We are currently running a single UC cluster containing CUCM 8.x (pub/sub), UCCX HA 8.x, CUP 8.6.4, and CUC 8.5. The cluster is integrated with AD via LDAP for authentication/user consistancy purposes. We have recently been tasked with designing a disaster recovery scenario that would give us the ability to operate if we lost the above cluster. Deploying another subscriber will not work for us in this scenario. My thoughts are to obviously have 2 seperate clusters tied together with an ICT. Easy right? Ha!
Here is my challenge. Our CAD agents work out of one geographic location and it happens to be the same building the UC cluster resides in. They use active directory for CAD logins and extension mobility to hot desk. I realize with CUCM 8.x, we can take advatage of the EMCC feature which should cover extension mobility in the event we lost the primary cluster. The issue is with the LDAP integration. I do not believe you can integrate 2 seperate UC clusters with the same active directory forest (cannot find a definitive answer per SRND) so this defeats a dynamic failover scenario. In my mind, you would have to have 2 seperate active directory forests completely independent of each other or have one cluster that is not integrated with LDAP. I want to avoid that at all costs! I realize we could also have agents deployed at the other location but that does not solve the LDAP dependency and its just not an option for us at this time.
My initial thoughts were to deploy a cheaper type solution in the secondary site (UC500/CME/SMB) with no tie to AD and be completely independent of the primary cluster. This would only be for use by the folks in the call center and only applicable in a DR scenario. If we had a DR scenario, we would have the agents work from home via a VPN connection into the secondary site and fire up a softphone to take calls with (no CAD and I can get creative to mimic IVR type stuff). All of our 8XX numbers could be remote call forwarded to the secondary solution via PRI or SIP. Is there anyone out there with a simlar setup that can point me in the right direction?
I cannot see why you would not be able to integrate two UC clusters with the same AD forest - the user provisioing into CUCM, CUC etc. is a one way sync. Authentication will pass requests to AD but that will not care what end system it is authenticating. Apologies if I have missed something but afaik this should not be an issue.
If you did try to maintain two separate clusters or systems you would have a big overhead in keeping them synced.
I would recommend examing every option for provisioning acceptable resilence on a single cluster. If you run it on UCS using a shared SAN then you can use some of the clever VMware features to provide enhanced resilience - see link below for more details.
Lab 1: Cisco Meeting Server Standalone CertificatesLab 2: Cisco Meeting Server Cluster Certificates with Multi-SANLab 3: Multiple Certificates with Multiple CA ServersLab 4: Cisco Meeting Server Cluster Certificates Advanced ScenarioLab 5: Streamer Servic...
Certificates are the first step to deploy Cisco Meeting Server, preparing certificate are very important to enable different services. As a VOIP administrator, mastering the concept of certificates is unavoidable
Using multiple CA servers, instead of a si...
I just finished to write a comprehensive certificates preparation for Cisco Meeting Server Clustering. Through 60 pages I explained in detail, how to create certificates for database cluster, callbridge cluster, certificate chain for webbridge3, certifica...
Translation Pattern is the most important tool in the Call Routing Process for Cisco Unified Communication manager. Largely used in the Globalized Dial Plan, inter-site and intra-site dialing, and a powerful tool to solve the problem of overlapping direct...