we are migrating from one callmanager (9.0 unrestricted) to a new one (10.5 restricted). I have seen that there are several options to migrate phones and my question is if it's viable to use the option that uses Bulk Certificate Exports. I have some doubts about this way because we are migrating from an unrestricted version to a restricted option.
Could anybody help us?
Solved! Go to Solution.
This is a new and good topic for discussion..
Noting that I did not try this case previously, but i have some views. First of all, The main difference between Restricted & Unrestricted Version is that Signaling and media encryption is permanently disabled in the unrestricted version, but remains unchanged in the restricted version.
No impact exists to other security features such as HTTP(s), SSH, password encryption and authentication mechanisms used by unrestricted Unified CM clients such as JTAPI, TSP, encryption of SNMP traffic, encryption of data related to database that is done by using IPSEC and IMS on the server side. The communication between CTL client and provider remains encrypted.
NOW, to be more directive about your doubts of exporting bulk certificates, Usually new releases will add/remove fields in the configuration, this means that your export will either have fields that the new release doesn't have, or missing fields that the new version added.So, what does this mean ??
It means you'll need to massage the data as necessary to make it compliant with the format from the target release.and the "easiest" way to do this is to perform an export from both versions and then compare them to add/remove fields as required.
any other ideas will be appricated
In addition to what Saif said, I am assuming that you are running these two versions in paralel?!
In which case I would cut a number of test phones over. You might need to (manuallY) clear the CTL on these phones. are you in a position to do this?
another thing you will need to think about is the default firmware version on 10.5. you might want to upgrade your 9.0 to this version pre-cut over
Thank you for your help.
The link that Jaime has posted I saw it before post this message.
My doubt is related to which is the best method to done it.
We will delete ITL file from phones, as we think this is the best way (and more secure) to do it.
Thanks to all.
Any of the options will work, there is no best or worse option, they mainly depend on how much work it might take (deleting them manually), or how much control you have over the clusters (cert consolidation). If you want to delete them all at once, you might as well use the rollback parameter.
Any method from the ones outlined in the doc, will get the job done.