Partitioned Intradomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 10.0(1)
Configuration Workflows for Partitioned Intradomain Federation
Downloads: This chapterpdf (PDF - 1.22MB) The complete bookPDF (PDF - 4.61MB) | The complete bookePub (ePub - 0.97MB) | Feedback

Configuration Workflows for Partitioned Intradomain Federation

Configuration Workflows for Partitioned Intradomain Federation

This chapter provides configuration workflows for Partitioned Intradomain Federation with supported Microsoft servers, as well as the workflow for user migration from Lync/OCS to the IM and Presence Service.
  • Microsoft Lync Server (Lync) 2010
  • Microsoft Lync Server (Lync) 2013
  • Microsoft Office Communications Server (OCS) 2007 R2

Configuration Workflow for Partitioned Intradomain Federation with Lync

Use the following workflow to configure Partitioned Intradomain Federation between the IM and Presence Service and Microsoft Lync servers:

IM and Presence Service Configuration

  1. Verify that the required domains are configured on all IM and Presence Service nodes in the cluster. For instructions to view the configured domains on IM and Presence Service and to add new local domains, see Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager.
  2. Enable Partitioned Intradomain Federation, see Configure Partitioned Intradomain Federation Options.
  3. Configure static routes to Lync deployment, see Configure Static Routes.
  4. Configure Access Control Lists for Lync deployment, see Configure an Incoming Access Control List.
  5. Configure TLS encryption between the IM and Presence Service and Lync:
    1. Configure application listeners, see Configure Application Listener Ports.
    2. Configure TLS peer subjects, see Configure TLS Peer Subjects.
    3. Configure peer authentication TLS context, see Configure Peer Authentication TLS Context.
    4. Import root certificate of the Certificate Authority (CA), see Import Root Certificate of Certificate Authority.
    5. Request a CA signed certificate, see Generate Certificate Signing Request for IM and Presence Service.
    6. Import the CA signed certificate, see Import Signed Certificate from Certificate Authority.
  6. (Optional) If you are configuring a dedicated Routing IM and Presence Service node, deactivate unnecessary feature services on the Routing IM and Presence Service node, see Deactivate Feature Services on the Routing IM and Presence Service Node.

Note


Partitioned intradomain federation only supports back to back federation between the IM and Presence Service and Microsoft Lync or OCS. A firewall (ASA) between the federated servers is not supported.


Lync Configuration

  1. Verify that the domains for Intradomain federation that are configured on the Lync server have matching domains configured on the IM and Presence Service nodes. For instructions to view the configured domains on IM and Presence Service and to add new local domains, see Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager.
  2. Configure Lync static route to the IM and Presence Service deployment, see Configure Lync Static Route to Point to IM and Presence Service.
  3. Add host authorization for the IM and Presence Service deployment and enable port 5061, see Add Host Authorization for IM and Presence Service on an Enterprise Edition Lync Server.
  4. Publish the topology, see Publish Topology.
  5. Ensure CA root certificates are installed on each Lync server, see Install Certificate Authority Root Certificates on Lync.
  6. Ensure all Lync servers have the required signed certificates, see Validate Existing Lync Signed Certificate.
  7. Request signed certificate from Certificate Authority, see Request a Signed Certificate from a Certificate Authority for Lync.
  8. Download the certificate from the CA server, see Download a Certificate from the CA Server.
  9. Import the signed certificate, see Import a Signed Certificate for Lync.
  10. Assign the certificate, see Assign Certificate on Lync.
  11. Restart services, see Restart Services on Lync Servers.

    Tip


    Plan the restart of the server front-end services during off-peak hours to minimize the impact to users.


After the server is configured, you can proceed to migrate the users.

Configuration Workflow for Partitioned Intradomain Federation with OCS

Use the following workflow to configure Partitioned Intradomain Federation between the IM and Presence Service and OCS 2007 R2:

IM and Presence Service Configuration

  1. Verify that the required domains are configured on all IM and Presence Service nodes in the cluster. For instructions to view the configured domains on the IM and Presence Service and to add new local domains, see Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager.
  2. Enable Partitioned Intradomain Federation, see Configure Partitioned Intradomain Federation Options.
  3. Configure static routes to OCS deployment, see Configure Static Routes.
  4. Configure Access Control Lists for OCS deployment, see Configure an Incoming Access Control List.
  5. (Optional) Configure TLS encryption between the IM and Presence Service and OCS:
    1. Configure application listeners, see Configure Application Listener Ports.
    2. Configure TLS peer subjects, see Configure TLS Peer Subjects.
    3. Configure peer authentication TLS context, see Configure Peer Authentication TLS Context.
    4. Import root certificate of the Certificate Authority (CA), see Import Root Certificate of Certificate Authority.
    5. Request a CA signed certificate, see Generate Certificate Signing Request for IM and Presence Service.
    6. Import the CA signed certificate, see Import Signed Certificate from Certificate Authority.
  6. (Optional) If you are configuring a dedicated Routing IM and Presence Service node, deactivate unnecessary feature services on the Routing IM and Presence Service node. See Deactivate Feature Services on the Routing IM and Presence Service Node.

OCS Configuration

  1. Verify that the domains for Intradomain federation that are configured on the OCS server have matching domains configured on the IM and Presence Service nodes. For instructions to view the configured domains on the IM and Presence Service and to add new local domains, see Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager.
  2. Enable port 5060, see Enable Port 5060/​5061 on OCS Server.
  3. Configure static routes to the IM and Presence Service deployment, see Configure Static Routes on OCS to Point to the IM and Presence Service.
  4. Add host authorization for the IM and Presence Service deployment, see Add Host Authorization on OCS for IM and Presence Service.
  5. (Optional) Configure TLS encryption between the IM and Presence Service and OCS:
    1. Ensure mutual TLS authentication is configured on each OCS server, see Configure Mutual TLS Authentication on OCS.
    2. Ensure CA root certificates are installed on each OCS server, see Install Certificate Authority Root Certificates on OCS.
    3. Ensure all OCS servers have the required signed certificates, see Validate Existing OCS Signed Certificate.
    4. If required, request a newly signed certificate, see Signed Certificate Request from the Certificate Authority for the OCS Server.
  6. Restart services, see Restart Services on OCS Front-End Servers.

    Tip


    Plan the restart of the server front-end services during off-peak hours to minimize the impact to users.


After the server is configured, you can proceed to migrate the users.

Configuration Workflow for User Migration from Microsoft Servers to the IM and Presence Service

Use the following workflow to migrate users from Lync/OCS to the IM and Presence Service:

  1. Download the user migration tools—see Cisco User Migration Tools.
  2. Set unlimited contact list sizes and watcher sizes on the IM and Presence Service, see Set Unlimited Contact Lists and Watchers.
  3. Enable automatic authorization of subscription requests, see Enable Automatic Authorization of Subscription Requests.
  4. Verify the Microsoft server SIP URI format for migrating users, see Verify Microsoft Server SIP URI Format for Migrating Users
  5. If applicable, rename contact IDs in the IM and Presence Service contact lists, see Rename Contact IDs in IM and Presence Service Contact Lists
  6. Provision migrating users on the IM and Presence Service, see Lync/​OCS/​LCS.
  7. Back up Microsoft server data for migrating users, see Lync/​OCS/​LCS.
  8. Export Microsoft server contact lists for migrating users, see Export of Contact Lists for Migrating Users.
  9. Disable Microsoft server accounts for migrating users, see Lync/​OCS/​LCS.
  10. Verify that Microsoft server accounts have been disabled for migrating users, see Lync/​OCS/​LCS.
  11. Delete Microsoft server user data for migrating users, see Delete User Data from Database for Migrating Users.
  12. Import contact lists into the IM and Presence Service for migrating users, see Import Contact Lists for Migrating Users into IM and Presence.
  13. Reset the contact list and watcher limits on the IM and Presence Service, see Reset Maximum Contact List Size and Maximum Watcher Size.

Configuration Workflow for Integrating IM and Presence with Microsoft Server Interdomain Federation Capability


Note


Before you begin this workflow, you must configure Partitioned Intradomain Federation with Lync/OCS and ensure that it is functioning correctly. See the appropriate workflow for configuring Partitioned Intradomain Federation within your deployment.


  1. Configure each federated domain on the IM and Presence Service—see Remote Domain Setup for Interdomain Federation through Intradomain Federation Connections on Microsoft Servers
  2. Configure static routes to each remote domain on the IM and Presence Service—see Configure a Static Route for a Remote Domain