Deployment Guide for IM and Presence Service on Cisco Unified Communications Manager, Release 9.1(1)
IM and Presence intercluster deployment configuration
Downloads: This chapterpdf (PDF - 1.28MB) The complete bookPDF (PDF - 6.47MB) | The complete bookePub (ePub - 1.44MB) | Feedback

IM and Presence Service Intercluster Deployment Configuration

Contents

IM and Presence Service Intercluster Deployment Configuration

Intercluster Deployments

Intercluster Hardware Recommendations

When planning an intercluster deployment, it is recommended that similar hardware is used on all IM and Presence Service clusters in the Enterprise to allow for syncing of all user data between clusters. For example, if an MCS 7845 is deployed in Cluster A with 15,000 users, then an MCS 7845 should be deployed in Cluster B even if only needed for 500 users.

Intercluster Peer Relationships

You can configure peer relationships that interconnect standalone IM and Presence Service clusters, known as intercluster peers. This intercluster peer functionality allows users in one IM and Presence Service cluster to communicate and subscribe to the availability information of users in a remote IM and Presence Service cluster within the same domain. Keep in mind that if you delete an intercluster peer from one cluster, then you must also delete the corresponding peer in the remote cluster.

IM and Presence Service uses the AXL/SOAP interface to retrieve user information for the home cluster association. IM and Presence Service uses this user information to detect if a user is a local user (user on the home cluster), or a user on a remote IM and Presence Service cluster within the same domain.

IM and Presence Service uses the XMPP interface for the subscription and notification traffic. If IM and Presence Service detects a user to be on a remote cluster within the same domain, IM and Presence Service reroutes the messages to the remote cluster.


Caution


Cisco highly recommends that you set up intercluster peers in a staggered manner, as the initial sync uses substantial bandwidth and CPU. Setting up multiple peers at the same time could result in excessive sync times.


Intercluster Router to Router Connections

By default, IM and Presence Service assigns all nodes in a cluster as intercluster router-to-router connectors. When IM and Presence Service establishes an intercluster peer connection between the clusters over the AXL interface, it synchronizes the information from all intercluster router-to-router connector nodes in the home and remote clusters.

You must restart the Cisco XCP Router service on all nodes in both local and remote clusters for IM and Presence Service to establish a connection between the intercluster router-to-router connector nodes. Each intercluster router-to-router connector in one cluster then either initiates or accepts an intercluster connection with router-to-router connectors in the other cluster.


Note


In an intercluster deployment, when you add a new node to a cluster, you must restart the Cisco XCP router on all nodes in both the local and remote clusters.


Node Name Value for Intercluster Deployments

The node name defined for any IM and Presence Service node must be resolvable by every other IM and Presence Service node on every cluster. Therefore, each IM and Presence Service node name must be the FQDN of the node. If DNS is not deployed in your network, each node name must be an IP address.


Note


Specifying the hostname as the node name is only supported if all nodes across all clusters share the same DNS domain.


Attention:

When using the Cisco Jabber client, certificate warning messages can be encountered if the IP address is configured as the IM and Presence Service node name. To prevent Cisco Jabber from generating certificate warning messages, the FQDN should be used as the node name.

IM and Presence Default Domain Value for Intercluster Deployments

If you configure an intercluster deployment, note the following:

  • The IM and Presence default domain value on the local cluster must match the IM and Presence default domain value on the remote cluster to ensure that intercluster functionality will work correctly.
  • If you do not use DNS in your network, IM and Presence Service automatically sets the default domain value to DOMAIN.NOT.SET . On both the local and remote cluster, you must replace this default value with a common valid IM and Presence default domain value, otherwise intercluster functionality will not work correctly

See topics related to IM and Presence default domain configuration for detailed instructions.

Secure Intercluster Router to Router Connection

You can configure a secure XMPP connection between all router-to-router connectors in your IM and Presence Service deployment, incorporating both intracluster and intercluster router to router connections. Choose Cisco Unified CM IM and Presence Administration > System > Security > Settings, and check Enable XMPP Router-to-Router Secure Mode.

When you turn on the secure mode for XMPP router-to-router connections, IM and Presence Service enforces a secure SSL connection using XMPP trust certificates. For intercluster deployments, IM and Presence Service enforces a secure SSL connection between each router-to-router connector node in the local cluster, and each router connector node in the remote cluster.

Prerequisites for Intercluster Deployment

You configure an intercluster peer between the IM and Presence database publisher nodes in standalone IM and Presence Service clusters. No configuration is required on the IM and Presence Service subscriber nodes in a cluster for intercluster peer connections. Before you configure IM and Presence Service intercluster peers in your network, note the following:

  • The intercluster peers must each integrate with a different Cisco Unified Communications Manager cluster.
  • You must complete the required multinode configuration in both the home IM and Presence Service cluster, and in the remote IM and Presence Service cluster:
    • Configure the system topology and assign your users as required.
    • Activate the services on each IM and Presence Service node in the cluster.
  • You must turn on the AXL interface on the local IM and Presence database publisher node, and on the remote IM and Presence database publisher node. IM and Presence Service creates, by default, an intercluster application user with AXL permissions. To configure an intercluster peer, you will require the username and password for the intercluster application user on the remote IM and Presence Service node.
  • You must turn on the Sync Agent on the local IM and Presence database publisher node, and on the remote IM and Presence database publisher node. Allow the Sync Agent to complete the user sychronization from Cisco Unified Communications Manager before you configure the intercluster peers.

For sizing and performance recommendations for intercluster deployments, including information on determining a presence user profile, see the IM and Presence Service SRND.

Intercluster Peer Configuration

Configure Intercluster Peer

Perform this procedure on the database publisher node of the local IM and Presence Service cluster, and on the database publisher node of the remote IM and Presence Service cluster (with which you want your local cluster to form a peer relationship).

Before You Begin
  • Activate the AXL interface on the local IM and Presence Service node and confirm that the AXL interface is activated on the remote IM and Presence Service database publisher node.
  • Confirm that the Sync Agent has completed the user synchronization from Cisco Unified Communications Manager on the local and remote cluster.
  • Acquire the AXL username and password for the intercluster application user on the remote IM and Presence Service node.
  • If you do not use DNS in your network, see topics related to IM and Presence Service default domain and node name values for intercluster deployments.

Restriction

Cisco recommends that you use TCP as the intercluster trunk transport for all IM and Presence Service clusters.

Procedure
    Step 1   Choose Cisco Unified CM IM and Presence Administration > Presence > Inter-Clustering.
    Step 2   Enter the IP address of the database publisher node of a remote IM and Presence Service cluster.
    Step 3   Enter the username of the application user on the remote IM and Presence Service node that has AXL permissions.
    Step 4   Enter the associated password of the application user on the remote IM and Presence Service node that has AXL permissions.
    Step 5   Enter the preferred protocol for SIP communication.
    Step 6   (Optional) Enter the External Phone Number Mask value. This is the E.164 mask to apply to Directory Numbers retrieved from the remote cluster.
    Step 7   Click Save.
    Step 8   Restart the Cisco XCP Router service on all nodes in the local cluster.
    Step 9   Repeat this procedure to create the remote intercluster peer, and then restart the Cisco XCP Router service on all nodes in the remote cluster.
    Tip   

    If you configure the intercluster peer connection before the Sync Agent completes the user synchronization from Cisco Unified Communications Manager (on either the local or remote cluster), the status of the intercluster peer connection will display as Failed.

    If you choose TLS as the intercluster transport protocol, IM and Presence Service attempts to automatically exchange certificates between intercluster peers to establish a secure TLS connection. IM and Presence Service indicates whether the certificate exchange is successful in the intercluster peer status section.


    What to Do Next

    Proceed to turn on the Intercluster Synch Agent.

    Turn On Intercluster Sync Agent

    By default, IM and Presence Service turns on the Intercluster Sync Agent parameter. Use this procedure to either verify that the Intercluster Sync Agent parameter is on, or to manually turn on this service.

    The Intercluster Sync Agent uses the AXL/SOAP interface for the following:

    • to retrieve user information for IM and Presence Service to determine if a user is a local user (on the local cluster), or a user on a remote IM and Presence Service cluster within the same domain.
    • to notify remote IM and Presence Service clusters of changes to users local to the cluster.

    Note


    You must turn on the Intercluster Sync Agent on all nodes in the IM and Presence Service cluster because in addition to synchronizing user information from the local IM and Presence database publisher node to the remote IM and Presence database publisher node, the Intercluster Sync Agent also handles security between all nodes in the clusters.


    Procedure
      Step 1   Choose Cisco Unified IM and Presence Serviceability > Tools > Control Center - Network Services.
      Step 2   Choose the IM and Presence Service node from the Server menu.
      Step 3   Choose Cisco Intercluster Sync Agent.
      Step 4   Click Start.

      What to Do Next

      Proceed to verify the intercluster peer status.

      Verify Intercluster Peer Status

      Procedure
        Step 1   Choose Cisco Unified CM IM and Presence Administration > Presence > Inter-Clustering.
        Step 2   Choose the peer address from the search criteria menu.
        Step 3   Click Find.
        Step 4   Choose the peer address entry that you wish to view.
        Step 5   In the Intercluster Peer Status window:
        1. Verify that there are check marks beside each of the result entries for the intercluster peer.
        2. Make sure that the Associated Users value equals the number of users on the remote cluster.
        3. If you choose TLS as the intercluster transport protocol, the Certificate Status item displays the status of the TLS connection, and indicates if IM and Presence Service successfully exchanged security certificates between the clusters. If the certificate is out-of-sync, you need to manually update the tomcat trust certificate (as described in this module). For any other certificate exchange errors, check the Online Help for a recommended action.
        Step 6   Choose Cisco Unified CM IM and Presence Administration > Diagnostics > System Troubleshooter.
        Step 7   Verify that there are check marks beside the status of each of the intercluster peer connection entries in the InterClustering Troubleshooter section.

        Update Intercluster Sync Agent Tomcat Trust Certificates

        If the tomcat certificate status for an intercluster peer is out-of-sync, you need to update the Tomcat trust certificate. In an intercluster deployment this error can occur if you reuse the existing Intercluster Peer Configuration to point to a new remote cluster. Specifically, in the existing Intercluster Peer Configuration window, you change the Peer Address value to point to a new remote cluster. This error can also occur in a fresh IM and Presence Service installation, or if you change the IM and Presence Service host or domain name, or if you regenerate the Tomcat certificate.

        This procedure describes how to update the Tomcat trust certificate when the connection error occurs on the local cluster, and the corrupt Tomcat trust certificates are associated with the remote cluster.

        Procedure
          Step 1   Choose Cisco Unified CM IM and Presence Administration > Presence > Inter-Clustering.
          Step 2   Click Force Sync to synchronize certificates with the remote cluster.
          Step 3   In the confirmation window that displays, choose Also resync peer's Tomcat certificates.
          Step 4   Click OK.
          Note    If there are any certificates that have not synced automatically, go to the Intercluster Peer Configuration window and all certificates marked with an x are the missing certificates which you need to manually copy.

          User Migration Between IM and Presence Service Clusters

          This section describes how to migrate users between IM and Presence Service clusters. You must complete the following procedures in the order in which they are presented:

          1. Unassign the migrating users from their current cluster.
          2. Export the contact lists of the migrating users from their current home cluster.
          3. Disable the migrating users for IM and Presence Service and Cisco Jabber on their current home cluster from Cisco Unified Communications Manager.
          4. If LDAP Sync is enabled on Cisco Unified Communications Manager:
            • move the users to the new Organization Unit, from which their new cluster synchronizes its information
            • synchronize the users to the new home Cisco Unified Communications Manager.
          5. If LDAP Sync is not enabled on Cisco Unified Communications Manager, manually provision the migrating users on Cisco Unified Communications Manager.
          6. Enable users for IM and Presence Service and Cisco Jabber.
          7. Import contact lists to the new home cluster to restore contact list data for migrated users.

          Before You Begin

          Complete the following tasks:

          • Perform a full DRS of the current cluster and the new home cluster. See the Disaster Recovery System Administration Guide for more information.
          • Ensure that the following services are running:
            • Cisco Intercluster Sync Agent
            • Cisco AXL Web Service
            • Cisco Sync Agent
          • Run the Troubleshooter and ensure that there are no Intercluster Sync Agent issues reported. All Intercluster Sync Agent issues reported on the Troubleshooter must be resolved before proceeding with this procedure.
          • Cisco recommends that the Allow users to view the availability of other users without being prompted for approval setting is enabled. To enable this setting, choose Cisco Unified CM IM and Presence Administration > Presence > Settings. Any change to this setting requires a restart of the Cisco XCP Router.
          • Cisco recommends that the following settings are set to No Limit:
            • Maximum Contact List Size (per user)
            • Maximum Watchers (per user) To configure these settings, choose Cisco Unified CM IM and Presence Administration > Presence > Settings.
          • Ensure that the users to be migrated are licensed for Cisco Unified Presence or Cisco Jabber on their current (pre-migration) home cluster only. If these users are licensed on any other cluster, they need to be fully unlicensed before proceeding with the following procedures.

          Unassign Users From Current Cluster

          Complete this procedure to unassign the migrating users from their current cluster.

          Procedure
            Step 1   Choose Cisco Unified CM IM and Presence Administration > System > Cluster Topology.
            Step 2   Choose the users that you want to migrate to a remote IM and Presence cluster.
            Step 3   Click Assign Selected Users and in the next dialog box, click Unassigned.
            Step 4   Click Save.

            What to Do Next

            Proceed to export your user contact lists.

            Export User Contact Lists

            Complete this procedure to export the contact lists of the migrating from their current cluster.

            Procedure
              Step 1   Export the contact lists of the migrating users from the current home cluster.
              1. Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Contact List > Export.
              2. Choose All unassigned users in the cluster and click Find.
              3. Review the results and use the AND/OR filter to filter the search results as required.
              4. When the list is complete, click Next.
              5. Choose a filename for the exported contact list data.
              6. Optionally update the Job Description.
              7. Click Run Now or schedule the job to run later.
              Step 2   Monitor the status of the contact list export job.
              1. Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Job Scheduler.
              2. Click Find to list all BAT jobs.
              3. Find your contact list export job and when it is reported as completed, choose the job.
              4. Choose the CSV File Name link to view the contents of the contact list export file. Note that a timestamp is appended to the filename.
              5. From the Job Results section, choose the log file to see a summary of what was uploaded. The job begin and end time is listed and a result summary for the job is presented.
              Step 3   Download the contact list export file and store it for use later when the user migration is complete.
              1. Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Upload/Download Files.
              2. Click Find.
              3. Choose the contact list export file and click Download Selected.
              4. Save the CSV file locally for upload later in the procedure.

              What to Do Next

              Proceed to unlicense the users.

              Disable Users for IM and Presence Service

              The following procedure describes how to disable a migrating user for IM and Presence Service and Cisco Jabber on their current home cluster.

              For information about how to update users in bulk, see the Cisco Unified Communications Manager Bulk Administration Guide.

              Procedure
                Step 1   Choose Cisco Unified CM Administration > User Management > End User.
                Step 2   Use the filters to find the user that you want to disable for IM and Presence Service.
                Step 3   In the End User Configuration screen, uncheck Enable User for Unified CM IM and Presence.
                Step 4   Click Save.

                Move Users to New Cluster

                The procedure to move the users to the new cluster differs depending on whether LDAP Sync is enabled on Cisco Unified Communications Manager.

                LDAP Sync Enabled on Cisco Unified Communications Manager

                If LDAP Sync is enabled on Cisco Unified Communications Manager, you must move users to the new Organizational Unit and synchronize the users to the new home cluster.

                Move Users To New Organizational Unit

                If LDAP Sync is enabled on Cisco Unified Communications Manager, you must move the users to the new Organizational Unit (OU) from which their new cluster synchronizes if the deployment uses a separate LDAP structure (OU divided) for each cluster, where users are only synchronized from LDAP to their home cluster.


                Note


                You do not need to move the users if the deployment uses a flat LDAP structure, that is, all users are synchronized to all Cisco Unified Communications Manager and IM and Presence Service clusters where users are licensed to only one cluster.


                For more information about how to move the migrating users to the relevant OU of the new home cluster, see the LDAP Administration documentation.

                After you move the users, you must delete the LDAP entries from the old LDAP cluster.

                What to Do Next

                Proceed to synchronize the users to the new home cluster.

                Synchronize Users To New Home Cluster

                If LDAP is enabled on Cisco Unified Communications Manager, you must synchronize the users to the new home Cisco Unified Communications Manager cluster. You can do this manually on Cisco Unified Communications Manager or you can wait for a scheduled synchronization on Cisco Unified Communications Manager.

                To manually force the synchronization on Cisco Unified Communications Manager, complete the following procedure.

                Procedure
                  Step 1   From Cisco Unified CM Administration, choose System > LDAP > LDAP Directory.
                  Step 2   Click Perform Full Sync Now.

                  What to Do Next

                  Proceed to enable users for IM and Presence Service and license users on the new cluster.

                  LDAP Sync Not Enabled On Cisco Unified Communications Manager

                  If LDAP Sync is not enabled on Cisco Unified Communications Manager, you must manually provision the users on the new Cisco Unified Communications Manager cluster. See the Cisco Unified Communications Manager Administration Guide for more information.

                  Enable Users For IM and Presence Service On New Cluster

                  When the users have been synchronized, or manually provisioned, on the new home cluster, you must enable the users for IM and Presence Service and Cisco Jabber.

                  Procedure
                    Step 1   From Cisco Unified CM Administration, choose User Management > End User.
                    Step 2   Use the filters to find the user that you want to enable for IM and Presence Service.
                    Step 3   In the End User Configuration screen, check Enable User for Unified CM IM and Presence.
                    Step 4   Click Save.
                    Step 5   Provision the users on Cisco Unified Communications Manager for Phone and CSF. See the Cisco Unified Communications Manager Administration Guide for more information.

                    For information about how to update users in bulk, see the Cisco Unified Communications Manager Bulk Administration Guide.

                    What to Do Next

                    Proceed to import contact lists on the new home cluster.

                    Import Contact Lists On Home Cluster

                    You must import the contact lists to restore contact data for the migrated users.

                    Procedure
                      Step 1   Upload the previously exported contact list CSV file.
                      1. Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Upload/Download Files.
                      2. Click Add New.
                      3. Click Browse to locate and choose the contact list CSV file.
                      4. Choose Contact Lists as the Target.
                      5. Choose Import Users’ Contacts - Custom File as the Transaction Type,
                      6. Optionally check Overwrite File if it exists.
                      7. Click Save to upload the file.
                      Step 2   Run the import contact list job.
                      1. Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Contact List > Update.
                      2. Choose the CSV file you uploaded in Step 1.
                      3. Optionally update the Job Description.
                      4. To run the job now, click Run Immediately. Click Run Later to schedule the update for a later time.
                      5. Click Submit.
                      Step 3   Monitor the contact list import status.
                      1. Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Job Scheduler.
                      2. Click Find to list all BAT jobs.
                      3. Choose the job ID of the contact list import job when its status is reported as complete.
                      4. To view the contents of the contact list file, choose the file listed at CSV File Name.
                      5. Click the Log File Name link to open the log.

                        The begin and end time of the job is listed and a result summary is also displayed.