Guest

Cisco Unified Communications Manager IM & Presence Service

Cisco Unified Presence Server Deployment Guide Release 1.0(3)

  • Viewing Options

  • PDF (419.2 KB)
  • Feedback
Cisco Unified Presence Server Deployment Guide, Release 1.0(3)

Table Of Contents

Cisco Unified Presence Server
Deployment Guide, Release 1.0(3)

Contents

Introduction

Microsoft Integration

Related Documentation

Cisco Unified CallManager Configuration Overview

Cisco Unified Presence Server Configuration

CTI Gateway Configuration Checklist

Transport Layer Security Configuration Checklist

Microsoft Office Live Communications Server 2005 with SP 1 Configuration Checklist

Microsoft LCS Certificate Configuration Checklist

Microsoft Active Directory Configuration Checklist

TLC Route Configuration Checklist

FIPS-Compliant Security Algorithms Configuration Checklist

Microsoft Office Communicator 2005 Configuration Checklist

Unwanted Feature Interactions

Shared Lines

Call Forwarding

Cisco Extension Mobility

Obtaining Documentation

Cisco.com

Product Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Product Alerts and Field Notices

Obtaining Technical Assistance

Cisco Support Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information


Cisco Unified Presence Server
Deployment Guide, Release 1.0(3)


This document contains configuration checklists and procedures for setting up Cisco Unified Presence Server 1.0(2) and integrating it with Cisco Unified CallManager 5.0(4), as well as with the required Microsoft servers and products, including

Microsoft Office Live Communications Server 2005 with Service Pack 1 (SP1)

Microsoft Windows Server 2000 or 2003 Active Directory

Microsoft Office Communicator 2005

Contents

This document covers the following topics:

Introduction

Related Documentation

Cisco Unified CallManager Configuration Overview

Cisco Unified Presence Server Configuration

CTI Gateway Configuration Checklist

Transport Layer Security Configuration Checklist

Microsoft Office Live Communications Server 2005 with SP 1 Configuration Checklist

Microsoft LCS Certificate Configuration Checklist

Microsoft Active Directory Configuration Checklist

TLC Route Configuration Checklist

FIPS-Compliant Security Algorithms Configuration Checklist

Microsoft Office Communicator 2005 Configuration Checklist

Unwanted Feature Interactions

Obtaining Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Product Alerts and Field Notices

Obtaining Technical Assistance

Obtaining Additional Publications and Information

Introduction

This document provides an overview of the Cisco Unified Presence Server deployment and configuration process, including the following major configuration requirements:

Cisco Unified CallManager configuration

Cisco Unified Presence Server configuration, including CTI gateway

Microsoft integration, which includes configuration checklists for the following Microsoft products:

Microsoft Office Live Communications Server (LCS)

Microsoft Active Directory (AD)

Microsoft Office Communicator (MOC)

Microsoft Integration

The CTI gateway, a Cisco Unified Presence Server application module, allows Microsoft Office Communicator to work with Cisco Unified CallManager and supports Microsoft Office Communicator features, such as Click to Dial and Phone Control services. To work with Cisco Unified CallManager, Microsoft Live Communications Server uses a Computer Supported Telecommunications Applications (CSTA) XML interface.

Figure 1 shows the overall Microsoft presence system architecture.

Figure 1 Overall Microsoft Presence Architecture

Figure 2 shows the messaging flow between a soft client (Microsoft Office Communicator) and the CTI gateway.

Figure 2 Messaging Flow Between a Soft Client and the CTI Gateway

Figure 3 shows the system components that must be configured for Microsoft Office Communicator and Cisco Unified CallManager phone integration to work properly.

Figure 3 Microsoft Office Communicator and Cisco Unified CallManager Phone Integration

This deployment guide assumes that you have already installed Cisco Unified Presence Server software on your servers. For installation instructions, refer to the document Installing Cisco Unified Presence Server.

Related Documentation

Refer to the following documents for further information about related Cisco IP telephony applications and products:

Installing Cisco Unified Presence Server

This document provides procedures for installing Cisco Unified Presence Server on the publisher database and subscriber servers.

Cisco Unified Presence Server Administration Guide

This document provides step-by-step instructions for configuring, maintaining, and administering the Cisco Unified Presence Server voice over IP network.

Cisco Unified Presence Server Serviceability Administration Guide

This document provides step-by-step instructions for configuring alarms, traces, and other reporting for Cisco Unified Presence Server serviceability and remote serviceability.

Cisco Unified Communications Operating System Administration Guide)

The Cisco Unified Communications Operating System Guide provides information about using the Cisco Unified Communications Platform graphical user interface (GUI) and the command line interface (CLI) to perform many common system- and network-related tasks.

Disaster Recovery System Administration Guide

This document provides an overview of the Disaster Recovery System and provides procedures for performing various backup- and restore-related tasks.

Cisco Unified CallManager Configuration Overview

Table 1 shows the configuration tasks for Cisco Unified CallManager 5.0(4). Complete these steps from the Cisco Unified CallManager Administration window.

Table 1 Cisco Unified CallManager Configuration Overview 

 
Configuration Steps
Related Documentation

Step 1 

Configure service parameters:

a. Choose System > Service Parameters.

b. In the Service Parameter Configuration window, select a Cisco Unified CallManager server from the drop-down list.

c. For Service, select Cisco CallManager.

d. In the Clusterwide Parameters (System - Presence) section, for Default Inter-Presence Group Subscription, select Allow Subscription.

e. Click Save.

For more information, see the Service Parameters Configuration chapter in the Cisco Unified CallManager Administration Guide.

Step 2 

Configure the Cisco Unified Presence Server as an application server.

a. Choose System > Application Server.

b. In the Find and List Application Servers window, click Add New.

The Application Server Configuration window displays.

c. For Application Server Type, select Cisco Unified Presence Server and click Next.

d. In the Name field, enter the host name of your Cisco Unified Presence Server.

e. Click Save.

For more information, see the Application Server Configuration chapter in the Cisco Unified CallManager Administration Guide.

Step 3 

Assign capabilities to end users.

a. Choose System-> Licensing > Capabilities Assignment.

The Find and List Capabilities Assignments window displays.

b. To display a list of all users, click Find.

c. In the search results section, click the user link to display the Capabilities Assignment Configuration window.

Tip To assign capabilities to more than one user, check multiple user check boxes and click Bulk Assignment.

d. When the window displays, check the Enable UPS check box.

e. For UPC Capability, check Enable UPC check box.

f. Click Save.

For more information on Cisco Unified Personal Communicator, see the Installation Guide for Cisco Unified Personal Communicator at this URL:

http://www.cisco.com/en/US/products/ps6844/tsd_products_support_series_home.html

Step 4 

Associate a primary extension with each phone.

a. Choose Device > Phone.

b. In the Find and List Phones window, add a new phone device by clicking Add New.

The Add a New Phone window displays.

c. For Phone Type, select a device from the drop-down list and click Next.

d. For the device protocol, select a protocol from the drop-down list and click Next.

e. From the Phone Configuration window, make entries or selections for these fields:

MAC address: enter the MAC address of the phone.

For Device Pool, select Default.

For Phone Button Template, select Default.

For SCCP Phone Security Profile (or for SIP Phone Security Profile), select Standard SCCP Profile for Auto Registration (or Standard SIP Profile for Auto Registration).

f. Click Save.

g. In the Association Information section on the left, click the Add a New DN link.

h. In the Directory Number Configuration window, enter a directory number for each phone.

i. Click Save.

For more information, see the Cisco Unified IP Phone Configuration chapter in the Cisco Unified CallManager Administration Guide.

Step 5 

Associate a device to a user.

a. Choose User Management > End User.

b. In the Find and List User window, search for the user if users are already in the database or click Add New to add a new user.

c. In the End User Configuration window, enter information for the required fields (marked with an asterisk). Ensure that the PIN is numerical.

d. For the Primary Extension at the bottom of the window, select the extension for each user.

e. Click Save.

f. When the window redisplays, click Device Associations.

g. In the User Device Association window, select the device to associate and click Save Selected.

h. Return to the End User Configuration window (choose User Management > End User) and check the Device Associations section to verify that the device is associated to the user.

For more information, see the End User Configuration chapter in the Cisco Unified CallManager Administration Guide.

Step 6 

To set up IP Phone Messenger (IPPM), add PhoneMessenger as an application user.

Note You do not need to perform this step if you are using only Microsoft Office Communicator.

a. Choose User Management > Application User.

b. In the Find and List Application Users window, click Add New.

c. In the Application User Configuration window, add a new user with the User ID of PhoneMessenger.

d. In the Password and Confirm Password fields, enter the password for this user.

Note Remember this password for the Cisco Unified Presence Server configuration.

e. In the Device Information Available Devices section, select all devices that will subscribe to Cisco IP Phone Messenger, and click the down arrow to move them into the Controlled Devices section.

f. Click Save.

For more information, see the Application User Configuration chapter in the Cisco Unified CallManager Administration Guide.

Step 7 

Assign end users to a user groups.

a. Choose User Management > User Group.

b. To display all user groups, click Find.

c. Click the Standard CCM End Users link.

The User Group Configuration window displays.

d. Click Add End Users to Group, and when the window redisplays, add all Cisco Unified Presence Server users to this group.

e. For the Related Links menu, choose Back to Find/List and click Go.

f. Click the Standard CTI Enabled link.

The User Group Configuration window displays.

g. Click Add End Users to Group, and when the window redisplays, add all Cisco Unified Presence Server users to this group.

For more information, see the User Group Configuration chapter in the Cisco Unified CallManager Administration Guide.

Step 8 

To set up IPPM, configure phone service for the Cisco IP PhoneMessenger.

Note You do not need to perform this step if you are only using Microsoft Office Communicator.

a. Choose Device > Device Settings > Phone Services.

b. In the Find and List IP Phone Services window, click Add New.

The IP Phone Services Configuration window displays.

c. In the Service Name field, enter PhoneMessenger.

d. In the Service Description field, enter IP Phone Messenger.

e. In the Service URL field, enter this URL:

http://my-cups:8081/ippm/default?name=#DEVICENAME#

where my-cups specifies the IP address of the Cisco Unified Presence Server unless DNS is enabled on the phone.

f. Click Save.

For more information, see the Cisco Unified IP Phone Services Configuration chapter in the Cisco Unified CallManager Administration Guide.

Step 9 

To set up IPPM, subscribe phones to the Cisco IP PhoneMessenger service.

Note You do not need to perform this step if you are using only Microsoft Office Communicator.

a. Choose Device > Phone.

The Find and List Phones window displays.

b. To display a list of devices, click Find, and when the window redisplays, click a phone device link to access the Phone Configuration window.

c. In the Related Links navigation box at the top right, select Subscribe/Unsubscribe Services from the drop-down list, and click Go.

d. In the Subscribed Cisco IP Phone Services window that displays, select PhoneMessenger (previously configured) from the Select a Service drop-down list, and click Next.

e. When the window redisplays, click Subscribe.

f. When the window redisplays, click Save.

g. Reset the phones individually or as a group.

For more information, see the Cisco Unified IP Phone Configuration chapter in the Cisco Unified CallManager Administration Guide.

Step 10 

To set up IPPM and Cisco Unified Personal Communicator, configure the SIP trunk security profile.

Note You do not need to perform this step if you are only using Microsoft Office Communicator.

a. Choose System > Security Profile > SIP Trunk Profile.

The Find and List SIP Trunk Security Profiles window displays.

b. To display a list of available profiles, click Find.

c. In the search results, click the Non Secure SIP Trunk Profile link.

The SIP Trunk Security Profile Configuration window displays.

d. Verify that the setting for Device Security Mode is Non Secure.

e. Verify that the setting for Incoming Transport Type is TCP+UDP.

f. Verify that the setting for Outgoing Transport Type is TCP.

g. Check to enable these items:

Accept Presence Subscription

Accept Out-of-Dialog REFER

Accept Unsolicited Notification

Accept Replaces Header

h. Click Save.

For more information, see the SIP Trunk Security Profile Configuration chapter in the Cisco Unified CallManager Administration Guide.

Step 11 

Add an application user with the Standard AXL Access Role enabled:

Note This step is optional. During Cisco Unified Presence Server installation, you must enter an AXL User ID and AXL User password for an application user with AXL API access enabled.

You can use the CCMAdministrator application user, which has the Standard AXL API Access role enabled by default, or you can follow this step to create a new application user.

Create a new application user

a. Choose User Management > Application User.

The Find and List Application Users windows displays.

b. Click Add New.

The Application User Configuration window displays.

c. In the User ID field, enter a new application user name; for example, AXLuserCUPS.

d. Enter a password for this application user and confirm the password.

e. From the list of available devices, select the devices that you want to control.

f. Click Save.

Create a new user group and add the application user

g. Choose User Management > User Group.

The Find and List User Groups window displays.

h. Click Add New.

i. Enter a name for the new user group; for example, group_AXLaccess and click Save.

j. Click Add Application Users to Group.

k. Choose the new application user name that you created and click Add Selected.

l. From the Related Links drop-down menu, choose Assign Role to User Group and click Go.

The User Group Configuration window displays.

m. Choose Standard AXL API Access and click Add Selected.

n. Click Save.

For more information, see the following chapters in the Cisco Unified CallManager Administration Guide:

Application User Configuration

User Group Configuration

For more information about installing Cisco Unified Presence Server, see Installing Cisco Unified Presence Server, Release 1.0(2).

Step 12 

To set up IPPM and Cisco Unified Personal Communicator, provision one SIP trunk for each Cisco Unified Presence Server that is associated with this Cisco Unified CallManager.

Note You do not need to perform this step if you are using only Microsoft Office Communicator.

a. Choose Device > Trunk.

The Find and List Trunks window displays.

b. Click Add New.

The Trunk Configuration window displays.

c. For Trunk Type, select SIP Trunk.

d. For Device Protocol, select SIP.

e. Click Next.

f. For Device Name, enter CUPS-SIP-Trunk.

g. For Device Pool, select Default.

h. In the SIP Information section at the bottom of the window, for the Destination Address field, enter

my-cups.sip.com

where my-cups specifies the fully qualified domain name of the Cisco Unified Presence Server.

i. For SIP Trunk Security Profile, select Non Secure SIP Trunk Profile.

j. For SIP Profile, select Standard SIP Profile.

k. Click Save.

For more information, see the Trunk Configuration chapter in the Cisco Unified CallManager Administration Guide.

Step 13 

Verify that the required services are running.

a. From the Navigation menu, choose Cisco Unified CallManager Serviceability and click Go.

The Cisco Unified CallManager Serviceability window displays.

a. Choose Tools > Control Center - Feature Services.

b. In the Control Center - Feature Services window, for server, select a Cisco Unified CallManager server from the drop-down list.

c. When the Control Center - Feature Services window redisplays, make sure the following services are running:

Cisco CallManager

Cisco TFTP

Cisco Extension Mobility

Cisco CallManager Cisco IP Phone Services

Cisco AXL Web Service

For more information, see the Managing Services chapter in the Cisco Unified CallManager Serviceability Administration Guide.

Cisco Unified Presence Server Configuration

Table 2 shows the required configuration tasks for Cisco Unified Presence Server 1.0(2). Complete these steps from the Cisco Unified Presence Server Administration window.

Table 2 Cisco Unified Presence Server Configuration Overview 

 
Configuration Steps
Related Documentation

Step 1 

Upload the license file, which enforces licenses for the Cisco Unified Presence Server application.

a. Choose System > Licensing > License File Upload.

The License File Upload window displays.

b. Click Upload License File.

c. Browse to the location of the upload file and click Upload.

For more information, see the License File Upload chapter in the Cisco Unified Presence Server Administration Guide.

Step 2 

(Optional) Add a secondary Cisco Unified Presence Server node.

Note Perform this step before installing the subscriber node.

a. Choose System > Server.

The Server Configuration window displays.

b. For Host Name/IP Address, enter the hostname or IP address of the subscriber node. It is the same hostname that you entered in the Cisco Unified CallManager Administration window from the System > Application Server menu.

c. Click Save

For more information, see the Server Configuration chapter in the Cisco Unified Presence Server Administration Guide.

Step 3 

To set up IPPM, configure Cisco IP Phone Messenger settings.

Note You do not need to perform this step if you are using only Microsoft Office Communicator.

a. Choose Application > IP Phone Messenger > Settings.

The IP Phone Messenger Settings window displays.

b. Configure the application password to be the same as the one that was configured for the PhoneMessenger user in Cisco Unified CallManager Administration (User Management > Application User menu).

Note The Application Username and the Application Password get configured automatically during installation.

c. Click Save.

For more information, see the IP Phone Messenger Settings chapter in the Cisco Unified Presence Server Administration Guide.

Step 4 

Ensure that you have assigned MOC capabilities to each Microsoft Office Communicator user through the following Cisco Unified Presence Server Administration window menu option:

Application > CTI Gateway > MOC Assignment

For more information, see the MOC Assignment chapter in the Cisco Unified Presence Server Administration Guide.

Step 5 

Configure the SIP Proxy Server for method-based routing, which configures the SIP proxy server to route SIP messages based on their content.

Note You need to perform this step only for a two-node Cisco Unified Presence Server cluster. For a single-node Cisco Unified Presence Server, these fields get automatically configured during installation.

a. Choose Cisco Unified Presence Server > Proxy Server > Method/Event Routing.

The Find and List Method/Event-Based Routing Entries window displays.

b. Click Add New.

The Method/Event-Based Routing Configuration window displays.

c. For a two-node Cisco Unified Presence Server cluster, create two routes for each token (SUBSCRIBE and PUBLISH):

For Name, enter the name that is associated with this route.

For Content Token, enter SUBSCRIBE.

For Content Category, select Method-Based.

For Destination Address, for route 1, enter the IP address of node 1. For route 2, enter the IP address of node 2.

Note You must use the IP address for the SIP proxy server to prefer the local presence engine. If a fully qualified domain name is provided, the software forks requests to both nodes.

For Destination Port, enter 5070.

For Protocol Type, select TCP.

Click Save.

Repeat this step until you have created two routes for each SUBSCRIBE and PUBLISH token type.

For more information, see the Method/Event Routing chapter in the Cisco Unified Presence Server Administration Guide.

Step 6 

Configure the presence server backend gateway.

Use presence engine backend gateways to configure the gateways that the presence engine must know about to receive presence information.

a. Choose Cisco Unified Presence Server > Presence Engine > Cisco CallManager Presence Gateways.

The Find and List CallManager Presence Gateways window displays.

b. Click Add New.

The CallManager Presence Gateway Configuration window displays.

c. For Description, enter a description of this presence gateway.

d. For CallManager Presence Gateway, enter the IP address or fully qualified domain name of the associated Cisco Unified CallManager.

e. Click Save.

For more information, see the Cisco Unified CallManager Presence Gateways chapter in the Cisco Unified Presence Server Administration Guide.

Step 7 

Configure a proxy server incoming access control list (ACL).

a. Choose Cisco Unified Presence Server > Proxy Server > Incoming ACL.

The Find and List Allowed Incoming Hosts window displays.

b. Click Add New.

The Proxy Access Control List Configuration window displays.

c. For Address Pattern, enter IP address of the associated Microsoft LCS.

d. Click Save.

For more information, see the Incoming ACL chapter in the Cisco Unified Presence Server Administration Guide.

Step 8 

Configure a proxy server privacy access control list (ACL).

a. Choose Cisco Unified Presence Server > Proxy Server > Privacy ACL.

The Find and List Allowed Incoming Hosts window displays.

b. Click Add New.

The Privacy Access Control List Configuration window displays.

c. For Address Pattern, enter IP address of the associated Microsoft LCS.

d. Click Save.

For more information, see the Privacy ACL chapter in the Cisco Unified Presence Server Administration Guide.

Step 9 

Configure the proxy server settings.

a. Choose Cisco Unified Presence Server > Proxy Server > Settings.

b. For Method/Event Routing Status, choose On.

c. For Preferred Proxy Server, choose Default SIP Proxy TCP Listener.

d. Click Save.

 

Step 10 

Enable services.

a. At the top right in the Navigation window, choose Cisco Unified Presence Server Serviceability from the drop-down list and click Go.

b. Choose Tools > Service Activation.

The Service Activation window displays.

c. For Server, select a Cisco Unified Presence Server from the drop-down list.

d. When the Service Activation window redisplays, in the Cisco Unified Presence Server Services section at the bottom of the window, click the check boxes to enable these services:

Cisco Enterprise SIP Proxy

Cisco Enterprise Presence Engine.

e. If you are using clustering, make sure to enable these services on the second node.

f. Click Save.

For more information, see the Managing Services chapter in the Cisco Unified Presence Server Serviceability Administration Guide.

CTI Gateway Configuration Checklist

Table 3 shows the required configuration tasks for the CTI gateway. Complete these tasks from Cisco Unified CallManager Administration and Cisco Unified Presence Server Administration.

Table 3 CTI Gateway Configuration Checklist 

 
Configuration Steps
Related Documentation

Step 1 

From the Cisco Unified CallManager Administration window, add an application user:

a. Choose User Management > Application User.

The Find and List Application Users windows displays.

b. Click Add New.

The Application User Configuration window displays.

c. In the User ID field, enter an application username of your choice; for example CtiGW.

d. Enter a password for this application user and confirm the password.

e. Click Save.

For more information, see the Application User chapter in the Cisco Unified CallManager Administration Guide.

Step 2 

Add the application user to the Standard CTI Enabled user group:

a. Choose User Management > User Group.

The Find and List User Groups window displays.

b. Click Find.

c. Click the Standard CTI Enabled link.

The User Group Configuration window displays.

d. Click Add Application Users to Group.

e. Choose the application user that you created and click Add Selected.

For more information, see the Application User chapter in the Cisco Unified CallManager Administration Guide.

Step 3 

Add the application user to the Standard CTI Allow Control of All Devices user group:

a. Choose User Management > User Group.

The Find and List User Groups window displays.

b. Click Find.

c. Click the Standard CTI Allow Control of All Devices link.

The User Group Configuration window displays.

d. Click Add Application Users to Group.

e. Choose application user that you created and click Add Selected.

f. Click Save.

For more information, see the Application User chapter in the Cisco Unified CallManager Administration Guide.

Step 4 

Configure the CTI gateway settings in Cisco Unified Presence Server Administration:

a. Choose Application > CTI Gateway > Settings.

The CTI Gateway Settings window displays.

b. From the Application Status pull-down menu, choose On to enable the CTI gateway.

Note You must enable the CTI gateway. By default, the Application Status specifies Off.

c. Enter the appropriate CTI gateway application settings for your site.

d. Click Save.

For more information, see the Application User chapter in the Cisco Unified Presence Server Administration Guide.

Transport Layer Security Configuration Checklist

Table 4 shows the required tasks for Transport Layer Security (TLS) configuration. Perform these steps on the Microsoft Certificate Authority server, the Cisco Unified Presence Server, and your Cisco Unified Presence Server administration PC.

Table 4 Transport Layer Security Configuration Checklist 

 
Configuration Steps
Related Documentation

Step 1 

Configure the standalone root Certificate Authority (CA):

a. Log in to your CA server with Domain Administration privileges.

b. Open the Windows Control Panel and choose Add or Remove Programs.

c. Click Add/Remove Windows Components.

d. Click Application Server.

e. Check the check box for Internet Information Services (IIS).

f. Click OK.

g. Click Add/Remove Windows Components.

h. Click Certificate Services and then click Next.

i. Click Standalone root CA and then click Next.

j. Enter the name of CA root. This name can be a friendly name for the CA root in the forest root.

k. Change the Time duration to the number of years required for this certificate.

l. To begin installation, Click Next .

m. Choose the location for the certificate database and the certificate database files and click Next.

n. When prompted to stop IIS, click Yes.

o. When prompted with a message about Active Server Pages, click Yes.

p. Click Finish.

For more information, refer to the Windows Server TechCenter online at the following URL:

http://technet2.microsoft.com/WindowsServer/en/library/49960f07-4a4c-4e04-9aef-82ab0e8efc0d1033.mspx?mfr=true

Step 2 

Download the root certificate:

a. Log in to your CA server.

b. Go to the http://ca_server/certsrv, where ca_server specifies the domain name of your CA server.

c. Choose Download a CA Certificate, certificate chain, or CRL.

d. Choose Base 64 for the Engineering Method.

e. Click Download CA certificate.

f. Save the certificate, certnew.cer, to the local disc.

For more information, refer to the Windows Server TechCenter online at the following URL:

http://technet2.microsoft.com/WindowsServer/en/library/49960f07-4a4c-4e04-9aef-82ab0e8efc0d1033.mspx?mfr=true

Step 3 

Upload the root certificate to the Cisco Unified Presence server:

a. Copy or use FTP to send the new certificate, certnew.cer, to the PC that you use to administer Cisco Unified Presence Server.

b. Log in to Cisco Unified Communications Operating System Administration.

c. Choose Security > Certificate Management > Upload Certificate/CTL.

Note You get prompted to log in again to Cisco Unified Communications Operating System Administration.

The Select Certificate/CTL Upload window displays.

d. Check the Upload Trust Cert check box and click Next.

The Certificate type for the upload including CTL window displays.

e. Choose sipproxy-trust and click Next.

The Upload Certificate/CTL window displays.

Note Leave the Root Cert Name field blank.

f. Click Browse and choose the certnew.cer certificate that you downloaded from the CA server.

g. Click Upload.

The Upload Results window displays.

For more information, refer to the Cisco Unified Communications Operating System Administration Guide.

Step 4 

Generate a Certificate Signing Request (CSR) in Cisco Unified Presence Server:

a. From Cisco Unified Communications Operating System Administration, navigate to Security > Certificate Management > Download/Generate CSR.

Note You get prompted to log in again to Cisco Unified Communications Operating System Administration.

The Select Certificate type for CSR window displays.

b. For the certificate type, choose sipproxy and, for the action, choose Generate a new CSR.

c. Click Next.

The Cert/IPSEC Operation (CRS/Config/Assoc Create) Done window displays.

For more information, refer to the Cisco Unified Communications Operating System Administration Guide.

Step 5 

Download the CSR:

a. Navigate to Security > Certificate Management > Download/Generate CSR.

The Select Certificate type for CSR window displays.

b. For the certificate type, choose sipproxy and, for the action, choose Download CSR if any.

c. Click Next.

The Certificate/CTL/CSR Download window displays.

d. Click the Continue link.

e. Click the sipproxy.csr file link and save it to your local disc.

For more information, refer to the Cisco Unified Communications Operating System Administration Guide.

Step 6 

Sign the CSR on the Microsoft Certificate Authority server:

a. Copy or use FTP to send the CSR file, sipproxy.csr, to the CA server.

b. Open http://local_server/certsrv, where local_server specifies the domain name of your local server.

c. Choose Request a certificate.

d. Click the advanced certificate request link.

e. Click the Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file link.

f. Open the sipproxy.csr file and copy the content from "-----BEGIN" to "END CERTIFICATE REQUEST-----".

g. Paste the content of sipproxy.csr into the Certificate Request text box.

h. Click Submit.

The Request Id displays.

i. Choose Start > Administrative Tools > Certificate Authority and click Pending Requests.

j. Right click the request for the certificate that you submitted and choose All Tasks > Issue.

For more information, refer to the Windows Server TechCenter online at the following URL:

http://technet2.microsoft.com/WindowsServer/en/library/49960f07-4a4c-4e04-9aef-82ab0e8efc0d1033.mspx?mfr=true

Step 7 

Download the signed certificate:

a. Open http://local_server/certsrv, where local_server specifies the domain name of your local server.

b. Click View the status of a pending certificate request.

c. Choose the request that was just submitted.

d. Choose Base 64 encoded.

e. Click Download certificate.

f. Save the signed certificate to your local disc and rename it sipproxy.pem.

g. Copy or use FTP to send the certificate to the PC that you use to administer Cisco Unified Presence Server.

For more information, refer to the Windows Server TechCenter online at the following URL:

http://technet2.microsoft.com/WindowsServer/en/library/49960f07-4a4c-4e04-9aef-82ab0e8efc0d1033.mspx?mfr=true

Step 8 

Upload the signed certificate to Cisco Unified Presence Server:

a. On the Cisco Unified Presence Server, log in to Cisco Unified Communications Operating System Administration.

b. Navigate to Security > Certificate Management > Upload Certificate/CTL.

Note You get prompted to log in again to Cisco Unified Communications Operating System Administration.

The Select Certificate/CTL Upload window displays.

c. Choose Upload Own Cert and click Next.

The Certificate type for the upload including CTL window displays.

d. Choose sipproxy and enter the certificate name, including the file extension.

Note You must enter the complete file name, including the extension; for example, sipproxy.pem.

e. Click Next.

The Upload Certificate/CTL window displays.

f. Click Browse and choose the certificate file that you want to upload.

g. Click Upload.

The Upload Result window displays.

For more information, refer to the Cisco Unified Communications Operating System Administration Guide.

Microsoft Office Live Communications Server 2005 with SP 1 Configuration Checklist

Table 5 shows the configuration tasks that are required to configure Microsoft Live Communications Server 2005 with Service Pack 1 to integrate with Cisco Unified Presence Server.

Perform the following steps from the Microsoft Office Live Communications Server (LCS) 2005 application window.

For more information, refer to the Microsoft documentation that is specified for each configuration task.


Note Ensure that all Microsoft software patches have been applied for LCS Server and on all PCs that are running the Microsoft Office Communicator clients.


Table 5 Microsoft LCS Configuration Checklist 

 
Configurations Steps
Related Documentation

Step 1 

Ensure that Microsoft Office LCS is properly installed and activated.

For detailed information on installing and activating LCS, refer to the Live Communications Server 2005 Deployment Resources information at the following URL:

http://office.microsoft.com/en-us/FX011526591033.aspx

Step 2 

For the Authentication Protocol, choose NTLM or the appropriate authentication protocol for your site.

For detailed information on how to configure the Authentication Protocol field, refer to the Live Communications Server 2005 online help.

You can also find more information about Live Communications Server 2005 at the following URL:

http://office.microsoft.com/en-us/FX011526591033.aspx

Step 3 

Configure a static route for each Cisco Unified Presence Server that is associated with this LCS.

For the domain, enter the fully qualified domain name.

Note The static route domain URI that you enter here must match the SIP URI that you enter when you configure Remote Call Control in Active Directory. For more information, see the "Microsoft Active Directory Configuration Checklist" section.

For detailed information on how to configure static routes, refer to the Live Communications Server 2005 online help.

You can also find more information about Live Communications Server 2005 at the following URL:

http://office.microsoft.com/en-us/FX011526591033.aspx

Step 4 

Add an authorized host record for each Cisco Unified Presence Server that is associated with this LCS.

For the authorized host, you can enter either the IP address or the fully qualified network address.

For detailed information on how to add a host record, refer to the Live Communications Server 2005 online help.

You can also find more information about Live Communications Server 2005 at the following URL:

http://office.microsoft.com/en-us/FX011526591033.aspx

Microsoft LCS Certificate Configuration Checklist

Table 6 shows the tasks that are required for Microsoft LCS certificate configuration. Perform these steps on the local CA server.

Table 6 Microsoft LCS Certificate Configuration Checklist 

 
Configuration Steps
Related Documentation

Step 1 

Download the CA certification path:

a. Click Start > Run and enter the URL of your issuing CA server:

http://issuing_CA_server>/certsrv

b. Click OK.

c. Click Download a CA certificate, certificate chain, or CRL.

d. Click Download CA certificate chain.

e. In the File Download dialog box, click Save.

f. Save the file on your server.

This file includes an extension of .p7b. If you open this .p7b file, you will notice that the chain has the following two certificates:

<name of standalone root CA> certificate

<name of standalone subordinate CA> certificate (if any)

For more information, refer to the Windows Server TechCenter online at the following URL:

http://technet2.microsoft.com/WindowsServer/en/library/49960f07-4a4c-4e04-9aef-82ab0e8efc0d1033.mspx?mfr=true

Step 2 

Install the CA certification chain:

a. Click Start > Run and enter mmc.

The Microsoft Management Console (MMC) displays.

b. Click OK.

c. Navigate to File > Add/Remove Snap-in.

d. In the Add/Remove Snap-in dialog box, click Add.

e. In the list of Available Standalone Snap-ins, choose Certificates.

f. Click Add.

g. Choose Computer account and click Next.

h. In the Select Computer dialog box, ensure Local computer (the computer on which this console is running) is selected and click Finish.

i. Click Close and OK.

j. In the left pane of the Certificates console, expand Certificates (Local Computer).

k. Expand Trusted Root Certification Authorities.

l. Right-click Certificates and choose All Tasks > Import.

m. In the Import Wizard, click Next.

n. Click Browse, choose the p7b file that you saved, and click Open.

o. Click Next.

p. Leave the default value, Place all certificates in the following store, and ensure Trusted Root Certification Authorities appears under the Certificate store.

q. Click Next.

r. Click Finish.

For more information, refer to the Windows Server TechCenter online at the following URL:

http://technet2.microsoft.com/WindowsServer/en/library/49960f07-4a4c-4e04-9aef-82ab0e8efc0d1033.mspx?mfr=true

Step 3 

Request the certificate:

a. On the computer requiring a certificate, open a Web browser and enter the URL of the CA server:

http://<name of your Issuing CA server>/certsrv.

b. Click Request a Certificate.

c. Click Advanced certificate request.

d. Click Create and submit a request to this CA.

e. In the Type of Certificate Needed list, click Other.

f. In the Name field of the Identifying Information section, enter the fully qualified domain name or LCS server pool name.

Note Ensure that the name matches the name of the LCS server.

Note For Enterprise LCS Server, specify the LCS server pool name and for Standalone LCS, specify the FQDN.

g. In the OID field, enter the following OID:

1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2.

Note Ensure that you enter the comma correctly in the OID.

h. In Key Options, choose Store certificate in the local computer certificate store.

i. Enter a friendly name.

j. Click Submit.

k. n the potential scripting violation dialog box, click Yes.

For more information, refer to the Windows Server TechCenter online at the following URL:

http://technet2.microsoft.com/WindowsServer/en/library/49960f07-4a4c-4e04-9aef-82ab0e8efc0d1033.mspx?mfr=true

Step 4 

Manually approve a certificate issuance request:

a. Log in to the enterprise subordinate CA server with Domain Admins credentials.

b. Choose Start > Run and enter mmc.

The Microsoft Management Console (MMC) displays.

c. On the File menu, choose Add/Remove Snap-in.

d. Click Add.

e. In the Add Standalone Snap-in window, choose Certification Authority and click Add.

f. In the Certification Authority window, accept the default option, Local computer (the computer this console is running on).

g. Click Finish.

h. Click Close and OK.

i. In the left pane of the MMC, expand Certification Authority and expand your issuing certificate server.

j. Click Pending request.

k. In the details pane, right-click the Request ID and choose All Tasks > Issue.

l. On the server from which you requested the certificate, choose Start > Run.

m. Enter the URL for the CA server:

http://<name of your Issuing CA Server>/certsrv

n. Click OK.

o. Click View the status of a pending certificate request.

p. Click the certificate that you requested.

q. Click Install this certificate.

For more information, refer to the Windows Server TechCenter online at the following URL:

http://technet2.microsoft.com/WindowsServer/en/library/49960f07-4a4c-4e04-9aef-82ab0e8efc0d1033.mspx?mfr=true

Microsoft Active Directory Configuration Checklist

Table 7 shows the configuration tasks that are required to configure Microsoft Windows Server Active Directory to integrate with Cisco Unified Presence Server.

Perform the following steps from the Microsoft Active Directory application window.

For more information, refer to the Microsoft documentation that is specified for each configuration task.

Table 7 Microsoft Active Directory Configuration Checklist 

 
Configurations Steps
Related Documentation
 

Add a user name and the telephone number that are associated with that particular user.

Ensure that the user names that are configured in active directory are the same as the user names that are configured in Cisco Unified CallManager.


Caution For properly working integrated systems, ensure that the user names in active directory and Cisco Unified CallManager are identical.

For detailed information on how to configure Active Directory, refer to the Active Directory online help.

You can also find more information about Microsoft Windows Server Active Directory at the following URL:

http://technet2.microsoft.com/windowsserver/en/technologies/featured/ad/default.mspx

 

For the users that you added, enable live communications in the Properties window.

For detailed information on how to configure Active Directory, refer to the Active Directory online help.

You can also find more information about Microsoft Windows Server Active Directory at the following URL:

http://technet2.microsoft.com/windowsserver/en/technologies/featured/ad/default.mspx

 

Enter the SIP URI and the LCS server or LCS pool.


Caution Ensure the LCS server or LCS pool name does not contain the underscore character.

For detailed information on how to configure Active Directory, refer to the Active Directory online help.

You can also find more information about Microsoft Windows Server Active Directory at the following URL:

http://technet2.microsoft.com/windowsserver/en/technologies/featured/ad/default.mspx

 

Enable Remote User Access and Remote Call Control.

For detailed information on how to configure Active Directory, refer to the Active Directory online help.

You can also find more information about Microsoft Windows Server Active Directory at the following URL:

http://technet2.microsoft.com/windowsserver/en/technologies/featured/ad/default.mspx

 

Enter the Tel URI.

Cisco recommends that you use the following format for the TEL URI:

tel:xxxx;phone-context=dialstring

where

xxxx also specifies the directory number that the CTI Manager reports back to Cisco Unified Presence Server as the calling or called number when a call gets placed.

phone-context=dialstring enables the MOC client to control one of the devices that are associated with the directory number.

If you enter the device ID, the MOC client can only control that particular device; for example:

tel:xxxx;phone-context=dialstring;device=SEP0002FD3BB5C5

If you enter the partition, the MOC client specifies the partition for the directory number; for example:

tel:xxxx;phone-context=dialstring;device=SEP0002FD3BB5C5;partition=myPartition

If you do not enter the device ID in the TEL URI, CTI Gateway determines the devices that are associated with the line directory number. If only one device is associated with the line DN, CTI Gateway uses that device.

If you do not enter the device ID in the TEL URI and two devices are associated with the line DN (shared line), CTI Gateway uses the following rules to select a device:

If one of the two devices is Cisco IP Communicator and its status is registered, CTI Gateway uses that device.

If one of the two devices is Cisco IP Communicator, but it is not registered, CTI Gateway uses the alternate hard device.

If two hard devices exist on the shared line, CTI Gateway monitors the two devices while making a call on the shared line. When the user answers, CTI Gateway monitors that device.

If more than two devices are associated with a line DN, you must specify the desired device in the TEL URI.

For detailed information on how to configure Active Directory, refer to the Active Directory online help.

You can also find more information about Microsoft Windows Server Active Directory at the following URL:

http://technet2.microsoft.com/windowsserver/en/technologies/featured/ad/default.mspx

 

Enter the Remote Call Control SIP URI; for example:

sip:8000@my-cups.my-domain.com

where my-cups.my-domain.com specifies the fully qualified domain name of the Cisco Unified Presence Server that you configured.

Note The SIP URI that you enter here must match the static route URI that you enter when you configure static routes in Microsoft Office Live Communications Server 2005. For more information, see the "Microsoft Office Live Communications Server 2005 with SP 1 Configuration Checklist" section.

For detailed information on how to configure Active Directory, refer to the Active Directory online help.

You can also find more information about Microsoft Windows Server Active Directory at the following URL:

http://technet2.microsoft.com/windowsserver/en/technologies/featured/ad/default.mspx

TLC Route Configuration Checklist

Table 8 shows the tasks to perform for TLS route configuration (TLC). Perform these tasks on the Microsoft LCS server.

Table 8 TLC Route Configuration Checklist 

 
Configurations Steps
Related Documentation

Step 1 

Add a static route:

a. Right click LCS server pool and choose Properties.

b. Choose the Routing tab and click Add.

c. In Next hop, choose Network Address and enter the hostname or FQDN for the Cisco Unified Presence Server.

Note Ensure that the value that you enter matches the Subject CN of the Cisco Unified Presence Server certificate. To check the Subject CN of the Cisco Unified Presence Server certificate, log in to Cisco Unified Communications Operating System Administration, navigate to Security > Certificate Management > Display Certificate, and choose Own Certificates and sipproxy.

d. For Transport, choose TLS.

e. Choose port 5062.

Note Port 5062 represents the default port where Cisco Unified Presence Server listens for peer authentication TLS connections.

f. Choose Replace host in request URI.

g. Choose the LCS certificate that you have already configured. You can choose the certificate by looking for the friendly name that you entered. For more information, see the "Microsoft LCS Certificate Configuration Checklist" section.

For more information, refer to the Windows Server TechCenter online at the following URL:

http://technet2.microsoft.com/WindowsServer/en/library/49960f07-4a4c-4e04-9aef-82ab0e8efc0d1033.mspx?mfr=true

Step 2 

Mark the Cisco Unified Presence Server as an authenticated host:

a. Click the Host Authorization tab.

b. Double click the Cisco Unified Presence Server server.

c. Check the check boxes for Throttle as server and Treat as Authenticated.

d. Click OK.

e. Resort the LCS server and wait for it to become ready.

The LCS server pool displays the outbound static route that you configured.

For more information, refer to the Windows Server TechCenter online at the following URL:

http://technet2.microsoft.com/WindowsServer/en/library/49960f07-4a4c-4e04-9aef-82ab0e8efc0d1033.mspx?mfr=true

FIPS-Compliant Security Algorithms Configuration Checklist

To enable Federal Information Processing Standard (FIPS) algorithms, follow the configuration tasks shown in Table 9. Perform these tasks on the Microsoft LCS server and the Cisco Unified Presence Server.

Table 9 FIPS-Compliant Security Algorithms Configuration Checklist 

 
Configurations Steps
Related Documentation

Step 1 

Configure the LCS server to send TLSv1 with TLS cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA:

a. Choose Start > Administrative Tools > Domain Controller Security Policy.

b. In the console tree, click Security Settings.

c. Click Local Policies and choose Security Settings.

d. In the Details pane, choose the FIPS security setting.

e. Modify the security settings and click OK.

For more detailed information on configuring FIPS-compliant algorithms, refer to the FIPS-compliant algorithm information for Microsoft Windows Server at the following URL:

http://technet2.microsoft.com/WindowsServer/en/Library/6ff574cb-30c4-4ad9-8d5e-aee697c65b9b1033.mspx

Step 2 

Configure TLS context on Cisco Unified Presence Server:

a. Log in to Cisco Unified Presence Server Administration.

b. Navigate to Cisco Unified Presence Server > Security > TLS Context Configuration.

The Find and List TLS Contexts window displays.

c. Click Find.

d. Click Default_Cisco_UPS_SIP_Proxy_Peer_Auth_TLS_Context.

The TLS Context Configuration window displays.

e. From the list of available TLS ciphers, click TLS_RSA_WITH_3DES_EDE_CBC_SHA.

f. Click the down arrow to move it to Selected TLS Ciphers.

g. From the list of available TLS peer subjects, click the TLS peer subject that you configured.

h. Click the down arrow to move it to Selected TLS Peer Subjects.

i. Click Save.

j. Log in to Cisco Unified Presence Server Serviceability Administration.

k. Navigate to Tools > Service Activation.

l. Restart the Cisco UPS SIP Proxy service.

For more information, refer to the Cisco Unified Presence Server Administration Guide.

Microsoft Office Communicator 2005 Configuration Checklist

Table 10 shows the configuration tasks that are required to configure Microsoft Office Communicator 2005 to integrate with Cisco Unified Presence Server.

Perform the following steps from the Microsoft Office Communicator 2005 application window.

For more information, refer to the Microsoft documentation that is specified for each configuration task.


Note Ensure that all Microsoft software patches have been applied for LCS Server and on all PCs that are running the Microsoft Office Communicator clients.


Table 10 Microsoft Office Communicator 2005 Configuration Checklist 

 
Configurations Steps
Related Documentation
 

Enter a sign-in name that you previously configured in Microsoft Active Directory. For more information, see the "Microsoft Active Directory Configuration Checklist" section.

Ensure that the user names that are configured in active directory are the same as the user names that are configured in Cisco Unified CallManager.


Caution For properly working integrated systems, ensure that the user names in active directory and Cisco Unified CallManager are identical.

For detailed information on how to configure Microsoft Office Communicator 2005, refer to the Microsoft Office Communicator online help.

You can also find more information about Microsoft Office Communicator 2005 at the following URL:

http://www.office.microsoft.com/en-us/assistance/HA011992481033.aspx#DeploymentGuide

 

Enter the IP address or FQDN of the Microsoft Live Communications Server and choose to connect by using TCP.

For detailed information on how to configure Microsoft Office Communicator 2005, refer to the Microsoft Office Communicator online help.

You can also find more information about Microsoft Office Communicator 2005 at the following URL:

http://www.office.microsoft.com/en-us/assistance/HA011992481033.aspx#DeploymentGuide

 

Choose Enable Phone Integration.

For detailed information on how to configure Microsoft Office Communicator 2005, refer to the Microsoft Office Communicator online help.

You can also find more information about Microsoft Office Communicator 2005 at the following URL:

http://www.office.microsoft.com/en-us/assistance/HA011992481033.aspx#DeploymentGuide

 

For most users, you can choose Automatic Configuration.

For detailed information on how to configure Microsoft Office Communicator 2005, refer to the Microsoft Office Communicator online help.

You can also find more information about Microsoft Office Communicator 2005 at the following URL:

http://www.office.microsoft.com/en-us/assistance/HA011992481033.aspx#DeploymentGuide

 

After the users log in, they can choose the default device for calling phone numbers, either the phone or the computer.

Note If the user specifies computer as the default device, Cisco Unified Presence Server does not get integrated with LCS.

For detailed information on how to configure Microsoft Office Communicator 2005, refer to the Microsoft Office Communicator online help.

You can also find more information about Microsoft Office Communicator 2005 at the following URL:

http://www.office.microsoft.com/en-us/assistance/HA011992481033.aspx#DeploymentGuide

 

In MOC configuration, choose Microsoft Office Outlook as the personal information manager, if appropriate.

For detailed information on how to configure Microsoft Office Communicator 2005, refer to the Microsoft Office Communicator online help.

You can also find more information about Microsoft Office Communicator 2005 at the following URL:

http://www.office.microsoft.com/en-us/assistance/HA011992481033.aspx#DeploymentGuide

Unwanted Feature Interactions

The following sections describe unwanted feature interactions for shared lines, Cisco Extension Mobility, and call forwarding.

Shared Lines

Potential unwanted interactions can occur when Microsoft Office Communicator (MOC) controls a line (extension and phone), and the extension is a shared line with multiple users.

If an inbound call on the shared line is answered by another user on the shared line, MOC displays control of the call incorrectly.

If another user on the shared line assumes control of a call with hold/resume, MOC loses control of that call.

In general, MOC works well for a single-user, home or office environment, or even in a manager/assistant two-user environment, but unwanted feature interactions can occur with multiuser shared lines.

Call Forwarding

When a user forwards a call to another extension from an IP phone, the enabled MOC client for this phone may not recognize the forwarding change.

To have both the MOC client and the phone recognize the forwarding change, forward the call by using MOC.

Cisco Extension Mobility

When you configure Cisco Extension Mobility, be aware of the following guidelines:

Ensure that end-user Cisco Extension Mobility profile names do not start with SEP.

Ensure that physical phone device names always start with SEP.

Ensure that Cisco IP Communicator device names always start with SEP.

When an end user who is controlling a Cisco Extension Mobility line with MOC logs in to or logs out from the phone, MOC loses control of the line. The user must log in or log out from MOC to regain control of the line.


Note If the user logs out of MOC and then logs back in while on a call, MOC may not display the correct call status.


Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. This section explains the product documentation resources that Cisco offers.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/techsupport

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Product Documentation DVD

The Product Documentation DVD is a library of technical product documentation on a portable medium. The DVD enables you to access installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the HTML documentation and some of the PDF files found on the Cisco website at this URL:

http://www.cisco.com/univercd/home/home.htm

The Product Documentation DVD is created and released regularly. DVDs are available singly or by subscription. Registered Cisco.com users can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at the Product Documentation Store at this URL:

http://www.cisco.com/go/marketplace/docstore

Ordering Documentation

You must be a registered Cisco.com user to access Cisco Marketplace. Registered users may order Cisco documentation at the Product Documentation Store at this URL:

http://www.cisco.com/go/marketplace/docstore

If you do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do

Documentation Feedback

You can provide feedback about Cisco technical documentation on the Cisco Support site area by entering your comments in the feedback form available in every online document.

Cisco Product Security Overview

This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you will find information about how to do the following:

Report security vulnerabilities in Cisco products

Obtain assistance with security incidents that involve Cisco products

Register to receive security information from Cisco

A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:

For emergencies only — security-alert@cisco.com

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.

For nonemergencies — psirt@cisco.com

In an emergency, you can also reach PSIRT by telephone:

1 877 228-7302

1 408 525-6532


Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.

Never use a revoked encryption key or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

The link on this page has the current PGP key ID in use.

If you do not have or use PGP, contact PSIRT to find other means of encrypting the data before sending any sensitive material.


Product Alerts and Field Notices

Modifications to or updates about Cisco products are announced in Cisco Product Alerts and Cisco Field Notices. You can receive these announcements by using the Product Alert Tool on Cisco.com. This tool enables you to create a profile and choose those products for which you want to receive information.

To access the Product Alert Tool, you must be a registered Cisco.com user. Registered users can access the tool at this URL:

http://tools.cisco.com/Support/PAT/do/ViewMyProfiles.do?local=en

To register as a Cisco.com user, go to this URL:

http://tools.cisco.com/RPF/register/register.do

Obtaining Technical Assistance

Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Support website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Support Website

The Cisco Support website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day at this URL:

http://www.cisco.com/en/US/support/index.html

Access to all tools on the Cisco Support website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do


Note Before you submit a request for service online or by phone, use the Cisco Product Identification Tool to locate your product serial number. You can access this tool from the Cisco Support website by clicking the Get Tools & Resources link, clicking the All Tools (A-Z) tab, and then choosing Cisco Product Identification Tool from the alphabetical list. This tool offers three search options: by product ID or model name; by tree view; or, for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.



Tip Displaying and Searching on Cisco.com

If you suspect that the browser is not refreshing a web page, force the browser to update the web page by holding down the Ctrl key while pressing F5.

To find technical information, narrow your search to look in technical documentation, not the entire Cisco.com website. After using the Search box on the Cisco.com home page, click the Advanced Search link next to the Search box on the resulting page and then click the Technical Support & Documentation radio button.

To provide feedback about the Cisco.com website or a particular technical document, click Contacts & Feedback at the top of any Cisco.com web page.


Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411
Australia: 1 800 805 227
EMEA: +32 2 704 55 55
USA: 1 800 553 2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—An existing network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of the network is impaired while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

The Cisco Online Subscription Center is the website where you can sign up for a variety of Cisco e-mail newsletters and other communications. Create a profile and then select the subscriptions that you would like to receive. To visit the Cisco Online Subscription Center, go to this URL:

http://www.cisco.com/offer/subscribe

The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco channel product offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL:

http://www.cisco.com/go/guide

Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

Cisco Press publishes a wide range of general networking, training, and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

Internet Protocol Journal is s a quarterly journal published by Cisco for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

Networking products offered by Cisco, as well as customer support services, can be obtained at this URL:

http://www.cisco.com/en/US/products/index.html

Networking Professionals Connection is an interactive website where networking professionals share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:

http://www.cisco.com/discuss/networking

"What's New in Cisco Documentation" is an online publication that provides information about the latest documentation releases for Cisco products. Updated monthly, this online publication is organized by product category to direct you quickly to the documentation for your products. You can view the latest release of "What's New in Cisco Documentation" at this URL:

http://www.cisco.com/univercd/cc/td/doc/abtunicd/136957.htm

World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html