Configuration and Administration of IM and Presence Service on

Cisco Unified Communications Manager, Release 11.5(1)

First Published: 2016-06-08

Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
© 2017 Cisco Systems, Inc. All rights reserved.
 CONTENTS

PART I Deployment Planning 1

CHAPTER 1 IM and Presence Service Features and Functions 3

IM and Presence Service Components 4
Main Components 4
SIP Interface 4
AXL/SOAP Interface 5
LDAP Interface 5
XMPP Interface 6
CTI interface 6
Cisco IM and Presence Data Monitor 6
IM and Presence Service Feature Deployment Options 7
Deployment models 9
High Availability for Single-Node, Multiple-Node, and IM-Only Deployments 9
Presence Redundancy Groups and High Availability 9
Clustering Over WAN 10
User Assignment 10
End User Management 11
Availability and Instant Messaging 11
Chat 11
IM Forking 12
Offline IM 12
Broadcast IM 12
Chat Rooms on IM and Presence Service 12
Chat Room Limits 13
File Transfer 13
Important Notes About IM and Presence Service and Chat 14
IM Compliance 14

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
iii
 Contents

Presence Data Overview 14

Manual Presence 14
System Determined Presence 15
Enterprise Groups 15
LDAP Integrations 16
Third-Party Integrations 17
Third-Party Client Integration 18
Supported Third-Party XMPP Clients 18
License Requirements for Third-Party Clients 18
XMPP Client Integration on Cisco Unified Communications Manager 18
LDAP Integration for XMPP Contact Search 19
DNS Configuration for XMPP Clients 19
IPv6 Support 19
IM Address Schemes and Default Domain 20
IM Address Using UserID@Default_Domain 20
IM Address Using Directory URI 20
IM Address Examples 21
IM Address Integration with Cisco Unified Communications Manager 22
UserID@Default_Domain Integration with Cisco Unified Communications
Manager 22
Directory URI Integration with Cisco Unified Communications Manager 22
Multiple IM Domain Management 23
Security 23
SAML Single Sign-On 23

CHAPTER 2 Multinode Scalability and WAN Deployments 25

Multinode Scalability Feature 25
Multinode Scalability Requirements 25
Scalability Options for Deployment 26
Cluster-Wide DNS SRV 27
Local Failover 27
Presence Redundancy Group Failure Detection 27
Method Event Routing 28
External Database Recommendations 28
Clustering Over WAN for Intracluster and Intercluster Deployments 28

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
iv
 Contents

Intracluster Deployments Over WAN 28

Multinode Configuration for Deployment Over WAN 29
Intercluster Deployments 29
Intercluster Deployments Over WAN 29
Intercluster Peer Relationships 30
Intercluster Router to Router Connections 30
Node Name Value for Intercluster Deployments 30
IM and Presence Default Domain Value for Intercluster Deployments 31
IM Address Scheme for Intercluster Deployments 31
Secure Intercluster Router to Router Connection 31

CHAPTER 3 IM and Presence Service Planning Requirements 33

Multinode Hardware Recommendations 33
Intercluster Hardware Recommendations 34
Supported End Points 34
LDAP Directory Servers Supported 34
WAN Bandwidth Requirements 35
WAN Bandwidth Considerations 35
Multinode Scalability and Performance 36
Multinode Scalability Requirements 36
Multinode Performance Recommendations 36
User License Requirements 36
DNS Domain and Default Domain Requirements 37

CHAPTER 4 Workflows 39
Basic Deployment with High Availability Workflow 39
Basic Deployment with High Availability and IP Phone Presence Workflow 41
Federation Deployment Workflow 44

PART II System Configuration 49

CHAPTER 5 Cisco Unified Communications Manager configuration for integration with IM and Presence
Service 51
User and Device Configuration on Cisco Unified Communications Manager before Integration
Task List 51

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
v
 Contents

Configure Inter-Presence Group Subscription Parameter 53

SIP Trunk Configuration on Cisco Unified Communications Manager 53
Configure SIP Trunk Security Profile for IM and Presence Service 54
Configure SIP Trunk for IM and Presence Service 54
Configure Phone Presence for Unified Communications Manager Outside of
Cluster 56
Configure TLS Peer Subject 56
Configure TLS Context 56
Verify Required Services Are Running on Cisco Unified Communications Manager 57

CHAPTER 6 IM and Presence Service Network Setup 59

Configuration changes and service restart notifications 59
Service Restart Notifications 59
Cisco XCP Router Restart 60
Restart Cisco XCP Router Service 60
DNS Domain Configuration 60
IM and Presence Service Clusters Deployed in Different DNS Domain or
Subdomains 61
IM and Presence Service Nodes Within Cluster Deployed in Different DNS Domains
or Subdomains 62
IM and Presence Service Nodes Within Cluster Deployed in DNS Domain That is
Different Than the Associated Cisco Unified Communications Manager
Cluster 63
Specify DNS Domain Associated with Cisco Unified Communications Manager
Cluster 64
IM and Presence Service Default Domain Configuration 64
IM Address Configuration 65
IM Address Configuration Requirements 65
UserID@Default_Domain IM Address Interactions and Restrictions 66
Directory URI IM Address Interactions and Restrictions 66
Configure IM Address Scheme 67
Configure IM Address Task Flow 68
Stop Services 69
Assign IM Addressing Scheme 70
Restart Services 71

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
vi
 Contents

Domain Management for IM and Presence Service Clusters 72

IM Domain Management Interactions and Restrictions 72
View IM Address Domains 73
Add or Update IM Address Domains 73
Delete IM Address Domains 74
Routing Information Configuration on IM and Presence Service 74
Routing Communication Recommendations 74
Configure MDNS Routing and Cluster ID 75
Configure Routing Communication 75
Configure Cluster ID 77
Configure Throttling Rate for Availability State Change Messages 77
IPv6 Configuration 78
IPv6 Interactions and Restrictions 78
Enable IPv6 on Eth0 for IM and Presence Service 79
Disable IPv6 on Eth0 for IM and Presence Service 80
Enable IPv6 Enterprise Parameter 81
Configure Proxy Server Settings 81
Services on IM and Presence Service 82
Turn On Services for IM and Presence Service 82

CHAPTER 7 IP Phone Presence Setup 83

Static Route Configuration on IM and Presence Service 83
Route Embed Templates 83
Configure Route Embed Templates on IM and Presence Service 84
Configure Static Routes on IM and Presence Service 85
Presence Gateway Configuration on IM and Presence Service 88
Presence Gateway Configuration Option 88
Configure Presence Gateway 88
Configure SIP Publish Trunk on IM and Presence Service 89
Configure Cluster-Wide DNS SRV Name for SIP Publish Trunk 89

CHAPTER 8 LDAP Directory Integration 91

LDAP Server Name, Address, and Profile Configuration 91
LDAP Directory Integration with Cisco Unified Communications Manager Task List 91

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
vii
 Contents

Secure Connection Between Cisco Unified Communications Manager and LDAP

Directory 92
Configure LDAP Synchronization for User Provisioning 93
Upload LDAP Authentication Server Certificates 94
Configure LDAP Authentication 94
Configure Secure Connection Between IM and Presence Service and LDAP
Directory 95
Verify LDAP Directory Connection Using System Troubleshooter 96
LDAP Directory Integration for Contact Searches on XMPP Clients 96
LDAP Account Lock Issue 97
Configure LDAP Server Names and Addresses for XMPP Clients 97
Configure LDAP Search Settings for XMPP Clients 99
Turn On Cisco XCP Directory Service 101

CHAPTER 9 Security Configuration on IM and Presence Service 103

Security Setup Task List 103
Create Login Banner 105
Enhanced TLS Encryption on IM and Presence Service 105
RSA Security Certificate Support for Increased Key Lengths 107
Multi-Server Certificate Overview 107
IM and Presence Service Certificate Types 107
Certificate Exchange Configuration Between IM and Presence Service and Cisco Unified
Communications Manager 110
Prerequisites for Configuring Security 110
Import Cisco Unified Communications Manager Certificate to IM and Presence
Service 110
Restart SIP Proxy Service 111
Download Certificate from IM and Presence Service 111
Upload IM and Presence Service Certificate to Cisco Unified Communications
Manager 112
Restart Cisco Unified Communications Manager Service 112
Multi-Server CA Signed Certificate Upload to IM and Presence Service 112
Single-Server CA Signed Certificate Upload to IM and Presence Service 113
CA-Signed Tomcat Certificate Task List 113

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
viii
 Contents

Upload Root Certificate and Intermediate Certificate of the Signing Certificate

Authority 114
Restart Cisco Intercluster Sync Agent Service 114
Verify CA Certificates Have Synchronized to Other Clusters 115
Upload Signed Certificate to Each IM and Presence Service Node 116
Restart Cisco Tomcat Service 116
Verify Intercluster Syncing 117
CA-Signed cup-xmpp Certificate Upload 117
Upload Root Certificate and Intermediate Certificate of the Signing Certificate
Authority 118
Restart Cisco Intercluster Sync Agent Service 118
Verify CA Certificates Have Synchronized to Other Clusters 119
Upload Signed Certificate to Each IM and Presence Service Node 120
Restart Cisco XCP Router Service On All Nodes 120
CA-Signed cup-xmpp-s2s Certificate Upload 121
Upload Root Certificate and Intermediate Certificate of Signing Certificate
Authority 121
Verify CA Certificates Have Synchronized to Other Clusters 122
Upload Signed Certificate to Federation Nodes 122
Restart Cisco XCP XMPP Federation Connection Manager Service 123
Delete Self-Signed Trust Certificates 124
Delete Self-Signed Trust Certificates from IM and Presence Service 124
Delete Self-Signed Tomcat-Trust Certificates from Cisco Unified Communications
Manager 125
SIP Security Settings Configuration on IM and Presence Service 126
Configure TLS Peer Subject 126
Configure TLS Context 126
Configure TLS Cipher Mapping 127
XMPP Security Settings Configuration on IM and Presence Service 128
XMPP Security Modes 128
Configure Secure Connection Between IM and Presence Service and XMPP Clients 129
Turn On IM and Presence Service Services to Support XMPP Clients 130
Enable Wildcards in XMPP Federation Security Certificates 130

CHAPTER 10 Intercluster Peer Configuration 133

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
ix
 Contents

Prerequisites for Intercluster Deployment 133

Intercluster Peer Configuration 134
Configure Intercluster Peer 134
Turn On Intercluster Sync Agent 135
Verify Intercluster Peer Status 136
Update Intercluster Sync Agent Tomcat Trust Certificates 137

PART III Feature Configuration 139

CHAPTER 11 Availability and Instant Messaging on IM and Presence Service Configuration 141
Availability Setup on IM and Presence Service 141
Turn On or Off Availability Sharing for IM and Presence Service Cluster 141
Configure Ad-Hoc Presence Subscription Settings 142
Configure Maximum Contact List Size Per User 142
Configure Maximum Number of Watchers Per User 143
IM Setup On IM and Presence Service 144
Turn On or Off Instant Messaging for IM and Presence Service Cluster 144
Turn On or Off Offline Instant Messaging 145
Allow Clients to Log Instant Message History 145
Allow Cut and Paste in Instant Messages 146

CHAPTER 12 Managed File Transfer 147

Managed File Transfer 147
Supported Software 147
File Transfer Flow 148
Important Notes 149
External Database 149
Important Notes 150
External Database Disk Usage 151
External File Server 151
External File Server Requirements 151
User Authentication 152
Public and Private Keys 153
File Server Directories 153
File Server Management 154

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
x
 Contents

Managed File Transfer Service Parameters 155

Cisco XCP File Transfer Manager RTMT Alarms and Counters 156
Configure XCP File Transfer Manager Alarms 157
Managed File Transfer Workflow 158
Configure an External Database Instance on IM and Presence Service 158
Set Up an External File Server 160
Prerequisites 160
Set Up a User 161
Set Up Directories 162
Obtain the Public Key 163
Configure an External File Server Instance on IM and Presence Service 163
File Server Troubleshooting Tests 165
Enable Managed File Transfer on IM and Presence Service 166
Troubleshooting Managed File Transfer 168
Cisco Jabber Client Interoperability 169
Single Node - Managed File Transfer 169
Single Node - Managed and Peer-to-Peer File Transfer 170
Single Cluster - Mixed Nodes 171
Multiple Cluster - Mixed Nodes 173
Group Chat 174
Mobile and Remote Access for Jabber Clients 175

CHAPTER 13 High Availability for Persistent Chat on IM and Presence Service 177
High Availability for Persistent Chat Overview 177
High Availability for Persistent Chat Flows 178
High Availability for Persistent Chat Failover Flow 179
High Availability for Persistent Chat Fallback Flow 180
Enable and Verify High Availability for Persistent Chat 180
External Database for Persistent Chat High Availability 181
Merge External Database Tables 182
External Database Merge Tool 183

CHAPTER 14 Multiple Device Messaging 185

Multiple Device Messaging Overview 185
Multiple Device Messaging Flow 186

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
xi
 Contents

Multiple Device Messaging Quiet Mode Flow 186

Enable Multiple Device Messaging 187
Counters for Multiple Device Messaging 187

PART IV Administration 189

CHAPTER 15 Chat Setup and Management 191

Chat Deployments 191
Chat Deployment Scenario 1 191
Chat Deployment Scenario 2 192
Chat Deployment Scenario 3 192
Chat Deployment Scenario 4 193
Chat Administration Settings 193
Change IM Gateway Settings 193
Limit Number Of Sign-In Sessions 194
Configure Persistent Chat Room Settings 195
Enable Persistent Chat 196
Configure Group Chat System Administration 198
Group Chat and Persistent Chat Default Settings Configuration and Reversion 199
Chat Node Alias Management 199
Chat Node Aliases 199
Key Considerations 200
Turn On or Off System-Generated Chat Node Aliases 200
Manage Chat Node Aliases Manually 201
Turn on Cisco XCP Text Conference Manager 203
Chat Room Management 203
Set Number of Chat Rooms 203
Configure Member Settings 204
Configure Availability Settings 204
Configure Invite Settings 205
Configure Occupancy Settings 206
Configure Chat Message Settings 206
Configure Moderated Room Settings 207
Configure History Settings 207
Group Chat and Persistent Chat Restrictions 208

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
xii
 Contents

CHAPTER 16 End User Setup and Handling 209

End User Setup and Handling on IM and Presence Service 209
Authorization Policy Setup On IM and Presence Service 209
Automatic Authorization On IM and Presence Service 209
User Policy and Automatic Authorization 210
Configure Authorization Policy on IM and Presence Service 211
Bulk Rename User Contact IDs 212
Bulk Export User Contact Lists 213
Bulk Export Non-Presence Contact Lists 214
Bulk Import Of User Contact Lists 216
Check Maximum Contact List Size 218
Upload Input File Using BAT 218
Create New Bulk Administration Job 219
Check Results of Bulk Administration Job 219
Bulk Import of User Non-Presence Contact Lists 220
Upload Non-Presence Contacts Input File using BAT 221
Create New Bulk Administration Job for Non-presence Contact Lists 222
Duplicate User ID and Directory URI Management 222
User ID and Directory URI Monitoring 223
User ID and Directory URI Error Conditions 224
User ID and Directory URI Validation and Modification 224
User ID and Directory URI CLI Validation Examples 225
Set User Check Interval 225
Validate User IDs and Directory URIs Using System Troubleshooter 226

CHAPTER 17 User Migration 229

User Migration Between IM and Presence Service Clusters 229
Unassign Users From Current Cluster 230
Export User Contact Lists 230
Disable Users for IM and Presence Service 231
Move Users to New Cluster 231
LDAP Sync Enabled on Cisco Unified Communications Manager 232
Move Users To New Organizational Unit 232
Synchronize Users To New Home Cluster 232

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
xiii
 Contents

LDAP Sync Not Enabled On Cisco Unified Communications Manager 232

Enable Users For IM and Presence Service On New Cluster 233
Import Contact Lists On Home Cluster 233

CHAPTER 18 Multilingual Support Configuration For IM and Presence Service 235

Locale Installation 235
Locale Installation Considerations 236
Locale Files 236
Install Locale Installer on IM and Presence Service 237
Error Messages 238
Localized Applications 240

PART V Troubleshooting IM and Presence Service 243

CHAPTER 19 Troubleshooting High Availability 245

View Presence Redundancy Group Node Status 245
Node State Definitions 246
Node States, Causes, and Recommended Actions 247

CHAPTER 20 Troubleshooting UserID and Directory URI Errors 253

Received Duplicate UserID Error 253
Received Duplicate or Invalid Directory URI Error 254

CHAPTER 21 Traces Used To Troubleshoot IM and Presence Service 257

Troubleshooting IM and Presence Service Using Trace 257
Common Traces and Log File Locations for IM and Presence Service Nodes 258
IM and Presence Service Login and Authentication Traces 259
Availability, IM, Contact List, and Group Chat Traces 259
Availability and IM Traces for Partitioned Intradomain Federation MOC Contact Issues 261
Availability and IM Traces for XMPP-Based Interdomain Federation Contact Issues 261
Availability and IM Traces for SIP-Based Interdomain Federation Contact Issues 262
Calendaring Traces 263
Intercluster Synchronization Traces and Inter-Clustering Troubleshooter 263
SIP Federation Traces 264
XMPP Federation Traces 264

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
xiv
 Contents

High CPU and Low VM Alert Troubleshooting 264

APPENDIX A High Availability Client Login Profiles 267

High Availability Login Profiles 267
Important Notes About High Availability Login Profiles 267
Use High Availability Login Profile Tables 268
Example High Availability Login Configurations 269
500 Users Full UC (1vCPU 700MHz 2GB) Active/Active Profile 269
500 Users Full UC (1vCPU 700MHz 2GB) Active/Standby Profile 270
1000 Users Full UC (1vCPU 1500MHz 2GB) Active/Active Profile 270
1000 Users Full UC (1vCPU 1500MHz 2GB) Active/Standby Profile 270
2000 Users Full UC (1vCPU 1500Mhz 4GB) Active/Active Profile 271
2000 Users Full UC (1vCPU 1500Mhz 4GB) Active/Standby Profile 271
5000 Users Full UC (4 GB 2vCPU) Active/Active Profile 272
5000 Users Full UC (4 GB 2vCPU) Active/Standby Profile 272
15000 Users Full UC (4 vCPU 8GB) Active/Active Profile 273
15000 Users Full UC (4 vCPU 8GB) Active/Standby Profile 274
25000 Users Full UC (6 vCPU 16GB) Active/Active Profile 275
25000 Users Full UC (6 vCPU 16GB) Active/Standby Profile 276

APPENDIX B XMPP Standards Compliance 279

XMPP Standards Compliance 279

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
xv
 Contents

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
xvi
PART I
Deployment Planning
• IM and Presence Service Features and Functions, page 3
• Multinode Scalability and WAN Deployments, page 25
• IM and Presence Service Planning Requirements, page 33
• Workflows, page 39
 CHAPTER 1
IM and Presence Service Features and Functions
• IM and Presence Service Components, page 4
• IM and Presence Service Feature Deployment Options, page 7
• Deployment models, page 9
• User Assignment, page 10
• End User Management, page 11
• Availability and Instant Messaging, page 11
• Enterprise Groups, page 15
• LDAP Integrations, page 16
• Third-Party Integrations, page 17
• Third-Party Client Integration, page 18
• IM Address Schemes and Default Domain, page 20
• Security, page 23
• SAML Single Sign-On, page 23

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
3
 IM and Presence Service Components

IM and Presence Service Components

Main Components
The following figure provides an overview of an IM and Presence Service deployment, including the main
components and interfaces between Cisco Unified Communications Manager and IM and Presence Service.

Figure 1: IM and Presence Service Basic Deployment

SIP Interface
A SIP connection handles the presence information exchange between Cisco Unified Communications Manager
and Cisco Unified Presence. To enable the SIP connection on Cisco Unified Communications Manager, you
must configure a SIP trunk pointing to the Cisco Unified Presence server.
On Cisco Unified Presence, configuring Cisco Unified Communications Manager as a Presence Gateway will
allow Cisco Unified Presence to send SIP subscribe messages to Cisco Unified Communications Manager
over the SIP trunk.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
4
 IM and Presence Service Components

Note Cisco Unified Presence does not support clients (Cisco clients or third party) connecting to Cisco Unified
Presence using SIP/SIMPLE interface over TLS. Only a SIP connection over TCP is supported.

Related Topics
SIP Trunk Configuration on Cisco Unified Communications Manager, on page 53
Presence Gateway Configuration Option, on page 88

AXL/SOAP Interface
The AXL/SOAP interface handles the database synchronization from Cisco Unified Communications Manager
and populates the IM and Presence Service database. To activate the database synchronization, you must start
the Sync Agent service on IM and Presence Service.
By default the Sync Agent load balances all users equally across all nodes within the IM and Presence Service
cluster. You also have the option to manually assign users to a particular node in the cluster.
For guidelines on the recommended synchronization intervals when executing a database synchronization
with Cisco Unified Communications Manager, for single and dual-node IM and Presence Service, see the IM
and Presence Service SRND document.

Note The AXL interface is not supported for application developer interactions.

Related Topics
http://www.cisco.com/go/designzone

LDAP Interface
Cisco Unified Communications Manager obtains all user information via manual configuration or
synchronization directly over LDAP. The IM and Presence Service then synchronizes all this user information
from Cisco Unified Communications Manager (using the AXL/SOAP interface).
IM and Presence Service provides LDAP authentication for users of the Cisco Jabber client and IM and
Presence Service user interface. If a Cisco Jabber user logs into IM and Presence Service, and LDAP
authentication is enabled on Cisco Unified Communications Manager, IM and Presence Service goes directly
to the LDAP directory for user authentication. When the user is authenticated, IM and Presence Service
forwards this information to Cisco Jabber to continue the user login.

Related Topics
LDAP Directory Integration, on page 91
LDAP Server Name, Address, and Profile Configuration, on page 91
Secure Connection Between Cisco Unified Communications Manager and LDAP Directory, on page 92
Configure LDAP Server Names and Addresses for XMPP Clients, on page 97

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
5
 IM and Presence Service Components

XMPP Interface
An XMPP connection handles the presence information exchange and instant messaging operations for
XMPP-based clients. The IM and Presence Service supports ad hoc and persistent chat rooms for XMPP-based
clients. An IM Gateway supports the IM interoperability between SIP-based and XMPP-based clients in an
IM and Presence Service deployment.

Related Topics
Configure Secure Connection Between IM and Presence Service and XMPP Clients, on page 129

CTI interface
The CTI (Computer Telephony Integration) interface handles all the CTI communication for users on the IM
and Presence node to control phones on Cisco Unified Communications Manager. The CTI functionality
allows users of the Cisco Jabber client to run the application in desk phone control mode.
The CTI functionality is also used for the IM and Presence Service remote call control feature on the Microsoft
Office Communicator client. For information about configuring the remote call control feature, see the
Microsoft Office Communicator Call Control with Microsoft OCS for IM and Presence Service on Cisco
Unified Communications Manager.
To configure CTI functionality for IM and Presence Service users on Cisco Unified Communications Manager,
users must be associated with a CTI-enabled group, and the primary extension assigned to that user must be
enabled for CTI.
To configure Cisco Jabber desk phone control, you must configure a CTI server and profile, and assign any
users that wish to use the application in desk phone mode to that profile. However, note that all CTI
communication occurs directly between Cisco Unified Communications Manager and Cisco Jabber, and not
through the IM and Presence Service node.

Cisco IM and Presence Data Monitor

The Cisco IM and Presence Data Monitor monitors IDS replication state on the IM and Presence Service.
Other IM and Presence services are dependent on the Cisco IM and Presence Data Monitor. These dependent
services use the Cisco service to delay startup until such time as IDS replication is in a stable state.
The Cisco IM and Presence Data Monitor also checks the status of the Cisco Sync Agent sync from Cisco
Unified Communications Manager. Dependent services are only allowed to start after IDS replication has set
up and the Sync Agent on the IM and Presence database publisher node has completed its sync from Cisco
Unified Communications Manager. After the timeout has been reached, the Cisco IM and Presence Data
Monitor on the Publisher node will allow dependent services to start even if IDS replication and the Sync
Agent have not completed.
On the subscriber nodes, the Cisco IM and Presence Data Monitor delays the startup of feature services until
IDS replication is successfully established. The Cisco IM and Presence Data Monitor only delays the startup
of feature services on the problem subscriber node in a cluster, it will not delay the startup of feature services
on all subscriber nodes due to one problem node. For example, if IDS replication is successfully established
on node1 and node2, but not on node3, the Cisco IM and Presence Data Monitor allows feature services to
start on node1 and node2, but delays feature service startup on node3.
The Cisco IM and Presence Data Monitor behaves differently on the IM and Presence database publisher
node. It only delays the startup of feature services until a timeout expires. When the timeout expires, it allows
all feature services to start on the publisher node even if IDS replication is not successfully established.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
6
 IM and Presence Service Feature Deployment Options

The Cisco IM and Presence Data Monitor generates an alarm when it delays feature service startup on a node.
It then generates a notification when IDS replication is successfully established on that node.
The Cisco IM and Presence Data Monitor impacts both a fresh multinode installation, and a software upgrade
procedure. Both will only complete when the publisher node and subscriber nodes are running the same IM
and Presence release, and IDS replication is successfully established on the subscriber nodes.
To check the status of the IDS replication on a node either:
• Use this CLI command:
utils dbreplication runtimestate
• Use the Cisco Unified IM and Presence Reporting Tool. The “IM and Presence Database Status” report
displays a detailed status of the cluster.

To check the status of the Cisco Sync Agent, navigate to the Cisco Unified CM IM and Presence Administration
interface and select Diagnostics > System Dashboard. You will find the CUCM Publisher IP address as well
as the Sync Status.

IM and Presence Service Feature Deployment Options

Basic IM, availability, and ad hoc group chat are among the core features that are available after you install
IM and Presence Service and configure your users in a basic deployment.
You can add optional features to enhance a basic deployment. The following figure shows the IM and Presence
Service feature deployment options.

Figure 2: IM and Presence Service Feature Deployment Options

The following table lists the feature deployment options for IM and Presence Service.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
7
 IM and Presence Service Feature Deployment Options

Table 1: IM and Presence Service Feature Deployment Options

Core IM and Advanced IM Features Rich Unified Remote Desk Phone

Availability Features (optional) Communications Control (optional)
Availability features
(optional)
View user availability Persistent chat Cisco telephony Remote Cisco IP Phone
availability control
Securely send and Managed File Transfer
receive rich text IMs Microsoft Exchange Microsoft Remote Call
Message Archiver
server integration Control integration
File transfers Calendaring
Ad hoc group chat Third-party XMPP client
Manage contacts support
User history High availability
Cisco Jabber support Scalability: multinode support
and clustering over WAN
Multiple client device
support: Microsoft Interclustering peering
windows, MAC, Enterprise federation (B2B):
Mobile, tablet, IOS,
Android, BB • Cisco Unified Presence
integration
Microsoft Office
integration • Cisco WebEx integration
LDAP directory • Microsoft Lync/OCS
integration server integration
Personal directory and (interdomain and
buddy lists partitioned intradomain
federation)
Open APIs
• IBM SameTime
System troubleshooting
integration
• Cisco Jabber XCP

Public federations (B2C):

• Google Talk, AOL
integration
• XMMP services or
BOTs
• Third-party Exchange
Service integration

IM Compliance
Single Sign On
Custom login banner

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
8
 Deployment models

Deployment models

High Availability for Single-Node, Multiple-Node, and IM-Only Deployments

IM and Presence Service supports single-node, multiple-node.
In a single-node deployment within a cluster, there is no High Availability failover protection for users assigned
to the node. In a multiple-node deployment using presence redundancy groups, you can enable High Availability
for the group so that users have failover protection.
Cisco recommends that you configure your IM and Presence Service deployments as High Availability
deployments. Although you are permitted to have both High Availability and non-High Availability presence
redundancy groups configured in a single deployment, this configuration is not recommended. You must
manually turn on High Availability for a presence redundancy group using the Cisco Unified CM Administration
interface. For more information about how to configure High Availability, see the Cisco Unified
Communications Manager Administration Guide.
All IM and Presence Service nodes must belong to a presence redundancy group, which can consist of a single
IM and Presence Service node or a pair of IM and Presence Service nodes. A pair of nodes is required for
High Availability. Each node has an independent database and set of users operating with a shared availability
database that is able to support common users.
You can achieve High Availability using two different setups: balanced and active/standby. You can set up
the nodes in a presence redundancy group to work together in Balanced Mode, which provides redundant
High Availability with automatic user load balancing and user failover in case one of the nodes fails because
of component failure or power outage. In an active/standby setup, the standby node automatically takes over
for the active node if the active node fails.
See the following guides for more information and instructions to set up presence redundancy groups, High
Availability modes, and user assignments:
• Cisco Unified Communications Manager Administration Guide
• Cisco Unified Communications Manager Bulk Administration Guide
• Cisco Unified Communications Manager Features and Services Guide
• Cisco Unified Communications Manager Installation Guide
• Cisco Unified Communications Manager System Guide

Presence Redundancy Groups and High Availability

A presence redundancy group is comprised of two IM and Presence Service nodes from the same cluster and
provides both redundancy and recovery for IM and Presence Service clients and applications. Use Cisco
Unified CM Administration to assign nodes to a presence redundancy group and to enable high availability.
• Failover - Occurs in a presence redundancy group when one or more critical services fails on an IM and
Presence Service node in the group or a node in the group fails. Clients automatically connect to the
other IM and Presence Service node in that group.
• Fallback - Occurs when a fallback command is issued from the Command Line Interface (CLI) or Cisco
Unified Communications Manager during either of these conditions:

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
9
 User Assignment

◦The failed IM and Presence Service node comes back into service and all critical services are
running. The failed over clients in that group reconnect with the recovered node when it becomes
available.
◦The backup activated IM and Presence Service node fails due to a critical service failure, and the
peer node is in the Failed Over state and supports the automatic recovery fallback.

Automatic FallbackIM and Presence Service supports automatic fallback to the primary node after a failover.
Automatic fallback is the process of moving users back to the primary node after a failover without manual
intervention. You can enable automatic fallback with the Enable Automatic Fallback service parameter on
the Cisco Unified CM IM and Presence Administration interface. Automatic fallback occurs in the following
scenarios:
• A critical service on Node A fails—A critical service (for example, the Presence Engine) fails on Node
A. Automatic failover occurs and all users are moved to Node B. Node A is in a state called “Failed
Over with Critical Services Not Running”. When the critical service recovers, the node state changes to
"Failed Over." When this occurs Node B tracks the health of Node A for 30 minutes. If no heartbeat is
missed in this timeframe and the state of each node remains unchanged, automatic fallback occurs.
• Node A is rebooted—Automatic failover occurs and all users are moved to Node B. When Node A
returns to a healthy state and remains in that state for 30 minutes automatic fallback will occur.
• Node A loses communications with Node B—Automatic failover occurs and all users are moved to
Node B. When communications are re-established and remain unchanged for 30 minutes automatic
fallback will occur.

If failover occurs for a reason other than one of the three scenarios listed here, you must recover the node
manually. If you do not want to wait 30 minutes before the automatic fallback, you can perform a manual
fallback to the primary node. For example: Using presence redundancy groups, Cisco Jabber clients will fail
over to a backup IM and Presence Service node if the services or hardware fail on the local IM and Presence
Service node. When the failed node comes online again, the clients automatically reconnect to the local IM
and Presence Service node. When the failed node comes online, a manual fallback operation is required unless
the automatic fallback option is set.
You can manually initiate a node failover, fallback, and recovery of IM and Presence Service nodes in the
presence redundancy group. A manual fallback operation is required unless the automatic fallback option is
set.
For instructions to set up presence redundancy groups and high availability, see Cisco Unified Communications
Manager Administration Guide.

Clustering Over WAN

The IM and Presence Service supports Clustering over WAN deployments.

Related Topics
Clustering Over WAN for Intracluster and Intercluster Deployments, on page 28

User Assignment
To allow users to receive availability and Instant Messaging (IM) services on IM and Presence Service, you
must assign users to nodes, and presence redundancy groups, in your IM and Presence Service deployment.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
10
 End User Management

You can manually or automatically assign users in a IM and Presence deployment. You manage user assignment
using the User Assignment Mode for Presence Server Enterprise Parameter setting. This parameter specifies
the mode in which the sync agent distributes users to the nodes in the cluster.
Balanced mode (default) assigns users equally to each node in the presence redundancy group and attempts
to balance the total number of users equally across each node. The default mode is Balanced.
Active-Standby mode assigns all users to the first node of the presence redundancy group, leaving the
secondary node as a backup.
None mode results in no assignment of the users to the nodes in the cluster by the sync agent.
If you choose manual user assignment, you must manually assign your users to nodes and presence redundancy
groups, using Cisco Unified Communications Manager Administration. See the Cisco Unified Communications
Manager Administration Guide for more information.

End User Management

You can use the IM and Presence Service GUI to perform the following end user management tasks:
• Check for duplicate and invalid end user instances across your deployment.
• Export contact lists.
• Import contact lists on the home cluster.

For instructions to migrate IM and Presence Service users, see topics related to user migration between clusters,
user management, and administration.
For information about assigning users to IM and Presence Service nodes and to set up end users for IM and
Presence Service, see the following guides:
• Cisco Unified Communications Manager Administration Guide
• Cisco Unified Communications Manager Bulk Administration Guide
• Installing Cisco Unified Communications Manager

Availability and Instant Messaging

Chat
Point-to-point Instant Messaging (IM) supports real-time conversations between two users at a time. IM and
Presence Service exchanges messages directly between users, from the sender to the recipient. Users must be
online in their IM clients to exchange point-to-point IMs.
You can disable both the chat and availability functionality on IM and Presence Service.

Related Topics
Turn On or Off Instant Messaging for IM and Presence Service Cluster, on page 144
Turn On or Off Availability Sharing for IM and Presence Service Cluster, on page 141

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
11
 Availability and Instant Messaging

IM Forking
When a user sends an IM to a contact who is signed in to multiple IM clients. IM and Presence Service delivers
the IM to each client. This functionality is called IM forking. IM and Presence Service continues to fork IMs
to each client, until the contact replies. Once the contact replies, IM and Presence Service only delivers IMs
to the client on which the contact replied.
You can disable offline instant messaging on IM and Presence Service.

Related Topics
Turn On or Off Offline Instant Messaging, on page 145

Offline IM
Offline IM is the ability to send IMs to a contact when they are offline. When a user sends an IM to an offline
contact, IM and Presence Service stores the IM and delivers the IM when the offline contact signs in to an
IM client.

Broadcast IM
Broadcast IM is the ability to send an IM to multiple contacts at the same time, for example, a user wants to
send a notification to a large group of contacts. Note that not all IM clients support this feature.

Chat Rooms on IM and Presence Service

IM and Presence Service supports IM exchange in both ad hoc chat rooms and persistent chat rooms. By
default, the Text Conference (TC) component on IM and Presence Service is set up and configured to handle
IM exchange in ad hoc chat rooms. There are additional requirements you must configure to support persistent
chat rooms, described further in this module.
Ad hoc chat rooms are IM sessions that remain in existence only as long as one person is still connected to
the chat room, and are deleted from the system when the last user leaves the room. Records of the IM
conversation are not maintained permanently. Ad hoc chat rooms are by default public rooms. A user can join
by being invited by a room owner or administrator. A user can search for ad hoc chat rooms on a third-party
client, but can only discover ad hoc chat rooms for which they are the owner or an administrator.
Persistent chat rooms are group chat sessions that remain in existence even when all users have left the room
and do not terminate like ad hoc group chat sessions. The intent is that users will return to persistent chat
rooms over time to collaborate and share knowledge of a specific topic, search through archives of what was
said on that topic (if this feature is enabled on IM and Presence Service), and then participate in the discussion
of that topic in real-time. Administrators can also restrict access to persistent chat rooms so that only members
of that room have access. See Configure Member Settings, on page 204 and IM and Presence Service Ad Hoc
Group Chat Rooms Privacy Policy in the Important Notes section of the Release Notes for Cisco Unified
Communications Manager and IM and Presence Service, Release 11.0(1).
The TC component on IM and Presence Service enables users to:
• create new rooms, and manage members and configurations of the rooms they create.
• invite other users to rooms.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
12
 Availability and Instant Messaging

• determine the presence status of the members displayed within the room. The presence status displayed
in a room confirms the attendance of the member in a room but may not reflect their overall presence
status.

In addition, the Persistent Chat feature on IM and Presence Service allows users to:
• search for and join existing chat rooms.
• store a transcript of the chat and make the message history available for searching.

Note For users searching for chat rooms across intercluster connections, search results discover ad hoc chat
rooms from clusters older than Release 11.5(1) SU2, but not from clusters for this release or greater. Ad
hoc chat rooms on Release 11.5(1) SU2 clusters or greater can only be discovered by the owner or
administrator of those chat rooms.

Chat Room Limits

The following table lists the chat room limits for IM and Presence Service.

Table 2: Chat Room Limits for IM and Presence Service

Number Of... Maximum

Persistent chat rooms per node 1500 rooms

Total rooms per node (ad hoc and persistent) 16500 rooms

Occupants per room 1000 occupants

Messages retrieved from the archive 100 messages

This is the max number of messages that are returned when a user queries the
room history.

Messages in chat history displayed by default 15 messages

This is the number of messages that are displayed when a user joins a chat room.

File Transfer
IM and Presence Service supports peer-to-peer and managed file transfers between XMPP clients compliant
with XEP-0096 (http://xmpp.org/extensions/xep-0096.html).

Related Topics
Enable File Transfer

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
13
 Availability and Instant Messaging

Important Notes About IM and Presence Service and Chat

For SIP to SIP IM, the following services must be running on IM and Presence Service:
• Cisco SIP Proxy
• Cisco Presence Engine
• Cisco XCP Router

For SIP to XMPP IM, the following services must be running on IM and Presence Service:
• Cisco SIP Proxy
• Cisco Presence Engine
• Cisco XCP Router
• Cisco XCP Text Conference Manager

IM Compliance
For information about configuring Instant Message (IM) compliance on the IM and Presence Service, refer
to the following documents:
• Instant Messaging Compliance Guide for IM and Presence Service on Cisco Unified Communications
Manager:
http://www.cisco.com/c/en/us/support/unified-communications/
unified-communications-manager-callmanager/products-installation-and-configuration-guides-list.html
• Database Setup Guide for IM and Presence Service on Cisco Unified Communications Manager:
http://www.cisco.com/c/en/us/support/unified-communications/
unified-communications-manager-callmanager/products-installation-and-configuration-guides-list.html

Presence Data Overview

IM and Presence Service recomposes a user's rich presence each time a presence update occurs. Theare are
two main categories of presence update:
• System Determined Presence
• Manual Presence

Manual Presence
Manual Presence is explicitly set by a user. This usually overrides system-determined presence. Manual
Presence settings include:
• A user setting Do Not Disturb on their IM Client
• A user setting Away on their IM Client

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
14
 Enterprise Groups

• A user setting Available on their IM client to override a system-determined status such as phone/calendar
presence.
• A user setting any of the above from a third party application

A user can only have a single Manual Presence status. This is cleared when either:
• The user explicitly clears it (or replaces it with a new manual status).
• The user's client clears in on sign-out.
• The IM and Presence server clears in when the user is signed out of all IM devices.

System Determined Presence

System Determined Presence is automatically published by a presence source based on some interaction
between the user and the system:
• Making a phone call
• Joining a meeting
• Signing into or out of an IM device
• An IM device going idle after a period of inactivity
• Setting a phone to Do Not Disturb

There are four categories of System Determined Presence:

• IM Device Status
A specific status of an individual IM device belonging to a user. If a user has multiple IM devices, IM
and Presence Service will compose an overall user status that best represents a user's status across all
such devices.
• Calendar Status
A specific status representing a user's free/busy status on their calendar. IM and Presence Service will
incorporate such calendar status an overall user status.
• Phone Status
This represents the user's phone activity (On-hook/off-hook). There are individual inputs for each user's
Line Appearance. IM and Presence Service will incorporate.
• Third Party Application Status
This can push presence updates into IM and Presence Service through open Interfaces such as SIP,
XMPP, BOSH or the Presence Web Service. These presence statuses are incorporated into an overall
composed user status.

Enterprise Groups
With Cisco Unified Communications Manager Release 11.0, Cisco Jabber users can search for groups in
Microsoft Active Directory and add them to their contact lists. If a group that is already added to the contact

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
15
 LDAP Integrations

list is updated, the contact list gets automatically updated. Cisco Unified Communications Manager synchronizes
its database with Microsoft Active Directory groups at specified intervals.
When a Cisco Jabber user adds a group to their contact list, IM and Presence Service provides the following
information for each group member:
• display name
• user ID
• title
• phone number
• mail ID

Only the group members that are assigned to IM and Presence Service nodes can be added to the contact list.
Other group members are discarded.

Note Currently, the enterprise groups feature is supported only on Microsoft Active Directory server. It is not
supported on other corporate directories.

The enterprise groups feature is enabled system-wide with the Cisco Unified Communications Manager
Directory Group Operations on Cisco IM and Presence enterprise parameter. For more information about
enterprise groups, see the Feature Configuration Guide for Cisco Unified Communications Manager.

LDAP Integrations
You can configure a corporate LDAP directory in this integration to satisfy a number of different requirements:
• User provisioning: You can provision users automatically from the LDAP directory into the Cisco
Unified Communications Manager database. Cisco Unified Communications Manager synchronizes
with the LDAP directory content so you avoid having to add, remove, or modify user information
manually each time a change occurs in the LDAP directory.
• User authentication: You can authenticate users using the LDAP directory credentials. IM and Presence
Service synchronizes all the user information from Cisco Unified Communications Manager to provide
authentication for users of the Cisco Jabber client and IM and Presence Service user interface.

Cisco recommends integration of Cisco Unified Communications Manager and Directory server for user
synchronization and authentication purposes.

Note When Cisco Unified Communications Manager is not integrated with LDAP, you must verify that the
username is exactly the same in Active Directory and Cisco Unified Communications Manager before
deploying IM and Presence Service.

Related Topics
LDAP Directory Integration with Cisco Unified Communications Manager Task List, on page 91

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
16
 Third-Party Integrations

Third-Party Integrations
For third-party integrations, see the document references in the following table.

Guide Title This Guide Contains ...

Microsoft Exchange for IM and Presence
Service on Cisco Unified Communications • Integrating with Microsoft Exchange 2007, 2010, and
2013
Manager
• Configuring Microsoft Active Directory for this
integration

Microsoft Office Communicator Call Control

with Microsoft OCS for IM and Presence • Configuring IM and Presence Service as a CSTA
gateway for remote call control from the Microsoft
Service on Cisco Unified Communications
Office Communicator client
Manager
• Configuring Microsoft Active Directory for this
integration
• Load-balancing MOC requests in a dual node IM and
Presence Service deployment over TCP
• Load-balancing MOC requests in a dual node IM and
Presence Service deployment over TLS

Interdomain Federation for IM and Presence

Service on Cisco Unified Communications • Configuring IM and Presence Service for interdomain
federation over the SIP protocol with Microsoft OCS
Manager
and AOL, and over the XMPP protocol with IBM
Sametime, Googletalk, Webex Connect, and another
IM and Presence Service Release 9.x enterprise.

Partitioned Intradomain Federation for IM and

Presence Service on Cisco Unified • Configuring IM and Presence Service for Partitioned
Intradomain Federation
Communications Manager
• Configuring Microsoft OCS for Partitioned Intradomain
Federation
• Configuring Microsoft LCS for Partitioned Intradomain
Federation
• User Migration

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
17
 Third-Party Client Integration

Guide Title This Guide Contains ...

Remote Call Control with Microsoft Lync
Server for IM and Presence Service on Cisco • Configuring Cisco Unified Communications Manager
and IM and Presence Service for integration with
Unified Communications Manager
Microsoft Lync
• Configuring Microsoft Active Directory
• Configuring normalization rules
• Configuring security between IM and Presence Service
and Microsoft Lync

Third-Party Client Integration

Supported Third-Party XMPP Clients

IM and Presence Service supports standards-based XMPP to enable third-party XMPP client applications to
integrate with IM and Presence Service for availability and instant messaging (IM) services. Third-party
XMPP clients must comply with the XMPP standard as outlined in the Cisco Software Development Kit
(SDK).
This module describes the configuration requirements for integrating XMPP clients with IM and Presence
Service. If you are integrating XMPP-based API (web) client applications with IM and Presence Service, also
see developer documentation for IM and Presence Service APIs on the Cisco Developer Portal:
http://developer.cisco.com/

Note The clients that are supported may differ depending on which IM address scheme is configured for the
IM and Presence Service node.

License Requirements for Third-Party Clients

You must assign IM and Presence Service capabilities for each user of an XMPP client application.
IM and Presence capabilities are included within both User Connect Licensing (UCL) and Cisco Unified
Workspace Licensing (CUWL). Refer to the Cisco Unified Communications Manager Enterprise License
Manager User Guide for more information.

XMPP Client Integration on Cisco Unified Communications Manager

Before you integrate an XMPP client, perform the following tasks on Cisco Unified Communications Manager:
• Configure the licensing requirements.
• Configure the users and devices. Associate a device with each user, and associate each user with a line
appearance.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
18
 Third-Party Client Integration

Related Topics
User License Requirements, on page 36
User and Device Configuration on Cisco Unified Communications Manager before Integration Task List,
on page 51

LDAP Integration for XMPP Contact Search

To allow users of the XMPP client applications to search and add contacts from an LDAP directory, configure
the LDAP settings for XMPP clients on IM and Presence Service.

Related Topics
LDAP Directory Integration for Contact Searches on XMPP Clients, on page 96

DNS Configuration for XMPP Clients

You must enable DNS SRV in your deployment when you integrate XMPP clients with IM and Presence
Service. The XMPP client performs a DNS SRV query to find an XMPP node (IM and Presence Service) to
communicate with, and then performs a record lookup of the XMPP node to get the IP address.

Note If you have multiple IM domains configured in your IM and Presence Service deployment, a DNS SRV
record is required for each domain. All SRV records can resolve to the same result set.

IPv6 Support
IM and Presence Service supports Internet Protocol version 6 (IPv6), which uses packets to exchange data,
voice, and video traffic over digital networks. IPv6 also increases the number of network address bits from
32 bits in IPv4 to 128 bits. IPv6 deployment in the IM and Presence Service network functions transparently
in a dual-stack IPv4 and IPv6 environment. The default network setting is IPv4.
Outbound IPv6 traffic is allowed when IPv6 is enabled. For example, SIP S2S can be configured to use either
static routes or DNS queries. When a static route is configured and IPv6 is enabled, the SIP proxy attempts
to establish an IPv6 connection if IPv6 IP traffic is provided. You can use IPv6 for connections to external
databases, LDAP and Exchange servers, and for federation connections on IM and Presence Service even
though the connection between IM and Presence Service and Cisco Unified Communications Manager uses
IPv4.
If the service uses DNS requests (for example, with XMPP S2S), then after receiving the list of IP addresses
as the result of the DNS query, the service attempts to connect to each IP address on the list one by one. If a
listed IP address is IPv6, the server establishes an IPv6 connection. If the request to establish the IPv6 connection
fails, the service moves on to the next IP address on the list.
If for any reason IPv6 gets disabled for either the enterprise parameter or for ETH0 on the IM and Presence
Service node, the node can still perform internal DNS queries and connect to the external LDAP or database
server if the server hostname that is configured on IM and Presence Service is a resolvable IPv6 address.
For additional information about IPv6 and for network guidelines, see the following documents:
• Cisco Unified Communications Manager Administration Guide

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
19
 IM Address Schemes and Default Domain

• Cisco Unified Communications Manager Features and Services Guide

• Command Line Interface Guide for Cisco Unified Communications Solutions
• Deploying IPv6 in Unified Communications Networks with Cisco Unified Communications Manager
• Configuration and Administration of IM and Presence Service on Cisco Unified Communications
Manager

IM Address Schemes and Default Domain

The IM and Presence Service supports two IM addressing schemes:
• UserID@Default_Domain is the default IM address scheme when you install the IM and Presence
Service.
• Directory URI IM address scheme supports multiple domains, alignment with the user's email address,
and alignment with Microsoft SIP URI.

Note The chosen IM address scheme must be consistent across all IM and Presence Service clusters.

The default domain is a cluster-wide setting that is used as part of the IM address when using the
UserID@Default_Domain IM address scheme.

IM Address Using UserID@Default_Domain

The UserID@Default_Domain IM address scheme is the default option when you perform a fresh install or
upgrade IM and Presence Service from an earlier version. To configure the default domain, choose Cisco
Unified CM IM and Presence Administration > Presence > Settings > Advanced Configuration.

IM Address Using Directory URI

The Directory URI address scheme aligns a user's IM address with their Cisco Unified Communications
Manager Directory URI.
The Directory URI IM address scheme provides the following IM addressing features:
• Multiple domain support. IM addresses do not need to use a single IM and Presence Service domain.
• Alignment with the user's email address. The Cisco Unified Communications Manager Directory URI
can be configured to align with a user's email address to provide a consistent identity for email, IM,
voice and video communications.
• Alignment with Microsoft SIP URI. The Cisco Unified Communications Manager Directory URI can
be configured to align with the Microsoft SIP URI to ensure that the user's identity is maintained when
migrating from Microsoft OCS/Lync to IM and Presence Service.

You set the Directory URI using Cisco Unified CM IM and Presence Administration GUI in one of two ways:
• Synchronize the Directory URI from the LDAP directory source.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
20
 IM Address Schemes and Default Domain

If you add an LDAP directory source in Cisco Unified Communications Manager, you can set a value
for the Directory URI. Cisco Unified Communications Manager then populates the Directory URI when
you synchronize user data from the directory source.

Note If LDAP Directory Sync is enabled in Cisco Unified Communications Manager, you
can map the Directory URI to the email address (mailid) or the Microsoft OCS/Lync
SIP URI (msRTCSIP-PrimaryUserAddress).

• Manually specify the Directory URI value in Cisco Unified Communications Manager.
If you do not add an LDAP directory source in Cisco Unified Communications Manager, you can
manually enter the Directory URI as a free-form URI.

Caution If you configure the node to use Directory URI as the IM address scheme, Cisco recommends that you
deploy only clients that support Directory URI. Any client that does not support Directory URI will not
work if the Directory URI IM address scheme is enabled. Cisco recommends that you use the
UserID@Default_Domain IM address scheme and not the Directory URI IM address scheme if you have
any deployed clients that do not support Directory URI.

See the Cisco Unified Communications Manager Administration Guide for more information about setting
up the LDAP directory for Directory URI.

IM Address Examples
The following table provides samples of the IM address options that are available for the IM and Presence
Service.

IM and Presence Service Default Domain: cisco.com

User: John Smith
Userid: js12345
Mailid: [email protected]
SIPURI: [email protected]

IM Address Format Directory URI Mapping IM Address

<userid>@<domain> n/a [email protected]

Directory URI mailid [email protected]

Directory URI msRTCSIP-PrimaryUserAddress [email protected]

For more information about configuring IM addresses, see Configuration and Administration of IM and
Presence Service on Cisco Unified Communications Manager.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
21
 IM Address Schemes and Default Domain

IM Address Integration with Cisco Unified Communications Manager

UserID@Default_Domain Integration with Cisco Unified Communications Manager

The default IM address scheme is UserID@Default_Domain. Use this IM address scheme for all clusters that
meet the following criteria:
• Any IM and Presence Service cluster is deployed with a software release that is earlier than Release
10.0.
• Any deployed clients do not support the Directory URI IM address scheme.

As the name suggests, all IM addresses are part of a single, default IM domain. Use the Cisco Unified CM
IM and Presence Administration GUI to configure a consistent domain across all IM and Presence Service
clusters.
The IM and Presence Service IM address (JID) is always UserID@Default_Domain. The UserID can be
free-form or synced from LDAP. The following fields are supported:
• sAMAccountName
• User Principle Name (UPN)
• Email address
• Employee number
• Telephone number

While UserID can be mapped to the email address, that does not mean the IM URI equals the email address.
Instead it becomes <email-address>@Default_Domain. For example,
[email protected]@sales-example.com. The Active Directory (AD) mapping setting that
you choose is global to all users within that IM and Presence Service cluster. It is not possible to set different
mappings for individual users.

Directory URI Integration with Cisco Unified Communications Manager

Unlike the UserID@Default_Domain IM address scheme, which is limited to a single IM domain, the Directory
URI IM address scheme supports multiple IM domains. Any domain specified in the Directory URI is treated
as hosted by IM and Presence Service. The user's IM address is used to align with their Directory URI, as
configured on Cisco Unified Communications Manager.
Directory URI can be free-form or synchronized from LDAP. If LDAP synchronization is disabled, you can
set Directory URI as a free-form URI. If LDAP Directory synchronization is enabled, you can map the
Directory URI to the following fields:
• email address (mailid)
• Microsoft OCS/Lync SIP URI (msRTCSIP-PrimaryUserAddress)

For information about enabling LDAP, see the Cisco Unified Communications Manager Administration Guide.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
22
 Security

Multiple IM Domain Management

IM and Presence Service supports IM addressing across multiple IM address domains and automatically lists
all domains in the system. Use the Cisco Unified CM IM and Presence Administration GUI to manually add,
update, and delete local administrator-managed domains, as well as view all local and system managed
domains.
If you are interoperating with Cisco Expressway, see the Cisco Expressway Administrator Guide (X8.2) for
further information on domain limitations.

Security
You can configure a secure connection between IM and Presence Service and Cisco Unified Communications
Manager, XMPP clients, and SIP clients by exchanging certificates. Certificates can be self-signed or generated
by a Certificate Authority (CA).
For more information, see topics related to security configuration.

SAML Single Sign-On

The Security Assertion Markup Language (SAML) Single Sign-On feature allows administrative users to
access the following Cisco Unified Communications Manager and IM and Presence Service web applications
without logging in again:
• Cisco Unified CM IM and Presence Administration
• Cisco Unified IM and Presence Serviceability
• Cisco Unified IM and Presence Reporting
• Cisco Unified Communications Manager Administration
• Cisco Unified Reporting
• Cisco Unified Serviceability
• Unified Communications Self Care Portal

Note Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and
applications users cannot access them.

For more information about how to enable SAML SSO for Cisco Unified Communications Manager and IM
and Presence Service web applications, see the Administration Guide for Cisco Unified Communications
Manager at this link.
For more information about SAML SSO and how to enable SAML SSO across certain Unified Communications
applications, see the SAML SSO Deployment Guide for Cisco Unified Communications Applications at this
link.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
23
 SAML Single Sign-On

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
24
 CHAPTER 2
Multinode Scalability and WAN Deployments
• Multinode Scalability Feature, page 25
• Cluster-Wide DNS SRV, page 27
• Local Failover, page 27
• Presence Redundancy Group Failure Detection, page 27
• Method Event Routing, page 28
• External Database Recommendations, page 28
• Clustering Over WAN for Intracluster and Intercluster Deployments, page 28

Multinode Scalability Feature

Multinode Scalability Requirements

IM and Presence Service supports multinode scalability:
• Six nodes per cluster
• 45,000 users per cluster with a maximum of 15,000 users per node in a full Unified Communication
(UC) mode deployment
• 15,000 users per cluster in a presence redundancy group, and 45,000 users per cluster in a deployment
with High Availability.
• Administrable customer-defined limit on the maximum contacts per user (default unlimited)
• The IM and Presence Service continues to support intercluster deployments with the multinode feature.

Scalability depends on the number of clusters in your deployment. For detailed VM configuration requirements
and OVA templates, see Virtualization for Unified CM IM and Presence at the following url: http://
docwiki.cisco.com/wiki/Virtualization_for_Unified_CM_IM_and_Presence

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
25
 Multinode Scalability Feature

Scalability Options for Deployment

IM and Presence Service clusters can support up to six nodes. If you originally installed less than six nodes,
then you can install additional nodes at any time. If you want to scale your IM and Presence Service deployment
to support more users, you must consider the multinode deployment model you have configured. The following
table describes the scalability options for each multinode deployment model.

Table 3: Multinode Scalability Options

Deployment Mode Scalability Option

Add a New Node to an Existing Add a New Node to a New Presence
Presence Redundancy Group Redundancy Group
Balanced Non-Redundant If you add a new node to an existing If you add a new node to a new
High Availability presence redundancy group, the new presence redundancy group, you can
Deployment node can support the same number of support more users in your deployment.
users as the existing node; the presence This does not provide balanced High
redundancy group can now support Availability for the users in the
twice the number of users. It also presence redundancy group. To provide
provides balanced High Availability balanced High Availability, you must
for the users on the existing node and add a second node to the presence
the new node in that presence redundancy group.
redundancy group.

Balanced Redundant High If you add a new node to an existing If you add a new node to a new
Availability Deployment presence redundancy group, the new presence redundancy group, you can
node can support the same users as the support more users in your deployment.
existing node. For example, if the This does not provide balanced High
existing node supports 5000 users, the Availability for the users in the
new node supports the same 5000 presence redundancy group. To provide
users. It also provides balanced balanced High Availability, you must
redundant High Availability for the add a second node to the presence
users on the existing node and the new redundancy group.
node in that presence redundancy
group.
Note You may have to reassign
your users within the
presence redundancy group,
depending how many users
were on the existing node.
Active/Standby Redundant If you add a new node to an existing If you add a new node in a new
High Availability presence redundancy group, you presence redundancy group, you can
Deployment provide High Availability for the users support more users in your deployment.
in the existing node in the presence This does not provide High Availability
redundancy group. This provides a for the users in the presence
High Availability enhancement only; redundancy group. To provide High
it does not increase the number of Availability, you must add a second
users you can support in your node to the presence redundancy group.
deployment.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
26
 Cluster-Wide DNS SRV

Cluster-Wide DNS SRV

For DNS configuration, you can define a cluster-wide IM and Presence Service address.
The SIP Publish Trunk on Cisco Unified Communications Manager uses the cluster-wide IM and Presence
Service address to load-balance SIP PUBLISH messages from Cisco Unified Communications Manager to
all nodes in the cluster. Notably this configuration ensures that the initial SIP PUBLISH messages are
load-balanced across all nodes in the cluster. This configuration also provides a High Availability deployment
as, in the event of a node failing, Cisco Unified Communications Manager will route the SIP PUBLISH
messages to the remaining nodes.
The cluster-wide DNS configuration is not a required configuration. Cisco recommends this configuration as
a method to load-balance the initial SIP PUBLISH messages across all nodes in the cluster. IM and Presence
Service sends subsequent SIP PUBLISH messages for each device to the node where the user is homed on
IM and Presence Service.
Even though IM and Presence Service supports multiple domains, you require only a single clusterwide DNS
SRV record. You specify that DNS SRV record when you configure the Cisco Unified Communications
Manager SIP trunk. Cisco recommends that you use the IM and Presence Service default domain as the
destination address for that DNS SRV record.

Note You can specify any domain value as the destination address of the DNS SRV record; however, ensure
that the SIP Proxy Service Parameter called SRV Cluster Name on IM and Presence Service matches the
domain value you specify in the DNS SRV record. No users need to be assigned to the domain that is
specified.

For more information, see topics related to configuring Cisco Unified Communications Manager for integration
with IM and Presence Service and DNS SRV records.

Related Topics
Configure Cluster-Wide DNS SRV Name for SIP Publish Trunk, on page 89

Local Failover
You can also deploy IM and Presence Service over WAN where one presence redundancy group is located
in one geographic site, and a second presence redundancy group is located in another geographic site. The
presence redundancy group can contain a single node, or a dual node for High Availability between the local
nodes. This model provides no failover between geographic sites.

Presence Redundancy Group Failure Detection

The IM and Presence Service supports a failure detection mechanism for a presence redundancy group. Each
node in the presence redundancy group monitors the status, or heartbeat, of the peer node. To configure the
heartbeat connection and heartbeat intervals on IM and Presence Service, choose Cisco Unified CM IM and
Presence Administration > System > Service Parameters > Server Recovery Manager (service). In the
section General Server Recovery Manager Parameters (Clusterwide), configure the following parameters:

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
27
 Method Event Routing

• Heart Beat Interval: This parameter specifies how often in seconds the Server Recovery Manager sends
a heartbeat message to the peer Server Recovery Manager in the same presence redundancy group. The
heartbeat is used to determine network availability. The default value is 60 seconds.
• Connect Timeout: This parameter specifies how long in seconds the Server Recovery Manager waits
to receive a response from a connection request to the peer Server Recovery Manager. The default value
is 30 seconds.

Note Cisco recommend that you configure these parameters with the default values.

Method Event Routing

When you deploy IM and Presence Service over WAN we recommend that you configure TCP method event
routing on IM and Presence Service. Choose Cisco Unified CM IM and Presence Administration > Presence
> Routing > Method/Event Routing to configure method event routes.

External Database Recommendations

If you configure external database servers in your Clustering over WAN deployment, Cisco recommends that
you co-locate the external database servers with the IM and Presence Service nodes that will use the external
database servers.
You can connect the IM and Presence Service node to the external database server using either IPv4 or IPv6
Internet transport protocol.
For more information about external database servers and IM and Presence Service, see Database Setup Guide
for IM and Presence Service on Cisco Unified Communications Manager.

Clustering Over WAN for Intracluster and Intercluster Deployments

IM and Presence Service supports Clustering over WAN for intracluster and intercluster deployments.

Intracluster Deployments Over WAN

IM and Presence Service supports intracluster deployments over WAN, using the bandwidth recommendations
provided in this module. IM and Presence Service supports a single presence redundancy group geographically
split over WAN, where one node in the presence redundancy group is in one geographic site and the second
node in the presence redundancy group is in another geographic location.
This model can provide geographical redundancy and remote failover, for example failover to a backup IM
and Presence Service node on a remote site. With this model, the IM and Presence Service node does not need
to be co-located with the Cisco Unified Communications Manager database publisher node. The Cisco Jabber
client can be either local or remote to the IM and Presence Service node.
This model also supports High Availability for the clients, where the clients fail over to the remote peer IM
and Presence Service node if the services or hardware fails on the home IM and Presence Service node. When

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
28
 Clustering Over WAN for Intracluster and Intercluster Deployments

the failed node comes online again, the clients automatically reconnect to the home IM and Presence Service
node.
When you deploy IM and Presence Service over WAN with remote failover, note the following restriction:
• This model only supports High Availability at the system level. Certain IM and Presence Service
components may still have a single point of failure. These components are the Cisco Sync Agent, Cisco
Intercluster Sync Agent, and Cisco Unified CM IM and Presence Administration interface.

IM and Presence Service also supports multiple presence redundancy groups in a Clustering over WAN
deployment. For information about scale for a Clustering over WAN deployment, see the IM and Presence
Service SRND.
For additional information, see the IM and Presence Service Solution Reference Network Design (SRND):

Multinode Configuration for Deployment Over WAN

When you configure the IM and Presence Service multinode feature for an intracluster deployment over WAN,
configure the IM and Presence Service presence redundancy group, nodes and user assignment as described
in the multinode section, but note the following recommendations:
• For optimum performance, Cisco recommends that you assign the majority of your users to the home
IM and Presence Service node. This deployment model decreases the volume of messages sent to the
remote IM and Presence Service node over WAN, however the failover time to the secondary node
depends on the number of users failing over.
• If you wish to configure a High Availability deployment model over WAN, you can configure a presence
redundancy group-wide DNS SRV address. In this case, IM and Presence Service sends the initial
PUBLISH request message to the node specified by DNS SRV and the response message indicates the
host node for the user. IM and Presence Service then sends all subsequent PUBLISH messages for that
user to the host node. Before configuring this High Availability deployment model, you must consider
if you have sufficient bandwidth for the potential volume of messages that may be sent over the WAN.

Related Topics
Intracluster Deployments Over WAN, on page 28
http://www.cisco.com/go/designzone

Intercluster Deployments

Intercluster Deployments Over WAN

IM and Presence Service supports intercluster deployments over WAN, using the bandwidth recommendations
provided in this module.

Related Topics
WAN Bandwidth Requirements, on page 35

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
29
 Clustering Over WAN for Intracluster and Intercluster Deployments

Intercluster Peer Relationships

You can configure peer relationships that interconnect standalone IM and Presence Service clusters, known
as intercluster peers. This intercluster peer functionality allows users in one IM and Presence Service cluster
to communicate and subscribe to the availability information of users in a remote IM and Presence Service
cluster within the same domain. Keep in mind that if you delete an intercluster peer from one cluster, then
you must also delete the corresponding peer in the remote cluster.
IM and Presence Service uses the AXL/SOAP interface to retrieve user information for the home cluster
association. IM and Presence Service uses this user information to detect if a user is a local user (user on the
home cluster), or a user on a remote IM and Presence Service cluster within the same domain.
IM and Presence Service uses the XMPP interface for the subscription and notification traffic. If IM and
Presence Service detects a user to be on a remote cluster within the same domain, IM and Presence Service
reroutes the messages to the remote cluster.

Caution Cisco highly recommends that you set up intercluster peers in a staggered manner, as the initial sync uses
substantial bandwidth and CPU. Setting up multiple peers at the same time could result in excessive sync
times.

Intercluster Router to Router Connections

By default, IM and Presence Service assigns all nodes in a cluster as intercluster router-to-router connectors.
When IM and Presence Service establishes an intercluster peer connection between the clusters over the AXL
interface, it synchronizes the information from all intercluster router-to-router connector nodes in the home
and remote clusters.
You must restart the Cisco XCP Router service on all nodes in both local and remote clusters for IM and
Presence Service to establish a connection between the intercluster router-to-router connector nodes. Each
intercluster router-to-router connector in one cluster then either initiates or accepts an intercluster connection
with router-to-router connectors in the other cluster.

Note In an intercluster deployment, when you add a new node to a cluster, you must restart the Cisco XCP
router on all nodes in both the local and remote clusters.

Related Topics
Secure Intercluster Router to Router Connection, on page 31

Node Name Value for Intercluster Deployments

The node name defined for any IM and Presence Service node must be resolvable by every other IM and
Presence Service node on every cluster. Therefore, each IM and Presence Service node name must be the
FQDN of the node. If DNS is not deployed in your network, each node name must be an IP address.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
30
 Clustering Over WAN for Intracluster and Intercluster Deployments

Note Specifying the hostname as the node name is only supported if all nodes across all clusters share the same
DNS domain.

Attention When using the Cisco Jabber client, certificate warning messages can be encountered if the IP address is
configured as the IM and Presence Service node name. To prevent Cisco Jabber from generating certificate
warning messages, the FQDN should be used as the node name. For instructions to set the IM and Presence
Service node name value, see Cisco Unified Communications Manager Administration Guide.

Related Topics
IM and Presence Default Domain Value for Intercluster Deployments, on page 31

IM and Presence Default Domain Value for Intercluster Deployments

If you configure an intercluster deployment, note the following:
• The IM and Presence default domain value on the local cluster must match the IM and Presence default
domain value on the remote cluster to ensure that intercluster functionality will work correctly.

See topics related to IM and Presence default domain configuration for detailed instructions.

Related Topics
IM and Presence Service Default Domain Configuration
Node Name Value for Intercluster Deployments, on page 30

IM Address Scheme for Intercluster Deployments

For intercluster deployments, all nodes in each of the clusters must use the same IM address scheme. If any
node in a cluster is running a version of IM and Presence Service that is earlier than Release 10, all nodes
must be set to use the UserID@Default_Domain IM address scheme for backward compatibility.
For more information, see topics related to IM address scheme configuration.

Related Topics
Configure IM Address Scheme, on page 67
IM Address Using UserID@Default_Domain, on page 20
IM Address Using Directory URI, on page 20

Secure Intercluster Router to Router Connection

You can configure a secure XMPP connection between all router-to-router connectors in your IM and Presence
Service deployment, incorporating both intracluster and intercluster router to router connections. Choose
Cisco Unified CM IM and Presence Administration > System > Security > Settings, and check Enable
XMPP Router-to-Router Secure Mode.
When you turn on the secure mode for XMPP router-to-router connections, IM and Presence Service enforces
a secure SSL connection using XMPP trust certificates. For intercluster deployments, IM and Presence Service

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
31
 Clustering Over WAN for Intracluster and Intercluster Deployments

enforces a secure SSL connection between each router-to-router connector node in the local cluster, and each
router connector node in the remote cluster.

Related Topics
Intercluster Router to Router Connections, on page 30

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
32
 CHAPTER 3
IM and Presence Service Planning Requirements
• Multinode Hardware Recommendations, page 33
• Intercluster Hardware Recommendations, page 34
• Supported End Points, page 34
• LDAP Directory Servers Supported, page 34
• WAN Bandwidth Requirements, page 35
• Multinode Scalability and Performance, page 36
• User License Requirements, page 36
• DNS Domain and Default Domain Requirements, page 37

Multinode Hardware Recommendations

When configuring the multinode feature, consider the following:
• Cisco recommends turning on High Availability in your deployment.
• Cisco only supports virtualized deployments of IM and Presence Service on Cisco Unified Computing
System servers or on a Cisco-approved third-party server configuration. Cisco does not support
deployments of IM and Presence on Cisco Media Convergence Server (MCS) servers. For more
information about the deployment of IM and Presence Service in a virtualized environment, see http://
docwiki.cisco.com/wiki/Unified_Communications_in_a_Virtualized_Environment.
• Minimize your deployment, for example, instead of using five virtual machines that support a total of
two thousand users, choose two virtual machines that can support a total of five thousand users.
• Use the same generation of server hardware.
• Use similar hardware for all nodes in your deployment. If you must mix generations of similar hardware,
put the same generations of older hardware together in a presence redundancy group and put fewer users
on this presence redundancy group than on the more powerful presence redundancy group. Note that
we do not recommend this deployment practice.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
33
 Intercluster Hardware Recommendations

Warning For multinode deployments, instead of using mixed virtual machine deployment sizes, it is highly
recommended that the IM and Presence Service subscriber and database publisher nodes in the same
presence redundancy group have similar database size. If a significant difference in database size exists
between the two nodes, you will receive an error during installation of the subscriber node.

For a list of the supported hardware for the multinode feature, and hardware user assignment guidelines for
the multinode feature, see the IM and Presence Service compatibility matrices at this URL:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_device_support_tables_list.html

Intercluster Hardware Recommendations

When planning an intercluster deployment, it is recommended that similar deployments be used on all IM
and Presence Service clusters in the Enterprise to allow for syncing of all user data between clusters. For
example, if a virtual server supporting a 5000 user deployment is used in Cluster A, then a 5000 user virtual
server deployment should be used in Cluster B even if only 500 users are needed in Cluster B .

Supported End Points

The multinode scalability feature supports the following end points:
• Cisco Unified Communications Manager (desk phone)
• Cisco Jabber
• Third-Party XMPP clients
• Cisco Unified Mobile Communicator
• Microsoft Office Communicator (Microsoft soft client)
• Lotus Sametime (Lotus soft client)

Note Lotus clients are used on the Microsoft server that is integrated with IM and Presence
Service for remote call control.

• Third-Party Interface clients

• Lync 2010 and 2013 Clients (Microsoft Office Communicator)

Only third party clients support the Directory URI IM address scheme. All other clients should use the
UserID@Default_Domain IM address scheme. See topics related to the IM and Presence Service IM address
schemes for more information.

LDAP Directory Servers Supported

IM and Presence Service integrates with these LDAP directory servers:

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
34
 WAN Bandwidth Requirements

• Microsoft Active Directory 2000, 2003 and 2008

• Netscape Directory Server
• Sun ONE Directory Server 5.2
• OpenLDAP

Related Topics
http://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-callmanager/products-release-notes-list.html
http://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-callmanager/products-maintenance-guides-list.html

WAN Bandwidth Requirements

At a minimum, you must dedicate 5 Mbps of bandwidth for each IM and Presence Service presence redundancy
group, with no more than an 80 millisecond round-trip latency. These bandwidth recommendations apply to
both intracluster and intercluster WAN deployments. Any bandwidth less than this recommendation can
adversely impact performance.

Note Each IM and Presence Service presence redundancy group that you add to your Clustering over WAN
deployment requires an additional (dedicated) 5 Mbps of bandwidth.

WAN Bandwidth Considerations

When you calculate the bandwidth requirements for your Clustering over WAN deployment, consider the
following:
• In your bandwidth considerations, you must include the normal bandwidth consumption of a Cisco
Unified Communications Manager cluster. If you configure multiple nodes, Cisco Unified
Communications Manager uses a round-robin mechanism to load balance SIP/SIMPLE messages, which
consumes more bandwidth. To improve performance and decrease traffic, you could provision a single
dedicated Cisco Unified Communications Manager node for all SIP/SIMPLE messages sent between
the IM and Presence Service and Cisco Unified Communications Manager.
• In your bandwidth considerations, we also recommend that you consider the number of contacts in the
contact list for a Cisco Jabber user, and the size of user profiles on IM and Presence Service. See the
IM and Presence Service SRND for recommendations regarding the size of a contact list when you
deploy IM and Presence over WAN. Note also that the maximum contact list size on IM and Presence
Service is 200, so you need to factor this in to your bandwidth considerations for systems with large
numbers of users.

For additional information, see the IM and Presence Service Solution Reference Network Design (SRND):
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/7x/uc7_0.html

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
35
 Multinode Scalability and Performance

Multinode Scalability and Performance

Multinode Scalability Requirements

IM and Presence Service supports multinode scalability:
• Six nodes per cluster
• 45,000 users per cluster with a maximum of 15,000 users per node in a full Unified Communication
(UC) mode deployment
• 15,000 users per cluster in a presence redundancy group, and 45,000 users per cluster in a deployment
with High Availability.
• Administrable customer-defined limit on the maximum contacts per user (default unlimited)
• The IM and Presence Service continues to support intercluster deployments with the multinode feature.

Scalability depends on the number of clusters in your deployment. For detailed VM configuration requirements
and OVA templates, see Virtualization for Unified CM IM and Presence at the following url: http://
docwiki.cisco.com/wiki/Virtualization_for_Unified_CM_IM_and_Presence

Multinode Performance Recommendations

You can achieve optimum performance with the multinode feature when:
• The resources on all IM and Presence Service nodes are equivalent in terms of memory, disk size, and
age. Mixing virtual server hardware classes results in nodes that are under-powered, therefore resulting
in poor performance.
• You deploy virtual server hardware that complies with the hardware recommendations.
• You configure a Balanced Mode deployment model. In this case, the total number of users is equally
divided across all nodes in all presence redundancy groups. The IM and Presence Service defaults to
Balanced Mode user assignment to achieve optimum performance.

Related Topics
Multinode Hardware Recommendations, on page 33
Balanced User Assignment Redundant High Availability Deployment

User License Requirements

IM and Availability functionality does not require a node license or software version license. However, you
must assign IM and Availability functionality to each IM and Presence Service user.
You can assign IM and Availability on a per user basis, regardless of the number of clients you associate with
each user. When you assign IM and Availability to a user, this enables the user to send and receive IMs and
also to send and receive availability updates. If the user is not enabled for IM and Availability, no availability
updates are allowed for that user.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
36
 DNS Domain and Default Domain Requirements

You can enable a user for IM and Presence Service functionality in the End User Configuration window in
Cisco Unified Communications Manager. See the Cisco Unified Communications Manager Administration
Guide for more information.
IM and Availability functionality is included within both User Connect Licensing (UCL) and Cisco Unified
Workspace Licensing (CUWL). Refer to the Cisco Unified Communications Manager Enterprise License
Manager User Guide for more information.

DNS Domain and Default Domain Requirements

The following DNS domain and IM and Presence Service default domain conditions apply. To resolve any
domain-related deployment issues, Cisco recommends that you set all IM and Presence Service node names
in the cluster to the FQDN or IP address rather than the hostname.
• For inter-cluster IM and Presence Service deployments, it is required that each IM and Presence Service
cluster shares the same underlying DNS domain.
• The DNS domain associated with any client devices should map to the IM and Presence Service DNS
domain.
• Ensure that the DNS domain aligns with the IM and Presence Service default domain.
The IM and Presence Service default domain value is set to the DNS domain by default during installation.
You can not change the IM and Presence Service default domain during installation. To change the
default domain to a value that is different from the DNS domain, you must use the Cisco Unified CM
IM and Presence Administration GUI.

Caution Failure to set all IM and Presence Service node names in the cluster to the FQDN or IP address rather
than the hostname can result in communications failure between nodes in a cluster. Affected functions
include SIP and XMPP-based inter-cluster communications, High Availability, client sign-in, and SIP-based
list subscriptions.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
37
 DNS Domain and Default Domain Requirements

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
38
 CHAPTER 4
Workflows
• Basic Deployment with High Availability Workflow, page 39
• Basic Deployment with High Availability and IP Phone Presence Workflow, page 41
• Federation Deployment Workflow, page 44

Basic Deployment with High Availability Workflow

The following workflow diagram shows the high-level steps to set up a basic IM and Presence Service
deployment with High Availability. Users have access to the core IM and availability features, such as basic
IM functionality, presence, and Ad Hoc group chats after a basic setup. Optional features can be configured
to enhance user functionality.
For more advanced deployment scenarios and workflows, see topics related to workflows that include phone
presence setup and federation.

Figure 3: Basic IM and Presence Service Deployment Workflow with High Availability

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
39
 Basic Deployment with High Availability Workflow

The following table describes each task in the workflow.

Tip Perform all preparation tasks before installing or configuring the IM and Presence Service node. Review
topics related to deployment options and planning requirements.

Table 4: Task List for Basic Workflow with High Availability

Task Description
1 Installation For detailed Installation instructions, see Installing Cisco Unified Communications
Manager.

2 Activate Services You must manually activate feature services after you install the node. For detailed
instructions, see Installing Cisco Unified Communications Manager.
Tip Network services start automatically after you install the
node.
3 LDAP Directory Set up LDAP directory integration on the IM and Presence Service node:
Integration with
Cisco Unified • Secure the Cisco Unified Communications Manager and LDAP directory
connection.
Communications
Manager • Secure the connection between IM and Presence Service and the LDAP
server.

Tip Integration of Cisco Unified Communications Manager and Cisco Jabber

with the LDAP server is the recommended setup. For alternative setups,
see topics related to LDAP integration.
4 End User Setup Assign users to nodes and presence redundancy groups in yourIM and Presence
Service deployment. You can manually or automatically assign users to the nodes
in your IM and Presence Service deployment. See the Cisco Unified
Communications Manager Administration Guide for instructions to assign users.
The User Assignment Mode for Presence Server Enterprise Parameter is
used to set the user assignment mode to balanced, active-stand-by, or none.
Tip Use Cisco Unified CM IM and Presence Administration to migrate users,
export and import contact lists.
5 Third-Party XMPP (Optional) Integrate your third-party XMPP client if you are not using Cisco
Client Integration Jabber.

6 LDAP Directory Setup user integration with the LDAP directory:

Client Integration
• Configure LDAP synchronization for user provisioning.
• Upload LDAP server certificates.
• Configure LDAP user authentication.

Tip Integration of Cisco Unified Communications Manager and Cisco Jabber

with the LDAP server is the recommended setup. For alternative setups,
see topics related to LDAP integration.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
40
 Basic Deployment with High Availability and IP Phone Presence Workflow

Task Description
7 Validate Cluster Confirm that IM and availability can be exchanged within the cluster. Verify that
Communications and IM's can be sent and received, and that changes in a user's availability can be
Client can Login seen. When more than one cluster is setup, validate basic IM and availability
across clusters.

8 High Availability and For instructions to set up high availability and presence redundancy groups, see
Presence Redundancy the Cisco Unified Communications Manager Administration Guide.
Group Setup

9 Validate Services are Perform validate tasks to ensure services are running. Confirm that the client can
Running and Client login to IM and Presence Service and has availability.
can Login

10 Enable Secure Perform the following tasks to enable secure communications on the IM and
Communications Presence Service node:
• Configure certificate exchange between IM and Presence Service and Cisco
Unified Communications Manager.
• Upload CA signed certificates to IM and Presence Service.
• Configure SIP security settings on IM and Presence Service for the TLS
peer subject.
• (Optional) Configure XMPP security settings on IM and Presence Service.

11 Validate Client using Confirm that the client can login to IM and Presence Service and has availability.
certificates

Basic Deployment with High Availability and IP Phone Presence Workflow

The following workflow diagram shows the high-level steps to set up a basic IM and Presence Service
deployment with High Availability and IP phone presence. Users have access to the core IM and availability
features, such as basic IM functionality, presence, and Ad Hoc group chats after a basic setup. Optional features
can be configured to enhance user functionality.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
41
 Basic Deployment with High Availability and IP Phone Presence Workflow

Optional features can also be configured to enhance user functionality. For more information about feature
options or other deployment workflows, see topics related to features and options for IM and Presence Service
and High Availability deployment setup.

Figure 4: Basic IM and Presence Service Workflow with High Availability and IP Phone Presence

The following table describes each task in the workflow.

Table 5: Task List for Basic Workflow with High Availability and IP Phone Presence

Task Description
1 Installation For detailed Installation instructions, see Installing Cisco Unified
Communications Manager.
2 Activate Services You must manually activate feature services after you install the node. For
detailed instructions, see Installing Cisco Unified Communications
Manager.
Tip Network services start automatically after you install the
node.
3 LDAP Directory Set up LDAP directory integration on the IM and Presence Service node:
Integration with Cisco
Unified Communications • Secure the Cisco Unified Communications Manager and LDAP
directory connection.
Manager
• Secure the connection between IM and Presence Service and the
LDAP server.

Tip Integration of Cisco Unified Communications Manager and Cisco

Jabber with the LDAP server is the recommended setup. For
alternative setups, see topics related to LDAP integration.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
42
 Basic Deployment with High Availability and IP Phone Presence Workflow

Task Description
4 End User Setup Assign users to nodes and presence redundancy groups in yourIM and
Presence Service deployment. You can manually or automatically assign
users to the nodes in your IM and Presence Service deployment. See the
Cisco Unified Communications Manager Administration Guide for
instructions to assign users. The User Assignment Mode for Presence
Server Enterprise Parameter is used to set the user assignment mode to
balanced, active-stand-by, or none.
Tip Use the IM and Presence Service GUI to migrate users, export and
import contact lists.
5 Third-Party XMPP Client (Optional) Integrate your third-party XMPP client if you are not using
Integration Cisco Jabber.

6 LDAP Directory Client Setup user integration with the LDAP directory:
Integration
• Configure LDAP synchronization for user provisioning.
• Upload LDAP server certificates.
• Configure LDAP user authentication.

Tip Integration of Cisco Unified Communications Manager and Cisco

Jabber with the LDAP server is the recommended setup. For
alternative setups, see topics related to LDAP integration.
7 Validate Cluster Confirm that IM and availability can be exchanged within the cluster.
Communications and Verify that IM's can be sent and received, and that changes in a user's
Client can Login availability can be seen. When more than one cluster is setup, validate
basic IM and availability across clusters.

8 IP Phone Presence Setup Set up the following on IM and Presence Service node:
• Static routes
• Presence Gateway
• SIP publish trunk
• Cluster-wide DNS SRV name for SIP publish trunk

9 High Availability and For instructions to set up high availability and presence redundancy groups,
Presence Redundancy see the Cisco Unified Communications Manager Administration Guide.
Group Setup

10 Validate Services are Perform validate tasks to ensure services are running. Confirm that the
Running and Client can client can login to IM and Presence Service and has availability.
Login

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
43
 Federation Deployment Workflow

Task Description
11 Enable Secure Perform the following tasks to enable secure communications on the IM
Communications and Presence Service node:
• Configure certificate exchange between IM and Presence Service
and Cisco Unified Communications Manager.
• Upload CA signed certificates to IM and Presence Service.
• Configure SIP security settings on IM and Presence Service for the
TLS peer subject.
• (Optional) Configure XMPP security settings on IM and Presence
Service.

12 Validate Client using Confirm that the client can login to IM and Presence Service and has
certificates availability.

13 Intercluster Deployment Configure your intercluster peer relationships, router to router connections,
Configuration and set the node name and IM address scheme.

Federation Deployment Workflow

The following workflow diagram shows the high-level steps to set up IM and Presence Service deployment
with High Availability and IP phone presence for a Federation deployment. For detailed instructions to
configure federation, see the Interdomain Federation for IM and Presence Service on Cisco Unified
Communications Manager guide and the Partitioned Intradomain Federation for IM and Presence Service
on Cisco Unified Communications Manager guide.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
44
 Federation Deployment Workflow

Users have access to the core IM and availability features, such as basic IM functionality, presence, and Ad
Hoc group chats after a basic setup. Optional features can be configured to enhance user functionality. For
more information about feature options, see topics related to features and options for IM and Presence Service.

Figure 5: IM and Presence Service Workflow for Federation Deployment

The following table describes each task in the workflow.

Table 6: Task List for IM and Presence Service Workflow for Federation

Task Description
1 Installation For detailed Installation instructions, see Installing Cisco Unified Communications
Manager.
2 Activate Services You must manually activate feature services after you install the node. For
detailed instructions, see Installing Cisco Unified Communications Manager.
Tip Network services start automatically after you install the
node.
3 LDAP Directory Set up LDAP directory integration on the IM and Presence Service node:
Integration with
Cisco Unified • Secure the Cisco Unified Communications Manager and LDAP directory
connection.
Communications
Manager • Secure the connection between IM and Presence Service and the LDAP
server.

Tip Integration of Cisco Unified Communications Manager and Cisco Jabber

with the LDAP server is the recommended setup. For alternative setups,
see topics related to LDAP integration.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
45
 Federation Deployment Workflow

Task Description
4 End User Setup Assign users to nodes and presence redundancy groups in yourIM and Presence
Service deployment. You can manually or automatically assign users to the nodes
in your IM and Presence Service deployment. See the Cisco Unified
Communications Manager Administration Guide for instructions to assign users.
The User Assignment Mode for Presence Server Enterprise Parameter is
used to set the user assignment mode to balanced, active-stand-by, or none.
Tip Use the IM and Presence Service GUI to migrate users, export and import
contact lists.
5 Third-Party XMPP (Optional) Integrate your third-party XMPP client if you are not using Cisco
Client Integration Jabber or Cisco Unified Communications Manager.

6 LDAP Directory Setup user integration with the LDAP directory:

Client Integration
• Configure LDAP synchronization for user provisioning.
• Upload LDAP server certificates.
• Configure LDAP user authentication.

Tip Integration of Cisco Unified Communications Manager and Cisco Jabber

with the LDAP server is the recommended setup. For alternative setups,
see topics related to LDAP integration.
7 Validate Cluster Confirm that IM and availability can be exchanged within the cluster. Verify
Communications that IM's can be sent and received, and that changes in a user's availability can
be seen. When more than one cluster is setup, validate basic IM and availability
across clusters.

8 IP Phone Presence Set up the following on IM and Presence Service node:

Setup
• Static routes
• Presence Gateway
• SIP publish trunk
• Cluster-wide DNS SRV name for SIP publish trunk

9 High Availability For instructions to set up high availability and presence redundancy groups, see
and Presence the Cisco Unified Communications Manager Administration Guide.
Redundancy Group
Setup

10 Validate Services are Perform validate tasks to ensure services are running. Confirm that the client
Running and Client can login to IM and Presence Service and has availability.
can Login

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
46
 Federation Deployment Workflow

Task Description
11 Enable Secure Perform the following tasks to enable secure communications on the IM and
Communications Presence Service node:
• Configure certificate exchange between IM and Presence Service and Cisco
Unified Communications Manager.
• Upload CA signed certificates to IM and Presence Service.
• Configure SIP security settings on IM and Presence Service for the TLS
peer subject.
• (Optional) Configure XMPP security settings on IM and Presence Service.

12 Validate Client using Confirm that the client can login to IM and Presence Service and has availability.
certificates

13 Intercluster Configure your intercluster peer relationships, router to router connections, and
Deployment set the node name and IM address scheme.
Configuration

14 Federation Configure Interdomain Federation or Partitioned Intradomain Federation for

Deployments your deployment. For instructions and requirements, see Interdomain Federation
for IM and Presence Service on Cisco Unified Communications Manager and
Partitioned Intradomain Federation for IM and Presence Service on Cisco
Unified Communications Manager.

15 Validate End-to-End Perform validation tasks to confirm end-to-end communications. Confirm that
Communication IM and availability can be exchanged across clusters. Verify that IM's can be
sent and received, and that changes in a user's availability can be seen.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
47
 Federation Deployment Workflow

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
48
PART II
System Configuration
• Cisco Unified Communications Manager configuration for integration with IM and Presence Service,
page 51
• IM and Presence Service Network Setup, page 59
• IP Phone Presence Setup , page 83
• LDAP Directory Integration, page 91
• Security Configuration on IM and Presence Service, page 103
• Intercluster Peer Configuration, page 133
 CHAPTER 5
Cisco Unified Communications Manager
configuration for integration with IM and
Presence Service
• User and Device Configuration on Cisco Unified Communications Manager before Integration Task
List, page 51
• Configure Inter-Presence Group Subscription Parameter, page 53
• SIP Trunk Configuration on Cisco Unified Communications Manager, page 53
• Verify Required Services Are Running on Cisco Unified Communications Manager, page 57

User and Device Configuration on Cisco Unified Communications Manager

before Integration Task List
Before you configure Cisco Unified Communications Manager for integration with the IM and Presence
Service, make sure that the following user and device configuration is completed on Cisco Unified
Communications Manager.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
51
 User and Device Configuration on Cisco Unified Communications Manager before Integration Task List

Table 7: Task List to Configure Users and Devices on Cisco Unified Communications Manager Before Integration with
IM and Presence Service

Task Description
Modify the User Credential This procedure is applicable only if you are integrating with Cisco Unified
Policy Communications Manager Release 6.0 or later.
Cisco recommends that you set an expiration date on the credential policy
for users. The only type of user that does not require a credential policy
expiration date is an Application user.
Cisco Unified Communications Manager does not use the credential policy
if you are using an LDAP server to authenticate your users on Cisco Unified
Communications Manager.
Cisco Unified CM Administration > User Management > Credential
Policy Default

Configure the phone devices, Check Allow Control of Device from CTI to allow the phone to interoperate
and associate a Directory with the client.
Number (DN) with each Cisco Unified CM Administration > Device > Phone
device

Configure the users, and Ensure that the user ID value is unique for each user.
associate a device with each Cisco Unified CM Administration > User Management > End User.
user

Associate a user with a line This procedure is applicable only to Cisco Unified Communications Manager
appearance Release 6.0 or later.
Cisco Unified CM Administration > Device > Phone

Add users to CTI-enabled user To enable desk phone control, you must add the users to a CTI-enabled user
group group.
Cisco Unified CM Administration > User Management > User Group

(Optional) Set directoryURI If the IM and Presence Service nodes are using the Directory URI IM address
value for users scheme, you must set the directoryURI value for the users. The user's
Directory URI value can either be synchronized to the Cisco Unified
Communications Manager LDAP Directory or manually updated.
See the Cisco Unified Communications Manager Administration Guide for
instructions to enable LDAP or to edit the Directory URI value manually
for the user if LDAP is not enabled.

Note Because menu options and parameters may vary by Cisco Unified Communications Manager releases,
see the Cisco Unified Communications Manager documentation that applies to your release.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
52
 Configure Inter-Presence Group Subscription Parameter

Related Topics
LDAP Directory Integration, on page 91

Configure Inter-Presence Group Subscription Parameter

You enable the Inter-Presence Group Subscription parameter to allow users in one Presence Group to subscribe
to the availability information for users in a different presence group.
Restriction
You can only enable the Inter-Presence Group Subscription parameter when the subscription permission for
the default Standard Presence Group, or any new Presence Groups, is set to Use System Default. To configure
Presence Groups, choose Cisco Unified CM Administration > System > Presence Groups.

Procedure

Step 1 Choose Cisco Unified CM Administration > System > Service Parameters.
Step 2 Choose a Cisco Unified Communications Manager node from the Server menu.
Step 3 Choose Cisco CallManager from the Service menu.
Step 4 Choose Allow Subscription for Default Inter-Presence Group Subscription in the Clusterwide Parameters
(System - Presence) section.
Step 5 Click Save.
Tip You no longer have to manually add the IM and Presence Service as an Application Server on Cisco
Unified Communications Manager:

What to Do Next
Proceed to configure a SIP trunk on Cisco Unified Communications Manager.

SIP Trunk Configuration on Cisco Unified Communications Manager

The port number that you configure for the SIP Trunk differs depending on the version of the IM and Presence
Service that you are deploying. For IM and Presence Service release 9.0(x) and later, configure the port number
5060 for the SIP Trunk.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
53
 SIP Trunk Configuration on Cisco Unified Communications Manager

Configure SIP Trunk Security Profile for IM and Presence Service

Procedure

Step 1 Choose Cisco Unified CM Administration > System > Security > SIP Trunk Security Profile.
Step 2 Click Find.
Step 3 Click Non Secure SIP Trunk Profile.
Step 4 Click Copy and enter CUP Trunk in the Name field.
Step 5 Verify that the setting for Device Security Mode is Non Secure.
Step 6 Verify that the setting for Incoming Transport Type is TCP+UDP.
Step 7 Verify that the setting for Outgoing Transport Type is TCP.
Step 8 Check to enable these items:
• Accept Presence Subscription
• Accept Out-of-Dialog REFER
• Accept Unsolicited Notification
• Accept Replaces Header

Step 9 Click Save.

What to Do Next
Proceed to configure the SIP trunk on Cisco Unified Communication Manager

Configure SIP Trunk for IM and Presence Service

You only configure one SIP trunk between a Cisco Unified Communications Manager cluster and an IM and
Presence Service cluster. After you configure the SIP trunk, you must assign that SIP trunk as the IM and
Presence PUBLISH Trunk on Cisco Unified Communications Manager by choosing Cisco Unified CM
Administration > System > Service Parameters.
In the Destination Address field, enter a value using one of the following formats:
• Dotted IP Address
• Fully Qualified Domain Name (FQDN)
• DNS SRV

If high availability is configured for the IM and Presence cluster, multiple entries should be entered in the
Dotted IP Address or FQDN to identify the various nodes in the cluster. DNS SRV cannot be used for an IM
and Presence cluster if high availability is configured.

Before You Begin

• Configure the SIP Trunk security profile on Cisco Unified Communications Manager.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
54
 SIP Trunk Configuration on Cisco Unified Communications Manager

• Read the Presence Gateway configuration options topic.

Procedure

Step 1 Choose Cisco Unified CM Administration > Device > Trunk.

Step 2 Click Add New.
Step 3 Choose SIP Trunk from the Trunk Type menu.
Step 4 Choose SIP from the Device Protocol menu.
Step 5 Choose None for the Trunk Service Type.
Step 6 Click Next.
Step 7 Enter CUPS-SIP-Trunk for the Device Name.
Step 8 Choose a device pool from the Device Pool menu.
Step 9 In the SIP Information section at the bottom of the window, configure the following values:
a) In the Destination Address field, enter the Dotted IP Address, or the FQDN, which can be resolved by
DNS and must match the SRV Cluster Name configured on the IM and Presence node.
b) Check the Destination Address is an SRV if you are configuring a multinode deployment.
In this scenario, Cisco Unified Communications Manager performs a DNS SRV record query to resolve
the name, for example _sip._tcp.hostname.tld. If you are configuring a single-node deployment, leave this
checkbox unchecked and Cisco Unified Communications Manager will perform a DNS A record query
to resolve the name, for example hostname.tld.
Cisco recommends that you use the IM and Presence Service default domain as the destination address of
the DNS SRV record.
Note You can specify any domain value as the destination address of the DNS SRV record. No users
need to be assigned to the domain that is specified. If the domain value that you enter differs from
the IM and Presence Service default domain, you must ensure that the SIP Proxy Service Parameter
called SRV Cluster Name on IM and Presence Service matches the domain value that you specify
in the DNS SRV record. If you use the default domain, then no changes are required to the SRV
Cluster Name parameter.
In both scenarios, the Cisco Unified Communications SIP trunk Destination Address must resolve by DNS
and match the SRV Cluster Name configured on the IM and Presence node.
c) Enter 5060 for the Destination Port.
d) Choose Non Secure SIP Trunk Profile from the SIP Trunk Security Profile menu.
e) Choose Standard SIP Profile from the SIP Profile menu.
Step 10 Click Save.
Troubleshooting Tip
If you modify the DNS entry of the Publish SIP Trunk SRV record by changing the port number or IP address,
you must restart all devices that previously published to that address and ensure each device points to the
correct IM and Presence Service contact.

Related Topics
Configure Cluster-Wide DNS SRV Name for SIP Publish Trunk, on page 89
Configure SIP Trunk Security Profile for IM and Presence Service, on page 54

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
55
 SIP Trunk Configuration on Cisco Unified Communications Manager

Configure SIP Publish Trunk on IM and Presence Service, on page 89

Presence Gateway Configuration Option, on page 88

Configure Phone Presence for Unified Communications Manager Outside of Cluster

You can allow phone presence from a Cisco Unified Communications Manager that is outside of the IM and
Presence Service cluster. Default requests from a Cisco Unified Communications Manager that is outside of
the cluster will not be accepted by IM and Presence Service. You can also configure a SIP Trunk on Cisco
Unified Communications Manager.
You must configure the TLS context before you configure the TLS peer subject.

Configure TLS Peer Subject

In order for the IM and Presence Service to accept a SIP PUBLISH from a Cisco Cisco Unified Communications
Manager outside of its cluster, the Cisco Cisco Unified Communications Manager needs to be listed as a TLS
Trusted Peer of the IM and Presence Service.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > System > Security > TLS Peer Subjects.
Step 2 Click Add New.
Step 3 Enter the IP Address of the external Cisco Cisco Unified Communications Manager in the Peer Subject
Name field.
Step 4 Enter the name of the node in the Description field.
Step 5 Click Save.

What to Do Next
Configure the TLS context.

Configure TLS Context

Use the following procedure to configure TLS context.

Before You Begin

Configure the TLS peer subject.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
56
 Verify Required Services Are Running on Cisco Unified Communications Manager

Procedure

Step 1 Choose Cisco Unified CM IM and Presence AdministrationSystemSecurityTLS Context Configuration.

Step 2 Click Find.
Step 3 Click Default_Cisco_UP_SIP_Proxy_Peer_Auth_TLS_Context.
Step 4 From the list of available TLS peer subjects, choose the TLS peer subject that you configured.
Step 5 Move this TLS peer subject to Selected TLS Peer Subjects.
Step 6 Click Save.
Step 7 Restart the OAMAgent.
Step 8 Restart the Cisco Presence Engine.
Tip You must restart in this order for the changes to take
effect.

Verify Required Services Are Running on Cisco Unified Communications

Manager
You can view, start, and stop Cisco Unified Communications Manager services from a Cisco Unified
Communications Manager node or an IM and Presence Service node. The following procedure provides steps
to follow on a Cisco Unified Communications Manager node. To view Cisco Unified Communications
Manager services from an IM and Presence Service node, choose Cisco Unified IM and Presence
Serviceability > Tools > Service Activation.

Procedure

Step 1 On Cisco Unified Communications Manager, choose Cisco Unified Serviceability > Tools > Control Center
- Feature Services.
Step 2 Choose a Cisco Unified Communications Manager node from the Server menu.
Step 3 Make sure that the following services are running:
• Cisco CallManager
• Cisco TFTP
• Cisco CTIManager
• Cisco AXL Web Service (for data synchronization between IM and Presence and Cisco Unified
Communications Manager)
Tip To turn on a service on Cisco Unified Communications Manager, choose Cisco Unified
Serviceability > Tools > Service Activation.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
57
 Verify Required Services Are Running on Cisco Unified Communications Manager

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
58
 CHAPTER 6
IM and Presence Service Network Setup
• Configuration changes and service restart notifications, page 59
• DNS Domain Configuration, page 60
• IM and Presence Service Default Domain Configuration, page 64
• IM Address Configuration, page 65
• Domain Management for IM and Presence Service Clusters, page 72
• Routing Information Configuration on IM and Presence Service, page 74
• IPv6 Configuration, page 78
• Configure Proxy Server Settings, page 81
• Services on IM and Presence Service, page 82

Configuration changes and service restart notifications

Service Restart Notifications

If you make a configuration change in Cisco Unified CM IM and Presence Administration that impacts an
IM and Presence XCP service, you will need to restart XCP services for your changes to take effect. IM and
Presence Service notifies you of exactly which node the configuration change impacts and of any service that
you must restart. An Active Notifications popup window displays on each page of Cisco Unified CM IM and
Presence Administration to serve as a visual reminder that you must restart services. Use your mouse to hover
over the dialog bubble icon to see the list of active notifications (if any) and associated severity levels. From
the list of active notifications you can go directly to Cisco Unified IM and Presence Serviceability, where you
can restart the required service.
It is good practice to monitor the service restart popup window for service restart notifications, particularly
if you make configuration changes after you deploy IM and Presence Service in the network. Most tasks in
the accompanying documentation indicate if service restarts are required.
See the Online Help topic on Service Restart Notifications for information about the types of service
notifications, and the service notification security levels.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
59
 DNS Domain Configuration

Cisco XCP Router Restart

The Cisco XCP Router must be running for all availability and messaging services to function properly on
IM and Presence Service. This applies to both SIP-based and XMPP-based client messaging. If you restart
the Cisco XCP Router, IM and Presence Service automatically restarts all active XCP services.
The topics in this module indicate if you need to restart the Cisco XCP Router following a configuration
change. Note that you must restart the Cisco XCP Router, not turn off and turn on the Cisco XCP Router. If
you turn off the Cisco XCP Router, rather than restart this service, IM and Presence Service stops all other
XCP services. Subsequently when you then turn on the XCP router, IM and Presence Service will not
automatically turn on the other XCP services; you need to manually turn on the other XCP services.

Restart Cisco XCP Router Service

Procedure

Step 1 On IM and Presence Service, choose Cisco Unified IM and Presence Serviceability > Tools > Control
Center - Network Services.
Step 2 Choose the node from the Server list box and select Go.
Step 3 Click the radio button next to the Cisco XCP Router service in the IM and Presence Service section.
Step 4 Click Restart.
Step 5 Click OK when a message indicates that restarting may take a while.

DNS Domain Configuration

The Cisco Unified Communications Manager IM and Presence Service supports flexible node deployment
across any number of DNS domains. To support this flexibility, all IM and Presence Service nodes within the
deployment must have a node name set to that node's Fully Qualified Domain Name (FQDN). Some sample
node deployment options are described below.

Note If any IM and Presence Service node name is based on the hostname only, then all IM and Presence Service
nodes must share the same DNS domain.
There is no requirement that the IM and Presence Service default domain or any other IM domain that is
hosted by the system to align with the DNS domain. An IM and Presence Service deployment can have
a common presence domain, while having nodes deployed across multiple DNS domains.

For more information, see Changing IP Address and Hostname for Cisco Unified Communications Manager
and IM and Presence Service.

Related Topics
Specify DNS Domain Associated with Cisco Unified Communications Manager Cluster, on page 64
IM and Presence Service Default Domain Configuration
Node Name Recommendations

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
60
 DNS Domain Configuration

IM and Presence Service Clusters Deployed in Different DNS Domain or Subdomains

IM and Presence Service supports having the nodes associated with one IM and Presence Service cluster in
a different DNS domain or subdomain to the nodes that form a peer IM and Presence Service cluster. The
diagram below highlights a sample deployment scenario that is supported.

Figure 6: IM and Presence Service Clusters Deployed in Different DNS Domain or Subdomains

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
61
 DNS Domain Configuration

IM and Presence Service Nodes Within Cluster Deployed in Different DNS Domains or
Subdomains
IM and Presence Service supports having the nodes within any IM and Presence Service cluster deployed
across multiple DNS domains or subdomains. The diagram below highlights a sample deployment scenario
that is supported.

Figure 7: IM and Presence Service Nodes Within a Cluster Deployed in Different DNS Domains or Subdomains

Note High availability is also fully supported in scenarios where the two nodes within a presence redundancy
group are in different DNS domains or subdomains.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
62
 DNS Domain Configuration

IM and Presence Service Nodes Within Cluster Deployed in DNS Domain That is Different
Than the Associated Cisco Unified Communications Manager Cluster
IM and Presence Service supports having the IM and Presence Service nodes in a different DNS domain to
their associated Cisco Unified Communications Manager cluster. The diagram below highlights a sample
deployment scenario that is supported.

Figure 8: IM and Presence Service Nodes Within a Cluster Deployed in a DNS Domain That is Different Than the Associated
Cisco Unified Communications Manager Cluster

Note To support Availability Integration with Cisco Unified Communications Manager, the CUCM Domain
SIP Proxy service parameter must match the DNS domain of the Cisco Unified Communications Manager
cluster.
By default, the CUCM Domain SIP Proxy service parameter is set to the DNS domain of the IM and
Presence database publisher node. Therefore, if the DNS domain of the IM and Presence database publisher
node differs from the DNS domain of the Cisco Unified Communications Manager cluster, you must
update this service parameter using the Cisco Unified CM IM and Presence Administration GUI on the
IM and Presence database publisher node. Refer to the topic Specify DNS domain associated with Cisco
Unified Communications Manager for more information.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
63
 IM and Presence Service Default Domain Configuration

Specify DNS Domain Associated with Cisco Unified Communications Manager Cluster

Note This procedure is required only if the DNS domain of the IM and Presence database publisher node differs
from that of the Cisco Unified Communications Manager nodes.

IM and Presence Service maintains Access Control List (ACL) entries for all Cisco Unified Communications
Manager nodes within the cluster. This enables seamless sharing of Availability between the nodes. These
ACL entries are FQDN based and are generated by appending the Cisco Unified Communications Manager
hostname to the DNS domain of the IM and Presence database publisher node.
If the DNS domain of the IM and Presence database publisher node differs from that of the Cisco Unified
Communications Manager nodes, then invalid ACL entries will be added. To avoid this, you must perform
the following procedure from the Cisco Unified CM IM and Presence Administration GUI of the IM and
Presence database publisher node.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > System > Service Parameters.
Step 2 From the Server drop-down list, choose the IM and Presence Service node.
Step 3 From the Service drop-down list, choose Cisco SIP Proxy.
Step 4 Edit the CUCM Domain field in the General Proxy Parameters (Clusterwide) section to match the DNS
domain of the Cisco Unified Communications Manager nodes.
By default this parameter is set to the DNS domain of the IM and Presence database publisher node.

Step 5 Click Save.

Related Topics
DNS Domain Configuration, on page 60

IM and Presence Service Default Domain Configuration

Follow this procedure if you want to change the default domain value for IM and Presence Service within a
cluster. This procedure is applicable if you have a DNS or non-DNS deployment.

Caution Disable high availability for the presence redundancy group before you stop any services as part of this
procedure. If you stop the services while high availability is enabled, a system failover will occur.

This procedure changes only the default domain of the IM and Presence Service cluster. It does not change
the DNS domain associated with any IM and Presence Service node within that cluster. For instructions on
how to change the DNS domain of an IM and Presence Service node, see Changing IP Address and Hostname
for Cisco Unified Communications Manager and IM and Presence Service.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
64
 IM Address Configuration

Note The default domain is configured when you add an IM and Presence Service publisher node to Cisco
Unified Communications Manager. If the system fails to retrieve the default domain value from the Cisco
Unified Communications Manager during node installation, the default domain value is reset to
DOMAIN.NOT.SET. Use this procedure to change the IM and Presence Service default domain value to
a valid domain value.

Procedure

Step 1 Stop the following services on all IM and Presence Service nodes in your cluster in the order listed:
• Cisco Client Profile Agent
• Cisco XCP Router
Note When you stop the Cisco XCP Router, all XCP feature service is automatically stopped.

• Cisco Sync Agent

• Cisco SIP Proxy
• Cisco Presence Engine

Step 2 On the IM and Presence Service database publisher node, perform the following steps to configure the new
domain value:
a) Choose Cisco Unified CM IM and Presence Administration > Presence > Settings > Advanced
Configuration.
b) Choose Default Domain.
c) In the Domain Name field, enter the new presence domain and click Save.
A system update can take up to 1 hour to complete. If the update fails, the Re-try button appears. Click
Re-try to reapply the changes or click Cancel.

Step 3 On all nodes in the cluster, manually start all services that had been stopped at the beginning of this procedure.
On every node in the cluster, manually restart any XCP feature services that were previously running.

IM Address Configuration

IM Address Configuration Requirements

The IM and Presence Service default domain and the IM address scheme that you use must be consistent
across all IM and Presence Service clusters. The IM address scheme you set affects all user JIDs and cannot
be performed in a phased manner without disrupting communication between clusters which may have different
settings.
If any of the deployed clients do not support directory URI as the IM address, administrators should disable
the directory URI IM address scheme.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
65
 IM Address Configuration

The following services must be stopped on all nodes in the cluster before you can configure the IM address
scheme:
• Cisco Client Profile Agent
• Cisco XCP Router
• Cisco Sync Agent
• Cisco SIP Proxy
• Cisco Presence Engine

See the interactions and restrictions topics for detailed requirements that are specific to each of the IM address
schemes, and see the IM address configuration planning topics for additional information before you configure
the IM address on IM and Presence Service.

UserID@Default_Domain IM Address Interactions and Restrictions

The following restrictions apply to the UserID@Default_Domain IM address scheme:
• All IM addresses are part of the IM and Presence default domain, therefore, multiple domains are not
supported.
• The IM address scheme must be consistent across all IM and Presence Service clusters.
• The default domain value must be consistent across all clusters.
• If UserID is mapped to an LDAP field on Cisco Unified Communications Manager, that LDAP mapping
must be consistent across all clusters.

Directory URI IM Address Interactions and Restrictions

To support multiple domain configurations, you must set Directory URI as the IM address scheme for IM and
Presence Service.

Caution If you configure the node to use Directory URI as the IM address scheme, Cisco recommends that you
deploy only clients that support Directory URI. Any client that does not support Directory URI will not
work if the Directory URI IM address scheme is enabled. Cisco recommends that you use the
UserID@Default_Domain IM address scheme and not the Directory URI IM address scheme if you have
any deployed clients that do not support Directory URI.

Observe the following restrictions and interactions when using the Directory URI IM address scheme:
• All users have a valid Directory URI value configured on Cisco Unified Communications Manager.
• All deployed clients must support Directory URI as the IM address and use either EDI-based or
UDS-based directory integration.

Note For UDS-based integration with Jabber, you must be running at least release 10.6 of
Jabber.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
66
 IM Address Configuration

• The IM address scheme must be consistent across all IM and Presence Service clusters.
• All clusters must be running a version of Cisco Unified Communications Manager that supports the
Directory URI addressing scheme.
• If LDAP Sync is disabled, you can set the Directory URI as a free-form URI. If LDAP Directory Sync
is enabled, you can map the Directory URI to the email address (mailid) or the Microsoft OCS/Lync
SIP URI (msRTCSIP-PrimaryUserAddress).
• The Directory URI IM address settings are global and apply to all users in the cluster. You cannot set a
different Directory URI IM address for individual users in the cluster.

Configure IM Address Scheme

The UserID@Default_Domain IM address scheme is the default option when you perform a fresh installation
or upgrade IM and Presence Service from an earlier version. You can configure the IM address scheme for
the IM and Presence Service cluster using the Cisco Unified CM IM and Presence Administration GUI.

Caution Disable high availability for the presence redundancy group before you stop any services as part of this
procedure. If you stop the services while high availability is enabled, a system failover will occur.

Note The IM address scheme that you choose must be consistent across all IM and Presence Service clusters.

Before You Begin

• Stop the following services on all IM and Presence Service nodes in the cluster:
• Cisco Client Profile Agent
• Cisco XCP Router

Note When you stop the Cisco XCP Router, all XCP feature service is automatically stopped.

• Cisco Sync Agent

• Cisco SIP Proxy
• Cisco Presence Engine

• Ensure that all users that are currently in the cluster are correctly provisioned.

Note Use the IM and Presence Service troubleshooter to determine if end users are correctly provisioned and
that there are no invalid or duplicate users.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
67
 IM Address Configuration

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Presence > Settings > Advanced
Configuration.
The Advanced configuration window appears.

Step 2 Choose IM Address Scheme, and then choose either UserID@[Default Domain] or Directory URI.
Tip The IM address scheme becomes available only after the required services on IM and Presence Service
are stopped.
Step 3 Click Save.
You can monitor the progress of the update in the status area.
If you chose Directory URI as the IM address scheme, you may be prompted to ensure that the deployed
clients can support multiple domains. Click OK to proceed or click Cancel.
If any user has an invalid Directory URI setting, a dialog box appears. Click OK to proceed or click Cancel,
and then fix the user settings before reconfiguring the IM address scheme.
A system update can take up to 1 hour to complete. If the update fails, the Re-try button appears. Click Re-try
to reapply the changes or click Cancel.

What to Do Next
If the system updated successfully, you can restart all services that are stopped and any previously running
XCP feature services in the cluster. Use the troubleshooter to verify the configuration.

Configure IM Address Task Flow

Complete the following tasks to configure IM addressing for your system.

Note If you only want to edit existing IM user addresses and you do not want to change the default domain or
the IM addressing scheme, you can proceed to step 4.

Procedure

Command or Action Purpose

Step 1 Stop Services, on page You must stop essential IM and Presence services before updating your
69 IM addressing configuration.

Step 2 Assign IM Addressing Update your IM addressing configuration with new settings such as the
Scheme, on page 70 default domain and IM addressing scheme.

Step 3 Restart Services, on Restart essential IM and Presence services. You must restart services
page 71 before updating user addresses or provisioning users.

Step 4 Update IM user Update IM user addresses by configuring the corresponding user settings
addresses in Cisco Unified Communications Manager. The IM addressing scheme

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
68
 IM Address Configuration

Command or Action Purpose

that you configured determines which end user information derives the
IM address.
• To provision new IM users, see the "Configure End Users" part of
the System Configuration Guide for Cisco Unified Communications
Manager at http://www.cisco.com/c/en/us/support/
unified-communications/
unified-communications-manager-callmanager/
products-installation-and-configuration-guides-list.html.
• To edit existing user configurations, see the "Manage End Users"
chapter of the Administration Guide for Cisco Unified
Communications Manager at http://www.cisco.com/c/en/us/support/
unified-communications/
unified-communications-manager-callmanager/
products-maintenance-guides-list.html.

Stop Services
Prior to updating your IM addressing scheme configuration stop essential IM and Presence Services. Make
sure to stop services in the prescribed order.

Before You Begin

If you have High Availability configured, disable it before you stop services. Otherwise, a system failover
will occur.
For details, see the 'Presence Redundancy Groups' chapter of the System Configuration Guide for Cisco Unified
Communications Manager at http://www.cisco.com/c/en/us/support/unified-communications/
unified-communications-manager-callmanager/products-installation-and-configuration-guides-list.html.

Procedure

Step 1 From Cisco Unified IM and Presence Serviceability, choose Tools > Control Center – Network Services
Step 2 Stop the following IM and Presence Services, in this order, by selecting the service and clicking the Stop
button:
a) Cisco Sync Agent
b) Cisco Client Profile Agent
Step 3 After both services have stopped, choose Tools > Control Center – Feature Services and stop the following
services in this order:
a) Cisco Presence Engine
b) Cisco SIP Proxy
Step 4 After both services have stopped, choose Tools > Control Center – Feature Services and stop the following
service:

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
69
 IM Address Configuration

• Cisco XCP Router

Note When you stop the XCP Router service, all related XCP feature services stop automatically.

What to Do Next
After services are stopped, you can update your IM addressing scheme.
Assign IM Addressing Scheme, on page 70

Assign IM Addressing Scheme

Use this procedure to configure a new domain and IM address scheme, or to update an existing domain and
address scheme.

Note Make sure that the IM addressing scheme that you configure is consistent across all clusters.

Before You Begin

Make sure to stop services before you configure an addressing scheme. For details, see:
Stop Services, on page 69

Procedure

Step 1 In Cisco Unified CM IM and Presence Administration, choose Presence > Settings > Advanced
Configuration.
Step 2 To assign a new default domain, check the Default Domain check box and, in the text box, enter the new
domain.
Step 3 To change the address scheme, check the IM Address Scheme check box, and select one of the following
options from the drop-down list box:
• UserID@[Default_Domain]—Each IM user address is derived from the UserID along with the default
domain. This is the default setting.
• Directory URI—Each IM user address matches the directory URI that is configured for that user in
Cisco Unified Communications Manager.

Step 4 Click Save.

If you chose Directory URI as the IM address scheme, you may be prompted to ensure that the deployed
clients can support multiple domains. Click OK to proceed or click Cancel.
If any user has an invalid Directory URI setting, a dialog box appears. Click OK to proceed or click Cancel,
and then fix the user settings before reconfiguring the IM address scheme.
A system update can take up to 1 hour to complete. Click Re-try to reapply the changes or click Cancel.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
70
 IM Address Configuration

What to Do Next
After your addressing scheme is assigned, you can restart services.
Restart Services, on page 71

Restart Services
Once your IM addressing scheme is configured, restart services. You must do this prior to updating user
address information or provisioning new users. Make sure to follow the prescribed order in starting services.

Before You Begin

Assign IM Addressing Scheme, on page 70

Procedure

Step 1 From Cisco Unified IM and Presence Serviceability, choose Tools > Control Center – Network Services.
Step 2 Start the following service by selecting the service and clicking the Start button:
• Cisco XCP Router

Step 3 After the service starts, choose Tools > Control Center – Feature Services and start the following services
in this order:
a) Cisco SIP Proxy
b) Cisco Presence Engine
Step 4 Confirm that the Cisco Presence Engine service is running on all nodes before proceeding to the next step.
Step 5 Choose Tools > Control Center – Network Services and start the following services in this order:
a) Cisco Client Profile Agent
b) Cisco Sync Agent

What to Do Next
Once services are up and running, you can update end user IM addresses. IM addresses are derived from user
IDs or directory URIs that are provisioned in Cisco Unified Communications Manager depending on which
IM address scheme you configured.
• To provision new IM users, see the "Configure End Users" part of the System Configuration Guide for
Cisco Unified Communications Manager at http://www.cisco.com/c/en/us/support/
unified-communications/unified-communications-manager-callmanager/
products-installation-and-configuration-guides-list.html.
• To edit existing user configurations, see the "Manage End Users" chapter of the Administration Guide
for Cisco Unified Communications Manager at http://www.cisco.com/c/en/us/support/
unified-communications/unified-communications-manager-callmanager/
products-maintenance-guides-list.html.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
71
 Domain Management for IM and Presence Service Clusters

Domain Management for IM and Presence Service Clusters

You can manually add, update, and delete local IM address domains using the Cisco Unified CM IM and
Presence Administration GUI.
The IM and Presence Domain window displays the following domains:
• Administrator-managed IM address domains. These are internal domains that are added manually but
not yet assigned to any users, or they were added automatically by the Sync Agent but the user's domain
has since changed and so it is no longer in use.
• System-managed IM address domains. These are internal domains that are in use by a user in the
deployment and which can be added either manually or automatically.

If the domain appears in the IM and Presence Domain window, the domain is enabled. There is no enabling
or disabling of domains.
The Cisco Sync Agent service performs a nightly audit and checks the Directory URI of each user on the local
cluster, and on the peer cluster if interclustering is configured, and automatically builds a list of unique domains.
A domain changes from being administrator managed to system managed when a user in the cluster is assigned
that domain. The domain changes back to administrator managed when the domain is not in use by any user
in the cluster.

Note All IM and Presence Service and Cisco Unified Communications Manager nodes and clusters must support
multiple domains to use this feature. Ensure that all nodes in the IM and Presence Service clusters are
operating using Release 10.0 or greater and that Directory URI IM addressing is configured.

IM Domain Management Interactions and Restrictions

• You can add or delete only administrator-managed domains that are associated with the local cluster.
• You cannot edit system managed domains.
• You cannot edit system-managed or administrator managed domains that are associated with other
clusters.
• It is possible to have a domain configured on two clusters, but in use on only the peer cluster. This
appears as a system-managed domain on the local cluster, but is identified as being in use on only the
peer cluster.
• Some security certificates may need to be regenerated after you manually add, update, or delete a domain.
When generating a self-signed certificate or a certificate signing request (CSR), the Subject Common
Name (CN) is set to the FQDN of the node, while the local IM and Presence default domain and all
additional domains hosted by the system are added to the certificate as Subject Alt Names (SAN).
• For XMPP Federation over TLS, you must regenerate the TLS certificate if adding or removing an IM
address domain.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
72
 Domain Management for IM and Presence Service Clusters

View IM Address Domains

All system-managed and administrator-managed presence domains across the IM and Presence Service
deployment are displayed in the Presence > Domains> Find and List Domains window. A check mark in
one of the information fields indicates if a domain is associated with the local cluster and/or with any peer
clusters. The following information fields are displayed for administrator-managed presence domains:
• Domain
• Configured on Local Cluster
• Configured on Peer Cluster(s)

The following information fields are displayed for system-managed presence domains:
• Domain
• In use on Local Cluster
• In use on Peer Cluster(s)

Procedure

Choose Cisco Unified CM IM and Presence Administration > Presence > Domains. The Find and List
Domains window appears.

Add or Update IM Address Domains

You can manually add IM address domains to your local cluster and update existing IM address domains that
are on your local cluster using Cisco Unified CM IM and Presence Administration GUI.
You can enter a domain name of up to a maximum of 255 characters and each domain must be unique across
the cluster. Allowable values are any upper- or lowercase letter (a-zA-Z), any number (0-9), the hyphen (-),
or the dot (.). The dot serves as a domain label separator. Domain labels must not start with a hyphen. The
last label (for example, .com) must not start with a number. Abc.1om is an example of an invalid domain.
System-managed domains cannot be edited because they are in use. A system-managed domain automatically
becomes an administrator-managed domain if there are no longer users on the system with that IM address
domain (for example, if the users are deleted). You can edit or delete administrator-managed domains.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Presence > Domains.
The Find and List Domains window appears displaying all administrator-managed and system-managed IM
address domains.

Step 2 Perform one of the following actions:

• Click Add New to add a new domain. The Domains window appears.
• Choose the domain to edit from the list of domains. The Domains window appears.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
73
 Routing Information Configuration on IM and Presence Service

Step 3 Enter a unique domain name up to a maximum of 255 characters in the Domain Name field, and then click
Save.
Tip A warning message appears. If you are using TLS XMPP Federation, proceed to generate a new TLS
certificate.

Delete IM Address Domains

You can delete administrator-managed IM address domains that are in the local cluster using Cisco Unified
CM IM and Presence Administration GUI.
System-managed domains cannot be deleted because they are in use. A system-managed domain automatically
becomes an administrator-managed domain if there are no longer users on the system with that IM address
domain (for example, if the users are deleted). You can edit or delete administrator-managed domains.

Note If you delete an administrator-managed domain that is configured on both local and peer clusters, the
domain remains in the administrator-managed domains list; however, that domain is marked as configured
on the peer cluster only. To completely remove the entry, you must delete the domain from all clusters
on which it is configured.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Presence > Domains.
The Find and List Domains window appears displaying all administrator-managed and system-managed IM
address domains.

Step 2 Choose the administrator-managed domains to delete using one of the following methods, and then click
Delete Selected.
• Check the check box beside the domains to delete.
• Click Select All to select all domains in the list of administrator-managed domains.

Tip Click Clear All to clear all

selections.
Step 3 Click OK to confirm the deletion or click Cancel.

Routing Information Configuration on IM and Presence Service

Routing Communication Recommendations

MDNS is the default mechanism for establishing the XCP route fabric on IM and Presence Service; the network
automatically establishes router-to-router connections between all IM and Presence Service nodes in a cluster.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
74
 Routing Information Configuration on IM and Presence Service

A requirement for MDNS routing is that all nodes in the cluster are in the same multicast domain. We
recommend MDNS routing because it can seamlessly support new XCP routers joining the XCP route fabric.
If you choose MDNS as the routing communication, you must have multicast DNS enabled in your network.
In some networks multicast is enabled by default, or enabled in a certain area of the network, for example, in
an area that contains the nodes that form the cluster. In these networks, you do not need to perform any
additional configuration in your network to use MDNS routing. When multicast DNS is disabled in the network,
MDNS packets cannot reach the other nodes in a cluster. If multicast DNS is disabled in your network, you
must perform a configuration change to your network equipment to use MDNS routing.
Alternatively, you can choose router-to-router communication for your deployment. In this case, IM and
Presence Service dynamically configures all router-to-router connections between nodes in a cluster. Choose
this routing configuration type if all the nodes in your cluster are not in the same multicast domain. Note that
when you choose router-to-router communication:
• Your deployment will incur the additional performance overhead while IM and Presence Service
establishes the XCP route fabric.
• You do not need to restart the Cisco XCP Router on all nodes in your deployment when you add a new
node.
• If you delete or remove a node, you must restart the Cisco XCP Router on all nodes in your deployment.

Configure MDNS Routing and Cluster ID

At installation, the system assigns a unique cluster ID to the IM and Presence database publisher node. The
systems distributes the cluster ID so that all nodes in your cluster share the same cluster ID value. The nodes
in the cluster use the cluster ID to identify other nodes in the multicast domain using MDNS. A requirement
for MDNS routing is that the cluster ID value is unique to prevent nodes in one standalone IM and Presence
Service cluster from establishing router-to-router connections with nodes in another standalone cluster.
Standalone clusters should only communicate over intercluster peer connections.
Choose Cisco Unified CM IM and Presence Administration > Presence > Settings > Standard
Configuration to view or configure the cluster ID value for a cluster. If you change the cluster ID value,
make sure that the value remains unique to your IM and Presence Service deployment.

Note If you deploy the Chat feature, IM and Presence Service uses the cluster ID value to define chat node
aliases. There are certain configuration scenarios that may require you to change the cluster ID value. See
the Group Chat module for details.

Related Topics
Chat Setup and Management, on page 191

Configure Routing Communication

To allow the nodes in a cluster to route messages to each other, you must configure the routing communication
type. This setting determines the mechanism for establishing router connections between nodes in a cluster.
Configure the routing communication type on the IM and Presence database publisher node, and IM and
Presence Service applies this routing configuration to all nodes in the cluster.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
75
 Routing Information Configuration on IM and Presence Service

For single node IM and Presence Service deployments, we recommend that you leave the routing communication
type at the default setting.

Caution You must configure the routing communication type before you complete your cluster configuration and
start to accept user traffic into your IM and Presence Service deployment.

Before You Begin

• If you want to use MDNS routing, confirm that MDNS is enabled in your network.
• If you want to use router-to-router communication, and DNS is not available in your network, for each
node you must configure the IP address as the node name in the cluster topology. To edit the node name,
choose Cisco Unified CM IM and Presence Administration > System > Presence Topology, and
click the edit link on a node. Perform this configuration after you install IM and Presence Service, and
before you restart the Cisco XCP Router on all nodes.

Attention When using the Cisco Jabber client, certificate warning messages can be encountered if the IP address is
configured as the IM and Presence Service node name. To prevent Cisco Jabber from generating certificate
warning messages, the FQDN should be used as the node name.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > System > Service Parameters.
Step 2 Choose an IM and Presence Service node from the Server drop-down list.
Step 3 Choose Cisco XCP Router from the Service drop-down list.
Step 4 Choose one of these Routing Communication Types from the menu:
• Multicast DNS (MDNS) - Choose Multicast DNS communication if the nodes in your cluster are in
the same multicast domain. Multicast DNS communication is enabled by default on IM and Presence
Service.
• Router to Router - Choose Router-to-Router communication if the nodes in your cluster are not in the
same multicast domain.

Step 5 Click Save.

Step 6 Restart the Cisco XCP Router service on all nodes in your deployment.

Related Topics
Restart Cisco XCP Router Service, on page 60

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
76
 Routing Information Configuration on IM and Presence Service

Configure Cluster ID
At installation, the system assigns a default unique cluster ID to the IM and Presence database publisher node.
If you configure multiple nodes in the cluster, the systems distributes the cluster ID so that each node in your
cluster shares the same cluster ID value.
We recommend that you leave the cluster ID value at the default setting. If you do change the cluster ID value,
note the following:
• If you choose MDNS routing, all nodes must have the same cluster ID to allow them to identify other
nodes in the multicast domain.
• If you are deploying the Group Chat feature, IM and Presence Service uses the cluster ID value for chat
node alias mappings, and there are certain configuration scenarios that may require you to change the
cluster ID value. See the Group Chat module for details.

If you change the default Cluster ID value, you only need to make this change on the IM and Presence database
publisher node, and the system replicates the new Cluster ID value to the other nodes in the cluster.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Presence > Settings > Standard
Configuration.
Step 2 View or edit the Cluster ID value.
Note By default, IM and Presence Service assigns the cluster ID value “StandaloneCluster” to a cluster.

Step 3 Click Save.

Tip IM and Presence Service does not permit the underscore character (_) in the Cluster ID value. Ensure
the Cluster ID value does not contain this character.

Related Topics
Chat Setup and Management, on page 191

Configure Throttling Rate for Availability State Change Messages

To prevent an overload of the on IM and Presence Service, you can configure the rate of availability (presence)
changes sent to the Cisco XCP Router in messages per second. When you configure this value, IM and Presence
Service throttles the rate of availability (presence) changes back to meet the configured value.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
77
 IPv6 Configuration

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > System > Service Parameters.
Step 2 Choose the IM and Presence Service node from the Server menu.
Step 3 Choose Cisco Presence Engine from the Service menu.
Step 4 In the Clusterwide Parameters section, edit the Presence Change Throttle Rate parameter. This parameter
defines the number of presence updates per second.
Step 5 Click Save.

IPv6 Configuration
To enable IPv6 for IM and Presence Service, you must perform the following tasks:
• Configure IPv6 on Eth0 for each IM and Presence Service node in the cluster using either the Cisco
Unified IM and Presence OS Administration GUI or the Command Line Interface.
• Enable the IPv6 enterprise parameter for the IM and Presence Service cluster.

You must configure IPv6 for both the IM and Presence Service enterprise network and for Eth0 on each IM
and Presence Service node for IPv6 to be used; otherwise, the system attempts to use IPv4 for IP traffic. For
example, if the enterprise parameter is set to IPv6 and only one of two nodes in the cluster has their Eth0 port
set for IPv6, then only the node with the port set to IPv6 is enabled for IPv6. The other node will attempt to
use IPv4.
For configuration changes to the IPv6 enterprise parameter to take affect, you must restart the following
services on IM and Presence Service:
• Cisco SIP Proxy
• Cisco Presence Engine
• Cisco XCP Router

For instructions to configure IPv6 for IM and Presence Service, see Configuration and Administration of IM
and Presence Service on Cisco Unified Communications Manager.
For more information about using the Command Line Interface to configure IPv6 parameters, see the Cisco
Unified Communications Manager Administration Guide and the Command Line Interface Guide for Cisco
Unified Communications Solutions.

Related Topics
Important Notes, on page 150

IPv6 Interactions and Restrictions

Observe the following interactions and restrictions when configuring IPv6 on IM and Presence Service and
when interacting with external IPv6 devices and networks:

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
78
 IPv6 Configuration

• You can use IPv6 for your external interfaces on IM and Presence Service even though the connection
between IM and Presence Service and Cisco Unified Communications Manager uses IPv4.
• You must configure IPv6 for the IM and Presence Service enterprise network and for Eth0 on each IM
and Presence Service node to use IPv6; otherwise, the system attempts to use IPv4 for IP traffic on the
external interfaces. For example, if the enterprise parameter is set to IPv6 and only one of two nodes in
the cluster has their Eth0 port set for IPv6, then only the node with the port set to IPv6 is enabled for
IPv6. The other node will attempt to use IPv4.

Note If for any reason IPv6 gets disabled for either the enterprise parameter or for ETH0 on
the IM and Presence Service node, the node can still perform internal DNS queries and
connect to the external LDAP or database server if the server hostname that is configured
on IM and Presence Service is a resolvable IPv6 address.

• For federation, you must enable IM and Presence Service for IPv6 if you need to support federated links
to a foreign Enterprise that is IPv6 enabled. This is true even if there is an ASA installed between the
IM and Presence Service node and the federated Enterprise. The ASA is transparent to the IM and
Presence Service node.
• If IPv6 is configured for any of the following items on the IM and Presence Service node, the node will
not accept incoming IPv4 packets and will not automatically revert to using IPv4. To use IPv4, you must
ensure that the following items are configured for IPv4 if they appear in your deployment:
• Connection to an external database.
• Connection to an LDAP server.
• Connection to an Exchange server.
• Federation deployments.

Enable IPv6 on Eth0 for IM and Presence Service

Use Cisco Unified IM and Presence Operating System Administration GUI to enable IPv6 on the Eth0 port
of each IM and Presence Service node in the cluster to use IPv6. You must reboot the node to apply the
changes.

Note To complete the IPv6 configuration, you must also enable the IPv6 enterprise parameter for the cluster
and set the IPv6 name parameter after configuring Eth0 and rebooting the node.

Procedure

Step 1 Choose Cisco Unified IM and Presence OS Administration > Settings > IP > Ethernet IPv6. The Ethernet
IPv6 Configuration window appears.
Step 2 Check the Enable IPv6 check box.
Step 3 Choose the Address Source:

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
79
 IPv6 Configuration

• Router Advertisement
• DHCP
• Manual Entry

If you selected Manual Entry, enter the IPv6 Address, Subnet Mask, and the Default Gateway values.

Step 4 Check the Update with Reboot check box.

Tip Do not check the Update with Reboot check box if you want to manually reboot the node at a later
time, such as during a scheduled maintenance window; however, the changes you made do not take
effect until you reboot the node.
Step 5 Click Save.
If you checked the Update with Reboot check box, the node reboots and the changes are applied.

What to Do Next
Proceed to enable the IPv6 enterprise parameter for the IM and Presence Service cluster using Cisco Unified
CM IM and Presence Administration, and then set the IPv6 name parameter using Common Topology.

Disable IPv6 on Eth0 for IM and Presence Service

Use Cisco Unified IM and Presence Operating System Administration GUI to disable IPv6 on the Eth0 port
of each IM and Presence Service node in the cluster that you do not want to use IPv6. You must reboot the
node to apply the changes.

Note If you do not want any of the nodes in the cluster to use IPv6, make sure the IPv6 enterprise parameter is
disabled for the cluster.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence OS Administration > Settings > IP > Ethernet IPv6. The
Ethernet IPv6 Configuration window appears.
Step 2 Uncheck the Enable IPv6 check box.
Step 3 Check the Update with Reboot check box.
Tip Do not check the Update with Reboot check box if you want to manually reboot the node at a later
time, such as during a scheduled maintenance window; however, the changes you made do not take
effect until you reboot the node.
Step 4 Choose Save.
If you checked the Update with Reboot check box, the node reboots and the changes are applied.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
80
 Configure Proxy Server Settings

Enable IPv6 Enterprise Parameter

Use Cisco Unified CM IM and Presence Administration to enable the IPv6 enterprise parameter for the IM
and Presence Service cluster. You must restart the following services to apply the changes:
• Cisco SIP Proxy
• Cisco Presence Engine
• Cisco XCP Router

Tip To monitor system restart notifications using Cisco Unified CM IM and Presence Administration, select
System > Notifications.

Before You Begin

Ensure that you have configured the following for IPv6 before restarting any services:
• Enable IPv6 for ETH0 on each IM and Presence Service node using Cisco Unified CM IM and Presence
Administration.
• Set the IPv6 name parameter using Common Topology.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > System > Enterprise Parameters. The
Enterprise Parameters Configuration window appears
Step 2 Choose True in the IPv6 panel.
Step 3 Choose Save.

What to Do Next
Restart the services on the IM and Presence Service node to apply the changes.

Configure Proxy Server Settings

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Presence > Routing > Settings.
Step 2 Choose On for the Method/Event Routing Status.
Step 3 Choose Default SIP Proxy TCP Listener for the Preferred Proxy Server.
Step 4 Click Save.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
81
 Services on IM and Presence Service

Services on IM and Presence Service

Turn On Services for IM and Presence Service

The following procedure lists the services that you must turn on when you deploy a basic IM and Presence
Service configuration. Turn on these services on each node in your IM and Presence Service cluster.
You may need to turn on other optional services depending on the additional features that you deploy on IM
and Presence Service. See the IM and Presence Service documentation relating to those specific features for
further details. If you have manually stopped any services so that you could configure certain system
components or features, use this procedure to manually restart those services.
The Cisco XCP Router service must be running for a basic IM and Presence Service deployment. IM and
Presence Service turns on the Cisco XCP Router by default. Verify that this network service is on by choosing
Cisco Unified IM and Presence Serviceability > Control Center - Network Services.

Procedure

Step 1 Choose Cisco Unified IM and Presence Serviceability > Tools > Service Activation.
Step 2 Choose the IM and Presence Service node from the Server menu.
You can also change the status of Cisco Unified Communications Manager services by choosing a Cisco
Unified Communications Manager node from this menu.

Step 3 For a basic IM and Presence Service deployment, turn on the following services:
• Cisco SIP Proxy
• Cisco Presence Engine
• Cisco XCP Connection Manager
• Cisco XCP Authentication Service

Step 4 Click Save.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
82
 CHAPTER 7
IP Phone Presence Setup
• Static Route Configuration on IM and Presence Service, page 83
• Presence Gateway Configuration on IM and Presence Service, page 88
• Configure SIP Publish Trunk on IM and Presence Service, page 89
• Configure Cluster-Wide DNS SRV Name for SIP Publish Trunk, page 89

Static Route Configuration on IM and Presence Service

If you configure a static route for SIP proxy server traffic, consider the following:
• A dynamic route represents a path through the network that is automatically calculated according to
routing protocols and routing update messages.
• A static route represents a fixed path that you explicitly configure through the network.
• Static routes take precedence over dynamic routes.

Route Embed Templates

You must define a route embed template for any static route pattern that contains embedded wildcards. The
route embed template contains information about the leading digits, the digit length, and location of the
embedded wildcards. Before you define a route embed template, consider the sample templates we provide
below.
When you define a route embed template, the characters that follow the “.” must match actual telephony digits
in the static route. In the sample route embed templates below, we represent these characters with “x”.

Sample Route Embed Template A

Route embed template: 74..78xxxxx*
With this template, IM and Presence Service will enable this set of static routes with embedded wildcards:

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
83
 Static Route Configuration on IM and Presence Service

Table 8: Static Routes Set with Embedded Wildcards - Template A

Destination Pattern Next Hop Destination

74..7812345* 1.2.3.4:5060

74..7867890* 5.6.7.8.9:5060

74..7811993* 10.10.11.37:5060

With this template, IM and Presence Service will not enable these static route entries:
• 73..7812345* (The initial string is not ‘74’ as the template defines)
• 74..781* (The destination pattern digit length does not match the template)
• 74…7812345* (The number of wildcards does not match the template)

Sample Route Embed Template B

Route embed template: 471….xx*
With this template, IM and Presence Service will enable this set of static routes with embedded wildcards:

Table 9: Static Routes Set with Embedded Wildcards - Template B

Destination Pattern Next Hop Destination

471….34* 20.20.21.22

471…55* 21.21.55.79

With this template, IM and Presence Service will not enable these static route entries:
• 47…344* (The initial string is not ‘471’ as the template defines)
• 471…4* (The string length does not match template)
• 471.450* (The number of wildcards does not match template)

Configure Route Embed Templates on IM and Presence Service

You can define up to five route embed templates. However, there is no limit to the number of static routes
that you can define for any route embed template.
A static route that contains an embedded wildcard must match at least one of the route embed templates.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
84
 Static Route Configuration on IM and Presence Service

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > System > Service Parameters.
Step 2 Choose an IM and Presence Service node.
Step 3 Choose the Cisco SIP Proxy service.
Step 4 Define a route embed templates in the RouteEmbedTemplate field in the Routing Parameters (Clusterwide)
section. You can define up to five route embed templates.
Step 5 Choose Save.

What to Do Next
Proceed to configure static routes on IM and Presence Service.

Configure Static Routes on IM and Presence Service

The following table lists the static route parameter settings that you can configure for IM and Presence Service.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
85
 Static Route Configuration on IM and Presence Service

Table 10: Static Route Parameters Settings for IM and Presence Service

Field Description
Destination Pattern This field specifies the pattern of the incoming number, up to a maximum of
255 characters.
The SIP proxy allows only 100 static routes to have an identical route pattern.
If you exceed this limit, IM and Presence Service logs an error.
Wildcard Usage
You can use “.” as a wildcard for a single character and “*” as a wildcard for
multiple characters.
IM and Presence Service supports embedded '.' wildcard characters in static
routes. However, you must define route embed templates for static routes that
contain embedded wildcards. Any static route that contains an embedded
wildcard must match at least one route embed template. See the route embed
template topic (referenced in the Related Topics section below) for information
about defining route embed templates.
For phones:
• A dot can exist at the end of the pattern, or embedded in a pattern. If
you embed the dot in a pattern, you must create a route embed template
to match the pattern.
• An asterisk can only exist at the end of the pattern.

For IP addresses and host names:

• You can use an asterisk as part of the a host name.
• The dot acts as a literal value in a host name.

An escaped asterisk sequence, \*, matches a literal * and can exist anywhere.

Description Specifies the description of a particular static route, up to a maximum of 255

characters.

Next Hop Specifies the domain name or IP address of the destination (next hop) and
can be either a Fully Qualified Domain Name (FQDN) or dotted IP address.
IM and Presence Service supports DNS SRV-based call routing. To specify
DNS SRV as the next hop for a static route, set this parameter to the DNS
SRV name.

Next Hop Port Specifies the port number of the destination (next hop). The default port is
5060.
IM and Presence Service supports DNS SRV-based call routing. To specify
DNS SRV as the next hop for a static route, set the next hop port parameter
to 0.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
86
 Static Route Configuration on IM and Presence Service

Field Description
Route Type Specifies the route type: User or Domain. The default value is user.
For example, in the SIP URI “sip:[email protected]” request, the
user part is “19194762030”, and the host part is “myhost.com”. If you choose
User as the route type, IM and Presence Service uses the user-part value
“19194762030” for routing SIP traffic. If you choose the Domain as the route
type, IM and Presence Service uses “myhost.com” for routing SIP traffic.

Protocol Type Specifies the protocol type for this route, TCP, UDP, or TLS. The default
value is TCP.

Priority Specifies the route priority level. Lower values indicate higher priority. The
default value is 1.
Value range: 1-65535

Weight Specifies the route weight. Use this parameter only if two or more routes have
the same priority. Higher values indicate which route has the higher priority.
Value range: 1-65535
Example: Consider these three routes with associated priorities and weights:
• 1, 20
• 1, 10
• 2, 50

In this example, the static routes are listed in the correct order. The priority
route is based on the lowest value priority, that is 1. Given that two routes
share the same priority, the weight parameter with the highest value decides
the priority route. In this example, IM and Presence Service directs SIP traffic
to both routes configured with a priority value of 1, and distributes the traffic
according to weight; The route with a weight of 20 receives twice as much
traffic as the route with a weight of 10. Note that in this example, IM and
Presence Service will only attempt to use the route with priority 2, if it has
tried both priority 1 routes and both failed.

Allow Less-Specific Route Specifies that the route can be less specific. The default setting is On.

In Service Specifies whether this route has been taken out of service.
This parameter allows the administrator to effectively take a route out of
service (versus removing it completely and re-adding it).

Block Route Check Box Check to block the static route. The default setting is Unblocked.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
87
 Presence Gateway Configuration on IM and Presence Service

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Routing > Static Routes.
Step 2 Click Add New.
Step 3 Configure the static route settings.
Step 4 Click Save.

Presence Gateway Configuration on IM and Presence Service

Presence Gateway Configuration Option

You must configure Cisco Unified Communications Manager as a Presence Gateway on IM and Presence
Service to enable the SIP connection that handles the availability information exchange between Cisco Unified
Communications Manager and IM and Presence Service.
When configuring the Presence Gateway, specify the FQDN (Fully Qualified Domain Name) or the IP address
of the associated Cisco Unified Communications Manager node. Depending on your network this value can
be one of the following:
• the FQDN address of the Cisco Unified Communications Manager database publisher node
• a DNS SRV FQDN that resolves to the Cisco Unified Communications Manager subscriber nodes
• the IP address of the Cisco Unified Communications Manager database publisher node

If DNS SRV is an option in your network, configure the following:

1 Configure the Presence Gateway on the IM and Presence Service node with a DNS SRV FQDN of the
Cisco Unified Communications Manager subscriber nodes (equally weighted). This will enable IM and
Presence Service to share availability messages equally among all the nodes used for availability information
exchange.
2 On Cisco Unified Communications Manager, configure the SIP trunk for the IM and Presence Service
node with a DNS SRV FQDN of the IM and Presence Service database publisher and subscriber nodes.

If DNS SRV is not an option in your network, and you are using the IP address of the associated Cisco Unified
Communications Manager node, you cannot share presence messaging traffic equally across multiple subscriber
nodes because the IP address points to a single subscriber node.

Related Topics
SIP Trunk Configuration on Cisco Unified Communications Manager, on page 53

Configure Presence Gateway

Before You Begin
• Read the Presence Gateway configuration options topic.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
88
 Configure SIP Publish Trunk on IM and Presence Service

• Depending on your configuration requirements, obtain the FQDN, DNS SRV FQDN, or the IP address
of the associated Cisco Unified Communications Manager node.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Presence > Gateways.
Step 2 Click Add New.
Step 3 Choose CUCM for the Presence Gateway Type.
Step 4 Enter a description of the presence gateway in the Description field.
Step 5 Specify the FQDN, DNS SRV FQDN, or the IP address of the associated Cisco Cisco Unified Communications
Manager node in the Presence Gateway field.
Step 6 Click Save.

What to Do Next
Proceed to configure the authorization policy on IM and Presence Service.

Related Topics
Configure Authorization Policy on IM and Presence Service, on page 211
Presence Gateway Configuration Option, on page 88

Configure SIP Publish Trunk on IM and Presence Service

When you turn on this setting, Cisco Cisco Unified Communications Manager publishes phone presence for
all line appearances that are associated with users licensed on Cisco Unified Communications Manager for
IM and Presence Service.
This procedure is the same operation as assigning a SIP trunk as the CUP PUBLISH trunk in Cisco Cisco
Unified Communications Manager service parameters.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Presence > Settings > Standard
Configuration.
Step 2 Choose a SIP Trunk from the CUCM SIP Publish Trunk drop-down list.
Step 3 Click Save.

Configure Cluster-Wide DNS SRV Name for SIP Publish Trunk

When you configure the cluster-wide IM and Presence Service address on the IM and Presence database
publisher node, IM and Presence Service replicates the address on all nodes in the cluster.
Set the SRV port value to 5060 when you configure a cluster-wide IM and Presence Service address.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
89
 Configure Cluster-Wide DNS SRV Name for SIP Publish Trunk

Note Do not use this procedure to change the SRV Cluster Name value if the IM and Presence Service default
domain is used in the cluster-wide DNS SRV record. No further action is needed.

Before You Begin

Read the cluster-wide DNS SRV topic.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > System > Service Parameters.
Step 2 Choose the IM and Presence Service node from the Server menu.
Step 3 Choose Cisco SIP Proxy from the Service menu.
Step 4 Edit the SRV Cluster Name field in the General Proxy Parameters (Clusterwide) section.
By default this parameter is empty.

Step 5 Click Save.

Related Topics
Cluster-Wide DNS SRV, on page 27
Scalability Options for Deployment, on page 26

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
90
 CHAPTER 8
LDAP Directory Integration
• LDAP Server Name, Address, and Profile Configuration, page 91
• LDAP Directory Integration with Cisco Unified Communications Manager Task List, page 91
• LDAP Directory Integration for Contact Searches on XMPP Clients, page 96

LDAP Server Name, Address, and Profile Configuration

LDAP server name, address, and profile configuration on IM and Presence Service has moved to Cisco Unified
Communications Manager. For more information, see the Cisco Unified Communications Manager
Administration Guide, Release 9.0(1).

LDAP Directory Integration with Cisco Unified Communications Manager Task

List
The following workflow diagram shows the high-level steps to integrate the LDAP directory with Cisco
Unified Communications Manager.

Figure 9: LDAP Directory Integration with Cisco Unified Communications Manager Workflow

The following table lists the tasks to perform to integrate the LDAP directory with Cisco Unified
Communications Manager. For detailed instructions, see the related tasks.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
91
 LDAP Directory Integration with Cisco Unified Communications Manager Task List

Table 11: Task List for LDAP Directory Integration

Task Description
Secure Cisco Unified Enable a Secure Socket Layer (SSL) connection for the LDAP server on Cisco
Communications Manager Unified Communications Manager.
and LDAP Directory Tip You must upload the LDAP SSL certificate as a tomcat-trust certificate
Connection on Cisco Unified Communications Manager Release 8.x and later.
Configure LDAP You can enable the Cisco Directory Synchronization (DirSync) tool on Cisco
Synchronization for User Unified Communications Manager to automatically provision users from the
Provisioning corporate directory, or you can manually synchronize user directory
information.
Tip LDAP synchronization does not apply to application users on Cisco
Unified Communications Manager. Manually provision application
users using the Cisco Unified CM Administration GUI.
Upload LDAP Server When Cisco Unified Communications Manager LDAP authentication is
Certificates configured for secure mode (port 636 or 3269), you must upload all LDAP
authentication server certificates and Intermediate certificates as “tomcat-trust”
to the IM and Presence Service node.

Configure LDAP Server Enable Cisco Unified Communications Manager to authenticate user passwords
Authentication against the corporate LDAP directory.
Tip LDAP authentication does not apply to the passwords of application
users.
Configure Secure Perform this task on all IM and Presence Service nodes in the cluster if you
Connection Between IM and configured a secure connection between Cisco Unified Communications
Presence Service and LDAP Manager and the LDAP directory.
Directory

Secure Connection Between Cisco Unified Communications Manager and LDAP Directory
You can secure the connection between the Cisco Unified Communications Manager node and the LDAP
directory server by enabling a Secure Socket Layer (SSL) connection for the LDAP server on Cisco Unified
Communications Manager, and uploading the SSL certificate to Cisco Unified Communications Manager.
You must upload the LDAP SSL certificate as a tomcat-trust certificate on Cisco Unified Communications
Manager Release 8.x and later.
After you upload the LDAP SSL certificate, you need to restart the following services on Cisco Unified
Communications Manager:
• Directory service
• Tomcat service

See the Cisco Unified Communications Manager documentation for details on uploading a certificate to Cisco
Unified Communications Manager.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
92
 LDAP Directory Integration with Cisco Unified Communications Manager Task List

Configure LDAP Synchronization for User Provisioning

LDAP synchronization uses the Cisco Directory Synchronization (DirSync) tool on Cisco Unified
Communications Manager to synchronize information (either manually or periodically) from a corporate
LDAP directory. When you enable the DirSync service, Cisco Unified Communications Manager automatically
provisions users from the corporate directory. Cisco Unified Communications Manager still uses its local
database, but disables its facility to allow you to create user accounts. You use the LDAP directory interface
to create and manage user accounts.

Before You Begin

• Make sure that you install the LDAP server before you attempt the LDAP-specific configuration on
Cisco Unified Communications Manager.
• Activate the Cisco DirSync service on Cisco Unified Communications Manager.

Restrictions
LDAP synchronization does not apply to application users on Cisco Unified Communications Manager. You
must manually provision application users in the Cisco Unified CM Administration interface.

Procedure

Step 1 Choose Cisco Unified CM Administration > System > LDAP > LDAP System.
Step 2 Click Add New.
Step 3 Configure the LDAP server type and attribute.
Step 4 Choose Enable Synchronizing from LDAP Server.
Step 5 Choose Cisco Unified CM Administration > System > LDAP > LDAP Directory
Step 6 Configure the following items:
a) LDAP directory account settings
b) User attributes to be synchronized
c) Synchronization schedule
d) LDAP server hostname or IP address, and port number
Step 7 Check Use SSL if you want to use Secure Socket Layer (SSL) to communicate with the LDAP directory.
Tip • If you configure LDAP over SSL, upload the LDAP directory certificate onto Cisco Unified
Communications Manager.
• See the LDAP directory content in the Cisco Unified Communications Manager SRND for
information about the account synchronization mechanism for specific LDAP products, and
general best practices for LDAP synchronization.

What to Do Next
Proceed to upload the LDAP authentication server certificates.

Related Topics
http://www.cisco.com/go/designzone

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
93
 LDAP Directory Integration with Cisco Unified Communications Manager Task List

Upload LDAP Authentication Server Certificates

When Cisco Unified Communications Manager LDAP authentication is configured for secure mode (port
636 or 3269), LDAP authentication server certificates, such as Certificate Authority (CA) root and all other
Intermediate certificates, must be individually uploaded as “tomcat-trust” to the IM and Presence Service node.

Procedure

Step 1 Choose Cisco Unified IM and Presence OS Administration > Security > Certificate Management.
Step 2 Click Upload Certificate.
Step 3 Choose tomcat-trust from the Certificate Name menu.
Step 4 Browse and choose the LDAP server root certificate from your local computer.
Step 5 Click Upload File.
Step 6 Repeat the above steps for all other intermediate certificates.

What to Do Next
Proceed to configure LDAP authentication.

Configure LDAP Authentication

The LDAP authentication feature enables Cisco Unified Communications Manager to authenticate user
passwords against the corporate LDAP directory.

Before You Begin

Enable LDAP synchronization on Cisco Unified Communications Manager.
Restrictions
LDAP authentication does not apply to the passwords of application users; Cisco Unified Communications
Manager authenticates application users in its internal database.

Procedure

Step 1 Choose Cisco Unified CM Administration > System > LDAP > LDAP Authentication.
Step 2 Enable LDAP authentication for users.
Step 3 Configure the LDAP authentication settings.
Step 4 Configure the LDAP server hostname or IP address, and port number

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
94
 LDAP Directory Integration with Cisco Unified Communications Manager Task List

Note To use Secure Socket Layer (SSL) to communicate with the LDAP directory, check Use SSL.
If you check the Use SSL check box, enter the IP address or hostname or FQDN that matches the
Subject CN of the LDAP server's certificate. The Subject CN of the LDAP server's certificate must
be either an IP address or hostname or FQDN. If this condition cannot be met, do not check the Use
SSL check box because it will result in login failures on Cisco Unified CM IM and Presence
Administration, Cisco Unified IM and Presence Serviceability, Cisco Unified IM and Presence
Reporting, Cisco Jabber login, Third Party XMPP Clients and any other applications on Cisco Unified
Communications Manager and IM and Presence Service that connect to LDAP to perform user
authentication.

Tip If you configure LDAP over SSL, upload the LDAP directory certificate to Cisco Unified Communications
Manager.

What to Do Next
Configure secure connection between IM and Presence Service and LDAP directory.

Configure Secure Connection Between IM and Presence Service and LDAP Directory
This topic is only applicable if you configure a secure connection between Cisco Unified Communications
Manager and the LDAP directory.

Note Perform this procedure on all IM and Presence Service nodes in the cluster.

Before You Begin

Enable SSL for LDAP on Cisco Unified Communications Manager, and upload the LDAP directory certificate
to Cisco Unified Communications Manager.

Procedure

Step 1 Choose Cisco Unified IM and Presence OS Administration > Security > Certificate Management.
Step 2 Click Upload Certificate.
Step 3 Choose tomcat-trust from the Certificate Name menu.
Step 4 Browse and choose the LDAP server certificate from your local computer.
Step 5 Click Upload File.
Step 6 Restart the Tomcat service from the CLI using this command: utils service restart Cisco Tomcat

What to Do Next
Proceed to integrate the LDAP directory with Cisco Jabber.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
95
 LDAP Directory Integration for Contact Searches on XMPP Clients

Verify LDAP Directory Connection Using System Troubleshooter

Use the System Troubleshooter in the Cisco Unified CM IM and Presence Administration UI to view the
status of the system which ensures your connection to the LDAP server is working correctly.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Diagnostics > System Troubleshooter.
Step 2 Monitor the status of the connection to the LDAP server in the LDAP Troubleshooter area.
The Problem column is populated if the system check detects any issues:
• Verify that the LDAP server can be reached.
• Verify that the LDAP server is listening for connections.
• Verify that the LDAP server authentication has been successful.

If any connection problems are detected, perform the recommended solution.

LDAP Directory Integration for Contact Searches on XMPP Clients

These topics describe how to configure the LDAP settings on IM and Presence Service to allow users of
third-party XMPP client to search and add contacts from the LDAP directory.
The JDS component on IM and Presence Service handles the third-party XMPP client communication with
the LDAP directory. Third-party XMPP clients send queries to the JDS component on IM and Presence
Service. The JDS component sends the LDAP queries to the provisioned LDAP servers, and then sends the
results back to the XMPP client.
Before you perform the configuration described here, perform the configuration to integrate the XMPP client
with Cisco Unified Communications Manager and IM and Presence Service. See topics related to third party
XMPP client application integration.

The following workflow diagram shows the high-level steps to integrate the LDAP directory for contact
searches on XMPP clients.
Figure 10: LDAP Directory Integration for Contact Searches on XMPP Clients Workflow

The following table lists the tasks to perform to integrate the LDAP directory for contact searches on XMPP
clients. For detailed instructions, see the related tasks.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
96
 LDAP Directory Integration for Contact Searches on XMPP Clients

Table 12: Task List for LDAP Directory Integration for Contact Searches on XMPP Clients

Task Description
Configure XMPP Client Upload the root CA certificate to IM and Presence Service as an
LDAP Server Names and xmpp-trust-certificate if you enabled SSL and configured a secure connection
Addresses between the LDAP server and IM and Presence Service.
Tip The subject CN in the certificate must match the FQDN of the LDAP
server.
Configure XMPP Client You must specify the LDAP search settings that will allow IM and Presence
LDAP Search Settings Service to successfully perform contact searches for third-party XMPP clients.
You can specify a primary LDAP server and up to two backup LDAP servers.
Tip Optionally, you can turn on the retrieval of vCards from the LDAP
server or allow the vCards to be stored in the local database of IM and
Presence Service.
Turn On Cisco XCP You must turn on XCP Directory Service to allow users of a third-party XMPP
Directory Service client to search and add contacts from the LDAP directory.
Tip Do not turn on the Cisco XCP Directory Service until after you
configure the LDAP server and LDAP search settings for third-party
XMPP clients; otherwise, the service with stop running.

LDAP Account Lock Issue

If you enter the wrong password for the LDAP server that you configure for third-party XMPP clients, and
you restart the XCP services on IM and Presence Service, the JDS component will perform multiple attempts
to sign in to the LDAP server with the wrong password. If the LDAP server is configured to lock out an
account after a number of failed attempts, then the LDAP server may lock the JDS component out at some
point. If the JDS component uses the same credentials as other applications that connect to LDAP (applications
that are not necessarily on IM and Presence Service), these applications will also be locked out of LDAP.
To fix this issue, configure a separate user, with the same role and privileges as the existing LDAP user, and
allow only JDS to sign in as this second user. If you enter the wrong password for the LDAP server, only the
JDS component is locked out from the LDAP server.

Configure LDAP Server Names and Addresses for XMPP Clients

If you choose to enable Secured Sockets Layer (SSL), configure a secure connection between the LDAP
server and IM and Presence Service and upload the root Certificate Authority (CA) certificate to IM and
Presence Service as an cup-xmpp-trust certificate. The subject common name (CN) in the certificate must
match the Fully Qualified Domain Name (FQDN) of the LDAP server.
If you import a certificate chain (more than one certificate from the root node to the trusted node), import all
certificates in the chain except the leaf node. For example, if the CA signs the certificate for the LDAP server,
import only the CA certificate and not the certificate for the LDAP server.
You can use IPv6 to connect to the LDAP server even though the connection between IM and Presence Service
and Cisco Unified Communications Manager is IPv4. If IPv6 gets disabled for either the enterprise parameter
or for ETH0 on the IM and Presence Service node, the node can still perform an internal DNS query and

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
97
 LDAP Directory Integration for Contact Searches on XMPP Clients

connect to the external LDAP server if the hostname of the external LDAP server configured for third-party
XMPP clients is a resolvable IPv6 address.

Tip You configure the hostname of the external LDAP server for third-party XMPP clients in the LDAP
Server - Third-Party XMPP Client window.

Before You Begin

Obtain the hostnames or IP addresses of the LDAP directories.
If you use IPv6 to connect to the LDAP server, enable IPv6 on the enterprise parameter and on Eth0 for each
IM and Presence Service node in your deployment before you configure the LDAP server.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Application > Third-Party Clients >
Third-Party LDAP Servers.
Step 2 Click Add New.
Step 3 Enter an ID for the LDAP server.
Step 4 Enter the hostname for the LDAP server.
For IPv6 connections, you can enter the IPv6 address of the LDAP server.

Step 5 Specify the port number on the LDAP server that is listening to the TCP or SSL connection.
The default port is 389. If you enable SSL, specify port 636.

Step 6 Specify the username and the password for the LDAP server. These values must match the credentials you
configure on the LDAP server.
See the LDAP directory documentation or the LDAP directory configuration for this information.

Step 7 Check Enable SSL if you want to use SSL to communicate with the LDAP server.
Note If SSL is enabled then the hostname value which you enter can be either the hostname or the FQDN
of the LDAP server. The value that is used must match the value in the security certificate CN or
SAN fields.
If you must use an IP address, then this value must also be used on the certificate for either the CN
or SAN fields.
Step 8 Click Save.
Step 9 Start the Cisco XCP Router service on all nodes in the cluster (if this service is not already running).

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
98
 LDAP Directory Integration for Contact Searches on XMPP Clients

Tip • If you enable SSL, the XMPP contact searches may be slower because of the negotiation procedures
at SSL connection setup, and data encryption and decryption after IM and Presence Service establishes
the SSL connection. As a result, if your users perform XMPP contact searches extensively in your
deployment, this could impact the overall system performance.
• You can use the certificate import tool to check the communication with the LDAP server hostname
and port value after you upload the certificate for the LDAP server. Choose Cisco Unified CM IM
and Presence Administration > System > Security > Certificate Import Tool.
• If you make an update to the LDAP server configuration for third-party XMPP clients, restart the
Cisco XCP Directory Service. Choose Cisco Unified IM and Presence Serviceability > Tools >
Control Center - Feature Services to restart this service.

What to Do Next
Proceed to configure LDAP search settings for XMPP clients.

Related Topics
Secure Connection Between Cisco Unified Communications Manager and LDAP Directory, on page 92
Configure Secure Connection Between IM and Presence Service and LDAP Directory, on page 95

Configure LDAP Search Settings for XMPP Clients

You must specify the LDAP search settings that will allow IM and Presence Service to successfully perform
contact search for third-party XMPP clients
Third-party XMPP clients connect to an LDAP server on a per-search basis. If the connection to the primary
server fails, the XMPP client tries the first backup LDAP server, and if it is not available, it then tries the
second backup server and so on. If an LDAP query is in process when the system fails over, the next available
server completes this LDAP query.
Optionally you can turn on the retrieval of vCards from the LDAP server. If you turn on vCard retrieval:
• The corporate LDAP directory stores the vCards.
• When XMPP clients search for their own vCard, or the vCard for a contact, the vCards are retrieved
from LDAP via the JDS service.
• Clients cannot set or modify their own vCard as they are not authorized to edit the corporate LDAP
directory.

If you turn off the retrieval of vCards from LDAP server:

• IM and Presence Service stores the vCards in the local database.
• When XMPP clients search for their own vCard, or the vCard for a contact, the vCards are retrieved
from the local IM and Presence Service database.
• Clients can set or modify their own vCard.

The following table lists the LDAP search settings for XMPP clients.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
99
 LDAP Directory Integration for Contact Searches on XMPP Clients

Table 13: LDAP Search Settings for XMPP Clients

Field Setting
LDAP Server Type Choose an LDAP server type from this list:
• Microsoft Active Directory
• Generic Directory Server - Choose this menu item if you are using any other
supported LDAP server type (iPlanet, Sun ONE or OpenLDAP).

User Object Class Enter the User Object Class value appropriate to your LDAP server type. This value
must match the User Object Class value configured on your LDAP server.
If you use Microsoft Active Directory, the default value is ‘user’.

Base Context Enter the Base Context appropriate to your LDAP server. This value must match a
previously configured domain, and/or an organizational structure on your LDAP
server.

User Attribute Enter the User Attribute value appropriate to your LDAP server type. This value
must match the User Attribute value configured on your LDAP server.
If you use Microsoft Active Directory, the default value is sAMAccountName.
If the Directory URI IM address scheme is used and the Directory URI is mapped
to either mail or msRTCSIPPrimaryUserAddress, then mail or
msRTCSIPPrimaryUserAddress must be specified as the user attribute.

LDAP Server 1 Choose a primary LDAP server.

LDAP Server 2 (Optional) Choose a backup LDAP server.

LDAP Server 3 (Optional) Choose a backup LDAP server.

Before You Begin

Specify the LDAP server names and addresses for XMPP clients.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Application > Third-Party Clients >
Third-Party LDAP Settings.
Step 2 Enter information into the fields.
Step 3 Check Build vCards from LDAP if you want to enable users to request vCards for their contacts and retrieve
the vCard information from the LDAP server. Leave the check box unchecked if you want clients to be able

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
100
 LDAP Directory Integration for Contact Searches on XMPP Clients

to automatically request vCards for users as users join the contact list. In this case, clients retrieve the vCard
information from the local IM and Presence Service database.
Step 4 Enter the LDAP field required to construct the vCard FN field. Clients use the value in the vCard FN field to
display the contact's name in the contact list when a user requests a contact's vCard.
Step 5 In the Searchable LDAP Attributes table, map the client user fields to the appropriate LDAP user fields.
If you use Microsoft Active Directory, IM and Presence Service populates the default attribute values in the
table.

Step 6 Click Save.

Step 7 Start the Cisco XCP Router service (if this service is not already running)
Tip If you make an update to the LDAP search configuration for third-party XMPP clients, restart the
Cisco XCP Directory Service. Choose Cisco Unified IM and Presence Serviceability > Tools >
Control Center - Feature Services to restart this service.

What to Do Next
Proceed to turn on the Cisco XCP directory service.

Turn On Cisco XCP Directory Service

You must turn on the Cisco XCP Directory Service to allow users of a third-party XMPP client to search and
add contacts from the LDAP directory. Turn on the Cisco XCP Directory Service on all nodes in the cluster.

Note Do not turn on the Cisco XCP Directory Service until you configure the LDAP server, and LDAP search
settings for third-party XMPP clients. If you turn on the Cisco XCP Directory Service, but you do not
configure the LDAP server, and LDAP search settings for third-party XMPP clients, the service will start,
and then stop again.

Before You Begin

Configure the LDAP server, and LDAP search settings for third-party XMPP clients.

Procedure

Step 1 Choose Cisco Unified IM and Presence Serviceability > Tools > Service Activation.
Step 2 Choose the IM and Presence Service node from the Server menu.
Step 3 Choose Cisco XCP Directory Service.
Step 4 Click Save.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
101
 LDAP Directory Integration for Contact Searches on XMPP Clients

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
102
 CHAPTER 9
Security Configuration on IM and Presence
Service
• Security Setup Task List, page 103
• Create Login Banner, page 105
• Enhanced TLS Encryption on IM and Presence Service, page 105
• Multi-Server Certificate Overview, page 107
• IM and Presence Service Certificate Types, page 107
• Certificate Exchange Configuration Between IM and Presence Service and Cisco Unified Communications
Manager, page 110
• Multi-Server CA Signed Certificate Upload to IM and Presence Service, page 112
• Single-Server CA Signed Certificate Upload to IM and Presence Service , page 113
• Delete Self-Signed Trust Certificates , page 124
• SIP Security Settings Configuration on IM and Presence Service, page 126
• XMPP Security Settings Configuration on IM and Presence Service, page 128

Security Setup Task List

The following workflow diagram shows the high-level steps to configure security on the IM and Presence
Service node deployment.

Figure 11: Security Setup Workflow

The following table lists the tasks to perform to set up security on the IM and Presence Service node deployment.
For detailed instructions, see the procedures that are related to the tasks outlined in the workflow.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
103
 Security Setup Task List

Note Optionally, you can create a banner that users acknowledge as part of their login to any IM and Presence
Service interface.

Table 14: Task List for Security Setup on IM and Presence Service

Task Description
Configure Perform the following tasks:
Certificate
Exchange Between • Import Cisco Unified Communications Manager certificate to IM and Presence
Service node, and then restart the SIP proxy service.
IM and Presence
Service and Cisco Tip You can import the certificate using either the Certificate Import Tool
Unified or manually using Cisco Unified IM and Presence OS Administration
Communications from Security > Certificate Management.
Manager
• Download the certificate from IM and Presence Service, and then upload the
certificate to Callmanager-trust on Cisco Unified Communications Manager.
• Restart the Cisco Unified Communications Manager service.

Note You must configure a SIP security profile and SIP trunk for IM and Presence
Service before you can configure the certificate exchange between Cisco
Unified Communications Manager and IM and Presence Service.

Upload CA-Signed Upload the Certificate Authority (CA) signed certificates to IM and Presence Service
Certificates for your deployment, which can be either a single-server or a multi-server deployment.
Service restarts are required. See the related tasks for details.
• tomcat or tomcat-ECDSA certificate
• cup-xmpp or cup-xmpp-ECDSA certificate
• cup-xmpp-s2s or cup-xmpp-s2s-ECDSA certificate

Tip You can upload these certificates on any IM and Presence Service node in the
cluster. When this is done, the certificate and the associated signing certificates
are automatically distributed to all the other IM and Presence Service nodes
in the cluster.

Configure Security When you import an IM and Presence Service certificate, IM and Presence Service
Settings on IM and automatically attempts to add the TLS peer subject to the TLS peer subject list, and
Presence Service to the TLS context list. Verify the TLS peer subject and TLS context configuration is
set up to your requirements.
IM and Presence Service provides increased security for XMPP-based configurations.
You can configure the XMPP secure modes on IM and Presence Service using Cisco
Unified CM IM and Presence Administration from System > Security > Settings.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
104
 Create Login Banner

Create Login Banner

You can create a banner that users acknowledge as part of their login to any IM and Presence Service interface.
You create a .txt file using any text editor, include important notifications they want users to be made aware
of, and upload it to the Cisco Unified IM and Presence OS Administration page. This banner will then appear
on all IM and Presence Service interfaces notifying users of important information before they login, including
legal warnings and obligations. The following interfaces will display this banner before and after a user logs
in: Cisco Unified CM IM and Presence Administration, Cisco Unified IM and Presence Operating System
Administration, Cisco Unified IM and Presence Serviceability, Cisco Unified IM and Presence Reporting,
and IM and Presence Disaster Recovery System.

Procedure

Step 1 Create a .txt file with the contents you want to display in the banner.
Step 2 Sign in to Cisco Unified IM and Presence Operating System Administration.
Step 3 Choose Software Upgrades > Customized Logon Message.
Step 4 Click Browse and locate the .txt file.
Step 5 Click Upload File.
The banner will appear before and after login on most IM and Presence Service interfaces.
Note The .txt file must be uploaded to each IM and Presence Service node separately.

Enhanced TLS Encryption on IM and Presence Service

This release includes Elliptic Curve Digital Signature Algorithm (ECDSA) support for Tomcat, SIP Proxy,
and XMPP interfaces on TLS version 1.2 connections.
We recommended that when you create a certificate, that you configure both an RSA-based certificate and
an ECDSA-based certificate. For example, if you configure a tomcat certificate, you should then also configure
a tomcat-ECDSA certificate, and vice-versa.

Note If an IM and Presence Service peer does not support TLS version 1.2, then the connection falls back to
TLS version 1.0 and the existing behavior is retained.

Note Certificates with a key length value of 3072 or 4096 can only be selected for RSA certificates. These
options are not available for ECDSA certificates.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
105
 Enhanced TLS Encryption on IM and Presence Service

Note EC Ciphers on the Tomcat interface are disabled by default. You can enable them using the HTTPS
Ciphers enterprise parameter on Cisco Unified Communications Manager or on IM and Presence Service.
If you change this parameter the Cisco Tomcat service must be restarted on all nodes.

As part of this support four new ciphers have been introduced for use on TLS connections supporting the
Tomcat, SIP Proxy, and XMPP interfaces. Two of these new ciphers are RSA-based and two are ECDSA-based.
For further information on ECDSA-based cipher support see, ECDSA Support for Common Criteria for
Certified Solutions, in the Release Notes for Cisco Unified Communications Manager and IM and Presence
Service, Release 11.0(1).
The new ciphers which are being introduced are:
• ECDHE ECDSA Ciphers
◦TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
◦TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

• ECDHE RSA Ciphers

◦TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
◦TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

For the RSA-based ciphers, existing security certificates are used. However, the ECDSA-based ciphers require
the following additional security certificates:
• cup-ECDSA
• cup-xmpp-ECDSA
• cup-xmpp-s2s-ECDSA
• tomcat-ECDSA

If the certificate name ends in -ECDSA, then the certificate/key type is Elliptic Curve (EC). Otherwise, it is
RSA. The Common Name (CN) of an EC certificate has -EC appended to the hostname and EC certificates
also contain the FQDN or hostname of the server in the SAN field.

Note We recommend that you do not use -EC in the Common Name (CN) field of the RSA-based certificates:
Tomcat, XMPP, XMPP-s2s, and CUP. If you do this, the existing EC-based certificate will be overwritten.

For further information on configuring security certificates on IM and Presence Service see, IM and Presence
Service Certificate Types, Multi-Server CA Signed Certificate Upload to IM and Presence Service, and
Single-Server CA Signed Certificate Upload to IM and Presence Service.
For information on configuring the TLS ciphers see, Configure TLS Cipher Mapping.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
106
 Multi-Server Certificate Overview

RSA Security Certificate Support for Increased Key Lengths

From the current release, new Key Length sizes of 3072 bits and 4096 bits have been introduced for self-signed
certificates and CSR certificates of certificate/key type RSA.

Multi-Server Certificate Overview

IM and Presence Service supports multi-server SAN based certificates for the certificate purposes of tomcat
and tomcat-ECDSA, cup-xmpp and cup-xmpp-ECDSA, and cup-xmpp-s2s and cup-xmpp-s2s-ECDSA. You
can select between a single-server or multi-server distribution to generate a Certificate Signing Request (CSR)
for the certificate purposes which support multi-server certificates. The resulting signed multi-server certificate
and its associated chain of signing certificates are automatically distributed to the other servers in the cluster
on upload of the multi-server certificate to any of the individual servers in the cluster. For more information
on multi-server certificates, see the New and Changed Features chapter of the Release Notes for Cisco Unified
Communications Manager, Release 10.5(1).

IM and Presence Service Certificate Types

This section describes the different certificates required for the clients and services on IM and Presence Service.

Note If the certificate name ends in -ECDSA, then the certificate/key type is Elliptic Curve (EC). Otherwise, it
is RSA.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
107
 IM and Presence Service Certificate Types

Table 15: Certificate Types and Services

Certificate Type Service Certificate Trust Multi-Server Notes

Store Support
tomcat Cisco Client Profile tomcat- trust Yes Presented to a Cisco
Agent Jabber client as part
tomcat-ECDSA
of client
Cisco AXL Web
authentication for
Service
IM and Presence
Cisco Tomcat Service.
Presented to a web
browser when
navigating the Cisco
Unified CM IM and
Presence
Administration user
interface.
The associated
trust-store is used to
verify connections
made by IM and
Presence Service for
the purposes of
authenticating user
credentials with a
configured LDAP
server.

ipsec ipsec-trust No Used when an IPSec

policy is enabled.

cup Cisco SIP Proxy cup-trust No

cup-ECDSA Cisco Presence
Engine

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
108
 IM and Presence Service Certificate Types

Certificate Type Service Certificate Trust Multi-Server Notes

Store Support
cup-xmpp Cisco XCP cup-xmpp-trust Yes Presented to a Cisco
cup-xmpp-ECDSA Connection Jabber client,
Manager Third-Party XMPP
client, or a CAXL
Cisco XCP Web
based application
Connection
when the XMPP
Manager
session is being
Cisco XCP created.
Directory service
The associated
Cisco XCP Router trust-store is used to
service verify connections
made by Cisco XCP
Directory service in
performing LDAP
search operations
for third-party
XMPP clients.
The associated
trust-store is used by
the Cisco XCP
Router service when
establishing secure
connections
between IM and
Presence Service
servers if the
Routing
Communication
Type is set to
Router-to-Router.

cup-xmpp-s2s Cisco XCP XMPP cup-xmpp-trust Yes Presented for XMPP

cup-xmpp-s2s-ECDSA Federation interdomain
Connection federation when
Manager connecting to
externally federated
XMPP systems.

Related Topics
XMPP Security Settings Configuration on IM and Presence Service, on page 128
Configure Secure Connection Between IM and Presence Service and LDAP Directory, on page 95

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
109
 Certificate Exchange Configuration Between IM and Presence Service and Cisco Unified Communications Manager

Certificate Exchange Configuration Between IM and Presence Service and

Cisco Unified Communications Manager
This module describes the exchange of self-signed certificates between the Cisco Unified Communications
Manager node and the IM and Presence Service node. You can use the Certificate Import Tool on IM and
Presence Service to automatically import the Cisco Unified Communications Manager certificate to IM and
Presence Service. However, you must manually upload the IM and Presence Service certificate to Cisco
Unified Communications Manager.
Only perform these procedures if you require a secure connection between IM and Presence Service and Cisco
Unified Communications Manager.

Prerequisites for Configuring Security

Configure the following items on Cisco Unified Communications Manager:
• Configure a SIP security profile for IM and Presence Service.
• Configure a SIP trunk for IM and Presence Service:
◦Associate the security profile with the SIP trunk.
◦Configure the SIP trunk with the subject Common Name (CN) of the IM and Presence Service
certificate.

Related Topics
SIP Trunk Configuration on Cisco Unified Communications Manager, on page 53

Import Cisco Unified Communications Manager Certificate to IM and Presence Service

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > System > Security > Certificate Import
Tool.
Step 2 Choose IM and Presence (IM/P) Service Trust from the Certificate Trust Store menu.
Step 3 Enter the IP address, hostname or FQDN of the Cisco Unified Communications Manager node.
Step 4 Enter a port number to communicate with the Cisco Unified Communications Manager node.
Step 5 Click Submit.
Note After the Certificate Import Tool completes the import operation, it reports whether or not it
successfully connected to Cisco Unified Communications Manager, and whether or not it successfully
downloaded the certificate from Cisco Unified Communications Manager. If the Certificate Import
Tool reports a failure, see the Online Help for a recommended action. You can also manually import
the certificate by choosing Cisco Unified IM and Presence OS Administration > Security >
Certificate Management.
Note Depending on the negotiated TLS cipher, the Certificate Import Tool will download either an
RSA-based certificate or an ECDSA-based certificate.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
110
 Certificate Exchange Configuration Between IM and Presence Service and Cisco Unified Communications Manager

What to Do Next
Proceed to restart the SIP proxy service.

Restart SIP Proxy Service

Before You Begin
Import the Cisco Unified Communications Manager certificate to IM and Presence Service.

Procedure

Step 1 Choose Cisco Unified IM and Presence Serviceability > Tools > Control Center - Feature Services on
IM and Presence Service,
Step 2 Choose Cisco SIP Proxy.
Step 3 Click Restart.

What to Do Next
Proceed to download the certificate from IM and Presence Service.

Download Certificate from IM and Presence Service

Procedure

Step 1 Choose Cisco Unified IM and Presence OS Administration > Security > Certificate Management on IM
and Presence Service.
Step 2 Click Find.
Step 3 Choose the cup.pem file.
Note cup-ECDSA.pem is also an available
option.
Step 4 Click Download and save the file to your local computer.
Tip Ignore any errors that IM and Presence Service displays regarding access to the cup.csr file; The CA
(Certificate Authority) does not need to sign the certificate that you exchange with Cisco Unified
Communications Manager.

What to Do Next
Proceed to upload the IM and Presence Service certificate to Cisco Unified Communications Manager.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
111
 Multi-Server CA Signed Certificate Upload to IM and Presence Service

Upload IM and Presence Service Certificate to Cisco Unified Communications Manager

Before You Begin
Download the certificate from IM and Presence Service.

Procedure

Step 1 Choose Cisco Unified OS Administration > Security > Certificate Management on Cisco Unified
Communications Manager.
Step 2 Click Upload Certificate.
Step 3 Choose Callmanager-trust from the Certificate Name menu.
Step 4 Browse and choose the certificate (.pem file) previously downloaded from IM and Presence Service.
Note If you want to use an ECDSA certificate, choose the certificate which ends in -ECDSA.pem.

Step 5 Click Upload File.

What to Do Next
Proceed to restart the Cisco Unified Communications Manager CallManager service.

Restart Cisco Unified Communications Manager Service

Before You Begin
Upload the IM and Presence Service certificate to Cisco Unified Communications Manager.

Procedure

Step 1 Choose Cisco Unified Serviceability > Tools > Control Center - Feature Services on Cisco Unified
Communications Manager.
Step 2 Choose Cisco CallManager.
Step 3 Click Restart.

What to Do Next
Proceed to configure SIP security settings on IM and Presence Service.

Related Topics
SIP Security Settings Configuration on IM and Presence Service, on page 126

Multi-Server CA Signed Certificate Upload to IM and Presence Service

This section gives further information on uploading the following types of multi-server CA signed certificates:

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
112
 Single-Server CA Signed Certificate Upload to IM and Presence Service

• tomcat and tomcat-ECDSA certificates

• cup-xmpp and cup-xmpp-ECDSA certificates
• cup-xmpp-s2s and cup-xmpp-s2s-ECDSA certificates

You can upload such certificates on any IM and Presence Service node in the cluster. When this is done the
certificate and the associated signing certificates are automatically distributed to all the other IM and Presence
Service nodes in the cluster. If a self-signed certificate already exists on any node, for the given certificate
purpose (for example, tomcat, cup-xmpp, or cup-xmpp-s2s), it will be overwritten by the new multi-server
certificate.
The IM and Presence Service nodes to which a given multi-server certificate and the associated signing
certificates are distributed is dependent on the certificate purpose. The cup-xmpp and cup-xmpp-ECDSA, and
cup-xmpp-s2s and cup-xmpp-s2s-ECDSA multi-server certificates are distributed to all IM and Presence
Service nodes in the cluster. The tomcat multi-server certificate is distributed to all IM and Presence Service
nodes in the cluster and to all Cisco Unified Communications Manager nodes in the cluster. For more
information on multi-server SAN certificates, see the New and Changed Features chapter of the Release Notes
for Cisco Unified Communications Manager, Release 10.5(1).

Single-Server CA Signed Certificate Upload to IM and Presence Service

This section describes how to upload the following types of CA signed certificates to an IM and Presence
Service deployment:
• tomcat and tomcat-ECDSA certificates
• cup-xmpp and cup-xmpp-ECDSA certificates
• cup-xmpp-s2s and cup-xmpp-s2s-ECDSA certifiicates

CA-Signed Tomcat Certificate Task List

The high-level steps to upload a CA signed Tomcat or Tomcat-ECDSA certificate to IM and Presence Service
are:
1 Upload the Root Certificate and Intermediate Certificate of the signing Certificate Authority to IM and
Presence Service.
2 Restart the Cisco Intercluster Sync Agent service.
3 Ensure that the CA certificates have been correctly synced to other clusters.
4 Upload the appropriate signed certificate to each IM and Presence Service node.
5 Restart the Cisco Tomcat service on all nodes.
6 Ensure that intercluster syncing is operating correctly.

Note If you get a Tomcat CSR signed by an EC-based CA or a Tomcat-ECDSA CSR signed by an RSA-based
CA, then the TLS connection over the Tomcat interface will fail. We recommend that you use an EC-based
CA for signing a tomcat-ECDSA certificate and an RSA-based CA for signing a tomcat certificate.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
113
 Single-Server CA Signed Certificate Upload to IM and Presence Service

Upload Root Certificate and Intermediate Certificate of the Signing Certificate Authority
When you upload the Root and Intermediate Certificates, you must upload each certificate in the certificate
chain to IM and Presence Service from the Root Certificate down to the last Intermediate Certificate, as
follows:
root > intermediate-1 > intermediate-2 > … > intermediate-N
With each certificate that you upload in the chain, you must specify which previously uploaded certificate
signed it. For example:
• For intermediate-1, the root cert was used to sign it.
• For intermediate-2, the intermediate-1 cert was used to sign it.

You must upload the Root Certificate and the Intermediate Certificates, if any, to the trust store of the related
leaf certificate on the IM and Presence database publisher node. Complete the following procedure to upload
the Root Certificate and the Intermediate Certificate of the signing Certificate Authority (CA) to the IM and
Presence Service deployment.

Procedure

Step 1 On the IM and Presence database publisher node, choose Cisco Unified IM and Presence OS Administration
> Security > Certificate Management.
Step 2 Click Upload Certificate/Certificate chain.
Step 3 From the Certificate Name drop-down list, choose tomcat-trust.
Step 4 Enter a description for the signed certificate.
Step 5 Click Browse to locate the file for the Root Certificate.
Step 6 Click Upload File.
Step 7 Upload each Intermediate Certificate in the same way using the Upload Certificate/Certificate chain window.

What to Do Next
Restart the Cisco Intercluster Sync Agent service.

Restart Cisco Intercluster Sync Agent Service

After you upload the Root and Intermediate certificates to the IM and Presence database publisher node, you
must restart the Cisco Intercluster Sync Agent service on that node. This service restart ensures that the CA
certificates are synced immediately to all other clusters.

Procedure

Step 1 Log into the Admin CLI.

Step 2 Run the following command: utils service restart Cisco Intercluster Sync Agent

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
114
 Single-Server CA Signed Certificate Upload to IM and Presence Service

Note You can also restart the Cisco Intercluster Sync Agent service from the Cisco Unified Serviceability GUI.

What to Do Next
Verify that the CA certificates have synced to the other clusters.

Verify CA Certificates Have Synchronized to Other Clusters

After the Cisco Intercluster Sync Agent service has restarted, you must ensure that the CA certificate(s) have
been correctly synchronized to other clusters. Complete the following procedure on each of the other IM and
Presence database publisher nodes.

Note The information in the following procedure also applies to certificates ending in -ECDSA.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Diagnostics > System Troubleshooter.
Step 2 Under Inter-clustering Troubleshooter, find the test Verify that each TLS-enabled inter-cluster peer has
successfully exchanged security certificates and verify that is has passed.
Step 3 If the test shows an error, note the intercluster peer IP address; it should reference the cluster on which you
uploaded the CA certificate(s). Continue with the following steps to resolve the issue.
Step 4 Choose Presence > Inter-Clustering and click the link associated with the intercluster peer that was identified
on the System Troubleshooter page.
Step 5 Click Force Manual Sync.
Step 6 Allow 60 seconds for the Inter-cluster Peer Status panel to auto-refresh.
Step 7 Verify that the Certificate Status field shows "Connection is secure".
Step 8 If the Certificate Status field does not show "Connection is secure", restart the Cisco Intercluster Sync Agent
service on the IM and Presence database publisher node and then repeat steps 5 to 7.
• To restart the service from the admin CLI run the following command: utils service restart Cisco
Intercluster Sync Agent
• Alternatively, you can restart this service from the Cisco Unified IM and Presence Serviceability GUI.

Step 9 Verify that the Certificate Status now shows "Connection is secure". This means that intercluster syncing is
correctly established between the clusters and that the CA certificates that you uploaded are synced to the
other clusters.

What to Do Next
Upload the signed certificate to each IM and Presence Service node.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
115
 Single-Server CA Signed Certificate Upload to IM and Presence Service

Upload Signed Certificate to Each IM and Presence Service Node

When the CA certificates have correctly synced to all clusters, you can upload the appropriate signed certificate
to each IM and Presence Service node.

Note Cisco recommends that you sign all required tomcat certificates for a cluster and upload them at the same
time. This process reduces the time to recover intercluster communications.

Note The information in the following procedure also applies to certificates ending in -ECDSA.

Procedure

Step 1 Choose Cisco Unified IM and Presence OS Administration > Security > Certificate Management.
Step 2 Click Upload Certificate/Certificate chain.
Step 3 From the Certificate Name drop-down list, choose tomcat.
Step 4 Enter a description for the signed certificate.
Step 5 Click Browse to locate the file to upload.
Step 6 Click Upload File.
Step 7 Repeat for each IM and Presence Service node.

For more information about certificate management, see the Cisco Unified Communications Operating System
Administration Guide.

What to Do Next
Restart the Cisco Tomcat service.

Restart Cisco Tomcat Service

After you upload the tomcat certificate to each IM and Presence Service node, you must restart the Cisco
Tomcat service on each node.

Procedure

Step 1 Log into the admin CLI.

Step 2 Run the following command: utils service restart Cisco Tomcat
Step 3 Repeat for each node.

What to Do Next
Verify that intercluster syncing is operating correctly.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
116
 Single-Server CA Signed Certificate Upload to IM and Presence Service

Verify Intercluster Syncing

After the Cisco Tomcat service has restarted for all affected nodes within the cluster, you must verify that
intercluster syncing is operating correctly. Complete the following procedure on each IM and Presence database
publisher node in the other clusters.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Diagnostics > System Troubleshooter.
Step 2 Under Inter-clustering Troubleshooter, find the test Verify that each TLS-enabled inter-cluster peer has
successfully exchanged security certificates test and verify that is has passed.
Step 3 If the test shows an error, note the intercluster peer IP address; it should reference the cluster on which you
uploaded the CA certificate(s). Continue with the following steps to resolve the issue
Step 4 Choose Presence > Inter-Clustering and click the link associated with the intercluster peer that was identified
on the System Troubleshooter page.
Step 5 Click Force Manual Sync.
Step 6 Check the Also resync peer's Tomcat certificates checkbox and click OK.
Step 7 Allow 60 seconds for the Inter-cluster Peer Status panel to auto-refresh.
Step 8 Verify that the Certificate Status field shows "Connection is secure".
Step 9 If the Certificate Status field does not show "Connection is secure", restart the Cisco Intercluster Sync Agent
service on the IM and Presence database publisher node and then repeat steps 5 to 8.
• To restart the service from the admin CLI run the following command: utils service restart Cisco
Intercluster Sync Agent
• Alternatively, you can restart this service from the Cisco Unified IM and Presence Serviceability GUI.

Step 10 Verify that the Certificate Status now shows "Connection is secure". This means that intercluster syncing is
now re-established between this cluster and the cluster for which the certificates were uploaded.

CA-Signed cup-xmpp Certificate Upload

The high-level steps to upload a CA signed cup-xmpp or cup-xmpp-ECDSA certificate to IM and Presence
Service are:
1 Upload the Root Certificate and Intermediate Certificate of the signing Certificate Authority to IM and
Presence Service.
2 Restart the Cisco Intercluster Sync Agent service.
3 Ensure that the CA certificates have been correctly synced to other clusters.
4 Upload the appropriate signed certificate to each IM and Presence Service node.
5 Restart the Cisco XCP Router service on all nodes.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
117
 Single-Server CA Signed Certificate Upload to IM and Presence Service

Upload Root Certificate and Intermediate Certificate of the Signing Certificate Authority
When you upload the Root and Intermediate Certificates, you must upload each certificate in the certificate
chain to IM and Presence Service from the Root Certificate down to the last Intermediate Certificate, as
follows:
root > intermediate-1 > intermediate-2 > … > intermediate-N
With each certificate that you upload in the chain, you must specify which previously uploaded certificate
signed it. For example:
• For intermediate-1, the root cert was used to sign it.
• For intermediate-2, the intermediate-1 cert was used to sign it.

You must upload the Root Certificate and the Intermediate Certificates, if any, to the cup-xmpp-trust store
on the IM and Presence database publisher node. Complete the following procedure to upload the Root
Certificate and the Intermediate Certificate of the signing Certificate Authority (CA) to the IM and Presence
Service deployment.

Procedure

Step 1 On the IM and Presence database publisher node, choose Cisco Unified IM and Presence OS Administration
> Security > Certificate Management.
Step 2 Click Upload Certificate/Certificate chain.
Step 3 From the Certificate Name drop-down list, choose cup-xmpp-trust.
Step 4 Enter a description for the signed certificate.
Step 5 Click Browse to locate the file for the Root Certificate.
Step 6 Click Upload File.
Step 7 Upload each Intermediate Certificate in the same way using the Upload Certificate/Certificate chain window.

What to Do Next
Restart the Cisco Intercluster Sync Agent service.

Restart Cisco Intercluster Sync Agent Service

After you upload the Root and Intermediate certificates to the IM and Presence database publisher node, you
must restart the Cisco Intercluster Sync Agent service on that node. This service restart ensures that the CA
certificates are synced immediately to all other clusters.

Procedure

Step 1 Log into the Admin CLI.

Step 2 Run the following command: utils service restart Cisco Intercluster Sync Agent

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
118
 Single-Server CA Signed Certificate Upload to IM and Presence Service

Note You can also restart the Cisco Intercluster Sync Agent service from the Cisco Unified Serviceability GUI.

What to Do Next
Verify that the CA certificates have synced to the other clusters.

Verify CA Certificates Have Synchronized to Other Clusters

After the Cisco Intercluster Sync Agent service has restarted, you must ensure that the CA certificate(s) have
been correctly synchronized to other clusters. Complete the following procedure on each of the other IM and
Presence database publisher nodes.

Note The information in the following procedure also applies to certificates ending in -ECDSA.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Diagnostics > System Troubleshooter.
Step 2 Under Inter-clustering Troubleshooter, find the test Verify that each TLS-enabled inter-cluster peer has
successfully exchanged security certificates and verify that is has passed.
Step 3 If the test shows an error, note the intercluster peer IP address; it should reference the cluster on which you
uploaded the CA certificate(s). Continue with the following steps to resolve the issue.
Step 4 Choose Presence > Inter-Clustering and click the link associated with the intercluster peer that was identified
on the System Troubleshooter page.
Step 5 Click Force Manual Sync.
Step 6 Allow 60 seconds for the Inter-cluster Peer Status panel to auto-refresh.
Step 7 Verify that the Certificate Status field shows "Connection is secure".
Step 8 If the Certificate Status field does not show "Connection is secure", restart the Cisco Intercluster Sync Agent
service on the IM and Presence database publisher node and then repeat steps 5 to 7.
• To restart the service from the admin CLI run the following command: utils service restart Cisco
Intercluster Sync Agent
• Alternatively, you can restart this service from the Cisco Unified IM and Presence Serviceability GUI.

Step 9 Verify that the Certificate Status now shows "Connection is secure". This means that intercluster syncing is
correctly established between the clusters and that the CA certificates that you uploaded are synced to the
other clusters.

What to Do Next
Upload the signed certificate to each IM and Presence Service node.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
119
 Single-Server CA Signed Certificate Upload to IM and Presence Service

Upload Signed Certificate to Each IM and Presence Service Node

When the CA certificates have correctly synced to all clusters, you can upload the appropriate signed cup-xmpp
certificate to each IM and Presence Service node.

Note Cisco recommends that you sign all required cup-xmpp certificates for a cluster and upload them at the
same time so that service impacts can be managed within a single maintenance window.

Note The information in the following procedure also applies to certificates ending in -ECDSA.

Procedure

Step 1 Choose Cisco Unified IM and Presence OS Administration > Security > Certificate Management.
Step 2 Click Upload Certificate/Certificate chain.
Step 3 From the Certificate Name drop-down list, choose cup-xmpp.
Step 4 Enter a description for the signed certificate.
Step 5 Click Browse to locate the file to upload.
Step 6 Click Upload File.
Step 7 Repeat for each IM and Presence Service node.

For more information about certificate management, see the Cisco Unified Communications Operating System
Administration Guide .

What to Do Next
Restart the Cisco XCP Router service on all nodes.

Restart Cisco XCP Router Service On All Nodes

Caution A restart of the Cisco XCP Router affects service.

After you upload the cup-xmpp and/or cup-xmpp-ECDSA certificate to each IM and Presence Service node,
you must restart the Cisco XCP Router service on each node.

Procedure

Step 1 Log into the admin CLI.

Step 2 Run the following command: utils service restart Cisco XCP Router
Step 3 Repeat for each node.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
120
 Single-Server CA Signed Certificate Upload to IM and Presence Service

Note You can also restart the Cisco XCP Router service from the Cisco Unified IM and Presence Serviceability
GUI.

CA-Signed cup-xmpp-s2s Certificate Upload

The high-level steps to upload a CA signed cup-xmpp-s2s or cup-xmpp-s2s-ECDSA certificate to IM and
Presence Service are:
1 Upload the Root Certificate and Intermediate Certificate of the signing Certificate Authority to IM and
Presence Service.
2 Ensure that the CA certificates have been correctly synced to other clusters.
3 Upload the appropriate signed certificate to IM and Presence Service federation nodes (this certificate is
not required on all IM and Presence Service nodes, only those used for federation).
4 Restart the Cisco XCP XMPP Federation Connection Manager service on all affected nodes.

Upload Root Certificate and Intermediate Certificate of Signing Certificate Authority

When you upload the Root and Intermediate Certificates, you must upload each certificate in the certificate
chain to IM and Presence Service from the Root Certificate down to the last Intermediate Certificate, as
follows:
root > intermediate-1 > intermediate-2 > … > intermediate-N
With each certificate that you upload in the chain, you must specify which previously uploaded certificate
signed it. For example:
• For intermediate-1, the root cert was used to sign it.
• For intermediate-2, the intermediate-1 cert was used to sign it.

You must upload the Root Certificate and the Intermediate Certificates, if any, to the cup-xmpp-trust store
on the IM and Presence database publisher node. Complete the following procedure to upload the Root
Certificate and the Intermediate Certificate of the signing Certificate Authority (CA) to the IM and Presence
Service deployment.

Procedure

Step 1 On the IM and Presence database publisher node, choose Cisco Unified IM and Presence OS Administration
> Security > Certificate Management.
Step 2 Click Upload Certificate/Certificate chain.
Step 3 From the Certificate Name drop-down list, choose cup-xmpp-trust.
Step 4 Enter a description for the signed certificate.
Step 5 Click Browse to locate the file for the Root Certificate.
Step 6 Click Upload File.
Step 7 Upload each Intermediate Certificate in the same way using the Upload Certificate/Certificate chain window.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
121
 Single-Server CA Signed Certificate Upload to IM and Presence Service

What to Do Next
Verify that the CA certificates have synced to other clusters.

Verify CA Certificates Have Synchronized to Other Clusters

After the Cisco Intercluster Sync Agent service has restarted, you must ensure that the CA certificate(s) have
been correctly synchronized to other clusters. Complete the following procedure on each of the other IM and
Presence database publisher nodes.

Note The information in the following procedure also applies to certificates ending in -ECDSA.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Diagnostics > System Troubleshooter.
Step 2 Under Inter-clustering Troubleshooter, find the test Verify that each TLS-enabled inter-cluster peer has
successfully exchanged security certificates and verify that is has passed.
Step 3 If the test shows an error, note the intercluster peer IP address; it should reference the cluster on which you
uploaded the CA certificate(s). Continue with the following steps to resolve the issue.
Step 4 Choose Presence > Inter-Clustering and click the link associated with the intercluster peer that was identified
on the System Troubleshooter page.
Step 5 Click Force Manual Sync.
Step 6 Allow 60 seconds for the Inter-cluster Peer Status panel to auto-refresh.
Step 7 Verify that the Certificate Status field shows "Connection is secure".
Step 8 If the Certificate Status field does not show "Connection is secure", restart the Cisco Intercluster Sync Agent
service on the IM and Presence database publisher node and then repeat steps 5 to 7.
• To restart the service from the admin CLI run the following command: utils service restart Cisco
Intercluster Sync Agent
• Alternatively, you can restart this service from the Cisco Unified IM and Presence Serviceability GUI.

Step 9 Verify that the Certificate Status now shows "Connection is secure". This means that intercluster syncing is
correctly established between the clusters and that the CA certificates that you uploaded are synced to the
other clusters.

What to Do Next
Upload the signed certificate to each IM and Presence Service node.

Upload Signed Certificate to Federation Nodes

When the CA certificates have correctly synced to all clusters, you can upload the appropriate signed certificate
to each IM and Presence Service federation node. You do not need to upload the certificate to all nodes, only
nodes for federation.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
122
 Single-Server CA Signed Certificate Upload to IM and Presence Service

Note The information in the following procedure also applies to certificates ending in -ECDSA.

Note Cisco recommends that you sign all required cup-xmpp-s2s certificates for a cluster and upload them at
the same time.

Procedure

Step 1 Choose Cisco Unified IM and Presence OS AdministrationSecurityCertificate Management.

Step 2 Click Upload Certificate/Certificate chain.
Step 3 From the Certificate Name drop-down list, choose cup-xmpp.
Step 4 Enter a description for the signed certificate.
Step 5 Click Browse to locate the file to upload.
Step 6 Click Upload File.
Step 7 Repeat for each IM and Presence Service federation node.

For more information about certificate management, see the Cisco Unified Communications Operating System
Administration Guide.

What to Do Next
Restart the Cisco XCP XMPP Federation Connection Manager service on the affected nodes.

Restart Cisco XCP XMPP Federation Connection Manager Service

After you upload the cup-xmpp-s2s and/or cup-xmpp-s2s-ECDSA certificate to each IM and Presence Service
federation node, you must restart the Cisco XCP XMPP Federation Connection Manager service on each
federation node.

Procedure

Step 1 Log into the admin CLI.

Step 2 Run the following command: utils service restart Cisco XCP XMPP Federation Connection Manager
Step 3 Repeat for each federation node.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
123
 Delete Self-Signed Trust Certificates

Delete Self-Signed Trust Certificates

Note The information in the following section also applies to certificates ending in -ECDSA.

To support cross navigation for serviceability between nodes in the same cluster, the Cisco Tomcat service
trust stores between IM and Presence Service and Cisco Unified Communications Manager are automatically
synchronized.
When CA-signed certificates are generated to replace the original self-signed trust certificates on either IM
and Presence Service or Cisco Unified Communications Manager the original self-signed trust certificates
persist in the service trust store of both nodes. If you want to delete the self-signed trust certificates, you must
delete them on both the IM and Presence Service and Cisco Unified Communications Manager nodes.

Delete Self-Signed Trust Certificates from IM and Presence Service

Before You Begin

Important You have configured the IM and Presence Service nodes with CA-signed certificates, and waited 30
minutes for the Cisco Intercluster Sync Agent Service to perform its periodic clean-up task on a given IM
and Presence Service node.

Procedure

Step 1 Log in to the Cisco Unified IM and Presence Operating System Administration user interface, choose
Security > Certificate Management.
Step 2 Click Find.
The Certificate List appears.
Note The certificate name is composed of two parts, the service name and the certificate type. For example
tomcat-trust where tomcat is the service and trust is the certificate type.
The self-signed trust certificates that you can delete are:
• Tomcat and Tomcat-ECDSA — tomcat-trust
• Cup-xmpp and Cup-xmpp-ECDSA — cup-xmpp-trust
• Cup-xmpp-s2s and Cup-xmpp-s2s-ECDSA — cup-xmpp-trust
• Cup and Cup-ECDSA — cup-trust
• Ipsec — ipsec-trust

Step 3 Click the link for the self-signed trust certificate you wish to delete.
Important Be certain that you have configured a CA-signed certificate for the service associated with the
service trust store.
A new window appears that displays the certificate details.
Step 4 Click Delete.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
124
 Delete Self-Signed Trust Certificates

Note The Delete button only appears for certificates you have the authority to delete.

What to Do Next
Repeat the above procedure for each IM and Presence Service node in the cluster and on any intercluster peers
to ensure complete removal of unnecessary self-signed trust certificates across the deployment.
If the service is Tomcat, you must check for the IM and Presence Service node's self signed tomcat-trust
certificate on the Cisco Unified Communications Manager node. See, Delete Self-Signed Tomcat-Trust
Certificates from Cisco Unified Communications Manager, on page 125.

Delete Self-Signed Tomcat-Trust Certificates from Cisco Unified Communications Manager

There is a self-signed tomcat-trust certificate in the Cisco Unified Communications Manager service trust
store for each node in the cluster. These are the only certificates that you delete from the Cisco Unified
Communications Manager node.

Note The information in the following procedure also applies to -EC certificates.

Before You Begin

Ensure that you have configured the cluster's IM and Presence Service nodes with CA-signed certificates, and
you have waited for 30 minutes to allow the certificates to propagate to the Cisco Unified Communications
Manager node.

Procedure

Step 1 Log in to the Cisco Unified Operating System Administration user interface, choose Security > Certificate
Management.
The Certificate List window appears.
Step 2 To filter the search results, choose Certificate and begins with from the drop-down lists and then enter
tomcat-trust in the empty field. Click Find.
The Certificate List window expands with the tomcat-trust certificates listed.
Step 3 Identify the links that contain an IM and Presence Service node's hostname or FQDN in its name. These are
self-signed certificates associated with this service and an IM and Presence Service node.
Step 4 Click the link to an IM and Presence Service node's self-signed tomcat-trust certificate.
A new window appears that shows the tomcat-trust certificate details.
Step 5 Confirm in the Certificate Details that this is a self-signed certificate by ensuring that the Issuer Name CN=
and the Subject Name CN= values match.
Step 6 If you have confirmed that it is a self-signed certificate and you are certain that the CA-signed certificate has
propagated to the Cisco Unified Communications Manager node, click Delete.
Note The Delete button only appears for certificates that you have the authority to
delete.
Step 7 Repeat steps 4, 5, and 6 for each IM and Presence Service node in the cluster.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
125
 SIP Security Settings Configuration on IM and Presence Service

SIP Security Settings Configuration on IM and Presence Service

Configure TLS Peer Subject

When you import an IM and Presence Service certificate, IM and Presence Service automatically attempts to
add the TLS peer subject to the TLS peer subject list, and to the TLS context list. Verify the TLS peer subject
and TLS context configuration is set up to your requirements.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > System > Security > TLS Peer Subjects.
Step 2 Click Add New.
Step 3 Perform one of the following actions for the Peer Subject Name:
a) Enter the subject CN of the certificate that the node presents.
b) Open the certificate, look for the CN and paste it here.
Step 4 Enter the name of the node in the Description field.
Step 5 Click Save.

What to Do Next
Proceed to configure the TLS context.

Configure TLS Context

When you import an IM and Presence Service certificate, IM and Presence Service automatically attempts to
add the TLS peer subject to the TLS peer subject list, and to the TLS context list. Verify the TLS peer subject
and TLS context configuration is set up to your requirements.

Before You Begin

Configure a TLS peer subject on IM and Presence Service.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > System > Security > TLS Context
Configuration.
Step 2 Click Find.
Step 3 Choose Default_Cisco_UPS_SIP_Proxy_Peer_Auth_TLS_Context.
Step 4 From the list of available TLS peer subjects, choose the TLS peer subject that you configured.
Step 5 Move this TLS peer subject to Selected TLS Peer Subjects.
Step 6 Click Save.
Step 7 Choose Cisco Unified IM and Presence Serviceability > Tools > Service Activation.
Step 8 Restart the Cisco SIP Proxy service.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
126
 SIP Security Settings Configuration on IM and Presence Service

Troubleshooting Tip
You must restart the SIP proxy service before any changes that you make to the TLS context take effect.

Related Topics
Restart SIP Proxy Service, on page 111

Configure TLS Cipher Mapping

Configure the TLS cipher suite for a TLS context.
From the current release, the following new RSA-based and ECDSA-based ciphers have been added:
• ECDHE ECDSA Ciphers
◦TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
◦TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

• ECDHE RSA Ciphers

◦TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
◦TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

For further TLS encryption information see, Enhanced TLS Encryption on IM and Presence Service.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > System > Security > TLS Context
Configuration.
Step 2 Click Find.
Step 3 Choose a context configuration from the list.
Step 4 To add an available cipher to the suite of selected TLS ciphers, in the TLS Cipher Mapping pane select a
cipher in the Available TLS Ciphers list, and click the right arrow to move it to the Selected TLS Ciphers
list.
You can unselect a TLS cipher by clicking the left arrow to move the cipher from the Selected TLS Ciphers
list, back to the Available TLS Ciphers list.

Step 5 To order the priority of the ciphers in the Selected TLS Ciphers list, use the up and down arrows to the right
of that list.
Note Click Reset To Default if you want to return to the default configuration for this context.

Step 6 Click Save.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
127
 XMPP Security Settings Configuration on IM and Presence Service

XMPP Security Settings Configuration on IM and Presence Service

XMPP Security Modes

IM and Presence Service provides increased security for XMPP-based configuration. The following table
describes these XMPP security modes. To configure the XMPP security modes on IM and Presence Service,
choose Cisco Unified CM IM and Presence Administration > System > Security > Settings.

Table 16: XMPP Secure Mode Descriptions

Secure Mode Description

Enable XMPP Client To If you turn on this setting, IM and Presence Service establishes a secure TLS
IM/P Service Secure connection between the IM and Presence Service nodes and XMPP client
Mode applications in a cluster. IM and Presence Service turns on this secure mode by
default.
We recommend that you do not turn off this secure mode unless the XMPP
client application can protect the client login credentials in nonsecure mode. If
you do turn off the secure mode, verify that you can secure the XMPP
client-to-node communication in some other way.

Enable XMPP If you turn on this setting, IM and Presence Service establishes a secure TLS
Router-to-Router Secure connection between XMPP routers in the same cluster, or in different clusters.
Mode IM and Presence Service automatically replicates the XMPP certificate within
the cluster and across clusters as an XMPP trust certificate. An XMPP router
will attempt to establish a TLS connection with any other XMPP router that is
in the same cluster or a different cluster, and is available to establish a TLS
connection.

Enable Web Client to If you turn on this setting, IM and Presence Service establishes a secure TLS
IM/P Service Secure connection between the IM and Presence Service nodes and XMPP-based API
Mode client applications. If you turn on this setting, upload the certificates or signing
certificates for the web client in the cup-xmpp-trust repository on IM and
Presence Service.
Caution If your network and IM and Presence Service node support IPv6, and
you enable secure TLS connections to XMPP-based API client
applications, you must enable the IPv6 enterprise parameter for the
node and enable the IPv6 Ethernet IP setting for Eth0 on each IM
and Presence Service node using Cisco Unified IM and Presence
Operating System Administration; otherwise, the node attempts to
use IPv4 for IP traffic. Any packets that are received from an
XMPP-based API client application that has an IPv6 address will not
be delivered.
The node cannot revert to using IPv4 if the node is configured to use
an IPv6 connection to an external database, LDAP server, or Exchange
server, or if a federation deployment using IPv6 is configured for the
node.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
128
 XMPP Security Settings Configuration on IM and Presence Service

If you update the XMPP security settings, restart the services. Perform one of these actions:
• Restart the Cisco XCP Connection Manager if you edit Enable XMPP Client To IM/P Service Secure
Mode. Choose Cisco Unified IM and Presence Serviceability > Tools > Control Center - Feature
Services to restart this service.
• Restart the Cisco XCP Router if you edit the Enable XMPP Router-to-Router Secure Mode. Choose
Cisco Unified IM and Presence Serviceability > Tools > Control Center - Network Services to
restart this service.
• Restart the Cisco XCP Web Connection Manager if you edit Enable Web Client To IM/P Service
Secure Mode. Choose Cisco Unified IM and Presence Serviceability > Tools > Control Center -
Feature Services to restart this service.

Related Topics
Configure Secure Connection Between IM and Presence Service and XMPP Clients, on page 129

Configure Secure Connection Between IM and Presence Service and XMPP Clients

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > System > Security > Settings.
Step 2 Perform one of the following tasks:
• To establish a secure TLS connection between IM and Presence Service and XMPP client applications
in a cluster, choose Enable XMPP Client To IM/P Service Secure Mode.
Cisco recommends that you do not turn off this secure mode unless the XMPP client application can
protect the client login credentials in a nonsecure mode. If you do turn off the secure mode, verify that
you can secure the XMPP client-to-node communication in some other way.
• To establish a secure TLS connection between IM and Presence Service and XMPP-based API client
applications in a cluster, choose Enable Web Client To IM/P Service Secure Mode.
If you turn on this setting, upload the certificates or signing certificates for the web client in the
cup-xmpp-trust repository on IM and Presence.
Caution If your network and IM and Presence Service node support IPv6, and you enable secure TLS
connections to XMPP-based API client applications, you must enable the IPv6 enterprise
parameter for the node and enable the IPv6 Ethernet IP setting for Eth0 on each IM and
Presence Service node in the cluster. If the enterprise parameter and Eth0 are not configured
for IPv6, the node attempts to use IPv4 for any IPv6 packets that are received from an
XMPP-based API client application and those IPv6 packets are not delivered.
The node cannot revert to using IPv4 if the node is configured to use an IPv6 connection to
an external database, LDAP server, or an Exchange server, or if a federation deployment
using IPv6 is configured for the node.

Step 3 Click Save.

If you update the XMPP security settings, restart the following service using one of the following actions:

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
129
 XMPP Security Settings Configuration on IM and Presence Service

• Restart the Cisco XCP Connection Manager if you edit Enable XMPP Client To IM/P Service Secure
Mode. Choose Cisco Unified IM and Presence Serviceability > Tools > Control Center - Feature
Services to restart this service.
• Restart the Cisco XCP Web Connection Manager if you edit Enable Web Client To IM/P Service
Secure Mode. Choose Cisco Unified IM and Presence Serviceability > Tools > Control Center -
Feature Services to restart this service.

What to Do Next
Proceed to turn on the services that support XMPP clients on the IM and Presence Service node.

Related Topics
Third-Party Client Integration, on page 18

Turn On IM and Presence Service Services to Support XMPP Clients

Perform this procedure on each node in your IM and Presence Service cluster.

Procedure

Step 1 Choose Cisco Unified IM and Presence Serviceability > Tools > Service Activation.
Step 2 Choose the IM and Presence Service node from the Server menu.
Step 3 Turn on the following services:
• Cisco XCP Connection Manager - Turn on this service if you are integrating XMPP clients, or
XMPP-based API clients on IM and Presence Service.
• Cisco XCP Authentication Service - Turn on this service if you are integrating XMPP clients, or
XMPP-based API clients, or XMPP-based API clients on IM and Presence Service.
• Cisco XCP Web Connection Manager - Optionally, turn on this service if you are integrating XMPP
clients, or XMPP-based API clients on IM and Presence Service.

Step 4 Click Save.

Tip For XMPP clients to function correctly, make sure you turn on the Cisco XCP Router on all nodes in
your cluster.

Related Topics
Third-Party Client Integration, on page 18

Enable Wildcards in XMPP Federation Security Certificates

To support group chat between XMPP federation partners over TLS, you must enable wildcards for XMPP
security certificates.
By default, the XMPP federation security certificates cup-xmpp-s2s and cup-xmpp-s2s-ECDSA contains all
domains hosted by the IM and Presence Service deployment. These are added as Subject Alternative Name

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
130
 XMPP Security Settings Configuration on IM and Presence Service

(SAN) entries within the certificate. You must supply wildcards for all hosted domains within the same
certificate. So instead of a SAN entry of “example.com”, the XMPP security certificate must contain a SAN
entry of “*.example.com”. The wildcard is needed because the group chat server aliases are sub-domains of
one of the hosted domains on the IM and Presence Service system. For example: “conference.example.com”.

Tip To view the cup-xmpp-s2s or cup-xmpp-s2s-ECDSA certificates on any node, choose Cisco Unified IM
and Presence OS Administration > Security > Certificate Management and click on the cup-xmpp-s2s
or cup-xmpp-s2s-ECDSA links.

Procedure

Step 1 Choose System > Security Settings.

Step 2 Check Enable Wildcards in XMPP Federation Security Certificates.
Step 3 Click Save.

What to Do Next
You must regenerate the XMPP federation security certificates on all nodes within the cluster where the Cisco
XMPP Federation Connection Manager service is running and XMPP Federation is enabled. This security
setting must be enabled on all IM and Presence Service clusters to support XMPP Federation Group Chat
over TLS.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
131
 XMPP Security Settings Configuration on IM and Presence Service

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
132
 CHAPTER 10
Intercluster Peer Configuration
• Prerequisites for Intercluster Deployment, page 133
• Intercluster Peer Configuration, page 134

Prerequisites for Intercluster Deployment

You configure an intercluster peer between the IM and Presence database publisher nodes in standalone IM
and Presence Service clusters. No configuration is required on the IM and Presence Service subscriber nodes
in a cluster for intercluster peer connections. Before you configure IM and Presence Service intercluster peers
in your network, note the following:
• The intercluster peers must each integrate with a different Cisco Unified Communications Manager
cluster.
• You must complete the required multinode configuration in both the home IM and Presence Service
cluster, and in the remote IM and Presence Service cluster:
◦Configure the system topology and assign your users as required.
◦Activate the services on each IM and Presence Service node in the cluster.

• You must turn on the AXL interface on all local IM and Presence nodes, and on all remote IM and
Presence nodes. IM and Presence Service creates, by default, an intercluster application user with AXL
permissions. To configure an intercluster peer, you will require the username and password for the
intercluster application user on the remote IM and Presence Service node.
• You must turn on the Sync Agent on the local IM and Presence database publisher node, and on the
remote IM and Presence database publisher node. Allow the Sync Agent to complete the user
sychronization from Cisco Unified Communications Manager before you configure the intercluster
peers.

For sizing and performance recommendations for intercluster deployments, including information on
determining a presence user profile, see the IM and Presence Service SRND.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
133
 Intercluster Peer Configuration

Intercluster Peer Configuration

Configure Intercluster Peer

Perform this procedure on the database publisher node of the local IM and Presence Service cluster, and on
the database publisher node of the remote IM and Presence Service cluster (with which you want your local
cluster to form a peer relationship).

Before You Begin

• Activate the AXL interface on all local IM and Presence Service nodes and confirm that the AXL
interface is activated on all remote IM and Presence Service nodes.
• Confirm that the Sync Agent has completed the user synchronization from Cisco Cisco Unified
Communications Manager on the local and remote cluster.
• Acquire the AXL username and password for the intercluster application user on the remote IM and
Presence Service node.
• If you do not use DNS in your network, see topics related to IM and Presence Service default domain
and node name values for intercluster deployments.
• Resolve any invalid or duplicate userIDs before proceeding. For more information, see topics related to
end-user management and handling.

Note For the intercluster peer connection to work properly, the following ports must be left open if there is a
firewall between the two clusters:
• 8443 (AXL)
• 7400 (XMPP)
• 5060 (SIP) Only if SIP federation is being used

Restriction
Cisco recommends that you use TCP as the intercluster trunk transport for all IM and Presence Service clusters.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
134
 Intercluster Peer Configuration

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Presence > Inter-Clustering.
Step 2 Enter the IP address, FQDN, or hostname of the database publisher node of a remote IM and Presence Service
cluster.
Step 3 Enter the username of the application user on the remote IM and Presence Service node that has AXL
permissions.
Step 4 Enter the associated password of the application user on the remote IM and Presence Service node that has
AXL permissions.
Step 5 Enter the preferred protocol for SIP communication.
Step 6 (Optional) Enter the External Phone Number Mask value. This is the E.164 mask to apply to Directory
Numbers retrieved from the remote cluster.
Step 7 Click Save.
Step 8 Restart the Cisco XCP Router service on all nodes in the local cluster.
Step 9 Repeat this procedure to create the remote intercluster peer, and then restart the Cisco XCP Router service
on all nodes in the remote cluster.
Tip If you configure the intercluster peer connection before the Sync Agent completes the user
synchronization from Cisco Cisco Unified Communications Manager (on either the local or remote
cluster), the status of the intercluster peer connection will display as Failed.
If you choose TLS as the intercluster transport protocol, IM and Presence Service attempts to
automatically exchange certificates between intercluster peers to establish a secure TLS connection.
IM and Presence Service indicates whether the certificate exchange is successful in the intercluster
peer status section.

What to Do Next
Proceed to turn on the Intercluster Sync Agent.

Related Topics
Restart Cisco XCP Router Service, on page 60
Node Name Value for Intercluster Deployments, on page 30
IM and Presence Default Domain Value for Intercluster Deployments, on page 31
Restart Cisco XCP Router Service, on page 60
Node Name Value for Intercluster Deployments, on page 30
Default Domain Value for Intercluster Deployments

Turn On Intercluster Sync Agent

By default, IM and Presence Service turns on the Intercluster Sync Agent parameter. Use this procedure to
either verify that the Intercluster Sync Agent parameter is on, or to manually turn on this service.
The Intercluster Sync Agent uses the AXL/SOAP interface for the following:
• to retrieve user information for IM and Presence Service to determine if a user is a local user (on the
local cluster), or a user on a remote IM and Presence Service cluster within the same domain.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
135
 Intercluster Peer Configuration

• to notify remote IM and Presence Service clusters of changes to users local to the cluster.

Note You must turn on the Intercluster Sync Agent on all nodes in the IM and Presence Service cluster because
in addition to synchronizing user information from the local IM and Presence database publisher node to
the remote IM and Presence database publisher node, the Intercluster Sync Agent also handles security
between all nodes in the clusters.

Procedure

Step 1 Choose Cisco Unified IM and Presence Serviceability > Tools > Control Center - Network Services.
Step 2 Choose the IM and Presence Service node from the Server menu.
Step 3 Choose Cisco Intercluster Sync Agent.
Step 4 Click Start.

What to Do Next
Proceed to verify the intercluster peer status.

Related Topics
Multinode Scalability Feature, on page 25

Verify Intercluster Peer Status

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Presence > Inter-Clustering.
Step 2 Choose the peer address from the search criteria menu.
Step 3 Click Find.
Step 4 Choose the peer address entry that you wish to view.
Step 5 In the Intercluster Peer Status window:
a) Verify that there are check marks beside each of the result entries for the intercluster peer.
b) Make sure that the Associated Users value equals the number of users on the remote cluster.
c) If you choose TLS as the intercluster transport protocol, the Certificate Status item displays the status of
the TLS connection, and indicates if IM and Presence Service successfully exchanged security certificates
between the clusters. If the certificate is out-of-sync, you need to manually update the tomcat trust certificate
(as described in this module). For any other certificate exchange errors, check the Online Help for a
recommended action.
Step 6 Choose Cisco Unified CM IM and Presence Administration > Diagnostics > System Troubleshooter.
Step 7 Verify that there are check marks beside the status of each of the intercluster peer connection entries in the
InterClustering Troubleshooter section.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
136
 Intercluster Peer Configuration

Update Intercluster Sync Agent Tomcat Trust Certificates

If the tomcat certificate status for an intercluster peer is out-of-sync, you need to update the Tomcat trust
certificate. In an intercluster deployment this error can occur if you reuse the existing Intercluster Peer
Configuration to point to a new remote cluster. Specifically, in the existing Intercluster Peer Configuration
window, you change the Peer Address value to point to a new remote cluster. This error can also occur in a
fresh IM and Presence Service installation, or if you change the IM and Presence Service host or domain
name, or if you regenerate the Tomcat certificate.
This procedure describes how to update the Tomcat trust certificate when the connection error occurs on the
local cluster, and the corrupt Tomcat trust certificates are associated with the remote cluster.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Presence > Inter-Clustering.
Step 2 Click Force Sync to synchronize certificates with the remote cluster.
Step 3 In the confirmation window that displays, choose Also resync peer's Tomcat certificates.
Step 4 Click OK.
Note If there are any certificates that have not synced automatically, go to the Intercluster Peer Configuration
window and all certificates marked with an x are the missing certificates which you need to manually
copy.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
137
 Intercluster Peer Configuration

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
138
PART III
Feature Configuration
• Availability and Instant Messaging on IM and Presence Service Configuration , page 141
• Managed File Transfer, page 147
• High Availability for Persistent Chat on IM and Presence Service, page 177
• Multiple Device Messaging, page 185
 CHAPTER 11
Availability and Instant Messaging on IM and
Presence Service Configuration
• Availability Setup on IM and Presence Service, page 141
• IM Setup On IM and Presence Service, page 144

Availability Setup on IM and Presence Service

Turn On or Off Availability Sharing for IM and Presence Service Cluster

This procedure describes how to turn on or off availability sharing for all client applications in a IM and
Presence Service cluster.
Availability sharing is turned on by default on IM and Presence Service.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Presence > Settings > Standard
Configuration.
Step 2 Configure the availability setting. Perform one of the following actions:
• To turn on availability sharing in the IM and Presence Service cluster, check Enable availability sharing.
If you turn on this setting, IM and Presence Service shares availability information for a user amongst
all users in the cluster, based on the policy settings for that user.
The default policy setting for a user is to allow all other users view their availability. Users configure
their policy settings from the Cisco Jabber client.
• To turn off availability sharing for all clients in the IM and Presence Service cluster, uncheck Enable
availability sharing.. If you turn off this setting, IM and Presence Service does not share any availability
to other users in the IM and Presence Service cluster, nor does it share availability information it receives
from outside the cluster. Users can only view their own availability status.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
141
 Availability Setup on IM and Presence Service

Step 3 Click Save.

Step 4 Restart the following services:
a) Cisco XCP Router
b) Cisco Presence Engine
Tip • When you turn off availability sharing, a user can view their own availability status on the
client application; the availability status for all other users are greyed out.
• When you turn off availability sharing, when a user enters a chat room, their availability
status shows a status of “Unknown” with a green icon.

Configure Ad-Hoc Presence Subscription Settings

Note These settings allow users to initiate ad-hoc presence subscriptions to users that are not on their contact
list.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Presence > Settings > Standard
Configuration.
Step 2 Check Enable ad-hoc presence subscriptions to turn on ad-hoc presence subscriptions for Cisco Jabber
users.
Step 3 Set the maximum number of active ad-hoc subscriptions that IM and Presence Service permits at one time.
If you configure a value of zero, IM and Presence Service permits an unlimited number of active ad-hoc
subscriptions.
Step 4 Set the time-to-live value (in seconds) for the ad-hoc presence subscriptions.
When this time-to-live value expires, IM and Presence Service drops any ad-hoc presence subscriptions and
no longer temporarily monitors the availability status for that user.
Note If the time-to-live value expires while the user is still viewing an instant message from a ad-hoc
presence subscription, the availability status that displays may not be current.
Step 5 Click Save.
You do not have to restart any services on IM and Presence Service for this setting, however Cisco Jabber
users will have to sign out, and sign back in to retrieve the latest ad-hoc presence subscriptions settings on
IM and Presence Service.

Configure Maximum Contact List Size Per User

You can configure the maximum contact list size for a user; this is the number of contacts the user can add
to their contact list. This setting applies to the contact list on Cisco Jabber client applications and on third-party
client applications.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
142
 Availability Setup on IM and Presence Service

Users who reach the maximum number of contacts are unable to add new contacts to their contact list, nor
can other users add them as a contact. If a user is close to the maximum contact list size, and the user adds a
group of contacts that pushes the contact list over the maximum number, IM and Presence Service does not
add the surplus contacts. For example, if the maximum contact list size on IM and Presence Service is 200.
A user has 195 contacts and attempts to add 6 new contacts to the list, IM and Presence Service adds five
contacts and does not add the sixth contact.

Tip The System Troubleshooter in Cisco Unified CM IM and Presence Administration indicates if there are
users who have reached the contact list limit.

If you are migrating users to IM and Presence Service, Cisco recommends that you set the Maximum Contact
List Size and Maximum Watchers settings to Unlimited while importing user contact lists. This ensures that
each migrated user contact list is fully imported. After all users have migrated, you can reset the Maximum
Contact List Size and Maximum Watchers settings to the preferred values.

Note The maximum contact list size for a user, counts only the contacts that are on the same cluster as that user.
Contacts from intercluster peers are not included in this count. If the user has 10 contacts from their own
cluster, and 10 contacts from an intercluster peer, the user only receives a warning if the maximum contact
list size is set to 10. If it is set to 15, no warning appears.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Presence > Settings.
Step 2 Edit the value of the Maximum Contact List Size (per user) setting.
The default value is 200.
Tip Check the No Limit check box to allow an unlimited contact list
size.
Step 3 Click Save.
Step 4 Restart the Cisco XCP Router service.

Related Topics
Restart Cisco XCP Router Service, on page 60

Configure Maximum Number of Watchers Per User

You can configure the number of watchers for a user, specifically the maximum number of people that can
subscribe to see the availability status for a user. This setting applies to the contact list on Cisco Jabber clients
and on third-party clients.
If you are migrating users to IM and Presence Service, Cisco recommends that you set the Maximum Contact
List Size and Maximum Watchers settings to Unlimited while importing user contact lists. This ensures that
each migrated user contact list is fully imported. After all users have migrated, you can reset the Maximum
Contact List Size and Maximum Watchers settings to the preferred values.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
143
 IM Setup On IM and Presence Service

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Presence > Settings.
Step 2 Edit the value of the Maximum Watchers (per user) setting.
The default value is 200.
Tip Check the No Limit check box to allow an unlimited number of watchers.

Step 3 Click Save.

Step 4 Restart the Cisco XCP Router service.

IM Setup On IM and Presence Service

Turn On or Off Instant Messaging for IM and Presence Service Cluster

This procedure describes how to turn on or off instant message capabilities for all client applications in a IM
and Presence Service cluster. Instant message capabilities is turned on by default on IM and Presence Service.

Caution When you turn off instant message capabilities on IM and Presence Service, all group chat functionality
(ad hoc and persistent chat) will not work on IM and Presence Service. We recommend that you do not
turn on the Cisco XCP Text Conference service or configure an external database for persistent chat on
IM and Presence Service.

Procedure

Step 1 Log in to Cisco Unified CM IM and Presence Administration, choose Messaging > Settings.
Step 2 Configure the instant messaging setting. Do one of the following actions:
• To turn on instant message capabilities for client applications in the IM and Presence Service cluster,
check Enable instant messaging.. If you turn on this setting, local users of client applications can send
and receive instant messages.
• To turn off instant message capabilities for client applications in the IM and Presence Service cluster,
uncheck Enable instant messaging..
Note If you turn off this setting, local users of client applications cannot send and receive instant
messages. Users can only use the instant messaging application for availability and phone
operations. If you turn off this setting, users do not receive instant messages from outside the
cluster.

Step 3 Click Save.

Step 4 Restart the Cisco XCP Router service.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
144
 IM Setup On IM and Presence Service

Turn On or Off Offline Instant Messaging

By default IM and Presence Service stores (locally) any instant messages that are sent to a user when they are
offline, and IM and Presence Service delivers these instant messages to the user the next time they sign in to
the client application. You can turn off (suppress) this feature so IM and Presence Service does not store
offline instant messages.

Note IM and Presence Service limits offline messages to 100 per user up to a maximum of 30000 per node.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Messaging > Settings.
Step 2 Configure the offline instant messaging. Perform one of the following actions:
• To turn off the storage of offline instant messages on IM and Presence Service, check Suppress Offline
Instant Messaging.. If you check this setting, any instant messages that are sent to a user when they
are offline, IM and Presence Service does not deliver these instant messages to the user the next time
they sign in to the client application.
• To turn on the storage of offline instant messages on IM and Presence Service, uncheck Suppress Offline
Instant Messaging.. If you uncheck this setting, any instant messages that are sent to a user when they
are offline, IM and Presence Service delivers these instant messages to the user the next time they sign
in to the client application.

Step 3 Click Save.

Allow Clients to Log Instant Message History

You can prevent or allow users to log instant message history locally on their computer. On the client side,
the application must support this functionality; it must enforce the prevention of instant message logging.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Messaging > Settings.
Step 2 Configure the log instant message history setting as follows:
• To allow users of client applications to log instant message history on IM and Presence Service, check
Allow clients to log instant message history (on supported clients only).
• To prevent users of client applications from logging instant message history on IM and Presence Service,
uncheck Allow clients to log instant message history (on supported clients only).

Step 3 Click Save.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
145
 IM Setup On IM and Presence Service

Allow Cut and Paste in Instant Messages

You can prevent or allow users to log instant message history locally on their computer. On the client side,
the application must support this functionality; it must enforce the prevention of instant message logging.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Messaging > Settings.
Step 2 Configure the cut and paste in instant messages setting as follows:
• To allow users of client applications to cut and paste in instant messages, check Allow cut & paste in
instant messages.
• To prevent users of client applications from cutting and pasting in instant messages, uncheck Allow cut
& paste in instant messages.

Step 3 Click Save.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
146
 CHAPTER 12
Managed File Transfer
• Managed File Transfer, page 147
• External Database, page 149
• External File Server, page 151
• Cisco XCP File Transfer Manager RTMT Alarms and Counters, page 156
• Managed File Transfer Workflow, page 158
• Troubleshooting Managed File Transfer, page 168
• Cisco Jabber Client Interoperability, page 169

Managed File Transfer

Managed file transfer (MFT) allows an IM and Presence Service client, such as Cisco Jabber, to transfer files
to other users, ad hoc group chat rooms, and persistent chat rooms. The files are stored in a repository on an
external file server and the transaction is logged to an external database.
This configuration is specific to file transfers and has no impact on the message archiver feature for regulatory
compliance.

Supported Software
• IM and Presence Service, Release 10.5(2) or later
• PostgreSQL, versions 9.1.x, 9.2.x, 9.3.x and 9.4.x
• Oracle, versions 9i, 10g, or 11g

Note If an encrypted connection to the external database is required, you must use Oracle
11g.

• You can install the database on either a Linux or a Windows operating system. See the PostgreSQL and
Oracle documentation for details on the supported operating systems and platform requirements.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
147
 Managed File Transfer

• The external database is supported on both virtualized and non-virtualized platforms.

• IPv4 and IPv6 are supported as is dual-stack mode.

Related Topics
PostgreSQL documentation
Oracle documentation

File Transfer Flow

1 The sender's client uploads the file via HTTP, and the server responds with a URI for the file.
2 The file is stored in the repository on the file server.
3 An entry is written to the external database log table to record the upload.
4 The sender’s client sends an IM to the recipient; the IM includes the URI of the file.
5 The recipient’s client requests the file via HTTP. After reading the file from the repository (6) and recording
the download in the log table (7), the file is downloaded to the recipient.

The flow for transferring a file to a group chat or persistent chat room is similar, except the sender sends the
IM to the chat room, and each chat room participant sends a separate request to download the file.

Note When a file upload occurs, the managed file transfer service is selected from all managed file transfer
services available in the enterprise for the given domain. The file upload is logged to the external database
and external file server associated with the node where this managed file transfer service is running. When
a user downloads this file, the same managed file transfer service handles the request and logs it to the
same external database and the same external file server, regardless of where this second user is homed.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
148
 External Database

Important Notes
Before you enable managed file transfer on an IM and Presence Service node consider these points:
• If you deploy any combination of the persistent group chat, message archiver, or managed file transfer
features on an IM and Presence Service node, you can assign the same physical external database
installation and external file server to all of these features. However, you should consider the potential
IM traffic, the number of file transfers, and the file size when you determine the server capacity.
• Ensure that all clients can resolve the full FQDN of the IM and Presence Service node to which they are
assigned. For the managed file transfer feature to work, it is not enough for the clients to resolve the
hostname; they must be able to resolve the FQDN.
• The node public key is invalidated if the node's assignment is removed. If the node is reassigned, a new
node public key is automatically generated and the key must be reconfigured on the external file server.
• The Cisco XCP File Transfer Manager service must be active on each node where managed file transfer
is enabled.

You can configure one of the following options on the File Transfer window:
• Disabled—file transfer is disabled for the cluster.
• Peer-to-Peer—one-to-one file transfers are allowed, but files are not archived or stored on a server.
Group chat file transfer is not supported.
• Managed File Transfer—one-to-one and group file transfers are allowed. File transfers are logged to
a database and the transferred files are stored on a server. The client must also support managed file
transfer, otherwise no file transfers are allowed.
• Managed and Peer-to-Peer File Transfer—one-to-one and group file transfers are allowed. File
transfers are logged to a database and the transferred files are stored on a server only if the client supports
managed file transfer. If the client does not support managed file transfer, this option is equivalent to
the Peer-to-Peer option.

Note If managed file transfer is configured on a node and you change the File Transfer Type to Disabled or
Peer-to-Peer, be aware that the mapped settings to the external database and to the external file server
for that node are deleted. The database and file server remain configured but you must reassign them if
you re-enable managed file transfer for the node.

Depending on your pre-upgrade setting, after an upgrade to IM and Presence Service Release 10.5(2) or later,
either Disabled or Peer-to-Peer is selected.

External Database
You require one unique logical external database instance for each IM and Presence Service node in an IM
and Presence Service cluster. The external database logs the metadata associated with a file transfer, including:
• AFT index—the sequence number that identifies the transaction.
• JID—the Jabber ID of the user who uploaded or downloaded a file.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
149
 External Database

• To JID—the Jabber ID of the user, group chat, or persistent room that is the intended recipient of the
file transfer.
• File name—the autogenerated encoded resource name assigned to the uploaded file.
• Real file name—the real name of the uploaded file.
• File server—the hostname or IP address of the file server where the file is stored.
• File path—the absolute path to the file (including the file name) on the file server.
• File size—the size of the file in bytes.
• Time stamp value—the date and time (UTC) the file was uploaded or downloaded.

Note For a full list of the logged metadata, see Database Setup for IM and Presence Service
on Cisco Unified Communications Manager at this link.

Important Notes
• The external database requirements and restrictions differ depending on the features you want to deploy
on IM and Presence Service:
• Managed file transfer—you require one unique logical external database instance for each IM and
Presence Service node in an IM and Presence Service cluster.
• Persistent group chat—you require one unique logical external database instance for each IM and
Presence Service node in an IM and Presence Service cluster.

Note Each node requires its own logical database instance, but nodes can share the same
physical database installation.

• Message archiver—we highly recommend that you configure at least one logical external database
instance for an IM and Presence Service cluster. However, you may require more than one external
database for a cluster depending on your IM traffic and server capacity.

• If IM and Presence Service connects to an external database server using IPv6, ensure that the enterprise
parameter is configured for IPv6 and that the Ethernet interface is set for IPv6 on each node in the
deployment. Otherwise, the connection to the external database server fails and the Cisco XCP Message
Archiver and Cisco XCP Text Conference Manager services are unable to connect to the external database
and fail. For information about configuring IPv6 on IM and Presence Service, see the Related Topics.
• For information about database size and scalability for the managed file transfer feature, see the Cisco
Collaboration System Solution Reference Network Designs (SRND) document at this link: http://
www.cisco.com/c/en/us/solutions/enterprise/unified-communication-system/index.html

Related Topics
IPv6 Configuration, on page 78

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
150
 External File Server

External Database Disk Usage

You are responsible for managing the database disk usage. You must ensure that the disks or tablespaces do
not become full, otherwise the managed file transfer feature may stop working. There are counters and alerts
to help you manage database disk usage. See Cisco XCP File Transfer Manager RTMT Alarms and Counters,
on page 156.
The following are sample SQL commands that you can use to purge records from the external database:
• to remove all records of files that were uploaded, run the following command:
DELETE
FROM aft_log
WHERE method = 'Post';
• to remove records of all files that were downloaded by a specific user, run the following command:
DELETE
FROM aft_log
WHERE jid LIKE '<userid>@<domain>%' AND method = 'Get';
• to remove records of all files that were uploaded after a specific time, run the following command:
DELETE
FROM aft_log
WHERE method = 'Post' AND timestampvalue > '2014-12-18 11:58:39';

See Database Setup for IM and Presence Service on Cisco Unified Communications Manager at this link for
sample SQL queries that you can adapt to purge records from the external database.

Note Files that have not been purged from the external file server can still be accessed or downloaded even if
records relating to those files have been purged from the external database.

External File Server

The file server is the repository for files transferred by the managed file transfer feature. Metadata associated
with a managed file transfer is stored in an external database.

Note Files are stored on an external Linux file server, not on the IM and Presence Service node.

External File Server Requirements

Note the following requirements for the external file server.
• Subject to file server capacity, each IM and Presence Service node requires its own unique logical file
server directory, however, nodes can share the same physical file server installation.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
151
 External File Server

• The file server must support an ext4 file system, SSHv2, and SSH tools.
• The file server must support OpenSSH 4.9 or later.
• The network throughput between IM and Presence Service and the external file server must be greater
than 60 megabytes per second.
You can use the show fileserver transferspeed CLI command after you enable managed file transfer
to determine your file server transfer speed. Be aware that if you run this command while the system is
busy, it may impact the value returned by the command. For more information about this command, see
the Command Line Interface Guide for Cisco Unified Communications Solutions at this link.

Recommendations for File Storage Partitions

Cisco recommends that you create one or more separate partitions that are dedicated to file transfer storage
so that other applications that run on the server do not write to it. All file storage directories should be created
on these partitions.
Consider the following:
• If you create partitions, be sure to consider that the IM and Presence Service default file size setting (0)
allows files up to 4GB to be transferred. This setting can be lowered when you set up managed file
transfer.
• Consider the number of uploads per day and the average file size.
• Ensure that the partition has sufficient disk space to hold the expected volume of files.
For example, 12000 users transfer 2 files per hour with an average file size of 100KB = 19.2GB per 8
hour day.

Important Notes
• You provide and maintain the external file server.
• You are responsible for managing file storage and disk usage. For more information about file server
management, see the Related References.
There are counters and alerts to help you manage file server disk usage. For more information about the
managed file transfer alarms and counters, see the Related References.
• A file server partition/directory is mounted in the IM and Presence Service directory that is used to store
files.
• The connection to the file server is encrypted using SSHFS, so the content of all files is encrypted.

Related Topics
Prerequisites, on page 160
File Server Management, on page 154
Cisco XCP File Transfer Manager RTMT Alarms and Counters, on page 156

User Authentication
IM and Presence Service authenticates itself and the file server using SSH keys:
• IM and Presence Service public key is stored on the file server.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
152
 External File Server

• During connection, SSHFS validates the IM and Presence Service private key.
• The file server public key is stored on IM and Presence Service. This allows the IM and Presence Service
to ensure that it is connecting to the configured file server and minimize man-in-the-middle attacks.

Public and Private Keys

When a server private/public key pair is generated the private key is usually written to
/etc/ssh/ssh_host_rsa_key
The public key is written to /etc/ssh/ssh_host_rsa_key.pub
If these files do not exist, complete the following procedure:
1 Enter the following command:
$ ssh-keygen -t rsa -b 2048

2 Copy the file server's public key.

You must copy the entire string of text for the public key from the hostname, FQDN, or the IP address
(for example, hostname ssh-rsa AAAAB3NzaC1yc...). In most Linux deployments the key contains the
server's hostname or FQDN.

Tip If the output from the $ ssh-keygen -t rsa -b 2048 command doesn't contain a hostname, then use the
output from the following command instead: $ ssh-keyscan hostname

3 For each IM and Presence Service node that is configured to use this file server, paste the public key into
the External File Server Public Key field on the External File Server Configuration window.

Important Passwordless SSH must be configured for the managed file transfer feature. See the SSHD man page for
full configuration instructions for passwordless SSH.

File Server Directories

You can create any directory structure you want, with any directory names. Be certain to create a directory
for each managed file transfer enabled node. Later, when you enable managed file transfer on IM and Presence
Service, you must assign each directory to a node.

Important You must create a directory for each node that has managed file transfer enabled.

When the first file transfer occurs, timestamped subdirectories are automatically created, as described in this
example:
• We create the path /opt/mftFileStore/node_1/ on an IM and Presence Service node1.
• The directory /files/ is autogenerated.

1 Remember to create this directory structure on every other node that will have managed file transfer enabled.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
153
 External File Server

• The three /chat_type/ directories (im, persistent, groupchat) are autogenerated.

• The date directory /YYYYMMDD/ is autogenerated.
• The hour directory /HH/ is autogenerated. If more than 1,000 files are transferred within an hour,
additional roll-over directories /HH.n/ are created.
• The file is saved with an autogenerated encoded resource name, hereafter referred to as file_name.

In this example, our complete path to a file is:

/opt/mftFileStore/node_1/files/chat_type/YYYYMMDD/HH/file_name
Using our example path:
• Files transferred during one-to-one IM on August 11th 2014 between 15.00 and 15.59 UTC are in the
following directory:
/opt/mftFileStore/node_1/files/im/20140811/15/file_name
Files transferred during persistent group chat on August 11th 2014 between 16.00 and 16.59 UTC are
in the following directory:
/opt/mftFileStore/node_1/files/persistent/20140811/16/file_name
• The 1001st file transferred during ad hoc chat on August 11th 2014 between 16.00 and 16.59 UTC is
in the following directory:
/opt/mftFileStore/node_1/files/groupchat/20140811/16.1/file_name
• If no file transfers occur inside of an hour, there are no directories created for that period.

Note The traffic between IM and Presence Service and the file server is encrypted using SSHFS, but the file
contents are written to the file server in unencrypted form.

File Server Management

You are responsible for managing file storage and disk usage. To manage the size of the external database,
you can automatically purge files by combining queries with shell scripting. Your queries can use the metadata
that is created when files are transferred including transfer type, file type, timestamp, absolute path on the file
server to the file, and other information.

Note Do not purge files that were created during the current UTC hour.

When choosing how to handle IM and group chat, consider that one-to-one IM and group chat are probably
transient so transferred files may be deleted promptly. However, keep in mind that:
• IMs delivered to offline users may trigger a delayed request for a file.
• Persistent chat transfers may need to be longer lived.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
154
 External File Server

Sample Query and Output

You can perform queries on the AFT_LOG table and then use the output of the queries to purge unwanted
files from the external file server.
For example, the following query returns records for every file that was uploaded after a specific date:
SELECT file_path
FROM aft_log
WHERE method = 'Post' AND timestampvalue > '2014-12-18 11:58:39';
The output of this query would be something like this:
/opt/mftFileStore/node_1/files/im/20140811/15/file_name1
/opt/mftFileStore/node_1/files/im/20140811/15/file_name2
/opt/mftFileStore/node_1/files/im/20140811/15/file_name3
/opt/mftFileStore/node_1/files/im/20140811/15/file_name4
...
/opt/mftFileStore/node_1/files/im/20140811/15/file_name99
/opt/mftFileStore/node_1/files/im/20140811/15/file_name100
You can then write a script that uses the rm command and this output to remove these files from the external
file server. See Database Setup for IM and Presence Service on Cisco Unified Communications Manager at
this link for more sample SQL queries that you can use to purge records from the external file server.

Note Files that have not been purged from the external file server can still be accessed or downloaded even if
records relating to those files have been purged from the external database.

Managed File Transfer Service Parameters

To help you to manage the external file server disk space, you can define the thresholds at which an RTMT
alarm is generated with the following service parameters (for the Cisco XCP File Transfer Manager service):
• External File Server Available Space Lower Threshold—If the percentage of available space on the
external file server partition is at or below this value, the XcpMFTExtFsFreeSpaceWarn alarm is raised.
The default value for this service parameter is 10%.
• External File Server Available Space Upper Threshold—If the percentage of available space on the
external file server partition reaches or exceeds this value, the XcpMFTExtFsFreeSpaceWarn alarm is
cleared. The default value for this service parameter is 15%.

You must restart the Cisco XCP Router service after you change either of these parameters. To configure
these parameters, log in to the Cisco Unified CM IM and Presence Administration interface, choose System
> Service Parameters, and select the Cisco XCP File Transfer Manager service for the node.

Tip Do not configure the lower threshold value to be greater than the upper threshold value. Otherwise the
Cisco XCP File Transfer Manager service will not start after you restart the Cisco XCP Router service.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
155
 Cisco XCP File Transfer Manager RTMT Alarms and Counters

Related Topics
Cisco XCP File Transfer Manager RTMT Alarms and Counters, on page 156

Cisco XCP File Transfer Manager RTMT Alarms and Counters

Alerts
When an IM and Presence Service node is integrated with an external server and external database for managed
file transfers, the transferred files are delivered to users after they are successfully archived to the external
file server and after the file metadata is logged to the external database.
If an IM and Presence Service node loses its connection to the external file server or to the external database,
IM and Presence Service does not deliver the file to the recipient.
To ensure that you are notified if the connections are lost, you should verify that the following RTMT alarm
settings are properly configured.

Note Any files that were uploaded before the connection to the external file server was lost and were in the
process of being downloaded, fail to be downloaded. However, there is a record of the failed transfer in
the external database. To identify these files, the external database fields file_size and bytes_transferred
do not match.

Alarm Problem Solution

XcpMFTExtFsMountError Cisco XCP File Transfer Check the External File Server
Manager has lost its Troubleshooter for more information.
connection to the external Check that the external file server is running
file server. correctly.
Check if there is any problem with the
network connectivity to the external file
server.

XcpMFTExtFsFreeSpaceWarn Cisco XCP File Transfer Free up space on the external file server by
Manager has detected that deleting unwanted files from the partition
the available disk space on used for file transfer.
the external file server is
low.

XcpMFTDBConnectError Cisco XCP data access layer Check the System Troubleshooter for more
was unable to connect to the information.
database. Check that the external database is running
healthy and if there is any problem with the
network connectivity to the external
database server.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
156
 Cisco XCP File Transfer Manager RTMT Alarms and Counters

Alarm Problem Solution

XcpMFTDBFullError Cisco XCP File Transfer Check the database and assess if you can
Manager cannot insert or free up or recover any disk space.
modify data in the external Consider adding additional database
database because either the capacity.
disk or tablespace is full.

Cisco XCP MFT Counters

To help you administer managed file transfer, one new folder (Cisco XCP MFT Counters) and six new counters
have been added to the RTMT.

Counter Description
MFTBytesDownloadedLastTimeslice This counter represents the number of bytes downloaded during the
last reporting interval (typically 60 seconds).

MFTBytesUpoadedLastTimeslice This counter represents the number of bytes uploaded during the
last reporting interval (typically 60 seconds).

MFTFilesDownloaded This counter represents the total number of files downloaded.

MFTFilesDownloadedLastTimeslice This counter represents the number of files downloaded during the
last reporting interval (typically 60 seconds).

MFTFilesUploaded This counter represents the total number of files uploaded.

MFTFilesUploadedLastTimeslice This counter represents the number of files uploaded during the last
reporting interval (typically 60 seconds).

Configure XCP File Transfer Manager Alarms

Procedure

Step 1 Log in to Cisco Unified IM and Presence Serviceability.

Step 2 Choose Alarm > Configuration.
Step 3 Choose the server (node) to configure the alarm from the Server drop-down list, and click Go.
Step 4 Choose IM and Presence Services from the Service Group drop-down list, and click Go.
Step 5 Choose Cisco XCP File Transfer Manager (Active) from the Service drop-down list, and click Go.
Step 6 Configure the alarm settings as preferred and click Save.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
157
 Managed File Transfer Workflow

Managed File Transfer Workflow

Procedure

Command or Action Purpose

Step 1 Set up an external database, see Database The external database is a repository that stores the
Setup for IM and Presence Service on Cisco metadata associated with archived files.
Unified Communications Manager at this
link.
Step 2 Configure an External Database Instance on Provides the steps required to connect the IM and
IM and Presence Service, on page 158 Presence Service node to an external database.
Step 3 Set Up an External File Server, on page 160 Provides the steps to configure an external Linux
file server.
Step 4 Configure an External File Server Instance Provides the steps required to connect the IM and
on IM and Presence Service, on page 163 Presence Service node to an external file server.
Step 5 Enable Managed File Transfer on IM and Contains the set of instructions to enable the
Presence Service, on page 166 managed file transfer feature on the IM and
Presence Service node. Provides ways to link the
node to the external database and to link the node
to the external file server.

Configure an External Database Instance on IM and Presence Service

Perform this configuration on the IM and Presence Service database publisher node of your cluster.

Before You Begin

• Install and configure an external database, see Database Setup for IM and Presence Service on Cisco
Unified Communications Manager at this link.
• Obtain the hostname or IP address of the external database.
• If using Oracle as your database, retrieve the tablespace value.
To determine the tablespace available for your Oracle database, execute the following query as sysdba:
SELECT DEFAULT_TABLESPACE FROM DBA_USERS WHERE USERNAME = 'UPPER_CASE_USER_NAME';

Procedure

Step 1 Log in to the Cisco Unified CM IM and Presence Administration user interface. Choose Messaging >
External Server Setup > External Databases.
Step 2 Click Add New.
Step 3 In the External Database Settings window, enter the following fields and click Save.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
158
 Managed File Transfer Workflow

Field Description
Database Name Enter the name of the database that was defined during the external database
installation.
Note If you are using Oracle, this value must match the Windows service
name.
Database Type From the drop-down list choose the database type: Postgres or Oracle.
Note If Oracle is chosen as the database type, the Enable SSL check box and the
Tablespace field become active.
Tablespace Enter the tablespace value.

User Name Enter the user name for the database user (owner) that you defined during external
database installation.

Password Enter and confirm the password for the database user.

Hostname Enter the hostname or IP address for the external database.

Port Number Enter a port number for the external database.

Note The default port numbers for Postgres (5432), Oracle (1521), and Oracle
with SSL enabled (2484) are prepopulated in the Port Number field. You
can choose to enter a different port number if required.
Enable SSL Check the check box if you want to enable SSL.
• The check box becomes enabled when Oracle is chosen as the Database Type.
The option is not available with Postgres databases.
• When you change either the Enable SSL check box, or the Certificate Name
drop-down field, or both, a notification to restart the corresponding service
(Cisco XCP Message Archiver or Cisco XCP Text Conference Manager)
assigned to the external database is sent.

Certificate Name From the drop-down list, choose a certificate.

• The drop-down list becomes active when the Enable SSL check box is checked.
• The certificate you need to enable SSL must be uploaded to the cup-xmpp-trust
store.
• After the certificate is uploaded to the cup-xmpp-trust store, you must wait 15
minutes for the certificate to propagate to all the nodes of the IM and Presence
Service cluster. If you do not wait, the SSL connection on nodes where the
certificate has not propagated fails.
• If the certificate is missing or deleted from the cup-xmpp-trust store, an alarm
XCPExternalDatabaseCertificateNotFound is raised in the Cisco Unified
Communications Manager Real Time Monitoring Tool (RTMT).

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
159
 Managed File Transfer Workflow

After you click Save, IM and Presence Service provides the following status information on an external
database:
• Database reachability—verifies that IM and Presence Service can ping an external database.
• Database connectivity—verifies that IM and Presence Service has successfully established an Open
Database Connectivity (ODBC) connection with the external database.
• Database schema verification—verifies that the external database schema is valid.

Postgres only: If you make a configuration change in the install_dir/data/pg_hba.conf file or

the install_dir/data/postgresql.conf file after you assign the external database, you should
verify the external database connection.

What to Do Next
Set Up an External File Server, on page 160

Related Topics
http://www.postgresql.org/docs/manuals/
http://www.oracle.com/pls/db111/portal.portal_db?selected=11

Set Up an External File Server

Prerequisites
Tasks to complete before you begin to set up an external file server:
• Install and configure an external database, see Database Setup for IM and Presence Service on Cisco
Unified Communications Manager at this link.
• Configure an External Database Instance on IM and Presence Service, on page 158

Before setting up users, directories, ownership, permissions and other tasks on the file server, complete these
steps.

Procedure

Step 1 Install a supported version of Linux.

Step 2 Verify the file server supports SSHv2 and OpenSSH 4.9 or later by entering one of the following commands
as root:
# telnet localhost 22

Trying ::1...

Connected to localhost.

Escape character is '^]'.

SSH-2.0-OpenSSH_5.3

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
160
 Managed File Transfer Workflow

Or
# ssh -v localhost

OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010

debug1: Reading configuration data /root/.ssh/config ...

...debug1: Local version string SSH-2.0-OpenSSH_5.3

...

Step 3 To allow private/public key authentication, make sure that you have the following fields in the
/etc/ssh/sshd_config file, set to yes.

• RSAAuthentication yes
• PubkeyAuthentication yes

If these are commented out in the file, the setting can be left alone.
Tip To enhance security, you can also disable password log in for the file transfer user (mftuser in our
example). This forces logging in only by SSH public/private key authentication.
Step 4 Cisco recommends that you create one or more separate partitions that are dedicated to file transfer storage
so that other applications that run on the server do not write to it. All file storage directories should be created
on these partitions. See the External File Server Requirements topic for more information.

What to Do Next
Set Up a User, on page 161

Related Topics
External File Server Requirements, on page 151

Set Up a User

Procedure

Step 1 On the file server as root, create a user who owns the file storage directory structure (our example uses mftuser)
and force creation of the home directory (-m).
# useradd -m mftuser

# passwd mftuser

Step 2 Switch to the mftuser.

# su mftuser

Step 3 Create a .ssh directory under the ~mftuser home directory that is used as a key store.
$ mkdir ~mftuser/.ssh/

Step 4 Create an authorized_keys file under the .ssh directory that is used to hold the public key text for each
managed file transfer enabled node.
$ touch ~mftuser/.ssh/authorized_keys

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
161
 Managed File Transfer Workflow

Step 5 Set the correct permissions for passwordless SSH to function.

$ chmod 700 ~mftuser (directory)

$ chmod 700 ~/.ssh (directory)

$ chmod 700 ~/.ssh/authorized_keys (file)
Note On some Linux systems these permissions may vary, depending on your SSH configuration.

What to Do Next
Set Up Directories, on page 162

Set Up Directories

Procedure

Step 1 Switch back to the root user.

$ exit

Step 2 Create a top-level directory structure (our example uses /opt/mftFileStore/) to hold directories for all of
the IM and Presence Service nodes that have managed file transfer enabled.
# mkdir -p /opt/mftFileStore/

Step 3 Give mftuser sole ownership of the /opt/mftFileStore/ directory.

# chown mftuser:mftuser /opt/mftFileStore/

Step 4 Give the mftuser sole permissions to the mftFileStore directory.

# chmod 700 /opt/mftFileStore/

Step 5 Switch to the mftuser.

# su mftuser

Step 6 Create a subdirectory under /opt/mftFileStore/ for each managed file transfer enabled node. (Later, when
you enable managed file transfer, you assign each directory to a node.)
$ mkdir /opt/mftFileStore/{node_1,node_2,node_3}

Note • These directories and paths are used in the External File Server Directory field that you enter
in the Deploy an External File Server on IM and Presence Service task.
• If you have multiple IM and Presence Service nodes writing to this file server, you must define
a target directory for each node, as we did in our example for three
nodes{node_1,node_2,node_3}.
• Within each node's directory, the transfer type subdirectories (im, groupchat, and persistent)
are automatically created by IM and Presence Service, as are all subsequent directories.

What to Do Next
Obtain the Public Key, on page 163

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
162
 Managed File Transfer Workflow

Obtain the Public Key

Procedure

Step 1 To retrieve the file server's public key, enter:

$ ssh-keyscan -t rsa host

Where host is the hostname, FQDN, or IP address of the file server.

Warning • To avoid a man-in-the-middle attack, where the file server public key is spoofed, you must
verify that the public key value that is returned by the ssh-keyscan -t rsa host command
is the real public key of the file server.
• On the file server go to the location of the ssh_host_rsa_key.pub file (in our system it is
under /etc/ssh/ ) and confirm the contents of the public key file, minus the host (the host
is absent in the ssh_host_rsa_key.pub file on the file server), matches the public key value
returned by the command ssh-keyscan -t rsa host.

Step 2 Copy the result of the ssh-keyscan -t rsa host command, not what is in the ssh_host_rsa_key.pub file.
Be certain to copy the entire key value, from the server hostname, FQDN, or IP address to the end.
Note In most cases the server key begins with the hostname or FQDN, although it may begin with an IP
address.
For example, copy:
hostname ssh-rsa AAAQEAzRevlQCH1KFAnXwhd5UvEFzJs...
...a7y49d+/Am6+ZxkLc4ux5xXZueL3GSGt4rQUy3rp/sdug+/+N9MQ==
(ellipses added).

Step 3 Save the result of the ssh-keyscan -t rsa host command to a text file. It is needed when you configure the
file server during the Deploy an External File Server on IM and Presence Service procedure.
Step 4 Open the authorized_keys file you created and leave it open. It is used in the Enable Managed File Transfer
on IM and Presence Service procedure.

What to Do Next
Configure an External File Server Instance on IM and Presence Service, on page 163

Configure an External File Server Instance on IM and Presence Service

The following procedure describes how to configure an external file server instance on IM and Presence
Service. You must configure one external file server instance for each node in your cluster that will have
managed file transfer enabled. The external file server instances do not need to be physical instances of the
external file server. However, be aware that for a given hostname, you must specify a unique external file
server directory path for each external file server instance. You can configure all the external file server
instances from the same node.

Before You Begin

• Install and configure an external database, see Database Setup for IM and Presence Service on Cisco
Unified Communications Manager at this link.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
163
 Managed File Transfer Workflow

• Configure an External Database Instance on IM and Presence Service, on page 158

• Set Up an External File Server, on page 160
• Obtain the following external file server information:
◦Hostname, FQDN, or IP address
◦Public key
◦Path to the file storage directory
◦User name

Procedure

Step 1 Log in to the Cisco Unified CM IM and Presence Administration user interface. Choose Messaging >
External Server Setup > External File Servers.
Step 2 Click Add New.
The External File Servers window appears.
Step 3 Enter the server details.
Field Description
Name Enter the name of the file server. Ideally the server name should be
descriptive enough to be instantly recognized.
Maximum characters: 128. Allowed values are alphanumeric, dash, and
underscore.

Host/IP Address Enter the hostname or IP address of the file server.

Note • The value entered for the Host/IP Address field must
match the beginning of the key that is entered for the
External File Server Public Key field (follows).
• If you change this setting, you must restart the Cisco XCP
Router service.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
164
 Managed File Transfer Workflow

Field Description
External File Server Public Key Paste the file server's public key (the key you were instructed to save
to a text file) in to this field.
If you did not save the key it can be retrieved from the file server by
running the command:
$ ssh-keyscan -t rsa host on the file server. Where host is the IP
address, hostname, or FQDN of the file server.
You must copy and paste the entire key text starting with the hostname,
FQDN, or IP address to the end. For example, copy:
extFileServer.cisco.com ssh-rsa
AAAQEAzRevlQCH1KFAnXwhd5UvEFzJs...
...a7y49d+/Am6+ZxkLc4ux5xXZueL3GSGt4rQUy3rp/sdug+/+N9MQ==
(ellipses added).
Important This value must begin with the hostname, FQDN, or IP
address that you entered for the Host/IP Address field. For
example, if extFileServer is used in the Host/IP Address
field, then this field must begin with extFileServer followed
by the entire rsa key.
External File Server Directory The path to the top of the file server directory hierarchy. For example,
/opt/mftFileStore/node_1/

User Name The user name of the external file server administrator.

Step 4 Repeat these steps to create an external file server instance for each node in the cluster that will have managed
file transfer enabled.
Step 5 Click Save.

File Server Troubleshooting Tests

After the file server is assigned, the following tests are automatically executed. This occurs when you enable
managed file transfer in the next procedure Enable Managed File Transfer on IM and Presence Service, on
page 166. When the file server is assigned and you have started the Cisco XCP File Transfer Manager service,
you should return to this section to verify the connection to the file server is trouble free.
The External File Server Status area displays a list of file server tests and results:
• Verify external file server reachability (pingable)
• Verify that external file server is listening for connections
• Verify external file server public key is correct
• Verify node public key is configured correctly on the external file server
• Verify external file server directory is valid

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
165
 Managed File Transfer Workflow

• Verify external file server has been mounted successfully

• Verify that free disk space is available on the file server

Tip • You can change the name of the file server configuration, not the file server itself, after it is assigned.
• If you had managed file transfer configured and you change existing settings, restarting the Cisco
XCP Router service restarts managed file transfer.
• If you change any other settings without changing them on the file server itself, file transfer stops
working and you receive a notification to restart the Cisco XCP Router service.
• If a database or file server failure occurs, a message is generated that specifies the failure. However,
the error response does not distinguish between database, file server, or some other internal failure.
The RTMT also generates an alarm if there is a database or file server failure, this alarm is independent
of whether a file transfer is occurring.

What To Do Next
Enable Managed File Transfer on IM and Presence Service, on page 166

Enable Managed File Transfer on IM and Presence Service

Before You Begin
Complete the following tasks before you enable managed file transfer:
• Set up an external database, see Database Setup for IM and Presence Service on Cisco Unified
Communications Manager at this link.
• Configure an External Database Instance on IM and Presence Service, on page 158
• Set Up an External File Server, on page 160
• Configure an External File Server Instance on IM and Presence Service, on page 163

Procedure

Step 1 Log in to Cisco Unified CM IM and Presence Administration, choose Messaging > File Transfer.
Step 2 In the File Transfer Configuration area of the The File Transfer window, choose either Managed File
Transfer or Managed and Peer-to-Peer File Transfer, depending on your deployment.
Step 3 Enter the Maximum File Size. If you enter 0, the maximum size (4GB) applies.
Note You must restart the Cisco XCP Router service for this change to take
effect.
Step 4 In the Managed File Transfer Assignment area, assign the external database and the external file server for
each node in the cluster.
a) External Database — From the drop-down list, choose the name of the external database.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
166
 Managed File Transfer Workflow

b) External File Server — From the drop-down list, choose the name of the external file server.
Step 5 Click Save.
After clicking Save a Node Public Key link, for each assignment, appears.
Step 6 For each node in the cluster that has managed file transfer enabled, you must copy the node's entire public
key to the external file server's authorized_keys file.
a) To display a node's public key, scroll down to the Managed File Transfer Assignment area and click the
Node Public Key link. Copy the entire contents of the dialog box including the node's IP address, hostname,
or FQDN.

Example:
ssh-rsa
yc2EAAAABIwAAAQEAp2g+S2XDEzptN11S5h5nwVleKBnfG2pdW6KiLfzu/sFLegioIIqA8jBguNY/...
...5s+tusrtBBuciCkH5gfXwrsFS0O0AlfFvwnfq1xmKmIS9W2rf0Qp+A+G4MVpTxHgaonw==
imp@imp_node
(ellipses added).
Warning • If the managed file transfer feature is configured and the File Transfer Type is changed
to either Disabled or Peer-to-Peer, all managed file transfer settings are deleted.
• A node’s keys are invalidated if the node is unassigned from the external database and
file server.

b) On the external file server, if it was not left open, open the ~mftuser/.ssh/authorized_keys file that
you created under the mftuser's home directory and (on a new line) append each node's public key.
Note The authorized_keys file must contain a public key for each managed file transfer enabled IM
and Presence Service node that is assigned to the file server.
c) Save and close the authorized_keys file.
Step 7 Ensure that the Cisco XCP File Transfer Manager service is active on all nodes where managed file transfer
is enabled.
This service only starts if an external database and an external file server have been assigned, and if the service
can connect to the database and mount the file server. Complete the following steps to check that the Cisco
XCP File Transfer Manager service is active on all managed file transfer enabled nodes:
a) On any node in the cluster, log in to the Cisco Unified IM and Presence Serviceability user interface.
b) Choose Tools > Service Activation.
c) Choose a server (node) and click Go.
d) Ensure the check box next to Cisco XCP File Transfer Manager is checked and that the Activation Status
is Activated.
If the above conditions are not met click Refresh. If the Activation Status remains the same after a Refresh,
go to Step 8.
e) Repeat steps c and d on all nodes where managed file transfer is enabled.
Step 8 If you are configuring the managed file transfer feature on a node for the first time, you must manually start
the Cisco XCP File Transfer Manager service, as follows:
a) On any node in the cluster, log in to the Cisco Unified IM and Presence Serviceability user interface.
b) Choose Tools > Control Center - Feature Activation
c) Choose a server (node) and click Go.
d) In the IM and Presence Services area, click the radio button next to Cisco XCP File Transfer Manager.
e) Click Start.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
167
 Troubleshooting Managed File Transfer

f) Repeat steps c-e for all nodes where managed file transfer is enabled. This should be the same as step f)
in step 9 below.
Step 9 (Optional) Configure the managed file transfer service parameters to define the threshold at which an RTMT
alarm is generated for the external file server disk space.
a) Log in to the node's Cisco Unified CM IM and Presence Administration user interface.
b) Choose System > Service Parameters.
c) Choose the Cisco XCP File Transfer Manager service for the node.
d) Enter the required percentage values for the External File Server Available Space Lower Threshold
and External File Server Available Space Upper Threshold service parameters.
e) Choose Save.
Step 10 Restart the Cisco XCP Router service.
a) On any node in the cluster, log in to the Cisco Unified IM and Presence Serviceability user interface.
b) Choose Tools > Control Center - Network Services.
c) Choose a server (node) and click Go.
d) In the IM and Presence Services area, click the radio button next to Cisco XCP Router.
e) Click Restart.
f) Repeat steps c-e for all nodes where managed file transfer is enabled.
Step 11 Verify that there are no problems with the external database setup and with the external file server setup.
• For the external database:
1 Log in to the node's Cisco Unified CM IM and Presence Administration user interface.
2 Choose Messaging > External Server Setup > External Databases.
3 Check the information provided in the External Database Status area.

• On the node where you need to verify that the external file server is assigned:
1 Log in to the node's Cisco Unified CM IM and Presence Administration user interface.
2 Choose Messaging > External Server Setup > External File Servers.
3 Check the information provided in the External File Server Status area.

Troubleshooting Managed File Transfer

If managed file transfer fails to start or you are experiencing problems with the feature, do the following:
1 Check the Cisco XCP File Transfer Manager service logs. Go to the IM and Presence Service Command
Line Interface (CLI) and enter the following command: file view activelog
epas/trace/xcp/log/AFTStartup.log

2 If the Cisco RTMT plugin is installed, check it for traces and syslog messages.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
168
 Cisco Jabber Client Interoperability

Cisco Jabber Client Interoperability

There are a number of configuration options for file transfers. You can configure one of the following file
transfer types on IM and Presence Service:
• Disabled—no file transfers are allowed.
• Peer-to-Peer—one-to-one file transfers are allowed, but files are not archived or stored on a server.
Group chat file transfer is not supported.
• Managed File Transfer—one-to-one and group file transfers are allowed. File transfers are logged to
a database and the transferred files are stored on a server. The client must also support managed file
transfer, otherwise no file transfers are allowed.
• Managed and Peer-to-Peer File Transfer—one-to-one and group file transfers are allowed. File
transfers are logged to a database and the transferred files are stored on a server only if the client supports
managed file transfer. If the client does not support managed file transfer, this option is equivalent to
the Peer-to-Peer option.

This section describes the file transfer functionality between Cisco Jabber pre-10.6 clients, or third party
clients, and Cisco Jabber 10.6 and later clients in the following scenarios:
• Single node deployment where Managed File Transfer is enabled.
• Single node deployment where Managed and Peer-to-Peer File Transfer is enabled.
• 2-node cluster deployment, where one node has Managed and Peer-to-Peer File Transfer enabled
and the other node has Peer-to-Peer enabled.
• 2-cluster deployment, where a node in one cluster has Managed and Peer-to-Peer File Transfer enabled
and a node in the other cluster has Peer-to-Peer enabled (for simplicity, this scenario assumes one node
per cluster).
• Group Chat in a 2-cluster deployment, where a node in one cluster has either Managed File Transfer
or Managed and Peer-to-Peer File Transferenabled and a node in the other cluster has Peer-to-Peer
enabled (for simplicity, this scenario assumes one node per cluster).

Single Node - Managed File Transfer

The following figure shows a single IM and Presence Service node that has Managed File Transfer (MFT)
enabled. Cisco Jabber Release 10.5 clients and Cisco Jabber Release 10.6 clients are registered to the IM and
Presence Service node.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
169
 Cisco Jabber Client Interoperability

In this deployment model, managed file transfers are only supported between Cisco Jabber Release 10.6
clients. Peer-to-peer file transfers are not allowed, regardless of the client release.

Single Node - Managed and Peer-to-Peer File Transfer

The following figure shows a single IM and Presence Service node that has Managed and Peer-to-Peer File
Transfer (MFT/P2P) enabled. Cisco Jabber Release 10.5 clients and Cisco Jabber Release 10.6 clients are
registered to the IM and Presence Service node.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
170
 Cisco Jabber Client Interoperability

In this deployment model, file transfers are allowed and are treated as either managed file transfers or
peer-to-peer file transfers depending on the client:
• File transfers between Cisco Jabber 10.5 clients are treated as peer-to-peer transfers.
• File transfers between Cisco Jabber 10.6 clients are treated as managed file transfers if the clients are
configured to support managed file transfers. However, you can change the client settings to treat file
transfers as peer-to-peer transfers.
• If a Cisco Jabber 10.5 client sends a file to a Cisco Jabber 10.6 client, it is treated as a peer-to-peer file
transfer.
• If a Cisco Jabber 10.6 client sends a file to a Cisco Jabber 10.5 client, it is treated as a peer-to-peer file
transfer if peer-to-peer is the default client preference and the Cisco Jabber 10.5 client is online. If the
10.5 client is offline, the file transfer is treated as a managed file transfer but the 10.5 client cannot
receive it.

Single Cluster - Mixed Nodes

The following figure shows a cluster with two IM and Presence Service nodes. Node 1 has Managed and
Peer-to-Peer File Transfer (MFT/P2P) enabled and Node 2 has Peer-to-Peer (P2P) enabled. Both nodes
have Cisco Jabber Release 10.5 clients and Cisco Jabber Release 10.6 clients registered to them.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
171
 Cisco Jabber Client Interoperability

In this deployment model, file transfers are allowed and are treated as either managed file transfers or
peer-to-peer file transfers depending on the client. Use the following legend to interpret the different file
transfer behaviours:
• P2P—file transfers are treated as peer-to-peer file transfers.
• MFT (P2P)—managed file transfer is the default client preference. However you can reconfigure the
clients to use peer-to-peer file transfers.
• P2P (MFT)—peer-to-peer is the default client preference. However, you can reconfigure the clients to
use managed file transfers.
• P2P (MFT if offline)—peer-to-peer is the default client preference and the recipient is online. If the
recipient is offline, it is treated as a managed file transfer by the sender but the recipient cannot receive
it.

Note A node that has Managed File Transfer enabled should not be deployed in a cluster with a node that has
Peer-to-Peer enabled. The recommended migration path is to configure the Peer-to-Peer nodes as
Managed and Peer-to-Peer File Transfer nodes and then change them to Managed File Transfer nodes.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
172
 Cisco Jabber Client Interoperability

Multiple Cluster - Mixed Nodes

The following figure shows a deployment with two clusters where a node in Cluster 1 has Managed and
Peer-to-Peer File Transfer (MFT) enabled and a node in Cluster 2 has Peer-to-Peer (P2P) enabled. Both
nodes have Cisco Jabber Release 10.5 clients and Cisco Jabber Release 10.6 clients registered to them.

In this deployment model, file transfers are allowed and are treated as either managed file transfers or
peer-to-peer file transfers depending on the client. Use the following legend to interpret the different file
transfer behaviours:
• P2P—file transfers are treated as peer-to-peer file transfers.
• MFT (P2P)—managed file transfer is the default client preference. However you can reconfigure the
clients to use peer-to-peer file transfers.
• P2P (MFT)—peer-to-peer is the default client preference. However, you can reconfigure the clients to
use managed file transfers.
• P2P (MFT if offline)—peer-to-peer is the default client preference and the recipient is online. If the
recipient is offline, it is treated as a managed file transfer by the sender but the recipient cannot receive
it.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
173
 Cisco Jabber Client Interoperability

Group Chat
The following figure shows a group chat scenario between two clusters, where a node in Cluster 1 has either
Managed File Transfer (MFT) or Managed and Peer-to-Peer File Transfer (MFT/P2P) enabled and a
node in Cluster 2 has Peer-to-Peer (P2P) enabled. Both nodes have Cisco Jabber Release 10.5 clients and
Cisco Jabber Release 10.6 clients registered to them.

In this scenario, managed file transfers are only supported between Cisco Jabber Release 10.6 clients.
Peer-to-peer file transfers are not allowed, regardless of the client release. Use the following legend to interpret
the different file transfer behaviours:
• MFT—managed file transfers are supported and the external file server of the sender’s home node is
used to serve the file upload and all the file downloads, regardless of which node the recipient is homed
on.
• X (MFT)—the default client preference is to not allow any file transfers. However, you can reconfigure
the client to support managed file transfers.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
174
 Cisco Jabber Client Interoperability

Mobile and Remote Access for Jabber Clients

For on-premise deployments, managed file transfer is the only supported file transfer option for Mobile and
Remote Access clients. For more information about Mobile and Remote Access via Cisco VCS see this link:
http://www.cisco.com/c/en/us/support/unified-communications/telepresence-video-communication-server-vcs/
products-installation-and-configuration-guides-list.html

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
175
 Cisco Jabber Client Interoperability

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
176
 CHAPTER 13
High Availability for Persistent Chat on IM and
Presence Service
• High Availability for Persistent Chat Overview, page 177
• High Availability for Persistent Chat Flows, page 178
• Enable and Verify High Availability for Persistent Chat, page 180
• External Database for Persistent Chat High Availability, page 181

High Availability for Persistent Chat Overview

From the current release the persistent chat feature is highly available. In the event of IM and Presence Service
node failure or Text Conferencing (TC) service failure, all persistent chat rooms hosted by that service are
automatically hosted by the backup node TC service. After failover jabber clients can seamlessly continue to
use the persistent chat rooms.
For further information on high availability, see the Configure Presence Redundancy Groups chapter of the
System Configuration Guide for Cisco Unified Communications Manager.
For this example there are three users: A, B, and C and three IM and Presence Service nodes: 1A, 2A, and
1B. Node 1A and Node 2A are part of the same Presence Redundancy Group and form a High Availability
(HA) pair. The users are assigned to the following nodes:
• User A is on Node 1A
• User B is on Node 2A
• User C is on Node 1B

1 Users A, B, and C are in a chat room hosted on Node 1A.

2 The Text Conferencing (TC) service fails on Node 1A.
3 The IM and Presence Service administrator starts a manual fallback.
4 Node 1B transitions to the HA state Failed Over with Critical Services not Running, before transitioning
to the HA state Running in Backup Mode.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
177
 High Availability for Persistent Chat Flows

5 In line with the HA Failover Model, User A is signed out automatically and is signed in to the backup
Node 1B.
6 Users B and C are not affected but continue to post messages to the chat room hosted on Node 2A.
7 Node 1A transitions to Taking Back and Node 2A transitions to Falling Back.
8 User A is signed out of Node 2A. Users B and C continue to use the persistent chat room, and once Fallback
has occurred the room is moved back to Node 1A.
9 Node 1B moves from the HA state Taking Back to Normal and it unloads its peer node rooms.
10 Node 1A moves from the HA state Failing Over to Normal and it reloads rooms associated with
pubalias.cisco.com.
11 User A signs in again to Node 1A, enters the persistent chat room and continues to read or post messages
to the room.

Table 17: Group Chat and Persistent Chat Restrictions

Feature Restriction
Chat with anonymous rooms If you are deploying chat via Cisco Jabber (either group chat or persistent
chat), make sure that the Rooms are anonymous by default and Room
owners can change whether or not rooms are anonymous options
are not selected in the Group Chat and Persistent Chat Settings
window. If either check box is checked, chat will fail

High Availability for Persistent Chat Flows

The following flows demonstrate the high availability for persistent chat flows for failover and failback.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
178
 High Availability for Persistent Chat Flows

Note For this enhancement the Text Conferencing (TC) service has been made a critical service. As a result,
the TC high availability failover flow remains the same even if the failover has been caused by the failure
of another critical service on the node, such as the Cisco XCP Router service.

Figure 12: High Availability for Persistent Chat Structure

High Availability for Persistent Chat Failover Flow

For this example there are three users: A, B, and C and three IM and Presence Service nodes: 1A, 2A, and
1B. Node 1A and Node 2A are part of the same Presence Redundancy Group and form a High Availability
(HA) pair. The users are assigned to the following nodes:
• User A is on Node 1A
• User B is on Node 2A
• User C is on Node 1B

1 Users A, B, and C are in a chat room hosted on Node 1A.

2 The Text Conferencing (TC) service fails on Node 1A.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
179
 Enable and Verify High Availability for Persistent Chat

3 After 90 seconds, the Server Recovery Manager (SRM) determines the failure of the TC critical service
and starts an automatic failover.
4 Node 1B transitions to the HA state Failed Over with Critical Services not Running, before transitioning
to the HA state Running in Backup Mode.
5 In line with the HA Failover Model, User A is signed out automatically and is signed in to the backup
Node 1B.
6 Users B and C are not affected but continue to post messages to the chat room hosted on Node 2A.
7 User A signs in again on Node 2A, enters the persistent chat room and continues to read or post messages
to the room.

High Availability for Persistent Chat Fallback Flow

For this example there are three users: A, B, and C and three IM and Presence Service nodes: 1A, 2A, and
1B. Node 1A and Node 2A are part of the same Presence Redundancy Group and form a High Availability
(HA) pair. The users are assigned to the following nodes:
• User A is on Node 1A
• User B is on Node 2A
• User C is on Node 1B

1 Users A, B, and C are in a chat room hosted on Node 1A.

2 The Text Conferencing (TC) service fails on Node 1A.
3 The IM and Presence Service administrator starts a manual fallback.
4 Node 1B transitions to the HA state Failed Over with Critical Services not Running, before transitioning
to the HA state Running in Backup Mode.
5 In line with the HA Failover Model, User A is signed out automatically and is signed in to the backup
Node 1B.
6 Users B and C are not affected but continue to post messages to the chat room hosted on Node 2A.
7 Node 1A transitions to Taking Back and Node 2A transitions to Falling Back.
8 User A is signed out of Node 2A. Users B and C continue to use the persistent chat room, and once Fallback
has occurred the room is moved back to Node 1A.
9 Node 1B moves from the HA state Taking Back to Normal and it unloads its peer node rooms.
10 Node 1A moves from the HA state Failing Over to Normal and it reloads rooms associated with
pubalias.cisco.com.
11 User A signs in again to Node 1A, enters the persistent chat room and continues to read or post messages
to the room.

Enable and Verify High Availability for Persistent Chat

To enable and verify that high availability for persistent chat is working correctly, carry out the steps in the
following procedure:

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
180
 External Database for Persistent Chat High Availability

Procedure

Step 1 Ensure that high availability is enabled in the presence redundancy group:
a) From Cisco Unified CM Administration, click System > Presence Redundancy Groups.
b) On the Find and List Presence Redundancy Groups window, click Find and choose the Presence
Redundancy Group you want to check.
c) On the Presence Redundancy Group Configuration window, ensure that the Enable High Availability
check box is checked.
Step 2 Ensure that persistent chat is enabled on the presence redundancy group:
a) From Cisco Unified CM IM and Presence Administration UI, click Messaging > Group Chat and
Persistent Chat.
b) On the Group Chat and Persistent Chat Settings window, ensure that the Enable Persistent Chat check
box is checked.
Step 3 Ensure that both presence redundancy group nodes are assigned to to the same external database. See image.
Step 4 To verify that high availability for persistent chat is enabled, check the System > Presence Topology window.
In the Node Status section of the Node Detail pane, in the Service Column, check that the Cisco XCP Text
Conference Manager entry has Yes in its Monitored column.
If it is a monitored service, this means that it is a critical service and that high availability has been successfully
enabled. If it is not, then check that your presence redundancy group has been configured correctly.

External Database for Persistent Chat High Availability

The Persistent Chat High Availability feature is supported on PostgreSQL and Oracle External Databases.
This section describes the software support details.
• PostgreSQL
◦PostgreSQL installed on Red Hat 4.4.7-11, 64 bit.

• Oracle
◦Oracle, installed on Red Hat 4.4.7-11, 64 bit.

• Oracle High Availability Setup

◦Oracle 12c Enterprise edition Release 12.1.0.2.0, installed on Oracle7 OS.
(IM and Presence Service nodes in the Presence Redundancy Group must point to the SCAN
address of the Oracle HA setup.)

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
181
 External Database for Persistent Chat High Availability

Note For information on supported versions, refer to the External Database Setup Requirements section of the
Database Setup Guide for IM and Presence Service.

Figure 13: Oracle High Availability Setup

Merge External Database Tables

The External Database Merge Tool allows persistent chat data which is stored on multiple external database
partitions to be merged into a single database.
On earlier versions, each IM and Presence Service node in a presence redundancy group was assigned to a
unique external database. From the current release, to enable High Availability for Persistent Chat, nodes in
a presence redundancy group must be assigned to only one external database. The External Database Merge
Tool allows you to quickly combine these two databases.
The External Database Merge Tool can be used on Oracle and Postgres databases.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
182
 External Database for Persistent Chat High Availability

Note To use the External Database Merge Tool on an Oracle database, the Oracle SID field must have the same
value as the Database Name field. Otherwise, the merge will fail. For more information, see CSCva08935.

External Database Merge Tool

Use this procedure to merge the two databases in an IM and Presence Service presence redundancy group.

Before You Begin

• Ensure that the two source destination databases are assigned correctly to each IM and Presence Service
node in the presence redundancy group. This verifies that both of their schemas are valid.
• Back up the tablespace of the destination database.
• Ensure that there is enough space in the destination database for the new merged databases.
• Ensure that the database users, created for the the source and destination databases, have the permissions
to run these commands:
• CREATE TABLE

• CREATE PUBLIC DATABASE LINK

If your database users do not have these permissions, you can use these commands to grant them:
◦GRANT CREATE TABLE TO <user_name>;

◦GRANT CREATE PUBLIC DATABASE LINK TO <user_name>;

Procedure

Step 1 Sign in to Cisco Unified CM IM and Presence Administration on the IM and Presence Service publisher
node.
Step 2 Stop the Cisco XCP Text Conference Service on the System > Services window for each IM and Presence
Service node in the presence redundancy group.
Step 3 Click Messaging > External Server Setup > External Database Jobs.
Step 4 Click Find if you want to see the list of merge jobs. Choose Add Merge Job to add a new job.
Step 5 On the Merging External Databases window, enter the following details:
• Choose Oracle or Postgres from the Database Type drop-down list.
• Choose the IP address and hostname of the two source databases and the destination database that will
contain the merged data.

If you chose Oracle as the Database Type enter the tablespace name and database name. If you chose Postgres
as the Database Type you provide the database name.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
183
 External Database for Persistent Chat High Availability

Step 6 In the Feature Tables pane, the Text Conference(TC) check-box is checked by default. For the current release,
the other options are not available.
Step 7 Click Validate Selected Tables.
Note If the Cisco XCP Text Conference service has not been stopped you receive an error message. Once
the service has been stopped, validation will complete.
Step 8 If there are no errors in the Validation Details pane, click Merge Selected Tables.
Step 9 When merging has completed successfully, the Find And List External Database Jobs window is loaded.
Click Find to refresh the window and view the new job.
Click the ID of the job if you want to view its details.

Step 10 Restart the Cisco XCP Router service.

Step 11 Start the Cisco XCP Text Conference Service on both IM and Presence Service nodes.
Step 12 You must reassign the newly merged external database (destination database) to the presence redundancy
group.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
184
 CHAPTER 14
Multiple Device Messaging
• Multiple Device Messaging Overview, page 185
• Enable Multiple Device Messaging , page 187
• Counters for Multiple Device Messaging, page 187

Multiple Device Messaging Overview

With Multiple Device Messaging (MDM), you can have your one-to-one instant message (IM) conversations
tracked across all devices on which you are currently signed in. If you are using a desktop client and a mobile
device, which are both MDM enabled, messages are sent, or carbon copied, to both devices. Read notifications
are also synchronized on both devices as you participate in a conversation.
For example, if you start an IM conversation on your desktop computer, you can continue the conversation
on your mobile device after moving away from your desk. See Multiple Device Messaging Flow, on page
186.
MDM supports quiet mode, which helps to conserve battery power on your mobile devices. The Jabber client
turns quiet mode on automatically when the mobile client is not being used. Quiet mode is turned off when
the client becomes active again.
MDM maintains compatibility with the Cisco XCP Message Archiver service and other third-party clients
which do not support MDM.
MDM is supported by all Jabber clients from version 11.7 and higher.
The following limitations apply:
• Clients must be signed-in - Signed-out clients do not display sent or received IMs or notifications.
• File transfer is only available on the active device which sent or received the file.
• Group chat is only available on the device which joined the chat room.
• MDM is not supported on clients which connect to IM and Presence Service from the cloud through
Cisco Expressway, on Expressway versions prior X8.8.

For further information on how MDM operates, see the following two flows:

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
185
 Multiple Device Messaging Overview

Multiple Device Messaging Flow

This flow describes how messages and notifications are handled when a user, Alice, has MDM enabled on
her laptop and mobile device.
1 Alice has a Jabber client open on her laptop, and is also using Jabber on her mobile device.
2 Alice receives an instant message (IM) from Bob.
Her laptop receives a notification and displays a new message indicator. Her mobile device receives a new
message with no notification.

Note IMs are always sent to all MDM-enabled clients. Notifications are displayed either on the active Jabber
client only or, if no Jabber client is active, notifications are sent to all Jabber clients.

3 Alice chats with Bob for 20 minutes.

Alice uses her laptop as normal to do this, while on her mobile device new messages are received and are
marked as read. No notifications are sent to her mobile device.
4 When Alice receives three chat messages from a third user, Colin, Alice's devices behave as they did in
step 2.
5 Alice does not respond, and closes the lid on her laptop. While on the bus home Alice receives another
message from Bob.
In this case, both her laptop and mobile device receive a new message with notifications.
6 Alice opens her mobile device, where she finds the new messages sent from Bob and Colin. These messages
have also been sent to her laptop.
7 Alice reads through her messages on her mobile device, and as she does so, messages are marked as read
on both her laptop and on her mobile device.

Multiple Device Messaging Quiet Mode Flow

This flow describes the steps Multiple Device Messaging uses to enable quiet mode on a mobile device.
1 Alice is using Jabber on her laptop and also on her mobile device. She reads a message from Bob and
sends a response message using Jabber on her laptop.
2 Alice starts using another application on her mobile device. Jabber on her mobile device continues working
in the background.
3 Because Jabber on her mobile device is now running in the background, quiet mode is automatically
enabled.
4 Bob sends another message to Alice. Because Alice's Jabber on her mobile device in quiet mode, messages
are not delivered. Bob’s response message to Alice is buffered.
5 Message buffering continues until one of these triggering events occur:
• An <iq> stanza is received.
• A <message> stanza is received when Alice has no other active clients currently operating on any
other device.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
186
 Enable Multiple Device Messaging

Note An active client is the last client that sent either an Available presence status or an instant
message in the previous five minutes.

• The buffering limit is reached.

6 When Alice returns to Jabber on her mobile device, it becomes active again. Bob's message, which had
been buffered is delivered, and Alice is able to view it.

Enable Multiple Device Messaging

Multiple Device Messaging is enabled by default. You can use this procedure to disable or enable the feature.

Procedure

Step 1 In Cisco Unified CM IM and Presence Administration, choose System > Service Parameters.
Step 2 From the Server drop-down list, choose the IM and Presence Service Publisher node.
Step 3 From the Service drop-down list, choose Cisco XCP Router (Active).
Step 4 Choose Enabled or Disabled, from the Enable Multi-Device Messaging drop-down list.
Step 5 Click Save.
Step 6 Restart the Cisco XCP Router service.

Counters for Multiple Device Messaging

Multiple Device Messaging (MDM) uses the following counters from the Cisco XCP MDM Counters Group:

Table 18: Counter Group: Cisco XCP MDM Counters

Counter Name Description

MDMSessions The current number of MDM enabled sessions.

MDMSilentModeSessions The current number of sessions in silent mode.

MDMQuietModeSessions The current number of sessions in quiet mode.

MDMBufferFlushes The total number of MDM buffer flushes.

MDMBufferFlushesLimitReached The total number of MDM buffer flushes due to

reaching the overall buffer size limit.

MDMBufferFlushPacketCount The number of packets flushed in the last timeslice.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
187
 Counters for Multiple Device Messaging

Counter Name Description

MDMBufferAvgQueuedTime The average time in seconds before the MDM buffer
is flushed.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
188
PART IV
Administration
• Chat Setup and Management, page 191
• End User Setup and Handling, page 209
• User Migration, page 229
• Multilingual Support Configuration For IM and Presence Service, page 235
 CHAPTER 15
Chat Setup and Management
• Chat Deployments, page 191
• Chat Administration Settings, page 193
• Chat Node Alias Management, page 199
• Chat Room Management, page 203
• Group Chat and Persistent Chat Restrictions, page 208

Chat Deployments
You can set up chat for different deployment scenarios. Sample deployment scenarios are available.

Chat Deployment Scenario 1

Deployment Scenario: You do not want to include the Cluster ID in the chat node alias. Instead of the
system-generated alias conference-1-mycup.cisco.com, you want to use
the alias primary-conf-server.cisco.com.

Configuration Steps:
1 Choose Messaging > Group Chat and Persistent Chat to turn off the
system-generated alias. (This is on by default).
2 Edit the alias and change it to primary-conf-server.cisco.com.

Notes: When you turn off the old system-generated alias,

conference-1-mycup.cisco.com reverts to a standard, editable alias listed
under Group Chat Server Aliases. This maintains the old alias and the chat room
addresses associated with that alias.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
191
 Chat Deployments

Chat Deployment Scenario 2

Deployment You want to:
Scenario:
• change the Domain from cisco.com to linksys.com and use
conference-1-mycup.linksys.com instead of conference-1-mycup.cisco.com.
• maintain the address of existing persistent chat rooms in the database so that users
can still find old chat rooms of type [email protected].

Configuration
1 Log in to Cisco Unified CM IM and Presence Administration, choose Presence
Steps:
> Settings Topology > Advanced Configuration.
2 See the related topics for more information about how to edit the default IM and
Presence Service domain.

Notes: When you change the domain, the fully qualified cluster name (FQDN) automatically
changes from conference-1-mycup.cisco.com to conference-1-mycup.linksys.com. The
old system-generated alias conference-1-mycup.cisco.com reverts to a standard, editable
alias listed under Group Chat Server Aliases. This maintains the old alias and the chat
room addresses associated with that alias.

Related Topics
IM and Presence Service Default Domain Configuration

Chat Deployment Scenario 3

Deployment You:
Scenario:
• want to change the Cluster ID from mycup to ireland to use
conference-1-ireland.cisco.com instead of conference-1-mycup.cisco.com.
• do not need to maintain the address of existing persistent chat rooms in the database.

Configuration
1 Choose Cisco Unified CM IM and Presence Administration > Presence > Settings
Steps:
> Standard Configuration.
2 Edit the Cluster ID and change it to ireland.
3 Choose Messaging > Group Chat Server Alias Mapping.
4 Delete the old alias conference-1-mycup.cisco.com.

Notes: When you change the Cluster ID, the fully qualified cluster name (FQDN) automatically
changes from conference-1-mycup.cisco.com to conference-1-ireland.cisco.com. The
old system-generated alias conference-1-mycup.cisco.com reverts to a standard, editable
alias listed under Group Chat Server Aliases. This maintains the old alias and the chat

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
192
 Chat Administration Settings

room addresses associated with that alias. Because (in this example) the Administrator
has no need to maintain the old alias address, it is appropriate to delete it.

Chat Deployment Scenario 4

Deployment You want to:
Scenario:
• delete a node associated with an existing alias from the System Topology, for
example, conference-3-mycup.cisco.com.
• add a new node with a new node ID (node id: 7) to the System Topology, for
example, conference-7-mycup.cisco.com.
• maintain the address of chat rooms that were created using the old alias.

Configuration Option 1
Steps:
1 Choose Cisco Unified CM IM and Presence Administration > Messaging > Group
Chat Server Alias Mapping.
2 Click Add New to add the additional alias, conference-3-mycup.cisco.com.

Option 2
1 Choose Messaging > Group Chat and Persistent Chat and turn off the default
system-generated alias, conference-7-mycup.cisco.com. (This is on by default).
2 Edit the alias and change it to conference-3-mycup.cisco.com.

Notes: When you add the new node to the System Topology, the system automatically assigns
this alias to the node: conference-7-mycup.cisco.com.
Option 1
• If you add an additional alias, the node is addressable via both aliases,
conference-7-mycup.cisco.com and conference-3-mycup.cisco.com.

Option 2
• If you turn off the old system-generated alias, conference-7-mycup.cisco.com reverts
to a standard, editable alias listed under Group Chat Server Aliases.

Chat Administration Settings

Change IM Gateway Settings

You can configure IM Gateway settings for IM and Presence Service.
The SIP-to-XMPP connection on the IM and Presence Service IM Gateway is enabled by default. This allows
IM interoperability between SIP and XMPP clients so that users of SIP IM clients can exchange bi-directional

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
193
 Chat Administration Settings

IMs with users of XMPP IM clients. We recommend that you leave the IM Gateway Status parameter on;
however, you can turn off the IM Gateway Status parameter to prevent XMPP and SIP clients from
communicating with each other.
You can also change the default inactive timeout interval of IM conversations, as well as select the error
message that gets displayed if the IM fails to get delivered.
Restriction
SIP clients cannot participate in chat rooms because this is an XMPP-specific feature.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > System > Service Parameters.
Step 2 Choose an IM and Presence Service node from the Server menu.
Step 3 Choose Cisco SIP Proxy as the service on the Service Parameter Configuration window.
Step 4 Do one of the following actions:
a) Set IM Gateway Status to On in the SIP XMPP IM Gateway (Clusterwide) section to enable this feature.
b) Set IM Gateway Status to Off in the SIP XMPP IM Gateway (Clusterwide) section to disable this feature.
Step 5 Set the Inactive Timeout interval (in seconds) of IM conversations maintained by the gateway. The default
setting is 600 seconds, which is appropriate to most environments.
Step 6 Specify the error message that you want users to see if the IM fails to deliver. Default error message: Your
IM could not be delivered.
Step 7 Click Save.

What to Do Next
Proceed to configure the persistent chat room settings.

Limit Number Of Sign-In Sessions

Administrators can limit the number of sign-in sessions per user on the Cisco XCP Router. This parameter is
applicable to XMPP clients only.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > System > Service Parameters.
Step 2 Choose an IM and Presence Service node from the Server menu.
Step 3 Choose Cisco XCP Router as the service in the Service Parameter Configuration window.
Step 4 Enter a parameter value in the Maximum number of logon sessions per user in the XCP Manager
Configuration Parameters (Clusterwide) area.
Step 5 Click Save.
Step 6 Restart the Cisco XCP Router Service.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
194
 Chat Administration Settings

Related Topics
Restart Cisco XCP Router Service, on page 60

Configure Persistent Chat Room Settings

You need only configure persistent chat settings if you use persistent chat rooms as opposed to temporary
(ad-hoc) chat rooms. This configuration is specific to persistent chat and has no impact on IM archiving for
regulatory compliance.
Restriction
SIP clients cannot participate in chat rooms because this is an XMPP-specific feature.

Before You Begin

• To use persistent chat rooms, you must configure a unique external database instance per node.
• If you use an external database for persistent chat logging, consider the size of your database. Archiving
all the messages in a chat room is optional, and will increase traffic on the node and consume space on
the external database disk. In large deployments, disk space could be quickly consumed. Ensure that
your database is large enough to handle the volume of information.
• Before you configure the number of connections to the external database, consider the number of IMs
you are writing offline and the overall volume of traffic that results. The number of connections that
you configure will allow the system to scale. While the default settings on the UI suit most installations,
you may want to adapt the parameters for your specific deployment.
• The heartbeat interval is typically used to keep connections open through firewalls. Do not set the
Database Connection Heartbeat Interval value to zero without contacting Cisco support.

Procedure

Step 1 Select Cisco Cisco Unified Communications Manager IM and Presence Administration > Messaging >
Group Chat and Persistent Chat.
Step 2 Check Enable Persistent Chat.
Note This is a cluster-wide setting. If persistent chat is enabled on any node in the cluster, clients in any
cluster will be able to discover the Text Conference instance on the node and chat rooms hosted on
that node.
Users on a remote cluster can discover Text Conference instances and rooms on the local cluster
even if Persistent Chat is not enabled on the remote cluster.
Step 3 (Optional) Specify how to store chat room messages, if required:
a) Check Archive all room messages if you want to archive all the messages that are sent in the room. This
is a cluster-wide setting that applies to all persistent chat rooms.
b) Enter the number of connections to the database that you to want to use for processing requests. This is a
cluster-wide setting that applies to all connections between chat nodes and associated databases.
c) Enter the number of seconds after which the database connection should refresh. This is a cluster-wide
setting that applies to all connections between chat nodes and associated databases.
Step 4 Select from the list of preconfigured external databases and assign the appropriate database to the chat node.
Tip Click the hyperlink if you need to edit the chat node details in the Cluster Topology Details window.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
195
 Chat Administration Settings

Step 5 Leave the Rooms are anonymous by default and Room owners can change whether or not rooms are
anonymous check boxes unchecked. Chat fails if either option is selected.
Step 6 If you update any of the Persistent Chat settings, choose Cisco Unified IM and Presence Serviceability >
Tools > Control Center - Feature Services to restart the Cisco XCP Text Conference Manager service.
• If you turn on the Archive all messages in a room setting, Cisco recommends that you monitor the
performance of each external database used for persistent chat. You should anticipate an increased load
on the database server(s).
• If you enable persistent chat rooms, but do not establish the correct connection with the external database,
the TC service will shut down. Under these circumstances, you will lose the functionality of all chat
rooms - both temporary and persistent. If a chat node establishes a connection (even if other chat nodes
fail), it will still start.

What to Do Next
Proceed to turn on Cisco XCP Text Conference Manager.

Related Topics
Change IM Gateway Settings, on page 193
Chat Node Alias Management, on page 199

Enable Persistent Chat

Configure persistent chat settings only if you use persistent chat rooms as opposed to temporary (ad hoc) chat
rooms. This configuration is specific to persistent chat and has no impact on IM archiving for regulatory
compliance.

Before You Begin

• To use persistent chat rooms, you must configure a unique external database instance for each node.

Important You must have an external database assigned for each node.

• If you are using an Oracle external database, you need to update the patch for the known Oracle defect:
ORA-22275. If this is not done persistent chat rooms will not work properly.
• If you use an external database for persistent chat logging, consider the size of your database. Archiving
all the messages in a chat room is optional, and will increase traffic on the node and consume space on
the external database disk. In large deployments, disk space could be quickly consumed. Ensure that
your database is large enough to handle the volume of information.
• Archiving all room joins and leaves is optional, because it increases traffic and consumes space on the
external database server.
• Before you configure the number of connections to the external database, consider the number of IMs
you are writing and the overall volume of traffic that results. The number of connections that you
configure will allow the system to scale. While the default settings on the UI suit most installations, you
may want to adapt the parameters for your specific deployment.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
196
 Chat Administration Settings

• The heartbeat interval is typically used to keep connections open through firewalls. Do not set the
Database Connection Heartbeat Interval value to zero without contacting Cisco support.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Messaging > Group Chat and Persistent
Chat.
Step 2 Check the check box to Enable Persistent Chat.
Step 3 (Optional) Check the check box Archive all room joins and exits, if you want to log all instances of users
joining and leaving a room. This is a cluster-wide setting that applies to all persistent chat rooms.
Step 4 (Optional) Check the check box Archive all room messages, if you want to archive all the messages that
are sent in the room. This is a cluster-wide setting that applies to all persistent chat rooms.
Step 5 (Optional) Check the check box Allow only group chat system administrators to create persistent chat
rooms, if you want to ensure that persistent chat rooms are created only by group chat system administrators.
This is a cluster-wide setting that applies to all persistent chat rooms.
To configure group chat system administrators, choose Messaging > Group chat system administrators.
Step 6 Enter the maximum number of persistent chat rooms that are allowed in the Maximum number of persistent
chat rooms allowed field. The default value is set to 1500.
Important You must ensure that there is sufficient space on the external database. Having a large number
of chat rooms impacts resources on the external database.
Step 7 Enter the number of connections to the database that you to want to use for processing requests in the Number
of connections to the database field. The default is set to 5. This is a cluster-wide setting that applies to all
connections between chat nodes and associated databases.
Step 8 Enter the number of seconds after which the database connection should refresh in the Database connection
heartbeat interval (seconds) field. The default is set to 300. This is a cluster-wide setting that applies to all
connections between chat nodes and associated databases.
Step 9 Enter the number of minutes after which the chat room should time out in the Timeout value for persistent
chat rooms (minutes) field. The default is set to 0. The timeout is used to check whether a chat room is idle
and empty. If the room is found to be idle and empty, the room is closed. With the default value set to 0, the
idle check is disabled.
Step 10 Choose from the list of preconfigured external databases and assign the appropriate database to the chat node.
• If you turn on the Archive all room joins and exits setting, Cisco recommends that you monitor the
performance of each external database that is used for persistent chat. Expect an increased load on the
database servers.
• If you turn on the Archive all room messages setting, Cisco recommends that you monitor the
performance of each external database that is used for persistent chat. Expect an increased load on the
database servers.
• If you enable persistent chat rooms but do not establish the correct connection with the external database,
the chat node will fail. Under these circumstances, you will lose the functionality of all chat rooms, both
temporary and persistent. If a chat node establishes a connection (even if other chat nodes fail), it will
still start.
• To edit the Cisco Unified Communications Manager IM and Presence Service node details in the Cluster
Topology Details window, click the hyperlink.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
197
 Chat Administration Settings

Step 11 Click Save.

Step 12 Restart the Cisco XCP Router on all nodes in the cluster by choosing Cisco Unified IM and Presence
Serviceability > Tools > Control Center - Network Services.
Note the following:
• If the Cisco XCP Text Conference Manager service was already running, it will automatically restart
when you restart the Cisco XCP Router.
• If the Cisco XCP Text Conference Manager service was not already running, you must start it after the
Cisco XCP Router has restarted. To start the Cisco XCP Text Conference Manager service, choose Cisco
Unified IM and Presence Serviceability > Tools > Control Center - Feature Services.

Note After you have enabled persistent chat, if you subsequently want to update any of the persistent chat
settings, only the following non-dynamic settings require a Cisco XCP Text Conference Manager restart:
• Number of connections to the database
• Database connection heartbeart interval (seconds)

Related Topics
Restart Cisco XCP Text Conference Manager Service

Configure Group Chat System Administration

Procedure

Step 1 Choose Messaging > Group Chat System Administrators.

Step 2 Check Enable Group Chat System Administrators.
You must restart the Cisco XCP Router when the setting is enabled or disabled. Once the System Administrator
setting is enabled, you can add system administrators dynamically.

Step 3 Click Add New.

Step 4 Enter an IM address.

Example:
The IM address must be in the format of name@domain .

Step 5 Enter a nickname.

Step 6 Enter a description.
Step 7 Click Save.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
198
 Chat Node Alias Management

Group Chat and Persistent Chat Default Settings Configuration and Reversion
You can change the default enhanced ad hoc and persistent chat settings. To revert all settings back to their
default values, click Set to Default.

Note To allow chat room owners to change a setting, check the Room owners can change check box on the
node. The room owner can then configure such settings as they wish and those settings are applicable to
the room they are creating. The availability of configuring these settings from the client also depends on
the client implementation and whether the client is providing an interface in which to configure these
settings.

Chat Node Alias Management

Chat Node Aliases

Aliases create a unique address for each chat node so that users (in any domain) can search for specific chat
rooms on specific nodes, and join chat in those rooms. Each chat node in a system must have a unique alias.

Note This chat node alias, conference-3-mycup.cisco.com, for example, will form part of the unique
ID for each chat room created on that node, [email protected]

You can assign your aliases cluster-wide, in these ways:

• System-generated - allows the system to automatically assign a unique alias to each chat node.You do
not have do to anything further to address your chat node if you enable the system-generated aliases.
The system will auto-generate one alias per chat node by default using the following naming convention:
conference-x-clusterid.domain, where:
◦conference - is a hardcoded keyword
◦x- is the unique integer value that denotes the node ID
◦Example: conference-3-mycup.cisco.com

• Manually - You may choose to override the default system-generated alias if the
conference-x-clusterid.domain naming convention does not suit your customer deployment,
for example, if you do not want to include the Cluster ID in your chat node alias. With manually-managed
aliases, you have complete flexibility to name chat nodes using aliases that suit your specific requirements.
• Additional Aliases - You can associate more than one alias with each chat node on a per-node basis.
Multiple aliases per node allows users to create additional chat rooms using these aliases. This applies
whether you assign a system-generated alias or manage your aliases manually.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
199
 Chat Node Alias Management

Key Considerations
Changing chat node aliases can make the chat rooms in the database unaddressable and prevent your users
from finding existing chat rooms.
Note these results before you change the constituent parts of aliases or other node dependencies:
• Cluster ID - This value is part of the fully qualified cluster name (FQDN). Changing the Cluster ID
(choose System > Presence Topology: Settings) causes the FQDN to incorporate the new value and
the system-managed alias to automatically change across the cluster. For manually-managed aliases, it
is the responsibility of the Administrator to manually update the alias list if the Cluster ID changes.
• Domain - This value is part of the FQDN. Changing the Domain (choose Presence > Presence Settings)
causes the FQDN to incorporate the new value and the system-managed alias to automatically change
across the cluster. For manually-managed aliases, it is the responsibility of the Administrator to manually
update the alias list if the Domain changes.
• Connection between the chat node and external database - The chat node will not start if persistent chat
is enabled and you do not maintain the correct connection with the external database.
• Deletion of a chat node — If you delete a node associated with an existing alias from the Presence
Topology, chat rooms created using the old alias may not be addressable unless you take further action.
• To ensure that the user has access to all the old chat rooms, take a backup of all the existing aliases
before deleting a node and assign the same alias to a new node.

We recommend that you do not change existing aliases without considering the wider implications of your
changes, namely:
• Make sure that you maintain the address of old chat nodes in the database so that users can locate existing
chat rooms via the old alias, if required
• If there is federation with external domains, you may need to publish the aliases in DNS to inform the
users in those domains that the aliases have changed and new addresses are available. This depends on
whether or not you want to advertise all aliases externally.

Related Topics
Chat Deployment Scenario 1, on page 191

Turn On or Off System-Generated Chat Node Aliases

Chat node aliases allow users in any domain to search for specific chat rooms on specific nodes, and join in
those chat rooms. IM and Presence Service automatically assign a unique, system-generated alias to each chat
node by default. No further configuration is needed to address your chat node when system-generated aliases
are used. The system automatically generates one alias per chat node using the default naming convention
conference-x-clusterid.domain.
If you want to manually assign chat node aliases, you must turn off the default system-generated alias setting.
If you turn off a system-generated alias, the existing alias (conference-x-clusterid.domain) reverts
to a standard, editable alias listed under Conference Server Aliases. See topics related to manually managed
chat node aliases for more information. For best practice guidelines, see the sample chat deployment scenarios

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
200
 Chat Node Alias Management

Before You Begin

• Review the topics about chat node aliases and key considerations.
• You cannot edit or delete a system-generated alias, for example, conference-3-mycup.cisco.com.

Procedure

Step 1 Log in to Cisco Unified CM IM and Presence Administration, choose Messaging > Group Chat and
Persistent Chat.
Step 2 Enable or disable system-generated aliases:
a) To enable the system to automatically assign chat room aliases to nodes using the naming convention
conference-x-clusterid.domain, check System Automatically Manages Primary Group
Chat Server Aliases
Tip Choose Messaging > Group Chat Server Alias Mapping to verify that the system-generated
alias is listed under Primary Group Chat Server Aliases.
b) To disable system-generated aliases, uncheck System Automatically Manages Primary Group Chat
Server Aliases.

What to Do Next
• Even if you configure a system-generated alias for a chat node, you can associate more than one alias
with the node if required.
• If you are federating with external domains, you may want to inform federated parties that the aliases
have changed and new aliases are available. To advertise all aliases externally, configure DNS and
publish the aliases as DNS records.
• If you update any of the system-generated alias configuration, perform one of these actions:

• Restart the Cisco XCP Text Conference Manager. Choose Cisco Unified IM and Presence Serviceability
> Tools > Control Center - Feature Services to restart this service

Related Topics
Chat Deployment Scenario 1, on page 191
Configure Persistent Chat Room Settings, on page 195

Manage Chat Node Aliases Manually

You can manually add, edit, or delete chat node aliases. To manually manage chat node aliases, you must turn
off the default setting, which uses system-generated aliases. If you turn off a system-generated alias, the
existing alias (conference-x-clusterid.domain) reverts to a standard, editable alias listed under Conference
Server Aliases. This maintains the old alias and the chat room addresses associated with that alias.
You can manually assign multiple aliases to chat nodes. Even if a system-generated alias already exists for a
chat node, you can associate additional aliases to the node manually.
For manually-managed aliases, it is the responsibility of the administrator to manually update the alias list if
the Cluster ID or domain changes. System-generated aliases will incorporate the changed values automatically.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
201
 Chat Node Alias Management

Note Although it is not mandatory, we recommend that you always include the domain when you assign a new
chat node alias to a node. Use this convention for additional aliases, newalias.domain. Choose Presence
Settings > Advanced Settings in Cisco Unified CM IM and Presence Administration to see the domain.

Before You Begin

Review topics related to chat node aliases and key considerations.

Procedure

Step 1 Log in to Cisco Unified CM IM and Presence Administration, choose Messaging > Group Chat and
Persistent Chat.
Step 2 Uncheck System Automatically Manages Primary Group Chat Server Aliases.
Step 3 All the existing chat node aliases are listed together under Group Chat Server Aliases. To view the alias list,
perform these actions:
a) Choose Messaging > Group Chat Server Alias Mapping.
b) Click Find.
Step 4 Complete one or more of the following actions as required:
Edit an existing alias (old system-generated or user-defined alias)
a) Click the hyperlink for any existing alias that you want to edit.
b) Edit the alias for the node in the Group Chat Server Alias field. Make sure the alias is unique for the node.
c) Choose the appropriate node to which you want to assign this changed alias.
Add a new chat node alias
a) Click Add New.
b) Enter a unique alias for the node in the Group Chat Server Alias field.
c) Choose the appropriate node to which you want to assign the new alias.
Delete an existing alias
a) Check the check box for the alias that you want to delete.
b) Click Delete Selected.
Troubleshooting Tips
• Every chat node alias must be unique. The system will prevent you from creating duplicate chat node
aliases across the cluster.
• A chat node alias name cannot match the IM and Presence domain name.
• Delete old aliases only if you no longer need to maintain the address of chat rooms via the old alias.
• If you are federating with external domains, you may want to inform federated parties that the aliases
have changed and new aliases are available. To advertise all aliases externally, configure DNS and
publish the aliases as DNS records.
• If you update any of the chat node alias configuration, restart the Cisco XCP Text Conference Manager.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
202
 Chat Room Management

What to Do Next
• Proceed to turn on the Cisco XCP Text Conference Manager.

Related Topics
Chat Deployments, on page 191

Turn on Cisco XCP Text Conference Manager

This procedure applies if you configure the persistent chat room settings, or manually add one or more aliases
to a chat node. You must also turn on this service if you want to enable ad hoc chat on a node.

Before You Begin

If persistent chat is enabled, an external database must be associated with the Text Conference Manager
service, and the database must be active and reachable or the Text Conference Manager will not start. If the
connection with the external database fails after the Text Conference Manager service has started, the Text
Conference Manager service will remain active and functional, however, messages will no longer be written
to the database and new persistent rooms cannot be created until the connection recovers.

Procedure

Step 1 Log in to Cisco Unified IM and Presence Serviceability, choose Tools > Control Center - Feature Services.
Step 2 Choose the node from the Server drop-down list and click Go.
Step 3 Click the radio button next to the Cisco XCP Text Conference Manager service in the IM and Presence Service
section to turn it on or click Restart to restart the service.
Step 4 Click OK when a message indicates that restarting may take a while.
Step 5 (Optional) Click Refresh if you want to verify that the service has fully restarted.

Related Topics
Configure Persistent Chat Room Settings, on page 195

Chat Room Management

Set Number of Chat Rooms

Use room settings to limit the number of rooms that users can create. Limiting the number of chat rooms will
help the performance of the system and allow it to scale. Limiting the number of rooms can also help mitigate
any possible service-level attacks.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
203
 Chat Room Management

Procedure

Step 1 To change the maximum number of chat rooms that are allowed, enter a value in the field for maximum
number of rooms allowed. The default is set to 16500.
Step 2 Click Save.

Configure Member Settings

Member settings allow system-level control over the membership in chat rooms. Such a control is useful for
users to mitigate service-level attacks that can be prevented by administrative actions such as banning. Configure
the member settings as required.

Procedure

Step 1 Check Rooms are for members only by default if you want rooms to be created as members-only rooms
by default. Members-only rooms are accessible only by users on a white list configured by the room owner
or administrator. The checkbox is unchecked by default.
Note The white list contains the list of members who are allowed in the room. It is created by the owner
or administrator of the members-only room.
Step 2 Check Room owners can change whether or not rooms are for members only if you want to configure
the room so that room owners are allowed to change whether or not rooms are for members only. The check
box is checked by default.
Note A room owner is the user who creates the room or a user who has been designated by the room creator
or owner as someone with owner status (if allowed). A room owner is allowed to change the room
configuration and destroy the room, in addition to all other administrator abilities.
Step 3 Check Only moderators can invite people to members-only rooms if you want to configure the room so
that only moderators are allowed to invite users to the room. If this check box is unchecked, members can
invite other users to join the room. The check box is checked by default.
Step 4 Check Room owners can change whether or not only moderators can invite people to members-only
rooms if you want to configure the room so that room owners can allow members to invite other users to the
room. The check box is checked by default.
Step 5 Check Users can add themselves to rooms as members if you want to configure the room so that any user
can request to join the room at any time. If this check box is checked, the room has an open membership. The
check box is unchecked by default.
Step 6 Check Room owners can change whether users can add themselves to rooms as members if you want to
configure the room so that room owners have the ability to change the setting that is listed in Step 5 at any
time. The check box is unchecked by default.
Step 7 Click Save.

Configure Availability Settings

Availability settings determine the visibility of a user within a room.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
204
 Chat Room Management

Procedure

Step 1 Check Members and administrators who are not in a room are still visible in the room if you want to
keep users on the room roster even if they are currently offline. The check box is checked by default.
Step 2 Check Room owners can change whether members and administrators who are not in a room are still
visible in the room if you want to allow room owners the ability to change the visibility of a member or
administrator. The check box is checked by default.
Step 3 Check Rooms are backwards-compatible with older clients if you want the service to function well with
older Group Chat 1.0 clients. The check box is unchecked by default.
Step 4 Check Room owners can change whether rooms are backwards-compatible with older clients if you
want to allow room owners the ability to control backward compatibility of the chat rooms. The check box
is unchecked by default.
Step 5 Check Rooms are anonymous by default if you want the room to display the user nickname but keep the
Jabber ID private. The check box is unchecked by default.
Step 6 Check Room owners can change whether or not rooms are anonymous if you want to allow room owners
to control the anonymity level of the user Jabber ID. The check box is unchecked by default.
Step 7 Click Save.

Configure Invite Settings

Invite settings determine who can invite users to a room based on the user's role. Roles exist in a
moderator-to-visitor hierarchy so, for instance, a participant can do anything a visitor can do, and a moderator
can do anything a participant can do.

Procedure

Step 1 From the drop-down list for Lowest participation level a user can have to invite others to the room, choose
one:
• Visitor allows visitors, participants, and moderators the ability to invite other users to the room.

• Participant allows participants and moderators the ability to invite other users to the room. This is the
default setting.

• Moderator allows only moderators the ability to invite other users to the room.

Step 2 Check Room owners can change the lowest participation level a user can have to invite others to the
room to allow room owners to change the settings for the lowest participation level that is allowed to send
invitations. The check box is unchecked by default.
Step 3 Click Save.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
205
 Chat Room Management

Configure Occupancy Settings

Procedure

Step 1 To change the system maximum number of users that are allowed in a room, enter a value in the field for
How many users can be in a room at one time. The default value is set to 1000.
Note The total number of users in a room should not exceed the value that you set. The total number of
users in a room includes both normal users and hidden users.
Step 2 To change the number of hidden users that are allowed in a room, enter a value in the field for How many
hidden users can be in a room at one time. Hidden users are not visible to others, cannot send a message
to the room, and do not send presence updates. Hidden users can see all messages in the room and receive
presence updates from others. The default value is 1000.
Step 3 To change the default maximum number of users that are allowed in a room, enter a value in the field for
Default maximum occupancy for a room. The default value is set to 50 and cannot be any higher than the
value that is set in Step 1.
Step 4 Check Room owners can change default maximum occupancy for a room if you want to allow room
owners to change the default maximum room occupancy. The check box is checked by default.
Step 5 Click Save.

Configure Chat Message Settings

Use Chat Message settings to give privileges to users based on their role. For the most part, roles exist in a
visitor-to-moderator hierarchy. For example, a participant can do anything a visitor can do, and a moderator
can do anything a participant can do.

Procedure

Step 1 From the drop-down list for Lowest participation level a user can have to send a private message from
within the room, choose one:
• Visitor allows visitors, participants, and moderators to send a private message to other users in the room.
This is the default setting.

• Participant allows participants and moderators to send a private message to other users in the room.

• Moderator allows only moderators to send a private message to other users in the room.

Step 2 Check Room owners can change the lowest participation level a user can have to send a private message
from within the room if you want to allow room owners to change the minimum participation level for
private messages. The check box is checked by default.
Step 3 From the drop-down list for Lowest participation level a user can have to change a room's subject, choose
one:
a) Participant allows participants and moderators to change the room's subject. This is the default setting.
b) Moderator allows only moderators to change the room's subject.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
206
 Chat Room Management

Visitors are not permitted to change the room subject.

Step 4 Check Room owners can change the lowest participation level a user can have to change a room's subject
if you want to allow room owners to change the minimum participation level for updating a room's subject.
The check box is checked by default.
Step 5 Check Remove all XHTML formatting from messages if you want to remove all Extensible Hypertext
Markup Language (XHTML) from messages. The check box is unchecked by default.
Step 6 Check Room owners can change XHTML formatting setting if you want to allow room owners to change
the XHTML formatting setting. The check box is unchecked by default.
Step 7 Click Save.

Configure Moderated Room Settings

Moderated rooms provide the ability for moderators to grant and revoke the voice privilege within a room (in
the context of Group Chat, voice refers to the ability to send chat messages to the room). Visitors cannot send
instant messages in moderated rooms.

Procedure

Step 1 Check Rooms are moderated by default if you want to enforce the role of moderator in a room. The check
box is unchecked by default.
Step 2 Check Room owners can change whether rooms are moderated by default if you want to allow room
owners the ability to change whether rooms are moderated. The check box is checked by default.
Step 3 Click Save.

Configure History Settings

Use History settings to set the default and maximum values of messages that are retrieved and displayed in
the rooms, and to control the number of messages that can be retrieved through a history query. When a user
joins a room, the user is sent the message history of the room. History settings determine the number of
previous messages that the user receives.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
207
 Group Chat and Persistent Chat Restrictions

Procedure

Step 1 To change the maximum number of messages that users can retrieve from the archive, enter a value in the
field for Maximum number of messages that can be retrieved from the archive. The default value is set
to 100. It serves as a limit for the next setting.
Step 2 To change the number of previous messages displayed when a user joins a chat room, enter a value in the
field for Number of messages in chat history displayed by default. The default value is set to 15 and cannot
be any higher than the value that is set in Step 1.
Step 3 Check Room owners can change the number of messages displayed in chat history if you want to allow
room owners to change the number of previous messages displayed when a user joins a chat room. The check
box is unchecked by default.
Step 4 Click Save.

Group Chat and Persistent Chat Restrictions

Table 19: Group Chat and Persistent Chat Restrictions

Feature Restriction
Chat with anonymous rooms If you are deploying chat via Cisco Jabber (either group chat or persistent
chat), make sure that the Rooms are anonymous by default and Room
owners can change whether or not rooms are anonymous options
are not selected in the Group Chat and Persistent Chat Settings
window. If either check box is checked, chat will fail

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
208
 CHAPTER 16
End User Setup and Handling
• End User Setup and Handling on IM and Presence Service, page 209
• Authorization Policy Setup On IM and Presence Service, page 209
• Bulk Rename User Contact IDs, page 212
• Bulk Export User Contact Lists, page 213
• Bulk Export Non-Presence Contact Lists, page 214
• Bulk Import Of User Contact Lists, page 216
• Bulk Import of User Non-Presence Contact Lists, page 220
• Duplicate User ID and Directory URI Management, page 222

End User Setup and Handling on IM and Presence Service

You can setup the authorization policy for IM and Presence Service end users, perform bulk user contact list
imports and exports, as well as manage duplicate and invalid end user instances.
For information about assigning users to IM and Presence Service nodes and to set up end users for IM and
Presence Service, see the following guides:
• Cisco Unified Communications Manager Administration Guide
• Cisco Unified Communications Manager Bulk Administration Guide
• Installing Cisco Unified Communications Manager

Authorization Policy Setup On IM and Presence Service

Automatic Authorization On IM and Presence Service

IM and Presence Service authorizes all presence subscription requests that it receives from SIP-based clients
in the local enterprise. A local user running a SIP-based client automatically receives the availability status
for contacts in the local enterprise, without being prompted to authorize these subscriptions on the client. IM

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
209
 Authorization Policy Setup On IM and Presence Service

and Presence Service only prompts the user to authorize the subscription of a contact in the local enterprise
if the contact is on the blocked list for the user. This is the default authorization behavior for SIP-based clients
on IM and Presence Service, and you cannot configure this behavior.
In the XMPP network, it is standard behavior for the node to send all presence subscriptions to the client, and
the client prompts the user to authorize or reject the subscription. To allow enterprises to deploy IM and
Presence Service with a mix of SIP-based and XMPP-based clients (to align the authorization policy for both
client types), Cisco provides the following automatic authorization setting on IM and Presence Service:
• When you turn on automatic authorization, IM and Presence Service automatically authorizes all presence
subscription requests it receives from both XMPP-based clients and SIP-based in the local enterprise.
This is the default setting on IM and Presence Service.
• When you turn off automatic authorization, IM and Presence Service only supports XMPP-based clients.
For XMPP-based clients, IM and Presence Service sends all presence subscriptions to the client, and
the client prompts the user to authorize or reject the presence subscription. SIP-based clients will not
operate correctly on IM and Presence when you turn off automatic authorization.

Caution If you turn off automatic authorization, SIP-based clients are not supported. Only XMPP-based clients
are supported when you turn off automatic authorization.

User Policy and Automatic Authorization

In addition to reading the automatic authorization policy, IM and Presence Service reads the policy settings
for the user to determine how to handle presence subscription requests. Users configure the policy settings
from the Cisco Jabber client. A user policy contains the following configuration options:
• Blocked list - a list of local and external (federated) users that will always see the availability status of
the user as unavailable regardless of the true status of the user. The user can also block a whole federated
domain.
• Allowed list - a list of local and external users that the user has approved to see their availability. The
user can also allow a whole external (federated) domain.
• Default policy - the default policy settings for the user. The user can set the policy to block all users, or
allow all users.

Note that if you turn off automatic authorization, IM and Presence Service automatically authorizes subscription
requests a user that is on the contact list of another user. This applies to users in the same domain, and users
in different domains (federated users). For example:
• UserA wishes to subscribe the view the availability status of UserB. Automatic authorization is off on
IM and Presence Service, and UserB is not in the Allowed or Blocked list for the UserA.
• IM and Presence Service sends the presence subscription request to the client application of UserB, and
the client application prompts userB to accept or reject the subscription.
• UserB accepts the presence subscription request, and UserB is added to the contact list of UserA.
• UserA is then automatically added to the contact list for UserB without being prompted to authorize the
presence subscription.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
210
 Authorization Policy Setup On IM and Presence Service

IM and Presence Service will automatically add UserA to the contact list of UserB even if the policy for UserB
(i) blocks the external domain, or (ii) the default policy for the user is block all, or (iii) “ask me” is chosen.
If you deploy interdomain federation between a local IM and Presence Service enterprise and a supported
external enterprise, IM and Presence Service does not apply the automatic authorization setting to presence
subscription requests received from external contacts, unless the user has applied a policy on that external
contact or domain. On receipt of a presence subscription request from an external contact, IM and Presence
Service will only send the subscription request to the client application if the user chooses “ask me” to be
prompted to set their own Allow/Block policy for external contacts, and if the external contact or domain is
not in either the Allowed or Blocked list for the user. The client application prompts the user to authorize or
reject the subscription.

Note IM and Presence Service uses common user policies for both availability and instant messages.

Related Topics
http://www.cisco.com/en/US/products/ps6837/products_user_guide_list.html
IM and Presence Service Configuration Guides

Configure Authorization Policy on IM and Presence Service

You can turn on automatic authorization so that IM and Presence Service automatically authorizes all presence
subscription requests it receives from both XMPP-based clients and SIP-based in the local enterprise. If you
turn off automatic authorization, IM and Presence Service only supports XMPP-based clients and sends all
presence subscriptions to the client where the user is prompted to authorize or reject the presence subscription.

Tip See the Online Help topic in the Cisco Unified CM IM and Presence Administration interface for a
definition of all the parameters on this window.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Presence > Settings.
Step 2 Configure the authorization policy. Perform one of the following actions:
• To turn on automatic authorization, check Allow users to view the availability of other users without
being prompted for approval.
• To turn off automatic authorization, uncheck Allow users to view the availability of other users
without being prompted for approval..

Step 3 Click Save.

Step 4 Restart the Cisco XCP Router service.

What to Do Next
Proceed to configure the SIP publish trunk on IM and Presence Service.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
211
 Bulk Rename User Contact IDs

Related Topics
Restart Cisco XCP Router Service, on page 60
IM Setup On IM and Presence Service, on page 144

Bulk Rename User Contact IDs

The IM and Presence Service Bulk Assignment Tool allows you to rename the contact ID (JID) in user contact
lists from one format to another. For example, you can rename a user’s contact ID from
[email protected] to [email protected] and the Bulk Administration Tool will update each
user’s contact list with the new contact ID.

Caution Bulk rename of contact IDs is used in the migration of users from a Microsoft server (for example Lync)
to IM and Presence Service Service. See the Partitioned Intradomain Federation Guide on Cisco.com for
detailed instructions of how this tool should be used as part of the user migration process. Using this tool
in any other circumstances is not supported.

Before you can run this job, you must upload a file containing a list of contact IDs and the corresponding new
format of each of those contact IDs. The file must be a CSV file with the following format:
<Contact ID>, <New Contact ID>
where <Contact ID> is the existing contact ID and <New Contact ID> is the new format of the contact ID.
From Release 10.0 the <Contact ID> is the user's IM address as it appears on the Presence Topology User
Assignment window.
The following is a sample CSV file with one entry:
Contact ID, New Contact ID
[email protected], [email protected]
Complete the following procedure to upload the CSV file and rename the contact IDs for a list of users.

Procedure

Step 1 Upload the CSV file with the list of contact IDs that you want to rename in all contact lists. Do the following:
a) On the IM and Presence database publisher node, choose Cisco Unified CM IM and Presence
Administration > Bulk Administration > Upload/Download Files.
b) Click Add New.
c) Click Browse to locate and choose the CSV file.
d) Choose Contacts as the Target.
e) Choose Rename Contacts – Custom File as the Transaction Type.
f) Click Save to upload the file.
Step 2 On the publisher node, choose Cisco Unified CM IM and Presence Administration > Bulk Administration
> Contact List > Rename Contacts.
Step 3 In the File Name field, choose the file that you uploaded.
Step 4 Choose one of the following actions:
• Click Run Immediately to execute the Bulk Administration job immediately.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
212
 Bulk Export User Contact Lists

• Click Run Later to schedule a time to execute the Bulk Administration job. For more information about
scheduling jobs in the Bulk Administration Tool, see the Online Help in Cisco Unified CM IM and
Presence Administration.

Step 5 Click Submit. If you chose to run the job immediately, the job runs after you click Submit.

Bulk Export User Contact Lists

The IM and Presence Service Bulk Administration Tool (BAT) allows you to export the contact lists of users
who belong to a particular node or presence redundancy group to a CSV data file. You can then use BAT to
import the user contact lists to another node or presence redundancy group in a different cluster. The BAT
user contact list export and import features facilitate the moving of users between clusters. See topics related
to bulk imports of user contact lists for more information.
From IM and Presence Service Release 11.5(0), you can also export non-presence contact lists. For further
information, see Bulk Export Non-Presence Contact Lists, on page 214

Note Users on contact lists who do not have an IM address, will not be exported.

BAT allows you to find and choose the users whose contact lists you want to export. The user contact lists
are exported to a CSV file with the following format:
<User ID>,<User Domain>,<Contact ID>,<Contact Domain>,<Nickname>,<Group Name>

The following table describes the parameters in the export file.

Parameter Description
User ID The user ID of the IM and Presence Service user.
Note This value is the user portion of the user's IM
address.
User Domain The Presence domain of the IM and Presence Service user.
Note This value is the domain portion of the user's IM address.
Example 1: [email protected]—bjones is the user ID and
example.com is the user domain.
Example 2: bjones@[email protected]—bjones@usa is the user ID
and example.com is the user domain.

Contact ID The user ID of the contact list entry.

Contact Domain The Presence domain of the contact list entry.
Nickname The nickname of the contact list entry.
If the user has not specified a nickname for a contact, the Nickname parameter
will be blank.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
213
 Bulk Export Non-Presence Contact Lists

Parameter Description
Group Name The name of the group to which the contact list entry is to be added.
If a user’s contacts are not sorted into groups, the default group name will be
specified in the Group Name field.

The following is a sample CSV file entry:

userA,example.com,userB,example.com,buddyB,General

Complete the following procedure to export user contact lists with BAT and download the export file.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Contact List >
Export.
Step 2 Use the selection criteria to find the users whose contact lists you want to export. See the Online Help topic
in the Cisco Unified CM IM and Presence Administration interface for more information about finding and
selecting users.
Step 3 Click Next.
Step 4 In the File Name field, enter a name for the CSV file.
Step 5 Choose one of the following:
• Click Run Immediately to execute the Bulk Administration job immediately.
• Click Run Later to schedule a time to execute the Bulk Administration job. For more information about
scheduling jobs in BAT, see the Online Help in Cisco Unified CM IM and Presence Administration.

Step 6 Click Submit. If you chose to run the job immediately, the job runs after you click Submit.
Step 7 To download the export file after the job has run, choose Cisco Unified CM IM and Presence Administration
> Bulk Administration > Upload/Download Files.
Step 8 Find and choose the export file that you want to download.
Step 9 Click Download Selected.

Bulk Export Non-Presence Contact Lists

With the BAT, you can also export all local cluster user's non-presence contact lists to a CSV data file.
Non-presence contacts are contacts who do not have a IM address and can only be exported using this procedure.
The non-presence user contact lists are exported to a CSV file with the following format:
<User JID>,<Contact JID>,<Group Name>,<Content Type>,<Version>,<Info>

The following table describes the parameters in the export file:

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
214
 Bulk Export Non-Presence Contact Lists

Parameter Description
User JID The User JID. This is the IM address of the user.

Contact JID The User JID of the contact list entry, if available,
otherwise it is the UUID.

Group Name The name of the group to which the contact list entry
is to be added.

Content Type The text mime type and subtype used in the info field.

Version The content type used in the info field.

Info The contact information of the contact list entry in

vCard format.

The following is a sample CSV file entry:

[email protected],ce463d44-02c3-4975-a37f-d4553e3f17e1,group01,text/directory,3,BEGIN:VCARD
ADR;TYPE=WORK:ADR\;WORK:\;\;123 Dublin rd\,\;Oranmore\;Galway\;\;Ireland
EMAIL;TYPE=X-CUSTOM1;X LABEL=Custom:[email protected] N:test;user;;; NICKNAME:pizzaguy01
ORG:ABC TEL;TYPE=WORK,VOICE:5323534535 TITLE:QA VERSION:3.0 END:VCARD

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Contact > Export
Non-presence Contact List.
Step 2 In the File Name field, enter a name for the CSV file.
Step 3 Choose one of the following:
• Click Run Immediately to execute the Bulk Administration Job immediately.
• Click Run Later to schedule a time to execute the Bulk Administration job. For more information about
scheduling jobs in BAT, see the Online Help in Cisco Unified CM IM and Presence Administration.

Step 4 Click Submit. If you chose to run the job immediately, the job runs after you click Submit.
Step 5 To download the export file after the job has run, choose Cisco Unified CM IM and Presence Administration
> Bulk Administration > Upload/Download Files.
Step 6 Find and choose the export file that you want to download.
Step 7 Click Download Selected.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
215
 Bulk Import Of User Contact Lists

Bulk Import Of User Contact Lists

You can use the IM and Presence Service Bulk Assignment Tool (BAT) to import user contact lists into IM
and Presence Service. With this tool, you can prepopulate contact lists for new IM and Presence Service client
users or add to existing contact lists. To import user contact lists, you must provide BAT with an input file
that contains the user contact lists.
The input file must be a CSV file in the following format:
<User ID>,<User Domain>,<Contact ID>,<Contact Domain>,<Nickname>,<Group Name>

The following is a sample CSV file entry:

userA,example.com,userB,example.com,buddyB,General
The following table describes the parameters in the input file.

Table 20: Description of Input File Parameters

Parameter Description
User ID This is a mandatory parameter.
The user ID of the IM and Presence Service user. It can have a
maximum 132 characters.
Note This value is the user portion of the user's IM
address.
User Domain This is a mandatory parameter.
The Presence domain of the IM and Presence Service user. It can
have a maximum of 128 characters.
Note This value is the domain portion of the user's IM address.
Example 1: [email protected]—bjones is the
user ID and example.com is the user domain.
Example 2:
bjones@[email protected]—bjones@usa is the
user ID and example.com is the user domain.

Contact ID This is a mandatory parameter.

The user ID of the contact list entry. It can have a maximum of
132 characters.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
216
 Bulk Import Of User Contact Lists

Parameter Description
Contact Domain This is a mandatory parameter.
The Presence domain of the contact list entry. The following
restrictions apply to the format of the domain name:
• Length must be less than or equal to 128 characters
• Contains only numbers, upper- and lowercase letters, and
hyphens (-)
• Must not start or end with hyphen (-)
• Length of label must be less than or equal to 63 characters
• Top-level domain must be characters only and have at least
two characters

Nickname The nickname of the contact list entry. It can have a maximum of
255 characters.

Group Name This is a mandatory parameter.

The name of the group to which the contact list entry is to be
added. It can have a maximum of 255 characters.

Note If you are moving users to another node or presence redundancy group in a different cluster, you can use
BAT to generate the CSV file for chosen users. See topics related to bulk exports of user contact lists for
more information.

Complete the following steps to import user contact lists into IM and Presence Service:
• Check the maximum contact list size.
• Upload the input file using BAT.
• Create a new bulk administration job.
• Check the results of the bulk administration job.

Before You Begin

Before you import the user contact lists, you must complete the following:
1 Provision the users on Cisco Unified Communications Manager.
2 Ensure that the users are licensed on Cisco Unified Communications Manager for the IM and Presence
Service.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
217
 Bulk Import Of User Contact Lists

Note The default contact list import rate is based on the virtual machine deployment hardware type. You can
change the contact list import rate by choosing Cisco Unified CM IM and Presence Administration >
System > Service Parameters > Cisco Bulk Provisioning Service. However, if you increase the default
import rate, this will result in higher CPU and memory usage on IM and Presence Service.

Check Maximum Contact List Size

Before you import contact lists to IM and Presence Service, check the Maximum Contact List Size and
Maximum Watchers settings. The system default value is 200 for Maximum Contact List Size and 200 for
Maximum Watchers.
Cisco recommends that you set the Maximum Contact List Size and Maximum Watchers settings to Unlimited
while importing user contact lists to IM and Presence Service. This ensures that each migrated user contact
list is fully imported. After all users have migrated, you can reset the Maximum Contact List Size and Maximum
Watchers settings to the preferred values.

Note It is possible to exceed the maximum contact list size without losing data when importing contact lists
using BAT; however, Cisco recommends temporarily increasing the Maximum Contact List Size setting
or setting the value to Unlimited for the import. You can reset the maximum value after the import is
complete.

You only need to check the maximum contact list size on those clusters that contain users for whom you wish
to import contacts. When you change Presence settings, the changes are applied to all nodes in the cluster;
therefore you only need to change these settings on the IM and Presence database publisher node within the
cluster.

What To Do Next
Upload the input file using BAT.

Related Topics
Configure Maximum Contact List Size Per User, on page 142
Configure Maximum Number of Watchers Per User, on page 143

Upload Input File Using BAT

The following procedure describes how to upload the CSV file using BAT.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
218
 Bulk Import Of User Contact Lists

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Upload/Download
Files.
Step 2 Click Add New.
Step 3 Click Browse to locate and choose the CSV file.
Step 4 Choose Contact Lists as the Target.
Step 5 Choose Import Users’ Contacts – Custom File as the Transaction Type.
Step 6 Click Save to upload the file.

What to Do Next
Create a new bulk administration job.

Create New Bulk Administration Job

The following procedure describes how to create a new bulk administration job in Cisco Unified CM IM and
Presence Administration.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Contact List >
Update.
Step 2 From the File Name drop-down list, choose the file to import.
Step 3 In the Job Description field, enter a description for this Bulk Administration job.
Step 4 Choose one of the following:
• Click Run Immediately to execute the Bulk Administration job immediately.
• Click Run Later to schedule a time to execute the Bulk Administration job. For more information about
scheduling jobs in BAT, see the Online Help in Cisco Unified CM IM and Presence Administration.

Step 5 Click Submit. If you chose to run the job immediately, the job runs after you click Submit.

What to Do Next
Check the results of the bulk administration job.

Check Results of Bulk Administration Job

When the Bulk Administration job is complete, the IM and Presence Service BAT tool writes the results of
the contact list import job to a log file. The log file contains the following information:
• The number of contacts that were successfully imported.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
219
 Bulk Import of User Non-Presence Contact Lists

• The number of internal server errors that were encountered while trying to import the contacts.
• The number of contacts that were not imported (ignored). The log file lists a reason for each ignored
contact at the end of the log file. The following are the reasons for not importing a contact:
◦Invalid format - invalid row format, for example, a required field is missing or empty
◦Invalid contact domain - the contact domain is in an invalid format. See topics related to bulk
import of user contact lists for the valid format of the contact domain
◦Cannot add self as a contact - you cannot import a contact for a user if the contact is the user
◦User’s contact list is over limit - the user has reached the maximum contact list size and no more
contacts can be imported for that user
◦User is not assigned to local node - the user is not assigned to the local node

• The number of contacts in the CSV file that were unprocessed due to an error that caused the BAT job
to finish early. This error rarely occurs.

Complete the following procedure to access this log file.

Procedure

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Job Scheduler.
Step 2 Click Find and choose the job ID of the contact list import job.
Step 3 Click the Log File Name link to open the log.

Bulk Import of User Non-Presence Contact Lists

You can use the IM and Presence Service Bulk Assignment Tool (BAT) to import user none-presence contact
lists into IM and Presence Service. With this tool, you can prepopulate contact lists for new IM and Presence
Service client users or add to existing non-presence contact lists. To import user non-presence contact lists,
you must provide BAT with an input file that contains the user contact lists.
The input file must be a CSV file in the following format:
<User JID>,<Contact JID>,<Group Name>,<Content Type>,<Version>,<Info>

The following is a sample CSV file entry:

[email protected],ce463d44-02c3-4975-a37f-d4553e3f17e1,group01,text/directory,3,BEGIN:VCARD
ADR;TYPE=WORK:ADR\;WORK:\;\;123 Dublin rd\,\;Oranmore\;Galway\;\;Ireland
EMAIL;TYPE=X-CUSTOM1;X LABEL=Custom:[email protected] N:test;user;;; NICKNAME:pizzaguy01
ORG:ABC TEL;TYPE=WORK,VOICE:5323534535 TITLE:QA VERSION:3.0 END:VCARD

Caution We recommend that you do not manually modify the CSV file, due to the size of the file itself and the
risk of corrupting the vCard information.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
220
 Bulk Import of User Non-Presence Contact Lists

The following table describes the parameters in the input file for non-presence contacts:

Table 21: Description of Input File Parameters for Non-Presence Contact Lists

Parameter Description
User JID The User JID. This is the IM address of the user.

Contact JID The User JID of the contact list entry, if available,
otherwise it is the UUID.

Group Name The name of the group to which the contact list entry
is to be added.

Content Type The text mime type and subtype used in the info field.

Version The content type used in the info field.

Info The contact information of the contact list entry in

vCard format.

Note If you are moving users to another node or presence redundancy group in a different cluster, you can use
BAT to generate the CSV file for chosen users. See topics related to bulk exports of user contact lists for
more information.

Complete the following steps to import user contacts lists into IM and Presence Service:
• Upload the non-presence contacts list input file using BAT. See Upload Non-Presence Contacts Input
File using BAT, on page 221
• Create a new bulk administration job for non-presence contact lists. See Create New Bulk Administration
Job for Non-presence Contact Lists, on page 222
• Check the results of the bulk administration job. See Check Results of Bulk Administration Job, on
page 219

Upload Non-Presence Contacts Input File using BAT

The following procedure describes how to upload the CSV file using BAT for Non-Presence Contacts.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
221
 Duplicate User ID and Directory URI Management

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Upload/Download
Files.
Step 2 Click Add New.
Step 3 Click Browse to locate and choose the CSV file.
Step 4 Choose Non-presence Contact Lists as the Target.
Step 5 Choose Import Users’ Non Presence Contacts as the Transaction Type.
Step 6 Click Save to upload the file.

Create New Bulk Administration Job for Non-presence Contact Lists

The following procedure describes how to create a new bulk administration job in Cisco Unified CM IM and
Presence Administration.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Contact
Non-presence List > Import Non-presence Contact List.
Step 2 From the File Name drop-down list, choose the file to import.
Step 3 In the Job Description field, enter a description for this Bulk Administration job.
Step 4 Choose one of the following:
• Click Run Immediately to execute the Bulk Administration job immediately.
• Click Run Later to schedule a time to execute the Bulk Administration job. For more information about
scheduling jobs in BAT, see the Online Help in Cisco Unified CM IM and Presence Administration.

Step 5 Click Submit. If you chose to run the job immediately, the job runs after you click Submit.

Duplicate User ID and Directory URI Management

The Cisco IM and Presence Data Monitor service checks for duplicate user IDs and empty or duplicate directory
URIs across all IM and Presence Service intercluster nodes. If any errors are detected, IM and Presence Service
raises an alarm in the software. Cisco recommends that you take immediate action to remedy these errors to
avoid communications disruptions for these users.
You can monitor the status of duplicate user IDs and directory URI checks from the System Troubleshooter
using Cisco Unified CM IM and Presence Administration GUI. You can also set the time interval for user ID
and directory URI checks using the GUI.
To gather specific information about which users caused these alarms, use the Command Line Interface. Use
the Real-Time Monitoring Tool to monitor system alarms and alerts.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
222
 Duplicate User ID and Directory URI Management

For more information about using the command line interface to validate user IDs or directory URIs, see the
Command Line Interface Guide for Cisco Unified Communications Solutions. For information about using
the Real-Time Monitoring Tool, see the Cisco Unified Real-Time Monitoring Tool Administration Guide.

User ID and Directory URI Monitoring

The Cisco IM and Presence Data Monitor service checks the Active directory entries for duplicate user IDs
and empty or duplicate directory URIs for all IM and Presence Service intercluster nodes. Duplicate user IDs
or directory URIs are not possible within a cluster; however, it is possible to unintentionally assign the same
user ID or directory URI value to users on different clusters in an intercluster deployment.
You can use the System Troubleshooter in Cisco Unified CM IM and Presence Administration GUI to monitor
the status of duplicate user IDs and directory URI checks. The time interval for these user ID and directory
URI checks are set using Cisco Unified CM IM and Presence Administration GUI. The valid range is from
5 minutes to 1440 minutes (12 hours). The default is 30 minutes.
If errors are detected, IM and Presence Service raises an alarm in the software.
DuplicateDirectoryURI
This alert indicates that there are multiple users within the intercluster deployment that are assigned
the same directory URI value when the Directory URI IM Address scheme is configured.
DuplicateDirectoryURIWarning
This warning indicates that there are multiple users within the intercluster deployment that are assigned
the same directory URI value when the userID@Default_Domain IM Address scheme is configured.
DuplicateUserid
This alert indicates there are duplicate user IDs assigned to one or more users on different clusters
within the intercluster deployment.
InvalidDirectoryURI
This alert indicates that one or more users within the intercluster deployment are assigned an empty or
invalid directory URI value when the Directory URI IM Address scheme is configured.
InvalidDirectoryURIWarning
This warning indicates that one or more users within the intercluster deployment are assigned an empty
or invalid directory URI value when the userID@Default_Domain IM Address scheme is configured.

To gather specific information about which users have these alarm conditions, use the Command Line Interface
for a complete listing. System alarms do not provide details about the affected users and the System
Troubleshooter displays details for only up to 10 users. Use the Command Line Interface and validate users
to gather information about which users caused an alarm. For more information, see the Command Line
Interface Guide for Cisco Unified Communications Solutions.

Caution Take the appropriate action to fix duplicate user IDs and duplicate or invalid Directory URIs to avoid
communications disruptions for the affected users. To modify user contact information, see the Cisco
Unified Communications Manager Administration Guide.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
223
 Duplicate User ID and Directory URI Management

User ID and Directory URI Error Conditions

The following table describes user ID and directory URI error conditions that can occur when a system check
for duplicate user IDs and duplicate or invalid directory URIs is performed on an intercluster deployment.
The alarms that are raised are listed, as well as suggested actions to take to correct the error.

Table 22: User ID and Directory URI Error Conditions

Error Condition Description Suggested Action

Duplicate user IDs Duplicate user IDs are assigned to one or more users If the DuplicateUserid alert is raised, take
on different clusters within the intercluster deployment. immediate action to correct the issue. Each user
The affected users may be homed on an intercluster within the intercluster deployment must have a
peer. unique user ID.
Related alarms:
DuplicateUserid

Duplicate directory URIs Multiple users within the intercluster deployment are If your system is configured to use the Directory
assigned the same directory URI value. The affected URI IM address scheme and the
users may be homed on an intercluster peer. DuplicateDirectoryURI alert is raised, take

Related alarms: immediate action to correct the issue. Each user

must be assigned a unique directory URI.
• DuplicateUserid
If your system is configured to use the
• DuplicateDirectoryURIWarning userID@Default_Domain IM address scheme
and duplicate directory URIs are detected, the
DuplicateDirectoryURIWarning warning is
raised and no immediate action is required;
however, Cisco recommends that you resolve the
issue.

Invalid directory URIs One or more users within the deployment are assigned If your system is configured to use the Directory
an invalid or empty directory URI value. A URI that is URI IM address scheme and the following alert
not in the user@domain format is an invalid Directory is raised, take immediate action to correct the
URI. The affected users may be homed on an issue:InvalidDirectoryURI.
intercluster peer.
If your system is configured to use the
Related alarms: userID@Default_Domain IM address scheme
and invalid directory URIs are detected, the
• InvalidDirectoryURI
InvalidDirectoryURIWarning warning is raised
• InvalidDirectoryURIWarning and no immediate action is required; however,
Cisco recommends that you resolve the issue.

User ID and Directory URI Validation and Modification

Cisco recommends that you perform a check for duplicate user information rather than wait for alarms to be
raised in the system, especially after adding new users or when migrating contact lists.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
224
 Duplicate User ID and Directory URI Management

You can use the System Troubleshooter in the Cisco Unified CM IM and Presence Administration GUI to
view a summary of user ID and Directory URI errors. For a more detailed and comprehensive report, use the
CLI command to validate IM and Presence Service users.
If any users are identified as having duplicate or invalid information, you can modify the user records in Cisco
Unified Communications Manager using the End User Configuration window, (User Management >
EndUser). Ensure that all users have a valid user ID or Directory URI value as necessary. For more information,
see the Cisco Unified Communications Manager Administration Guide.

User ID and Directory URI CLI Validation Examples

The CLI command to validate IM and Presence Service users to identify users that have duplicate user IDs
and duplicate or invalid Directory URIs is utils users validate { all | userid | uri }. For more information
about using the CLI and command descriptions, see the Command Line Interface Guide for Cisco Unified
Communications Solutions.

CLI Example Output Showing User ID Errors

Users with Duplicate User IDs
---------------------------------------------
User ID: user3
Node Name
cucm-imp-1
cucm-imp-2

CLI Example Output Showing Directory URI Errors

Users with No Directory URI Configured
-----------------------------------------------------
Node Name: cucm-imp-2
User ID
user4

Users with Invalid Directory URI Configured

-----------------------------------------------------
Node Name: cucm-imp-2
User ID Directory URI
user1 asdf@ASDF@asdf@ADSF@cisco

Users with Duplicate Directory URIs

-----------------------------------------------------
Directory URI: [email protected]
Node Name User ID
cucm-imp-1 user4
cucm-imp-2 user3

Set User Check Interval

Use Cisco Unified CM IM and Presence Administration to set the time interval for the Cisco IM and Presence
Data Monitor service to check all nodes and clusters in your deployment for duplicate user IDs and directory
URIs.
Enter the time interval in minutes using integers. The valid range is from 5 to 1440. The default is 30 minutes.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
225
 Duplicate User ID and Directory URI Management

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > System > Service Parameters.
Step 2 Choose Cisco IM and Presence Data Monitor in the Service field.
Step 3 Enter an integer from 5 through 1440 as the User Check Interval and click Save.

Validate User IDs and Directory URIs Using System Troubleshooter

Use the System Troubleshooter in the Cisco Unified CM IM and Presence Administration GUI to view the
status of the system checks which identify duplicate user IDs and duplicate or invalid directory URIs across
all nodes and clusters in the deployment.
For a more detailed and comprehensive report, use the CLI command to validate IM and Presence Service
users. For more information about using the CLI and command details, see the Command Line Interface Guide
for Cisco Unified Communications Solutions.

Procedure

Step 1 Choose Cisco Unified CM IM and Presence Administration > Diagnostics > System Troubleshooter.
Step 2 Monitor the status of user IDs and Directory URIs in the User Troubleshooter area.
The Problem column is populated if the system check detects any issues.
• Verify all users have a unique User ID configured.
• Verify all users have a Directory URI configured.
• Verify all users have a unique Directory URI configured.
• Verify all users have a valid Directory URI configured.
• Verify all users have a unique Mail ID configured.

Note Duplicate mail IDs impact both Email Address for Federation and Exchange Calendar integration
features.

If duplicate or invalid user information is detected, perform the recommended solution. To troubleshoot
UserID and directory URI errors, see topics related to troubleshooting.

Tip Clicking the fix link in the Solution column redirects you to the End User Configuration window in
Cisco Unified Communications Manager Administration where you can locate and reconfigure user
profiles. For detailed user validation information, use the CLI command to validate users.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
226
 Duplicate User ID and Directory URI Management

Note The user ID and directory URI fields in the user profile may be mapped to the LDAP Directory. In that
case, apply the fix in the LDAP Directory server.

Related Topics
Received Duplicate UserID Error, on page 253
Received Duplicate or Invalid Directory URI Error, on page 254

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
227
 Duplicate User ID and Directory URI Management

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
228
 CHAPTER 17
User Migration
• User Migration Between IM and Presence Service Clusters, page 229

User Migration Between IM and Presence Service Clusters

This section describes how to migrate users between IM and Presence Service clusters. You must complete
the following procedures in the order in which they are presented:
1 Export the contact lists of the migrating users from their current home cluster.
2 Disable the migrating users for IM and Presence Service and Cisco Jabber on their current home cluster
from Cisco Unified Communications Manager.
3 If LDAP Sync is enabled on Cisco Unified Communications Manager:
• move the users to the new Organization Unit, from which their new cluster synchronizes its
information
• synchronize the users to the new home Cisco Unified Communications Manager.

4 If LDAP Sync is not enabled on Cisco Unified Communications Manager, manually provision the migrating
users on Cisco Unified Communications Manager.
5 Enable users for IM and Presence Service and Cisco Jabber.
6 Import contact lists to the new home cluster to restore contact list data for migrated users.

Before You Begin

Complete the following tasks:
• Perform a full DRS of the current cluster and the new home cluster. See the Disaster Recovery System
Administration Guide for more information.
• Ensure that the following services are running:
◦Cisco Intercluster Sync Agent
◦Cisco AXL Web Service
◦Cisco Sync Agent

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
229
 User Migration Between IM and Presence Service Clusters

• Run the Troubleshooter and ensure that there are no Intercluster Sync Agent issues reported. All
Intercluster Sync Agent issues reported on the Troubleshooter must be resolved before proceeding with
this procedure.
• Cisco recommends that the Allow users to view the availability of other users without being prompted
for approval setting is enabled. To enable this setting, choose Cisco Unified CM IM and Presence
Administration > Presence > Settings. Any change to this setting requires a restart of the Cisco XCP
Router.
• Cisco recommends that the following settings are set to No Limit:
◦Maximum Contact List Size (per user)
◦Maximum Watchers (per user)
To configure these settings, choose Cisco Unified CM IM and Presence Administration >
Presence > Settings.

• Ensure that the users to be migrated are licensed for Cisco Unified Presence or Cisco Jabber on their
current (pre-migration) home cluster only. If these users are licensed on any other cluster, they need to
be fully unlicensed before proceeding with the following procedures.

Unassign Users From Current Cluster

Complete this procedure to unassign the migrating users from their current cluster.

Procedure

Step 1 Choose Cisco Unified CM Administration > User Management > Assign Presence Users.
Step 2 Choose the users that you want to migrate to a remote IM and Presence cluster.
Step 3 Click Assign Selected Users and in the next dialog box, click Unassigned.
Step 4 Click Save.

What to Do Next
Proceed to export your user contact lists.

Export User Contact Lists

Complete this procedure to export the contact lists of the migrating from their current cluster.

Procedure

Step 1 Export the contact lists of the migrating users from the current home cluster.
a) Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Contact List
> Export.
b) Choose All unassigned users in the cluster and click Find.
c) Review the results and use the AND/OR filter to filter the search results as required.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
230
 User Migration Between IM and Presence Service Clusters

d) When the list is complete, click Next.

e) Choose a filename for the exported contact list data.
f) Optionally update the Job Description.
g) Click Run Now or schedule the job to run later.
Step 2 Monitor the status of the contact list export job.
a) Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Job Scheduler.
b) Click Find to list all BAT jobs.
c) Find your contact list export job and when it is reported as completed, choose the job.
d) Choose the CSV File Name link to view the contents of the contact list export file. Note that a timestamp
is appended to the filename.
e) From the Job Results section, choose the log file to see a summary of what was uploaded. The job begin
and end time is listed and a result summary for the job is presented.
Step 3 Download the contact list export file and store it for use later when the user migration is complete.
a) Choose Cisco Unified CM IM and Presence Administration > Bulk Administration >
Upload/Download Files.
b) Click Find.
c) Choose the contact list export file and click Download Selected.
d) Save the CSV file locally for upload later in the procedure.

What to Do Next
Proceed to unlicense the users.

Disable Users for IM and Presence Service

The following procedure describes how to disable a migrating user for IM and Presence Service and Cisco
Jabber on their current home cluster.
For information about how to update users in bulk, see the Cisco Unified Communications Manager Bulk
Administration Guide.

Procedure

Step 1 Choose Cisco Unified CM Administration > User Management > End User.
Step 2 Use the filters to find the user that you want to disable for IM and Presence Service.
Step 3 In the End User Configuration screen, uncheck Enable User for Unified CM IM and Presence.
Step 4 Click Save.

Move Users to New Cluster

The procedure to move the users to the new cluster differs depending on whether LDAP Sync is enabled on
Cisco Unified Communications Manager.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
231
 User Migration Between IM and Presence Service Clusters

LDAP Sync Enabled on Cisco Unified Communications Manager

If LDAP Sync is enabled on Cisco Unified Communications Manager, you must move users to the new
Organizational Unit and synchronize the users to the new home cluster.

Move Users To New Organizational Unit

If LDAP Sync is enabled on Cisco Unified Communications Manager, you must move the users to the new
Organizational Unit (OU) from which their new cluster synchronizes if the deployment uses a separate LDAP
structure (OU divided) for each cluster, where users are only synchronized from LDAP to their home cluster.

Note You do not need to move the users if the deployment uses a flat LDAP structure, that is, all users are
synchronized to all Cisco Unified Communications Manager and IM and Presence Service clusters where
users are licensed to only one cluster.

For more information about how to move the migrating users to the relevant OU of the new home cluster, see
the LDAP Administration documentation.
After you move the users, you must delete the LDAP entries from the old LDAP cluster.

What to Do Next
Proceed to synchronize the users to the new home cluster.

Synchronize Users To New Home Cluster

If LDAP is enabled on Cisco Unified Communications Manager, you must synchronize the users to the new
home Cisco Unified Communications Manager cluster. You can do this manually on Cisco Unified
Communications Manager or you can wait for a scheduled synchronization on Cisco Unified Communications
Manager.
To manually force the synchronization on Cisco Unified Communications Manager, complete the following
procedure.

Procedure

Step 1 From Cisco Unified CM Administration, choose System > LDAP > LDAP Directory.
Step 2 Click Perform Full Sync Now.

What to Do Next
Proceed to enable users for IM and Presence Service and license users on the new cluster.

Related Topics
Enable Users For IM and Presence Service On New Cluster, on page 233

LDAP Sync Not Enabled On Cisco Unified Communications Manager

If LDAP Sync is not enabled on Cisco Unified Communications Manager, you must manually provision the
users on the new Cisco Unified Communications Manager cluster. See the Cisco Unified Communications
Manager Administration Guide for more information.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
232
 User Migration Between IM and Presence Service Clusters

Enable Users For IM and Presence Service On New Cluster

When the users have been synchronized, or manually provisioned, on the new home cluster, you must enable
the users for IM and Presence Service and Cisco Jabber.

Procedure

Step 1 From Cisco Unified CM Administration, choose User Management > End User.
Step 2 Use the filters to find the user that you want to enable for IM and Presence Service.
Step 3 In the End User Configuration screen, check Enable User for Unified CM IM and Presence.
Step 4 Click Save.
Step 5 Provision the users on Cisco Unified Communications Manager for Phone and CSF. See the Cisco Unified
Communications Manager Administration Guide for more information.

For information about how to update users in bulk, see the Cisco Unified Communications Manager Bulk
Administration Guide.

What to Do Next
Proceed to import contact lists on the new home cluster.

Import Contact Lists On Home Cluster

You must import the contact lists to restore contact data for the migrated users.

Procedure

Step 1 Upload the previously exported contact list CSV file.

a) Choose Cisco Unified CM IM and Presence Administration > Bulk Administration >
Upload/Download Files.
b) Click Add New.
c) Click Browse to locate and choose the contact list CSV file.
d) Choose Contact Lists as the Target.
e) Choose Import Users’ Contacts - Custom File as the Transaction Type,
f) Optionally check Overwrite File if it exists.
g) Click Save to upload the file.
Step 2 Run the import contact list job.
a) Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Contact List
> Update.
b) Choose the CSV file you uploaded in Step 1.
c) Optionally update the Job Description.
d) To run the job now, click Run Immediately. Click Run Later to schedule the update for a later time.
e) Click Submit.
Step 3 Monitor the contact list import status.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
233
 User Migration Between IM and Presence Service Clusters

a) Choose Cisco Unified CM IM and Presence Administration > Bulk Administration > Job Scheduler.
b) Click Find to list all BAT jobs.
c) Choose the job ID of the contact list import job when its status is reported as complete.
d) To view the contents of the contact list file, choose the file listed at CSV File Name.
e) Click the Log File Name link to open the log.
The begin and end time of the job is listed and a result summary is also displayed.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
234
 CHAPTER 18
Multilingual Support Configuration For IM and
Presence Service
• Locale Installation, page 235
• Install Locale Installer on IM and Presence Service, page 237
• Error Messages, page 238
• Localized Applications, page 240

Locale Installation
You can configure Cisco Unified Communications Manager and IM and Presence Service to support multiple
languages. There is no limit to the number of supported languages you can install.
Cisco provides locale-specific versions of the Cisco Unified Communications Manager Locale Installer and
the IM and Presence Service Locale Installer on www.cisco.com. Installed by the system administrator, the
locale installer allows the user to view/receive the chosen translated text or tones, if applicable, when a user
works with supported interfaces.
After you upgrade Cisco Unified Communications Manager or the IM & Presence Service, you must reinstall
all the locales. Install the latest version of the locales that match the major.minor version number of your
Cisco Unified Communications Manager node or IM and Presence Service node.
Install locales after you have installed Cisco Unified Communications Manager on every node in the cluster
and have set up the database. If you want to install specific locales on IM and Presence Service nodes, you
must first install the Cisco Unified Communications Manager locale file for the same country on the Cisco
Unified Communications Manager cluster.
Use the information in the following sections to install locales on Cisco Unified Communications Manager
nodes and on IM and Presence Service nodes after you complete the software upgrade.

User Locales
User locale files contain language information for a specific language and country. They provide translated
text and voice prompts, if available, for phone displays, user applications, and user web pages in the locale
that the user chooses. These files use the following naming convention:.
• cm-locale-language-country-version.cop (Cisco Unified Communications Manager)

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
235
 Locale Installation

• ps-locale-language_country-version.cop (IM and Presence Service)

If your system requires user locales only, install them after you have installed the CUCM locale.

Network Locales
Network locale files provide country-specific files for various network items, including phone tones,
annunciators, and gateway tones. The combined network locale file uses the following naming convention:
• cm-locale-combinednetworklocale-version.cop (Cisco Unified Communications Manager)

Cisco may combine multiple network locales in a single locale installer.

Note Virtualized deployments of Cisco Unified Communications Manager on Cisco-approved, customer-provided

servers can support multiple locales. Installing multiple locale installers ensures that the user can choose
from a multitude of locales.
You can install locale files from either a local or a remote source by using the same process for installing
software upgrades. You can install more than one locale file on each node in the cluster. Changes do not
take effect until you reboot every node in the cluster. Cisco strongly recommends that you do not reboot
the nodes until you have installed all locales on all nodes in the cluster. Minimize call-processing
interruptions by rebooting the nodes after regular business hours.

Locale Installation Considerations

Install locales after you have installed Cisco Unified Communications Manager on every node in the cluster
and have set up the database. If you want to install specific locales on IM and Presence Service nodes, you
must first install the Cisco Unified Communications Manager locale file for the same country on the Cisco
Unified Communications Manager cluster.
You can install more than one locale file on each node in the cluster. To activate the new locale, you must
restart each node in the cluster after installation.
You can install locale files from either a local or a remote source by using the same process for installing
software upgrades. See the Upgrade Guide for Cisco Unified Communications Manager for more information
about upgrading from a local or a remote source.

Locale Files
Install locales after you have installed Cisco Unified Communications Manager on every node in the cluster
and have set up the database. If you want to install specific locales on IM and Presence Service nodes, you
must first install the Cisco Unified Communications Manager locale file for the same country on the Cisco
Unified Communications Manager cluster.
You can install more than one locale file on each node in the cluster. To activate the new locale, you must
restart each node in the cluster after installation.
When you install locales on a node, install the following files:
• User Locale files - These files contain language information for a specific language and country and use
the following convention:

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
236
 Install Locale Installer on IM and Presence Service

cm-locale-language-country-version.cop (Cisco Unified Communications Manager)

ps-locale-language_country-version.cop (IM and Presence Service)
• Combined Network Locale file - Contains country-specific files for all countries for various network
items, including phone tones, annunciators, and gateway tones. The combined network locale file uses
the following naming convention:
cm-locale-combinednetworklocale-version.cop (Cisco Unified Communications
Manager)

Install Locale Installer on IM and Presence Service

Before You Begin
• Install the Locale Installer on Cisco Unified Communications Manager. If you want to use a locale other
than English, you must install the appropriate language installers on both Cisco Unified Communications
Manager and on IM and Presence Service.
• If your IM and Presence Service cluster has more than one node, make sure that the locale installer is
installed on every node in the cluster (install on the IM and Presence database publisher node before the
subscriber nodes).
• User locales should not be set until all appropriate locale installers are loaded on both systems. Users
may experience problems if they inadvertently set their user locale after the locale installer is loaded on
Cisco Unified Communications Manager but before the locale installer is loaded on IM and Presence
Service. If issues are reported, we recommend that you notify each user to sign into the Cisco Unified
Communications Self Care Portal and change their locale from the current setting to English and then
back again to the appropriate language. You can also use the BAT tool to synchronize user locales to
the appropriate language.
• You must restart the server for the changes to take effect. After you complete all locale installation
procedures, restart each server in the cluster. Updates do not occur in the system until you restart all
servers in the cluster; services restart after the server reboots.

Procedure

Step 1 Navigate to cisco.com and choose the locale installer for your version of IM and Presence Service.
http://software.cisco.com/download/navigator.html?mdfid=285971059

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
237
 Error Messages

Step 2 Click the version of the IM and Presence Locale Installer that is appropriate for your working environment.
Step 3 After downloading the file, save the file to the hard drive and note the location of the saved file.
Step 4 Copy this file to a server that supports SFTP.
Step 5 Sign into Cisco Unified IM and Presence Operating System Administration using the administrator account
and password.
Step 6 Choose Software Upgrades > Install/Upgrade.
Step 7 Choose Remote File System as the software location source.
Step 8 Enter the file location, for example /tmp, in the Directory field.
Step 9 Enter the IM and Presence Service server name in the Server field.
Step 10 Enter your username and password credentials in the User Name and User Password fields.
Step 11 Choose SFTP for the Transfer Protocol.
Step 12 Click Next.
Step 13 Choose the IM and Presence Service locale installer from the list of search results.
Step 14 Click Next to load the installer file and validate it.
Step 15 After you complete the locale installation, restart each server in the cluster.
Step 16 The default setting for installed locales is "English, United States”. While your IM and Presence Service node
is restarting, change the language of your browser, if necessary, to match the locale of the installer that you
have downloaded.
Step 17 Verify that your users can choose the locales for supported products.
Tip Make sure that you install the same components on every server in the cluster.

Error Messages
See the following table for a description of the messages that can occur during Locale Installer activation. If
an error occurs, you can view the messages in the installation log.

Table 23: Locale Installer Messages and Descriptions

Message Description
[LOCALE] File not found: This error occurs when the system cannot locate the CSV file,
<language>_<country>_user_locale.csv, the which contains user locale information to add to the database,
user locale has not been added to the which indicates an error with the build process.
database.

[LOCALE] File not found: This error occurs when the system cannot locate the CSV file,
<country>_network_locale.csv, the network which contains network locale information to add to the
locale has not been added to the database. database This indicates an error with the build process.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
238
 Error Messages

Message Description
[LOCALE] CSV file installer installdb is not You must ensure that an application called installdb is present.
present or not executable It reads information that a CSV file contains and applies it
correctly to the target database. If this application is not found,
it did not get installed with the Cisco Unified Communications
application (very unlikely), has been deleted (more likely),
or the node does not have a Cisco Unified Communications
application, such as Cisco Unified Communications Manager
or IM and Presence Service, installed (most likely). Installation
of the locale will terminate because locales will not work
without the correct records in the database.

[LOCALE] Could not create These errors could occur when the system fails to create a
/usr/local/cm/application_locale/cmservices/ checksum file, which an absent Java executable,
ipma/com/cisco/ipma/client/locales/maDialogs_ /usr/local/thirdparty/java/j2sdk/jre/bin/java,
<ll>_<CC>.properties.Checksum. an absent or damaged Java archive file,
[LOCALE] Could not create /usr/local/cm/jar/cmutil.jar, or an absent or
/usr/local/cm/application_locale/cmservices/ damaged Java class, com.cisco.ccm.util.Zipper,
ipma/com/cisco/ipma/client/locales/maMessages_ causes. Even if these errors occur, the locale will continue to
<ll>_<CC>.properties.Checksum. work correctly, with the exception of Cisco Unified
Communications Manager Assistant, which can not detect a
[LOCALE] Could not create change in localized Cisco Unified Communications Manager
/usr/local/cm/application_locale/cmservices/ Assistant files.
ipma/com/cisco/ipma/client/locales/maGlobalUI_
<ll>_<CC>.properties.Checksum.
[LOCALE] Could not create
/usr/local/cm/application_locale/cmservices/
ipma/LocaleMasterVersion.txt.Checksum.

[LOCALE] Could not find This error occurs when the system does not find the file in
/usr/local/cm/application_locale/cmservices/ the correct location, which is most likely due to an error in
ipma/LocaleMasterVersion.txt in order to the build process.
update Unified CM Assistant locale
information.

[LOCALE] Addition of This error occurs because the collective result of any failure
<locale-installer-file-name> to the database that occurs when a locale is being installed causes it; it
has failed! indicates a terminal condition.

[LOCALE] Could not locate The system will not migrate this locale during an upgrade.
<locale-installer-file-name> The downloaded locale installer file no longer resides in the
download location. The platform may have moved or deleted
it. This is noncritical error indicates that after the Cisco
Unified Communications application has been upgraded, you
need to either reapply the locale installer or download and
apply a new locale installer.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
239
 Localized Applications

Message Description
[LOCALE] Could not copy You cannot copy the downloaded locale installer file to the
<locale-installer-file-name> to migratory migration path. This noncritical error indicates that after the
path. This locale will not be migrated during Cisco Unified Communications application has been upgraded,
an upgrade! you need to either reapply the locale installer or download
and apply a new locale installer.

[LOCALE] DRS unregistration failed The locale installer could not deregister from the Disaster
Recovery System. A backup or restore record will not include
the locale installer. Record the installation log and contact
Cisco TAC.

[LOCALE] Backup failed! The Disaster Recovery System could not create a tarball from
the downloaded locale installer files. Re-apply the local
installer before attempting to back up.
Note Manually reinstalling locales after a system restore
achieves the same goal.
[LOCALE] No COP files found in restored Corruption of backup files may prevent successful extraction
tarball! of locale installer files.
Note Manual reapplication of the locale installer will
restore the locale fully.
[LOCALE] Failed to successfully reinstall Corruption of backup files may damage locale installer files.
COP files! Note Manual reapplication of the locale installer will
restore the locale fully.
[LOCALE] Failed to build script to reinstall The platform could not dynamically create the script used to
COP files! reinstall locales.
Note Manual reapplication of the locale installer will
restore the locale fully. Record the installation log
and contact TAC.

Localized Applications
IM and Presence Service applications support a variety of different languages. See the following table for a
list of localized applications and the available languages.

Table 24: List of Localized Applications and Supported Languages

Interface Supported Languages

Administrative Applications

Cisco Unified CM IM and Presence Chinese (China), English, Japanese (Japan), Korean (Korean
Administration Republic)

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
240
 Localized Applications

Interface Supported Languages

Cisco Unified IM and Presence Chinese (China), English, Japanese (Japan), Korean (Korean
Operating System Republic)

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
241
 Localized Applications

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
242
PART V
Troubleshooting IM and Presence Service
• Troubleshooting High Availability, page 245
• Troubleshooting UserID and Directory URI Errors, page 253
• Traces Used To Troubleshoot IM and Presence Service, page 257
 CHAPTER 19
Troubleshooting High Availability
• View Presence Redundancy Group Node Status, page 245
• Node State Definitions, page 246
• Node States, Causes, and Recommended Actions, page 247

View Presence Redundancy Group Node Status

Use the Cisco Unified CM Administration user interface to view the status of IM and Presence Service
nodes that are members of a presence redundancy group.

Procedure

Step 1 Choose System > Presence Redundancy Groups.

The Find and List Presence Redundancy Groups window displays.

Step 2 Choose the presence redundancy group search parameters, and then click Find.
Matching records appear.

Step 3 Choose a presence redundancy group that is listed in the search results.
The Presence Redundancy Group Configuration window appears. If two nodes are configured in that group
and high availability is enabled, then the status of the nodes within that group are displayed in the High
Availability area.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
245
 Node State Definitions

Node State Definitions

Table 25: Presence Redundancy Group Node State Definitions

State Description
Initializing This is the initial (transition) state when the Cisco Server Recovery Manager
service starts; it is a temporary state.

Idle IM and Presence Service is in Idle state when failover occurs and services are
stopped. In Idle state, the IM and Presence Service node does not provide any
availability or Instant Messaging services. In Idle state, you can manually initiate
a fallback to this node using the Cisco Unified CM Administration user interface.

Normal This is a stable state. The IM and Presence Service node is operating normally.
In this state, you can manually initiate a failover to this node using the Cisco
Unified CM Administration user interface.

Running in Backup This is a stable state. The IM and Presence Service node is acting as the backup
Mode for its peer node. Users have moved to this (backup) node.

Taking Over This is a transition state. The IM and Presence Service node is taking over for its
peer node.

Failing Over This is a transition state. The IM and Presence Service node is being taken over
by its peer node.

Failed Over This is a steady state. The IM and Presence Service node has failed over, but no
critical services are down. In this state, you can manually initiate a fallback to
this node using the Cisco Unified CM Administration user interface.

Failed Over with Critical This is a steady state. Some of the critical services on the IM and Presence Service
Services Not Running node have either stopped or failed.

Falling Back This is a transition state. The system is falling back to this IM and Presence Service
node from the node that is running in backup mode.

Taking Back This is a transition state. The failed IM and Presence Service node is taking back
over from its peer.

Running in Failed Mode An error occurs during the transition states or Running in Backup Mode state.

Unknown Node state is unknown.

A possible cause is that high availability was not enabled properly on the IM and
Presence Service node. Restart the Server Recovery Manager service on both
nodes in the presence redundancy group.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
246
 Node States, Causes, and Recommended Actions

Node States, Causes, and Recommended Actions

You can view the status of nodes in a presence redundancy group on the Presence Redundancy Group
Configuration window when you choose a group using the Cisco Unified CM Administration user interface.

Table 26: Presence Redundancy Group Node High-Availability States, Causes, and Recommended Actions

Node 1 Node 2
State Reason State Reason Cause/Recommended Actions
Normal Normal Normal Normal Normal

Failing On Admin Taking On Admin The administrator initiated a manual failover from
Over Request Over Request node 1 to node 2. The manual failover is in progress.

Idle On Admin Running in On Admin The manual failover from node 1 to node 2 that the
Request Backup Request administrator initiated is complete.
Mode

Taking On Admin Falling On Admin The administrator initiated a manual fallback from
Back Request Back Request node 2 to node 1. The manual fallback is in progress.

Idle Initialization Running in On Admin The administrator restarts the SRM service on node 1
Backup Request while node 1 is in “Idle” state.
Mode

Idle Initialization Running in Initialization The administrator either restarts both nodes in the
Backup presence redundancy group, or restarts the SRM
Mode service on both nodes while the presence redundancy
group was in manual failover mode.

Idle On Admin Running in Initialization The administrator restarts the SRM service on node 2
Request Backup while node 2 is running in backup mode, but before
Mode the heartbeat on node 1 times out.

Failing On Admin Taking Initialization The administrator restarts the SRM service on node 2
Over Request Over while node 2 is taking over, but before the heartbeat
on node1 times out.

Taking Initialization Falling On Admin The administrator restarts the SRM service on node 1
Back Back Request while taking back, but before the heartbeat on node 2
times out. After the taking back process is complete,
both nodes are in Normal state.

Taking Automatic Falling Automatic Automatic Fallback has been initiated from node 2 to
Back Fallback Back Fallback node 1 and is currently in progress.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
247
 Node States, Causes, and Recommended Actions

Node 1 Node 2
State Reason State Reason Cause/Recommended Actions
Failed Over Initialization Running in Critical Node 1 transitions to Failed Over state when either of
or Critical Backup Service the following conditions occur:
Services Mode Down
Down • Critical services come back up due to a reboot
of node 1.
• The administrator starts critical services on node
1 while node 1 is in Failed Over with Critical
Services Not Running state.
When node 1 transitions to Failed Over state the
node is ready for the administrator to perform a
manual fallback to restore the nodes in the
presence redundancy group to Normal state.

Failed Over Critical Running in Critical A critical service is down on node 1. IM and Presence
with Service Backup Service Service performs an automatic failover to node 2.
Critical Down Mode Down Recommended Actions:
Services
not 1 Check node 1 for any critical services that are
Running down and try to manually start those services.
2 If the critical services on node 1 do not start, then
reboot node 1.
3 When all the critical services are up and running
after the reboot, perform a manual fallback to
restore the nodes in the presence redundancy group
to the Normal state.

Failed Over Database Running in Database A database service is down on node 1. IM and
with Failure Backup Failure Presence Service performs an automatic failover to
Critical Mode node 2.
Services Recommended Actions:
not
Running 1 Reboot node 1.
2 When all the critical services are up and running
after the reboot, perform a manual fallback to
restore the nodes in the presence redundancy group
to the Normal state.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
248
 Node States, Causes, and Recommended Actions

Node 1 Node 2
State Reason State Reason Cause/Recommended Actions
Running in Start of Running in Start of Critical services fail to start while a node in the
Failed Critical Failed Critical presence redundancy group is taking back from the
Mode Services Mode Services other node.
Failed Failed Recommended Actions. On the node that is taking
back, perform the following actions:
1 Check the node for critical services that are down.
To manually start these services, click Recovery
in the Presence Redundancy Group
Configuration window.
2 If the critical services do not start, reboot the node.
3 When all the critical services are up and running
after the reboot, perform a manual fallback to
restore the nodes in the presence redundancy group
to the Normal state.

Running in Critical Running in Critical Critical services go down on the backup node. Both
Failed Service Failed Service nodes enter the failed state.
Mode Down Mode Down Recommended Actions:
1 Check the backup node for critical services that
are down. To start these services manually, click
Recovery in the Presence Redundancy Group
Configuration window.
2 If the critical services do not start, reboot the node.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
249
 Node States, Causes, and Recommended Actions

Node 1 Node 2
State Reason State Reason Cause/Recommended Actions
Node 1 is down due to Running in Peer Down Node 2 has lost the heartbeat from node 1. IM and
loss of network Backup Presence Service performs an automatic failover to
connectivity or the SRM Mode node 2.
service is not running. Recommended Action. If node 1 is up, perform the
following actions:
1 Check and repair the network connectivity between
nodes in the presence redundancy group. When
you reestablish the network connection between
the nodes, the node may go into a failed state. Click
Recovery in the Presence Redundancy Group
Configuration window to restore the nodes to the
Normal state.
2 Start the SRM service and perform a manual
fallback to restore the nodes in the presence
redundancy group to the Normal state.
3 (If the node is down) Repair and power up node
1.
4 When the node is up and all critical services are
running, perform a manual fallback to restore the
nodes in the presence redundancy group to the
Normal state.

Node 1 is down (due to Running in Peer IM and Presence Service performs an automatic
possible power down, Backup Reboot failover to node 2 due to the following possible
hardware failure, Mode conditions on node 1:
shutdown, reboot)
• hardware failure
• power down
• restart
• shutdown

Recommended Actions:
1 Repair and power up node 1.
2 When the node is up and all critical services are
running, perform a manual fallback to restore the
nodes in the presence redundancy group to the
Normal state.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
250
 Node States, Causes, and Recommended Actions

Node 1 Node 2
State Reason State Reason Cause/Recommended Actions
Failed Over Initialization Backup Peer Down Node 2 does not see node 1 during startup.
with Mode During Recommended Action:
Critical Initialization
Services When node1 is up and all critical services are running,
not perform a manual fallback to restore the nodes in the
Running presence redundancy group to the Normal state.
OR Failed
Over

Running in Cisco Running in Cisco User move fails during the taking over process.
Failed Server Failed Server Recommended Action:
Mode Recovery Mode Recovery
Manager Manager Possible database error. Click Recovery in the
Take Over Take Over Presence Redundancy Group Configuration
Users Users window. If the problem persists, then reboot the nodes.
Failed Failed

Running in Cisco Running in Cisco User move fails during falling back process.
Failed Server Failed Server Recommended Action:
Mode Recovery Mode Recovery
Manager Manager Possible database error. Click Recovery in the
Take Back Take Back Presence Redundancy Group Configuration
Users Users window. If the problem persists, then reboot the nodes.
Failed Failed

Running in Unknown Running in Unknown The SRM on a node restarts while the SRM on the
Failed Failed other node is in a failed state, or an internal system
Mode Mode error occurs.
Recommended Action:
Click Recovery in the Presence Redundancy Group
Configuration window. If the problem persists, then
reboot the nodes.

Backup Auto Failover Auto The database goes down on the backup node. The peer
Activated Recover Affected Recovery node is in failover mode and can take over for all users
Database Services Database in the presence redundancy group. Auto-recovery
Failure Failure. operation automatically occurs and all users are moved
over to the primary node.

Backup Auto Failover Auto A critical service goes down on the backup node. The
Activated Recover Affected Recover peer node is in failover mode and can take over for all
Database Services Critical users in the presence redundancy group. Auto-recovery
Failure Service operation automatically occurs and all users are moved
Down over to the peer node.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
251
 Node States, Causes, and Recommended Actions

Node 1 Node 2
State Reason State Reason Cause/Recommended Actions
Unknown Unknown Node state is unknown.
A possible cause is that high availability was not
enabled properly on the IM and Presence Service node.
Recommended Action:
Restart the Server Recovery Manager service on both
nodes in the presence redundancy group.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
252
 CHAPTER 20
Troubleshooting UserID and Directory URI Errors
• Received Duplicate UserID Error, page 253
• Received Duplicate or Invalid Directory URI Error, page 254

Received Duplicate UserID Error

Problem I received an alarm indicating that there are duplicate user IDs and I have to modify the contact
information for those users.
Solution Perform the following steps.

1 Use the utils users validate { all | userid | uri } CLI command to generate a list of all users. For more
information about using the CLI, see the Command Line Interface Guide for Cisco Unified Communications
Solutions.
The UserID is entered in the result set and is followed by the list of servers where the duplicate UserIDs
are homed. The following sample CLI output shows UserID errors during output:
Users with Duplicate User IDs
---------------------------------------------
User ID: user3
Node Name
cucm-imp-1
cucm-imp-2

2 If the same user is assigned to two different clusters, then unassign the user from one of the clusters.
3 If different users on different clusters have the same User ID assigned to them, then rename the UserID
value for one of the users to ensure there is no longer any duplication.
4 If the user information is invalid or empty, proceed to correct the user ID information for that user using
the Cisco Unified Communications Manager Administration GUI.
5 You can modify the user records in Cisco Unified Communications Manager using the End User
Configuration window, (User Management > EndUser) to ensure that all users have a valid user ID or
Directory URI value as necessary. For more information, see the Cisco Unified Communications Manager
Administration Guide.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
253
 Received Duplicate or Invalid Directory URI Error

Note The user ID and directory URI fields in the user profile may be mapped to the LDAP Directory. In that
case, apply the fix in the LDAP Directory server.

6 Run the CLI command to validate users again to ensure that there are no more duplicate user ID errors.

Received Duplicate or Invalid Directory URI Error

Problem I received an alarm indicating that there are duplicate or invalid user Directory URIs and I have to
modify the contact information for those users.
Solution Perform the following steps.

1 Use the utils users validate { all | userid | uri } CLI command to generate a list of all users. For more
information about using the CLI, see the Command Line Interface Guide for Cisco Unified Communications
Solutions.
The Directory URI value is entered in the result set and is followed by the list of servers where the duplicate
or invalid Directory URIs are homed. The following sample CLI output shows Directory URI errors
detected during a validation check:
Users with No Directory URI Configured
-----------------------------------------------------
Node Name: cucm-imp-2
User ID
user4

Users with Invalid Directory URI Configured

-----------------------------------------------------
Node Name: cucm-imp-2
User ID Directory URI
user1 asdf@ASDF@asdf@ADSF@cisco

Users with Duplicate Directory URIs

-----------------------------------------------------
Directory URI: [email protected]
Node Name User ID
cucm-imp-1 user4
cucm-imp-2 user3

2 If the same user is assigned to two different clusters, then unassign the user from one of the clusters.
3 If different users on different clusters have the same Directory URI value assigned to them, then rename
the Directory URI value for one of the users to ensure there is no longer any duplication.
4 If the user information is invalid or empty, proceed to correct the user's Directory URI information.
5 You can modify the user records in Cisco Unified Communications Manager using the End User
Configuration window, (User Management > EndUser) to ensure that all users have a valid user ID or
Directory URI value as necessary. For more information, see the Cisco Unified Communications Manager
Administration Guide.

Note The user ID and directory URI fields in the user profile may be mapped to the LDAP Directory. In that
case, apply the fix in the LDAP Directory server.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
254
 Received Duplicate or Invalid Directory URI Error

6 Run the CLI command to validate users again to ensure that there are no more duplicate or invalid Directory
URI errors.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
255
 Received Duplicate or Invalid Directory URI Error

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
256
 CHAPTER 21
Traces Used To Troubleshoot IM and Presence
Service
• Troubleshooting IM and Presence Service Using Trace, page 257
• Common Traces and Log File Locations for IM and Presence Service Nodes, page 258
• IM and Presence Service Login and Authentication Traces, page 259
• Availability, IM, Contact List, and Group Chat Traces, page 259
• Availability and IM Traces for Partitioned Intradomain Federation MOC Contact Issues, page 261
• Availability and IM Traces for XMPP-Based Interdomain Federation Contact Issues, page 261
• Availability and IM Traces for SIP-Based Interdomain Federation Contact Issues, page 262
• Calendaring Traces, page 263
• Intercluster Synchronization Traces and Inter-Clustering Troubleshooter, page 263
• SIP Federation Traces, page 264
• XMPP Federation Traces, page 264
• High CPU and Low VM Alert Troubleshooting, page 264

Troubleshooting IM and Presence Service Using Trace

You can initiate traces using Cisco Unified IM and Presence Serviceability to help you troubleshoot issues
with your IM and Presence Service deployment. After the traces are enabled, you can use either the Real-Time
Monitoring Tool (RTMT) or the command line interface (CLI) to access the trace log files.
For instructions on using Serviceability traces for IM and Presence Service, see the Cisco Unified Serviceability
Administration Guide. For more information about installing and using the RTMT, see the Cisco Unified
Real-Time Monitoring Tool Administration Guide. For information about using CLI commands such as file
list and file get to access trace log files, see the Command Line Interface Guide for Cisco Unified
Communications Solutions.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
257
 Common Traces and Log File Locations for IM and Presence Service Nodes

Tip Use only SFTP servers for file transfers using CLI commands such as file get.

Common Traces and Log File Locations for IM and Presence Service Nodes
The following table lists common traces that you can perform on your IM and Presence Service node and the
resulting log files. You can view the trace log files using the Real-Time Monitoring Tool (RTMT) or using
command line interface (CLI) commands such as file list and file get. Use only SFTP servers for file transfers
using CLI commands such as file get. For more information about installing and using the RTMT, see the
Cisco Unified Real-Time Monitoring Tool Administration Guide. For information about using CLI commands
to access trace log files, see the Command Line Interface Guide for Cisco Unified Communications Solutions.

Table 27: Common Traces and Trace Log Files for IM and Presence Service Nodes

Service Trace Log Filename

Cisco AXL Web Service /tomcat/logs/axl/log4j/axl.log

Cisco Intercluster Sync Agent /epas/trace/epassa/log4j/icSyncAgent.log

Cisco Presence Engine /epas/trace/epe/sdi/epe.txt

Cisco SIP Proxy /epas/trace/esp/sdi/esp.txt

Cisco Syslog Agent /cm/trace/syslogmib/sdi/syslogmib.txt

Cisco Tomcat Security Log /tomcat/logs/security/log4/security*.log

Cisco XCP Authentication /epas/trace/xcp/log/auth-svc-1*.log

Service

Cisco XCP Client Connection /epas/trace/xcp/log/client-cm-1*.log

Manager

Cisco XCP Config Manager /epas/trace/xcpconfigmgr/log4j/xcpconfigmgr.log

Cisco XCP Connection /epas/trace/xcp/log/xmpp-cm-4*.log

Manager

Cisco XCP Router /epas/trace/xcp/log/rtr-jsm-1*.log

Cisco XCP SIP Federation /epas/trace/xcp/log/sip-cm-3*.log

Connection Manager

Cisco XCP Text Conferencing /epas/trace/xcp/log/txt-conf-1*.log

Manager

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
258
 IM and Presence Service Login and Authentication Traces

Service Trace Log Filename

Cisco XCP XMPP Federation /epas/trace/xcp/log/xmpp-cm-4*.log
Connection Manager

Cluster Manager /platform/log/clustermgr*

Client Profile Agent (CPA) /tomcat/logs/epassoap/log4j/EPASSoap*.log

dbmon /cm/trace/dbl/sdi/dbmon*.txt

IM and Presence Service Login and Authentication Traces

If IM and Presence Service users experience issues signing into their client software, you can run traces on
the IM and Presence Service node on which the user is provisioned. The following table lists the services to
trace. You can view the trace log files using the Real-Time Monitoring Tool (RTMT) or using command line
interface (CLI) commands such as file list and file get. Use only SFTP servers for file transfers using CLI
commands such as file get. For more information about installing and using the RTMT, see the Cisco Unified
Real-Time Monitoring Tool Administration Guide. For information about using CLI commands to access
trace log files, see the Command Line Interface Guide for Cisco Unified Communications Solutions.

Note If you enable Debug Logging for the Cisco XCP Router service, then this may lead to increased CPU
usage and longer login times.

Table 28: Traces Used to Investigate Login and Authentication Issues

Service Trace Log Filename

Cisco Client Profile Agent (CPA) /tomcat/logs/epassoap/log4j/EPASSoap*.log

Cisco XCP Connection Manager /epas/trace/xcp/log/client-cm-1*.log

Cisco XCP Router /epas/trace/xcp/log/rtr-jsm-1*.log

Cisco XCP Authentication Service /epas/trace/xcp/logs/auth-svc-1*.log

Cisco Tomcat Security Logs /tomcat/logs/security/log4/security*.log

Availability, IM, Contact List, and Group Chat Traces

You can run traces to troubleshoot Availability, IM, contact list, and group chat issues for your IM and Presence
Service deployment.
The following table lists the recommended services to trace for commonly encountered issues.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
259
 Availability, IM, Contact List, and Group Chat Traces

Table 29: Recommended Traces for Availability, IM, Contact List, and Group Chat Issues

Issue/Solution Services
End user has no availability status displayed or incorrect
availability status for some or all of their contacts. • Cisco XCP Connection Manager

Perform traces for the listed services on the IM and Presence • Cisco XCP Router
Service node on which the end users and contacts are • Cisco Presence Engine
provisioned.

End user has issues with their self availability status, including
on-the-phone or meeting status. • Cisco XCP Connection Manager

Perform traces for the listed services on the IM and Presence • Cisco XCP Router
Service node on which the end user is provisioned. • Cisco Presence Engine

End user has issues sending or receiving instant messages.

• Cisco XCP Connection Manager
Perform traces for the listed services on the IM and Presence
Service nodes on which the sender and recipient are • Cisco XCP Router
provisioned.

End user is experiencing any of the following issues:

• Cisco XCP Connection Manager
• Difficulty creating or joining a chat room.
• Cisco XCP Router
• Chat room messages are not being delivered to all
• Cisco XCP Text Conferencing
members.
Manager
• Any other issues with the chat room.

Perform traces for the listed services on the IM and Presence

Service node on which the chat room members are provisioned.

The node on which the chat room that is experiencing

difficulties is hosted and the node on which the creator is • Cisco XCP Text Conferencing
Manager
provisioned are not the same.
Perform an initial trace analysis to determine which node hosted • Cisco XCP Router
the chat room. Then perform traces for the following services
on the IM and Presence Service node that hosted the chat room.

After the traces are complete, you can view the trace log files using the Real-Time Monitoring Tool (RTMT)
or using command line interface (CLI) commands such as file list and file get. Use only SFTP servers for file
transfers using CLI commands such as file get. For more information about installing and using the RTMT,
see the Cisco Unified Real-Time Monitoring Tool Administration Guide. For information about using CLI
commands to access trace log files, see the Command Line Interface Guide for Cisco Unified Communications
Solutions.
• Cisco Presence Engine: /epas/trace/epe/sdi/epe*.txt
• Cisco XCP Connection Manager: /epas/trace/xcp/log/client-cm-1*.log.gz

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
260
 Availability and IM Traces for Partitioned Intradomain Federation MOC Contact Issues

• Cisco XCP Router: /epas/trace/xcp/log/rtr-jsm-1*.log

• Cisco XCP Text Conferencing Manager: /epas/trace/xcp/log/txt-conf-1*.log

Availability and IM Traces for Partitioned Intradomain Federation MOC Contact

Issues
If the local IM and Presence Service user is unable to exchange availability or instant messages with an
intradomain Microsoft Office Communicator (MOC) contact, you can run traces on the IM and Presence
Service node on which the local user is provisioned. The following table lists the services to trace. You can
view the trace log files using the Real-Time Monitoring Tool (RTMT) or using command line interface (CLI)
commands such as file list and file get. Use only SFTP servers for file transfers using CLI commands such
as file get. For more information about installing and using the RTMT, see the Cisco Unified Real-Time
Monitoring Tool Administration Guide. For information about using CLI commands to access trace log files,
see the Command Line Interface Guide for Cisco Unified Communications Solutions.

Table 30: Traces Used to Investigate Availability and IM Issues with Partitioned Intradomain Federation MOC Contacts

Services Trace Log Filename

Cisco XCP Router /epas/trace/xcp/log/rtr-jsm-1*.log

Cisco XCP SIP Federation Connection Manager /epas/trace/xcp/log/sip-cm-3*.log

Cisco SIP Proxy /epas/trace/esp/sdi/esp.txt

Cisco Presence Engine /epas/trace/epe/sdi/epe.txt

Note Cisco SIP Proxy debug logging is required to see the sip message exchange.

Availability and IM Traces for XMPP-Based Interdomain Federation Contact

Issues
If the local IM and Presence Service user is unable to exchange availability status or instant messages with
an interdomain federation contact, you can run traces on the IM and Presence Service node on which the local
user is provisioned. The following table lists the services to trace. You can view the trace log files using the
Real-Time Monitoring Tool (RTMT) or using command line interface (CLI) commands such as file list and
file get. Use only SFTP servers for file transfers using CLI commands such as file get. For more information
about installing and using the RTMT, see the Cisco Unified Real-Time Monitoring Tool Administration Guide.
For information about using CLI commands to access trace log files, see the Command Line Interface Guide
for Cisco Unified Communications Solutions.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
261
 Availability and IM Traces for SIP-Based Interdomain Federation Contact Issues

Table 31: Traces Used to Investigate Availability and IM Issues for XMPP-based Interdomain Federation Contacts

Services Trace Log Filename

Cisco XCP Connection Manager /epas/trace/xcp/log/client-cm-1*.log

Cisco XCP Router /epas/trace/xcp/log/rtr-jsm-1*.log

Cisco Presence Engine /epas/trace/epe/sdi/epe*.txt

Cisco XCP XMPP Federation /epas/trace/xcp/log/xmpp-cm-4*.log

Connection Manager
Perform this trace on each IM and
Presence Service node on which XMPP
federation is enabled.

Availability and IM Traces for SIP-Based Interdomain Federation Contact

Issues
If the local IM and Presence Service user is unable to exchange availability status or instant messages with
an interdomain federation contact, you can run traces on the IM and Presence Service node on which the local
user is provisioned. The following table lists the services to trace. You can view the trace log files using the
Real-Time Monitoring Tool (RTMT) or using command line interface (CLI) commands such as file list and
file get. Use only SFTP servers for file transfers using CLI commands such as file get. For more information
about installing and using the RTMT, see the Cisco Unified Real-Time Monitoring Tool Administration Guide.
For information about using CLI commands to access trace log files, see the Command Line Interface Guide
for Cisco Unified Communications Solutions.

Table 32: Traces Used to Investigate Availability and IM Issues for XMPP-based Interdomain Federation Contacts

Services Trace Log Filename

Cisco XCP Connection Manager /epas/trace/xcp/log/xmpp-cm-4*.log

Cisco XCP Router /epas/trace/xcp/log/rtr-jsm-1*.log

Cisco Presence Engine /epas/trace/epe/sdi/epe.txt

Cisco SIP Proxy /epas/trace/esp/sdi/esp.txt

Cisco XCP SIP Federation Connection Manager /epas/trace/xcp/log/sip-cm-3*.log

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
262
 Calendaring Traces

Calendaring Traces
You can run traces to troubleshoot calendaring issues for your IM and Presence Service deployment. The
following table lists the service to trace.
After the trace is complete, you can view the resulting log file using the Real-Time Monitoring Tool (RTMT)
and filter your search in the resulting Cisco Presence Engine log file. Look for instances of “.owa.” and "“.ews.”.
You can also use command line interface (CLI) commands such as file list and file get to view the log file
results. Use only SFTP servers for file transfers using CLI commands such as file get. For more information
about installing and using the RTMT, see the Cisco Unified Real-Time Monitoring Tool Administration Guide.
For information about using CLI commands to access trace log files, see the Command Line Interface Guide
for Cisco Unified Communications Solutions

Table 33: Trace Used to Investigate Calendaring Issues

Service Trace Log Filename

Cisco Presence Engine /epas/trace/epe/sdi/epe*.txt

Intercluster Synchronization Traces and Inter-Clustering Troubleshooter

If an IM and Presence Service node generates alerts that indicate there are intercluster synchronization issues
with another node in your deployment, you can run traces on the nodes that are not synchronizing to diagnose
the issue. After the traces are complete, you can view the resulting log files using the Real-Time Monitoring
Tool (RTMT) or using command line interface (CLI) commands such as file list and file get. Use only SFTP
servers for file transfers using CLI commands such as file get. For more information about installing and
using the RTMT, see the Cisco Unified Real-Time Monitoring Tool Administration Guide. For information
about using CLI commands to access trace log files, see the Command Line Interface Guide for Cisco Unified
Communications Solutions.
You can also check for synchronization errors using the Cisco Unified CM IM and Presence Administration
GUI when you select Diagnostics > System Troubleshooter and navigate to Inter-Clustering Troubleshooter.
You can capture a screen snap of the page.
The following table lists the services to trace for intercluster synchronization issues. Perform traces for the
listed services on each IM and Presence Service node that is experiencing intercluster synchronization issues.

Table 34: Traces Used to Investigate Intercluster Sycnronization Issues Between Nodes

Service Trace Log Filename

Cisco Intercluster Sync Agent /epas/trace/epassa/log4j/icSyncAgent*.log

Cisco AXL Web Service /tomcat/logs/axl/log4j/axl*.log

Cisco Tomcat Security Log /tomcat/logs/security/log4j/security*.log

Cisco Syslog Agent /cm/trace/syslogmib/sdi/syslogmib*.txt

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
263
 SIP Federation Traces

SIP Federation Traces

You can run traces to troubleshoot SIP federation issues for your IM and Presence Service deployment. The
following table lists the services to trace.
After the traces are complete, you can view the resulting log files using the Real-Time Monitoring Tool
(RTMT) or using command line interface (CLI) commands such as file list and file get. Use only SFTP servers
for file transfers using CLI commands such as file get. For more information about installing and using the
RTMT, see the Cisco Unified Real-Time Monitoring Tool Administration Guide. For information about using
CLI commands to access trace log files, see the Command Line Interface Guide for Cisco Unified
Communications Solutions.

Table 35: Traces Used to Investigate Login and Authentication Issues

Service Trace Log Filename

Cisco SIP Proxy /epas/trace/esp/sdi/esp*.txt

Cisco XCP Router /epas/trace/xcp/log/rtr-jsm-1*.log

Cisco XCP SIP Federation Connection Manager /epas/trace/xcp/log/sip-cm-3*.log

XMPP Federation Traces

You can run traces to troubleshoot XMPP federation issues on your IM and Presence Service deployment.
The following table lists the services to trace.
After the traces are complete, you can view the resulting log files using the Real-Time Monitoring Tool
(RTMT) or using command line interface (CLI) commands such as file list and file get. Use only SFTP servers
for file transfers using CLI commands such as file get. For more information about installing and using the
RTMT, see the Cisco Unified Real-Time Monitoring Tool Administration Guide. For information about using
CLI commands to access trace log files, see the Command Line Interface Guide for Cisco Unified
Communications Solutions.

Table 36: Traces Used to Investigate XMPP Federation Issues

Service Trace Log Filename

Cisco XCP Router /epas/trace/xcp/log/rtr-jsm-1*.log

Cisco XCP XMPP Federation Connection Manager /epas/trace/xcp/log/xmpp-cm-4*.log

High CPU and Low VM Alert Troubleshooting

If an IM and Presence Service node is generating high CPU or low VM availability alerts, you can collect
information from the node using the Command Line Interface (CLI) to help troubleshoot the cause. You can

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
264
 High CPU and Low VM Alert Troubleshooting

also run traces on related services on the node, and then view the resulting log files using the Real-Time
Monitoring Tool (RTMT). For more information about installing and using the RTMT, see the Cisco Unified
Real-Time Monitoring Tool Administration Guide. For information about using CLI commands, see the
Command Line Interface Guide for Cisco Unified Communications Solutions.
You can also setup Cisco Unified IM and Presence Serviceability alarms to provide information about runtime
status and the state of the system to local system logs. IM and Presence Service writes system errors in the
Application Logs that you view using the SysLog Viewer in RTMT. For more information about setting up
syslog alarms for a service, see the Cisco Unified Serviceability Administration Guide. For information about
viewing alarm information using the SysLog Viewer, see the Cisco Unified Real-Time Monitoring Tool
Administration Guide.

Table 37: CLI Commands Used to Investigate High CPU and Low VM Alerts

Solution CLI Command

Use the CLI to run the following commands on the show process using-most cpu
node.
show process using-most memory

utils dbreplication runtimestate

utils service list

Use the CLI to collect all RIS (Real-time file get activelog cm/log/ris/csv
Information Service) performance logs for the node.
Use only SFTP servers for file transfers using file
get.

The following table lists the services to select when you run traces on the IM and Presence Service node to
investigate high CPU and low VM alerts. Perform traces for the listed services on the IM and Presence Service
node that is generating high CPU or low VM alerts.

Table 38: Traces Used to Investigate High CPU and Low VM Alerts

Services Trace Log Filename

Cisco XCP Router /epas/trace/xcp/log/rtr-jsm-1*.log

Cisco XCP SIP Federation Connection /epas/trace/xcp/log/sip-cm-3*.log

Manager

Cisco SIP Proxy /epas/trace/esp/sdi/esp*.txt

Cisco Presence Engine /epas/trace/epe/sdi/epe*.txt

Cisco Tomcat Security Log /tomcat/logs/security/log4/security*.log

Cisco Syslog Agent /cm/trace/syslogmib/sdi/syslogmib*.txt

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
265
 High CPU and Low VM Alert Troubleshooting

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
266
 APPENDIX A
High Availability Client Login Profiles
• High Availability Login Profiles, page 267
• 500 Users Full UC (1vCPU 700MHz 2GB) Active/Active Profile, page 269
• 500 Users Full UC (1vCPU 700MHz 2GB) Active/Standby Profile, page 270
• 1000 Users Full UC (1vCPU 1500MHz 2GB) Active/Active Profile, page 270
• 1000 Users Full UC (1vCPU 1500MHz 2GB) Active/Standby Profile, page 270
• 2000 Users Full UC (1vCPU 1500Mhz 4GB) Active/Active Profile, page 271
• 2000 Users Full UC (1vCPU 1500Mhz 4GB) Active/Standby Profile, page 271
• 5000 Users Full UC (4 GB 2vCPU) Active/Active Profile, page 272
• 5000 Users Full UC (4 GB 2vCPU) Active/Standby Profile, page 272
• 15000 Users Full UC (4 vCPU 8GB) Active/Active Profile, page 273
• 15000 Users Full UC (4 vCPU 8GB) Active/Standby Profile, page 274
• 25000 Users Full UC (6 vCPU 16GB) Active/Active Profile, page 275
• 25000 Users Full UC (6 vCPU 16GB) Active/Standby Profile, page 276

High Availability Login Profiles

Important Notes About High Availability Login Profiles

• You can use the High Availability login profile tables in this section to configure the upper and lower
client re-login values for your presence redundancy group. You configure the upper and lower client
login values by choosing Cisco Unified CM IM and Presence Administration > System > Service
Parameters, and choosing Cisco Server Recovery Manager from the Service menu.
• If Debug Logging is enabled for the Cisco XCP Router service, then you should expect increased CPU
usage and a decrease in the currently supported logging levels for IM and Presence Service.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
267
 High Availability Client Login Profiles
Use High Availability Login Profile Tables

• By configuring the upper and lower client re-login limits on your presence redundancy group based on
the tables we provide here, you can avoid performance issues and high CPU spikes in your deployment.
• We provide a High Availability login profile for each IM and Presence Service node memory size, and
for each High Availability deployment type, active/active or active/standby.
• The High Availability login profile tables are calculated based on the following inputs:
◦The lower client re-login limit is based on the Server Recovery Manager service parameter "Critical
Service Down Delay", for which the default is 90 seconds. If the Critical Service Down Delay is
changed then the lower limit must also change.
◦The total number of users in the presence redundancy group for Active/Standby deployments, or
the node with highest number of users for Active/Active deployments.

• You must configure the upper and lower client re-login limit values on both nodes in a presence
redundancy group. You must manually configure all these values on both nodes in the presence
redundancy group.
• The upper and lower client re-login limit values must be the same on each node in the presence redundancy
group.
• If you rebalance your users, you must reconfigure the upper and lower client re-login limit values based
on the High Availability login profile tables.

Use High Availability Login Profile Tables

Use the High Availability login profile tables to retrieve the following values:
• Client Re-Login Lower Limit service parameter value
• Client Re-Login Upper Limit service parameter value.

Procedure

Step 1 Choose a profile table based on your virtual hardware configuration, and your High Availability deployment
type.
Step 2 In the profile table, choose the number of users in your deployment (round up to the nearest value). If you
have an active/standby deployment, use the node with the highest number of users.
Step 3 Based on the Number of Users value for your presence redundancy group, retrieve the corresponding lower
and upper retry limits in the profile table.
Step 4 Configure the lower and upper retry limits on IM and Presence Service by choosing Cisco Unified CM IM
and Presence Administration > System > Service Parameters, and choosing Cisco Server Recovery
Manager from the Service menu.
Step 5 Check the Critical Service Down Delay value by choosing Cisco Unified CM IM and Presence
Administration > System > Service Parameters and choosing Cisco Server Recovery Manager from the
Service Menu. The default value is 90 seconds. The lower retry limit should be set to this value.

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
268
 High Availability Client Login Profiles
Example High Availability Login Configurations

Example High Availability Login Configurations

Example 1: 15000 Users Full UC Profile - active/active deployment
You have 3000 users in your presence redundancy group, with 2000 users on one node, and 1000 users on
the second node. For an unbalanced active/active deployment, Cisco recommends you use the node with the
highest number of users, in this case the node with 2000 users. Using the 15000 users full US (4 vCPU 8GB)
active/active profile, you retrieve these lower and upper retry values:

Expected Number of Active Users Lower Retry Limit Upper Retry Limit

2000 120 253

Note The upper retry limit is the approximate time (seconds) it takes for all clients to login to their backup node
after a failover occurs.

Note The lower limit of 120 assumes the Critical Service Down Delay service parameter is set to 120.

Example 2: 5000 Users Full UC Profile - active/active deployment

You have 4700 users on each node in your presence redundancy group . Cisco recommends that you round
up to the nearest value, so using the 5000 users full US (4 vCPU 8GB) active/active profile you retrieve the
lower and upper retry value based on a number of users value of 5000:

Expected Number of Active Users Lower Retry Limit Upper Retry Limit

5000 120 953

500 Users Full UC (1vCPU 700MHz 2GB) Active/Active Profile

Table 39: User Login Retry Limits for Standard Deployment (500 Users Full UC Active/Active)

Expected Number of Active Lower Retry Limit Upper Retry Limit

Users
Full UC
100 120 187

250 120 287

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
269
 High Availability Client Login Profiles
500 Users Full UC (1vCPU 700MHz 2GB) Active/Standby Profile

500 Users Full UC (1vCPU 700MHz 2GB) Active/Standby Profile

Table 40: User Login Retry Limits for Standard Deployment (500 Users Full UC Active/Standby)

Expected Number of Active Lower Retry Limit Upper Retry Limit

Users
Full UC
100 120 187

250 120 287

500 120 453

1000 Users Full UC (1vCPU 1500MHz 2GB) Active/Active Profile

Table 41: User Login Retry Limits for Standard Deployment (1000 Users Full UC Active/Active)

Expected Number of Active Lower Retry Limit Upper Retry Limit

Users
Full UC
100 120 153

250 120 203

500 120 287

1000 Users Full UC (1vCPU 1500MHz 2GB) Active/Standby Profile

Table 42: User Login Retry Limits for Standard Deployment (1000 Users Full UC Active/Standby)

Expected Number of Active Lower Retry Limit Upper Retry Limit

Users
Full UC
100 120 153

250 120 203

500 120 287

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
270
 High Availability Client Login Profiles
2000 Users Full UC (1vCPU 1500Mhz 4GB) Active/Active Profile

Expected Number of Active Lower Retry Limit Upper Retry Limit

Users
750 120 370

1000 120 453

2000 Users Full UC (1vCPU 1500Mhz 4GB) Active/Active Profile

Table 43: User Login Retry Limits for Standard Deployment (2000 Users Full UC Active/Active)

Expected Number of Active Lower Retry Limit Upper Retry Limit

Users
Full UC
100 120 153

500 120 287

1000 120 453

2000 Users Full UC (1vCPU 1500Mhz 4GB) Active/Standby Profile

Table 44: User Login Retry Limits for Standard Deployment (2000 Users Full UC Active/Standby)

Expected Number of Active Lower Retry Limit Upper Retry Limit

Users
Full UC
100 120 153

250 120 203

500 120 287

750 120 370

1000 120 453

1250 120 537

1500 120 620

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
271
 High Availability Client Login Profiles
5000 Users Full UC (4 GB 2vCPU) Active/Active Profile

Expected Number of Active Lower Retry Limit Upper Retry Limit

Users
1750 120 703

2000 120 787

5000 Users Full UC (4 GB 2vCPU) Active/Active Profile

Table 45: User Login Retry Limits for Standard Deployment (5000 Users Full UC Active/Active)

Expected Number of Active Lower Retry Limit Upper Retry Limit

Users
Full UC
100 120 137

500 120 203

1000 120 287

1500 120 370

2000 120 453

2500 120 537

5000 Users Full UC (4 GB 2vCPU) Active/Standby Profile

Table 46: User Login Retry Limits for Standard Deployment (5000 Users Full UC Active/Standby)

Expected Number of Active Lower Retry Limit Upper Retry Limit

Users
Full UC
100 120 137

500 120 203

1000 120 287

1500 120 370

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
272
 High Availability Client Login Profiles
15000 Users Full UC (4 vCPU 8GB) Active/Active Profile

Expected Number of Active Lower Retry Limit Upper Retry Limit

Users
2000 120 453

2500 120 537

3000 120 620

3500 120 703

4000 120 787

4500 120 870

5000 120 953

15000 Users Full UC (4 vCPU 8GB) Active/Active Profile

Attention To achieve maximum client login throughput on a 15000 user system, Cisco recommends a
minimum of 2.5GHz CPU clock speed.
Table 47: User Login Retry Limits for Standard Deployment (15000 Users Full UC Active/Active)

Expected Number of Active Lower Retry Limit Upper Retry Limit

Users
Full UC
100 120 127

500 120 153

1000 120 187

1500 120 220

2000 120 253

2500 120 287

3000 120 320

3500 120 353

4000 120 387

4500 120 420

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
273
 High Availability Client Login Profiles
15000 Users Full UC (4 vCPU 8GB) Active/Standby Profile

Expected Number of Active Lower Retry Limit Upper Retry Limit

Users
5000 120 453

6000 120 520

7000 120 587

7500 120 620

15000 Users Full UC (4 vCPU 8GB) Active/Standby Profile

Attention To achieve maximum client login throughput on a 15000 user system, Cisco recommends a
minimum of 2.5GHz CPU clock speed.
Table 48: User Login Retry Limits for Standard Deployment (15000 Users Full UC Active/Standby)

Expected Number of Active Lower Retry Limit Upper Retry Limit

Users
Full UC
100 120 127

500 120 153

1000 120 187

1500 120 220

2000 120 253

2500 120 287

3000 120 320

3500 120 353

4000 120 387

4500 120 420

5000 120 453

6000 120 520

7000 120 587

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
274
 High Availability Client Login Profiles
25000 Users Full UC (6 vCPU 16GB) Active/Active Profile

Expected Number of Active Lower Retry Limit Upper Retry Limit

Users
8000 120 653

9000 120 720

10000 120 787

11000 120 853

12000 120 920

13000 120 987

14000 120 1053

15000 120 1120

25000 Users Full UC (6 vCPU 16GB) Active/Active Profile

Attention To achieve maximum client login throughput on a 25000 user system, Cisco recommends a minimum of
2.8GHz CPU clock speed.

Table 49: Login rates for active /active profiles: 9 uses 45% CPU

Expected Number of Active Users Lower Retry Limit Upper Retry Limit
100 120 131

500 120 176

1000 120 231

1500 120 287

2000 120 342

2500 120 398

3000 120 453

3500 120 509

4000 120 564

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
275
 High Availability Client Login Profiles
25000 Users Full UC (6 vCPU 16GB) Active/Standby Profile

Expected Number of Active Users Lower Retry Limit Upper Retry Limit
4500 120 620

5000 120 676

6000 120 787

7000 120 898

7500 120 953

8000 120 1009

9000 120 1120

10000 120 1231

11000 120 1342

12000 120 1453

12500 120 1509

25000 Users Full UC (6 vCPU 16GB) Active/Standby Profile

Attention To achieve maximum client login throughput on a 25000 user system, Cisco recommends a minimum of
2.8GHz CPU clock speed.

Table 50: Login rates for active /standby profiles: 16 uses 80% CPU

Expected number of Active Users Lower Retry Limit Upper Retry Limit
100 120 126

500 120 151

1000 120 183

1500 120 214

2000 120 245

2500 120 276

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
276
High Availability Client Login Profiles
25000 Users Full UC (6 vCPU 16GB) Active/Standby Profile

Expected number of Active Users Lower Retry Limit Upper Retry Limit
3000 120 308

3500 120 339

4000 120 370

4500 120 401

5000 120 433

6000 120 495

7000 120 558

8000 120 620

9000 120 683

10000 120 745

11000 120 808

12000 120 870

13000 120 933

14000 120 995

15000 120 1058

16000 120 1120

17000 120 1183

18000 120 1245

19000 120 1308

20000 120 1370

21000 120 1433

22000 120 1495

23000 120 1558

24000 120 1620

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
277
 High Availability Client Login Profiles
25000 Users Full UC (6 vCPU 16GB) Active/Standby Profile

Expected number of Active Users Lower Retry Limit Upper Retry Limit
25000 120 1683

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
278
 APPENDIX B
XMPP Standards Compliance
• XMPP Standards Compliance, page 279

XMPP Standards Compliance

The IM and Presence Service is compliant with the following XMPP standards:
• RFC 3920 Extensible Messaging and Presence Protocol (XMPP): Core RFC 3921 Extensible Messaging
and Presence Protocol (XMPP): Instant Messaging and Presence
◦XEP-0004 Data Forms
◦XEP-0012 Last Activity
◦XEP-0013 Flexible Offline Message Retrieval
◦XEP-0016 Privacy Lists
◦XEP-0030 Service Discovery
◦XEP-0045 Multi-User Chat
◦XEP-0054 Vcard-temp
◦XEP-0055 Jabber Search
◦XEP-0060 Publish-Subscribe
◦XEP-0065 SOCKS5 Bystreams
◦XEP-0066 Out of Band Data Archive OOB requests
◦XEP-0068 Field Standardization for Data Forms
◦XEP-0071 XHTML-IM
◦XEP-0082 XMPP Date and Time Profiles
◦XEP-0092 Software Version
◦XEP-0106 JID Escaping
◦XEP-0114 Jabber Component Protocol

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager, Release
11.5(1)
279
 XMPP Standards Compliance
XMPP Standards Compliance

◦XEP-0115 Entity Capabilities

◦XEP-0124 Bidirectional Streams over Synchronous HTTP (BOSH)
◦XEP-0126 Invisibility
◦XEP-0128 Service Discovery Extensions
◦XEP-0160 Best Practices for Handling Offline Messages
◦XEP-0163 Personal Eventing Via PubSub
◦XEP-0170 Recommended Order of Stream Feature Negotiation
◦XEP-0178 Best Practices for Use of SASL EXTERNAL
◦XEP-0220 Server Dialback
◦XEP-0273 SIFT (Stanza Interception and Filtering Technology)

Configuration and Administration of IM and Presence Service on Cisco Unified Communications Manager,
Release 11.5(1)
280