Cisco BroadWorks용 Webex의 장치 통합 안내서

날짜	문서 버전	변경 설명
2023년 5월 12일	1.7	Webex 통합 장치 섹션의 최종 사용자 기능 아래에 BroadWorks용 Webex 통합 Cisco RoomOS 장치* 및 디렉터리 검색 향상점 을 추가했습니다*.
2023년 2월 27일	1.6	장치 온보딩 아래에서 회의실 OS에 대한 서비스 구성 단계를 업데이트했습니다.
2023년 2월 17일	1.5	Webex 통합 장치에 대한 최종 사용자 기능 아래에 Webex 인식 MPP 전화에 대한 통합 통화 기록 섹션을 추가했습니다.
2022년 10월 14일	1.4	SRV 레코드를 포함하도록 Room OS Onboarding* 섹션 아래에 있는 Room OS* 에 대한 온보딩 프로세스를 업데이트했습니다. 플로우 쓰루 프로비저닝 요구 사항을 위한 솔루션 가이드에 대한 포인터가 포함된 Room OS 전제 조건 섹션에서 BroadWorks 구성 요구 사항 을 업데이트했습니다.
2022년 6월 20일	1.3	플로우 쓰루 프로비저닝 요구 사항을 위해 솔루션 가이드에 대한 포인터를 사용하여 Room OS 전제 조건 및 MPP 장치 전제 조건 을 업데이트했습니다. 다른 프로비저닝 방법에 대한 정보를 포함하도록 프로비저닝 룸 OS 장치 및 프로비저닝 MPP 장치 를 업데이트했습니다.
2022년 6월 3일	1.2	Room OS 사전 요건 및 MPP 장치 사전 요건에서 장치 프로필 유형 기능 활성화 번호(02283)를 수정함
2022년 5월 27일	1.1	파트너 조직당 전용 DMS 인스턴스에 대한 요구 사항을 수정했습니다. 서문 장을 추가함. 제목을 "장치 통합 안내서"로 업데이트했습니다.
2022년 5월 20일	1.0	초기 게시

Device Onboarding Overview

This chapter describes how to onboard devices to Webex for Cisco BroadWorks. This chapter covers the following use cases:

Onboard new Webex Room OS devices (using activation codes)
Onboard new MPP devices
Add Webex capability to existing MPP devices

We recommended that you deploy this feature on Release Independent ADP servers. However, XSP also supports this feature. If you're using XSP, then where this document refers to "ADP", you can substitute "XSP", unless the text specifies ADP only.
This feature supports both Personal and Workspace devices.

Room OS Onboarding

Webex for Cisco BroadWorks supports activation code onboarding for both shared and workspace Room OS devices.

Device Onboarding with Activation Codes

Device Onboarding with activation codes provides a simple and secure way to onboard Room OS devices. An activation code is a 16-digit one-time system-generated passcode that a user must input on a device to onboard the device. The activation code is securely linked to the intended user account and assures that only the intended user onboards a device linked to the same account. After the user enters the correct code, the device connects to both Webex and BroadWorks, completes registration, downloads its configuration file, and is ready to use.

The following Room OS devices support onboarding with activation codes:

Webex Board Series (Room OS)
Webex Desk Series (Room OS)
Webex Room Series (Room OS)

Onboarding Process for Room OS

The following process shows what happens when a Room OS device onboards using activation codes:

The partner administrator provisions the primary user and device in BroadWorks and then generates the activation code in BroadWorks.
An email that contains the device activation code is sent to the device owner.
The device owner starts the device.
The device prompts the device owner to enter the activation code.
The device owner enters the activation code on the device.
The device onboards to BroadWorks and Webex using the following subprocess:
- The Room OS device sends an activation request to Webex services. The activation code gets validated by GDS and if the code is correct, the device onboards to Webex. Webex returns a machine token to the device.
- The device sends an activation request to the BroadWorks DM along with the machine token and MAC address.
- BroadWorks authorizes and onboards the device.
- The device sends a request to the BroadWorks DM for an updated config. The machine token is included for authorization.
- BroadWorks authorizes the token, locates the updated config file, and returns an updated configuration file.
- Room OS will attempt to locate a NAPTR record for the domain specified in the configuration file as it expects to find an SRV entry for _sip._tls.<domain_in_config> if no NAPTR record is present then RoomOS will then try and look for an SRV record followed by an A record respectively.
  
  The SRV record must be _sip._tls. as roomOS will only support TLS for transport and SRTP for media.
The device registers and is ready to use.

The following diagram provides a simplified overview of the onboarding process.

For detailed information on Room OS onboarding, including more detailed flow diagrams, see the feature description Cisco BroadWorks Enhancements for Webex-Aware Device Onboarding.

Device Authentication (via OAuth Bearer Tokens)

Device authentication for Room OS devices requires that you enable Cisco OAuth Bearer Tokens on BroadWorks. During onboarding, the bearer token gets passed via the Activate Authorization header and serves to identify the device. The IdP validates the bearer token and returns the UUID (a machine UUID for workspace devices or user UUID for personal devices) as bearer subject. BroadWorks saves the UUID as the device name in the Network Server.

Room OS Prerequisites

Minimum Room OS Version

Room OS 10.13 minimum

BroadWorks Patch Requirements

This feature is supported as of version 2021.11 of the Release Independent (RI) ADP server with no patch requirements.

For non-RI servers, you must have installed the following patches (from patch groups ap381367, ap381951, ap382198) in order to use the feature. Install the patches that apply to your release:

R22:

AP.as.22.0.1123.ap381367
AP.as.22.0.1123.ap382236
AP.nfm.22.0.1123.ap381367
AP.ns.22.0.1123.ap381367
AP.platform.22.0.1123.ap381367
AP.platform.22.0.1123.ap382198
AP.ps.22.0.1123.ap381367
AP.xsp.22.0.1123.ap381367
AP.xsp.22.0.1123.ap382198

R23:

AP.as.23.0.1075.ap381367
AP.as.23.0.1075.ap382236
AP.ns.23.0.1075.ap381367
AP.platform.23.0.1075.ap382198
AP.platform.23.0.1075.ap381367
AP.xsp.23.0.1075.ap381367
AP.xsp.23.0.1075.ap382198
AP.ps.23.0.1075.ap381367

R24:

AP.as.24.0.944.ap381367
AP.as.24.0.944.ap381951
AP.as.24.0.944.ap382236

BroadWorks Platform Requirements

This feature is available on:

R22: available on XSP only
R23: available on XSP or ADP (Release Independent)
R24: available on ADP (Release Independent)

BroadWorks Configuration Requirements

To implement this solution, the Flowthrough provisioning must be configured to allow Broadworks to provision devices to Webex.

While configuring the Flowthrough provisioning, it’s not mandatory to use flowthrough provisioning to provision users i.e., you can continue to use your existing provisioning methods (API, Trusted/Untrusted Email, User self, etc.) to provision users. See "Provisioning Requirements" in the Webex for Cisco BroadWorks Solution Guide.
Make sure that the Integrated IM+P service is enabled on BroadWorks and points to the BroadWorks Provisioning Bridge.

The Provisioning Bridge URL was assigned when the Customer Template was applied to the organization. This should have been completed during your initial Webex for Cisco BroadWorks setup. To find the existing URL in Partner Hub, see Configure Application Server with Provisioning Service URL in the Webex for Cisco BroadWorks Solution Guide.
If you have multiple partner organizations, you require a dedicated Device Management Service (DMS) instance per partner.

Prerequisites for Activation Code Onboarding with Room OS

Make sure that the following is set:

Deploy the Device Activation Service on BroadWorks. For details, see Cisco BroadWorks Secure Onboarding Using Activation Codes.
Verify that the DAS URL setting for the BroadWorks cluster is set to the Device Management Services (DMS) URL. To view the current DAS URL setting in Partner Hub, go to Settings > BroadWorks Calling > View Clusters and select the appropriate cluster. The URL appears under Interface settings.

The following BroadWorks features must be activated on the AS:

101377 Enhancements for Webex and MPP device onboarding
25088 Support Handsets for DECT Devices
24104 Support Multicell Chaining for DECT devices
20077 Device Management Enhancements
19559 Visual Device Management Enhancements
02283 Device Profile Type Customization Enhancements

For example, run the following command to enable 101377. Change the feature number when activating the other features: AS_CLI/System/ActivatableFeature> activate 101377

If all the listed patches are installed and an activatable feature is not listed for your particular AS release, it is because it is already included in your AS base release and does not require activation.

Run the following CLI command on the Network Server:

NS_CLI/System/DeviceManagement> asLocationLookupEnabled true

Make sure that the CA that signs your SBC certificate is listed in the Room OS Trust List. You can view the Room OS trust list from the Device Web Portal. On the portal, select Security > Collaboration Edge to view the list of CAs.

Room OS Onboarding Flow

Complete the following tasks to configure your system to support Device Onboarding with Activation Codes for the following Webex Room OS devices:

Webex Board 시리즈
Webex Desk 시리즈
Webex Room 시리즈

1	Configure Services for Room OS Configure BroadWorks support for Room OS devices.
2	Provision Room OS Devices Provision the new device on BroadWorks.
3	Request Activation Code In the Device Profile, request an activation code. The code will be emailed to the primary user automatically.

Configure Services for Room OS

Before you can onboard any new Room OS devices, set the following system level parameters to turn on OAuth authentication.

Raise a Service Request with your onboarding agent or with Cisco TAC to provision Cisco OAuth for your Cisco Identity Provider Federation account. Title your service request "ADP AuthService Configuration".

If you already obtained Cisco OAuth Identity Provider credentials using one of the flows in this document, there’s no need to create a new request. However, if you obtained Cisco OAuth credentials using a flow that is not in this document, complete a new service request to update your credentials.

Cisco는 OAuth 클라이언트 ID, 클라이언트 비밀 및 60일 동안 유효한 새로 고침 토큰을 제공합니다. If the token expires before you use it with your ADP, you can raise another request.

Enable OAuth by using this CLI command:

ADP_CLI/Applications/BroadworksDms/AccessControl/Authentication/OAuth> set enable true

Make sure that the OAuth scope includes broadworks-connector-user (the scope is enabled by default). Run this command to check your scopes:

ADP_CLI/Applications/BroadworksDms/AccessControl/Authentication/OAuth/Scopes> get

Configure the Cisco Identity Provider parameters using the below CLI commands.

ADP_CLI/System/CommunicationUtility/DefaultSettings/ExternalAuthentication/CiscoIdentityProvider> set enabled false

set clientId <clientId>—see service request response for ID.
set clientSecret <clientSecret>—see service request response for secret.
set issuerName <URL>—see following table for URL.
set issuerUrl <URL>—see following table for URL.
set tokenInfoUrl <IdPProxy_URL>—see following tables for URL.
set ciResponseBodyMaxSizeInBytes 65536

표 1. Set issuerName and issuerURL
만약 CI 클러스터가...	Set issuerName and issuerURL to...
US-A	https://idbroker.webex.com/idb
EU	https://idbroker-eu.webex.com/idb
US-B	https://idbroker-b-us.webex.com/idb
If you don't know your CI Cluster, you can obtain the information from the Customer details in Help Desk view of Control Hub.

표 2. Set tokenInfoURL
만약 Teams 클러스터가...	Set tokenInfoURL to...(IdP Proxy URL)
ACHM	https://broadworks-idp-proxy-a.wbx2.com/broadworks-idp-proxy/api/v1/idp/authenticate
AFRA	https://broadworks-idp-proxy-k.wbx2.com/broadworks-idp-proxy/api/v1/idp/authenticate
AORE	https://broadworks-idp-proxy-r.wbx2.com/broadworks-idp-proxy/api/v1/idp/authenticate
If you don't know your Teams Cluster, you can obtain the information from the Customer details in the Help Desk view of Control Hub. For testing, you can verify that the tokenInfoURL is valid by replacing the "`idp/authenticate`" portion of the URL with "`ping`".

Configure Identity Providers for Cisco Federation using the following commands:

ADP_CLI/System/CommunicationUtility/DefaultSettings/ExternalAuthentication/CiscoIdentityProvider/Partners> add FederationPartner refreshToken

New Password: <token from service request>

Re-type New Password: <token from service request>

...Done

ADP_CLI/System/CommunicationUtility/DefaultSettings/ExternalAuthentication/CiscoIdentityProvider/Partners> get

Partner Name Refresh Token

==================================

FederationPartner ********

1 entry found.

ADP_CLI/System/CommunicationUtility/DefaultSettings/ExternalAuthentication/CiscoIdentityProvider/Federation>

set flsUrl https://cifls.webex.com/federation
set refreshPeriodInMinutes 60
set partnerName FederationPartner

The refresh token is now under the CiscoIdentityProvider/Partners context and the partnerName from the CiscoIdentityProvider/Federation context needs to match the partner added in the CiscoIdentityProvider/Partners context.

If you are running an ADP RI load older than 2022.10, an R23 XSP without patch AP.xsp.23.0.1075.ap383838, or an R22 XSP, then:

You do not need to set a partner under 'System/CommunicationUtility/DefaultSettings/ExternalAuthentication/CiscoIdentityProvider/Federation>'
The refresh token must be set under: System/CommunicationUtility/DefaultSettings/ExternalAuthentication/CiscoIdentityProvider/Federation>

Clear all existing scopes within the following three contexts under ADP_CLI/System/CommunicationUtility/DefaultSettings/ExternalAuthentication/CiscoIdentityProvider/...

Scopes
Admin/RolesAllowed
Admin/ScopesAllowed

For each context, run a get to obtain the existing scopes and then delete them. 예:

ADP_CLI/System/CommunicationUtility/DefaultSettings/ExternalAuthentication/CiscoIdentityProvider/Scopes> get delete <name_of_scope_1> delete <name_of_scope_2>

ADP_CLI/System/CommunicationUtility/DefaultSettings/ExternalAuthentication/CiscoIdentityProvider/Admin/RolesAllowed> get delete <name_of_scope_1> delete <name_of_scope_2>

ADP_CLI/System/CommunicationUtility/DefaultSettings/ExternalAuthentication/CiscoIdentityProvider/Admin/ScopesAllowed> get delete <name_of_scope_1> delete <name_of_scope_2>

Provision Room OS Devices

On BroadWorks, provision the Room OS device (Webex Board Series, Webex Desk Series, or Webex Room Series).

1	On BroadWorks CommPilot, check the Identity/Device Profile Type configuration to see if the device type exists for this Room OS device. If the device type does not exist on BroadWorks, import the device type into BroadWorks using a DTAF file that you download from cisco.com.
2	After you import the device type, make sure that the following settings exist within the Identity/Device Profile Type configuration: Check the Allow Activation Code Onboarding check box Check the Send Activation Code Request Through Messaging Server check box. Set Authentication Mode to Bearer.
3	Validate that the Device Profile File has the SIP settings that you want to use. In the Identity/Device Profile Type File make sure that Authentication Mode is Bearer.
4	Create a Device Profile with the settings for your new device. In the Identity/Device Profile Add/Modify page, leave the MAC address field empty.
5	Configure the Primary User. On the Users Add page, check or uncheck the isPlace according to whether you intend the device to be personal or for a shared workspace. Checked—Workspace device Unchecked—Personal device Shared workspace devices also require you to assign a primary user. You can assign the primary user that you want.
6	Complete the option that corresponds to the device type and provisioning method that you want to use: Device is for shared workspace—Use the Provision a BroadWorks Workspace API to complete provisioning for the workspace device. Device is personal; you want to provision using public APIs—Use the Provision BroadWorks Subscribers API to complete provisioning for the primary user. Device is personal; you want users to use self-activate—Forward the User Activation Portal URL to the user. The user must validate their email address to complete provisioning. Device is personal; you want to use flowthrough provisioning—Go to step 7.
7	If the device is for personal use, and you want to use flowthrough provisioning, then for the primary user, assign the Integrated IM+P service. On the User > Profile page, add the IM+P service: From the Profile page, click Assign Services. In the list of Available Services, select Integrated IM&P and use the arrow to move the item to the User Services box. 확인을 클릭합니다. Click Profile. Trusted email flow only. Add the user E-mail address. This setting serves as the IM&P email for flowthrough provisioning to Webex for Cisco BroadWorks. This is not required if you are using the untrusted email flow. The Customer Template on Webex must be configured with settings for flowthrough provisioning with trusted emails or untrusted emails. For details, see the Webex for Cisco BroadWorks Solution Guide.

다음에 수행할 작업

Request an activation code for the Room OS device.

Request Activation Code

After your device and user is provisioned on BroadWorks, request that an activation code be sent to the user.

1	In the Identity/Device Profile page, search for and open the device profile for your new device.
2	Click the Device Activation tab.
3	Click Request activation code.

The system generates an activation code and (provided you configured the system properly), the system emails the activation code to the primary user.

다음에 수행할 작업

Provide the device to the user. After the user plugs in the device, they are required to enter the activation code that was sent in the email. This will onboard the device to Webex for Cisco BroadWorks.

MPP Onboarding to Webex

This section describes the onboarding of either new or existing MPP devices to Webex for Cisco BroadWorks. Note that 'existing' refers to an MPP device that exists on BroadWorks, but which does not have Webex capability.

MPP Device Onboarding (New Devices)

During onboarding, the administrator updates BroadWorks with support for MPP, upgrades the device firmware and provisions the device on BroadWorks to complete onboarding.

The following diagram provides an overview of the onboarding process after the activation code that the user enters is validated.

MPP Device Onboarding (Existing Devices)

For existing MPP devices, where the device exists already on BroadWorks, but is not onboarded to Webex, update BroadWorks and the device firmware to support MPP to Webex onboarding. After the updates, the device onboards to Webex automatically.

추가 정보

For more information on MPP device onboarding to Webex, refer to the feature description Cisco BroadWorks DMS Enhancements for Webex Enabling MPP Devices.

MPP Device Prerequisites

Minimum MPP Version

MPP firmware 11.3.7 minimum

BroadWorks Patch Requirements

This feature is supported as of version 2021.11 of the Release Independent (RI) ADP server with no patch requirements.

For non-RI servers, you must have installed the following patches (from patch groups ap381367, ap381951, ap382198) in order to use the feature. Install the patches that apply to your release:

R22:

AP.as.22.0.1123.ap381367
AP.as.22.0.1123.ap382236
AP.nfm.22.0.1123.ap381367
AP.ns.22.0.1123.ap381367
AP.platform.22.0.1123.ap381367
AP.platform.22.0.1123.ap382198
AP.ps.22.0.1123.ap381367
AP.xsp.22.0.1123.ap381367
AP.xsp.22.0.1123.ap382198

R23:

AP.as.23.0.1075.ap381367
AP.as.23.0.1075.ap382236
AP.ns.23.0.1075.ap381367
AP.platform.23.0.1075.ap382198
AP.platform.23.0.1075.ap381367
AP.xsp.23.0.1075.ap381367
AP.xsp.23.0.1075.ap382198
AP.ps.23.0.1075.ap381367

R24:

AP.as.24.0.944.ap381367
AP.as.24.0.944.ap381951
AP.as.24.0.944.ap382236

BroadWorks Platform Requirements

This feature is available on:

R22: available on XSP only
R23: available on XSP or ADP (Release Independent)
R24: available on ADP (Release Independent)

BroadWorks Configuration Requirements

To implement this solution, the Flowthrough provisioning must be configured to allow Broadworks to provision devices to Webex.

While configuring the Flowthrough provisioning, it’s not mandatory to use flowthrough provisioning to provision users i.e., you can continue to use your existing provisioning methods (API, Trusted/Untrusted Email, User self, etc.) to provision users. See "Provisioning Requirements" in the Webex for Cisco BroadWorks Solution Guide.
Make sure that the Integrated IM+P service is enabled on BroadWorks and points to the BroadWorks Provisioning Bridge.

The Provisioning Bridge URL was assigned when the Customer Template was applied to the organization. This should have been completed during your initial Webex for Cisco BroadWorks setup. To find the existing URL in Partner Hub, see Configure Application Server with Provisioning Service URL in the Webex for Cisco BroadWorks Solution Guide.
If you have multiple partner organizations, you require a dedicated Device Management Service (DMS) instance per partner.

Certificates and Firewalls

Make sure that you have configured the following:

Certificate Requirements—MPP devices use mTLS authentication using the device certificate. The device MAC address, which the certificate provides, authenticates the device. Download the required certificates for your MPP device from https://www.cisco.com/security/pki/.

Upload your certificates to establish trust on the ADP or firewall. For example, if you’re uploading to the ADP, use this command:

ADP_CLI/Interface/Http/SSLCommonSettings/ClientAuthentication/Trusts/updateTrust> <certificate_filename>
Firewall requirements—If ADP is behind a firewall, your firewall must be configured with a rule to extract the MAC address from the device certificate and place it in an Authentication header that is then forwarded to the ADP. For example, the identity pattern .*([0-9a-fA-F]{12}).* can be used to extract the MAC address, which can then be placed in a header that uses a descriptive name (for example, macaddress).

If ADP is not behind a firewall, the preceding requirement doesn’t exist.

Feature Activation

Activate the following BroadWorks features on the AS:

101377 Enhancements for Webex and MPP device onboarding
25088 Support Handsets for DECT Devices
23775 Remote Reset for MPP Devices
24104 Support Multicell Chaining for DECT devices
20077 Device Management Enhancements
19559 Visual Device Management Enhancements
02283 Device Profile Type Customization Enhancements

For example, run the following command to enable 101377.Change the feature number when activating the other features: AS_CLI/System/ActivatableFeature> activate 101377

Run the following CLI on the Network Server:

NS_CLI/System/DeviceManagement> asLocationLookupEnabled true

Activation Code Requirements

선택 사항. Activation codes are not mandatory for MPP device onboarding. Howver, if you want to use activation codes, see Request Activation Code for MPP for additional requirements that are specific to activation codes with MPP.

MPP Device Onboarding Flow

Complete the following tasks to configure your system to support MPP device onboarding to Webex for Cisco BroadWorks.

If you’re adding Webex capability to an MPP device that exists on BroadWorks already, complete steps 1 and 2 only.

1	Configure Services for MPP (New or existing MPP devices). Configure system support for MPP on Webex for Cisco BroadWorks.
2	Upgrade MPP Device Firmware (Existing MPP devices). For any existing MPP devices for which you want to add Webex capability, upgrade to the latest device firmware.
3	Provision MPP Device (New MPP devices only). If the device doesn’t exist on BroadWorks, provision the device and primary user on BroadWorks.
4	Request Activation Code for MPP (Optional). If you want to use activation codes to onboard MPP devices, request an activation code.

Configure Services for MPP

Update your BroadWorks system settings to support MPP devices (new or existing) on Webex for Cisco BroadWorks. Complete this step once only. You don’t need to repeat this procedure for each MPP device.

시작하기 전에

If the ADP is behind a firewall, your firewall must be configured with a rule to extract the MAC address from the device certificate and place it in an Authentication header that is then forwarded to the ADP. For example, the identity pattern .*([0-9a-fA-F]{12}).* can be used to extract the MAC address, which can then be placed in a header that uses a descriptive name (for example, macaddress).

Refer to your firewall documentation for help with the configurations.

Raise a Service Request with your onboarding agent or with Cisco TAC to provision Cisco OAuth for your Cisco Identity Provider Federation account. Use "ADP AuthService Configuration" to title your request.

Configure the Cisco Identity Provider parameters by running the following CLI commands.

ADP_CLI/System/CommunicationUtility/DefaultSettings/ExternalAuthentication/CiscoIdentityProvider> set enabled false

set clientId <clientId>—see service request response for ID.
set clientSecret <clientSecret>—see service request response for secret.
set issuerName <URL>—see following table for URL.
set issuerUrl <URL>—see following table for URL.
set ciResponseBodyMaxSizeInBytes 65536

표 3. Set issuerName and issuerURL
만약 CI 클러스터가...	Set issuerName and issuerURL to...
US-A	https://idbroker.webex.com/idb
EU	https://idbroker-eu.webex.com/idb
US-B	https://idbroker-b-us.webex.com/idb
If you don't know your CI Cluster, you can obtain the information from the Customer details in Help Desk view of Control Hub.

Set the url of the DM Bridge using the below CLI command. The DM Bridge URL is different for each Teams Cluster (which you pulled in Step 2).

ADP_CLI/Applications/BroadworksDms/DeviceActivation/DMBridge> set url = <url_of_DM_Bridge> scope = dm-bridge:device_auth

표 4. DM_Bridge URL
만약 Teams 클러스터가...	Set DM_Bridge URL to...
ACHM	dm-bridge-a.wbx2.com
AORE	dm-bridge-r.wbx2.com
AFRA	dm-bridge-k.wbx2.com

Enable MAC address extraction and authentication using either the Authentication header or Authentication certificate. For security reasons, we recommend that you use one of the options only:

Authentication header—If ADP is behind a firewall, use the CLI on the ADP to enable MAC address extraction for the Authentication header. This configuration gives the ADP the ability to recognize the MAC address from the Authentication header. 예:

ADP_CLI/Applications/BroadworksDms/AccessControl/Authentication/Headers> set enable true

ADP_CLI/Applications/BroadworksDms/AccessControl/Authentication/Headers> set identityPattern "macaddress:.*([0-9a-fA-F]{12}).*"

In this example, macaddress is an assigned name with .*([0-9a-fA-F]{12}).* representing the pattern that gets assigned to the header. If you call the header something other than macaddress, adjust your CLI accordingly.
Authentication certificate—If ADP is not behind a firewall, authentication occurs between the device and ADP directly. Use the below CLI commands to enable MAC address extraction on the device certificate for authentication:

ADP_CLI/Applications/BroadworksDms/AccessControl/Authentication/Certificates> set enable true

ADP_CLI/Applications/BroadworksDms/AccessControl/Authentication/Certificates> set identityPattern ".*([0-9a-fA-F]{12}).*"

Upgrade MPP Device Firmware

시작하기 전에

Make sure that BroadWorks is updated with services support for MPP.

Upgrade the device firmware to the latest version to ensure that tha the MPP device supports Webex capability.

For more information on firmware upgrades, refer to the Release Notes for your phone model firmware release.

다음에 수행할 작업

Existing MPP devices—After the upgrade, the device onboards to Webex automatically. The user can start using Webex services on the device.
New MPP devices—Provision the new MPP device on BroadWorks.

Provision MPP Device

If the new MPP device does not exist on BroadWorks, provision the device on BroadWorks.

1	On BroadWorks CommPilot, check the Identity/Device Profile Type configuration to see if the device type exists for this MPP device. If the device type doesn’t exist on BroadWorks, import the device type into BroadWorks using a DTAF file that is downloaded from cisco.com.
2	On BroadWorks CommPilot, open the Identity/Device Profile Type and check the Allow Activation Code Onboarding check box.
3	Create an Identity/Device Profile Type File with the SIP settings that you want to use.
4	Create an Identity/Device Profile with settings for your new device. In the MAC address field, enter the device MAC address. If you are using activation codes to onboard MPP devices, leave the MAC address field empty.
5	Configure the Primary User. On the Users Add page, set the isPlace check box according to whether the device is personal or for a shared workspace: Checked—Workspace device Unchecked—Personal device
6	Complete the option that corresponds to the device type and provisioning method that you want to use: Device is for shared workspace—Use the Provision a BroadWorks Workspace API to complete provisioning for the workspace device. Device is personal; you want to provision using public APIs—Use the Provision BroadWorks Subscribers API to complete provisioning for the primary user. Device is personal; you want users to use self-activate—Forward the User Activation Portal URL to the user. The user must validate their email address to complete provisioning. Device is personal; you want to use flowthrough provisioning—Go to step 7.
7	If the device is for personal use, and you want to use flowthrough provisioning, then for the primary user, assign the Integrated IM+P service. On the User > Profile page, add the IM+P service: From the Profile page, click Assign Services. In the list of Available Services, select Integrated IM&P and use the arrow to move the item to the User Services box. 확인을 클릭합니다. Click Profile. Trusted email flow only. Add the user E-mail address. This setting serves as the IM&P email for flowthrough provisioning to Webex for Cisco BroadWorks. This is not required if you are using the untrusted email flow. The Customer Template on Webex must be configured with settings for flowthrough provisioning with trusted emails or untrusted emails. For details, see the Webex for Cisco BroadWorks Solution Guide.

다음에 수행할 작업

선택 사항. If you want to use activation codes to onboard MPP devices, request the activation code on BroadWorks.

Request Activation Code for MPP

(Optional) Webex for Cisco BroadWorks does not require activation codes to onboard new MPP devices. However, if you do decide to use activation codes, complete the Request Activation Code procedure to request an activation code for a new device.

Prerequisites for Using Activation Codes with MPP Devices

If you are using activation code onboarding for MPP devices, make sure that your system meets the following activation code-specific requirements.

Device Activation Service—Complete the following requirements to enable the Device Activation Service:

Deploy the Device Activation Service on BroadWorks. For details, see Cisco BroadWorks Secure Onboarding Using Activation Codes.
Point the Device Activation Service (DAS) to Device Management Services (DMS) on BroadWorks AS using the following CLI command:

AS_CLI/Interface/DAS> set url <url_of_DMS>
Verify that the DAS URL setting for the BroadWorks cluster is set to the Device Management Services (DMS) URL. To view the current DAS URL setting in Partner Hub, go to Settings > BroadWorks Calling > View Clusters and select the appropriate cluster. The URL appears under Interface settings.

Cisco Global Discovery Services (GDS)—GDS is required in order to provision the activation code. Enable GDS on BroadWorks by completing both of the below steps:

Create a service request to provision your GDS account. Cisco provides you with the client ID, client secret, refresh token and GDS domain.

After your GDS account is provisioned, enable GDS on the ADP using the following CLI:

ADP_CLI/Applications/BroadworksDms/DeviceActivation/IdentityProviders/Cisco> get set gdsDomain <gds_domain_from service request> e.g. https://activation.webex.com set clientId <id_from_service_request> clientSecret <secret_from_service_request> refreshToken <token_from_service_request>

In addition to the above activation code-specific prerequisites, your system must meet the general MPP prerequisites in MPP Device Prerequisites.

Request Activation Code

Complete the following steps to request an activation code for a new MPP device.

In the Identity/Device Profile page, search for and open the device profile for your new device.
Click the Device Activation tab.
Click Request activation code.

The system generates the activation code and emails the code to the primary user. The user must enter the code on the device to complete onboarding.

서비스 가용성 개요

Control Hub에는 관리자가 유지관리 옵션 세트와 함께 장치 상태를 볼 수 있는 서비스 가용성 옵션이 포함되어 있습니다. 관리자는 다음을 수행할 수 있습니다.

현재 장치 상태 보기
장치를 원격으로 재부팅
문제 해결에 대한 문제 보고서 보내기
장치 삭제

장치 상태 보기

이 절차를 사용하여 Control Hub에서 장치 상태 보고서를 봅니다. 상태에는 등록 상태, MAC 주소, SIP 주소, IP 주소 및 일련 번호와 같은 세부 정보가 포함됩니다.

1	고객 조직에 대해 Control Hub 인스턴스에 로그인합니다.
2	장치를 클릭합니다.
3	해당 장치를 클릭합니다.

장치 재부팅

이 절차를 사용하여 Control Hub 인터페이스에서 장치를 재부팅합니다.

1	고객 조직에 대해 Control Hub 인스턴스에 로그인합니다.
2	장치를 클릭합니다.
3	장치를 선택합니다.
4	작업 드롭다운에서 재부팅을 선택합니다.

문제점 보고

장치에서 문제가 발생하는 경우 이 절차를 사용하여 문제 해결을 위해 문제 보고서를 Cisco TAC로 보냅니다.

1	고객 조직에 대해 Control Hub 인스턴스에 로그인합니다.
2	장치를 클릭합니다.
3	해당 장치를 클릭합니다.
4	작업에서 문제 보고를 선택합니다.
5	보고서 요약을 검토합니다.

장치 삭제

이 절차를 사용하여 Control Hub에서 장치를 삭제합니다.

1	고객 조직에 대해 Control Hub 인스턴스에 로그인합니다.
2	장치를 클릭합니다.
3	해당 장치를 선택합니다.
4	작업 드롭다운에서 삭제를 선택합니다.

장치 소유자 변경

이 절차를 사용하여 활성화 코드를 사용하여 온보딩된 기존 장치를 새 장치 소유자로 이동합니다.

이 절차에서는 이 장치에서 사용하는 ID/장치 프로필 에 대해 활성화 코드 온보딩 허용 옵션이 활성화되었다고 가정합니다.

Webex에서 기존의 장치 등록 삭제:

Webex Control Hub에서 현재 장치 소유자가 소속된 고객 조직을 엽니다.
관리 아래에서 장치를 클릭합니다.
이동할 장치에 인접한 확인란을 선택합니다.
삭제를 클릭합니다.

장치 등록은 Webex에서 삭제됩니다.

BroadWorks에서 기존 사용자 아래에서 장치 등록을 비활성화합니다.

BroadWorks CommPilot에서 장치에서 사용하는 ID/장치 프로필 을 엽니다.
장치 활성화 탭을 클릭합니다.
장치 비활성화를 클릭합니다.

장치가 BroadWorks에서 비활성화 및 등록 취소됩니다. MAC 주소는 이전 ID/장치 프로필 구성에서 지워집니다.

BroadWorks에서 다른 사용자가 사용하는 다른 ID/장치 프로필 의 활성화 코드를 사용하여 장치를 활성화합니다.

BroadWorks CommPilot에서 다른 사용자에 대해 다른 ID/장치 프로필 구성을 엽니다.
사용되는 ID/장치 프로필 유형 에 대해 활성화 코드 온보딩 허용 이 선택되었는지 확인하십시오.
ID/장치 프로필 창에서 장치 활성화 탭을 클릭합니다.
활성화 코드 요청을 클릭합니다.

새 활성화 코드가 표시됩니다. 장치를 온보딩하려면 새 사용자가 이 코드를 입력해야 합니다.

다음에 수행할 작업

새 장치 소유자가 장치의 활성화 코드를 입력합니다.
장치는 새로운 구성을 사용하여 Webex 및 BroadWorks 모두에 다시 등록됩니다. BroadWorks의 새로운 ID/장치 프로필 은 장치 MAC 주소로 자동으로 업데이트됩니다.

성능 모니터링

이 기능에 대해 다음 성능 카운터가 존재합니다.

카운터	설명
모듈: 기업.broadsoft.broadworks.deviceActivation.activate
bwDASA차단 요청	수신된 총 활성화 요청 수입니다. 여기에는 BroadWorks 요청 활성화 및 Webex 요청 활성화 등이 포함됩니다.
bwDASActivate실패	성공적으로 완료하지 못한 총 활성화 요청 수입니다. 여기에는 실패한 BroadWorks 요청 활성화 및 실패한 Webex 요청 활성화가 포함됩니다.
bwDASActivateBroadWorks요청	수신된 활성화 BroadWorks 요청 수입니다.
bwDASActivateBroadWorks실패	성공적으로 완료하지 못한 활성화 BroadWorks 요청 수입니다. 이 카운터는 인증 및 인증 실패를 고려하지 않습니다.
bwDASActivateWebex요청	수신된 Webex 요청 활성화 수입니다.
bwDASActivateWebex실패	성공적으로 완료하지 못한 Webex 요청 활성화 수입니다.
모듈: 기업.broadsoft.broadworks.dms.dmBridge
bwDMBridge요청	전송된 DMBridge 요청 수입니다.
bwDMBridge실패	성공적으로 완료하지 못한 DMBridge 요청 수입니다.

Cisco BroadWorks용 Webex의 장치 통합 안내서

머리말

이 안내서 정보

문서 변경 이력

Cisco BroadWorks용 Webex에 장치 통합

Device Onboarding Overview

Room OS Onboarding

Device Onboarding with Activation Codes

Onboarding Process for Room OS

Device Authentication (via OAuth Bearer Tokens)

Room OS Prerequisites

Minimum Room OS Version

BroadWorks Patch Requirements

BroadWorks Platform Requirements

BroadWorks Configuration Requirements

Prerequisites for Activation Code Onboarding with Room OS

Room OS Onboarding Flow

Configure Services for Room OS

Provision Room OS Devices

Request Activation Code

MPP Onboarding to Webex

MPP Device Onboarding (New Devices)

MPP Device Onboarding (Existing Devices)

추가 정보

MPP Device Prerequisites

Minimum MPP Version

BroadWorks Patch Requirements

BroadWorks Platform Requirements

BroadWorks Configuration Requirements

Certificates and Firewalls

Feature Activation

Activation Code Requirements

MPP Device Onboarding Flow

Configure Services for MPP

Upgrade MPP Device Firmware

Provision MPP Device

Request Activation Code for MPP

Prerequisites for Using Activation Codes with MPP Devices

Request Activation Code

장치 서비스 가용성

서비스 가용성 개요

장치 상태 보기

장치 재부팅

문제점 보고

장치 삭제

장치 소유자 변경

성능 모니터링

Webex 통합 장치에 대한 최종 사용자 기능

통합된 통화 기록

Webex aware MPP phones

Webex for BroadWorks integrated RoomOS Devices

Directory search enhancements for Webex for BroadWorks integrated RoomOS Devices

소기업

Enterprise

장치

솔루션

리소스

회사