Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5527
Views
20
Helpful
3
Replies

CUCM Multi-Tenant Design

Go to solution
Steven DiStefano
VIP Alumni
VIP Alumni

‎10-03-2012 10:08 AM - edited ‎03-16-2019 01:30 PM

Looking at a 40-50 site Multi-tennant design, where the end customer (not a SP) is providing UC services to a diverse set of agencies they operate? 

1) I've looked at HCS and HCS-LE, and neither meet the business requirements of the customer wanting to expend the CAPEX to own, maintain & manage themselves, nor license regulations limiting only Cisco Partners to operation and resale of the perpetual licenses. 

2) I did find Session Manager Edition in the CUCM SRND, which does lend itself to the requirements perfectly, but this requires small CUCMs cluster in every location as leafs (expen$ive). 

3) I did see the Data Sheets on HUCS, but  I believe this is also limited to Service Provider deployments (correct me if I am wrong)?

4) The last option I am looking at now is building one very large Multi-tenant CUCM cluster

-  each site with SRST VGs, Switches and Phones

-  centralized SIP trunking at the HQ as well as full network management. 

- CDR for call reconciliation

- Partitions and Calling Search Space for separating tenants

- Route Groups and Lists to restrict access to a large pool of centralized trunks

But before I nose dive into getting a grasp on things like avoiding corporate directory overlap, dealing with  AD Domains, and Extension overlap, I wanted to ask if this is still a least cost option still viable and supported today?

Or what other limitations I need to be careful of?

Thank you.

Steve

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎10-05-2012 06:45 PM

Here's what comes to mind for potential option four landminds:
  • The single-forest restriciton of DirSync (to say nothing of SSO) you already mentioned. You can potentially overcome this with Microsoft Lightweight Directory Services but this will get complicated [read: messy] in a hurry.
  • Maintaining administrative separation: permissions in CUCM are all-or-nothing on a per-page basis. If the admin has access to phones, they can see every phone in the cluster, not just those in his/her site. You can potentially overcome this with a provisioning product from Cisco or 3rd party; lock everyone out of CUCM/CXN UIs essentially.
  • Some dependant applications have serious problems with multi-tenant in a single CUCM cluster, namely:
    • Contact Center Express: You will see every CCX user - by name - in the admin and reporting interfaces.
    • Jabber and CUP/IM&P: Only one presence domain per-CUCM cluster. If the tenants have separate domains (e.g. nbc.com vs. universal.com) they can only use one for Jabber. Other features of IM&P/CUP also don't scale to multi-tenant including the Exchange integration for example.
    • Probably others...
  • Depending on the legal relationships between these companies the providing company may fall under carrier-specific telecom laws. One of the bigger hurdles would be CALEA. As an example, what happens if - by remote chance - someone from tennant A calls the DID of tennant B? If those are two separate companies you may have just become a carrier (disclamer: this is not legal advice).

Please remember to rate helpful responses and identify helpful or correct answers.

View solution in original post

3 Replies 3

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎10-05-2012 06:45 PM

Here's what comes to mind for potential option four landminds:
  • The single-forest restriciton of DirSync (to say nothing of SSO) you already mentioned. You can potentially overcome this with Microsoft Lightweight Directory Services but this will get complicated [read: messy] in a hurry.
  • Maintaining administrative separation: permissions in CUCM are all-or-nothing on a per-page basis. If the admin has access to phones, they can see every phone in the cluster, not just those in his/her site. You can potentially overcome this with a provisioning product from Cisco or 3rd party; lock everyone out of CUCM/CXN UIs essentially.
  • Some dependant applications have serious problems with multi-tenant in a single CUCM cluster, namely:
    • Contact Center Express: You will see every CCX user - by name - in the admin and reporting interfaces.
    • Jabber and CUP/IM&P: Only one presence domain per-CUCM cluster. If the tenants have separate domains (e.g. nbc.com vs. universal.com) they can only use one for Jabber. Other features of IM&P/CUP also don't scale to multi-tenant including the Exchange integration for example.
    • Probably others...
  • Depending on the legal relationships between these companies the providing company may fall under carrier-specific telecom laws. One of the bigger hurdles would be CALEA. As an example, what happens if - by remote chance - someone from tennant A calls the DID of tennant B? If those are two separate companies you may have just become a carrier (disclamer: this is not legal advice).

Please remember to rate helpful responses and identify helpful or correct answers.

Go to solution
btmulgrew
Level 4
Level 4
In response to Jonathan Schulenberg

‎10-06-2012 12:26 AM

great answer! we inherited a multi tenant cluster and are now in the process of dismantling and using multiple CMEs for those very reasons.

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
Philip Denton
Level 1
Level 1
In response to btmulgrew

‎05-08-2013 08:32 PM

I'm guessing no change in this scenario (or resolution of the related issues) in the past 6 months?

0 Helpful
Customers Also Viewed These Support Documents