Bobby,
I would say that you have to consider all integration points when enabling signaling and media encryption. That isn't to say all integration points will fail or need to be tinkered with. Just that you have to identify your integration points, assess impact, and determine action (if needed). For the three integration points you listed:
Billing System. In general, billing systems will not be affected by provisioning a secure call processing environment.
Right Fax. If you are TDM integrated (CAS or ISDN trunk) then there is definitely no impact. If you are integrated with SIP trunk (i.e. you are doing T.38) then the answer is "it depends". I am not sure if Right Fax will support encrypted signaling (SIP over TLS) nor do I know if it supports SRTP. A quick google search should answer that question. Keep in mind that CUCM is aware of the security status of all call legs. If an unsecure device is added to a call with one or more secure devices, the call can succeed as an unsecure call.
Tandberg VCS. You know, I have set up encryption on both VCS and UCM but not between. Though, I know that you can provision TLS for secure signaling between the two systems. The VCS deployment guide for CUCM should cover that. I'd suspect you can do secure voice media. On UCM version 8.5 I don't think encrypted/secure video is supported with video endpoints registered to UCM.
HTH.
-Bill (http://ucguerrilla.com)
