[cisco-voip] top level domain SIP SRV record - skype and jabber

2017-10-27 Thread Lelio Fulgenzi 

So we're in the same boat as many others

We've decided to pilot Jabber and in order to do that, we've had to deploy a 
subdomain (myjabber.acme.com) in order to activate split view DNS which Jabber 
requires to decide to communicate to CUCM directly or through expressway.

Another team has deployed skype, but using the top level domain, acme.com, and 
registered SIP SRV records to Microsoft Linc site, etc.

Can we expect problems with this?

I'm thinking about how we might want to advertise our SIP enabled sessions to 
Jabber clients and WebEx clients once we have that integration built in.

My hope was to see they register the skyp.acme.com domain rather than the top 
level domain.

Thoughts?

---
Lelio Fulgenzi, B.A.
Senior Analyst, Network Infrastructure
Computing and Communications Services (CCS)
University of Guelph

519-824-4120 Ext 56354
le...@uoguelph.ca
www.uoguelph.ca/ccs
Room 037, Animal Science and Nutrition Building
Guelph, Ontario, N1G 2W1

<>___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Looking for advice on sRTP using tokenless CTL

2017-10-27 Thread Justin Steinberg 
Ryan,

Could you elaborate a little on this change ?I did an upgrade on my lab
system to 11.5(1)su3a and after the upgrade I see from the output of 'show
itl' that the callmanager.pem is still the signer of the ITL file.

Would the ITLRecovery only be the signer of the ITL on a fresh install of
11.5(1)su3/3a ?

The release notes for su3 have a revision history update on October 23rd
that says "Removed Enhanced CTL and ITL Trust information, which is not
available with this release."I'm not sure if that's related to your
comment or if something has changed.

Justin




On Fri, Oct 20, 2017 at 10:13 AM, Ryan Ratliff (rratliff) <
rratl...@cisco.com> wrote:

> Additionally in 11.5SU3 and 12.0 we now sign the ITL and tokenless CTL
> files with the ITLRecovery certificate instead of CallManager.pem.
> https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/
> rel_notes/11_5_1/SU3/cucm_b_release-notes-cucm-imp-
> 1151su3/cucm_b_release-notes-cucm-imp-1151su3_chapter_00.html#reference_
> 9C103B26C27EFA3008B593B943A6950C
>
> This should greatly reduce the risk of inadvertent trust list issues
> caused by certificate operations.
>
> -Ryan
>
> On Oct 19, 2017, at 3:08 PM, Brian Meade  wrote:
>
> In 10.x, CTL/ITL are signed by the CallManager.pem if you do tokenless.
> There's a recovery key in the ITL so you can run "utils itl reset localkey"
> to resign the ITL with the recovery key to recover your cluster.  But this
> doesn't help you with devices that don't support SBD like Jabber.
>
> In 11.x, CTL/ITL are signed by the CallManager.pem if you do tokenless but
> there's also a recovery key for the CTL.  You can run "utils ctl reset
> localkey" to resign the CTL with the recovery key to recover your cluster.
>
> So I'd recommend in your case that you upgrade to 11.x first or use
> physical tokens.
>
> The latest 11.5 SU requires you to order a free encryption license through
> PUT as well.
>
>
>
> On Tue, Oct 17, 2017 at 2:01 PM, Ryan Huff  wrote:
>
>> Looking at enabling sRTP on a 10.x cluster (CUCM, EXPRESSWAY, CXN, UCCX).
>> As I have been researching this topic; I’ve found the “riskiest” task to be
>> enabling CTL / Mixed Mode in CUCM. Specifically, if you have devices that
>> do not support Security By Default.
>>
>> It’s my understanding that once the callmanager cert changes, any device
>> that can’t negotiate with the TVS service to establish verification will
>> not be able to download the new CTL, and therefore not be able to
>> re-register to CUCM until their CTL is removed.
>>
>> The device/trunk security profile configurations seems straight forward
>> as do the steps to take on CUBE and Expressway (regarding the trunk
>> security).
>>
>> I haven’t completed my research into the CXN/UCCX requirements for SRTP
>> with CUCM.
>>
>> Are their any other major/general pitfalls I should look out for? Anyone
>> have any horror stories or lessons learned to share?
>>
>> Thanks,
>>
>> Ryan
>>
>> ___
>> cisco-voip mailing list
>> cisco-voip@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

[cisco-voip] CER question

2017-10-27 Thread Tim Kenyon 
Can CER send out 911 alerts via SNMP or some kind of XML packet with relative 
details like extension number, ERL/ELIN, Mac and IP address of the device? I 
know it can send an email, and I'm not sure what is in the email either. But 
would prefer something better for the alert.



Tim Kenyon
Conveyant Systems, Inc.



___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

[cisco-voip] Cisco MediaSense get old recording calls

2017-10-27 Thread Claiton Campos 
Hello everyone,
I have a call recording environment being performed by MediaSense, but I
can not
search for calls that have been recorded for more than 30 days. All calls
are recorded in
local disk of MediaSense. Does anyone know how to rescue these files?

Best Regards,
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip