Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1)
Overview of this integration
Download this chapter
Overview of this integrationOverview of this integration
Download the complete book
Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1)Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1) (PDF - 5 MB)
 Feedback

Overview of this integration

Basic federated network

This integration enables IM and Presence Service users in one enterprise domain to exchange presence information and Instant Messaging (IM) with users in foreign domains. IM and Presence Service uses different protocols to federate with different foreign domains.

IM and Presence Service uses the standard Session Initiation Protocol (SIP RFC 3261) to federate with:

  • Microsoft Office Communications Server Release 2 (OCS R2), OCS 2007, Microsoft Lync 2010

    Note

    IM and Presence Service Release 9.0 or later supports interdomain federation with Microsoft Lync. For IM and Presence Service Release 9.0 or later, any reference to interdomain federation with OCS also includes Microsoft Lync, unless explicitly stated otherwise.

  • AOL SIP Access Gateway (SAG)

    Note

    IM and Presence Service Release 9.0 or later supports interdomain federation with AOL.

    SIP federation with AOL enables IM and Presence Service users to federate with the following users:

    • Users of AOL public communities, for example, aim.com, aol.com.
    • Users of an enterprise whose domain is hosted by AOL.
    • Users of a foreign enterprise that federate with AOL. IM and Presence could use AOL as a clearing house to federate with these foreign enterprises.

IM and Presence Service uses the Extensible Messaging and Presence Protocol (XMPP) to federate with:

  • IBM Sametime Server 8.2 and 8.5
  • Cisco Webex Connect Release 6
  • GoogleTalk
  • Cisco Unified Presence Release 8.x
  • Any other server that is XMPP Standards compliant
  • IM and Presence Service does not support federation between a IM and Presence Service Release 9.0 enterprise, and a Cisco Unified Presence Release 7.0(x) enterprise.
  • IM and Presence Service supports XMPP federation with GoogleTalk over TCP. XMPP federation with GoogleTalk over TLS is not supported.
  • When federating with Google over TCP, Google does not allow federation with a domain that has a Google Apps subscription with it.

The following figure provides an example of a SIP federated network between IM and Presence Service enterprise deployment and Microsoft OCS enterprise deployment.

Figure 1. Basic SIP Federated Network between IM and Presence and Microsoft OCS



In the figure, each internal enterprise domain interconnects over the public internet using its DMZ edge server using a secure TLS connection. Within the internal IM and Presence enterprise deployment, the Cisco Adaptive Security Appliance provides firewall, Port Address Translation (PAT) and TLS proxy functionality. The Cisco Adaptive Security Appliance routes all incoming traffic initiated from the foreign domain to a designated IM and Presence server.

The following figure provides an example of an XMPP federated network between IM and Presence enterprise deployment and an IBM Sametime enterprise deployment. TLS is optional for XMPP federation. Cisco Adaptive Security Appliance acts only as a firewall for XMPP federation; it does not provide TLS proxy functionality or PAT for XMPP federation.

Figure 2. Basic XMPP Federated Network between IM and Presence and IBM Sametime



There are two DNS servers within the internal IM and Presence Service enterprise deployment. One DNS server hosts the IM and Presence Service private address. The other DNS server hosts the IM and Presence Service public address and a DNS SRV records for SIP federation (_sipfederationtls), and XMPP federation (_xmpp-server) with IM and Presence Service. The DNS server that hosts the IM and Presence Service public address is located in the local DMZ.

SIP federation with AOL

Limitation with AOL federation

Users in the AOL community (aol.com, aim.com) can use an existing email address as their screen name in AOL. This is existing email address that the user holds with any other public email provider, for example gmail.com, yahoo.com, msn.com and so on. In this scenario AOL expects a mapped JID when it addresses these users,, for example user(gmail.com)@aol.com, and similarly AOL sends out a modified JID.

For example, AOL addresses the user with this screenname "user@gmail.com" as follows: 

SUBSCRIBE sip:user(gmail.com)@aol.com SIP/2.0From: sip:user@cisco.com;tag=
To: sip:user(gmail.com)@aol.com

AOL sends out this modified JID for this user: 

SUBSCRIBE sip:user@cisco.com SIP/2.0From: sip:user(gmail.com)@aol.com ;tag=
To: sip:user@cisco.com

If you deploy SIP federation with AOL, IM and Presence does not support these AOL users whose screen names are an email address, and not a userID.

Note that AOL routing is different to OCS routing in that AOL does not obey the SIP record-route;all requests from AOL are sent to the routing IM and Presence server, even if the original request was initiated from one of the other IM and Presence nodes. As a result, when you configure AOL federation, the federation routing IM and Presence may experience more load than it would when it federates with OCS.

Intercluster and multi-node deployments


Note

Any configuration procedures in this document that relate to intercluster IM and Presence deployments, you can also apply these procedures to multi-node IM and Presence deployments.

SIP federation deployments

In an intercluster and a multi-node cluster IM and Presence deployment, when a foreign domain initiates a new session, Cisco Adaptive Security Appliance routes all messages to a IM and Presence server that is designated for routing purposes. If the IM and Presence routing server does not host the recipient user, it routes the message via intercluster communication to the appropriate IM and Presence server within the cluster. The system routes all responses that are associated with this request through the routing IM and Presence server.

Any IM and Presence server can initiate a message to a foreign domain via Cisco Adaptive Security Appliance. On OCS, when the foreign domain replies to these messages, the replies are sent directly back to the IM and Presence server that initiated the message via Cisco Adaptive Security Appliance. You enable this behavior when you configure Port Address Translation (PAT) on Cisco Adaptive Security Appliance. However, for AOL federation, all responses will be routed through the routing IM and Presence routing server. We recommend that you configure PAT on Cisco Adaptive Security Appliance as PAT is required for the 200 ok response messages.

Related Information

XMPP federation deployments

For a single cluster, you only need to enable XMPP federation on one node in the cluster. A single DNS SRV record is published for the enterprise in the public DNS. This DNS SRV record maps to the IM and Presence node that is enabled for XMPP Federation. All incoming requests from foreign domains will be routed to the node running XMPP federation, based on the published SRV record. Internally IM and Presence reroutes the requests to the correct node for the user. IM and Presence also routes all outgoing requests via the node running XMPP federation.

You can also publish multiple DNS SRV records, for example, for scale purposes, or if you have multiple IM and Presence clusters and you must enable XMPP federation at least once per cluster. Unlike SIP federation, XMPP federation does not require a single point of entry for the IM and Presence enterprise domain. As a result, IM and Presence can route incoming requests to any one of the published nodes that you enable for XMPP federation.

In an intercluster and a multi-node cluster IM and Presence deployment, when a foreign XMPP federated domain initiates a new session, it performs a DNS SRV lookup to determine where to route the request. If you publish multiple DNS SRV records, the DNS lookup returns multiple results; IM and Presence can route the request to any of the servers that DNS publishes. Internally IM and Presence reroutes the requests to the correct node for the user. IM and Presence routes outgoing requests to any of the nodes running XMPP federation within the cluster.

If you have multiple nodes running XMPP federation, you can still choose to publish only one node in the public DNS. With this configuration, IM and Presence routes all incoming requests via that single node, rather than load-balancing the incoming requests across the nodes running XMPP federation. IM and Presence will load-balance outgoing requests and send outgoing request via any of the nodes running XMPP federation within the cluster.

High availability and federation

High availability for SIP federation


Note

Only IM and Presence Release 8.5 or later supports high availability.

If you are federating with a Microsoft OCS enterprise, the Microsoft Access Edge server only supports the return of a single hostname and server address in the DNS SRV lookup. Also the Microsoft Access Edge server only supports the manual provisioning of a single IP address.

Therefore, in order to achieve high availability when federating with Microsoft OCS, you must incorporate a load balancer between the IM and Presence server and Cisco Adaptive Security Appliance, as shown in the following figure. The load balancer terminates incoming TLS connections from Cisco Adaptive Security Appliance, and initiates a new TLS connection to route the content to the appropriate backend IM and Presence server. Currently only the Cisco CSS11506 Content Services Switch supports TLS.

Similarly, in order to achieve high availability when federating with AOL, you must incorporate a load balancer between the IM and Presence server and Cisco Adaptive Security Appliance, as shown in the following figure.

Figure 3. Federated Network between IM and Presence and Microsoft OCS with High Availability



Related Information

High availability for XMPP federation

High availability for XMPP federation differs from the high availability model for other IM and Presence features because it is not tied to the two node sub-cluster model.

To provide high availability for XMPP federation, you must enable two or more IM and Presence nodes in your cluster for XMPP federation; having multiple nodes enabled for XMPP federation not only adds scale but it also provides redundancy in the event that any node fails.

High Availability for Outbound Request Routing

IM and Presence evenly load balances outbound requests from users within that cluster across all the XMPP federation enabled nodes in the cluster. If any node fails, IM and Presence dynamically spreads the outbound traffic across the remaining active nodes within the cluster.

High Availability for Inbound Request Routing

An additional step is required to provide high availability for inbound request routing. To allow a foreign domain to discover the local IM and Presence deployment, a DNS SRV record must be published on a public DNS server. This record resolves to an XMPP federation enabled node. The foreign domain then connects to the resolved address.

To provide high availability in this model, multiple DNS SRV records must be published for the local IM and Presence deployment. Each of these records will resolve to one of the XMPP Federation enabled nodes within the local IM and Presence deployment.

These records provide a choice of DNS SRV records for the local deployment. If an XMPP federation enabled node fails, the foreign system will have other options from which to connect to the local IM and Presence Deployment.


Note
  • Each published DNS SRV records must have the same priority and weight. This will allow for an spread of load across all published records, and will also allow for the foreign system to correctly reconnect to one of the other nodes with a DNS SRV record in the event of a failure.
  • DNS SRV records may be published for all or just a subset of XMPP federation enabled nodes. The greater the number of records published, the greater the redundancy in the system for inbound request handling.
  • If you configure the Chat feature on a IM and Presence server in an XMPP federation deployment, you can publish multiple DNS SRV records for chat node aliases also. This will allow the foreign system to find another inbound route to that specific chat node through another XMPP federation node, should any XMPP Federation enabled node fail. Note that this is not high availability for the Chat feature itself, but an extension of the XMPP Federation high availability feature for inbound requests addressed to chat node aliases.

IBM Sametime Federation

IM and Presence Release 9.0 does not support high availability for Interdomain federation between an IM and Presence enterprise and an IBM Sametime enterprise and an IBM Sametime enterprise. This is because IBM Sametime does not retry other records that are returned in a DNS SRV lookup. It only tries the first DNS SRV record found, and if the connection attempt fails, it does not retry to lower weighted nodes.


Note

There is one situation where XMMP Federation high availability may appear to occur on IM and Presence in an IBM Sametime federation deployment. If users have failed over to the backup node due to critical services failing, but the Cisco XCP XMPP Federation Connection Manager remains running on the primary node. In this case, incoming traffic is still directed to the primary node, and then redirected to the backup node using the router to router connection. However, in this scenario XMPP Federation has not failed and can continue to operate as normal.

GoogleTalk Federation

The IM and Presence Service does not support high availability for interdomain federation between an IM and Presence enterprise and GoogleTalk.

Related Tasks
Related Information

Cisco Adaptive Security Appliance deployment options

Within the internal IM and Presence enterprise deployment, the Cisco Adaptive Security Appliance provides firewall, Port Address Translation (PAT) and TLS proxy functionality in the DMZ to terminate the incoming connections from the public internet, and permit traffic from specific federated domains.


Note

In an XMPP federation deployment, Cisco Adaptive Security Appliance provides firewall functionality only. If you already deploy a firewall, you do not require an extra Cisco Adaptive Security Appliance for XMPP federation.

You can deploy the Cisco Adaptive Security Appliance in a number of different ways, depending on your existing network and the type of firewall functionality you want to deploy. This section contains only an overview of the deployment models we recommend. For further details please refer to the deployment guidelines in the Cisco Adaptive Security Appliance documentation. The Cisco Adaptive Security Appliance deployment options we describe here apply to SIP federation only.

You can deploy the Cisco Adaptive Security Appliance as the enterprise firewall that protects Instant Messaging (IM) traffic, Presence traffic and other traffic, as illustrated in the following figures. This is the most cost-effective deployment, and the one we recommend for new and existing networks. You can also deploy the Cisco Adaptive Security Appliance in parallel to the existing firewall, as illustrated in the following figure. In this deployment Cisco Adaptive Security Appliance handles the IM and Presence traffic between IM and Presence and the public internet, and the pre-existing traffic continues to use any existing firewall. In the following figure Cisco Adaptive Security Appliance is also deployed as a gateway for the IM and Presence server, which means that you do not require a separate router to direct traffic to Cisco Adaptive Security Appliance.

Figure 4. Cisco ASA 5500 Deployed in Parallel to Existing NAT/Firewall



You can also deploy the Cisco Adaptive Security Appliance behind an existing firewall. In this case, you configure the existing firewall to allow traffic destined for IM and Presence to reach the Cisco Adaptive Security Appliance, as illustrated in the following figure. In this type of deployment the Cisco Adaptive Security Appliance is functioning as a gateway for the IM and Presence server.

Figure 5. Cisco ASA 5500 Deployed Behind Existing NAT/Firewall



Presence subscriptions and blocking levels

All new presence subscriptions from "x@foreigndomain.com" to "user@local.com"are sent via the Cisco Adaptive Security Appliance, as illustrated in the following figure. Cisco Adaptive Security Appliance checks the inbound SIP subscriptions against the list of permitted foreign domains. If the domain is not permitted, Cisco Adaptive Security Appliance denies the presence subscription.


Note

In an XMPP federation deployment, Cisco Adaptive Security Appliance does not perform any domain checks.

On receipt of the inbound subscription, IM and Presence verifies that the foreign domain is one of the permitted federated domains that you define at the administration level on the IM and Presence server. For SIP federation, you configure a federated domain. For XMPP federation, you define the administrator policy for XMPP federation. If the subscription is not from a permitted domain, IM and Presence denies the subscription (without contacting the local user).

If the subscription is from a permitted domain, IM and Presence checks the authorization policies of the local user to verify that the local user has not previously blocked or allowed either the federated domain or the user sending the presence subscription. IM and Presence then accepts the incoming subscription and places it in a pending state.

IM and Presence notifies the local user that "x@foreigndomain.com" wants to watch their presence by sending the client application a notification message for the subscription. This triggers a dialog box on the client application that enables the local user to allow or deny the subscription. Once the user has made an authorization decision, the client application communicates that decision back to IM and Presence . The authorization decision is added to the policy list of the user stored on IM and Presence.


Note

Third-party XMPP clients do not update the policy list of the user, they just accept the subscription. The user can manually update their privacy list in the IM and Presence User Options interface.

A deny decision is handled using polite blocking, which means that the presence state of the user appears offline on the foreign client. If the local user allows the subscription, IM and Presence sends presence updates to the foreign watcher.

The user can also block subscriptions on a per user and a per domain basis. This can be configured via the IM and Presence User Options interface, and the Cisco Jabber client.

Figure 6. Inbound SIP Presence Message Flow



IM and Presence sends all outgoing subscriptions through Cisco Adaptive Security Appliance, and Cisco Adaptive Security Appliance forwards these subscriptions to the foreign domain. IM and Presence sends an outgoing subscription even if an active subscription already exists between a different local user to the same foreign user in the same foreign domain. The following figure illustrates an outgoing presence subscription flow.

The foreign user is added to the contact list on the client application and the IM and Presence User Options interface as "user@foreigndomain.com".


Note

The domain level authentication check is not applied on Cisco Adaptive Security Appliance for XMPP federation.

Figure 7. Outbound Presence Request Flow




Note
  • Microsoft OCS performs a refresh subscribe every one hour and 45 minutes. Therefore, if a IM and Presence server restarts, the maximum duration a Microsoft Office Communicator client will be without the presence status of IM and Presence contacts is approximately two hours.
  • If Microsoft OCS restarts, the maximum duration a IM and Presence client will be without presence status of Microsoft Office Communicator contacts is approximately two hours.
Related Information

Availability state mappings

Availability state mappings for Microsoft OCS

The following table shows the availability mapping states from Microsoft Office Communicator to IM and Presence, third-party XMPP clients and Cisco Jabber.

Table 1 Availability Mapping States from Microsoft Office Communicator

Microsoft Office Communicator

Setting

Third-party XMPP Client Setting (connected to IM and Presence)

Cisco Jabber Release 8.x Setting

Available

Available

Available

Busy

Away

Busy

Do Not Disturb

Away

Busy

Be Right Back

Away

Away

Away

Away

Away

Offline

Offline

Offline

In the table, Microsoft Office Communicator "Busy" and "Do Not Disturb" states map to "Away" with a status text of "Busy" on a third-party XMPP client. XMPP clients differ in how they render this "Away" status, for example, certain XMPP clients will show the "Away" icon with no text. Other XMPP clients will render the "Away" icon with "Busy" text annotation alongside.

The following table shows the availability mapping states from Cisco Jabber Release 8.x to Microsoft Office Communicator.

Table 2 Availability Mapping States from Cisco Jabber Release 8.x

Cisco Jabber

Release 8.x Setting

Microsoft Office Communicator

Setting

Available

Available

Busy

Busy

Do Not Disturb

Busy

Offline

Offline

The following table shows the availability mapping states from third-party XMPP clients, that are connected to IM and Presence, to Microsoft Office Communicator.

Table 3 Availability Mapping States from Third-party XMPP Client

Third-party XMPP Client Setting (connected to IM and Presence)

Microsoft Office Communicator

Setting

Available

Available

Away

Away

Extended Away

Away

Do Not Disturb

Busy

Offline

Offline

Related References

Availability state mappings for Microsoft Lync

The following table shows the availability mapping states from Microsoft Lync to IM and Presence, third-party XMPP clients and Cisco Jabber.

Table 4 Availability Mapping States from Microsoft Lync

Microsoft Lync

Setting

Third-party XMPP Client Setting (connected to IM and Presence)

 Cisco Jabber

Release 8.x Setting

Available

Available

Available

Busy

Away

Busy

Do Not Disturb

Away

Busy

Be Right Back

Away

Away

Away

Away

Away

Offline

Offline

Offline

In the table, Lync Client "Busy" and "Do Not Disturb" states map to "Away" with a status text of "Busy" on a third-party XMPP client. XMPP clients differ in how they render this "Away" status, for example, certain XMPP clients will show the "Away" icon with no text. Other XMPP clients will render the "Away" icon with "Busy" text annotation alongside.

The following table shows the availability mapping states from Cisco Jabber Release 8.x to a Lync client.

Table 5 Availability Mapping States from Cisco Jabber Release 8.x

Cisco Jabber 

Release 8.x Setting

Microsoft Lync

Setting

Available

Available

Busy

Busy

Do Not Disturb

Busy

Offline

Offline

The following table shows the availability mapping states from third-party XMPP clients, that are connected to IM and Presence, to a Lync client.

Table 6 Availability Mapping States from Third-party XMPP Client

Third-party XMPP Client Setting (connected to IM and Presence)

Microsoft Lync

Setting

Available

Available

Away

Away

Extended Away

Away

Do Not Disturb

Busy

Offline

Offline

Related References

Availability state mappings for AOL Instant Messenger

The following table shows the availability mapping states from AOL Instant Messenger to Cisco Jabber.

Table 7 Availability Mapping States from AOL Instant Messenger to Cisco Jabber

AOL Instant Messenger

Setting

Cisco Jabber

Release 8.x Setting

Available

Available

Away

Away

Invisible

Offline

Offline

Offline

The following table shows the availability mapping states from Cisco Jabber to AOL Instant Messenger.

Table 8 Availability Mapping States from Cisco Jabber to AOL Instant Messenger

Cisco Jabber Release 8.x Setting

AOL Instant Messenger

Available

Available

Do Not Disturb

Away

Busy

Away

Idle

Away

Offline

Offline

Related References

Availability state mappings for XMPP federation

The following table shows the availability mapping states from IBM Sametime 8.2 to a third-party XMPP client on IM and Presence, and to Cisco Jabber.

Table 9 Availability Mapping States from IBM Sametime 8.2 client

IBM Sametime Client Setting

Third-party XMPP Client Setting (connected to IM and Presence)

Cisco Jabber

Setting Release 8.x

Available

Available

Available with status message

Do Not Disturb

Do Not Disturb

Do Not Disturb with status message

Available with status "In a meeting"

Available with status "In a meeting"

Available with status message

Away

Away

Away with status message

Offline

Offline

Offline

The following table shows the availability mapping states from webex Connect to a third-party XMPP client on IM and Presence, and to Cisco Jabber.

Table 10 Availability Mapping States from Webex Connect

Webex Connect Setting

Third-party XMPP Client Setting (connected to IM and Presence)

Cisco Jabber

Setting Release 8.x

Available

Available

Available

Do Not Disturb

Do Not Disturb

Do Not Disturb

Away with status "In a meeting"

Available with status "In a meeting"

Away with status "In a meeting"

Away

Away

Away

Offline

Offline

Offline

The following table shows the availability mapping states from Cisco Jabber Release 8.x to other federated clients.

Table 11 Availability Mapping States from Cisco Jabber Release 8.x

Cisco Jabber Release 8.x Setting

Federated Cisco Jabber Release 8.x Setting

Federated Third-party XMPP Client Setting (connected to IM and Presence)

Webex Connect Client Setting

IBM Sametime Client Server

Available

Available

Available

Available

Available

Do Not Disturb

Do Not Disturb

Do Not Disturb

Do Not Disturb

Do Not Disturb

Busy

Busy

Away

Idle

Away

Idle

Idle

Idle

Idle

Idle

Offline

Offline

Offline

Offline

Offline

The following table shows the availability mapping states from a third-party XMPP client on IM and Presence to other federated clients.

Table 12 Availability Mapping States from XMPP Client Connected to IM and Presence

Third-party XMPP Client Setting (connected to IM and Presence)

Federated Cisco Jabber Release 8.x Setting

Federated XMPP Client Setting (connected to IM and Presence)

Webex Connect Client Setting

IBM Sametime Client Server

Available

Available

Available

Available

Available

Do Not Disturb

Do Not Disturb

Do Not Disturb

Do Not Disturb

Do Not Disturb

Away

Away

Away

Away

Away

Extended Away

Away

Extended Away

Extended Away

Away

Away with status "Idle"

Idle

Away with status "Idle"

Away with status "Idle"

Away with status "Idle"

Offline

Offline

Offline

Offline

Offline

Instant messaging

Instant message flow for SIP federation

Instant Messages (IMs) that are sent between two enterprise deployments use Session Mode. When a user in a foreign domain sends an IM to a local user in the IM and Presence domain, the foreign server sends an INVITE message, as illustrated in the following figure. Cisco Adaptive Security Appliance forwards the INVITE message to IM and Presence. IM and Presence replies with a 200 OK message to the foreign server, and the foreign server sends a SIP MESSAGE containing the text data. IM and Presence forwards the text data to the client application of the local user, using the appropriate protocol.

Figure 8. Inbound Instant Messaging Flow



When a local user in the IM and Presence domain sends an IM to a user in a foreign domain, the IM is sent to the IM and Presence server. If no existing IM session is established between these two users, IM and Presence sends an INVITE message to the foreign domain to establish a new session. The following figure illustrates this flow. IM and Presence uses this session for any subsequent MESSAGE traffic from either of these two users. Note that users of Cisco Jabber and third-party XMPP clients can initiate an IM even if they do not have availability.

Figure 9. Outbound Instant Message Flow




Note

IM and Presence does not support a three-way IM session (group chat) with a Microsoft OCS contact.

Related References

Availability and instant message flow for XMPP federation

The flow of incoming and outgoing availability and IM requests for XMPP federation can vary in a multi-node IM and Presence deployment.

In a multi-node deployment, you can enable XMPP federation on each node in the cluster, or just on a single node in a cluster. In addition, you can decide to publish only a single DNS SRV record, or publish multiple DNS SRV records (one record for each node on which you enable XMPP Federation).

If you only publish a single DNS SRV record, the system routes all inbound requests to that single node, and internally IM and Presence routes the traffic to the correct node using intercluster routing, as illustrated in the following figure. If you publish multiple DNS SRV records, depending on how you configure the SRV records, the system could load-balance inbound requests across each node.

Figure 10. XMPP Inbound Request Flow



IM and Presence routes outbound requests to any node in the cluster on which you enable XMPP Federation, even if that node is not the home node for the user that initiates the request, as illustrated in the following figure.

Figure 11. XMPP Outbound Request Flow



Related References

Federation and subdomains

IM and Presence supports the following subdomain scenarios:

  • IM and Presence belongs to a subdomain of the foreign domain. For example, IM and Presence belongs to the subdomain "cup.cisco.com". IM and Presence federates with a foreign enterprise that belongs to the domain "cisco.com". In this case, the IM and Presence user is assigned the URI "cupuser@cup.cisco.com", and the foreign user has the URI "foreignuser@cisco.com".
  • IM and Presence belongs to a parent domain, and the foreign enterprise belongs to a subdomain of that parent domain. For example, IM and Presence belongs to the domain "cisco.com". IM and Presence federates with a foreign enterprise that belongs to the subdomain "foreign.cisco.com". In this case, the IM and Presence user is assigned the URI "cupuser@cisco.com", and the foreign user is assigned the URI "foreignuser@foreign.cisco.com".
  • IM and Presence and the foreign enterprise each belong to different subdomains, but both of these subdomains belong to the same parent domain. For example, IM and Presence belongs to the subdomain "cup.cisco.com" and the foreign enterprise belongs to the subdomain "foreign.cisco.com". Both of these subdomains belong to the parent domain "cisco.com". In this case, the IM and Presence user is assigned the URI "cupuser@cup.cisco.com" and the foreign user is assigned the URI "foreignuser@foreign.cisco.com".

If you federate with subdomains, you only need to configure separate DNS domains; there is no requirement to split your Active Directory. If you configure federation within the enterprise, IM and Presence users or foreign users can belong to the same Active Directory domain. For example, in the third scenario above, the Active Directory can belong to the parent domain "cisco.com". You can configure all users under the "cisco.com" domain in Active Directory, even though a user may belong to the subdomain "cup.cisco.com" or "foreign.cisco.com", and may have the URI "cupuser@cup.cisco.com" or "foreignuser@foreign.cisco.com".

Note that even though an LDAP search from Cisco Jabber may return users in the other domain, or subdomain, a Cisco Jabber user cannot add these federated users from the LDAP lookup on Cisco Jabber. The Cisco Jabber user must add these users as external (federated) contacts so that the IM and Presence applies the correct domain and not the local domain.


Note

IM and Presence also supports the scenarios above if you configure federation between two IM and Presence enterprise deployments.