Cisco Unity System Administration Guide (With Lotus Domino), Release 4.0(1)
Setting Up Client Applications
Download this chapter
Setting Up Client ApplicationsSetting Up Client Applications
Download the complete book
PDF Version of the Entire BookPDF Version of the Entire Book (PDF - 3 MB)
 Feedback

Table Of Contents

Setting Up Client Applications

Setting Up Subscriber Phones

Setting Up Lotus Notes with IBM Lotus Domino Unified Communications Services (DUCS) for Cisco Unity

Setting Up the Cisco Personal Communications Assistant

About Cisco Personal Communications Assistant Authentication

Defining Subscriber Account Policies for Logons, Passwords, and Lockouts

Configuring Subscriber Browsers To Use the Cisco PCA

Setting Up Recording and Playback Devices

Using the Phone as a Recording and Playback Device

Using a Microphone and Speakers as the Recording and Playback Device

Determining Recording and Playback Devices for Subscriber Use

Specifying Recording and Playback Device Preferences in Cisco Unity Applications


Setting Up Client Applications

Cisco Unity subscribers can send and manage voice, fax, and e-mail messages by using a touchtone phone or by using Lotus Notes with IBM Lotus Domino Unified Communications Services (DUCS) for Cisco Unity. In addition, the Cisco Unity Assistant lets subscribers personalize the Cisco Unity phone settings that control how they interact with Cisco Unity by phone. Note that Internet subscribers cannot log on to Cisco Unity by phone or use the Cisco Unity Assistant.

This chapter reviews the preparations necessary for setting up subscriber phones and computers so that subscribers can use Cisco Unity client applications. See the following sections for details:

Setting Up Subscriber Phones—This section summarizes what you must do so that subscribers can access Cisco Unity by phone.

Setting Up Lotus Notes with IBM Lotus Domino Unified Communications Services (DUCS) for Cisco Unity—This section lists the tasks for setting up e-mail clients for unified messaging subscribers.

Setting Up the Cisco Personal Communications Assistant—This section provides a list of tasks to perform so that subscribers can use the Cisco Personal Communications Assistant to access Cisco Unity.

Setting Up Recording and Playback Devices—This section explains how subscribers make and play recordings from the various Cisco Unity applications, and what you need to do to set them up.

When you have set up subscribers to use the Cisco Unity client applications, review the tasks presented in the "Subscriber and Operator Orientation" chapter to orient subscribers and operators to Cisco Unity.

For a list of supported versions of Cisco Unity combined with the supported versions of the software on subscriber computers, refer to the Compatibility Matrix: Cisco Unity and the Software on Subscriber Workstations, available on Cisco.com at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_device_support_tables_list.html.

Setting Up Subscriber Phones

For each subscriber phone, do the following tasks:

Enable call forwarding to Cisco Unity, so that busy and unanswered calls to the subscriber extension are transferred to Cisco Unity to handle. Cisco Unity then uses the call transfer settings for each subscriber, for example, to determine whether callers are put on hold or sent directly to the subscriber greeting.

Enable easy message access, so that the subscriber can use a "Messages" button or a similar speed-dial button on the phone to dial the internal Cisco Unity phone number for your organization. This makes calling Cisco Unity to check messages or to change personal settings by phone quick and easy for the subscriber.

If desired, you can also change the phone password for individual subscribers. By default, subscriber template settings include an initial phone password for subscribers, which is 12345. You can change this setting for an individual subscriber or use the Bulk Edit utility in the Tools Depot to change this setting for multiple existing subscribers (see the "Subscriber Settings" chapter for details). For increased security, you can prohibit the use of blank phone passwords (see the "Phone Password Settings" section on page 16-1 for details.)

Subscribers can use the Cisco Unity phone conversation to change their phone passwords. Depending on the class of service associated with a subscriber account, they may also be able to use the Cisco Unity Assistant to change their phone passwords.

Setting Up Lotus Notes with IBM Lotus Domino Unified Communications Services (DUCS) for Cisco Unity

With IBM Lotus Domino Unified Communications Services (DUCS) for Cisco Unity, Cisco Unity subscribers can send and manage voice, fax, and e-mail messages from their IBM Lotus Notes Inbox. Subscribers can use Lotus Notes with DUCS for Cisco Unity to send voice messages to other subscribers, to non-Cisco Unity subscribers, and to public distribution lists. They can play and record voice messages by using the VCR-style recording and playback controls presented in the message form.

Cisco Unity activates a message waiting indicator (MWI) on the subscriber phone whenever a subscriber receives a new voice message. After the subscriber listens to all new messages over the phone, Cisco Unity immediately turns off the MWI—unless the subscriber chooses to save a message as new—to reflect that the subscriber has no new messages. However, when a subscriber listens to new messages by using Lotus Notes with DUCS for Cisco Unity, Cisco Unity relies on the Domino server to determine whether the subscriber has listened to new messages. As a result, subscribers who work with Lotus Notes offline will report that MWIs on their phones do not turn off in a timely manner. Advise subscribers that once their Lotus Notes client replicates with the Domino server, the MWI will be turned off.

DUCS for Cisco Unity is not a licensed feature, nor does it require that you give subscribers special class of service privileges or passwords to use it. To set up Lotus Notes with DUCS for Cisco Unity, install DUCS for Cisco Unity on each subscriber workstation, as applicable. Refer to the DUCS for Cisco Unity documentation for details.

Setting Up the Cisco Personal Communications Assistant

Subscribers use the Cisco Personal Communications Assistant (PCA) to access the Cisco Unity Assistant. The Cisco Unity Assistant is a website that gives subscribers the ability to customize personal settings—including recorded greetings or message delivery options—on their computers.

The Cisco PCA is not a licensed feature, nor are subscribers required to have class of service rights to access it. Any Cisco Unity subscriber can access Cisco PCA at the following URL: http://<Cisco Unity server>/ciscopca. (Note that the URL is case-sensitive.) In version 3.1 and earlier, the Cisco Unity Assistant was known as the ActiveAssistant, or AA. Subscribers who use the following ActiveAssistant URLs will be automatically redirected to the Cisco PCA website:

http://<Cisco Unity server>/web/aa

http://<Cisco Unity server>/ActiveAssistant

Cisco PCA is installed on the Cisco Unity server during installation. To allow subscribers to access it, you do not need to install any additional files on subscriber workstations; however, you must complete the following tasks:

1. As appropriate, give subscribers proper class of service rights to the Cisco Unity Assistant. See the "Class of Service Features Settings" section on page 11-10 for details.

2. Understand how authentication works with the Cisco PCA and the security issues that may affect your organization. See the "About Cisco Personal Communications Assistant Authentication" section for details.

3. Confirm that you have defined an appropriate logon, password, and lockout policy for all subscribers who will access the Cisco PCA. See the "Defining Subscriber Account Policies for Logons, Passwords, and Lockouts" section.

4. Configure subscriber browsers to use Cisco Unity web applications. See the "Configuring Subscriber Browsers To Use the Cisco PCA" section for details.

About Cisco Personal Communications Assistant Authentication

Cisco Unity offers application-level authentication to allow subscribers to access the Cisco Personal Communications Assistant (PCA). This means that IIS is configured so that the Cisco PCA uses Anonymous authentication, and that Cisco Unity authenticates the credentials that subscribers enter when they log on to the Cisco PCA. Review the "How authentication for the Cisco Personal Communications Assistant works" section for further details. (Note that unlike the Cisco Unity Administrator, you cannot change the authentication method that is used by the Cisco PCA.)

By default, when subscribers log on to the Cisco PCA, their user names and passwords are sent across the network to Cisco Unity in clear text. The information that a subscriber enters on the Cisco PCA pages is also not encrypted. For increased security, we recommended that you set up Cisco Unity to use the Secure Sockets Layer (SSL) protocol. To set up a web server like Cisco Unity to use SSL, you can either obtain a digital certificate from a Certificate Authority (CA), or you can use Microsoft Certificate Services available with Windows to issue your own certificate. (See the "Setting Up Cisco Unity To Use SSL" chapter for details.)

As a best practice, it is recommended that Cisco Unity administrators not use the same subscriber account to log on to the Cisco Unity Administrator, as they do to log on to the Cisco PCA.

How authentication for the Cisco Personal Communications Assistant works

1. A Cisco Unity subscriber starts Internet Explorer and attempts to browse to the Cisco PCA website.

2. Internet Explorer tries to get the home page for the Cisco PCA from IIS.

3. IIS allows access to Cisco Unity based on the privileges for the IUSR_[computer name] account. (This is the anonymous account that by default IIS uses for Anonymous authentication.)

4. Cisco Unity presents the Cisco Unity Log On page, which is displayed in the browser.

5. By default, the Log On page prompts subscribers to enter the Domino credentials, as shown in Table 5-1. However, subscribers can click the Log On Using Windows Authentication link provided on the Log On page to browse to another Log On page (as shown in Table 5-2) on which they can enter their Windows domain account credentials.

Table 5-1 Cisco Unity Log On Page for Domino Credentials 

Field Name
Description

Full Name

Subscribers enter the full Lotus Notes user name that is associated with their Cisco Unity subscriber account.

The full name consists of the user name, any organizational units that the Domino Person document resides in, and the IBM Domino certifier domain. (For example, subscribers can enter Terry Campbell/Sales/Cisco.)

Password

Subscribers enter the Internet password for their Domino user account.


Table 5-2 Cisco Unity Log On Page for Windows Credentials 

Field Name
Description

User Name

Subscribers enter the alias for the Windows domain account that is associated with their Cisco Unity subscriber account. (For example, they can enter tcampbell or they can enter the full path tcampbell@<domain name>.)

If subscribers enter the full path for their alias, they do not need to complete the Domain field.

Password

Subscribers enter the password for their Windows domain account.

Domain

Subscribers enter the name of the domain in which their Windows domain account resides, unless they entered a full path for their alias in the User Name field. If that is the case, subscribers can leave this field blank.


6. Internet Explorer sends the credentials—in clear text—to Cisco Unity. (To solve this security problem, you can set up Cisco Unity to use SSL.)

7. When the subscriber has entered Domino credentials on the Log On page, Cisco Unity searches the Domino Address Book for a Person document associated with the user name that the subscriber entered on the Log On page. When the user name is found, Cisco Unity retrieves the encrypted password from the Person document and compares it with the password that the subscriber entered on the Log On page. The process continues with Step 9.

Note By default, the connection between the Cisco Unity server and the Domino server is not encrypted. Refer to the Domino documentation for details on encrypting network data on a server port. It is also a good idea to discuss potential performance issues with the Domino administrator for the organization before enabling encryption on the Domino server.

8. When the subscriber has entered Windows credentials on the Log On page, Cisco Unity requests authentication of the credentials from Windows. The process continues with Step 10.

9. If Cisco Unity can authenticate the Domino credentials, Cisco Unity confirms that there is a subscriber account associated with the Domino Person document used to authenticate the subscriber, and that the subscriber account has the proper COS rights. The process continues with Step 11.

If the credentials cannot be authenticated, Cisco Unity presents a web page that indicates that the subscriber does not have permission to view the Cisco PCA website.

10. If Cisco Unity can authenticate the Windows credentials, Cisco Unity then confirms that there is a subscriber account associated with the Windows domain account used to authenticate the subscriber and that the subscriber account has COS rights to access the Cisco PCA. The process continues with Step 11.

If the credentials cannot be authenticated, Cisco Unity presents a web page that indicates that the subscriber does not have permission to view the Cisco PCA website.

11. If the subscriber account exists and it has the proper COS rights, Cisco Unity presents the first page of the Cisco PCA website, which is displayed in the browser.

If the subscriber account does not exist or does not have the proper COS rights, Cisco Unity presents a web page, which indicates that the subscriber does not have permission to view the Cisco PCA website.

Defining Subscriber Account Policies for Logons, Passwords, and Lockouts

The account policy that you specify on the Authentication page in the Cisco Unity Administrator determines how Cisco Unity handles situations when subscribers attempt to log on to the Cisco PCA and repeatedly enter incorrect passwords; the number of failed logon attempts that Cisco Unity allows before the subscriber account cannot be used to access the Cisco PCA; and the length of time that a user remains locked out. Because subscribers can use either Domino or Windows credentials to log on to the Cisco PCA, you can specify two logon and lockout policies on the Authentication pages: one that applies when subscribers use their Windows domain credentials to log on to the Cisco PCA, and yet another that applies when subscribers use their Domino credentials to log on to the Cisco PCA.

The password for accessing the Cisco PCA is inherited from the password settings in Domino and Windows (if the subscriber has a Windows domain account).

Subscribers cannot use the Cisco Unity phone conversation or the Cisco Unity Assistant to change their Cisco PCA passwords, nor can administrators change them in the Cisco Unity Administrator. However, for increased security, you can use the settings on the Authentication pages to prohibit the use of blank passwords, even when the Domino or Windows account allows them.

To customize the logon, password, and lockout policies that Cisco Unity applies whenever subscribers use the Cisco PCA to access Cisco Unity, see the "Authentication Settings" section on page 24-11.

Configuring Subscriber Browsers To Use the Cisco PCA

To allow subscribers to access the Cisco PCA, configure their browsers to:

Enable Active scripting.

Download and run ActiveX controls.

Enable Java scripting.

Accept all cookies.

If you set up Cisco Unity to use SSL, consider that the Cisco PCA website automatically uses an SSL connection every time that a subscriber points the browser to either website. However, until the digital certificate is added to the trusted root store on the subscriber computer, the browser will display a message to alert the subscriber that the authenticity of the site cannot be verified and therefore, its content cannot be trusted.

To prevent the browser from displaying the security alert, you can distribute the certificate to the trusted root store for all users in the domain by adding it to the Group Policy (see the "Setting Up Cisco Unity To Use SSL" chapter) or you can tell subscribers how to add the certificate to the trusted root store on their own computers by providing them with the following procedure.

Depending on your organization, it may be a good idea to provide subscribers with the following procedure—even if you distributed the certificate to the trusted root store for all users in the domain by adding it to the Group Policy, as the browser will display the security alert any time that subscribers access the Cisco PCA from a computer that does belong to a trusted domain (for example, a computer at home).

To add the Cisco Unity certificate to the trusted root store on subscriber computers

Step 1 On each subscriber computer, start Internet Explorer.

Step 2 Go to http://<the Certificate Authority server>/certsrv.

Step 3 On the Microsoft Certificate Services page, under Select a Task, click Retrieve the CA Certificate Or Certificate Revocation List.

Step 4 Click Next.

Step 5 Click the Install This CA Certification Path link.

Step 6 When prompted, click Yes to add the certificate to the Root Store.

Setting Up Recording and Playback Devices

Subscribers can make and play recordings in the Cisco Unity Assistant, either by using the phone, or by using computer microphone and speakers, and clicking the Media Master controls. Lotus Notes with DUCS for Cisco Unity offers a similar, VCR-style recording and playback device in the message form. Subscribers with the appropriate class of service settings can also use the Media Master in the Cisco Unity Administrator to make and play recordings.

Figure 5-1 Media Master Control Bar

See the following sections for more information:

Using the Phone as a Recording and Playback Device

Using a Microphone and Speakers as the Recording and Playback Device

Determining Recording and Playback Devices for Subscriber Use

Specifying Recording and Playback Device Preferences in Cisco Unity Applications

Using the Phone as a Recording and Playback Device

When subscribers use the phone as a recording and playback device in the Cisco Unity Administrator, the Cisco Unity Assistant, or Lotus Notes with DUCS for Cisco Unity, the following occurs:

a. The subscriber clicks the appropriate option in the client application to make or play a voice recording.

b. The client application asks Cisco Unity to place a call to the subscriber extension, and Cisco Unity calls the extension.

c. When recording, the subscriber answers the phone, and begins recording the message, name, or greeting. When the subscriber hangs up, the client application tells Cisco Unity that the recording is finished.

When playing recordings, the subscriber answers the phone, and the client application asks Cisco Unity to play the message. Cisco Unity streams the recording over the phone.

Using a Microphone and Speakers as the Recording and Playback Device

When subscribers use a computer microphone and speakers as a recording and playback device in the Cisco Unity Administrator, the Cisco Unity Assistant, or Lotus Notes with DUCS for Cisco Unity, the following occurs:

a. The subscriber clicks the appropriate option in the client application to make or play a voice recording.

b. When recording, the subscriber begins speaking into the microphone. When the subscriber clicks the appropriate option in the client application to stop recording, the client application tells Cisco Unity that the recording is finished.

When playing recordings, Cisco Unity streams the message to the client application. Streaming occurs on demand, regardless of network traffic. The client application begins to play the message through the speakers as soon as a few seconds of the message are buffered in memory on the subscriber computer.

Determining Recording and Playback Devices for Subscriber Use

When determining recording and playback devices that you want subscribers use, consider the following:

The phone offers the best sound quality for recordings, and serves as the default recording and playback device for the Media Master.

In order for subscribers to use the phone as a recording and playback device, Cisco Unity must have at least one port designated per session for this purpose (see the "Voice Messaging Port Settings" section on page 24-14 for more information). Note that when a subscriber listens to messages or other recordings by using a computer microphone and speakers, no ports are used, which decreases the load on the Cisco Unity server and leaves ports open for other functions.

You must provide sound cards, speakers, and microphones to subscribers who do not want to use the phone as their recording and playback device.

Media Master relies on DCOM (Distributed Component Object Model), and does not work through a firewall. Keep this in mind when setting up subscribers for remote access.

Specifying Recording and Playback Device Preferences in Cisco Unity Applications

Subscribers can set up their own recording and playback device preferences. For example, the Media Master Options menu allows subscribers to choose their own recording and playback devices. Media Master recording and playback settings are saved per user, per computer. This means that:

A subscriber who is logged on to the Cisco Unity Administrator, or the Cisco PCA can change recording and playback devices from any Media Master Options menu. The recording and playback devices that a subscriber chooses apply to all Cisco Unity applications, as long as the subscriber accesses these applications from the same computer on which the changes were initially made.

If multiple subscribers share the same computer, each subscriber who uses the computer must indicate a choice of recording and playback devices.

If a subscriber has updated the choice of recording and playback devices from one computer, but also accesses the Cisco Unity Assistant, or Lotus Notes with DUCS for Cisco Unity on a different computer (for example, a computer at home), the choice of recording and playback devices must be indicated for the second computer as well.