Category Archives: Unified Communications

Cisco WebEx Meetings Server (CWMS) and Microsoft ADFS – Import Phone Numbers

In my latest CWMS deployment we have utilised SAML 2.0 and Microsoft ADFS services for user management. In your standard SAML integration;

  • Users attempting to access CWMS are authenticated via ADFS using their AD credentials
  • A CWMS account is automatically created based on the attributes that ADFS passes back to CWMS

The standard attributes are first name, last name and email address. In this case, we also wanted to populate the users CWMS profile with their telephone number.

To do this, two additional custom claim rules are required.

The first claim rule retrieves number from Active Directory:

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"] => add(store = "Active Directory", types = ("PhoneHolder"), query = ";telephoneNumber;{0}", param = c.Value);

The second claim rule sends the telephone number to CWMS:

c:[Type == "PhoneHolder"] => issue(Type = "OPhoneLocal", Value = RegExReplace(c.Value, "\+61", ""));

In this case the numbers in Active Directory were stored in +E164 format (which we love, but CWMS does not); so there is a regex replace in there to remove the +61 on the way over to CWMS. This is easy at this point as there are only Australian numbers in the system. This would require some more work if it was an international system.

Fortunately ADFS can be configured with other attribute stores such as databases which could give you plenty more options about where to get attributes and what to send across to CWMS.

Testing Quality of Service (QoS) in IP Networks

Various tools exist to test you QoS configurations across your network, but most of these are costly and often tricky to set up.

If you have  a Cisco network there is a simple way to ensure your packet DSCP markings are being carried throughout the environment, just using your Cisco CLI.

The basic set up is this:

Create IP SLA probes destined towards an edge IP address with the IP packet TOS field set from a edge WAN router or L3 switch in the path you wish to measure QoS across.

This will send ICMP packets marked with DSCP across your network. Then you have  a few options as to how you validate the packets markings are carried through the network.

The simplest way to do this is to check the outbound queues on each device in path to see if the QoS queue counters are incrementing at the same rate you are sending your probes, but this can be a problem in a noisy environment.

Another way is to use the inbuilt packet capture feature built into Cisco IOS 12.4 and up. By setting a simple filter you can only capture the IP SLA probe packets, and then export these to Wireshark to check the packet DSCP is intact (or view the packets in the IOS CLI)

An example IP SLA TOS probe is shown below

  • rtr 1
  • type echo protocol ipIcmpEcho 10.1.1.1 source-ipaddr 10.2.1.1
  • request-data-size 200
  • tos 96
  • timeout 1000
  • frequency 10
  • hours-of-statistics-kept 12
  • rtr schedule 1 life 604800 start-time now