This page provides the steps needed to setup your Mobile and Remote Access (MRA) Endpoints for use in a Cisco dCloud Demonstration. The MRA endpoints are for corporate employees who are working remotely from a home office or other location.
The devices connect to the corporate network through the Collaboration Edge Architecture, which is reachable from anywhere on the internet. The Collaboration Edge Architecture is a pair of servers that spans the company network DMZ, connecting the internal corporate network with the public internet. Any communication from outside the corporate network is routed securely to the Unified Communications Manager without the use of VPN or other connection software.
Certificates handling
To setup our MRA device:
- Find the Public IP address and DNS A record for the VCS-Expressway server.
- In the dCloud UI, go to your active session and then click Details in the blue menu bar. Make a note of these values as you will need them for the rest of your demonstration.
- In the dCloud UI, go to your active session and then click Details in the blue menu bar. Make a note of these values as you will need them for the rest of your demonstration.
The DNS A record is in the form “vcse.(collabedge- or cb)XXX.dc-YY.com” and that the XXX and YY values will be required several times in the demonstration.
- Using an external laptop, open a web browser and navigate to your assigned VCS-Expressway homepage via its public IP address that you noted above. Click Add Exception to continue. We will install the security certificates for this VCS-E server so it is a secure location and allows your computer inside the internal network.
- Click on the security icon (the small lock) in the browser url box and choose View certificates. If using Internet Explorer, click Certificate error to continue.
- Click Certification Path
- Click the VeriSign certificate, click View Details, and in the pop-up window under Details, click the Copy to File… Save as a .cer file.
NOTE: If the Copy to File option is greyed out, but sure that you have added the website to the trusted addresses list in your web browser. If this still does not fix the issue, you can copy the .cer files for this website from the desktop of Workstation 2 in the Cisco Business Video Experience v2 demonstration. Continue with this Show Me How guide once you have copied these files.
- Follow the wizard and copy the certificate to your workstation. Follow the same procedure for the Symantec Class 3. We recommend choosing a location that is easy to find the files again, such as the machine Desktop.
You now have both the certificates on your workstation.
- Click the General tab and choose Install Certificate. Follow the wizard until you get a successful installation message. Install both certificates that you downloaded in the previous step.
How to setup your Cisco Jabber for Windows MRA device
There are several possible devices to use as an MRA communications device. The first is Cisco Jabber for Windows. We will be using a physical laptop to setup and configure this device to connect via the Cisco Collaboration Edge solution.
If you are using a Mac, you can follow these same instructions for installing Cisco Jabber for Mac. The screen shots will be slightly different, but the steps should work the same.
Configuring the Cisco Jabber for Windows Software
- Download Cisco Jabber for Windows from Cisco.com. The tested release was version 10.5.2.
- Install Jabber for Windows on your Windows workstation, the same one where you previously performed the certificates acceptance procedure.
- Connect the workstation to your dCloud router kit. If you are using WiFi, please be sure you are connected to the correct SSID (the one from your dCloud router-kit).
If this is a previously configured client, please reset it using File > Reset Jabber
- Next, click Advanced settings, choose the account Cisco IM & Presence and fill in the Server address tab with the demonstration Cisco IM & Presence address (198.18.133.4). Save your changes.
- Type in the demo user’s username with the suffix @(collabedge- or cb)XXX.dc-YY.com and click Continue.
- On the next page, type in the user’s password. Do not check the Sign me in when Cisco Jabber starts option. Click the Sign in button.
Your Cisco Jabber for Windows client should appear now connected.
- Do not perform any call at this stage, as the endpoint is not yet registered as an MRA device and video would not work bi-directionally. Instead, sign out by choosing File > Sign out.
- Next, connect the workstation to the Internet via any available public connection. This can be your home wireless, a customer’s guest network, or any other public internet connection. If you are a Cisco employee please ensure you are NOT connected to Cisco’s intranet SSID, use the guest network instead as shown below.
- If you are connected to the internet SSID at a Cisco location, you will need to perform the following steps:
- Open a web browser and navigate to https://internet.cisco.com. Sign On with your Cisco corporate ID and password.
- Click the Create Account icon.
- Enter account details for a guest account. It can be any name, email, and company. Be sure the Guest role is set to Guest. Click Submit. You can now log in as the guest to the internet SSID.
- Open the Cisco Jabber client and see that the demo username is already pre-filled. The domain information is not necessary anymore.
- Type in the user’s password and do not check the Sign me in when Cisco Jabber starts option. Click Sign In. If you get an error, press Sign In again. Your Cisco Jabber for Windows client should now appear connected via MRA. It should be reachable from any other endpoint and should also be able to perform video calls to any LAN, MRA or B2B endpoint.
You can confirm that your endpoint is registered via MRA by checking that the Cisco Unified Communications Manager shows the endpoint IP address is 198.18.133.152, which is the same as the VCS-Control Server.
- To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
- Access the Cisco Unified Communications Manager server at https://198.18.133.3 and log in as administrator with password C1sco12345.
- Click Device > Phone.
- Search for a phone where Description contains *your user name* and click Find.
Another way to check is if you perform a call, for example to tadams@dcloud.cisco.com, you will see that call in the VCS logs. You can be sure you are using the Collaboration Edge pathway, if you see multiple legs in the call path. It will have the label Multiple Components under Protocol.
- To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
- Access the Cisco TelePresence VCS-C server at https://198.18.133.152 and log in as vcsadmin with password C1sco12345.
- Click Status > Calls > Calls.
- If you click the View link on the right, the call will be expanded to show all its components, demonstrating therefore that we have an MRA endpoint calling from outside the intranet.
How to setup your Cisco Jabber for iPad and iPhone MRA device
- Download Jabber for iPhone/iPad from App Store. The tested release was version 10.5.1.
- Install it on your smartphone/tablet.
- Connect the device to your dCloud router kit SSID. The password for your router kit wifi network is in the demonstration dashboard under Session details.
- If this is a previously configured client, please reset it using the Reset Jabber option.
- Next, click Advanced settings, choose the account Cisco IM & Presence and fill in the Server address tab with the demonstration Cisco IM & Presence address (198.18.133.4). Save your changes.
- Type in the demo user’s username with the suffix @(collabedge- or cb)XXX.dc-YY.com and click Continue.
- On the next page, type in the user’s password and do not check the Automatic sign-in Click the Sign in button.
- Your Jabber for iPhone/iPad client should now appear connected. If you get a Certificate not valid error, just click Continue. If you get a Cannot locate server error just click login again.
- Do not perform any call at this stage, as the endpoint is not yet registered as an MRA device and video would not work bi-directionally. Instead, sign out by clicking Sign out.
- Connect the device to the Internet via any available public connection. This can be your home wireless, a customer’s guest network, or any other public internet connection. If you are a Cisco employee please be sure you are NOT connected to Cisco’s intranet SSID, use the guest network instead as shown below.
- If you are connected to the internet SSID at a Cisco location, you will need to perform the following steps:
- Open a web browser and navigate to https://internet.cisco.com. Sign On with your Cisco corporate ID and password.
- Click the Create Account icon.
- Enter account details for a guest account. It can be any name, email, and company. Be sure the Guest role is set to Guest. Click Submit. You can now log in as the guest to the internet SSID.
- Go back to the Jabber client, where the demo user’s username is already pre-filled. The domain is not necessary anymore.
- Type in the user’s password and do not check the Sign me in when Cisco Jabber starts option. Click the Sign in button. If you get the following error click the Sign in button again.
Your Cisco Jabber for iPad/iPhone client should now appear connected. It should be reachable from any other endpoint and it should be able to perform video calls to any LAN, MRA or B2B endpoint.
You can confirm that your endpoint is registered via MRA by checking that the Cisco Unified Communications Manager shows the endpoint IP address as 198.18.133.152, which is the same as the VCS-Control Server.
- To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
- Access the Cisco Unified Communications Manager server at https://198.18.133.3 and log in as administrator with password C1sco12345.
- Click Device > Phone.
- Search for a phone where Description contains *your user name* and click Find.
Another way to check is if you perform a call, for example to tadams@dcloud.cisco.com, you will see that call in the VCS logs. You can be sure you are using the Collaboration Edge pathway, if you see multiple legs in the call path. It will have the label Multiple Components under Protocol.
- To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
- Access the Cisco TelePresence VCS-C server at https://198.18.133.152 and log in as vcsadmin with password C1sco12345.
- Click Status > Calls > Calls.
- If you click the View link in the right, the call will be expanded to show all its components, demonstrating therefore that we have an MRA endpoint calling from outside the intranet.
How to setup your Cisco TelePresence EX MRA device
- Connect your unit to any Internet point of access, such as a home, hotel, or customer’s LAN that is NOT connected to your Cisco dCloud demonstration.
- From a laptop connected to this same network, browse to the web interface for the TelePresence device. The web interface address for the TelePresence device is the same as the device’s IP address. Sign in with your device’s admin username and password. The default login is username admin with a blank password.
- If this unit was previously used for other purposes you may need to reset it, maintaining only the options and activation keys. Resetting the device will help to avoid any misconfiguration due to previous settings.
In the next section, you will be installing the Collaboration Edge certificates on your TelePresence device. You will only need to install these certificates on your device one time, no matter how many Collaboration Edge enabled demonstrations you run. If you have already installed these onto your device you can proceed to the device configuration section.
Your device must use TC software version 7.0.2 to register via MRA in this demonstration. If your device is not at that software level and you do not have access to it, you can find a copy of TC7.0.2 on the Workstation 2 desktop. The file name is s52000tc7_0_2.pkg. You can access this file directly from your endpoint LAN or you can download it to your PC first and use it locally. An FTP server is available on Workstation 2 for this purpose. Access it at Start > All Programs > 3CDaemon > 3CDaemon. Perform this upgrade/downgrade to TC7.0.2 before continuing to the next step.
- Once reset, you can access the security settings by clicking Configuration > Security.
- Once you have browsed to this menu, click the CAs tab. No Certificate Authorities may be available in the list; therefore you will need to add the certificates from your Cisco dCloud demonstration.
- Click the Browse.. button and in the pop-up window choose one of the certificates you downloaded at the beginning of this Show Me How.
- Click Open. This will return you to the device CAs tab. Click Add certificate authority.
- Repeat the previous steps in order to add the second certificate. When both certificates are installed on the TelePresence unit, you should reboot it.
You can now proceed with the device configuration either via GUI or via the touch panel. If you are using a C series endpoint, you may also use the remote controller instead.
- First, add the unit to the Cisco Unified Communications Manager using the standard process of replacing the dummy MAC address with your endpoint MAC address. For more information on this procedure, see the Phone Provisioning Using Cisco Unified Communications Manager Show Me How.
- On the unit touch panel, press the Settings option in the main menu.
- Press the Administrator menu option.
- Log in with your admin credentials. The default login is username admin with a blank password.
- Choose the Provisioning tab and press Start.
- Choose the Cisco UCM via Expressway option and press Next.
- Fill in the required information in the configuration fields, making sure you use your assigned VCS-Expressway DNS A record for the External Manager, and then press Register.
- The unit will try to register to the VCS-Expressway.
- You may get the following errors:
- If you do see these errors, please re-enter the requested information and press Register again, until you get a successful registration message. We suggest you wait a few minutes between registration attempts.
- Press Ok.
You can confirm that your endpoint is registered via MRA by checking that the Cisco Unified Communications Manager shows the endpoint IP address as 198.18.133.152, which is the same as the VCS-Control Server.
- To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
- Access the Cisco Unified Communications Manager server at http://198.18.133.3 and log in as administrator with password C1sco12345.
- Click Device > Phone.
- Search for a phone where Description contains *your user name* and click Find.
Another way to check is if you perform a call, for example to tadams@dcloud.cisco.com, you will see that call in the VCS logs. You can be sure you are using the Collaboration Edge pathway, if you see multiple legs in the call path. It will have the label Multiple Components under Protocol.
- To check this, log in to one of the demonstration workstations or a laptop connected to the demonstration.
- Access the Cisco TelePresence VCS-C server at http://198.18.133.152 and log in as vcsadmin with password C1sco12345.
- Click Status > Calls > Calls.
- If you click the View link in the right, the call will be expanded to show all its components, demonstrating therefore that we have an MRA endpoint calling from outside the intranet.