Provision Audio and Video Capabilities on Cisco Unified Communications Manager Version 9.x and Higher

Create software phone devices so that users can send and receive audio and video on their computers. Create desk phone devices that users can control with Cisco Jabber. Learn how to enable different audio and video features. Understand which server profiles you should create and which user associations you must assign.

Create Software Phone Devices

Software phones let users send and receive audio and video through their computers.

Create CSF Devices

Complete the steps in this task to create CSF devices.

Procedure
    Step 1   Open the Cisco Unified CM Administration interface.
    Step 2   Select Device > Phone.

    The Find and List Phones window opens.

    Step 3   Select Add New.
    Step 4   Select Cisco Unified Client Services Framework from the Phone Type drop-down list and then select Next.

    The Phone Configuration window opens.

    Step 5   Specify a name for the CSF device in the Device Name field.

    You should use the CSFusername format for CSF device names. For example, you create a CSF device for a user named Tanya Adams, whose username is tadams. In this case, you should specify CSFtadams as the device name.

    Step 6   Set the Owner User ID field to the appropriate user.
    Important:

    On Cisco Unified Communications Manager version 9.x, the client uses the Owner User ID field to get service profiles for users. For this reason, each user must have a device and the User Owner ID field must be associated with the user.

    If you do not associate users with devices and set the Owner User ID field to the appropriate user, the client cannot retrieve the service profile that you apply to the user.

    Step 7   Specify configuration settings on the Phone Configuration window as appropriate.

    See the Phone Setup topic in the Cisco Unified Communications Manager documentation for more information about the configuration settings on the Phone Configuration window.

    See the Set Up Secure Phone Capabilities for instructions on configuring secure CSF devices.

    Step 8   Select Save.

    A message displays to inform you if the device is added successfully. The Association Information section becomes available on the Phone Configuration window.

    What to Do Next

    Add a directory number to the device and apply the configuration.

    Set Up Secure Phone Capabilities

    You can optionally set up secure phone capabilities for CSF devices. Secure phone capabilities provide secure SIP signaling, secure media streams, and encrypted device configuration files.

    Configure the Security Mode

    To use secure phone capabilities, you must configure the Cisco Unified Communications Manager security mode using the Cisco CTL Client. You cannot use secure phone capabilities with the nonsecure security mode. At a minimum, you must use mixed mode security.

    Mixed mode security:
    • Allows authenticated, encrypted, and nonsecure phones to register with Cisco Unified Communications Manager.
    • Cisco Unified Communications Manager supports both RTP and SRTP media.
    • Authenticated and encrypted devices use secure port 5061 to connect to Cisco Unified Communications Manager.

    See the Cisco Unified Communications Manager Security Guide for instructions on configuring mixed mode with the Cisco CTL Client.

    Related Information
    Cisco Unified Communications Manager Security Guide, Release 8.6(1)
    Cisco Unified Communications Manager Security Guide, Release 9.1(1)
    Cisco Unified Communications Manager Security Guide, Release 10.0(1)

    Create a Phone Security Profile

    The first step to setting up secure phone capabilities is to create a phone security profile that you can apply to the device.

    Before You Begin

    Configure the Cisco Unified Communications Manager security to use mixed mode.

    Procedure
      Step 1   Select System > Security > Phone Security Profile.
      Step 2   Select Add New.
      Step 3   Select Cisco Unified Client Services Framework from the Phone Security Profile Type drop-down list and then select Next.

      The Phone Security Profile Configuration window opens.

      Configure the Phone Security Profile

      After you add a phone security profile, you must configure it to suit your requirements.

      Procedure
        Step 1   Specify a name for the phone security profile in the Name field on the Phone Security Profile Configuration window.
        Restriction:

        You must use fully qualified domain name (FQDN) format for the security profile name if users connect remotely to the corporate network through Expressway for Mobile and Remote Access.

        Step 2   Specify values for the phone security profile as follows:
        Device Security Mode
        Select one of the following:
        • Authenticated
        • Encrypted
        Transport Type
        Leave the default value of TLS.
        TFTP Encrypted Config

        Select this checkbox to encrypt the CSF device configuration file that resides on the TFTP server.

        Authentication Mode
        Select By Authentication String.
        Key Size (Bits)
        Select the appropriate key size for the certificate.
        Note   

        Key size refers to the bit length of the public and private keys that the client generates during the CAPF enrollment process.

        Cisco Jabber for Mac has been tested using authentication strings with 1024 bit length keys. The client requires more time to generate 2048 bit length keys than 1024 bit length keys. As a result, if you select 2048, you should expect it to take longer to complete the CAPF enrollment process.

        SIP Phone Port
        Leave the default value.

        The client always uses port 5061 to connect to Cisco Unified Communications Manager when you apply a secure phone profile. The port that you specify in this field only takes effect if you select Non Secure as the value for Device Security Mode.

        Step 3   Select Save.

        Configure CSF Devices

        Add the phone security profile to the devices and complete other configuration tasks for secure phone capabilities.

        Procedure
          Step 1   Open the CSF device configuration window.
          1. Select Device > Phone.

            The Find and List Phones window opens.

          2. Specify the appropriate filters in the Find Phone where field and then select Find to retrieve a list of devices.
          3. Select the CSF device from the list.

            The Phone Configuration window opens.

          Step 2   Select Allow Control of Device from CTI in the Device Information section.
          Step 3   Select Save.
          Step 4   Locate the Protocol Specific Information section.
          Step 5   Select the phone security profile from the Device Security Profile drop-down list.
          Step 6   Select Save.

          At this point in the secure phone set up, existing users can no longer use their CSF devices. You must complete the secure phone set up for users to be able to access their CSF devices.

          What to Do Next

          Specify the certificate settings and generate the authentication string for users.

          Specify Certificate Settings

          Specify certificate settings in the CSF device configuration and generate the authentication strings that you provide to users.

          Procedure
            Step 1   Locate the Certification Authority Proxy Function (CAPF) Information section on the Phone Configuration window.
            Step 2   Specify values as follows:
            Certificate Operation
            Select Install/Upgrade.
            Authentication Mode
            Select By Authentication String.
            Key Size (Bits)
            Select the same key size that you set in the phone security profile.
            Operation Completes By
            Specify an expiration value for the authentication string or leave as default.
            Step 3   Select Save.
            Step 4   Create the authentication string.
            You can do one of the following:
            • Select Generate String in the Certification Authority Proxy Function (CAPF) Information section.
            • Enter a custom string in the Authentication String field.
            What to Do Next

            Provide users with the authentication string.

            Provide Users with Authentication Strings

            Users must specify the authentication string in the client interface to access their CSF devices and securely register with Cisco Unified Communications Manager.

            When users enter the authentication string in the client interface, the CAPF enrollment process begins.

            Note

            The time it takes for the enrollment process to complete can vary depending on the specifications of the user's computer and the current load for Cisco Unified Communications Manager. It can take up to one minute for the client to complete the CAPF enrollment process.

            The client displays an error if:
            • Users enter an incorrect authentication string. Users can attempt to enter authentication strings again to complete the CAPF enrollment. However, if a user continually enters an incorrect authentication string, the client might reject any string the user enters, even if the string is correct. In this case, you must generate a new authentication string on the user's CSF device and then provide it to the user.
            • Users do not enter the authentication string before the expiration time you set in the Operation Completes By field. In this case, you must generate a new authentication string on the user's CSF device. The users must then enter that authentication string before the expiration time.
            Important:
            When you configure the end users in Cisco Unified Communications Manager, you must add them to the following user groups:
            • Standard CCM End Users
            • Standard CTI Enabled
            Users must not belong to the following user group:
            • Standard CTI Secure Connection

            Secure Phone Details

            Secure Connections
            If you enable secure phone capabilities, then:
            • SIP connections between CSF devices and Cisco Unified Communications Manager are over TLS.
              • If you select Authenticated as the value for the Device Security Mode field on the phone security profile, the SIP connection is over TLS using NULL-SHA encryption.
              • If you select Encrypted as the value for the Device Security Mode field on the phone security profile, the SIP connection is over TLS using AES 128/SHA encryption.
            • Mutual TLS ensures that only CSF devices with the correct certificates can register to Cisco Unified Communications Manager. Likewise, CSF devices can register only to Cisco Unified Communications Manager instances that provide the correct certificate.

            If you enable secure phone capabilities for users, their CSF device connections to Cisco Unified Communications Manager are secure. If the other end point also has a secure connection to Cisco Unified Communications Manager, then the call can be secure. However, if the other end point does not have a secure connection to Cisco Unified Communications Manager, then the call is not secure.

            Encrypted Media
            If you select Encrypted as the value for the Device Security Mode field on the phone security profile, the client uses Secure Realtime Transport Protocol (SRTP) to offer encrypted media streams as follows:
            Media Stream Encryption
            Main video stream Can be encrypted
            Main audio stream Can be encrypted
            The ability to encrypt media depends on if the other end points also encrypt media, as in the following examples:
            • You enable media encryption for user A and user B. In other words, Device Security Mode is set to Encrypted on the phone security profile for the users' CSF devices.
            • You do not enable media encryption for user C. In other words, Device Security Mode is set to Authenticated on the phone security profile for the user's CSF device.
            • User A calls user B. The client encrypts the main video stream and audio stream.
            • User A calls user C. The client does not encrypt the main video stream and audio stream.
            • User A, user B, and user C start a conference call. The client does not encrypt the main video stream or audio stream for any user.

            Note
            The client displays the following lock icon when it can use SRTP for encrypted media streams to other secured clients or conference bridges:


            However, not all versions of Cisco Unified Communications Manager provide the ability to display the lock icon. If the version of Cisco Unified Communications Manager you are using does not provide this ability, the client cannot display a lock icon even when it sends encrypted media.

            Using Expressway for Mobile and Remote Access
            Users cannot complete the enrollment process or use secure phone capabilities from outside the corporate network. This limitation also includes when users connects through Expressway for Mobile and Remote Access; for example,
            1. You configure a user's CSF device for secure phone capabilities.
            2. That user connects to the internal corporate network through Expressway for Mobile and Remote Access.
            3. The client notifies the user that it cannot use secure phone capabilities instead of prompting the user to enter an authentication string.
            When users connect to the internal network through Expressway for Mobile and Remote Access and participate in a call:
            • Media is encrypted on the call path between the Cisco Expressway-C and devices that are registered to the Cisco Unified Communications Manager using Expressway for Mobile and Remote Access.
            • Media is not encrypted on the call path between the Cisco Expressway-C and devices that are registered locally to Cisco Unified Communications Manager.

            Note

            If you change the phone security profile while the client is connected through Expressway for Mobile and Remote Access, you must restart the client for that change to take effect.

            Stored Files
            The client stores the following information for secure phone capabilities:
            • Certificate trust list (.tlv)
            • Locally significant certificate (.lsc)
            • Private key for the CSF device (.key)

            The client downloads and stores certificate trust lists whenever you configure Cisco Unified Communications Manager security as mixed mode. Certificate trust lists enable the client to verify the identity of Cisco Unified Communications Manager servers.

            The client saves the locally significant certificates and private keys after users successfully enter the authentication code and complete the enrollment process. The locally significant certificate and private key enable the client to establish mutual TLS connections with Cisco Unified Communications Manager.


            Note

            The client encrypts the private key before saving it to the keychain.

            Conference Calls

            On conference, or multi-party, calls, the conferencing bridge must support secure phone capabilities. If the conferencing bridge does not support secure phone capabilities, calls to that bridge are not secure. Likewise, all parties must support a common encryption algorithm for the client to encrypt media on conference calls.

            CSF device security reverts to the lowest level available on multi-party calls. For example, user A, user B, and user C join a conference call. User A and user B have CSF devices with secure phone capabilities. User C has a CSF device without secure phone capabilities. In this case, the call is not secure for all users.

            Sharing Secure CSF Devices between Clients

            Clients that do not support secure phone capabilities cannot register to secure CSF devices.

            "For example, you set up secure phone capabilities on a CSF device. Two versions of Cisco Jabber register the device. However, one version of Cisco Jabber does not support secure phone capabilities. In this scenario, you must create two different CSF devices, one secure CSF device for Cisco Jabber that supports secure phone capabilities and another CSF device that is not secure for the other Cisco Jabber "

            Multiple Users on a Shared Mac OS Account

            Multiple users can have unique credentials for the client and share the same Mac account. However, the secure CSF devices are restricted to the Mac account that the users share. Users who share the same Mac account cannot make calls with their secure CSF devices from different Mac accounts.

            You should ensure that multiple users who share the same Mac account have CSF devices with unique names. Users cannot register their CSF devices if they share the same Mac account and have CSF devices with identical names, but connect to different Cisco Unified Communications Manager clusters.

            For example, user A has a CSF device named CSFcompanyname and connects to cluster 1. User B has a CSF device named CSFcompanyname and connects to cluster 2. In this case, a conflict occurs for both CSF devices. Neither user A or user B can register their CSF devices after both users log in to the same Mac account.

            Multiple Users on a Shared Computer

            The client caches the certificates for each user's secure CSF device in a location that is unique to each Mac user. When a user logs in to their Mac account on the shared computer, that user can access only the secure CSF device that you provision to them. That user cannot access the cached certificates for other Mac users.

            Add a Directory Number to the Device

            You must add directory numbers to devices in Cisco Unified Communications Manager. This topic provides instructions on adding directory numbers using the Device > Phone menu option after you create your device. Under this menu option, only the configuration settings that apply to the phone model or CTI route point display. See the Cisco Unified Communications Manager documentation for more information about different options to configure directory numbers.

            Procedure
              Step 1   Locate the Association Information section on the Phone Configuration window.
              Step 2   Select Add a new DN.

              The Directory Number Configuration window opens.

              Step 3   Specify a directory number in the Directory Number field.
              Step 4   Specify all other required configuration settings as appropriate.
              Step 5   Associate end users with the directory number as follows:
              1. Locate the Users Associated with Line section.
              2. Select Associate End Users.

                The Find and List Users dialog box opens.

              3. Specify the appropriate filters in the Find User where field and then select Find to retrieve a list of users.
              4. Select the appropriate users from the list.
              5. Select Add Selected.

                The selected users are added to the voicemail profile.

              Step 6   Select Save.
              Step 7   Select Apply Config.

              The Apply Configuration window opens.

              Step 8   Follow the prompts on the Apply Configuration window to apply the configuration.

              Create Desk Phone Devices

              Users can control desk phones on their computers to place audio calls.

              Procedure
                Step 1   Open the Cisco Unified CM Administration interface.
                Step 2   Select Device > Phone.

                The Find and List Phones window opens.

                Step 3   Select Add New.
                Step 4   Select the appropriate device from the Phone Type drop-down list and then select Next.

                The Phone Configuration window opens.

                Step 5   Complete the following steps in the Device Information section:
                1. Enter a meaningful description in the Description field.

                  The client displays device descriptions to users. If users have multiple devices of the same model, the descriptions help users tell the difference between multiple devices.

                2. Select Allow Control of Device from CTI.

                  If you do not select Allow Control of Device from CTI, users cannot control the desk phone.

                Step 6   Set the Owner User ID field to the appropriate user.
                Important:

                On Cisco Unified Communications Manager version 9.x, the client uses the Owner User ID field to get service profiles for users. For this reason, each user must have a device and the User Owner ID field must be associated with the user.

                If you do not associate users with devices and set the Owner User ID field to the appropriate user, the client cannot retrieve the service profile that you apply to the user.

                Step 7   Specify all other configuration settings on the Phone Configuration window as appropriate.

                See the Cisco Unified Communications Manager documentation for more information about the configuration settings on the Phone Configuration window.

                Step 8   Select Save.

                An message displays to inform you if the device is added successfully. The Association Information section becomes available on the Phone Configuration window.

                What to Do Next

                Add a directory number to the device and apply the configuration.

                Add a Directory Number to the Device

                You must add directory numbers to devices in Cisco Unified Communications Manager. This topic provides instructions on adding directory numbers using the Device > Phone menu option after you create your device. Under this menu option, only the configuration settings that apply to the phone model or CTI route point display. See the Cisco Unified Communications Manager documentation for more information about different options to configure directory numbers.

                Procedure
                  Step 1   Locate the Association Information section on the Phone Configuration window.
                  Step 2   Select Add a new DN.

                  The Directory Number Configuration window opens.

                  Step 3   Specify a directory number in the Directory Number field.
                  Step 4   Specify all other required configuration settings as appropriate.
                  Step 5   Associate end users with the directory number as follows:
                  1. Locate the Users Associated with Line section.
                  2. Select Associate End Users.

                    The Find and List Users dialog box opens.

                  3. Specify the appropriate filters in the Find User where field and then select Find to retrieve a list of users.
                  4. Select the appropriate users from the list.
                  5. Select Add Selected.

                    The selected users are added to the voicemail profile.

                  Step 6   Select Save.
                  Step 7   Select Apply Config.

                  The Apply Configuration window opens.

                  Step 8   Follow the prompts on the Apply Configuration window to apply the configuration.

                  Enable Video Rate Adaptation

                  The client uses video rate adaptation to negotiate optimum video quality. Video rate adaptation dynamically increases or decreases video quality based on network conditions.

                  To use video rate adaptation, you must enable Real-Time Transport Control Protocol (RTCP) on Cisco Unified Communications Manager.

                  Note

                  RTCP is enabled on software phone devices by default. However, you must enable RTCP on desk phone devices.

                  Enable RTCP on Common Phone Profiles

                  You can enable RTCP on a common phone profile to enable video rate adaptation on all devices that use the profile.

                  Procedure
                    Step 1   Open the Cisco Unified CM Administration interface.
                    Step 2   Select Device > Device Settings > Common Phone Profile.

                    The Find and List Common Phone Profiles window opens.

                    Step 3   Specify the appropriate filters in the Find Common Phone Profile where field and then select Find to retrieve a list of profiles.
                    Step 4   Select the appropriate profile from the list.

                    The Common Phone Profile Configuration window opens.

                    Step 5   Locate the Product Specific Configuration Layout section.
                    Step 6   Select Enabled from the RTCP drop-down list.
                    Step 7   Select Save.

                    Enable RTCP on Device Configurations

                    You can enable RTCP on specific device configurations instead of a common phone profile. The specific device configuration overrides any settings you specify on the common phone profile.

                    Procedure
                      Step 1   Open the Cisco Unified CM Administration interface.
                      Step 2   Select Device > Phone.

                      The Find and List Phones window opens.

                      Step 3   Specify the appropriate filters in the Find Phone where field and then select Find to retrieve a list of phones.
                      Step 4   Select the appropriate phone from the list.

                      The Phone Configuration window opens.

                      Step 5   Locate the Product Specific Configuration Layout section.
                      Step 6   Select Enabled from the RTCP drop-down list.
                      Step 7   Select Save.

                      Add a CTI Service

                      The CTI service lets users control devices.

                      Procedure
                        Step 1   Open the Cisco Unified CM Administration interface.
                        Step 2   Select User Management > User Settings > UC Service.

                        The Find and List UC Services window opens.

                        Step 3   Select Add New.

                        The UC Service Configuration window opens.

                        Step 4   In the Add a UC Service section, select CTI from the UC Service Type drop-down list.
                        Step 5   Select Next.
                        Step 6   Provide details for the instant messaging and presence service as follows:
                        1. Specify a name for the service in the Name field.

                          The name you specify displays when you add services to profiles. Ensure the name you specify is unique, meaningful, and easy to identify.

                        2. Specify an optional description in the Description field.
                        3. Specify the CTI service address in the Host Name/IP Address field.
                        4. Specify the port number for the CTI service in the Port field.
                        Step 7   Select Save.
                        What to Do Next

                        Add the CTI service to your service profile.

                        Apply CTI Service

                        After you add a CTI service on Cisco Unified Communications Manager, you must apply it to a service profile so that the client can retrieve the settings.

                        Before You Begin

                        Create a service profile if none already exist or you require a separate service profile for CTI.

                        Procedure
                          Step 1   Open the Cisco Unified CM Administration interface.
                          Step 2   Select User Management > User Settings > Service Profile.

                          The Find and List Service Profiles window opens.

                          Step 3   Find and select your service profile.

                          The Service Profile Configuration window opens.

                          Step 4   In the CTI Profile section, select up to three services from the following drop-down lists:
                          • Primary
                          • Secondary
                          • Tertiary
                          Step 5   Select Save.

                          Enable URI Dialing

                          You can enable URI dialing on Cisco Unified Communications Manager version 9.1(2) and higher.

                          URI dialing allows users to make calls and resolve contacts with Uniform Resource Identifiers (URI). For example, a user named Adam McKenzie has the following SIP URI associated with his directory number: amckenzi@example.com. URI dialing enables users to call Adam with his SIP URI rather than his directory number.

                          For detailed information on URI dialing requirements, such as valid URI formats, as well as advanced configuration including ILS setup, see the URI Dialing section of the Cisco Unified Communications Manager System Guide.

                          Related Information
                          Cisco Unified Communications Manager Maintain and Operate Guides

                          Associate URIs to Directory Numbers

                          When users make URI calls, Cisco Unified Communications Manager routes the inbound calls to the directory numbers associated to the URIs. For this reason, you must associate URIs with directory numbers. You can either automatically populate directory numbers with URIs or configure directory numbers with URIs.

                          Automatically Populate Directory Numbers with URIs

                          When you add users to Cisco Unified Communications Manager, you populate the Directory URI field with a valid SIP URI. Cisco Unified Communications Manager saves that SIP URI in the end user configuration.

                          When you specify primary extensions for users, Cisco Unified Communications Manager populates the directory URI from the end user configuration to the directory number configuration. In this way, automatically populates the directory URI for the user's directory number. Cisco Unified Communications Manager also places the URI in the default partition, which is Directory URI.

                          The following task outlines, at a high level, the steps to configure Cisco Unified Communications Manager so that directory numbers inherit URIs:

                          Procedure
                            Step 1   Add devices.
                            Step 2   Add directory numbers to the devices.
                            Step 3   Associate users with the devices.
                            Step 4   Specify primary extensions for users.
                            What to Do Next

                            Verify that the directory URIs are associated with the directory numbers.

                            Verify Directory URIs

                            After you specify primary extensions for users, you should complete the following steps to verify that the directory URIs are associated with the directory numbers.

                            Procedure
                              Step 1   Open the Cisco Unified CM Administration interface.
                              Step 2   Select Call Routing > Directory Number.

                              The Find and List Directory Numbers window opens.

                              Step 3   Find and select the appropriate directory number.

                              The Directory Number Configuration window opens.

                              Step 4   Locate the Directory URIs section.

                              The primary directory URI for the directory number should correspond to the end user with whom you associated the device.

                              The partition should be Directory URI. This partition is the default into which Cisco Unified Communications Manager places URIs.

                              Configure Directory Numbers with URIs

                              You can specify URIs for directory numbers that are not associated with users. You should configure directory numbers with URIs for testing and evaluation purposes only.

                              To configure directory numbers with URIs, do the following:

                              Procedure
                                Step 1   Open the Cisco Unified CM Administration interface.
                                Step 2   Select Call Routing > Directory Number.

                                The Find and List Directory Numbers window opens.

                                Step 3   Find and select the appropriate directory number.

                                The Directory Number Configuration window opens.

                                Step 4   Locate the Directory URIs section.
                                Step 5   Specify a valid SIP URI in the URI column.
                                Step 6   Select the appropriate partition from the Partition column.
                                Note   

                                You cannot manually add URIs to the system Directory URI partition. You should add the URI to the same route partition as the directory number.

                                Step 7   Add the partition to the appropriate calling search space so that users can place calls to the directory numbers.
                                Step 8   Select Save.

                                Associate the Directory URI Partition

                                You must associate the default partition into which Cisco Unified Communications Manager places URIs with a partition that contains directory numbers.

                                Important:

                                To enable URI dialing, you must associate the default directory URI partition with a partition that contains directory numbers.

                                If you do not already have a partition for directory numbers within a calling search space, you should create a partition and configure it as appropriate.

                                Procedure
                                  Step 1   Open the Cisco Unified CM Administration interface.
                                  Step 2   Select System > Enterprise Parameters.

                                  The Enterprise Parameters Configuration window opens.

                                  Step 3   Locate the End User Parameters section.
                                  Step 4   In the Directory URI Alias Partition row, select the appropriate partition from the drop-down list.
                                  Step 5   Select Save.

                                  The default directory URI partition is associated with the partition that contains directory numbers. As a result, Cisco Unified Communications Manager can route incoming URI calls to the correct directory numbers.

                                  You should ensure the partition is in the appropriate calling search space so that users can place calls to the directory numbers.

                                  Enable FQDN in SIP Requests for Contact Resolution

                                  To enable contact resolution with URIs, you must ensure that Cisco Unified Communications Manager uses the fully qualified domain name (FQDN) in SIP requests.

                                  Procedure
                                    Step 1   Open the Cisco Unified CM Administration interface.
                                    Step 2   Select Device > Device Settings > SIP Profile.

                                    The Find and List SIP Profiles window opens.

                                    Step 3   Find and select the appropriate SIP profile.
                                    Remember:

                                    You cannot edit the default SIP profile. If required, you should create a copy of the default SIP profile that you can modify.

                                    Step 4   Select Use Fully Qualified Domain Name in SIP Requests and then select Save.
                                    What to Do Next

                                    Associate the SIP profile with all devices that have primary extensions to which you associate URIs.

                                    Configure User Associations

                                    When you associate a user with a device, you provision that device to the user.

                                    Procedure
                                      Step 1   Open the Cisco Unified CM Administration interface.
                                      Step 2   Select User Management > End User.

                                      The Find and List Users window opens.

                                      Step 3   Specify the appropriate filters in the Find User where field and then select Find to retrieve a list of users.
                                      Step 4   Select the appropriate user from the list.

                                      The End User Configuration window opens.

                                      Step 5   Locate the Service Settings section.
                                      Step 6   Select the appropriate service profile for the user from the UC Service Profile drop-down list.
                                      Step 7   Locate the Device Information section.
                                      Step 8   Select Device Association.

                                      The User Device Association window opens.

                                      Step 9   Select the devices to which you want to associate the user.
                                      Step 10   Select Save Selected/Changes.
                                      Step 11   Select User Management > End User and return to the Find and List Users window.
                                      Step 12   Find and select the same user from the list.

                                      The End User Configuration window opens.

                                      Step 13   Locate the Permissions Information section.
                                      Step 14   Select Add to Access Control Group.

                                      The Find and List Access Control Groups dialog box opens.

                                      Step 15   Select the access control groups to which you want to assign the user.
                                      At a minimum you should assign the user to the following access control groups:
                                      • Standard CCM End Users
                                      • Standard CTI Enabled
                                      Remember:

                                      If you are provisioning users with secure phone capabilities, do not assign the users to the Standard CTI Secure Connection group.

                                      Certain phone models require additional control groups, as follows:
                                      • Cisco Unified IP Phone 9900 or 8900 series, select Standard CTI Allow Control of Phones supporting Connected Xfer and conf.
                                      • Cisco Unified IP Phone 6900 series, select Standard CTI Allow Control of Phones supporting Rollover Mode.
                                      Step 16   Select Add Selected.

                                      The Find and List Access Control Groups window closes.

                                      Step 17   Select Save on the End User Configuration window.

                                      Specify Your TFTP Server Address

                                      The client gets device configuration from the TFTP server. For this reason, you must specify your TFTP server address when you provision users with devices.

                                      Attention:

                                      If the client gets the _cisco-uds SRV record from a DNS query, it can automatically locate the user's home cluster. As a result, the client can also locate the Cisco Unified Communications Manager TFTP service.

                                      You do not need to specify your TFTP server address if you deploy the _cisco-uds SRV record.

                                      Specify Your TFTP Server on Cisco Unified Communications Manager IM and Presence Service

                                      Complete the steps to specify the address of your TFTP server on Cisco Unified Communications Manager IM and Presence Service.

                                      Procedure
                                        Step 1   Open the Cisco Unified CM IM and Presence Administration interface.
                                        Step 2   Select Application > Legacy Clients > Settings.

                                        The Legacy Client Settings window opens.

                                        Step 3   Locate the Legacy Client Security Settings section.
                                        Step 4   Specify the IP address of your primary and backup TFTP servers in the following fields:
                                        • Primary TFTP Server
                                        • Backup TFTP Server
                                        • Backup TFTP Server
                                        Step 5   Select Save.

                                        Specify TFTP Servers with the Cisco WebEx Administration Tool

                                        If the client connects to the Cisco WebEx Messenger service, you specify your TFTP server address with the Cisco WebEx Administration Tool.

                                        Procedure
                                          Step 1   Open the Cisco WebEx Administration Tool.
                                          Step 2   Select the Configuration tab.
                                          Step 3   Select Unified Communications in the Additional Services section. The Unified Communications window opens.
                                          Step 4   Select the Clusters tab.
                                          Step 5   Select the appropriate cluster from the list. The Edit Cluster window opens.
                                          Step 6   Select Advanced Server Settings in the Cisco Unified Communications Manager Server Settings section.
                                          Step 7   Specify the IP address of your primary TFTP server in the TFTP Server field.
                                          Step 8   Specify the IP address of your backup TFTP servers in the Backup Server #1 and Backup Server #2 fields.
                                          Step 9   Select Save. The Edit Cluster window closes.
                                          Step 10   Select Save in the Unified Communications window.

                                          Reset Devices

                                          After you create and associate users with devices, you should reset those devices.

                                          Procedure
                                            Step 1   Open the Cisco Unified CM Administration interface.
                                            Step 2   Select Device > Phone.

                                            The Find and List Phones window opens.

                                            Step 3   Specify the appropriate filters in the Find Phone where field and then select Find to retrieve a list of devices.
                                            Step 4   Select the appropriate device from the list.

                                            The Phone Configuration window opens.

                                            Step 5   Locate the Association Information section.
                                            Step 6   Select the appropriate directory number configuration.

                                            The Directory Number Configuration window opens.

                                            Step 7   Select Reset.

                                            The Device Reset dialog box opens.

                                            Step 8   Select Reset.
                                            Step 9   Select Close to close the Device Reset dialog box.

                                            Create a CCMCIP Profile

                                            The client gets device lists for users from the CCMCIP server.

                                            Attention:

                                            If the client gets the _cisco-uds SRV record from a DNS query, it can automatically locate the user's home cluster and discover services. One of the services the client discovers is UDS, which replaces CCMCIP.

                                            You do not need to create a CCMCIP profile if you deploy the _cisco-uds SRV record.

                                            Procedure
                                              Step 1   Open the Cisco Unified CM IM and Presence Administration interface.
                                              Step 2   Select Application > Legacy Clients > CCMCIP Profile.

                                              The Find and List CCMCIP Profiles window opens.

                                              Step 3   Select Add New.

                                              The CCMCIP Profile Configuration window opens.

                                              Step 4   Specify service details in the CCMCIP profile as follows:
                                              1. Specify a name for the profile in the Name field.
                                              2. Specify the address of your primary CCMCIP service in the Primary CCMCIP Host field.
                                              3. Specify the hostname or IP address of your backup CCMCIP service in the Backup CCMCIP Host field.
                                              4. Leave the default value for Server Certificate Verification.
                                              Step 5   Add users to the CCMCIP profile as follows:
                                              1. Select Add Users to Profile.

                                                The Find and List Users dialog box opens.

                                              2. Specify the appropriate filters in the Find User where field and then select Find to retrieve a list of users.
                                              3. Select the appropriate users from the list.
                                              4. Select Add Selected.

                                                The selected users are added to the CCMCIP profile.

                                              Step 6   Select Save.

                                              Dial Plan Mapping

                                              You configure dial plan mapping to ensure that dialing rules on Cisco Unified Communications Manager match dialing rules on your directory.

                                              Application Dial Rules

                                              Application dial rules automatically add or remove digits in phone numbers that users dial. Application dialing rules manipulate numbers that users dial from the client.

                                              For example, you can configure a dial rule that automatically adds the digit 9 to the start of a 7 digit phone number to provide access to outside lines.

                                              Directory Lookup Dial Rules

                                              Directory lookup dial rules transform caller ID numbers into numbers that the client can lookup in the directory. Each directory lookup rule you define specifies which numbers to transform based on the initial digits and the length of the number.

                                              For example, you can create a directory lookup rule that automatically removes the area code and two digit prefix digits from 10 digit telephone numbers. An example of this type of rule is to transform 4089023139 into 23139.

                                              Publish Dial Rules

                                              Cisco Unified Communications Manager version 8.5 or lower does not automatically publish dial rules to the client. For this reason, you must deploy a COP file to publish your dial rules. This COP file copies your dial rules from the Cisco Unified Communications Manager database to an XML file on your TFTP server. The client can then download that XML file and access your dial rules.

                                              Remember:

                                              You must deploy the COP file every time you update or modify dial rules on Cisco Unified Communications Manager version 8.5 or lower.

                                              Before You Begin
                                              1. Create your dial rules in Cisco Unified Communications Manager.
                                              2. Download the Cisco Jabber administration package from Cisco.com.
                                              3. Copy cmterm-csf-dialrule-wizard-0.1.cop.sgn from the Cisco Jabber administration package to your file system.
                                              Procedure
                                                Step 1   Open the Cisco Unified OS Administration interface.
                                                Step 2   Select Software Upgrades > Install/Upgrade.
                                                Step 3   Specify the location of cmterm-csf-dialrule-wizard-0.1.cop.sgn in the Software Installation/Upgrade window.
                                                Step 4   Select Next.
                                                Step 5   Select cmterm-csf-dialrule-wizard-0.1.cop.sgn from the Available Software list.
                                                Step 6   Select Next and then select Install.
                                                Step 7   Restart the TFTP service.
                                                Step 8   Open the dial rules XML files in a browser to verify that they are available on your TFTP server.
                                                1. Navigate to http://tftp_server_address:6970/CUPC/AppDialRules.xml.
                                                2. Navigate to http://tftp_server_address:6970/CUPC/DirLookupDialRules.xml.

                                                If you can access AppDialRules.xml and DirLookupDialRules.xml with your browser, the client can download your dial rules.

                                                Step 9   Repeat the preceding steps for each Cisco Unified Communications Manager instance that runs a TFTP service.
                                                What to Do Next

                                                After you repeat the preceding steps on each Cisco Unified Communications Manager instance, restart the client.