CCNA Voice - CUCM User Roles with LDAP, Contact Center Users, Presence Users, Messaging Users

Transcript

1	Introduction, Agenda, and Welcome Message	0h 17m
2	What are Cisco's Unified Communication Certifications, and Where Do I Go From Here?	0h 34m
3	Fundamentals of Telephony	1h 27m
4	Quality of Service Primer	0h 29m
5	Unified Communications System Overview	1h 05m
6	Network Infrastructure Basics and Phone Registration	0h 14m
7	Network Infrastructure Overview	0h 59m
8	Network Infrastructure VLAN, NTP, DHCP	1h 25m
9	Network Infrastructure DHCP, TFTP	0h 48m
10	Cisco Unified Communications Manager Administration (CUCMA) Overview	0h 04m
11	CUCMA Serviceability Service Activation, DNS vs IP Addressing, System Shutdown	0h 21m
12	CUCMA Service Control, Bulk Administration Tool (BAT)	0h 16m
13	CUCMA BAT Report, SSH, TFTP Files, Database Replication	0h 58m
14	CUCMA Traces, RISdb, Performance Monitor (PerfMon), Real-Time Monitoring Tool (RTMT)	1h 04m
15	CUCMA BAT and TAPS	1h 09m
16	CUCMA Call Detail Records (CDR) and Call Management Records (CMR)	0h 52m
17	Cisco Unified Operating System (CUOS), Dialed Number Analyzer (DNA), Disaster Recover System (DRS)	0h 25m
18	CUOS Unified Reporting, Real-Time Monitoring Tool (RTMT)	0h 18m
19	CUCM Servers, Server Groups, Date/Time Groups, Regions, Locations Call Admission Control (CAC), Survivable Remote Site Telephony (SRST)	1h 44m
20	CUCM Device Pools, System Parameters, Enterprise Parameters, Templates	1h 09m
21	CUCM Phone Button Templates, Softkey Templates, SIP Phones, SCCP Phones	0h 40m
22	CUCM Button/Softkey Template and SCCP/SIP Phone Testing	0h 24m
23	CUCM SIP Phone Troubleshooting and Registration	0h 03m
24	CUCM Users, Groups, Lightweight Directory Access Protocol (LDAP) Overview	0h 14m
25	CUCM User Credentials, User Policies, LDAP Synchronization of Users	0h 50m
26	CUCM LDAP Synchronization cont'd, User Roles, Multi-Level Access (MLA)	1h 24m
27	CUCM User Roles with LDAP, Contact Center Users, Presence Users, Messaging Users	1h 36m
28	CUCM LDAP Custom Filters	0h 49m
29	CUCM Phone and Calling Features Overview	0h 15m
30	CUCM SCCP and SIP Phone Display	0h 23m
31	CUCM SCCP and SIP Phone Firmware	0h 12m
32	CUCM SCCP and SIP Phone Logging	0h 06m
33	CUCM SCCP and SIP Ring Setting	0h 37m
34	CUCM SCCP and SIP Phone Forwarding	0h 48m
35	CUCM SIP and SCCP Advanced Call Forwarding	0h 22m
36	CUCM SIP and SCCP Phone Auto-Answer	0h 11m
37	CUCM SIP and SCCP Phone CallBack (Camp-On)	0h 11m
38	CUCM SIP and SCCP Phone Intercom	0h 10m
39	CUCM SIP and SCCP Call Hold	0h 09m
40	CUCM SIP and SCCP Phone Call Park	0h 18m
41	CUCM SIP and SCCP Phone Call Pickup	0h 42m
42	CUCM Shared Line, Barge and cBarge Configuration	0h 27m
43	CUCM Shared Line, Barge and cBarge Testing	0h 17m
44	CUCM Media Resources Overview	0h 47m
45	CUCM Media Resources Overview cont'd	0h 44m
46	CUCM and IOS Gateways and Trunks Overview	0h 09m
47	CUCM Dial Plan Fundamental Concepts	1h 37m
48	CUCM Dial Plan Fundamental Concepts cont'd	1h 05m
49	CUCM Dial Plan - Class of Service (CoS) Calling Search Spaces and Partitions	0h 42m
50	CUCM Dial Plan - Gateways, Route Groups, Device Pools	0h 06m
51	CUCM Dial Plan - Route Lists, Standard Local Route Groups	0h 12m
52	CUCM Dial Plan - Route Patterns, Translation Patterns	0h 43m
53	CUCM Dial Plan - Calling Party Transformations and Called Party Transformations, IOS Dial Peers	1h 15m
54	CUCM Dial Plan - Private Line Automatic Ringdown (PLAR)	0h 09m
55	CUCM Dial Plan - Testing	0h 55m
56	CUCM Dial Plan - Digit Addressing, Time of Day (ToD), Hunt Group Coverage, FAC, CMC, Automated Alternate Routing (AAR) Overview	0h 58m
57	CUCM Dial Plan - Digit Addressing, Time of Day (ToD), Hunt Group Coverage, FAC, CMC, Automated Alternate Routing (AAR) Testing	1h 07m
58	Troubleshooting Endpoint Issues	0h 17m
59	Cisco Unified Border Element (CUBE) Overview	0h 50m
60	CUCM Mobility Overview	0h 42m
61	CUCM Mobile Connect Setup	1h 24m
62	CUCM Mobile Connect Ring Schedule	0h 16m
63	CUCM Mobile Connect Access Lists and Exclusivity	0h 20m
64	CUCM Mobile Voice Access Inbound Call Recognition	0h 56m
65	CUCM Mobile Voice Access Direct Inward System Access	1h 09m
66	CUCM Mobile Connect Mid-Call Features	0h 13m
67	CUCM Mobile Connect Mid-Call Features cont'd	0h 42m
68	CUCM Device and Extension Mobility Overview	0h 27m
69	CUCM Device Mobility - Between Sites but Within a Country	1h 27m
70	CUCM Device Mobility - Between Sites and Between Countries	0h 42m
71	CUCM Extension Mobility Setup	0h 51m
72	CUCME Overview, CUCME Dial Peers, Show & Debug Commands	1h 00m
73	CUCME DHCP	0h 10m
74	CUCME Clock and Network Time	0h 06m
75	CUCME TFTP Server	0h 10m
76	CUCME SIP Server Setup	0h 17m
77	CUCME SIP Phones Setup	0h 36m
78	CUCME SCCP Server Setup	0h 23m
79	CUCME SCCP Phones Setup	0h 44m
80	CUCME Directory Services	0h 10m
81	CUCME Server Redundancy for SCCP Phones	0h 13m
82	CUCME Endpoint Registration With External SIP Proxy Server	0h 06m
83	CUCME Templates	0h 17m
84	CUCME Phone Customization	0h 20m
85	CUCME Web UI	0h 34m
86	CUCME Digit Manipulation and Class of Restriction (CoR)	0h 46m
87	CUCME PSTN Dialing	0h 51m
88	CUCME Voice Translation Rules	0h 34m
89	CUCME Load Balancing VoIP Calls	0h 09m
90	CUCME Class of Restriction (CoR)	0h 23m
91	CUCME Speed Dials	0h 46m
92	CUCME Calling Features Overview	0h 19m
93	CUCME Shared Lines with SIP Phones	0h 32m
94	CUCME Shared Lines and Feature Ring with SCCP Phones	0h 17m
95	CUCME Shared Lines with Barge & Privacy with SCCP Phones	0h 27m
96	CUCME Intercom with SIP and SCCP Phones	0h 15m
97	CUCME Night Service with SCCP Phones	0h 12m
98	CUCME Call Park with SIP and SCCP Phones	0h 34m
99	CUCME Call Blocking with SIP and SCCP Phones	0h 20m
100	CUCME CallerID Blocking with SIP and SCCP Phones	0h 09m
101	CUCME Call Transfer and Call Forwarding for SIP and SCCP	0h 41m
102	CUCME as Survivable Remote Site Telephony	0h 12m
103	CUCME as Survivable Remote Site Telephony cont'd	0h 51m
104	CUCME as Survivable Remote Site Telephony cont'd	0h 23m
105	CUCME 4-Digit Reachability	0h 14m
106	CUCME Call Pickup Groups	0h 16m
107	CUCME Basic Automatic Call Distribution (B-ACD)	0h 56m
108	CUCME Basic Automatic Call Distribution (B-ACD) cont'd	0h 12m
109	CUCME Unified (Traditional) SRST	0h 12m
110	Messaging - Cisco Unity Connection (CUC) Overview	0h 14m
111	Messaging - Unity Connection Setup, Integration, Message Waiting Indicators (MWI), Users, System Call Handlers	1h 06m
112	Messaging - Unity Connection System Call Handlers, Directory Handlers, Routing Rules, Conversations, Audio Text Auto-Attendant Menus	1h 00m
113	Messaging - Cisco Unity Express (CUE) Overview	0h 49m
114	Messaging - Unity Express Setup, Integration, Message Waiting Indicators (MWI), Users, Groups	0h 52m
115	Messaging - Unity Express Administration via Web UI, Users, General Delivery Mailbox, Schedules, IVR Apps, Conversations, License Activation	1h 19m
116	Messaging - Voice Profile for Internet Mail (VPIM) Networking between Unity Connection and Unity Express	0h 31m
117	Presence Overview	0h 43m
118	Presence - Native CUCM Subscribe CSS and BLF Speed Dials	0h 45m
119	Presence - Native CUCM Presence Groups and Call History Lists	0h 23m
120	Presence - Native CUCM Presence Groups and Call History Lists cont'd	0h 18m
121	Presence - CUPS & CUCM Integration and CUPC Provisioning and Testing	1h 52m
122	Presence - CUPS & CUCM Integration and CUPC Provisioning and Testing cont'd	0h 10m
123	Presence - CUPS & CUCM with IP Phone Messenger (IPPM)	0h 25m
124	Presence 8 Updates	0h 36m
Total Duration		74h 11m

Slides - Introduction and Agenda

Slides - What are Cisco's Unified Communication Certifications...

Slides - Fundamentals of Telephony

Slides - Quality of Service Primer

Slides - Unified Communications Overview

Slides - Network Infrastructure Basics and Phone Registration

Slides - Cisco Unified Communications Manager Admininistration

Slides - Users Groups and LDAP

Slides - CUCM Phone and Calling Features

Slides - CUCM Media Resources Overview

Slides - CUCM and IOS Gateways and Trunks

Slides - Additional Call Routing Topics

Slides - Troubleshooting Endpoint Issues

Slides - Cisco Unified Border Element

Slides - Unified Mobility

Slides - Device Mobility

Slides - CUCME Overview, CUCME Dial Peers, Show & Debug Commands

Slides - CUCME Digit Manipulation and Class of Restriction

Slides - CUCME Calling Features Overview

Slides - Messaging: Cisco Unity Connection Overview

Slides - Messaging: Cisco Unity Express Overview

Slides - Presence Overview

0:00:13	So now Hurley has,
0:00:18	rights to the AXL API access, but he's also got a number of other rights.
0:00:23	We may not want to assign or allow him all of these rights.
0:00:28	We certainly weren't instructed to pull up our task,
0:00:31	to give them all these other rights. Now we might argue, well full access
0:00:36	to the informix CUCM database via xml pretty much gives him all
0:00:40	the other rights as well. Well yes,it does
0:00:45	give him all the other rights, but from a you know it's
0:00:50	it's implicit he could do all of those things via AXL.
0:00:54	Well actually we can't do everything via AXL,
0:00:57	there are certain things that are not yet supported but,
0:01:03	the idea wasn't to give him all the rights directly,
0:01:07	through the web interface and make it too easy to go in,
0:01:10	but only if he knew what he was doing with the proper sequel calls
0:01:14	through axl and updates and everything like that. So can we limit him?
0:01:18	Can we limit him to only having axl access? Sure we can.
0:01:23	So we we're on roll and we looked at user group briefly
0:01:28	because we couldn't concentrate. We only let's say dove in to,
0:01:32	super users and looked at the user IDs associated admins,
0:01:36	the one we log-in with, but we have a user ID hurley associated
0:01:42	but we don't see anything to assign individual roles.
0:01:48	Up here on related links, we can go to assign to the user group.
0:01:53	Now what we don't want to do is modify standard CCM Super Users because
0:02:02	because admin is using it, which is us, we're logged in right now.
0:02:06	that wouldn't good. Instead, let's copy this
0:02:10	and call it AXL Admin Only.
0:02:25	And now notice the users are copied as well and now we need to
0:02:32	save, make sure before we navigate off, assign a role to the user group,
0:02:39	and we're actually going to delete all the role assignments,
0:02:46	except for AXL API.
0:02:52	Here we're on AXL Admin Only, let's check it.
0:02:59	To the role that we assigned is still the only one, it is.
0:03:04	Back to the user group, hurley's assigned to it.
0:03:08	So now let's go to the application user for admin,
0:03:18	don't need this, we never did, admin.
0:03:25	And they also have access to this, we don't need them to have
0:03:28	access to this, only the standard CCM Super Users.
0:03:31	Now be careful when you're modifying admin because you could lock
0:03:34	yourself out prety quickly. All I have to do is this, this, and save and I'm done.
0:03:41	OK? So I'm not gonna do that, but now I'm gonna go to end user
0:03:45	and I'm going to look at hurley,
0:03:49	and take him off of the Super Users group.
0:03:53	And now he's only got the new group called AXL Admin Only
0:03:57	and the standard AXL API.
0:04:04	OK?
0:04:09	So we could do something similar for Jack if we wanted,
0:04:14	we could take the, now let's say the
0:04:23	standard, let's see which one probably has the best
0:04:29	Call Control, no that's CTI,
0:04:36	let's take gateway administration, Super Users is gonna have too much.
0:04:42	Copy it and say, CCM End User
0:04:50	Administrator.
0:04:56	Administrator, there we go
0:05:02	and we will assign a role to the group,
0:05:11	CM Admin users, actually maybe let's go check out roles first,
0:05:19	and see, is there any, there we go user management,
0:05:22	that was the one we wanted, so user group,
0:05:30	assign a role
0:05:36	and assign the role to the group of
0:05:40	here it is user management, add selected and delete these.
0:05:52	OK? So now we can find the user ID that begins with, actually
0:05:59	add an end user to the group, which we want to contain,
0:06:05	Jack or begin with, add selected, save.
0:06:13	So now, if we go back to end user Jack Shepherd,
0:06:19	We can see that we want him to be an end user anyway that's
0:06:24	as an end user, but now he's also an administrator,
0:06:28	Standard CCM User Administrator.
0:06:31	So let's just check this real quick, password should be defaulted to Cisco
0:06:36	from the active directory, so let's just go ahead and check it.
0:06:40	Just copy his user ID, so we don't mistype it
0:06:46	and user name, Jack Shepherd, password Cisco.
0:06:52	Actually you know what, we haven't done authentication yet
0:06:55	and I don't know what his default user ID is, so I do have to
0:06:59	change the password here, first name begins with Jack,
0:07:06	change his password to Cisco.
0:07:14	Trivial credentials of course, C1SZ0123#
0:07:22	C1SZ0123#
0:07:28	Trivial .
0:07:34	User ID of Jack Shepherd, C1SZ0123#.
0:07:43	OK?
0:07:46	Restart my browser, just in case it's a browser issue.
0:08:08	Not letting me log-in.
0:08:13	So let's go troubleshoot it.
0:08:16	Anyone catch why it can't log in?
0:08:26	Sure, change the trivial setting just so that Cisco's accepted.
0:08:29	Sure we can try that.
0:08:33	Credential policy and check for trivial passwords.
0:08:41	OK? User Managemen, End User,
0:08:52	Although I don't think that was the issue because
0:08:56	up at the top of the log-in, CUCM log-in somewhere up here,
0:09:00	it didn't say User ID or password fail.
0:09:04	OK?
0:09:08	So let's view the details of this.
0:09:16	Has access to update CCM User,
0:09:21	Access List, not CCM Administrator Acciss List. OK.
0:09:26	So we need to go take a look at the role.
0:09:32	And let's actually find a role, anything that contains
0:09:36	not answer, but user rather.
0:09:42	Standard CCM Admin Users, End Users, User Management,
0:09:47	there's Call Manager, I had chosen CCM User Managment,
0:09:50	which probably isn't bad, but I should probably choose user privilege and
0:09:54	User Management as well to add that User Group that I had created.
0:10:11	Go up to assigned roles, find a role
0:10:17	and find any role that contains user, and here we go.
0:10:22	For Call Manager, not call manager end user, check and check.
0:10:28	I think I should already have this one.
0:10:32	Selected, save.
0:10:36	Now let's go ahead and let me just copy his user name again,
0:10:41	actually let's just go ahead and
0:10:45	believing that it will work.
0:10:49	Assign trivial passwords again, now it won't change make me change
0:10:53	something that's already been entered as a password.
0:10:58	Only something that as I modify it, so C1SZ0123#.
0:11:05	C1SZ0123#.
0:11:12	Duplicate credential.
0:11:17	Right, because I told it to check for the last three. Right? OK.
0:11:23	So C1SZ0987#
0:11:28	and C1SZ0987#.
0:11:33	Another duplicated credential, log out.
0:11:39	JShepherd, C1SZ0987#
0:11:47	Still not letting us log-in.
0:11:52	But if I put in the wrong password, it would show invalid username or ID.
0:11:57	It's not saying that, let's actually make sure it's not copy and paste of my
0:12:02	username, it could be that actually. We pasted it into just a plain text editor.
0:12:09	Log-in, should delete everything, JShepherd and let me actually just
0:12:14	key everything out here in my plain text editor.
0:12:18	C1SZ0987#
0:12:29	Nope, it's just not letting me in. OK, so let's take a look.
0:12:36	OK. So I'll ask the question again. Has anyone caught what I'm doing wrong?
0:12:49	I've got user management, user privilege management,
0:13:11	I don't want necessarily give them all aspects,
0:13:16	but I may need cetrain read aspects.
0:13:28	Go ahead and just add that, CCM Admin read only.
0:13:36	Just to see if it will allow us to log-in.
0:13:51	User group
0:13:55	group we created
0:13:59	so there's users associated, wait a minute.
0:14:03	No, it is what Jack Shepherd gonna say. OK.
0:14:23	Read only
0:14:31	Copy that.
0:14:36	Scroll.
0:14:41	Under the CCM Admin, read only, user group.
0:14:52	Add a role to the group, assign a role to the group.
0:14:58	There it is, I just wasn't seeing it. Read only for
0:15:03	administration, save.
0:15:07	Now go back to end user, Jack Shepherd.
0:15:15	Now they have read only as well.
0:15:24	OK, make sure we're on the right user.
0:15:36	Still not letting me log-in.
0:15:42	Alright, we'll have to troubleshoot that.
0:15:48	Do the rest of them
0:15:50	or I'll give everyone a chance to answer if they have any ideas why.
0:15:55	We're told to allow the user Kate Austen to have access to modify
0:15:59	any phones and DNs on the system, however not to allow her to
0:16:03	see or modify anything relating to a CTI application.
0:16:08	OK? So back to roles.
0:16:22	OK. And we we're told to allow her to modify phones and DNs
0:16:28	so we really need to look at the individual roles
0:16:37	anything relating to phones,
0:16:44	I matched case on.
0:16:51	Anything relating to phones or DNs, but not relating to CTI.
0:16:55	So my guess is, there's probably something that already does
0:17:00	what we wanted to do or close to it. How about, not that's CTI.
0:17:06	We want Call Manager. How about phone management?
0:17:10	Let's see what that has access to.
0:17:13	And we'll just click so we don' have to, already there.
0:17:16	OK. So soft key web template, reorder information
0:17:25	phone webpages, phone button web pages,
0:17:30	line appearance web pages, firmware load pages,
0:17:36	OK, directory number, this is looking good, default device profile
0:17:44	CTI routepoint, that's not good, so we'll copy this,
0:17:49	and call it Kate's phone management.
0:18:01	And with this, BLF speed dial, that's fine, bulk export, that's fine.
0:18:10	Bulk Insert UTP, that's fine, CTI route point webpages,
0:18:17	CTI not OK, I think we've already looked through the rest,
0:18:24	DN firmware, line appearance,
0:18:30	phone web button, phone web pages, re-order,
0:18:35	softkey, looks good. So we'll save this.
0:18:44	OK, update successful, we created a new role.
0:18:51	Create a new group
0:18:56	in these phones, see if there's anything,
0:18:59	standard CCM Phone Administration and anyone using it.
0:19:04	Nope, let's copy and say Kate's phone admin
0:19:13	and assign it the role of phone management.
0:19:21	Looks like it already has, but it also has admin users, delete
0:19:25	CCM Admin read only, delete. Is this the one that we
0:19:33	OK.
0:19:36	There we go, Kate's phone admin.
0:19:41	Go to end user.
0:19:45	Find Kate Austen here in the mix, probably just easier to
0:19:51	you know what, Kate did not synchronize, yes she did,
0:19:55	I still have matched case on, let's turn that off.
0:20:04	OK. Kate's phone admin, add selected, save.
0:20:09	Check out the roles, standard CCM phone management,
0:20:13	I don't think that's what we we're told to have.
0:20:16	Check the group again, Kate's phone admin,
0:20:21	what role is assigned to the group, it's not what we wanted.
0:20:27	Kate's phone admin, either the wrong one,
0:20:32	that's it's always good to check your work, end user.
0:20:37	Kate
0:20:40	Great, we've got a custom role, with a custom group,
0:20:59	name password is jackass and let her try to log-in.
0:21:12	And these users are not able to log-in. Any idea what's going on guys?
0:21:20	I'm not gonna give it up to you this quick, there's been some participation,
0:21:24	I'd like to have more, so I'm not gonna give up the answer just this quick.
0:21:38	Anyone care to chime in?
0:21:41	I thought I'd just keep going until has someone has an idea.
0:21:46	Even it's not
0:21:49	Oh you know the answer, I would resync the database.
0:21:53	OK, that's a possibility, sure, we could
0:21:59	let's just check unified reporting to see if the database is accurate.
0:22:18	All servers have a replication count, that's good.
0:22:25	We'll also run a utils DB replication status.
0:22:34	Make sure that it shows good as well.
0:22:43	No errors or mismatches, replication status is good.
0:22:51	We're not seeing any rows that have missing
0:22:56	or mismatched tables. So we appear to be fine there.
0:23:09	OK, Joe says it's odd. It's kind of like,
0:23:12	here we go, getting a little participation.
0:23:14	Kind of like logging in but not allowing you to go in.
0:23:18	That's exactly what it looks like, doesn't it?
0:23:21	It looks like it's allowing us to go into the interface
0:23:25	or I should say logging authentication is successful,
0:23:30	but it's not allowing us to see the whole interface,
0:23:33	it's almost like we don't have rights to see anything,
0:23:35	so let's just go back and look at roles.
0:23:40	Look at Kate's phone management
0:23:43	and let's scroll down and make sure we can see all
0:23:48	various pieces, let's just try to look through them real quick.
0:23:51	Well let's see who is allowed to log in, admin. Right?
0:23:56	Let's take it from the opposite perspective.
0:23:59	But if we trouble shoot this way, right to the top.
0:24:03	We'll trouble shoot that way, good idea, so admin
0:24:06	As what role, standard super users, group
0:24:11	and what roles are there? AXL API access.
0:24:16	Admin Rep Tool, let's just go ahead and open some of these roles.
0:24:21	in another window.
0:24:27	OK? So we've got AXL API, that deals with AXL database,
0:24:37	Admin Rep Tool Admin,
0:24:42	OK, that's to administer CAR, we don't need that one.
0:24:47	CCM Admin users, all users with access to the CCM website.
0:24:54	Let's check out what
0:25:09	Now see this actually goes to add new,
0:25:13	look at this, this actually has an application to it.
0:25:16	Maybe that's actually what we need, it doesn't have roles
0:25:20	so let's see what else is in here, Standard CCM Admin Adminisration.
0:25:28	Administer all aspects of CCM Administer Application, there we go, yes.
0:25:35	OK? Joseph caught, you don't have access to the application webpage.
0:25:40	Exactly, so giving standard CCM Admin users,
0:25:46	I was hoping for a few more answers there,
0:25:49	before I gave you guys the answer. CCM Admin users doesn't necessarily
0:25:57	as some people might assume, doesn't necessarily gives you access
0:26:00	to everything here, it's just gives you access to the interface.
0:26:04	Just like we did yesterday, we didn't have standard CCM end user.
0:26:07	We didn't have access to the user page.
0:26:10	This just gives you access to the website, that's all.
0:26:13	It doesn't give you access to administer everything.
0:26:17	It's not that function of the admin's role CCM super user,
0:26:22	it's not this function here, this role that gives them access to everything
0:26:27	this role Standard CCM Admin Administration, so
0:26:31	So what do we need to do?
0:26:34	Go back, check our end user, Jack and Kate,
0:26:39	we already know we created a special one for Kate,
0:26:43	but we created a special one for Jack called CCM end user administration,
0:26:47	but it doesn't have, we gave them read only,
0:26:51	we don't even need to give them read only of everything,
0:26:55	that was just an attempted trouble shooting.
0:26:58	So we need to make sure that we go back to the group for standard,
0:27:03	let's just open it in a new window so we don't forget
0:27:05	where we are, what it is we're looking for.
0:27:10	CCM End User Administrator was the group
0:27:22	and we can take out read only for everything.
0:27:26	User privilege and user management that's fine
0:27:29	but we need to assign a role being,
0:27:33	Standard CCM Admin website access as selected,
0:27:39	save
0:27:41	and then also go to the group for Kate's phone admin,
0:27:48	and add the role
0:27:53	to Standard CCM Admin User.
0:28:00	OK? Now let's go refresh Jack's page.
0:28:07	See that he has Standard CCM Admin User
0:28:14	and Kate's page as well,
0:28:18	also have Standard CCM Admin User.
0:28:22	Now we should be able to log out and log in as anyone of them.
0:28:32	Copy and paste, still a good idea if you're able to.
0:28:39	Now we can log in, now can Jack go to message waiting? Nope.
0:28:44	Not authorized to access this page, they are able to log-in though.
0:28:50	Can't go look at servers.
0:28:53	Kate was able to do phones, but was Jack able to do users?
0:28:59	So we can go access and manipulate users.
0:29:03	Can he manipulate LDAP? That has to do with users. Nope.
0:29:07	Just the users themselves, so I can give multilevel access
0:29:12	to a user on my system and an end user in my system,
0:29:15	that might helping me out. They are already end users.
0:29:17	They're already created. I don't need to go create a special application
0:29:20	user for them just to do what they need to do.
0:29:23	And I can keep them from fooling around with things like LDAP.
0:29:28	But I can allow them to update the updatable fields,
0:29:33	such as you know, a password. We can reset Frank Lopides' password to
0:29:38	C1SZ0987#
0:29:42	C1SZ0987#
0:29:51	and we click save and the update is successful.
0:29:56	OK?
0:29:58	So does anyone have any question about what we did?
0:30:04	Hoping for few more people to, at least give out some ideas
0:30:09	even if you didn't know the answer. That's OK.
0:30:14	The whole idea here is the interaction.
0:30:18	OK, let's go on.
0:30:22	Actually, we've already looked at the idea of this
0:30:26	we still got a few more to go, so let's try to get through some of the others
0:30:30	and then if we have time we'll come back and do the, I don't want to
0:30:32	get too late and just perform the same task over and over again,
0:30:36	which is essentially what these are all doing, dealing with roles
0:30:38	and specific bits in the roles. OK?
0:30:41	So let's move on, we'll come back to this
0:30:44	to finish up the other redundant task.
0:30:46	And let's look at CUCM LDAP Authentication.
0:30:51	Provision the CUCM Pub Server to allow users
0:30:55	to authenticate their passwords credentials against the INE
0:30:58	LDAP Active Directory Domain Controller.
0:31:02	So now, we're getting into the place where this password field
0:31:06	that we previously used here is about to be,
0:31:15	it's about to be erased.
0:31:19	I guess I should say in the sense of, we won't be able to manipulate it.
0:31:25	Like we can't manipulate any of these fields down here, or User ID.
0:31:34	OK?
0:31:36	The reason is currently, users are authenticating. OK.
0:31:42	If we have phones here and let's say this is actually the
0:31:46	DC directory and end user.
0:31:48	This is a different user, it's a little bit highlighter.
0:31:51	And this is,
0:31:54	the password field, this is actually authenticating here with DC directory.
0:32:00	Now the rest of these fields are being synchronized over from active directory,
0:32:06	but password is still being handled locally.
0:32:13	So we're going to do
0:32:16	tell the phones to authenticate through CUCM,
0:32:35	they're gonna authenticate through CUCM on their way to the active directory.
0:32:43	OK? So we'll go up to system,
0:32:47	we're still logged in as Jack Shepherd, we can't do much.
0:32:53	Log-in as admin, that would be great.
0:32:57	And we'll go to LDAP and authentication is the only one we haven't
0:33:02	checked and now use LDAP authentication for end users.
0:33:07	As long as we have a powerful enough user and we already did,
0:33:10	such as administrator at ine.com.
0:33:15	Tell that passoword was cciecisco
0:33:22	and the search base,
0:33:27	search base, what are we gonna do? I only see save up here.
0:33:33	If I choose something like,let's go back and look at our outline.
0:33:40	If I choose something like DC
0:33:45	Hum, DC INE, OU Island Exports,
0:33:51	and executive, it's going to allow me to authenticate my excutives,
0:33:56	but what about sales,
0:34:00	IT,
0:34:02	and security?
0:34:06	How am I going to authenticate those?
0:34:09	I should say how am I going to authenticate those if,
0:34:15	if I can't add multiples here.
0:34:18	I mean it doesn't look like I can, maybe I hit save and all of a sudden,
0:34:21	copy and add new show up.
0:34:26	Now let's take a look at LDAP directory.
0:34:31	For all those who are already existing, I restarted the browser.
0:34:35	Add new, maybe it doesn't show up like that,
0:34:38	because add new doesn't show up,
0:34:41	or copy until I actually save the first one. Right?
0:34:44	Well, but wait a minute,
0:34:48	let's go back the first time, if I go back to LDAP directory
0:34:53	first time, I can click add new.
0:34:58	When I went to LDAP system there was only check
0:35:03	and then actually save didn't even show up this time which is really nice.
0:35:07	Or it's not going to I suppose until I uncheck,
0:35:09	actually I have to delete LDAP directories before I can mahe changes.
0:35:14	But when I was on LDAP authentication, I didn't click add new.
0:35:18	All I clicked is save.
0:35:21	There is no way to add new, I cannot have multiples as what I'm trying to
0:35:30	show by example here.
0:35:33	So how am I going to, taking a look back,
0:35:37	at my hierarchy, how am I going to authenticate all of these users?
0:35:47	I'm simply going to include those three only.
0:35:52	And I will not dive down any further, if that's correct.
0:35:56	Someone mentioned I have to authenticate at the top level OU,
0:36:00	that's exactly correct.
0:36:02	OK? So simply done,
0:36:08	we will use administrator,
0:36:13	at ine.com, CCIE Cisco, CCIE Cisco.
0:36:21	And I can go ahead and do this left to right, if you can process it properly
0:36:25	but probably not a bad idea to go ahead and do it from right to left.
0:36:30	dc = com, dc = ine comma space
0:36:36	ou = island natural exports.
0:36:45	And by the way I'm not copying and pasting from this page because
0:36:48	I'm treating it as if this was a printed page in your CCIE candidate
0:36:57	three ring binder that you wouldn't be able
0:36:59	to copy and paste from a physical page.
0:37:04	OK. 177.1.10.1.10
0:37:08	I can have redundant servers if I like.
0:37:12	I don't have any redundant servers here and save update successful.
0:37:18	Let's go back to end user.
0:37:21	Find all my users, check any user like Jack Shepherd.
0:37:30	What happened, Im still here isn't it?
0:37:35	Still here, wait that's pin, that's not password.
0:37:40	So no, what happened?
0:37:44	Password isn't in the page anymore, it doesn't even exist.
0:37:48	It's not even relevant, so let's remember.
0:38:00	OK. Let's remember with synchronization,
0:38:06	active directory synchronized, pushed,
0:38:13	all the synchronization over to DC directory here on CUCM.
0:38:21	OK? Pushed all information there, populated all that.
0:38:27	With authentication,
0:38:40	With authentication from a phone or webpage, you know user webpage,
0:38:46	laptop, whatever.
0:38:52	The authentication is coming up and it's going directly over,
0:38:56	it's not stopping and trying to find out a cashed authentication.
0:39:03	So this is actually something that should be noted.
0:39:06	Authentication in 7.0 and this is changed a little in 8
0:39:11	but authentication 7.0 is a bit dangerous.
0:39:17	Why?
0:39:22	Why is authentication dangerous?
0:39:26	Potentially.
0:39:30	Go ahead Joe.
0:39:32	Because if your AD is down, you won't be able to authenticate, correct?
0:39:37	That's exactly correct.
0:39:42	Unless I add a redundant server, I've got the potential
0:39:47	of this one AD server.
0:39:52	One server only, kind of written really badly, but if there's only one server,
0:40:05	Then this server goes down and I have no authentication at all.
0:40:13	OK. Eight changes that a little, there's a cashed copy locally.
0:40:16	That makes it really nice, but currently
0:40:21	Unless I have duplicate active directory, now what about synchronization?
0:40:26	Is there any problems similar with synchronization,
0:40:30	the push, having any problem?
0:40:32	No, because once it pushes that copy, remember
0:40:34	it's a copy, it's actually here on DC directory.
0:40:37	Active directory can go down all at once.
0:40:40	Now do keep in mind and this is actually been the way it has been
0:40:43	for a long time at CUCM, it still is.
0:40:46	If the publisher goes down, you lose DC directory.
0:40:51	And you also lose directory and authentication, you lose it all.
0:40:55	The publisher is a vital piece of hardware to stay out.
0:41:03	Doesn't it make a back up to the subscriber?
0:41:06	Well, it does create a back up but there is limited functionality
0:41:09	of what can happen when a publisher is down.
0:41:12	It's gotten better with, as releases have go on
0:41:15	what can actually be updated and modified in terms of
0:41:19	database and directory, but there is still a very limited
0:41:24	subset of what can be done.
0:41:26	So actually 9 is supposed to, I remember when
0:41:32	4 was supposed to address it, 5 was supposed to address it, and 6.
0:41:37	And then I don't think they promised it for 7 and then 8
0:41:40	was going to address it, but 9 is supposed to have a mixed
0:41:46	master database where all of the functions are actually
0:41:51	it will still be a subscriber, but it will sort of be what's called a
0:41:54	mixed masters, it's gonna be kind of a replicated subscriber but
0:41:58	it will be able to be, it's actually not gonna be true mix master
0:42:03	they're saying that might happen by 10, but it will be a
0:42:06	promotable database to where the publisher goes down, you can promote it
0:42:12	to the publisher if you think it's going to take a while to bring
0:42:17	the pub back online, but then you can never bring the pub back
0:42:19	online if you promote it. You would have to rebuid it as a new
0:42:24	promotable subscriber.
0:42:28	But then eventually hopefully in 10, they'll actually have the
0:42:31	mix master that they've been dealing with issues
0:42:35	sorting out bugs for so many years and haven't been able to fully implement.
0:42:39	OK, so important to have a redundant server if you're using authentication
0:42:43	for real life, for the lab, you do what you're told.
0:42:46	So now we've got the end user pushed out for authentication to
0:42:52	CUCM server, now Jack Shepherd had a password of like what,
0:42:56	C1SZ0 it's either 123# or probably 987# because
0:43:02	we already used one. Let's go ahead and log back in as Jack Shepherd
0:43:08	since we know he has access to the admin web interface now.
0:43:17	Let's just log in with the password of Cisco,
0:43:21	by the way just so there's no smoke and mirrors, let's paste this.
0:43:28	name
0:43:33	and I'll place two passwords, Cisco and C1SZ0987#.
0:43:41	OK. This was his password.
0:43:46	This doesn't work.
0:43:50	Let's not even use this. Let's go over, just to prove that we have,
0:44:01	where are you Jack, VP of Human Resources, excellent.
0:44:07	And actually, I don't want to bring up properties, I want to go to
0:44:09	reset password and let's change it to, I don't know if
0:44:14	I can copy and paste but let's change it to, his user name.
0:44:20	Alright.
0:44:25	Yes, it's gonna let me pass, unlock the account, just in case it was locked,
0:44:30	which I don't think it is, the password has been changed. Alright.
0:44:35	So same username and password.
0:44:40	Paste, paste.
0:44:45	And we can log-in.
0:44:53	So we're proving by changing his password on the
0:44:58	domain controller here and we can change it again, let's just
0:45:03	have them log out and just disable his account.
0:45:10	OK, it's still created, it's not deleted, it's just we can see the little
0:45:15	maybe you can see the little icon,
0:45:19	for locked out or disabled at this point.
0:45:25	OK. So copy paste, log in fail.
0:45:33	All we have to do is enable his account.
0:45:39	Copy paste and now we can log-in. So we proved we're using the
0:45:46	authentication through the CUCM to
0:45:50	the Microsoft Active Directory Domain Controller.
0:45:57	OK? Anyone have any questions on that? We've now covered everything
0:46:00	with LDAP for CUCM. By the way UCCX we already mentioned
0:46:08	pool it's users from DC directory.
0:46:14	OK. So it's going to continue to pool users from DC directory
0:46:17	copy the ones, synchronize the ones from, same thing with CUPS.
0:46:23	Unity Connection on the other hand, actually does not pool it's users
0:46:34	from the DC directory, well it actaully can. There's two things we can do
0:46:39	users and Unity Connection once this comes to the log-in screen
0:46:42	we log-in with our admin username and password or application user
0:46:50	is that we can either, when we first do intergration and again this is covered
0:46:56	for three days, three separate modules for all of unity including VPIN
0:47:02	including networking between unities, we'll have multiple unity servers up
0:47:09	We will deal with phone system whenever we talk about integration,
0:47:17	and one of the things that we do is we
0:47:21	can go to edit for the phone system and we can have multiple
0:47:25	phone systems or multiple integrations, Unity Connection like just unity
0:47:29	can integrate with multiple PBXs or IPPBXs or what have you
0:47:35	at the same time, but for each one and in this case for one,
0:47:39	to the CUCM cluster, we can go to Cisco Unified Communications Manager
0:47:43	AXL server, which is not necessary to have to get voicemail working
0:47:50	but it is necessary to have if
0:47:54	we want to CCIE Cisco,
0:47:58	either greater, that's great, save
0:48:08	user name password.
0:48:13	User name is administrator, all I've got to do is read the fields.
0:48:19	Port by the way, note that it's SSL, so we could do 443.
0:48:25	But we also see that the port for this and all other
0:48:29	CUOS servers are 8443, the tomcat at SSL port.
0:48:33	So that's actually a better port, both will work typically, this is a better port.
0:48:44	OK, failed to send a message, let's say test.
0:48:48	OK, let's say, that's because it's admin, not administrator.
0:48:53	Save.
0:48:57	And if we test, test message successfully sent to the
0:49:01	server at 8443. So now we could look at importing users
0:49:09	no server has been selected, phone system, there we go.
0:49:13	And we can import users like Benjamin Linus. Now wait a minute,
0:49:19	why only Ben Linus?
0:49:21	Why not all the other users from CUCM, let's open another window.
0:49:25	Since we're talking about users,
0:49:30	what does Ben Linus have, that none of the others have?
0:49:34	Let's look at Charlie Pace.
0:49:40	He has a phone number associated to him right?
0:49:45	What does Ben Linus have, that Charlie Pace doesn't have?
0:49:50	He's got a device, does that matter? Primary extension.
0:49:57	That's correct David. Primary line defined Charlie Pace
0:50:02	doesn't and he cannot until he has a controlled device.
0:50:06	All we have to do which I believe this is actually one of the
0:50:09	tasks we have that I have created earlier so let's find out.
0:50:16	Perform every kind of association between end user phone DN
0:50:20	that's possible based on the imported telephone number field,
0:50:24	do this for every end user in the DC directory.
0:50:26	We're only going to do it for a couple to demostrate but
0:50:29	the task would be to do it for everyone.
0:50:34	So
0:50:38	first of all let's go back to the user and say, based on the
0:50:41	telephone number field.
0:50:44	We could assume or we could ask the proctor,
0:50:48	if you ask the proctor, are you talking about the last 4 digits
0:50:51	of the telephone number field? I would say yes.
0:50:54	So control device,direcotry number begins with 1004.
0:51:05	And I actually don't have one, 1004 at this time.
0:51:08	So let's choose somone else, that's Daniel Faraday. He is 2002.
0:51:15	OK. Directory number is 2002.
0:51:19	We do have this one, we can choose it and save selected changes.
0:51:24	Or select, save selected changes, back to the user.
0:51:29	And then we can at this point now select 2002 and say save.
0:51:35	Now if we go back to our UCCX, I can click find again.
0:51:40	And now I've got two users that I could import.
0:51:44	But again note, these aren't being
0:51:51	I'm not using them directly from CUCM, I'm importing them.
0:51:55	I'm making copies. Whereas CUPS and UCCX actually do,
0:52:00	they don't make copies, they actually use
0:52:07	CUCM DC directory, for every single action, for looking at
0:52:13	the user ID, looking at the password which then authenticates through
0:52:19	active direcotry, for looking at the pin, for looking at the,
0:52:27	yes let me hit mute,looking at the extension. Go ahead David.
0:52:39	What I found in using like business edition, it was all undergraduate,
0:52:44	and yuo can import them directly and so automatically define for you,
0:52:47	when you delete the user and end user deleted from the actual
0:52:52	Unity Connection component as well, is that the same for this
0:52:56	when you actually import users into Unity Connection?
0:52:59	I mean a full blown Unity Connection as opposed to business edition?
0:53:09	That's a good question you know what I've
0:53:12	done a lot of importing and creating, I haven't actually deleted a user from
0:53:16	CUCM to to see if it deletes it from Unity Connection.
0:53:19	We could try that, well we could try it now even if it,
0:53:24	I was gonna say we could try it if it wasn't integrated to LDAP
0:53:27	but technically we can.
0:53:31	We could just delete it from the LDAP and do a resync.
0:53:37	Let's try it when, I don't want to go recreate all the attributes
0:53:42	for one of these users, but I will try that.
0:53:45	And I'll get back to you with an answer in email offline.
0:53:50	In terms of just DC directory,
0:53:55	OK, great.
0:53:57	So instead of importing these which I'm not gonna do.
0:54:01	We could, I could also
0:54:05	go to synchronize users
0:54:09	now I could synchronize them from CUCM,
0:54:14	it doesn't find users directly so I could search imported.
0:54:19	If I do synchronize users, I think that's where you're going to find
0:54:22	that it's going to delete if I, first of all I have to import
0:54:25	them and then I could synchronize based on the imported users.
0:54:29	But I also have the ability as we see here for LDAP
0:54:34	and the set up is exactly the same as CUCM.
0:54:37	Either way, a lot of times you'll actually find, like if I go to CUPS,
0:54:47	Unity Connection actually does say CU Admin,
0:54:51	but notice CUPS says CCM Admin.
0:54:55	If you go to the underlying operating system,
0:54:57	and various thing we've talked about,
0:55:00	yesterday in WebUI and command line,
0:55:07	that's a number of things are called CCM Admin.
0:55:13	So regardless of the CUOS server you're on,
0:55:16	whether it's Call Manager which makes sense or Unity Connection or
0:55:21	UCCX in 8.0 and basically what it is you know they got it right with
0:55:25	CUCM was the first one ported over to Linux.
0:55:28	And so once they began porting all the other servers over to Linux,
0:55:31	we're creating a new, the infrastructure work so
0:55:36	the reason I'm bringing that up is just in case you ever see something like
0:55:39	CCM Admin and you think, I'm on the Call Manager, wait no I was on CUPS.
0:55:43	I actually was on present server.
0:55:45	That's the reason, is the underlying operating system still refers to
0:55:48	everything web related as CCM Admin.
0:55:55	OK, so enable synchronizing from, we've seen this exact,
0:55:58	only thing is we can't netscape or sun, but we've got the same
0:56:04	user attribute. This is Unity Connections user ID,
0:56:11	attribut and then what is it gonna be from the
0:56:16	active directory server coming over to the
0:56:21	unity connection, so we can save this.
0:56:26	And directory configuration begins with find, we don't have any,
0:56:31	but we can add a new one.
0:56:34	And we've seen this exact page before haven't we?
0:56:36	It's all the same thing, ine, executive, let's actually just say ine,
0:56:48	Now let's do,
0:57:08	Press OK.
0:57:14	OK, so ine, what was the, RND.
0:57:21	And distinguish name, administrator at ine,
0:57:26	password CCIE Cisco, CCIE Cisco.
0:57:31	User base, ou equals, was it, PLAR.
0:57:41	D comma space ou equals
0:57:46	island trait, natural
0:57:52	exports, DC equals
0:57:57	equals ine comma DC equals com.
0:58:06	OK? Looks good.
0:58:08	Perform every six hours or whatever,
0:58:11	telephone number is gonna be IP phone,
0:58:14	177 there we go, number of these fields are showing up
0:58:18	because the web browser recognizes them as
0:58:21	inside the webpage, the html coding as the exact same thing
0:58:25	as it was over on CUCM, so save.
0:58:30	Again, this is not going to work if this isn't proper or this isn't
0:58:34	proper, so it would have given us an air.
0:58:37	We'll go ahead and do perform full sync now
0:58:43	and LDAP authentication, we could do all of the same fit.
0:59:01	Save and update successful.
0:59:04	Now it may actually take a little while to do these users to
0:59:09	synchronize them and also we would need to complete our integration.
0:59:13	So they may not show up right away in Unity Connection until we do
0:59:16	the rest of our integration. We'll come back and look at those when we
0:59:19	do the unity modules for those, but I want to get to
0:59:25	the important bit is that the synchronization,
0:59:28	looks just like at least in terms of,
0:59:33	once you actually are in the configuration pages, you know the
0:59:39	layout of all the controls or navigation from the left,
0:59:44	to versus CUCM having it.
0:59:49	Pop, I forgot Jack Shepherd.
0:59:55	Probably logged in as admin versus having it
0:59:59	at the top, looks a little bit different.
1:00:04	Right? But once we actually get into the page,
1:00:08	everything is pretty much straight forward and pretty much the same.
1:00:13	Pops in UCCX call directly from CUCM,
1:00:17	UC is unique and can do authentication locally.
1:00:21	Users locally or can synchronize like CUCM,
1:00:26	or can synchronize and authenticate and we've got one additional
1:00:31	field which is that we can tell it what regular expression to use
1:00:35	when polling phone numbers.
1:00:41	Polling user IDs and values in general.
1:00:48	OK?
1:00:52	So before we move on to anything else, any questions about LDAP?
1:00:58	Now we we're already starting to talk about user attributes
1:01:01	to phone association and we had inside CUCM begun
1:01:08	for a few users, Ben Linus, and we also added, who was the other one.
1:01:15	Daniel Faraday I believe, yes we have associated with him with the device.
1:01:18	We mentioned to perform every kind of association between end users
1:01:23	and phones DNs as possible based on the imported telephone number field.
1:01:28	But we already associated the device based on the primary
1:01:31	extension being the same as the last four digits,
1:01:34	of the user's imported telephone number from AD to DC directory.
1:01:43	However, this isn't only the kind of association control device,
1:01:47	device association, the primary extension, those being a few,
1:01:53	nothing more on this page, but let's go to the DN for 2002.
1:01:58	The actual phone and the DN, and we'll find that
1:02:02	probably list DNs if we want to know who 2002 is.
1:02:09	For this phone, we also have something here called owner user ID.
1:02:16	That is not set just becuse we did device association on another page.
1:02:21	Here we can also set this to, I believe this was Charlie Pace.
1:02:30	Or no, we we're with Daniel Faraday, good thing we checked.
1:02:35	So D. Faraday
1:02:39	We have a really large installation, it's unfortunate that this is a
1:02:42	scroll so you could have thousands and thousands of users
1:02:45	to scroll through, what you can do is, let's say it was on none,
1:02:50	I could bring it up and say DF,
1:02:54	real quickly on my keyboard or DFAR.
1:03:03	They're actually fixing that or enhancing those capabilities,
1:03:07	in future versions where I can actually do custom searches
1:03:11	on entities where thousands like calling search spaces
1:03:13	and various things and large installations.
1:03:17	OK. So that's one place that I can associate,
1:03:20	now that's gonna be used for device mobility.
1:03:25	We're not going to talk about the rest of things
1:03:27	with device mobility until that module.
1:03:30	But it's good to note that there is a user ID field to associate
1:03:35	and then also there is a line association.
1:03:39	At the bottom of the line, I can associate users with the line.
1:03:43	Now note, if I go to call routing directory number,
1:03:49	and I look up the directory number 2002 and I click on it.
1:03:56	Scroll down to the bottom, there is no line settings,
1:04:01	or associate the user. I also don't have any
1:04:04	caller ID, calling name field, call display, any of that.
1:04:10	If I go up to device phone, do the same thing I did, directory number,
1:04:15	2002 or even just look at it like it was and I click on the extension itself.
1:04:21	I'm looking at the DN, scroll down, again no line
1:04:27	or no associate user, no line information,
1:04:30	that's because I'm not looking at a line.
1:04:33	I'm looking at a directory number,
1:04:35	now for those of you who haven't worked with
1:04:38	versions of CUCM either at all or lately,
1:04:43	that there's a difference betweem line and DN, you're probably using
1:04:46	to a DN equals a line or line equals a DN, they're synonymous.
1:04:51	And they used to be, but they're not any longer, now I can actually have DNs
1:04:56	that are not associated with devices and still work.
1:04:59	It used to be that if I deleted a line off of a device,
1:05:03	it would be pretty much delete it out of the system or it might be
1:05:05	hanging around as a phantom, but it was not a usable DN.
1:05:09	Now I can have DNs completely separate from devices.
1:05:12	So as I'm looking at this DN and you might say, wait a minute,
1:05:15	2002 is not separate from a device, in fact right there
1:05:18	it says associated devices, it does.
1:05:21	But it has attributes that are independent of the device.
1:05:27	Those are the ones that persist and I can see in this webpage.
1:05:31	Attributes that are only applicable to a DN
1:05:36	as it pertains to a line and the DN itself
1:05:40	it's what's called the line appearance, so I can click on associated device,
1:05:45	edit line appearance, I come to the exact same page but
1:05:51	scroll down and guess what, now I have line settings for device,
1:05:56	line 1 on this device and forwarded call information display on this device
1:06:04	multiple call waiting for this device and users associated with a line,
1:06:09	users are not associated with the DN, they're only associated with a line.
1:06:13	So to update the terminology or definitions
1:06:17	a DN is a just a DN, directory number. A line, is a DN
1:06:23	as it is assigned and viewed from the perspective of a given device.
1:06:30	Now I can associate the end user, first name DF or actually Daniel,
1:06:37	to sort them a little better, Faraday, add the selected the user,
1:06:41	refreshes the page,
1:06:44	now I see Daniel Faraday as associated to this line. This is used for
1:06:49	unified mobility, single number reach, mobile voice access
1:06:54	and it's also used for presence where presence in 5.0
1:07:01	CUCM 5.0 if I had presence allow that I could see another phone
1:07:07	I could see all the lines on the phone, but now with
1:07:10	per line association with the users, I have the ability to
1:07:14	granularly limit the ability to see a certain line
1:07:18	on a device and not necessarily all the lines on a given device.
1:07:23	Save, maybe reset the phone, and I'll go back and do these for every
1:07:28	user that had a imported telephone number, not all of them did
1:07:34	in every device.
1:07:38	OK? So we've got a few last tasks for today.
1:07:43	We'll deal with the UCCX assign the users Kate Austen
1:07:46	and Jack Shepherd to the UCCX contact center agents.
1:07:50	OK. We first have to do the integration and then also we'll do this one
1:07:54	first user attributes per CUPS, we're not gonna do any integration
1:07:58	into the cup server or present server, but we will assign users
1:08:03	able to interact with CUPS, let's do that first.
1:08:08	That's actually going to be over here on system and licensing
1:08:14	and license capabilities assignments.
1:08:18	I need to find user IDs, in this case I'm gonna find all of them
1:08:24	and I'm gonna do bulk assignment
1:08:28	or I could do it one at a time and I'm going to enable
1:08:31	Cisco Unified Presence.
1:08:34	Do I also want to enable the personal communicator?
1:08:37	These are licenses that they take.
1:08:39	OK, so if I actually hit close, it will appear to system,
1:08:44	licensing, license unit report, I can see how many licenses I have,
1:08:51	I've got the 150 for the base demo with three
1:08:57	nodes, I'm using two of those, one's available for another subscriber,
1:09:02	I'm using 24 DLUs for phone license feature. I have 126 remaining.
1:09:07	And I can also go to the license unit calculator,
1:09:11	to see how many it's going to take to enable certain features.
1:09:16	So if I want to enable scroll down to where is it, not personal communicator,
1:09:23	presence server, end user feature license. If I want to enable
1:09:28	it's going to take one DLU each, if I want to enable let's say 20 users.
1:09:36	Calculate, that's gonna take 20 licensing, I've got that many.
1:09:40	And then what about, personal communicator, that takes three license units
1:09:44	or personal communicator adjunct. OK.
1:09:49	Adjunct being like an adjunct professor, someone that's visiting.
1:09:54	So it actually uses these licenses to begin with.
1:10:00	Or if it did use the full three, then I might need
1:10:07	80 license, but I've got 124, we'll add it and see what it uses
1:10:11	capability assignment, back to here.
1:10:16	Inspect all, bulk assignment, and presence at least,
1:10:22	let's go back and look at our task.
1:10:25	Assign the users Benjamin Linus, Kate Austen, and Jack Shepherd
1:10:29	to be licensed for the CUPC client, now it didn't say only these users.
1:10:33	But it did explicitly point these out and it did explicitly tell us to
1:10:37	assign all users interaction capabilities with CUPS, so I'm going to assume,
1:10:43	or at least just follow the directions, you could say wait a minute,
1:10:48	it didn't tell me to only do those three for CUPC you know
1:10:52	Cisco Unified Personal Communicator, will it be OK if I enable it for all.
1:10:56	Well you'll be taking a risk.
1:11:00	You could ask the proctor but it's such a simple task to not do, just save.
1:11:08	The CUP will be enabled for all and then CUPC will enabled for,
1:11:14	where do we have,
1:11:18	jack Shepherd I believe was one, Kate Austen,
1:11:23	Jack Shepherd, Kate Austen, and Ben Linus.
1:11:27	Shepherd.
1:11:29	One other thing, there we go Kate Austen and Ben Linus.
1:11:33	And we'll bulk assign those three, three is selected to CUPC.
1:11:38	And we need to enable CUP or else it will disable it, save.
1:11:45	Now we have those three, when in doubt follow directions.
1:11:49	Unless you think it's going to take way too long or
1:11:52	maybe you don't know how to, then you can clarify,
1:11:54	but always follow directions if possible.
1:11:58	OK. So we have assigned and provisioned those users to be ready
1:12:02	for CUPS and CUPC usage with CUPS
1:12:06	at a later time when we do integration.
1:12:12	Bring a presence module. So now let's go back to the final thing of UCCX.
1:12:19	There we go.
1:12:50	OK. License validation completed, next.
1:13:30	So this does take a long time,
1:13:35	to do with integration or set up, however, is it still moving?
1:13:42	Does look like it's moving now. It's very possible that
1:13:46	it's not going to like the fact that we already integrated
1:13:50	or already synchronized LDAP. What could we do
1:13:55	at this place especially since we're authenticating against LDAP?
1:13:59	If this says system components activation completed,
1:14:04	and we've got options here, but it didn't actually
1:14:10	ask us which components we wanted to activate, so let's go ahead
1:14:13	and continue and see if the components actually did get activated
1:14:16	once we get into the main screen. So we've got AXL providers,
1:14:20	we selected 10, 20 is available, 10 is fine.
1:14:27	Back to actually, let's take a look at our requirements back on,
1:14:33	section for it, integration CUCCX with CUCM cluster. Ensure that
1:14:38	cell authentication is challenge against CCM pub server only.
1:14:42	So we can only put pub here in order to meet the requirements.
1:14:46	Admin and password we already put in.
1:14:49	And ensure that both CTI roles are authenticated
1:14:52	against pub and sub servers in that respective order.
1:14:57	OK, both CTI roles, what do we mean?
1:15:01	Weve got selected CTI Manager and selected CTI Manager,
1:15:05	One or CM Telephony sub system which used to be
1:15:08	called the JTAP sub system or Java Telephony API.
1:15:12	And one for the RMCM sub system, this is the resource manager.
1:15:17	Or the one that actually controls the agents, they're different.
1:15:21	So we need to put both over and we're told to have sub
1:15:25	higher over than pub for both roles.
1:15:33	And then here we're instructed to provide a user prefix,
1:15:36	and here user ID, that's because these don't exist,
1:15:40	as application users which incidentally,
1:15:45	I don't know if we mentioned this, but application users
1:15:50	with this, if we create a new one, we can add new users first of all.
1:15:55	And they've got user name and password, the synchronization,
1:15:59	and the authentication of LDAP only affect
1:16:02	end users. They don't affect application users, those are still
1:16:06	handed locally in DC directory.
1:16:10	OK. But they can't be used as application users
1:16:14	They're actually handled in a separate partition of it because
1:16:18	they don't have all the same attributes like phone numbers and
1:16:22	device, well they can control a device, but not in the same way
1:16:25	They can't be extension mobility or mobile voice access or anything like that.
1:16:32	So it's actually going to come, UCCX is going to come and
1:16:35	create users for us, one set for jtapi or
1:16:40	CM Telephony sub system that's actually to be what's going to create
1:16:44	dynamically and control our CTI route point,
1:16:49	and CTI ports or UCCX trigger and media ports respectively.
1:16:58	We'll go back over this again when we talk about UCCX.
1:17:03	And then the RMCM sub system is gonna be user that doesn't
1:17:06	create anything, except creates the user over CUCM.
1:17:10	under application user and we will need to come over to the application user
1:17:15	and assign it to control devices that are agents. By the way,
1:17:23	UCCX is one of the unique applications that has two CTI plugs in the CUCM.
1:17:29	And you should never take the applicatoion user
1:17:33	for either one of these and assign standard CTI control
1:17:39	of all devices, that's because the jtapi or
1:17:43	CM Telephony sub system user whatever you call it,
1:17:47	should only control CTI route point supports
1:17:51	and the RMCM sub system should only see and control agent phones.
1:17:56	And then also maybe user device profiles if they are
1:18:01	extension mobility users of that nature.
1:18:05	But the RMCM should never see or control the,
1:18:09	to be able to have control over CTI ports.
1:18:12	and the Unified Telephony sub system or jtapi
1:18:15	should never have any control over the agent phones or user device profiles
1:18:19	and actually get system really confused and provide
1:18:23	very unpredictable results. So user prefix, we'll call it jtapi.
1:18:29	Password, let's just call it cisco for ease.
1:18:34	Actually trivial passwords might not allow it, C1SZ0987#
1:18:44	C1SZ0987#
1:18:49	This is actually the User ID, so we'll call it
1:18:54	.rmcm user
1:19:02	Call it UCCXRM, whatever you want to call it really
1:19:05	whatever makes sense to you, C1SZ0987#.
1:19:09	C1SZ0987# NTP,
1:19:15	177.1.10.10 is the publisher server, that'll serve as just fine.
1:19:22	Say next.
1:19:29	So while this is sitting here refreshing, we'll go back to
1:19:36	the requirements. Let's say
1:19:40	we've pretty much done the integration portion, those were just notes.
1:19:45	And then the only other thing regarding UCCX
1:19:48	is down here at the bottom in user attributes.
1:19:52	Asssign the users Kate Austen and Jack Shepherd
1:19:54	to the UCCX Contact Center agents.
1:19:58	So once this integration gets done, we don't care about recording
1:20:02	count or licenses, that's fine.
1:20:06	Default license or default group and language will be English US.
1:20:13	And here's our user configurations, so we're pooling the user from CUCM,
1:20:20	and we're saying which one is going to be our log-in user.
1:20:24	Again, remember if we had done the integration,
1:20:27	of UCCX to CUCM before we did the LDAP synchronization,
1:20:31	We need to make sure there's an LDAP user,
1:20:34	equal to the one that we had already chosen at this stage.
1:20:38	So let's choose Ben Linus, we've been picking on him.
1:20:40	He'll be a good administrator.
1:20:44	Well arguable but,
1:20:48	at least won't let anything slip through the cracks, that's for sure.
1:20:52	OK, actually don't worry about this error, this is pretty common.
1:20:56	As above that is, you should certainly stop and start the
1:21:03	jtapi system or CM telephony sub-system but,
1:21:08	we do not need to go install jtapi client, that is a bug on this version.
1:21:12	It won't affect funcitonality, everything else is good.
1:21:16	Please close your web browser now.
1:21:19	So we'll close it and open it back up, and now we have to authenticate
1:21:24	as Ben Linus. So what is Ben Linus' password?
1:21:30	Let's go to user, end user and say Ben.
1:21:37	What's your password Ben? That's right, it's not set here.
1:21:41	It's over on the DC directory. Let's fire up DC directory.
1:21:48	Not guess, let's just make sure we know what it is.
1:21:50	So let's go to executives.
1:21:53	And then Ben Linus and then we will just rest his password to cisco,
1:21:58	Now wait a minute, what about the trivial passwords?
1:22:02	Those were for credentials that were being authenticated against
1:22:06	CUCM, we're not on CUCM.
1:22:11	We're on active directory, so the only way that those
1:22:14	trivial credentials will be required is if active directory has a
1:22:21	and we won't get too far into this, this is Microsoft stuff,
1:22:24	but has a, where is it?
1:22:29	Local security policy that requires non-trivial passwords.
1:22:38	Account policies, password policy
1:22:43	password must meet complextiy requirements and that's currently disabled.
1:22:52	Sowe could enable this, of course it's locked right now, we have to
1:22:56	enable some advanced settings, we're not gonna deal with that at the moment,
1:23:00	mainly because of GPOs and things of that nature but we could,
1:23:04	actually that's just Microsoft stuff which is really not relevant to us at this point.
1:23:10	Good to know certainly but not needed, so we reset his password to cisco.
1:23:23	And he has again ignored this, jtapi versions are inconsistent.
1:23:28	OK? So we've now authenticated from UCCX
1:23:34	through CUCM to active directory and we've logged on for the first time.
1:23:42	and now we can take a look and again we're not gonna get
1:23:44	too far into UCCX today.
1:23:48	But RMCM providers have already been set up,
1:23:52	so resources are our agents and there are none.
1:23:57	OK. That's because we need to come back to CUCM,
1:24:02	go to end users and who are we told to make agents?
1:24:06	Kate Austen and Jack Shepherd, alright let's log back in to CUCM
1:24:12	and let's look for user Kate.
1:24:19	And she doesn't have a device associated so that has to be changed.
1:24:26	So actually what was her ending, 3003. OK.
1:24:32	So DN begins with 3003.
1:24:39	And I don't have that actually that record associated, let's just go ahead
1:24:42	and put her in 3002 just so that, my phone is 3003 isn't actually on my
1:24:48	pod or rack at the time, so we'll just put her on here for right now.
1:24:53	Save selected changes.
1:24:57	Back to the user, we see her associated. Now we can state,
1:25:01	wait a minute we had primary extension before,
1:25:03	but now we have a brand new field. That's because,
1:25:08	when you say UCCX integrated into DC directory,
1:25:13	or integrated into CUCM, it actually doesn't add any
1:25:17	ischema attributes to DC directory LDAP,
1:25:20	which is local here to CUCM. What it does is it flips something called the
1:25:23	IAQ flag, not that you necessarily need to know that anymore.
1:25:28	Since you can't modify DC directory like you put in 4,
1:25:31	it flips the IQ flag from false to true which essentially says
1:25:36	show this up in the end user attributes.
1:25:39	So we'll choose the primary extension and we can use
1:25:41	the same extension as IPCC, but it is required that we have
1:25:45	this extension showing if we ever want Kate to show up as a resource
1:25:51	or agent here in UCCX, that is required. OK, so well save that.
1:26:00	She also has another field that shows up called name dialing
1:26:05	which automatically takes her last and first name
1:26:10	as a concatenation if we don't change it to anything else,
1:26:14	but of course we can. OK? So now
1:26:20	we want to go back and do Jack.
1:26:28	And he is 1001, device association number 1001,
1:26:37	selected, go back to the user, he is now associated with the device.
1:26:45	We'll choose, stop scrolling, his primary and IPCC extension
1:26:50	as 1001, update was successful, scroll down
1:26:54	and make sure it's still there, it is.
1:26:56	You have to forgive me for being a little paranoid with CUCM database
1:26:59	and actually the web browser interface, I was burned too many times.
1:27:05	OK, so now did they show up? Off of resources and then back on to them.
1:27:13	And they show up.
1:27:17	Now technically there would be one more thing we need to do
1:27:20	for phone calls to work on them and that is to go to
1:27:24	application user, we'll now see a few users that have been created
1:27:29	jtapi_1, remember it said, jtapi was what we put in,
1:27:33	but it said it was going to use that as a prefix,
1:27:37	that's because we can have integrations into multiple clusters,
1:27:43	and servers for redundancy.
1:27:47	And then RMCM user was what we created. Now jtapi
1:27:51	doesn't have any devices associated to it yet,
1:27:55	it's got available but nothing controlled.
1:27:58	And it won't until CTI ports and route points are created which
1:28:04	we're not gonna do now again because we're not talking about UCCX
1:28:07	except as it pertains to users. RNCM user on the other hand,
1:28:12	this is what controls the agent phones, this we actually need to associate
1:28:18	to phones and so which phones, Jack's and Kate's.
1:28:23	1001 and 3002, so let's go open phones in a new tab.
1:28:31	Say directory number 1001,
1:28:36	postpone Foxtrot 6 Delta 7 as the last four of the MAC.
1:28:44	One of them and the other one was supposed to be 3003,
1:28:49	but 3002 is what we're using now, so that's 1 Alpha 93.
1:28:56	1 Alpha 9 3, control devices, it already has standard CTI enabled.
1:29:05	We would save that, there's really nothing we need to the other user,
1:29:09	it automatically associates those because the UCCX does so through AXL.
1:29:16	Again, just click on resources and we see those two users
1:29:21	show up with first and last name and their IPCC extension,
1:29:25	we now see them show up as call center
1:29:29	able agent, so we've met this criteria.
1:29:38	OK, so we've really gone through our attributes now
1:29:41	and we've looked at every server as they pertain to users.
1:29:46	The only thing we actually haven't brought up is the cup server.
1:29:49	We could do that real quick, why don't we just do that real quick.
1:29:52	It's not very long, it's not even near as long as the
1:30:04	UCCX, so the first we log-in we do have go through a shot wizard.
1:30:13	And it asks us for the host name,
1:30:17	of the CUCM publisher and we're just going to give it,
1:30:25	so let's do show myself,
1:30:30	CUCM 7 pub,
1:30:40	fields.
1:30:45	OK?
1:30:49	AXL user name and password, admin cciecisco, cciecisco.
1:30:57	At least one machine in the CUP cluster is not a least of the CUP nodes,
1:31:01	CUCM publishers application server list. OK, that was pretty straight forward.
1:31:08	Here we're on application user, but from system application server.
1:31:13	Remember we talked about this the other day in terms of finding the host name.
1:31:18	We've already added, well actually Unity 7 added itself because of
1:31:23	the AXL integration that was done from Unity Connection by us earlier.
1:31:29	OK, so Cisco Unified present server at the type.
1:31:33	We're adding a new one and then name, we need the host name.
1:31:36	So let's go log in to the SSH of CUPS.
1:31:44	Again show myself,
1:31:47	CUP 7 is my host name, it is important that we have the right host name.
1:31:51	That's all we need, we don't need the IP address,
1:31:55	CUPS is actually is going to try to reach out to CUCM,
1:31:59	and it will hand in it's own IP address.
1:32:03	There we go, we've got passed there, so ccie cisco.
1:32:13	Cisco.
1:32:18	And we should have completed the wizard. OK, confirm.
1:32:23	And let's go to the home administration page.
1:32:30	And now we can look at topology.
1:32:39	Now we probably need to do a few more things before our users
1:32:44	are actaully going to be visible. So right now they're not pooling.
1:32:48	We probably need to go through and actually note that for end user here,
1:32:55	there was nothing that we create. OK? These application users
1:33:00	that we can create and modify, but we actually have to assign users
1:33:06	as they come over from the CUCM server.
1:33:10	And we have to a few more things in the CUCM server
1:33:14	for it to be ready.
1:33:17	So one of the things we already done is the licensing.
1:33:26	We haven't done things like create a SIP trunk and
1:33:28	assign system parameters and domain name various other things that we
1:33:32	have to do with CUPS to make it actually show up the users.
1:33:36	But again the reason I was mentioning it was
1:33:41	they are going to show the users, they're not going to pool them.
1:33:46	They are going to show users that exist in CUCM pub just like the
1:33:54	UCCX shows users that are in the CUCM pub.
1:33:59	DC directory, Unity Connection is the only unique one that is going to
1:34:04	be just like CUCM and be able to be independent in a manner of speaking.
1:34:12

Now Viewing

CCNA Voice
Title:	CCNA Voice
Duration:	74h 11m
The CCNA Voice class is an ultimate all-in-one solution for engineers pursuing the Cisco Certified Network Associate Voice (CCNA Voice) certification. This Video-on-Demand course includes over 70 hours of instructor-led content that will fully prepare you for the latest Cisco 640-461 ICOMM v8 certification exam. Please note that per Cisco CCNA Voice certification requirements, you need to have already met the pre-requisite of having a valid regular CCNA (Routing & Switching) status.
Get instant access to our entire library!
$159/month	Add to Cart
Download this Course
$199.00	Add to Cart

CUCM User Roles with LDAP, Contact Center Use...

Create Bookmark