4 Terminology DecodeCollaboration Edge: umbrella term describing Cisco’s entire collaboration architecture for edge... features and services that help bridge islands to enable any to any collaboration……collaborate with anyone anywhere, on any device….Collaboration Edge Architecture Core Products includeCisco ExpresswayCUBETDM & Analog GatewaysSRSTIs Jabber VPN-less access Collab Edge?the Collaboration Edge architecture includes VPN-less access for Jabberthis capability is enabled by the Cisco Expressway productspecifically labeled “remote and mobile access” at the feature leveldelivered in the X8.1 software release
6 X8 Product Line Options X8.1 VCS Expressway Specialized video applications for video-only customer base (GK, SIP Proxy, interworking, traversal)For customers that require endpoints to register to VCSGateway 3rd party UC solutions (Lync, Polycom)Solution designed for and sold exclusively with UCM 9.1 and aboveRemote and mobile access for Jabber and fixed endpointsB2B Video and Audio for UC customersJabber GuestGateway 3rd party UC solutions (Lync, Polycom)VCSNew OfferingExpressway“VCS Control”No Change“VCS Expressway”No Change“Expressway C”Or Core“Expressway E”Or Edge
7 Deployment Simplification UCM with IM&PExpresswayInternetB2BHCSJabberGRemote & Mobile Registration to UCMIM&PVideo and AudioFederationH.3233rd partyInteroperabilityAny-to-Any Interoperability,Remote and Mobile Access, Video ApplicationsCore Call Control& Endpoint RegistrationOne Multiparty Deployment Model** roadmap
8 Cisco Expressway Use Cases Business to BusinessSecure communications with partners, customers & suppliers over the internetOpen, DNS-based URI dialingConsumer to BusinessIntegrated customer relationships re-imaginedJabber GuestCloud ServicesEnterprise flexibility and scalabilityWebEx and TelePresence Together, Service Provider OfferingsRemote and Mobile Worker AccessConsistent user experience outside the corporate networkJabber Mobile, Desktop & TelePresence EndpointsLegacy & 3rd Party Interoperability Investment Protection and return on investmentIP4 to IP6, H.323-SIP, Standards-based 3rd Party VideoPeople want to collaboration from anywhere, with anyone using the workload they need and the device they want in a simple and secure way. These actions should be as simple as a phone call or as secure as sending an . Yet today, rich media collaboration is not universal, and found only within islands.For example, typically, rich media collaboration is confined to an enterprise location or to users on the same network or using the same kind of application and/or device. Rich media collaboration often breaks down when employees leave their office or reach out to suppliers, customers or partners who are not using the same systems, networks or devices.Complicating things further is the number of devices (company and employee-owned). Key barriers are:Usability – the technology must be intuitive and simple for end-usersIncompatible or proprietary systems, applications and/or endpointsSecurity and deploy-ability – must be secure and cost-effective to deployThese barriers force people to collaborate at a lower or the lowest common denominator like, using a phone or , despite video or another collaboration mode being more productive and efficient. The opportunity to gain competitive advantages in todays’ challenging economy from stronger, deeper relationships and faster decision making can be lost.What is Cisco Collaboration Edge Architecture?Cisco Collaboration Edge Architecture is a set of features and services that helps enable any to any collaboration. It lays the foundation for our customers, no matter what their size, to collaborate with anyone anywhere, on any device using any workload. Its success relies on simplicity, security and open standards/interoperability to break down barriers between these islands.The Collaboration Edge Architecture supports a broad set of use cases:Remote and Mobile Worker Collaboration – extends and simplifies collaboration outside the corporate network for remote and mobile workers. Allows them to securely collaborate like they are in the office on any device anywhere, without requiring a separate VPN client and connection from your device to the networkB2B and B2C Collaboration – borderless rich media collaboration with outside organizations & consumersIP PSTN & PSTN Connectivity - communicate with anyone via service provider TDM or SIP trunkingIntra-Enterprise Connectivity –extend collaboration services within the enterprise to users on PBXs, IP PBXs and 3rd party devices – even analog devicesCloud Connectivity – seamlessly connect to the cloud and enjoy all of the “any to any” benefits of Cisco premise-based solutionsThese use cases are enabled by products throughout our portfolio to provide the best user experiences and the broadest reach. Products include Cisco Gateways, Cisco Expressway, capabilities within Cisco Unified Communications Manager and Cisco Business Edition , Cisco Unified Border Element (CUBE) to name a few.Cisco UnifiedCommunicationsManagerSeamless User ExperiencesSimple, Secure AccessNo One Left Behind
9 Cisco Jabber Remote Access Options Layer 3 VPN SolutionSecures the entire device and it’s contentsAnyConnect allows users access to any permitted applications & dataUnified CM & applicationsAnyConnect VPNNew OfferingSession-based firewall traversalAllows access to collaboration applications ONLYPersonal data not routed through enterprise networkExpressway Firewall Traversal
12 How Expressway Traversal Works… Enterprise NetworkDMZOutside NetworkInternetUCMExpresswayCFirewallExpresswayEFirewallSignalingMediaExpressway E is the traversal server installed in DMZ. Expressway C is the traversal client installed inside the enterprise network.Expressway C initiates traversal connections outbound through the firewall to specific ports on Expressway E with secure login credentials.Once the connection has been established, Expressway C sends keep-alive packets to Expressway E to maintain the connectionWhen Expressway E receives an incoming call, it issues an incoming call request to Expressway C.Expressway C then routes the call to UCM to reach the called user or endpointThe call is established and media traverses the firewall securely over an existing traversal connection
13 X8.1 Firewall Traversal Capabilities Expanded The X8.1 release delivers 3 key capabilities enabling the Expressway Remote and Mobile Access FeatureXCP Router for XMPP trafficHTTPS Reverse proxyProxy SIP registrations to UCM(details on new firewall port requirements covered later)
14 What can a Jabber client do with Expressway What can a Jabber client do with Expressway? A fully featured client outside the networkAccess visual voicInside firewall (Intranet)DMZOutside firewall (Public Internet)Collaboration ServicesInternetInstant Message and PresenceUnified CMExpresswayCExpresswayEMake voice and video callsLaunch a web conferenceShare contentSearch corporate directory
15 UCM provides call control for both mobile and on-premise endpoints Media Path SummaryMedia Traversal“C” calls “A” on-premiseExpressway solution provides firewall traversal for mediaExpressway C de-multiplexes media and forwards toward “A”UCM provides call control for both mobile and on-premise endpointsBInside firewall (Intranet)DMZOutside firewallMedia Relay“C” calls “B” off-premiseMedia is relayed via Expressway CCollaboration ServicesInternetCUCMExpressway CExpresswayEOptimized Media (roadmap ICE support)“B” calls “D” off-premiseBoth “B” and “D” are ICE-enabledSTUN binding successMedia flows are optimized between endpointsICE support (roadmap) allows for optimized media and also the usage of the TURN server on Expressway E, which is the last resort for ICE candidate negotiationsSIGNALINGDMEDIAA
16 Solution Components: software version requirements Cisco Expressway X8.1 (Dec 2013)Cisco Unified CM 9.1+Cisco Jabber 9.6Cisco TelePresence TC 7.0Note:No support for Cisco Unified CM 8.6ICE (STUN/TURN) support not included in Cisco Unified CM 10.0, on roadmap for 10.5
21 Contact Search Considerations (Cloud based IM&P) Jabber allows for multiple contact source integrationsLDAP Directory sync provides corporate directory to UCMCorporate directory is also exported to WebEx Messenger cloudAll Jabber clients will use WebEx Messenger cloud as a contact source for contact searchInside firewall (Intranet)DMZOutside firewall (Public Internet)Collaboration ServicesInternetUnified CMExpresswayCExpresswayEsyncwebexMessengerLDAP
22 Contact Search Considerations (on-premise IM&P) Jabber allows for multiple contact source integrationsLDAP Directory sync provides corporate directory to UCMUser Data Services (UDS) is a UCM RESTful API allowing for contact search, among other thingsAll Jabber clients connecting via Expressway will use UDS for contact searchJabber clients deployed on- premise will use LDAP for directory searchJabber clients will automatically use UDS for directory search when connecting via ExpresswayThe entire corporate directory needs to be sync’d on every UCM cluster for best contact search experienceInside firewall (Intranet)DMZOutside firewall (Public Internet)UDSCollaboration ServicesInternetUnified CMExpresswayCExpresswayEsyncUDS Scale limitationsLimit of 80K end users in standard UCM database (no hard enforcement within the application)160K w/ BU megacluster team approvalEDI/BDILDAP
23 Expressway Clustering, 4+2 Cluster Expressways for scale and redundancyExpressway Clusters support up to 6 peersExpressway E and C node types cannot be mixed in the same clusterDeploy equal number of peers in Expressway C and E clustersDeploy same OVA sizes throughout clusterExpressway remote access is limited to one customer domain per clusterHowever customers can deploy multiple clusters for the same customer domain
24 Unsupported: Unbalanced Expressway Deployments This model is still supported for traditional VCS Expressway deploymentsBut this is not supported for the new remote and mobile access functionality introduced in X8.1Expressway X8.1remote access requires a Expressway C cluster for each Expressway E clusterOnly one “Remote & Mobile Access” enabled Traversal zone per clusterInside firewall (Intranet)DMZOutside firewall (Public Internet)Collaboration ServicesUnified CMExpresswayCExpressway ECluster AInternetExpressway ECluster B
25 Unsupported: Expressway Chained Traversal This deployment model is often used in environments with heightened security policiesThis model is still supported for traditional VCS deployments, or Expressway deployments do not require the remote and mobile access featureBut this is not supported for the new remote and mobile access functionality introduced in X8.1Only one “Remote & Mobile Access” enabled Traversal zone per clusterInside firewall (Intranet)DMZBDMZAOutside firewall (Public Internet)Collaboration ServicesInternetUnified CMExpresswayCTraversal ClientExpresswayC/ETraversal Server &Traversal ClientExpresswayETraversal Server
26 DNS SRV Records_collab-edge record needs to be available in Public DNSMultiple records can be used to allow for HAA GEO DNS service can be used to provide unique DNS responses by geographic region_cisco-uds record needs be available only on internal DNS (available to Expressway C)_collab-edge._tls.example.com. SRV expwy1.example.com._collab-edge._tls.example.com. SRV expwy2.example.com._cisco-uds._tcp.example.com. SRV ucm1.example.com._cisco-uds._tcp.example.com. SRV ucm2.example.com.
27 Global Deployment Topology & Geo DNS DNS SRV lookup_collab-edge._tls.example.comGeo DNSexpwy.jp.example.comexpwy.us.example.comUSEuropeAsiaSIP TrunkSIP LineExpressway Traversalexpwy.uk.example.comExpresswayedge accessAsia SMESME global aggregationEU SMEUS SMEGeo DNS provides DNS responses based upon src ip addressNo option for remote access session aggregation at SME layerUCM regionalclustersRTPSJCPARLONTKYBGLDFWAMSHKG
29 Expressway Configuration Summary Enable Remote & Mobile Access feature toggle, Configuration > Unified CommunicationsProvide a single IM&P Publisher address and supply admin credentials to discover all IM&P nodes deployed across the EnterpriseProvide UCM Publisher address and supply admin credentials for each UCM clusterExpressway C connects to each Publisher and discovers all cluster nodesNeighbor Zone auto-generated for each UCM nodeSearch Rules auto-generated for each UCM nodeAdd the customer domain as type Unified CMGenerate certificate signing requests and procure CA signed certsConfigure Traversal Zone with Remote & Mobile Access feature enabled
31 Allowed Reverse Proxy Traffic Expressway E server will be listening on TCP 8443 for HTTPS trafficBasic remote & mobile access configuration allows inbound authenticated HTTPS requests to the following destinations on the enterprise networkAll discovered UCM nodes TCP 6970 (TFTP file requests) & TCP 8443 (UDS API)All discovered IM&P nodes TCP 7400 (XCP Router) & TCP (SOAP API)HTTPS traffic to any additional hosts need to be administratively added to the allow listProvides a mechanism to support Visual Voice Mail access, contact photo retrieval, Jabber custom tabs, etc.
32 Reverse proxy usageInitial get_edge_config and internal SRV record request (decrypted)GET /dWNkZW1vbGFiLmNvbQ/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1Authorization: Basic bWR1ZGU6dGhpc3Bhc3N3ZHdpbGxiZXJlc2V0Host: collabedge1e.ucdemolab.com:8443Accept: */*User-Agent: Jabber-Win-472Base64 encoded credentialsBase64 decode = ucdemolab.comSubsequent home cluster discovery request (decrypted)GET /dWNkZW1vbGFiLmNvbS9odHRwcy9jdWNtLXB1Yi51Y2RlbW9sYWIuY29tLzg0NDM/cucm-uds/clusterUser?username=mdude HTTP/1.1Host: collabedge1e.ucdemolab.com:8443Accept: */*Cookie: X-Auth=7f e61f-483a-8620-ed0b5d3792dbUser-Agent: Jabber-Win-472X-Auth tokenBase64 decode = ucdemolab.com/https/cucm-pub.ucdemolab.com/8443Not a general purpose reverse proxy, intended for Cisco clients only!
34 Firewall Port DetailsNo inbound ports required to be opened on the internal firewallInternal firewall needs to allow the following outbound connections from Expressway C to Expressway ESIP: TCP 7001Traversal Media: UDP to 36011XMPP: TCP 7400HTTPS (tunneled over SSH between C and E): TCP 2222External firewall needs to allow the following inbound connections to ExpresswaySIP: TCP 5061HTTPS: TCP 8443XMPP: TCP 5222TURN server control and media: UDP 3478 /Media: UDP to 59999
35 Media Port Range Expansion X8 scalability improvements require a media port range expansionX8 default media Port Range is now UDP – 59999VCS systems upgraded from X7 to X8 will need to manually update port range, Configuration > Local Zone > Traversal Subzone
36 Traversal Media Port Changes Important change for existing VCS customers to understandX7 release included the ability to configure the Expressway Media demultiplexing RTP port and RTCP portUpon upgrading to X8 the traversal media ports are automatically migrated to UDP & 36001Customers will need to coordinate X8 upgrade with firewall port changeNew X8 installs on the Large OVA (or new appliance) will use UDP – 36011, the expanded port range is required to support scalability improvementsConfiguration Removed in X8
37 Client Authentication at the Edge HTTPSClients supplies base64 encoded username and password to authenticate over HTTPS Authorization: Basic bWR1ZGU6dGhpc3Bhc3N3ZHdpbGxiZXJlc2V0Credentials are forwarded to Expressway C and then used to authenticate against UCM, upon determination of the user’s home clusterUpon successful authentication, X-Auth token provided for future HTTPS requests (8 hour lifetime) Cookie: X-Auth=7f e61f-483a-8620-ed0b5d3792dbSIPSIP Digest authentication used to authenticate the users registering on tcp 5061Mutual TLS can be enforced on Expressway E by enabling default zone access rulesOnly client certificate option is LSC from CAPF service on UCM PublisherLSC enrollment with CAPF is not supported over Expressway traversal
38 Edge Server Authentication No matter which client authentication model is deployed, server authentication is always performed by the remote devicei.e. remote Jabber clients and remote endpoints will always validate the Expressway E Server Certificate presented in the TLS handshakeJabber Clients will rely on the underlying platform trusted CA listTelePresence Endpoints will rely on a trusted CA list included in firmwareNo CTL requirement for Edge Server authentication
39 Expressway E Server Certificates Expressway C Server CertificatesExpressway E Server Certificates will need to be signed by 3rd party Public CAPublic CA signed certificates allow Jabber clients and endpoints to validate the server certificate without a CTLNote: Jabber clients with a CTL will not use the CTL to validate Expressway certificateExpressway C server certificates can be signed by 3rd party Public CA or Enterprise CAExpressway C server certificates need to include an extension allowing for client authenticationNo support for wildcard certificatesNo requirement to include Expressway certs in UCM’s CTLX.509v3
40 Expressway Certs and Clustering Set a cluster name (System > Clustering) even when starting with a single nodeGenerate server certificate CSR with Common Name set to “FQDN of VCS Cluster”Build Traversal Server zone with the “TLS verify subject name” set to “Cluster FQDN”
41 Expressway Certificate Signing Request (CSR) Maintenance > Security Certificates > Server CertificateClickto load this page ----->
42 Subject Alternative Name (SAN) requirements Customer’s primary domain required to be included as a DNS SAN in all Expressway E server certificatesPrimary domain as in example.com or cisco.com orDNS X509v3 Subject Alternative Name: DNS:ucdemolab.comThis domain is used for SRV lookups and extracted from hereThis is a security measure that allows clients to verify connections to edge servers authoritative for their domain (RFC 6125)This requirement is consistent with existing UCM IM&P XMPP certificate requirementsMost CAs will allow for this SAN usage, however there may be some resistance from enterprise InfoSec teams
43 Expressway Trusted CA Certificates Trusted CA certificates can now be viewed in either a human-readable, decoded format, or in their raw, PEM format!X8 release will not include the default trusted CA certificate listVCS customers upgrading from X7 or prior should consider purging this list
44 Expressway Trusted CA Certificates Certificate TypeExpressway CExpressway ECommentsPublic CA cert chain used to sign Expressway E certificateRequired to establish Traversal Zone connectionPublic or Enterprise CA cert chain used to sign Expressway C certificateUCM Tomcat certificates or CA chainOnly required when Expressway C configured to use TLS Verify mode on Unified CM discoveryUCM CallManager certificates or CA chainOnly required when UCM is in mixed mode for end to end TLSUCM IM&P Tomcat certificates or CA chainOnly required when Expressway C configured to use TLS Verify mode on IM&P discoveryUCM CAPF certificate(s)Only required when remote endpoints authenticate with LSC certificate
46 Expressway Remote Access from UCM Perspective Remote access provided by Expressway is, for the most part, transparent to UCMThink SIP line integration, versus SIP trunkNo requirement to build a SIP trunk on UCM to VCS Control or ExpresswayRemote Jabber clients or TelePresence Endpoints registering to UCM through Expressway will appear to UCM as Expressway-C IP addressNo remote access policy mechanism to limit edge access to certain Jabber users or devicesThere will be a COP file made available for UCM 9.1 customers deploying Expressway remote and mobile access in production environments, shouldn’t be required for labs or POCs
47 Interaction with existing VCS-C --- SIP trunk --- UCM SIP Trunk can interfere with remote registrationsSIP trunk is not required between VCS and UCM for Expressway Remote Access deploymentHowever, if UCM has an existing SIP trunk configured for VCS-C, UCM will reject any SIP registration attempts from remote Jabber or TP endpoints, as the register method is not accepted on UCM SIP trunk interfaceUpdate UCM SIP trunk security profile to listen on ports other than TCP 5060 or (you could use 5560, 5561, etc.)Port change allows for SIP trunk integration + Expressway remote accessInside firewall (Intranet)DMZOutside firewall (Public Internet)Collaboration ServicesInternetUnified CMVCS ControlVCS ExpresswaySIP Video EndpointsH.323 Video Endpoints
48 UDS Directory SearchAll Jabber clients connecting via Expressway will use UDS for directory search (assuming UCM IM&P deployment)TelePresence endpoints always use UDS for directory searchFor the best contact search experience, all Enterprise Users should be imported into every UCM cluster’s end user tableHome cluster check box needs to be selected on only one cluster for each userUCM clusters support 80K end users, and can scale as high as 160K with BU megacluster approval
49 UCM Bulk Certificate Management Tool used to simplify UCM Cluster certificate exchangeAll Clusters export TFTP (CallManager), Tomcat, and CAPF certificates to central SFTP serverCertificates are consolidated into PKCS12 filesConsolidated set of certificates are then imported to each publisherCisco Certificate Change Notification Service replicates trusted certificates throughout the clusterExport:This step creates a PKCS12 file that contains certificates for all nodes in the cluster.Every participating cluster must export certificates to the same SFTP server and SFTP directory.A cluster must export its certificates whenever the Tomcat, TFTP, CAPF certificate(s) are regenerated on any of its nodes.Consolidate:This step consolidates all PKCS12 files in the SFTP server to form a single file.Only one of the participating clusters needs to perform consolidation.If new certificates are exported after they are consolidated, consolidation needs to be performed again to pick up the newly exported certificates.Import:This step imports the consolidated PKCS12 files from the SFTP server into the local cluster.All clusters should re-import when any participating cluster makes an export.Perform import after a central administrator consolidates the certificates.SFTP Server
51 New Compute Platforms for X8 Specs BasedVirtual Machine SupportAppliance SupportExisting VCS ApplianceCE 500CE 1000OVA SizevCPUReserved RAMDisk SpacevNIC(s)Small2 x 1.8 GHz4GB132GB1GbMedium2 x 2.4 GHz6GBLarge8 x 3.3 GHz8GB10GbNew OfferingsNew appliances based on UCS C220 M3Bare metal – no hypervisorFixed configurations for high and low end deploymentSolution for customers with security policies that do not allow VMware in the DMZCE500 Single components, 1Gbps interfacesCE1000 Redundant components, 1 or 10Gbps interfacesTarget FCS Q1 CY2014
52 Expressway X8 Scalability Targets ServerClusterPlatformProxied RegistrationsVideo CallsAudio Only CallsLarge OVA /CE10005,0005001,00020,0002,0004,000Medium OVA2,50010020010,000400800Small OVA (BE6K)N/ACurrent VCS Appliance
54 How will all of this be licensed? Fixed and Mobile Users at no additional costMobile and Fixed Endpoint registrationIM & PresenceVideo and Audio Media SessionsNo Cost with UCM 9.xNo Additional Cost for Virtual EditionExpresswayCExpresswayEInternetUCM 9.1Business to Business – Concurrent SessionsBusiness to Business Video and Audio Media SessionsExpressway Rich Media Session $1500 a la carte
55 Existing VCS Customers and Expressway Existing VCS X8.1 customers with UCM 9.1+Interested in deploying Remote and Mobile AccessOption #1 – Deploy Expressway (Recommended)Deploy new Expressway C and E servers on VMware at no costLeverage Investment Protection Programs:Traversal calls purchased on VCS E are converted to Expressway Rich Medial SessionsNon-traversal calls purchased on VCS C are converted to UCLRemaining H.323 endpoints continue to register to VCS (converted calls remain)Option #2 Use existing VCS X8.1 deployment (Transitional)Enable “Remote and Mobile Access” on VCSLicense consumption based off of existing VCS licensing structure (e.g. traversal and non traversal calls)Scale capacities are based on documented VCS capabilities for appliance and virtual VCSOnly applies to existing VCS customersOver long term, it is recommended that customers migrate to ExpresswayRemote & Mobile access for Jabber and TP endpoints (registering to UCM) available on VCS product line on a trial basisNo option key required to enable this featureProvides existing customers ability to trial new feature on existing infrastructureCustomers encouraged to deploy Expressway for production deploymentsFuture VCS software release will remove this trial feature capability
56 Migrating Services from VCS to Expressway Add _collab-edge SRV to Public DNSUpdate _sip, _sips, _h323 SRV records to resolve to Expressway EDeploy Jabber GuestTrunk MCU to UCM or Expressway CB2B Video SIP & H.323 (inbound & outbound)Cisco Jabber Video for TelePresence RegistrationCisco TelePresence Endpoints (TC) RegistrationWebEx Enabled TelePresence (outbound)Collaboration ServicesUCMVCS-CVCS-ECisco Jabber RegistrationCisco TelePresence Endpoints (TC) RegistrationJabber Guest (inbound)B2B Video SIP & H.323 (inbound & outbound)WebEx Enabled TelePresence (outbound)ExpresswayCExpresswayE
58 Competitive Positioning: MSFT Lync 2013 IssueMSFT claimCisco PositionCostIt’s freeAttack: There are significant acquisition costs for MSFT Edge architecture (as much as $20-40K). These costs include servers, load-balancers, server software, etc. Cisco has included Collaboration Edge functionality in UCL enhanced, CUWL Standard and CUWL Pro for UCM 9.1 and aboveAdoption of H.264 SVCEverything else is legacyAttack: SVC is a small piece of the puzzle. MSFT can’t talk to existing technology without Cisco. Any IT strategy which introduces new technology should always include a plan for interop.VPN-less architectureNo need for clunky old VPN. Cisco doesn’t get it – they just want to sell you network.Attack: Don’t concede this point. First VPN has applicability, and should be used in certain cases. Second, Cisco has had a TLS based architecture for this application since about 2007.Mobile Supportsupports Windows Phone, iOS, and Android devices – IM, “Lync call” and “one touch” Lync meetingNeutralize: Jabber leverages common call control, video codec, and cross-platform libraries to create consistent collaboration features on all it’s platforms.Alpha-numeric URI…rather than an [old] phone numberNeutralize: UCM and Expressway are fully alpha-numeric compatibleSSO w/ADNeutralize: SAML-based SSO mandated across all CTG infrastructure. See roadmapFederation w/SkypeLync presence, IM, and peer-to-peer voice w/Skype usersNeutralize: No video support. Also, interop requires potentially costly 3rd party provider.
59 Cisco Jabber Guest (Project Name: JabberC) November 2013
60 Jabber Guest – Public-to-Enterprise Communications UC/video sessions into businesses … from desktop browsers, mobile clientsInitiate from public web sites, mobile applications & URLs, e.g.Calls to individual employees, remote experts / customer careSDKs for Web & mobile app integrationRelease planned for Q4CY13/Q1CY14* Images for illustration purpose only. Final UI subject to change.
61 Cisco Jabber: Leading User Experience Across Broadest Range of Platforms, Devices … Enterprise & Guest UsersDesktopTabletSmartphoneWebNEW PRODUCT – Jabber Guest …Jabber for public to enterprise calls from desktop browsers & mobile devicesPROOF of CONCEPT …Web version of Jabber for enterprise usersEnterprise UsersNo support for VCS registered end-pointsAnother unique differentiator of Jabber is that it works on such a broad range of platforms, browsers, and devices. You get broad capabilities and a consistent experience across leading platforms and devices, including PCs, Macs, tablets (e.g. iPad, Cius) and smart phones (iPhone, Android, Blackberry).You get a rich collaboration experience from anywhere and can choose when, how, and on what device to interact. People want flexibility in how they work with a user experience that is intuitive, uncomplicated and consistent across devices. Cisco believes this is accomplished only with a unified architectural approach in which our Collaboration suite in a common user interface hosted on a network that is media-ready. The result is the right communication experience for the task at hand. Providing capabilities that span Presence, IM, voice, video, conferencing across different devices lets users choose the right communications experience for the task at hand.Consistent user-interface and experience across devices and features, spend more time collaborating and less time learning “how to”. This leads to increased adoption across the collaboration portfolio and better/faster ROI.By running on a wide range of devices and platforms, Cisco Jabber (and WebEx) lets organizations address new BYOD device ownership models, where employees want to use enterprise apps on their personal devices. Leading organizations support multiple platforms, browsers, and devices because that’s what their brightest and best want.With the Cisco Jabber Software Development Kit (SDK), you can integrate Cisco Unified Communications capabilities into any web application-easily and quickly. Application developers, customers, and partners alike can take advantage of this powerful SDK to incorporate voice, video, instant messaging (IM), presence, voice messaging, and conferencing capabilities. Use the power of the web browser to connect, communicate, and collaborate within your line of business application or web portal. You'll save time, streamline workflows, and increase workforce collaboration and productivity.Via Jabber SDK Today
62 What is Jabber Guest? Guest/Public User Enterprise User ** TRIAL AVAILABLE TODAY ** Currently in Beta, available from Collaboration User Group (CUG) … details in slide notesJabber Guest connects consumers and other non- Cisco telephony users with Cisco enterprise registered users via simple browser & mobile voice and videoGuest/Public UserEnterprise UserThe JabberC Beta trial is being hosted in the private Collaboration User Group community space.You must join the Collaboration User Group first if you haven’t already, and then you will have access to the private Collaboration User Group where you can register for the Project JabberC Beta.Getting Started1. Please go to the Cisco Collaboration User Group public landing page <https://communities.cisco.com/community/technology/collaboration/usergroups?view=overview> and sign in with your CCO/cisco.com account2. If you are not currently a Collaboration User Group member, click on the link titled “Click here for step by step instructions. It’s easy and free!”. Follow the instructions to join the user group. 3. After joining, click on the link “Go to the private community to participate”4. Once you are in the Private - Collaboration User Group space, scroll down to the Beta Trials section and choose the “Project JabberC Beta”5. Read the Requirements and Register for the BetaAfter completing the Beta registration, you will have immediate access to the private JabberC Beta community.*Non Cisco Employees Please allow business days for the team to configure your access to the software download server. You will be notified via when you have access to the software.
63 Jabber Guest Experience Screenshot from Beta AppPoint to Point VideoPoint to Video ConferencePre-Call video previewMid-Call controlKeypadMute Audio/VideoFull-ScreenCamera/ Audio device SelectionSelf-ViewSDK’s to embed app in business applications (desktop Web & mobile native applications)WebRTC-compatible call controlFor media, browser plugin (desktop Web) & native apps (mobile)Future – WebRTC for mediaURI or DN
67 Targeted Capabilities in First Release Subject to ChangeClientMobile – iPhone, iPad (in App Store)Web – Windows (IE, Chrome, Firefox), pluginWeb – Mac (Safari, Chrome, Firefox), pluginCall initiation via Web linksVideo call to CUCM endpoints (or VCS endpoints via CUCM-VCS SIP trunk)Firewall/NAT traversal via Collaboration Edge X8.1, TURN & reverse proxyIn-call: Mute, DTMF, Video Start/Stop, Full Screen, EndFar-end transfers, forwardsAudio-only modePre-call confirmation page with video previewAudio/video device selectionVideo bridge supportBandwidth & CPU adaptationWeb app “white list” securityProblem reportingSRTP, HTTPS call controlH.264 AVC, G.722.1, G.711, G.729LocalizationsAccessibility (basic)SDKiOS – with sample app codeWeb – with widgetREST API on server for link managementServerVirtual machine (OVA) with Web serverHTTP-to-SIP gatewayAdministration interface, including link managementClustering, redundancyCollaboration Edge X8.1 integrationCTX interoperability, including meeting DN supportSolutionRemote Expert 1.9SPT 1.3NOTE: Android app and SDK targeted for release in MR1 … available sooner in beta
68 Targeted Requirements Subject to ChangeJabber Guest Virtual Machine (OVA) *RAM: 3GBCPU: 2 logical CPU’s with 1 core per CPUStorage: 100GBOS: Centos bitCPU and memory resource allocation are not defined, and are set to default values at the time of deployment.Mobile Native SupportSeptember 2013 – iOS & Android clients added to EAPPurpose-built Jabber Guest mobile clientsNovember 2013 – iOS & Android SDKs to EAP10.0 FCS: iOS ... iPhone 4S or later, iPad 2 or later … iOS 6.1 or laterAndroid FCS 10.x: Q1 CY Samsung S4/S3/S2, Note II … Android 4.0+Cisco ExpresswayX8.1Desktop Browser SupportCurrently in EAP … purpose-built client & SDKChrome 18+, Firefox 10+, IE 8+ (32-bit only, IE 11 TBD) – Windows Vista+Chrome 18+, Firefox 10+, Safari 5+ – Mac OS X 10.7 and laterCisco Unified Communications ManagerTargeting 8.6 or later … worst case 9.x or later* Subject to change pending final performance testing.
70 Call URL Configuration Administrator configured URLURL string, call destination, caller name, callee name, active time, etcSome examples:URI Dialling:8-Digit DN:Custom:Server-side RESTful API for programmatic URL managementAdministrator may configure URL structure for desktop browser as well as mobile“Ad-hoc” calling maybe used for a more open approach
71 Remote Expert & Jabber Guest HomeInternetDMZEnterpriseExpressway EdgeExpressway CoreReverse Proxy integrated for X8.1Jabber GuestRemote Expert & Jabber Guest …Video on Hold via MediaSenseWide variety of remote users catered for using Jabber GuestRich Video experience, including HDUC System 10.0
73 Key Take AwaysCisco Expressway is the evolution of VCS, specifically targeting UCM (9.1+) customersCisco Expressway bridges the gap between the internet and UCM, deliveringVPN-less access for JabberB2B VideoJabber GuestWebEx Enabled TelePresenceThe two biggest deployment challenges will likely be DNS and certificates…understand the solution requirements and begin working through these sooner than later with your customersJabber Guest provides easy B2B and B2C deployments