Compatibility Matrix for Cisco Unified Communications Manager and the IM and Presence Service

Revision History

Date

Revision

June 19, 2019

Added OpenJDK version for 12.5(1)SU1 release.

Updated for 12.5(1)SU1. Changed title to 12.5(x)

February 03, 2020

Updated upgrade paths, LDAP support, version support for 12.5(1)SU2.

Februaury 20, 2020

Updated LDAPv3 Compliant Directories.

March 09, 2020

Updated Cisco Endpoint Support section.

March 11, 2020

Added Cisco Headsets to Endpoint Support.

Purpose of this Document

This document contains compatibility information for 12.5(x) releases of Cisco Unified Communications Manager and the IM and Presence Service. This includes subsequent SU releases as well, unless indicated otherwise.

Supported Upgrade and Migration Paths

The following table highlights supported upgrade paths to upgrade to 12.5(x) releases of Cisco Unified Communications Manager and the IM and Presence Service.


Note

Unless indicated otherwise, each release category includes the SU releases within that category. For example, 12.5(x) includes 12.5(1)SU releases. In addition, releases like 10.5(x) and 8.6(5) include any SU releases within those categories as well.
Table 1. Supported Upgrade Paths for Cisco Unified Communications Manager and the IM and Presence Service

Source

Destination

Supported Upgrade Method

Version Switching* (Source to Destination and Vice Versa)

Cisco Unified Communications Manager Upgrade Paths

Any Unified CM release prior to 6.1(5)

12.5(x)

Legacy upgrade. Direct upgrade and migration is not supported. Do the following:

  1. Upgrade to 6.1(5), 7.1(3) or 7.1(5)—See information on legacy upgrades

  2. PCD Migration** to 12.5(x)

Version switching not supported

Unified CM 6.1(5), 7.1(3), 7.1(5), 8.x, 9.x, 10.0(x)

12.5(x)

PCD Migration**

Version switching not supported

Unified CM 10.5(x), 11.x, 12.0(x)

12.5(x)

Unified OS Admin upgrade (direct refresh)

CLI upgrade (direct refresh)

PCD Upgrade (direct refresh)**

PCD Migration**

Version switching supported for upgrades, but not for migrations

Unified CM 12.5(x)

12.5(x)

Unified OS Admin upgrade (direct standard)

CLI upgrade (direct standard)

PCD Upgrade (direct standard)**

Version switching supported for upgrades, but not for migrations

IM and Presence Service Upgrade Paths

Cisco Unified Presence 8.0(x)

IM and Presence 12.5(x)

Direct upgrade or Migration is not supported. Do the following:

  1. Direct upgrade to 8.5(4)—See information on legacy upgrades

  2. PCD Migration** from 8.5(4) to 12.5(x)

Version switching not supported

Cisco Unified Presence 8.5(4), 8.6(3), 8.6(4), and 8.6(5),

IM and Presence 9.x, 10.0(x)

IM and Presence 12.5(x)

PCD Migration**

Version switching not supported

IM and Presence 10.5(x), 11.x or 12.0(x)

12.5(x)

Unified OS Admin upgrade (direct refresh)

CLI upgrade (direct refresh)

PCD upgrade (direct refresh)**

PCD Migration**

Version switching supported for upgrades, but not supported for migrations.

IM and Presence 12.5(x)

12.5(x)

Unified OS Admin upgrade (direct standard)

CLI upgrade (direct standard)

PCD upgrade (direct standard)**

Version switching supported for upgrades, but not supported for migrations.

* Version switching refers to the ability to install the new version as an inactive version and switch to the new version, and back to the old version, whenever you want. This capability is supported with most direct upgrades, but not with migrations.

** PCD Upgrades and Migrations—Use Cisco Prime Collaboration Deployment Release 12.6 or later for all PCD tasks.

Limitations

The above table does not include direct upgrades and PCD migrations from the following systems. For these systems, we recommend a fresh installation as direct upgrades and PCD migrations are not supported:

  • Cisco Business Edition 3000 on MCS 7816-C1

  • Cisco Business Edition 5000 on MCS 7828

Required COP Files

The tables below lists the upgrade paths that require COP files. You must install COP files on each node before you begin an upgrade using the Cisco Unified OS Admin interface, or before you begin an upgrade or migration using the Prime Collaboration Deployment (PCD) tool. If you are using PCD, you can perform a bulk installation of the COP files before you begin the upgrade.

You can download COP files for Cisco Unified Communications Manager and the IM and Presence Service at https://software.cisco.com/download/home/268439621. After you select the destination version for the upgrade, choose Unified Communications Manager Utilities to see the list of COP files.


Note

Although it is not mandatory, Cisco strongly recommends that you run the Upgrade Readiness COP file prior to the upgrade in order to maximize upgrade success. Cisco TAC may require that you run this COP file to provide effective technical support.


Table 2. Required COP Files

From

To

COP Files

Cisco Unified Communications Manger Upgrades

Unified CM 8.6(x), 9.x

12.5(x)

Required COP files:

  • ciscocm.version3-keys.cop.sgn

Optional COP files:

  • ciscocm.vmware-disk-size-reallocation-<latest_version>.cop.sgn)

  • ciscocm.free_common_space_v<latest_version>.cop.sgn

Unified CM 10.5(x), 11.0(x)

12.5(x)

Direct Refresh upgrade; no COP file required.

Unified CM 11.5(x)

12.5(x)

Direct Refresh upgrade; COP file is required to increase the disk space.
  • ciscocm.free_common_space_v<latest_version>.cop.sgn. To download the COP files and the Readme files, go to https://software.cisco.com > click Software Download link under Download & Upgrade section, and then, navigate to the Unified Communications > Call Control > Cisco Unified Communications Manager (CallManager) > <Version> > Unified Communications Manager/CallManager/Cisco Unity Connection Utilities.

Unified CM 12.0(1)

12.5(x)

PCD Migrations require a COP file:

  • ciscocm-slm-migration.k3.cop.sgn

Note 

This requirement applies only for Prime Collaboration Deployment migrations from Release 12.0(1) of Unified Communications Manager (build 12.0.1.10000-10). If you are migrating from a higher release, such as Unified Communications Manager 12.0(1)SU1, you don't need to install the COP file.

Unified CM 12.5(x)

12.5(x)

Direct Standard upgrade; no COP file required.

IM and Presence Service Upgrades

CUP 8.5(4) through 8.6(1)

12.5(x)

Required COP files:

  • cisco.com.cup.refresh_upgrade_v<latest_version>.cop

  • ciscocm.version3-keys.cop.sgn

9.1(x)

12.5(x)

Requires following COP File:

  • ciscocm.version3-keys.cop.sgn

10.5(x), 11.x, 12.x

12.5(x)

No COP files required

Supported Versions

The following table outlines which Cisco Unified Communications Manager and IM and Presence Service versions are supported with each release:

For this Release...

The Following Versions are Supported...

12.5(1)

  • Cisco Unified Communications Manager 12.5.1.10000-22

  • IM and Presence Service 12.5.1.10000-22

12.5(1)SU1

  • Cisco Unified Communications Manager 12.5.1.11900-146

  • IM and Presence Service 12.5.1.11900-117

12.5(1)SU2

  • Cisco Unified Communications Manager 12.5.1.12900-115

  • IM and Presence Service 12.5.1.12900-25

Version Compatibility Between Unified CM and the IM and Presence Service

Version compatibility depends on the IM and Presence deployment. The following table outlines the options and whether a release mismatch is supported between the telephony deployment and the IM and Presence deployment. A release mismatch, if it is supported, would let you deploy your Unified Communications Manager telephony deployment and your IM and Presence deployment using different releases.

Table 3. Version Compatibility between Unified Communications Manager and the IM and Presence Service

Deployment Type

Release Mismatch

Description

Standard Deployment of IM and Presence

Not supported

Unified Communications Manager and the IM and Presence Service are in the same cluster and must run the same release—a release mismatch is not supported.

Centralized Deployment of IM and Presence

Supported

The IM and Presence deployment and the telephony deployment are in different clusters and can run different releases—a release mismatch is supported.

Note 
The IM and Presence central cluster also includes a standalone Unified CM publisher node for database and user provisioning. This non-telephony node must run the same release as the IM and Presence Service.

Unified Communications Manager Compatibility Information

Cisco Collaboration System Applications

This release of Cisco Unified Communications Manager and the IM and Presence Service is a part of the Cisco Collaboration Systems Release 12.5 and is compatible with the other Cisco Collaboration applications and versions in Cisco Collaboration Systems Release 12.5.

For a full list of Cisco Collaboration applications that are a part of Cisco Collaboration Systems Release 12.5(x), and the supported versions for each, see the Cisco Collaboration Systems Release Compatibility Matrix at: https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/uc_system/unified/communications/system/Compatibility/CSR-Compatibility-Matrix-InteractiveHTML.html.

Cisco Endpoint Support

Supported Cisco Endpoints

The following table lists Cisco endpoints that are supported with this release of Cisco Unified Communications Manager. For endpoints that have reached End of Sale (EOS), or End of Software Maintenance, click the EOS link to view support details.


Note

Unless they are specified in the "Deprecated Phone Models" list, phone models that are End of Software Maintenance will continue to be supported on the latest Unified Communications Manager releases. However, they will not take advantage of any new Unified Communications Manager or firmware features associated with that release.


Device Series

Device Model

Cisco Unified SIP Phone 3900 Series

Cisco Unified SIP Phone 3905

Cisco Unified IP Phone 6900 Series

Cisco Unified IP Phone 6901

Cisco IP Phone 7800 Series

Cisco IP Phone 7811

Cisco IP Phone 7821

Cisco IP Phone 7841

Cisco IP Phone 7861

Cisco IP Conference Phone 7832

Cisco Unified IP Phone 7900 Series

Cisco Unified IP Phone Expansion Module 7915—EOS Notice

Cisco Unified IP Phone Expansion Module 7916—EOS Notice

Cisco Unified IP Phone 7942G—EOS Notice

Cisco Unified IP Phone 7962G—EOS Notice

Cisco Unified IP Phone 7945G—EOS Notice

Cisco Unified IP Phone 7965G—EOS Notice

Cisco Unified IP Phone 7975G—EOS Notice

Cisco IP Phone 8800 Series

Cisco IP Phone 8811, 8841, 8845, 8851, 8851NR, 8861, 8865, 8865NR

Cisco Wireless IP Phone 8821, 8821-EX

Cisco Unified IP Conference Phone 8831—EOS Notice

Cisco IP Conference Phone 8832

Cisco Unified IP Phone 8900 Series

Cisco Unified IP Phone 8945—EOS Notice

Cisco Unified IP Phone 8961—EOS Notice

Cisco Unified IP Phone 9900 Series

Cisco Unified IP Phone 9951—EOS Notice

Cisco Unified IP Phone 9971—EOS Notice

Cisco Jabber

Cisco Jabber for Android

Cisco Jabber for iPhone and iPad

Cisco Jabber for Mac

Cisco Jabber for Windows

Cisco Jabber Softphone for VDI - Windows (formerly Cisco Virtualization Experience Media Edition for Windows)

Cisco Jabber Guest

Cisco Jabber Software Development Kit

Cisco Jabber for Tablet

Cisco Headset Series

Cisco Headset 520

Cisco Headset 530

Cisco Headset 560

Cisco Headset 730

Cisco IP Communicator

Cisco IP Communicator—EOS Notice

Cisco Webex Meetings

Cisco Webex Meetings for Android

Cisco Webex Meetings for iPad and iPhone

Cisco Webex Desk Series

Cisco Webex Desk Pro

Cisco Webex

Cisco Webex Share

Cisco Webex Board 55, 55s, 70, 70s, 85

Cisco Webex Room Panorama

Cisco Webex Room 70 Panorama

Cisco Webex Room 70 Panorama Upgrade

Cisco Webex Room 70

Cisco Webex Room 70 G2

Cisco Webex Room 55

Cisco Webex Room 55 Dual

Cisco Webex Room Kit Pro

Cisco Webex Room Kit Plus

Cisco Webex Room Kit

Cisco Webex Room Kit Mini

Cisco Webex Room Kit Plus Precision

Cisco Analog Telephony Adapter

Cisco ATA 190 Analog Telephone Adapter

Cisco ATA 191 Analog Telephone Adapter

Cisco DX Series

Cisco DX70—EOS Notice

Cisco Webex DX80

Cisco DX650—EOS Notice

Cisco TelePresence IX5000

Cisco TelePresence IX5000

Cisco TelePresence EX Series

Cisco TelePresence System EX60—EOS Notice

Cisco TelePresence System EX90—EOS Notice

Cisco TelePresence MX Series

Cisco TelePresence MX200 G2—EOS Notice

Cisco TelePresence MX300 G2—EOS Notice

Cisco TelePresence MX700D—EOS Notice

Cisco TelePresence MX800S—EOS Notice

Cisco TelePresence MX800D—EOS Notice

Cisco TelePresence SX Series

Cisco TelePresence SX10—EOS Notice

Cisco TelePresence SX20—EOS Notice

Cisco TelePresence SX80—EOS Notice

Cisco Unified Communications Manager Release 12.5(1) is a part of Cisco Collaboration Systems Release 12.5. For a list of firmware versions that are used for each Cisco endpoint, see the Cisco Collaboration Systems Release Compatbility Matrix at http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/uc_system/unified/communications/system/Compatibility/CSR-Compatibility-Matrix.html.

For information about Device Pack compatibility to support the phones, see the Cisco Unified Communications Manager Device Package Compatibility Matrix at http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/compat/matrix/CMDP_BK_CCBDA741_00_cucm-device-package-compatibility-matrix.html.

End of Support

The following table lists Cisco endpoints that have reached the End of Support date, but which are not yet deprecated. Unlike deprecated endpoints, you can still deploy these endpoints in the latest release, but they are not supported actively, are not tested, and may not work.

Click the links to view support announcements for each endpoint.

Cisco Endpoints at End of Support

Deprecated Phone Models

The following table lists all the phone models that are deprecated for this release of Cisco Unified Communications Manager, along with the Unified CM release where the phone model first became deprecated. For example, a phone model that was first deprecated in Release 11.5(1) is deprecated for all later releases, including all 12.x releases.

If you are upgrading to the current release of Cisco Unified Communications Manager and you have any of these phone models deployed, the phone will not work after the upgrade.

Table 4. Deprecated Phone Models for this Release

Deprecated Phone Models for this Release

First Deprecated as of...

  • Cisco Unified IP Phone 7970G

  • Cisco Unified IP Phone 7971G-GE

  • Cisco Unified Wireless IP Phone 7921G

12.0(1) and later releases

  • Cisco IP Phone 12 SP+ and related models

  • Cisco IP Phone 30 VIP and related models

  • Cisco Unified IP Phone 7902

  • Cisco Unified IP Phone 7905

  • Cisco Unified IP Phone 7910

  • Cisco Unified IP Phone 7910SW

  • Cisco Unified IP Phone 7912

  • Cisco Unified Wireless IP Phone 7920

  • Cisco Unified IP Conference Station 7935

11.5(1) and later releases

For additional information refer to the Field Notice: Cisco Unified Communications Manager Release 12.0(x) does not support some deprecated phone models at http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/rel_notes/12_0_1/deprecated_phones/cucm_b_deprecated-phone-models-for-1201.html.

Upgrades that Involve Deprecated Phones

If you are using any of these phones on an earlier release and you want to upgrade to this release, do the following:

  1. Confirm whether the phones in your network will be supported in this release.

  2. Identify any non-supported phones.

  3. For any non-supported phones, power down the phone and disconnect the phone from the network.

  4. Provision a supported phone for the phone user. You can use the Migration FX tool to migrate from older model to newer model phones. For details, go to: https://www.unifiedfx.com/products/unifiedfx-migrationfx#endpoint_refresh_tool.

  5. Once all the phones in your network are supported by this release, upgrade your system.


Note

Deprecated phones can also be removed after the upgrade. When the administrator logs in to Unified Communications Manager after completing the upgrade, the system displays a warning message notifying the administrator of the deprecated phones.


Licensing

You do not need to purchase a new device license to replace a deprecated phone with a supported phone. The device license becomes available for a new phone when you either remove the deprecated phone from the system, or when you switch to the new Unified Communications Manager version, and the deprecated phone fails to register.

Virtualization Requirements

This release of Unified Communications Manager and the IM and Presence Service supports virtualized deployments only. Deployments on Cisco Media Convergence Servers are not supported. Refer to the following table for virtualization requirements.

Table 5. Virtualization Requirements

Virtualization Requirements for...

For information, go to...

Unified Communications Manager

For information about Unified Communications Manager virtualization requirements, go to https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/uc_system/virtualization/virtualization-cisco-unified-communications-manager.html.

IM and Presence Service

For information about the IM and Presence Service virtualization requirements, go to https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/uc_system/virtualization/virtualization-cisco-ucm-im-presence.html.

Cisco Business Edition Deployments

For information on the virtualization requirements for Unified Communications Manager in a collaboration solution deployment such as Cisco Business Edition, go to https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/uc_system/virtualization/collaboration-virtualization-hardware.html.

Supported LDAP Directories 12.5(x)

The following LDAP directories are supported:

  • Microsoft Active Directory 2019—Supported for 12.5(1)SU2 and later

  • Microsoft Active Directory 2016

  • Microsoft Active Directory 2012 R1/ R2

  • Microsoft Active Directory 2008 R1/ R2

  • Microsoft Lightweight Directory Services 2019—Supported for 12.5(1)SU2 and later

  • Microsoft Lightweight Directory Services 2012 R1/ R2

  • Microsoft Lightweight Directory Services 2008 R1/ R2

  • Oracle Directory Services Enterprise Edition 11gR1 (11.1.1.7.x or newer)

  • Oracle Unified Directory 11gR2 (11.1.2.2.0 or 11.1.2.3.0)

  • Open LDAP 2.4.45 or later

  • Other LDAPv3 Compliant Directories—Unified Communications Manager uses standard LDAPv3 for accessing the user's data. Ensure that the supportedcontrol attribute is configured in the LDAPv3 compliant directory servers to be used with DirSync. (The supportedcontrol attribute may return the pagecontrolsupport and persistentcontrolsupport sub attributes, if configured.)

Supported Web Browsers

The following web browsers are supported:

  • Firefox with Windows 10 (64 bit)—Latest browser version only

  • Chrome with Windows 10 (64 bit)—Latest browser version only

  • Internet Explorer 11 with Windows 10 (64 bit)

  • Internet Explorer 11 with Windows 8.1 (64 bit)

  • Internet Explorer 11 with Windows 7 (64 bit)

  • Microsoft Edge browser with Windows 10 (32 bit/64 bit)

  • Safari with MacOS (10.x)—Latest browser version only

SFTP Server Support

For internal testing, we use the SFTP Server on Cisco Prime Collaboration Deployment (PCD) which is provided by Cisco, and which is supported by Cisco TAC. Refer to the following table for a summary of the SFTP server options:

Table 6. SFTP Server Support

SFTP Server

Support Description

Cisco Prime Collaboration Deployment

This server is the only SFTP server that is provided and tested by Cisco, and which is fully supported by Cisco TAC.

Version compatibility depends on your version of Unified Communications Manager and Cisco Prime Collaboration Deployment. See the Cisco Prime Collaboration Deployment Administration Guide before you upgrade its version (SFTP) or Unified Communications Manager to ensure that the versions are compatible.

SFTP Server from a Technology Partner

These servers are third party provided and third party tested. Version compatibility depends on the third party test. See the Technology Partner page if you upgrade their SFTP product and/or upgrade Unified Communications Manager for which versions are compatible:

https://marketplace.cisco.com

SFTP Server from another Third Party

These servers are third party provided, have limited Cisco testing, and are not officially supported by Cisco TAC.

Version compatibility is on a best effort basis to establish compatible SFTP versions and Unified Communications Manager versions.

Note 

These products have not been tested by Cisco and we cannot guarantee functionality. Cisco TAC does not support these products. For a fully tested and supported SFTP solution, use Cisco Prime Collaboration Deployment or a Technology Partner.

SAML SSO Support

Although Cisco Collaboration infrastructure may prove to be compatible with other IdPs claiming SAML 2.0 compliance, only the following IdPs have been tested with Cisco Collaboration solutions:

  • OpenAM 10.0.1

  • Microsoft® Active Directory Federation Services 2.0 (AD FS 2.0)

  • PingFederate® 6.10.0.4

  • F5 BIG-IP 11.6.0

  • Okta

API Development

Unified Communications Manager and the IM and Presence Service support OpenJDK for application development. The 12.5(1) release uses OpenJDK version 1.7.0.191. From 12.5(1)SU1 release onward, the supported OpenJDK version is 1.7.0.201.

Secure Connections

TLS 1.2 Support

Unified Communications Manager and the IM and Presence Service support the use of TLS 1.2. For detailed information on TLS 1.2 support, see TLS 1.2 Compatibility Matrix for Cisco Collaboration Products at:

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/uc_system/unified/communications/system/Compatibility/TLS/TLS1-2-Compatibility-Matrix.html.

SSL Connections

For Secure Sockets Layer (SSL) connections, this release supports either Cisco SSL or Cisco SSH. You can use either of the following versions:

  • CiscoSSL 1.0.2n.6.2.194-fips

  • CiscoSSH 1.5.18

SSH Clients

This release supports OpenSSH client version 7.5.9-1.el7 for SSH connections.

Supported Ciphers for Unified Communications Manager

The following ciphers are supported by Unified Communications Manager:

Table 7. Unified Communications Manager Cipher Support for TLS Ciphers

Application / Process

Protocol

Port

Supported Ciphers

Cisco CallManager

TCP / TLS

2443

ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:
AES256-GCM-SHA384:
AES256-SHA256:
AES256-SHA:CAMELLIA256-SHA:
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA:
AES128-GCM-SHA256:
AES128-SHA256:AES128-SHA:
CAMELLIA128-SHA

DRS

TCP / TLS

4040

ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:
DHE-RSA-CAMELLIA256-SHA:
AES256-GCM-SHA384:AES256-SHA256:
AES256-SHA:CAMELLIA256-SHA:
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA:
DHE-RSA-CAMELLIA128-SHA:
AES128-GCM-SHA256:AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA

Cisco Tomcat

TCP / TLS

8443 / 443

ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:
DHE-RSA-AES256-GCM-SHA384:
DHE-RSA-AES256-SHA256:
DHE-RSA-AES256-SHA:
DHE-RSA-CAMELLIA256-SHA:
AES256-GCM-SHA384:AES256-SHA256:
AES256-SHA:CAMELLIA256-SHA:
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA:
DHE-RSA-AES128-GCM-SHA256:
DHE-RSA-AES128-SHA256:
DHE-RSA-AES128-SHA:
DHE-RSA-CAMELLIA128-SHA:
AES128-GCM-SHA256:AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA:
ECDHE-RSA-DES-CBC3-SHA:
EDH-RSA-DES-CBC3-SHA:
DES-CBC3-SHA 
ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES256-SHA384:
ECDHE-ECDSA-AES256-SHA:
ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES128-SHA256:
ECDHE-ECDSA-AES128-SHA:
ECDHE-ECDSA-DES-CBC3-SHA

Cisco CallManager

TCP / TLS

5061

ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES256-GCM-SHA384 
ECDHE-RSA-AES256-SHA384:
ECDHE-ECDSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA 
ECDHE-ECDSA-AES256-SHA:
AES256-GCM-SHA384:AES256-SHA256:
AES256-SHA:CAMELLIA256-SHA 
ECDHE-ECDSA-AES128-GCM-SHA256 
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA256 
ECDHE-ECDSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA 
ECDHE-ECDSA-AES128-SHA:
AES128-GCM-SHA256:AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA:
ECDHE-ECDSA-DES-CBC3-SHA

Cisco CTL Provider

TCP / TLS

2444

AES256-GCM-SHA384:AES256-SHA256:
AES256-SHA:CAMELLIA256-SHA:
AES128-GCM-SHA256:AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA: 
 

Cisco Certificate Authority Proxy Function

TCP / TLS

3804

AES256-GCM-SHA384:AES256-SHA256:
AES256-SHA:CAMELLIA256-SHA:
AES128-GCM-SHA256:AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA:

CTIManager

TCP / TLS

2749

ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:
AES256-GCM-SHA384:AES256-SHA256:
AES256-SHA:CAMELLIA256-SHA:
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA:
AES128-GCM-SHA256:AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA

Cisco Trust Verification Service

TCP / TLS

2445

AES256-GCM-SHA384:AES256-SHA256:
AES256-SHA:CAMELLIA256-SHA:
AES128-GCM-SHA256:AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA

Cisco Intercluster Lookup Service

TCP / TLS

7501

ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:AES256-GCM-SHA384:
AES256-SHA256:AES256-SHA:
CAMELLIA256-SHA:
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA:
AES128-GCM-SHA256:AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA:

Secure Configuration download (HAPROXY)

TCP / TLS

6971, 6972

ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:
DHE-RSA-CAMELLIA256-SHA:
AES256-GCM-SHA384:AES256-SHA256:
AES256-SHA:CAMELLIA256-SHA:
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA:
DHE-RSA-CAMELLIA128-SHA:
AES128-GCM-SHA256:AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA:
ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES256-SHA384:
ECDHE-ECDSA-AES256-SHA:
ECDHE-ECDSA-AES128-SHA256:
ECDHE-ECDSA-AES128-SHA:
ECDHE-ECDSA-DES-CBC3-SHA:

Authenticated Contact Search

TCP / TLS

9443

ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:
DHE-RSA-CAMELLIA256-SHA:
AES256-GCM-SHA384:AES256-SHA256:
AES256-SHA:CAMELLIA256-SHA:
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA:
DHE-RSA-CAMELLIA128-SHA:
AES128-GCM-SHA256:AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA:
ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES256-SHA384:
ECDHE-ECDSA-AES256-SHA:
ECDHE-ECDSA-AES128-SHA256:
ECDHE-ECDSA-AES128-SHA:
ECDHE-ECDSA-DES-CBC3-SHA:

Supported Ciphers for SSH

The following ciphers are supported by SSH:

Table 8. Cipher Support for SSH Ciphers

Service

Ciphers/Algorithms

SSH Server

  • Ciphers: aes128-ctr aes192-ctr aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com

    aes128-ctr
    aes192-ctr
    aes256-ctr
    aes128-gcm@openssh.com
    aes256-gcm@openssh.com
  • MAC algorithms:

    hmac-sha2-256
    hmac-sha1
  • Kex algorithms:

    ecdh-sha2-nistp521
    ecdh-sha2-nistp384
    ecdh-sha2-nistp256
    diffie-hellman-group14-sha1
    diffie-hellman-group1-sha1
    diffie-hellman-group-exchange-sha256
    diffie-hellman-group-exchange-sha1

SSH Client

  • Ciphers:

    aes128-ctr
    aes192-ctr
    aes256-ctr
    aes128-gcm@openssh.com
    aes256-gcm@openssh.com
  • MAC algorithms:

    hmac-sha2-256
    hmac-sha1
  • Kex algorithms:

    ecdh-sha2-nistp521
    ecdh-sha2-nistp384
    ecdh-sha2-nistp256
    diffie-hellman-group14-sha1
    diffie-hellman-group1-sha1
    diffie-hellman-group-exchange-sha256
    diffie-hellman-group-exchange-sha1

DRS Client

  • Ciphers:

    aes128-ctr
    aes192-ctr
    aes256-ctr
    
  • MAC algorithms:

    hmac-sha2-256
    hmac-sha1
  • Kex algorithms:
    ecdh-sha2-nistp521
    ecdh-sha2-nistp384
    diffie-hellman-group14-sha1
    diffie-hellman-group1-sha1
    diffie-hellman-group-exchange-sha256
    diffie-hellman-group-exchange-sha1

SFTP client

  • Ciphers:

    aes128-ctr
    aes192-ctr 
    aes256-ctr 
    
  • MAC algorithms:

    hmac-sha2-256 
    hmac-sha1
  • Kex algorithms:

    ecdh-sha2-nistp521 
    ecdh-sha2-nistp384 
    diffie-hellman-group14-sha1 
    diffie-hellman-group1-sha1 
    diffie-hellman-group-exchange-sha256 
    diffie-hellman-group-exchange-sha1

IM and Presence Service Compatibility Information

Platform Compatibility

The IM and Presence Service shares a platform with Unified Communications Manager. Many of the compatibility topics for Unified Communications Manager double as support topics for the IM and Presence Service. You can refer to the Unified Communications Manager compatibility chapter for information on the following items:

  • Secure Connections

  • Virtualization Requirements

  • Supported Web Browsers

LDAP Directory Servers Supported

IM and Presence Service integrates with these LDAP directory servers:

  • Microsoft Active Directory 2000, 2003, 2008, 2012, 2016, and 2019—The minimum 12.5(x) release for AD2019 is 12.5(1)SU2. For 11.5.x, the minimum supported version for AD2019 is 11.5(1)SU7.

  • Microsoft Lightweight Directory Services 2019 (Minimum supported release is 11.5(1)SU7)

  • Netscape Directory Server

  • Sun ONE Directory Server 5.2

  • OpenLDAP

Federation Support

SIP Federation Support

The following table lists supported SIP Federation integrations:

Table 9. Supported SIP Federations

Third-Party System

Single Enterprise Network*

(Intradomain or Interdomain Federation)

Business to Business

(Interdomain Federation)

Direct Federation

via Expressway

via ASA

via Expressway

Lync 2010

Y

Y (SIP Broker)

Y

Not supported

Lync 2013

Y

Y (SIP Broker)

Y

Y (Traffic Classification)

Skype for Business 2015 (on-premise)

Y

Not supported

Y

Y (Traffic Classification)

Office 365 (uses a cloud-hosted Skype for Business)

Not applicable

Not applicable

Not supported

Y (Traffic Classification)

* The Single Enterprise Network can be partitioned intradomain federation or interdomain federation as the support values are the same for each. Business to Business integrations are always interdomain federation.

Supported XMPP Federations

This release of IM and Presence Service supports XMPP Federation with the following systems:

  • IBM Sametime

  • Webex Teams

  • IM and Presence Service Release 9.x and up

  • Any other XMPP-compliant system

Intercluster Peering Support

This release of the IM and Presence Service supports intercluster peering with the following IM and Presence Service releases:

  • Release 10.x

  • Release 11.x

  • Release 12.x

Calendar Integration with Microsoft Outlook

The IM and Presence Service supports Microsoft Outlook Calendar Integration with either an on-premise Exchange server or a hosted Office 365 server. See the table below for support information:

Table 10. Support Information for Calendar Integration

Component

Install Compatible Version

Windows Server

  • Service Packs for Windows Server 2008 (SP2)

  • Service Packs for Windows Server 2012 (Standard)

  • Windows Server 2016

  • Windows Server 2019—With 11.x releases, the minimum IM and Presence Service Release is 11.5(1)SU7. With 12.x releases, the minimum IM and Presence Service Release is 12.5(1)SU2.

Microsoft Exchange Server 2010

Service Packs for Microsoft Exchange 2010 (SP1)

Microsoft Exchange Server 2013

Service Packs for Microsoft Exchange 2013 (SP1)

Microsoft Exchange Server 2016

Microsoft Exchange 2016

Microsoft Office 365

Refer to your Microsoft documentation for details on deploying a hosted Office 365 server.

Note 
As of October 2020, Microsoft is changing the authentication mechanism that is supported by Exchange Online to use OAuth-based authentication only. After the change, if you want to deploy calendar integration between the IM and Presence Service and Office 365, you will need to upgrade the IM and Presence Service to Release 12.5(1)SU2. This change will not affect integration with an on-premises Exchange server.

Active Directory

  • Active Directory 2008 with Windows Server 2008 (SP2)

  • Active Directory 2012 with Windows Server 2012

  • Active Directory 2016 with Windows Server 2016

Note 

User names configured in Active Directory must be identical to those names defined in Unified Communications Manager.

A Third-Party Certificate OR Certificate Server

One or the other of these is required to generate the certificates.

Note 

Microsoft Exchange integration with IM and Presence Service supports certificates using RSA 1024 or 2048 bit keys and SHA1 and SHA256 signature algorithms.

Supported Ciphers for the IM and Presence Service

IM and Presence Service supports the following ciphers:

Table 11. Cisco Unified Communications Manager IM & Presence Cipher Support for TLS Ciphers

Application / Process

Protocol

Port

Supported Ciphers

Cisco SIP Proxy

TCP / TLS

8083

ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-SHA384:
ECDHE-ECDSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:
ECDHE-ECDSA-AES256-SHA:
AES256-GCM-SHA384:AES256-SHA256:
AES256-SHA:CAMELLIA256-SHA:
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA256:
ECDHE-ECDSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA:
ECDHE-ECDSA-AES128-SHA:
AES128-GCM-SHA256:AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA:
ECDHE-RSA-DES-CBC3-SHA:
ECDHE-ECDSA-DES-CBC3-SHA:
DES-CBC3-SHA

Cisco SIP Proxy

TCP / TLS

5061

ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-SHA384:
ECDHE-ECDSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:
ECDHE-ECDSA-AES256-SHA:
AES256-GCM-SHA384:AES256-SHA256:
AES256-SHA:CAMELLIA256-SHA:
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA256:
ECDHE-ECDSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA:
ECDHE-ECDSA-AES128-SHA:
AES128-GCM-SHA256:
AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA:
ECDHE-RSA-DES-CBC3-SHA:
ECDHE-ECDSA-DES-CBC3-SHA:
DES-CBC3-SHA

Cisco XCP XMPP Federation Connection Manager

TCP /TLS

5269

ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-SHA384:
ECDHE-ECDSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:
ECDHE-ECDSA-AES256-SHA:
AES256-GCM-SHA384:AES256-SHA256:
AES256-SHA:CAMELLIA256-SHA:
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA256:
ECDHE-ECDSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA:
ECDHE-ECDSA-AES128-SHA:
AES128-GCM-SHA256:AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA:
ECDHE-RSA-DES-CBC3-SHA:
ECDHE-ECDSA-DES-CBC3-SHA:
DES-CBC3-SHA

Cisco SIP Proxy

TCP / TLS

5062

ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-SHA384:
ECDHE-ECDSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:
ECDHE-ECDSA-AES256-SHA:
AES256-GCM-SHA384:
AES256-SHA256:AES256-SHA:
CAMELLIA256-SHA:
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA256:
ECDHE-ECDSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA:
ECDHE-ECDSA-AES128-SHA:
AES128-GCM-SHA256:AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA:
ECDHE-RSA-DES-CBC3-SHA:
ECDHE-ECDSA-DES-CBC3-SHA:
DES-CBC3-SHA

Cisco XCP Client Connection Manager

TCP / TLS

5222

ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-SHA384:
ECDHE-ECDSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:
ECDHE-ECDSA-AES256-SHA:
AES256-GCM-SHA384:AES256-SHA256:
AES256-SHA:CAMELLIA256-SHA:
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA256:
ECDHE-ECDSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA:
ECDHE-ECDSA-AES128-SHA:
AES128-GCM-SHA256:AES128-SHA256:
AES128-SHA:CAMELLIA128-SHA:
ECDHE-RSA-DES-CBC3-SHA:
ECDHE-ECDSA-DES-CBC3-SHA:
DES-CBC3-SHA

Cisco Tomcat

TCP / TLS

8443, 443

ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-RSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA:
DHE-RSA-AES256-GCM-SHA384:
DHE-RSA-AES256-SHA256:
DHE-RSA-AES256-SHA:
DHE-RSA-CAMELLIA256-SHA:
AES256-GCM-SHA384:AES256-SHA256:
AES256-SHA:CAMELLIA256-SHA:
ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA256:
ECDHE-RSA-AES128-SHA:
DHE-RSA-AES128-GCM-SHA256:
DHE-RSA-AES128-SHA256:
DHE-RSA-AES128-SHA:
DHE-RSA-CAMELLIA128-SHA:
AES128-GCM-SHA256:
AES128-SHA256:AES128-SHA:
CAMELLIA128-SHA:
ECDHE-RSA-DES-CBC3-SHA:
EDH-RSA-DES-CBC3-SHA:
DES-CBC3-SHA 
ECDHE-ECDSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES256-SHA384:
ECDHE-ECDSA-AES256-SHA:
ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES128-SHA256:
ECDHE-ECDSA-AES128-SHA:
ECDHE-ECDSA-DES-CBC3-SHA

Remote Call Control with Microsoft Lync

Microsoft Remote Call Control (RCC) allows enterprise users to control their Cisco Unified IP Phone or Cisco IP Communicator Phone through Microsoft Lync, a third-party desktop instant-messaging (IM) application. When a user signs in to the Microsoft Lync client, the Lync server sends instructions, through the IM and Presence Service node, to the Cisco Unified Communications Manager to set up, tear down and maintain calling features based on a user's action at the Lync client.


Note

SIP federation and Remote Call Control (RCC) do not work together on the same IM and Presence Service cluster. This is because for SIP federation a user cannot be licensed for both Cisco IM and Presence Service and Microsoft Lync/OCS, but for RCC a user must be licensed for Cisco IM and Presence Service and Microsoft Lync/OCS at the same time.



Note

An IM and Presence Service cluster that is used for RCC does not support Jabber or other IM and Presence Service functionality.


Software Requirements

The following software is required for integrating IM and Presence Service with Microsoft Lync Server:

  • IM and Presence Service, current release

  • IM and Presence Service Lync Remote Call Control Plug-in

  • Cisco Unified Communications Manager, current release

  • Microsoft Lync Server 2010 or 2013 Release 4.x, Standard Edition or Enterprise Edition

    • Lync Server Control Panel

    • Lync Server Deployment Wizard

    • Lync Server Logging Tool

    • Lync Server Management Shell

    • Lync Server Topology Builder

  • Microsoft 2010 Lync Client, or, Microsoft 2013 Lync Client

  • (Optional) Upgraded Skype for Business 2015 Client


    Note

    The Skype for Business 2015 client must have been upgraded from a Lync 2013 client and must be registered to a Lync 2013 server.


  • (Optional) Cisco CSS 11500 Content Services Switch

  • Microsoft Domain Controller

  • Microsoft Active Directory

  • DNS

  • Certificate Authority

Configuration

For additional details, including configuration information, see Remote Call Control with Microsoft Lync Server for the IM and Presence Service at https://www.cisco.com/c/en/us/support/unified-communications/unified-presence/products-installation-and-configuration-guides-list.html.