The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
To begin setting up and using the Cisco Voice Provisioning Tool, you should understand the various parts of the system and how they fit together, as well as how you can customize each piece to the needs of your deployment. This chapter provides background information, in the following sections:
•Understanding the Cisco Voice Provisioning Tool Components
•VPT System Configuration Checklist
The Cisco Voice Provisioning Tool is a web-based application for use in performing frequent move/add/change operations within a Cisco IP Telephony deployment. The VPT installation process automatically sets up plug-ins that allow for the provisioning and management of user profiles and Cisco IP Phones in Cisco CallManager, and subscribers in Cisco Unity. Because the tool provides one single graphical interface to both types of systems and can be configured to provision multiple Cisco CallManager clusters and Cisco Unity server instances at once, it can simplify adding, locating, and managing end users and their associated phones and messaging accounts.
The following sections provide further detail on the main VPT system components:
•VPT Graphical User Interface (GUI)
You can use the Cisco Voice Provisioning Tool from any supported host/browser that has access to the VPT server.
When an administrator logs in to VPT, the GUI provides dual-pane navigation: a tree control task list pane on the left for finding and choosing tasks, and a task pane on the right for following the steps that are required to accomplish a task. Provisioning tasks (such as adding phones and users) display in the task list under Voice Provisioning. VPT management tasks (such as adding product systems) appear under VPT Administration. With the VPT role-based authorization approach, an administrator typically sees only the options that are available to the roles to which the account belongs.
VPT administrators comprise all individuals who have accounts with permission to access the Cisco Voice Provisioning Tool. Although VPT administrative accounts may be created for the same people who administer Cisco Unity and Cisco CallManager within an organization, no requirement exists for this. VPT maintains its own administrative account information and role-based permissions, which allow the creation of administrative accounts that only permit specific tasks to be performed on specific systems or types of systems. See the "Adding and Managing Administrators" section on page 3-12 for related procedures.
VPT uses a Role-Based Access Control (RBAC) approach for authorization. At the lowest level, privileges (for example, the ability to add users) combine with the product system(s) to which they can be applied (for example, a particular Cisco CallManager server) to define a permission. Sets of permissions are grouped into roles, and access to perform a given set of tasks on a given set of resources goes to administrators who have been assigned the associated role. An administrator can be assigned to more than one role.
The plug-ins that are installed in the system define the list of privileges that are available for use in creating roles. (By default, Cisco CallManager version 4.1(3) and Cisco Unity version 4.0(5) plug-ins are installed.) For example, the Cisco CallManager plug-in defines privileges to add, view, modify, and delete phones and to add, view, modify, and delete users.
The product systems that have been configured to use a particular plug-in define the list of resources or servers on which a privilege can be granted. For example, the privilege to view phones can be granted on a particular Cisco CallManager server (which uses the Cisco CallManager plug-in).
Besides granting permissions to an individual product system resource, a predefined All <Product System Type> resource automatically applies any privileges granted for it to all currently configured product systems of a given type (that is, product systems that all use the same plug-in). As new product systems of that type are added, they automatically are included.
In addition to specifying provisioning permissions for product systems, with VPT roles you can grant or deny permissions for configuring and monitoring the VPT application itself (for example, a role could include the ability to add product systems or to configure audit log settings and view audit logs).
When VPT is installed, three predefined roles are created automatically. Each default role includes a name and description that cannot be modified. You cannot delete a default role. See Table 1-1 for information about these predefined roles.
If a new product plug-in is added to the Cisco Voice Provisioning Tool, each predefined role automatically is updated to include the appropriate privileges on all product systems that use that plug-in (for example, an administrator that is associated only with the View-only Provisioning role would automatically be able to view, but not modify, any objects on any product systems that use the new plug-in). Similarly, when a plug-in is removed, the corresponding privileges are removed from each predefined role.
In addition to the predefined roles, administrators with sufficient permissions can add, modify, or delete custom roles. Custom roles are not automatically updated when new product plug-ins are installed, but administrators with appropriate privileges can modify them to include permissions for newly added systems. See the "Adding and Managing Roles" section on page 3-11 for related procedures.
A product system represents a Cisco IP Telephony product with a distinct set of provisioning data (for example, a Cisco CallManager cluster or a Cisco Unity failover pair). You can use VPT to administer multiple product systems of the same type.
For each Cisco CallManager cluster, you configure a product system in VPT to represent the publisher server (if only one Cisco CallManager server acts as publisher and subscriber, you configure that server as the product system representative). For Cisco Unity servers, you configure a product system for each Cisco Unity system that has a unique set of subscribers. In a failover pair, you can specify information in the product system configuration for both the primary and secondary servers, and VPT will communicate with whichever server is currently active.
While the VPT administrators do not need to have accounts on the Cisco CallManager or Cisco Unity servers that they manage, each product system must have a system account that is configured, so that the VPT server can authenticate and communicate with the product system. You must configure VPT to use the correct credentials for this account when it connects to the product system.
See the "Adding and Managing Product Systems" section on page 3-1 for step-by-step procedures for configuring and adding a product system to VPT.
Plug-ins define the provisioning actions that are available to VPT for a particular type (and version) of product system. They also define the individual permissions that can be granted to manage the associated product systems.
The Cisco Voice Provisioning Tool automatically includes plug-ins for Cisco CallManager version 4.1(3) and Cisco Unity version 4.0(5). Plug-ins provide the core extensibility of the VPT system. As new plug-ins are developed, you can dynamically add them to the VPT system to extend the provisioning capabilities to cover additional types of systems and provisioning actions.
The Cisco Voice Provisioning Tool unifies the most common elements of end-user move/add/change operations by providing a single interface to provision users and phones across Cisco CallManager and Cisco Unity. To further aid in provisioning tasks, the provisioning interface provides unified template and bulk import/export support.
The Cisco Voice Provisioning Tool allows administrators to configure and store templates that include default data for creating users on a Cisco CallManager system, a Cisco Unity system, or on both systems simultaneously. The tool also allows you to set up templates for provisioning phones on a Cisco CallManager system. You can enter as much or as little data as you want in a template. In addition, you can enter a subset of the information that is required for a given field; for example, you can enter a partial MAC address for a phone and fill in the rest of the MAC address when you apply the template to create a phone.
In addition to using templates to add a user or phone, you can apply templates to existing users or phones either individually or in bulk. If a value is specified in a given field in the template, it overwrites any existing information in the field for the user or phone (however, in the case of bulk adds or updates, if a different value is specified for the field in the CSV file, the value in the CSV file takes precedence over the template value).
The bulk provisioning functionality allows administrators to schedule and run bulk add, bulk update, and bulk export tasks on large sets of users or phones at one time. You can access information about scheduled, queued, running, and completed jobs and the associated input or output file and log file from the Manage Bulk Tasks window. You can modify or cancel tasks that are scheduled or queued, cancel in-progress tasks, and rerun tasks that have completed or remove them from the list of saved tasks.
The VPT database contains data that the VPT application uses to facilitate provisioning of product systems—details about the product systems and how to communicate with them; information about administrator accounts, roles, and permissions; security settings; and the templates that are used in provisioning users and phones. The VPT database does not store data that is related to individual users and phones. This data resides in the databases of the individual product systems to which the users and phones have been added.
You can back up and restore the VPT database by using OSQL commands. See the "Database Management" chapter for details.
The VPT audit logs provide a record of activity on the system, including information about who performed an action and when the action occurred. Audit log entries are generated for login and logout attempts, provisioning operations, configuration changes, and the startup and shutdown of the VPT application. See the "Audit Logging" chapter for details on configuring and accessing the audit logs.
Table 1-2 describes the tasks that you perform after the Cisco Voice Provisioning Tool is installed to set up the system to perform provisioning actions.
|
|
|
---|---|---|
Step 1 |
Review the descriptive information on the components of the Cisco Voice Provisioning Tool. This information provides you with an understanding of how the various configuration elements relate to one another. |
|
Step 2 |
Log in to the VPT GUI, and familiarize yourself with the interface and how you can customize it. |
|
Step 3 |
Add Cisco CallManager and/or Cisco Unity servers as new product systems. |
•Adding a Cisco CallManager Server, page 3-1 |
Step 4 |
Decide whether you will use the default roles or add new roles to provide the specific permissions that are desired for your environment. |
|
Step 5 |
Add additional administrator accounts. |
|
Step 6 |
Review VPT security recommendations and take action on any that apply to your environment. |
|
Step 7 |
Review the descriptive information on the VPT database and review how to back it up and restore it. |
|
Step 8 |
Review the audit logging settings and familiarize yourself with the contents of the logs. Also, understand which information is written to the logs and which information is written to the Windows application event log. |
|
Step 9 |
Tell administrators how to access the tool and point them to information on using the tool for provisioning users and phones. |
Cisco Voice Provisioning Tool User and Phone Management Guide |