About Me

My photo
This is a blog for John Weber. One of my joys in life is helping others get ahead in life. Content here will be focused on that from this date forward. John was a Skype for Business MVP (2015-2018) - before that, a Lync Server MVP (2010-2014). I used to write a variety of articles (https://tsoorad.blogspot.com) on technical issues with a smattering of other interests. I have a variety of certifications dating back to Novell CNE and working up through the Microsoft MCP stack to MCITP multiple times. FWIW, I am on my third career - ex-USMC, retired US Army. I have a fancy MBA. The opinions expressed on this blog are mine and mine alone.

2016/10/15

SfB & Jabber via XMPP & Cisco Express

Much thanks and deep appreciation to Justin O’Sullivan, Cisco dood extraordinaire. (http://www.syferstrategies.com/blog)

Background

Microsoft Skype for Business and Cisco Jabber are, by far, the two most popular IM/P applications for the general business community.  Yes, there are some fringe applications that offer some really good features, and they work well, but for the mainstream business community, it really boils down to either Microsoft SfB or Cisco Jabber.

This is empirically proved by my blog tracking. Since its’ original posting in May of 2013, my #2 most viewed article, month after month, has been http://tsoorad.blogspot.com/2013/05/connecting-lync-2013-and-cisco-jabber.html.

Seeing as how both applications have had several years to mature and evolve, I thought this would be a good time to revisit the entire scenario of connecting the two most popular suites so your business can connect to another to streamline process and communication.

To achieve this lofty goal, I leveraged my SfB lab, which is currently running SfB update to the June 2016 Cumulative Update.  I also leveraged one of my awesome Cisco-centric co-workers, Justin O’Sullivan.  Justin runs a full Cisco lab in the course of his job, and he graciously agreed to burn up his off hours helping create the SfB <-> Jabber federation.

Initial Environment Layout

As stated, my lab is SfB, running a full edge on three IP’s. All SfB components are updated to 6.0.9319.259. (and yes, I know that not all components update to that version, but they are all 6.0.9319, and Microsoft does not update components that have no need to update).

Justin’s Cisco lab is an alphanumeric soup of Expressway C/E Version: 8.8.0, Cisco IM & Presence Version: 10.5.2.22900-2, Cisco UCM Version: 10.5.2.12901-1, & Cisco Jabber Version: 11.7.1.  Whew!

As in the previous Lync-Jabber article, the SfB side is extremely simple, but we’ll step through all the necessary configurations and considerations (with pictures so that Amanda sitting in the back of the class will understand), and then we’ll do the same with the Jabber side.

Skype for Business XMPP setup.

First, make sure that XMPP is enabled in your environment. At the site level and at the Edge Pool level:

imageimage

Personally, I always light up every possible configuration on initial install, so I don’t have to go back and do it again later.  You can just turn things off later, but if you waited until now, you will need to publish the topology when you get done with this step, and then either run step 2 of the deployment wizard on the appropriate servers, or bootstrap the appropriate servers so that the necessary bits are turned on to make this work.

Next, you need to head off for your Control Panel.  I suppose you could also do this next piece from PowerShell, but I like GUI when I can GUI.

Inside CSCP (yes, still called that) go to your Federation and External Access tab on the left, and check your External Access Policy.  Make sure the “Enable communications with XMPP federated users is checked.

image

Now go to the XMPP Federated Partners and setup a partner as shown.

image

Get yourself an admin PowerShell window open on your server and do get-csxmppallowedpartner so you can double-check your work (read your spelling).

image

You might also want to have your dialbackpassphrase set.  Just set it to something easy-peasy.  If I am not too mistaken, I set this example to “xmppdialback” – if you need a primer on just what this part does, see this.

image

Now, go to your external DNS provider, and get yourself a squeaky clean SRV record:

_xmpp-server._tcp.domain.com or in my case, _xmpp-server._tcp.tsoorad.net.  Port 5269.  In DNS parlance, you want to submit, if you need to, _xmpp-server._tcp.domain.com 0 0 300 5269 sip.domain.com, where the numbers mean 0 weight, 0 priority, TTL 300, port 5269, and a target of sip.domain.com.  An NSLOOKUP from the world should reveal something that looks a lot like this:

image

Set your firewall to allow port 5269 inbound and outbound from your Edge server (or servers).  At this point, I can expect things to work from the SfB side of life.

And now the fun (?) begins

As a preface, Justin worked through this one time, but it took a few server restarts before he could convince his system to operate as expected.  Neither of us could figure that out but, what the heck, eh?

Reference Material Used:

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-5/XMPP-Federation-with-Cisco-Expressway-and-IM-and-Presence-Service.pdf

Expressway C/E Version: 8.8.0

Cisco IM & Presence Version: 10.5.2.22900-2

Cisco UCM Version: 10.5.2.12901-1

Cisco Jabber Version: 11.7.1

JabberID = sAMAccountName@domain.com

In this example, we will be configuring external XMPP federation using the Cisco Expressway solution as opposed to the IM&P based XMPP federation option. When deploying external XMPP federation, you must choose one or the other and not both. Verify the service is correctly enabled on the selected option (Expressway) and disabled on the other (IM&P).

Service disabled on CUPS/IM&P

clip_image002

clip_image004

Follow the certificate requirements as per Cisco documentation.

Add the local domains to the Expressway-C server and verify XMPP Federation is set to “On”:

Navigate to Configuration > Domains

clip_image006

clip_image007

On the Expressway-E, further enable the XMPP federation settings as below:

Navigate to Configuration > Unified Communications > Configuration

clip_image009

Notes:

1. In our example, we are not using TLS as depicted above

2. If in use, the Dialback Secret must be the same on other Expressways in the domain

XMPP DNS Records

For foreign systems to resolve/authenticate your domain correctly, set up the below SRV record for XMPP services:

_xmpp-server._tcp.{domain} (priority) (weight) (port 5269) (Target Host)

(e.g. _xmpp-server._tcp.syferstrategies.com 0 0 5269 expe.syferstrategies.com)

Group Chat Records

For group chat node DNS resolution to work properly with federated domains, configure the below external SRV records:

_xmpp-server._tcp.{chatnode}.{domain} (priority) (weight) (port 5269) (Target Host)

(e.g. _xmpp-server._tcp.chatnode1.syferstrategies.com 0 0 5269 expe.syferstrategies.com)

Notes:

1. Alternatively, static routes can be used on the local Expressway if the remote system does not have these DNS records enabled

a. This can be added under Configuration > Unified Communications > Federated Static Routes

Checking XMPP Federation status

Navigate to Status > Unified Communications > XMPP Federation Connections

clip_image010

Jabber Experience

clip_image011

Add the external contact

clip_image012

Enter the IM address of the external contact

clip_image013

New federated contact seen below

clip_image002[1]

 

 

Back to SfB to see how that looks!

image

Summary

We have demonstrated a SfB XMPP configuration then the Cisco Expressway/Jabber configuration. Works great, less filling.  Let the commo begin!

YMMV

No comments:

test 02 Feb

this is a test it’s only a test this should be a picture