Rating: 0 out of 5 stars
0 ratings
Ebook676 pages3 hours
Deploying Certificates Cisco Meeting Server: Design your certificates for CMS services and integrate with Cisco UCM Expressway and TMS
Rating: 0 out of 5 stars
()
About this ebook
Cisco Meeting Server brings premises-based video, audio, and web communication together to provide effective collaboration and to provide an intuitive conferencing solution for users.
The Cisco Meeting Server is very secure, the services and applications running on the node use the TLS protocol for communication. TLS allows Cisco Meeting Server nodes to exchange digital certificates and public keys in order authenticate the other entity, exchange symmetric encryption algorithms and the encrypted key to encrypt data transmitted between the entities.
This book is a series of projects that helps you as a reference to deploy cisco meeting server with the appropriate digital certificates in real environment either in new deployment or an extension for an existing deployment.
The idea behind this book is to provide a dedicated guideline for your real deployments and projects, the goal is to explain with practice how to create and install digital certificates for different deployment types "single combined and Resilient & Scalable deployment"
How to create a single Multi-SAN certificate where the same certificate can be deployed on multiple servers and multiple services. and different certificates where each service requires its own certificate, for WebAdmin, WebBridge, CallBridge and Database services, starting with the appropriate CSR (Certificate Signing Request), how to populate the CN (Common Name) and SAN (Subject Alternative Name) attributes with appropriate values in order to successfully enable cisco CMS Services and to ensure successful SSL Handshake negotiation. Also, how to prepare the certificates for Streamer, recorder, and scheduler services. Certificate pinning is covered so that the Call Bridge will trust certificates of Web Bridges that have been signed by a certificate in the trust store.
How to integrate the Cisco CMS with different cisco collaborations components such as:
• Cisco Unified Communication Manager with appropriate Dial Plan
• Cisco Expressway Series to provide WebRTC connection for external user in an easy and secure fashion.
• integration with the Cisco Meeting Management and Cisco Telepresence Management Suite to manage
and schedule conferences.
The Recorder and Scheduler services are covered with detailed implementation to allow users to record and schedule meeting through the spaces, Streamer integration with Wowza Streaming Engine for live streaming, integration of Cisco CMS as AdHoc conference bridge.
The Cisco Meeting Server is very secure, the services and applications running on the node use the TLS protocol for communication. TLS allows Cisco Meeting Server nodes to exchange digital certificates and public keys in order authenticate the other entity, exchange symmetric encryption algorithms and the encrypted key to encrypt data transmitted between the entities.
This book is a series of projects that helps you as a reference to deploy cisco meeting server with the appropriate digital certificates in real environment either in new deployment or an extension for an existing deployment.
The idea behind this book is to provide a dedicated guideline for your real deployments and projects, the goal is to explain with practice how to create and install digital certificates for different deployment types "single combined and Resilient & Scalable deployment"
How to create a single Multi-SAN certificate where the same certificate can be deployed on multiple servers and multiple services. and different certificates where each service requires its own certificate, for WebAdmin, WebBridge, CallBridge and Database services, starting with the appropriate CSR (Certificate Signing Request), how to populate the CN (Common Name) and SAN (Subject Alternative Name) attributes with appropriate values in order to successfully enable cisco CMS Services and to ensure successful SSL Handshake negotiation. Also, how to prepare the certificates for Streamer, recorder, and scheduler services. Certificate pinning is covered so that the Call Bridge will trust certificates of Web Bridges that have been signed by a certificate in the trust store.
How to integrate the Cisco CMS with different cisco collaborations components such as:
• Cisco Unified Communication Manager with appropriate Dial Plan
• Cisco Expressway Series to provide WebRTC connection for external user in an easy and secure fashion.
• integration with the Cisco Meeting Management and Cisco Telepresence Management Suite to manage
and schedule conferences.
The Recorder and Scheduler services are covered with detailed implementation to allow users to record and schedule meeting through the spaces, Streamer integration with Wowza Streaming Engine for live streaming, integration of Cisco CMS as AdHoc conference bridge.
Read more from Redouane Meddane
IP Routing Protocols All-in-one: OSPF EIGRP IS-IS BGP Hands-on Labs Network Security All-in-one: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security Rating: 0 out of 5 stars0 ratingsDial Plan and Call Routing Demystified On Cisco Collaboration Technologies: Cisco Unified Communication Manager Rating: 0 out of 5 stars0 ratingsOSPF Demystified With RFC: Request For Comments Translated Into Practice Rating: 5 out of 5 stars5/5
Related to Deploying Certificates Cisco Meeting Server
Related ebooks
Introduction to Python Network Automation: The First Journey Rating: 0 out of 5 stars0 ratingsImplementing Cisco UCS Solutions - Second Edition Rating: 0 out of 5 stars0 ratingsCisco ACI Cookbook Rating: 3 out of 5 stars3/5OpenStack Orchestration Rating: 5 out of 5 stars5/5Practical Deployment of Cisco Identity Services Engine (ISE): Real-World Examples of AAA Deployments Rating: 5 out of 5 stars5/5VMware NSX Network Essentials Rating: 0 out of 5 stars0 ratingsBuilding Telephony Systems with OpenSER Rating: 0 out of 5 stars0 ratingsCisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3 Rating: 0 out of 5 stars0 ratingsLinux Security Fundamentals Rating: 0 out of 5 stars0 ratingsComptia Network+ V6 Study Guide - Indie Copy Rating: 0 out of 5 stars0 ratingsMCA Microsoft Certified Associate Azure Network Engineer Study Guide: Exam AZ-700 Rating: 0 out of 5 stars0 ratingsVersatile Routing and Services with BGP: Understanding and Implementing BGP in SR-OS Rating: 0 out of 5 stars0 ratingsCisco Networks: Engineers' Handbook of Routing, Switching, and Security with IOS, NX-OS, and ASA Rating: 0 out of 5 stars0 ratingsCWDP Certified Wireless Design Professional Official Study Guide: Exam PW0-250 Rating: 5 out of 5 stars5/5Cisco UCS Cookbook Rating: 0 out of 5 stars0 ratingsActive Directory Federation Services A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCCIE Security A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsPacket Tracer Network Simulator Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-006 Rating: 0 out of 5 stars0 ratingsGNS3 Network Simulation Guide Rating: 0 out of 5 stars0 ratingsMicrosegmentation Architectures A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsSubnetting Rating: 0 out of 5 stars0 ratingsSD-WAN and Cloud Networking Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsVMware Certified Professional Data Center Virtualization on vSphere 6.7 Study Guide: Exam 2V0-21.19 Rating: 0 out of 5 stars0 ratingsSolarWinds Server & Application Monitor : Deployment and Administration Rating: 0 out of 5 stars0 ratings
Teaching Methods & Materials For You
The Three Bears Rating: 5 out of 5 stars5/5Speed Reading: How to Read a Book a Day - Simple Tricks to Explode Your Reading Speed and Comprehension Rating: 4 out of 5 stars4/5How to Take Smart Notes. One Simple Technique to Boost Writing, Learning and Thinking Rating: 4 out of 5 stars4/5The 5 Love Languages of Children: The Secret to Loving Children Effectively Rating: 4 out of 5 stars4/5Personal Finance for Beginners - A Simple Guide to Take Control of Your Financial Situation Rating: 5 out of 5 stars5/5Speed Reading: Learn to Read a 200+ Page Book in 1 Hour: Mind Hack, #1 Rating: 5 out of 5 stars5/5How to Diagnose and Fix Everything Electronic, Second Edition Rating: 4 out of 5 stars4/5Becoming Cliterate: Why Orgasm Equality Matters--And How to Get It Rating: 4 out of 5 stars4/5Grit: The Power of Passion and Perseverance Rating: 4 out of 5 stars4/5Fluent in 3 Months: How Anyone at Any Age Can Learn to Speak Any Language from Anywhere in the World Rating: 3 out of 5 stars3/5Verbal Judo, Second Edition: The Gentle Art of Persuasion Rating: 4 out of 5 stars4/5Principles: Life and Work Rating: 4 out of 5 stars4/5Good to Great: Why Some Companies Make the Leap...And Others Don't Rating: 4 out of 5 stars4/5Financial Feminist: Overcome the Patriarchy's Bullsh*t to Master Your Money and Build a Life You Love Rating: 5 out of 5 stars5/5Lies My Teacher Told Me: Everything Your American History Textbook Got Wrong Rating: 4 out of 5 stars4/5The Science of Making Friends: Helping Socially Challenged Teens and Young Adults Rating: 5 out of 5 stars5/5Jack Reacher Reading Order: The Complete Lee Child’s Reading List Of Jack Reacher Series Rating: 4 out of 5 stars4/5The Four-Hour School Day: How You and Your Kids Can Thrive in the Homeschool Life Rating: 5 out of 5 stars5/5The Chicago Guide to Grammar, Usage, and Punctuation Rating: 5 out of 5 stars5/5Weapons of Mass Instruction: A Schoolteacher's Journey Through the Dark World of Compulsory Schooling Rating: 4 out of 5 stars4/5From 150 to 179 on the LSAT Rating: 4 out of 5 stars4/5Closing of the American Mind Rating: 4 out of 5 stars4/5A study guide for Frank Herbert's "Dune" Rating: 3 out of 5 stars3/5The Diversity Delusion: How Race and Gender Pandering Corrupt the University and Undermine Our Culture Rating: 4 out of 5 stars4/5
Related podcast episodes
CCNP Specializations: In this episode of The Broadcast Storm, we'll talk about the potential specialization exams that can be paired with ENCOR (350-401) in order to complete a CCNP certification. Happy listening! ---------- Want to secure your Internet connection? Click ... 100% found this document usefulS17:E5 - What is AWS and how you become a cloud engineer (Hiroko Nishimura): Opening doors and knocking out AWS jargon 100% found this document usefulGoing Linux #332 · Listener Feedback: Going Linux #332 · Listener Feedback 0% found this document usefulSecurity Trends in 2023 and Beyond 0% found this document usefulEpisode 233: Manual unit testing and WFH demotivation 100% found this document usefulcybersecurity maturity model certification (CMMC) (noun) [Word Notes] 0% found this document useful
Related articles
“Wi-Fi Congestion In Suburban Areas Has Never Been So Bad, And Sorting Out The Mess Needs Tools” PC Pro MagazineArticle
“Wi-Fi Congestion In Suburban Areas Has Never Been So Bad, And Sorting Out The Mess Needs Tools”
Apr 8, 2021
10 min readThe 5 Worst Home Networking Mistakes and How to Avoid Them Residential Tech TodayArticle
The 5 Worst Home Networking Mistakes and How to Avoid Them
Oct 15, 2020
4 min readHow Your Network Works MacLifeArticle
How Your Network Works
May 29, 2018
3 min readHow to Use NetSpot to Map out Your Wi-Fi Network MacWorldArticle
How to Use NetSpot to Map out Your Wi-Fi Network
Jan 24, 2017
2 min readTwo-factor Tools TechLifeArticle
Two-factor Tools
May 30, 2022
3 min readAll about Ethernet TechLifeArticle
All about Ethernet
Jan 11, 2021
4 min readHow to Fix Your Wi-Fi Network PCWorldArticle
How to Fix Your Wi-Fi Network
Jan 5, 2018
9 min readCreating a Cybersecurity Checklist Residential Tech TodayArticle
Creating a Cybersecurity Checklist
Aug 25, 2021
Cybersecurity technology has experienced a tremendous surge in consumer interest in 2021 that has shown no signs of slowing down. The trend is largely because developers are introducing numerous innovations in this realm, at a pace that meets market
4 min readHost Your Own Secure VPS-based WireGuard Linux FormatArticle
Host Your Own Secure VPS-based WireGuard
Jul 26, 2022
Virtual Private Networks are everywhere these days. Search any query of a vaguely technical nature, and most of the time, you’ll end up on a cunningly disguised VPN affiliate site where you’ll find that the answer to your problem is to use a VPN. Thi
10 min readKRACK Wi-Fi Attack Threatens All Networks: How To Stay Safe And What You Need To Know MacWorldArticle
KRACK Wi-Fi Attack Threatens All Networks: How To Stay Safe And What You Need To Know
Nov 29, 2017
5 min readRun Windows 11 on a Raspberry Pi 4 Maximum PCArticle
Run Windows 11 on a Raspberry Pi 4
Feb 1, 2022
5 min readThe 5g Dream Maximum PCArticle
The 5g Dream
Aug 20, 2019
9 min readNetwork Monitoring Software PC Pro MagazineArticle
Network Monitoring Software
Dec 10, 2020
3 min readSecure Your Servers Linux FormatArticle
Secure Your Servers
Apr 7, 2020
No matter what you do with your Linux servers you will almost certainly have SSH access to them. Indeed this might be the only access you have, so it would be wise to secure it. Naturally, you will already be using a strong password and will have alr
4 min readKAFKA Build Utilities With The Kafka Server Linux FormatArticle
KAFKA Build Utilities With The Kafka Server
Jul 2, 2019
Nowadays, quite a few data architectures involve both a database and Apache Kafka, which is a distributed streaming platform and the subject of this tutorial. You can also find Kafka described as a publish-subscribe message system, which is a fancy w
7 min readGuide To Two-factor Authentication Android AdvisorArticle
Guide To Two-factor Authentication
May 17, 2019
6 min readHack The Planet/Parrot Linux FormatArticle
Hack The Planet/Parrot
May 31, 2022
2 min readMethods of Communication Residential Tech TodayArticle
Methods of Communication
Dec 21, 2021
8 min readFortinet FortiGate 60F PC Pro MagazineArticle
Fortinet FortiGate 60F
Mar 11, 2021
2 min readEdge and Cloud Computing Can They Coexist Peacefully? TechfastlyArticle
Edge and Cloud Computing Can They Coexist Peacefully?
Jun 1, 2022
6 min readUnderstanding The Power Of Certificates Linux FormatArticle
Understanding The Power Of Certificates
Sep 21, 2021
8 min read3CX Phone System Pro 16 Update 8 PC Pro MagazineArticle
3CX Phone System Pro 16 Update 8
Jun 10, 2021
2 min readBuild Your First Reverse Proxy Maximum PCArticle
Build Your First Reverse Proxy
Jan 7, 2020
7 min readEasy Https With Certbot Linux FormatArticle
Easy Https With Certbot
Jan 12, 2021
Certbot is a tool from the Electronic Frontier Foundation that automates the generating and updating of free SSL certificates from Let’s Encrypt. This enables you to serve content over HTTPS, which provides encryption, but also some guarantees that y
1 min readNetSupport Manager 14 PC Pro MagazineArticle
NetSupport Manager 14
Sep 7, 2023
PRICE 1-500 systems, perpetual licence, £10 each exc VAT from netsupportmanager.com SMBs that want the best on-premises remote support solution need look no further than NetSupport Manager (NSM). Now well into its third decade, NSM has been continuou
2 min readMore On Let’s Encrypt Linux FormatArticle
More On Let’s Encrypt
Mar 10, 2020
Let’s Encrypt launched in 2016 and offers both individuals and organisations a way to obtain completely free TLS (historically called SSL) certificates, allowing traffic to be encrypted between a web browser and server. Let’s Encrypt makes use of a c
1 min readNetSupport Manager 12.8 PC Pro MagazineArticle
NetSupport Manager 12.8
Aug 13, 2020
2 min readConnectWise Control 21.8 PC Pro MagazineArticle
ConnectWise Control 21.8
Sep 9, 2021
2 min readAdding A Reverse Proxy To Nextcloud Linux FormatArticle
Adding A Reverse Proxy To Nextcloud
Mar 10, 2020
8 min readIDrive RemotePC Team PC Pro MagazineArticle
IDrive RemotePC Team
Sep 7, 2023
PRICE First year, 50 computers, £172 exc VAT from remotepc.com IDrive has been our cloud backup provider of choice for many years, and its RemotePC service aims to offer the same appealing combination of features, value and simplicity. Even better, I
2 min read
Reviews for Deploying Certificates Cisco Meeting Server
Rating: 0 out of 5 stars
0 ratings
0 ratings0 reviews
Book preview
Deploying Certificates Cisco Meeting Server - Redouane MEDDANE
Project 1: Single-Combined Deployment Multi-SAN Certificates
C:\Users\acer\Desktop\Collaboration\HQ-CMS\topo.PNGNetwork Setting Configuration of Cisco Meeting Server
Log into HQ-CMS with default user admin and admin as password. After you log in, it asks you to change the password.
Change the hostname.
acano>hostname hq-cms
After this command, the CMS will ask you to reboot CMS in order to activate new hostname. You can reboot the CMS with the reboot command.
acano>reboot
hq-cms>
Configure a static IP address and a gateway. In this command, a is the name of a interface.
hq-cms>ipv4 a add 10.1.5.20/24 10.1.5.29
You need DNS and NTP servers for CMS to work properly. Considering that they are already up and running.
hq-cms>ntp server add 10.1.5.29
hq-cms>dns add forwardzone collab.com 10.1.5.27
Certificate Preparation for Cisco Meeting Server
Certificate configuration is required for the Call Bridge, Web Bridge and Web Admin services. Certificates should be signed by internal or external certificate authorities.
To generate a Certificate Signing Request (CSR) and private key locally, the following command is used, I give the name cmscert.
C:\Users\acer\Desktop\Lab TMS Clustering\CMS\8.PNGhq-cms>pki csr cmscert CN:collab.com OU:CCNP O:Collaboration L:Hydra ST:Algiers C:AL subjectAltName:webbridge.collab.com,xmpp.collab.com,callbridge.collab.com,join.collab.com,webadmin.collab.com,hq-cms.collab.com,*.lab.local,10.1.5.20,10.1.5.42,10.1.5.0/24
To retrieve the CSR, login to HQ-CMS using WinSCP.
Access the CA server 10.1.6.27.
Start the Certification Authority console, select Certificate Template. Right-click the Certificate Template and select Manage.
Duplicate the Web Server template and configure the duplicate template to allow server and client authentication.
C:\Users\acer\Desktop\Lab TMS Clustering\AD CERT Template\2.PNGConfigure the Template Name and Template display name of the duplicate template to CMS and Cisco Meeting Server respectively.
C:\Users\acer\Desktop\Lab TMS Clustering\AD CERT Template\1.PNGC:\Users\acer\Desktop\Lab TMS Clustering\AD CERT Template\3.PNGOn the Certificate Console, issue a new certificate template named CMS.
C:\Users\acer\Desktop\Lab TMS Clustering\AD CERT Template\4.PNGAccess the CA server 10.1.5.27 GUI using the url http://10.1.5.27/certsrv.
Click Request a certificate and the click advanced request certificate.
C:\Users\acer\Desktop\Collaboration\Lab TMS Clustering\AD CERT\1.PNGC:\Users\acer\Desktop\Collaboration\Lab TMS Clustering\AD CERT\2.PNGEdit the CSR in notepad and past the content. In the Certificate Template, select Cisco Meeting Server.
C:\Users\acer\Desktop\Collaboration\Lab TMS Clustering\AD CERT\6.PNGSelect Base 64 Encoded and click Download certificate.
C:\Users\acer\Desktop\Collaboration\Lab TMS Clustering\CERT\2.PNGBelow the Certificate named cmscert after submitting the CSR to the CA.
C:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\Nouveau dossier\1.PNGA chain certificate is required to trust the cmscert certificate when you will enable webadmin, callbridge.
A chain certificate is a single file (with an extension of .pem, .cer or.crt) holding a copy of the Root CA’s certificate and all intermediate certificates in the chain.
To create a chain certificate, you need the Root CA or the CA’s certificate and a Subordinate CA’s certificate with the Common Name : collab.com.
To get a Subordinate CA’s certificate, we need to generate a CSR.
You can use openssl tool to generate a CSR with Common Name : collab.com.
If you did not install openssl, you can generate the CSR on Cisco Meeting Server.
Access the HQ-CMS GUI using the url https://10.1.5.20:445.
From the CLI, type the following command, the name of the CSR is adcert and the Common Name is collab.com.
hq-cms>pki csr adcert CN:collab.com OU:CCNP O:Collaboration L:Hydra ST:Algiers C:AL
Retrieve the CSR named adcert using WinSCP, access HQ-CMS using WinSCP, then copy the adcert CSR into your PC.
C:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\winscp1.PNGAccess the CA server 10.1.5.27 GUI using the url http://10.1.5.27/certsrv.
Click Request a certificate and the click advanced request certificate.
C:\Users\acer\Desktop\Collaboration\Lab TMS Clustering\AD CERT\1.PNGC:\Users\acer\Desktop\Collaboration\Lab TMS Clustering\AD CERT\2.PNGEdit the CSR in notepad and past the content. In the Certificate Template, select Subordinate Certification Authority.
C:\Users\acer\Desktop\Collaboration\Lab TMS Clustering\AD CERT\5.PNGSelect Base 64 Encoded and click Download certificate.
C:\Users\acer\Desktop\Collaboration\Lab TMS Clustering\AD CERT\4.PNGBelow the the Certificate named adcert after submitting the CSR to the CA.
C:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\ADCERT1.PNGAccess the CA server 10.1.5.27 GUI using the url http://10.1.5.27/certsrv.
Click Download a CA certificate, certificate chain, or CRL.
C:\Users\acer\Desktop\Collaboration\Lab TMS Clustering\AD CERT\1.PNGSelect Base 64, then click Download CA certificate, name it Root-CA.
C:\Users\acer\Desktop\Collaboration\Lab TMS Clustering\AD CERT\3.PNGBelow the CA’s certificate.
C:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\root ca 1.PNGNow the CA’s certificate and the Subordinate CA’s certificate with the Common Name : collab.com are ready, we can create a chain certificate.
To create a chain certificate, use a plain text editor such as notepad. All of the characters including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- tags need to be inserted into the document. There should be no space between the certificates, for example no spaces or extra lines between -----END CERTIFICATE----- of certificate 1 and -----BEGIN CERTIFICATE----- of certificate 2. Certificate 1 will end with -----END CERTIFICATE----- and the very next line will have -----BEGIN CERTIFICATE---- for certificate 2. At the end of the file there should be 1 extra line. Save the file with an extension of .pem, .cer, or .crt.
Edit the certificate named adcert created previously with nodepad.
C:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\ADCERT.PNGEdit the Root-CA certificate with nodepad.
C:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\Root CA.PNGPast the adcert certificate first and then past the Root-CA certificate at the end, save the file with .cer extension. Name it CA-Chain.cer.
C:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\CA-Chain2.PNGC:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\CA-Chain3.PNGBelow the Chain Certificate named CA-Chain.
C:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\CA-Chain1.PNGA chain certificate is also required for Webbridge3 in version 3.
Edit the certificate named cmscert created previously with nodepad.
C:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\CMS-CERT2.PNGEdit the CA-Chain certificate created previously with nodepad.
C:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\CA-Chain2.PNGC:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\CA-Chain3.PNGPast the cmscert certificate first and then past the CA-Chain certificate at the end, save the file with .cer extension. Name it CMS-Chain.cer.
C:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\CMS-Chain1.PNGC:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\CMS-Chain2.PNGBelow the Chain Certificate named CMS-Chain.
C:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\CMS-Chain.PNGCopy the three certificates cmscert, CA-Chain and CMS-Chain to hq-cms using WinSCP.
C:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\winscp.PNGUse the pki list command to verify that the three certificates are present.
C:\Users\acer\Desktop\Lab TMS Clustering\Cert preparation\PKI List.PNGEnabling the Web Admin Service
By default, Web Admin listens on HTTPS port of 443. However, we will enable the Web Bridge for conference users and this service will be available on the default HTTPS port 443. To enable both services to co-exist, we will configure Web Admin to listen on port 445.
On CMS-A, specify the interface and HTTPS port 445 for the web interface.
C:\Users\acer\Desktop\Lab TMS Clustering\CMS\3.PNGhq-cms>webadmin listen a 445
For the certificate to be used, specify the certificate cmscert created in previously with the relevant key.
C:\Users\acer\Desktop\Lab TMS Clustering\CMS\4.PNGhq-cms>webadmin certs cmscert.key cmscert.cer CA-Chain.cer
Route HTTP requests to HTTPS.
C:\Users\acer\Desktop\Lab TMS Clustering\CMS\5.PNGhq-cms>webadmin http-redirect enable
Finally activate the web admin service.
C:\Users\acer\Desktop\Lab TMS Clustering\CMS\6.PNGhq-cms>webadmin enable
Verify that the webadmin service is running is using the webadmin command.
C:\Users\acer\Desktop\Lab TMS Clustering\CMS\7.PNGLicense Activation using Cisco Meeting Management
Access the Cisco Meeting Management GUI hq-cmm.
C:\Users\acer\Desktop\Lab TMS Clustering\CMM\1.PNGIn the Settings at the right, go to License, click Change and select Smart Licensing option.
Click Save.
C:\Users\acer\Desktop\Lab TMS Clustering\CMM\3.PNGC:\Users\acer\Desktop\Lab TMS Clustering\CMM\4.PNGC:\Users\acer\Desktop\Lab TMS Clustering\CMM\7.PNGAdd a CallBridge to CM
Click Servers to add a Callbridge to CMM. Click Add Call Bridge.
Add the following information:
a. Server Address: 10.1.5.20
b. Port: 445
c. Username: admin
d. Password: (password of CMS)
e. Display name: hq-cms
Check the Use Trusted Certificate Chain boxes. Upload the chain certificate CA-Chain created previously.
C:\Users\acer\Desktop\Lab TMS Clustering\CMM\8.PNGC:\Users\acer\Desktop\Lab TMS Clustering\CMM\9.PNGC:\Users\acer\Desktop\Lab TMS Clustering\CMM\10.PNGNavigate to License at the right, and click the Start Trial button at the left. Make sure the CMM has internet connectivity to register for Trial Mode.
C:\Users\acer\Desktop\Lab TMS Clustering\CMM\11.PNGC:\Users\acer\Desktop\Lab TMS Clustering\CMM\12.PNGCallbridge Configuration
Configure callbridge on HQ-CMS listen on the interface a.
hq-cms>callbridge listen a
Specify the certificate cmscert created in previously with the relevant key.
hq-cms>callbridge certs cmscert.key cmscert.cer CA-Chain.cer
Restart the callbridge
hq-cms>callbridge restart
C:\Users\acer\Desktop\Lab TMS Clustering\CMS1\1.PNGVerify the callbridge on both HQ-CMS.
C:\Users\acer\Desktop\Lab TMS Clustering\CMS1\2.PNGWebbridge 3 Configuration
From the HQ-CMS CLI, enter the following commands.
C:\Users\acer\Desktop\Lab TMS Clustering\CMS1\3.PNGOn HQ-CMS, verify the webbridge3 configuration.
C:\Users\acer\Desktop\Lab TMS Clustering\CMS1\4.PNGOn HQ-CMS GUI navigate to Configuration > API.
In the Filter section, type "webbridges". Click Create New. Populate the url field with the following: url: c2w://hq-cms.collab.com.com:9999, then click Create.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\15.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\16.PNGClick Create New. Populate the url field with the following: url: https://join.collab.com, then click Create.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\17.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\18.PNGYou should see the following output.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\19.PNGActive Directory Integration
Importing users from an LDAP directory allows conference participants to log into the Cisco Meeting App using their own AD account to manage their spaces and to join meetings. Participants can also join meetings as guest users.
On HQ-CMS, navigate to Configuration > Active Directory.
Configure the following parameters for the Active Directory.
Save your changes by clicking Submit.
Click the Sync now.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\1.PNGNavigate to Status > Users. It will display the users created by the LDAP import.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\2.PNGNavigate to Configuration > Spaces. It should display the spaces that were created from the imported users.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\3.PNGIncoming Calls Configuration
Navigate to Configuration > Incoming calls.
Add an incoming rule with Domain name demystify.com. Ensure that the Targets spaces is set to Yes.
The domain name demystify.com will be used by users in the host portion of URI to dial into a conference or space.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\4.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\5.PNGNavigate to Configuration > Space.
Create a new space. Enter the following informations:
Name: Demystifying Everything Meeting
URI user part: meet
Call ID: 1111
C:\Users\acer\Desktop\Collaboration\HQ-CMS\14.PNGWhen a user registered to HQ-CUCM wants to join this meeting, he dials meet@demystify.com, the call is sent to the call control HQ-CUCM, a SIP route pattern with domain routing demystify.com should be configured on HQ-CUCM that points to the SIP Trunk to CMS Cluster (the configuration will be done later), the CMS lookup the host portion @demystify.com for a matching in the Incoming Calls Table and a Domain name demystify.com exists, then the CMS lookup the User portion meet@ to find a matching in the Spaces Table and a space with User Portion URI exists, finally the user joins the meeting named Demystifying Everything Meeting.
Cisco Unified Communication Manager Integration
Create a SIP Trunk toward HQ-CMS 10.1.5.20, named SIP_Trunk_HQ_CMS.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\6.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\7.PNGIn the SIP Information, enter the IP address 10.1.5.20 of HQ-CMS, and select the TrunkSIP_Security_Profile_CMS and SIP Profile CMS. In Normalized Script, Select cisco-meeting-server-interop.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\8.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\9.PNGNavigate to Call Routing > Sip Route Pattern and click Add New.
To route call to HQ-CMS, configure the following parameters :
Pattern Usage: Domain Routing
IPv4 Pattern: demystify.com
SIP Trunk/Route List: SIP_Trunk_HQ_CMS
C:\Users\acer\Desktop\Collaboration\HQ-CMS\10.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\11.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\12.PNGTest Personal Space
From an an PC-1, open a web browser and type the URL http://join.collab.com. Click Sign in and connect using the username pnewman@collab.com.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\TEST\1.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\TEST\2.PNGClick Join to join pnewman Meeting Space.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\TEST\3.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\TEST\4.PNGFrom an an PC-2, open a web browser and type the URL http://join.collab.com. Click Sign in and connect using the username kdouglas@collab.commailto:jsmith@lab.local.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\CMS LAB\1.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\CMS LAB\2.PNGNow you are connected to kdouglas’s space. Click Join Meeting then enter the Meeting ID 3001, this is the Call ID of the Space named pnewman Meeting Space.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\CMS LAB\3.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\CMS LAB\4.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\CMS LAB\5.PNGNow the user kdouglas is connected to the pnewman’s meeting.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\CMS LAB\6.PNGFrom an an PC-3, open a web browser and type the URL http://join.collab.com. Click Sign in and connect using the username cbronson@collab.commailto:jsmith@lab.local.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\CMS LAB\CMS\1.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\CMS LAB\CMS\3.PNGNow you are connected to cbronson’s space. Click Join Meeting then enter the Meeting ID 3001, this is the Call ID of the Space named pnewman Meeting Space.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\CMS LAB\CMS\4.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\CMS LAB\CMS\5.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\CMS LAB\CMS\6.PNGNow the user cbronson is connected to the pnewman’s meeting.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\CMS LAB\CMS\7.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\CMS LAB\7.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\TEST\6.PNGOn HQ-CMS, navigate to Status > Call, verify the Active Calls, notice there are three participants.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\TEST\7.PNGAccess the HQ-CMM Cisco Meeting Management, you can verify the participants pnewman@collab.com, kdouglas@collab.com and cbronson@collab.com as participants in the space named pnewman Meeting Space.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\TEST\8.PNGC:\Users\acer\Desktop\Collaboration\HQ-CMS\TEST\9.PNGTest Configured Space
From PC-5, open the Cisco Jabber and connect using username pperez@lab.local.
Place call to the space named Demystifying Everything Meeting by dialing meet@demystify.com.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\test1\1.PNGThe Cisco Jabber Client is now connected to meeting.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\test1\2.PNGFrom an an PC-4, open a web browser and type the URL http://join.collab.com.
Click Join Meeting and then enter the meeting ID 1111.
C:\Users\acer\Desktop\Collaboration\HQ-CMS\test1\3.PNGEnjoying the preview?
Page 1 of 1