CUPdeploy

Deployment Guide for Cisco Unified
Presence Release 8.6

May 30, 2012
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the
document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Deployment Guide for Cisco Unified Presence Release 8.6
2012 Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER
Overview of a Basic Integration
1-1
About the Cisco Unified Presence Interfaces

Main Components 1-1
SIP Interface 1-2
CTI Interface 1-3
AXL/SOAP Interface 1-3
LDAP Interface 1-4
XMPP Interface 1-4
XMPP Standards
1-4
Module Overview
IM Compliancy
Cisco Integrations
1-5
1-8
1-8
Third-Party Integrations
1-8
Web Interface Timeout
1-9
Getting More Information
CHAPTER
CHAPTER
1-1
1-9
Configuring the Licensing for this Integration 2-1

Cisco Unified Personal Communicator License Requirements
User License Requirements 2-1
Adjunct Licensing 2-2
2-1
Configuring Cisco Unified Communications Manager for Integration with Cisco Unified
Presence 3-1
User and Device Configuration on Cisco Unified Communications Manager
Configuring the Presence Service Parameter
3-1
3-3
How to Configure the SIP Trunk on Cisco Unified Communications Manager 3-3
Configuring the SIP Trunk Security Profile for Cisco Unified Presence 3-4
Configuring the SIP Trunk for Cisco Unified Presence 3-4
Verifying that the Required Services are Running on Cisco Unified Communications Manager
CHAPTER
Planning a Cisco Unified Presence Multi-Node Deployment

About the Multi-Node Scalability Feature
Scalability Enhancements 4-1
3-6
4-1
4-1
Contents
Supported End Points 4-2

IM-Only Deployment 4-2
Performance Recommendations 4-2
High Availability Deployments 4-3
Subclusters 4-3
User Assignment 4-3
Server-Side Failback for Cisco Unified Personal Communicator 7.x and 8.x Clients
Cisco Unified Personal Communicator Sign-In and Redirect 4-4
Clustering over WAN 4-6
About the Multi-Node Deployment Models 4-6
Balanced User Assignment Redundant High Availability Deployment 4-6
Active/Standby User Assignment Redundant High Availability Deployment
Scalability Options for Your Deployment
Cluster-Wide DNS SRV
4-8
4-10
Multi-Node Hardware Recommendations
4-10
About Clustering over WAN Deployments 4-11

WAN Bandwidth requirements 4-11
Intracluster Deployments over WAN 4-11
Local Failover 4-12
Subcluster Failure Detection 4-12
Method Event Routing 4-13
Multi-Node Configuration for Deployment over WAN
Bandwidth Considerations 4-13
External Database Recommendations 4-14
Intercluster Deployments over WAN 4-14
CHAPTER
4-13
Performing a Cisco Unified Presence Multi-Node Deployment

Cisco UP Replication Watcher Service
How to Troubleshoot a Multi-Node Deployment

Monitoring a Multi-Node System 5-4
Resolving a Hardware Problem 5-5
6
5-2
5-4
Configuring a Cisco Unified Presence Server for Deployment in the Network

About Configuration Changes and Service Restart Notifications
Service Restart Notifications 6-2
5-1
5-1
How to Update a Multi-Node Configuration after Deployment

Adding a New Node 5-2
Expanding the Cluster 5-3
CHAPTER
4-7
6-1
6-1
4-4
Contents
Cisco UP XCP Router Restart
6-2
Restarting the Cisco UP XCP Router Service
6-2
How to Configure the Cluster Topology on Cisco Unified Presence 6-3

About Subcluster, Node and User Management Recommendations
Node Creation and Movement Recommendations 6-3
Node Name Recommendations 6-4
User Assignment Mode Recommendations 6-5
Manual User Assignment Recommendations 6-5
User Redistribution 6-6
Creating Subclusters in System Topology 6-7
Creating, Assigning and Moving Nodes in System Topology 6-7
Configuring User Assignment in System Topology 6-10
6-3
About High Availability Cisco Unified Presence Deployments 6-11

Requirements for High Availability 6-11
High Availability in a Subcluster 6-11
Impact of Failover to Cisco Unified Presence Clients and Services 6-12
Automatic Failover Detection 6-13
Automatic Fallback 6-14
Cisco UP Server Recovery Manager (SRM) 6-15
Manual Failover and Fallback 6-15
Important Note About High Availability and Intercluster Deployments 6-16
Node State Definitions 6-16
Node States, Causes and Recommended Actions 6-17
How To Configure High Availability Cisco Unified Presence Deployments 6-21
Turning On or Off High Availability for a Subcluster 6-21
Configuring the Advanced Service Parameters for the Server Recovery Manager
Performing a Manual Failover to Backup Node 6-25
Performing a Manual Fallback to Primary Node 6-26
Performing a Manual Recovery of a Subcluster 6-27
How to Configure the Cluster-Wide Routing Information on Cisco Unified Presence
Configuring the Domain Value 6-28
Replacing the Default Domain Value 6-28
Changing the Domain Value 6-29
About the Routing Communication Type 6-30
Routing Communication Recommendations 6-30
MDNS Routing and Cluster ID 6-31
Configuring the Routing Communication 6-31
Viewing or Configuring the Cluster ID 6-32
Configuring a Cluster-Wide Cisco Unified Presence Address 6-33
6-23
6-28
Contents
Configuring the Throttling Rate for Availability State Change Messages

How to Configure Static Routes on Cisco Unified Presence 6-34
Route Embed Templates 6-34
Configuring Route Embed Templates on Cisco Unified Presence
Configuring Static Routes on Cisco Unified Presence 6-36
How to Configure the Presence Gateway on Cisco Unified Presence
Presence Gateway Configuration Option 6-38
Configuring the Presence Gateway 6-39
6-34
6-35
6-38
How To Configure the Authorization Policy on Cisco Unified Presence 6-39

Automatic Authorization on Cisco Unified Presence 6-39
User Policy & Automatic Authorization 6-40
Configuring the Authorization Policy on Cisco Unified Presence 6-41
Bulk Export of User Contact Lists
6-42
Bulk Import of User Contact Lists 6-44

Check Maximum Contact List Size 6-45
Upload the Input File Using BAT 6-45
Create a New Bulk Administration Job 6-46
Check Results of Bulk Administration Job 6-46
How To Configure the Availability Settings on Cisco Unified Presence 6-47
Turning On or Off Availability Sharing for a Cisco Unified Presence Cluster
Configuring the Do Not Disturb Settings on Cisco Unified Presence 6-48
Configuring the Temporary Presence Subscription Settings 6-49
Configuring the Maximum Contact List Size Per User 6-50
Configuring the Maximum Number of Watchers Per User 6-51
6-47
How to Configure the Instant Messaging Settings on Cisco Unified Presence 6-51
Turning On or Off Instant Messaging for a Cisco Unified Presence Cluster 6-51
Turning On or Off Offline Instant Messaging 6-52
Allowing Clients to Log Instant Message History 6-53
Configuring the SIP Publish Trunk on Cisco Unified Presence
Configuring the Proxy Server Settings
6-54
How to Turn On the Cisco Unified Presence Service

Turning On the Sync Agent 6-54
Turning On the Cisco Unified Presence Service
CHAPTER
Single Sign-On Configuration 7-1

Introduction 7-1
Configuration Checklist for SSO 7-2
System Requirements for Single Sign-On
7-3
6-54
6-55
6-53
Contents
Installing Java 7-4

Installing Java Using a Linux Platform 7-4
Installing Java Using a Windows Platform 7-5
Installing Tomcat 7-5
Installing Tomcat using a Linux Platform 7-5
Installing Tomcat using a Windows Platform 7-6
Provisioning Active Directory for SSO 7-7
Deploying OpenSSO Enterprise War on Apache Tomcat 7-8
Deploying OpenSSO Enterprise War on Apache Tomcat over Linux Platform 7-8
Deploying OpenSSO Enterprise War on Apache Tomcat over Windows Platform 7-9
Initial Configuration of OpenSSO Enterprise Using the GUI Configurator 7-9
Configure Policies on Open SSO Server 7-10
Configuring SSO Module Instance 7-11
Configuring J2EE Agent Profile on OpenSSO Server 7-12
Importing the OpenAM Certificate into Cisco Unified Presence 7-13
Configuring Client Browsers for Single Sign-On 7-14
Configuring Internet Explorer for Single Sign-On 7-14
Configuring Firefox for Single Sign-On 7-15
Configuring Windows Registry 7-15
Configuring the Single Sign-On Application 7-15
Enabling SSO on Cisco Unified Presence Server 7-17
Disabling SSO on Cisco Unified Presence Server 7-17
Uninstalling OpenSSO Enterprise (OpenAM) 7-19
Uninstalling OpenSSO Enterprise (OpenAM) on Linux 7-19
Uninstalling OpenSSO Enterprise (OpenAM) on Windows 7-19
Troubleshooting Single Sign-On 7-19
Tomcat Crashes on OpenAM Server 7-20
Setting the Debug Level 7-20
CHAPTER
Configuring Security on Cisco Unified Presence

Creating a Login Banner
8-1
8-1
Cisco Unified Presence Certificate Types
8-2
How to Configure the Certificate Exchange Between Cisco Unified Presence and Cisco Unified
Communications Manager 8-3
Prerequisites for Configuring Security 8-3
Importing the Cisco Unified Communications Manager Certificate to Cisco Unified Presence 8-3
Restarting the SIP Proxy Service 8-4
Downloading the Certificate from Cisco Unified Presence 8-4
Uploading the Cisco Unified Presence Certificate to Cisco Unified Communications Manager 8-5
Contents
Restarting the Cisco Unified Communications Manager Service
8-5
How to Configure the SIP Security Settings on Cisco Unified Presence 8-6
Configuring a TLS Peer Subject 8-6
Configuring a TLS Context 8-6
Configuring the SIP Proxy-to-Proxy Intracluster Protocol Type 8-7
How to Configure the XMPP Security Settings on Cisco Unified Presence
XMPP Security Modes 8-8
Configuring the XMPP Certificate Settings 8-9
Configuring FIPS 140-2 Mode 8-9
Overview of FIPS 140-2 8-9
Rebooting a Server in FIPS 140-2 Mode
Regeneration of Certificates 8-10
CHAPTER
8-8
8-10
Integrating Third-Party XMPP Client Applications on Cisco Unified Presence
About Third-Party Client Integration 9-1

Supported Third-Party XMPP Clients 9-1
License Requirements for Third-Party Clients 9-2
XMPP Client Integration on Cisco Unified Communications Manager
LDAP Integration for XMPP Contact Search 9-2
Domain Name for XMPP Clients 9-2
DNS Configuration for XMPP Clients 9-3
9-1
9-2
Configuring a Secure Connection between Cisco Unified Presence and XMPP Clients
Turning On Cisco Unified Presence Services to Support XMPP Clients
CHAPTER
10
Configuring Chat on Cisco Unified Presence
10-1
About Chat 10-1

Chat 10-1
IM Forking 10-2
Offline IM 10-2
Broadcast IM 10-2
Chat Rooms on Cisco Unified Presence 10-2
Chat Room Limits 10-3
File Transfer 10-3
Important Notes About Cisco Unified Presence Service and Chat
How to Configure Chat Settings on Cisco Unified Presence 10-4
Configuring the Service Parameters for the IM Gateway 10-4
Enabling File Transfer 10-4
Configuring the Maximum Number of Logon Sessions 10-5
Configuring Persistent Chat Room Settings 10-5
9-4
10-3
9-3
Contents
How to Manage Chat Node Aliases 10-7

Chat Node Aliases 10-7
Key Considerations 10-8
Turning On System-Generated Aliases 10-8
Managing Chat Node Aliases Manually 10-9
Turning On the Cisco UP XCP Text Conference Service
10-11
Sample Deployments 10-12

Scenario 1 10-13
Scenario 2 10-13
Scenario 3 10-14
Scenario 4 10-14
Scenario 5 10-16
CHAPTER
11
Configuring the Cisco IP Phone Messenger Service
11-1
Prerequisites for Integrating Cisco IP Phone Messenger
11-1
How to Configure Cisco IP Phone Messenger on Cisco Unified Communications Manager

Configuring Cisco IP Phone Messenger as an Application User 11-2
Configuring a Phone Service for the Cisco IP Phone Messenger 11-2
Subscribing Phones to the Cisco IP Phone Messenger Service 11-3
11-1
How to Configure Cisco IP Phone Messenger on Cisco Unified Presence 11-3

Configuring the Cisco IP Phone Messenger Settings 11-4
Using Cisco IP Phone Messenger Across Clusters 11-4
Configuring Meeting Notification Settings 11-5
Information to Provide to Users About the Meeting Notification Feature 11-5
Configuring Cisco IP Phone Messenger Response Messages 11-6
Sending a Broadcast Message 11-7
Signing Out a Cisco IP Phone Messenger User 11-7
CHAPTER
12
Configuring Basic Features for Cisco Unified Personal Communicator

Roadmap for Deploying Cisco Unified Personal Communicator
12-3
Prerequisites for Integrating Cisco Unified Personal Communicator

Adding Licensing Capabilities for Users
12-1
12-7
12-8
Configuring Firewalls to Pass Cisco Unified Personal Communicator Traffic

Verifying That the Cisco UP XCP Router Service Is Running
12-8
12-8
(Cisco Unified Personal Communicator Release 8.x) About Configuring XCP Services for Cisco Unified
Personal Communicator 12-9
(Cisco Unified Personal Communicator Release 8.x) Required XCP Services 12-9
(Cisco Unified Personal Communicator Release 8.x) Optional XCP Services 12-9
Contents
How to Configure Chat 12-10

Configuring the Service Parameters for the IM Gateway 12-10
(Cisco Unified Personal Communicator Release 8.x) Configuring Persistent Chat Rooms
(Cisco Unified Personal Communicator Release 8.5) Disabling Chat 12-11
(Cisco Unified Personal Communicator Release 8.5) Configuring Chat History 12-11
12-10
About Configuring Cisco Unified Personal Communicator on

Cisco Unified Communications Manager 12-11
Application Dialing and Directory Lookup Rules 12-11
Transformation of Dialed Numbers by Cisco Unified Personal Communicator 12-12
Cisco Unified Client Services Framework Device Type 12-13
Extension Mobility Configuration 12-13
(Cisco Unified Personal Communicator Release 8.x) Guidelines for Configuring the Softphone Device
Name 12-14
(Cisco Unified Personal Communicator Release 7.1) Guidelines for Configuring the Softphone Device
Name 12-14
How to Configure Cisco Unified Personal Communicator on Cisco Unified
Creating a Softphone Device for Each Cisco Unified Personal Communicator User 12-15
Associating Users with Softphone Devices 12-17
Adding Users to User Groups 12-18
Associating a New Device with a User 12-18
Resetting a Device 12-19
Specifying Which Softphone Device to Use for a User with Multiple Associated Softphone
Devices 12-19
About Configuring Cisco Unified Personal Communicator on Cisco Unified Presence
TFTP Server Connection 12-20
High Availability 12-21
12-20
How to Configure Cisco Unified Personal Communicator on Cisco Unified Presence 12-21
Configuring the Proxy Listener and TFTP Addresses 12-21
(Cisco Unified Personal Communicator Release 8.x) Configuring Settings 12-22
(Cisco Unified Personal Communicator Release 7.1) Configuring the Service Parameters 12-24
(Cisco Unified Personal Communicator Release 7.1) Configuring a Secure Connection Between Cisco
Unified Presence and Cisco Unified Personal Communicator 12-25
About Configuring CTI Gateway Settings for Desk Phone Control on Cisco Unified Presence 12-26
Desk Phone Control and the CTI Connection Failures 12-26
(Cisco Unified Personal Communicator Release 7.x) Desk Phone Control and LDAP TelephoneNumber
Field 12-27
How to Configure CTI Gateway Settings for Desk Phone Control on Cisco Unified Presence
Configuring CTI Gateway Server Names and Addresses 12-28
Creating CTI Gateway Profiles 12-29
10
12-28
Contents
How to Configure Video Calls and Videoconferencing 12-30

Configuring Users for Point-to-Point Video Calls and for Multipoint Videoconferencing 12-30
Configuring Videoconferencing Resources and Ad-Hoc Conferencing on Cisco Unified
Configuring Bandwidth Capability for Cisco Unified Personal Communicator 12-33
(Cisco Unified Personal Communicator Release 8.x) How to Configure Cisco Unified IP Phones for
Video 12-34
(Cisco Unified Personal Communicator Release 8.x) Connecting a Cisco Unified IP Phone to the
Network and Your Computer 12-34
(Cisco Unified Personal Communicator Release 8.x) Enabling Video for a
Cisco Unified IP Phone 12-35
CHAPTER
13
Configuring Voicemail, Conferencing, and Other Features for Cisco Unified Personal
Communicator 13-1
About Secure Voicemail Messaging 13-2
Secure Voicemail Messaging on Cisco Unity Connection
Secure Voicemail Messaging on Cisco Unity 13-2
Secure Voicemail Messaging Configuration 13-3
13-2
How to Configure Voicemail Servers for Cisco Unified Personal Communicator 13-4
Configuring Cisco Unity Connection Servers 13-4
Configuring Cisco Unity Servers 13-6
Configuring Voicemail Server Names and Addresses on Cisco Unified Presence 13-9
Configuring Mailstore Server Names and Addresses on Cisco Unified Presence 13-9
Creating Voicemail Profiles on Cisco Unified Presence 13-11
How to Configure Conferencing Servers for Cisco Unified Personal Communicator 13-12
About the Conferencing Servers for Cisco Unified Personal Communicator 13-13
(Cisco Unified Personal Communicator Release 7.1) Configuring Cisco Unified MeetingPlace Express
and Cisco Unified MeetingPlace Express VT Servers 13-13
Configuring Cisco Unified MeetingPlace Servers 13-16
(Cisco Unified Personal Communicator Release 8.x) Configuring the Cisco Unified MeetingPlace Web
Server 13-18
Adding Custom Cisco Unified MeetingPlace Template Files to a Cisco Unified MeetingPlace7.x Web
Server 13-18
(Cisco Unified Personal Communicator Release 8.5) Configuring Cisco Webex Servers 13-19
Configuring Single Sign-on for Cisco Webex and Cisco Unified MeetingPlace 13-19
Configuring Conferencing Server Names and Addresses on Cisco Unified Presence 13-19
Creating Conferencing Profiles on Cisco Unified Presence 13-21
(Cisco Unified Personal Communicator Release 8.x) Creating Audio Profiles on Cisco Unified
Presence 13-23
Configuring CCMCIP Profiles for Cisco Unified Personal Communicator Release 8.x
About Configuring Third-Party Clients on Cisco Unified Presence
13-24
13-26
11
Contents
(Cisco Unified Personal Communicator Release 8.5) How to Use Cisco Unified Personal Communicator as
a Desktop Agent 13-26
About Running Cisco Unified Personal Communicator as a Desktop Agent 13-26
Before You Start Cisco Unified Personal Communicator as a Desktop Agent 13-27
Starting Cisco Unified Personal Communicator as a Desktop Agent 13-28
Stopping Cisco Unified Personal Communicator as a Desktop Agent 13-28
(Cisco Unified Personal Communicator Release 8.5) Distributing HTML Files for Display in the
Cisco Unified Personal Communicator Window 13-29
About Migrating Users from Cisco Unified Personal Communicator Release 7.x to Cisco Unified Personal
Communicator Release 8.x 13-30
How to Update User Configuration After Deploying Cisco Unified Personal Communicator 13-30
Application Profiles 13-30
Changing Application Profiles for a Single User 13-31
Changing Application Profiles for Multiple Users 13-31
Configuring a New User for Full Cisco Unified Personal Communicator Functionality 13-32
CHAPTER
14
Deploying and Upgrading Cisco Unified Personal Communicator
14-1
Pre-Deployment Tasks 14-1

Removing Any Applications That Depend on Cisco Unified Client Services Framework
Removing Cisco Unified Video Advantage 14-2
Cisco Unified Presence Server Discovery 14-2
Automatic Server Discovery 14-2
Setting a Default Address for the Cisco Unified Presence Server 14-3
Cisco Unified Personal Communicator Deployment 14-5
Executable File 14-5
Windows Installer (MSI) File 14-6
Software Download Site and Installer Package Names
Deployment Options 14-7
Automated Mass Deployment 14-7
Standalone Installation 14-7
14-1
14-6
How to Deploy the Application 14-8

(Cisco Unified Personal Communicator Release 8.5 and Earlier) Deploying the Application in a Mac
OS Environment 14-8
Deploying the Application and the Camera Drivers in a Microsoft Windows Environment 14-8
Installing Security Certificates on Client Computers for Client Services Framework (CSF) 14-9
Enabling Availability Status for Microsoft Office 2010 Users 14-10
Upgrading the Application
14-11
Installation and Configuration of Headsets and Other Audio Devices
14-12
Use of Third-Party Headsets with Cisco Unified Personal Communicator
12
14-12
Contents
Do Not Disturb Behavior of Cisco Unified Personal Communicator

Information to Provide to Users
14-13
14-15
Troubleshooting 14-18
Cisco Unified Personal Communicator Fails to Start or Starts with a Black Background with No Visible
Controls 14-18
Limitations Creating Group Chats 14-19
Cannot Place or Receive Calls After a Secure Profile is Enabled 14-19
Error Connecting to the CSF Device 14-19
CHAPTER
15
Integrating the LDAP Directory
15-1
Prerequisites for Integrating the LDAP Directory

LDAP Integrations
15-1
15-2
How to Integrate the LDAP Directory with Cisco Unified Communications Manager 15-2
Secure Connection Between Cisco Unified Communications Manager and the LDAP Directory 15-3
Configuring the LDAP Synchronization for User Provisioning 15-3
Uploading LDAP Authentication Server Certificates 15-4
Configuring LDAP Authentication 15-5
Configuring a Secure Connection Between Cisco Unified Presence and the LDAP Directory 15-6
How to Integrate the LDAP Directory with Cisco Unified Personal Communicator 15-6
Rules for a Displayed Contact Name 15-7
(Cisco Unified Personal Communicator Release 8.0) Fetch Contact Pictures from a Web Server 15-7
Configuring the LDAP Attribute Map for Cisco Unified Personal Communicator 15-8
Configuring LDAP Server Names and Addresses for Cisco Unified Personal Communicator 15-10
Creating LDAP Profiles and Adding Cisco Unified Personal Communicator Users to the Profile 15-11
How to Integrate the LDAP Directory for Contact Searches on XMPP Clients 15-13
LDAP Account Lock Issue 15-14
Configuring LDAP Server Names and Addresses for XMPP Clients 15-14
Configuring the LDAP Search Settings for XMPP Clients 15-15
Turning On The Cisco UP XCP Directory Service 15-17
CHAPTER
16
Configuring a Cisco Unified Presence Intercluster Deployment
16-1
About Intercluster Deployments 16-1

Intercluster Hardware Recommendations 16-1
Intercluster Peer Relationships 16-1
Intercluster Router to Router Connections 16-2
Node Name Value for Intercluster Deployments 16-2
Domain Value for Intercluster Deployments 16-3
Secure Intercluster Router to Router Connections 16-3
Prerequisites for Intercluster Deployment
16-4
13
Contents
How to Configure Intercluster Peers 16-4

Configuring an Intercluster Peer 16-4
Turning On the Intercluster Sync Agent 16-6
Verifying the Intercluster Peer Status 16-7
Updating Intercluster Sync Agent Tomcat Trust Certificates
16-7
How to Migrate Users between Cisco Unified Presence Clusters 16-8

Unassign the Users from the Current Cluster 16-9
Export User Contact Lists 16-9
Unlicense the Users 16-10
Move Users to the New Cluster 16-10
LDAP Sync Enabled on Cisco Unified Communications Manager 16-10
LDAP Sync Not Enabled on Cisco Unified Communications Manager 16-11
License the Users on the New Cluster 16-11
Import Contact Lists on the New Home Cluster 16-12
CHAPTER
17
Configuring Active Directory for Cisco Unified Personal Communicator

Feature Comparison of Enhanced and Basic Directory Integration
17-1
17-2
Specifying How Cisco Unified Client Services Framework Integrates with Active Directory
Mapping Keys Required for Basic and Enhanced Directory Integration
17-3
17-4
About Enhanced Directory Integration 17-4

Automatic Discovery of the Directory Service 17-5
Configuration of Directory Servers that Cannot Be Discovered Automatically
Connections to Global Catalog Servers or Domain Controllers 17-5
Usage of SSL 17-6
Usage of SSL for Users that Are Not Part of Your Domain 17-6
Usage of Windows Credentials 17-6
Usage of Non-Windows Credentials 17-6
Topics to Consider Before You Use Enhanced Directory Integration 17-7
About Configuring Enhanced Directory Integration with Active Directory 17-7
Default Configuration of Active Directory with Enhanced Directory Integration
Configuration of the Connection for Enhanced Directory Integration 17-8
Directory Attributes Are Standard Active Directory Attribute Names 17-11
Configuration of Additional Directory Attributes 17-12
Active Directory Attributes that must be Indexed 17-12
Sample Configuration Questions 17-13
17-5
17-7
About Basic Directory Integration 17-14

Using an Active Directory Group Policy Administrative Template to Configure Client Services
Framework Clients 17-14
14
Contents
Deployment of Group Policy Administrative Templates in a Windows Server 2003

Environment 17-15
Deployment of Group Policy Administrative Templates in a Windows Server 2008
Environment 17-15
Registry Location on Client Machines 17-16
Configuration of LDAP Registry Settings 17-16
About Phone Number Masks 17-20
Elements of Phone Number Masks 17-20
Subkey Names for Specifying Masks 17-22
About Retrieving Photos for Contacts 17-23
Retrieval of Binary Photos from Active Directory 17-23
Retrieval of Static URLs from Active Directory 17-23
Retrieval of Dynamic URLs from Active Directory 17-23
CHAPTER
18
Configuring Additional Registry Keys for Cisco Unified Personal Communicator

Mapping Registry Keys
18-1
18-2
Configuration of Video Registry Settings

Configuration of CTI Registry Settings
18-2
18-2
Configuration of Web Conferencing Registry Settings

Configuration of Dial via Office Registry Settings
Configuration of Additional Registry Settings
18-2
18-3
18-3
18-4
APPENDIX
19
How to Configure Multilingual Support for Cisco Unified Presence
19-1
Installing the Locale Installer on Cisco Unified Communications Manager

Installing the Locale Installer on Cisco Unified Presence
Localized Applications
APPENDIX
19-3
19-5
Configuring Cisco Unified Presence for an IM-Only Deployment

IM-Only Configuration Steps
APPENDIX
19-1
A-1
High Availability Client Login Profiles
B-1
How to Use the High Availability Login Profiles B-1

Important Notes About the High Availability Login Profiles
Using the High Availability Login Profile Tables B-2
Example High Availability Login Configurations B-3
2 GB Active/Active Profile
2 GB Active/Standby Profile
A-1
B-1
B-3
B-4
15
Contents
B-4
B-5
6 GB Active/Active Profile B-5

User Login Retry Limits for Standard Deployments
User Retry Limits for IM-Only Deployments B-7
B-6
6 GB Active/Standby Profile B-7

User Login Retry Limits for Standard Deployments B-7
User Login Retry Limits for IM-Only Deployments B-9
APPENDIX
Glossary of Terms
C-1
16
CH A P T E R

May 30, 2012
About the Cisco Unified Presence Interfaces, page 1-1
XMPP Standards, page 1-4
Module Overview, page 1-5
IM Compliancy, page 1-8
Cisco Integrations, page 1-8
Third-Party Integrations, page 1-8
Web Interface Timeout, page 1-9
Getting More Information, page 1-9
Main Components, page 1-1
SIP Interface, page 1-2
CTI Interface, page 1-3
AXL/SOAP Interface, page 1-3
LDAP Interface, page 1-4
XMPP Interface, page 1-4
Main Components
Figure 1-1 provides an overview of a Cisco Unified Presence deployment, including the main
components and interfaces between Cisco Unified Communications Manager and Cisco Unified
Presence. and between Cisco Unified Presence and third-party products.
1-1
Chapter 1
Figure 1-1
Cisco Unified Presence Basic Deployment
Cisco UC Client
CUMC
CUCM
End User Identity
Third - party
XMPP Client
Phone state
XMPP Federation
- IBM Sametime
- WebEx
- Googletalk
Device data
Licensing
Location Appliance
HTTP
SOAP
Cisco Unified Presence

Rich Presence
Roster Mgt
Instant Messaging
- Permanent chat
- IM History
- Compliance
Policy/User
Preferences
Open API
SIP Federation
- Microsoft OCS
XM
SI PP
P ,
,
PP AP
XM /SO
P
SI
Web Applications
SIP, AXL,
Data Sync
Compliance
XDB
Record Retention
Storage
Vendors
ODBC
External IM Archive
Federation
RCC
MS Exchange
Calendaring
207482
CUMA
SIP Interface
A SIP connection handles the presence information exchange between Cisco Unified Communications
Manager and Cisco Unified Presence. To enable the SIP connection on Cisco Unified Communications
Manager, you must configure a SIP trunk pointing to the Cisco Unified Presence server.
On Cisco Unified Presence, configuring Cisco Unified Communications Manager as a Presence Gateway
will allow Cisco Unified Presence to send SIP subscribe messages to Cisco Unified Communications
Manager over the SIP trunk.
Note
Cisco Unified Presence does not support clients (Cisco clients or third party) connecting to Cisco
Unified Presence using SIP/SIMPLE interface over TLS. Only a SIP connection over TCP is supported.
Related Topics
How to Configure the SIP Trunk on Cisco Unified Communications Manager, page 3-3
How to Configure the Presence Gateway on Cisco Unified Presence, page 6-38
1-2
Chapter 1

CTI Interface
The CTI (Computer Telephony Integration) interface handles all the CTI communication for users on the
Cisco Unified Presence server to control phones on Cisco Unified Communications Manager. The CTI
functionality allows users of the Cisco Unified Personal Communicator client to run the application in
desk phone control mode.
The CTI functionality is also used for the Cisco Unified Presence remote call control feature on the
Microsoft Office Communicator client. For information about configuring the remote call control
feature, see the Integration Note for Configuring Cisco Unified Presence with Microsoft OCS for MOC
Call Control.
To configure CTI functionality for Cisco Unified Presence users on Cisco Unified Communications
Manager, users must be associated with a CTI-enabled group, and the primary extension assigned to that
user must be enabled for CTI.
To configure Cisco Unified Personal Communicator desk phone control, you must configure a CTI
server and profile on Cisco Unified Presence, and assign any users that wish to use the application in
desk phone mode to that profile. However, note that all CTI communication occurs directly between
Cisco Unified Communications Manager and Cisco Unified Personal Communicator, and not through
the Cisco Unified Presence server.
Related Topics
User and Device Configuration on Cisco Unified Communications Manager, page 3-1
How to Configure CTI Gateway Settings for Desk Phone Control on Cisco Unified Presence,
page 12-28
Integration Note for Configuring Cisco Unified Presence with Microsoft OCS for MOC Call
Control:
http://www.cisco.com/en/US/products/ps6837/products_installation_and_configuration_guides_lis
t.html
AXL/SOAP Interface
The AXL/SOAP interface handles the database synchronization from Cisco Unified Communications
Manager and populates the Cisco Unified Presence database. To activate the database synchronization,
you must start the Sync Agent service on Cisco Unified Presence.
By default the Sync Agent load balances all users equally across all nodes within the Cisco Unified
Presence cluster. You also have the option to manually assign users to a particular node in the Cisco
Unified Presence cluster.
For guidelines on the recommended synchronization intervals when executing a database
synchronization with Cisco Unified Communications Manager, for single and dual-node Cisco Unified
Presence, see the Cisco Unified Presence SRND document.
Related Topics
Cisco Unified Presence SRND:

http://www.cisco.com/go/designzone
Turning On the Sync Agent, page 6-54
1-3
Chapter 1
XMPP Standards
LDAP Interface
Cisco Unified Communications Manager obtains all user information via manual configuration or
synchronization directly over LDAP. Cisco Unified Presence then synchronizes all this user information
from Cisco Unified Communications Manager (using the AXL/SOAP interface).
Cisco Unified Presence provides LDAP authentication for users of the Cisco Unified Personal
Communicator client and Cisco Unified Presence user interface. If a Cisco Unified Personal
Communicator user logs into Cisco Unified Presence, and LDAP authentication is enabled on Cisco
Unified Communications Manager, Cisco Unified Presence goes directly to the LDAP directory for
Cisco Unified Personal Communicator user authentication. Once Cisco Unified Personal Communicator
is authenticated, Cisco Unified Presence forwards this information to Cisco Unified Personal
Communicator to continue the user login.
Cisco Unified Personal Communicator and third party XMPP clients use the LDAP directory to allow
users to search and add contacts.
Related Topic
Integrating the LDAP Directory, page 15-1
XMPP Interface
An XMPP connection handles the presence information exchange and instant messaging operations for
XMPP-based clients. Cisco Unified Presence supports temporary (ad-hoc) and persistent chat rooms for
XMPP-based clients. An IM Gateway supports the IM interoperability between SIP-based and
XMPP-based clients in a Cisco Unified Presence deployment.
Related Topics
Integrating Third-Party XMPP Client Applications on Cisco Unified Presence, page 9-1
Configuring Chat on Cisco Unified Presence, page 10-1
XMPP Standards
Cisco Unified Presence is compliant with the following XMPP standards:
RFC 3920 Extensible Messaging and Presence Protocol (XMPP): Core RFC 3921 Extensible
Messaging and Presence Protocol (XMPP): Instant Messaging and Presence
XEP-0004 Data Forms
XEP-0012 Last Activity
XEP-0013 Flexible Offline Message Retrieval
XEP-0016 Privacy Lists
XEP-0030 Service Discovery
XEP-0045 Multi-User Chat
XEP-0054 Vcard-temp
XEP-0055 Jabber Search
XEP-0060 Publish-Subscribe
1-4
Chapter 1

Module Overview
XEP-0065 SOCKS5 Bystreams

XEP-0066 Out of Band Data Archive OOB requests
XEP-0068 Field Standardization for Data Forms
XEP-0071 XHTML-IM
XEP-0082 XMPP Date and Time Profiles
XEP-0092 Software Version
XEP-0106 JID Escaping
XEP-0114 Jabber Component Protocol
XEP-0115 Entity Capabilities
XEP-0124 Bidirectional Streams over Synchronous HTTP (BOSH)
XEP-0126 Invisibility
XEP-0128 Service Discovery Extensions
XEP-0160 Best Practices for Handling Offline Messages
XEP-0163 Personal Eventing Via PubSub
XEP-0170 Recommended Order of Stream Feature Negotiation
XEP-0178 Best Practices for Use of SASL EXTERNAL
XEP-0220 Server Dialback
XEP-0273 SIFT (Stanza Interception and Filtering Technology)
Module Overview
Module
Configuring the Licensing
for this Integration
Configuring Cisco Unified

Communications Manager
for Integration with Cisco
Unified Presence
This Module Describes...
Notes
Licensing requirements for Cisco Unified

Presence and Cisco Unified Personal
Communicator.
Instructions on how to obtain and upload a license

file, and how to view license information on
Cisco Unified Communications Manager.
Instructions to configure the presence parameters

and the SIP trunk, on Cisco Unified
Communications Manager.
This is required configuration.
This is required configuration.
Make sure that you complete the

prerequisite user and device
configuration on Cisco Unified
Communications Manager as
described in this module.
1-5
Chapter 1
Module Overview
Module
Planning a Cisco Unified

Presence Multi-node
Deployment
Multi-node scalability feature introduction.
Different multi-node deployment models.
DNS configuration options for a multi-node

deployment.
Performing a Cisco Unified

Presence Multi-node
Deployment
A high-level overview of how to perform a

multi-node installation and deployment.
Describes the high-level sequence of tasks when

performing a fresh multi-node deployment, and
updating an existing multi-node deployment.
Configuring a Cisco Unified

Presence Server for
Deployment in the Network
System topology configuration (multi-node)
High availability configuration (multi-node)
Cluster-wide SRV address (multi-node)
Routing parameters (multi-node)
Uploading Cisco Unified Presence license file

(single node and multi-node)
Presence gateway and service parameters (single

node and multi-node)
Authorization policy configuration (single node

and multi-node)
Turning on Cisco Unified Presence services

(single node and multi-node)
Configuring Security
between Cisco Unified
and Cisco Unified Presence
The exchange of self-signed certificates between

Cisco Unified Communications Manager and
Cisco Unified Presence.
Configuring Cisco Unified Presence secure modes
Integrating Third-Party
XMPP Client Applications
on Cisco Unified Presence
Configuring Chat on Cisco

Unified Presence
Configuring the Cisco IP
PhoneMessenger Service
This module is only applicable if

you are configuring a multi-node
deployment.

you are configuring a multi-node
deployment.
Some topics in this module are

only applicable to the multi-node
deployment, and some are
applicable to both single node
and multi-node deployments.
You perform certain tasks in this

module on the Cisco Unified
Presence publisher node, and
certain tasks on all nodes in the
cluster.
This module is only required if

you want a secure connection
between these servers.
Instructions to configure third-party XMPP

clients on Cisco Unified Presence.

you are deploying third-party
XMPP clients.
Instructions to configure the chat, and group chat

settings on Cisco Unified Presence.

you are deploying XMPP clients.
Instructions to configure Cisco IP

PhoneMessenger on Cisco Unified

you are deploying Cisco IP
PhoneMessenger
Instructions to configure Cisco IP

PhoneMessenger on Cisco Unified Presence
1-6
Notes
Chapter 1

Module Overview
Module
Personal Communicator
Notes
This module describes how to configure

Cisco Unified Personal Communicator Release
8.x and Cisco Unified Personal Communicator
Release 7.x.
Instructions to configure Cisco Unified Personal

Communicator on Cisco Unified Communications
Manager
Instructions to configure Cisco Unified Personal

Communicator on Cisco Unified Presence
Configuring firewalls to pass Cisco Unified

Personal Communicator traffic
Configuring users for point-to-point video calls

and for multipoint video conferencing
Instructions to configure the voicemail servers for

Cisco Unified Personal Communicator
Instructions to configure the conferencing servers

for Cisco Unified Personal Communicator
Instructions to configure the video conferencing

resources on Cisco Unified Communications
Manager
Updating user configuration after deploying

Deploying and Updating

Cisco Unified Personal
Communicator
Instructions on deploying and upgrading

Information on installation and use of headsets

and other audio devices.
Integrating the LDAP

Directory
Integrating the LDAP directory with Cisco

Unified Communications Manager
Integrating the LDAP directory with

Integrating the LDAP directory for XMPP client

contact search
Configuring a Cisco Unified

Presence Intercluster
Deployment

Presence for an IM-Only
Deployment
How to Configure
Multilingual Support for
Additional Deployment
Information for
Communicator

you are deploying Cisco Unified
Personal Communicator.
This module describes optional

configuration if you are
deploying Cisco Unified

you are deploying Cisco Unified
Personal Communicator.
This is recommended
configuration.
Information about intercluster deployments, and

how to configure intercluster peers.

you are configuring a
multi-cluster deployment.
Outline of the configuration steps required for an

IM-only deployment

you are configuring an IM-only
deployment.
Information on installing the locale installer on

Cisco Unified Communications Manager and

you wish to expand your Cisco
Unified Presence deployment to
support multiple languages.
1-7
Chapter 1
IM Compliancy
IM Compliancy
For information about configuring Instant Message (IM) compliancy on Cisco Unified Presence, refer
to the following documents:
Instant Messaging Compliance Guide for Cisco Unified Presence:

t.html
Database Setup Guide for Cisco Unified Presence

t.html
Cisco Integrations
For information about integrating Cisco Unified Presence with Cisco Unified Mobility, see the Cisco
Unified Mobility server documentation.
Related Topic
Cisco Unified Mobility documentation:

http://www.cisco.com/en/US/products/ps7270/prod_installation_guides_list.html
Third-Party Integrations
This guide only details how to configure a basic Cisco Unified Presence deployment. For third-party
integrations, see the document references below.
Third Party Integration
This Guide Describes...
Integrating Cisco Unified Presence with Microsoft

Exchange
Integrating with Microsoft Exchange 2003, 2007 and 2010
Configuring Microsoft Active Directory for this integration
Integrating Cisco Unified Presence with Microsoft

OCS/LCS for MOC Call Control
Configuring Cisco Unified Presence as a CSTA gateway for

remote call control from the Microsoft Office Communicator
client
Configuring Microsoft Active Directory for this integration
Load-balancing MOC requests in a dual node Cisco Unified

Presence deployment over TCP
Load-balancing MOC requests in a dual node Cisco Unified

Presence deployment over TLS
Configuring Cisco Unified Presence for interdomain federation

over the SIP protocol with Microsoft OCS and AOL, and over the
XMPP protocol with IBM Sametime, Googletalk, WebEx
Connect, and another Cisco Unified Presence Release 8.x
enterprise.
Integrating Cisco Unified Presence for Interdomain

Federation
1-8
Chapter 1

Related Topic
Cisco Unified Presence third party integration documentation:

t.html

In Cisco Unified Presence Release 8.6(4), you can configure the time, in minutes, after which the web
interface times out and logs off the user. The default timeout value is 30 minutes. For more information,
see the Command Line Interface Reference Guide for Cisco Unified Presence.

Cisco Unified Presence Solution Reference Network Design (SRND) Document:
Cisco Unified Presence Compatibility Matrices and Port List:
http://www.cisco.com/en/US/products/ps6837/products_device_support_tables_list.html
Cisco Unified Presence Release Notes:
http://www.cisco.com/en/US/products/ps6837/prod_release_notes_list.html
Cisco Unified Communications Manager Documentation:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/tsd_products_support_series_home.html
Cisco Unified Personal Communicator Documentation:
http://www.cisco.com/en/US/products/ps6844/tsd_products_support_series_home.html
1-9
Chapter 1
1-10
CH A P T E R
Configuring the Licensing for this Integration

May 30, 2012
Cisco Unified Personal Communicator License Requirements, page 2-1
Cisco Unified Personal Communicator License Requirements
User License Requirements, page 2-1
Adjunct Licensing, page 2-2
User License Requirements

Cisco Unified Communications Manager tracks the number of Cisco Unified Personal Communicator
devices that are connected to it and compares it with the number of device licenses that have been
purchased.
Table 2-1 describes the user license requirements for Cisco Unified Personal Communicator.
2-1
Chapter 2
Table 2-1
Cisco Unified Personal Communicator user licensing requirements
Configuration
License Requirement
Description

Communicator basic
functionality

Communicator software
license
You will require one Cisco Unified Personal Communicator

software license per user.
The Cisco Unified Personal Communicator software license
comes with one Cisco Unified Communications Manager
Device License Unit (DLU). You need to assign
Cisco Unified Personal Communicator capabilities for a user.
This will consume one DLU.
On Cisco Unified Communications Manager, you will need
to upload the software license for a user, and then assign
Cisco Unified Personal Communicator capabilities for a user.
Softphone mode (optional)

Communicator user feature
license
You will require one Cisco Unified Personal Communicator

user feature license per user. This license is also known as a
Cisco Unified Communications Manager phone device
license. You upload this license on Cisco Unified

Communicator user feature
license registered as
Cisco Unified
softphone
In addition to the normal licensing requirements listed above,

you require three Cisco Unified Communications Manager
user feature licenses to register as a Cisco Unified
Communications Manager softphone (three device licenses
are consumed).
Related Topics
Adjunct Licensing, page 2-2
Creating a Softphone Device for Each Cisco Unified Personal Communicator User, page 12-15
Adjunct Licensing
From Cisco Unified Communications Manager Release 6.0(1), you can associate a secondary device
with a primary device and consume only one device license per device. This is also known as adjunct
licensing. On Cisco Unified Communications Manager, you can configure adjunct licensing manually
on the Phone Configuration window, using the AXL interface, or using the Bulk Administration Tool
(BAT). For releases prior to Cisco Unified Communications Manager Release 6.0(1), three device
licenses are consumed.
Adjunct licensing has these restrictions:
You can associate up to two secondary softphone devices to a primary phone.
You cannot delete the primary phone unless you remove the associated secondary softphone devices.
The primary phone must be the device that consumes the most licenses. You cannot make the
softphone device the primary phone and associate a Cisco Unified IP Phone as the secondary device.
Secondary softphone devices are limited to Cisco IP Communicator, Cisco Unified Personal
Communicator, and Cisco Unified Mobile Communicator.
2-2
Chapter 2
Related Topics
User License Requirements, page 2-1
What To Do Next
Obtain a license file. For more information, see the Installation Guide for Cisco Unified Presence
Release 8.6.
2-3
Chapter 2
2-4
CH A P T E R
Configuring Cisco Unified Communications

Manager for Integration with Cisco Unified
Presence
May 30, 2012
Configuring the Presence Service Parameter, page 3-3
Verifying that the Required Services are Running on Cisco Unified Communications Manager,
page 3-6
User and Device Configuration on Cisco Unified

Before you configure Cisco Unified Communications Manager for integration with Cisco Unified
Presence, make sure that the following user and device configuration is completed on Cisco Unified
If you deploy Cisco Unified Personal Communicator, see the chapter on configuring Cisco Unified
Communications Manager for Cisco Unified Personal Communicator deployment later in this guide.
3-1
Chapter 3 Configuring Cisco Unified Communications Manager for Integration with Cisco Unified Presence
User and Device Configuration on Cisco Unified Communications Manager
Task
Notes
Modify the User Credential

Policy
Menu path
Cisco Unified Communications
Manager Administration > User
Management > Credential Policy
Default
This procedure is only applicable if you are

integrating with Cisco Unified Communications
Manager version 6.0 or a later release.
We recommend that you set an expiration date on

the credential policy for users. The only type of
user that does not require a credential policy
expiration date is an Application user.
Cisco Unified Communications Manager does not

use the credential policy if you are using an LDAP
server to authenticate your users on Cisco Unified
Configure the phone devices,

and associate a Directory
Number (DN) with each device
Check Allow Control of Device from CTI to

allow the phone to interoperate with the
Cisco Unified Personal Communicator client.
Configure the users, and

associate a device with each
user

If you are planning to deploy Cisco Unified
Personal Communicator, make sure that the user
Management > End User.
ID value is unique for each user. The user ID is
converted into the softphone device name, and if
two users have the same softphone device name
Cisco Unified Personal Communicator will not be
able to derive the softphone device name, and as a
result, will not function properly.
Associate a user with a line

appearance
This procedure is only applicable to Cisco Unified Cisco Unified Communications

Communications Manager version 6.0 or a later
Manager Administration >
release.
Device > Phone
Add users to CTI-enabled user

group

This procedure is only applicable if you are
planning to deploy Cisco Unified Personal
Communicator. To enable Cisco Unified Personal Management > User Group
Communicator desk phone control, you must add
the Cisco Unified Personal Communicator users to
a CTI-enabled user group.
Note

Manager Administration >
Device > Phone
Note that because menu options and parameters may vary per Cisco Unified Communications Manager
releases, see the Cisco Unified Communications Manager documentation appropriate to your release.
Related Topics

Communications Manager, page 12-15
page 12-28
3-2
Chapter 3
Configuring Cisco Unified Communications Manager for Integration with Cisco Unified Presence

You enable the Inter-Presence Group Subscription parameter to allow users in one Presence Group to
subscribe to the availability information for users in a different presence group.
Restriction
You can only enable the Inter-Presence Group Subscription parameter when the subscription permission
for the default Standard Presence Group, or any new Presence Groups, is set to Use System Default. To
configure Presence Groups, select Cisco Unified Communications Manager Administration >
System > Presence Groups.
Procedure
Step 1
Select Cisco Unified Communications Manager Administration > System > Service Parameters.
Step 2
Select Cisco Unified Communications Manager server from the Server menu.
Step 3
Select Cisco CallManager from the Service menu.
Step 4
Select Allow Subscription for Default Inter-Presence Group Subscription in the Clusterwide Parameters
(System - Presence) section.
Step 5
Select Save.
Troubleshooting Tips
You no longer have to manually add Cisco Unified Presence as an Application Server on Cisco Unified
Communications Manager:
When you add or remove a node on the system topology management GUI, the node is automatically
added to or removed from the Application Server list on Cisco Unified Communications Manager.
When you configure the Cisco Unified Communications Manager publisher on Cisco Unified
Presence from Cisco Unified Presence Administration > System > CUCM Publisher, the Cisco
Unified Presence node is automatically added to the Application Server list on Cisco Unified
Related Topic
How to Configure the Cluster Topology on Cisco Unified Presence, page 6-3
What To Do Next
How to Configure the SIP Trunk on

Cisco Unified Communications Manager
Note
The port number that you configure for the SIP Trunk differs depending on the version of Cisco Unified
Presence that you are deploying:
For Cisco Unified Presence version 6.x, configure the port number 5070 for the SIP Trunk.
3-3
How to Configure the SIP Trunk on Cisco Unified Communications Manager
For Cisco Unified Presence version 7.0(x) or higher, configure the port number 5060 for the SIP
Trunk.
Configuring the SIP Trunk Security Profile for Cisco Unified Presence, page 3-4
Configuring the SIP Trunk for Cisco Unified Presence, page 3-4
Configuring the SIP Trunk Security Profile for Cisco Unified Presence
Procedure
Step 1
Select Cisco Unified Communications Manager Administration > System > Security > SIP Trunk
Security Profile.
Step 2
Select Find.
Step 3
Select Non Secure SIP Trunk Profile.
Step 4
Verify that the setting for Device Security Mode is Non Secure.
Step 5
Verify that the setting for Incoming Transport Type is TCP+UDP.
Step 6
Verify that the setting for Outgoing Transport Type is TCP.
Step 7
Check to enable these items:
Step 8
Accept Presence Subscription
Accept Out-of-Dialog REFER
Accept Unsolicited Notification
Accept Replaces Header
Select Save.
What To Do Next
Configuring the SIP Trunk for Cisco Unified Presence, page 3-4
Configuring the SIP Trunk for Cisco Unified Presence

You only configure one SIP trunk between a Cisco Unified Communications Manager cluster and a
Cisco Unified Presence cluster. After you configure the SIP trunk, you must assign that SIP trunk as the
CUP PUBLISH trunk on Cisco Unified Communications Manager by selecting Cisco Unified
Communications Manager Administration > System > Service Parameters.
If DNS SRV is an option in your network, and you want availability messaging to be shared equally
among all the servers used for availability information exchange, you must configure the SIP trunk for
the Cisco Unified Presence server with a DNS SRV record of the Cisco Unified Presence publisher and
subscriber servers. You must also configure the Presence Gateway on the Cisco Unified Presence server
with a DNS SRV record of the Cisco Unified Communications Manager subscriber nodes.
Before You Begin
Configure the SIP Trunk security profile on Cisco Unified Communications Manager.
3-4
Chapter 3
Configuring Cisco Unified Communications Manager for Integration with Cisco Unified Presence
How to Configure the SIP Trunk on Cisco Unified Communications Manager
Read the Presence Gateway configuration options topic.
Procedure
Step 1
Select Cisco Unified Communications Manager Administration > Device > Trunk.
Step 2
Select Add New.
Step 3
Select SIP Trunk from the Trunk Type menu.
Step 4
Select SIP from the Device Protocol menu.
Step 5
Select None for the Trunk Service Type.
Step 6
Select Next.
Step 7
Enter CUPS-SIP-Trunk for the Device Name.
Step 8
Select a device pool from the Device Pool menu.
Step 9
In the SIP Information section at the bottom of the window, configure the following values:
Note
Step 10
a.
In the Destination Address field, enter the dotted IP address, or the FQDN (Fully Qualified Domain
Name), or the DNS SRV record for the Cisco Unified Presence server.
b.
Check the Destination Address is an SRV checkbox if you are configuring a multi-node deployment.
In this scenario, Cisco Unified Communications Manager performs a DNS SRV record query to
resolve the name _sip._tcp.cups01.lab. If you are configuring a single-node deployment, leave this
checkbox unchecked and Cisco Unified Communications Manager will perform a DNS A record
query to resolve the name cups01.lab.
In both scenarios, the Cisco Unified Communications Manager SIP trunk Destination Address must
resolve by DNS and match the SRV Cluster Name configured on the Cisco Unified Presence server.
For more information, see Configuring a Cluster-Wide Cisco Unified Presence Address, page 6-33.
c.
Enter 5060 for the Destination Port.
d.
Select Non Secure SIP Trunk Profile from the SIP Trunk Security Profile menu.
e.
Select Standard SIP Profile from the SIP Profile menu.
Select Save.
Troubleshooting Tip
If you modify the DNS entry of the Publish SIP Trunk SRV record by changing the port number or IP
address, you must restart all devices that previously published to that address and ensure each device
points to the correct Cisco Unified Presence contact.
Related Topics
Configuring the SIP Trunk Security Profile for Cisco Unified Presence, page 3-4
Configuring the SIP Publish Trunk on Cisco Unified Presence, page 6-53
Presence Gateway Configuration Option, page 6-38
What To Do Next
How to Configure Cisco IP Phone Messenger on Cisco Unified Communications Manager, page 11-1
3-5
Verifying that the Required Services are Running on Cisco Unified Communications Manager
or
About Configuring Cisco Unified Personal Communicator on Cisco Unified Communications Manager,
page 12-11
Verifying that the Required Services are Running on Cisco

Procedure
Step 1
On Cisco Unified Communications Manager, select Cisco Unified Serviceability> Tools > Control
Center - Feature Services.
Step 2
Select a Cisco Unified Communications Manager server from the Server menu.
Step 3
Make sure that the following services are running:
Cisco CallManager
Cisco TFTP (if you are deploying Cisco Unified Personal Communicator softphone)
Cisco CTIManager (if you are deploying Cisco Unified Personal Communicator in desk phone
control mode)
Cisco AXL Web Service (for data synchronization between Cisco Unified Presence and
Cisco Unified Communications Manager)
Troubleshooting Tip
To turn on a service on Cisco Unified Communications Manager, select Cisco Unified Serviceability>
Tools > Service Activation.
3-6
CH A P T E R
Planning a Cisco Unified Presence Multi-Node

Deployment
May 30, 2012
About the Multi-Node Scalability Feature, page 4-1
About the Multi-Node Deployment Models, page 4-6
Scalability Options for Your Deployment, page 4-8
Cluster-Wide DNS SRV, page 4-10
Multi-Node Hardware Recommendations, page 4-10
About Clustering over WAN Deployments, page 4-11
Scalability Enhancements, page 4-1
Supported End Points, page 4-2
IM-Only Deployment, page 4-2
Performance Recommendations, page 4-2
High Availability Deployments, page 4-3
Subclusters, page 4-3
User Assignment, page 4-3
Server-Side Failback for Cisco Unified Personal Communicator 7.x and 8.x Clients, page 4-4
Cisco Unified Personal Communicator Sign-In and Redirect, page 4-4
Clustering over WAN, page 4-6
Scalability Enhancements
The Cisco Unified Presence multi-node scalability feature supports the following:
Six nodes per cluster
45, 000 users per cluster with maximum of 15, 000 users per node in a full Unified Communication
mode deployment
4-1
Chapter 4
Administrable customer-defined limit on the maximum contacts per user (default unlimited).
Cisco Unified Presence continues to support intercluster deployments with the multi-node feature.
Supported End Points

The multi-node scalability feature supports the following end points:
Cisco Unified Communications Manager (desk phone)
Cisco Unified Personal Communicator Release 8.x (XMPP client)
Cisco Unified Personal Communicator Release 7.x (SIP client)
Third-Party XMPP clients
Cisco Unified Mobile Communicator
Cisco Jabber
Microsoft Office Communicator (Microsoft soft client)
Lotus Sametime (Lotus soft client)
Third-Party Interface clients
Lync 2010 Client (Microsoft Office Communicator client)
IM-Only Deployment
Cisco Unified Presence supports an IM-only deployment. This type of deployment supports up to 25,
000 users per node and up to 75, 000 users in a Cisco Unified Presence cluster. An overview of the
configuration steps required to set up an IM-only Cisco Unified Presence deployment is provided in the
appendix of this guide.
Related Topic
Configuring Cisco Unified Presence for an IM-Only Deployment, page A-1
Performance Recommendations
You can achieve optimum performance with the multi-node feature when:
The resources on all Cisco Unified Presence servers are equivalent in terms of memory, disk size,
and age. Mixing hardware classes results in servers that are under-powered, therefore resulting in
poor performance.
You deploy hardware that complies with the hardware recommendations.
You configure a Balanced Mode deployment model. In this case, the total number of users is equally
divided across all nodes in all subclusters. Cisco Unified Presence defaults to Balanced Mode user
assignment to achieve optimum performance.
Related Topics
Balanced User Assignment Redundant High Availability Deployment, page 4-6
4-2
Chapter 4

High Availability Deployments

Cisco Unified Presence Release 8.5 (x) and later releases support High Availability deployments. Any
earlier Cisco Unified Presence 8.0(x) releases do not support High Availability deployments.
We recommend that you configure your Cisco Unified Presence deployments as High Availability
deployments. Although mixed mode deployments are permitted, for example High Availability
subclusters and non High Availability subclusters in a single deployment, we do not recommend this
configuration.
You must manually turn on High Availability in a subcluster. You can achieve a High Availability
deployment by configuring the Balanced Mode (Redundant High Availability) or the Active/Standby
Redundant High Availability deployment models, and turning on High Availability in your deployment.
Related Topics
Subclusters, page 4-3
Active/Standby User Assignment Redundant High Availability Deployment, page 4-7
Subclusters
The multi-node feature introduces the concept of a subcluster. A subcluster is a single Cisco Unified
Presence server, or a pair of Cisco Unified Presence servers, where each node has an independent
database and set of users operating with a shared availability database that is able to support common
users.
In a single-node deployment within a subcluster, there is no High Availability failover protection for
users assigned to the node. In a dual-node deployment within a subcluster, if you turn on High
Availability in the subcluster, users have failover protection; each node acts as a backup for the other
node allowing clients to fail over in case of outages of components or nodes. When you turn on High
Availability in a subcluster, all users in the subcluster have redundancy and full failover capabilities.
Related Topics
About High Availability Cisco Unified Presence Deployments, page 6-11
Creating Subclusters in System Topology, page 6-7
User Assignment
To allow users receive the availability and Instant Messaging (IM) services on Cisco Unified Presence,
you must assign users to nodes, and subclusters, in your Cisco Unified Presence deployment. You can
manually or automatically assign users in a Cisco Unified Presence deployment. You manage user
assignment using the User Assignment Mode parameter on the Sync Agent on Cisco Unified Presence.
If you select automatic user assignment, the Sync Agent assigns the users to all nodes in all subclusters
in an attempt to balance the user assignment evenly across all nodes. You can also configure the Sync
Agent to assign the total number of users to only the first (active) node of an subcluster.
If you select manual user assignment, you must manually assign your users to nodes, and subclusters,
using the System Topology interface in Cisco Unified Presence Administration.
4-3
Chapter 4
Related Topics
User Assignment Mode Recommendations, page 6-5
Configuring User Assignment in System Topology, page 6-10
Server-Side Failback for Cisco Unified Personal Communicator 7.x and 8.x
Clients
Note
Server-side failback is not applicable to Cisco Jabber.

Cisco Unified Presence provides server-side failback, which uses the same throttle mechanism as server
failover. This feature detects when a failed Cisco Unified Presence server in a High Availability
deployment comes back in service. It then sends terminating notify messages to Cisco Unified Personal
Communicator clients that are failed over to initiate failback to their home node. Also, if a user is moved
between nodes in the subcluster, the Cisco Unified Presence server sends terminating notify messages,
and the client will sign out and sign in to the new node. To balance the load between two nodes in the
subcluster, you can assign the users equally in each node.
Cisco Unified Personal Communicator Sign-In and Redirect

Cisco Unified Presence supports the ability to redirect a Cisco Unified Personal Communicator client
application to the Cisco Unified Presence node to which the user is assigned (home node). The redirect
feature is supported in intracluster and intercluster deployments. In both types of deployments, redirect
occurs automatically when the client application signs in. After the user successfully signs in to the home
node, Cisco Unified Personal Communicator caches the server name. As a result, redirect happens only
once, unless a user is reassigned.
Using Table 4-1 as a reference, see the following examples to gain a better understanding of the various
redirect scenarios. In Table 4-1, Cluster1 is assumed to be a Cisco Unified Presence Release 8.6 cluster
and Cluster2 is a 7.x or 8.x cluster.
4-4

Figure 4-1
Intercluster and Intracluster Redirect Diagram
Cluster1
Cluster2
SubCluster1
C1Node1
C2Node1
C1Node2
C2Node2
SubCluster2
C1Node3
Intercluster connection
209582
Chapter 4
In the preceding figure, Cluster1 has three nodes, a publisher (C1Node1) and two subscribers (C1Node2
and C1Node3) and has an intercluster peer relationship with Cluster2, which contains a publisher
(C2Node1) and subscriber (C2Node2). Several different redirect scenarios are possible:
Note
1.
A Cisco Unified Personal Communicator user is assigned C1Node1 as a home node and attempts to
sign in to C1Node2. C1Node2 automatically redirects the Cisco Unified Personal Communicator
client to C1Node1. In this scenario, High Availability is disabled in Subcluster1. If High Availability
is enabled in Subcluster1, C1Node2 will process the login request. There is no redirect.
2.
A Cisco Unified Personal Communicator user is assigned C1Node3 as a home node and attempts to
sign in to C1Node1 or C1Node2. Regardless of whether High Availability is enabled in Subcluster1,
C1Node1 or C1Node2 redirects the Cisco Unified Personal Communicator client to C1Node3. High
Availability rules do not apply here because C1Node3 is part of Subcluster2.
3.
A Cisco Unified Personal Communicator user is assigned C2Node1 or C2Node2 as a home node and
attempts to sign in to C1Node1, C1Node2, or C1Node3. C1Node1, C1Node2, or C1Node3
automatically redirects the Cisco Unified Personal Communicator client its home node.
For more information about establishing intercluster peer relationships and syncing users, see
Configuring a Cisco Unified Presence Intercluster Deployment, page 16-1.
Related Topic
AXL/SOAP Interface, page 1-3
4-5
Chapter 4
About the Multi-Node Deployment Models
Clustering over WAN

Cisco Unified Presence Release 8.5(x) or later releases support Clustering over WAN deployments. Any
earlier Cisco Unified Presence 8.0(x) releases do not support Clustering over WAN.
Related Topic
About Clustering over WAN Deployments, page 4-11

You need to consider how you are going to deploy the multi-node feature in your network. You configure
your desired multi-node deployment model in system topology management GUI in Cisco Unified
Presence Administration. Select System > Cluster Topology in Cisco Unified Presence Administration
to access system topology management GUI.
This module provides an overview of the deployment model options for the multi-node feature, and
provides examples of these deployments on system topology management GUI.
You only use system topology management GUI to configure your local Cisco Unified Presence cluster.
See the intercluster peer module for information about configuring intercluster peer relationships with
remote Cisco Unified Presence clusters.
Note
The High Availability deployment models described in this module are only applicable to Cisco Unified
Presence Release 8.5.x or later releases.
Active/Standby User Assignment Redundant High Availability Deployment, page 4-7
Balanced User Assignment Redundant High Availability Deployment

You can achieve a balanced mode High Availability deployment by evenly balancing users across all
nodes in the subcluster, but only using up to 35% of the CPU of each Cisco Unified Presence server.
The balanced mode High Availability deployment option in a redundant mode supports up to fifteen
thousand users per cluster. For example, if you have six Cisco Unified Presence nodes in your
deployment, and fifteen thousand users, you assign 2.5 thousand users to each Cisco Unified Presence
node.
When you use the balanced mode High Availability deployment option in a redundant mode, as
compared to a non-redundant mode, only half the number of users are assigned to each node. However,
if one node fails, the other node will handle the full load of the additional 50% of users in the subcluster,
even at peak traffic. In order to support this failover protection, you must turn on High Availability in
each of the subclusters in your deployment.
See Figure 4-2 for an example of this deployment model on system topology management GUI. In this
example, there are 15,000 users in total, so 2500 users are evenly balanced across the six nodes.
4-6
Chapter 4

Figure 4-2
Balanced User Assignment Non- Redundant High Availability Deployment
Related Topics
How To Configure High Availability Cisco Unified Presence Deployments, page 6-21
For the hardware user assignment guidelines for the multi-node feature, see the Cisco Unified
Presence compatibility matrices at this URL:
Active/Standby User Assignment Redundant High Availability Deployment

For this deployment model, assign all your users to the primary Cisco Unified Presence node, and none
to the backup node. When you turn on High Availability in the subcluster, the backup node can handle
all traffic from the primary node if the primary node fails.
See Figure 4-3 for an example configuration for this deployment model on system topology management
GUI. In this example, there are 15,000 users in total, so 5000 users are assigned to the first node of each
subcluster.
4-7
Chapter 4
Figure 4-3
Active/Standby User Assignment High Availability Deployment
Related Topics
User Redistribution, page 6-6
For the hardware user assignment guidelines for the multi-node feature, see the Cisco Unified
Presence compatibility matrices at this URL:

Cisco Unified Presence clusters can support up to six nodes. If you originally installed less than six
nodes, then you can install additional nodes at any time. If you want to scale your Cisco Unified Presence
deployment to support more users, you must consider the multi-node deployment model you have
configured. Table 4-1 describes the scalability options for each multi-node deployment model.
4-8
Chapter 4

Table 4-1
Multi-node Scalability Options
Scalability Option
Add a New Node to an Existing Subcluster
Add a New Node to a New Subcluster
Deployment Mode
Balanced Non-Redundant High If you add a new node to an existing
Availability Deployment
subcluster, the new node can support the
same number of users as the existing node;
the subcluster can now support twice the
number of users. It also provides balanced
High Availability for the users on the
existing node and the new node in that
subcluster.
If you add a new node to a new subcluster,

you can support more users in your
deployment.
Balanced Redundant High

Availability Deployment
If you add a new node to a new subcluster,

deployment.
If you add a new node to an existing

subcluster, the new node can support the
same number of users as the existing node;
the subcluster can now support twice the
number of users. It also provides balanced
redundant High Availability for the users on
the existing node and the new node in that
subcluster.
Note
Active/Standby Redundant
High Availability Deployment
This does not provide balanced High

Availability for the users in the subcluster. To
provide balanced High Availability, you
must add a second node to the subcluster.
This does not provide balanced High

Availability for the users in the subcluster. To
provide balanced High Availability, you
must add a second node to the subcluster.
You may have to reassign your users

within the subcluster, depending
how many users were on the
existing node.
If you add a new node to an existing

subcluster, you provide High Availability
for the users in the existing node in the
subcluster. This provides a High
Availability enhancement only; it does not
increase the number of users you can
support in your deployment.
If you add a new node in a new subcluster,

deployment.
This does not provide High Availability for
the users in the subcluster. To provide High
Availability, you must add a second node to
the subcluster.
Related Topics
Expanding the Cluster, page 5-3
4-9
Chapter 4

For DNS configuration, you can define a cluster-wide Cisco Unified Presence address. The SIP Publish
Trunk on Cisco Unified Communications Manager uses this address to load-balance SIP PUBLISH
messages from Cisco Unified Communications Manager to all nodes in the Cisco Unified Presence
cluster. Notably this configuration ensures that the initial SIP PUBLISH messages are load-balanced
across all nodes in the Cisco Unified Presence cluster. This configuration also provides a High
Availability deployment as, in the event of a node failing, DNS will route the SIP PUBLISH messages
to the remaining nodes.
The cluster-wide DNS configuration is not a required configuration. It is a suggested configuration that
provides a method to load-balance the initial SIP PUBLISH messages across all nodes in the Cisco
Unified Presence cluster. Cisco Unified Presence sends subsequent SIP PUBLISH messages for each
device to the node where the user is homed on Cisco Unified Presence.
Related Topic
Configuring a Cluster-Wide Cisco Unified Presence Address, page 6-33
Multi-Node Hardware Recommendations

When configuring the multi-node feature, consider the following:
Warning
We recommend turning on High Availability in your deployment.
Minimize your hardware, for example, instead of using six MCS 7825 servers that support a total of
six thousand users, choose two MCS 7835 servers that can support a total of five thousand users.
Use the same generation of server hardware.
Use similar hardware for all nodes in your deployment. If you must mix generations of similar
hardware, put the same generations of older hardware together in a subcluster and put fewer users
on this subcluster than on the more powerful subclusters. Note that we do not recommend this
deployment practice.
For multi-node deployments using mixed hardware (for example, UCS, MCS, or VMware), it is highly
recommended that the subscriber and publisher nodes in the same subcluster have similar database
size. If a significant difference in database size exists between the two nodes, you will receive an
error during installation of the subscriber node.
Use the following disk drives for the multi-node feature:

MCS 7816: minimum one 160GB drive (a 250GB drive can also be used)
MCS 7825: minimum two 160GB drives (two 250GB drives can also be used, upgrade required
from smaller 80GB drives)

MCS 7835: minimum two 146GB drives (upgrade required from smaller 72GB drives)
MCS 7845: minimum four 72GB drives (upgrade recommended to four 146GB drives)
Note
The MCS 7845 with four 72GB drives can run the scalability feature, but this hardware with four
146GB drives is preferred.
4-10
Chapter 4

About Clustering over WAN Deployments
Note
If you have older-generation hardware, follow the disk drive upgrade recommendations above. You
must meet the minimal disk capacity on each server in the cluster in order to achieve scale.
Upgrading drives will allow you to use older hardware in a multi-node cluster. However, we recommend
that you use the latest hardware available for the multi-node feature because this hardware has more
powerful CPU, more memory and faster input/output processing.
Related Topic
For a list of the supported hardware for the multi-node feature, and hardware user assignment guidelines
for the multi-node feature, see the Cisco Unified Presence compatibility matrices at this URL:

Cisco Unified Presence supports Clustering over WAN for intracluster and intercluster deployments.
WAN Bandwidth requirements, page 4-11
Intracluster Deployments over WAN, page 4-11
Local Failover, page 4-12
Subcluster Failure Detection, page 4-12
Method Event Routing, page 4-13
Multi-Node Configuration for Deployment over WAN, page 4-13
Bandwidth Considerations, page 4-13
External Database Recommendations, page 4-14
Intercluster Deployments over WAN, page 4-14
WAN Bandwidth requirements

At a minimum, you must dedicate five megabits per second of bandwidth for each Cisco Unified
Presence subcluster, with no more than an eighty millisecond round-trip latency. These bandwidth
recommendations apply to both intracluster and intercluster WAN deployments. Any bandwidth less
than this recommendation can adversely impact performance.
Note
Each Cisco Unified Presence subcluster that you add to your Clustering over WAN deployment requires
an additional (dedicated) five megabits per second bandwidth.
Intracluster Deployments over WAN

Cisco Unified Presence supports intracluster deployments over WAN, using the bandwidth
recommendations provided in this module. Cisco Unified Presence supports a single subcluster
geographically split over WAN, where one node in the subcluster is in one geographic site and the second
node in the subcluster is in another geographic location.
4-11
Chapter 4
This model can provide geographical redundancy and remote failover, for example failover to a backup
Cisco Unified Presence node on a remote site. With this model, the Cisco Unified Presence server does
not need to be co-located with the Cisco Unified Communications Manager publisher server. The
Cisco Unified Personal Communicator client can be either local or remote to the Cisco Unified Presence
server.
This model also supports High Availability for the Cisco Unified Personal Communicator Release
clients, where the clients fail over to the remote peer Cisco Unified Presence node if the services or
hardware fails on the home Cisco Unified Presence node. When the failed node comes online again, the
clients automatically reconnect to the home Cisco Unified Presence node.
When you deploy Cisco Unified Presence over WAN with remote failover, note the following
restrictions:
This model only supports High Availability at the system level. Certain Cisco Unified Presence
components may still have a single point of failure. These components are the Cisco UP Sync Agent,
Cisco Intercluster Sync Agent, and Cisco Unified Presence Administration interface.
This model supports High Availability for the Cisco Unified Personal Communicator Release 7.x
and Cisco Unified Personal Communicator Releases 8.5 and 8.6.
Cisco Unified Presence also supports multiple subclusters in a Clustering over WAN deployment. For
information about scale for a Clustering over WAN deployment, see the Cisco Unified Presence SRND.
Related Topic
Cisco Unified Presence Solution Reference Network Design (SRND):

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/uc7_0.html
Local Failover
You can also deploy Cisco Unified Presence over WAN where one subcluster is located in one
geographic site, and a second subcluster is located in another geographic site. The subcluster can contain
a single node, or a dual node for High Availability between the local nodes. This model provides no
failover between geographic sites.
Subcluster Failure Detection

Cisco Unified Presence supports a failure detection mechanism for a subcluster. Each node in the
subcluster monitors the status, or heartbeat, of the peer node. You can configure the heartbeat connection
and heartbeat intervals on Cisco Unified Presence by selecting Cisco Unified Presence Administration
> System > Service Parameters > Cisco UP Config Agent (service). In the section General Cisco UP
Config Agent Parameters (Clusterwide), configure the following parameters:
Note
Heart Beat Interval: This parameter specifies how often in seconds the Cisco UP Config Agent
sends a heartbeat message to the peer Cisco UP Config Agent in the same subcluster. The heartbeat
is used to determine network availability. The default value is 60 seconds.
Connect Timeout: This parameter specifies how long in seconds the Cisco UP Config Agent waits
to receive a response from a connection request to the peer Cisco UP Config Agent. The default
value is 30 seconds.
We recommend that you configure these parameters with the default values.
4-12
Chapter 4

Method Event Routing

When you deploy Cisco Unified Presence over WAN we recommend that you configure TCP method
event routing on Cisco Unified Presence. Select Cisco Unified Presence Administration > Presence >
Routing > Method/Event Routing to configure method event routes.
Multi-Node Configuration for Deployment over WAN

When you configure the Cisco Unified Presence multi-node feature for an intracluster deployment over
WAN, configure the Cisco Unified Presence subcluster, nodes and user assignment as described in the
multi-node section, but note the following recommendations:
For optimum performance, we recommend that you assign the majority of your users to the home
Cisco Unified Presence node. This deployment model decreases the volume of messages sent to the
remote Cisco Unified Presence server over WAN, however the failover time to the secondary node
depends on the number of users failing over.
If you wish to configure a High Availability deployment model over WAN, you can configure a
subcluster-wide DNS SRV address. In this case Cisco Unified Presence sends the initial PUBLISH
request message to the node specified by DNS SRV and the response message indicates the host
node for the user. Cisco Unified Presence then sends all subsequent PUBLISH messages for that user
to the host node. Before configuring this High Availability deployment model, you must consider if
you have sufficient bandwidth for the potential volume of messages that may be sent over the WAN.
Related Topics
Intracluster Deployments over WAN, page 4-11
Performing a Cisco Unified Presence Multi-Node Deployment, page 5-1

Bandwidth Considerations
When you calculate the bandwidth requirements for your Clustering over WAN deployment, consider
the following:
In your bandwidth considerations, you must include the normal bandwidth consumption of a Cisco
Unified Communications Manager cluster. If you configure multiple nodes, Cisco Unified
Communications Manager uses a round-robin mechanism to load balance SIP/SIMPLE messages,
which consumes more bandwidth. To improve performance and decrease traffic, you could provision
a single dedicated Cisco Unified Communications Manager node for all SIP/SIMPLE messages sent
between Cisco Unified Presence and Cisco Unified Communications Manager.
In your bandwidth considerations, we also recommend that you consider the number of contacts in
the contact list for a Cisco Unified Personal Communicator user, and the size of user profiles on
Cisco Unified Presence. See the Cisco Unified Presence SRND for recommendations regarding the
size of a contact list when you deploy Cisco Unified Presence over WAN. Note also that the
maximum contact list size on Cisco Unified Presence is 200, so you need to factor this in to your
bandwidth considerations for systems with large numbers of users.
Related Topic
4-13
Chapter 4
External Database Recommendations

If you configure external database server(s) in your Clustering over WAN deployment, we recommend
that you co-locate the external database server(s) with the Cisco Unified Presence servers that will use
the external database server(s).
Related Topic
Database Setup Guide for Cisco Unified Presence

http://www.cisco.com/en/US/products/ps6837/products_installation_and_configuration_guides_list.ht
ml
Intercluster Deployments over WAN

Cisco Unified Presence supports intercluster deployments over WAN, using the bandwidth
recommendations provided in this module.
Related Topics
WAN Bandwidth requirements, page 4-11
Configuring a Cisco Unified Presence Intercluster Deployment, page 16-1
4-14
CH A P T E R
Performing a Cisco Unified Presence Multi-Node

Deployment
May 30, 2012
Note
Cisco UP Replication Watcher Service, page 5-1
How to Update a Multi-Node Configuration after Deployment, page 5-2
How to Troubleshoot a Multi-Node Deployment, page 5-4
The purpose of this module is to provide the user with the recommended sequence of high-level tasks
for installing and configuring the multi-node feature.
Cisco UP Replication Watcher Service

Note
This section is only applicable to Cisco Unified Presence Release 8.5.x or higher.
The Cisco UP Replication Watcher monitors IDS replication state on Cisco Unified Presence. Other
Cisco Unified Presence services are dependent on the Cisco UP Replication Watcher service. These
dependent services use the Cisco UP Replication Watcher service to delay startup until such time as IDS
replication is in a stable state.
On the subscriber nodes, the Cisco UP Replication Watcher service delays the startup of feature services
until IDS replication is successfully established. The Cisco UP Replication Watcher service only delays
the startup of feature services on the problem subscriber node in a cluster, it will not delay the startup of
feature services on all subscriber nodes due to one problem node. For example, if IDS replication is
successfully established on node1 and node2, but not on node3, the Cisco UP Replication Watcher
service allows feature services to start on node1 and node2, but delays feature service startup on node3.
The Cisco UP Replication Watcher service behaves differently on the publisher node. It only delays the
startup of feature services until a timeout expires. When the timeout expires, it allows all feature services
to start on the publisher node even if IDS replication is not successfully established.
The Cisco UP Replication Watcher service generates an alarm when it delays feature service startup on
a node. It then generates a notification when IDS replication is successfully established on that node.
5-1
Chapter 5
The Cisco UP Replication Watcher service impacts both a fresh multi-node installation, and a software
upgrade procedure. Both will only complete when the publisher and subscriber nodes are running the
same Cisco Unified Presence release, and IDS replication is successfully established on the subscriber
nodes.
To check the status of the IDS replication on a node either:
Use this CLI command:

utils dbreplication runtimestate
Use the Cisco Unified Reporting Tool (CURT). The Unified CUP Database Status report displays
a detailed status of the cluster.
Related Topics
Upgrade from Cisco Unified Presence Release 7.0(x) to Release 8.5(x). For more information, see
the Upgrade Guide for Cisco Unified Presence Release 8.6.
Adding a New Node, page 5-2
Expanding the Cluster, page 5-3
Adding a New Node

Follow this procedure if you need to add new nodes after a multi-node deployment is running.
You can create the new node in your topology before you install the node, specifically before you install
the Cisco Unified Presence software on the new node. However, you cannot assign the new node to a
subcluster before you install Cisco Unified Presence software on the new node.
Restrictions
Your hardware must comply with the multi-node hardware recommendations.

Procedure
Step 1
Create a new subcluster in system topology management GUI (if required).
Step 2
Create a new node in system topology management GUI.
Step 3
Install the Cisco Unified Presence software on the new node.

See the Installation Guide for Cisco Unified Presence for the installation procedure.
Step 4
Note
Assign the node to the subcluster (if required).
Before you assign or move a node to a subcluster, check the following
From System troubleshooter page, verify that the Cisco UP Replication Watcher service is running
on all nodes.
5-2
Chapter 5

On the Network services screen in Cisco Unified Serviceability (on the subscriber node), verify that
all Cisco Unified Presence services are running.
Cisco Unified Presence assigns the node to the cluster, but the node will not receive traffic until you
assign users to it.
Step 5
Turn on High Availability in the subclusters as required.
Step 6
Assign users from other nodes to the new node as required.
Related Topics
Creating, Assigning and Moving Nodes in System Topology, page 6-7
Expanding the Cluster

Restrictions
Your hardware must comply with the multi-node hardware recommendations.
We strongly recommend that you perform any node movements that involve you unassigning or
moving a large numbers of users at off peak times. Such large operations can adversely impact
performance.
Procedure
Step 1
Create the new subcluster(s) in system topology management GUI (if required).
Step 2
Create the new nodes in system topology management GUI.
Step 3
Install each new node.
Step 4
Assign the nodes to the (new) subclusters.
Note
Before you assign or move a node to a subcluster, check the following
From System troubleshooter page, verify that the Cisco UP Replication Watcher service is running
on all nodes.
On the Network services screen in Cisco Unified Serviceability (on the subscriber node), verify that
all Cisco Unified Presence services are running.
Step 5
Turn on High Availability in the subclusters as required.
Step 6
Once all the nodes are online, assign users to the new nodes using the following user assignment options:
5-3
Chapter 5
Using the Find User Assignment feature, unassign selected users from each node, and use the User
Assignment Mode parameter to reassign new users to new subcluster(s) and nodes.
Using the Find User Assignment feature, manually move users to new nodes.
Unassign all users, and then reassign the users to the cluster using the appropriate User Assignment
Mode parameter setting for the whole cluster.
Troubleshooting Tip
You must turn off High Availability in a subcluster before you move or unassign a node in that subcluster.
Related Topics
Monitoring a Multi-Node System, page 5-4
Resolving a Hardware Problem, page 5-5
Monitoring a Multi-Node System

Restriction
If you need to add hardware to your multi-node deployment, the hardware must comply with the
multi-node hardware recommendations.
Procedure
Step 1
Use the Cisco Unified Presence Real-Time Monitoring Tool (RTMT) tool to monitor the CPU and
memory usage of each Cisco Unified Presence node in the cluster.
Step 2
Use these guidelines to determine if you need additional hardware:
5-4
Chapter 5

Deployment Model
Recommendation
No High Availability or Balanced Non-Redundant If the CPU reaches more than 70% capacity for a
High Availability
sustained period on any Cisco Unified Presence
node, we recommend that you add hardware
resources to your deployment.
Balanced Redundant High Availability
If the CPU reaches more than 35% capacity over

a sustained period on either Cisco Unified
Presence node in the subcluster, we recommend
that you add hardware resources to your
deployment.
Active/Standby High Availability
If the CPU reaches more than 70% capacity for a

sustained period of time on the active Cisco
Unified Presence node, we recommend that you
add hardware resources to your deployment.
Related Topics
For information about the RTMT tool, see the Serviceability Configuration and Maintenance Guide
for Cisco Unified Presence.
Resolving a Hardware Problem

Follow this procedure if there is a problematic server, or some general hardware failure.
Restrictions
If you need to add hardware to your multi-node deployment, the hardware must comply with the
multi-node hardware recommendations.
Procedure
Step 1
Create a new node in system topology management GUI.
Step 2
Perform a fresh installation on this node.
Step 3
Unassign the users from the problematic node.
Step 4
Stop all services on the problematic node.
Step 5
Unassign the problematic node.
Step 6
Assign the new node to the subcluster, replacing the problematic node.
Step 7
Reassign the unassigned users to the new node.
Step 8
Delete the problematic node.
5-5
Chapter 5
Step 9
Activate all services on the new node.
Troubleshooting Tip
You must turn off High Availability in a subcluster before you move or unassign a node in that subcluster.
Related Topics
5-6
CH A P T E R
Configuring a Cisco Unified Presence Server for

Deployment in the Network
May 30, 2012
About Configuration Changes and Service Restart Notifications, page 6-1
Restarting the Cisco UP XCP Router Service, page 6-2
How to Configure the Cluster-Wide Routing Information on Cisco Unified Presence, page 6-28
How to Configure Static Routes on Cisco Unified Presence, page 6-34
How to Configure the Presence Gateway on Cisco Unified Presence, page 6-38
How To Configure the Authorization Policy on Cisco Unified Presence, page 6-39
Bulk Export of User Contact Lists, page 6-42
Bulk Import of User Contact Lists, page 6-44
How To Configure the Availability Settings on Cisco Unified Presence, page 6-47
How to Configure the Instant Messaging Settings on Cisco Unified Presence, page 6-51
Configuring the Proxy Server Settings, page 6-54
How to Turn On the Cisco Unified Presence Service, page 6-54
About Configuration Changes and Service Restart Notifications
Service Restart Notifications, page 6-2
Cisco UP XCP Router Restart, page 6-2
6-1
Chapter 6
Service Restart Notifications

If you make a configuration change in Cisco Unified Presence Administration that impacts a Cisco
Unified Presence XCP service, you will need to restart XCP services for your changes to take effect.
Cisco Unified Presence notifies you of exactly which node the configuration change impacts and of any
service that you must restart. An Active Notifications popup window displays on each page of Cisco
Unified Presence Administration to serve as a visual reminder that you must restart services. Use your
mouse to hover over the dialog bubble icon to see the list of active notifications (if any) and associated
severity levels. From the list of active notifications you can go directly to Cisco Unified Serviceability,
where you can restart the required service.
The topics in this module indicate if you need to perform a service restart, however it is good practice
to monitor the service restart popup window for these notifications, particularly if you make any
configuration changes after you deploy Cisco Unified Presence in the network.
See the Online Help topic on Service Restart Notifications for information about the types of service
notifications, and the service notification security levels.
Related Topic
Cisco UP XCP Router Restart

The Cisco UP XCP Router must be running for all availability and messaging services to function
properly on Cisco Unified Presence. This applies to both SIP-based and XMPP-based client messaging.
If you restart the Cisco UP XCP Router, Cisco Unified Presence automatically restarts all active XCP
services.
The topics in this module indicate if you need to restart the Cisco UP XCP Router following a
configuration change. Note that you must restart the Cisco UP XCP Router, not turn off and turn on the
Cisco UP XCP Router. If you turn off the Cisco UP XCP Router, rather than restart this service, Cisco
Unified Presence stops all other XCP services. Subsequently when you then turn on the XCP router,
Cisco Unified Presence will not automatically turn on the other XCP services; you need to manually turn
on the other XCP services.
Related Topic

Procedure
Step 1
On Cisco Unified Presence, select Cisco Unified Serviceability > Tools > Control Center - Network
Services.
Step 2
Select the server from the Server list box and select Go.
Step 3
Select the radio button next to the Cisco UP XCP Router service in the Cisco Unified Presence Services
section.
Step 4
Select Restart.
6-2
Chapter 6

How to Configure the Cluster Topology on Cisco Unified Presence
Step 5
Select OK when a message indicates that restarting may take a while.
Related Topics
Service Restart Notifications, page 6-2
How to Configure the Cluster Topology on Cisco Unified

Presence
This module is only applicable if you are deploying the multi-node feature. When you configure the
multi-node feature, note the following:
Caution
Perform the system topology configuration on the Cisco Unified Presence publisher node.
Before configuring the system topology, read the multi-node planning and deployment information
for best practice information about configuring this type of deployment.
Only use the system topology interface to configure your local Cisco Unified Presence cluster. See the
intercluster peer module for information about configuring intercluster peer relationships with remote
Cisco Unified Presence clusters.
About Subcluster, Node and User Management Recommendations, page 6-3
About Subcluster, Node and User Management Recommendations
Node Creation and Movement Recommendations, page 6-3
Node Name Recommendations, page 6-4
Manual User Assignment Recommendations, page 6-5
Node Creation and Movement Recommendations

When you create nodes in system topology management GUI you can:
Assign the nodes to a subcluster in Cisco Unified Presence, or allow the nodes to remain unassigned.
These states are interchangeable.
Assign Cisco Unified Presence users to the nodes, or allow the nodes to remain without any user
assignments.
6-3
Chapter 6
Turn on or off High Availability on a subcluster. See the section about configuring High Availability
deployments later in this chapter.
Move a node from one subcluster to another if the node is assigned, has no users and highavailability is turned off in the subcluster.
Move a node from one subcluster to another if the node is assigned and has no users.
Configure real pingable nodes, or logical nodes which can be installed later and which remain
inaccessible until that time.
To move nodes with users assigned, perform one of the following actions:
Note
Unassign the users, move the node, and then reassign the users to the node. Note that when you
unassign the users, they will lose service.
Create a logical node and move the users to the logical node. Move the node, reassign the users to
the node, and remove the logical node.
Remove all users from a node before you unassign or move it.
Turn off High Availability in the subcluster before you unassign or move a node in that subcluster.
We strongly recommend that you perform any node movements that involve unassigning or moving
a large numbers of users at off peak times. Such large operations can adversely impact performance.
Related Topics
Node Name Recommendations

By default, the name for a node is the hostname that you configure during the Cisco Unified Presence
installation. For example, if the hostname of your Cisco Unified Presence node is called cup1, the node
name is cup1. You can change the node name to the dotted IP address or the FQDN, for example,
"192.168.0.1" or "cup1.acme.com". If you change the default name for the node, note the following:
You must be able to resolve the hostname or the FQDN from the Cisco Unified Presence server, and
Cisco Unified Personal Communicator client computers.
If either Cisco Unified Presence server or the Cisco Unified Personal Communicator client
computer cannot resolve the hostname or the FQDN, configure the IP address for the node name
value.
To test the name resolution from the Cisco Unified Presence server, use the command
utils network ping <node_name>
To test the name resolution from the Cisco Unified Personal Communicator client computer, use the
command
ping <node_name>
If your network uses DNS that can map to IPv4 addresses, you can enter the Cisco Unified Presence
hostname. Otherwise, you must enter the full IPv4 address of the Cisco Unified Presence server.
6-4
Chapter 6

Related Topics
Changing the IP Address and Hostname for Cisco Unified Presence Release 8.0, 8.5, and 8.6
User Assignment Mode Recommendations

You can manually or automatically assign users in a Cisco Unified Presence deployment. Use the User
Assignment Mode parameter on the Sync Agent to manage user assignment on Cisco Unified Presence:
Note
If set to Balanced, Cisco Unified Presence divides all users equally across all nodes in all
subclusters. Use this user assignment mode for the Balanced Mode Non-Redundant High
Availability and the Balanced Mode Redundant High Availability deployment options.
If set to Active/Standby, Cisco Unified Presence assigns all users only to the first node of a
subcluster. If there is only a single node in the subcluster, Cisco Unified Presence uses this node for
assignment regardless of the location of the node within the subcluster.
If set to None, you must manually assign your users to nodes in system topology management GUI.
If all the hardware in your cluster is of the same generation and has the same capacity, set the User
Assignment Mode to Balanced.
If you have hardware of mixed generations and capacities in a node, set the User Assignment Mode
to None. Manually assign your users making sure that each server is not loaded beyond capacity.
Related Topics
Manual User Assignment Recommendations, page 6-5
Manual User Assignment Recommendations

If you choose to manually assign users in system topology management GUI, note the following:
Note
You can manually unassign, assign or reassign users. You can assign users to a single node, and you
can also distribute groups of users across the node, or nodes, in a cluster, or a given subcluster.
If you assign a user to one of the nodes in a subcluster, the other node in the subcluster can become
the backup (redundant) node for the user if you turn on High Availability for the subcluster. If you
do not configure a backup node in the subcluster, and you do not turn on High Availability for the
subcluster, the user does not have High Availability failover protection.
Users who are assigned may be reassigned, that is, moved to another subcluster, or to a specific
node. You can move users individually or in bulk.
Users can remain unassigned. Unassigned users do not receive availability information.
We recommend that you only reassign a user (assign a user that was previously unassigned) if the Cisco
UP Presence Engine is running on all nodes in your cluster, otherwise Cisco Unified Presence will not
reestablish the presence subscriptions to and from this user.
6-5
Chapter 6
When you are assigning users, note the following:
You can only assign users if they are licensed.
Unassigning or reassigning users results in termination of active sessions. In such instances, clients
must reconnect to the new location.
You can export users in bulk using the Bulk Administration Tool (BAT). You can also use BAT to
perform bulk user reassignment from one node to another.
Generally we recommend that you take the Cisco UP Presence Engine and Cisco UP SIP Proxy services
offline when performing bulk operations. Note that taking these services offline will adversely impact
performance.
Related Topics
Turning On or Off High Availability for a Subcluster, page 6-21
User Redistribution
Note
If you turn on High Availability in a subcluster, be aware that Cisco Unified Presence does not
redistribute users to nodes that are in a failover states; the valid node states that support user
redistribution are Normal and Running in Backup Mode.
If you rebalance your users, you must reconfigure the upper and lower client re-login limit values
based on the HA login profile tables, see High Availability Client Login Profiles, page B-1.
After adding or removing nodes, you can redistribute users using the Rebalance Users parameter in
system topology management GUI. This parameter redistributes users based on the configured User
Assignment mode. These are examples of how you can use the Rebalance Users parameter with the User
Assignment mode to manage user assignment:
Scenario A: The customer has a subcluster with two nodes, and each node contains 5000 users. The
User Assignment mode is set to Balanced. The customer then adds a second subcluster with two
nodes, and sets the Rebalance Users parameter. Cisco Unified Presence distributes the users evenly
to the four nodes so that each node now has 2500 users.
Scenario B: The customer has a subcluster with two nodes, and each node contains 2500 users. The
User Assignment mode is set to Balanced. The customer wants to add a second subcluster with two
nodes, but also wants to change the User Assignment mode to Active/Standby. The customer
changes the mode to Active/Standby, whereby all 5000 users are redistributed to the first node in the
subcluster. The customer then adds a second subcluster with two nodes, and sets the Rebalance
Users parameter. Cisco Unified Presence evenly distributes the users across both first nodes in each
subcluster. Each first node now has 2500 users.
We strongly recommend that you perform any node movements that involve unassigning or moving a
large numbers of users at off peak times. Such large operations can adversely impact performance.
Related Topics
6-6
Chapter 6

Creating Subclusters in System Topology

The system automatically assigns the first Cisco Unified Presence node that you install as the publisher
node. After you install the publisher node, create the required subclusters and subsequent nodes in your
Cisco Unified Presence cluster in system topology management GUI.
Repeat this procedure for each subcluster that you require for your deployment.
Note
Perform this procedure on the publisher Cisco Unified Presence node.

Before You Begin
Plan your multi-node deployment model.

Procedure
Step 1
Select Cisco Unified Presence Administration > System > Cluster Topology.
Step 2
Select Add New Subcluster.
Step 3
Define a unique name for the subcluster.
Step 4
Select Save.
Troubleshooting Tip
To update a subcluster, or view the status of a subcluster, select the edit link on the subcluster.
Related Topics
Planning a Cisco Unified Presence Multi-Node Deployment, page 4-1
What To Do Next
Creating, Assigning and Moving Nodes in System Topology

Create the required subsequent nodes for your deployment. By creating the subsequent nodes in the
topology view of the publisher node, Cisco Unified Presence associates the subsequent nodes with the
publisher node.
Note
Perform this procedure on the publisher Cisco Unified Presence node.
6-7
Chapter 6
Perform this procedure before you install any of the subsequent Cisco Unified Presence nodes. If
you assign a subsequent Cisco Unified Presence node to a subcluster prior to installing it, users in
remote clusters will not receive availability information. An availability outage will occur until the
node is installed.
Before You Begin
Create the required subclusters for your deployment.
Depending on how you plan to configure your node name, obtain the required value for your nodes
(for example hostname, dotted IP address, FQDN or DNS-SRV).
Restrictions
If you wish to change the default node name, there are certain node name restrictions. Read the node
name recommendations topic.
You can only move a node from one subcluster to another if the node is assigned and has no users.
You must turn off High Availability in a subcluster before you move or unassign a node in that
subcluster.
Procedure
Step 1
Step 2
Create the required subsequent nodes for your deployment:

a.
Select Add New Node.
b.
Define a unique name for the node.
c.
Select Save.
6-8
Chapter 6

Step 3
Perform one of these actions:

If you want to:
Action
Notes
Assign a node to a
subcluster
Drag the node into the

empty slot in the subcluster
Do not assign the subsequent node to a

subcluster until after you install it, and
you have checked the status of the node.
Before you assign a node to a subcluster,

check the following
From System troubleshooter page,
verify that the Cisco UP Replication

Watcher service is running on all
nodes.
On the Network services screen in
Cisco Unified Serviceability (on the

subscriber node), verify that all
Cisco Unified Presence services are
running on the assigned node.
To move a previously
assigned node.
Drag the node from the

subcluster and drop it into
the empty slot of the peer
subcluster.
Turn off high -availability in the

subcluster before you move the node.
Unassign all users from the node before

you move it.
To update a node, or view the status of a node, select the edit link on the node to view the Node
Detail screen. From the edit window, you can:
View the total users assigned to the node.
Verify the status of the node.
If you turn on High Availability in the subcluster, the critical services that Cisco Unified
Presence monitors on the node for failover are marked in the Monitored column.
If you turn on High Availability, you can also view the High Availability state of the node, and
the reason for this state.
Select Cisco Unified Presence Administration > Diagnostics > System Troubleshooter to verify
the status of your topology configuration.
Related Topics
Configuring a Cisco Unified Presence Intercluster Deployment, page 16-1
6-9
Chapter 6
What To Do Next
Configuring User Assignment in System Topology

Note
This topic is only applicable if you have chosen to manually assign your users.
In system topology management GUI, you can manually unassign, assign or reassign users. You can
assign users to a single node, and you can also distribute groups of users across the node, or nodes, in a
cluster, or a given subcluster.
Before You Begin
Read the user assignment recommendations topic.
You may want to export users in bulk. Use the Bulk Administration Tool (BAT) to perform this
procedure.
Restriction
You can only assign licensed users.
If you turn on High Availability in a subcluster, note that you can only assign or move users to nodes
in that subcluster that are not in a failover state. Valid node states are Normal and Running in Backup
Mode.
Procedure
Step 1
Select Cisco Unified Presence Administration > System > Topology.
Step 2
Perform one of these actions:

If you want to:
Action
Assign users
Select Assign Users.
Unassign or reassign users
Select All Assigned Users in the left pane of the

system topology interface.
Step 3
Use the Find User Assignment window to find and display users.
Step 4
Perform one of the following actions:
Step 5
Check the users that you wish to assign, and select Assign Selected Users.
Select all users, and select Assign All Users.
Using the list boxes in the Change Assignment frame, specify your user assignment:
to a named node
to a named subcluster (auto-assigned)
to all subclusters (auto-assigned)
to nothing (unassigned)
6-10
Chapter 6

About High Availability Cisco Unified Presence Deployments
Step 6
Select Save.
Troubleshooting Tip
Select Cisco Unified Presence Administration > Diagnostics > System Troubleshooter to verify the
status of your topology configuration.
Related Topics
Planning a Cisco Unified Presence Multi-Node Deployment, page 4-1
For information about exporting users in bulk using BAT, see the Online Help in Cisco Unified
Presence Administration.
High Availability in a Subcluster, page 6-11
Impact of Failover to Cisco Unified Presence Clients and Services, page 6-12
Automatic Failover Detection, page 6-13
Automatic Fallback, page 6-14
Cisco UP Server Recovery Manager (SRM), page 6-15
Node State Definitions, page 6-16
Node States, Causes and Recommended Actions, page 6-17
Requirements for High Availability

The requirements for High Availability are:
You must be running Cisco Unified Presence release 8.5 (x), or a later 8.x release. Any earlier Cisco
Unified Presence 8.0(x) releases do not support High Availability.
Cisco Unified Presence supports High Availability at a subcluster level. Both nodes in the subcluster
must be running the same version of Cisco Unified Presence 8.x software for High Availability to
work.
High Availability in a Subcluster

Cisco Unified Presence supports High Availability in a subcluster meaning if a node in the subcluster
fails, the Instant Message and Availability services from that node can failover to the second node in the
subcluster.
You must manually turn on High Availability in a subcluster on the Cluster Topology interface on Cisco
Unified Presence Administration interface. On the main Cluster Topology interface, the subcluster icon
indicates that you have turned on High Availability on the subcluster.
6-11
Chapter 6
A green tick beside the High Availability icon indicates that High Availability in the subcluster is
running normally. A red x beside the High Availability icon indicates that the subcluster is in a failed
state.
Cisco Unified Presence automatically detects failover in a subcluster by monitoring the heartbeat and
monitoring the critical services on the peer node. When Cisco Unified Presence detects failover, it
automatically moves all users to the backup node. From the Cisco Unified Presence Administration
interface, you can initiate a manual fallback to the primary node. Cisco Unified Presence Release 8.6(4)
and later supports automatic fallback to the primary node after failover.
Caution
Cisco Unified Presence Release 8.6(3) and earlier does not perform an automatic fallback to the primary
node after failover. You must manually perform the fallback from the Cluster Topology interface,
otherwise the users that were moved will remain on the backup node.
Note
Cisco Unified Presence performs an automatic fallback when the backup activated node fails due to a
critical service failure and the peer node is in the Failed Over state and supports the automatic recovery
fallback.
To monitor and troubleshoot the status of the High Availability functionality on a subcluster, view the
High Availability states that Cisco Unified Presence assigns to each node. See Table 6-1 and Table 6-2
for descriptions of these states and recommended actions if the subcluster is in a failed state. If a failover
occurs, on the node detail screen, Cisco Unified Presence marks the users that have failed over to the
backup node.
Related Topics
Automatic Failover Detection, page 6-13
Automatic Fallback, page 6-14
Manual Failover and Fallback, page 6-15
Impact of Failover to Cisco Unified Presence Clients and Services

Cisco Unified Presence supports High Availability for Cisco Unified Personal Communicator Release
7.x and Cisco Unified Personal Communicator Release 8.5(x) and later.
During failover to the backup node, availability and instant messaging services are temporarily
unavailable on client applications. After failover is complete, the availability and instant messaging
services become available on the client again when the client signs back in. Similarly, if fallback occurs,
availability and instant messaging services are temporarily unavailable on client applications until
fallback completes and the client signs back in. Cisco Unified Personal Communicator signs users back
in automatically.
The impact of failover on temporary adhoc chat messages depends on the particular client application.
On Cisco Unified Personal Communicator, any adhoc chat windows that were open before failover
should display again after the failover is complete. However, if all of the users in a chat room
automatically exit the chat room as part of a failover or fallback process, or if the adhoc chat room is
hosted on a failed node, the adhoc chat windows will not display again after failover and a message is
displayed explaining that the chat room was deleted. On all clients, any persistent chat rooms that users
create on the failed node cannot be accessed again until recovery.
6-12
Chapter 6

If Cisco Unified Personal Communicator is operating in softphone mode (the user is on a voice call)
during failover, the voice call is not disconnected.
Automatic Failover Detection

Cisco Unified Presence uses these methods to automatically detect if a node fails:
Peer Heartbeat - In a subcluster, each node sends heartbeat intervals to the other node to check if
the node is up and running. If a node detects a loss of heartbeat in the peer node, the node initiates
a failover. You can configure the heartbeat interval and the heartbeat timeout from the Service
Parameters page on Cisco Unified Presence Administration interface.
Monitor Critical Services - Each node monitors a list of critical services. If the node detects that
any critical service is not running for a configurable outage period (ninety seconds is the default
value), it instructs the peer node to initiate a failover. You can configure this critical service delay
from the Service Parameters page on Cisco Unified Presence Administration interface. These are the
list of critical services that the node monitors:
Cisco DB (internal IDS database)
Cisco UP Presence Engine (if you activate this service)
Cisco UP XCP Router
Cisco UP Message Archiver (if you integrate Cisco Unified Presence with a third-party
off-board database, and you activate this service)

Cisco UP SIP Proxy (if you configure SIP federation, enable Partitioned Intradomain
Federation, or you have an intercluster connection with a Cisco Unified Presence Release 7.x
cluster, and you activate this service)
Cisco UP XCP SIP Federation Connection Manager (if you configure SIP federation, enable
Partitioned Intradomain Federation, or you have an intercluster connection with a Cisco Unified
Presence Release 7.x cluster, and you activate this service)
Cisco UP Presence DatastoreCisco Unified Presence Release 8.6(4) or later only
Cisco UP Route Datastore (if you configure SIP federation, enable Partitioned Intradomain
Federation, or you have an intercluster connection with a Cisco Unified Presence Release 7.x
cluster, and you activate this service)Cisco Unified Presence Release 8.6(4) or later only
You can view the critical services that Cisco Unified Presence monitors for failover on the node details
screen on the Cluster Topology interface. The critical services that Cisco Unified Presence monitors are
marked in the Monitored column in the services list.
Note
Cisco Unified Presence only detects a failover if a critical service is not running for the duration of
the outage period. It does not detect a failover in the case where one or more critical services are not
running during the outage period, but not for the duration of the outage period, for example, a rolling
outage. In this case, Cisco Unified Presence generates alarms indicating that services are starting
and stopping, and you can perform a manual failover on Cisco Unified Presence.
If you manually stop a critical service, and the service is stopped for longer than the permitted
outage period, failover will occur.
6-13
Chapter 6
Prior to Cisco Unified Presence Release 8.6, if Cisco Unified Presence detects the situation where both
nodes in the subcluster think they own the same user, both nodes go into a failed state, and you need to
perform a manual recovery from the Cluster Topology interface. In Cisco Unified Presence Release 8.6,
manual recovery is not required. When the network issue is resolved, auto-recovery occurs without
administrator intervention.
If manual recovery is required for another reason, you may experience IDS replication delays.
To check the status of the IDS replication on a node either:
Use this CLI command:

utils dbreplication runtimestate
Use the Cisco Unified Reporting Tool (CURT). The Unified CUP Database Status report displays
a detailed status of the cluster.
Related Topics
Performing a Manual Failover to Backup Node, page 6-25
Configuring the Advanced Service Parameters for the Server Recovery Manager, page 6-23
Cisco UP Replication Watcher Service, page 5-1
Automatic Fallback
Cisco Unified Presence Release 8.6(4) and later supports automatic fallback to the primary node after a
failover. Automatic fallback is the process of moving users back to the primary node after a failover
without manual intervention. You can enable automatic fallback with the Enable Automatic Fallback
service parameter on the Cisco Unified Presence Administration interface.
Automatic fallback occurs in the following scenarios:
A critical service on Node A failsA critical service (for example, the Presence Engine) fails on
Node A. Automatic failover occurs and all users are moved to Node B. Node A is in a state called
"Failed Over with Critical Services Not Running". When the critical service recovers, the node state
changes to "Failed Over. When this occurs Node B tracks the health of Node A for 30 minutes. If
no heartbeat is missed in this time frame and the state of each node remains unchanged, automatic
fallback occurs.
Node A is rebootedAutomatic failover occurs and all users are moved to Node B. When Node A
returns to a healthy state and remains in that state for 30 minutes automatic fallback occurs.
Node A loses communications with Node BAutomatic failover occurs and all users are moved to
Node B. When communications are re-established and remain unchanged for 30 minutes automatic
fallback occurs.
If failover occurs for a reason other than one of the three scenarios listed here, you must recover the node
manually. If you do not want to wait 30 minutes before the automatic fallback, you can perform a manual
fallback to the primary node.
Related Topics
Performing a Manual Fallback to Primary Node, page 6-26
6-14
Chapter 6

Cisco UP Server Recovery Manager (SRM)

The Cisco UP Server Recovery Manager (SRM) on Cisco Unified Presence manages the failover
between nodes in a subcluster. The Cisco UP Server Recovery Manager manages all state changes in a
node; state changes are either automatic or initiated by the administrator (manual).
After you turn on High Availability in a subcluster, the Cisco UP Server Recovery Manager on each node
establishes heartbeat connections with the peer node, and begins to monitor the critical processes.
The SRM is responsible for the user move operations after it detects that failover has occurred. It is the
SRM on the peer node, not on the failed node, that performs the user move operation. For example, if
node A fails, the SRM on node B performs the user move operation. The SRM throttles the number of
users moved to the peer node, it moves the users in batches or iterations. You can configure the number
of users that the SRM moves per iteration (the default value is 25). On failover, the SRM will move users
that are signed in first, and then move users that are not signed in. Note that if you initiate a fallback, or
for Cisco Unified Presence Release 8.6(4) or later automatic fallback occurs, users that are not signed in
are moved first, and then users that are signed in.
If the SRM is not turned on, it does not monitor any critical processes, nor does it monitor the heartbeat
connections with the peer node.
Caution
Before you turn on High Availability in a subcluster, you must configure the SRM service parameters to
properly reflect your deployment, see High Availability Client Login Profiles, page B-1.
Related Topics
Manual Failover and Fallback

From the Cluster Topology interface, you can perform the following procedures:
Initiate a manual failover for a subcluster. When you initiate a manual failover, the Cisco UP Server
Recovery Manager stops the critical services on the failed node, and moves all users to the backup
node.
Initiate a manual fallback from the Cluster Topology interface, where the Cisco UP Server Recovery
Manager restarts critical services on the primary node and moves users back to the primary node.
Perform a manual recovery for a subcluster (when both nodes in the subcluster are in a failed state).
When you perform a manual recovery, Cisco Unified Presence restarts the Cisco UP Server
Recovery Manager service on both nodes in the subcluster.
Related Topics
Performing a Manual Recovery of a Subcluster, page 6-27
6-15
Chapter 6
Important Note About High Availability and Intercluster Deployments

When failover occurs, the Intercluster Sync Agent is responsible for communicating the user move
information to other clusters. The Intercluster Sync Agent runs on both the publisher and subscriber
nodes in a cluster. In an Active-Standby configuration, if the publisher node fails or the Intercluster Sync
Agent on the publisher node fails, the Intercluster Sync Agent on the subscriber node becomes Active
and resumes synchronization, meaning the other clusters will continue to receive the information that
users have moved to a different node. Intercluster presence and IM continue to work. Users that have
failed over will receive availability information for remote users. Remote users continue to receive
availability information and IMs from users that have failed over, and all IMs they send to a failed over
user are delivered. When the publisher node recovers, the publisher falls back to Active mode and the
subscriber returns to Standby mode.
Node State Definitions

Table 6-1 describes the different node states, and associated reasons. You can view the state of an
existing node by either viewing the node details or the subcluster details on the Cluster Topology
interface.
Note
These fields are only displayed on the Cluster Topology interface if you turn on High Availability in a
subcluster.
Table 6-1
Node State Descriptions
State
Description
Initializing
This is the initial (transition) state when the Cisco UP Server

Recovery Manager service starts; it is a temporary state.
Idle
Cisco Unified Presence is in Idle state when failover occurs and

services are stopped. In Idle state, the Cisco Unified Presence node
does not provide any availability or Instant Messaging services. In
Idle state, you can manually initiate a fallback to this node from the
Cluster Topology interface.
Normal
This is a stable state. The Cisco Unified Presence node is operating

normally. In this state, you can manually initiate a failover to this
node from the Cluster Topology interface.
Running in Backup Mode
This is a stable state. The Cisco Unified Presence node is acting as the
backup for its peer node. Users have moved to this (backup) node.
Taking Over
This is a transition state. The Cisco Unified Presence node is taking

over for its peer node.
Failing Over
This is a transition state. The Cisco Unified Presence node is being

taken over by its peer node.
Failed Over
This is a stable state. The Cisco Unified Presence node has failed
over, but no critical services are down. In this state, you can manually
initiate a fallback to this node from the Cluster Topology interface.
Failed Over with Critical

Services Not Running
This is a stable state. Some of the critical services on the Cisco

Unified Presence node have either stopped or failed.
6-16
Chapter 6

Note
These fields are only displayed on the Cluster Topology interface if you turn on High Availability in a
subcluster.
Table 6-1
Node State Descriptions
State
Description
Falling Back
This is a transition state. The system is falling back to this Cisco

Unified Presence node from the node running in Backup Mode.
Taking Back
This is a transition state. The failed Cisco Unified Presence node is

taking back over from its peer.
Running in Failed Mode
An error occurs during the transition states or Running in Backup

Mode state.
Unknown
State unknown.
Related Topic
Node States, Causes and Recommended Actions

Table 6-2 describes the node states, reasons, causes, and recommended actions for failed states.
Table 6-2
Node High Availability states, causes and recommended actions
Node 1
State
Normal
Node 2
Reason
Normal
State
Normal
Reason
Normal
Cause/Recommended Actions
High Availability is running on both nodes in the
subcluster.
Subcluster is running normally (it is in non failover
mode). The critical services on both nodes in the
subcluster are running.
Failing Over On Admin

Request
Taking Over
On Admin Request The administrator initiates a manual failover from

node 1 to node 2. The manual failover is in progress.
Idle
Running in
Backup Mode
On Admin Request The manual failover from node1 to node 2 (initiated

by the administrator) is complete.
Taking Back On Admin

Request
Falling Back
On Admin Request The administrator initiates a manual fallback from

node 2 to node 1. The manual fallback is in progress.
Idle
Initialization
Running in
Backup Mode
On Admin Request The administrator restarts the SRM service on node 1

while node1 is in Idle state.
Idle
Initialization
Running in
Backup Mode
Initialization
On Admin
Request
The administrator restarts both nodes in the

subcluster, or restarts the SRM service on both nodes
in the subcluster, while the subcluster was in manual
failover mode (failover initiated by the administrator).
6-17
Chapter 6
Table 6-2
Node High Availability states, causes and recommended actions (continued)
Node 1
State
Idle
Node 2
Reason
On Admin
Request
State
Reason
Running in
Backup Mode
Initialization
The administrator restarts the SRM service on node 2

while node 2 is running in backup mode, but before
the heartbeat on node1 times out.
Failing Over On Admin

Request
Taking Over
Initialization
The administrator restarts the SRM service on node 2

while node 2 is taking over, but before the heartbeat
on node 1 times out.
Taking Back Initialization
Falling Back
On Admin Request The administrator restarts the SRM service on node 1

while taking back, but before the heartbeat on node 2
times out. After the taking back process is complete,
both nodes are in Normal state.
Taking Back Automatic

Fallback
Falling Back
Automatic Fallback Automatic Fallback has been initiated from node 2 to

node 1 and is currently in progress.
Note: This state applies to Cisco Unified Presence
Release 8.6(4) and later only.
Failed Over
Initialization or
Critical
Services Down
Running in
Backup Mode
Critical Service
Down
Node 1 transitions to Failed Over state when:

Critical service(s) come back up due to
reboot of node 1, or
The administrator starts critical service(s) on
node1 while node1 is in "Failed Over with

Critical Services Not Running" state
When node1 transitions to Failed Over state the node
is ready for the administrator to perform a manual
fallback to restore the nodes in the subcluster to
Normal state.
Failed Over Critical Service
with Critical Down
Services not
Running
Failed Over Database

with Critical Failure
Services not
Running
Running in
Backup Mode
Critical Service
Down
Recommended Actions:
Running in
Backup Mode
Database Failure
6-18
A critical service is down on node 1. Cisco Unified

Presence performs an automatic failover to node 2.
1.
Check what critical services are down on node 1,

and try to start these services manually.
2.
If the critical services on node 1 do not start,

reboot node 1.
3.
After the reboot and when all the critical services

are running, perform a manual fallback to restore
the nodes in the subcluster to Normal state.
A database service is down on node 1. Cisco Unified

Presence performs an automatic failover to node2.
1.
Reboot Node 1.
2.

Chapter 6

Table 6-2
Node 1
State
Node 2
Reason
Running in Start of Critical

Failed Mode Services Failed
State
Running in
Failed Mode
Reason
Start of Critical
Services Failed
Critical services fail to start while a node in subcluster
is taking back from the other node.
Recommended Actions: (on the node that is taking
back)
Running in Critical Service

Failed Mode Down
Running in
Failed Mode
Critical Service
Down
1.
Check what critical services are down on the

node. To start these services manually, select
Recovery on the subcluster details screen.
2.
If the critical services do not start, reboot the

node.
3.

Critical services go down while a node in subcluster

is running in backup mode for the other node.
Node1 is down due to loss of

network connectivity or the
SRM service is not running.
Running in
Backup Mode
Peer Down
1.
Check what critical services are down on backup

node. To start these services manually, select
Recovery on the subcluster details screen.
2.
If the critical services do not start, reboot the

subcluster.
Node2 has lost its heartbeat with node 1. Cisco

Unified Presence performs an automatic failover to
node 2.
Recommended Action:
(If node 1 is up)
1.
Check and repair the network connectivity

between nodes in the subcluster. When you
reestablish the network connection between the
nodes, the node may go into a failed state. Select
Recovery on the subcluster details screen to
restore the nodes in the subcluster to Normal
state.
2.
Start the SRM service, and perform manual

fallback to restore the nodes in the subcluster to
Normal state.
(If the node is down)

1.
Repair/Power up node1.
2.
When node is up and all critical services are

running, perform manual fallback to restore the
nodes in the subcluster to Normal state.
6-19
Chapter 6
Table 6-2
Node 1
State
Node 2
Reason
State
Node1 is down (due to possible Running in

power down, hardware failure, Backup Mode
shutdown, reboot)
Reason
Peer Reboot
Cisco Unified Presence performs an automatic
failover to node 2 due to possible hardware
failure/power down/restart /shutdown of Node 1.
Recommended Action:
Failed Over Initialization

with Critical
Services not
Running OR
Failed Over
Backup Mode
Peer Down During

Initialization
1.
Repair/Power up node 1.
2.
When node is up and all critical services are

running, perform manual fallback to restore the
nodes in the subcluster to Normal state.
Node 2 does not see Node 1 during startup.

Recommended Action:
When node1 is up and all critical services are running,
perform manual fallback to restore the nodes in the
subcluster to Normal state.
Running in Cisco UP Server Running in

Failed Mode
Failed Mode Recovery
Manager Take
Over Users
Failed
Cisco UP Server
Recovery Manager
Take Over Users
Failed
User move fails during taking over process.
Running in Cisco UP Server Running in

Failed Mode
Failed Mode Recovery
Manager Take
Back Users
Failed
Cisco UP Server
Recovery Manager
Take Back Users
Failed
User move fails during falling back process.
Running in Unknown
Failed Mode
Unknown
The SRM on a node restarts while the SRM on the

other node is in a failed state, or an internal system
error occurs.
Running in
Failed Mode
Recommended Action:
Possible database error. Select Recovery on the
subcluster details screen. If that doesn't resolve the
issue, reboot the subcluster.
Recommended Action:
Possible database error. Select Recovery on the
subcluster details screen. If that doesn't resolve the
issue, reboot the subcluster.
Recommended Action:
Select Recovery on the subcluster details screen. If
that does not resolve the issue, reboot the subcluster.
Backup
Activated
Auto Recover
Database
Failure
Failover
Affected
Services
Auto Recovery
Database Failure.
The Database goes down on the backup node. The

peer node is in failover mode and can take over for all
users in the subcluster. Auto-recovery operation
automatically occurs and all users are moved over to
the primary node.
Backup
Activated
Auto Recover
Database
Failure
Failover
Affected
Services
Auto Recover
Critical Service
Down
A critical service goes down on the backup node. The

peer node is in failover mode and can take over for all
users in the subcluster. Auto-recovery operation
automatically occurs and all users are moved over to
the peer node.
6-20
Chapter 6

How To Configure High Availability Cisco Unified Presence Deployments
Related Topics
How To Configure High Availability Cisco Unified Presence

Deployments
Turning On or Off High Availability for a Subcluster

Caution
Before you turn on High Availability in a subcluster, you must configure the SRM service parameters to
properly reflect your deployment, see High Availability Client Login Profiles, page B-1.
You have to manually turn on High Availability in a subcluster; Cisco Unified Presence does not turn on
High Availability in a subcluster by default. You can turn on High Availability in a subcluster when:
there are two nodes in the subcluster, and
both nodes have IP addresses that are resolvable addresses, and
both nodes are running Cisco Unified Presence Release 8.5 or higher.
You can either assign users to the nodes in the subcluster before or after you turn on High Availability
for the subcluster.
Before You Begin
Configure the subclusters and nodes in your network, and assign nodes to the subclusters.
Make sure critical services are running on both nodes in the subcluster before you turn on highavailability in a subcluster. If one or more critical services are not running on a node, when you turn
on High Availability, that node will failover to the backup node. When one or more critical services
are not running on one node in a subcluster, but all critical services are running on the second node,
the subcluster will go into a failed state after you turn on High Availability.
Restriction
You can only turn on High Availability in a subcluster when there are two nodes assigned to that
subcluster. The High Availability checkbox does not display when there are no nodes, or one node,
assigned to the subcluster.
6-21
Chapter 6
Procedure
Step 1
Cisco Unified Presence Administration > System > Cluster Topology.
Step 2
Select the edit link on the appropriate subcluster.
Step 3
Check Enable High Availability.
To turn off High Availability for the sublcluster, uncheck Enable High Availability.
Note
Step 4
Select Save.
Cisco Unified Presence displays the following information about High Availability for the subcluster
Field
Description
Monitored Node
The node in the subcluster that Cisco Unified Presence is

monitoring for failover detection.
Node State
The state of the node. See Node State Definitions,

page 6-16for definitions of the states.
Node Reason
The reason for the node state.
Node Action
The action you can take to change the state of the node:
Fallback - This option is displayed for nodes that are

in Idle or Failed Over states. Select to manually
initiate a fallback to this node.
Failover - This option is displayed for nodes that are

in Normal state. Select to manually initiate a failover
to this node.
Recovery - This option is displayed if both nodes in

the subcluster are in a failed state. Select to manually
initiate a recovery of the subcluster where Cisco
Unified Presence restarts the SRM service on both
nodes.
When you turn on High Availability in a subcluster, Cisco Unified Presence restarts the Cisco UP
Service Recovery Manager service and it begins to monitor for failover detection. To verify this
service is running, select Cisco Unified Serviceability > Tools > Control Center - Network
Services.
You can turn off High Availability in a subcluster, so the two nodes in the subcluster act as
standalone nodes. You can only turn off High Availability when the nodes in the subcluster are not
in a transition state (Failing Over, Falling Back). If you turn off High Availability in a subcluster
when either node is in a failed over scenario (Failed Over, Failed), users that Cisco Unified Presence
fails over to the backup node are homed to the backup node. Cisco Unified Presence will not move
these users back to the primary node, they remain on the backup node.
6-22
Chapter 6

The System Troubleshooter indicates if there are any two node subclusters without High Availability
turned on. Select Cisco Unified Presence Administration > Diagnostics > System
Troubleshooter.
Configuring the Advanced Service Parameters for the Server Recovery

Manager
Procedure
Step 1
Cisco Unified Presence Administration > System > Service Parameters.
Step 2
Select a Cisco Unified Presence server from the Server menu.
Step 3
Select Cisco UP Server Recovery Manager from the Service menu.
Step 4
Configure these service parameters:
Parameter
Description
Additional Information
Service Port
This parameter specifies the port that

Cisco UP Server Recovery Manager
uses to communicate with its peer.
If you modify this parameter, Cisco

Unified Presence restarts the Cisco
UP Server Recovery Manager on all
nodes in the cluster.
Admin RPC Port
This parameter specifies the port that

Cisco UP Server Recovery Manager
uses to provide admin RPC requests.
If you modify this parameter, Cisco

Unified Presence restarts the Cisco
UP Server Recovery Manager on all
Critical Service Down This parameter determines the

Delay
duration a critical service can be down
before Cisco Unified Presence initiates
an automatic failover.
Enable Automatic
Failover
This parameter turns automatic

failover on or off on Cisco Unified
Presence.
If you change this value, this affects

how long a critical service can be
down before Cisco Unified Presence
initiates an automatic failover.
This parameter is on by default. Turn
this parameter off only if you do not
want automatic failover on Cisco
Unified Presence and you only want
to perform manual failover.
Note: This parameter applies to
Cisco Unified Presence Release
8.6(3) and earlier only.
Enable Automatic
Fallback
This parameter turns automatic

fallback on or off on Cisco Unified
Presence.
This parameter is off by default. Turn

this parameter on only if you want to
enable automatic fallback on Cisco
Unified Presence.
Note: This parameter applies to
Cisco Unified Presence Release
8.6(4) and later only.
6-23
Chapter 6
Parameter
Description
Initialization Keep
Alive (Heartbeat)
Timeout
This parameter specifies the duration

that the heartbeat is lost with the peer
node (SRM) when the peer SRM
restarts and is in the initialization state.
We recommend that you configure

this value to at least twice the value
of the Keep Alive (Heartbeat)
Timeout in order to avoid
unnecessary failovers.
Keep Alive
(Heartbeat) Timeout
This parameter specifies the duration

that the heartbeat is lost with the peer
node (SRM) before Cisco Unified
Presence initiates an automatic
failover.
We recommend that you configure

this value to at least twice the value
of KeepAliveInterval value. If this
value is too close to the
KeepAliveInterval value, this can
cause a failover to occur.
Keep Alive (Heart

Beat) Interval
This parameter specifies the interval

between keep alive (heartbeat)
messages sent to the peer node.
N/A
Users Moved Per

Iteration
This parameter specifies the number of

users that Cisco Unified Presence
moves for each iteration when it
performs a failover or a fallback. There
is a delay of one second between each
iteration.
Increasing this value will shorten the

failover time at the expense of CPU.
Lowering the value will lengthen
failover time, but have less impact on
the CPU.
Caution
6-24
Before you configure the

Users Moved Per Iteration
parameter value, refer to
the High Availability
Client Login Profiles,
page B-1.
Chapter 6

Parameter
Description
Client Re-Login
Lower Limit
This parameter specifies the minimum

number of seconds which
will wait before attempting to re-login
to this Cisco Unified Presence server.
This waiting time occurs due to the
failure of a node or a critical service on
a node.
This parameter only applies to

Communicator Release 8.5 or higher
8.x releases.
Note
Client Re-Login
Upper Limit
Step 5
This parameter is per node.
This parameter specifies the maximum

number of seconds which
will wait before attempting to re-login
to this Cisco Unified Presence server.
This waiting time occurs due to the
failure of a node or a critical service on
a node.
Note
Caution
Refer to the High

Availability Client Login
Profiles, page B-1 for
guidelines on defining the
client re-login lower and
upper limits.
This parameter only applies to

Communicator Release 8.5 or higher
8.x releases.
Caution
This parameter is per node.
Refer to the High

Availability Client Login
Profiles, page B-1 for
guidelines on defining the
client re-login lower and
upper limits.
Select Save.
Related Topic
High Availability Client Login Profiles, page B-1
Performing a Manual Failover to Backup Node

You can perform a manual failover to the backup node in the subcluster using the Cluster Topology
interface. When you initiate a manual failover, the Cisco UP Server Recovery Manager stops the critical
services on that node, and moves all users to the backup node.
The Cisco UP Server Recovery Manager stops the following critical services on the node:
Cisco UP SIP Proxy
Cisco UP Presence Engine
Cisco UP XCP Router (this causes all XCP processes to stop)
Cisco UP Client Profile Agent
The Cisco UP Server Recovery Manager then move all users to the backup node
Restriction
You can only initiate a failover for a node that is in Normal state.
6-25
Chapter 6
Before You Begin
Make sure that these services are running on the Failing Over node:
Cisco UP XCP Connection Manager service
Cisco UP XCP Router
Procedure
Step 1
Step 2
Step 3
Select Failover in the Node Action column.
Step 4
Select Ok to confirm the failover operation.
Step 5
To verify the failover operation is complete and successful:
When the failover operation is in progress, the primary node should be in the Failing Over state,
and the backup node should be in the Taking Over state. When the failover operation is complete,
check that the backup node is in the state Running in Backup Mode, and the primary node is in
Idle state. If the failover is unsuccessful, and the nodes are in a failed state, see Table 6-2 for a
recommended action.
Check that the users have failed over to the backup node:
On the subcluster details screen, check that all users are now assigned to the backup node, and
no users are assigned to the primary node.

On the node details screen, the Failed Over column indicates the users that have failed over to
the backup node.
Related Topic
Performing a Manual Fallback to Primary Node

You can perform a manual fallback to the primary node in the Cluster Topology interface. When you
initiate a manual fallback, the Cisco UP Server Recovery Manager restarts any critical services that are
not already running on the primary node, and moves the failed over users back to the primary node.
When you manually initiate a fallback, the Cisco UP Server Recovery Manager restarts the following
services on the primary node (if they are not already running):
Cisco UP SIP Proxy
Cisco UP XCP Router
Any XCP services that were activated
Cisco UP Client Profile Agent
The Cisco UP Server Recovery Manager then moves all failed over users back to the primary node.
6-26
Chapter 6

Restriction
You can only initiate fallback for a node that is in Idle or Failed Over state.
Procedure
Step 1
Step 2
Step 3
Select Fallback in the Node Action column.
Step 4
Select Ok to confirm the fallback operation.
Step 5
To verify the fallback operation is complete and successful:
When fallback operation is in progress, the primary node should be in the Taking Back state, and
the backup node should be in the Falling Back state.When the fallback operation is complete,
check that both nodes are in Normal state. If the fallback is unsuccessful, and the nodes are in a
failed state, see Table 6-2 for a recommended action.
Check that the users have fallen back to the primary node.
On the subcluster details screen, check that all users are now assigned to the primary node, and
no users are assigned to the backup node.

On the node details screen, the Failed Over column should be empty.
Related Topic
Performing a Manual Recovery of a Subcluster

When you perform a manual recovery of a subcluster, Cisco Unified Presence restarts the Cisco UP
Server Recovery Manager service on both nodes in the subcluster.
Restriction
You can only initiate a recovery for a subcluster if both nodes are in a failed state.
Procedure
Step 1
Step 2
Step 3
Select Recovery in the Node Action column.
Step 4
See see Table 6-2 to verify the status of the subcluster after you perform the manual recovery.
6-27
Chapter 6 Configuring a Cisco Unified Presence Server for Deployment in the Network
Prior to Cisco Unified Presence Release 8.6, if Cisco Unified Presence detects the situation where both
nodes in the subcluster think that they own the same user, both nodes will go into a failed state, and you
will need to perform a manual recovery from the Cluster Topology interface. In Cisco Unified Presence
Release 8.6, manual recovery is not required. When the network issue is resolved, auto-recovery occurs
without administrator intervention.
If manual recovery is required for another reason, you may experience IDS replication delays. You can
check the status of the IDS replication on a node using this CLI command:
Utils dbreplication runtimestate
Related Topic
How to Configure the Cluster-Wide Routing Information on

Configuring the Domain Value, page 6-28
About the Routing Communication Type, page 6-30
Configuring the Routing Communication, page 6-31
Viewing or Configuring the Cluster ID, page 6-32
Configuring a Cluster-Wide Cisco Unified Presence Address, page 6-33
Configuring the Throttling Rate for Availability State Change Messages, page 6-34
Configuring the Domain Value
Changing the Domain Value, page 6-29
Replacing the Default Domain Value

The domain name specifies the DNS domain name of the Cisco Unified Presence server. Cisco Unified
Presence automatically defaults to the domain name DOMAIN.NOT.SET. You must replace this default
domain name with the DNS domain name in order for the SRM to initialize correctly in a High
Availability deployment.
If you are not using DNS in your network, and you did not set the domain at install, you must replace
this default value with the enterprise wide domain and ensure the node names are configured as IP
addresses or Cisco Unified Presence will not function correctly.
Perform this configuration on all nodes in your Cisco Unified Presence cluster.
Procedure
Step 1
Perform the following steps to configure the new domain value:

a.
b.
In the right pane, select Settings.
6-28
Chapter 6

c.
Configure the Domain Name value with the new domain.
a.
Select Cisco Unified Presence Administration > System > Service Parameters, and select the
Cisco UP SIP Proxy service.
b.
Configure the Federation Routing Cisco Unified Presence FQDN with the new domain.
c.
You will be prompted to confirm these configuration changes. Select OK for both prompts, and then
select Save.
Step 2
If you are using DNS, proceed with the remaining steps. If you are not using DNS, you have completed
the replacement of the default domain value.
Step 3
Use this CLI command to set the new domain:

set network domain <new_domain>
This CLI command invokes a reboot of the server.
Step 4
Note
Manually regenerate all certificates on the local Cisco Unified Presence server.
When you regenerate the Tomcat certificate, you must restart Tomcat. You can restart Tomcat after you
regenerate all of the certificates on the local server. Use this CLI command to restart Tomcat: utils
service restart Cisco Tomcat
Changing the Domain Value

Follow this procedure if you want to change the domain value (from one valid domain value to another
valid IP proxy domain value).
This procedure is applicable if you have a DNS or non-DNS deployment.
Note
It is highly recommended that you use a DNS deployment. In order to be considered valid, the domain
value must match the DNS domain name. Using a valid domain name ensures that the SRM initializes
correctly in a High Availability deployment.
Procedure
Step 1
Stop the Cisco UP SIP Proxy, Presence Engine and XCP Router services on Cisco Unified Presence on
all nodes in your cluster.
Step 2
On the publisher node, perform the following steps to configure the new domain value:
a.
b.
c.
Configure the Domain Name value with the new domain.
a.
Select Cisco Unified Presence Administration > System > Service Parameters, and select the
Cisco UP SIP Proxy service.
b.
Configure the Federation Routing Cisco Unified Presence FQDN with the new domain.
c.
You will be prompted to confirm these configuration changes. Select OK for both prompts, and then
select Save.
6-29
Step 3
On all nodes in the cluster, use this CLI command to set the new domain:
set network domain <new_domain>
This CLI command invokes a reboot of the servers
Step 4
On all nodes in the cluster, manually start the Cisco UP Presence Engine and Cisco UP XCP Router
services after the reboot is complete (if required).
Step 5
Manually regenerate all certificates on each node in the cluster.
Note
When you regenerate the Tomcat certificate, you must restart Tomcat. You can restart Tomcat after you
regenerate all of the certificates on the local server. Use this CLI command to restart Tomcat: utils
service restart Cisco Tomcat
Step 6
If you use DNS in your network, update the DNS configuration for the new domain. Update any host
records and any DNS SRV records that you require for the new domain
Step 7
Configure any XMPP clients with the new domain.
About the Routing Communication Type
Routing Communication Recommendations, page 6-30
MDNS Routing and Cluster ID, page 6-31
Routing Communication Recommendations

MDNS is the default mechanism for establishing the XCP route fabric on Cisco Unified Presence; the
network automatically establishes router-to-router connections between all Cisco Unified Presence
nodes in a cluster. A requirement for MDNS routing is that all nodes in the cluster are in the same
multicast domain. We recommend MDNS routing because it can seamlessly support new XCP routers
joining the XCP route fabric.
If you select MDNS as the routing communication, you must have multicast DNS enabled in your
network. In some networks multicast is enabled by default, or enabled in a certain area of the network,
for example, in an area that contains the nodes that form the cluster. In these networks, you do not need
to perform any additional configuration in your network to use MDNS routing. When multicast DNS is
disabled in the network, MDNS packets cannot reach the other nodes in a cluster. If multicast DNS is
disabled in your network, you must perform a configuration change to your network equipment to use
MDNS routing.
Alternatively, you can select router-to-router communication for your deployment. In this case, Cisco
Unified Presence dynamically configures all router-to-router connections between nodes in a cluster.
Select this routing configuration type if all the nodes in your cluster are not in the same multicast
domain. Note that when you select router-to-router communication:
Your deployment will incur the additional performance overhead while Cisco Unified Presence
establishes the XCP route fabric.
You do not need to restart the Cisco UP XCP Router on any node in your deployment when you add
a new node.
If you delete or remove a node, you must restart the Cisco UP XCP Router on all nodes in your
deployment.
6-30
Chapter 6

Related Topics
MDNS Routing and Cluster ID

At installation, the system assigns a unique cluster ID to the Cisco Unified Presence publisher node. The
systems distributes the cluster ID so that all nodes in your cluster share the same cluster ID value. The
nodes in the cluster use the cluster ID to identify other nodes in the multicast domain using MDNS. A
requirement for MDNS routing is that the cluster ID value is unique to prevent nodes in one standalone
Cisco Unified Presence cluster from establishing router-to-router connections with nodes in another
standalone cluster. Standalone clusters should only communicate over intercluster peer connections.
Select Cisco Unified Presence Administration > Presence > Settings to view or configure the cluster
ID value for a cluster. If you change the cluster ID value, make sure that the value remains unique to
your Cisco Unified Presence deployment.
Note
If you deploy the Chat feature, Cisco Unified Presence uses the cluster ID value to define chat server
aliases. There are certain configuration scenarios that may require you to change the cluster ID value.
See the Group Chat module for details.
Related Topics
Routing Communication Recommendations, page 6-30
Configuring the Routing Communication

To allow the nodes in a cluster to route messages to each other, you must configure the routing
communication type. This setting determines the mechanism for establishing router connections
between nodes in a cluster. Configure the routing communication type on the publisher node, and Cisco
Unified Presence applies this routing configuration to all nodes in the cluster.
For single node Cisco Unified Presence deployments, we recommend that you leave the routing
communication type at the default setting.
Caution
You must configure the routing communication type before you complete your cluster configuration and
start to accept user traffic into your Cisco Unified Presence deployment.
Before You Begin
If you want to use MDNS routing, confirm that MDNS is enabled in your network.
If you want to use router-to-router communication, and DNS is not available in your network, for
each node you must configure the IP address as the node name in the cluster topology. to edit the
node name, select Cisco Unified Presence Administration > System > Cluster Topology, and
click the edit link on a node. Perform this configuration after you install Cisco Unified Presence,
and before you restart the Cisco UP XCP Router on all nodes.
6-31
Procedure
Step 1
Step 2
Step 3
Select one of these Routing Communication Types from the menu:

Multicast DNS (MDNS)- Select Multicast DNS communication if the nodes in your cluster are in the
same multicast domain. Multicast DNS communication is enabled by default on Cisco Unified Presence.
Router to Router - Select Router-to-Router communication if the nodes in your cluster are not in the
same multicast domain.
Step 4
Select Save.
Step 5
Restart the Cisco UP XCP Router service on all nodes in your deployment.
Related Topics
About the Routing Communication Type, page 6-30
Viewing or Configuring the Cluster ID

At installation, the system assigns a default unique cluster ID to the Cisco Unified Presence publisher
node. If you configure multiple nodes in the cluster, the systems distributes the cluster ID so that each
node in your cluster shares the same cluster ID value.
We recommend that you leave the cluster ID value at the default setting. If you do change the cluster ID
value, note the following:
If you select MDNS routing, all nodes must have the same cluster ID to allow them to identify other
nodes in the multicast domain.
If you are deploying the Group Chat feature, Cisco Unified Presence uses the cluster ID value for
chat server alias mappings, and there are certain configuration scenarios that may require you to
change the cluster ID value. See the Group Chat module for details.
If you change the default Cluster ID value, you only need to make this change on the publisher node,
and the system replicates the new Cluster ID value to the other nodes in the cluster.
Procedure
Step 1
Step 2
Step 3
View or edit the Cluster ID value.
Note
By default, Cisco Unified Presence assigns the cluster ID value StandaloneCluster to a cluster.
6-32
Chapter 6

Step 4
Select Save.
Troubleshooting Tip
Cisco Unified Presence Release 8.x does not permit the underscore character (_) in the Cluster ID value.
If you perform an upgrade to Cisco Unified Presence Release 8.x, make user the Cluster ID value does
not contain this character.
Related Topics
Configuring a Cluster-Wide Cisco Unified Presence Address

This procedure is only applicable if you are configuring a multi-node deployment. Configure the
cluster-wide Cisco Unified Presence address on the publisher node, and Cisco Unified Presence will
replicate the address on all nodes in the cluster.
Note
When you configure a cluster-wide Cisco Unified Presence address, set the port of SRV to 5060.
Before You Begin
Read the cluster-wide DNS SRV topic.

Procedure
Step 1
Select Cisco Unified Presence Administration > System > Service Parameters.
Step 2
Select the Cisco Unified Presence server from the Server menu.
Step 3
Select Cisco UP Sip Proxy from the Service menu.
Step 4
Edit the SRV Cluster Name field in the General Proxy Parameters (Clusterwide) section.
By default this parameter is empty.
Step 5
Select Save.
Related Topic

What To Do Next
Upload the licenses on Cisco Unified Presence. For more information, see the Upgrade Guide for Cisco
Unified Presence Release 8.6.
6-33
Chapter 6
How to Configure Static Routes on Cisco Unified Presence
Configuring the Throttling Rate for Availability State Change Messages

To prevent an overload of the on Cisco Unified Presence, you can configure the rate of availability
(presence) changes sent to the Cisco UP XCP Router in messages per second. When you configure this
value, Cisco Unified Presence throttles the rate of availability (presence) changes back to meet the
configured value.
Procedure
Step 1
Step 2
Step 3
Select Cisco UP Presence Engine from the Service menu.
Step 4
In the Clusterwide Parameters section, edit the Presence Change Throttle Rate parameter. This
parameter defines the number of presence updates per second.
Step 5
Select Save.

If you configure a static route for SIP proxy server traffic, consider the following:
A dynamic route represents a path through the network that is automatically calculated according to
routing protocols and routing update messages.
A static route represents a fixed path that you explicitly configure through the network.
Static routes take precedence over dynamic routes.
Route Embed Templates, page 6-34
Configuring Route Embed Templates on Cisco Unified Presence, page 6-35
Configuring Static Routes on Cisco Unified Presence, page 6-36
Route Embed Templates

You must define a route embed template for any static route pattern that contains embedded wildcards.
The route embed template contains information about the leading digits, the digit length, and location of
the embedded wildcards. Before you define a route embed template, consider the sample templates we
provide below.
When you define a route embed template, the characters that follow the '.' must match actual telephony
digits in the static route. In the sample route embed templates below, we represent these characters with
'x'.
Sample Route Embed Template A
Route embed template: 74..78xxxxx*
With this template, Cisco Unified Presence will enable this set of static routes with embedded wildcards:
6-34
Chapter 6

Destination Pattern
Next Hop Destination
74..7812345*
1.2.3.4:5060
74..7867890*
5.6.7.8.9:5060
74..7811993*
10.10.11.37:5060
With this template, Cisco Unified Presence will NOT enable these static route entries:
73..7812345* (The initial string is not 74 as the template defines)
74..781* (The destination pattern digit length does not match the template)
747812345* (The number of wildcards does not match the template)
Sample Route Embed Template B

Route embed template: 471.xx*
With this template, Cisco Unified Presence will enable this set of static routes with embedded wildcards:
Destination Pattern
Next Hop Destination
471.34*
20.20.21.22
47155*
21.21.55.79
With this template, Cisco Unified Presence will NOT enable these static route entries:
47344* (The initial string is not 471 as the template defines)
4714* (The string length does not match template)
471.450* (The number of wildcards does not match template)
Configuring Route Embed Templates on Cisco Unified Presence

You can define up to five route embed templates. However, there is no limit to the number of static routes
that you can define for any route embed template.
A static route that contains an embedded wildcard must match at least one of the route embed templates.
Procedure
Step 1
Step 2
Select a Cisco Unified Presence server.
Step 3
Select the Cisco UP SIP Proxy service.
Step 4
Define a route embed templates in the RouteEmbedTemplate field in the Routing Parameters
(Clusterwide) section. You can define up to five route embed templates.
6-35
Chapter 6
Step 5
Select Save.
What To Do Next
Configuring Static Routes on Cisco Unified Presence, page 6-36
Configuring Static Routes on Cisco Unified Presence

Procedure
Step 1
Select Cisco Unified Presence Administration > Routing > Static Routes.
Step 2
Select Add New.
Step 3
Configure these static route settings:
Field
Description
Destination Pattern
This field specifies the pattern of the incoming number, up to a maximum

of 255 characters.
The SIP proxy allows only 100 static routes to have an identical route
pattern. If you exceed this limit, Cisco Unified Presence logs an error.
Wildcard Usage
You can use "." as a wildcard for a single character and "*" as a wildcard
for multiple characters.
Cisco Unified Presence supports embedded '.' wildcard characters in
static routes. However, you must define route embed templates for static
routes that contain embedded wildcards. Any static route that contains an
embedded wildcard must match at least one route embed template. See
the route embed template topic (referenced in the Related Topics section
below) for information about defining route embed templates.
For phones:
A dot can exist at the end of the pattern, or embedded in a pattern. If

you embed the dot in a pattern, you must create a route embed
template to match the pattern.
An asterisk can only exist at the end of the pattern.
For IP addresses and host names:
You can use an asterisk as part of the a host name.
The dot acts as a literal value in a host name.
An escaped asterisk sequence, \*, matches a literal * and can exist

anywhere.
Description
Specifies the description of a particular static route, up to a maximum of

255 characters.
6-36
Chapter 6

Field
Description
Next Hop
Specifies the domain name or IP address of the destination (next hop) and
can be either a Fully Qualified Domain Name (FQDN) or dotted IP
address.
Cisco Unified Presence supports DNS SRV-based call routing. To specify
DNS SRV as the next hop for a static route, set this parameter to the DNS
SRV name.
Next Hop Port
Specifies the port number of the destination (next hop). The default port
is 5060.
Cisco Unified Presence supports DNS SRV-based call routing. To specify
DNS SRV as the next hop for a static route, set the next hop port
parameter to 0.
Route Type
Specifies the route type: User or Domain. The default value is user.
For example, in the SIP URI "sip:19194762030@myhost.com" request,
the user part is '19194762030', and the host part is 'myhost.com'. If you
select User as the route type, Cisco Unified Presence uses the user-part
value '19194762030' for routing SIP traffic. If you select the Domain as
the route type, Cisco Unified Presence uses 'myhost.com' for routing SIP
traffic.
Protocol Type
Specifies the protocol type for this route, TCP, UDP, or TLS. The default
value is TCP.
Priority
Specifies the route priority level. Lower values indicate higher priority.
The default value is 1.
Value range: 1-65535
Weight
Specifies the route weight. Use this parameter only if two or more routes
have the same priority. Higher values indicate which route has the higher
priority.
Value range: 1-65535
Example: Consider these three routes with associated priorities and
weights:
1, 20
1, 10
2, 50
In this example, the static routes are listed in the correct order. The
priority route is based on the lowest value priority, that is 1. Given that
two routes share the same priority, the weight parameter with the highest
value decides the priority route. In this example, Cisco Unified Presence
directs SIP traffic to both routes configured with a priority value of 1, and
distributes the traffic according to weight; The route with a weight of 20
receives twice as much traffic as the route with a weight of 10. Note that
in this example, Cisco Unified Presence will only attempt to use the route
with priority 2, if it has tried both priority 1 routes and both failed.
Allow Less-Specific Route Specifies that the route can be less specific. The default setting is On.
6-37
Chapter 6
How to Configure the Presence Gateway on Cisco Unified Presence
Field
Description
In Service
Specifies whether this route has been taken out of service.

This parameter allows the administrator to effectively take a route out of
service (versus removing it completely and re-adding it).
Block Route Check Box

Step 4
Check to block the static route. The default setting is Unblocked.
Select Save.
Related Topics
Route Embed Templates, page 6-34
Configuring Route Embed Templates on Cisco Unified Presence, page 6-35
How to Configure the Presence Gateway on Cisco Unified

Presence
Configuring the Presence Gateway, page 6-39
Presence Gateway Configuration Option

You must configure Cisco Unified Communications Manager as a Presence Gateway on Cisco Unified
Presence to enable the SIP connection that handles the availability information exchange between Cisco
Unified Communications Manager and Cisco Unified Presence.
When configuring the Presence Gateway, specify the FQDN (Fully Qualified Domain Name) or the IP
address of the associated Cisco Unified Communications Manager server. Depending on your network
this value can be one of the following:
the FQDN address of the Cisco Unified Communications Manager publisher
a DNS SRV FQDN that resolves to the Cisco Unified Communications Manager subscriber nodes
the IP address of the Cisco Unified Communications Manager publisher
If DNS SRV is an option in your network, configure the following:

1.
Configure the Presence Gateway on the Cisco Unified Presence server with a DNS SRV FQDN of
the Cisco Unified Communications Manager subscriber nodes (equally weighted). This will enable
Cisco Unified Presence to share availability messages equally among all the servers used for
availability information exchange.
2.
On Cisco Unified Communications Manager, configure the SIP trunk for the Cisco Unified Presence
server with a DNS SRV FQDN of the Cisco Unified Presence publisher and subscriber.
If DNS SRV is not an option in your network, and you are using the IP address of the associated Cisco
Unified Communications Manager server, you cannot share presence messaging traffic equally across
multiple subscriber nodes because the IP address points to a single subscriber node.
6-38
Chapter 6

How To Configure the Authorization Policy on Cisco Unified Presence
Related Topic
Configuring the Presence Gateway

Before You Begin
Read the Presence Gateway configuration options topic.
Depending on your configuration requirements, obtain the FQDN, DNS SRV FQDN, or the IP
address of the associated Cisco Unified Communications Manager server.
Procedure
Step 1
Select Cisco Unified Presence Administration > Presence > Gateways.
Step 2
Select Add New.
Step 3
Select CUCM for the Presence Gateway Type.
Step 4
Enter a description of the presence gateway in the Description field.
Step 5
Specify the FQDN, DNS SRV FQDN, or the IP address of the associated Cisco Unified Communications
Manager server in the Presence Gateway field.
Step 6
Select Save.
Related Topic

What To Do Next
Configuring the Authorization Policy on Cisco Unified Presence, page 6-41
How To Configure the Authorization Policy on Cisco Unified

Presence
Automatic Authorization on Cisco Unified Presence, page 6-39
User Policy & Automatic Authorization, page 6-40
Automatic Authorization on Cisco Unified Presence

Cisco Unified Presence authorizes all presence subscription requests that it receives from SIP-based
clients in the local enterprise. A local user running a SIP-based client automatically receives the
availability status for contacts in the local enterprise, without being prompted to authorize these
subscriptions on the client. Cisco Unified Presence only prompts the user to authorize the subscription
6-39
Chapter 6
of a contact in the local enterprise if the contact is on the blocked list for the user. This is the default
authorization behavior for SIP-based clients on Cisco Unified Presence, and you cannot configure this
behavior.
In the XMPP network, it is standard behavior for the server to send all presence subscriptions to the
client, and the client prompts the user to authorize or reject the subscription. To allow enterprises to
deploy Cisco Unified Presence with a mix of SIP-based and XMPP-based clients (to align the
authorization policy for both client types), Cisco provides the following automatic authorization setting
on Cisco Unified Presence:
Caution
When you turn on automatic authorization, Cisco Unified Presence automatically authorizes all
presence subscription requests it receives from both XMPP-based clients and SIP-based in the local
enterprise. This is the default setting on Cisco Unified Presence.
When you turn off automatic authorization, Cisco Unified Presence only supports XMPP-based
clients. For XMPP-based clients, Cisco Unified Presence sends all presence subscriptions to the
client, and the client prompts the user to authorize or reject the presence subscription. SIP-based
clients will not operate correctly on Cisco Unified Presence when you turn off automatic
authorization.
If you turn off automatic authorization, SIP-based clients such as Cisco Unified Personal Communicator
Release 7.x are not supported. Only XMPP-based clients (Cisco Unified Personal Communicator
Release 8.0 and third-party XMPP clients) are supported when you turn off automatic authorization.
Related Topics
User Policy & Automatic Authorization, page 6-40
Integration Guide for Configuring Cisco Unified Presence for Interdomain Federation
User Policy & Automatic Authorization

In addition to reading the automatic authorization policy, Cisco Unified Presence reads the policy
settings for the user to determine how to handle presence subscription requests. Users configure the
policy settings from either the Cisco Unified Personal Communicator client and the Cisco Unified
Presence User Options interface. A user policy contains the following configuration options:
Blocked list - a list of local and external (federated) users that will always see the availability status
of the user as unavailable regardless of the true status of the user. The user can also block a whole
federated domain.
Allowed list - a list of local and external users that the user has approved to see their availability. The
user can also allow a whole external (federated) domain.
Default policy - the default policy settings for the user. The user can set the policy to block all users,
or allow all users.
On the Cisco Unified Presence User Options interface, the user can also select an ask me setting so that
the user is prompted to set their own Allow/Block policy for external contacts (except those external
contacts that a user explicitly adds to their Allowed/Blocked list).
Note that if you turn off automatic authorization, Cisco Unified Presence automatically authorizes
subscription requests a user that is on the contact list of another user. This applies to users in the same
domain, and users in different domains (federated users). For example:
6-40
Chapter 6

UserA wishes to subscribe the view the availability status of UserB. Automatic authorization is off
on Cisco Unified Presence, and UserB is not in the Allowed or Blocked list for the UserA.
Cisco Unified Presence sends the presence subscription request to the client application of UserB,
and the client application prompts userB to accept or reject the subscription.
UserB accepts the presence subscription request, and UserB is added to the contact list of UserA.
UserA is then automatically added to the contact list for UserB without being prompted to authorize
the presence subscription.
Cisco Unified Presence will automatically add UserA to the contact list of UserB even if the policy for
UserB (i) blocks the external domain, or (ii) the default policy for the user is block all, or (ii) ask me
is selected.
If you deploy interdomain federation between a local Cisco Unified Presence enterprise and a supported
external enterprise, Cisco Unified Presence does not apply the automatic authorization setting to
presence subscription requests received from external contacts, unless the user has applied a policy on
that external contact or domain. On receipt of a presence subscription request from an external contact,
Cisco Unified Presence will only send the subscription request to the client application if the user selects
ask me to be prompted to set their own Allow/Block policy for external contacts, and if the external
contact or domain is not in either the Allowed or Blocked list for the user. The client application prompts
the user to authorize or reject the subscription.
Note
Cisco Unified Presence uses common user policies for both availability and instant messages.
Related Topics
For information about the Cisco Unified Presence User Options interface, see the User Guide for
Cisco Unified Presence at this URL:
http://www.cisco.com/en/US/products/ps6837/products_user_guide_list.html
For information about the interdomain federation integration for Cisco Unified Presence, see the
Integration Guide for Configuring Cisco Unified Presence for Interdomain Federation at this URL:
t.html
Configuring the Authorization Policy on Cisco Unified Presence

See the Online Help topic in the Cisco Unified Presence Administration interface for a definition of all
the parameters on this window.
Procedure
Step 1
Select Cisco Unified Presence Administration > Presence > Settings.
Step 2
Configure the authorization setting as follows:
6-41
Chapter 6
If You Want To...
Do This
Check Allow users to view the availability of

Turn on automatic authorization so that
other users without being prompted for
Cisco Unified Presence automatically
approval.
authorizes all presence subscription
requests it receives from both XMPP-based
clients and SIP-based in the local
enterprise.
Turn off automatic authorization so that
Cisco Unified Presence only supports
XMPP-based clients, and sends all
presence subscriptions to the client where
the user is prompted to authorize or reject
the presence subscription.
Step 3
Select Save.
Step 4
Restart the Cisco UP XCP Router service.
Uncheck Allow users to view the availability of

other users without being prompted for
approval.
Related Topics
What To Do Next

The Cisco Unified Presence Bulk Assignment Tool (BAT) allows you to export the contact lists of users
who belong to a particular node or subcluster to a CSV data file. You can then use BAT to import the
user contact lists to another node or subcluster in a different cluster. The BAT user contact list export
and import features facilitate the moving of users between clusters. For more information about
importing user contact lists, see Bulk Import of User Contact Lists, page 6-44.
BAT allows you to find and select the users whose contact lists you want to export. The user contact lists
are exported to a CSV file with the following format:
<User ID>,<User Domain>,<Contact ID>,<Contact Domain>,<Nickname>,<Group Name>
Table 6-3 describes the parameters in the export file.

Table 6-3
Parameter
Description
User ID
The user ID of the Cisco Unified Presence user.
User Domain
The Presence domain of the Cisco Unified Presence user.
6-42
Description of Input File Parameters
Chapter 6

Parameter (continued)
Description
Contact ID
The user ID of the contact list entry.
Contact Domain
The Presence domain of the contact list entry.
Nickname
The nickname of the contact list entry.

If the user has not specified a nickname for a contact, the Nickname
parameter will be blank.
Group Name
The name of the group to which the contact list entry is to be added.
If a users contacts are not sorted into groups, the default group name will
be specified in the Group Name field.
The following is a sample CSV file entry:

userA,example.com,userB,example.com,buddyB,General
Complete the following procedure to export user contact lists with BAT and download the export file.
Procedure
Step 1
Select Cisco Unified Presence Administration > Bulk Administration > Contact List > Export
Step 2
Use the selection criteria to find the users whose contact lists you want to export. See the Online Help
topic in the Cisco Unified Presence Administration interface for more information about finding and
selecting users.
Step 3
Select Next.
Step 4
In the File Name field, enter a name for the CSV file.
Step 5
Select one of the following:
Select Run Immediately to execute the Bulk Administration job immediately.
Select Run Later to schedule a time to execute the Bulk Administration job. For more information
about scheduling jobs in BAT, see the Online Help in Cisco Unified Presence Administration.
Step 6
Select Submit. If you selected to run the job immediately, the job runs after you select Submit.
Step 7
To download the export file after the job has run, select Cisco Unified Presence Administration > Bulk
Administration > Upload/Download Files.
Step 8
Find and select the export file that you want to download.
Step 9
Select Download Selected.
Related Topic
Bulk Import of User Contact Lists, page 6-44
6-43
Chapter 6
Bulk Import of User Contact Lists

You can use the Cisco Unified Presence Bulk Assignment Tool (BAT) to import user contact lists into
Cisco Unified Presence. With this tool, you can prepopulate contact lists for new Cisco Unified Presence
client users or add to existing contact lists. To import user contact lists, you must provide BAT with an
input file that contains the user contact lists.
The input file must be a CSV file in the following format:
<User ID>,<User Domain>,<Contact ID>,<Contact Domain>,<Nickname>,<Group Name>
The following is a sample CSV file entry:

userA,example.com,userB,example.com,buddyB,General
Table 6-4 describes the parameters in the input file.

Table 6-4
Parameter
Description
User ID
The user ID of the Cisco Unified Presence user. It can have a maximum
132 characters.
Note
User Domain
Contact ID
This is a mandatory parameter.
The user ID of the contact list entry. It can have a maximum of 132
characters.
Note
Contact Domain
The Presence domain of the Cisco Unified Presence user. It can have a
maximum of 128 characters.
Note
The Presence domain of the contact list entry. The following restrictions
apply to the format of the domain name:
Length must be less than or equal to 128 characters
Contains only numbers, upper- and lowercase letters, and hyphens (-)
Must not start or end with hyphen (-)
Length of label must be less than or equal to 63 characters
Top-level domain must be characters only and have at least two

characters
Note
Nickname
The nickname of the contact list entry. It can have a maximum of 255
characters.
Group Name
The name of the group to which the contact list entry is to be added. It can
have a maximum of 255 characters.
Note
Note
Description of Input File Parameters
If you are moving users to another node or subcluster in a different cluster, you can use BAT to generate
the CSV file for selected users. See Bulk Export of User Contact Lists, page 6-42 for more information.
6-44
Chapter 6

Complete the following steps to import user contact lists into Cisco Unified Presence:
Check Maximum Contact List Size, page 6-45
Upload the Input File Using BAT, page 6-45
Create a New Bulk Administration Job, page 6-46
Check Results of Bulk Administration Job, page 6-46
Before You Begin
Before you import the user contact lists, you must complete the following:
Note
1.
Provision the users on Cisco Unified Communications Manager.
2.
Ensure that the users are licensed and assigned to Cisco Unified Presence.
The default contact list import rate is based on the server hardware type. You can change the contact list
import rate by selecting Cisco Unified Presence Administrator > System > Service Parameters >
Cisco Bulk Provisioning Service. However, if you increase the default import rate, this will result in
higher CPU and memory usage on Cisco Unified Presence.
Check Maximum Contact List Size

Before you import contact lists, Cisco recommends that you check the Maximum Contact List Size and
Maximum Watchers settings in Cisco Unified Presence. If a users contact list size is over the limit, no
contacts will be imported for the user. To ensure that no users contact list size exceeds the limit, you
can increase the Maximum Contact List Size setting or set it to Unlimited. This ensures that each user's
contact list is fully imported to Cisco Unified Presence.
Configuring the Maximum Contact List Size Per User, page 6-50 describes how to configure the
Maximum Contact List Size. Configuring the Maximum Number of Watchers Per User, page 6-51
describes how to configure the Maximum Watchers settings. The system default value is 200 for
Maximum Contact List Size and 200 for Maximum Watchers.
Note
You only need to check the maximum contact list size on those clusters that contain users for whom you
wish to import contacts. When you change Presence settings, the changes are applied to all nodes in the
cluster; therefore you only need to change these settings on the Cisco Unified Presence Publisher node
within the cluster.
What To Do Next
Upload the Input File Using BAT, page 6-45
Upload the Input File Using BAT

The following procedure describes how to upload the CSV file using BAT.
Procedure
Step 1
Select Cisco Unified Presence Administration > Bulk Administration > Upload/Download Files.
Step 2
Select Add New.
6-45
Chapter 6
Step 3
Select Browse to locate and select the CSV file.
Step 4
Select Contact Lists as the Target.
Step 5
Select Import Users Contacts Custom File as the Transaction Type.
Step 6
Select Save to upload the file.
What To Do Next
Create a New Bulk Administration Job, page 6-46
Create a New Bulk Administration Job

The following procedure describes how to create a new bulk administration job in Cisco Unified
Procedure
Step 1
Select Cisco Unified Presence Administration > Bulk Administration > Contact List > Update.
Step 2
From the File Name drop-down list, select the file to import.
Step 3
In the Job Description field, enter a description for this Bulk Administration job.
Step 4
Select one of the following:
Step 5
Select Run Immediately to execute the Bulk Administration job immediately.
Select Run Later to schedule a time to execute the Bulk Administration job. For more information
about scheduling jobs in BAT, see the Online Help in Cisco Unified Presence Administration.
Select Submit. If you selected to run the job immediately, the job runs after you select Submit.
What To Do Next
Check Results of Bulk Administration Job, page 6-46
Check Results of Bulk Administration Job

When the Bulk Administration job is complete, the Cisco Unified Presence BAT tool writes the results
of the contact list import job to a log file. The log file contains the following information:
The number of contacts that were successfully imported.
The number of internal server errors that were encountered while trying to import the contacts.
The number of contacts that were not imported (ignored). The log file lists a reason for each ignored
contact at the end of the log file. The following are the reasons for not importing a contact:
Invalid formatinvalid row format, for example, a required field is missing or empty
Invalid contact domainthe contact domain is in an invalid format; see Table 6-4 for the valid
format of the contact domain

Cannot add self as a contactyou cannot import a contact for a user if the contact is the user
6-46
Chapter 6

How To Configure the Availability Settings on Cisco Unified Presence
Users contact list is over limitthe user has reached the maximum contact list size and no more
contacts can be imported for that user

User is not assigned to local nodethe user is not assigned to the local node
The number of contacts in the CSV file that were unprocessed due to an error that caused the BAT
job to finish early. This error rarely occurs.
Complete the following procedure to access this log file.

Procedure
Step 1
Select Cisco Unified Presence Administration > Bulk Administration > Job Scheduler.
Step 2
Select Find and select the job ID of the contact list import job.
Step 3
Select the Log File Name link to open the log.
How To Configure the Availability Settings on Cisco Unified

Presence
Turning On or Off Availability Sharing for a Cisco Unified Presence Cluster, page 6-47
Configuring the Do Not Disturb Settings on Cisco Unified Presence, page 6-48
Configuring the Temporary Presence Subscription Settings, page 6-49
Configuring the Maximum Contact List Size Per User, page 6-50
Configuring the Maximum Number of Watchers Per User, page 6-51
Turning On or Off Availability Sharing for a Cisco Unified Presence Cluster

This procedure describes how to turn on or off availability sharing for all client applications in a Cisco
Unified Presence cluster.
Availability sharing is turned on by default on Cisco Unified Presence.
Procedure
Step 1
Step 2
Configure the availability setting as follows:
6-47
Chapter 6
If You Want To...
Do This
Check Enable availability sharing.

Turn on availability sharing in the Cisco Unified Presence
cluster. If you turn on this setting, Cisco Unified Presence shares
availability information for a user amongst all users in the
cluster, based on the policy settings for that user.
The default policy setting for a user is to allow all other users
view their availability. Users configure their policy settings from
either the Cisco Unified Personal Communicator client and the
Cisco Unified Presence User Options interface.
Turn off availability sharing for all clients in the Cisco Unified
Presence cluster. If you turn off this setting, Cisco Unified
Presence does not share any availability to other users in the
Cisco Unified Presence cluster, nor does it share availability
information it receives from outside the cluster. Users can only
view their own availability status.
Step 3
Select Save.
Step 4
Restart the following services:
Cisco UP XCP Router
Cisco UP Presence e Engine
Uncheck Enable availability

sharing.
When you turn off availability sharing, a user can view their own availability status on the client
application; the availability status for all other users are greyed out.
When you turn off availability sharing, when a user enters a chat room, their availability status
shows a status of Unknown with a green icon.
Configuring the Do Not Disturb Settings on Cisco Unified Presence

You can configure global administrator-level Do Not Disturb (DND) availability states as an alternative
to the Busy state for phone calls and meetings. Cisco Unified Presence then sets global
administrator-level Do Not Disturb (DND) availability states on all instant message client applications.
Note the following behavior for the DND feature:
Cisco Unified Presence does not pass the administrator-level DND status to associated devices for
the user.
The administrator-level DND settings impact future calls and meetings, not those calls and meetings
in progress at the time that you configure the DND setting.
If you turn off availability sharing on Cisco Unified Presence, the DND settings only impact users when
they view their own availability.
6-48
Chapter 6

Procedure
Step 1
Step 2
Configure the administrator-level DND setting as follows:
If You Want...
Do This
Cisco Unified Presence to display an availability status of Check Use DND status when user is on
DND when users are on the phone. If you turn off (uncheck) the phone.
this setting, Cisco Unified Presence displays a status of
Busy when users are on the phone.
By default, this setting is turned off.
Cisco Unified Presence to display an availability status of Check Use DND status when user is in
DND when users are in a meeting. If you turn off (uncheck) a meeting.
this setting, Cisco Unified Presence displays a status of
Busy when users are in a meeting.
By default, this setting is turned off.
Step 3
Select Save.
Related Topic
Do Not Disturb Behavior of Cisco Unified Personal Communicator, page 14-13
Configuring the Temporary Presence Subscription Settings

Note
This section only applies if you deploy Cisco Unified Personal Communicator Release 8.5 or higher with
These settings allow Cisco Unified Personal Communicator users to initiate temporary presence
subscriptions to users that are not on their contact list.
Procedure
Step 1
Step 2
Check Enable ad-hoc presence subscriptions to turn on temporary presence subscriptions for
Cisco Unified Personal Communicator Release users.
Step 3
Configure the maximum number of active temporary subscriptions that Cisco Unified Presence permits
at one time. If you configure a value of zero, Cisco Unified Presence permits an unlimited number of
active temporary subscriptions.
Step 4
Configure the time-to-live value (in seconds) for the temporary presence subscriptions.
When this time-to-live value expires, Cisco Unified Presence drops any temporary presence
subscriptions and no longer temporarily monitors the availability status for that user.
6-49
Chapter 6
Note
Step 5
If the time-to-live value expires while the user is still viewing an instant message from a temporary
presence subscription, the availability status that displays may not be current.
Select Save.
Troubleshooting Tip
You do not have to restart any services on Cisco Unified Presence for this setting, however Cisco Unified
Personal Communicator users will have to sign out, and sign back in, to retrieve the latest temporary
presence subscriptions settings on Cisco Unified Presence.
Configuring the Maximum Contact List Size Per User

You can configure the maximum contact list size for a user; this is the number of contacts the user can
add to their contact list. This setting applies to the contact list on Cisco Unified Personal Communicator
client applications and on third-party client applications.
Note
Users who reach the maximum number of contacts are unable to add new contacts to their contact list,
nor can other users add them as a contact.
Procedure
Step 1
Step 2
Edit the value of the Maximum Contact List Size (per user) setting.
Step 3
Select Save.
Step 4
If you upgrade from Cisco Unified Presence Release 7.0(x) to Release 8.x, check that the contact
list size for users has not reached the maximum value. The System Troubleshooter in Cisco Unified
Presence Administration indicates if there are users who have reached the contact list limit.
If a user is close to the maximum contact list size, and the user adds a group of contacts that pushes
the contact list over the maximum number, Cisco Unified Presence does not add the surplus contacts.
For example, if the maximum contact list size on Cisco Unified Presence is 200. A user has 195
contacts and attempts to add 6 new contacts to the list, Cisco Unified Presence adds five contacts
and does not add the sixth contact.
Related Topics
Configuring the Maximum Number of Watchers Per User, page 6-51
6-50
Chapter 6

How to Configure the Instant Messaging Settings on Cisco Unified Presence
Performing intercluster upgrades. For more information, see the Upgrade Guide for Cisco Unified
Presence Release 8.6.
Configuring the Maximum Number of Watchers Per User

You can configure the number of watchers for a user, specifically the maximum number of people that
can subscribe to see the availability status for a user. This setting applies to the contact list on
Cisco Unified Personal Communicator clients and on third-party clients.
Procedure
Step 1
Step 2
Edit the value of the Maximum Watchers (per user) setting.

Step 3
Select Save.
Step 4
How to Configure the Instant Messaging Settings on Cisco

Unified Presence
Turning On or Off Instant Messaging for a Cisco Unified Presence Cluster, page 6-51
Turning On or Off Offline Instant Messaging, page 6-52
Allowing Clients to Log Instant Message History, page 6-53
Turning On or Off Instant Messaging for a Cisco Unified Presence Cluster

This procedure describes how to turn on or off instant message capabilities for all client applications in
a Cisco Unified Presence cluster. Instant message capabilities is turned on by default on Cisco Unified
Presence.
Caution
When you turn off instant message capabilities on Cisco Unified Presence, all group chat functionality
(adhoc and persistent chat) will not work on Cisco Unified Presence. We recommend that you do not turn
on the Cisco UP XCP Text Conference service or configure an external database for persistent chat on
Procedure
Step 1
Select Cisco Unified Presence Administration > Messaging > Settings.
Step 2
Configure the instant messaging setting as follows:
6-51
How to Configure the Instant Messaging Settings on Cisco Unified Presence
If You Want To...
Do This
Turn on instant message capabilities for client applications in Check Enable instant messaging.
the Cisco Unified Presence cluster. If you turn on this setting,
local users of client applications can send and receive instant
messages.
Turn off instant message capabilities for client applications in Uncheck Enable instant messaging.
the Cisco Unified Presence cluster.
If you turn off this setting, local users of client applications
cannot send and receive instant messages.Users can only use
the instant messaging application for availability and phone
operations. If you turn off this setting, users do not receive
instant messages from outside the cluster.
Step 3
Select Save.
Step 4
Turning On or Off Offline Instant Messaging

By default Cisco Unified Presence stores (locally) any instant messages that are sent to a user when they
are offline, and Cisco Unified Presence delivers these instant messages to the user the next time they sign
in to the client application. You can turn off (suppress) this feature so Cisco Unified Presence does not
store offline instant messages. For example, in large deployments, this feature could require significant
message storage, so you may want to suppress offline instant messages to increase performance.
Procedure
Step 1
Step 2
Configure the offline instant messaging setting as follows:
If You Want To...
Do This
Check Suppress Offline Instant

Turn off the storage of offline instant messages on Cisco
Messaging.
Unified Presence. If you check this setting, any instant
messages that are sent to a user when they are offline, Cisco
Unified Presence does not deliver these instant messages to the
user the next time they sign in to the client application.
Turn on the storage of offline instant messages on Cisco
Unified Presence If you uncheck this setting, any instant
messages that are sent to a user when they are offline, Cisco
Unified Presence delivers these instant messages to the user
the next time they sign in to the client application.
6-52
Uncheck Suppress Offline Instant

Messaging.
Chapter 6

Step 3
Select Save.
Allowing Clients to Log Instant Message History

You can prevent or allow users to log instant message history locally on their computer. On the client
side, the application must support this functionality; it must enforce the prevention of instant message
logging.
Procedure
Step 1
Step 2
Configure the log instant message history setting as follows:
Step 3
If You Want To...
Do This
Allow users of client applications to log instant

message history on Cisco Unified Presence.
Check Allow clients to log instant message

history (on supported clients only).
Prevent users of client applications from logging

instant message history on Cisco Unified Presence.
Uncheck Allow clients to log instant message

history (on supported clients only).
Select Save.

When you turn on this setting, Cisco Unified Communications Manager publishes phone presence for
all line appearances that are associated with Cisco Unified Presence licensed users.
This procedure is the same operation as assigning a SIP trunk as the CUP PUBLISH trunk in Cisco
Unified Communications Manager service parameters.
Procedure
Step 1
Step 2
Select a SIP Trunk from the CUCM SIP Publish Trunk drop-down list.
Step 3
Select Save.
6-53
Chapter 6

Procedure
Step 1
Select Cisco Unified Presence Administration > Presence > Routing > Settings.
Step 2
Select On for the Method/Event Routing Status.
Step 3
Select Default SIP Proxy TCP Listener for the Preferred Proxy Server.
Step 4
Select Save.
What To Do Next
How to Configure Cisco IP Phone Messenger on Cisco Unified Presence, page 11-3, or
About Configuring Cisco Unified Personal Communicator on Cisco Unified Presence, page 12-20
Turning On the Cisco Unified Presence Service, page 6-55
Turning On the Sync Agent

We recommend that you turn on the Sync Agent on all Cisco Unified Presence nodes in the cluster.
Before You Begin
Configure the topology for your deployment before starting the Sync Agent.
If you deploy the Cisco Unified Personal Communicator client with Cisco Unified Presence, and
you configure system-wide default application profiles (LDAP, CTI Gateway, Voicemail,
Conferencing profiles) for your users, configure and enable the default profiles before you activate
the Sync Agent.
Procedure
Step 1
Step 2
Step 3
Select Cisco UP Sync Agent server from the Service menu.
Step 4
Select a value for the User Assignment Mode as follows:
If set to Balanced, the Sync Agent synchronizes user information to Cisco Unified Presence, and
then assigns the users to each node in an attempt to balance the user assignment evenly across all
nodes.
If set to Active/Standby, the Sync Agent synchronizes user information to Cisco Unified Presence,
and assigns the total number of users to the first node of a subcluster only. If there is only a single
node in the subcluster, the Sync Agent uses this node for assignment regardless of the location of
the node within the subcluster.
6-54
Chapter 6

Step 5
If set to None, the Sync Agent synchronizes user information to Cisco Unified Presence but does
not assign any users. You must manually assign your users to nodes using the system topology
interface
Select Save.
Related Topics
Configuring Basic Features for Cisco Unified Personal Communicator, page 12-1
Turning On the Cisco Unified Presence Service

The procedure below lists out the services that you need to turn on when you deploy a basic Cisco
Unified Presence configuration. You need to turn on these services on each node in your Cisco Unified
Presence cluster.
There are other optional Cisco Unified Presence services that you may need to turn on depending on the
additional features that you deploy on Cisco Unified Presence. See the Cisco Unified Presence
documentation relating to those specific features for further details.
The Cisco UP XCP Router service must be running for a basic Cisco Unified Presence deployment.
Cisco Unified Presence turns on the Cisco UP XCP Router by default. Verify that this network service
is on by selecting Cisco Unified Presence Serviceability > Control Center - Network Services.
Procedure
Step 1
Select Cisco Unified Presence Serviceability > Tools > Service Activation.
Step 2
Step 3
For a basic Cisco Unified Presence deployment, turn on the following services:
Step 4
Cisco UP SIP Proxy
Cisco UP Sync Agent
Cisco UP XCP Counter Aggregator
Select Save.
Related Topics
Serviceability Configuration and Maintenance Guide for Cisco Unified Presence
6-55
Chapter 6
6-56
CH A P T E R
Single Sign-On Configuration

May 30, 2012
This chapter contains the following sections:
Introduction, page 7-1
Configuration Checklist for SSO, page 7-2
System Requirements for Single Sign-On, page 7-3
Installing Java, page 7-4
Installing Tomcat, page 7-5
Provisioning Active Directory for SSO, page 7-7
Deploying OpenSSO Enterprise War on Apache Tomcat, page 7-8
Initial Configuration of OpenSSO Enterprise Using the GUI Configurator, page 7-9
Configure Policies on Open SSO Server, page 7-10
Configuring SSO Module Instance, page 7-11
Configuring J2EE Agent Profile on OpenSSO Server, page 7-12
Importing the OpenAM Certificate into Cisco Unified Presence, page 7-13
Configuring Client Browsers for Single Sign-On, page 7-14
Configuring Windows Registry, page 7-15
Configuring the Single Sign-On Application, page 7-16
Enabling SSO on Cisco Unified Presence Server, page 7-17
Disabling SSO on Cisco Unified Presence Server, page 7-17
Uninstalling OpenSSO Enterprise (OpenAM), page 7-19
Troubleshooting Single Sign-On, page 7-19
Introduction
Cisco Unified Presence Release 8.6(4) introduces support for single sign-on (SSO). SSO allows end
users to log into a Windows client machine on a Windows domain and use the following Cisco Unified
Presence applications without being required to sign in again:
Cisco Unified Presence User Options
7-1
Chapter 7
Cisco Unified Presence Administration
Cisco Unified Serviceability
Cisco Unified Reporting
Disaster Recovery System
Real-Time Monitoring Tool (RTMT) Administration
Cisco Unified Operating System Administration
Configuration Checklist for SSO

Table 7-1 provides a checklist for configuring SSO in your network. Use this checklist in conjunction
with the other sections.
Table 7-1
Single Sign-On Configuration Checklist
Related Topics and

Documentation
Configuration Steps
Step 1
Ensure that your environment meets the

requirements described in the System
Requirements for Single Sign-On, page 7-3.
Step 2
Provision the OpenAM server in Active Directory, Microsoft Active Directory

and then generate keytab files.
documentation
Note
Step 3
If your Windows version

does not include the ktpass
tool for generating keytab
files, then you must obtain
it separately.
Import the OpenAM server certificate into the

Cisco Unified Presence Tomcat-trust store.
Note
You cannot access any web

applications if you do not
import the OpenAM server
certificate while enabling
SSO
Step 4
Configure Windows SSO with Active Directory

and OpenAM.
Configuring Client Browsers for

Single Sign-On, page 7-14
Step 5
(For Cisco Unified Presence Administration

only)
Microsoft Active Directory

documentation and also see End
User Configuration section in
the Cisco Unified
Administration Guide
Verify that the user is provisioned in the Active

Directory.
7-2
Deploying OpenSSO Enterprise

War on Apache Tomcat over
Windows Platform, page 7-9
Chapter 7
Related Topics and

Documentation
Configuration Steps (continued)

Step 6

only)
Synchronize the user data to the Cisco Unified
Communications Manager database using the
DirSync service.
Step 7

only)
DirSync Service section in the

Manager System Guide
Adding Users to User Groups,

page 12-18
Add the user to the CCM Super Users group to

enable access to Cisco Unified Presence
Administration.
Step 8
Configure client browsers for SSO.
Configuring Client Browsers for

Single Sign-On, page 7-14
Step 9
Enable SSO in Cisco Unified Presence.
Enabling SSO on
Cisco Unified Presence Server,
page 7-17
System Requirements for Single Sign-On

The SSO feature requires the following third-party applications:
Note
Microsoft Windows Server 2003 or Microsoft Windows Server 2008
ForgeRock Open Access Manager (OpenAM) Version 9.0
The SSO feature uses Active Directory and OpenAM in combination to provide SSO access to client
applications.
These third-party products must meet the following configuration requirements:
Active Directory must be deployed in a Windows domain-based network configuration, not just as
an LDAP server.
The OpenAM server must be accessible on the network to all client systems and the Active Directory
server.
The Active Directory (Domain Controller) server, Windows clients, Cisco Unified Presence, and
OpenAM must be in the same domain.
DNS must be enabled in the domain.
No third-party products may be installed on the Cisco Unified Presence server.
The clocks of all the entities participating in SSO must be synchronized.
See the third-party product documentation for more information about those products.
7-3
Chapter 7
Installing Java
You must install Java as part of the Single-Sign On configuration taskflow. Keep in mind that the default
keystore password changeit used throughout this chapter can be replaced with a keystore password of
your choice; If you do replace this password, you will need to continue using the new password wherever
changeit is used in the remainder of this chapter.
Installing Java Using a Linux Platform, page 7-4
Installing Java Using a Windows Platform, page 7-5
Installing Java Using a Linux Platform

Install Java SDK on the OpenAM server.
Procedure
Step 1
Download the latest version of Java:

http://www.oracle.com/technetwork/java/javase/downloads/index.html
Step 2
Run the downloaded file to install Java.
Step 3
Define JAVA_HOME, JRE_HOME environment variables in your user profile (.bash_profile). Here is
an example:
export JAVA_HOME=/usr/java/jdk1.6.0_20 (or whatever version is being used)
export JRE_HOME=/usr/java/jdk1.6.0_20/jre
Step 4
Create java keystore; java keystore is required for enabling SSL on Tomcat.
Step 5
Execute the following command on the terminal. The default keystore password is changeit:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -validity
1825
Step 6
When prompted to enter first name and last name, enter the FQDN (hostname.domainname) of your
OpenAM server.
You will also be prompted to enter your organization unit name, organization name, city or locality, state
or province, and two-letter country code.
Step 7
When prompted for a Tomcat password, enter the default keystore password changeit.
Note
Keystore is created under the root directory.
What To Do Next
7-4
Chapter 7
Installing Java Using a Windows Platform

Procedure
Step 1
Download the latest version of Java:

http://www.oracle.com/technetwork/java/javase/downloads/index.html
Step 2
Run the downloaded file to install Java.
Step 3
Create java keystore; java keystore is required for enabling SSL on Tomcat.
Step 4
Open the command prompt and execute the following command:

C:\>c:\Program Files\Java\jdk1.6.020\bin\keytool.exe -genkey -alias
tomcat -keyalg RSA -validity 1825 -keystore c:\keystore
Note
In this test setup, Java is installed under c:\Program Files\Java. Enter the right path of keytool.exe in your
setup when executing this command. The default keystore password is changeit.
Step 5
When prompted to enter the first name and last name, enter the FQDN (hostname.domainname) of your
OpenAM server.
You will also be prompted to enter your organization unit name, organization name, city or locality, state
or province, and two-letter country code.
Step 6
When prompted for a Tomcat password, enter the default keystore password changeit.
Note
Keystore is created under the c:\ directory.
What To Do Next
Installing Tomcat
Installing Tomcat using a Linux Platform, page 7-5
Installing Tomcat using a Windows Platform, page 7-6
Installing Tomcat using a Linux Platform

Procedure
Step 1
Note
Step 2
Download the latest version of Apache Tomcat:

http://tomcat.apache.org/index.html
Download the zip/tar archives specific to your processor architecture (32bit/64bit).

Extract the apache-tomcat-7.0.0.tar.gz archive. In this guide, it is extracted under root home directory
(\root).
7-5
Chapter 7
Step 3
Increase the JVM heap size on Tomcat by setting JAVA_OPTS=$JAVA_OPTS - Xmx1024m

-XX:MaxPermSize-256m -Xms512m property in the catalina.sh under /root /apache-tomcat-7.0.0/bin
directory.
Example: JAVA_OPTS=$JAVA_OPTS -Xmx1024m -XX:MaxPermSize=256 - Xms512m Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
Step 4
Open the server.xml file under /root/apache-tomcat-7.0.0/conf directory, Comment the 8080 connector
port. Enter the code as follows:

Step 5
Uncomment the 8443 connector port: Remove  at the end of the 8443
connector. Enter the code as follows:
<Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true
maxThreads=150 scheme=https secure=true
clientAuth=false sslProtocol=TLS />
Step 6
Save the server.xml file after making the above changes.
Step 7
Start the Tomcat by executing startup.sh under /root/ apache-tomcat-7.0.0/bin directory.
Step 8
Launch a browser and go to:

https://localhost:8443/tomcat.gif
If your certificate is self-signed, your browser notifies you. Instruct the browser to import the certificate
and proceed. Tomcat is configured when the Tomcat logo appears.
What To Do Next
Installing Tomcat using a Windows Platform

Procedure
Step 1
Note
Download the latest version of Apache Tomcat:

http://tomcat.apache.org/index.html
Download the Tomcat service installer (32bit/64bit Windows Service Installer apache-tomcat-7.0.0.exe).
Step 2
Install the apache-tomcat-7.0.0.exe. In this example, Tomcat is installed under c:\Program Files\Apache
Software Foundation\Tomcat 7.0.
Step 3
Set the JAVA_HOME, JRE_HOME and JAVA_OPTS environment variables by creating a file called
setenv.bat under c:\Program Files\Apache Software Foundation\Tomcat 7.0\bin and set the above
variables.
Example:
set JAVA_HOME=c:\Program Files\Java\jdk1.6.0_20
set JRE_HOME=c:\Program Files\Java\jdk1.6.0_20\jre
set JAVA_OPT=%JAVA_OPTS% -xMS512m -xMX1024m
Step 4
Open the server.xml file under c:\Program Files\Apache Software Foundation\Tomcat 7.0\conf folder.
Step 5
Comment the 8080 connector port. Enter the code as follows:
7-6
Chapter 7

Step 6
Uncomment the 8443 connector port; Remove  at the end of the 8443
connector. In this 8443 connector, two more attributes have been added: keystoreFile (location of the
keystore file that was created in section 6.2; in this example, it was created under C:\keystore) and
keystoreType. Because we have keystore created with default password changeit, you do not need to set
keystorePass attribute. Enter the code as follows:
<Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true
maxThreads=150 scheme=https secure=true
clientAuth=false sslProtocol=TLS
keystoreFile=c:\keystore
keystoreType=JKS/>
Step 7
Save the server.xml file after making the above changes.
Step 8
Start the Tomcat service from services.msc utility or from Administrative Tools > Services > Apache
Tomcat 7 > Start.
Step 9
Launch a browser and go to:

https://localhost:8443/tomcat.gif
If your certificate is self-signed, your browser notifies you. Instruct the browser to import the certificate
and proceed. Tomcat is configured when the Tomcat logo appears.
What To Do Next
Provisioning Active Directory for SSO

Procedure
Step 1
Log in to the Active Directory (AD) server.
Step 2
From the Start menu, go to Programs > Administration Tools and select Active Directory Users and
Computers.
Step 3
Go to Users > New > Users and create a new user with the OpenSSO Enterprise hostname as the user ID.
Note
Step 4
The OpenSSO Enterprise hostname should not include the domain name.
Create a keytab file on the AD server using the following command from the command prompt; Content
that is italicized indicates values that you need to enter.
ktpass -princ HTTP/hostname.domainname@DCDOMAIN -pass password mapuser userName-out hostname.HTTP.keytab -ptype KRB5_NT_PRINCIPAL target DCDOMAIN
For example:
ktpass -princ HTTP/sso.cisco.com@CISCO.COM -pass cisco123 -mapuser sso
-out sso.HTTP.keytab -ptype KRB5_NT_PRINCIPAL - target CISCO.COM
7-7
Chapter 7
Note
After successful creation of the keytab file, copy the keytab file to a location on the OpenAM server; this
path will later be specified in OpenAM configuration.
Note
For OpenAM that is configured on Linux, you can create a directory under root and copy the above
keytab file. Example: /root/keytab/ examplehost.HTTP.keytab.
Note
For OpenAM that is configured on Windows, you can create a directory under C:\> and copy the above
keytab file. Example: c:/keytab/ examplehost.HTTP.keytab.
What To Do Next
Deploying OpenSSO Enterprise War on Apache Tomcat, page 7-8
Deploying OpenSSO Enterprise War on Apache Tomcat
Deploying OpenSSO Enterprise War on Apache Tomcat over Linux Platform, page 7-8
Deploying OpenSSO Enterprise War on Apache Tomcat over Windows Platform, page 7-9
Deploying OpenSSO Enterprise War on Apache Tomcat over Linux Platform

Procedure
Step 1
Go to the ForgeRock site below and download the stable release OpenAM Release 9 / February 7,
2010(20100207):
http://www.forgerock.com/downloads.html
Step 2
Copy the openam_release9_20100207.zip to the OpenAM server to any location and unzip it.
Step 3
Stop the Tomcat service if it is running on this OpenAM server.
Step 4
After unzipping, copy the opensso.war file under opensso/deployable-war directory and paste it under
/root /apache-tomcat-7.0.0/webapps directory.
Step 5
Start the Tomcat service by executing startup.sh under /root/ apache-tomcat-7.0.0/bin directory.
What To Do Next
7-8
Chapter 7
Deploying OpenSSO Enterprise War on Apache Tomcat over Windows Platform

Procedure
Step 1
Go to the ForgeRock site below and download the stable release OpenAM Release 9 / February 7,
2010(20100207):
http://www.forgerock.com/downloads.html
Step 2
Copy the openam_release9_20100207.zip to the OpenAM server to a specific location and unzip it.
Step 3
Select Administrative Tools > Services > Apache Tomcat 7 > Stop to stop the Tomcat service if it is
running on this OpenAM server.
Step 4
After unzipping, copy the opensso.war file under opensso/deployable-war directory and paste it under
c:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps folder.
Step 5
Select Administrative Tools > Services > Apache Tomcat 7 > Start to start the Tomcat service.
What To Do Next
Initial Configuration of OpenSSO Enterprise Using the GUI Configurator

Here is an example of how to configure OpenSSO. If you have an existing OpenAM server or a strong
understanding of OpenAM, you can configure the server differently.
OpenAM server and policy agents require FQDNs for the hostname of the machines on which you will
perform your installations. You cannot use a hostname like localhost and cannot use numeric IP
addresses like 192.168.1.2 as hostnames either, because this will cause problems in installation,
configuration, and usage.
In order to access OpenAM, a web browser must be installed, for example, Mozilla Firefox. When
accessing OpenAM for the first time, you should use FQDN of OpenAM server in the URL:
https://hostexample.corp.com:8443/opensso. When you access OpenSSO Enterprise for the first time,
you are directed to the Configurator to perform the initial configuration of the OpenSSO Enterprise. The
Configuration Options window appears when you access the OpenSSO for the first time. Select the
Create Default Configuration link.
You specify and confirm passwords for the OpenSSO Enterprise administrator (amAdmin) and the
default policy agent user (UrlAccessAgent). The default policy agent user is not used later in this
example configuration; amAdmin is used each time you log in to OpenAM to change the configuration.
If a problem occurs during the configuration, the Configurator displays an error message. If possible,
correct the error and retry the configuration. Also check the web container log files and the install.log
which, if created, will be in the configuration directory (default /opensso). These logs might contain
information about the cause of a configuration problem.
By default, OpenSSO is deployed under /root/opensso directory on Linux platforms; on Windows
Platforms, OpenSSO is deployed under C:\opensso.
Procedure
Step 1
Select Proceed to log in and enter the amAdmin and password.
7-9
Chapter 7
Step 2
Go to the Access Control tab and select the / (Top Level Realm).
Step 3
Go to the Authentication tab and click All Core Settings.
Step 4
Set the User Profile to Ignored.
Step 5
Click Save to save the configuration.
What To Do Next
Configure Policies on Open SSO Server, page 7-10
Configure Policies on Open SSO Server

Procedure
Step 1
From the Access Control tab, select / (Top Level Realm).
Step 2
From the Policies tab, add a new policy.
Step 3
Enter the PolicyName. For example, CUPPolicy.
Step 4
Create a new rule from the Policy Configuration window.

In the window that appears, select service type as URL Policy Agent (with resource name).
Step 5
Enter the Rule Name, for example, CUPUser. In the Resource Name field, enter the name of the
Resource URL as Web Application URL. For example, https://<CUP FQDN>:8443/*.
Step 6
Check the GET and POST check boxes and click Finish.
Step 7
Create another rule (example, CUPUser_1). In the Resource Name field, enter the name of the Resource
URL as Web Application URL. For example, https://<CUP FQDN>/*.
Step 8
Step 9
Create another rule (example, CUPUser_QueryPatterns) for the requests involving query patterns (*?*)
in the Find and List windows of Cisco Unified PresenceUser application. In the Resource Name field,
enter https://<CUP FQDN>:8443/*?*.
Step 10
Step 11
Create another rule (example, CUPUser_QueryPatterns_1) for the requests involving query patterns
(*?*) in the Find and List windows of Cisco Unified Presence User application. For example, in the
Resource Name field, enter https://<CUP FQDN>/*?*
Step 12
Step 13
SSO support is provided for RTMT application as well. To achieve SSO for RTMT, along with the above
policy rules, create one more new rule. For example, RTMT_Query for requests involving RTMT query
patterns (*?*?*). In the Resource Name field, type https://<CUP FQDN>:8443/*?*?*.
Step 14
Step 15
SSO support is provided for RTMT application as well. To achieve SSO for RTMT, along with the above
policy rules, create one more new rule. For example, RTMT_Query_1 for requests involving RTMT
query patterns (*?*?*). In the Resource Name field, type https://<CUP FQDN>/*?*?*.
Step 16
Step 17
Select New under Subjects on the Policy Configuration window.
7-10
Chapter 7
Step 18
Select subject type as Authenticated Users.
Step 19
Enter the subject name, for example CUPUser, and click Finish.
The new policy is created with defined Rules and Subjects.
Step 20
Select New under Conditions.
Step 21
Under Select Condition type, select Active Session Time.
Step 22
Enter Condition Name. For example, CUPUser.
Step 23
Click Next.
Step 24
Configure the active session timeout as 120 minutes.
Step 25
Ensure the Terminate Session field is set to No.
Step 26
Click Finish.
What To Do Next
Configuring SSO Module Instance, page 7-11
Configuring SSO Module Instance

Procedure
Step 1
Copy the keytab files to the OpenAM server that you created in Provisioning Active Directory for SSO,
page 7-7.
Step 2
Log in to the OpenSSO Enterprise administration console as amAdmin.
Step 3
Choose Access Control > Top Level Realm > Authentication.
Step 4
On the Module Instances window, select New.
Step 5
Enter a name for the new login module instance (for example, CUPUser) and select Windows Desktop
SSO.
Step 6
Click OK.
Note
This module instance name will be used later when enabling SSO on the Cisco Unified Presence server.
Step 7
In the Module Instances window, select the name of the new login module (for example, CUPUser) and
provide the following information:
Service PrincipalHTTP/openAMhostname.domain.com@DOMAIN.COM. Here is an example

using the openAM server name and domain: HTTP/openamhost.example.com@EXAMPLE.COM
Keytab File Namec:\keystore\openAMhostname.HTTP.keytab (on Windows platform) or

/root/keytab/openAMhostname.HTTP.keytab (on Linux platform)
Kerberos RealmDOMAIN.COMdomain for OpenAM server (for example, EXAMPLE.COM)
Active Directory / Kerberos Server Namekerberos.example.com

If multiple Kerberos Domain Controllers exist for failover purposes, all Kerberos Domain
Controllers can be set using a colon (:) as the separator.
Return Principal with Domain NameFalse. Leave the Enabled check box unchecked.
7-11
Chapter 7
Step 8
Authentication Level22
Click Save.
The module instance is created and called CUPUser.
What To Do Next
Configuring J2EE Agent Profile on OpenSSO Server, page 7-12
Configuring J2EE Agent Profile on OpenSSO Server

Perform the following steps in OpenSSO Enterprise Console. The key steps of this task are to create an
agent name (ID) and an agent password.
Procedure
Step 1
Log in to OpenSSO Enterprise Console as a user with AgentAdmin privileges, such as amAdmin.
Step 2
Select the Access Control tab.
Step 3
Select the name of the realm to which the agent will belong, such as the following: /(Top Level Realm).
Step 4
Select the Agents tab.
Step 5
Select the J2EE tab.
Step 6
Select New in the Agent section.
Step 7
Enter values for the following fields:
Note
The Agent name will be used later when you enable SSO on Cisco Unified Presence. For example, enter
the name of the profile configured for this policy agent.
Note
Note
NameEnter the name or identity of the agent (for example, CUPUser).
PasswordEnter the agent password.
You will be asked for this password when you enable SSO on Cisco Unified Presence.
Server URL fieldEnter the OpenSSO Enterprise server URL. For example, https://<OpenAM
FQDN>:8443/opensso.
Agent URL fieldEnter the URL for the agent application. For example,
https://Cisco Unified Presence Server FQDN>:8443/agentapp.
agentapp will be used later in the example given for enabling SSO on Cisco Unified Presence
Step 8
Select Create.
A J2EE Agent with the name of CUPUser is created.
Step 9
Select the J2EE agent that you created in step 8.
Step 10
Select the Application tab.
7-12
Chapter 7
Step 11
Step 12
Under Login Processing, enter the Login Form URIs for each web GUI application on
Cisco Unified Presence as follows:
Cisco Unified Presence Administration/cupadmin/WEB-INF/pages/logon.jsp
Cisco Unified Serviceability/ccmservice/WEB-INF/pages/logon.jsp
Cisco Unified Reporting/cucreports/WEB-INF/pages/logon.jsp
Cisco Unified OS Administration/cmplatform/WEB-INF/pages/logon.jsp
Disaster Recovery System/drf/WEB-INF/pages/logon.jsp
Real-Time Monitoring Tool (RTMT)/ast/WEB-INF/pages/logon.jsp
Cisco Unified Presence User Options/cupuser/WEB-INF/pages/logoncontrol.jsp
From the OpenSSO Services tab, under Login URL, add OpenSSO Login URL as https://<OpenSSO
FQDN>:8443/opensso/UI/Login?module=<SSO_Module>.
Note
Step 13
SSO_Module should be the same value as the one created in Configuring SSO Module Instance,
page 7-11.
In the text area, remove all URLs other than the Login URL. Only the Login URL specified in the
previous step should be listed in the text area.
Troubleshooting Tip
If this link does not have the format described above, modify it accordingly and save the configuration.
The name of the module instance created in Configuring SSO Module Instance, page 7-11 can be
checked via Access Control > Top Level Realm > Authentication > Module Instances. Following this
check, log in to the Cisco Unified Presence server as admin user, type the CLI command utils
service restart Cisco Tomcat to restart the Cisco Tomcat service.
What To Do Next
Importing the OpenAM Certificate into Cisco Unified Presence

Communication between Cisco Unified Presence and OpenAM is secure. As a result, you must obtain
the OpenAM security certificate and import it into the Cisco Unified Presence tomcat-trust store.
Configure the OpenAM certificate to be valid for five years or less. To obtain the OpenAM server
certificate, follow the procedure below.
Note
For information about importing certificates, see Cisco Unified System Maintenance Guide for
Procedure
Step 1
Sign in to OpenAM (https://<OpenAM FQDN>:8443/opensso) from your Web browser (for example,
Mozilla Firefox).
Step 2
Select Tools > Page info > Security > View Certificate.
7-13
Chapter 7
Step 3
In the Certificate Viewer window, click the Details tab to access certificate information.
Step 4
Click Export and save the certificate on your desktop.
Step 5
After getting OpenAM server certificate, sign into Cisco Unified OS Administration and choose
Security > Certificate Management.
Step 6
Click Upload Certificate/Certificate Chain.
Step 7
From the Certificate Name drop-down list in the Upload Certificate dialog box, choose tomcat-trust.
Step 8
From the Upload File field, browse for the saved OpenAM certificate.
Step 9
Click Upload File to upload the certificate. The OpenAM certificate will be added to the Cisco Unified
Presence Tomcat-trust store.
What To Do Next
Configuring Client Browsers for Single Sign-On, page 7-14
Configuring Client Browsers for Single Sign-On

To use SSO for a browser-based client application, you must configure the web browser.
The following sections describe how to configure client browsers to use SSO:
Configuring Internet Explorer for Single Sign-On, page 7-14
Configuring Firefox for Single Sign-On, page 7-15
Configuring Internet Explorer for Single Sign-On

The SSO feature supports Windows clients running Internet Explorer Version 6.0 and later. Perform the
following procedure to configure Internet Explorer to use SSO:
Procedure
Step 1
Select Tools > Internet Options > Advanced tab.
Step 2
Select Enable Integration Windows Authentication.
Step 3
Click OK to save the changes.
Step 4
Restart Internet Explorer.
Step 5
Select Tools > Internet Options > Security > Local Intranet and click Custom Level....
Step 6
Under User Authentication, select Automatic Logon Only in Intranet Zone.
Step 7
Click OK.
Step 8
Click Sites.
Step 9
Select Automatically detect intranet network.
Step 10
Click Advanced.
Step 11
Fill in the Add this web site to the zone: field with the FQDN of the OpenAM server in the following
format: https://OpenAM_FQDN.
Step 12
Click Add.
7-14
Chapter 7
Step 13
Click Close.
Step 14
Click OK.
Step 15
Uncheck Enable Protected Mode.
Step 16
Restart Internet Explorer.
Step 17
Open the Windows Registry Editor:
For Windows XP or Windows 2008Select Start > Run and type regedit.
For Windows Vista and Windows 7.0Select Start and type regedit. For Windows Vista, you then
need to click Continue.
Step 18
Under registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\, add new

DWORD (32-bit) value called SuppressExtendedProtection and set the value to hexadecimal 0x02.
Step 19
Right-click on the newly created DWORD, select Modify...
Step 20
Set the following values:
Base: hexadecimal
Value data: 002
Note
The newly created DWORD will appear in the LSA directory list as follows:
Name: SuppressExtendedProtection
Type: REG_DWORD
Value: 0x00000002 (2)
Configuring Firefox for Single Sign-On

The SSO feature supports Windows clients running Firefox Version 3.0 and later.
Procedure
Step 1
Open Firefox and enter the following URL page: about:config
Step 2
Scroll down to network.negotiate-auth.trusted-uris and set it to your domain (for example, corp.com).
Configuring Windows Registry

To achieve SSO for the Real-Time Monitoring Tool (RTMT), you must create the following new registry
key on your Desktop client (Windows XP or Windows 7): alowtgtsessionkey of type REG_DWORD
with value set to 1. Store this new registry key at either of the following locations, depending on your
operating system:
Windows XPHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos
Windows Vista/Windows 7
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
7-15
Chapter 7
Configuring the Single Sign-On Application

To configure SSO, select Cisco Unified OS Administration > Security > Single Sign On.
This application is split into three components:
Status
Server Settings
Select Applications
Status
A warning message displays indicating that the change in SSO settings causes Tomcat restart.
The following error messages may display when you enable the SSO application:
Invalid Open Access Manager (OpenAM) server URLThis error message displays when you enter
an invalid OpenAM server URL.
Invalid profile credentialsThis error message displays when you enter a wrong profile name or
wrong profile password or both.
Security trust errorThis error message displays when the OpenAM certificate has not been
imported.
If you get any of the above error messages while enabling SSO, then the status changes to the above
error.
Server Settings
You can only edit the server settings when SSO is disabled for all applications.
Select Applications
You can enable or disable SSO on any of the following applications:
Cisco Unified Presence AdministrationEnables SSO for Cisco Unified Presence Administration,
Cisco Unified Serviceability, and Cisco Unified Reporting
Cisco Unified Presence User OptionsEnables SSO for End User Options
Cisco Unified Operating System AdministrationEnables SSO for Cisco Unified Operating System
Administration and Disaster Recovery System
RTMTEnables the web application for the Real-Time Monitoring Tool
Use the following procedure:

Procedure
Step 1
Enter the following URL of the Open Access Manager (OpenAM) server:
https://hostexample.corp.com:8443/opensso
Step 2
Enter the relative path where the policy agent should be deployed. The relative path must be
alphanumeric. See Configuring J2EE Agent Profile on OpenSSO Server, page 7-12.
Step 3
Enter the name of the profile that is configured for this policy agent. See Configuring J2EE Agent Profile
on OpenSSO Server, page 7-12.
Step 4
Enter the password of the profile name. See Configuring J2EE Agent Profile on OpenSSO Server,
page 7-12.
7-16
Chapter 7
Step 5
Enter the login Module instance name that is configured for Windows Desktop SSO. See Configuring
SSO Module Instance, page 7-11.
Step 6
Select Save.
Step 7
In the Confirmation dialog box, click OK to restart Tomcat.
Enabling SSO on Cisco Unified Presence Server

The following example makes use of the parameters and values that are in other SSO procedures
provided.
admin:utils sso enable
*****WARNING*****
This command will restart Tomcat for successful completion.
This command needs to be executed on all the nodes in the cluster.
Do you want to continue (yes/no): yes
List of apps for which SSO can be enabled:
1) Cisco Unified Presence Administration (CUP Admin, CU Serviceability, CU Reporting)
2) Cisco Unified Presence User Options (CUP End User options)
3) Cisco Unified Operating System Administration (CUOS Admin, DRF)
4) RTMT
Do you want to enable SSO for Cisco Unified Presence Administration (CUP Admin, CU
Serviceability, CU Reporting) (yes/no): yes
Do you want to enable SSO for Cisco Unified Presence User Options (CUP End User options)
(yes/no): yes
Do you want to enable SSO For Cisco Unified Operating System Administration (CUOS Admin,
DRF) (yes/no): yes
Do you want to enable SSO for RTMT (yes/no):yes
Enter URL of the Open Access Manager (OpenAM) server:
https://examplehost.corp.com:8443/opensso
Enter the relative path where the policy agent should be deployed: agentapp
Enter the name of the profile configured for this policy agent: CUPUser
Enter the password of the profile name: ********
Enter the login module instance name configured for Windows Desktop SSO: CUPUser
Validating connectivity and profile with Open Access Manager (OpenAM) Server:
https://examplehost.corp.com:8443/opensso
Valid profile
Valid module name
Enabling SSO ... This will take up to 5 minutes
SSO Enable Success
Note
For information about the commands that are associated with enabling and disabling SSO, see the
Command Line Interface Reference Guide for Cisco Unified Presence.
Disabling SSO on Cisco Unified Presence Server

If SSO is disabled for any Cisco Unified Presence administrative application that supports SSO, all users
accessing that application need to provide a username and password. Cisco recommends that if you are
a Cisco Unified Presence administrator intending to disable SSO for any Cisco Unified Presence
administrative applications, ensure that users can access the application after SSO is disabled. This is
important to avoid inadvertently locking out the active Cisco Unified Presence administration account.
7-17
Chapter 7
Application
Comments
Cisco Unified Presence Administration (Cisco

Unified Presence Administration, Cisco Unified
Serviceability, Cisco Unified Reporting)
Before disabling SSO, ensure that an application

user exists with a known username/password and
that this user is a member of the necessary User
Groups.
The default administrator application user created
at the time of installation would have the
following:
Groups:
Standard Audit Users
Standard CUP Super Users
Standard RealtimeAndTraceCollection
Roles:
Standard AXL API Access
Standard Audit Log Administration*
Standard CCM Admin Users*
Standard CCMADMIN Administration
Standard CUReporting
Standard RealtimeAndTraceCollection*
Standard SERVICEABILITY
Administration*
Any application user that is a member of the

above User Groups with those Roles will have full
access rights to Cisco Unified Presence if SSO be
disabled.
To view the application users on Cisco Unified
Presence, select Cisco Unified Presence
Administration > User Management > Find.
Select a user to view their details.
Cisco Unified Presence User Options (Cisco
Unified Presence End User Options)
Ensure that passwords exist for the end users and

that they are aware of their password values. This
information is required by each end user to access
the application in question.
Cisco Unified Operating System Administration

(CUOS Admin, DRS)
After SSO is disabled for this application, the

application reverts to accepting the Cisco Unified
Presence Administration CLI account credentials.
Real-Time Monitoring Tool
Before disabling SSO, ensure that an application

user exists with a known username/password and
that this user has the same access rights as the user
specified for Cisco Unified Presence
Administration (Cisco Unified Presence
Administration, Cisco Unified Serviceability,
Cisco Unified Reporting).
7-18
Chapter 7
Uninstalling OpenSSO Enterprise (OpenAM)
Uninstalling OpenSSO Enterprise (OpenAM) on Linux, page 7-19
Uninstalling OpenSSO Enterprise (OpenAM) on Windows, page 7-19
Uninstalling OpenSSO Enterprise (OpenAM) on Linux

Procedure
Step 1
Stop the Tomcat running on OpenAM server by executing the following command under
/root/apachetomcat- 7.0.0/bin directory:
shutdown.sh
Step 2
Remove the following directories and all of their contents:
ConfigurationDirectory is the directory created when the OpenSSO Enterprise instance is initially
configured using the Configurator. The default directory is opensso in the home directory of the user
running the Configurator.
If the Configurator is run by root, ConfigurationDirectory is created in the root home directory
(/root).
user-home-directory.openssocfg where user-home-directory is the home directory of the user who

deployed the opensso.war file. If this user is root, the directory is /.openssocfg.
Step 3
Remove the opensso.war file from webapps directory of the Tomcat.

For example, /root/ apache-tomcat-7.0.0/webapps
Step 4
Start the Tomcat on OpenAM Server, by executing startup.sh under /root/ apache-tomcat-7.0.0/bin
directory.
Uninstalling OpenSSO Enterprise (OpenAM) on Windows

Procedure
Step 1
Select Administrative Tools > Services > Apache Tomcat 7 > Stop to stop the Tomcat service if
running on the OpenAM server.
Step 2
Delete the opensso and .openssocfg folder from the user home directory.
Step 3
Delete the opensso.war file from the webapps folder of Tomcat.

Example: c:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps
Step 4
Select Administrative Tools > Services > Apache Tomcat 7 > Start to start the Tomcat service.
Troubleshooting Single Sign-On

This section includes troubleshooting tips to help solve configuration issues.
Setting the OpenAM Session Timeout, page 7-20
7-19
Chapter 7
Setting the OpenAM Session Timeout, page 7-20
Setting the Debug Level, page 7-20
Setting the OpenAM Session Timeout

The OpenAM session timeout must be set to a value that is higher than the session timeout parameter set
on the Cisco Unified Presence server.
Procedure
Step 1
From the OpenAM server GUI, select Configuration > Global > Session > Dynamic attributes >
Maximum Idle Time.
Step 2
Enter a value in the Maximum Idle Time field.
Tomcat Crashes on OpenAM Server

When Tomcat crashes on the OpenAM server, OpenSSO becomes unresponsive. Cisco Unified Presence
may not be notified.
Procedure
Step 1
Perform one of the following steps:

If
Then
If you receive an error message when enabling

SSO from either the GUI or the CLI
verify that Tomcat is running on the OpenAM

server.
If you do not receive an error message
restart Tomcat on the OpenAM server and try

enabling SSO again.
Setting the Debug Level

In OpenAM, you can obtain additional debug information using the J2EE Policy Agent. The default
debug level is Error. You can change the debug level to Message to access additional useful information,
however, the debug.out log on Cisco Unified Presence will get quite large. Cisco recommends that the
Message debug level only be used for short periods of time.
Procedure
Step 1
Sign in to OpenAM (https://<OpenAM FQDN>:8443/opensso) from your Web browser (for example,
Mozilla Firefox).
Step 2
From the Access Control menu, choose Top Level Realm > Agents > J2EE.
7-20
Chapter 7
Step 3
Under the General heading, select Agent Debug Level.
7-21
Chapter 7
7-22
CH A P T E R

May 30, 2012
Creating a Login Banner, page 8-1
Cisco Unified Presence Certificate Types, page 8-2
How to Configure the Certificate Exchange Between Cisco Unified Presence and Cisco Unified
How to Configure the SIP Security Settings on Cisco Unified Presence, page 8-6
How to Configure the XMPP Security Settings on Cisco Unified Presence, page 8-8
Configuring FIPS 140-2 Mode, page 8-9
Creating a Login Banner

In Cisco Unified Presence Release 8.6(4), administrators can create a banner that users acknowledge as
part of their login to any Cisco Unified Presence interfaces. The administrator creates a .txt file using
any text editor, includes important notifications that users should be made aware of, and uploads it to the
Cisco Unified Presence OS Administration page. This banner will then appear on all Cisco Unified
Presence interfaces notifying users of important information before they log in, including legal warnings
and obligations. The following interfaces will display this banner before and after a user logs in: Cisco
Unified Presence Administration, Cisco Unified OS Administration, Serviceability, Reporting, Disaster
Recovery System, User Options, and the Cisco Unified Presence CLI prompt.
Procedure
Step 1
Create a .txt file with the contents you want to display in the banner.
Step 2
Sign in to Cisco Unified Operating System Administration.
Step 3
Select Software Upgrades > Customized Logon Message.
Step 4
Select Browse and locate the .txt file.
Step 5
Select Upload File.

The banner will appear before and after login on most Cisco Unified Presence interfaces.
8-1
Chapter 8
Note
The .txt file must be uploaded to each Cisco Unified Presence node separately.

This section describes the different certificates required for the clients and services on Cisco Unified
Presence.
Table 8-1
Certificate Types for Client Applications on Cisco Unified Presence
Client
Certificate
SIP client (Cisco Unified Personal Communicator Release 7.x,

IPPM, Cisco Unified Communications Manager)
tomcat
XMPP client (Cisco Unified Personal Communicator Release 8.0, cup-xmpp

third-party client)
Table 8-2
Certificate Types for Cisco Unified Presence Services
Service
Certificate
Certificate Trust Store
SIP Proxy
cup
cup-trust
Presence Engine
cup
cup-trust
SOAP
tomcat
directory-trust
AXL
tomcat
directory-trust
LDAP
tomcat
directory-trust
Microsoft Exchange
Notes
LDAP uses the tomcat

certificate because
directory/directory-trust
is now tomcat/ttrust.
cup-trust
Microsoft OCS/LCS
Call Control
cup
cup-trust
SIP Federation
cup
cup-trust
XMPP Federation
Cup-xmpp-s2s
cup-xmpp-trust
The trust certificates for

cup-xmpp-s2s are stored
in cup-xmpp-trust along
with the general XMPP
trust certificates.
Related Topics
(Cisco Unified Personal Communicator Release 8.x) Configuring Settings, page 12-22
How to Configure the XMPP Security Settings on Cisco Unified Presence, page 8-8
8-2
Chapter 8

How to Configure the Certificate Exchange Between Cisco Unified Presence and Cisco Unified Communications
Configuring a Secure Connection Between Cisco Unified Presence and the LDAP Directory,
page 15-6
How to Configure the Certificate Exchange Between Cisco

Unified Presence and Cisco Unified Communications Manager
This module describes the exchange of self-signed certificates between the Cisco Unified
Communications Manager server and the Cisco Unified Presence server. You can use the Certificate
Import Tool on Cisco Unified Presence to automatically import the Cisco Unified Communications
Manager certificate to Cisco Unified Presence. However, you must manually upload the Cisco Unified
Presence certificate to Cisco Unified Communications Manager.
Only perform these procedures if you require a secure connection between Cisco Unified Presence and
Prerequisites for Configuring Security, page 8-3
Importing the Cisco Unified Communications Manager Certificate to Cisco Unified Presence,
page 8-3
Uploading the Cisco Unified Presence Certificate to Cisco Unified Communications Manager,
page 8-5
Downloading the Certificate from Cisco Unified Presence, page 8-4
page 8-5
Restarting the Cisco Unified Communications Manager Service, page 8-5
Prerequisites for Configuring Security

Configure the following items on Cisco Unified Communications Manager:
Configure a SIP security profile for Cisco Unified Presence.
Configure a SIP trunk for Cisco Unified Presence:

Associate the security profile with the SIP trunk.
Configure the SIP trunk with the subject Common Name (CN) of Cisco Unified Presence
certificate.
Related Topic
Importing the Cisco Unified Communications Manager Certificate to Cisco

Unified Presence
Procedure
Step 1
Select Cisco Unified Presence Administration > System > Security > Certificate Import Tool.
8-3
Chapter 8 Configuring Security on Cisco Unified Presence

Step 2
Select CUP Service Trust from the Certificate Trust Store menu.
Step 3
Enter the IP address, hostname or FQDN of the Cisco Unified Communications Manager server.
Step 4
Enter a port number to communicate with the Cisco Unified Communications Manager server.
Step 5
Select Submit.
Troubleshooting Tip
After the Certificate Import Tool completes the import operation, it reports whether or not it successfully
connected to Cisco Unified Communications Manager, and whether or not it successfully downloaded
the certificate from Cisco Unified Communications Manager. If the Certificate Import Tool reports a
failure, see the Online Help for a recommended action. You can also manually import the certificate by
selecting Cisco Unified OS Administration > Security > Certificate Management.
What To Do Next
Restarting the SIP Proxy Service, page 8-4
Restarting the SIP Proxy Service

Before You Begin
Import the Cisco Unified Communications Manager certificate to Cisco Unified Presence.
Procedure
Step 1
Select Cisco Unified Serviceability > Tools > Control Center - Feature Services on Cisco Unified
Presence,
Step 2
Select Cisco UP SIP Proxy.
Step 3
Select Restart.
What To Do Next
Downloading the Certificate from Cisco Unified Presence

Procedure
Step 1
Select Cisco Unified OS Administration > Security > Certificate Management on Cisco Unified
Presence.
Step 2
Select Find.
Step 3
Select the cup.pem file.
Step 4
Select Download and save the file to your local computer.
8-4
Chapter 8

Troubleshooting Tip
Ignore any errors that Cisco Unified Presence displays regarding access to the cup.csr file; The CA
(Certificate Authority) does not need to sign the certificate that you exchange with Cisco Unified
What To Do Next
Uploading the Cisco Unified Presence Certificate to Cisco Unified Communications Manager, page 8-5
Uploading the Cisco Unified Presence Certificate to Cisco Unified

Before You Begin
Download the certificate from Cisco Unified Presence.

Procedure
Step 1
Select Cisco Unified OS Administration > Security > Certificate Management on Cisco Unified
Step 2
Select Upload Certificate.
Step 3
Select Callmanager-trust from the Certificate Name menu.
Step 4
Browse and select the certificate (.pem file) previously downloaded from Cisco Unified Presence.
Step 5
Select Upload File.
Related Topic

What To Do Next
Restarting the Cisco Unified Communications Manager Service, page 8-5
Restarting the Cisco Unified Communications Manager Service

Before You Begin
Upload the Cisco Unified Presence certificate to Cisco Unified Communications Manager.
Procedure.
Step 1
Select Cisco Unified Serviceability > Tools > Control Center - Feature Services. on Cisco Unified
Step 2
Select Cisco CallManager.
Step 3
Select Restart.
8-5
Chapter 8
How to Configure the SIP Security Settings on Cisco Unified Presence
Related Topic
Uploading the Cisco Unified Presence Certificate to Cisco Unified Communications Manager, page 8-5
What To Do Next
How to Configure the SIP Security Settings on Cisco Unified Presence, page 8-6
How to Configure the SIP Security Settings on Cisco Unified

Presence
Configuring a TLS Peer Subject, page 8-6
Configuring a TLS Context, page 8-6
Configuring the SIP Proxy-to-Proxy Intracluster Protocol Type, page 8-7
Configuring a TLS Peer Subject

When you import a Cisco Unified Presence certificate, Cisco Unified Presence automatically attempts
to add the TLS peer subject to the TLS peer subject list, and to the TLS context list. Verify the TLS peer
subject and TLS context configuration is set up to your requirements.
Procedure
Step 1
Select Cisco Unified Presence Administration > System > Security > TLS Peer Subjects.
Step 2
Select Add New.
Step 3
Perform one of the following actions for the Peer Subject Name:
Enter the subject CN of the certificate that the server presents.
Open the certificate, look for the CN and paste it here.
Step 4
Enter the name of the server in the Description field.
Step 5
Select Save.
What To Do Next
Configuring a TLS Context, page 8-6
Configuring a TLS Context

When you import a Cisco Unified Presence certificate, Cisco Unified Presence automatically attempts
to add the TLS peer subject to the TLS peer subject list, and to the TLS context list. Verify the TLS peer
subject and TLS context configuration is set up to your requirements.
Before You Begin
Configure a TLS peer subject on Cisco Unified Presence.
8-6
Chapter 8

How to Configure the SIP Security Settings on Cisco Unified Presence
Procedure
Step 1
Select Cisco Unified Presence Administration > System > Security > TLS Context Configuration.
Step 2
Select Find.
Step 3
Select Default_Cisco_UPS_SIP_Proxy_Peer_Auth_TLS_Context.
Step 4
From the list of available TLS peer subjects, select the TLS peer subject that you configured.
Step 5
Move this TLS peer subject to Selected TLS Peer Subjects.
Step 6
Select Save.
Step 7
Select Cisco Unified Presence Serviceability > Tools > Service Activation.
Step 8
Restart the Cisco Unified Presence SIP Proxy service.
Troubleshooting Tip
You must restart the SIP proxy service before any changes that you make to the TLS context take effect.
Related Topics
Configuring a TLS Peer Subject, page 8-6
Configuring the SIP Proxy-to-Proxy Intracluster Protocol Type

Select the protocol that Cisco Unified Presence uses to route SIP messages securely in an intracluster
deployment. The default value is the TLS protocol. Use TLS if a cluster node sends traffic over a
unsecured network and you want a secure (encrypted) connection channel.
Procedure
Step 1
Select System > Security > General Settings.
Step 2
Select a protocol type from the SIP Intra-cluster Proxy-to-Proxy Transport Protocol menu.
Step 3
Select Save.
Troubleshooting Tip
You must restart the SIP proxy service before any changes that you make to the SIP proxy protocol take
effect.
Related Topic
8-7
Chapter 8
How to Configure the XMPP Security Settings on Cisco Unified Presence
How to Configure the XMPP Security Settings on Cisco Unified

Presence
XMPP Security Modes, page 8-8
Configuring the XMPP Certificate Settings, page 8-9
XMPP Security Modes

Cisco Unified Presence provides increased security for XMPP-based configuration. Table 8-3 describes
these XMPP secure modes. To configure the XMPP secure modes on Cisco Unified Presence, select
Cisco Unified Presence Administration > System > Security > Settings.
Table 8-3
Secure Mode
XMPP Secure Mode Descriptions
Description
Enable XMPP Client

If you turn on this setting, Cisco Unified Presence establishes a secure TLS
To CUP Service Secure connection between the Cisco Unified Presence servers and XMPP client
Mode
applications in a cluster. Cisco Unified Presence turns on this secure mode
by default.
We recommend that you do not turn off this secure mode unless the XMPP
client application can protect the client login credentials in non-secure
mode. If you do turn off the secure mode, verify that you can secure the
XMPP client-to-server communication in some other way.
Enable XMPP
Router-to-Router
Secure Mode
connection between XMPP routers in the same cluster, or in different
clusters. Cisco Unified Presence automatically replicates the XMPP
certificate within the cluster, and across clusters, as an XMPP trust
certificate. An XMPP router will attempt to establish a TLS connection with
any other XMPP router that is in the same cluster, or a different cluster, and
is available to establish a TLS connection.
Enable Web Client to

CUP Service Secure
Mode
connection between the Cisco Unified Presence servers and XMPP-based
API client applications.If you turn on this setting, upload the certificates or
signing certificates for the web client in the cup-xmpp-trust repository on
If you update the XMPP security settings, perform one of these actions:
Restart the Cisco UP XCP Connection Manager if you edit Enable XMPP Client To CUP Service
Secure Mode. Select Cisco Unified Serviceability > Tools > Control Center - Feature Services
to restart this service.
Restart the Cisco UP XCP Router if you edit the Enable XMPP Router-to-Router Secure Mode.
Select Cisco Unified Serviceability > Tools > Control Center - Network Services to restart this
service.
8-8
Chapter 8

Configuring FIPS 140-2 Mode
Restart the Cisco UP XCP Web Connection Manager if you edit Enable Web Client To CUP
Service Secure Mode. Select Cisco Unified Serviceability > Tools > Control Center Feature Services to restart this service.
Related Topics
Integrating Third-Party XMPP Client Applications on Cisco Unified Presence, page 9-1
Configuring the XMPP Certificate Settings, page 8-9
Configuring the XMPP Certificate Settings

Procedure
Step 1
Select Cisco Unified Presence Administration > System > Security > Settings.
Step 2
Enter a server-to-server domain name for this Cisco Unified Presence cluster, for example, cisco.com.
Step 3
Check Use Domain Name for XMPP Certificate Subject Common Name if you want the general
XMPP certificate to use the same Domain Name as the XMPP server-to-server certificate.
Step 4
Select Save.
Step 5
Restart the Cisco UP XCP Router service. Select Cisco Unified Serviceability > Tools > Control
Center - Network Services > Cisco UP XCP Router to restart this service.
Troubleshooting Tip
If you change the server-to-server domain name value, you must regenerate affected XMPP S2S
certificates before you restart the Cisco UP XCP Router service.
Related Topic
XMPP Security Modes, page 8-8
Overview of FIPS 140-2, page 8-9
Rebooting a Server in FIPS 140-2 Mode, page 8-10
Regeneration of Certificates, page 8-10
Overview of FIPS 140-2

The Federal Information Processing Standard (FIPS) is a U.S. and Canadian government certification
standard that defines requirements that cryptographic modules must follow.
When you enable FIPS 140-2 mode, Cisco Unified Presence reboots, runs certification self-tests at
startup, performs the cryptographic modules integrity check, and then regenerates the keying materials.
At this point, Cisco Unified Presence operates in FIPS 140-2 mode.
Cisco Unified Presence FIPS mode uses FIPS 140-2 level 1 validated OpenSSL FIPS Module version
1.2. The relevant OpenSSL documentation can be found at: http://www.openssl.org/docs/fips/
8-9
Chapter 8
In Cisco Unified Presence, you can perform the following FIPS-related tasks:
Note
Enable FIPS 140-2 mode
Disable FIPS 140-2 mode
Check the status of FIPS 140-2 mode
By default, Cisco Unified Presence is in non-FIPS mode. The administrator must enable FIPS mode. See
the Command Line Reference Guide for Cisco Unified Presence for more information.
Rebooting a Server in FIPS 140-2 Mode

When you enable or disable FIPS, the Cisco Unified Presence server is automatically rebooted. When a
Cisco Unified Presence server reboots in FIPS 140-2 mode, it will trigger FIPS startup self-tests in each
of the FIPS 140-2 modules after rebooting.
Caution
If any of these self-tests fail, Cisco Unified Presence halts. If the startup self-test fails because of a
transient error, restarting the Cisco Unified Presence server fixes the issue. However, if the start self-test
error persists, it indicates a critical problem in the FIPS module and the only option is to use a recovery
CD.
Regeneration of Certificates
After FIPS has been enabled, certificates may not be exchanged between intercluster peers. If this
situation arises, follow this procedure.
Procedure
Step 1
Select Cisco Unified Presence Administration > Presence > Inter-Clustering.
Step 2
Select the intercluster peer whose certificate is not present and choose the Force Manual Sync option.
Step 3
Select Cisco Unified Operating System Administration > Security > Certificate Management and
copy required certificates between intercluster peers.
Manual deletion of old intercluster peer certificates can also be performed from this page.
Note
Cisco recommends that you allow 10 minutes after importing intermediate or root Certificate Authority
certificates before importing signed certificates.
8-10
CH A P T E R
Integrating Third-Party XMPP Client

Applications on Cisco Unified Presence
May 30, 2012
About Third-Party Client Integration, page 9-1
Configuring a Secure Connection between Cisco Unified Presence and XMPP Clients, page 9-3
Turning On Cisco Unified Presence Services to Support XMPP Clients, page 9-4
About Third-Party Client Integration
Supported Third-Party XMPP Clients, page 9-1
License Requirements for Third-Party Clients, page 9-2
XMPP Client Integration on Cisco Unified Communications Manager, page 9-2
LDAP Integration for XMPP Contact Search, page 9-2
Domain Name for XMPP Clients, page 9-2
DNS Configuration for XMPP Clients, page 9-3
Supported Third-Party XMPP Clients

Cisco Unified Presence supports standards-based XMPP to enable third-party XMPP client applications
to integrate with Cisco Unified Presence for availability and instant messaging (IM) services.
Third-party XMPP clients must comply with the XMPP standard as outlined in the Cisco Software
Development Kit (SDK).
This module describes the configuration requirements for integrating XMPP clients with Cisco Unified
Presence. If you are integrating XMPP-based API (web) client applications with Cisco Unified Presence,
also see developer documentation for Cisco Unified Presence APIs on the Cisco Developer Portal.
Related Topic
Cisco Developer portal:

http://developer.cisco.com/
9-1
Chapter 9
About Third-Party Client Integration
License Requirements for Third-Party Clients

For each user of an XMPP client application, you require a Cisco Unified Presence user feature license.
The Cisco Unified Presence user feature license consumes one Cisco Unified Communications Manager
Device License Unit (DLU). On Cisco Unified Communications Manager, you will need to upload the
user DLU, and assign Cisco Unified Presence capabilities to the user.
Related Topics
Uploading a License File on Cisco Unified Communications Manager in the Installation Guide for
Cisco Unified Presence Release 8.6.
Assigning the Licensing Capabilities on Cisco Unified Communications Manager in the Installation
Guide for Cisco Unified Presence 8.6.
XMPP Client Integration on Cisco Unified Communications Manager

Before you integrate an XMPP client, perform the following tasks on Cisco Unified Communications
Manager:
Configure the licensing requirements. Upload the user DLU, and then assign Cisco Unified Presence
capabilities for the user.
Configure the users and devices. Associate a device with each user, and associate each user with a
line appearance.
Related Topics
Configuring the Licensing for this Integration, page 2-1
User and Device Configuration on Cisco Unified Communications Manager, page 3-1.
LDAP Integration for XMPP Contact Search

To allow users of the XMPP client applications to search and add contacts from an LDAP directory,
configure the LDAP settings for XMPP clients on Cisco Unified Presence.
Related Topic
How to Integrate the LDAP Directory for Contact Searches on XMPP Clients, page 15-13
Domain Name for XMPP Clients

The domain name on the XMPP client, specifically the XMPP connection attempt domain name, must
match the domain on Cisco Unified Presence. To verify the domain value on Cisco Unified Presence,
select Cisco Unified Presence Administration > System > Cluster Topology, select Settings in the
right pane, and verify the Domain Name value.
9-2
Chapter 9

Configuring a Secure Connection between Cisco Unified Presence and XMPP Clients
DNS Configuration for XMPP Clients

You must enable DNS SRV in your deployment when you integrate XMPP clients with Cisco Unified
Presence. The XMPP client performs a DNS SRV query to find an XMPP server (Cisco Unified
Presence) to communicate with, and then performs a record lookup of the XMPP server to get the IP
address.
Configuring a Secure Connection between Cisco Unified

Presence and XMPP Clients
Procedure
Step 1
Cisco Unified Presence Administration > System > Security > Settings
Step 2
Perform these configuration steps:
If You Want To...
Do This
Establish a secure TLS connection between Cisco Select Enable XMPP Client To CUP Service
Unified Presence and XMPP client applications in Secure Mode.
a cluster.
We recommend that you do not turn off this secure
mode unless the XMPP client application can
protect the client login credentials in non-secure
mode. If you do turn off the secure mode, verify
that you can secure the XMPP client-to-server
communication in some other way.
Establish a secure TLS connection between Cisco Select Enable Web Client To CUP Service
Unified Presence and XMPP-based API client
Secure Mode.
applications in a cluster.
If you turn on this setting, upload the certificates
or signing certificates for the web client in the
cup-xmpp-trust repository on Cisco Unified
Presence.
Step 3
Select Save.
If you update the XMPP security settings, perform one of these actions:
Restart the following services:

Restart the Cisco UP XCP Connection Manager if you edit Enable XMPP Client To CUP
Service Secure Mode. Select Cisco Unified Serviceability > Tools > Control Center Feature Services to restart this service
Restart the Cisco UP XCP Web Connection Manager if you edit Enable Web Client To CUP
Service Secure Mode. Select Cisco Unified Serviceability > Tools > Control Center Feature Services to restart this service
9-3
Chapter 9
Turning On Cisco Unified Presence Services to Support XMPP Clients
What To Do Next
Related Topic
Turning On Cisco Unified Presence Services to Support XMPP

Clients
Note
Perform this procedure on each node in your Cisco Unified Presence cluster.
Procedure
Step 1
Select Cisco Unified Serviceability > Tools > Service Activation.
Step 2
Step 3
Turn on the following services:
Step 4
Cisco UP XCP Connection Manager - Turn on this service if you are integrating XMPP clients (such
as Cisco Unified Personal Communicator), or XMPP-based API clients, on Cisco Unified Presence
Cisco UP XCP Authentication Service - Turn on this service if you are integrating XMPP clients
(such as Cisco Unified Personal Communicator), or XMPP-based API clients, or XMPP-based API
clients, on Cisco Unified Presence.
Cisco UP XCP Web Connection Manager - Optionally, turn on this service if you are integrating
XMPP clients (such as Cisco Unified Personal Communicator), or XMPP-based API clients, on
Select Save.
Troubleshooting Tip
For XMPP clients to function correctly, make sure you turn on the Cisco UP XCP Router on all nodes
in your cluster.
Related Topics
Configuring a Secure Connection between Cisco Unified Presence and XMPP Clients, page 9-3
9-4
CH A P T E R
10

May 30, 2012
About Chat, page 10-1
How to Configure Chat Settings on Cisco Unified Presence, page 10-4
How to Manage Chat Node Aliases, page 10-7
Sample Deployments, page 10-12
Chat, page 10-1
IM Forking, page 10-2
Offline IM, page 10-2
Broadcast IM, page 10-2
Chat Rooms on Cisco Unified Presence, page 10-2
Chat Room Limits, page 10-3
File Transfer, page 10-3
Important Notes About Cisco Unified Presence Service and Chat, page 10-3
About Chat
Chat
Point-to-point Instant Messaging (IM) supports real-time conversations between two users at a time.
Cisco Unified Presence exchanges messages directly between users, from the sender to the recipient.
Users must be online in their IM clients to exchange point-to-point IMs.
From Cisco Unified Presence Release 8.5(x) and later, you can disable both the chat and availability
functionality on Cisco Unified Presence.
Related Topics
Turning On or Off Availability Sharing for a Cisco Unified Presence Cluster, page 6-47
10-1
Chapter 10
About Chat
IM Forking
When a user sends an IM to a contact who is signed in to multiple IM clients. Cisco Unified Presence
delivers the IM to each client. This functionality is called IM forking. Cisco Unified Presence continues
to fork IMs to each client, until the contact replies. Once the contact replies, Cisco Unified Presence only
delivers IMs to the client on which the contact replied.
Note
IM forking is not supported when using Cisco IP Phone Messenger (IPPM) with Cisco Unified
Personal Communicator Release 7.0.
From Cisco Unified Presence Release 8.5(x) and later, you can disable offline instant messaging on
Related Topic
Turning On or Off Offline Instant Messaging, page 6-52
Offline IM
Offline IM is the ability to send IMs to a contact when they are offline. When a user sends an IM to an
offline contact, Cisco Unified Presence stores the IM and delivers the IM when the offline contact signs
in to an IM client.
Broadcast IM
Broadcast IM is the ability to send an IM to multiple contacts at the same time, for example, a user wants
to send a notification to a large group of contacts. Note that not all IM clients support this feature.
Chat Rooms on Cisco Unified Presence

Cisco Unified Presence supports IM exchange in both temporary (ad-hoc) chat rooms and persistent
(persistent) chat rooms. By default, the Text Conference (TC) component on Cisco Unified Presence is
set up and configured to handle IM exchange in temporary (ad-hoc) chat rooms. There are additional
requirements you must configure to support persistent chat rooms, described further in this module.
Temporary chat rooms are IM sessions that remain in existence only as long as one person is still
connected to the chat room, and are deleted from the system when the last user leaves the room. Records
of the IM conversation are not maintained permanently.
Persistent chat rooms are persistent IM sessions that remain in existence even when all users have left
the room and do not terminate like temporary IM sessions. The intent is that users will return to
persistent chat rooms over time to collaborate and share knowledge of a specific topic, search through
archives of what was said on that topic (if this feature is enabled on Cisco Unified Presence), and then
participate in the discussion of that topic in real-time.
The TC component on Cisco Unified Presence enables users to:
create new rooms, and manage members and configurations of the rooms they create.
invite other users to rooms.
10-2
Chapter 10

About Chat
determine the presence status of the members displayed within the room. The presence status
displayed in a room confirms the attendance of the member in a room but may not reflect their
overall presence status.
In addition, the Persistent Chat feature on Cisco Unified Presence allows users to:
search for and join existing chat rooms.
store a transcript of the chat and make the message history available for searching.
Chat Room Limits

Number Of...
Maximum
Persistent chat rooms per node
1500 rooms
Total rooms per node (temporary and persistent)
16500 rooms
Occupants per room
1000 occupants
Messages that appear in chat history.
100 messages
Note
The default value is 15 messages.
File Transfer
Cisco Unified Presence Release 8.6(x) supports point to point file transfer between XMPP clients
compliant with XEP 096 (http://xmpp.org/extensions/xep-0096.html).
For more information, see Enabling File Transfer, page 10-4.
Important Notes About Cisco Unified Presence Service and Chat

For SIP to SIP IM, the following services must be running on Cisco Unified Presence:
Cisco UP SIP Proxy
Cisco UP XCP Router
For SIP to XMPP IM, the following services must be running on Cisco Unified Presence:
Cisco UP SIP Proxy
Cisco UP XCP Router
Cisco UP XCP Text Conference Manager
10-3
Chapter 10
How to Configure Chat Settings on Cisco Unified Presence
Configuring the Service Parameters for the IM Gateway, page 10-4
Enabling File Transfer, page 10-4
Configuring the Maximum Number of Logon Sessions, page 10-5
Configuring Persistent Chat Room Settings, page 10-5
Configuring the Service Parameters for the IM Gateway

Users of SIP IM clients must be able to exchange bi-directional IMs with users of XMPP IM clients.
Turn on the SIP-to-XMPP connection on the Cisco Unified Presence IM Gateway for IM interoperability
between SIP and XMPP clients.
Restriction
SIP clients cannot participate in chat rooms because this is an XMPP-specific feature.
Before You Begin
The IM gateway is turned on by default. We recommend that you leave it on. Only turn it off if you want
to actively prevent XMPP and SIP client communication.
Procedure
Step 1
Step 2
Step 3
Select Cisco UP SIP Proxy as the service on the Service Parameter Configuration window.
Step 4
Set IM Gateway Status to On in the SIP XMPP IM Gateway (Clusterwide) section.
Step 5
Set the Inactive Timeout interval (in seconds) of IM conversations maintained by the gateway. The
default setting is 600 seconds, which is appropriate to most environments.
Step 6
Specify the error message that you want users to see if the IM fails to deliver. Default error message:
Your IM could not be delivered.
Step 7
Select Save.
What To Do Next
Enabling File Transfer

Administrators can enable or disable Cisco Unified Presence server support for file transfer capability
(XEP-0096). Enabling file transfer support allows XMPP clients to extend file transfer capabilities to
end users.
10-4
Chapter 10

Note
File transfer between a local user and an intercluster peer contact is only possible if both clusters have
the feature enabled.
Procedure
Step 1
Step 2
Step 3
Select Cisco UP XCP Router as the service on the Service Parameter Configuration window.
Step 4
Select On or Off from the Enable file transfer drop-down list.
Step 5
Select Save.
Step 6
Restart the Cisco UP XCP Router Service on every node in the cluster. For more information, see
Restarting the Cisco UP XCP Router Service, page 6-2.
Configuring the Maximum Number of Logon Sessions

Administrators can limit the number of logon sessions per user on the Cisco UP XCP Router. If the limit
is reached, existing XMPP login sessions remain active; however, new XMPP login sessions are
prevented.
Note
This parameter is applicable to XMPP clients only.

Procedure
Step 1
Step 2
From the Server drop-down list, select a Cisco Unified Presence server.
Step 3
From the Service drop-down list, select Cisco UP XCP Router.
Step 4
Enter a parameter value in the Maximum number of logon sessions per user in the XCP Session
Manager Configuration Parameters (Clusterwide) section.
Step 5
Select Save.
Step 6
Restart the Cisco UP XCP Router Service on every node in the cluster. For more information, see
Restarting the Cisco UP XCP Router Service, page 6-2.
Configuring Persistent Chat Room Settings

You need only configure persistent chat settings if you use persistent chat rooms as opposed to temporary
(ad-hoc) chat rooms. This configuration is specific to persistent chat and has no impact on IM archiving
for regulatory compliance.
10-5
Chapter 10
Restriction
SIP clients cannot participate in chat rooms because this is an XMPP-specific feature.
Before You Begin
To use persistent chat rooms, you must configure a unique external database instance per node.
If you use an external database for persistent chat logging, consider the size of your database.
Archiving all the messages in a chat room is optional, and will increase traffic on the node and
consume space on the external database disk. In large deployments, disk space could be quickly
consumed. Ensure that your database is large enough to handle the volume of information.
Before you configure the number of connections to the external database, consider the number of
IMs you are writing offline and the overall volume of traffic that results. The number of connections
that you configure will allow the system to scale. While the default settings on the UI suit most
installations, you may want to adapt the parameters for your specific deployment.
The heartbeat interval is typically used to keep connections open through firewalls. Do not set the
Database Connection Heartbeat Interval value to zero without contacting Cisco support.
Procedure
Step 1
Select Cisco Unified Presence Administration > Messaging > Group Chat and Persistent Chat.
Step 2
Check Enable Persistent Chat.
Step 3
(Optional) Specify how to store chat room messages, if required:
Step 4
a.
Check Archive all room messages if you want to archive all the messages that are sent in the room.
This is a cluster-wide setting that applies to all persistent chat rooms.
b.
Enter the number of connections to the database that you to want to use for processing requests. This
is a cluster-wide setting that applies to all connections between chat nodes and associated databases.
c.
Enter the number of seconds after which the database connection should refresh. This is a
cluster-wide setting that applies to all connections between chat nodes and associated databases.
Select from the list of preconfigured external databases and assign the appropriate database to the chat
node.
If you turn on the Archive all messages in a room setting, we recommend that you monitor the
performance of each external database used for persistent chat. You should anticipate an increased
load on the database server(s).
If you enable persistent chat rooms, but do not establish the correct connection with the external
database, the chat node will fail. Under these circumstances, you will lose the functionality of all
chat rooms - both temporary and persistent. If a chat node establishes a connection (even if other
chat nodes fail), it will still start.
Click the hyperlink if you need to edit the chat node details in the Cluster Topology Details window.
If you update any of the Persistent Chat settings, restart the Cisco UP XCP Text Conference
Manager. Select Cisco Unified Serviceability > Tools > Control Center - Feature Services to
restart this service.
Related Topics
10-6
Chapter 10

How to Manage Chat Node Aliases
How to Manage Chat Node Aliases, page 10-7
To configure an external database instance for offline message logging and retrieval, see the
Database Setup Guide for Cisco Unified Presence.
For more information about IM compliance using either Message Archiver or a third-party
compliance server, see the Instant Messaging Compliance Guide for Cisco Unified Presence.
What To Do Next
Turning On the Cisco UP XCP Text Conference Service, page 10-11.
Chat Node Aliases, page 10-7
Key Considerations, page 10-8
Turning On System-Generated Aliases, page 10-8
Managing Chat Node Aliases Manually, page 10-9
Turning On the Cisco UP XCP Text Conference Service, page 10-11
Chat Node Aliases

Aliases create a unique address for each chat node so that users (in any domain) can search for specific
chat rooms on specific nodes, and join chat in those rooms. Each chat node in a system must have a
unique alias.
Note
This chat node alias, conference-3-mycup.cisco.com, for example, will form part of the unique ID for
each chat room created on that node, roomjid@conference-3-mycup.cisco.com
You can assign your aliases cluster-wide, in these ways:
System-generatedallows the system to automatically assign a unique alias to each chat node.You
do not have do to anything further to address your chat node if you enable the system-generated
aliases. The system will auto-generate one alias per chat node by default using the following naming
convention: conference-x-clusterid.domain, where:
conference - is a hardcoded keyword
x- is the unique integer value that denotes the node ID
Example: conference-3-mycup.cisco.com
ManuallyYou may choose to override the default system-generated alias if the

conference-x-clusterid.domain naming convention does not suit your customer deployment, for
example, if you do not want to include the Cluster ID in your chat node alias. With
manually-managed aliases, you have complete flexibility to name chat nodes using aliases that suit
your specific requirements.
Additional AliasesYou can associate more than one alias with each chat node on a per-node basis.
Multiple aliases per node allows users to create additional chat rooms using these aliases. This
applies whether you assign a system-generated alias or manage your aliases manually.
10-7
Chapter 10
Key Considerations
Changing chat node aliases can make the chat rooms in the database unaddressable and prevent your
users from finding existing chat rooms.
Note these results before you change the constituent parts of aliases or other node dependencies:
Cluster ID - This value is part of the fully qualified cluster name (FQCN). Changing the Cluster ID
(select System > Cluster Topology: Settings) causes the FQCN to incorporate the new value and
the system-managed alias to automatically change across the cluster. For manually-managed aliases,
it is the responsibility of the Administrator to manually update the alias list if the Cluster ID
changes.
Domain - This value is part of the FQCN. Changing the Domain (select System > Service
Parameters > Cisco UP Proxy) causes the FQCN to incorporate the new value and the
system-managed alias to automatically change across the cluster. For manually-managed aliases, it
is the responsibility of the Administrator to manually update the alias list if the Domain changes.
Connection between the chat node and external database - The chat node will not start if persistent
chat is enabled and you do not maintain the correct connection with the external database.
Deletion of a chat node - If you delete a node associated with an existing alias from the Cluster
Topology, chat rooms created using the old alias may not be addressable unless you take further
action.
We recommend that you do not change existing aliases without considering the wider implications of
your changes, namely:
Make sure that you maintain the address of old chat nodes in the database so that users can locate
existing chat rooms via the old alias, if required
If there is federation with external domains, you may need to publish the aliases in DNS to inform
the users in those domains that the aliases have changed and new addresses are available. This
depends on whether or not you want to advertise all aliases externally.
Related Topic
For best practice guidelines, see Scenario 1, page 10-13
Turning On System-Generated Aliases

Before You Begin
Review the topics about chat node aliases and key considerations.
You cannot edit or delete a system-generated alias, for example, conference-3-mycup.cisco.com.
Procedure
Step 1
Step 2
Check System Automatically Manages Primary Group Chat Server Aliases to enable the system to
automatically assign chat room aliases to nodes, using this alias naming convention:
conference-x-clusterid.domain.
10-8
Chapter 10

Step 3
The Number of messages in chat history displayed for new conference participants setting controls
the number of instant messages from the recent message history that Cisco Unified Presence pushes to
the client application of a user when that user joins a chat room. Increase this number if you want to
display more text message history to users.
Step 4
Select Messaging > Group Chat Server Alias Mapping to verify that the system-generated alias is
listed under Primary Group Chat Server Aliases.
Even if you configure a system-generated alias for a chat node, you can associate more than one alias
with the node if required.
If you are federating with external domains, you may want to inform federated parties that the
aliases have changed and new aliases are available. To advertise all aliases externally, configure
DNS and publish the aliases as DNS records.
If users of clients applications create a chat room, they may potentially override the default number
of messages that display in a chat room.
Note that if you turn on the Archive all room messages option for persistent chat, Cisco Unified
Personal Communicator actively queries Cisco Unified Presence for all instant message history
regardless of the value you configure for the Number of messages in chat history displayed for
new chat participants setting.
If you update any of the system-generated alias configuration, perform one of these actions:
Restart the Cisco UP XCP Text Conference Manager. Select Cisco Unified Serviceability >
Tools > Control Center - Feature Services to restart this service

The Number of messages in chat history displayed for new chat participants setting updates
dynamically; You do not need to restart the Cisco UP XCP Text Conference Manager.
Related Topics
What To Do Next
For best practice guidelines, see Scenario 1, page 10-13
Managing Chat Node Aliases Manually

Before You Begin
Review the topics about chat node aliases and key considerations.
If you do not want to use a system-generated alias, you must turn off the default setting.
If you turn off a system-generated alias, the old alias (conference-x-clusterid.domain) reverts
to a standard, editable alias listed under Conference Server Aliases. This maintains the old alias
and the chat room addresses associated with that alias.
10-9
Chapter 10
Even if you configure a system-generated alias for a chat node, you can associate more than one
alias with the node if required. You can manually assign one (or more) aliases to chat nodes.
You can also edit aliases and delete any aliases that you no longer need.
Although it is not mandatory, we recommend that you always include the Domain when you assign
a new chat node alias to a node. Use this convention for additional aliases, newalias.domain. Select
System > Cluster Topology: Settings in Cisco Unified Presence Administration to see the Domain.
For manually-managed aliases, it is the responsibility of the Administrator to manually update the
alias list if the Cluster ID or Domain changes. System-generated aliases will incorporate the
changed values automatically.
Procedure
Step 1
Step 2
[If Required] Uncheck System Automatically Manages Primary Group Chat Server Aliases to turn
off the default system-generated alias.
Step 3
All the existing chat node aliases (including the disabled system-generated alias) are listed together
under Group Chat Server Aliases. To view the alias list, perform these actions:
Step 4
a.
Select Messaging > Group Chat Server Alias Mapping.
b.
Click Find.
Complete one or more of the following actions as required:

If you want to:
Action
Edit an existing alias (old

system-generated or user-defined alias)
a.
Select the hyperlink for any existing alias that

you want to edit.
b.
Edit the alias for the node in the Group Chat

Server Alias field. Make sure the alias is
unique for the node.
c.
Select the appropriate node to which you want

to assign this changed alias.
a.
Click Add New.
b.
Enter a unique alias for the node in the Group

Chat Server Alias field.
c.
Select the appropriate node to which you want

to assign the new alias.
a.
Check the check box for the alias that you

want to delete.
b.
Click Delete Selected.
Add a new chat node alias
Delete an existing alias
Every chat node alias must be unique. The system will prevent you from creating duplicate chat node
aliases across the cluster.
A chat node alias name cannot match the Cisco Unified Presence domain name.
Delete old aliases only if you no longer need to maintain the address of chat rooms via the old alias.
10-10
Chapter 10

If you are federating with external domains, you may want to inform federated parties that the
aliases have changed and new aliases are available. To advertise all aliases externally, configure
DNS and publish the aliases as DNS records.
If you update any of the chat node alias configuration, restart the Cisco UP XCP Text Conference
Manager.
Related Topics
Turning On System-Generated Aliases, page 10-8
For best practice guidelines, see Sample Deployments, page 10-12
What To Do Next
Turning On the Cisco UP XCP Text Conference Service

This procedure applies if you configure the persistent chat room settings, or manually add one or more
aliases to a chat node. You must also turn on this service if you want to enable temporary (ad-hoc) chat
on a node.
Before You Begin
If persistent chat is enabled, an external database must be associated with the Text Conference Manager
service, and the database must be active and reachable or the Text Conference Manager will not start. If
the connection with the external database fails after the Text Conference Manager service has started,
the Text Conference Manager service will remain active and functional, however, messages will no
longer be persisted to database and new persistent rooms cannot be created until the connection recovers.
Procedure
Step 1
Step 2
Select the chat node from the Server menu.
Step 3
Select the Cisco UP XCP Text Conference Manager service to turn it on.
Step 4
Select Save.
Related Topics
10-11
Chapter 10
Sample Deployments
Sample Deployments
The tables below contain a sample range of deployment scenarios that administrators may want to
configure
10-12
Chapter 10

Sample Deployments
Scenario 1
Deployment Scenario:
Configuration Steps:
You do not want to include the Cluster ID in the chat node alias. Instead
of the system-generated alias conference-1-mycup.cisco.com, you want
to use the alias primary-conf-server.cisco.com.
1.
Select Messaging > Enterprise Instant Messaging to turn off the

system-generated alias. (This is on by default).
2.
Edit the alias and change it to primary-conf-server.cisco.com.
Notes:
When you turn off the old system-generated alias,

conference-1-mycup.cisco.com reverts to a standard, editable alias listed
under Group Chat Server Aliases. This maintains the old alias and the
chat room addresses associated with that alias.
Deployment Scenario::
You want to:
Scenario 2
Notes:
change the Domain from cisco.com to linksys.com and use

conference-1-mycup.linksys.com instead of
conference-1-mycup.cisco.com.
maintain the address of existing persistent chat rooms in the

database so that users can still find old chat rooms of type
xxx@conference-1-mycup.cisco.com.
1.
Select System > Service Parameters > Cisco UP Proxy in Cisco

Unified Presence Administration.
2.
Edit the Domain and change it to linksys.com.
When you change the domain, the fully qualified cluster name (FQCN)
automatically changes from conference-1-mycup.cisco.com to
conference-1-mycup.linksys.com. The old system-generated alias
conference-1-mycup.cisco.com reverts to a standard, editable alias listed
under Group Chat Server Aliases. This maintains the old alias and the
chat room addresses associated with that alias.
10-13
Chapter 10
Sample Deployments
Scenario 3
You:
want to change the Cluster ID from mycup to ireland to use

conference-1-ireland.cisco.com instead of
do not need to maintain the address of existing persistent chat

rooms in the database.
1.
Select Presence > Settings in Cisco Unified Presence

Administration.
2.
Edit the Cluster ID and change it to ireland.
3.
Select Messaging > Conferencing Server Alias Mapping in

Cisco Unified Presence Administration.
4.
Delete the old alias conference-1-mycup.cisco.com.
Notes:
When you change the Cluster ID, the fully qualified cluster name
(FQCN) automatically changes from conference-1-mycup.cisco.com
to conference-1-ireland.cisco.com. The old system-generated alias
conference-1-mycup.cisco.com reverts to a standard, editable alias
listed under Group Chat Server Aliases. This maintains the old alias
and the chat room addresses associated with that alias. Because (in
this example) the Administrator has no need to maintain the old alias
address, it is appropriate to delete it.
You want to:
Scenario 4
change the Cluster ID from mycup to ireland to use

conference-1-ireland.cisco.com instead of
only maintain chat room addressing via the old alias (does not
need to associate nodes with the new system-generated alias).
10-14
Chapter 10

Sample Deployments
Notes:
1.
Select Presence > Settings in Cisco Unified Presence

Administration.
2.
Edit the Cluster ID and changes it to ireland.
3.
Select Messaging > Enterprise Instant Messaging and turn off

the new system-generated alias, conference-1-ireland.cisco.com.
(This is on by default).
4.

Cisco Unified Presence Administration
5.
Deletes the new alias conference-1-ireland.cisco.com.
When you change the Cluster ID, the fully qualified cluster name
(FQCN) automatically changes from conference-1-mycup.cisco.com
to conference-1-ireland.cisco.com. When you turn off the new
system-generated alias, conference-1-ireland.cisco.com reverts to a
standard, editable alias listed under Group Chat Server Aliases.
Because (in this example) the Administrator has no need to maintain
the new alias address, it is appropriate to delete it. The old
system-generated alias conference-1-mycup.cisco.com reverts to a
standard, editable alias listed under Group Chat Server Aliases. This
maintains the old alias and the chat room addresses associated with
that alias.
10-15
Chapter 10
Sample Deployments
Scenario 5
You want to:
delete a node associated with an existing alias from the System

Topology, for example, conference-3-mycup.cisco.com.
add a new node with a new node ID (node id: 7) to the System
Topology, for example, conference-7-mycup.cisco.com.
maintain the address of chat rooms that were created using the
old alias.
Option 1
1.

Cisco Unified Presence Administration.
2.
Select Add New to add the additional alias,

Option 2
Notes:
1.
Select Messaging > Enterprise Instant Messaging and turn off

the default system-generated alias,
conference-7-mycup.cisco.com. (This is on by default).
2.
Edit the alias and change it to conference-3-mycup.cisco.com.
When you add the new node to the System Topology, the system
automatically assigns this alias to the node:
Option 1
If you add an additional alias, the node is addressable via both

aliases, conference-7-mycup.cisco.com and
Option 2
10-16
If you turn off the old system-generated alias,

conference-7-mycup.cisco.com reverts to a standard, editable
alias listed under Group Chat Server Aliases.
CH A P T E R
11
Configuring the Cisco IP Phone Messenger

Service
May 30, 2012
Prerequisites for Integrating Cisco IP Phone Messenger, page 11-1
How to Configure Cisco IP Phone Messenger on Cisco Unified Communications Manager,

page 11-1
How to Configure Cisco IP Phone Messenger on Cisco Unified Presence, page 11-3
Prerequisites for Integrating Cisco IP Phone Messenger

Before you configure Cisco IP Phone Messenger, make sure that you have configured the following:
Configured the Cisco Unified Communications Manager server for integration with
Configured the Cisco Unified Presence server for deployment in the network.
Related Topics
Configuring Cisco Unified Communications Manager for Integration with Cisco Unified Presence,
page 3-1.
Configuring a Cisco Unified Presence Server for Deployment in the Network, page 6-1
How to Configure Cisco IP Phone Messenger on

Configuring Cisco IP Phone Messenger as an Application User, page 11-2
Configuring a Phone Service for the Cisco IP Phone Messenger, page 11-2
Subscribing Phones to the Cisco IP Phone Messenger Service, page 11-3
11-1
Chapter 11
How to Configure Cisco IP Phone Messenger on Cisco Unified Communications Manager
Configuring Cisco IP Phone Messenger as an Application User

Procedure
Step 1
Select Cisco Unified Communications Manager Administration > User Management > Application
User.
Step 2
Select Add New.
Step 3
Enter an application username in the User ID field, for example, PhoneMessenger.
Step 4
Enter a password for this application user, and confirm the password.
Step 5
Select the devices that you want the application user to control.
Step 6
Select Save.
Related Topic

What To Do Next
Configuring a Phone Service for the Cisco IP Phone Messenger, page 11-2
Configuring a Phone Service for the Cisco IP Phone Messenger

Before You Begin
Configure Cisco IP Phone Messenger as an application user on Cisco Unified Communications Manager.
Procedure
Step 1
Select Cisco Unified Communications Manager Administration > Device > Device Settings > Phone
Services.
Step 2
Select Add New.
Step 3
Enter PhoneMessenger in the Service Name field.
Step 4
Enter IP Phone Messenger in the Service Description field.
Step 5
Enter this URL in the Service URL field:

http://my-cups:8081/ippm/default?name=#DEVICENAME#
where my-cups specifies the IP address of the Cisco Unified Presence unless DNS is enabled on the
phone.
Step 6
Select XML Service from the Service Category menu.
Step 7
Select Standard IP Phone Service from the Service Type menu.
Step 8
Check Enable.
Step 9
Select Save.
11-2
Chapter 11

How to Configure Cisco IP Phone Messenger on Cisco Unified Presence
Related Topic

What To Do Next
Subscribing Phones to the Cisco IP Phone Messenger Service

Before You Begin
Configure a Phone Service for Cisco IP Phone Messenger on Cisco Unified Communications Manager.
Procedure
Step 1
Select Cisco Unified Communications Manager Administration > Device > Phone.
Step 2
Select Find.
Step 3
Select a phone device link to access the Phone Configuration window.
Step 4
Select Subscribe/Unsubscribe Services from the menu in the Related Links navigation box at the top
right of the window.
Step 5
Select Go.
Step 6
Select PhoneMessenger from the Select a Service menu in the Subscribed Cisco IP Phone Services
window.
Step 7
Select Next.
Step 8
Select Subscribe when the window displays again.
Step 9
Select Save when the window displays again.
Step 10
Reset the phones individually or as a group.
Related Topic

What To Do Next
How to Configure Cisco IP Phone Messenger on Cisco Unified Presence, page 11-3
How to Configure Cisco IP Phone Messenger on

Configuring the Cisco IP Phone Messenger Settings, page 11-4
Using Cisco IP Phone Messenger Across Clusters, page 11-4
Configuring Meeting Notification Settings, page 11-5
Information to Provide to Users About the Meeting Notification Feature, page 11-5
Configuring Cisco IP Phone Messenger Response Messages, page 11-6
11-3
Chapter 11
Sending a Broadcast Message, page 11-7
Signing Out a Cisco IP Phone Messenger User, page 11-7
Configuring the Cisco IP Phone Messenger Settings

Before You Begin
Obtain the application username and password that you configured for the Cisco IP Phone Messenger
on Cisco Unified Communications Manager.
Restriction
The Cisco IP Phone Messenger application username and password must match the configured
application username and password on Cisco Unified Communications Manager for the Cisco IP Phone
Messenger service to work properly.
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > IP Phone Messenger > Settings.
Step 2
Select On from the Application Status menu.
Step 3
Enter the application username that you configured on Cisco Unified Communications Manager for the
Cisco IP Phone Messenger service.
Step 4
Enter the password that you configured on Cisco Unified Communications Manager for the Cisco IP
Phone Messenger service.
Step 5
Select Save.
Troubleshooting Tip
You can also use the System Dashboard to view enabled Cisco IP Phone Messenger users in
Cisco Unified Presence Administration. Select Diagnostics > System Dashboard.
Related Topics
Configuring Firewalls to Pass Cisco Unified Personal Communicator Traffic, page 12-8
Using Cisco IP Phone Messenger Across Clusters

Users can add contacts using valid extension numbers. Extension numbers are considered valid when
both the user and contact reside within the same cluster. If the contact resides in a different cluster, the
user will receive an error message after entering the extension number and the contact will be not added
to the users contact list. In this case, contacts can be added by user ID. The geographic limitation does
not exist for this method of adding contacts.
11-4
Chapter 11

Configuring Meeting Notification Settings

The Meeting Notification feature allows users to receive incoming meeting notifications from a
Microsoft Outlook calendar on their Cisco IP Phone Messenger enabled phone. To configure the Meeting
Notification feature, you must integrate Cisco Unified Presence with a Cisco Unified MeetingPlace
server.
Note
Cisco Unified Presence does not support Cisco Unified MeetingPlace Express.
Before You Begin
Obtain the hostname or IP address for the Cisco Unified MeetingPlace server.
Procedure
Step 1
Select Application > IP Phone Messenger > Meeting Notification > Settings.
Step 2
Enter the host name or IP address for the Cisco Unified MeetingPlace server.
Step 3
Enter the port number for the Cisco Unified MeetingPlace server.
The default port numbers are 80 (SSL disabled) or 443 (SSL enabled).
Step 4
Check Use SSL if you want to use Secure Socket Layer (SSL) to communicate with the
Cisco Unified MeetingPlace server.
Step 5
(If SSL enabled) Enter the subject common name for the Cisco Unified MeetingPlace server.
Note
If you select to configure a secure connection between Cisco Unified Presence and
Cisco Unified MeetingPlace, you must configure certificate exchange between the two servers. You
must upload the Cisco Unified MeetingPlace server certificate to Cisco Unified Presence as a cup-trust
certificate. Once you have uploaded the certificate to Cisco Unified Presence, you must restart the SIP
proxy service.
Related Topics
Configuring the Cisco IP Phone Messenger Settings, page 11-4
page 8-5
Information to Provide to Users About the Meeting Notification Feature

Provide the following information to your users about setting up the Meeting Notification feature in
Microsoft Outlook.
The Meeting Notification feature allows you to receive Microsoft Outlook meeting notifications on your
Cisco IP Phone Messenger phone. To use the Meeting Notification feature, you must set up your meeting
invitations in Microsoft Outlook as follows:
If you schedule a Cisco Unified MeetingPlace meeting, set the Location field on the Microsoft
Outlook meeting invite window to:
11-5
Chapter 11
MeetingPlace: XXXXXXX ID: XXXX

For example, MeetingPlace: 4761000 ID: 1020 where 4761000 is the meeting bridge number and
1020 is the meeting ID.
If you schedule a meeting on another supported conferencing server, set the Location field on the
Microsoft Outlook meeting invite window to:
Dial: XXXXXXX ID: XXXX
For example, Dial: 4762000 ID: 2000 where 4762000 is the meeting bridge number and 2000 is the
meeting ID.
When the meeting alert message displays on your Cisco Unified IP Phone, you can join the scheduled
meeting by pressing Join.
If you schedule a Cisco Unified MeetingPlace meeting, you can set Cisco Unified MeetingPlace to call
your Cisco Unified IP Phone when the scheduled meeting is about to begin. On your Cisco Unified IP
Phone, press Todays meetings, select the meeting entry, and press Callback.
Note
You can turn off the Meeting Notification feature on your Cisco Unified IP Phone. Press Settings >
Meeting Notifications, and turn off Enable Meeting Notifications.
Related Topic
User Guide for Cisco Unified Presence
Configuring Cisco IP Phone Messenger Response Messages

You can configure a predefined set of response messages to display in Cisco IP Phone Messenger, for
example:
On the phone, hold on
On the phone, call later
Not available
Yes
These response messages allow the phone user to respond to incoming phone messages quickly. In
addition, you can predefine a custom message, and control and change the order in which messages are
displayed on the phone.
You can configure up to a maximum of 10 predefined response messages.
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > IP Phone Messenger > Response
Messages.
Step 2
Select Add New.
Step 3
Enter or modify the message text.
Step 4
Select the up or down arrow adjacent to the message to change the order in which the messages display.
11-6
Chapter 11

Step 5
Select Save.
Sending a Broadcast Message

You can send a broadcast message to one or more Cisco IP Phone Messenger users.
Note the following changes to the broadcast feature behavior for Cisco Unified Presence Release 8.0(x):
The Cisco IP Phone Messenger user receives broadcast messages in the Messages menu on their
phone. The sender of the message is cupsystemadmin.
If a user signs in to Cisco IP Phone Messenger and Cisco Unified Personal Communicator at the
same time, the user does not receive the broadcast message.
If a user signs in to Cisco IP Phone Messenger and an XMPP client at the same time, but not
Cisco Unified Personal Communicator, the user receives the broadcast message.
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > IP Phone Messenger > Status.
Step 2
Locate the Cisco IP Phone Messenger user(s).
Step 3
Step 4
Select the end users to whom you want to send a broadcast message.
Select Select All.
Enter the broadcast message text in the Message box.
Step 5
Select Broadcast.
Step 6
Perform one of the following actions when you are prompted to confirm that you want to send a
broadcast message:
Select OK to send the message.
Select Cancel to exit without sending the message.
Troubleshooting Tip
For the Broadcast feature to work on Cisco Unified Presence, you must turn on the Cisco UP XCP SIP
Federation Connection Manager service. In Cisco Unified Serviceability, select Tools > Service
Activation.
Signing Out a Cisco IP Phone Messenger User

You can force one or more users to sign out from the Cisco IP Phone Messenger service.
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > IP Phone Messenger > Status.
Step 2
Locate the Cisco IP Phone Messenger user.
11-7
Chapter 11
Step 3
Select the end users that you want to sign out.
Select Select All.
Step 4
Select Logout.
Step 5
Perform one of the following actions when you are prompted to confirm that you want to sign out the
users:
Select OK to sign out the users.
Select Cancel to exit without signing out the users.
11-8
CH A P T E R
12
Configuring Basic Features for Cisco Unified

May 30, 2012
This chapter includes the information required to deploy Cisco Unified Personal Communicator. For
information specific to Cisco Jabber clients, such as Jabber for Windows, see the appropriate client
documentation below:
Cisco Jabberhttp://www.cisco.com/web/products/voice/jabber.html
Cisco Jabber for Windowshttp://www.cisco.com/en/US/products/ps12511/index.html
Cisco Jabber for Machttp://www.cisco.com/en/US/products/ps11764/index.html
Androidhttp://www.cisco.com/en/US/products/ps11678/index.html
BlackBerryhttp://www.cisco.com/en/US/products/ps11763/index.html
iPadhttp://www.cisco.com/en/US/products/ps12430/index.html
iPhonehttp://www.cisco.com/en/US/products/ps11596/index.html
Nokiahttp://www.cisco.com/en/US/products/ps11766/index.html
Video for TelePresencehttp://www.cisco.com/en/US/products/ps11328/index.html
Web SDKhttp://www.cisco.com/en/US/products/ps11765/index.html
If you want to continue with information specific to Cisco Unified Personal Communicator, proceed
with the contents in this chapter;
Roadmap for Deploying Cisco Unified Personal Communicator, page 12-3
Prerequisites for Integrating Cisco Unified Personal Communicator, page 12-7
Adding Licensing Capabilities for Users, page 12-8
Configuring Firewalls to Pass Cisco Unified Personal Communicator Traffic, page 12-8
Verifying That the Cisco UP XCP Router Service Is Running, page 12-8
(Cisco Unified Personal Communicator Release 8.x) About Configuring XCP Services for
Cisco Unified Personal Communicator, page 12-9


Cisco Unified Communications Manager, page 12-11
12-1
Chapter 12

About Configuring Cisco Unified Personal Communicator on Cisco Unified Presence, page 12-20
How to Configure Cisco Unified Personal Communicator on Cisco Unified Presence, page 12-21
About Configuring CTI Gateway Settings for Desk Phone Control on Cisco Unified Presence,
page 12-26
page 12-28
How to Configure Video Calls and Videoconferencing, page 12-30
12-2
Chapter 12


The following table provides a feature-by-feature map of topics that describe the tasks you need to
perform to deploy Cisco Unified Personal Communicator:
To Deploy These
Features...
Pre-deployment
tasks
Availability status
information and
instant messaging
Advanced instant
messaging features,
such as group chat
and persistent chat
rooms
Read These Topics...
Perform These Tasks...
Prerequisites for Integrating

Communicator, page 12-7
(Cisco Unified Personal

Communicator Release 8.x)
Required XCP Services,
page 12-9

Optional XCP Services,
page 12-9

page 12-9
Assign the licensing capabilities on

Cisco Unified
Communications Manager. See the
Installation Guide for Cisco Unified
Presence Release 8.6 for more
information.
Configuring Firewalls to Pass

Communicator Traffic, page 12-8
Verifying That the Cisco UP XCP

Router Service Is Running,
page 12-8
Turning On Cisco Unified Presence

Services to Support XMPP Clients,
page 9-4

Configuring Settings, page 12-22

Communicator Release 8.5)
Configuring Chat History,
page 12-11
Configuring the Service Parameters

for the IM Gateway, page 12-10

Configuring Persistent Chat Rooms,
page 12-10
12-3
Chapter 12
To Deploy These
Features...
Place calls from a
computer
Place calls from a

desk phone
Application Dialing and

Directory Lookup Rules,
page 12-11
Creating a Softphone Device for

Each Cisco Unified Personal
Communicator User, page 12-15
Transformation of Dialed
Numbers by Cisco Unified
Personal Communicator,
page 12-12
Associating Users with Softphone

Devices, page 12-17
Adding Users to User Groups,

page 12-18
Associating a New Device with a

User, page 12-18

User, page 12-18

User, page 12-18
Resetting a Device, page 12-19
Configuring the Proxy Listener and

TFTP Addresses, page 12-21

Configuring CTI Gateway Server

Names and Addresses, page 12-28
Creating CTI Gateway Profiles,

page 12-29
Cisco Unified Client Services

Framework Device Type,
page 12-13
Extension Mobility
Configuration, page 12-13

Guidelines for Configuring the
Softphone Device Name,
page 12-14
(Cisco Unified
Release 7.1) Guidelines for
Configuring the Softphone
Device Name, page 12-14
TFTP Server Connection,

page 12-20
Desk Phone Control and the

CTI Connection Failures,
page 12-26
(Cisco Unified
Release 7.x) Desk Phone
Control and LDAP
TelephoneNumber Field,
page 12-27
12-4
Chapter 12

To Deploy These
Features...
Video calls and
videoconferencing
Voicemail
Secure Voicemail Messaging

on Cisco Unity Connection,
page 13-2

on Cisco Unity, page 13-2

Configuration, page 13-3
Configuring Users for Point-to-Point

Video Calls and for Multipoint
Videoconferencing, page 12-30
Configuring Videoconferencing
Resources and Ad-Hoc Conferencing
on Cisco Unified Communications
Manager, page 12-31

Connecting a
Cisco Unified IP Phone to the
Network and Your Computer,
page 12-34

Enabling Video for a
Cisco Unified IP Phone, page 12-35

Configuring Cisco Unity Connection

Servers, page 13-4
Configuring Cisco Unity Servers,

page 13-6
Configuring Voicemail Server Names

and Addresses on Cisco Unified
Presence, page 13-9
Configuring Mailstore Server Names

and Addresses on Cisco Unified
Presence, page 13-9
Creating Voicemail Profiles on Cisco

Unified Presence, page 13-11

12-5
Chapter 12
To Deploy These
Features...
Conference calls

MeetingPlace Express and
Cisco Unified MeetingPlace Express
VT Servers, page 13-13
Configuring
Cisco Unified MeetingPlace Servers,
page 13-16

Configuring the
Cisco Unified MeetingPlace Web
Server, page 13-18
Configuring Conferencing Server

Names and Addresses on Cisco
Unified Presence, page 13-19)
Creating Conferencing Profiles on

Cisco Unified Presence, page 13-21

Communicator Release 8.x) Creating
Audio Profiles on Cisco Unified
Presence, page 13-23
Alternative server to
control signing in
Configuring CCMCIP Profiles for

Communicator Release 8.x,
page 13-24
Security features

High availability
features
High Availability, page 12-21
How To Configure High Availability

Deployments, page 6-21
Third-party client
applications

page 12-9
About Configuring Third-Party

Clients on Cisco Unified Presence,
page 13-26
Audio quality
features
How to Configure
Conferencing Servers for
12-6
Chapter 12

Prerequisites for Integrating Cisco Unified Personal Communicator
To Deploy These
Features...
HTML content
display
Desktop agent

How to Use Cisco Unified
Personal Communicator as a
Desktop Agent, page 13-26

Distributing HTML Files for Display
in the Cisco Unified Personal
Communicator Window, page 13-29
Before You Start Cisco Unified

Personal Communicator as a Desktop
Agent, page 13-27
Starting Cisco Unified Personal

Communicator as a Desktop Agent,
page 13-28
Prerequisites for Integrating Cisco Unified Personal

Communicator
Before you configure Cisco Unified Personal Communicator, ensure that you have done the following:
Note
Configured the Cisco Unified Communications Manager server for integration with Cisco Unified
Presence
Configured the Cisco Unified Presence server
Configured the licensing details for Cisco Unified Personal Communicator
Assigned all of your Cisco Unified Personal Communicator users to Cisco Unified Presence nodes
in the system topology
(Recommended) Configured the LDAP server
(Optional) Configured the Cisco Unity and Cisco Unified MeetingPlace or Cisco WebEx on Cisco
Unified Presence so that Cisco Unified Personal Communicator can use visual voicemail and
meeting features.
Before you deploy Cisco Unified Personal Communicator Release 8.x to the computers of your users,
ensure that there are no other applications installed on the computers of your users that depend on
Cisco Unified Client Services Framework. For a list of these applications, see the Release Notes for
Cisco Unified Personal Communicator at:
Related Topics
Configuring Cisco Unified Communications Manager for Integration with Cisco Unified Presence,
page 3-1
Configuring a Cisco Unified Presence Server for Deployment in the Network, page 6-1
12-7
Chapter 12

For information about how to assign user capabilities, see the Installation Guide for Cisco Unified
Configuring Firewalls to Pass Cisco Unified Personal

Communicator Traffic
Internet traffic moves through a firewall based on service identification numbers that are known as ports.
Certain ports must be open for Cisco Unified Personal Communicator to work. Network administrators
typically open a minimal number of network ports, allowing the traffic for approved applications to enter
and leave the network while blocking other network traffic.
Before You Begin
Read information about the network ports used by Cisco Unified Personal Communicator in the Release
Notes for Cisco Unified Personal Communicator.
Procedure
Step 1
Identify whether users have a software firewall installed on their computers, or if there is a hardware
firewall in the network between Cisco Unified Presence and Cisco Unified Personal Communicator.
Step 2
Configure the firewall to pass Cisco Unified Personal Communicator traffic.

Failure to perform this step results in missing, incorrect, or intermittent display of availability status in
Cisco Unified Personal Communicator.
Related Topic
Release Notes for Cisco Unified Personal Communicator:

Verifying That the Cisco UP XCP Router Service Is Running

Procedure
Step 1
Select Tools > Control Center - Network Services in Cisco Unified Serviceability in Cisco Unified
Presence.
Step 2
Select the server from the Server list box.
Step 3
Select Go.
Step 4
Locate the Cisco UP XCP Router service in the Cisco Unified Presence Services section.
Step 5
Verify that the Status column reads Running.
12-8
Chapter 12

(Cisco Unified Personal Communicator Release 8.x) About Configuring XCP Services for Cisco Unified Personal
Related Topic
(Cisco Unified Personal Communicator Release 8.x) About

Configuring XCP Services for Cisco Unified Personal
Communicator
(Cisco Unified Personal Communicator Release 8.x) Required XCP Services, page 12-9
(Cisco Unified Personal Communicator Release 8.x) Optional XCP Services, page 12-9
(Cisco Unified Personal Communicator Release 8.x) Required XCP Services

You must ensure that the following Cisco Unified Presence XCP services are running on all Cisco
Unified Presence nodes in all clusters:
Cisco UP XCP Authentication Service
Cisco UP XCP Connection Manager
(Cisco Unified Personal Communicator Release 8.x) Optional XCP Services

Depending on what features you want to make available, ensure that the following Cisco Unified
Presence XCP services are running on all Cisco Unified Presence nodes in all clusters:
Note
Cisco UP XCP Text Conference Manager, for group chat and persistent chat rooms. If you have a
mixture of Cisco Unified Personal Communicator Release 8.x and Cisco Unified Personal
Communicator Release 7.x users, then the Cisco UP XCP Text Conference Manager service must
be running for them to communicate with one another.
Cisco UP XCP Web Connection Manager, to manage connections for web-based client applications,
that connect to Cisco Unified Presence using HTTP.
Cisco UP XCP SIP Federation Connection Manager, to support federation services with third-party
applications that use SIP.
Cisco UP XCP XMPP Federation Connection Manager, to support federation services with
third-party applications that use XMPP.
Cisco UP XCP Counter Aggregator, if you want system administrators to be able to view statistical
data on XMPP components.
Cisco UP XCP Message Archiver, for automatic archiving of all instant messages.
Cisco UP XCP Directory Service, if you want to enable third-party XMPP client applications to do
LDAP searches.
Read the documentation relating to any feature that you are implementing before you turn on the relevant
services. Additional configuration might be required.
12-9
Chapter 12
How to Configure Chat
Related Topics
How to Configure Chat
(Cisco Unified Personal Communicator Release 8.x) Configuring Persistent Chat Rooms,
page 12-10
(Cisco Unified Personal Communicator Release 8.5) Disabling Chat, page 12-11
(Cisco Unified Personal Communicator Release 8.5) Configuring Chat History, page 12-11
Configuring the Service Parameters for the IM Gateway

Users of SIP IM clients must be able to exchange bi-directional IMs with users of XMPP IM clients.
Turn on the SIP-to-XMPP connection on the Cisco Unified Presence IM Gateway for IM interoperability
between SIP and XMPP clients.
You must also ensure that the Cisco UP XCP SIP Federation Connection Manager service is running.
Related Topics
How To Configure the Authorization Policy on Cisco Unified Presence, page 6-39
(Cisco Unified Personal Communicator Release 8.x) Configuring Persistent

Chat Rooms
To configure persistent chat rooms, you must first configure persistent chat servers. To configure
persistent chat servers, you must set up a PostgreSQL database. For more information about how to
configure an external database in Cisco Unified Presence see the Database Setup Guide for Cisco
Unified Presence at the following URL:
http://www.cisco.com/en/US/products/ps6837/products_installation_and_configuration_guides_list.ht
ml
You must also ensure that the Cisco UP XCP Text Conference Manager service is running.
When a Cisco Unified Personal Communicator user joins a persistent chat room, Cisco Unified Presence
sends instant message history information to the Cisco Unified Personal Communicator user. The
number of messages in instant message history that Cisco Unified Presence sends is specified in the
Number of messages that display per room option, which you specify when you configure conferencing
and persistent chat. If the Archive all room messages option is enabled for persistent chat, Cisco Unified
Personal Communicator queries Cisco Unified Presence for additional history, and the number of
messages displayed by Cisco Unified Personal Communicator might exceed the value in the Number of
messages to display per room setting on the Cisco Unified Presence server.
12-10
Chapter 12

About Configuring Cisco Unified Personal Communicator on Cisco Unified Communications Manager
Related Topics
(Cisco Unified Personal Communicator Release 8.5) Disabling Chat

You can configure Cisco Unified Presence to disable the chat feature on Cisco Unified Personal
Communicator. For information about how to disable chat, see Turning On or Off Instant Messaging for
a Cisco Unified Presence Cluster, page 6-51.
Related Topic
(Cisco Unified Personal Communicator Release 8.5) Configuring Chat History

You can configure Cisco Unified Presence to prevent Cisco Unified Personal Communicator from
keeping a log of the chat history on the client computer. The ability to prevent the chat history is
introduced in Cisco Unified Personal Communicator Release 8.5 and is not configurable on earlier
versions of Cisco Unified Personal Communicator or Cisco Unified Personal Communicator. For
information about how to configure the chat history on Cisco Unified Presence, see Allowing Clients to
Log Instant Message History, page 6-53.
Related Topic
Allowing Clients to Log Instant Message History, page 6-53

Application Dialing and Directory Lookup Rules, page 12-11
Transformation of Dialed Numbers by Cisco Unified Personal Communicator, page 12-12
Cisco Unified Client Services Framework Device Type, page 12-13
Extension Mobility Configuration, page 12-13
(Cisco Unified Personal Communicator Release 8.x) Guidelines for Configuring the Softphone
(Cisco Unified Personal Communicator Release 7.1) Guidelines for Configuring the Softphone
Application Dialing and Directory Lookup Rules

Based on the dial plan for your company and the information stored in the LDAP directory (telephone
number for the user), you might need to define application dialing rules and directory lookup rules on
Cisco Unified Communications Manager. Cisco Unified Presence then queries Cisco Unified
Communications Manager to obtain these dialing rules for the Cisco Unified Personal Communicator.
12-11
Chapter 12 Configuring Basic Features for Cisco Unified Personal Communicator

These rules define how Cisco Unified Personal Communicator can reformat the inbound call ID to be
used as a directory lookup key and how to transform a phone number retrieved from the LDAP directory
for outbound dialing.
When you are configuring application dial rules, note the following:
Cisco Unified Communications Manager Release 7.1 supports application dial rules that contain the
plus character in dialed numbers.
Cisco Unified Personal Communicator Release 7.1 does not remove the plus character from dialed
numbers.
Releases of Cisco Unified Personal Communicator earlier than Release 7.1 do remove the plus
character from dialed numbers.
Table 12-1 defines the application dialing rules and directory lookup rules, and provides examples and
the menu path for each.
Table 12-1
Dialing rule definitions
Rule
Definition
Configuration Example
Menu path
Application dial
rules
Application dial rules automatically

strip numbers from, or add numbers
to, phone numbers that the user
dials. Application dialing rules are
used to manipulate numbers that are
dialed from Cisco Unified Personal
Communicator.
You can configure a dialing rule in

Cisco Unified
Administration that automatically
adds the digit 9 at the start of a
7-digit phone number to provide
access to an outside line.
Call Routing > Dial

Rules > Application
Dial Rules
Directory lookup
rules
Directory lookup rules transform

caller identification numbers into
numbers that can be looked up in the
directory from Cisco Unified
Personal Communicator. Each rule
specifies which numbers to
transform based on the initial digits
and the length of the number.
Call Routing > Dial

You can create a directory lookup
Rules > Directory
rule in Cisco Unified
Lookup Dial Rules
Administration that automatically
removes the area code and two prefix
digits from a 10-digit telephone.
This rule transforms 4089023139
into 23139.
Related Topic
Transformation of Dialed Numbers by Cisco Unified Personal Communicator, page 12-12
Transformation of Dialed Numbers by Cisco Unified Personal Communicator

Before Cisco Unified Personal Communicator places a call through contact information, the application
removes everything from the phone number to be dialed, except for letters and digits. The application
transforms the letters to digits and applies the dialing rules from Cisco Unified Presence. The
letter-to-digit mapping is locale-specific and corresponds to the letters found on a standard telephone
keypad for that locale. For example, for an US English locale, 1-800-GOTMILK transforms to
18004686455.
Users cannot view or modify transformed numbers before Cisco Unified Personal Communicator places
the numbers. If there is a problem with the dialed number because of incorrect conversions, you must
correct the dialing rules.
12-12
Chapter 12

Related Topics
Application Dialing and Directory Lookup Rules, page 12-11
For detailed conceptual and task-based information about dialing rules, see the Cisco Unified
Communications Manager Administration Guide:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/prod_maintenance_guides_list.html
Cisco Unified Client Services Framework Device Type

Cisco Unified Personal Communicator requires a new Cisco Unified Communications Manager device
type called Cisco Unified Client Services Framework. Depending on which release of Cisco Unified
Communications Manager is installed in your Cisco Unified Communications system, you might need
to patch Cisco Unified Communications Manager with a Cisco Options Package (COP) file.
You must run the COP file if your Cisco Unified Communications Manager does not have the
Cisco Unified Client Services Framework device type. You run the COP file on the Cisco Unified
Communications Manager publisher server. After you apply the COP file, you must restart the
Cisco Unified Communications Manager publisher server, and all other servers.
For information about which releases of Cisco Unified Communications Manager require you to run the
COP file to install the Cisco Unified Client Services Framework device type, see the Release Notes for
Cisco Unified Personal Communicator at the following URL:
Extension Mobility Configuration

The Extension Mobility feature dynamically configures a phone according to the user that is currently
logged into the phone. When a user logs in to the phone, the phone adopts the default device profile
information for that user, including line numbers, speed dials, services links, and other user-specific
phone properties.
By using Extension Mobility, a Cisco Unified Personal Communicator user can associate the application
with one or more desk phones that have the same directory number on the primary line as the default
desk phone of the user on Cisco Unified Communications Manager.
You can configure Extension Mobility on Cisco Unified Communications Manager Administration by
selecting Device > Phone menu, and accessing the Directory Number configuration window.
When you configure Extension Mobility, note the following:
When you create the device user profile (Device > Device Settings > Device Profile), enable CTI
control, and ensure that the line is controllable by CTI.
When you add the Cisco Unified IP Phone to Cisco Unified Communications Manager (Device >
Phone), make sure that is controllable by CTI.
Related Topics
Cisco Unified Communications Manager Features and Services Guide
12-13

(Cisco Unified Personal Communicator Release 8.x) Guidelines for Configuring

the Softphone Device Name
When you create a softphone device for each Cisco Unified Personal Communicator Release 8.0 user,
you select the Cisco Unified Client Services Framework device type.
You must also specify a device name. Ensure that the device name conforms to these guidelines:
Can contain uppercase and lowercase letters, and numerals.
Contains no more than 15 characters.
No correlation to the username is required, but for convenience you might choose to include a username
in the device name. For example, you might use the device name CSFabaker.
(Cisco Unified Personal Communicator Release 7.1) Guidelines for Configuring

the Softphone Device Name
When you create a softphone device for each Cisco Unified Personal Communicator user, you must
specify a device name. Make sure that the device name conforms to these guidelines:
Derives from the username.
Starts with UPC.
Contains only uppercase letters, or numerals.
Contains no more than 12 additional characters after UPC.
Table 12-2 provides some example device names.

Table 12-2
Username Conversion for Cisco Unified Personal Communicator Softphone Device

Username
Associated Softphone Device Name
jjackson
UPCJJACKSON
johnnie_jackson
UPCJOHNNIEJACKS
johnniejackson
UPCJOHNNIEJACKS
john.jackson
UPCJOHNJACKSON
You must create username that do not collide when converted, for example, the usernames
johnnie_jackson and johnniejackson convert to the same softphone device name and therefore are said
to collide.
Caution
If Cisco Unified Personal Communicator is unable to derive its softphone device name, it cannot
properly register and cannot function as expected. You might have to reconfigure a user to use a name
other than their normal username to avoid this problem.
Related Topic
12-14
Chapter 12

How to Configure Cisco Unified Personal Communicator on Cisco Unified Communications Manager
How to Configure Cisco Unified Personal Communicator on

Associating Users with Softphone Devices, page 12-17
Adding Users to User Groups, page 12-18
Associating a New Device with a User, page 12-18
Creating a Softphone Device for Each Cisco Unified Personal Communicator

User
To enable Cisco Unified Personal Communicator softphone features, you must create a new softphone
device for each user. This topic describes how to create a softphone device for one user. To create
softphone devices for many users, you can use the Bulk Administration Tool (BAT).
BAT performs bulk updates to the Cisco Unified Communications Manager database. For more
information about BAT, see the Cisco Unified Communications Manager Bulk Administration Guide at
the following URL:
Before You Begin
Read the Cisco Unified Personal Communicator licensing requirements module, including the
information about adjunct licensing.
Read the guidelines on configuring the device name.
Restrictions
The auto-registration features in Cisco Unified Communications Manager are not supported with
Procedure
Step 1
Step 2
Select Add New.
Step 3
(Cisco Unified Personal Communicator Release 8.x) Select Cisco Unified Client Services Framework
from the Phone Type menu.
(Cisco Unified Personal Communicator Release 7.1) Select Cisco Unified Personal Communicator
from the Phone Type menu.
Step 4
Select Next.
Step 5
Configure the following information:

a.
Specify the softphone device name in the Device Name field.
b.
Enter a descriptive name for the phone in the Description field. For example, enter
Richardsoftphone.
12-15

c.
(Cisco Unified Personal Communicator Release 8.x) Select Default from the Device Pool list.
d.
(Cisco Unified Personal Communicator Release 8.x) Select Standard Client Services Framework
from the Phone Button Template list.
e.
Configure all the required fields for your environment.
f.
Select the user ID from Owner User ID menu.
g.
Select the device name of the Cisco Unified IP Phone to associate with Cisco Unified Personal
Communicator from Primary Phone.
h.
(Cisco Unified Personal Communicator Release 8.x) Check Allow Control of Device from CTI to
enable CTI to control and monitor this device.
(Cisco Unified Personal Communicator Release 7.1) Uncheck Allow Control of Device from CTI.
i.
Enter information in the Protocol Specific Information section, as follows:
Field
Setting
Presence Group
Select Standard Presence Group.
Device Security
Profile
(Cisco Unified Personal Communicator Release 8.0) Select Cisco Unified

Client Services Framework - Standard SIP Non-Secure Profile.
(Cisco Unified Personal Communicator Release 7.1) Select Cisco Unified
Personal Communicator - Standard SIP Non-Secure Profile.
SIP Profile
Select Standard SIP Profile to specify the default SIP profile. SIP profiles
provide specific SIP information for the phone such as registration and
keep-alive timers, media ports, and Do Not Disturb control.
Digest User
Select the user ID. This is the same user ID as the one you selected for Owner
User ID.
Step 6
Select Save.
Step 7
Select the Add a New DN link in the Association Information section that displays on the left side of
the window.
Step 8
Configure the following information:

a.
Enter the directory number and route partition for the Cisco Unified Personal Communicator.
b.
Enter the caller ID in Display (Internal Caller ID), in the Line 1 on Device Device-Name section.
c.
In the Multiple Call/Call Waiting section, specify the maximum number of calls that can be
presented to Cisco Unified Personal Communicator in the Maximum Number of Calls field.
d.
In the Multiple Call/Call Waiting section, specify the trigger after which an incoming call receives
a busy signal in the Busy Trigger field.
Note
Step 9
The Busy Trigger setting works with the Maximum Number of Calls setting. For example, if the
maximum number of calls is set to six and the busy trigger is set to six, the seventh incoming
call receives a busy signal.
Select Save.
Make sure that the status shown at the top of the window indicates a successful save and that the resulting
status is Ready.
12-16
Chapter 12

The directory number that is configured for Cisco Unified Personal Communicator and the
Cisco Unified IP Phone must be identical. A directory number is configured with a partition, and
you assign a directory number to Cisco Unified Personal Communicator and the
Cisco Unified IP Phone. This configuration causes the Cisco Unified Personal Communicator to
share the line with the Cisco Unified IP Phone for this user.
Cisco Unified Communications Manager reminds you that changes to line or directory number
settings require a restart. However, a restart is required only when you edit lines on
Cisco Unified IP Phones that are running at the time of the modifications.
From Cisco Unified Communications Manager Release 6.x, make sure that an association exists
between the user and the line that is configured for that user so that the correct availability status in
Cisco Unified Personal Communicator is displayed. Select Device > Phone, and view the
association information for the device. Make sure that the user is associated with the line on the
Directory Number configuration window. Make sure that you associate the line and user for all the
phones used by the user for that directory number.
Related Topics
(Cisco Unified Personal Communicator Release 7.1) Guidelines for Configuring the Softphone
Extension Mobility Configuration, page 12-13

What To Do Next
Associating Users with Softphone Devices, page 12-17
Associating Users with Softphone Devices

You must ensure that user IDs are the same between LDAP and Cisco Unified
Communications Manager. This is easier to accomplish if you have LDAP synchronization enabled in
Procedure
Step 1
Select Cisco Unified Communications Manager Administration > System > LDAP > LDAP
Directory.
Step 2
Search for the LDAP directory in the Find and List LDAP Directories window.
Step 3
Select the LDAP configuration name for the LDAP directory.
Step 4
Select Perform Full Sync Now.
Step 5
Step 6
Search for the device for the user in the Find and List Phones window.
Step 7
Select the name of the device.
Step 8
Select the directory number for the device in the Association Information section that displays on the
left side of the window.
12-17

Step 9
Select Associate End Users at the bottom of the window.
Step 10
Search for the user in the Find and List Users window.
Step 11
Select the user, then select Add Selected.
Step 12
Select Save on the Directory Number Configuration window.
What To Do Next
Adding Users to User Groups, page 12-18
Adding Users to User Groups

Procedure
Step 1
Select Cisco Unified Communications Manager Administration > User Management > End User.
Step 2
Step 3
Select the user.
Step 4
Select Add to User Group in the Permissions Information section.
Step 5
Use the Find and List User Groups window to find and select the following user groups:
Standard CCM End Users
Standard CTI Enabled
If the phone of the user is a Cisco Unified IP Phone 9900 or 8900 series model, select the following user
group also:
Standard CTI Allow Control of Phones supporting Connected Xfer and conf user group
If the phone of the user is a Cisco Unified IP Phone 6900 series model, select the following user group
also:
Standard CTI Allow Control of Phones supporting Rollover Mode
Step 6
Select Add Selected.
Step 7
Select Save on the End User Configuration window.
What To Do Next
Associating a New Device with a User, page 12-18
Associating a New Device with a User

Procedure
Step 1
Select Cisco Unified Communications Manager Administration > User Management > End User.
Step 2
Step 3
Select the user.
12-18
Chapter 12

Step 4
Select Device Association in the Device Information section.
Step 5
Search for the device in the User Device Association window.
Step 6
Select the device.
Step 7
Select Save Selected/Changes.
Step 8
Select Back to User from the menu in the Related Links navigation box at the top right of the window.
Step 9
Select Go.
Step 10
Verify that the device is listed in the Device Information section on the End User Configuration window.
What To Do Next
Resetting a Device
Step 1
Step 2
Search for the device for the user in the Find and List Phones window.
Step 3
Select the name of the device.
Step 4
Select the directory number for the device in the Association Information section that displays on the
left side of the window.
Step 5
Select Reset on the Directory Number Configuration window.
Specifying Which Softphone Device to Use for a User with Multiple Associated
Softphone Devices
If Cisco Unified Personal Communicator user has more than one associated softphone device in
Cisco Unified Communications Manager, you can specify which device to use on startup by excluding
all other devices. To do this, you must set the value of the following registry key value to be a
comma-separated list of device names, as follows:
Registry Key
Sample Value
ExcludedDevices
csfjohndoe,csfjanedoe
The registry key is located in HKEY_CURRENT_USER\Software\Cisco Systems, Inc.\Client Services

Framework\AdminData.
12-19

About Configuring Cisco Unified Personal Communicator on Cisco Unified Presence

TFTP Server Connection, page 12-20
High Availability, page 12-21
TFTP Server Connection

Cisco Unified Personal Communicator connects to the primary Trivial File Transfer Protocol (TFTP)
server (whose address is retrieved from Cisco Unified Presence) at startup. When the connection is
established, Cisco Unified Personal Communicator downloads the <softphone-device-name>.cnf.xml
configuration file from Cisco Unified Communications Manager for each user.
The configuration file contains the list of Cisco Unified Communications Manager primary and failover
server addresses and the transport protocol for Cisco Unified Personal Communicator to use in
softphone mode to connect to Cisco Unified Communications Manager.
After Cisco Unified Personal Communicator downloads the file successfully, the configuration
information is made available to other Cisco Unified Personal Communicator subsystems, and
Cisco Unified Personal Communicator disconnects from the TFTP server.
Each time Cisco Unified Personal Communicator tries to download the configuration file, the
application attempts to contact the primary TFTP server. If the primary TFTP server does not respond,
Cisco Unified Personal Communicator fails over to the backup TFTP servers, if any exist. Cisco Unified
Personal Communicator fails over to the backup TFTP servers in the order specified in Cisco Unified
If all TFTP server connections fail, Cisco Unified Personal Communicator tries to load the last valid
downloaded configuration from the following locations:
Release 8.x
Windows XP
drive:\Documents and
drive:\Documents and
Settings\username\Application
Settings\username\Local
Settings\Application Data\Cisco\Unified Data\Cisco\Unified Personal
Communicator
Communications\Client Services
Framework\Config
Windows Vista
Release 7.1
drive:\Users\username\AppData\Local\
Cisco\Unified Personal Communicator
For Mac OS: ~/Library/Caches/com.cisco.AriesX/<username>/Phone/
If the loading of the local file is successful, Cisco Unified Personal Communicator updates the Server
Health window with a warning notification (yellow indicator). If the file transfer fails and the file does
not exist, Cisco Unified Personal Communicator updates the Server Health window with a failure
notification and switches to Disabled mode.
The following Cisco Unified Communications Manager failover restrictions apply to Cisco Unified
Personal Communicator:
Auto-registration is not supported.
12-20
Chapter 12

How to Configure Cisco Unified Personal Communicator on Cisco Unified Presence
Cisco Unified Personal Communicator fails over to a configured TFTP server when it tries to
download the configuration file. The application also tries to download the file from the backup
TFTP servers.
AutoUpdate and upgrades through TFTP are not supported for Cisco Unified Personal
Communicator software.
Related Topic
Configuring the Proxy Listener and TFTP Addresses, page 12-21
High Availability
High availability in a subcluster means that if a node in the subcluster fails, the Instant Message and
Availability services from that node can fail over to the second node in the subcluster. High Availability
is supported for the following releases of Cisco Unified Personal Communicator:
Cisco Unified Personal Communicator Release 7.x with Cisco Unified Presence Release 7.x
Cisco Unified Personal Communicator Release 8.5 with Cisco Unified Presence Release 8.5
Cisco Unified Personal Communicator Release 8.6 with Cisco Unified Presence Release 8.6
To configure high availability for Cisco Unified Personal Communicator clients, you configure high
availability on the Cisco Unified Presence server. For more information, refer to How To Configure High
Availability Cisco Unified Presence Deployments, page 6-21.
The impact of failover on Cisco Unified Personal Communicator is described in Impact of Failover to
Cisco Unified Presence Clients and Services, page 6-12.
How to Configure Cisco Unified Personal Communicator on

Configuring the Proxy Listener and TFTP Addresses, page 12-21 (required)
(Cisco Unified Personal Communicator Release 8.x) Configuring Settings, page 12-22
(Cisco Unified Personal Communicator Release 7.1) Configuring the Service Parameters,
page 12-24 (required)
(Cisco Unified Personal Communicator Release 7.1) Configuring a Secure Connection Between
Cisco Unified Presence and Cisco Unified Personal Communicator, page 12-25
Configuring the Proxy Listener and TFTP Addresses

Before You Begin
Read the TFTP server connection topic.
Obtain the hostnames or IP addresses of the TFTP servers.
Restriction
We recommend that Cisco Unified Personal Communicator use TCP to communicate with the proxy
server. If you use UDP to communicate with the proxy server, availability information for contacts in the
Cisco Unified Personal Communicator contact list might not be available for large contact lists.
12-21

Procedure
Step 1
Select Cisco Unified Presence Administration > Application > Cisco Jabber > Settings.
Step 2
Select the Proxy Listener Default Cisco SIP Proxy TCP Listener.
Step 3
Assign the primary (required) and backup (optional) TFTP server addresses in the fields provided. You
can enter an IP address or an FQDN (Fully Qualified Domain Name).
Step 4
Select Save.
Troubleshooting Tip
You can see the TFTP server addresses in the Server Health window in Cisco Unified Personal
Communicator (Help > Show Server Health on Windows operating system and Help > Show System
Diagnostics on Mac OS).
Related Topic
TFTP Server Connection, page 12-20

What To Do Next
(Cisco Unified Personal Communicator Release 7.1) Configuring the Service Parameters, page 12-24
(Cisco Unified Personal Communicator Release 8.x) Configuring Settings

Procedure
Step 1
Step 2
Enter information into the fields:
12-22
Chapter 12

Field
Setting
CSF certificate directory

(relative to CSF install
directory)
This field applies only if the Client Services Framework (CSF)

requires you to import security certificates to authenticate with
LDAP, web conferencing, and CCMCIP. For most deployments, you
do not need to import security certificates. You only need to import
security certificates for CSF to trust in the following scenarios:
You use a signed certificate for Cisco Unified

Communications Manager Tomcat instead of the default
self-signed certificate.
You want CSF to connect to the LDAP server via LDAPS.
You use a signed certificate for Cisco Unity Connection Tomcat

instead of the default self-signed certificate.
If you must specify a value, specify the directory that contains the
security certificates as an absolute path. For example, C:\CSFcerts.
If you use a relative path, the path is relative to the CSF installation
directory C:\Program Files\Common Files\Cisco Systems\Client
Services Framework. If you do not specify a directory, CSF looks
for the certificates in the following directory and trusts any
certificates in that location:
Windows XP:
drive:\Documents and Settings\username\Local
Settings\Application Data\Cisco\Unified Communications\Client
Services Framework\certificates
Windows Vista/Windows 7:
drive:\Users\username\AppData\Local\Cisco\Unified
Communications\Client Services Framework\certificates
Default Setting: Not set
Credentials source for voicemail If user credentials for the voicemail service are shared with another
service
service, select the appropriate service from this list box. The user
credentials automatically synchronize from the service that you
select.
Troubleshooting Tip
If this value is set to Not set, users must use their client preference
settings to manually select a source for voicemail service
credentials.
Credentials source for web
conferencing service
If user credentials for the meeting service are shared with another
service, select the appropriate service from this list box. The user
credentials automatically synchronize from the service that you
select.
Troubleshooting Tip
If this value is set to Not set, users must use their client preference
settings to manually select a source for meeting service credentials.
12-23

Field
Setting
Maximum message size
Enter the allowed size limit for instant messages, in bytes.
Allow cut & paste in instant

messages
Check this check box to allow users to cut and paste in their instant
messages (IMs).
Most deployments have this option turned on. If you turn off this
option, the Cisco Unified Presence server flags and passes the
setting to the Cisco Unified Personal Communicator client, where
the behavior is enforced.
Default Setting: On
Always begin calls with video

turned off
Check this check box if you want all video calls to start without
sending video from the camera. Instead, an icon is displayed that
indicates that video is not being sent from the camera. If users want
to send video from their camera, they must explicitly select to send
video from the camera.
This setting overrides the Start video calls with my video signal
muted setting that users can select in the Cisco Unified Personal
Communicator options.
If you turn this option off, video calls start according to the
Cisco Unified Personal Communicator options.
Default Setting: Off
Step 3
Select Save.
Related Topics
How to Integrate the LDAP Directory with Cisco Unified Personal Communicator, page 15-6
(Cisco Unified Personal Communicator Release 8.0) How to Integrate the LDAP Directory for
Contact Searches on XMPP Clients, page 15-13
(Cisco Unified Personal Communicator Release 7.1) Configuring the Service

Parameters
You need to configure all the availability-related notifications sent between Cisco Unified
Personal Communicator and Cisco Unified Presence use TCP.
Procedure
Step 1
Step 2
Step 3
Select Cisco UP SIP Proxy as the service on the Service Parameter Configuration window.
Step 4
Set Use Transport in Record-Route Header to On in the SIP Parameters (Clusterwide) section.
This forces the Proxy to use the transport parameter in the record-route header.
12-24
Chapter 12

Step 5
Select Save.
Related Topic
Configuring the Proxy Listener and TFTP Addresses, page 12-21

What To Do Next
(Cisco Unified Personal Communicator Release 7.1) Configuring a Secure Connection Between Cisco
Unified Presence and Cisco Unified Personal Communicator, page 12-25
(Cisco Unified Personal Communicator Release 7.1) Configuring a Secure

Connection Between Cisco Unified Presence and Cisco Unified
If you want to exchange a CA-signed certificate between Cisco Unified Presence and Cisco Unified
Personal Communicator, you must generate a Certificate Signing Request (CSR) and import a tomcat
certificate for Cisco Unified Presence. Refer to the steps below for a high level overview of this process.
Cisco Unified Personal Communicator uses the certificate called tomcat. The trust chain for this
certificate is called tomcat-trust. Note that there can only be one tomcat certificate, but there can be more
than one tomcat-trust.
Procedure
Step 1
Select Cisco Unified OS Administration > Security > Certificate Management.
Step 2
Select Find to list all certificates.
Step 3
Select the tomcat certificate.
Step 4
Select Generate CSR.
Step 5
Send your CSR to your Certificate Authority (CA).
Step 6
Upload the signing chain of the certificate one at a time as "tomcat-trust" on Cisco Unified Presence.
You will need to do this before you upload the signed certificate that you receive from your CA. If you
receive a Geotrust (Equifax) or Verisign certificate, you just need to upload the appropriate root
certificate.
Step 7
When the CA returns your signed certificate, select Cisco Unified OS Administration > Security >
Certificate Management > Upload Certificate to upload the signed certificate to Cisco Unified
Presence.
Step 8
Upload the signed certificate as tomcat. Make sure to save this certificate file. List the name of your
signing certificate as the Root Certificate.
Step 9
Restart the Tomcat service from the CLI using this command:
utils service restart Cisco Tomcat
The new certificate is not valid until you restart the Tomcat service .
12-25

About Configuring CTI Gateway Settings for Desk Phone Control on Cisco Unified Presence
When you generate the CSR, we recommend that you backup your system using the Disaster
Recovery System on Cisco Unified Presence. If you do not backup your system, and you regenerate
the tomcat certificate, you will invalidate your signing chain and you will no longer be able to use
your signed certificate.
If you have an internal CA, in a signing chain, there will be at least a trusted root certificate. The
trusted root certificate may sign an intermediate certificate, or may sign your certificate directly. If
there is an intermediate certificate, then it will sign your certificate. The root and the intermediate
certificate make up the "signing chain". You need to upload each of the certificates in the chain to
Cisco Unified Presence. In each case, upload the certificate as "tomcat-trust".
Do not attempt to upload a PKCS#7 (concatenated certificate chain), sometimes called a p7b.
You should only upload public keys. Do not upload a PKCS#12.
Related Topic
Disaster Recovery System Administration Guide for Cisco Unified Presence

What To Do Next
About Configuring CTI Gateway Settings for Desk Phone Control on Cisco Unified Presence,
page 12-26
About Configuring CTI Gateway Settings for Desk Phone Control

Note
The procedures in this topic are only applicable if you are configuring Cisco Unified Personal
Communicator for desk phone control.
Desk Phone Control and the CTI Connection Failures, page 12-26
(Cisco Unified Personal Communicator Release 7.x) Desk Phone Control and LDAP
TelephoneNumber Field, page 12-27
Desk Phone Control and the CTI Connection Failures

The CTI gateway provides desk phone control (phone-association mode) to Cisco Unified Personal
Communicator users. You must specify CTI gateway server names, addresses, ports, and protocol types
on Cisco Unified Presence so that the information required to reach the CTI gateway server can be
downloaded when the user logs in to Cisco Unified Personal Communicator.
If the CTI connection to Cisco Unified Communications Manager is lost while Cisco Unified Personal
Communicator is operating in desk phone mode, the application tries to reestablish the connection to the
primary and then to the backup servers. Connection attempts continue on a round-robin basis, beginning
again with the primary server. Successive attempts to reconnect to a server occur at intervals of 4, 8, 16,
32, and 60 seconds (maximum) until a connection is re-established.
12-26
Chapter 12

About Configuring CTI Gateway Settings for Desk Phone Control on Cisco Unified Presence
Table 12-3
CTI Connection Status and Expected Recovery Behavior
Scenario
CTI connection fails
and no calls are
present
CTI connection fails

with one or more calls
present
Expected Recovery Behavior
Cisco Unified Personal Communicator attempts to reconnect to the next

available CTI server.
Until a connection is established, the Cisco Unified Personal

Communicator user cannot initiate any new calls through the application.
No new incoming call notifications are provided through the application.
The user has manual control of the desk phone for making and receiving
calls.
When Cisco Unified Personal Communicator reconnects to one of the CTI

servers, Cisco Unified Personal Communicator users again have the
ability to control and monitor new calls through the application.
Cisco Unified Personal Communicator attempts to reconnect to the next

available CTI server.
Existing calls are unaffected, but the user no longer has control through
Cisco Unified Personal Communicator and does not receive any updates
or changes in the call state. Any existing Cisco Unified Personal
Communicator session window closes.
The user has manual control of the physical phone for making and
receiving calls.
When Cisco Unified Personal Communicator reconnects to one of the CTI

servers, it opens a new session window for each call and shows the current
state.
Cisco Unified Personal Communicator remains connected to the current

server (whether primary or backup) until the user relaunches
Cisco Unified Personal Communicator or when a connection failure
causes it to reconnect.
Related Topics
Configuring CTI Gateway Server Names and Addresses, page 12-28
Creating CTI Gateway Profiles, page 12-29
(Cisco Unified Personal Communicator Release 7.x) Desk Phone Control and
LDAP TelephoneNumber Field
You may need to index the telephoneNumber field on the LDAP server for desk phone control to work.
There are two possible scenarios that this applies to:
Desk phone control is not working, and the server health on Cisco Unified Personal Communicator
displays the status "Not Connected - Stopped".
The contact search on Cisco Unified Personal Communicator does not return the full results.
12-27

These issues could occur when you have a large Cisco Unified Personal Communicator user base, and
the LDAP server is slow to respond to queries from Cisco Unified Presence. To fix the issue, index the
telephoneNumber field on the LDAP server. Alternatively, if you use Windows Active Directory, change
the Global Catalog port to 3268 (instead of using the standard LDAP port 389).
How to Configure CTI Gateway Settings for Desk Phone Control

Configuring CTI Gateway Server Names and Addresses

You do not need to perform this procedure if you previously configured Cisco Unified
Communications Manager with an IP address through the Cisco Unified Communications Manager
Administration > System > Server menu. Cisco Unified Presence dynamically creates a TCP-based
CTI gateway host profile for that address, and automatically populates the CTI gateway fields on Cisco
Unified Presence.
Before You Begin
Make sure that you have completed this configuration on Cisco Unified Communications Manager:
Configured the phone devices for CTI device control.
Added the Cisco Unified Personal Communicator users to a CTI-enabled user group.
Obtained the hostnames or IP addresses of the CTI gateway.
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > Cisco Jabber > CTI Gateway Server.
Step 2
Select Add New.
Step 3
Enter information into the fields.
Step 4
Field
Setting
Name
Enter the server name.
Description
(Optional) Enter a server description.
Hostname/IP Address
Enter an IP address or the FQDN (Fully Qualified Domain Name) of

Cisco Unified Communications Manager that is running the CTI service.
Port
Enter 2748.
Select Save.
12-28
Chapter 12

Troubleshooting Tip
You can see the CTI gateway information in the Server Health window in Cisco Unified Personal
Communicator (Help > Show Server Health on Windows operating system and Help > Show System
Diagnostics on Mac OS).
Related Topics
What To Do Next
Creating CTI Gateway Profiles

You must create CTI gateway profiles in Cisco Unified Presence Administration and assign primary and
backup servers for redundancy.
Before You Begin
You must create the CTI gateway profile before you can add Cisco Unified Personal Communicator
licensed users to the application profile.
You must first specify CTI gateway server names and addresses in Application > Cisco Jabber >
CTI Gateway Server before you can select the servers as primary or backup servers in this
procedure.
Cisco Unified Presence dynamically creates a TCP-based CTI gateway profile based on the
hostname of Cisco Unified Communications Manager. Before using this profile, verify that Cisco
Unified Presence and Cisco Unified Personal Communicator clients can ping Cisco Unified
Communications Manager by the DNS name. If they cannot contact the server, you need to add the
IP address of Cisco Unified Communications Manager in Cisco Unified Presence Administration
(Application > Cisco Jabber > CTI Gateway Server). You do not need to delete the host profiles
that are created automatically.
If you previously configured Cisco Unified Communications Manager with an IP address through
the Cisco Unified Communications Manager Administration > System > Server menu, Cisco
Unified Presence dynamically creates a TCP-based CTI gateway profile based on that address. The
fields in Cisco Unified Presence Administration (Application > Cisco Jabber > CTI Gateway
Profile) are automatically populated, and you need only add users to the default CTI TCP profile
that is created (see Step 3).
Procedure
Step 1
Select Application > Cisco Jabber > CTI Gateway Profile.
Step 2
Select Add New.
Step 3
12-29
Chapter 12
How to Configure Video Calls and Videoconferencing
Field
Setting
Name
Enter the profile name.
Description
(Optional) Enter a profile description.
Primary CTI Gateway

Server and Backup CTI
Gateway Server
Select a primary server and backup servers.
Make this the Default CTI

Gateway Profile for the
System
Check so that any new users that are added to the system are
automatically placed into this default profile.
Users who are already synchronized to Cisco Unified Presence from
Cisco Unified Communications Manager are not added to the default
profile. However, after the default profile is created, any users
synchronized after that are added to the default profile.
Step 4
Select Add Users to Profile.
Step 5
Use the Find and List Users window to find and select users.
Step 6
Select Add Selected to add users to the profile
Step 7
Select Save in the main CTI Gateway Profile window.
Related Topics
Configuring Users for Point-to-Point Video Calls and for Multipoint Videoconferencing, page 12-30

Configuring Bandwidth Capability for Cisco Unified Personal Communicator, page 12-33
(Cisco Unified Personal Communicator Release 8.x) How to Configure Cisco Unified IP Phones for
Video, page 12-34
Configuring Users for Point-to-Point Video Calls and for Multipoint

Videoconferencing
Procedure
Step 1
(Cisco Unified Personal Communicator Release 7.1) For point-to-point video calls, configure users for
softphone use.
12-30
Chapter 12

Step 2
(For multipoint videoconferencing) If you want Cisco Unified Personal Communicator softphone users
to have merged conference calls (three or more parties) with audio and video support, you must first
configure videoconferencing resources.
Step 3
Distribute cameras that are supported for use with Cisco Unified Personal Communicator. For a list of
these cameras, see the Release Notes for Cisco Unified Personal Communicator:
The camera driver installer is not provided with some models of Cisco VT Camera. In this case, you must
distribute the installer.
For new installations:

If users are to perform the installation, distribute the camera, the camera driver installer (if a
driver is necessary), and the user guide.

If users already have a supported camera, do not distribute the driver.
Step 4
Provide users with the appropriate documentation to complete the installation.
Related Topics
For details about supported cameras, video codecs, and audio codecs, see the Release Notes for
Cisco Unified Personal Communicator:
Provide users with this documentation:

Cisco Unified Personal Communicator user documentation:
Cisco VT Camera Quick Start Guide (for use with Windows-based computers)
http://www.cisco.com/en/US/products/sw/voicesw/ps5662/prod_installation_guides_list.html
What To Do Next

Configuring Videoconferencing Resources and Ad-Hoc Conferencing on Cisco

Using Cisco Unified Communications Manager Administration, you can enable merged conference calls
(three or more parties) with audio and video support for Cisco Unified Personal Communicator users.
Any participant in the conference call can merge other participants into the conference.
Before You Begin
Install a supported release of the videoconferencing server.
Obtain the MAC address of the videoconference bridge.
12-31
Chapter 12
Procedure
Step 1
Perform the following configuration on Cisco Unified MeetingPlace Application Server Administration
Center:
Task
Menu Path
Enter the IP address of your Cisco Unified

Communications Manager in the Primary TFTP
server fields.
System Configuration > Call Configuration >

Ad-Hoc Cisco Unified Communications
Manager Configuration
Enter the MAC address of your Cisco Unified

Communications Manager in the Application
server MAC address field.
Add the licensing information.
Step 2
Maintenance > Licenses > Install Licenses
Perform the following configuration on Cisco Unified Communications Manager:

Task
Menu Path
Configure the videoconference bridge.
Cisco Unified CM Administration >

Media Resources > Conference Bridge
Create a media resource group list.
Cisco Unified CM Administration >

Media Resources > Media Resource Group List
Add the videoconference bridge to the media

resource group list.
Create a media resource group.
Cisco Unified CM Administration > Media

Add a media resource to the media resource group. Resources > Media Resource Group
Cisco Unified CM Administration > Device >
Assign devices to the media resource group list.
Search for the device in the Find and List Phones Phone
window. Select the device, then select the list from
the Media Resource Group List drop-down list.
Step 3
(Optional) To enable any participant to add more participants to the conference, perform the following
steps:
a.
Select Cisco Unified CM Administration > System > Service Parameters in Cisco Unified
Communications Manager Administration.
b.
Select your Cisco Unified Communications Manager server from the Server drop-down list.
c.
Select Cisco CallManager (Active) from the Service drop-down list.
d.
To enable any participant to add more participants the conference, set Advanced Ad Hoc Conference
Enabled to True in the Clusterwide Parameter (Feature - Conference) section.
e.
To specify a minimum number of video-capable participants for ad-hoc conferences, enter the
minimum number in the Minimum Video Capable Participants To Allocate Video Conference
field in the Clusterwide Parameters (Feature - Conference) section.
When an ad-hoc conference starts, the conference uses an audio bridge or a video bridge, depending
on the value in this setting. For example, if you set this setting to 2, a minimum of two participants
in the conference must have video-enabled devices. If this at least two participants do not have
video-enabled devices, then the conference becomes an audio-only conference. The participants
cannot change the conference to video after this happens.
12-32
Chapter 12

f.
Step 4
Select Save.
Associate the phone with the new media resource group list:
a.
Select Cisco Unified CM Administration > Device > Phone.
b.
Under Search Options, search for the directory number of the phone, and when it is found, select the
device name.
c.
In the Phone Configuration window in the Device Information section, find the Media Resource
Group List, and select the media resource group list that you just configured.
d.
Select Enabled for Video Capabilities in the Product Specific Configuration Layout section.
e.
Select Save.
f.
Select Reset.
Related Topics
For details about the Cisco Unified Videoconferencing server installation, see the product
installation guide:
http://www.cisco.com/en/US/products/hw/video/ps1870/tsd_products_support_series_home.html
For detailed instructions about media resource configuration for Cisco Unified Videoconferencing,
use the Cisco Unified Communications Manager Administration online help or the Cisco Unified
For details about supported Cisco Unified Videoconferencing releases, see the Release Notes for
For detailed Cisco Unified MeetingPlace configuration instructions, see the Administration
Documentation for Cisco Unified MeetingPlace:
http://www.cisco.com/en/US/products/sw/ps5664/ps5669/prod_installation_guides_list.html
For detailed Cisco Unified Communications Manager configuration instructions, use the
Cisco Unified Communications Manager Administration online help or the Cisco Unified
Configuring Users for Point-to-Point Video Calls and for Multipoint Videoconferencing, page 12-30
Configuring Bandwidth Capability for Cisco Unified Personal Communicator

Cisco Unified Personal Communicator uses a Cisco Unified Communications Manager device type
called Cisco Unified Client Services Framework. The bandwidth capability of the Cisco Unified Client
Services Framework device that is associated with an installation of Cisco Unified Personal
Communicator, is one of several factors that determine the video capability of the Cisco Unified
Personal Communicator for the user.
To configure the bandwidth capability of Cisco Unified Client Services Framework devices, use the
region settings of the device pool that the Cisco Unified Client Services Framework device is in. The
following settings affect the bandwidth capability of the device:
12-33
Chapter 12
Audio Codec
Video Call Bandwidth
For more information about region and device pool configuration in Cisco Unified
Communications Manager, see the Cisco Unified Communications Manager Administration online
help, or the Cisco Unified Communications Manager Administration Guide:
(Cisco Unified Personal Communicator Release 8.x) How to Configure

Cisco Unified IP Phones for Video
The Cisco Unified Client Services Framework (CSF) device type is always video-enabled, so you do not
need to configure devices of this type. However, you must explicitly configure Cisco Unified IP Phones
to enable video.
If you want Cisco Unified Personal Communicator to be able to send and receive video, you must select
the following devices as controlled devices for the user:
Note
The Cisco Unified Client Services Framework device
Any desk phone devices
When you use your Cisco Unified IP Phone for phone calls, you can only use video on your computer if
the Cisco Unified IP Phone uses Skinny Client Control Protocol (SCCP).
To configure a Cisco Unified IP Phone for video, you must perform the following tasks:
Network and Your Computer, page 12-34
(Cisco Unified Personal Communicator Release 8.x) Enabling Video for a Cisco Unified IP Phone,
page 12-35
Network and Your Computer
Procedure
Step 1
Connect the SW port on the Cisco Unified IP Phone to the network.
Step 2
Connect the PC port on the Cisco Unified IP Phone to the controlling PC with an Ethernet cable.
What To Do Next
(Cisco Unified Personal Communicator Release 8.x) Enabling Video for a Cisco Unified IP Phone,
page 12-35
12-34
Chapter 12

(Cisco Unified Personal Communicator Release 8.x) Enabling Video for a Cisco Unified IP Phone
Procedure
Step 1
Select Device > Phone in Cisco Unified Communications Manager Administration.
Step 2
Find the device that you want to configure.
Step 3
Click on the Device Name.
Step 4
Scroll to the Product Specific Configuration Layout section.
Step 5
Select Enabled from the PC Port drop-down list.
Step 6
Select Enabled from the Video Capabilities drop-down list.
Step 7
Select Save.
When video is enabled on the phone, a video icon is displayed in the lower-right corner of the LCD
screen.
12-35
Chapter 12
12-36
CH A P T E R
13
Configuring Voicemail, Conferencing, and Other

Features for Cisco Unified Personal
Communicator
May 30, 2012
This chapter includes the information required to configure Cisco Unified Personal Communicator
features. For information specific to Cisco Jabber clients, such as Jabber for Windows, see the
appropriate client documentation below:
If you want to continue with information specific to Cisco Unified Personal Communicator, proceed
with the contents in this chapter:
About Secure Voicemail Messaging, page 13-2
How to Configure Voicemail Servers for Cisco Unified Personal Communicator, page 13-4
How to Configure Conferencing Servers for Cisco Unified Personal Communicator, page 13-12
(Cisco Unified Personal Communicator Release 8.x) Creating Audio Profiles on Cisco Unified
Configuring CCMCIP Profiles for Cisco Unified Personal Communicator Release 8.x, page 13-24
About Configuring Third-Party Clients on Cisco Unified Presence, page 13-26
(Cisco Unified Personal Communicator Release 8.5) How to Use Cisco Unified Personal
Communicator as a Desktop Agent, page 13-26
(Cisco Unified Personal Communicator Release 8.5) Distributing HTML Files for Display in the
Cisco Unified Personal Communicator Window, page 13-29
13-1
Chapter 13
Configuring Voicemail, Conferencing, and Other Features for Cisco Unified Personal Communicator
About Secure Voicemail Messaging
About Migrating Users from Cisco Unified Personal Communicator Release 7.x to Cisco Unified
Personal Communicator Release 8.x, page 13-30
How to Update User Configuration After Deploying Cisco Unified Personal Communicator,
page 13-30
Secure Voicemail Messaging on Cisco Unity Connection, page 13-2
Secure Voicemail Messaging on Cisco Unity, page 13-2
Secure Voicemail Messaging Configuration, page 13-3
Secure Voicemail Messaging on Cisco Unity Connection

In Cisco Unity Connection, when a user sends a message, class-of-service settings determine the
security level of the message. When a user marks a message as private, Cisco Unity Connection
automatically marks the message as secure.
Cisco Unity Connection provides audio for secure voicemail messages through a special IMAP port,
port 7993. This port requires Transport Layer Security (TLS). Cisco Unified Personal Communicator
uses this port to access, download, and play the secure message.
For information about installing and configuring secure message features on Cisco Unity Connection,
see the Cisco Unity Connection documentation.
Related Topics
See the Cisco Unity Connection Security Guide at the following URL:
http://www.cisco.com/en/US/products/ps6509/prod_maintenance_guides_list.html
Secure Voicemail Messaging Configuration, page 13-3
Secure Voicemail Messaging on Cisco Unity

Cisco Unity uses public-key cryptography to send secure messages. Each Cisco Unity server in the
network has a public key and a private key. The public key for each server is stored in the Cisco Unity
database and is shared through Active Directory with other Cisco Unity servers in the network.
The Cisco Unity server generates new session keys daily. The server uses the session key to encrypt the
voice mail, and to control the age of messages. Users cannot play messages that are encrypted with keys
that are older than the age policy allows.
Cisco Unity uses Microsoft Exchange to store secure messages. You configure all subscriber mailboxes
on these message store servers. Cisco Unified Personal Communicator connects to the message store and
performs the following actions:
1.
Uses IMAP to download the message from Exchange.
2.
Determines if the message is encrypted.
3.
If the message is not encrypted, Cisco Unified Personal Communicator plays the message.
4.
If the message is encrypted, the following happens:
13-2
Chapter 13
a. Cisco Unified Personal Communicator extracts the encrypted session keys from the .wav file for
the message.
b. Cisco Unified Personal Communicator submits the keys to the Cisco Unity server.
c. The Cisco Unity server tries to decrypt the session keys. The server uses the private key
certificates in the Cisco Unity database.

d. If the Cisco Unity server decrypts the session key, Cisco Unified Personal Communicator uses
the key to decrypt the message, and plays the messages to the user.
Related Topics
See the Cisco Unity Security Guide with Microsoft Exchange at the following URL:
http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_maintenance_guides_list.htm
Configuring Cisco Unity Servers, page 13-6
Secure Voicemail Messaging Configuration

The required configuration is different, depending on what type of secure messaging you want to
configure:
Table 13-1
Note
Secure Messaging Type Action
Menu path
SOAP
Make sure that the web service port and

protocol are configured. You configure
the web service port and protocol when
you specify the voicemail server name
and address.

Administration > Application >
Cisco Jabber > Voicemail
Server
IMAP
Make sure that the IMAP port and

protocol are configured. You configure
the IMAP port and protocol when you
specify the mailstore server name and
address.

Administration > Application >
Cisco Jabber > Mailstore
Cisco Unity requires SOAP configuration for secure messaging. Cisco Unity Connection does not
require SOAP configuration for secure messaging.
Related Topics
See the Cisco Unity security guide with Microsoft Exchange at the following URL:
Configuring Voicemail Server Names and Addresses on Cisco Unified Presence, page 13-9
Configuring Mailstore Server Names and Addresses on Cisco Unified Presence, page 13-9
13-3
Chapter 13 Configuring Voicemail, Conferencing, and Other Features for Cisco Unified Personal Communicator
How to Configure Voicemail Servers for Cisco Unified Personal Communicator
How to Configure Voicemail Servers for Cisco Unified Personal

Communicator
Note
Configuring Cisco Unity Connection Servers, page 13-4
Creating Voicemail Profiles on Cisco Unified Presence, page 13-11
Before you perform the tasks described here, make sure that you fully integrate Cisco Unified Personal
Communicator with Cisco Unified Communications Manager and Cisco Unified Presence.
Configuring Cisco Unity Connection Servers

Cisco Unity Connection provides Cisco Unified Personal Communicator users with the ability to view,
play, sort, and delete voicemail messages from the Cisco Unified Personal Communicator interface.
Before You Begin
Install and configure a supported release of Cisco Unity Connection.
Integrate Cisco Unified Communications Manager and Cisco Unity Connection. Both servers must
be installed and running to configure voicemail ports.
Procedure
Step 1
Step 2
Step 3
Set up a new or existing class of service in Cisco Unity Connection Administration to enable Internet
Mail Access Protocol (IMAP) client access to voice messages.
a.
Expand Class of Service in the section on the left-hand side.
b.
Select Class of Service.
c.
Select the display name of the applicable class of service in the Search Results table, in the Search
Class of Service window.
d.
Check Allow Users to Use Unified Client to Access Voice Mail, under Features.
e.
Check Allow Users to Access VoiceMail Using an IMAP Client, under Licensed Features. Then
select Allow Users to Access Message Bodies.
f.
Select Save.
Configure the user:
If the users are existing Cisco Unity Connection users, add them to the Cisco Unified
Communications Manager database and to Cisco Unified Presence. Proceed to Step 4.
If the user is a new Cisco Unified Personal Communicator user, add the user to Cisco Unified
Communications Manager database, Cisco Unity Connection, and to Cisco Unified Presence.
Create a Connection user account on the Cisco Unity Connection server with a voice mailbox for each
Cisco Unified Personal Communicator user.
13-4
Chapter 13
Note
Step 4
Step 5
Step 6
The user ID in Cisco Unity Connection does not need to match the user ID in Cisco Unified Presence or
in Cisco Unified Personal Communicator. Cisco Unified Personal Communicator has an independent
voicemail ID, which is set in the application Preference window. However, you might find it useful to
have the same user IDs across your Cisco Unified Communications system.
(Optional) Enable secure messaging as follows:
a.
Expand Class of Service in the section on the left-hand side, and then select Class of Service.
b.
Select an option from Require Secure Messaging in the Message Options section to enable secure
messages.
(Optional) Specify how to handle unidentified caller message security for your users as follows:
a.
Expand Users in the section on the left-hand side.
b.
Select Users.
c.
Select the alias of a user.
d.
Select Edit > Message Settings.
e.
Check Mark Secure in Unidentified Callers Message Security.
If one does not already exist, specify a web application password in Cisco Unity Connection for the
applicable user accounts.
Users must enter their voicemail credentials, that is, their username and password, in the
Cisco Unified Personal Communicator application.
If the server can be contacted and the user credentials are correct, but voicemail messages are not
downloaded, do the following:
Check the configuration of port 7993.
Make sure that Cisco Unity Connection is listening on port 7993.
Check the firewall configuration. Use Telnet from a remote computer to the computer running
Cisco Unified Personal Communicator, and make sure that you can connect to the firewall.
Allow the Cisco Unified Client Services Framework executable file (cucsf.exe) to establish
IMAP network connections using TCP, TLS, and SSL at the appropriate server and port. For
information about the ports and protocols used by Cisco Unified Personal Communicator and
Cisco Unified Client Services Framework, see the Release Notes for Cisco Unified Personal
Communicator:
Related Topics
For details about supported Cisco Unity Connection releases, see the Release Notes for
For details about the voicemail configuration on Cisco Unified Communications Manager, see the
Cisco Unified Communications Manager Administration Guide:
13-5
For details about setting up the Connection user account and configuring a web application
password onCisco Unity Connection, see the Cisco Unity Connection User Moves, Adds, and
Changes Guide:
What To Do Next
Configuring Cisco Unity Servers

Cisco Unity receives calls, plays greetings, and records and encodes voicemail. When a voicemail is
received, Cisco Unity adds the .wav file to an email and sends it to the configured email account.
Cisco Unity creates a subscriber mailbox on the Microsoft Exchange server for use as its mailstore server
for message storage.
When Cisco Unified Personal Communicator users want to listen to their voicemails, they use
Cisco Unified Personal Communicator to retrieve them from the mailstore server through IMAP.
Cisco Unified Personal Communicator supports both the Cisco Unity unified messaging and the
Cisco Unity voice messaging configurations. With unified messaging, the Exchange server email
account supports both voicemail and email. With voice messaging, the Exchange server email account
contains only voicemail messages.
Before You Begin
Install and configure a supported release of Cisco Unity.
Integrate Cisco Unified Communications Manager and Cisco Unity. Both servers must be installed
and running to configure voicemail ports.
If you plan to use SSL to provide secure transmission with the mailstore server, you must set up
Cisco Unity to use SSL during the installation or upgrade (or at any time after the installation or
upgrade is complete). You must designate a server to act as your certificate authority, submit a
certificate request, issue the certificate, and install it on the Cisco Unity server.
Procedure
Step 1
Configure the Microsoft Exchange server to use the IMAP virtual server:
13-6
Chapter 13
To Configure This Release
Do This
Microsoft Exchange 2003
a.
Select Start > All Programs > Microsoft Exchange >

System Manager.
b.
In the section on the left-hand side of the System Manager,

expand Servers.
c.
Select the server name.
d.
Select Protocols > IMAP.
e.
Right-click, and select Start Server.
a.
Select Start > Run, enter services.msc, and select OK.
b.
Select the Microsoft Exchange IMAP4 service, and select

Start. This service is not started by default.
Step 2
Configure the port and encryption type:

To Configure This Server
Do This
a.
Right-click IMAP Virtual Server, and select Properties.
b.
Select Authentication from the Access tab.

Verify that Requires SSL/TLS Encryption is not
checked to use TCP and SSL connection.

Verify that Requires SSL/TLS Encryption is checked
to use SSL only.

c.
Select OK.
a.
Select Start > Programs > Microsoft Exchange Server

2007 > Exchange Management Shell.
b.
Specify the authentication settings for the Client Access

Server that is running the IMAP4 service through the
Exchange Power Shell.
Note
c.
Microsoft Exchange 2007 uses SSL by default.

Execute one of the following commands for the appropriate
setting:
For plain text login: set-imapsettings -LoginType
PlainTextLogin
For SSL: set-imapsettings -LoginType SecureLogin
Step 3
Configure the user:
If the user is an existing Cisco Unity user, add the user to the Cisco Unified
Communications Manager database and to Cisco Unified Presence.
13-7
If the user is a new user, add the user to the Cisco Unified Communications Manager database,
Cisco Unity (which adds the user to Exchange and to Active Directory), and to Cisco Unified
Presence.
Step 4
Create mailboxes for new and existing users. For details, see the documentation for your Exchange
server.
Step 5
(Optional) Enable secure messaging as follows:

a.
Select Subscribers > Subscribers > Features to make the change on a subscriber template.
The change you make here is not applied to current subscriber accounts that were created by using
this template. The setting applies only to subscriber accounts that are created by using this template
after the change has been made.
b.
Select an option from the Message Security When Sending a Message list to enable secure messages.
For example, select Encrypt All Messages.
This setting specifies whether messages are encrypted when subscribers send messages to other
subscribers.
Step 6
c.
Select Save.
d.
Repeat these steps for additional subscribers or subscriber templates, as applicable.
(Optional) Enable secure messaging for messages from unidentified callers:

a.
Select System > Configuration > Message Security Settings.
b.
Specify whether messages from unidentified callers are encrypted. Select an option from the list.
c.
Select Save.
Troubleshooting Tip
Cisco Unified Personal Communicator users must enter their Cisco Unity credentials in the
Cisco Unified Personal Communicator Preferences window.
Related Topics
For details about the Cisco Unity server installation with Microsoft Exchange, see the following
URL:
http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_installation_guides_list.html
For details about supported Cisco Unity releases, see the Release Notes for Cisco Unified Personal
Communicator at the following URL:
For details about the voicemail configuration on Cisco Unified Communications Manager, see the
Cisco Unified Communications Manager Administration Guide at the following URL:
To configure Cisco Unity to use SSL, see the security guide:

What To Do Next
13-8
Chapter 13
Configuring Voicemail Server Names and Addresses on Cisco Unified

Presence
You must configure voicemail settings so that the Cisco Unified Personal Communicator can interact
with the voice message web service (VMWS) on Cisco Unity or Cisco Unity Connection. The VMWS
service enables Cisco Unified Personal Communicator to move deleted voicemail messages to the
correct location. This service also provides message encryption capabilities to support secure messaging.
Before You Begin
Configure a supported voicemail server.
Obtain the hostname or IP address of the voicemail server. You might need to specify more than one
hostname to provide services for the number of users in your environment.
For Cisco Unity, you must also obtain the hostnames or IP addresses of the peer Microsoft Exchange
server or servers.
Perform this procedure for each voicemail server in your environment.
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > Cisco Jabber > Voicemail Server.
Step 2
Select Add New.
Step 3
Select Unity or Unity Connection from the Server Type menu.
Step 4
Enter the Cisco Unity Connection or Cisco Unity server name.
Step 5
Enter the hostname or the IP address of the voicemail server.
Step 6
Enter 443 for the Web Service Port value.
Step 7
Select HTTPS in Web Service Protocol menu.
Step 8
Select Save.
Related Topics
Configuring Cisco Unity Connection Servers, page 13-4
What To Do Next
Configuring Mailstore Server Names and Addresses on Cisco Unified Presence

You must configure Cisco Unified Presence with mailstore information so that Cisco Unified Personal
Communicator can connect to the mailstore. Cisco Unified Personal Communicator uses IMAP to
download messages.
Cisco Unity creates subscriber mailboxes for message storage on the Microsoft Exchange server.
Cisco Unity Connection usually provides a mailstore, and hosts the mailstore on the same server.
13-9
The following table describes the protocols you can use for voicemail messages, and the security features
the protocols implement for voicemail messages:
Protocol
Description
SSL
Uses a secure socket to encrypt usernames, passwords, and voicemail messages.
TCP
Sends usernames, passwords, and voicemail messages in clear text.
TLS
Uses the STARTTLS verb of IMAP to encrypt usernames, passwords, and voicemail
messages.
Before You Begin
Obtain the hostname or IP address of the mailstore server.
If you upgrade from Cisco Unified Presence Release 6.0(x) to Release 7.0(x), Cisco Unified
Presence automatically imports the IMAP settings into the mailstore configuration window.
Restrictions
You must provision mailstore servers before you can add the servers to the voicemail profiles.
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > Cisco Jabber > Mailstore.
Step 2
Select Add New.
Step 3
Enter the mailstore server name.
Step 4
Enter the hostname or the IP address of the mailstore server.
Step 5
Specify the IMAP port number configured for the server and the corresponding protocol to use when
Cisco Unified Personal Communicator contacts this server:
Server
Protocol
Port Number
Cisco Unity Connection
SSL
993
TCP
143
TLS
143 or 7993
SSL
993
TCP
143
TLS
143
Cisco Unity
Step 6
Select Save.
Related Topic
What To Do Next
Creating Voicemail Profiles on Cisco Unified Presence, page 13-11
13-10
Chapter 13
Creating Voicemail Profiles on Cisco Unified Presence

You must create voicemail profiles before you can add Cisco Unified Personal Communicator licensed
users to profiles.
Repeat this procedure for each voicemail profile you want to create.
Before You Begin
Specify voicemail server names and addresses.
Specify mailstore server names and addresses.
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > Cisco Jabber > Voicemail Profile.
Step 2
Select Add New.
Step 3
Enter the profile name and description.
Step 4

Field
Setting
Voice Messaging Pilot
(Optional) The voicemail pilot number is the directory number that

a user dials to access their voice messages. Cisco Unified
Communications Manager automatically dials the voice-messaging
number when a user presses the Messages button on their phone.
Each pilot number can belong to a different voice-messaging
system.
Select one of the following options:
NumberSelect the voicemail pilot number for the system.

This is the same as the number specified from the Voice Mail >
Voice Mail Pilot menu, in Cisco Unified
Communications Manager Administration.
No Voice MailSelect this option if you do not want to send

unanswered incoming calls to voice mail.
Primary Voicemail Server
Select a primary server. Select one of the mailstore servers you

specified.
Backup Voicemail Server
(Optional) Enter the name of your backup voicemail server. If you

do not want a backup voicemail server, select None.
Primary Mailstore
Select the primary mailstore server. Select one of the mailstore

servers you specified.
Backup Mailstore
(Optional) Enter the name of your backup mailstore server. If you

do not want a backup voicemail server, select None.
Make this the default Voicemail (Optional) Check this option if you want new users to be
Profile for the system
automatically added to the default profile.
Cisco Unified Communications Manager are not added to the
default profile. However, any users who are synchronized after the
default profile is created are added to the default profile.
13-11
How to Configure Conferencing Servers for Cisco Unified Personal Communicator
Step 5
(Cisco Unified Personal Communicator Release 8.x) Enter information into the fields:
Field
Setting
Inbox Folder
Enter the name of the folder on the mailstore server in which to store
new messages. Only change this value if the mailstore server uses a
different folder name from the default folder.
Default Folder: INBOX
Trash Folder
Enter the name of the folder on the mailstore server in which to store
deleted messages. Only change this value if the mailstore server
uses a different folder name from the default folder.
Default Folder: Deleted Items
Polling Interval
Enter the time (in seconds) that can elapse between polls of the
IMAP server for new voice messages, when IDLE is not supported
by the mailstore or when a connection failure occurs.
Default Value: 60
Permitted Values: 60900
Allow dual folder mode
(Optional) This dual folder setting is turned on by default for use

with mailstores that support the IMAP UIDPLUS extensions (RFC
2359 and 4315). By default, the Client Services Framework (CSF)
will detect if UIDPLUS is not supported and automatically revert to
Single Folder mode.
Turn off this setting if you know that UIDPLUS is not supported and
you want to force the system to use Single Folder mode.
Default Setting: On
Tip
The Microsoft Exchange 2007 server does not support

UIDPLUS extensions.
Step 6
Step 7
Use the Find and List Users window to find and select users, and select Add Selected to add users to the
profile.
Step 8
Select Save.
Related Topics
Configuring Mailstore Server Names and Addresses on Cisco Unified Presence, page 13-9.
How to Configure Conferencing Servers for Cisco Unified

Note
Before you perform the tasks described here, make sure you fully integrate Cisco Unified Personal
Communicator with Cisco Unified Communications Manager and Cisco Unified Presence.
13-12
Chapter 13
About the Conferencing Servers for Cisco Unified Personal Communicator, page 13-13
(Cisco Unified Personal Communicator Release 7.1) Configuring Cisco Unified

MeetingPlace Express and Cisco Unified MeetingPlace Express VT Servers, page 13-13
Configuring Cisco Unified MeetingPlace Servers, page 13-16
(Cisco Unified Personal Communicator Release 8.x) Configuring the Cisco Unified MeetingPlace
Web Server, page 13-18
Adding Custom Cisco Unified MeetingPlace Template Files to a Cisco Unified MeetingPlace7.x
(Cisco Unified Personal Communicator Release 8.5) Configuring Cisco Webex Servers, page 13-19
Configuring Conferencing Server Names and Addresses on Cisco Unified Presence, page 13-19)
Creating Conferencing Profiles on Cisco Unified Presence, page 13-21
About the Conferencing Servers for Cisco Unified Personal Communicator

Cisco Unified Personal Communicator can be configured to launch ad-hoc conference calls and web
meetings on the following products:
Conferencing Server(s)
Cisco Unified Personal Communicator Version
Cisco Unified MeetingPlace
All versions
Cisco Unified MeetingPlace Express
7.1
Cisco Unified MeetingPlace Express VT1 2
8.x
Cisco Webex Node for MCS integrated with

8.0
Cisco Webex Node for MCS
7.1, 8.5
1. Can be used for conference calls with video if Cisco Unified Communications Manager is configured to use Cisco Unified
MeetingPlace Express VT.
2. Does not support web meetings.
You can use Cisco Unified Personal Communicator to join Cisco Unified MeetingPlace and
Cisco Webex scheduled meetings as follows:
Conferencing Server
Cisco Unified Personal Communicator Version
All versions
Cisco Webex
8.5

MeetingPlace Express and Cisco Unified MeetingPlace Express VT Servers
Cisco Unified MeetingPlace Express or Cisco Unified MeetingPlace ExpressVT provide Cisco Unified
Personal Communicator users with the ability to add web meetings from within an existing audio or
video communication session. With Cisco Unified MeetingPlace Express VT, users can move from
point-to-point to multi-party voice and video calls.
13-13
Before You Begin
Install a supported release of the web conferencing server (Cisco Unified MeetingPlace Express or
Cisco Unified MeetingPlace Express VT).
Integrate the web conferencing server with Cisco Unified Communications Manager.
Determine the number of Cisco Unified MeetingPlace Express (or Cisco Unified
MeetingPlace Express VT) user licenses that are needed to provide enough web ports for meetings
initiated through Cisco Unified Personal Communicator.
Procedure
Step 1
Integrate the web conference server with Cisco Unified Personal Communicator:
To Configure This Server
Do This
Cisco Unified
MeetingPlace Express adhoc
conferencing functionality
a.
Install the following licenses through the Cisco Unified

MeetingPlace Express Administration Center:
adhocsystemsoftware
webconf
maxadhoc
This provides enough web ports for Cisco Unified Personal

Communicator users. Cisco Unified Personal Communicator
requires support for more than six voice, six video, and six web
ports.
For Cisco Unified

MeetingPlace Express
reservationless functionality:
b.
Configure Cisco Unified MeetingPlace Express VT for adhoc

conferencing by following the instructions in the Cisco Unified
MeetingPlace Express Configuration and Maintenance Guide.
a.
Install the following licenses:
systemsoftware
webconf
maxweb
This provides enough web ports for both the full web meetings that
are initiated from Cisco Unified MeetingPlace Express, and the
web meetings that are initiated from Cisco Unified Personal
Communicator.
b.
Step 2
Configure Cisco Unified MeetingPlace Express for integration

with Cisco Unified Personal Communicator. For Cisco Unified
MeetingPlace Express-specific information about integrating with
Cisco Unified Personal Communicator, managing certificates,
creating user profiles, and configuring call-control, see the
Cisco Unified MeetingPlace Express Configuration and
Maintenance Guide.
If not already enabled, enable the Secure Sockets Layer (SSL) encryption technology on the web
conference server by obtaining and uploading the required certificates from a trusted certificate authority
(CA).
13-14
Chapter 13
The certificate is required for secure communications between Cisco Unified Personal Communicator
and the web conference server. Without SSL, clear text passwords are sent from Cisco Unified Personal
Communicator to the web conferencing server and from the sign in browser to the web conferencing
server.
Step 3
Set up a user profile on the web conference server for each Cisco Unified Personal Communicator user
who might initiate web meetings from a Cisco Unified Personal Communicator conversation.
You do not need to create a user profile for Cisco Unified Personal Communicator users who attend
web meetings. They join the web meeting as guests, and a password is not needed.
Make sure to set the Method of Attending to Ill Call In for users who might initiate web meetings;
otherwise, the web conference system will try to contact the user who selected the Escalate to Web
Conference button in Cisco Unified Personal Communicator. Make sure to ask users not to change
this setting.
Step 4
Assist users with the Presenter Add-In installation so that desktops, documents, or computer applications
can be shared.
Step 5
Change the network configuration so that inbound calls from the public switched telephone network
(PSTN) to Cisco Unified Personal Communicator support RFC2833.
For inbound calls, Cisco Unified Personal Communicator requires RFC2833 support if these calls
require dual tone multifrequency (DTMF) digit collection. Inbound calls to the client will not be
answered with key press markup language (KPML) support.
A typical inbound call scenario is when the web conference server calls the user as a conference is
being set up. In this situation, if the inbound call from the PSTN supports RFC2833, the Cisco
Unified Personal Communicator user can join the meeting by using the session dial pad.
For outbound calls, Cisco Unified Personal Communicator supports both KPML and RFC2833 digit
collection.
As an alternative to setting up a user profile on the web conference server, you can configure the
Administrative XML Layer Simple Object Access Protocol (AXL SOAP) authentication on
Cisco Unified Communications Manager to simplify the web conference user profile
administration. With this configuration, the Cisco Unified Personal Communicator meeting initiator
needs a Cisco Unified Communications Manager profile instead of a web conference user profile.
With AXL authentication, when the initiator requests a meeting for the first time through Cisco
Unified Personal Communicator, a web conference profile is automatically created for the initiator.
Cisco Unified Personal Communicator users must enter their Cisco Unified MeetingPlace Express
credentials in the Cisco Unified Personal Communicator Preferences window.
Related Topics
For details about Cisco Unified MeetingPlace Express or Cisco Unified MeetingPlace Express VT
the server installation, see the product installation guide:
http://www.cisco.com/en/US/products/ps6533/prod_installation_guides_list.html
For details about supported Cisco Unified MeetingPlace Express releases, and the supported and
unsupported meeting controls, see the release notes:
For details on integrating the web conferencing server with Cisco Unified
Communications Manager, see the Cisco Unified Communications Manager documentation:
13-15
For details on configuring Cisco Unified MeetingPlace Express VT or Cisco Unified

MeetingPlace Express, see the product configuration and maintenance guide:
For details on the Presenter Add-In installation, see the product user guide:
For a description of the characteristics of a web conference that you add to a Cisco Unified Personal
Communicator conversation, see the user documentation at the following URL:
What To Do Next
Configuring Conferencing Server Names and Addresses on Cisco Unified Presence, page 13-19
Configuring Cisco Unified MeetingPlace Servers

Cisco Unified MeetingPlace provides a more extensive feature set (such as scheduled and
reservationless rich-media conferencing) and allows more concurrent users than Cisco Unified
MeetingPlace Express or Cisco Unified MeetingPlace Express VT. With Cisco Unified MeetingPlace, a
Cisco Unified Personal Communicator user can start a meeting from an instant message conversation,
from a phone conversation, or from a phone conversation with video.
Before You Begin
Install a supported release of the Cisco Unified MeetingPlace web conferencing server. For more
information about how to install and configure Cisco Unified MeetingPlace, see the Administration
Documentation for Cisco Unified MeetingPlace:
Integrate the web conferencing server with Cisco Unified Communications Manager.
Determine the number of web and audio conferencing user licenses that provide enough web ports
for meetings initiated through Cisco Unified MeetingPlace and through Cisco Unified Personal
Communicator.
Procedure
Step 1
Install web and audio conferencing user licenses.
Step 2
If not already enabled, enable the Secure Sockets Layer (SSL) encryption technology on the web
conference server. You must obtain and upload the required certificates from a trusted certificate
authority (CA).
The certificate is required for secure communications between Cisco Unified Personal Communicator
and the web conference server. Without SSL, clear text passwords are sent from Cisco Unified Personal
Communicator to the web conferencing server and from the sign in browser to the web conferencing
server.
Step 3
Set up a user authentication method on the web conference server.

The following authentication methods are supported for use with Cisco Unified Personal Communicator:
MeetingPlace
13-16
Chapter 13
Step 4
HTTP Basic Authentication (Domain)
LDAP
LDAP, then MeetingPlace
Set up a user profile on the Cisco Unified MeetingPlace server for each Cisco Unified Personal
Communicator user who might initiate web meetings from a Cisco Unified Personal Communicator
conversation.
Cisco Unified Personal Communicator users must enter their Cisco Unified MeetingPlace
credentials in the Cisco Unified Personal Communicator options or preferences window. Make sure
that you provide the password that is consistent with the configured authentication method. For
example, if you configured Cisco Unified MeetingPlace as the authentication method, provide the
user with the Cisco Unified MeetingPlace password. If you configured LDAP as the authentication
method, provide the user with the LDAP password.
You do not need to create Cisco Unified MeetingPlace user profiles for all Cisco Unified Personal
Communicator users. Cisco Unified Personal Communicator users who do not have
Cisco Unified MeetingPlace profiles can attend web conferences initiated by other Cisco Unified
Personal Communicator users as guests, and passwords are not needed. However, some
authentication methods, for example, HTTP Basic Authentication, do not allow Cisco Unified
Personal Communicator users to sign in to Cisco Unified MeetingPlace as guests.
If you configure multiple web servers with different authentication methods and mismatched
credentials, users might have problems when they try to sign in to web conferences.
Related Topics
For details about Cisco Unified MeetingPlace installation, see the product installation guide:
For details about supported Cisco Unified MeetingPlace releases, see the Release Notes for
For details about integrating the web conferencing server with Cisco Unified
Communications Manager, see the Cisco Unified Communications Manager documentation:
For details about setting up SSL and configuring authentication methods, see the
Cisco Unified MeetingPlace configuration guide:
http://www.cisco.com/en/US/products/sw/ps5664/ps5669/products_installation_and_configuration
_guides_list.html
What To Do Next
13-17
(Cisco Unified Personal Communicator Release 8.x) Configuring the

Cisco Unified MeetingPlace Web Server
Before You Begin
Install a supported release of the Cisco Unified MeetingPlace conferencing server. For more information
about how to install and configure Cisco Unified MeetingPlace, see the Administration Documentation
for Cisco Unified MeetingPlace:
Procedure
Step 1
If required, enable a secure connection between Cisco Unified Personal Communicator and the
Cisco Unified MeetingPlace Application Server. You must obtain and upload the required certificates
from a trusted certificate authority (CA).
Step 2
Create a user profile on the Cisco Unified MeetingPlace Application Server for each Cisco Unified
Personal Communicator user who wants to use the web conferencing feature.
Step 3
Configure a conferencing server entry on Cisco Unified Presence. Use the IP address of the
Cisco Unified MeetingPlace Web Server as the conferencing server.
Step 4
Use the conferencing server to create a conferencing profile. Check Make this the default
Conferencing Profile for the system for the conferencing profile.
Step 5
Create a conferencing profile on Cisco Unified Presence, and assign the Cisco Unified Personal
Communicator web conferencing users to the conferencing profile.
What To Do Next
Related Topic
Administration Documentation for Cisco Unified MeetingPlace:

Adding Custom Cisco Unified MeetingPlace Template Files to a

Cisco Unified MeetingPlace7.x Web Server
If your Cisco Unified Communications system uses Cisco Unified MeetingPlace Release 7.x, you must
install the following files on the Cisco Unified MeetingPlace Web server:
CSFGetProfileSuccess.tpl
CSFScheduleSuccess.tpl
You can get the above files from the Administration Toolkit. To access the Administration Toolkit,
navigate to Cisco Unified Personal Communicator from the Download Software page at the following
URL:
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875240
13-18
Chapter 13
You can copy these files to the correct location on the Cisco Unified MeetingPlace Web server. You do
not need to restart the server. The default location for these files is as follows:
C:\Program Files\Cisco Systems\MPWeb\Template
(Cisco Unified Personal Communicator Release 8.5) Configuring Cisco Webex

Servers
There is no specific configuration required to use Cisco Webex conferencing servers with Cisco Unified
Personal Communicator. Install a supported version of Cisco Webex Node for MCS or use a
Cisco Webex SaaS (software as a service) solution. For information about supported versions, see the
What To Do Next
Configuring Single Sign-on for Cisco Webex and Cisco Unified MeetingPlace, page 13-19
Configuring Single Sign-on for Cisco Webex and Cisco Unified MeetingPlace
To deploy Cisco Unified Personal Communicator in an environment where users join Cisco Webex
meetings using their Cisco Unified MeetingPlace credentials, and the credentials are verified by
Cisco Unified MeetingPlace, you must set a registry key value as follows:
Registry Key
Value
WebConfSSOIdentityProvider
meetingplace
The registry key is located in HKEY_CURRENT_USER\Software\Policies\Cisco Systems, Inc.\Client

Services Framework\AdminData.
Configuring Conferencing Server Names and Addresses on Cisco Unified

Presence
Before You Begin
Configure a supported conferencing server.
Obtain the hostname or IP address, and the port number, of the conferencing server.
If you are configuring a Cisco Webex Node for MCS server for conferencing and you are using
Release 7.0, you will need the Site ID and the Partner ID values assigned to your Cisco Webex site.
If you do not have these values, obtain them from your Cisco Webex administrator. These values are
optional if you are using Cisco Unified Personal Communicator Release 8.5.
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > Cisco Jabber > Conferencing
Server.
Step 2
Select Add New.
13-19
Step 3
Enter the conferencing server name.
Step 4
Enter an IP address or FQDN (Fully Qualified Domain Name) of the conferencing server.
Step 5
Specify the following data for the conferencing server:

a.
Enter the port number:

Enter 80 for HTTP.
Enter 443 for HTTPS.
b.
Enter the protocol to use when contacting this server:

HTTP: Selects Hypertext Transfer Protocol as the standard method for transferring data
between the server, Cisco Unified Personal Communicator, and the browser. Select this option
if your conferencing server does not have SSL enabled.
HTTPS: Selects Hypertext Transfer Protocol over SSL as the method for securely transferring
data between the server, Cisco Unified Personal Communicator, and the browser. Select this
option if your conferencing server has SSL enabled.
Note
We recommend that you use HTTPS.
Step 6
Specify the conferencing server type in the drop-down menu.
Step 7
If you select Cisco Webex as the server type:
Step 8
a.
Enter the Site ID number assigned to your Cisco Webex site. Cisco Webex provides you with an ID
number for your customer site when you deploy the Cisco Webex product. If you do not have a Site
ID number, contact your Cisco Webex administrator. The field is optional if you are using
Cisco Unified Personal Communicator Release 8.5.
b.
Enter the Partner ID (PID) value assigned to your Cisco Webex site. Cisco Webex provides you with
a PID when they enable the Cisco Webex Application Programming Interface (API) on your
Cisco Webex site. If you do not have a PID, contact your Cisco Webex administrator. The field is
optional if you are using Cisco Unified Personal Communicator Release 8.5.
Select Save.
Troubleshooting Tip
If you upgrade an existing Cisco Unified Presence server, the Server Type value may initially default to
Undefined. In this case, select one of the known types of conferencing server from the menu. If you
leave a conferencing server entry as Undefined, it may slow conferencing performance with
Related Topics

(Cisco Unified Personal Communicator Release 8.5) Configuring Cisco Webex Servers, page 13-19
13-20
Chapter 13
What To Do Next
Creating Conferencing Profiles on Cisco Unified Presence, page 13-21
Creating Conferencing Profiles on Cisco Unified Presence

You must create conferencing profiles on Cisco Unified Presence Administration and assign each profile
to a primary server.
Note
By contrast, a profile in Cisco Unified MeetingPlace or in Cisco Unified MeetingPlace Express defines
the privileges and preferences configured for a specific user in this application.
Before You Begin
You must create the conferencing profile before you can add Cisco Unified Personal Communicator
licensed users to the application profile.
You must first specify conferencing server names and addresses before you can select them in this
procedure.
Restrictions
Conferencing server failover is not supported in Cisco Unified Personal Communicator.

Procedure
Step 1
Select Cisco Unified Presence Administration > Application > Cisco Jabber > Conferencing
Profile.
Step 2
Select Add New.
Step 3
Enter the conferencing profile name.
Step 4
Field
Setting
Primary Conferencing Server
Select the conferencing server with which you want to associate this
conferencing profile. This drop-down list contains the conferencing
servers that you previously configured on the Conferencing Server
Configuration window. Change the primary conferencing server to
suit your network configuration.
Backup Conferencing Server
(Optional) Select up to two backup conferencing servers from the

drop-down list of preconfigured servers. If you do not configure any
backup conferencing servers, there will be no conferencing server
for Cisco Unified Personal Communicator clients if the first server
fails. Change the backup conferencing servers to suit your network
configuration.
13-21
Field
Setting
Server Certificate Verification
Specify how the conferencing server associated with this profile

supports TLS connections. This setting is for TLS verification of the
conferencing servers listed for this conferencing profile.
Select from the following options:
Self Signed or KeystoreCisco Unified Presence accepts the

certificate if the certificate is self-signed, or the signing
Certificate Authority certificate is in the local trust store. A
keystore is a file that stores authentication and encryption keys.
Any CertificateCisco Unified Presence accepts all valid

certificates.
Keystore OnlyCisco Unified Presence accepts only

certificates that are defined in the keystore. You must import the
certificate or its Certificate Authority signing certificate into the
local trust store.
Default Setting: Self Signed or Keystore

Make this the default
Conferencing Profile for the
system
(Optional) Check this option if you want new users to be

Step 5
Step 6
profile.
Step 7
Select Save.
Related Topics

What To Do Next

13-22
Chapter 13
(Cisco Unified Personal Communicator Release 8.x) Creating Audio Profiles on Cisco Unified Presence
(Cisco Unified Personal Communicator Release 8.x) Creating

Audio Profiles on Cisco Unified Presence
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > Cisco Jabber > Audio Profile.
Step 2
Select Add New.
Step 3
Step 4
Field
Setting
Make this the default Audio

(Optional) Check this check box if you want new users to be

Enable automatic gain control
(Optional) Check this option if you want automatic gain control

(AGC) to keep the audio output constant by:
Reducing the volume of a strong signal
Raising the volume of a weaker signal
Uncheck this option if you do not need AGC, or if it impedes the

audio output.
Default Setting: On
Automatic gain control type
Select the type of AGC to use.

Default Setting: Digital Only. This is the most common network
configuration and yields higher performance.
Enable noise suppression
(Optional) Check this check box to eliminate clicking, feedback or

other noise problems in your audio output. Uncheck this check box
if you do not want to apply noise suppression techniques, or if it
impedes the audio output.
Default Setting: On
Noise suppression policy
(Optional) Select the level of noise suppression that you require.

Default Setting: Low
Enable voice activity detection
(Optional) Check this check box if you want voice activity detection
(VAD) to detect the presence or absence of human speech, and
facilitate speech processing in an audio session. Uncheck this check
box if you do not need VAD, or if it impedes the audio output.
Default Setting: On
Voice activity detection mode
(Optional) Select the level of VAD you require.

Default Setting: Least Aggressive
13-23
Field
Setting
Enable echo cancellation
(Optional) Check this check box to remove echo from audio output
and improve the audio quality. Uncheck this check box if you do not
need echo cancellation, or if it impedes the audio output.
Default Setting: On
Echo cancellation mode
(Optional) Select the level of echo cancellation you require.

Default Setting: Normal
Echo cancellation type
Select High Echo if you expect that the echo will be loud
relative to the voice of the participant.
Select Attenuate if you expect that the echo will be quiet

relative to the voice of the participant. Note, however, that the
Acoustic Echo Suppression echo cancellation type does not
fully suppress the echo if you select Attenuate.
(Optional) Select the type of echo cancellation you require.

Default Setting: Acoustic Echo Cancellation
Troubleshooting Tip
If you select Attenuate as the Echo cancellation mode, the Acoustic

Echo Suppression echo cancellation type does not fully suppress the
echo.
Step 5
Step 6
profile.
Step 7
Select Save.
Configuring CCMCIP Profiles for Cisco Unified Personal

Communicator Release 8.x
The CCMCIP service runs on Cisco Unified Communications Manager and retrieves a list of devices
associated with each user. CCMCIP profiles are required before Cisco Unified Personal Communicator
Release 8.x clients can retrieve the list of user devices from Cisco Unified Communications Manager.
You can create a profile to control Cisco Unified Personal Communicator Release 8.x in deskphone
mode and to facilitate device discovery for desk phones and softphones. You can then associate selected
users to the newly created profile.
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > Cisco Jabber > CCMCIP Profile.
Step 2
Select Add New.
13-24
Chapter 13
Step 3
Step 4
Field
Setting
Primary CCMCIP Host
Enter the address of the server for the CCMCIP service to use to
retrieve the list of associated devices when users sign in to a device
or phone.
Enter the address in one of the following forms:
IP address
Host name
FQDN
This value must match exactly the IP address, host name, or FQDN
of the CCMCIP server.
Backup CCMCIP Host
Enter the address of the backup server for the CCMCIP service to
use if the primary CCMCIP server fails.
Enter the address in one of the following forms:
IP address
Host name
FQDN
This value must match exactly the IP address, host name, or FQDN
of the backup CCMCIP server.
Server Certificate Verification
Specify how the CCMCIP server associated with this profile

supports TLS connections. This setting is for TLS verification of the
CCMCIP servers listed for this CCMCIP profile.
Select from the following options:
Self Signed or KeystoreCisco Unified Presence accepts the

certificate if the certificate is self-signed, or the signing
Certificate Authority certificate is in the local trust store. A
keystore is a file that stores authentication and encryption keys.
Any CertificateCisco Unified Presence accepts all valid

certificates.
Keystore OnlyCisco Unified Presence accepts only

certificates that are defined in the keystore. You must import the
certificate or its Certificate Authority signing certificate into the
local trust store.
Default Setting: Self Signed or Keystore

Make this the default CCMCIP
(Optional) Check this option if you want new users to be

13-25
About Configuring Third-Party Clients on Cisco Unified Presence
Step 5
Step 6
profile.
Step 7
Select Save.
About Configuring Third-Party Clients on Cisco Unified

Presence
You must configure LDAP settings that allow Cisco Unified Presence to search for contacts in third-party
XMPP clients.
Related Topic
(Cisco Unified Personal Communicator Release 8.5) How to Use

Cisco Unified Personal Communicator as a Desktop Agent
You can start Cisco Unified Personal Communicator as a background application, which you can control
as a CTI device. Cisco Unified Personal Communicator starts without a graphical user interface and you
can only communicate with the client via a CTI connection. When you are running Cisco Unified
Personal Communicator as a desktop agent, there is no indicator on the desktop to show that the
application is running.
About Running Cisco Unified Personal Communicator as a Desktop Agent, page 13-26
Before You Start Cisco Unified Personal Communicator as a Desktop Agent, page 13-27
Starting Cisco Unified Personal Communicator as a Desktop Agent, page 13-28
Stopping Cisco Unified Personal Communicator as a Desktop Agent, page 13-28
About Running Cisco Unified Personal Communicator as a Desktop Agent

When you start Cisco Unified Personal Communicator as a desktop agent, the following features are not
available:
Availability - you appear offline.
Chat - you do not receive any instant messages.
Conversation history - any calls that you make are not listed in the call logs.
Video - you can make voice-only calls without video.
Web meetings are not available.
Call and chat features from applications such as Microsoft Outlook and Office are not available. You
can only modify your audio or call settings, such as the audio device or call forwarding options,
while running Cisco Unified Personal Communicator in normal mode. Any changes that you make
in normal mode are applied when you restart the application as a desktop agent.
13-26
Chapter 13
(Cisco Unified Personal Communicator Release 8.5) How to Use Cisco Unified Personal Communicator as a Desktop
Before you can start Cisco Unified Personal Communicator as a desktop agent, you must first:
Start the application in the normal manner.
Set the CcmcipServer1 andTftpServer1 registry keys.
Related Topics
Before You Start Cisco Unified Personal Communicator as a Desktop Agent

Before you can start Cisco Unified Personal Communicator in desktop agent mode, you must perform
some actions.
Procedure
Step 1
Set the following registry keys:
CcmcipServer1 - the IP address of the CCMCIP server
TftpServer1 - the IP address of the TFTP server
The registry keys are located at:

HKEY_CURRENT_USER/Software/Cisco Systems, Inc./Client Services Framework/AdminData
Note
These registry keys are ignored when you are using Cisco Unified Personal Communicator in
normal mode.
Step 2
Start Cisco Unified Personal Communicator in normal mode.
Step 3
Enter your credentials and check the Automatically sign in check box.
Step 4
Verify that your phone services are working as expected.
Note
Cisco Unified Personal Communicator will not operate in agent desktop mode if you are using
your desk phone for phone calls. Do not check the Use my desk phone for audio check box.
Step 5
Verify that your audio and call settings meet your requirements, for example, selected audio device and
call forwarding options. These settings cannot be modified in desktop agent mode.
Step 6
Select File > Exit to close the application.
Note
You must perform steps 2 to 6 each time your user credentials in Cisco Unified
Communications Manager change.
Related Topics
13-27
(Cisco Unified Personal Communicator Release 8.5) How to Use Cisco Unified Personal Communicator as a Desktop
Starting Cisco Unified Personal Communicator as a Desktop Agent

Enter the following command line:
cupc.exe -START_AGENT_DESKTOP_MODE
Cisco Unified Personal Communicator starts a background application accepting CTI connections from
third party clients. You can only start one instance of Cisco Unified Personal Communicator, so if you
execute the command again, nothing happens. The command is not case sensitive and if multiple
arguments are used, only the first argument is considered by the system.
Related Topics
Stopping Cisco Unified Personal Communicator as a Desktop Agent

Enter the following command line:
cupc.exe -SHUTDOWN
This command terminates all Cisco Unified Personal Communicator processes and exits the client. The
command is not case sensitive and if multiple arguments are used, only the first argument is considered
by the system.
Note
This command also terminates any Cisco Unified Personal Communicator process that is running in
normal mode.
Related Topics
13-28
Chapter 13
(Cisco Unified Personal Communicator Release 8.5) Distributing HTML Files for Display in the Cisco Unified
(Cisco Unified Personal Communicator Release 8.5) Distributing

HTML Files for Display in the Cisco Unified Personal
Communicator Window
This feature of Cisco Unified Personal Communicator enables you to distribute HTML content for
display on the Cisco Unified Personal Communicator main window. You can include up to three pages
of content, and specify the title and icon to display for each page. To set up the HTML content, you must
perform the steps in the following procedure.
Procedure
Step 1
Start the Registry Editor.
Step 2
Go to the following location in the registry:

HKEY_CURRENT_USER/Software/Cisco Systems, Inc/Unified Communications/CUPC
If CUPC does not exist under Unified Communications, right-click on Unified Communications and
select New > Key and create the CUPC key.
Step 3
Right-click on the CUPC key, and select New > Multi-String Value.
Step 4
Name the multistring value CustomTabDescriptions.
Step 5
Right-click on CustomTabDescriptions and select Modify.
Step 6
In the Value data field, enter up to three lines in the following format:
Label, icon1.png, filename1.html, True
where
Label is the title for the HTML page that you want to appear in the Cisco Unified Personal
Communicator window. Keep the labels short as long labels will be truncated.
icon1.jpg is the location and filename of the icon that you want to use with the label for the HTML
page. The supported formats are PNG (recommended), JPG, GIF, and BMP. The recommended icon
size is 24x24 pixels. Any icons that are larger than this size are scaled to size.
filename1.html is the page that you want to display. This can be a local file or a link to an external
URL.
True can be true or false to indicate if the HTML page is automatically refreshed each time you click
on the icon. This value is optional and if not specified, a value of false is assumed.
For example:
Cisco, C:\images\icon1.png, http://www.cisco.com, true
Products, \\web\images\icon2.png, \\web\content\products.html, true
Pricing, \\web\images\icon3.png, \\web\content\pricing.html, false
Some particular notes about this feature are:
If the icon is not valid, it is replaced by a default icon.
If the HTML content is not valid, the item is not displayed in the Cisco Unified Personal
Communicator main window.
13-29
About Migrating Users from Cisco Unified Personal Communicator Release 7.x to Cisco Unified Personal
If there are problems accessing the HTML content (for example, network connection issues) and you
specified True in the registry value to refresh the content every time you click on the icon, the page
is not displayed. If you specified False, not to refresh the content each time you click on the icon,
the previously-cached content is displayed.
About Migrating Users from Cisco Unified Personal

Communicator Release 7.x to Cisco Unified Personal
Communicator Release 8.x
If you have both the Cisco Unified Client Services Framework and UPC devices, both consume device
user licenses. If you want to migrate from Cisco Unified Personal Communicator Release 7.x to
Cisco Unified Personal Communicator Release 8.x, you might want to delete the Cisco Unified Personal
Communicator Release 7.x UPC device types so that you consume less device user licenses.
You might want to export your Cisco Unified Personal Communicator Release 7.x from
Cisco Unified Communications Manager before you upgrade to Cisco Unified Personal Communicator
Release 8.x.
How to Update User Configuration After Deploying

Application Profiles, page 13-30
Changing Application Profiles for a Single User, page 13-31
Changing Application Profiles for Multiple Users, page 13-31
Configuring a New User for Full Cisco Unified Personal Communicator Functionality, page 13-32
Application Profiles
This module describes how to change the following application profiles for a single user, or for multiple
users:
Voicemail Profile
(Cisco Unified Personal Communicator Release 8.x) Audio Profile
(Cisco Unified Personal Communicator Release 8.x) CCMCIP Profile
Conferencing Profile
CTI Gateway Profile
LDAP Profile
Application profiles enable you to partition your Cisco Unified Personal Communicator user base for
performance and scalability. You can change individual application profiles for each user.
Application profiles are not required; some Cisco Unified Personal Communicator users might not have
a voicemail or a conferencing profile. In this situation, the drop-down selection displays None.
13-30
Chapter 13
How to Update User Configuration After Deploying Cisco Unified Personal Communicator
Related Topics
Changing Application Profiles for a Single User

Procedure
Step 1
Select Cisco Unified Presence Administration > Application > Cisco Jabber > User Settings.
Step 2
Select Find to populate the search results fields, or search for a user, and then select Find.
Step 3
Select the link to select the user.
Step 4
Specify the profiles to change for the user in the Application Profile Configuration section.
If you change a user application profile in this window (for example, change from LDAP Profile 1 to
LDAP Profile 2), the change is reflected in Cisco Unified Presence Administration > Application >
LDAP Profile window.
Step 5
Select Save.
The user must exit and restart Cisco Unified Personal Communicator for the changes to take effect.
Related Topic
Changing Application Profiles for Multiple Users

Procedure
Step 1
Select Cisco Unified Presence Administration > Bulk Administration > Cisco Jabber/Microsoft
RCC > Export.
Step 2
Perform the following actions:

a.
Select Find in the Export Users Query window to obtain current profile information by finding all
users.
b.
Select Next at the bottom of the window.
c.
Specify the filename to be exported in the Export CUP Users Configuration window.
Step 3
Step 4
Step 5
a.
Find and select the file that you want to download.
b.
Select Download Selected.
c.
Add or remove profile names according to the instructions in the sample file.
a.
Select Add New.
13-31
b.
Enter the name of the file to upload.
c.
Select the target for which you want to use the file.
d.
Select the transaction type that the file defines.
e.
Check Overwrite File if it exists if you want to overwrite an existing file with the same name.
f.
Select Save.
Step 6
Select Cisco Unified Presence Administration > Bulk Administration > Cisco Jabber/Microsoft
RCC > Update.
Step 7

a.
Select the updated .csv file.
b.
Select Save to submit the file to update profile information in bulk.
Related Topic
Configuring a New User for Full Cisco Unified Personal Communicator

Functionality
The table lists the required configuration steps to add a new user to various servers after the initial
deployment. By completing these tasks, the new user will have full Cisco Unified Personal
Communicator functionality after the initial deployment.
Task
Configuration
Add the phone to the Cisco Unified

Communications Manager database.
Allow control of the Cisco Unified IP Phone

from the computer telephony interface (CTI).
Associate a directory number with the phone.
Set up the user account, and associate the

directory number with the user.
Associate the phone with the user.
Add the user to the Standard CTI-Enabled group.
Add the user to the CCM End User group.
13-32
Where to Find Information
User and Device Configuration on

Cisco Unified Communications Manager,
page 3-1
Chapter 13
Task
Where to Find Information
Enable Cisco Unified Personal Communicator

softphone features by manually creating a new
device for each user.
About Configuring Cisco Unified

Personal Communicator on
page 12-11
Make sure that availability status in

Cisco Unified Personal Communicator is
accurately displayed.
Associate the line of the user with the user in

Obtain a license file, if necessary.
Configuring the Licensing for this

Integration, page 2-1
Upload the license file, if necessary.
Assign capabilities.
How to Configure Voicemail Servers for

Cisco Unified Personal Communicator,
page 13-4
How to Configure Conferencing Servers

for Cisco Unified Personal
About Configuring Cisco Unified

Personal Communicator on Cisco Unified
Creating Voicemail Profiles on Cisco

Creating Conferencing Profiles on Cisco

Application Profiles, page 13-30
Configuring Users for Point-to-Point

Video Calls and for Multipoint
Videoconferencing, page 12-30
Configuring Videoconferencing
Resources and Ad-Hoc Conferencing on
page 12-31
Provide information to users
Information to Provide to Users,

page 14-15
Headset and audio device Information
Installation and Configuration of Headsets

and Other Audio Devices, page 14-12
Voicemail Server Configuration
Set up an account for the new user.
Web Conferencing Server Configuration
Set up a user profile for the new user.
Cisco Unified Presence Configuration
Configure the LDAP attribute map for

Create LDAP profiles and add users to the profile
Add the new user to the server profiles.
Assign the preferred CTI device to the MAC

address of the primary desk phone for the user.
(Cisco Unified Presence Release 6.x only)
Point-to-point video calls

Multipoint videoconferencing
Video telephony camera
13-33
13-34
CH A P T E R
14
Deploying and Upgrading Cisco Unified Personal

Communicator
May 30, 2012
Pre-Deployment Tasks, page 14-1
Cisco Unified Personal Communicator Deployment, page 14-5
How to Deploy the Application, page 14-8
Upgrading the Application, page 14-11
Installation and Configuration of Headsets and Other Audio Devices, page 14-12
Use of Third-Party Headsets with Cisco Unified Personal Communicator, page 14-12
Do Not Disturb Behavior of Cisco Unified Personal Communicator, page 14-13
Information to Provide to Users, page 14-15
Troubleshooting, page 14-18
Pre-Deployment Tasks
Removing Any Applications That Depend on Cisco Unified Client Services Framework, page 14-1
Removing Cisco Unified Video Advantage, page 14-2
Cisco Unified Presence Server Discovery, page 14-2
Removing Any Applications That Depend on Cisco Unified Client Services

Framework
Before you deploy Cisco Unified Personal Communicator to the computers of your users, ensure that
there are no other applications that depend on Cisco Unified Client Services Framework installed on the
computers.
14-1
Chapter 14
Removing Cisco Unified Video Advantage

If Cisco Unified Video Advantage is installed on a client computer, you must uninstall it before you can
install Cisco Unified Personal Communicator. If you do not uninstall Cisco Unified Video Advantage,
you are prompted to do so during the Cisco Unified Personal Communicator installation.
Tip
If you are performing a mass deployment of Cisco Unified Personal Communicator, you can use a
software deployment tool to silently uninstall Cisco Unified Video Advantage from client computers
prior to the installation.
Cisco Unified Presence Server Discovery

Cisco Unified Personal Communicator release 8.5(2) supports two types of server discovery: automatic
discovery of Cisco Unified Presence servers and manually setting the default address of the Cisco Unified
Presence server. Prior to release 8.5(2), administrators were required to push the server address to a client
through a registry key or clients had to manually enter the server address on the logon screen. Cisco Unified
Personal Communicator release 8.5(2) enables administrators to choose the method of server discovery they
desire.
Automatic Server Discovery, page 14-2
Setting a Default Address for the Cisco Unified Presence Server, page 14-3
Automatic Server Discovery

Cisco Unified Personal Communicator release 8.5(2) can use DNS SRV lookup to automatically find the
Cisco Unified Presence server in the client's Active Directory domain. Automatic discovery of a users home
node is achieved through a combination of DNS lookup and the login redirect feature on Cisco Unified
Presence. For more information about the redirect feature, see Cisco Unified Personal Communicator Sign-In
and Redirect, page 4-4.
The DNS SRV records details about a particular service on a network. A DNS administrator can map many
hosts to the same service name. It is also possible for a DNS administrator to provide load balancing by
enabling the round robin option on their DNS server. This ensures that a different server is returned each time
an SRV request is made.
A prerequisite of Cisco Unified Personal Communicator being able to perform DNS SRV lookups is that an
administrator adds a DNS SRV record for the service name _cuplogin in the DNS server based on the Cisco
Unified Presence server domain name.
The example below assumes the service name to be _cuplogin and the Cisco Unified Presence server domain
name to be company.com. In this case, the SRV record defined within the DNS server catering to the domain
company.com would be _cuplogin._tcp.company.com. This is an example of a DNS SRV query.
_cuplogin._tcp.company.com
Server: dns_server.company.com
Address: 10.10.1.10
_cuplogin._tcp.company.com SRV service location:
priority =0
weight =0
port =8443
srv hostname =cupserver.company.com
internet address =10.53.56.57
14-2
Chapter 14

Note
Cisco Unified Personal Communicator does not use the port mapped in the SRV record. Port 8443 is the
default port used.
The DNS SRV record on Cisco Unified Personal Communicator is populated automatically by Cisco Unified
Personal Communicator based on the service name and the domain name (connection specific suffix if not
Active Directory domain) used by the user upon login.
For example, if the user and Cisco Unified Presence server have the same domain name, <company>.com,
the Cisco Unified Presence server address is cupserver.company.com. The administrator defines the SRV
record as _cuplogin._tcp.company.com within the enterprise resolving to cupserver.company.com.
Cisco Unified Personal Communicator release 8.5(2) automatically populates the SRV record
_cuplogin._tcp.company.com to perform an SRV lookup. If the user logs into a domain different from the
Cisco Unified Presence domain, you must follow the steps in Location of Registry Key, page 14-4.
When using the DNS SRV feature, Cisco Unified Personal Communicator release 8.5(2) and later uses the
following logic:
Note
1.
At startup, Cisco Unified Personal Communicator looks up the Cisco Unified Presence server address
within its local cache. Note that the local cache only exists if the user logged into Cisco Unified Presence
successfully at least once.
2.
If the Cisco Unified Presence server address can not be retrieved from the local cache, the local registry
is checked. The registry may contain either a host address or a domain hint.
3.
If the local registry does not have an address, Cisco Unified Personal Communicator does a DNS SRV
query. If the DNS SRV query fails, a DNS A query is performed.
4.
After a successful login, Cisco Unified Personal Communicator ensures that the Cisco Unified Presence
server address is used for subsequent logins. If a users home server is different Cisco Unified Presence
server, the original Cisco Unified Presence server is capable of redirecting Cisco Unified Personal
Communicator to the usess home Cisco Unified Presence server. Successful login will result in
Cisco Unified Personal Communicator updating the local cache with the new server address so that
redirect only happens once.
Steps 2 through 4 above only apply to first-time logins and rare cases.
Setting a Default Address for the Cisco Unified Presence Server

Cisco Unified Personal Communicator release 8.5(2) continues to support server identification through
manual entry or a registry key pushed to the client. You can use the CUPServer registry value name to
set this address and the data type is string or REG_SZ. This can be used for two purposes:
1.
If a users domain (connection specific suffix if not Active Directory domain) is different from that
of the Cisco Unified Presence domain and if Cisco Unified Personal Communicator is required to
discover Cisco Unified Presence server address using DNS SRV lookup, a domain hint needs to be
entered. For example, a users domain is company.com, the Cisco Unified Presence servers domain is
cupdomain.company.com, and the Cisco Unified Presence server address is
cupserver.cupdomain.company.com. The administrator defines the SRV record
_cuplogin._tcp.cupdomain.company.com within the enterprise resolving to
cupserver.cupdomain.company.com. In this case, the registry key should contain
cupdomain.company.com to request that Cisco Unified Personal Communicator populate
_cuplogin._tcp.cupdomain.company.com and NOT _cuplogin._tcp.company.com.
14-3
Chapter 14
2.
You want to use the auto discovery mechanism and deploy Cisco Unified Personal Communicator
release 8.5(2) with a plain Cisco Unified Presence server address within the cluster.
Caution
Cisco Unified Presence release 8.6(1) supports both intracluster and intercluster user login
redirect. The mechanism above does not support any form of load balancing. As a result, the
administrator is expected to plan Cisco Unified Personal Communicator rollout effectively with
the goal of not overwhelming a single server with login requests. Overwhelming a single
server with login requests may result in failure of critical services on Cisco Unified Presence.
To deploy this change to the computers in your Cisco Unified Personal Communicator system, you can
use a software management system. Supported software management systems include Active Directory
Group Policy, Altiris, and Microsoft System Management Server (SMS).
Location of Registry Key

You can specify the CUPServer registry value name in the following registry key:
HKEY_CURRENT_USER\Software\Cisco Systems, Inc.\Client Services Framework\AdminData
If you use Active Directory Group Policy to configure Cisco Unified Personal Communicator, then the
CUPServer information is specified in the following registry key:
HKEY_CURRENT_USER\Software\Policies\Cisco Systems, Inc.\Client Services
Framework\AdminData
Note
If CUPServer information is present in both of these registry keys, the policies configuration data
takes precedence.
Cisco Unified Personal Communicator reads only HKEY_CURRENT_USER keys. Cisco Unified
Personal Communicator does not read HKEY_LOCAL_MACHINE keys.
14-4
Chapter 14

Cisco Unified Personal Communicator Deployment

The Cisco Unified Personal Communicator installation application installs the following components:
User interface for Cisco Unified Personal Communicator.
The client-related components of the Cisco Unified Client Services Framework.
Click to Call add-on (optional).
Microsoft Office Integration add-on (optional).
The Cisco Unified Personal Communicator application is provided in two separate installation formats
as follows:
Cisco Unified Personal Communicator executable file.
Cisco Unified Personal Communicator Windows Installer (MSI) file.
This section describes the installation formats and the deployment options.
Executable File, page 14-5
Windows Installer (MSI) File, page 14-6
Software Download Site and Installer Package Names, page 14-6
Deployment Options, page 14-7
Executable File
Users can run the executable file on their own computers. The executable file includes the prerequisite
software for the application, as follows:
Microsoft .NET Framework 3.5 Service Pack 1 (installer stub)
Microsoft Visual C++ 2005 Redistributable Package (x86)
Additional software required for Click to Call functionality:

Microsoft Office 2003 Primary Interop Assemblies (for machines with Office 2003)
Microsoft Office 2007 Primary Interop Assemblies (for machines with Office 2007)
Microsoft Visual 2005 Tools for Office Second Edition Runtime (x86)
Cisco Unified Personal Communicator checks if the prerequisite software is installed on the computer
and if not, it automatically installs the prerequisites. To save time during the installation process, we
recommend that you install the prerequisite software in advance of installing Cisco Unified Personal
Communicator. All of the prerequisite software is available from the Microsoft website.
Note
If the minimum required version of .NET Framework is not installed on the computer, Cisco Unified
Personal Communicator runs the installer stub provided for that application. The installer stub
downloads the .NET Framework software from the Microsoft website. This action requires Internet
access and takes a considerable amount of time. We recommend that you install the required release of
Microsoft .NET Framework in advance of the Cisco Unified Personal Communicator installation to save
time and avoid any Internet access issues.
14-5
Chapter 14
Windows Installer (MSI) File

You can use a software management system to push the Windows Installer (MSI) file to the computers
of your users. The MSI file does not contain any of the prerequisite software that is required for
Note
If you choose to install the MSI file, you must install the prerequisite software prior to installing
The prerequisite software that you must install prior to installing the Cisco Unified Personal
Communicator MSI file is:
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft Visual C++ 2005 Redistributable Package (x86)
Additional software required for Click to Call functionality:

Microsoft Office 2003 Primary Interop Assemblies (for computers with Office 2003)
Microsoft Office 2007 Primary Interop Assemblies (for computers with Office 2007)
Microsoft Visual 2005 Tools for Office Second Edition Runtime (x86)
The prerequisite software is available from the Microsoft website.
Software Download Site and Installer Package Names

You must register for an account on Cisco.com to access the software download site. On the software
download site, the installer packages are offered as .zip files. The .zip files contain all of the files
required to deploy the application and the camera drivers. The software download site is at the following
URL:
http://tools.cisco.com/support/downloads/pub/Redirect.x?mdfid=280455801
The installer package names available from the software download site are described in the following
table.
Filename
Description
1
CiscoUnifiedPersonalCommunicatorSetupK9_XXX .exe This executable contains the required

Windows Installer engine, Cisco Unified
Client Services Framework, the Outlook
plug-in, the user interface, and a set of
related DLLs2 for deployment.
This package is typically used for individual
users installing the application.
CiscoVTCameraDriverSetup.exe
This executable contains the installer for the

Cisco VT Camera and Cisco VT Camera II
device drivers. The installation prompts the
user to choose a language if a language
other than English is available.
Cisco VT Camera III does not require
installation of device drivers.
14-6
Chapter 14

Filename
Description
CiscoUnifiedPersonalCommunicatorSetupK9_XXX.msi
This Microsoft Windows Installer (MSI)

package contains the Outlook plug-in, the
user interface, and a set of related DLLs for
deployment.
This package is typically used by IT
administrators with the corporate
deployment tool (for example, Altiris,
System Management Server (SMS), and
Active Directory) to distribute the
installation to users.
CiscoVTCameraDriverSetup.msi
This MSI package contains the installer for

the Cisco VT Camera and Cisco VT Camera
II device drivers. For languages other than
English, you associate the locale .mst file
with the TRANSFORMS parameter to
install a language locale.
uc-client-mac-latest.zip
(Cisco Unified Personal Communicator

Release 8.x) This package is the disk image
(.dmg) of the application for Mac OS X.
1. XXX = three-letter language locale.

2. DLLs = dynamic link libraries
Deployment Options
You can deploy the Cisco Unified Personal Communicator installation application in one of the
following ways:
Automated Mass Deployment, page 14-7
Standalone Installation, page 14-7
Automated Mass Deployment

The mass deployment options for installing Cisco Unified Personal Communicator are as follows:
Use Active Directory Group Policy. You can use group policy to deploy administrator configuration
settings.
Use a software management system, for example, Altiris Deployment Solution, Microsoft System
Center Configuration Manager (SCCM), and so on.
Use a self-extracting executable with a batch script. You can use the batch script to deploy
administrator configuration settings.
Standalone Installation
The administrator can install Cisco Unified Personal Communicator on each individual client computer
or users can install the application on their own computers. The administrator can use the options listed
in Automated Mass Deployment, page 14-7 to deploy the administrator configuration settings.
14-7
Chapter 14
How to Deploy the Application
Note
We strongly recommend that you use the executable file for standalone installations.
(Cisco Unified Personal Communicator Release 8.5 and Earlier) Deploying the Application in a
Mac OS Environment, page 14-8
Deploying the Application and the Camera Drivers in a Microsoft Windows Environment, page 14-8
Installing Security Certificates on Client Computers for Client Services Framework (CSF),
page 14-9
Enabling Availability Status for Microsoft Office 2010 Users, page 14-10
(Cisco Unified Personal Communicator Release 8.5 and Earlier) Deploying the
Application in a Mac OS Environment
Before You Begin
Download the disk image (.dmg) from Cisco.com in a Mac OS environment.

Procedure
Step 1
Put the disk image on an internal server so that users can download the image from that location.
Alternatively, you can burn the disk image on a CD for internal distribution.
Step 2
Ask users to complete the installation of Cisco Unified Personal Communicator by following the
instructions in the user documentation.
Related Topics
User documentation:
http://www.cisco.com/en/US/products/ps6844/products_user_guide_list.htm
What To Do Next
Information to Provide to Users, page 14-15
Deploying the Application and the Camera Drivers in a Microsoft Windows

Environment
Before You Begin
Download the executable or MSI package from Cisco.com in a Windows environment.
14-8
Chapter 14

Restriction
Cisco Unified Personal Communicator does not support the advertising or publishing deployment in
which users open an icon that the administrator places on their desktops to install the application.
Procedure
Step 1

If you want to...
Then...
Deploy the executable or MSI package Distribute the installer at an elevated privilege so that users
to a shared location (such as a web
can complete the installation (run the installer and follow the
server) where users can access it.
installation wizard)
Deploy either the executable or the
MSI package directly to the client
computer.
Distribute the installer at an elevated privilege so that users

can complete the installation (run the installer and follow the
installation wizard).
or
Perform the installation operation directly on a client
computer while logged in as the administrator.
Use a software deployment tool to

distribute Cisco Unified Personal
Communicator and camera drivers to
client computers.
Step 2
Distribute the installer and the drivers using the software

deployment tool. No action is required by the users.
Note
Device drivers are not required for Cisco VT

Camera III cameras.
(If required) Ask users to complete the installation of Cisco Unified Personal Communicator by
following the instructions in the user documentation.
Related Topics
User documentation:
Deployment Options, page 14-7
What To Do Next
Installing Security Certificates on Client Computers for Client Services Framework (CSF), page 14-9
Installing Security Certificates on Client Computers for Client Services

Framework (CSF)
The following procedure describes the steps that the administrator needs to take to add security
certificates to the keystore on the computer on which Cisco Unified Personal Communicator is running.
By default, Cisco Unified Personal Communicator expects self-signed certificates, except when the
administrator configures a CCMCIP security profile with a specified certificate type.
14-9
Chapter 14
Procedure
Step 1
Step 2
Step 3
Put the certificate file into the folder where you store your security certificates. The default location for
storing security certificates is as follows:
Windows XP - <drive>:\Documents and Settings\<username>\Local Settings\Application

Data\Cisco\Unified Communications\Client Services Framework\certificates
Windows Vista and Windows 7 - <drive>:\Users\<username>\AppData\Local\Cisco\Unified

Communications\Client Services Framework\certificates
(Optional) To specify a custom location for storing security certificates, do the following:
a.
b.
Use the CSF certificate directory field to specify the absolute path to the folder where the
certificates are stored.
(Optional) To specify the Server Certificate Verification parameter for a CCMCIP security profile, do
the following:
a.
Select Cisco Unified Presence Administration > Application > Cisco Jabber > CCMCIP Profile
(CUPC 8.0 and higher).
b.
Select the profile you want to change.
c.
In the Server Certificate Verification field, select one of the following options:
Any Certificate
Self Signed or Keystore
Keystore Only
What To Do Next
Enabling Availability Status for Microsoft Office 2010 Users, page 14-10
Enabling Availability Status for Microsoft Office 2010 Users

To enable the availability status feature of Cisco Unified Personal Communicator to work with the
supported Microsoft Office 2010 applications, the administrator must configure an attribute in Microsoft
Active Directory.
Procedure
Step 1
Start the ADSIEdit administrative tool.
Step 2
Expand the domain that contains your users.
Step 3
Open the organizational unit (OU) that contains your users.
Step 4
Add a new value to the proxyAddresses attribute in the format SIP:email-address, for example,
SIP:johndoe@cisco.com.
14-10
Chapter 14

Note
If Call Manager is not AD integrated, the proxyAddress LDAP attribute must be equal to sip uri on the
Cisco Unified Presence server.

Before You Begin
Register for an account on Cisco.com to access the software download site.

Restrictions
In a Windows environment, command-line options are not supported on upgrades. Command-line

options are only supported on new installations.
Upgrading in the Mac OS X environment is performed automatically by the application, with permission
from the user.
Note
It is not possible to upgrade from Cisco Unified Personal Communicator Release 7.x to Cisco Unified
Procedure
Step 1
Download the latest available Cisco Unified Personal Communicator software from the Software Center.
Step 2
For Windows, download the Cisco VT Camera drivers from the Software Center also.
Device drivers are not required for Cisco VT Camera III cameras.
Step 3
Make the updated software available for deployment.
Step 4
(Optional) For Windows, ask users to uninstall the previous version of Cisco Unified Personal
Communicator from the Control Panel.
Step 5
Ask users to perform the following steps to upgrade the application:

a.
Exit Cisco Unified Personal Communicator.
b.
Disconnect the camera.
c.
Install Cisco Unified Personal Communicator.
d.
Install the camera software, if any.
e.
Reconnect the camera.
Related Topics
User documentation:
14-11
Chapter 14
Installation and Configuration of Headsets and Other Audio Devices
(Cisco Unified Personal Communicator Release 8.5 and Earlier) Deploying the Application in a
Mac OS Environment, page 14-8
Deploying the Application and the Camera Drivers in a Microsoft Windows Environment, page 14-8
Installation and Configuration of Headsets and Other Audio

Devices
You need to install and configure any audio devices that require drivers, such as sound cards or USB
headsets. Follow the headset instructions that are supplied with the headset.
For information about establishing the audio device and the control panel settings, see the user
documentation for Cisco Unified Personal Communicator.
For information about supported headsets and other audio devices, see the Release Notes for
Related Topics
User documentation:
Release Notes for Cisco Unified Personal Communicator

Use of Third-Party Headsets with Cisco Unified Personal Communicator, page 14-12
Use of Third-Party Headsets with Cisco Unified Personal

Communicator
While Cisco performs basic testing of third-party headsets for use with the Cisco Unified Personal
Communicator application, it is ultimately the responsibility of the customer to test this equipment in
their own environment to determine suitable performance. Because of the many inherent environmental
and hardware inconsistencies in the locations where this application is deployed, there is not a single
best solution that is optimal for all environments.
Before customers begin deploying any headsets (especially deployment in quantity) in their production
network, Cisco recommends thorough testing at the customer site to check for voice quality issues,
especially hum and echo.
The primary reason that support of a headset would be inappropriate for an installation is the potential
for an audible hum. This hum can either be heard by the remote party or by both the remote party and
this application user. Causes for this humming sound range from electrical lights near the computer to
the computer power source itself. In some cases, a hum heard on a headset plugged directly into the
computer Universal Serial Bus (USB) port might be reduced or eliminated by using a powered USB hub.
In some instances, the mechanics or electronics of various headsets can cause remote parties to hear an
echo of their own voice when speaking to Cisco Unified Personal Communicator users. The application
user will not be aware of this echo.
14-12
Chapter 14

Finally, some analog headsets do not match the electrical characteristics for which some sound cards are
designed. The microphones on such headsets are frequently too sensitive, even when the input levels in
Cisco Unified Personal Communicator are reduced to their lowest values. The users of such headsets will
sound distorted to remote parties.
It is important to ask Cisco Unified Personal Communicator users whether a particular headset sounds
good to them. In addition, ask remote parties about the reception from this application when they use a
particular headset.
Related Topic
Do Not Disturb Behavior of Cisco Unified Personal

Communicator
The Do Not Disturb (DND) feature in Cisco Unified Personal Communicator is always available in the
interface and is supported in both softphone and desk phone modes as described in Table 14-1.
Table 14-1
Configuration
DND Behavior in Cisco Unified Personal Communicator
Behavior

Ringer off.
Communicator is in softphone
User can answer incoming calls from Cisco Unified Personal Communicator.
mode and set to DND by the user
Incoming call notifications are displayed.
Incoming calls display in the Conversation History as Missed.
Unanswered calls are diverted to the call forward no answer (CFNA) target. The
default setting for CFNA is voicemail in Cisco Unified Communications Manager.
If the CFNA target is not configured, incoming calls are rejected by Cisco Unified
Communications Manager, and the caller hears a busy tone.
(Shared line) If Cisco Unified Personal Communicator shares the line appearance with
other devices, the endpoints that are not set to DND are alerted to the incoming call,
and the caller hears the ringing tone. If all endpoints sharing the line appearance are
set to DND, incoming calls are forwarded to the CFNA target.
14-13
Chapter 14
Table 14-1
DND Behavior in Cisco Unified Personal Communicator
Configuration
Behavior

Communicator is in desk phone
mode with DND Call Reject
configured in Cisco Unified
The DND behavior for Cisco Unified Personal Communicator is the same as the controlled
Cisco Unified IP Phone:

Communicator is in desk phone
mode with DND Ringer Off
configured in Cisco Unified
User cannot answer calls from either Cisco Unified Personal Communicator or from
the desk phone.
Incoming call notifications are not displayed.
Incoming calls do not display in Recent section of Cisco Unified Personal

Communicator.
(Shared line) If Cisco Unified Personal Communicator shares the line appearance with
other devices, the endpoints that are not set to DND are alerted to the incoming call,
and the caller hears the ringing tone. If all endpoints sharing the line appearance are
set to DND, incoming calls are forwarded to the call forward busy (CFB) target.
The DND behavior for Cisco Unified Personal Communicator is the same as the controlled
Cisco Unified IP Phone:
User can answer incoming calls from Cisco Unified Personal Communicator or from
the desk phone. In both cases, Cisco Unified Personal Communicator displays a call
progress window with the connected call status.
An incoming call notification displays without an audio alert on the

Cisco Unified IP Phone under Cisco Unified Personal Communicator desk phone
control, and Cisco Unified Personal Communicator displays the incoming call
notification. If the call is not answered, it is diverted to the Call Forward No Answer
(CFNA) target. If CFNA is not configured, the call is rejected, and the caller hears a
busy tone.
Incoming calls display in both Cisco Unified Personal Communicator and the desk
phone communication histories.
Apart from Cisco Unified Personal Communicator, other devices might be associated with a particular
user. For example, devices such as IP Phone Messenger that are registered to Cisco Unified
Communications Manager might be associated with a particular user.
If the DND status is set on other devices, Cisco Unified Personal Communicator displays the DND
status. Similarly, Cisco Unified Presence passes the DND setting from Cisco Unified Personal
Communicator to other devices associated with this Cisco Unified Personal Communicator user.
Note
If the DND status is set from the Cisco Unified IP Phone (desk phone), Cisco Unified Presence does not
pass the DND status to other devices associated with the user, and the status of the user does not change
to the DND status on Cisco Unified Personal Communicator. Similarly if the DND status is set from the
Cisco Unified IP Phone (desk phone), the DND status clears from the phone, but does not clear on any
other devices.
Related Topics
For details about configuring the Cisco Unified IP Phone for DND, see the Cisco Unified
Communications Manager Features and Services Guide:
14-14
Chapter 14

For details about which Cisco Unified IP Phone models support the DND feature, see the
administration guide for the specific phone model:
http://www.cisco.com/en/US/products/hw/phones/ps379/prod_maintenance_guides_list.html

After Cisco Unified Personal Communicator is deployed, provide the information listed in the table to
users.
Give to
Users
Who
Install
Give to
Users If
You
Install
Provide This
Explanation
Information about client

hardware and software
requirements.
You can copy the information from the Release

Notes for Cisco Unified Personal
Communicator.
Yes
Yes
Location of Cisco Unified

Personal Communicator and
camera driver installers.
Provide the shared folder location or the CD with Yes

the executable files.
No
Sign-in information.
If Cisco Unified Communications Manager is

Yes
synchronized with Active Directory, provide this
information:
Yes
Active Directory Username
Active Directory Password

not synchronized with Active Directory, provide
this information:
User capabilities (presence,

instant messaging, video
softphone) available through
Cisco Unified
licenses.
Username
Password
Cisco Unified Presence host name or IP

address
Provide users with information about the

capabilities (license) they have.
Yes
Yes
14-15
Chapter 14
Give to
Users
Who
Install
Provide This
Explanation
Supported features: directory

services, voicemail retrieval
and playback, access to web
conferences, and
Cisco Unified
extension mobility.
Yes
Provide users with information about which
Cisco Unified Personal Communicator features
are supported based on the integration with the
LDAP directory, voicemail servers, and web
conferencing servers. Inform users that they have
the ability to initiate web conferencing sessions
from a Cisco Unified Personal Communicator
conversation.
Give to
Users If
You
Install
Yes
Inform users that you configured for

extension mobility. For a description of the type
of information to provide to them, see the
Features and Services Guide.
Account information

Yes
synchronized with Active Directory, provide this
information:
Active Directory Username
Active Directory Password

not synchronized with Active Directory, provide
this information to be entered into the
Preferences window:
Voicemail server: username and web

password (to use voicemail features
supported by Cisco Unified Personal
Communicator)
Web conferencing server: username and

password (to add web conferencing to a
conversation)
LDAP server: username and password (to

access contacts from the corporate
directory)
14-16
Yes
Chapter 14

Provide This
Give to
Users
Who
Install
Explanation
Yes
User Options web page access Provide the URL
information
(https://server-address/ccmuser), user ID, and
password for accessing user options interface on
these servers:
Give to
Users If
You
Install
Yes
From these interfaces, users can control certain

settings, features, and services associated with
the Cisco Unified IP Phone and with
Instructions for using the
application.
Provide the user documentation for

Yes
Cisco Unified Personal Communicator. Remind
users to use the application online help.
Yes
Troubleshooting information. Provide the information in the section called

Troubleshooting, page 14-18.
Yes
Yes
Internal company support for

the application.
Yes
Yes
Provide users with the names of people to

contact for assistance and with instructions for
contacting those people.
Related Topics
User documentation:
Release Notes for Cisco Unified Personal Communicator

Cisco Unified Communications Manager Features and Services Guide:

Troubleshooting, page 14-18
14-17
Chapter 14
Troubleshooting
Troubleshooting
Cisco Unified Personal Communicator Fails to Start or Starts with a Black Background with No
Visible Controls, page 14-18
Limitations Creating Group Chats, page 14-19
Cannot Place or Receive Calls After a Secure Profile is Enabled, page 14-19
Error Connecting to the CSF Device, page 14-19
Cisco Unified Personal Communicator Fails to Start or Starts with a Black

Background with No Visible Controls
Problem Cisco Unified Personal Communicator fails to start, displaying a general exception error, or
starts with a black background with no visible controls.
There can be a number of possible causes for this problem, as described in the following table:
Possible Cause
Description
This can occur if the sPositiveSign registry key is corrupt. To check if this is the
problem, search the client log files for the presence of one or more of the following
error messages:
Getting positive key - the user does not have the permissions required to read
from the registry keyRequested registry access is not allowed.
Cannot convert string '0.5,0' in attribute 'StartPoint' to object of type

'System.Windows.Point'.
System.FormatException: Input string was not in a correct format.
This can occur if you customize the Regional Options for the English (United States)
language to change the Decimal symbol or the List separator default settings. To
check if this is the problem, search the client log files for the presence of multiple
instances of the following error message:
Cannot convert string '0,0' in attribute 'StartPoint' to object of type

'System.Windows.Point'
The location of the client log files is:
Windows XP - <drive>:\Documents and Settings\<username>\Local Settings\Application

Data\Cisco\Unified Communications\CUPC8\Logs
Windows Vista and Windows 7 - <drive>:\Users\<username>\AppData\Local\Cisco\Unified

Communications\CUPC8\Logs
Solution To resolve this issue, do the following:

1.
Open the Control Panel.
2.
Select Regional and Language Options.
3.
Select the Regional Options tab.
4.
In the Standards and formats section, select a different language from the drop-down list. For
example, select English (Australia).
5.
Select Apply.
14-18
Chapter 14

Troubleshooting
6.
In the Standards and formats section, select English (United States) from the drop-down list.
7.
Select Apply again, then select OK.
You may need to reboot your computer for the change to take effect.
Limitations Creating Group Chats

You cannot create a group chat in the following circumstances:
Your selected default policy is to block all users, except those explicitly allowed.
Your policy does not include any exceptions for conference aliases.
Cannot Place or Receive Calls After a Secure Profile is Enabled

Problem After a secure profile is enabled for a user, the user cannot place or receive calls. The user might
see the following error message multiple times:
Failed to start conversation

The user can use the instant messaging features.
This problem occurs if a secure profile is enabled for the user in Cisco Unified
Communications Manager while either of the following is true:
The user is signed in to Cisco Unified Personal Communicator.
The cucsf.exe process is running on the computer of the user, that is, Cisco Unified Personal
Communicator is running, but the user has not signed in.
Solution Ask the user to sign out of Cisco Unified Personal Communicator, then sign in again.
Error Connecting to the CSF Device

Problem When Cisco Unified Personal Communicator tries to connect to the Client Services Framework
(CSF) device on Cisco Unified Communications Manager after an upgrade, the user sees the error "CTL
reset is required [1002]" and the phone on the computer does not function.
Solution If you configure security in your Cisco Unified Communications system, you use Certificate
Trust List (CTL) files. The CTL file contains certificates for all of the servers in your
Cisco Unified Communications system with which Client Services Framework might need to
communicate securely.
When a device connects to a server in your Cisco Unified Communications system, the server is verified
against this list. Client Services Framework does not allow secure connections to servers that are not
explicitly listed in the CTL.
If a device is moved from one cluster to another or you upgrade to a new version of Cisco Unified
Communications Manager, you must update the CTL file for the device list of servers in the new cluster.
14-19
Chapter 14
Troubleshooting
Procedure
Step 1
Step 2
Step 3
Delete the contents of the appropriate folder as described in the following table:
Operating System
Folder
Windows XP
<drive>:\Documents and Settings\<username>\Application

Data\Cisco\Unified Communications\Client Services
Framework\Security\sec
Windows Vista
Windows 7
<drive>:\Users\<username>\AppData\Roaming\Cisco\Unified
Communications\Client Services Framework\Security\sec
Delete the contents of the appropriate folder as described in the following table:
Operating System
Folder
Windows XP
<drive>:\Documents and Settings\<username>\Application

Data\Cisco\Unified Communications\Client Services Framework\Config
Windows Vista
Windows 7
<drive>:\Users\<username>\AppData\Roaming\Cisco\Unified
Communications\Client Services Framework\Config
If a device is moved from one cluster to another, update the device settings for the user to point to the
new cluster. For example, update the references to the Cisco Unified Communications Manager IP Phone
(CCMCIP) server, Trivial File Transfer Protocol (TFTP) server, and Computer Telephony Integration
(CTI) servers.
14-20
CH A P T E R
15

May 30, 2012
Prerequisites for Integrating the LDAP Directory, page 15-1
LDAP Integrations, page 15-2
How to Integrate the LDAP Directory with Cisco Unified Communications Manager, page 15-2
How to Integrate the LDAP Directory for Contact Searches on XMPP Clients, page 15-13
Prerequisites for Integrating the LDAP Directory

Before you perform any of the configuration described in this module, do the following:
Purchase a supported LDAP directory server.
Install and configure the LDAP server following the instructions in the product documentation.
Cisco Unified Presence integrates with these LDAP directory servers:
Microsoft Active Directory 2000, 2003 and 2008
Netscape Directory Server
Sun ONE Directory Server 5.2
OpenLDAP
For more information on the LDAP directory server support specifically for Cisco Unified
Communications Manager and Cisco Unified Personal Communicator, see the specific product
documentation below.
Related Topics

Cisco Unified Communications Manager System Guide:

15-1
Chapter 15
LDAP Integrations
LDAP Integrations
You can configure a corporate LDAP directory in this integration to satisfy a number of different
requirements:
User provisioning: You can provision users automatically from the LDAP directory into the
Cisco Unified Communications Manager database. Cisco Unified Communications Manager
synchronizes with the LDAP directory content so you avoid having to add, remove, or modify user
information manually each time a change occurs in the LDAP directory.
User authentication: You can authenticate users using the LDAP directory credentials. Cisco
Unified Presence synchronizes all the user information from Cisco Unified Communications
Manager to provide authentication for users of the Cisco Unified Personal Communicator client and
Cisco Unified Presence user interface.
User lookup: You can enable LDAP directory lookups to allow Cisco Unified Personal
Communicator client users, or third-party XMPP clients, to search for and add contacts from the
LDAP directory.
As the scope of the LDAP integration is dependent on customer requirements and it can vary between
companies, there are a number of potential LDAP integration scenarios:
Note
1.
You integrate Cisco Unified Communications Manager and Cisco Unified Personal Communicator
with an LDAP directory. We strongly recommend this configuration.
2.
You integrate Cisco Unified Communications Manager with an LDAP directory, but you do not
integrate Cisco Unified Personal Communicator. We do not recommend this configuration because
it will impact Cisco Unified Personal Communicator functionality and you will experience
performance issues.
3.
You integrate Cisco Unified Personal Communicator with an LDAP directory, but you do not
integrate Cisco Unified Communications Manager. We do not recommend this configuration
because you will have to manually configure all your users on Cisco Unified Communications
Manager at initial installation, and each time a change is made on the LDAP directory.
When Cisco Unified Communications Manager is not integrated with LDAP, you must verify that the
username is exactly the same in Active Directory and Cisco Unified Communications Manager before
deploying Cisco Unified Presence. If the letter case does not match, the presence status will not work
properly in Cisco Unified Personal Communicator Release 7.x. Correct the username in Cisco Unified
Communications Manager to match Active Directory.
Related Topics
How to Integrate the LDAP Directory with Cisco Unified Communications Manager, page 15-2
How to Integrate the LDAP Directory with Cisco Unified

Secure Connection Between Cisco Unified Communications Manager and the LDAP Directory,
page 15-3
Configuring the LDAP Synchronization for User Provisioning, page 15-3
15-2
Chapter 15

How to Integrate the LDAP Directory with Cisco Unified Communications Manager
Uploading LDAP Authentication Server Certificates, page 15-4
Configuring LDAP Authentication, page 15-5
page 15-6
Secure Connection Between Cisco Unified Communications Manager and the

LDAP Directory
You can secure the connection between the Cisco Unified Communications Manager server and the
LDAP directory server by enabling a Secure Socket Layer (SSL) connection for the LDAP server on
Cisco Unified Communications Manager, and uploading the SSL certificate to Cisco Unified
Communications Manager. You must upload the LDAP SSL certificate as a directory-trust certificate on
Cisco Unified Communications Manager Release 7.x and earlier, and as a tomcat-trust certificate on
Cisco Unified Communications Manager Release 8.x and later.
After you upload the LDAP SSL certificate, you need to restart the following services on Cisco Unified
Communications Manager:
Directory service
Tomcat service
See the Cisco Unified Communications Manager documentation for details on uploading a certificate to
Related Topics
page 15-6
Cisco Unified Communications Operating System Administration Guide:

Configuring the LDAP Synchronization for User Provisioning

LDAP synchronization uses the Cisco Directory Synchronization (DirSync) tool on Cisco Unified
Communications Manager to synchronize information (either manually or periodically) from a corporate
LDAP directory. When you enable the DirSync service, Cisco Unified Communications Manager
automatically provisions users from the corporate directory. Cisco Unified Communications Manager
still uses its local database, but disables its facility to allow you to create user accounts. You use the
LDAP directory interface to create and manage user accounts.
Before You Begin
Make sure that you install the LDAP server before you attempt the LDAP-specific configuration on
Activate the Cisco DirSync service on Cisco Unified Communications Manager.
Restrictions
LDAP synchronization does not apply to application users on Cisco Unified Communications Manager.
You must manually provision application users in the Cisco Unified CM Administration interface.
15-3
Chapter 15
Procedure
Step 1
Select Cisco Unified CM Administration > System > LDAP > LDAP System.
Step 2
Select Add New.
Step 3
Configure the LDAP server type and attribute.
Step 4
Select Enable Synchronizing from LDAP Server.
Step 5
Select Cisco Unified CM Administration > System > LDAP > LDAP Directory
Step 6
Configure the following items:
Step 7
LDAP directory account settings
User attributes to be synchronized
Synchronization schedule
LDAP server hostname or IP address, and port number
Check Use SSL if you want to use Secure Socket Layer (SSL) to communicate with the LDAP directory.
If you configure LDAP over SSL, upload the LDAP directory certificate onto Cisco Unified
See the LDAP directory content in the Cisco Unified Communications Manager SRND for
information about the account synchronization mechanism for specific LDAP products, and general
best practices for LDAP synchronization.
Related Topics
page 15-6
Cisco Unified Communication SRND:

Cisco Unified Communications Manager Administration Guide:

What To Do Next
Uploading LDAP Authentication Server Certificates, page 15-4
Uploading LDAP Authentication Server Certificates

When Cisco Unified Communications Manager LDAP authentication is configured for secure mode
(port 636 or 3269), LDAP authentication server certificates, such as Certificate Authority (CA) root and
all other Intermediate certificates, must be individually uploaded as tomcat-trust to the Cisco Unified
Presence server.
Procedure
Step 1
15-4
Chapter 15

Step 2
Step 3
Select tomcat-trust from the Certificate Name menu.
Step 4
Browse and select the LDAP server root certificate from your local computer.
Step 5
Select Upload File.
Step 6
Repeat the above steps for all other intermediate certificates.

Related Topic
Configuring a Secure Connection Between Cisco Unified Presence and the LDAP Directory, page 15-6
What To Do Next
Configuring LDAP Authentication, page 15-5
Configuring LDAP Authentication

The LDAP authentication feature enables Cisco Unified Communications Manager to authenticate user
passwords against the corporate LDAP directory.
Before You Begin
Enable LDAP synchronization on Cisco Unified Communications Manager.

Restrictions
LDAP authentication does not apply to the passwords of application users; Cisco Unified
Communications Manager authenticates application users in its internal database.
Procedure
Step 1
Select Cisco Unified CM Administration > System > LDAP > LDAP Authentication.
Step 2
Enable LDAP authentication for users.
Step 3
Configure the LDAP authentication settings.
Step 4
Configure the LDAP server hostname or IP address, and port number
Note
To use Secure Socket Layer (SSL) to communicate with the LDAP directory, check Use SSL.
Troubleshooting Tip
If you configure LDAP over SSL, upload the LDAP directory certificate to Cisco Unified
Related Topics
Configuring the LDAP Synchronization for User Provisioning, page 15-3
page 15-6
15-5
Chapter 15
How to Integrate the LDAP Directory with Cisco Unified Personal Communicator
What To Do Next
Configuring a Secure Connection Between Cisco Unified Presence and the

LDAP Directory
This topic is only applicable if you configure a secure connection between Cisco Unified
Communications Manager and the LDAP directory.
Note
Perform this procedure on all Cisco Unified Presence nodes in the cluster.
Before You Begin
Enable SSL for LDAP on Cisco Unified Communications Manager, and upload the LDAP directory
certificate to Cisco Unified Communications Manager.
Procedure
Step 1
Step 2
Step 3
On Cisco Unified Presence Release 7.x and earlier, select directory-trust from the Certificate Name
menu. On Cisco Unified Presence Release 8.0 and later, select tomcat-trust from the Certificate Name
menu.
Step 4
Browse and select the LDAP server certificate from your local computer.
Step 5
Select Upload File.
Step 6
Restart the Tomcat service from the CLI using this command:
utils service restart Cisco Tomcat
Related Topic
What To Do Next
How to Integrate the LDAP Directory with Cisco Unified

These topics describe how to configure the LDAP settings on Cisco Unified Presence to allow
Cisco Unified Personal Communicator users to search and add contacts from the LDAP directory.
15-6
Chapter 15

Before you perform this configuration, fully integrate the Cisco Unified Personal Communicator client
with Cisco Unified Communications Manager and Cisco Unified Presence.
Rules for a Displayed Contact Name, page 15-7
(Cisco Unified Personal Communicator Release 8.0) Fetch Contact Pictures from a Web Server,
page 15-7
Configuring the LDAP Attribute Map for Cisco Unified Personal Communicator, page 15-8
Configuring LDAP Server Names and Addresses for Cisco Unified Personal Communicator,
page 15-10
Creating LDAP Profiles and Adding Cisco Unified Personal Communicator Users to the Profile,
page 15-11
Rules for a Displayed Contact Name

When you configure the user fields in the LDAP attribute map, note the following rules that determine
how Cisco Unified Personal Communicator displays contact names:
If the user edits a contact name in Cisco Unified Personal Communicator, display this name. This is
the Nickname LDAP attribute in Cisco Unified Presence.
If you configure an LDAP user field for DisplayName, display this name.
If you configure an LDAP user field for Nickname, display this name with the last name.
Otherwise, display the configured LDAP user fields for the first and last names in the Contact pane.
If there is a first name but no last name, display the first name. If there is a last name but no first
name, display the last name.
If you do not configure LDAP user fields for the FirstName and LastName, display the LDAP
UserID or the Cisco Unified Presence user ID in the Contact pane.
If a user adds a non-LDAP contact, the contact details in Cisco Unified Personal Communicator
allow the user to edit the Display As name, the first name, and the last name.
Related Topics
page 15-7
(Cisco Unified Personal Communicator Release 8.0) Fetch Contact Pictures

from a Web Server
You can configure a parameterized URL string in the Photo field in the LDAP attribute map so that
Cisco Unified Personal Communicator can fetch pictures from a web server instead of from the
LDAP server. The URL string must contain an LDAP attribute with a query value containing a piece of
data that uniquely identifies the photo of the user. We recommend that you use the User ID attribute.
However, you can use any LDAP attribute whose query value contains a piece of data that uniquely
identifies the photo of the user.
We recommend that you use %%<userID>%% as the substitution string, for example:
http://mycompany.cisco.com/photo/std/%%uid%%.jpg
15-7
Chapter 15
http://mycompany.cisco.com/photo/std/%%sAMAccountName%%.jpg
You must include the double percent symbols in this string, and they must enclose the name of the LDAP
attribute to substitute. Cisco Unified Personal Communicator removes the percent symbols and replaces
the parameter inside with the results of an LDAP query for the user whose photo it resolves.
For example, if a query result contains the attribute uid with a value of johndoe, then a template such
as http://mycompany.com/photos/%%uid%%.jpg creates the URL
http://mycompany.com/photos/johndoe.jpg. Cisco Unified Personal Communicator attempts to fetch the
photo.
This substitution technique works only if Cisco Unified Personal Communicator can use the results of
the query and can insert it into the template you specify above to construct a working URL that fetches
a JPG photo. If the web server that hosts the photos in a company requires a POST (for example, the
name of the user is not in the URL) or uses some other cookie name for the photo instead of the
username, this technique does not work.
Note
The URL length is limited to 50 characters.
Cisco Unified Personal Communicator does not support authentication for this query; the photo
must be retrievable from the web server without credentials.
Related Topics
Configuring the LDAP Attribute Map for Cisco Unified Personal Communicator
Note
The information about fetching a photo from Active Directory in this topic relates only to Cisco Unified
You must configure the LDAP attribute map on Cisco Unified Presence where you enter LDAP attributes
for your environment and map them to the given Cisco Unified Personal Communicator attributes.
If you want to use LDAP to store your employee profile photos, you must either use a third-party
extension to upload the photo files to the LDAP server, or extend the LDAP directory server schema by
other means to create an attribute that the LDAP server can associate with an image. For Cisco Unified
Personal Communicator to display the profile photo, in the LDAP attribute map, you must map the
Cisco Unified Personal Communicator "Photo" value to the appropriate LDAP attribute. By default,
Cisco Unified Personal Communicator uses the jpegPhoto LDAP attribute to display the user photo,
which is present in the Windows 2003 and 2007 Active Directory schema. Note that Windows 2000
Active Directory uses the thumbnailPhoto attribute.
Before You Begin
Make sure that you install and set up the LDAP server before you configure the LDAP attribute map
on Cisco Unified Presence.
By default, Cisco Unified Personal Communicator uses the jpegPhoto LDAP attribute, which is
present in the Windows 2003 Active Directory schema. By contrast, the Windows 2000 Active
Directory uses the thumbnailPhoto attribute.
15-8
Chapter 15

Restrictions
The UPC UserID setting in the LDAP attribute map must match the Cisco Unified
Communications Manager user ID. This mapping allows a user to add a contact from LDAP to the
Contact list in Cisco Unified Personal Communicator. This field associates the LDAP user with the
associated user on Cisco Unified Communications Manager and Cisco Unified Presence.
You can map an LDAP field to only one Cisco Unified Personal Communicator field.
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > Cisco Jabber > Settings
Step 2
Select a supported LDAP server from Directory Server Type.

The LDAP server populates the LDAP attribute map with Cisco Unified Personal Communicator user
fields and LDAP user fields.
Step 3
Step 4
If necessary, make modifications to the LDAP field to match your specific LDAP directory. The values
are common to all LDAP server hosts. Note the following LDAP directory product mappings:
Product
LastName Mapping
UserID Mapping
SN
sAMAccountName
iPlanet, Sun ONE or

OpenLDAP
SN
uid
Select Save.
If you want to stop using the current attribute mappings and use the factory default settings, select
Restore Defaults.
You can see the LDAP attribute mappings in the Server Health window in Cisco Unified Personal
Communicator (Help > Show Server Health on Windows and Help > Show System Diagnostics
on Mac OS).
For information about faster LDAP searches, see the Troubleshooting Guide for Cisco Unified
Personal Communicator:
http://www.cisco.com/en/US/products/ps6844/prod_troubleshooting_guides_list.html
Related Topics
page 15-7
What To Do Next
Configuring LDAP Server Names and Addresses for Cisco Unified Personal Communicator, page 15-10
15-9
Chapter 15
Configuring LDAP Server Names and Addresses for Cisco Unified Personal
Communicator
Before You Begin
Configure the LDAP attribute map.
Obtain the hostnames or IP addresses of the LDAP directories.
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > Cisco Jabber > LDAP Server.
Step 2
Select Add New.
Step 3
Enter the LDAP server name.
Step 4
Enter an IP address or an FQDN (Fully Qualified Domain Name) of the LDAP server.
Step 5
Specify the port number used by the LDAP server. The defaults are:
TCP389.
TLS636.
Check the LDAP directory documentation or the LDAP directory configuration for this information.
Step 6
Select TCP or TLS for the protocol type.
Step 7
Select Save.
If you integrate with Microsoft Active Directory and if the server is Global Catalog, configure the
following values:
Enter 3268 as the port number.
Select TCP as the protocol type.
The jpegPhoto attribute is not available in Microsoft Active Directory Global Catalog server, and it
is not indexed (http://msdn2.microsoft.com/en-us/library/ms676813.aspx). If your LDAP
configuration uses Global Catalog port 3268, Cisco Unified Personal Communicator cannot retrieve
the jpegPhoto. Instead, change the LDAP directory configuration to TCP and port 389.
Cisco Unified Personal Communicator retrieves the photo when you sign in again.
If you configure an application dial rule, create proper directory lookup dialing rules in
Cisco Unified Communications Manager to make sure that a picture displays both when you place
a call to a contact and in the contact details. When you add a contact in Cisco Unified Personal
Communicator, the directory lookup returns a 10-digit number (for example, 1234567890). If the
user places the call by dialing only four digits (for example, 7890), the picture does not display
because 7890 is not a match for 1234567890. Create the following rules to fix this problem:
Outbound rule to remove the area code. The picture displays in the contact details.
Inbound rule for directory lookup to prefix the area code (translate the 4-digit extension number
into the 10-digit DID number stored in AD). The picture displays when you place a call.
You can see LDAP server information in the server health window in Cisco Unified Personal
Communicator (Help > Show Server Health on Windows and Help > Show System Diagnostics
on Mac OS).
15-10
Chapter 15

Related Topic
What To Do Next
Creating LDAP Profiles and Adding Cisco Unified Personal Communicator Users to the Profile,
page 15-11
Creating LDAP Profiles and Adding Cisco Unified Personal Communicator

Users to the Profile
Cisco Unified Personal Communicator connects to an LDAP server on a per-search basis. If the
connection to the primary server fails, Cisco Unified Personal Communicator attempts the first backup
LDAP server, and if it is not available, it then attempts to connect to the second backup server.
Cisco Unified Personal Communicator also periodically attempts to return to the primary LDAP server.
If an LDAP query is in process when the system fails over, the next available server completes this LDAP
query.
You can see LDAP server information in the server health window in Cisco Unified Personal
Communicator (Help > Show Server Health on Windows and Help > Show System Diagnostics on
Mac OS).If Cisco Unified Personal Communicator cannot connect to any of the LDAP servers, it reports
the failure in the System Diagnostics window.
Before You Begin
Specify the LDAP server names and addresses.
You must create the LDAP profile before you can add Cisco Unified Personal Communicator
licensed users to the profile.
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > Cisco Jabber > LDAP Profile.
Step 2
Select Add New.
Step 3

Table 15-1
Field
Setting
Name
Enter the profile name limited to 128 characters.
Description
(Optional) Enter a description limited to 128 characters.
Bind Distinguished
Name
(Optional) Enter the administrator-level account information limited to 128

characters. This is the distinguished name with which you bind for authenticated
bind.
The syntax for this field depends on the type of LDAP server that you deploy.
For details, see the LDAP server documentation.
15-11
Chapter 15
Table 15-1
Field
Setting
Anonymous Bind
(Optional) Uncheck this option to use the user credentials to sign in to this LDAP
server.
For non-anonymous bind operations, Cisco Unified Personal Communicator
receives one set of credentials. If configured, these credentials must be valid on
the backup LDAP servers.
Note
If you check Anonymous Bind, users can sign in anonymously to the

LDAP server with read-only access. Anonymous access might be
possible on your directory server, but we do not recommend it. Instead,
create a user with read-only privileges on the same directory where the
users to be searched are located. Specify the directory number and
password in Cisco Unified Presence for Cisco Unified Personal
Communicator to use.
Password
(Optional) Enter the LDAP bind password limited to 128 characters. This is the
password for the administrator-level account that you provided in the Bind
Distinguished Name string to allow users to access this LDAP server.
Confirm Password
Reenter the same password as the password you entered in the Password field.
(Optional) After configuring Cisco Unified Presence for authenticated bind with
the LDAP server, configure the LDAP server for anonymous permissions and
anonymous login so that all directory information (name, number, mail, fax,
home number, and so forth) is passed to the Cisco Unified Personal
Communicator client.
Search Context
(Optional) Enter the location where you configured all the LDAP users. This
location is a container or directory. The name is limited to 256 characters. Only
use a single OU/LDAP search context.
Note
If you integrate with Microsoft Active Directory:

Set O and OU (OU must contain users; for example,
ou=users,dc=cisco,dc=com).
For example, cn=users,DC=EFT-LA,DC=cisco,DC=com
The search base should include all users of Cisco Unified Personal
Communicator.
Recursive Search
(Optional) Check to perform a recursive search of the directory starting at the

search base.
Primary LDAP
Server and Backup
LDAP Server
Select the primary LDAP server and optional backup servers.
15-12
Chapter 15

How to Integrate the LDAP Directory for Contact Searches on XMPP Clients
Table 15-1
Field
Setting
Make this the

Default LDAP
Profile for the
System
(Optional) Check to add any new users to the system into this default profile.
If you turn on this setting, Cisco Unified Presence adds any users that it
synchronizes from Cisco Unified Communications Manager to this default
profile. Cisco Unified Presence only adds users to this default profile after you
select the default profile (and you turn on the Sync Agent). Cisco Unified
Presence does not change any existing profile configuration. Therefore, we
recommend that you select and configure the default profile before you turn on
the Sync Agent.
Add Users to Profile Select the button to open the Find and List Users window.
Select Find to populate the search results fields. Alternatively, search for a
specific users and select Find.
To add users to this profile, select the users, and select Add Selected.
Step 4
Select Save.
Troubleshooting Tip
You can see the LDAP profile information in the server health window in Cisco Unified Personal
Communicator (Help > Show Server Health on Windows and Help > Show System Diagnostics on
Mac).
Related Topic
How to Update User Configuration After Deploying Cisco Unified Personal Communicator, page 13-30
How to Integrate the LDAP Directory for Contact Searches on

XMPP Clients
These topics describe how to configure the LDAP settings on Cisco Unified Presence to allow users of
third-party XMPP client to search and add contacts from the LDAP directory.
The JDS component on Cisco Unified Presence handles the third-party XMPP client communication
with the LDAP directory. Third-party XMPP clients send queries to the JDS component on Cisco Unified
Presence. The JDS component sends the LDAP queries to the provisioned LDAP servers, and then sends
the results back to the XMPP client.
Before you perform the configuration described here, perform the configuration to integrate the XMPP
client with Cisco Unified Communications Manager and Cisco Unified Presence. See chapter Integrating
Third-Party XMPP Client Applications on Cisco Unified Presence, page 9-1.
LDAP Account Lock Issue, page 15-14
Configuring LDAP Server Names and Addresses for XMPP Clients, page 15-14
Configuring the LDAP Search Settings for XMPP Clients, page 15-15
Turning On The Cisco UP XCP Directory Service, page 15-17
15-13
Chapter 15
LDAP Account Lock Issue

If you enter the wrong password for the LDAP server that you configure for third-party XMPP clients,
and you restart the XCP services on Cisco Unified Presence, the JDS component will perform multiple
attempts to sign in to the LDAP server with the wrong password. If the LDAP server is configured to
lock out an account after a number of failed attempts, then the LDAP server may lock the JDS component
out at some point. If the JDS component uses the same credentials as other applications that connect to
LDAP (applications that are not necessarily on Cisco Unified Presence), these applications will also be
locked out of LDAP.
To fix this issue, configure a separate user, with the same role and privileges as the existing LDAP user,
and allow only JDS to sign in as this second user. If you enter the wrong password for the LDAP server,
only the JDS component is locked out from the LDAP server.
Configuring LDAP Server Names and Addresses for XMPP Clients

If you choose to enable SSL, configure a secure connection between the LDAP server and Cisco Unified
Presence. Upload the root CA certificate to Cisco Unified Presence as an xmpp-trust-certificate,
following the certificate upload procedure described in this module. The subject CN in the certificate
must match the FQDN of the LDAP server.
Note
If you import a certificate chain (more than one certificate from the root node to the trusted node), import
all certificates in the chain except the leaf node. For example, if the CA signs the certificate for the LDAP
server, you just import the CA certificate, not the certificate for the LDAP server.
Before You Begin
Obtain the hostnames or IP addresses of the LDAP directories.
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > Third-Party Clients > Third-Party
LDAP Servers.
Step 2
Select Add New.
Step 3
Enter an ID for the LDAP server.
Step 4
Enter the hostname of the LDAP server.
Step 5
Specify the port number on the LDAP server that is listening to the TCP or SSL connection.
The default port is 389. If you enable SSL, specify port 636.
Step 6
Specify the username and the password for the LDAP server. These values must match the credentials
you configure on the LDAP server.
See the LDAP directory documentation or the LDAP directory configuration for this information.
Step 7
Check Enable SSL if you want to use Secure Socket Layer (SSL) to communicate with the LDAP server.
Step 8
Select Save.
Step 9
Start the Cisco UP XCP Router service on all nodes in the cluster (if this service is not already running).
15-14
Chapter 15

If you enable SSL, the XMPP contact searches may be slower because of the negotiation procedures
at SSL connection setup, and data encryption and decryption after Cisco Unified Presence
establishes the SSL connection. As a result, if your users perform XMPP contact searches
extensively in your deployment, this could impact the overall system performance.
You can use the certificate import tool to check the communication with the LDAP server
hostname/port after you have upload the certificate for the LDAP server. Select Cisco Unified
Presence Administration > System > Security > Certificate Import Tool.
If you make an update to the LDAP server configuration for third-party XMPP clients, restart the
Cisco UP XCP Directory Service. Select Cisco Unified Serviceability > Tools > Control Center Feature Services to restart this service.
Related Topics
LDAP Account Lock Issue, page 15-14
Secure Connection Between Cisco Unified Communications Manager and the LDAP Directory,
page 15-3
page 15-6
What To Do Next
Configuring the LDAP Search Settings for XMPP Clients

You must specify the LDAP search settings that will allow Cisco Unified Presence to successfully
perform contact search for third-party XMPP clients
Third-party XMPP clients connect to an LDAP server on a per-search basis. If the connection to the
primary server fails, the XMPP client tries the first backup LDAP server, and if it is not available, it then
tries the second backup server and so on. If an LDAP query is in process when the system fails over, the
next available server completes this LDAP query.
Optionally you can turn on the retrieval of vCards from the LDAP server. If you turn on vCard retrieval:
The corporate LDAP directory stores the vCards.
When XMPP clients search for their own vCard, or the vCard for a contact, the vCards are retrieved
from LDAP via the JDS service.
Clients cannot set or modify their own vCard as they are not authorized to edit the corporate LDAP
directory.
If you turn off the retrieval of vCards from LDAP server:
Cisco Unified Presence stores the vCards in the local database.
When XMPP clients search for their own vCard, or the vCard for a contact, the vCards are retrieved
from the local Cisco Unified Presence database.
Clients can set or modify their own vCard.
Before You Begin
Specify the LDAP server names and addresses for XMPP clients.
15-15
Chapter 15
Procedure
Step 1
Select Cisco Unified Presence Administration > Application > Third-Party Clients > Third-Party
LDAP Settings.
Step 2

Table 15-2
Field
Setting
LDAP Server Type
Select an LDAP server type from this list:
User Object Class
Generic Directory Server - Select this menu item if you are using any other
supported LDAP server type (iPlanet, Sun ONE or OpenLDAP).
Enter the User Object Class value appropriate to your LDAP server type. This
value must match the User Object Class value configured on your LDAP server.
If you use Microsoft Active Directory, the default value is user.
Base Context
Enter the Base Context appropriate to your LDAP server. This value must match
a previously configured domain, and/or an organizational structure on your
LDAP server.
User Attribute
Enter the User Attribute value appropriate to your LDAP server type. This value
must match the User Attribute value configured on your LDAP server.
If you use Microsoft Active Directory, the default value is sAMAccountName.
LDAP Server 1
Select a primary LDAP server.
LDAP Server 2
(Optional) Select a backup LDAP server.
LDAP Server 3
(Optional) Select a backup LDAP server.
Step 3
Check Build vCards from LDAP if you want to enable users to request vCards for their contacts and
retrieve the vCard information from the LDAP server. Leave the check box unchecked if you want clients
to be able to automatically request vCards for users as users join the contact list. In this case, clients
retrieve the vCard information from the local Cisco Unified Presence database.
Step 4
Enter the LDAP field required to construct the vCard FN field. Clients use the value in the vCard FN
field to display the contact's name in the contact list when a user requests a contact's vCard.
Step 5
In the Searchable LDAP Attributes table, map the client user fields to the appropriate LDAP user fields.
If you use Microsoft Active Directory, Cisco Unified Presence populates the default attribute values in
the table.
Step 6
Select Save.
Step 7
Start the Cisco UP XCP Router service (if this service is not already running)
If you make an update to the LDAP search configuration for third-party XMPP clients, restart the
Cisco UP XCP Directory Service. Select Cisco Unified Serviceability > Tools > Control Center Feature Services to restart this service.
15-16
Chapter 15

Related Topic
What To Do Next
Turning On The Cisco UP XCP Directory Service, page 15-17
Turning On The Cisco UP XCP Directory Service

You must turn on the Cisco UP XCP Directory Service to allow users of a third-party XMPP client to
search and add contacts from the LDAP directory. Turn on the Cisco UP XCP Directory Service on all
Note
Do not turn on the Cisco UP XCP Directory Service until you configure the LDAP server, and LDAP
search settings for third-party XMPP clients. If you turn on the Cisco UP XCP Directory Service, but
you do not configure the LDAP server, and LDAP search settings for third-party XMPP clients, the
service will start, and then stop again.
Before You Begin
Configure the LDAP server, and LDAP search settings for third-party XMPP clients.
Procedure
Step 1
Step 2
Step 3
Select Cisco UP XCP Directory Service.
Step 4
Select Save.
Related Topics
15-17
Chapter 15
15-18
CH A P T E R
16
Configuring a Cisco Unified Presence

Intercluster Deployment
May 30, 2012
About Intercluster Deployments, page 16-1
Prerequisites for Intercluster Deployment, page 16-4
How to Configure Intercluster Peers, page 16-4
How to Migrate Users between Cisco Unified Presence Clusters, page 16-8
About Intercluster Deployments
Intercluster Hardware Recommendations, page 16-1
Intercluster Peer Relationships, page 16-1
Intercluster Router to Router Connections, page 16-2
Secure Intercluster Router to Router Connections, page 16-3
Node Name Value for Intercluster Deployments, page 16-2
Domain Value for Intercluster Deployments, page 16-3
Intercluster Hardware Recommendations

When planning an intercluster deployment, it is recommended that similar hardware is used on all Cisco
Unified Presence clusters in the Enterprise to allow for syncing of all user data between clusters. For
example, if an MCS 7845 is deployed in Cluster A with 15,000 users, then an MCS 7845 should be
deployed in Cluster B, even if only needed for 500 users.
Intercluster Peer Relationships

You can configure peer relationships that interconnect standalone Cisco Unified Presence clusters,
known as intercluster peers. This intercluster peer functionality allows users in one Cisco Unified
Presence cluster to communicate and subscribe to the availability information of users in a remote Cisco
Unified Presence cluster within the same domain. Keep in mind that if you delete an intercluster peer
from one cluster, then you must also delete the corresponding peer in the remote cluster.
16-1
Chapter 16
Cisco Unified Presence uses the AXL/SOAP interface to retrieve user information for the home cluster
association. Cisco Unified Presence uses this user information to detect if a user is a local user (user on
the home cluster), or a user on a remote Cisco Unified Presence cluster within the same domain.
Cisco Unified Presence uses the XMPP interface for the subscription and notification traffic. If Cisco
Unified Presence detects a user to be on a remote cluster within the same domain, Cisco Unified Presence
reroutes the messages to the remote cluster.
Note
If you configure an intercluster deployment between a Cisco Unified Presence Release 8.0(x) cluster and
a cluster running a previous version of Cisco Unified Presence, Cisco Unified Presence uses the existing
SIP interface for the subscription and notification traffic.
Caution
Cisco highly recommends that you set up intercluster peers in a staggered manner, as the initial sync uses
substantial bandwidth and CPU. Setting up multiple peers at the same time could result in excessive sync
times.
Related Topic
How to Perform Intercluster Upgrades. For more information, see the Upgrade Guide for Cisco Unified
Intercluster Router to Router Connections

By default, Cisco Unified Presence assigns all nodes in a cluster as intercluster router-to-router
connectors. When Cisco Unified Presence establishes an intercluster peer connection between the
clusters over the AXL interface, it synchronizes the information from all intercluster router-to-router
connector nodes in the home and remote clusters. Each intercluster router-to-router connector in one
cluster then either initiates or accepts an intercluster connection with router-to-router connectors in the
other cluster.
Note
Router-to-router connections are dynamically established when a new node is added to the deployment.
As a result, you do not need to restart the Cisco UP XCP Router on any node in your deployment when
you add a new node.
Related Topic
Secure Intercluster Router to Router Connections, page 16-3
Node Name Value for Intercluster Deployments

Note
This topic is only applicable if you are not using DNS in your network.
If you configure an intercluster deployment, and you do not use DNS in your network, you must
configure the node name value as the IP address of the node.
16-2
Chapter 16

During installation Cisco Unified Presence only permits you to specify the hostname as the node name
value. Therefore, once you complete the installation, you must change the node name value to the IP
address of the node.
Perform this configuration on all nodes in both the local and remote clusters.
Related Topics
Domain Value for Intercluster Deployments

Note
This topic is only applicable if you are not using DNS in your network.
If you configure an intercluster deployment, and you do not use DNS in your network, note the
following:
The Domain value on the local server must match the Domain value on the remote server.
Cisco Unified Presence automatically defaults to the Domain value DOMAIN.NOT.SET. On both
the local and remote cluster, you must replace this default value with a valid Domain value,
otherwise the intercluster functionality will not work correctly.
If you configure an intercluster deployment between a Cisco Unified Presence Release 8.x cluster
and a Cisco Unified Presence Release 7.0(x) cluster, and the 7.0(x) cluster uses the default domain
value "DOMAIN_NOT_SET" or a value that does not match the Cisco Unified Presence Release 8.x
cluster, replace this value to match the Domain value on Cisco Unified Presence Release 8.x cluster.
To configure the Domain value, follow the procedures described in Configuring the Domain Value,
page 6-28.
Related Topic
Secure Intercluster Router to Router Connections

You can configure a secure XMPP connection between all router-to-router connectors in your Cisco
Unified Presence deployment, incorporating both intracluster and intercluster router to router
connections. Select Cisco Unified Presence Administration > System > Security > Settings, and
check Enable XMPP Router-to-Router Secure Mode.
When you turn on the secure mode for XMPP router-to-router connections, Cisco Unified Presence
enforces a secure SSL connection using XMPP trust certificates. For intercluster deployments, Cisco
Unified Presence enforces a secure SSL connection between each router-to-router connector node in the
local cluster, and each router connector node in the remote cluster.
Related Topic
Intercluster Router to Router Connections, page 16-2
16-3
Chapter 16

You configure an intercluster peer between the publisher nodes in standalone Cisco Unified Presence
clusters. No configuration is required on the subscriber nodes in a cluster for intercluster peer
connections. Before you configure Cisco Unified Presence intercluster peers in your network, note the
following:
The intercluster peers must each integrate with a different Cisco Unified Communications Manager
cluster.
You must complete the required multi-node configuration in both the home Cisco Unified Presence
cluster, and in the remote Cisco Unified Presence cluster:
Configure the system topology and assign your users as required.
Activate the services on each Cisco Unified Presence node in the cluster.
You must turn on the AXL interface on the local Cisco Unified Presence publisher node, and on the
remote Cisco Unified Presence publisher node. Cisco Unified Presence creates, by default, an
intercluster application user with AXL permissions. To configure an intercluster peer, you will
require the username and password for the intercluster application user on the remote Cisco Unified
Presence server.
You must turn on the Sync Agent on the local Cisco Unified Presence publisher node, and on the
remote Cisco Unified Presence publisher node. Allow the Sync Agent to complete the user
sychronization from Cisco Unified Communications Manager before you configure the intercluster
peers.
For sizing and performance recommendations for intercluster deployments, including information on
determining a presence user profile, see the Cisco Unified Presence SRND.
Related Topics
Cisco Unified Communication SRND:

How to Perform Intercluster Upgrades. For more information, see the Upgrade Guide for Cisco
How to Configure Intercluster Peers
Configuring an Intercluster Peer, page 16-4
Turning On the Intercluster Sync Agent, page 16-6
Verifying the Intercluster Peer Status, page 16-7
Updating Intercluster Sync Agent Tomcat Trust Certificates, page 16-7
Configuring an Intercluster Peer

Perform this procedure on the publisher node of the local Cisco Unified Presence cluster, and on the
publisher node of the remote Cisco Unified Presence cluster (with which you want your local cluster to
form a peer relationship).
16-4
Chapter 16

Before You Begin
Activate the AXL interface on the local Cisco Unified Presence node, and confirm that the AXL
interface is activated on the remote Cisco Unified Presence publisher node.
Confirm that the Sync Agent has completed the user synchronization from Cisco Unified
Communications Manager on the local and remote cluster.
Acquire the AXL username and password for the intercluster application user on the remote Cisco
Unified Presence server.
If you do not use DNS in your network, read the Domain topic and the Node Name topic in this
module.
Restriction
We recommend that you use TCP as the intercluster trunk transport for all Cisco Unified Presence
clusters.
Procedure
Step 1
Step 2
Enter the IP address of the publisher node of a remote Cisco Unified Presence cluster.
Step 3
Enter the username of the application user on the remote Cisco Unified Presence server that has AXL
permissions.
Step 4
Enter the associated password of the application user on the remote Cisco Unified Presence server that
has AXL permissions.
Step 5
Enter the preferred protocol for SIP communication.
Step 6
(Optional) Enter the External Phone Number Mask value. This is the E164 mask to apply to Directory
Numbers retrieved from the remote cluster.
Step 7
Select Save.
Step 8
Restart the Cisco UP XCP Router service on all nodes in the local cluster.
Step 9
Repeat this procedure to create the remote intercluster peer, and then restart the Cisco UP XCP Router
service on all nodes in the remote cluster
If you configure an intercluster deployment between a Cisco Unified Presence Release 8.0(x) cluster
and a Cisco Unified Presence release 7.0(x) cluster, you must turn on the XCP SIP Federation
Connection Manager service on all nodes in the Cisco Unified Presence Release 8.0(x) cluster. To
turn on the XCP SIP Federation Connection Manager, select Cisco Unified Serviceability > Tools
> Service Activation.
If you configure the intercluster peer connection before the Sync Agent completes the user
synchronization from Cisco Unified Communications Manager (on either the local or remote
cluster), the status of the intercluster peer connection will display as failed.
If you select TLS as the intercluster transport protocol, Cisco Unified Presence attempts to
automatically exchange certificates between intercluster peers to establish a secure TLS connection.
Cisco Unified Presence indicates whether or not the certificate exchange is successful in the
intercluster peer status section.
16-5
Chapter 16
What To Do Next
Turning On the Intercluster Sync Agent, page 16-6

Related Topics
How to Perform Intercluster Upgrades. For more information, see the Upgrade Guide for Cisco
Turning On the Intercluster Sync Agent

By default, Cisco Unified Presence turns on the Intercluster Sync Agent parameter. Use this procedure
to either verify that the Intercluster Sync Agent parameter is on, or to manually turn on this service.
The Intercluster Sync Agent uses the AXL/SOAP interface for the following:
Note
to retrieve user information for Cisco Unified Presence to determine if a user is a local user (on the
local cluster), or a user on a remote Cisco Unified Presence cluster within the same domain.
to notify remote Cisco Unified Presence clusters of changes to users local to the cluster.
You must turn on the Intercluster Sync Agent on all nodes in the Cisco Unified Presence cluster because
in addition to synchronizing user information from the local publisher node to the remote publisher node,
the Intercluster Sync Agent also handles security between all nodes in the clusters.
Procedure
Step 1
Select Cisco Unified Serviceability > Tools > Control Center - Network Services.
Step 2
Step 3
Select Cisco UP Intercluster Sync Agent.
Step 4
Select Start.
Related Topics
Configuring an Intercluster Peer, page 16-4
About the Multi-Node Scalability Feature, page 4-1
What To Do Next
16-6
Chapter 16

Verifying the Intercluster Peer Status

Procedure
Step 1
Step 2
Select the peer address from the search criteria menu.
Step 3
Select Find.
Step 4
Select the peer address entry that you wish to view.
Step 5
In the Intercluster Peer Status window:
Verify that there are check marks beside each of the result entries for the intercluster peer.
Make sure that the Associated Users value equals the number of users on the remote cluster.
If you select TLS as the intercluster transport protocol, the Certificate Status item displays the status
of the TLS connection, and indicates if Cisco Unified Presence successfully exchanged security
certificates between the clusters. If the certificate is out-of-sync, you need to manually update the
tomcat trust certificate (as described in this module). For any other certificate exchange errors,
check the Online Help for a recommended action.
Step 6
Select Cisco Unified Presence Administration > Diagnostics > System Troubleshooter.
Step 7
Verify that there are check marks beside the status of each of the intercluster peer connection entries in
the InterClustering Troubleshooter section.
Related Topic
Updating Intercluster Sync Agent Tomcat Trust Certificates, page 16-7
Updating Intercluster Sync Agent Tomcat Trust Certificates

If the tomcat certificate status for an intercluster peer is out-of-sync, you need to update the Tomcat trust
certificate. In an intercluster deployment this error can occur if you reuse the existing Intercluster Peer
Configuration to point to a new remote cluster. Specifically, in the existing Intercluster Peer
Configuration window, you change the Peer Address value to point to a new remote cluster. This error
can also occur in a fresh Cisco Unified Presence install, or if you change the Cisco Unified Presence host
or domain name, or if you regenerate the Tomcat certificate.
This procedure describes how to update the Tomcat trust certificate when the connection error occurs on
the local cluster, and the bad Tomcat trust certificates are associated with the remote cluster.
Procedure
Step 1
Step 2
Select Force Sync to synchronize certificates with the remote cluster.
Step 3
In the confirmation window that displays, select Also resync peer's Tomcat certificates.
Step 4
Select OK.
16-7
Chapter 16
How to Migrate Users between Cisco Unified Presence Clusters
Related Topics
For information about how to perform intercluster upgrades, see the Upgrade Guide for Cisco
Unified Presence.

This section describes how to migrate users between Cisco Unified Presence clusters.
Note
This procedure only migrates user contacts that are provisioned with an IM Address. User contacts with
only phone numbers are not migrated and must be manually re-added by the end user after the migration
completes.
You must complete the following procedures in the order in which they are presented:
Unassign the migrating users from their current cluster
Export the contact lists of the migrating users from their current home cluster
Unlicense the migrating users for Cisco Unified Presence and Cisco Jabber on their current home
cluster from Cisco Unified Communications Manager
If LDAP Sync is enabled on Cisco Unified Communications Manager:

move the users to the new Organization Unit, from which their new cluster synchronizes its
information
synchronize the users to the new home Cisco Unified Communications Manager, see
Note
If LDAP Sync is not enabled on Cisco Unified Communications Manager, manually provision the
migrating users on Cisco Unified Communications Manager
License users for Cisco Unified Presence and Cisco Jabber
Import contact lists to the new home cluster to restore contact list data for migrated users
For deployments where partitioned intradomain federation is enabled, Microsoft users must login in
again to establish presence. Alternatively, users can wait until Microsoft LCS/OCS refreshes the
subscription (this can take up to 2 hours).
Before You Begin
Perform a full DRS of the current cluster and the new home cluster.
See the Disaster Recovery System Administration Guide for Cisco Unified Presence for more
information.
Ensure that the following services are running:

Cisco UP Intercluster Sync Agent
Cisco AXL Web Service
Cisco UP Sync Agent
Run the Troubleshooter and ensure that there are no Intercluster Sync Agent issues reported. All
Intercluster Sync Agent issues reported on the Troubleshooter must be resolved before proceeding
with this procedure.
16-8
Chapter 16

Cisco recommends that the Allow users to view the availability of other users without being
prompted for approval setting is enabled. To enable this setting, select Cisco Unified Presence
Administration > Presence > Settings. Any change to this setting requires a restart of the Cisco
XCP Router.
Cisco recommends that the following settings are set to No Limit:

Maximum Contact List Size (per user)
Maximum Watchers (per user)
To configure these settings, select Cisco Unified Presence Administration > Presence > Settings.
Unassign the Users from the Current Cluster

Complete this procedure to unassign the migrating users from their current cluster.
Procedure
Step 1
Step 2
Select the users that you want to migrate to a remote Cisco Unified Presence cluster.
Step 3
Select Assign Selected Users and in the next dialog box, select Unassigned.
Step 4
Select Save.
What To Do Next
Export User Contact Lists, page 16-9
Export User Contact Lists

Complete this procedure to export the contact lists of the migrating from their current cluster.
Procedure
Step 1
Step 2
Export the contact lists of the migrating users from the current home cluster.
a.
Select Cisco Unified Presence Administration > Bulk Administration > Contact List > Export.
b.
Select All unassigned users in the cluster and select Find.
c.
Review the results and use the AND/OR filter to filter the search results as required.
d.
When the list is complete, select Next.
e.
Select a filename for the exported contact list data.
f.
Optionally update the Job Description.
g.
Select Run Immediately or schedule the job to run later.
Monitor the status of the contact list export job.

a.
b.
Select Find to list all BAT jobs.
16-9
Chapter 16
Step 3
c.
Find your contact list export job and when it is reported as completed, select the job.
d.
Select the CSV File Name link to view the contents of the contact list export file. Note that a
timestamp is appended to the filename.
e.
From the Job Results section, select the log file to see the summary of what was exported. The job
begin and end time is listed and a result summary for the job is presented.
Download the contact list export file and store it for use later when the user migration is complete.
a.
Select Cisco Unified Presence Administration > Bulk Administration > Upload/Download
Files.
b.
Select Find.
c.
Select the contact list export file and select Download Selected.
d.
Save the CSV file locally for upload later in the procedure.
What To Do Next
Unlicense the Users, page 16-10
Unlicense the Users

The following procedure describes how to unlicense the migrating users for Cisco Unified Presence and
Cisco Jabber on their current home cluster from Cisco Unified Communications Manager.
Procedure
Step 1
From Cisco Unified Communications Manager Administration, select System > Licensing >
Capabilities Assignment.
Step 2
Select the users that you want to migrate.
Step 3
Select Bulk Assignment.
Step 4
In the dialog box, uncheck Enable CUP and Enable CUPC.
Step 5
Select Save.
What To Do Next
Move Users to the New Cluster, page 16-10
Move Users to the New Cluster

The procedure to move the users to the new cluster differs depending on whether LDAP Sync is enabled
on Cisco Unified Communications Manager.
LDAP Sync Enabled on Cisco Unified Communications Manager

If LDAP Sync is enabled on Cisco Unified Communications Manager, you must move users to the new
Organizational Unit and synchronize the users to the new home cluster.
16-10
Chapter 16

Move Users to the New Organizational Unit

If LDAP Sync is enabled on Cisco Unified Communications Manager (Unified CM), you must move the
users to the new Organizational Unit (OU) from which their new cluster synchronizes if the deployment
uses a separate LDAP structure (OU divided) for each cluster, where users are only synchronized from
LDAP to their home cluster.
Note
You do not need to move the users if the deployment uses a flat LDAP structure, that is, all users are
synchronized to all Unified CM and Cisco Unified Presence clusters where users are licensed to only
one cluster.
For more information about how to move the migrating users to the relevant OU of the new home cluster,
see the LDAP Administration documentation.
After you move the users, you must delete the LDAP entries from the old LDAP cluster.
What To Do Next
Synchronize the Users to the New Home Cluster, page 16-11
Synchronize the Users to the New Home Cluster

If LDAP is enabled on Cisco Unified Communications Manager (Unified CM), you must synchronize
the users to the new home Unified CM cluster. You can do this manually on Unified CM or you can wait
for a scheduled synchronization on Unified CM.
To manually force the synchronization on Unified CM, complete the following procedure.
Procedure
Step 1
From Cisco Unified CM Administration, select System > LDAP > LDAP Directory.
Step 2
Select Perform Full Sync Now.
What To Do Next
License the Users on the New Cluster, page 16-11
LDAP Sync Not Enabled on Cisco Unified Communications Manager

If LDAP Sync is not enabled on Cisco Unified Communications Manager (Unified CM), you must
manually provision the users on the new Unified CM cluster. See the
Cisco Unified Communications Manager Administration Guide for more information.
What To Do Next
License the Users on the New Cluster, page 16-11
License the Users on the New Cluster

When the users have been synchronized, or manually provisioned, on the new home cluster, you must
license the users for Cisco Unified Presence and Cisco Jabber.
16-11
Chapter 16
Procedure
Step 1
From Cisco Unified CM Administration, select System > Licensing > Capabilities Assignment.
Step 2
Select the users that were migrated to the cluster and select Bulk Assignment.
Step 3
Use the Bulk Assignment Tool to license the users on their new home cluster.
Step 4
Provision the users on Unified CM for Phone and CSF. See the Cisco Unified Communications Manager
Administration Guide for more information.
Note
After you have licensed the users on the new cluster, Cisco recommends that you rebalance users on
What To Do Next
Import Contact Lists on the New Home Cluster, page 16-12
Import Contact Lists on the New Home Cluster

You must import the contact lists to restore contact data for the migrated users.
Procedure
Step 1
Step 2
Step 3
Upload the previously exported contact list CSV file.

a.
Select Cisco Unified Presence Administration > Bulk Administration > Upload/Download
Files.
b.
Select Add New.
c.
Select Browse to locate and select the contact list CSV file.
d.
Select Contact Lists as the Target.
e.
Select Import Users Contacts - Custom File as the Transaction Type,
f.
Optionally check Overwrite File if it exists.
g.
Select Save to upload the file.
Run the import contact list job.

a.
Select Cisco Unified Presence Administration > Bulk Administration > Contact List > Update.
b.
Select the CSV file you uploaded in Step 1.
c.
Optionally update the Job Description.
d.
To run the job now, select Run Immediately. Select Run Later to schedule the update for a later
time.
e.
Select Submit.
Monitor the contact list import status.

a.
b.
Select Find to list all BAT jobs.
16-12
Chapter 16

c.
Select the job ID of the contact list import job when its status is reported as complete.
d.
To view the contents of the contact list file, select the file listed at CSV File Name.
e.
Select the Log File Name link to open the log.

The begin and end time of the job is listed and a result summary is also displayed.
16-13
Chapter 16
16-14
CH A P T E R
17
Configuring Active Directory for Cisco Unified

May 30, 2012
The phone numbers and other user information for Cisco Unified Personal Communicator are provided
by Active Directory. Cisco Unified Client Services Framework provides Active Directory services for
Cisco Unified Client Services Framework can use either of the following mechanisms to retrieve contact
information from an Active Directory server:
Enhanced Directory Integration (EDI): EDI uses native Windows APIs. If you select to use EDI, you
might not need to do any further configuration, depending on how your clients can access the
directory.
Basic Directory Integration (BDI): The integration is not native to Windows environments, and
requires configuration.
We recommend that you use EDI because EDI provides significant advantages over BDI, as described
in Feature Comparison of Enhanced and Basic Directory Integration, page 17-2.
If you use BDI, or use EDI and do additional configuration, you must deploy the configuration settings
to the computers in your Cisco Unified Communications system. To do this, you can use Active
Directory Group Policy.
This chapter includes the information required to deploy Cisco Unified Personal Communicator. For
information specific to Cisco Jabber clients, such as Jabber for Windows, see the appropriate client
17-1
Chapter 17
Related Topics
Feature Comparison of Enhanced and Basic Directory Integration, page 17-2
Specifying How Cisco Unified Client Services Framework Integrates with Active Directory,
page 17-3
Mapping Keys Required for Basic and Enhanced Directory Integration, page 17-4
About Enhanced Directory Integration, page 17-4
About Configuring Enhanced Directory Integration with Active Directory, page 17-7
About Basic Directory Integration, page 17-14
About Phone Number Masks, page 17-20
About Retrieving Photos for Contacts, page 17-23
Feature Comparison of Enhanced and Basic Directory

Integration
Table 17-1 lists the features that are available with enhanced and basic directory integration. Use this
table to help you decide which mechanism is most suitable for your Cisco Unified Communications
system.
Table 17-1
Feature
Enhanced
Basic
Configured as the default mechanism for Active Directory

integration
No
Yes
Requires minimal configuration
Yes
No
Automatic discovery of directory service
Yes
No, requires
configuration
Supports connection to the Active Directory domain controller

(DC)
Yes
Yes, requires
configuration
Supports connection to the Active Directory global catalog (GC) Yes, supported by Yes, requires
default
configuration
Supports connection to Active Directory Lightweight Directory Yes
Services (AD LDS) and Active Directory Application Mode
(ADAM) servers
Partial, proxy
authentication
not supported
You can define the service and port for the directory service
Yes, optional
Yes, required
You can configure a back-up directory server
Yes
No
You can define search bases
Yes, up to 5
Yes, up to 5
SSL is supported
Yes
Yes
You can use the Windows certificate store for SSL
Yes
No, you must

use the Java
store
Support for encryption of Active Directory credentials
Yes
No, unless you

use SSL
17-2
Chapter 17

Specifying How Cisco Unified Client Services Framework Integrates with Active Directory
Table 17-1
Feature Comparison of Enhanced and Basic Directory Integration (continued)
Feature
Enhanced
Basic
Support for integrated authentication with Windows credentials Yes
No
Administrator can define alternative credentials
Yes
No
User can define alternative credentials
Yes
Yes
Custom attribute map
Yes
Yes, but the

map must be
defined
Phone attribute search scope control
Yes
No
Can customize LDAP queries
Yes
Yes
Support for phone number masks
Yes
Yes
Can retrieve contact photo URL
Yes
Yes
Can retrieve binary photo object
Yes
No
Specifying How Cisco Unified Client Services Framework

Integrates with Active Directory
Table 17-2 lists the registry subkeys that can be created or modified to specify whether to use Enhanced
or Basic Directory Integration. The subkeys will be located in the following registry location:
[HKEY_CURRENT_USER\Software\Cisco Systems, Inc.\Client Services Framework\AdminData].
The following subkeys must be created if they do not already exist.
Table 17-2
Registry Subkey for Configuration of Enhanced or Basic Directory Integration
Subkey Name
Description
EnableNativeDirectoryProv Specify whether to use Enhanced or Basic Directory Integration to get

ider
contact information from Active Directory. Enter one of the following
values:
0: Use Basic Directory Integration. This is the default value.
1: Use Enhanced Directory Integration.
Data type: REG_SZ

If you are configuring Presence or chat for Partitioned Intradomain Federation, you must create or
modify the subkeys listed in Table 17-3 so that users can be added directly from Active Directory. The
subkeys will be located in the following registry location:
[HKEY_CURRENT_USER\Software\Cisco Systems, Inc.\Client Services Framework\AdminData]
Table 17-3
Registry Subkey for Configuration of Enhanced or Basic Directory Integration
Subkey Name
Value
LDAP_AttributeName_uri
msRTCPSIP
LDAP_UriSchemeName
SIP
17-3
Chapter 17
Mapping Keys Required for Basic and Enhanced Directory Integration
Mapping Keys Required for Basic and Enhanced Directory

Integration
This chapter provides information on the configuration of both Basic and Enhanced Directory
Integration. The following guidelines are provided to ensure registry key explanations that are only
applicable to only one type of directory integration or both are clear and easily understood by the
administrator:
The registry keys LDAP_AttributeName_uri, LDAP_SearchByUsername, and

LDAP_DisableNumberLookups listed in Table 17-9 provide services available to both Basic and
Enhanced Directory Integration.
The registry key EnableNativeDirectoryProvider in Table 17-9 and all keys listed in Table 17-5,
Table 17-6, and Table 17-10 are applicable only to Enhanced Directory Integration.
All registry keys listed in this chapter that are prefaced with LDAP_, with the exception of those
listed in the first bullet, are applicable to Basic Directory Integration only.
About Enhanced Directory Integration

If you use Enhanced Directory Integration (EDI), you can benefit in the following ways:
You might not need to do any further configuration, depending on how your clients can access the
directory.
Your clients will connect securely to a Global Catalog (GC) server in the domain that the user is
logged into. The GC server must be discoverable by DNS with Windows authentication. The
credentials used are the credentials of the Windows user who is currently logged in.
The directory server is discovered automatically by DNS.
Users can sign in to a Windows domain, then access Active Directory without entering an Active
Directory username and password.
Connections to Active Directory Lightweight Directory Services (AD LDS) and Active Directory
Application Mode (ADAM) servers that implement local and proxy authentication are supported.
SSL is supported. The Windows certificate store is used, so you do not need to configure a separate
certificate store.
DNS provides failover support in Windows domains.
DNS provides load balancing support in Windows domains.
Anonymous binds and simple binds are supported.
Related Topics
Automatic Discovery of the Directory Service, page 17-5
Configuration of Directory Servers that Cannot Be Discovered Automatically, page 17-5
Connections to Global Catalog Servers or Domain Controllers, page 17-5
Usage of SSL, page 17-6
Usage of Windows Credentials, page 17-6
Usage of Non-Windows Credentials, page 17-6
Topics to Consider Before You Use Enhanced Directory Integration, page 17-7
17-4
Chapter 17

Automatic Discovery of the Directory Service

If you configure Enhanced Directory Integration to use automatic discovery, the Cisco Unified Client
Services Framework uses a similar method to discover the directory service that Windows uses to
discover a domain controller (DC) or Global Catalog (GC). That is, the Cisco Unified Client Services
Framework uses a DNS Service record (SRV) request.
The Cisco Unified Client Services Framework searches for a GC server in the domain that the client
computer is a member of. To identify the domain the client computer queries, check the value of the
USERDNSDOMAIN environment variable of the computer.
Related Topics
Configuration of Directory Servers that Cannot Be Discovered Automatically, page 17-5
Configuration of Directory Servers that Cannot Be Discovered Automatically

If you configure a primary and a secondary server, Cisco Unified Personal Communicator attempts to
connect to the primary server. If the primary server is not available, Cisco Unified Personal
Communicator attempts to connect to the secondary server. If the connection to the secondary server is
successful, the primary server is blacklisted for a period of time.
Related Topics
Automatic Discovery of the Directory Service, page 17-5
Connections to Global Catalog Servers or Domain Controllers

We recommend that the LDAP and LDAPS connections in your Cisco Unified Communications system
are configured to a Global Catalog (GC) server rather than to a domain controller (DC). The GC server
holds primary directory attributes for all users in your Windows domain forest. The default search
attributes that the Cisco Unified Client Services Framework uses are normally all available from a GC
server.
If LDAP and LDAPS connections are configured to a DC, directory searches from Cisco Unified Client
Services Framework are restricted to data within that domain. Searches might not be able to resolve
contact from peer subdomains within the organization.
The administrator of the directory server might choose to connect to a DC if some search attributes are
not present in the GC server. A DC only holds contact information for use in the domain that the DC
manages.
If your Cisco Unified Communications system uses custom attributes for phone numbers, then these
attributes might not be available from the GC. If some attributes are not available from the GC, the
directory server administrator might configure the Cisco Unified Personal Communicator to connect to
a DC or to request the directory manager to enable the missing attribute on the GC server.
If your system uses directory-based photos of contacts, confirm with your directory administrator that
photo attributes are available from the GC. The directory administrator might enable these attributes in
a GC server.
If you configure Enhanced Directory Integration to use LDAP, any GC or DC server selection that you
make is overwritten.
The default ports used for GC and DC server connections are as follows:
17-5
Chapter 17
GC: 3268
DC: 389
Usage of SSL
Enhanced Directory Integration (EDI) encrypts all authentication data by default.
If your system requires encryption for both user credentials and query data, then you can enable SSL.
You can use SSL for both global catalog (GC) and domain controller (DC) connections. When you use
EDI, the certificate for the SSL connection must be present in the Windows certificate store. In a
Windows domain, the certificate is typically already present in the certificate store on the client
computer.
The default protocols and ports that are used for GC and DC server connections when you use SSL are
as follows:
GC: TCP, 3269
DC: TCP, 636
Usage of SSL for Users that Are Not Part of Your Domain
To use Enhanced Directory Integration (EDI) with users that are not part of your domain, you must use
SSL, and each user outside your domain must have a certificate.
Certificates must be in the list of trusted root certificate authority (CA) certificates on the computers of
your users. If the certificates come from a third party registrar, then the certificates might chain to a
trusted root CA. If your certificates chain to a root CA that is not in the default set of trusted root
certificates on the computer of a Cisco Unified Personal Communicator user, then the computer cannot
negotiate with the server.
Usage of Windows Credentials

When client computers connect to an Active Directory server, encrypted authentication is used. If you
connect to a non-Windows server, you might need to disable Windows encryption. When Windows
encryption is disabled, a basic bind is used to connect to the directory. When you use a basic bind, the
user credentials are transmitted in clear text.
We recommend that you use SSL in this scenario.
Related Topic
Usage of SSL, page 17-6
Usage of Non-Windows Credentials

You might choose to use a common set of credentials for Cisco Unified Personal Communicator to
authenticate for directory queries. In this scenario, you can push the credentials to all client computers.
You might use this feature if your Cisco Unified Communications system accesses a third-party
directory service.
If the client computer does not provide credentials, then Enhanced Directory Integration (EDI) attempts
to make an anonymous bind to the directory service.
17-6
Chapter 17

About Configuring Enhanced Directory Integration with Active Directory
Topics to Consider Before You Use Enhanced Directory Integration

Before you use Enhanced Directory Integration (EDI), you must consider the following topics:
The type of the directory that you need to connect to:

Global Catalog (GC)
Active Directory or LDAP
Active Directory Lightweight Directory Services (AD LDS), or Active Directory Application
Mode (ADAM)
Whether Windows authentication can be used.
Whether the root of the directory is searched, or whether users are located in several search bases.
Related Topic
Sample Configuration Questions, page 17-13
About Configuring Enhanced Directory Integration with Active

Directory
For information about how to configure Enhanced Directory Integration, read the following topics:
Default Configuration of Active Directory with Enhanced Directory Integration, page 17-7
Configuration of the Connection for Enhanced Directory Integration, page 17-8
Directory Attributes Are Standard Active Directory Attribute Names, page 17-11
Configuration of Additional Directory Attributes, page 17-12
Active Directory Attributes that must be Indexed, page 17-12
Sample Configuration Questions, page 17-13
Default Configuration of Active Directory with Enhanced Directory Integration

Table 17-4 gives details of how Active Directory is configured with Enhanced Directory Integration
(EDI) by default. If these configuration details do not meet your requirements, you might need to modify
some of the settings appropriately.
Table 17-4
Default Configuration of Active Directory with EDI
Configuration Area
Description
Locating Global Catalog

server
Uses DNS to locate the Global Catalog (GC) server or the domain
controller (DC) for the domain of the Windows machine. The GC or DC
is located by the DNS service (SRV) _gc record.
Port
3268
Default search base
Domain root, that is RootDSE.
Credentials
Connects with the credentials of the Windows user who is currently

logged on.
17-7
Chapter 17
Table 17-4
Default Configuration of Active Directory with EDI (continued)
Configuration Area
Description
Security
Uses a secure connection.
Preferences for searches
subtree, chaseReferrals, timeout 5s, pageSize 100, PagedTimeLimit 5s
Directory attribute names
Default Active Directory attribute names.
Related Topics
Directory Attributes Are Standard Active Directory Attribute Names, page 17-11
Configuration of the Connection for Enhanced Directory Integration

If the default configuration of Enhanced Directory Integration (EDI) does not meet your requirements,
you might need to modify some of the settings appropriately. Table 17-5 lists the Active Directory
configuration registry subkeys that can be created or modified. The subkeys are located in the following
registry location:
[HKEY_CURRENT_USER\Software\Cisco Systems, Inc.\Client Services
Framework\Active Directory]
The data type of the registry settings is REG_SZ, except where noted otherwise.
Keys that do not already exist must be created.
Table 17-5
Registry Subkeys for Active Directory Connection Configuration
Subkey Names
Description
ConnectionType
Specify how you want Client Services Framework to discover the Active
Directory. Enter one of the following values:
0: Use the Global Catalog (GC) or domain controller (DC) to

discover the Active Directory server automatically. This is the
default value.
1: Use LDAP.
Data type: REG_DWORD

UseSecureConnection
Specify whether Client Services Framework encrypts usernames and

passwords on the connection. Enter one of the following values:
0: Use encryption. This is the default value.
1: Do not use encryption.

UseSSL
Specify whether Client Services Framework uses SSL to connect

securely to the directory. Enter one of the following values:
0: Do not use SSL. This is the default value.
1: Use SSL.
17-8
Chapter 17

Table 17-5
Registry Subkeys for Active Directory Connection Configuration (continued)
Subkey Names
Description
UseWindowsCredentials
Specify whether Client Services Framework uses credentials, that is,

usernames and passwords, from Windows or from another source. Enter
one of the following values:
0: Use credentials from a source other than Windows.
1: Use Windows credentials. This is the default value.

ConnectionUsername
If you select to use credentials from a source other than Windows,

specify the username to use when Client Services Framework connects
to the Active Directory.
The default is that this subkey name is not used.
ConnectionPassword
If you select to use credentials from a source other than Windows,

specify the password to use when Client Services Framework connects
to the Active Directory.
BaseFilter
Only use this subkey name if the object type that you want to retrieve
with queries that you execute against Active Directory is not a user
object. The default value is (objectCategory=person).
The following example base filter would exclude disabled users:
(&(objectCategory=person)(objectClass=user)(
!(userAccountControl:1.2.840.113556.1.4.803:=2))
Note
Remove the last bracket from all filters. This is the due to the
way the filter is loaded.
SearchTimeout
Specify the timeout period for queries, in seconds. The default value is 5.
PrimaryServerName
Specify the FQDN or IP address of the primary server to connect to for

directory access, if the server cannot be discovered by DNS.
SecondaryServerName
Specify the FQDN or IP address of the backup server to connect to for

directory access, if the server that cannot be discovered by DNS.
Port1
Specify the port of the primary server that cannot be discovered by DNS.
Port2
Specify the port of the secondary server that cannot be discovered by

DNS.
SearchBase1, SearchBase2,
SearchBase3, SearchBase4,
SearchBase5
For performance reasons, you might need to specify a location in the

Active Directory from which searches begin. If you need to do this, set
this subkey name to be the value of the first searchable organizational
unit (OU) in the tree. The default value is the root of the tree.
Specify any further search bases also.
17-9
Chapter 17
Table 17-5
Registry Subkeys for Active Directory Connection Configuration (continued)
Subkey Names
Description
DisableSecondaryNumberL Specify whether users can search for the mobile, other, or home numbers
ookups
of contacts, if the work number is not available.
Enter one of the following values:
0: Users can search for the mobile, other, or home numbers of

contacts.
1: Users cannot search for the mobile, other, or home numbers of

contacts.

PhoneNumberMasks
Set masks to use when users search for a phone number.

For example, if a user receives a call from +14085550100, but the
number is stored in Active Directory as +(1) 408 555 0100, you can
ensure that the contact is found if you set the following mask:
+1408|+(#) ### ### ####
There is no restriction on the length of a mask string, except that the
length cannot exceed the size that is allowed in registry subkey names.
Typically, you do not need to use phone number masks if the phone
numbers in your directory are in +E.164 format.
UseWildcards
Set this value to 1 if you want to enable wildcard searches for phone
numbers in the LDAP.
If you set this key to 1, the speed of searches of the LDAP might be
affected, particularly when the directory attributes that are searched are
not indexed.
You can use phone number masks instead of wildcard searches.
Typically, you do not need to use wildcard searches if the phone numbers
in your directory are in +E.164 format.
UserSearchFields
This value is used to specify the Active Directory fields to search when
users search for contacts. Specify one or more of the following values
separated by commas:
DisplayName
UserAccountName
FirstName
LastName
For example, the UserSearchFields key should be set to

UserAccountName,FirstName if the administrator wants user contact
searches to query the equivalent Active Directory fields. All of the above
fields are searched if no value is specified.
Note
17-10
The Active Directory fields searched for UserAccountName or

FirstName values may be customized if the administrator wants
to restrict searches to indexed fields.
Chapter 17

Related Topic
Directory Attributes Are Standard Active Directory Attribute Names

The default values for the directory attributes are the standard Active Directory attribute names. In other
words, you do not need to set values for the directory attributes unless the directory to which you want
to connect has attributes that are different to the Active Directory attribute names.
You specify the values for the directory attributes in the following registry key:
Table 17-6 lists the directory attributes, the corresponding subkey names, and their default values.
Table 17-6
Default Values of Subkey Names for Directory Attributes
Attribute Description
Subkey Name
Default Value
Common Name
CommonName
cn
Display Name
DisplayName
displayName
First Name
Firstname
givenName
Last Name
Lastname
sn
Email Address
EmailAddress
mail
SIP URI
SipUri
msRTCSIP-PrimaryUserAddress
Photo URI
PhotoUri
photoUri
Work Number
BusinessPhone
telephoneNumber1
Mobile Number
MobilePhone
mobile
Home Number
HomePhone
homePhone
Other Number
OtherPhone
otherTelephone
Preferred Number
PreferredNumber
telephoneNumber
Title
Title
title
Company Name
CompanyName
company
Account Name
UserAccount
sAMAccountName
User Principal Name
Domain
userPrincipalName
Location
Location
co
Nick Name
Nickname
mailNickname
Postcode
PostalCode
postalCode
State
State
st
Street Address
StreetAddress
streetAddress
1. This is the primary and default directory attribute for contact resolution. Other directory phone number attributes might be
used to find contacts, depending on the value of the DisableSecondaryNumberLookups key.
Related Topic
Active Directory Attributes that must be Indexed, page 17-12
17-11
Chapter 17
Configuration of Additional Directory Attributes

You can configure additional directory attributes if you configure Enhanced Directory Integration. You
specify the values for the directory attributes in the following registry key:
Table 17-7 lists the additional directory attributes, the corresponding subkey names, and their default
values.
Table 17-7
Default Values of Subkey Names for Additional Directory Attributes
Attribute Description
Subkey Name
Default Value
Enable substitution of photo

URI
PhotoUriSubstitutionEnabled
The default is that this subkey name

is not used.
Example value: True

Photo URI with a variable value PhotoUriWithToken

is not used.
Example value:
http://staffphoto.example.com/sA
MAccountName.jpg
Value that gets inserted to a

photo URI that has a variable
value
PhotoUriSubstitutionToken
Use wildcards
UseWildcards

is not used.
Example value: sAMAccountName
0

Phone number masks
PhoneNumberMasks

is not used.
Example value:
+1408|+(#) ### ### ####
Active Directory Attributes that must be Indexed

The following Active Directory attributes must be indexed:
sAMAccountName
displayName
mail
Any attributes that are used for contact resolution must also be indexed. For example, you might need to
index the following attributes:
telephoneNumber
Any other directory phone number attributes that are be used to find contacts, depending on the
value of the DisableSecondaryNumberLookups key
ipPhone, if this attribute is used in your environment
17-12
Chapter 17

Sample Configuration Questions

Table 17-8 lists common questions that arise when you configure Cisco Unified Client Services
Framework to use Enhanced Directory Integration (EDI). The table also lists actions that you must take
depending on the answers to those questions.
Table 17-8
Sample Questions About Configuration of Client Services Framework to Use EDI
Configuration Question
Is the directory discoverable
by DNS?
Configuration Actions
If yes, is the directory a Global Catalog (GC) or LDAP server?

If the directory is a GC, no action is required.
If the directory is an LDAP directory, set the ConnectionType
subkey name to 1.
If no, do the following:

Set the ConnectionType subkey name to 1.
Specify the appropriate values for PrimaryServerName and
Port1.
(Optional) Specify the appropriate values for
BackupServerName and Port2.

For example, if your directory is an ADAM directory, you might set
these values.
Do you use SSL when
connecting to the directory?
If yes, set the UseSSL subkey name to 1.
If no, no action is required.
Can users connect to the

directory with integrated
Windows authentication?
If yes, no action is required.
If no, set the values for the following subkey names:

ConnectionUsername
ConnectionPassword
Note
Do you want to create a

secure connection?
Passwords are stored in the registry unencrypted. This feature is

designed to be used for well-known application accounts. An
application account might be Cisco Unified Personal
Communicator, where every user of Cisco Unified Personal
Communicator knows the username and password.
If the answer is yes, no action is required.
If the answer is no, set the ConnectionSecurity subkey name to 1.

If you do not specify a username and password, Client Services
Framework attempts an anonymous bind to the Active Directory
server.
Do you want to use a simple

bind?
If yes, set the ConnectionSecurity subkey name to 1. Specify a

username and password. The username must be in distinguished
name (DN) format.
If no, no action is required.
17-13
Chapter 17
About Basic Directory Integration

Cisco Unified Client Services Framework can use a Basic Directory Integration (BDI) to retrieve
contacts from the Active Directory server. Cisco Unified Personal Communicator receives the majority
of its LDAP configuration from the LDAP Profile provided by the Cisco Unified Presence server. Only
a small subset of Basic Directory Integration configuration items are configurable only through registry
settings.
For information about the LDAP Profile provided, refer to Integrating the LDAP Directory, page 15-1.
Cisco recommends that you use Enhanced Directory Integration (EDI) because EDI provides significant
advantages over BDI, as described in Feature Comparison of Enhanced and Basic Directory Integration,
page 17-2.
The configuration you must perform if you use BDI to retrieve contacts from the Active Directory server
is described here:About Phone Number Masks, page 17-20.
Group Policy administrative templates are provided with Cisco Unified Personal Communicator. You
can use one of these templates to define the Client Services Framework registry settings on a system, or
for groups of users. For information about how to accomplish this task, refer to Using an Active
Directory Group Policy Administrative Template to Configure Client Services Framework Clients,
page 17-14.
Using an Active Directory Group Policy Administrative Template to Configure

Client Services Framework Clients
Group Policy administrative templates are provided with Cisco Unified Personal Communicator. You
can use one of these templates to define the Client Services Framework registry settings on a system or
for groups of users.
The administrative templates included in this package provide support for deployment to a group of
domain users that is managed through a Group Policy at the Active Directory level. Files intended for
deployment through Group Policy have Group_Policy in the filename.
The administrative template files provided can be used to support Windows Server 2003 or 2008
environments. The files used depends on the Windows Server environment. These files are as follows:
1.
ADM - ADM files are used for Group Policy management in a Windows Server 2003 environment.
They can be used in a Windows Server 2008 environment if required.
2.
ADML / ADMX - ADML / ADMX files are used for Group Policy management in a Windows
Server 2008 environment. They are not backward compatible to Windows Server 2003.
The procedures contained in this section should only be used a reference for deploying Group Policies.
If you are not already familiar with the Group Policy management process, consult the Windows Server
2003 or Windows Server 2008 documentation provided by Microsoft. This documentation provides full
instructions on Group Policy management and should be consulted before deployment.
This section contains the following procedures:
Deployment of Group Policy Administrative Templates in a Windows Server 2003 Environment,

page 17-15
Deployment of Group Policy Administrative Templates in a Windows Server 2008 Environment,

page 17-15
17-14
Chapter 17

Note
Registry keys may be deployed on local systems for testing purposes.
Deployment of Group Policy Administrative Templates in a Windows Server 2003 Environment

Use the following procedure to guide the deployment of Group Policy administrative templates in a
Windows Server 2003 environment.
Procedure
Step 1
Launch Active Directory Users and Computers.
Step 2
Browse to the container containing the users to which the new policy will be applied.
Step 3
View the container properties and select the Group Policy tab.
Step 4
Create a new Group Policy object with the desired name.
Step 5
Highlight the new object and select Edit.
Step 6
Add a new template to the Administrative Templates section.
Step 7
Right click on the Administrative Templates folder and select Add/Remove Templates.
Step 8
Browse to the location of the desired ADM file.
Step 9
Select the file and click OK.
Step 10
A folder named Cisco Unified Client Services Framework or Cisco Unified Personal Communicator
should be present below the Administrative Templates folder.
Step 11
Manage and deploy registry keys to the selected user group from here.
Deployment of Group Policy Administrative Templates in a Windows Server 2008 Environment

Use the following procedure to guide the deployment of Group Policy administrative templates in a
Windows Server 2008 environment.
Procedure
Step 1
Browse to the location of the policy definitions on the Active Directory server. These are typically found
in C:\Windows\PolicyDefinitions.
Step 2
Copy the desired ADMX file to that location.
Step 3
Open the en-US folder.
Step 4
Copy the desired ADML file to that location.
Step 5
Launch the Group Policy Management console. This is typically found on the Start Menu at Start >
All Programs > Administrative Tools.
Step 6
Right click the container which holds the users to which the policy will be applied.
Step 7
Select Create a GPO in this domain and, Link it here.
Step 8
Provide an appropriate name.
Step 9
Click OK.
Step 10
Expand the selected user container. It should contain the newly created GPO with the provided name.
17-15
Chapter 17
Step 11
Right click the GPO object and select Edit.
Step 12
Expand the Policies folder.
Step 13
Expand the Administrative Templates folder.
Step 14
A folder named Cisco Unified Client Service Framework or Cisco Unified Personal Communicator
will be present depending on the imported policy file.
Step 15
Manage and deploy registry keys to the selected user group from here.
Registry Location on Client Machines

After the administrative templates are configured and pushed to a client, the key values are located in
the following registry locations:
Keys contained in the Dial via Office Settings folder:

HKEY_CURRENT_USER\Software\Policies\Cisco Systems, Inc.\Unified
Communications\CUPC8
Keys used for Basic Directory Integration:

Framework\AdminData
Keys used for Enhanced Directory Integration:

Framework\Active Directory
Configuration of LDAP Registry Settings

Table 17-9 lists the registry subkeys that you may use for BDI or EDI LDAP configuration. If you use
Enhanced Directory Integration (EDI) instead of Basic Directory Integration (BDI), you might not need
to specify values for any registry settings.
17-16
Chapter 17

Table 17-9
LDAP Registry Subkeys
Subkey Names
Description
LDAP_enableWildcardMat Set this value to False to disable wildcard searches for phone numbers in
chesForPhoneNumberSearc the LDAP.
hes
If you set this key to True, the speed of searches of the LDAP might be
affected.
You can use phone number masks instead of wildcard searches.
Typically, you do not need to use wildcard searches if the phone numbers
in your directory are in +E.164 format.
LDAP_SearchFields
Specify the Active Directory field or fields to search when users search
for contacts. Specify one or more of the following values, separated by
spaces:
LDAP_AttributeName_UserAccountName
LDAP_AttributeName_lastName
LDAP_AttributeName_firstName
LDAP_AttributeName_displayName
The default behavior is that all of these fields are searched. You might
want to search fewer of these fields. For example, you might want to
search only those fields that are indexed.
LDAP_UriSchemeName
The Active Directory attribute that is the value that is specified in the
LDAP_AttributeName_uri subkey name. Typically, this Active
Directory field value is prefixed by a scheme name, for example, one of
the following:
im:
sip:
If a scheme name is used, you must specify the scheme name in the
LDAP_UriSchemeName subkey name to ensure an exact match for
searches.
If no value is specified in the LDAP_UriSchemeName subkey name, a
wild card search is used. The wild card search might adversely affect
Active Directory performance, especially if the field is not indexed.
For example, if the Active Directory field
msRTCSIP-PrimaryUserAddress is populated with URIs of the format
sip:mweinstein@example.com, the following is a recommended
configuration:
LDAP_AttributeName_uri
LDAP_AttributeName_uri subkey name:

LDAP_UriSchemeName subkey name: sip:
Registry Sub keys to Use to Map Client Services Framework Searches

to Active Directory.
Typical value = msRTCSIP-PrimaryUserAddress
17-17
Chapter 17
Table 17-9
LDAP Registry Subkeys (continued)
Subkey Names
Description
LDAP_SearchByUsername
Enable or disable voicemail LDAP searches for phone number and email
address. If disabled, the User ID from the Unity email address is used.
For example, for a user configured as 'calane@cisco.com' in Unity, the
LDAP search performed in voicemail will be for user account name
calene.'
For 'pizza-guy' voicemail contacts, a telephone number lookup is still
performed.
This registry key is a String value located in
HKEY_CURRENT_USER\Software\Policies\Cisco Systems,
Inc.\Client Services Framework\Active Directory. Set the key to True to
enable this functionality and False to disable it. False is the default.
LDAP_DisableSecondaryN
umberLookups
Specify whether users can search for the mobile, other, or home numbers
of contacts, if the work number is not available.
Enter one of the following values:
0: Users can search for the mobile, other, or home numbers of

contacts.
1: Users cannot search for the mobile, other, or home numbers

of contacts.

EnableNativeDirectoryProv Specify whether to use Enhanced or Basic Directory Integration to get
ider
contact information from Active Directory. Enter one of the following
values:
0: Use Basic Directory Integration. This is the default value.
1: Use Enhanced Directory Integration
Data type: REG_SZ

LDAP_PhoneNumberMask( Set masks to use when users search for a phone number.
BDI) / PhoneNumberMasks For example, if a user receives a call from +14085550100, but the
(EDI)
number is stored in Active Directory as +(1) 408 555 0100, you can
ensure that the contact is found if you set the following mask:
+1408|+(#) ### ### ####
There is no restriction on the length of a mask string, except that the
length cannot exceed the size that is allowed in registry subkey names.
Typically, you do not need to use phone number masks if the phone
numbers in your directory are in +E.164 format.
LDAP_DisableNumberLoo
kups
When an incoming call is received, or an outgoing call is made, to a

number not in the users contact list or communication history, an LDAP
query is performed to find that number within the directory. If a match
is found, the client can then display contact information about this
number. This lookup can be disabled by setting this registry key to false.
This will disable all phone number lookups. The client will not be able
to display contact information for any incoming or outgoing numbers if
this value is set to false.
17-18
Chapter 17

Directory attribute default values are the standard Active Directory attribute names. Directory attributes
are only configured in the registry when using EDI and default values are not sufficient. BDI uses the
LDAP Profile values provided by the Cisco Unified Presence server.
The following table outlines the directory attributes and their default values.
Table 17-10
Directory Attribute Values
Directory Attribute
Value
BusinessPhone
Business Phone attribute (default value is:

'telephoneNumber')
CommonName
Common Name attribute (default value is: 'cn')
CompanyName
Company name attribute (default value is:

'company')
DisplayName
Display name attribute (default value is:

'displayName')
DomainName
Domain name attribute (default value is:

'userPrincipalName')
EmailAddress
Email address attribute (default value is: 'mail')
Firstname
Firstname attribute (default value: 'givenName')
HomePhone
Home phone attribute (default value:

'homePhone')
Lastname
Lastname attribute (default value is: 'sn')
Location
Location attribute (default value is: 'co')
MobilePhone
Mobile number attribute (default value is:

'mobile')
Nickname
Nickname attribute (default value is:

'mailNickname')
OtherPhone
Other phone attribute (default value is:

'otherTelephone')
PhotoUri
Photo Uri attribute (default value: 'photoUri')
PostalCode
Post code attribute (default value: 'postalCode')
PreferredNumber
Preferred Number attribute (default value

'telephoneNumber')
SipUri
An IP Uri attribute (default value:

'msRTCSIP-PrimaryUserAddress')
State
State attribute (default value: 'st')
StreetAddress
Street Address attribute (default value:

'streetAddress')
Title
Title attribute (default value 'title')
UserAccount
User account name attribute (default value

'sAMAccountName')
Related Topics
About Enhanced Directory Integration, page 17-4
17-19
Chapter 17
About Phone Number Masks

You can set masks to use when the Cisco Unified Personal Communicator searches Active Directory for
a phone number.
When you place a call, the Cisco Unified Personal Communicator might search the Active Directory to
get the contact information that corresponds to a phone number. When you receive a call, the
Cisco Unified Personal Communicator might search the Active Directory to resolve a phone number to
a contact name. If the phone numbers in your Active Directory are not in +E.164 format, then these
searches might not resolve to users in your Active Directory. You can apply masks to searches to
counteract this problem.
For example, if a user receives a call from +14085550100, but the number is stored in Active Directory
as +(1) 408 555 0100, you can ensure that the contact is found if you set the following mask:
+1408|+(#) ### ### ####
The mask is applied to the number before Active Directory is searched for the number. If you configure
masks correctly, directory searches succeed as exact match lookups. Therefore, these searches have a
minimal impact on the performance of the directory server.
Typically, you do not need to use phone number masks if the phone numbers in your directory are in
+E.164 format. You can use phone number masks with either Enhanced Directory Integration (EDI) or
Basic Directory Integration (BDI).
Related Topics
Elements of Phone Number Masks, page 17-20
Subkey Names for Specifying Masks, page 17-22
Elements of Phone Number Masks

The following table describes the elements that you can include in masks:
17-20
Chapter 17

Element
Description
Phone number pattern
You must specify a number pattern to which you want to apply the mask.
For example, to specify a mask for searches that begin with +1408, you can
use the following mask:
+1408|+(#) ### ### ####
When you identify number patterns to which to apply masks, you can use
multiple masks with the same number of digits. This enables the mask to
deal with scenarios where phone numbers at different company sites might
have the same number of digits, but with different patterns.
For example, your company might have site A and site B, and each site
maintains their own directory information. You could end up with two
formats for number, such as the following:
+(1) 408 555 0100
+1-510-5550101
In this scenario, to resolve +E.164 numbers of 12 digits correctly, you can
set up the phone masks as follows:
+1408|+(#) ### ### ####|+1510|+#-###-#######
Pipe symbol (|)
Separate pairs of number patterns and masks with a pipe symbol, as shown
in the following example:
+1408|+(#) ### ### ####|+34|+(##) ### ####
When you add multiple masks for your searches, each mask must have a
different number pattern.
When the Cisco Unified Personal Communicator searches Active Directory
for a phone number, only one mask is applied to the phone number before
the search. If a phone number matches more than one number pattern, then
the number pattern that matches the most digits in the phone number is
chosen, and the associated mask is applied.
17-21
Chapter 17
Element
Description
Wildcard character
You can also use wildcard characters in masks. Use an asterisk (*) to
represent one or more characters. For example, you can set a mask as
follows:
+3498|+##*##*###*####
If Cisco Unified Personal Communicator searches Active Directory for the
+E.164-format number +34985550199, the search can find any of the
following formats in the directory:
+34(98)555 0199
+34 98 555-0199
+34-(98)-555.0199
Reverse mask
You can also use a reverse mask. A reverse mask is applied from right to
left. The mask and phone number pattern are traversed from right to left,
and each character in the mask is checked to decide whether to copy a digit
from the phone number.
Use reverse masks if you want to do both of the following when Cisco
Unified Personal Communicator searches Active Directory:
Modify some of the leading digits of phone numbers.
Format the numbers to match your directory format.
For example, you can set a reverse mask as follows:

+3498|R+34 (98) 559 ####
If this mask is applied to +34985550199, the result is +34 (98) 559 0199.
You can use a mixture of forward and reverse masks.
Related Topics
Subkey Names for Specifying Masks, page 17-22
Subkey Names for Specifying Masks

Phone Number lookup mask locations for EDI and BDI are specified as follows:
Type of Directory Integration Set Mask in This Subkey Name
Enhanced Directory
Integration (EDI)
PhoneNumberMasks in [HKEY_CURRENT_USER\Software\Cisco
Systems, Inc.\Client Services Framework\Active Directory]
Basic Directory Integration

(BDI)
LDAP_PhoneNumberMask in
[HKEY_CURRENT_USER\Software\Cisco Systems, Inc.\Client
Services Framework\AdminData]
Related Topics
Elements of Phone Number Masks, page 17-20
17-22
Chapter 17

About Retrieving Photos for Contacts

Cisco Unified Client Services Framework can retrieve photo information for contacts as follows:
(Enhanced Directory Integration only) Retrieve a binary photo from Active Directory
(Basic and Enhanced Directory Integration) Retrieve a static URL from Active Directory
(Enhanced Directory Integration only) Retrieve a dynamically-created URL from Active Directory
Retrieval of Binary Photos from Active Directory

A photo is stored as a binary object in Active Directory. Cisco Unified Client Services Framework
retrieves the attribute content of the directory attribute that is defined by the PhotoUri setting.
Enhanced Directory Integration (EDI) parses the content of the attribute returned. If the attribute
contains binary data, the content displayed as a JPEG photo. If the attribute contains a URL, the photo
is retrieved from the URI.
If a directory user object has a photo stored in the thumbnailphoto attribute setting, set PhotoUri to
thumbnailphoto if you want the Cisco Unified Client Services Framework to retrieve the photo from this
field. You can also store a photo in the jpegPhoto attribute in Active Directory.
Microsoft Lync and Microsoft Outlook also use the thumbnailphoto binary attribute to retrieve photos.
Retrieval of Static URLs from Active Directory

You can retrieve a static URL that points to a photo from Active Directory in both Enhanced and Basic
Directory Integration.
Enhanced Directory Integration (EDI) parses the content of the attribute returned. If the attribute
contains binary data, the content displayed as a JPEG photo. If the attribute contains a URL, the photo
is retrieved from the URI. For example, the attribute might contain a URL structured as follows:
http://staffphoto.example.com/mweinstein.jpg
The string that is stored in the Active Directory is a static URI string that points to a location of a photo.
Note
The basic directory attribute map uses a different setting for attribute name. The EDI PhotoUri must be
populated if the photo attribute is not stored in an Active Directory field called PhotoUri.
Retrieval of Dynamic URLs from Active Directory

You can configure EDI to construct a photo URL dynamically based on another directory attribute. The
photo URL is constructed from a base URL and a substitution token.
For example, if your organization maintains a web server of staff photos, and the filenames of the photos
match the user account names, then you can create the following configuration:
17-23
Chapter 17
Setting
Value
UserAccount
sAMAccountName
PhotoUri
http://staffphoto.example.com/PHOTONAME.jpg
PhotoUriSubstitutionEnabled
true
PhotoUriSubstitutionToken
PHOTONAME
The value of the string PHOTONAME is replaced with the directory attribute specified by the
AccountName setting. If you use the preceding configuration, a user with a sAMAccountName of
mweinstein results in the following URL:
http://staffphoto.example.com/mweinstein.jpg
17-24
CH A P T E R
18
Configuring Additional Registry Keys for

May 30, 2012
This chapter contains information about the additional registry key customizations provided by
Cisco Unified Personal Communicator over and above those set aside for Active Directory.
For information specific to Cisco Jabber clients, such as Jabber for Windows, see the appropriate
Related Topics
Mapping Registry Keys, page 18-2
Configuration of Video Registry Settings, page 18-2
Configuration of CTI Registry Settings, page 18-2
Configuration of Web Conferencing Registry Settings, page 18-2
Related Topic, page 18-2
For information about configuring this feature, see the Release Notes for Cisco Unified Personal
Communicator Release 8.5., page 18-3
18-1
Chapter 18

All registry keys discussed in this chapter are located in
Framework\AdminData, with the exception of those associated with Dial via Office (DVO) functionality,
unless otherwise noted. Registry keys associated with Dial via Office are located in
HKEY_CURRENT_USER\Software\Policies\Cisco Systems, Inc.\Unified Communications\CUPC8.
Configuration of Video Registry Settings

Table 18-1 lists the registry subkeys that you must use to specify the video registry settings.
Table 18-1
Video Registry Settings
Subkey Names
Description
VideoEnabled
Setting this key to 'false', will disable all video

capabilities in CUPC.
Video capabilities are enabled by default.
Configuration of CTI Registry Settings

Table 18-2 lists the registry subkeys that you must use to specify CTI registry settings.
Table 18-2
CTI Registry Settings
Subkey Names
Description
CtiServerJtapiLibDownloadPort
Allows for an alternative port to be used to

download the Jtapi.jar file from CUCM.
This file is used to support deskphone mode.
By default, port 80 is used. Currently, the only
other alternative port which can be used is '8080'.
Configuration of Web Conferencing Registry Settings

Table 18-3 lists the registry subkeys that you must use to specify web conferencing registry settings.
Table 18-3
Web Conferencing Registry Settings
Subkey Names
Description
WebConfSSOIdentityProvider
If using WebEx SSO, enter the name of the

provider type such as meetingplace'.
Related Topic
How to Configure Conferencing Servers for Cisco Unified Personal Communicator, page 13-12
18-2
Chapter 18


Table 18-4 lists the registry subkeys that you must use to specify Dial via Office registry settings.
Table 18-4
Dial via Office Registry Settings
Subkey Names
Description
DVOModeEnabled
Setting this key to false will disable the Dial via

Office functionality introduced in Cisco Unified
Personal Communicator 8.5(2).
This feature is enabled by default
For information about configuring this feature, see the Release Notes for Cisco Unified Personal
Communicator Release 8.5.
Configuration of Additional Registry Settings

Table 18-5 lists additional registry keys that provide additional Cisco Unified Personal Communicator
customizations.
Table 18-5
Additional Registry Settings
Subkey Names
Description
AudioCustomRingtone
Cisco Unified Personal Communicator supports the use of

custom ring tones. Cisco will provide a set of custom
ringtones. Only these ringtones are supported.
The ringtone can be specified in a registry setting or in a
directory named ringtone in the CSF appdata / roaming
directory. The ringtone must be copied to that location by the
administrator. To change a ringtone, the new file is copied
into the correct location and the client restarted.
DeskphoneStartupMode
This key is used to start Cisco Unified Personal

Communicator in deskphone mode. In a VDI environment the
client needs to be started in deskphone mode. To meet this
requirement, this registry subkey has been introduced.
If the value of this key is set to 1, the client will start in
deskphone mode. If is not set, or has a value other than 1, the
client will start up by using the last phone mode the client
used during start up.
18-3
Chapter 18
Table 18-5
Additional Registry Settings (continued)
Subkey Names
Description
AutomaticTetheredPhoneSelection
This key is used to set the Automatic Tethered Phone

Selection feature. Cisco Unified Personal Communicator
users will often have multiple deskphone devices assigned to
them but only one that is tethered to their workstation through
an Ethernet cable. This feature ensures that the tethered
phone is always selected when a Cisco Unified Personal
Communicator user enters deskphone mode.
This feature is disabled by default.
The following usage scenarios outline the operation of this
feature when it is enabled through the registry:
If the user manually changes their deskphone device

from the tethered device to a new one while the device is
available, the new device will be chosen and automatic
selection will be switched off.
If the user manually changes their deskphone device

from tethered while the device is not available, the new
phone device will be selected but when the tethered
phone becomes available again Cisco Unified Personal
Communicator will automatically switch back to it.
If the user manually changes the deskphone device to

tethered, automatic selection will be switched on.
If the user changes phone modes, automatic selection

will be switched on.
Note
18-4
This feature will also work if the user is logged in to

their tethered phone with extension mobility.
CH A P T E R
19
How to Configure Multilingual Support for Cisco

Unified Presence
May 30, 2012
If you want to expand your Cisco Unified Presence deployment to support multiple languages, you must
configure Cisco Unified Communications Manager and Cisco Unified Presence to support the user
locales that you require. There is no limit to the number of supported languages.
Installing the Locale Installer on Cisco Unified Communications Manager, page 19-1
Installing the Locale Installer on Cisco Unified Presence, page 19-3
Localized Applications, page 19-5
Installing the Locale Installer on Cisco Unified Communications

Manager
User locale files provide translated text for user applications and user web pages in the locale that the
user chooses. User locales are country-specific.
Before You Begin
Install Cisco Unified Communications Manager (Release 6.x or a higher release) on every server in
the cluster before you install the Cisco Unified Communications Manager Locale Installer.
If you want to use a locale other than English, you must install the appropriate language installers
on both Cisco Unified Communications Manager and on Cisco Unified Presence. Ensure the locale
installer is installed on every server in the cluster (install on the Publisher server before the
Subscriber servers).
User locales should not be set until all appropriate locale installers are loaded on both systems. Users
may experience problems if they inadvertently set their user locale after the locale installer is loaded
on Cisco Unified Communications Manager but before the locale installer is loaded on Cisco
Unified Presence. If issues are reported, we recommend that you notify each user to sign into Cisco
Unified Communications Manager user options pages and change their locale from the current
setting to English and then back again to the appropriate language. Yo u can also use the BAT tool
to synchronize user locales to the appropriate language.
You must restart the servers for the changes to take effect. After you complete all locale installation
procedures, restart each server in the cluster. Updates do not occur in the system until you restart all
servers in the cluster; services restart after the server reboots.
19-1
Chapter 19
Installing the Locale Installer on Cisco Unified Communications Manager
Procedure
Step 1
Perform one of the following actions to download the locale installer:
Step 2
To download the locale installer from
Do this:
Cisco website
a.
Click:
http://www.cisco.com/kobayashi/sw-center/telep
hony/callmgr/locale-installer.shtml
Plugin window in Cisco Unified Communications
Manager Administration
Go to Step 2.
a.
Sign in to Cisco Unified Communications

Manager Administration using the
administrator account and password
b.
Select Application > Install Plugins.
c.
Click the icon that represents the Cisco

Unified Communications Manager Locale
Installer.
d.
Go to Step 2.
Step 3
Click the version of the Cisco Unified Communications Manager Locale Installer.
Step 4
To download the installer file to the server, click Download.
Step 5
After downloading the file, save the file to the hard drive and note the location of the saved file.
Step 6
Double-click the file to begin the installation.
Step 7
Perform these actions to complete the installation:
Window
Configuration Steps
License Agreement Window
a.
Read and accept the license agreement.
Page 1 of 4
b.
Click Next to display the Readme Notes dialog.

The readme notes contain build-time information such as
components and devices that are supported in the released build.
The readme may be printed for reference. Examine and accept
the readme notes then click Next to proceed to the Setup Type
dialog.
Note
Setup Type Window
a.
Select a custom setup type to allow you to select or deselect user

locales as required.
b.
Click Next.
Page 2 of 4
19-2
b.
Chapter 19

Window
Configuration Steps
Start Copying Files Window
a.
Review the setup options.
Page 3 of 4
b.
Click Next.
Ready to Install the Program Click Install to start the installation of the selected user locales.
Window
Note
The speed of installation depends on the performance of the
Page 4 of 4
server. It is estimated to take between two to ten minutes to
complete the database update. Observe the progress bar and text
above it to determine the status of installation.
Step 8
When the installation is complete, a new dialog requests confirmation of a restart. Should you wish to
apply another locale installer, repeat this procedure before restarting the server in order to reduce
downtime.
Step 9
Click Finish. The Setup dialog box displays. Do not click any buttons or press any keys.
Step 10
When the dialog box automatically closes, you have completed the installation on the server. Install the
Cisco Unified Communications Manager Locale Installer on every server in the cluster.
Step 11
After you complete all locale installation procedures, complete these actions:
Step 12
a.
Run the following command on the CLI: run sql update enduser set cucm_cdrtime=0
b.
Restart the Sync Agent service in Cisco Unified Serviceability (select Tools > Service Activation).
c.
Restart each server in the cluster.
Verify that your users can select the locale(s) for supported products.
Troubleshooting Tip
Make sure that you install the same components on every server in the cluster.
What To Do Next
Installing the Locale Installer on Cisco Unified Presence, page 19-3

Before You Begin
Install the Locale Installer on Cisco Unified Communications Manager. If you want to use a locale
other than English, you must install the appropriate language installers on both Cisco Unified
Communications Manager and on Cisco Unified Presence.
If your Cisco Unified Presence cluster has more than one node, make sure that the locale installer is
installed on every server in the cluster (install on the Publisher server before the Subscriber servers).
User locales should not be set until all appropriate locale installers are loaded on both systems. Users
may experience problems if they inadvertently set their user locale after the locale installer is loaded
on Cisco Unified Communications Manager but before the locale installer is loaded on Cisco
Unified Presence. If issues are reported, we recommend that you notify each user to sign into Cisco
Unified Communications Manager user options pages and change their locale from the current
setting to English and then back again to the appropriate language. You can also use the BAT tool
to synchronize user locales to the appropriate language.
19-3
Chapter 19
You must restart the server for the changes to take effect. After you complete all locale installation
procedures, restart each server in the cluster. Updates do not occur in the system until you restart all
servers in the cluster; services restart after the server reboots.
Procedure
Step 1
Browse to this location on cisco.com to locate the Cisco Unified Presence locale installer:
http://www.cisco.com/cisco/software/release.html?mdfid=283931705&flowid=28621&softwareid=282
074311&release=8.6%281%29&relind=AVAILABLE&rellifecycle=&reltype=latest
Step 2
Click the version of the Cisco Unified Presence Locale Installer that is appropriate for your working
environment.
Step 3
After downloading the file, save the file to the hard drive and note the location of the saved file.
Step 4
Copy this file to a server that supports SFTP.
Step 5
Sign into Cisco Unified OS Administration using the administrator account and password.
Step 6
Select Software Upgrades > Install/Upgrade.
Step 7
Select Remote File System as the software location source.
Step 8
Enter the file location, for example /tmp, in the Directory field.
Step 9
Enter the Cisco Unified Presence server name in the Server field.
Step 10
Enter your username and password credentials in the User Name and User Password fields.
Step 11
Select SFTP for the Transfer Protocol.
Step 12
Click Next.
Step 13
Select the Cisco Unified Presence locale installer from the list of search results.
Step 14
Click Next to load the installer file and validate it.
Step 15
After you complete the locale installation, restart each server in the cluster.
Step 16
The default setting for installed locales is "English, United States. While your Cisco Unified Presence
server is restarting, change the language of your browser, if necessary, to match the locale of the installer
that you have downloaded.
If you use this browser:
Configuration Steps
Internet Explorer
a.
Select Tools > Internet Options.
Version 6.x
b.
Select the General tab.
c.
Click Languages.
d.
Use the Move Up button to move your preferred language to the top
of the list.
e.
Click OK.
Mozilla Firefox
a.
Select Tools > Options.
Version 3.x
b.
Select the Content tab.
c.
Click Choose in the Languages section of the window.
d.
Use the Move Up button to move your preferred language to the top
of the list.
e.
Click OK.
19-4
Chapter 19

Note
Step 17
Cisco Unified Presence does not currently support Safari browser.
Verify that your users can select the locale(s) for supported products.
Troubleshooting Tip
Make sure that you install the same components on every server in the cluster.
Related Topics
Localized Applications, page 19-5
Cisco Unified Presence applications support a variety of different languages. See Table 19-1 for a list of
localized applications and the available languages.
19-5
Chapter 19
Table 19-1
List of Localized Applications and Supported Languages
Interface
Supported Languages
End User Applications

IP Phone Messenger
User Options
Arabic (Algeria, Bahrain, Egypt, Iraq, Jordan, Kuwait,

Lebanon, Morocco, Oman, Qatar, Saudi Arabia, Tunisia,
United Arab Emirates, Yemen)
Bulgarian
Catalan (Spain)
Chinese (China, Hong Kong, Taiwan)
Croatian
Czech (Czech Republic)
Danish (Denmark)
Dutch (Netherlands)
English
Estonian (Estonia)
Finnish (Finland)
French (France)
German (Germany)
Greek (Greece)
Hebrew (Israel)
Hungarian (Hungary)
Italian (Italy)
Japanese (Japan)
Korean (Korean Republic)
Latvian (Latvia)
Lithuanian (Lithuania)
Norwegian (Norway)
Polish (Poland)
Portuguese (Brazil, Portugal)
Romanian (Romania)
Russian (Russian Federation)
Serbian (Republics of Montenegro and Serbia)
Slovak (Slovakia)
Slovenian (Slovenia)
Spanish (Columbia and Spain)
Swedish (Sweden)
Thai (Thailand)
Turkish (Turkey)
Administrative Applications
Administration
Chinese (China), English, Japanese (Japan), Korean

(Korean Republic)
OS
Chinese (China), English, Japanese (Japan), Korean

(Korean Republic)
19-6
A P P E N D I X
Configuring Cisco Unified Presence for an

IM-Only Deployment
May 30, 2012
IM-Only Configuration Steps, page A-1

This section describes the required configuration for an IM-only Cisco Unified Presence deployment.
Configuration Procedure
Reference
Create your users on Cisco Unified

See the Cisco Unified Communications Manager

documentation at this URL:
http://www.cisco.com/en/US/products/sw/voicesw/ps
556/tsd_products_support_series_home.html
Configure the license requirements for Cisco Follow the configuration procedures described in the
Unified Presence and Cisco Unified Personal chapter Configuring the Licensing for this Integration,
Communicator.
page 2-1.
On Cisco Unified Presence, perform these
configuration procedures to integrate
Configure the Proxy Listener and TFTP

Server Addresses
Configure the Cisco Unified Personal

Communicator Service Parameter
Integrate the LDAP server for Cisco Unified

Configuring the Proxy Listener and TFTP

Addresses, page 12-21
(Cisco Unified Personal Communicator Release

7.1) Configuring the Service Parameters,
page 12-24
Follow the configuration procedures described in the

chapter Integrating the LDAP Directory, page 15-1.
A-1
Appendix A
A-2
Configuring Cisco Unified Presence for an IM-Only Deployment
A P P E N D I X

May 30, 2012
How to Use the High Availability Login Profiles, page B-1
2 GB Active/Active Profile, page B-3
2 GB Active/Standby Profile, page B-4
How to Use the High Availability Login Profiles
Important Notes About the High Availability Login Profiles, page B-1
Using the High Availability Login Profile Tables, page B-2
Example High Availability Login Configurations, page B-3
Important Notes About the High Availability Login Profiles
The High Availability login profiles only apply to Cisco Unified Presence Release 8.5 or higher 8.x
releases, and Cisco Unified Personal Communicator Release 8.5 or higher 8.x releases.
You can use the High Availability login profile tables in this section to configure the upper and lower
client re-login values for your subcluster. You configure the upper and lower client login values by
selecting Cisco Unified Presence Administration > System > Service Parameters, and selecting
Cisco UP Server Recovery Manager from the Service menu.
By configuring the upper and lower client re-login limits on your subcluster based on the tables we
provide here, you can avoid performance issues and high CPU spikes in your deployment.
We provide a High Availability login profile for each Cisco Unified Presence server memory size
(2, 4 or 6 GB), and for each High Availability deployment type, active/active or active/standby.
The High Availability login profile tables are calculated based on the following inputs:
B-1
Appendix B
How to Use the High Availability Login Profiles
The Users Moved Per Iteration service parameter. This parameter determines the number of
users moved per iteration during a failover or a fallback operation. We provide a recommended
value for the Users Moved Per Iteration service parameter for each High Availability login
profile table.
The total number of users in the subcluster for Active/Standby deployments, or the node with
highest number of users for Active/Active deployments.
You must configure the upper and lower client re-login limit values, and the Users Moved Per
Iteration service parameter on both nodes in a subcluster. You must manually configure all these
values on both nodes in the subcluster.
The upper and lower client re-login limit values must be the same on each node in the subcluster.
If you rebalance your users, you must reconfigure the upper and lower client re-login limit values
based on the High Availability login profile tables.
Related Topic
Using the High Availability Login Profile Tables

Use the High Availability login profile tables to retrieve the following values:
Client Re-Login Lower Limit service parameter value
Client Re-Login Upper Limit service parameter value.
Users Moved Per Iteration service parameter value.
Procedure
Step 1
Select a profile table based on your memory size, and your High Availability deployment type.
Step 2
In the profile table, select the number of users in your deployment (round up to the nearest value). If you
have an active/standby deployment, use the node with the highest number of users.
Step 3
Based on the Number of Users value for your subcluster, retrieve the corresponding lower and upper
retry limits in the profile table.
Step 4
Configure the lower and upper retry limits on Cisco Unified Presence by selecting Cisco Unified
Presence Administration > System > Service Parameters, and selecting Cisco UP Server Recovery
Manager from the Service menu.
Step 5
Retrieve the corresponding Users Moved Per Iteration service parameter value for your High
Availability login profile table.
Step 6
Configure the Users Moved Per Iteration value on Cisco Unified Presence by selecting Cisco Unified
Presence Administration > System > Service Parameters, and selecting Cisco UP Server Recovery
Manager from the Service menu.
Related Topic
Example High Availability Login Configurations, page B-3
B-2
Appendix B

Example High Availability Login Configurations

Example 1: 6GB Active/Standby Standard Deployment
You have 3,000 users in your subcluster, with 2000 users on one node, and 1000 users on the second
node. For active/standby deployments, we recommend you use the node with the highest number of
users, in this case the node with 2000 users. Using Table B-11, you retrieve these lower and upper retry
values:
Note
Number of Users
Lower Retry Limit
Upper Retry Limit
2000
40
107
The upper retry limit is the approximate time (seconds) it takes for all clients to login to their backup
node after a failover occurs.
You also configure the corresponding Users Moved per Iteration service parameter value for
Table B-11 which is 50.
Example 2: 4GB Active/Active IM-Only Deployment
You have 6800 users on the first node in your subcluster in an IM-only deployment. We recommend that
you round up to the nearest value, so using Table B-4 you retrieve the lower and upper retry value based
on a number of users value of 7000:
Number of Users
Lower Retry Limit
Upper Retry Limit
7000
280
1447
You also configure the corresponding Users Moved per Iteration service parameter value for Table B-4
which is 25.
Corresponding Users Moved per Iteration service parameter value: 6
Table B-1
User Login Retry Limits for Standard Deployment (2 GB Active/Active)
Number of Users
Lower Retry Limit
Upper Retry Limit
100
17
83
250 (Default)
42 (Default)
208 (Default)
500
83
417
B-3
Appendix B
Table B-2
User Login Retry Limits for Standard Deployment (2 GB Active/Standby)
Number of Users
Lower Retry Limit
Upper Retry Limit
100
17
57
250
42
142
500
83
283
750
125
425
1000
167
567
Table B-3
User Login Retry Limits for Standard Deployment (4GB Active/Active)
Number of Users
Lower Retry Limit
Upper Retry Limit
100
21
500 (Default)
20 (Default)
103 (Default)
1000
40
207
1500
60
310
2000
80
413
2500
100
517

Table B-4
User Login Retry Limits for IM-Only Deployment (4GB Active/Active)
Number of Users
Lower Retry Limit
Upper Retry Limit
3000
120
620
3500
140
723
4000
160
827
4500
180
930
5000
200
1033
6000
240
1240
7000
280
1447
7500
300
1550
B-4
Appendix B

Table B-5, Part 1
User Login Retry Limits for Standard Deployment (4GB Active/Standby)
Number of Users
Lower Retry Limit
Upper Retry Limit
100
14
500
20
70
1000
40
140
1500
60
210
2000
80
280
2500
100
350
3000
120
420
3500
140
490
4000
160
560
4500
180
630
5000
200
700

Table B-6
User Login Retry Limits for IM-Only Deployment (4GB Active/Standby)
Number of Users
Lower Retry Limit
Upper Retry Limit
6000
240
840
7000
280
980
8000
320
1120
9000
360
1260
10000
400
1400
11000
440
1540
12000
480
1680
13000
520
1820
14000
560
1960
15000
600
2100
This section includes the upper and lower user login retry limits for both standard and IM-only
deployments.
User Login Retry Limits for Standard Deployments, page B-6
User Retry Limits for IM-Only Deployments, page B-7
B-5
Appendix B

Table B-7
User Login Retry Limits for Standard Deployment (6 GB Active/Active)Cisco Unified

Presence Release 8.6(3) and earlier
Number of Users
Lower Retry Limit
Upper Retry Limit
100
500 (Default)
10 (Default)
38 (Default)
1000
20
76
1500
30
113
2000
40
151
2500
50
189

Table B-8
User Login Retry Limits for Standard Deployment (6 GB Active/Active)Cisco Unified

Presence Release 8.6(4) and later
Number of Users
Lower Retry Limit
Upper Retry Limit
100
10
500 (Default)
10 (Default)
52 (Default)
1000
20
103
1500
30
155
2000
40
207
2500
50
258
3000
60
310
3500
70
362
4000
80
413
4500
90
465
5000
100
517
6000
120
620
7000
140
723
7500
150
775
B-6
Appendix B

User Retry Limits for IM-Only Deployments

Table B-9
User Login Retry Limits for IM-Only Deployment (6 GB Active/Active)Cisco Unified

Presence Release 8.6(3) and earlier
Number of Users
Lower Retry Limit
Upper Retry Limit
3000
60
227
3500
70
264
4000
80
302
4500
90
340
5000
100
378
6000
120
453
7000
140
529
7500
150
569

Table B-10
User Login Retry Limits for IM-Only Deployment (6 GB Active/Active)Cisco Unified

Presence Release 8.6(4) and later
Number of Users
Lower Retry Limit
Upper Retry Limit
8000
160
827
9000
180
930
10000
200
1033
11000
220
1137
12000
240
1240
12500
250
1292
This section includes the upper and lower user login retry limits for both standard and IM-only
deployments.
User Login Retry Limits for Standard Deployments, page B-7
User Login Retry Limits for IM-Only Deployments, page B-9

B-7
Appendix B
Table B-11
User Login Retry Limits for Standard Deployment (6 GB Active/Standby)Cisco

Unified Presence Release 8.6(3) and Earlier
Number of Users
Lower Retry Limit
Upper Retry Limit
100
500 (Default)
10 (Default)
27 (Default)
1000
20
53
1500
30
80
2000
40
107
2500
50
133
3000
60
160
3500
70
187
4000
80
213
4500
90
240
5000
100
267

Table B-12

Unified Presence Release 8.6(4) and Later
Number of Users
Lower Retry Limit
Upper Retry Limit
100
500 (Default)
10 (Default)
33 (Default)
1000
20
65
1500
30
98
2000
40
131
2500
50
164
3000
60
196
3500
70
229
4000
80
262
4500
90
295
5000
100
327
6000
120
393
7000
140
458
8000
160
524
9000
180
589
10000
200
655
11000
220
720
12000
240
785
B-8
Appendix B

Table B-12

Unified Presence Release 8.6(4) and Later (continued)
Number of Users
Lower Retry Limit
Upper Retry Limit
13000
260
851
14000
280
916
15000
300
982
User Login Retry Limits for IM-Only Deployments

Table B-13
User Login Retry Limits for IM-Only Deployment (6 GB Active/Standby)Cisco

Unified Presence Release 8.6(3) and Earlier
Number of Users
Lower Retry Limit
Upper Retry Limit
6000
120
320
7000
140
373
8000
160
427
9000
180
480
10000
200
533
11000
220
587
12000
240
640
13000
260
693
14000
280
747
15000
300
800

Table B-14
User Login Retry Limits for IM-Only Deployment (6 GB Active/Standby)Cisco

Unified Presence Release 8.6(4) and Later
Number of Users
Lower Retry Limit
Upper Retry Limit
16000
320
1047
17000
340
1113
18000
360
1178
19000
380
1244
20000
400
1309
21000
420
1375
22000
440
1440
23000
460
1505
24000
480
1571
25000
500
1636
B-9
Appendix B
B-10
A P P E N D I X
Glossary of Terms
May 30, 2012
Term
Definition
Cluster
One or multiple subclusters providing service to a single Cisco

Unified Communications Manager cluster. Each Cisco Unified
Communications Manager cluster requires one Cisco Unified
Presence cluster.
High Availability Deployment
The deployment model that provides redundant services for users

in case of the failure of services or hardware. Cisco Unified
Presence supports a non High Availability deployment, a best effort
High Availability deployment, and redundant High Availability
deployment.
Intercluster
A collection of Cisco Unified Presence clusters interconnected to

provide uniform presence and IM services to all Cisco Unified
Presence clusters.
Lightweight Directory Access

Protocol (LDAP)
The Lightweight Directory Access Protocol (LDAP) provides

applications with a standard method for accessing and potentially
modifying the user information stored in the corporate directory.
This capability enables enterprises to centralize all user
information in a single repository available to several applications.
Line Appearance
A line appearance is the association of a particular line with a

particular device. A single line can be associated with multiple
devices, and a single device can be associated with multiple lines.
You can associate one user, or many users, with a line appearance,
rather than with a line or to a device.
Multi-node Feature
The Cisco Unified Presence multi-node feature enables the

customer to increase the scalability of a Cisco Unified Presence
cluster by a factor of three. The Cisco Unified Presence multi-node
feature allows the customer to create Cisco Unified Presence
groups, also known as subclusters, with up to 45,000 users within
a Cisco Unified Presence cluster.
C-1
Appendix C
Term
Definition
Subcluster
A single Cisco Unified Presence server, or a pair of Cisco Unified

Presence servers operating with a shared presence database that is
able to support common users. In a single-node deployment within
the subcluster, there is no High Availability failover protection for
the users assigned to that node. In a dual-node deployment within
a subcluster, users have High Availability failover protection as
each node acts as a backup for the other node allowing clients to
fail over in case of outages of components or nodes. In this highavailability mode, all users in the subcluster have failover
capabilities.
User
A presence user for whom Cisco Unified Presence will maintain

presence state. A Cisco Unified Presence user is assigned to a node
in a subcluster.
Node
A single Cisco Unified Presence server instance supporting up to

15,000 users. A Cisco Unified Presence node can be assigned to a
subcluster.
C-2
Glossary of Terms

CUPdeploy

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

CUPdeploy

Încărcat de

Drepturi de autor:

Formate disponibile

Deployment Guide for Cisco Unified

Presence Release 8.6

Overview of a Basic Integration

About the Cisco Unified Presence Interfaces

Web Interface Timeout

Getting More Information

Configuring the Licensing for this Integration 2-1

Planning a Cisco Unified Presence Multi-Node Deployment

Deployment Guide for Cisco Unified Presence Release 8.6

Supported End Points 4-2

Multi-Node Hardware Recommendations

About Clustering over WAN Deployments 4-11

Performing a Cisco Unified Presence Multi-Node Deployment

How to Troubleshoot a Multi-Node Deployment

Configuring a Cisco Unified Presence Server for Deployment in the Network

Deployment Guide for Cisco Unified Presence Release 8.6

How to Update a Multi-Node Configuration after Deployment

Cisco UP XCP Router Restart

Restarting the Cisco UP XCP Router Service

How to Configure the Cluster Topology on Cisco Unified Presence 6-3

About High Availability Cisco Unified Presence Deployments 6-11

Deployment Guide for Cisco Unified Presence Release 8.6

Configuring the Throttling Rate for Availability State Change Messages

How To Configure the Authorization Policy on Cisco Unified Presence 6-39

Bulk Import of User Contact Lists 6-44

How to Turn On the Cisco Unified Presence Service

Single Sign-On Configuration 7-1

Deployment Guide for Cisco Unified Presence Release 8.6

Installing Java 7-4

Configuring Security on Cisco Unified Presence

Cisco Unified Presence Certificate Types

Deployment Guide for Cisco Unified Presence Release 8.6

Restarting the Cisco Unified Communications Manager Service

Integrating Third-Party XMPP Client Applications on Cisco Unified Presence

About Third-Party Client Integration 9-1

Configuring Chat on Cisco Unified Presence

About Chat 10-1

How to Manage Chat Node Aliases 10-7

Sample Deployments 10-12

Configuring the Cisco IP Phone Messenger Service

Prerequisites for Integrating Cisco IP Phone Messenger

How to Configure Cisco IP Phone Messenger on Cisco Unified Communications Manager

How to Configure Cisco IP Phone Messenger on Cisco Unified Presence 11-3

Configuring Basic Features for Cisco Unified Personal Communicator

Prerequisites for Integrating Cisco Unified Personal Communicator

Configuring Firewalls to Pass Cisco Unified Personal Communicator Traffic

Deployment Guide for Cisco Unified Presence Release 8.6

How to Configure Chat 12-10

About Configuring Cisco Unified Personal Communicator on

Deployment Guide for Cisco Unified Presence Release 8.6

How to Configure Video Calls and Videoconferencing 12-30

Deployment Guide for Cisco Unified Presence Release 8.6

Deploying and Upgrading Cisco Unified Personal Communicator

Pre-Deployment Tasks 14-1

How to Deploy the Application 14-8

Installation and Configuration of Headsets and Other Audio Devices

Use of Third-Party Headsets with Cisco Unified Personal Communicator

Deployment Guide for Cisco Unified Presence Release 8.6

Do Not Disturb Behavior of Cisco Unified Personal Communicator

Integrating the LDAP Directory

Prerequisites for Integrating the LDAP Directory

Configuring a Cisco Unified Presence Intercluster Deployment

About Intercluster Deployments 16-1

How to Configure Intercluster Peers 16-4