Unity Connection Web Client Redirection Service

Contents

Overview. 1

Requirements/Special Notes. 1

Administrative Configuration. 1

Client Use. 3

Cluster Scenarios. 5

Obtaining Updates. 5

Revision History. 5

Overview

The Web Client Redirection service provides a web service that redirects end users to their home Unity Connection server PCA (Personal Communications Assistant) or web inbox page automatically regardless of what Connection server they are installed on in a network setup.  It also handles distributing client web connections between the primary and secondary servers in cluster pairs if present.

Most of the detailed information for how to install/configure the web service on different platforms is contained in several training videos found on the tool’s web site - http://www.ciscounitytools.com/Applications/CxN/WebClientRedirector/WebClientRedirector.html

Known Platform Bug

A fixed bug will cause Unity will return 403 from platform due to prohibition of x-referrer-header set by the tool when request redirected to any cluster.  This is fixed in 11.5SU6 onwards and 12.5 releases and 10.5SU latest where we have allowed the clients to redirect to unity with this header and also can add other domains under Enterprise Parameters if you want redirection from other custom domains.  Details here:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvm94607/?rfs=iqvred.

Requirements/Special Notes

The web service can interact with any version of Unity Connection 9.x or later.

The web service can be installed on IIS 7.5 or later running on Windows 8 or 10, Windows server 2008, 2012 R2 or 2016.  Installation and configuration for each platform is detailed on the TOI videos found on the tool’s site.

The latest Chrome, Fire Fox and Windows Edge browsers have been tested and are supported. 

Administrative Configuration

Note that a detailed walk through of the admirative functions of the web service can be found on the TOI videos in the “Administrative Tasks and Service Use” section on the tool’s web page.

Once you get the web service installed in IIS you can go to the URL for the service with “/Admin” added – so for instance in the following shot the service is installed as “voicemail.mukesh.com”. 

To gain access to the administrative page you must log into a Unity Connection server on your network first – once you’ve authenticated against that server the web service allows you to continue on.

This pulls up the administrative page which has a number of items on it.

 

·         At the top of the page you’ll see the version of the web redirection service itself, the user you are logged into Unity Connection with and the domain you are currently on.  The domain the web service is running in must be the same domain the Unity Connection servers in your network are on.  Most modern browsers will not allow cross domain access for passing cookies and tokens and the service will not work properly in that case.

·         The full path to the current log file the web service is writing to is shown – Cisco TAC may ask you to collect this file if there’s a problem they are trying to troubleshoot with you.

·         Enable debug output increases the detail included in the log file and forces the file to flush with each line – you should only include this if you’re asked by TAC to turn that on.

·         Enable intelligent cluster routing will use a round-robin client redirection between the pub and sub of all cluster pairs in your network to more evenly distribute client connections between the pair for you automatically.  If this is not checked, clients are always sent to the primary publisher of the cluster.

·         Time between cluster rebuilds determines how often the service looks for all servers (including new ones added) and adds it to its internal map.  This is somewhat expensive so every hour is the minimum value. 

·         Time between cluster member data refreshes is how many minutes between when the service does a simple REST call to all servers it knows about in the network to check if they’re up and in primary and secondary server mode (if they’re in a cluster).

·         View Cluster Info button launches a page that shows all the servers/clusters in the network currently known, what state they’re in and how many client redirects and REST calls have been made to each.

·         Current cashed users shows how many user aliases are currently mapped to a known server in the network – you can look at this list using View Cache and you can clear it using the Clear Cache button.  The cache saves doing lookups on repeated logins and improves performance.

·         Active Reference Unity Connection Servers shows which server(s) the service is contacting to find the home server on your network.  You must have at least one here before the service is functioning properly – if you’re using cluster pairs it’s recommended you put the pub and sub pair from a cluster both in this list for redundancy.

Client Use

 

To use the service, users just need to go to the URL you have setup for the service – for instance “voicemail.lindborglabs.com” – they will see the following landing page:

 

Providing their Unity Connection login/password pair will cause the service to find what Unity Connection server/cluster they are hosted on, validate their credentials against that server and if that’s successful, will redirect them to the PCA page for the correct Unity Connection server – the next thing they’ll see is that page:

 

Depending on what features are enabled they can go to the messaging assistant, web inbox to review messages or setup call transfer rules. 

If instead users add the “inbox” to the URL, for instance “voicemail.lindborglabs.org/inbox”, they’ll see a similar landing page, however notice it says “Web Inbox” in the upper left. 

Again, after providing their Unity Connection login/password it’ll find their server, validate the information and redirect them to the web inbox directly.  For sites that don’t offer access to the PCA or custom personal call transfer rules this may be preferable as it’ll save users a click and the user interface will look more consistent.

 

 

Cluster Scenarios

As is covered in more detail in the training videos on the tool’s site, the redirection service will periodically poll the servers in the network to find their status and availability and do it’s best to route clients to the correct server/cluster where they are hosted.  It also does basic round-robin routing to publishers and subscribers within a cluster to make traffic as even as possible.

In most cases when a secondary server is off line or a server changes state, this is handled the next time the web service polls the servers (by default every 10 minutes).  If a new server or cluster is added, that information is picked up the next time a cluster is rebuilt (by default every hour).  Both these values are configurable on the admin page noted above.

One scenario that is NOT handled, however, is if the primary server in a cluster pair is turned off or has a catastrophic hardware failure.  Even if the secondary server is promoted, Unity Connection does not replicate this server around the network as a new primary – as such the web redirection server will not know that server is present in the network when it rebuilds the cluster information.  There’s nothing the web service can do about this, unfortunately – so just know that this is a limitation.

Obtaining Updates

To check for updates to this tool, visit http://www.CiscoUnityTools.com

Revision History

Version 1.0.8 – 09/04/2024

·         Fixed issue : [CSCwk76764] Security flaw in Cisco Unity Redirector tool allowing negotiation on weak TLS protocol

Version 1.0.8 – 05/23/2024

·         Fixed issue : [CSCwh60787] Unity Connection users asked for re-auth in inbox page.

·         Fixed issue : [CSCwh30727] User Session Mismanaged when using Unity Web Client Redirector Application.

·         Fixed issue : [CSCwi58750] Unity Connection Encounters Null Pointer Exception on Web Inbox Redirection.

Version 1.0.8 – 11/1/2020

·         Updated logic for showing servers in “offline” and “normal” correctly for all server types.

Version 1.0.7 – 4/21/2020

·         Updated 302 redirect code to handle changes in FireFox and Chrome over the years for adding new cookie header tags for handling CORS issues.

·         Updated logic to pull the HostName value of the primary VMS server for a cluster first and only if it can’t be found via a reference server to fall back on the SMTPDomain of the location object that replicates around.

Version 1.0.3 – 8/9/1014

·         First public beta version released

© 2020 Cisco Systems, Inc. -- Company Confidential