collaboration update

Randall PerryMAY 2016

Collaboration Update

2© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Agenda• Next-Generation UC Architecture• JITC Certification Update• Why Upgrade to 10.5• Upgrading 8.6 to 10.5


Next Generation UC Architecture


PBX-1 Architecture


PBX-1 Features

• Connected directly to the local base switch (SMEO) for PSTN, DSN, and FTS access via VoIP Gateway• All external Base DNs are forwarded from Cisco PBX-1

to Base Switch for call resolution

• Can use Private or Public IP address space for IP Phones, being no external connectivity from Voice network

• Server and Phone Certificates only required for IA for local STIGs, no external Certificates exchanged


Local Session Controller


Local Session Controllerwithout TDM PBX


Enterprise Session Controller


JITC Certification Update

“ESC15”


• Sponsor: DISA, ESC/LSC certification• Phased Approach

• Phase 1: Add products via SUT, only products certified under ESC 8. • Phase 2: Add products via DTR, not on ESC 8, are FCS and feature ready• Phase 3: Add products via DTR, not on ESC 8, not FCS or not feature

ready

• JITC Testing Phase 1 Completed

JITC – Overview of New ESC 15 Certification


• CUCM 10.5.2• Unity Connection VM/UM 10.5• Instant Message and Presence (IM&P) server 10.5• Jabber for Windows 11.0 client• Cisco Webex Meeting Server 2.5• RedSky E911• Gateways and phones

JITC – Overview of New ESC 15 Certification


Cisco ESC / Regional LSC SUT


Cisco Local Session Controller SUT


Analog Voice Gateway• 4300/4400 series Integrated Services Router (ISR) G3• VG350, VG320, VG310, VG204, VG202

Voice Gateways (VG)• 4300/4400 series Integrated Services Router (ISR) G3• 2900/3900 series Integrated Services Router (ISR) G2

ESC15: Voice Gateways

14


ESC15: VG Series of Analog Gateways

VG300 Series highlights Higher density: 48 ports in 1 RU

TDM PBX integration using T1/E1 PRI, CAS, BRI, FXO

Support for long loop lengths – up to 18,000 feet

Supported on Cisco Unified Call Manager

Built-in lightning-protection for harsh environments

www.cisco.com/go/vg

VG31024 Port

VG32048 port

NEW!NEW!

Replacing VG224

VG350160 Ports

VG202XM & VG204XM2 and 4 port

Added Via

DTR#2

http://www.cisco.com/go/vg


ESC15: T1 Port Density by Platform

43212901 43312911 2921

4

810

8

43512951

16 16 16

24

12

40

3925 3945 4431 3925E 3945E 4451

10

40

20

30

6

12

40


Interworking Gateways (IWG)• 2900/3900 series Integrated Services Router (ISR) G2

Session Boundary Controller (SBC)• 2900/3900 series Integrated Services Router (ISR) G2

Combined SBC/IWG• 2900/3900 series Integrated Services Router (ISR) G2

ESC15: SBC and IWG

17


• PEI: Cisco Jabber 11.0 and IP Communicator 8.6• PEI: 7811, 7821, 7841, 7861• PEI: 8811, 8831, 8841, 8845, 8851, 8851NR, 8861, 8865• PEI: DX650, DX70, DX80• ROEI: SX-10, SX-20, SX-80, MX200G2, MX300G2, MX700 and MX800.

ESC15: Certified Next-Generation Endpoints

18


Cisco Jabber - The Power to CollaboratePersonal UC across broad range of platforms and devices

Desktop Tablet Smartphone Web


Cisco Jabber: Rich Capabilities and Services

Instant MessagingPresence Persistent

Chat Rooms Contact Search

Voice & Video Video Conferencing

Remote Access

SecureCommunicatio

n

Desk phoneControl

ScheduleIntegration

File Transfer

Desktop Sharing

Voice Messaging

WebExMeetings Single Sign-On

ApplicationIntegration

CallHistory

Inter CompanyFederation


JabberConsistent and Compelling User Experience

Windows Mac iOS Android


IP Phone 7800 SeriesNew phone for accelerate pervasive collaboration

• Priced For Midmarket

• Full-Featured IP Telephony To Increase Personal Productivity

• Superior Audio Quality – Wideband Audio Support

• Lower Power Consumption – PoE Class 1


IP Phone 8800 SeriesNew phone for accelerated pervasive collaboration

• Full-Featured IP Telephony To Increase Personal Productivity

• HD Video (8865 & 45)

• Intelligent Proximity (8865, 61, 51 & 45)

• Tablet and Smartphone charging

• Up to three Key Expansion Modules (KEM)

• Telephony Feature Parity with 7900 and 9900-series


• 8851-NR is the same as 8851 but without Bluetooth radio

• 8851-NR does support Key Expansion Modules (KEM)

IP Phone 8851-NRDesigned for Security


Full Cisco UCM compatibility

On-screen controls. No additional interface needed

Apps WebEx, Jabber; other business apps via Google Play

Professional grade and interoperable video

DX SeriesProfessional-grade Collaboration for all users

• From traditional space-saving form factors, to larger engaging displays

• Features that integrate desktop collaboration

• Easy-to-install and easy-to-use with a consistent experience

• Supports standard USB and Bluetooth headsets and handsets, like Jabra 450


• DX70-NR and DX80-NR are the same as DX70 and DX80, but without WiFi and Bluetooth radios

DX70-NR & DX80-NRDesigned for Security


Quiet Room Small Room Medium Room Large Room Training-/Board Room/Auditoriums

MX200 G2 – 42’’ MX300 G2 – 55’’ MX700 – 55’’ MX800S – 70’’

Fully integrated solutions – Easy, consistent and scalable

SX20 SX80SX10

Component solutions – Customized to fit business specific needs or cost targets

Collaboration Room PortfolioOptimized to cover all major use cases

SpeakerTrack60

MX800D – 70’’

http://www.google.com/url?sa=i&rct=j&q=Cisco+SX20&source=images&cd=&cad=rja&docid=mYJliTdiCbDD2M&tbnid=v_mV-mhODZVO2M:&ved=0CAUQjRw&url=http://www.flickr.com/photos/cisco_pics/6494251711/&ei=PPJlUab3McGg0QWVmoCYCg&bvm=bv.45107431,d.ZG4&psig=AFQjCNFtRRHegt9bmSiU3imTv2jkoYewyg&ust=1365721948162135


• PEI: 6901• PEI: 7925/7926, 7945, 7965, 7975, 7916 (Sidecar)

ESC15: Certified Legacy Endpoints

28


• PEI: 6911, 6921, 6941, 6945, 6961• PEI: 7906G, 7911G, 7931G, 7941G, 7941G, 7941G-GE, 7942, 7961G,

7961G-GE, 7962G, 7970G, 7971G, 7915(Sidecar)

• PEI: 9951, 9971, 9900 Color Key Expansion Module• ROEI: MX200, MX300, VX-Tactical, VX-Clinical

ESC15: Certified EOS Endpoints

29


• CUCM 11.0• Acano Server for audio/video conferencing• TP Infrastructure: VCS x8.6• SBC: ISR4xxx CUBE Enterprise and ASR1K IOS-XE

ESC15 Phase 2 Targets (S2C)


• Expressway C and E• TMS• UCCX• 8821 wireless phone• Additional TP Endpoints

• Jabber Mobile• Cisco Emergency Responder• CE 8.1, TP endpoints software• Jabber Guest• TP Content Server

ESC15 Phase 3 Targets (S2C)


Why Upgrade to 10.5?


Why Should I Upgrade to the New Cisco Collab Products?

• Outdated - The current DoD CUCM version (8.6.1) commercially released in June, 2011, and End-of-Sale July, 2014. DoD CUCM 8.6(1) EoS is 2AUG2016

• Garrison & Deployed – Full collaboration features everywhere.

• Ease of Use - URI dialing ([email protected]) instead of an IP

address.

• Admin efficiency - Administering certificates is MUCH easier. All

certificates for a cluster can be managed from a single node.

• More Secure - Security features better suited for DoD (Native

CAC Support). No need to buy OpenAM.

mailto:[email protected]


• Licensing - Improved license and software manageability via License Manager and Smart Accounts

• Footprint - Reduced memory, storage, computing footprint required for micro (25-50 users) and small (100-200 users) customers

• Persistent Chat

• Broader UCS Server Options (see

http://docwiki.cisco.com/wiki/UC_Virtualization_Supported_Hardware#Table_1_-_

UC_on_UCS_TRCs )

Why Should I Upgrade to the New Cisco Collaboration Products?

http://docwiki.cisco.com/wiki/UC_Virtualization_Supported_Hardware#Table_1_-_UC_on_UCS_TRCs




Scalable up to 80,000 users per cluster

Available: multiple levels of server redundancy & survivability

Centralized or distributed call processing

Integrated services

Integrated network management

Highly secure

Cisco Unified Communications Manager

IM / Presence

VideoVoice

Content Sharing

The Heart of Cisco Collaboration

CLOUD

ON PREMISES

HYBRIDUnified

Communications


Single call-control, messaging, and presence solution

Advanced mid-call features Conference, merge, transfer, and hold

Reduced total cost of ownership Central configuration: user, device, and

services Self-care portal allows Cisco Jabber®

desktop users to set call forwarding and single-number reach

Unified Communications ManagerSimplify Communications Across Devices

Simultaneous ring on all phones

Move calls between

mobile and desktop

Single voice

mailbox

Presence aggregation across your

devices


Single Sign On for Users

• Centralizes Credentials Management

• Eliminate password resets

• Secure

• Works in Unified CM, Unity Connection, Jabber, and selected IP phones:

• Multi-vendor Identity Provider (IdP) integration: OpenAM, Microsoft Active Directory Federation Services, Ping Identity, and Oracle Identity Manager,

User Benefits

IT Benefits

• One Password to Remember !

Support for SAML V2.0 Identity Providers to allow access to multiple end user applications

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&docid=hWJafk5zi4ob5M&tbnid=oJi-85--8jZy4M:&ved=0CAUQjRw&url=http://kb.blackboard.com/pages/viewpage.action?pageId=106332195&ei=WMBOU7ChG5WzsQTAlYHADA&bvm=bv.64764171,d.dmQ&psig=AFQjCNGcB_11qUQyQQj4y6lMeI46EWBHTQ&ust=1397756359847043

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&docid=ybmM4kbS9Ib2DM&tbnid=eZHh96Rl3ZrgmM:&ved=0CAUQjRw&url=http://www.iconarchive.com/show/holographic-icons-by-radvisual/Application-icon.html&ei=3MBOU-QZp-SwBLabgJgD&bvm=bv.64764171,d.dmQ&psig=AFQjCNHBYzeoX2H9FkJbmB2ftcRgbD3GBQ&ust=1397756483862483





DoD Certificates: Administrator Experience in 8.6

Node NNode3Node2Node1

Admin

For each node Admin needs to do following:1. Login2. Generate CSR3. Download CSR4. Send this CSR to CA (over email, etc.)5. Wait for Cert6. Upload Cert and all chain certs on that node

REPEAT ABOVE STEPS FOR ALL NODES IN THE CLUSTER !


DoD Certificates: Administrator Experience Now

NodeN

Node3

Node2

Node1

Admin

Admin needs to do following:1. Login to any ONE node2. Generate CSR –

Automatically distributed to all the nodes in the cluster

3. Download CSR from any node

4. Send this CSR to CA (over email, etc.)

5. Wait for Certificate6. Upload Certificate and

all chain certificates on any ONE node – distributed to all the nodes in the cluster


Upgrading 8.6 to 10.5


Migration OptionsI. Greenfield

I. Build ESC 10.5 from scratch II. Trunk to existing cluster and SME/SBC/TDM GatewayIII. Migrate users

II. Clone the VMs from existing CUCM 8.6 ClusterI. Perform the in-place upgrade in the labII. Move the upgraded clones back and migrate users

III. In-place Upgrade from existing ESC 8.6 on existing Infrastructure

IV. Rebuild in lab New H/w….use cloned copies of database…upgrade/test and send hardware out to sites.


ComponentsComponents ESC 8.6 ESC 10.5

Unified Communication Manager (CUCM) 8.6.1ES14 10.5.2

Unified Presence (CUP or IM/P) 8.6.5 Part of CUCM, 10.5.2License DLUs UCL, CUWL, PLM requiredUnity Connection (CUC) 8.6.1ES14 10.5.2Session Manager Enterprise (SME) 8.6.1ES14 10.5.2Prime Collaboration Provisioning 10.6 10.6Single Sign On (SSO) OpenAM, Agent flow ADFS/AGS, SAML 2.0 Jabber for Windows (J4W) 9.X 11.0IP hard phones 7900 series 7800, 8800 series and 7900VMware ESXi 5.1, 5.5 5.5DNS SRV (XMPP Service) Not required Required with SAML SSO

deployment with intersite load balancing

Virtual Machine OS: Red Hat Enterprise Linux 5 (32-bit)Network Adapter: automatic

OS: Red Hat Enterprise Linux 6 (64-bit)Network Adapter: VMXNET 3

SBC and GW code 15.4.3M4


Current CUCM Upgrade Process and Definition

L2 Upgrade: Appliance/Virtual to Appliance/Virtual model• Low complexity with possible shortest downtime• Between CUCM versions with the same major RHEL versions• (e.g. CUCM 10.0 to 11.0 or CUCM 10.5 to 11.0)

RU (Refresh Upgrade): Appliance/Virtual to Appliance/Virtual model with major RHEL version change (starting with RHEL 5)

• Medium complexity with possible longer downtime• (e.g. CUCM 8.6 to 11.0 or CUCM 9.1 to 11.0)

Platform Change: Appliance to Virtualized model• Variable complexity with variable downtime pending approach• Single or multiple hop upgrade or migration• (i.e. Bare metal servers that cannot run CUCM 10.0 or above)

L2

RU

PC

43


L2 versus RU Upgrade

44

• Active partition is running while upgrade software is being install on inactive partition

• Low downtime since upgrade can be done while system is functioning

L2 Upgrade

• Server is down while upgrade software is being installed• More reboots for bare metal servers• Higher downtime since upgrade cannot be done while

system is functioning• Upgrade is equal to complete installation of CUCM

RU Upgrade


One-Step L2 Upgrades (Virtualized)

45

CUCM 10.0(1)SU1CUCM 10.5L2

• The CUCM versions that will support a L2 upgrade to 10.5• Short or minimal downtime• Pre-upgrade RSA keys COP file (ciscocm.version3-keys.cop.sgn) not

required

CUCM 10.0(1)

4545

Compatibility Information for Cisco Unified Communications Manager Release 10.x:http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/compat/matrix/10_x/CUCM_BK_CD1DB914_00_compat_matrix.pdf


One-Step RU Upgrades (Virtualized)

46

CUCM 10.5CUCM 8.5(X) RU

• Longer downtime• Medium upgrade complexity• Pre-upgrade RSA keys COP file (ciscocm.version3-keys.cop.sgn) is

required to validate the upgrade (• RU upgrade COP file (ciscocm.refresh_upgrade_v1.3.cop.sgn) is

required for CUCM 8.5 or earlier

CUCM 8.6(X)

46

Supported Cisco Unified Communications Manager Releases by Server:http://www.cisco.com/en/US/partner/prod/collateral/voicesw/ps6790/ps5748/ps378/prod_brochure0900aecd8062a4f9.html

CUCM 8.0(2-3)


In-Place L2/RU Upgrade Process

Existing CUCM Cluster

Back Up With DRS

sFTP Server

CUCM 10.5

ISO file

Upgrade Publisher Inactive Partition

CUCM 10.5

ISO File

Upgrade Subscribers

Inactive Partition

Add License to PLM and

add CUCM to

PLM if new

cluster

CLI or OS Admin

Switch Partition

onPublisher

1 62 3 4 5

New CUCM 10.5 Cluster

CLI or OS Admin

Switch Partition

onSubscribe

r

New CUCM 10.5 Cluster



PLM

• Add version 10.5 of license for the appropriate PLM

• This scenario applies to virtualized CUCM only

collaboration update

Technology