We would like to seek an advice for the Expressway Deployment.
The backgrounds are:
- User should login jabber using their email address (@example.com) - Externally Resolved Domain
- CUCM server (not using IMP) is located in @internal.local domain
- SRV record (_cisco-uds) created in the Internal DNS Zone of _tcp.example.com and pointing to CUCM FQDN.
- example.com zone can't be created inside Internal DNS as it will be conflicted with external DNS zone, bank user have access to internet in their computer.
- Expressway-E should be in the external domain (example.com) but because inside Internal DNS can't create example.com zone hence Expressway-C will not be able resolve Exp-E FQDN for UC Traversal Zone.
- The Exp-E will be located in sub-domain of example.com (abc.example.com)
- In the External DNS: _collab-edge._tls.example.com SRV record is there and will point to Exp-E FQDN (expe.abc.example.com)
- In Exp-C Domain Config will be included example.com
- In the Exp-E Certificate will include collab-edge.example.com and abc.example.com as a SAN.
Will this be a working scenario?
Thank you very much.
Thanks for answering.
I would put that as consideration.
Our deployment is only Jabber Phone-only mode via MRA, should it work? (without IM&Presence)
If you are running expressway and jabber 12.5 and above you don't need to create the srv records for example.com in your internal DNS.
When service discovery is performed, and expresswayc can't resolve the record for example.con, it will use the domain of your UDS servers for service discovery...
Thanks for your answer and clarification.
The thing that we have faced is with the Exp-E in example.com and the zone for example.com is not there in the Internal DNS, which Expressway C will look up into for resolving, Exp-C will not be able to resolve the Exp-E FQDN when creating a traversal zone, is there a workaround? I'm thinking to use other domain for Exp-E. While the service domain still use example.com.
Are you using a single or dual NIC deployment. Either way it only will determine where to point the DNS record.
For me, I have internal DNS using an internal structure referencing the EXP-E inside interface, and in Public DNS, a different DNS entry referencing the external interface / NAT. For the Exp-C traversal connection to Exp-E, you are still using the inside interface, so it can still be made to the internal structure, while the outside in will only ever see the Public DNS record or other domain.