<div dir="ltr"><div>Daniel, </div><div>for 2 ways intra-domain federation. I suppose if covers scenario whereby some users are on Jabber and some users are on SfB as documented.</div><div><br></div><div>For example user "Ki Wi, <a href="mailto:kiwi@mycompany.com">kiwi@mycompany.com</a>" uses SfB clients and uses cisco hardphone. I answered on my hardphone. Will IM&P update SfB that Ki Wi is busy/on the phone? </div><div><br></div><div>If everyone is using SfB clients only then it will be fine but most of the time, the client already have a lot of hard phones deployed or they simply prefers hardphone. </div><div><br></div><div>Multi-factor authentication via ADFS 3.0 . Anyone tried it? What is choosen? </div><div>I believe on mobile client, it might be a challenge to present additional "factor" such as client certificate. </div><div><br></div><div>Regards,</div><div>Ki Wi<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 7, 2016 at 12:01 PM, <span dir="ltr"><<a href="mailto:daniel@ohnesorge.me" target="_blank">daniel@ohnesorge.me</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="font-family:Verdana,Geneva,sans-serif;font-size:10pt">
<p>No Worries KiWi</p>
<p>Regarding Presence, Partitioned Intra-Domain Federation supports two-way IM and Presence so you should be covered there. Regarding your security concerns, this can also be done. For example, you can achieve Multi-Factor Authentication out of the box using SAML SSO products (ADFS 3.0 and OpenAM both support MFA) which is supported over Expressway. If using Client Certificates for said authentication, you could have an MDM solution like Mobile Iron be the only way to distribute the certificates using SCEP. DDoS protection can always be achieved by ASA or 3rd Party Firewall.</p><div><div class="h5">
<p>On 2016-04-07 13:08, Ki Wi wrote:</p>
<blockquote style="margin:0px;padding:0px 0.4em;border-left-color:rgb(16,16,255);border-left-width:2px;border-left-style:solid" type="cite">
<div dir="ltr">
<div>Hi Matt, Alastair & Daniel,</div>
<div>thanks!</div>
<div> </div>
<div>Looks like the deployment choices doesn't change much since OCS days except the additional of VCS option now only.</div>
<div>For presence, seems like there's this product but I'm not sure it is 1 way or 2 way sync. Seems like UCM to Lync only. <span style="color:rgb(0,0,0);font-family:"Times New Roman";font-size:medium"> </span>
<p style="margin:0cm 0cm 0pt"><span style="color:rgb(31,73,125)"><a href="http://www.bridgeoc.com/products/licc/licc.htm" target="_blank"><span style="color:rgb(5,99,193);font-family:Calibri;font-size:medium">http://www.bridgeoc.com/products/licc/licc.htm</span></a></span></p>
<span style="color:rgb(0,0,0);font-family:"Times New Roman";font-size:medium"> </span></div>
<div> </div>
<div>Jabber is a fantastic application which client is using now. However, when it comes to Jabber on mobile via expressway. It is lacking of security measures in place.</div>
<div> </div>
<div>The client I have is very concern about identify theft for higher management. Therefore, single factor authentication is not sufficient. They wanted every client authenticating via expressway to be MDM managed. This is not available today and SFB apparently have a lot of 3rd party applications doing this. One of them is skypeshield which I found online.</div>
<div> </div>
<div>Jabber for everyone users are able to use expressway for free right? I saw on other threads here. Someone answered yes.</div>
<div> </div>
<div>Regards,<br>Ki Wi</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, Apr 6, 2016 at 9:15 PM, Matt Slaga (AM) <span><<a href="mailto:matt.slaga@dimensiondata.com" target="_blank">matt.slaga@dimensiondata.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">
<div lang="EN-US">
<div>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;font-size:11pt">Another option, although not perfect, is using a hardware device like a Kuandobox.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;font-size:11pt"><a href="http://www.plenom.com/products/kuandobox/" target="_blank">http://www.plenom.com/products/kuandobox/</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;font-size:11pt">Works well in cube environments, but not so well in offices, or places where users use speakerphone often.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Calibri",sans-serif;font-size:11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><a name="m_5901724781393716118_m_1387965447936363706__MailEndCompose"></a><span style="font-family:"Calibri",sans-serif;font-size:11pt"><u></u> <u></u></span></p>
<span></span>
<div>
<div style="border-width:1pt medium medium;border-style:solid none none;border-color:rgb(225,225,225) currentColor currentColor;padding:3pt 0in 0in">
<p class="MsoNormal"><strong><span style="font-family:"Calibri",sans-serif;font-size:11pt">From:</span></strong><span style="font-family:"Calibri",sans-serif;font-size:11pt"> cisco-voip [mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>] <strong>On Behalf Of </strong>Alastair Watts<br> <strong>Sent:</strong> Wednesday, April 6, 2016 8:28 AM<br> <strong>To:</strong> <a href="mailto:kiwi.voice@gmail.com" target="_blank">kiwi.voice@gmail.com</a>; <a href="mailto:daniel@ohnesorge.me" target="_blank">daniel@ohnesorge.me</a><br> <strong>Cc:</strong> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br> <strong>Subject:</strong> Re: [cisco-voip] Cisco UCM with Skype for Business<u></u><u></u></span></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><br> <br> I echo Daniel's comments below regarding the Lync/SfB integration, and recommend that you look at the reasons why you're choosing to integrate SfB - particularly with voice/video or with SfB mobile clients.<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">In the last few months, Cisco acquired Acano, whose portfolio of products can assist with bridging SfB and CUCM when joining the two is required.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I strongly recommend reviewing the Cisco Live talk that was presented earlier this year in Melbourne (available at <a href="https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=89886" target="_blank"> https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=89886</a>) , which goes into integration options between Lync/SfB and Cisco, including limitations, and includes the Acano product set and how it can assist with the integration.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Al<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<div>
<p class="MsoNormal">On 6 Apr 2016, at 17:10, Daniel Ohnesorge via cisco-voip <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>> wrote:<u></u><u></u></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<div>
<p class="MsoNormal">You have a few options but none will suit your needs:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">- Partitioned Intra-Domain Federation from CUPS to Lync will provide IM/Presence <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">- Direct SIP Trunk to Lync Mediation Server will provide the ability to call Enterprise Voice enabled Lync clients (no video)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">- VCS/Expressway to Lync Mediation Server with/without Media Bypass will provide voice and video to Enterprise Voice enabled Lync clients<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">- RCC (with Enterprise Voice disabled) will give you deskphone control of your Cisco phones from Lync client<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">- CUCILync (with Enterprise Voice disabled) will give you voice/video softphone as well as deskphone control<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">All of the above solutions cater different needs but you are limited with mobile support. You can run Jabber on mobile devices in Phone-only mode and then have separate Lync client for IM but that would be a bad user experience.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Unless there is a specific reason to use Lync/SFB, if you already have a CUCM you may want to go Jabber and choose one of the above options.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">This is always a good read: <a href="https://social.technet.microsoft.com/Forums/office/en-US/cef0dd13-1092-46ec-9d1c-6679511d2206/lync-cisco-cucm-rcc?forum=ocsvoice" target="_blank">https://social.technet.microsoft.com/Forums/office/en-US/cef0dd13-1092-46ec-9d1c-6679511d2206/lync-cisco-cucm-rcc?forum=ocsvoice</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">and: <a href="http://www.justin-morris.net/cuci-lync-and-why-you-should-think-twice/" target="_blank">http://www.justin-morris.net/cuci-lync-and-why-you-should-think-twice/</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">and finally: <a href="https://supportforums.cisco.com/discussion/11500646/cupsjabberlynccucilynciphoneandriod-head-spinning" target="_blank">https://supportforums.cisco.com/discussion/11500646/cupsjabberlynccucilynciphoneandriod-head-spinning</a><u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<div>
<p class="MsoNormal">Sent from my iPhone<u></u><u></u></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12pt"><br> On 6 Apr 2016, at 17:06, Ki Wi <<a href="mailto:kiwi.voice@gmail.com" target="_blank">kiwi.voice@gmail.com</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<div>
<div>
<div>
<p class="MsoNormal">Hi Group, <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">anyone have experience integrating ?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">The objective is to use Skype for business client for IM & voice/video call. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">It seems like the legacy approach is to use CUCILYNC. However, that's for windows desktop. If we use Skype for mobile clients, there's no such plug in. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Is there a way to achieve presence synchronization between UCM and Skype presence service? <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Assuming they are using the same URI ?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">+<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Able to leverage on UCM to receive and initial calls. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Regards,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Ki Wi<u></u><u></u></p>
</div>
</div>
</div>
</blockquote>
<blockquote style="margin-top:5pt;margin-bottom:5pt">
<div>
<p class="MsoNormal" style="margin-bottom:12pt">_______________________________________________<br> cisco-voip mailing list<br> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br> <a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><u></u><u></u></p>
</div>
</blockquote>
</div>
<p class="MsoNormal">_______________________________________________<br> cisco-voip mailing list<br> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br> <a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><u></u><u></u></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><br> <br> <span style="color:white">itevomcid</span> <u></u><u></u></p>
</div>
</div>
</blockquote>
</div>
</div>
<br>
<div style="margin:0px;padding:0px;font-family:monospace">_______________________________________________<br> cisco-voip mailing list<br> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br> <a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a></div>
</blockquote>
<p> </p>
<div> </div>
</div></div></div>
</blockquote></div><br></div>