[cisco-voip] multiple domain support for jabber (both internal and MRA)

Lelio Fulgenzi lelio at uoguelph.ca
Thu May 24 09:49:32 EDT 2018 

Just following up on this.

We use a special discovery domain in order for on-prem and off-prem to work properly, i.e. MRA/Eway. We don’t have split view DNS enabled, so we deployed a set of DNS servers for a subzone which do have split view enabled, e.g. jabber.acme.com.

I did add this domain to the e-way certs. Curious why I would need to add it to the IM&P and CUCM certs.

On IM&P I created a clusterID, but no other reference to the discovery domain. And on CUCM, no reference at all to these discovery domains.

I’m still not 100% clear on JID vs ??? and how that affects stuff. When users enter their userID at discoverydomain.acme.com<mailto:userID at discoverydomain.acme.com> in the first prompt, it flips and removes the FQDN information and just replaces it with their userID and the prompt for their password. But I believe if we stick with “you must login with your userID” we will be safe.

We’re still in pilot mode, considering mass deployment. Will have to consider the options around automatically assigning the discovery domain. But the more we do, the less the user knows. So, they’re stuck with whatever customization we make.

Lelio



---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: cisco-voip <cisco-voip-bounces at puck.nether.net> On Behalf Of Ryan Huff
Sent: Sunday, May 20, 2018 10:20 AM
To: naresh rathore <nareh84 at hotmail.com>; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] multiple domain support for jabber (both internal and MRA)

Hi Naresh!

There is a lot that could be unpacked here, in terms of a reply, because this area of Cisco UC can be a bit of a big "if then, do else" decision matrix if you're not familiar with all the underlying players. From a 10,000 foot view, multi domain support will work pretty much like having a single domain; you'll just need to account for multiple domains in a couple of key areas.

As a matter of preparation, I would start planing now for the second AND first domain being advertised as a Subject Alternative Name in the Expressway Edge and Control (juxtaposed to just having the first domain), CCM and CCM IM&P SSL certificates. Whether the certificates are self-signed or 3rd Party signed is immaterial.

On the IM and Presence side, you'll be configuring multiple presence domains, one for each of your domains. In the Expressway Control server, you'll configure two domains as well; each will build a separate SSL tunnel (over port 2222) to the Expressway Edge server that will allow the Edge server to answer on port 8443 and accept registration for whichever domain is being requested.

All the internal and external DNS HOST / SRV record requirements are needed for both domains, as should and would be expected. If you have an Expressway cluster, your DNS journey is about to get real fun 😉!

Regarding User ID in CCM; I'm assuming both domains are AD integrated into CCM (meaning that the LDAP sync'ed End User accounts could come from an OU in one or the other domain). Its worth noting that FJID (Flexible Jabber ID) is not supported through MRA. FJID is the ability to authenticate to the Jabber client with a User ID other than whats in the End User's UserID field the Presence and IM server is looking at for user authentication.

FJID works with an internal login, but not through an MRA login. For your scenario, any changes desired in the way a Jabber user logs in (Ex. I want to login as rhuff at oneacmeone.com<mailto:rhuff at oneacmeone.com> instead of Ryan.Huff at oneacmeone.com<mailto:Ryan.Huff at oneacmeone.com>) should always be handled at and through the authentication source; in this case, Active Directory.

Good Luck on your journey, you will learn a lot on this one!

Presence and IM multiple domains:
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_5/CJAB_BK_C6FFF6D8_00_cisco-jabber-115-planning-guide/CJAB_BK_C6FFF6D8_00_cisco-jabber-115-planning-guide_chapter_0100.html#CJAB_RF_ICB63026_00

Expressway Domain Configuration:
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-10/Cisco-Expressway-Basic-Configuration-Deployment-Guide-X8-10.pdf
________________________________
From: cisco-voip <cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>> on behalf of naresh rathore <nareh84 at hotmail.com<mailto:nareh84 at hotmail.com>>
Sent: Saturday, May 19, 2018 8:24 PM
To: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: [cisco-voip] multiple domain support for jabber (both internal and MRA)


hi





I have to configure Cisco Jabber for both Internal and MRA login. user information is already imported from LDAP. this environment take care of telephony requirement of two companies. so there are two domains (for e.g. oneacmeone.com and twoacmetwo.com). i have following queries.



  1.   what configuration changes are required on im and presence?
  2.   do i have to make changes on expressway e and c in regards to support of multiple domain?
  3.   i think i have to change jabber-config file as well?


I found following link. Pls suggest.



https://www.cisco.com/c/en/us/support/docs/unified-communications/jabber-windows/118999-config-imaddress-jabber-00.html
[https://www.cisco.com/web/fw/i/logo-open-graph.gif]<https://www.cisco.com/c/en/us/support/docs/unified-communications/jabber-windows/118999-config-imaddress-jabber-00.html>

Configure the IM Address Scheme for Multiple Domain ...<https://www.cisco.com/c/en/us/support/docs/unified-communications/jabber-windows/118999-config-imaddress-jabber-00.html>
www.cisco.com<http://www.cisco.com>
This document describes the configurations required in order to use flexible instant messaging (IM) address scheme with Cisco Jabber. The feature is supported from Cisco Jabber version 10.6 and later and IM Presence server 10.x.






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180524/7fd670e8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1297 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180524/7fd670e8/attachment.png>

More information about the cisco-voip mailing list