ZPM Proxy - How it works & Use Cases

⚙️ Setup Guides
1

How does the ZPM Proxy Work?

In certain situations or use cases, ZPM requires on-premises connectivity to connect to Cisco CUCM or Active Directory. An on-premises appliance will serve as a proxy server for the ZIRO Platform for Microsoft (ZPM) to establish a connection to a customer’s on-premises environment.

  • Existing customers with ZPC (Ziro Provisioning for Cisco) enable their ZPC as the proxy; there is no new VM to install.

  • Customers without an existing ZPC must deploy the ZPC virtual machine without a license (ZPC in proxy only mode) on their network.

Does my Proxy need a license?

Please note that no license file is required for using the on-premises application as a proxy for the specified use cases listed below.

A license is only required when performing Moves, Adds, Changes, and Deletes (MACDs) within the Cisco environment. In this case, the required licenses are calculated based on the number of users and public phones being managed on the Cisco Unified Communications Manager (CUCM).

Network Security Requirements and Recommendations

Outbound Connections

The proxy server will establish an outbound connection using a binary protocol over a TCP byte stream on port 7000 to the cloud-based ZPM application hosted in the Microsoft Azure Commercial Cloud.

The proxy will also require local network connectivity to Active Directory via LDAPS over 636 and/or to the Cisco UC Environment HTTPS APIs over port 443.

Inbound Connections

HTTPS (port 443) and SSH (port 22) inbound Access to the ZIRO platform should be strictly limited to the local network.

Do not expose your proxy to the Internet

It is highly recommended that the ZIRO proxy is not accessible from the internet under any circumstances or across any ports, and it should only have access to the local endpoints that it requires (e.g., LDAP or CUCM).

Proxy - Network Diagram

image
image1998×1316 171 KB

:link: See How to Deploy On-Premises ZIRO Proxy Server OVA for steps on how to deploy the proxy OVA.

:link: See ZPM Proxy - How to setup Connection between ZPM and Proxy on how to configure the connection between ZPM and your proxy or ZPC.

ZPM Proxy Use Cases

This section will delve into the various use cases for the ZPM proxy, highlighting its potential applications and benefits.

Updating On-Premises AD (LDAP) for Extension Dialing with Auto-Attendants

See :link: How Update On-Premise AD from ZPM to enable this feature

For auto-attendant dial by extension to function correctly one of the following fields need to be populated in Microsoft Entra ID:

  • TelephoneNumber (On-Premise AD and Microsoft Entra ID)
  • HomePhone (On-Premise AD)
  • Mobile (On-Premise AD and Microsoft Entra ID)
  • OtherTelephone (On-Premise AD)

Customers using On-Premise AD with AD Connect cannot directly modify certain Microsoft Entra ID fields.

Updating On-Premise AD (LDAP) for AD Based SBC Routing/Forking

See :link: How Update On-Premise AD from ZPM to enable this feature

Some customers may want to use On-Premise AD for call routing purposes such as routing through different providers or different PBX (Cisco vs Teams) based on On-Premise AD attributes. Example of SBC setup guides:

  • AudioCodes - AD Based Routing
  • Ribbon - Call Forking Based on Active Directory User Attributes

Managing a Hybrid Dial plan between CUCM and Microsoft Teams

What is a Hybrid Dial Plan?

A Hybrid Dial plan is a range of numbers that are shared across both CUCM and Microsoft Teams. Numbers can be assigned or unassigned across both Cisco and Microsoft Teams without changing routing rules on your SBC.

How to Setup a Hybrid Dial Plan?

Method 1 - AD-based routing

Set up SBC to leverage AD-based routing and set up the ZIRO platform to update AD when assigning numbers. This ensures that as a number is assigned across Cisco or Teams, the SBC immediately knows which environment to route the PSTN call to. (No need to adjust routing rules on your SBC!)

See

  • AudioCodes - AD Based Routing
  • Ribbon - Call Forking Based on Active Directory User Attributes

Method 2 - Set up PSTN Failover (Try CUCM first, then Microsoft Teams)

By ensuring that numbers not defined in CUCM automatically fail over to Teams, you create a predictable routing mechanism that is entirely based on where the number is assigned. Similar to Method 1, you can simply unassign a number in CUCM and then reassign it in Teams. This way, the number will route to Teams without requiring any changes to the routing rules on your SBC.

PSTN calls try CUCM first, then Microsoft Teams, then finally route to an unassigned number treatment in Teams.

image
image1012×904 368 KB

Two common ways of setting up a failover mechanism:

  • Setup CUCM with route patterns to failover to Teams - Route all PSTN traffic to CUCM first. If the number isn’t defined in CUCM, send it to Teams by catching it / failing over with a route pattern.

  • Setup your SBC to failover to Teams - For example, with a Cisco CUBE, setup Dial Peers to route to CUCM and send to teams if it fails.

Lastly setup unassigned number treatment rules in Microsoft Teams to ensure that Microsoft Teams handles all PSTN calls.

How the Platform Can Manage numbers across both Cisco and Microsoft Teams.

In environments using hybrid calling with PSTN calls going to both Teams and Cisco, it is essential to have a dial plan that can access both CUCM and Teams.

This visibility allows the helpdesk to identify who is assigned a phone number in CUCM and Teams. It enables them to quickly assign available numbers to users across either environment without errors and provides better support for their environment.

image
image1718×892 116 KB

:link: ZPM Proxy - How to Configure CUCM and Teams Synced Dial Plan Groups Walkthrough Guide on how to setup the dial plan sync in the ZIRO Platform.