New and Changed Features

AES 80-Bit Authentication Support

Cisco Unified Communications Manager supports Advanced Encryption Standard (AES) with a 128-bit encryption key and a 32-bit authentication tag used as the encryption cipher. With this release, the AES 32-bit authentication tag is enhanced to an 80-bit authentication tag used as the encryption cipher on Music On Hold (MOH), Interactive Voice Response (IVR), and Annunciator. This enhancement helps customers using 80-bit authentication tag to make the Secure Real-Time Transport Protocol (SRTP) calls over a SIP line and SIP trunk.

For more information, see the Encrypted Phone Configuration File Setup chapter in the Security Guide for Cisco Unified Communications Manager.

Centralized Deployment for IM and Presence

The IM and Presence centralized deployment allows you to deploy your IM and Presence deployment and your telephony deployment in separate clusters. The central IM and Presence cluster handles IM and Presence for the enterprise, while the remote Cisco Unified Communications Manager telephony cluster handles voice and video calls for the enterprise.

The Centralized Deployment option provides the following benefits when compared to standard deployments:

  • The Centralized Deployment option does not require a 1x1 ratio of telephony clusters to IM and Presence Service clusters–you can scale your IM and Presence deployment and your telephony deployment separately, to the unique needs of each.

  • Full mesh topology is not required for the IM and Presence Service

  • Version independent from telephony–your IM and Presence central cluster can be running a different version than your Cisco Unified Communications Manager telephony clusters.

  • Can manage IM and Presence upgrades and settings from the central cluster.

  • Lower cost option, particularly for large deployments with many Cisco Unified Communications Manager clusters

  • Easy XMPP Federation with third parties.

  • Supports calendar integration with Microsoft Outlook. For configuration details, refer to the document Microsoft Outlook Calendar Integration for the IM and Presence Service.

Centralized Deployment Setup vs Standard (Decentralized) Deployments

The following table discusses some of the differences in setting up an IM and Presence Centralized Cluster Deployment as opposed to standard deployments of the IM and Presence Service.

Setup Phase

Differences with Standard Deployments

Installation Phase

The installation process for an IM and Presence central deployment is the same as for the standard deployment. However, with central deployments, the IM and Presence central cluster is installed separatelyfrom your telephony cluster, and may be located on separate hardware servers. Depending on how you plan your topology, the IM and Presence central cluster may be installed on separate physical hardware from your telephony cluster.

For the IM and Presence central cluster, you must still install Cisco Unified Communications Manager and then install the IM and Presence Service on the same servers. However, the Cisco Unified Communications Manager instance of the IM and Presence central cluster is for database and user provisioning primarily, and does not handle voice or video calls.

Configuration Phase

Compared to standard (decentralized) deployments, the following extra configurations are required to set up the IM and Presence Service Central Deployment:

  • Users must be synced into both the telephony cluster and the IM and Presence Service central cluster so that they exist in both databases.

  • In your telephony clusters, end users should not be enabled for IM and Presence.

  • In your telephony clusters, the Service Profile must include the IM and Presence Service and must point to the IM and Presence central cluster.

  • In the IM and Presence central cluster, users must be enabled for the IM and Presence Service.

  • In the IM and Presence central cluster's database publisher node, add your remote Cisco Unified Communications Manager telephony cluster peers.

The following configurations, which are used with Standard Deployments of the IM and Presence Service, but are not required with Central Deployments:

  • A Presence Gateway is not required.

  • A SIP Publish trunk is not required.

  • A Service Profile is not required on the IM and Presence central cluster—the Service Profile is configured on the telephony cluster to which the central cluster connects

The IM and Presence centralized deployment allows you to deploy your IM and Presence deployment and your telephony deployment in separate clusters. The central IM and Presence cluster handles IM and Presence for the enterprise, while the remote Cisco Unified Communications Manager telephony cluster handles voice and video calls for the enterprise.

The Centralized Deployment option provides the following benefits when compared to standard deployments:

  • The Centralized Deployment option does not require a 1x1 ratio of telephony clusters to IM and Presence Service clusters–you can scale your IM and Presence deployment and your telephony deployment separately, to the unique needs of each.

  • Full mesh topology is not required for the IM and Presence Service

  • Version independent from telephony–your IM and Presence central cluster can be running a different version than your Cisco Unified Communications Manager telephony clusters.

  • Can manage IM and Presence upgrades and settings from the central cluster.

  • Lower cost option, particularly for large deployments with many Cisco Unified Communications Manager clusters

  • Easy XMPP Federation with third parties.

  • Supports calendar integration with Microsoft Outlook. For configuration details, refer to the document Microsoft Outlook Calendar Integration for the IM and Presence Service.

Interclustering for Centralized Deployment

Interclustering is supported between two centralized clusters. Intercluster peering is tested with one cluster with 25K (with 25K OVA) and another with 15K (with 15K OVA) devices and no performance issues were observed.

User Interface Updates

To manage this feature, the Centralized Deployment window has been added to the System menu of the Cisco Unified CM IM and Presence Administration interface. Administrators can add their remote Cisco Unified Communications Manager clusters to the IM and Presence central cluster in this window.

Configuration

For information on configuring a newly installed system for the Centralized Deployment, see the supplementary Configure Centralized Deployment chapter.

For information on migrating to a Centralized Deployment cluster, see the supplementary Migrate Users to Centralized Deployment.

Cisco JTAPI Support for RHEL 7

With this release, Cisco Unified JTAPI supports Red Hat Enterprise Linux 7 for 64-bit on the Linux operating system. Previously, it supported RHEL 6.

Support for VMware

Cisco JTAPI is used on VMware ESXi version 4.0. The application uses Windows 2003 and Windows 2008 virtual machines on the VMware version to run Cisco KJTAPI

Cisco JTAPI Documentation

For more details on Cisco Unified JTAPI, see the “Features Supported by Cisco Unified JTAPI” chapter in the Cisco Unified JTAPI Developers Guide for Cisco Unified Communications Manager at https://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-callmanager/products-programming-reference-guides-list.html.

Deprecated Encryption Ciphers

To ensure that your system security keeps pace with today's standards, support for some weaker encryption ciphers has been removed. System components that use data encryption such as CAPF, SSH and TVS have been tested so that weaker ciphers can be removed from the supported list.

The following 3DES ciphers are no longer supported with your system:

  • TLS_RSA_WITH_3DES_EDE_CBC_SHA

  • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

In addition, the following ciphers are still supported by default. However, if you enable TLS version 1.2, these ciphers are also not supported:

  • TLS_RSA_WITH_AES_128_CBC_SHA

  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA

  • TLS_RSA_WITH_AES_256_CBC_SHA