Integration Guide for Configuring Cisco Unified Presence Release 8.6 for Interdomain Federation
Configuring the Foreign Server Components for SIP Federation
Downloads: This chapterpdf (PDF - 203.0KB) The complete bookPDF (PDF - 3.95MB) | Feedback

Configuring the Foreign Server Components for SIP Federation

Table Of Contents

Configuring the Foreign Server Components for SIP Federation

Microsoft Component Configuration for SIP Federation

About the Requirements for SIP Federation with AOL

License Requirements for AOL Federation

AOL Routing Information Requirements

AOL Provisioning Information Requirements


Configuring the Foreign Server Components for SIP Federation


June 18, 2013

Microsoft Component Configuration for SIP Federation

About the Requirements for SIP Federation with AOL

Microsoft Component Configuration for SIP Federation

The following table provides a brief checklist relative to configuring federation on the Microsoft servers. For detailed instructions on setting up and deploying the OCS server and the Access Edge server, refer to the Microsoft documentation.

Table 9-1 Configuration tasks for Microsoft Components 

Server
Task
Procedure

OCS Server

Enable Global Federation Setting

1. Select Properties > Global Properties > Federation in the global forest branch in the left pane.

2. Check Enable Federation and Public IM Connectivity.

3. Enter the FQDN and the port number for the internal interface of the Access Edge server.

Configure the Access Edge server address

1. Select Properties > Global Properties > Edge Servers in the global forest branch in the left pane.

2. Click Add in the Access Edge and Web Conferencing Edge Servers window.

3. Enter the FQDN for the internal interface of the Access Edge server.

Enable Each Front End Federation Setting

You need to enable the federation setting for each front-end server that is federating:

1. Select Properties > Front End Properties > Federation in the front-end server branch in the left pane.

2. Check Enable Federation and Public IM Connectivity.

Check your users are enabled for MOC and for Federation

From the Users tab, check that your users are enabled for MOC.

If your user is not present in this list, you need to enable the user for MOC in Microsoft Active Directory.

You also need to enable the user for Public IM Connectivity in Microsoft Active Directory.

Refer to the Microsoft Active Directory documentation at the following URL: http://technet2.microsoft.com/windowsserver/en/technologies/featured/ad/default.mspx

Access Edge Server

Configure DNS

In the Microsoft enterprise deployment, you need to configure an external SRV record for all Access Edge Servers that points to _sipfederationtls._tcp.<domain>, over port 5061, where <domain> is the name of the SIP domain of your organization. This SRV should point to the external FQDN of the Access Edge server.

Configure Cisco Unified Presence as an IM Provider

1. Select Start > Administrative Tools > Computer Management on the external Access Edge server.

2. Right-click Microsoft Office Communications Server 2007 in the left pane.

3. Click the IM Provider tab.

4. Click Add.

5. Check Allow the IM service provider.

6. Define the IM service provider name, for example, the Cisco Unified Presence server.

7. Define the network address of the IM service provider, in this case the public FQDN of the Cisco Unified Presence server.

8. Ensure that the IM service provider is not marked as "public".

9. Click the filtering option Allow all communications from this provider option.

10. Click OK.

In the Cisco Unified Presence enterprise deployment, you need to configure a DNS SRV record that points to _sipfederationtls._tcp.<CUP_domain> over port 5061where <CUP_domain> is the name of the Cisco Unified Presence domain. This DNS SRV should point to the public FQDN of the Cisco Unified Presence server.

Check the Access Method Settings

1. Right-click on Microsoft Office Communications Server 2007 in the console tree.

2. Click Properties > Access Methods.

3. Check Federation.

4. Check Allow discovery if you are using DNS SRV.

Configure Access Edge to use TLSv1

1. Select Start > Administrative Tools > Local Security Policy to open the Local Security Policy.


Note If you are configuring this on a domain controller, the path is Start > Administrative Tools > Domain Controller Security Policy.


2. Click Security Settings > Local Policies > Security Options in the console tree.

3. Double-click the FIPS security setting in the details pane.

4. Enable the FIPS security setting.

5. Click OK.


Note There is a known issue with remote desktop to the Access Edge Server with FIPS enabled on Windows XP. Refer to Unable to Remote Desktop to Access Edge for a resolution to this issue.


OCS/Access Edge Server

Configure the security certificates

You need to configure security certificates between the OCS server and the Access Edge server.

You will require a CA server to perform this procedure.

Please refer to the Microsoft documentation for details on configuring security certificates between these servers.


Related Topics

Configuring Interdomain Federation to Microsoft OCS/Lync within an Enterprise

About the Requirements for SIP Federation with AOL

License Requirements for AOL Federation

AOL Routing Information Requirements

AOL Provisioning Information Requirements

License Requirements for AOL Federation

You must order the AOL-FEDERATION SKU license from Cisco to allow you to turn on interdomain federation between Cisco Unified Presence and AOL. When you submit this license request, Cisco will request from you the AOL customer routing and contact information described in the later sections of this topic. After Cisco receives your AOL customer routing and contact information, AOL federation between Cisco Unified Presence and AOL will be turned on.

Related Topics

AOL Routing Information Requirements

AOL Provisioning Information Requirements

AOL Routing Information Requirements

When you configure interdomain federation between Cisco Unified Presence and AOL SIP Access Gateway, you must provide AOL with the following information.

Deployment Type
Provide (for each domain)
Notes

No load balancer

The public FQDN of the federation routing Cisco Unified Presence server: <sip.domain.com>

The domain name of the Cisco Unified Presence server: @<domain.com>

Cisco Unified Presence server certificate subject CN must match FQDN of the Cisco Unified Presence server

The CA that signs the Cisco Unified Presence server certificate must be trusted by the AOL server.

Load balancer

The FQDN of the load balancer: <lb.domain.com>

The domain name of the load balancer: @<domain.com>

Cisco Unified Presence server certificate subject CN must match FQDN of the load balancer.

The CA that signs the Cisco Unified Presence server certificate must be trusted by the AOL server.

 

The secure SIP federation port of the Cisco Unified Presence server that will be used for the domain

The AOL SIP Access Gateway connects (via SSL) to the IP address that is returned by an nslookup on this port. The default port is 5061.


We recommend that you work with your Cisco support representative to provide this information to AOL.

AOL Provisioning Information Requirements

The name of the enterprise, company or other.

The domain name used for the federation (e.g. companyabc.com).

The FQDN of the Cisco Unified Presence server that is being used for federation.

The customer contact details: name, email address, phone number.

Copy of certificate(s):

If the certificate is signed by a Certificate Authority, root certificate including the whole chain of certificates of the Certificate Authority must be provided.

The base64 encoding of the certificate(s) is required, for example:

BEGIN CERTIFICATE----- MIIGKDCCBRCgAwIBAgIKH5c9LAAIAAGTvjANBgkqhkiG9w0BAQUFADCBizETMBEG CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG..... 6HKfdML7AkWOV0Wiwc8HUb/0iFmfB24jWOnjj3NW15k0tDJXmbSMuAxjZ/2dZ4dA 4zd4FeZvoCzyVglPkoLvA0Z+AJyOkO7/tie4EF3n/kEedaPWimv2TpRrlAP5lBXn tbM82NpEDaSqzg0d4Dswqe7W30CKGgUBYS1fO7xJHSRju719D+H7XivmjvU= -----END CERTIFICATE-----

We recommend that you work with your Cisco support representative to provide this information to AOL.