McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 176

↗ View in doc context
page
176
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::172

When you configure conference bridge resources as nonsecure, the conference remains nonsecure, regardless of the security configuration for the phone. Unified Communications Manager allocates a conference bridge from the Media Resource Group List (MRGL) for the phone that is initiating the conference. If a secure conference bridge is not available, Unified Communications Manager assigns a nonsecure conference bridge, and the conference is nonsecure. Likewise, if a nonsecure conference bridge is not available, Unified Communications Manager assigns a secure conference bridge, and the conference is nonsecure. If no conference bridge is available, the call will fail. Note For meet-me conference calls, the phone that initiates the conference must also meet the minimum security requirement that is configured for the meet-me number. If no secure conference bridge is available or if the initiator security level does not meet the minimum, Unified Communications Manager rejects the conference attempt. To secure conferences with barge, configure phones to use encrypted mode. After the Barge key is pressed and if the device is authenticated or encrypted, Unified Communications Manager establishes a secure connection between the barging party and the built-in bridge at the target device. The system provides a conference security status for all connected parties in the barge call. Nonsecure or authenticated Cisco Unified IP Phones that are running release 8.3 or later can now barge encrypted calls. Note Conference Bridge Requirements A conference bridge can register as a secure media resource when you add a hardware conference bridge to your network and configure a secure conference bridge in Unified Communications Manager Administration. Due to the performance impact to Unified Communications Manager processing, Cisco does not support secure conferencing on software conference bridge. Note A Digital Signal Processor (DSP) farm, which provides conferencing on a H.323 or MGCP gateway, acts as the network resource for IP telephony conferencing. The conference bridge registers to Unified Communications Manager as a secure SCCP client. • The conference bridge root certificate must exist in CallManager trust store, and the Cisco CallManager certificate must exist in the conference bridge trust store. • The secure conference bridge security setting must match the security setting in Unified Communications Manager to register. For more information about conferencing routers, refer to the IOS router documentation that is provided with your router. Unified Communications Manager assigns conference resources to calls on a dynamic basis. The available conference resource and the enabled codec provide the maximum number of concurrent, secure conferences allowed per router. Because transmit and receive streams are individually keyed for each participating endpoint Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 158 Basic System Security Conference Bridge Requirements