Partitioned Intradomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1)
Configuration Workflows for Partitioned Intradomain Federation
Downloads: This chapterpdf (PDF - 1.18MB) The complete bookPDF (PDF - 4.15MB) | The complete bookePub (ePub - 767.0KB) | Feedback

Configuration Workflows for Partitioned Intradomain Federation

Configuration Workflows for Partitioned Intradomain Federation

This chapter provides configuration workflows for Partitioned Intradomain Federation with Microsoft Lync Server (Lync) 2010, Microsoft Live Communications Server (LCS) 2005, and Microsoft Office Communications Server (OCS) 2007 R2. It also describes the configuration workflow for user migration from Lync/OCS/LCS to the IM and Presence Service.

Configuration Workflow for Partitioned Intradomain Federation with Lync

Use the following workflow to configure Partitioned Intradomain Federation between the IM and Presence Service and Microsoft Lync servers:

IM and Presence Service Configuration

  1. Verify that the required domain is configured on all IM and Presence Service nodes in the cluster.

  2. Enable Partitioned Intradomain Federation, see Configure Partitioned Intradomain Federation Options.

  3. Configure static routes to Lync deployment, see Configure Static Routes.

  4. Configure Access Control Lists for Lync deployment, see Configure an Incoming Access Control List.

  5. Configure TLS encryption between the IM and Presence Service and Lync:

    1. Configure application listeners, see Configure Application Listener Ports.
    2. Configure TLS peer subjects, see Configure TLS Peer Subjects.
    3. Configure peer authentication TLS context, see Configure Peer Authentication TLS Context.
    4. Import root certificate of the Certificate Authority (CA), see Import Root Certificate of Certificate Authority.
    5. Request a CA signed certificate, see Generate Certificate Signing Request for IM and Presence Service.
    6. Import the CA signed certificate, see Import Signed Certificate from Certificate Authority.
  6. (Optional) If you are configuring a dedicated Routing IM and Presence Service node, deactivate unnecessary feature services on the Routing IM and Presence Service node, see Deactivate Feature Services on the Routing IM and Presence Service Node.


Note


Partitioned intradomain federation only supports back to back federation between the IM and Presence Service and Microsoft Lync or OCS. A firewall (ASA) between the federated servers is not supported.


Lync Configuration

  1. Verify that the domain for Intradomain federation that is configured on the Lync server has matching domains configured on the IM and Presence Service nodes.

  2. Configure Lync static route to the IM and Presence Service deployment, see Configure Lync Static Route to Point to IM and Presence Service.

  3. Add host authorization for the IM and Presence Service deployment and enable port 5061, see Add Host Authorization for IM and Presence Service on an Enterprise Edition Lync Server.

  4. Publish the topology, see Publish Topology.

  5. Ensure CA root certificates are installed on each Lync server, see Install Certificate Authority Root Certificates on Lync.

  6. Ensure all Lync servers have the required signed certificates, see Validate Existing Lync Signed Certificate.

  7. Request signed certificate from Certificate Authority, see Request a Signed Certificate from a Certificate Authority for Lync.

  8. Download the certificate from the CA server, see Download a Certificate from the CA Server.

  9. Import the signed certificate, see Import a Signed Certificate for Lync.

  10. Assign the certificate, see Assign Certificate on Lync.

  11. Restart services, see Restart Services on Lync Servers.


    Tip


    Plan the restart of the server front-end services during off-peak hours to minimize the impact to users.


After the server is configured, you can proceed to migrate the users.

Configuration Workflow for Partitioned Intradomain Federation with OCS

Use the following workflow to configure Partitioned Intradomain Federation between the IM and Presence Service and OCS 2007 R2:

IM and Presence Service Configuration

  1. Verify that the required domain is configured on all IM and Presence Service nodes in the cluster.

  2. Enable Partitioned Intradomain Federation, see Configure Partitioned Intradomain Federation Options.

  3. Configure static routes to OCS deployment, see Configure Static Routes.

  4. Configure Access Control Lists for OCS deployment, see Configure an Incoming Access Control List.

  5. (Optional) Configure TLS encryption between the IM and Presence Service and OCS:

    1. Configure application listeners, see Configure Application Listener Ports.
    2. Configure TLS peer subjects, see Configure TLS Peer Subjects.
    3. Configure peer authentication TLS context, see Configure Peer Authentication TLS Context.
    4. Import root certificate of the Certificate Authority (CA), see Import Root Certificate of Certificate Authority.
    5. Request a CA signed certificate, see Generate Certificate Signing Request for IM and Presence Service.
    6. Import the CA signed certificate, see Import Signed Certificate from Certificate Authority.
  6. (Optional) If you are configuring a dedicated Routing IM and Presence Service node, deactivate unnecessary feature services on the Routing IM and Presence Service node. See Deactivate Feature Services on the Routing IM and Presence Service Node.

OCS Configuration

  1. Verify that the domain for Intradomain federation that is configured on the OCS server has matching domains configured on the IM and Presence Service nodes.

  2. Enable port 5060, see Enable Port 5060/​5061 on OCS Server.

  3. Configure static routes to the IM and Presence Service deployment, see Configure Static Routes on OCS to Point to the IM and Presence Service.

  4. Add host authorization for the IM and Presence Service deployment, see Add Host Authorization on OCS for IM and Presence Service.

  5. (Optional) Configure TLS encryption between the IM and Presence Service and OCS:

    1. Ensure mutual TLS authentication is configured on each OCS server, see Configure Mutual TLS Authentication on OCS.
    2. Ensure CA root certificates are installed on each OCS server, see Install Certificate Authority Root Certificates on OCS.
    3. Ensure all OCS servers have the required signed certificates, see Validate Existing OCS Signed Certificate.
    4. If required, request a newly signed certificate, see Signed Certificate Request from the Certificate Authority for the OCS Server.
  6. Restart services, see Restart Services on OCS Front-End Servers.


    Tip


    Plan the restart of the server front-end services during off-peak hours to minimize the impact to users.


After the server is configured, you can proceed to migrate the users.

Configuration Workflow for Partitioned Intradomain Federation with LCS

Use the following workflow to configure Partitioned Intradomain Federation between the IM and Presence Service and LCS 2005:

IM and Presence Service Configuration

  1. Verify that the required domain is configured on all IM and Presence Service nodes in the cluster.

  2. Enable Partitioned Intradomain Federation, see Configure Partitioned Intradomain Federation Options.

  3. Configure static routes to LCS deployment, see Configure Static Routes.

  4. Configure Access Control Lists for LCS deployment, see Configure an Incoming Access Control List.

  5. (Optional) Configure TLS encryption between IM and Presence Service and LCS:

    1. Configure application listeners, see Configure Application Listener Ports.
    2. Configure TLS peer subjects, see Configure TLS Peer Subjects.
    3. Configure peer authentication TLS context, see Configure Peer Authentication TLS Context.
    4. Import root certificate of the Certificate Authority (CA), see Import Root Certificate of Certificate Authority.
    5. Request a CA signed certificate, see Generate Certificate Signing Request for IM and Presence Service.
    6. Import the CA signed certificate, see Import Signed Certificate from Certificate Authority.
  6. (Optional) If you are configuring a dedicated Routing IM and Presence Service node, deactivate unnecessary feature services on the Routing IM and Presence Service node, see Deactivate Feature Services on the Routing IM and Presence Service Node.

LCS Configuration

  1. Verify that the domain for Intradomain federation that is configured on the LCS server has matching domains configured on the IM and Presence Service nodes.

  2. Enable port 5060, see Enable Port 5060 on LCS Server.

  3. Configure static routes to the IM and Presence Service deployment, see Configure a LCS Static Route to Point to the IM and Presence Service.

  4. Add host authorization for the IM and Presence Service deployment, see Add Host Authorization on LCS for IM and Presence Service.

  5. (Optional) Configure TLS encryption between the IM and Presence Service and LCS:

    1. Ensure mutual TLS authentication is configured on each LCS server, see Configure Mutual TLS Authentication on LCS.
    2. Ensure CA root certificates are installed on each LCS server, see Install Certificate Authority Root Certificates on LCS.
    3. Ensure all LCS servers have the required signed certificates, see Validate Existing LCS Signed Certificate.
    4. If required, request a newly signed certificate, see Signed Certificate Requests from Certificate Authority for LCS Server.
  6. Restart services, see Restart Services on LCS Servers.


    Tip


    Plan the restart of the server front-end services during off-peak hours to minimize the impact to users.


After the server is configured, you can proceed to migrate the users.

Configuration Workflow for User Migration from Microsoft Servers to the IM and Presence Service

Use the following workflow to migrate users from Lync/OCS/LCS to the IM and Presence Service:

  1. Download the user migration tools—see Cisco User Migration Tools.

  2. Set unlimited contact list sizes and watcher sizes on the IM and Presence Service, see Set Unlimited Contact Lists and Watchers.

  3. Enable automatic authorization of subscription requests, see Enable Automatic Authorization of Subscription Requests.

  4. Provision migrating users on the IM and Presence Service, see Lync/​OCS/​LCS.

  5. Back up Microsoft server data for migrating users, see Lync/​OCS/​LCS.

  6. Export Microsoft server contact lists for migrating users, see Export of Contact Lists for Migrating Users.

  7. Disable Microsoft server accounts for migrating users, see Lync/​OCS/​LCS.

  8. Verify that Microsoft server accounts have been disabled for migrating users, see Lync/​OCS/​LCS.

  9. Delete Microsoft server user data for migrating users, see Delete User Data from Database for Migrating Users.

  10. Import contact lists into the IM and Presence Service for migrating users, see Import Contact Lists for Migrating Users into IM and Presence.

  11. Reset the contact list and watcher limits on the IM and Presence Service, see Reset Maximum Contact List Size and Maximum Watcher Size.

Configuration Workflow for Integrating IM and Presence with Microsoft Server Interdomain Federation Capability


Note


Before you begin this workflow, you must configure Partitioned Intradomain Federation with Lync/OCS/LCS and ensure that it is functioning correctly. See the appropriate workflow for configuring Partitioned Intradomain Federation within your deployment.


  1. Configure each federated domain on the IM and Presence Service—see Remote Domain Setup for Interdomain Federation through Intradomain Federation Connections on Microsoft Servers

  2. Configure static routes to each remote domain on the IM and Presence Service—see Configure a Static Route for a Remote Domain