Cisco Jabber for Mac Installation and Configuration Guide 9.2(1)
Deploy Cisco Jabber for Mac on-premises
Downloads: This chapterpdf (PDF - 1.86MB) The complete bookPDF (PDF - 2.62MB) | The complete bookePub (ePub - 248.0KB) | Feedback

Deploy Cisco Jabber for Mac on-premises

Contents

Deploy Cisco Jabber for Mac on-premises

This chapter describes how to deploy Cisco Jabber for Mac in an on-premises environment, using Cisco Unified Presence.

Overview of Cisco Jabber for Mac on-premises deployment

You can deploy Cisco Jabber for Mac in an on-premises environment by leveraging the following key Cisco technologies:
  • Cisco Unified Presence or Cisco Unified Communications IM and Presence
  • Cisco Unified Communications Manager
  • Cisco Unity Connection
  • Cisco Webex Meeting

Note


This guide has been prepared to align with Cisco Unified Presence release 8.6(1). The system administration interface and menu choices described in the procedures that follow may vary with other versions of Cisco Unified Presence. For example, references to Cisco Unified Personal Communicator have been updated to Cisco Jabber in Cisco Unified Presence release 8.6(3).


Recommended installation

To perform this type of deployment, Cisco recommends that you configure your system in the following order:

  1. Configure directory (LDAP) services
  2. Configure firewall
  3. Create and provision users
  4. Configure IM and availability
  5. Configure optional features (federated IM, telephony, voicemail, meetings)
  6. Distribute the client

Note


This is a list of high-level tasks that may not include every aspect of your configuration. Consult the deployment checklist for a more detailed example of a typical deployment.

You should also be aware that you will occasionally switch from entering information in the Cisco Unified Presence Administration Tool to entering information in the Cisco Unified Communications Manager Administration Tool.


Before you deploy

Configure Cisco Unified Presence settings


Note


You must perform this task in Cisco Unified Presence.


Procedure
    Step 1   Select Cisco Unified Presence Administration > Application > Cisco Unified Personal Communicator > Settings.
    Step 2   Enter information into the fields:

    Field

    Setting

    CSF certificate directory (relative to CSF install directory)

    This field applies only if the Client Services Framework (CSF) requires you to import security certificates to authenticate with LDAP, web conferencing, and CCMCIP. For most deployments, you do not need to import security certificates. You only need to import security certificates for CSF to trust in the following scenarios:

    • You use a signed certificate for Cisco Unified Communications Manager Tomcat instead of the default self-signed certificate.
    • You want CSF to connect to the LDAP server via LDAPS.
    • You use a signed certificate for Cisco Unity Connection Tomcat instead of the default self-signed certificate.

    If you must specify a value, specify the directory that contains the security certificates as an absolute path. If you do not specify a directory, CSF looks for the certificates in the default directory and trusts any certificates in that location.

    Default Setting: Not set

    Credentials source for voicemail service

    If user credentials for the voicemail service are shared with another service, select the appropriate service from this list box. The user credentials automatically synchronize from the service that you select.

    Default Setting: Not set

    Troubleshooting Tips

    If this value is set to Not set, users must enter their credentials manually using the Preferences menu from the client.

    Credentials source for web conferencing service

    If user credentials for the meeting service are shared with another service, select the appropriate service from this list box. The user credentials automatically synchronize from the service that you select.

    Default Setting: Not set

    Troubleshooting Tips

    If this value is set to Not set, users must enter their credentials manually using the Preferences menu from the client.

    Maximum message size

    Enter the allowed size limit for instant messages, in bytes.

    Allow cut & paste in instant messages

    Check this check box to allow users to cut and paste in their instant messages (IMs).

    Default Setting: On

    Step 3   Select Save.

    Start essential services


    Note


    You must perform this task in Cisco Unified Communications Manager.


    To deploy Cisco Jabber, start the following Cisco Unified Presence Extensible Communication Platform (XCP) services on all Cisco Unified Presence nodes in all clusters:

    • Cisco Unified Presence XCP Authentication Service
    • Cisco Unified Presence XCP Connection Manager

    You may also start the following optional Cisco Unified Presence XCP services on all Cisco Unified Presence nodes in all clusters, depending on what features you want to make available:

    • Cisco Unified Presence XCP Text Conference Manager, for group chat.
    • Cisco Unified Presence XCP SIP Federation Connection Manager, to support federation services with third-party applications that use SIP.
    • Cisco Unified Presence XCP XMPP Federation Connection Manager, to support federation services with third-party applications that use XMPP.
    • Cisco Unified Presence XCP Counter Aggregator, if you want system administrators to be able to view statistical data on XMPP components.
    • Cisco Unified Presence XCP Message Archiver, for automatic archiving of all instant messages.

    Note


    Read the documentation relating to any feature that you are implementing before you turn on the relevant services. Additional configuration might be required.
    Procedure
      Step 1   Select Cisco Unified Serviceability > Tools > Control Center - Network Services.
      Step 2   Select the desired Cisco Unified Presence server from the Server list box.
      Step 3   Select Go.
      Step 4   Confirm the Cisco UP XCP Router service is running.
      Step 5   If the Cisco UP XCP Router service is not running, do the following:
      1. Select the radio button next to the Cisco UP XCP Router service in the CUP Services section.
      2. Select OK.
      Step 6   Select Cisco Unified Serviceability > Tools > Service Activation.
      Step 7   Select the desired Cisco Unified Presence server from the Server list box.
      Step 8   Select Go.
      Step 9   Select Cisco UP XCP Directory Service.
      Step 10   Select Save.

      Firewall requirements for Cisco Jabber for Mac

      Internet traffic moves through a firewall based on service identification numbers that are known as ports. Ports are an organizational concept used categorize and prioritize traffic. The primary purpose of a firewall is to recognize the traffic that moves through it and to allow or deny the traffic based on its port number. Firewalls must be configured to allow traffic on certain ports for Cisco Jabber to work properly. Network administrators typically block all unnecessary traffic on their networks. This involves only opening those ports that are required by enterprise-specific applications and closing all others.

      There are two types of firewalls that may be encountered in the enterprise environment, software and hardware firewalls. Software firewalls exist as a component of most modern computer operating systems. They are intended to provide a basic level of security at the individual user level. When users run Cisco Jabber for the first time, they may be asked to Accept or Unblock the application. This is the operating system software firewall asking if the application should be allowed to run. Users should be notified of this and provided information on how to properly respond. If users experience problems with availability, phone mode switching, or instant messages, the firewall might be denying connections despite the previous allowed setting. Restart Cisco Jabber. If this does not resolve the issue, return to the Firewall settings, remove Cisco Jabber, and add it again to the list of applications that allow incoming connections.

      Hardware firewalls are network devices that provide protection from unwanted traffic at an enterprise level. Hardware firewalls must be configured to allow the ports carrying traffic for Cisco Jabber. The following table lists the ports used by Cisco Jabber. These ports must be open on all firewalls for Cisco Jabber to function properly.

      Port

      Protocol

      Description

      Inbound

      16384-32766

      UDP Real-Time Transport Protocol (RTP) media streams for audio

      Outbound

      69

      UDP Trivial File Transfer Protocol (TFTP) service

      80

      TCP

      HTTP

      Cisco Unified Communications Manager administrator and user web pages
      443 TCP

      (HTTPS and XMPP)

      Cisco WebEx Meetings Server for on-premises conferencing

      Cisco Unity Connection for voicemail

      Cisco WebEx Messenger service in cloud-based deployments.

      Note   

      The client sends XMPP through port 443 in cloud-based deployments. If port 443 is blocked, the client falls back to port 5222

      7080 TCP

      (HTTPS)

      Cisco Unity Connection for notifications of voice messages
      389 UDP/TCP LDAP directory server
      636 LDAPS LDAP directory server (secure)
      3268 TCP Global Catalog server
      2748 TCP CTI gateway
      5060 UDP/TCP Session Initiation Protocol (SIP) call signaling
      5061 TCP Secure SIP call signaling
      5222 TCP

      (XMPP)

      Cisco Unified Presence or Cisco Unified Communications IM and Presence in on-premises deployments
      Note   

      In on-premises deployments, the client sends XMPP traffic through port 5222. In cloud-based deployments, the client uses port 5222 as fallback for XMPP traffic to the Cisco WebEx Messenger service if port 443 is blocked.

      8443 HTTPS Connection to Cisco Unified Communications Manager IP Phone (CCMCIP) server to get a list of currently-assigned devices.
      16384-32766 UDP RTP media streams for audio
      53 UDP/TCP Domain Name System (DNS) traffic
      1080 SOCKS5 Bytestreams Peer to peer file transfers

      If port 1080 is in use, the client attempts to use the next available port in the range from 1081 to 1089.

      3804 TCP Locally Significant Certificates (LSC) for IP phones

      This is the listening port for Cisco Unified Communications Manager Certificate Authority Proxy Function (CAPF) enrollment.

      44442

      HTTP The client listens for events from Cisco Unified Client Services Framework.

      Cisco Jabber for Mac Configuration Requirements

      In most environments, Cisco Jabber for Mac does not require any configuration. You should create a configuration file for Cisco Jabber for Mac only if the default configuration does not suit your environment or you require custom configuration.

      Global configuration files

      Global configuration files apply to all Cisco Jabber for Mac users. Cisco Jabber for Mac downloads the global configuration file from your TFTP server during the login sequence.

      The default name for the global configuration file is jabber-config.xml.

      Group configuration files

      Group configuration files apply to subsets of Cisco Jabber for Mac users. Group configuration files take priority over global configuration files.

      Cisco Jabber for Mac retrieves group configuration files after users sign in to their phone account in the client for the first time. Cisco Jabber for Mac then prompts the users to sign out. During the second login sequence, Cisco Jabber for Mac downloads the group configuration file from your TFTP server.

      Cisco Jabber for Mac loads group configuration files as follows:
      Users are not signed in
      1. Users sign in and then Cisco Jabber for Mac notifies the users about the change to their configuration settings.
      2. Users sign out.
      3. Users sign in and then Cisco Jabber for Mac loads the group configuration settings.
      Users are signed in and use Cisco Jabber for Mac for calls
      1. Cisco Jabber for Mac notifies the users about the change to their configuration settings.
      2. Users sign out.
      3. Users sign in and then Cisco Jabber for Mac loads the group configuration settings.
      Users are signed in and use Cisco Jabber for Mac for calls
      1. Users sign out.
      2. Users sign in and then Cisco Jabber for Mac notifies the users about the change to their configuration settings.
      3. Users sign out.
      4. Users sign in and then Cisco Jabber for Mac loads the group configuration settings.

      If users select the option to use Cisco Jabber for Macs for calls before they sign out, Cisco Jabber for Mac notifies the users to sign out and then sign in again to load the group configuration settings.

      Group Configuration File Names

      You specify the name of the group configuration files in the Cisco Support Field on the CSF device configuration in Cisco Jabber for Mac.

      If you remove the name of the group configuration file in the CSF device configuration on Cisco Jabber for Mac, Cisco Jabber for Mac detects the change, prompts the users to sign out, and loads the global configuration file. You can remove the name of the group configuration file in the CSF device configuration by deleting the entire configurationFile=group_configuration_file_name.xml string or by deleting the group configuration filename from the string.

      Configuration file caching

      Cisco Jabber for Mac always attempts to download configuration files from your TFTP server during the login sequence. If Cisco Jabber for Mac cannot download a configuration file, it reads the previously loaded configuration from the cache.

      Cisco Jabber for Mac caches the content of both group and global configuration files in a file named JabberLocalConfig.xml. For this reason, if you create a group configuration file, the contents of that file replace the contents of the global configuration file in the cache.


      Note


      Because the group configuration file replaces the global configuration file in the cache, you can lose configuration settings if the group configuration file does not contain the same parameters as the global configuration. For example, you create a global configuration file that contains custom embedded tab definitions. You then create a global configuration file that does not contain those embedded tab definitions. When Cisco Jabber for Mac downloads the group configuration file, those custom embedded tab definitions no longer exist in the configuration that Cisco Jabber for Mac loads.


      The JabberLocalConfig.xml file is in~/Library/Application Support/Cisco/Unified Communications/Jabber/CSF/Config

      The cache file isjabber-config.xml and is cached on the local machine.

      Configuration file examples

      EDI/BDI example

      The following example includes elements for a Windows configuration (EDI) and a non-Windows configuration (BDI). EDI and BDI can coexist in the same jabber-config.xml file. .

      <?xml version="1.0" encoding="UTF-8"?>
      <config version="1.0">
          
      <!-- LDAP Directory configuration for windows platform clients -->
          <Directory>
      								
              <!-- EDI Settings-->
              <PrimaryServerName>10.194.114.210</PrimaryServerName>
              <PresenceDomain>jabbermac75.net</PresenceDomain>
              <PresenceServer>10.189.123.231</PresenceServer>
              <ServerPort1>389</ServerPort1>
              <ConnectionUsername>aaaaaaa</ConnectionUsername>
              <ConnectionPassword>xxxxxx</ConnectionPassword>
              <SearchBase1>CN=Users,DC=jabbermac75,DC=net</SearchBase1>
      
      								<!-- BDI Settings-->
              <BDIPhotoURISubstitutionEnabled>True</BDIPhotoURISubstitutionEnabled>
              <BDIPhotoURISubstitutionToken>sAMAccountName</BDIPhotoURISubstitutionToken>
              <BDIPhotoURIWithToken>http://www.photo.cisco.com/url/path/sAMAccountName.jpg
                     </BDIPhotoURIWithToken>
              <BDILDAPServerType>OpenLDAP</BDILDAPServerType>
              <BDIPrimaryServerName>10.194.114.210</BDIPrimaryServerName>
              <BDIPresenceDomain>jabbermac75.net</BDIPresenceDomain>
              <BDIServerPort1>389</BDIServerPort1>
              <BDISearchBase1>CN=Users,DC=jabbermac75,DC=net</BDISearchBase1>
              <BDIConnectionUsername>admin@jabbermac7.net</BDIConnectionUsername>
              <BDIConnectionPassword>xxxxxx</BDIConnectionPassword>
              <BDIEnableTLS>True</BDIEnableTLS>
              <BDIUseANR>False</BDIUseANR>
              <BDIPredictiveSearchFilter>mail , displayName</BDIPredictiveSearchFilter>
          </Directory>
         
      </config>
      

      Element definitions

      The following table describes the elements in the jabber-config.xml file example.

      Note


      Only the first element, DirectoryServerType, is required. All other keys are optional.


      Element

      Description

      DirectoryServerType EDI, BDI or UDS . Only used if PresenceServerType is CUP. EDI is LDAP for Windows clients and BDI is LDAP for non-windows clients
      BDIPrimaryServerName IP address of the directory server
      BDIServerPort1 Port used to connect to the directory server
      BDIConnectionUsername Specifies a username to connect to the directory server.

      Important: The username is visible in the jabber-config.xml file as plain text. If you specify credentials in the configuration, you should use a shared, read-only directory account for all users. For more information on setting credentials, see “LDAP Credentials Configuration”

      BDIConnectionPassword Password you can specify to connect to the directory server.

      Important: The password is visible in the jabber-config.xml file as plain text. If you specify credentials in the configuration, you should use a shared, read-only directory account for all users. For more information on setting credentials, see “LDAP Credentials Configuration”

      BDISearchBase1 BaseDN
      BDIBaseFilter Specifies a base filter for AD/LDAP queries. Use a directory subkey name only to retrieve objects other than user objects when you query AD/LDAP.

      The default value is (&(objectCategory=person) Configuration files can contain only valid XML character entity references. Use &amp; instead of & if you specify a custom base filter

      BDILDAPServerType LDAP server type. Possible values are OpenLDAP or AD. Default is AD.
      BDIPresenceDomain LDAP domain
      BDIPhotoUriSubstitutionEnabled True or False. For more information about photos, see the section, “Contact Photo Retrieval”
      BDIPhotoUriSubstitutionToken Specify a directory attribute to use as a dynamic token (for example, sAMAccountName). For more information about photos, see the section, “Contact Photo Retrieval”
      BDIPhotoUriWithToken Photo URL template. Specify the URL and the dynamic token as the value of the parameter . Possible values:
      • http://staffphoto.example.com/sAMAccountName.jpg
      • http://staffphoto.example.com/uid.jpeg

      For more information about photos, see the section, “Contact Photo Retrieval”

      BDIEnableTLS Default is False. Use True to enable TLS
      BDIPredictiveSearchFilter (Optional) Defines a filter Cisco Jabber for Mac applies to predictive search queries. This key is only used if BDIUseANR is set to False. If BDIUseANR is set to False and BDIPredictiveSearchFilter is not set, Cisco Jabber for Mac uses a default search filter.
      BDIUseANR The default for BDIUseANR is True for AD and False for openLDAP. When it is set to False, LDAP search is based on the value of the BDIPredictiveSearchFilter set in jabber-config.xml, if that value is set.

      For more information about ANR, see "Predictive Search".

      BDIUseSIPURIToResolveContacts Determines if the app should be SIP-aware. True or False. False is default.
      BDIUriPrefix String that Cisco Jabber for Mac searches for in the Primary Address, typically SIP. Default is an empty string.
      BDIUseJabberCredentials Default is False. If this is set to True, and credentials are not set in configuration or in Cisco Unified Presence, Cisco Jabber credentials will be used for login.
      BDIDomainName Attribute for domain name. Default is dn
      BDIUserAccountName Attribute for user name. Defaults:
      • AD: sAMAccountName
      • OpenLDAP: uid
      BDIDisplayName Attribute for display name. Defaults:
      • AD: displayName
      • OpenLDAP: cn
      BDICommonName Attribute for common name. Default is cn for AD; no default for OpenLDAP
      BDIFirstName Attribute for first name. Default is givenName
      BDILastName Attribute for last name. Default is sn
      BDINickName Attribute for nickname. Default is nickname for AD; no default for OpenLDAP
      BDIEmailAddress Attribute for email address. Default is mail
      BDIBusinessPhone Attribute for office phone number. Default is telephoneNumber
      BDIMobilePhone Attribute for mobile phone. Defaults:
      • AD: mobile
      • OpenLDAP: mobileTelephoneNumber
      BDIHomePhone Attribute for home phone. Defaults:
      • AD: mobile
      • OpenLDAP: mobileTelephoneNumber
      BDIOtherPhone Attribute for other phone. Default is otherTelephone for AD; no default for OpenLDAP
      BDITitle Attribute for title. Default is title
      BDICompanyName Attribute for company name. Default is company
      BDILocation Attribute for location. Default is location
      BDOStreetAddress Attribute for street address. Default is streetAddress
      BDIState Attribute for state. Default is st
      BDICity Attribute for city. Default is l
      BDIPostalCode Attribute for postal code. Default is postalCode
      BDICountry Attribute for country. Default is co
      BDIPhotoSource Attribute for photo source. Defaults:
      • AD: thumbnaiPhoto
      • OpenLDAP: jpegPhoto

      To use a photo with AD, remove any BDIPhotoSource attributes in jabber-config.xml. You need not specify thumbnailPhoto as the attribute, because Cisco Jabber for Mac uses thumbnailPhoto as the default. Simply upload the user image to the thumbnailPhoto attribute in AD.

      For more information about photos, see the section, “Contact Photo Retrieval”

      BDISipUri Attribute for SIP URI. Default is msRTCSIP-PrimaryUserAddress

      UDS example

      The following example includes a UDS configuration.

      <?xml version="1.0" encoding="UTF-8"?>
      <config version="1.0">
                  
                  <Directory>      
                  <DirectoryServerType>UDS</DirectoryServerType>
                  <PhotoURISubstitutionEnabled>True</PhotoURISubstitutionEnabled>
                  <PhotoURISubstitutionToken>sAMAccountName</PhotoURISubstitutionToken>
                  <PhotoURIWithToken>http://10.194.114.133/software/photo/%%uid%%.jpg
                         </PhotoURIWithToken>
                  <OtherPhone>telephoneNumber</OtherPhone>
                  <EmailAddress>mail</EmailAddress>
                  <CcmipServer1>10.194.114.240</CcmipServer1>
                  <PresenceDomain>jabbermac75.net</PresenceDomain>                       
                  </Directory>
                  
      </config>
      

      Cisco Media Services Interface

      Important:
      • Cisco Jabber supports Cisco Media Services Interface version 4.0.2 or later.

      Traffic Marking

      Cisco Media Services Interface provides a Microsoft Windows service that works with Cisco Prime Collaboration Manager and Cisco Medianet-enabled routers to ensure that Cisco Jabber can send audio media and video media on your network with minimum latency or packet loss.

      Before Cisco Jabber sends audio media or video media, it checks for Cisco Media Services Interface.
      • If the service exists on the computer, Cisco Jabber provides flow information to Cisco Media Services Interface. The service then signals the network so that routers classify the flow and provide priority to the Cisco Jabber traffic.
      • If the service does not exist, Cisco Jabber does not use it and sends audio media and video media as normal.

      Note


      Cisco Jabber checks for Cisco Media Services Interface for each audio call or video call.


      Prepare Your Network

      To install Cisco Media Services Interface for traffic marking, you must prepare your network.

      Procedure
        Step 1   Install Cisco Prime Collaboration Manager.
        Step 2   Install routers or switches enabled for Cisco Medianet where appropriate.
        Step 3   Configure your network to handle the metadata attributes that Cisco Media Services Interface applies to applications.

        Not all devices on your network must support Cisco Medianet.

        The first hop should prioritize traffic based on the metadata attributes from Cisco Media Services Interface. As the traffic traverses the network, all other devices should also prioritize that traffic unless you configure policies on those devices to handle the traffic differently.


        Install Cisco Media Services Interface

        Procedure
          Step 1   Download the Cisco Media Services Interface installation program from the download site on Cisco.com.
          Step 2   Install Cisco Media Services Interface on each computer on which you install Cisco Jabber.

          See the appropriate Cisco Medianet documentation for installing Cisco Media Services Interface.


          Configure IM and Availability

          Configure LDAP Servers

          Configure LDAP Servers in Cisco Unified Presence


          Note


          Use this procedure for Cisco Unified Presence 8.6 or earlier. If you have installed Cisco Unified Communications Manager IM and Presence Service 9.0 or later, see Configure LDAP Servers in Cisco Unified Communication Manager


          Before You Begin
          • Configure the LDAP attribute map.
          • Obtain the hostnames or IP addresses of the LDAP directories.
          Procedure
            Step 1   Select Cisco Unified Presence Administration > Application > Cisco Unified Personal Communicator > LDAP Server.
            Step 2   Select Add New.
            Step 3   Enter the LDAP server name.
            Step 4   Enter an IP address or a Fully Qualified Domain Name (FQDN) of the LDAP server.
            Step 5  
            Step 6   Select TCP or TLS for the protocol type.
            Step 7   Select Save.

            Configure LDAP Servers in Cisco Unified Communication Manager

            Procedure
              Step 1   Select Cisco Unified Communication Manager > User Management > User Settings > UC Service.
              Step 2   Select Add New.
              Step 3   Select Directory. Then, click Next.
              Step 4   Enter the LDAP server name.
              Step 5   Enter the IP address or Fully Qualified Domain Name (FQDN) of the LDAP server.
              Step 6   Specify the port number to be used by the LDAP server. The default port is 389 for either TCP or TLS.
              Step 7   Select TCP or TLS as the protocol type.
              Step 8   Select Save.

              Add a new service profile in Cisco Unified CM

              Procedure
                Step 1   In Unified Communications Management Administration, select User Management > User Settings > Service Profile.

                The Find and List window opens.

                Step 2   Select Add New.
                Step 3   Enter the following settings for the service profile fields:
                Field Name Entry Details
                Name Enter the name of the service profile, which is descriptive enough for you to instantly recognize it. This name is visible on the End User settings window.
                The field allows all but the following characters:
                • Quote (")
                • Angle brackets (< >)
                • Backslash (\)
                • Ampersand (&)
                • percent (%)

                Maximum characters is 50 (ASCII only)

                Description (Optional) Enter a description that helps you to distinguish between service profiles when you configure more than one. You can change the description at any time
                Make this the default service profile for the system Check this check box to make this service profile the default option for the system.
                Note   

                If you specify a default service profile, end users who do not have an associated service profile automatically inherit the default service profile settings.

                Step 4   Select Save.

                The Add Successful message appears and Cisco Unified Communications Management creates the service profile in the database.


                Configure LDAP Servers in Cisco Unified Communication Manager

                Procedure
                  Step 1   Select Cisco Unified Communication Manager > User Management > User Settings > UC Service.
                  Step 2   Select Add New.
                  Step 3   Select Directory. Then, click Next.
                  Step 4   Enter the LDAP server name.
                  Step 5   Enter the IP address or Fully Qualified Domain Name (FQDN) of the LDAP server.
                  Step 6   Specify the port number to be used by the LDAP server. The default port is 389 for either TCP or TLS.
                  Step 7   Select TCP or TLS as the protocol type.
                  Step 8   Select Save.

                  Add Directory Profile to Service Profile in Cisco Unified Communication Manager

                  Procedure
                    Step 1   Select Cisco Unified Communication Manager > User Management > User Settings > Service Profile
                    Step 2   Select the service profile.
                    Step 3   Go to Directory Profile.
                    Step 4   Enter information in the following fields:
                    Field Setting
                    Primary Select a primary directory server from the drop-down list. The list contains the directory servers that you previously configured on the UC Services window.
                    Note   

                    If you select User Data Service (UDS) for directory integration, then you can use UDS for directory searches without selecting any primary, secondary, or tertiary servers. Clients connect to UDS using DNS/SRV.

                    Tip: You can specify, instead of (or in addition to) UDS, primary, secondary, or tertiary basic or advanced LDAP UC services. Some clients that use these services might not support UDS.

                    Secondary Select a secondary directory server, if applicable.

                    If you do not set up any backup directory servers, you cannot perform directory searches for Cisco Jabber clients if the first server fails.

                    Tertiary Select a tertiary directory server, if applicable.

                    If you do not set up any backup directory servers, you cannot perform directory searches for Cisco Jabber clients if the first server fails.

                    Use Logged On User Credential (Optional) Check this option to use the user credentials to sign in to the LDAP server.
                    Username Enter LDAP administrator login name.
                    Password Enter the LDAP bind password, which is limited to 128 characters. This password for the administrator-level account that you provided in the Bind Distinguished Name string allows users to access this LDAP server.
                    Search Base 1 Enter the location where you configured all the LDAP users. This location is a container or directory. Maximum allowable characters is 256. Only use a single OU/LDAP search context.
                    Note   
                    Follow these guidelines is you integrate with Microsoft Active Directory:
                    • Set O and OU OU must contain users; ou=users, dc=cisco, dc=com). For example, cn=users, DC=EFT-LA,DC=cisco, DC=com
                    • Include all users of Cisco Jabber in the search base
                    Recursive Search on All Search Bases (Optional) Check this check box to perform a recursive search of the directory, starting at the search base
                    Search Timeout (seconds) Specify the timeout interval. Default is five seconds.

                    Step 5   Select Save.

                    Configure IM and Presence Servers

                    Procedure
                      Step 1   Select Cisco Unified Communication Manager > User Management > User Settings > UC Service.
                      Step 2   Select Add New.
                      Step 3   Select IM and Presence.. Then, click Next.
                      Step 4   Enter the Cisco Unified Communication Manager IM and Presence Administration server name.
                      Step 5   Enter a description.
                      Step 6   Enter the IP address or Fully Qualified Domain Name (FQDN) of the Cisco Unified Presence server.
                      Step 7   Select Save.

                      Add IM and Presence Profile to Service Profile

                      Procedure
                        Step 1   Select Cisco Unified Communication Manager > User Management > User Settings > Service Profile.
                        Step 2   Select the service profile.
                        Step 3   Go to IM and Presence Profile.
                        Step 4   Enter information in the following fields:
                        Field Setting
                        Primary Select a IM and Presence server from the drop-down list. The list contains the IM and Presence servers that you previously configured on the UC Services window.
                        Note   

                        An IM and Presence profile cannot mix the IM and Presence server and Webex.

                        Secondary Select a secondary IM and Presence server, if applicable.
                        Tertiary Select a tertiary IM and Presence server, if applicable.


                        Configure a Secure Connection Between Cisco Unified Presence and the LDAP Directory

                        Before You Begin

                        Enable SSL for LDAP on Cisco Unified Communications Manager, and upload the LDAP directory certificate to Cisco Unified Communications Manager.

                        Procedure
                          Step 1   Select Cisco Unified OS Administration > Security > Certificate Management.
                          Step 2   Select Upload Certificate.
                          Step 3   Select directory-trust from the Certificate Name menu.
                          Step 4   Browse and select the LDAP server certificate from your local computer.
                          Step 5   Select Upload File.
                          Step 6   Restart the Tomcat service from the CLI using this command:
                          utils service restart Cisco Tomcat

                          Create LDAP Configuration

                          Create LDAP Profiles and Add Users in Cisco Unified Presence 8.6 or earlier

                          Before You Begin

                          Note


                          Use this procedure for Cisco Unified Presence 8.6 or earlier. If you have installed Cisco Unified Presence 8.6.3 or later, see Create LDAP Profiles and Add Users in Cisco Unified Presence 8.6.3 or later. If you have installed Cisco Unified Communications Manager IM and Presence Service 9.0 or later, see Create LDAP Profiles and Add Users in Cisco Unified Communications Manager IM and Presence Service 9.0 or later.


                          Cisco Jabber connects to an LDAP server on a per-search basis.

                          You can see LDAP server information in the Server Health window in Cisco Jabber (Help > Show System Diagnostics). If Cisco Jabber cannot connect to any of the LDAP servers, it reports the failure in the System Diagnostics window.

                          • Specify the LDAP server names and addresses.
                          Procedure
                            Step 1   Select Cisco Unified Presence Administration > Application > Cisco Unified Personal Communicator > LDAP Profile.
                            Step 2   Select Add New.
                            Step 3   Enter information into the fields.

                            Field

                            Setting

                            Name Enter the profile name limited to 128 characters.
                            Description (Optional) Enter a description limited to 128 characters.

                            Bind Distinguished Name

                            (Optional) Enter administrator-level account information limited to 128 characters. This is the distinguished name with which you bind for authenticated bind.

                            The syntax for this field depends on the type of LDAP server that you deploy. For details, see the LDAP server documentation.

                            Anonymous Bind

                            (Optional) Uncheck this option to use the user credentials to sign in to this LDAP server.

                            For non-anonymous bind operations, Cisco Jabber receives one set of credentials. If configured, these credentials must be valid on the backup LDAP servers.

                            Note   

                            If you check Anonymous Bind, users can sign in anonymously to the LDAP server with read-only access. Anonymous access might be possible on your directory server, but Cisco does not recommend it. Instead, create a user with read-only privileges on the same directory where the users to be searched are located. Specify the directory number and password in Cisco Unified Presence for Cisco Jabber to use.

                            Password

                            (Optional) Enter the LDAP bind password limited to 128 characters. This is the password for the administrator-level account that you provided in the Bind Distinguished Name string to allow users to access this LDAP server.

                            Confirm Password

                            Reenter the same password as the password you entered in the Password field.

                            (Optional) After configuring Cisco Unified Presence for authenticated bind with the LDAP server, configure the LDAP server for anonymous permissions and anonymous login so that all directory information (name, number, mail, fax, home number, and so forth) is passed to the Cisco Jabber client.

                            Search Context

                            (Optional) Enter the location where you configured all the LDAP users. This location is a container or directory. The name is limited to 256 characters. Only use a single OU/LDAP search context.
                            Note   

                            If you integrate with Microsoft Active Directory:

                            • Set O and OU (OU must contain users; for example, ou=users, dc=cisco, dc=com). For example, cn=users, DC=EFT-LA,DC=cisco, DC=com
                            • Include all users of Cisco Jabber in the search base.

                            Recursive Search

                            (Optional) Check to perform a recursive search of the directory starting at the search base.

                            Primary LDAP Server

                            Select the primary LDAP server.

                            Make this the Default LDAP Profile for the System

                            (Optional) Check to add any new users to the system into this default profile. If you turn on this setting, Cisco Unified Presence adds any users that it synchronizes from Cisco Unified Communications Manager to this default profile. Cisco Unified Presence adds users to this default profile only after you select the default profile (and you turn on the Sync Agent). Cisco Unified Presence does not change any existing profile configuration. Therefore, Cisco recommends that you select and configure the default profile before you turn on the Sync Agent.

                            Add Users to Profile

                            Select the button to open the Find and List Users window. Select Find to populate the search results fields. Alternatively, search for a specific users and select Find. To add users to this profile, select the users, and then select Add Selected.
                            Step 4   Select Save.

                            Create LDAP Profiles and Add Users in Cisco Unified Presence 8.6.3 or later

                            Before You Begin

                            Note


                            Use this procedure for Cisco Unified Presence 8.6.3 or later. If you have installed Cisco Unified Presence 8.6 or earlier, see Create LDAP Profiles and Add Users in Cisco Unified Presence 8.6 or earlier. If you have installed Cisco Unified Communications Manager IM and Presence Service 9.0 or later, see Create LDAP Profiles and Add Users in Cisco Unified Communications Manager IM and Presence Service 9.0 or later.


                            You can see LDAP server information in the Server Health window in Cisco Jabber (Help > Show System Diagnostics). If Cisco Jabber cannot connect to any of the LDAP servers, it reports the failure in the System Diagnostics window.

                            • Specify the LDAP server names and addresses.
                            Procedure
                              Step 1   Select Cisco Unified Presence Administration > Application > Cisco Jabber > LDAP Profile.
                              Step 2   Select Add New.
                              Step 3   Enter information into the fields.

                              Field

                              Setting

                              Name Enter the profile name limited to 128 characters.
                              Description (Optional) Enter a description limited to 128 characters.

                              Bind Distinguished Name

                              (Optional) Enter administrator-level account information limited to 128 characters. This is the distinguished name with which you bind for authenticated bind.

                              The syntax for this field depends on the type of LDAP server that you deploy. For details, see the LDAP server documentation.

                              Anonymous Bind

                              (Optional) Uncheck this option to use the user credentials to sign in to this LDAP server.

                              For non-anonymous bind operations, Cisco Jabber receives one set of credentials. If configured, these credentials must be valid on the backup LDAP servers.

                              Note   

                              If you check Anonymous Bind, users can sign in anonymously to the LDAP server with read-only access. Anonymous access might be possible on your directory server, but Cisco does not recommend it. Instead, create a user with read-only privileges on the same directory where the users to be searched are located. Specify the directory number and password in Cisco Unified Presence for Cisco Jabber to use.

                              Password

                              (Optional) Enter the LDAP bind password limited to 128 characters. This is the password for the administrator-level account that you provided in the Bind Distinguished Name string to allow users to access this LDAP server.

                              Confirm Password

                              Reenter the same password as the password you entered in the Password field.

                              (Optional) After configuring Cisco Unified Presence for authenticated bind with the LDAP server, configure the LDAP server for anonymous permissions and anonymous login so that all directory information (name, number, mail, fax, home number, and so forth) is passed to the Cisco Jabber client.

                              Search Context

                              (Optional) Enter the location where you configured all the LDAP users. This location is a container or directory. The name is limited to 256 characters. Only use a single OU/LDAP search context.
                              Note   

                              If you integrate with Microsoft Active Directory:

                              • Set O and OU (OU must contain users; for example, ou=users, dc=cisco, dc=com). For example, cn=users, DC=EFT-LA,DC=cisco, DC=com
                              • Include all users of Cisco Jabber in the search base.

                              Recursive Search

                              (Optional) Check to perform a recursive search of the directory starting at the search base.

                              Primary LDAP Server

                              Select the primary LDAP server.

                              Make this the Default LDAP Profile for the System

                              (Optional) Check to add any new users to the system into this default profile. If you turn on this setting, Cisco Unified Presence adds any users that it synchronizes from Cisco Unified Communications Manager to this default profile. Cisco Unified Presence adds users to this default profile only after you select the default profile (and you turn on the Sync Agent). Cisco Unified Presence does not change any existing profile configuration. Therefore, Cisco recommends that you select and configure the default profile before you turn on the Sync Agent.

                              Add Users to Profile

                              Select the button to open the Find and List Users window. Select Find to populate the search results fields. Alternatively, search for a specific users and select Find. To add users to this profile, select the users, and then select Add Selected.
                              Step 4   Select Save.

                              Specify LDAP Directory Configuration on Cisco Unified Communications Manager

                              If your environment includes Cisco Unified Communications Manager version 9.x and higher, you can specify credentials when you add a directory service. The client can then get the configuration from the server to authenticate with the directory source. If you have installed Cisco Unified Presence 8.6 or earlier, see Create LDAP Profiles and Add Users in Cisco Unified Presence 8.6 or earlier. If you have installed Cisco Unified Presence 8.6.3 or later, see Create LDAP Profiles and Add Users in Cisco Unified Presence 8.6.3 or later.

                              Complete the steps to add a directory service, apply the directory service to the service profile, and specify the LDAP authentication configuration for the directory service.

                              Procedure
                                Step 1   Open the Cisco Unified CM Administration interface.
                                Step 2   Add a directory service as follows:
                                1. Select User Management > User Settings > UC Service.

                                  The Find and List UC Services window opens.

                                2. Select Add New.

                                  The UC Service Configuration window opens.

                                3. In the Add a UC Service section, select Directory from the UC Service Type drop-down list.
                                4. Select Next.
                                5. Specify details for the directory service as follows:
                                  Product Type

                                  Select Directory.

                                  Name

                                  Enter a descriptive name for the server, for example, PrimaryDirectoryServer.

                                  Description

                                  Enter an optional description.

                                  Hostname/IP Address

                                  Enter the address of the directory server in one of the following formats:

                                  • Hostname
                                  • IP Address
                                  • FQDN
                                  Protocol Type
                                  Select one of the following protocols from the following drop-down list:
                                  • TCP
                                  • UDP
                                6. Select Save.
                                Step 3   Apply the directory service to your service profile as follows:
                                1. Select User Management > User Settings > Service Profile.

                                  The Find and List Service Profiles window opens.

                                2. Find and select your service profile.

                                  The Service Profile Configuration window opens.

                                3. In the Directory Profile section, select up to three services from the following drop-down lists:
                                  • Primary
                                  • Secondary
                                  • Tertiary
                                4. Specify the credentials that the client can use to authenticate with the LDAP server in the following fields:
                                  • Username
                                  • Password
                                5. Select Save.
                                Step 4   Apply the service profile to users as follows:
                                1. Select User Management > End User.

                                  The Find and List Users window opens.

                                2. Find and select your user.

                                  The End User Configuration window opens.

                                3. In the Service Settings section, select the service profile from the UC Service Profile drop-down list.
                                  Important:

                                  Cisco Unified Communications Manager version 9.x only: If the user has only instant messaging and presence capabilities (IM only), you must select Use Default. For IM only users, Cisco Unified Communications Manager version 9.x always applies the default service profile regardless of what you select from the UC Service Profile drop-down list.

                                4. Select Save.

                                Configure the LDAP Attribute Map


                                Note


                                You must perform this task in Cisco Unified Presence.


                                Before You Begin

                                Note


                                • You can map an LDAP field to only one Cisco Jabber field.

                                Procedure
                                  Step 1   Select Cisco Unified Presence Administration > Application > Cisco Unified Personal Communicator > Settings.
                                  Step 2   Select a supported LDAP server from Directory Server Type.

                                  The LDAP server populates the LDAP attribute map with Cisco Jabber user fields and LDAP user fields.

                                  Step 3   If necessary, make modifications to the LDAP field to match your specific LDAP directory.

                                  The values are common to all LDAP server hosts. Note the following LDAP directory product mappings:

                                  Product

                                  LastName Mapping

                                  UserID Mapping

                                  Microsoft Active Directory SN sAMAccountName

                                  iPlanet, Sun ONE or OpenLDAP

                                  SN uid
                                  Step 4   Select Save.

                                  Troubleshooting Tips

                                  • If you want to stop using the current attribute mappings and use the factory default settings, select Restore Defaults.

                                  LDAP Authentication

                                  You can set the credentials that are required for LDAP authentication in several ways for Cisco Jabber for Mac. The following sequence describes the order of how the credentials are obtained:

                                  1. LDAP credentials from CUP: Set Credentials in CUP for LDAP authentication. This is a secure way of setting and accessing the credentials for LDAP authentication. For more details on how to set the LDAP credentials in CUP see "Create LDAP Profiles and Add User."
                                  2. LDAP credentials from configuration file: Set the credentials in the configuration file. The credentials are read from the parameters BDIConnectionUsername and BDIConnectionUsername. The username and password are visible in the configuration file as plain text. If you specify credentials in the configuration, you should use a shared, read-only directory account for all users.

                                    Note


                                    If the LDAP credentials are set in CUP (see #1 above) then the credentials set in the configuration file will be ignored.


                                  3. Cisco Jabber credentials as LDAP credentials: Set BDIUseJabberCredentials to True in the configuration file to use Cisco Jabber credentials for LDAP authentication.

                                    Note


                                    If credentials are set in #1 or #2, above, the Cisco Jabber credentials are not used for LDAP authentication.


                                  4. Anonymous bind: Anonymous bind is used to connect to LDAP. Anonymous binding happens only if the LDAP credentials were not set using any of the methods mentioned above.

                                  Indexed Active Directory Attributes

                                  The following Active Directory attributes must be indexed:

                                  • sAMAccountName
                                  • displayName
                                  • mail

                                  Any attributes that are used for contact resolution must also be indexed. For example, you might need to index the following attributes:

                                  • telephoneNumber
                                  • ipPhone, if this attribute is used in your environment

                                  Intradomain Federation

                                  Intradomain federation enables users within the same domain to share availability and send instant messages between Cisco Unified Presence and Microsoft Office Communications Server, or Microsoft Lync Server, or other presence server.

                                  Intradomain federation allows you to migrate users to Cisco Unified Presence or Cisco Unified Communications IM and Presence from a different presence server. For this reason, you configure intradomain federation for Cisco Jabber for Mac on the presence server. See the following documents for more information:

                                  • Cisco Unified Presence: Integration Guide for Configuring Partitioned Intradomain Federation for Cisco Unified Presence Release 8.6 and Microsoft LCS/OCS
                                  • Cisco Unified Communications IM and Presence: Partitioned Intradomain Federation for IM and Presence Service on Cisco Unified Communications Manager

                                  Configure intradomain federation

                                  In addition to configuring intradomain federation on the presence server, you might need to specify some configuration settings in the Cisco Jabber for Mac configuration files.

                                  To resolve contacts during contact search or retrieve contact information from your directory, Cisco Jabber for Mac requires the contact ID for each user. Cisco Unified Presence uses a specific format for resolving contact information that does not always match the format on other presence servers such as Microsoft Office Communications Server or Microsoft Lync.

                                  Procedure
                                     Command or ActionPurpose
                                    Step 1Set the value of the UseSIPURIToResolveContacts parameter to true.    
                                    Step 2Specify an attribute that contains the contact ID that Cisco Jabber for Mac uses to retrieve contact information as the value of the SipUri parameter. The default value is msRTCSIP-PrimaryUserAddress.    
                                    Step 3Specify any text that prefixes each contact ID as the value of the UriPrefix parameter. The prefix is any text that exists before the username in the contact ID.  

                                    For example, you specify msRTCSIP-PrimaryUserAddress as the value of SipUri. In your directory the value of msRTCSIP-PrimaryUserAddress for each user has the following format: sip:username@domain.

                                     

                                    Sample Configuration

                                    The following XML snippet provides an example of the resulting configuration:
                                    <Directory>
                                      <UseSIPURIToResolveContacts>true</UseSIPURIToResolveContacts>
                                      <SipUri>non-default-attribute</SipUri>
                                      <UriPrefix>sip:</UriPrefix>
                                    </Directory>

                                    Intradomain Federation Example

                                    This topic provides an example of intradomain federation contact resolution using the SipUri, UseSIPURIToResolveContacts, and UriPrefix parameters.

                                    In this example, your configuration has the following settings:

                                    • The value of the SipUri parameter is msRTCSIP-PrimaryUserAddress.
                                    • The value of the UseSIPURIToResolveContacts parameter is true.
                                    • The value of the UriPrefix parameter is sip:.
                                    • The directory contains sip:msmith@domain.com as the value of the msRTCSIP-PrimaryUserAddress attribute for a user named Mary Smith.

                                    Cisco Jabber for Mac connects to your directory to resolve contact information

                                    1. Your presence server passes msmith@domain.com to Cisco Jabber for Mac
                                    2. Cisco Jabber for Mac appends sip: to msmith@domain.com and then queries your directory
                                    3. sip:msmith@domain.com matches the value of the msRTCSIP-PrimaryUserAddress attribute
                                    4. Cisco Jabber for Mac retrieves contact information for Mary Smith.

                                    Cisco Jabber for Mac users search for Mary Smith

                                    Cisco Jabber for Mac removes the prefix of sip: from sip:msmith@domain.com and gets the contact ID of msmith@domain.com

                                    Predictive search

                                    When Cisco Jabber for Mac performs a predictive search, it issues a query using Ambiguous NameResolution (ANR). This query disambiguates the search string and returns results that match the attributes that are set for ANR on your directory server


                                    Note


                                    You must configure your directory server to set attributes for ANR if you want the client to search for those attributes.


                                    See the following Microsoft documentation for more information on ANR:

                                    • Ambiguous Name Resolution for LDAP in Windows 2000
                                    • DAP Referrals, see the Ambiguous Name Resolution section
                                    • Common Default Attributes Set for Active Directory and Global Catalog

                                    Cisco Unified Communications Manager User Data Service

                                    UDS is a REST interface on Cisco Unified Communications Manager that provides contact resolution. You synchronize contact data into Cisco Unified Communications Manager from a directory server. Cisco Jabber for Mac then automatically retrieves that contact data directly from UDS.

                                    Note


                                    A known issue in UDS exists on versions of Cisco Unified Communications Manager lower than 8.6.2. This known issue prevents successful contact resolution. As a result, Cisco Jabber for Mac supports UDS on Cisco Unified Communications Manager version 8.6.2 or later.


                                    Enable Integration with UDS

                                    To enable integration with UDS, perform the following steps:

                                    Procedure
                                      Step 1   Create your directory source in Cisco Unified Communications Manager.
                                      Step 2   Synchronize the contact data to Cisco Unified Communications Manager.

                                      After the synchronization occurs, your contact data resides in Cisco Unified Communications Manager.

                                      Step 3   Provision users with CCMCIP profiles on Cisco Unified Presence or Cisco Unified Communications IM and Presence

                                      The client requires a CCMCIP profile that contains the primary Cisco Unified Communications Manager server address. The client uses the CCMCIP profile to locate Cisco Unified Communications Manager and resolve contacts with UDS.

                                      Step 4   Specify UDS as the value of the DirectoryServerType parameter in your configuration file.

                                      The following is an example configuration where UDS is the directory server type:

                                      <Directory>
                                       <DirectoryServerType>UDS</DirectoryServerType>
                                      </Directory>
                                      Step 5   Configure the client to retrieve contact photos with UDS.

                                      The following is an example configuration for contact photo retrieval:

                                      <PhotoUriWithToken>http://server_name.domain/%%uid%%.jpg
                                            </PhotoUriWithToken>

                                      Set UDS Service Parameters

                                      You can set service parameters for UDS on Cisco Unified Communications Manager.

                                      Procedure
                                        Step 1   Open the Cisco Unified Communications Manager Administration interface.
                                        Step 2   Select System > Enterprise Parameters.

                                        The Enterprise Parameters Configuration window opens.

                                        Step 3   Locate the User Data Service Parameters section and enter information according to the following table.
                                        Parameter Description
                                        Enable All User Search Allows searches for all users in the directory.
                                        User Search Limit Limits the number of users returned in a query.
                                        Number of Digits to Match Specifies the number of digits to match when users search for phone numbers.
                                        Note   

                                        To resolve PSTN numbers, you should set the value as equal to the number of digits in the PSTN numbers. For example, if the PSTN numbers have 10 digits, set the value to 10.


                                        Contact photo retrieval

                                        Cisco Jabber for Mac retrieves and displays contact photos with the following methods:

                                        Retrieve photo with URI substitution

                                        Cisco Jabber for Mac can dynamically build a URL to locate contact photos with a directory attribute and a URL template. To use this method, set the following values in your configuration file:

                                        Procedure
                                          Step 1   Specify true as the value of the BDIPhotoUriSubstitutionEnabled parameter.
                                          Step 2   Specify a directory attribute to use as a dynamic token as the value of the BDIPhotoUriSubstitutionToken parameter

                                          Example: <BDIPhotoUriSubstitutionToken>sAMAccountName</BDIPhotoUriSubstitutionToken>
                                          Step 3   Specify the URL and the dynamic token as the value of the BDIPhotoUriWithToken parameter.

                                          Example: <BDIPhotoUriWithToken>http://staffphoto.example.com/sAMAccountName.jpg</BDIPhotoUriWithToken >

                                          In this example, the sAMAccountName attribute might resolve to msmith in your directory. Cisco Jabber for Mac would take this value and replace the token to build the following URL:

                                          http://staffphoto.example.com/msmith.jpg

                                          Retrieve binary data for photos

                                          Cisco Jabber for Mac can retrieve the binary data for a photo from your database.

                                          To use this method for contact photo retrieval, make sure that the following parameters are not used in the configuration:

                                          • BDIPhotoUriWithToken
                                          • BDIPhotoUriSubstitutionToken
                                          • BDIPhotoUriSubstitutionEnabled

                                          Cisco Jabber for Mac uses the value of the BDIPhotoSource parameter from the configuration file. For example, <BDIPhotoSource>jpegPhoto</BDIPhotoSource> . By default the value of this BDIPhotoSource parameter is thumbnailPhoto for AD and jpegPhoto for openLDAP.

                                          Configure LDAP Authentication


                                          Note


                                          You must perform this task in Cisco Unified Communications Manager.


                                          The LDAP authentication feature enables Cisco Unified Communications Manager to authenticate user passwords against the corporate LDAP directory.


                                          Note


                                          LDAP authentication does not apply to the passwords of application users; Cisco Unified Communications Manager authenticates application users in its internal database.


                                          Before You Begin

                                          Enable LDAP synchronization on Cisco Unified Communications Manager.

                                          Procedure
                                            Step 1   Select Cisco Unified Communications Manager Administration > System > LDAP > LDAP Authentication.
                                            Step 2   Check Use LDAP Authentication for End Users.
                                            Step 3   Configure the LDAP authentication settings.
                                            Step 4   Configure the LDAP server hostname or IP address, and port number.
                                            Note   

                                            To use Secure Socket Layer (SSL) to communicate with the LDAP directory, check Use SSL.

                                            Step 5   Click Save.

                                            Troubleshooting Tip

                                            If you configure LDAP over SSL, upload the LDAP directory certificate to Cisco Unified Communications Manager.

                                            Configure LDAP Synchronization for User Provisioning


                                            Note


                                            You must perform this task in Cisco Unified Communications Manager.


                                            LDAP synchronization uses the Cisco Directory Synchronization (DirSync) tool on Cisco Unified Communications Manager to synchronize information (either manually or periodically) from a corporate LDAP directory. When you enable the DirSync service, Cisco Unified Communications Manager automatically provisions users from the corporate directory. Cisco Unified Communications Manager still uses its local database but disables its facility to allow you to create user accounts. You use the LDAP directory interface to create and manage user accounts.

                                            • Make sure that you install the LDAP server before you attempt the LDAP-specific configuration on Cisco Unified Communications Manager.
                                            • LDAP synchronization does not apply to application users on Cisco Unified Communications Manager.
                                            • Activate and start the Cisco DirSync service on Cisco Unified Communications Manager.

                                            Note


                                            You must manually provision application users in Cisco Unified Communications Manager Administration.


                                            Procedure
                                              Step 1   Select Cisco Unified Communications Manager Administration > System > LDAP > LDAP System.
                                              Step 2   Select Add New.
                                              Step 3   Configure the LDAP server type and attribute.
                                              Step 4   Select Enable Synchronizing from LDAP Server.
                                              Step 5   Click Save.
                                              Step 6   Select Cisco Unified Communications Manager Administration > System > LDAP > LDAP Directory.
                                              Step 7   Select Add New.
                                              Step 8   Configure the following items:
                                              • LDAP directory account settings
                                              • User attributes to be synchronized
                                              • Synchronization schedule
                                              • LDAP server hostname or IP address, and port number
                                              Step 9   Check Use SSL if you want to use Secure Socket Layer (SSL) to communicate with the LDAP directory.
                                              Step 10   Click Save.

                                              Troubleshooting Tips

                                              • If you configure LDAP over SSL, upload the LDAP directory certificate onto Cisco Unified Communications Manager.
                                              • See the LDAP directory content in the Cisco Unified Communications Manager SRND for information on the account synchronization mechanism for specific LDAP products, and general best practices for LDAP synchronization.

                                              Enable Instant Messaging Policy


                                              Note


                                              You must perform this task in Cisco Unified Presence.


                                              This procedure describes how to turn on or off IM capabilities for all IM client applications in a Cisco Unified Presence cluster. IM capabilities are turned on by default on Cisco Unified Presence.


                                              Caution


                                              When you turn off IM capabilities on Cisco Unified Presence, all group chat functionality (ad hoc and persistent chat) will not work on Cisco Unified Presence. Cisco recommends that you do not turn on the Cisco UP XCP Text Conference service or configure an external database for persistent chat on Cisco Unified Presence.


                                              Procedure
                                                Step 1   Select Cisco Unified Presence Administration > Messaging > Settings.
                                                Step 2   Configure the IM settings as follows:
                                                If You Want To Do This

                                                Turn on IM capabilities for client applications in the Cisco Unified Presence cluster.

                                                If you turn on this setting, local users of client applications can send and receive IMs.

                                                If you turn off this setting, local users of client applications cannot send and receive IMs. Users can use the IM application for availability and phone operations only.

                                                Check Enable instant messaging.

                                                   
                                                Step 3   Select Save.
                                                Step 4   Restart the Cisco UP XCP Router service.

                                                Turn IM History Logging On or Off


                                                Note


                                                You must perform this task in Cisco Unified Presence.


                                                You can prevent or allow users to log IM history locally on their computer. On the client side, the application must support this functionality; it must enforce the prevention of IM logging.

                                                Procedure
                                                  Step 1   Select Cisco Unified Presence Administration > Messaging > Settings.
                                                  Step 2   Configure the IM history log as follows:

                                                  If You Want To

                                                  Do This

                                                  Allow users of client applications to log IM history on Cisco Unified Presence.

                                                  Check Allow clients to log instant message history (on supported clients only).

                                                  Prevent users of client applications from logging IM history on Cisco Unified Presence.

                                                  Uncheck Allow clients to log instant message history (on supported clients only).

                                                  Step 3   Select Save.

                                                  Fetch Contact Pictures from a Web Server

                                                  You can configure a parameterized URL string in the Photo field in the LDAP attribute map so that Cisco Jabber can fetch pictures from a web server instead of from the LDAP server. The URL string must contain an LDAP attribute with a query value containing a piece of data that uniquely identifies the photo of the user. Cisco recommends that you use the User ID attribute. However, you can use any LDAP attribute whose query value contains a piece of data that uniquely identifies the photo of the user.

                                                  Cisco recommends that you use <userID> as the substitution string, for example:

                                                  • http://mycompany.example.com/photo/std/uid.jpg
                                                  • http://mycompany.example.com/photo/std/sAMAccountName.jpg

                                                  You must include the double percent symbols in this string, and they must enclose the name of the LDAP attribute to substitute. Cisco Jabber removes the percent symbols and replaces the parameter inside with the results of an LDAP query for the user whose photo it resolves.

                                                  For example, if a query result contains the attribute “uid” with a value of “johndoe,” then a template such as http://mycompany.com/photos/ui.jpg creates the URL http://mycompany.com/photos/johndoe.jpg. Cisco Jabber attempts to fetch the photo.

                                                  This substitution technique works only if Cisco Jabber can use the results of the query and can insert it into the template you specify above to construct a working URL that fetches a JPG photo. If the web server that hosts the photos in a company requires a POST (for example, the name of the user is not in the URL) or uses some other cookie name for the photo instead of the username, this technique does not work.


                                                  Note


                                                  Cisco Jabber does not support authentication for this query; the photo must be retrievable from the web server without credentials.


                                                  Configure IM Policy Settings

                                                  Procedure
                                                    Step 1   Select Cisco Unified Presence Administration > Presence > Settings.
                                                    Step 2   Select Cisco Unified Presence Administration > Messaging > Settings.
                                                    Step 3   Perform the following configuration:

                                                    If You Want To . . .

                                                    Do This

                                                    Globally disable instant messaging services.

                                                    Uncheck Enable instant messaging.

                                                    Globally enable offline instant messaging.

                                                    Uncheck Suppress Offline Instant Messaging.

                                                    Globally display client instant messaging history.

                                                    Check Allow clients to log instant message history (on supported clients only).

                                                    Step 4   Select Save.
                                                    Step 5   Restart the Cisco UP XCP Router service.

                                                    Optional configurations

                                                    Third-party XMPP client support

                                                    Requirements for supporting third-party XMPP clients

                                                    Support for Third-Party XMPP Clients

                                                    Cisco Unified Presence supports standards-based XMPP to enable third-party XMPP client applications to integrate with Cisco Unified Presence for availability and instant messaging (IM) services. Third-party XMPP clients must comply with the XMPP standard as outlined in the Cisco Software Development Kit (SDK).

                                                    License Requirements for Third-Party Clients

                                                    For each user of an XMPP client application, you require a Cisco Unified Presence user feature license. The Cisco Unified Presence user feature license consumes one Cisco Unified Communications Manager Device License Unit (DLU). On Cisco Unified Communications Manager, you will need to upload the user DLU, and assign Cisco Unified Presence capabilities to the user.

                                                    XMPP Client Integration on Cisco Unified Communications Manager

                                                    Before you integrate an XMPP client, perform the following tasks on Cisco Unified Communications Manager:

                                                    • Configure the licensing requirements. Upload the user DLU, and then assign Cisco Unified Presence capabilities for the user.
                                                    • Configure the users and devices. Associate a device with each user, and associate each user with a line appearance.

                                                    LDAP Integration for XMPP Contact Search

                                                    To allow users of the XMPP client applications to search and add contacts from an LDAP directory, configure the LDAP settings for XMPP clients on Cisco Unified Presence.

                                                    Domain Name for XMPP Clients

                                                    The domain name on the XMPP client, specifically the XMPP connection attempt domain name, must match the domain on Cisco Unified Presence. To verify the domain value on Cisco Unified Presence, select Cisco Unified Presence Administration > System > Cluster Topology, select Settings in the right pane, and verify the Domain Name value.

                                                    DNS Configuration for XMPP Clients

                                                    You must enable DNS SRV in your deployment when you integrate XMPP clients with Cisco Unified Presence. The XMPP client performs a DNS SRV query to find an XMPP server (Cisco Unified Presence) to communicate with, and then performs a record lookup of the XMPP server to get the IP address.

                                                    Configure a secure connection between Cisco Unified Presence and XMPP clients

                                                    To configure a secure connection between your Cisco Unified Presence server and third-party XMPP clients:
                                                    Procedure
                                                      Step 1   Select Cisco Unified Presence Administration > System > Security > Settings.
                                                      Step 2   To establish a secure TLS connection between Cisco Unified Presence and XMPP client applications in a cluster, select Enable XMPP Client To CUP Secure Mode.

                                                      Cisco recommends that you do not turn off this secure mode unless the XMPP client application can protect the client login credentials in non-secure mode. If you do turn off the secure mode, verify that you can secure the XMPP client-to-server communication in some other way.

                                                      Step 3   To establish a secure TLS connection between Cisco Unified Presence and XMPP-based API client applications in a cluster, select Enable Web Client To CUP Secure Mode.

                                                      If you turn on this setting, upload the certificates or signing certificates for the web client in the cup-xmpp-trust repository on Cisco Unified Presence.

                                                      Step 4   Select Save.

                                                      Enable support for third-party XMPP clients

                                                      To enable support for third-party XMPP clients, perform the following steps for each node of your Cisco Unified Presence cluster:

                                                      Procedure
                                                        Step 1   Select Cisco Unified Serviceability > Tools > Service Activation.
                                                        Step 2   Select the Cisco Unified Presence server from the Server menu.
                                                        Step 3   Turn on the following services:
                                                        • Cisco UP XCP Connection Manager - Turn on this service if you are integrating third-party XMPP clients on Cisco Unified Presence.
                                                        • Cisco UP XCP Authentication Service - Turn on this service if you are integrating third-party XMPP clients, or XMPP-based API clients, on Cisco Unified Presence.
                                                        • Cisco UP XCP Web Connection Manager - Turn on this service if you are integrating XMPP-based API clients on Cisco Unified Presence.

                                                        For XMPP clients to function correctly, make sure you turn on the Cisco UP XCP Router on all nodes in your cluster.

                                                        Step 4   Click Save.

                                                        Telephony

                                                        Configure CCMCIP profiles

                                                        Configure CCMCIP profiles in Cisco Unified Presence

                                                        The CCMCIP service runs on Cisco Unified Communications Manager and retrieves a list of devices associated with each user. CCMCIP profiles are required before the client application can retrieve the list of user devices from Cisco Unified Communications Manager. You can create a profile to control client applications when the application allows a user to use a desk phone for phone calls. The profile can also facilitate discovery of devices when the client applications allow users to use a desk phone for phone calls, or to use a computer for phone calls.

                                                        You can then associate selected users with the new profile.

                                                        Before You Begin

                                                        This procedure applies to Cisco Unified Presence 8.6 or earlier. If you installed Cisco Unified Communications Manager IM and Presence Service 9.0 or later, see Configure CCMCIP profiles in Cisco Unified Presence Administration

                                                        Procedure
                                                          Step 1   Select Cisco Unified Presence Administration > Application > Cisco Unified Personal Communicator > CCMCIP Profile.
                                                          Step 2   Select Add New.
                                                          Step 3   Enter the profile name and description.
                                                          Step 4   Enter information into the fields:
                                                          Field Setting

                                                          Primary CCMCIP Host

                                                          Enter the address of the server for the CCMCIP service to use to retrieve the list of associated devices when users sign in to Cisco Jabber.

                                                          Enter the address in one of the following forms:

                                                          • IP address
                                                          • Host name
                                                          • Fully-qualified domain name (FQDN)

                                                          This value must match exactly the IP address, host name, or FQDN of the CCMCIP server.

                                                          Backup CCMCIP Host

                                                          Enter the address of the backup server for the CCMCIP service to use if the primary CCMCIP server fails.

                                                          Enter the address in one of the following forms:

                                                          • IP address
                                                          • Host name
                                                          • FQDN

                                                          This value must match exactly the IP address, host name, or FQDN of the backup CCMCIP server.

                                                          Server Certificate Verification

                                                          Specify how the CCMCIP server associated with this profile supports TLS connections. This setting is for TLS verification of the CCMCIP servers listed for this CCMCIP profile.

                                                          Select from the following options:

                                                          • Self Signed or Keystore—Cisco Unified Presence accepts the certificate if the certificate is self-signed, or the signing Certificate Authority certificate is in the local trust store. A keystore is a file that stores authentication and encryption keys.
                                                          • Any Certificate—Cisco Unified Presence accepts all valid certificates.
                                                          • Keystore Only—Cisco Unified Presence accepts only certificates that are defined in the keystore. You must import the certificate or its Certificate Authority signing certificate into the local trust store.

                                                          Default Setting: Self Signed or Keystore

                                                          Make this the default CCMCIP Profile for the system

                                                          (Optional) Check this option if you want new users to be automatically added to the default profile.

                                                          Users who are already synchronized to Cisco Unified Presence from Cisco Unified Communications Manager are not added to the default profile. However, any users who are synchronized after the default profile is created are added to the default profile.

                                                          Step 5   Select Add Users to Profile.
                                                          Step 6   Use the Find and List Users window to find and select users, and select Add Selected to add users to the profile.
                                                          Step 7   Select Save.

                                                          Configure CCMCIP profiles in Cisco Unified Presence Administration

                                                          Procedure
                                                            Step 1   Select Cisco Unified Presence Administration > Application > Legacy Applications > CCMCIP Profile.
                                                            Step 2   Select Add New.
                                                            Step 3   Enter the profile name and description.
                                                            Step 4   Enter information into the fields:
                                                            Field Setting

                                                            Primary CCMCIP Host

                                                            Enter the address of the server for the CCMCIP service to use to retrieve the list of associated devices when users sign in to Cisco Jabber.

                                                            Enter the address in one of the following forms:

                                                            • IP address
                                                            • Host name
                                                            • Fully-qualified domain name (FQDN)

                                                            This value must match exactly the IP address, host name, or FQDN of the CCMCIP server.

                                                            Backup CCMCIP Host

                                                            Enter the address of the backup server for the CCMCIP service to use if the primary CCMCIP server fails.

                                                            Enter the address in one of the following forms:

                                                            • IP address
                                                            • Host name
                                                            • FQDN

                                                            This value must match exactly the IP address, host name, or FQDN of the backup CCMCIP server.

                                                            Server Certificate Verification

                                                            Specify how the CCMCIP server associated with this profile supports TLS connections. This setting is for TLS verification of the CCMCIP servers listed for this CCMCIP profile.

                                                            Select from the following options:

                                                            • Self Signed or Keystore—Cisco Unified Presence accepts the certificate if the certificate is self-signed, or the signing Certificate Authority certificate is in the local trust store. A keystore is a file that stores authentication and encryption keys.
                                                            • Any Certificate—Cisco Unified Presence accepts all valid certificates.
                                                            • Keystore Only—Cisco Unified Presence accepts only certificates that are defined in the keystore. You must import the certificate or its Certificate Authority signing certificate into the local trust store.

                                                            Default Setting: Self Signed or Keystore

                                                            Make this the default CCMCIP Profile for the system

                                                            (Optional) Check this option if you want new users to be automatically added to the default profile.

                                                            Users who are already synchronized to Cisco Unified Presence from Cisco Unified Communications Manager are not added to the default profile. However, any users who are synchronized after the default profile is created are added to the default profile.

                                                            Step 5   Select Add Users to Profile.
                                                            Step 6   Use the Find and List Users window to find and select users, and select Add Selected to add users to the profile.
                                                            Step 7   Select Save.

                                                            Configure CTI profiles

                                                            Configure CTI gateway profiles in Cisco Unified Presence


                                                            Note


                                                            You must perform this task in Cisco Unified Presence.


                                                            You must create CTI gateway profiles in Cisco Unified Presence Administration and assign primary and backup servers for redundancy.

                                                            Before You Begin

                                                            Note


                                                            Use this procedure for Cisco Unified Presence 8.6 or earlier. If you installed Cisco Unified Communications Manager IM and Presence Service 9.0 or later, see Configure CTI Profile in Cisco Unifed Communications Manager


                                                            • The CTI gateway profile must be created before you can add licensed users of the client application to the application profile.
                                                            • The CTI gateway server names and addresses must be specified in Cisco Unified Presence Administration > Application > Cisco Unified Personal Communicator > CTI Gateway Server before you can select the servers as primary or backup servers in this procedure.
                                                            • Cisco Unified Presence dynamically creates a TCP-based CTI gateway profile based on the hostname of Cisco Unified Communications Manager. Before using this profile, verify that Cisco Unified Presence and the application clients can ping Cisco Unified Communications Manager by the DNS name. If they cannot contact the server, you need to add the IP address of Cisco Unified Communications Manager in Cisco Unified Presence Administration > Application > Cisco Unified Personal Communicator > CTI Gateway Server. You do not need to delete the host profiles that are created automatically.
                                                            • If you previously configured Cisco Unified Communications Manager with an IP address through the Cisco Unified Communications Manager Administration > System > Server menu, Cisco Unified Presence dynamically creates a TCP-based CTI gateway profile based on that address. The fields in Cisco Unified Presence Administration > Application > Cisco Unified Personal Communicator > CTI Gateway Profile are automatically populated, and you need only add users to the default CTI TCP profile that is created (see Step 3).
                                                            Procedure
                                                              Step 1   Select Cisco Unified Presence Administration > Application > Cisco Unified Personal Communicator > CTI Gateway Profile.
                                                              Step 2   Search for the CTI gateway profile in the Find and List CTI Gateway Profiles window.

                                                              If the CTI gateway profile is found, no further action is required.

                                                              Step 3   If the CTI gateway profile is not found, select Add New.
                                                              Step 4   Enter information into the fields.
                                                              Field Setting
                                                              Name

                                                              Enter the profile name.

                                                              Description

                                                              Enter a profile description.

                                                              Primary CTI Gateway Server and Backup CTI Gateway Server

                                                              Select a primary server and backup servers.

                                                              Make this the Default CTI Gateway Profile for the System

                                                              Check this option if you want any new users that are added to the system to be placed automatically into this default profile.

                                                              Users who are already synchronized to Cisco Unified Presence from Cisco Unified Communications Manager are not added to the default profile. However, once the default profile is created, any users synchronized after that are added to the default profile.

                                                              Step 5   Select Add Users to Profile.
                                                              Step 6   Use the Find and List Users window to find and select users.
                                                              Step 7   Select Add Selected to add users to the profile.
                                                              Step 8   Select Save in the main CTI Gateway Profile window.

                                                              Configure CTI Profile in Cisco Unifed Communications Manager

                                                              Procedure
                                                                Step 1   Select Cisco Unified Communication Manager > User Management > User Settings > UC Service.
                                                                Step 2   Select Add New.
                                                                Step 3   Enter the Cisco Unified Communication Manager server name.
                                                                Step 4   Enter a description.
                                                                Step 5   Enter an IP address or a Fully Qualified Domain Name (FQDN) of the Cisco Unified Communication Manager server.
                                                                Step 6   Specify the port number used by the Cisco Unified Communication Manager server.
                                                                Step 7   Select Save.

                                                                Add CTI Profile to Service Profile

                                                                Procedure
                                                                  Step 1   Select Cisco Unified Communication Manager > User Management > User Settings > Service Profile.
                                                                  Step 2   Select the service profile.
                                                                  Step 3   Go to CTI Profile.
                                                                  Step 4   Enter information in the following fields:
                                                                  Field Setting
                                                                  Primary Select a primary server from the drop-down list. The list contains the CTI servers that you previously configured on the UC Services window.
                                                                  Secondary Select a secondary CTI server, if applicable.
                                                                  Tertiary Select a tertiary CTI server, if applicable.


                                                                  Desk Phone Control Mode

                                                                  Configuration of Cisco Unified Presence to enable use of desk phone for calls

                                                                  If you want Cisco Jabber to be able to control a desk phone, the following must be true:

                                                                  • The desk phone registers to Cisco Unified Communications Manager.
                                                                  • The Cisco Unified Communications Manager server has a CTI server.
                                                                  • Cisco Unified Presence must be configured to enable Cisco Jabber to connect to a CTI server to control the phone.

                                                                  This section describes how to configure Cisco Unified Presence to enable Cisco Jabber to connect to a CTI server.

                                                                  Enable control of desk phone from CTI


                                                                  Note


                                                                  You must perform this task in Cisco Unified Communications Manager.


                                                                  Procedure
                                                                    Step 1   Select Cisco Unified Communications Manager Administration > Device > Phone.
                                                                    Step 2   Search for the desk phone in the Find and List Phones window.
                                                                    Step 3   Select the device name of the desk phone.
                                                                    Step 4   Check Allow Control of Device from CTI to enable CTI to control and monitor this device.
                                                                    Step 5   Select Save.

                                                                    Using the computer as a phone

                                                                    Enable control of computer as a phone from CTI

                                                                    To enable control of the computer as a phone device from the computer telephony interface (CTI) in Cisco Jabber:
                                                                    Procedure
                                                                      Step 1   Select User Management > End User in Cisco Unified Communications Manager Administration.
                                                                      Step 2   Select the user you want to add.
                                                                      Step 3   Select Add to User Group in the Permissions Information group in the End User Configuration window.
                                                                      Step 4   Search for "Standard CTI" in the Find and List User Groups window.
                                                                      Step 5   Select Standard CTI Enabled user group.

                                                                      If the phone of the user is a Cisco Unified IP Phone 6900, 8900 or 9900 series model, select the Standard CTI Allow Control of Phones supporting Connected Xfer and conf user group also.

                                                                      Step 6   Select Add Selected.
                                                                      Step 7   Select Save in the End User Configuration window.

                                                                      Create a Cisco Unified Client Services Framework device for each user


                                                                      Note


                                                                      You must perform this task in Cisco Unified Communications Manager.


                                                                      To enable users to use phone features on their computers, you must create a new Cisco Unified Client Services Framework device for each user. This topic describes how to create this device for one user. To create these devices for many users, you can use the Bulk Administration Tool (BAT).

                                                                      BAT performs bulk updates to the Cisco Unified Communications Manager database. For more information about BAT, see the Cisco Unified Communications Manager Bulk Administration Guide at the following URL:

                                                                      http:/​/​www.cisco.com/​en/​US/​products/​sw/​voicesw/​ps556/​prod_​maintenance_​guides_​list.html

                                                                      Before You Begin
                                                                      • Read the licensing requirements information, including the information on adjunct licensing.
                                                                      • Read the guidelines on configuring the device name.
                                                                      • Restriction: The auto-registration features in Cisco Unified Communications Manager are not supported with this application.
                                                                      Procedure
                                                                        Step 1   Select Cisco Unified Communications Manager Administration > Device > Phone.
                                                                        Step 2   Select Add New.
                                                                        Step 3   Select Cisco Unified Client Services Framework from the Phone Type menu.
                                                                        Step 4   Select Next.
                                                                        Step 5   Configure the following information:
                                                                        1. Specify the device name in the Device Name field.
                                                                        2. Enter a descriptive name for the phone in the Description field. For example, enter Richard-phone-on-computer.
                                                                        3. Select Default from the Device Pool list.
                                                                        4. Select Standard Client Services Framework from the Phone Button Template list.
                                                                        5. In the Product Specific Configuration Layout section, set Video Calling to Enabled.
                                                                        6. Configure all the required fields for your environment.
                                                                        7. If you want to use an adjunct license with this device, select the user ID from the Owner User ID list
                                                                        8. If you want to use an adjunct license with this device, select the device name of the Cisco Unified IP Phone to associate with the client application from the Primary Phone list.
                                                                        9. Enter information in the Protocol Specific Information section, as follows:
                                                                          Field Description

                                                                          Presence Group

                                                                          Select Standard Presence Group.

                                                                          Device Security Profile

                                                                          Select Cisco Unified Client Services Framework - Standard SIP Non-Secure Profile.

                                                                          SIP Profile

                                                                          Select Standard SIP Profile to specify the default SIP profile. SIP profiles provide specific SIP information for the phone such as registration and keep-alive timers, media ports, and Do Not Disturb control.

                                                                        Step 6   Select Save.
                                                                        Step 7   Select the Add a New DN link in the Association Information section that displays on the left side of the window.
                                                                        Step 8   Configure the following information:
                                                                        1. Enter the directory number and route partition for Cisco Jabber.
                                                                        2. Enter the caller ID in Display (Internal Caller ID), in the Line 1 on Device Device-Name section.
                                                                        3. In the Multiple Call/Call Waiting section, specify the maximum number of calls that can be presented to the application in the Maximum Number of Calls field.
                                                                        4. In the Multiple Call/Call Waiting section, specify the trigger after which an incoming call receives a busy signal in the Busy Trigger field.
                                                                          Note   

                                                                          The Busy Trigger setting works with the Maximum Number of Calls setting. For example, if the maximum number of calls is set to six and the busy trigger is set to six, the seventh incoming call receives a busy signal.

                                                                        Step 9   Select Save.

                                                                        Troubleshooting Tips

                                                                        • Cisco Unified Communications Manager reminds you that changes to line or directory number settings require a restart. However, a restart is required only when you edit lines on Cisco Unified IP Phones that are running at the time of the modifications.
                                                                        • The directory number that is configured for the Cisco Unified Client Services Framework device and the Cisco Unified IP Phone must be identical. A directory number is configured with a partition, and you assign a directory number to the Cisco Unified Client Services Framework device and the Cisco Unified IP Phone. This configuration causes the Cisco Unified Client Services Framework device to share the line with the Cisco Unified IP Phone for this user.

                                                                        Naming guidelines for Cisco Unified Client Services Framework devices

                                                                        To enable users to use phone features on their computers, you must create a new Cisco Unified Client Services Framework device for each user. When you create a Cisco Unified Client Services Framework device, ensure that the device name conforms to these guidelines:

                                                                        • Can contain uppercase and lowercase letters, and numerals.
                                                                        • Contains no more than 15 characters.

                                                                        No correlation to the username is required, but for convenience you might choose to include a username in the device name. For example, you might use the device name CSFabaker.

                                                                        Associate a new device with a user

                                                                        This procedure contains information on how to associate a new device with an existing user.

                                                                        Procedure
                                                                          Step 1   Select Cisco Unified Communications Manager Administration > User Management > End User.
                                                                          Step 2   Search for the user in the Find and List Users window.
                                                                          Step 3   Select the user.
                                                                          Step 4   Select Device Association in the Device Information section.
                                                                          Step 5   Search for the device in the User Device Association window.
                                                                          Step 6   Select the device.
                                                                          Step 7   Select Save Selected/Changes.
                                                                          Step 8   Select Back to User from the menu in the Related Links navigation box at the top right of the window.
                                                                          Step 9   Select Go.
                                                                          Step 10   Verify that the device is listed in the Device Information section on the End User Configuration window.

                                                                          Associate a line for a phone device with a user


                                                                          Note


                                                                          You must perform this task in Cisco Unified Communications Manager.


                                                                          You must ensure that user IDs are the same between LDAP and Cisco Unified Communications Manager. This is easier to accomplish if you have LDAP synchronization enabled in Cisco Unified Communications Manager.

                                                                          Procedure
                                                                            Step 1   Select Cisco Unified Communications Manager Administration > Device > Phone.
                                                                            Step 2   Search for the device for the user in the Find and List Phones window.
                                                                            Step 3   Select the name of the device.
                                                                            Step 4   Select the directory number for the device in the Association Information section that displays on the left side of the window.
                                                                            Step 5   Select Associate End Users at the bottom of the window.
                                                                            Step 6   Search for the user in the Find and List Users window.
                                                                            Step 7   Select the user, then select Add Selected.
                                                                            Step 8   Select Save on the Directory Number Configuration window.

                                                                            Configure the proxy listener and TFTP addresses

                                                                            You must perform this task in Cisco Unified Presence.

                                                                            Before You Begin
                                                                            • Obtain the hostnames or IP addresses of the TFTP servers.

                                                                            Note


                                                                            Cisco recommends that Cisco Jabber use TCP to communicate with the proxy server. If you use UDP to communicate with the proxy server, availability information for contacts in the Cisco Jabber contact list might not be available for large contact lists.


                                                                            Procedure
                                                                              Step 1   Select Cisco Unified Presence Administration > Application > Cisco Unified Personal Communicator > Settings.
                                                                              Step 2   Select the Proxy Listener Default Cisco SIP Proxy TCP Listener.
                                                                              Step 3   Assign the primary (required) and backup (optional) TFTP server addresses in the fields provided. You can enter an IP address or an FQDN (Fully Qualified Domain Name).
                                                                              Step 4   Select Save.

                                                                              Troubleshooting Tips

                                                                              You can see the TFTP server addresses in the Server Health window in Cisco Jabber ( Help > Show System Diagnostics).

                                                                              Configure proxy listener and TFTP addresses for Cisco Unified Presence

                                                                              Before You Begin

                                                                              Note


                                                                              Use this procedure for Cisco Unified Presence 8.6 and earlier. If you installed Cisco Unified Communications Manager IM and Presence Service 9.0 or later, see Configure proxy listener and TFTP addresses for IM and Presence Service


                                                                              • Obtain the hostnames or IP addresses of the TFTP servers.

                                                                              Note


                                                                              Cisco recommends that Cisco Jabber use TCP to communicate with the proxy server. If you use UDP to communicate with the proxy server, availability information for contacts in the Cisco Jabber contact list might not be available for large contact lists.


                                                                              Procedure
                                                                                Step 1   Select Cisco Unified Presence Administration > Application > Cisco Unified Personal Communicator > Settings.
                                                                                Step 2   Select the Proxy Listener Default Cisco SIP Proxy TCP Listener.
                                                                                Step 3   Assign the primary (required) and backup (optional) TFTP server addresses in the fields provided. You can enter an IP address or an FQDN (Fully Qualified Domain Name).
                                                                                Step 4   Select Save.

                                                                                You can see the TFTP server addresses in the Server Health window in Cisco Jabber ( Help > Show System Diagnostics).

                                                                                Configure proxy listener and TFTP addresses for IM and Presence Service

                                                                                Procedure
                                                                                  Step 1   Select Cisco Unified Presence Administration > Application > Legacy Applications > Settings.
                                                                                  Step 2   Select the Proxy Listener Default Cisco SIP Proxy TCP Listener.
                                                                                  Step 3   Assign the primary (required) and backup (optional) TFTP server addresses in the fields provided. You can enter an IP address or an FQDN (Fully Qualified Domain Name).
                                                                                  Step 4   Select Save.

                                                                                  Configuration of security for calls

                                                                                  If your organization has a requirement for encrypted voice traffic on the network, the following configuration must be performed:

                                                                                  1. Configure the Cisco Unified Communications Manager server in secure mode.
                                                                                  2. Configure the Certificate Authority Proxy Function (CAPF) server with secure tokens.
                                                                                  3. Create device security profiles.
                                                                                  4. Apply the device security profiles to the Cisco Unified Client Services Framework devices of your users.

                                                                                  The client application can be configured to authenticate to CAPF with a null string, or a string. If a string is used, the user is prompted to enter their authentication string when they connect to Cisco Unified Communications Manager for the first time.

                                                                                  Administrators must distribute the authentication string to the users.

                                                                                  For more information about how to configure security for calls, see the Cisco Unified Communications Manager Security Guide:

                                                                                  http:/​/​www.cisco.com/​en/​US/​products/​sw/​voicesw/​ps556/​tsd_​products_​support_​series_​home.html

                                                                                  Configure security for a device

                                                                                  Procedure
                                                                                    Step 1   Select Cisco Unified Communications Manager Administration > Device > Phone.
                                                                                    Step 2   Search for the device in the Find and List Phones window.
                                                                                    Step 3   Select the name of the device.
                                                                                    Step 4   Select the security profile you require for the device from the Device Security Profile drop-down list.

                                                                                    Only the phone security profiles that are configured for the phone type and device protocol display.

                                                                                    Step 5   (Optional)If you select Cisco Unified Client Services Framework- Standard SIP Secure Profile, do the following:
                                                                                    1. Enter certification and authentication information in the Certification Authority Proxy Function (CAPF) Information section.
                                                                                    2. Select Generate String.
                                                                                    3. Email the contents of the Authentication String field to the user.

                                                                                    Reset a device


                                                                                    Note


                                                                                    You must perform this task in Cisco Unified Communications Manager.


                                                                                    Procedure
                                                                                      Step 1   Select Cisco Unified Communications Manager Administration > Device > Phone.
                                                                                      Step 2   Search for the device for the user in the Find and List Phones window.
                                                                                      Step 3   Select the name of the device.
                                                                                      Step 4   Select the directory number for the device in the Association Information section that displays on the left side of the window.
                                                                                      Step 5   Select Reset on the Directory Number Configuration window.
                                                                                      Step 6   Select Confirm Reset on the Device Reset window.

                                                                                      Voicemail

                                                                                      Configure Cisco Unity Connection servers

                                                                                      Cisco Unity Connection provides users with the ability to view, play, sort, and delete voicemail messages from the application interface.

                                                                                      Before You Begin
                                                                                      • Install and configure a supported release of Cisco Unity Connection.
                                                                                      • Integrate Cisco Unified Communications Manager and Cisco Unity Connection. Both servers must be installed and running to configure voicemail ports.
                                                                                      Procedure
                                                                                        Step 1   Set up a new or existing class of service in Cisco Unity Connection Administration to enable Internet Mail Access Protocol (IMAP) client access to voice messages.
                                                                                        1. Expand Class of Service in the section on the left-hand side.
                                                                                        2. Select Class of Service.
                                                                                        3. Select the display name of the applicable class of service in the search results table, in the Search Class of Service window.
                                                                                        4. Check Allow Users to Use Unified Client to Access Voice Mail, under Features.
                                                                                        5. Check Allow Users to Access VoiceMail Using an IMAP Client, under Licensed Features. Then select Allow Users to Access Message Bodies.
                                                                                        6. Select Save.
                                                                                        Step 2   Configure the user:
                                                                                        • If the users are existing Cisco Unity Connection users, add them to the Cisco Unified Communications Manager database. Proceed to Step 4.
                                                                                        • If the user is a new user, add the user to the Cisco Unified Communications Manager database and proceed to Step 3.
                                                                                        Step 3   Create a Cisco Unity Connection user account on the Cisco Unity Connection server with a voice mailbox for each user.
                                                                                        Note   

                                                                                        The user ID in Cisco Unity Connection does not need to match the user ID in Cisco Unified Presence or in the client application. The client application has an independent voicemail ID, which is set in the application Options dialog box. However, you might find it useful to have the same user IDs across your Cisco Unified Communications system.

                                                                                        Step 4   (Optional) Enable secure messaging as follows:
                                                                                        1. Expand Class of Service in the section on the left-hand side.
                                                                                        2. Select Class of Service.
                                                                                        3. Select the display name of the applicable class of service in the search results table, in the Search Class of Service window.
                                                                                        4. Select the option you require from the Require Secure Messaging drop-down list in the Message Options section.
                                                                                        Step 5   (Optional) Specify how to handle unidentified caller message security for your users as follows:
                                                                                        1. Expand Users in the section on the left-hand side.
                                                                                        2. Select Users.
                                                                                        3. Select the alias of a user.
                                                                                        4. Select Edit > Message Settings.
                                                                                        5. Check Mark Secure in the Unidentified Callers Message Security section.
                                                                                        Step 6   If one does not already exist, specify a web application password in Cisco Unity Connection for the applicable user accounts.

                                                                                        Troubleshooting Tips

                                                                                        • Users may need to enter their voicemail credentials in the client application if synchronization with Cisco Unified Presence is not enabled.
                                                                                        • If the server can be contacted and the user credentials are correct, but voicemail messages are not downloaded, do the following:
                                                                                          • Check the configuration of port 7993.
                                                                                          • Make sure that Cisco Unity Connection is listening on port 7993.
                                                                                          • Check the firewall configuration. Use Telnet from a remote computer to the computer running Cisco Jabber, and make sure that you can connect to the firewall. Allow the Cisco Unified Client Services Framework executable file (cucsf.exe) to establish IMAP network connections using TCP, TLS, and SSL at the appropriate server and port. For information about the ports and protocols used by the client application and Cisco Unified Client Services Framework, see the release notes: http:/​/​www.cisco.com/​en/​US/​products/​ps6844/​prod_​release_​notes_​list.html

                                                                                        Add a Voicemail Service

                                                                                        Allow users to receive voice messages

                                                                                        Procedure
                                                                                          Step 1   Open the Cisco Unified CM Administration interface.
                                                                                          Step 2   Select User Management > User Settings > UC Service. The Find and List UC Services window opens.
                                                                                          Step 3   Select Add New. The UC Service Configuration window opens.
                                                                                          Step 4   In the Add a UC Service section, select Voicemail from the UC Service Type drop-down list.
                                                                                          Step 5   Select Next.
                                                                                          Step 6   Specify details for the voicemail service as follows:
                                                                                          Product Type

                                                                                          Select Unity Connection.

                                                                                          Name

                                                                                          Enter a descriptive name for the server, for example, PrimaryVoicemailServer.

                                                                                          Description

                                                                                          Enter an optional description.

                                                                                          Hostname/IP Address
                                                                                          Enter the address of the voicemail server in one of the following formats:
                                                                                          • Hostname
                                                                                          • IP Address
                                                                                          • FQDN
                                                                                          Port

                                                                                          You do not need to specify a port number. By default, the client always uses port 443 to connect to the voicemail server. For this reason, any value you specify does not take effect.

                                                                                          Protocol Type

                                                                                          You do not need to specify a value. By default, the client always uses HTTPS to connect to the voicemail server. For this reason, any value you specify does not take effect.

                                                                                          Step 7   Select Save.

                                                                                          What to Do Next

                                                                                          Add the voicemail service to your service profile.

                                                                                          Apply Voicemail Service

                                                                                          After you add a voicemail service on Cisco Unified Communications Manager, you must apply it to a service profile so that the client can retrieve the settings.

                                                                                          Before You Begin

                                                                                          Create a service profile if none already exist or you require a separate service profile for voicemail.

                                                                                          Procedure
                                                                                            Step 1   Open the Cisco Unified CM Administration interface.
                                                                                            Step 2   Select User Management > User Settings > Service Profile. The Find and List Service Profiles window opens.
                                                                                            Step 3   Find and select your service profile. The Service Profile Configuration window opens.
                                                                                            Step 4   Configure the Voicemail Profile section as follows:
                                                                                            1. Select up to three services from the following drop-down lists:
                                                                                              • Primary
                                                                                              • Secondary
                                                                                              • Tertiary
                                                                                            2. To synchronize credentials with the voicemail service, select Unified CM - IM and Presence from theCredentials source for voicemail service drop-down list.

                                                                                              Unified CM - IM and Presence uses the instant messaging and presence credentials to log in to the voicemail service. As a result, users do not need to enter their credentials for voicemail services in the client.

                                                                                              Note    Do not select Web conferencing. This option uses the conferencing credentials to log in to the voicemail service. You cannot currently synchronize with conferencing credentials.
                                                                                            Step 5   Select Save.

                                                                                            Add a Mailstore Service

                                                                                            The mailstore service provides users with visual voicemail capabilities.

                                                                                            Procedure
                                                                                              Step 1   Open the Cisco Unified CM Administration interface.
                                                                                              Step 2   Select User Management > User Settings > UC Service.

                                                                                              The Find and List UC Services window opens.

                                                                                              Step 3   Select Add New.

                                                                                              The UC Service Configuration window opens.

                                                                                              Step 4   In the Add a UC Service section, select MailStore from the UC Service Type drop-down list.
                                                                                              Step 5   Select Next.
                                                                                              Step 6   Provide details for the mailstore service as follows:
                                                                                              Name

                                                                                              Enter a descriptive name for the server, for example, PrimaryMailStoreServer.

                                                                                              Description

                                                                                              Enter an optional description.

                                                                                              Hostname/IP Address
                                                                                              Enter the address of the mailstore server in one of the following formats:
                                                                                              • Hostname
                                                                                              • IP Address
                                                                                              • FQDN
                                                                                              Port

                                                                                              You do not need to specify a port number. By default, the client always uses port 443 to connect to the mailstore server. For this reason, any value you specify does not take effect.

                                                                                              Protocol Type

                                                                                              You do not need to specify a value. By default, the client always uses HTTPS to connect to the mailstore server. For this reason, any value you specify does not take effect.

                                                                                              Step 7   Select Save.

                                                                                              What to Do Next

                                                                                              Add the mailstore service to your service profile.

                                                                                              Apply Mailstore Service

                                                                                              After you add a mailstore service on Cisco Unified Communications Manager, you must apply it to a service profile so that the client can retrieve the settings.

                                                                                              Before You Begin

                                                                                              Create a service profile if none already exist or you require a separate service profile for the mailstore service.

                                                                                              Procedure
                                                                                                Step 1   Open the Cisco Unified CM Administration interface.
                                                                                                Step 2   Select User Management > User Settings > Service Profile.

                                                                                                The Find and List Service Profiles window opens.

                                                                                                Step 3   Find and select your service profile.

                                                                                                The Service Profile Configuration window opens.

                                                                                                Step 4   Configure the MailStore Profile section as follows:
                                                                                                1. Select up to three services from the following drop-down lists:
                                                                                                  • Primary
                                                                                                  • Secondary
                                                                                                  • Tertiary
                                                                                                2. Specify appropriate values for the following fields:
                                                                                                  • Inbox Folder
                                                                                                  • Trash Folder
                                                                                                  • Polling Interval
                                                                                                Step 5   Select Save.

                                                                                                Configure Retrieval and Redirection

                                                                                                Configures retrieval so that users can access voicemail messages in the client interface. Configure redirection so that users can send incoming calls to voicemail. You configure retrieval and redirection on Cisco Unified Communications Manager.

                                                                                                Procedure
                                                                                                  Step 1   Open the Cisco Unified CM Administration interface.
                                                                                                  Step 2   Configure the voicemail pilot.
                                                                                                  1. Select Advanced Features > Voice Mail > Voice Mail Pilot. The Find and List Voice Mail Pilots window opens.
                                                                                                  2. Select Add New. The Voice Mail Pilot Configuration window opens.
                                                                                                  3. Specify the appropriate details on the Voice Mail Pilot Configuration window.
                                                                                                  4. Select Save.
                                                                                                  Step 3   Add the voicemail pilot to the voicemail profile.
                                                                                                  1. Select Advanced Features > Voice Mail > Voice Mail Profile. The Find and List Voice Mail Mail Profiles window opens.
                                                                                                  2. Specify the appropriate filters in the Find Voice Mail Profile where Voice Mail Profile Name field and then select Find to retrieve a list of profiles.
                                                                                                  3. Select the appropriate profile from the list. The Voice Mail Pilot Configuration window opens.
                                                                                                  4. Select the voicemail pilot from the Voice Mail Pilot drop-down list.
                                                                                                  5. Select Save.
                                                                                                  Step 4   Specify the voicemail profile in the directory number configuration.
                                                                                                  1. Select Device > Phone. The Find and List Phones window opens.
                                                                                                  2. Specify the appropriate filters in the Find Phone where field and then select Find to retrieve a list of devices.
                                                                                                  3. Select the appropriate device from the list. The Phone Configuration window opens.
                                                                                                  4. Locate the Association Information section.
                                                                                                  5. Select the appropriate device number. The Directory Number Configuration window opens.
                                                                                                  6. Locate the Directory Number Settings section.
                                                                                                  7. Select the voicemail profile from the Voice Mail Profile drop-down list.
                                                                                                  8. Select Save.

                                                                                                  Set a Voicemail Credentials Source

                                                                                                  You can specify a voicemail credentials source for users.

                                                                                                  Procedure
                                                                                                    Step 1   Open the Cisco Unified CM Administration interface.
                                                                                                    Step 2   Select User Management > User Settings > Service Profile.
                                                                                                    Step 3   Select the appropriate service profile to open the Service Profile Configuration window.
                                                                                                    Step 4   In the Voice mail Profile section, select Unified CM - IM and Presencefrom the Credentials source for voicemail service drop-down list.
                                                                                                    Note   

                                                                                                    Do not select Web Conferencing from the Credentials source for voicemail service drop-down list. You cannot currently use conferencing credentials as a credentials source for voicemail services.


                                                                                                    The user's instant messaging and presence credentials match the user's voicemail credentials. As a result, users do not need to specify their voicemail credentials in the client user interface.

                                                                                                    What to Do Next

                                                                                                    Important:

                                                                                                    There is no mechanism to synchronize credentials between servers. If you specify a credentials source, you must ensure that those credentials match the user's voicemail credentials.

                                                                                                    For example, you specify that a user's instant messaging and presence credentials match the user's Cisco Unity Connection credentials. The user's instant messaging and presence credentials then change. You must update the user's Cisco Unity Connection credentials to reflect that change.

                                                                                                    Meetings

                                                                                                    Configure the Cisco WebEx Meetings Server

                                                                                                    The first step in setting up integration between Cisco WebEx Meetings Server and the client is to install and configure Cisco WebEx Meetings Server. You should refer to the Cisco WebEx Meetings Server product documentation for installation and configuration procedures.

                                                                                                    Cisco WebEx Meetings Server Install and Upgrade Guides

                                                                                                    Configure Cisco WebEx Meeting Server for Cisco Unified Presence

                                                                                                    Before You Begin

                                                                                                    Use this procedure for Cisco Unified Presence 8.6 and earlier. If you installed Cisco Unified Communications Manager IM and Presence Service 9.0 or later, see Configure the Cisco WebEx Meeting Server in Cisco Unified CM.

                                                                                                    Procedure
                                                                                                      Step 1   Select Cisco Unified Presence Administration > Application > Cisco Unified Personal Communicator > Conferencing Server.
                                                                                                      Step 2   Select Add New.
                                                                                                      Step 3   Enter information in the following fields.
                                                                                                      Field Name Description
                                                                                                      Name Enter the name of the conferencing server. The name should be descriptive enough for you to instantly recognize it.
                                                                                                      Description (Optional) Enter a description that helps you to distinguish between conferencing servers. You can change the description at any time.
                                                                                                      Hostname/IP Address Enter the site URL for Cisco WebEx Meetings Server.
                                                                                                      Port Leave the default value.
                                                                                                      Protocol Select HTTPS: from the drop-down list.
                                                                                                      Server Type Select WebEx from the drop-down list.
                                                                                                      Step 4   Select Save.

                                                                                                      Configure the Cisco WebEx Meeting Server in Cisco Unified CM

                                                                                                      Procedure
                                                                                                        Step 1   In Cisco Unified Communications Manager, select User Management > User Settings > UC Service.
                                                                                                        Step 2   Select Add New.
                                                                                                        Step 3   Select Conferencing from the UC Service drop-down list.
                                                                                                        Step 4   Enter information in the following fields.
                                                                                                        Field Name Description
                                                                                                        UC Service Type Select Conferencing as the UC service type.
                                                                                                        Product Type Select WebEx
                                                                                                        Name Enter the name of the conferencing service. The name should be descriptive enough for you to instantly recognize it. Maximum character length is 50 (ASCII only).
                                                                                                        Description (Optional) Enter a description that helps you to distinguish between conferencing services. You can change the description at any time. Maximum character length is 100.
                                                                                                        Hostname/IP Address Address of the conferencing service. May take one of the following forms:
                                                                                                        • Hostname
                                                                                                        • IP address
                                                                                                        • FQDN

                                                                                                        This field value must exactly match the hostname, IP address, or FQDN of the associated directory service. If the address of the directory service changes, change this field value accordingly.

                                                                                                        Allowed values are:
                                                                                                        • Alphanumeric (a-zA-Z0-9)
                                                                                                        • period (.)
                                                                                                        • backslash (\)
                                                                                                        • dash (-)
                                                                                                        • underscore (_)
                                                                                                        Port Enter the port for the conferencing service so that users can contact the service when they sign in to web conferences. Allowable values are 1 to 65535. Default is 80.
                                                                                                        Note   
                                                                                                        • Use port 80 for HTTP and port 443 for HTTPS communications
                                                                                                        • This value must match the available port on the conferencing service. Change the port number only if it conflicts with other services.
                                                                                                        Protocol SelectHTTPS
                                                                                                        Step 5   Select Save.

                                                                                                        An Add Successful message appears and the conferencing service is created in the Unified Communications Manager database.


                                                                                                        Add Conferencing Profile to Service Profile

                                                                                                        Procedure
                                                                                                          Step 1   Select Cisco Unified Communication Manager > User Management > User Settings > Service Profile
                                                                                                          Step 2   Select the service profile.
                                                                                                          Step 3   Go to Conferencing Profile.
                                                                                                          Step 4   Enter information in the following fields:
                                                                                                          Field Setting
                                                                                                          Primary Select a primary directory server from the drop-down list. The list contains the conferencing servers that you previously configured on the UC Services window.
                                                                                                          Secondary Select a secondary directory server, if applicable.
                                                                                                          Tertiary Select a tertiary directory server, if applicable.
                                                                                                          Server Certificate Validation Specify how the conferencing server associated with this profile supports TLS connections. This setting is for TLS verification of the conferencing servers listed for this conferencing profile.
                                                                                                          Select from one of the following options:
                                                                                                          • Any Certificate: Cisco Jabber would accept all valid certificates. (This is the default setting)
                                                                                                          • Self Signed or Keystore: Cisco Jabber would accept any certificate that is self-signed, or one for which the signing Certificate Authority is in the local trust store
                                                                                                            Note   

                                                                                                            A keystore is a file that stores authentication and encryption keys.

                                                                                                          • Keystore Only: Cisco Jabber would accept only certificates that are defined in the keystore. When you select this option, you must import a certificate or its Certificate Authority signing certificate into the local trust store.


                                                                                                          Distribute the Cisco Jabber for Mac client

                                                                                                          Visit the Cisco Software Center to download the Cisco Jabber for Mac client.

                                                                                                          Upgrading in the Mac OS X environment is performed automatically by the application, with permission from the user.