Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
0
Helpful
4
Replies

CCM in our NT Domain or not?

a-mcdougall
Level 1
Level 1

‎03-23-2004 10:45 AM - edited ‎03-13-2019 04:23 AM

Hi,

We're a large enterprise and we currently manage several hundred NT/W2K servers. All the servers we own & manage today are part of a single domain.

We are now deploying our first few Call Managers for IPT. We're having a big debate internally as to whether we add the Call Managers to our existing domain or if we put them in a domain on their own. This is complicated by the fact that we intend to have a 3rd part help us support the IPT environment.

Is there a best practice regarding Call Manager & Windows Domain security? I expect that over time Cisco will move CM to an appliance platform (as they've done on other products) and I suspect that this may limit our choice, right?

I appreciate any input...

Alistair.

Labels:
0 Helpful
4 Replies 4

Ladislaus
Level 1
Level 1

‎03-23-2004 03:23 PM

I don't know of any best practice, but if it were my own system I would keep them separate.

The CCMs hold such a crucial part in one's network that I would try and separate them (from normal traffic, read virus) and secure them as much as possible.

But then again, that's just my personal opinion.

0 Helpful

rburkholder
Level 1
Level 1

‎03-23-2004 03:47 PM

I've seen documents indicating that Cisco recommends that Callmanagers be part of their own workgroup. They should not be member servers of a domain.

On the other hand, because of Unity requirements, those servers should be members servers of a domain.

There are also best practices documents relating to putting the servers in their own segments and installing certain ACL's to further protect the servers and phones from DOS attacks and such.

Your 'third party' should be up-to-date on these 'best practice' suggestions.

Ray Burkholder.

0 Helpful

Hin Lee
Cisco Employee
Cisco Employee

‎03-23-2004 08:03 PM

I'd treat the phone system as such. It just so happens CCM runs on W2k. It's not a file share or print server.

CCM will be appliance-type server in the near future. Look for it in your local hardware stores (that was a joke).

For Unity, if your intention is to have unified messaging where you can check your email on your phone, and vm on Outlook, then by all means, join the existing domain with Exchange/Domino servers.

However if you are using VM only (that means your intention is just to check VM from phone), then it can certainly sit on it's own domain and probably should. That way, you keep it out of domain politics (although i've been told that does not exist)

H. M.

0 Helpful

jolo07310
Level 5
Level 5

‎03-23-2004 08:36 PM

Remember, CallManager(software PBX) install on Windows 2000 server, but they are actually a PHONE system. Have you seen PBX join domain(stuipd me), I mean PBX wont get any attack from hacker because they are isolated.

Therefore, dont try to make CCM join your existing domain, that what Cisco recommends anyway. I mean hacker still can attack CCM, but at least wont get affect if Domain goes down.

Make CCM has own workgroup, install Antivirus, configure ACL.

0 Helpful
Customers Also Viewed These Support Documents