- The Urgent Need for Data Minimization Standards
- If ChatGPT produces AI-generated code for your app, who does it really belong to?
- The best iPhone power banks of 2024: Expert tested and reviewed
- The best NAS devices of 2024: Expert tested
- Four Ways to Harden Your Code Against Security Vulnerabilities and Weaknesses
CUCM Mixed Mode With Tokenless CTLs
CUCM Mixed Mode With Tokenless CTLs
move phones registered to the old cluster to instead register to the new cluster.
Download the CallManager.pem from new cluster pub and upload that cert as phone-trust to the old cluster. This will enable the old cluster TVS to have TVS-aware phones trust the new cluster.
When the phone is told (say, via change in DHCP option 150 value) to register to the new cluster, it will fail to authenticate the new cluster’s CTL file due to a different file signer.
So, the phone will then connect with its already-trusted TVS server in the old cluster. At this point, since the new cluster pub cert was added as phone-trust in the old cluster, TVS will instruct the phone to trust the cert.
Then, based on TVS’s go-ahead, the phone will now load and install the new cluster CTL file.
At this stage, the phone will trust only the entries in the new cluster CTL file – and also any certs that the new cluster’s TVS can trust.
Also, it seems like this procedure would also work with the token-based CTL client, as long as TVS is present and all the moving endpoints support TVS.
http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/118893-technote-cucm-00.html
thanks for this quick note. Just a question – after you uploaded new cluster’s callmanager.pem as a Phone-SAST-trust certificate, did you restart the TVS service? Were you required to restart the phones in the old cluster after this, or did you only need a reboot when you moved them across?