This guide describes the steps needed to setup your Mobile and Remote Access (MRA) Endpoints for use in a Cisco dCloud Demonstration. The MRA endpoints are for corporate employees who are working remotely from a home office or other location.
The devices connect to the corporate network through the Collaboration Edge Architecture, which is reachable from anywhere on the internet. The Collaboration Edge Architecture is a pair of servers that spans the company network DMZ, connecting the internal corporate network with the public internet. Any communication from outside the corporate network is routed securely to the Unified Communications Manager without the use of VPN or other connection software.
Certificates handling
- The first step in setting up any of our MRA devices is to find the Public IP address and DNS A record for the VCS-Expressway server. This data is available under your demo Session Details Make a note of these values as you will need them for the rest of your demonstration.
Figure 1. Session Details
The DNS A record is in the form “vcse.collabedge-XXX.dc-YY.com” and that the XXX and YY values will be required several times in the demonstration.
- Using an external laptop, open a web browser and navigate to your assigned VCS-Expressway homepage via its public IP address that you noted above. Click Add Exception to continue. We will install the security certificates for this VCS-E server so it is a secure location and allows your computer inside the internal network.
Figure 2. Administrator Login
- Click on the security icon (the small lock) in the browser url box and choose View certificates. If using Internet Explorer, click Certificate error to continue.
Figure 3. Website Identification
- Click Certification Path
Figure 4. Certification Path
- Click the VeriSign certificate, click View Details, and in the pop-up window under Details, click the Copy to File… Save as a .cer file. NOTE: If the Copy to File option is greyed out, but sure that you have added the website to the trusted addresses list in your web browser. If this still does not fix the issue, you can copy the .cer files for this website from the desktop of Workstation 2 in the Cisco Business Video Experience v2 demonstration. Continue with this Show Me How guide once you have copied these files.
Figure 5. Certification Path and Details for VeriSign Certificate
- Follow the wizard and copy the certificate to your workstation. Follow the same procedure for the Symantec Class 3. We recommend choosing a location that is easy to find the files again, such as the machine Desktop.
Figure 6. Certification Path and Details for Symantec Class 3 Certificate
You now have both the certificates on your workstation.
Figure 7. Workstation Certificates
- Click the General tab and choose Install Certificate. Follow the wizard until you get a successful installation message. Install both certificates that you downloaded in the previous step.
Figure 8. Certificate Import Wizard
How to setup your Cisco Jabber for Windows MRA device
There are several possible devices to use as an MRA communications device. The first is Cisco Jabber for Windows. We will be using a physical laptop to setup and configure this device to connect via the Cisco Collaboration Edge solution.
If you are using a Mac, you can follow these same instructions for installing Cisco Jabber for Mac. The screen shots will be slightly different, but the steps should work the same.
Configuring the Cisco Jabber for Windows Software
- Download Cisco Jabber for Windows from Cisco.com. The tested release was version 11.
- If this is a previously configured client, please reset it using File > Reset Jabber
Figure 9. Reset Jabber Option
- Connect the workstation to the Internet via any public connection. This can be your home wireless, a customer’s guest network, or any other public internet connection. If you are a Cisco employee please ensure you create the guest account on the Blizzard SSID and then connect to the guest network intranet SSID to run the demonstration.
Cisco Employees – Cisco IT is blocking various media ports on the corporate firewall. Please make sure your utilizing a public connection when registering devices over MRA whether wireless or wired.
- If you are connected to the Blizzard SSID or the Cisco LAN at a Cisco location, you will need to perform the following steps:
- Open a web browser and navigate to https://internet.cisco.com. Sign On with your Cisco corporate ID and password.
Figure 10. Internet Account Sign In
- Click the Create Account icon.
- Enter the account details for a guest account. It can be any name, email, and company. Be sure the Guest role is set to Guest. Click Submit.
Figure 11. Create Custom Guest Account
- Disconnect from the Blizzard SSID. Connect to the internet SSID and log in as guest with the credentials you just created.
Figure 12. Wireless Network Options
- Next, click Advanced settings, choose the account Cisco IM & Presence and fill in the Server address tab with the demonstration Cisco IM & Presence address (198.18.133.4). Save your changes.
Figure 13. Advanced Settings
- Type in the demo user’s username with the suffix @collabedge-XXX.dc-YY.com and click Continue.
Figure 14. Cisco Jabber Demo User’s Username
- On the next page, type in the user’s password. Do not check the Sign me in when Cisco Jabber starts option. Click the Sign in button.
Figure 15. Cisco Jabber Sign In
Your Cisco Jabber for Windows client should appear now connected via MRA. It should be reachable from any other endpoint and should also be able to perform video calls to any LAN, MRA, or B2B endpoint.
While trying to register your MRA devices, you might experience errors during this process, which would not permit you to complete the MRA registration. These are known issues covered in the following bug reports:
If you see the following output on your endpoint, you will need to access the VSC-C server and check the logs page as shown below:
Figure 16. Cisco MRA Registration Error on Software Client
Figure 17. Cisco VCS-C Server Event Log Access
Filter your entries based on the user ID which you tried to use to register the device.
Figure 18. Cisco VCS-C Server Event Log
If you see a similar output to what is shown above, with the Request failed message, please double check your configuration, the credentials you are using, the Wi-Fi or Ethernet status connection, and the router kit VPN connection. Check for any alarm in the VCS-C or VCS-E servers which could point to a different problem source. If all of these steps do not solve the issue, then you are most likely experiencing the bugs listed in this note. The resolution for this issue is currently under investigation, there is currently no workaround available. We recommend that you shutdown and end this demonstration session and schedule a new session. This is an infrequent error, so we expect the new session should register MRA successfully. Alternatively, you can open a support case and request assistance from one of our support engineers through the Cisco dCloud Support page.
You can confirm that your endpoint is registered via MRA by checking that the Cisco Unified Communications Manager shows the endpoint IP address is 198.18.133.152, which is the same as the VCS-Control Server.
- To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
- Access the Cisco Unified Communications Manager server at https://198.18.133.3 and log in as administrator with password C1sco12345.
- Click Device > Phone.
- Search for a phone where Description contains *your user name* and click Find.
Figure 19. Cisco Unified CM Administration Actively Logged in Device Report
Another way to check is if you perform a call, for example to tadams@dcloud.cisco.com, you will see that call in the VCS logs. You can be sure you are using the Collaboration Edge pathway, if you see multiple legs in the call path. It will have the label Multiple Components under Protocol.
- To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
- Access the Cisco TelePresence VCS-C server at https://198.18.133.152 and log in as vcsadmin with password C1sco12345.
- Click Status > Calls > Calls.
Figure 20. Cisco TelePresence Video Communication Server Control
Figure 21. Cisco TelePresence Video Communication Server Control Call Status
- If you click the View link on the right, the call will be expanded to show all its components, demonstrating therefore that we have an MRA endpoint calling from outside the intranet.
Figure 22. Call Status Details
How to setup your Cisco Jabber for iPad and iPhone MRA device
- Download Jabber for iPhone/iPad from App Store. The tested release was version 10.5.1.
- Install it on your smartphone/tablet.
- If this is a previously configured client, please reset it using the Reset Jabber option.
Figure 23. Reset Jabber
- Connect the workstation to the Internet via any public connection. This can be your home wireless, a customer’s guest network, or any other public internet connection. If you are a Cisco employee please ensure you create the guest account on the Blizzard SSID and then connect to the guest network intranet SSID to run the demonstration.
Cisco Employees – Cisco IT is blocking various media ports on the corporate firewall. Please make sure your utilizing a public connection when registering devices over MRA whether wireless or wired.
- If you are connected to the Blizzard SSID or the Cisco LAN at a Cisco location, you will need to perform the following steps. If you are at any other customer location you can skip this step.
- Open a web browser and navigate to https://internet.cisco.com. Sign On with your Cisco corporate ID and password.
Figure 24. Wireless Network Options
- Click the Create Account icon.
- Enter the account details for a guest account. It can be any name, email, and company. Be sure the Guest role is set to Guest. Click Submit.
Figure 25. Wireless Network Options
- Disconnect from the Blizzard SSID. Connect to the internet SSID and log in as guest with the credentials you just created.
Figure 26. Wireless Network Options
- Next, click Advanced settings, choose the account Cisco IM & Presence and fill in the Server address tab with the demonstration Cisco IM & Presence address (198.18.133.4). Save your changes.
Figure 27. Advanced Settings
- Type in the demo user’s username with the suffix @collabedge-XXX.dc-YY.com and click Continue.
Figure 28. Cisco Jabber Demo User’s Username
- On the next page, type in the user’s password (C1sco12345) and do not check the Automatic sign-in Click the Sign in button.
Figure 29. Sign In
- Your Jabber for iPhone/iPad client should now appear connected. If you get a Certificate not valid error, just click Continue. If you get a Cannot locate server error just click login again.
Your Cisco Jabber for iPad/iPhone client should now appear connected. It should be reachable from any other endpoint and it should be able to perform video calls to any LAN, MRA or B2B endpoint.
Figure 30. Cisco Jabber Client for iPad/iPhone
While trying to register your MRA devices, you might experience errors during this process, which would not permit you to complete the MRA registration. These are known issues covered in the following bug reports:
If you see the following output on your endpoint, you will need to access the VSC-C server and check the logs page as shown below:
Figure 31. Cisco MRA Registration Error on Software Client
Figure 32. Cisco VCS-C Server Event Log Access
Filter your entries based on the user ID which you tried to use to register the device.
Figure 33. Cisco VCS-C Server Event Log
If you see a similar output to what is shown above, with the Request failed message, please double check your configuration, the credentials you are using, the Wi-Fi or Ethernet status connection, and the router kit VPN connection. Check for any alarm in the VCS-C or VCS-E servers which could point to a different problem source. If all of these steps do not solve the issue, then you are most likely experiencing the bugs listed in this note. The resolution for this issue is currently under investigation, there is currently no workaround available. We recommend that you shutdown and end this demonstration session and schedule a new session. This is an infrequent error, so we expect the new session should register MRA successfully. Alternatively, you can open a support case and request assistance from one of our support engineers through the Cisco dCloud Support page.
You can confirm that your endpoint is registered via MRA by checking that the Cisco Unified Communications Manager shows the endpoint IP address as 198.18.133.152, which is the same as the VCS-Control Server.
- To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
- Access the Cisco Unified Communications Manager server at https://198.18.133.3 and log in as administrator with password C1sco12345.
- Click Device > Phone.
- Search for a phone where Description contains *your user name* and click Find.
Figure 34. Cisco TelePresence Video Communication Server Control
Another way to check is if you perform a call, for example to tadams@dcloud.cisco.com, you will see that call in the VCS logs. You can be sure you are using the Collaboration Edge pathway, if you see multiple legs in the call path. It will have the label Multiple Components under Protocol.
- To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
- Access the Cisco TelePresence VCS-C server at https://198.18.133.152 and log in as vcsadmin with password C1sco12345.
- Click Status > Calls > Calls.
Figure 35. Cisco TelePresence Video Communication Server Control
Figure 36. Cisco TelePresence Video Communication Server Control
- If you click the View link in the right, the call will be expanded to show all its components, demonstrating therefore that we have an MRA endpoint calling from outside the intranet.
Figure 37. Call Status
How to setup your Cisco IP Phone 88×5 MRA device
Cisco Employees – Cisco IT is blocking various media ports on the corporate firewall. Please make sure your utilizing a public connection when registering devices over MRA whether wireless or wired.
- If you are using an IP phone that has wireless connectivity, follow the instructions in this step. If it does not, then you will need to connect the IP phone via LAN to a public internet connection. DO NOT connect your MRA devices to the Cisco corporate LAN.
- Connect the IP phone to the Internet via any public connection. This can be your home wireless, a customer’s guest network, or any other public internet connection. If you are a Cisco employee please ensure you create the guest account on the Blizzard SSID and then connect to the guest network intranet SSID to run the demonstration.
- If you are connected to the Blizzard SSID you will need to perform the remainder of this Step 1. If your IP Phone is connected via LAN, you can skip to Step 2 of this section.
- Open a web browser and navigate to https://internet.cisco.com. Sign On with your Cisco corporate ID and password.
Figure 38. Wireless Network Options
- Click the Create Account icon.
- Enter the account details for a guest account. It can be any name, email, and company. Be sure the Guest role is set to Guest. Click Submit.
Figure 39. Wireless Network Options
- Disconnect from the Blizzard SSID. Connect to the internet SSID and log in as guest with the credentials you just created.
Figure 40. Wireless Network Options
- To start the lab with a clean slate on your device and to prevent any issues from previous configuration, it is recommended to Factory Reset your 88×5 devices.
- 88×5 reset
- Unplug the power from the 88×5 and wait 5 seconds
- Hold the # button and plug the phone back in
- When the light on the Mute button turns off, press 123456789*0# in sequence
- After you press these buttons, the phone goes through the factory reset process. Do not power down the phone until it completes the factory reset process and the main screen appears
- 88×5 reset
- Wait for the phone to boot back up.
- Next, add the unit to the Cisco Unified Communications Manager using the standard process of replacing the dummy MAC address with your endpoint MAC address. For more information on this procedure, see the Phone Provisioning Using Cisco Unified Communications Manager Show Me How.
- Using the Keypad, enter Service domain provided by the Session Details tab in your dCloud session. The format will be collabedge-XXX.dc-0X.com.
- Fill in the Username / Password based on the desired user.
- Press the softkey button for Sign in.
- The 88×5 should now be registered to Unified CM via MRA.
While trying to register your MRA devices, you might experience errors during this process, which would not permit you to complete the MRA registration. These are known issues covered in the following bug reports:
If you see the following output on your endpoint, you will need to access the VSC-C server and check the logs page as shown below:
Figure 38. Cisco MRA Registration Error on Hardware Endpoint
Figure 39. Cisco VCS-C Server Event Log Access
Filter your entries based on the user ID which you tried to use to register the device.
Figure 40. Cisco VCS-C Server Event Log
If you see a similar output to what is shown above, with the Request failed message, please double check your configuration, the credentials you are using, the Wi-Fi or Ethernet status connection, and the router kit VPN connection. Check for any alarm in the VCS-C or VCS-E servers which could point to a different problem source. If all of these steps do not solve the issue, then you are most likely experiencing the bugs listed in this note. The resolution for this issue is currently under investigation, there is currently no workaround available. We recommend that you shutdown and end this demonstration session and schedule a new session. This is an infrequent error, so we expect the new session should register MRA successfully. Alternatively, you can open a support case and request assistance from one of our support engineers through the Cisco dCloud Support page.
- You can confirm that your endpoint is registered via MRA by checking that the Cisco Unified Communications Manager shows the endpoint IP address as 198.18.133.152, which is the same as the VCS-Control Server. To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
- Access the Cisco Unified Communications Manager server at http://198.18.133.3 and log in as administrator with password C1sco12345.
- Click Device > Phone.
- Search for a phone where Description contains *your user name* and click Find.
Figure 41. Cisco TelePresence Video Communication Server Control
- Another way to check is if you perform a call, for example to tadams@dcloud.cisco.com, you will see that call in the VCS logs. You can be sure you are using the Collaboration Edge pathway, if you see multiple legs in the call path. It will have the label Multiple Components under Protocol.
- To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
- Access the Cisco TelePresence VCS-C server at http://198.18.133.152 and log in as vcsadmin with password C1sco12345.
- Click Status > Calls > Calls.
Figure 42. Cisco TelePresence Video Communication Server Control
Figure 43. Cisco TelePresence Video Communication Server Control
- If you click the View link in the right, the call will be expanded to show all its components, demonstrating therefore that we have an MRA endpoint calling from outside the intranet.
Figure 44. Cisco TelePresence Video Communication Server Control
How to setup your Cisco DX MRA device
Cisco Employees – Cisco IT is blocking various media ports on the corporate firewall. Please make sure your utilizing a public connection when registering devices over MRA whether wireless or wired.
- If you are using a DX device that has wireless connectivity, follow the instructions in this step. If it does not, then you will need to connect the IP phone via LAN to a public internet connection. DO NOT connect your MRA devices to the Cisco corporate LAN..
- Connect the IP phone to the Internet via any public connection. This can be your home wireless, a customer’s guest network, or any other public internet connection. If you are a Cisco employee please ensure you create the guest account on the Blizzard SSID and then connect to the guest network intranet SSID to run the demonstration.
- If you are connected to the Blizzard SSID you will need to perform the remainder of this Step 1. If your IP Phone is connected via LAN, you can skip to Step 2 of this section.
- Open a web browser and navigate to https://internet.cisco.com. Sign On with your Cisco corporate ID and password.
Figure 45. Wireless Network Options
- Click the Create Account icon.
- Enter the account details for a guest account. It can be any name, email, and company. Be sure the Guest role is set to Guest. Click Submit.
Figure 46. Wireless Network Options
- Disconnect from the Blizzard SSID. Connect to the internet SSID and log in as guest with the credentials you just created.
Figure 47. Wireless Network Options
- To start the lab with a clean slate on your device and to prevent any issues from previous configuration, it is recommended to Factory Reset your DX devices.
- DX reset
- Open Settings
- Tap Backup & reset
- Tap Factory data reset
- Tap Reset device
- Tap Erase everything
- DX reset
- After boot up from factory reset, tap Getting started.
If the DX has no network connectivity at boot up, then it may go to the desktop after tapping Getting Started. If this happens, verify you have network connectivity and run the setup wizard again by tapping Applications [], Settings [
], and then Setup assistant. Tap Getting started again.
- At the Enter TFTP server screen, tap Expressway near the bottom.
Figure 48. TFTP Settings
- Enter the Service domain provided by the Session Details tab in your dCloud session or provided by your instructor. The format will be collabedge-XXX.dc-0X.com.
- Fill in the Username / Password based on the desired user.
- Tap Sign in and proceed until the end of the initial configuration:
- Tap Allow and then I accept for the Cisco WebEx Meetings prompts
- Tap Skip four times
- Tap Continue
- The DX should now be registered to Unified CM via MRA.
While trying to register your MRA devices, you might experience errors during this process, which would not permit you to complete the MRA registration. These are known issues covered in the following bug reports:
If you see the following output on your endpoint, you will need to access the VSC-C server and check the logs page as shown below:
Figure 49. Cisco MRA Registration Error on Hardware Endpoint
Figure 50. Cisco VCS-C Server Event Log Access
Filter your entries based on the user ID which you tried to use to register the device.
Figure 51. Cisco VCS-C Server Event Log
If you see a similar output to what is shown above, with the Request failed message, please double check your configuration, the credentials you are using, the Wi-Fi or Ethernet status connection, and the router kit VPN connection. Check for any alarm in the VCS-C or VCS-E servers which could point to a different problem source. If all of these steps do not solve the issue, then you are most likely experiencing the bugs listed in this note. The resolution for this issue is currently under investigation, there is currently no workaround available. We recommend that you shutdown and end this demonstration session and schedule a new session. This is an infrequent error, so we expect the new session should register MRA successfully. Alternatively, you can open a support case and request assistance from one of our support engineers through the Cisco dCloud Support page.
- You can confirm that your endpoint is registered via MRA by checking that the Cisco Unified Communications Manager shows the endpoint IP address as 198.18.133.152, which is the same as the VCS-Control Server.
- To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
- Access the Cisco Unified Communications Manager server at http://198.18.133.3 and log in as administrator with password C1sco12345.
- Click Device > Phone.
- Search for a phone where Description contains *your user name* and click Find.
Figure 52. Find and List Phones
Another way to check is if you perform a call, for example to tadams@dcloud.cisco.com, you will see that call in the VCS logs. You can be sure you are using the Collaboration Edge pathway, if you see multiple legs in the call path. It will have the label Multiple Components under Protocol.
- To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
- Access the Cisco TelePresence VCS-C server at http://198.18.133.152 and log in as vcsadmin with password C1sco12345.
- Click Status > Calls > Calls.
Figure 53. Calls
Figure 54. Call Status
- If you click the View link in the right, the call will be expanded to show all its components, demonstrating therefore that we have an MRA endpoint calling from outside the intranet.
Figure 55. Call Status