Two weeks ago WikiLeaks released Vault 7, a large collection of documents that they claim were taken from the CIA. While the CIA has not confirmed this release, there's little question that the leaked information comes from a nation state level intelligence service and contains extensive details regarding exploits and tradecraft targeting a wide variety of service providers, vendors, and equipment. Wikileaks has thus far attempted to redact detailed exploit information and has announced their intention to work with the impacted parties to address these vulnerabilities.
Jabber gives you and your team the freedom to be productive from anywhere, on any device. Cisco Jabber enables you to access presence, instant messaging (IM), voice, video, voice messaging, desktop sharing, and conferencing Instantly.
But Jabber can also be challenging. That’s why we’ve created this guide to help you get the most out of this tool.
By now you have likely heard about the "Clock Signaling Component" issue affecting a broad range of Cisco products. If you haven't a number of Cisco products are affected by an issue that will cause them to fail during normal operation, once they fail they will stop functioning completely and can not be powered back on. You can learn more about the affected devices on the notice page.
Your business uses Cisco Unified Communications Manager (CUCM) and has integrated Cisco Jabber for your team. How can you get more out of your Jabber tool? This post highlights several interesting features that are not widely used but will enhance your experience using Cisco Jabber.
Compiled by Steven Mulherron & Nathalie Bechbache Stack8 Project Management and Governance Office
For Engineering, Procurement and Construction (EPC) services firms, failure to maintain communication control is not an option.
Complex operations and data requirements, coupled with highly collaborative work processes, often between multiple on-site and off-site locations rely upon robust telecommunications and collaboration tools. These communication challenges are further compounded by the scope of deliverables, schedules, and price sets.
Inability to meet prescribed performance guarantees can put the future of the project at risk. In addition, performance and scheduled liquidated damages increase costs which can potentially eliminate or negatively impact profitability.
Apple is scheduled to introduce in its next major iOS release (after iOS 10 anticipated September 2017), a significant change that removes APIs that are required for handling calls and IM’s when the application is running in the background. What this means is that if Jabber is not opened in the foreground, the user will not be notified of incoming calls and IM messages.
On January 24, 2017, Cisco announced the next steps in their plan to reshape collaboration with their Cisco Spark platform. The event focused on two aspects: first, the unveiling of the new Cisco Spark Board and second, the (re-)launch of Cisco Spark Meetings as well as enhancements to the Cisco Spark application on all platforms.
Do not miss out receive expert tips and insights straight to your inbox!
There is a severe bug in the WebEx extensions for Chrome, Firefox and Internet Explorer (CVE-2017-3823) that enables an attacker to execute arbitrary code on a machine if a user with the plugin installed visits a hostile website. A trusted website may also contain a hostile ad or XSS vulnerability that can be leveraged in this attack. This plugin is installed on approximately 10 - 20 million user machines.
The Cisco Unity Provisioning Interface (CUPI) allows a UC Administrator to programmatically perform moves, adds, and changes to various entries in Cisco Unity (users, contacts, distribution lists, and call handlers) through a simple REST API.
The following article will provide instructions on how to perform a request to the CUPI API using Postman.
In part one, Doug Green publisher of TelecomReseller and Steven Karachinsky CEO of Stack8 discussed the role Stack8 plays in providing UC managed services. In part 2 they discuss alternatives to Cloud and hosted services, as well as what to expect from Stack8 in 2017.
Introduction by Doug Green publisher of TelecomReseller:
Based upon the TelecomReseller Podcast
Steven Karachinsky, Stack8’s CEO, thinks that there are ways to manage your enterprises Cisco resources to gain more productivity and to trim costs. Stack8 offers an extensive line of managed services, professional services and software solutions for Cisco Unified Communications, including Stack8’s portfolio of UC Managed Services.
Stack8’s approach includes proactive support for an enterprise’s entire UC infrastructure and its integrated applications.
Stack8 Technologies views itself as “a new breed of Cisco Solutions Partner.” The company’s founding partners wanted to create a business that would customize services to the needs of each customer. The company’s name reflects the idea of people, the people of Stack8, being the 8th layer of the OSI stack.
Montreal, CANADA, December 01, 2016 - Stack8, a leading provider of services and solutions for Cisco Unified Communications (UC), today announced its participation at Cisco Connect Montreal 2016, taking place December 7, 2016, booth #20 Palais des congrès de Montréal.
At this year's event, Stack8 will showcase its extensive line of managed services, professional services and software solutions for Cisco Unified Communications, including a sneak peek of its new UC Managed Services for Cisco Unified Communications.
The largest complaints callers have with regards to call centers is waiting on hold for an excessive period of time or navigating through an endless phone menu with hard-to-follow/lengthy prompts. In fact, social media is filled with sites that consumers can voice their criticisms: On hold with.
This problem is further compounded by organizations who have IVR (Interactive Voice Response) and ACD (Automated Call Distribution) technologies but only use the ACD component in combination with simple rules to route calls to agents. These shortcuts are often because of the costs or challenges associated with deploying.
Inevitably delivering the bare minimum queuing with no self-service results in overloaded agents, angry consumers and excessive queue times.
In today’s business environment, one thing is certain: all companies need to get the most out of their investments. And that includes investments made in technology. What happens when the time and resources required to manage your technology precludes you from progressing and getting value from your investments?
It’s a question that many companies face, and previously, not one that was easily answered.
But to get to the answer, we need to start with the problem. And without a doubt, one of the biggest problems facing businesses I speak with is finding the time to invest in and get the most out of their Unified Communications (UC) solutions. Why? They simply don’t have the staff or the bandwidth to turn on the full functionality of these vast systems. The multiple daily tasks that need to be done in order to keep things up and running prevent their highly trained/certified resources from delivering more value from their technology investments. Sound familiar?
Your company is a Cisco Unified Communications environment and you are having issues with registering phones to your environment. You verify the configuration on the Cisco Unified Communications Manager CUCM and everything seems okay, what are the possible issues preventing registration? How can I diagnose the issue?
Your Cisco phone is not registering to Cisco Unified Communications Manager CUCM.
In this blog post, we will explore 3 possible solutions to troubleshoot in order to identify and resolve the issue.
If you already have Cisco Expressway MRA and SIP URI dialing activated in your Cisco Unified Communications environment, then you should seriously begin to think about activating another very key feature within Cisco Expressway: Business-to-Business dialing.
This feature will bring your collaboration with your partners and customers to whole new level; allowing you to have audio and video calls with them as seamlessly as you do with your coworkers.
A big part of the configuration process for B2B calls is deploying public DNS SRV records that will allow your partners and clients to call you using your corporate domain.
Assuming you have all necessary ports on the firewall already opened. The following will take you through the steps required to effectively configure the B2B SIP URI dialing feature within Expressway.
Our support team received a call from a customer complaining that their next generation firewall (NGFW) was intermittently blocking access to their new voting website. As we were in the process of making firewall changes inside their environment and are responsible for the management of their network they turned to us for help.
The website was a vanity domain hosted at GoDaddy that redirected users to a deep link within another website. We accessed the site and confirmed that it was working properly and sending a 301 redirect as expected, it worked properly both inside their and our environment. We reviewed the firewall logs and found no indications that traffic was blocked by any firewall or IPS. The customer insisted that there was an intermittent problem accessing the website that seemed to affect some users at random.
In case you have not yet heard: Cisco Collaboration Systems Release (CSR) v11.5 applications are now available on Cisco.com: CUCM, CUC and IM&P 11.5 and have been posted.
One Important Note: CUCM 11.5 will no longer support the following 12+ years old phones:
Like most Cisco Unified Communications customers with the need to support some form of contact center within their organizations, you may have most likely deployed Cisco Unified Contact Center Express (UCCX), or perhaps its big brothers Packaged Contact Center Enterprise (PCCE) or Unified Contact Center Enterprise (UCCE). And again, like most Cisco contact center deployments, you have most likely initially focused on the essentials: getting your agents to answer customer calls! Now that this is out of the way, it’s time to take a deeper look under the hood of your Cisco contact center platform and realize its true potential: it can completely transform how you interact with your customers.
Although PCCE and UCCE platforms are great, this article will focus on UCCX. With the capacity to support 400 agents and as many concurrent IVR ports, UCCX fits most small and medium-sized organizations. At its core, it consists of four main modules all within the same box: an Interactive Voice Response (IVR) system, an Automatic Call Distribution (ACD) engine, a set of applications for Computer Telephony Integration (CTI), and a Reporting platform. At first glance, this may all seem relatively standard. However, what sets UCCX apart is its flexibility; at Stack8, we consider UCCX to be closer to a Telephony Application Development platform than a contact center product.
"The Future of Cisco UC: The URI Advantage" was a recent post that explained URI and the advantages of using it in your Unified Communications Environment. A directory URI is the abbreviation of Uniform Resource Identifier and its directory format is similar to an email address (username@host) where the host portion is an IPv4 address or a fully qualified domain name. One of the main advantages that was outlined in the above article was that by adding SIP URI integration in your dial plan or at least a URI directory adds significant flexibility. .
The following post, we take you through the step-by-step to setting up and activating URI dialing within a Cisco UC environment from mapping the Directory URI address to an email address to modifying display preferences.
Ransomware, as its name suggests is a malware that infects a system and locks the user out of their data unless a ransom is paid. The victim of such an attack is left powerless to recover their data as only a unique key can unlock the infected system. The user has a pre-set deadline to pay the ransom or risk permanently losing access to their data. This type of attack has seen a rise in occurrence since its rise to prominence in 2005. The field of Crytomalaware is in constant evolution because of the extremely profitable nature of these activities, the largest threat currently is Cryptowall 3.0 /Cryptolocker which usually spreads through phishing emails. The user clicks on a link, a Trojan is installed on the system which then delivers its payload by encrypting user data and displaying a locked out message.These attacks are now so prevalent that they account for $18 million in yearly revenue in the US alone and some estimates go up to $350 million worldwide according to a research done by The Cyber Threat Alliance (CTA). In the following sections, we will review some mitigation techniques about how to stay ahead of the curve to prevent this unfortunate scenario.
Why are we still talking about something that has been around since Call Manager 7.x? Why is a dial plan built around URI not more common place? Why is it still something most people only think about in reference to video?
At the outset, the purpose of the URI is exactly what the name states, a Universal Resource Identifier. For those unfamiliar with URI or SIP URI, it is basically an alphanumeric ID that is reachable across the web. It seems like a perfect fit with Cisco’s vision of an all-encompassing communication platform, and in large part it is. In concept, the goal is to have a single address at which to contact someone regardless of the medium you choose. In other words, firstname.lastname@example.org becomes my e-mail address, my instant messaging ID, my video call number, and yes even my phone number. Isn’t this what IP telephony and UC were built for?
Do you experience intermittent performance problems, particularly at branch offices? Do some applications “not work” and then self-resolve before you can address them? Limitations in path MTU may be the cause of your problems!
In today's networking environment, you may encounter situations where your traffic passes through a path with an MTU that is lower than the standard 1500 bytes, for example if you are using a PPPoE DSL or an IPSec VPN. If you are aware of a limitation in the MTU along a path you should use the IP MTU command on the interface facing this path to limit the MTU. This should be done as close as possible to the traffic source so that messages are sent back immediately informing the client of the limitations while reducing the chances of them being lost of ignored.
These network settings will result in packet fragmentation. Since TCP is a stream oriented protocol which handles packet re-ordering, as well as, the retransmission of lost packets, it should not suffer packet loss directly tied to fragmentation but will suffer a performance degradation.
However, on the other hand, UDP being a message oriented protocol, it does not have a built-in reordering or retransmitting mechanism, so fragmentation should be avoided. Further, when your traffic flows through devices that you have no control over nor visibility on such as sending traffic over the internet, then this should be avoided at all cost.
Your company is a Cisco Unified Communications environment and you are trying to identify an inbound call flow in order to diagnose an issue with hard facts. You ask yourself: "How can I find the call flow that is being accessed at the time of my issue?" This guide will help you diagnose two use cases:
- Erroneous call flows in Cisco Unity
- Toll Fraud.
Although we are focusing on these two particular cases these solutions can be used to diagnose a variety of issues .
You are unable to figure out what the inbound caller is dialing before and after they access your system (Unity, UCCX).
The Cloud Services Router 1000v (CSR) is one of Cisco's best kept secrets in the routing and security space. The CSR is an incredibly powerful product that's flexible, adaptable and offers almost limitless functionality at a very low price point. In some cases, this router will cost less to license than the ongoing support costs of the traditional router that they could replace. While infrequently positioned in these roles by VARs and account teams the CSR is surprisingly capable. In this blog post, we will review the advantages and limitations of the CSR in our experience using it on the routing and security side of the business although it's also starting to be used for some Unified Communications related roles.
Drive to 9… Drive to Collab… Refresh to Collab… If these terms are familiar to you it is probably because you have been contacted by your Cisco account team or your Cisco reseller to upgrade your Cisco Unified Communications (UC) environment. Cisco has facilitated the upgrade process by creating these promotions to reduce the cost of doing an upgrade. In the past, the cost may have been a prohibitive decision criterion in the upgrade process; although cost is always a consideration, in the case of a Cisco UC upgrade, it may be better as a secondary consideration if only because making the wrong upgrade decision could in fact be even more costly.
So what should be considered? Why should you upgrade? Why should you not upgrade?
There are really five criteria that should be considered when making the decision:
- manufacturer support,
- application bug fixes, and
- features and functionalities.
Your company is an avid Cisco Unified Communications user and you recently successfully integrated a fax server using H323. The fax server is configured and working fine, however, you see an issue when sending a fax to a specific destination. Why are other fax destinations working, but not this one? How can I identify the source of the problem? What can I do to fix the issue?
Often our first impression is to think that the issue resides with the destination. However, through investigation, when this issue came up with many of our customers, we often found that not to be the case; the issue actually resided at the origin and not the destination. We will explore the most probably causes to the problem and outline steps to resolving them.
Unable to fax to an isolated destination number; the other fax answers, but the transmission does not complete.
Many organisations today face a challenge in securing enterprise networks that were designed prior to internal segmentation and security becoming a primary concern. It is very difficult to retrofit security into a network design, especially when you want to avoid changing server configurations, minimize downtime and impact, maintain performance within existing network segments, and progressively phase in security rules. In this blog post, we'll discuss an approach we have developed and used for both new network deployments, as well as, retrofits.
Retrofitting security into a network design while avoiding server configuration changes, downtime and performance issues.
Your company is using Cisco Unified Communications and all is running smoothly until you suddenly receive a call from the receptionist that Emergency Services has just arrived at your front door following up on a 911 call that was made from someone inside the company and you need to find out who dialed the number. Or maybe you just received the monthly invoice from your Telco provider and you need to find out who has been repeatedly calling overseas to a country that you do not do business with. Does one of these situations sound familiar?
So what is the best way to find the answer to these questions? In both cases, the solution is to open Cisco Unified CM CDR Analysis and Reporting tool, export the raw data into an excel table then begin your forensic search for that needle in the haystack. The CDR extract is useful when you need to troubleshoot failed calls, find all long-distance calls or simply list all calls made by a specific individual for an HR related request. However, it is raw data and not formatted in a user friendly way; to make things even more challenging, Cisco Unified Communications Manager 10.5(2) or higher now includes 120 fields for each call, making a simple search request quite complex. So where do we begin?
Our challenge is to forensically identify specific search criteria in a simple and easy way without combing through massive amounts of data.
Once you have completed part 1 (Integrate any 3rd party provisioning application with your CUCM using Cisco AXL) and part 2 (Sending AXL Requests to Cisco CUCM with Postman), part 3 takes it one step further with direct access to the CUCM database with Cisco AXL.
Executing SQL queries against CUCM with Cisco AXL is the third and final part of our 3-part series on taking you through the steps to get the most from your CUCM using the Cisco AXL API. Once you have completed part 1 and part 2, part 3 takes it one step further with direct access to the CUCM database with Cisco AXL. Perhaps two of the most powerful things about the Cisco AXL API are the
executeSQLQueryReq and the
executeSQLUpdateReq functions. These features allow you to create, update and delete directly in the CUCM database.
For a complete view of the database schema, please consult the CUCM Database Dictionary.
To demonstrate this, we will show you the steps to query CUCM to find all the Directory Numbers that are inactive.
Sending AXL requests to Cisco CUCM with Postman is part 2 of 3 in our series taking you through the steps to get the most from your Cisco CUCM using the AXL API. This article assumes your CUCM has the AXL Service Enabled and that you have credentials for an Application User account with Standard AXL Access. Please read our part 1 post on integrating any 3rd party provisioning applications with your CUCM using Cisco AXL, if you require instructions on how to set that up before proceeding with part 2.
The Administrative XML Web Service (AXL) is an XML/SOAP based API that enables remote provisioning of Cisco Unified Communications Manager (CUCM) using any modern (and even not so modern!) programming language. We will be looking at how to quickly test your AXL API calls using Postman. This Google Chrome App is a great tool for developers or anyone who wants an easy way for testing any web APIs (including Cisco's AXL API). Now let's review the steps required to set up and install Postman then to send an AXL request to Cisco CUCM with Postman.
Cisco Unified Communication Manager gives you a set of essential tools that allow you to do most of the things you need to do with your system. However, there are times where these tools may not be the most effective or efficient to provision your CUCM. The following post is the first of a 3 part series that will take you through the steps to get the most from your CUCM using the Cisco AXL API.
This first one is on how to enable Cisco AXL service on your Cisco Unified Communications Manager (CUCM) System allowing you to integrate any 3rd party provisioning application such as SMACS.
The second article takes it a step further and shows you how to send your own AXL request to CUCM with the help of postman.
And the third of this series, for those who want to push even further and shows you how to execute SQL queries against CUCM through AXL.
More and more companies these days have mobile workforces: teams that work on the road or who have the ability to work from home. To help maximize efficiency and to make this mobility seamless to the individuals and the rest of the team Mobile and Remote Access (MRA) via Cisco Expressway is the key. Being able to use Cisco Jabber and IM&P help bring mobile collaboration to another level. However, there are times when this seamless mobility runs into a snag and an error occurs; one of the most common errors while using Jabber in MRA mode via Cisco Expressway is "cannot communicate with the server". Today's tip is about how to effectively troubleshoot this problem.
Cisco Jabber login error when trying to communicate using Mobile and Remote Access via Cisco Expressway: "cannot communicate with the server".
Many are those who have deployed Cisco Unified Communications (UC) within their organizations: IP phones, Unified Messaging, Jabber for instant messaging and presence, softphone capabilities, and much more. There is no shortage of great benefits to implementing UC… However, communication with the outside world is still limited to sub-par audio calls through the Public Switched Telephone Network (PSTN) and the use of UC applications such as Jabber are still mostly constrained within the company’s walls (or firewall) unless you run one of those cumbersome VPNs. Enter Cisco’s Collaboration Edge Architecture with, at its core, a single solution that does it all: Cisco Expressway.
On Tuesday, February 16th, Google's security team announced a significant vulnerability in glibc . The vulnerability relates to the handling of DNS packets, and many Cisco systems are vulnerable to it if an attacker can cause an affected device to perform a DNS lookup against an attacker-controlled DNS server. As many services (ssh, some web servers, mail servers) do perform these requests in an externally controllable fashion, the risk and exposure of this vulnerability are extremely significant.
Cisco released their advisory for this issue on the 18th. Because of the extensive use of Linux in newer switching and routing products, UC servers, and security and management appliances, the potential scope of the issue is vast. Cisco is presently still in the process of qualifying products to determine if and how they are affected.
Managing Cisco Unified Communications from a user-focused perspective is like building a house then managing the people in it. How you ask?
First, let us start by putting aside the technical complexity of Cisco Unified Communications (UC) environments, there is little doubt that managing these environments once they are in place, presents a significant challenge. What years of involvement in Cisco managed services has taught me is, if you thought getting Cisco applications implemented was the hard part, then you have got another thing coming. Think of it as building a house; step one, putting up the structure. With the right expertise, this is a usually a one time job and one that is handed off to properly skilled individuals to complete. Next is the ongoing maintenance and needs management of the people who live in the house; this is a completely different challenge altogether. Cisco UC is exactly the same; you can always engage a skilled Cisco services partner to deploy Unified Communications Manager, Unity Connection, Jabber, UCCX, UCCE and the underlying network infrastructure. Once the components of the UC environment are in place, that is when the real job starts. What happens with employee turnover? What happens with dial plan changes? Services Changes? Upgrades? Hardware changes? Provider integrations? On a positive note, it is never a bad time to begin thinking about your management approach. Lets go through some of the things you need to think about and answer in planning your user focused Unified Communications management approach.
CISCO CVE-2016-1287 VULNERABILITY PROBLEM
Yesterday Cisco released an out of band patch for an ASA vulnerability (CVE-2016-1287) that permits remote code execution for any ASA device enabled for IKE / IPSec.
You can validate if your configuration is affected using the following command:
show run crypto map | include interface
The Cisco advisory indicates that there is no way to mitigate this threat. There are a large number of vulnerable ASA firmware versions that have not and will not receive fixes. Customers should be aware of the difficulty in migrating from 8.2 to newer versions because of the complete restructuring of NAT rules.
Do you keep dropping calls in your Cisco Unified Communications System and can't figure out why? You are not alone. This is a problem I often troubleshoot for many of our clients. The first and most challenging step to resolving this issue is obtaining a log of the issue when it arrives to help you troubleshoot.
Some people may opt to use a syslog server in Cisco IOS, however, messages are carried over UDP so you can lose some of them or the rate limiting feature may not send all the information you need.
In my case, many of our clients do not have a syslog infrastructure and as we are managing multiple clients, I could not keep my computer connected to one specific client all day waiting for this intermittent failed call to reoccur.
I needed a simple and efficient way to identify the issue and capture all the log information to allow me to effectively troubleshoot the cause and fix the problem.
Obtaining a log of an intermittent failed call to the PSTN.
With the surge of emerging technologies, many companies are prone to getting the latest hardware and software they can get their hands on to improve their overall productivity and reduce costs.
However, one thing that is often neglected in this fast paced environment and that should be considered one of the most crucial aspect of a network's infrastructure is its security. Being aware of technology vulnerabilities is the first step in avoiding the infiltration of any unwelcome and malicious intruders that could lead to a devastating aftermath.
This leads us to this very important topic: how to mitigate the risk of attacks on Cisco IOS SIP gateways.
In this post, we will review the following:
- How intruders would go about doing reconnaissance on a network in planning an attack,
- How to check if your device is prone to fingerprinting, and
- How to implement corrective measures to tighten-up these weak spots, making your Cisco network more secure.
Your company is a Cisco Unified Communications environment and you have integrated Jabber for your internal Instant Messaging and Presence needs (IM&P). Someone at your company is trying to get in touch with you, but your Jabber status show as " Offline" even though you are logged in. How can I identify the source of the problem? What can I do to fix this issue?
This issue is usually a scattered occurrence and one that not everyone is able to observe, making troubleshooting a challenge.
Jabber status shows as "Offline" to others, even though you are logged in.