Microsoft OCS and Cisco interoperability blog post

Filed Under: OCS, OCS R2, Communicator 2007 R2

Wednesday, December 09, 2009 12:41 PM

Repost from http://communicationsserverteam.com/

Interoperability support between Cisco and Microsoft products in unified communications

Cisco and Microsoft are competitors in the unified communications space, with very different visions and product approaches – I don’t think that’s going to come as a surprise to anyone.   Nor should it be a surprise that many customers have Cisco networking and telephony gear along with desktop, messaging and collaboration software from Microsoft and want our products to interoperate together well in the customer’s environment. 

To Microsoft, that means we want to offer customers software that runs great on Cisco networks.  With Office Communications Server’s support for the Cisco ISR platform, great support for DSCP packet marking to deliver QoS, VLAN tagging, and many more technologies, we are delivering a lot of capabilities so customers can get the most out of their Cisco network investments. 

We also look to interoperate broadly using open standards with Cisco products in unified communications.   As part of both companies’ commitments to our customers and shareholders, we’ve recently published a joint statement of interoperability for our products in unified communications, specifically addressing how Microsoft Office Communications Server and Cisco Unified Communications Manager work together across three different deployment scenarios, and what each company supports.  You can download that statement on the Microsoft site and yes the same document from the Cisco site.

The statement was drafted specifically with regard to Cisco of course, but an important point to remember is that Microsoft looks at interoperability across all of the vendors in a particular space – we don’t provide preferential treatment to support Cisco products or scenarios uniquely.  So the support statements we’ve crafted with Cisco, while applying directly to Cisco products, are founded on principles that can be applied to any vendor’s products in a given scenario.

The first scenario is Direct SIP, where Office Communications Server is a peer telephony platform to an IP-PBX and exchanges calls using SIP, without the use of an intermediate gateway.  A number of IP-PBXs have qualified for Direct SIP support with Office Communications Server by engaging through our Unified Communications Open Interoperability Program (UCOIP) to provide joint support.  In addition to that effort, Microsoft also tests IP-PBXs that have not engaged in the program, based on customer demand.  As such, we delineate between products that have been “qualified”, where the IP-PBX vendor engages through the UCOIP and both companies support the integration, and those that have been “tested”, where Microsoft solely does the testing and supports the configuration.  This is why you see some versions of Cisco Unified Communications Manager supported by Microsoft for Direct SIP, but not by Cisco.  Our customers have clearly told us it’s important to provide both programs, as many have older IP-PBXs that vendors may not choose to come through the UCOIP.  Those models Microsoft can test and potentially support (based on the IP-PBXs adherence to standard-based SIP), allowing customers to get more value out of their existing investments.

The second scenario is Remote Call Control (RCC), where the PBX station set (doesn’t have to be IP in this case) is controlled by Office Communicator.  Here, we don’t have a testing or qualification program – there are many PBXs and Gateways that support the ECMA TR/87 standard used by RCC and those products will work with Office Communicator, as we support the TR/87 interface.  Many PBX vendors will have a specific testing matrix for which middleware layer or CTI link is supported with Office Communications Server.  In addition, there are a variety of RCC gateways in the market from companies like CoreBridge, Estos and Genesys that further expand the diversity of PBX models and versions available.  Microsoft has announced the deprecation of the RCC feature for the next release of Office Communications Server, so new deployments of RCC will not be supported with the coming release.   However, customers who have existing deployments of RCC can upgrade to the next release and will continue to be supported through the lifecycle of that release – a good long time.

Finally, several PBX vendors have brought to market plug-ins to Microsoft Office Communicator that allow for Office Communicator to interact directly with a PBX environment. These plug-ins are built on top of the Office Communications Server APIs which provide an extensible platform for the development of communications integrated directly into business process applications, customizing the functionality of Office Communicator or Office Communications Server and much more.   Microsoft welcomes all vendors who build on our platform, whether they are Microsoft ISVs, Partners or traditional competitors in the unified communications space.  My colleague BJ Haberkorn has devoted an entire blog post to this, and specifically discusses the Cisco Unified Communications Integration for Microsoft Office Communicator, or CUCiMOC – don’t hesitate to check that out.

Finally, look forward to the dialogue - I’ll hound the blog for comments, or you can contact me directly at [sip | smtp] : jastark (at) microsoft.com

Jamie Stark

OCS Senior Product Manager

Doug Renner, CEO

drenner@peakipsolutions.com

Peak IP Solutions, LLC

www.peakipsolutions.com

Single Number Reach:  925-337-8660

NEW Address:  4683 Chabot Drive, Suite 380, Pleasanton CA, 94588

 

Great video on Copier (in)Security

----- Wow...pretty scary computer security risk in copy machines.  Personal data abound.  Be sure to clear your copier out before returning it.  Watch this 5 minute video for a CBS News report with the details.

http://www.wimp.com/copymachines/

Doug Renner

Peak IP Solutions, LLC

Cisco NAC Installation notes on VMware

This is an abbreviated notetaking of a freestyle NAC appliance installation...

We started out by settting up vmware host as Linux Other 32 bit. Installed Cisco NAC OS CD iso 2.7.2. The first server is the NAM or NAC Access Manager adn the second is the NAS or the NAC Access Server. The NAC acess server needed two nics. Both needed 1 GB of RAM. We also set up the NICS as E100 NICS. This seemed to help.

After booting up, the NIC's were all messed up. Had to shut down the eth1 interface, shut the eth0 interface bring backup eth0 and it replied.

could not add host nas server. error. Issue is with trust on self signed certs. Must import the cert for each server to each server.
go to;
https://NAS IP ADDRESS/Admin

why? because they remove all untrusted ssl certs. have to manually add the cert to each device. have to export nad import each way.

Manager. go to cca manager. ssl certs. trunsted cert authorities. IMPORT the cert from where you exported it to a file. now do the reverse.

go back to CAM Manager and now add the server. Should sync. had to down and up eth0 again for kicks...???? Hmmm. VMware???

manage device from the server tab.l
Enable L2 Strict mode [check]

Advanced Tab -- Mapping
now add all the vlans we will be monitioring. Since we are only monitoring one, the NIC on that vlan is already in teh list. if there were more we wouldhave to add them.
Added DHCP Scope and auto generated subnets



Back to Manager...

OOB Management Profiles -- Group -- NEW (adding switches) ADD
Devices -- New

snmp-server community public RO 15
snmp-server community public RO 15
snmp-server community publicRW RW 15
snmp-server enable traps snmp linkup
snmp-server enable traps snmp linkdown
snmp-server enable traps mac-notification change move threshold
snmp-server host 10.228.xxx.xx version 2c public

Devices - search- input ip range of switches to discover based on SNMP.

found em
SET up a port profile...
OOB Manaagement -- Profiles -- Ports
NEW Profile -- VLAN Settings -Auth Ports is what i called it.
VLAN id for the authvlan
Access Vlan is for a "Fail Open" situation
check all 3 bottom options - move to auth port.

set up ports and devices. set ports for auth

go to Administraton --- User Pages -- Edit the default page.
We imported an image and set some options.

From here we began to work with the SNMP strings and test some functionality. It seems that the server is quite grumpy on eth1 on the NAS server. the nic is not responding or giving out DHCP addresses as we configured it to do. We made a phone call for parachute help with our problem. The situation was relayed to us that the NAS Server secondary NIC should be on its own physical NIC. We didnt have another nic in our vsphere environment so we called it a night and will take it up later.

All good fun working with Doug from Cisco on the Cisco Clean Access NAC appliance. We at Peak IP Solutions really appreciate your help!

Cheers!

Doug

www.peakipsolutions.com

FW: SF Pac IT Pros: New attack bypasses EVERY Windows security product

Very interesting attack news... Be aware.

-----Original Message-----
From: Pacific IT Pros [mailto:mlk@pacitpros.org]
Sent: Tuesday, May 11, 2010 12:28 PM
To: Douglas Renner
Subject: SF Pac IT Pros: New attack bypasses EVERY Windows security product

Pac IT Pros members: Have you heard of the KHOBE - 8.0
earthquake for Windows? This is a update to an attack Windows security
products from several years ago. The new attack can bypass every Windows
security product tested and allow malicious code to make its way to your
system. The KHOBE attack, (Kernel HOok Bypassing Engine), leverages a
Windows module called the System Service Descriptor Table, or SSDT, which is
hooked up to the Windows kernel. Unfortunately, SSDT is utilized by
antivirus software. This attack does NOT need admin privileges. If you are
running as a standard user you are susceptible.

Below is a list of software known (at this time) to be
susceptible to a KHOBE attack.

I'm still gathering info, not sure how serious of a threat
this really is. If you have information please share it with Pac IT Pro
members at
http://www.pacitnews.org

http://www.pacitnews.org/2010/05/11/new-attack-khobe-bypasses-every-windows-
security-product/

Doug

* 3D EQSecure Professional Edition 4.2
* avast! Internet Security 5.0.462
* AVG Internet Security 9.0.791
* Avira Premium Security Suite 10.0.0.536
* BitDefender Total Security 2010 13.0.20.347
* Blink Professional 4.6.1
* CA Internet Security Suite Plus 2010 6.0.0.272
* Comodo Internet Security Free 4.0.138377.779
* DefenseWall Personal Firewall 3.00
* Dr.Web Security Space Pro 6.0.0.03100
* ESET Smart Security 4.2.35.3
* F-Secure Internet Security 2010 10.00 build 246
* G DATA TotalCare 2010
* Kaspersky Internet Security 2010 9.0.0.736
* KingSoft Personal Firewall 9 Plus 2009.05.07.70
* Malware Defender 2.6.0
* McAfee Total Protection 2010 10.0.580
* Norman Security Suite PRO 8.0
* Norton Internet Security 2010 17.5.0.127
* Online Armor Premium 4.0.0.35
* Online Solutions Security Suite 1.5.14905.0
* Outpost Security Suite Pro 6.7.3.3063.452.0726
* Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION
* Panda Internet Security 2010 15.01.00
* PC Tools Firewall Plus 6.0.0.88
* PrivateFirewall 7.0.20.37
* Security Shield 2010 13.0.16.313
* Sophos Endpoint Security and Control 9.0.5
* ThreatFire 4.7.0.17
* Trend Micro Internet Security Pro 2010 17.50.1647.0000
* Vba32 Personal 3.12.12.4
* VIPRE Antivirus Premium 4.0.3272
* VirusBuster Internet Security Suite 3.2
* Webroot Internet Security Essentials 6.1.0.145

Doug

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Doug Spindler
Pacific IT Professionals
http://www.pacitpros.org doug.spindler@gmail.com
925-258-6600

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pac IT News visit http://www.pacitnews.org
Pac IT Pros web site http://www.pacitpros.org

This email was sent to drenner@peakipsolutions.com. This email address is a member of the
following Pac IT Pros mailing lists: News,SF.
Manage your list subscriptions at http://www.pacitpros.org/Unsubscribe To
change your email address, unsubscribe and then re-join Pac IT Pros at
http://www.pacitpros.org/Join%20PacITPros