Cisco Systems OL-13599-01 manual Determining Whether to Set Up Cisco Unity to Use SSL

Chapter 8 Installing and Configuring Cisco Unity Software

Determining Whether to Set Up Cisco Unity to Use SSL

13.If you are running Domino without clustering, consider enabling the Unity Messaging Repository conversation. See the “Enabling the Unity Messaging Repository Conversation” section on page 8-22.

14.Secure Cisco Unity and the Cisco Unity server. See the “Securing Cisco Unity and the Cisco Unity Server” section on page 8-23.

When you are finished with this chapter, return to Chapter 1, “Overview of Mandatory Tasks for Installing Cisco Unity” to continue installing the Cisco Unity system.

Note The tasks in the list reference detailed instructions in the Cisco Unity installation guide and in other Cisco Unity documentation. Follow the documentation for a successful installation.

Determining Whether to Set Up Cisco Unity to Use SSL

When subscribers log on to the Cisco Personal Communications Assistant (PCA), their credentials are sent across the network to Cisco Unity in clear text. The same is true when the Cisco Unity Administrator and the Status Monitor are configured to use the Anonymous authentication method. In addition, the information that subscribers enter on the pages of the Cisco PCA and of the Cisco Unity Administrator (regardless of which authentication method it uses) is not encrypted.

For increased security, we recommend that you set up Cisco Unity to use the Secure Sockets Layer (SSL) protocol. SSL uses public/private key encryption to provide a secure connection between servers and clients, and uses digital certificates to authenticate servers or servers and clients. (A digital certificate is a file that contains encrypted data that attests to the identity of an organization or entity, such as a computer.)

Using the SSL protocol ensures that all Cisco Unity subscriber credentials—as well as the information that a subscriber enters on any page of the Cisco Unity Administrator and the Cisco PCA—are encrypted as the data is sent across the network. In addition, when you set up Cisco Unity to use SSL, each time that a subscriber tries to access any Cisco Unity web application, the browser will confirm that it is connected with the real Cisco Unity server—and not an entity falsely posing as such—before allowing the subscriber to log on.

To set up a web server such as Cisco Unity to use SSL, you can either obtain a digital certificate from a certificate authority (CA) or use Microsoft Certificate Services available with Windows to issue your own certificate. (A CA is a trusted organization or entity that issues and manages certificates at the request of another organization or entity.) Cost, certificate features, ease of setup and maintenance, and the security policies practiced by the organization are some of the issues to consider when determining whether you should purchase a certificate from a CA or issue your own.

Information on third-party CAs, Microsoft Certificate Services, and SSL is widely available on the Internet, as well as in the Windows and IIS online documentation. Such sources can help you determine whether to use SSL and how to set up a web server to use it.

Installing the Microsoft Certificate Services Component

Note If you do not plan to set up Cisco Unity to use SSL or if you want to use a digital certificate from a certificate authority to set up Cisco Unity to use SSL, skip this section.

Installation Guide for Cisco Unity Release 5.x with IBM Lotus Domino (Without Failover)