- The rise of AI PCs: How businesses are reshaping their tech to keep up
- Benchmarks Find ‘DeepSeek-V3-0324 Is More Vulnerable Than Qwen2.5-Max’ | TechRepublic
- Tripwire Patch Priority Index for March 2025
- Explorando la confluencia de la tecnología y la sostenibilidad para un futuro mejor
- 솔라윈즈, 스쿼드캐스트 기반 사고 대응 도구 출시··· AI로 IT 복원력 강화
CUCM Mixed Mode With Tokenless CTLs
CUCM Mixed Mode With Tokenless CTLs
move phones registered to the old cluster to instead register to the new cluster.
Download the CallManager.pem from new cluster pub and upload that cert as phone-trust to the old cluster. This will enable the old cluster TVS to have TVS-aware phones trust the new cluster.
When the phone is told (say, via change in DHCP option 150 value) to register to the new cluster, it will fail to authenticate the new cluster’s CTL file due to a different file signer.
So, the phone will then connect with its already-trusted TVS server in the old cluster. At this point, since the new cluster pub cert was added as phone-trust in the old cluster, TVS will instruct the phone to trust the cert.
Then, based on TVS’s go-ahead, the phone will now load and install the new cluster CTL file.
At this stage, the phone will trust only the entries in the new cluster CTL file – and also any certs that the new cluster’s TVS can trust.
Also, it seems like this procedure would also work with the token-based CTL client, as long as TVS is present and all the moving endpoints support TVS.
http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/118893-technote-cucm-00.html
thanks for this quick note. Just a question – after you uploaded new cluster’s callmanager.pem as a Phone-SAST-trust certificate, did you restart the TVS service? Were you required to restart the phones in the old cluster after this, or did you only need a reboot when you moved them across?