The IM and Presence Service supports interdomain federation with Skype for Business server via Expressway in a business to business configuration.
In this deployment, Expressway sits between the two systems and relays traffic between the two systems. Expressway operates with a pair of servers: Expressway-C sits within the enterprise network and connects to the IM and Presence Service and Expressway-E sits at the edge of the enterprise domain and communicates with the Skype for Business domain.
Skype for Business Federation Task Flow (Business to Business)
Complete the following tasks to set up Interdomain SIP Federation between the IM and Presence Service and Microsoft Skype for Business in a business to business deployment.
Optional. Complete this procedure only if your Skype for Business global access edge configuration does not allow the IM and Presence domain. In this case, add a specific entry to allow the IM and Presence Service domain.
Optional. Use this procedure only if you are not using a DNS SRV record to route traffic from Skype for Business to the IM and Presence Service. In this case, add Expressway manually as a SIP Federation Provider for the IM and Presence domain.
Exchange Certificates between the servers in your deployment.
Assign DNS SRV for IM and Presence
Configure a public DNS SRV record for the IM and Presence Service. The record must resolve to the Expressway-E IP address. Skype for Business will use this record to route traffic to IM and Presence Service via Expressway.
where expwye is the domain for Expressway-E.
You can still configure interdomain federation without the DNS SRV record, but you will have to add the route manually in the Skype for Business server. If you choose to do this, you can skip this task.
After you set up the Skype for Business domain, restart the Cisco XCP Router.
From Cisco Unified IM and Presence Serviceability, choose Tools > Control Center - Network Services.
As a shortcut, you can also get to the Control Center - Network Services window from the Cisco Unified Communications Manager Cisco Cloud Onboarding Configuration window by clicking the Control Center - Network Services link when that link appears in the Status message.
From the Server drop-down list box, choose the IM and Presence database publisher node and click Go.
Under IM and Presence Services, select the Cisco XCP Router service.
Repeat this procedure for all IM and Presence Service cluster nodes.
On the IM and Presence Service, add inbound access control list (ACL) entries for the Expressway-C server so that Expressway-C can access the IM and Presence Service without authentication. For multicluster deployments, complete this procedure on each cluster.
If you have an ACL that provides global access (Allow from all), or an ACL which provides access to the domain on which the Expressway-C server resides (for example, Allow from company.com) then you do not need to add ACL entries for the Expressway-C server.
Log in to the IM and Presence Service publisher node.
From Cisco Unified CM IM Administration, choose System > Security > Incoming ACL.
Create your ACL entries:
Click Add New.
Enter a Description for the new ACL entry. For example, Skype for Business Federation via Expressway-C.
Enter an Address Pattern that provides access to the Expressway-C IP address or FQDN. For example, Allow from 10.10.10.1 or Allow from expwyc.company.com.
Repeat this set of steps to create another ACL entry. To provide server access, you need two entries: an ACL with the server IP address, and an ACL with the server FQDN.
Configure Expressway for Federation with Skype for Business
After interdomain federation is configured on the IM and Presence Service, set up Expressway for interdomain federation with Skype for Business. For Expressway configuration details, see the Cisco Expressway Options with Cisco Meeting Server and/or Microsoft Infrastructure Deployment Guide at:
On the Skype for Business server, configure global access edge settings for SIP Federation.
In the left navigation bar, click Federation and External Access.
In the header bar, click ACCESS EDGE CONFIGURATION.
If you want to allow access to all domains globally, select each of the following options. Otherwise, choose which options you want to allow:
Enable federation and public IM connectivity
Enable partner domain discovery—Select this option to use a public DNS SRV record to route traffic to the IM and Presence Service. If you do not want to use a DNS SRV record, or do not have a DNS SRV record, leave this option unchecked.
Enable remote user access
Enable anonymous user access to conferences
If you choose not to allow access globally, you will have to add the IM and Presence manually as an allowed domain and a SIP Federated Provider.
Add Expressway as SIP Federated Provider for IM and Presence
Use this procedure on the Skype for Business server if you are not using a DNS SRV record to route traffic from Skype for Business. In this case, you must add Expressway manually as a SIP Federation Provider for IM and Presence Service.
If you have a DNS SRV record for the IM and Presence Service, you can skip this task.
On the Skype for Business server, click Federation and External Access.
Click SIP FEDERATED PROVIDERS.
Click New and select Hosted provider.
In the Provider name field, enter your IM and Presence domain.
In the Access Edge service (FQDN) field, enter the fully qualified domain name of the Expressway-E server.
For Skype for Business certificates, you can use the Skype for Business Deployment Wizard to install or download certificates. Run the wizard and select the Request, Install or Assign Certificates option. For details, see your Microsoft Skype for Business documentation.