Location Bandwidth Manager Security Mode
LBM is able to secure its intercluster communications between LBM hubs and in order to support backward compatibility and upgrades LBM has an option to configure how intercluster LBM hubs communicate with each other. To meet these requirements, the enterprise service parameter, LBM Security Mode, is available with the following values:
The default setting is Insecure. You enable LBM secure communication by changing this Enterprise service parameter to either Secure or Mixed. And when this service parameter is changed, the LBM hubs in that cluster need to be restarted so that connections with the new security setting can be attempted.
The Mixed configuration is insecure, but very flexible and allows Unified CM Release 9.1 and later clusters to communicate with Unified CM Release 9.0 clusters, the latter operating in the strict insecure mode. This is an intermediate step while converting all the clusters from insecure to secure mode or secure to insecure mode. A description of this would be: starting with the clusters in insecure mode, make sure all the certificates are present on all nodes using, for instance, the Bulk Certificate export/import. Change the parameter to Mixed without losing communication (except when the LBM hubs are restarted). After all the clusters are moved into Mixed and all LBM hubs are confirmed to have secure connections to all other hubs, switch to Secure mode. Similar steps involving intermediate mixed state can be followed to move to insecure from secure.
The Enterprise service parameter is used by LBM to determine whether an LBM hub accepts and attempts secure only, insecure only, or both, connections from or to a remote LBM hub.
LBMs has one port for secure connections (9005), one for insecure connections (9004). The insecure port 9004 has been defined since Unified CM 9.0 release. Secure port 9005 is added for Unified CM Release 9.1.
The communication between LBMs within the cluster remains through the insecure connections.
An LBM hub accepts connections from remote LBM hubs:
- If the Enterprise service parameter is set to Mixed, an LBM hub in this cluster accepts both secure and insecure connections from remote LBM hubs.
- If the Enterprise service parameter is set to Insecure, an LBM hub only accepts insecure connections from remote LBM hubs.
- If the Enterprise service parameter is set to Secure, an LBM hub only accepts secure connections from remote LBM hubs.
An LBM hub attempts to open a connection to remote LBM hubs:
- If the Enterprise service parameter is set to Mixed, an LBM hub in this cluster attempts both secure and insecure connections to remote LBM hubs, which is also based on validation and availability of local and remote security certificates.
- If the Enterprise service parameter is set to Insecure, an LBM hub only attempts an insecure connection to remote LBM hubs.
- If the Enterprise service parameter is set to Secure, an LBM hub only attempts a secure connection to remote LBM hubs. Secure connections are based on validation and availability of local and remote security certificates.
In Unified CM Release 9.0 LBM two connections between each LBM were available, one connection for outgoing and one for incoming insecure communication. For Unified CM Release 9.1, LBM two additional connections are available for LBM hubs connecting between clusters for secure communication. Therefore there are up to 4 connections for the Mixed Mode service parameter for LBM hubs connecting between clusters.
LBM selects a secure connection to send information, if a secure connection is available in its connection pool. If a secure connection is not available, but an insecure connection is available, LBM sends information on the insecure connection. Under race conditions when the connections are being established, it is possible that initially there are only insecure connections available. However, LBM automatically switches to secure connections when those become available. This logic applies to connections coming and going during the application lifetime. This illustrates one reason why mixed connections are inherently insecure.
To use the Secure LBM feature where the LBM Security Mode is set to Mixed or Secure, Tomcat certificates for every node must be deployed on each respective node. For more information about deploying certificates, see Cisco Unified Communications Operating System Administration Guide.