Cisco Expressway Release Note (X8.11.4)

Transcript

1 Cisco Expressway X8.11.4 Release Notes Published: First 2018 July Updated: 2019 Last April Disclaimer Preview Features features in this release Some are provided in “preview” status only, because they have known limitations or software dependencies. Cisco reserves the right to disable preview incomplete features at any time without notice. Preview features should not be relied on in your production environment. Cisco Technical Support will provide limited assistance (Severity 4) to customers who want use preview features. to Contents Preface 2 Change History 2 Supported Platforms 4 Related 5 Documents History Feature 7 Information 9 About Versions X8.9 through X8.11.3 Important in X8.11.4 9 Changes X8.11.3 9 Changes in in Changes 10 X8.11.2 Changes in X8.11.1 10 X8.11 (now in Features X8.11.4) 11 in Device Enhancements 11 Registration Multiway on Expressway 11 Improved Integration with Cisco Meeting Server 12 TURN Enhancements 14 Server 14 Security Enhancements and Remote Mobile Deployments 15 Access Serviceability Improvements 16 Cisco Webex Hybrid Services with Expressway X8.11 18 Other Software Changes and Enhancements 19 Customer Documentation Changes 19 21 Open and Resolved Issues Cisco Systems, Inc. www.cisco.com 1

2 Notes Release Series Expressway Cisco Preface Links 21 Bug Search Tool this in 21 Issues Notable Version 22 Limitations or Have External Dependencies 22 Expressway Some Preview are Features Unsupported Functionality 22 22 Remote Access Limitations Mobile and or Removing Peers in a Cluster 22 Spurious Alarms when Adding CE1200 Appliance 23 Systems 23 Virtual Gbps NIC - Demultiplexing Ports 23 Medium Appliances with 1 23 Packs Language Option Effect for 65 Keys or Fewer 23 Keys Only Take Node Failure 23 XMPP Federation- Behavior on IM&P 24 with Dual- NIC Expressway May Fail Cisco Webex Calling Homed Conferencing- SIP Message Size Microsoft Federation with Dual 24 with Expressway and Cisco Meeting Server 24 Interop Microsoft Intradomain Chained Expressway- Es 24 Licensing Behavior with (Jabber) Authorization OAuth Token 24 Proxy Forward Expressway 25 TURN 25 Servers 26 Interoperability 26 Results Test 26 Interoperability Concerns Notable Expressway Run 26 Which Together? Services Can to X8.11.4 27 Upgrading Dependencies 27 Software Prerequisites Upgrade and 30 Upgrade Instructions 37 Using Collaboration Solutions Analyzer 37 Using Tool Search Bug the a Obtaining Service Request 37 Documentation and Submitting Cisco Legal Information 39 39 Cisco Trademark Preface Change History Notes Table History Change 1 Release Date Change Reason to April Notable Issues section of mention 2019 Add Documentation addition unexpected behavior in Overview page of is web user interface when Expressway registrar (no non- traversal counting call and no status display). 2

3 Release Series Expressway Cisco Notes Preface (continued) History Table Notes Release 1 Change Reason Date Change removal Documentation peer cluster a of that Clarify 2019 March the configuration LAN2 deletes all addition for Factory ( deployments NIC interface in dual Peer of Reset Cluster Leaving section). Guest Jabber for Documentation licensing Add 2019 February issue and correction versions before 11.1.2, to Open Issues . Resolved 2018 November X8.11.4 Update Limitation regarding chat/messaging services MRA over with Presence OAuth refresh plus IM and groups. Service presence redundancy X8.11.4 2018 November Updates maintenance for release. release. X8.11.3 October 2018 Updates for maintenance Limitations Clarification 2018 Update September section to clarify demultiplexing ports behavior for Medium systems. maintenance for release. Updates 2018 X8.11.2 September information Add X8.11 Software that software is no longer version should withdrawn and available not be used. 2018 Updates X8.11.1 for maintenance release. September that MRA- connected Also clarify supported chat/messaging services not in is token authentication by if cases all user refresh. X8.11 publication First 2018 July 3

4 Notes Release Series Expressway Cisco Preface Platforms Supported 2 Platform by Supported Versions Software Expressway Table Scope Platform name Serial of software version support Numbers X8.1 generated) (Auto- (OVA) VM Small onwards generated) onwards (Auto- (OVA) VM Medium X8.1 X8.1 Large onwards VM (OVA) (Auto- generated) pre- onwards (Expressway CE1200 installed on X8.11.1 52E##### M5L) C220 UCS X8.6.1 onwards on pre- installed 52D##### CE1100 (Expressway UCS M4L) C220 * installed pre- (Expressway to CE1000 52B##### on X8.10.n X8.1.1 M3L) C220 UCS No any after versions for support X8.10.n on this hardware. * pre- (Expressway CE500 52C##### X8.1.1 to X8.10.n installed on UCS C220 M3L) any No after versions for support X8.10.n on this hardware. th * February 2016, you cannot order the and CE1000 appliances from Cisco. See the End- of- sale As of 26 CE500 dates in the lifecycle of these platforms. announcement for other important Appliances Hardware Support for CE500 and CE1000 Service to be Advance Notice - Withdrawn support services for the Cisco Expressway CE500 and Cisco CE1000 appliance hardware platforms in a will withdraw are available in the End- details sale announcement . future More release. of- 4

5 Notes Release Series Expressway Cisco Related Documents Table 3 Links to Related Documentation Guide on the Expressway installation Cisco Expressway Virtual Machine Installation - Installation virtual page guides machines Expressway Guide on the Cisco Expressway: For physical - Installation Appliance Installation CE1200 Expressway installation guides page appliances the Video Communication Server Cisco VCS: Appliance CE1100 Installation Guide on For page guides installation VCS Registrar Deployment Guide on the Expressway configuration for Basic For Expressway: Cisco Expressway page guides configuration single / registrar systems Guide on the VCS For VCS: Cisco Single VCS Control - Basic Configuration Deployment configuration guides page E and Expressway- C Basic Configuration For Expressway: Cisco Expressway- Basic configuration for the guides page Deployment Guide on firewall Expressway configuration traversal / paired systems VCS For VCS: Cisco TelePresence Expressway) Basic Configuration (Control with on the VCS configuration guides page Guide Deployment For Expressway: Administration and and Cisco Expressway Series the on Guide Administrator Cisco Expressway maintain maintenance page guides operate maintain and Cisco Expressway Serviceability Guide on the Cisco Expressway Series operate guides page For VCS: VCS maintain Guide on the Cisco TelePresence Cisco TelePresence VCS Administrator page guides operate and the Guide VCS Serviceability TelePresence Cisco on TelePresence VCS maintain Cisco and operate guides page Maintenance Cisco Creation Cluster Expressway Cisco Deployment and Guide on the Clustering guides configuration Series Expressway page the Expressway Certificates Cisco Expressway Certificate Creation and Use Deployment Guide on guides configuration page Expressway configuration guides Guide Reference API REST Expressway Cisco API Rest on the page on the configuration Mobile and Unified Remote Access Through Cisco Expressway Expressway guides page Communications Deployment Guide on the Expressway Expressway Cisco Meeting Server Cisco Meeting Server with Cisco configuration guides page Server programming Guide the Cisco Meeting Cisco Meeting Server API Reference on page guides Cisco Meeting Server Other Cisco Meeting Server guides are available on the configuration guides page Hybrid knowledge base services Cisco Webex Hybrid Services 5

6 Notes Series Expressway Cisco Release (continued) Documentation Table to Links 3 Related the Expressway Microsoft infrastructure Cisco Expressway with Microsoft Infrastructure Deployment Guide on configuration guides page Infrastructure Cheatsheet Cisco Configuration Jabber and Microsoft Skype for Business guides page on the Expressway configuration Deployment configuration Multiway Conferencing Expressway the on Guide Multiway TelePresence Cisco page guides 6

7 Notes Release Series Expressway Cisco History Feature Feature History History Table 4 Feature by Release Number X8.11.4 X8.11.3 X8.11.1 X8.11 change / Feature X8.11.2 (withdrawn) (withdrawn) (withdrawn) (withdrawn) — Size — System — Supported Supported for Selection Appliances Finesse — Agent Supported Supported Supported — Support MRA over Supported Supported Supported — First Software Supported for Release the CE1200 Appliance Supported Supported Supported Supported Supported Device Registration Expressway- E to H.323) (SIP and Supported Supported Supported Supported Changes to Cisco Supported Provisioning TMS Access Supported Supported Supported Supported Multiway Supported on Conferencing Cisco Expressway Series Preview Preview Preview Preview Preview SIP Proxy to Meeting Multiple Conference Server (Support for Bridges Meeting Cisco Server Load Balancing) Proxy Supported Supported Supported Supported Web Supported to Multiple Meeting Bridges Web Server Preview Meeting App Cisco Preview Preview Preview Preview can use E Expressway- TURN Server Supported Supported Supported Supported TCP 443 TURN on Supported Supported Supported Supported Port Supported Supported TURN Multiplexing on Large Expressway- E Supported Supported Supported Supported Improved Security Supported at Data of Rest Supported Supported Supported Common Supported Supported Criteria Preparation 7

8 Notes Release Series Expressway Cisco History Feature (continued) Number Table by History Feature 4 Release X8.11 Feature X8.11.1 / X8.11.2 X8.11.3 change X8.11.4 (withdrawn) (withdrawn) (withdrawn) (withdrawn) Supported Supported Supported Supported Supported Mandatory on Password Backups Supported Custom Domain Supported Supported Supported Supported Search Supported (formerly preview) Supported Bridge in- Supported Built- Supported Supported over Recording MRA X8.11. (Not new in Included for due to information its former preview status) about Information BiB is MRA over available now the in Remote Mobile and Access Through Expressway Cisco guide As Access for Supported (formerly preview) Policy for As for As for As X8.11 Support X8.11 over X8.11 X8.11 MRA 12.0 Jabber Cisco Requires (Not new in X8.11. for Included information due to its former preview status) Presence Preview Preview Preview Preview Preview Multiple over MRA Domains X8.11. (Not in new for Included information to due preview its status) License Supported Supported Supported Key Supported Supported Consolidation Supported Supported Supported Supported Supported of Reset Factory Leaving Peer Cluster Smart Call Preview Preview Preview Preview Preview Home new in X8.11. (Not Included for information due to status) preview its SRV Connectivity Supported Supported Supported Supported Supported Tool Tester Supported Supported REST API Expansion Supported Supported Supported 8

9 Cisco Notes Release Series Expressway Information through X8.11.3 X8.9 Versions About Important X8.11.3 Important Information About Versions X8.9 through earlier of X8.11.x, X8.10.x and X8.9.x software, which are all supersedes release maintenance X8.11.4 This versions that you upgrade to this version . (For clarity the Cisco download. for available longer no recommends strongly reference still but the software is unavailable.) notes release these in lists X8.11, feature X8.11.4 in Changes THIS PLEASE - CAUTION BEFORE YOU START READ Two- Stage Upgrade If you are upgrading a Systems VCS system on X8.1.x or earlier on X8.1.x or Earlier Need a X8.10 first, before you upgrade to this release to (see Upgrade upgrade intermediate an do must you software, details). Otherwise there is a risk of Prerequisites corruption. and Software Dependencies, page 27 for data needed if you want chat/messaging services over MRA with authentication using OAuth Cisco Jabber 12.5 or later is IM and Service presence redundancy groups. With this Presence refresh (self- describing tokens) and you configure occur in this scenario if Jabber versions before 12.5 are in use. release of Expressway, user login failures will Changes for security advisory maintenance a security advisory, published by Cisco at is release to address X8.11.4 a tracked sa- 20181107- vcsd https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- and by . CSCvn17278 CDETS issues open other to Changes this maintenance release, and the search lists for Open and Resolved Issues, page 21 Some other issues are fixed in accordingly. updated been have changes MRA documentation) (customer these previously undocumented limitations for recording over The include to fixed now is documentation customer Built- in- Bridge (BiB) recording: and Remote Access (MRA) Mobile connections, including person- to- person calls, and not for conferences. ■ Recording only works for direct for Monitoring and Whisper Coaching features. supported currently not is Recording ■ Silent Meeting Cisco Server for Proxy Web changes as a Web Proxy for Cisco Meeting Server, to support Cisco Meeting WebRTC This applies item if you use Expressway value caused WebRTC calls to drop after 1 hour (3600 timeout socket WebRTC Expressway Previously, Apps. the seconds). hours (43,200 seconds). Currently this setting is not configurable The timeout is now extended to 12 refers). CSCvn28708 (CDETS Changes in X8.11.3 issues and limitations to open Changes have for Open search and Resolved Issues, page 21 lists been updated. The release. maintenance a is X8.11.3 in this release: Some limitations are fixed or mitigated dual- conferences for Microsoft- based users with a Meeting Server Call ■ Previously we did not support homed edge the Meeting Server. This scenario is now supported. as Expressway and cluster, Bridge for a Large 1 Gbps NIC are automatically converted to a system on ■ Medium sized appliance- based systems with causes dropped calls unless the default Expressway by behavior demultiplexing resulting The upgrade. port opened on the firewall. In this release you demultiplexing use the new system ports for Large systems are can default size to Medium (see next point). size selection setting to manually reset the configured not as Expressway- E systems, previously you could use ■ For Cisco Expressway CE1200 appliances apply to Expressway- E. The commands are now supported. any specifically that commands API REST 9

10 Notes Release Series Expressway Cisco X8.11.2 in Changes appliances System size selection for appliances, can now manually change the system size to Medium or Large. To do this, go CE1200 or CE1100 For you settings page and select the required size from the Deployment Configuration list. > System the to Administration X8.11.2 in Changes to Changes issues open have lists for Open and Resolved X8.11.2 page 21 search been updated. is The release. maintenance a Issues, changes MRA deployments that use the Cisco Unified Communications Manager The Mobile and following change applies for Remote Access (MRA) feature: Cisco Finesse agent and contact center thin- client desktop is now supported over For supported devices, the ■ connections. MRA X8.11.1 in Changes appliance New CE1200 this in conjunction with is software maintenance release. A new CE1200 appliance introduced or CE1100 appliances, this section highlights some of the differences in the existing deploy you If CE1000, CE500, CE1200: and use with the Cisco Expressway Series product range, designed does not support the is CE1200 The ■ for with the release Cisco key pre- installed. VCS product. It ships the CE1200 is a single, multi- purpose server that can operate as a Cisco ■ Unlike earlier appliances, C Expressway- By default it always ships with Expressway- E. preinstalled. To deploy a or C Expressway- Cisco Expressway- E, you configure the Type option as Expressway- E , in the Service Setup Wizard the server as an you launch the Expressway web user interface, or you can first run it anytime from the (the wizard runs when The Traversal Server option key is no longer used to change to an Cisco Status > Overview page). E. Expressway- can up to 5000 registrations for Mobile and Remote Access, an increase on the 2500 CE1200 The ■ support or VM- based systems. other by supported MRA registrations appliances physical to an existing cluster that has models in it, configure the Type option to match appliance CE1200 a add To CE1100 or Expressway- C) through the service setup wizard on the Status > the Overview page, other peers (Expressway- E CE1200 to the cluster. before you add the deployments resolved in single- NIC issue license Guest Jabber 11.1.2 version or later, this Subject maintenance release resolves a previous issue with RMS to running Jabber Guest calls being consumed on Expressway- C instead of on Expressway- E (CDETS CSCvf34525 ). licenses for Jabber Guest with Jabber Guest in single- NIC deployments still exists, concerning the Expressway- E failing Note: A separate issue license RMS Jabber Guest call (CDETS CSCva36208 ). an count to per MRA changes use the Cisco Unified Communications Manager deployments Mobile and Remote to that These changes apply feature: Access (MRA) you hunt and hunt lists) are supported over MRA, if pilots are running Cisco Unified (including groups Hunt ■ SU5 or a later version Communications that has the relevant change. Manager version 11.5 (1) is verified as supporting up to 5000 registrations for Mobile and Remote ■ The Expressway CE1200 appliance verified for previous appliances. (This change does not apply to earlier physical Access, up from 2500 systems, which remain at 2500 MRA registrations.) appliance VM or models, 10

11 Cisco Notes Release Series Expressway in X8.11.4) (now X8.11 in Features Features in X8.11 (now in X8.11.4) Enhancements Registration Device Expressway- to Registrations E and H.323 Gatekeeper functionality on the Cisco Expressway- E, so you can now From we support SIP registrar X8.11 to directly Expressway- E. endpoints H.323 and SIP register the Licensing C and want to register some or all of your Expressway- existing licensed endpoints the If you have existing licenses on manually delete the relevant option key (s) from the Expressway- C and reload them to the Expressway- E, you need to on the Expressway- E. devices Information for H.323 C, each H.323 device registered to Expressway- E consumes a Expressway- ■ As with H.323 the to registrations License. System Room TelePresence proxy registrations by remote H.323 devices to C or Expressway- E. ■ Currently we do not support Expressway- FindMe, Phone Book and Device Provisioning) Changes to Cisco TMS Provisioning Access (Users, and provisioning services hosted by Cisco TMS (through other the The Expressway can optionally access FindMe by default on Expressway if you had the necessary option keys. Cisco TMSPE). Previously, this was enabled hosted are enabled through the System > Administration settings From X8.11, the Cisco TMS- provisioning services or the device provisioning CLI command ( xconfiguration Administration interface user web the in page special option keys or licenses to enable these services. The following device DeviceProvisoning ). You do not need provisioning services are available: ■ Users ■ FindMe Books Phone ■ Devices ■ by default. For existing systems your current service settings are preserved For all services are off installations new unchanged remain and after upgrading. on the Cisco Expressway- E, as well as we the Cisco Expressway- C as X8.11, support device provisioning on From supported on both components, for deployments with a paired before. Although device provisioning is now that and you use it on the Expressway- C. Expressway- C Expressway- E, we recommend Expressway on Multiway supported conferencing, which was previously only now on the Expressway Cisco The supports Series Multiway compliant endpoints and Cisco TelePresence Server or Cisco Cisco TelePresence VCS product. Subject to Multiway- video caller in a point- to- point call can manually add a third person to the call, to MCU Series conference bridges, a create an instant conference. as Cisco Expressway feature known 'Conference Factory'. Multiway relies on an underlying Note: conferencing and user interface settings related to Multiway conferencing use Because of this, some documentation, licensing, the term Conference Factory. Licensing 'Conference System' licence on Cisco Expressway- C. This license is feature Multiway requires a The conferencing is, resource when you enable Conference Factory (that registration Multiway conferencing). free, one up takes it but 11

12 Cisco Notes Release Series Expressway in X8.11.4) (now X8.11 in Features Improved Integration with Cisco Meeting Server Conference Bridges (Support for Meeting Server Multiple to Proxy SIP (Preview) Server Meeting Balancing) Load only. It is not supported with Cisco Meeting Server software version 2.3 or preview currently is feature This status in for dual- homed conferences with a Meeting Server exists currently Limitation a Also, earlier. support regarding cluster. that is used the load balance the calls between to From X8.11, mechanism Cisco Expressway Series supports groups. bridge call in are Servers Meeting that call bridge group, and a participant tries to join a space on When server that has no Cisco Meeting Servers are in a a with the response code "488 Not Acceptable Here". This call is then rerouted to capacity, that server rejects the call other server then sends a SIP INVITE to the call layer. control layer, using the control call the by server another That now in the correct space, on a different Meeting Server. In cases where there is original call details. The participant is another but Meeting Server has more capacity, it asks that Meeting Server in the capacity in the “second” server, send INVITE. SIP the to group neighbor zone called Meeting Server load balancing which must be enabled There a new setting in the is Zone Name > Advanced ). This setting allows the Cisco Expressway's B2BUA to ( Configuration > Zones > Zones > connect. to enable the participant to Server Meeting "second" the from INVITE the process balancing is set to On regardless of whether We endpoints are registered with recommend that Meeting Server load Expressway or with Unified CM. and Limitations Supported Features Known to B2BUA the call replacement. its invokes Expressway Cisco ■ process from endpoints is also supported. registered calls of balancing Load ■ H.323 not supported. ■ Calls with DTLS- secured media are on call legs to and from applied Expressway. be can modes encryption Different ■ Cisco Web Bridges Proxy to Multiple Meeting Server Web balancing and redundancy of Meeting Server web bridges when it is acting as a Cisco Expressway now supports load App. Meeting Cisco the for proxy WebRTC did multiple web bridges in a limited way; it would attempt to Expressway Cisco the versions, earlier support In addresses returned by its DNS SRV query. However, if bridge those web all across evenly connections distribute the Expressway did not adapt gracefully and the connection addresses fail. were not reachable, the Cisco would this feature. You enter a single address (called Guest account client URI in There is no change for to configuration multiple web bridges, Expressway- C discovers their IP addresses using DNS, then are If UI). Expressway the there evenly amongst those web bridges. uses round- robin to distribute WebRTC connections maintains Expressway a dynamic list of IP addresses that it knows are web The X8.11 enhancement is that now Server feature has the following improvements: proxy web the Specifically, bridges. Meeting for deployment; detect any deliberate changes to your the for ■ The Expressway- C regularly DNS to queries or removed from the SRV record. to being addresses host example, added host addresses returned by DNS check if they are reachable and that they ■ The Expressway- C probes the to API call). are web bridges (using an C or the host is not a web bridge, not then the Expressway- reachable, stops sending ■ If an address is address. that to webRTC connections 12

13 Cisco Notes Release Series Expressway in X8.11.4) (now X8.11 in Features the results, including weight and priority, are shown in the status area of If the DNS SRV query is successful, ■ UI page. the a "active" status for each address. UI also The ■ shows or "failed" connections stateful the Cisco Meeting WebRTC App to the Meeting maintain not does C Expressway- Note: from to example a fails, bridge host goes down, the existing call for that host is lost connection a If bridge. web Server web re- establish the call to the web bridge. In this case, the Expressway and would not proxy the client should attempt to the new WebRTC connection to the failed host. Expressway- (Preview) TURN Server Cisco Meeting App Can Use E currently preview in only. is feature This status it Owing is possible to use the Expressway- E TURN server for media path to TURN server enhancements in X8.11, Cisco Meeting App and the Cisco discovery Server, even when that and media relay between the Meeting WebRTC to the Meeting Server. Expressway- E is being used to proxy App WebRTC Cisco Meeting App sharing a TURN server Meeting Cisco 1 Figure and for to listen on TCP 443 for TURN requests and WebRTC requests. is configured In the E Expressway- the diagram, App, The Cisco Meeting WebRTC App) will all try to use UDP 3478 TURN clients (Meeting Server Core, Meeting and TURN requests. for outbound connection If UDP 3478, it uses the TCP override port, which is 443 the WebRTC App cannot make the to relays. by default, to request media to traverse the XMPP signalling for Cisco Meeting Apps. However, there is The no Meeting required Server Edge is still of Meeting Server Edge server. need the TURN services the use to 13

14 Cisco Notes Release Series Expressway in X8.11.4) (now X8.11 in Features Enhancements TURN Server 443 TCP on TURN configure to both TURN and Cisco Meeting Server requests on the TCP port 443. You can E to listen Expressway- through port 443, it forwards the request either to the TURN connection a receives E Expressway- When request depending on the request type. This allows external users to use TURN Server Meeting the to or server Proxy Web from an environment with restricted firewall policies. spaces Server join and services Meeting configured to listen If for HTTPS requests on port 443, you must change it to a the web administrator port is currently requests ( Web administrator port setting on System > settings ). HTTP to listen to port different Administration administration and TURN requests on the TCP port 443. Expressway- E cannot listen for both web Expressway Port Multiplexing TURN on Large TURN server to listen for TURN requests on a range of ports, from 3478 to can configure a Large Expressway- E You requests TURN is enabled, the Expressway- E accepts all TURN multiplexing on the 3483 by default. From X8.11, if UDP 3478), and internally demultiplexes those requests onto the port range. TURN first port in the range (typically of the ports, but the full capacity of the large Expressway- E TURN server is available. clients only need to know one enabled, the external port does not multiplex the TCP TURN requests due to a service TURN 443 TCP if However, is only 1000 TCP TURN relays are supported. technical limitation. So in this case, Security Enhancements at Rest Improved Security of Data unique root of trust. Each Expressway system, including hardware installation software every X8.11, From a has key unique is used to encrypt data local to that system. This improves the security that a has VM versions and versions rest ways: the in following at data your of when you upgrade to X8.11, and is used to encrypt all data on the first restart. ■ The new key is created used ■ to decrypt data from this system. No other Expressway key can decrypt this system's Only this key can be data. or the UI. It is never logged, either locally on remotely. ■ The exposed never is key Preparation Criteria Common to meet the Common Criteria for Information Technology In Security Evaluation X8.11, the Expressway is configurable configurations in X8.11 are: (Common Criteria). The new security C Expressway- E have configurable cipher and key exchange between tunnels SSH The ■ Expressway- and algorithms. SSH Key Algorithms and settings in the Maintenance > Security > Public ■ You can change Ciphers page. UI web configuration a certification- compliant mode (on Maintenance > Logging , change the Certification ■ Logging can be set to logging mode). force administrators to reset their passwords. The option is on Users > Administrator An new ■ option to when new accounts , user. you add a Criteria work for Expressway, CA certificate checking Note: now requires the Also as part of Common to be present. extension BasicConstraints 14

15 Cisco Notes Release Series Expressway in X8.11.4) (now X8.11 in Features Backups Mandatory Password on cases, and require you to specify a password for all backup and restore encrypted now are files Backup all in operations. will need the password for the relevant backup file. a from restore To Caution: you backup, Mobile and Remote Access Deployments (that Expressway is configured for MRA enhancements is, deployments with and are relevant if your These features to Cisco Unified Communications infrastructure). mobile or remote devices that are registered Custom Search Domain that applied when the DNS domain for limitation the Unified Communications former a addresses X8.11 of MRA domain of the Expressway- C using AXL to connect to that infrastructure. infrastructure was different from the DNS enter of the FQDN the UC hosts when configuring the MRA connections. From In earlier releases, you needed to domain use only the hostnames to discover UC nodes. If the and address you enter is X8.11, you can enter a custom address (for example, yourhostname ) then the Expressway- C will search DNS for not an FQDN or an IP If return a host address, then Expressway- C queries DNS for yourhostname.Expressway- C- domain . that search does not . domain yourhostname.custom- DNS, connection to the hosts returned by as normal. attempts then C Expressway- The the AXL to external nodes in a different sub- domain from This Expressway- C, and use non- is relevant if you connect the resolve the hostnames into FQDNs, and you don't need to enter the host qualified hostnames. Expressway can now between connections configuring when FQDNs nodes. system for Expressway and is not limited to MRA use. general a is change Note: This enhancement IP Intercom over Phones MRA for Support that for IP phones support the feature. support Intercom now available over MRA, is Recording Over Built- MRA in- Bridge it was in preview status. Built- in- Bridge recording is now supported. Previously to recording over MRA. This feature can help organizations comply (BiB) Bridge in- Built- supports Expressway The the European Union's Markets in Financial Instruments Directive (MiFID II). with the phone recording requirements of How it works used the audio portion of calls that are made or received by users working off- premises. to record BiB can be Expressway. enabled the always is BiB ■ on forks Unified Communications Manager. When BiB enabled, Unified CM the call Cisco on configurable is BiB ■ is recording server. to/from the endpoint to a media Prerequisites following components, or later: BiB over MRA requires the Any ■ compatible clients: Jabber for Windows 11.9 — Cisco — Cisco Jabber for Mac 11.9 11.9 and iPhone iPad for Cisco — Jabber 15

16 Cisco Notes Release Series Expressway in X8.11.4) (now X8.11 in Features Cisco Jabber for Android 11.9 — 8800 Series devices which support MRA (not all these phones are MRA- 7800 Phone IP Cisco — or Series compatible) MRA are listed in the "Prerequisites" section of the which support phones Series 7800/8800 The currently guide on the Expressway configuration guides Through Access Expressway Remote and Mobile latest Cisco your for representative Cisco details. ask or , page Manager 11.5 (1) SU3 ■ Registrar/call control agent: Cisco Unified Communications endpoints. on BiB is not supported Expressway- registered X8.11.1 Expressway traversal: Edge ■ recording this document. server: (Information about configuring for Cisco Unified Recording ■ Out of scope for Feature Configuration Guide for Cisco Unified Communications Communications Manager is available in the Manager .) has some limitations, as follows. (These also apply on premises, and not Call recording for Cisco Jabber endpoints just over MRA.) allow Jabber mobile devices to be CTI- monitored. Communications does not ■ Cisco Unified Manager recording tones into the media stream. ■ Jabber does not support injecting Access Policy Support over MRA supported. Previously it was in preview status. over MRA policy is now Access support MRA access policy settings specified on the Unified CM. These are will Expressway the X8.10, From enforce in Unified CM, to define which services individual optionally users can access (None, configured on the user profiles All). The Expressway only enforces MRA access policy if these conditions apply: IM&P, Voice & Video, or self- describing tokens for MRA authorization (set Authorize by configured is Expressway process The ■ to token On to ). OAuth with refresh also support self- describing tokens, including the Other access policy element of the products ■ in the call path tokens. only be enforced if the clients use self- Note: tokens, it's most effective when As MRA access policy can describing only permitted authorization method for MRA. self- describing token authorization is the IM Address Domains over MRA Multiple / Domains Presence Multiple (Preview) status only. This feature is currently in preview into an infrastructure where users are organized into more than one domain, or Jabber 10.6 and later can be deployed IM and Presence Service 10.0.x or later). (subject subdomains with to into domains Improvements Serviceability Consolidation Key License following items as standard features, which were previously applied as The Expressway license now includes the separate option keys: Enable (Expressway- E only) Advanced Networking ■ LIC- EXP- AN (Expressway- only) Relay ■ LIC- E EXP- TURN Enable TURN ■ LIC- VCS- DEVPROV Enable Device Provisioning VCS- FindMe Enable Service FINDME LIC- ■ 16

17 Cisco Notes Release Series Expressway in X8.11.4) (now X8.11 in Features existing system that has these keys applied, for administrator convenience the keys Note: If you are upgrading an user after the upgrade, even though they are no longer needed. web the in visible remain interface Cluster Leaving Peer of Reset Factory of cluster peers when they are removed from the cluster or when the we have modified the behavior X8.11 From a the unique root of trust improvement in X8.11. To remove peer from a part of cluster is disbanded. This change is on that peer. When you do this, from cluster the Expressway prepares itself you clear all peer address fields X8.11, restart (and displays a banner to remind you that it in this state). next the on reset factory to is factory reset, restore the clustering peer address fields as they were. Replace the original If you need to avoid the and peer then save the configuration to clear the banner. addresses in the same order, when triggered peer restarts, to remove sensitive data and clustering automatically is reset factory The the following basic networking information, which is the except configuration all clears reset The configuration. that you can still access the Expressway. If you use the preserved dual- NIC option, be for the LAN1 interface so completely by the reset . aware that any LAN2 configuration is removed ■ IP addresses preserved CA trust associated store preserved key, and ■ private Server certificate, root passwords preserved and accounts and Admin ■ ■ SSH keys preserved keys preserved Option ■ enabled ■ HTTPS access enabled SSH access ■ clustering published when forming, changing, or upgrading the follow MUST You CAUTION: guidance follow you may unrecoverable lose data if you do not and the correct be may cluster Your clusters. Expressway Creation sequence. Maintenance Deployment Guide , for your version, on the See the Cisco Expressway Cluster and . Cisco Expressway Series configuration guides page (Preview) Home Call Smart is only. currently feature This in status preview support capability for Expressway. It offers proactive diagnostics and real- time Smart Call Home is an embedded increased operational efficiency. availability network higher enabling alerts, and Schedule- of Event- based notifications. users notifies Home Call Smart and and messages used generate a Device Report configuration and telemetry inventory, based: Schedule- ■ to identifying failure trends. You can find these notifications posted on hardware and software quality improve by every of month. day first the already supported by Expressway such as alarms and ACRs. You will find these ■ Event- based: ad hoc events Home server as and when they occur. Smart the to posted notifications Call includes Call an option for SMTP with Smart Home, currently this is not Note: Although the web user interface actually implemented Expressway. in the SRV Tester Connectivity network utility that tests whether the Expressway can connect to particular services The SRV connectivity tester is a this tool to proactively test your connectivity while configuring Expressway- based can on a given domain. You use Call Service or business- to- business video calling. solutions such as Cisco Webex Hybrid domain. the Service Record Protocols you want to query for that Domain You specify the DNS Service Record and to each specified protocol, and then attempts TCP connections query the hosts The Expressway does a DNS SRV for TLS, the Expressway only attempts a TLS connection after you the TCP succeeds. returned If DNS. the by specify 17

18 Cisco Notes Release Series Expressway in X8.11.4) (now X8.11 in Features the DNS response and the connection attempts. For any connection The Expressway connectivity test page shows with advice to help with resolving specific issues. provided is reason the failures, along the download from your test in .pcap format. You can selectively can you connectivity, troubleshoot To TCP data specific connection attempt, or you can get a single .pcap file showing the DNS query, the of dump or a download a test. whole Expansion API REST simplify remote configuration. We are adding We to continue to expand the REST API to REST API access we add new features, but are also selectively retrofitting the configuration, commands, and status information when earlier in introduced versions. were features REST API to that as Cisco Prime Collaboration Provisioning, For can use the API to control the example, third party systems, such following features / services on the Expressway: in introduced version API APIs Configuration Clustering X8.11 X8.11 Smart Home Call Interoperability Microsoft X8.11 X8.10 Servers TURN B2BUA X8.10 account Admin Firewall X8.10 rules X8.10 configuration SIP certificates for Server Name Identification X8.10 Domain X8.9 MRA expansion business to Business X8.9 calling MRA X8.8 (RAML). You can access the RAML definitions for API is self- documented using RESTful API Modeling The Language . A high- level summary of how to access and use the API >/api/provisioning/raml address ip https://< at system your Guide on the Expressway installation guides page . is available in Cisco Expressway REST API Summary Hybrid Cisco Webex Expressway Services with X8.11 require that you configure the connector host as a cluster, even if ■ Some Expressway- based Hybrid Services cluster ("cluster of one"). Be very careful when modifying the Clustering peer one only is there the in unless all N address fields and Save the configuration , Peer you intend configuration that you do not clear You will lose your registration, all your connectors, and all associated to factory reset the Cisco Expressway. Leaving Cluster, page 17 . configuration. See Factory Reset of Peer up to date before you upgrade Expressway. Authorize and accept any be must Connector Management The ■ Cisco Webex cloud before you try to upgrade Management Connector upgrades advertised by the Expressway. issues with the connector after the upgrade. Failure to do so may cause be host connectors for Cisco Webex Hybrid Services must running a used ■ Expressways that will be to you register them to Cisco Webex. (You can upgrade just supported Expressway software version now, before Expressway, without needing to upgrade the whole the Management Connector component on the Expressway.) of Expressway are supported for hybrid connector hosting, see Connector For details about which versions Cisco Host Hybrid Webex Services for Support 18

19 Cisco Notes Release Series Expressway in X8.11.4) (now X8.11 in Features zone type— a DNS zone that is specifically designed for connecting to Cisco X8.11 introduces a new "Webex" ■ of Cisco Webex Hybrid Call Service. You can create or delete the simplifies feature This Webex. configuration modify cannot See Hybrid Call Service documentation for more detail. you but zone, Webex one it. Enhancements and Changes Software Other can malformed or corrupt SIP messages, using a new CLI ■ You how the Expressway handles manage connection if the it command RetainConnectionOnParseErrorMode . By default Expressway closes SIP connection This command you choose to have the message. SIP corrupt or malformed a receives lets or for all messages maintained— mandatory for messages with non- mandatory headers only, including headers. closes the connection if it receives ten or more Note: Regardless of this setting, Expressway always Length is missing or malformed. Content- header the if or messages, malformed consecutive appliances running on Cisco UCS C- Series servers, using the ■ We support firmware upgrades for Expressway Expressway Administrator Guide now contains a link to the HUU Cisco user Host Upgrade Utility (HUU). The instructions. no longer in SNMP, but previously it still appeared in the Expressway user ■ The DES encryption option is now has removed. option This documentation. and interface been retrieve different. You use a new Collect log button to the generated logs is diagnostic collect to process The ■ button as before. This change only affects diagnostic logging, not entries. Then use the log log Download diagnostics logs repeatedly, by using the Collect other log button again. log processes. You can download Customer Documentation Changes from X8.11. These documents are deprecated from this release, and will no guides are deprecated ■ Two user Microsoft Lync Interoperability Infrastructure Configuration longer be maintained:• Cisco Jabber and Cisco Expressway with Microsoft Infrastructure Deployment Guide and deployment) Broker” (“SIP Cheatsheet (“Lync Gateway” deployment). using Meeting Server are provided in the Cisco Microsoft with interworking for Guidelines environments Cisco Guide Deployment Expressway . with Server Meeting Cisco VCS documentation. Previously we provided two separate variants of most ■ We have phased out some the Expressway. From X8.10 we began to provide Expressway the and for documents, support customer VCS such In the Expressway versions include any relevant VCS- specific guides. certain for only versions cases information. Expressway here: — Cisco http://www.cisco.com/c/en/us/support/unified- documents are available series/tsd- products- support- series- home.html communications/expressway- available — Cisco VCS documents are here: http://www.cisco.com/c/en/us/support/unified- home.html series- support- products- vcs/tsd- server- communication- video- communications/telepresence- History information is now in summary format in the Administrator ■ What's New and Software Version the "What's New" and "Software Version History" information Guide and online help. We have restructured online help. It's now a summary list of features and the releases in and Guide Administrator Expressway the in out to the relevant release notes for detailed feature information. which they were introduced, with links no individual calls. As the Expressway API is self- documented using RAML, ■ REST API Guide longer details from the Expressway REST API Reference Guide . This about details removed calls have we individual about API how to access and use the interface. document now provides summary information only, is The Cisco Expressway Session Classification Deployment Guide Expressway. with Server Meeting Cisco ■ with Cisco Expressway Deployment Guide . now renamed to Cisco Meeting Server Standards- based Organizations (B2B) " is now in the Cisco The scenario for "Video Calls Between Two Guide . Configuration Deployment Expressway- E and Expressway- C Basic Microsoft- based Organizations" is now in the The and Presence scenario for "IM&P Federation With Chat Guide Federation Deployment Expressway . Cisco Using 19

20 Cisco Notes Release Series Expressway in X8.11.4) (now X8.11 in Features Cisco Unified Communications XMPP Federation Deployment Guide XMPP Federation with Expressway. The ■ . and Presence Federation Using Cisco Expressway to Chat for Expressway is now renamed As well as adding the release features, we've made some minor ■ Minor enhancements to the documents. changes. and corrections documentation 20

21 Notes Release Series Expressway Cisco Issues Resolved and Open Resolved Issues Open and Links Tool Search Bug the the most recent information about the open and resolved issues in this release. Follow below to read links by modified (recent first) sorted issues, open All ■ date X8.11.4 by resolved Issues ■ Issues X8.11.3 resolved ■ by X8.11.2 by resolved Issues ■ Issues resolved by X8.11.1 ■ X8.11 Issues ■ resolved by Notable Version this in Issues counter and registered calls link in Overview page of the web user interface, Unexpected behavior of active call Expressway when endpoints are registered to currently work properly on the Overview page when Expressway is the registrar: call- related issues do not Two call to Expressway- C) do not increment the active endpoints counter. ■ Non- traversal calls (both registered "Registered calls" link, it unexpectedly displays the Unified Communications status page. ■ If you click the calls in Single NIC deployments Guest Jabber issues Licensing with unexpected rich media Currently (RMS) licensing behavior for Jabber Guest calls in the software has some session Single NIC deployments. count one RMS license for each Jabber Guest call, but it does not. This issue may E should ■ The Expressway- because usage appears low even when the server is processing the about confusion cause load, server's refers. CSCva36208 CDETS calls. multiple users who have a Jabber Guest version This earlier than release 11.1 (2) , users with ■ issue only applies to not affected. In affected cases, although each Jabber Guest call ought to consume 11.1 (2) and later are an Cisco Expressway- E, in reality the RMS licenses are consumed on the Cisco Expressway- RMS license on the Contact X8.10 and CDETS CSCvf34525 refers. identified your Cisco representative if you C. This issue in was it. are by affected Dual NIC Jabber deployment. that Note we recommend the Guest 21

22 Notes Release Series Expressway Cisco Limitations Limitations are or Have External Dependencies Features Expressway Some Preview new Expressway features as speedily as possible. Sometimes it is not possible to aim provide We Important: to feature new it may require updates to other Cisco products which are not yet available, or a support officially because deployments of the feature. If customers may still some benefit from using the affect limitations or issues known as "preview" in the release notes. Preview features may be used, but you should not rely on feature, we mark it (see Preview Features Disclaimer, page 1 ). Occasionally, we may recommend that them in production environments used further updates are made to Expressway until or other products. a feature is not provided in preview status only Expressway in this release, are listed in the Feature History table features which are these earlier notes. in Functionality Unsupported not terminate DTLS. We do not support DTLS for securing media. SRTP is used to ■ The Expressway does instead, to make DTLS calls through Expressway will fail. The DTLS protocol is secure calls and attempts only for traversing the encrypted iX protocol. the in inserted but SDP, not the SIP UPDATE method ( RFC 3311 ). Features that support rely on this method will ■ The Expressway does not work as expected. that be licensed as video calls in some circumstances. Calls are strictly audio- ONLY consume may calls ■ Audio calls. However, when audio calls include non- audio channels, such as the fewer iX licenses than video ActiveControl, they are treated as video calls for licensing purposes. channel that enables Remote and Mobile Limitations Access Expressway for Mobile and Remote Important: (MRA), various unsupported features and use you If Access are detailed in limitations and Unsupported Features with Mobile and Remote currently exist. These Supported X8.11 Mobile and Remote Access Through Expressway guide. the in Access Cisco IP Phones in both the 8800 Series and 7800 Series do not currently support MRA at all. For details Some recent Cisco Series phones support MRA, see the Prerequisites section of the Mobile and Remote Access of which 7800/8800 guide, ask your Cisco representative. Expressway Cisco Through or this release, or were not included in earlier documentation, include the following: are which for Limitations new MRA later is needed if you want chat/messaging services over with authentication using OAuth or 12.5 Jabber Cisco and you configure IM and Presence Service presence redundancy groups. With this refresh (self- describing tokens) failures will occur in this scenario if Jabber versions before 12.5 are in use. release of Expressway, user login over MRA for connections, including for BiB recording: These limitations exist recording not direct person- to- person calls, and works for conferences. only Recording ■ for not currently supported for Silent Monitoring and Whisper Coaching features. ■ Recording is Adding Removing or Peers in a Cluster Spurious Alarms when peer new added to a cluster, the system may raise multiple 20021 Alarms ( Cluster communication failure: a When is even the cluster is in fact correctly formed. The alarms appear on the existing peers in the ) establish... to Unable if alarms are typically lowered after at least 5 minutes elapses from the time that cluster. the new peer The unnecessary is successfully added. occur if a peer is removed from a cluster. This is generally valid alarm behavior in the case of These alarms also However, as in the case of adding a peer, the alarms may not be lowered for 5 minutes or more. removing a peer. 22

23 Notes Release Series Expressway Cisco Limitations Appliance CE1200 scenarios, exist with restores of an Expressway- E onto a CE1200 appliance from a CE1100 or certain In ■ issues are provided in the upgrade instructions, including how to resolve each backup. appliance earlier details More issue: restore as an Expressway- C. CE1200 The — may appliance in the web user may interface. banner incorrect An — display requires Expressway software version X8.11.1 or later. Although the system does not ■ The CE1200 appliance earlier software version, Cisco does not support appliances that are running earlier prevent downgrades to an versions. to add or delete Traversal Server or Expressway Series keys through the CLI, but in Expressway The ■ allows you no effect in the case of CE1200 appliances. practice service setup wizard (Type setting) these keys have The appliance is an Expressway- C or an Expressway- E, rather than the Traversal Server key manages whether the earlier for as appliances. Virtual Systems Advanced Networking option allows the speed and appliances, duplex mode to be set Expressway physical With the port. You cannot set port speeds for virtual machine- based Expressway systems. for each configured Ethernet systems always show the connection speed between Expressway and Ethernet Also, virtual machine- based of the Mb/s, actual physical NIC speed. This is due regardless to a limitation in virtual machines, 10000 as networks the actual speed from the physical NIC (s). which cannot retrieve 1 NIC - Demultiplexing Ports with Appliances Medium Gbps appliance with a 1 Gbps NIC to X8.10 or later, Expressway automatically converts the a If you upgrade Medium system. As a result, Expressway- E listens for multiplexed RTP/RTCP traffic on the default system to a Large systems (36000 to 36011); instead of on the demultiplexing ports that are configured demultiplexing ports for Large 36000 In the Expressway- E drops the calls because ports this to 36011 are not open on systems. Medium for case, X8.11.3 you can manually change the system size back to Medium, through the System > the firewall. From (select from the Deployment Configuration list). If you encounter this issue in page settings Administration Medium for the than is to open the default demultiplexing ports X8.11.3, Large systems on the a release earlier workaround firewall. Packs Language the Expressway web user interface, new Expressway language packs are available from X8.10.3. If you translate do work with X8.10. n software (or X8.9. n ). Instructions for installing or updating the packs packs language not Older Guide . are in the Expressway Administrator or Take Effect 65 Keys Fewer Only Keys Option for to add more than 65 option keys (licenses), they appear as normal in the Expressway web interface If you try appear . However, only the first 65 keys take effect. Additional keys from 66 onwards Option to ( Maintenance > keys) actually but Expressway does not process them. CDETS CSCvf78728 refers. the added, be on IM&P Node Failure Behavior Federation- XMPP XMPP external federation, be aware that if an IM and Presence Service node fails over to If a different node you use affected users are not dynamically moved to the other node. Expressway does the support this after an outage, not not been tested. has functionality, it and 23

24 Notes Release Series Expressway Cisco Limitations May Fail with Dual- NIC Expressway Cisco Webex Calling if deploy Expressway with a dual- NIC Expressway- E. Cisco Webex Calling requests may fail if applies issue This you applies to both the external interface and the interface with the Expressway- C. (overlapping) same the route static current E routing behavior, which treats Webex INVITES as Expressway- non- NAT and therefore This is due to directly from the SIP Via header. extracts the source address and make static as specific as possible, to minimize the risk of the routes overlapping, We recommend that you routes occurring. issue this Homed Conferencing- SIP Size Microsoft Federation with Dual Message homed conferencing through Expressway and Meeting Server with If AVMCU invoked on the you use dual an maximum SIP message size must be set to 32768 bytes (the default) or greater. It's likely that you Microsoft side, the for larger conferences (that is, from around nine or more participants upwards). Defined via greater will need value a Configuration > Protocols > SIP . SIP max size on and Cisco Meeting Server Intradomain Microsoft Interop with Expressway for Microsoft interoperability, Meeting a limitation currently applies Server to the following If you use scenario: intradomain/intracompany Microsoft and standards- based SIP networks in a single domain and in a configuration that has You deploy separate facing a Microsoft front end server (because you use internal firewalls between E Expressway- an directly reason). For example, Cisco any Unified Call Manager in one (sub) network and other Microsoft in subnetworks, or for the same inside network, (sub) second a domain. we do not generally support Microsoft interoperability between the two networks, and calls between In this case Microsoft be rejected. and Server Meeting will Workaround not to deploy the intradomain networks without an intervening Expressway- E (you cannot configure you If are able Microsoft), a workaround is to deploy an Expressway- C C in each subnet, with an Expressway- <> Server Meeting <> between them. That Expressway- E to traverse is: Expressway- <> Firewall <> Expressway- E <> Firewall <> Expressway- C <> Microsoft Meeting Server <> C Es Chained Expressway- with Behavior Licensing Es to traverse firewalls (configurable from If X8.10), be aware of this licensing behavior: you chain Expressway- connect through the firewall to the Cisco Webex cloud, each of the additional Expressway- Es which ■ If you zone Rich with the traversal client role, will consume a Media Session license (per call). configure a traversal original C and Expressway- E pair do not consume a license. the before, As Expressway- to the connect to a third- party organization (Business through Business call), all of the you If ■ firewall chain, including the original one in the traversal pair, will consume a Rich Media Session Expressway- Es in the As the before, original Expressway- C does not consume a license. license (per call). (Jabber) OAuth Token Authorization some limitations may exist with enforcing OAuth authorization by self- describing token as the only Jabber users, For on older versions of Jabber can still authenticate by username and password, allowed authentication method. Users on. or sign- traditional single 24

25 Notes Release Series Expressway Cisco Limitations Expressway Forward Proxy the present in Expressway forward proxy is not suitable for use with Cisco Unified At CAUTION: built- Service, and is not supported for Presence those products. The IM and Manager Communications and/or in the Expressway user interface, but it should not be used. This means that if you require forward proxy is a need to use a suitable third- party HTTPS proxy. forward proxy deployment, you TURN Servers the TURN service and TURN Port Multiplexing are the not supported through the CLI. Use TCP 443 Currently, enable these functions ( Configuration to Traversal > TURN ). Expressway interface web > 25

26 Notes Release Series Expressway Cisco Interoperability Interoperability Results Test for this product are posted to http://www.cisco.com/go/tp- interop , where you can The interoperability results test for other Cisco TelePresence products. interoperability find also results test Concerns Interoperability Notable Cisco Expressway (and are not interoperable with earlier Unified Communications Manager IM and X8.7.x versions) of and later. This is caused by a deliberate change Presence in that version of IM and Presence Service, Service 11.5 (1) corresponding change in Expressway X8.8 and later. which has a you must interoperability, the Expressway systems before you upgrade the IM and continuous ensure To upgrade The following error Presence Expressway is a symptom of this issue: Service systems. on with . AXL query HTTP error "'HTTPError:500'" Failed Unable to Communicate Can Services Together? Expressway Which Run operate the Cisco Expressway Guide maintain and on guides page details Administrator Cisco Expressway The Series can coexist on the same Expressway system or cluster. See the table " Services which That Can Expressway services " in the Introduction section. For example, if you want to know if MRA can coexist with CMR be Hosted Together table will tell the you. Cloud can) (it 26

27 Notes Release Series Expressway Cisco X8.11.4 to Upgrading X8.11.4 Upgrading to Dependencies Software and Prerequisites Upgrade important about issues that may prevent the system working properly CAUTION: has information section This upgrade, you review this section and complete any tasks that apply to your Before upgrade. please an after deployment. or Need a Two- Stage Upgrade Earlier X8.1.x on Expressway Systems system which is running software older than version X8.2, you must first If to an you are upgrading a upgrade X8.11.4 software. Otherwise there is a risk of data corruption , due to intermediate release before this you install later software versions. We recommend upgrading to X8.10.x (latest maintenance our changes format database in However, if you have specific reasons to prefer an earlier software version, you release) as the intermediate release. and including X8.2, before you install this X8.11.4 software. (Version X8.2 is not can upgrade to any version from versions only X8.1.x and earlier.) issue— this by affected from ■ are here: https://www.cisco.com/c/en/us/support/unified- available Version X8.10.n release notes communications/expressway- series/products- release- notes- list.html is available ■ Version X8.10.n software https://software.cisco.com/download/type.html?mdfid=286255326&flowid=77866 here: Deployments All Do not install a previous Expressway version onto a system that is running a newer We do not support downgrades. system configuration will not be preserved. version. If you do so, the after the upgrade it uses a new encryption system mechanism. This is due to the restarts From X8.11.1, when the for every software installation, introduced in X8.11.1. trust of root unique are more secure than earlier versions. Upgrading could cause your deployments to stop X8.8 and later versions must check for the following environmental issues before you upgrade to X8.8 or later: working as expected, and you tightened was in X8.8. validation Certificates: Certificate ■ up before and after upgrade ( Maintenance > Security > Secure traversal test ) to secure the Try — test traversal validate TLS connections. valid certificates that were issued by a CA in the Unified Communications nodes — your Are using list? trust Cs' Expressway- signed certificates, are they unique? Does the trusted CA list on have the self- — If you use self- Expressway the nodes in your deployment? signed certificates of all remove Expressway's trusted CA list unique? You must any duplicates. in the entries all Are — enabled on connections to other infrastructure (always on by default for Unified — If you have TLS verify optional for zones to Unified Communications Communications you must ensure traversal zone, and nodes) in the CN or SAN field of the host's certificate. We do not recommend that the hostname is present though even may be a quick way to resolve a failing deployment. mode, TLS verify disabling it that have and reverse DNS lookups for all infrastructure systems forward the Expressway ■ DNS entries: you Do with? interacts must create forward and reverse DNS entries for all Expressway- E From so that X8.8 onward, you systems, can resolve their FQDNs and validate their certificates. systems making TLS connections to them resolve systems, hostnames and IP addresses of your complex deployments (eg. If the Expressway cannot as expected after you upgrade. working stop could MRA) 27

28 Notes Release Series Expressway Cisco X8.11.4 to Upgrading they have valid certificates? If they are using default certificates you should replace them Cluster peers: Do ■ generated and update the peers' trust lists with the issuing CA. internally least) (at with certificates connections between peers instead of IPSec. TLS verification communications clustering X8.8, From TLS use after default) upgrade, and you'll see an alarm reminding you to enforce TLS (by enforced not is you verification. use CE1200 appliances that Deployments onto a CE1200 appliance from a CE1100 or earlier appliance backup, the CE1200 When you restore Expressway- E an Expressway- C. This issue occurs if the service setup wizard was used in the CE1100 appliance or may restore as an to Expressway- C, and the wizard was not completed for the entire configuration. earlier appliance to change the type the the following before you back up appliance: To avoid this issue, do wizard the and change type to Expressway- E. 1. Run the service setup wizard the end. to Complete 2. the Expressway- E configuration onto a CE1200 appliance from Also, CE1100 backup, the CE1200 if you restore the a Expressway- (as expected). However, depending on how the CE1100 type was previously appliance restores as an E display as Expressway- C. If you encounter this issue, go to the service interface web the configured, may banner the and change Type to Expressway- E , then restart Overview system. This issue only > Status ( wizard setup page) option key was used on the CE1100 to change the type to Expressway- E. If you occurs used if the Traversal Server you will not encounter the issue. the service setup wizard, Deployments that use MRA section you use the Expressway for MRA (mobile and remote access Cisco Unified with only applies if This products). Communications versions Communications infrastructure software apply - some of of Unified CM, versions Minimum ■ Unified Cisco Unity Connection have been patched with CiscoSSL updates. Check that IM and Presence Service, and guide, minimum described in the Expressway MRA deployment versions before you you are running the and Remote Access Through Cisco Expressway on the Expressway upgrade Expressway (see Mobile . ) page guides configuration an exception. You must upgrade Expressway to X8.8 or later before you Presence Service 11.5 is IM and Service Presence IM and upgrade 11.5. to E be upgraded together . We don't recommend should operating with Expressway- Cisco and C Expressway- ■ different versions for an extended period. C and Expressway- E on Expressway- you are upgrading a Expressway that is used for MRA, with clustered Unified CMs and ■ This item applies if Collaboration Endpoint (CE) software. In this case you must install the relevant TC or endpoints running TC or later) before you upgrade the Expressway. This is (or required to avoid a listed release maintenance CE below If you do not have the recommended TC/CE maintenance release, an endpoint known problem with failover. to Unified another Unified CM if the original CM to which the endpoint registered fails will not attempt failover CSCvh97495 CDETS reason. some for refers. TC7.3.11 — CE8.3.3 — CE9.1.2 — the MRA authentication (access control) Versions from Expressway- E to Note: from X8.10.n move settings values where it is not possible to retain your existing settings. For correct system C, and apply default Expressway- you must reconfigure the access control settings on the Expressway, as described operation, after you upgrade instructions. later in these upgrade or earlier with Cisco Unified Communications Manager IM and Presence Service Deployments that use X8.7.x 11.5 (1) versions) Expressway are not interoperable with Cisco Unified Communications Manager IM and of X8.7.x (and earlier And you must upgrade and the Expressway software before the IM and Presence Presence later. Service 11.5 (1) . are in Interoperability, page 26 Service details More software. 28

29 Notes Release Series Expressway Cisco X8.11.4 to Upgrading Webex Hybrid Services Deployments that use Cisco be must to date before you upgrade Expressway. Authorize and accept any Connector Management The up to Cisco Webex cloud before you try the upgrade Expressway. advertised upgrades Connector Management by may cause Failure issues with the connector after the upgrade. to do so of Expressway are supported for hybrid connector hosting, see Connector versions Host For details about which Services Support Webex Hybrid Cisco for 29

30 Notes Release Series Expressway Cisco X8.11.4 to Upgrading Instructions Upgrade Begin You Before the system has low levels of activity. ■ upgrade when the Do in Upgrade Prerequisites and Software Dependencies, page 27 are complete. all sure Make ■ tasks relevant settings authentication upgrading. This item only applies if you use the Expressway for MRA your Note ■ before we earlier to X8.10 or later. From version X8.10 X8.9.x moved the MRA from upgrade you and MRA or the Expressway- E to the Expressway- C. The upgrade authentication does not (access control) settings from E settings, so after the upgrade you need to review the MRA access preserve the existing Cisco Expressway- access adjust them as necessary for your deployment. To C existing control settings on Expressway- the and settings: authentication MRA go to Configuration > Unified Communications > Configuration and locate Single a. On the Expressway- E, Sign- value (On, Exclusive, or Off) on support . Note the existing support on set to On or Exclusive, also note the current values of these related fields: Sign- Single is If b. availability • Check for internal authentication to use Safari • Allow clients iOS Jabber embedded systems Clustered you should use the upgrade instructions in the Expressway Cluster Creation and To upgrade a clustered system, Expressway Series configuration guides page . The following important Maintenance Deployment Guide on the Cisco also in that guide, but for convenience it is is repeated here: requirement for upgrading clusters explained and to the risk of configuration data being lost avoid to maintain service systems, clustered For CAUTION: continuity, UPGRADE THE PRIMARY PEER FIRST and then upgrade the subordinate peers ONE it is ESSENTIAL TO AT A TIME IN SEQUENCE. Process apply you are upgrading a clustered system, or a Expressway that uses device provisioning not does process This if TMS managing Expressway). In those cases, follow the directions in the Cisco FindMe or TMSPE), (Cisco (with Deployment instead. Expressway Guide Cluster Creation and Maintenance before you upgrade ( Maintenance Backup and restore ). 1. Backup the Expressway system > mode: maintenance Enable 2. mode . a. Go to Maintenance > Maintenance . b. Set Maintenance mode to On on the confirmation dialog. c. Click Save and OK click timeout. to clear and registrations to calls all for Wait 3. any calls that do not clear automatically ( Status > Calls , click Select all and — If necessary, manually remove click Disconnect ). then remove — any registrations that do not clear automatically ( Status > Registrations > By If necessary, manually then click Unregister ). Select click , device and all the ( Maintenance > Upgrade ). Expressway restart and Upgrade 4. a new major release, for example If from X7.x to X8.x, you first need to obtain a new you are upgrading to The key is required during the release upgrade process. key from Cisco. timeout during the restart process, after the progress bar has reached the end. The web browser interface may it the Expressway carries out a disk file system check – which does approximately once every This may if occur restarts. 30 30

31 Notes Release Series Expressway Cisco X8.11.4 to Upgrading on whether or not you use the Expressway for MRA: This step depends 5. use don't the upgrade is now complete and all Expressway configuration should be as you If — MRA, expected. use go on to the next section and reconfigure your MRA access control settings. do you If — MRA, Systems Over a Traversal Zone Connected Upgrade Expressway- C and Expressway- E client) and Expressway- E (traversal server) systems that are connected We recommend that Expressway- C (traversal run the same software version. over a traversal zone both traversal zone link from one Expressway system to another that is running the previous a support do we However, example, from an X8.11 system to an X8.10 system). This means that you do not feature release of Expressway (for C your and Expressway- E systems. have to simultaneously upgrade Expressway- Access, require both the Expressway- C and Expressway- E systems to be Mobile like services, Remote Some and the version. software same running Upgrade Tasks for MRA Deployments Post- you use the Expressway for Mobile and Remote Access and you upgrade from X8.9.x or This section only applies if the system restarts you need to reconfigure the MRA access control settings: earlier to X8.10 or later. After go to Configuration > Unified Communications > Configuration > MRA Access 1. On the Expressway- C, Control . following: of the Do 2. one of the new MRA access methods from X8.10, set the appropriate values on this — To take advantage control See the first table below for help about which values to apply. page for your chosen methods. your retain upgrade authentication approach, set the appropriate values on this page to match to Or — pre- how See the second table below for help about E. to map the old the your previous settings on Expressway- new equivalents on the Expressway- C. Expressway- E settings to their describing tokens ( Authorize by OAuth token with refresh ), refresh the Unified CM 3. If you self- configure > and click Refresh Communications servers . nodes: > Unified Configuration to Go Important! internal authentication availability setting will be off after the upgrade. Depending on the ■ The Check for CM, this may prevent remote login by some Cisco Jabber users. authentication settings on the Unified in option is now configured by setting Authentication path to SAML SSO authentication . Exclusive X8.9 The ■ password. authentication by username and prohibiting of effect the This has see in the Web UI depend on The whether MRA is enabled ( Unified Communications mode set to fields you actually ) and on the selected authentication path. Not all the fields in the table are necessarily Mobile and access remote displayed. 31

32 Notes Release Series Expressway Cisco X8.11.4 Upgrading to control access Table MRA for Settings 5 Default Field Description None Authentication before path authentication is Hidden field until MRA is enabled. Defines how MRA controlled. MRA by an external IdP. are Clients : authentication authenticated SSO SAML turned on by the Unified UCM/LDAP basic Clients are authenticated CM locally : authentication UCM/LDAP LDAP their against credentials. MRA after on turned method. either SAML : UCM/LDAP and SSO Allows the default setting until MRA is first None : No authentication is applied. This is (rather turned MRA leaving just than off) needed is option "None" The enabled. allow functions which are not because some deployments must turn on MRA to Federation.) actually MRA. (Such as the Web Proxy for Meeting Server, or Only XMPP Do it customers should use "None". these not cases. other in use our recommended On Authorize This option by requires self- describing tokens for authorization. It's infrastructure to support them. OAuth token authorization option for all deployments that have the with refresh Other Only Jabber clients are currently capable of using this method. authorization also OAuth token must clients The it. support currently not be do in endpoints MRA authorization with mode. refresh or (missing snippet) bad SSO or SAML SSO Available UCM/LDAP . by Authorize Off if Authentication path is SAML and token OAuth clients are This option requires authentication through the IdP. Currently, only Jabber (previously by capable MRA of using this authorization method, which is not supported other SSO Mode) endpoints. SAML SSO and UCM/LDAP . is UCM/LDAP or Authorize by Available if Authentication path Off user through are credentials user by attempting allowed authentication Clients perform to credentials This includes Jabber, and supported IP phone and TelePresence devices. MRA. 32

33 Notes Release Series Expressway Cisco X8.11.4 Upgrading to (continued) control Table MRA for Settings 5 access Default Field Description No Authorize by OAuth token is with token OAuth by Authorize if Available for Check or refresh internal enabled. authentication network reduce to security optimal for No, is default The and traffic. availability how the Expressway- E Controls reacts to remote client authentication requests by or whether nodes. home the selecting check should C Expressway- the not token, request asks whether the client may try to The the user by OAuth authenticate home includes a user identity with which the Expressway- C can find and the user's cluster: OAuth tokens Yes : The get_ edge_ sso request will ask the user’s home Unified CM if the are supported. The home by sent identity the from determined is CM Unified request. sso edge_ get_ client's Jabber response will be : If the Expressway is configured not to look internally, No same the settings. to all clients, depending sent on the Edge authentication depends on your implementation and security policy. If all The option to choose and time response reduce can you tokens, OAuth support nodes CM Unified overall mode to clients want you if use Yes select Or . network No selecting by traffic either of getting the edge configuration - during rollout or because you can't guarantee OAuth on all nodes. to from allow rogue inbound requests Caution : Setting this to Yes has the potential No unauthenticated remote Expressway the setting, this for specify you clients. If rogue prevents requests. 33

34 Notes Release Series Expressway Cisco X8.11.4 Upgrading to (continued) control Table MRA for Settings 5 access Default Field Description SAML SSO and UCM/LDAP . SAML is path Authentication if Available or SSO Identity — providers: an Identity Selecting Provider or Create modify IdPs 2.0 Markup solutions Language) to Collaboration Cisco use SAML Assertion (Security enable Communications Unified consuming clients services. for on) sign- (single SSO based for your environment, note the following: choose you If SAML- SSO IdP that ■ SAML 2.0 is not an select must you and 1.1 SAML with compatible standard. 2.0 SAML the uses management is implemented in different ways by ■ SAML- based identity industry, in the computing and networking vendors and there are no widely compliance to the SAML for standards. accepted regulations outside IdP selected your governing the policies and of configuration The ■ are Cisco TAC (Technical Assistance Center) support. Please use your scope of IdP your and support contract with relationship Vendor to assist in configuring cannot accept responsibility for any errors, limitations, IdP properly. Cisco the IdP. specific configuration or of the to with other Although Cisco Collaboration infrastructure may prove compatible be with been have IdPs claiming SAML tested 2.0 compliance, only the following IdPs Collaboration solutions: Cisco 10.0.1 OpenAM ■ 2.0 (AD FS 2.0) ■ Active Directory Federation Services ® ■ PingFederate 6.10.0.4 SAML SSO and UCM/LDAP . SAML SSO or Identity Available if Authentication path — is providers: with Over the SAML see data, SAML Authentication For details working about SSO Export SAML Edge, page 1 . data embedded CM authentication page is displayed in an Unified or Allow Jabber By default the IdP No iOS devices. That default browser is unable web browser iOS clients to (not the Safari browser) on any use deployed to the cannot so and store, embedded use trust iOS the access to certificates Safari devices. Safari the use to devices iOS on Jabber native allows optionally setting This browser. can you store, trust device the access now to able is browser Safari the Because or two- factor authentication in your OAuth enable password- less authentication deployment. A potential security issue exists for this option. The mechanism to return browser the control custom a uses completes, authentication URL after Jabber to Safari from that invokes a custom protocol handler. It's possible that another application scheme and other than Jabber could intercept the scheme gain control from iOS. In that in token OAuth the to the access have would application the case, URL. that If are confident that your iOS you devices will not have other applications devices mobile all because example are scheme, URL custom Jabber the register for the then it's safe to enable the option. managed, you are concerned about If enable possibility of another app not do then URL, Jabber custom the intercepting browser. Safari embedded the 34

35 Notes Release Series Expressway Cisco X8.11.4 Upgrading to (continued) control Table MRA for Settings 5 access Field Description Default SIP token On . Available if Authorize by OAuth token is seconds 0 extra time to the Gives users time- extends to- live simple OAuth tokens (in seconds). Optionally for live increases it However, expire. credentials their accept calls a short window to after exposure. the security potential 6 MRA access Table values applied by the upgrade control Now Previously on... upgrade after Value Option on... Pre- upgrade setting Both applied Expressway- C Authentication path is Notes: SSO mode = Off in X8.9 is two settings in X8.10: ■ Authentication path = UCM/LDAP user Authorize by ■ credentials = On SSO Mode is two in Exclusive = X8.9 settings in X8.10: SAML SSO = path Authentication ■ = On ■ Authorize by OAuth token three Mode = On in X8.9 is SSO settings in X8.10: ■ path = SAML Authentication UCM/LDAP SSO/and by Authorize OAuth token = ■ On by user Authorize ■ On credentials = token OAuth Off — Expressway- C by Authorize with refresh Expressway- Both applied is setting upgrade Pre- Authorize C by token OAuth (previously SSO Mode) is applied Both Expressway- C by Authorize user credentials upgrade setting Pre- internal authentication Check No Expressway- Expressway- C for availability E (no modify Identity providers: Create or Pre- upgrade setting is applied Expressway- Expressway- C change) C IdPs (no setting C Expressway- Expressway- applied is Identity upgrade Pre- data providers: SAML Export C change) 35

36 Notes Release Series Expressway Cisco X8.11.4 Upgrading to (continued) upgrade the by Table applied values control access MRA 6 on... after upgrade Previously Option Now Value on... Allow C Expressway- Expressway- No iOS Jabber use to clients embedded Safari E token live SIP upgrade to setting is applied Expressway- Expressway- C (no Pre- time extra change) C 36

37 Notes Release Series Expressway Cisco Analyzer Solutions Collaboration Using Solutions Analyzer Using Collaboration Cisco Technical Assistance Center (TAC) to help you with validating is Analyzer Solutions Collaboration by created with by analyzing Expressway log files. For example, you can use the assist to and deployment, your troubleshooting and test calls, including Microsoft interworked calls. Tester Call Business to Business validate to partner account to use Collaboration Solutions Analyzer. Note: or customer a need You started Getting the log analysis tool, first collect the logs from your Expressway. 1. If you plan to use 2. Sign in to https://cway.cisco.com/tools/CollaborationSolutionsAnalyzer/ to use. For example, to work Click with logs: 3. the tool you want . analysis Log Click a. b. Upload the log file (s). want to analyze. c. Select the files you . Analysis Run Click d. tool and displays the information in a format which is much easier to understand The the log files analyzes can generate ladder diagrams to show SIP calls. than you the raw logs. For example, Tool Search Bug the Using information about open and resolved issues for this release and previous releases, Bug Search Tool contains The available workarounds. The identifiers listed in these release notes will including and descriptions of the problems a description of each issue. to directly take you a specific problem mentioned in this document: To look for information about to the Bug Search Tool . 1. Using a web browser, go username and password. with in Sign 2. cisco.com a in identifier Search field and click Search . bug the Enter 3. the do not know the identifier: you when information for look To Search field and click Search . 1. Type the product name in the bugs that appears, use Filter drop- down list to filter on either Keyword , Modified Date , 2. From the list of the . Severity , Status , or Technology a Bug Search Tool home page to Use search on specific software version. the on Search Advanced pages have further information on using the Bug The Search Tool. Bug Search Tool help a Service Request Obtaining Documentation and Submitting create customized flexible notification alerts to be sent to you via email or by Notification Cisco the Use to Service feed. RSS submitting the Cisco Bug Search Tool (BST), documentation, a service request, obtaining information For using on What's New in and Cisco Product Documentation . gathering additional information, see revised Cisco technical content directly to your desktop, you can subscribe to the What's New in To receive new and free . The RSS feeds are a service. Cisco feed RSS Documentation Product 37

38 Cisco Expressway Series Release Notes 38

39 Notes Release Series Expressway Cisco Information Legal Cisco Information Cisco Legal REGARDING INFORMATION PRODUCTS IN THIS MANUAL ARE SUBJECT TO AND SPECIFICATIONS THE THE AND RECOMMENDATIONS IN THIS MANUAL ARE ALL NOTICE. INFORMATION, WITHOUT CHANGE STATEMENTS, ARE BUT WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. ACCURATE BE TO PRESENTED BELIEVED FOR APPLICATION OF ANY PRODUCTS. THEIR RESPONSIBILITY TAKE MUST USERS FULL WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE THE SOFTWARE LICENSE AND LIMITED THE PACKET PRODUCT AND ARE INCORPORATED HEREIN BY THIS INFORMATION THAT SHIPPED WITH TO LOCATE THE LICENSE OR LIMITED WARRANTY, CONTACT YOUR REFERENCE. IF YOU ARE UNABLE SOFTWARE COPY. A FOR REPRESENTATIVE CISCO header compression is an adaptation of a program developed by the University of The Cisco implementation of TCP UCB’s public domain version of the UNIX operating system. All rights reserved. California, Berkeley (UCB) as part of the University of California. Regents 1981, © Copyright of THESE ALL DOCUMENT FILES AND SOFTWARE OF HEREIN, WARRANTY OTHER ANY NOTWITHSTANDING WITH ALL FAULTS. CISCO AND THE ABOVE- NAMED SUPPLIERS DISCLAIM ALL SUPPLIERS ARE PROVIDED “AS IS” OF LIMITATION, THOSE INCLUDING, MERCHANTABILITY, WARRANTIES, EXPRESSED OR IMPLIED, WITHOUT OF NONINFRINGEMENT OR ARISING FROM A COURSE DEALING, PURPOSE FITNESS FOR A PARTICULAR AND OR TRADE PRACTICE. USAGE, ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, OR SPECIAL, CONSEQUENTIAL, OR CISCO SHALL EVENT NO IN INCIDENTAL LOST PROFITS OR LOSS OR DAMAGE TO DATA DAMAGES, INCLUDING, WITHOUT LIMITATION, OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ARISING OUT OF THE USE OF DAMAGES. POSSIBILITY THE OF ADVISED SUCH phone numbers used in this document are not intended to be actual (IP) Protocol Internet Any and addresses and examples, command display output, network topology diagrams, other Any phone and addresses numbers. are shown for illustrative purposes figures Any use of actual IP addresses or phone included in the document only. is unintentional and coincidental. numbers in illustrative content copies are considered duplicate Controlled copies and the soft original on- line version and copies printed All un- for latest version. should be referred to 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Cisco has more than . www.cisco.com/go/offices at website 2018- All rights reserved. © Cisco Systems, Inc. 2019 Trademark Cisco are trademarks or trademarks of Cisco and/or its affiliates in the U.S. and other the and Cisco Cisco logo registered list of Cisco trademarks, go countries. this URL: www.cisco.com/go/trademarks . Third- party trademarks To view a to their respective owners. The use of the word partner does not imply of partnership mentioned are the property a other company. (1110R) any and Cisco between relationship 39

Related documents

RIE Tenant List By Docket Number

RIE Tenant List By Docket Number

SCRIE TENANTS LIST ~ By Docket Number ~ Borough of Bronx SCRIE in the last year; it includes tenants that have a lease expiration date equal or who have received • This report displays information on ...

More info »
CityNT2019TentRoll 1

CityNT2019TentRoll 1

STATE OF NEW YORK 2 0 1 9 T E N T A T I V E A S S E S S M E N T R O L L PAGE 1 VALUATION DATE-JUL 01, 2018 COUNTY - Niagara T A X A B L E SECTION OF THE ROLL - 1 CITY - North Tonawanda TAX MAP NUMBER ...

More info »
Microsoft Word   A) Division 245.docx

Microsoft Word A) Division 245.docx

tables Attachment Division 245, including A: Nov. 15-16, 2018, EQC meeting 1 of 121 Page Division 245 CLEANER AIR OREGON 340-245-0005 Purpose and Overview (1) This statement of purpose and overview is...

More info »
CRPT 116hrpt9 u2

CRPT 116hrpt9 u2

U:\2019CONF\HJRes31Front.xml APPRO. SEN. [COMMITTEE PRINT] REPORT { } CONGRESS 116TH 1st HOUSE OF REPRESENTATIVES Session 116- FURTHER APPROPRIATIONS FOR MAKING CONTINUING OF HOMELAND SECURITY FOR THE...

More info »
Fourth National Report on Human Exposure to Environmental Chemicals Update

Fourth National Report on Human Exposure to Environmental Chemicals Update

201 8 Fourth National Report on Human Exposure to Environmental Chemicals U pdated Tables, March 2018 , Volume One

More info »
CalCOFI Atlas 33

CalCOFI Atlas 33

THE EARLY STAGES IN OF THE FISHES CALIFORNIA CURRENT REGION CALIFORNIA FISHERIES COOPERATIVE OCEANIC INVESTIGATIONS ATLAS NO. 33 BY THE SPONSORED STATES OF COMMERCE DEPARTMENT UNITED OCEANIC AND ATMOS...

More info »
untitled

untitled

G:\P\16\HR1\INTRO.XML ... (Original Signature of Member) TH 116 CONGRESS 1 ST S ESSION H. R. 1 To expand Americans’ access to the ballot box, reduce the influence of big money in politics, and strengt...

More info »
MPI: A Message Passing Interface Standard

MPI: A Message Passing Interface Standard

MPI : A Message-Passing Interface Standard Version 3.0 Message Passing Interface Forum September 21, 2012

More info »
Untitled

Untitled

Harmoniz ed vision 4 hedule of the United States (2019) Re Tariff Sc Annotated f poses ting Pur or Statistical Repor GN p .1 GENERAL R ATION ULES OF INTERPRET inciples: wing pr ollo y the f verned b i...

More info »
JO 7400.11C   Airspace Designations and Reporting Points

JO 7400.11C Airspace Designations and Reporting Points

U.S. DEPARTMENT OF TRANSPORTATION ORDER FEDERAL AVIATION ADMINISTRATION 7400.11C JO Air Traffic Organization Policy August 13, 2018 SUBJ: Airspace Designations and Reporting Points . This O rder, publ...

More info »
E:\PUBLAW\PUBL031.115

E:\PUBLAW\PUBL031.115

131 STAT. 135 PUBLIC LAW 115–31—MAY 5, 2017 * Public Law 115–31 115th Congress An Act Making appropriations for the fiscal year ending September 30, 2017, and for May 5, 2017 other purposes. [H.R. 244...

More info »
The 9/11 Commission Report

The 9/11 Commission Report

Final FM.1pp 7/17/04 5:25 PM Page i THE 9/11 COMMISSION REPORT

More info »
OperatorHoursReport

OperatorHoursReport

John Bel Edwards Rebekah E. Gee MD, MPH SECRETARY GOVERNOR State of Louisiana Louisiana Department of Health Office of Public Health Certified Water and Wastewater Operators 2018 - 2019 Hours Hours li...

More info »
At the Dawn of Belt and Road: China in the Developing World

At the Dawn of Belt and Road: China in the Developing World

At the Dawn of Belt and Road China in the Developing World Andrew Scobell, Bonny Lin, Howard J. Shatz, Michael Johnson, Larry Hanauer, Michael S. Chase, Astrid Stuth Cevallos, Ivan W. Rasmussen, Arthu...

More info »
pisa 2012 results volume I

pisa 2012 results volume I

PISA 2012 Results: What Students Know and Can Do tICS, themA StuDent PeRfoRmAnCe In mA ReADIng AnD SCIenCe Volume I rogramme for ssessment A tudent S nternational I P

More info »
Department of Defense   Law of War Manual (June 2015)

Department of Defense Law of War Manual (June 2015)

D E A R T M E N T O F D E F E N S E P N A L O F W A R M A W U A L J U N E 2 0 1 5 O F F I C E O F G E N ER A L C O U N S E L D P A R T M E N T E O F D E F E N S E

More info »
SR288.PS

SR288.PS

113th Congress S. Report ! " SENATE 2d Session 113–288 REPORT of the SENATE SELECT COMMITTEE ON INTELLIGENCE COMMITTEE STUDY of the CENTRAL INTELLIGENCE AGENCY’S DETENTION AND INTERROGATION PROGRAM to...

More info »
Why Forests? Why Now? The Science, Economics and Politics of Tropical Forests and Climate Change

Why Forests? Why Now? The Science, Economics and Politics of Tropical Forests and Climate Change

WHY FORESTS? WHY NOW? The Science, Economics and Politics of Tropical Forests and Climate Change Frances Seymour Jonah Busch

More info »
The Health Consequences of Smoking   50 Years of Progress: A Report of the Surgeon General

The Health Consequences of Smoking 50 Years of Progress: A Report of the Surgeon General

The Health Consequences of Smoking—50 Years of Progress A Report of the Surgeon General U.S. Department of Health and Human Services

More info »
Second National Report on Biochemical Indicators of Diet and Nutrition in the U.S. Population

Second National Report on Biochemical Indicators of Diet and Nutrition in the U.S. Population

Second National Report on Biochemical Indicators of Diet and Nutrition in the U.S. Population Second National Report on Biochemical Indicators of Diet and Nutrition in the U.S. Population 2012 Nationa...

More info »