Cisco Systems OL-14619-01 manual Description

Page 70

Chapter 6 Integrating Cisco Unity with the Phone System

Integrating with Cisco Unified Communications Manager (by Using SCCP or SIP)

Table 6-3

Cisco Unified Communications Manager Security Features That Are Used by Cisco Unity (continued)

 

 

Security Feature

Description

 

 

Signaling

Uses cryptographic methods to protect (through encryption) the confidentiality of all SCCP signaling

encryption

messages that are sent between the Cisco Unity voice messaging ports and Cisco Unified CM.

 

Signaling encryption ensures that the information that pertains to the parties, DTMF digits that are

 

entered by the parties, call status, media encryption keys, and so on are protected against unintended

 

or unauthorized access.

 

This feature protects against:

Man-in-the-middle attacks that observe the information flow between Cisco Unified CM and the Cisco Unity voice messaging ports.

Network traffic sniffing that observes the signaling information flow between Cisco Unified CM and the Cisco Unity voice messaging ports.

Media encryption

Uses Secure Real Time Protocol (SRTP) as defined in IETF RFC 3711 to ensure that only the intended

 

recipient can interpret the media streams between Cisco Unity voice messaging ports and endpoints,

 

for example, phones or gateways. Only audio streams are encrypted. Media encryption creates a media

 

master key pair for the devices, delivers the keys to Cisco Unity and the endpoint, and secures the

 

delivery of the keys while the keys are in transport. Cisco Unity and the endpoint use the keys to

 

encrypt and decrypt the media stream.

 

This feature protects against:

Man-in-the-middle attacks that listen to the media stream between Cisco Unified CM and the Cisco Unity voice messaging ports.

Network traffic sniffing that eavesdrops on phone conversations that flow between Cisco Unified CM, the Cisco Unity voice messaging ports, and IP phones that are managed by Cisco Unified CM.

Authentication and signaling encryption are required for media encryption; that is, if the devices do not support authentication and signaling encryption, media encryption cannot occur.

Note that Cisco Unified CM authentication and encryption protects only calls to Cisco Unity. Messages recorded on the message store are not protected by Cisco Unified CM authentication and encryption but can be protected by the Cisco Unity secure messaging feature.

Note The secure messaging feature is available only when Exchange is the message store.

For more information on secure messaging, see the “Securing Subscriber Messages” chapter of the Security Guide for Cisco Unity Release 5.x (With Microsoft Exchange) at http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_maintenance_guides_list.html.

Authentication and encryption between Cisco Unity and Cisco Unified CM require:

A Cisco Unified CM CTL file that lists all Cisco Unified CM servers that are entered in Cisco Unity Telephony Integration Manager (UTIM) for secure clusters.

A Cisco Unity server root certificate for each Cisco Unity that uses authentication and/or encryption. A root certificate is valid for 20 years from the time it was created.

Cisco Unity voice messaging port device certificates that are rooted in the Cisco Unity server root certificate and that the voice messaging ports present when registering with the Cisco Unified CM server.

 

Design Guide for Cisco Unity Release 5.x

6-14

OL-14619-01

Image 70
Contents Design Guide for Cisco Unity Americas HeadquartersDesign Guide for Cisco Unity Release N T E N T S Workstations Authentication Centralized Voice Messaging Configuration Viii Audience Document ConventionsSupport Policy for Optional Third-Party Software Cisco Product Security Overview Xii Product Area Design or Feature Documentation Design Guide OverviewDesign Guide for Cisco Unity Bridge at Page Design Guide Overview Design Guide for Cisco Unity Release Cisco Unity Concepts How Cisco Unity WorksUnified Messaging Voice MessagingHardware Components of a Cisco Unity System One or More Cisco Unity Servers Cisco Unity Supported Platforms List atNetwork Connection Optional for Some Configurations Voice Messages Are Stored in Domino or Exchange Where Cisco Unity Stores DataSoftware Components of a Cisco Unity System DominoExchange Enabling Cisco Unity Servers to Communicate with One Another Networking Guide for Cisco Unity at Some Configuration Settings Are Stored in the Registry Name Resolution Availability of Network ResourcesDomain Controller Access and Availability Availability of Message Store ServersUsing Firewalls with Cisco Unity Sizing and Scaling Cisco Unity ServersStorage Capacity for Voice Messages Number of Voice PortsAudio Codecs How Codecs Affect the File Size of Voice MessagesAudio Codec TTS, TTY, Pocket PCs, and Hand-Held ComputersInteroperability Among Multiple Voice-Messaging Systems Quality RatingDeployment Models Unified Messaging with Customer-Provided Infrastructure Voice Messaging with Customer-Provided Infrastructure Multi-Site WAN with Distributed MessagingPhysical Placement and Network Infrastructure Considerations for Customer-Provided Infrastructure Active Directory ConsiderationsDesign Guide for Cisco Unity Release Exchange Considerations All Versions Exchange Considerations That Apply Only Exchange Considerations for Cisco-Provided, Dedicated Infrastructure OL-14619-01 Overview of Cisco Unity with Domino and Notes Maximum Number of Cisco Unity Subscribers Domino Address Book TerminologyChanges That csAdmin Makes to the Domino Address Book Element NameChanges That csClient Makes to the Mail File Server Placement Windows Domains and Domino DomainsAuthentication Active Directory Accounts and PermissionsCisco Unity Subscribers and Domino Users Domino PermissionsDomino Clusters Message Routing Client Access LicensesCisco Unity and the Domino Address Book Backing Up and Restoring DataUnified Messaging, No Domino Cluster Unified Messaging ConfigurationsServers Requirements and Recommendations Criteria for a Supported Configuration Voice Messaging ConfigurationUnified Messaging, Domino Cluster Deploying Cisco Unity for Lotus Domino Deployment Tasks for Unified Messaging Configurations Administrative Access and ControlNetwork Services Establishing Support PoliciesOperational Tasks Design Guide for Cisco Unity Release Integrating Cisco Unity with the Phone System OverviewHow an Integration Works Integration with Cisco Unified Communications Manager Lines and Cables to Make Physical ConnectionsDigital Integration with Digital Pimg Units Dtmf Integration with Analog Pimg Units Timg Integration LAN/WANDtmf Integration with Voice Cards Serial Integration with Voice CardsSettings in the Phone System and in Cisco Unity Connections for a Serial Integration by Using Voice CardsCall Control General Integration Issues Feature Sccp SIPIntegrating Cisco Unity with the Phone System Option Considerations Cisco Unified Communications Manager Security Features DescriptionDescription When Data Is Encrypted Setting EffectSettings for Individual Voice Messaging Ports Disabling and Re-Enabling SecurityPacketization Sccp Integrations Only Sccp SIP Cisco 11 Cisco Unified Communications Manager Fallback with Pstn Cisco Unity to a branch office will fail Integrating by Using SIP Cisco Unity Failover with SIP Trunks Supported SIP IntegrationsSIP Compliance Description of Pimg Integrations Dtmf Integration with Analog Pimg Units Description of Timg Integrations Setup and Configuration Firmware Updates Serial IntegrationsIncreasing Port Capacity Cisco Unity FailoverCisco Unity Failback Multiple Integration Support/Branch Office ConsolidationIntegrating with Multiple Phone Systems Using Sccp Phone Systems with Other Integrations Requirements for Integrations with Multiple Phone SystemsReasons to Use Alternate Extensions Optional Integration FeaturesAlternate Extensions How Alternate Extensions WorkAlternate MWIs MWIs for Extensions on a Non-Integrated Phone SystemCentralized Voice Messaging OL-14619-01 OL-14619-01 Cisco Unity Failover and Standby Redundancy FailoverStandby Redundancy Cisco Unity Failover and Standby Redundancy Cisco Unity Failover and Standby Redundancy Diagram of a Standby Redundancy Configuration Pstn WANOL-14619-01 Voice-Recognition Access to Cisco Unity OL-14619-01 Migrating to Cisco Unity from Another Voice-Messaging System Migrating to Cisco Unity from Another Voice-Messaging System D E IN-2 IN-3 IN-4