The growing importance of DNS in your CUCM configs

Hi Guys!

It used to be that DNS was an afterthought for most CUCM deployments, many engineers advocated at one point or another just using an IP address rather than dealing with the system team who could either be extremely cooperative or extremely slow.

Those days are GONE, my friends. 

Every bit of UC software you use should be properly configured with DNS.

 Infact, anywhere you CAN use DNS, you should be using it.

The main driver for this is definitely Jabber, I can't count the number of things that can go wrong with Jabber if you do not have your DNS configured correctly.

If you absolutely must get a system up very rapidly and the sysadmin team have been very slow to get there side finished, you can use a router as a temporary DNS server:

The config for this is shown below:

conf t
 ip domain-name
ip  dns server
ip name-server 8.8.8.8 4.4.2.2

ip host _cisco-uds._tcp.ccierants.com srv 0 10 8443 cucm01.ccierants.com
ip host cucm01 192.168.1.10
ip host unity 192.168.1.20

ip host imp 192.168.1.30
ip host _cuplogin._tcp.ccierants.com srv 0 10 8443 imp.ccierants.com



As you can see from the example above, you can use the host command to specify manual DNS entries, you can even do SRV records etc, the only records i can't seem to see are CNAME records, but for our purposes this does not matter.

You can then point your UC servers to this router as there DNS server as a temporary workaround while you wait for the system administration team.

How to tell what dial-peers are being matched on an ALREADY ACTIVE call

Hey Guys!

Working out what dial-peers got matched after a call has already begun sometimes seems like a bit of a mystery. For me at least I could never quite work it out. I ran across this command and thought I would share:

maui-gwy-06#show call active voice brief

!--- This information was captured once the call was placed and active.
!---
!--- 
!--- Notice that in this case, default VoIP(keyword IP) dial-peer 0 was 
!--- matched inbound.
 
Total call-legs: 2
87   : 257583579hs.1 +105 pid:0 Answer  active
 
 
In the example above, Dial-peer:0 was matched for the incoming since it showed Originate,  answer will show for incoming

Here's an example of a complete call:

 
 

0    : 1008757 10:18:47.997 CST Fri Aug 14 2015.1 +2630 pid:9999 Originate 15552226550 connected
 dur 00:17:21 tx:52067/8327756 rx:52050/8328000
 IP 216.200.200.XXX:19296 SRTP: off rtt:0ms pl:0/0ms lost:0/0/0 delay:0/0/0ms g711ulaw TextRelay: off
 media inactive detected:n media contrl rcvd:n/a timestamp:n/a
 long duration call detected:n long duration call duration:n/a timestamp:n/a

0    : 1008795 10:30:13.867 CST Fri Aug 14 2015.1 +11460 pid:99 Answer 5555921332 active
 dur 00:05:46 tx:17311/2769760 rx:17313/2770080
 IP 192.168.122.149:28152 SRTP: off rtt:0ms pl:0/0ms lost:0/0/0 delay:0/0/0ms g711ulaw TextRelay: off
 media inactive detected:n media contrl rcvd:n/a timestamp:n/a
 long duration call detected:n long duration call duration:n/a timestamp:n/a
 
 
The important sections are in bold, pid:XXXX (where XXX is the dial-peer) the keyword answer or originate (depending on
if this is the incoming dial-peer or outbound dialpeeer) and then the number that has been rung.

I hope this helps!

More Info Here:
http://www.cisco.com/c/en/us/support/docs/voice/call-routing-dial-plans/14074-in-dial-peer-match.html


 

Converting Wav for unity connection with audacity

Found this blog post and thought it was pretty useful:

http://snafder.blogspot.com/2011/01/saving-wav-files-in-ccitt-u-law-format.html

CCIE DC: Narrowing down server pool qualification

Time for some Server Pool Qualification-Inception!

So, you have made a server pool, and you assign a qualification against it etc, etc. All pretty normal right? Yep of course it is.

So next, you want to assign a service profile to a blade, during this process you can select a pool, one of the pools available is called "Default":

What you are doing HERE, is you can specify that not only does it have to be a member of a particular pool (as shown below) but it must also meet ANOTHER qualification, which is your seperate server pool qualification shown below









.

As the dialogue box even says itself "the selected qualification will be used to narrow down the set of eligble servers, it will NOT overwrite the pool policies associated with the pool


So there you have it, Pool Policy Inception

Cisco Data Center Product Line Update (UCS M-Series)

Hey Guys!

There has been lots of new Cisco Data Center products released in the past 6-12 months that due to moving country I haven't had the chance to talk about!

Hopefully the next upcoming blogposts will change some of that. I have been doing a lot of UC blogposts recently, so here's hopefully a catchup for you on some of the things in Data Center World!

First of all, let's talk about the UCS M-Series of servers. When first reading about the M-Series, your initial reaction may be one of confusion, it certainly was for me. Read on for more information...

The UCS M-Series server is kind of like a chassis-based rack server, you have a 2RU unit that can take up to 8 "Compute cartridges." These cartridges consist of CPU and memory, they don't have any HDD's or Adapters! Each compute cartridge is actually giving you TWO servers! So this 2 RU unit is providing 16 servers (when fully populated.)

 Supported count for these blades is 2, 4, 6 or 8. You can't have an uneven number for some reason.

A closer look at the specs of these servers reveals an interesting constraint:




The Intel CPU's available to you are not exactly going to set the world on fire, the E3 only has 4 cores for example.  This is by design: these servers are meant to use the minimum amount of power and cooling. The memory fully populates out at 32 gig (I believe 64 gig is coming.)

Here's the kicker that made me realise the purpose of these servers: they're not intended to run VMWare!

These servers are intended for custom applications where you need lots of easily accessible compute resources, where the application itself provides it's own fail-over capabilities.


For custom, bespoke applications like this, the ability to add more compute resources, as well as easily replace failed components is paramount. Cisco UCS M-Series enables this!

Imagine a world without VMware for a second: imagine how incredibly powerful Cisco UCS Service Profiles would be in a non-VM world, suddenly the statelessness of servers doesn't just make it easier to replace ESX-Hosts after failure. It would have been an absolute game changer.

For those companies with bespoke, custom applications that already have their own failover and scaling methods, the UCS M-Series provides the hardware piece of the puzzle, allowing them to easily provision new servers and replace failed servers.

To quote Todd Brannon of Cisco -  “We just see the increasing use of distributed computing, which is very different from heavy enterprise workloads, where you put many applications in virtual machines on a server node, This is about one application spanning dozens, hundreds, or thousands of nodes.”

For distributed computing or enterprise workloads, all that cooling and power costs money and takes up valuable space. The M-Series allows you to reach a density you simply couldn't reach even with a blade-chassis!

Hopefully I have done a decent job of explaining the real-world application for Cisco M-Series servers. It's all about high density for bespoke, single applications that use many servers (think online gaming, ecommerce, webhosting, etc.)

To make this possible, A few technologies where developed.

The first problem to be solved: All we want in the blade cartridges is CPU and RAM, no local disk and no adapters.


Instead of boot from SAN, each M-Series chassis has a collection of local disks, shared amongst the Compute-catridges. This is done in a similar fashion to the virtualization of adapters we see in VM-FEX by doing some nifty things with the PCI-E bus and the Virtual Interface Controller:


I am not sure why Cisco did not consider the use of boot-from-SAN to resolve this problem, perhaps they don't want the applications to rely on boot from SAN? Can I even configure boot from SAN on the M-Series? I intend to find the answers to these questions and will let you guys know ASAP!

In the back of the chassis you will find a slot for 4 local HDD's that will be shared amongst the blades (more detail on exactly how you configure that will be given in a later blogpost)






The table above gives you an idea of some of the options available.

From a network-out perspective, the chassis has 2 x QSFP 40 Gig connectors, providing tons of bandwidth out to your fabric interconnects, obviously you would cable from one port to FI-A and the other port to FI-B.

What's that I hear you say? But Pete! These are uplinked to an FI and the 6248 series is currently 10 gig SFP compatible only!


No problem here, simply use the QSFP 40 gig to 4 x 10 Gig SFP+ cable:



When you go into the UCS-Manager for these M-series, you will even see that the fabric interconnect shows 4 links per fabric interconnect (8 in total) even though their are only 2 physical interfaces:



Let's take a look at one of these chassis's so you can see all the uplinks:




You can see the slots for the disks (4 per chassis), the Management interfaces, console access, and of course the power supplies and 2 x 40 Gig QSFP+ uplinks.

Here's a look at the front of the chassis:





Finally, a logical diagram provides an overview of these connections:











I hope this gives you a deeper understanding and appreciation of the real-world problem the M-Series is trying to solve!

Cisco Jabber Directory options.

Hi Guys!

It's been a while since I posted my Cisco Jabber huge improvements blog! I even promised you I would explain the new directory options available in jabber!

Moving country etc got in the way and their has been a delay but better late than never right? I am also finding more and more customers are asking for jabber, It's no longer the joke compared to Microsoft Lync that it used to be. With collaboration edge and other improvements, it's a great program.

OK, on to directory options.

Cisco Jabber has three directory options:

Enhanced Directory Integration (EDI)
  • Windows devices only
  • Easiest to setup/No real setup required
  • The way I often hear this described is that it uses the outlook address book, this isn't actually what happens, the way EDI works is that the client uses DNS to find the local AD global catalog and binds to this using the login credentials of the user. A lot of Windows Applications use this Windows Directory API in a similar fashion. 
  • Other than making sure the client is a Windows PC and is actually on the domain, and that the user who is logging in is part of the domain, you should not have to perform much configuration here. 
  • This of course assumes your Windows Domain has been setup correctly, but you as the network engineer should not have to do anything to get this going.
  • When you go to "Show connection status" in your jabber client, you will not see any mention of trying to connect to the EDI directory, it will not show up in your jabber client as connected/not connected as it's all part of the Windows API. So keep this in mind!

Basic Directory Integration (BDI)
  • This is the "Traditional" method of LDAP integration with jabber where by you must specify the LDAP server and directory information as part of the service profile for that user. 
  • You can create a user who is able to bind to LDAP for this OR you can support an anonymous bind. You can provide this information via the service profile (which is downloaded by the client) or the client configuration file.
Universal Directory Service (UDS)
    • UDS will use the users that are part of the CUCM end user webpage as the directory entries
    • This is designed for when users are outside your network, on the collab-edge
    • It prevents you from having to expose your LDAP server to the internet for jabber for iphone etc.
    • you CAN force both internal and external clients to use UDS if for example, your an all-mac shop who do not use LDAP, or your cluster covers multiple AD domains, or any other reason you can think where you would rather use the CUCM database than the AD database to retrieve contacts.
    • You MUST have DNS setup properly for this to work, _cisco-uds must exist and must point to the hostname of the CUCM, the actual hostname of the CUCM (for example, perpub.cucm.com) must be fully resolvable, best bet is to point the _cisco-uds.cucm.com to perpub.cucm.com, which in turn will point to the IP address of your CUCM server.
    • Your jabber client WILL cache these entries, separately from your operating system cache of these entries meaning if at first you forget to setup the _cisco-uds record and then add it later. it still may not work. if you suspect this is the issue your having, be sure to completely uninstall the application from your device and clear out any appropriate folders such as the Application Data folder in Windows for your jabber application.
    Check out what the deployment guide has to say about the DNS entries:






    Make sure all the above is correct! UDS simply won't work without all the above being true.


    Let's see how to configure each of them shall we?

    Login to CUCM and navigate to User Management -> User Settings -> Service profile


    You will see something like the below:


    As you can see, a directory server hasn't been selected and most of the config is missing, this is perfectly fine if your using EDI, the "Use UDS for Contact Resolution" means that external users who don't have access to the Windows Directory API since they are outside your firewall will automatically use UDS when connecting externally.

    The features labelled "Only used for Advance Directory" can be used to set filters for the Windows Directory API. This allows you to narrow down the results returned by the Windows Directory Api to just users enabled for Jabber. You could safely leave this alone if you preferred however.

    So for those of you planning to use  a combination of EDI and UDS, your job is complete, so long as your windows domain is setup correctly, for those planning to use BDI, read on!

    For BDI, you will need to define the LDAP Directory servers, this can be done under User Management -> User Settings -> UC Service.

    Create a directory profile and add in the appropriate details:


    An important note about the protocol, according to the deployment guide, you need to use a particular protocol for each type of device:
    • Protocol Type — From the drop-down list, select:
      • TCP or UDP for Cisco Jabber for Windows 
      • TLS for Cisco Jabber for iPhone or iPad 
      • TCP for Cisco Jabber for Android


    Once this is done, go back to your service profile and select the LDAP directory server you just created.


    As you can see, in my example above I have created a separate user and assigned that user to be able to read the LDAP directory (must be able to bind to it), the format must be the username@domain format. You can also use the users logged in credentials if you prefer, the search bases (which unfortunately their are only 3 of) should be in the standard LDAP format.

    My advice if your having trouble getting this going is to use jxplorer (http://jxplorer.org/downloads/) to test connectivity.

    Finally, for some people it may make sense to do away with LDAP completely and strictly use the CUCM directory for contacts. This is done by strictly using UDS. The method to do this requires you make a modification to the client configuration file to force the use of UDS.

    (Important note: Whatever you place into the client configuration settings will be overwritten if their UC service profile has a directory listed, so keep that in mind!)

    The modifications you will need to make to the jabber-config.xml file are shown below:


            UDS
      11.22.33.444
            http://server-name/%%uid%%.jpg


    However, you might find using the config generator a heck of a lot easier:

    https://supportforums.cisco.com/document/106926/jabber-config-file-generator
     
    You can generate a nice config from this, simply unzip the html files and run them in a local web browser, then upload the file to your tftp servers, don't forget to upload it for ALL your tftp servers that your jabber client might use.

    All of the material for the above blogpost was obtained through a bit of trial and error as well as reading a lot of material from the Jabber Deployment Guide for Version 10.5

    I cannot stress enough how good this deployment guide is, it has all the information you could ever need. It is quite long but goes down to what version of office you need, failover and just about any other jabber setting you can think of.

    CCIE Wireless updated

    Blink and you will have missed it, but the CCIE Wireless has been updated to version 3.0!

    Once some materials are ready, I will probably start studying for it, not sure if I'll use it to actually pass a lab but just so I know the technology. :)

    http://blog.ipexpert.com/cisco-announces-version-3-of-the-ccie-wireless-blueprint/


    Video Voicemail greetings in Unity Connection

    Hi Guys!

    In my last blog post we took a look at Cisco MediaSense, a quick method of getting some very rudimentary call recording (This isn't what it's intended for, since it has very little indexing capabilities, it's really meant as central storage for recording, but in a pinch it will work)

    For me, the motivation of setting up Cisco MediaSense was to get Video Voicemail greetings going in Unity Connection, according to a recent Cisco Champions podcast on unity connection this is just step one towards full video messages in unity!

    OK, Let's get to configuring

    First, like any recipe, best to list out the ingredients first:

    • You will need a 10.5.X chain of Unity Connection (I am running Version 10.5.2.11900-3)
    • You will need Cisco mediasense installed and configured as per my blog post
    • Communications Manager 10.5 is kind of important too :p
    • You will need some sort of client that can do Video, I used Cisco Jabber but I am sure a 8945 or another appropriately configured Video Device will do the job.
    • This blog post assumes you already have your integration between Unity Connection and  Communications Manager working correctly, According to the design guide this must use SIP (To be honest, you should be using SIP integration to Unity Connection anyway)

    There are some more specific requirements around latency between MediaSense and Unity Connection, your region configuration and  some vCPU settings (it claims you need 7 vCPU's, I personally didn't need to give my MediaSense server anywhere near this many, but it's something to check if your having issues)
     http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/10x/design/guide/10xcucdgx/10xcucdg070.html


     First, since we are probably already logged into CUCM, we need to create a user that Unity can use to talk to Mediasense, this is done by creating an end user under the end user page. You don't have to worry too much about the permissions, Standard CCM End User should be more than enough permission.

    Once you have created this user, login to MediaSense and assign this user as a mediasense API user:



    OK, that should be the sum of all our mediasense configuration, what a relief! There is something in the design guide that talks about creating a blanking file to stop the video "freezing" on certain clients, to be honest I didn't have this issue so I skipped this step but if you are having problems with the video freezing at the start of the call or the end of the call check out the design guide for instructions on how to resolve this issue.

    Let's login to Unity Connection and get this setup.

    The first step in unity connection is to make sure your Class of Service for your intended video users is set to allow video, scroll down until you see "Enable Video" and ensure you check the appropriate boxes, click save and make sure this applied to the users you want to have Video Voicemail.


    Next, let's create the video service, scroll down on the left hand pane to Video -> Video Services

    Simply give the service a display name, the IP address, and the user we configured as a mediasense API user previously, that's it!  I personally also checked the "Allow Self Signed Certificate for Video Server" because I don't have a proper PKI infrastructure configured, in production you should get into the habit of doing your certificates properly, see my blog post on PKI with CUCM.


    Once you have saved this configuration, you will be reminded to restart the Unity Connection Conversation Manager as well as upload the certificate from the MediaSense server to the tomcat trust store on Unity Connection, I am not entirely sure if the "Allow Self-Signed Certificate for Video Server" checkbox makes this unnecessary, but I chose to upload the cert to the store anyway, so let's go through how to do that.

    First, go to your Media Sense server and display the certificate, in Firefox this is done by clicking the Padlock icon next to the URL:







    This wil display the security page, Click on View Certificate, then click on the details tab and click export. Save this somewhere on your PC.


    Next, in unity connection, in the right hand drop down panel, select "Cisco Unified OS administration" login and then select Security -> Certificate Management


    Next, click "Upload Certificate/Certificate Chain" and navigate to the file you exported previously, the purpose for the certificate should be tomcat-trust:


    Once this is done, go ahead and restart the Unity Conversation Manager (I personally reset my entire unity connection cluster at this point, since it's non production/lab so I thought, why not?)

    OK. Now we should be able to press the test button on the video service and make sure everything is OK. Go back to unity connection administration, select your video service you created previously and click "Test"


    Hopefully your output looks something like the above!

    OK, Next we have to make one more change to our user to enable him for video services, you could do this using bulk edit for a bunch of users, OR you could put it into the voicemail template so as you create users this setting will be automatically selected.

    Go to your user in Unity Connection and Select Edit -> Video Services Account, then click add to assign this video service to this user.



    OK! Thank goodness you should now be done and dusted. Let's test it!

    Ring your voicemail number using jabber, When you first ring the number your video will show as disabled, or that the other end is not sending video:



     Don't worry! This is normal, the video will only enable as your recording your greeting, (SIP will send an updated SDP message).

    Once you get to the part in Unity Connection of setting up your greeting you will find that the session changes to support video. Obviously don't forget you will need a webcam if your using jabber so make sure that is working to help avoid troubleshooting an issue that doesn't exist ;).


    I hope this helps someone out there!





    Popular old posts.