McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 294

↗ View in doc context
page
294
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::295

• Cisco JTAPI Installation Guide for Unified Communications Manager • Cisco TAPI Installation Guide for Unified Communications Manager Step 2 Verify that the following Unified Communications Manager security features are installed (if not installed, install and configure these features): • Verify if the Unified Communications Manager is in Mixed Mode by running the utlis ctl command set. • Verify if the CAPF service is installed and that the service is activated. If necessary, update CAPF service parameters. Tip The CAPF service must run for the utils ctl CLI command to include the CAPF certificate in the CTL file. If you updated these parameters when you used CAPF for the phones, you do not need to update the parameters again. • Verify if the cluster security mode is set to Mixed Mode. (Cluster security mode configures the security capability for your standalone server or cluster.) Tip The CTI/JTAPI/TAPI application cannot access the CTL file if the cluster security mode does not equal Mixed Mode. Step 3 Assign your end users and application users to access control groups that contain the permissions they need. Assign your users to all of the following groups so that they can use TLS and SRTP over CTI connections: • Standard CTI Enabled • Standard CTI Secure Connection • Standard CTI Allow Reception of SRTP Key Material Tip A CTI application can be assigned to either an application user or an end user, but not both. The user must already exist in the Standard CTI Enabled and Standard CTI Secure Connection user group. The application or end user cannot receive SRTP session keys if it does not exist in these three groups. For more information, see topics related to User access control group configurations. Note Cisco Unified Communications Manager Assistant, Cisco QRT, and Cisco Web Dialer do not support encryption. CTI clients that connect to the CTIManager service may support encryption if the client sends voice packets. Step 4 Configure CAPF Profiles for your end users and application users. For more information, see Certificate Authority Proxy Function chapter. Step 5 Enable the corresponding security-related parameters in the CTI/JTAPI/TAPI application. Add Application and End Users to Security-Related Access Control Groups The Standard CTI Secure Connection user group and the Standard CTI Allow Reception of SRTP Key Material user group display in Unified Communications Manager by default. You cannot delete these groups. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 276 Advanced System Security Add Application and End Users to Security-Related Access Control Groups