03-19-2014 11:03 AM - edited 03-19-2019 08:01 AM
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about technical aspects of the new features in Cisco Unified Communications Manager 10.X with expert Leszek Wojnarski.
Cisco Unified Communications Manager is the Cisco flagship unified communications product. Recently, a new version of Cisco Unified Communications Manager 10.X was released that introduced new features, functionalities, and improvements. Cisco subject matter expert Leszek Wojnarski will answer all of your questions regarding technical aspects of those new offerings within Cisco Unified Communications Manager 10.X
Leszek Wojnarski is a customer support engineer based in Krakow, Poland, focusing on unified communications products, mainly Cisco Unified Communications Manager and Cisco Unity Connection. He has an engineering degree in applied mathematics and holds CCIE voice certification number 38640.
Remember to use the rating system to let Leszek know if you have received an adequate response.
Because of the volume expected during this event, Leszek might not be able to answer every question. Remember that you can continue the conversation in the Collaboration, Voice, and Video community, under subcommunity Unified Communications Applications, shortly after the event. This event lasts through March 28, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.
03-20-2014 03:28 PM
Hello Leszek,
Thanks for covering this topic. I'm curious - with the new security options in CUCM 10, I heard that security USB tokens are not used anymore. So, what happens if I need to upgrade my CUCM 8.6 cluster in mixed mode to CUCM 10? Please advise.
Thank you,
Lisa
03-20-2014 04:32 PM
Hello Lisa,
Yes that's correct with CUCM 10.X we've introduced a new feature in regards to authenticated and encrypted modes of the phones. Now you don't need the USB security Tokens to put your cluster into mixed mode or to update the CTL file.
However it's still possible to use "old" method with CTL Client and Secure Tokens, so after upgrade you can continue using your USB Tokens with CTL Plugin to update the CTL files on your cluster.
And the CTL Plugin can still be downloaded from the plugins page of the CUCM.
If at one point you will decide not to use USB Tokens anymore and you would like to go with the "new" method then the only thing you'd need to do would be to run:
utils ctl update CTLFile
followed by the restart of the CCM and TFTP services (this step was the same with the old process as well)
This command will generate the new CTLfile and will sign it with the private key of the CCM+TFTP certificate of the Publisher. Phones will trust the new CTL file cause it's signed by the certificate, that was included in the old CTL file.
Please let me know if you'd need further clarification on this.
Leszek
03-24-2014 02:49 PM
Hi Leszek,
If I'm doing the upgrade using the Prime Collaboration Deployment from CUCM 9.1 with the IP address changes - at some point I'll have two CUCM clusters, one with old IPs and two with new IPs. What is the best way to move the phones from one old cluster to the new one? Thanks for your help on this.
Evan
03-25-2014 05:02 PM
Hi Evan,
When doing the migration with the IP address change the important thing to remember is that during the process all the certificates on the CUCM cluster will be regenerated, and this includes certificates signed by the external CA. So knowing that we need to make sure that the phones will tust the ITL and configuration files signed by the CUCM+TFTP certificate private key. To make sure that is true the best way to have this done would to use the bulk certificate option. More about this process in a very good document by Jason Burns:
I understand that in some cases in might be problematic to have the DHCP option changed, and in that case I'd recommend to use "Prepare Cluster for Rollback to pre-8.0", also described in the same ducument.
But if you are running secured CUCM cluster (in Mixed Mode), then the only thing you need to do is to run CTL client on new CUCM 10.X using the same tokens that you've used to secure the old CUCM. This will update CTL file on the new cluster and signed it with the certificate trusted by the phone.
One additional step I'd recommend in the Mixed Mode scenario would be to have the CAPF certificate copied from the "old" cluster to the callmanager-trust store of the "new" cluster, this way we will make sure that CUCM trusts the LSC certificates that are used by the phones and were generated on the old cluster.
Hope that helps.
Regards,
Leszek
03-25-2014 05:02 PM
Thanks for the detailed answer, Leszek. Really appreciate it. By the way, what exactly are all the new features offered in CUCM 10?
Evan
03-26-2014 02:56 AM
Evan,
The list of the new features is fairy long, I've tred to capture all of them and categorize on the list below:
Enhanced Smart Call Home
SAML SSO
Regards,
Leszek
03-26-2014 04:37 PM
Leszek -
Is the CUCM 10 supported on VMware solutions? What about hardware servers or running it on virtualization solutions from other vendors like Microsoft or Oracle?
John
03-28-2014 12:06 AM
Hi John,
Starting with version 10, CUCM is only supported on VMWare, additionally you'd need to use OVA files downloaded from Cisco.com when creating virtual machines. More detailed information can be found in:
In the "Hardware Compatibility" section.
Leszek
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide