1.2 Describe the purpose of Edge devices in the Cisco Collaboration architecture such as Expressway

1.2 Describe the purpose of Edge devices in the Cisco Collaboration architecture such as Expressway and Cisco Unified Border Element

(Read my blog here on video communication)

In the Cisco Collaboration architecture, edge devices play an important role in providing secure and reliable communication between internal and external networks. Two common edge devices in this architecture are the Expressway and the Cisco Unified Border Element (CUBE).

Cisco Expressway

In today’s everchanging workplace, businesses are no longer tied to the four walls of the office space. Employees are now allowed and encouraged to work from home, which reduces company overhead expenses and increases employee productivity. However, with these changes to the corporate environment, there are many challenges to overcome as well.

One such challenge pertains to how employees communicate with one another from many different remote locations. Cisco has designed a solution to this communication dilemma called Mobile and Remote Access (MRA). This distinctive platform allows employees to leverage the same great Cisco collaboration solution from anywhere in the world without a VPN while maintaining the same level of security that employees experience within the corporate network.

The Cisco Expressway Series product portfolio is an evolved solution that originated in the Tandberg Video Communications Server (VCS) products.

To fully understand the Expressway series, it is essential to first understand the VCSs.

The Video Communications Server is a product developed by a company called Tandberg, which was acquired by Cisco in 2010. For Tandberg, the VCS was the central call control product for video telecommunications, just as the Cisco Unified Communications Manager is the central call control product in a Cisco-preferred designed architecture today. Part of what made the VCS such a great product, and why Cisco still utilizes this product today, is its capability to securely handle NAT and firewall traversal, unlike any other product on the market.

Expressways are built on the same firmware as the VCSs but offer an alternative solution for existing Cisco Unified Communications Manager customers, providing them with a low-cost traversal solution without having to buy a Cisco VCS Control and VCS Expressway with licenses. Because these servers could be virtualized, customers who were already running the Cisco Unified Communications Manager could install the Expressway Series for free, gaining the ability to do secure firewall traversal for IP communications. The Expressway Series also offered a secure VPN-less solution for unified communications, known as Mobile and Remote Access (MRA).

B2B and B2C communication is an optional feature on the Expressway Series, and as such requires Rich Media Session (RMS) licenses. The recommended deployment is to use a dedicated Expressway C and Expressway E for Mobile and Remote Access, while a separate set should be used for B2B and B2C communication.

On the Cisco Expressway Core, one user license is equivalent to one Device Registration license, which will allow personal devices to register, such as the DX80.

The Cisco Expressway Edge supports both H.323 and SIP registration.

Expressway provides secure remote access and firewall traversal, allowing users to connect to internal network resources even when behind a firewall.

It enables users to securely access Cisco Collaboration services from outside the corporate network using a variety of devices such as laptops, smartphones, and tablets.

Expressway provides secure communication using protocols such as Secure Real-time Transport Protocol (SRTP) and Secure Sockets Layer (SSL) encryption.

Cisco Expressway is comprised of two servers: Core and Edge.

The Expressway Core server will sit within the company’s firewall, next to other UC application servers such as Cisco Unified Communications Manager (CUCM), Cisco Unity Connection (CUC), etc.

As for Expressway Edge, it is deployed in a DMZ, a demilitarized zone. The role of the Edge server is similar to that of a proxy, in the sense that it will redirect all of its traffic flows from remote users and endpoints to the Core server inside the network. The Core server will then redistribute the traffic to their right destination within the company’s internal network.

This results in very tight firewall rules and a secure network while enabling UC services with the external world.

Cisco Unified Border Element (CUBE)

During the 1990s and early 2000s, the only way for an enterprise to connect its internal voice and video network to services outside the enterprise was by means of TDM or serial gateways to the traditional PSTN.

TDM connectivity covers a wide variety of low-density analog (FXS and FXO), low-density digital (BRI), and high-density digital (T1, E1, and T3) interface choices.

Starting around 2006, new voice and video service options to an enterprise became available from service providers, often as SIP trunk services. Using a SIP trunk for connecting to the PSTN and other destinations outside the enterprise involves an IP-to-IP connection at the edge of the enterprise’s network.

The two types of Cisco TDM gateways are analog and digital. Both types support voice calls, but only digital gateways support video.

There are two categories of Cisco analog gateways: station gateways and trunk gateways.

• Station gateways provide Foreign Exchange Station (FXS) ports.

• Analog station gateways connect the Cisco Unified Communications Manager to plain old telephone service (POTS) analog telephones, interactive voice response (IVR) systems, fax machines, and voicemail systems. Analog trunk gateways provide Foreign Exchange Office (FXO) ports for access to the PSTN, PBXs, or key systems, and E&M (recEive and transMit, or ear and mouth) ports for analog trunk connection to a legacy PBX. Analog direct inward dialing (DID) and Centralized Automated Message Accounting (CAMA) are also available for PSTN connectivity.

Cisco analog gateways:

• Cisco Analog Voice Gateways VG204XM and VG300 Series (VG310, VG320, VG350) all support SCCP.

• Cisco Integrated Services Routers Generation 2 (ISR G2)

• Cisco Analog Telephone Adapter (ATA) 190 (SIP only) provides a replacement for the ATA188.

A significant advancement Cisco has changed is the software that runs on enterprise switches, wireless controllers and edge routers. This new software is called IOS XE.

Internetwork Operating System (IOS) XE is a combination of a Linux kernel.

Along with new software, Cisco has released a new series of switches and routers. The routers are called ASRs

Either ASR or ISR routers can be used as the gateway product for a company, depending on the size of the company; the focus here should be on the software rather than the hardware. Both router platforms support the PVDM and PRI service modules, as well as the CUBE software.

Instead of organizations investing in, installing, and supporting all the necessary infrastructure needed for an expensive ISDN solution on-premises, a simple SIP trunk can be created from the Cisco router to a service provider using the CUBE service on the router.

Enterprises are widely deploying IP-based Unified Communications, for both internal calling within the enterprise and external PSTN access. This has resulted in significant migration from TDM-based circuits, by both enterprises and telephony service providers, to IP-based trunks for Unified Communications. At the heart of IP-based telephony trunks lies the Session Initiation Protocol (SIP), which is an industry standard communications protocol based on RFC 3261 and is widely used for controlling multimedia communication sessions and applications such as voice, video, unified messaging, voicemail, and conferencing.

PSTN SIP trunks terminate on a Session Border Controller (SBC) at the enterprise, which serves as a demarcation point between the enterprise and the service provider IP networks, similar to how firewalls separate two data networks.

Expressway enables secure remote access and firewall traversal, while CUBE provides a secure gateway for voice and video communications between internal and external networks. They work together to provide a complete solution for secure and reliable communication in Cisco Collaboration architecture.

Summary

1. Expressway: Expressway is a security device that sits at the edge of the network and provides secure access to the collaboration network for remote users and devices. It acts as a secure gateway that authenticates and encrypts incoming and outgoing communication traffic.

2. Cisco Unified Border Element (CUBE): CUBE is a network device that sits at the edge of the network and provides connectivity between the IP network and the public switched telephone network (PSTN). CUBE acts as a bridge between the two networks, allowing communication between IP and PSTN devices.

Resources:

https://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-border-element/data-sheet-c78-729692.html

[https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube_fund/configuration/15-mt/cube-fund-15-mt-book/voi-cube-overview.html#:~:text=Cisco Unified Border Element (CUBE,trunks%20with%20an%20IP%20connection](https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube_fund/configuration/15-mt/cube-fund-15-mt-book/voi-cube-overview.html#:~:text=Cisco Unified Border Element (CUBE,trunks with an IP connection)

https://goziro.com/connecting-cisco-expressway-uc/

Introduction to Cisco Edge Services: Chapter 20

DEFINE KEY TERMS

ASR

Assent

B2B

B2BUA

B2C

CAS

CUBE

DID

DMZ

E&M

FXO

FXS

IOS XE

ISR

IVR

MRA

PBX

POTS

PSTN

RMS

SBC

TDM

TDoS

Assessment:

1. What feature capability of the Cisco VCS was the main reason Cisco used this product to design the Cisco Expressway?
   

   1. H.323 and SIP interworking

   2. IPv4 and IPv6 interworking

   3. NAT and firewall traversal

   4. Microsoft interoperability

1. What license is required on the Cisco Expressway before a personal endpoint, such as the DX80, can register?
   

   1. RMS License

   2. H.323/SIP Registration License

   3. Room Registration License

   4. Device Registration License

1. What license is required on the Cisco Expressway for B2B calls?
   

   1. RMS License

   2. Non-Traversal Call License

   3. Traversal Call License

   4. No extra licenses are needed for B2B calls.

1. Which of the following is an analog voice gateway?
   

   1. ISR2900

   2. VG204XM

   3. PVDM4

   4. ATA188

1. What operating system of Cisco routers should be used when running gateway services?
   

   1. IOS

   2. IOS XE

   3. ASR

   4. ISR

1. Where does the ISDN SIP trunk from the service provider terminate when setting up CUBE on an enterprise router?
   

   1. TDoS

   2. B2BUA

   3. TDM Circuit

   4. SBC

Answers

|

|

|

|

|

|

1. C

2. D

3. A

4. B

5. B

6. D