Cisco Systems OL-14619-01 Network Router User Manual


 
6-16
Design Guide for Cisco Unity Release 5.x
OL-14619-01
Chapter 6 Integrating Cisco Unity with the Phone System
Integrating with Cisco Unified Communications Manager (by Using SCCP or SIP)
Disabling and Re-Enabling Security
The authentication and encryption features between Cisco Unity and Cisco Unified CM can be enabled
and disabled by changing the Cisco Unified
CM Cluster Security Mode for all Cisco Unified CM
clusters to Non-Secure, and by changing the applicable settings in the Cisco Unified
CM Administration.
Authentication and encryption can be re-enabled by changing the Cisco Unified CM Cluster Security
Mode to Authenticated or Encrypted.
Note that after disabling or re-enabling authentication and encryption, it is not necessary to export the
Cisco
Unity server root certificate and copy it to all Cisco Unified CM server.
Multiple Integrations Can Have Different Security Mode Settings
When Cisco Unity is integrated with multiple Cisco Unified CM clusters, each cluster can have a
different setting for Cisco Unified
CM Cluster Security Mode. For example, Cluster 1 can be set to
Encrypted, and Cluster
2 can be set to Non-Secure.
Settings for Individual Voice Messaging Ports
For troubleshooting purposes, authentication and encryption for Cisco Unity voice messaging ports can
be individually enabled and disabled. At all other times, we recommend that the Security Mode setting
for all voice messaging ports on the Ports tab be the same as the Cisco Unified
CM Cluster Security
Mode setting on the Servers tab.
Authenticated The integrity of call-signaling messages will be ensured because they will be connected to Cisco
Unified
CM through an authenticated TLS port. However, the privacy of call-signaling messages will
not be ensured because they will be sent as clear (unencrypted) text.
The media stream is not encrypted.
Encrypted The integrity and privacy of call-signaling messages will be ensured because they will be connected to
Cisco Unified
CM through an authenticated TLS port, and the call-signaling messages will be
encrypted.
The media stream can be encrypted.
Caution Both end points must be registered in encrypted mode for the media stream to be encrypted.
However, when one end point is set for non-secure or authenticated mode and the other end
point is set for encrypted mode, the media stream will not be encrypted. Also, if an
intervening device (such as a transcoder or gateway) is not enabled for encryption, the media
stream will not be encrypted.
Table 6-4 Cisco Unified Communications Manager Cluster Security Mode Settings for Voice Messaging Ports
Setting Effect