[cisco-voip] multiple domain support for jabber (both internal and MRA)

Ryan Huff ryanhuff at outlook.com
Sun May 20 10:19:48 EDT 2018 

Hi Naresh!

There is a lot that could be unpacked here, in terms of a reply, because this area of Cisco UC can be a bit of a big "if then, do else" decision matrix if you're not familiar with all the underlying players. From a 10,000 foot view, multi domain support will work pretty much like having a single domain; you'll just need to account for multiple domains in a couple of key areas.

As a matter of preparation, I would start planing now for the second AND first domain being advertised as a Subject Alternative Name in the Expressway Edge and Control (juxtaposed to just having the first domain), CCM and CCM IM&P SSL certificates. Whether the certificates are self-signed or 3rd Party signed is immaterial.

On the IM and Presence side, you'll be configuring multiple presence domains, one for each of your domains. In the Expressway Control server, you'll configure two domains as well; each will build a separate SSL tunnel (over port 2222) to the Expressway Edge server that will allow the Edge server to answer on port 8443 and accept registration for whichever domain is being requested.

All the internal and external DNS HOST / SRV record requirements are needed for both domains, as should and would be expected. If you have an Expressway cluster, your DNS journey is about to get real fun 😉!

Regarding User ID in CCM; I'm assuming both domains are AD integrated into CCM (meaning that the LDAP sync'ed End User accounts could come from an OU in one or the other domain). Its worth noting that FJID (Flexible Jabber ID) is not supported through MRA. FJID is the ability to authenticate to the Jabber client with a User ID other than whats in the End User's UserID field the Presence and IM server is looking at for user authentication.

FJID works with an internal login, but not through an MRA login. For your scenario, any changes desired in the way a Jabber user logs in (Ex. I want to login as rhuff at oneacmeone.com instead of Ryan.Huff at oneacmeone.com) should always be handled at and through the authentication source; in this case, Active Directory.

Good Luck on your journey, you will learn a lot on this one!

Presence and IM multiple domains:
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_5/CJAB_BK_C6FFF6D8_00_cisco-jabber-115-planning-guide/CJAB_BK_C6FFF6D8_00_cisco-jabber-115-planning-guide_chapter_0100.html#CJAB_RF_ICB63026_00

Expressway Domain Configuration:
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-10/Cisco-Expressway-Basic-Configuration-Deployment-Guide-X8-10.pdf
________________________________
From: cisco-voip <cisco-voip-bounces at puck.nether.net> on behalf of naresh rathore <nareh84 at hotmail.com>
Sent: Saturday, May 19, 2018 8:24 PM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] multiple domain support for jabber (both internal and MRA)


hi



I have to configure Cisco Jabber for both Internal and MRA login. user information is already imported from LDAP. this environment take care of telephony requirement of two companies. so there are two domains (for e.g. oneacmeone.com and twoacmetwo.com). i have following queries.


  1.   what configuration changes are required on im and presence?
  2.   do i have to make changes on expressway e and c in regards to support of multiple domain?
  3.   i think i have to change jabber-config file as well?


I found following link. Pls suggest.


https://www.cisco.com/c/en/us/support/docs/unified-communications/jabber-windows/118999-config-imaddress-jabber-00.html

[https://www.cisco.com/web/fw/i/logo-open-graph.gif]<https://www.cisco.com/c/en/us/support/docs/unified-communications/jabber-windows/118999-config-imaddress-jabber-00.html>

Configure the IM Address Scheme for Multiple Domain ...<https://www.cisco.com/c/en/us/support/docs/unified-communications/jabber-windows/118999-config-imaddress-jabber-00.html>
www.cisco.com
This document describes the configurations required in order to use flexible instant messaging (IM) address scheme with Cisco Jabber. The feature is supported from Cisco Jabber version 10.6 and later and IM Presence server 10.x.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180520/925c4620/attachment.html>

More information about the cisco-voip mailing list