Security for the Enterprise Collaboration Preferred Architecture
|
|
- Beatrice Hardy
- 6 years ago
- Views:
Transcription
1
2 Security for the Enterprise Collaboration Preferred Architecture Laurent Pham, Technical Marketing Engineer BRKCOL-2425
3 Gartner estimates that IT security spending will soar from $75 billion-plus in 2015 to $101 billion in Research firm Markets and Markets sees the cybersecurity market hitting $170 billion by Investors.com BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 3
4 Cisco Spark Ask Question, Get Answers Use Cisco Spark to communicate with the speaker after the event! What if I have a question after visiting Cisco Live?... Cisco Spark Spark rooms will be available until July 29, 2016 How 1. Go to the Cisco Live Mobile app 2. Find this session 3. Click the join link in the session description 4. Navigate to the room, room name = Session ID 5. Enter messages in the room BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 4
5 Agenda Security in Layers Encryption Certificate Management
6 What is a Preferred Architecture?
7 Collaboration Preferred Architecture (CPA) What products to use to enable users for Collaboration and Unified Communications for simple deployments. Prescriptive recommendations Concise Documents Preferred Architecture provides prescriptive design guidance that simplifies and drives design consistency for Cisco Collaboration deployments Preferred Architecture can be used as a design base for any customer using a modular and scalable approach Preferred Architecture team provides feedback on solution level gaps to product teams Preferred Architecture will help you scale! Tested best practices BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 7
8 Collaboration Preferred Architectures & CVDs PA Overview PA CVD Cisco Validated Design Cisco Validated Design Applications Pre-Sales Process Design Overview Document Targeted to Presales What (w/ Some Why)! Post-Sales process Detailed Design and Deployment Guidance Post Sales Design and Deployment What, Why, and How! Process Driven Guide Post-Sales Process Detailed, Deployment Guidance Post Sales Design and Deployment What, Why, and How! Process Driven Guide Plugs into the PA CVD 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
9 Headquarters Expressway-E Cisco WebEx Mobile/Teleworker DMZ Endpoints Expressway-C IM and Presence Unified Communications Manager Integrated/Aggregated Services Router Internet Third-Party Solution MPLS WAN Integrated Services Router Call Control Collaboration Edge Unity Connection TelePresence Server Conductor PSTN / ISDN Remote Site Voice Messaging Deployment Conferencing Prime Collaboration License Manager Collaboration Management Services Provisioning TelePresence Management Suite Assurance/ Analytics Collaboration Preferred Architecture for the Enterprise BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 9
10 Preferred Architecture for Collaboration Enterprise Cisco Validated Design (CVD) Call Control UCM, IM&P, ISR, CUBE Conferencing UCM, Conductor, TS, TMS Edge UCM, Expressway, CUBE, ISR Applications Ucx, PCD*, PLM * Bandwidth Management Sizing Functions: Dial Plan (Dialing Habits, Endpoints/ILS/GDPR), Trunking, SRST, CTI, DNS, EM Functions: Instant, Permanent, Scheduled, CMR, CMR Hybrid, Personal Multiparty Functions: Mobile Remote Access (MRA), B2B, IM&P Federation, PSTN Access, ISDN Video Functions: Applications and Tools: VM Deployment, Licensing, Voice Messaging Functions: QoS and Admission Control Functions: Sizing numbers for products built on a set of calculated assumptions Architecture: Component Role, HA, Security, Scalability Deployment: Process and Configuration S i z i n g BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11 Upcoming Chapters in CVD Collaboration Management Services PCD, PLM, PCP, PCA Security Security in Layers (including Toll Fraud), Encryption, Certificate Management Work in Progress CVD to be available later this year BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12 Examples of IP Communications Threats Denial of Service (DoS) Affecting call quality or ability to place calls SPAM SPIM, SPIT, and more SPAM Toll fraud Unauthorized or unbillable resource utilization Learning private information Caller ID, DTMF, password/accounts, calling patterns, Presence Information Eavesdropping Listening to another s call or Theft of intellectual property Media tampering Data Modification Impersonating others Identity Theft Learning private information Caller ID, DTMF, passwords/accounts, calling patterns, Presence information Session replay Replay a session, such as a bank transaction BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13 Security In Layers
14 Secure Physical Access First line of defense Once a user or attacker has physical access to one of the devices in a network, all kinds of problems could occur Action: Secure access to the building Secure access to the Data Center / servers (DoS, easier access to management, password recovery) Secure endpoints BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 14
15 Secure the Infrastructure and the Network Segregation Virtual LANs (VLANs) separates voice and data traffic VLAN Access Control Lists (VACLs) limits traffic between devices on the voice VLAN QoS Packet Marking ensures UC traffic receives appropriate priority over other traffic Layer 2 DHCP Snooping creates binding table Dynamic ARP Inspection (DAI) examines ARP & GARP for violations Port Security limits the number of MAC addresses allowed per port 802.1x limits network access to authentic devices on assigned VLANs Multi-Domain Authentication (MDA) binds two devices to assigned VLANs MAC Authentication Bypass (MAB) provides a measure of control over devices which don t support 802.1x Layer 3 IP Source Guard examines physical port, VLAN, IP, & MAC for inconsistencies Firewalls/IPS/AMP ASA with FirePOWER Services BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16 Prevent Unauthorized Access - Platforms Hardened Platform Host Based Intrusion Protection (SELinux) host based firewall (iptables) 3 rd party software installation not allowed OS and applications are installed with a single package Root account disabled Software signed Secure Management (HTTPS, SSH, SFTP) Audit logging Also Configure If applicable, change default passwords (e.g. Expressway, TelePresence) Complex password policy Disable unnecessary protocols BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17 Prevent Unauthorized Access - Edge Expressway Host-based Firewall, Firewall Rules Host Based Intrusion Protection (not enabled by default) CUBE and Voice Gateways IP TRUST LIST: Don t respond to any SIP INVITEs if not originated from an IP address specified in this trust list CALL THRESHOLD: Protect against CPU, Memory & Total Call spike CALL SPIKE PROTECTION: Protect against spike of INVITE messages within a sliding window BANDWIDTH BASED CAC: Protect against excessive media MEDIA POLICING: Protect against negotiated Bandwidth overruns and RTP Floods USE NBAR POLICIES: Protect against overall SIP, RTP flood attacks from otherwise trusted sources DEFINE VOICE POLICIES: identify patterns of valid phone calls that might suggest potential abuse. BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 17
18 Prevent Unauthorized Access - Endpoints Security features by default Signed firmware (.sbn extension) Signed configuration files (<devicename>.cnf.xml.sgn) Note: With Jabber, Unified CM needs to be in Mixed-Mode for those features (CTL File) This authenticates the firmware/configuration and protects against tampering Also add Physically secure the phones Disable Gratuitous ARP Configure 802.1X Disable web access / SSH access. Or configure ACL Disable PC port if not needed Optionally TFTP configuration file encryption BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 Prevent Toll Fraud Toll Fraud can be external and also internal attacks Unified CM Unity Connection Edge (CUBE, Voice GW, Expressway) BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20 Unified CM Security Eliminate Toll Fraud (1) Deny unauthorized calls Partitions and Calling search spaces provide dial plan segmentation and access control Example: Avoid Unified CM sending back to the PSTN a call coming from the PSTN Don t include in Trunk CSS the partition for route patterns to PSTN Unified CM 3 2 Voice or Video GW 4 PSTN signaling media PSTN access partition Inbound CSS DN partition Multiparty meeting partition 1 BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 20
21 Unified CM Security Eliminate Toll Fraud (2) Block offnet to offnet transfer (CallManager service parameter) Unified CM Voice or Video GW PSTN 5 BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 21
22 Unified CM Security Eliminate Toll Fraud (3) Device Pool Calling Search Space for Auto-registration to limit access to dial plan Employ Time of day routing to deactivate segments of the dial plan after hours Require Forced Authentication Codes on route patterns to restrict access on long distance or international calls. Drop Ad hoc Conferences (CallManager Service Parameter) Monitor Call Detail Records Employ Multilevel Administration BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 22
23 Toll Fraud Prevention Unity Connection Unity Connection could be used to transfer a call Recommendations Use restriction tables to allow or block call patterns Change the Rerouting CSS on the trunk in the Unified CM side Reference CUC Security Guide: ml Troubleshoot Toll Fraud via Unity Connection TAC tech note: technote-cuc-00.html System Administration guide: /b_cucsag/b_cucsag_chapter_0101.html BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 Toll Fraud Prevention - Edge CUBE Call Source Authentication (IOS 15.1(2)T feature) enabled by default. Do not disable via no ip address trusted authenticate Only calls from trusted source IP addresses will be accepted voice service voip ip address trusted list ipv ipv Expressway Call Policy Rules (CPL) BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 24
25 Monitor CDR and logs Unified CM Monitor CDR, audit logs, and other logs Authentication Failure 16:10: LogMessage UserID : administrator ClientAddress : Severity : 4 EventType : UserLogging ResourceAccessed: Cisco CallManager Administration EventStatus : Failure CompulsoryEvent : No AuditCategory : AdministrativeEvent ComponentID : Cisco CCM Application AuditDetails : Failed to Log into Cisco CCM Webpages App ID: Cisco Tomcat Cluster ID: Node ID: cucm-pub Phone Added 16:13: LogMessage UserID : administrator ClientAddress : Severity : 5 EventType : DeviceUpdate ResourceAccessed: CUCMAdmin EventStatus : Success CompulsoryEvent : No AuditCategory : AdministrativeEvent ComponentID : Cisco CUCM Administration AuditDetails : New Phone added with MAC address=aaaabbbbcccc, CAL mode=< None > and CAL value=< None > App ID: Cisco Tomcat Cluster ID: Node ID: cucm-pub BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 25
26 Monitor CDR and logs Expressway: Monitor CDR, Search History, and logs BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 26
27 Enable Encryption Protect against eavesdropping, data modification, session replay, impersonation Provides privacy, integrity, and authentication Authentication provided through certificates Can be one-way authentication or Mutual authentication (MTLS) BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 27
28 Encryption
29 Links to Encrypt Administrative and user interfaces SIP trunks Endpoint Encryption Within Data Center Multiple clusters BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 29
30 Links to Encrypt Administrative and user interfaces SIP trunks Phone Encryption Within Data Center Multiple clusters Most of them should be encrypted by default Ensure passwords are not sent in clear If integrated with LDAP, configure LDAP over SSL (import LDAP certificate into Tomcat-trust store) BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 30
31 Links to Encrypt Administrative and user interfaces SIP trunks Phone Encryption (requires Unified CM in mixed-mode) Within Data Center Multiple clusters: ILS and LBM Typically: Authentication: Certificates Authorization: X.509 Subject Name in SIP Trunk Security Profile Does not require Unified CM in mixedmode SIP trunk encryption is recommended Conductor TelePresence Server Unity Connection Expressway CUBE / VG BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 31
32 Links to Encrypt Administrative and user interfaces SIP trunks Endpoint Encryption Within Data Center Multiple clusters Mixed-Mode SRTP Encryption for the phone media and signaling requires Unified CM to be in Mixed-Mode Requires Export Restricted version of Unified CM IM messages are encrypted by default and do not required mixed-mode Secure call has a lock icon shown on the endpoint display BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 32
33 Unified CM: Non-Secure vs. Mixed-Mode Feature Non Secure Cluster Mixed Mode Cluster Auto-registration * Signed & Encrypted Phone Configs Signed Phone Firmware Secure Phone Services (HTTPS) CAPF + LSC IP VPN Phone SIP Trunk encryption Secure Endpoints (TLS & SRTP) New in 11.5 BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 33
34 Mixed-Mode for Unified CM Enable Mixed-Mode Hardware Security Token (USB Security Tokens) Tokenless CTL (10.0+) Migration See Unified CM Security Guide and TAC note BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 34
35 USB Security Tokens vs. Tokenless Hardware Security Token (USB Security Tokens) Tokenless (10.0+) Pros: Less situations where endpoints loose trust relationship with Unified CM and easier to recover from this scenario Can be used across multiple Unified CM clusters and facilitates migration between clusters Cons: Have to purchase 2+ USB Security tokens Not manufactured in the US Require CTL Client installation on a desktop Pros: Easier to manage: No need to purchase USB security tokens, no need to install CTL client, easier to update CTL file Cons: More situations where endpoints loose trust relationship with Unified CM and more complex to recover from this scenario Requires more steps when migrating clusters BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 35
36 Encrypted Endpoint Basic Configuration With Unified CM in mixed-mode, not all endpoints need to be configured with encryption, but all the endpoints get a CTL (Certificate Trust List) file Notes: There is also a Phone security profile which is independent from the phone type: Universal Device Template. Useful when deploying MRA Encryption using the Locally Significant Certificate (LSC) instead of Manufacturing Installed Certificate (MIC) requires additional step BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 36
37 MRA Voice/Video Encryption Voice/Video streams always SRTP encrypted between Exp-C and MRA client SIP TLS always enforced between MRA clients & Exp-E, Exp-C & Exp-E * Unified CM mixed mode required to achieve SRTP on internal network and SIP TLS between Exp-C and Unified CM Media and Signaling always encrypted SIP TLS* SIP TCP SIP TLS SIP TLS SRTP Expressway-C DMZ Expressway-E External Firewall Firewall BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 37
38 Links to Encrypt Administrative and user interfaces SIP trunks Phone Encryption Within Data Center Multiple clusters Some communications have sensitive information or are easy to encrypt. Recommendation: Encrypt. Example: LDAP over SSL and SIP trunks Some communications are more difficult to encrypt requiring for example IPsec. Lower priority to encrypt, especially if servers locked down in Data Center and is trusted. Example: Communication between Unified CM nodes in the same cluster. If IPsec must be used, recommendation is to configure it on the infrastructure. BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 38
39 Links to Encrypt Administrative and user interfaces SIP trunks Phone Encryption Within Data Center Multiple clusters In addition to SIP Trunk Encryption, encrypt ILS and LBM ILS (Intercluster Lookup Service) Certificates for authentication, Passwords for authorization (new in 11.5) LBM (Location Bandwidth Manager) Encrypt Intercluster LBM links ILS and LBM are using Tomcat certificates BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 39
40 Cipher Suites Unified CM SIP TLS ECDHE_RSA with AES256_GCM_SHA384 Key Exchange Authenticated/Signed-with: ECDHE RSA (Elliptic Curve Diffie-Hellman Ephemeral RSA) Unified CM Options: RSA (only option prior to ) ECDHE RSA ( ) ECDHE ECDSA (11+) Encryption Algorithm Authenticated with: AES256_GCM SHA384 (Advanced Encryption Standard at 256 bits, with Galois Counter Mode Secure Hash Algorithm at 384 bits) Unified CM Options: AES128_SHA1 (only option prior to ) AES128_GCM_SHA256 ( ) AES256_GCM_SHA384 ( ) BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 40
41 Cipher Suites Unified CM SIP TLS Strongest AES-256 SHA-384 only: RSA preferred ECDHE_RSA with AES256_GCM_SHA384 ECDHE_ECDSA with AES256_GCM_SHA384 Strongest AES 256-SHA-384 only: ECDSA preferred ECDHE_ECDSA with AES256_GCM_SHA384 ECDHE_RSA with AES256_GCM_SHA384 Medium AES-256 AES-128 only: RSA preferred ECDHE_RSA with AES256_GCM_SHA384 ECDHE_ECDSA with AES256_GCM_SHA384 ECDHE_RSA with AES128_GCM_SHA256 ECDHE_ECDSA with AES128_GCM_SHA256 Medium AES-256 AES-128 only: RSA preferred ECDHE_ECDSA with AES256_GCM_SHA384 ECDHE_RSA with AES256_GCM_SHA384 ECDHE_ECDSA with AES128_GCM_SHA256 ECDHE_RSA with AES128_GCM_SHA256 All Ciphers RSA preferred (default) ECDHE_RSA with AES256_GCM_SHA384 ECDHE_ECDSA with AES256_GCM_SHA384 ECDHE_RSA with AES128_GCM_SHA256 ECDHE_ECDSA with AES128_GCM_SHA256 RSA with AES_128_CBC-SHA1 All Ciphers ECDSA preferred ECDHE_ECDSA with AES256_GCM_SHA384 ECDHE_RSA with AES256_GCM_SHA384 ECDHE_ECDSA with AES128_GCM_SHA256 ECDHE_RSA with AES128_GCM_SHA256 RSA with AES_128_CBC-SHA1 General Recommendation: Use default setting BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 41
42 Cipher Suites Unified CM SRTP Prior to Unified CM , SIP trunks and SIP Lines only supported SHA1 based media encryption ciphers AES_CM_128-SHA1 Version introduces support for new GCM (Galois/Counter Mode) ciphers providing AEAD (Authentication Encryption with Associated Data) AEAD_AES_256_GCM AEAD_AES_128_GCM New ciphers are available by default on upgrade to Unified CM Highest strength cipher will be offered or negotiated by default SHA1 based SRTP cipher compatibility remains for non-sip devices BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 42
43 Cipher Suites Unified CM SRTP Strongest- AEAD AES-256 GCM cipher only AEAD AES-256 GCM-based cipher Medium- AEAD AES-256 GCM AES-128 GCM ciphers only AEAD AES-256 GCM AEAD AES-128 GCM All supported Ciphers (default) AEAD AES-256 GCM AEAD AES-128 GCM AES_CM_128-SHA1 ciphers General Recommendation: Use default setting BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 43
44 Verify Supported Cipher Suites on Endpoints BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 44
45 Certificate Management
46 Why Do We Need Certificates? What is a Digital Certificate? Includes public key and name of the certificate holder, signature Goal Authentication and encryption Two types of authentication One-way authentication With Web browsers or with Jabber login (UDS, XMPP, Unity Connection visual voice mail) Two-way authentication Endpoints in encrypted mode, MTLS trunks (e.g. Unified CM SIP trunk to Expressway) BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 46
47 Endpoint Certificates Certificate Type MIC Manufacturer Installed Certificate LSC Locally Significant Certificate Required for Media/Signaling encryption and TFTP config file encryption Also can be used for phone VPN and 802.1x When both LSC and MIC are installed on a device, LSC takes preference BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 47
48 Endpoint Certificates - MIC Cisco CA MIC Manufacturer Installed Certificate Manufacturer Installed Certificate (MIC)» Cisco IP Phones ship from the factory with a unique MIC pre-installed» MIC is valid for 10 years» No certificate revocation support Notes: New Manufacturing SHA2 CA: signs Cisco s newest IP Phones (88xx) Unified CM 10.5(1)+ includes and trusts the new SHA2 certificates For older Unified CM release, download the SHA2 CA certificates at No MIC on Jabber 88xx BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 48
49 Endpoint Certificates - LSC CAPF Service LSC Locally Significant Certificate Locally Significant Certificates (LSC)» LSC signed by Certificate Authority Proxy Function (CAPF) Service running on Unified CM Publisher (or signed by external CA)» Preferred certificate for endpoint identity» Endpoint support includes IP Phones, TelePresence, Jabber clients» LSC can be installed, re-issued, deleted in bulk with Unified CM Bulk Admin Tool Enhancements in Unified CM 11.5» LSC signed by CAPF valid for up to 5 years (validity configurable in 11.5, used to be fixed at 5 years)» Can track certificate expiration (new in 11.5, used to require paper process)» SHA2 support» RSA key length up to 4096 (used to be up to 2048). Use Cisco Unified Reporting to verify phone support New in 11.5 Only LSC are available with Jabber. LSCs required for configuration file signature and signaling/media encryption (except for Jabber over MRA) BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 49
50 Endpoint Certificates - MIC vs. LSC MIC: Out of box certificate. Goal is to prove the phone is a genuine Cisco phone But MIC is not specific to your own Unified CM cluster It doesn t prove the phone is part of your Unified CM cluster MIC cannot be customized/updated/deleted Recommendation: Use MIC certificates to authenticate with CAPF for LSC certificate installation Use LSC for everything else (SIP TLS, VPN, 802.1x) BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 50
51 MRA with End-to-End Encryption Media and Signaling always encrypted SIP TLS SIP TLS SIP TLS For MRA end-to-end encryption, encryption inside the enterprise requires Unified CM in mixed mode and encrypted phone security profile, as usual But Expressway-C certificate is used (not the endpoint certificate) With Jabber using MRA, CAPF enrollment not required (LSC not required) Notes: Expressway- C DMZ Firewall SRTP Expressway-E External Firewall Also works for DX and TC series endpoints TFTP encrypted config still not supported for any MRA clients BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 51
52 MRA with End-to-End Encryption Expressway-C certificate is used (not the endpoint certificate) Phone security profiles of the MRA endpoints (in FDQN format) must be added as Subject Alternate Name (SAN) in the Expressway-C certificate With several phone types, each phone security profile must be added as SAN in the Expressway-C certificate To reduce the number of SANs in the Expressway-C certificate, a special type of Phone Security Profile can be used independently of the phone type: Universal Device Template. BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 52
53 Unified CM Certificates Unified CM includes the certificate types:» Tomcat RSA and ECDSA (new in 11.5): web services» CallManager RSA and ECDSA (new in 11.0): SIP/SCCP TLS, TFTP config signing, etc.)» CAPF (CA cert used to sign LSC, only employed on the publisher)» IPSEC (ipsec tunnels to non-sip gateways or other Unified CM)» TVS (Trust Verification Service, security by default)» ITLRecovery (used as trust anchor to recover trust with endpoints) Notes: Default to self-signed certificates, valid for 5 years (except ITLRecovery valid for 20 years) Option to have signed by 3 rd party CA Key length: RSA certificates: key length up to 4096 (up to 2048 prior to 11.5), SHA1 or SHA256 ECDSA certificates: key length up to 521 and hash up to SHA512 BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 53
54 CA-signed Certificates In order to establish trust: Need to import remote certificate in the local trust store Otherwise, warning message or communications not established With certificates signed by an external Certification Authority (CA), only the CA certificate needs to be imported into the trust store. This simplifies management Note: Not all certificates need to be signed by a CA. Example: Unified CM TVS, CAPF, ITLRecovery Recommendation: Use CA-signed certificates for: Tomcat (Unified CM, IM&P, Unity Connection) CallManager, XMPP, XMPP-S2S certificates, Expressway, Conductor, and TelePresence Server BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 54
55 Multi-Server Certificate Support Unified CM Cluster One CA-signed Multi-Server certificate for the entire Unified CM cluster Unified CM nodes IM&P nodes To simplify certificate management in clustered environments One single CA signed certificate and private key across all nodes in a cluster Each cluster node s FQDN included as Subject Alternative Name (SAN) in a single certificate, custom SANs can also be included Recommendation: Use Multi-Server certificates wherever available: Tomcat/Tomcat-ECDSA for Unified CM/IM&P and CUC, CallManager, CUP-XMPP, CUP- XMPP-S2S BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 55
56 Public vs. Private CA SSL Certificates for Cisco Collaboration Infrastructure can be signed by public CAs (GeoTrust, Verisign/Symantec, GoDaddy, etc.) or by an organization s private CA* (Microsoft CA, DogTag, openssl, etc.) The tradeoff between the two options typically comes down to cost Public CAs have a higher cost per certificate, but are broadly trusted in browsers and beyond Your organization s private CA typically has a minimal cost per cert (if not $0) but are not broadly trusted, so the cost involves maintaining the private CA and distributing the trusted CA certificate to end users and devices via MDM, MS Group Policy, etc. Recommendation: - Public CA for Expressway-E certificates Public CA signed certificate - contained in firmware and most mobile devices - Your choice for the other certificates BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 56
57 How Do Endpoints Trust Servers? CTL/ITL CTL and ITL are signed files that contains a list of Unified CM certificates that the endpoint can trust Which file is present in Unified CM cluster? With Unified CM non-secure mode: ITL file only With Unified CM in mixed-mode: CTL + ITL files When an endpoint boots/resets, it requests: Certificate Trust List (CTL) file first (if Unified CM is in mixed-mode), then Initial Trust List (ITL) file Signature Endpoints verify the signature of the CTL/ITL With MRA: Endpoints verify Expressway-E certificate using the root CA certificates embedded in their firmware BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 57
58 WebEx Supported CAs Video CMR CMR Certificates Recommended Best Practice Current WebEx Certificate Verisign Class 3 Public Primary Certification Authority entrust_ev_ca digicert_global_root_ca verisign_style_2_public_primary_ca_-_g3 godaddy_style_2_ca_root_certificate Go Daddy Root Certification Authority - G2 verisign_style_3_public_primary_ca_-_g5 verisign_style_3_public_primary_ca_-_g3 dst_root_ca_x3 verisign_style_3_public_primary_ca_-_g2 equifax_secure_ca entrust_2048_ca* verisign_style_1_public_primary_ca_-_g3 ca_cert_signing_authority geotrust_global_ca globalsign_root_ca thawte_primary_root_ca geotrust_primary_ca addtrust_external_ca_root QuoVadis Root CA 2 Root Public CA Reference Signed Expressway-E Cert Public CA Verisign Class 3 Public Primary Certification Authority VeriSign Class 3 Primary CA - G5 VeriSign Class 3 Public Primary CA - G3 QuoVadis Root CA 2 Reference BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 58
59 Monitor Certificate Expiration Monitor the server certificate expiration (OS Administration page) Monitor LSC certificate expiration (new in 11.5) BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 59
60 Receive Certificate Expiration Notifications New in 11.5 Receive notifications when certificates are about to expire For server certificates and for LSC certificates (since 11.5) BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 60
61 Conclusion
62 Conclusion Security in Layer Physical security, network security, host access security, encryption Protection against toll-fraud Monitor CDR, logs, search history Encryption Encrypt admin interfaces, SIP trunks, LDAP Enable Unified CM mixed-mode and encrypt media and signaling for the endpoints For multi-cluster deployment, encrypt ILS and LBM-LBM communications Certificates Endpoints: Use LSCs for SIP TLS, 802.1x, VPN. Only use MIC to get a LSC Get some certificates signed by a CA: Tomcat, CallManager, XMPP, Expressway, TelePresence Expressway-E certificates to be signed by a public CA Use multi-server certificates wherever possible BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 62
63 Conclusion Your journey to secure your deployment does not stop here Establish a good security policy Stay up-to-date on the latest security news and upgrade / install security updates when applicable Cisco Security Center Latest threat information Product Security Incident Response Team (PSIRT) Security advisories and responses Get Notifications BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 63
64 Preferred Architectures Links Contact us via Mid-Market and Enterprise PA Documents: Cisco Preferred Architecture for Enterprise Collaboration 11.x, Design Overview - June Cisco Preferred Architecture for Enterprise Collaboration 11.x, CVD Nov DCloud: Cisco Preferred Architecture for Enterprise Collaboration 10.6 v1 Collaboration Cisco Preferred Architecture for Enterprise Collaboration Design Overview 11.0 BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 64
65 Related Sessions BRKUCC-1612: A solution Architect s Guide to Collaboration Security Monday, 8am BRKCOL-2614: Technical Overview of Preferred Architecture for Enterprise Collaboration, Tuesday, 1:30pm BRKUCC-2224: Deploying and Troubleshooting Secure UC Solution Tuesday, 8am BRKUCC-2501: Cisco UC Manager security Wednesday, 8am BRKUCC-2801: Cisco Expressway at the Collaboration Edge design session Tuesday, 1:30pm BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 65
66 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card. Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 66
67 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 67
68 Please join us for the Service Provider Innovation Talk featuring: Yvette Kanouff Senior Vice President and General Manager, SP Business Joe Cozzolino Senior Vice President, Cisco Services Thursday, July 14 th, :30 am - 12:30pm, In the Oceanside A room What to expect from this innovation talk Insights on market trends and forecasts Preview of key technologies and capabilities Innovative demonstrations of the latest and greatest products Better understanding of how Cisco can help you succeed Register to attend the session live now or watch the broadcast on cisco.com
69 Join the Customer Connection Program 19,000+ Members Strong Influence product direction Access to early adopter & beta trials Monthly technical & roadmap briefings Connect in private online community Exclusive perks at Cisco Live Collaboration NDA Roadmap Sessions Mon & Tues Q&A Open Forum with Collaboration Product Management Tues 4:00 5:30 Reserved seats at Collaboration Innovation Talk Thurs 8:00am 9:00am 2 new CCP tracks launching at Cisco Live: Security & Enterprise Networks Join in World of Solutions Collaboration zone Join at the Customer Connection stand New member thank-you gift * CCP ribbon for access to NDA sessions Join Online Come to Collaboration zone to get your ribbon and new member gift * While supplies last BRKCOL Cisco and/or its affiliates. All rights reserved. Cisco Public 69
70 Thank you
71
Understanding Cisco Unified Communications Security
Cisco Support Community Presents Tech-Talk Series Understanding Cisco Unified Communications Security Akhil Behl Solutions Architect, akbehl@cisco.com Author of Securing Cisco IP Telephony Networks 2010
More informationDeploying B2B URI Dialing with Cisco UC Manager and VCS Expressway Solution
Deploying B2B URI Dialing with Cisco UC Manager and VCS Expressway Solution Kevin Roarty, Technical Marketing Engineer John Burnett, Technical Marketing Engineer Abstract With the 9.0 release of Cisco
More informationSecuring Unified Communications and Certificate Deep Dive. Ryan Ratliff, Technical Leader - Services
Securing Unified Communications and Certificate Deep Dive Ryan Ratliff, Technical Leader - Services Abstract Cisco Unified Communications Manager has a robust set of security features that allow for an
More informationTLS Setup. TLS Overview. TLS Prerequisites
Setup Overview, page 1 Prerequisites, page 1 Configuration Task Flow, page 2 Interactions and Restrictions, page 8 Overview Transport Layer Security () provides secure and reliable signaling and data transfer
More informationUnified Communications Mobile and Remote Access via Cisco Expressway
Unified Communications Mobile and Remote Access via Cisco Expressway Deployment Guide Cisco Expressway X8.1.1 or later Cisco Unified CM 9.1(2)SU1 or later D15068.01 April 2014 Contents Mobile and remote
More informationCisco Tetration Analytics
Cisco Tetration Analytics Real-time application visibility and policy management using advanced analytics Yogesh Kaushik, Sr. Director Product Management PSOACI-2100 Agenda Market context Introduction:
More informationBRKCOC-2399 Inside Cisco IT: Integrating Spark with existing large deployments
Inside Cisco IT: Integrating Spark with existing large deployments Jan Seynaeve, Sr. Collaborations Engineer Luke Clifford, Sr. Collaborations Engineer Cisco Spark How Questions? Use Cisco Spark to communicate
More informationMobile and Remote Access Through Cisco Expressway
Mobile and Remote Access Through Cisco Expressway Deployment Guide First Published: April 2014 Last Updated: April 2016 Cisco Expressway X8.7 Cisco Unified CM 9.1(2)SU1 or later Cisco Systems, Inc. www.cisco.com
More informationUnified Communications Mobile and Remote Access via Cisco VCS
Unified Communications Mobile and Remote Access via Cisco VCS Deployment Guide Cisco VCS X8.5.2 Cisco Unified CM 9.1(2)SU1 or later April 2015 Contents Mobile and remote access overview 5 Jabber client
More informationConfiguration Example for Secure SIP Integration Between CUCM and CUC based on Next Generation Encryption (NGE)
Configuration Example for Secure SIP Integration Between CUCM and CUC based on Next Generation Encryption (NGE) Contents Introduction Prerequisites Requirements Network Diagram Certificate requirements
More informationUnified Communications Mobile and Remote Access via Cisco Expressway
Unified Communications Mobile and Remote Access via Cisco Expressway Deployment Guide Cisco Expressway X8.5.3 Cisco Unified CM 9.1(2)SU1 or later June 2015 Contents Mobile and remote access overview 5
More informationCisco Desktop Collaboration Experience DX650 Security Overview
White Paper Cisco Desktop Collaboration Experience DX650 Security Overview Cisco Desktop Collaboration Experience DX650 Security Overview The Cisco Desktop Collaboration Experience DX650 (Cisco DX650)
More informationEncrypted Phone Configuration File Setup
This chapter provides information about encrypted phone configuration files setup. After you configure security-related settings, the phone configuration file contains sensitive information, such as digest
More informationExpressway for Mobile and Remote Access Deployments, page 1 Cisco AnyConnect Deployments, page 9 Survivable Remote Site Telephony, page 17
Expressway for Mobile and Deployments, page 1 Cisco AnyConnect Deployments, page 9 Survivable Remote Site Telephony, page 17 Expressway for Mobile and Deployments Expressway for Mobile and for Cisco Unified
More informationCisco IP Phone Security
Overview, page 1 Security Enhancements for Your Phone Network, page 2 View the Current Security Features on the Phone, page 2 View Security Profiles, page 3 Supported Security Features, page 3 Overview
More informationConfigure Mobile and Remote Access
Mobile and Remote Access Overview, on page 1 Mobile and Remote Access Prerequisites, on page 3 Mobile and Remote Access Configuration Task Flow, on page 4 Mobile and Remote Access Overview Cisco Unified
More informationMobile and Remote Access Through Cisco Expressway
Mobile and Remote Access Through Cisco Expressway Deployment Guide First Published: April 2014 Last Updated: November 2017 Cisco Expressway X8.8.n Cisco Unified Communications Manager 9.1(2)SU4 or later
More informationSimplifying Collaboration Deployments with Prime Collaboration
Simplifying Collaboration Deployments with Prime Collaboration Jose Gregorio Linero Welcker, Technical Solutions Architect Latam MCO CCIE Collaboration # 24857 Cisco Spark How Questions? Use Cisco Spark
More informationConfigure Centralized Deployment
Centralized Deployment Overview, on page 1 Centralized Deployment Prerequisites, on page 4 Centralized Deployment Configuration Task Flow, on page 6 Centralized Deployment Field Descriptions, on page 16
More informationMobile and Remote Access Through Cisco Video Communication Server
Mobile and Remote Access Through Cisco Video Communication Server Deployment Guide First Published: April 2014 Last Updated: June 2017 Cisco VCS X8.8.n Cisco Unified Communications Manager 9.1(2)SU4 or
More informationCisco Hosted Collaboration Solution (HCS) and Cisco Collaboration Cloud
Cisco Hosted Collaboration Solution (HCS) and Cisco Collaboration Cloud Tony Reyes Technical Solutions Architect Chuck Millet - Technical Solutions Architect PSOCOL-1020 Agenda Cisco Hosted Collaboration
More informationConfigure Voice and Video Communication
s for On-Premises Deployments, page 1 for Cloud-Based Deployments, page 23 s for On-Premises Deployments Command or Action Purpose Install Cisco Options Package File for Devices, on page 2. Complete this
More informationSetting Up a Cisco Unified Communications Manager SIP Trunk Integration, page 1
Up a Cisco Unified Communications Manager SIP Trunk Integration This chapter provides instructions for setting up a Cisco Unified Communications Manager SIP trunk integration with Cisco Unity Connection.
More informationDEMO QUESTION 1 An engineer is performing an international multisite deployment and wants to create an effective backup method to access TEHO destinat
Vendor: Cisco Exam Code: 300-075 Exam Name: Implementing Cisco IP Telephony & Video, Part 2(CIPTV2) Version: Demo DEMO QUESTION 1 An engineer is performing an international multisite deployment and wants
More informationCisco DX Series Video Endpoints: Best Practices for Desktop Collaboration Enablement David Scott Technical Marketing Engineer BRKCOL-2608
Cisco DX Series Video Endpoints: Best Practices for Desktop Collaboration Enablement David Scott Technical Marketing Engineer BRKCOL-2608 Agenda Product Overview Deployment Considerations Expressway Mobile
More informationCompatibility Matrix for Cisco Unified Communications Manager and the IM and Presence Service, Release 11.5(1)SU5
Compatibility Matrix for Cisco Unified Communications Manager and the IM and Presence Service, Release 11.5(1)SU5 Compatibility Matrix for Cisco Unified Communications Manager and the IM and Presence Service
More informationBRKCOL-2614 Technical Overview of the Preferred Architecture for Enterprise Collaboration 12.0
BRKCOL-2614 Technical Overview of the Preferred Architecture for Enterprise Collaboration 12.0 Glen Lavers, Technical Marketing Engineer BRKCOL-2614: Technical Overview of the Preferred Architecture for
More informationCCNA Voice. Unified Communications Overview.
CCNA Voice Unified Communications Overview www.ine.com Cisco UC Components Unified Call Control Cisco Unified Communications Manager Cisco Unified Communications Manager Express Unified Messaging Cisco
More informationMigrating from VCS to CUCM
Migrating from VCS to CUCM Dean Lane Systems Engineer #clmel Abstract CUCM 10.x - is a true Call control platform for Voice and Video Collaboration. This session discusses the migration of existing VCS
More informationCisco TelePresence Conductor with Cisco Unified Communications Manager
Cisco TelePresence Conductor with Cisco Unified Communications Manager Deployment Guide TelePresence Conductor XC4.0 Unified CM 10.5(2) January 2016 Contents Introduction 6 About this document 6 Related
More informationMultiparty Conferencing for Audio, Video and Web Collaboration using Cisco Meeting Server
Multiparty Conferencing for Audio, Video and Web Collaboration using Cisco Meeting Server Paul Giralt (pgiralt@cisco.com) Markus Schneider (marschne@cisco.com) LTRCOL-2250 Agenda Cisco Meeting Server Overview
More informationCommand or Action Step 1. Create and Configure Cisco Jabber Devices, on page 1. Configure a SIP Trunk, on page 6
s Workflow, page 1 s Workflow Command or Action Purpose Create and Configure Cisco Jabber Devices, on page 1 Create at least one device for every user that will access Cisco Jabber. Configure a SIP Trunk,
More informationCisco IP Communicator Deployment Preparation
This chapter describes the required and recommended tasks for deploying Cisco IP Communicator. It also provides instructions for adding Cisco IP Communicator devices to the Cisco Unified Communications
More informationCisco CTL Client Setup
This chapter provides information about Cisco CTL client setup. About, page 2 Addition of Second SAST Role in the CTL File for Recovery, page 2 Cluster Encryption Configuration Through CLI, page 3 Remove
More informationCisco Unified Communications XMPP Federation
Cisco Unified Communications XMPP Federation Deployment Guide First Published: December 2014 Last Updated: March 2018 Cisco Expressway X8.10 IM and Presence Service 9.1.1 or later Cisco Systems, Inc. www.cisco.com
More informationConfigure Call Control
Call Control Overview, page 1 Cisco Expressway and TelePresence Configuration Tasks, page 2 Configuring Cisco Unified Communications Manager, page 5 Provisioning Endpoint Display Names, page 10 Call Control
More informationMobile and Remote Access Through Cisco Expressway
Mobile and Remote Access Through Cisco Expressway Deployment Guide First Published: April 2014 Last Updated: December 2016 Cisco Expressway X8.9.n Cisco Unified Communications Manager 10 or later Cisco
More informationConfigure Cisco IP Phones
Cisco IP Phones Overview, page 1 Cisco IP Phones Configuration Task Flow, page 1 Cisco IP Phones Overview Cisco Unified IP Phones are full-featured telephones that provide voice communication over an IP
More informationMobile and Remote Access Through Cisco Expressway
Mobile and Remote Access Through Cisco Expressway Deployment Guide First Published: April 2014 Last Updated: November 2017 Cisco Expressway X8.10 Cisco Systems, Inc. www.cisco.com 2 Contents Preface 5
More informationCisco TelePresence Conductor with Unified CM
Cisco TelePresence Conductor with Unified CM Deployment Guide TelePresence Conductor XC3.0 Unified CM 10.x Revised February 2015 Contents Introduction 5 About this document 5 Related documentation 5 About
More informationMobile and Remote Access Through Cisco Video Communication Server
Mobile and Remote Access Through Cisco Video Communication Server Deployment Guide First Published: April 2014 Last Updated: July 2017 Cisco VCS X8.9.n Cisco Unified Communications Manager 10 or later
More informationImplementing Jabber with VCS-Expressway and MRA
6210 Central Ave, Portage, IN. 46368 Phone: 219.764.3800 Fax: 219.764.3805 Web: http://www.ctclc.com Implementing Jabber with VCS-Expressway and MRA This is a three day instructor-led course that focuses
More informationCAPPS: Implementing Cisco Collaboration Applications v1
Course Objectives Implement Cisco Unity Connection in a Cisco Unified Communications Manager deployment Describe how to implement Cisco Unity Express in a Cisco Unified Communications Manager Express deployment
More informationCisco Collaboration Mid-Market architecture with BE6K and BE7K
Cisco Collaboration Mid-Market architecture with BE6K and BE7K Simple. Affordable. Scalable. Radoslav Tsochev Systems Engineer rtsochev@cisco.com C97-728752-01 2013 Cisco and/or its affiliates. All rights
More informationCisco Unified Communications Manager TCP and UDP Port
Cisco TCP and UDP Port Usage This chapter provides a list of the TCP and UDP ports that Cisco uses for intracluster connections and for communication with external applications or devices. You will also
More informationPhone Security. Phone Security. This chapter provides information about phone security.
This chapter provides information about phone security., page 1 Trusted Devices, page 2 Phone Model Support, page 3 Preferred Vendor SIP Set Up, page 4 View Settings, page 5 Set Up, page 5 Interactions
More informationMobile and Remote Access Through Cisco Video Communication Server
Mobile and Remote Access Through Cisco Video Communication Server Deployment Guide First Published: April 2014 Last Updated: September 2017 Cisco VCS X8.10 Cisco Systems, Inc. www.cisco.com 2 Contents
More informationCisco WebEx Meeting Center Enterprise Deployment Guide for Video Device-Enabled Meetings (WBS31 and WBS32)
Cisco WebEx Meeting Center Enterprise Deployment Guide for Video Device-Enabled Meetings (WBS31 and First Published: 2015-09-23 Last Modified: 2018-03-09 Americas Headquarters Cisco Systems, Inc. 170 West
More informationOpenStack Enabling DevOps Shannon McFarland CCIE #5245 Distinguished DEVNET-1104
OpenStack Enabling DevOps Shannon McFarland CCIE #5245 Distinguished Engineer @eyepv6 DEVNET-1104 Agenda Introduction DevOps OpenStack Virtualization CI/CD Pipeline Orchestration Conclusion What is DevOps?
More informationInternet Protocol Version 6 (IPv6)
This chapter provides information about Internet Protocol version 6 (IPv6), which is the latest version of the Internet Protocol (IP). Packets are used to exchange data, voice, and video traffic over dual-stack
More informationPreparing to Deploy Cisco IP Communicator
CHAPTER 2 Revised: 1/19/11 This chapter describes the required and recommended tasks for deploying Cisco IP Communicator. It also provides instructions for adding Cisco IP Communicator devices to the Cisco
More informationexamcollection.premium.exam.161q
300-075.examcollection.premium.exam.161q Number: 300-075 Passing Score: 800 Time Limit: 120 min File Version: 6.0 300-075 Implementing Cisco IP Telephony & Video, Part 2 v1.0 Version 6.0 Exam A QUESTION
More informationJabber for Windows - Quick Start Guide
Jabber for Windows - Quick Start Guide Contents Introduction Prerequisites Software Requirements Hardware Requirements Configuring Phone Services Jabber Softphone Jabber Deskphone Deskphone Configuration
More informationCisco TelePresence Conductor with Cisco Unified Communications Manager
Cisco TelePresence Conductor with Cisco Unified Communications Manager Deployment Guide XC2.2 Unified CM 8.6.2 and 9.x D14998.09 Revised March 2014 Contents Introduction 4 About this document 4 Further
More informationVRF, MPLS and MP-BGP Fundamentals
VRF, MPLS and MP-BGP Fundamentals Jason Gooley, CCIEx2 (RS, SP) #38759 Twitter: @ccie38759 LinkedIn: http://www.linkedin.com/in/jgooley Agenda Introduction to Virtualization VRF-Lite MPLS & BGP Free Core
More informationCisco Unified Communications Manager TCP and UDP Port
Cisco TCP and UDP Port Usage This chapter provides a list of the TCP and UDP ports that Cisco uses for intracluster connections and for communication with external applications or devices. You will also
More informationMobile and Remote Access Through Cisco Expressway
Mobile and Remote Access Through Cisco Expressway Deployment Guide First Published: April 2014 Last Updated: September 2018 Cisco Expressway X8.11.1 Cisco Systems, Inc. www.cisco.com 2 Contents Preface
More informationDeploying TelePresence and Video Endpoints on Unified Communications Manager
Deploying TelePresence and Video Endpoints on Unified Communications Manager Kevin McMenamy Principal Engineer For the latest version of this deck, please see ftp://ftpeng.cisco.com/kevinmcm Abstract This
More informationFederating Cisco Jabber
Federating Cisco Jabber Paul O Dwyer Cisco Jabber Overview Federation Models What Business Case are you trying to solve? Protocol Flows Support and Feature Matrix What About Third Party Clients? Future
More informationDeploy Webex Video Mesh
Video Mesh Deployment Task Flow, on page 1 Install Webex Video Mesh Node Software, on page 2 Log in to the Webex Video Mesh Node Console, on page 4 Set the Network Configuration of the Webex Video Mesh
More informationMobile and Remote Access Through Cisco Expressway
Mobile and Remote Access Through Cisco Expressway Deployment Guide First Published: April 2014 Last Updated: December 2018 Cisco Expressway X8.11.4 Cisco Systems, Inc. www.cisco.com 2 Contents Preface
More informationCisco Unified CM SIP Trunking, Session Management, and Global Dial Plan Replication
LTRUCC-2150 Cisco Unified CM SIP Trunking, Session Management, and Global Dial Plan Replication Paul Giralt - @PaulGiralt Markus Schneider - @Markus73 Agenda Objectives Technology Overview Unified CM Session
More informationCCNP COLLABORATION. Cisco Certified Network Professional Collaboration
Cisco Certified Network Professional Collaboration O V E R VIE W For collaboration and unified communications network engineers who want develop advanced collaboration skills designing, deploying, configuring,
More informationInternet Protocol Version 6 (IPv6)
CHAPTER 29 Internet Protocol version 6 (IPv6), which is the latest version of the Internet Protocol (IP) that uses packets to exchange data, voice, and video traffic over digital networks, increases the
More informationCisco TelePresence Endpoints and Cisco Unified Communications Manager
Cisco TelePresence Endpoints and Cisco Unified Communications Manager Contents Introduction CUCM configuration Endpoint configuration Appendices Contact Cisco TelePresence MX Series Cisco TelePresence
More informationcisco. Number: Passing Score: 800 Time Limit: 120 min.
500-006 cisco Number: 500-006 Passing Score: 800 Time Limit: 120 min Question Set 1 QUESTION 1 How many conferencing bridges can a single full-capacity Cisco TelePresence Conductor support? A. 1 B. 10
More informationSIMPLE (SIP for Instant Messaging and Presence Leveraging Extensions Used by CM-IMP. XMPP (extensible Messaging and Presence Protocol) Used by CM-IMP
Rev. 20170312.203116 14. IM and Presence c cnac o okbook.com C M - I M P CM-IMP (cisco Communications Manager IM and Presence server) Tightly integrated with CUCM. Extends the presence capabilities native
More informationUnified Communications Manager FAQ
Unified Communications Manager FAQ Document ID: 111900 Contents Introduction Is it possible to control the quota for outside calls with Cisco Unified Communications Manager? How many calls can be handled
More informationINTEGRATING CISCO UNIFIED COMMUNICATIONS APPLICATIONS
INTEGRATING CISCO UNIFIED COMMUNICATIONS APPLICATIONS V1.0 (CAPPS) COURSE OVERVIEW: Integrating Cisco Unified Communications Applications (CAPPS) v1.0 prepares the learner for integrating Cisco Unity Connection,
More informationSecurity and Certificates
Encryption, page 1 Voice and Video Encryption, page 6 Federal Information Processing Standards, page 6 Certificate Validation, page 6 Required Certificates for On-Premises Servers, page 7 Certificate Requirements
More informationFirewalls for Secure Unified Communications
Firewalls for Secure Unified Communications Positioning Guide 2008 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 12 Firewall protection for call control
More informationUnified Communications Security: Design and Best Practices
Unified Communications Security: Design and Best Practices 2 Agenda Security Requirements for Unified Communications Unified Communications System Environment Defining Attacks on UC Systems Access Layer
More informationTest-king. Number: Passing Score: 800 Time Limit: 120 min File Version:
300-075 Test-king Number: 300-075 Passing Score: 800 Time Limit: 120 min File Version: 14.1 http://www.gratisexam.com/ 300-075 Implementing Cisco IP Telephony & Video, Part 2 v1.0 Version 14.1 Exam A QUESTION
More informationCisco Exam Questions & Answers
Cisco 648-375 Exam Questions & Answers Number: 648-375 Passing Score: 800 Time Limit: 120 min File Version: 22.1 http://www.gratisexam.com/ Cisco 648-375 Exam Questions & Answers Exam Name: Cisco Express
More informationEnabling External Collaboration and Federation with Expressway
BRKUCC-2801 Enabling External Collaboration and Federation with Expressway Kevin Roarty, Technical Marketing Engineer Cisco Collaboration Cisco Spark How Questions? Use Cisco Spark to communicate with
More informationChapter 5. Security Components and Considerations.
Chapter 5. Security Components and Considerations. Technology Brief Virtualization and Cloud Security Virtualization concept is taking major portion in current Data Center environments in order to reduce
More informationCisco TelePresence Video Communication Server Basic Configuration (Control with Expressway)
Cisco TelePresence Video Communication Server Basic Configuration (Control with Expressway) Deployment Guide Cisco VCS X8.6 July 2015 Contents Introduction 4 Example network deployment 5 Network elements
More informationIntegrate Microsoft Office Communicator and Microsoft Lync Clients for Cisco UC
Integrate Microsoft Office Communicator and Microsoft Lync Clients for Cisco UC Overview, page 1 Limitations and considerations, page 2 Cisco UC Integration for Microsoft Office Communicator client design
More informationCisco Meeting Server. Cisco Meeting Server Release 2.3. with Cisco Unified Communications Manager Deployment Guide
Cisco Meeting Server Cisco Meeting Server Release 2.3 with Cisco Unified Communications Manager Deployment Guide May 11, 2018 Cisco Systems, Inc. www.cisco.com Contents Change History 4 1 Introduction
More informationCisco Spark Hybrid Call Services Architecture and Design
BRKCOL-2202 Cisco Spark Hybrid Call Services Architecture and Design Luca Pellegrini Technical Marketing Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationDesigning Workspace of the Future for the Mobile Worker
Designing Workspace of the Future for the Mobile Worker Paulo Jorge Correia Technical Solutions Architect Building Business Value Enable mobile workers and BYOD Locate and access remote experts Collaborate
More informationIntegrate Microsoft Office Communicator Client and Microsoft Lync Client for Cisco UC
Integrate Microsoft Office Communicator Client and Microsoft Lync Client for Cisco UC Overview, page 1 Limitations and considerations, page 2 Microsoft Office Communicator, page 3 Microsoft Lync, page
More informationInterdomain Federation Guide for IM and Presence Service on Cisco Unified Communications Manager, Release 11.5(1)SU2
Interdomain Federation Guide for IM and Presence Service on Cisco Unified Communications Manager, Release 11.5(1)SU2 First Published: 2017-11-29 Last Modified: 2017-12-01 Americas Headquarters Cisco Systems,
More informationMobile and Remote Access Through Cisco Expressway
Mobile and Remote Access Through Cisco Expressway Deployment Guide First Published: April 2014 Last Updated: February 2019 Cisco Expressway X12.5 Cisco Systems, Inc. www.cisco.com 2 Contents Preface 5
More informationDeployment Guide for Cisco Spark Hybrid Call Services
First Published: 2017-04-10 Last Modified: 2018-02-16 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
More informationCisco Jabber Deployment for Multiple CUCM and IMP clusters using single Expressway-E and C.
Cisco Jabber Deployment for Multiple CUCM and IMP clusters using single Expressway-E and C. Sushant Sharma CCIE (Collaboration, DC) INDEX Introduction:... 2 Network Diagram... 3 Devices used for this deployment:...
More informationHikCentral V1.3 for Windows Hardening Guide
HikCentral V1.3 for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1Strict Password Policy... 2 1.2Turn Off Windows Remote
More informationCMR Cloud Product Update
CMR Cloud Product Update Suresh Velayudhan, Technical Marketing Engineer July 2016 Agenda Collaboration Meeting Room Overview Reference Architecture User Experience What s New with CMR One Button to Push
More informationSetup for Cisco Unified Communications Manager
Setup for Cisco Unified Communications Manager This chapter describes how you can set up Cisco Jabber for ipad using Cisco Unified Communications Manager. System and Network Requirements, page 1 Recommended
More informationUnified Communications Manager Express Toll Fraud Prevention
Unified Communications Manager Express Toll Fraud Prevention Document ID: 107626 Contents Introduction Prerequisites Requirements Components Used Conventions Overview Internal vs. External Threats Toll
More informationDesigning Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015
Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015 What Could It Cost You? Average of $0.58 a record According to the Verizon
More informationRequirements. System Requirements
System, page 1 Network for Cisco Jabber, page 2 Compatibility, page 4 Client, page 5 Audio and Video Properties, page 6 System The minimum system requirements for running Cisco Jabber for Mac are listed
More informationCommand or Action Step 1. Create and Configure Cisco Jabber Devices, on page 1
Create Softphones Workflow, page 1 Create Softphones Workflow Command or Action Purpose Create and Configure Cisco Jabber Devices, on page 1 Create at least one device for every user that will access Cisco
More informationTechnical Overview of Cisco Preferred Architecture for Enterprise Collaboration
Technical Overview of Cisco Preferred Architecture for Enterprise Collaboration Luca Pellegrini Technical Marketing Engineer Abstract Cisco Preferred Architectures (CPAs) provide a concise set of recommendations
More informationCisco Unified Communications Domain Manager manual configuration
Cisco Unified Communications Domain Manager manual configuration This section describes how to manually configure Unified Communications Domain Manager with customer onboarding provisioning data. This
More informationDefault Security Setup
This section provides information about the default security setup. Default Security Features, page 1 Trust Verification Service, page 2 Initial Trust List, page 2 Update ITL File for IP Phones, page 4
More informationA. On the VCS, navigate to Configuration, Protocols, H.323, and set Auto Discover to off.
Volume: 383 Questions Question No: 1 Which parameter should be set to prevent H.323 endpoints from registering to Cisco TelePresence Video Communication Server automatically? A. On the VCS, navigate to
More informationCisco TelePresence Endpoints and Cisco Unified Communications Manager
Cisco TelePresence MX Series Cisco TelePresence EX Series Cisco TelePresence Codec C Series Cisco TelePresence Profile Series Cisco TelePresence Quick Set C20 Cisco TelePresence SX20 Quick Set Cisco Unified
More informationWhat's new in Cisco Collaboration: Overview of New and Changed Across the Collaboration Systems Release
What's new in Cisco Collaboration: Overview of New and Changed Across the Collaboration Systems Release Pete Kavanagh System Product Manager @petekav Cisco Spark How Questions? Use Cisco Spark to communicate
More informationHikCentral V.1.1.x for Windows Hardening Guide
HikCentral V.1.1.x for Windows Hardening Guide Contents Introduction... 1 1. The Operating System - Microsoft Windows Security Configuration... 2 1.1 Strict Password Policy... 2 1.2 Turn Off Windows Remote
More information