Cisco Unified Communications Manager (CUCM) is the central piece to Cisco Unified Communications / Collaboration solution. Many Collaboration services, such as voice, video, conferencing and so on, depend on CUCM. In order to provide secure CUCM access and various CUCM security features (as well as secure integration with other Cisco and third party applications) Cisco has bundled a Certificate Authority (CA) and self-signed certificates with CUCM. CUCM comes with built-in certificate authority and offers a plethora of certificates for various functions and features.
A very common notion is that certificates are used for security – which, by the way, is 100% correct! However, you may ask, where is security used? The simple answer is – Everywhere! The following list of services or security functions offered by CUCM/Endpoints give a good insight to where security is used in Cisco UC Paradigm:
- Encrypted Device Registration
- Encrypted Calls
- Encrypted Phone Configuration Files
- Secure H.323/SIP Trunks and Gateways
- Secure Survivable Remote Site Telephony (SRST)
- Security By Default (ITL, TVS)
- Secure Conferencing
- Secure LDAP
- Secure Web Pages (Tomcat)
- Single Sign-On (Open AM)
- Extension Mobility Cross Cluster (EMCC)
- Secure Voicemail ports
- VPN Phone
And so on. With that in mind let’s understand different types of certificates and CUCM PKI model that empowers you to design, deploy, and maintain a secure Cisco UC network, and is central to the security construct of Cisco UC solution.
To read further and explore CUCM PKI and certificates, refer to Chalk Talk: An Insight to Cisco Unified Communications Manager (CUCM) Certificates
This Chalk Talk is part of Cisco Technical Services Newsletter, February edition.
To learn more about Cisco UC solution security, Cisco UC PKI, and end-to-end Cisco UC security construct refer to – Securing Cisco IP Telephony Networks