Borderless Collaboration #3: Cisco VPN Phone

Hello,

In this third article about Borderless Collaboration, we will discuss about the Cisco VPN Phone solution, one of the new feature of the Cisco UC Manager 8.0 release.

Cisco VPN Phone is a cost-effective solution for extending the reach of your UC environment outside the perimeter of your Firewall. It permits to establish a Secure connection from any location to your Intranet. It adds an other option for the teleworkers or small branches office communications needs and complements the existing teleworkers offering  like CVO, AnyConnect or  OfficeExtend.

Cisco VPN Phone is a fully enabled VPN connection between remote locations and HQ. It is, unlike its predecessor Phone Proxy, encapsulating all the traffic from the phone. Permitting the use of phone xml apps (like Extension Mobility)  ontop of secure signaling and VoIP.

How it helps your business ?

Cisco VPN Client for IP Phones is easy to install, to use and to manage. No more headaches when providing Unified Communications to teleworkers, remoter contact center agents, small branches, temporary deployment, sales events or disaster recovery plants.

You will be able to implement remote connectivity without extra hardware then an IP Phone !

Let’s take the example of road winter maintenance keeping role; a group of people have to wait for the GO from HQ before staring spreading salt on the road. now if those people can wait, truck loaded, at home instead of staying in a regional dispatch station…

What do you get ?

Happier employees, diverse location for quicker and more efficient actions and lower costs from keeping the employees at home !

How to implement it ?

With only a few simple configuration steps you will activate the VPN client on IP Phones (and #1 being already covered for you data VPN needs)

Step 1: Configure Anyconnect VPN access on ASA to provide network access. This can be achieve using CLI or ASDM GUI

Step 2: Upload VPN certificates to UC Manager: from OS admin page, choose Security > Certificate Management.

Step 3: Configure the VPN gatway in UC Manager: in CUCM admin page, under Advanced Features > VPN VPN Gateway.

Step 4: Create a VPN group in Advanced Features > VPN VPN Group.

Step5: Configure the (optional) VPN Profile under Advanced Features > VPN VPN Profile.

Step 6: Assign VPN group and profile into common phone profile. this is done under Device > Device Settings > Common Phone Profile

Then apply the configuration on your IP Phone

You can use your Cisco IP Phone to establish a VPN connection.

VPN client is supported on 7942G, 7945G, 7962G, 7965G, 7975G and 99xx/89xx IP Phones. Require UC Manager 8.0.1 and Phone firmware equal or above 9.0(2)SR1S.

More information can be found at:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/8_0_2/secugd/secuvpn.html

https://supportforums.cisco.com/docs/DOC-9124

Advertisements

Borderless Collaboration #1: Inter-company Media Engine [IME]

Hello,

This is the first chapter of a series of articles that will discuss the different solutions to answer the growing need of extended the reach of Collaboration outside of your Enterprise perimeter.  We will look at a set of solutions that Cisco offer or will be offering soon, including IME, SAF, UCM Session Manager, RSVP CAC, VPN phone, and so on.

In this first article, I’d like to introduce you with Cisco Intercompany Media Engine or Cisco IME.

IME provides an innovate way of connecting VoIP networks between different companies. The solutions relies on Cisco Unified Communications Manager (UCM) and Adaptive Security Appliance (ASA).

With IME, we remove the barrier of current “Islands of VoIP” interconnected by PSTN, and provide a richer and better experience with completely end-to-end over IP communications.

The goal is to permit one to make a end-to-end IP phone call over Internet in a secure, automatic and dynamic way; the number of the different company are learned automatically by the systems and subsequent call are placed over the IP Network, here a secure VPN tunnel over the Internet.
In case the IP connectivity would be lost, the call will be rolled-back to use the PSTN.  Call Admission Control (CAC) is also used to monitor the number of call permitted over the IP network and is able to re-route call to an alternate path (PSTN or other) ensuring all calls maintain a good quality.

The IME solution is based on the UCM 8.0.1 release interworking with ASA 8.3.1. The ASA provides the P2P component, allowing to connect to external companies. Between companies, both VoIP signaling (SIP trunk in TLS) and VoIP payload are encrypted (sRTP).

Cisco has develop the ViPR Access Protocol (VAP) in a client/server mode. The UCL running VAP client and ASA the VAP server. The ViPR server is effectively an automated provisioning service. It will self-learn new VoIP routes to particular phone numbers, and push those routes into UCM. The ViPR server is there to form a worldwide P2P network. (P2P protocol: RELOAD)

Enterprises willing to join the IME global network will first configure Cisco IME and Enroll DID patterns to IME Servers from CUCM using VAP.  Then the IME server will cache the DID patterns and publish those patterns onto P2P network. Once the first Call to a Number over PSTN is done, the IME Server on the Orig side performs call validation with Term side using the validation capability of P2P Protocol. Upon successful validation, Orig side IME Server securely pushes learned route to CUCM via VAP. Next call placed to that DN is a Secure Business to Business call over the IME SIP Trunk instead of PSTN

Furthermore, Cisco is helping its customers to benefit the best of this innovative solution by providing a number of bootstrap server (~SIP proxy here) in order to facilitate interconnection between companies.

Now only a discovery to one of Cisco’s bootstrap server is required to access all of the existing known VoIP network, making the ROI faster after the adoption of Cisco’ IME.

Learn more:

Product page: http://www.cisco.com/en/US/products/ps10669/index.html

and http://docwiki.cisco.com/wiki/Cisco_Intercompany_Media_Engine_–_Cisco_Unified_Communications_Manager_Not_Using_Cisco_IME_Routes

IME in action:

%d bloggers like this: