cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1520
Views
0
Helpful
13
Replies

VCS-C 7.2.2 to VCS-E with X8.1.1

Georg Kehrer
Level 4
Level 4

Dear all

 

Is it possible for a temporar plan, to let it keep running the VCS-C with X7.2.2 and the VCS-E with X8.1.1 ?

It is only for a short time, because I can not update the VCS-C so shortly im waiting for a Maintenance windows.

any input appriciated.

 

Thanks

Regards

Georg

 

2 Accepted Solutions

Accepted Solutions

Wayne DeNardi
VIP Alumni
VIP Alumni

The "official", "supported" answer that was given previously was No - both VCS-C and VCS-E must be upgraded to X8.1 at the same time.

Edit: Here's the link to the thread where the Cisco reps (Christos and Alok) have said the above: https://supportforums.cisco.com/discussion/11720871/vcs-expressway-and-control-different-versions

Others have had some luck running in a mixed environment (See Chris's response here) - there are a couple of others as well if you do a search.

If it's for a "short time", and you are willing to take the risk of it not working, and having to fix it/downgrade again, and not have a "supported" solution, then, depending on your traversal zones and media multiplexing requirements - it may work for you until you can upgrade your VCS-C - in my environment, I can't afford to do this and am holding out for a X7.x release that includes the Heartbleed fixes.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

View solution in original post

The X8.1.1 release notes now say that you can have a VCS-Cs and VCS-Es on different versions - See Page 17 of the Release Notes:

“We recommend that VCS Control (traversal client) and VCS Expressway (traversal server) systems that are connected over a traversal zone both run the same software version.

However, a traversal zone link to a VCS system that is running the previous major release of VCS software is supported. This means that you do not have to upgrade your VCS Control and VCS Expressway systems simultaneously.“  

So it seems, with X8.1.1, Cisco have either fixed something, or have confirmed that the issues they were saying were previously there are no longer a problem?

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

View solution in original post

13 Replies 13

Lawrence James
Level 1
Level 1

I wouldnt reccomend it due to the number of port changes between the 7.x and 8.x upgrade see release notes for all the details. You may be able to modify the ports to match and cover the required range. But look at the RN specifically the New Traversal Media Port Framework page 2

yes that right I have seen that, I think now is not possible because for the update the Port which are important change are: 50000 - 50001 this must be open, and this Ports I can not configure this on the inside VCS-Control.

 

 

Hi Greorg,

Also be aware that you may need to update the port range on the FIREWALL (if applicable) in an all x8.x environment in any case.

By default, an update of a VCS from x7 to x8 will shift the De-multiplexing ports to 50000 and 50001, however, new VCS on x8 will have the De-multiplexing ports on 36000 and 36001. This is maybe something to consider when upgrading and whether you want to update the port ranges on the upgrade to match a NEW install. This is the avenue we have decide to take as we will know that all our VCSs will match going forward.

 

Cheers

Chris

Hello All,

We ran into an issue with a costumer of ours who is using a third party VCS-E link for their VCS-C traversal conference link. (they own an VCS Control and several end points).

The videoconference provider updated there platform to X8.x and the Control is still running on X7.x. The customer was confronted with the fact that no videoconference calls where possible any more.

I read the release notes of the X8.x software version and I could not find that traversal Links are affected by this software upgrade, only End points.

Looking at the admin interface of the VCS there is no fault indication or error message what so ever( on the traversal link).

After opening the extra IP ports in the firewall  (50000 and 50001) we got het service back up and running.

In My opinion is this chance in ports at a software upgrade un acceptable without a big warning marker in de software release guide.

Because of the heard bleed issue there should be a maintenance software release for older software versions X6 & X7 as well.

Best regards Bert-Wietze

Hi Bert-Wietze,

The release notes spell out the firewall port changes pretty well for the traversal zone in my opinion.  These have been discussed at length in a few threads in these forums already by myself and others.

There is also a Heartbleed fixed release for the earlier versions X7.2.3 to be precise.  It doesn't include some of the other vulnerability/security fixes that X8.1.1 does though.  Again - this has been discussed here in quite a few recent threads if you do a search, or look at one of my earlier replies in this thread.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

Hoi Wayne,

In my point of view there are 2 kinds of traversal zones, 1 is for end points en 2 is VCS-c & VCS-e link.

I toke the time to read some diployment guides again.

And see that I understood it in a different way, I tought that only the ports 2776, 2777 & 6001 ware used for traversal communication between VCSc & e

But the VCS-c is using more I see.

Bert

Hi Bert-Wietze

I think also in the Rel Note was for me enough Info which ports are used, a little bit confused reagrding the Ports 50000-59999

But if you look in to the Firewall Port deployment guide you se exactl whic port are used in every situation.

http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/vcs/config_guide/X8-1/Cisco-VCS-IP-Port-Usage-for-Firewall-Traversal-Deployment-Guide-X8-1.pdf

 

For me was not really apparent if you have on the VCS-C 7.2.2, because you can not change the destination Port on the VCS-C which are make the connection to the VCS-E.

But now for me I everithing clear/OK  I will Update both sites and makes the change on the Firewall and so I'm on the safe side.

Regards

Georg

Hi Bert,

The "Traversal" refers to a firewall traversal, and this is usually between the C and E (not the endpoint and the C on the local LAN).

If you look in the Port Reference section of the Release Notes, it sets out the inbound and outbound ports quite clearly (Tables 5 and 6 - Pages 19-22).

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

 

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

Wayne DeNardi
VIP Alumni
VIP Alumni

The "official", "supported" answer that was given previously was No - both VCS-C and VCS-E must be upgraded to X8.1 at the same time.

Edit: Here's the link to the thread where the Cisco reps (Christos and Alok) have said the above: https://supportforums.cisco.com/discussion/11720871/vcs-expressway-and-control-different-versions

Others have had some luck running in a mixed environment (See Chris's response here) - there are a couple of others as well if you do a search.

If it's for a "short time", and you are willing to take the risk of it not working, and having to fix it/downgrade again, and not have a "supported" solution, then, depending on your traversal zones and media multiplexing requirements - it may work for you until you can upgrade your VCS-C - in my environment, I can't afford to do this and am holding out for a X7.x release that includes the Heartbleed fixes.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

I think its at least a strange thing, the ports would also need to be changed checked / adjusted if you upgrade.

 

I had now gotten an other feedback that building up a traversal zone in between X7 and X8 is not

an issue. I had tested it in my lab and it seems to look ok.

 

X8.1 on the VCS-E and X7.2.2 on the VCS-C, so it would be interesting to hear if some one

with this combination actually had issues in some way? (as this is more important for me than that it works)

 

 

Please remember to rate helpful responses and identify

The X8.1.1 release notes now say that you can have a VCS-Cs and VCS-Es on different versions - See Page 17 of the Release Notes:

“We recommend that VCS Control (traversal client) and VCS Expressway (traversal server) systems that are connected over a traversal zone both run the same software version.

However, a traversal zone link to a VCS system that is running the previous major release of VCS software is supported. This means that you do not have to upgrade your VCS Control and VCS Expressway systems simultaneously.“  

So it seems, with X8.1.1, Cisco have either fixed something, or have confirmed that the issues they were saying were previously there are no longer a problem?

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

From how I see it from the controversy I had with TAC nothings changed, besides the definition that its now possible, ...

 

Sure I would double check that the ports used are as expected after the upgrade and that they are open in the firewall.

 

 

Please remember to rate helpful responses and identify

Wayne DeNardi
VIP Alumni
VIP Alumni

If your primary reason for going to X8.1.1 was the Heartbleed issue - you may or may not have seen, but there's been an X7.2.3 released containing the OpenSSL fix.

This might make it a little easier for you and give you a bit longer to plan your migration of the whole environment to X8.1.1.

Note: X7.2.3 doesn't contain any of the other security fixes that X8.1.1 does (ie the SIP Denial of Service fix, etc).

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.