[cisco-voip] are we still using custom jabber xml files in CUCM v11.5 and JAbber v12?

Lelio Fulgenzi lelio at uoguelph.ca
Fri Jun 15 19:02:51 EDT 2018


Well, if you have resources available, you can do what we did.

Delegate a sub-domain to a separate set of DNS server that do support split view.

You can contact me off list if you have questions.

Lelio

-sent from mobile device-

Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1<x-apple-data-detectors://1/0>
519-824-4120 Ext. 56354<tel:519-824-4120;56354> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Jun 15, 2018, at 5:22 PM, Hunter Fuller <hf0002 at uah.edu<mailto:hf0002 at uah.edu>> wrote:

yeah, I'm currently up a creek as a result of this issue. Our DNS vendor doesn't even have an official way to offer split horizon (oops... that requirement didn't exist when we were looking for integrated IPAM products).

On Fri, Jun 15, 2018 at 8:35 AM Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:

Well, just like you said below… , “Webexconnect, which once attempted, if unsuccessful, just kills the how authentication attempt.”

Why couldn’t they do the same thing with the other services? Attempt to connect directly to the on-prem hosts, if that fails, then connect through expressway. Have a heartbeat going that always attempts to connect to on-prem and switches after a reliable connection history is established. Sure, takes a few more smarts, but I’m guessing, you asked 100 EDUs out there if they have split view DNS, chances are they don’t. That could be changing I guess.


---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354<tel:(519)%20824-4120> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

<image001.png>

From: Ryan Huff <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>>
Sent: Friday, June 15, 2018 8:36 AM
To: Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
Cc: Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>>; voyp list, cisco-voip (cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>) <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>

Subject: Re: [cisco-voip] are we still using custom jabber xml files in CUCM v11.5 and JAbber v12?

Now, I think DNS is the way to go for determining authentication and I actually like the way Jabber does it; it’s the perfect example of application democracy.

Jabber has an ordered list of things it checks for and moves on to each until it finds a service discovery and attempts authentication.

With my DNS server and the use of SRV priorities and weights, I can control how that ordered list is executed.

Each side of the process has balanced control, which I think, is the way it should be.

The you have the outlier, Webexconnect, which once attempted, if unsuccessful, just kills the how authentication attempt.

I feel like a simple conditional construct would solve this whole thing:

if (webexconnectLogin) { Login } else { checkForOtherThings }

Sent from my iPhone

On Jun 14, 2018, at 19:04, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:

Hey - I had to go buy two new DNS servers and configure a specialty subdomain to enable MRA.

DNS resolution as the best way to decide who to speak to? Not sure I’m on board there.

You’re preaching to the converted as they say.


-sent from mobile device-


Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354<tel:519-824-4120;56354> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Jun 14, 2018, at 6:59 PM, Ryan Huff <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>> wrote:
It just a silly draconian style application behavior that just doesn’t need to be there.
Sent from my iPhone

On Jun 14, 2018, at 18:51, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:

Interesting. Thanks. I’m guessing we’re either not configured for Jabber cloud or are custom domain is preventing issues.

Now that I think about it, I do remember reading about this in the deployment guide. And the ways around it.
-sent from mobile device-


Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354<tel:519-824-4120;56354> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Jun 14, 2018, at 6:47 PM, Ryan Huff <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>> wrote:
The Jabber client, by default, attempts service discovery with Webexconnect first (Cloud Jabber). If it finds the user’s suffix domain there, it attempts authentication and if its unsuccessful (Ex. it’s configured but not used by the customer, which accounts for many scenarios) it fails and does not attempt any other authentication methods.
Sent from my iPhone

On Jun 14, 2018, at 18:42, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:

Interesting - I’ll have to read the rest of the thread to understand the full the impact of this, however, is it only a problem when you have WebEx messenger subscription and you don’t want to use it. Or does this impact everyone?

As for your comment on URLs and MSIs, I hear ya. Both good points. For me, though, reading that the URL only works (or worked) on certain devices didn’t bode well.

And what if they get a new device and need to reinstall? They’d have to find that email. I like educating our users on what service discovery domain to use.

Our software deployment team might be able to help to make it easier, but again, I’d rather they know how to log in themselves.




-sent from mobile device-


Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354<tel:519-824-4120;56354> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

On Jun 14, 2018, at 3:51 PM, Ryan Huff <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>> wrote:
Sorry to Hijack this but ......

I’d settle for not having a forced Webexconnect authorization attempt without a good solution to turn it off.

If you think the command line installer switches to exclude a WebEx service discovery is an acceptable solution, I’d argue that you’re wrong. What if I want to go cloud someday? Just reinstall all the clients (since this method modified the bootstrap)?

If you think the mobile provisioning URL is a solution, it’s not. It’s a horrible solution. Convince my users to click on a funky looking url on their devices when I spend my existence espousing to users, not to click on funny looking links?

If you would think calling WebEx support to turn it off is acceptable ... please, by all means, try it and let me know your thoughts.

I’ve been after this feature for awhile now, just wrote a new idea request too ...

https://communities.cisco.com/ideas/2827
Sent from my iPhone

On Jun 14, 2018, at 15:30, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:
Well, that’s promising!

I hope whatever comes along will work with v11.5su4. I mean, if it requires and additional suX, I can live with that, too.



---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354<tel:(519)%20824-4120> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

<image001.png>

From: Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>>
Sent: Thursday, June 14, 2018 3:12 PM
To: Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>; voyp list, cisco-voip (cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>) <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] are we still using custom jabber xml files in CUCM v11.5 and JAbber v12?

Hmm the most Ill say is you may be happy this fall wink wink

Get Outlook for iOS<https://aka.ms/o0ukef>


Matthew Loraditch​

Sr. Network Engineer


p: 443.541.1518<tel:443.541.1518>



w: www.heliontechnologies.com<http://www.heliontechnologies.com/>

 |

e: MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>


<image002.png>


<image003.png><https://facebook.com/heliontech>


<image004.png><https://twitter.com/heliontech>


<image005.png><https://www.linkedin.com/company/helion-technologies>




<image006.png><https://heliontechnologies.com/events/14th-annual-automotive-cx-summit-hosted-thought-leadership-summits/>




________________________________
From: cisco-voip <cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>> on behalf of Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
Sent: Thursday, June 14, 2018 2:59:19 PM
To: voyp list, cisco-voip (cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>)
Subject: [cisco-voip] are we still using custom jabber xml files in CUCM v11.5 and JAbber v12?


I realized that in CUCM v9 and Jabber v11, we needed to use custom jabber xml files if we wanted to turn on a feature for some people but not others. That gets tricky with multiple features and providing some but not others. Definitely not scalable.

Has this changed in CUCM v11.5 and Jabber v12? I’m really hoping that the device configuration page will include most of the feature information.

We see new COP files distributed for phones as they are improved upon, it would be neat to see the same thing for Jabber.



---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354<tel:(519)%20824-4120> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

<image001.png>

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
--

--
Hunter Fuller
Network Engineer
VBH Annex B-5
+1 256 824 5331

Office of Information Technology
The University of Alabama in Huntsville
Systems and Infrastructure
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180615/b77765a9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1297 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180615/b77765a9/attachment.png>


More information about the cisco-voip mailing list