Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1)
External Server Component Configuration for SIP Federation
Downloads: This chapterpdf (PDF - 1.2MB) The complete bookPDF (PDF - 5.13MB) | The complete bookePub (ePub - 1.28MB) | Feedback

External Server Component Configuration for SIP Federation

External Server Component Configuration for SIP Federation

Microsoft Component Configuration for SIP Federation

The following tables provide a brief checklist to configure federation on the Microsoft OCS and Access Edge servers. For detailed instructions on setting up and deploying the OCS server and the Access Edge server, refer to the Microsoft documentation.

Table 1 Configuration Tasks for Microsoft Components - OCS Server

Task

Procedure

Enable Global Federation Setting

  1. In the global forest branch in the left pane, choose Properties > Global Properties > Federation.
  2. Check the Enable Federation and Public IM Connectivity check box.
  3. Enter the FQDN and the port number for the internal interface of the Access Edge server.

Configure the Access Edge server address

  1. In the global forest branch in the left pane, choose Properties > Global Properties > Edge Servers.
  2. In the Access Edge and Web Conferencing Edge Servers window, click Add .
  3. Enter the FQDN for the internal interface of the Access Edge server.

Enable Each Front End Federation Setting

You need to enable the federation setting for each front-end server that is federating:
  1. In the front-end server branch in the left pane, choose Properties > Front End Properties > Federation.
  2. Check the Enable Federation and Public IM Connectivity check box.

Check your users are enabled for MOC and for Federation

Configure the security certificates

  • You need to configure security certificates between the OCS server and the Access Edge server.
  • A CA server is required to perform this procedure.
  • Please refer to the Microsoft documentation for details on configuring security certificates between these servers.
Table 2 Configuration Tasks for Microsoft Components - Access Edge Server

Task

Procedure

Configure DNS

In the Microsoft enterprise deployment, you need to configure an external SRV record for all Access Edge Servers that points to _sipfederationtls._tcp.domain, over port 5061, where domain is the name of the SIP domain of your organization. This SRV should point to the external FQDN of the Access Edge server.

Configure IM and Presence Service as an IM Provider

  1. On the external Access Edge server, choose Start > Administrative Tools > Computer Management.
  2. In the left pane, right-click Microsoft Office Communications Server 2007.
  3. Choose the IM Provider tab.
  4. Click Add.
  5. Check the Allow the IM service provider check box.
  6. Define the IM service provider name, for example, the IM and Presence node.
  7. Define the network address of the IM service provider, in this case the public FQDN of the IM and Presence Service node.
  8. Ensure that the IM service provider is not marked as "public".
  9. Click the filtering option Allow all communications from this provider option.
  10. Click OK.

In the IM and Presence Service enterprise deployment, you need to configure a DNS SRV record that points to _sipfederationtls._tcp.imp_domain over port 5061, where imp_domain is the name of the IM and Presence Service domain. This DNS SRV should point to the public FQDN of the IM and Presence Service node.

Check the Access Method Settings

  1. Iin the console tree, right-click on Microsoft Office Communications Server 2007.
  2. Choose Properties > Access Methods.
  3. Check the Federation check box.
  4. Check theAllow discovery check box if you are using DNS SRV.

Configure the security certificates

  • You need to configure security certificates between the OCS server and the Access Edge server.
  • A CA server is required to perform this procedure.
  • Please refer to the Microsoft documentation for details on configuring security certificates between these servers.

Requirements for SIP Federation with AOL

License Requirements for AOL Federation

You must order the AOL-FEDERATION SKU license from Cisco to allow you to turn on interdomain federation between the IM and Presence Service and AOL. When you submit this license request, Cisco requests from you the AOL customer routing and contact information described in the later sections of this topic. After Cisco receives your AOL customer routing and contact information, AOL federation between the IM and Presence Service and AOL is turned on.

AOL Routing Information Requirements

When you configure interdomain federation between the IM and Presence Service and AOL SIP Access Gateway, you must provide AOL with the following information.

Deployment Type

Provide (for each domain)

Notes

No load balancer

  • The public FQDN of the federation routing IM and Presence Service node: <sip.domain.com>
  • The domain name of the IM and Presence Service node: @<domain.com>
  • IM and Presence Service server certificate subject CN must match FQDN of the IM and Presence Service node
  • The CA that signs the IM and Presence Service server certificate must be trusted by the AOL server.

Load balancer

  • The FQDN of the load balancer: <lb.domain.com>
  • The domain name of the load balancer: @<domain.com>
  • IM and Presence Service server certificate subject CN must match FQDN of the load balancer.
  • The CA that signs the IM and Presence Service server certificate must be trusted by the AOL server.

  • The secure SIP federation port of the IM and Presence Service node that is used for the domain

The AOL SIP Access Gateway connects (by way of SSL) to the IP address that is returned by an nslookup on this port. The default port is 5061.

We recommend that you work with your Cisco support representative to provide this information to AOL.

AOL Provisioning Information Requirements

  • The name of the enterprise, company or other.
  • The domain name used for the federation (for example, companyabc.com).
  • The FQDN of the IM and Presence Service node that is being used for federation.
  • The customer contact details: name, email address, phone number.
  • Copy of certificate(s):
    • If the certificate is signed by a Certificate Authority, root certificate including the whole chain of certificates of the Certificate Authority must be provided.
    • The base 64 encoding of the certificate(s) is required, for example:

BEGIN CERTIFICATE----- MIIGKDCCBRCgAwIBAgIKH5c9LAAIAAGTvjANBgkqhkiG9w0BAQUFADCBizETMBEG CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG..... 6HKfdML7AkWOV0Wiwc8HUb/0iFmfB24jWOnjj3NW15k0tDJXmbSMuAxjZ/2dZ4dA 4zd4FeZvoCzyVglPkoLvA0Z+AJyOkO7/tie4EF3n/kEedaPWimv2TpRrlAP5lBXn tbM82NpEDaSqzg0d4Dswqe7W30CKGgUBYS1fO7xJHSRju719D+H7XivmjvU= -----END CERTIFICATE-----

We recommend that you work with your Cisco support representative to provide this information to AOL.