Cisco Instant Connect Component Considerations · † Integrating Cisco Instant Connect with Cisco...

Solution Reference Network Desi

C H A P T E R 2
Cisco Instant Connect Component Considerations
This chapter provides information about various components and features that can be part of a Cisco Instant Connect solution. This information will help you to understand how these items interoperate in a Cisco Instant Connect deployment.

This chapter includes these topics:

• Deployment Overview, page 2-2

• System Requirements, page 2-3

• Server Scalability and Redundancy, page 2-3

• Media Resource Planning, page 2-4

• Virtual Talk Groups, page 2-4

• Media Security, page 2-15

• Media Resource Allocation for the Dial Engine, page 2-15

• Fixed Connections, page 2-15

• Notifications, page 2-16

• Location Server, page 2-19

• Cisco VCS Expressway Configuration, page 2-19

• Cisco Spark Integration, page 2-32

• Integrating Cisco Instant Connect with Cisco UCCX, page 2-33

• Dial Connect, page 2-37

• Wireless Network Configurations, page 2-38

• Text to Speech, page 2-38

• Cisco Instant Connect for Android Devices and Cisco Instant Connect for Apple Devices, page 2-43

• Cisco Unified IP Phones, page 2-45

• Port Usage, page 2-45

• Zabbix Support, page 2-47

2-1gn (SRND) for Cisco Instant Connect, Release 5.0(2)

Chapter 2 Cisco Instant Connect Component ConsiderationsDeployment Overview

Deployment OverviewFigure 2-1 shows an overview of a Cisco Instant Connect deployment.

Figure 2-1 Cisco Instant Connect Deployment

2-2Solution Reference Network Design (SRND) for Cisco Instant Connect, Release 5.0(2)

Chapter 2 Cisco Instant Connect Component ConsiderationsSystem Requirements

System RequirementsTable 2-1 provides information about system requirements for each of the Cisco Instant Connect installation types. For more information about installation types, see Cisco Instant Connect Installation Guide.

Server Scalability and RedundancyCisco Instant Connect provides the ability to cluster servers to achieve redundancy, optimization, resiliency, and location affinity and proximity. Configuring Cisco Instant Connect, UMS, and load balancing explained in Cisco Instant Connect Administration Guide.

The Cisco Instant Connect architecture in some deployment types separates the Cisco Instant Connect application from the database server. This approach allows scaling up of UMS servers to support hundreds of nodes to avoid a single point of failure. Clients connect to a virtual IP node that is connected to multiple Cisco Instant Connect server nodes for authentication and UMS resource allocation.

Table 2-1 System Requirements for Cisco Instant Connect Installation Types

Installation Type and Component vCPU RAM Disk

Portable installation

Cisco Instant Connect databases and related services are installed on the same VM server.

Each VM 2 2 GB 60 GB

Small installation

Cisco Instant Connect databases and related services are installed on the same VM server.

Cisco Instant Connect server 4 4 GB 60 GB

UMS 4 4 GB 60 GB

Notifier 4 4 GB 60 GB

Reporter 8 4 GB 240 GB

Cluster installation

Cisco Instant Connect databases are installed on one or two VM servers and the related services are installed on three separate VM servers.

Cisco Instant Connect server 4 16 GB 60 GB

Database server 12 24 GB 450 GB

Load balancer 4 4 GB 60 GB

UMS 4 4 GB 60 GB

Notifier 4 4 GB 60 GB

Reporter 8 4 GB 240 GB

Location 4 4 GB 240 GB

Zabbix 4 4 GB 60 GB

RCS 4 4 GB 60 GB


Chapter 2 Cisco Instant Connect Component ConsiderationsMedia Resource Planning

The UMS resource allocation strategy is based on a preferred location for each user in the system. In a large deployment, UMSs can be in geographically disparate locations. By default the least used UMS is selected to patch a user to a channel or talkline, irrespective of how far is it located from the user. However, this approach can add delay in voice traffic flow, which can cause a sub-optimal user experience especially in an emergency situation in which delays could be critical. Therefore, Cisco Instant Connect provides the option for users to be connected to a UMS that is closer to their physical location.

Media Resource PlanningMedia resource planning is based on the number of users, channels, and talklines that a UMS services.

Each UMS can manage up to 100 concurrent streams. This number may be lower if the UMS is processing voice streams that have disparate codecs. A voice resource is consumed when:

• A user joins a Talkline via a SIP connection

• A channel is added to an active normal, broadcast, or scan VTG

For example, in a scenario that has one scan VTG with three channels and two mobile client users connected to channels 1 and 2:

• Five ports are consumed on the UM: three ports for the channels in the scan VTG and two ports for active mobile client users

• If you deactivate the scan VTG, two ports are consumed on the UMS for the two active mobile clients

• If you reactivate the scan VTG and disconnect one of the clients from the channel, four ports are consumed on the UMS: three ports for channels in the VTG one port for the active mobile client users

In a clustered environment, you can deploy as many UMSs per server as needed.

Virtual Talk GroupsA VTG enables participants on various channels to communicate by using a single multicast address. A VTG contains, in a temporary channel, any combination of the following members:

• Channels

• Channel groups

• Users

• User groups

• Incidents

Types of VTGs are:

• Normal VTG—A VTG with no broadcast or scan capabilities

• Scan VTG—Allows a user to join a talkline with multiple channels (as members) and receive audio on each channel. When transmitting, a scan VTG user has the option to select the PTT button for the VTG and transmit audio to the channel where last audio was received or manually transmit audio on select channel by pressing and individual channel PTT button.

Scan VTG also supports a preferred talkback channel, so a user can receive audio on any of the channels in a scan VTG but talk back only on the preferred channel.


Chapter 2 Cisco Instant Connect Component ConsiderationsVirtual Talk Groups

• Broadcast VTG—Allows dispatchers to transmit audio one way to all users who are subscribed to the VTG. Users can receive but not transmit. If two dispatchers are subscribed to the same VTG, both dispatchers can transmit and receive audio on the VTG. Users can receive audio streams from both dispatchers.

A Cisco Instant Connect administrator creates Cisco Instant Connect channels and assigns a multicast address to each one. The administrator also creates VTGs as needed. When an administrator creates a VTG, the Cisco Instant Connect server automatically allocates to the VTG an available address from the multicast pool. So while VTGs are dynamically assigned addresses from the multicast pool, channels are configured as static addresses that are outside the range of the addresses that are used by VTGs.

A VTG allows communication between endpoints that are assigned different multicast addresses, such as two endpoints that have activated different channels. When a VTG is enabled to facilitate communications between two or more endpoints with different multicast addresses, a UMS must bridge, or mix, the multicast streams of each channel. In this VTG scenario, the Cisco Instant Connect sever allocates a loopback voice port for each channel in the VTG.

For example, assume that a Cisco Instant Connect administrator creates a VTG named Combined and that this VTG includes the Security channel and Facilities channel as members. Also assume that each LMR voice port is statically configured with a multicast address, so that LMR Security users always send to the Security channel, and LMR Facilities users always send to the Facilities channel. To provide communication between the Security channel and the Facilities channel, a UMS must bridge the multicast streams from these channels.

In this example, when a user talks on the Security channel (channel 1), the UMS must bridge that multicast stream to the Facilities channel (channel 2) and to the VTG channel. The UMS must perform similar operations when a user talks on channel 2 or on the VTG channel. See Figure 2-2.

Figure 2-2 VTG Channel Mixing

Cisco Instant Connect Endpoint Scenarios—MulticastWhen a Cisco Instant Connect dispatcher activates the Combined VTG (as shown in Figure 2-2), Cisco Instant Connect configures the UMS to mix the Security, Facilities, and Combined VTG channels. Users who have been added to the VTG will see the new Combined VTG channel on their mobile clients or Cisco Unified IP Phones. LMR endpoints do not have associated users. An LMR channel is statically configured, so an LMR user can send and receive only from the Cisco Instant Connect channel that is



configured with the same multicast address as the LMR channel. An LMR user can communicate only with endpoints that are not using the same channel if the channel of the LMR user is in a VTG with other channels or users.

Figure 2-3 illustrates a scenario in which four users have deactivated their Security or Facilities channels and have activated the Combined VTG channel.

Figure 2-3 Multicast Group Membership

When a user deactivates the Security and Facilities channels and activates the Combined VTG channel, the endpoint sends an Internet Group Management Protocol (IGMP) leave message for the Security and Facilities channels and an IGMP join message for the Combined VTG channel. The LMR voice port channels are statically configured and the VIF will have already joined the configured multicast group. As shown in Figure 2-4, when user A transmits, the system sends the multicast packets via the multicast distribution tree to each endpoint that has joined the combined group, and to the UMS, which mixes the audio and sends it to the channels in the VTG.



Figure 2-4 Transmitting to the VTG Channel

When the UMS receives the traffic over the Combined VTG channel, it mixes this channel with the Security and Facilities channels and forwards the mixed stream to the LMR endpoints, as shown in Figure 2-5.

Figure 2-5 Transmitting VTG Channel to Security and Facilities Channels



When the LMR Facilities user transmits, the only other endpoint that has joined this multicast channel is the UMS. The multicast distribution tree forwards the multicast voice traffic to the UMS, where it is mixed with the Facilities channel and the Combined VTG channel and then forwarded to the other endpoints in the VTG. See Figure 2-6.

Figure 2-6 LMR Multicast Traffic Flow

Figure 2-7 shows User C with two active channels: the Facilities channel and the Combined VTG channel.



Figure 2-7 Traffic Flow with Two Active Channels

Because User C activated two channels (Facilities and the Combined VTG), two multicast groups are joined through IGMP. As a result, when an endpoint in the Combined VTG transmits, User C will receive the transmitted packets twice. (In this case, the duplicate packets can cause audio quality issues. Take care to avoid this scenario.)

If there are no LMR endpoints in a VTG, UMS resources may not be required for the VTG. For example, consider a financial institution with one Cisco Instant Connect channel called Stocks and one channel called Bonds. The users who are associated with the Stocks channel can communicate with each other, and the users who are associated with the Bonds channel can communicate with each other. Figure 2-8 illustrates this scenario.



Figure 2-8 Cisco Instant Connect Scenario with no LMR Endpoints

If a VTG is created that contains users but no channels, UMS resources are not required. The only resource that is required in this case is a multicast channel from the multicast pool. UMS resources are not needed because Cisco Unified IP Phone users, unlike LMR users, are not statically configured for one channel. If users only are placed in the VTG, users will see the VTG on their Cisco Unified IP Phones. When the VTG activates, these endpoints will simply join the VTG multicast channel that is allocated by the Cisco Instant Connect server. See Figure 2-9.



Figure 2-9 VTG with Users Only

You can also avoid consuming UMS resources by creating a new channel and associating all users with that channel, instead of creating a VTG. In this example shown in Figure 2-8, there is a channel called Combined. Users will see two channels on their Cisco Unified IP Phones: the Combined VTG channel, and either the Stocks channel or the Bonds channel.

If you do not want a user (for example, User C) to participate in such a combined VTG channel, you can take either of these actions:

• Create a channel (you could name it Combined) and associate with it all users except User C

• Create a combined VTG with all users except User C

Figure 2-10 illustrates this scenario.



Figure 2-10 Restricting VTG Access

If you create a VTG that includes the Stocks channel, the Bonds channel, and all users except User C, all of the users except User C will see the Combined VTG channel on their Cisco Unified IP Phones. However, because the Stocks channel and the Bonds channel are in the VTG, User C will be able to receive from and transmit to the VTG. See Figure 2-11.

Figure 2-11 Combined VTG with a User Omitted



Cisco Instant Connect Endpoint Scenarios-UnicastFigure 2-12 illustrates a Cisco Instant Connect mobile client connection via WiFi to a router, which allows the mobile client to connect to the UMS via SIP unicast. This scenario is common when a user joins a talkline.

Figure 2-12 Unicast Connection Set Up

Figure 2-13 illustrates signaling messages sent between a UMS and a mobile client to establish a SIP connection.



Figure 2-13 Signaling Flow

Figure 2-14 illustrates a mobile client that has joined a channel as a SIP client. If this channel is a part of a VTG, the voice stream from the mobile client is sent by the UMS to a multicast address. However, because the channel that the mobile client has joined is a part of the VTG, the mobile client continues to send and receive audio.

Figure 2-14 Multicast to Unicast Call Flow


Chapter 2 Cisco Instant Connect Component ConsiderationsMedia Security

Media SecuritySRTP allows encrypted flow of traffic between a client and server and between two clients. This feature prevents anyone from snooping the packet flow between two users and listen in.

Cisco Instant Connect users secure Real Time Protocol (SRTP) between mobile endpoints that run Cisco Instant Connect for Android Devices or Cisco Instant Connect for Apple Devices and the UMS.

The header and the payload of signaling (SIP) and media (RTP) packets are encrypted using SIP/TLS and SDES-SRTP.

By default, SRTP is turned on for UMSs, turned off for mobile clients in deployments that do not use Expressway, and turned on for mobile clients in deployments that use Expressway.

Media Resource Allocation for the Dial EngineWhen a user dials in to the Cisco Instant Connect dial engine, the user accesses the system through a SIP-based (unicast) connection to Cisco UCCX and obtains a media connection to the Cisco Instant Connect Unified Media Server (UMS). When the user joins a channel or VTG, Cisco Instant Connect configures a resource on the UMS to enable a multicast connection from the server to the dial engine. This configuration facilitates a multicast connection between the Cisco Instant Connect server and the selected channel or VTG.

This multicast connection is made one time for a channel or VTG, regardless of the number of dial-in users who select the channel or VTG. When the last dial-in user disconnects from the channel or VTG, the resource is released in the UMS and becomes available for use.

When a dial-in user makes a unicast media connection to the media driver on a Cisco Instant Connect server, the policy engine sends and receives multicast streams as follows:

1. After the dial-in user successfully authenticates and selects a resource, Cisco Instant Connect allocates a UMS resource for the user and allocates a multicast address from the multicast pool. Cisco Instant Connect then performs an Internet Group Management Protocol (IGMP) join operation on the multicast address so that when additional dial-in users select the same resource, the Cisco Instant Connect server can continue to use same the multicast address.

2. When the dial-in user presses 1 on a telephone and begins to talk, Cisco Instant Connect transmits the audio to the multicast address of the selected resources.

3. When the UMS receives the multicast packets, it forwards the packets to the multicast address that has been allocated from the multicast pool. Cisco Instant Connect receives that multicast audio stream and forwards it as a unicast stream to all dial-in users who have selected that resource.

Fixed ConnectionsThe UMS expects special SIP headers such as client ID. The UMS uses this data to report who has called in to the Cisco Instant Connect server. If the headers are missing, the UMS terminates the connection. The Dispatch Console and Cisco Instant Connect mobile apps send these headers, but third party devices do not. To control the UMS behavior for third party devices, enable the Allow Fixed Connection option in the Configuration > Channel Setup > Channels > General tab in the Administration Console.


Chapter 2 Cisco Instant Connect Component ConsiderationsNotifications

NotificationsNotification is the process of Cisco Instant Connect contacting designated recipients and providing them with information that you specify. The information is provided in an alert.You configure notification in Administration Console. You designate the way in which notification is provided by configuring notification actions. Notification types include email, IP phone text, dial, talk group, and dial engine script.

A user can initiate a notification from the Dispatch Console, Cisco Instant Connect for Android Devices, or Cisco Instant Connect for Apple Devices. The notification is sent to the notifier, which then forwards the notification it to the appropriate recipients.

Cisco Instant Connect supports multiple Cisco Unified Communications Managers for notification, which enables text and audio paging to Cisco Unified IP Phone devices that are registered on different Cisco Unified Communications Managers.

The following sections describe following policy engine notification actions that you can configure for Cisco Instant Connect:

• Email Notification Action, page 2-17

• IP Phone Text Notification Action, page 2-17

• Dial Notification Action, page 2-18

• Talk Group Notification Action, page 2-18

Figure 2-1 illustrates the topology of notification.

Figure 2-15 Notification Topology

Alerts may be predefined with the following parameters:

• Type—Message, Invitation, Update

• Priority—Emergency, major minor, alert, information, in this order of precedence



• Subject—Text

• Message body—Text of up to 128 characters

• Acknowledgment—Whether required

• Recipients—Users, user groups, talklines

• Attachments (optional)—URI of an audio file, image file, video file, or camera feed

Email Notification ActionAn email notification action sends a message that you enter to the e-mail, SMS, and pager addresses that are configured as notification preferences for each user that you designate as a recipient. When this type of notification executes, the policy engine sends the message via SMTP to the SMTP server that is configured on the Instant Connect Dial Engine Parameters screen. Email notification recipients can be Cisco Instant Connect users or user groups

IP Phone Text Notification Action An IP phone text notification action displays a designated message on supported Cisco Unified IP Phone models when used with Cisco Unified Communications Manager. The telephone numbers of each phone must be configured as a dial preference for the associated user. This type of notification action requires that you use the Cisco Instant Connect Administration Console to configure parameters in the Cisco Unified Communications Manager Configuration for IP Phone Notifications area in the SIP Configuration menu. For instructions, see Cisco Instant Connect Administration Guide. Recipients of this notification action can be Cisco Instant Connect users or user groups.

When an IP phone text notification action executes, several activities, including the following, occur:

1. Cisco Instant Connect sends an AXL query to the first configured Cisco Unified Communications Manager.

2. Cisco Unified Communications Manager returns the IP address of each device for which a DN is configured.

3. Cisco Instant Connect sends notification via XML to each device for which it receives a valid IP address.

Be aware of the following guidelines:

• The IP phone text notification action requires that the IP phone text notification parameters be configured on the SIP configuration page in the Administration Console.

• Cisco Instant Connect sends each DN in the notification list as a query to each Cisco Unified Communications Manager that is configured for notification.

• The Cisco Unified Communications Manager must be running the Cisco AXL service.

• Each Cisco Unified Communications Manager must be configured in the IP Phone Notification Configuration page with the correct version number, and administrator and phone user name and password. This information is required to validate Cisco Unified Communications Manager and send appropriate AXL queries because the queries are different for various Cisco Unified Communications Manager versions.

• The configured Cisco Unified Communications Managers must be reachable or “Connection Failure” errors result when Cisco Instant Connect attempts to send an AXL query.

• The Cisco Unified Communications Manager should be configured to accept SOAP requests.



• Cisco Unified Communications Manager limits the number of DNs in an AXL query to 200. It truncates requests that contain more than 200 DNs. To accommodate this limit, Cisco Instant Connect sends requests that contain no more than 200 DNs. If Cisco Instant Connect needs more than 200 DNs, it send requests in batches that contain 200 or fewer DN requests.

• Cisco Instant Connect precedes a text notification with an audible tone, which comes from a prerecorded .wav file that is sent to each phone in the recipient list. Cisco Instant Connect requires that an available multicast address be configured in the multicast address pool for each batch of simultaneous broadcasts of the alert audio.

• If Cisco Instant Connect cannot reach a Cisco Unified IP Phone or if notification to a phone fails, Cisco Instant Connect adds the phone to a retry list. When Cisco Instant Connect completes a round of notification to identified phones, it attempts to resend the notification to the phones in the retry list. Cisco Instant Connect attempts notification up to three times (one regular notification attempt and up to two retry notification attempts). Any phones that it cannot reach after these attempts are not notified via IP phone text notification.

• Cisco Instant Connect sends an AXL query to all Cisco Unified Communications Managers in a cluster. If more than one Cisco Unified Communications Manager is configured with phones that register to the same DN, all the phones associated to that DN are notified.

Dial Notification Action The policy engine executes a dial notification action as follows:

• If the Cisco Unified Communications Manager Configuration for IP Phone Notifications parameters are configured in the SIP Configuration menu, Cisco Instant Connect checks whether each designated user has an associated Cisco Unified IP Phone configured in Cisco Unified Communications Manager. If a user does have an associated phone, Cisco Instant Connect plays the designated message on the speaker of the phone.

• If Cisco Unified Communications Manager Configuration for IP Phone Notifications parameters are configured but a user does not have an associated Cisco Unified IP Phone, or if the phone of a user is busy, the system calls the user as specified in the dial preferences and plays the designated message.

• If Cisco Unified Communications Manager Configuration for IP Phone Notifications parameters are not configured, Cisco Instant Connect calls the user as specified in the dial preferences and plays the designated message.

When you create a dial notification action, you can specify a prerecorded prompt or record a new prompt. A prompt should be no more than 90 seconds long.

If you use this action to contact Cisco Unified IP Phones, make sure that at least one multicast address is available in the multicast pool.

For more detailed information, see Cisco Instant Connect Administration Guide.

Talk Group Notification ActionA talk group notification action plays the selected prompt to all participants in the selected VTG.

When you create a talk group notification action, you can specify a prerecorded prompt or record a new prompt. A prompt should be no more than 90 seconds long.


Chapter 2 Cisco Instant Connect Component ConsiderationsLocation Server

Note • When a Talk Group notification executes, the designated message is added to the multicast stream of the VTG. To inform users that a system message is being played, consider starting the message with a statement such as, “This is the Cisco Instant Connect administrator with an important recorded message.”

• A VTG participant who is dialed in through the TUI and who has the floor does not hear the talk group notification message.

Location ServerCisco Instant Connect only uses the location feature to store user locations. The location server uses kairosDB (specialized for time-series data) on top of Cassandra (a non-SQL database) and can obtain and set location information via a RESTful API. The API calls are secured by authenticating the Cisco Instant Connect username and password with the location server and then using the resulting token to make additional API calls to save and retrieve location by GPS coordinates.

A Tiles server provides a map for the GPS coordinates.

Mobile endpoints and the dispatch console display location and location history information.

Cisco VCS Expressway ConfigurationCisco Instant Connect solution uses the Cisco VCS solution to allow voice and video calls and data connections from the public Internet to traverse a firewall and demilitarized zone (DMZ) to connect to an enterprise network without the use of a VPN client.

Two DNS servers needed when Expressway is integrated with Cisco Instant Connect. An internal DNS server is required to resolve the names of hosts within the enterprise network. An external DNS server is required to resolve the names of the Cisco Instant Connect server, UMS, notifier, and location server outside of the enterprise network.

The recommended configuration for expressway includes creating traversal zones and dial rules that are associated to each zone for VCS-Control (VCS_C) servers and VCS-Expressway (VCS_E). Some TCP/UDP ports must be opened in the firewall (the Cisco Adaptive Security Appliance) for packet traversal.

Figure 2-16 for an example of Expressway implementation. Not every element or number of instances of each element is needed in a particular deployment.


Chapter 2 Cisco Instant Connect Component ConsiderationsCisco VCS Expressway Configuration

Figure 2-16 Network Elements

The following sections provide detailed configuration information:

• Network Elements, page 2-20

• Firewall and NAT Configuration, page 2-21

• DNS Mappings, page 2-23

• VCS-C and VCS-E Configuration, page 2-24

• Load Balancer Security Configuration, page 2-28

Network ElementsNetwork elements for an Expressway deployment can include the following:

• Internal secure network elements

– Firewall

– Internal DNS



– High availability (HA) proxy load balancer (LB) server

– One or more Cisco Instant Connect server

– Database server

– One or more UMS server

– Notifier server

– Reporter server

– One or more VCS-C server

– NTP Server

– Cisco Unified Wireless Phones

– Cisco Instant Connect for Apple Devices

– Cisco Instant Connect for Android Devices

• DMZ network elements

– VCS-E

– Reverse Proxy Server

• External unsecure network elements;

– Firewall

– NTP

– External DNS

– Cisco Instant Connect for Apple Devices

– Cisco Instant Connect for Android Devices

Firewall and NAT ConfigurationThe section provides recommended firewall configuration settings for Cisco Instant Connect call traversal between the public Internet and an enterprise or corporate network via a DMZ.

Disable SIP and H.323 ALG if are present in your network.

Recommended Internal Firewall Configuration

Table 2-2 describes recommended internal firewall configuration settings for outbound connections.

Table 2-2 Outbound Connections (Internal Network to DMZ)

Purpose Source DestinationSourcePort

Transport Protocol

Destination Port

Management Management computer

VCS-E 1024 or higher TCP 80/443/22/23

SIP traversal

SIP TLS VCS-C VCS-E 25000 to 29999 TCP Traversal Zone Port as configured (for example, 7001)



Table 2-3 describes recommended internal firewall configuration settings for inbound connections.

Recommended External Firewall Configuration

Table 2-4 describes recommended external firewall configuration settings for inbound connections.

Table 2-5 describes recommended external firewall configuration settings for outbound connections.

SRTP VCS-C VCS-E Configurable UDP 36000

VCS-C VCS-E Configurable UDP 36001

ICE is Enables on VCS Control and VCS Expressway is used as the TURN server

TURN control VCS-C VCS-E 1024 or higher UDP 3478

Table 2-2 Outbound Connections (Internal Network to DMZ) (continued)


Transport Protocol

Destination Port

Table 2-3 Inbound Connections (DMZ to Internal Network)


Transport Protocol

Destination Port

NTP VCS-E Local NTP server

123 UDP 123

Reverse proxy HAProxy Cisco Instant Connect server

1024 or higher TCP 80/443

Reverse proxy HAProxy Notifier 1024 or higher TCP 1883/555

Reverse proxy HAProxy Location server 1024 or higher UDP 443

Table 2-4 Inbound Connections (Internet to DMZ)


Transport Protocol

Destination Port

Reverse proxy Endpoint HAProxy 1024 or higher TCP 80/443/1883/5555

SIP endpoint calling using TLS

SIP TLS Endpoint VCS-E 1024 or higher TCP 5061

SRTP and SRTCP

Endpoint VCS-E 1024 or higher UDP 36002 to 59999

(configurable)

TURN control Endpoint VCS-E 1024 or higher UDP 3478

TURN media Endpoint VCS-E 1024 or higher UDP 24000 to 29999



DNS MappingsIt is important to resolve the FQDNs of Cisco Instant Connect servers to the correct IP addresses based on the source (internal or external) of the user login request. If a log in request comes from an internal user, it is resolved to the reverse proxy server for user authentication. To join a talkline, the FQDN of an assigned UMS must be resolved. For alerts, the FQDN of the notifier server must be resolved.

If a request comes from an external user, a user authentication and alert notification must be mapped to the FQDN of the reverse proxy server. A request for a talkline are mapped to the FQDN of the VCS-E.

For example, recommended DNS records for the example.com company domain would appear as follows:

External DNS

A record per UMS of the following form:

UMS FQDN 86400 IN A VCS-E IP Address

A record pointing to the load balancer:

FQDN of Load balancer 86400 IN A Reverse Proxy IP Address

A record pointing to the notifier:

FQDN of Notifier 86400 IN A Reverse Proxy IP Address

A record pointing to location sever:

FQDN of Location server 86400 IN A Reverse Proxy IP address

Internal DNS

A record per UMS of the following form:

UMS FQDN 86400 IN A IP Address of UMS

A record pointing to the load balancer:

FQDN of Load balancer 86400 IN A IP address of Load Balancer

A record pointing to the notifier

FQDN of Notifier 86400 IN A IP address of Notifier

A record pointing to location server

FQDN of Location server 86400 IN A IP address of location server

Table 2-5 Outbound Connections (DMZ to Internet)


Transport Protocol

Destination Port

SRTP and SRTCP

VCS-E Endpoint 36000 to 59999 UDP 1024 or higher

TURN media VCS-E Endpoint 24000 to 29999 UDP 1024 or higher



VCS-C and VCS-E ConfigurationTo configure VCS-C and VCS-E, perform system level configuration for FQDNs, IP addressing, DNS, NTP, and other items as recommended by your VCS documentation. This section describes additional recommended configuration for enabling Cisco Instant Connect specific flows between users who are on campus and off campus, or between users who are off campus.

Configuring SIP

To configure SIP settings for VCS-C and VCS-E, from the Main page in the VCS-C and VCS-E web-based interface, choose Configuration > Protocols > SIP, and configure the options as recommended in Table 2-6.

Configuring Traversal Zones

To configure traversal zone settings for VCS-C and VCS-E, from the Main page in the VCS-C and VCS-E web-based interface, choose Configuration > Zones > Zones > New, and configure the options as recommended in Table 2-7.

Table 2-6 Recommended SIP Protocol Configuration Settings for VCS-C and VCS-E

Option VCS Control VCS Expressway

SIP Mode On On

UDP Mode Off Off

TCP Mode Off Off

TLS Mode On On

TLS Port 5061 5061

Minimum session refresh interval

90 90

Table 2-7 Recommended Traversal Zone Settings for VCS-C and VCS-E


Name Traversal Zone Traversal Zone

Type Traversal Client Traversal Server

Username Exampleauth Exampleauth

Password Examplepw Add a new entry in the Data Store with the same user name and password as used for VCS-C

H.323 Mode OFF OFF

SIP Mode ON ON

SIP Port 7001 7001

SIP Transport TLS TLS

TLS Verify Mode Off Off

SIP Accept proxied registrations Allow Allow



Configuring TURN

To configure TURN for VCS-E, click Configure TURN Server as described in the “Configuring Traversal Zones” section on page 2-24, configure the options as recommended in Table 2-8, and then click Save.

To configure TURN for VCS-C, click Configure TURN Server as described in the “Configuring Traversal Zones” section on page 2-24, configure the options as recommended in Table 2-9, and then click Save.

Media Encryption Mode Force Encrypted Force Encrypted

ICE Support ON ON

Local Peer 1 address 192.0.2.3 —

ICE Support ON ON

TURN Configuration Click Configure TURN Server and configure options as shown in Table 2-8 on page 2-25

Click Configure TURN Server and configure options as shown in Table 2-9 on page 2-25

Poison mode OFF OFF

SIP parameter preservation On On

Authentication Policy Uncheck credentials Uncheck credentials

Table 2-7 Recommended Traversal Zone Settings for VCS-C and VCS-E (continued)


Table 2-8 Recommended TURN Settings for VCS-E

Option VCS Expressway

TURN Services ON

TURN request port range start 3478 – 3483

Delegated Credential Checking OFF

Authentication Realm Test

Media port range start 24000

Media port range end 29999

Table 2-9 Recommended TURN Settings for VCS-C

Option VCS Control

TURN server address 192.0.2.3

TURN server port 3478

TURN service username Test

TURN service password cisco123



Configuring the Local Database

To configure the credentials that VCS-C uses to authenticate a TLS connection to VCS-E, from the Main page in the VCS-C and VCS-E web-based interface, choose Configuration > Authentication > Local Database, then click New, and then configure the options as shown in Table 2-10.

Configuring Neighbor Zones

For each UMS in your Cisco Instant Connect deployment, a separate neighbor zone must be configured between VCS-C and the UMS. To configure a neighbor zone between VCS-C and a UMS, from the Main page in the VCS-C and VCS-E web-based interface, choose Configuration > Zones > Zones> New, configure the options as shown in Table 2-11, and then click Save.

Table 2-10 Local Database Settings for TLS Connection to VCS-E


Name Enter a user authentication name for your company

Password Enter a password that conforms to the password policy of your organization

Table 2-11 Neighbor Zone Settings Between VCS-C and a UMS

Option VCS Control

Name UMS Neighbor Zone

Type Neighbor

Hop count 15

H.323 Mode OFF

SIP Mode ON

SIP Port 5061

Transport TLS

Accept proxied registrations Allow

Media encryption mode Force Encrypted

ICE support ON

Authentication policy Uncheck credentials

Peer 1 address 10.0.0.7

Zone profile Custom

Monitor peer status No

SIP parameter preservation On

SIP record route address type Hostname



Configuring Traversal Zone Search Rules

To configure traversal zone search rules for VCS-E, from the Main page in the VCS-C and VCS-E web-based interface, choose Configuration > Dial Plan > Search Rules, click New, and then configure the options as shown in Table 2-12.

Configuring UMS Neighbor Zone Search Rules

For each UMS in your Cisco Instant Connect deployment, a separate UMS neighbor zone search rule must be configured. To configure a UMS neighbor zone search rule, from the Main page in the VCS-C and VCS-E web-based interface, choose Configuration > Dial Plan > Search Rules, click New, and then configure the options as shown in Table 2-13, and then click Save.

Table 2-12 Traversal Zone Search Rules


Rule name Traversal Zone search rule

Priority 50

Protocol Any

Source Any

Request must be authenticated No

Mode Alias Pattern Match

Pattern type Suffix

Pattern string @ums.ipics.cisco.com;transport=TLS

On successful match Continue

Target Traversal Zone

State Enabled

Table 2-13 UMS Neighbor Zone Search Rules

Option VCS Control

Rule name UMS Zone Search Rule

Priority 5

Protocol Any

Source Any

Request must be authenticated No

Mode Alias pattern match

Patter type Suffix

Pattern string @ums.example.com;transport=TLS

Pattern behavior Replace

Replacement string @10.0.0.7;transport=TLS

On successful match Continue



Configuring External IP Address Routing

To configure external IP address routing, from the Main page in the VCS-C and VCS-E web-based interface, choose Configuration > Dial Plan > Configuration > Configure, configure the options as shown in Table 2-14, and then click Save.

Load Balancer Security ConfigurationIf load balancing is configured in your deployment, you must make some security configuration settings.

To configure security for load balancing, follow these steps:

Procedure

Step 1 Use an SSH client to access the reverse proxy server and log in as the root user.

Step 2 If new certificates are required, take these actions:

a. Generate an X.509 certificate and store it as proxy.crt in the /etc/ssl/certs folder.

b. Generate the associated key and store it as proxy.key in the /etc/ssl/certs folder.

c. Concatenate the certificate and the key into a single .pem file.

Here is an example of using openSSL to generate the certificate and keys:

• Produce a 1024 bit RSA key:

[root]# openssl genrsa -out proxy.key 1024

• Use the key to produce a certificate signing request:

[root]# openssl req -new -key proxy.key -out proxy.csr

• Use the CSR to finally produce a self signed certificate:

[root]# openssl x509 -req -days 365 -in proxy.csr -signkey proxy.key -out proxy.crt

• Concatenate the certificate and key into a pem file:

[root]# cat proxy.crt proxy.key > proxy.pem

If third party certificates are being installed, install them with the same name as specified in this example.

Step 3 Prepare a reverse proxy configuration script named haproxy.cfg and store it in the /etc/haproxy folder as shown in Example 2-1 on page 2-29.

Target UMS Neighbor Zone

State Enabled

Table 2-13 UMS Neighbor Zone Search Rules (continued)

Option VCS Control

Table 2-14 External IP Address Routing Settings


Calls to unknown IP addresses Indirect Indirect



Step 4 Restart the HAProxy service.

Example 2-1 shows a reverse proxy configuration script. In this example, items in bold italic type should be replaced with FQDNs or IP addresses as appropriate for your deployment.

Example 2-1 Reverse Proxy Configuration Script

# ################################################# ## /etc/haproxy/haproxy.cfg ## HAProxy configuration file created by Cisco CIC ## ------------------------------------------------- ## Version 5.0 ## ################################################# #

#---------------------------------------------------------------------# HAProxy's configuration process involves 3 major sources of parameters :## - the arguments from the command-line, which always take precedence# - the "global" section, which sets process-wide parameters# - the proxies sections which can take form of "defaults", "listen","frontend" and "backend".#---------------------------------------------------------------------

# the "global" section, which sets process-wide parametersglobal

# Writes pids of all daemons into file <pidfile>.pidfile /var/run/haproxy.pid

# Sets the maximum per-process number of concurrent connections to <number>. Proxies will stop accepting connections when this limit is reached.maxconn 6000maxconnrate 500

# Makes the process fork into background. This is the recommended mode of operation.daemon

# the proxies sections which can take form of "defaults", "listen","frontend" and "backend".# A "defaults" section sets default parameters for all other sections following# its declaration. Those default parameters are reset by the next "defaults" section.

# A "frontend" section describes a set of listening sockets accepting client connections.# A "backend" section describes a set of servers to which the proxy will connect to forward incoming connections.# A "listen" section defines a complete proxy with its frontend and backend parts combined in one section. It is generally useful for TCP-only traffic.

defaultsmodehttpoptionhttp-server-closeoptionredispatchoption contstatslog 127.0.0.1local2retries 3timeout queue1mtimeout connect1mtimeout client1m



timeout server1mtimeout check20sstats enablestats refresh 10sstats uri /stats

frontend unsecuredbind public_ip_of_RP:80option httplogmode httpreqadd X-Forwarded-Proto:\ httpstick-table type ip size 200k expire 5m store gpc0acl src_is_abuser src_get_gpc0(unsecured) gt 0use_backend ease-up if src_is_abusertcp-request connection track-sc1 src if ! src_is_abuseracl ipics_server hdr_sub(host) -i FQDN_of_LBuse_backend httpConnNodes if ipics_servermaxconn 6000

backend httpConnNodesstick-table type ip size 200k expire 30s store bytes_out_rate(30s)tcp-request content track-sc2 srcacl data_rate_abuse sc2_bytes_out_rate gt 2000000acl mark_as_abuser sc1_inc_gpc0 gt 0tcp-request content reject if data_rate_abuse mark_as_abuser

mode http option httpchk HEAD / HTTP/1.1\r\nHost:localhost balance roundrobin

server FQDN_of_LB IP_addr_of_LB:80 check maxconn 6000

frontend secured bind public_ip_of_RP:443 ssl crt /etc/ssl/certs/proxy.pem reqadd X-Forwarded-Proto:\ https stick-table type ip size 200k expire 5m store gpc0

acl src_is_abuser src_get_gpc0(secured) gt 0use_backend ease-up if src_is_abusertcp-request connection track-sc1 src if ! src_is_abuseracl ipics_server hdr_sub(host) -i FQDN_of_LBacl location_server hdr_sub(host) -i FQDN_of_Location_serveruse_backend httpsConnNodes if ipics_serveruse_backend locationServerNode if location_servermaxconn 6000

backend httpsConnNodes redirect scheme https if !{ ssl_fc } stick-table type ip size 200k expire 30s store bytes_out_rate(30s)

tcp-request content track-sc2 srcacl data_rate_abuse sc2_bytes_out_rate gt 2000000acl mark_as_abuser sc1_inc_gpc0 gt 0tcp-request content reject if data_rate_abuse mark_as_abuser

balance roundrobinserver FQDN_of_LB IP_addr_of_LB:443 check ssl verify none maxconn 6000

backend locationServerNoderedirect scheme https if !{ ssl_fc }

stick-table type ip size 200k expire 30s store bytes_out_rate(30s)tcp-request content track-sc2 srcacl data_rate_abuse sc2_bytes_out_rate gt 2000000acl mark_as_abuser sc1_inc_gpc0 gt 0tcp-request content reject if data_rate_abuse mark_as_abuser

balance roundrobin



server<FQDN_of_LocationServer><IP_addr_of_LocationServer>:443 check ssl verify none

maxconn 6000

frontend notify1883 bind public_ip_of_RP:1883 option tcplog mode tcp stick-table type ip size 200k expire 5m store gpc0

acl src_is_abuser src_get_gpc0(secured) gt 0use_backend ease-up if src_is_abusertcp-request connection track-sc1 src if ! src_is_abuserdefault_backend tcpNotifConn1883maxconn 6000

backend tcpNotifConn1883 mode tcp stick-table type ip size 200k expire 30s store bytes_out_rate(30s)


balance roundrobinserver FQDN_of_Notifier IP_addr_of_Notifier>:1883 checkmaxconn 6000

frontend notify5555 bind public_ip_of_RP:5555 option tcplog mode tcp stick-table type ip size 200k expire 5m store gpc0

acl src_is_abuser src_get_gpc0(secured) gt 0use_backend ease-up if src_is_abusertcp-request connection track-sc1 src if ! src_is_abuser

default_backend tcpNotifConn5555 maxconn 6000

backend tcpNotifConn5555 mode tcp stick-table type ip size 200k expire 30s store bytes_out_rate(30s)


balance roundrobinserver FQDN_of_Notifier IP_addr_of_Notifier:5555 checkmaxconn 6000

backend ease-upmode httperrorfile 503 /etc/haproxy/errors/503rate.http

In the scrip above replace the highlighted fields with appropriate values."Create a HTTP file to be displayed if a user exceeds specified data rate. Place this

file under /etc/haproxy/errors/503rate.http. Here is a sample of the above file;<html>Please stop!</html>


Chapter 2 Cisco Instant Connect Component ConsiderationsCisco Spark Integration

Cisco Spark IntegrationCisco Instant Connect integrates with Cisco Spark to provide the ability for Dispatch Console users and Cisco Instant Connect mobile app users to engage in simple text chats in real-time.

When a talkline is created in Cisco Instant Connect, a corresponding Spark chat room is created for the users in the talkline.

In addition, this integration also provides the ability for two Cisco Instant Connect users to engage in a point-to-point chat.

When an alert is sent to a talkline, the alert appears in the Spark chat room of the talkline.

Enabling and configuring integration with Cisco Spark requires the following:

If your Cisco Instant Connect deployment uses expressway, the FQDN the Cisco Spark Server must be mapped to the public IP address of the Cisco Spark server.

For additional information, see the “Managing the Cisco Spark Server” section in Cisco Instant Connect Administration Guide.

Setting up an HTTP Proxy for the Cisco Instant Connect Server and the Notifier Server

If the Cisco Instant Connect server cannot directly access the Cisco Spark sever in the cloud, you must set up an HTTP proxy on each Cisco Instant Connect server and on the notifier server. To do so, perform the following steps:

Procedure

Step 1 On the Cisco Instant Connect server, take these actions to modify the startup script to point to your HTTP proxy:

a. Use SSH client to access the VM and log in as the root user.

b. Enter the following command to edit the startup.sh file:

[root]# vi /opt/cisco/ipics/tomcat/current/bin/startup.sh

c. After the line in the startup.sh file that shows -Djavax.net.ssl.trustStorePassword=xxxxx (around line 50), add the following lines:

-Dhttp.proxyHost=proxy.esl.cisco.com -Dhttp.proxyPort=80 \

-Dhttps.proxyHost=proxy.esl.cisco.com -Dhttps.proxyPort=80 \

-Dhttp.nonProxyHosts='localhost|127.0.0.1|192.168.*|10.*|172.16.*|172.17.*|172.18.*|172.19.*|172.20.*|172.21.*|172.22.*|172.23.*|172.24.*|172.25.*|172.26.*|172.27.*|172.28.*|172.29.*|172.30.*|172.31.*|*.$(/bin/hostname --domain)' \

d. Save and close the startup.sh file.

e. Enter the following command:

[root]# service ipics restart

Step 2 On the notifier, take these actions to modify the startup script to point to your HTTP proxy:

a. Use SSH client to access the VM and log in as the root user.

b. Enter the following command to edit the catalina.sh file:


Chapter 2 Cisco Instant Connect Component ConsiderationsIntegrating Cisco Instant Connect with Cisco UCCX

[root]# vi /opt/cisco/notifier/mss-apache-tomcat/bin/catalina.sh

c. After the line in the startup.sh file that shows -Djavax.net.ssl.trustStore... (around line 263), add the following lines:

JAVA_OPTS="$JAVA_OPTS -server -Dserver.name=notifieradmin -Xmx2048m -Xms512m -Xmn500m"

JAVA_OPTS="$JAVA_OPTS -XX:MaxPermSize=100m -XX:PermSize=100m -XX:NewRatio=2 -XX:SurvivorRatio=10"

JAVA_OPTS="$JAVA_OPTS \

-Dhttp.proxyHost=proxy.esl.cisco.com -Dhttp.proxyPort=80 \

-Dhttps.proxyHost=proxy.esl.cisco.com -Dhttps.proxyPort=80 \

-Dhttp.nonProxyHosts='localhost|127.0.0.1|192.168.*|10.*|172.16.*|172.17.*|172.18.*|172.19.*|172.20.*|172.21.*|172.22.*|172.23.*|172.24.*|172.25.*|172.26.*|172.27.*|172.28.*|172.29.*|172.30.*|172.31.*|*.$(/bin/hostname --domain)' "

d. Save and close the startup.sh file.

e. Enter the following command:

[root]# service notifier_admin restart

Setting up an HTTP Proxy for a BASH ShellIf you are using a CLI tools such as wget to register Cisco Spark, you must define the HTTP proxy in the ~/.bash_profile file on the server from which you are executing the CLI tool. To do so, add the following commands to the bash_profile file:

http_proxy=http://your_HTTP_proxy_FQDN:80

https_proxy=$http_proxy

export http_proxy

export https_proxy

no_proxy=localhost,127.0.0.1,10.0.0.0/8,192.168.0.0/16,.$(/bin/hostname --domain)

export no_proxy

Integrating Cisco Instant Connect with Cisco UCCXThe Cisco Instant Connect dial engine establishes a connection with Cisco Unified Contact Center Express (UCCX). After the configuration is performed in Cisco Instant Connect an a connection is established between Cisco Instant Connect and Cisco UCCX, Cisco Instant Connect pushes the dial engine scripts to Cisco UCCX. Calls from the PSTN or Cisco Unified Communications Manager to a Cisco Instant Connect number are forwarded to Cisco UCCX by Cisco Unified Communications Manager. Cisco UCCX then plays IVR scripts for authentication, joining talk groups, and invoking dial engine policies.

Figure 2-17 illustrates this scenario.



Figure 2-17 Calls in Deployment that Uses Cisco Unified Communications Manager

To set up Cisco UCCX to integrate with Cisco Instant Connect, follow these steps:

Procedure

Step 1 Ensure that you are running Cisco UCCX version 10.5 and that Cisco UCCX can communicate with Cisco Unified Communications Manager.

You can download Cisco UCCX installation or upgrade files from the Cisco website.

Step 2 In the Cisco Unified Communications Manger web-based user interface, go to User Management > End User and create a user named IPICSUser with the password Admin1234.

This user is the temporary user to upload the cop file to UCCX.

Step 3 Take these actions to download the ciscouccx.cic_custom.cop file, which is required for Cisco UCCX to operate with Cisco Instant Connect:

a. Go to this URL (you must have a valid Cisco.com user ID and password to access this URL):

https://software.cisco.com/download/release.html?mdfid=286315663&flowid=83028&softwareid=286318561&release=5.0.2

b. Click Download next to ciscouccx.cic_custom.cop and follow the prompts to download the file.

c. Copy the .cop file to a DVD or to an FTP or STFP server to which your Cisco UCCX server has access.

Step 4 Take the actions that are listed in either of the following options to install the ciscouccx.cic_custom.cop file on your Cisco UCCX server:

• Option 1—Install the .cop file by using the Cisco Unified CCX web-based interface:

1. Log in to Cisco Unified OS Administration using the IPICSUser name and password that you created in Step 2.

2. Choose Software Upgrades > Install/Upgrade.

3. Choose the source as either DVD/CD or Remote Filesystem from the Source list.

4. Enter the path of the upgrade file in the Directory field. For Remote Filesystem, enter a forward slash (/) followed by the directory path.

5. If you chose Remote Filesystem, follow the instructions on the screen; otherwise, continue to Step 6.

6. Click Next to see the list of upgrades that are available.


https://software.cisco.com/download/release.html?mdfid=286315663&flowid=83028&softwareid=286318561&release=5.0.2


7. Choose the appropriate upgrade file click Next.

8. Enter relevant information in the Email Destination and SMTP server fields to use the Email Notification feature.

9. Click Next to initiate the upgrade process.

Option 2—Install the .cop file by using by using the Cisco CCX CLI:

1. Log in to the Cisco Unified Communications OS Platform CLI using the IPICSUser name and password that you created in Step 2.

2. Enter the command show version active and check the current version.

3. Enter the command utils system upgrade status and check that the node is ready for upgrade.

4. Enter the command utils system upgrade initiate to initiate the upgrade process.

5. Choose the source where the upgrade file is placed.

6. Follow the on-screen instructions.

7. Your entries are validated and the available files list is displayed.

8. Choose the ISO image/COP file that you want to apply from the available list, and confirm the installation when prompted.

9. Enter the command show version active and check the upgrade version.

Step 5 In the Cisco Unified Communications Manger web-based user interface, either delete the IPICSUser user that you created in Step 2, or change the password that you created for this user to another password

Wireless Controller Configuration ExampleThe Cisco 5508 Wireless Controller can be used in a Cisco Instant Connect deployment. Table 2-15 describes guidelines that apply when configuring this controller from its web-based administration interface. When you make updates on a page, make sure to click the Apply button on the page to save the updates.

Table 2-15 Cisco 5508 Wireless Controller Configuration

Option Setting

Controller > General page

802.3x Flow Control Mode Choose Disabled from the drop-down list.

LAG Mode on next reboot Choose Disabled from the drop-down list.

Broadcast Forwarding Choose Enabled from the drop-down list.

AP Multicast Mode Choose Multicast from the drop-down list.

Set the Multicast Group Address to 239.0.0.0.

AP Fallback Choose Enabled from the drop-down list.

Fast SSID change Choose Enabled from the drop-down list.

WebAuth Proxy Redirection Mode

Choose Enabled from the drop-down list.



Controller > Multicast page

Enable Global Multicast Mode Check this check box.

Enable IGMP Snooping Check this check box.

Wireless > Media Stream > General page

Multicast Direct feature Check the Enabled check box.

Wireless > Media Stream > Streams page

Add New Follow these steps to create a new media stream:

1. Click the Add New button.

2. In the Stream Name field, enter a name for the media stream.

3. In the Multicast Destination Start IP Address field, enter the first IP address of the multicast group IP address range.

4. In the Multicast Destination End IP Address field, enter the last IP address of the multicast group IP address range.

5. In the Maximum Expected Bandwidth field, enter 1000.

6. In the Average Packet Size field enter 1200.

7. Check the RRC Periodic Update check box.

8. In the RRC Priority field, enter 8.

9. Choose best-effort from the Traffic Profile Violation drop-down list.

10. Click the Apply button.

Wireless > 802.11b/g/n > Network page

Data Rates Choose Disabled from the 1 Mbps, 2 Mbps, 5.5 Mbps, 6 Mbps, and 9 Mbps drop-down lists.

Choose Mandatory from the 11 Mbps and 12 Mbps drop-down lists.

Choose Supported from the remaining Data Rates drop-down lists.

Wireless > 802.11b/g/n > Media page, Media tab

Unicast Video Redirect Check this check box.

Multicast Direct Enable Check this check box.

WLANs > WLANs > WLANs page, General tab

To access the General tab, choose WLANs > WLANs > WLANs, then click the WLAN that you want to configure.

Status Check the Enabled check box.

Radio Policy Choose 802.11b/g only from the drop-down list.

Interface/Interface Group Choose the appropriate Interface from the drop-down list.

Multicast Vlan Feature Uncheck the Enabled check box.

Broadcast SSID Check the Enabled check box.

Table 2-15 Cisco 5508 Wireless Controller Configuration (continued)

Option Setting


Chapter 2 Cisco Instant Connect Component ConsiderationsDial Connect

Dial ConnectDial Connect allows you to place and receive dial calls from a Cisco Instant Connect endpoint. You can be on a dial call while participating in a talkline. Dial Connect requires that a call manager be configured in your deployment.

Configuration for Dial Connect involves the following:

• Cisco Instant Connect configuration—Configure the following options in the Administration Console, as described in Cisco Instant Connect Administration Guide:

– Call Manager Settings for Dialer, on the Administration > Options > General tab

– User Communications Preferences, on the User Management > user > Communications tab

– Dialer Settings and Dial Preferences, on the Administration > Options > Communications tab

• Call Manager Configuration—Make standard SIP dial setup configurations

When you are on both a Dial Connect call and participating in a talkline:

• You can hear audio from the call and the talkline at the same time, unless one or both are muted.

• When you talk without pressing the PTT button, only the party on the dial call hears you. Outgoing audio to the talkline is muted.

• When you talk with pressing the PTT button, only the other participants in the talkline hear you. Outgoing audio to the dial call is muted.

NAS-ID Enter the appropriate ID for NAS access requests.

WLANs > WLANs > WLANs page, Security > Layer 2 tab

To access the Security > Layer 2 tab, choose WLANs > WLANs > WLANs, then click the WLAN that you want to configure.

Layer 2 Security Choose WPA+WPA2 from the drop-down list.

WLANs > WLANs > WLANs page, QoS tab

To access the QoS tab, choose WLANs > WLANs > WLANs, then click the WLAN that you want to configure.

Quality of Service Choose Platinum (voice) from the drop-down list.

Multicast Direct Check this check box.

WLANs > WLANs > WLANs page, Advanced tab

To access the Advanced tab, choose WLANs > WLANs > WLANs, then click the WLAN that you want to configure.

Scan Defer Priority Check the 0 check box and uncheck the 1, 2, 3, 4, 5, 6, and 7 check boxes.

Scan Defer Time Enter 1000.

Table 2-15 Cisco 5508 Wireless Controller Configuration (continued)

Option Setting


Chapter 2 Cisco Instant Connect Component ConsiderationsWireless Network Configurations

Wireless Network ConfigurationsIf your Cisco Instant Connect deployment supports the following endpoints, you must include a wireless network in the deployment. This network can be a single Lightweight Wireless Access Point (LWAP) or a High Density Unified Wireless Network using wireless LAN controllers.

• Cisco Unified IP Phone 8821

• Cisco Unified IP Phone 7925G

• Cisco Unified IP Phone 7926

• Cisco Mobile Client App for Android Devices

• Cisco Mobile Client App for Apple Devices

Cisco recommends that you perform a site survey before you deploy a wireless network to assess RF behavior in your environment. For information about site surveys, see Site Survey Guidelines for WAN Deployment, which is available at:

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/116057-site-survey-guidelines-wlan-00.html#anc0

For additional information that relates to wireless networks, see the following documents:

• Campus Wireless LAN Technology Design Guide, which is available at:

http://www.cisco.com/web/offer/grs/189097/en-05_campus-wireless_cvd_cte_en.pdf

• Wireless LAN Controller (WLC) Configuration Best Practices, which is available at:

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/82463-wlc-config-best-practice.pdf

Text to SpeechCisco Instant Connect provides an interface to the Nuance text to speech (TTS) server, which is available from Nuance. This interface uses Media Resource Control Protocol (MRCP) to enable the Cisco Instant Connect dial engine to pass text strings to the TTS server, which in turn converts the text to audio. The dial engine then play the TTS audio to connected devices. This feature enables a more dynamic notification environment than is possible by prerecorded audio prompts.

Cisco Instant Connect uses the following rules to determine how to play prompts:

1. If a recorded prompt .wav file exists, it is played.

2. If no recorded prompt exists and a TTS provider is configured and accessible, TTS is used.

3. If no recorded prompt or TTS provider are available, the text is spelled out as the prompt. For example, if the name of a channel is “chan1” but there is no recorded prompt or TTS provider, Cisco Instant Connect might play this prompt: “Press 1 to select Channel one.”

These rules apply to the standard Cisco Instant Connect capabilities for announcing resource names during dial-in or dial-out call scenarios.

In addition, you can deploy custom scripts to use TTS prompts in a wide variety of scenarios. Custom scripts are available through Cisco Advanced Services.


http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/116057-site-survey-guidelines-wlan-00.html#anc0

http://www.cisco.com/web/offer/grs/189097/en-05_campus-wireless_cvd_cte_en.pdf

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/82463-wlc-config-best-practice.pdf

Chapter 2 Cisco Instant Connect Component ConsiderationsText to Speech

The following sections provide additional information about TTS:

• Installing Nuance TTS, page 2-39

• Configuring a Language Pack Other than en-US, page 2-40

• TTS Configuration and Operation, page 2-41

Installing Nuance TTSCisco Instant Connect operates with a dedicated TTS server that runs on a Microsoft Windows platform. This section describes how to install Nuance TTS (no ASR) and assumes that the Cisco Instant Connect software is already installed on the Cisco Instant Connect server.

Installation of Cisco Instant Connect is not required installation Nuance TTS.

Note The default Nuance TTS installation contains licenses for TTS ports. If you need more licenses, obtain them from your Nuance TTS vendor.

To install the Nuance TTS software, perform the following procedure on the dedicated TTS server. All Nuance TTS components are available from Nuance.

Procedure

Step 1 If there is Nuance software already installed on the server, take these actions:

a. Uninstall the Nuance software.

b. Delete the following directories, if they exist:

c. C:/Nuance

d. C:/Program Files/Nuance

e. Reboot the server.

Step 2 Follow the instructions that are provided with your Nuance software to install Nuance MRCP.

This process installs all Nuance TTS components except Vocalizer (TTS).

Step 3 Follow the instructions that are provided with your Nuance software to install the Nuance Vocalizer TTS software.

Step 4 Follow the instructions that are provided with your Nuance software to install the English language pack for TTS.

Step 5 Take these actions to configure TTS for use with Cisco Instant Connect.

a. Modify the watcher.startup file in the C:\Nuance\V8.5.0\mrcp to add the tts.ResourceName parameter for the vocalizer process.

For example, modify the existing line for Vocalizer from:

vocalizer -text_type SSML -config %MRCP%/nuance-resources.txt lm.Addresses=localhost:8471

to:

vocalizer -text_type SSML tts.ResourceName=en-US-female -config %MRCP%/nuance-resources.txt lm.Addresses=localhost:8471

b. If you are using TTS in high load scenarios, make these modifications to the watcher.startup file:



– Use the num_channels parameter to allow for the maximum number of TTS ports that you are provisioning for.

– Use the preallocate_licenses parameter to improve response time.

– Use the load_voices_in_memory parameter to load the complete voice pack in memory. Note: This configuration increases process memory and initialization time.

– Use the pruning parameter with a value of 80 to reduce the CPU requirement for Vocalizer process

For example, if you will use 50 TTS ports, modify this line:

vocalizer -text_type SSML tts.ResourceName=en-US-female -config %MRCP%/nuance-resources.txt lm.Addresses=localhost:8471

to this line:

vocalizer -load_voices_in_memory -preallocate_licenses -num_channels 50 -pruning 80 -text_type SSML tts.ResourceName=en-US-female -config %MRCP%/nuance-resources.txt lm.Addresses=localhost:8471

Step 6 Reboot the server.

Step 7 Take these actions to ensure that Nuance services and processes are operating:

a. Open the Windows Services Control Panel and make sure that the Nuance Watcher Daemon service is shown as Started.

The startup type typically is Automatic, so this service should be running.

b. (Optional) Open a browser window and enter this URL: <http://<Speech Server Hostname>:7080>.

A session with the Nuance Watcher Daemon opens. The VP State for the following processes should be shown as Ready. It can take approximately 1 minute for the processes to go to this state. Click Update Home Page to display the current status of all the processes.

– watcher-daemon

– NLM

– Resource-Manager

– MRCP-Server

– Nutts-server

Step 8 (Optional) Install additional language packs for TTS.

Step 9 If you install a language pack other than en-US (US English), follow the instructions in the “Configuring a Language Pack Other than en-US” section on page 2-40.

Configuring a Language Pack Other than en-USIf you install a language pack other than en-US, update the following parameters for the Vocalizer process:

• tts.ResourceName—For example, to use a Spanish female voice, set this value to es-US-female.

• voice—For example, to use a Spanish female voice, set this value to atalinaromero. Table 2-16shows the language pack names for various TTS voices.



• region—If you are using a Spanish voice, set this parameter either US or CALA, depending on the region version that you want.

Example

The Vocalizer process for a Spanish Female voice could be set as follows:

vocalizer -text_type SSML tts.ResourceName=es-US-female -voice catalinaromero -region CALA -config %MRCP%/nuance-resources.txt lm.Addresses=localhost:8471

The preceding example applies if you start only one language pack. If you start more than one language pack at the same time, you must update the following parameters for each additional Vocalizer process:

• tts.Port—The default value is 32323. This value must be changed for additional processes. Cisco recommends that you increase this value by 1 for each additional process.

• dictionary_port: The default value is 22552. This value must be changed for additional processes. Cisco recommends that you increase this value by 1 for each additional process.

Example

A language pack for en-US female and es-US female that are to run simultaneously could be started as follows:

vocalizer -text_type SSML tts.ResourceName=en-US-female -config C:\Nuance\V8.5.0\mrcp/nuance-resources.txt lm.Addresses=localhost:8471

vocalizer tts.Port=32324 -dictionary_port 22553 -text_type SSML -voice catalinaromero -region CALA tts.ResourceName=es-US-female -config C:\Nuance\V8.5.0\mrcp/nuance-resources.txt lm.Addresses=localhost:8471

TTS Configuration and OperationTable 2-17 describes some of the items in the Cisco Instant Connect options that should be configured when you operate TTS. You configure these options in the TTS Management window, which you access from the Administration Console by choosing Dial Engine > TTS Management from the Policy Engine tab.

Table 2-16 Language Packs for TTS Voices

Language Pack Voice

North American English Female Lauriewoods (default)

North American English Male reedjohnston

U.K English Female clairekingston

U.K English Male Timcooper

Australian English Female sarahbrown

Australian English Male joshdonnelly

Canadian French Female juliedeschamps

American Spanish Female catalinaromero

Brazilian Portuguese Female marinacosta



In addition, choose Dial Engine > Dial Engine Parameters from the Policy Engine tab and, in the Dial Engine Parameters window, check the TTS Enabled check box.

Table 2-18 describes expected results for a variety of common use cases when TTS is enabled.

Table 2-17 Cisco Instant Connect Configuration Options for TTS

TTS Configuration Option Explanation

Provider Name The provider name for the supported version of Nuance Vocalizer is Nuance Vocalizer 4.0.

Number of Licenses This value should match the number of port licenses on the TTS server.

Server Name IP address or hostname of the TTS server.

Port The default Nuance port number is 554.

Language Language that TTS should use for its pronunciation rules.

Gender Should match the gender that is configured on the TTS server.

To check the setting on the TTS server, go to the following URL, where TTS_server_IP is the IP address of the TTS server, and look at the nutts-server setting.

http://TTS_server_IP:7080/

For example, if the nutts-server setting is en_US and the gender is Female, the gender setting for TTS in the Administration Console must be Female.

Table 2-18 Common TTS Use Cases

Use Case Expected Results

In the Administration Console, choose Policy Management > Policies, click the Action tab, choose a notification action, enter a large message, and click Activate Policy.

Designate users are called and hear the message played by the TTS server.

A user calls the Cisco Administration Console TUI, authenticates, and selects a resource.

The resource (VTG, channel, or policy name) is spoken by the TTS system.

TTS configuration is complete and saved and the TTS server is reachable

The entry for the MRCP TTS subsystem in the Administration Console Dial Engine > Control Center > Status screen should show IN_SERVICE.

Note The TTS subsystem pings the TTS server periodically to determine if it is reachable. Even if the TTS configuration is complete but the TTS subsystem cannot reach the TTS server, the TTS subsystem will be in service.


Chapter 2 Cisco Instant Connect Component ConsiderationsCisco Instant Connect for Android Devices and Cisco Instant Connect for Apple Devices

Cisco Instant Connect for Android Devices and Cisco Instant Connect for Apple Devices

Cisco Instant Connect for Android Devices and Cisco Instant Connect for Android Devices are app that allows you to use an Android device or Apple device to interact with other participants in a Cisco PICS incident. The device can communicate with Cisco Instant Connect either via a WiFi network connection or a 3G, 4G, or LTE connection. For detailed information about this application, and information about feature limits when using a WiFi connection, see Cisco Instant Connect for Android Devices User Guide or Cisco Instant Connect for Apple Devices User Guide.

When using an Android or Apple device as a mobile client, be aware of the following:

• If you are using a WiFi connection, the Cisco Instant Connect server and the UMS component must be accessible on the wireless network.

• Network connectivity for all Cisco Instant Connect components that are to be used with the mobile client should be established before using the mobile client.

• When you view a list of talk lines, the information in the screen updates automatically. The update interval is defined by the Client Update Poll option in the Administration > Options > Client tab in the Cisco IPCS Administration Console. The default update interval is 5 seconds.

DNS ConfigurationThe mobile client uses SSL to communicate with the server. SSL requires that DNS be enabled in your network.

The following sections provide information about the models that you can use to configure DNS in you network.

• Intranet Access Model, page 2-44

The TTS server is manually brought down, then a caller dials in or is sent a notification.

The system should revert to spelling out names or spelling out notifications. The Policy Engine tab > Dial Engine > Control Center > Status window in the Administration Console should show that the TTS subsystem is down. If the TTS server is brought down while a user is dialed in, the user hears the prompt “Sorry the system is having trouble.”

The TTS server is manually brought up then a caller dials in or is sent a notification.

The system should revert to reading out names or reading out notifications. The Policy Engine tab > Dial Engine > Control Center > Status window in the Administration Console should show the TTS subsystem as up. If the TTS server is brought up or down while a user is dialed in, the user may hear the prompt “Sorry the system is having trouble.”

Table 2-18 Common TTS Use Cases (continued)

Use Case Expected Results


Chapter 2 Cisco Instant Connect Component ConsiderationsCisco Instant Connect for Android Devices and Cisco Instant Connect for Apple Devices

• Internet/Intranet Access Model, page 2-44

Intranet Access Model

This section provides guidelines for how to configure DNS when a mobile client will connect to an Instant Connect server only on a local intranet.

• Ensure that a DNS server is configured in your LAN.

• Configure each component in the Cisco Instant Connect component to us this DNS server for hostname resolution.

• Configure the hostname for the DNS server as an entry in the DNS server.

• Ensure that you can ping the Cisco Instant Connect server by its hostname from each mobile client.

• If you are using DHCP for IP address assignments, ensure that the correct search domain is configured on the DHCP server or the wireless controller that is acting as a DCHP server. The search domain is not populated automatically.

• If you are not using DHCP for IP address assignment, ensure that the correct domain name and client ID are configured on the mobile client in addition to the IP address, mask, and default gateway values.

DHCP servers use the client ID to bind the mobile client to a specific IP address. This binding ensures that the mobile client can communicates through firewalls, and access restrictions (Access Control Lists) in your network. If you do not configure a client ID, you cannot access the Incident app on a mobile client,

Internet/Intranet Access Model

This section provides guidelines for how to configure DNS when a mobile client will connect to a Cisco Instant Connect server via the Internet and a company intranet.

• Ensure that a DNS server is configured in your LAN.

• Configure each component in the Cisco Instant Connect component to us this DNS server for hostname resolution.

• Configure the hostname for the DNS server as an entry in the DNS server.

• Do not use the Hosts file to bypass the DNS name resolution.

• Ensure that you can ping the Cisco Instant Connect server by its hostname from each mobile client.

• If you are using DHCP for IP address assignments, ensure that the correct search domain is configured on the DHCP server or the wireless controller that is acting as a DCHP server. The search domain is not populated automatically.

• If you are not using DHCP for IP address assignment, ensure that the correct domain name and client ID are configured on the mobile client hat you populate the DNS server address on the mobile client in addition to the IP address, mask, and default gateway values.

• If you are not using the DHCP Server for IP Address assignment, then you also need to ensure that you populate the DNS Server address on the mobile client in addition to the IP Address, Mask and Default Gateway that you may specify.

• If the mobile client needs to access two domains (one for the intranet and one for the Internet), the intranet DNS must be configured to forward requests from the mobile client to the Internet DNS, and the Internet DNS must be configured to forward requests to the intranet DNS.


Chapter 2 Cisco Instant Connect Component ConsiderationsCisco Unified IP Phones

• If the Cisco Instant Connect server is reachable on the Internet and has a FQDN registered on the web, any Internet DNS can be used to resolve the IP address of the server. In such a scenario, the local DNS should configured with the DNS address that is provided by the local ISP. Alternatively, you can use a public DNS, such as 4.2.2.2 and 8.2.2.2, to provide name resolution.

Cisco Unified IP PhonesIf your Cisco Instant Connect deployment includes Cisco Unified Communications Manager, you can use the Cisco Unified IP Phone services application programming interface (API) to provide PTT capabilities to certain Cisco Unified IP Phone models. A phone with the PTT capability enabled can provide an easy-to-use GUI that allows users to monitor or participate in a PTT channels or VTG over a VoIP network. A phone can participate in one channel or VTG at a time. To participate in a channel or VTG, a phone user chooses the desired channel or VTG from a list that displays on the phone.

The Cisco IP Phones and Cisco Wireless IP Phones use the XML service to connect to Instant Connect Server. This service treats channels and VTGs as talklines.

To enable this feature, Cisco Unified Communications Manager must be deployed in your IP telephony (IPT) network, and either of these applications must be configured with the IP address of the Cisco Instant Connect server. A Cisco Unified IP Phone uses this IP address to locate the server and download the PTT XML application.

For related information about configuring this feature, see the “Setting up the Cisco IP Phone for use with Cisco Instant Connect” appendix in Cisco Instant Connect Administration Guide. For a list of Cisco Unified IP Phones that Cisco Instant Connect supports as PTT devices, see Cisco Instant Connect Compatibility Matrix.

Cisco Unified Communications Manager Configuration OverviewYou use the Cisco IP Phone Services Configuration page in the Cisco Unified Communications Manager Administration application to define and maintain the list of Cisco Unified IP Phone services to which users can subscribe. These services are XML applications that enable the display of interactive content on supported models of a Cisco Unified IP Phone.

After you configure a list of IP phone services, Cisco Unified IP Phone users can access the Cisco Unified Communications Manager User Options menu and subscribe to the services, or an administrator can add services to Cisco Unified IP Phones and device profiles. Administrators can assign services to speed-dial buttons, so users have one-button access to the services.

For detailed information about configuring phone services, see the “Cisco IP Phone Services” chapter in Cisco Unified Communications Manager System Guide.

Port UsageTable 2-19 describes the ports and transport protocols that various components use in a Cisco Instant Connect deployment.


Chapter 2 Cisco Instant Connect Component ConsiderationsPort Usage

Table 2-19 Port Usage

Port Number Where Used Function Transport Protocol

80 • Cisco Instant Connect server

• Mobile client

HTTP TCP


• Mobile client

HTTPS TCP


Administration TCP


Dial engine heartbeat TCP


UMS heartbeat UDP

2225 • Radio control service

UMS radio control service

UDP

3444 • UMS Remote Cisco Instant Connect server heartbeat

TCP

3446 • UMS UMS monitor UDP

3447 • UMS Dial engine monitor UDP

3448 • UMS Radio control service UDP


Radio control service TCP


• Mobile client

• UMS

SIP TCP and UDP


• Mobile client

• UMS

SIP - TLS TCP

5062 • UMS UMS WebSocket SIP connector

TCP


• Mobile client

• UMS

HTTPS to UMS TCP


Dial engine TCP


Chapter 2 Cisco Instant Connect Component ConsiderationsZabbix Support

Zabbix SupportCisco Instant Connect integrates with the third party Zabbix service assurance server. Zabbix is an open software that gathers data by monitoring of applications. It provides for web monitoring and monitoring of VMware virtual machines.

For related information, see your Zabbix documentation.

In Cisco Instant Connect, Zabbix provides a consolidated view of system resource utilization and performance by each nodes in a deployment. This information is provided in a dashboard that offers a complete system overview and the ability to display more detailed information for a node.

A Zabbix server monitors devices by using SNMP, or by communicating with the Zabbix agent that is installed on UNIX, Windows, or Linux hosts.


• UMS

HTTP to UMS TCP


HTTPS redirect TCP


Policy engine TCP


• Mobile client

Media engine TCP


• UMS

Remote heartbeat receiver

TCP

16384 through 20480 • Mobile client

• UMS

Media mixer UDP

21000, 21001 • Cisco Instant Connect server

• Mobile client

RTP / RTCP multicast UDP

25000 through 29096 • Cisco Instant Connect server

• Mobile client

TGMS (restreamer) UDP

35000 through 39096 • Cisco Instant Connect server

• Mobile client

Dial Media Service (DMS)

UDP

4000 through 20480 • Mobile client RTP/RTCP, SRTP UDP

8005, 8443 • Cisco Instant Connect server

• Mobile client

Tomcat TCP

Table 2-19 Port Usage (continued)

Port Number Where Used Function Transport Protocol



To use Zabbix to monitor basic Cisco Instant Connect health, you can use Linux monitoring templates that are provided by Zabbix. You also can use add-on custom templates for specialized monitoring of Cisco Instant Connect application health.

The monitoring workflow is as follows:

1. Use discovery rules to add devices automatically to the Zabbix database.

2. Use auto registration to associate a device with monitoring templates.

3. Zabbix agents periodically send metrics and health data to the Zabbix server periodically per monitoring template. The Zabbix database stores data in a format such as PostgreSQL, MySQL, or SQLite, with specific data retention rules.

4. The Zabbix server applies monitoring triggers to determine if an event occurs and is to be reported.

5. Past performance data is reviewable using graphs.

You can export Zabbix configuration data to an XML file for configuration management. And you can extract Zabbix data by using custom scripts that unload data directly from the main Zabbix database.

The following Zabbix can be used to monitor Cisco Instant Connect operations

• CIC DB Monit Status

• CIC DB Informix Status

• CIC DB Informix Replication Status

• CIC DB Informix Replication Queue Size

• CIC DB Informix No Virtual Memory Usage

• CIC DB /idspri space usage

• CIC DB /idspri near full

• CIC DB /idspri critical low space

• CIC NOTIFIER MONIT

• CIC NOTIFIER ADMIN

• CIC NOTIFIER -> CIC Database Connection

• CIC RCS MONIT

• CIC RCS ADMIN

• CIC RCS -> CIC Database Connection

• CIC REPORT ENGINE SYSLOGNG

• CIC REPORT ENGINE HTTPADAPTOR

• CIC REPORT ENGINE -> CIC Database Connection

• CIC SERVER VTG in pending status

• CIC SERVER Scan Group Spans Multiple UMSs

• CIC SERVER Redis status

• CIC SERVER Redis Master Name

• CIC SERVER Redis-Sentinel Status

• CIC SERVER Multi-cast address is pending

• CIC SERVER Monit status

• CIC SERVER IPICS Tomcat Status



• CIC SERVER IPICS status

• CIC SERVER Core

• CIC SERVER Channel in pending status

• CIC SERVER /documents space usage

• CIC SERVER /documents near full

• CIC SERVER /documents critical low space

• CIC UMS Monit Status

• CIC UMS Media Status

• CIC UMS Core

• CIC UMS Admin Status


Cisco Instant Connect Component Considerations · † Integrating Cisco Instant Connect with Cisco...

Documents

Transcript of Cisco Instant Connect Component Considerations · † Integrating Cisco Instant Connect with Cisco...