UCCX – Queries using Python Script

Hey guys,

As promised in my post about ODBC Connection, (you can read it HERE), I’m going to show you how to create a basic Script using Python to query some information from UCCX, which can be useful to create some personalized Dashboards.

Even though we have many types of reports on CUIC, sometime they don’t meet our expectations by having too much unnecessary information or by lack of information.

I’ have decided to use Python, along with HTML, to create my own Dashboard. So I can have only information I know is 100% useful.

First of all, you have to create the ODBC connection to the server where you are going to place the script.
Again, you can use THIS POST to help you out.

Once you have the ODBC Connection working, it’s time to work on your script.

To be able to connect your script to your ODBC, you need to have a PYODBC python Library installed. To be able to better manipulate date and time, I’m also using datetime library.

The first part of the script is used to establish a connection to your ODBC. So you need to fill all its information in the connection strings. It’s important to mention that pyodbc does not even look at the connection string. It is passed directly to the database driver.

To start off my code, I’ll call the libraries and use the command conn = pyodbc.connect to connect to my ODBC.

image

Connection is now ready!
Now it’s time to choose a query to be sent. That query is sent using SQL commands.
This means you can use your SQL skills to play with queries and create interesting reports

Smile

In the below example, I wanted to know how many licenses are being consumed daily.
To do that, I’ll use the SQL command: ” {call sp_license_utilization(‘2021-05-05 00:00:01′,’2021-05-05 23:00:01′,’0′,’1’)}”. The line in the script will be like that:

cursor.execute(” {call sp_license_utilization(‘2021-05-05 00:00:01′,’2021-05-05 23:00:01′,’0′,’1’)}”)

If you print the result, you will see something like that:

[(datetime.datetime(2021, 4, 16, 0, 0, 1), 1, 0, 3), (datetime.datetime(2021, 4, 16, 1, 0, 1), 0, 0, 4), (datetime.datetime(2021, 4, 16, 2, 0, 1), 0, 0, 4), (datetime.datetime(2021, 4, 16, 3, 0, 1), 0, 0, 4), (datetime.datetime(2021, 4, 16, 4, 0, 1), 1, 0, 6), (datetime.datetime(2021, 4, 16, 5, 0, 1), 0, 0, 18), (datetime.datetime(2021, 4, 16, 6, 0, 1), 2, 0, 43), (datetime.datetime(2021, 4, 16, 7, 0, 1), 4, 0, 58), (datetime.datetime(2021, 4, 16, 8, 0, 1), 9, 0, 63), (datetime.datetime(2021, 4, 16, 9, 0, 1), 6, 0, 64), (datetime.datetime(2021, 4, 16, 10, 0, 1), 5, 0, 62), (datetime.datetime(2021, 4, 16, 11, 0, 1), 4, 0, 51), (datetime.datetime(2021, 4, 16, 12, 0, 1), 5, 0, 51), (datetime.datetime(2021, 4, 16, 13, 0, 1), 4, 0, 49), (datetime.datetime(2021, 4, 16, 14, 0, 1), 4, 0, 39), (datetime.datetime(2021, 4, 16, 15, 0, 1), 3, 0, 27), (datetime.datetime(2021, 4, 16, 16, 0, 1), 2, 0, 15), (datetime.datetime(2021, 4, 16, 17, 0, 1), 0, 0, 10), (datetime.datetime(2021, 4, 16, 18, 0, 1), 1, 0, 8), (datetime.datetime(2021, 4, 16, 19, 0, 1), 0, 0, 6), (datetime.datetime(2021, 4, 16, 20, 0, 1), 0, 0, 6), (datetime.datetime(2021, 4, 16, 21, 0, 1), 0, 0, 6), (datetime.datetime(2021, 4, 16, 22, 0, 1), 0, 0, 5), (datetime.datetime(2021, 4, 16, 23, 0, 1), 0, 0, 5)]

Then, use Python to manipulate the results according to your needs. In my case, I’m using the datetime to get today’s date. I also created a list to save the values, as this code will check the license each hour, and give me the maximum as a final result.

The full code for this sample is:

image

 

import pyodbc
from datetime import datetime

conn = pyodbc.connect(‘DRIVER={IBM INFORMIX ODBC DRIVER};’
‘UID=uccxhruser;PWD=123456;’
‘DATABASE=db_cra;’
‘HOST=uccxlab.com;’
‘SERVER=uccxlab_uccx;’
‘SERVICE=1504;PROTOCOL=onsoctcp;CLIENT_LOCALE=en_US.UTF8;DB_LOCALE=en_US.UTF8’)
cursor = conn.cursor()

listItem = []
listLicCCX = []
timestampStr = datetime.now().strftime(“%Y-%m-%d”)

try:
cursor.execute(” {call sp_license_utilization(‘” + str(timestampStr) + ” 00:00:01′,'” + str(timestampStr) + ” 23:59:59′,’0′,’1’)}”)
rows = cursor.fetchall()
LicenseUsage = rows
for hourly in LicenseUsage:
if hourly[3] != None:
listItem.insert(0, hourly[3])
else:
listItem.insert(0, 0)
except pyodbc.Error as ex:
print(“An exception occurred”)
listItem.insert(0, 0)
listLicCCX.insert(0, (max(listItem)))

print(listLicCCX)

And this is the final result:

image

Remember you can use any SQL Query!

For example, this is the SQL query to get a list of Agents by Team:select s.resourceLoginID,s.resourceFirstName,s.resourceLastName,s.extension, t.teamname from Resource s inner join team t on s.assignedTeamID = t.teamid where s.active = ‘t’ and t.active = ‘t’ and t.teamname = ‘UCCX_TEAM’ order by t.teamname, s.resourceloginid

Using a simple Select * from rtcsqssummary here csqname = ‘<CSQ Name>’ query you can display more information as this query will return the following information.

csqname
loggedinagents
availableagents
unavailableagents
totalcalls
oldestcontact
callshandled
callsabandonded
callsdequeued
avgtalkduration
avgwaitduration
longesttalkduration
longestwaitduration
callswaiting
enddatetime
workingagents
talkingagents
reservedagents
startdatetime
convavgtalkduration
convavgwaitduration
convlongestwaitduration
convlongestwaitduration
convoldestcontact

The sky is the limit!

Smile

Now that you now how to use SQL queries in Python, you can start creating your own script!

Enjoy!

Bruno

Azure’s Advisor

index

Do you know “Azure Advisor”? Do you know how useful it can be for your Azure environment?

What is Advisor?

Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, Reliability (formerly called High availability), and security of your Azure resources.

With Advisor, you can:

  • Get proactive, actionable, and personalized best practices recommendations.
  • Improve the performance, security, and reliability of your resources, as you identify opportunities to reduce your overall Azure spend.
  • Get recommendations with proposed actions inline.

You can access Advisor through the Azure portal. Sign in to the portal, locate Advisor in the navigation menu, or search for it in the All services menu.

image

The Advisor dashboard displays personalized recommendations for all your subscriptions. You can apply filters to display recommendations for specific subscriptions and resource types. The recommendations are divided into five categories:

  • Reliability (formerly called High Availability): To ensure and improve the continuity of your business-critical applications.

  • Security: To detect threats and vulnerabilities that might lead to security breaches.

  • Performance: To improve the speed of your applications.

  • Cost: To optimize and reduce your overall Azure spending.

  • Operational Excellence: To help you achieve process and workflow efficiency, resource manageability and deployment best practices.

image

Now let’s check out the Recommendations for my tenant. Click on “Recommendation” section to check the environment.

Here you can select which subscription to run the Advisor, then choose what type of recommendation you would like to view (That is, in isolation), or click on “All recommendations” on the left side of the above screen.

In my test environment he identified 24 issues in total, 8 x “High impact”, 10 x “Medium impact” and 6 x “Low impact” for security.

As the Advisor warned that the issues are critical, we can click on “Security” and check the description of the vulnerability and if applicable, apply the solution recommended by the Advisor itself.

image

Now you can click on the vulnerability pointed out and check which resources are impacted and the solution suggested by the Advisor and apply it if it is appropriate for your environment.

image

image

In the examples above, you can see that the Advisor provides a description of the vulnerability and what steps are taken to resolve the issue.
It is interesting that if you click on the option “Quick Fix Logic” the Advisor will provide you with a json script to solve the issue

That and everything for today guys, see you soon!

Cisco CUCM – SOAP Overview

Hey guys,

Today I’m going to talk about SOAP AXL. A powerful and useful type of communication model. Most of the Cisco Unified Communications Manager (CUCM) APIs are exposed via SOAP-based XML Web Services.
I’ve been using it to create some Dashboards for CUCM!

The Administrative XML Web Service (AXL) is a XML/SOAP based interface that provides a mechanism for inserting, retrieving, updating and removing data from the Unified Communication configuration database.
Developers can use AXL and the provided WSDL to Create, Read, Update, and Delete objects such as gateways, users, devices, route-patterns and much more.

SOAP provides an XML-based communication protocol and encoding format for communication. For example, to describe a phone using XML, you would define the following structure.

image

Now, how do you know what types of requests you are allowed to make, what types of data those requests require, and what type of response you expect to receive?
This is where the Web Services Description Language (WSDL) comes into play. A WSDL file (along with any associated XML schema files) can be used to fully describe the capabilities of a SOAP API.

Luckily  CUCM provides a WSDL file for each of the SOAP-based APIs it supports and there are tools to read WSDL files and then make the SOAP API service methods available easily. The eventual goal is to leverage a programing language such as Python (I’ll cover that in future posts) to interface with the various SOAP API’s, but it helps to manually explore the API using a visual tool that can understand the WSDL file. One of these tools is SoapUI, and you can download it from here HERE.

Let’s see now step by step how to use SOAP and send some requests.

Step 1 – Download the AXL API WSDL File

The CUCM AXL API WSDL file is published on the CUCM server itself, as part of the Cisco AXL Toolkit plugin.

  • Access your CUCM
  • Navigate to ApplicationPlugins and click Find
  • Next to Cisco AXL Toolkit, click Download. The file axlsqltoolkit.zip is downloaded.
  • From your Downloads folder, extract this downloaded file (right-click Extract All…) to the default location (should be in the Downloads\axlsqltoolkit folder)
  • Once extracted, in the schema folder you will notice there are a number of folders. These are for various older CUCM versions. For this lab, we are interested in current. That folder contains the current CUCM’s AXL WSDL (AXLAPI.wsdl) and schema (.xsd) files.

Step 2 – Start SoapUI

Now you can load this WSDL into SoapUI, get things configured, and start sending queries. Follow these steps to load the WSDL into SoapUI.

  • Launch the SoapUI application.
  • Close any open Endpoint Explorer or other windows that may show up when launching SoapUI.
  • Click FileNew SOAP Project

image

  • For the Project Name enter UCMSOAP
  • Below that field, for the Initial WSDL file, click Browse. Navigate to your current AXL WSDL file extracted earlier:

Step 3 – Run an AXL Request from SoapUI

Once the API is loaded, you must set some of the default parameters, specifically the CUCM hostname or IP address and the credentials so that they don’t have to be re-entered for every query.

  • In SoapUI, in the Navigator pane on the left, you’ll see the new project folder named UCMSOAP and the AXLAPIBinding object. Right-click on the AXLAPIBinding and click Show Interface Viewer (same as double-clicking or pressing Enter).

image

  • In the AXLAPIBinding properties, select the Service Endpoints tab.

image

  • You’ll notice the Endpoint is set to https://CCMSERVERNAME:8443/axl/ (with blank username and password)
  • Double-click on CCMSERVERNAME so it can be edited and replaced by the hostname of your CUCM. Press Enter
  • Double-click on the Username and Password to enter the credentials. Be sure to press Enter for the field to be saved.
  • Close the AXLAPIBinding window by clicking the X in the right of its blue title bar .

So now SOAP is all set up and ready for issuing queries.
I’ll give you now an example of how to do that.

For example, a basic thing as getting the CUCM Version:

  • Choose AXLAPIBinding
  • Scroll Down till getCCMVersion. Expand it and you will find Request 1.
  • Double-click to open it, and you will find its XML Request.

image

You will observe there is a ?  in the processNodeName field. When a new request is created for an operation in SoapUI, all available options are presented, so there are often many that either need to be removed or filled in with valid data (instead of the default ? placeholder).

So, remove it, and click in the green button to send this request. The Response will show up at right:

image

You have successfully sent an AXL/SOAP request to CUCM and received a valid response!!
From now on you can start playing with other types of requisitions, like add, update or delete.

Enjoy it Smile

Bruno

Azure’s Auto-Shutdown

auto-shutdown

Hi folks,

Today we’ll talk about how to set up Azure Auto-Shutdown through the Azure portal.

This feature allows the machine to be programmed to shut down every day at the same time if you turn it on at some point throughout the day. Also, through the Auto-Shutdown you can configure a “Webhook” to notify the VM shutdown.


But what does “Webhook“ mean?

WebHook is a concept called “Web callback” or “HTTP Push API”, it is an application to provide other applications with information in real-time. The webhook provides data for other applications, meaning that you get data right away. Unlike typical APIs where you need to search for data very often in order to get it in real-time.

How to Configure Auto-Shutdown

To configure go to your virtual machine, in the Operations bar click on “Auto-Shutdown”.

image

Now we are going to add the time that the VM will be turned off, the Time Zone of your region and if you have any Webhook or email click on “yes” to add it then click on “Save“.

image

All done! My virtual machine is set up to shut down through Auto-Shutdown.

image

That’s all for now guys, see you then!

Cisco Finesse – Disconnection Problems

Hi everybody,

Today,  I’m going to give you a troubleshooting tip about an issue I’ve been facing, on Cisco Finesse.

Agents started complaining that they suddenly get disconnected, and when you see the reports on CUIC, the reason is Connection Failure.

For this case, we are using Cisco UCCX 11.6.2.

First of all, we have to check the Layer 1. Make sure the phone is not losing connection due a cabling faulty.
If you are using Jabber, make sure you network connection is stable, and if it’s VPN, your internet is stable.
Voice traffic is really sensitive, so any minimum interruption can cause a disconnection.

Another thing Cisco recommends is, if your agent has Deskphone and Jabber configured with the same line (but not using at the same time, as UCCX does not support shared lines), you have to keep only one added to the End user and to the Application user. If you have both, it work, but you will have that disconnection some times as well (yes, I faced that in the past).

Now, the latest I’ve heard from them!

As per this Troubleshooting, these presence driven logouts occur when UCCX does not receive presence available status from the agent PC/browser.  The system logs the agent out after 60 seconds.

So, seen all this points, there are 2 more difficult things to be caught, and I recently came across.

  1. Browser.
    Chrome v88+ and Edge are known to cause these issues.

    For agents logged out with the tab minimized/backgrounded:Disable Automatic Tab Discarding:
    For versions 75 and above: Add chrome extension ‘Disable automatic tab discarding’https://chrome.google.com/webstore/detail/disable-automatic-tab-dis/dnhngfnfolbmhgealdpolmhimnoliiok
  2. IntensiveWakeUpThrottlingEnabled Starting with Chrome 88: Improved resource consumption for background tabs To save on CPU load and prolong battery life, Chrome will limit the power consumption of background tabs. Specifically, Chrome will allow the timers in the background tabs to only run once per minute. If agents are using Chrome v88+, navigate to “chrome://flags” in the agent Chrome browser, search the above flag and ensure it is disabled (default=enabled).

  3. Network LatencyOne of the Finesse requirements is the that the Network Latency cannot be higher than 400ms.
    And that was exactly the problem I found on my network!!!

    But how do we find out that the latency is going over 400ms??

    Here are the instructions to gather the clientlogs from the agent Desktop side,

      *   Clear browser cache
      *   Load the following URL: <protocol>://<ip/host>:<port>/desktop/locallog and select “Sign In With Persistent Logging“.  You will be redirected to login page with the appropriate query parameter url.
      *   Sign into Finesse
      *   Operate Finesse as usual
      *   When you run into the problem open a new window or a tab and reopen with same browser type using the following URL: <protocol>://<ip/host>:<port>/desktop/locallog and select Refresh button
      *   Now you have all the logs in the contents of the console output.

  4. Conclusion


    After analysing the logs, I could find the following:

    Line 384: 2021-03-29T09:28:50.812 +02:00: 39DED1: <a href="http://<http://<<uccx_server>&gt;: Mar 29 2021 09:28:50.728 +0200: Header : Client: 2021-03-29T07:28:50.518Z, Server: 2021-03-29T07:28:50.434Z, Drift: -84ms, Network Latency (round trip): 587ms

    image

    In this Log’s pieces, we can see that the roundtrip latency for the agent that was logged out, spikes above the 400ms threshold allowed by Finesse. This latency means that the server does not receive the “Presence available” notifications from the agent PC.  After 60 seconds without receiving a notification, the system will log the agent out per design.              

  5. So now you have to troubleshoot your network to find the source of that Latency.

    That’s it guys!

    I hope this post can help you out!

    See ya!

    Bruno

    PowerShell Execution Policies

    So you decide to use PowerShell for the first time, and when you run a PowerShell script, you get a security warning or maybe you see some error messages and then the PowerShell window disappears. Here are some simple tips for your first PowerShell experience to be a success.

    Make sure you are using the latest version of PowerShell:

    https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-windows?view=powershell-7.1

    About Execution Policies

    https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-7.1

    Open your PowerShell console

    Always open it in elevated mode (If possible), with the title “Administrator: Windows PowerShell”. Then you try to execute a command, script or even import a module as in my example below.

    image

    This issue occurs because PowerShell starts with the execution of scripts disabled, obviously this happens for security reasons, after all, your environment can be seriously affected by a malicious script.

    In the screen below, you can see that I ran the Get-ExecutionPolicy command and the response was Restricted

    image

    There are 5 scopes of Execution Policy, and it depends on your need, but it is important that you know how to manipulate each scope and why.

    1. MachinePolicy: Set by a Group Policy for all users of the computer.
    2. UserPolicy: Set by a Group Policy for the current user of the computer.
    3. Process: The Process scope only affects the current PowerShell session. The execution policy is saved in the environment variable $env:PSExecutionPolicyPreference, rather than the registry. When the PowerShell session is closed, the variable and value are deleted.
    4. CurrentUser: The execution policy affects only the current user. It’s stored in the HKEY_CURRENT_USER registry subkey.
    5. LocalMachine: The execution policy affects all users on the current computer. It’s stored in the HKEY_LOCAL_MACHINE registry subkey.

    It is also important to know how to manipulate policies and which is the most suitable for your needs. I will list the policies that you can configure to use in your environment

    • AllSigned
    • Scripts can run.
    • Requires that all scripts and configuration files be signed by a trusted publisher, including scripts that you write on the local computer.
    • Prompts you before running scripts from publishers that you haven’t yet classified as trusted or untrusted.
    • Risks running signed, but malicious, scripts.
    • Bypass
    • Nothing is blocked and there are no warnings or prompts.
    • This execution policy is designed for configurations in which a PowerShell script is built in to a larger application or for configurations in which PowerShell is the foundation for a program that has its own security model.
    • Default
    • Sets the default execution policy.
    • Restricted for Windows clients.
    • RemoteSigned for Windows servers.
    • RemoteSigned
    • The default execution policy for Windows server computers.
    • Scripts can run.
    • Requires a digital signature from a trusted publisher on scripts and configuration files that are downloaded from the internet which includes email and instant messaging programs.
    • Doesn’t require digital signatures on scripts that are written on the local computer and not downloaded from the internet.
    • Runs scripts that are downloaded from the internet and not signed, if the scripts are unblocked, such as by using the Unblock-File cmdlet.
    • Risks running unsigned scripts from sources other than the internet and signed scripts that could be malicious.
    • Restricted
    • The default execution policy for Windows client computers.
    • Permits individual commands, but does not allow scripts.
    • Prevents running of all script files, including formatting and configuration files (.ps1xml), module script files (.psm1), and PowerShell profiles (.ps1).
    • Undefined
    • There is no execution policy set in the current scope.
    • If the execution policy in all scopes is Undefined, the effective execution policy is Restricted for Windows clients and RemoteSigned for Windows Server.
    • Unrestricted
    • The default execution policy for non-Windows computers and cannot be changed.
    • Unsigned scripts can run. There is a risk of running malicious scripts.
    • Warns the user before running scripts and configuration files that are not from the Local intranet zone.

    And finally, right after changing the execution policy in my example below to Unrestricted, it was possible to import the Azure module into the PowerShell.

    image

    Example 1: Set-ExecutionPolicy Unrestricted -force

    Example 2: Set-ExecutionPolicy RemoteSigned -force

    Note: The Parameter –Force is used only to prevent warnings from appearing, and then it is not necessary to make confirmations.

    I do not recommend leaving the policy set to Unrestricted, this was just for example. You must adapt to your need and if it is necessary to apply the Unrestricted policy do not forget to change when you finish your task. At the beginning of the article, I also left a link to Microsoft Docs where you can learn more about the subject, I will stop here and see you later!

    Media Resources on CUCM (Conference Bridge and Transcoder)

    Hi people,

    In this post I’ll cover a little bit of resources on CUCM, more specifically Transcoding and Conference Bridge.

    The requirements to have them configured on your Voice Gateway, and consequently being used on CUCM, are DSPs.
    DSPs reside either directly on a voice network module, on PVDM2s that are installed in a voice network module or on PVDMs that are installed directly onto the motherboard, such as on the Cisco 2800 and 3800 series voice gateway routers.

    Having your DSP, let’s configure this bad boy in your Voice Gateway.

    • Configuring SCCP

    !— This sccp ccm command adds CallManager server(s) !— to the list of available servers to which the voice gateway can register.
    Gateway(config)#sccp ccm 192.168.252.18 identifier 18 priority 1 version 4.1
    Gateway(config)#sccp ccm 192.168.198.10 identifier 5 priority 2 version 4.1
    Gateway(config)#sccp ccm 192.168.198.11 identifier 4 priority 3 version 4.1
    Gateway(config)#sccp ccm 192.168.198.12 identifier 11 priority 4 version 4.1

    !— Selects the local interface that SCCP applications !— use to register with CUCM.
    Gateway(config)#sccp local loopback 1

    !— Enables SCCP and brings it up administratively.
    Gateway(config)#sccp Gateway(config)#exit

    • Configuring DSP Farm for Transcoding


    !— The dsp services dspfarm command enables DSP farm services for the voice card.

    Gateway(config)#voice-card 0
    Gateway(config-voicecard)#dsp services dspfarm


    !— The dspfarm profile 111 transcode command enters the !— DSP farm profile configuration mode !— to define a profile for DSP farm services. !— For this profile, a transcode profile is created.

    Gateway(config-voicecard)#exit
    Gateway(config)#dspfarm profile 111 transcode


    !— Specifies the codecs supported by a DSP farm profile.

    Gateway(config-dspfarm-profile)#codec ?
       g711alaw      G.711 A Law 64000 bps
       g711ulaw      G.711 u Law 64000 bps
       g729abr8      G.729ab 8000 bps
       g729ar8       G.729a 8000 bps
       g729br8       G.729b 8000 bps
       g729r8        G.729 8000 bps
       pass-through  Stream Pass Through

    !— Specifies the maximum number of sessions that are !— supported by the profile. !— Number is determined by the available registered !— DSP resources.
    Gateway(config-dspfarm-profile)#maximum sessions 20

    !— The associate application sccp command associates the SCCP protocol !— to the DSP farm profile.
    Gateway(config-dspfarm-profile)#associate application sccp

    !— Enables the profile, allocates !— DSP farm resources, and associates the application.
    Gateway(config-dspfarm-profile)#no shutdown
    Gateway(config-dspfarm-profile)#exit
    Gateway(config)#gateway

    !— Sets the Real-Time Transport !— Protocol (RTP) timeout interval to clear hanging connections. !— Seconds range is 180 to 1800. The default is 1200.
    Gateway(config-gateway)#timer receive-rtp 600

    • Creating Call Manager group

    Gateway>enable
    Gateway#configure terminal
    Gateway(config)#sccp ccm group 111

    !— Adds a Cisco Unified CallManager server to the Cisco !— Unified CallManager group and establishes its priority within the group.
    Gateway(config-sccp-ccm)#associate ccm 18 priority 1
    Gateway(config-sccp-ccm)#associate ccm 5 priority 2
    Gateway(config-sccp-ccm)#associate ccm 4 priority 3
    Gateway(config-sccp-ccm)#associate ccm 11 priority 4

    !— Associates a DSP farm profile to the Cisco Unified CallManager group. !— The device-name must match the device name configured in Cisco Unified CallManager.
    Gateway(config-sccp-ccm)#associate profile 111 register DE_XCODE_01


    !— Binds an interface to the Cisco Unified CallManager group.

    Gateway(config-sccp-ccm)#bind interface loopback 1
    Gateway(config-sccp-ccm)end

    Now, let’s do the same for Conferencing Bridge

    The process is purely the same, so I’ll just put the commands here:

    Gateway>enable
    Gateway#configure terminal
    Gateway(config)#voice-card 0
    Gateway(config-voicecard)#dsp services dspfarm
    Gateway(config-voicecard)#exit
    Gateway(config)#dspfarm profile 999 conference
    Gateway(config-dspfarm-profile)#description conference profile 999
    Gateway(config-dspfarm-profile)#codec ?
       g711alaw      G.711 A Law 64000 bps
       g711ulaw      G.711 u Law 64000 bps
       g729abr8      G.729ab 8000 bps
       g729ar8       G.729a 8000 bps
       g729br8       G.729b 8000 bps
       g729r8        G.729 8000 bps
       pass-through  Stream Pass Through

    Gateway(config-dspfarm-profile)#maximum sessions 4
    Gateway(config-dspfarm-profile)#associate application sccp
    Gateway(config-dspfarm-profile)#no shutdown
    Gateway(config-dspfarm-profile)#exit
    Gateway(config)#gateway
    Gateway(config-gateway)#timer receive-rtp 600
    Gateway(config-gateway)#exit

    Gateway>enable
    Gateway#configure terminal
    Gateway(config)#sccp ccm group 999
    Gateway(config-sccp-ccm)#associate ccm 18 priority 1
    Gateway(config-sccp-ccm)#associate ccm 5 priority 2
    Gateway(config-sccp-ccm)#associate ccm 4 priority 3
    Gateway(config-sccp-ccm)#associate ccm 11 priority 4
    Gateway(config-sccp-ccm)#associate profile 999 register 00C88B514BDF
    Gateway(config-sccp-ccm)#bind interface loopback 1

    Gateway(config-sccp-ccm)end

    Time now to add them to our Unified Communications Manager

    • Transcoder

    On CUCM, go to Media Resources >> Transcoder >> Add new

    Choose Cisco IOS Enhanced Media Termination Point for the Transcoder Type, and fill the rest with your Device Pool,  and for the Device Name, use the name you added on the Gateway:

    image

    Save and Reset it. You must see it as registered

    • Conference Bridge

    On CUCM, go to Media Resources >> Conference Bridge >> Add new

    Choose Cisco Conference Bridge Hardware for the Conference Bridge Type, and fill the rest with your Device Pool, Location, and for the Mac Address, use the name you added on the Gateway:

    image

    Save and Reset it. You must see it as registered

    Now, added them both in a Media Resource Group, and then add this group to a Media Resource Group List.

    Job done!!

    Cheers Smile

    How to connect to Azure from PowerShell

    Today I will talk about how to use PowerShell. I know that there is already integrated access to the browser directly through the Azure portal, but the idea of this post is to show how to access it as in the old days and mainly to help those who do not know where to start.

    Well, let’s get started! If you have not yet installed the PowerShell module, I will demonstrate here how to do this, basically, you will need to open PowerShell as Administrator (Right-click and select “Run as administrator”), then execute the following command (Copy and Paste it):

    If you want the module to be available only to the user performing the procedure on this workstation, choose command 1, if not, you want the module to be available to all users of this workstation, choose command 2.

    1 – Install for Current User

    if ($PSVersionTable.PSEdition -eq 'Desktop' -and (Get-Module -Name AzureRM -ListAvailable)) {
    Write-Warning -Message ('Az module not installed. Having both the AzureRM and ' +
    'Az modules installed at the same time is not supported.')
    } else {
    Install-Module -Name Az -AllowClobber -Scope CurrentUser
    }

    2 – Install for All Users
    if ($PSVersionTable.PSEdition -eq 'Desktop' -and (Get-Module -Name AzureRM -ListAvailable)) {
        Write-Warning -Message ('Az module not installed. Having both the AzureRM and ' +
          'Az modules installed at the same time is not supported.')
    } else {
        Install-Module -Name Az -AllowClobber -Scope AllUsers
    }

    If you try to understand the commands, you will see that only the parameter –Scope is changed. My learning tip here is, always try to understand the command that is being executed, this will help you to become familiar with Cmdlets (CmdLets is the name given to the commands used in PowerShell).

    image

    If you want to understand more about the subject, here are some links that will help you learn.

    • Introducing the Azure Az PowerShell module

    From now on I am assuming you have already installed the Az Module and using PowerShell. Here is the simple command for your reference. The below command will connect to your Azure Account and it will connect to the default subscription.

    Import-Moduloe –Name Az

    Connect-AzAccount

    AzAccountConnected

    And if you have different subscriptions you have to set the default subscription with the below command.

    Set-AzContext ‘YOUR_SUBSCRIPTION_NAME’

    To Discover or list all the Az Module

    Get-Module Az.* -ListAvailable | Select-Object Name -Unique

    To discover the available cmdlets within a module we can use the Get-Command cmdlet. In this example, we browse all cmdlets within the Az.Account module:

    Get-Command -Module Az.Accounts

    You can use the Get-Help command to get help with any specific command

    Get-Help Get-AzVM

    image

    If want to see a few examples against this command you can use this.

    Get-Help Get-AzVM –Examples

    image

    That and everything for today. If you have any questions, leave them in the comments or contact us, it will be a pleasure to answer them Smile.

    Creating an ODBC connection with UCCX

    Hey everybody,

    Today  I want to show you how to create an ODBC connection with UCCX, which can be mainly used for Wallboards/Dashboards.

    To be able to access and pull information out from its Database, UCCX already provides some users with some specifics rights. They are:

    • uccxwallboard: Has access to real-time database tables that contain snapshots of real-time statistics, more specifically to tables RTCSQsSummary and RTICDStatistics.
    • uccxhruser:  Has access to many configuration and historical tables in the UCCX database. It can only be used for custom historical reporting and Cisco Unified Workforce Management (WFM).
    • uccxworkforce: Has access to the Team, Resource, and Supervisor tables and it’s used for Cisco Unified Quality Management (QM).

    For this connection we are creating now, we are going to use uccxhruser.
    Let’s start off going to UCCX >> Tools >> Password Management to set a new password (in case you don’t know)

    image

    Once done, let’s now focus on the ODCB configuration!

    First of all, you need to download the IBM Informix Client SDK. It will allow the client to stablish a ODBC connection with your Database on UCCX.
    You can download the SDK here.

    • Go to Control Panel >> Administrative Tools >> ODBC Data Sources (64-bit).
    • Chose the tab System DNS and hit Add.

    image

    • You see now a list of available data sources. Select IBM INFORMIX ODBC DRIVER. Click Finish.
    • Time to create a new DNS. In the Tab General, give a name to your connection.

    • Go to the Tab Environment, and fill the information following the rules below:
      • Server Name: Instance name of Informix server of the set up.  Please pay attention because there are tricky rules for entering the name such as:
        1. Name MUST be in lower case (even if your server name are in upper case)
        2. Any hyphens MUST be converted to underscore
        3. If your server name begins with a number, add “i” in front of it.
        4. Add “_uccx” to the end of the hostname.

      For example: If your server name is 1-EMEA-UCCX, you have to enter i1_emea_uccx_uccx

      • Hostname: The actual hostname or IP address of the UCCX
      • Service: 1504
      • Protocol: onsoctcp
      • Options: leave it blank
      • Database name: db_cra
      • UserID: uccxhruser
      • Password: Password of uccxhruser

      image

      • Go now to the Tab Environment.

            Fields Client Locale and Database Locale must be as: en_US.UTF8

      3

      • Go back to the Tab Connection. It’s now time to test if it’s working.

      Click on Apply and Test Connection. You must see that message:

      6

      That’s it for now! I hope this post can be useful !!

      See ya!!

      Understand Azure Role Based Access Control (RBAC)

      Hi Folks!

      As I said weeks ago, I am studying to take Az-104 exam and I intend to detail here some of the topics that will be covered by the exam. For that reason today I decided to talk about RBACs.

      Identity and Access

      When it comes to identity and access, most organizations that are considering using the public cloud are concerned about two things:

      1. Ensuring that when people leave the organization, they lose access to resources in the cloud.
      2. Striking the right balance between autonomy and central governance – for example, giving project teams the ability to create and manage virtual machines in the cloud while centrally controlling the networks those VMs use to communicate with other resources.

      Azure Active Directory (Azure AD) and Role-Based Access Control (RBAC) work together to make it simple to carry out these goals.

      Azure subscriptions

      First, remember that each Azure subscription is associated with a single Azure AD directory. Users, groups, and applications in that directory can manage resources in the Azure subscription. The subscriptions use Azure AD for single sign-on (SSO) and access management. You can extend your on-premises Active Directory to the cloud by using Azure AD Connect. This feature allows your employees to manage their Azure subscriptions by using their existing work identities. When you disable an on-premises Active Directory account, it automatically loses access to all Azure subscriptions connected with Azure AD.

      What is RBAC?

      Role-based access control (RBAC) is an authorization system built on Azure Resource Manager that provides fine-grained access management of resources in Azure. With RBAC, you can grant the exact access that users need to do their jobs. For example, you can use RBAC to let one employee manage virtual machines in a subscription while another manages SQL databases within the same subscription.

      What is role-based access control?

      You grant access by assigning the appropriate RBAC role to users, groups, and applications at a certain scope. The scope of a role assignment can be a subscription, a resource group, or a single resource. A role assigned at a parent scope also grants access to the child scopes contained within it. For example, a user with access to a resource group can manage all the resources it contains, like websites, virtual machines, and subnets. The RBAC role that you assign dictates what resources the user, group, or application can manage within that scope.

      The following diagram depicts how the classic subscription administrator roles, RBAC roles, and Azure AD administrator roles are related at a high level. Roles assigned at a higher scope, like an entire subscription, are inherited by child scopes, like service instances.

      rbac-admin-roles

      In the above diagram, a subscription is associated with only one Azure AD tenant. Also note that a resource group can have multiple resources but is associated with only one subscription. Although it’s not obvious from the diagram, a resource can be bound to only one resource group.

      What can I do with RBAC?

      RBAC allows you to grant access to Azure resources that you control. Suppose you need to manage access to resources in Azure for the development, engineering, and marketing teams. You’ve started to receive access requests, and you need to quickly learn how access management works for Azure resources.

      Here are some scenarios you can implement with RBAC.

      • Allow one user to manage virtual machines in a subscription and another user to manage virtual networks
      • Allow a database administrator group to manage SQL databases in a subscription
      • Allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets
      • Allow an application to access all resources in a resource group

      RBAC in the Azure portal

      In several areas in the Azure portal, you’ll see a pane named Access control (IAM), also known as identity and access management. On this pane, you can see who has access to that area and their role. Using this same pane, you can grant or remove access.

      The following shows an example of the Access control (IAM) pane for a resource group. In this example, has been assigned the Contributor role to myself for the GetPractical resource group.

      image

      How does RBAC work?

      You control access to resources using RBAC by creating role assignments, which control how permissions are enforced. To create a role assignment, you need three elements: a security principal, a role definition, and a scope. You can think of these elements as “who”, “what”, and “where”.

      1. Security principal (who)

      A security principal  is just a fancy name for a user, group, or application that you want to grant access to.

      image

      2. Role definition (what you can do)

      A role definition is a collection of permissions. It’s sometimes just called a role. A role definition lists the permissions that can be performed, such as read, write, and delete. Roles can be high-level, like Owner, or specific, like Virtual Machine Contributor.

      image

      Azure includes several built-in roles that you can use. The following lists four fundamental built-in roles:

      • Owner – Has full access to all resources, including the right to delegate access to others.
      • Contributor – Can create and manage all types of Azure resources, but can’t grant access to others.
      • Reader – Can view existing Azure resources.
      • User Access Administrator – Lets you manage user access to Azure resources.

      If the built-in roles don’t meet the specific needs of your organization, you can create your own custom roles.

      3. Scope (where)

      Scope is where the access applies to. This is helpful if you want to make someone a Website Contributor, but only for one resource group.

      In Azure, you can specify a scope at multiple levels: management group, subscription, resource group, or resource. Scopes are structured in a parent-child relationship. When you grant access at a parent scope, those permissions are inherited by the child scopes. For example, if you assign the Contributor role to a group at the subscription scope, that role is inherited by all resource groups and resources in the subscription.

      image

      Role assignment

      Once you have determined the who, what, and where, you can combine those elements to grant access. A role assignment is the process of binding a role to a security principal at a particular scope, for the purpose of granting access. To grant access, you create a role assignment. To revoke access, you remove a role assignment.

      The following example shows how the Marketing group has been assigned the Contributor role at the sales resource group scope.

      image

      RBAC is an allow model

      RBAC is an allow model. What this means is that when you are assigned a role, RBAC allows you to perform certain actions, such as read, write, or delete. So, if one role assignment grants you read permissions to a resource group and a different role assignment grants you write permissions to the same resource group, you will have read and write permissions on that resource group.

      RBAC has something called NotActions permissions. Use NotActions to create a set of allowed permissions. The access granted by a role, the effective permissions, is computed by subtracting the NotActions operations from the Actions operations. For example, the Contributor role has both Actions and NotActions. The wildcard (*) in Actions indicates that it can perform all operations on the control plane. Then you subtract the following operations in NotActions to compute the effective permissions:

      • Delete roles and role assignments
      • Create roles and role assignments
      • Grants the caller User Access Administrator access at the tenant scope
      • Create or update any blueprint artifacts
      • Delete any blueprint artifacts