CUCM Nodes in sub domain

NikolaiMomolay · ‎02-20-2020

Can CUCM nodes be part of different sub domain?

For example,

Pub.xxx.abc.com

sub.yyy.abc.com

Thanks,

Gregory Brunn · ‎02-20-2020

Interesting question. In theory I see problems with certificates as any multisan cert adds it domain name into the SAN names. Not sure how it would handle multiple. Can say I have never seen this design. The SRND calls out setting up a seperate subdomain per cluster for CUCM to make routing easier with multiple clusters.

You can always install without needing domains or DNS and that is a valid configuration. Installing without DNS or domain isn't really a best practice anymore if you want to take advantage of jabber or anything that is going to validate FQDN names with certs which is most stuff these days.

It is a best practice to put them into the same sub domain, what is the reason for breaking it apart?

Roger Kallberg · ‎02-21-2020

@Gregory Brunn wrote:
The SRND calls out setting up a seperate subdomain per cluster for CUCM to make routing easier with multiple clusters.

The domain of the cluster nodes name have actually not anything to do with call routing. It use the fully qualified name of the cluster and a route string for this if you use SIP route patterns and GDPR. These are recommended to keep separete from the actual real names of the system to not confuse things.

Recommend you to have a look at the presentation BRKUCC-3000 by Johannes Krohn from Cisco Live if you have the possibility. He goes into great details about how this works and what the recommendations are for this.

Gregory Brunn · ‎02-24-2020

Yeah know the session and my statement was more around keeping the DNS domains and dialing patterns in line. SRND best practices stuff.

Per SRND below.

When DNS is used, Cisco recommends defining each Unified CM cluster as a member of a valid sub-domain within the larger organizational DNS domain, defining the DNS domain on each Cisco Unified CM server, and defining the primary and secondary DNS server addresses on each Unified CM
server. Table 3-4 shows an example of how DNS server could use A records (Hostname-to-IP-address resolution), Cname records (aliases), and SRV records (service records for redundancy, load balancing, and service discovery) in a Unified CM environment.
For Jabber clients, refer to the Cisco Jabber DNS Configuration Guide, available at https://www.cisco.com/web/products/voice/jabber.html

Roger Kallberg · ‎02-21-2020

@NikolaiMomolay wrote:
Can CUCM nodes be part of different sub domain?
For example,
Pub.xxx.abc.com
sub.yyy.abc.com

Thanks,

Yes this will work. We had a system at one of our DC that had this setup for various reasons.

Gregory Brunn · ‎02-24-2020

Good to know + 5 Did you get your certs signed? Were you in mixed mode?

Any problem with the addition domain name just in the SANs?

Roger Kallberg · ‎02-25-2020

@Gregory Brunn wrote:

Good to know + 5 Did you get your certs signed? Were you in mixed mode?

Any problem with the addition domain name just in the SANs?

Yes our tomcat and callmanager certificates was signed by a CA. There was no problem as such with this, but we did once run into a defect in one of the 11.5 versions that was caused by having multiple domains in the SAN. I don't recall the bugID or version as it's around 2 years ago or so since we faced this. We do not run in mixed mode.