Monday, August 18, 2014

Cisco CUCM - Self Provisioning, Feature Groups, User Device Templates, User Profiles - What it all means and how to use it to get zero-touch deployment!

How to enable self-provisioning for CUCM 10.5

The problem

A customer once asked me to enable LDAP integration for their CUCM deployment.

"How long will it take?" they asked, "maybe an hour max" I replied. The customer was suprised it was so easy and I found it funny they thought it would take a while!

I enabled it for them, and the disconnect quickly became apparent: They thought enabling LDAP sync would have it so their phone info was automatically pulled from LDAP! Back then this was note the case.

CUCM 10.0 finally gives us this ability! In combination with a feature that has been available since CUCM 9 that allows you to add phones/lines in a template-like configuration. The feature can still be useful for those of you not using LDAP integration.

Building Blocks

Let's look at the parts involved so we can work out what all these new options are and what they do for us. When you create these "building blocks" you would basically create one for each separate set of discreet users, in my example I live in New Jersey, so I have created a collection of these building blocks to represent the settings of the New Jersey site users.

Universal Line Template
The universal line template is where we configure the settings for the line such as partition, call forward settings etc. You can access this via User Management -> User/Phone Add -> Universal Line Template. The settings are shown below

As you can see you can edit the call forward settings, calling search spaces etc. You will also notice the #FirstName# and #LastName#, these are called tags and allow you to have these fields filled in by information pulled down about the user from LDAP or entered by you manually when you create the user in the quick phone/add page (if you don't use LDAP.) I personally feel not enough "tags" exist, for example there is no DirectoryNumber Tag which would be useful, I personally like to put the directory number into the description of each device and each line.

Once you have saved this, it's onto the next building block

 Universal Device Template
Here is where you configure the device itself's CSS, MRGL, Device pool etc. These settings can be customized to what KIND of device your adding (example, you would have a separate universal device template for soft phones and remote destination profiles as an example)

These settings can be found under:
 User Management -> User/Phone Add -> Universal Device Template

User Profile
The user profile can be found under User Management -> User Settings -> User Profile. This links together the device and line template as well as controlling if the user is allowed to self provision or not. As you will see in the screenshot below, you can specify a separate user template for each type of device.
Feature Group Template
Finally, a feature group is used to set some restrictions for the user and to tie their user profile to us

Non-LDAP Users Quick Phone/User add

Let's assume for a minute that your either not using LDAP, not interested in self-provisioning OR your stuck on CUCM 9. All the settings you just configured where not in vain, you can still get great use out of the templates you just created

You can either create a new user with a new username and details:

Or click on either a non-LDAP integrated user or an LDAP integrated user (as per the screenshot below)
Once you have clicked on an existing user and/or created a new user, you can assign that user an extension

Once an extension is assigned you can then click "manage devices" and either move an existing phone over to them (cool! Great for changes) or add a new phone:

Part 2 of the blog will cover how to integrate this with LDAP 

Sources: I got some really good information from the following blog Entry


  1. Nice Work Pete, Very cool and useful

  2. Hi,

    Do you do any consulting on the side? :)

  3. Regarding "I personally feel not enough "tags" exist, for example there is no DirectoryNumber Tag which would be useful, I personally like to put the directory number into the description of each device and each line."

    You can do this with #PrimaryExtension#

    /Per Kallstrom

  4. Great article. One note, which is more a Cisco rant than anything. While #PrimaryExtension# is an available variable, I am still looking for a way to mask this in the variable similar to the way Prime Provisioning does. (%XXXX%)

    For example, most of my new installations are going in as e.164 dial plans with a full +15551234567 number as the DN, however the phones are typically still labeled and dial-able internally as the last 4 or 5 digits of their e.164 through location specific translation patterns. Typical line text label would be "John Smith 4567". However I can not template this with Self Provisioning. I can use #PrimaryExtension# but that gets me the e.164 which is already on their phone as the external phone number mask on the top status bar.

    1. Thanks Nick! I reckon you should be able to get down and dirty with this and use regular expressions or something funky like that. But I doubt cisco will give us that much power. Check out my articles on AXL, for what your asking for, you could very easily write something in AXL that itterates through, grabs all the DN's and then updates the line text labels based on the content. Then just run that a regular interval and problem solved.

    2. Fernando PenteadoApril 20, 2015 at 8:27 AM

      Hi. I realized on Phone Button settings we have a limitations from caracter on Line Label whitin Phone Buttons Configurations. Is there a way by AXL to get Display Caller id in order to populate it and on Line Label and prefix more caracter after it?

      Kind Regards