Cisco Jabber for Windows 9.1.x Installation and Configuration Guide
Plan for Installation
Downloads: This chapterpdf (PDF - 1.47MB) The complete bookPDF (PDF - 3.87MB) | Feedback

Plan for Installation

Contents

Plan for Installation

Review what the client supports before you begin installation. Learn about hardware and software requirements. Find out what ports the client requires and what protocols it uses.

Hardware Requirements

Installed RAM

  • 1.87 GB RAM on Microsoft Windows XP 32 bit with Service Pack 3
  • 2 GB RAM on Microsoft Windows 7

Free Physical Memory

  • 128 MB

Free Disk Space

  • 256 MB

CPU Speed and Type

  • Mobile AMD Sempron Processor 3600+ 2 GHz
  • Intel Core2 CPU T7400 @ 2. 16 GHz

GPU

  • Directx 9 on Microsoft Windows XP 32 bit with Service Pack 3
  • Directx 11 on Microsoft Windows 7

I/O Ports

  • USB 2.0 for USB camera and audio devices.

Software Requirements

For successful deployment, ensure that client workstations meet the software requirements.

Operating Systems

You can install Cisco Jabber for Windows on the following operating systems:
  • Microsoft Windows 7 32 bit
  • Microsoft Windows 7 64 bit
  • Microsoft Windows Vista 32 bit
  • Microsoft Windows Vista 64 bit
  • Microsoft Windows XP 32 bit with Service Pack 3

On-Premises Servers

Cisco Jabber for Windows supports the following on-premises servers:
  • Cisco Unified Communications Manager version 7.1(4) or later

    Note


    Cisco Jabber for Windows supports Cisco Unified Communications Manager 7.1.3 if you install the following COP file to enable CSF devices: ciscocm.installcsfdevicetype.cop.sgn.

    Download ciscocm.installcsfdevicetype.cop.sgn from the Cisco Jabber for Windows administration package on Cisco.com.


  • Cisco Unified Presence version 8.0.3 or later
  • Cisco Unity Connection version 8.0 or later
  • Cisco WebEx Meetings Server version 1.1 or later
Cisco Jabber for Windows supports the following features with Cisco Unified Survivable Remote Site Telephony version 8.5:
  • Basic call functionality
  • Ability to hold and resume calls
Restriction:

Cisco Jabber for Windows requires an active connection to the presence server to successfully fall back to Cisco Unified Survivable Remote Site Telephony.

Refer to the Cisco Unified SCCP and SIP SRST System Administrator Guide for information about configuring Cisco Unified Survivable Remote Site Telephony at: http:/​/​www.cisco.com/​en/​US/​docs/​voice_ip_comm/​cusrst/​admin/​sccp_sip_srst/​configuration/​guide/​SCCP_​and_​SIP_​SRST_​Admin_​Guide.html

High Availability for Instant Messaging and Presence

High availability refers to an environment in which multiple nodes exist in a subcluster to provide failover capabilities for instant messaging and presence services. If one node in a subcluster becomes unavailable, the instant messaging and presence services from that node failover to another node in the subcluster. In this way, high availability ensures reliable continuity of instant messaging and presence services for Cisco Jabber for Windows.

Cisco Jabber for Windows supports high availability with the following servers:
  • Cisco Unified Presence version 8.5 and higher
  • Cisco Unified Communications IM and Presence version 9.0 and higher
Configure High Availability
The following topics provide information for configuring your instant messaging and presence service for high availability:
  • Cisco Unified Presence: How To Configure High Availability Cisco Unified Presence Deployments
  • Cisco Unified Communications IM and Presence: High Availability IM and Presence deployments configuration
Configure Re-Login Parameters
Cisco Unified Presence and Cisco Unified Communications IM and Presence lets you configure the maximum and minimum number of seconds that Cisco Jabber for Windows waits before attempting to re-login to the server. You specify the re-login parameters in the following fields:
  • Client Re-Login Lower Limit
  • Client Re-Login Upper Limit
Attention:

As of this release, you must add 90 seconds to the value that you specify for the re-login parameters.

For example, you plan to set 170 as the value for the Client Re-Login Lower Limit parameter. You must set the value to 260, not 170.

To configure these parameters on Cisco Unified Presence, see the following topics in the Deployment Guide for Cisco Unified Presence Release 8.6 guide:
  • High Availability Client Login Profiles
  • Configuring the Advanced Service Parameters for the Server Recovery Manager
To configure these parameters on Cisco Unified Communications IM and Presence, see the following topics in the Deployment Guide for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1) guide:
  • High Availability client login profiles
  • Configure advanced service parameters for Server Recovery Manager
Impact of Failover for Clients and Services
The following topics describe the impact of failover for clients and services:
  • Cisco Unified Presence: Impact of Failover to Cisco Unified Presence Clients and Services
  • Cisco Unified Communications IM and Presence: Impact of failover to IM and Presence clients and services

Cloud-Based Servers

Cisco Jabber for Windows supports integration with the following hosted servers:
  • Cisco WebEx Messenger service
  • Cisco WebEx Administration Tool, minimum supported version is 7.5
  • Cisco WebEx Meeting Center, minimum supported versions are as follows:
    • Version T26L with Service Pack EP 20
    • Version T27L with Service Pack 9
  • Cisco WebEx Meetings (WebEx 11)

Directory Servers

You can use the following directory servers with Cisco Jabber for Windows:
  • Active Directory for Windows Server 2003 R2
  • Active Directory Domain Services for Windows Server 2008 R2
  • Cisco Unified Communications Manager User Data Service UDS is supported on Cisco Unified Communications Manager version 8.6.2 or later.
  • OpenLDAP
  • Active Directory Lightweight Directory Service (AD LDS) or Active Directory Application Mode (ADAM)
Restriction:

Directory integration with OpenLDAP, AD LDS, or ADAM requires you to define specific parameters in a Cisco Jabber for Windows configuration file. See LDAP Directory Servers for more information.

Microsoft Internet Explorer

Cisco Jabber for Windows requires Microsoft Internet Explorer 7 or later. Cisco Jabber for Windows uses the Internet Explorer rendering engine to display HTML content.

Attention:

Cisco Jabber for Windows requires Internet Explorer active scripting to render instant messages. See the following Microsoft documentation for instructions to enable active scripting: http:/​/​windows.microsoft.com/​en-US/​windows/​help/​genuine/​ie-active-script

Known Issues with Internet Explorer

  • There is a known issue with the Internet Explorer 8 rendering engine on Microsoft Windows XP. This issue might cause unexpected behavior with Cisco Jabber for Windows. You should apply the update for Internet Explorer 8 from the Microsoft website at: http:/​/​technet.microsoft.com/​en-us/​security/​bulletin/​MS10-018 This issue affects users on Microsoft Windows XP 32 bit with Service Pack 3 only. Users on Microsoft Windows Vista or Microsoft Windows 7 should not encounter this issue while using Cisco Jabber for Windows.
  • In cloud-based deployments that use single sign-on (SSO), an issue exists with Internet Explorer 9. Users with Internet Explorer 9 get security alerts when they sign in to Cisco Jabber for Windows. To resolve this issue, add webexconnect.com to the list of websites in the Compatibility View Settings window.

Microsoft Office

Cisco Jabber for Windows supports integration with the following software:
  • Microsoft Office 2007 32 bit
  • Microsoft Office 2010 32 bit
  • Microsoft Office 2010 64 bit
  • Microsoft Exchange 2007
  • Microsoft Exchange 2010

Local Contacts in Microsoft Outlook

Cisco Jabber for Windows lets users search for and add local contacts in Microsoft Outlook.

To search for local contacts in Microsoft Outlook with the client, users must have profiles set in Microsoft Outlook. In addition, users must do the following:
  1. Select File > Options.
  2. Select the Integration tab.
  3. Select either None or Microsoft Outlook.

To add local Microsoft Outlook contacts to contact lists in the client, local contacts must have email or instant message addresses in Microsoft Outlook.

To communicate with local contacts in Microsoft Outlook using the client, local contacts must have the relevant details. To send instant messages to contacts, local contacts must have an instant message address. To call contacts in Microsoft Outlook, local contacts must have phone numbers.

Enable Calendar Events from Microsoft Outlook

You must apply a setting in Microsoft Outlook so that calendar events display in Cisco Jabber for Windows.

Procedure
    Step 1   Open the email account settings in Microsoft Outlook, as in the following example:
    1. Select File > Account Settings.
    2. Select the Email tab on the Account Settings window.
    Step 2   Double-click the server name.

    In most cases, the server name is Microsoft Exchange.

    Step 3   Select the Use Cached Exchange Mode checkbox.
    Step 4   Apply the setting and then restart Microsoft Outlook.

    When users create calendar events in Microsoft Outlook, those events display in the Meetings tab.

    Enable Presence Integration with Microsoft Outlook

    To enable integration with Microsoft Outlook, you specify SIP:user@cupdomain as the value of the proxyAddresses attribute in Microsoft Active Directory. Users can then share availability in Microsoft Outlook.

    To modify the proxyAddresses attribute, you can:
    Use an Active Directory administrative tool such as Active Directory User and Computers
    The Active Directory User and Computers administrative tool allows you to edit attributes on Microsoft Windows Server 2008 or higher.
    Use the ADSchemaWizard.exe utility

    The ADSchemaWizard.exe utility is available in the Cisco Jabber for Windows administration package. This utility generates an LDIF file that modifies your directory to add the proxyAddresses attribute to each user with the following value: SIP:user@cupdomain.

    You should use the ADSchemaWizard.exe utility on servers that do not support the edit attribute feature in the Active Directory User and Computers administrative tool, such as Microsoft Windows Server 2003. You can use a tool such as ADSI Edit to verify the changes that you apply with the ADSchemaWizard.exe utility.

    The ADSchemaWizard.exe utility requires Microsoft .NET Framework version 3.5 or higher.

    Create a script with Microsoft Windows PowerShell

    Refer to the appropriate Microsoft documentation for creating a script to enable presence in Microsoft Outlook.

    Enable Presence with the Active Directory User and Computers Tool

    Complete the following steps to enable presence in Microsoft Outlook for individual users with the Active Directory User and Computers administrative tool:

    Procedure
      Step 1   Start the Active Directory User and Computers administrative tool. You must have administrator permissions to run the Active Directory User and Computers administrative tool.
      Step 2   Select View in the menu bar and then select the Advanced Features option from the drop-down list.
      Step 3   Navigate to the appropriate user in the Active Directory User and Computers administrative tool.
      Step 4   Double click the user to open the Properties dialog box.
      Step 5   Select the Attribute Editor tab.
      Step 6   Locate and select the proxyAddresses attribute in the Attributes list box.
      Step 7   Select Edit to open the Multi-valued String Editor dialog box.
      Step 8   In the Value to add text box, specify the following value: SIP:user@cupdomain.

      For example, SIP:msmith@cisco.com.

      Where the user@cupdomain value is the user's instant messaging address. cupdomain corresponds to the domain for Cisco Unified Presence or Cisco Unified Communications IM and Presence.


      Microsoft SharePoint

      Cisco Jabber for Windows supports the following versions of Microsoft SharePoint:
      • Microsoft SharePoint 2007
      • Microsoft SharePoint 2010
      Important:
      • To enable availability status in Microsoft SharePoint, you must install either Microsoft Outlook 2007 or Microsoft Outlook 2010 on computers where you install Cisco Jabber for Windows.
      • Cisco Jabber for Windows supports availability status in Microsoft SharePoint sites only if users access those sites with Microsoft Internet Explorer. You should add the Microsoft SharePoint site to the list of trusted sites in Microsoft Internet Explorer.

      Microsoft Office 365

      Cisco Jabber for Windows supports client-side integration with Microsoft Office 365 with the following applications :
      • Microsoft Office 2007 32 bit
      • Microsoft Office 2010 32 bit
      • Microsoft Office 2010 64 bit
      • Microsoft SharePoint 2010

      Note


      Microsoft Office 365 supports different configuration types based on the plan, or subscription, type. Cisco Jabber for Windows has been tested with small business plan P1 of Microsoft Office 365, which requires an on-premises Active Directory server.


      Calendar Integration

      You can use the following client applications for calendar integration:
      • Microsoft Outlook 2007 32 bit
      • Microsoft Outlook 2010 32 bit
      • Microsoft Outlook 2010 64 bit
      • IBM Lotus Notes 8.5.1 32 bit
      • IBM Lotus Notes 8.5.2 32 bit
      • Google Calendar

      Virtual Environments

      You can deploy Cisco Jabber for Windows in virtual environments using the following software:

      • Citrix XenDesktop 5.0
      • Citrix XenDesktop 5.5
      • Citrix XenApp 5.0 Feature Pack 3 Enterprise Edition for Windows Server 2008 Service Pack 2 64 bit, published desktop
      • Citrix XenApp 6.0 Enterprise Edition for Windows 2008 R2 64 bit, published desktop
      • Citrix XenApp 6.5 Enterprise Edition for Windows 2008 R2 64 bit, published desktop
      • VMWare View Connection Manager 4.6.1.640196 with
        • VMWare Agent 5.0
        • VMWare Client 4.6.1
      • VMWare View Connection Manager 5.1.0704644 with
        • VMWare Agent 5.1.0704644
        • VMWare Client 5.1.0704644

      Supported Functionality

      Cisco Jabber for Windows supports the following functionality in virtual environments:
      • Instant messaging and presence with other Cisco Jabber clients
      • Desk phone control
      • Voicemail
      • Presence integration with Microsoft Outlook and IBM Lotus Notes

      Screen Readers

      Cisco Jabber for Windows is compatible with Job Access With Speech (JAWS) screen readers. However, the user experience with screen readers is not always consistent across the application, depending on the version of Cisco Jabber for Windows. Users who require screen readers should always use the most recent version to ensure the best possible user experience.

      CTI Servitude

      Cisco Jabber for Windows supports Computer Telephony Integration (CTI) servitude, or CTI control of Cisco Jabber for Windows from a third party application.

      For more information on CTI servitude, see the CTI documentation for the appropriate version of Cisco Unified Communications Manager.

      See the following sites on the Cisco Developer Network for more information about creating applications for CTI control of through Cisco Unified Communications Manager APIs:

      Security Compliance

      Securing your network requires careful planning and research. Here are some sites that can help you get started:
      See the following sites for more information on software security compliance:

      Supported Codecs

      Supported Audio Codecs

      • g.722.1
        • g.722.1 32k
        • g.722.1 24k

        Note


        g.722.1 is supported on Cisco Unified Communications Manager 8.6.1 or later.


      • g.711
        • g.711 A-law
        • g.711 u-law
      • g.729a

      Supported Video Codecs

      • H.264/AVC

      Network Requirements

      Review network requirements such as the ports the client uses to connect to services.

      ICMP Requests

      Cisco Jabber for Windows sends Internet Control Message Protocol (ICMP) requests to the TFTP server. These requests enable the client to determine if it can connect to Cisco Unified Communications Manager.

      You must configure your firewall settings to allow ICMP requests from the client. The client cannot establish a connection to Cisco Unified Communications Manager if your firewall does not allow ICMP requests.

      Related References

      Ports and Protocols

      The client uses the ports and protocols listed in the following tables:

      Inbound

      Port Protocol Description
      16384 to 32766 UDP Real-Time Transport Protocol (RTP) media streams for audio and video

      Outbound

      Port Protocol Description
      69 UDP Trivial File Transfer Protocol (TFTP) service
      6970 HTTP TFTP service to download client configuration
      80 TCP

      (HTTP)

      Cisco Unified Communications Manager administrator and user web pages

      Cisco WebEx Meeting Center for hosted conferencing

      Cisco Unity Connection for voicemail

      143 IMAP

      (TCP)

      Cisco Unity Connection for access to voice mail messages
      993 IMAP

      (SSL)

      Cisco Unity Connection to retrieve and manage voice messages
      7993 IMAP

      (TLS)

      Cisco Unity Connection for access to secure voice messages
      443 TCP

      (HTTPS)

      Cisco WebEx Messenger service for XMPP

      Cisco WebEx Meetings Server for on-premises conferencing

      389 UDP / TCP LDAP directory server
      636 LDAPS LDAP directory server (secure)
      3268 TCP Global Catalog server
      3269 LDAPS Global Catalog server (secure)
      2748 TCP CTI gateway
      5060 UDP / TCP Session Initiation Protocol (SIP) call signaling
      5061 TCP Secure SIP call signaling
      5222 TCP

      (XMPP)

      Cisco Unified Presence or Cisco Unified Communications IM and Presence

      8191 TCP Simple Object Access Protocol (SOAP) web services
      8443 HTTPS Web access to Cisco Unified Communications Manager and includes connections for the following:
      • Cisco Unified Communications Manager IP Phone (CCMCIP) server for assigned devices
      • User Data Service (UDS)
      16384 to 32766 UDP RTP media streams for audio and video
      53 UDP / TCP Domain Name System (DNS) traffic
      1080 SOCKS5 Bytestreams Peer to peer file transfers

      If port 1080 is in use, the client attempts to use the next available port in the range from 1081 to 1089.

      In on-premises deployments, the client also uses port 1080 to send screen captures.

      Note   

      If port 1080 is blocked, the client uses the following port range: 37200 to 37209.

      Related References

      Phones, Headsets, and Cameras

      Review the phones, headsets, and cameras that the client supports.

      CTI Supported Devices

      Cisco Jabber for Windows supports the same CTI devices as Cisco Unified Communications Manager version 8.6(1). See the CTI Supported Device Matrix in the CTI Supported Devices topic.

      Related Information

      Supported Headsets and Speakers

      Plantronics Blackwire C310 Plantronics Voyager Pro UC B230
      Plantronics Blackwire C320 Plantronics DSP 400
      Plantronics Blackwire C420 Plantronics Savi 740
      Plantronics Blackwire C435 Plantronics Savi 440
      Plantronics Blackwire C610 Jabra GN2000 CIPC Mono
      Plantronics Blackwire C620 Jabra GN2000 CIPC Duo
      Plantronics Blackwire C710 Jabra Go 6470
      Plantronics Blackwire C720 Jabra Pro 930
      Plantronics Calisto P240 series Jabra Speak 410
      Plantronics Calisto P420 Jabra BIZ 2400
      Plantronics Calisto P800 series Polycom CX100 Speakerphone
      Plantronics Voyager Pro UC WG200/B -

      Supported Cameras

      Microsoft LifeCam Cinema Cisco TelePresence PrecisionHD USB
      Logitech Pro 9000 Cisco VTIII, resolution up to VGA
      Logitech C920 -

      COP Files for Cisco Jabber for Windows

      In certain cases, you might need to apply COP files to Cisco Unified Communications Manager.

      You can download the following COP files from the Cisco Jabber for Windows administration package on Cisco.com:
      COP File Description Cisco Unified Communications Manager Versions
      ciscocm.installcsfdevicetype.cop.sgn Adds the CSF device type to Cisco Unified Communications Manager.

      For more information, see Software Requirements.

      7.1.3
      cmterm-bfcp-e.8-6-2.cop.sgn Enables CSF devices to support BFCP video desktop sharing.

      For more information, see Apply COP File for BFCP Capabilities.

      8.6.2 only
      ciscocm.addcsfsupportfield.cop.sgn Adds the CSF Support Field field for group configuration files.

      For more information, see Create Group Configurations.

      8.6.x and lower
      cmterm-cupc-dialrule-wizard-0.1.cop.sgn Publishes application dial rules and directory lookup rules to Cisco Jabber for Windows.

      For more information, see Publish Dial Rules.

      All supported versions
      Related Information

      Client-Side Availability Status

      This topic describes the In a meeting (according to my calendar) checkbox on the Status tab of the Options window.

      The client supports two options for setting the 'In a meeting' availability status when events occur in your calendar:
      'In a meeting' availability status comes from Microsoft Exchange

      Requires Cisco Unified Presence and Microsoft Exchange integration. Applies to on-premises deployments.

      'In a meeting' availability status comes from Cisco Jabber for Windows

      Applies to on-premises and cloud-based deployments.

      Availability status changes to 'In a meeting' if events occur in your calendar when:
      Deployment Select In a meeting (according to my calendar) Do Not Select In a meeting (according to my calendar)

      You enable integration between Cisco Unified Presence and Microsoft Exchange.

      Cisco Unified Presence sets availability status Availability status does not change

      You do not enable integration between Cisco Unified Presence and Microsoft Exchange.

      Client sets availability status Availability status does not change
      Cloud-Based deployments Client sets availability status Availability status does not change

      Note


      If you select the In a meeting (according to my calendar) checkbox, the client displays only the 'In a meeting' availability status when calendar events occur in a supported calendar client, such as Microsoft Outlook, IBM Lotus Notes, or Google Calendar. The client does not display other availability statuses from other calendar sources.


      The following statements apply to on-premises deployments:
      • You must disable Cisco Unified Presence and Microsoft Exchange integration in order for the client to set the 'In a meeting' availability status. The client checks if integration between Cisco Unified Presence and Microsoft Exchange is on or off. The client only sets the 'In a meeting' availability status if integration is off.
      • The Cisco Unified Presence user options page contains the following field:
        • Include Calendar information in my Presence Status
        This field is equivalent to the In a meeting (according to my calendar) checkbox in the client. Both fields update the same value in the Cisco Unified Presence database.
        If users set both fields to different values, the last field the user sets takes priority. If users change the value of the Include Calendar information in my Presence Status field while the client is running, the users must restart the client for those changes to apply.
      Compare client-side availability status to integration between Cisco Unified Presence and Microsoft Exchange:
      Client-Side 'In a meeting' Availability Status Enabled Cisco Unified Presence Integrated with Microsoft Exchange
      'Offline in a meeting' availability status is not supported. 'Offline in a meeting' availability status is supported.
      'In a meeting' availability status is supported for events that do not appear in the user's calendar. 'In a meeting' availability status is not supported for events that do not appear in the user's calendar.
      • 'Offline in a meeting' availability status refers to when the user is not logged in to the client but an event exists in the user's calendar.
      • Events that do not appear in the user's calendar refer to events such as ad hoc conferencing. For example, user A creates an unscheduled Cisco WebEx meeting. User A then invites user B to that meeting by sending the meeting URL in an instant message.

      Instant Message Encryption

      Cisco Jabber for Windows uses TLS to secure XMPP traffic over the network between the client and server. Cisco Jabber for Windows encrypts point to point instant messages and group chats.

      On-Premises Encryption

      The following table summarizes the details for instant message encryption in on-premises deployments:
      Connection Protocol Negotiation Certificate Expected Encryption Algorithm
      Client to server XMPP over TLS X.509 Public Key Infrastructure certificate AES 256 bit

      Server and Client Negotiation

      The following servers negotiate TLS encryption with Cisco Jabber for Windows using X.509 Public Key Infrastructure (PKI) certificates with the following:
      • Cisco Unified Presence
      • Cisco Unified Communications IM and Presence

      After the server and client negotiate TLS encryption, both the client and server generate and exchange session keys to encrypt instant messaging traffic.

      The following table lists the PKI certificate key lengths for Cisco Unified Presence and Cisco Unified Communications IM and Presence:
      Version Key Length
      Cisco Unified Communications IM and Presence versions 9.0.1 and higher 2048 bit
      Cisco Unified Presence versions 8.6.4 and higher 2048 bit
      Cisco Unified Presence versions lower than 8.6.4 1024 bit

      XMPP Encryption

      Cisco Unified Presence and Cisco Unified Communications IM and Presence both use 256 bit length session keys encrypted with the AES algorithm to secure instant message traffic between Cisco Jabber for Windows and the presence server.

      If you require additional security for traffic between server nodes, you can configure XMPP security settings on Cisco Unified Presence or Cisco Unified Communications IM and Presence. See the following documents for more information about security settings:
      • Cisco Unified Presence: Configuring Security on Cisco Unified Presence
      • Cisco Unified Communications IM and Presence: Security configuration on IM and Presence

      Instant Message Logging

      If required, you can log and archive instant messages for compliance with regulatory guidelines. To log instant messages, you either configure an external database or integrate with a third party compliance server. Cisco Unified Presence and Cisco Unified Communications IM and Presence do not encrypt instant messages you log in external databases or in third party compliance servers. You must configure your external database or third party compliance server as appropriate to protect the instant messages you log.

      See the following documents for more information about compliance:
      • Cisco Unified Presence: Instant Messaging Compliance Guide
      • Cisco Unified Communications IM and Presence: Instant Messaging Compliance for IM and Presence Service

      For more information about encryption levels and cryptographic algorithms, including symmetric key algorithms such as AES or public key algorithms such as RSA, see Next Generation Encryption.

      For more information about X509 Public Key Infrastructure certificates, see the Internet X.509 Public Key Infrastructure Certificate and CRL Profile document.

      Cloud-Based Encryption

      The following table summarizes the details for instant message encryption in cloud-based deployments:
      Connection Protocol Negotiation Certificate Expected Encryption Algorithm
      Client to server XMPP within TLS X.509 Public Key Infrastructure certificate AES 128 bit
      Client to client XMPP within TLS X.509 Public Key Infrastructure certificate AES 256 bit

      Server and Client Negotiation

      The following servers negotiate TLS encryption with Cisco Jabber for Windows using X.509 Public Key Infrastructure (PKI) certificates with the Cisco WebEx Messenger service.

      After the server and client negotiate TLS encryption, both the client and server generate and exchange session keys to encrypt instant messaging traffic.

      XMPP Encryption

      The Cisco WebEx Messenger service uses 128 bit length session keys encrypted with the AES algorithm to secure instant message traffic between Cisco Jabber for Windows and the Cisco WebEx Messenger service.

      You can optionally enable 256 bit client-to-client AES encryption to secure traffic between clients.

      Instant Message Logging

      The Cisco WebEx Messenger service can log instant messages, but it does not archive those instant messages in an encrypted format. However, the Cisco WebEx Messenger service uses stringent data center security, including SAE-16 and ISO-27001 audits, to protect the instant messages it logs.

      The Cisco WebEx Messenger service cannot log instant messages if you enable AES 256 bit client-to-client encryption.

      For more information about encryption levels and cryptographic algorithms, including symmetric key algorithms such as AES or public key algorithms such as RSA, see Next Generation Encryption.

      For more information about X509 Public Key Infrastructure certificates, see the Internet X.509 Public Key Infrastructure Certificate and CRL Profile document.

      Client to Client Encryption

      By default, instant messaging traffic between the client and the Cisco WebEx Messenger service is secure. You can optionally specify policies in the Cisco WebEx Administration Tool to secure instant messaging traffic between clients.

      The following policies specify client-to-client encryption of instant messages:
      Support AES Encoding For IM

      Sending clients encrypt instant messages with the AES 256 bit algorithm. Receiving clients decrypt instant messages.

      Support No Encoding For IM

      Clients can send and receive instant messages to and from other clients that do not support encryption.

      The following table describes the different combinations you can set with these policies:
      Policy combination Client to client encryption When the remote client supports AES encryption When the remote client does not support AES encryption

      Support AES Encoding For IM = false

      Support No Encoding For IM = true

      No

      Cisco Jabber for Windows sends unencrypted instant messages.

      Cisco Jabber for Windows does not negotiate a key exchange. As a result, other clients do not send Cisco Jabber for Windows encrypted instant messages.

      Cisco Jabber for Windows sends and receives unencrypted instant messages.

      Support AES Encoding For IM = true

      Support No Encoding For IM = true

      Yes

      Cisco Jabber for Windows sends and receives encrypted instant messages.

      Cisco Jabber for Windows displays an icon to indicate instant messages are encrypted.

      Cisco Jabber for Windows sends encrypted instant messages.

      Cisco Jabber for Windows receives unencrypted instant messages.

      Support AES Encoding For IM = true

      Support No Encoding For IM = false

      Yes

      Cisco Jabber for Windows sends and receives encrypted instant messages.

      Cisco Jabber for Windows displays an icon to indicate instant messages are encrypted.

      Cisco Jabber for Windows does not send or receive instant messages to the remote client.

      Cisco Jabber for Windows displays an error message when users attempt to send instant messages to the remote client.


      Note


      • Cisco Jabber for Windows does not support client-to-client encryption with group chats. Cisco Jabber for Windows uses client-to-client encryption for point-to-point chats only.

      For more information about encryption and Cisco WebEx policies, see the About Encryption Levels topic in the Cisco WebEx documentation.

      Related Information

      Encryption Icons

      Review the icons that the client displays to indicate encryption levels.

      Lock Icon for Client to Server Encryption

      In both on-premises and cloud-based deployments, Cisco Jabber for Windows displays the following icon to indicate client to server encryption:

      Padlock Icon for Client to Client Encryption

      In cloud-based deployments, Cisco Jabber for Windows displays the following icon to indicate client to client encryption:

      Local Chat History

      If you enable local chat history, Cisco Jabber for Windows does not archive instant messages in an encrypted format. In order to restrict access to chat history, Cisco Jabber for Windows saves archives to the following directory: %USERPROFILE%\AppData\Local\Cisco\Unified Communications\Jabber\CSF\History\uri.db

      Audio and Video Performance Reference

      Learn about audio and video performance for Cisco Jabber for Windows.

      Attention:

      The following data is based on testing in a lab environment. This data is intended to provide an idea of what you can expect in terms of bandwidth usage. The content in this topic is not intended to be exhaustive or to reflect all media scenarios that might affect bandwidth usage.

      Bit Rates for Audio

      The following table describes bit rates for audio:
      Codec RTP payload in kilobits (kbits) per second Actual bitrate (kbits per second) Notes
      g.722.1 24/32 54/62 High quality compressed
      g.711 64 80 Standard uncompressed
      g.729a 8 38 Low quality compressed

      Bit Rates for Video

      The following table describes bit rates for video with g.711 audio:
      Resolution Pixels Measured bit rate (kbits per second) with g.711 audio
      w144p 256 x 144 156
      w288p

      This is the default size of the video rendering window for Cisco Jabber for Windows.

      512 x 288 320
      w448p 768 x 448 570
      w576p 1024 x 576 890
      720p 1280 x 720 1300
      Notes about the preceding table:
      • This table does not list all possible resolutions.
      • The measured bit rate is the actual bandwidth used (RTP payload + IP packet overhead).

      Bit Rates for Presentation Video

      The following table describes the bit rates for presentation video:
      Pixels Estimated wire bit rate at 2 fps (kbits per second) Estimated wire bit rate at 8 fps (kbits per second)
      720 x 480 41 164
      704 x 576 47 188
      1024 x 768 80 320
      1280 x 720 91 364
      1280 x 800 100 400
      Notes about the preceding table:
      • Cisco Jabber for Windows captures at 8 fps and transmits at 2 to 8 fps.
      • The values in this table do not include audio.

      Maximum Negotiated Bit Rate

      You specify the maximum payload bit rate in Cisco Unified Communications Manager in the Region Configuration window. This maximum payload bit rate does not include packet overhead, so the actual bit rate used is higher than the maximum payload bit rate you specify.

      The following table describes how Cisco Jabber for Windows allocates the maximum payload bit rate:
      Desktop sharing session Audio Interactive video (Main video) Presentation video (Desktop sharing video)
      No Cisco Jabber for Windows uses the maximum audio bit rate Cisco Jabber for Windows allocates the remaining bit rate as follows:

      The maximum video call bit rate minus the audio bit rate.

      -
      Yes Cisco Jabber for Windows uses the maximum audio bit rate Cisco Jabber for Windows allocates half of the remaining bandwidth after subtracting the audio bit rate. Cisco Jabber for Windows allocates half of the remaining bandwidth after subtracting the audio bit rate.

      Performance Expectations for Bandwidth

      Cisco Jabber for Windows separates the bit rate for audio and then divides the remaining bandwidth equally between interactive video and presentation video. The following table provides information to help you understand what performance you should be able to achieve per bandwidth:
      Upload speed Audio Audio + Interactive video (Main video) Audio + Presentation video (Desktop sharing video) Audio + Interactive video + Presentation video
      125 kbps under VPN At bandwidth threshold for g.711. Sufficient bandwidth for g.729a and g.722.1. Insufficient bandwidth for video. Insufficient bandwidth for video. Insufficient bandwidth for video.
      384 kbps under VPN Sufficient bandwidth for any audio codec. w288p (512 x 288) at 30 fps 1280 x 800 at 2+ fps w144p (256 x 144) at 30 fps + 1280 x 720 at 2+ fps
      384 kbps in an enterprise network Sufficient bandwidth for any audio codec. w288p (512 x 288) at 30 fps 1280 x 800 at 2+ fps w144p (256 x 144) at 30 fps + 1280 x 800 at 2+ fps
      1000 kbps Sufficient bandwidth for any audio codec. w576p (1024 x 576) at 30 fps 1280 x 800 at 8 fps w288p (512 x 288) at 30 fps + 1280 x 800 at 8 fps
      2000 kbps Sufficient bandwidth for any audio codec. w720p30 (1280 x 720) at 30 fps 1280 x 800 at 8 fps w288p (1024 x 576) at 30 fps + 1280 x 800 at 8 fps

      Note that VPN increases the size of the payload, which increases the bandwidth consumption.

      Video Rate Adaptation

      Cisco Jabber for Windows uses video rate adaptation to negotiate optimum video quality. Video rate adaptation dynamically increases or decreases video bit rate throughput to handle real-time variations on available IP path bandwidth.

      Cisco Jabber for Windows users should expect video calls to begin at lower resolution and scale upwards to higher resolution over a short period of time. Cisco Jabber for Windows saves history so that subsequent video calls should begin at the optimal resolution.

      Quality of Service Configuration

      Cisco Jabber for Windows supports two methods for prioritizing and classifying Real-time Transport Protocol (RTP) traffic as it traverses the network:
      • Deploy with Cisco Media Services Interface
      • Set DSCP values in IP headers of RTP media packets

      Tip


      Cisco recommends deploying with Cisco Media Services Interface (MSI). This method effectively improves the quality of experience and reduces cost of deployment and operations. MSI also enables the client to become network aware so it can dynamically adapt to network conditions and integrate more tightly with the network.


      Cisco Media Services Interface

      Cisco Media Services Interface provides a Microsoft Windows service that works with Cisco Prime Collaboration Manager and Cisco Medianet-enabled routers to ensure that Cisco Jabber for Windows can send audio media and video media on your network with minimum latency or packet loss.

      Before Cisco Jabber for Windows sends audio media or video media, it checks for Cisco Media Services Interface.
      • If the service exists on the computer, Cisco Jabber for Windows provides flow information to Cisco Media Services Interface. The service then signals the network so that routers classify the flow and provide priority to the Cisco Jabber for Windows traffic.
      • If the service does not exist, Cisco Jabber for Windows does not use it and sends audio media and video media as normal.

      Note


      Cisco Jabber for Windows checks for Cisco Media Services Interface for each audio call or video call.


      You must install Cisco Media Services Interface separately and ensure your network is enabled for Cisco Medianet. You must also install Cisco Prime Collaboration Manager and routers enabled for Cisco Medianet.

      Set DSCP Values

      Set Differentiated Services Code Point (DSCP) values in RTP media packet headers to prioritize Cisco Jabber for Windows traffic as it traverses the network.

      Port Ranges on Cisco Unified Communications Manager

      You define the port range that the client uses on the SIP profile in Cisco Unified Communications Manager. The client then uses this port range to send RTP traffic across the network.

      Specify a Port Range on the SIP Profile

      To specify a port range for the client to use for RTP traffic, do the following:

      Procedure
        Step 1   Open the Cisco Unified CM Administration interface.
        Step 2   Select Device > Device Settings > SIP Profile.
        Step 3   Find the appropriate SIP profile or create a new SIP profile.

        The SIP Profile Configuration window opens.

        Step 4   Specify the port range in the following fields:
        Start Media Port

        Defines the start port for media streams. This field sets the lowest port in the range.

        Stop Media Port

        Defines the stop port for media streams. This field sets the highest port in the range.

        Step 5   Select Apply Config and then OK.

        How the Client Uses Port Ranges
        Cisco Jabber for Windows equally divides the port range that you set in the SIP profile. The client then uses the port range as follows:
        • Lower half of the port range for audio streams
        • Upper half of the port range for video streams
        For example, if you use a start media port of 3000 and an end media port of 4000, the client sends media through ports as follows:
        • Ports 3000 to 3501 for audio streams
        • Ports 3502 to 4000 for video streams

        As a result of splitting the port range for audio media and video media, the client creates identifiable media streams. You can then classify and prioritize those media streams by setting DSCP values in the IP packet headers.

        Options for Setting DSCP Values

        The following table describes the options, per operating system, for setting DSCP values:
        Method for Setting DSCP Values Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7
        Set DSCP values with Microsoft Group Policy No Yes Yes
        Set DSCP values on network switches and routers Yes Yes Yes
        Set DSCP values on Cisco Unified Communications Manager Yes No No
        Set DSCP Values on Cisco Unified Communications Manager

        You can set DSCP values for audio media and video media on Cisco Unified Communications Manager. Cisco Jabber for Windows can then retrieve the DSCP values from the device configuration and apply them directly to the IP headers of RTP media packets.

        Restriction:

        The DSCP values that you set on Cisco Unified Communications Manager take effect only on Microsoft Windows XP.

        For later operating systems such as Microsoft Windows Vista and Microsoft Windows 7, Microsoft implements a security feature that prevents applications from setting DSCP values on IP packet headers. For this reason, you should use an alternative method for marking DSCP values, such as Microsoft Group Policy.

        Procedure
          Step 1   Open the Cisco Unified CM Administration interface.
          Step 2   Select System > Service Parameters.

          The Service Parameter Configuration window opens.

          Step 3   Select the appropriate server and then select the Cisco CallManager service.
          Step 4   Locate the Clusterwide Parameters (System - QOS) section.
          Step 5   Specify DSCP values as appropriate and then select Save.

          Microsoft Windows XP Registry Setting for DSCP Values

          If you deploy Cisco Jabber for Windows on Microsoft Windows XP, you must configure a registry setting to enable the client to set DSCP values for RTP media packets.

          Complete the steps in the following Microsoft support article to create the DisableUserTOSSetting registry key and set the value to 0: http:/​/​support.microsoft.com/​kb/​248611

          Set DSCP Values with Group Policy

          If you deploy Cisco Jabber for Windows on Microsoft Windows Vista, or a later operating system such as Microsoft Windows 7, you can use Microsoft Group Policy to apply DSCP values.

          Complete the steps in the following Microsoft support article to create a group policy: http:/​/​technet.microsoft.com/​en-us/​library/​cc771283%28v=ws.10%29.aspx

          You should create separate policies for audio media and video media with the following attributes:
          Attributes Audio Policy Video Policy Signaling Policy
          Application name CiscoJabber.exe CiscoJabber.exe CiscoJabber.exe
          Protocol UDP UDP TCP
          Port number or range Corresponding port number or range from the SIP profile on Cisco Unified Communications Manager. Corresponding port number or range from the SIP profile on Cisco Unified Communications Manager. 5060 for SIP

          5061 for secure SIP

          DSCP value 46 34 24
          Set DSCP Values on the Network

          You can configure switches and routers to mark DSCP values in the IP headers of RTP media.

          To set DSCP values on the network, you must identify the different streams from the client application.
          Media Streams
          Because the client uses different port ranges for audio streams and video streams, you can differentiate audio media and video media based on those port range. Using the default port ranges in the SIP profile, you should mark media packets as follows:
          • Audio media streams in ports from 16384 to 24574 as EF
          • Video media streams in ports from 24575 to 32766 as AF41
          Signaling Streams

          You can identify signaling between the client and servers based on the various ports required for SIP, CTI QBE, and XMPP. For example, SIP signaling between Cisco Jabber for Windows and Cisco Unified Communications Manager occurs through port 5060.

          You should mark signaling packets as AF31.

          Protocol Handlers

          Cisco Jabber for Windows registers the following protocol handlers with the operating system to enable click-to-call or click-to-IM functionality from web browsers or other applications:
          • XMPP: Starts an instant message and opens a chat window in Cisco Jabber for Windows.
          • IM: Starts an instant message and opens a chat window in Cisco Jabber for Windows.
          • TEL: Starts an audio or video call with Cisco Jabber for Windows.

          Registry Entries for Protocol Handlers

          To register as a protocol handler, the client writes to the following locations in the Microsoft Windows registry:
          • HKEY_CLASSES_ROOT\tel\shell\open\command
          • HKEY_CLASSES_ROOT\xmpp\shell\open\command
          • HKEY_CLASSES_ROOT\im\shell\open\command
          In the case where two or more applications register as handlers for the same protocol, the last application to write to the registry takes precedence. For example, if Cisco Jabber for Windows registers as a protocol handler for XMPP: and then a different application registers as a protocol handler for XMPP:, the other application takes precedence over Cisco Jabber for Windows.
          Related References

          Protocol Handlers on HTML Pages

          You can add protocol handlers on HTML pages as part of the href attribute. When users click the hyperlinks that your HTML pages expose, the client performs the appropriate action for the protocol.

          Example of the TEL: and IM: protocol handlers on an HTML page:

          <html>
            <body>
              <a href="TEL:1234">Call 1234</a><br/>
              <a href="IM:msmith@domain">Send an instant message to Mary Smith</a>
            </body>
          </html>

          In the preceding example, when users click the hyperlink to call 1234, the client starts an audio call to that phone number. When users click the hyperlink to send an instant message to Mary Smith, the client opens a chat window with Mary.

          Example of a group chat using the XMPP: protocol handler on an HTML page:

          <html>
            <body>
              <a href="XMPP:msmith@domain;amckenzi@domain">Create a group chat with Mary Smith and Adam McKenzie</a>
            </body>
          </html>

          In the preceding example, when users click the hyperlink to create a group chat with Mary Smith and Adam McKenzie, the client opens a group chat window with Mary and Adam.


          Tip


          Add lists of contacts for the XMPP: and IM: handlers to create group chats. Use a semi-colon to delimit contacts, as in the following example:

          XMPP:user_a@domain.com;user_b@domain.com;user_c@domain.com;user_d@domain.com