McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 285

↗ View in doc context
page
285
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::284

C H A P T E R 24 Authentication and Encryption Setup for CTI, JTAPI, and TAPI This chapter provides a brief overview of how to secure the CTI, JTAPI, and TAPI applications. It also describes the tasks that you must perform in Unified Communications Manager Administration to configure authentication and encryption for CTI/TAPI/JTAPI applications. This document does not describe how to install the CiscoJTAPI or TSP plug-ins that are available in Unified Communications Manager Administration, nor does it describe how to configure the security parameters during the installation. Likewise, this document does not describe how to configure restrictions for CTI-controlled devices or lines. • Authentication for CTI, JTAPI, and TAPI Applications, on page 267 • Encryption for CTI, JTAPI, and TAPI Applications, on page 268 • CAPF Functions for CTI, JTAPI, and TAPI Applications, on page 270 • Securing CTI, JTAPI, and TAPI, on page 275 • Add Application and End Users to Security-Related Access Control Groups, on page 276 • Set Up JTAPI/TAPI Security-Related Service Parameters, on page 278 • View Certificate Operation Status for Application or End User, on page 278 Authentication for CTI, JTAPI, and TAPI Applications Unified Communications Manager allows you to secure the signaling connections and media streams between CTIManager and CTI/JTAPI/TAPI applications. We assume that you configured security settings during the CiscoJTAPI/TSP plug-in installation. We also assume that the Cluster Security Mode equals Mixed Mode, as configured in the Cisco CTL Client or through the CLI command set utils ctl. If these settings are not configured when you perform the tasks that are described in this chapter, CTIManager and the application connect via a nonsecure port, Port2748. Cisco's CTL client is no longer supported from Release 14. We recommend that you use the CLI command to switch the Unified Communications Manager server to Mixed Mode instead of the Cisco CTL Plugin. Note CTIManager and the application verify the identity of the other party through a mutually authenticated TLS handshake (certificate exchange). When a TLS connection occurs, CTIManager and the application exchange QBE messages via the TLS port, Port 2749. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 267