Webex Teams has been announced with the name Spark being retired.. We are seeing quite a few take ups with the whole hybrid deployment. Thought I’d jot down some of the key points to deploying hybrid with Webex Teams..
The whole hybrid deployment is based on a strong foundation of having the Collaboration Edge architecture embedded into your UC environment. Believe it or not, but this is half your battle with the hybrid deployment. If you can make B2B call from CUCM out through the expressway architecture thats great news.. if you can’t or the collaboration edge environment has not been deployed.. no biggie.. just ensure you focus on getting this B2B deployment right first.. this will make your life easier moving forward. I have done a couple of articles around the whole B2B experience..
The Webex Teams connector (spark connector) is simple to deploy. The expressway is associated in the Webex Team Admin console (Spark Control Hub), from here the connectors are downloaded to the expressway. For the Call Aware and Call Connector, you simply point to the CUCM using the application user created below. There are a couple of hoops to jump in terms of proving ownership of domain etc. Through the control Hub, you will also point to your expressway-e device using MTLS on port 5062.
So in saying that.. lets move onto the key components for CUCM. The main areas are around User Configuration.
Application User Creation
The Webex team expressway connector requires an application user with CTI and AXL rights. The below expands on the actual roles required by the application user.
Standard CTI Allow Control of All Devices
Standard CTI Allow Control of Phones Supporting Conf & xfer
Standard CTI Allow Control of Phones Supporting Rollover
Standard CTI Enabled
Standard TabSync User
Required Attributes for End Users
Webex Teams requires a few items to be configured in CUCM for Endusers in order to be ‘Webex Teams’ compliant and allow the Webex Teams ‘Control Hub’ to automatically create Webex Remote Destinations or CTI Endpoints essentially.
Required Items
- Enduser must control atleast one device or device profile.
- Must have Mobility Enabled
- Must have Primary Extension selected
- Must have following groups assigned to enduser
*Standard CTI Allow Control of Phones Supporting Conf & xfer
*Standard CTI Allow Control of Phones Supporting Rollover
*Standard CTI Enabled
- Home Cluster must be checked
- Line Appearance for controlled device/device profile must be selected.
Expressway-C (B2B) Key Points
Webex Traversal Client Zone
| Parameter | Value |
| Name | Webex_Traversal |
| Type | Traversal Client |
| Hop Count | 15 |
| Username | webex_traversal |
| Password | ***** |
| H.323 mode | Off |
| SIP mode | On |
| Port | 7007 |
| Transport | TLS |
| TLS verify | On |
| Accept proxied registrations | Deny |
| Media encryption mode | Force encrypted |
| ICE support | Off |
| Multistream Mode | On |
| SIP Poison mode | Off |
| Preloaded SIP route support | On |
| SIP Parameter preservation | On |
| Authentication Policy | Check credentials |
| Peer 1 Address | hostname_of_expressway-e_device |
CUCM Neighbour Zone
You’ll need to make some slight modifications to the CUCM Neighbour zone.
| Parameter | Value |
| Name | CUCM |
| Type | Neighbour |
| Hop Count | 15 |
| H.323 mode | Off |
| Port | NA |
| SIP mode | On |
| Port | 5065 |
| Transport | TCP |
| Accept proxied registrations | Allow |
| Media encryption mode | Auto |
| ICE support | Off |
| Multistream Mode | On |
| Preloaded SIP route support | Off |
| Authentication Policy | Do not check credentials |
| SIP Authentication trust mode | Off |
| Peer 1 Address | cucm-hostname |
| Zone profile | Custom |
| Monitor peer status | Yes |
| Call signaling routed mode | Always |
| Automatically respond to H.323 searches | Off |
| Automatically respond to SIP searches | Off |
| Send empty INVITE for interworked calls | On |
| SIP parameter preservation | On |
| SIP poison mode | Off |
| SIP encryption mode | Auto |
| SIP REFER mode | Forward |
| SIP multipart MIME strip mode | Off |
| SIP UPDATE strip mode | Off |
| Interworking SIP search strategy | Options |
| SIP UDP/BFCP filter mode | Off |
| SIP UDP/IX filter mode | Off |
| SIP record route address type | IP |
| SIP Proxy-Require header strip list | NA |
Append the below Search Rules to your Expressway-C Device.
Webex Outbound Search Rule
| Rule name | Webex Hybrid Outbound Call |
| Description | Webex Hybrid Calling |
| Priority | 70 |
| Protocol | SIP |
| Source | Named |
| Source Name | CUCM |
| Request must be authenticated | No |
| Mode | Alias pattern match |
| Patter type | Regex |
| Pattern String | .*@.*\.call\.ciscospark\.com.* |
| Pattern behaviour | Leave |
| On successful match | Stop |
| Target | Webex_Traversal |
| State | Enabled |
Webex Inbound Search Rule
NOTE: the pattern string must exactly match the first domain name in the Clustered Full Qualified Domain Name in the Enterprise Parameters page on CUCM.
| Rule name | Webex Hybrid Inbound Call |
| Description | Webex Hybrid Calling |
| Priority | 60 |
| Protocol | SIP |
| Source | Named |
| Source Name | Webex_Traversal |
| Request must be authenticated | No |
| Mode | Alias pattern match |
| Patter type | Prefix |
| Pattern String | hybrid.example.com.au |
| Pattern behaviour | Leave |
| On successful match | Stop |
| Target | CUCM |
| State | Enabled |
Expressway-E (B2B) Key Notes
Webex Traversal Zone
| Parameter | Value |
| Name | Webex_Traversal |
| Type | Traversal Server |
| Hop Count | 15 |
| Connection Credentials | |
| Username | webex_traversal |
| Password | ***** |
| H323 | |
| Mode | Off |
| SIP | |
| Mode | On |
| Port | 7007 |
| Transport | TLS |
| TLS verify mode | On |
| TLS verify subject name | hostname of expressway-c device |
| Accept Proxied registrations | Allow |
| Media encryption mode | Force Encrypted |
| ICE support | Off |
| Multistream Mode | On |
| SIP Poision Mode | Off |
| Preloaded SIP routes support | On |
| SIP Parameter preservation | On |
| Authentication | |
| Authentication Policy | Do not check credentials |
Webex DNS Zone
| Name | Webex_DNS |
| Type | DNS |
| Hop Count | 15 |
| H323 | |
| Mode | Off |
| SIP | |
| Mode | On |
| TLS verify mode | On |
| Fallback transport protocol | TLS |
| TLS verify subject name | callservice.ciscospark.com |
| TLS verify inbound mapping | On |
| Media encryption mode | Force Encrypted |
| ICE support | Off |
| Preloaded SIP routes support | On |
| Modify DNS request | On |
| Domain to search for | callservice.ciscospark.com |
| Authentication | |
| SIP authentication trust mode | On |
| Advance | |
| Include address record | Off |
| Zone profile | Default |
Webex Outbound Search Rule
| Rule name | Webex Hybrid Outbound Call |
| Description | Webex Hybrid Outbound Call |
| Priority | 100 |
| Protocol | SIP |
| SIP Variant | All SIP Variants |
| Source | Named |
| Source Name | Webex_Traversal |
| Request must be authenticated | No |
| Mode | Alias pattern match |
| Pattern Type | Regex |
| Pattern String | .*@.*\.ciscospark\.com |
| Pattern Behaviour | Leave |
| On successful match | Stop |
| Target | Webex_DNS |
| State | Enabled |
Webex Inbound Search Rule
| Rule name | Webex Hybrid Inbound Call |
| Description | Webex Hybrid Inbound Call |
| Priority | 100 |
| Protocol | SIP |
| SIP Variant | All SIP Variants |
| Source | Named |
| Source Name | Webex_DNS |
| Request must be authenticated | No |
| Mode | Any Alias |
| On successful match | Stop |
| Target | Webex_Traversal |
| State | Enabled |