The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Learn about options for deploying Cisco Jabber.
An on-premise deployment is one in which you set up, manage, and maintain all services on your corporate network.
For all deployments, the user's primary authentication is to a presence server. You must provision users with instant messaging and presence capabilities as the base for your deployment. You can then provision users with additional services, depending on your requirements.
To deploy full UC, you enable instant messaging and presence capabilities. You then provision users with devices for audio and video in addition to voicemail and conferencing capabilities.
Review architecture diagrams for on-premise deployments in the default product mode.
The following diagram illustrates the architecture of an on-premise deployment that includes Cisco Unified Presence:
Users can publish their availability and subscribe to other users' availability through Cisco Unified Presence.
Users send and receive instant messages through Cisco Unified Presence.
Users place audio calls through desk phone devices or on their computers through Cisco Unified Communications Manager.
Users place video calls through Cisco Unified Communications Manager.
Users send and receive voice messages through Cisco Unity Connection.
Provides hosted meeting capabilities.
Provides on-premise meeting capabilities.
The following diagram illustrates the architecture of an on-premise deployment that includes Cisco Unified Communications IM and Presence:
Users can publish their availability and subscribe to other users' availability through Cisco Unified Communications IM and Presence.
Users send and receive instant messages through Cisco Unified Communications IM and Presence.
Users place audio calls through desk phone devices or on their computers through Cisco Unified Communications Manager.
Users place video calls through Cisco Unified Communications Manager.
Users send and receive voice messages through Cisco Unity Connection.
Provides hosted meeting capabilities.
Provides on-premise meeting capabilities.
In cloud-based deployments, the user's primary authentication is to the Cisco WebEx Messenger service. Cisco WebEx hosts all services. You manage and monitor cloud-based deployments with the Cisco WebEx Administration Tool.
The following diagram illustrates the architecture of a cloud-based deployment:
The Cisco WebEx Messenger service provides contact resolution.
The Cisco WebEx Messenger service lets users publish their availability and subscribe to other users' availability.
The Cisco WebEx Messenger service lets users send and receive instant messages.
Cisco WebEx Meeting Center provides hosted meeting capabilities.
The following diagram illustrates the architecture of a hybrid cloud-based deployment:
The Cisco WebEx Messenger service provides contact resolution.
The Cisco WebEx Messenger service lets users can publish their availability and subscribe to other users' availability.
The Cisco WebEx Messenger service lets users send and receive instant messages.
Cisco WebEx Meeting Center provides hosted meeting capabilities.
Users place audio calls through desk phone devices or on their computers through Cisco Unified Communications Manager.
Users place video calls through Cisco Unified Communications Manager.
Users send and receive voice messages through Cisco Unity Connection.
Users are sent an email from their administrators. The email contains a URL that will configure the domain needed for service discovery.
The client automatically locates and connects to services.
Users manually enter connection settings in the client user interface.
The method you should use to provide the client with the information it needs to connect to services depends on your deployment type, server versions, and product modes. The following tables highlight various deployment methods and how to provide the client with the necessary information.
Product Mode | Server Versions | Discovery Method |
---|---|---|
Full UC (Default Mode) |
|
A DNS SRV request against _cisco-uds .<domain> |
Full UC (Default Mode) |
|
A DNS SRV request against _cuplogin.<domain> |
Server Versions | Connection Method |
---|---|
|
HTTPS request against http://loginp.webexconnect.com/cas/FederatedSSO?org=<domain> |
Deployment Type | Connection Method |
---|---|
Enabled for single sign-on (SSO) |
Cisco WebEx Administration Tool |
Not enabled for SSO | Cisco WebEx Administration Tool |
A source of authentication, or an authenticator, enables users to sign in to the client.
On-premises deployments in either full UC or IM only.
On-premises deployments in phone mode.
Cloud-based or hybrid cloud-based deployments.
Client checks cache for manual settings.
Users can manually enter authenticator through the client user interface.
Client checks cache to discover if the user's domain is a Webex organisation..
The client chooses Webex as the authenticator.
Client makes a Webex cloud service HTTP request to discover if the user's organisation domain is a Webex organisation.
The client chooses Webex as the authenticator.
Client checks cache for service discovery.
The client loads settings from previous queries for service (SRV) records.
Client queries for SRV records.
The client queries the DNS name server for SRV records to locate services.
If the client finds the _cisco-uds SRV record, it can get the authenticator from the service profile.
Service discovery enables clients to automatically detect and locate services on your enterprise network. Clients query domain name servers to retrieve service (SRV) records that provide the location of servers.
Migrating from Cisco Unified Presence 8.x to Cisco Unified Communications IM and Presence 9.0 or later.
You must specify the Cisco Unified Presence server FQDN in the migrated UC service on Cisco Unified Communications Manager. Open Cisco Unified Communications Manager Administration interface. Select User Management > User Settings > UC Service.
For UC services with type IM and Presence, when you migrate from Cisco Unified Presence 8.x to Cisco Unified Communications IM and Presence the Host Name/IP Address field is populated with a domain name and you must change this to the Cisco Unified Presence server FQDN.
However, the client can retrieve different SRV records that indicate to the client different servers are present and different services are available. In this way, the client derives specific information about your environment when it retrieves each SRV record.
Client's host computer or device gets a network connection.
When the client's host computer gets a network connection, it also gets the address of a DNS name server from the DHCP settings.
The user employs one of the following methods to discover the service during the first sign-in:
The user starts Cisco Jabber and then inputs an email-like address on the welcome screen.
URL configuration allows users to click on a link to cross-launch Cisco Jabber without manually inputting an email.
For a hybrid deployment, the domain that Cisco Jabber uses to retrieve the DNS SRV records can be different from the ServicesDomain that is used to discover Cisco WebEx domain.
Note | When all three parameters are included, service discovery will not happen and the user will be prompted to manually enter connection settings. |
Create the link in the following format:
ciscojabber://provision?ServicesDomain=<domain_for_service_discover> &VoiceServicesDomain=<domain_for_voice_services> &ServiceDiscoveryExcludedServices=<services_to_exclude_from_service_discover>
Provide the link to users using email or a web site.
Note | If your organization uses a mail application that supports cross launching proprietary protocols or custom links, you can provide the link to users using email, otherwise provide the link to users using a web site. |
The client gets the address of the DNS name server from the DHCP settings.
The client issues an HTTP query to a CAS URL for the Cisco WebEx Messenger service.
This query enables the client to determine if the domain is a valid Cisco WebEx domain.
The following is an example of an SRV record entry:
_cuplogin._tcp.DOMAIN SRV service location: priority = 0 weight = 0 port = 8443 svr hostname=192.168.0.26
When the client gets a domain from the user, it appends that domain to the following HTTP query:
http://loginp.webexconnect.com/cas/FederatedSSO?org=
For example, if the client gets example.com as the domain from the user, it issues the following query:
http://loginp.webexconnect.com/cas/FederatedSSO?org=example.com
That query returns an XML response that the client uses to determine if the domain is a valid Cisco WebEx domain.
If the client determines the domain is a valid Cisco WebEx domain, it prompts users to enter their Cisco WebEx credentials. The client then authenticates to theCisco WebEx Messenger service and retrieves configuration and UC services configured in Cisco WebEx Org Admin.
If the client determines the domain is not a valid Cisco WebEx domain, it uses the results of the query to the name server to locate available services.
In deployments with Cisco Unified Communications Manager version 9 and higher, the client can automatically discover services and configuration with the following SRV record: _cisco-uds.
The client queries the domain name server for SRV records.
The name server returns the _cisco-uds SRV record.
The client locates the user's home cluster.
As a result of automatically locating the user's home cluster, the client can retrieve the device configuration for the user and automatically register telephony services.
In an environment with multiple Cisco Unified Communications Manager clusters, you can configure the Intercluster Lookup Service (ILS). ILS enables the client to find the user's home cluster and discover services.
If you do not configure ILS, then you must manually configure remote cluster information, similar to the EMCC remote cluster set up. For more information on Remote Cluster Configuration, see the Cisco Unified Communications Manager Features and Services Guide.
The client retrieves the user's service profile.
The user's service profile contains the addresses and settings for UC services and client configuration.
The client also determines the authenticator from the service profile.
The client signs the user in to the authenticator.
_cisco-uds._tcp.example.com SRV service location: priority = 6 weight = 30 port = 8443 svr hostname = cucm3.example.com _cisco-uds._tcp.example.com SRV service location: priority = 2 weight = 20 port = 8443 svr hostname = cucm2.example.com _cisco-uds._tcp.example.com SRV service location: priority = 1 weight = 5 port = 8443 svr hostname = cucm1.example.com
Cisco Jabber can automatically discover and connect to Cisco Unified Presence or Cisco Unified Communications Manager IM and Presence Service with the following SRV record: _cuplogin.
The client queries the domain name server for SRV records.
The name server returns the _cuplogin SRV record.
As a result, Cisco Jabber can locate the presence server and determine that Cisco Unified Presence is the authenticator.
The client prompts the user for credentials and authenticates to the presence server.
The client retrieves service profiles from the presence server.
Tip | The _cuplogin SRV record also sets the default server address on the Advanced Settings window. |
_cuplogin._tcp.example.com SRV service location: priority = 8 weight = 50 port = 8443 svr hostname = cup3.example.com _cuplogin._tcp.example.com SRV service location: priority = 5 weight = 100 port = 8443 svr hostname = cup1.example.com _cuplogin._tcp.example.com SRV service location: priority = 7 weight = 4 port = 8443 svr hostname = cup2.example.com
Manual connection settings provide a fallback mechanism for Service Discovery in situations where Service Discovery has not been deployed.
When you launch Cisco Jabber, you can specify the authenticator and server addresses in the Advanced Settings window. The client then caches the server addresses to the local application configuration that it loads on subsequent launches.
If the client cannot get the authenticator and server addresses from the service profile.
The client also prompts users to enter server addresses in the Advanced Settings window if you do not set server addresses with SRV records.
Settings that you enter in the Advanced Settings window take priority over any other sources including SRV records.
Users can set Cisco Unified Presence as the authenticator and specify the server address in the Advanced Settings window.
You can automatically set the default server address with the _cuplogin SRV record.
Users can set the Cisco WebEx Messenger service as the authenticator and specify the CAS URL for login in the Advanced Settings window.
Users can select the Automatic option in the Advanced Settings window to discover servers automatically.
This option lets users change from manually setting the service connection details to using service discovery. For example, on the initial launch, you manually set the authenticator and specify a server address in the Advanced Settings window.
The client always checks the cache for manual settings. The manual settings also take higher priority over SRV records. For this reason, if you decide to deploy SRV records and use service discovery, you must override the manual settings from the initial launch.
Expressway for Mobile and Remote Access for Cisco Unified Communications Manager allows users to access their collaboration tools from outside the corporate firewall without a VPN client. Using Cisco collaboration gateways, the client can connect securely to your corporate network from remote locations such as public Wi-Fi networks or mobile data networks.
Set up servers to support Expressway for Mobile and Remote Access using Cisco Expressway-E and Cisco Expressway-C.*
* If you currently deploy a Cisco TelePresence Video Communication Server (VCS) environment, you can set up Expressway for Mobile and Remote Access. For more information, see Cisco VCS Basic Configuration (Control with Expressway) Deployment Guide and Mobile and Remote Access via Cisco VCS Deployment Guide.
Add any relevant servers to the whitelist for your Cisco Expressway-C server to ensure that the client can access services that are located inside the corporate network.
To add a server to the Cisco Expressway-C whitelist, use the HTTP server allow setting.
This list can include the servers on which you host voicemail or contact photos.
Configure an external DNS server that contains the _collab-edge DNS SRV record to allow the client locate the Expressway for Mobile and Remote Access server.
If you deploy a hybrid cloud-based architecture where the domain of the IM and presence server differs from the domain of the voice server, ensure that you configure the Voice Services Domain.
The Voice Services Domain allows the client to locate the DNS server that contains the_collab-edge record.
If the voice services domain is different from the services domain. In this case, users must be inside the corporate network to get the correct voice services domain from the jabber-config.xml file.
If the client needs to complete the CAPF enrollment process, which is required when using a secure or mixed mode cluster.
Service | Supported | Unsupported | |
---|---|---|---|
Directory | |||
UDS directory search | x | ||
LDAP directory search | x | ||
Directory photo resolution |
x * Using HTTP whitelist on Cisco Expressway-C |
||
Intradomain federation |
x * Contact search support depends of the format of your contact IDs. For more information, see the note below. |
||
Interdomain federation |
x | ||
Instant Messaging and Presence | |||
On-premises | x | ||
Cloud | x | ||
Chat | x | ||
Group Chat | x | ||
High Availability: On-premises deployments | x | ||
File Transfer: On-premises deployments | x | ||
File Transfer: Cloud deployments | x (Desktop clients only) | ||
Audio and Video | |||
Audio and video calls |
x * Cisco Unified Communications Manager 9.1(2) and later |
||
Deskphone control mode (CTI) | x | ||
Extend and Connect | x | ||
Session persistency | x | ||
Early media | x | ||
Self Care Portal access | x | ||
Voicemail | |||
Visual voicemail |
x * Using HTTP whitelist on Cisco Expressway-C |
||
Cisco WebEx Meetings | |||
On-premises | x | ||
Cloud | x | ||
Cisco WebEx Desktop Share | x | ||
Security | |||
End-to-end encryption | x | ||
CAPF enrollment | x | ||
Troubleshooting | |||
Problem report generation | x | ||
Problem report upload | x |
When the client connects to services using Expressway for Mobile and Remote Access, it supports directory integration with the following limitations.
The client cannot use LDAP for contact resolution when outside of the corporate firewall. Instead, the client must use UDS for contact resolution.
When users are inside the corporate firewall, the client can use either UDS or LDAP for contact resolution. If you deploy LDAP within the corporate firewall, Cisco recommends that you synchronize your LDAP directory server with Cisco Unified Communications Manager to allow the client to connect with UDS when users are outside the corporate firewall.
To ensure that the client can download contact photos, you must add the server on which you host contact photos to the whitelist of your Cisco Expressway-C server. To add a server to Cisco Expressway-C whitelist, use the HTTP server allow setting. For more information, see the relevant Cisco Expressway documentation.
When the client connects to services using Expressway for Mobile and Remote Access, it supports instant messaging and presence with the following limitations.
The client does not support file transfer including screen capture with Cisco Unified Communications Manager IM and Presence Service deployments. File Transfer is supported only with Cisco WebEx cloud deployments with desktop clients.
When the client connects to services using Expressway for Mobile and Remote Access, it supports voice and video calling with the following limitations.
The client cannot recover from audio and video calls drop when a network transition occurs. For example, if a users start a Cisco Jabber call inside their office and then they walk outside their building and lose Wi-Fi connectivity, the call drops as the client switches to use Expressway for Mobile and Remote Access.
Early Media allows the client to exchange data between endpoints before a connection is established. For example, if a user makes a call to a party that is not part of the same organization, and the other party declines or does not answer the call, Early Media ensures that the user hears the busy tone or is sent to voicemail.
When using Expressway for Mobile and Remote Access, the user does not hear a busy tone if the other party declines or does not answer the call. Instead, the user hears approximately one minute of silence before the call is terminated.
Users cannot access the Cisco Unified Communications Manager Self Care Portal when outside the firewall. The Cisco Unified Communications Manager user page cannot be accessed externally.
The Cisco Expressway-E proxies all communications between the client and unified communications services inside the firewall. However, the Cisco Expressway-E does not proxy services that are accessed from a browser that is not part of the Cisco Jabber application.
Voicemail service is supported when the client connects to services using Expressway for Mobile and Remote Access.
Note | To ensure that the client can access voicemail services, you must add the voicemail server to the whitelist of your Cisco Expressway-C server. To add a server to Cisco Expressway-C whitelist, use the HTTP server allow setting. For more information, see the relevant Cisco Expressway documentation. |
When the client connects to services using Expressway for Mobile and Remote Access, it supports only cloud-based conferencing using Cisco WebEx Meeting Center.
The client cannot access the Cisco WebEx Meetings Server or join or start on-premises Cisco WebEx meetings.
When the client connects to services using Expressway for Mobile and Remote Access, it supports most security features with the following limitations.
Certificate Authority Proxy Function (CAPF) enrollment is a security service that runs on the Cisco Unified Communications Manager Publisher that issues certificates to Cisco Jabber (or other clients). To successfully enrol for CAPF, the client must connect from inside the firewall or using VPN.
Media is encrypted on the call path between the Cisco Expressway-C and devices that are registered to the Cisco Unified Communications Manager using Expressway for Mobile and Remote Access.
Media is not encrypted on the call path between the Cisco Expressway-C and devices that are registered locally to Cisco Unified Communications Manager.
When the desktop client connects to services using Expressway for Mobile and Remote Access, it cannot send problem reports because the client uploads problem reports over HTTPS to a specified internal server.
To work around this issue, users can save the report locally and send the report in another manner.