Cisco CUCM – MRA (Mobile and Remote Access) – Overview

Hey guys,

Today I’m going to talk about a very useful solution, part of the Cisco Collaboration Edge Architecture: MRA.
This post is going to be the first part, to cover the concepts, requirements and compatibilities.

Basically, MRA (Cisco Unified Communications Mobile and Remote Access) allows endpoints such as Cisco Jabber to have their registration, call control, provisioning, messaging and presence services provided by CUCM when the endpoint is outside the enterprise network. The Expressway provides secure firewall traversal and line-side support for Unified CM registrations.

This solution supports a hybrid on-premises and cloud-based service model. It provides a secure connection for Jabber application traffic and other devices with the required capabilities to communicate without having to connect to a VPN. It is a device and operating system agnostic solution for Cisco Jabber clients on Windows, Mac, iOS and Android platforms.

MRA allows Jabber clients that are outside the enterprise to do the following:

  • Use Instant Messaging and Presence services
  • Make voice and video calls
  • Search the corporate directory
  • Share content
  • Launch a web conference
  • Access visual voicemail

Components

MRA requires Expressway (Expressway-C and Expressway-E) and Unified CM, with MRA-compatible soft clients and/or fixed endpoints. The solution can optionally include the IM and Presence Service and Unity Connection.

Product Versions

image

Protocols

image

Compatible Endpoints

image

If you are deploying any of these devices to register with Cisco Unified Communications Manager through MRA, be aware of the following points. For DX endpoints, these considerations only apply to Android-based devices and do not apply to DX70 or DX80 devices running CE software:

  • Trust list: You cannot modify the root CA trust list on Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series devices. Make sure that the Expressway-E’s server certificate is signed by one of the CAs that the devices trust, and that the CA is trusted by the Expressway-C and the Expressway-E.

  • Off-hook dialling: The way KPML dialling works between these devices and Unified CM means that you need Cisco Unified Communications Manager 10.5(2)SU2 or later to be able to do off-hook dialling via MRA. You can work around this dependency by using on-hook dialling.

Cisco CUCM Requirements

CUCM dial plan will not be impacted by devices registering via Expressway. Remote and mobile devices still register directly to Unified CM and their dial plan will be the same as when it is registered locally.

Unified CM nodes and Expressway peers can be located in different domains. For example, your Unified CM nodes may be in the enterprise.com domain and your Expressway system may be in the edge.com domain.

In this case, Unified CM nodes must use IP addresses or FQDNs for the Server host name / IP address to ensure that Expressway can route traffic to the relevant Unified CM nodes.

Unified CM servers and IM and Presence Service servers must share the same domain.

  • Certificates

Two certificates on CUCM are significant for Mobile and Remote Access: CallManager certificate and Tomcat certificate.
PS:
If you do use self-signed certificates, the two certificates must have different common names. The Expressway does not allow two self-signed certificates with the same CN. So if the CallManager and tomcat self-signed certificates have the same CN in the Expressway’s trusted CA list, the Expressway can only trust one of them. This means that either secure HTTP or secure SIP, between Expressway-C and Cisco Unified Communications Manager, will fail.

The Expressway certificate signing request (CSR) tool prompts for and incorporates the relevant Subject Alternative Name (SAN) entries as appropriate for the Unified Communications features that are supported on that Expressway.

The Expressway-C server certificate must include the following elements in its list of subject alternate names: Unified CM phone security profile names and
IM and Presence chat node aliases (federated group chat)

The Expressway-E server certificate needs to include the following elements in its list of subject alternative names (SAN): Unified CM registrations domains, XMPP federation domains and IM and Presence chat node aliases (federated group chat)

That’s it for today guys….just an overview.
In the next posts, I’m going to go a bit deeper in the configuration.

Hope you’ve enjoyed!

See ya!

Bruno

Cisco Single Number Reach

Hey guys!
Here is Bruno, and I’ll be in charge of the Cisco side of this Blog, more specifically, Collaboration.

For my opening post, I’d like to talk about a feature on CUCM that, due all this pandemic situation, is being largely implemented.


Cisco Single Number Reach (SNR), or known as Mobile Connect, is a feature which allows users to answer incoming calls to their extension on either their desktop IP phone or at a remote destination, such as a mobile phone. 

As many companies had to send employees to work from home, SNR becomes really useful to cover some gaps you may have in your infrastructure.

To give you some practical examples, there were 2 situations where I configured SRN to save user’s life.
In the first, a small company didn’t have a good infra to send users to home (lack of bandwidth, poor VPN) and in the second, users were vendors and firewalls didn’t allow them to have Jabber connected to VPN.
In both situations, users had to receive calls from a queue on UCCX.
I came up with SNR for both cases, so users could work from home, and even though they weren’t using any softphone, they could answer calls coming from they extension.

Although Cisco does not mention in its Documentation, I configured and tested SNR with UCCX with success  Smile

So, how does this work?

When a call comes in to your Extension Number,  SNR will reroute the call not only to a DN, but also to your remote number, that can be your mobile phone. If needed, you can configure rerouting to a group of remote numbers that belong to an employee.
In other words, SNR provides you a functionality similar to Shared Line. The difference is that in this case a shared line is organized between an office phone and some remote device that isn’t necessary in a cluster, not between the phones within a cluster.

image
Said that, let’s get down to business!

What do you need to configure?

Configuring End User

Configuring Remote Destination Profile

Configuring Remote Destination

Configuring End User

In the End User page, make sure the Device is already associated in the Controlled Devices and its Line is assigned as Primary Line

imageimage

Check the Enable Mobility check box. You can also, modify the Maximum Wait Time for Desk Pickup and Remote Destination Limit if required. Moreover, the default values can be seen in the image.

image

Configuring Remote Destination Profile

Time to create a new Remote Destination Profile.
On CUCM, go to Device > Device Settings > Remote Destination Profile > Add new

You can choose any name, associate your user ID, give a calling search space and a rerouting CSS.
CUCM attempts to reach the remote destination through the Rerouting calling search Space.

image

Click Save, now you can see an option to add a new Directory number (DN) .

Click Add a new DN to navigate to directory number configuration, where you need to specify the directory number of the desk phone with which you need to associate the RDP and then click Save.

imageimage

Configuring Remote Destination

Time to configure the Remote Destination.
Specify the Destination number, as this is the number for your Remote destination.
Ensure that the check box, Enable Unified Mobility features, Enable Single Number Reach, Enable Move to Mobile is checked.

Single Number Reach Voicemail Policy provides two options: Timer control and User Control, of which the former one is default.

Under the section Timer information, you can specify the amount of delay before which the Remote Destination should ring.
In case if the Remote Destination is required to ring immediately, you should set the Wait as 0.
It is also important to calibrate the time in which the service provider of the remote destination sends the call to the voice-mail of the remote destination. The Stop ringing this phone after value should be set lesser then that to ensure that call does not go to the voicemail of the cell phone. This time value is specified against Stop ringing this phone after.

image

If the SNR voicemail policy is configured for User Control, timer information changes as shown in the image:

In case the SNR configuration needs to be restricted based on time and day then these options are modified as required. If no restriction is needed to be applied then Ring Schedule should be set to All the time and When receiving a call  during the above ring schedule should be set to Always ring this destination.
After you complete the configuration of remote destination, click Save.

IMPORTANT STEP!!!
Check the checkbox, which is next to the line and click Save.

image

That’s all guys!
I hope this post will help you out!

See ya!

Bruno Falco