Cisco Jabber for Windows 9.2.x Installation and Configuration Guide
Plan for Installation
Downloads: This chapterpdf (PDF - 1.54MB) The complete bookPDF (PDF - 4.24MB) | The complete bookePub (ePub - 1.01MB) | Feedback

Plan for Installation

Contents

Plan for Installation

Review what the client supports before you begin installation. Learn about hardware and software requirements. Find out what ports the client requires and what protocols it uses.

Hardware Requirements

Installed RAM

  • 1.87 GB RAM on Microsoft Windows XP 32 bit with Service Pack 3
  • 2 GB RAM on Microsoft Windows 7 and Windows 8

Free Physical Memory

  • 128 MB

Free Disk Space

  • 256 MB

CPU Speed and Type

  • Mobile AMD Sempron Processor 3600+ 2 GHz
  • Intel Core2 CPU T7400 @ 2. 16 GHz

GPU

  • Directx 9 on Microsoft Windows XP 32 bit with Service Pack 3
  • Directx 11 on Microsoft Windows 7

I/O Ports

  • USB 2.0 for USB camera and audio devices.

Software Requirements

For successful deployment, ensure that client workstations meet the software requirements.

Operating Systems

You can install Cisco Jabber for Windows on the following operating systems:
  • Microsoft Windows 8 32 bit
  • Microsoft Windows 8 64 bit
  • Microsoft Windows 7 32 bit
  • Microsoft Windows 7 64 bit
  • Microsoft Windows Vista 32 bit
  • Microsoft Windows Vista 64 bit
  • Microsoft Windows XP 32 bit with Service Pack 3

Note


Cisco Jabber for Windows does not require the Microsoft .NET Framework or any Java modules.



Note


Cisco Jabber for Windows 9.6 will be the last version to support Microsoft Windows XP and Microsoft Windows Vista.

Note


For Microsoft Windows 7 or 8, you can download Cisco Media Services Interface (MSI) 4.1 for use with deskphone video.
Important:
  • Cisco Jabber for Windows supports Microsoft Windows 8 in desktop mode only.
  • Cisco Medianet supports Microsoft Windows 8 but not Microsoft Windows 8.1. As a result, you cannot currently do the following on Microsoft Windows 8.1:
    • Use Cisco Media Services Interface to classify and prioritize audio media and video media traffic on the network.
    • Enable desk phone video capabilities.

On-Premises Servers

Cisco Jabber for Windows supports the following on-premises servers:
  • Cisco Unified Communications Manager version 7.1(4) or later

    Note


    Cisco Jabber for Windows supports Cisco Unified Communications Manager 7.1.3 if you install the following COP file to enable CSF devices: ciscocm.installcsfdevicetype.cop.sgn.

    Download ciscocm.installcsfdevicetype.cop.sgn from the Cisco Jabber administration package on Cisco.com.


  • Cisco Unified Presence version 8.0.3 or later
  • Cisco Unity Connection version 8.5 or later
  • Cisco WebEx Meetings Server version 1.1 or later
Cisco Jabber for Windows supports the following features with Cisco Unified Survivable Remote Site Telephony version 8.5:
  • Basic call functionality
  • Ability to hold and resume calls
Restriction:

Cisco Jabber for Windows requires an active connection to the presence server to successfully fall back to Cisco Unified Survivable Remote Site Telephony.

Refer to the Cisco Unified SCCP and SIP SRST System Administrator Guide for information about configuring Cisco Unified Survivable Remote Site Telephony at: http:/​/​www.cisco.com/​en/​US/​docs/​voice_ip_comm/​cusrst/​admin/​sccp_sip_srst/​configuration/​guide/​SCCP_​and_​SIP_​SRST_​Admin_​Guide.html

For Cisco Unified Communications Manager Express support details, refer to the Cisco Unified CME documentation: http:/​/​www.cisco.com/​en/​US/​products/​sw/​voicesw/​ps4625/​products_​device_​support_​tables_​list.html

High Availability for Instant Messaging and Presence

High availability refers to an environment in which multiple nodes exist in a subcluster to provide failover capabilities for instant messaging and presence services. If one node in a subcluster becomes unavailable, the instant messaging and presence services from that node failover to another node in the subcluster. In this way, high availability ensures reliable continuity of instant messaging and presence services for Cisco Jabber.

Cisco Jabber supports high availability with the following servers:
  • Cisco Unified Presence version 8.5 and higher
  • Cisco Unified Communications IM and Presence version 9.0 and higher
Configure High Availability
The following topics provide information for configuring your instant messaging and presence service for high availability:
  • Cisco Unified Presence: How To Configure High Availability Cisco Unified Presence Deployments
  • Cisco Unified Communications IM and Presence: High Availability IM and Presence deployments configuration
Configure Re-Login Parameters
Cisco Unified Presence and Cisco Unified Communications IM and Presence lets you configure the maximum and minimum number of seconds that Cisco Jabber waits before attempting to re-login to the server. You specify the re-login parameters in the following fields:
  • Client Re-Login Lower Limit
  • Client Re-Login Upper Limit
Attention:

As of this release, you must add 90 seconds to the value that you specify for the re-login parameters.

For example, you plan to set 170 as the value for the Client Re-Login Lower Limit parameter. You must set the value to 260, not 170.

To configure these parameters on Cisco Unified Presence, see the following topics in the Deployment Guide for Cisco Unified Presence Release 8.6 guide:
  • High Availability Client Login Profiles
  • Configuring the Advanced Service Parameters for the Server Recovery Manager
To configure these parameters on Cisco Unified Communications IM and Presence, see the following topics in the Deployment Guide for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1) guide:
  • High Availability client login profiles
  • Configure advanced service parameters for Server Recovery Manager
Impact of Failover for Clients and Services
The following topics describe the impact of failover for clients and services:
  • Cisco Unified Presence: Impact of Failover to Cisco Unified Presence Clients and Services
  • Cisco Unified Communications IM and Presence: Impact of failover to IM and Presence clients and services

Cloud-Based Servers

Cisco Jabber supports integration with the following hosted servers:
  • Cisco WebEx Messenger service
  • Cisco WebEx Administration Tool, minimum supported version is 7.5
  • Cisco WebEx Meeting Center, minimum supported versions are as follows:
    • Version T26L with Service Pack EP 20
    • Version T27L with Service Pack 9
  • Cisco WebEx Meetings (WebEx 11)

Directory Servers

You can use the following directory servers with Cisco Jabber:

Note


Cisco Unified Communications Manager User Data Services (UDS) is not supported for directory integration in this release.


  • Active Directory Domain Services for Windows Server 2012 R2
  • Active Directory Domain Services for Windows Server 2008 R2
  • Active Directory for Windows Server 2003 R2
  • OpenLDAP
  • Active Directory Lightweight Directory Service (AD LDS) or Active Directory Application Mode (ADAM)
Restriction:

Directory integration with OpenLDAP, AD LDS, or ADAM requires you to define specific parameters in a Cisco Jabber configuration file. See LDAP Directory Servers for more information.

Microsoft Internet Explorer

Cisco Jabber for Windows requires Microsoft Internet Explorer 7 or later. Cisco Jabber for Windows uses the Internet Explorer rendering engine to display HTML content.

Attention:

Cisco Jabber for Windows requires Internet Explorer active scripting to render instant messages. See the following Microsoft documentation for instructions to enable active scripting: http:/​/​windows.microsoft.com/​en-US/​windows/​help/​genuine/​ie-active-script

Known Issues with Internet Explorer

  • There is a known issue with the Internet Explorer 8 rendering engine on Microsoft Windows XP. This issue might cause unexpected behavior with Cisco Jabber for Windows. You should apply the update for Internet Explorer 8 from the Microsoft website at: http:/​/​technet.microsoft.com/​en-us/​security/​bulletin/​MS10-018 This issue affects users on Microsoft Windows XP 32 bit with Service Pack 3 only. Users on Microsoft Windows Vista or Microsoft Windows 7 should not encounter this issue while using Cisco Jabber for Windows.
  • In cloud-based deployments that use single sign-on (SSO), an issue exists with Internet Explorer 9. Users with Internet Explorer 9 get security alerts when they sign in to Cisco Jabber for Windows. To resolve this issue, add webexconnect.com to the list of websites in the Compatibility View Settings window.

Microsoft Office

Cisco Jabber for Windows supports integration with the following software:
  • Microsoft Office 2007 32 bit
  • Microsoft Office 2010 32 bit
  • Microsoft Office 2010 64 bit
  • Microsoft Office 2013 32 bit
  • Microsoft Office 2013 64 bit
  • Microsoft Exchange 2007
  • Microsoft Exchange 2010

Local Contacts in Microsoft Outlook

Cisco Jabber for Windows lets users search for and add local contacts in Microsoft Outlook.

To search for local contacts in Microsoft Outlook with the client, users must have profiles set in Microsoft Outlook. In addition, users must do the following:
  1. Select File > Options.
  2. Select the Integration tab.
  3. Select either None or Microsoft Outlook.

To add local Microsoft Outlook contacts to contact lists in the client, local contacts must have instant message addresses in Microsoft Outlook.

To show contact photos in the client interface, local contacts in Microsoft Outlook must have instant message addresses.

To communicate with local contacts in Microsoft Outlook using the client, local contacts must have the relevant details. To send instant messages to contacts, local contacts must have an instant message address. To call contacts in Microsoft Outlook, local contacts must have phone numbers.

Enable Calendar Events from Microsoft Outlook

You must apply a setting in Microsoft Outlook so that calendar events display in Cisco Jabber for Windows.

Procedure
    Step 1   Open the email account settings in Microsoft Outlook, as in the following example:
    1. Select File > Account Settings.
    2. Select the Email tab on the Account Settings window.
    Step 2   Double-click the server name.

    In most cases, the server name is Microsoft Exchange.

    Step 3   Select the Use Cached Exchange Mode checkbox.
    Step 4   Apply the setting and then restart Microsoft Outlook.

    When users create calendar events in Microsoft Outlook, those events display in the Meetings tab.

    Enable Presence Integration with Microsoft Outlook

    To enable integration with Microsoft Outlook, you specify SIP:user@cupdomain as the value of the proxyAddresses attribute in Microsoft Active Directory. Users can then share availability in Microsoft Outlook.

    To modify the proxyAddresses attribute, you can:
    Use an Active Directory administrative tool such as Active Directory User and Computers
    The Active Directory User and Computers administrative tool allows you to edit attributes on Microsoft Windows Server 2008 or higher.
    Use the ADSchemaWizard.exe utility

    The ADSchemaWizard.exe utility is available in the Cisco Jabber administration package. This utility generates an LDIF file that modifies your directory to add the proxyAddresses attribute to each user with the following value: SIP:user@cupdomain.

    You should use the ADSchemaWizard.exe utility on servers that do not support the edit attribute feature in the Active Directory User and Computers administrative tool, such as Microsoft Windows Server 2003. You can use a tool such as ADSI Edit to verify the changes that you apply with the ADSchemaWizard.exe utility.

    The ADSchemaWizard.exe utility requires Microsoft .NET Framework version 3.5 or higher.

    Create a script with Microsoft Windows PowerShell

    Refer to the appropriate Microsoft documentation for creating a script to enable presence in Microsoft Outlook.

    Enable Presence with the Active Directory User and Computers Tool

    Complete the following steps to enable presence in Microsoft Outlook for individual users with the Active Directory User and Computers administrative tool:

    Procedure
      Step 1   Start the Active Directory User and Computers administrative tool. You must have administrator permissions to run the Active Directory User and Computers administrative tool.
      Step 2   Select View in the menu bar and then select the Advanced Features option from the drop-down list.
      Step 3   Navigate to the appropriate user in the Active Directory User and Computers administrative tool.
      Step 4   Double click the user to open the Properties dialog box.
      Step 5   Select the Attribute Editor tab.
      Step 6   Locate and select the proxyAddresses attribute in the Attributes list box.
      Step 7   Select Edit to open the Multi-valued String Editor dialog box.
      Step 8   In the Value to add text box, specify the following value: SIP:user@cupdomain.

      For example, SIP:msmith@cisco.com.

      Where the user@cupdomain value is the user's instant messaging address. cupdomain corresponds to the domain for Cisco Unified Presence or Cisco Unified Communications IM and Presence.


      Microsoft SharePoint

      Cisco Jabber for Windows supports the following versions of Microsoft SharePoint:
      • Microsoft SharePoint 2007
      • Microsoft SharePoint 2010
      • Microsoft SharePoint 2013
      Important:

      Cisco Jabber for Windows supports availability status in Microsoft SharePoint sites only if users access those sites with Microsoft Internet Explorer. You should add the Microsoft SharePoint site to the list of trusted sites in Microsoft Internet Explorer.

      Microsoft Office 365

      Microsoft Office 365 supports different configuration types based on the plan, or subscription, type. Cisco Jabber for Windows has been tested with small business plan P1 of Microsoft Office 365, which requires an on-premises Active Directory server.

      Cisco Jabber for Windows supports client-side integration with Microsoft Office 365 with the following applications :
      • Microsoft Office 2013 32 bit
      • Microsoft Office 2013 64 bit
      • Microsoft Office 2010 32 bit
      • Microsoft Office 2010 64 bit
      • Microsoft Office 2007 32 bit
      • Microsoft SharePoint 2010

      Calendar Integration

      You can use the following client applications for calendar integration:
      • Microsoft Outlook 2013 32 bit
      • Microsoft Outlook 2013 64 bit
      • Microsoft Outlook 2010 32 bit
      • Microsoft Outlook 2010 64 bit
      • Microsoft Outlook 2007 32 bit
      • IBM Lotus Notes 9 32 bit
      • IBM Lotus Notes 8.5.3 32 bit
      • IBM Lotus Notes 8.5.2 32 bit
      • IBM Lotus Notes 8.5.1 32 bit
      • Google Calendar

      Virtual Environments

      You can deploy Cisco Jabber for Windows in virtual environments using the following software:

      • Citrix XenDesktop 5.0
      • Citrix XenDesktop 5.5
      • Citrix XenDesktop 5.6
      • Citrix XenApp 5.0 Feature Pack 3 Enterprise Edition for Windows Server 2008 Service Pack 2 64 bit, published desktop
      • Citrix XenApp 6.0 Enterprise Edition for Windows 2008 R2 64 bit, published desktop
      • Citrix XenApp 6.5 Enterprise Edition for Windows 2008 R2 64 bit, published desktop
      • VMWare View Connection Manager 4.6.1.640196 with
        • VMWare Agent 5.0
        • VMWare Client 4.6.1
      • VMWare View Connection Manager 5.1.0704644 with
        • VMWare Agent 5.1.0704644
        • VMWare Client 5.1.0704644

      Supported Functionality in Virtual Environments

      In virtual environments,Cisco Jabber for Windows supports the following functionality:
      • Instant messaging and presence with other Cisco Jabber clients
      • Desk phone control
      • Voicemail

      CTI Servitude

      Cisco Jabber supports Computer Telephony Integration (CTI) servitude, or CTI control of Cisco Jabber from a third party application.

      For more information on CTI servitude, see the CTI documentation for the appropriate version of Cisco Unified Communications Manager.

      See the following sites on the Cisco Developer Network for more information about creating applications for CTI control through Cisco Unified Communications Manager APIs:

      Call Control with Accessories API

      Cisco Jabber includes an API that exposes call control functions to third party accessories. This API lets our vendor partners create software plugins that enable their accessories to use the API call control functions in Cisco Jabber.

      Compatible Third Party Accessories

      You can use certain Cisco compatible accessories such as headsets, speakers, keyboards, and audio devices to perform call control actions with Cisco Jabber from the device. For example, with some headsets you can use controls to answer incoming calls, end active calls, mute audio, and place calls on hold.

      For a list of devices that are compatible with Cisco Jabber, refer to the Unified Communications Endpoint and Client Accessories site at: http:/​/​www.cisco.com/​en/​US/​prod/​voicesw/​uc_​endpoints_​accessories.html


      Note


      You can use certain third party accessories that are not Cisco compatible. However, Cisco cannot guarantee an optimal user experience with such third party accessories. For the best user experience, you should use only Cisco compatible devices with Cisco Jabber.


      Install Vendor Plugins

      To use compatible accessories with Cisco Jabber, you must do the following:

      Procedure
        Step 1   Download a compatible plugin from the third party vendor site.
        Step 2   Install the plugin separately to Cisco Jabber.

        Plugin Versions

        The following are the minimum plugin versions required for integration with Cisco Jabber:
        • Jabra PC Suite Version 2.12.3655
        • Logitech UC Plugin 1.1.27

        Known Issues with Call Control Accessories

        Logitech UC Keyboard

        As of this release, Cisco Jabber does not provide the following keyboard functions for the Logitech UC keyboard:
        • New voicemail messages
        • Device selector keys as follows:
          • Select handset
          • Select headset
          • Select speakerphone

        CTI Supported Devices

        Cisco Jabber supports the same CTI devices as Cisco Unified Communications Manager version 8.6(1). See the CTI Supported Device Matrix in the CTI Supported Devices topic.

        Related Information

        Supported Codecs

        Supported Audio Codecs

        • g.722.1
          • g.722.1 32k
          • g.722.1 24k

          Note


          g.722.1 is supported on Cisco Unified Communications Manager 8.6.1 or later.


        • g.711
          • g.711 A-law
          • g.711 u-law
        • g.729a

        Supported Video Codecs

        • H.264/AVC

        Network Requirements

        Review network requirements such as the ports the client uses to connect to services.

        ICMP Requests

        Cisco Jabber for Windows sends Internet Control Message Protocol (ICMP) requests to the TFTP server. These requests enable the client to determine if it can connect to Cisco Unified Communications Manager.

        You must configure your firewall settings to allow ICMP requests from the client. The client cannot establish a connection to Cisco Unified Communications Manager if your firewall does not allow ICMP requests.

        Related References

        Ports and Protocols

        The client uses the ports and protocols listed in the following tables:

        Inbound

        Port Protocol Description
        16384 to 32766 UDP Real-Time Transport Protocol (RTP) media streams for audio and video

        Outbound

        Port Protocol Description
        69 UDP Trivial File Transfer Protocol (TFTP) service
        6970 HTTP TFTP service to download client configuration
        80 TCP

        (HTTP)

        Cisco Unified Communications Manager administrator and user web pages

        443 TCP

        (HTTPS and XMPP)

        Cisco WebEx Meetings Server for on-premises conferencing

        Cisco Unity Connection for voicemail

        Cisco WebEx Messenger service in cloud-based deployments.

        Note   

        The client sends XMPP through port 443 in cloud-based deployments. If port 443 is blocked, the client falls back to port 5222.

        7080 TCP

        (HTTPS)

        Cisco Unity Connection for notifications of voice messages
        389 UDP / TCP LDAP directory server
        636 LDAPS LDAP directory server (secure)
        3268 TCP Global Catalog server
        3269 LDAPS Global Catalog server (secure)
        2748 TCP CTI gateway
        5060 UDP / TCP Session Initiation Protocol (SIP) call signaling
        5061 TCP Secure SIP call signaling
        5070 UDP Binary Floor Control Protocol (BFCP) for video desktop sharing
        5222 TCP

        (XMPP)

        Cisco Unified Presence or Cisco Unified Communications IM and Presence in on-premises deployments

        Note   

        In on-premises deployments, the client sends XMPP traffic through port 5222. In cloud-based deployments, the client uses port 5222 as fallback for XMPP traffic to the Cisco WebEx Messenger service if port 443 is blocked.

        8443 HTTPS Web access to Cisco Unified Communications Manager and includes connections for the following:
        • Cisco Unified Communications Manager IP Phone (CCMCIP) server for assigned devices
        16384 to 32766 UDP RTP media streams for audio and video
        53 UDP / TCP Domain Name System (DNS) traffic
        1080 SOCKS5 Bytestreams Peer to peer file transfers

        If port 1080 is in use, the client attempts to use the next available port in the range from 1081 to 1089.

        In on-premises deployments, the client also uses port 1080 to send screen captures.

        Note   

        If port 1080 is blocked, the client uses the following port range: 37200 to 37209.

        3804 TCP Locally Significant Certificates (LSC) for IP phones

        This is the listening port for Cisco Unified Communications Manager Certificate Authority Proxy Function (CAPF) enrollment.

        Related References

        COP Files for Cisco Jabber

        In certain cases, you might need to apply COP files to Cisco Unified Communications Manager.

        You can download the following COP files from the Cisco Jabber administration package on Cisco.com:
        COP File Description Cisco Unified Communications Manager Versions
        ciscocm.installcsfdevicetype.cop.sgn Adds the CSF device type to Cisco Unified Communications Manager.

        For more information, see Software Requirements.

        7.1.3
        cmterm-bfcp-e.8-6-2.cop.sgn Enables CSF devices to support BFCP video desktop sharing.

        For more information, see Apply COP File for BFCP Capabilities.

        8.6.2 only
        ciscocm.addcsfsupportfield.cop.sgn Adds the CSF Support Field field for group configuration files.

        For more information, see Create Group Configurations.

        8.6.x and lower
        cmterm-cupc-dialrule-wizard-0.1.cop.sgn Publishes application dial rules and directory lookup rules to Cisco Jabber.

        For more information, see Publish Dial Rules.

        All supported versions
        Related Information

        Client-Side Availability Status

        This topic describes the In a meeting (according to my calendar) checkbox on the Status tab of the Options window.

        The client supports two options for setting the 'In a meeting' availability status when events occur in your calendar:
        'In a meeting' availability status comes from Microsoft Exchange

        Requires Cisco Unified Presence and Microsoft Exchange integration. Applies to on-premises deployments.

        'In a meeting' availability status comes from Cisco Jabber

        Applies to on-premises and cloud-based deployments.

        Availability status changes to 'In a meeting' if events occur in your calendar when:
        Deployment Select In a meeting (according to my calendar) Do Not Select In a meeting (according to my calendar)

        You enable integration between Cisco Unified Presence and Microsoft Exchange.

        Cisco Unified Presence sets availability status Availability status does not change

        You do not enable integration between Cisco Unified Presence and Microsoft Exchange.

        Client sets availability status Availability status does not change
        Cloud-Based deployments Client sets availability status Availability status does not change

        Note


        If you select the In a meeting (according to my calendar) checkbox, the client displays only the 'In a meeting' availability status when calendar events occur in a supported calendar client, such as Microsoft Outlook, IBM Lotus Notes, or Google Calendar. The client does not display other availability statuses from other calendar sources.


        The following statements apply to on-premises deployments:
        • You must disable Cisco Unified Presence and Microsoft Exchange integration in order for the client to set the 'In a meeting' availability status. The client checks if integration between Cisco Unified Presence and Microsoft Exchange is on or off. The client only sets the 'In a meeting' availability status if integration is off.
        • The Cisco Unified Presence user options page contains the following field:
          • Include Calendar information in my Presence Status
          This field is equivalent to the In a meeting (according to my calendar) checkbox in the client. Both fields update the same value in the Cisco Unified Presence database.
          If users set both fields to different values, the last field the user sets takes priority. If users change the value of the Include Calendar information in my Presence Status field while the client is running, the users must restart the client for those changes to apply.
        Compare client-side availability status to integration between Cisco Unified Presence and Microsoft Exchange:
        Client-Side 'In a meeting' Availability Status Enabled Cisco Unified Presence Integrated with Microsoft Exchange
        'Offline in a meeting' availability status is not supported. 'Offline in a meeting' availability status is supported.
        'In a meeting' availability status is supported for events that do not appear in the user's calendar. 'In a meeting' availability status is not supported for events that do not appear in the user's calendar.
        • 'Offline in a meeting' availability status refers to when the user is not logged in to the client but an event exists in the user's calendar.
        • Events that do not appear in the user's calendar refer to events such as ad hoc conferencing. For example, user A creates an unscheduled Cisco WebEx meeting. User A then invites user B to that meeting by sending the meeting URL in an instant message.

        Instant Message Encryption

        Cisco Jabber uses TLS to secure XMPP traffic over the network between the client and server. Cisco Jabber encrypts point to point instant messages and group chats.

        On-Premises Encryption

        The following table summarizes the details for instant message encryption in on-premises deployments:
        Connection Protocol Negotiation Certificate Expected Encryption Algorithm
        Client to server XMPP over TLS X.509 Public Key Infrastructure certificate AES 256 bit

        Server and Client Negotiation

        The following servers negotiate TLS encryption with Cisco Jabber using X.509 Public Key Infrastructure (PKI) certificates with the following:
        • Cisco Unified Presence
        • Cisco Unified Communications IM and Presence

        After the server and client negotiate TLS encryption, both the client and server generate and exchange session keys to encrypt instant messaging traffic.

        The following table lists the PKI certificate key lengths for Cisco Unified Presence and Cisco Unified Communications IM and Presence:
        Version Key Length
        Cisco Unified Communications IM and Presence versions 9.0.1 and higher 2048 bit
        Cisco Unified Presence versions 8.6.4 and higher 2048 bit
        Cisco Unified Presence versions lower than 8.6.4 1024 bit

        XMPP Encryption

        Cisco Unified Presence and Cisco Unified Communications IM and Presence both use 256 bit length session keys encrypted with the AES algorithm to secure instant message traffic between Cisco Jabber and the presence server.

        If you require additional security for traffic between server nodes, you can configure XMPP security settings on Cisco Unified Presence or Cisco Unified Communications IM and Presence. See the following documents for more information about security settings:
        • Cisco Unified Presence: Configuring Security on Cisco Unified Presence
        • Cisco Unified Communications IM and Presence: Security configuration on IM and Presence

        Instant Message Logging

        If required, you can log and archive instant messages for compliance with regulatory guidelines. To log instant messages, you either configure an external database or integrate with a third party compliance server. Cisco Unified Presence and Cisco Unified Communications IM and Presence do not encrypt instant messages you log in external databases or in third party compliance servers. You must configure your external database or third party compliance server as appropriate to protect the instant messages you log.

        See the following documents for more information about compliance:
        • Cisco Unified Presence: Instant Messaging Compliance Guide
        • Cisco Unified Communications IM and Presence: Instant Messaging Compliance for IM and Presence Service

        For more information about encryption levels and cryptographic algorithms, including symmetric key algorithms such as AES or public key algorithms such as RSA, see Next Generation Encryption.

        For more information about X509 Public Key Infrastructure certificates, see the Internet X.509 Public Key Infrastructure Certificate and CRL Profile document.

        Cloud-Based Encryption

        The following table summarizes the details for instant message encryption in cloud-based deployments:
        Connection Protocol Negotiation Certificate Expected Encryption Algorithm
        Client to server XMPP within TLS X.509 Public Key Infrastructure certificate AES 128 bit
        Client to client XMPP within TLS X.509 Public Key Infrastructure certificate AES 256 bit

        Server and Client Negotiation

        The following servers negotiate TLS encryption with Cisco Jabber using X.509 Public Key Infrastructure (PKI) certificates with the Cisco WebEx Messenger service.

        After the server and client negotiate TLS encryption, both the client and server generate and exchange session keys to encrypt instant messaging traffic.

        XMPP Encryption

        The Cisco WebEx Messenger service uses 128 bit length session keys encrypted with the AES algorithm to secure instant message traffic between Cisco Jabber and the Cisco WebEx Messenger service.

        You can optionally enable 256 bit client-to-client AES encryption to secure traffic between clients.

        Instant Message Logging

        The Cisco WebEx Messenger service can log instant messages, but it does not archive those instant messages in an encrypted format. However, the Cisco WebEx Messenger service uses stringent data center security, including SAE-16 and ISO-27001 audits, to protect the instant messages it logs.

        The Cisco WebEx Messenger service cannot log instant messages if you enable AES 256 bit client-to-client encryption.

        For more information about encryption levels and cryptographic algorithms, including symmetric key algorithms such as AES or public key algorithms such as RSA, see Next Generation Encryption.

        For more information about X509 Public Key Infrastructure certificates, see the Internet X.509 Public Key Infrastructure Certificate and CRL Profile document.

        Client to Client Encryption

        By default, instant messaging traffic between the client and the Cisco WebEx Messenger service is secure. You can optionally specify policies in the Cisco WebEx Administration Tool to secure instant messaging traffic between clients.

        The following policies specify client-to-client encryption of instant messages:
        Support AES Encoding For IM

        Sending clients encrypt instant messages with the AES 256 bit algorithm. Receiving clients decrypt instant messages.

        Support No Encoding For IM

        Clients can send and receive instant messages to and from other clients that do not support encryption.

        The following table describes the different combinations you can set with these policies:
        Policy combination Client to client encryption When the remote client supports AES encryption When the remote client does not support AES encryption

        Support AES Encoding For IM = false

        Support No Encoding For IM = true

        No

        Cisco Jabber sends unencrypted instant messages.

        Cisco Jabber does not negotiate a key exchange. As a result, other clients do not send Cisco Jabber encrypted instant messages.

        Cisco Jabber sends and receives unencrypted instant messages.

        Support AES Encoding For IM = true

        Support No Encoding For IM = true

        Yes

        Cisco Jabber sends and receives encrypted instant messages.

        Cisco Jabber displays an icon to indicate instant messages are encrypted.

        Cisco Jabber sends encrypted instant messages.

        Cisco Jabber receives unencrypted instant messages.

        Support AES Encoding For IM = true

        Support No Encoding For IM = false

        Yes

        Cisco Jabber sends and receives encrypted instant messages.

        Cisco Jabber displays an icon to indicate instant messages are encrypted.

        Cisco Jabber does not send or receive instant messages to the remote client.

        Cisco Jabber displays an error message when users attempt to send instant messages to the remote client.


        Note


        • Cisco Jabber does not support client-to-client encryption with group chats. Cisco Jabber uses client-to-client encryption for point-to-point chats only.

        For more information about encryption and Cisco WebEx policies, see the About Encryption Levels topic in the Cisco WebEx documentation.

        Related Information

        Encryption Icons

        Review the icons that the client displays to indicate encryption levels.

        Lock Icon for Client to Server Encryption

        In both on-premises and cloud-based deployments, Cisco Jabber displays the following icon to indicate client to server encryption:


        Padlock Icon for Client to Client Encryption

        In cloud-based deployments, Cisco Jabber displays the following icon to indicate client to client encryption:


        Local Chat History

        For information about enabling local chat history, see the Provision Instant Messaging and Presence section of the Server Setup Guide.

        Audio and Video Performance Reference

        Learn about audio and video performance for Cisco Jabber.

        Attention:

        The following data is based on testing in a lab environment. This data is intended to provide an idea of what you can expect in terms of bandwidth usage. The content in this topic is not intended to be exhaustive or to reflect all media scenarios that might affect bandwidth usage.

        Bit Rates for Audio

        The following table describes bit rates for audio:
        Codec RTP payload in kilobits (kbits) per second Actual bitrate (kbits per second) Notes
        g.722.1 24/32 54/62 High quality compressed
        g.711 64 80 Standard uncompressed
        g.729a 8 38 Low quality compressed

        Bit Rates for Video

        The following table describes bit rates for video with g.711 audio:
        Resolution Pixels Measured bit rate (kbits per second) with g.711 audio
        w144p 256 x 144 156
        w288p

        This is the default size of the video rendering window for Cisco Jabber.

        512 x 288 320
        w448p 768 x 448 570
        w576p 1024 x 576 890
        720p 1280 x 720 1300
        Notes about the preceding table:
        • This table does not list all possible resolutions.
        • The measured bit rate is the actual bandwidth used (RTP payload + IP packet overhead).

        Bit Rates for Presentation Video

        The following table describes the bit rates for presentation video:
        Pixels Estimated wire bit rate at 2 fps (kbits per second) Estimated wire bit rate at 8 fps (kbits per second)
        720 x 480 41 164
        704 x 576 47 188
        1024 x 768 80 320
        1280 x 720 91 364
        1280 x 800 100 400
        Notes about the preceding table:
        • Cisco Jabber captures at 8 fps and transmits at 2 to 8 fps.
        • The values in this table do not include audio.

        Maximum Negotiated Bit Rate

        You specify the maximum payload bit rate in Cisco Unified Communications Manager in the Region Configuration window. This maximum payload bit rate does not include packet overhead, so the actual bit rate used is higher than the maximum payload bit rate you specify.

        The following table describes how Cisco Jabber allocates the maximum payload bit rate:
        Desktop sharing session Audio Interactive video (Main video) Presentation video (Desktop sharing video)
        No Cisco Jabber uses the maximum audio bit rate Cisco Jabber allocates the remaining bit rate as follows:

        The maximum video call bit rate minus the audio bit rate.

        -
        Yes Cisco Jabber uses the maximum audio bit rate Cisco Jabber allocates half of the remaining bandwidth after subtracting the audio bit rate. Cisco Jabber allocates half of the remaining bandwidth after subtracting the audio bit rate.

        Performance Expectations for Bandwidth

        Cisco Jabber separates the bit rate for audio and then divides the remaining bandwidth equally between interactive video and presentation video. The following table provides information to help you understand what performance you should be able to achieve per bandwidth:
        Upload speed Audio Audio + Interactive video (Main video) Audio + Presentation video (Desktop sharing video) Audio + Interactive video + Presentation video
        125 kbps under VPN At bandwidth threshold for g.711. Sufficient bandwidth for g.729a and g.722.1. Insufficient bandwidth for video. Insufficient bandwidth for video. Insufficient bandwidth for video.
        384 kbps under VPN Sufficient bandwidth for any audio codec. w288p (512 x 288) at 30 fps 1280 x 800 at 2+ fps w144p (256 x 144) at 30 fps + 1280 x 720 at 2+ fps
        384 kbps in an enterprise network Sufficient bandwidth for any audio codec. w288p (512 x 288) at 30 fps 1280 x 800 at 2+ fps w144p (256 x 144) at 30 fps + 1280 x 800 at 2+ fps
        1000 kbps Sufficient bandwidth for any audio codec. w576p (1024 x 576) at 30 fps 1280 x 800 at 8 fps w288p (512 x 288) at 30 fps + 1280 x 800 at 8 fps
        2000 kbps Sufficient bandwidth for any audio codec. w720p30 (1280 x 720) at 30 fps 1280 x 800 at 8 fps w288p (1024 x 576) at 30 fps + 1280 x 800 at 8 fps

        Note that VPN increases the size of the payload, which increases the bandwidth consumption.

        Video Rate Adaptation

        Cisco Jabber uses video rate adaptation to negotiate optimum video quality. Video rate adaptation dynamically increases or decreases video bit rate throughput to handle real-time variations on available IP path bandwidth.

        Cisco Jabber users should expect video calls to begin at lower resolution and scale upwards to higher resolution over a short period of time. Cisco Jabber saves history so that subsequent video calls should begin at the optimal resolution.

        Quality of Service Configuration

        Cisco Jabber supports two methods for prioritizing and classifying Real-time Transport Protocol (RTP) traffic as it traverses the network:
        • Deploy with Cisco Media Services Interface
        • Set DSCP values in IP headers of RTP media packets

        Tip


        Cisco recommends deploying with Cisco Media Services Interface (MSI). This method effectively improves the quality of experience and reduces cost of deployment and operations. MSI also enables the client to become network aware so it can dynamically adapt to network conditions and integrate more tightly with the network.


        Cisco Media Services Interface

        Cisco Media Services Interface provides a Microsoft Windows service that works with Cisco Prime Collaboration Manager and Cisco Medianet-enabled routers to ensure that Cisco Jabber can send audio media and video media on your network with minimum latency or packet loss.

        Before Cisco Jabber sends audio media or video media, it checks for Cisco Media Services Interface.
        • If the service exists on the computer, Cisco Jabber provides flow information to Cisco Media Services Interface. The service then signals the network so that routers classify the flow and provide priority to the Cisco Jabber traffic.
        • If the service does not exist, Cisco Jabber does not use it and sends audio media and video media as normal.

        Note


        Cisco Jabber checks for Cisco Media Services Interface for each audio call or video call.


        You must install Cisco Media Services Interface separately and ensure your network is enabled for Cisco Medianet. You must also install Cisco Prime Collaboration Manager and routers enabled for Cisco Medianet.

        Set DSCP Values

        Set Differentiated Services Code Point (DSCP) values in RTP media packet headers to prioritize Cisco Jabber traffic as it traverses the network.

        Port Ranges on Cisco Unified Communications Manager

        You define the port range that the client uses on the SIP profile in Cisco Unified Communications Manager. The client then uses this port range to send RTP traffic across the network.

        Specify a Port Range on the SIP Profile

        To specify a port range for the client to use for RTP traffic, do the following:

        Procedure
          Step 1   Open the Cisco Unified CM Administration interface.
          Step 2   Select Device > Device Settings > SIP Profile.
          Step 3   Find the appropriate SIP profile or create a new SIP profile.

          The SIP Profile Configuration window opens.

          Step 4   Specify the port range in the following fields:
          Start Media Port

          Defines the start port for media streams. This field sets the lowest port in the range.

          Stop Media Port

          Defines the stop port for media streams. This field sets the highest port in the range.

          Step 5   Select Apply Config and then OK.

          How the Client Uses Port Ranges
          Cisco Jabber equally divides the port range that you set in the SIP profile. The client then uses the port range as follows:
          • Lower half of the port range for audio streams
          • Upper half of the port range for video streams
          For example, if you use a start media port of 3000 and an end media port of 4000, the client sends media through ports as follows:
          • Ports 3000 to 3501 for audio streams
          • Ports 3502 to 4000 for video streams

          As a result of splitting the port range for audio media and video media, the client creates identifiable media streams. You can then classify and prioritize those media streams by setting DSCP values in the IP packet headers.

          Options for Setting DSCP Values

          The following table describes the options for setting DSCP values:

          Method for Setting DSCP Values Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7
          Set DSCP values with Microsoft Group Policy No Yes Yes
          Set DSCP values on network switches and routers Yes Yes Yes
          Set DSCP values on Cisco Unified Communications Manager Yes No No
          Set DSCP Values on Cisco Unified Communications Manager

          You can set DSCP values for audio media and video media on Cisco Unified Communications Manager. Cisco Jabber can then retrieve the DSCP values from the device configuration and apply them directly to the IP headers of RTP media packets.

          Procedure
            Step 1   Open the Cisco Unified CM Administration interface.
            Step 2   Select System > Service Parameters.

            The Service Parameter Configuration window opens.

            Step 3   Select the appropriate server and then select the Cisco CallManager service.
            Step 4   Locate the Clusterwide Parameters (System - QOS) section.
            Step 5   Specify DSCP values as appropriate and then select Save.

            Microsoft Windows XP Registry Setting for DSCP Values

            If you deploy Cisco Jabber for Windows on Microsoft Windows XP, you must configure a registry setting to enable the client to set DSCP values for RTP media packets.

            Complete the steps in the following Microsoft support article to create the DisableUserTOSSetting registry key and set the value to 0: http:/​/​support.microsoft.com/​kb/​248611

            Set DSCP Values with Group Policy

            If you deploy Cisco Jabber for Windows on a later operating system such as Microsoft Windows 7, you can use Microsoft Group Policy to apply DSCP values.

            Complete the steps in the following Microsoft support article to create a group policy: http:/​/​technet.microsoft.com/​en-us/​library/​cc771283%28v=ws.10%29.aspx

            You should create separate policies for audio media and video media with the following attributes:
            Attributes Audio Policy Video Policy Signaling Policy
            Application name CiscoJabber.exe CiscoJabber.exe CiscoJabber.exe
            Protocol UDP UDP TCP
            Port number or range Corresponding port number or range from the SIP profile on Cisco Unified Communications Manager. Corresponding port number or range from the SIP profile on Cisco Unified Communications Manager. 5060 for SIP

            5061 for secure SIP

            DSCP value 46 34 24
            Set DSCP Values on the Network

            You can configure switches and routers to mark DSCP values in the IP headers of RTP media.

            To set DSCP values on the network, you must identify the different streams from the client application.
            Media Streams
            Because the client uses different port ranges for audio streams and video streams, you can differentiate audio media and video media based on those port range. Using the default port ranges in the SIP profile, you should mark media packets as follows:
            • Audio media streams in ports from 16384 to 24574 as EF
            • Video media streams in ports from 24575 to 32766 as AF41
            Signaling Streams

            You can identify signaling between the client and servers based on the various ports required for SIP, CTI QBE, and XMPP. For example, SIP signaling between Cisco Jabber and Cisco Unified Communications Manager occurs through port 5060.

            You should mark signaling packets as AF31.

            Protocol Handlers

            Cisco Jabber registers the following protocol handlers with the operating system to enable click-to-call or click-to-IM functionality from web browsers or other applications:
            • XMPP: Starts an instant message and opens a chat window in Cisco Jabber.
            • IM: Starts an instant message and opens a chat window in Cisco Jabber.
            • TEL: Starts an audio or video call with Cisco Jabber.
            • CISCOTEL:Starts an audio or video call with Cisco Jabber.
            • SIP:Starts an audio or video call with Cisco Jabber.
            • CISCOTELCONF:Starts a conference call with Cisco Jabber.

            Registry Entries for Protocol Handlers

            To register as a protocol handler, the client writes to the following locations in the Microsoft Windows registry:
            • HKEY_CLASSES_ROOT\tel\shell\open\command
            • HKEY_CLASSES_ROOT\xmpp\shell\open\command
            • HKEY_CLASSES_ROOT\im\shell\open\command
            In the case where two or more applications register as handlers for the same protocol, the last application to write to the registry takes precedence. For example, if Cisco Jabber registers as a protocol handler for XMPP: and then a different application registers as a protocol handler for XMPP:, the other application takes precedence over Cisco Jabber.

            Protocol Handlers on HTML Pages

            You can add protocol handlers on HTML pages as part of the href attribute. When users click the hyperlinks that your HTML pages expose, the client performs the appropriate action for the protocol.

            Example of the TEL: and IM: protocol handlers on an HTML page:

            <html>
              <body>
                <a href="TEL:1234">Call 1234</a><br/>
                <a href="IM:msmith@domain">Send an instant message to Mary Smith</a>
              </body>
            </html>

            In the preceding example, when users click the hyperlink to call 1234, the client starts an audio call to that phone number. When users click the hyperlink to send an instant message to Mary Smith, the client opens a chat window with Mary.

            Example of the CISCOTEL:, SIP:, and CISCOTELCONF: protocol handlers on an HTML page:

            <html>
              <body>
                <a href="CISCOTEL:1234">Call 1234</a><br/>
            				<a href="SIP:msmith@domain">Call Mary</a><br/>
                <a href="CISCOTELCONF:msmith@domain;amckenzi@domain">Weekly conference call</a>
              </body>
            </html>

            In the preceding example, when users click the Call 1234 or Call Mary hyperlinks, the client starts an audio call to that phone number. When users click the Weekly conference call hyperlink, a conference call is set up between Mary, Adam, and the user who clicked the link.


            Tip


            Add lists of contacts for the CISCOTELCONF: handler to create conference calls. Use a semi-colon to delimit contacts, as in the following example:

            CISCOTELCONF:user_a@domain.com;user_b@domain.com;user_c@domain.com;user_d@domain.com

            Example of a group chat using the XMPP: protocol handler on an HTML page:

            <html>
              <body>
                <a href="XMPP:msmith@domain;amckenzi@domain">Create a group chat with Mary Smith and Adam McKenzie</a>
              </body>
            </html>

            In the preceding example, when users click the hyperlink to create a group chat with Mary Smith and Adam McKenzie, the client opens a group chat window with Mary and Adam.


            Tip


            Add lists of contacts for the XMPP: and IM: handlers to create group chats. Use a semi-colon to delimit contacts, as in the following example:

            XMPP:user_a@domain.com;user_b@domain.com;user_c@domain.com;user_d@domain.com