Table Of Contents
Cisco Unified Communications Store Employee Dashboard Design and Implementation Guide
Cisco Unified Communications Store Employee Dashboard—Solution Overview
Cisco Unified Communications Store Employee Dashboard Solution Architecture
Intelligent Retail Network and the SONA Framework
Integrated Network Services Layer
Intelligent Retail Network Store Architectures and the Infrastructure Layer
IPsession Architecture Framework
Cisco Unified Communications Store Employee Dashboard Solution—Components and Services
Designing the Cisco Unified Communications Store Employee Dashboard Solution
Implementing and Configuring the Solution
IPcelerate IPsession Configuration
Cisco Unified Communications Store Employee Dashboard Design and Implementation Guide
July 19, 2008
This guide describes how to implement the Cisco Unified Communications Store Employee Dashboard solution using the IPcelerate IPsession product and the Cisco Unified Communication technologies. Using multiple retail reference architectures, it validates proof-of-concept via interoperability testing. This enables a retailer to expedite implementation of the Cisco Unified Communications Store Employee Dashboard within their environment.
The Cisco Unified Communications Store Employee Dashboard target audience is sales engineers that have retail accounts interested in using an IP telephony environment or expanding the utility of their existing IP telephony investment. It is assumed that administrators of the Cisco Unified Communications Store Employee Dashboard have experience with installation and acceptance of the products covered by this network design. In addition, it is assumed that the administrators understand the procedures required to upgrade and troubleshoot networks at a basic level.
Other users of this guide include the following groups:
•Retail customers with technical networking/telephony background and experience
•System administrators who are familiar with the fundamentals of IP telephony
•Sales engineers responsible for supporting retail accounts
Cisco Unified Communications Store Employee Dashboard—Solution Overview
The Cisco Unified Communications Store Employee Dashboard solution from IPcelerate and Cisco is a suite of IP-based applications developed to improve employee productivity and facilitate inter-store communications. These IPcelerate applications integrate data and voice capabilities, and are presented in a simple to use single dashboard-view accessible from Cisco IP-enabled phones. The following are the Cisco Unified Communications Store Employee Dashboard solution core components:
•IPsession Server Appliance
•Cisco Unified Communication Manager
•7970 IP Phones
This solution was validated using Cisco Intelligent Retail Network architectures as the foundation representing an actual retailer.
Solution Description
Using Cisco's Unified Communications and IPcelerate's IPsession Server, retailers can transform the IP Phone into an employee terminal-device that provides a cost effective way to perform daily store operations procedures (such as time card clocking, shift/staff management, and task management) and a means for corporate/business owners to directly communicate to store employees on the sales floor without having to be relayed by store management.
Some of the solution's features include:
•Time Capture System—Enables store employee to record daily attendance punches from any store phone.
•Store Reminder System—Tracks each store's functional tasks and sends out an employee reminder or manager alert if a task is not performed on time.
•Dial-Out Shift Notifications—Assists in finding replacement shift coverage by available employees when required, automatically. This application can be used for an immediate shift or future shifts.
•Daily Deposit tracking—Provides the means for entering and communicating daily bank deposit to company management.
•Messaging and Alerting—Allows for audible and text messages for events such as employee recognition, immediate event notification, and meeting reminders.
The Cisco Unified Communications Store Employee Dashboard solution facilitates closer collaboration between remote stores and management through pre-programmed conferencing features. This solution is part of the Cisco Unified Communications for Retail suite of IP communications and collaboration tools, designed to accelerate the flow of information to transform the store experience. Now, growing businesses can take full advantage of network technology to help cut costs, enable new applications and services, and improve organizational efficiency.
Target Market
Target customers for Cisco Unified Communications Store Employee Dashboard solution include retailers who are considering migrating to IP telephony or with existing IP telephony. Users of this guide includes corporate managers, corporate finance, and corporate VPs responsible for retail store operations.
Solution Benefits
The Cisco Unified Communications Store Employee Dashboard solution facilitates many benefits to the retailer and employees. Benefits to the retailer include:
•Affordable end devices for flexible placement throughout the store.
•Reduction in time spent by store management on operational tasks such as:
–Providing and managing scheduling information to store employees (including scheduled meal breaks, zone coverage).
–Managing time-off requests by store employees.
–Placing multiple outbound calls to fill shifts (for example, for employees sick calls)
Benefits to the store employee include:
•Increased accessibility to receive daily store operational information and personal scheduling information.
•Improved method for requesting time-off and receiving confirmation of request status.
•Consistent communication of corporate policy and promotional messaging to associates, regardless of shift time.
•Delivery of vendor-driven promotional and training content.
•Faster response to security-safety threats.
Scope of the Solution
The validation of the solution performed by Cisco and IPcelerate (as described in Testing) demonstrate a proof-of-concept implementation of specific services using IPcelerate IPsession within a Cisco IP telephony environment. IPcelerate IPsession is a feature-rich product with many capabilities beyond the subset of the features that comprise the Cisco Unified Communications Store Employee Dashboard solution. Implementation of the solution requires a full implementation of IPsession. IPsession enables end users to invoke various communication features from the user interface on Cisco IP phones that are base features of IPsession but were not tested within the scope of this solution. These include:
For more information on these features, refer to the IPcelerate's website: http://www.ipcelerate.com/ipsession.html
Wireless is a major component of the Intelligent Retail Network reference architecture. However, no wireless components were tested in this release of the Cisco Unified Communications Store Employee Dashboard solution.
Survivable Remote Site Telephony (SRST) functionality (for example, HSRP, IPsession redundancy, WAN failures, etc) was not tested. The deployment method is a centralized server; IPsession services will not be available if a WAN failure occurs.
IPsession uses SOAP and CTI protocols for XML messaging. The Cisco Unified Communication Manager cluster should have sufficient processing resources to handle the SOAP/CTI messaging. Consult the IPcelerate/Cisco account teams for recommendations of product sizing when designing and piloting the Cisco Unified Communications Store Employee Dashboard solution for a specific retailer.
The Cisco Unified Communications Store Employee Dashboard solution was deployed and tested within three retail network environments: small, medium, and large stores. These three store models were constructed using the Cisco Intelligent Retail Network reference architectures. Each store model has varying degrees of redundancy and resiliency. The Cisco Unified Communications Store Employee Dashboard solution was tested at the Cisco lab in San Jose, CA.
The Cisco Unified Communications Store Employee Dashboard solution is a Cisco Validated Design, level 1 (CVD1), and as such, scale performance testing is not within the scope of this document.
For more information, see the following URL: http://www.cisco.com/en/US/netsol/ns741/networking_solutions_program_home.html.
IPsession Retail Application
IPsession Retail Application is an upgrade and customized version of IPSession (version 5.0) used to manage various real time activities such as Time Card, Shift Management, Daily Deposit and Task Alerts. The intelligent mechanisms control many activities automatically (for example, when the daily deposit is not completed at the scheduled time, an alert is sent to the respective store).
This section provides a short description of the features in the IPsession Retail application.
Employees
Employees are grouped into the following categories:
•Employees—Application access.
•Store Managers—Manage single store and store specific information.
•Area Managers—Access to all stores.
•Directors—Access to all applications, manage, and administrate the system.
Stores
The Retail IPsession application allows multiple store scenarios. One IPsession server can accommodate multiple stores.
Shifts
Shifts are created for stores to allocate employees to a shift.
Timecard and Shift Management
Timecard and Shift Management provides shift allocation for employees, managing shifts, shift planner, clocking in and clocking out, shift coverage notification and shift reporting. It also provides time-off requests and approvals. The application performs clerical and accounting processing so that employees can focus on store specific activities.
Tasks Alerts
The Task Alert feature is a daily task reminder. Each task alert is sent to the store phones throughout the day as scheduled. This ensures that the employees do not forget to complete a task at a certain time on a daily basis, allowing employees to focus on better customer service. Task alert appears on Cisco IP phones as a text message along with an audible message.
Daily Deposit
Daily Deposits sends a notification to the store to enter their daily deposits. Once it is inserted, reports can be generated on daily, weekly, and monthly basis.
Administration Interface
All the retail specific applications are grouped under "IPsession Retail Store" application in the IPsession web interface. All the features are grouped under the retail specific applications.
Cisco Unified Communications Store Employee Dashboard Solution Architecture
The Cisco Unified Communications Store Employee Dashboard solution architecture is a blending of Cisco's and IPcelerate's framework architectures; SONA and NIPA.
Intelligent Retail Network and the SONA Framework
The framework for the Cisco Unified Communications Store Employee Dashboard solution is based on the Cisco Service-Oriented Network Architecture (SONA), as shown in Figure 1. Using a SONA framework, the Intelligent Retail Network (IRN) reference architectures serve as the foundation of the network systems layer. These network architectures exhibit best practices for retail networks and provide the robust foundation for the higher-level services and applications. For more information about IRN, see the following URL:
http://www.cisco.com/web/strategy/retail/irn.html.
Figure 1 Cisco Unified Communications Store Employee Dashboard Solution Framework
Application Layer
Business and collaboration applications connect users and business processes to the infrastructure. The application layer of the framework includes the combined business and collaboration applications from Cisco and IPcelerate.
The Cisco Unified Communications suite enables collaboration through XML-based applications such as IPcelerate's IPsession. These applications are enhanced through the Cisco 7970 Series color IP phones, which have touch-screen enabled displays. IPcelerate IPsession integrates with a Cisco Unified Communications IP telephony system to provide the following capabilities:
•Time Capture System—Enables stores employee to record daily attendance punches from any store phone.
•Store Reminder System—Tracks each store's functional tasks and sends out an employee reminder or manager alert if a task is not performed on-time.
•Dial Out Shift Notifications—Automatically assists in finding replacement shift coverage when required.
•Daily Deposit tracking—Provides the means for entering and communicating daily bank deposit to company management.
Using the Cisco Unified Communications Store Employee Dashboard solution, retailers can transform the IP phone into an employee terminal device that provides a cost effective way to perform daily store operations procedures (for example, time card clocking, shift/staff management, and task management) and a means for corporate/business owners to directly communicate to store employees on the sales floor without having to be relayed by store management. Application services are the connection from the applications to the shared services of the integrated network services layer.
Integrated Network Services Layer
The integrated Network Services Layer is where filtering, caching, and protocol optimization interact with applications or application middleware services to optimize the performance from the network to the end user. Process control is simplified by using common infrastructure services such as collaboration, security, and identity. These are key advantages that aid in operational reporting and security policy enforcements. Fewer services that are shared across more intelligent devices increases the operational efficiency of the whole system.
•Voice and collaboration services—Are created by adding the voice IOS service to the store routers, and adding Cisco Unified Communication Manager and application servers to the data center.
•Network virtualization —Can be viewed by the use of Cisco Integrated Services Routers (ISRs), which virtualize store security appliances, routers, switches, and voice and application services into intelligent IT appliances that are centrally managed and monitored.
•Security services —Are used extensively in the IRN architectures. These services are a combination of in-store security services shared across multiple physical devices, central management in the data center, and virtual access to the security control plane from anywhere in the retail network.
•Identity services —are used to ensure that access to each application is allowed only for authenticated and authorized management users. A central Microsoft Active Directory enhances secure identity services to both Cisco and IPcelerate suites.
Note For more information about securing IRN architectures, refer to the PCI Solution for Retail Design and Implementation Guide at the following URL: http://www.cisco.com/web/strategy/retail/pci_imp.html. This guide describes services that can be used to provide a secure posture for the Cisco Unified Communications Store Employee Dashboard solution.
The integrated network services layer provides services that are distributed across the infrastructure layer.
Intelligent Retail Network Store Architectures and the Infrastructure Layer
Small Store
The small store reference architecture (see Figure 2) is a powerful platform for running an enterprise retail business that requires simplicity and a compact form factor. This combination appeals to many different retail formats that can include the following:
•Mall-based retail stores
•Quick-serve restaurants
•Convenience stores
•Specialty shops
•Discount retailers who prefer network simplicity over other factors
This network architecture is widely used, and consolidates many services into fewer infrastructure components. The small store also supports a variety of retail business application models because an integrated Ethernet switch supports high-speed LAN services.
Figure 2 Small Store Network Design
Primary Design Requirements
Primary design requirements are as follows:
•Store size averages between 2000 to 6000 square feet
•Fewer than 25 devices requiring network connectivity
•Single router and integrated Ethernet switch
•Preference for integrated services within fewer network components because of physical space requirements
Advantages
Advantages are as follows:
•Lower cost per store
•Fewer parts to spare
•Fewer software images to maintain
•Lower equipment maintenance costs
Limitations
Limitations are as follows:
•Decreased levels of network resilience
•Greater potential downtime because of single points of failure
Medium Store
The medium retail store reference architecture (see Figure 3) is designed for enterprise retailers who require network resilience and increased levels of application availability over the small store architecture and its simple, single-threaded approach. As more mission-critical applications and services converge onto the IP infrastructure, network uptime and application availability are more important. The dual-router and dual-LAN switch design of the medium store supports these requirements. Each of the ISR routers can run Cisco IOS security services and other store communication services simultaneously. Each of the ISR routers is connected to a dedicated WAN connection. Hot-Standby Routing Protocol (HSRP) is used to ensure network resilience in the event that the network connection fails.
The access layer of the network offers enhanced levels of flexibility and more access ports compared to the small store. The distributed Cisco Catalyst switches can support a combination of larger physical buildings or a larger number of endpoints than the small store.
Figure 3 Medium Store Network Design
Primary Design Requirements
Primary design requirements are as follows:
•Store size averages between 6,000 to 18,000 square feet
•Physical size of store is smaller than a large store, so a distribution layer of network switches is not required
•Number of devices connecting to the network averages between 25 and 100 devices
Advantages
Advantages are as follows:
•More adaptive access layer with support for a greater number of endpoints and more diverse building requirements (multiple floors, sub-areas, and so on)
•Multiple routers for primary and backup network requirements
•Improved network resilience through parallel device design
•Improved network and application availability through parallel paths
Limitations
The limitation is of this architecture is that there is no distribution layer between core layer (the ISR) and the access layer switches.
Large Store
The large retail store reference architecture (see Figure 4) takes some of the elements of Cisco campus network architecture recommendations and adapts them to a large retail store environment. Network traffic can be segmented (logically and physically) to meet business requirements. The distribution layer of the large store architecture improves LAN performance while offering enhanced physical media connections. A larger number of endpoints can be added to the network to meet business requirements. This type of architecture is widely used by large-format retailers globally. Dual routers and distribution layer media flexibility improves network serviceability because the network is highly available and scales to support the large retail store requirements. Routine maintenance and upgrades can be scheduled and performed more frequently, or during normal business hours, through this parallel path design.
Figure 4 Large Store Network Design
Primary Design Requirements
Primary design requirements are as follows:
•Store size averages between 15,000 to 150,000 square feet
•More than 100 devices per store requiring network connectivity
•Multiple routers for primary and backup network requirements
•Preference for a combination of network services distributed within the store to meet resilience and application availability requirements
•Three-tier network architecture within the store; distribution layer switches are used between the central network services core and the access layer connecting to the network endpoints (point-of-sale, wireless APs, servers, etc.)
Advantages
Advantages are as follows:
•Highest network resilience based on highly available design
•Port density and fiber density for large retail locations
•Increase segmentation of traffic
•Scalable to accommodate shifting requirements in large retail stores
Limitations
The limitation of this architecture is higher cost because of network resilience based on highly available design.
IPsession Architecture Framework
The Network IP Application (NIPA) Framework, shown in Figure 5, provides a basic set of abstractions and Application Programming Interfaces (APIs) to enable the management of a suite of IP communications applications. The NIPA Framework is used by all components of the IPsession suite of capabilities, as well as other XML-based applications for Cisco's IP Communication solution.
Figure 5 IPsession NIPA Framework
Figure 5 illustrates the interfaces to applications and the Cisco IP Communications environment. Not only does the NIPA Framework provide a foundation for the capabilities developed by IPcelerate, Inc., the foundation can also be leveraged by other companies to easily integrate their own capabilities to the IPsession server. Linking Cisco IP Phones with other IT investments already deployed in an organization increases the value of IP communications. The NIPA Framework allows organizations to link an IP communications environment with time-and-labor systems, databases (SQL, Oracle, and SAP), CRM applications, RFID technologies, physical security systems, HVAC systems, web services, and more.
Cisco Unified Communications Store Employee Dashboard Solution—Components and Services
Solution Components
The following components are required to implement the Cisco Unified Communications Store Employee Dashboard solution:
•IPsession Retail Application—This is an upgrade and customized version of IPsession (version 5.0). It is the customized solutions for Cisco retail store to manage various real-time activities like time card, shift management, daily deposit, task alerts to accelerate day-to-day business processes, and focus more on customer satisfaction. Its intelligent mechanism controls many activities automatically (for example, when daily deposit is not entered by the scheduled time, it will send the alert to the appropriate store representative).
•Cisco Unified Communication Manager—This is the core call-processing software for Cisco IP Telephony. It builds call processing capabilities on top of the Cisco IP network infrastructure. Cisco Unified Communication Manager software extends enterprise telephony features and capabilities to packet telephony network devices such as IP phones, media processing devices, voice gateways, and multimedia applications.
•7970 IP Phone—IP phones have all the functions expected from a telephone, as well as more advanced features including the ability to access XML-based applications.
Hardware/Software
Table 1 lists the hardware/software products installed for the Cisco Unified Communications Store Employee Dashboard solution.
Services and Functionality
Table 2 lists the services that were enabled to optimize IPsession within the Cisco network environment
Table 2 Services Enabled
Cisco Feature Platform/Software ReleaseQoS
ISR 2821, 3825 and 3845
IOS 12.4.9T
Multicast
ISR 2821, 3825 and 3845
IOS 12.4.9T
Limitations and Caveats
This solution does not introduce any additional known caveats or limitations to existing product documentation.
Designing the Cisco Unified Communications Store Employee Dashboard Solution
The Cisco Unified Communications Store Employee Dashboard solution provides a proof-of-concept implementation of IPsession within a Cisco Unified Communication Manager and VoIP network. The small, medium, and large Intelligent Retail Network reference architectures provide a "real world" retail contextual backdrop for this solution. Each IRN store is centrally connected to a data center with traditional data center services such as DNS and NTP, as well as Cisco Unified Communication Manager and the IPsession Appliance. This is a cost-effective implementation that leverages a highly available data center staffed with trained personnel and minimizes the number of additional servers required throughout the network.
A number of servers and workstations were implemented as VMware Server virtual machines. This allowed greater flexibility within the lab environment and aligns with industry trending towards greater virtualization. Dedicated hardware and increased resources may be required for more consistent performance in larger implementations.
Note When designing the Cisco Unified Communications Store Employee Dashboard solution, special consideration must be made to retailers that have existing Unified Communication deployment. IPsession uses SOAP and CTI protocols for XML messaging. The Cisco Unified Communication Manager cluster should have sufficient processing resources to handle the SOAP/CTI messaging. Consult IPcelerate/Cisco account teams for recommendations of product sizing when designing and piloting the Cisco Unified Communications Store Employee Dashboard for a specific retailer.
IPcelerate
This section provides guidance around the IPsession application features.
Employees
Employees need to be created in the IPsession Retail Application. Three unique forms of identification exist for all people that interact with this application:
•Existing Retailer Organizational ID—This is the existing value that a retailer uses to identify its employees before the solution was introduced.
•USER ID—An alphanumeric value that is associated with employee to login to the appliance web interface. It is recommended that the user ID match the existing retailer organizational ID to reduce management overhead.
•EMPLOYEE ID—A numerical value that is associated with the employee to sign on to the phone. This numbers only identification simplifies the sign on process of the phone.
Note IPcelerate enabled the phone employee login entry numerical so that it would be easier to enter via the phone's interface. The user would not have to scroll through the keys for the correct alphabet digit on the initial form selection.
Employees are assigned to a store as a primary workplace.
Stores
Each store has a store manager and a group of employees. Employees work on shifts in a store. A list of IP phones are assigned to the stores. Task alerts are sent to the store phones. All store specific events or notifications are sent to the store manager's cell phone or desk phone.
Shifts
Shifts are created for stores to allocate employees to a shift.
Timecard and Shift Management
Shift Management is the application for managing the shifts and Timecard allows employees to clock-in and clock-out. There are two types of the shift process;
•Assigned Shift—Shifts must be created prior to the employee assignment. Shifts must be allocated to the employee by managers prior to the employee's ability to clock-in.
•Unassigned Shift—Employees can clock-in on an ad-hoc basis, if that shift is not already allocated. This requires manager approval after the employee signs in and will not be reported to payroll report unless it is approved by the manager.
Timecard and Shift Management is accessible from both the IPsession web interface and Cisco IP phone services interface.
Tasks Alerts
Once a task alert is displayed on the store phone, employees have to acknowledge the tasks by entering their employee ID. If a task alert goes unacknowledged for five minutes (configurable time setting), it will resend the task alert in combination with escalation to the manager. The escalation is sent to the store manager on his cellular phone. If it is still not acknowledged, it performs a final escalation to a globally configured user ID.
Daily Deposit
The Daily Deposit function sends a daily notification to the store phones to enter their daily deposits. The time of the notification is configurable. Reports can be generated on daily, weekly, and monthly basis.
Administration Interface
All the retail specific features are grouped under "IPsession Retail" application in the IPsession web interface. All the features are grouped under the retail specific applications. Navigate through the links for configuration and administration purposes as shown in Figure 6.
Figure 6 Retail Applications
Cisco
The Cisco Unified Communications Store Employee Dashboard solution consists of an IPcelerate IPsession appliance and Cisco Unified Communication Manager and IP phones. To facilitate the testing of this solution, additional Cisco components were used to provide a retail network infrastructure context. A simulated retailer was created, complete with a data center and three stores: small, medium, and large. This environment provided the services and enhancements described in the following sections that contributed to the performance, security, and management of the solution.
Intelligent Retail Network
The small, medium, and large stores were built to the specifications of the IP telephony designations of the Intelligent Retail Network reference architectures. Each store consists of access routing, switching, and security services. For additional information on the Intelligent Retail Network, see the following URL: http://www.cisco.com/web/strategy/retail/irn.html.
Unified Communications
The following components were used:
•Cisco Unified Communication Manager
The Unified Communications implementation was a default installation of Cisco Unified Communication Manager 5.1. It is assumed that an actual retailer would implement a clustered implementation of Cisco Unified Communication Manager. For additional guidance on installing the Cisco Unified Communications, see the following URL: http://www.cisco.com/en/US/products/sw/voicesw/ps556/prod_installation_guide09186a0080792e5e.html.
•VoIP phones
The solution used G7.29a as the compression protocol for phone calls over the WAN, and Skinny Call Control Protocol (SCCP) as the telephony control protocol. SCCP is required because the firmware image is smaller than the SIP firmware image. Multicast audio streamed to the phones for Task Alert used G7.11 protocol. Current phones lack sufficient memory to support XML applications in the larger SIP image.
Quality of Service
The Cisco Unified Communications Store Employee Dashboard solution can potentially be a disruptive technology if not provisioned correctly because the application and media is bandwidth consumptive (see Performance).
Using quality-of-service (QoS) protects the retailer's enterprise POS, voice, and media traffic from being disturbed by other forms of consumptive traffic. The following configurations were used consistently across the small, medium and large stores.
QoS in this solution is implemented as Class-Based Weighted Fair Queueing (CBWFQ) with priority express forwarding for the voice traffic (see Table 3). Policy maps are used to classify traffic inbound on LAN interfaces and to queue traffic outbound on WAN interfaces. Common performance issues today are often the result of misbehaving applications generating excessive traffic. By properly classifying and queuing network traffic, performance can be greatly improved. Through the use of QoS and multicast, retailers can remain extremely conservative on their WAN bandwidth provisioning.
The method of QoS used in the testing lab was based on the Cisco Enterprise Quality of Service reference design. For more information on QoS, see the following URL: www.cisco.com/univercd/cc/td/doc/solution/esm/qossrnd.pdf
Task Alert Multicast Audio Message
The Cisco Unified Communications Store Employee Dashboard solution uses several types of communication. Multicast is used to send audio messaging. Task Alert message uses roughly 92 kbps of WAN bandwidth. See Quality of Service Implementation and Multicast Implementation for optimization services that mitigate the traffic impact of the solution.
For example, assume a retailer wants to deploy the Cisco Unified Communications Store Employee Dashboard solution within its stores. The retailer has 100 stores with 10 phones in each store. Without multicast enabled, 1000 audio streams (100x10) would be sent from the central IPsession appliance. With multicast enabled, the central IPsession appliance multicasts a single audio stream to each store router (100 audio streams total in this example) and allows the local store router to replicate the streams to the phones. This avoids taxing the valuable WAN bandwidth.
Multicast is a complex topic with varying degrees of design concerns for individual retailers. This document provides configuration examples that were used to provide multicast functionality within the lab. For additional multicast design guidance, see the following URL:
http://www.cisco.com/en/US/tech/tk828/tech_design_guides_list.html
Security
Security is an integral component of all retail networks requiring adherence to industry regulations such as the Sarbanes-Oxley Act of 2002 (SOX) and Payment Card Industry (PCI). Additional retail-focused security recommendations are located the PCI Solution for Retail Design and Implementation Guide at the following URL:
http://www.cisco.com/web/strategy/retail/pci.html
Segmentation for security purposes occurs in all locations. Within each store, retail traffic is segmented by type (such as point-of-sale, wireless, voice, and so on), and assigned an appropriate VLAN. The store ISR protects these segments with integrated Cisco IOS security features, such as packet filtering, stateful inspection firewall, NAT, IPS, and other services, applied as appropriate. Within the data center, segmentation and firewalling is implemented between data center services such as IPsession Directory, Cisco Unified Communication Manager, DNS, NTP, and so on. Management of network devices is secured using Access Control Server and Active Directory.
This guide identifies the ports and protocols used by IP telephony with Cisco Unified Communication Manager and the IPcelerate IPsession application. These services can then be accommodated in specific implementations as needed.
Implementing and Configuring the Solution
The Cisco Unified Communications Store Employee Dashboard solution was implemented and validated as a proof-of-concept. Testing involved the validation of functionality using 7970 Cisco IP phones within a centralized Cisco Unified Communication Manager 5.1.2 environment. An IPcelerate IPsession appliance with an IPsession Retail image was centrally located in the data center. The goal of the testing was to articulate the functionality of the Retail module features of IPsession.
Topology
The small, medium, and large Intelligent Retail Network reference architectures provide a "real world" retail contextual backdrop for this solution. Each IRN store was centrally connected to a data center with traditional data center services such as domain name service (DNS) and Network Time Protocol (NTP), as well as Cisco Unified Communication Manager and the IPsession Appliance. The logical topology of the validation lab is represented in Figure 7. For specific places in the network details, see Appendix B—Network Diagrams.
Figure 7 Logical Topology
Testing Tools
Table 4 lists and describes the testing tools used.
Configuration Task Lists
IPcelerate IPsession Configuration
The following are considerations for configuring the IPsession retail solution. It is recommended the configuration be performed in the following sequence:
•Server Configuration
•Store Configuration
•Employee Configuration
The following are parameters for each area:
Server Configuration
Retail Configuration Parameters
This section provides the IPsession Retail specific configuration parameters. From IPsession web interface, select Configure->IPsession Retail Store to set the parameters. Set the appropriate values for these parameters as displayed in Table 5. For IPsession Server configuration refer to IPsession manual.
Stores
Create stores using the Administration Screen. The fields shown in Table 6 need to be filled-in.
These stores can also be imported via an Excel spreadsheet. Refer to the IPcelerate's Retail Administration Guide for correct procedures.
Employees
In preparation for the employees being created, it is recommended that the following employees' information is listed on an Excel spreadsheet:
•First Name
•Last Name
•Store to assign to
•Logon ID (for example, Adam Johnson could be AJohnson)
•PIN Number (for example, last five numbers of social security number or company employee number)
These employees can also be imported via an Excel spreadsheet. Refer to the IPcelerate's Retail Administration Guide for correct procedures.
Cisco Unified Communication Manager Server
Cisco Unified Communication Manager was installed using the current implementation guide available at the following URL: http://www.cisco.com/en/US/products/sw/voicesw/ps556/prod_installation_guide09186a0080792e5e.html.
The following steps outline the setup of Cisco Unified Communication Manager:
Step 1 Installed Cisco Unified Communication Manager server 5.1.1.3000 and added service pack 5.1.2.1000 using MCS7845-H server.
Step 2 Created small, medium, and large device pools representing each store location.
Step 3 Added gateway routers and endpoint ports for small, medium, and large store routers.
Step 4 Added phones and assigned appropriate dial plan, partitions, translations, locations, and SRST settings
Step 5 Verified SNMP settings for read-only access.
Step 6 Added new Cisco Unified Communication Manager phone service for the IPcelerate IPsession Directory Service: LS IPsession.
Step 7 Service URL: http://IPcelerate.cisco-irn.com:8080/nipa/NIPAXML.jsp?d=#DEVICENAME#
Existing Resources
The following resources were existing: Microsoft Active Directory Domain controller server
Implementation Guidance
The IPsession Server is a complex product with many configuration options. IPcelerate professional services are required to properly install and integrate this solution.
IPsession Retail Applications FAQs
Dialout
Q. How many calls can the i.DialOut application make simultaneously?
A. The number of simultaneous calls is directly proportional to the number of CTI ports created for that application. The number of simultaneous calls does not have to equal the number of CTI ports created, but it should not exceed the number of the number of CTI ports.
Q. Can I create a new, or not use, the header message for the i.DialOut message?
A. You can create a new message using the i.NVR application to be used as a new header file. A header file must be used so a silent, short audio file can be created to use as a header for this scenario.
Task Alert
Q. How many devices can receive Alerts?
A. The only devices that can receive alerts are the IPsession licensed devices, however there is not a limit of licensed devices that can receive alerts. If a device configured to receive alerts triggers an alert, that device does not then receive its own alert.
Q. Can the displayed information be modified to show different fields of information?
A. Adding additional fields is not supported with the Task Alert application. Using the provided templates administrators can supply the information per each phone.
Announcements
Q. What format can the audio file be saved as?
A. The audio files recorded through the i.NVR application are saved only in a .au file format. The names of the files may be modified but the file type may not.
Q. Can the i.NVR directory number be dialed from an external number?
A. The i.NVR CTI port can be configured with a DID DN which will allow external incoming calls to initiate this application. If the DN is known, it can be reached from the Unity messaging system if available.
Timecard
Q. Can a user clock in from any phone or does it have to be a specific phone?
A. A user can clock into any phone that has the service subscribed to this phone. Users also do not have to clock out using the same phone that they initially clocked in on.
Troubleshooting
Dialout
Problem The application calls a phone but it drops quickly before anyone has time to answer.
Solution Make sure that the CTI ports created allow for the type of call being made (locally, internally, and long distance) by verifying the Calling Search Space, Partition, and other like parameters.
Problem The header message and/or media file is not being played.
Solution Verify the file type of the message not being played. Dial-out only supports .au files to be used.
Solution Verify that the Max Call Duration is set high enough for the entire message to be played.
Task Alert
Problem One or more phones do not receive the alert.
Solution Verify that in the user profile that the MAC address and DN associated to that users profile matches the phone they are using.
Solution Verify that the users phone is licensed by IPsession (associated to the IPsession CTI user in Call Manager).
Announcements
Problem The Employee ID entered is being rejected.
Solution The Employee IDs that are being used must be unique from user to user, verify that the Employee ID being entered is unique.
Solution The Employee ID must be followed by the `#' key to continue.
Problem The phone number the message is being sent to is not receiving the message.
Solution The phone number entered through the i.NVR application must be entered in exactly how you would dial it from an IP phone, this includes any digits needed to gain outside access and any long distance codes
Solution Verify that the number being dialed is not being blocked (i.e. International and long distance numbers.)
Timecard
Problem Cannot clock in.
Solution Verify that the IP phone is subscribed to the Employee Dashboard service.
Solution Verify that the login credentials used are accurate.
Solution Verify that employee is associated to any one of stores.
Solution Verify that employee groups are associated to employee.
Cisco Services Configuration
Quality of Service Implementation
The Unified Communication Media Display solution can potentially be a disruptive technology if not provisioned correctly because the application and media is bandwidth consumptive (See Performance Section).
The use of QoS protects the retailer's enterprise POS, voice, and media traffic from being disturbed by other forms of consumptive traffic. The following configurations were used consistently across the small, medium, and large stores:
ip access-list extended MISSION-CRITICAL-SERVERSremark ---POS Applications---permit ip 192.168.52.0 0.0.0.255 anypermit ip any 192.168.52.0 0.0.0.255ip access-list extended TRANSACTIONAL-DATA-APPSremark ---IPcelerate Application---permit ip host 192.168.46.92 anypermit ip 225.3.15.0 0.0.0.255 anypermit ip any host 192.168.46.92permit ip any 239.192.0.0 0.0.0.255permit ip any host 239.255.255.250remark ---Remote Desktop---permit tcp any any eq 3389permit tcp any eq 3389 anyip access-list extended BULK-DATA-APPSremark ---File Transfer---permit tcp any eq ftp anypermit tcp any eq ftp-data anypermit tcp any any eq ftppermit tcp any any eq ftp-dataremark ---E-mail traffic---permit tcp any any eq smtppermit tcp any any eq pop3permit tcp any any eq 143permit tcp any eq smtp anypermit tcp any eq pop3 anypermit tcp any eq 143 anyremark ---other EDM app protocols---permit tcp any any range 3460 3466permit tcp any range 3460 3466 anyremark ---messaging services---permit tcp any any eq 2980permit tcp any eq 2980 anyremark ---Microsoft file services---permit tcp any any range 137 139permit tcp any range 137 139 anyip access-list extended NET-MGMT-APPSremark - Router user Authentication - Identifies TACACS Control trafficpermit tcp any any eq tacacspermit tcp any eq tacacs anyclass-map match-all VOICEmatch ip dscp ef ! IP Phones mark Voice to EFclass-map match-all INTERACTIVE-VIDEOmatch ip dscp af41 af42 ! Recommended markings for IP/VCclass-map match-any CALL-SIGNALINGmatch ip dscp cs3 ! Call-Signaling markingclass-map match-all ROUTINGmatch ip dscp cs6 ! Routers mark Routing traffic to CS6class-map match-all NET-MGMTmatch ip dscp cs2 ! Recommended marking for Network Managementclass-map match-all MISSION-CRITICAL-DATAmatch ip dscp 25 ! Interim marking for Mission-Critical Dataclass-map match-all TRANSACTIONAL-DATAmatch ip dscp af21 af22 ! Recommended markings for Transactional Dataclass-map match-all BULK-DATAmatch ip dscp af11 af12 ! Recommended markings for Bulk Dataclass-map match-all SCAVENGERmatch ip dscp cs1 ! Recommended marking for Scavenger trafficclass-map match-all BRANCH-MISSION-CRITICALmatch access-group name MISSION-CRITICAL-SERVERSclass-map match-any BRANCH-BULK-DATAmatch protocol tftp ! Identifies TFTP traffic - Retailersmatch protocol nfs ! Identifies NFS traffic - Retailersmatch access-group name BULK-DATA-APPS ! ACL to referenceclass-map match-any BRANCH-TRANSACTIONAL-DATA ! Must use "match-any"match protocol citrix ! Identifies Citrix trafficmatch protocol ldap ! Identifies LDAP trafficmatch protocol telnet ! Identifies Telnet trafficmatch protocol sqlnet ! Identifies Oracle SQL*NET trafficmatch protocol http url "*SalesReport*" ! Identifies "SalesReport" URLsmatch access-group name TRANSACTIONAL-DATA-APPS ! Other Appsclass-map match-any BRANCH-NET-MGMTmatch protocol snmp ! Identifies SNMP trafficmatch protocol syslog ! Identifies Syslog trafficmatch protocol dns ! Identifies DNS trafficmatch protocol icmp ! Identifies ICMP trafficmatch protocol ssh ! Identifies SSH trafficmatch access-group name NET-MGMT-APPS ! Other Network Management Appsclass-map match-any BRANCH-SCAVENGERmatch protocol napster ! Identifies Napster trafficmatch protocol gnutella ! Identifies Gnutella trafficmatch protocol fasttrack ! Identifies KaZaa (v1) trafficmatch protocol kazaa2 ! Identifies KaZaa (v2) traffic!policy-map BRANCH-LAN-EDGE-INclass BRANCH-MISSION-CRITICALset ip dscp 25class BRANCH-TRANSACTIONAL-DATAset ip dscp af21 ! Transactional Data apps are marked to DSCP AF21class BRANCH-NET-MGMTset ip dscp cs2 ! Network Management apps are marked to DSCP CS2class BRANCH-BULK-DATAset ip dscp af11 ! Bulk data apps are marked to AF11class BRANCH-SCAVENGERset ip dscp cs1 ! Scavenger apps are marked to DSCP CS1policy-map BRANCH-WAN-EDGEclass VOICEpriority percent 18 ! Voice gets 552 kbps of LLQclass INTERACTIVE-VIDEOpriority percent 15 ! 384 kbps IP/VC needs 460 kbps of LLQclass CALL-SIGNALINGbandwidth percent 5 ! Minimal BW guarantee for Call-Signalingclass ROUTINGbandwidth percent 3 ! Routing class gets 3% explicit BW guaranteeclass NET-MGMTbandwidth percent 2 ! Net-Mgmt class gets 2% explicit BW guaranteeclass MISSION-CRITICAL-DATAbandwidth percent 15 ! Mission-Critical class gets min 15% BW guaranteerandom-detect ! Enables WRED on Mission-Critical Data classclass TRANSACTIONAL-DATAbandwidth percent 12 ! Transactional-Data class gets min 12% BW guaranteerandom-detect dscp-based ! Enables DSCP-WRED on Transactional-Data classclass BULK-DATAbandwidth percent 4 ! Bulk Data class gets 4% BW guaranteerandom-detect dscp-based ! Enables DSCP-WRED on Bulk-Data classclass SCAVENGERbandwidth percent 1 ! Scavenger class is throttledclass class-defaultbandwidth percent 25 ! Default class gets min 25% BW guaranteerandom-detect ! Enables WRED on the default classpolicy-map BRANCH-LAN-EDGE-OUTclass class-defaultinterface Serial0/0/1:0description T1 to SERVICE PROVIDERframe-relay traffic-shapingmax-reserved-bandwidth 100 ! overrides the default 75% BW limitinterface Serial0/0/1:0.1 point-to-pointdescription PVC CONNECTION TO DATACENTERframe-relay interface-dlci 201class fr_qosmap-class frame-relay fr_qosframe-relay fragment 160frame-relay traffic-rate 1536000 1536000frame-relay adaptive-shaping becnservice-policy output BRANCH-WAN-EDGE
interface VlanXXdescription POSno service-policy input set_priorityservice-policy output BRANCH-LAN-EDGE-OUTservice-policy input BRANCH-LAN-EDGE-INMulticast Implementation
Enabling multicast across the enterprise allows retailers to minimize the impact of bandwidth-consuming applications such as IPsession. The multicast service allows IPsession to send a multicast stream to the desired stores rather than unicasting an audio stream to each individual phone at each individual store.
1. Multicast routing was enabled across all routers using the following:
ip multicast-routing Enables the router to route multicast traffic
2. All routers were configured to use the loopback 0 interface of RCORE-1 as the PIM rendezvous point because it is centrally located, configured on a highly available chassis, and loopback interfaces do not fail. PIM Sparse-Dense mode was selected for its flexibility in supporting multicast applications. Every router had the following statement configured.
ip pim rp-address 192.168.1.10 192.168.1.10 is the loopback 0 interface of RCORE-1
3. IP PIM Sparse-Dense Mode was used to enable interfaces that were needed to participate in the multicast domain.
!interface Vlan45description VOICE SERVICESip pim sparse-dense-mode Enables interface to receive/send multicast traffic!On the WAN interfaces of the WAN-facing routers, a multicast filter was applied to protect the enterprise from rogue multicast applications consuming valuable WAN bandwidth.!ip access-list standard BlockMLocalpermit 225.3.15.0 0.0.0.255 Creates a standard access list that only permits the multicast addressing allowed for the IPsession Appliance.interface Serial1/0.1 point-to-pointip pim sparse-dense-modeip multicast boundary BlockMLocal Filters unauthorized multicast traffic from traversing the WAN. This statement stops bi directional traffic and needs to be applied on both sides of the WAN connection.!Refer to Appendix A—Configurations for more configurations.
Security
Table 8 lists the ports and protocols used by the Cisco Unified Communications Store Employee Dashboard solution.
Testing
Test Plan
The testing of the Cisco Unified Communications Store Employee Dashboard solution included the creation of several users representing store employees, managers, directors and administrators. Using the existing Retail store architectures, three stores were created in the IPsession application. The small, medium, and large stores were assigned unique store numbers, 1100, 1200 and 1300 respectively. These items represent a real-world retail environment that was used to perform the application feature tests described below.
Testing Steps
The testing of the Cisco Unified Communications Store Employee Dashboard solution was divided into sequential steps. The following list comprises the tests that were performed:
•Create store schedule from manager PC.
•Create store schedule from IP Phone.
•Employee time-off requests appear and employee cannot be scheduled.
•Export schedule to Excel spreadsheet.
•Employee clocks in/out at scheduled time for shift from IP Phone.
•Employee clocks in late or does not clock in at all for scheduled shift from IP Phone. System notifies store supervisor.
•Employee clocks in for non-assigned shift from IP Phone. Logged in system for manager approval.
•Store manager approves/rejects non-assigned shift clock in.
•Employee requests time off from IP Phone.
•Store manager approves/rejects time off request.
•Store employee is notified of approval/rejection of time-off request.
•Store director records announcement message.
•Employee listens to announcement message of the day.
•Store manager schedules task alert from web interface.
•Employee receives task alert at scheduled time from IP Phone.
•Employee confirms completion of task.
•Employee fails to confirm completion of task and store manager is notified of non-completion of task.
•District supervisor notified of a non-completed task.
•Store manager requests shift to be filled. System calls out to local stores and/or employees with automated message.
•Available store and/or employee receives message containing shift information and is instructed to contact requesting store manager if shift can be filled.
•Store supervisor enters daily deposit total into IP Phone.
•District supervisor retrieves daily deposit report from system.
Test Results
All of the tests were completed satisfactorily. The following items were noted when building the test environment and executing the prescribed tests:
1. Cannot delete stores or rename them via the Management interface. To remove/rename a store, obtain a script from IPcelerate or edit the database directly.
2. A space should not be used when creating the store name; this caused an improper display of store names to select from when searching on the phone.
3. Users can only identify themselves to the application with their employee ID number. The use of passwords or a PIN number is not available at this time. This could be perceived as a poor security practice. The design intention with this feature of the application, use of only employee ID number, was for user convenience. This has been reported as being sufficient for current customers. IPcelerate supports development of an ID/PIN arrangement, if needed.
4. When submitting a blank shift name, the subsequent shift selections listed on phones for managers are by ID number instead of using the friendlier shift name. IPcelerate intends to modify this search result in a future revision.
5. Automated escalation and shift request calls are created using text to speech. The mechanical voice is difficult to understand in noisy environments. There are no configuration settings to modify this behavior or selected voice.
6. You must create a default dashboard and assign it in the server configuration or no menu will be displayed when accessing phone services.
7. Phones need to be assigned to stores for automated services to function properly; the included procedures do not clearly outline these steps.
8. There was no confirmation after creating the message of the day (MoD) announcement. The system disconnects when you press # upon completion of your recording, but the message records and executes correctly.
9. On the Employee Dashboard screen, the MoD is listed as "Announcements", not "Message of the Day".
10. District supervisor notification of non-completed tasks requires configuring the login name (not the Employee ID) of the person to be notified. This occurs in the retail module configuration section and only one ID is configurable for the entire enterprise.
Performance
Network bandwidth utilization for task alert and clock-in for a single phone are depicted in Figure 8 and Figure 9, respectively.
Figure 8 Task Alert with Multicast Audio Stream
Figure 9 Clock-In from Single Phone
Summary and Recommendations
The Cisco Unified Communications Store Employee Dashboard solution successfully performed as a distributed common interface for employees and management to document daily attendance, schedule vacation, track store functional tasks and escalations, collect and report daily deposit information, and automate shift coverage requests to other stores.
Traditional monochromatic displays are often difficult to interpret, but this application is simple and intuitive. The lab testers found, in contrast, that the application icons were easily readable and user friendly due to the color displays. The touch screen interface made accessing and using the application straight forward.
When using the phone interface, employees and managers could only identify themselves with their employee ID number. The application's internal user database supports passwords and PINs, but could not be used by the phone interface. This is a poor security practice and could allow a malicious employee to manipulate other manager/employee information because employee IDs are often standardized or accessible in existing company documentation. IPcelerate would support development of an ID/PIN arrangement if needed. The PC-based web user interface authenticates users through user IDs and passwords, which is a better security practice.
The automated calls and task escalations were performed using a mechanical text-to-speech voice that was hard to understand in noisy environments. A substantial amount of bandwidth is consumed when listening to announcements and automated calls because the IPsession application uses the G.711 codec. A deployment model leveraging QoS/multicast is critical to the successful implementation across a retail network.
The IPcelerate IPsession application used in the Cisco Unified Communications Store Employee Dashboard solution demonstrates the additional value that can be achieved with an IP phone deployment in contrast to traditional PBX systems.
Appendix A—Configurations
QoS
All STORES
ip access-list extended MISSION-CRITICAL-SERVERSremark ---POS Applications---permit ip any 192.168.52.0 0.0.0.255ip access-list extended TRANSACTIONAL-DATA-APPSremark ---IPcelerate Application---
permit ip host 192.168.46.92 any
permit ip 225.3.15.0 0.0.0.255 any
permit ip any host 192.168.46.92
permit ip any 239.192.0.0 0.0.0.255
permit ip any host 239.255.255.250
ip access-list extended BULK-DATA-APPSremark ---File Transfer---permit tcp any any eq ftppermit tcp any any eq ftp-dataremark ---E-mail traffic---permit tcp any any eq smtppermit tcp any any eq pop3permit tcp any any eq 143remark ---other EDM app protocols---permit tcp any any range 3460 3466permit tcp any range 3460 3466 anyremark ---messaging services---permit tcp any any eq 2980permit tcp any eq 2980 anyremark ---Microsoft file services---permit tcp any any range 137 139permit tcp any range 137 139 anyip access-list extended NET-MGMT-APPSremark - Router user Authentication - Identifies TACACS Control trafficpermit tcp any any eq tacacspermit tcp any eq tacacs anyclass-map match-all VOICEmatch ip dscp ef ! IP Phones mark Voice to EFclass-map match-all INTERACTIVE-VIDEOmatch ip dscp af41 af42 ! Recommended markings for IP/VCclass-map match-any CALL-SIGNALINGmatch ip dscp cs3 ! Call-Signaling markingclass-map match-all ROUTINGmatch ip dscp cs6 ! Routers mark Routing traffic to CS6class-map match-all NET-MGMTmatch ip dscp cs2 ! Recommended marking for Network Managementclass-map match-all MISSION-CRITICAL-DATAmatch ip dscp 25 ! Interim marking for Mission-Critical Dataclass-map match-all TRANSACTIONAL-DATAmatch ip dscp af21 af22 ! Recommended markings for Transactional Dataclass-map match-all BULK-DATAmatch ip dscp af11 af12 ! Recommended markings for Bulk Dataclass-map match-all SCAVENGERmatch ip dscp cs1 ! Recommended marking for Scavenger trafficclass-map match-all BRANCH-MISSION-CRITICALmatch access-group name MISSION-CRITICAL-SERVERSclass-map match-any BRANCH-BULK-DATAmatch protocol tftp ! Identifies TFTP traffic - Retailersmatch protocol nfs ! Identifies NFS traffic - Retailersmatch access-group name BULK-DATA-APPS ! ACL to referenceclass-map match-any BRANCH-TRANSACTIONAL-DATA! Must use "match-any"match protocol citrix ! Identifies Citrix trafficmatch protocol ldap ! Identifies LDAP trafficmatch protocol telnet ! Identifies Telnet trafficmatch protocol sqlnet ! Identifies Oracle SQL*NET trafficmatch protocol http url "*SalesReport*" ! Identifies "SalesReport" URLsmatch access-group name TRANSACTIONAL-DATA-APPS ! Other Appsclass-map match-any BRANCH-NET-MGMTmatch protocol snmp ! Identifies SNMP trafficmatch protocol syslog ! Identifies Syslog trafficmatch protocol dns ! Identifies DNS trafficmatch protocol icmp ! Identifies ICMP trafficmatch protocol ssh ! Identifies SSH trafficmatch access-group name NET-MGMT-APPS ! Other Network Management Appsclass-map match-any BRANCH-SCAVENGERmatch protocol napster ! Identifies Napster trafficmatch protocol gnutella ! Identifies Gnutella trafficmatch protocol fasttrack ! Identifies KaZaa (v1) trafficmatch protocol kazaa2 ! Identifies KaZaa (v2) traffic!policy-map BRANCH-LAN-EDGE-INclass BRANCH-MISSION-CRITICALset ip dscp 25class BRANCH-TRANSACTIONAL-DATAset ip dscp af21 ! Transactional Data apps are marked to DSCP AF21class BRANCH-NET-MGMTset ip dscp cs2 ! Network Management apps are marked to DSCP CS2class BRANCH-BULK-DATAset ip dscp af11 ! Bulk data apps are marked to AF11class BRANCH-SCAVENGERset ip dscp cs1 ! Scavenger apps are marked to DSCP CS1policy-map BRANCH-WAN-EDGEclass VOICEpriority percent 18 ! Voice gets 552 kbps of LLQclass INTERACTIVE-VIDEOpriority percent 15 ! 384 kbps IP/VC needs 460 kbps of LLQclass CALL-SIGNALINGbandwidth percent 5 ! Minimal BW guarantee for Call-Signalingclass ROUTINGbandwidth percent 3 ! Routing class gets 3% explicit BW guaranteeclass NET-MGMTbandwidth percent 2 ! Net-Mgmt class gets 2% explicit BW guaranteeclass MISSION-CRITICAL-DATAbandwidth percent 15 ! Mission-Critical class gets min 15% BW guaranteerandom-detect ! Enables WRED on Mission-Critical Data classclass TRANSACTIONAL-DATAbandwidth percent 12 ! Transactional-Data class gets min 12% BW guaranteerandom-detect dscp-based ! Enables DSCP-WRED on Transactional-Data classclass BULK-DATAbandwidth percent 4 ! Bulk Data class gets 4% BW guaranteerandom-detect dscp-based ! Enables DSCP-WRED on Bulk-Data classclass SCAVENGERbandwidth percent 1 ! Scavenger class is throttledclass class-defaultbandwidth percent 25 ! Default class gets min 25% BW guaranteerandom-detect ! Enables WRED on the default classpolicy-map BRANCH-LAN-EDGE-OUTclass class-default!map-class frame-relay fr_qosframe-relay fragment 160frame-relay traffic-rate 1536000 1536000frame-relay adaptive-shaping becnservice-policy output BRANCH-WAN-EDGE!interface FastEthernet x.xdescription DATA LAN interfaces NOT VOICEservice-policy input BRANCH-LAN-EDGE-IN ! Marks Data on ingressinterface serial 0/0.xdescription T1 to Datacentermax-reserved-bandwidth 100 ! overrides the default 75% BW limitservice-policy output BRANCH-WAN-EDGEMulticast
Data Center
RCORE-1
ip multicast-routingip pim bidir-enable!interface Loopback0ip pim sparse-dense-mode!interface Vlan42descriptionip pim sparse-dense-mode!interface Vlan45description Voice Servicesip pim sparse-dense-mode!interface Vlan46descriptionip pim sparse-dense-mode!interface Vlan101descriptionip pim sparse-dense-mode!interface Vlan104descriptionip pim sparse-dense-modeip pim bidir-enableip pim rp-address 192.168.1.10RCORE-2ip multicast-routing!interface Vlan102descriptionip pim sparse-dense-mode!interface Vlan103descriptionip pim sparse-dense-mode!ip pim rp-address 192.168.1.10No active Sources on Core 2WAN Routers
RWAN-1
ip multicast-routinginterface GigabitEthernet0/0ip pim sparse-dense-mode!interface GigabitEthernet0/1ip pim sparse-dense-modeinterface Serial1/0.1 point-to-pointip pim sparse-dense-modeip multicast boundary BlockMLocal!!interface Serial1/0.2 point-to-pointip pim sparse-dense-modeip multicast boundary BlockMLocal!interface Serial1/0.3 point-to-point<none>ip pim rp-address 192.168.1.10ip access-list standard BlockMLocalpermit 225.3.15.0 0.0.0.255RWAN-2
ip multicast-routinginterface GigabitEthernet0/0ip pim sparse-dense-mode!interface GigabitEthernet0/1ip pim sparse-dense-modeinterface Serial1/0.1 point-to-pointip pim sparse-dense-modeip multicast boundary BlockMLocal!!interface Serial1/0.2 point-to-pointip pim sparse-dense-modeip multicast boundary BlockMLocal!interface Serial1/0.3 point-to-point<none>ip pim rp-address 192.168.1.10ip access-list standard BlockMLocalpermit 225.3.15.0 0.0.0.255Small Store
RSMALL-1
ip multicast-routing!interface Serial0/0/0:0.1 point-to-pointdescription RSMALL-1 CONNECTION RSP-1ip pim sparse-dense-modeip multicast boundary BlockMLocal!interface Serial0/0/1:0.1 point-to-pointdescription RSMALL-1 CONNECTION RSP-2ip pim sparse-dense-modeip multicast boundary BlockMLocal!interface Vlan11description POSip pim sparse-dense-mode!interface Vlan13description VOICEip pim sparse-dense-mode!ip pim rp-address 192.168.1.10ip access-list standard BlockMLocalpermit 225.3.15.0 0.0.0.255Medium Store
RMED-1
ip multicast-routing!interface GigabitEthernet0/0.11description POSip pim sparse-dense-mode!interface GigabitEthernet0/0.13description VOICEip pim sparse-dense-mode!interface GigabitEthernet0/0.102description ROUTER LINK TO RMED2 VIA SMED2ip pim sparse-dense-mode!interface GigabitEthernet0/1.101description ROUTER LINK TO RMED-2ip pim sparse-dense-mode!interface Serial0/0/0:0.1 point-to-pointdescription CONNECTION TO RWAN-1ip pim sparse-dense-modeip multicast boundary BlockMLocal!interface Vlan13description VOICEip pim sparse-dense-mode!ip pim rp-address 192.168.1.10ip access-list standard BlockMLocalpermit 225.3.15.0 0.0.0.255RMED-2
ip multicast-routing!interface GigabitEthernet0/0.11description POSip pim sparse-dense-mode!interface GigabitEthernet0/0.13description VOICEip pim sparse-dense-mode!interface GigabitEthernet0/0.102description ROUTER LINK TO RMED2 VIA SMED2ip pim sparse-dense-mode!interface GigabitEthernet0/1.101description ROUTER LINK TO RMED1 VIA SMED2ip pim sparse-dense-mode!interface Serial0/0/0:0.1 point-to-pointdescription CONNECTION TO RWAN-1ip pim sparse-dense-modeip multicast boundary BlockMLocal!interface Vlan13description VOICEip pim sparse-dense-mode!ip pim rp-address 192.168.1.10ip access-list standard BlockMLocalpermit 225.3.15.0 0.0.0.255Appendix B—Network Diagrams
Large Store
Figure 10 Large Store Topology
Medium Store
Figure 11 Medium Store Topology
Small Store
Figure 12 Small Store Topology
Data Center
Figure 13 Data Center Topology
Service Provider
Figure 14 Service Provider Topology
Cisco Validated Design
The Cisco Validated Design Program consists of systems and solutions designed, tested, and documented to facilitate faster, more reliable, and more predictable customer deployments. For more information visit www.cisco.com/go/validateddesigns.
ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, "DESIGNS") IN THIS MANUAL ARE PRESENTED "AS IS," WITH ALL FAULTS. CISCO AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR THEIR APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICAL OR OTHER PROFESSIONAL ADVICE OF CISCO, ITS SUPPLIERS OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARY DEPENDING ON FACTORS NOT TESTED BY CISCO.
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0807R)