CUCM encryption on UCS

Similar Messages

• Urgent - CUCM Encryption questions

  I have gone through the CUCM Security guide and a few more docs. I have not been able to find the answers to all the questions anywhere. I need you help find answers to the questions colored green.
  Scenario - At this moment VoIP is not encrypted. (CUCM 6.1 with around 1000 devices). The customer is going to setup a Windows-PKI and they want already to know what specifications Cisco is demanding from such a PKI (so that they later easily can integrate their Cisco VoIP solution in their 'new' network) What encryption length are supported (2048 or 4096 bit ?)
  - Based on CUCM security docs it appears to be 512, 1024 or 2048
  [My Answer] This answer is correct. Here’s the information from the CUCM 7.x Security Guide:
  (Page 84) Key Size - For this setting that is used for CAPF, choose the key size for the certificate from the drop-down list box. The default setting equals 1024. Other options include 512 and 2048.
  What Hash-algorithms are supported (SHA-1, SHA-256, SHA-512, ...) ? -
  - Based on the CUCM Admin guide I was only able to find SHA-1 and MD-5
  [My Answer] This is also true. MD5 is used as a Hash function which is used with encryption. SHA-1 hashed password and PIN in credential table for end users. 1024-bit RSA Public Keys, digital signatures use SHA-1 with RSA.
  Need answer to these 4 questions:
  How long can the certificate chain be (how many different levels are supported) ?
  How can you get certificates on end devices which aren't part of an Active Directory ?
  How to you 'connect' a Cisco Telephony system to a Windows-PKI ?
  Is there a checklist in which the points which should be considered are specified?
  Please share your opinions. Any help would be appreciated.
  Thanks & Regards,
  PJ
  Technology Solutions Network

  Take a look here and see how many of your questions are answered:
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/7_0_1/secugd/secuview.html
  Hailey
  Please rate helpful posts!

• CUCM & Exchange on UCS

  Hi,
  Apologies for noob question but is it possible to run CUCM & MS Exchange on the same UCS C server? Is there a sizing tool that will help me spec this?
  Rich                  

  CUCM is such a business critical application, that as far as I remember, will not tolerate any sharing of other applications, specially not MS Exchange !

• PRIME Infrastructure OVA co-residency with CUCM on UCS

  Hallo All.
  Has anyone installed the PRIME Infrastructure OVA alongside CUCM on a UCS?
  I've been looking at this document
  http://docwiki.cisco.com/wiki/Unified_Communications_Virtualization_Sizing_Guidelines but it is vague on PRIME Infra.
  Also, the CUCM I am installing alongside is v8.5
  Any thoughts?
  Cheers
  David

  The PI documentation is lagging a bit - the only requirements for the current release are what's in the Quick Start Guide here.
  There is no requirement for dedicated cores. As long as your VM meets the hardware specification of the QSG, your installation should be OK. (Of course, it doesn't hurt to provide more than the minimum requirements.)

• What are export unrestricted (XU) images?

  What are export unrestricted (XU) images?
  What's the difference between BE6K-ST-BDL-K9 and BE6K-ST-BDL-XU?
  Any help will be appreciated

  Hi,
  RESTRICTED CUCM is the "full" CUCM with media and signaling encryption ENABLED . This does not mean the feature is ‘ON’ all the time, simply that it is available for the customer to use.
  UNRESTRICTED CUCM versions have all media and signaling encryption features DISABLED to comply with US export laws. This means that they cannot use CUCM encryption.
  HTH
  Manish

• Unity Connection - Certificate from cucm no more trusted for encrypted calls after upgrade to 10.5(1)

  Hello Support Community,
  i have a strange problem:
  after upgrading my cucm and unity connection from 9.1 to 10.5(1) enctrypted calls are no more working.
  situation 1: CUCM is down, Subscriber is up: Encrypted call to Unity Connection work correctly
  situation 2: CUCM is up: Encrypted Calls to Unity Connection not working.
  i get the following Info in the log for the Connection Conversion Manager:
  19:35:21.053 |15865,,,MiuGeneral,25,Invalid Certificate: Received Certificate -----BEGIN CERTIFICATE-----
  MIID8zCCAtugAwIBAgIQc/fBdUz1Zdh4CXhcPqGVuDANBgkqhkiG9w0BAQsFADBw
  MQswCQYDVQQGEwJERTELMAkGA1UEChMCSVQxGzAZBgNVBAsTEkhlbGxnYXRlIFRl
  XD0oD9d5MQ==
  -----END CERTIFICATE-----
   doesn't match with stored Certificate: -----BEGIN CERTIFICATE-----
  MIIC2DCCAkGgAwIBAgIIJWCm4bSdt+kwDQYJKoZIhvcNAQEFBQAw
  -----END CERTIFICATE-----
  so where does Unity Connection cache this certificate and how can i delete/replace it?
  the cert shown in the logs is the one from cucm: ("CallManager"), i recreated it through cucm os administration, now i see the same error message on unity connection for the new recreated certificate.

  Actually It doesn't. It says he's on a MacBook. I don't know all the different types of Macs. I was having a ton of problems with iChat. I opened DMZ to my computer, knocked down all firewalls etc and left everything exposed, still with bad results. A few weeks ago my power supply went out on my D-Link. I bought a linksys. Since I'd left all firewalls off I figured it couldn't be the router. I power cycled everything n the netork, still no luck. Today I bought a universal Power supply and started up my D-Link Router. Everything worked perfectly. My wifes computer - a laptop running Tiger worked fine with the Linksys and did my machine before the Leopard upgrade. Now that I've got the D-Link online everythings working.
  Message was edited by: graphico
  Message was edited by: graphico

• CUCM 10.5 Encrypted control and media

  When a CUCM is encrypted;
  1) It uses TLS for signaling and can fallback to TCP, correct?
  2)for UDP it uses SRTP , correct?
  3)any doc showing the encrypted ports uses?
  thanks

  Correct, TLS fallbacks to TCP in mixed mode.
  Voice uses SRTP if the Phone security profile is set for SRTP (Encrypted).
  Here is the port list:
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/port/10_0_1/CUCM_BK_T537717B_00_tcp-port-usage-guide-100/CUCM_BK_T537717B_00_tcp-port-usage-guide-100_chapter_01.html

• Maintenance contracts required for CUCM on UCS

  Hello All,
  I have a CUCM Ver 8.5 clustrer running on UCS C210M2 server. I would like to know is there is a single maintenance contract I can purchase from Cisco to cover both UCS hardware and CUCM software. Also CUCM is running on top of VMWare ESX server, should I require to get a separate maintenance for VMWare as well ?
  Thanks in advance for the reply.
  Mohsin

  First, let me make sure we're using the same terminology before I answer:
  Contract - The contract number that is tied to your CCO user ID and your equipment
  Maint Agreement - Your hardware or software coverage.
  My understanding is that you cannot put your hardware and software on the same agreement for a number of reasons.  But there is no reason that all of your agreements can't be put under the same contract number.  Often, hardware and software will be on seperate POs, etc. and will end up under separate contract numbers, making things a pain.  I would work with your Cisco rep to see if you can combine all of your agreements under a single contract number.  I don't see why it would be an issue.  If they can't do this with existing contracts, then in the future I would talk with my rep about ensuring that all future purchases get tied to the same contract number. 

• Migrate CUCM 8.5 to 10.X from MCS server to UCS

  Dear All,
  Can you please explain me how can I migrate my current CUCM 8.5 running on MCS server to newly purchase UCS server on CUCM 10.x.
  Regards

  Best option would be to use Cisco Prime Collaboration Deployment 
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/pcdadmin/10_5_1/CUCM_BK_U35347D2_00_pcd-administration-guide-1051/CUCM_BK_U35347D2_00_ucmap-administration-guide-1051_chapter_0100.html
  many threads on it across the forum.
  Chris

• UCS-CUCM Swicthport configuration

  Hi There,
  I just wanted to ask for best practice port config on BE6K servers.
  The BE6K(UCS) is only hosting CUCM server. The switch port is configured as ether-channels.
  Below is the config that I am planning to apply. I am just wondering whether we should apply the qos trust command as well  " mls qos trust dscp". No other servers will be running on this UCS.
  Config:
  interface Port-channel1
  description ****** UCS1 ports ******
  switchport access vlan 18
  switchport mode access
  speed 1000
  duplex full
  spanning-tree portfast
  Interface gig 1/0/1
  description ****** UCS1 port1  ******
  switchport access vlan 18
  switchport mode access
  speed 1000
  duplex full
  spanning-tree portfast
  Interface gig 1/0/2
  description ****** UCS1 port2 ******
  switchport access vlan 18
  switchport mode access
  speed 1000
  duplex full
  spanning-tree portfast

  Hi David,
  Yes add the mls qos trust dscp command to set these ports to trust the dscp markings coming from your CUCM server. Also set the trunk links to trust as well to propagate the dscp markings over the network.
  -Terry

• Can CUCM 8.5 version be installed on a DL 380 G5 server in Virtual environment (Vmware Esxi 4.0 or 4.1)? Or does it have to be only installed in UCS boxes for VMware?

  Can CUCM 8.5 version be installed on a DL 380 G5 server in Virtual environment (Vmware Esxi 4.0 or 4.1)? Or does it have to be only installed in UCS boxes for VMware?
  1. If the installation is possible for the Vmware instance on a DL 380 G5/G6 server , will that be supported by Cisco ?
  Similary is the case with CUIC 8.5. Has anybody worked on these do suggest ideas.

  Virtualized UC applications from Cisco are only supported on the UC on UCS platform using ESXi 4.0, 4.0 Update 1, or 4.1 - hypervisor support may vary based on application.
  Hailey
  Please rate helpful posts!
  Sent from Cisco Technical Support iPhone App

• Update hadrware resources for CUCM in UCS

  Hello all,
  We have CUCM 8.6 running in UCS.
  The ova file used before installing CUCM 8.6 on UCS was for less number of resources ( 1xvCPU, 1x80GB, 4GB RAM ).
  I need to increase resources of VM, so instead of 1=vCPU & 1x80GB, 4GB RAM i want 2 vCPU and 2 x 80 GB, 6GBM RAM.
  If i increase the number of vCPU, RAM & HD from vSphere Client manually, what is the risk in CUCM database, will it effect or it will be safe ?
  Is there any way to upgrade the ova file in running VM instead of building new VM with new OVA file ?
  Kindly help.
  Regards,

  Hello bernhardczapp,
  We were upgrading CUCM 8.6 to 10.5 but unfortunately it failed with an error saying there is no disk space available, we opened case wtih cisco & we were advised to perform following tasks to free disk space:
  Clear the logs is from RTMT tool, download the old log/traces and delete them from the server with this process:
  1)      Login to RTMT
  2)      Go to Trace & log central
  3)      Select Collect File
  4)      Select All service checkbox and All server checkbox, click next.
  5)      Select a period of time. Select all the time frame for the logs that you do not need anymore, example from January until July. (Also there is a drop down so you can clear the ones from the inactive partition.)
  6)      Select the Delete file Checkbox.
  7)      Click finish
  We followed procedure & after 8 hours it made 6495 MB space free. Before was 36444MB & after process 29949MB.
  Reason i mentioned about new ova file for CUCM 10.5 is that while creating VM i will have option to select 7,500 users (this will give me 2x80GB, 2xvCPU, 1x6GB RAM)
  I will try installing your suggested cop files & will update you. Do i need to restart Servers after cop file installation ?
  But if you have alternate solution please share.
  Kind Regards

• UCS,CUCM and MS Exchange

  Hi,
  Apologies for noob question but is it possible to run CUCM & MS Exchange on the same UCS C server? Is there a sizing tool that will help me spec this?
  Rich 

  If you want/expect a link that covers whether a particular app is supported on UCS, there isn't one. You won't find a doc explaining on which scenarios Exchange will work and how to size, etc.
  We provide guidelines for ALL the 3rd party apps, only special case which has particular considerations is the 6K as which set of applications can be deployed is limited.
  HTH
  java
  if this helps, please rate
  www.cisco.com/go/pdihelpdesk

• Trunking Cisco CUCM 9.0 with UCS 500

  In one of our branch offices use Cisco UCS-500 for local IP telephony and PRI. Now we would like to integrate this system to our main offices so that we dial all the 4-digit extensions.
  Is it possible to trunk Cisco UCS 500 with CUCM 9.0. ?

  Hi
  Seems you have codec negotiation problem when you are making calls from UCS to CUCM
  . Can you post your UCS config here.
  Maybe you have logging buffered enabled on your UCS as a result of which logs are not displayed on screen over telent session.
  Regards
  Aditya Gupta

• CUCM using Vmware harware version 9 on UCS

  Hi
  Does anyone knows  if CUCM is compatible with VMware Hardware version 9 on UCS?
  Regards,         
  - Alex

  What do you mean by VMware hardware version 9?
  CUCM is compatible with VMWare as of CUCM version 8.0 and all compatibility information is found here:
  http://docwiki.cisco.com/wiki/UC_Virtualization_Supported_Hardware
  http://docwiki.cisco.com/wiki/Unified_Communications_VMware_Requirements
  HTH,
  Chris