Last updated:
30-NOV-2014

Collaboration Edge Mobile and Remote Access Endpoint Setup

This guide describes the steps needed to setup your Mobile and Remote Access (MRA) Endpoints for use in a Cisco dCloud Demonstration. The MRA endpoints are for corporate employees who are working remotely from a home office or other location.

The devices connect to the corporate network through the Collaboration Edge Architecture, which is reachable from anywhere on the internet. The Collaboration Edge Architecture is a pair of servers that spans the company network DMZ, connecting the internal corporate network with the public internet. Any communication from outside the corporate network is routed securely to the Unified Communications Manager without the use of VPN or other connection software.

Certificates handling

  1. The first step in setting up any of our MRA devices is to find the Public IP address and DNS A record for the VCS-Expressway server. This data is available under your demo Session Details Make a note of these values as you will need them for the rest of your demonstration.

Figure 1.        Session Details mra-01

The DNS A record is in the form “vcse.collabedge-XXX.dc-YY.com” and that the XXX and YY values will be required several times in the demonstration.

  1. Using an external laptop, open a web browser and navigate to your assigned VCS-Expressway homepage via its public IP address that you noted above. Click Add Exception to continue. We will install the security certificates for this VCS-E server so it is a secure location and allows your computer inside the internal network.

Figure 2.        Administrator Login

mra-02

  1. Click on the security icon (the small lock) in the browser url box and choose View certificates. If using Internet Explorer, click Certificate error to continue.

Figure 3.        Website Identification

mra-03

  1. Click Certification Path

Figure 4.        Certification Path

mra-04

  1. Click the VeriSign certificate, click View Details, and in the pop-up window under Details, click the Copy to File… Save as a .cer file. NOTE: If the Copy to File option is greyed out, but sure that you have added the website to the trusted addresses list in your web browser. If this still does not fix the issue, you can copy the .cer files for this website from the desktop of Workstation 2 in the Cisco Business Video Experience v2 demonstration. Continue with this Show Me How guide once you have copied these files.

Figure 5.        Certification Path and Details for VeriSign Certificate

mra-05

  1. Follow the wizard and copy the certificate to your workstation. Follow the same procedure for the Symantec Class 3. We recommend choosing a location that is easy to find the files again, such as the machine Desktop.

Figure 6.        Certification Path and Details for Symantec Class 3 Certificate

mra-06

You now have both the certificates on your workstation.

Figure 7.        Workstation Certificates

mra-07

  1. Click the General tab and choose Install Certificate. Follow the wizard until you get a successful installation message. Install both certificates that you downloaded in the previous step.

Figure 8.        Certificate Import Wizard

mra-08

How to setup your Cisco Jabber for Windows MRA device

There are several possible devices to use as an MRA communications device. The first is Cisco Jabber for Windows. We will be using a physical laptop to setup and configure this device to connect via the Cisco Collaboration Edge solution.

If you are using a Mac, you can follow these same instructions for installing Cisco Jabber for Mac. The screen shots will be slightly different, but the steps should work the same.

Configuring the Cisco Jabber for Windows Software

  1. Download Cisco Jabber for Windows from Cisco.com. The tested release was version 10.5.2.
  1. Install Jabber for Windows on your Windows workstation, the same one where you previously performed the certificates acceptance procedure.
  1. Connect the workstation to your dCloud router kit. If you are using WiFi, please be sure you are connected to the correct SSID (the one from your dCloud router-kit).

Figure 9.        SSID

mra-09

If this is a previously configured client, please reset it using File > Reset Jabber

Figure 10.       Reset Jabber Option

mra-10

  1. Next, click Advanced settings, choose the account Cisco IM & Presence and fill in the Server address tab with the demonstration Cisco IM & Presence address (198.18.133.4). Save your changes.

Figure 11.      Advanced Settings

mra-11

  1. Type in the demo user’s username with the suffix @collabedge-XXX.dc-YY.com and click Continue.

Figure 12.      Cisco Jabber Demo User’s Username

mra-12

  1. On the next page, type in the user’s password. Do not check the Sign me in when Cisco Jabber starts option. Click the Sign in button.

Figure 13.      Cisco Jabber Sign In

mra-13

Your Cisco Jabber for Windows client should appear now connected.

Figure 14.      Cisco Jabber for Windows Client

mra-14

  1. Do not perform any call at this stage, as the endpoint is not yet registered as an MRA device and video would not work bi-directionally. Instead, sign out by choosing File > Sign out.

Figure 15.      Sign Out

mra-15

  1. Next, connect the workstation to the Internet via any available public connection. This can be your home wireless, a customer’s guest network, or any other public internet connection. If you are a Cisco employee please ensure you are NOT connected to Cisco’s intranet SSID, use the guest network instead as shown below.

Figure 16.      SSID

mra-16

  1. If you are connected to the internet SSID at a Cisco location, you will need to perform the following steps:
  • Click the Create Account icon. mra-create-account
  • Enter account details for a guest account. It can be any name, email, and company. Be sure the Guest role is set to Guest. Click Submit. You can now log in as the guest to the internet SSID.
  1. Open the Cisco Jabber client and see that the demo username is already pre-filled. The domain information is not necessary anymore.

Figure 17.      Cisco Jabber Sign In

mra-17

  1. Type in the user’s password and do not check the Sign me in when Cisco Jabber starts option. Click Sign In. If you get an error, press Sign In again. Your Cisco Jabber for Windows client should now appear connected via MRA. It should be reachable from any other endpoint and should also be able to perform video calls to any LAN, MRA or B2B endpoint.

Figure 18.      Cisco Jabber Windows Client

mra-18

You can confirm that your endpoint is registered via MRA by checking that the Cisco Unified Communications Manager shows the endpoint IP address is 198.18.133.152, which is the same as the VCS-Control Server.

  1. To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
  1. Access the Cisco Unified Communications Manager server at https://198.18.133.3 and log in as administrator with password C1sco12345.
  1. Click Device > Phone.
  1. Search for a phone where Description contains *your user name* and click Find.

Figure 19.      Cisco Unified CM Administration Actively Logged in Device Report

mra-19

Another way to check is if you perform a call, for example to tadams@dcloud.cisco.com, you will see that call in the VCS logs. You can be sure you are using the Collaboration Edge pathway, if you see multiple legs in the call path. It will have the label Multiple Components under Protocol.

  1. To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
  1. Access the Cisco TelePresence VCS-C server at https://198.18.133.152 and log in as vcsadmin with password C1sco12345.
  1. Click Status > Calls > Calls.

Figure 20.      Cisco TelePresence Video Communication Server Control

mra-20

Figure 21.      Cisco TelePresence Video Communication Server Control Call Status

mra-21

  1. If you click the View link on the right, the call will be expanded to show all its components, demonstrating therefore that we have an MRA endpoint calling from outside the intranet.

Figure 22.      Call Status Details

mra-22

 

How to setup your Cisco Jabber for iPad and iPhone MRA device

  1. Download Jabber for iPhone/iPad from App Store. The tested release was version 10.5.1.
  1. Install it on your smartphone/tablet.
  1. Connect the device to your dCloud router kit SSID. The password for your router kit wifi network is in the demonstration dashboard under Session details.

Figure 23.      SSID

mra-23

  • If this is a previously configured client, please reset it using the Reset Jabber option.

Figure 24.      Reset Jabber

mra-24

  1. Next, click Advanced settings, choose the account Cisco IM & Presence and fill in the Server address tab with the demonstration Cisco IM & Presence address (198.18.133.4). Save your changes.

Figure 25.      Advanced Settings

MRA iphone edit

 

  1. Type in the demo user’s username with the suffix @collabedge-XXX.dc-YY.com and click Continue.

Figure 26.      Cisco Jabber Demo User’s Username

mra-26

  1. On the next page, type in the user’s password and do not check the Automatic sign-in Click the Sign in button.

Figure 27.      Sign In

mra-27

  1. Your Jabber for iPhone/iPad client should now appear connected. If you get a Certificate not valid error, just click Continue. If you get a Cannot locate server error just click login again.

Figure 28.      Connection

mra-28

  1. Do not perform any call at this stage, as the endpoint is not yet registered as an MRA device and video would not work bi-directionally. Instead, sign out by clicking Sign out.

Figure 29.      Sign Out

mra-29

  1. Connect the device to the Internet via any available public connection. This can be your home wireless, a customer’s guest network, or any other public internet connection. If you are a Cisco employee please be sure you are NOT connected to Cisco’s intranet SSID, use the guest network instead as shown below.

Figure 30.      SSID

mra-30

  1. If you are connected to the internet SSID at a Cisco location, you will need to perform the following steps:
  • Click the Create Account icon. mra-create-account
  • Enter account details for a guest account. It can be any name, email, and company. Be sure the Guest role is set to Guest. Click Submit. You can now log in as the guest to the internet SSID.
  1. Go back to the Jabber client, where the demo user’s username is already pre-filled. The domain is not necessary anymore.

Figure 31.      Cisco Jabber

mra-31

  1. Type in the user’s password and do not check the Sign me in when Cisco Jabber starts option. Click the Sign in button. If you get the following error click the Sign in button again.

Figure 32.      Cisco Jabber Sign In Error

mra-32

Your Cisco Jabber for iPad/iPhone client should now appear connected. It should be reachable from any other endpoint and it should be able to perform video calls to any LAN, MRA or B2B endpoint.

Figure 33.      Cisco Jabber Client for iPad/iPhone

mra-33

You can confirm that your endpoint is registered via MRA by checking that the Cisco Unified Communications Manager shows the endpoint IP address as 198.18.133.152, which is the same as the VCS-Control Server.

  1. To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
  1. Access the Cisco Unified Communications Manager server at https://198.18.133.3 and log in as administrator with password C1sco12345.
  1. Click Device > Phone.
  1. Search for a phone where Description contains *your user name* and click Find.

Figure 34.      Cisco TelePresence Video Communication Server Control

mra-34

Another way to check is if you perform a call, for example to tadams@dcloud.cisco.com, you will see that call in the VCS logs. You can be sure you are using the Collaboration Edge pathway, if you see multiple legs in the call path. It will have the label Multiple Components under Protocol.

  1. To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
  1. Access the Cisco TelePresence VCS-C server at https://198.18.133.152 and log in as vcsadmin with password C1sco12345.
  1. Click Status > Calls > Calls.

Figure 35.      Cisco TelePresence Video Communication Server Control

mra-35

Figure 36.      Cisco TelePresence Video Communication Server Control

mra-36

  1. If you click the View link in the right, the call will be expanded to show all its components, demonstrating therefore that we have an MRA endpoint calling from outside the intranet.

Figure 37.      Call Status

mra-37

 

How to setup your Cisco TelePresence EX MRA device

  1. Connect your unit to any Internet point of access, such as a home, hotel, or customer’s LAN that is NOT connected to your Cisco dCloud demonstration.
  1. From a laptop connected to this same network, browse to the web interface for the TelePresence device. The web interface address for the TelePresence device is the same as the device’s IP address. Sign in with your device’s admin username and password. The default login is username admin with a blank password.

Figure 38.      VCSC Call Status

mra-38

  • If this unit was previously used for other purposes you may need to reset it, maintaining only the options and activation keys. Resetting the device will help to avoid any misconfiguration due to previous settings.

In the next section, you will be installing the Collaboration Edge certificates on your TelePresence device. You will only need to install these certificates on your device one time, no matter how many Collaboration Edge enabled demonstrations you run. If you have already installed these onto your device you can proceed to the device configuration section.

Your device must use TC software version 7.0.2 to register via MRA in this demonstration. If your device is not at that software level and you do not have access to it, you can find a copy of TC7.0.2 on the Workstation 2 desktop. The file name is s52000tc7_0_2.pkg. You can access this file directly from your endpoint LAN or you can download it to your PC first and use it locally. An FTP server is available on Workstation 2 for this purpose. Access it at Start > All Programs > 3CDaemon > 3CDaemon. Perform this upgrade/downgrade to TC7.0.2 before continuing to the next step.

  1. Once reset, you can access the security settings by clicking Configuration > Security.

Figure 39.      Configuration > Security

mra-39

  1. Once you have browsed to this menu, click the CAs tab. No Certificate Authorities may be available in the list; therefore you will need to add the certificates from your Cisco dCloud demonstration.

Figure 40.      CAs Tab

mra-40

  1. Click the Browse.. button and in the pop-up window choose one of the certificates you downloaded at the beginning of this Show Me How.

Figure 41.      File Upload

mra-41

  1. Click Open. This will return you to the device CAs tab. Click Add certificate authority.

Figure 42.      Add Certificate Authority

mra-42

  1. Repeat the previous steps in order to add the second certificate. When both certificates are installed on the TelePresence unit, you should reboot it.

Figure 43.      Certificates

mra-43

You can now proceed with the device configuration either via GUI or via the touch panel. If you are using a C series endpoint, you may also use the remote controller instead.

  1. First, add the unit to the Cisco Unified Communications Manager using the standard process of replacing the dummy MAC address with your endpoint MAC address. For more information on this procedure, see the Phone Provisioning Using Cisco Unified Communications Manager Show Me How.

Figure 44.      Phone Configuration

mra-44

  1. On the unit touch panel, press the Settings option in the main menu.

Figure 45.      Not Registered

mra-45

  1. Press the Administrator menu option.

Figure 46.      Settings

mra-46

  1. Log in with your admin credentials. The default login is username admin with a blank password.

Figure 47.      Settings

mra-47

  1. Choose the Provisioning tab and press Start.

Figure 48.      Provisioning

mra-48

  1. Choose the Cisco UCM via Expressway option and press Next.

Figure 49.      Configure Your TelePresence Unit

mra-49

  1. Fill in the required information in the configuration fields, making sure you use your assigned VCS-Expressway DNS A record for the External Manager, and then press Register.

Figure 50.      Configure Your TelePresence Unit

mra-50

  1. The unit will try to register to the VCS-Expressway.

Figure 51.      System Confirmation In Progress

mra-51

  1. You may get the following errors:

Figure 52.      Errors

mra-52

  1. If you do see these errors, please re-enter the requested information and press Register again, until you get a successful registration message. We suggest you wait a few minutes between registration attempts.

Figure 53.      Cisco EX90 Registered

mra-53

  1. Press Ok.

You can confirm that your endpoint is registered via MRA by checking that the Cisco Unified Communications Manager shows the endpoint IP address as 198.18.133.152, which is the same as the VCS-Control Server.

  1. To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
  1. Access the Cisco Unified Communications Manager server at http://198.18.133.3 and log in as administrator with password C1sco12345.
  1. Click Device > Phone.
  1. Search for a phone where Description contains *your user name* and click Find.

Figure 54.      Find and List Phones

mra-54

Another way to check is if you perform a call, for example to tadams@dcloud.cisco.com, you will see that call in the VCS logs. You can be sure you are using the Collaboration Edge pathway, if you see multiple legs in the call path. It will have the label Multiple Components under Protocol.

  1. To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
  1. Access the Cisco TelePresence VCS-C server at http://198.18.133.152 and log in as vcsadmin with password C1sco12345.
  1. Click Status > Calls > Calls.

Figure 55.      Calls

mra-55

Figure 56.      Call Status

mra-56

  1. If you click the View link in the right, the call will be expanded to show all its components, demonstrating therefore that we have an MRA endpoint calling from outside the intranet.

Figure 57.      Call Status

mra-57