07-19-2017 01:12 AM - edited 03-18-2019 01:18 PM
In our existing sytem we have MCU, TCS 5.5 ,VCS-C and C20&SX20 Endpoints. Now we want to replace MCU with CMS, Since its my first deployment i need few clarification on this:
1) I need to create a Zone between CUCM and CMS , is it right ?
2) Create a Rendezvous escaltion between vcs and CMS?
3) I need to how the recording is happening in TCS Server in existing setup ?
4) In the new setup do i need to configure anything for CMS on recording ?
5) I am plan to use default certifcate ?
6) Customer dont have AD , will it be a issue?
7) How to configure Meeting APP with local user configuring CMS?
07-19-2017 02:44 AM
[@paradkar.prasad]
07-19-2017 05:12 AM
Create the zone with the following:
H.323 Mode = Off.
SIP Mode = On
SIP Port = 5060 (5061 if using TLS)
SIP Transport = TCP or TLS, as appropriate
SIP Accept Proxied Registrations = Allow
Authentication Policy = Treat as authenticated
SIP Authentication Trust Mode = Off
Peer 1 Address = the IP address of the Call Bridg
2> Create a VCS search rule:
3>Make sure you have a cospace created on the CMS
4>Ad a dial-plan rule on the meeting server
=============================================================
TCS recording will be a vast part to explain here. Please go through the below link.
http://www.cisco.com/c/en/us/td/docs/telepresence/tcs/5_0/administration/guide/tcs_5_0/recording_aliases.html
=============================================================
CMS Recording
It wil lrequired a seperate licence. It is recomended to have a seperate VM for recording with minimum specs of 4 vCPU and 4GB. which simultaneous support 8 recordings.
To get the licences u ll required the number simultaneous recordings and the mac address of interface A for the call bridge (core)
==============================================================
To use the cisco meeting app you will required the AD or LDAP server. If customer dont have it you need to deploy one.
07-22-2017 05:15 AM
Thanks Prasad,
Can't we create users locally for Logging in CMS App. Without AD?
07-23-2017 11:33 PM
All of the Cisco Meeting Apps (Windows, OS X, iOS, and WebRTC) use the XMPP Server on the Cisco Meeting Server for login. When you perform an AD sync to populate users, user names and the domain you chose on the import filter are imported and saved locally. Then when a user logs in, the Meeting Server queries AD for password verification; it does not store these AD passwords.
===================================================
Siva as per my understanding its mandatory.
07-24-2017 02:19 AM
Thanks Prasad,
I am trying to create Rendezvous conference esacaltion.. The steps which i followd:
1)Created a neighbour zone in VCS.
2) Created a Search rule in VCS and Target zone as CMS
Calrification needed on CMS Side
IN CMS What are the configuration required?
07-25-2017 01:05 AM
To Run the Secure call between VCS (expressway C or VCS C) and CMS you will required below certificates.
TURN Server
Web Bridge
Call Bridge
Note: No cert required from VCS side.
SIP endpoint dial-in to the CMS through VCS
H323 mode – OFF
SIP Mode – ON
SIP Port – 5060 (5061 for TLS)
SIP transport – TCP or TLS as appropriate
SIP accept Proxied registrations – Allow
Authenticate policy – Treat as Authenticated
SIP authentication Trust Mode – OFF
Peer 1 address – The IP address of a call bridge
Route a VC endpoint call through a prefix 88 or any other number
For the Rendezvous conference you can use a fixed number. Like 88001
Source = Any
Request Must Be Authenticated = No
Mode = Alias pattern match
Pattern Type = Regex
Pattern String = .*@meetingserver.example.com (this domain can be as per ur org.)
Pattern Behavior = Leave
On Successful Match = Stop
Target = the zone you created for the Meeting Server. (CMS_Zone)
Go to configuration à outbound calls and add a dial-plan rule with below details,
Domain = VC.example.com
SIP proxy to use – this will be the IP or FQDN of VCS
Local Contact domain – this will be blank in our case
Local Domain name – meetingserver.example.com (same as one mention in the VCS)
Trunk type – Standard SIP
Configured an incoming dial rule to match our space 88001
Domain name – 88001@meetingserver.example.com
Priority – 10 (highest priority for
Target Space – yes
Targets user – yes
Targets IVR – yes
Targets Lync – No
07-27-2017 12:41 AM
Thanks Prasad,
It worked for Me. I sucessfully tested Rendezvous calls from all the endpoints. But i have few more questions:
I didnt enable turnserver and webbridge. When its required?
How to enable Meeting App what configuration required?
WIill i able to use default certificate for Turnserver and Webbridge?
07-31-2017 12:01 AM
Hi Shiva,
If you have a split infra you will required a TURN server.
The TURN server provides firewall traversal technology, allowing the Meeting Server to be deployed behind a Firewall or NAT. To connect to the deployment from external Cisco Meeting Apps or SIP endpoints you need to enable the TURN server, refer to the section on Deploying the TURN Servers . If you are usingCisco Meeting Apps you also need to configure the Web Admin interface to allow the Call Bridge and external clients to access the TURN server. Using the TURN server does not require an activation key.
First do let me know which type of deployement you are looking for Single server or Split ?
07-31-2017 12:17 AM
Dear Prasad,
Thanks for your wonderful explaination.
Currenlty we have single server. We are doing on premises deployment, We have VCS server and CMS 1000. We require a meeting app only internally. So i need to know what are the services to be turned on . When i try to enable Callbridge and Webridge its getting error , listening interface is getting invalid?
Note: My rendezvous is working fine ,as per your instruction.
07-31-2017 03:37 AM
If you are using a CMA (app) you need to enable XMPP server on the bridge. The XMPP licences comes with the software it does not required any separate key for activation. The XMPP server handles the signalling to and from Cisco Meeting Apps, including the WebRTC. The Media will come in through TURN server (for external app users only) for internal it can directly terminate on call bridge. In your case you are suing it for internal purpose only call bridge is enough no need of Turn server.
Steps to activate XMPP:
Port requirement:
Internal clients connect directly to the XMPP server on port 5222 and media connects directly between the Cisco Meeting App and the Call Bridge.
Steps:
domains: nslookup -querytype=srv _xmpp-server._tcp.example.com
nslookup -querytype=srv _xmpp-client._tcp.example.com
2. CSR for the XMPP server:
CMA looks for SubjectAltName and CN field to determine the XMPP domain. To avoid the client certificate error, ensure that the CSR for the XMPP server specifies: the DNS record for the XMPP server in the CN field or the SubjectAltName field, the XMPP server domain name in SubjectAltName field.
For example, if the XMPP domain is configured as example.com and DNS is xmpp.example.com, the CN should be xmpp.example.com and within the SAN list you must add xmpp.example.com and example.com. . Note: pki csr will automatically append the CN to the SAN list if a SAN list exists.
pki csr xmppserver CN:xmpp.example.com O:”Example Inc.” subjectAltName:example.com or using the wildcard: pki csr xmppserver CN:*.example.com O:”Example Inc.”
subjectAltName:example.com generates two files: xmppserver.key and xmppserver.csr, for the XMPP server in domain example.com. Submit the .csr file to a internal CA for signing.(as you don’t have any outsider CMA users you can use internal signed CA certificate.
xmpp listen a b
where keyfile and certificatefile are the filenames of the matching private key and certificate .If your CA provides a certificate bundle then also include the bundle as a separate file to the certificate (not applicable for you). See the Certificate Guidelines for further information
xmpp domain <domain name>
The following is an example where the domain name is example.com.
xmpp domain example.com
xmpp callbridge add <component name>
xmpp callbridge add cb_london
A secret is generated; for example, you see:
cms>xmpp callbridge add cb_london Added callbridge: Secret: aB45d98asdf9gabgAb1
07-31-2017 06:42 AM
Thanks Lot Prasad [+5]
I don't have Microsoft certificate server. Will default certificate will workout?
07-31-2017 09:52 AM
I am not sure what do you mean by default certificate? How u got the call bridge cert?
08-02-2017 01:17 AM
Dear Prasad,
With default certificate is it possible to loging meeting app.?
08-02-2017 11:38 PM
Hi Shiva,
If you are using the app internally in your organization and no one is going to get logged in from public internet, then internal signed certificate can be used.
Internal CA signed certificates can be generated by a local or organizational Certificate Authority, such as an Active Directory server with the Active Directory Certificate Services Role installed.
If you mean you have a internal signed certificate (which you calling as default certificate) then that is enough for running the service on the Access side.
Reagrds,
Prasad Paradkar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide