This document provides a comprehensive list and description of the features, capabilities, and enhancements introduced in Cisco Unified CallManager 5.0. It highlights the benefits delivered by Cisco Unified CallManager 5.0 to organizations, including summaries of at least 15 new enhanced service features, 40 new improved support features, and nearly a dozen new security features. In essence, Cisco Unified CallManager 5.0 was designed to improve productivity within organizations through a combination of intelligent call processing and presence and location information for users. In addition to delivering a feature-rich environment for new IP Communications devices, the Cisco Unified CallManager 5.0 also delivers a proven platform for smooth migration and integration of existing devices.
The list of features, capabilities, and enhancements is divided into the following categories:
· An Overview of Features and Capabilities
· Flexibility and Choice with New SIP Capabilities
· Intelligence in the Network with RSVP
· Simplified Administration
· A More Secure Solution
· Improved Serviceability and Reduced Support
Cisco Unified CallManager 5.0—An Overview of Features and Capabilities
Cisco Unified CallManager 5.0 was developed with productivity, flexibility, and investment protection in mind. The appliance model offers businesses a user-friendly solution that is easier to install, upgrade, and manage—saving valuable time while offering a robust platform for voice, video, mobility, and collaboration. The new standards-based SIP capabilities offer organizations the freedom to incorporate a host of new wireless or wire-line devices to meet business demands as well as SIP-enabled enterprise applications. “Presence” is information about a person’s willingness and availability to communicate. By enabling presence within the network, businesses can save on time and cost in reaching workers, playing “phone-tag”, and streamlining collaboration.
· SIP line-side support—The Cisco Unified CallManager now supports native connection of SIP-based endpoints. These endpoints must conform to RFC 3261 and other IETF SIP standards. Nearly all Cisco Unified IP Phones support SIP connectivity to Cisco Unified CallManager 5.0, as do endpoints from third-party manufacturers in the Cisco third-party SIP Verification program. Because SIP is standards-based, your options to use third-party endpoints and applications attached to the Cisco Unified CallManager are increased, providing more flexibility.
· Appliance model—The Cisco Unified CallManager 5.0 is available as an appliance. As an appliance, the Cisco Unified CallManager software is designed to improve installation and upgrades and deliver a more robust and secure platform.
· Software preloaded—The Cisco Unified CallManager server has the software preloaded at the factory to reduce installation time.
· Recovery media—Recovery media is included with the appliance if for any reason it must be reloaded.
· Hardware recovery CD—The recovery CD is included with the appliance if for any reason it must be down-revved, or there is a failed upgrade attempt, simplifying operational procedures and reducing the need to reinstall the system to recover from failures.
· Reduced installation time—The time it takes to install the Cisco Unified CallManager software has been dramatically reduced. The time savings for the appliance version is approximately 50 percent versus the current Windows-based offering.
· Answer file—The answer file can be used to provide all the “answers” during installation. The file is provided on removable media to the Cisco Unified CallManager 5.0 DVD, CD, or USB drive. This information can also be provided through the command-line interface (CLI) at installation time, thereby increasing your productivity by allowing an unattended install.
· Improved software upgrade—The process to upgrade the software has been significantly improved by using dual hard disk partitions, an active and a standby partition. While calls are being processed on the active partition, new software versions can be loaded on the standby disk partition. The user simply clicks Reboot and Switch Versions from the administrative interface to upgrade or change over to the new version. The bulk of the work involved in a software upgrade can now be performed during business hours, greatly reducing the maintenance window required to perform the upgrade by switching disk partitions and significantly reducing the downtime required by an upgrade.
· Return to previous version—With the new partitioning model, the system can be easily returned to the previous version of software by repeating the process used to upgrade. The older version of software remains on the second disk partition (now called the standby partition) until it is upgraded in the future. This feature can save a significant amount of time when it becomes necessary to move back to a previous software version.
· CLI—A backup management interface is provided in the system to diagnose and troubleshoot the primary HTTPS-based management interfaces. The CLI is similar to the CLI on Cisco routers, increasing the overall serviceability and reducing downtime and potential for rebuilds. By remotely accessing the CLI using the Secure Shell (SSH) Protocol, users might be able to diagnose and bring up their Web-based management interface, saving a trip into the office.
· Improved Data Migration Assistant (DMA)—Improved DMA provides the preservation of data when upgrading from a previous version of Cisco CallManager to Cisco Unified CallManager 5.0. DMA helps ensure the data from earlier versions of Cisco Unified CallManager can be extracted and placed into the Cisco Unified CallManager 5.0 schema and new database to minimize the chance for a failed upgrade. DMA can save the data to a local tape drive as well as a remote file share to be later retrieved through Secure File Transfer Protocol (SFTP), greatly reducing upgrade time as customers maintain their existing configuration information when upgrading.
· Improved disaster recovery system—This system provides full data backup and restore capabilities for all nodes of the Cisco Unified CallManager 5.0 cluster. It is typically accessed from the administration GUI, but is also available from the CLI. New features include a scheduling interface as well as an historical log of backups. This new clusterwide backup and restore mechanism greatly simplifies the backup process and provides the assurance that your data will be there if a severe failure occurs.
· Enhanced Network Time Protocol (NTP)—NTP is now used to keep the time synchronized between all Cisco Unified CallManager 5.0 servers in a cluster. All subscribers point to the publisher, which can point to its internal clock or to an external NTP time source. This feature is required for the database synchronization to work, and it greatly eases troubleshooting across the cluster, because all trace files have a common clock for all timestamps.
· Lightweight Directory Access Protocol (LDAP) synchronization—LDAP data, which is now natively stored in the Cisco Unified CallManager 5.0 database, allows organizations to centralize all user information in a single external LDAP directory. Centralized user information and authentication makes integrating Cisco Unified CallManager 5.0 into an enterprise easier, and does not require creation of any schema extensions or separate forests or workgroups. Also, if connectivity to the LDAP directory is severed, no services are impaired because Unified CallManager 5.0 has all the LDAP user data it needs resident in its database. Periodic synchronization ensures that your data is always current.
· Presence—Cisco Unified CallManager 5.0 offers users numerous benefits, including line-status visibility on speed dials and directories. This visibility enhances the overall enterprise IP Communications experience, increasing productivity; it is built on top of the SIP and SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE) standards, offering the opportunity to integrate into third-party applications to share presence data.
· Call-forwarding enhancements—The Call Forward All (CFA) enhancement introduces a secondary Calling Search Space (CSS) for the Call Forward All field, allowing administrators to separately configure whom someone can call as opposed to where they can forward calls to. A user may be able to call anyone, even internationally, but use the Call Forward All feature only for local or domestic numbers. This feature offers a great new tool to help curb toll fraud.
· Simple Network Management Protocol (SNMP)—SNMP now supports SIP information in the Cisco Unified CallManager 5.0 MIB, as well as an additional CISCO_SYSLOG_MIB that can generate traps or inform messages on all syslog messages. This feature greatly increases the manageability of Cisco Unified CallManager 5.0 by providing hundreds of system events that can be trapped in your enterprise management system.
· SNMP version support—Cisco Unified CallManager 5.0 now supports SNMPv1, SNMPv2c, and SNMPv3, providing additional interoperability with management systems, as well as additional security that SNMPv3 provides.
· Skinny Client Control Protocol (SCCP)-to-SIP parity—Most of the features provided by SCCP phones are available to the Cisco Unified IP Phone models 7911G, 7941G, 7941G-GE, 7961G, 7961G-GE, 7970G, and 7971G when using SIP. Users have a robust feature set and can choose between SCCP or SIP, allowing migration at a pace that makes sense for their organization.
Cisco Unified CallManager 5.0—Flexibility and Choice with New SIP Capabilities
In a rapidly evolving communications environment, it would be unreasonable to expect all communications innovations to emanate from a single vendor. A standards-based approach to network deployment that enables a range of innovative wired and wire-line devices from a variety of vendors appears inevitable. Cisco is one of the first vendors to make SIP capabilities native to its platform. Cisco Unified CallManager 5.0 provides the most robust, standards-based SIP implementation in the industry.
· SIP line-side support—SIP support is extended in Cisco Unified CallManager 5.0 with support of line-side devices, including IETF RFC 3261-compliant devices available from Cisco and other third-party manufacturers.
· Implementing SIP technologies in a converged IP network offers numerous benefits, including increased value and user productivity from new and customizable applications, vendor independence for greater choice of applications and endpoints, and the potential to reduce costs for equipment and the management of communications services. Cisco is committed to supporting devices that have implemented standard SIP-based communications in order to offer customers maximum investment protection, increased choice through interoperability, and greater deployment options.
· Cisco Unified CallManager 5.0 introduces native SIP registrar and back-to-back user agent (B2BUA) functions, allowing the connection, registration, management, and monitoring of SIP-based endpoints. The features available to SIP endpoints are nearly equivalent to those found in the Cisco SCCP protocol, allowing SIP and SCCP phones to transparently co-exist and share features. Customers have the freedom to migrate to SIP at their own pace and without the need for large amounts of user retraining. SIP is implemented natively into core software; it is not implemented as an adjunct solution, meaning that the additional cost and complexity of separate applications servers other vendors use to register their SIP phones are not required. This kind of tight integration into software means it is easier to support and implement, and the costs of having to maintain an adjunct system are eliminated.
The following SIP-based IP phone models are supported:
· Cisco Unified IP Phone 7971G-GE
· Cisco Unified IP Phone 7970G
· Cisco Unified IP Phone 7961G-GE
· Cisco Unified IP Phone 7961G
· Cisco Unified IP Phone 7960G
· Cisco Unified IP Phone 7941G-GE
· Cisco Unified IP Phone 7941G
· Cisco Unified IP Phone 7940G
· Cisco Unified IP Phone 7912G
· Cisco Unified IP Phone 7911G
· Cisco Unified IP Phone 7905G
· Any third-party SIP phone, soft phone, or video endpoint that complies with RFC 3261 and other related RFCs (must go through the SIP Verified program if assurance of interoperability is desired); more information about the SIP Verified program is located at: http://forums.cisco.com/eforum/servlet/IPCApps;jsessionid=zhyxvhy9f1.SJ2B?page=tpsipep
· Computer telephony integration (CTI) support for SIP phones—Cisco Unified CallManager 5.0 helps enable CTI applications to control and monitor SIP phones in the same manner they have previously used for SCCP phones.
· SIP trunk-side enhancements—Version 5.0 introduces significant enhancements to SIP trunk-side signaling support and call routing capabilities through support for the latest RFCs and Internet drafts, including but not limited to: SIP (RFC 3261), the REFER method (RFC 3515), the REPLACES header (RFC 3891), the Remote Party ID (RPID) header, the Unsolicited NOTIFY method, and the SUBSCRIBE/NOTIFY method. SIP trunk-side networking provides an open interface for applications to interface to the Cisco Unified CallManager 5.0.
– REFER support—Supported by Cisco Unified CallManager 5.0 for SIP-initiated transfers; these transfers are done from the Cisco Unified CallManager or from a third-party application
– Replaces header—This enhancement is used to replace an existing SIP dialog with a new one; the ability to change the header is a function of the Cisco Unified CallManager being a B2BUA.
– Subscribe/notify event reporting—This enhancement is available on the SIP trunk for use by external applications such as the Cisco Unified Presence Server to report presence to an external entity.
– Message waiting indicator (MWI; RFC 3842)—The MWI allows Cisco Unified CallManager 5.0 to integrate with voicemail applications such as Cisco Unity® Unified Messaging and Cisco Unity Connection through a SIP trunk, and to communicate MWI messages to SIP-based endpoints; passing SIP-based MWI messages helps ensure that users of SIP endpoints receive visual message waiting indication on their SIP endpoint.
– Enhanced SIP 3xx redirection support—This support allows more elegant handling of 3xx redirect messages received on a SIP trunk, including performing full digit analysis on the destination number, making a routing decision based on that analysis, and routing the call to any supported destination device type, thereby simplifying dial plans and providing additional flexibility in integrations across SIP trunks.
· Key Press Markup Language (KPML) support—As per draft-ietf-sipping-kpml, KPML provides a method of communicating dual tone multifrequency (DTMF) tones through SIP signaling messages. RFC 2833 and Unsolicited NOTIFY methods are also simultaneously supported, and Cisco Unified CallManager 5.0 dynamically negotiates the most preferred method, reducing the number of Media Termination Points (MTPs) required in a deployment, as well as providing additional deployment flexibility for endpoints that do not support in-band DTMF tones.
· RFC 2833 support enhancements—In addition to adding support for KPML and Unsolicited NOTIFY support on SIP, Cisco Unified CallManager 5.0 extends RFC 2833 support to SCCP, Media Gateway Control Protocol (MGCP), and H.323 devices. The combination of these two features, along with the ability of Cisco Unified CallManager 5.0 to dynamically negotiate the most preferred method per call, effectively increases the likelihood that the originating and terminating endpoints will share a common DTMF method. Cisco Unified CallManager dynamically invokes a MTP device to provide RFC 2833 in-band to out-of-band DTMF conversion only if necessary, reducing costs and complexity because fewer MTPs are required in a solution.
· SIMPLE presence support—Cisco Unified CallManager 5.0 introduces native support for the SIMPLE standard on both SIP trunks and SIP endpoints, manifesting itself in numerous user-oriented features:
– Presence-enabled speed dials—Cisco Unified IP Phones provide user-definable speed-dial buttons, which when programmed to be presence-enabled give users the real-time presence status of the party to which the speed-dial number is directed, offering users a convenient way to monitor the presence status of their peers, managers, or assistants and to see if the party they wish to reach is busy or available before attempting to place the speed-dial call.
– Presence-enabled directories—Cisco Unified IP Phones provide a Directories button through which users can access the corporate Lightweight Directory Access Protocol (LDAP) directory, or can maintain their own personal directory. When users look up another party in either of these directories, they see the real-time presence status of the party they looked up, letting them see if the party they wish to reach is busy or available before attempting to place the call.
– Presence-enabled call history lists—Cisco Unified IP Phones provide users with three call history lists: Placed Calls, Missed Calls, and Received Calls. In each case, users see the real-time presence status of each party in the list, letting them see if the party they wish to reach is busy or available before attempting to place the call.
· Presence support on SCCP endpoints—By adding some new message types to SCCP, Cisco Unified CallManager 5.0 extends all the same presence-enabled features to SCCP endpoints as well, including presence-enabled directories, call history lists, and speed dials. The presence features work transparently between SCCP and SIP devices.
· SIP video telephony support—Cisco Unified CallManager 5.0 extends support for video telephony to SIP trunks and endpoints. All the video features previously enjoyed by H.323 and SCCP devices are now also available on SIP. In addition, this support provides unparalleled signaling protocol translation, allowing all three types of video endpoints to communicate transparently with each other and participate in conferences together. As a result, customers have greater ability to choose videoconferencing endpoints that meet their specific requirements.
· SIP T.38 Fax—SIP T.38 Fax is supported for both fax relay and fax pass-through. The SIP trunk supports calls that start as voice calls and then switch to T.38, allowing a call that comes in as a voice call to convert to a data call.
· SIP route patterns—Cisco Unified CallManager 5.0 introduces the ability to define routes to dotted-decimal (for example, 10.1.1.0/24) or domain name (for example, domain.com) formatted addresses and route those types of calls out one or more SIP trunks, allowing customers to use Cisco Unified CallManager as their call processing engine for advanced URL-based dialing.
· Improved support for Domain Name System (DNS) SRV record lookups—This enhancement allows for more efficient use of DNS resolution and load balancing when routing calls to a SIP trunk, allowing customers to simplify their dial plans and deploy more highly available unified communications systems.
· Organization Top-Level Domain Name and Cluster Fully Qualified Domain Name fields—These fields define what domain name is responsible for, and hence allowed to determine how to properly route, incoming SIP calls.
· URL-based dialing—Available on SIP-based devices, this feature allows users to use an alphanumeric string to initiate a SIP invite.
· Mixed-protocol video calls—SIP-based video devices can be connected to H.323- or SCCP-based video devices. The Cisco Unified CallManager 5.0 provides the signaling conversion to make this connection possible, providing the ability to support an H.323 video and a SIP‑based video device in the same call.
Cisco Unified CallManager 5.0—Intelligence in the Network with RSVP
By taking advantage of the intelligence within an IP network, Cisco Unified CallManager 5.0 helps enable superior quality video and voice experience by rerouting a call through the most feasible paths on the network. The Resource Reservation Protocol (RSVP) capability gives customers improved quality of service (QoS) and increased network flexibility by enabling dynamic adjustment to changes in the network and allowing improved support of complex network topologies. RSVP also provides an intelligent communication link between the WAN networking hardware and the Cisco Unified CallManager because Cisco integrated services routers intelligently exchange information with Cisco Unified CallManager 5.0. This feature is an excellent demonstration of Cisco’s vision of an Intelligent Information Network that transforms an existing infrastructure with all its interconnected “components” into a single, integrated system. This systems approach extends intelligence across multiple products and infrastructure layers and more closely links the network to the rest of the IT infrastructure.
Cisco Unified CallManager 5.0 introduces the ability to use RSVP for dynamic, topology-aware Call Admission Control (CAC). Adhering to the Integrated Services (IntServ) over Differentiated Services (DiffServ) architectural model, this feature allows customers to deploy Cisco Unified Communications solutions over redundant, tiered, or meshed network topologies with guaranteed QoS for every call. RSVP allows Cisco Unified CallManager 5.0 to dynamically adapt to changes and fluctuations in the network topology as it tracks the number of voice and video calls permitted on each interface throughout the network. It also works transparently with existing advanced call routing and admission control concepts in Cisco Unified CallManager 5.0 such as multilevel priority and preemption (MLPP), retry video call as audio (RVCA), and automated alternate routing (AAR).
· Cisco RSVP Agent support in Cisco IOS® Software for intra-cluster CAC—Cisco Unified CallManager 5.0 uses the resources of the Cisco IOS RSVP Agent in the Cisco 2600XM, 2691, 2800, 3700, and 3800 Series Integrated Services Router platforms to provide RSVP support for intra-cluster calls. Use of the Cisco RSVP Agent in Cisco integrated services routers can invoke RSVP on behalf of all types of endpoints, including SIP, H.323, MGCP, SCCP, and CTI applications.
· Cisco Multiservice IP-to-IP Gateway support in Cisco IOS Software for inter-cluster CAC—Cisco Unified CallManager 5.0 uses the resources of the Cisco IOS Software Multiservice IP-to-IP Gateway in the Cisco 2600XM, 2691, 2800, 3700, and 3800 Series Integrated Services Router platforms to provide RSVP support for SIP and H.323 inter-cluster trunk (ICT) calls.
Cisco Unified CallManager 5.0—Simplified Administration
With new features such as a CLI interface, integrated Bulk Administration Tool (BAT) support, and support for regional languages, the administration of Cisco Unified CallManager 5.0 delivers a simplified management experience. The time to service has been reduced by enabling features that offer users greater control, improved monitoring, and a broader set of tools to influence adjustments.
· Ease of administration and directory-number placement on Cisco Unified IP Phone 7914 Expansion Module—The administration GUI has been enhanced to allow the administrator to arrange the users on a Cisco Unified IP Phone 7914 through the GUI, allowing more intuitive use of the expansion module and quicker access to specific directory-number line keys for administrative assistants and others who must monitor, manage, and cover the various statuses of calls.
· Quick copy page—This feature allows the user to copy a page and make changes to it, speeding up installation by reducing the amount of duplicated information that must be entered on similarly configured phones.
· Scheduled provisioning with BAT—The BAT is used to make bulk changes to the administration. These changes can now be scheduled to take place at a specific time, either at the end of the day or overnight. Now administration changes can be made during business hours and take effect overnight, reducing or eliminating service-affecting reboots and the need to stay late to invoke changes.
· CLI commands—The following can be performed from the CLI interface:
– Show—For diagnostics and troubleshooting
– File—For platform file administration, including viewing, retrieval, monitoring, and searching
– Network utility—For diagnostics and troubleshooting
– Restart—To perform a restart either locally or remotely
– Settings—To set system parameters
– Test—For management interfaces
– Backup or restore—To begin a backup
– Ping—To test connectivity from the Cisco Unified CallManager 5.0 node
These CLI commands alleviate the need to have direct OS access. Now all systems management and troubleshooting commands can be performed from the CLI. With direct OS access removed, customers no longer need to be experts on the OS, but rather can focus their training efforts on Cisco Unified CallManager 5.0.
· Platform administration—Performed through the administration GUI, platform administration can have a different login and password to provide additional security. Additionally, platform administration can be performed by only a subset of the staff, limiting the number of people who can access the system.
· Localization enhancements—Additional localizations are supported in Cisco Unified CallManager 5.0.
· Chinese localization—Both simplified and traditional Chinese are supported in Cisco Unified CallManager 5.0 on the Cisco Unified IP Phone models 7911G, 7941G, 7941G-GE, 7961G, 7961G-GE, 7970G, and 7971G.
· Korean localization—Korean localization is supported on the Cisco Unified IP Phone models 7911G, 7941G, 7941G-GE, 7961G, 7961G-GE, 7970G, and 7971G.
· Japanese localization—Japanese localization is supported on the Cisco Unified IP Phone models 7911G, 7941G, 7941G-GE, 7961G, 7961G-GE, 7970G, and 7971G.
· Search within results—This feature allows the administrator to search within a search to get right to the data that is required, providing faster access to data and therefore reducing administration time.
· Copy with lines—This feature allows a device to be copied with its current configuration, possibly significantly reducing provisioning time for user changes and additions.
· Easier phone adds or deletes—This feature reduces the effort required by the administrator to either add or delete a device, reducing the time required for administration.
· Bulk logout of Enterprise Mobility phones – This feature allows use of the administration GUI to logout all Cisco Unified IP Phones logged in via Extension Mobility.
· Enterprise Mobility logout with cleared directories – With the Enterprise Mobility logout with cleared directories feature, all directory entries are deleted when an Extension Mobility session is logged out, clearing the Placed and Missed call directories so the next Enterprise Mobility user cannot see who the previous user was calling.
· Presence groups—With Cisco Unified CallManager 5.0, presence groups can now be created, allowing an administrator to define groups of users and their access permissions to their own and other groups of users’ presence information. For example, all executives can see everyone’s presence information, but employees can see only each other’s presence information, not the executives’, allowing enterprises to implement their own presence policies across the enterprise.
· Personal directory enhancements—This feature does not require special administrative configuration.
· Call-detail-record (CDR) alerting—Alarms are generated if the system cannot properly transfer the CDR records, allowing administrators to fix any connectivity problems before CDR records that are being cached need to be deleted.
· Write support to entire database through Cisco AVVID (Architecture for Voice, Video and Integrated Data) XML Layer (AXL) Simple Object Access Protocol (SOAP)—Database consistency checking is now implemented in the database itself. Therefore, AXL SOAP has been enhanced to allow read, write, update, and delete access to the entire database, greatly enhancing integration and development possibilities that require database information.
· Database notifications—All database updates are now synchronized with runtime memory. With this feature, applications no longer need to be restarted or reinitialized every time a change is made in the database, increasing service availability and simplifying administration.
· Upgrade assistant—An upgrade assistant has been provided that runs on a pre-Cisco Unified CallManager 5.0 publisher to verify the cluster is ready to have an upgrade performed, increasing the upgrade success rate and thereby minimizing upgrade costs.
· Trivial File Transfer Protocol (TFTP) file management—An interface has been provided to upload new files such as Cisco Unified IP Phone background images and custom ringtones into the TFTP directory. Previously, this process was performed directly through Windows. A user interface is now provided, simplifying the application and OS paradigm.
· Migrate a Cisco Unified IP Phone from SCCP to SIP—Phones can be migrated from SCCP to SIP through the administration interface either one at a time or in bulk, allowing for simple migration from SCCP to SIP, thereby reducing complexity and provisioning time and reducing costs.
· SIP dial plan—A SIP dial plan is installed in the Cisco Unified IP Phone and can be administered through the administration GUI, allowing users to have an enterprise-class dialing experience by not needing to press Dial or wait for the 10-second inter-digit timeout when they want to make a call. Centralized administration is done using Cisco Unified CallManager, reducing the number of management and provisioning applications a customer needs to deploy SIP.
· CTI for SIP IP phones—CTI applications control and monitor SIP phones in the same manner as CTI-controlled and -monitored SCCP phones, allowing customers to transition to SIP at their own pace without requiring their CTI applications to be rewritten.
· Dynamic Host Configuration Protocol (DHCP)—The server enables a Cisco Unified IP Phone to dynamically obtain its IP address and configuration information. For smaller-size customers, Cisco Unified CallManager 5.0 can be used as a DHCP server, reducing network costs.
· SIP phone configuration—This configuration is similar to that of the SCCP phones. Although additional fields are required for SIP phones, customer training needed to migrate from SCCP to SIP is greatly reduced.
Cisco Unified CallManager 5.0—A More Secure Solution
Cisco Unified CallManager 5.0 offers a common set of security features over SCCP and SIP. With a focus on business continuity and resiliency, the Cisco Unified CallManager 5.0 addresses the primary security considerations within a network with a host of features that underline robust performance and proactive defense.
· Cisco Security Agent—Included and automatically installed with the Cisco Unified CallManager 5.0 appliance, Cisco Security Agent detects and prevents worm-based threats to maximize uptime and business continuity; it has been proven successful in Cisco CallManager deployments for several years.
· Fast password reset—The administration interface allows for faster reset of passwords when someone has forgotten a password and needs a new one, reducing the amount of time required for the administrator to reset passwords.
· SIP phone security profile—Security profiles are assigned to SIP phones, providing a consistent security policy across the user community.
· SIP trunk security profile—Security profiles are assigned to SIP trunks, providing a consistent security policy within your Cisco Unified Communications system.
· SCCP phone security profile—Security profiles are assigned to SCCP phones, providing a consistent security policy.
· Phone NTP reference for SIP phones—An NTP reference can be configured in Cisco Unified CallManager 5.0 Administration to ensure that a Cisco Unified IP phone with SIP gets its date and time from an NTP server and posts the same time across all devices using that source.
· Transport Layer Security (TLS) for SIP phones—TLS provides mutual authentication and signaling encryption between Cisco Unified IP Phones with SIP and Cisco Unified CallManager 5.0, just like SCCP phones. A SIP device that does not use TLS cannot authenticate with the Cisco Unified CallManager 5.0, thereby keeping the solution secure.
· Secure Real-Time Transport Protocol (SRTP) for SIP phones—SRTP provides media encryption between Cisco Unified IP Phones with SIP and interworks with Cisco Unified IP Phones with SCCP and MGCP gateways. Therefore, as enterprises begin to migrate to SIP, they can move at their own pace, with some phones still using SCCP while others use SIP—without having to disable security in the interim. This setup provides additional migration flexibility.
· IP Security (IPsec) tunnels to gateways—Available in Cisco Unified CallManager 5.0, this feature provides IPsec connection to Cisco IOS Software-based gateways. Although network-based IPsec continues to be the recommended approach to secure signaling traffic to Cisco IOS Software-based gateways, if only a few IPsec connections are needed, they can be terminated on Cisco Unified CallManager 5.0 directly. This scenario could reduce network infrastructure costs and increase security.
· Hardened OS—The underlying OS that Cisco Unified CallManager 5.0 uses includes thousands of components, of which only 200 to 300 are used to minimize the number of security vulnerabilities to which Cisco Unified CallManager 5.0 may be susceptible. In addition, modifications are made to the OS to further lock it down. For example, all unnecessary logins have been removed or disabled and all OS users log into the CLI as their shell, greatly increasing the security of Cisco Unified CallManager 5.0.
· Packet capture to debug encrypted signaling—When deploying TLS-based signaling, sniffers can no longer be used to debug and troubleshoot signaling problems. With the packet-capture facility within Cisco Unified CallManager 5.0, the encrypted signaling can be captured for analysis by the Cisco Technical Assistance Center (TAC).
· Host-based firewall—Cisco Unified CallManager 5.0 now includes a host-based firewall, yet another security tool to help minimize the likelihood of malicious attacks.
· Certificate management—A GUI and CLI are provided to allow for certificates to be managed, including: generation, revocation, upload, and download.
· HTTPS—All HTTP interfaces are upgraded to HTTPS for more secured connections.
· CLI logging—All CLI access is now logged, providing an audit trail of everyone who logs into the platform.
· Multiple CLI access levels—A platform user can be defined as a basic or advanced user. Basic platform users can do basic troubleshooting, but do not have access to all the CLI commands, providing greater administrative granularity.
· Multiple platform administrator accounts—Multiple platform administrator accounts can be created, giving organizations flexibility in controlling access to the system.
· Platform password reset—An interface is provided to securely reset platform administrator passwords, so no service interruption is required if a password has been forgotten or lost.
Cisco Unified CallManager 5.0—Improved Serviceability and Reduced Support
With the option of an appliance model and a standards-based SIP, Cisco Unified CallManager 5.0 is a more robust and convenient platform to support. From deployment to upgrades to call accounting, the following features describe a solution that delivers reduced downtime, offers ease of use, and improves the speed of deployment.
· Voice-quality statistics—Voice-quality statistics are now available on SCCP- and SIP-based devices. Support for SCCP is available on Cisco Unified IP Phone models 7940G and 7960G, and support for both SIP and SCCP is available on the Cisco Unified IP Phone models 7941G, 7941G-GE, 7961G, 7961G-GE, 7970G, and 7971G. Nine new statistics are now available at the end of call management records (CMRs) to significantly enhance the call-quality reporting statistics available to system administrators and managers. In addition to concealed seconds data, a mean opinion score (MOS) is derived for the call and is reported using the industry-recognized 1–5 score format. This feature greatly enhances a support person’s ability to quickly determine where a voice-quality problem might be located.
– CumConcealRatio—Ratio of concealment frames to total frames
– IntervalConcealRatio—Ratio for last 3 seconds
– MaxConcealRatio—Maximum ratio for call
– ConcealSecond—Total number of seconds that have at least one concealment frame
– SeverelyConcealSecond—Total number of seconds that have more than 5-percent concealment frames
– MOSListeningQualityKfactor—Current MOS value
– MOSListeningQualityKfactorMin—Minimum MOS for call
– MOSListeningQualityKfactorMax—Maximum MOS for call
– MOSListeningQualityKfactorAverage—Average MOS for call
With these additional statistics, customers now have more visibility than ever before into the listening quality of individual calls, and can export this data through SFTP to management tools for archival or historical reporting.
· CISCO-SYSLOG-MIB support—All syslog messages can now be sent through SNMP trap or inform messages. More than 700 unique syslog messages can now be monitored through SNMP, an enhancement to the 50 traps supported in Cisco Unified CallManager 4.1. With this version, customers have an unprecedented level of remote visibility into Cisco Unified CallManager 5.0, allowing additional management flexibility and granularity.
· Enhanced serviceability SOAP application programming interface (API)—The appliance model has implemented its own Perfmon server and therefore allows the serviceability SOAP API to retrieve many OS level counters such as: memory use, disk use, CPU use on a per-process basis, packets in and out, TCP retransmits, etc. In addition, Cisco Unified CallManager 5.0 services can now be programmatically started or stopped through the serviceability API, giving third-party developers the same level of access into the Cisco Unified CallManager 5.0 application that they have had in the past, but they can now access this information without onboard agents. Removing third-party applications such as these agents increases the robustness and reliability of Cisco Unified CallManager 5.0.
· New CDR and CMR SOAP API—A new API has been added to allow for third-party retrieval of CDR and CMR records, increasing the integration opportunities for customers and partners.
· New log-collection API—A new API allows third-party applications to collect trace files from Cisco Unified CallManager 5.0, increasing the integration opportunities for customers and partners.
· Addition of SIP in Cisco Unified CallManager 5.0_MIB—The Cisco Unified CallManager 5.0_MIB now contains various counters for registered SIP devices. This addition represents one of many ways the product that has been enhanced to support SIP devices. SIP devices can now be managed with the same level of information as SCCP phones.
· SNMP inform messages—Cisco Unified CallManager 5.0 now supports SNMPv3 and inform messages, essentially making SNMP a reliable protocol.
· Downloadable Cisco Unified CallManager 5.0 OS Perfmon History—Cisco Unified CallManager 5.0 now maintains a Perfmon history of more than 50 Cisco Unified CallManager 5.0 and OS Perfmon counters. This history is stored in a user-retrievable file that can be read by Windows Perfmon viewer. Now, when administrators receive a page from the Real-Time Monitoring Tool (RTMT) for high CPU use, for example, they can return to the office and download the Perfmon information from the server and review what previously occurred that might have led to the high usage. This feature greatly enhances the manageability of Cisco Unified CallManager 5.0.
· SFTP push for CDR and CMR—Cisco Unified CallManager 5.0 pushes CDR and CMR records to up to three external storage devices through SFTP and confirms that they have been successfully transferred before deleting them from the Cisco Unified CallManager 5.0, allowing customers to create a highly redundant, reliable, and scalable accounting and voice-quality information-collection system.
· CDR and CMR file management—All CDR and CMR files are monitored for successful delivery. Cisco Unified CallManager 5.0 now monitors CDR and CMR file-disk-space usage and notifies an administrator if that usage is getting too large. If not corrected, Cisco Unified CallManager 5.0 removes unsent files and notifies the user, thereby removing disk-space management from the administrator’s tasks and simplifying administration.
· OS Perfmon counter instrumentation—Cisco Unified CallManager 5.0 now reports on OS-level Perfmon counters such as CPU, memory, disk usage, as well as network-level information such as packets sent, packets received, retransmits, etc. through RTMT, the CLI, and the serviceability SOAP API, allowing existing users to easily transfer their Cisco Unified CallManager 4.0 knowledge to Cisco Unified CallManager 5.0, thereby minimizing the training costs of migrating to the next platform.
· Password complexity rules for platform accounts—All platform accounts now must meet minimum password complexity rules, ensuring best practices and increasing security.
· Remote account support—With a new interface to allow developer access to Cisco Unified CallManager 5.0, customers can enable and disable this access, allowing a secure mechanism for Cisco to troubleshoot customer-found defects when it is not possible to recreate the defect and reducing the mean time to repair (MTTR) when problems are identified.
· Enhanced remote access—Cisco Unified CallManager 5.0 now supports CLI access through the keyboard or video port, physical-terminal-line (tty) port, Integrated Lights Out (ILO), and SSH, giving customers flexibility in designing their primary and secondary management interfaces, thereby potentially reducing costs and service outages.
· Log partition monitor—Disk usage in the variable file partitions is now monitored by a log partition monitor. Administrators are notified when partition usage approaches a low water mark. When usage approaches a high water mark, files are removed, reducing the management tasks administrators need to worry about for Cisco Unified CallManager 5.0, thereby simplifying administration and increasing system resiliency.
· Trace collection tool enhancements
– Scheduled trace collection—Trace file collection can now be scheduled. Cisco Unified CallManager 5.0 pushes trace files off the server to a remote SFTP server based on a defined schedule, allowing customers to create their own trace server for historical troubleshooting or archival of system events.
– Search string-based file retrieval—To limit the amount of data that needs to be analyzed during troubleshooting sessions, a search string can be provided when specifying what files to collect through a trace collection tool, reducing troubleshooting time and thereby reducing MTTR.
– Real-time file monitoring (RTMT) capability—RTMT now can monitor a trace or log file on the server and display information as it is appended to the file, greatly simplifying the troubleshooting process and reducing the time to troubleshoot problems.
– Absolute and relative time-based file retrieval—The Trace Collection tool now can collect files from the server based on the timestamp on the file. The requested files can be specified using relative time, for example, the last 15 minutes; or absolute time, for example, 12 p.m. to 1 p.m. on March 1, 2006. This feature allows for faster troubleshooting because an administrator can focus on retrieving only the files needed.
– Ability to remove downloaded files from Cisco Unified CallManager 5.0 servers—The Trace Collection tool can download files from the server, with the option of then removing the files from the server, giving administrators the ability to create an off-server trace server for trace file archival.
· Real-time monitoring and control tool (RTMT)
– Additional precanned monitoring screens—RTMT has added precanned monitoring screens for the operating system, SIP phones, and the database, allowing for quick navigation to important resource counters to quickly diagnose system health.
– Log partition monitor alerts for full drives—The Log Partition Monitor generates new alerts in RTMT when it has reached the low and high water marks.
– User-defined events—RTMT can now configure user-defined events, allowing administrators to add their own alerts into the system by specifying a string to watch for in a trace or log file. For example, an administrator could watch for “invalid login attempt” in the syslog file and generate an event if it is seen in the syslog message, allowing for ultimate customization of the management interface.
For further information about any of the items listed in the document, refer to the following related documents:
· Cisco Unified CallManager 5.0 Release Notes
· Cisco Unified CallManager 5.0 administration and features guides
· Cisco Unified CallManager 5.0 serviceability guides
· Cisco Unified IP Phone [model-specific] administration and user guides
· Cisco Solution Reference Network Design Guide (SRND) for Cisco Unified CallManager 5.0