THE STACK

Recently, Rich Tehrani the CEO of Technology Marketing Corporation (TMCnet) sat down with Steven Karachinsky, the CEO of Stack8 to discuss the changing role of Unified Communications for organizations and the role Stack8 is playing in it.

To read the complete interview, please visit the TMCnet site

When it comes to UC, quite often, integrators leave when a system is technically up and running, not when it is optimally running. Stack8 was founded in 2010 to address this gap by bringing enterprise UC systems closer to what they could be doing from what they are doing.

In a previous article, we discussed the changing regulations and compliance issues affecting organizations that process or transmit credit card information.

While most every company that process online credit card payments have placed a lot of effort and time into becoming compliant with the Payment Card Industry Data Security Standard (PCI DSS). Many do not put as much effort into the challenges that they must meet on an annual basis which is to remain compliant. 

Of the many compliance requirement challenges one of the most laborious and time-consuming tasks is the quarterly PCI compliance scan. 

So you are thinking of moving over to SIP trunking because the person who rides on the bus next to you keeps on telling you how much money his company is saving. While this attribute of SIP trunking is very appealing, the benefits of moving to SIP can be far more than just economic. In this article, we will look at the five key benefits of SIP Trunking for your business communications strategy. 

Maybe I am dating myself, but I remember the days when we would draft all of our meeting ideas on an easel, with a giant pad of white paper. Inevitably one person would be assigned to tear off the paper and store these massive sheets at their desk, only to be forgotten and then thrown out never to be looked at again. Sometimes the good old days were not always the good old days. 

A company-wide rollout of any new application including Cisco Jabber can be fraught with challenges that may or may not be readily apparent to the organization. Even small issues can potentially jeopardize the success of an entire project. For this article, we will look at how proper planning and modeling can help eliminate these issues before they become big. 

Every day my calendar is filled with meetings. I can take little solace in knowing that I am not unique when it comes to meetings because they take up a substantial chunk of most people’s working lives. In fact, according to a Harris Poll that appeared in The Atlantic, the average employee spends close to 40% of their working days in meetings. And these trends will not change anytime soon; in fact, they will most likely grow. 

This original article was written by Michelle Burbick the Associate Editor and blogger for No Jitter.  To read the complete article, please visit No Jitter 

To get my UC&C fix at last week's Cisco Live customer and partner event, which primarily focused on networking and security, I headed to the "Collaboration Village" on the expo floor. There I caught up with the following four (new to me) companies. Read on for a snapshot of each company and how it differentiates itself...

The proper workspace, or meeting room, is a key requirement to having productive, collaborative work sessions. Users need the right sized space; the right room features and shouldn’t struggle with the logistics of booking these spaces. 

We have all been in the situation where we are forced book a smaller room than is needed because there is nothing else available. Then as you make your way to your meeting, you walk past countless meeting rooms where half the seats are empty, any one of which could have easily used your smaller room allowing you to conduct your meeting in a suitably sized space. 

As part of its Meeting Solutions portfolio, the Stack8 team has created the Intelligent Booking System using Webex Teams, Proximity, Exchange & Graph. The Intelligent Booking System is designed to ensure optimal utilization of your meeting rooms while facilitating the process of booking them. It’s like having someone proactively overseeing your room bookings to ensure the greatest ROI on your meeting room investments.

 Join Stack8 at Cisco Live 2018, Collaboration Village – Pod C:17

Montreal, CANADA, June 06, 2018 - Stack8, a leading provider of managed and professional services and proactive automation solutions for Cisco Unified Communications (UC) applications, today announced its participation at Cisco Live 2018, June 10-14, 2018, at the Orange County Convention Center. 

With Cisco Live right around the corner, the Stack8 development team has sprinted to the finish line with the delivery of Stack8 Moves, Adds, and Changes System (SMACS) Version 5 provisioning solution for Cisco UC.

This new release brings together all kinds of automation goodies with Active Directory while keeping the simplicity and user-friendliness SMACS users have come to know and love. 

Cisco Spark, the app-centric, cloud-based collaboration, and communications suite is being re-branded as Cisco Webex Teams, while WebEx is to be re-branded as Webex Meetings. 

Speaking April 18^th at the Cisco Collaboration Summit 2018 show in Phoenix, AZ., Rowan Trollope, Senior Vice President and General Manager of Cisco's Applications announced the name change as part of its new Webex portfolio of products. 

Webex will be repositioned as the umbrella name for the company's entire collaboration portfolio consisting of Webex Meetings (formerly WebEx), and Webex Teams (formerly Spark). 

Now before we continue, yes it is Webex, not WebEx, the removal of the capitalized “E” is part of the new look and feel. 

In this article, we will highlight some of the essential aspects of this re-branding including reasons behind the changes. We will also discuss some of the new features and functionalities of both Webex Meetings and Webex Teams.

If you are a sports fan like me, particularly American football, the number 12 is synonymous with excellence. From Joe Namath, Terry Bradshaw and Jim Kelly to Tom Brady, the number 12 is identified with some of the best players ever to hit the field.

Recently, Cisco released Jabber 12. In this article, we will look at all that is exciting and new in Jabber version 12.0, and see if it lives up to the magic of the number 12.

You have the unenviable task of assembling the bookcase that you bought and have left in the middle of your living room since it was delivered more than a month ago. You quickly realize that the instructions which say that the entire bookcase can be assembled with a single screwdriver is way beyond your mechanical prowess. You go online and start a chat conversation with the customer services department, and when the agent asks which bookcase you are asking about and what your order number is, your mind goes blank, and the only thing you can type is “The #$%$^ one that I cannot assemble.”

Contact Center Solutions like Cisco UCCX are designed to deliver a highly secure, available, virtual, and sophisticated customer interaction management solution for your agents. 

However, as with any technology, advancements happen at a rapid pace. This guide of Tips and Insights is designed to assist organizations who are looking at improving adoption and efficiency of their contact center solution.

Update:

Push Notifications are required both for Cisco Jabber for iPhone and iPad clients that connect from within the enterprise network as well as for clients that register to an on-premise deployment via Expressway's Mobile and Remote Access (MRA) feature. 

Hi, I'm Benoit, one of the new guys on Stack8's Incident Management team. Our team is always looking for new ways to improve our process in an effort to make things better and easier for our customers. Today I will explain how we leveraged the SMACS API to automate deprovisioning requests in Cisco CUCM and Unity. 

Stack8 named in the Pioneer 250 category on CRN’s 2018 Managed Service Provider 500 list 

Although reading long documents and procedures on Cisco.com is always fun (!), we thought we could sum up the configuration of Smart Licensing on a Cisco CSR1000v virtual router in a quick blog post for those of us who simply need to “get things done.” 

By now you've almost certainly heard about CVE-2018-0101, an unauthenticated, remote code execution vulnerability affecting Cisco ASAs. If you haven't, you should start planning to apply the update immediately to the ASAs in your environment. This vulnerability affects all ASAs that are configured to handle AnyConnect or clientless VPN connections. Some initial discussion in the security groups suggested that only clientless VPN was affected however this is not the case.

Few people would write up a security vulnerability 19 days after it was announced, but in the case of Spectre and Meltdown (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754) each day that we've waited has brought new developments and additional information for us to consider, consolidate and present to our customers and blog community.

Readers who follow security news are already aware that the Spectre and Meltdown issues are substantial threats that have severe impacts on security. The vulnerabilities allow processes to read memory information that should not be accessible to them. User processes can access information from other processes and the kernel, in a virtualized environment they can also access information on the host and potentially other guests.

Cary Goldwax brings over 20 years of operational leadership experience to help foster Stack8’s growth initiatives

Montreal, CANADA, January 16, 2018 - Stack8, a leading Cisco Unified Communications (UC) and Networking services and solutions provider announced today it has expanded its leadership team with the appointment of Cary Goldwax as Vice President Operations. Mr. Goldwax will be responsible for capitalizing on operational opportunities and building Stack8’s growing technical services teams, at both strategic and operational levels.

Special thank you to Ben Petroff and the Stack8 Managed Services team for their expertise with Cisco Expressway  

Earlier this spring, Cisco had announced a denial of service (DoS) vulnerability affecting CUCM 10.x and 11.x, which we discussed in a previous blog post entitled: Important DoS Vulnerability for CUCM 10.x and 11.x "cisco-sa-20170419-ucm"

Cisco has recently announced that Cisco Expressway and TelePresence Video Communication Server (VCS) are also affected by a similar DoS vulnerability. Advisory ID “cisco-sa-20170816-vcs” (CVE-2017-6790) explains that an unauthenticated, remote attacker could send excessive SIP traffic to the device and cause a complete DoS condition on the targeted system.

New Vice President of Sales will expand Stack8’s market footprint and meet the needs of its growing customer base

Montreal, CANADA, December 05, 2017 - Stack8, a leading Cisco Unified Communications (UC) and Networking services and solutions provider today announced the appointment of Marc Blanchette as Vice President of Sales, effective immediately. In his expanded role, Marc will be integral in leading and expanding the company’s sales team to support its continued growth. Marc is responsible for getting the word out to Cisco Collaboration and Networking customers across North America that there’s a “Better Way” to capture all of the value from the amazing technology that they have invested in.

In this third article, we will expand upon what we learned in part 1 and part 2 regarding Jabber and how to renew your CA-signed certificates. In this final article, we will examen the certification process within Cisco Expressway.

It is important to note that for Jabber Mobile and Remote Access (MRA) feature as well as for Business to Business calls (B2B), it is mandatory to have a CA-signed certificate on the Expressway-Edge node. On the other hand, there is no such requirement for Expressway-Core. However, Stack8 recommends a CA-signed certificate to be used on both Expressway servers.

Another requirement is to cross upload all Root and Intermediate certificates on both nodes in order for the Secure Traversal Zone to be active and communication between two Expressway nodes to work.

Do not forget to verify, every time you renew your certificates, if there is a change on the Root or any of the Intermediate certificates and Upload all new chain certs in the Trusted Certificates section of the server.

Cisco Jabber gives you and your team the freedom to be productive from anywhere, on any device. Jabber enables you to access presence, instant messaging (IM), voice, video, voice messaging, desktop sharing, and conferencing Instantly.

Offboarding a user in Cisco CUCM can be challenging and time consuming for most organizations. This video will demonstrate multiple methods to easily remove services and offboard a user in less than a minute by using SMACS.   (Stack8 Moves, Adds and Changes System). 

In a recent consulting engagement, our Professional Services team needed to help build a VPN connection between a series of Cisco Routers and a Google Cloud environment. We were surprised to discover that at the time we completed the project, Google did not provide a configuration guide for this common configuration type and wanted to share our experience building the connection. They have since added documentation for IKEv2 based ASR configurations. Our post highlights some important architectural details as well as the configuration requirements (tunnel mode, phase 2 timers) for the tunnels. It also makes use of an inner VRF, unlike Google's example.

Provisioning users and services within Cisco CUCM can be a challenge. This video offers the viewer an introduction to SMACS (Stack8 Moves, Adds and Changes System) and shows you just how easy to perform moves, adds and changes  within Cisco UC applications.  

Let’s talk monitoring! Monitoring solutions more often than not end up being one of those install and forget type of technologies that generally leave us wanting more.

Unified Communications Monitoring systems can be so much more than break/fix solutions and should be used in everyday troubleshooting as a way to reduce the amount of effort your resources spend on a wide variety of problems.

Early yesterday morning a collection of major vulnerabilities in most implementations of WPA2 was made public. The impact of this set of attacks, known as KRACK (Key Reinstallation Attack) is severe, allowing decryption of wireless traffic and, in some cases, traffic modification. You can find out more details on this attack at the website created by the discoverer and in the research paper Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. Cisco is beginning to release updated firmware for their affected products. You can use this CERT page to find security updates from all the different impacted vendors.

Cisco has recently publicly released the latest version of their Collaboration Systems Release (CSR), 12.0. Although not the most innovative release of Cisco’s on-premise Unified Communications (UC) solution (with most R&D efforts going into the cloud-based Cisco Spark platform nowadays), there are still notable new features and changes worth mentioning.

Join Stack8 at Cisco Connect Toronto, Booth #38 at the Toronto Congress Centre

Montreal, CANADA, October 11, 2017 - Stack8, a leading provider of managed and professional services and proactive automation solutions for Cisco Unified Communications (UC), today announced SMACS 4.0,  UC provisioning tool at Cisco Connect Toronto October 12^th at the Toronto Congress Center.

Faster, more powerful and simpler than ever SMACS 4.0 takes the guesswork out of UC provisioning

Montreal, CANADA, October 05, 2017 - Stack8, a leading provider of managed and professional services and proactive automation solutions for Cisco Unified Communications (UC), today announced the release of SMACS 4.0,  a complete redesign of its Stack8 Moves, Adds, and Changes System (SMACS) user provisioning tool. 

Faster, more powerful and simpler than ever!

The Stack8 development team has been hard at work on the release of SMACS version 4.0 User Provisioning Software. We are always focused on delivering the latest innovations that our customers need to simplify user provisioning while increasing the speed of deployment.

The look and feel have undergone a massive makeover while maintaining the ease of use which makes SMACS such a powerful UC user provisioning tool today. The new 360º View gives you a quick and convenient view of the various services your users currently have.

Many organizations enforce password policies to protect their user's network & domain accounts. One credential that is often overlooked is the Unity Connection voicemail PIN, which can have costly consequences to your phone bill.

On September 5th a critical vulnerability  affecting the Apache Struts 2 framework was made public with the release of an updated version 2.5.13. 

There is already publicly available exploit code for metasploit circulating for this vulnerability (be careful if you use this code, we can't vouch for its security and early release exploit code sometimes targets the user). 

Depending on the type of organization you work for, your Unified Communications (UC) systems may be required to be PCI compliant. This is generally the case when credit card transactions are processed on the phone, as is the case in some customer service contact centers. The new release of the Payment Card Industry Data Security Standard (PCI DSS), version 3.2, introduces many significant changes that you should be made aware of. Although the changes in PCI DSS version 3.2 are vast, for this article, we will focus on the new aspects of the standard that directly affect UC systems, namely the migration from Secure Sockets Layer (SSL) and early Transport Layer Security (TLS) versions.

Cisco Unified Communications Manager (CUCM) is an IP-based communications system integrating voice, video, data, and mobility products and other applications. It enables more effective, secure communications and can transform the way in which we communicate.

Introduction by Doug Green, Publisher of TelecomReseller
Based upon the TelecomReseller Podcast

The lights are on; the servers are working. This, according to Steven Karachinsky, is where many end users operate today. The experience is sound and satisfactory. It could be better.

In this article, Steven Karachinsky discusses how to take a network from a B to an A plus experience. We discuss how Stack8 is delivering a simplification of processes and readying customers to leverage Unified Communication technologies through Managed Services into new frontiers.   

Montreal, CANADA, July 13, 2017 - Stack8, a leading provider of Managed Services and proactive Automation Solutions for Cisco Unified Communications (UC), today announced that Gartner had listed Stack8 as an Independent UC Managed Services (UCMS) Provider in the June 2017 report “Make Better Choices for Unified Communications Managed and Professional Services.”

The full report is available on the Gartner website.

According to Gartner, “Because Managed and Professional UC Services include such a wide range of providers and approaches to delivering and running UC environments, enterprise IT buyers are often challenged with identifying and selecting appropriate providers.”

Today’s blog post is a special one for us at Stack8. We are honored to be presenting a post written by a fellow UC expert Abhijit Bhowmick who graciously reached out and told us that he wanted to create the following article for everyone to read.

The Unified Communications (UC) landscape had been changing quite fast, as the interoperability of multiple standards has become more confusing. This poses serious business and technical decisions for the customer as to which way to move forward. Which vendor to go for, which type of solution to deploy?

With all of the concern this week regarding "WannaCry" ransomware, we decided to deviate from our standard Tips and Insights to explain what is happening and our view on the situation and it's root causes.

“WannaCry” is the security story of the moment, and, hopefully, the year. There's a lot of the year left, but this worm has already caused an impressive amount of damage. Thankfully, due to the quick actions of a malware researcher in the UK registering a kill switch domain, the worm was shut down just as it was getting started. Were it not for those quick actions combined with limited exposure of SMB shares directly to the Internet this attack could have taken off like “code red” or “slammer.”

Diagnosing problems in your Cisco unified communications dial plan can be difficult as there are a large variety of ways in which it can be broken and generally, to identify these, a solid base understanding of the underlying features is required. With that said, let’s look at the base of your UC dial plan and a few problems that could arise at this level.

At its base, Cisco Unified Communications Manager (CUCM) is built upon Partitions and Calling Search Spaces. We need to understand how these interact before we can hope to solve any issues with our dial plan.

An important vulnerability, ID “cisco-sa-20170419-ucm”, "CVE-2017-3808" has been announced this week for Cisco Unified Communications Manager. This vulnerability in the SIP UDP throttling process of CUCM could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Such an attack could have a severe impact on an organization’s ability to make or receive calls since CUCM is at the core of any Cisco Unified Communications infrastructure. 

One of the pain-points most contact centers experience is abandon rates - callers who simply get tired of waiting for an available agent to service their call, and disconnect. The result is that the customer is dissatisfied with the experience, and the contact center experiences an abandoned call - calls that drop from the queue. The caller's intention was never satisfied, and the caller may, or may never call back.

Traditionally, enterprise dial plans for organizations running Cisco Unified Communications Manager (CUCM) were structured in a simple fashion. Each user would get assigned with an internal extension (aka Directory Number), usually 4 to 6 digits long. Users would also get assigned with an externally reachable phone number (aka DID, or Direct Inward Dial).

If you sync your Cisco Unified Communications Manager (CUCM) to an enterprise directory, such as Microsoft Active Directory, and the phone format is entered in a fancy “human-friendly” way, users with SIP-based phones will have some issues to dial.

The threat
Two weeks ago WikiLeaks released Vault 7, a large collection of documents that they claim were taken from the CIA. While the CIA has not confirmed this release, there's little question that the leaked information comes from a nation state level intelligence service and contains extensive details regarding exploits and tradecraft targeting a wide variety of service providers, vendors, and equipment. Wikileaks has thus far attempted to redact detailed exploit information and has announced their intention to work with the impacted parties to address these vulnerabilities.

Jabber gives you and your team the freedom to be productive from anywhere, on any device. Cisco Jabber enables you to access presence, instant messaging (IM), voice, video, voice messaging, desktop sharing, and conferencing Instantly.

But Jabber can also be challenging. That’s why we’ve created this guide to help you get the most out of this tool.

By now you have likely heard about the "Clock Signaling Component" issue affecting a broad range of Cisco products. If you haven't a number of Cisco products are affected by an issue that will cause them to fail during normal operation, once they fail they will stop functioning completely and can not be powered back on. You can learn more about the affected devices on the notice page. 

Your business uses Cisco Unified Communications Manager (CUCM) and has integrated Cisco Jabber for your team. How can you get more out of your Jabber tool? This post highlights several interesting features that are not widely used but will enhance your experience using Cisco Jabber. 

Compiled by Steven Mulherron & Nathalie Bechbache Stack8 Project Management and Governance Office

For Engineering, Procurement and Construction (EPC) services firms, failure to maintain communication control is not an option. 

Complex operations and data requirements, coupled with highly collaborative work processes, often between multiple on-site and off-site locations rely upon robust telecommunications and collaboration tools. These communication challenges are further compounded by the scope of deliverables, schedules, and price sets.

Inability to meet prescribed performance guarantees can put the future of the project at risk. In addition, performance and scheduled liquidated damages increase costs which can potentially eliminate or negatively impact profitability.

Apple is scheduled to introduce in its next major iOS release (after iOS 10 anticipated September 2017), a significant change that removes APIs that are required for handling calls and IM’s when the application is running in the background. What this means  is that if Jabber is not opened in the foreground, the user will not be notified of incoming calls and IM messages.

On January 24, 2017, Cisco announced the next steps in their plan to reshape collaboration with their Cisco Spark platform. The event focused on two aspects: first, the unveiling of the new Cisco Spark Board and second, the (re-)launch of Cisco Spark Meetings as well as enhancements to the Cisco Spark application on all platforms.

Do not miss out receive expert tips and insights straight to your inbox!

There is a severe bug in the WebEx extensions for Chrome, Firefox and Internet Explorer (CVE-2017-3823) that enables an attacker to execute arbitrary code on a machine if a user with the plugin installed visits a hostile website. A trusted website may also contain a hostile ad or XSS vulnerability that can be leveraged in this attack. This plugin is installed on approximately 10 - 20 million user machines.

The Cisco Unity Provisioning Interface (CUPI) allows a UC Administrator to programmatically perform moves, adds, and changes to various entries in Cisco Unity (users, contacts, distribution lists, and call handlers) through a simple REST API.

The following article will provide instructions on how to perform a request to the CUPI API using Postman.

In part one, Doug Green publisher of TelecomReseller and Steven Karachinsky CEO of Stack8 discussed the role Stack8 plays in providing UC managed services. In part 2 they discuss alternatives to Cloud and hosted services, as well as what to expect from Stack8 in 2017.

Introduction by Doug Green publisher of TelecomReseller:

Based upon the TelecomReseller Podcast

Steven Karachinsky, Stack8’s CEO, thinks that there are ways to manage your enterprises Cisco resources to gain more productivity and to trim costs. Stack8 offers an extensive line of managed services, professional services and software solutions for Cisco Unified Communications, including Stack8’s portfolio of UC Managed Services.

Stack8’s approach includes proactive support for an enterprise’s entire UC infrastructure and its integrated applications.

Stack8 Technologies views itself as “a new breed of Cisco Solutions Partner.” The company’s founding partners wanted to create a business that would customize services to the needs of each customer. The company’s name reflects the idea of people, the people of Stack8, being the 8th layer of the OSI stack.

Montreal, CANADA, December 01, 2016 - Stack8, a leading provider of services and solutions for Cisco Unified Communications (UC), today announced its participation at Cisco Connect Montreal 2016, taking place December 7, 2016, booth #20 Palais des congrès de Montréal.

At this year's event, Stack8 will showcase its extensive line of managed services, professional services and software solutions for Cisco Unified Communications, including a sneak peek of its new UC Managed Services for Cisco Unified Communications.

The largest complaints callers have with regards to call centers is waiting on hold for an excessive period of time or navigating through an endless phone menu with hard-to-follow/lengthy prompts.  In fact, social media is filled with sites that consumers can voice their criticisms: On hold with.  

This problem is further compounded by organizations who have IVR (Interactive Voice Response) and ACD (Automated Call Distribution) technologies but only use the ACD component in combination with simple rules to route calls to agents. These shortcuts are often because of the costs or challenges associated with deploying.

Inevitably delivering the bare minimum queuing with no self-service results in overloaded agents, angry consumers and excessive queue times.

In today’s business environment, one thing is certain: all companies need to get the most out of their investments. And that includes investments made in technology. What happens when the time and resources required to manage your technology precludes you from progressing and getting value from your investments?

It’s a question that many companies face, and previously, not one that was easily answered.

But to get to the answer, we need to start with the problem. And without a doubt, one of the biggest problems facing businesses I speak with is finding the time to invest in and get the most out of their Unified Communications (UC) solutions. Why? They simply don’t have the staff or the bandwidth to turn on the full functionality of these vast systems. The multiple daily tasks that need to be done in order to keep things up and running prevent their highly trained/certified resources from delivering more value from their technology investments. Sound familiar?

Your company is a Cisco Unified Communications environment and you are having issues with registering phones to your environment. You verify the configuration on the Cisco Unified Communications Manager CUCM and everything seems okay, what are the possible issues preventing registration? How can I diagnose the issue?

PROBLEM

Your Cisco phone is not registering to Cisco Unified Communications Manager CUCM.

In this blog post, we will explore 3 possible solutions to troubleshoot in order to identify and resolve the issue.

If you already have Cisco Expressway MRA and SIP URI dialing activated in your Cisco Unified Communications environment, then you should seriously begin to think about activating another very key feature within Cisco Expressway: Business-to-Business dialing.

This feature will bring your collaboration with your partners and customers to whole new level; allowing you to have audio and video calls with them as seamlessly as you do with your coworkers.

A big part of the configuration process for B2B calls is deploying public DNS SRV records that will allow your partners and clients to call you using your corporate domain.

Assuming you have all necessary ports on the firewall already opened.  The following will take you through the steps required to effectively configure the B2B SIP URI dialing feature within Expressway.

Our support team received a call from a customer complaining that their next generation firewall (NGFW) was intermittently blocking access to their new voting website. As we were in the process of making firewall changes inside their environment and are responsible for the management of their network they turned to us for help.

The website was a vanity domain hosted at GoDaddy that redirected users to a deep link within another website. We accessed the site and confirmed that it was working properly and sending a 301 redirect as expected, it worked properly both inside their and our environment. We reviewed the firewall logs and found no indications that traffic was blocked by any firewall or IPS. The customer insisted that there was an intermittent problem accessing the website that seemed to affect some users at random.

In case you have not yet heard: Cisco Collaboration Systems Release (CSR) v11.5 applications are now available on Cisco.com: CUCM, CUC and IM&P 11.5 and have been posted. 

One Important Note: CUCM 11.5 will no longer support the following 12+ years old phones:

Like most Cisco Unified Communications customers with the need to support some form of contact center within their organizations, you may have most likely deployed Cisco Unified Contact Center Express (UCCX), or perhaps its big brothers Packaged Contact Center Enterprise (PCCE) or Unified Contact Center Enterprise (UCCE). And again, like most Cisco contact center deployments, you have most likely initially focused on the essentials: getting your agents to answer customer calls! Now that this is out of the way, it’s time to take a deeper look under the hood of your Cisco contact center platform and realize its true potential: it can completely transform how you interact with your customers. 

Although PCCE and UCCE platforms are great, this article will focus on UCCX. With the capacity to support 400 agents and as many concurrent IVR ports, UCCX fits most small and medium-sized organizations. At its core, it consists of four main modules all within the same box: an Interactive Voice Response (IVR) system, an Automatic Call Distribution (ACD) engine, a set of applications for Computer Telephony Integration (CTI), and a Reporting platform. At first glance, this may all seem relatively standard. However, what sets UCCX apart is its flexibility; at Stack8, we consider UCCX to be closer to a Telephony Application Development platform than a contact center product. 

"The Future of Cisco UC: The URI Advantage" was a recent post that explained URI and the advantages of using it in your Unified Communications Environment. A directory URI is the abbreviation of Uniform Resource Identifier and its directory format is similar to an email address (username@host) where the host portion is an IPv4 address or a fully qualified domain name. One of the main advantages that was outlined  in the above article was that by adding SIP URI integration in your dial plan or at least a URI directory adds significant flexibility.  .

The following post, we take you through the step-by-step to setting up and activating URI dialing within a Cisco UC environment from mapping the Directory URI address to an email address to modifying display preferences.

Ransomware, as its name suggests is a malware that infects a system and locks the user out of their data unless a ransom is paid. The victim of such an attack is left powerless to recover their data as only a unique key can unlock the infected system. The user has a pre-set deadline to pay the ransom or risk permanently losing access to their data. This type of attack has seen a rise in occurrence since its rise to prominence in 2005. The field of Crytomalaware is in constant evolution because of the extremely profitable nature of these activities, the largest threat currently is Cryptowall 3.0 /Cryptolocker which usually spreads through phishing emails. The user clicks on a link, a Trojan is installed on the system which then delivers its payload by encrypting user data and displaying a locked out message.

Why are we still talking about something that has been around since Call Manager 7.x? Why is a dial plan built around URI not more common place? Why is it still something most people only think about in reference to video?

At the outset, the purpose of the URI is exactly what the name states, a Universal Resource Identifier. For those unfamiliar with URI or SIP URI, it is basically an alphanumeric ID that is reachable across the web. It seems like a perfect fit with Cisco’s vision of an all-encompassing communication platform, and in large part it is. In concept, the goal is to have a single address at which to contact someone regardless of the medium you choose. In other words, mbalcer@stack8.com becomes my e-mail address, my instant messaging ID, my video call number, and yes even my phone number. Isn’t this what IP telephony and UC were built for?

Do you experience intermittent performance problems, particularly at branch offices? Do some applications “not work” and then self-resolve before you can address them? Limitations in path MTU may be the cause of your problems!

In today's networking environment,  you may encounter situations where your traffic passes through a path with an MTU that is lower than the standard 1500 bytes, for example if you are using a PPPoE DSL or an IPSec VPN. If you are aware of a limitation in the MTU along a path you should use the IP MTU command on the interface facing this path to limit the MTU. This should be done as close as possible to the traffic source so that messages are sent back immediately informing the client of the limitations while reducing the chances of them being lost of ignored.

These network settings will result in packet fragmentation. Since TCP is a stream oriented protocol which handles packet re-ordering, as well as, the retransmission of lost packets, it should not suffer packet loss directly tied to fragmentation but will suffer a performance degradation.

However, on the other hand, UDP being a message oriented protocol, it does not have a built-in reordering or retransmitting mechanism, so fragmentation should be avoided.  Further, when your traffic flows through devices that you have no control over nor visibility on such as sending traffic over the internet, then this should be avoided at all cost. 

Your company is a Cisco Unified Communications environment and you are trying to identify an inbound call flow in order to diagnose an issue with hard facts. You ask yourself: "How can I find the call flow that is being accessed at the time of my issue?"  This guide will help you diagnose two use cases:  

1. Erroneous call flows in Cisco Unity 
2. Toll Fraud.

Although we are focusing on these two particular cases these solutions can be used to diagnose a variety of issues . 

PROBLEM

You are unable to figure out what the inbound caller is dialing before and after they access your system (Unity, UCCX).

The Cloud Services Router 1000v (CSR) is one of Cisco's best kept secrets in the routing and security space. The CSR is an incredibly powerful product that's flexible, adaptable and offers almost limitless functionality at a very low price point. In some cases, this router will cost less to license than the ongoing support costs of the traditional router that they could replace. While infrequently positioned in these roles by VARs and account teams the CSR is surprisingly capable.  In this blog post, we will review the advantages and limitations of the CSR in our experience using it on the routing and security side of the business although it's also starting to be used for some Unified Communications related roles.

Drive to 9… Drive to Collab… Refresh to Collab… If these terms are familiar to you it is probably because you have been contacted by your Cisco account team or your Cisco reseller to upgrade your Cisco Unified Communications (UC) environment. Cisco has facilitated the upgrade process by creating these promotions to reduce the cost of doing an upgrade. In the past, the cost may have been a prohibitive decision criterion in the upgrade process;  although cost is always a consideration, in the case of a Cisco UC upgrade, it may be better as a secondary consideration if only because making the wrong upgrade decision could in fact be even more costly.

So what should be considered? Why should you upgrade? Why should you not upgrade?

There are really five criteria that should be considered when making the decision:

1. manufacturer support,
2. compatibility,
3. infrastructure,
4. application bug fixes, and
5. features and functionalities.

Your company is an avid Cisco Unified Communications user and you recently successfully integrated a fax server using H323. The fax server is configured and working fine, however, you see an issue when sending a fax to a specific destination. Why are other fax destinations working, but not this one? How can I identify the source of the problem? What can I do to fix the issue?

Often our first impression is to think that the issue resides with the destination. However, through investigation, when this issue came up with many of our customers, we often found that not to be the case; the issue actually resided at the origin and not the destination.  We will explore the most probably causes to the problem and outline steps to resolving them.

PROBLEM

Unable to fax to an isolated destination number;  the other fax answers, but the transmission does not complete.

Many organisations today face a challenge in securing enterprise networks that were designed prior to internal segmentation and security becoming a primary concern. It is very difficult to retrofit security into a network design, especially when you want to avoid changing server configurations, minimize downtime and impact, maintain performance within existing network segments, and progressively phase in security rules. In this blog post, we'll discuss an approach we have developed and used for both new network deployments, as well as, retrofits. 

THE PROBLEM

Retrofitting security into a network design while avoiding server configuration changes, downtime and performance issues.

Your company is using Cisco Unified Communications and all is running smoothly until you suddenly receive a call from the receptionist that Emergency Services has just arrived at your front door following up on a 911 call that was made from someone inside the company and you need to find out who dialed the number. Or maybe you just received the monthly invoice from your Telco provider and you need to find out who has been repeatedly calling overseas to a country that you do not do business with. Does one of these situations sound familiar?

So what is the best way to find the answer to these questions? In both cases, the solution is to open Cisco Unified CM CDR Analysis and Reporting tool, export the raw data into an excel table then begin your forensic search for that needle in the haystack. The CDR extract is useful when you need to troubleshoot failed calls, find all long-distance calls or simply list all calls made by a specific individual for an HR related request. However, it is raw data and not formatted in a user friendly way; to make things even more challenging, Cisco Unified Communications Manager 10.5(2) or higher now includes 120 fields for each call, making a simple search request quite complex. So where do we begin?

PROBLEM

Our challenge is to forensically identify specific search criteria in a simple and easy way without combing through massive amounts of data.

Once you have completed part 1 (Integrate any 3rd party provisioning application with your CUCM using Cisco AXL) and part 2 (Sending AXL Requests to Cisco CUCM with Postman), part 3 takes it one step further with direct access to the CUCM database with Cisco AXL.

Executing SQL queries against CUCM with Cisco AXL is the third and final part of our 3-part series on taking you through the steps to get the most from your CUCM using the Cisco AXL API.  Once you have completed part 1 and part 2, part 3 takes it one step further with direct access to the CUCM database with Cisco AXL. Perhaps two of the most powerful things about the Cisco AXL API are the executeSQLQueryReq and the executeSQLUpdateReq functions. These features allow you to create, update and delete directly in the CUCM database.

For a complete view of the database schema, please consult the CUCM Database Dictionary. 

To demonstrate this, we will show you the steps to query CUCM to find all the Directory Numbers that are inactive. 

Sending AXL requests to Cisco CUCM with Postman is part 2 of 3 in our series taking you through the steps to get the most from your Cisco CUCM using the AXL API.  This article assumes your CUCM has the AXL Service Enabled and that you have credentials for an Application User account with Standard AXL Access. Please read our part 1 post on integrating any 3rd party provisioning applications with your CUCM using Cisco AXL, if you require instructions on how to set that up before proceeding with part 2.  

The Administrative XML Web Service (AXL) is an XML/SOAP based API that enables remote provisioning of Cisco Unified Communications Manager (CUCM) using any modern (and even not so modern!) programming language. We will be looking at how to quickly test your AXL API calls using Postman. This Google Chrome App is a great tool for developers or anyone who wants an easy way for testing any web APIs (including Cisco's AXL API). Now let's review the steps required to set up and install Postman then to send an AXL request to Cisco CUCM with Postman.

Cisco Unified Communication Manager gives you a set of essential tools that allow you to do most of the things you need to do with your system. However, there are times where these tools may not be the most effective or efficient to provision your CUCM. The following post is the first of a 3 part series that will take you through the steps to get the most from your CUCM using the Cisco AXL API.

This first one is on how to enable Cisco AXL service on your Cisco Unified Communications Manager (CUCM) System allowing you to integrate any 3rd party provisioning application such as SMACS.

The second article takes it a step further and shows you how to send your own AXL request to CUCM with the help of postman.

And the third of this series, for those who want to push even further and shows you how to execute SQL queries against CUCM through AXL. 

More and more companies these days have mobile workforces: teams that work on the road or who have the ability to work from home. To help maximize efficiency and to make this mobility seamless to the individuals and the rest of the team Mobile and Remote Access (MRA) via Cisco Expressway is the key. Being able to use Cisco Jabber and IM&P help bring mobile collaboration to another level. However, there are times when this seamless mobility runs into a snag and an error occurs; one of the most common errors while using Jabber in MRA mode via Cisco Expressway is "cannot communicate with the server". Today's tip is about how to effectively troubleshoot this problem. 

PROBLEM

Cisco Jabber login error when trying to communicate using Mobile and Remote Access via Cisco Expressway: "cannot communicate with the server".

Many are those who have deployed Cisco Unified Communications (UC) within their organizations: IP phones, Unified Messaging, Jabber for instant messaging and presence, softphone capabilities, and much more. There is no shortage of great benefits to implementing UC… However, communication with the outside world is still limited to sub-par audio calls through the Public Switched Telephone Network (PSTN) and the use of UC applications such as Jabber are still mostly constrained within the company’s walls (or firewall) unless you run one of those cumbersome VPNs. Enter Cisco’s Collaboration Edge Architecture with, at its core, a single solution that does it all: Cisco Expressway.

The Vulnerability 

On Tuesday, February 16th, Google's security team announced a significant vulnerability in glibc . The vulnerability relates to the handling of DNS packets, and many Cisco systems are vulnerable to it if an attacker can cause an affected device to perform a DNS lookup against an attacker-controlled DNS server. As many services (ssh, some web servers, mail servers) do perform these requests in an externally controllable fashion, the risk and exposure of this vulnerability are extremely significant.

Cisco released their advisory for this issue on the 18th. Because of the extensive use of Linux in newer switching and routing products, UC servers, and security and management appliances, the potential scope of the issue is vast. Cisco is presently still in the process of qualifying products to determine if and how they are affected.

Managing Cisco Unified Communications from a user-focused perspective is like building a house then managing the people in it.  How you ask?

First, let us start by putting aside the technical complexity of Cisco Unified Communications (UC) environments, there is little doubt that managing these environments once they are in place, presents a significant challenge. What years of involvement in Cisco managed services has taught me is, if you thought getting Cisco applications implemented was the hard part, then you have got another thing coming.  Think of it as building a house; step one, putting up the structure. With the right expertise, this is a usually a one time job and one that is handed off to properly skilled individuals to complete. Next is the ongoing maintenance and needs management of the people who live in the house; this is a completely different challenge altogether. Cisco UC is exactly the same; you can always engage a skilled Cisco services partner to deploy Unified Communications Manager, Unity Connection, Jabber, UCCX, UCCE and the underlying network infrastructure. Once the components of the UC environment are in place, that is when the real job starts. What happens with employee turnover?  What happens with dial plan changes?  Services Changes?  Upgrades?  Hardware changes?  Provider integrations?  On a positive note, it is never a bad time to begin thinking about your management approach. Lets go through some of the things you need to think about and answer in planning your user focused Unified Communications management approach.

CISCO CVE-2016-1287 VULNERABILITY PROBLEM

Yesterday Cisco released an out of band patch for an ASA vulnerability (CVE-2016-1287) that permits remote code execution for any ASA device enabled for IKE / IPSec.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

You can validate if your configuration is affected using the following command:

show run crypto map | include interface

The Cisco advisory indicates that there is no way to mitigate this threat. There are a large number of  vulnerable ASA firmware versions that have not and will not receive fixes. Customers should be aware of the difficulty in migrating from 8.2 to newer versions because of the complete restructuring of NAT rules.

Do you keep dropping calls in your Cisco Unified Communications System and can't figure out why? You are not alone. This is a problem I often troubleshoot for many of our clients. The first and most challenging step to resolving this issue is obtaining a log of the issue when it arrives to help you troubleshoot. 

Some people may opt to use a syslog server in Cisco IOS, however, messages are carried over UDP so you can lose some of them or the rate limiting feature may not send all the information you need.

In my case, many of our clients do not have a syslog infrastructure and as we are managing multiple clients, I could not keep my computer connected to one specific client all day waiting for this intermittent failed call to reoccur.

I needed a simple and efficient way to identify the issue and capture all the log information to allow me to effectively troubleshoot the cause and fix the problem.

PROBLEM

Obtaining a log of an intermittent failed call to the PSTN.

With the surge of emerging technologies, many companies are prone to getting the latest hardware and software they can get their hands on to improve their overall productivity and reduce costs.

However, one thing that is often neglected in this fast paced environment and that should be considered one of the most crucial aspect of a network's infrastructure is its security.  Being aware of technology vulnerabilities is the first step in avoiding the infiltration of any unwelcome and malicious intruders that could lead to a devastating aftermath.

This leads us to this very important topic: how to mitigate the risk of attacks on Cisco IOS SIP gateways.

In this post, we will review the following:

1. How intruders would go about doing reconnaissance on a network in planning an attack,  
2. How to check if your device is prone to fingerprinting, and
3. How to implement corrective measures to tighten-up these weak spots, making your Cisco network more secure.

Your company is a Cisco Unified Communications environment and you have integrated Jabber for your internal Instant Messaging and Presence needs (IM&P). Someone at your company is trying to get in touch with you, but your Jabber status show as " Offline" even though you are logged in. How can I identify the source of the problem? What can I do to fix this issue?

This issue is usually a scattered occurrence and one that not everyone is able to observe, making troubleshooting a challenge.

PROBLEM
Jabber status shows as "Offline" to others, even though you are logged in.