Deployment Guide for Cisco Unified Presence Release 8.6
Configuring a Cisco Unified Presence Intercluster Deployment
Downloads: This chapterpdf (PDF - 269.0KB) The complete bookPDF (PDF - 3.54MB) | Feedback

Configuring a Cisco Unified Presence Intercluster Deployment

Table Of Contents

Configuring a Cisco Unified Presence Intercluster Deployment

About Intercluster Deployments

Intercluster Hardware Recommendations

Intercluster Peer Relationships

Intercluster Router to Router Connections

Node Name Value for Intercluster Deployments

Cisco Unified Presence Release 8.6(4) and Earlier

Cisco Unified Presence Release 8.6(5) and Later

Domain Value for Intercluster Deployments

Secure Intercluster Router to Router Connections

Prerequisites for Intercluster Deployment

How to Configure Intercluster Peers

Configuring an Intercluster Peer

Turning On the Intercluster Sync Agent

Verifying the Intercluster Peer Status

Updating Intercluster Sync Agent Tomcat Trust Certificates

How to Migrate Users between Cisco Unified Presence Clusters

Unassign the Users from the Current Cluster

Export User Contact Lists

Unlicense the Users

Move Users to the New Cluster

LDAP Sync Enabled on Cisco Unified Communications Manager

LDAP Sync Not Enabled on Cisco Unified Communications Manager

License the Users on the New Cluster

Import Contact Lists on the New Home Cluster


Configuring a Cisco Unified Presence Intercluster Deployment


July 5, 2013

About Intercluster Deployments

Prerequisites for Intercluster Deployment

How to Configure Intercluster Peers

How to Migrate Users between Cisco Unified Presence Clusters

About Intercluster Deployments

Intercluster Hardware Recommendations

Intercluster Peer Relationships

Intercluster Router to Router Connections

Secure Intercluster Router to Router Connections

Node Name Value for Intercluster Deployments

Domain Value for Intercluster Deployments

Intercluster Hardware Recommendations

When planning an intercluster deployment, it is recommended that similar hardware is used on all Cisco Unified Presence clusters in the Enterprise to allow for syncing of all user data between clusters. For example, if an MCS 7845 is deployed in Cluster A with 15,000 users, then an MCS 7845 should be deployed in Cluster B, even if only needed for 500 users.

Intercluster Peer Relationships

You can configure peer relationships that interconnect standalone Cisco Unified Presence clusters, known as intercluster peers. This intercluster peer functionality allows users in one Cisco Unified Presence cluster to communicate and subscribe to the availability information of users in a remote Cisco Unified Presence cluster within the same domain. Keep in mind that if you delete an intercluster peer from one cluster, then you must also delete the corresponding peer in the remote cluster.

Cisco Unified Presence uses the AXL/SOAP interface to retrieve user information for the home cluster association. Cisco Unified Presence uses this user information to detect if a user is a local user (user on the home cluster), or a user on a remote Cisco Unified Presence cluster within the same domain.

Cisco Unified Presence uses the XMPP interface for the subscription and notification traffic. If Cisco Unified Presence detects a user to be on a remote cluster within the same domain, Cisco Unified Presence reroutes the messages to the remote cluster.


Note If you configure an intercluster deployment between a Cisco Unified Presence Release 8.0(x) cluster and a cluster running a previous version of Cisco Unified Presence, Cisco Unified Presence uses the existing SIP interface for the subscription and notification traffic.



Caution Cisco highly recommends that you set up intercluster peers in a staggered manner, as the initial sync uses substantial bandwidth and CPU. Setting up multiple peers at the same time could result in excessive sync times.

Related Topic

How to Perform Intercluster Upgrades. For more information, see the Upgrade Guide for Cisco Unified Presence Release 8.6.

Intercluster Router to Router Connections

By default, Cisco Unified Presence assigns all nodes in a cluster as intercluster router-to-router connectors. When Cisco Unified Presence establishes an intercluster peer connection between the clusters over the AXL interface, it synchronizes the information from all intercluster router-to-router connector nodes in the home and remote clusters. Each intercluster router-to-router connector in one cluster then either initiates or accepts an intercluster connection with router-to-router connectors in the other cluster.


Note Router-to-router connections are dynamically established when a new node is added to the deployment. As a result, you do not need to restart the Cisco UP XCP Router on any node in your deployment when you add a new node.


Related Topic

Secure Intercluster Router to Router Connections

Node Name Value for Intercluster Deployments

Cisco Unified Presence Release 8.6(4) and Earlier


Note This topic is only applicable if you are not using DNS in your network.


If you configure an intercluster deployment, and you do not use DNS in your network, you must configure the node name value as the IP address of the node.

During installation Cisco Unified Presence only permits you to specify the hostname as the node name value. Therefore, once you complete the installation, you must change the node name value to the IP address of the node.

Perform this configuration on all nodes in both the local and remote clusters.

Cisco Unified Presence Release 8.6(5) and Later

The node name defined for any Cisco Unified Presence node must be resolvable by every other Cisco Unified Presence node on every cluster. Therefore, each Cisco Unified Presence node name must be the FQDN of the node. If DNS is not deployed in your network, each node name must be an IP address.


Note Specifying the hostname as the node name is only supported if all nodes across all clusters share the same DNS domain.


Related Topics

Creating, Assigning and Moving Nodes in System Topology

Domain Value for Intercluster Deployments

Domain Value for Intercluster Deployments


Note This topic is only applicable if you are not using DNS in your network.


If you configure an intercluster deployment, note the following regarding the presence domain value:

The presence domain value on the local cluster must match the presence domain value on the remote cluster to ensure that intercluster functionality will work correctly.

If you do not use DNS in your network, Cisco Unified Presence automatically defaults to the Presence domain value DOMAIN.NOT.SET. On both the local and remote cluster, you must replace this default value with a common valid presence domain value, otherwise intercluster functionality will not work correctly.

To configure the Domain value, follow the procedures described in Configuring the Domain Value.

Related Topic

Node Name Value for Intercluster Deployments

Secure Intercluster Router to Router Connections

You can configure a secure XMPP connection between all router-to-router connectors in your Cisco Unified Presence deployment, incorporating both intracluster and intercluster router to router connections. Select Cisco Unified Presence Administration > System > Security > Settings, and check Enable XMPP Router-to-Router Secure Mode.

When you turn on the secure mode for XMPP router-to-router connections, Cisco Unified Presence enforces a secure SSL connection using XMPP trust certificates. For intercluster deployments, Cisco Unified Presence enforces a secure SSL connection between each router-to-router connector node in the local cluster, and each router connector node in the remote cluster.

Related Topic

Intercluster Router to Router Connections

Prerequisites for Intercluster Deployment

You configure an intercluster peer between the publisher nodes in standalone Cisco Unified Presence clusters. No configuration is required on the subscriber nodes in a cluster for intercluster peer connections. Before you configure Cisco Unified Presence intercluster peers in your network, note the following:

The intercluster peers must each integrate with a different Cisco Unified Communications Manager cluster.

You must complete the required multi-node configuration in both the home Cisco Unified Presence cluster, and in the remote Cisco Unified Presence cluster:

Configure the system topology and assign your users as required.

Activate the services on each Cisco Unified Presence node in the cluster.

You must turn on the AXL interface on the local Cisco Unified Presence publisher node, and on the remote Cisco Unified Presence publisher node. Cisco Unified Presence creates, by default, an intercluster application user with AXL permissions. To configure an intercluster peer, you will require the username and password for the intercluster application user on the remote Cisco Unified Presence server.

You must turn on the Sync Agent on the local Cisco Unified Presence publisher node, and on the remote Cisco Unified Presence publisher node. Allow the Sync Agent to complete the user sychronization from Cisco Unified Communications Manager before you configure the intercluster peers.

For sizing and performance recommendations for intercluster deployments, including information on determining presence user profile, see the Cisco Unified Presence SRND.

Related Topics

How to Add Additional Nodes to Your Cluster Deployment

Cisco Unified Communication SRND:

http://www.cisco.com/go/designzone

How to Perform Intercluster Upgrades. For more information, see the Upgrade Guide for Cisco Unified Presence Release 8.6.

How to Configure Intercluster Peers

Configuring an Intercluster Peer

Turning On the Intercluster Sync Agent

Verifying the Intercluster Peer Status

Updating Intercluster Sync Agent Tomcat Trust Certificates

Configuring an Intercluster Peer

Perform this procedure on the publisher node of the local Cisco Unified Presence cluster, and on the publisher node of the remote Cisco Unified Presence cluster (with which you want your local cluster to form a peer relationship).

Before You Begin

Activate the AXL interface on the local Cisco Unified Presence node, and confirm that the AXL interface is activated on the remote Cisco Unified Presence publisher node.

Confirm that the Sync Agent has completed the user synchronization from Cisco Unified Communications Manager on the local and remote cluster.

Acquire the AXL username and password for the intercluster application user on the remote Cisco Unified Presence server.

If you do not use DNS in your network, read the Domain topic and the Node Name topic in this module.

Restriction

We recommend that you use TCP as the intercluster trunk transport for all Cisco Unified Presence clusters.

Procedure


Step 1 Select Cisco Unified Presence Administration > Presence > Inter-Clustering.

Step 2 Enter the IP address of the publisher node of a remote Cisco Unified Presence cluster.

Step 3 Enter the username of the application user on the remote Cisco Unified Presence server that has AXL permissions.

Step 4 Enter the associated password of the application user on the remote Cisco Unified Presence server that has AXL permissions.

Step 5 Enter the preferred protocol for SIP communication.

Step 6 (Optional) Enter the External Phone Number Mask value. This is the E164 mask to apply to Directory Numbers retrieved from the remote cluster.

Step 7 Select Save.

Step 8 Restart the Cisco UP XCP Router service on all nodes in the local cluster.

Step 9 Repeat this procedure to create the remote intercluster peer, and then restart the Cisco UP XCP Router service on all nodes in the remote cluster


Troubleshooting Tips

If you configure an intercluster deployment between a Cisco Unified Presence Release 8.0(x) cluster and a Cisco Unified Presence release 7.0(x) cluster, you must turn on the XCP SIP Federation Connection Manager service on all nodes in the Cisco Unified Presence Release 8.0(x) cluster. To turn on the XCP SIP Federation Connection Manager, select Cisco Unified Serviceability > Tools > Service Activation.

If you configure the intercluster peer connection before the Sync Agent completes the user synchronization from Cisco Unified Communications Manager (on either the local or remote cluster), the status of the intercluster peer connection will display as failed.

If you select TLS as the intercluster transport protocol, Cisco Unified Presence attempts to automatically exchange certificates between intercluster peers to establish a secure TLS connection. Cisco Unified Presence indicates whether or not the certificate exchange is successful in the intercluster peer status section.

What To Do Next

Turning On the Intercluster Sync Agent

Related Topics

Restarting the Cisco UP XCP Router Service

Node Name Value for Intercluster Deployments

Domain Value for Intercluster Deployments

How to Perform Intercluster Upgrades. For more information, see the Upgrade Guide for Cisco Unified Presence Release 8.6.

Verifying the Intercluster Peer Status

Turning On the Intercluster Sync Agent

By default, Cisco Unified Presence turns on the Intercluster Sync Agent parameter. Use this procedure to either verify that the Intercluster Sync Agent parameter is on, or to manually turn on this service.

The Intercluster Sync Agent uses the AXL/SOAP interface for the following:

to retrieve user information for Cisco Unified Presence to determine if a user is a local user (on the local cluster), or a user on a remote Cisco Unified Presence cluster within the same domain.

to notify remote Cisco Unified Presence clusters of changes to users local to the cluster.


Note You must turn on the Intercluster Sync Agent on all nodes in the Cisco Unified Presence cluster because in addition to synchronizing user information from the local publisher node to the remote publisher node, the Intercluster Sync Agent also handles security between all nodes in the clusters.


Procedure


Step 1 Select Cisco Unified Serviceability > Tools > Control Center - Network Services.

Step 2 Select the Cisco Unified Presence server from the Server menu.

Step 3 Select Cisco UP Intercluster Sync Agent.

Step 4 Select Start.


Related Topics

Configuring an Intercluster Peer

About the Multi-Node Scalability Feature

What To Do Next

Verifying the Intercluster Peer Status

Verifying the Intercluster Peer Status

Procedure


Step 1 Select Cisco Unified Presence Administration > Presence > Inter-Clustering.

Step 2 Select the peer address from the search criteria menu.

Step 3 Select Find.

Step 4 Select the peer address entry that you wish to view.

Step 5 In the Intercluster Peer Status window:

Verify that there are check marks beside each of the result entries for the intercluster peer.

Make sure that the Associated Users value equals the number of users on the remote cluster.

If you select TLS as the intercluster transport protocol, the Certificate Status item displays the status of the TLS connection, and indicates if Cisco Unified Presence successfully exchanged security certificates between the clusters. If the certificate is out-of-sync, you need to manually update the tomcat trust certificate (as described in this module). For any other certificate exchange errors, check the Online Help for a recommended action.

Step 6 Select Cisco Unified Presence Administration > Diagnostics > System Troubleshooter.

Step 7 Verify that there are check marks beside the status of each of the intercluster peer connection entries in the InterClustering Troubleshooter section.


Related Topic

Updating Intercluster Sync Agent Tomcat Trust Certificates

Updating Intercluster Sync Agent Tomcat Trust Certificates

If the tomcat certificate status for an intercluster peer is out-of-sync, you need to update the Tomcat trust certificate. In an intercluster deployment this error can occur if you reuse the existing Intercluster Peer Configuration to point to a new remote cluster. Specifically, in the existing Intercluster Peer Configuration window, you change the Peer Address value to point to a new remote cluster. This error can also occur in a fresh Cisco Unified Presence install, or if you change the Cisco Unified Presence host or domain name, or if you regenerate the Tomcat certificate.

This procedure describes how to update the Tomcat trust certificate when the connection error occurs on the local cluster, and the `bad' Tomcat trust certificates are associated with the remote cluster.

Procedure


Step 1 Select Cisco Unified Presence Administration > Presence > Inter-Clustering.

Step 2 Select Force Sync to synchronize certificates with the remote cluster.

Step 3 In the confirmation window that displays, select Also resync peer's Tomcat certificates.

Step 4 Select OK.


Related Topics

Verifying the Intercluster Peer Status

For information about how to perform intercluster upgrades, see the Upgrade Guide for Cisco Unified Presence.

How to Migrate Users between Cisco Unified Presence Clusters

This section describes how to migrate users between Cisco Unified Presence clusters.


Note This procedure only migrates user contacts that are provisioned with an IM Address. User contacts with only phone numbers are not migrated and must be manually re-added by the end user after the migration completes.


You must complete the following procedures in the order in which they are presented:

Unassign the migrating users from their current cluster

Export the contact lists of the migrating users from their current home cluster

Unlicense the migrating users for Cisco Unified Presence and Cisco Jabber on their current home cluster from Cisco Unified Communications Manager

If LDAP Sync is enabled on Cisco Unified Communications Manager:

move the users to the new Organization Unit, from which their new cluster synchronizes its information

synchronize the users to the new home Cisco Unified Communications Manager, see

If LDAP Sync is not enabled on Cisco Unified Communications Manager, manually provision the migrating users on Cisco Unified Communications Manager

License users for Cisco Unified Presence and Cisco Jabber

Import contact lists to the new home cluster to restore contact list data for migrated users


Note For deployments where partitioned intradomain federation is enabled, Microsoft users must login in again to establish availability. Alternatively, users can wait until Microsoft LCS/OCS refreshes the subscription (this can take up to 2 hours).


Before You Begin

Perform a full DRS of the current cluster and the new home cluster.

See the Disaster Recovery System Administration Guide for Cisco Unified Presence for more information.

Ensure that the following services are running:

Cisco UP Intercluster Sync Agent

Cisco AXL Web Service

Cisco UP Sync Agent

Run the Troubleshooter and ensure that there are no Intercluster Sync Agent issues reported. All Intercluster Sync Agent issues reported on the Troubleshooter must be resolved before proceeding with this procedure.

Cisco recommends that the Allow users to view the availability of other users without being prompted for approval setting is enabled. To enable this setting, select Cisco Unified Presence Administration > Presence > Settings. Any change to this setting requires a restart of the Cisco XCP Router.

Cisco recommends that the following settings are set to No Limit:

Maximum Contact List Size (per user)

Maximum Watchers (per user)

To configure these settings, select Cisco Unified Presence Administration > Presence > Settings.

Ensure that the users to be migrated are licensed for Cisco Unified Presence or Cisco Jabber on their current (pre-migration) home cluster only. If these users are licensed on any other cluster, they need to be fully unlicensed before proceeding with the following procedures.

Unassign the Users from the Current Cluster

Complete this procedure to unassign the migrating users from their current cluster.

Procedure


Step 1 Select Cisco Unified Presence Administration > System > Cluster Topology.

Step 2 Select the users that you want to migrate to a remote Cisco Unified Presence cluster.

Step 3 Select Assign Selected Users and in the next dialog box, select Unassigned.

Step 4 Select Save.


What To Do Next

Export User Contact Lists

Export User Contact Lists

Complete this procedure to export the contact lists of the migrating from their current cluster.

Procedure


Step 1 Export the contact lists of the migrating users from the current home cluster.

a. Select Cisco Unified Presence Administration > Bulk Administration > Contact List > Export.

b. Select All unassigned users in the cluster and select Find.

c. Review the results and use the AND/OR filter to filter the search results as required.

d. When the list is complete, select Next.

e. Select a filename for the exported contact list data.

f. Optionally update the Job Description.

g. Select Run Immediately or schedule the job to run later.

Step 2 Monitor the status of the contact list export job.

a. Select Cisco Unified Presence Administration > Bulk Administration > Job Scheduler.

b. Select Find to list all BAT jobs.

c. Find your contact list export job and when it is reported as completed, select the job.

d. Select the CSV File Name link to view the contents of the contact list export file. Note that a timestamp is appended to the filename.

e. From the Job Results section, select the log file to see the summary of what was exported. The job begin and end time is listed and a result summary for the job is presented.

Step 3 Download the contact list export file and store it for use later when the user migration is complete.

a. Select Cisco Unified Presence Administration > Bulk Administration > Upload/Download Files.

b. Select Find.

c. Select the contact list export file and select Download Selected.

d. Save the CSV file locally for upload later in the procedure.


What To Do Next

Unlicense the Users

Unlicense the Users

The following procedure describes how to unlicense the migrating users for Cisco Unified Presence and Cisco Jabber on their current home cluster from Cisco Unified Communications Manager.

Procedure


Step 1 From Cisco Unified Communications Manager Administration, select System > Licensing > Capabilities Assignment.

Step 2 Select the users that you want to migrate.

Step 3 Select Bulk Assignment.

Step 4 In the dialog box, uncheck Enable CUP and Enable CUPC.

Step 5 Select Save.


What To Do Next

Move Users to the New Cluster

Move Users to the New Cluster

The procedure to move the users to the new cluster differs depending on whether LDAP Sync is enabled on Cisco Unified Communications Manager.

LDAP Sync Enabled on Cisco Unified Communications Manager

If LDAP Sync is enabled on Cisco Unified Communications Manager, you must move users to the new Organizational Unit and synchronize the users to the new home cluster.

Move Users to the New Organizational Unit

If LDAP Sync is enabled on Cisco Unified Communications Manager (Unified CM), you must move the users to the new Organizational Unit (OU) from which their new cluster synchronizes if the deployment uses a separate LDAP structure (OU divided) for each cluster, where users are only synchronized from LDAP to their home cluster.


Note You do not need to move the users if the deployment uses a flat LDAP structure, that is, all users are synchronized to all Unified CM and Cisco Unified Presence clusters where users are licensed to only one cluster.


For more information about how to move the migrating users to the relevant OU of the new home cluster, see the LDAP Administration documentation.

After you move the users, you must delete the LDAP entries from the old LDAP cluster.

What To Do Next

Synchronize the Users to the New Home Cluster

Synchronize the Users to the New Home Cluster

If LDAP is enabled on Cisco Unified Communications Manager (Unified CM), you must synchronize the users to the new home Unified CM cluster. You can do this manually on Unified CM or you can wait for a scheduled synchronization on Unified CM.

To manually force the synchronization on Unified CM, complete the following procedure.

Procedure


Step 1 From Cisco Unified CM Administration, select System > LDAP > LDAP Directory.

Step 2 Select Perform Full Sync Now.


What To Do Next

License the Users on the New Cluster

LDAP Sync Not Enabled on Cisco Unified Communications Manager

If LDAP Sync is not enabled on Cisco Unified Communications Manager (Unified CM), you must manually provision the users on the new Unified CM cluster. See the Cisco Unified Communications Manager Administration Guide for more information.

What To Do Next

License the Users on the New Cluster

License the Users on the New Cluster

When the users have been synchronized, or manually provisioned, on the new home cluster, you must license the users for Cisco Unified Presence and Cisco Jabber.

Procedure


Step 1 From Cisco Unified CM Administration, select System > Licensing > Capabilities Assignment.

Step 2 Select the users that were migrated to the cluster and select Bulk Assignment.

Step 3 Use the Bulk Assignment Tool to license the users on their new home cluster.

Step 4 Provision the users on Unified CM for Phone and CSF. See the Cisco Unified Communications Manager Administration Guide for more information.



Note After you have licensed the users on the new cluster, Cisco recommends that you rebalance users on Cisco Unified Presence.


What To Do Next

Import Contact Lists on the New Home Cluster

Import Contact Lists on the New Home Cluster

You must import the contact lists to restore contact data for the migrated users.

Procedure


Step 1 Upload the previously exported contact list CSV file.

a. Select Cisco Unified Presence Administration > Bulk Administration > Upload/Download Files.

b. Select Add New.

c. Select Browse to locate and select the contact list CSV file.

d. Select Contact Lists as the Target.

e. Select Import Users' Contacts - Custom File as the Transaction Type,

f. Optionally check Overwrite File if it exists.

g. Select Save to upload the file.

Step 2 Run the import contact list job.

a. Select Cisco Unified Presence Administration > Bulk Administration > Contact List > Update.

b. Select the CSV file you uploaded in Step 1.

c. Optionally update the Job Description.

d. To run the job now, select Run Immediately. Select Run Later to schedule the update for a later time.

e. Select Submit.

Step 3 Monitor the contact list import status.

a. Select Cisco Unified Presence Administration > Bulk Administration > Job Scheduler.

b. Select Find to list all BAT jobs.

c. Select the job ID of the contact list import job when its status is reported as complete.

d. To view the contents of the contact list file, select the file listed at CSV File Name.

e. Select the Log File Name link to open the log.

The begin and end time of the job is listed and a result summary is also displayed.