This guide describes the steps needed to setup your Mobile and Remote Access (MRA) Endpoints for use in a Cisco dCloud Demonstration. The MRA endpoints are for corporate employees who are working remotely from a home office or other location.

The devices connect to the corporate network through the Collaboration Edge Architecture, which is reachable from anywhere on the internet. The Collaboration Edge Architecture is a pair of servers that spans the company network DMZ, connecting the internal corporate network with the public internet. Any communication from outside the corporate network is routed securely to the Unified Communications Manager without the use of VPN or other connection software.

Certificates handling

1. The first step in setting up any of our MRA devices is to find the Public IP address and DNS A record for the VCS-Expressway server. This data is available under your demo Session Details Make a note of these values as you will need them for the rest of your demonstration.

Figure 1. Session Details

The DNS A record is in the form “vcse.collabedge-XXX.dc-YY.com” and that the XXX and YY values will be required several times in the demonstration.

2. Using an external laptop, open a web browser and navigate to your assigned VCS-Expressway homepage via its public IP address that you noted above. Click Add Exception to continue. We will install the security certificates for this VCS-E server so it is a secure location and allows your computer inside the internal network.

Figure 2. Administrator Login

3. Click on the security icon (the small lock) in the browser url box and choose View certificates. If using Internet Explorer, click Certificate error to continue.

Figure 3. Website Identification

4. Click Certification Path

Figure 4. Certification Path

5. Click the VeriSign (The Root Certificate) certificate, click View Details, and in the pop-up window under Details, click the Copy to File… Save as a .cer file. NOTE: If the Copy to File option is greyed out, but sure that you have added the website to the trusted addresses list in your web browser.

Figure 5. Certification Path and Details for VeriSign Certificate

6. Follow the wizard and copy the certificate to your workstation. Follow the same procedure for the Symantec Class 3. We recommend choosing a location that is easy to find the files again, such as the machine Desktop.

Figure 6. Certification Path and Details for Symantec Class 3 Certificate

You now have both the certificates on your workstation.

Figure 7. Workstation Certificates

7. Click the General tab and choose Install Certificate. Follow the wizard until you get a successful installation message. Install both certificates that you downloaded in the previous step.

Figure 8. Certificate Import Wizard

How to setup your Cisco Jabber for Windows MRA device

There are several possible devices to use as an MRA communications device. The first is Cisco Jabber for Windows. We will be using an external physical laptop to setup and configure this device to connect via the Cisco Collaboration Edge solution.

If you are using a Mac, you can follow these same instructions for installing Cisco Jabber for Mac. The screen shots will be slightly different, but the steps should work the same.

Configuring the Cisco Jabber for Windows Software

1. Download Cisco Jabber for Windows from Cisco.com. The tested release was version 11.5.
2. If you have a previously installed/configured client, please reset it using File > Reset Jabber (Upgrade to latest version is preferred).

Figure 9. Reset Jabber Option

3. Connect the workstation to the Internet via any public connection. This can be your home wireless, a customer’s guest network, or any other public internet connection. If you are a Cisco employee please ensure you create the guest account on the Blizzard SSID and then connect to the guest network intranet SSID to run the demonstration.

Cisco Employees – Cisco IT is blocking various media ports on the corporate firewall. Please make sure you are utilizing a public connection when registering devices over MRA whether wireless or wired.

4. If you are connected to the Blizzard SSID or the Cisco LAN at a Cisco location, you will need to perform the following steps:
   1. Open a web browser and navigate to https://internet.cisco.com. Sign On with your Cisco corporate ID and password.

Figure 10. Internet Account Sign In

1. Click the Create Account icon.
2. Enter the account details for a guest account. It can be any name, email, and company. Be sure the Guest role is set to Guest. Click Submit.

Figure 11. Create Custom Guest Account

1. Disconnect from the Blizzard SSID. Connect to the internet SSID and log in as guest with the credentials you just created.

Figure 12. Wireless Network Options

5. Type in the demo user’s username with the suffix @collabedge-XXX.dc-YY.com and click Continue.

Figure 13. Cisco Jabber Demo User’s Username

6. On the next page, type in the user’s password. Do not check the Sign me in when Cisco Jabber starts option. Click the Sign in button.

Figure 14. Cisco Jabber Sign In

Your Cisco Jabber for Windows client should now appear connected via MRA. It should be reachable from any other endpoint and should also be able to perform video calls to any LAN, MRA, or B2B endpoint.

If you see the following output on your endpoint, you will need to access the VSC-C server (as admin/dCloud123!) and check the logs page as shown below:

Figure 15. Cisco MRA Registration Error on Software Client

Figure 16. Cisco VCS-C Server Event Log Access

Filter your entries based on the user ID which you tried to use to register the device.

Figure 17. Cisco VCS-C Server Event Log

If you see a similar output to what is shown above, with the Request failed message, please double check your configuration, the credentials you are using, the Wi-Fi or Ethernet status connection, and the router kit VPN connection. Check for any alarm in the VCS-C or VCS-E servers which could point to a different problem source. If all of these steps do not solve the issue, then you are most likely experiencing the bugs listed in this note.

The resolution for this issue is currently under investigation, but you can try below steps to remove the CUCM1 from VCS-C and add it back and then try the login to the Jabber Client.

If this issue continues and you cannot login to Cisco Jabber, we recommend that you shutdown and end this demonstration session and schedule a new session. This is an infrequent error, so we expect the new session should register MRA successfully. Alternatively, you can open a support case and request assistance from one of our support engineers through the Cisco dCloud Support page.

Login to the VCS-C at https://vcsc.dcloud.cisco.com or 198.18.133.152 as admin with password: dCloud123! using any of the demo workstations. If you want to use external laptop to make this change, you need to be connected to VPN for this change to make.

1. From home page Go to Configuration > Unified Communications > Unified CM Servers.
2. There should be already an entry for cucm1.dcloud.cisco.com.
3. Click on the entry, write down the values, and delete the entry.
4. Click New and add back the Cisco UCM using following details:
   1. Unified CM publisher address – 198.18.133.3 or cucm1.dcloud.cisco.com
   2. Username – administrator
   3. Password – dCloud123!
   4. TLS verify mode – Off
5. Click Add address. You can confirm that your endpoint is registered via MRA by checking that the Cisco Unified Communications Manager shows the endpoint IP address is 198.18.133.152, which is the same as the VCS-Control Server.

6. To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
7. Access the Cisco Unified Communications Manager server at https://198.18.133.3 and log in as administrator with password dCloud123!.
8. Click Device > Phone.
9. Search for a phone where Description contains *the username of the user you logged into Cisco Jabber for Windows* and click Find.

Figure 18. Cisco Unified CM Administration Actively Logged in Device Report

Another way to check is if you perform a call, for example to tadams@dcloud.cisco.com, you will see that call in the VCS logs. You can be sure you are using the Collaboration Edge pathway, if you see multiple legs in the call path. It will have the label Multiple Components under Protocol.

11. To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
12. Access the Cisco TelePresence VCS-C server at https://198.18.133.152 and log in as admin with password dCloud123!.
13. Click Status > Calls > Calls.

Figure 19. Cisco TelePresence Video Communication Server Control

Figure 20. Cisco TelePresence Video Communication Server Control Call Status

14. If you click the View link on the right, the call will be expanded to show all its components, demonstrating therefore that we have an MRA endpoint calling from outside the intranet.

Figure 21. Call Status Details

 

How to setup your Cisco Jabber for iPad and iPhone MRA device

1. Download Jabber for iPhone/iPad from App Store. The tested release was version 11.5.

2. Install it on your smartphone/tablet.
3. If this is a previously configured client, please reset it using the Reset Jabber option.

Figure 22. Reset Jabber

4. Connect the workstation to the Internet via any public connection. This can be your home wireless, a customer’s guest network, or any other public internet connection. If you are a Cisco employee please ensure you create the guest account on the Blizzard SSID and then connect to the guest network intranet SSID to run the demonstration.

Cisco Employees – Cisco IT is blocking various media ports on the corporate firewall. Please make sure your utilizing a public connection when registering devices over MRA whether wireless or wired.

5. If you are connected to the Blizzard SSID or the Cisco LAN at a Cisco location, you will need to perform the following steps. If you are at any other customer location you can skip this step.
   1. Open a web browser and navigate to https://internet.cisco.com. Sign On with your Cisco corporate ID and password.

Figure 23. Wireless Network Options

1. Click the Create Account icon.
2. Enter the account details for a guest account. It can be any name, email, and company. Be sure the Guest role is set to Guest. Click Submit.

Figure 24. Wireless Network Options

1. Disconnect from the Blizzard SSID. Connect to the internet SSID and log in as guest with the credentials you just created.

Figure 25. Wireless Network Options

6. Type in the demo user’s username with the suffix @collabedge-XXX.dc-YY.com and click Continue.

Figure 26. Cisco Jabber Demo User’s Username

7. On the next page, type in the user’s password (dCloud12345!) and do not check the Automatic sign-in Click the Sign in button.

Figure 27. Sign In

8. Your Jabber for iPhone/iPad client should now appear connected. If you get a Certificate not valid error, just click Continue. If you get a Cannot locate server error just click login again.

Your Cisco Jabber for iPad/iPhone client should now appear connected. It should be reachable from any other endpoint and it should be able to perform video calls to any LAN, MRA or B2B endpoint.

Figure 28. Cisco Jabber Client for iPad/iPhone

If you see the following output on your endpoint, you will need to access the VSC-C server and check the logs page as shown below:

Figure 29. Cisco MRA Registration Error on Software Client

 

Figure 30. Cisco VCS-C Server Event Log Access

Filter your entries based on the user ID which you tried to use to register the device.

Figure 31. Cisco VCS-C Server Event Log

If you see a similar output to what is shown above, with the Request failed message, please double check your configuration, the credentials you are using, the Wi-Fi or Ethernet status connection, and the router kit VPN connection. Check for any alarm in the VCS-C or VCS-E servers which could point to a different problem source. If all of these steps do not solve the issue, then you are most likely experiencing the bugs listed in this note.

The resolution for this issue is currently under investigation, but you can try below steps to remove the CUCM1 from VCS-C and add it back and then try the login to the Jabber Client.

If this issue continues and you cannot login to Cisco Jabber, we recommend that you shutdown and end this demonstration session and schedule a new session. This is an infrequent error, so we expect the new session should register MRA successfully. Alternatively, you can open a support case and request assistance from one of our support engineers through the Cisco dCloud Support page.

Login to the VCS-C at https://vcsc.dcloud.cisco.com or 198.18.133.152 as admin with Password: dCloud123! using any of the demo workstations. If you want to use external laptop to make this change, you need to be connected to VPN for this change to make.

1. From home page go to Configuration > Unified Communications > Unified CM Servers.
2. There should already be an entry for cucm1.dcloud.cisco.com.
3. Click on the entry, write down the values, and delete the entry.
4. Click New and add back the Cisco UCM using following details:
   1. Unified CM publisher address – 198.18.133.3 or cucm1.dcloud.cisco.com
   2. Username – administrator
   3. Password – dCloud123!
   4. TLS verify mode – Off
5. Click Add address. You can confirm that your endpoint is registered via MRA by checking that the Cisco Unified Communications Manager shows the endpoint IP address is 198.18.133.152, which is the same as the VCS-Control Server.
6. To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
7. Access the Cisco Unified Communications Manager server at https://198.18.133.3 and log in as administrator with password dCloud123!.
8. Click Device > Phone.
9. Search for a phone where Description contains *the username of the user you logged into Cisco Jabber for iPad/iPhone* and click Find.

Figure 32. Cisco TelePresence Video Communication Server Control

Another way to check is if you perform a call, for example to tadams@dcloud.cisco.com, you will see that call in the VCS logs. You can be sure you are using the Collaboration Edge pathway, if you see multiple legs in the call path. It will have the label Multiple Components under Protocol.

10. To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
11. Access the Cisco TelePresence VCS-C server at https://198.18.133.152 and log in as admin with password dCloud123!.
12. Click Status > Calls > Calls.

Figure 33. Cisco TelePresence Video Communication Server Control

Figure 34. Cisco TelePresence Video Communication Server Control

13. If you click the View link in the right, the call will be expanded to show all its components, demonstrating therefore that we have an MRA endpoint calling from outside the intranet.

Figure 35. Call Status

 

How to setup your Cisco IP Phone 88×5 MRA device

Cisco Employees – Cisco IT is blocking various media ports on the corporate firewall. Please make sure your utilizing a public connection when registering devices over MRA whether wireless or wired.

1. The Following Cisco IP Phones model 88XX are supported over MRA:
   1. Cisco IP Phone 8811
   2. Cisco IP Phone 8841
   3. Cisco IP Phone 8845
   4. Cisco IP Phone 8851
   5. Cisco IP Phone 8851NR
   6. Cisco IP Phone 8861
   7. Cisco IP Phone 8865
2. If you are using an IP phone that has wireless connectivity, follow the instructions in this step. If it does not, then you will need to connect the IP phone via LAN to a public internet connection. DO NOT connect your MRA devices to the Cisco corporate LAN.
   1. Connect the IP phone to the Internet via any public connection. This can be your home wireless, a customer’s guest network, or any other public internet connection. If you are a Cisco employee please ensure you create the guest account on the Blizzard SSID and then connect to the guest network intranet SSID to run the demonstration.
   2. If you are connected to the Blizzard SSID you will need to perform the remainder of this Step 1. If your IP Phone is connected via LAN, you can skip to Step 2 of this section.
   3. Open a web browser and navigate to https://internet.cisco.com. Sign On with your Cisco corporate ID and password.

Figure 36. Wireless Network Options

1. Click the Create Account icon.
2. Enter the account details for a guest account. It can be any name, email, and company. Be sure the Guest role is set to Guest. Click Submit.

Figure 37. Wireless Network Options

1. Disconnect from the Blizzard SSID. Connect to the internet SSID and log in as guest with the credentials you just created.

Figure 38. Wireless Network Options

3. To start the lab with a clean slate on your device and to prevent any issues from previous configuration, it is recommended to Factory Reset your 88×5 devices.
   1. 88×5 reset
      1. Unplug the power from the 88×5 and wait 5 seconds
      2. Hold the # button and plug the phone back in
      3. When the light on the Mute button turns off, press 123456789*0# in sequence
      4. After you press these buttons, the phone goes through the factory reset process. Do not power down the phone until it completes the factory reset process and the main screen appears
4. Wait for the phone to boot back up.
5. Next, add the unit to the Cisco Unified Communications Manager using the standard process of replacing the dummy MAC address with your endpoint MAC address. For more information on this procedure, see the Phone Provisioning Using Cisco Unified Communications Manager Show Me How.
6. Using the Keypad, enter Service domain provided by the Session Details tab in your dCloud session. The format will be collabedge-XXX.dc-0X.com.
7. Fill in the Username / Password based on the desired user.
8. Press the softkey button for Sign in.
   1. NOTE: With an 8800 phone firmware of v11+ you now can give the users a QR code to configure the MRA settings instead of requiring them to enter the information manually. Free apps are on the Apple and Android app stores to create QR codes. You can also use your computer to create QR codes. Once you find a QR creator app, continue with the demonstration.
   2. Generate a QR code with your sessions Service domain collabedge-XXX.dc-0X.com and username aperez
   3. Once you have a QR code hold it up to the camera of the 88×5. If successful, it will bring you to a login screen with aperez already listed in the Username box
9. Using the keypad, enter the Password as dCloud12345!.
10. Press the softkey button for Sign in.
11. The 88×5 should now be registered to Unified CM via MRA.

If you see the following output on your endpoint, you will need to access the VSC-C server and check the logs page as shown below:

Figure 39. Cisco MRA Registration Error on Hardware Endpoint

Figure 40. Cisco VCS-C Server Event Log Access

Filter your entries based on the user ID which you tried to use to register the device.

Figure 41. Cisco VCS-C Server Event Log

If you see a similar output to what is shown above, with the Request failed message, please double check your configuration, the credentials you are using, the Wi-Fi or Ethernet status connection, and the router kit VPN connection. Check for any alarm in the VCS-C or VCS-E servers which could point to a different problem source. If all of these steps do not solve the issue, then you are most likely experiencing the bugs listed in this note.

The resolution for this issue is currently under investigation, but you can try below steps to remove the CUCM1 from VCS-C and add it back and then try the login to the Cisco 88×5 IP phone.

If this issue continues and you cannot login to the Cisco 88×5 IP phone, we recommend that you shutdown and end this demonstration session and schedule a new session. This is an infrequent error, so we expect the new session should register MRA successfully. Alternatively, you can open a support case and request assistance from one of our support engineers through the Cisco dCloud Support page.

1. From the Cisco dCloud home page, go to Configuration > Unified Communications > Unified CM Servers.
2. There should already be an entry for cucm1.dcloud.cisco.com.
3. Click on the entry, write down the values, and then delete the entry.
4. Click New and add the Cisco UCM back in using following details:
   1. Unified CM publisher address – 198.18.133.3 or cucm1.dcloud.cisco.com
   2. Username – administrator
   3. Password – dCloud123!
   4. TLS verify mode – Off
5. Click Add address.
6. You can confirm that your endpoint is registered via MRA by checking that the Cisco Unified Communications Manager shows the endpoint IP address as 198.18.133.152, which is the same as the VCS-Control Server. To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
7. Access the Cisco Unified Communications Manager server at http://198.18.133.3 and log in as administrator with password dCloud123!.
8. Click Device > Phone.
9. Search for a phone where Description contains *your user name* and click Find.

Figure 42.. Cisco TelePresence Video Communication Server Control

10. Another way to check is if you perform a call, for example to tadams@dcloud.cisco.com, you will see that call in the VCS logs. You can be sure you are using the Collaboration Edge pathway, if you see multiple legs in the call path. It will have the label Multiple Components under Protocol.
11. To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
12. Access the Cisco TelePresence VCS-C server at http://198.18.133.152 and log in as admin with password dCloud123!.
13. Click Status > Calls > Calls.

Figure 43. Cisco TelePresence Video Communication Server Control

Figure 44. Cisco TelePresence Video Communication Server Control

14. If you click the View link in the right, the call will be expanded to show all its components, demonstrating therefore that we have an MRA endpoint calling from outside the intranet.

Figure 45. Cisco TelePresence Video Communication Server Control

 

How to setup your Cisco DX MRA device

Cisco Employees – Cisco IT is blocking various media ports on the corporate firewall. Please make sure your utilizing a public connection when registering devices over MRA whether wireless or wired.

1. If you are using a DX device that has wireless connectivity, follow the instructions in this step. If it does not, then you will need to connect the IP phone via LAN to a public internet connection. DO NOT connect your MRA devices to the Cisco corporate LAN..
   1. Connect the IP phone to the Internet via any public connection. This can be your home wireless, a customer’s guest network, or any other public internet connection. If you are a Cisco employee please ensure you create the guest account on the Blizzard SSID and then connect to the guest network intranet SSID to run the demonstration.
   2. If you are connected to the Blizzard SSID you will need to perform the remainder of this Step 1. If your IP Phone is connected via LAN, you can skip to Step 2 of this section.
   3. Open a web browser and navigate to https://internet.cisco.com. Sign On with your Cisco corporate ID and password.

Figure 46. Wireless Network Options

1. Click the Create Account icon.
2. Enter the account details for a guest account. It can be any name, email, and company. Be sure the Guest role is set to Guest. Click Submit.

Figure 47. Wireless Network Options

1. Disconnect from the Blizzard SSID. Connect to the internet SSID and log in as guest with the credentials you just created.

Figure 47. Wireless Network Options

2. To start the demonstration with a clean slate on your device and to prevent any issues from previous configuration, it is recommended to Factory Reset your DX devices.
   1. DX reset
      1. Open Settings
      2. Tap Backup & reset
      3. Tap Factory data reset
      4. Tap Reset device
      5. Tap Erase everything
3. After boot up from factory reset, you will be taken directly to the following screen.

4. At the Enter TFTP server screen, tap Expressway near the bottom.

Figure 48. TFTP Settings

 

5. Enter the Service domain provided by the Session Details tab in your dCloud session. The format will be collabedge-XXX.dc-0X.com.
6. Fill in the Username / Password based on the desired user.
7. Tap Sign in and proceed until the end of the initial configuration:
   1. Tap Allow and then I accept for the Cisco WebEx Meetings prompts
   2. Tap Skip four times
   3. Tap Continue
8. The DX should now be registered to Unified CM via MRA.

If you see the following output on your endpoint, you will need to access the VSC-C server and check the logs page as shown below:

Figure 49. Cisco MRA Registration Error on Hardware Endpoint

Figure 50. Cisco VCS-C Server Event Log Access

Filter your entries based on the user ID which you tried to use to register the device.

Figure 51. Cisco VCS-C Server Event Log

If you see a similar output to what is shown above, with the Request failed message, please double check your configuration, the credentials you are using, the Wi-Fi or Ethernet status connection, and the router kit VPN connection. Check for any alarm in the VCS-C or VCS-E servers which could point to a different problem source. If all of these steps do not solve the issue, then you are most likely experiencing the bugs listed in this note.

The resolution for this issue is currently under investigation, but you can try below steps to remove the CUCM1 from VCS-C and add it back and then try the login to the Cisco DX device.

If this issue continues and you cannot login to the Cisco DX device, we recommend that you shutdown and end this demonstration session and schedule a new session. This is an infrequent error, so we expect the new session should register MRA successfully. Alternatively, you can open a support case and request assistance from one of our support engineers through the Cisco dCloud Support page.

1. From the Cisco dCloud home page, go to Configuration > Unified Communications > Unified CM Servers.
2. There should already be an entry for cucm1.dcloud.cisco.com.
3. Click on the entry, write down the values, and then delete the entry.
4. Click New and then add the Cisco UCM back in using following details:
   1. Unified CM publisher address – 198.18.133.3 or cucm1.dcloud.cisco.com
   2. Username – administrator
   3. Password – dCloud123!
   4. TLS verify mode – Off
5. Click Add address.

6. You can confirm that your endpoint is registered via MRA by checking that the Cisco Unified Communications Manager shows the endpoint IP address as 198.18.133.152, which is the same as the VCS-Control Server.
7. To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.

11. Access the Cisco Unified Communications Manager server at http://198.18.133.3 and log in as administrator with password dCloud123!.

12. Click Device > Phone.

13. Search for a phone where Description contains *your user name* and click Find.

Figure 52. Find and List Phones

Another way to check is if you perform a call, for example to tadams@dcloud.cisco.com, you will see that call in the VCS logs. You can be sure you are using the Collaboration Edge pathway, if you see multiple legs in the call path. It will have the label Multiple Components under Protocol.

14. To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.

15. Access the Cisco TelePresence VCS-C server at http://198.18.133.152 and log in as admin with password dCloud123!.

16. Click Status > Calls > Calls.

Figure 53. Calls

Figure 54. Call Status

17. If you click the View link in the right, the call will be expanded to show all its components, demonstrating therefore that we have an MRA endpoint calling from outside the intranet.

Figure 55. Call Status