Hybrid Calendar Service for On-Premises Microsoft Exchange
With Hybrid Calendar Service, you can connect your Microsoft Exchange environment to Cisco Spark. This integration makes it easier to schedule and join meetings, especially when mobile; no plugins are required.
Hybrid Calendar Service has no Cisco call control dependency—you can use this service to extend features to Cisco Spark users, even if you use a third-party UC solution.
To simplify scheduling a meeting, your users can type these values in the invite Location field of their calendar client:
@spark to create a Cisco Spark space for meetings or to host the meeting through Cisco Spark.
@webex or their personal meeting room URL to include a clickable link for their WebEx personal meeting room.
From Outlook, your users can share their out of office status to other users in Cisco Spark. As soon as a user sets an automatic reply and date range, other users can see the status in Cisco Spark in these locations:
In @mentions directed at the out of office user.
In the People space for that user.
In search results for that user's name.
In the expanded people roster for a space.
Follow these tasks to
Prepare your calendar environment.
Register a connector host to the Cisco Collaboration Cloud.
Register your calendar environment to the Cisco Collaboration Cloud
Enable users for Hybrid Calendar Service. Once enabled, they can share out of office status with Cisco Spark users and use simplified meeting scheduling in your organization.
We recommend that you read the Cisco Spark Hybrid Services Design Guide for a detailed overview of Cisco Spark Hybrid Services, including architectural and design information.
The management connector is included in the Expressway-C base. You use it to register an Expressway to the cloud and link the Expressway interface with Cisco Spark Control Hub. The management connector plays an important role as the coordinator of all connectors running on the Expressway server or cluster: It provides you with a single point of control for connector activities. The management connector enables cloud-based management of the on-premises connectors, handles initial registration with the cloud, manages the connector software lifecycle, and provides status and alarms.
For an HTTPS connection to be established between the management connector and the cloud, you must update the trust list on the Expressway-C connector host with certificates that were signed by certificate authorities in use by the Cisco Collaboration Cloud. You can allow the Cisco Collaboration Cloud to upload CA certificates to the Expressway-C trust store. Or, in the case where security policies prevent the Cisco Collaboration Cloud from uploading trusted certificate authority certificates on Expressway-C, you may upload them manually.
The Calendar Connectoris the on-premises component of the Hybrid Calendar Service. The connector runs on an Expressway-C host that you register to the Cisco Collaboration Cloud.
The Calendar Connector acts like a broker between the cloud and your Microsoft Exchange (on-premises), Office 365 (cloud), or both (Hybrid Exchange deployment). The connector acts on behalf of users, similar to the way a client application would access a user's calendar information. The connector uses the impersonation role (which you can restrict to a subset of users) and uses Exchange Web Services to:
Autodiscover where users are homed
Listen for notifications on a user's calendar
Retrieve information on a user's calendar items
Populate meeting invitations with details of Cisco Spark spaces and WebEx personal rooms.
The Hybrid Calendar Service is designed to minimize security concerns in a hybrid environment:
The cloud cannot retrieve or access the Exchange credentials from the connector
The cloud has no direct access to Exchange through the connector
The connector does not access any user email or contacts
The connector does not create search folders or other extra folders for the user
The connector is not an Exchange Foreign connector
The connector does not interact with the Exchange Hub transport server
No AD schema extensions are required
In production Exchange, the Calendar Connector increases the CPU usage and load on the CAS and MBX servers. The impact on your Exchange environment depends on:
Your Exchange deployment
The number of configured users
The number of @webex/@spark meetings per user per hour
The size of calendars
We document a throttling policy designed to help manage the increased traffic.
Requirements for Hybrid Calendar Service
|Any Cisco Spark paid offer||Any paid offer|
|Cisco Expressway—download from https://admin.ciscospark.com at no charge||We recommend the latest release of Expressway for connector host purposes. See here for the version support statement.|
|Microsoft Exchange|| |
2010 SP3, 2013, 2016
|Cisco WebEx—Use for @webex scheduling only; not required for @spark (If purchasing Cisco Spark Advanced Meetings, Cisco WebEx does not need to be purchased, because its capabilities are already included in Cisco Spark Advanced Meetings.)||WBS29.13 and later (WBS31 or later is required for sites that use Cisco Spark-integrated single sign-on.)|
Complete the Prerequisites for Hybrid Calendar Service
|1||Allow time to configure the impersonation account. See "Exchange Impersonation Account" below to understand the role of the account and for answers to common questions that related to security|
|2||Install or make sure you're running a supported calendar environment, as described in Requirements for Hybrid Calendar Service.|
|3||Ensure that users are listed in Active Directory and have a discoverable mailbox in the organization's Exchange server.|
|4||Provide the following port access:|
|5||For @webex functionality, configure or use a Cisco WebEx Meeting Center site with CMR Cloud.|
|6|| To make One Button to Push (OBTP) available for Unified CM-registered endpoints managed by TMS on @spark or @webex meetings:|
If you have on-premises conferencing, you can add OBTP with CMR cloud and run both at same time. We support OBTP functionality only; auto connect is not available.
Complete the Expressway-C Connector Host Prerequisites for Cisco Spark Hybrid Services
Use this checklist to configure a Expressway-C connector host for Cisco Spark Hybrid Services before you register it to the Cisco Collaboration Cloud to run hybrid services.
We recommend that the Expressway-C be dedicated to hosting connectors for Cisco Spark Hybrid Services. You can use the Expressway-C connector host for other purposes, but that can change the supported number of users. See the capacity information below so that you can plan your deployment accordingly.
|1||Obtain full organization administrator rights before you register your Expressway(s),and when you access https://admin.ciscospark.com to administer your organization services to Cisco Collaboration Cloud.|
|2||Plan your connector capacity and follow the supported Expressway scalability recommendations:|
|3||Deploy the Expressway-C connector host in a cluster to account for redundancy. |
Cisco Spark Hybrid Services are highly available if Microsoft Exchange, Unified CM, and Cisco Expressways are deployed in a cluster. The same guidelines that apply to Cisco VCS and Expressway apply for the Expressway-C connector host clustering.
|4||Follow these requirements for the Expressway-C connector host. |
|5||If this is your first time running Expressway, you get a first-time setup wizard to help you configure it for Cisco Spark Hybrid Services. In some versions, if you check the Hybrid Services option in the wizard, you may see a note about the need for a dedicated service. To use the Expressway-C connector host for coresident connectors and SIP signaling and media for hybrid traffic, you may have to bypass the Cisco Spark Hybrid Services option in the configuration wizard.|
|6||Follow these configuration requirements for the Expressway-C connector host. See the Cisco Expressway Basic Configuration Deployment Guide, in the list of Cisco Expressway Configuration Guides on cisco.com, for details.|
|7||Follow these master peer configuration steps:|
|8||If you have not already done so, open required ports on your firewall. All traffic between Expressway-C and the Cisco Collaboration Cloud is HTTPS or secure web sockets. TCP port 443 must be open outbound from the Expressway-C to *.ciscospark.com, *.wbx2.com, and *.webex.com.|
|9||Obtain the details of your HTTP proxy if your organization uses one to access the internet. The proxy must support either no authentication or basic authentication, because these are the only authentication types supported by the Expressway|
|10||Review these points about certificate trust. You can choose the type of secure connection when you begin the main setup steps. |
Set Up an Impersonation Account for On-Premises Microsoft Exchange
You must choose a mail-enabled account to use as the service account. (The account doesn't have to be an administrator, but it must have a mailbox.)
If you limited the set of users that are synchronized with Active Directory using LDAP filters, you may want to limit the impersonation by using a new or existing management scope in Exchange.
Configure a Throttling Policy and Apply it to the Impersonation Account
Register the Expressway-C Connector Host to the Cisco Collaboration Cloud
Cisco Spark Hybrid Services use software connectors to securely connect the Cisco Spark service to your organization's environment. Use this procedure to register your Expressway-C.
After you complete the registration steps, the connector software is automatically deployed on your on-premises Expressway-C (the software connector host).
Sign out of any existing Expressway-C connections that are open in other browser tabs.
If you're registering a cluster, register the master peer. You don't need to register any other peers, because they register automatically when the master registers. If you start with one node set up as a master, subsequent additions do not require a system reboot.
If your on-premises environment proxies the outbound traffic, you must first enter the details of the proxy server onand then complete this procedure. Doing so is necessary for successful registration.
The Cisco Collaboration Cloud rejects any attempt at registration from the Expressway web interface. You must register your Expressway through Cisco Spark Control Hub.
If the registration process times out, or fails for another reason (for example, you must fix certificate errors or enter proxy details), you can restart registration in Cisco Spark Control Hub.
|1||From the customer view in https://admin.ciscospark.com, go to Services, click Set up on the card for the hybrid service you're deploying, and then click Next.|
|2||Choose a method to register the Expressway-C:|
|3||For new registrations, click Next, and then click the link to open your Expressway-C. You can then sign in to load the Connector Management window.|
|4||Decide how you want to update the Expressway-C trust list: |
A check box on the welcome page determines whether you will manually append the required CA certificates to the Expressway-C trust list, or whether you allow Cisco Collaboration Cloud to add those certificates for you.
Choose one of the following options:
|5||Click Register. After you're redirected to Cisco Spark Control Hub, read the on-screen text to confirm that Cisco Collaboration Cloud identified the correct Expressway-C.|
|6||After you verify the information, click Allow to register the Expressway-C for Cisco Spark Hybrid Services. |
Troubleshooting TipsIf registration fails and your on-premises environment proxies the outbound traffic, review the Before You Begin section of this procedure.
Append the Exchange CA Certificate to the Expressway Trusted CA List
If you want to verify the certificates presented by the Exchange Server, then the Expressway trust list must contain the certificate of the CA that signed the Exchange Server certificate. The CA certificate may already be in the trust list; use this procedure on each Expressway cluster to check the list and append the certificate if necessary.
If you're using a custom domain, make sure that you add the CA certificate for the domain certificate issuer to the Expressways.
Certificate Authorities that Must be Trusted by Your Existing Environment for Cisco Spark Hybrid Services
The table lists the Certificate Authorities that your on-premises or existing environment must trust when using Cisco Spark Hybrid Services.
If you opted to have Cisco Collaboration Cloud manage the required certificates, then you do not need to manually append CA certificates to the Expressway-C trust list.
Cloud hosts signed by this CA
Must be trusted by
For this purpose
|O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root|| |
To ensure Expressway downloads connectors from a trusted host
Common Identity (CI) service
|O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority|| |
Windows Server 2003 or Windows Server 2008 hosting the Directory Connector
To synchronize users from your Active Directory with Cisco Collaboration Cloud and to authenticate Cisco Spark Hybrid Services users
|O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority|| |
Link the Calendar Connector to Microsoft Exchange
The Calendar Connector installs automatically after you register your Expressway for Cisco Spark Hybrid Services. The connector does not start automatically, and requires some configuration.
Link Calendar Connector to your calendar environment and CMR sites.
|1||From the Expressway-C connector host, go to , and then click New.|
|2||Enter the credentials of the service account that you want the Calendar Connector to use to connect to Exchange. |
The service account queries calendars on behalf of your users, using the impersonation role. You can use these formats:
|3||Enter a unique Display Name for this Exchange Server.|
|4||For the Type, select Exchange On-Premises for Exchange 2010, 2013, or 2016|
|5||For Need Proxy for Connection?, select Yes if https access goes through a web proxy to your Exchange CAS (Client Access Server) array.|
|6||For Enable this Exchange server?, select Yes. |
You can select No for debugging purposes, but users will not be subscribed to this Exchange.
|7||(Optional)Select an Authentication Type. |
For added security, we recommend NTLM for 2010 and later on-premises Exchange servers.
|8||Leave TLS Verify Mode as the default value On so that this Expressway-C verifies the certificate presented by the Exchange Server. |
You may need to update the trust stores on both servers to ensure that each one trusts the CA that signed the other's certificate.
|9||For Autodiscovery, choose whether you want to manually enter the Exchange server or let the Calendar Connector discover it automatically. |
Autodiscovery is required for on-premises deployments of Microsoft Exchange 2013 and later.
|10||(Optional)If you chose Use Active Directory, configure the extra fields with the AD details.|
|11||Click Add to store the Exchange Server configuration on the Expressway-C. |
The Calendar Connector tests the connection to the Exchange environment.
|12||After the connector is enabled, disable and enable it again for any Exchange configuration changes to take effect.|
Configure the Calendar Connector's WebEx Site Settings
After you configure the Exchange settings, configure the details for your WebEx Meeting Center with CMR Cloud sites.
Start the Calendar Connector
Enable the Hybrid Calendar Service for Users
Use this procedure to enable individual Cisco Spark users for Hybrid Calendar Service.
See the documentation for alternative ways to enable services for your Cisco Spark users in bulk or in a directory synchronized organization.
|1|| From https://admin.ciscospark.com, go to Users, and then choose a specific user from the list. |
You can use the search function to narrow down the list of users.
|2||Click the row to open an overview of the user.|
|3||Click Calendar Service, toggle on Hybrid Calendar, and then save your changes. |
After you activate the service, the Cisco Spark user status changes from Pending Activation to Activated. The length of time for this change depends on the number of users that you're enabling for the service.
Users receive an email that indicates the feature is enabled. See the documentation below if you want to disable email notifications.
Test the calendar features