Cisco Collaboration Infrastructure
- UC Deployment Models
- >> User Management <<
- IP Routing in Cisco Collaboration Solutions
- Virtualization in Cisco Collaboration Solutions
- Answer Files
- Wireless in Cisco Collaboration Solutions
- Network Services
- Power over Ethernet
- Voice and Data VLAN
- IP Multicast
Collaboration 9.x SRND Highlights: User Management
This section contains information published within the Cisco Collaboration 9.x SRND (and is therefore not my own work). I feel that it is very likely that questions on the CCIE Collaboration written exam related to "User Management" will have direct references to the linked, quoted and paraphrased information below. It is highly suggested to read the actual SRND document closely as you prepare for the CCIE Collaboration Written Exam.
LDAP Directory Integration (28 pages, Cisco Collaboration 9.x SRND)
- What is Directory Integration?
- Cisco Unified Communications Directory Architecture
- LDAP Synchronization
- LDAP Authentication
- User Filtering for Directory Synchronization and Authentication
Directories are specialized databases that are optimized for a high number of reads and searches, and occasional writes and updates. Directories typically store data that does not change often, such as employee information, user policies, user privileges, and group membership on the corporate network.
Directories are extensible, meaning that the type of information stored can be modified and extended. The term directory schema defines the type of information stored, its container (or attribute), and its relationship to users and resources.
The Lightweight Directory Access Protocol (LDAP) provides applications with a standard method for accessing and potentially modifying the information stored in the directory. This capability enables companies to centralize all user information in a single repository available to several applications, with a remarkable reduction in maintenance costs through the ease of adds, moves, and changes.
|Various Requirements for Directory Integration|
By default, all users are provisioned manually in the publisher database through the Unified CM Administration web interface.
Cisco Unified CM has two types of users:
- End users — All users associated with a physical person and an interactive login. This category includes all Unified Communications users as well as Unified CM administrators when using the User Groups and Roles configuration (equivalent to the Cisco Multilevel Administration feature in prior Unified CM versions).
- Application users — All users associated with other Cisco Unified Communications features or applications, such as Cisco Attendant Console, Cisco Unified Contact Center Express, or Cisco Unified Communications Manager Assistant. These applications need to authenticate with Unified CM, but these internal "users" do not have an interactive login and serve purely for internal communications between applications.
Unified CM provides an LDAP Query Filter to optimize directory synchronization performance. Cisco recommends importing only those directory user accounts that will be assigned to Unified Communications resources in each individual cluster. When the number of directory user accounts exceeds the number supported for an individual cluster, filtering must be used to select the subset of users that will be associated on that cluster. The Unified CM synchronization feature is not meant to replace a large-scale corporate directory.
In many cases, a unique search base is all that is needed to control which accounts are synchronized. When a unique search base is not available, a custom LDAP filter might be required. When any mechanism is used to limit the accounts imported into Unified CM, the default directory lookup configuration will list only those directory entries that exist in the Unified CM database.
|Default Behavior for User-Related Operations for Unified CM|
Video Tutorial(s): User Management
Active Directory/LDAP Integration for UCCaaS Overview (Anson Garcia)
CUCM LDAP Integration (academytech)
If you'd like to suggest a useful video, please use the comment section below.
Additional Resources: User Management
If you'd like to suggest additional resources, please use the comment section below.
Final Thoughts: User Management
This blueprint topic has many possible interpretations. It could be applied to many different features throughout all of the UC Collaboration space. For example, BOTH managing and integrating the corporate user directory AND configuring aspects of a user within CUCM/CUC are valid possibilities. However, it does fall under the larger blueprint category of "Cisco Collaboration Infrastructure" which seems to exclude items such as user configuration and customization.
As such, I've decided to try to focus on the most likely interpretations of what this could mean in the blueprint and subsequently land on the written exam. The topic of "LDAP Directory Integration" does not seem to obviously fall under any other blueprint topic, so I'm going to believe that the blueprint authors intended this to fall under the larger umbrella of "User Management".
There are "additional considerations" for Microsoft Active Directory for both Synchronization and Authentication. These feel like prime targets for questions that could be on the CCIE Collaboration Written exam, I'd recommend being especially familiar with these sections.
Ultimately, if you think this topic means something different or a major piece is notably missing from the description - please use the comment section below.
Take your time and remember that anything in the SRND is fair game for the written exam!