Load Balancer Configuration for Redundancy for SIP Federation



Similar documents
IP Phone Presence Setup

IM and Presence Service Network Setup

Security Certificate Configuration for IM and Presence Service

IM and Presence Service Network Setup

Enabling Users for Lync services

Basic Exchange Setup Guide

Pre-Change Tasks and System Health Checks

Scenario: IPsec Remote-Access VPN Configuration

Cisco Collaboration with Microsoft Interoperability

To install the SMTP service:

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Configuration Notes 0215

Integrating Avaya Aura Presence Services with Microsoft OCS

NEFSIS DEDICATED SERVER

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

WHITE PAPER Citrix Secure Gateway Startup Guide

Using LifeSize systems with Microsoft Office Communications Server Server Setup

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

NATed Network Testing IxChariot

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition

Using LifeSize Systems with Microsoft Office Communications Server 2007

Scenario: Remote-Access VPN Configuration

Basic Exchange Setup Guide

Acano solution. Third Party Call Control Guide. March E

Integrating Citrix EasyCall Gateway with SwyxWare

Application Notes for Microsoft Office Communicator Clients with Avaya Communication Manager Phones - Issue 1.1

Configure Cisco Unified Customer Voice Portal

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

nexvortex Setup Template

Using Cisco UC320W with Windows Small Business Server

Application Notes for Configuring Microsoft Office Communications Server 2007 R2 and Avaya IP Office PSTN Call Routing - Issue 1.0

Deploying the BIG-IP System with Microsoft Lync Server 2010 and 2013 for Site Resiliency

Successful IP Video Conferencing White Paper

Configuring an Etherspeak SIP Trunk in Microsoft Lync 2013

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

Implementation notes on Integration of Avaya Aura Application Enablement Services with Microsoft Lync 2010 Server.

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

How to use mobilecho with Microsoft Forefront Threat Management Gateway (TMG)

Interactive Intelligence CIC 2015 R4 Patch1 Configuration Guide

ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example

Application Note. SIP Domain Management

Network Load Balancing

Intercluster Lookup Service

Microsoft OCS with IPC-R: SIP (M)TLS Trunking. directpacket Product Supplement

Configuring Load Balancing

Motorola TEAM WSM - Cisco Unified Communications Manager Integration

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

Unified Communications Mobile and Remote Access via Cisco Expressway

Deploying the BIG-IP LTM v10 with Microsoft Lync Server 2010 and 2013

Personal Telepresence. Place the VidyoPortal/VidyoRouter on a public Static IP address

Load Balancing Exchange 2007 SP1 Hub Transport Servers using Windows Network Load Balancing Technology

Configuring Content Switching Feature

Shared Components PSTN gateways PSTN gateways New IP/PSTN Gateway Define New IP/PSTN Gateway Define the PSTN Gateway FQDN FQDN Next

Unified Communications Mobile and Remote Access via Cisco VCS

DEPLOYMENT GUIDE Version 1.2. Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5

Dell One Identity Cloud Access Manager How to Configure for High Availability

Security certificate management

Installing and Configuring vcloud Connector

Deploying the BIG-IP LTM with Microsoft Skype for Business

SBC 1000/2000 Configuration Guide with Lync 2013 for Windstream/ LPAETEC SIP Trunk Deployments

Unified Communications Mobile and Remote Access via Cisco VCS

Virtual Appliances. Virtual Appliances: Setup Guide for Umbrella on VMWare and Hyper-V. Virtual Appliance Setup Guide for Umbrella Page 1

vcloud Director User's Guide

Cisco TelePresence Video Communication Server Basic Configuration (Control with Expressway)

Configuring Digital Certificates

Implementing Intercluster Lookup Service

MilsVPN VPN Tunnel Port Translation. Table of Contents Introduction VPN Tunnel Settings...2

1 SIP Carriers Warnings Vendor Contact Vendor Web Site : Versions Verified SIP Carrier status as of 9/11/2011

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

Microsoft Lync Server 2010

F-Secure Messaging Security Gateway. Deployment Guide

How to configure WFS (Windows File Sharing ) Acceleration on SonicWALL WAN Acceleration Appliances

1.1.3 Versions Verified SIP Carrier status as of 18 Sep 2014 : validated on CIC 4.0 SU6.

The information in this document is based on these software and hardware versions:

Note: As of Feb 25, 2010 Priority Telecom has not completed FXS verification of fax capabilities. This will be updated as soon as verified.

Microsoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE

PIX/ASA 7.x and above: Mail (SMTP) Server Access on the DMZ Configuration Example

Remote Desktop Services Overview. Prerequisites. Additional References

nexvortex Setup Guide

Sonus Unified Communications SBC1000/2000 Series Enterprise Session Border Controller Configuration Guide

ASA/PIX: Load balancing between two ISP - options

Introducing the BIG-IP and SharePoint Portal Server 2003 configuration

IP Address, Domain and Hostname for IM and Presence Service on Cisco Unified Communications Manager, Release 9.1(1)

Appendix D: Configuring Firewalls and Network Address Translation

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

F-SECURE MESSAGING SECURITY GATEWAY

MailMarshal SMTP in a Load Balanced Array of Servers Technical White Paper September 29, 2003

Dialogic 4000 Media Gateway Series as a Survivable Branch Appliance for Microsoft Lync Server 2010

Cisco EXAM Implementing Cisco IP Telephony and Video, Part 2 (CIPTV2) Buy Full Product.

Polycom Unified Communications Deployment Guide for Microsoft Environments


Journaling Guide for Archive for Exchange 2007

How To Set Up An Onnet Fax On Ancienta.Com (Sagemcom) On A Pc Or Macodeo (Sagecom) With A Cell Phone Or Ipo (Omf) On An Ipo 2 (

THINKTEL COMMUNICATIONS DIGIUM G100/G200 PRI OVER IP SIP TRUNKING

Configuring Security Features of Session Recording

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Jeff Schertz MVP, MCITP, MCTS, MCP, MCSE

HOW TO CONFIGURE SQL SERVER REPORTING SERVICES IN ORDER TO DEPLOY REPORTING SERVICES REPORTS FOR DYNAMICS GP

Unified Communications in RealPresence Access Director System Environments

SIP Trunking with Microsoft Office Communication Server 2007 R2

Transcription:

Load Balancer Configuration for Redundancy for SIP Federation About the Load Balancer, page 1 IM and Presence Service Node Updates, page 1 Cisco Adaptive Security Appliance Updates, page 2 CA-Signed Security Certificate Updates, page 6 Microsoft Component Updates, page 8 AOL Component Updates, page 8 About the Load Balancer For redundancy and high availability purposes, you can incorporate a load balancer into the federated network. The load balancer is placed between the IM and Presence Service node and the Cisco Adaptive Security Appliance (see High Availability for SIP Federation). The load balancer terminates incoming TLS connections from Cisco Adaptive Security Appliance, and initiates a new TLS connection to route the content to the appropriate backend IM and Presence Service node. IM and Presence Service Node Updates When using a load balancer for redundancy, you must update settings on the IM and Presence Service publisher and subscriber nodes. Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1) OL-30957-01 1

Cisco Adaptive Security Appliance Updates Load Balancer Configuration for Redundancy for SIP Federation Update the federation routing parameter Log in to Cisco Unified IM and Presence Administration, choose System > Service Parameters > Cisco SIP Proxy from the Service menu and enter these values: Virtual IP Address - enter the virtual IP address set on the load balancer 1 Server Name - set to the FQDN of the load balancer 2 Federation Routing IM and Presence FQDN - set to the FQDN of the load balancer. Create a new TLS peer subject 1 Log in to Cisco Unified IM and Presence Administration, choose System > Security > TLS Peer Subjects. 2 Click Add New and enter these values: Peer Subject Name - enter the external FQDN of the load balancer Description - enter the name of the load balancer Add the TLS peer to the TLS peer subjects list 1 Log in to Cisco Unified IM and Presence Administration, choose System > Security > TLS Context Configuration. 2 Click Find. 3 Click Default_Cisco_UPS_SIP_Proxy_Peer_Auth_TLS_Context. 4 Move the load balancer federation-tls peer subject for the load balancer to the TLS peer subjects list. Configure Federation Routing Parameters Create a New TLS Peer Subject Add TLS Peer to Selected TLS Peer Subjects List Cisco Adaptive Security Appliance Updates When using a load balancer, the external domain still sends messages to the public IM and Presence Service address, but the Cisco Adaptive Security Appliance maps that address to a virtual IP address on the load balancer. Thus, when the Cisco Adaptive Security Appliance receives messages from the external domain, it forwards it to the load balancer. The load balancer then passes it on to the appropriate IM and Presence Service nodes. To support this configuration, you must make some changes to the Cisco Adaptive Security Appliance: Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1) 2 OL-30957-01

Load Balancer Configuration for Redundancy for SIP Federation Static PAT Message Updates Static PAT Message Updates You must update the static PAT messages to include the load balancer details. Cisco Adaptive Security Appliance Release 8.2 Command Cisco Adaptive Security Appliance Release 8.3 Command Changes Required for the IM and Presence Service Publisher Change the static PAT to use an arbitrary, unused port for the public IM and Presence Service address. Change: static (inside,outside) tcp public_imp_ip_address 5061 routing_imp_private_ip_address 5062 netmask 255.255.255.255 to: static (inside,outside) tcp public_imp_ip_address 55061 routing_imp_publisher_ private_ip_address 5062 netmask 255.255.255.255 Change: object service obj_tcp_source_eq_5061 # service tcp source eq 5061 nat (inside,outside) source static obj_host_routing_imp_private_ip_address obj_host_public_imp_ip_address service obj_tcp_source_eq_5062 obj_tcp_source_eq_5061 to object service obj_tcp_source_eq_55061 # service tcp source eq 55061 nat (inside,outside) source static obj_host_routing_imp_private_ip_address obj_host_public_imp_ip_address service obj_tcp_source_eq_5062 obj_tcp_source_eq_55061 Add a new static PAT to allow messages sent to the public IM and Presence Service address to be forwarded to the virtual port address (on whichever port the load balancer is listening for TLS messages). static (inside,outside) tcp public_imp_address 5061 load_balancer_vip 5062 netmask 255.255.255.255 object network obj_host_load_balancer_vip # host routing_imp_private_address object service obj_tcp_source_eq_5061 # service tcp source eq 5061 nat (inside,outside) source static obj_host_load_balancer_vip obj_host_public_imp_ip_address service obj_tcp_source_eq_5062 obj_tcp_source_eq_5061 Changes Required for IM and Presence Service Subscriber Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1) OL-30957-01 3

Access List Updates Load Balancer Configuration for Redundancy for SIP Federation Add a new access list for the load balancer virtual IP address. You must add an access list for each external domain that IM and Presence Service needs to access. Cisco Adaptive Security Appliance Release 8.2 Command Cisco Adaptive Security Appliance Release 8.3 Command access-list ent_lber_to_external_ocs extended permit tcp host subscriber_private_ip_address host external_domain_public_ip_address 5061 access-list ent_lcs_to_lber_routg_imp extended permit tcp host external_domain_public_ip_address host imp_public_ip_address 65061 Add a new access list for a extended permit tcp hosexternal domain to initiate messages to a IM and Presence Service server when the load balancer virtual IP address is in place. You must add an access list for each external domain that needs to access IM and Presence Service. Configure Static IP Routes Port Address Translation (PAT) Access List Updates To support the load balancer, you also need to update the access lists on the Cisco Adaptive Security Appliance specific to your deployment scenario. Note The IM and Presence Service public IP address refers to the public IP address of the IM and Presence Service domain as configured on the Cisco Adaptive Security Appliance, and as it appears in the DNS record. This record shows the FQDN of the load balancer containing the public IP of the Cisco Adaptive Security Appliance. s Deployment Scenario: An IM and Presence Service node federating with one or more external domains Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1) 4 OL-30957-01

Load Balancer Configuration for Redundancy for SIP Federation Access List Updates Add a new access list for the new load balancer virtual IP address. You must add an access list for each external domain that IM and Presence Service needs to access. Configuration Example Publisher: Cisco Adaptive Security Appliance Release 8.2 and 8.3 Command: access-list ent_lber_to_external_ocs extended permit tcp host virtual_ip_address host external_domain_public_ip_address eq 5061 Add a new access list for an external domain to initiate messages to a IM and Presence Service node when the load balancer virtual IP address is in place. You must add an access list for each external domain that needs to access IM and Presence Service. Publisher: Cisco Adaptive Security Appliance Release 8.2 Command: access-list ent_lcs_to_lber_routgimp extended permit tcp host external_domain_public_ip_address host imp_public_ip_address eq 5062 Cisco Adaptive Security Appliance Release 8.3 Command: access-list ent_external_server_to_lb extended permit tcp host external_public_address host loadbalancer_virtual_ip_address eq 5062 For each access list, add a new class to incorporate the new access list. For each class, make an entry in the policy-map global_policy for messages initiated by the IM and Presence Service. For each class, make an entry in the policy-map global_policy for messages initiated on an external domain. class ent_lber_to_external_ocs match access-list ent_lber_to_external_ocs policy-map global_policy class ent_lber_to_external_ocs inspect sip sip_inspect tls-proxy ent_imp_to_external policy-map global_policy class ent_lcs_to_lber_routgimp inspect sip sip_inspect tls-proxy ent_external_to_imp Deployment Scenario: IM and Presence Service to IM and Presence Service Federation, where the external domain has added one or more intercluster IM and Presence Service nodes The external domain Adaptive Security Appliance must allow access to the arbitrary ports that were selected for our local domain publisher and subscriber. Configuration Example access-list ent_imp_to_externalpubimpwlber extended permit tcp host external_domain_private_imp_address host public_imp_address_local_domain 55061 access-list ent_imp_to_externalsubimpwlber extended permit tcp host external_domain_private_imp_address host public_imp_address_local_domain 65061 For each access list, add a new class to incorporate the new access list. Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1) OL-30957-01 5

TLS Proxy Instance Updates Load Balancer Configuration for Redundancy for SIP Federation For each class, make an entry in the policy-map global_policy. Configuration Example Access List Configuration Requirements TLS Proxy Instance Updates Update the TLS proxy instances on the Cisco Adaptive Security Appliance. Change: tls-proxy ent_external_to_imp server trust-point msoft_public_fqdn client trust-point imp_proxy client cipher-suite aes128-sha1 aes256-sha1 3des-sha1 null-sha1 tls-proxy ent_imp_to_external server trust-point imp_proxy client trust-point msoft_public_fqdn client cipher-suite aes128-sha1 aes256-sha1 3des-sha1 null-sha1 to: tls-proxy ent_external_to_imp server trust-point msoft_public_fqdn client trust-point msoft_public_fqdn client cipher-suite aes128-sha1 aes256-sha1 3des-sha1 null-sha1 tls-proxy ent_imp_to_external server trust-point msoft_public_fqdn client trust-point msoft_public_fqdn client cipher-suite aes128-sha1 aes256-sha1 3des-sha1 null-sha1 Configure TLS Proxy Instances CA-Signed Security Certificate Updates When adding the load balancer to the configuration, you must also generate CA-signed security certificates between the load balancer, the Cisco Adaptive Security Appliance, and the IM and Presence Service node as described in these sections: Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1) 6 OL-30957-01

Load Balancer Configuration for Redundancy for SIP Federation Security Certificate Configuration Between the Load Balancer and Cisco Adaptive Security Appliance Security Certificate Configuration Between the Load Balancer and Cisco Adaptive Security Appliance This topic provides an overview of the required steps for configuring the security certificate between the load balancer and the Cisco Adaptive Security Appliance. Generate CA-signed certificate for the load balancer on the Cisco Adaptive Security Appliance. Import the CA-signed certificate from the Cisco Adaptive Security Appliance to the load balancer. Generate a CA-signed certificate for the Cisco Adaptive Security Appliance on the load balancer. Use the crypto ca enroll command and specify the FQDN of the load balancer. Refer to your load balancer documentation. Refer to your load balancer documentation. Import the CA-signed certificate from the load balancer to the Cisco Adaptive Security Appliance Use the crypto ca trustpoint command. To verify that the certificate was imported, use the show crypto ca certificate command. Configure a Certificate on the Cisco Adaptive Security Appliance Using SCEP Import an IM and Presence Service Certificate into the Cisco Adaptive Security Appliance Security Certificate Exchange Between Cisco Adaptive Security Appliance and Microsoft Access Edge (External Interface) with Microsoft CA Security Certificate Configuration Between the Load Balancer and IM and Presence Service Node This topic provides an overview of the required steps for configuring the security certificate between the load balancer and the IM and Presence Service nodes. Generate a CA-signed certificate on both the publisher and subscriber nodes. Import the CA-signed certificates (from the publisher and subscriber nodes) to the load balancer Follow the instructions to exchange certificates using CA-signed certificates. Refer to your load balancer documentation. Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1) OL-30957-01 7

Microsoft Component Updates Load Balancer Configuration for Redundancy for SIP Federation Microsoft Component Updates You must update some Microsoft components with the load balancer details. Update all instances of the FQDN to correspond to the load balancer FQDN. Update the domain name in the IM Provider list with the load balancer. 1 On the external Access Edge server, choose Start > Administrative Tools > Computer Management. 2 In the left pane, right-click Microsoft Office Communications Server 2007. 3 Click the IM Provider tab. 4 Click Add. 5 Check the check box for Allow the IM service provider. Define the network address of the IM service provider as the public FQDN of the load balancer External Server Component Configuration for SIP Federation AOL Component Updates If you incorporate a load balancer into your AOL federation deployment, you must provide AOL with some details about the load balancer. Refer to the section in the for details. Requirements for SIP Federation with AOL Interdomain Federation for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1) 8 OL-30957-01

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information