Partitioned Intradomain Federation for IM and Presence Service on Cisco Unified Communications Manager Release 9.1(1)
Configuration workflows for Partitioned Intradomain Federation
Download this chapter
Configuration workflows for Partitioned Intradomain FederationConfiguration workflows for Partitioned Intradomain Federation
Download the complete book
Partitioned Intradomain Federation for IM and Presence Service on Cisco Unified Communications Manager Release 9.1(1)Partitioned Intradomain Federation for IM and Presence Service on Cisco Unified Communications Manager Release 9.1(1) (PDF - 4 MB)
 Feedback

Configuration workflows for Partitioned Intradomain Federation

This chapter describes the configuration workflows for Partitioned Intradomain Federation with Microsoft Lync Server (Lync) 2010, Microsoft Live Communications Server (LCS) 2005 and Microsoft Office Communications Server (OCS) 2007 R2. It also describes the configuration workflow for user migration from Lync/OCS/LCS to IM and Presence.

Configuration Workflow for Partitioned Intradomain Federation with Lync

Use the following workflow to configure Partitioned Intradomain Federation between IM and Presence and Lync 2010:

IM and Presence Configuration

  1. Enable Partitioned Intradomain Federation—see Configure Partitioned Intradomain Federation options.
  2. Configure static routes to Lync deployment—see Configure static routes.
  3. Configure Access Control Lists for Lync deployment—see Configure Incoming Access Control List.
  4. Configure TLS encryption between IM and Presence and Lync:
    1. Configure application listeners—see Configure Application Listeners.
    2. Configure TLS peer subjects—see Configure TLS Peer Subjects.
    3. Configure peer authentication TLS context—see Configure Peer Authentication TLS Context.
    4. Import root certificate of the Certificate Authority (CA)—see Import root certificate of Certificate Authority.
    5. Request a CA signed certificate—see Request signed certificate from Certificate Authority.
    6. Import the CA signed certificate—see Import signed certificate from Certificate Authority.
  5. (Optional) If you are configuring a dedicated Routing IM and Presence server, deactivate unnecessary feature services on the Routing IM and Presence server—see Deactivate feature services on Routing IM and Presence Server.

Lync Configuration

  1. Enable Federal Information Processing Standard compliance on each Lync server—see Lync.
  2. Configure Lync static route to IM and Presence deployment—see Lync.
  3. Add host authorization for IM and Presence deployment and enable port 5061—see Lync.
  4. Publish the topology—see Publish Topology.
  5. Ensure CA root certificates are installed on each Lync server—see Lync.
  6. Ensure all Lync servers have the required signed certificates—see Lync.
  7. Request signed certificate from Certificate Authority—see Requests for signed certificate from certificate authority.
  8. Download the certificate from the CA server—see Download Certificate from CA Server.
  9. Import the signed certificate—see Import Signed Certificate.
  10. Assign the certificate—see Assign Certificate on Lync.
  11. Restart services—see Lync.

    Tip

    Plan the restart of the server front-end services during off-peak hours to minimize the impact to users.

After the server is configured, you can proceed to migrate the users.

Configuration workflow for Partitioned Intradomain Federation with LCS

Use the following workflow to configure Partitioned Intradomain Federation between IM and Presence and LCS 2005:

IM and Presence Configuration

  1. Enable Partitioned Intradomain Federation—see Configure Partitioned Intradomain Federation options.
  2. Configure static routes to LCS deployment—see Configure static routes.
  3. Configure Access Control Lists for LCS deployment—see Configure Incoming Access Control List.
  4. (Optional) Configure TLS encryption between IM and Presence and LCS:
    1. Configure application listeners—see Configure Application Listeners.
    2. Configure TLS peer subjects—see Configure TLS Peer Subjects.
    3. Configure peer authentication TLS context—see Configure Peer Authentication TLS Context.
    4. Import root certificate of the Certificate Authority (CA)—see Import root certificate of Certificate Authority.
    5. Request a CA signed certificate—see Request signed certificate from Certificate Authority.
    6. Import the CA signed certificate—see Import signed certificate from Certificate Authority.
  5. (Optional) If you are configuring a dedicated Routing IM and Presence server, deactivate unnecessary feature services on the Routing IM and Presence server—see Deactivate feature services on Routing IM and Presence Server.

LCS Configuration

  1. Enable port 5060—see Enable port 5060 on LCS server.
  2. Configure static routes to IM and Presence deployment—see Configure LCS static route to point to IM and Presence.
  3. Add host authorization for IM and Presence deployment—see Add host authorization on LCS for IM and Presence.
  4. (Optional) Configure TLS encryption between IM and Presence and LCS:
    1. Enable Federal Information Processing Standard compliance on each LCS server—see Enable Federal Information Processing Standard compliance on LCS.
    2. Ensure mutual TLS authentication is configured on each LCS server—see Configure Mutual TLS authentication on LCS.
    3. Ensure CA root certificates are installed on each LCS server—see Install Certificate Authority root certificates on LCS.
    4. Ensure all LCS servers have the required signed certificates—see Validate existing LCS signed certificate.
    5. If required, request a newly signed certificate—see Requests for signed certificate from certificate authority.
  5. Restart services—see Restart services on LCS servers.

    Tip

    Plan the restart of the server front-end services during off-peak hours to minimize the impact to users.

After the server is configured, you can proceed to migrate the users.

Configuration workflow for Partitioned Intradomain Federation with OCS

Use the following workflow to configure Partitioned Intradomain Federation between IM and Presence and OCS (2007 and 2007 R2):

IM and Presence Configuration

  1. Enable Partitioned Intradomain Federation—see Configure Partitioned Intradomain Federation options.
  2. Configure static routes to OCS deployment—see Configure static routes.
  3. Configure Access Control Lists for OCS deployment—see Configure Incoming Access Control List.
  4. (Optional) Configure TLS encryption between IM and Presence and OCS:
    1. Configure application listeners—see Configure Application Listeners.
    2. Configure TLS peer subjects—see Configure TLS Peer Subjects.
    3. Configure peer authentication TLS context—see Configure Peer Authentication TLS Context.
    4. Import root certificate of the Certificate Authority (CA)—see Import root certificate of Certificate Authority.
    5. Request a CA signed certificate—see Request signed certificate from Certificate Authority.
    6. Import the CA signed certificate—see Import signed certificate from Certificate Authority.
  5. (Optional) If you are configuring a dedicated Routing IM and Presence server, deactivate unnecessary feature services on the Routing IM and Presence server. See Deactivate feature services on Routing IM and Presence Server.

OCS Configuration

  1. Enable port 5060—see Enable port 5060 on OCS server.
  2. Configure static routes to IM and Presence deployment—see Configure OCS static route to point to IM and Presence.
  3. Add host authorization for IM and Presence deployment—see Add host authorization on OCS for IM and Presence.
  4. (Optional) Configure TLS encryption between IM and Presence and OCS:
    1. Enable Federal Information Processing Standard compliance on each OCS server—see Enable Federal Information Processing Standard compliance on OCS.
    2. Ensure mutual TLS authentication is configured on each OCS server—see Configure Mutual TLS authentication on OCS.
    3. Ensure CA root certificates are installed on each OCS server—see Install Certificate Authority root certificates on OCS.
    4. Ensure all OCS servers have the required signed certificates—see Validate existing OCS signed certificate.
    5. If required, request a newly signed certificate—see Requests for signed certificate from certificate authority.
  5. Restart services—see Restart services on OCS front-end servers.

    Tip

    Plan the restart of the server front-end services during off-peak hours to minimize the impact to users.

After the server is configured, you can proceed to migrate the users.

Configuration workflow for user migration from Lync/OCS/LCS to IM and Presence

Use the following workflow to migrate users from Lync/OCS/LCS to IM and Presence:

  1. Download the user migration tools—see Cisco user migration tools.
  2. Set unlimited contact list sizes and watcher sizes on IM and Presence—see Set unlimited contact lists and watchers.
  3. Enable automatic authorization of subscription requests—see Enable automatic authorization of subscription requests.
  4. Provision migrating users on IM and Presence—see Lync/​OCS/​LCS.
  5. Back up Lync/OCS/LCS data for migrating users—see Lync/​OCS/​LCS.
  6. Export Lync/OCS/LCS contact lists for migrating users—see Export of contact lists for migrating users.
  7. Disable Lync/OCS/LCS accounts for migrating users—see Lync/​OCS/​LCS.
  8. Verify that Lync/OCS/LCS accounts have been disabled for migrating users—see Lync/​OCS/​LCS.
  9. Delete Lync/OCS/LCS user data for migrating users—see Delete user data from database for migrating users.
  10. Import contact lists into IM and Presence for migrating users—see Import contact lists for migrating users into IM and Presence.
  11. Reset the contact list and watcher limits on IM and Presence—see Reset Maximum Contact List Size and Maximum Watcher Size.

Configuration workflow for integrating IM and Presence with Lync/OCS/LCS Interdomain Federation capability


Note

Before you begin this workflow, you must configure Partitioned Intradomain Federation with Lync/OCS/LCS and ensure that it is functioning correctly. See the appropriate workflow for configuring Partitioned Intradomain Federation within your deployment.

  1. Configure each federated domain on IM and Presence—see Configuration of remote domain as a SIP Federation domain
  2. Configure static routes to each remote domain on IM and Presence—see Configure static route for remote domain