EDM app protocols---
permit tcp any any range 3460 3466
permit tcp any range 3460 3466 any
remark ---messaging services---
permit tcp any any eq 2980
permit tcp any eq 2980 any
remark ---Microsoft file services---
permit tcp any any range 137 139
permit tcp any range 137 139 any

ip access-list extended NET-MGMT-APPS
remark - Router user Authentication - Identifies TACACS Control traffic
permit tcp any any eq tacacs 
permit tcp any eq tacacs any


class-map match-all VOICE
match ip dscp ef                  ! IP Phones mark Voice to EF
class-map match-all INTERACTIVE-VIDEO
match ip dscp af41 af42           ! Recommended markings for IP/VC
class-map match-any CALL-SIGNALING
match ip dscp cs3                 ! Call-Signaling marking
class-map match-all ROUTING
match ip dscp cs6                 ! Routers mark Routing traffic to CS6
class-map match-all NET-MGMT
match ip dscp cs2                 ! Recommended marking for Network Management
class-map match-all MISSION-CRITICAL-DATA
match ip dscp 25                  ! Interim marking for Mission-Critical Data
class-map match-all TRANSACTIONAL-DATA
match ip dscp af21 af22           ! Recommended markings for Transactional Data
class-map match-all BULK-DATA
match ip dscp af11 af12           ! Recommended markings for Bulk Data
class-map match-all SCAVENGER
match ip dscp cs1                 ! Recommended marking for Scavenger traffic

class-map match-all BRANCH-MISSION-CRITICAL
match access-group name MISSION-CRITICAL-SERVERS

class-map match-any BRANCH-BULK-DATA
match protocol tftp        		   ! Identifies TFTP traffic - Retailers
match protocol nfs         		   ! Identifies NFS traffic - Retailers
match access-group name BULK-DATA-APPS   ! ACL to reference

class-map match-any BRANCH-TRANSACTIONAL-DATA! Must use "match-any"
match protocol citrix                    ! Identifies Citrix traffic
match protocol ldap                      ! Identifies LDAP traffic
match protocol telnet                    ! Identifies Telnet traffic
match protocol sqlnet                    ! Identifies Oracle SQL*NET traffic
match protocol http url "*SalesReport*"  ! Identifies "SalesReport" URLs
match access-group name TRANSACTIONAL-DATA-APPS  ! Other Apps

class-map match-any BRANCH-NET-MGMT
match protocol snmp        ! Identifies SNMP traffic
match protocol syslog      ! Identifies Syslog traffic
match protocol dns         ! Identifies DNS traffic
match protocol icmp        ! Identifies ICMP traffic
match protocol ssh         ! Identifies SSH traffic
match access-group name NET-MGMT-APPS  ! Other Network Management Apps

class-map match-any BRANCH-SCAVENGER
match protocol napster     ! Identifies Napster traffic
match protocol gnutella    ! Identifies Gnutella traffic
match protocol fasttrack   ! Identifies KaZaa (v1) traffic
match protocol kazaa2      ! Identifies KaZaa (v2) traffic
!
policy-map BRANCH-LAN-EDGE-IN
class BRANCH-MISSION-CRITICAL
set ip dscp 25
class BRANCH-TRANSACTIONAL-DATA
set ip dscp af21     ! Transactional Data apps are marked to DSCP AF21
class BRANCH-NET-MGMT
set ip dscp cs2      ! Network Management apps are marked to DSCP CS2
class BRANCH-BULK-DATA
set ip dscp af11     ! Bulk data apps are marked to AF11
class BRANCH-SCAVENGER
set ip dscp cs1      ! Scavenger apps are marked to DSCP CS1

policy-map BRANCH-WAN-EDGE
class VOICE
priority percent 18  ! Voice gets 552 kbps of LLQ
class INTERACTIVE-VIDEO
priority percent 15  ! 384 kbps IP/VC needs 460 kbps of LLQ
class CALL-SIGNALING
bandwidth percent 5  ! Minimal BW guarantee for Call-Signaling
class ROUTING
bandwidth percent 3  ! Routing class gets 3% explicit BW guarantee
class NET-MGMT
bandwidth percent 2  ! Net-Mgmt class gets 2% explicit BW guarantee
class MISSION-CRITICAL-DATA
bandwidth percent 15 ! Mission-Critical class gets min 15% BW guarantee
random-detect        ! Enables WRED on Mission-Critical Data class
class TRANSACTIONAL-DATA
bandwidth percent 12 ! Transactional-Data class gets min 12% BW guarantee
random-detect dscp-based ! Enables DSCP-WRED on Transactional-Data class
class BULK-DATA
bandwidth percent 4  ! Bulk Data class gets 4% BW guarantee
random-detect dscp-based ! Enables DSCP-WRED on Bulk-Data class
class SCAVENGER
bandwidth percent 1  ! Scavenger class is throttled
class class-default
bandwidth percent 25 ! Default class gets min 25% BW guarantee
random-detect        ! Enables WRED on the default class

policy-map BRANCH-LAN-EDGE-OUT
class class-default

!
map-class frame-relay fr_qos
 frame-relay fragment 160
 frame-relay traffic-rate 1536000 1536000
 frame-relay adaptive-shaping becn
 service-policy output BRANCH-WAN-EDGE
!


interface FastEthernet x.x
description DATA LAN interfaces NOT VOICE
service-policy input BRANCH-LAN-EDGE-IN  ! Marks Data on ingress

interface serial 0/0.x
description T1 to Datacenter
max-reserved-bandwidth 100                ! overrides the default 75% BW limit
service-policy output BRANCH-WAN-EDGE


Appendix B—Lab Validation Network Diagrams

Large Store

Figure 34 Large Store Topology

Medium Store

Figure 35 Medium Store Topology

Small Store

Figure 36 Small Store Topology

Data Center

Figure 37 Data Center Topology

Service Provider

Figure 38 Service Provider Topology

Appendix C—Infor Installations

Installing WBCS on a Windows PC

The following installation procedure outlines the steps necessary to install the Infor Clock Server application on a Windows PC. To start the installation, locate the file wbcs_setup_windows-5.0.3.0.1491-Fixpack-Aug-16.exe and double click on it to execute. The program will run and present an introduction screen. Continue with the following steps:


Step 1 Click Next.

Step 2 Ensure "Full" is selected. Click Next.

Step 3 By default, WBCS is installed in c:\wbcs. This can be changed if necessary. Click Next.

Step 4 Select where you would like shortcuts for WBCS. Click Next.

Step 5 Specify a service name that is appropriate, if the default does not suffice. For the memory settings, if you would like the amount of memory to not be 1 Gig, modify the maximum value. Click Next. (The memory settings are used when Java starts up the program (i.e., -Xms128m -Xmx1024m.)

Step 6 On the screen below, the very last item allows you to choose the method of communication. Choose Web Services and keep the rest with default settings.

Step 7 Keep the defaults and click Next.

Step 8 Note the following screen is showing because Web Service was chosen as the method of communication. Here is where you enter in connection information that allows the WBCS to send and receive information from the main Workbrain application. Modify the URL (e.g., http://fyong.workbrain.com:8555/axis/services), username, and password to what would normally allow you to connect to the Workbrain application in a web browser. For the Clock Server name, choose a descriptive name. This is the same name that is specified in the Workbrain application.

Step 9 We are not doing any mappings here. Click Next with nothing selected.

Step 10 Frequency of tasks is specified here (600000 ms = 10 minutes and 120000 ms = 5 minutes). This means that any new information is taken from the application every 10 minutes by default. We can change this later manually. The Web Service method currently only does table dumps instead of only transmitting deltas, and hence the frequency should be reduced. There is also the option of specifying an exact time for the dbupdate to occur, but this must be done after the installation.

Step 11 The following screen is where you would normally specify the type of clocks that the clock server handles. As of Version 5.0.3.0, the Cisco IP phone was still in beta form. In future releases, there will be a Cisco option listed here. Click Next.

Step 12 We now select the validations that will be done when an employee attempts to do an action at the phone. Check off the following: Employee Badge, Employee Schedule, Employee Supervisor, Employee PIN, Employee Status, Department, Docket, Job, Project, Time Code, Break Length, Consecutive Types, Supervisor, Job Area, Docket Area, Time Code Area, Department Area, Project Area. For descriptions of these validations, refer to the Workbrain Clock Server Installation Guide. Click Next.

Step 13 Specify grace periods, which allow an employee to clock in/out earlier than scheduled. Click Next.

Step 14 Break Length Parameters—When an employee does a break entry with the specified time code, it will disallow any clocking in for the time specified. The defaults should suffice.

Step 15 Validation Messages—Accept the defaults for now. These can be changed in the future in settings.conf. There is also documentation that details the special characters used here.

Step 16 Click Next.

Step 17 Click Next.

Step 18 You're done. Click Install.

Cisco Validated Design