deployment guide for cisco spark hybrid call · pdf filedeployment guide for cisco spark...
TRANSCRIPT
Deployment Guide for Cisco Spark Hybrid Call ServicesFirst Published: 2017-04-10
Last Modified: 2018-04-09
Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 527-0883
© 2018 Cisco Systems, Inc. All rights reserved.
C O N T E N T S
P r e f a c e New and Changed Information vii
C H A P T E R 1 Overview of Hybrid Call Services 1
Overview of Hybrid Call Service Aware and Connect 1
Overview of Hybrid Call Service for Cisco Spark Devices 3
C H A P T E R 2 Prepare Your Environment 5
Requirements for Hybrid Call Service 5
Cisco Spark License Requirements 5
Unified CM Device Requirements 5
Cisco Call Control Requirements 6
Cisco Expressway Requirements 7
Cisco Spark App Requirements 7
High Availability 8
Custom Certificates for Mutual TLS Authentication between Expressway-E and the Cloud 8
Complete the Prerequisites for Hybrid Call Service Aware 9
Complete the Prerequisites for Hybrid Call Service Connect 10
Complete the Expressway-C Connector Host Prerequisites for Cisco Spark Hybrid Services 13
Management Connector 15
Call Connector 16
Configure IOS MTPs 17
Configure an IOS Media Termination Point for Hybrid Call Service Connect 17
Configure Media Termination Point Settings in Unified Communications Manager 18
Check the Registration and Connection Status of the Media Termination Point 19
Cisco Spark Remote Device Overview and License Requirements 19
Request Temporary License Coverage for CTI-RDs Used For Hybrid Call Service Connect 20
Deployment Guide for Cisco Spark Hybrid Call Services iii
C H A P T E R 3 Deploy Hybrid Call Service Aware 23
Hybrid Call Service Aware Deployment Task Flow 24
Register Expressway-C Connector Hosts to the Cisco Collaboration Cloud 26
Certificate Authorities for Cisco Spark Hybrid Services 28
Prepare Cisco Unified Communications Manager User Accounts for Hybrid Call Service
Aware 28
Configure an Application Account for Call Connector 29
Configure the Connection to Cisco Unified Communications Manager 30
Start the Call Connector 31
Check Your User Configuration for Hybrid Call Services 31
Verify the Connector Status 32
Enable Hybrid Call Service Aware for Users 32
Test Cisco Spark App Screen Sharing and Integrated Call History 33
C H A P T E R 4 Deploy Hybrid Call Service Connect 35
Hybrid Call Service Connect Deployment Task Flow 36
Activate Hybrid Call Service Connect for Your Organization 39
Configure Cisco Unified Communications Manager Settings for Hybrid Call Service
Connect 41
Prepare Cisco Unified Communications Manager User Accounts for Hybrid Call Service
Connect 44
Configure Remote Devices Automatically from the Call Connector 45
Manually Create a Cisco Spark Remote Device and Associate it with a Unified CM User 46
Restart the Call Connector from the Expressway-C 47
Configure the Expressway-E for Hybrid Call Service Connect 48
Update the Expressway-E Trust List with Cisco Collaboration Cloud Certificates 49
Configure Call Processing Language Rules on Expressway-E (X8.9.1 and Later) 49
Configure Services andMutual TLS Authentication Between a New Expressway-E and the
Cisco Collaboration Cloud 51
Configure Services and Mutual TLS Authentication Between an Existing Expressway-E
and the Cisco Collaboration Cloud 53
Create a DNS Zone (Expressway-E to Cisco Collaboration Cloud) 54
Configure a Secure Traversal Server Zone from Expressway-E to Expressway-C 56
Create Inbound and Outbound Search Rules on Expressway-E 58
Deployment Guide for Cisco Spark Hybrid Call Servicesiv
Contents
Configure the Expressway-C for Hybrid Call Service Connect 60
Configure a Secure Traversal Client Zone From Expressway-C to Expressway-E 61
Create an Expressway-C Neighbor Zone for each Unified CM Cluster 63
Configure Search Rules on Expressway-C 66
Enable Hybrid Call Service Connect for Cisco Spark Users 68
Place Test Calls to Verify Hybrid Call Service Connect Configuration 69
Related Documentation 70
C H A P T E R 5 Deploy Hybrid Call Service for Cisco Spark Devices 73
Requirements for Hybrid Call Service for Cisco Spark Devices 73
Hybrid Call Service for Cisco Spark Devices Task Flow 74
Create a Directory Number for Cisco Spark Devices With Hybrid Call Service 76
Create a Unified CM Account for Cisco Spark Devices with Hybrid Call Service 77
Create an Automatic Cisco Spark Remote Device for Cisco Spark Devices with Hybrid Call
Service 78
Create a Manual Cisco Spark Remote Device for Cisco Spark Devices With Hybrid Call
Service 79
Create a Place and Add Services for Cisco Spark Room Devices 80
Add Services to an Existing Place 81
Check Status of Cisco Spark Devices With Hybrid Call Service 82
Activation Errors and Causes for Hybrid Call Service for Cisco Spark Devices 83
Deactivate Hybrid Call Service from Cisco Spark Devices 84
C H A P T E R 6 Troubleshoot Hybrid Call Services 85
Troubleshoot with the Hybrid Connectivity Test Tool 85
Alarms for Cisco SparkHybrid Call Service 87
Cisco Spark Status Page 88
Restart the Call Connector from the Expressway-C 88
Mutual TLS and SIP Destination 88
Test Calls 89
Cisco Spark Control Hub and Expressway-C Connector Hosts 89
Expressway Pair Configuration 90
Unified CM Configuration 91
C H A P T E R 7 Known Issues with Hybrid Call Services 93
Deployment Guide for Cisco Spark Hybrid Call Services v
Contents
Known Issues and Limitations with Hybrid Call Service Aware and Connect 93
Known Issues and Limitations with Hybrid Call Service for Cisco Spark Devices 98
A P P E N D I X A Tool to Migrate CTI Remote Devices to Cisco Spark Remote Devices 99
Migrate CTI-RDs to Cisco Spark-RDs 99
Cancel Cisco Spark-RD Conversion 100
Last Run Statuses for Migration Tool 101
Troubleshoot CTI-RD to Cisco Spark-RD Migration 101
A P P E N D I X B Bulk Configure Unified CM Users and Cisco Spark Remote Devices for Hybrid Call Service
Connect 105
Bulk Configure Unifed CM Users and Remote Devices Task Flow 105
Enable Users for Mobility 106
Export Your User List 107
Edit Your User List 107
Create the Remote Device File Format 108
Edit the New File Template 109
Create a Remote Device Template 110
Upload Your Remote Device Template File 110
Insert the Remote Device Entries 111
Check the Status of Your Bulk Job 111
A P P E N D I X C Important Items for Cisco Spark Hybrid Services Deployments 113
Important Items for Your Cisco Spark Hybrid Services Deployment 113
TCP Port 5062 on the Internet Firewall 113
Why the Cloud Checks Domain Ownership 117
Supported Certificate Authorities 119
Deployment Guide for Cisco Spark Hybrid Call Servicesvi
Contents
New and Changed Information
This table covers new features or functionality, changes to existing content, and any major errors that werefixed in the Deployment Guide.
For information about call connector software updates, see the Call Connector Release Notes.
Changes MadeDate
• AddedOverview of Hybrid Call Service for Cisco Spark Devices,on page 3 to the overview chapter.
◦“If you have a hybrid enterprise environment, you can useCisco Spark Hybrid Call Service Connect to provide hybridcall functionality for room, desk, and Cisco Spark Boarddevices that are added to Cisco Spark Places. Cisco Sparkdevices are registered to the cloud, and when they areenabled with Hybrid Call Service Connect, they havevisibility in to the enterprise. Cisco Spark devices in theplace become a part of your existing on-premises dial plan,allowing these devices to call user extensions, the PSTN,and receive incoming calls.”
• Added new chapter Deploy Hybrid Call Service for Cisco SparkDevices, on page 73 that documents the new functionality. Thechapter contains the prerequisites, deployment steps, and knownissues.
• Added Known Issues and Limitations with Hybrid Call Servicefor Cisco Spark Devices, on page 98
April 9, 2018
Added new issue to Known Issues and Limitations with Hybrid CallService Aware and Connect, on page 93 under "Enable User forConnect":
A remote destination for hybrid call users (such [email protected]) cannot be associated to both aCisco Spark-RD and Remote Destination Profile at the same time.Otherwise, the remote device fails to activate.
February 23, 2018
Deployment Guide for Cisco Spark Hybrid Call Services vii
Changes MadeDate
Added new section: Alarms for Cisco SparkHybrid Call Service, onpage 87.
February 16, 2018
Added new sections on a tool that can migrate CTI-RDs to CiscoSpark-RDs. This tool is enabled on the Expressway-C connector hostand Cisco Spark-RDs are the strongly recommended option for yourhybrid calling deployment.
• Tool to Migrate CTI Remote Devices to Cisco Spark RemoteDevices, on page 99
• Migrate CTI-RDs to Cisco Spark-RDs, on page 99
In the remote device tasks, added this statement: “For Cisco Spark-RDs,the CSS is used for outbound calls initiated by the Cisco Spark app toenterprise phones or the PSTN. The Rerouting CSS is used for inboundcalls to the on-premise phones that are forked to the Cisco CollaborationCloud.”
Dec 18, 2017
In Troubleshoot with the Hybrid Connectivity Test Tool, on page 85,added links to the Troubleshooting Guide for Cisco Spark Hybrid CallService Connect.
December 5, 2017
Added documentation for the Hybrid Connectivity Test Tool, atroubleshooting tool that initiates a TLS connection to the Expressway-ESIP destination. The results indicate whether the Expressway-E isreachable and secure.
• Troubleshoot with the Hybrid Connectivity Test Tool, on page85 (New section.)
• Activate Hybrid Call Service Connect for Your Organization,on page 39 (Added Steps 6 and 7.)
November 28, 2017
In the Unified CM, Expressway-C, and Expressway-C deploymentsections, added a statement that SIP Parameter Preservation must beset to On on all zones for all Expressways involved in call routing toand from the enterprise.
November 22, 2017
• In Cisco Spark Remote Device Overview and LicenseRequirements, on page 19, indicated that Basic UCL must beupgraded to Enhanced UCL for Cisco Spark RD.
• In Complete the Expressway-C Connector Host Prerequisites forCisco Spark Hybrid Services, on page 13, added *.rackcdn.comas an requirement for port 443 (TCP outbound from theExpressway-C).
November 7, 2017
Deployment Guide for Cisco Spark Hybrid Call Servicesviii
New and Changed Information
Changes MadeDate
Removed supported certificate authorities section and replaced withlinks to this knowledge base article that lists supported certificateauthorities for Cisco Spark.
October 30, 2017
• Added SNRworkaround for Cisco Spark for iOS users in KnownIssues and Limitations with Hybrid Call Service Aware andConnect, on page 93.
September 28, 2017
Added new section: High Availability, on page 8. Added more detailsto the Cisco Spark remote device overview (including CTI-RDlimitations that the device type addresses).
September 20, 2017
Added Cisco Spark-RD releases: Unified CM11.0(1a)SU3 and 12.0(1).
Added SME (Unified CM 12.0(1)) as an option to Create anExpressway-C Neighbor Zone for each Unified CM Cluster, on page63.
September 7, 2017
• Added hunt group limitation to the known issues and limitation.
• Added dial plan and digit manipulation information to the CallService Connect prerequisites.
September 1, 2017
Rewrote the Updated the Cisco Spark remote device (Cisco Spark-RD)support statement: supported Unified CM versions are 10.5(2)SU5,11.0(1)SU3, and 11.5(1)SU3.
August 23, 2017
Added new "Known Issues and Limitations" section. Clarified what"simplex failure" means in the capacity guidelines.
July 24, 2017
• Updated Overview of Hybrid Call Service Aware and Connect,on page 1 with visual aids that go over the deployment steps.
• Updated Call Connector, on page 16 with information aboutautomatic load balance of users across nodes in a cluster.
July 6, 2017
Updated Requirements for Hybrid Call Service, on page 5 to state:Hybrid Call Service Connect calls are classified the same as MobileRemote Access (MRA), Business-To-Business (B2B) calls, and thecalls traverse existing Expressway C and E pairs.
June 30, 2017
Deployment Guide for Cisco Spark Hybrid Call Services ix
New and Changed Information
Deployment Guide for Cisco Spark Hybrid Call Servicesx
New and Changed Information
C H A P T E R 1Overview of Hybrid Call Services
• Overview of Hybrid Call Service Aware and Connect, page 1
• Overview of Hybrid Call Service for Cisco Spark Devices, page 3
Overview of Hybrid Call Service Aware and ConnectHybrid Call Service Aware
Hybrid Call Service Aware provides the following benefits to you and your users:
• Makes Cisco Spark “aware” of all calls across your existing unified communications system.
• Share your desktops in their Cisco Spark app during a call—no need to set up a formal meeting.
◦After the call is connected, a Cisco Spark message space for the callers is moved to the top of thelist within the app. If they don't have a space, Cisco Spark instantly creates one.
◦Both users simply press a single button to share their desktop when the call is connected.
• View on-premises and Cisco Spark call status and duration.
• Unlock on-premises call history—it is viewable not only from existing devices, but also the Cisco Sparkapp on any device to facilitate instant callback.
Deployment Guide for Cisco Spark Hybrid Call Services 1
Refer to this diagram which shows the components of Hybrid Call Service Aware architecture and where theconnectors integrate the on-premises components with the cloud.
Figure 1: Connector, On-Premises, and Cloud Components for Hybrid Call Service Aware
For more information about Cisco Validated Design, architecture, and call flows, see the Preferred Architecturefor Cisco Spark Hybrid Services, CVD documentation.
Hybrid Call Service Connect
Hybrid Call Service Connect is deployed on top of Hybrid Call Service Aware and provides the followingbenefits to you and your users:
• Connects Cisco Spark with Cisco Unified Communications Manager so that they work together.
• The Cisco Spark app can be used as a mobile soft client for voice and video calling and shares anextension with users Cisco desk phone.
• They can answer calls on your desk phone or on the Cisco Spark app, and use the app to make andreceive calls as if they were in the office.
• Cisco Spark, Cisco Jabber, or your desk phone to call without worrying about which option you or theother person is using
• Extend an on-premises directory number or extension to cloud-registered room devices in a Cisco SparkPlace. See Overview of Hybrid Call Service for Cisco Spark Devices, on page 3 for more information.
With Hybrid Call Service Aware and Hybrid Call Service Connect together, your users can
• Make the same calls from their desk phones or the Cisco Spark app
• Hear incoming calls ring both their desk phones and the Cisco Spark app and answer the call on either
Deployment Guide for Cisco Spark Hybrid Call Services2
Overview of Hybrid Call ServicesOverview of Hybrid Call Service Aware and Connect
Refer to this diagram which shows the components of Hybrid Call Service Connect architecture and wherethe connectors integrate the on-premises components with the cloud. The diagram includes Cisco DirectoryConnector for the use case of synchronizing Active Directory users in to Cisco Spark.
Figure 2: Connector, On-Premises, and Cloud Components for Hybrid Call Service Connect
For more information about Cisco Validated Design, architecture, and call flows, see the Preferred Architecturefor Cisco Spark Hybrid Services, CVD documentation.
Overview of Hybrid Call Service for Cisco Spark DevicesIf you have a hybrid enterprise environment, you can use Cisco Spark Hybrid Call Service Connect to providehybrid call functionality for room, desk, and Cisco Spark Board devices that are added to Cisco Spark Places.Cisco Spark devices are registered to the cloud, and when they are enabled with Hybrid Call Service Connect,they have visibility in to the enterprise. Cisco Spark devices in the place become a part of your existingon-premises dial plan, allowing these devices to call user extensions, the PSTN, and receive incoming calls.
For example, although the devices are registered to the cloud, you can provide them with a line and PSTNservice that is served through your Unified CM deployment. People can call these devices to join a meeting;people can also use these devices to dial other extensions or numbers.
This diagram shows the on-premises components that comprise the Hybrid Call Service Connect architecture.This architecture provides call connectivity to Cisco Spark cloud-registered devices in a place, so that thesedevices can use the Unified CM dial plan.
Deployment Guide for Cisco Spark Hybrid Call Services 3
Overview of Hybrid Call ServicesOverview of Hybrid Call Service for Cisco Spark Devices
Figure 3: Connector, On-Premises, and Cloud Components of Hybrid Call Service for Cisco Spark Devices
The following points provide a functional overview of the feature:
• This feature creates and uses a Cisco Spark Remote Device (Cisco Spark-RD) in on-premises UnifiedCM to route calls to enterprise extensions, users, and PSTN.
• Features that are initiated from on-premises phones (such as hold, transfer, and conference) can includeCisco Spark devices with Hybrid Call Service.
• Any calls from Cisco Spark devices to PSTN or on-premises extensions are anchored to the CiscoSpark-RD in Unified CM.
Deployment Guide for Cisco Spark Hybrid Call Services4
Overview of Hybrid Call ServicesOverview of Hybrid Call Service for Cisco Spark Devices
C H A P T E R 2Prepare Your Environment
• Requirements for Hybrid Call Service, page 5
• High Availability, page 8
• Custom Certificates for Mutual TLS Authentication between Expressway-E and the Cloud, page 8
• Complete the Prerequisites for Hybrid Call Service Aware, page 9
• Complete the Prerequisites for Hybrid Call Service Connect, page 10
• Complete the Expressway-C Connector Host Prerequisites for Cisco Spark Hybrid Services, page 13
• Configure IOS MTPs, page 17
• Cisco Spark Remote Device Overview and License Requirements, page 19
Requirements for Hybrid Call Service
Cisco Spark License RequirementsTo deploy Hybrid Call Service and provide its features to your users:
• You must have a Cisco Spark organization with a paid subscription.
• Cisco Spark hybrid call users must be assigned a paid license that provides access to core Cisco Sparkmessaging and meeting services.
• The paid user licenses must not provide Cisco Spark hybrid call users access to a non-Unified CM-basedcalling service, such as Cisco Spark Calling.
Unified CM Device RequirementsHybrid Call Service is supported only with CTI-capable SIP phones and Cisco Jabber clients that are registeredto Unified CM. See the CTI Supported Device Matrix for more information.
Deployment Guide for Cisco Spark Hybrid Call Services 5
SCCP phonesmay encounter problems due to the 48-character limitation on the destination address. Third-partyIP phones and clients registered to Unified CM are not supported, neither are IP phones and clients registeredto other call control servers (such as Cisco VCS/Expressway, Cisco Meraki, Microsoft Lync/Skype forBusiness, BroadSoft/BroadWorks).
Cisco Call Control RequirementsTo enable Hybrid Call Service (Aware and Connect), you must use one of the supported Cisco call controlslisted in the table. Cisco Business Edition has Cisco Unified Communications Manager as part of all of itspackages, so make sure you have the right version.
Table 1: Cisco Call Control Requirements
VersionOn-Premises Call Control
Supported Cisco Spark Remote Device (Cisco Spark-RD) releases arerecommended for Hybrid Call Service Connect deployments. Theseminimum releases are also mandatory requirements for Hybrid Places.
Releases with Cisco Spark Remote Device Support
• 10.5(2)SU5
• 11.0(1a)SU3
• 11.5(1)SU3
• 12.0(1) (For Session Management Edition (SME) support.The leaf clusters connected to the SME cluster do not haveto be on release 12.0(1))
Minimum Supported Releases for Hybrid Call Service for Users
• 10.5(2) and later for Hybrid Call Service Aware
• 10.5(2)SU5 and later for both Hybrid Call Service Awareand Hybrid Call Service Connect.
• 12.0(1) and later for Session Management Edition (SME)support. (The leaf clusters connected to the SME cluster donot have to be on release 12.0(1).)
Cisco Unified CommunicationsManager
10.6(1) and laterCisco Hosted CollaborationSolution (check to see if yourprovider is offering Cisco SparkHybrid Services)
Deployment Guide for Cisco Spark Hybrid Call Services6
Prepare Your EnvironmentCisco Call Control Requirements
Cisco Expressway RequirementsYoumust deploy Expressway to host the connectors. Organizations using Cisco Hosted Collaboration Solutiondo not need Cisco Expressway on their premises. Instead, their Hosted Collaboration Solution partner willdeploy it in the cloud as part of their Cisco Spark Hybrid Services offering.
Table 2: Cisco Expressway Requirements
VersionRequirements
X8.7.1 at a minimum for Hybrid Call Service Connect for your users.
For Hybrid Places, as well as added security and toll fraud mitigation,you must use X8.9.2 and later.
Hybrid Call Service Connect calls are classified the same as MobileRemote Access (MRA), Business-To-Business (B2B) calls, and thecalls traverse existing Expressway C and E pairs.
• Calls that involve *.ciscospark.com in the route path do not counttowards the traversal license cost.
• Any B2B calls for a Cisco Spark app after anchoring on theCTI-RD/Cisco Spark-RD and then routing back out through theExpressways will consume traversal licenses.
Hybrid Call Service Connect follows existing MRA and B2B preferredarchitecture planning recommendations.
• Determine the total number of concurrent MRA, B2B, and CallService Connect calls
• Deploy the appropriate number of Expressway E/C pairs
• There is no net new Expressway C or E required for Hybrid CallService Connect
Cisco Expressway E and CTraversal Pair ( for hybrid calltraffic)
You can download the software image from software.cisco.com at nocharge.
We recommend the latest released version of Expressway for connectorhost purposes. See Expressway Connector Host Support for Cisco SparkHybrid Services for more information about which versions aresupported for new and existing registrations to the cloud.
Cisco Expressway Connector Host(for hosting software connectors)
Cisco Spark App RequirementsCisco Spark hybrid call users must download the Cisco Spark app for a supported platform from https://www.ciscospark.com/downloads.html.
Deployment Guide for Cisco Spark Hybrid Call Services 7
Prepare Your EnvironmentCisco Expressway Requirements
Cisco Spark App Support for Hybrid Call Service Aware
The feature set for Hybrid Call Service Aware is supported on Cisco Spark forWindows orMac. Mobileapps and the web client are not supported.
Cisco Spark App Support for Hybrid Call Service Connect
The feature set for Hybrid Call Service Connect is supported on Cisco Spark for Windows, Mac, andmobile (Android and iOS). The web client is not supported.
High AvailabilityCisco Spark Hybrid Services are highly available if Microsoft Exchange, Unified CM, and Cisco Expresswaysare deployed in a cluster. Specifically, the Expressway-C connector host can be deployed in a cluster to accountfor redundancy. The same guidelines that apply to Cisco VCS and Expressway apply to the Expressway-Cconnector host. For calendar, each user is assigned to one node; for call, each user is assigned to two nodes.
For Hybrid Call, if each cluster contains at least two nodes, the cluster has high availability by default. Thetotal number of onboarded users is affected by high availability. On each connector host in a cluster, a differentuser number is shown. Take the sum total and divide it by two to get an accurate total of your users. You canalso verify this total in Cisco Spark Control Hub (https://admin.ciscospark.com) by choosing the applicablecluster under Services > All Resources > View.
Custom Certificates for Mutual TLS Authentication betweenExpressway-E and the Cloud
For extra security, you might want your Expressway to communicate with the cloud through certificates thatwere signed by a certificate authority.
If your Expressway-E SIP TLS certificate was signed by a private certificate authority (or a certificate authoritythat is not trusted by the Cisco Collaboration Cloud default trust list—see the links below), then you canupload the certificate authority's root certificate to your organization's custom trust list on the Services >Hybrid Call > Settings page.
• To use a custom certificate, you must verify any domain that is used in your organization. Any verifieddomains must be present on the Expressway-E certificate as a subject alternate name (SAN).
•When a SIP-TLS transaction takes place between the Cisco Collaboration Cloud and your Expressway-E,the cloud analyzes the domains that are listed in your Expressway-E SAN list. The cloud then checks ifthe domain in the SAN has been verified by the organization. If the check fails, the TLS connection willterminate.
• If the Expressway-E certificate does not contain your domain as a SAN, or if you did not verify thedomain, the cloud cannot identify which certificate store to use. The result is that TLS negotiations fail,even if you have supplied the correct certificates on the Services > Hybrid Call > Settings page.
Deployment Guide for Cisco Spark Hybrid Call Services8
Prepare Your EnvironmentHigh Availability
Certificate Revocation Lists
If your private certificate authority inserts a certificate revocation list (CRL), ensure that the CRL locationsare reachable from the public internet. If a CRL is present but not reachable, the Cisco Collaboration Cloudcannot verify whether the certificate was revoked.
In this case, the certificate must not try to access a CRL.
Related Topics
Domain verificationSupported Certificate Authorities for Cisco Spark
Complete the Prerequisites for Hybrid Call Service AwareUse this checklist to prepare your call control environment. Address these items in advance to ensure a smoothdeployment of Hybrid Call Service Aware and activation of your Cisco Spark users.
Procedure
Step 1 Allow extra time to prepare these items first:a) Determine your certificate trust method. You can use manual or automatic upload; see Supported Certificate
Authorities for Cisco Spark for more information.b) Verify your identity by registering all the domains that are used to form your users' directory URIs and
email addresses. Ensure that the subject alternative names (SANs) belong to the domains that are registeredon your Cisco Spark organization.See Why the Cloud Checks Domain Ownership, on page 117 to understand why domain checks are animportant security measure.
Step 2 Install or upgrade to a supported version of Cisco Unified Communications Manager, as described inRequirements for Hybrid Call Service, on page 5.
Step 3 Provide the following port access:
• Port access for HTTPS or secure web sockets outbound from Expressway to *.rackcdn.com,*.ciscospark.com, *.wbx2.com, *.webex.com, and *.clouddrive.com: TCP port 443 (secure)
• For communication from Call Connector to Unified CM for CTI QBE, TCP port 2748.
• For AXL queries from Call Connector to Unified CM, TCP port 8443.
Step 4 Configure one of the following, depending on your deployment:
• Directory URI dialing for intracluster routing.
• Intercluster lookup services (ILS) for multicluster and business-to-business deployments.
Step 5 For all existing SIP trunks between Cisco Unified Communications Manager clusters, go toDevice > Trunk,open the trunk settings, and set the Calling and Connected Party Info Format to Deliver URI and DN inconnected party.
Step 6 Enable the following services on at least one node in the cluster (the bootstrap server, which can be thepublisher or subscriber node of a cluster):
Deployment Guide for Cisco Spark Hybrid Call Services 9
Prepare Your EnvironmentComplete the Prerequisites for Hybrid Call Service Aware
• AXL Web Service
• CTIManager Service
We recommend that you enable AXL Web Service and CTIManager Service on at least two nodes in thecluster.
Step 7 Ensure that Cisco CallManager Serviceability is enabled on at least one node in the cluster. This service isenabled by default and is used to discover nodes where the AXL Web Service and the CTIManager Serviceare enabled.
Complete the Prerequisites for Hybrid Call Service ConnectUse this checklist to prepare your call control environment for Hybrid Call Service Connect. Address theseitems in advance to ensure a smooth deployment of Hybrid Call Service Connect and activation of your CiscoSpark users.
Procedure
Step 1 Deploy Hybrid Call Service Aware, on page 23, which is a mandatory prerequisite for Hybrid CallService Connect.
Step 2 Allow extra time to prepare these items:
• Prepare your Expressway-E (SIP Destination) for the secure mutual TLS connection between CiscoSpark and your call control environment:
◦For an SRV record (multiple Expressway-Es for redundancy):
• If you have an existing SRV, allow the time to request a dedicated SRV for Hybrid CallService Connect and use port 5062. The SRV record resolves into Expressway-E A-records;the hostname is the A-record for Expressway-E.
• Request that port 5062 be open on the enterprise firewall.
• Make sure the port is open to and from the Internet.
• Verify that the mutual MTLS port is reachable by using a ping utility—for example, telnet[domainname or ip] [port] in a command prompt.
◦If you don't have time to request a dedicated SRV domain or don't want to wait, you can usehostname:port to avoid blocking the rest of setup.
See TCP Port 5062 on the Internet Firewall, on page 113 for more information.
• Follow these Expressway pair requirements:
◦If you don't have an existing Expressway pair deployed, read the following documents (ReleaseX8.7 and later) to design your new Expressway pair to work together:
◦Cisco Expressway Installation Guides
Deployment Guide for Cisco Spark Hybrid Call Services10
Prepare Your EnvironmentComplete the Prerequisites for Hybrid Call Service Connect
◦Cisco Expressway Basic Configuration Deployment Guide
◦Cisco Expressway and CUCM via SIP Trunk Deployment Guide
◦Cisco Expressway IP Port Usage for Firewall Traversal Deployment Guide
◦Install or upgrade your Expressway pair that handles SIP traffic to a supported version, as describedin Requirements for Hybrid Call Service, on page 5. Use the recommended version for allExpressways that are handling SIP calls to take full advantage of Hybrid Call Service Connect.
The Call Connector can run on a standalone or shared Expressway-C connector host, not the C or E inthe Expressway pair. See Expressway Connector Host Support for Cisco Spark Hybrid Services for theminimum supported version and User Capacity Limits for Expressway-based Cisco Spark HybridServices for capacity planning guidelines.
You can use an Expressway pair that's already configured for B2B or MRA deployments. You cannotuse a Jabber Guest Expressway pair to handle Hybrid Call Service Connect calls.
For a multi-region call control environment, you must contact your Cisco representatives, because thisdeployment requires a customized configuration.
• Determine your certificate trust method. You can use manual or automatic upload; see SupportedCertificate Authorities for Cisco Spark for more information.
• Verify your identity by registering all the domains that are used to form your users' directory URIs andemail addresses. Ensure that the subject alternative names (SANs) belong to the domains that are registeredon your Cisco Spark organization.See Why the Cloud Checks Domain Ownership, on page 117 in the links below to understand whydomain checks are an important security measure.
Step 3 Open ports for media traversal between phones, Expressways, and the Cisco Collaboration Cloud.FunctionProtocolPortsClient
SIP media between phones andExpressways. Open these ports on theExpressways themselves.
UDP36000–59999Expressway pair
Cisco Spark Hybrid Services media.TCP/UDP33434–33598Cisco Spark app
Step 4 (Optional) Download the latest Cisco Directory Connector software from Cisco Spark Control Hub (https://admin.ciscospark.com) and use it to import user attributes from your Active Directory:
• Enterprise work phone numbers
• Email addresses—These must match the user's Cisco Spark user email address.
For more information about how to use Cisco Directory Connector, see the Deployment Guide for CiscoDirectory Connector.
Step 5 Follow these Cisco Unified Communications Manager requirements:
Deployment Guide for Cisco Spark Hybrid Call Services 11
Prepare Your EnvironmentComplete the Prerequisites for Hybrid Call Service Connect
• Install or upgrade your Cisco Unified Communications Manager to the minimum supported version, asdescribed in Requirements for Hybrid Call Service, on page 5. We recommend a version that supportsthe Cisco Spark Remote Device (Cisco Spark-RD).
• Prepare your licensing:The CTI remote device counts as a device for CiscoUnified CommunicationsManager licensing purposes.We recommend that you request temporary licensing from Global Licensing Operations.
• Configure Directory URIs in one of the following ways:
◦Intracluster routing for a single cluster deployment
◦Intercluster lookup service (ILS) routing for a multicluster deployment
• Check your codec configuration.Cisco Spark supports the following codecs:
• Audio—G.711, G.722, AAC-LD
• Video—H.264
We support G.729 when users join a aWebExmeeting, Personal Roommeeting, or Cisco Sparkmeeting from a SIP device. We do not support G.729 when a user dials 1:1 from Cisco Sparkto a SIP device or bridge.
Note
• Configure the following settings to be used for CTI remote device (CTI-RD) or Cisco Spark-RD creation:
◦Device pools
◦Locations
◦Calling search spacesThe calling search space must be able to route to partition of the PSTN gateway or trunk,as well as any other destinations that you want Cisco Spark users to be able to reach(conference bridges, enterprise-to-enterprise trunks, and so on).
Note
◦Note these values. You will use them when you create CTI-RDs or Cisco Spark-RDs for yourusers.
• Cisco Spark remote devices (Cisco Spark-RDs) are strongly recommended for your Hybrid Call Servicesdeployment. As an interim option, if you're using CTI-RDs and video-capable endpoints, configure theendpoints to avoid audio-only calls by using Configure an IOS Media Termination Point for HybridCall Service Connect, on page 17.
To support user-friendly mobile and web dial plans, Cisco Spark performs digit manipulation before sendingthe dialed digit to enterprise call control. Cisco Spark transforms a national PSTN dial plan (for example,convert (214) 555-2121 into +12145552121), but does not transform a private extension dial plan. A validnational number is converted to E.164 format based on the locale of the Cisco Spark user. See the Dial Planschapter in the Cisco Collaboration System Solution Reference Network Designs (SRND) guide for informationabout the role of dial plans and digit manipulation.
Deployment Guide for Cisco Spark Hybrid Call Services12
Prepare Your EnvironmentComplete the Prerequisites for Hybrid Call Service Connect
Complete the Expressway-C Connector Host Prerequisites forCisco Spark Hybrid Services
Use this checklist to prepare an Expressway-C for Cisco Spark Hybrid Services, before you register it to theCisco Collaboration Cloud to host hybrid services connector software.
Before You Begin
We recommend that the Expressway-C be dedicated to hosting connectors for Cisco Spark Hybrid Services.You can use the Expressway-C connector host for other purposes, but that can change the supported numberof users.
See User Capacity Limits for Expressway-based Cisco Spark Hybrid Services so that you can plan yourdeployment accordingly.
As an administrator of hybrid services, you retain control over the software running on your on-premisesequipment. You are responsible for all necessary security measures to protect your servers from physicaland electronic attacks.
Note
Procedure
Step 1 Obtain full organization administrator rights before you register any Expressways, and when you access thecustomer view in Cisco Spark Control Hub (https://admin.ciscospark.com) to administer your organizationservices to Cisco Collaboration Cloud.
Step 2 Plan your connector capacity by referring to User Capacity Limits for Expressway-based Cisco Spark HybridServices.
Step 3 Deploy the Expressway-C connector host in a cluster to account for redundancy. Follow the supportedExpressway scalability recommendations:
• For Hybrid Call Service on a dedicated Expressway-C:
◦Call Connector supports multiple Expressway-C clusters with no specific upper limit.
◦Each cluster supports up to 6 Expressway-C nodes for active/active redundancy.
Cisco Spark Hybrid Services are highly available if Microsoft Exchange, Unified CM, and Cisco Expresswaysare deployed in a cluster. The same guidelines that apply to Cisco VCS and Expressway apply for theExpressway-C connector host clustering.
Step 4 Follow these requirements for the Expressway-C connector host.
• Install the minimum supported Expressway software version. See the version support statement for moreinformation.
• Install the virtual Expressway OVA file according to the Cisco Expressway Virtual Machine InstallationGuide, after which you can access the user interface by browsing to its IP address. You can find thedocument in the list of Cisco Expressway Install and Upgrade Guides on cisco.com.
Deployment Guide for Cisco Spark Hybrid Call Services 13
Prepare Your EnvironmentComplete the Expressway-C Connector Host Prerequisites for Cisco Spark Hybrid Services
• You do not require a release key, or an Expressway series key, to use the virtual Expressway-C for theCisco Spark Hybrid Services. You may see an alarm about the release key. You can acknowledge toremove it from the interface.
• Use the Expressway web interface in a supported browser: Internet Explorer 8 or 9 (not in compatibilitymode), Firefox 3 or later, or Chrome.The interface may work in other browsers, but they are not officially supported. You must enableJavaScript and cookies to use the Expressway web interface.
Step 5 If this is your first time running Expressway, you get a first-time setup wizard to help you configure it forCisco Spark Hybrid Services.Select all the services that apply. For example, you may want this Expressway-C to do both Cisco SparkHybrid Services and Business to business calls. Select Proceed without selecting services if you prefer toconfigure the Expressway-C without the wizard.
Step 6 Check that the following requirements are met for the Expressway-C connector host. You would normallydo this during installation. See the Cisco Expressway Basic Configuration Deployment Guide, in the list ofCisco Expressway Configuration Guides on cisco.com, for details.
• Basic IP configuration (System > Network interfaces > IP)
• System name (System > Administration)
• DNS settings (System > DNS)
• NTP settings (System > Time)
• New password for admin account (Users > Administrator accounts, click Admin user then Changepassword link)
• New password for root account (Log on to CLI as root and run the passwd command)
Step 7 Configure the Expressway-C as a "cluster of one":
•We recommend that you configure the Expressway as a primary peer before you register it, even if youdo not currently intend to install an extra peer.
When you change clustering settings on X8.11 and later, be aware that removing all peeraddresses from the System > Clustering page signals to the Expressway that you want toremove it from the cluster. This causes the Expressway to factory reset itself on its nextrestart. If you want to remove all peers but keep configuration on the remaining Expressway,leave its address on the clustering page and make it the primary in a "cluster of one".
Caution
• Here are the minimum clustering settings required, but the Cisco Expressway Cluster Creation andMaintenance Deployment Guide has more detail:
◦System > Clustering > Cluster name should be an FQDN.
Typically this FQDN is mapped by an SRV record in DNS that resolves to A/AAAA records forthe cluster peers.
◦System > Clustering > Configuration primary should be 1.
◦System > Clustering > TLS verification mode should be Permissive, at least until you add asecond peer.
Select Enforce if you want cluster peers to validate each others' certificates before allowingintercluster communications.
Deployment Guide for Cisco Spark Hybrid Call Services14
Prepare Your EnvironmentComplete the Expressway-C Connector Host Prerequisites for Cisco Spark Hybrid Services
◦System > Clustering > Cluster IP version should match the type of IP address of thisExpressway-C.
◦System > Clustering > Peer 1 address should be the IP address or FQDN of this Expressway
Each peer FQDN must match that Expressway's certificate if you are enforcing TLS verification.
To ensure a successful registration to the cloud, use only lowercase characters in the hostnamethat you set for the Expressway-C. Capitalization is not supported at this time.
Caution
Step 8 If you have not already done so, open required ports on your firewall.
• All traffic between Expressway-C and the Cisco Collaboration Cloud is HTTPS or secure web sockets.
• TCP port 443 must be open outbound from the Expressway-C to *.rackcdn.com, *.ciscospark.com,*.wbx2.com, *.webex.com, and *.clouddrive.com.
Step 9 Get the details of your HTTP proxy (address, port) if your organization uses one to access the internet. You'llalso need a username and password for the proxy if it requires basic authentication. The Expressway cannotuse other methods to authenticate with the proxy.
•We tested and verified Squid 3.1.19 on Ubuntu 12.04.5.
•We have not tested auth-based proxies.
If your organization uses a TLS proxy, the Expressway-C must trust the TLS proxy. The proxy's CAroot certificate must be in the trust store of the Expressway. You can check if you need to add it atMaintenance > Security > Security Trusted CA certificate .
Note
Step 10 Review these points about certificate trust. You can choose the type of secure connection when you begin themain setup steps.
• Cisco SparkHybrid Services requires a secure connection between Expressway-C and Cisco CollaborationCloud.
You can let Cisco Collaboration Cloud manage the root CA certificates for you. However, if you chooseto manage them yourself, be aware of certificate authorities and trust chains; you must also be authorizedto make changes to the Expressway-C trust list.
Management ConnectorThe Management Connector is included in the Expressway-C base. You use it to register an Expressway tothe cloud and link the Expressway interface with Cisco Spark Control Hub. TheManagement Connector playsan important role as the coordinator of all connectors running on the Expressway server or cluster: It providesyou with a single point of control for connector activities. The Management Connector enables cloud-basedmanagement of the on-premises connectors, handles initial registration with the cloud, manages the connectorsoftware lifecycle, and provides status and alarms.
For an HTTPS connection to be established between the Management Connector and the cloud, you mustupdate the trust list on the Expressway-C connector host with certificates that were signed by certificateauthorities in use by the Cisco Collaboration Cloud. You can allow the Cisco Collaboration Cloud to uploadCA certificates to the Expressway-C trust store. Or, in the case where security policies prevent the Cisco
Deployment Guide for Cisco Spark Hybrid Call Services 15
Prepare Your EnvironmentManagement Connector
Collaboration Cloud from uploading trusted certificate authority certificates on Expressway-C, you mayupload them manually.
Call ConnectorThe Call Connector is the on-premises component Hybrid Call Service. The connector runs on a dedicatedor shared Expressway-C connector host that you register to the Cisco Collaboration Cloud.
Hybrid Call Service use the Call Connector software that runs as a module within Cisco Expressway. CallConnector uses APIs to discover user devices configured in Cisco call control and monitors them for callactivity. Call events are reported to Cisco Spark, which creates instant meetings and updates Cisco Sparkspaces and call history. Call Connector also creates or updates a virtual remote device that represents CiscoSpark within Cisco call control. Hybrid Call Service Connect uses this remote device to extend calls to CiscoSpark, and to allow calls from Cisco Spark to be identified with the calling user. In addition, Hybrid CallService Connect requires a Cisco Expressway firewall traversal solution to enable these calls between CiscoSpark and your existing call control.
SIP traffic to and from the cloud does not need to be routed to the same Expressway-C on which CallConnector runs. The Call Connector monitors and provisions aspects of users and their devices, but doesnot handle the calls themselves.
Note
The Call Connector acts like a broker between the cloud and your on-premises call control environment (CiscoUnified Communications Manager, Business Edition 6000/7000, or Hosted Collaboration Solution). Theconnector establishes a secure connection and uses CCMEncryption for the CTI interface. In addition tosecurely connecting your on-premises environment to the cloud, the connector is used to:
• Discover users’ telephony devices and associated settings.
• Subscribe for call control event notifications when users are enabled for Hybrid Call Services.
• Resubscribe after an outage.
• Monitor call control activity in your Cisco Unified Communications Manager clusters.
• Hand off calls to the cloud where they are converted to a service-based call experience.
• Use the CTIManager service from your Cisco Unified Communications Manager to monitor your users'phones.
• Provide active/active redundancy if you configure the connector on a second Expressway-C.
• Provide automatic load balancing of users across different Expressway-C connector clusters (1 clusterwith 2 nodes)—no manual administration is required.
• Retrieve users’Directory URIs from Cisco Unified CommunicationsManager and makes them availableto Cisco Spark for reaching users.
• Automatically create Cisco Spark remote devices (Cisco Spark-RDs) with a basic configuration for usersof Hybrid Call Service Connect.
• Configure users’ Cisco Spark-RDs with a Cisco Spark SIP address automatically created as the remotedestination (for Hybrid Call Service Connect).
• Builds a table that the user directory URIs to cluster fully qualified domain names (FQDN) in amulti-cluster scenario.
Deployment Guide for Cisco Spark Hybrid Call Services16
Prepare Your EnvironmentCall Connector
• Does a lookup to add the correct route header information to the SIP message.
Configure IOS MTPs
Configure an IOS Media Termination Point for Hybrid Call Service ConnectOut-of-Band (OOB) DTMF is required for DTMF interoperability with Cisco Spark CTI remote devices. Ifany devices registered to your call control environment do not support OOB, then Unified CommunicationsManager inserts a software MTP.
To ensure that both audio and video is passed through properly on a call involving TC/CE-based endpoints,you must use an IOS-based MTP with passthrough configured.
Before You Begin
• The information in this procedure is intended as a generic example for IOS configuration. Yourconfiguration requirements may vary and depend on the IOS version on yourMTPs and your call controlenvironment. For further guidance, see the configuration guides for specific IOS versions.
• To avoid packet loss, you must use anMTP that supports Real Time Control Transport Protocol (RTCP).See Audio and Video RTCP Passthrough on ISRGateways for MTP, TRP&RSVPAgents for guidance.
Procedure
Step 1 Establish the connection and priority level between the MTP and Unified Communications Manager.
Example:sccp local GigabitEthernet0/0
sccp ccm 10.10.10.1 identifier 1 priority 1 version 7.0 (10.10.10.1 is the primary call processing node andhas the highest priority of 1.)
sccp ccm 10.10.10.2 identifier 2 priority 2 version 7.0 (10.10.10.2 is the secondary call processing nodeand has a lower priority of 2.)
sccp
!
Step 2 Create a Unified Communications Manager group, associate the nodes with the group, and establish prioritywithin the group.
Example:sccp ccm group 1
associate ccm 1 priority 1
associate ccm 2 priority 2
Step 3 Choose one of the example configurations to create the DSP farm and codec passthrough:
• For a hardware MTP:
Deployment Guide for Cisco Spark Hybrid Call Services 17
Prepare Your EnvironmentConfigure IOS MTPs
associate profile 1 register {MTP name registered with CUCM} (This name should match the nameof the MTP that you want to configure on Unified Communications Manager.)
!
!
dspfarm profile 1 mtp
description passthru mtp for call service connect
codec g711ulaw
codec pass-through
maximum sessions hardware 4 (As a minimum.)
associate application SCCP
• For a software MTP:associate profile 1 register {MTP name registered with CUCM} (This name should match the nameof the MTP that you want to configure on Unified Communications Manager.)
!
!
dspfarm profile 1 mtp
description passthru mtp for call service connect
codec g711ulaw
codec pass-through
maximum sessions software 4 (As a minimum.)
associate application SCCP
Configure Media Termination Point Settings in Unified CommunicationsManager
After you configure theMTP through the IOS commands, youmust register it to your Unified CommunicationsManager and link the MTP as a media resource to the TC/CE software-based endpoints that fail to delivervideo during a call between Call Service Connect users.
Procedure
Step 1 UnderMedia Resources >Media Termination Point, add a new Cisco IOS Enhanced Software MediaTermination Point and enter the exact name of the IOS MTP that you configured.
Step 2 UnderMedia Resources >Media Resource Group, create a new group and move the IOS MTP to theSelected Media Resources field.
Step 3 UnderMedia Resources >Media Resource Group List, create a new list and move the media resourcegroup to the Selected Media Resource Groups field.
Deployment Guide for Cisco Spark Hybrid Call Services18
Prepare Your EnvironmentConfigure Media Termination Point Settings in Unified Communications Manager
If any MTPs in your Unified CM cluster aren't allocated to a Media Resource Group List, then theMTP allocation may not function as expected. See this document for more information.
Note
Step 4 Perform one of the following steps:
• Associate the media resource group list with the device pool that contains any TC/CE endpoints thatmay be used for video in your call environment.
• Associate the media resource group list directly with any TC/CE endpoints that may be used for videoin your call environment.
Check the Registration and Connection Status of the Media Termination PointAt any point after you completed the registration steps, use IOS commands to check the status.
Procedure
Run any of the following commands from an IOS MTP:
• show dspfarm profile 1 to list the usage of resources that is associated with the profile.
• show sccp to view the registration status from IOS.
• show sccp connections to verify whether calls are correctly passing through.
• show voip rtp connections to verify whether audio and video data over the real-time transport protocol(RTP) is passing through.
Cisco Spark Remote Device Overview and LicenseRequirements
To activate Cisco Spark Hybrid Call Service Connect for a user, you must create a virtual device for that userin Unified Communications Manager. The device ties in with the user's remote destination so that incomingcalls are forked to both Cisco Spark and the user's main device. Outgoing calls can be made from the app asif from the user's desk phone, too.
The Cisco Spark Remote Device (Cisco Spark-RD) is a dedicated and fully compatible virtual device forCisco Spark’s functional requirements and behaviors. Cisco Spark-RDs address several CTI remote device(CTI-RD) limitations. Key limitations of CTI-RDs include:
• Remote Destination (Cisco Spark SIP address) length can't be greater than 48 characters
• Requires MTP for all calls
• Requires IOS-MTP passthrough support for video or screen share capability
• Counts as an additional device for licensing
In addition, several bugs inherited from the CTI-RD are resolved in the Cisco Spark-RD.
Deployment Guide for Cisco Spark Hybrid Call Services 19
Prepare Your EnvironmentCheck the Registration and Connection Status of the Media Termination Point
Some releases of Unified Communications Manager natively support the Cisco Spark-RD. This option ishighly recommended over the existing CTI-RD option. If you're not using a supported version of UnifiedCommunications Manager, you can use the CTI-RD as an interim solution.
A key difference between the CTI-RD and the Cisco Spark-RD is that the CTI-RD counts as an extra devicefor licensing purposes, but the Cisco Spark-RD does not count for users who already have at least one associateddevice that requires an Enhanced UCL.
A standalone Cisco Cisco Spark-RD uses one Enhanced UCL. If a user has any other UC device that requiresan Enhanced UCL, then Cisco Cisco Spark-RD does not count towards the license total.
Use this table to understand the license requirements for Cisco Spark-RDs for Unified CM or HCS.
License Requirement for Unified CM or HCSDevice
• Enhanced UCL for Unified CM
• HCS Foundation
Cisco Spark-RD alone
• EnhancedUCL for Unified CM—ABasic UCLmust be upgradedto Enhanced UCL.
• HCS Foundation
Cisco Spark-RD plus desk phone
• Enhanced Plus UCL for Unified CM
• HCS Standard
Cisco Spark-RD plus 2 deskphones
Enhanced UCL—The same Unified CM license requirement as anyother hybrid user. For a newly deployed system, this license will haveto be provided.
For a room system converted from Unified CM registered to CiscoSpark registered, its existing Unified CM license is sufficient.
Cisco Spark-RD plus Hybrid Callfor Cisco Spark Devices in a Place
Request Temporary License Coverage for CTI-RDs Used For Hybrid Call ServiceConnect
When a CTI-RD is created for Hybrid Call Service Connect, users with Enhanced or Enhanced Plus UCLlicensing may require a higher level of licensing to accommodate the additional device. Because this situationis temporary, Cisco Global Licensing Operations (GLO) will issue temporary Unified CommunicationsManager licensing as necessary until the release of the dedicated Spark-RD is more broadly available.
Procedure
Step 1 Activate Hybrid Call Service Connect for eligible users, as desired. CTI remote devices are created automaticallyat the time of user activation, or you may create them manually before service activation.
Deployment Guide for Cisco Spark Hybrid Call Services20
Prepare Your EnvironmentRequest Temporary License Coverage for CTI-RDs Used For Hybrid Call Service Connect
The additional CTI remote devices may cause Prime License Manager to report non-compliance with UCMlicensing requirements
Step 2 Export a license request from Prime License Manager, and take a screenshot from Prime License Managerthat shows the licensing deficiency.
Step 3 Open a case with Global Licensing Operations by emailing [email protected]. Use the keywords “Hybrid”and “Call Service Connect” in your request.
Step 4 Provide the following required information:
• The license request exported from Prime License Manager.
• The screenshot that you took of the the current license deficiency in Prime License Manager.
• TheWeb Order ID number for Cisco Spark Message/Meet services, specifically including the followingproduct IDs:
◦A-SPK-NU-M1
◦A-SPK-NU-M2
◦A-SPK-NU-M3
• The following acknowledgement:I understand and agree that any temporary UCM licensing issued in response to this request (1) will beused only to remedyUCM licensing deficiencies created by CTI-RDs configured for users of Call ServiceConnect; (2) will neither extend nor be renewed beyond the release of the Spark RD in the major UCMrelease train (10.X or 11.X) for which the temporary licensing is issued.
GLO will issue temporary UCM licensing resolving the license deficiency for a number of Enhancedand Enhanced Plus users no greater than the number of users for which Cisco Spark Message/Meetservices have been ordered.
Example: A customer has 100 Enhanced and 20 Enhanced Plus 10.X users, all of which have themaximum number of devices. The customer has ordered Spark M1 Message service for 100 users.CTI-RDs are created for 60 Enhanced and 20 Enhanced Plus users, creating a licensing deficiency whichmust be resolved within 60 days. GLOwill provide 60 Enhanced Plus and 20 CUWLStandard temporarylicenses for UCM (but no CUWL licenses for other applications). These temporary licenses will not beextended after the availability of a UCM release in which Spark RD is fully supported (11.0(1) SU3,10.5(2) SU5, and 11.5(1) SU3). The expiration of the temporary licenses will recreate the originallicensing deficiency. The customer must resolve this deficiency by upgrading UCM within 60 days.
Cisco Spark remote devices (Cisco Spark-RDs) are strongly recommended for your hybrid deploymentbecause they do not require a license or MTP insertion, and contain further bug fixes. To use this option,you must use Unified CM 10.5(2)SU5, 11.0(1a)SU3, 11.5(1)SU3, or 12.0(1). For unsupported releases,the CTI-RD is used instead, which requires a license and insertion of an MTP. For manual and automaticcreation on a supported release, you must use Cisco Spark-RDs for new activations. CTI-RDs createdwith an earlier release will continue to work until they are migrated to Cisco Spark-RDs.
Hybrid Call Service support of Cisco Spark-RD will be announced separately, and is not implied by theavailability of Cisco Spark-RD in Unified Communications Manager.
Note
Deployment Guide for Cisco Spark Hybrid Call Services 21
Prepare Your EnvironmentRequest Temporary License Coverage for CTI-RDs Used For Hybrid Call Service Connect
Deployment Guide for Cisco Spark Hybrid Call Services22
Prepare Your EnvironmentRequest Temporary License Coverage for CTI-RDs Used For Hybrid Call Service Connect
C H A P T E R 3Deploy Hybrid Call Service Aware
• Hybrid Call Service Aware Deployment Task Flow, page 24
• Register Expressway-C Connector Hosts to the Cisco Collaboration Cloud, page 26
• Prepare Cisco Unified Communications Manager User Accounts for Hybrid Call Service Aware, page28
• Configure an Application Account for Call Connector, page 29
• Configure the Connection to Cisco Unified Communications Manager, page 30
• Start the Call Connector, page 31
• Check Your User Configuration for Hybrid Call Services, page 31
• Verify the Connector Status, page 32
• Enable Hybrid Call Service Aware for Users, page 32
• Test Cisco Spark App Screen Sharing and Integrated Call History, page 33
Deployment Guide for Cisco Spark Hybrid Call Services 23
Hybrid Call Service Aware Deployment Task Flow
Before You Begin
Complete the Prerequisites for Hybrid Call Service Aware, on page 9
Procedure
PurposeCommand or Action
Domain verification is essential to the security and integrity ofyour organization. Verification proves to us that you own aparticular domain and is required for this service to work.
Add and Verify DomainsStep 1
If your company has multiple domains, add each domain one at atime. For example, if you have users in sales.example.com and insupport.example.com, you must add both domains.
If your organization enforces email addresses, you are presentedwith warnings about possible user lockout. You are forced to verify
Deployment Guide for Cisco Spark Hybrid Call Services24
Deploy Hybrid Call Service AwareHybrid Call Service Aware Deployment Task Flow
PurposeCommand or Action
and remove domains in a particular order to prevent administratorlockout. When adding domains, for example, you must add theadministrator domain first, followed by all other domains.
Cisco Spark Hybrid Services use software connectors to securelyconnect the Cisco Spark service to your organization's environment.
Register Expressway-CConnector Hosts to the Cisco
Step 2
Use Cisco Spark Control Hub to register your Expressway-C toCollaboration Cloud, on page26 the cloud. After you complete the registration steps, the connector
software is automatically deployed on your on-premisesExpressway-C (the software connector host).
Follow these steps and confirm these settings for each user thatyou want to configure for Hybrid Call Service Aware. You must
Prepare Cisco UnifiedCommunicationsManagerUser
Step 3
prepare your on-premises user accounts and an associatedAccounts for Hybrid CallService Aware, on page 28 CTI-enabled device for each user in CiscoUnified Communications
Manager. This configuration is required before you enable HybridCall Service Aware for them.
Configure an administrator account with the required AXL andCTI access permissions. Call Connector uses this account to
Configure an ApplicationAccount for Call Connector,on page 29
Step 4
communicate with Cisco Unified Communications Manager,monitor any user's phone, and validate user configuration.
To enable Hybrid Call Service Aware, you must link CallConnector to your Cisco Unified Communications Manager
Configure the Connection toCiscoUnified CommunicationsManager, on page 30
Step 5
environment by entering server information for a single node. Thisstep provides a bridge between Cisco Unified CommunicationsManager and the Cisco Collaboration Cloud, with the connectoracting as the broker between the two.
Manually enable the Call Connector after you register yourExpressway-C for Cisco Spark Hybrid Services.
Start the Call Connector, onpage 31
Step 6
With the user validation check, you can check whether CiscoUnified Communications Manager users are properly configured
CheckYour User Configurationfor Hybrid Call Services, onpage 31
Step 7
for Hybrid Call Service Aware and Hybrid Call Service Connect.The test checks all the configuration prerequisites, such as email,directory URI, and Cisco Spark remote device settings. To assistwith your configuration or troubleshooting, you can save any usererrors or warnings as a CSV file.
Before you enable your users for Hybrid Call Service Aware,ensure that you correctly installed the Call Connector.
Verify the Connector Status,on page 32
Step 8
Use this procedure to enable a small number of Cisco Spark usersfor Hybrid Call Service Aware.
Enable Hybrid Call ServiceAware for Users, on page 32
Step 9
To verify that Hybrid Call Service Aware was deployed correctly,walk through a test call with your users to verify the expectedbehavior.
Test Cisco Spark App ScreenSharing and Integrated CallHistory, on page 33
Step 10
Deployment Guide for Cisco Spark Hybrid Call Services 25
Deploy Hybrid Call Service AwareHybrid Call Service Aware Deployment Task Flow
Register Expressway-C Connector Hosts to the CiscoCollaboration Cloud
Cisco Spark Hybrid Services use software connectors to securely connect Cisco Spark to your organization'senvironment. Use this procedure to register Expressway-C resources to the cloud.
After you complete the registration steps, the connector software is automatically deployed on your on-premisesExpressway-C (the software connector host).
Before You Begin
• Sign out of any existing Expressway-C connections that are open in other browser tabs.
• If you're registering a cluster, register the primary peer. You don't need to register any other peers,because they register automatically when the primary registers. If you start with one node set up as aprimary, subsequent additions do not require a system reboot.
• If your on-premises environment proxies the outbound traffic, you must first enter the details of theproxy server onApplications >Hybrid Services >Connector Proxy and then complete this procedure.Doing so is necessary for successful registration.
If you enter proxy information for call connector, the call connector automatically detects thisconfiguration.
• The Cisco Collaboration Cloud rejects any attempt at registration from the Expressway web interface.You must first register your Expressway through Cisco Spark Control Hub, because the Control Hubneeds to hand out a token to the Expressway to establish trust and complete the registration.
• If the registration process times out, or fails for another reason (for example, you must fix certificateerrors or enter proxy details), you can restart registration in Cisco Spark Control Hub.
Procedure
Step 1 From the customer view in https://admin.ciscospark.com, go to Services, click Set up on the card for thehybrid service you're deploying, and then click Next.
Step 2 Choose a method to register the Expressway-C:
• New Expressways—choose Register a new Expressway with its Fully Qualified Domain Name(FQDN), enter your Expressway-C IP address or fully qualified domain name (FQDN) so that CiscoCollaboration Cloud creates a record of that Expressway-C and establishes trust, and then click Next.You can also enter a display name to identify the resource in Cisco Spark Control Hub.
To ensure a successful registration to the cloud, use only lowercase characters in the hostnamethat you set for the Expressway-C. Capitalization is not supported at this time.
Caution
Deployment Guide for Cisco Spark Hybrid Call Services26
Deploy Hybrid Call Service AwareRegister Expressway-C Connector Hosts to the Cisco Collaboration Cloud
• Existing Expressways—choose Select an existing Expressway cluster to add resources to thisservice, and then choose the node or cluster from the drop-down that you previously registered. Youcan use it to run more than one hybrid service.
Step 3 Click Next, and for new registrations, click the link to open your Expressway-C. You can then sign in to loadthe Connector Management window.
Step 4 Decide how you want to update the Expressway-C trust list:A check box on the welcome page determines whether you will manually append the required CA certificatesto the Expressway-C trust list, or whether you allow Cisco Collaboration Cloud to add those certificates foryou.
Choose one of the following options:
• Check the box if you want Cisco Collaboration Cloud to add the required CA certificates to theExpressway-C trust list.When you register, the root certificates for the authorities that signed the Cisco Collaboration Cloudcertificates are installed automatically on the Expressway-C. This means that the Expressway-C shouldautomatically trust the certificates and be able to set up the secure connection.
If you change your mind, you can use the Connector Management window to remove theCisco Collaboration Cloud CA root certificates and manually install root certificates.
Note
• Uncheck the box if you want to manually update the Expressway-C trust list. See the Expressway-Conline help for the procedure.
When you register, you will get certificate trust errors if the trust list does not currently havethe correct CA certificates. See Certificate Authorities for Cisco Spark Hybrid Services, onpage 28.
Caution
Step 5 Click Register. After you're redirected to Cisco Spark Control Hub, read the on-screen text to confirm thatCisco Collaboration Cloud identified the correct Expressway-C.
Step 6 After you verify the information, click Allow to register the Expressway-C for Cisco Spark Hybrid Services.
• Registration can take up to 5 minutes depending on the configuration of the Expressway and whetherit's a first-time registration.
• After the Expressway-C registers successfully, the Cisco Spark Hybrid Services window on theExpressway-C shows the connectors downloading and installing. The management connectorautomatically upgrades itself if there is a newer version available, and then installs any other connectorsthat you selected for the Expressway-C connector host.
• Each connector installs the interface pages that you need to configure and activate that connector. Youcan access them on the Applications > Hybrid Services menu on your Expressway-C connector host.
Troubleshooting Tips
If registration fails and your on-premises environment proxies the outbound traffic, review the Before YouBegin section of this procedure.
Step 7 \
Deployment Guide for Cisco Spark Hybrid Call Services 27
Deploy Hybrid Call Service AwareRegister Expressway-C Connector Hosts to the Cisco Collaboration Cloud
Certificate Authorities for Cisco Spark Hybrid ServicesThe table lists the Certificate Authorities that your on-premises or existing environment must trust when usingCisco Spark Hybrid Services.
If you opted to have Cisco Collaboration Cloud manage the required certificates, then you do not need tomanually append CA certificates to the Expressway-C trust list.
The issuers used to sign the Cisco Collaboration Cloud host certificates may change in future, and thetable below may then be inaccurate. If you are manually managing the CA certificates, you must appendthe CA certificates of the issuing authorities that signed the currently valid certificates for the hosts listedbelow (and remove expired/revoked CA certificates).
Note
For this purposeMust be trusted byIssuing CACloud hosts signedby this CA
To ensure Expresswaydownloads connectors from atrusted host
Expressway-CO=Baltimore,
OU=CyberTrust,
CN=Baltimore
CyberTrust Root
CDN
To synchronize users from yourActive Directory with CiscoCollaboration Cloud and toauthenticate Cisco SparkHybrid Services users
Windows Server 2003 orWindows Server 2008 hostingthe Cisco Directory Connector
Expressway-C
O=VeriSign, Inc.,
OU=Class 3 Public
Primary
Certification
Authority
Common identityservice
Expressway-CO=The Go Daddy
Group, Inc.,
OU=Go Daddy Class
2 Certification
Authority
Cisco Spark
Related Topics
Supported Certificate Authorities for Cisco Spark
Prepare Cisco Unified Communications Manager User Accountsfor Hybrid Call Service Aware
Follow these steps and confirm these settings for each user that you want to configure for Hybrid Call ServiceAware. You must prepare your on-premises user accounts and an associated CTI-enabled device for each userin Cisco Unified Communications Manager. This configuration is required before you enable Hybrid CallService Aware for them.
Deployment Guide for Cisco Spark Hybrid Call Services28
Deploy Hybrid Call Service AwareCertificate Authorities for Cisco Spark Hybrid Services
Before You Begin
• Register Expressway-C Connector Hosts to the Cisco Collaboration Cloud, on page 26
•When you set up Hybrid Call Services, you cannot activate a user with only an Extension Mobilityprofile and no associated device. For a user who is associated to a device and has an Extension Mobilityprofile,
• Both Hybrid Call Service Aware and Hybrid Call Service Connect activate.
• Hybrid Call Service Connect should work.
• Hybrid Call Service Aware does not create a screen sharing session for calls that include ExtensionMobility devices.
• Your users must have the Cisco Spark app installed and be signed in to use screen sharing while on acall—Windows, Mac, and Web are supported on desktop; Android and iOS are supported on mobilefor viewing screen shares.
Procedure
Step 1 From Cisco Unified CM Administration, go to User Management > End Users, choose any criteria, clickFind, and then open the user account that you want to configure.
Step 2 Verify that the user has a valid Directory URI that contains the same domain as your organization.Step 3 Verify thatMail ID contains the user's email address.Step 4 (Optional) Move any desk phones or other devices to Controlled Devices.
Call Connector monitors the phone that you move to the control list. However, the user only requires a CiscoSpark-RD at a minimum to be activated for Hybrid Call Service.
Step 5 Click Device Association, the device icon with the check mark.Step 6 For devices associated with the user, check the Allow Control of Device from CTI check box, and then save
your changes. Return to the user account.Step 7 Scroll to Directory Number Associations, and then set the primary extension to the user's directory number.Step 8 Save any changes you made.
What to Do Next
Configure an Application Account for Call Connector, on page 29
Configure an Application Account for Call ConnectorConfigure an administrator account with the required AXL and CTI access permissions. Call Connector usesthis account to communicate with Cisco Unified Communications Manager, monitor any user's phone, andvalidate user configuration.
Deployment Guide for Cisco Spark Hybrid Call Services 29
Deploy Hybrid Call Service AwareConfigure an Application Account for Call Connector
Procedure
Step 1 From Cisco Unified CMAdministration, go toUserManagement > Application User, and then choose one:
• ClickFind and, from the list, choose the administrator account that the connector will use to communicatewith Cisco Unified Communications Manager.
• Click Add New to create a new application user account.
Step 2 Configure the account with the correct roles:
• Standard AXL API Access
• Standard CTI Allow Control of all Devices
• Standard CTI Allow Control of Phones supporting Connected Xfer and conf
• Standard CTI Enabled
• Standard CTI Allow Control of Phones supporting Rollover Mode
Step 3 Click Save.
What to Do Next
Start the Call Connector, on page 31
Configure the Connection to Cisco Unified CommunicationsManager
To enable Hybrid Call Service Aware, you must link Call Connector to your Cisco Unified CommunicationsManager environment by entering server information for a single node. This step provides a bridge betweenCisco Unified Communications Manager and the Cisco Collaboration Cloud, with the connector acting as thebroker between the two.
Before You Begin
• Configure an Application Account for Call Connector, on page 29
• For each cluster in your call environment, you must only enter server information in the connector fora single Cisco Unified Communications Manager node. The node doesn't have to be primary, but enterone that is enabled for AXL Web Service and Cisco CallManager Serviceability.
• The connector on Expressway maintains a resilient connection between your cluster and the cloud. Theconnector is aware of all the server nodes in your cluster, so you only need to add one to the Expressway-Cconnector host. If a specific node goes down in the cluster, the connector will move to another server.
Deployment Guide for Cisco Spark Hybrid Call Services30
Deploy Hybrid Call Service AwareConfigure the Connection to Cisco Unified Communications Manager
Procedure
Step 1 From Expressway-C, go toApplications > Hybrid Services > Call Service > Unified CMServers, and thenclick New.
Step 2 Enter the hostname or IP address of a single Cisco Unified Communications Manager node on which CiscoAXL Web Service and Cisco CallManager Serviceability are enabled.
Step 3 Enter the credentials of the Call Connector account that you configured for Call Connector to connect to CiscoUnified Communications Manager.Enter a single node per cluster. The connector will automatically discover the other nodes in a clusterenvironment and identify those that can service CTI and AXL requests.
Step 4 Click Verify Credentials to test the connection and authentication for the provided credentials.After the page refreshes, a newHybrid Call Service Connect Configuration section appears. You can disregardthis section if you don't plan to configure Hybrid Call Service Connect or will do so later.
Step 5 After the connection test is successful, click Add to store the connector configuration on the Expressway-C.
What to Do Next
Start the Call Connector, on page 31
Start the Call ConnectorManually enable the Call Connector after you register your Expressway-C for Cisco Spark Hybrid Services.
Before You Begin
Configure the Connection to Cisco Unified Communications Manager, on page 30
Procedure
Step 1 From Expressway-C, go toApplications > Hybrid Services > ConnectorManagement, and then clickCallConnector.
Step 2 Choose Enabled from the Active drop-down list.Step 3 Click Save.
The connector starts and the status changes to Running on the Connector Management window.
Check Your User Configuration for Hybrid Call ServicesWith the user validation check, you can check whether Cisco Unified Communications Manager users areproperly configured for Hybrid Call Service Aware and Hybrid Call Service Connect. The test checks all theconfiguration prerequisites, such as email, directory URI, and Cisco Spark remote device settings. To assistwith your configuration or troubleshooting, you can save any user errors or warnings as a CSV file.
Deployment Guide for Cisco Spark Hybrid Call Services 31
Deploy Hybrid Call Service AwareStart the Call Connector
To prevent activation errors, we recommend that you run this test and address any configuration issues beforeyou activate users for Hybrid Call Services in Cisco Spark Control Hub.
Before You Begin
Configure the Connection to Cisco Unified Communications Manager, on page 30
Procedure
Step 1 From the Expressway-C connector host, choose Applications > Hybrid Services > Call Service > UnifiedCM Servers, and choose the registered Cisco Unified Communications Manager that you want to check.
Step 2 Perform one of the following steps:
• Upload a CSV file of a user list if you want to check the configuration of specific user accounts, andthen click Run (Specific User List).
• ClickRun (All Users) to check the configuration of all the user accounts registered to the Cisco UnifiedCommunications Manager.
A report appears with user accounts that contain configuration errors or warnings.
Step 3 Save the information as a CSV file and use it as a checklist to fix user and system settings in Cisco UnifiedCommunications Manager.
Step 4 Address any configuration issues in the Cisco Unified Communications Manager device and user settings.
What to Do Next
Verify the Connector Status, on page 32
Verify the Connector StatusBefore you enable your users for Hybrid Call Service Aware, ensure that you correctly installed the CallConnector.
Procedure
From Expressway-C, go to Applications > Hybrid Services > Call Service > Call Connector Status, andthen verify the configuration items in the Status column.
What to Do Next
Enable Hybrid Call Service Aware for Users, on page 32
Enable Hybrid Call Service Aware for UsersUse this procedure to enable a small number of Cisco Spark users for Hybrid Call Service Aware.
See Ways to Add and Manage Users in Your Cisco Spark Organization for other methods, such as using abulk CSV template or Active Directory synchronization through Cisco Directory Connector.
Deployment Guide for Cisco Spark Hybrid Call Services32
Deploy Hybrid Call Service AwareVerify the Connector Status
Before You Begin
• Cisco Spark users must already be assigned a paid license that provides them with core Cisco Sparkmessaging and meeting capabilities.
• You cannot enable the same user for both Hybrid Call Service and Cisco Spark Calling.
Procedure
Step 1 From the customer view in https://admin.ciscospark.com, go to Users.Step 2 Choose a specific user from the list, or use the search to narrow the list, and then click the row to open an
overview of the user.Step 3 Click Edit, and then ensure that the user is assigned at least one paid service under Licensed Collaboration
Services. Make necessary changes, and then click Save.Step 4 Click Call Service, toggle the Aware setting to turn it on, and then save your changes.
After you activate the service, the Cisco Spark user status changes from Pending Activation to Activated. Thelength of time for this change depends on the number of users that you're enabling for the service.
What to Do Next
On the user's overview, you can find this information:
• User status and history
• Further details on status (Activation, errors, and so on)
• Cluster and node the user is hosted on
• Directory URI
• Primary DN
• Phone Number
• Unified CM FQDNs (Hybrid Call Service Connect)
Test Cisco Spark App Screen Sharing and Integrated Call HistoryTo verify that Hybrid Call Service Aware was deployed correctly, walk through a test call with your users toverify the expected behavior.
Before You Begin
• Enable Hybrid Call Service Aware for Users, on page 32
• Before a test call, users may have to do a combination of the following steps:
• Start their Cisco Spark apps for Windows or OS X.
• Bring their apps to the foreground.
• Instruct any users you call to answer the incoming call on their desk phones.
Deployment Guide for Cisco Spark Hybrid Call Services 33
Deploy Hybrid Call Service AwareTest Cisco Spark App Screen Sharing and Integrated Call History
Procedure
Step 1 From an on-premises desk phone, call another user who you configured for Hybrid Call Service Aware.If the called user picked up on desk phone, in your Cisco Spark app for Windows or OS X, you both seeupdates in your space, indicating the duration of the active call. The call control window shows the buttonthat you press to start an instant screen share.
Step 2 Perform these steps to test that each user can start a screen share:a)
Click to start an instant screen share from the app. Choose your monitor, if prompted.b) Instruct the other user to start a screen share while yours is running.
When the second share starts, the first share stops immediately.
Step 3 End the call from the desk phone.The call control window disappears, and any in-progress screen share ends immediately. The space showsthe total duration of the call, but no longer indicate that the call is in progress.
Step 4From the Cisco Spark app, click Call to view the call history.
What to Do Next
• If you notice unexpected behavior from this test, see the known issues and limitations with Hybrid CallServices. You can also submit feedback in https://admin.ciscospark.com to open a ticket.
• To add more hybrid calling features, integrate your call control with Cisco Spark even further: you canset up Hybrid Call Service Connect to turn the Cisco Spark app into a softphone. Your users can placeand receive calls with the app the same way they would from their desk phones.
Deployment Guide for Cisco Spark Hybrid Call Services34
Deploy Hybrid Call Service AwareTest Cisco Spark App Screen Sharing and Integrated Call History
C H A P T E R 4Deploy Hybrid Call Service Connect
• Hybrid Call Service Connect Deployment Task Flow, page 36
• Activate Hybrid Call Service Connect for Your Organization, page 39
• Configure Cisco Unified Communications Manager Settings for Hybrid Call Service Connect, page41
• Prepare Cisco Unified CommunicationsManager User Accounts for Hybrid Call Service Connect, page44
• Configure Remote Devices Automatically from the Call Connector, page 45
• Manually Create a Cisco Spark Remote Device and Associate it with a Unified CM User, page 46
• Restart the Call Connector from the Expressway-C, page 47
• Configure the Expressway-E for Hybrid Call Service Connect, page 48
• Configure the Expressway-C for Hybrid Call Service Connect, page 60
• Enable Hybrid Call Service Connect for Cisco Spark Users, page 68
• Place Test Calls to Verify Hybrid Call Service Connect Configuration, page 69
• Related Documentation, page 70
Deployment Guide for Cisco Spark Hybrid Call Services 35
Hybrid Call Service Connect Deployment Task Flow
Before You Begin
• Complete the Prerequisites for Hybrid Call Service Aware, on page 9
• Complete the Prerequisites for Hybrid Call Service Connect, on page 10
Deployment Guide for Cisco Spark Hybrid Call Services36
Deploy Hybrid Call Service ConnectHybrid Call Service Connect Deployment Task Flow
Procedure
PurposeCommand or Action
Use this procedure to begin the initial setup in Cisco SparkControl Hub. These settings ensure that Hybrid Call
Activate Hybrid Call Service Connect forYour Organization, on page 39
Step 1
Service Connect is first enabled for your organizationbefore you do further configuration. You specify thedesired subdomain for your company, and that settingcreates Cisco Spark SIP addresses to identify users in theCisco Collaboration Cloud. Then, you toggle on HybridCall Service Connect for your organization. Last, you enterthe SIP destination address which resolves to yourExpressway-E in the call traversal pair. This entry istypically a DNS-SRV record which can resolve to multipleExpressway-Es.
Configure Cisco Unified Communications Manager toreceive calls directly from Expressway-E. This
Configure Cisco Unified CommunicationsManager Settings for Hybrid Call ServiceConnect, on page 41
Step 2
configuration enables URI routing between the cloud andthe on-premises enterprise. You'll create a cluster FQDN,which is the enterprise parameter that is used in SIP routingdecisions and that helps identify multiple clusters so callscan occur between them.
Configure Unified CM users so that their correspondingCisco Spark accounts in the cloud are activated with the
Perform one of the following tasks:Step 3
• Prepare Cisco UnifiedCommunications Manager User
correct call settings. Call Connector creates the remotedestination on the user's CTI or Cisco Spark remote deviceafter all the Unified CM settings are properly configured.Accounts for Hybrid Call Service
Connect, on page 44 for individualuser configuration.
• Bulk Configure Unifed CM Usersand Remote Devices Task Flow, onpage 105 for bulk user and CiscoSpark remote device configurationusing the Bulk Administration Tool.
Every Hybrid Call Service Connect user requires a virtualdevice: a Cisco Spark remote device (recommended option)
Perform one of the following tasks:Step 4
• Configure Remote DevicesAutomatically from the CallConnector, on page 45
or a CTI remote device (interim option). This virtual deviceis attached to a user's work number and links the user'sCisco Spark account SIP identity to the enterprise SIPidentity so that calls anchor on the Unified CM side or fork• Manually Create a Cisco Spark
Remote Device and Associate it witha Unified CM User, on page 46
to the Cisco Spark cloud side. From a technical standpoint,the remote device masks outbound calls from Cisco Sparkand displays the user's work number for calls from theCisco Spark app. Incoming calls also ring both the user'sCisco Spark app and desk phone.
Deployment Guide for Cisco Spark Hybrid Call Services 37
Deploy Hybrid Call Service ConnectHybrid Call Service Connect Deployment Task Flow
PurposeCommand or Action
To automate your configuration, on the Expressway-Cconnector host you can create remote devices for all yourusers in one step. The connector shows the remote devicefield values from your Cisco Unified CommunicationsManager, and then you can choose the values specific toyour deployment. After the connector creates the remotedevices, they are automatically moved to the users' controllists and their Cisco Spark SIP addresses are automaticallycreated as remote destinations.
Enterprise calls are securely routed over the Expresswaypair. If you want to reuse an existing pair, some of the
Configure the Expressway-E for HybridCall Service Connect, on page 48 byfollowing these tasks:
Step 5
required traversal configuration for Hybrid Call ServiceConnect may already be in place. However, read the
• Update the Expressway-E Trust Listwith Cisco Collaboration CloudCertificates, on page 49
procedures that follow to ensure that Expressway-E andExpressway-C are correctly configured.
• Choose one depending on yourdeployment:
◦Configure Services andMutualTLSAuthentication Between aNew Expressway-E and theCisco Collaboration Cloud, onpage 51
◦Configure Services andMutualTLS Authentication Betweenan Existing Expressway-E andthe Cisco Collaboration Cloud,on page 53
• Create a DNS Zone (Expressway-Eto Cisco Collaboration Cloud), onpage 54
• Configure a Secure Traversal ServerZone from Expressway-E toExpressway-C, on page 56
• Create Inbound andOutbound SearchRules on Expressway-E, on page 58
Enterprise calls are securely routed over the Expresswaypair. If you want to reuse an existing pair, some of the
Configure the Expressway-C for HybridCall Service Connect, on page 60 byfollowing these tasks:
Step 6
required traversal configuration for Hybrid Call ServiceConnect may already be in place. However, read the
• Configure a Secure Traversal ClientZone From Expressway-C toExpressway-E, on page 61
procedures that follow to ensure that Expressway-E andExpressway-C are correctly configured.
Deployment Guide for Cisco Spark Hybrid Call Services38
Deploy Hybrid Call Service ConnectHybrid Call Service Connect Deployment Task Flow
PurposeCommand or Action
• Create an Expressway-C NeighborZone for each Unified CM Cluster,on page 63
• Configure Search Rules onExpressway-C , on page 66
Enable Hybrid Call Service Connect for your users in CiscoSpark Control Hub—you can enable the service forindividual users or in bulk.
Enable Hybrid Call Service Connect forCisco Spark Users, on page 68
Step 7
Disable and reenable the Call Connector, so that theconnector captures Unified CM user and device
Restart the Call Connector from theExpressway-C, on page 47
Step 8
configuration changes that you made while deployingHybrid Call Services. During this restart cycle, theconnector creates a remote destinationwith the Cisco SparkSIP address on the Cisco Spark remote device. This addressis associated with end user accounts and the correspondingCisco Spark accounts. Toggle this setting as atroubleshooting step if you experience any issues, too.
Use this procedure to test Hybrid Call Service Connectcall scenarios. These steps verify whether you correctly
Place Test Calls to Verify Hybrid CallService Connect Configuration, on page69
Step 9
configured Hybrid Call Service Connect and can helpisolate any potential issues.
Activate Hybrid Call Service Connect for Your OrganizationUse this procedure to begin the initial setup in Cisco Spark Control Hub. These settings ensure that HybridCall Service Connect is first enabled for your organization before you do further configuration. You specifythe desired subdomain for your company, and that setting creates Cisco Spark SIP addresses to identify usersin the Cisco Collaboration Cloud. Then, you toggle on Hybrid Call Service Connect for your organization.Last, you enter the SIP destination address which resolves to your Expressway-E in the call traversal pair.This entry is typically a DNS-SRV record which can resolve to multiple Expressway-Es.
Before You Begin
• Deploy Hybrid Call Service Aware, on page 23
• Complete the Prerequisites for Hybrid Call Service Connect, on page 10
• If you havemultiple Expressway-Es for redundancy, we recommend that you create a dedicatedDNS-SRVrecord with a subdomain specifically for the mutual TLS port on Expressway-E. For Hybrid Call ServiceConnect, the secure mutual TLS connection is a requirement for the Expressway-E and cloud to trusteach other.
Deployment Guide for Cisco Spark Hybrid Call Services 39
Deploy Hybrid Call Service ConnectActivate Hybrid Call Service Connect for Your Organization
Procedure
Step 1 From the customer view in https://admin.ciscospark.com, perform one of the follow steps:
• From the first-time setup wizard for a new organization, choose Enterprise Settings
• For an existing Cisco Spark organization, go to Settings, and then scroll to Cisco Spark SIP Addresses.
Step 2 Follow the on-screen instructions to configure a custom SIP subdomain for your organization.This subdomain value creates individual Cisco Spark SIP addresses for each user. The addresses are used toreceive calls from any standards-based SIP calling service. See Cisco Spark SIPAddresses for more information.
Step 3 Go to Services, and then click Settings on the Hybrid Call card.Step 4 Scroll to Call Service Connect, and then click Activate to enable the service for your organization.
At this point, you can view the prerequisites before activation to make sure your environment is ready.If the Connect activation button is not available, you must first deploy Hybrid Call Service Awarebefore you can proceed. See Deploy Hybrid Call Service Aware, on page 23 for guidance.
Tip
Step 5 Scroll to the SIP Destination field on the same page, and then enter a network value that resolves to yourExpressway-E and the SIP mutual TLS port.Enter a network value using one of these formats:
Example Of Value to Enter (In Bold)Address Format
_sips_.tcp.sipmtls.example.comSRV domain
example.com:5062Hostname/FQDN:port
203.0.113.0:5062IP address:port
For multiple IP address entries, you must use the DNS SRV record method.
The SRV record can take time to request. If you want to start a trial or pilot, you can use hostname:portfor a single Expressway-E so that you can proceed with the setup steps. You can modify this settinglater and use the SRV record when that becomes available.
Tip
Step 6 Click Test to run a tool that checks that it can connect to the Expressway-E SIP destination you entered.The tool initiates a TLS connection to that address. The results indicate whether the Expressway-E is reachableand secure.
If you're a partner sales administrator, you can run this test on behalf of your customer.Note
Step 7 After the test shows the results, clickView test results to get more details on what the test ran and the outcomes.The results show the type of lookup (such as DNS SRV), FQDN, IP address, and the specific connection testssuch as a socket connection, SSL handshake with the Expressway-E, and a SIP OPTIONS ping. If any testsfail, the tool shows suggested steps to troubleshoot the issue. See Troubleshoot with the Hybrid ConnectivityTest Tool, on page 85 for more information.
Step 8 Save your changes.Step 9 (Optional) Browse to and upload your self-signed custom certificates.
For more information about manual certificate management, see Custom Certificates for Mutual TLSAuthentication between Expressway-E and the Cloud, on page 8.
Deployment Guide for Cisco Spark Hybrid Call Services40
Deploy Hybrid Call Service ConnectActivate Hybrid Call Service Connect for Your Organization
What to Do Next
Configure Cisco Unified Communications Manager Settings for Hybrid Call Service Connect, on page 41
Configure Cisco Unified Communications Manager Settings forHybrid Call Service Connect
Configure Cisco Unified Communications Manager to receive calls directly from Expressway-E. Thisconfiguration enables URI routing between the cloud and the on-premises enterprise. You'll create a clusterFQDN, which is the enterprise parameter that is used in SIP routing decisions and that helps identify multipleclusters so calls can occur between them.
Before You Begin
• Activate Hybrid Call Service Connect for Your Organization, on page 39
• Read the following documents to understand the routing design that is required for your environment:
◦Intracluster routing for a single cluster deployment
◦Intercluster lookup service (ILS) routing for a multicluster deployment
Procedure
Step 1 From Cisco Unified CM Administration on your publisher node, go to System > Enterprise Parameters,scroll to Clusterwide Domain Configuration, and then check the value for the Cluster Fully QualifiedDomain Name field.
Step 2 If the field is empty or the field contains domain entries with wildcards, enter a new value that is specific toHybrid Call Service Connect that follows these guidelines:
Description and ExampleFQDN Guideline
The entry must be unique for each cluster—For example,cluster1.example.com, cluster2.example.com, and soon.
Multiple clusters
Do not use entries such as *.example.com or example*.com.No wildcards
In a list of multiple entries, the Cisco Collaboration Cloud uses the firstentry for Hybrid Call Service Connect, and that first entry must notcontain a wildcard.
For example: cluster1.example.com *.example.com example*.com
First FQDN entry for HybridCalling
Must be different from the Expressway-E system, DNS, and domainname. Otherwise, Expressway-E strips the route header.
Different from Expressway-E
Deployment Guide for Cisco Spark Hybrid Call Services 41
Deploy Hybrid Call Service ConnectConfigure Cisco Unified Communications Manager Settings for Hybrid Call Service Connect
Description and ExampleFQDN Guideline
If your current FQDN entry in Unified CMdoesn't meet the requirementslisted above, you can add a new element to the beginning of the clusterFQDN setting for Hybrid Call Service Connect
For example, if your existing FQDN setting in Cisco UnifiedCommunications Manager is *.example.com *.example.org, add aunique, non-wildcard entry at the beginning of the field:"cluster1.example.com *.example.com *.example.org"
New entry for Hybrid Calling
You are not required to restart Cisco Unified CommunicationsManager or services for a cluster FQDN changeto take effect.
Step 3 Record or write down the name of the FQDN value that you want to use for Hybrid Call Service Connect.You need it for this procedure: Configure Search Rules on Expressway-C , on page 66.
Step 4 Go to Device > Device Settings > SIP Profile to create a new SIP profile that is based on the Standard SIPProfile For Cisco VCS template.a) Click Find, choose Standard SIP Profile For Cisco VCS, and then click Copy.b) Enter a name for the new profile—for example, Standard SIP Profile for Cisco Spark
Hybrid Calling.c) Scroll to Trunk Specific Configuration, and then set Early Offer support for voice and video calls to
Best Effort (no MTP inserted).You can apply this setting to a new SIP trunk to the Cisco Collaboration Cloud (routed by external domainciscospark.com). The setting does not affect any existing SIP trunking or call routing.
d) Leave all other fields with their default values and save your changes.
Step 5 (Optional) If your Expressway pair runs MRA or B2B, go to System > Security > SIP Trunk SecurityProfile and create a new SIP trunk security profile for Cisco Spark Hybrid Services.a) Enter a name for the new profile that is related to Cisco Spark or Hybrid Call Services—for example, SIP
Trunk Security Profile for Cisco Spark Hybrid Calling.b) Leave the Enable Digest Authentication check box unchecked.c) Do not set the incoming port value to 5061. Instead, change to an appropriate alternative—We recommend
5561.We recommend that you use TLS. This setting doesn't require Unified CM to be in mixed mode. In thiscase, you must specify the following:
• Transport type—TLS instead of TCP/UDP
• X.509 Subject Name—Mustmatch one of the Subject AlternativeNames (SANs) of the Expressway-C.
d) Leave all other fields with their default values and save your changes.
Step 6 Go to Device > Trunk to create a new SIP trunk to the Expressway-C, and then link the Cisco Spark SIPprofile to this trunk.a) Choose SIP Trunk as the trunk type; leave the other settings, and click Next.b) Configure these settings and leave the defaults for any settings not mentioned:
Deployment Guide for Cisco Spark Hybrid Call Services42
Deploy Hybrid Call Service ConnectConfigure Cisco Unified Communications Manager Settings for Hybrid Call Service Connect
ValueField Name
Hybrid_Calling_SIP_Trunk (for example)Name
Choose a device pool that contains the device-specific settings thatyou want the SIP trunk to inherit.
Device Pool
Deliver URI and DN in connected party, if available
This setting enables blended identity. It allows the SIP trunk totransmit the enterprise-side party's directory URI to Cisco Spark.
Calling and Connected Party InfoFormat
Enter the Expressway-C node addresses in the fields.Destination Address
Standard SIP Profile for Cisco SparkHybridCalling (for example)SIP Profile
c) Save your changes.
Step 7 Go to Call Routing > SIP Route Pattern to create a pattern that matches the Cisco Spark SIP address IPv4pattern.
ValueField Name
*.ciscospark.comIPv4 Pattern
Domain RoutingPattern Usage
Routing to Cisco SparkDescription
Choose the trunk you created—Hybrid_Calling_SIP_Trunk (forexample)
SIP Trunk/Route List
Standard SIP Profile for Cisco Spark Hybrid Calling (for example)SIP Profile
Combine Cisco Spark Hybrid Call Services with other solutions, such as B2B and MRA
• You can run Cisco Spark hybrid calls, B2B calls, and MRA calls across the same Expressway.
• If MRA is set up on your Expressway: For the trunk that you create for Cisco Spark, use a port otherthan 5060/5061 on Cisco Unified CommunicationsManager. This setup avoid conflicts with MRA callsand device registrations. On Cisco Unified CommunicationsManager, set up the Device Security Profilefor your Cisco Spark trunk to use a port other than 5060 or 5061.
• If B2B is set up on your Expressway: You can reuse your existing B2B trunks between Cisco UnifiedCommunications Manager and Expressway for Cisco Spark hybrid calls. If you want to run B2B callsand Cisco Spark hybrid calls on separate trunks between the Expressway-C and Cisco UnifiedCommunications Manager, you cannot run TLS on both trunks at the same time. See this bug overviewfor more information.
Deployment Guide for Cisco Spark Hybrid Call Services 43
Deploy Hybrid Call Service ConnectConfigure Cisco Unified Communications Manager Settings for Hybrid Call Service Connect
• If any of your Cisco Spark Hybrid Calling traffic goes over B2B, you must preserve the SIP parameterson all zones for all Expressways that are involved in call routing to and from the enterprise.
What to Do Next
Prepare Cisco Unified Communications Manager User Accounts for Hybrid Call Service Connect, on page44
Prepare Cisco Unified Communications Manager User Accountsfor Hybrid Call Service Connect
Configure Unified CM users so that their corresponding Cisco Spark accounts in the cloud are activated withthe correct call settings. Call Connector creates the remote destination on the user's CTI or Cisco Spark remotedevice after all the Unified CM settings are properly configured.
Before You Begin
Because you already set up Hybrid Call Service Aware, you already populated some of these fields in UnifiedCM.
Procedure
Step 1 From Cisco Unified CM Administration, go to User Management > End Users, choose any criteria, clickFind, and then open the user account that you want to configure.
Step 2 Verify that the user has a valid Directory URI that contains the same domain as your organization.Step 3 Verify thatMail ID contains the user's email address.Step 4 Under the user's Service Settings, check the Home Cluster checkbox.
Configure this setting on the Cisco Unified Communications Manager where each user is homed and wheretheir devices are registered.
Step 5 (Optional) Move any desk phones or other devices to Controlled Devices.Call Connector monitors the phone that you move to the control list. However, the user only requires a CiscoSpark-RD at a minimum to be activated for Hybrid Call Service.
Step 6 Click Device Association, the device icon with the check mark.Step 7 For devices associated with the user, check the Allow Control of Device from CTI check box, and then save
your changes. Return to the user account.Step 8 Scroll to Directory Number Associations, and then set the primary extension to the user's directory number.Step 9 For CTI remote devices, under the user's mobility information, checkEnableMobility—a requirement before
you can associate a CTI remote device to this user.This setting is not required for Cisco Spark-RDs.
Step 10 Save your changes.Step 11 If you created CTI or Cisco Spark-RDs automatically from the call connector, set the primary extension to a
directory number, and then save your changes.
Deployment Guide for Cisco Spark Hybrid Call Services44
Deploy Hybrid Call Service ConnectPrepare Cisco Unified Communications Manager User Accounts for Hybrid Call Service Connect
Configure Remote Devices Automatically from the CallConnector
Every Hybrid Call Service Connect user requires a virtual device: a Cisco Spark remote device (recommendedoption) or a CTI remote device (interim option). This virtual device is attached to a user's work number andlinks the user's Cisco Spark account SIP identity to the enterprise SIP identity so that calls anchor on theUnified CM side or fork to the Cisco Spark cloud side. From a technical standpoint, the remote device masksoutbound calls from Cisco Spark and displays the user's work number for calls from the Cisco Spark app.Incoming calls also ring both the user's Cisco Spark app and desk phone.
To automate your configuration, on the Expressway-C connector host you can create remote devices for allyour users in one step. The connector shows the remote device field values from your Cisco UnifiedCommunicationsManager, and then you can choose the values specific to your deployment. After the connectorcreates the remote devices, they are automatically moved to the users' control lists and their Cisco Spark SIPaddresses are automatically created as remote destinations.
Before You Begin
• Cisco Spark remote devices (Cisco Spark-RDs) are strongly recommended for your hybrid deploymentbecause they do not require a license or MTP insertion, and contain further bug fixes. To use this option,you must use Unified CM 10.5(2)SU5, 11.0(1a)SU3, 11.5(1)SU3, or 12.0(1). For unsupported releases,the CTI-RD is used instead, which requires a license and insertion of anMTP. For manual and automaticcreation on a supported release, you must use Cisco Spark-RDs for new activations. CTI-RDs createdwith an earlier release will continue to work until they are migrated to Cisco Spark-RDs.
• If you choose automatic configuration, a new remote device (CTI or Cisco Spark) and remote destinationis created when the new user is activated in https://admin.ciscospark.com.
Procedure
Step 1 From the Expressway-C connector host, go to Applications > Hybrid Services > Call Service > UnifiedCM Servers, and then the Cisco Unified Communications Manager node that you configured.
Step 2 For Cisco Spark Remote Device Configuration Type, choose Automatic.When using automatic remote device configuration, do not manually create a remote device andadd the Cisco Spark SIP address as a remote destination.
Caution
Step 3 Choose values from the prepopulated lists for theDevice Pool,Location,Calling Search Space, andRerouteCalling Search Space.These settings are shared across all of the automatically created Cisco Spark-RDs. Read these documents tounderstand the settings:
• Device pools
• Locations
• Calling search spaces
Deployment Guide for Cisco Spark Hybrid Call Services 45
Deploy Hybrid Call Service ConnectConfigure Remote Devices Automatically from the Call Connector
Note • For Cisco Spark-RDs, the CSS is used for outbound calls initiated by the Cisco Spark appto enterprise phones or the PSTN. The Rerouting CSS is used for inbound calls to theon-premise phones that are forked to the Cisco Collaboration Cloud.
• The calling search space must be able to route to the partition of the PSTN gateway ortrunk, and any other destinations that you want your Cisco Spark users to be able to reach(conference bridges, enterprise-to-enterprise trunks, and so on).
Step 4 Click Add to automatically create the Cisco Spark-RDs.
Manually Create a Cisco Spark Remote Device and Associateit with a Unified CM User
Every Hybrid Call Service Connect user requires a virtual device: a Cisco Spark remote device (recommendedoption) or a CTI remote device (interim option). This virtual device is attached to a user's work number andlinks the user's Cisco Spark account SIP identity to the enterprise SIP identity so that calls anchor on theUnified CM side or fork to the Cisco Spark cloud side. From a technical standpoint, the remote device masksoutbound calls from Cisco Spark and displays the user's work number for calls from the Cisco Spark app.Incoming calls also ring both the user's Cisco Spark app and desk phone.
Before You Begin
• Follow the remote device creation steps only if you didn't automatically create remote devices from theconnector on the Expressway-C connector host.
• A user can have multiple remote devices, but only one can be in the list of controlled devices for CiscoSpark purposes.
•Whether you manually or automatically create remote devices, Call Connector will automatically createthe remote destination, which contains the user's Cisco Spark SIP address.
Procedure
Step 1 From the Expressway-C connector host, go to Applications > Hybrid Services > Call Service > UnifiedCM Servers, and then the Cisco Unified Communications Manager node that you configured.
Step 2 For Cisco Spark Remote Device Configuration Type, chooseManual, and then click Save.Step 3 From Cisco Unified CM Administration, go to Device > Phone, then Add New, and then choose one:
• Cisco Spark Remote Device
• CTI Remote Device
Step 4 For Owner User ID, specify the user who you are configuring.The Device Name is automatically created after you choose the user account. If you see an error, you mayhave to manually shorten the device name.
Deployment Guide for Cisco Spark Hybrid Call Services46
Deploy Hybrid Call Service ConnectManually Create a Cisco Spark Remote Device and Associate it with a Unified CM User
Step 5 For line association, specify the user’s primary extension (the user’s shared line).Step 6 Ensure that the partition used by the SIP route pattern is listed in the remote device's rerouting calling search
space (CSS). The route from the remote device to the SIP trunk happens through the rerouting CSS.Use these documents to understand the settings that the remote device uses:
• Device pools
• Locations
• Calling search spaces
Note • For Cisco Spark-RDs, the CSS is used for outbound calls initiated by the Cisco Spark app toenterprise phones or the PSTN. The Rerouting CSS is used for inbound calls to the on-premisephones that are forked to the Cisco Collaboration Cloud.
• The calling search space must be able to route to the partition of the PSTN gateway or trunk,as well as any other destinations that you want Cisco Spark users to be able to reach (conferencebridges, enterprise-to-enterprise trunks, and so on).
Step 7 Save your changes.Step 8 From Cisco Unified CM Administration, go to User Management > End User, and then open the user's
account.Step 9 Under Device Information, click Device Association.Step 10 Specify any search criteria and click Find.Step 11 Check the remote device that you created, and then save your changes.
The remote device is associated to the user and is added to the controlled devices list. The Cisco Spark SIPaddress is automatically created as the remote destination.
Restart the Call Connector from the Expressway-CDisable and reenable the Call Connector, so that the connector captures Unified CM user and deviceconfiguration changes that you made while deploying Hybrid Call Services. During this restart cycle, theconnector creates a remote destination with the Cisco Spark SIP address on the Cisco Spark remote device.This address is associated with end user accounts and the corresponding Cisco Spark accounts. Toggle thissetting as a troubleshooting step if you experience any issues, too.
Procedure
Step 1 From Expressway-C, go toApplications >Hybrid Services >Call Service >Call Service Overview, changethe call connector status to Disabled, and then click Save.
Step 2 Change the status back to Enabled, and then save again.
Troubleshooting Tips
Later, you may need to make a change to Unified CM end users or devices. If you do this to fix a configurationerror, even if the call connector's "user validation test" passes for that user, you must restart call connector sothat it picks up the configuration change.
Deployment Guide for Cisco Spark Hybrid Call Services 47
Deploy Hybrid Call Service ConnectRestart the Call Connector from the Expressway-C
Configure the Expressway-E for Hybrid Call Service ConnectEnterprise calls are securely routed over the Expressway pair. If you want to reuse an existing pair, some ofthe required traversal configuration for Hybrid Call Service Connect may already be in place. However, readthe procedures that follow to ensure that Expressway-E and Expressway-C are correctly configured.
Procedure
PurposeCommand or Action
Your Expressway-E must trust the certificate issuer of theserver certificates that are passed by the server during the
Update the Expressway-E Trust Listwith Cisco Collaboration CloudCertificates, on page 49
Step 1
client/server SSL handshake with the Cisco CollaborationCloud. To establish this trust, you must add these certificatesto the trusted CA list on your Expressway-E.
Set up a mutual TLS port as part of establishing a trustedconnection between your on-premises and the cloud. From a
Perform one of the following tasks,depending on your configuration:
Step 2
technical standpoint, Hybrid Call Service Connect SIP uses• Configure Services and MutualTLS Authentication Between a
mutual TLS between the Expressway-E and CiscoCollaboration Cloud, so each side authenticates the other. This
New Expressway-E and the behavior requires valid and verifiable certificate and trustconfiguration on both sides.Cisco Collaboration Cloud, on
page 51
• Configure Services and MutualTLSAuthentication Between anExisting Expressway-E and theCisco Collaboration Cloud, onpage 53
TheDNS zone allows your Expressway-E to identify and routecalls between Cisco Unified Communications Manager and
Create a DNS Zone (Expressway-Eto Cisco Collaboration Cloud), onpage 54
Step 3
the Cisco Collaboration Cloud. The DNS zone is used becausea secure mutual TLS connection between the cloud andExpressway-E is required to map the appropriate domains.
Though Cisco Spark traffic can coexist on the same traversalzone with MRA or B2B, we recommend that you create
Configure a Secure Traversal ServerZone from Expressway-E toExpressway-C, on page 56
Step 4
separate zones: a traversal server zone on Expressway-E(specifically for handling Hybrid Call andMRA signaling andmedia) and a separate zone (for B2B only). That way, anysettings between the three services won't affect each other.
Search rules define how the Expressway routes calls (todestination zones) in specific call scenarios. When a search
Create Inbound and Outbound SearchRules on Expressway-E, on page 58
Step 5
rule is matched, the destination alias can bemodified accordingto the conditions defined in the search rule. Create search ruleson Expressway-E to:
Deployment Guide for Cisco Spark Hybrid Call Services48
Deploy Hybrid Call Service ConnectConfigure the Expressway-E for Hybrid Call Service Connect
PurposeCommand or Action
• Identify calls from the Cisco Collaboration Cloud androute down the traversal zone to Expressway-C.
• Identify calls from Cisco Unified CommunicationsManager and route through the DNS zone to CiscoCollaboration Cloud.
Update the Expressway-E Trust List with Cisco Collaboration Cloud CertificatesYour Expressway-E must trust the certificate issuer of the server certificates that are passed by the serverduring the client/server SSL handshake with the Cisco Collaboration Cloud. To establish this trust, you mustadd these certificates to the trusted CA list on your Expressway-E.
Before You Begin
If you don't have an existing Expressway pair deployed, read the following documents (Release X8.7 andlater) to design your new Expressway pair to work together:
• Cisco Expressway Installation Guides
• Cisco Expressway Basic Configuration Deployment Guide
• Cisco Expressway and CUCM via SIP Trunk Deployment Guide
• Cisco Expressway IP Port Usage for Firewall Traversal Deployment Guide
• If you're on release X8.7.1 or X8.9 and later:a) From Expressway-E, go to Applications > Cloud Certificate management.b) Click Get certificates for the cloud to automatically add and manage the certificates.
• If you're on a different release and don't see the Cloud Certificate management menu option:a) Sign into your Expressway-E.b) Add /fusioncerts to the end of the URL.c) Click Get certificates for the cloud to automatically add and manage the certificates.
• To verify the added certificates, go toMaintenance > Security certs > Trusted CA certificate to viewthe entries that were added.
Configure Call Processing Language Rules on Expressway-E (X8.9.1 and Later)If Expressway-C and Expressway-E run both Hybrid Call Service and mobile and remote access (MRA)traffic, but no business-to-business traffic, the system must reject any SIP message not generated by MRAendpoints or Cisco Spark Hybrid Services.
Expressway X8.9.1 and later let you create Call Processing Language (CPL) rules to mitigate fraudulent callattempts. We recommend deploying Expressway 8.9.1 or a later release for toll fraud mitigation.
Deployment Guide for Cisco Spark Hybrid Call Services 49
Deploy Hybrid Call Service ConnectUpdate the Expressway-E Trust List with Cisco Collaboration Cloud Certificates
If business-to-business traffic is not included in the same Expressway, and because this traffic enters fromthe default zone, the following CPL rule will prevent any fraudulent access to Expressway-E.
Procedure
Step 1 From Expressway-E, go to Configuration > Call Policy > Configuration, set Call Policy mode to LocalCPL, and then click Save.
Step 2 Go to Configuration > Call Policy > Rules, click New, and then Add Call Policy Rule.Step 3 Configure the following settings:
SettingField
From addressSource Type
Unauthenticated callersRule applies to
.*@example\.call\.ciscospark\.com.*, where example is yourcompany's subdomain.
Source pattern
.*Destination pattern
RejectAction
Step 4 Save your changes.Step 5 (Optional) In case TLS must be set toOn, or B2BUA must be engaged on Expressway-E for some unknown
reason, create the following CPL rule to block any TLS call from the Default Zone.This step is not needed if TLS is switched off.
a) From Expressway-E, go toConfiguration > Call Policy > Configuration, setCall Policy mode toLocalCPL, and then click Save.
b) From related tasks, go to Edit Call Policy rules.c) Configure the following settings:
SettingField
ZoneSource Type
Default ZoneOriginating Zone
.*Destination Pattern
RejectAction
d) Save your changes.
Deployment Guide for Cisco Spark Hybrid Call Services50
Deploy Hybrid Call Service ConnectConfigure Call Processing Language Rules on Expressway-E (X8.9.1 and Later)
Configure Services and Mutual TLS Authentication Between a NewExpressway-E and the Cisco Collaboration Cloud
If Expressway-C and Expressway-E are dedicated to Hybrid Call Service Connect, or more generally to Cloudservices using Mutual TLS only (such as Hybrid services and CMR Hybrid), you don't require H.323, SIPUDP, SIP TCP and SIP TLS on Expressway-E.
Before You Begin
• Update the Expressway-E Trust List with Cisco Collaboration Cloud Certificates, on page 49
• If you configured a DNS SRV as the SIP destination in Cisco Spark Control Hub (Activate Hybrid CallService Connect for Your Organization, on page 39), ensure that that value specifies the MTLS port.
Procedure
Step 1 From Expressway-E, go to Configuration > Protocols > H.323, and then set H.323 mode to Off, and thensave your changes.
Step 2 Go to Configuration > Protocols > SIP, and then configure these settings:ValueField Name
Configuration
OnSIP mode
OffUDP mode
5060UDP port
OffTCP mode
5060TCP port
OnTLS mode
5061TLS port
OnMutual TLS mode
5062Mutual TLS port
25000TCP outbound port start
29999TCP outbound port end
1800Session refresh interval (seconds)
Deployment Guide for Cisco Spark Hybrid Call Services 51
Deploy Hybrid Call Service ConnectConfigure Services and Mutual TLS Authentication Between a New Expressway-E and the Cisco Collaboration Cloud
ValueField Name
500Minimum session refresh interval(seconds)
5TLS handshake timeout (seconds)
Certificate revocation checking
OffCertificate revocation checkingmode
Registration controls
MaximumStandard registration refreshstrategy
45Standard registration refreshminimum (seconds)
60Standard registration refreshmaximum (seconds)
VariableOutbound registration refreshstrategy
300Outbound registration refreshminimum (seconds)
3600Outbound registration refreshmaximum (seconds)
OffSIP registration proxy mode
Authentication
OffDelegated credential checking
Advanced
32768SDP max size
10SIP TCP connect timeout
Step 3 Click Save.Step 4 Go to Configuration > Zones > Zones, and then click DefaultZone.Step 5 Configure the following fields:
Deployment Guide for Cisco Spark Hybrid Call Services52
Deploy Hybrid Call Service ConnectConfigure Services and Mutual TLS Authentication Between a New Expressway-E and the Cisco Collaboration Cloud
ValueField Name
Policy
Do not check credentialsAuthentication mode
SIP
AutoMedia encryption mode
OffICE support
OnMultistream mode
On
This setting enables mutual TLS (Mutual Transport Layer Security) onthe dedicated mutual TLS port 5062 on incoming connections throughthe Default Zone.
Enable Mutual TLS on DefaultZone
Step 6 Click Save.
Configure Services and Mutual TLS Authentication Between an ExistingExpressway-E and the Cisco Collaboration Cloud
Expressway-E can be shared betweenmobile and remote access, business-to-business (B2B), and Cisco Sparkhybrid media traffic. If Expressway is used for B2B traffic, turn off those services that are not needed. H.323is a signaling protocol that doesn't allow for encryption and should be switched off if it's not critical for thecompany. SIP UDP must be switched off for security reasons. This change won't affect the calling scenarios,because only SIP endpoints with IP dialing use SIP UDP. Endpoints that are involved with IP dialing aretypically H.323-based. SIP TCP should be switched off if it's not critical for the company.
Before You Begin
• Update the Expressway-E Trust List with Cisco Collaboration Cloud Certificates, on page 49
• If using a dedicated MTLS port, ensure that the DNS SRV in Cisco Spark Control Hub specifies thisMTLS port. (See Activate Hybrid Call Service Connect for Your Organization, on page 39.)
• You cannot use Hybrid Call Service Connect on an Expressway firewall traversal pair that is used forJabber Guest. In this case, set up a dedicated Expressway pair for Hybrid Call Service Connect.
Deployment Guide for Cisco Spark Hybrid Call Services 53
Deploy Hybrid Call Service ConnectConfigure Services and Mutual TLS Authentication Between an Existing Expressway-E and the Cisco Collaboration
Cloud
Procedure
Step 1 From Expressway-E, go to Configuration > Protocols > H.323, and then setH.323 mode toOff, unless thissetting is critical for your organization.
Step 2 Go to Configuration > Protocols > SIP, and then configure these settings:ValueField Name
OnSIP mode
OffUDP mode
Off, if possible. If this breaks services such as B2B, set it back to On.TCP mode
OnTLS mode
OnMutual TLS mode
5062Mutual TLS port
Step 3 Click Save.Step 4 Go to Configuration > Zones, and then click Default zone.Step 5 Set Enable Mutual TLS on Default Zone to Off.Step 6 Click Save.
Create a DNS Zone (Expressway-E to Cisco Collaboration Cloud)The DNS zone allows your Expressway-E to identify and route calls between Cisco Unified CommunicationsManager and the Cisco Collaboration Cloud. The DNS zone is used because a secure mutual TLS connectionbetween the cloud and Expressway-E is required to map the appropriate domains.
Before You Begin
• Configure Services and Mutual TLS Authentication Between a New Expressway-E and the CiscoCollaboration Cloud, on page 51
• Configure Services and Mutual TLS Authentication Between an Existing Expressway-E and the CiscoCollaboration Cloud, on page 53
Procedure
Step 1 From Expressway-E, navigate to Configuration > Zones > Zones and click New.Step 2 Configure the following settings and leave the defaults for any settings not mentioned:
Deployment Guide for Cisco Spark Hybrid Call Services54
Deploy Hybrid Call Service ConnectCreate a DNS Zone (Expressway-E to Cisco Collaboration Cloud)
ValueField Name
Configuration
Enter Spark hybrid DNS Zone, for example.Name
DNSType
15 (Default)Hop count
H.323
OffMode
SIP
OnMode
OnTLS verify mode
Enter callservice.ciscospark.com (This value matches the content ofthe security certificate presented by Cisco Collaboration Cloud duringTLS negotiation.)
Hybrid Call Service Connect calls are classified the same as MobileRemote Access (MRA), Business-To-Business (B2B) calls, and thecalls traverse existing Expressway C and E pairs.
• Calls that involve *.ciscospark.com in the route path do not counttowards the traversal license cost.
• Any B2B calls for a Cisco Spark app after anchoring on theCTI-RD/Cisco Spark-RD and then routing back out through theExpressways will consume traversal licenses.
TLS verify subject name
OnTLS verify inbound mapping
TLSFallback transport protocol
Force EncryptedMedia encryption mode
OffICE support
OnPreloaded SIP routes support
OnModify DNS Request
Enter callservice.ciscospark.comDomain to search for
Authentication
Deployment Guide for Cisco Spark Hybrid Call Services 55
Deploy Hybrid Call Service ConnectCreate a DNS Zone (Expressway-E to Cisco Collaboration Cloud)
ValueField Name
OnSIP authentication trust mode
Advanced
Off (Default)Include address record
Default (Default)Zone profile
Step 3 Click Create zone.
Configure a Secure Traversal Server Zone from Expressway-E to Expressway-CThough Cisco Spark traffic can coexist on the same traversal zone with MRA or B2B, we recommend thatyou create separate zones: a traversal server zone on Expressway-E (specifically for handling Hybrid Calland MRA signaling and media) and a separate zone (for B2B only). That way, any settings between the threeservices won't affect each other.
We recommend that you use the Unified Communications Traversal zone for B2B traffic only, and use asingle traversal zone to share hybrid and MRA traffic. If traversal zone optimization is not required, you cancreate three different traversal zones, one per traffic type.
Before You Begin
Create a DNS Zone (Expressway-E to Cisco Collaboration Cloud), on page 54
Procedure
Step 1 From Expressway-E, go to Configuration > Zones > Zones, and then click New.Step 2 Configure these settings:
ValueField
Configuration
Spark hybrid traversal serverName
Traversal serverType
15 (Default)Hop count
Connection credentials
Enter traversal, for example.Username
Deployment Guide for Cisco Spark Hybrid Call Services56
Deploy Hybrid Call Service ConnectConfigure a Secure Traversal Server Zone from Expressway-E to Expressway-C
ValueField
Go to Add/Edit Local authentication database, click New, entertraversal as the username, and then set a password. Click CreateCredentials, and then close the window.
Password
H.323
OffMode
Assent (Default)Protocol
6006 (Default)Port
Off (Default)H.460.19 demultiplexing mode
SIP
OnMode
7004 or any value in 7XXX range. (This value must match the portnumber that is configured on Expressway-C.)
Port
TLSTransport
OnTLS verify mode
Enter one of the SANs of an Expressway-C certificate. For a cluster,enter at least a common SAN shared between all Expressway-C clusterpeers.
TLS verify subject name
Force encryptedMedia encryption mode
Off (Default)ICE support
On (Default)Multistream mode
Off (Default)SIP poison mode
OnPreloaded SIP routes support
On
This parameter needs to be set to On for all zones on allExpressways that are involved in call routing to and from theenterprise.
Note
SIP parameter preservation
Deployment Guide for Cisco Spark Hybrid Call Services 57
Deploy Hybrid Call Service ConnectConfigure a Secure Traversal Server Zone from Expressway-E to Expressway-C
Step 3 Do not change settings under Authentication or UDP/TCP Probes.Step 4 Click Create zone.
What to Do Next
Create Inbound and Outbound Search Rules on Expressway-E, on page 58
Create Inbound and Outbound Search Rules on Expressway-ESearch rules define how the Expressway routes calls (to destination zones) in specific call scenarios. When asearch rule is matched, the destination alias can be modified according to the conditions defined in the searchrule. Create search rules on Expressway-E to:
• Identify calls from the Cisco Collaboration Cloud and route down the traversal zone to Expressway-C.
• Identify calls from Cisco Unified Communications Manager and route through the DNS zone to CiscoCollaboration Cloud.
Before You Begin
Configure a Secure Traversal Server Zone from Expressway-E to Expressway-C, on page 56
Procedure
Step 1 From Expressway-E, go to Configuration > Dial Plan > Search rules, and then click New.Step 2 Click New.
We're creating a rule to identify calls coming from Cisco Collaboration Cloud (through the DNS zone) androute them inwards (through the traversal zone) to Expressway-C.
Step 3 Configure the following settings:ValueField
Enter Spark Hybrid inbound calls, for example.Rule Name
Enter Route traffic from Spark Hybrid Cloud to UCM viaExpressway-C, for example.
Description
100 (Default)Priority
SIPProtocol
NamedSource
Spark hybrid DNS zone, for example. Choose the Cisco CollaborationCloud DNS zone from the drop-down list.
Source name
No (Default)Request must be authenticated
Deployment Guide for Cisco Spark Hybrid Call Services58
Deploy Hybrid Call Service ConnectCreate Inbound and Outbound Search Rules on Expressway-E
ValueField
StopOn successful match
Spark hybrid traversal server, for example. Choose the traversalserver zone (or Unified Communications traversal zone) that youmodified in the previous section.
Target
Enabled (Default)State
Step 4 Click Create search rule.Step 5 Click New.
We're creating a rule to identify calls coming from Cisco Unified Communications Manager (through thetraversal zone) and route them outwards (through the DNS zone) to Cisco Collaboration Cloud.
Step 6 Configure the following settings:ValueField
Enter Spark Hybrid outbound calls, for example.Name
EnterRoute traffic from Expressway-E to Spark Hybrid Cloud, forexample.
Description
100 (Default)Priority
SIPProtocol
NamedSource
Spark hybrid traversal server, for example. Choose the traversalserver zone (or Unified Communications traversal zone) that youmodified in the previous section.
Source name
No (Default)Request must be authenticated
Alias pattern matchMode
RegexPattern Type
.*@.*\.ciscospark\.comPattern string
LeavePattern behavior
Stop (Default)On successful match
Spark hybrid DNS zone, for example. Choose the Cisco CollaborationCloud DNS zone from the drop-down list.
Target
Deployment Guide for Cisco Spark Hybrid Call Services 59
Deploy Hybrid Call Service ConnectCreate Inbound and Outbound Search Rules on Expressway-E
ValueField
Enabled (Default)State
Step 7 Click Create search rule.
What to Do Next
Configure a Secure Traversal Client Zone From Expressway-C to Expressway-E, on page 61
Configure the Expressway-C for Hybrid Call Service ConnectBefore You Begin
Configure the Expressway-E for Hybrid Call Service Connect, on page 48
Procedure
PurposeCommand or Action
Create a dedicated traversal client zone on Expressway-C. Though CiscoSpark traffic can coexist on the same traversal zone with MRA or B2B,
Configure a SecureTraversal Client Zone From
Step 1
we recommend that you create a dedicated traversal client zone onExpressway-C toExpressway-E, on page 61 Expressway-C, specifically for handlingHybrid Call signaling andmedia.
That way, any settings for B2B orMRAwon't affect Cisco Spark traffic,and the other direction won't be affected either.
Configure neighbor zones for each Cisco Unified CommunicationsManager cluster to which you want to route:
Create an Expressway-CNeighbor Zone for eachUnified CM Cluster, onpage 63
Step 2
• Each zone can accommodate 6 peer addresses, which supports aCisco Unified Communications Manager cluster with 6 nodes.
• This neighbor zone must route to a Cisco Unified CommunicationsManager home cluster—the zone can route to an SME if the SMEis Unified CM 12.0(1).
• The exact port to use for each zone depends on the SIP trunksecurity profile that you configured on Cisco UnifiedCommunications Manager. If you have B2B or MRA configured,we recommend that you use 5561 for SIP TLS and 5560 for SIPTCP so that the new configuration doesn't interfere with yourexisting setup.
• Do not reuse any existing neighbor zones to Cisco UnifiedCommunications Manager for MRA.
Deployment Guide for Cisco Spark Hybrid Call Services60
Deploy Hybrid Call Service ConnectConfigure the Expressway-C for Hybrid Call Service Connect
PurposeCommand or Action
Search rules define how the Expressway routes calls (to destinationzones) in specific call scenarios. When a search rule is matched, the
Configure Search Rules onExpressway-C , on page66
Step 3
destination alias can be modified according to the conditions defined inthe search rule. Configure search rules on Expressway-C to route callsto the correct Unified Communications Manager cluster based on theroute header.
Configure a Secure Traversal Client Zone From Expressway-C to Expressway-ECreate a dedicated traversal client zone on Expressway-C. Though Cisco Spark traffic can coexist on the sametraversal zone with MRA or B2B, we recommend that you create a dedicated traversal client zone onExpressway-C, specifically for handling Hybrid Call signaling and media. That way, any settings for B2B orMRA won't affect Cisco Spark traffic, and the other direction won't be affected either.
Before You Begin
Create Inbound and Outbound Search Rules on Expressway-E, on page 58
Procedure
Step 1 From Expressway-C, go to Configuration > Zones > Zones, and then click New.Step 2 Configure these settings:
ValueField
Configuration
Spark Hybrid traversal client (for example)Name
Traversal clientType
15Hop Count
Connection credentials
traversalUsername
Enter the password that you created on the Expressway-E for thetraversal account.
Password
H.323
OffMode
SIP
Deployment Guide for Cisco Spark Hybrid Call Services 61
Deploy Hybrid Call Service ConnectConfigure a Secure Traversal Client Zone From Expressway-C to Expressway-E
ValueField
OnMode
7004 or any value in 7XXX range. (This value must match the portnumber that is configured on Expressway-E.)
Port
TLSTransport
OnTLS verify mode
DenyAccept proxied registrations
Force encryptedMedia encryption mode
OffICE support
OnMultistream mode
OffSIP poison mode
OnPreloaded SIP routes support
On (Enables this zone to process SIP INVITE requests that contain theroute header.)
This parameter needs to be set to On for all zones on allExpressways that are involved in call routing to and from theenterprise.
Note
SIP parameter preservation
Authentication
Check credentialsAuthentication policy
OffAccept delegated credential checks
Client settings
120Retry Interval
Location
Enter the Fully Qualified Domain Name (FQDN) of the traversal server.If you are using secure traversal, then this value must be either theCommon Name or one of the Subject Alternate Names on the traversalserver's certificate. IP addresses or hostnames are not recommended. Ifthe traversal server is a cluster of VCS Expressways, this is the FQDNof one of the peers in that cluster.
Peer 1-6 address
Deployment Guide for Cisco Spark Hybrid Call Services62
Deploy Hybrid Call Service ConnectConfigure a Secure Traversal Client Zone From Expressway-C to Expressway-E
Step 3 Click Create Zone.
What to Do Next
Create an Expressway-C Neighbor Zone for each Unified CM Cluster, on page 63
Create an Expressway-C Neighbor Zone for each Unified CM ClusterConfigure neighbor zones for each Cisco Unified Communications Manager cluster to which you want toroute:
• Each zone can accommodate 6 peer addresses, which supports a Cisco Unified CommunicationsManagercluster with 6 nodes.
• This neighbor zone must route to a Cisco Unified Communications Manager home cluster—the zonecan route to an SME if the SME is Unified CM 12.0(1).
• The exact port to use for each zone depends on the SIP trunk security profile that you configured onCisco Unified Communications Manager. If you have B2B or MRA configured, we recommend thatyou use 5561 for SIP TLS and 5560 for SIP TCP so that the new configuration doesn't interfere withyour existing setup.
• Do not reuse any existing neighbor zones to Cisco Unified Communications Manager for MRA.
Before You Begin
Configure a Secure Traversal Client Zone From Expressway-C to Expressway-E, on page 61
Procedure
Step 1 From Expressway-C, go to Configuration > Zones > Zones, and then click New. Create a zone for eachcluster.
Step 2 Configure these settings:ValueField
Configuration
UCM Neighbor for Cisco Spark (for example)Name
NeighborType
15Hop Count
H.323
OffMode
SIP
Deployment Guide for Cisco Spark Hybrid Call Services 63
Deploy Hybrid Call Service ConnectCreate an Expressway-C Neighbor Zone for each Unified CM Cluster
ValueField
OnMode
Enter the CiscoUnified CommunicationsManager listening port number,such as 5561.
If MRA is deployed, standard 5060 and 5061 ports are used as line-sideregistration. The configured port (5561) must match the listening portconfigured in the CommunicationsManager SIP Trunk Security Profile.Ports 5060 and 5061 can be used if MRA is not enabled.
Port
TCP is the default, but we recommend TLS for connectingExpressway-C to Unified CM. For a trunk that is enabled for SIP TLS,Unified CM does not need to be in mixed mode.
If you want to use TLS, see “Connecting Expressway to Unified CMUsing TLS” in the Cisco Expressway and CUCM via SIP TrunkDeployment Guide for your Expressway and Unified CM version.
Transport
On to verify the CallManager certificate for subsequent SIPcommunications.
TLS Verify Mode
AllowAccept proxied registrations
AutoMedia encryption mode
OffICE support
OnMultistream mode
OffPreloaded SIP routes support
Authentication
Do not check credentialsAuthentication policy
OffSIP authentication trust mode
Enter IP addresses or hostnames for each server in the 6 peer addressentries.
For TLS negotation, the peer address must match the CN name that isused in the Unified CM certificates; otherwise, TLS negotiation fails.
Peer 1-6 addresses
Step 3 Configure these fields for the zone profile:ValueField
Advanced
Deployment Guide for Cisco Spark Hybrid Call Services64
Deploy Hybrid Call Service ConnectCreate an Expressway-C Neighbor Zone for each Unified CM Cluster
ValueField
Custom, the zone profile to use for the supported version of UnifiedCM for hybrid calling.
Zone profile
YesMonitor peer status
AlwaysCall signaling routed mode
OffAutomatically respond to H.323searches
OffAutomatically respond to SIPsearches
OnSend empty INVITE forinterworked calls
On
This parameter needs to be set to On for all zones on allExpressways that are involved in call routing to and from theenterprise.
Note
SIP Parameter Preservation
OffSIP poison mode
AutoSIP encryption mode
ForwardSIP REFER mode
OffSIP multipart MIME strip mode
OffSIP UPDATE strip mode
OptionsInternetworking SIP search strategy
OffSIP UDP/BFCP filter mode
OffSIP UDP/IX filter mode
IPSIP record route address type
Leave this field blank.SIP Proxy-Require header strip list
Step 4 Click Create Zone.
What to Do Next
Configure Search Rules on Expressway-C , on page 66
Deployment Guide for Cisco Spark Hybrid Call Services 65
Deploy Hybrid Call Service ConnectCreate an Expressway-C Neighbor Zone for each Unified CM Cluster
Configure Search Rules on Expressway-CSearch rules define how the Expressway routes calls (to destination zones) in specific call scenarios. When asearch rule is matched, the destination alias can be modified according to the conditions defined in the searchrule. Configure search rules on Expressway-C to route calls to the correct Unified Communications Managercluster based on the route header.
Before You Begin
For the Expressway-E to Unified CM search rule, you need the cluster fully qualified domain name (FQDN)value that you configured in this procedure: Configure Cisco Unified Communications Manager Settings forHybrid Call Service Connect, on page 41.
Procedure
Step 1 Go to Configuration > Dial plan > Search rules .Step 2 Click New.
We're going to create a rule to identify calls coming from the Expressway-E (through the traversal zone) androute them inwards (through the neighbor zone) to Cisco Unified Communications Manager.
You'll need a rule for each Unified CM cluster that is trunked to the Expressway-C.
Step 3 Configure the following settings:ValueField
From Spark Hybrid Cloud to Unified CM via Expressway-E, forexample.
Rule Name
Route traffic from Expressway-C to Unified CM, for example.Description
60Priority
SIPProtocol
NamedSource
Choose Spark Hybrid Traversal client.Source name
NoRequest must be authenticated
Alias pattern matchMode
PrefixPattern type
Deployment Guide for Cisco Spark Hybrid Call Services66
Deploy Hybrid Call Service ConnectConfigure Search Rules on Expressway-C
ValueField
cluster1.example.com, for example. This is theCluster FullyQualifiedDomain Name enterprise parameter value for the Cisco UnifiedCommunications Manager cluster.
Add the other cluster FQDNs (cluster2.example.com,cluster3.example.com, and so on) for the corresponding Cisco UnifiedCommunications Manager neighbor zones that you need to create onthe Expressway-C.
Pattern string
Leave (The alias is not modified.)Pattern behavior
StopOn successful match
Choose the CiscoUnified CommunicationsManager neighbor zone—forexample, UCM Neighbor for Cisco Spark.
This setting will be different for each cluster; each cluster should haveits own neighbor zone.
Target
Step 4 Click Create search rule.Step 5 Click New.
We're going to create one rule to identify any calls (by Hybrid Calling users or Cisco Spark devices in a Place)arriving at Expressway-C that are destined for Cisco Spark, and route them outwards (through the traversalclient zone) to the Expressway-E
Step 6 Configure the following settings:ValueField
From Unified CM to Spark Hybrid Cloud via Expressway-E, forexample.
Rule Name
EnterRoute traffic fromUnified CM to Expressway-E, for example.Description
70Priority
SIPProtocol
NamedSource
UCM Neighbor for Cisco Spark, for example.Source name
NoRequest must be authenticated
Alias pattern matchMode
Regex (The string is treated as a regular expression.)Pattern type
.+@.*\.(room|call)\.ciscospark\.com.*Pattern string
Deployment Guide for Cisco Spark Hybrid Call Services 67
Deploy Hybrid Call Service ConnectConfigure Search Rules on Expressway-C
ValueField
Leave (The alias is not modified.)Pattern behavior
StopOn successful match
Spark Hybrid traversal clientTarget
EnabledState
Step 7 Click Create search rule.
Enable Hybrid Call Service Connect for Cisco Spark UsersUse this procedure to enable a small number of Cisco Spark users for Hybrid Call Service Connect. See Waysto Add and Manage Users in Your Cisco Spark Organization for other methods, such as using a bulk CSVtemplate or Active Directory synchronization through Cisco Directory Connector.
Before You Begin
• Cisco Spark users must already be assigned a paid license that provides them with core Cisco Sparkmessaging and meeting capabilities.
• You cannot enable the same user for both Hybrid Call Service and Cisco Spark Calling.
Procedure
Step 1 From https://admin.ciscospark.com, go to Users.Step 2 Choose a specific user from the list, or use the search to narrow the list, and then click the row to open an
overview of the user.Step 3 Click Edit, and then ensure that the user is assigned at least one paid service under Licensed Collaboration
Services. Make necessary changes, and then click Save.Step 4 In the user's overview under Hybrid Services, click Call Service, and then click the the Connect toggle ot
turn it on.Step 5 Click Save.
After you activate the service, the Cisco Spark user status changes from Pending Activation to Activated. Thelength of time for this change depends on the number of users that you're enabling for the service.
What to Do Next
On the user's overview, you can find this information:
• User status and history
Deployment Guide for Cisco Spark Hybrid Call Services68
Deploy Hybrid Call Service ConnectEnable Hybrid Call Service Connect for Cisco Spark Users
• Further details on status (Activation, errors, and so on)
• Cluster and node the user is hosted on
• Directory URI
• Primary DN
• Phone Number
• Unified CM FQDNs
Place Test Calls to Verify Hybrid Call Service ConnectConfiguration
Use this procedure to test Hybrid Call Service Connect call scenarios. These steps verify whether you correctlyconfigured Hybrid Call Service Connect and can help isolate any potential issues.
Calls are anchored through the caller's Unified Communications Manager. Any transformations and routingrules are applied exactly as if the call had been placed from a desk phone.
When dialing from Cisco Spark, use the same dial strings or prefixes as you do on your desk phone; CiscoSpark functions like any other desk phone registered to your Unified Communications Manager.
Before You Begin
• Enable Hybrid Call Service Connect for Cisco Spark Users, on page 68
• Restart the Call Connector from the Expressway-C, on page 47
• Unless otherwise stated, these steps assume that the person who initiates the test calls (you or anothertest user) is enabled for Hybrid Call Services (Aware and Connect).
• Open your Cisco Spark apps.
Procedure
Step 1 Place a call from your primary desk phone to another hybrid user's desk phone.If you configured the service correctly:
• For the called party, both the Cisco Spark app and desk phone ring.
• A space appears at the top of both of your lists in Cisco Spark.
• During the call, the screen sharing option (for desktop apps) and call duration appear.
•After the call ends, a record of the call appears under in your apps.
Step 2 Place a call from your Cisco Spark app to another hybrid user in one of the following ways.
• Search for the user in Cisco Spark, and from the space with that user, go to the activity menu , and
then choose Call .
Deployment Guide for Cisco Spark Hybrid Call Services 69
Deploy Hybrid Call Service ConnectPlace Test Calls to Verify Hybrid Call Service Connect Configuration
•From , enter the user's primary directory number or directory URI.
In all of these cases, the called party is notified on both the app and desk phone.
Step 3 Place a call from your desk phone to a user who is not configured for Hybrid Call Service Connect.
• If you configured the service correctly, a notice of the active call appears in the called party's app anddisappears when the call ends.
• If you call using a directory URI, the called user will see the on-premises directory URI, not the CiscoSpark SIP address.
What to Do Next
• If any of the above calls fail, double-check the configuration steps in the deployment documentationand see troubleshooting documentation for further guidance.
• If your configuration seems correct but you encounter unexpected behavior, see the known issuesdocumentation.
Related DocumentationSee the following documents for further information about Cisco Spark Hybrid Services, including how tomanage and troubleshoot your deployment:
Table 3: Related Documentation for Cisco Spark Hybrid Services
Links to DocumentationCategory
• Cisco Collaboration Preferred Architectures
• Add, Verify, and Claim Domains
• Requirements for Business-to-Business (B2B) Calls To and FromCisco Spark
• Network Requirements for Cisco Spark Services
• Cisco Spark SIP Addresses
Planning
• Manage Cisco Spark Hybrid Services Resources
• Call Connector Release Notes
• Resource Groups for Cisco Spark Hybrid Services
Management
Deployment Guide for Cisco Spark Hybrid Call Services70
Deploy Hybrid Call Service ConnectRelated Documentation
Links to DocumentationCategory
• Send Expressway Connector Logs to the Cloud
• Troubleshooting Guide for Cisco Spark Hybrid Call ServiceConnect
• Cisco Spark Hybrid Services and Connector Troubleshooting
Troubleshooting
If you're looking for something else, you can search https://collaborationhelp.cisco.com. You can also bookmarkhttps://www.cisco.com/go/hybrid-services.
Deployment Guide for Cisco Spark Hybrid Call Services 71
Deploy Hybrid Call Service ConnectRelated Documentation
Deployment Guide for Cisco Spark Hybrid Call Services72
Deploy Hybrid Call Service ConnectRelated Documentation
C H A P T E R 5Deploy Hybrid Call Service for Cisco SparkDevices
• Requirements for Hybrid Call Service for Cisco Spark Devices , page 73
• Hybrid Call Service for Cisco Spark Devices Task Flow, page 74
• Create a Directory Number for Cisco Spark Devices With Hybrid Call Service, page 76
• Create a Unified CM Account for Cisco Spark Devices with Hybrid Call Service, page 77
• Create an Automatic Cisco Spark Remote Device for Cisco Spark Devices with Hybrid Call Service,page 78
• Create a Manual Cisco Spark Remote Device for Cisco Spark Devices With Hybrid Call Service, page79
• Create a Place and Add Services for Cisco Spark Room Devices, page 80
• Add Services to an Existing Place, page 81
• Check Status of Cisco Spark Devices With Hybrid Call Service, page 82
• Activation Errors and Causes for Hybrid Call Service for Cisco Spark Devices , page 83
• Deactivate Hybrid Call Service from Cisco Spark Devices, page 84
Requirements for Hybrid Call Service for Cisco Spark Devices• Review the overview and benefits of the feature. (See Overview of Hybrid Call Service for Cisco SparkDevices, on page 3)
• A Cisco Spark organization with both Hybrid Call Services (Aware and Connect) already deployed. Seethese chapters for more information:
◦Prepare Your Environment, on page 5
◦Deploy Hybrid Call Service Aware, on page 23
◦Deploy Hybrid Call Service Connect, on page 35
Deployment Guide for Cisco Spark Hybrid Call Services 73
• A Expressway-C search rule with a *.room.ciscospark.com search pattern. (See Configure Search Ruleson Expressway-C , on page 66 for more information.)
• Supported Cisco Spark room and desk devices (including Cisco Spark Board)
• The Unified CM user account that'll represent the Place account must have a minimum Enhanced UCLlicense. (See Cisco Spark Remote Device Overview and License Requirements, on page 19 for moreinformation.)
• Aversion of Cisco Unified CommunicationsManager that supports Cisco Spark Remote Devices (CiscoSpark-RDs). (See Requirements for Hybrid Call Service, on page 5 for more information.) Thesedevices are associated with Unified CM accounts that represent Cisco Spark Places. You can use thecall connector to create the devices automatically.
Hybrid Call Service Connect for Places requires Cisco Spark-RDs. CTI-RDs are notsupported.
Note
• An Expressway traversal pair on release X8.9.2 or later
• Call Connector version 8.8-1.0.5789 or later. (See Call Connector Release Notes for more information.)
Hybrid Call Service for Cisco Spark Devices Task FlowThis task flow walks you through how to configure Unified CM settings for Cisco Spark devices and how toadd Hybrid Call Service to either a newly created Place with Cisco Spark devices or an existing Place withCisco Spark devices. A Place is configured in Cisco Spark Control Hub.
As you configure Hybrid Call Service Cisco Spark Devices, refer to this screenshot which shows the mappingof fields between Cisco Spark Control Hub (on the left) and Unified CM (on the right).
Deployment Guide for Cisco Spark Hybrid Call Services74
Deploy Hybrid Call Service for Cisco Spark DevicesHybrid Call Service for Cisco Spark Devices Task Flow
Figure 4: Field Mapping Between Cisco Spark Control Hub and Unified CM
Before You Begin
• Read the overview: Overview of Hybrid Call Service for Cisco Spark Devices, on page 3
• Complete the requirements: Requirements for Hybrid Call Service for Cisco Spark Devices , on page73
Procedure
PurposeCommand or Action
Use Cisco Unified CM Administration to configuredirectory numbers that you want to assign to room devices
Create a Directory Number for CiscoSpark DevicesWith Hybrid Call Service,on page 76
Step 1
in a place and assign directory URIs to the directorynumbers.
Cisco Spark devices in a place are registered to the cloud,but you can associate a number to them from an
Create a Unified CM Account for CiscoSpark Devices with Hybrid Call Service,on page 77
Step 2
on-premises Cisco Unified Communications Manager(Unified CM). You can use a Unified CM end user accountto represent a place. (The place contains CiscoSpark-registered devices in a physical location.)
This account is not tied to a real user. Instead, the accountstands in for the devices and provides a PSTN number orextension from the Unified CM dial pool to the devices inthe place.
Deployment Guide for Cisco Spark Hybrid Call Services 75
Deploy Hybrid Call Service for Cisco Spark DevicesHybrid Call Service for Cisco Spark Devices Task Flow
PurposeCommand or Action
Call Connector can automatically associate a Cisco SparkRemote Device (Cisco Spark-RD) and Cisco Spark SIP
Choose a method to create Cisco SparkRemote Devices:
Step 3
address to the user account that represents Cisco Spark• Create an Automatic Cisco SparkRemote Device for Cisco Spark
devices in a place. Or you may choose to create themmanually and assign them to this account, if you need to
Devices with Hybrid Call Service,on page 78
make granular changes to the settings for each CiscoSpark-RD. Behind the scenes, the Cisco Spark-RD tiestogether call activity in the cloud and the premises.• Create a Manual Cisco Spark
Remote Device for Cisco SparkDevicesWith Hybrid Call Service,on page 79
You can register shared Cisco Spark devices to the CiscoCollaboration Cloud. Whatever device you choose to add
Choose a method to add Hybrid CallService to Cisco Spark devices in a Place:
Step 4
to a place, the device is assigned to the place, not a user.That's the key advantage of this feature: shared usage.• Create a Place and Add Services for
Cisco Spark Room Devices, onpage 80 You can add Hybrid Call Service Connect to Cisco Spark
devices in a new place you create or an existing placeyou've already created.• Add Services to an Existing Place,
on page 81
Check Status of Cisco Spark DevicesWith Hybrid Call Service, on page 82
Step 5
Create a Directory Number for Cisco Spark Devices With HybridCall Service
Use Cisco Unified CM Administration to configure directory numbers that you want to later assign to CiscoSpark devices in a place. You'll also assign directory URIs to the directory numbers.
Procedure
Step 1 From Cisco Unified CMAdministration, go toCall Routing > Directory Number, and then clickAdd New.Step 2 For the place, enter a dialable Directory Number and choose the Route Partition the number belongs to.Step 3 In Description, Alerting Name, and ASCII Alerting Name, enter the name of the place.
The Alerting Name field is used to populate the display name (part of the line presentation) whenautocreating the Cisco Spark remote device (Cisco Spark-RD) for the place. If you'll create CiscoSpark-RDs automatically from the call connector, make sure that the Alerting Name and AlertingName ASCII values don't exceed 30 characters.
Note
Step 4 Choose a Calling Search Space.
Deployment Guide for Cisco Spark Hybrid Call Services76
Deploy Hybrid Call Service for Cisco Spark DevicesCreate a Directory Number for Cisco Spark Devices With Hybrid Call Service
A calling search space comprises a collection of partitions that are searched for numbers that are called fromthis directory number. The value that you choose applies to all devices that are using this directory number.
Step 5 Click Save, enter an address in Directory URI, and click Save again.Make sure the Directory URI matches the Directory URI on your enduser.
Note
Create a Unified CM Account for Cisco Spark Devices withHybrid Call Service
Even though the Cisco Spark devices are registered to the cloud, you can associate a number to them froman on-premises Cisco Unified Communications Manager (Unified CM). You can use a Unified CM end useraccount to represent the Cisco Spark devices in a place. The place contains Cisco Spark-registered devices ina physical location.
This account is not tied to a real user. Instead, the account stands in for the devices and provides a PSTNnumber or extension from the Unified CM dial pool to the devices in the place.
The call connector for your hybrid call environment associates the place with the account for the device. Theconnector identifies the Unified CM cluster that can service that particular place, assigns a directory numberand URI, and assigns a Cisco Spark SIP address. Behind the scenes, the Cisco Spark Remote Device (CiscoSpark-RD) ties together activity in the cloud and the premises.
Before You Begin
• The email address domain must be one of your verified domain entries in Cisco Spark Control Hub(https://admin.ciscospark.com). See Add, Verify, and Claim Domains.
• You require Hybrid Call Service Aware and Connect to be enabled for your organization, but you don'thave to enable the corresponding Cisco Spark user account for Hybrid Services in Cisco Spark ControlHub.
• Create an Automatic Cisco Spark Remote Device for Cisco Spark Devices with Hybrid Call Service,on page 78 on the Call Connector.
Procedure
Step 1 From Cisco Unified CM Administration, go to User Management > End Users, and then choose one:
• Specify any search criteria, click Find, and then open the existing account that you want to represent aplace.
• Click Add New to create a new account to represent a place.
Step 2 If creating a new account, enter a User ID and Last name.Because the account doesn't correspond to an actual user, you can enter values that identify the place, suchas a conference room location.
Step 3 Verify that the account has a valid Directory URI that contains the same domain as your organization.
Deployment Guide for Cisco Spark Hybrid Call Services 77
Deploy Hybrid Call Service for Cisco Spark DevicesCreate a Unified CM Account for Cisco Spark Devices with Hybrid Call Service
The Directory URI for the user must match the Directory URI for the directory number that you created forthe place. The Directory URI is a linkage into more details from the Unified CM.
Step 4 (Optional) If you want your users to see the external number of the place on the devices, enter the TelephoneNumber as the full E.164 number.This number will show up on your hybrid-enabled place. You could also use an internal number or extension.If you have multiple devices in the place, the directory number is assigned to all of them, like shared lines.From a technical standpoint, a call to this number is sent to the assigned Cisco Spark SIP address, which CiscoSpark forks to all the devices in the place.
Step 5 Verify thatMail ID contains a unique email address that you'll use for the place.The email address must be an exact match between both Cisco Spark and on-premises.
Use unique email accounts for each place. Do not use the same accountfor:
Caution
• Multiple Cisco Spark places
• A Cisco Spark user and a Cisco Spark place
Step 6 Under the service settings, check the Home Cluster checkbox.Configure this setting on the Cisco Unified Communications Manager where the account is homed.
Step 7 (Optional) If the user account has a device in the controlled list, set the primary extension to a directorynumber. Choose one that you want to provide to the devices in the place, and then save your changes.
If you are going to manually create Cisco Spark-RDs, do this step after you create the devices.Note
User accounts in Unified CM that represent Cisco Spark devices will not have voice mail services and shouldnot be configure with Call Forward Busy or Call Forward Not Available.
What to Do Next
Create a Manual Cisco Spark Remote Device for Cisco Spark Devices With Hybrid Call Service, on page79 on Unified CM, if you're not creating them automatically through the Call Connector.
Create an Automatic Cisco Spark Remote Device for Cisco SparkDevices with Hybrid Call Service
Call Connector can automatically create and associate Cisco Spark Remote Devices (Cisco Spark-RDs) andCisco Spark SIP addresses to user accounts that represent Cisco Spark devices in a Place. Behind the scenes,the Cisco Spark-RD ties together call activity in the cloud and the premises.
Procedure
Step 1 From the Expressway-C connector host, go to Applications > Hybrid Services > Call Service > UnifiedCM Servers, and then the Cisco Unified Communications Manager node that you configured.
Step 2 For Cisco Spark Remote Device Configuration Type, choose Automatic.
Deployment Guide for Cisco Spark Hybrid Call Services78
Deploy Hybrid Call Service for Cisco Spark DevicesCreate an Automatic Cisco Spark Remote Device for Cisco Spark Devices with Hybrid Call Service
Names for automatically created Cisco Spark-RDs are generated based on the Unified CM useraccount that is associated with a place. The resulting device names are limited to a maximum ofthe first 15 characters of the Unified CM user account name. If you observe any activation failuresbecause of duplicate names for the devices, use Cisco Unified CM Administration to manuallycreate a Cisco Spark-RD.
Caution
Step 3 Choose values from the prepopulated lists for theDevice Pool,Location,Calling Search Space, andRerouteCalling Search Space.For automatic creation, these settings are applied to all Cisco Spark-RDs. Read these documents to understandthe settings:
• Device pools
• Locations
• Calling search spacesThe calling search space must be able to route to the partition of the PSTN gateway or trunk,and any other destinations that you want the devices in a place to be able to reach (conferencebridges, enterprise-to-enterprise trunks, and so on).
Note
Step 4 Click Save to automatically create the Cisco Spark-RDs.
Create a Manual Cisco Spark Remote Device for Cisco SparkDevices With Hybrid Call Service
The Cisco Spark Remote Device (Cisco Spark-RD) is a virtual device that is attached to a user's work numberand links the user's Cisco Spark account SIP identity to the enterprise SIP identity so that calls anchor on theUnified CM side or fork to the Cisco Spark cloud side.
Procedure
Step 1 From the Expressway-C connector host, go to Applications > Hybrid Services > Call Service > UnifiedCM Servers, and then the Cisco Unified Communications Manager node that you configured.
Step 2 For Cisco Spark Remote Device Configuration Type, chooseManual, and then click Save.Step 3 FromCisco Unified CMAdministration, go toDevice > Phone, clickAddNew, and then chooseCisco Spark
Remote Device.Step 4 For Owner User ID, specify the user account for the place that you are configuring.
The Device Name is automatically created after you choose the user account. If you see an error, you mayhave to manually shorten the device name.
Step 5 For line association, specify the primary extension (the shared line).Step 6 Ensure that the partition used by the SIP route pattern is listed in the remote device's rerouting calling search
space (CSS). The route from the remote device to the SIP trunk happens through the rerouting CSS.Use these documents to understand the settings that the remote device uses:
• Device pools
Deployment Guide for Cisco Spark Hybrid Call Services 79
Deploy Hybrid Call Service for Cisco Spark DevicesCreate a Manual Cisco Spark Remote Device for Cisco Spark Devices With Hybrid Call Service
• Locations
• Calling search spaces
The calling search space must be able to route to the partition of the PSTN gateway or trunk, as well as anyother destinations that you want devices in the place to be able to reach (conference bridges,enterprise-to-enterprise trunks, and so on).
Step 7 Save your changes.Step 8 From Cisco Unified CM Administration, go to User Management > End User, and then reopen the user
account for the place.Step 9 Under Device Information, click Device Association.Step 10 Specify any search criteria and click Find.Step 11 Check the remote device that you created, and then save your changes.
The remote device is associated to the place user account and is added to the controlled devices list. The CiscoSpark SIP address is automatically created as the remote destination.
Step 12 If the user account has a device in the control list, set the primary extension to a directory number. Chooseone that you want to provide to the devices in the place, and then save your changes.
Create a Place and Add Services for Cisco Spark Room DevicesWhen people are at work, they get together in lots of places like lunch rooms, lobbies, and conference rooms.You can set up shared Cisco Spark devices in these places, add services, and then watch the collaborationhappen. Whatever device you choose to add to that place, the device is assigned to the place, not a user. Thekey advantage is shared usage.
Procedure
Step 1 From the customer view in https://admin.ciscospark.com, go to Places, and then click Add Place.Step 2 Enter a name for the place (such as the name of the physical room), and then click Next.Step 3 Choose Other Cisco device, and then click Next.
Only one type of device is supported in a single place. For example, you can add up to 10 desk phones or asingle Cisco Spark Room Device to a lobby, but not a combination of the two.
Step 4 Choose a call service to assign to devices in the place:
• Cisco Spark only (default) for Cisco Spark app and SIP address calling. Proceed to the last step.
• Cisco Spark + Cisco Spark Calling to add PSTN service through a cloud preferred media provider.Assign a phone number and extension to the device, and then click Next.
• Cisco Spark + Cisco Spark Hybrid Call Service Connect to use call service (PSTN access or internalextension access) through your on-premises call control. Unified CM provides the phone number orextension for the devices in the place.
Deployment Guide for Cisco Spark Hybrid Call Services80
Deploy Hybrid Call Service for Cisco Spark DevicesCreate a Place and Add Services for Cisco Spark Room Devices
The service discovers where the email address is located on a Unified CM cluster. Once discovered, theservice creates the Cisco Spark-RD and identifies the directory number and SIP URI associated withthe account.
Step 5 (Optional) Toggle on the calendar service so that people can use One Button to Push (OBTP) on this device,and then click Next.
Step 6 If you chose Hybrid Call Service Connect, enter the Unified CM mail ID for the account that you createdearlier, optionally choose theResource Group that the local Call Connector belongs to, and then clickDone.
Step 7 Enter or paste the email address of the calendar mailbox for this room device. This is the email address thatis used to schedule meetings.
Step 8 Click Next, and then activate the device by using the code provided.We recommend that you generate a second activation code from the Devices page after you add your deviceto a place. For more information, see Generate an Activation Code for a Device.
Places that you added Hybrid Call Service to may take approximately 5 to 10 minutes to activate while theemail address, directory URI, and directory number are discovered on a Cisco Unified CommunicationsManager cluster. After activation, the phone number is displayed on Cisco Spark devices in the hybrid-enabledPlace.
You must restart a Cisco Spark Board for the number to appear on thedevice.
Note
Add Services to an Existing PlaceIf you've already created a place, such as a lobby or lunch room, you can still add services, such as PSTN, tothe Cisco Spark room devices in that place.
Procedure
Step 1 From the customer view in https://admin.ciscospark.com, go to Places, and then choose the place that youwant to update.
Step 2 Click Edit, and then choose a call service for the place:
• Cisco Spark only (default) for Cisco Spark app and SIP address calling.
• Cisco Spark + Cisco Spark Calling to use Cisco Spark Calling to add PSTN service through a cloudpreferred media provider. Assign a phone number and extension to the device, and then click Next.
• Cisco Spark + Cisco Spark Hybrid Call Service Connect to use call service (PSTN access or internalextension access) through your on-premises call control. Unified CM provides the phone number orextension for the Cisco Spark devices in the place.
Deployment Guide for Cisco Spark Hybrid Call Services 81
Deploy Hybrid Call Service for Cisco Spark DevicesAdd Services to an Existing Place
The service discovers where the email address is located on a Unified CM cluster. Once discovered, theservice creates the Cisco Spark-RD and identifies the directory number and SIP URI associated withthe account.
Step 3 (Optional) Toggle on the calendar service so that people can use One Button to Push (OBTP) from their CiscoSpark devices, and then click Next.
Step 4 If you chose Hybrid Call Service Connect, enter the Unified CM mail ID for the account that you createdearlier, optionally choose the Resource Group that the local call connector belongs to, and then click Done.
Step 5 Enter or paste the email address of the room device. This is the email address that will be used to schedulemeetings.
Step 6 Click Save.Places with Hybrid Call Service may take approximately 5 to 10 minutes to activate while the email address,directory URI, and directory number are discovered on a Cisco Unified Communications Manager cluster.After activation, the phone number is displayed on room devices in the hybrid-enabled Place.
Check Status of Cisco Spark Devices With Hybrid Call ServiceBefore You Begin
You must wait over night after creating the new user on Unified CM for Cisco Spark devices added to a newplace. The call connector does a nightly synchronization to pick up these changes.
Procedure
Step 1 From the customer view in https://admin.ciscospark.com, go toDevices, and then search for any room devicesto which you added Cisco Spark + Cisco Spark Hybrid Call Service Connect (Hybrid).
Step 2 Click the room device name to view the Hybrid Call Service Connect activation status.Step 3 (Optional) If the status is Pending Activation for some time, click Launch Advanced Settings to open the
device's web interface, and then go toMaintenance > Restart to restart the device remotely.Step 4 Click the status indicator to change the mail ID, if needed. Click further to see the history.
What to Do Next
• Later, you may need to make a change to Unified CM end users or devices. If you do this to fix aconfiguration error, even if the call connector's "user validation test" passes for that user, you must goto the Expressway-C and restart call connector so that it picks up the configuration change.
• If there are issues with the device itself, you can report an issue, which creates a ticket and automaticallyattaches the device logs.
Deployment Guide for Cisco Spark Hybrid Call Services82
Deploy Hybrid Call Service for Cisco Spark DevicesCheck Status of Cisco Spark Devices With Hybrid Call Service
Activation Errors and Causes for Hybrid Call Service for CiscoSpark Devices
Table 4: Activation Errors and Causes for Hybrid Call Service for Cisco Spark Devices
SolutionCauseError
Upgrade Unified CM to a versionthat supports Cisco Spark RDs.
Unsupported Unified CM versionPlace Update Error: Cisco SparkRemote Devices not supported
Add the line specified in the enduser to the Cisco Spark RD.
Cisco Spark-RD associated withuser does not have a line
The Cisco Spark Remote Devicehas no configured DirectoryNumbers
Make sure that an end user with theemail address is configured inUnified CM. Also make sure thehome cluster is enabled on that useraccount.
No end user with the specifiedemail was found in Unified CM
Could not find a Place with thisEmail Address
Manually add the primary directorynumber.
The end user for a Place hasdevice(s) but no primary DN isconfigured. This is likely to happenwhen another device already existsin the end user account.
User is missing primary DirectoryNumber
This is generally possible whenthere are multiple lines associatedwith a Cisco Spark RD but theprimary directory number does notmatch the Directory URIconfigured in the end user account.
Directory URI configured for useris not found in the line
Primary Directory URI MismatchWith Directory URI of PrimaryLine
Missing Cisco Spark RD orappropriate routing to Cisco Sparkis not configured.
Associating Cisco Spark SIPAddress to Cisco Spark RD failed.
Unable to Add the User's CiscoSpark SIP Address
Verify in Unified CM that theprimary directory numberconfigured for the end user is atleast found in the user’s controlleddevices. This is likely when adevice (like a Conference Roomphone) is associated with the user
The primary directory numberspecified for the user is notprovisioned in any of the user'scontrolled devices
Primary Directory Number is notConfigured on User's ControlledDevices
Deployment Guide for Cisco Spark Hybrid Call Services 83
Deploy Hybrid Call Service for Cisco Spark DevicesActivation Errors and Causes for Hybrid Call Service for Cisco Spark Devices
Deactivate Hybrid Call Service from Cisco Spark DevicesUse this procedure to remove Hybrid Call Service Connect from the Cisco Spark devices in a Place and relatedconfiguration from Unified CM.
Procedure
Step 1 From the customer view in https://admin.ciscospark.com, go to Places, search for the hybrid place, and thenopen it.
Step 2 Next to Services, click Edit, choose Cisco Spark only (default), and then click Save.This step does not delete the place. It removes Hybrid Call Service Connect from the Cisco Spark devices inthe place and the Cisco Spark RD from Unified CM. Any devices in the remaining place can still support SIPdialing as well as pairing to the Cisco Spark app.
Deployment Guide for Cisco Spark Hybrid Call Services84
Deploy Hybrid Call Service for Cisco Spark DevicesDeactivate Hybrid Call Service from Cisco Spark Devices
C H A P T E R 6Troubleshoot Hybrid Call Services
• Troubleshoot with the Hybrid Connectivity Test Tool, page 85
• Alarms for Cisco SparkHybrid Call Service, page 87
• Cisco Spark Status Page, page 88
• Restart the Call Connector from the Expressway-C, page 88
• Mutual TLS and SIP Destination, page 88
• Test Calls, page 89
• Cisco Spark Control Hub and Expressway-C Connector Hosts, page 89
• Expressway Pair Configuration, page 90
• Unified CM Configuration, page 91
Troubleshoot with the Hybrid Connectivity Test ToolThis table lists common errors that may appear after you test a SIP destination address for Hybrid Call ServiceConnect. The table also provides some next steps for troubleshooting, including links to relevant details inthe Troubleshooting Guide for Cisco Spark Hybrid Call Service Connect.
More Information and Troubleshooting StepsKeywordError
DNSLookup failed. Check that a DNS or SRV recordexists for your SIP Destination and that it resolves toone or more valid IP addresses.
See Cisco Spark is unable to resolve theExpressway-E DNS SRV/hostname in thetroubleshooting guide for more information.
DNS SRVNo DNS addresses found
Deployment Guide for Cisco Spark Hybrid Call Services 85
More Information and Troubleshooting StepsKeywordError
Network and/or Mutual TLS connection timed out.Check network connectivity, connection speed,firewall configuration, andMutual TLS configuration.
See these sections of the troubleshooting guide formore information:
• Socket Failure: Port 5062 is Blocked Inboundto Expressway
• Socket Failure: Expressway-E is not Listeningon Port 5062
Socket failureConnection timed out
Mutual TLS Error: CheckMutual TLS configurationin both Expressway and admin.ciscospark.com, andthat Mutual TLS certificates are present and valid inboth locations.
See Mutual TLS Handshake Failures in thetroubleshooting guide for more information.
Mutual TLS handshakefailures
TLS failure
TCPConnection failure: Check network connectivity,connection speed, and/or firewall configuration.
See these sections of the troubleshooting guide formore information:
• Socket Failure: Port 5062 is Blocked Inboundto Expressway
• Socket Failure: Expressway-E is not Listeningon Port 5062
Socket failureConnect failure
TCP read/write failure: Please try again. If the errorpersists, check network connectivity, firewallconfiguration, and Mutual TLS configuration.
See these sections of the troubleshooting guide formore information:
• Socket Failure: Port 5062 is Blocked Inboundto Expressway
• Socket Failure: Expressway-E is not Listeningon Port 5062
Socket failureTCP read/write failure
Deployment Guide for Cisco Spark Hybrid Call Services86
Troubleshoot Hybrid Call ServicesTroubleshoot with the Hybrid Connectivity Test Tool
More Information and Troubleshooting StepsKeywordError
TCP failure: TCP read/write failure: Please try again.If the error persists, check network connectivity,firewall configuration, andMutual TLS configuration.
See these sections of the troubleshooting guide formore information:
• Socket Failure: Port 5062 is Blocked Inboundto Expressway
• Socket Failure: Expressway-E is not Listeningon Port 5062
Socket failureTCP Failure
Alarms for Cisco SparkHybrid Call ServiceDuring or after Cisco Spark Hybrid Call Service deployment, you may receive an error message in CiscoSpark Control Hub (and email, if you have alerts configured). Use this information to understand the issue,possible causes, and actions that you can take to correct the issue.
Lost Connectivity to Cisco Unified CM CTIManager Service
Possible Causes
• Certificate issues—A certificate on Unified CMwas updated but did not restart the applicable services.The CTI service and TFTP service should typically have started at or after the CallManager service.
• Application user account issues—The application user account in Unified CM is not configured withthe correct roles. Or the application user and credentials (gotten from Unified CM) were misconfiguredwhen entered for the Call Connector in Expressway-C .
• Network connectivity issues—CTIManager service may be running, but the network is preventing aconnection between the Unified CM and Call Connector.
Solutions
• Actions for certificate issues—If the Unified CM certificate for the node is signed after the start timeof the CTI and TFTP service, restart those services from Cisco Unified Serviceability to pick up the newcertificate. After the services are restarted, restart the Call Connector to reestablish connection with theCTI interface. See Start, Stop, and Restart Services in Control Center for guidance.
• Actions for application user account issues—Correct the roles or add them in Unified CM. SeeConfigure an Application Account for Call Connector for guidance.
• Actions for network connectivity issues—If the error persists, check network connectivity, firewallconfiguration, and Mutual TLS configuration. See the Troubleshooting Guide for Cisco Spark HybridCall Service Connect for guidance.
Deployment Guide for Cisco Spark Hybrid Call Services 87
Troubleshoot Hybrid Call ServicesAlarms for Cisco SparkHybrid Call Service
Cisco Spark Status PageIf calls from the Cisco Collaboration Cloud to your enterprise are not ringing on the enterprise side, walkthrough the points in this checklist to double-check your configuration.
Before you walk through these troubleshooting suggestions, see https://status.ciscospark.com for the latestinformation on any cloud outages. From that status page, you can also subscribe to notifications.
Related Topics
Sign Up for Cisco Spark Issue Notifications
Restart the Call Connector from the Expressway-CDisable and reenable the Call Connector, so that the connector captures Unified CM user and deviceconfiguration changes that you made while deploying Hybrid Call Services. During this restart cycle, theconnector creates a remote destination with the Cisco Spark SIP address on the Cisco Spark remote device.This address is associated with end user accounts and the corresponding Cisco Spark accounts. Toggle thissetting as a troubleshooting step if you experience any issues, too.
Procedure
Step 1 From Expressway-C, go toApplications >Hybrid Services >Call Service >Call Service Overview, changethe call connector status to Disabled, and then click Save.
Step 2 Change the status back to Enabled, and then save again.
Troubleshooting Tips
Later, you may need to make a change to Unified CM end users or devices. If you do this to fix a configurationerror, even if the call connector's "user validation test" passes for that user, you must restart call connector sothat it picks up the configuration change.
Mutual TLS and SIP DestinationCheck these troubleshooting points related to the mutual TLS connection and certificates:
• Install the Cisco Collaboration Cloud root certificate bundle on the Expressway-E.
• Configure a dedicated mutual TLS port on the Expressway-E.
• Configure a DNS zone for the cloud on the Expressway-E.
• Open the mutual TLS port number in your firewall—5062, which may not be open by default.
• Determine which root certificate option you are using in the Cisco Collaboration Cloud—The option isused to verify your Expressway-E's SIP TLS certificate.
Deployment Guide for Cisco Spark Hybrid Call Services88
Troubleshoot Hybrid Call ServicesCisco Spark Status Page
◦Default store—Is your Expressway-E certificate signed by one of the public authorities? If youare unsure, use the custom store option.
◦Custom store—Is your Expressway-E certificate or its signer installed in the cloud? Does thecertificate contain verified Expressway-E hostnames?
From the customer view in https://admin.ciscospark.com, go to Services > Hybrid Call > Settings. Checkthese points that are related to your SIP destination that you set during the deployment process:
• The value points at your Expressway-E dedicated mutual TLS port.
• Try to connect to the IP address:port. (Multiple addresses if you configured an SRV.)
• If you configured an IP address or hostname, specify the mutual TLS port.
• If you used an SRV, make sure that it is in the format _sips._tcp.<domain you put in as SIPDestination>.
• If you do not want to set up an SRV, you can enter IP address:port or hostname:port as yourorganization's SIP destination.
Test Calls• Try a test call between two Cisco Spark users in the same organization; for this test, we recommend thatboth callers be enabled for Hybrid Call Service Connect.
• If either of the users is configured for Cisco Spark calling, the call does not route to your environment.
• Try to route a call from the enterprise side to the cloud first. This test allows you to verify that mutualTLS is set up correctly without having Cisco Collaboration Cloud routing decisions in the equation.
Cisco Spark Control Hub and Expressway-C Connector Hosts
Youmust upgrade to the latest stable connector release as a prerequisite for technical support. See ConfigureAutomatic Software Upgrades for Cisco Spark Hybrid Services for guidance.
Note
• From the customer view in https://admin.ciscospark.com:
◦Check for warnings that are related to Hybrid Call Service configuration:
◦Go to Services on the settings page from the Hybrid Call card.
◦Go to Users on the individual user's Call Service settings page.
◦If you see user activation errors, run a user status report from Services > Hybrid Call > Editsettings > User Status Report.
• From the Expressway-C connector host, run the user validation check to identify any on-premises userconfiguration issues.
Deployment Guide for Cisco Spark Hybrid Call Services 89
Troubleshoot Hybrid Call ServicesTest Calls
• From the Expressway-C connector host, check the following items:
◦Cisco Unified Communications Manager connectivity under Applications > Hybrid Services >Call Service > Unified CM Servers.
◦Connectivity to the cloud and user status under Applications > Hybrid Services > Call Service> Call Connector Status
• Check for alarms on the Call Connector that are related to hybrid call service users or user activationunder Applications > Hybrid Services > Connector Management > Call Connector.
User activation status is not real time; toggling on the hybrid call services for users cantake up to six minutes to process.
Note
Related Topics
Check Your User Configuration for Hybrid Call Services, on page 31
Expressway Pair Configuration• For calls that route from Cisco Collaboration Cloud toward the enterprise, check the search history andnetwork logs on the Expressway-E. This step helps you isolate the problem to either the cloud or theenterprise.
• For calls between hybrid users in Cisco Spark that result in two call notifications on the called party’sapp: ensure that SIP Parameter Preservation is enabled on the Expressways. This setting is requiredto carry a parameter that Cisco Spark adds to the contact header and fixes the double-call issue.
• If you reuse an existing B2B zone and search rules, consider creating dedicated zones and search rulesinstead. This setup avoids interference with existing zone settings for B2B/MRA, avoids routing loops,and makes troubleshooting easier.
• Check the search history and network logs on the Expressway-E. Verify that the SIP INVITE from thecloud arrives at the Expressway-E and matches the DNS zone that you configured for the cloud.
◦If the SIP INVITE does not arrive or match the configured DNS zone, then follow the route of thecall toward the Cisco Unified Communications Manager. This step helps you find where the callis failing or lost.
◦See the mutual TLS troubleshooting checklist.
• Check the route header. Verify that it contains the cluster fully qualified domain name (FQDN) valuethat is configured under CiscoUnified CommunicationsManager enterprise settings and in the Expresswaysearch rules. See this example route header and highlighted cluster FQDN:
◦Route: <sip:[Obfuscated];transport=tls;lr>,<sip:myucmcluster.example.com;lr>
◦In this example, the home cluster FQDN ismyucmcluster.example.com.
◦The call connector takes that value from the cluster FQDN setting on that same Cisco UnifiedCommunications Manager, caches the value in the cloud, and uses it for every call that mustgo to that cluster.
Deployment Guide for Cisco Spark Hybrid Call Services90
Troubleshoot Hybrid Call ServicesExpressway Pair Configuration
• If a hybrid user calls a phone number from the Cisco Spark app, the cloud sends it to the Expresswayin the user=phone format as phonenumber@CFQDN;user=phone. The CFQDN in the route headerdetermines the path that the call takes from Expressway to Cisco Unified Communications Manager.Cisco Unified Communications Manager accepts the user=phone format and CFQDN as the domain.
Unified CM Configuration• User emails in Cisco Unified Communications Manager must exactly match the email (synchronizedfrom Active Directory or from any other source) in the Cisco Collaboration Cloud.
• User directory URIs must match any domains that you verified in your organization.
• Check your codec configuration. See this document for more information about codec configuration.Cisco Spark supports the following codecs:
◦Audio—G.711, G.722, AAC-LD
◦Video—H.264
We support G.729 when users join a a WebEx meeting, Personal Room meeting, orCisco Spark meeting from a SIP device. We do not support G.729 when a user dials 1:1from Cisco Spark to a SIP device or bridge.
Note
• On the home Cisco Unified Communications Manager cluster of the affected users, choose System >Enterprise Parameters; under Clusterwide Domain Configuration, check the cluster fully qualifieddomain name (FQDN) setting. The FQDN value that you used must follow these guidelines:
Description and ExampleFQDN Guideline
The entry must be unique for each cluster—For example,cluster1.example.com, cluster2.example.com, andso on.
Multiple clusters
Do not use entries such as *.example.com or example*.com.No wildcards
In a list of multiple entries, the Cisco Collaboration Cloud uses thefirst entry for Hybrid Call Service Connect, and that first entry mustnot contain a wildcard.
For example: cluster1.example.com *.example.com
example*.com
First FQDN entry for HybridCalling
Must be different from the Expressway-E system, DNS, and domainname. Otherwise, Expressway-E strips the route header.
Different from Expressway-E
Deployment Guide for Cisco Spark Hybrid Call Services 91
Troubleshoot Hybrid Call ServicesUnified CM Configuration
Description and ExampleFQDN Guideline
If your current FQDN entry in Unified CM doesn't meet therequirements listed above, you can add a new element to thebeginning of the cluster FQDN setting for Hybrid Call ServiceConnect
For example, if your existing FQDN setting in Cisco UnifiedCommunications Manager is *.example.com *.example.org, adda unique, non-wildcard entry at the beginning of the field:"cluster1.example.com *.example.com *.example.org"
New entry for Hybrid Calling
• If you call another Hybrid Call Service Connect user from Cisco Spark, the called user's app may ringonce then stop, or the call immediately drops after it's answered. To fix these symptoms, configure yourUnified CM SIP trunk for blended identity (Set Calling and Connected Party Info Format to DeliverURI and DN in connected party, if available). If this step was missed, the SIP trunk cannot transmitthe enterprise-side party’s directory URI to Cisco Spark. Use the procedure in the link below.
Related Topics
Configure Cisco Unified Communications Manager Settings for Hybrid Call Service Connect, on page41
Deployment Guide for Cisco Spark Hybrid Call Services92
Troubleshoot Hybrid Call ServicesUnified CM Configuration
C H A P T E R 7Known Issues with Hybrid Call Services
• Known Issues and Limitations with Hybrid Call Service Aware and Connect, page 93
• Known Issues and Limitations with Hybrid Call Service for Cisco Spark Devices, page 98
Known Issues and Limitations with Hybrid Call Service Awareand Connect
Hybrid Call Service Aware
Issues and WorkaroundsLimitations and ExceptionsExpected BehaviorUse Case
Deployment
—Each Expressway-C clustermust have a unique IP addressfor the master peer
Download and install CallConnector on Expressway-C
Register the Expressway-C tohost Call Connector
—Establish AXL and CTIconnections between CallConnector and Unified CM
Configure Call Connector
Unsecured SIP trunks betweenUnified CM and Expressway-Cmay result in duplicate entriesin Expressway call status andcall history list
Multiple secure SIP trunksbetween Unified CM andExpressway-C are not supportedby Unified CM
Calls to and from domaincall.ciscospark.com securelyrouted through theExpressway-C/E over publicInternet
Configure SIP connectionbetween Unified CM and CiscoSpark through Expressway-C/E
Deployment Guide for Cisco Spark Hybrid Call Services 93
Issues and WorkaroundsLimitations and ExceptionsExpected BehaviorUse Case
UC devices recently assignedto a user may not be discoveredby Call Connector:
•Wait overnight
• Restart Call Connector fornewly added or removeddevices
For newly added users, waitingovernight or restarting callconnector are workarounds.
Extension Mobility-only usersare not yet supported
Find user’s home cluster, assignuser to Call Connector, monitorlines and devices for calls
Enable User for Aware
Call Behavior
—• No space created forunanswered call
• No “Share” or “Join” forcall onnon-CTI-controllabledevice
• No “Share” or “Join” forSNR call
• Create or activate a spacein the People list
• “Share” available in bothusers’ Cisco Sparkdesktop app
• “Join” available in bothusers’Cisco Spark mobileapps
UC call established betweenAware users
—“Join” may create audiofeedback between Aware user’sUC device and Cisco Spark app
“Join” available in Aware user’sCisco Spark app
Call betweenAware user on UCdevice and user on Cisco Spark
Hybrid Call Service Connect
If you also have Mobile and Remote Access deployed, see Unsupported Expressway Features and Limitations.Issues and WorkaroundsLimitations and ExceptionsExpected BehaviorUse Case
Deployment
Deployment Guide for Cisco Spark Hybrid Call Services94
Known Issues with Hybrid Call ServicesKnown Issues and Limitations with Hybrid Call Service Aware and Connect
Issues and WorkaroundsLimitations and ExceptionsExpected BehaviorUse Case
User activation failure becauseof remote destinationURI beingtoo long:
• Upgrade Unified CM tofix CSCux74780
• Replace CTI-RD withCisco Spark-RD (mayrequire Unified CMupgrade)
A remote destination for hybridcall users (such [email protected])cannot be associated to both aCisco Spark-RD and RemoteDestination Profile at the sametime. Otherwise, the remotedevice fails to activate.
Names for automatically createdCTI-RDs and Cisco Spark-RDsare based on the Unified CMuser ID and are limited to amaximum of the first 15characters.
Use call connector to create aCTI remote device (CTI-RD) orCisco Spark remote device(Cisco Spark-RD), dependingon Unified CM release. Ormanually provision the remotedevice in Unified CM. Callconnector automatically addsthe remote destination URI(Cisco Spark SIP Address) inboth cases.
Enable User for Connect
Call Behavior
Deployment Guide for Cisco Spark Hybrid Call Services 95
Known Issues with Hybrid Call ServicesKnown Issues and Limitations with Hybrid Call Service Aware and Connect
Issues and WorkaroundsLimitations and ExceptionsExpected BehaviorUse Case
No video or share:
• ReplaceUnifiedCMMTPwith IOS MTP
• Configure IOS MTP forpassthrough
• IOSMTP upgrademay berequired for share
• Replace CTI-RD withCisco Spark-RD (mayrequire Unified CMupgrade)
No DTMF: Upgrade IOSgateway to fix CSCuz74156
Unified CM licensing out ofcompliance:
• Replace CTI-RD withCisco Spark-RD (mayrequire Unified CMupgrade)
• Request temporarylicensing (until requiredUnified CM upgrade isavailable
—Address is interpreted and callis routed by Connect user’sUnified CM
Call from Connect user’s CiscoSpark app to companyextension or PSTN number
Deployment Guide for Cisco Spark Hybrid Call Services96
Known Issues with Hybrid Call ServicesKnown Issues and Limitations with Hybrid Call Service Aware and Connect
Issues and WorkaroundsLimitations and ExceptionsExpected BehaviorUse Case
Call does not alert on Connectuser’s Cisco Spark app:
• Reset CTI RD
• Upgrade Unified CM tofix CSCvc21883
• Replace CTI RD byCiscoSpark RD (may requireUnified CM upgrade)
Call answered on UC devicemay be reported as missed onConnect user’s Cisco Spark appPersistent Call busy
• Upgrade Unified CM tofix CSCuy54870
• Replace CTI RD withCisco Spark RD (mayrequire Unified CMupgrade)
Call may be offered to Connectuser’s Jabber client or SNRRemote Destination on sameplatform as Cisco Spark app,with resulting conflicts
Calls from a Connect user’sCisco Spark app to a hunt groupare not offered to the CiscoSpark app of a hunt groupmember who is also a Connectuser.
Connect user’s UC devices maycontinue to alert after the call isdeclined on the Connect user’sCisco Spark app.
Notification and option to“Answer” on Connect user’sCisco Spark app
Call to Connect user’s UCdevice also offered to Connectuser’s Cisco Spark app
On mobile, users can preventCisco Spark calls from using thenative dialer by using thisprocedure.
If the option is set to disallowanswering on the lock screen,the user must always open theCisco Spark app to answer anin-app call.
The call that arrives first takespriority in the native dialer(whether or not the device is onthe lock screen). So if the CiscoSpark app call arrives first,there is no opportunity toanswer the SNR call on mobilevoice. If the SNR call arrivesfirst, the user can still answerthe Cisco Spark call, but onlyby first opening the app.
The call is offered to the user'smobile Cisco Spark app andmobile number at about thesame time.
Call to a Connect user who isconfigured for Single NumberReach (SNR).
——Hunt groups are not supportedA call from a Connect user'sCisco Spark app to a hunt groupdoes not alert the Cisco Sparkapp of a hunt group member.
——Not supportedCall from Connect user’s CiscoSpark app to IP address
Related Topics
Configure an IOS Media Termination Point for Hybrid Call Service Connect, on page 17
Deployment Guide for Cisco Spark Hybrid Call Services 97
Known Issues with Hybrid Call ServicesKnown Issues and Limitations with Hybrid Call Service Aware and Connect
Known Issues and Limitations with Hybrid Call Service for CiscoSpark Devices
• Names for automatically created Cisco Spark-RDs are generated based on the Unified CM user accountthat is associated with a place. The resulting device names are limited to a maximum of the first 15characters of the Unified CM user account name. If you observe any activation failures because ofduplicate names for the devices, use Cisco Unified CM Administration to manually create a CiscoSpark-RD and specify a device name.
• Call Connector immediately picks up new end user in Unified CM for activation. But any changes tothat user afterwards (because of a failed activation) requires deactivation and reactivation of the Place.
• Corporate Directory-based lookup on Cisco Spark RoomDevices and Cisco Spark Board is not available.
•When you configure Cisco Spark devices with Hybrid Call Service, you first configure a URI whilecreating your directory number. Then, when the place is activated, a second URI is created and assignedto the directory number. The new URI is the same as the original, but in a different partition. The endresult is that the directory number has two (almost identical) URIs configured in Unified CM.
• The Cisco Spark SIP address for Cisco Spark devices is generated from the Place name. If this name ischanged after you activate the devices with Hybrid Call Service, the remote destination (the Cisco SparkSIP address) on Unified CM is not updated. As a workaround, if the name is changed, deactivate andreactivate the Place.
Deployment Guide for Cisco Spark Hybrid Call Services98
Known Issues with Hybrid Call ServicesKnown Issues and Limitations with Hybrid Call Service for Cisco Spark Devices
A P P E N D I X ATool to Migrate CTI Remote Devices to CiscoSpark Remote Devices
You may have had to create CTI Remote Devices (CTI-RDs) as part of enabling your users for Hybrid CallService Connect. This device type has limitations, such as the need to insert IOS MTPs to handle DTMFinterworking and avoid audio-only calls.
Cisco Spark Remote Devices (Cisco Spark-RDs) are recommended to address the limitations in CTI-RDs,as documented in the Spark-RD overview section. If you already set up CTI-RDs that contain Cisco SparkSIP addresses as remote destinations for your users, you can automatically migrate the CTI-RDs to CiscoSpark-RDs using the Cisco Spark-RD migration tool on the Expressway-C that hosts the call connector.Whether you created the CTI-RDs manually or automatically, the tool will take care of the conversion.
We recommend that you schedule this migration activity outside of business hours. The migration won'tcause a service outage, but will briefly affect individual users while their remote device migration is takingplace.
• Migrate CTI-RDs to Cisco Spark-RDs, page 99
• Cancel Cisco Spark-RD Conversion, page 100
• Last Run Statuses for Migration Tool, page 101
• Troubleshoot CTI-RD to Cisco Spark-RD Migration, page 101
Migrate CTI-RDs to Cisco Spark-RDsConvert your users' CTI-RDs to Cisco Spark-RDs in one click. You can schedule the conversion during amaintenance window. As a guideline, converting devices for 5000 users can take up to 2 hours.
Before You Begin
• Make sure you're running a supported version of Unified CM, or the conversion tool won't appear inExpressway. See Requirements for Hybrid Call Service, on page 5.
• The migration tool only converts CTI-RDs if they have a remote destination and are associated withusers enabled for Hybrid Call Services. Each CTI-RD should only be associated with one "Cisco SparkClient" remote destination.
Deployment Guide for Cisco Spark Hybrid Call Services 99
• The tool assumes that the user's primary directory number is the only line associated with the CTI-RD.This line is the only directory number that will be associated with the Cisco Spark RD.
Procedure
Step 1 From Expressway-C, go to Applications > Hybrid Services > Call Service > Unified CM Servers, scrolltoCall Service Connect CTI Remote Device to SparkRemote Device Conversion, and then click ScheduleTime for Conversion.
Step 2 From the drop-downs, choose a date and time during which to schedule the device conversion, and then clickSchedule Spark Remote Device Conversion.During this operation, do not restart the call connector.
Caution • Avoid scheduling overlaps with call connector software upgrades, planned Unified CMupgrades, and any other maintenance activity.
• Do not schedule multiple Unified CM clusters for CTI-RD to Cisco Spark-RD migration atthe same time. For example, if cluster 1 is scheduled at 6 pm in your time zone, you shouldschedule cluster 2 for 7 pm, cluster 3 for 8 pm, and so on.
Step 3 When the scheduled conversion completes and you see a message that says the conversion is finished, clickView Conversion Results to view a report.The report shows the results of the conversion: whether it's finished, how long it took, how many devicesconverted successfully, and how many failed (with an explanation) if any.
After the conversion is completed, you do not need to restart the call connector.
• Migrated Cisco Spark-RDs are populated with the description “Automatically converted through SparkRemote Device Conversion Tool for user ID”. This overrides the existing description for the CTI-RD.
• Migrated Cisco Spark-RDs show Active Remote Destination as not set. This is normal and does notaffect the operation of Hybrid Call Services.
Cancel Cisco Spark-RD ConversionYou can cancel the CTI-RD migration if the tool's conversion process is taking too long or you decide youdon't want to do it at this time.
Procedure
During the conversion process, click Cancel Spark Remote Device Conversion.The tool completes conversion of any CTI-RDs in progress and then stops. The results page shows a LastRun Status of Cancelled, with the number of users processed so far.
Deployment Guide for Cisco Spark Hybrid Call Services100
Tool to Migrate CTI Remote Devices to Cisco Spark Remote DevicesCancel Cisco Spark-RD Conversion
Last Run Statuses for Migration ToolThese are the possible states for Last Run Status and what each one means:
Finished
The migration completed normally. Some or all CTI-RDs were migrated; any that failed are listed inthe Conversion Errors section.
Cancelled
Themigrationwas cancelled during the run. The Conversion Info lists the number of CTI-RDs processed.
Unsupported
The migration was attempted against a Unified CM that does not support Cisco Spark-RDs.
Aborted
The migration stopped because the number of CTI-RDs that failed to migrate exceeded 50 during therun. Review the conversion errors, address the actions, and reschedule the conversion.
Troubleshoot CTI-RD to Cisco Spark-RD MigrationLogs
Use the Diagnostic tools on the Expressway-C connector host to investigate a problem and submit the applicablelevel of logs as required.
Reports
After you run a conversion to Cisco Spark-RDs, a report is created and remains on the Expressway hostingthe call connector. Access these reports any time: from Expressway-C, go toApplications > Hybrid Services> Call Service > Unified CMServers, scroll toCall Service Connect CTI Remote Device to SparkRemoteDevice Conversion, , and then click View Conversion Results.
Error Messages
NoteActionError
—Manually reconfigure the SparkRemote Device for this user.
The user could not be recoveredfrom a previously failedconversion. The conversion toolwas unable to extract thepreviously deleted CTI RemoteDevice name from the temporarySpark Remote Device created inthe previous conversion. Theconversion tool could not create adevice with an automaticallygenerated name.
Deployment Guide for Cisco Spark Hybrid Call Services 101
Tool to Migrate CTI Remote Devices to Cisco Spark Remote DevicesLast Run Statuses for Migration Tool
NoteActionError
During the previous run, the tooldid not complete migration of theCTI-RD. During the current run,the CTI-RD was migrated to aCisco Spark-RD but the tool wasunable to use the correct devicename from the old CTI-RD.
Rename the User's Spark RemoteDevice if desired.
The user's CTI Remote Device wassuccessfully converted to a SparkRemote Device with anautomatically generated name. Theconversion tool was unable toextract the previously deleted CTIRemote Device name from thetemporary Spark Remote Devicecreated in the previous conversion.
Check if the user has a CiscoSpark-RD with a name startingwith “TMP_CONV” and rename itbefore attempting the conversionagain.
Reschedule conversion and tryagain
Could not create Spark RemoteDevice
Reschedule migration afterresolving the issue.
Enable mobility for enduserCould not create Spark RemoteDevice
Reschedule migration afterresolving the issue.
Set 'Auto Answer Off' for enduser'sprimary directory number
Could not create Spark RemoteDevice
—Resolve licence compliance issuesand try again
Could not create Spark RemoteDevice
If the problem recurs, go to https://admin.ciscospark.com, click youradmin username, and chooseFeedback to open a case forfurther investigation.
Reschedule conversion and tryagain
Could not create Spark RemoteDevice
—Reschedule conversion and tryagain
Could not rename newly createdSpark Remote Device
—Reschedule conversion and tryagain
Could not provision RemoteDestination for Spark RemoteDevice
—Unentitle and reentitile hybridservices for this end user
Could not recover Spark RemoteDevice with missing RemoteDestination
—Check network connectivity andtry again
Could not connect to AXL Service
Deployment Guide for Cisco Spark Hybrid Call Services102
Tool to Migrate CTI Remote Devices to Cisco Spark Remote DevicesTroubleshoot CTI-RD to Cisco Spark-RD Migration
Known Issues
CTI-RD with no Remote Destination
Possible Cause Users have a CTI-RD with no remote destination.
Solution To fix the configuration for these users, go to https://admin.ciscospark.com, click Users, openthe affected users, and then toggle Hybrid Call Services off and on again.
Deployment Guide for Cisco Spark Hybrid Call Services 103
Tool to Migrate CTI Remote Devices to Cisco Spark Remote DevicesTroubleshoot CTI-RD to Cisco Spark-RD Migration
Deployment Guide for Cisco Spark Hybrid Call Services104
Tool to Migrate CTI Remote Devices to Cisco Spark Remote DevicesTroubleshoot CTI-RD to Cisco Spark-RD Migration
A P P E N D I X BBulk Configure Unified CM Users and CiscoSpark Remote Devices for Hybrid Call ServiceConnect
• Bulk Configure Unifed CM Users and Remote Devices Task Flow, page 105
• Enable Users for Mobility, page 106
• Export Your User List, page 107
• Edit Your User List, page 107
• Create the Remote Device File Format, page 108
• Edit the New File Template, page 109
• Create a Remote Device Template, page 110
• Upload Your Remote Device Template File, page 110
• Insert the Remote Device Entries, page 111
• Check the Status of Your Bulk Job, page 111
Bulk Configure Unifed CM Users and Remote Devices Task FlowFollow this task flow if you want to use the Bulk Administration Tool to configure your users and Cisco Sparkremote devices (recommended) or CTI remote devices (interim solution) in bulk.
Hybrid Call Service Connect requires that you configure your on-premises users with remote devices, whichare virtual devices. After you create these virtual devices, the Cisco Collaboration Cloud automatically createsa Cisco Spark SIP address as the remote destination. These components allow for the same outgoing callsfrom a desk phone and Cisco Spark app, and incoming calls to ring both the device and the app of the calledparty.
Before You Begin
Cisco Spark remote devices (Cisco Spark-RDs) are strongly recommended for your hybrid deployment becausethey do not require a license or MTP insertion, and contain further bug fixes. To use this option, you must
Deployment Guide for Cisco Spark Hybrid Call Services 105
use Unified CM 10.5(2)SU5, 11.0(1a)SU3, 11.5(1)SU3, or 12.0(1). For unsupported releases, the CTI-RD isused instead, which requires a license and insertion of an MTP. For manual and automatic creation on asupported release, you must use Cisco Spark-RDs for new activations. CTI-RDs created with an earlier releasewill continue to work until they are migrated to Cisco Spark-RDs.
Procedure
PurposeCommand or Action
Before exporting your user list, ensure that all users in yourcluster are enabled for mobility. This step ensures that their
Enable Users for Mobility, onpage 106
Step 1
CTI remote devices work correctly. This step is not requiredfor Cisco Spark remote devices.
Extract your user data as a text file.Export Your User List, on page107
Step 2
Modify the user information in your file so that the attributesare correct before you upload the file to your publisher node.
Edit Your User List, on page 107Step 3
These steps walk through prompts that you would see inMicrosoft Excel; other spreadsheet programs may vary.
Prepare a new template file. This file contains the commonconfiguration for the remote devices for your users.
Create the Remote Device FileFormat, on page 108
Step 4
Combine your user IDs from the users file with primaryextensions in the template file and create a comma separatedvalue (csv) file.
Edit the New File Template, onpage 109
Step 5
Create a template for all remote devices that you associatewith users. Like the user bulk settings, this template helpsyou specify universal settings for the remote devices.
Create a Remote DeviceTemplate, on page 110
Step 6
Upload your csv file so it is ready to be applied to yoursystem.
Upload Your Remote DeviceTemplate File, on page 110
Step 7
Update the phone specific details so that the remote deviceinformation is added to your system in bulk.
Insert the Remote Device Entries,on page 111
Step 8
If needed, check the status of your bulk configuration.Whenyour system refreshes, you can see whether the job succeededor failed.
Check the Status of Your BulkJob, on page 111
Step 9
Enable Users for MobilityBefore exporting your user list, ensure that all users in your cluster are enabled for mobility. This step ensuresthat their CTI remote devices work correctly. This step is not required for Cisco Spark remote devices.
Deployment Guide for Cisco Spark Hybrid Call Services106
Bulk Configure Unified CM Users and Cisco Spark Remote Devices for Hybrid Call Service ConnectEnable Users for Mobility
Procedure
Step 1 From Cisco Unified CM Administration, go to Bulk Administration > Users > Update Users > Query,click Find to show a list of users in the cluster, and then click Next.
Step 2 On the Update Users Configuration window, check both check boxes next to Enable MobilityStep 3 Schedule your bulk job to either run immediately or at a later time, and then click Submit.
What to Do Next
Export Your User List, on page 107
Export Your User ListExtract your user data as a text file.
Before You Begin
Enable Users for Mobility, on page 106
Procedure
Step 1 From Cisco Unified CM Administration, go to Bulk Administration > Users > Export Users, choose FindAll, and then click Next
Step 2 Enter a filename and then choose All User Format.Step 3 Run the export job.Step 4 After the job is complete, choose Bulk Administration > Upload/Download Files.Step 5 Find the file that your system created and then download it to your desktop.
What to Do Next
Edit Your User List, on page 107
Edit Your User ListModify the user information in your file so that the attributes are correct before you upload the file to yourpublisher node. These steps walk through prompts that you would see in Microsoft Excel; other spreadsheetprograms may vary.
Before You Begin
Export Your User List, on page 107
Deployment Guide for Cisco Spark Hybrid Call Services 107
Bulk Configure Unified CM Users and Cisco Spark Remote Devices for Hybrid Call Service ConnectExport Your User List
Procedure
Step 1 In your spreadsheet application, open your user list text file. At the prompt, chooseDelimited and then specifyyour delimiter as Comma. Select Finish.
Step 2 Highlight the primary extension column, go to the data tab, and select Sort. If prompted, expand the selection.Step 3 With the file sorted by primary extension, highlight all the rows without a primary extension and delete those
rows.Step 4 Delete all columns except First Name, Last Name, User ID, and Primary Extension.Step 5 The primary extensions are in the format xxxxxxxx in <Partition>. Copy this value into a new
column but omit thein <partition> characters. This new columnmust contain only the primary extension.Step 6 Save your file and give it a meaningful name, such as UserList.
What to Do Next
Create the Remote Device File Format, on page 108
Create the Remote Device File FormatPrepare a new template file. This file contains the common configuration for the remote devices for yourusers.
Before You Begin
Edit Your User List, on page 107
Procedure
Step 1 Configure a single CTI or Cisco Spark remote device for one user, if this device doesn't yet exist. This entryserves as a template for the other remote devices that you'll use the Bulk Administration Tool to create.You can use any device name youwant. For this configuration, we recommend that you use SparkRD<userid>.
Step 2 From Cisco Unified CM Administration, navigate to Bulk Administration > Phones > Phone File Format> Create File Format.
Step 3 Create a new file format named SparkRD and add the following fields:
• Device fields
◦CSS
◦CSS Reroute
◦Description
◦Device Name
◦Device Pool
◦Location
Deployment Guide for Cisco Spark Hybrid Call Services108
Bulk Configure Unified CM Users and Cisco Spark Remote Devices for Hybrid Call Service ConnectCreate the Remote Device File Format
◦Mobility User ID
◦Owner User ID
◦Rerouting Calling Search Space
◦User ID
• Line fields
◦Alerting Name
◦ASCII Alerting Name
◦ASCII Display
◦Display
◦Directory Number
◦External Phone Number Mask
◦Line CSS
◦Line Description
◦Line Text Label
◦Maximum Number of Calls
◦Route Partition
◦Voice Mail Profile
Step 4 Enter 1 for theMaximum Number of Lines.Step 5 Click Save.Step 6 Navigate to Bulk Administration > Phones > Export Phones > Specific Details.Step 7 Search for phones with the device type CTI Remote Device or Spark Remote Device to find the entry that
you created, for example, SparkRD<userid>.Step 8 Click Next, and then using the file format SparkRD, run the job.Step 9 After the job finishes, choose Bulk Administration > Upload/Download Files and then find the text file that
you just created. Download it to your desktop and give it a meaningful name such asSparkRD-fileformat.
What to Do Next
Edit the New File Template, on page 109
Edit the New File TemplateCombine your user IDs from the users file with primary extensions in the template file and create a commaseparated value (csv) file.
Deployment Guide for Cisco Spark Hybrid Call Services 109
Bulk Configure Unified CM Users and Cisco Spark Remote Devices for Hybrid Call Service ConnectEdit the New File Template
Procedure
Step 1 In Microsoft Excel, open the SparkRD file format file. At the prompt, choose Delimited and then specifyyour delimiter as Comma.
Step 2 Select Finish.Step 3 Open your modified user list file.Step 4 Copy your list of user IDs from the users file into the User ID column of the file format spreadsheet. Then
copy the new list of Primary Extensions into the Directory Number 1 column.Step 5 Using theUser ID column, populate theDeviceName columnwith SparkRD<userid>. Populate the remaining
columns with data that is specific to your cluster; use the data in the original CTI remote device as a guide.Step 6 Populate theMaximum Number of Calls column with the value 4.Step 7 Save the resulting file in the comma separated value (.csv) format.
Create a Remote Device TemplateCreate a template for all remote devices that you associate with users. Like the user bulk settings, this templatehelps you specify universal settings for the remote devices.
Before You Begin
Edit the New File Template, on page 109
Procedure
Step 1 From Cisco Unified CM Administration, choose Bulk Administration > Phones > Phone Template.Step 2 Select Add New.Step 3 Select the phone type CTI Remote Device or Cisco Spark Remote Device.Step 4 Leave the owner user ID as Not Selected in the template.Step 5 Name the new template SparkRD Call, enter a description, and then click Save.Step 6 Choose a Device Pool and Location, leave the other settings with their default values, and then click SaveStep 7 Choose Line 1. Name the Line Template SparkRD CallStep 8 Place the template in the appropriate Route Partition. Leave the other fields with their default values, and then
click Save.
What to Do Next
Upload Your Remote Device Template File, on page 110
Upload Your Remote Device Template FileUpload your csv file so it is ready to be applied to your system.
Deployment Guide for Cisco Spark Hybrid Call Services110
Bulk Configure Unified CM Users and Cisco Spark Remote Devices for Hybrid Call Service ConnectCreate a Remote Device Template
Before You Begin
Create a Remote Device Template, on page 110
Procedure
Step 1 FromCisco Unified CMAdministration, chooseBulkAdministration >Upload/Download Files, and selectAdd New.
Step 2 Browse to the SparkRD template file that you created earlier. Set the target to Phones and set the TransactionType to Insert Phones - Specific Details.
Step 3 Select Save.
What to Do Next
Insert the Remote Device Entries, on page 111
Insert the Remote Device EntriesUpdate the phone specific details so that the remote device information is added to your system in bulk.
Before You Begin
Upload Your Remote Device Template File, on page 110
Procedure
Step 1 From Cisco Unified CM Administration, choose Bulk Administration > Phones > Insert Phones.Step 2 Select Insert Phone Specific Details.Step 3 For File Name, select the csv file that you uploaded.Step 4 For Phone Template Name, select the CTI-RD or Cisco Spark-RD template that you created.Step 5 Select Run Immediately to run this job now or Run Later to schedule the job to run at a more convenient
time.Step 6 (Optional) Enter a job description to identify the job.Step 7 Select Submit.
What to Do Next
Check the Status of Your Bulk Job, on page 111
Check the Status of Your Bulk JobIf needed, check the status of your bulk configuration. When your system refreshes, you can see whether thejob succeeded or failed.
Deployment Guide for Cisco Spark Hybrid Call Services 111
Bulk Configure Unified CM Users and Cisco Spark Remote Devices for Hybrid Call Service ConnectInsert the Remote Device Entries
Before You Begin
Insert the Remote Device Entries, on page 111
Procedure
Step 1 From Cisco Unified CM Administration, choose Bulk Administration > Job Scheduler.Step 2 Select Find to show the status of the bulk job that you scheduled.
What to Do Next
Return to the deployment steps in “Deploy Hybrid Call Service Connect” and configure the Expressway pair.
Deployment Guide for Cisco Spark Hybrid Call Services112
Bulk Configure Unified CM Users and Cisco Spark Remote Devices for Hybrid Call Service ConnectCheck the Status of Your Bulk Job
A P P E N D I X CImportant Items for Cisco Spark Hybrid ServicesDeployments
• Important Items for Your Cisco Spark Hybrid Services Deployment, page 113
• TCP Port 5062 on the Internet Firewall, page 113
• Why the Cloud Checks Domain Ownership, page 117
• Supported Certificate Authorities , page 119
Important Items for Your Cisco Spark Hybrid ServicesDeployment
This section provides added context about key configuration items that relate to Cisco Spark Hybrid Services.
These points are crucial if you want to successfully deploy Expressway-hosted Cisco Spark Hybrid Services,such as Hybrid Call Service Aware/Connect and Hybrid Calendar Service. We've highlighted these items inparticular for the following reasons:
•We want to explain them, so that you understand their role in a hybrid deployment and feel reassured.
• They aremandatory prerequisites that ensure a secure deployment between our cloud and your on-premisesenvironment.
• They should be treated as pre-day zero activities: they can take a bit longer to complete than typicalconfiguration in a user interface, so allow a timeframe to get these items sorted.
• After these items are addressed in your environment, the rest of your Cisco Spark Hybrid Servicesconfiguration will go smoothly.
TCP Port 5062 on the Internet FirewallThe Expressway-C and Expressway-E pair deployment allows calls to and from the Internet using firewalltraversal technologies. This deployment is what securely takes your on-premises call control and ties it in toCisco Spark through the Cisco Collaboration Cloud.
Deployment Guide for Cisco Spark Hybrid Call Services 113
The Expressway-C and Expressway-E don't require any inbound port to be opened in the demilitarized zone(DMZ) firewall because of the firewall traversal architecture. But TCP SIP signaling ports and UDP mediaports must be opened inbound on the Internet firewall to let incoming calls come through. You must allowtime to have the appropriate port opened on your enterprise firewall.
The firewall traversal architecture is shown in the following diagram:
For example, for inbound business-to-business (B2B) calls using SIP protocol, TCP ports 5060 and 5061(5061 is used for SIP TLS) must be opened on the external firewall, together with UDP media ports used forservices such as voice, video, content sharing, dual video, and so on. Which media ports to open depends onthe number of concurrent calls and the number of services.
You can configure the SIP listening port on Expressway to be any value between 1024 to 65534. At the sametime, this value and the protocol type must be advertised in the public DNS SRV records, and that same valuemust be opened on the Internet firewall.
Though the standard for SIP TCP is 5060 and for SIP TLS 5061, nothing prevents use of different ports, asthe following example shows.
Deployment Guide for Cisco Spark Hybrid Call Services114
Important Items for Cisco Spark Hybrid Services DeploymentsTCP Port 5062 on the Internet Firewall
Example
In this example, we assume that port 5062 is used for inbound SIP TLS calls.
The DNS SRV record for a cluster of two Expressway servers looks like this:
_sips._tcp.example.com SRV service location:
priority = 10
weight = 10
port = 5062
svr hostname = us-expe1.example.com
_sips._tcp.example.com SRV service location:
priority = 10
weight = 10
port = 5062
svr hostname = us-expe2.example.com
These records mean that calls are directed to us-expe1.example.com and us-expe2.example.comwithequal load sharing (priority and weight) using TLS as the transport type and 5062 as the listening portnumber.
A device that is external to the network (on the Internet) and that makes a SIP call to a user of the corporatedomain ([email protected])must query the DNS to understand which transport type to use, the port number,how to load-share the traffic, and which SIP servers to send the call to.
If the DNS entry includes _sips._tcp, the entry specifies SIP TLS.
TLS is a client-server protocol and, in the most common implementations, uses certificates for authentication.In a business-to-business call scenario, the TLS client is the calling device, and the TLS server is the calleddevice.With TLS, the client checks the certificate of the server, and if the certificate check fails, it disconnectsthe call. The client doesn't need a certificate.
TLS handshake is shown in the following diagram:
Deployment Guide for Cisco Spark Hybrid Call Services 115
Important Items for Cisco Spark Hybrid Services DeploymentsTCP Port 5062 on the Internet Firewall
However, the TLS specification states that the server can also check the client certificate by sending a CertificateRequest message to the client during TLS handshake protocol. This message is helpful on a server-to-serverconnection, such as on call that is established between Expressway-E and the Cisco Collaboration Cloud.This concept is called TLS with mutual authentication and is required when integrating with Cisco Spark.
Both the calling and called parties check the certificate of the other peer, as the following diagram shows:
The cloud checks the Expressway identity, and Expressway checks the cloud identity. For example, if thecloud identity in the certificate (CN or SAN) doesn't match what's configured on Expressway, the connectionis dropped.
If mutual authentication is turned on, Expressway-E always requests the client certificate. As a result, Mobileand Remote Access (MRA) won't work, because in most cases certificates are not deployed on Jabber clients.In a business-to-business scenario, if the calling entity is not able to provide a certificate, the call is disconnected.
We recommend that you use a value other than 5061 for TLS with mutual authentication, such as port 5062.Cisco Spark Hybrid Services use the same SIP TLS record used for B2B. In the case of port 5061, some otherservices that cannot provide a TLS client certificate won't work.
Deployment Guide for Cisco Spark Hybrid Call Services116
Important Items for Cisco Spark Hybrid Services DeploymentsTCP Port 5062 on the Internet Firewall
Business-to-business, Mobile and Remote Access and Cisco Spark traffic on the same Expressway pair
Business-to-business andMobile and Remote Access calls use port 5061 for SIP TLS, and Cisco Spark trafficuses port 5062 for SIP TLS with mutual authentication.
Why the Cloud Checks Domain OwnershipThe domain ownership check is part of identity verification. Domain verification is a security measure andidentity check that the Cisco Collaboration Cloud implements to prove that you are who you say you are.
The identity check is performed in two stages:
1 Domain ownership check. This step involves three types of domains and is a one-time verification check:
• Email domain
• Expressway-E DNS domain
• Directory URI domain
2 Expressway-E DNS name ownership check. This step is performed through the implementation of TLSwith mutual authentication and involves the use of public certificates on both the cloud and the Expressway.Unlike the domain identity check, this step is performed during any call made to and received from thecloud.
A Story to Show the Importance of the Domain Ownership Check
The Cisco Collaboration Cloud performs the domain ownership check to enforce security. Identity theft isone possible threat if this check is not performed.
The following story details what might happen if a domain ownership check is not performed.
A company with DNS domain set to "hacker.com" buys Cisco Spark Hybrid Services. Another company,with its own domain set to "example.com", is also using hybrid services. One of the general managers of thecompany Example.com is named Jane Roe and has the directory URI [email protected].
The administrator of Hacker.com company sets one of her directory URIs to [email protected] and theemail address to [email protected]. She can do that because the cloud doesn't check the SIP URI domainin this example.
Next, she signs in to Cisco Spark with [email protected]. Because she owns the domain, the verificationemail is read and answered, and she can sign in. Finally, she makes a call to a colleague, John Doe, by [email protected] from her Cisco Spark app. John is sitting in his office and sees a call on his videodevice coming from [email protected]; that is the directory URI associated with that email account.
"She's abroad," he thinks. "She might need something important." He answers the phone, and the fake JaneRoe asks for important documents. She explains that her device is broken, and because she is travelling, sheasks him to send the documents to her private email address, [email protected]. This way, the companyrealizes only after Jane Roe gets back to the office that important information was leaked outside of thecompany.
The company Example.com has many ways to protect against fraudulent calls coming from the Internet, butone of the responsibilities of the Cisco Collaboration Cloud is to make sure that the identity of anyone callingfrom Cisco Spark is correct and not falsified.
To check the identity, Cisco Spark requires that the company proves that it owns the domains used in hybridcalling. If it doesn't, Cisco Spark Hybrid Services won't work.
Deployment Guide for Cisco Spark Hybrid Call Services 117
Important Items for Cisco Spark Hybrid Services DeploymentsWhy the Cloud Checks Domain Ownership
To ensure this ownership, the two domain verification steps are required:
1 Prove that the company owns the email domain, Expressway-E domain, Directory URI domain.
• All those domains must be routable and known by public DNS servers.
• To prove the ownership, the DNS administrator must enter a DNS Text record (TXT). A TXT recordis a type of resource record in the DNS used to provide the ability to associate some arbitrary andunformatted text with a host or other name.
• The DNS administrator must enter that TXT record in the zone whose ownership must be proved.After that step, the Cisco Collaboration Cloud performs a TXT record query for that domain.
• If the TXT query is successful and the result matches the token that was generated from the CiscoCollaboration Cloud, the domain is verified.
• As an example, the administrator must prove that she owns the domain "example.com", if she wantsthat Cisco Spark and Cisco Spark Hybrid Services to work on her domain.
• Through https://admin.ciscospark.com, she starts the verification process by creating a TXT recordto match the token that the Cisco Collaboration Cloud generated:
• The DNS administrator then creates a TXT record for this domain with the value set to123456789abcdef123456789abcdef123456789abcdef123456789abcdef, as in the following example:
• At this point, the cloud can verify that the TXT record for the domain example.com matches thetoken.
• The cloud performs a TXT DNS lookup:
Deployment Guide for Cisco Spark Hybrid Call Services118
Important Items for Cisco Spark Hybrid Services DeploymentsWhy the Cloud Checks Domain Ownership
• Because the TXT value matches the token value, this match proves that the administrator added theTXT record for her own domain to the public DNS, and that she owns the domain.
2 Expressway-E DNS Name ownership check.
• The cloud must check that the Expressway-E has a confirmed identity from one of the certificateauthorities that the cloud trusts. The Expressway-E administrator must request a public certificatefor his Expressway-E to one of those certificate authorities. To issue the certificate, the certificateauthority performs an identity verification process, based on a domain validation check (for domainvalidated certificates) or organization validation check (for organization validated certificates).
• Calls to and from the cloud depend on the certificate that was issued to the Expressway-E. If thecertificate is not valid, the call is dropped.
Supported Certificate AuthoritiesThe Expressway-C connector host must be registered to the Cisco Collaboration Cloud in order for hybridservices to work.
Expressway-C is deployed in the internal network, and the way it registers to the cloud is through an outboundHTTPS connection—the same type that is used for any browser that connects to a web server.
Registration and communication to the Cisco Collaboration Cloud uses TLS. Expressway-C is the TLS client,and the Cisco Collaboration Cloud is the TLS server. As such, Expressway-C checks the server certificate.
The certificate authority signs a server certificate using its own private key. Anyone with the public key candecode that signature and prove that the same certificate authority signed that certificate.
If Expressway-C has to validate the certificate provided by the cloud, it must use the public key of the certificateauthority that signed that certificate to decode the signature. A public key is contained in the certificate of thecertificate authority. To establish trust with the certificate authorities used by the cloud, the list of certificatesof these trusted certificate authorities must be in the Expressway's trust store. Doing so, the Expressway canverify that the call is truly coming from the Cisco Collaboration Cloud.
With manual upload, you can upload all relevant certificate authority certificates to the trust store ofExpressway-C.
With automatic upload, the cloud itself uploads those certificates in the trust store of Expressway-C. Werecommend that you use automatic upload. The certificate list might change, and automatic upload guaranteesthat you get the most updated list.
If you allow automatic installation of certificate authority certificates, you are redirected to https://admin.ciscospark.com (the management portal). The redirection is done by the Expressway-C itself withoutany user intervention. You, as the Cisco Spark administrator, must authenticate through an HTTPS connection.Soon after, the cloud pushes the CA certificates to the Expressway-C.
Until the certificates are uploaded to the Expressway-C trust store, the HTTPS connection cannot be established.
Deployment Guide for Cisco Spark Hybrid Call Services 119
Important Items for Cisco Spark Hybrid Services DeploymentsSupported Certificate Authorities
To avoid this problem, the Expressway-C is preinstalled with Cisco Spark-trusted CA certificates. Thosecertificates are only used to set up and validate the initial HTTPS connection, and they don't appear inExpressway-C trust list. Once the certificates of the trusted certificate authorities are pulled from the cloudthrough this initial HTTPS connection, those certificates are available for platform-wide usage; then, theyappear in the Expressway-C trust list.
This process is secure for these reasons:
• Requires admin access to Expressway-C and to admin.ciscospark.com. Those connections use HTTPSand are encrypted.
• Certificates are pushed from the cloud to Expressway using the same encrypted connection.
This list shows the certificate authority certificates that the Cisco Collaboration Cloud currently uses. Thislist might change in the future:
• C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
• C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
• C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certificate Authority
• C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority- G2
• C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
• C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorizeduse only, CN=thawte Primary Root CA
• C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certificate Authority
A list of certificate authority certificates is also required for the Expressway-E in the traversal pair.Expressway-E communicates with the Cisco Collaboration Cloud using SIP with TLS, enforced by mutualauthentication. Expressway-E trusts calls coming from and going to the cloud, only if the CN or SAN of thecertificate presented by the cloud during TLS connection setup matches the subject name configured for theDNS zone on Expressway ("callservice.ciscospark.com"). The certificate authority releases a certificate onlyafter an identity check. The ownership of the callservice.ciscospark.com domain must be proved to get acertificate signed. Because we (Cisco) own that domain, the DNS name "callservice.ciscospark.com" is directproof that the remote peer is truly the Cisco Collaboration Cloud.
Related Topics
Supported Certificate Authorities for Cisco Spark
Deployment Guide for Cisco Spark Hybrid Call Services120
Important Items for Cisco Spark Hybrid Services DeploymentsSupported Certificate Authorities