Authorized Self-Study Guide Implementing Cisco Unified Communications Manager Part 2 (CIPT2)   Foundation learning for CIPT2 exam 642-456   Chris Olsen   Implementing Cisco Unified Communications Manager, Part 2 (CIPT2), is a Cisco®-authorized, self-paced learning tool for CCVP® foundation learning. This book provides you with the knowledge needed to install and configure a Cisco Unified Communications Manager solution in a multisite environment. By reading this book, you will gain a thorough understanding of how to apply a dial plan for a multisite environment, configure survivability for remote sites during WAN failure, implement solutions to reduce bandwidth requirements in the IP WAN, enable Call Admission Control (CAC) and automated alternate routing (AAR), and implement device mobility, extension mobility, Cisco Unified Mobility, and voice security.   This book focuses on Cisco Unified CallManager Release 6.0, the call routing and signaling component for the Cisco Unified Communications solution. It also includes H.323 and Media Gateway Control Protocol (MGCP) gateway implementation, the use of a Cisco Unified Border Element, and configuration of Survivable Remote Site Telephony (SRST), different mobility features, and voice security.   Whether you are preparing for CCVP certification or simply want to gain a better understanding of deploying Cisco Unified Communications Manager in a multisite environment, you will benefit from the foundation information presented in this book.   Implementing Cisco Unified Communications Manager, Part 2 (CIPT2), is part of a recommended learning path from Cisco that includes simulation and hands-on training from authorized Cisco Learning Partners and self-study products from Cisco Press. To find out more about instructor-led training, e-learning, and hands-on instruction offered by authorized Cisco Learning Partners worldwide, please visit www.cisco.com/go/authorizedtraining.   Chris Olsen is the president and founder of System Architects, Inc., a training and consulting firm specializing in Cisco, Microsoft, and Novell networking; IP telephony; and information technologies. Chris has been teaching and consulting in the networking arena for more than 15 years. He currently holds his CCNA®, CCDA®, CCNP®, and CCVP certifications, as well as various Microsoft certifications.   Identify multisite issues and deployment solutions Implement multisite connections Apply dial plans for multisite deployments Examine remote site redundancy options Deploy Cisco Unified Communications Manager Expressin SRST mode Implement bandwidth management, call admission control (CAC), and call applications on Cisco IOS® gateways Configure device, extension mobility, and Cisco unified mobility Understand cryptographic fundamentals and PKI Implement security in Cisco Unified Communications Manager   This volume is in the Certification Self-Study Series offered by Cisco Press®. Books in this series provide officially developed self-study solutions to help networking professionals understand technology implementations and prepare for the Cisco Career Certifications examinations.   Category: Cisco Unified Communications Manager 6.0 Covers: CIPT2 Exam 642-456  

Table of Contents:
Foreword xx Introduction xxi Chapter 1 Identifying Issues in a Multisite Deployment 3 Chapter Objectives 3 Multisite Deployment Challenge Overview 3 Quality Challenges 5 Bandwidth Challenges 6 Availability Challenges 8 Dial Plan Challenges 9     Overlapping and Nonconsecutive Numbers 12     Fixed Versus Variable-Length Numbering Plans 13     Variable-Length Numbering, E.164 Addressing, and DID 15     Optimized Call Routing and PSTN Backup 15 NAT and Security Issues 17 Chapter Summary 18 References 19 Review Questions 19 Chapter 2 Identifying Multisite Deployment Solutions 23 Chapter Objectives 23 Multisite Deployment Solution Overview 24 Quality of Service 24     QoS Advantages 25 Solutions to Bandwidth Limitations 26     Low-Bandwidth Codecs and RTP-Header Compression 28     Codec Configuration in CUCM 29     Disabled Annunciator 29     Local Versus Remote Conference Bridges 30     Mixed Conference Bridge 30     Transcoders 31     Multicast MOH from the Branch Router Flash 33 Availability 37     PSTN Backup 38     MGCP Fallback 39     Fallback for IP Phones 40     Using CFUR During WAN Failure 42     Using CFUR to Reach Users on Cell Phones 42     AAR and CFNB 43 Mobility Solutions 44 Dial Plan Solutions 44     Dial Plan Components in Multisite Deployments 45 NAT and Security Solutions 46     Cisco Unified Border Element in Flow-Through Mode 46 Summary 48 References 48 Review Questions 48 Chapter 3 Implementing Multisite Connections 53 Chapter Objectives 53 Examining Multisite Connection Options 54     MGCP Gateway Characteristics 55     H.323 Gateway Characteristics 55     SIP Trunk Characteristics 56 H.323 Trunk Overview 56     H.323 Trunk Comparison 57 MGCP Gateway Implementation 59 H.323 Gateway Implementation 61     Cisco IOS H.323 Gateway Configuration 63     CUCM H.323 Gateway Configuration 64 Trunk Implementation Overview 65     Gatekeeper-Controlled ICT and H.225 Trunk Configuration 66     Implementing SIP Trunks 67     Implementing Intercluster and H.225 Trunks 69 CUCM Gatekeeper-Controlled ICT and H.225 Trunk Configuration 70 Summary 73 References 73 Review Questions 74 Chapter 4 Implementing a Dial Plan for Multisite Deployments 79 Chapter Objectives 79 Multisite Dial Plan Overview 79 Implementing Access and Site Codes 80     Implementing Site Codes for On-Net Calls 80     Digit-Manipulation Requirements When Using Access and Site Codes 80     Access and Site Code Requirements for Centralized Call-         Processing Deployments 82 Implementing PSTN Access 83     Transformation of Incoming Calls Using ISDN TON 84 Implementing Selective PSTN Breakout 86     Configure IP Phones to Use Remote Gateways for Backup PSTN Access 87     Considerations When Using Backup PSTN Gateways 88 Implementing PSTN Backup for On-Net Intersite Calls 89     Digit-Manipulation Requirements for PSTN Backup of On-Net Intersite Calls 89 Implementing Tail-End Hop-Off 91     Considerations When Using TEHO 92 Summary 92 Review Questions 93 Chapter 5 Examining Remote-Site Redundancy Options 97 Chapter Objectives 97 Remote-Site Redundancy Overview 98 Remote-Site Redundancy Technologies 99 Basic Cisco Unified SRST Usage 101     Cisco Unified SIP SRST Usage 101     CUCME in SRST Mode Usage 102     Cisco Unified SRST Operation 102     SRST Function of Switchover Signaling 103     SRST Function of the Call Flow After Switchover 104     SRST Function of Switchback 105     SRST Timing 105 MGCP Fallback Usage 107     MGCP Fallback Operation 107     MGCP Gateway Fallback During Switchover 108     MGCP Gateway Fallback During Switchback 109     MGCP Gateway Fallback Process 110 Cisco Unified SRST Versions and Feature Support 112     SRST 4.0 Platform Density 112 Dial Plan Requirements for MGCP Fallback and SRST Scenarios 113     Ensuring Connectivity for Remote Sites 114     Ensuring Connectivity from the Main Site Using Call Forward Unregistered 115     CFUR Considerations 115     Keeping Calling Privileges Active in SRST Mode 117     SRST Dial Plan Example 117 Summary 118 References 119 Review Questions 119 Chapter 6 Implementing Cisco Unified SRST and MGCP Fallback 123 Chapter Objectives 123 MGCP Fallback and SRST Configuration 124     Configuration Requirements for MGCP Fallback and Cisco Unified SRST 124 Cisco Unified SRST Configuration in CUCM 125     SRST Reference Definition 125     CUCM Device Pool 126 SRST Configuration on the Cisco IOS Gateway 126     SRST Activation Commands 127     SRST Phone Definition Commands 127     SRST Performance Commands 128     Cisco Unified SRST Configuration Example 129 MGCP-Gateway-Fallback Configuration on the Cisco IOS Gateway 130     MGCP Fallback Activation Commands 131     MGCP Fallback Configuration Example 131 Dial Plan Configuration for SRST Support in CUCM 132 SRST Dial Plan of CFUR and CSS 133 SRST Dial Plan: Max Forward UnRegistered Hops to DN 134 MGCP Fallback and SRST Dial Plan Configuration in the Cisco IOS Gateway 135 SRST Dial Plan Components for Normal Mode Analogy 135 SRST Dial Plan Dial Peer Commands 136 SRST Dial Plan Commands: Open Numbering Plans 140 SRST Dial Plan Voice Translation-Profile Commands for Digit Manipulation 142     SRST Dial Plan Voice Translation-Rule Commands for         Number Modification 143     SRST Dial Plan Profile Activation Commands for Number Modification 144 SRST Dial Plan Class of Restriction Commands 145     SRST Dial Plan Example 146 Telephony Features Supported by Cisco Unified SRST 150     Special Requirements for Voice-Mail Integration Using Analog Interfaces 151 Summary 152 References 152 Review Questions 152 Chapter 7 Implementing Cisco Unified Communications Manager Express in SRST Mode 157 Chapter Objectives 157 CUCME Overview 158     CUCME in SRST Mode 158     Standalone CUCME Versus CUCM and CUCME in SRST Mode 159 CUCME Features 161     CUCME Features and Versions 161     Other CUCME Features 162 General Configuration of CUCME 163     CUCME Basic Configuration 164     CUCME Configuration Providing Phone Loads 165     CUCME Configuration for Music On Hold 165 Configuring CUCME in SRST Mode 167 Phone-Provisioning Options 168 Advantages of CUCME SRST 169 Phone Registration Process 169 Configuring CUCME for SRST 170     CUCME for SRST Mode Configuration 172 Summary 173 References 173 Review Questions 173 Chapter 8 Implementing Bandwidth Management 177 Chapter Objectives 177 Bandwidth Management Overview 177 CUCM Codec Configuration 178     Review of CUCM Codecs 179 Local Conference Bridge Implementation 181 Transcoder Implementation 184     Implementing a Transcoder at the Main Site 185     Configuration Procedure for Implementing Transcoders 187 Multicast MOH from Branch Router Flash Implementation 191     Implementing Multicast MOH from Branch Router Flash 192     Configuration Procedure for Implementing Multicast MOH from Branch Router         Flash 194 Summary 202 References 203 Review Questions 203 Chapter 9 Implementing Call Admission Control 207 Chapter Objectives 207 Call Admission Control Overview 208 Call Admission Control in CUCM 208 Locations 209     Locations: Hub-and-Spoke Topology 210     Locations: Full-Mesh Topology 211     Configuration Procedure for Implementing Locations-Based CAC 212     Locations Configuration Example of a Hub-and-Spoke Topology 212 RSVP-Enabled Locations 215     Three Call Legs with RSVP-Enabled Locations 215     Characteristics of Phone-to-RSVP Agent Call Legs 216     Characteristics of RSVP Agent-to-RSVP Agent Call Legs 217     RSVP Basic Operation 217     RSVP-Enabled Location Configuration 220     Configuration Procedure for Implementing RSVP-Enabled Locations-Based         CAC 221     Step 1: Configure RSVP Service Parameters 221     Step 2: Configure RSVP Agents in Cisco IOS Software 225     Step 3: Add RSVP Agents to CUCM 227     Step 4: Enable RSVP Between Location Pairs 228 Automated Alternate Routing 230     Automated Alternate Routing Characteristics 231     AAR Example 231     AAR Considerations 233     AAR Configuration Procedure 234 H.323 Gatekeeper CAC 239     H.323 Gatekeeper Used for Call Routing for Address Resolution Only 240     Using an H.323 Gatekeeper for CAC 243     H.323 Gatekeeper Also Used for Call Admission Control 245     Provide PSTN Backup for Calls Rejected by CAC 247     Configuration Procedure for Implementing H.323 Gatekeeper-Controlled Trunks         with CAC 248 Summary 249 References 249 Review Questions 250 Chapter 10 Implementing Call Applications on Cisco IOS Gateways 255 Chapter Objectives 255 Call Applications Overview 256     Tcl Scripting Language 256     VoiceXML Markup Language 257     The Analogy Between HTML and VoiceXML 258     Advantages of VoiceXML 259 Cisco IOS Call Application Support 259     Tcl Versus VoiceXML Features in Cisco IOS 260     Cisco IOS Call Application Support Requirements 261     Examples of Cisco IOS Call Applications Available for     Download at Cisco.com 262     Call Application Auto-Attendant Script Example 263     Remote-Site Gateway Using an Auto-Attendant Script     During a WAN Failure 265     Auto-Attendant Tcl Script Flowchart 266 Call Application Configuration 267     Step 1: Download the Application from Cisco.com 268     Step 2: Upload and Uncompress the Script to Flash 268     Step 3a: Configure the Call Application Service Definition 269     Step 3b: Configure the Call Application Service Parameters 269     Step 4: Associate the Call Application with a Dial Peer 270     Call Application Configuration Example 270 Summary 272 References 272 Review Questions 272 Chapter 11 Implementing Device Mobility 277 Chapter Objectives 277 Issues with Devices Roaming Between Sites 277     Issues with Roaming Devices 278     Device Mobility Solves Issues of Roaming Devices 279 Device Mobility Overview 280     Dynamic Device Mobility Phone Configuration Parameters 280     Device Mobility Dynamic Configuration by Location-Dependent     Device Pools 282 Device Mobility Configuration Elements 283     The Relationship Between Device Mobility Configuration Elements 284 Device Mobility Operation 285     Device Mobility Operation Flowchart 286     Device Mobility Considerations 289     Review of Line and Device CSSs 289     Device Mobility and CSSs 290     Examples of Different Call-Routing Paths Based on Device Mobility Groups and         TEHO 290 Device Mobility Configuration 293     Steps 1 and 2: Configure Physical Locations and Device Mobility Groups 293     Step 3: Configure Device Pools 293     Step 4: Configure Device Mobility Infos 294     Step 5a: Set the Device Mobility Mode CCM Service Parameter 295     Step 5b: Set the Device Mobility Mode for Individual Phones 296 Summary 297 References 297 Review Questions 297 Chapter 12 Implementing Extension Mobility 301 Chapter Objectives 301 Issues with Users Roaming Between Sites 301     Issues with Roaming Users 302     Extension Mobility Solves Issues of Roaming Users 303 CUCM Extension Mobility Overview 303     Extension Mobility: Dynamic Phone Configuration Parameters 304     Extension Mobility with Dynamic Phone Configuration by Device Profiles 305 CUCM Extension Mobility Configuration Elements 306     The Relationship Between Extension Mobility Configuration Elements 307 CUCM Extension Mobility Operation 308     Issues in Environments with Different Phone Models 310     Extension Mobility Solution to Phone Model Differences 310     Extension Mobility and Calling Search Spaces (CSS) 311     Alternatives to Mismatching Phone Models and CSS Implementations 312 CUCM Extension Mobility Configuration 313     Step 1: Activate the Cisco Extension Mobility Feature Service 313     Step 2: Set Cisco Extension Mobility Service Parameters 314     Step 3: Add the Cisco Extension Mobility Phone Service 315     Step 4: Create Default Device Profiles 315     Step 5a: Create Device Profiles 316     Step 5b: Subscribe the Device Profile to the Extension Mobility Phone         Service 316     Step 6: Associate Users with Device Profiles 318     Step 7a: Configure Phones for Cisco Extension Mobility 318     Step 7b: Subscribe the Phone to the Extension Mobility Phone Service 320 Summary 320 References 321 Review Questions 321 Chapter 13 Implementing Cisco Unified Mobility 327 Chapter Objectives 327 Cisco Unified Mobility Overview 327     Mobile Connect and Mobile Voice Access Characteristics 328     Cisco Unified Mobility Features 329 Cisco Unified Mobility Call Flow 330     Mobile Connect Call Flow of Internal Calls Placed from a Remote Phone 330     Mobile Voice Access Call Flow 331 Cisco Unified Mobility Components 332     Cisco Unified Mobility Configuration Elements 333     Shared Line Between the Phone and the Remote Destination Profile 335     Relationship Between Cisco Unified Mobility Configuration Elements 336 Cisco Unified Mobility Configuration 338     Configuring Mobile Connect 338     Configuring Mobile Voice Access 348 Summary 355 References 355 Review Questions 355 Chapter 14 Understanding Cryptographic Fundamentals and PKI 359 Chapter Objectives 359 Cryptographic Services 359 Symmetric Versus Asymmetric Encryption 362     Algorithm Example: AES 363     Asymmetric Encryption 364     Algorithm Example: RSA 365     Two Ways to Use Asymmetric Encryption 366 Hash-Based Message Authentication Codes 366     Algorithm Example: SHA-1 367     No Integrity Provided by Pure Hashing 368     Hash-Based Message Authentication Code, or “Keyed Hash” 369 Digital Signatures 370 Public Key Infrastructure 372     Symmetric Key Distribution Protected by Asymmetric Encryption 372     Public Key Distribution in Asymmetric Cryptography 373     PKI as a Trusted Third-Party Protocol 374     PKI: Generating Key Pairs 374     PKI: Distributing the Public Key of the Trusted Introducer 374     PKI: Requesting Signed Certificates 376     PKI: Signing Certificates 376     PKI: Providing Entities with Their Certificates 377     PKI: Exchanging Public Keys Between Entities Using Their         Signed Certificates 378     PKI Entities 379     X.509v3 Certificates 380 PKI Example: SSL on the Internet 381     Internet Web Browser: Embedded Internet-CA Certificates 382     Obtaining the Authentic Public Key of the Web Server 383     Web Server Authentication 384     Exchanging Symmetric Session Keys 385     Session Encryption 386 Summary 387 References 387 Review Questions 387 Chapter 15 Understanding Native CUCM Security Features and CUCM PKI 391 Chapter Objectives 391 CUCM Security Features Overview 391     CUCM Security Feature Support 393     Cisco Unified Communications Security Considerations 394 CUCM IPsec Support 395     IPsec Scenarios in Cisco Unified Communications 395     IPsec on Network Infrastructure Devices 397 Signed Phone Loads 397 SIP Digest Authentication 398     SIP Digest Authentication Configuration Procedure 399     SIP Digest Authentication Configuration Example 399 SIP Trunk Encryption 400     SIP Trunk Encryption Configuration Procedure 401     SIP Trunk Encryption Configuration 401 CUCM PKI 402     Self-Signed Certificates 402     Manufacturing Installed Certificates 403     Locally Significant Certificates 403     Multiple PKI Roots in CUCM Deployments 404     Cisco Certificate Trust List 405     Cisco CTL Client Function 406     Initial CTL Download 408     IP Phone Verification of a New Cisco CTL 409     IP Phone Usage of the CTL 410     PKI Topology with Secure SRST 410     Trust Requirements with Secure SRST 412     Secure SRST: Certificate Import: CUCM 412     Secure SRST: Certificate Import: Secure SRST Gateway 413     Certificate Usage in Secure SRST 414 Summary 415 References 416 Review Questions 416 Chapter 16 Implementing Security in CUCM 419 Chapter Objectives 419 Enabling PKI-Based Security Features in CUCM 420     Configuration Procedure for PKI-Based CUCM Security Features 421     Enabling Services Required for Security 422     Installing the Cisco CTL Client 422     Cisco CTL Client Usage 423     Setting the Cluster Security Mode 424     Updating the CTL 425 CAPF Configuration and LSC Enrollment 425     CAPF Service Configuration Parameter 426     CAPF Phone Configuration Options 426     First-Time Installation of a Certificate with a Manually Entered Authentication         String 428     Certificate Upgrade Using an Existing MIC 429     Generating a CAPF Report to Verify LSC Enrollment 430     Finding Phones by Their LSC Status 431 Signed and Encrypted Configuration Files 431     Encrypted Configuration Files 432     Obtaining Phone Encrypted Configuration Files 433     Configuring Encrypted Configuration Files 434     Phone Security Profiles 434     Default SCCP Phone Security Profiles 435     Configuring TFTP Encrypted Configuration Files 436 Secure Signaling 436     Certificate Exchange in TLS 438     Server-to-Phone Authentication 438     Phone-to-Server Authentication 439     TLS Session Key Exchange 440     Secure Signaling Using TLS 441 Secure Media Transmission Between Cisco IP Phones 441     SRTP Protection 442     SRTP Packet Format 443     SRTP Encryption 443     SRTP Authentication 444     Secure Call Flow Summary 445     Configuring IP Phones to Use Secure Signaling and Media Exchange 446     The Actual Security Mode Depends on the Configuration of Both Phones 447 Secure Media Transmission to H.323 and MGCP Gateways 447     H.323 SRTP CUCM 448     SRTP to MGCP Gateways 450 Secure Conferencing 450     Secure Conferencing Considerations 451     Secure Conferencing Configuration Procedure 452 Summary 458 References 459 Review Questions 459 Appendix A Answers to Chapter Review Questions 465 Index 472