jabber in the cloud · . on-premises on-demand ... (opensso) and other saml conformant systems
Post on 01-Sep-2018
220 Views
Preview:
TRANSCRIPT
• Introduction to Jabber & Platform
• Basic Provisioning
• Hybrid Deployment: Mobile and Remote Access
• Service Discovery
• Plan the Right Route to Configuration
• IM Security
• Federating Cisco Jabber
• Feature Deep-Dive
• Customizing the Cloud with Jabber SDK for Web
• Jabber & Cisco Collaboration Cloud
Agenda
The Cisco products, service or features identified in this document may not yet be available or may not be available in all areas and may be subject to change without notice. Consult your local Cisco business contact for information on the products or
services available in your area. You can find additional information via Cisco’s World Wide Web server at
http://www.cisco.com. Actual performance and environmental costs of Cisco products will vary depending on individual
customer configurations and conditions. This is a confidential Cisco Internal launch document and not for external distribution.
Disclaimer
Cisco Jabber – The Power to Collaborate
All-in-one UC application Collaborate from any workspace
Presence and IM
Voice, video, and voice messaging
Desktop sharing and conferencing
PC, Mac, tablet, and smartphone
On-premises and cloud
Integration with 3rd party productivity tools
Rich, Real-time Collaboration with Cisco Jabber® Platform
WebEx Messenger Deployment FlexibilityStart with the features you need
Jabber IM Only, or
Jabber IM with P2P V/V*
Jabber Phone ModeMedia Termination
Cisco UC Manager
Jabber Full UCIM and Enterprise
Voice & Video
Cloud
Only
Prem Based
Voice & VideoFull UC:
Hybrid
Start Solution with… Start Solution with… Start Solution with…
Jabber / Messenger
WebEx platform is foundational for Cloud IM & Presence
UCM, Collab Edge
UCM as our call control platform
Collab edge provides DMZ traversal for collab products
Jabber / IM&P
Remains our premise soft client- it is required for “Traditional” persistent
chat capabilities as seen in FSI and other
verticals, with hooks into compliance and
archiving systems.
Extensive Service Options
Conferencing
Call Control
Collab Edge
Application
s
Internet
MPLS WAN
Headquarters
Remote Site
Mobile/Teleworker
TelePresence Server Conductor
Endpoints
Unified Communication
s Manager
Expressway-C
Instant Message & Presence
PSTN /
ISDN
Integrated Services Router
Integrated Services Router
DMZ
Unity Connection
TelePresence Management Suite
PrimeCollaboration
Expressway-E
3rd Party
Solution
http://www.cisco.com/c/en/us/solutions/enterprise/design-zone-collaboration/index.html
On-DemandOn-Premises
On-site control & access
Equipment & software owned & operated
Leveraged converged corporate network
Data behind firewall
Rapid deployment
No capex, predictable billing
Minimal admin and overhead
Redundancy & load balancing
Jabber XMPP
TechnologyCisco IM and Presence
Deployment Models for Cisco Jabber Clients
Jabber Cloud ComponentsSources of Configuration
Inside firewall (Intranet)
Outside firewall(Public Internet)
Internet
DMZ
Expressway
E
Expressway
C
Unified
CM
Collaboration
Services
Cloud Only Deployment*
1. WebEx Administration
Tool is the primary
source of configuration
Hybrid: Cloud IM&P, with
Enterprise Call Control
(UCM) (and other UC
services such as
voicemail)
1. WebEx Administration
Tool is primary source of
configuration
2. Jabber-config.xml
(optional) to customize
client
Hybrid
Cloud
Only*SUBJECT TO CHANGE:
Jabber 11 MR required for cloud only deployments with V/Vs
Jabber Cloud Components WebEx Administration Tool - Policy
Instant Message
General IM
Contact List
IM Block Settings
XMPP IM Client
Upgrade Management
P2P Port Settings
Unified Communications
IM Federation
IM Archiving
System Settings
Organization Information
Domain
Resource Management
User Provisioning
File Settings
Password Settings
Security Settings
Profile Settings
Contact Settings
URL Configuration
Customization
Branding
Email Templates
Organization
Settings
XMPP
Service
Branding &
Template
User CreationDefining your Jabber ID (JID)
• Consider your Jabber domain carefully, you’ll live with it for a while!
• Multi-modal communications address (Email, IM, Voice, Video & Federation)
AADAMS@EXAMPLE.COM
Jabber ID or “JID”
“Jabber” DomainUserID
Configuring User Accounts
Manual Provisioning via WebEx Administration Tool
• Manually create and manage users via the Admin web interface
User File Import via WebEx Administration Tool
• Import a CSV file of users and groups into the database
Self Registration
• Accounts are created when users log in for the first time to Jabber
Single Sign-On
Options for Creating Users
WebEx Admin
New account using
web interface … and downloads Jabber
client onto their mobile or
desktop
WebEx sends
welcome email
to new users
email address
User
sets a
passwor
d for
WebEx
Account
….
Configuring User AccountsManual User Creation
Configure User Accounts
• Suitable for small group of users or pilot
• Admin Tab > Add User
• Account
• Profile
• Policy Group
• Unified Communications
Manual User Creation
Configure User Accounts
• WebEx Administration Tool provides library of email templates to enroll Jabber users
• Email templates are flexible, and may be customized for a particular company
• Company branding may also be added
Email Templates and Branding
Bulk Import of Users
• Provide method of bulk import of users to simplify provisioning
• Create CSV file with user information
• Full list of headers and mappings available in WebEx administration guide
CSV
Import field headers and value examples:
Field Value
employeeId 06355
displayName Tom James
firstName Tom
lastName James
email tomj@test.com
userName tomj@test.com
jobTittle Vice President
address1 Tasman
address2
city Santa Clara
state CA
zipCode 95134
ISOCountry USA
Field Value
phoneBusinessISOCountry +1
phoneBusinessNumber 4085551010
phoneMobileISOCountry +1
phoneMobileNumber 4085551010
fax 4085551111
policyGroupName Corporate
userProfilePhotoURL http:/server... Jpg
activeConnect
center my.webex.com
storageAllocated
CUCMClusterName cmovtme.com
IMLoggingEnable Yes
EndPointName
WebEx Administration Tool – CSV File Format:
http://www.webex.com/webexconnect/orgadmin/help/index.htm?toc.htm?17474.htm
Enable Self-Registration as a last option
User’s email address must match customer (site) domain
Security based upon user’s domain details and email
account
Account creation notification can be sent to Site Contact
User can register at www.webex.com/go/wc
Configuring User AccountsSelf Registration
Configuring User AccountsFederated Single Sign On (SSO)
• SAML 2.0 compliant or meets WS Federation 1.0 standard
• IdP – Identity Management System (on customer premise)
• Ping Identity, CA SiteMinder , ADFS, Oracle Access Manager (OpenSSO) and other SAML conformant systems
• WebEx Messenger site must be enabled by WebEx provisioning
• X.509 certificate uploaded to the WebEx Cloud
• URL for the corporate single sign-on service
• Client to be setup with a command line for SSO
1
2
3
4
51. User launches Client, sends request
2. Browser window opens to IdP for user
credentials
3. Credentials are challenged and validated
against
corporate directory
4. IdP sends assertion containing trusted user info
5. Central Authentication Service (CAS) validates
the user with the database and returns
validated user token to the Client
Jabber
Client
IdP
X509
Cert
Web Browser
Configuring User Accounts
• Plan your contact source information
• Contact sources provide Jabber with information to initiate communication.
• Rich data enhances user experience…
• Consider telephone formats, completenessof information and user photos etc….
Jabber Contact Source
WebEx Contact Source
Default for cloud based deployments
Local Contact Source
MS Outlook
Reverse contact
resolution
WebEx Administration ToolPolicy & Policy Groups
• Policy may be set in OrgAdmin at a global or group level
• Policy definitions may be created and assigned to admin defined groups
• Granular control for Organizational behavior
• Solution designed for and sold
exclusively with Unified CM 9.1 and
above (including Business Edition)
• Subset of X8.x features
• No additional cost for server software
licenses
X8.x Product Line Options
New
Offering
X8.x
“Expressway C”
Or Core
“Expressway E”
Or Edge
“VCS Control”
No Change
“VCS Expressway”
No Change
VCS Expressway
• Specialized video applications for
video-only customer base and
advanced video requirements
• Superset of X8.x features
• No changes to existing licensing
model
Collaboration Edge
umbrella term describing Cisco’s entire collaboration architecture for edge
... features and services that help bridge islands to enable any to any collaboration…
…collaborate with anyone anywhere, on any device….
Cisco VCS
Existing product line option providing advanced video and TelePresence applications
Includes VCS Control and VCS Expressway
Cisco Expressway
New product line option for Unified CM and Business Edition customers, providing firewall traversal & video interworking. Includes Expressway Core and Expressway Edge
Mobile and Remote Access
Feature available on both VCS and Expressway product lines with X8.1 s/w
Delivers VPN-less access to Jabber and Fixed Endpoints
Branding Terminology Decode
Cisco Jabber Remote Access Options
Unified CM
Expressway
Firewall
Traversal
AnyConnect
VPN
• Layer 3 VPN Solution
• Secures the entire device
and it’s contents
• AnyConnect allows users
access to any permitted
applications & data
• New Complementary
Offering
• Session-based firewall
traversal
• Allows access to
collaboration applications
ONLY
• Personal data not routed
through enterprise network
Hybrid Deployment - Cloud based IM&P
Inside firewall (Intranet)
Outside firewall(Public Internet)
Unified
CM
Internet
DMZ
webexMessenger
Protocol Security Service
SIP TLS Session Establishment –
Register, Invite, etc.
Media SRTP Audio, Video, Content
Share, Advanced Control
HTTPS TLS Logon,
Provisioning/Configuration,
Contact Search, Visual
Voicemail
XMPP TLS Instant Messaging,
Presence
Expressway
E
Expressway
C
Unity Connection
Conferencing Resources
Collaboration
Services
WebEx Messenger
Open Connectivity over ports 80 and 443 for the following domains
• webex.com
• webexconnect.com
• All sub-domains of webex.com and webexconnect.com
If using 3rd party XMPP clients
• Open 5222 (XMPP standard client port)
Network Requirements
WebEx Service Offered over IP Address Range(s)
64.68.115.0 64.68.115.255
64.68.116.0 64.68.116.255
66.163.32.0 66.163.63.255
173.243.12.0 173.243.12.255
WebEx Messenger
Item Port Type Port Number
A/V Server Port TCP 80 and 443
UDP 5101
STUN Server TCP 80
UDP 8070/8090
P2P Port (‘WebEx Connect’ Direct
Connection Only – Not applicable to
Jabber)
TCP Random
UCP Random
Port and Bandwidth for Voice/ Video
The UDP port 5101 is used to establish the server connection. If the connectivity fails,
ports 80/443 are used to establish connectivity.
Contact Search Considerations (Cloud based IM&P)
Inside firewall (Intranet)
Outside firewall(Public Internet)
Internet
DMZ
LDAP
webexMessenger
• Jabber allows for multiple contact source integrations
• LDAP Directory sync provides corporate directory to Unified CM
• Corporate directory is also exported to WebEx Messenger cloud
• All Jabber clients will use WebEx Messenger cloud as a contact source for contact search
Expressway
E
Expressway
C
Unified
CM
Collaboration
Services
Service Discovery is for Cisco Jabber to…
Subscribe to…
UC Services
Discover…
UC Services Domain
Select…
Operating Mode
Cloud or On-Premises
Determine…
Operating Location
Inside or Outside
Service Discovery
Jabber now has two key pieces of information for Service Discovery
• “adam” for user authentication
• “ucdemolab.com” for service discovery
Jabber sends HTTP and DNS Queries• Jabber sends all requests (HTTP request & DNS
queries) simultaneously
• Among all returned, the record with the highest priority will be used for connecting to UC services
• Jabber will also evaluate returned responses to determine if it is inside or outside the organization
Priority Service HTTP Request / DNS SRV
1 WebEx Messenger HTTP CAS lookup
2 Unified CM 9.x _cisco-uds._tcp.<domain_name>
3 Cisco Presence 8.x _cuplogin._tcp.<domain_name>
4 Cisco Expressway _collab-edge._tls.<domain_name>
Messenger
http://loginp.webexconnect.com/cas/Fede
ratedSSO?org=[DOMAIN]
DNS SRV Lookups
DNS (internal
or external)
HTTP Request to
CAS*
DNS
Queries
* CAS: Connect
Authentication Service
Edge Detection
• Edge Detection determines whether Jabber is inside or outside the corporate firewall
• Based on SRV records returned from DNS
• If _cisco-uds SRV record lookup returns an address:• Jabber determines that it is inside the organisations network and it can connect to UC services directly
• If _collab-edge SRV record lookup returns an address:• Jabber determines that it is outside the organisations network
• Set directory integration to UDS mode
• HTTP transform all traffic and route through expressway-e
Jabber Establishes Services Domain
• Jabber needs to establish Services Domain name to send Service Discovery queries• Services Domain is usually the WebEx Messenger domain name or UC Manager domain name
• Jabber can establish the Services Domain in a number of ways• UPN discovery (Jabber for Windows only)
• Enduser input
• Preconfigure (Bootstrapping/MSI transformation or URL Configuration)
• jabber-config.xml
UPN Discovery
• Jabber for Windows will not prompt user to enter login credentials until the Windows machine is connected to a network
• Once a network connection becomes available Jabber will initiate service discovery
• Jabber for Windows will attempt to use User Principal Name (UPN) for service discovery
• e.g. smiller@example.com
• example.com is used as the Services Domain (_cisco-uds._ecp.example.com etc)
• “smiller” is used for home cluster discovery
Network becomes
available
End-User Input
• Jabber for Mac, Android and IOS will default to end-user input of Services Domain.
• Jabber for Windows will use UPN by default but this setting can be changed via a bootstrap key• Bootstrapping can be done using the mst file and a MSI editor or by using command line switches
• upnDiscoveryEnabled: true/false
• The enduser should enter an email like address
“username@domain”
• username : UC Manager UID
• domain : domain used for Service Discovery
Services Domain Preconfigure
• Jabber can be pre configured with Services Domain name prior to installation
• This can be used when:
• UPN domain does not match Services Domain
• Admins do not want endusers to enter Services Domain
• Services Domain can be pre-configured using
• Bootstrapping/MSI transformation (Windows)
• URL Configuration (Mac, Android, IOS)
• This allows a “zero-touch” configuration for endusers
Services Domain Preconfigure
• Jabber for Windows can be preconfigured with Services Domain via bootstrapping or MSI transformation
msiexec /i CiscoJabberSetup.msi SERVICES_DOMAIN=example.com
• Jabber for Mac, IOS and Android can be preconfigured with Services Domain via URL Configuration
ciscojabber://provision?ServicesDomain=example.com
Services Domain & Voice Services Domain
• In hybrid deployments, the WebEx Messenger domain may be different to the on premise UC domain
• WebEx Messenger domain : example.com
• On premise UC domain : uc.example.com
• Jabber will need to perform discovery on example.com to discover Messenger services
• Jabber may also need to perform discover on uc.example.com to perform Edge Detection and discover UC services via Mobile Remote Access (Expressway)
• Voice Services Domain can be used to perform discovery on a second domain
• Services Domain : example.com (used for WebEx Messenger HTTP lookup)
• Voice Services Domain : uc.example.com (used for DNS SRV lookups)
Configuring Voice Services Domain
• Voice Services Domain can be configured via
• Bootstrap/MSI Transformation (Windows only)
msiexec /i CiscoJabberSetup.msi SERVICES_DOMAIN=example.comVOICE_SERVICES_DOMAIN=uc.example.com
• URL Configuration
ciscojabber://provision?ServicesDomain=example.com&VoiceServicesDomain=uc.example.com
• jabber-config.xml
<ServicesDomain>example.com</ServicesDomain>
<VoiceServicesDomain>uc.example.com</VoiceServicesDomain>
Excluding Services
• Services can be excluded from Service Discovery
• Some organizations may have a WebEx Messenger domain but want to run Jabber in phone only mode
• WebEx Messenger can be excluded from Service Discovery
• Bootstrap/MSI Transformation (Windows only)
msiexec /i CiscoJabberSetup.msi SERVICES_DOMAIN=example.comEXCLUDED_SERVICES=WEBEX
• URL Configuration
ciscojabber://provision?ServicesDomain=example.com&ServiceDiscoveryExcludedServices=WEBEX
• Note that the Messenger HTTP request will still be sent but will not be used
Creating the SRV Records• Ensure each UC Manager node has an A-record DNS record
• The SRV record can point to multiple A-records for load balancing purposes
• Jabber clients will round-robin through A-records as they perform DNS lookups
• Jabber maintains an internal priority list for SRV records
• SRV record Priority and Weight do not need to be set
SRV lookup return
• Test the SRV record using nslookup tool
• SRV lookup using nslookup will return all associated A-records
• NOTE: this is a different system to previous example!!!
nslookup -type=srv _cisco-uds._tcp.cisco.com
Service Discovery and WebEx Messenger• If a WebEx Messenger HTTP lookup is successful during
Service Discovery
− Jabber will connect to the Messenger service regardless of the other lookup results
• For users who are provisioned with UC Manager services (including voicemail etc.)
− WebEx Messenger must be configured with the correct UC profile information (TFTP, CCMCIP, CTI) for each user and service
− WebEx Messenger UC Profile will take higher priority than UC Manager Service Profile
− Jabber will not use the _cisco-uds SRV record to connect to UC Manager (record still used for Edge Detection)
• Jabber will not perform Home Cluster discovery after connecting to WebEx Messenger
• The UC profile must detail the correct Home Cluster information for each user
Home UCM
Cluster
UC Manager
home cluster
address
1
2
Service Discovery – WebEx Messenger (inc. Hybrid)
WebEx Service
found via HTTP
CAS Lookup
http://loginp.webexconnect.com/cas/FederatedSSO?org=company.com
Service Discovery – Phone-Only Mode
Service
Discovery
lookup for
“Voice Services
Domain”, i.e.
Phone-Only
Mode
“Phone
Services”. I.e.
no Instant
message
capability
Service Profile Priority
UCM Service
Profile
Jabber-config.xml
ConfigurationOperating
Config
Bootstrap/Local
Plan the right route to configuration - HYBRID
Plan the right route to configuration
1. End-user is presented with login screen and enters IM address <user>@<domain> - This input is used for service discovery.
2. When Jabber executes service discovery, it runs 4 lookups:
a. HTTP CAS URL Lookup for <Domain> (WebEx Messenger)
b. cisco_uds - DNS SRV Lookup for <domain> (On-Net UCM 9.X or later)
c. cup_login - DNS SRV Lookup for <domain> (On-Net CUPS pre-9.X)
d. collab_edge - DNS SRV Lookup for <domain> (Off-Net UCM 9.X or later)
3. In a WebEx Messenger deployment, the service will be found via HTTP CAS URL. Jabber will subsequently ignore the other 3 DNS SRV lookups. Jabber populates HTTP CAS info into its configuration store
4. The user will then be taken to the next login screen, and prompted for username and password to authenticate against WebEx Messenger service.
Plan the right route to configuration
5. Jabber will examine the Messenger cloud for policy and configuration, and again update its configuration store with the info received. In a cloud-only deployment, this completes service discovery process.
6. As part of that policy received, there is optionally a UC profile which contains a setting “Enable UC Manager integration for Cisco IM Applications”, and in it will have a given users’ home cluster information (TFTP, CTI, CCMCIP). This step notifies Jabber there is a HYBRID deployment, and will trigger the secondary lookup for voice services based in UC Manager. i.e. “Enable HYBRID”
7. Jabber will try its secondary login based on that home cluster information and register directly to Cisco UCM for voice services.
8. Once registered, Jabber will retrieve Cisco UC Manager UDS service profile and jabber-config.xml.
Plan the right route to configuration
9. Jabber will populate its configuration store with the valid information from UDS service profile and jabber-config.xml
10. One of the settings in jabber-config.xml should be setting a “voice-services-domain”. This provides Jabber the information it needs to do edge detection when a user is off-net, and needs to find Cisco UCM via Mobile and Remote Access. This setting an also be achieved using a MSI installer switch or “configuration URL”, which means step 7 could happen either on-net or off-net.
11. Done!
Org Admin – Enable HYBRID
• General provides optional UCM integration for WebEx Connect – Not applicable for Cisco Jabber
• Voicemail – To enable Cisco Unity Connection, cluster settings much be populated in this tab. It is a global setting
• Clusters – Add Cisco Unified Communication Manager integration into Jabber (this enables HYBRID deployment, and must be enabled to kick off “Service Discovery” HYBRID lookup. In this section you may set:
• Cisco UCM server settings
• Voicemail pilot number
• Enable voicemail specific to a UCM cluster (Optional for granularity –Global setting is already configured)
Mandatory to enable HYBRID Service Discovery lookup
Optional – Must be enabled for voicemail.
Legacy settings - not applicable to Jabber in the cloud
Cisco WebExCollaboration Cloud
MULTI-LAYERED SECURITY MODELT
hird
Pa
rty A
udits
SSAE 16
ISO 270001
Encryption
Authentication
Policy Management
Physical Security
SSL - 128-bit EncryptionAES – 256-bit Encryption
SSOUnique ID
Access ControlSet policy for individuals, groups, org
Data Centre Secure Facility
Cisco WebEx Multilayer Security Model
Note: Instant Messages are not stored in the cloud at any point, except when IM Archiving is enabled
IM Encryption
• Jabber 9.0+ server connection to WebEx messenger cloud by default uses 128 bit SSL encryption.
• Data-at-rest is not encrypted which allows IM logging capabilities in the cloud.
• Data-at-rest is protected by means of stringent Data Centre security including SAS 70 Type II audits
SSL Encryption
IM Logging
Service
IM Routing
Service
IM Encryption (Optional)• Jabber encrypts XMPP traffic
• IM payload is encrypted using AES 256 bit
Point to Point
SSAE-16
ISO27001
• Server-side IM Logging
• Messages stored on customer premise, or cloud storage
• Messages only stored temporaily in Messenger cloud – deleted upon receipt of delivery
• “Logged” users will be shown disclaimer in IM conversation
• End to end encryption (256k AES) is not supported for logged users
Compliance - Cloud
HP Autonomy DRC-CM (formerly Iron Mountain) (3rd
Party Cloud storage)
Global Relay (3rd Party Cloud Stoage)
Secure SMTP (Integrate with email archiving)
• HP
IM communication
via a secure
channel (SSL)
Federating Cisco JabberAdd IM & Presence Federation DNS SRV
Service Type
XMPP
Port
FQDN of host
offering XMPP
Service
Inter-Domain Federation
XMPP
GatewayXMPP
Gateway
AOL
Gateway
IBM Sametime
IBM Sametime via XMPP
gateway server
Microsoft Lync
Microsoft Lync using XMPP
gateway role.
AOL
Public federation to AOL users
* requires addition order option
XMPP Standard Federation
Standards based XMPP
domains
including Cisco IM & Presence
server
Cisco Jabber
Cisco Jabber on-premise
via XMPP standards
Clearinghouse Vendor
• Nextplane is a third party service that
provides additional federation capabilities
• Clearinghouse “UC Exchange”
‒ Directory Member vs. Community member
• Federation to other vendors on Nextplane
• Integration to Social Media (Yammer,
Chatter, Twitter)
• Consider $$$ - To select a federation
• www.nextplane.net
Introducing
”Jabber to Jabber” Voice and Video calling
• “Jabber to Jabber” voice and video provides basic calling between clients without UC manager registration for both cloud and on premise deployments.
• Provides voice/video calling for IM enabled users (Jabber for everyone)
• Provides feature parity for customers migrating from WebEx Connect
• Architectures provides for both cloud and on premise deployment
• Single call only with no in call features
• Users can be enabled for both UC Manager and Jabber to Jabber calling
• Setup: SDP/XMPP or SDP/HTTPCodec: G.722 / H.264
Voice/Video
Subject to change
Jabber to Jabber Calling
Deployment Architectures
• Provide call setup over HTTPS
• Aligns to Collaboration Cloud Architecture
SDP/HTTPS
(Setup)
RTP
(Audio/Video
& Share)
Cloud Model
Subject to change
Jabber to Jabber Calling
Example Flow
User receives an incoming “Jabber to Jabber” call
Contact is resolved
Call shown as “Jabber Call”
Subject to change
Jabber to Jabber Calling
Example Flow
Mid call features not available with “Jabber to Jabber”calling
Mute Audio/Video
Hang-up
Subject to change
Single call only
If an additional call is presented user can hang up in progress call
UC manager call can be placed on hold
Jabber to Jabber Calling
Example Flow
Subject to change
• Delivers market requirement for low bandwidth / dirty network codec
• CTG cross endpoint alignment
• Requires UC Manager 11.0
• Mobile clients also adding support for G.722 in 11.0 release
Introducing
Opus Codec Support
Opus is a totally open, royalty-
free, highly versatile audio codec.
Opus is unmatched for interactive
speech and music transmission
over the Internet, but is also
intended for storage and
streaming applications. It is
standardized by the Internet
Engineering Task Force (IETF)
as RFC 6716 which incorporated
technology from Skype's SILK
codec and Xiph.Org's CELT
codec.
Subject to change
Jabber Desktop Share• Jabber supports a number of desktop sharing capabilities
• Video Desktop Share (BFCP) (Jabber Windows and Mac, mobile platforms can receive)
• IM Only Screen Share (Jabber for Windows)
• WebEx Messenger Share (Jabber for Windows – Cloud mode only)
• A Video Desktop Share captures the desktop and sends the share as a video stream
• Video Desktop Share requires an active softphone mode call
• Video Desktop Share is enabled by default and can be disabled using the jabber-config.xml or the SIP profile
• Interoperable with Jabber, Telepresence and Video Bridges (TPS)
• IM Only Screen Share is available in Jabber for Windows 10.5 +
• No active call required
IM Only Screen Share• Screen share from an IM session
• No requirement for active call
• Support for multiparty screen share – up to 1 + 5 participants
• Support for Remote Desktop Control
• Independent of telephony mode
• Softphone mode and deskphone mode supported
• Protocols & Port Numbers
• IM Screen share capabilities negotiated through xmpp session
• IM Screen share media selects a random TCP port ranging from 49152 to 65535
Screen share
button
Recipient can accept or
decline the share invitation
• From an IM Session with another Jabber for Windows user:
• An IM only based screen share will be initiated
• From an IM session with a Jabber for Mac user
• A video desktop share will be initiated
• From an active softphone mode call:
• A video desktop share will be initiated
• If an IM only screen share has been initiated before a call:
• The IM only based screen share session will be maintained
• IM Screen share enabled by default
• Can be disabled using jabber-config.xml
Which Share is Initiated?
<Policies>
<enablep2pdesktopshare>False</enablep2pdesktopshare>
</Policies>
Desktop Share Priority
Video Desktop Share
IM Only Desktop Share
WebEx Messenger Desktop Share
Remote Desktop Control
• IM Only desktop share recipients can request to take control of desktop share initiators remote desktop
• Initiator is prompted to accept the remote control request
• Share recipient can release control
• Initiator can revoke control at any time
Cloud Based Desktop Share• Configuring Ad-hoc WebEx Desktop Share
• The remote party will receive an invitation to join the WebEx share
Types of File Transfer
• Basic P2P File Transfer• Send & receive files
• File share from desktop or mobile
• Screen Capture on desktop carried over file transfer
• Send & receive photos & videos (Mobile)• Stored on mobile devices
• Captured with camera (not saved on device)
• 3rd Party Cloud services (Mobile)• Box
• Google Drive
• iCloud
• Dropbox
• etc…
File Transfer P2P – Jabber with WebEx Messenger
XMPP/JINGLE
(Offer FT to remote user)
XMPP/SOCKS5Bytestr
eam
File is shared via proxy
Cloud Model
FT Proxy
XMPP/JINGLE
(Accepts FT, offers
transfer option (always
via proxy for Jabber) on
port 443)
File Transfer – Jabber with WebEx Messenger
// query if there is bytestream proxy (by Service Discovery at login)<iq to='proxy.<proxyhost>.webex.com' id='uid:5294102d:00007590:0000004a' type='get'>
<query xmlns='http://jabber.org/protocol/bytestreams'/></iq>
// jingle command to peer to initiate FT<iq to="cholland@cisco.com/wbxconnect" id="uid:5294102d:00004090:0000004b" type="set">
<jingle xmlns="urn:xmpp:jingle:1" action="session-initiate" initiator=”aperez@webex.com/wbxconnect" sid="SID1">
<content creator="initiator"><description xmlns=" num="141" />
</content><x xmlns=">Start sending file 'policy2.ini(3 bytes)'.</x>
</jingle></iq>
File Transfer - Request
When initial query comes back
positive, Jabber will render “File
Transfer” image
File Transfer – Jabber with WebEx Messenger
// SI, offer possible transfer methods.<iq to=”paodwyer@cisco.com/wbxconnect" id="uid:5294102d:00002d5c:0000004c" type="set">
<si xmlns=" id="uid:5294102d:000018bf:0000004d" profile="><file xmlns=" name="policy2.ini" size="3" /><feature xmlns=">
<x xmlns="jabber:x:data" type="form"><field type="list-single" var="stream-method">
<option label="ibb"><value>http://jabber.org/protocol/ibb</value> // Direct (for use with legacy clients)
</option><option label="oob">
<value>jabber:iq:oob</value></option><option label="s5b">
<value>http://jabber.org/protocol/bytestreams</value> // Proxy (for use with Jabber)</option><value />
</field></x>
</feature></si>
</iq>
File Transfer - Request
File Transfer – Jabber with WebEx Messenger
// server responds with the proxy address and port<iq from=”<proxyhost>.webex.com" id="uid:5294102d:00007590:0000004a" to=”aperez@webex.com/wbxconnect" type="result" xml:lang="en">
<query xmlns="><streamhost host=”<proxyhost>.webexconnect.com"
jid="proxy.<proxyhost>.webex.com" port=”443" /></query>
</iq>
// peer responds to the jingle.<iq from=”cholland@cisco.com/wbxconnect" id="uid:5294102d:00004090:0000004b" to=”aperez@webex.com/wbxconnect" type="result" xml:lang="en" />
File Transfer - Request
File Transfer – Jabber with WebEx Messenger
// peer responds with the chosen transfer method to accept FT<iq from=”cholland@cisco.com/wbxconnect" id="uid:5294102d:00002d5c:0000004c" to=”aperez@webex.com/wbxconnect" type="result" xml:lang="en">
<si xmlns="><feature xmlns=">
<x type="submit" xmlns="jabber:x:data"><field type="text-single" var="stream-method">
<value>http://jabber.org/protocol/bytestreams</value></field>
</x></feature>
</si></iq>// offer all the addresses and ports (always proxy for Jabber) to peer with the chosen method.<iq to="cwenbing@cisco.com/wbxconnect" id="uid:5294102d:00003bf3:00000053" type="set">
<query xmlns=" sid="uid:5294102d:00007cfd:00000052" mode="tcp"><streamhost jid="proxy.<proxyhost>.webex.com"
host=”<proxyhost>.webexconnect.com" port="443" /></query>
</iq>
File Transfer - Accept
The remote user is prompted to accept or
decline
File Transfer – Jabber with WebEx Messenger
// peer chooses FT via proxy. <iq from="cholland@cisco.com/wbxconnect" id="uid:5294102d:00003bf3:00000053" to=”aperez@webex.com/wbxconnect" type="result"
xml:lang="en"><query sid="uid:5294102d:00007cfd:00000052" xmlns=">
<streamhost-used jid="proxy.<proxyhost>.webex.com" /></query>
</iq>
// notify server to activate the connection to proxy<iq to="proxy.<proxyhost>.webex.com" id="uid:5294102d:00000029:00000054" type="set">
<query xmlns=" sid="uid:5294102d:00007cfd:00000052"><activate>cholland@cisco.com/wbxconnect</activate>
</query></iq>
// server responds to the activation<iq from="proxy.<proxyhost>.webex.com" id="uid:5294102d:00000029:00000054" to=“aperez@webex.com/wbxconnect" type="result"
xml:lang="en"><query sid="uid:5294102d:00007cfd:00000052" xmlns=">
<activate>cholland@cisco.com/wbxconnect</activate></query>
</iq>
File Transfer - Send
File Transfer – Jabber with WebEx Messenger
<iq from="cholland@cisco.com/wbxconnect" id="uid:5293f4a5:7473cd26" to=”aperez@webex.com/wbxconnect" type="set" xml:lang="en">
<si notifyid="uid:5294102d:00007cfd:00000052" profile=" status="0" xmlns=" /></iq>
// jingle command to finish <iq to="cholland@cisco.com/wbxconnect" id="uid:5294102d:00005ab0:00000055" type="set">
<jingle xmlns="urn:xmpp:jingle:1" action="session-terminate" initiator="cholland@cisco.com/wbxconnect" responder=”aperez@webex.com/wbxconnect" sid="SID2">
<content creator="initiator"><description xmlns=" num="141" />
</content><x xmlns=">Successfully sent file 'policy2.ini(3 bytes)'.</x>
</jingle></iq>
// peer responds to jingle command<iq from="cholland@cisco.com/wbxconnect" id="uid:5294102d:00005ab0:00000055" to=”aperez@webex.com/wbxconnect" type="result" xml:lang="en" />
File Transfer - Send
Sent…
Received…
File Transfer – Jabber with WebEx Messenger3rd Party Cloud Service
Leverages cloud
storage open
API’s…
File Transfer Policy
• File transfer allows users to exchange files over IM
• Use Policy list to enable/disable and control domains
Control over file type
allowed for transfer is
managed from IM
admin
Business BenefitsCisco Jabber SDK for Web Toolkit
Easily and rapidly add collaboration into web applications and business processes
Increase productivity and maintain context of interactions for end users
Add incremental value to Cisco® Collaboration deployments
Your UC enabled web application
Web Phone
(AJAX)
CAXL
(AJAX)
WebEx
(URL/XML)
CUMI
(REST)
Video Audio Call Cntl PresencePub/SubIM/ChatVoice
MailMeeting
Cisco Ajax XMPP Library (CAXL)
• CAXL is a Web 2.0 JavaScript library for integration of instant messaging, presence and roster
• Evolution of Jabber’s former jabberwerx suite
• Common SDK for on-prem (CUCM IM & P) and off-prem (WebEx Messenger) integration
• Uses BOSH for server communication(Bidirectional streams over synchronous HTTP)
IM/Chat Presence Location
API Name: Cisco Ajax XMPP Library
API Interface: AJAX
CAXL – Cisco Ajax XMPP Library
1 - Navigates
to Web Page
2 – Web Page with
embedded IM & P client is
returned to web browser3 – IM & P
client registers
to Cisco UCM
IM & P
4 – Cisco UCM
IM & P/ Cisco WebEx
Messenger returns
buddy list and
associated presence,
including self
presence, as well as
IM capabilities
Web Application
HTTP Proxy
CAXL
Registration
and IM & PCisco UCM IM & P or
WebEx Messenger
provides user database,
presence engine and
XMPP IM capabilities
Generic Web ServerHost the customised
web application,
Including CAXL
BOSH
CAXL – Cisco Ajax XMPP Library• 1:1 Instant Messaging
• Ability to initiate and receive P2P IM• Supports xHTML-IM rich-text
• Multi-user chat room • Ability to create adhoc chat rooms• Ability to invite and be invited to chat rooms• Ability to search for existing chat rooms
• Pub/Sub Applications (e.g. for GeoLocation)• Personal Eventing Protocol - Ability to
create/publish/subscribe to pub/sub service nodes on a server
• User Authentication
• Roster Presence and Roster (Contacts List) management
• Ability to Add/Update/Remove Contacts
• Ability to move contacts between groups
• My presence• Ability to set device presence
• When integrated with CUP, SDK can be configured to set CAXL device presence to be the same as Presence engine composed presence
• Temporary Presence Subscriptions• Ability to create temporary subscriptions to users
who are not on your roster (“Quick Contacts”)
• Ability to do bulk subscribe/unsubscribe of temporary subscriptions. Useful in multi-page applications where each page may have a different list of users
Presence
enabled
IM / Chat
enabled
Click 2 Call
enabled
Click 2 WebEx
enabled
Jabber SDK APIs: XMPP (CAXL), Web Phone Video (AJAX, Plugin)
• UC, Collaboration, Video capabilities everywhere
• Example only – an ISV or IT Pro could do the project
Click 2 Video
enabled
Use Case … Cisco UC in Business Process Apps
Traditional Unified Communications
–
Cisco Jabber
Introducing Agile Team Space
–
Cisco Spark
Adding Value to the Cloud
Powered by
Introducing Cisco Spark
Team Space -virtual rooms
An ‘team space’ app
that instantly creates a
virtual place for agile
teams to work together,
where their work can
live, and a way to stay
connected to it all
Persistent and secure messaging and file sharing
Face-to-face meetings with screen sharing
Superior business class experience
Making Teamwork Simpler.
For Additional Detail on Cisco Spark, please see:
BRKCOL-2607, Tuesday, June 9, 3.30pm
PSOCOL-2404, Tuesday, June 9, 12:30 p.m
Agile Team Productivity
Work together in unlimited virtual rooms that you can easily access
through a searchable, chronological list
Start collaborating with anyone by adding their name or e-mail address
Pull Everyone Together Simpler Way to Work With All Your TeamsConnect your calendar to create a Spark room
for any upcoming calendar entry. Join virtual meetings, including WebEx
meetings, in a single tap.
Cisco Jabber
• Jabber: the power of convergence
• Traditional Enterprise IM & Presence, Voice and Video, Conferencing, etc.
• Leverage Collaboration investments, in one soft-client experience
• Cisco UC Manager environment, WebEx Messenger, Telepresence etc.
• Spark & Jabber (with WebEx Messenger)
• Modern organizations are evolving with different end-users types • One size does not fit all!
• Agile and Traditional worker types
• Introduction of Spark into customer site is optional• Roadmap maintained for Jabber and WebEx Messenger backend
• ‘Messaging’ Inter-op being developed as base interop (see ‘Fusion’ for deeper integration)
• Inter-op for mix and match: depending on organization use case
• Licensing entitlement carry forward
Subject to change
See Related Sessions…• BRKUCC-2345 Tue, June 9 8:00 a.m., Cisco Jabber: Deploying Cisco Jabber On Premise, Bryan Morris
• BRKCOL-2344 Tue, June 9 3:30 p.m., Deploying Cisco Jabber on Mobile Devices, Seongho Hong
• BRKUCC-2086 Wed, June 10 3:30 p.m., Extend the Reach of Your Cisco Video Solution with Cisco Jabber Guest, Darin Dunlap
• BRKCOL-2607 Tue, June 9 3:30 p.m., Understanding Cloud and Hybrid Cloud Collaboration Deployment, Louis Pratt
• PSOCOL-2404 Tue, June 9 12:30 p.m., Cisco Spark and the Cisco Collaboration Cloud, Miroslav Polakovic
• BRKUCC-2801 Tue, June 9 8:00 a.m., Cisco Expressway at the Collaboration Edge design session, Kevin Roarty
• BRKCOL-2023 Thu, June 11 8:00 a.m., Architecting Unified Communications to enable Workspace Transformation, Vanessa Sulikowski
• BRKUCC-2444 Mon, June 8 1:00p.m., Directory Services and Single sign-on for the Cisco Collaboration Solution, Paulo Jorge Correia
Participate in the “My Favorite Speaker” Contest
• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)
• Send a tweet and include
• Your favorite speaker’s Twitter handle @paultodwyer
• Two hashtags: #CLUS #MyFavoriteSpeaker
• You can submit an entry for more than one of your “favorite” speakers
• Don’t forget to follow @CiscoLive and @CiscoPress
• View the official rules at http://bit.ly/CLUSwin
Promote Your Favorite Speaker and You Could Be a Winner
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Table Topics
• Meet the Engineer 1:1 meetings
• https://www.linkedin.com/in/odwyerpaul
• Related sessions
Collaboration Cisco Education OfferingsCourse Description Cisco Certification
CCIE Collaboration Advanced Workshop (CIEC) Gain expert-level skills to integrate, configure, and troubleshoot complex
collaboration networks
CCIE® Collaboration
Implementing Cisco Collaboration Applications
(CAPPS)
Understand how to implement the full suite of Cisco collaboration
applications including Jabber, Cisco Unified IM and Presence, and Cisco
Unity Connection.
CCNP® Collaboration
Implementing Cisco IP Telephony and Video
Part 1 (CIPTV1)
Implementing Cisco IP Telephony and Video
Part 2 (CIPTV2)
Troubleshooting Cisco IP Telephony and Video
(CTCOLLAB)
Learn how to implement Cisco Unified Communications Manager, CUBE,
and audio and videoconferences in a single-site voice and video network.
Obtain the skills to implement Cisco Unified Communications Manager in a
modern, multisite collaboration environment.
Troubleshoot complex integrated voice and video infrastructures
CCNP® Collaboration
Implementing Cisco Collaboration Devices
(CICD)
Implementing Cisco Video Network Devices
(CIVND)
Acquire a basic understanding of collaboration technologies like Cisco Call
Manager and Cisco Unified Communications Manager.
Learn how to evaluate requirements for video deployments, and implement
Cisco Collaboration endpoints in converged Cisco infrastructures.
CCNA® Collaboration
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com
top related