Media Resources on CUCM (Conference Bridge and Transcoder)

Hi people,

In this post I’ll cover a little bit of resources on CUCM, more specifically Transcoding and Conference Bridge.

The requirements to have them configured on your Voice Gateway, and consequently being used on CUCM, are DSPs.
DSPs reside either directly on a voice network module, on PVDM2s that are installed in a voice network module or on PVDMs that are installed directly onto the motherboard, such as on the Cisco 2800 and 3800 series voice gateway routers.

Having your DSP, let’s configure this bad boy in your Voice Gateway.

  • Configuring SCCP

!— This sccp ccm command adds CallManager server(s) !— to the list of available servers to which the voice gateway can register.
Gateway(config)#sccp ccm 192.168.252.18 identifier 18 priority 1 version 4.1
Gateway(config)#sccp ccm 192.168.198.10 identifier 5 priority 2 version 4.1
Gateway(config)#sccp ccm 192.168.198.11 identifier 4 priority 3 version 4.1
Gateway(config)#sccp ccm 192.168.198.12 identifier 11 priority 4 version 4.1

!— Selects the local interface that SCCP applications !— use to register with CUCM.
Gateway(config)#sccp local loopback 1

!— Enables SCCP and brings it up administratively.
Gateway(config)#sccp Gateway(config)#exit

  • Configuring DSP Farm for Transcoding


!— The dsp services dspfarm command enables DSP farm services for the voice card.

Gateway(config)#voice-card 0
Gateway(config-voicecard)#dsp services dspfarm


!— The dspfarm profile 111 transcode command enters the !— DSP farm profile configuration mode !— to define a profile for DSP farm services. !— For this profile, a transcode profile is created.

Gateway(config-voicecard)#exit
Gateway(config)#dspfarm profile 111 transcode


!— Specifies the codecs supported by a DSP farm profile.

Gateway(config-dspfarm-profile)#codec ?
   g711alaw      G.711 A Law 64000 bps
   g711ulaw      G.711 u Law 64000 bps
   g729abr8      G.729ab 8000 bps
   g729ar8       G.729a 8000 bps
   g729br8       G.729b 8000 bps
   g729r8        G.729 8000 bps
   pass-through  Stream Pass Through

!— Specifies the maximum number of sessions that are !— supported by the profile. !— Number is determined by the available registered !— DSP resources.
Gateway(config-dspfarm-profile)#maximum sessions 20

!— The associate application sccp command associates the SCCP protocol !— to the DSP farm profile.
Gateway(config-dspfarm-profile)#associate application sccp

!— Enables the profile, allocates !— DSP farm resources, and associates the application.
Gateway(config-dspfarm-profile)#no shutdown
Gateway(config-dspfarm-profile)#exit
Gateway(config)#gateway

!— Sets the Real-Time Transport !— Protocol (RTP) timeout interval to clear hanging connections. !— Seconds range is 180 to 1800. The default is 1200.
Gateway(config-gateway)#timer receive-rtp 600

  • Creating Call Manager group

Gateway>enable
Gateway#configure terminal
Gateway(config)#sccp ccm group 111

!— Adds a Cisco Unified CallManager server to the Cisco !— Unified CallManager group and establishes its priority within the group.
Gateway(config-sccp-ccm)#associate ccm 18 priority 1
Gateway(config-sccp-ccm)#associate ccm 5 priority 2
Gateway(config-sccp-ccm)#associate ccm 4 priority 3
Gateway(config-sccp-ccm)#associate ccm 11 priority 4

!— Associates a DSP farm profile to the Cisco Unified CallManager group. !— The device-name must match the device name configured in Cisco Unified CallManager.
Gateway(config-sccp-ccm)#associate profile 111 register DE_XCODE_01


!— Binds an interface to the Cisco Unified CallManager group.

Gateway(config-sccp-ccm)#bind interface loopback 1
Gateway(config-sccp-ccm)end

Now, let’s do the same for Conferencing Bridge

The process is purely the same, so I’ll just put the commands here:

Gateway>enable
Gateway#configure terminal
Gateway(config)#voice-card 0
Gateway(config-voicecard)#dsp services dspfarm
Gateway(config-voicecard)#exit
Gateway(config)#dspfarm profile 999 conference
Gateway(config-dspfarm-profile)#description conference profile 999
Gateway(config-dspfarm-profile)#codec ?
   g711alaw      G.711 A Law 64000 bps
   g711ulaw      G.711 u Law 64000 bps
   g729abr8      G.729ab 8000 bps
   g729ar8       G.729a 8000 bps
   g729br8       G.729b 8000 bps
   g729r8        G.729 8000 bps
   pass-through  Stream Pass Through

Gateway(config-dspfarm-profile)#maximum sessions 4
Gateway(config-dspfarm-profile)#associate application sccp
Gateway(config-dspfarm-profile)#no shutdown
Gateway(config-dspfarm-profile)#exit
Gateway(config)#gateway
Gateway(config-gateway)#timer receive-rtp 600
Gateway(config-gateway)#exit

Gateway>enable
Gateway#configure terminal
Gateway(config)#sccp ccm group 999
Gateway(config-sccp-ccm)#associate ccm 18 priority 1
Gateway(config-sccp-ccm)#associate ccm 5 priority 2
Gateway(config-sccp-ccm)#associate ccm 4 priority 3
Gateway(config-sccp-ccm)#associate ccm 11 priority 4
Gateway(config-sccp-ccm)#associate profile 999 register 00C88B514BDF
Gateway(config-sccp-ccm)#bind interface loopback 1

Gateway(config-sccp-ccm)end

Time now to add them to our Unified Communications Manager

  • Transcoder

On CUCM, go to Media Resources >> Transcoder >> Add new

Choose Cisco IOS Enhanced Media Termination Point for the Transcoder Type, and fill the rest with your Device Pool,  and for the Device Name, use the name you added on the Gateway:

image

Save and Reset it. You must see it as registered

  • Conference Bridge

On CUCM, go to Media Resources >> Conference Bridge >> Add new

Choose Cisco Conference Bridge Hardware for the Conference Bridge Type, and fill the rest with your Device Pool, Location, and for the Mac Address, use the name you added on the Gateway:

image

Save and Reset it. You must see it as registered

Now, added them both in a Media Resource Group, and then add this group to a Media Resource Group List.

Job done!!

Cheers Smile

How to connect to Azure from PowerShell

Today I will talk about how to use PowerShell. I know that there is already integrated access to the browser directly through the Azure portal, but the idea of this post is to show how to access it as in the old days and mainly to help those who do not know where to start.

Well, let’s get started! If you have not yet installed the PowerShell module, I will demonstrate here how to do this, basically, you will need to open PowerShell as Administrator (Right-click and select “Run as administrator”), then execute the following command (Copy and Paste it):

If you want the module to be available only to the user performing the procedure on this workstation, choose command 1, if not, you want the module to be available to all users of this workstation, choose command 2.

1 – Install for Current User

if ($PSVersionTable.PSEdition -eq 'Desktop' -and (Get-Module -Name AzureRM -ListAvailable)) {
Write-Warning -Message ('Az module not installed. Having both the AzureRM and ' +
'Az modules installed at the same time is not supported.')
} else {
Install-Module -Name Az -AllowClobber -Scope CurrentUser
}

2 – Install for All Users
if ($PSVersionTable.PSEdition -eq 'Desktop' -and (Get-Module -Name AzureRM -ListAvailable)) {
    Write-Warning -Message ('Az module not installed. Having both the AzureRM and ' +
      'Az modules installed at the same time is not supported.')
} else {
    Install-Module -Name Az -AllowClobber -Scope AllUsers
}

If you try to understand the commands, you will see that only the parameter –Scope is changed. My learning tip here is, always try to understand the command that is being executed, this will help you to become familiar with Cmdlets (CmdLets is the name given to the commands used in PowerShell).

image

If you want to understand more about the subject, here are some links that will help you learn.

  • Introducing the Azure Az PowerShell module

From now on I am assuming you have already installed the Az Module and using PowerShell. Here is the simple command for your reference. The below command will connect to your Azure Account and it will connect to the default subscription.

Import-Moduloe –Name Az

Connect-AzAccount

AzAccountConnected

And if you have different subscriptions you have to set the default subscription with the below command.

Set-AzContext ‘YOUR_SUBSCRIPTION_NAME’

To Discover or list all the Az Module

Get-Module Az.* -ListAvailable | Select-Object Name -Unique

To discover the available cmdlets within a module we can use the Get-Command cmdlet. In this example, we browse all cmdlets within the Az.Account module:

Get-Command -Module Az.Accounts

You can use the Get-Help command to get help with any specific command

Get-Help Get-AzVM

image

If want to see a few examples against this command you can use this.

Get-Help Get-AzVM –Examples

image

That and everything for today. If you have any questions, leave them in the comments or contact us, it will be a pleasure to answer them Smile.

Creating an ODBC connection with UCCX

Hey everybody,

Today  I want to show you how to create an ODBC connection with UCCX, which can be mainly used for Wallboards/Dashboards.

To be able to access and pull information out from its Database, UCCX already provides some users with some specifics rights. They are:

  • uccxwallboard: Has access to real-time database tables that contain snapshots of real-time statistics, more specifically to tables RTCSQsSummary and RTICDStatistics.
  • uccxhruser:  Has access to many configuration and historical tables in the UCCX database. It can only be used for custom historical reporting and Cisco Unified Workforce Management (WFM).
  • uccxworkforce: Has access to the Team, Resource, and Supervisor tables and it’s used for Cisco Unified Quality Management (QM).

For this connection we are creating now, we are going to use uccxhruser.
Let’s start off going to UCCX >> Tools >> Password Management to set a new password (in case you don’t know)

image

Once done, let’s now focus on the ODCB configuration!

First of all, you need to download the IBM Informix Client SDK. It will allow the client to stablish a ODBC connection with your Database on UCCX.
You can download the SDK here.

  • Go to Control Panel >> Administrative Tools >> ODBC Data Sources (64-bit).
  • Chose the tab System DNS and hit Add.

image

  • You see now a list of available data sources. Select IBM INFORMIX ODBC DRIVER. Click Finish.
  • Time to create a new DNS. In the Tab General, give a name to your connection.

  • Go to the Tab Environment, and fill the information following the rules below:
    • Server Name: Instance name of Informix server of the set up.  Please pay attention because there are tricky rules for entering the name such as:
      1. Name MUST be in lower case (even if your server name are in upper case)
      2. Any hyphens MUST be converted to underscore
      3. If your server name begins with a number, add “i” in front of it.
      4. Add “_uccx” to the end of the hostname.

    For example: If your server name is 1-EMEA-UCCX, you have to enter i1_emea_uccx_uccx

    • Hostname: The actual hostname or IP address of the UCCX
    • Service: 1504
    • Protocol: onsoctcp
    • Options: leave it blank
    • Database name: db_cra
    • UserID: uccxhruser
    • Password: Password of uccxhruser

    image

    • Go now to the Tab Environment.

          Fields Client Locale and Database Locale must be as: en_US.UTF8

    3

    • Go back to the Tab Connection. It’s now time to test if it’s working.

    Click on Apply and Test Connection. You must see that message:

    6

    That’s it for now! I hope this post can be useful !!

    See ya!!

    Understand Azure Role Based Access Control (RBAC)

    Hi Folks!

    As I said weeks ago, I am studying to take Az-104 exam and I intend to detail here some of the topics that will be covered by the exam. For that reason today I decided to talk about RBACs.

    Identity and Access

    When it comes to identity and access, most organizations that are considering using the public cloud are concerned about two things:

    1. Ensuring that when people leave the organization, they lose access to resources in the cloud.
    2. Striking the right balance between autonomy and central governance – for example, giving project teams the ability to create and manage virtual machines in the cloud while centrally controlling the networks those VMs use to communicate with other resources.

    Azure Active Directory (Azure AD) and Role-Based Access Control (RBAC) work together to make it simple to carry out these goals.

    Azure subscriptions

    First, remember that each Azure subscription is associated with a single Azure AD directory. Users, groups, and applications in that directory can manage resources in the Azure subscription. The subscriptions use Azure AD for single sign-on (SSO) and access management. You can extend your on-premises Active Directory to the cloud by using Azure AD Connect. This feature allows your employees to manage their Azure subscriptions by using their existing work identities. When you disable an on-premises Active Directory account, it automatically loses access to all Azure subscriptions connected with Azure AD.

    What is RBAC?

    Role-based access control (RBAC) is an authorization system built on Azure Resource Manager that provides fine-grained access management of resources in Azure. With RBAC, you can grant the exact access that users need to do their jobs. For example, you can use RBAC to let one employee manage virtual machines in a subscription while another manages SQL databases within the same subscription.

    What is role-based access control?

    You grant access by assigning the appropriate RBAC role to users, groups, and applications at a certain scope. The scope of a role assignment can be a subscription, a resource group, or a single resource. A role assigned at a parent scope also grants access to the child scopes contained within it. For example, a user with access to a resource group can manage all the resources it contains, like websites, virtual machines, and subnets. The RBAC role that you assign dictates what resources the user, group, or application can manage within that scope.

    The following diagram depicts how the classic subscription administrator roles, RBAC roles, and Azure AD administrator roles are related at a high level. Roles assigned at a higher scope, like an entire subscription, are inherited by child scopes, like service instances.

    rbac-admin-roles

    In the above diagram, a subscription is associated with only one Azure AD tenant. Also note that a resource group can have multiple resources but is associated with only one subscription. Although it’s not obvious from the diagram, a resource can be bound to only one resource group.

    What can I do with RBAC?

    RBAC allows you to grant access to Azure resources that you control. Suppose you need to manage access to resources in Azure for the development, engineering, and marketing teams. You’ve started to receive access requests, and you need to quickly learn how access management works for Azure resources.

    Here are some scenarios you can implement with RBAC.

    • Allow one user to manage virtual machines in a subscription and another user to manage virtual networks
    • Allow a database administrator group to manage SQL databases in a subscription
    • Allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets
    • Allow an application to access all resources in a resource group

    RBAC in the Azure portal

    In several areas in the Azure portal, you’ll see a pane named Access control (IAM), also known as identity and access management. On this pane, you can see who has access to that area and their role. Using this same pane, you can grant or remove access.

    The following shows an example of the Access control (IAM) pane for a resource group. In this example, has been assigned the Contributor role to myself for the GetPractical resource group.

    image

    How does RBAC work?

    You control access to resources using RBAC by creating role assignments, which control how permissions are enforced. To create a role assignment, you need three elements: a security principal, a role definition, and a scope. You can think of these elements as “who”, “what”, and “where”.

    1. Security principal (who)

    A security principal  is just a fancy name for a user, group, or application that you want to grant access to.

    image

    2. Role definition (what you can do)

    A role definition is a collection of permissions. It’s sometimes just called a role. A role definition lists the permissions that can be performed, such as read, write, and delete. Roles can be high-level, like Owner, or specific, like Virtual Machine Contributor.

    image

    Azure includes several built-in roles that you can use. The following lists four fundamental built-in roles:

    • Owner – Has full access to all resources, including the right to delegate access to others.
    • Contributor – Can create and manage all types of Azure resources, but can’t grant access to others.
    • Reader – Can view existing Azure resources.
    • User Access Administrator – Lets you manage user access to Azure resources.

    If the built-in roles don’t meet the specific needs of your organization, you can create your own custom roles.

    3. Scope (where)

    Scope is where the access applies to. This is helpful if you want to make someone a Website Contributor, but only for one resource group.

    In Azure, you can specify a scope at multiple levels: management group, subscription, resource group, or resource. Scopes are structured in a parent-child relationship. When you grant access at a parent scope, those permissions are inherited by the child scopes. For example, if you assign the Contributor role to a group at the subscription scope, that role is inherited by all resource groups and resources in the subscription.

    image

    Role assignment

    Once you have determined the who, what, and where, you can combine those elements to grant access. A role assignment is the process of binding a role to a security principal at a particular scope, for the purpose of granting access. To grant access, you create a role assignment. To revoke access, you remove a role assignment.

    The following example shows how the Marketing group has been assigned the Contributor role at the sales resource group scope.

    image

    RBAC is an allow model

    RBAC is an allow model. What this means is that when you are assigned a role, RBAC allows you to perform certain actions, such as read, write, or delete. So, if one role assignment grants you read permissions to a resource group and a different role assignment grants you write permissions to the same resource group, you will have read and write permissions on that resource group.

    RBAC has something called NotActions permissions. Use NotActions to create a set of allowed permissions. The access granted by a role, the effective permissions, is computed by subtracting the NotActions operations from the Actions operations. For example, the Contributor role has both Actions and NotActions. The wildcard (*) in Actions indicates that it can perform all operations on the control plane. Then you subtract the following operations in NotActions to compute the effective permissions:

    • Delete roles and role assignments
    • Create roles and role assignments
    • Grants the caller User Access Administrator access at the tenant scope
    • Create or update any blueprint artifacts
    • Delete any blueprint artifacts

    Cisco Single Number Reach

    Hey guys!
    Here is Bruno, and I’ll be in charge of the Cisco side of this Blog, more specifically, Collaboration.

    For my opening post, I’d like to talk about a feature on CUCM that, due all this pandemic situation, is being largely implemented.


    Cisco Single Number Reach (SNR), or known as Mobile Connect, is a feature which allows users to answer incoming calls to their extension on either their desktop IP phone or at a remote destination, such as a mobile phone. 

    As many companies had to send employees to work from home, SNR becomes really useful to cover some gaps you may have in your infrastructure.

    To give you some practical examples, there were 2 situations where I configured SRN to save user’s life.
    In the first, a small company didn’t have a good infra to send users to home (lack of bandwidth, poor VPN) and in the second, users were vendors and firewalls didn’t allow them to have Jabber connected to VPN.
    In both situations, users had to receive calls from a queue on UCCX.
    I came up with SNR for both cases, so users could work from home, and even though they weren’t using any softphone, they could answer calls coming from they extension.

    Although Cisco does not mention in its Documentation, I configured and tested SNR with UCCX with success  Smile

    So, how does this work?

    When a call comes in to your Extension Number,  SNR will reroute the call not only to a DN, but also to your remote number, that can be your mobile phone. If needed, you can configure rerouting to a group of remote numbers that belong to an employee.
    In other words, SNR provides you a functionality similar to Shared Line. The difference is that in this case a shared line is organized between an office phone and some remote device that isn’t necessary in a cluster, not between the phones within a cluster.

    image
    Said that, let’s get down to business!

    What do you need to configure?

    Configuring End User

    Configuring Remote Destination Profile

    Configuring Remote Destination

    Configuring End User

    In the End User page, make sure the Device is already associated in the Controlled Devices and its Line is assigned as Primary Line

    imageimage

    Check the Enable Mobility check box. You can also, modify the Maximum Wait Time for Desk Pickup and Remote Destination Limit if required. Moreover, the default values can be seen in the image.

    image

    Configuring Remote Destination Profile

    Time to create a new Remote Destination Profile.
    On CUCM, go to Device > Device Settings > Remote Destination Profile > Add new

    You can choose any name, associate your user ID, give a calling search space and a rerouting CSS.
    CUCM attempts to reach the remote destination through the Rerouting calling search Space.

    image

    Click Save, now you can see an option to add a new Directory number (DN) .

    Click Add a new DN to navigate to directory number configuration, where you need to specify the directory number of the desk phone with which you need to associate the RDP and then click Save.

    imageimage

    Configuring Remote Destination

    Time to configure the Remote Destination.
    Specify the Destination number, as this is the number for your Remote destination.
    Ensure that the check box, Enable Unified Mobility features, Enable Single Number Reach, Enable Move to Mobile is checked.

    Single Number Reach Voicemail Policy provides two options: Timer control and User Control, of which the former one is default.

    Under the section Timer information, you can specify the amount of delay before which the Remote Destination should ring.
    In case if the Remote Destination is required to ring immediately, you should set the Wait as 0.
    It is also important to calibrate the time in which the service provider of the remote destination sends the call to the voice-mail of the remote destination. The Stop ringing this phone after value should be set lesser then that to ensure that call does not go to the voicemail of the cell phone. This time value is specified against Stop ringing this phone after.

    image

    If the SNR voicemail policy is configured for User Control, timer information changes as shown in the image:

    In case the SNR configuration needs to be restricted based on time and day then these options are modified as required. If no restriction is needed to be applied then Ring Schedule should be set to All the time and When receiving a call  during the above ring schedule should be set to Always ring this destination.
    After you complete the configuration of remote destination, click Save.

    IMPORTANT STEP!!!
    Check the checkbox, which is next to the line and click Save.

    image

    That’s all guys!
    I hope this post will help you out!

    See ya!

    Bruno Falco

    Azure’s Certifications

    Hi Folks!

    Recently I’ve decided to renew my Microsoft certifications and also get new ones. Although I have already good years of experience working with Azure, I never tried to get its certifications, then because of that, I decided to start with Azure’s certifications.

    At the moment my certification target is the exam Az-104: Microsoft Azure Administrator. I’ve started my studies in the middle of January, so 2 weeks ago I decided to have a shot at the exam Az-900: Azure Fundamentals, just to have an idea of how my studies are going on, got approved on that \0/ !!

    image

    My Badge

    The exam isn’t that hard and has a lot of free content on the Microsoft Learn portal to help understand the exam measures (I will leave the link address at the end of the post).

    My study method:

    1. I always read the outline of the skills measured in each exam.
    2. If there’s anything I’m not familiar with, I’ll read the documentation available in Microsoft Docs (always free and up-to-date).
    3. If I don’t understand what the documents are saying, I use my tenant for proper validations.
    4. I always dedicate 20 to 40 hours (per exam) to perform the laboratories (On Azure you can have a free tenant for 30 days to do your validations).
    5. When it comes to new technology, I start by watching the training available in Microsoft Learn, Pluralsight and/or Udemy.

    That’s my method, share in the comments how’s your studies method?

    So from now on, I will start posting my study path to get approved on these certifications and try to share some acquired knowledge for the most important skill measured on the exams.

    Azure Free tenant: https://azure.microsoft.com/en-gb/free/

    Microsoft Learning: https://docs.microsoft.com/en-us/learn/

    Exam skills outline Az-900: https://docs.microsoft.com/en-us/learn/certifications/exams/az-900

    Exam skills outline Az-104: https://docs.microsoft.com/en-us/learn/certifications/exams/az-104

    Got it? Get Practical!

    Welcome to Get Practical !

    Well guys, we decided to create this Blog so we can discuss, answer questions, see tutorials and mainly contribute with the IT community in the dissemination of useful information. With our experience of working in IT, we will provide you with solutions to various issues that we have already faced and we were successful in trying to solve them. Every project and related troubleshoot that we experience from now on will be posted here so that a knowledge base is generated for everyone, and so everyone can consult and answer questions if we are facing similar problems.

    Cheers,

    Get Practical Team!