Upgrade Guide for Cisco Unity Connection Release 8.x
Migrating from Cisco Unity to Cisco Unity Connection 8.x by Gradually Moving Data
Downloads: This chapterpdf (PDF - 150.0KB) | Feedback

Table of Contents

Migrating from Cisco Unity to Cisco Unity Connection 8.x by Gradually Moving Data

Overview of a Gradual Migration from Cisco Unity to Cisco Unity Connection 8.x

Gradual Migrations vs. Flash-Cutover Migrations

How Migrated Messages Can Exceed Available Disk Space on the Connection8.x Server

About the Behavior of Mailbox Synchronization If You Migrate Messages (Connection 8.5 and Later Only)

How the Migration Affects Cisco Unity Subscribers

Copying Cisco Unity Public Distribution Lists to Connection

Removing Cisco Unity Data from Active Directory

Enabling FIPS Mode in Connection 8.6

Task List for Migrating from Cisco Unity to Connection8.x by Gradually Moving Data

Migrating from Cisco Unity to Cisco Unity Connection 8.x by Gradually Moving Data

This chapter contains the following sections:

Overview of a Gradual Migration from Cisco Unity to Cisco Unity Connection 8.x

Before you begin to gradually migrate users and other data from Cisco Unity to Cisco Unity Connection, familiarize yourself with the following conceptual and procedural documentation related to the migration:

“Overview of Networking Concepts in Cisco Unity Connection 8.x”

“Setting Up Networking Between Cisco Unity and Cisco Unity Connection 8.x Servers”

  • Documentation on the Cisco Unified Backup and Restore Application Suite (COBRAS), which you use to migrate data. See:

COBRAS Help at http://www.ciscounitytools.com/Applications/General/COBRAS/Help/COBRAS.htm .

Training videos for using COBRAS Help, also at http://www.ciscounitytools.com/Applications/General/COBRAS/Help/COBRAS.htm .

See the following sections:

Gradual Migrations vs. Flash-Cutover Migrations

Gradually migrating users and other data is a complex, time-consuming process. Unless a gradual migration is a non-negotiable requirement, we recommend that you consider a flash-cutover migration, as documented in the “ Migrating from Cisco Unity 4.0(3) or Later to Cisco Unity Connection 8.x by Using a Flash Cutover ” chapter.

How Migrated Messages Can Exceed Available Disk Space on the Connection 8.x Server

We discourage migrating messages from Cisco Unity to Connection. Like Exchange, Connection supports single-instance messaging, meaning that when a message is sent to a distribution list, only one copy is stored. However, COBRAS cannot retain single-instance messaging for a migration, so for every message sent to a distribution list and migrated to Connection, the Connection database contains one copy of the message for each recipient. For example, if you send a Cisco Unity voice message to a distribution list that has 10 members and then migrate that message to Connection, the Connection database will contain 10 copies of the message.

To complicate matters further, there is no way to estimate the total size of all voice messages when messages to distribution lists are expanded from single-instance messaging. As a result, you can easily fill the hard disk on the Connection server with migrated messages.

COBRAS never migrates secure messages, faxes, or receipts.

When Connection networking is configured and you run COBRAS Import for Connection 7.x and Later, COBRAS starts automatically in Hot Mode, the mode for gradually migrating Cisco Unity subscribers to Connection. Hot Mode does not include an option to migrate messages. If you want to migrate messages, you must:

a. Run COBRAS export to export the messages from Cisco Unity before you migrate Cisco Unity subscribers to Connection.

b. Run COBRAS import to import messages into Connection after you migrate subscribers.

The task list indicates when to perform these steps, if applicable.

About the Behavior of Mailbox Synchronization If You Migrate Messages (Connection 8.5 and Later Only)

As noted in the “How Migrated Messages Can Exceed Available Disk Space on the Connection 8.x Server” section, we discourage migrating messages. However, if you must migrate messages from Cisco Unity to Connection 8.5 or later, and if you configure Connection and Exchange mailbox synchronization (single inbox), note the following:

  • Migrated messages will appear in the Connection mailbox and in the Exchange mailbox for each user.
  • COBRAS retains the read/unread status of the migrated messages. If a user played a message in Cisco Unity before the message was migrated, the message will be read both in Connection and in the Exchange mailbox.
  • If you migrate messages for the same Cisco Unity subscriber more than once, the corresponding Connection user will have one more copy of each migrated message in Connection and in Exchange for each additional migration attempt.

If the Cisco Unity server is configured as unified messaging, we further discourage migrating messages because of the following behaviors.

  • Two copies of migrated messages will appear in the Exchange mailbox for each user: the original message and the migrated message that is synchronized into the Exchange mailbox when single inbox is configured.
  • If a user uses Outlook to play the original message in Exchange (the copy that Cisco Unity put into Exchange when the message was received), the message will remain unread in Connection, and the message waiting indicator will remain on. This only happens with migrated messages. Playing the migrated message (the copy that was synchronized into the Exchange mailbox by the single inbox feature) or playing messages that are received after the migration will turn off the message waiting indicator on the new extension as appropriate.

In only one configuration must you migrate messages: you configured secure messaging for Cisco Unity subscribers, and you want the corresponding Connection users to be able to use Cisco Unity Connection ViewMail for Microsoft Outlook to play messages from the Cisco Unity server after the migration. In this configuration, you must also upgrade to Cisco Unity Connection ViewMail for Microsoft Outlook version 8.5 because Cisco Unity ViewMail version 8.0 cannot access secure messages in Connection, and Cisco Unity Connection ViewMail for Microsoft Outlook version 8.5 cannot access secure messages in Cisco Unity.

How the Migration Affects Cisco Unity Subscribers

As Cisco Unity subscribers are migrated to Connection, their primary extensions are prefixed with an alphabetical string. This has the following effects:

  • The migrated subscribers can no longer call the old pilot number to access their old Cisco Unity voice messages because their extension is now associated with their Connection mailbox.
  • To allow migrated users to access their Cisco Unity voice messages using the telephone user interface, you must configure a new pilot number and create a Direct Calls routing rule that routes calls to the Sign-In Archived Mailbox conversation. This conversation allows users to access messages on the Cisco Unity server by entering their old Cisco Unity primary extension.

For more information, see the “About the Behavior of Mailbox Synchronization If You Migrate Messages (Connection 8.5 and Later Only)” section.

  • The migrated subscribers are no longer listed in the Cisco Unity directory.
  • Subscribers who have not been migrated can no longer send messages to the Cisco Unity mailbox of subscribers who have been migrated.
  • Cisco Unity notification devices (for example, message waiting indicators) are disabled for migrated subscribers.
  • Alternate extensions for migrated subscribers are deleted.

Copying Cisco Unity Public Distribution Lists to Connection

You can copy Cisco Unity public distribution lists to Connection by using the Public Distribution List Builder for Unity on the CiscoUnityTools.com website. For more information, see the Help for the tool and the training video at http://www.ciscounitytools.com/Applications/Unity/PublicDistributionListBuilder/PublicDistributionListBuilder.html .

Removing Cisco Unity Data from Active Directory

Depending on the Cisco Unity configuration, after the migration is complete, you may want to remove Cisco Unity–specific attributes from Active Directory accounts or delete the Active Directory accounts by using the Uninstall Unity tool, the Bulk Subscriber Delete tool, or both. Regardless of the method you use for removing Cisco Unity–specific attributes or removing Active Directory accounts, after you migrate the last Cisco Unity subscriber from a given Cisco Unity server to Connection, you should still run Uninstall Unity on the server to remove Cisco Unity objects from Active Directory.

In a Unified Messaging configuration, you can remove Cisco Unity–specific attributes from Active Directory accounts by using either the Bulk Subscriber Delete tool in Tools Depot or by using the Uninstall Unity utility. Bulk Subscriber Delete is useful if you want to remove attributes as you migrate subscribers. Uninstall Unity cannot be used until you have migrated all subscribers because you cannot select the subscribers for which attributes are removed from Cisco Unity; the tool removes Cisco Unity attributes from Active Directory accounts for all of the Cisco Unity subscribers who are homed on the current server.

In a Voice Messaging configuration for which you created duplicate Active Directory accounts in the corporate forest for Cisco Unity subscribers, you will probably want to remove the Active Directory accounts, not just Cisco Unity–specific attributes. To remove Active Directory accounts, you must use the Bulk Subscriber Delete tool.

In a Voice Messaging configuration for which you created a separate forest, removing Active Directory attributes and accounts is unnecessary if you are going to reinstall the operating system on the Cisco Unity servers and on the domain controllers and global catalog servers.

Enabling FIPS Mode in Connection 8.6

Added TBD

If both of the following are true, enabling FIPS mode in Connection 8.6 will prevent a Connection user from signing in to the telephone user interface (TUI) to play or send voice messages or to change user settings:

  • The user was created in Cisco Unity 5.x or earlier.
  • The Connection user still has a TUI PIN that was assigned in Cisco Unity 5.x or earlier.

A user signs in to the TUI by entering an ID (usually the user’s extension) and a PIN. The ID and PIN are assigned when the user is created; either an administrator or the user can change the PIN. To prevent administrators from accessing PINs in Connection Administration, PINs are hashed. In Cisco Unity 5.x and earlier, Cisco Unity hashed the PIN by using an MD5 hashing algorithm. In Cisco Unity 7.x and later, and in Connection, the PIN is hashed by using an SHA-1 algorithm, which is much harder to decrypt and is FIPS compliant. (MD5 is not FIPS compliant.)

When a user calls Connection and enters an ID and PIN, Connection checks the database to determine whether the user’s PIN was hashed with MD5 or SHA-1. Connection then hashes the PIN that the user entered and compares it with the hashed PIN in the Connection database. If the PINs match, the user is logged in.

In Connection 8.6 and later, if you enable FIPS mode, Connection no longer checks the database to determine whether the user’s PIN was hashed with MD5 or SHA-1. Instead, Connection simply hashes the PIN with SHA-1 and compares it with the hashed PIN in the Connection database. If the PIN was hashed with MD5, the PIN that the user entered and the PIN in the database will not match, and the user is not allowed to sign in.

If any Connection user accounts were originally created in Cisco Unity 5.x or earlier, you may not care whether their PINs were MD5 hashed. If users never log in by using the TUI, it does not matter that their PIN is invalid. If you do have user accounts for which the PIN may have been hashed with MD5, here are some suggestions for replacing the MD5-hashed passwords with SHA-1–hashed passwords:


Note Earlier versions of the Subscriber Information Dump utility do not include the Pin_Hash_Type column.


Alternatively, after you migrate to Connection, use the latest version of the User Data Dump utility to determine how many users still have MD5-hashed PINs. For each user, the Pin_Hash_Type column contains either MD5 or SHA1 . To download the latest version of the utility and to view the Help, see the User Data Dump page on the Cisco Unity Tools website at http://ciscounitytools.com/Applications/CxN/UserDataDump/UserDataDump.html .


Note Earlier versions of the User Data Dump utility do not include the Pin_Hash_Type column.


  • Before you migrate to Connection, check the User Must Change Password at Next Login check box on the Subscribers > Subscribers > Phone Password page in the Cisco Unity Administrator. Then encourage users to sign in to Cisco Unity and change their PINs.

Alternatively, after you migrate to Connection and before you enable FIPS mode, check the User Must Change at Next Sign-In check box on the Password Settings page in Connection Administration. Then encourage users to sign in to Connection and change their PINs.

  • After you migrate to Connection, if you still have users who have not changed their PINs, you can run the Bulk Password Edit utility. Bulk Password Edit lets you selectively change PINs (for example, for all users who still have PINs that were hashed with MD5) to random values. The utility also exports data on the changes to a .csv file. The export file includes the name, alias, email address, and new PIN for each user whose PIN was changed. You can use the .csv file to send an email to each user with the new PIN. The utility is available on the Cisco Unity Tools website at http://www.ciscounitytools.com/Applications/CxN/BulkPasswordEdit/BulkPasswordEdit.html .

Task List for Migrating from Cisco Unity to Connection 8.x by Gradually Moving Data

Revised TBD

Use the following high-level task list to gradually migrate to Connection 8.x correctly. The tasks reference detailed instructions in this guide and in other Connection documentation as noted. Follow the documentation for a successful migration.

1. Review the “Requirements for Migrating from Cisco Unity to Cisco Unity Connection Version 8.x” section of System Requirements for Cisco Unity Connection Release 8.x at http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/requirements/8xcucsysreqs.html .

2. If you are enabling FIPS mode: Review the discussion of telephone user interface (TUI) PINs that are not FIPS compliant and that can prevent users from signing in to the TUI. See the “Enabling FIPS Mode in Connection 8.6” section.

3. Prepare the Cisco Unity servers for the migration:

a. Upgrade one or more Cisco Unity servers to Cisco Unity 8.x as necessary to satisfy the requirements listed in the System Requirements for Cisco Unity Connection Release 8.x .

b. Install the engineering specials that allow gradual migration of Cisco Unity 5.x or 7.x servers in a Connection networking site, if applicable.

4. Obtain reissued Cisco Unity license files, and obtain a Connection upgrade license:

a. Obtain reissued Cisco Unity license files with the MAC addresses of the new Cisco Unity Connection servers. See the “Managing Licenses in Cisco Unity Connection 8.x” chapter of the System Administration Guide for Cisco Unity Connection at http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/administration/guide/8xcucsagx.html .

b. Obtain a Connection upgrade license, which enables Connection 8.x and is required for Connection-specific features.

You can continue to use the existing Cisco Unity license files on the Cisco Unity servers until the migration is complete. However, you cannot update the Cisco Unity license files (for example, with additional user licenses) after new licenses have been issued for the Connection servers that you are migrating to. In addition, after about 90 days, Cisco TAC will stop supporting Cisco Unity servers for which the licenses have been migrated to Connection licenses.

5. Save the reissued license files to a network location.

Do not install the license files now; you do so in Task 6., when you install the new Connection servers.


Note When you are configuring a Connection cluster, the license that has the MAC address of the publisher server must be installed on the publisher server. The license that has the MAC address of the subscriber server must be installed on the subscriber server.


6. Install one or more Connection 8.x servers, if applicable, and upgrade all existing Connection servers, if any, to version 8.x. For information on:

Installing new Connection 8.x servers, see the Installation Guide for Cisco Unity Connection Release 8.x at http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/installation/guide/8xcucigx.html .

Upgrading from Connection 7.x to 8.x, see the “ Upgrading Cisco Unity Connection 7.x, 8.0, or 8.5 to the Shipping 8.0 or 8.5 Version ” chapter.

7. See the applicable version of Release Notes for Cisco Unity Connection for additional information on the shipping version of Cisco Unity Connection. In particular, note the items in the section “Installation and Upgrade Information.” Release notes are available at http://www.cisco.com/en/US/docs/voice_ip_comm/connection/7x/release/notes/701cucrn.html .

8. Download the following tools:

The Cisco Unity Disaster Recovery Backup tool, available at http://www.ciscounitytools.com/App_DisasterRecoveryTools.htm .

The COBRAS Import for Connection 7.x and Later tool, available at http://www.ciscounitytools.com/Applications/General/COBRAS/COBRAS.html .

If you want to migrate voice messages from Cisco Unity to Connection: The COBRAS Export for Unity tool, available at http://www.ciscounitytools.com/Applications/General/COBRAS/COBRAS.html .


Note The COBRAS page at CiscoUnityTools.com includes several versions of COBRAS. Take care to download the correct versions.


If you want to remove subscriber data from the Cisco Unity database and attributes for Cisco Unity subscribers from Active Directory as you migrate subscribers: The Bulk Subscriber Delete tool, available at http://www.ciscounitytools.com/Applications/Unity/BulkSubscriberDelete403/BulkSubscriberDelete403.html .

If Cisco Unity attributes and objects are stored in the corporate directory: The Uninstall Unity tool, available at http://www.ciscounitytools.com/Applications/Unity/UninstallUnity/UninstallUnity.html .

9. On the first Cisco Unity server, install the tools that you downloaded in Step 8., including COBRAS Import for Connection 7.x.

When Cisco Unity failover is configured:

Install the Cisco Unity Disaster Recovery Backup tool on the secondary server.

Install all other tools on the active server, regardless of whether the active server is the primary or secondary server.

10. Set up Connection networking. For more information, see the “Setting Up Networking Between Cisco Unity and Cisco Unity Connection 8.x Servers” chapter of the Networking Guide for Cisco Unity Connection at http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/networking/guide/8xcucnetx.html .

11. Confirm that the Cisco Unity server that you are migrating to Connection can ping the Cisco Unity site gateway to the Connection site.

12. Back up the Cisco Unity server by using the Cisco Unity Disaster Recovery tools. This backup will not be used to migrate data to the Connection 8.x system; we recommend it only so you can revert to Cisco Unity if necessary.

13. If you want to migrate voice messages from Cisco Unity to Connection: Export data and voice messages by using COBRAS Export for Unity.


Caution We discourage migrating voice messages. For more information, see the “Overview of a Gradual Migration from Cisco Unity to Cisco Unity Connection 8.x” section.

14. If you do not to migrate voice messages from Cisco Unity to Connection: Configure access for migrated users to their old voice messages on the Cisco Unity server:

a. On the phone system, set up a new voicemail pilot number that calls Cisco Unity.

b. In Cisco Unity Administrator, in the Direct Calls call routing table, add a direct routing rule to the top of the routing table. Configure the new routing rule to respond to calls from the pilot number that you set up in Task 14.a., and route calls to the Sign-In Archived Mailbox conversation, which gives migrated users access to their old Cisco Unity mailbox. The conversation prompts callers to enter their Cisco Unity primary extension and PIN.

Alternate extensions are all deleted when a subscriber is migrated, so subscribers cannot use alternate extensions to access archived mailboxes.

15. Give the following information to the Cisco Unity subscribers you are about to migrate:

Accessing their new voice messages in Connection.

If you do not to migrate voice messages from Cisco Unity to Connection: Accessing their old Cisco Unity voice messages by using the pilot number that you set up in Task 14.a.

16. Use COBRAS to migrate Cisco Unity subscribers to Connection.

If you are configuring single inbox, and if Cisco Unity is configured as unified messaging, so Connection voice messages that are synchronized to Exchange will be saved in the same mailbox that Cisco Unity voice messages are stored in now, we recommend that you select the Include Corporate Email Addresses from Backup for New User Creation checkbox in COBRAS. When you restore Cisco Unity data on the Connection server, the Exchange email addresses associated with Cisco Unity users will be saved in the Corporate Email Address field on the User Basics page in Cisco Unity Connection Administration. This will simplify configuration of single inbox later in the migration process.

For more information, see Help for the tool at http://www.ciscounitytools.com/Applications/General/COBRAS/COBRAS.html .


Caution Do not migrate subscribers during normal business hours. Cisco Unity subscribers who are being migrated to Connection can access neither their archived messages in Cisco Unity nor their new messages in Connection while they are being migrated. In addition, even after they have been migrated, they cannot access new messages until you have reconfigured their phone or the phone system as explained in Task 17.

17. Reconfigure the phone or the phone system to:

Route calls to Connection when the extension for the user is busy or the user does not answer.

Route calls to Connection when the user presses the Messages button, if applicable.

18. Wait for information on all of the migrated subscribers to replicate:

Cisco Unity subscribers that have been migrated to Connection no longer appear in Cisco Unity Administrator.

In Connection Administration, users that have been migrated from Cisco Unity appear as regular users. (Before the migration starts, they appear as contacts. While the migration is occurring, they appear both as contacts and as users.)

19. If you want to migrate voice messages from Cisco Unity to Connection:

a. Install COBRAS Import for Connection 7.x and later on a Windows computer other than the Cisco Unity server. COBRAS Import can be run from the Cisco Unity server, but it runs better on a computer on which Cisco Security Agent for Cisco Unity is not running.

b. Run COBRAS Import to import voice messages into Connection for the migrated users. For more information, see Help for the tool at http://www.ciscounitytools.com/Applications/General/COBRAS/COBRAS.html .

20. Optionally, remove migrated Cisco Unity subscribers by using the Bulk Subscriber Delete tool in the Administration Tools folder in Tools Depot. Bulk Subscriber Delete removes selected subscribers from the Cisco Unity database and lets you choose one of the following options:

Remove Cisco Unity-specific properties for the selected subscribers from Active Directory.

Remove Active Directory account and the Exchange mailbox for the selected subscribers.

For more information, see:

Help for the tool at http://www.ciscounitytools.com/Applications/Unity/BulkSubscriberDelete403/BulkSubscriberDelete403.html .

The “Removing Cisco Unity Data from Active Directory” section.

21. Repeat Task 15. through Task 20. to migrate the remaining Cisco Unity subscribers on this server to Connection.

22. If Cisco Unity attributes and objects are in the corporate directory: Uninstall Cisco Unity, which removes Cisco Unity attributes and objects from Active Directory. For more information, see the “Removing Cisco Unity Data from Active Directory” section.

23. Repeat Task 9. through Task 22. to migrate subscribers on the remaining Cisco Unity servers to Connection.