Deployment Guide for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1)
IM and Presence intercluster deployment configuration
Download this chapter
IM and Presence intercluster deployment configurationIM and Presence intercluster deployment configuration
Download the complete book
Deployment Guide for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1)Deployment Guide for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1) (PDF - 5 MB)
 Feedback

Contents

IM and Presence intercluster deployment configuration

Intercluster deployments

Intercluster hardware recommendations

When planning an intercluster deployment, it is recommended that similar hardware is used on all IM and Presence clusters in the Enterprise to allow for syncing of all user data between clusters. For example, if an MCS 7845 is deployed in Cluster A with 15,000 users, then an MCS 7845 should be deployed in Cluster B even if only needed for 500 users.

Intercluster peer relationships

You can configure peer relationships that interconnect standalone IM and Presence clusters, known as intercluster peers. This intercluster peer functionality allows users in one IM and Presence cluster to communicate and subscribe to the availability information of users in a remote IM and Presence cluster within the same domain. Keep in mind that if you delete an intercluster peer from one cluster, then you must also delete the corresponding peer in the remote cluster.

IM and Presence uses the AXL/SOAP interface to retrieve user information for the home cluster association. IM and Presence uses this user information to detect if a user is a local user (user on the home cluster), or a user on a remote IM and Presence cluster within the same domain.

IM and Presence uses the XMPP interface for the subscription and notification traffic. If IM and Presence detects a user to be on a remote cluster within the same domain, IM and Presence reroutes the messages to the remote cluster.


Caution

Cisco highly recommends that you set up intercluster peers in a staggered manner, as the initial sync uses substantial bandwidth and CPU. Setting up multiple peers at the same time could result in excessive sync times.

Intercluster router to router connections

By default, IM and Presence assigns all nodes in a cluster as intercluster router-to-router connectors. When IM and Presence establishes an intercluster peer connection between the clusters over the AXL interface, it synchronizes the information from all intercluster router-to-router connector nodes in the home and remote clusters.

You must restart the Cisco XCP Router service on all nodes in both local and remote clusters for IM and Presence to establish a connection between the intercluster router-to-router connector nodes. Each intercluster router-to-router connector in one cluster then either initiates or accepts an intercluster connection with router-to-router connectors in the other cluster.


Note

In an intercluster deployment, when you add a new node to a cluster, you must restart the Cisco XCP router on all nodes in both the local and remote clusters.

Related Topic

Secure intercluster router to router connections

Node name value for intercluster deployments


Note

This topic is only applicable if you are not using DNS in your network.

If you configure an intercluster deployment, and you do not use DNS in your network, you must configure the node name value as the IP address of the node.

During installation IM and Presence only permits you to specify the hostname as the node name value. Therefore, once you complete the installation, you must change the node name value to the IP address of the node.

Perform this configuration on all nodes in both the local and remote clusters.

Related Tasks
Related References

Domain value for intercluster deployments


Note

This topic is only applicable if you are not using DNS in your network.

If you configure an intercluster deployment, and you do not use DNS in your network, note the following:

  • The Domain value on the local server must match the Domain value on the remote server.
  • IM and Presence automatically defaults to the Domain value DOMAIN.NOT.SET. On both the local and remote cluster, you must replace this default value with a valid Domain value, otherwise the intercluster functionality will not work correctly.

To configure the Domain value, follow the procedures described in Domain value configuration.

Related Topic

Node name value for intercluster deployments

Secure intercluster router to router connections

You can configure a secure XMPP connection between all router-to-router connectors in your IM and Presence deployment, incorporating both intracluster and intercluster router to router connections. Select Cisco Unified CM IM and Presence Administration > System > Security > Settings, and check Enable XMPP Router-to-Router Secure Mode.

When you turn on the secure mode for XMPP router-to-router connections, IM and Presence enforces a secure SSL connection using XMPP trust certificates. For intercluster deployments, IM and Presence enforces a secure SSL connection between each router-to-router connector node in the local cluster, and each router connector node in the remote cluster.

Related References

Prerequisites for intercluster deployment

You configure an intercluster peer between the publisher nodes in standalone IM and Presence clusters. No configuration is required on the subscriber nodes in a cluster for intercluster peer connections. Before you configure IM and Presence intercluster peers in your network, note the following:

  • The intercluster peers must each integrate with a different Cisco Unified Communications Manager cluster.
  • You must complete the required multi-node configuration in both the home IM and Presence cluster, and in the remote IM and Presence cluster:
    • Configure the system topology and assign your users as required.
    • Activate the services on each IM and Presence node in the cluster.
  • You must turn on the AXL interface on the local IM and Presence publisher node, and on the remote IM and Presence publisher node. IM and Presence creates, by default, an intercluster application user with AXL permissions. To configure an intercluster peer, you will require the username and password for the intercluster application user on the remote IM and Presence server.
  • You must turn on the Sync Agent on the local IM and Presence publisher node, and on the remote IM and Presence publisher node. Allow the Sync Agent to complete the user sychronization from Cisco Unified Communications Manager before you configure the intercluster peers.

For sizing and performance recommendations for intercluster deployments, including information on determining a presence user profile, see the IM and Presence SRND.

Related Information

Intercluster peer configuration

Configure an intercluster peer

Perform this procedure on the publisher node of the local IM and Presence cluster, and on the publisher node of the remote IM and Presence cluster (with which you want your local cluster to form a peer relationship).

Before You Begin
  • Activate the AXL interface on the local IM and Presence node, and confirm that the AXL interface is activated on the remote IM and Presence publisher node.
  • Confirm that the Sync Agent has completed the user synchronization from Cisco Unified Communications Manager on the local and remote cluster.
  • Acquire the AXL username and password for the intercluster application user on the remote IM and Presence server.
  • If you do not use DNS in your network, read the topics titled Presence domain value for intercluster deployments and Node name value for intercluster deployments.

Restriction

We recommend that you use TCP as the intercluster trunk transport for all IM and Presence clusters.

Procedure
    Step 1   Select Cisco Unified CM IM and Presence Administration > Presence > Inter-Clustering.
    Step 2   Enter the IP address of the publisher node of a remote IM and Presence cluster.
    Step 3   Enter the username of the application user on the remote IM and Presence server that has AXL permissions.
    Step 4   Enter the associated password of the application user on the remote IM and Presence server that has AXL permissions.
    Step 5   Enter the preferred protocol for SIP communication.
    Step 6   (Optional) Enter the External Phone Number Mask value. This is the E164 mask to apply to Directory Numbers retrieved from the remote cluster.
    Step 7   Select Save.
    Step 8   Restart the Cisco XCP Router service on all nodes in the local cluster.
    Step 9   Repeat this procedure to create the remote intercluster peer, and then restart the Cisco XCP Router service on all nodes in the remote cluster

    Troubleshooting Tips

    • If you configure the intercluster peer connection before the Sync Agent completes the user synchronization from Cisco Unified Communications Manager (on either the local or remote cluster), the status of the intercluster peer connection will display as failed.
    • If you select TLS as the intercluster transport protocol, IM and Presence attempts to automatically exchange certificates between intercluster peers to establish a secure TLS connection. IM and Presence indicates whether or not the certificate exchange is successful in the intercluster peer status section.
    What to Do Next

    Turn on Intercluster Sync Agent

    Related Tasks
    Related References

    Turn on Intercluster Sync Agent

    By default, IM and Presence turns on the Intercluster Sync Agent parameter. Use this procedure to either verify that the Intercluster Sync Agent parameter is on, or to manually turn on this service.

    The Intercluster Sync Agent uses the AXL/SOAP interface for the following:

    • to retrieve user information for IM and Presence to determine if a user is a local user (on the local cluster), or a user on a remote IM and Presence cluster within the same domain.
    • to notify remote IM and Presence clusters of changes to users local to the cluster.

    Note

    You must turn on the Intercluster Sync Agent on all nodes in the IM and Presence cluster because in addition to synchronizing user information from the local publisher node to the remote publisher node, the Intercluster Sync Agent also handles security between all nodes in the clusters.

    Procedure
      Step 1   Select Cisco Unified IM and Presence Serviceability > Tools > Control Center - Network Services.
      Step 2   Select the IM and Presence server from the Server menu.
      Step 3   Select Cisco Intercluster Sync Agent.
      Step 4   Select Start.
      What to Do Next

      Verify intercluster peer status

      Related Tasks
      Related Information

      Verify intercluster peer status

      Procedure
        Step 1   Select Cisco Unified CM IM and Presence Administration > Presence > Inter-Clustering.
        Step 2   Select the peer address from the search criteria menu.
        Step 3   Select Find.
        Step 4   Select the peer address entry that you wish to view.
        Step 5   In the Intercluster Peer Status window:
        1. Verify that there are check marks beside each of the result entries for the intercluster peer.
        2. Make sure that the Associated Users value equals the number of users on the remote cluster.
        3. If you select TLS as the intercluster transport protocol, the Certificate Status item displays the status of the TLS connection, and indicates if IM and Presence successfully exchanged security certificates between the clusters. If the certificate is out-of-sync, you need to manually update the tomcat trust certificate (as described in this module). For any other certificate exchange errors, check the Online Help for a recommended action.
        Step 6   Select Cisco Unified CM IM and Presence Administration > Diagnostics > System Troubleshooter.
        Step 7   Verify that there are check marks beside the status of each of the intercluster peer connection entries in the InterClustering Troubleshooter section.
        Related Tasks

        Update Intercluster Sync Agent Tomcat trust certificates

        If the tomcat certificate status for an intercluster peer is out-of-sync, you need to update the Tomcat trust certificate. In an intercluster deployment this error can occur if you reuse the existing Intercluster Peer Configuration to point to a new remote cluster. Specifically, in the existing Intercluster Peer Configuration window, you change the Peer Address value to point to a new remote cluster. This error can also occur in a fresh IM and Presence install, or if you change the IM and Presence host or domain name, or if you regenerate the Tomcat certificate.

        This procedure describes how to update the Tomcat trust certificate when the connection error occurs on the local cluster, and the ‘bad’ Tomcat trust certificates are associated with the remote cluster.

        Procedure
          Step 1   Select Cisco Unified CM IM and Presence Administration > Presence > Inter-Clustering.
          Step 2   Select Force Sync to synchronize certificates with the remote cluster.
          Step 3   In the confirmation window that displays, select Also resync peer's Tomcat certificates.
          Step 4   Select OK.
          Related Tasks

          User migration between IM and Presence clusters

          This section describes how to migrate users between IM and Presence clusters. You must complete the following procedures in the order in which they are presented:

          1. Unassign the migrating users from their current cluster.
          2. Export the contact lists of the migrating users from their current home cluster.
          3. Disable the migrating users for IM and Presence and Cisco Jabber on their current home cluster from Cisco Unified Communications Manager
          4. If LDAP Sync is enabled on Cisco Unified Communications Manager:
            • move the users to the new Organization Unit, from which their new cluster synchronizes its information
            • synchronize the users to the new home Cisco Unified Communications Manager.
          5. If LDAP Sync is not enabled on Cisco Unified Communications Manager, manually provision the migrating users on Cisco Unified Communications Manager.
          6. Enable users for IM and Presence and Cisco Jabber.
          7. Import contact lists to the new home cluster to restore contact list data for migrated users.

          Before You Begin

          Complete the following tasks:

          • Perform a full DRS of the current cluster and the new home cluster. See the Disaster Recovery System Administration Guide for more information.
          • Ensure that the following services are running:
            • Cisco Intercluster Sync Agent
            • Cisco AXL Web Service
            • Cisco Sync Agent
          • Run the Troubleshooter and ensure that there are no Intercluster Sync Agent issues reported. All Intercluster Sync Agent issues reported on the Troubleshooter must be resolved before proceeding with this procedure.
          • Cisco recommends that the Allow users to view the availability of other users without being prompted for approval setting is enabled. To enable this setting, select Cisco Unified CM IM and Presence Administration > Presence > Settings. Any change to this setting requires a restart of the Cisco XCP Router.
          • Cisco recommends that the following settings are set to No Limit:
            • Maximum Contact List Size (per user)
            • Maximum Watchers (per user) To configure these settings, select Cisco Unified CM IM and Presence Administration > Presence > Settings.

          Unassign users from current cluster

          Complete this procedure to unassign the migrating users from their current cluster.

          Procedure
            Step 1   Select Cisco Unified CM IM and Presence Administration > System > Cluster Topology.
            Step 2   Select the users that you want to migrate to a remote IM and Presence cluster.
            Step 3   Select Assign Selected Users and in the next dialog box, select Unassigned.
            Step 4   Select Save.
            What to Do Next

            Export user contact lists

            Related Tasks

            Export user contact lists

            Complete this procedure to export the contact lists of the migrating from their current cluster.

            Procedure
              Step 1   Export the contact lists of the migrating users from the current home cluster.
              1. Select Cisco Unified CM IM and Presence Administration > Bulk Administration > Contact List > Export.
              2. Select All unassigned users in the cluster and select Find.
              3. Review the results and use the AND/OR filter to filter the search results as required.
              4. When the list is complete, select Next.
              5. Select a filename for the exported contact list data.
              6. Optionally update the Job Description.
              7. Select Run Now or schedule the job to run later.
              Step 2   Monitor the status of the contact list export job.
              1. Select Cisco Unified CM IM and Presence Administration > Bulk Administration > Job Scheduler.
              2. Select Find to list all BAT jobs.
              3. Find your contact list export job and when it is reported as completed, select the job.
              4. Select the CSV File Name link to view the contents of the contact list export file. Note that a timestamp is appended to the filename.
              5. From the Job Results section, select the log file to see a summary of what was uploaded. The job begin and end time is listed and a result summary for the job is presented.
              Step 3   Download the contact list export file and store it for use later when the user migration is complete.
              1. Select Cisco Unified CM IM and Presence Administration > Bulk Administration > Upload/Download Files.
              2. Select Find.
              3. Select the contact list export file and select Download Selected.
              4. Save the CSV file locally for upload later in the procedure.
              What to Do Next

              Unlicense the users

              Related Tasks

              Disable users for IM and Presence

              The following procedure describes how to disable a migrating user for IM and Presence and Cisco Jabber on their current home cluster.

              For information about how to update users in bulk, see the Cisco Unified Communications Manager Bulk Administration Guide.

              Procedure
                Step 1   From Cisco Unified Communications Manager Administration select User Management > End User.
                Step 2   Use the filters to find the user that you want to disable for IM and Presence.
                Step 3   In the End User Configuration screen, uncheck Enable User for Unified CM IM and Presence.
                Step 4   Select Save.
                Related Information

                Move users to new cluster

                The procedure to move the users to the new cluster differs depending on whether LDAP Sync is enabled on Cisco Unified Communications Manager.

                LDAP sync enabled on CUCM

                If LDAP Sync is enabled on Cisco Unified Communications Manager, you must move users to the new Organizational Unit and synchronize the users to the new home cluster.

                Move users to new Organizational Unit

                If LDAP Sync is enabled on Cisco Unified Communications Manager (Unified CM), you must move the users to the new Organizational Unit (OU) from which their new cluster synchronizes if the deployment uses a separate LDAP structure (OU divided) for each cluster, where users are only synchronized from LDAP to their home cluster.


                Note

                You do not need to move the users if the deployment uses a flat LDAP structure, that is, all users are synchronized to all Unified CM and IM and Presence clusters where users are licensed to only one cluster.

                For more information about how to move the migrating users to the relevant OU of the new home cluster, see the LDAP Administration documentation.

                After you move the users, you must delete the LDAP entries from the old LDAP cluster.

                What to Do Next

                Synchronize the users to the new home cluster

                Related Tasks
                Synchronize users to new home cluster

                If LDAP is enabled on Cisco Unified Communications Manager (Unified CM), you must synchronize the users to the new home Unified CM cluster. You can do this manually on Unified CM or you can wait for a scheduled synchronization on Unified CM.

                To manually force the synchronization on Unified CM, complete the following procedure.

                Procedure
                  Step 1   From Cisco Unified CM Administration, select System > LDAP > LDAP Directory.
                  Step 2   Select Perform Full Sync Now.
                  What to Do Next

                  License the users on the new cluster.

                  Related Tasks

                  LDAP Sync not enabled on Cisco Unified Communications Manager

                  If LDAP Sync is not enabled on Cisco Unified Communications Manager (Unified CM), you must manually provision the users on the new Unified CM cluster. See the Cisco Unified Communications Manager Administration Guide for more information.

                  Enable users for IM and Presence on new cluster

                  When the users have been synchronized, or manually provisioned, on the new home cluster, you must enable the users for IM and Presence and Cisco Jabber.

                  Procedure
                    Step 1   From Cisco Unified Communications Manager Administration select User Management > End User.
                    Step 2   Use the filters to find the user that you want to enable for IM and Presence.
                    Step 3   In the End User Configuration screen, check Enable User for Unified CM IM and Presence.
                    Step 4   Select Save.
                    Step 5   Provision the users on Unified CM for Phone and CSF. See the Cisco Unified Communications Manager Administration Guide for more information.

                    For information about how to update users in bulk, see the Cisco Unified Communications Manager Bulk Administration Guide.

                    What to Do Next

                    Import contact lists on the new home cluster.

                    Related Tasks
                    Related Information

                    Import contact lists on home cluster

                    You must import the contact lists to restore contact data for the migrated users.

                    Procedure
                      Step 1   Upload the previously exported contact list CSV file.
                      1. Select Cisco Unified CM IM and Presence Administration > Bulk Administration > Upload/Download Files.
                      2. Select Add New.
                      3. Select Browse to locate and select the contact list CSV file.
                      4. Select Contact Lists as the Target.
                      5. Select Import Users’ Contacts - Custom File as the Transaction Type,
                      6. Optionally check Overwrite File if it exists.
                      7. Select Save to upload the file.
                      Step 2   Run the import contact list job.
                      1. Select Cisco Unified CM IM and Presence Administration > Bulk Administration > Contact List > Update.
                      2. Select the CSV file you uploaded in Step 1.
                      3. Optionally update the Job Description.
                      4. To run the job now, select Run Immediately. Select Run Later to schedule the update for a later time.
                      5. Select Submit.
                      Step 3   Monitor the contact list import status.
                      1. Select Cisco Unified CM IM and Presence Administration > Bulk Administration > Job Scheduler.
                      2. Select Find to list all BAT jobs.
                      3. Select the job ID of the contact list import job when its status is reported as complete.
                      4. To view the contents of the contact list file, select the file listed at CSV File Name.
                      5. Select the Log File Name link to open the log.

                        The begin and end time of the job is listed and a result summary is also displayed.