Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1)
Configuration of foreign server components for SIP federation
Download this chapter
Configuration of foreign server components for SIP federationConfiguration of foreign server components for SIP federation
Download the complete book
Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1)Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1) (PDF - 3 MB)
 Feedback

Configuration of foreign server components for SIP federation

Microsoft component configuration for SIP federation

The following table provides a brief checklist relative to configuring federation on the Microsoft servers. For detailed instructions on setting up and deploying the OCS server and the Access Edge server, refer to the Microsoft documentation.

Table 1 Configuration tasks for Microsoft Components

Server

Task

Procedure

OCS Server

Enable Global Federation Setting

  1. Select Properties > Global Properties > Federation in the global forest branch in the left pane.
  2. Check Enable Federation and Public IM Connectivity.
  3. Enter the FQDN and the port number for the internal interface of the Access Edge server.

Configure the Access Edge server address

  1. Select Properties > Global Properties > Edge Servers in the global forest branch in the left pane.
  2. Click Add in the Access Edge and Web Conferencing Edge Servers window.
  3. Enter the FQDN for the internal interface of the Access Edge server.

Enable Each Front End Federation Setting

You need to enable the federation setting for each front-end server that is federating:

  1. Select Properties > Front End Properties > Federation in the front-end server branch in the left pane.
  2. Check Enable Federation and Public IM Connectivity.

Check your users are enabled for MOC and for Federation

  • From the Users tab, check that your users are enabled for MOC.
  • If your user is not present in this list, you need to enable the user for MOC in Microsoft Active Directory.
  • You also need to enable the user for Public IM Connectivity in Microsoft Active Directory. Refer to the Microsoft Active Directory documentation at the following URL: http://technet2.microsoft.com/windowsserver/en/technologies/featured/ad/default.mspx

Access Edge Server

Configure DNS

In the Microsoft enterprise deployment, you need to configure an external SRV record for all Access Edge Servers that points to _sipfederationtls._tcp.<domain>, over port 5061, where <domain> is the name of the SIP domain of your organization. This SRV should point to the external FQDN of the Access Edge server.

Configure IM and Presence as an IM Provider

  1. Select Start > Administrative Tools > Computer Management on the external Access Edge server.
  2. Right-click Microsoft Office Communications Server 2007 in the left pane.
  3. Click the IM Provider tab.
  4. Click Add.
  5. Check Allow the IM service provider.
  6. Define the IM service provider name, for example, the IM and Presence server.
  7. Define the network address of the IM service provider, in this case the public FQDN of the IM and Presence server.
  8. Ensure that the IM service provider is not marked as "public".
  9. Click the filtering option Allow all communications from this provider option.
  10. Click OK.

In the IM and Presence enterprise deployment, you need to configure a DNS SRV record that points to _sipfederationtls._tcp.<CUP_domain> over port 5061where <CUP_domain> is the name of the IM and Presence domain. This DNS SRV should point to the public FQDN of the IM and Presence server.

Check the Access Method Settings

  1. Right-click on Microsoft Office Communications Server 2007 in the console tree.
  2. Click Properties > Access Methods.
  3. Check Federation.
  4. Check Allow discovery if you are using DNS SRV.

Configure Access Edge to use TLSv1

  1. Select Start > Administrative Tools > Local Security Policy to open the Local Security Policy.
    Note   

    If you are configuring this on a domain controller, the path is Start > Administrative Tools > Domain Controller Security Policy.

  2. Click Security Settings > Local Policies > Security Optionsin the console tree.
  3. Double-click the FIPS security setting in the details pane.
  4. Enable the FIPS security setting.
  5. Click OK.
    Note   

    There is a known issue with remote desktop to the Access Edge Server with FIPS enabled on Windows XP. Refer to Unable to remote desktop to Access Edge for a resolution to this issue.

OCS/Access Edge Server

Configure the security certificates

  • You need to configure security certificates between the OCS server and the Access Edge server.
  • You will require a CA server to perform this procedure.
  • Please refer to the Microsoft documentation for details on configuring security certificates between these servers.
Related References

Requirements for SIP federation with AOL

License requirements for AOL federation

You must order the AOL-FEDERATION SKU license from Cisco to allow you to turn on interdomain federation between IM and Presence and AOL. When you submit this license request, Cisco will request from you the AOL customer routing and contact information described in the later sections of this topic. After Cisco receives your AOL customer routing and contact information, AOL federation between IM and Presence and AOL will be turned on.

Related References

AOL routing information requirements

When you configure interdomain federation between IM and Presence and AOL SIP Access Gateway, you must provide AOL with the following information.

Deployment Type

Provide (for each domain)

Notes

No load balancer
  • The public FQDN of the federation routing IM and Presence server: <sip.domain.com>
  • The domain name of the IM and Presence server: @<domain.com>
  • IM and Presence server certificate subject CN must match FQDN of the IM and Presence server
  • The CA that signs the IM and Presence server certificate must be trusted by the AOL server.

Load balancer
  • The FQDN of the load balancer: <lb.domain.com>
  • The domain name of the load balancer: @<domain.com>
  • IM and Presence server certificate subject CN must match FQDN of the load balancer.
  • The CA that signs the IM and Presence server certificate must be trusted by the AOL server.

  • The secure SIP federation port of the IM and Presence server that will be used for the domain

The AOL SIP Access Gateway connects (via SSL) to the IP address that is returned by an nslookup on this port. The default port is 5061.

We recommend that you work with your Cisco support representative to provide this information to AOL.

AOL provisioning information requirements

  • The name of the enterprise, company or other.
  • The domain name used for the federation (e.g. companyabc.com).
  • The FQDN of the IM and Presence server that is being used for federation.
  • The customer contact details: name, email address, phone number.
  • Copy of certificate(s):
    • If the certificate is signed by a Certificate Authority, root certificate including the whole chain of certificates of the Certificate Authority must be provided.
    • The base64 encoding of the certificate(s) is required, for example:

BEGIN CERTIFICATE----- MIIGKDCCBRCgAwIBAgIKH5c9LAAIAAGTvjANBgkqhkiG9w0BAQUFADCBizETMBEG CgmSJomT8ixkARkWA2NvbTEZMBcGCgmSJomT8ixkARkWCW1pY3Jvc29mdDEUMBIG..... 6HKfdML7AkWOV0Wiwc8HUb/0iFmfB24jWOnjj3NW15k0tDJXmbSMuAxjZ/2dZ4dA 4zd4FeZvoCzyVglPkoLvA0Z+AJyOkO7/tie4EF3n/kEedaPWimv2TpRrlAP5lBXn tbM82NpEDaSqzg0d4Dswqe7W30CKGgUBYS1fO7xJHSRju719D+H7XivmjvU= -----END CERTIFICATE-----

We recommend that you work with your Cisco support representative to provide this information to AOL.