案例講稿2016思科xmpp federation cisco vcs x87or im和presence service

CiscoCiscoSystems,1攻城 歸原作者所有本資 試CiscoUnifiedCommunicationsXMPPFirstPublished:December2014LastUpdated:November2015CiscoVCS22CiscoCiscoSystems,3攻城 歸原作者所有本資 試PresenceServiceServerthroughCiscoVCS(VCS)or,alternatively,throughIMandPresenceService.IMandPresenceMultipleStaticInternalExternalfederationterminatedfromYes(externalfederationonVCS.HowtousethisDeploymentExternalXMPPFederationthroughVCS,page4.FederationthroughIMandPresenceService,page23. Youmayrequireinformationcontainedinthefollowing 44攻城 歸原作者所有本資 試differentXMPPdeployment.theVCSControlandVCSExpresswayCollaborationEdgeSolution,tothefederatedXMPPserver.ItalsoshowstheportsandconnectionsthatareusedasthemessagestraverseDMZfirewalls.SIPfederationonIMandPresenceServiceandexternalXMPPfederationonVCS.ConnectionManagerfeatureserviceonIMandPresenceService.Tip:FormoreinformationaboutexternalXMPPfederationthroughCiscoVCS,seetheCisco CommunicationsServiceAdministratorGuide.SupportedVCSX8.2orCiscoWebexConnectReleaseOther pliantEnsurethatyouarerunningthefollowingsoftwareVCSX8.2or55攻城 歸原作者所有本資 試systemsmustfederatewiththeJabberIDsthatarenativetoUnifiedCMIMandPresenceService.Youcan configureyourfirewalltoallowinboundconnections.CommunicationsManager.configuredontheIMandPresenceServiceservers.UseeithertheXMPPAddressorDNSformats.NotethattheVCSControlautomaticallyincludesthechatnodealiasesinitssigningrequests(CSRs),providingithasdiscoveredasetofIMandPresenceServiceservers.WhengeneratingCSRsfortheVCSExpresswaywe 6677TaskFlowforXMPPFederationthrough page7EnsureIMandPresenceServiceisoperationalandhasXMPPfederationturnedoffpage7 Communications,page8Configurethelocal sforXMPPfederationonVCSConfiguringLocal onVCS,page11Federation,page11nodealiasesarelocatedusingeitherDNSlookupsorstaticpage14Configuretheallowanddenylistsforfederated chatnodealiasesConfiguringtheAllowandDenyListsforstaticroutes)DNSSRVRecordsforXMPPFederation,pageCheckthestatusofXMPPTotroubleshootyour88 RequirementsforUnifiedCSRSANJabber √(VCSExpresswayXXXMPP XX√IMandPresenceServicechatnodealiases(federatedgroupchat)XX√√XXrenamed.Forexample,whenanIMandPresenceServicenodeisaddedorrenamed,orifnewTLSphonesecurityprofilesareadded.YouwillneedtouploadanewVCSExpressway oriftheUnifiedCM,orXMPPfederation s,aremodified.YoumustrestarttheVCSforanynewuploaded totakeVCSControl TheVCSControl needstoincludethefollowingelementsinitslistofsubjectalternaterequiringremoteaccess.ThisensuresthatUnifiedCMcancommunicatewithVCSControlviaaTLSmoreinformation,seetheandRemoteAccessviaCiscoVCSDeploymentGuideavailableat 99 federatedcontacts.IMandPresenceServiceservers. includethesamechatnodealiasesintheVCSExpresswayserver'salternativenames.CSRgeneratorVCSExpressway TheVCSExpressway needstoincludethefollowingelementsinitslistofsubjectalternatedevicesandVCSExpressway.multiples.TheSRVNameformatmaynotbesupportedbyyourchosenCA.moreinformation,seetheandRemoteAccessviaCiscoVCSDeploymentGuideavailableat mendthatyouselecttheDNSformatandmanuallyspecifytherequiredFQDNs,separatedbywillsupportgroupchatoverTLSwithfederatedcontacts. mendthatyouselecttheDNSformatandmanuallyspecifytherequiredFQDNs,separatedbypageontheVCS攻城 歸原作者所有本資 試EnteringsubjectalternativeuploadtheVCSserverandhowtouploadalistoftrusted Youmustconfigureyour namesforwhichyouwanttoprovideXMPPfederated ClickNew(orclickView/Editifthe alreadyEnteryour nametobeRepeatforanyotherlocal srequiringfederation.Pleasenotethefollowing: ConfiguringVCSExpresswayforXMPP Anyexisting numberof systemformoreinformation.ConfiguretheremainingfieldsasUsestaticIndicateswhetheracontrolledlistofstaticroutesareusedtolocatethefederatedXMPPforFederatedsandChatNodeAliasesareLocated,page14.thesamedialbacksecret.required,preferredornotrequired.TLSoptional:thesystemattemptstoestablishaTLSconnectionwiththeforeign failstoestablishaTLSconnection,itrevertstoTCP..NoTLS:thesystemwillnotestablishaTLSconnectionwiththeforeign encryptedconnectiontofederatewiththeforeign.exchangeswillnotbesupportedbythelocalserver. sControlswhetherthe VCStrusted Authority(CA)listand,ifloaded,therevocationlist.'ssubjectalternatename,regardlessofthissetting.Controlswhetherrestrictionsareappliedtothesetoffederated Allowlist:Federationisallowedonlywiththe allowlist.Denylist:Federationisallowedwithany inthedenylist.automaticallyintheallowlist.SeeConfiguringtheAllowandDenyListsforFederated page15.wanttorestarttheXCProuterontheVCSControl.totheassociatedVCSControl.XCProuters.Ifyoudoneedtorestartthem:ThiscausesarestartofallXCPservices.RepeatoneachIMandPresenceServiceConfiguringhowXMPPServersforFederatedsandChatNodeAliasesareYoucanuseNameSystem(DNS)lookupstolocatetheXMPPserversforfederated aliases,oryoucanconfiguretheaddressesofspecificXMPPserversusingstaticroutes.RecordsforXMPPFederation,page16. TheIPaddressorFullyQualified orchatnodealias.Youcanspecifyadditionalroutestoalternativeaddressesforthesame haveanequalpriority).Iftherearenostaticroutesdefinedforafederated contactedoverthoseroutes,thesystemwillnotfallbacktoDNS.ConfiguringtheAllowandDenyListsforFederatedsandChatNodetoallowordenyfederatedconnections.Thisfunctionmanagesrestrictionsatthe byeach/enduser.Theallowlistanddenylistmodesaremutuallyexclusive.A Whenfederationisfirstenabled,PrivacymodeissettoAllowlistbydefault.Ineffectthisputsthesysteminaeitheraddthemtotheallowlist,configurestaticroutes,orchangethePrivacymodesetting.OnVCSExpressway,gotoConfiguration>UnifiedSetPrivacymodeas Denylist:Federationisallowedwithany Federationdenylistasnotallowedinthenames;itmustbeanexactmatch. DNSSRVRecordsforXMPPbepublished._xmpp-serverYoumustpublishan_xmpp-serverDNSSRVrecordinDNSforyourlocal accessyourfederatedXMPPservices.Forexample:0000GrouppublishthesameDNSSRVrecordinDNSforits.Forexample:00inDNS.andPresenceServiceservers.AliasesthatareconfiguredontheIMandPresenceServiceservers.groupchat.PortUsageforXMPPVCSExpresswayVCSExpresswayFederatedXMPPserverFederatedXMPPserverVCSExpresswayIMandPresenceCheckingXMPPFederationNormally,XMPPFederationshouldbeActive.formoreguidanceastowhatiscausingtheproblem.ViewingFederatedThisshowsallthecurrentconnectionspassingthroughthatVCSExpressway.Itdis ystheIPAddressofthe ,andtheDirection( Connectionsareclosedafter10minutesofinactivity. TroubleshootingExternalXMPPmakingconfigurationchangesonalivesystem.sandSecureTLSConnections,pageCheckingtheBasicStatusofyourCommunicationspageonboththeVCSControlandtheVCSExpressway.theproblem.GeneralConfiguration (Status>Zones).UnifiedCommunicationsmodeissettoandremoteaccessonboththeVCSControlandVCS >Discovery,Connectivity,andFirewallIfusingDNSlookup,checkthat_xmpp-serverpublicDNSrecordsexistforthe ofallfederatedparties,andthattheyuseport5269.攻城 歸原作者所有本資 試Controlisconnectedtotheinternally-facinginterfaceontheVCSExpressway.IftheaddressofanIMandPresenceServicenodehaschanged,oranewpeerhasbeenaddedtoanIMandandclickRefreshServers.Youmustthensavetheupdatedconfiguration.sandSecureTLSValid sareinstalled,theyareindateandnotBoththeremoteandlocalserver smustcontainavalid (SAN).ThisappliesevenifRequire -sidesecurity sisdisabled.IfRequire-sidesecurity sisenabled,ensurethattheserver isnotlocallysigned.Authority sareIfyouareusinggroupchatoverTLS,ensurethattheVCSControlandVCSExpresswayserversAliasesthatareconfiguredontheIMandPresenceServiceservers.federatedsystem.See RequirementsforUnifiedCommunications,page8formoreCheckingtheEventVCSControl.PerformingDiagnosticdebuglevel.DisablingInterXMPPFederationonUnifiedCMIMandPresenceonVCS.exactlytheordershown: >XMPPFederation>攻城 歸原作者所有本資 試RestartalloftheUnifiedCMIMandPresenceServiceXCPRouterservicesthatareconnectedtothatVCSImpactofConfigurationChangesonaLiveIngeneral,we susingandremoteaccess.VCSControlConfigurationsVCSControlandVCSExpressway.ThiswillremovetheVCSExpresswayXMPPfederationnodefromalldiscoveredIMandPresenceServicerouteronallaffectedIMandPresenceServicenodes.Theend-userimpactisthatallIMandPresenceServicesessionswillbedisconnected.IMandPresenceServicenode,allXCPfunctionalityonthatnodewillbedisrupted.PresenceServicenodeassociatedwiththatpublisherifXMPPFederationisenabled.updatesforafewseconds.VCSExpresswayConfigurationTheVCSExpresswayXMPPfederationnodewillberemovedfromalldiscoveredIMandPresenceServicerouteronallaffectedIMandPresenceServicenodes.Theend-userimpactisthatallIMandPresenceServicesessionswillbedisconnected.IMandPresenceServicenode,allXCPfunctionalityonthatnodewillbedisrupted.攻城 歸原作者所有本資 試theXCProuteronallaffectedIMandPresenceServicenodes.Theend-userimpactisthatallIMandPresenceServicesessionswillbedisconnected.IMandPresenceServicenode,allXCPfunctionalityonthatnodewillbedisrupted.OtherXMPPFederationEnd-usersmaynoticeatemporarydisruptiontofederation;any andremoteaccessIMandPresenceServicesessionswillremainconnected.ReconnectionTimesafterLossofServerRecoveryManagerserviceparametersontheIMandPresenceServiceserver.PleaserefertotheHighAvailabilityLoginProfilessectionoftheIMandPresenceServiceversionyouarerunningatht TemporaryorPartialLossofIMandPresenceServiceIfafederatedserver esunavailableduetoagracefulshutdown,VCSwillimmediayseektoreestablishathefederatedpartnermayoccur.攻城 歸原作者所有本資 試XMPPFederationthroughIMandPresenceThisintegrationenablesIMandPresenceServiceusersinoneenterprise andInstantMessaging(IM)withusersinexternals.SupportedCiscoWebExMessengerReleaseCiscoUnifiedPresenceReleaseNote:IMandPresenceServicedoesnotsupportXMPPfederationbetweenIMandPresenceServiceRelease9.xenterpriseandaCiscoUnifiedPresenceRelease7.xenterprise.Note:IfyouwishtoenableXMPPfederationwithanexternal,ensurethattheexternal previouslyconfiguredasaSIPfederatedonCiscoUnifiedPresence.Example:ACiscoUnifiedPresencedeploymentwith washistoricallyconfiguredasaSIP-basedfederation.But XMPP-basedfederation.Toallowthis,thelocaladministratormustfirstdelete asaSIP-federatedonCiscoUnifiedPresence.theWebExConnect.andPresenceService,followingtheproceduresdescribedinthisguide.onenodepercluster.TheXMPPfederationconfigurationmustbeidenticalacrossclusters.TheDiagnosticsconfigurationisnotidenticalacrossclusters.CertificationAuthority(CA).InterclusterandMultinodetomultinodeIMandPresenceServicedeployments.攻城 歸原作者所有本資 試enabledforXMPPfederation.All XMPPfederation.PresenceServiceclustersandyoumustenableXMPPfederationatleastoncepercluster.UnlikeSIPfederation,IMandPresenceServicecanroute InaninterclusterandamultinodeclusterIMandPresenceServicedeployment,whenanexternalXMPPfederatedthecluster.Withthisconfiguration,IMandPresenceServiceroutesall loadbalancingthe ingrequestsacrossthenodesrunningXMPPfederation.IMandPresenceServiceload-ExampleofXMPPFederatedNetworkbetweenIMandPresenceServiceandIBMSametimefederation.CiscoAdaptiveSecurityAppliance(ASA)actsonlyasafirewallforXMPPfederation;itdoesnotprovideTLSfunctionalityorPortAddressTranslation(PAT)forXMPPfederation.攻城 歸原作者所有本資 試TherearetwoNameSystem(DNS)serverswithintheinternalIMandPresenceServiceenterpriseandPresenceServicepublicaddressandDNSSRVrecordsforSIPfederation(_sipfederationtls),andXMPPfederation(_xmpp-server)withIMandPresenceService.TheDNSserverthathoststheIMandPresenceServicepublicaddressislocatedinthelocalDMZ.TaskFlowforXMPPFederationthroughIMandPresencePresenceService.ConfigureIMandPresenceServiceforXMPPpage26page40(Optional)Configure forfederationXMPPfederationFederation,page37PresenceService攻城 歸原作者所有本資 試ConfiguringIMandPresenceServiceforXMPPDNSSRVRecordsforXMPPFederation—ExceptionConfigurationConfigureGeneralSettingsforXMPPFederationonIMandPresenceXMPPFederationCiscoWebExMessengerReleaseCiscoUnifiedPresenceReleaseNote:IMandPresenceServicedoesnotsupportXMPPfederationbetweenIMandPresenceServiceRelease9.xenterpriseandaCiscoUnifiedPresenceRelease7.xenterprise.CollaborationEdgesolution.theWebExConnect.XMPPfederationonIMandPresenceService.onenodepercluster.TheXMPPfederationconfigurationmustbeidenticalacrossclusters.TheDiagnosticsconfigurationisnotidenticalacrossclusters.攻城 歸原作者所有本資 試CertificationAuthority(CA).ImportantNotesaboutRestartingServicesforXMPPuserinterface:TurnonXMPPFederationonaThissettingisturnedonbyFederation>XMPPFederation>Settings.unlessyouturnonXMPPfederationonthenode.Determinewhethertheexternal SecureSocketsLayer(SSL)mode"TLSOptional"or"TLSRequired".SSLmode"TLSRequired",andyoumustenableSASL.攻城 歸原作者所有本資 試IfIMandPresenceServicefailstoestablishaTLSconnection,itrevertstoserverdialbacktoverifytheidentityoftheotherserver. ChecktheRequire -sidesecurityscheckboxifyouwanttoen strictvalidationofsfromexternal serversagainstaninstalledrootCA default,ifyouselecteitherTLSOptionalorTLSRequiredsecuritysettings.Note:IfyouareconfiguringXMPPfederationwithWebEx,donotchecktheRequire-side checkChecktheEnableSASLEXTERNALonall ingconnectionscheckboxtoensurethattheIMandPresenceServiceadvertisessupportforSASLEXTERNALon SASLEXTERNALvalidation.ChecktheEnablingSASLonoutboundconnectionscheckboxtoensurethatIMandPresenceServicesendsaSASLauthidtotheexternaliftheexternalserverrequestsSASLEXTERNAL.connecttoIMandPresenceService.IMandPresenceServicedoesnotacceptanypacketsfromtheexternalTip:Forfurtherinformationonthesecuritysettings,seetheOnlinesettings.RuntheSystemTroubleshootertoensurethatyourconfigurationisconsistentonallnodes.攻城 歸原作者所有本資 試DNSSRVRecordsforXMPPFederation,pageDNSSRVRecordsforXMPPFederationChatFeature,pageDNSSRVRecordsforXMPPToallowIMandPresenceServicetodiscoveraparticularXMPPfederated,thefederatedenterprisemustCiscoUnifiedCMIMandPresenceAdministrationuserinterfacetoviewalistofallthes.GotothePresenceswindowtoviewalistofall sinthesystem.LogintoCiscoUnifiedCMIMandPresenceAdministrationuserinterfaceandchoosePresence> Youcanalsousethe sforFederationwindowtoviewthelistofall addressforfederationfeatureisenabled.LogintotheCiscoUnifiedCMIMandPresenceAdministrationuserinterface.ChoosePresence>Inter-Federation>Federateds..攻城 歸原作者所有本資 試Figure1DNSSRVfor_xmpp-TwoDNSrecordsareneededforeachserverinthecluster:oneDNSrecordforIPv4andthesecondDNSrecordforForexample: isdiscoverable.settype=srv_(is This tsimilartothis "is ofthefederated recordfortheenterpriseinthepublicDNS.IMandPresenceServiceroutesall ingrequestsfromexternalPresenceServiceclustersandyoumustenableXMPPfederationatleastoncepercluster.UnlikeSIPfederation,result,IMandPresenceServicecanroute enableforXMPPfederation.Withthisconfiguration,IMandPresenceServiceroutesall ingrequeststothatsinglenode,ratherthanload-balancingthe XMPPfederation.ADNSSRVrecordmustbepublishedforeach thatishostedintheIMandPresenceServicedeployment.Thefollowingfigureshowsanexampleinter FigureFigure2inanXMPP-BasedFederatedEachDNSSRVrecordmustresolvetothepublicFQDNofbothIMandPresenceServicenodesthataredesignatedDNSSRVRecordsforXMPPFederationChatpublishthechatnodealiasinDNS.multiplenodesConfigureaNATcommandconfiguredonCiscoAdaptiveSecuritymultiplenodesinternallydirectlytotheappropriatechatnode.ConfigureaNATcommandonCiscoAdaptiveSecurityApplianceorNote:Toallowthechatnodetohandle ingfederatedtextrequests,youandPresenceServiceonCiscoUnifiedCommunicationsManager.ConfigureDNSSRVRecordforXMPPFederationChatChatServer>AliasMap. SeethefollowingfiguresforsampleDNSconfigurationrecords.Note:Ifthetextconferenceserveraliasisconference-2-StandAloneC thenthe conference-2-StandAloneCluster,andyouskipStep3.InStep4,cre nunderconference-2-Figure5IPv6DNSSRVRecordfor_xmpp-serverforChatFigure6DNSConfigurationforChatSettingsConfigurationforXMPPFederationExceptionConfiguration nameforaexception,notethefollowing: . appliesthe andanysub ,for optionsareavailable:Allfederatedpacketsfrom/totheabove goingtoandcomingfromthespecified Onlyoutgoingfederatedpacketstotheabove/host-allowIMandPresenceServicetosendConfigureforXMPPServices),CiscoXCPXMPPFederationConnectionManager(chooseTools>ControlCenter-FeatureServices).WhenyourestarttheCiscoXCPRouterservice,IMandPresenceServicerestartsalltheXCPservices.Federation>XMPPFederation>.Allow-IMandPresenceServicepermitsallfederatedtrafficfromXMPPfederated sthatyouexplicitlydenyontheexceptionlist.Deny-IMandPresenceServicedeniesallfederatedtrafficfromXMPPfederated Toconfigure ontheexceptionClickAddSpecify nameorthehostnameoftheexternal ConfiguretheCiscoAdaptiveSecurityApplianceforXMPPingandoutgoingXMPPfederatedtrafficontheCiscoAdaptiveSecurityAppliance.configureaccesstoeachofthesenodes,forexample:objectnetworkobj_host_public_imp_ip_address#hostpublic_imp_ip_addressConfigurethethefollowingNATobj_udp_source_eq_5269obj_tcp_source_eq_5269(ThisexampleisfortwoadditionalXMPPfederationnodes)obj_udp_source_eq_5269obj_tcp_source_eq_5269obj_udp_source_eq_5269obj_tcp_source_eq_5269(ThisexampleisfortwoadditionalXMPPfederationnodes)obj_udp_source_eq_5269obj_tcp_source_eq_5269obj_udp_source_eq_5269obj_tcp_source_eq_5269TurnonXMPPFederationYouneedtoturnontheCiscoXCPXMPPFederationConnectionManagerserviceoneachIMandPresenceServicenodethatrunsXMPPfederation.FeatureServiceswindow.BeforeyouAdministration,seeXMPPFederationthroughIMandPresenceService,page23.LogintotheCiscoUnifiedIMandPresenceServiceabilityuserinterface.ChooseTools>ServiceIntheIMandPresenceServicesarea,clickthebuttonnexttotheCiscoXCPXMPPFederationConnectionManagerservice. ConfigurationforXMPP Multi- Overview,pageUseaSelf- ConfigurationforXMPPVerifythatalllocal missinglocal sbeforeyougeneratethecup-xmpp-s2s.Create forXMPP forXMPPImporttheroot sareuploadedinsteadoftherootCA. ValidationforXMPPAlllocal ,validatethatalllocalsareconfiguredandappearinthe sthatarennedfor,butthatdon'tyetappearinthelistoflocal s.Forexample,athatdoesnotcurrentlyhaveanyusersassignednormallydoesnotappearinthelist oraCA-signed forfederationisenabled,all smustalsobeincludedinthe PresenceServiceabilityuserinterfaceandchooseTools>ControlCenter-FeatureServices.Multi- ofsigning UseaSelf- forXMPPThissectiondescribeshowtouseaself-signed signed,seeUseofaCA-Signed forXMPPFederation,page41 RestarttheCiscoXCPXMPPFederationConnectionManagerservice.LogintotheCiscoUnifiedIMandDownloadandsendthetoanotherenterprisesothatitcanbeaddedasatrusted theirXMPPserver.ThiscanbeaIMandPresenceServicenodeoranotherXMPPserver.UseofaCA- forXMPP forXMPPGenerate SigningRequestforXMPPThisproceduredescribeshowtogeneratea SigningRequest(CSR)fora Note:WhilethisprocedureistogenerateaCSRforsigninga theCSR(steps1to3)applywhenrequestingafromany Configure forthe ,see ValidationforXMPPFederation,page Note:Youmustcopyallinformationfromandincluding-BEGIN REQUEST-Server>/certsrv.ClickRequest ClickSubmitarequestbyusingabase-64-encodedCMCorPKCS#10file,orsubmitarenewalrequestbyusingabase-64-encodedPKCS#7file.ClickClickViewthestatusofa Clickon requestthatyouissuedinthepreviousClickBase64 Save toyourlocalSpecify Save UploadaCA- forXMPPBeforeyouLogintotheCiscoUnifiedIMandPresenceOperatingSystemAdministrationuserinterface.Security>/ / Inthe field,specifythenameofthe ClickUpload ClickUploadRestarttheCiscoXMPPFederationConnectionManagerservice.LogintotheCiscoUnifiedIMandPresenceServiceabilityuserinterface.ChooseTools>ControlCenter-NetworkServicestorestartthisNote:Ifyouuploadamulti-server nodesinthecluster.Ifyoumigratefromself-signedtoCA-signeds,theoriginalself-signed spersistintheservicetruststoreoftheIMandPresenceServicenode.Leavingtheoriginalself-signed CiscoUnifiedCommunicationsManager. forXMPPNote:Thissectiondescribeshowtomanuallyuploadthecup-xmpp-s2strust stoIMandPresenceService. ChooseSecurity>ManagementonIMandPresenceService./ / ClickBrowse,andbrowsetothelocationoftherootCA savedtoyoulocalmachine. signedsareuploadedinsteadoftheRootCA. AddressforFederation InformationtoProvidetotheAdministratorofan Turn forFederation,page forFederationtotheaddressofthecontact.persistentchatroomsinamulticlusterIMandPresenceServicedeployment.WhenyouconfigureIMandPresenceServicetousetheaddressforXMPPfederation,IMandPresenceServiceswapstheIMaddressofthelocaluserfortheuser'saddressinallcommunicationswithafederatedcontact.federation,we Directory,IMandPresenceServiceusestheJIDoftheuserforfederation.address,IMandPresenceServicedefaultstousingIMandPresenceServiceJIDoftheuserforfederation.Ifyouturnonaddressforfederation,andafederatedcontactusestheJIDofanIMandPresencevalidaddressisconfiguredfortheuser). AddressforFederationSupportof sthatarebeingusedforfederatedtraffic.Figure AddressforFederationsupportfor IfthelocalIMandPresenceServicedeploymentismanagingmultiple DNSSRVrecordsforeachlocal ForXMPPfederation,thecup-xmpp-s2ssecurity musthavealllocalIMand SubjectAltNames.ConfigurationManuallyaddingandediting sforusewiththe andPresenceServiceautomaticallyreadsallunique sforeachoftheuser'saddressesandusesthatthoseusers,thenyoucanmanuallyaddthose stoIMandPresenceServiceusingtheCiscoUnifiedCMIMandPresenceAdministrationuserinterface.A thatdoesnotcurrentlyhaveanyusersassignedisnotautomaticallylistedasalocal intheuserinterface. windowintheCiscoUnifiedCMIMandPresenceAdministrationuserinterface.ThesearenotconfigurablewiththeuserInformationtoProvidetotheAdministratorofanBeforeyouturnon addressforfederation,youmustalertthesystemadministratoroftheexternal Youareusingaddressforfederation,andthattheusersintheexternal addresswhenaddingafederatedcontacttotheircontactlist.contactsagainspecifyinganaddress.InformationtoProvideIMandPresenceService Whenaddingnewcontactstotheircontactlist,federatedcontactsmustnowusethe PresenceServiceusers,ratherthantheuser_id@.ExistingIMandPresenceServicecontacts(onthefederatedwatcher'scontactlist)thatwereaddedwithaddressconfiguredintheuserstableonIMandPresenceService).intotheagain,thefederatedcontactmaygetapop-upcontainingtheaddress.Note:Whenyouturnonaddressforfederation,aIMandPresenceServiceuserdoesNOTneedtochangePresenceServicenode.Management ctionsandYoucanaddordeleteonlyadministrator- sthatareassociatedwiththelocal Youcannoteditsystem-managedoradministrator sthatareassociatedwithotherItispossibletohavea asystem-managed ForXMPPfederationoverTLS,youmustregeneratetheTLS anIMaddress.AddressforFederationConfiguration Note:Ifyouhaveaninterclusterdeployment,youmustturnonthe nodesinyourdeployment. PresenceServiceabilityuserinterface.ChooseTools>ControlCenter-NetworkServices. Federation>Federateds.TheFindandList swindowappears.AddorYoucanmanuallyaddIMaddressstoyourlocalclusterandupdateexistingIMaddress Youcanenteranameofuptoaumof255charactersandeachmustbeuniqueacrosstheSystem-managedsandlocalsthatareadministrator-managedaredis yedontheFindandListswindow.Thiswindowalsospecifieswhethereachadministrator-managed System-managedscannotbeeditedbecausetheyareinuse.Asystem-managedautomatically yingalladministrator-managedandsystem-Performoneofthefollowing .

swindowChoose toeditfromthelist s. windowEnterthe namein Namefield,andthenclickYoucandeleteadministrator-managedaddress CMIMandPresenceAdministrationuserinterface.System-managedscannotbedeletedbecausetheyareinuse.Asystem-managed Note:Ifyoudeleteanadministrator-managed thatisconfiguredonbothlocalandpeerclusters,theremainsintheadministrator-managed slist;however,that only.Tocompleyremovetheentry,youmustdeletethe fromallclustersonwhichitisconfigured.ss yingalladministrator-managedandsystem-managed

Choosetheadministrator- stodeleteusingoneofthefollowingmethods,andthenDelete ClickSelectAlltoselect sinthelistofadministrator- ServiceabilityConfigurationforCiscoXCPRouter,pageLocationofLogFileforXMPP TurnonLoggingforPerformoneofthefollowingForSIPfederation,choosetheCiscoXCPSIPFederationConnectionManagerservicefromtheServicedrop-downlist,andclickGo.Servicedrop-downlist,andclickGo.DebugforDebugTraceLevel.HowtoRestarttheCiscoXCPCiscoXCPRouteronIMandPresenceService.IfyourestarttheCiscoXCPRouter,IMandPresenceServiceautomaticallyrestartsallactiveXCPservices.CiscoXCPRouter,ratherthanrestartthisservice,IMandPresenceServicestopsallotherXCPservices.otherXCPservices;youneedtomanuallyturnontheotherXCPservices.RestartingtheCiscoXCPNetworkServices.攻城 歸原作者所有本資 試FederationIntegrationVerificationVerifyXMPPFederationConfigurationServiceRelease9.0enterprisedeployment.UsethisprocedureasaguidetoverifytheothertypesofXMPPfederations.LogontotheCiscoJabber orthethird-partyXMPP connectedtotheIMandPresenceServiceRelease9.0server. oftheIMandPresenceService .AccepttheConnect.Checkthattheavailabilitystatechangesforthecontactsoneach.InitiateanIMfrom oftheIMandPresenceServiceusertoaWebExConnectCheckthattheIMwindow