MRA Device Onboarding via Activation Codes
Activation Codes provide a simple and secure way to onboard remote endpoints for Mobile and Remote Access (MRA). This feature eliminates the need for an MRA user to be on-premises the first time they use their phones. Remote users can plug in the phone, enter the activation code, and then start placing calls.
This feature leverages the Cisco cloud to handle onboarding. An administrator onboards Cisco Unified Communications Manager to the cloud, specifying the clusterwide MRA Activation Domain with the Expressway cluster to which all remote MRA users connect during device activation.
If you have multiple Expressway clusters, MRA Service Domains let you specify which Expressway your phones register. After the phone activates, the phone downloads its configuration file, which contains a redirect to the MRA Service Domain with the Expressway cluster that is assigned to that phone.
What is an Activation Code?
An activation code is a single-use, 16-digit value that a user must enter on a phone before registering the phone. The user must enter the correct code, or the phone does not register. Activation codes provide a secure method to onboard phones without requiring an administrator to collect and input the MAC Address for each phone manually.
Custom Certificates (Optional)
If you want to use your own certificates, you can use the cloud to distribute certificates to MRA phones so that they can establish trust with Expressway. With this option, you must upload your certificates first to Expressway, and then to the PhoneEdge-trust store on Cisco Unified Communications Manager. The certificates are uploaded to the Cisco cloud so that the phone can download them during the device activation process.
MRA Onboarding Process Flow
The below table contains the process flow for onboarding new MRA phones via Device Activation Code Onboarding in MRA mode. Match each numbered step to the subsequent graphic for an illustration of the process.
Note |
When you start Device Activation Service on UCM publisher to on-board clients over Mobile and Remote Access, you need to start the UDS and CCM services as well. Moreover, delete and rediscover the UCM cluster in Unified Communications configuration in Expressway-C, as doing a refresh of servers will not work. |
Process Step |
Process Flow |
---|---|
0 |
Administrator configures Cloud Onboarding and specifies the MRA Activation Domain and any MRA Service Domains. |
1 |
Administrator provisions full device configuration without specifying the MAC address. The device name will be a random BAT MAC address. |
2 |
Administrator requests activation code for this device. Device Activation Service requests the code from the cloud-based device activation service. |
3 |
Activation Code is sent to the user (either via email or via the Self-Care Portal). |
4 |
User enters the activation code. Phone gets the MRA target from the cloud. |
5 |
Phone learns the location of Expressway and authenticates using the MIC + activation code in an SRP handshake. |
6 |
Device activation service updates the device configuration in the database with the phone MAC and sends success to the phone |
7 |
The phone can register and gets its phone specific configuration file from TFTP and then register with Unified CM. If the phone is assigned to a different MRA Service Domain, a redirect is provided in the configuration file. The phone can then register using the MRA Service Domain. |
8 |
Device Activation Service releases the activation code from the cloud. The code can be reused in the future. |