Cisco Unified Messaging: Support with Microsoft BPOS-Dedicated Services
PDF(370.6 KB) View with Adobe Reader on a variety of devices
Updated:June 27, 2011
Cisco Unity® Connection 8.6(1) and Cisco Unity Connection 8.5(1) SU1 allow interoperability with Microsoft Business Productivity Online Suite (BPOS)-Dedicated services. This support enables organizations to connect their existing Cisco Unity Connection Unified Messaging services to Microsoft BPOS, furthering our current and future interoperability support scenarios with Microsoft Exchange online and on-premises. BPOS comprises primarily four important Microsoft products: Exchange, SharePoint, Office Communications Server, and Live Meeting. Cisco Unity Connection uses Microsoft Exchange Online to enable the Single Inbox feature of unified messaging. BPOS is available in "shared" (multitenant) or "dedicated" (sole-tenant) mode. BPOS-Dedicated services host only a customer's required services and thus are dedicated to your organization, in contrast with shared or standard, which hosts multiple similar services used by others. BPOS Standard and Microsoft Office 365 are not supported in Cisco Unity Connection 8.6(1) or Cisco Unity Connection 8.5(1) SU1.
More information regarding services offered by Microsoft BPOS is available on the Microsoft website.
Many organizations are faced with reducing overall IT costs, and they are often asked to choose solutions that may not meet the functional needs of administrators and end users. Cisco Unity Connection meets the needs of both the telephony and technology teams without the need to sacrifice voicemail or telephony features for a move to a cloud-based email solution - namely, Microsoft BPOS-Dedicated services. Organizations tasked with maintaining features and functions for their end users for both voicemail and email now have a solution.
Configuration and Deployment Considerations
There are no significant functional differences between a Cisco Unity Connection Unified Messaging solution configured to interoperate with an on-premises Microsoft Exchange solution and a Cisco Unity Connection Unified Messaging solution configured to interoperate with an online Microsoft Exchange BPOS-Dedicated solution (refer to Figure 1).
Figure 1. Example Cisco Unity Connection Using Microsoft BPOS-Dedicated Deployment
Cisco Unity Connection uses the Microsoft Exchange Web Services application programming interface (API) to access data that is stored within Microsoft Exchange, both online and on-premises. Audio is never streamed in real time in or out of the BPOS-Dedicated services. In the case of the telephone user interface (TUI), message composition and retrieval results in audio being streamed from the Cisco Unity Connection appliance to the phone. Voicemail attachment playback is downloaded from the Exchange server to the Microsoft Outlook client. If the voicemail is a secure message, a decoy message is downloaded from Microsoft Exchange to the Microsoft Outlook client. Upon playback of a secure voicemail message, Cisco ViewMail for Microsoft Outlook downloads the audio of the voicemail from the Cisco Unity Connection appliance.
Given the similarities of Microsoft Exchange Online and Microsoft Exchange on-premises deployments, the same configuration of permissions and roles applies for both environments, with one caveat: the Microsoft BPOS-Dedicated teams have not disabled throttling in Exchange Online. Updates to the throttling policies should be considered in large single-server deployments of Cisco Unity Connection paired with just a few Microsoft Exchange Client Access Servers (CAS) (for example, Cisco Unity Connection configured with 20,000 users and a single Microsoft Exchange CAS). Cisco will publish more information regarding throttling in the Microsoft BPOS-Dedicated environment as it relates to Cisco Unity Connection Unified Messaging as it becomes available and relevant to deployment.
Configuration in Cisco Unity Connection Administration is similar to that of on-premises deployments. The highlights in Figure 2 show the required items to configure; display name (for example, MS-BPOSD), Exchange server and type (for example, webmail.cisco.com and Microsoft Exchange 2007 or 2010), and domain and username for service account and service account password.
Figure 2. Cisco Unity Connection Unified Messaging Service Example
In addition to the configuration of the Microsoft servers and Cisco appliances, Cisco Unity Connection must be IP-addressable from the Exchange Online CAS in the dedicated environment. The same Exchange Online CAS servers must be able to initiate TCP connections to Cisco Unity Connection. If either of these requirements is not met, Exchange Web Services push notifications do not function and the deployment is rendered unfeasible.
You must make a change request with the appropriate Microsoft BPOS-Dedicated team to enable the roles and permissions for use with Cisco Unity Connection Unified Messaging. This configuration is outlined as follows for Microsoft Exchange 2010 on premises:
1. Create one or more domain user accounts in the Active Directory forest that includes the Exchange servers with which you want Cisco Unity Connection to communicate. Note the following:
• Give the account a name that identifies it as the Unified Messaging Services account for Cisco Unity Connection.
• Do not add the account to any administrator group.
• Do not disable the account, or Cisco Unity Connection cannot use it to access Exchange mailboxes. Specify a password that satisfies password requirements of your company.
The password is encrypted with Advanced Encryption Standard (AES) 128-bit encryption and stored in the Cisco Unity Connection database. The key that is used to encrypt the password is accessible only with root access, and root access is available only with assistance from the Cisco Technical Assistance Center (TAC).
2. Run the following command in the Exchange Management shell to assign the management role to the Unified Messaging Services account for Exchange 2010:
• RoleName is the name that you wish to give the assignment; for example, "ConnectionUMServicesAcct". The name that you enter for RoleName appears when you run get-managementRoleAssignment.
• Account is the name of the Unified Messaging Services account in domain or alias format.
3. If any of your Exchange servers are running Exchange 2010 Service Pack 1 or later, create an Exchange mailbox for the account. Otherwise, do not create an Exchange mailbox for the account. Microsoft Exchange needs more information to resolve the service account in a cross forest deployment. Microsoft Exchange only looks in the local domain for the account; to resolve this, a mailbox or contact object needs to be created in the BPOS-Dedicated forest which has a master account security identifier (SID) of the account in customer forest. This allows Microsoft Exchange to resolve the object and consequently, will be able to resolve the customer service account.
4. The authentication mode, web-based protocol, account name, and password (for the new Unified Messaging Services account), etc. configured with Microsoft will be required by the installers of Cisco Unity Connection on the customer's premises. This information must match on each side in order to successfully establish communication through Exchange Web Services between the Unified Messaging Service on Cisco Unity Connection and the associated Microsoft Exchange Client Access Server(s) in Microsoft BPOS-Dedicated services.
If troubleshooting the Cisco Unity Connection appliance becomes necessary, try first to use the test buttons for both the Unified Messaging Services and the Unified Messaging Services associated with a test user account. Both test buttons contain detailed information if a particular test fails (refer to Figure 3).
Figure 3. Cisco Unity Connection Unified Messaging Service Test Button Results
Gathering and enabling micro-traces for the components named CsMbxSync, CsEWS, EWSNotify, and CsExMbxLocator can reveal problems with Unified Messaging Services, configuration, or connectivity. Reference the available online Cisco documentation to configure and collect micro-traces.
Use of Microsoft's EWS Editor will validate connectivity, permissions, and access to Exchange Online or Exchange on premises without the Cisco Unity Connection appliance. Instructions are as follows:
5. In the field labeled "Use a specific Exchange version..." select Exchange 2007_SP1. This refers to the API schema.
6. Enter the credentials for the account created with application impersonation rights in the BPOS-Dedicated environment.
7. Select the checkbox for impersonation. This is the account to be impersonated and the corporate email address field on a Cisco Unity Connection user in the Cisco Unity Connection directory - it is also the SMTP address of the account in Exchange (e.g.
8. Click OK and Yes. If it logs on, then you have the correct permissions for Cisco Unity Connection to use Microsoft Exchange Web Services (EWS) against BPOS-Dedicated.
Figure 4. Microsoft EWS Editor Example
The Cisco Unity Connection Unified Messaging solution with Microsoft BPOS-Dedicated services is the first of its kind. Combining the power of Cisco Unity Connection solutions and the strength of Microsoft Exchange email enables organizations to deploy a reliable solution that focuses on total cost of ownership (TCO) and collaboration.