Integration Guide for Configuring Cisco Unified Presence Release 8.6 for Interdomain Federation
Configuring Cisco Unified Presence for SIP Federation
Downloads: This chapterpdf (PDF - 264.0KB) The complete bookPDF (PDF - 3.95MB) | Feedback

Configuring Cisco Unified Presence for SIP Federation

Table Of Contents

Configuring Cisco Unified Presence for SIP Federation

SIP Proxy Domain on Cisco Unified Presence

Adding a SIP Federated Domain

How to Configure the Routing Configuration on Cisco Unified Presence

DNS Configuration for SIP Federation

Configuring Static Routes Using TLS

Configuring the Cisco Unified Presence Domain from the CLI

Configuring the Federation Routing Parameter

How to Configure the Security Settings on Cisco Unified Presence

Creating a new TLS Peer Subject

Adding the TLS Peer to the Selected TLS Peer Subjects List

How to Configure the Routing Information for AOL Federation

Routing SIP Requests for SIP Federation with AOL

Verifying or Changing the Default Federation Routing Domain for SIP Federation with AOL

How To Configure Email Address for Federation

Email Address for Federation Feature

Email Domain for Federation

Information to Provide to Administrator of the Foreign Domain

Information to Provide to Cisco Unified Presence Users

Turning On Email for Federation

Turning On the SIP Federation Service


Configuring Cisco Unified Presence for SIP Federation


June 18, 2013

SIP Proxy Domain on Cisco Unified Presence

Adding a SIP Federated Domain

How to Configure the Routing Configuration on Cisco Unified Presence

Configuring the Federation Routing Parameter

How to Configure the Security Settings on Cisco Unified Presence

How to Configure the Routing Information for AOL Federation

How To Configure Email Address for Federation

Turning On the SIP Federation Service


Note Only Cisco Unified Presence Release 8.5(2) or later supports interdomain federation with Microsoft Lync. For Cisco Unified Presence Release 8.5(2) or later, any reference to interdomain federation with OCS also includes Microsoft Lync, unless explicitly stated otherwise.


SIP Proxy Domain on Cisco Unified Presence

If you change the SIP proxy domain on Cisco Unified Presence before you configure federation, as part of the SIP proxy domain change procedure you must also change the Federation Routing CUP FQDN parameter. Refer to the Deployment Guide for Cisco Unified Presence for the correct sequence of steps for changing the SIP proxy domain on Cisco Unified Presence.

Related Topic

Deployment Guide for Cisco Unified Presence: http://www.cisco.com/en/US/products/ps6837/products_installation_and_configuration_guides_list.html

Adding a SIP Federated Domain


Note Only Cisco Unified Presence Release 8.5.x or later releases support SIP federation with AOL.


When you configure a federated domain entry, Cisco Unified Presence automatically adds the incoming ACL for the federated domain entry. You can see the incoming ACL associated with a federated domain on Cisco Unified Presence Administration, but you cannot modify or delete it. You can only delete the incoming ACL when you delete the (associated) federated domain entry.

If you are configuring SIP federation with AOL, note the following:

The AOL network can comprise of both public communities and hosted networks. You must configure each of these domains as SIP federated domain of type AOL on Cisco Unified Presence.

To handle users in a hosted domain such as user@acompany.com, you must configure a SIP federated domain of type AOL on Cisco Unified Presence for `acompany.com'.

To handle users in domains `aol.com' and `aim.com', you only need to add one SIP federated domain for `aol.com' on Cisco Unified Presence. The AOL network allows you to address `user@aim.com' as `user@aol.com'.

Procedure


Step 1 Select Cisco Unified Presence Administration > Presence > Inter Domain Federation > SIP Federation.

Step 2 Select Add New.

Step 3 Enter the federated domain name in the Domain Name field.

Step 4 Enter a description that identifies the federated domain in the Description field.

Step 5 Select one of these integrations:

Inter-domain to OCS/Lync

Inter-domain to AOL

Step 6 If you are configuring federation with Microsoft OCS, ensure that Direct Federation is unchecked.

Step 7 Select Save.

Step 8 After you add, edit or delete a SIP federated domain, restart the Cisco UP XCP Router by selecting Tools > Control Center - Network Services in Cisco Unified Serviceability. When you restart Cisco UP XCP Router, this causes a restart of all XCP services on Cisco Unified Presence.


Troubleshooting Tips

The text string you enter in the Description field is displayed to the user in the Cisco Unified Personal Communicator Release 7.x privacy preferences available from the Manage Domains tab. Therefore make sure you enter a domain name that is easily-recognizable to the user.

How to Configure the Routing Configuration on Cisco Unified Presence

DNS Configuration for SIP Federation

Configuring Static Routes Using TLS

Configuring the Cisco Unified Presence Domain from the CLI

DNS Configuration for SIP Federation

In the local Cisco Unified Presence enterprise, Cisco Unified Presence must publish a DNS SRV record for the Cisco Unified Presence domain to make it possible for other domains to discover the Cisco Unified Presence server through DNS SRV.

The Microsoft enterprise deployment requires Cisco Unified Presence to publish a DNS SRV record for the Cisco Unified Presence domain because you configure Cisco Unified Presence as a Public IM Provider on the Access Edge server.

In the Cisco Unified Presence enterprise deployment, you need to configure a DNS SRV record that points to _sipfederationtls._tcp.<CUP_domain> over port 5061where <CUP_domain> is the name of the Cisco Unified Presence domain. This DNS SRV should point to the public FQDN of the routing Cisco Unified Presence server. This FQDN must be publicly resolvable.

In order for Cisco Unified Presence to discover the foreign domain, a DNS SRV record must exist in the DNS server of the foreign domain that points to the FQDN of the external interface of the foreign domain.

If you configure SIP federation with AOL, AOL routes based on FQDN, so you just require the FQDN of the routing Cisco Unified Presence server to be publicly resolvable. AOL does not perform a DNS SRV lookup; instead it statically configures the FQDN of Cisco Unified Presence so it requires this FQDN to be publicly resolvable.


Tip Use this sequence of commands for performing a DNS SRV lookup:

nslookup
set type=srv
_sipfederationtls._tcp.<domain>

If Cisco Unified Presence cannot resolve the foreign enterprise via public DNS lookup, you must configure static routes in your deployment.

Related Topic

Configuring Static Routes Using TLS

Configuring Static Routes Using TLS


Note Static route configuration is only applicable to SIP federation.


If the Cisco Unified Presence server cannot discover the external domain using DNS SRV, you must configure a static route on Cisco Unified Presence that points to the external interface of the foreign domain.

Procedure


Step 1 Select Cisco Unified Presence Administration > Presence > Routing > Static Routes.

Step 2 Configure the static route parameters as follows:

The destination pattern value must be configured such that the foreign enterprise domain is reversed. For example if the domain is "domaina.com" then the Destination Pattern value must be ".com.domaina.*".

The Next Hop value is the FQDN or IP address of the external Access Edge for federation with Microsoft OCS, or the FQDN or IP address of the AOL SIP Access Gateway for federation with AOL.

The Next Hop Port number is 5061.

The Route Type value is domain.

The Protocol Type is TLS.

Step 3 Click Save.


Related Topic

Configuring the Cisco Unified Presence Domain from the CLI

Configuring the Cisco Unified Presence Domain from the CLI

If you do not enable DHCP, use this procedure to configure the Cisco Unified Presence domain from the CLI.

Procedure


Step 1 Log in to the administrator CLI on Cisco Unified Presence.

Enter this command to display the current network settings:

show network eth0 
 
   

Step 2 If no domain exists and you do not enable DHCP, configure the domain to be the same as the Cisco Unified Presence proxy domain. Enter this command:

set network domain <domain name>.
 
   

Step 3 Enter y at the prompt to confirm the changes.

The server automatically restarts. This can take up to 5 minutes.

Step 4 When the sever restarts, enter this command to confirm you have configured the domain:

show network eth0
 
   

Configuring the Federation Routing Parameter

Before You Begin

When you first install Cisco Unified Presence, the federation routing parameter is automatically set to the FQDN of the publisher node, and Cisco Unified Presence passes this value to each subscriber node.

Procedure


Step 1 Select Cisco Unified Presence Administration > System > Service Parameters.

Step 2 Select the Cisco Unified Presence server from the Server menu.

Step 3 Select Cisco UP SIP Proxy from the Service menu.

Step 4 Enter the public FQDN value for the Federation Routing CUP FQDN parameter in the Federation Routing Parameters (Clusterwide) section.


NoteThis FQDN value must correspond to the _sipfederationtls entry in the public DNS for that Cisco Unified Presence domain.

If you assign users to the routing Cisco Unified Presence server, this FQDN value cannot be the same as the actual FQDN of the routing Cisco Unified Presence server.


Step 5 Select Save.

Step 6 After you add, edit or delete a SIP federated domain, restart the Cisco UP XCP Router by selecting Tools > Control Center - Network Services in Cisco Unified Serviceability. When you restart Cisco UP XCP Router, this causes a restart of all XCP services on Cisco Unified Presence.


Related Topic

Turning On Email for Federation

How to Configure the Security Settings on Cisco Unified Presence


Note This procedure is only applicable if you do not have Cisco Adaptive Security Appliance in your federation deployment, for example, if you deploy federation within your enterprise and you want a secure TLS connection.


Creating a new TLS Peer Subject

Adding the TLS Peer to the Selected TLS Peer Subjects List

Creating a new TLS Peer Subject

When you import the Cisco Adaptive Security Appliance security certificate to Cisco Unified Presence, Cisco Unified Presence automatically adds Cisco Adaptive Security Appliance as a TLS peer subject. Therefore you do not need to manually add Cisco Adaptive Security Appliance as a TLS peer subject on Cisco Unified Presence.

Procedure


Step 1 Select Cisco Unified Presence Administration > System > Security > TLS Peer Subjects.

Step 2 Click Add New.

Step 3 Enter one of the following values:

a. If you configure SIP federation with Microsoft OCS, enter the external FQDN of the Access Edge Server in the Peer Subject Name field. This value must match the subject CN of the certificate that the Microsoft Access Edge server presents.

b. If you configure SIP federation with AOL, enter the external FQDN of the AOL SIP Access Gateway. This value must match the subject CN of the certificate that the AOL SIP Access Gateway presents

Step 4 Enter the name of the foreign server in the Description field.

Step 5 Click Save.


What To Do Next

Adding the TLS Peer to the Selected TLS Peer Subjects List

Related Topics

Importing the Self Signed Certificate onto Cisco Unified Presence

Adding the TLS Peer to the Selected TLS Peer Subjects List

Before You Begin

Create a new TLS peer subject.

Procedure


Step 1 Select Cisco Unified Presence Administration > System > Security > TLS Context Configuration.

Step 2 Click Find.

Step 3 Click Default_Cisco_UP_SIP_Proxy_Peer_Auth_TLS_Context.

Step 4 Select all ciphers from the list of available TLS ciphers.

Step 5 Click the arrow to move these cipher selections to Selected TLS Ciphers.

Step 6 From the list of available TLS peer subjects, click the TLS peer subject that you configured in the previous section.

Step 7 Click the arrow to move the selected TLS peer subject to Selected TLS Peer Subjects.

Step 8 Check Disable Empty TLS Fragments when you federate with Microsoft OCS.

Step 9 Click Save.

Step 10 Restart the Cisco UP SIP Proxy service.



Note If you deploy AOL and Microsoft OCS federation on the same Cisco Unified Presence node, checking the Disable Empty TLS Fragments setting will not impact AOL federation.


Related Topics

Creating a new TLS Peer Subject

How to Configure the Routing Information for AOL Federation

Routing SIP Requests for SIP Federation with AOL

Verifying or Changing the Default Federation Routing Domain for SIP Federation with AOL

Routing SIP Requests for SIP Federation with AOL


Note Only Cisco Unified Presence Release 8.5.x or later releases support SIP federation with AOL.


SIP federation with AOL enables Cisco Unified Presence users to federate with the following users:

Users of AOL public communities, for example, aim.com, aol.com.

Users of an enterprise whose domain is hosted by AOL.

Users of a foreign enterprise that federates with AOL. Cisco Unified Presence could use AOL as a clearing house to federate with these foreign enterprises.

For example, AOL hosts an enterprise with a domain called `hosteddomain.com', and there is an enterprise federating with AOL with a domain called `acompany.com'. You can add a SIP federation domain entry for each of these domains on Cisco Unified Presence to allow Cisco Unified Presence users to federate with users@hosteddomain.com and users@acompany.com.

The routing logic on Cisco Unified Presence is enhanced to support routing to domains that federate through AOL. When you configure SIP federation with AOL, Cisco Unified Presence routes messages based on the default federation routing domain. The default value for this domain is `aol.com'.


Note The routing described here is only applicable when you configure a federated domain of type `Inter-domain to AOL'.


If the federated user belongs to one of the hosted domains in AOL (a domain other than aol.com), Cisco Unified Presence performs the following steps:

1. Performs a lookup for a static route for the hosted domain. If no static route exists, Cisco Unified Presence will,

2. Perform a DNS SRV lookup for hosted domain. If the lookup returns nothing, Cisco Unified Presence will,

3. Perform a lookup for a static route for the default federation routing domain (aol.com by default). If no static route exists, Cisco Unified Presence will,

4. Perform a DNS SRV lookup for the default federation routing domain (aol.com by default).

If the federated user is in the default AOL domain (user@aol.com), Cisco Unified Presence performs the following steps:

1. Performs a lookup for a static route for default AOL domain (aol.com by default). If no static route exists Cisco Unified Presence will,

2. Perform a DNS SRV lookup for default federation routing domain (aol.com by default).

Related Topics

Verifying or Changing the Default Federation Routing Domain for SIP Federation with AOL

Verifying or Changing the Default Federation Routing Domain for SIP Federation with AOL


Note Only Cisco Unified Presence Release 8.5.x or later releases support SIP federation with AOL.


Generally you should not need to change the value of the default federation routing domain, unless the AOL enterprise changes the domain that the AOL server resolves to.

Before You Begin

Read the topic on routing SIP requests for SIP Federation with AOL

Procedure


Step 1 Select Cisco Unified Presence Administration > System > Service Parameters.

Step 2 Select the Cisco Unified Presence server from the Server menu.

Step 3 Select Cisco UP SIP Proxy from the Service menu.

Step 4 Verify or edit the value of the Default Federation Routing Domain parameter in the Federation Routing Parameters (Clusterwide) section.

Step 5 Select Save if you change the value of the Default Federation Routing Domain parameter.

Step 6 You need to restart the Cisco UP XCP Router if you change the value of the Default Federation Routing Domain parameter. In Cisco Unified Serviceability, select Tools > Control Center - Network Services to restart the Cisco UP XCP Router.


Related Topic

Routing SIP Requests for SIP Federation with AOL

How To Configure Email Address for Federation


NoteThis section is only applicable to Cisco Unified Presence Release 8.5 or later releases.

This section applies to both SIP and XMPP federation.


Email Address for Federation Feature

Email Domain for Federation

Information to Provide to Administrator of the Foreign Domain

Information to Provide to Cisco Unified Presence Users

Turning On Email for Federation

Email Address for Federation Feature

When you turn on Cisco Unified Presence to use the email address for SIP federation, Cisco Unified Presence changes the SIP URI of each federated contact from `userid@domain' to the email address of the contact.

Before you turn on email address for interdomain federation, note the following:

If you have not yet attempted to federate with the foreign domain, and you wish to turn on email for federation, we recommend that you turn on this setting before users begin to add any federated contacts.

If you turn on email address for federation, and a user does not have an email address configured in Active Directory, Cisco Unified Presence uses the JID of the user for federation.

A prerequisite for this feature is that the Cisco Unified Communications Manager Mail ID for each user must match the full email address for the user.

If the Mail ID field for the user is empty or does not contain a full email address, Cisco Unified Presence defaults to using the Cisco Unified Presence JID of the user for federation.

If you turn on email address for federation, and a federated contact uses the JID of a Cisco Unified Presence user rather than using the email address, Cisco Unified Presence drops these requests (even if a valid email address is configured for the user).

Cisco Unified Presence does not support email aliases for the email address for federation feature.

Email Domain for Federation

If the email domain for federation is different to the SIP Proxy domain value that you configure on the Cluster Topology Settings page on the Cisco Unified Presence Administration interface, follow these steps:

Configure the Federation Routing CUP FQDN parameter value under Proxy Service Parameters to contain the email domain for federation rather than the SIP Proxy domain. Note that this step applies to both XMPP and SIP federation.

Make sure that you publish the email domain for the federation DNS SRV records in the public DNS server:

_xmpp-server._tcp.<email-domain>

_sipfederationtls._tcp.<email-domain>

Information to Provide to Administrator of the Foreign Domain

Before you turn on email address for federation, you must alert the system administrator of the foreign domain to the following:

You are using email address for federation, and that the users in the foreign domain must specify an email address when adding a federated contact to their contact list.

If you are already federating with the foreign domain, and you wish to turn on email for federation, users in the foreign domain must remove the existing federated contacts in their contact list, and add these federated contacts again specifying an email address.

Information to Provide to Cisco Unified Presence Users

When you turn on email address for federation, you must notify all Cisco Unified Presence users of the following:

Federated contacts will now use email address rather than the user_id@domain address.

When adding new contacts to their contact list, federated contacts must now use the email address for Cisco Unified Presence users, rather than the user_id@domain.

Existing Cisco Unified Presence contacts (on the federated watcher's contact list) that were added with user_id@domain must be removed, and added again using the email address for the Cisco Unified Presence user.

Any messages that Cisco Unified Presence receives from federated contacts to the user_id@domain address will be dropped (unless it happens to be the same as the email address configured in Active Directory, and the address configured in the users table on Cisco Unified Presence).

If Cisco Unified Presence users already have federated contacts on their contact list, when these users sign in to the client again, the federated contact may get a pop-up containing the email address.


Note When you turn on email address for federation, the Cisco Unified Presence user does NOT need to change anything on the client when they connect to Cisco Unified Presence, nor do they interact any differently with the Cisco Unified Presence server.


Turning On Email for Federation


Note If you have an intercluster deployment, you must turn on the email address for federation on any intercluster nodes in your deployment.


Procedure


Step 1 Select Cisco Unified Presence Administration > Presence > Settings.

Step 2 Check Enable use of Email Address when Federating.

Step 3 Read the warning message, and click OK.

Step 4 Click Save.

Step 5 After you turn on email for federation, restart the Cisco UP XCP Router in Cisco Unified Serviceability. Select Tools > Control Center - Network Services.


Related Topics

Configuring the Federation Routing Parameter

Turning On the SIP Federation Service

You need to turn on the Cisco UP XCP SIP Federation Connection Manager service on each Cisco Unified Presence node. This turns on the SIP Federation feature for each user that you provision on the node. You must perform this procedure on each node in the cluster.

Procedure


Step 1 Select Cisco Unified Serviceability > Tools > Service Activation.

Step 2 Select the server from the Server list box.

Step 3 Select Go.

Step 4 Select the radio button next to the Cisco UP XCP SIP Federation Connection Manager service in the CUP Services section.

Step 5 Select Save.

Step 6 The Cisco UP SIP Proxy service must be running for SIP federation to work. Select Cisco Unified Serviceability > Tools > Feature Services and verify that the Cisco UP SIP Proxy service is running.


Related Topics

How To Turn on and Capture Logging for Federation