Cisco Unity Connection - Restricted and Unrestricted Version (Applicable for 10.5(2) SU6 and later)
This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute, or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws.
Cisco Unity Connection provides two versions of the Connection software - restricted and unrestricted that address import requirements for some countries related to encryption of user data. Restricted version of the Cisco Unity Connection allows you to enable the encryption on the product to use the below given security modules whereas in Unrestricted version, you are not allowed to use the security modules.
Table 11-1 Security Modules of Cisco Unity Connection
|
Restricted Version of Connection
|
Unrestricted Version of Connection
|
SSL for IMAP connections used to access voice messages |
Allowed |
Disallowed |
Secure SCCP, SIP, and SRTP for call signaling and media |
Allowed |
Disallowed |
Communications among networked Connection servers or clusters (over secure MIME) |
Allowed |
Disallowed |
SSL for Comet notification (Jetty SSL command) |
Allowed |
Disallowed |
Caution
With restricted and unrestricted versions of Connection software available, download software or order a DVD. Upgrading a restricted version to an unrestricted version is supported, but future upgrades are then limited to unrestricted versions. Upgrading an unrestricted version to a restricted version is not supported.
With Unity Connection 10.5(2) Service Update 6 and later, by default the encryption is disabled for the Restricted version of the product in Demo mode. Hence you are not allowed to use the above security modules with Restricted version of Unity Connection until you install the Encryption license $0 ENC SKU on Prime License Manager. The $0 ENC SKU license enables the Export Controlled Functionality for Cisco Unity Connection.
Note Prime License Manager server must be 10.5(2) SU1 and later to install the Encryption license.
When you are upgrading Cisco Unity Connection from any earlier releases to 10.5(2) SU6 and later, you get the following behavior of encryption on Cisco Unity Connection:
Table 11-2 Upgrade Path for Cisco Unity Connection
|
Cluster Mode before Upgrade
|
License Status before Upgrade
|
License Status after Upgrade
|
|
Pre- 9.x to 10.5(2) SU6 |
Secure |
Licensed |
Demo |
Cisco Unity Connection continues to run in secure mode. If Unity Connection is not connected with PLM or Encryption license is not installed on PLM for 60 days, system will generate an alarm on RTMT. |
9.x and later to 10.5(2) SU6 |
Secure |
Demo |
Demo |
Cisco Unity Connection continues to run in secure mode. If Unity Connection is not connected with PLM or Encryption license is not installed on PLM for 60 days, system will generate an alarm on RTMT. |
PLM Licensed |
Violation |
Cisco Unity Connection continues to run in secure mode. If sufficient licenses with Encryption license are not installed on PLM within 60 days of grace period, system will generate an alarm on RTMT. |
For more information on the licenses, see “Managing Licenses” chapter of Install, Upgrade and Maintenance Guide for Cisco Unity Connection 10.x available at https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/10x/install_upgrade/guide/10xcuciumgx.html.
To enable or disable the encryption on Cisco Unity Connection Restricted version, a new CLI command “utils cuc encryption <enable/disable>” is introduced in Unity Connection 10.5(2) SU6 and later.
For more information on the CLI, see the Command Line Interface Reference Guide for Cisco Unified Solutions for the latest release, available at http://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-callmanager/products-maintenance-guides-list.html