Filter
Top Products
6-14
Design Guide for Cisco Unity Release 5.x
OL-14619-01
Chapter 6 Integrating Cisco Unity with the Phone System
Integrating with Cisco Unified Communications Manager (by Using SCCP or SIP)
Note that Cisco Unified CM authentication and encryption protects only calls to Cisco Unity. Messages
recorded on the message store are not protected by Cisco Unified
CM authentication and encryption but
can be protected by the Cisco
Unity secure messaging feature.
Note The secure messaging feature is available only when Exchange is the message store.
For more information on secure messaging, see the “Securing Subscriber Messages” chapter of the
Security Guide for Cisco
Unity Release 5.x (With Microsoft Exchange) at
http://www.cisco.com/en/US/products/sw/voicesw/ps2237/prod_maintenance_guides_list.html.
Authentication and encryption between Cisco Unity and Cisco Unified CM require:
• A Cisco Unified CM CTL file that lists all Cisco Unified CM servers that are entered in Cisco Unity
Telephony Integration Manager (UTIM) for secure clusters.
• A Cisco Unity server root certificate for each Cisco Unity that uses authentication and/or
encryption. A root certificate is valid for 20 years from the time it was created.
• Cisco Unity voice messaging port device certificates that are rooted in the Cisco Unity server root
certificate and that the voice messaging ports present when registering with the Cisco Unified
CM
server.
Signaling
encryption
Uses cryptographic methods to protect (through encryption) the confidentiality of all SCCP signaling
messages that are sent between the Cisco
Unity voice messaging ports and Cisco Unified CM.
Signaling encryption ensures that the information that pertains to the parties, DTMF digits that are
entered by the parties, call status, media encryption keys, and so on are protected against unintended
or unauthorized access.
This feature protects against:
• Man-in-the-middle attacks that observe the information flow between Cisco Unified CM and the
Cisco
Unity voice messaging ports.
• Network traffic sniffing that observes the signaling information flow between Cisco Unified CM
and the Cisco
Unity voice messaging ports.
Media encryption Uses Secure Real Time Protocol (SRTP) as defined in IETF RFC 3711 to ensure that only the intended
recipient can interpret the media streams between Cisco
Unity voice messaging ports and endpoints,
for example, phones or gateways. Only audio streams are encrypted. Media encryption creates a media
master key pair for the devices, delivers the keys to Cisco
Unity and the endpoint, and secures the
delivery of the keys while the keys are in transport. Cisco
Unity and the endpoint use the keys to
encrypt and decrypt the media stream.
This feature protects against:
• Man-in-the-middle attacks that listen to the media stream between Cisco Unified CM and the
Cisco
Unity voice messaging ports.
• Network traffic sniffing that eavesdrops on phone conversations that flow between Cisco
Unified
CM, the Cisco Unity voice messaging ports, and IP phones that are managed by Cisco
Unified
CM.
Authentication and signaling encryption are required for media encryption; that is, if the devices do not
support authentication and signaling encryption, media encryption cannot occur.
Table 6-3 Cisco Unified Communications Manager Security Features That Are Used by Cisco Unity (continued)
Security Feature Description