Re: [cisco-voip] CUCM Cluster Expansion

[Kent Roberts]

Just wait till 14 is released.  They will change something  because they can


Kent

> On Feb 13, 2020, at 18:31, Charles Goldsmith  wrote:
> 
> 
> Agreed 100% on this, unless you are on be6k stuff.  Prior to the m5 hardware, 
> it was cut and dry, if you had > 2.5ghz processors, you could use the 7500 
> user or larger with no problem.  1000 user ova was less can be on 2.0 - 
> 2.4ghz, and most of the be6k stuff came with 2.4ghz.  There are some other 
> restrictions on cpu types, but in the enterprise, I haven't seen much that 
> didn't fit, other than just speed.
> 
> Some of the be6k for the m5 hardware, I'm seeing some other cpu's in use now 
> (like 2.2ghz).  Cisco also has some additional criteria if you don't want to 
> do 2.5ghz and not 1:1 vCpu to core, but it's on an approval basis.
> 
> Read up here 
> https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/uc_system/virtualization/collaboration-virtualization-hardware.html
> 
> Basically, if your hardware supports it, go with the 7500 user, makes your 
> life easier down the road.
> 
> 
> 
>> On Thu, Feb 13, 2020 at 5:40 PM NateCCIE  wrote:
>> I always do the 7.5k cucm size.  I hate single cpu cucm, ram is usually not 
>> a problem and I’d rather have the 110GB disk because upgrades about never 
>> work on the 80gb without clearing some space.  Even 110GB has become a 
>> problem lately. 
>> 
>> Sent from my iPhone
>> 
 On Feb 13, 2020, at 3:29 PM, Ryan Huff  wrote:
 
>>> 
>>> For 11.x, but I've found this helpful: 
>>> https://www.cisco.com/web/software/283088407/126036/cucm-11.0.ova.readme.txt
>>> 
>>> Thanks,
>>> 
>>> Ryan
>>> From: Matthew Loraditch 
>>> Sent: Thursday, February 13, 2020 5:24 PM
>>> To: Ryan Huff ; cisco-voip@puck.nether.net 
>>> 
>>> Subject: RE: CUCM Cluster Expansion
>>>  
>>> Yeah, I’m just trying to understand (as I read the ovf file) what the 
>>> actual difference is between the 1000/2500 user OVA. I seem to be missing 
>>> something (or maybe not). CPU is actually 1 less starting but same 
>>> reservation, same RAM, same HDD.
>>>  
>>> 
>>> Matthew Loraditch​
>>> Sr. Network Engineer
>>> p: 443.541.1518
>>> w: www.heliontechnologies.com|  e: 
>>> mloradi...@heliontechnologies.com
>>> 
>>> 
>>> 
>>> 
>>> 
>>> From: Ryan Huff  
>>> Sent: Thursday, February 13, 2020 5:21 PM
>>> To: Matthew Loraditch ; 
>>> cisco-voip@puck.nether.net
>>> Subject: Re: CUCM Cluster Expansion
>>>  
>>> [EXTERNAL]
>>>  
>>> I wouldn't see a reason not to just up-size the two nodes you have now to 
>>> the 2.5k OVA (use 2 vCPU on each node). For the 15 pieces of flair, I'd 
>>> then add in a 3rd 2.5k OVA w/o the CCM service enabled and run TFTP.. etc 
>>> on it and give the pub a break.
>>>  
>>> -Ryan
>>>  
>>> From: cisco-voip  on behalf of Matthew 
>>> Loraditch 
>>> Sent: Thursday, February 13, 2020 5:10 PM
>>> To: cisco-voip@puck.nether.net 
>>> Subject: [cisco-voip] CUCM Cluster Expansion
>>>  
>>> One of my biggest customers is experiencing issues that appear to be 
>>> related to resource utilization. I’ve never had a customer who needed more 
>>> than a 2 node 1000 user cluster.
>>>  
>>> They are getting close to some of the capacity levels listed in the sizing 
>>> guides.
>>>  
>>> I’m looking for some opinions on what the best way to deal with this. I 
>>> have the hardware capacity for either method.
>>>  
>>> Add a Third 1000 user Subscriber and turn off call processing and tftp on 
>>> the Pub?
>>>  
>>> Rebuild both existing servers to 2500 user OVAs?
>>>  
>>> Add a third and do the rebuild also?
>>>  
>>> Can I just make the existing server be the 2500 capacity level? I actually 
>>> don’t understand the difference between the 2500 and 1000 user OVAs, the 
>>> 2500 appears to actually be lesser capacity by default (1 less cpu). So go 
>>> to 7500?
>>>  
>>> I’d appreciate any opinions out there. Going to be doing some reading over 
>>> the next few days to try and figure this out.
>>>  
>>> Thanks all!
>>>  
>>> Matthew Loraditch​
>>> Sr. Network Engineer
>>> p: 443.541.1518
>>> w: www.heliontechnologies.com
>>>  | 
>>> e: mloradi...@heliontechnologies.com
>>> 
>>> 
>>> 
>>> 
>>> 
>>>  
>>> ___
>>> cisco-voip mailing list
>>> cisco-voip@puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>> ___
>> cisco-voip mailing list
>> cisco-voip@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] CUCM Cluster Expansion

[Charles Goldsmith]

Agreed 100% on this, unless you are on be6k stuff.  Prior to the m5
hardware, it was cut and dry, if you had > 2.5ghz processors, you could use
the 7500 user or larger with no problem.  1000 user ova was less can be on
2.0 - 2.4ghz, and most of the be6k stuff came with 2.4ghz.  There are some
other restrictions on cpu types, but in the enterprise, I haven't seen much
that didn't fit, other than just speed.

Some of the be6k for the m5 hardware, I'm seeing some other cpu's in use
now (like 2.2ghz).  Cisco also has some additional criteria if you don't
want to do 2.5ghz and not 1:1 vCpu to core, but it's on an approval basis.

Read up here
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/uc_system/virtualization/collaboration-virtualization-hardware.html

Basically, if your hardware supports it, go with the 7500 user, makes your
life easier down the road.



On Thu, Feb 13, 2020 at 5:40 PM NateCCIE  wrote:

> I always do the 7.5k cucm size.  I hate single cpu cucm, ram is usually
> not a problem and I’d rather have the 110GB disk because upgrades about
> never work on the 80gb without clearing some space.  Even 110GB has become
> a problem lately.
>
> Sent from my iPhone
>
> On Feb 13, 2020, at 3:29 PM, Ryan Huff  wrote:
>
> 
> For 11.x, but I've found this helpful:
> https://www.cisco.com/web/software/283088407/126036/cucm-11.0.ova.readme.txt
>
> Thanks,
>
> Ryan
> --
> *From:* Matthew Loraditch 
> *Sent:* Thursday, February 13, 2020 5:24 PM
> *To:* Ryan Huff ; cisco-voip@puck.nether.net <
> cisco-voip@puck.nether.net>
> *Subject:* RE: CUCM Cluster Expansion
>
>
> Yeah, I’m just trying to understand (as I read the ovf file) what the
> actual difference is between the 1000/2500 user OVA. I seem to be missing
> something (or maybe not). CPU is actually 1 less starting but same
> reservation, same RAM, same HDD.
>
>
>
> Matthew Loraditch​
> Sr. Network Engineer
> p: *443.541.1518* <443.541.1518>
> w: *www.heliontechnologies.com*
> 
>  |  e: *mloradi...@heliontechnologies.com*
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> *From:* Ryan Huff 
> *Sent:* Thursday, February 13, 2020 5:21 PM
> *To:* Matthew Loraditch ;
> cisco-voip@puck.nether.net
> *Subject:* Re: CUCM Cluster Expansion
>
>
>
> [EXTERNAL]
>
>
>
> I wouldn't see a reason not to just up-size the two nodes you have now to
> the 2.5k OVA (use 2 vCPU on each node). For the *15 pieces of flair*, I'd
> then add in a 3rd 2.5k OVA w/o the CCM service enabled and run TFTP.. etc
> on it and give the pub a break.
>
>
>
> -Ryan
>
>
> --
>
> *From:* cisco-voip  on behalf of
> Matthew Loraditch 
> *Sent:* Thursday, February 13, 2020 5:10 PM
> *To:* cisco-voip@puck.nether.net 
> *Subject:* [cisco-voip] CUCM Cluster Expansion
>
>
>
> One of my biggest customers is experiencing issues that appear to be
> related to resource utilization. I’ve never had a customer who needed more
> than a 2 node 1000 user cluster.
>
>
>
> They are getting close to some of the capacity levels listed in the sizing
> guides.
>
>
>
> I’m looking for some opinions on what the best way to deal with this. I
> have the hardware capacity for either method.
>
>
>
> Add a Third 1000 user Subscriber and turn off call processing and tftp on
> the Pub?
>
>
>
> Rebuild both existing servers to 2500 user OVAs?
>
>
>
> Add a third and do the rebuild also?
>
>
>
> Can I just make the existing server be the 2500 capacity level? I actually
> don’t understand the difference between the 2500 and 1000 user OVAs, the
> 2500 appears to actually be lesser capacity by default (1 less cpu). So go
> to 7500?
>
>
>
> I’d appreciate any opinions out there. Going to 

Re: [cisco-voip] CUCM Cluster Expansion

[Schlotterer, Tommy]

1000 user OVA is for “restricted” CPUs AKA CPUs under 2.5Ghz.

The 2500 user OVA is for “full performance” CPUs 2.5Ghz or higher

Thanks

Tommy

Tommy Schlotterer|  Engineer

Presidio
 |  presidio.com

20 N Saint Clair 3rd Floor, Toledo, OH 43604
D: 419.214.1415|  C: 
419.706.0259|  
tschlotte...@presidio.com



[https://www2.presidio.com/signatures/Presidio_Blue_FutureBuilt_200px.png]




From: cisco-voip  On Behalf Of Matthew 
Loraditch
Sent: Thursday, February 13, 2020 5:25 PM
To: Ryan Huff ; cisco-voip@puck.nether.net
Subject: Re: [cisco-voip] CUCM Cluster Expansion

EXTERNAL EMAIL




Yeah, I’m just trying to understand (as I read the ovf file) what the actual 
difference is between the 1000/2500 user OVA. I seem to be missing something 
(or maybe not). CPU is actually 1 less starting but same reservation, same RAM, 
same HDD.



Matthew Loraditch​

Sr. Network Engineer


p: 443.541.1518



w: www.heliontechnologies.com

 |

e: mloradi...@heliontechnologies.com


[Helion Technologies]


[Facebook]


[Twitter]


[LinkedIn]






[cid:image005.jpg@01D5E2AC.2EEA3190]



From: Ryan Huff mailto:ryanh...@outlook.com>>
Sent: Thursday, February 13, 2020 5:21 PM
To: Matthew Loraditch 
mailto:mloradi...@heliontechnologies.com>>; 
cisco-voip@puck.nether.net
Subject: Re: CUCM Cluster Expansion

[EXTERNAL]

I wouldn't see a reason not to just up-size the two nodes you have now to the 
2.5k OVA (use 2 vCPU on each node). For the 15 pieces of flair, I'd then add in 
a 3rd 2.5k OVA w/o the CCM service enabled and run TFTP.. etc on it and give 
the pub a break.

-Ryan


From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Matthew Loraditch 
mailto:mloradi...@heliontechnologies.com>>
Sent: Thursday, February 13, 2020 5:10 PM
To: cisco-voip@puck.nether.net 
mailto:cisco-voip@puck.nether.net>>
Subject: [cisco-voip] CUCM Cluster Expansion


One of my biggest customers is experiencing issues that appear to be related to 
resource utilization. I’ve never had a customer who needed more than a 2 node 
1000 user cluster.



They are getting close to some of the capacity levels listed in the sizing 
guides.



I’m looking for some opinions on what the best way to deal with this. I have 
the hardware capacity for either method.



Add a Third 1000 user Subscriber and turn off call processing and tftp on the 
Pub?



Rebuild both existing servers to 2500 user OVAs?



Add a third and do the rebuild also?



Can I just make the existing server be the 2500 capacity level? I actually 
don’t understand the difference between the 2500 and 1000 user OVAs, the 2500 
appears to actually be lesser capacity by default (1 less cpu). So go to 7500?



I’d appreciate any opinions out there. Going to be doing some reading over the 
next few days to try and figure this out.



Thanks all!


Matthew Loraditch​

Sr. Network Engineer


p: 443.541.1518



w: 
www.heliontechnologies.com

 |

e: mloradi...@heliontechnologies.com


[Helion 
Technologies]


[Facebook]


[Twitter]


[LinkedIn]






[cid:image005.jpg@01D5E2AC.2EEA3190]






This message w/attachments (message) is intended solely for the use of the 
intended recipient(s) and may 

Re: [cisco-voip] CUCM Cluster Expansion

[NateCCIE]

I always do the 7.5k cucm size.  I hate single cpu cucm, ram is usually not a 
problem and I’d rather have the 110GB disk because upgrades about never work on 
the 80gb without clearing some space.  Even 110GB has become a problem lately. 

Sent from my iPhone

> On Feb 13, 2020, at 3:29 PM, Ryan Huff  wrote:
> 
> 
> For 11.x, but I've found this helpful: 
> https://www.cisco.com/web/software/283088407/126036/cucm-11.0.ova.readme.txt
> 
> Thanks,
> 
> Ryan
> From: Matthew Loraditch 
> Sent: Thursday, February 13, 2020 5:24 PM
> To: Ryan Huff ; cisco-voip@puck.nether.net 
> 
> Subject: RE: CUCM Cluster Expansion
>  
> Yeah, I’m just trying to understand (as I read the ovf file) what the actual 
> difference is between the 1000/2500 user OVA. I seem to be missing something 
> (or maybe not). CPU is actually 1 less starting but same reservation, same 
> RAM, same HDD.
>  
>   
> Matthew Loraditch​
> Sr. Network Engineer
> p: 443.541.1518
> w: www.heliontechnologies.com  |  e: mloradi...@heliontechnologies.com
> 
> 
> 
> 
> 
> From: Ryan Huff  
> Sent: Thursday, February 13, 2020 5:21 PM
> To: Matthew Loraditch ; 
> cisco-voip@puck.nether.net
> Subject: Re: CUCM Cluster Expansion
>  
> [EXTERNAL]
>  
> I wouldn't see a reason not to just up-size the two nodes you have now to the 
> 2.5k OVA (use 2 vCPU on each node). For the 15 pieces of flair, I'd then add 
> in a 3rd 2.5k OVA w/o the CCM service enabled and run TFTP.. etc on it and 
> give the pub a break.
>  
> -Ryan
>  
> From: cisco-voip  on behalf of Matthew 
> Loraditch 
> Sent: Thursday, February 13, 2020 5:10 PM
> To: cisco-voip@puck.nether.net 
> Subject: [cisco-voip] CUCM Cluster Expansion
>  
> One of my biggest customers is experiencing issues that appear to be related 
> to resource utilization. I’ve never had a customer who needed more than a 2 
> node 1000 user cluster.
>  
> They are getting close to some of the capacity levels listed in the sizing 
> guides.
>  
> I’m looking for some opinions on what the best way to deal with this. I have 
> the hardware capacity for either method.
>  
> Add a Third 1000 user Subscriber and turn off call processing and tftp on the 
> Pub?
>  
> Rebuild both existing servers to 2500 user OVAs?
>  
> Add a third and do the rebuild also?
>  
> Can I just make the existing server be the 2500 capacity level? I actually 
> don’t understand the difference between the 2500 and 1000 user OVAs, the 2500 
> appears to actually be lesser capacity by default (1 less cpu). So go to 7500?
>  
> I’d appreciate any opinions out there. Going to be doing some reading over 
> the next few days to try and figure this out.
>  
> Thanks all!
>  
> Matthew Loraditch​
> Sr. Network Engineer
> p: 443.541.1518
> w: www.heliontechnologies.com
>  | 
> e: mloradi...@heliontechnologies.com
> 
> 
> 
> 
> 
>  
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

[cisco-voip] Webex calling / flex sku’s

[Lelio Fulgenzi]

I’m trying to do a last minute pitch for a full fledged lab environment for 
webex cloud : mc/ec/tc/sc, Teams, webex calling w/pstn, vm (, and call center). 

I know it’s not always as simple as top level sku’s but I’m wondering if anyone 
can shed some light. 

I’m gonna use A-SPK-EDU to start, it’s still the right one in our case I 
believe. I want to make sure I’m not getting Spark Call, but the broadsoft 
webex calling. 

Any pointers?

Sent from my iPhone
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] CUCM Cluster Expansion

[Ryan Huff]

For 11.x, but I've found this helpful: 
https://www.cisco.com/web/software/283088407/126036/cucm-11.0.ova.readme.txt

Thanks,

Ryan

From: Matthew Loraditch 
Sent: Thursday, February 13, 2020 5:24 PM
To: Ryan Huff ; cisco-voip@puck.nether.net 

Subject: RE: CUCM Cluster Expansion


Yeah, I’m just trying to understand (as I read the ovf file) what the actual 
difference is between the 1000/2500 user OVA. I seem to be missing something 
(or maybe not). CPU is actually 1 less starting but same reservation, same RAM, 
same HDD.




Matthew Loraditch​
Sr. Network Engineer
p: 443.541.1518
w: 
www.heliontechnologies.com
 |  e: 
mloradi...@heliontechnologies.com
[Helion 
Technologies]
[Facebook]
[Twitter]
[LinkedIn]
[cid:image566398.jpg@28ECD857.07B60024]

From: Ryan Huff 
Sent: Thursday, February 13, 2020 5:21 PM
To: Matthew Loraditch ; 
cisco-voip@puck.nether.net
Subject: Re: CUCM Cluster Expansion



[EXTERNAL]



I wouldn't see a reason not to just up-size the two nodes you have now to the 
2.5k OVA (use 2 vCPU on each node). For the 15 pieces of flair, I'd then add in 
a 3rd 2.5k OVA w/o the CCM service enabled and run TFTP.. etc on it and give 
the pub a break.



-Ryan





From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Matthew Loraditch 
mailto:mloradi...@heliontechnologies.com>>
Sent: Thursday, February 13, 2020 5:10 PM
To: cisco-voip@puck.nether.net 
mailto:cisco-voip@puck.nether.net>>
Subject: [cisco-voip] CUCM Cluster Expansion



One of my biggest customers is experiencing issues that appear to be related to 
resource utilization. I’ve never had a customer who needed more than a 2 node 
1000 user cluster.



They are getting close to some of the capacity levels listed in the sizing 
guides.



I’m looking for some opinions on what the best way to deal with this. I have 
the hardware capacity for either method.



Add a Third 1000 user Subscriber and turn off call processing and tftp on the 
Pub?



Rebuild both existing servers to 2500 user OVAs?



Add a third and do the rebuild also?



Can I just make the existing server be the 2500 capacity level? I actually 
don’t understand the difference between the 2500 and 1000 user OVAs, the 2500 
appears to actually be lesser capacity by default (1 less cpu). So go to 7500?



I’d appreciate any opinions out there. Going to be doing some reading over the 
next few days to try and figure this out.



Thanks all!



Matthew Loraditch​

Sr. Network Engineer

p: 443.541.1518

w: 
www.heliontechnologies.com

 |

e: mloradi...@heliontechnologies.com

[Helion 
Technologies]

[Facebook]

Re: [cisco-voip] CUCM Cluster Expansion

[Matthew Loraditch]

Yeah, I’m just trying to understand (as I read the ovf file) what the actual 
difference is between the 1000/2500 user OVA. I seem to be missing something 
(or maybe not). CPU is actually 1 less starting but same reservation, same RAM, 
same HDD.


Matthew Loraditch
Sr. Network Engineer
p: 443.541.1518
w: www.heliontechnologies.com | e: mloradi...@heliontechnologies.com
From: Ryan Huff 
Sent: Thursday, February 13, 2020 5:21 PM
To: Matthew Loraditch ; 
cisco-voip@puck.nether.net
Subject: Re: CUCM Cluster Expansion

[EXTERNAL]

I wouldn't see a reason not to just up-size the two nodes you have now to the 
2.5k OVA (use 2 vCPU on each node). For the 15 pieces of flair, I'd then add in 
a 3rd 2.5k OVA w/o the CCM service enabled and run TFTP.. etc on it and give 
the pub a break.

-Ryan


From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Matthew Loraditch 
mailto:mloradi...@heliontechnologies.com>>
Sent: Thursday, February 13, 2020 5:10 PM
To: cisco-voip@puck.nether.net 
mailto:cisco-voip@puck.nether.net>>
Subject: [cisco-voip] CUCM Cluster Expansion


One of my biggest customers is experiencing issues that appear to be related to 
resource utilization. I’ve never had a customer who needed more than a 2 node 
1000 user cluster.



They are getting close to some of the capacity levels listed in the sizing 
guides.



I’m looking for some opinions on what the best way to deal with this. I have 
the hardware capacity for either method.



Add a Third 1000 user Subscriber and turn off call processing and tftp on the 
Pub?



Rebuild both existing servers to 2500 user OVAs?



Add a third and do the rebuild also?



Can I just make the existing server be the 2500 capacity level? I actually 
don’t understand the difference between the 2500 and 1000 user OVAs, the 2500 
appears to actually be lesser capacity by default (1 less cpu). So go to 7500?



I’d appreciate any opinions out there. Going to be doing some reading over the 
next few days to try and figure this out.



Thanks all!

Matthew Loraditch​
Sr. Network Engineer
p: 443.541.1518
w: 
www.heliontechnologies.com
 |
e: mloradi...@heliontechnologies.com
[Helion 
Technologies]
[Facebook]
[Twitter]
[LinkedIn]
[cid:image005.jpg@01D5E292.7B702F70]

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] CUCM Cluster Expansion

[Ryan Huff]

I wouldn't see a reason not to just up-size the two nodes you have now to the 
2.5k OVA (use 2 vCPU on each node). For the 15 pieces of flair, I'd then add in 
a 3rd 2.5k OVA w/o the CCM service enabled and run TFTP.. etc on it and give 
the pub a break.

-Ryan


From: cisco-voip  on behalf of Matthew 
Loraditch 
Sent: Thursday, February 13, 2020 5:10 PM
To: cisco-voip@puck.nether.net 
Subject: [cisco-voip] CUCM Cluster Expansion


One of my biggest customers is experiencing issues that appear to be related to 
resource utilization. I’ve never had a customer who needed more than a 2 node 
1000 user cluster.



They are getting close to some of the capacity levels listed in the sizing 
guides.



I’m looking for some opinions on what the best way to deal with this. I have 
the hardware capacity for either method.



Add a Third 1000 user Subscriber and turn off call processing and tftp on the 
Pub?



Rebuild both existing servers to 2500 user OVAs?



Add a third and do the rebuild also?



Can I just make the existing server be the 2500 capacity level? I actually 
don’t understand the difference between the 2500 and 1000 user OVAs, the 2500 
appears to actually be lesser capacity by default (1 less cpu). So go to 7500?



I’d appreciate any opinions out there. Going to be doing some reading over the 
next few days to try and figure this out.



Thanks all!


Matthew Loraditch​
Sr. Network Engineer
p: 443.541.1518
w: 
www.heliontechnologies.com
   |  e: 
mloradi...@heliontechnologies.com
[Helion 
Technologies]
[Facebook]
[Twitter]
[LinkedIn]
[cid:image97.jpg@4984E7DE.6A13F86D]
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

[cisco-voip] CUCM Cluster Expansion

[Matthew Loraditch]

One of my biggest customers is experiencing issues that appear to be related to 
resource utilization. I've never had a customer who needed more than a 2 node 
1000 user cluster.

They are getting close to some of the capacity levels listed in the sizing 
guides.

I'm looking for some opinions on what the best way to deal with this. I have 
the hardware capacity for either method.

Add a Third 1000 user Subscriber and turn off call processing and tftp on the 
Pub?

Rebuild both existing servers to 2500 user OVAs?

Add a third and do the rebuild also?

Can I just make the existing server be the 2500 capacity level? I actually 
don't understand the difference between the 2500 and 1000 user OVAs, the 2500 
appears to actually be lesser capacity by default (1 less cpu). So go to 7500?

I'd appreciate any opinions out there. Going to be doing some reading over the 
next few days to try and figure this out.

Thanks all!

Matthew Loraditch
Sr. Network Engineer
p: 443.541.1518
w: www.heliontechnologies.com | e: mloradi...@heliontechnologies.com
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory

[Anthony Holloway]

That's interesting to know.  How did you learn that?

On Thu, Feb 13, 2020 at 12:30 PM Brian Meade  wrote:

> CUCM doesn't check the names, just that the chain is trusted.
>
> On Sun, Feb 9, 2020 at 5:23 PM Matthew Loraditch <
> mloradi...@heliontechnologies.com> wrote:
>
>> Interesting. Our root cert is and has been loaded, but I’m still using
>> just the IPs so normally that would make the handshake fail.
>>
>> Get Outlook for iOS 
>>
>> Matthew Loraditch​
>> Sr. Network Engineer
>> p: *443.541.1518* <443.541.1518>
>> w: *www.heliontechnologies.com*   |
>> e: *mloradi...@heliontechnologies.com*
>> 
>> [image: Helion Technologies] 
>> [image: Facebook] 
>> [image: Twitter] 
>> [image: LinkedIn] 
>> --
>> *From:* Lelio Fulgenzi 
>> *Sent:* Sunday, February 9, 2020 5:15:40 PM
>> *To:* Matthew Loraditch 
>> *Cc:* James Buchanan ; voyp list, cisco-voip (
>> cisco-voip@puck.nether.net) 
>> *Subject:* Re: [cisco-voip] Field Notice from Cisco making Secure LDAP
>> mandatory
>>
>>
>> [EXTERNAL]
>>
>>
>> I couldn’t get secure ldap to work without loading the certificates from
>> the AD servers. I also had more luck using the global catalog ports.
>>
>> Sent from my iPhone
>>
>> On Feb 9, 2020, at 5:05 PM, Matthew Loraditch <
>> mloradi...@heliontechnologies.com> wrote:
>>
>> I was wondering if they were going to post anything as it’s very unclear
>> if ldap over tls was the fix.
>>
>> Apparently (and amen) it is. Did it on our office system last week to see
>> if it would work without any certificate needs. It just worked and during a
>> save it will instantly tell you if it worked or not.
>>
>> Outside of the most regimented environments you should be able to just
>> make the change. If it fails talk to your AD team as they would likely have
>> something blocked or disabled.
>>
>> Get Outlook for iOS 
>>
>> Matthew Loraditch​
>> Sr. Network Engineer
>> p: *443.541.1518* <443.541.1518>
>> w: *www.heliontechnologies.com*   |
>> e: *mloradi...@heliontechnologies.com*
>> 
>>  
>>  
>>  
>>  
>> 
>> --
>> *From:* cisco-voip  on behalf of
>> James Buchanan 
>> *Sent:* Sunday, February 9, 2020 4:57:40 PM
>> *To:* voyp list, cisco-voip (cisco-voip@puck.nether.net) <
>> cisco-voip@puck.nether.net>
>> *Subject:* [cisco-voip] Field Notice from Cisco making Secure LDAP
>> mandatory
>>
>>
>> [EXTERNAL]
>>
>> Hello folks,
>>
>> I know you all needed some more work. I sure did! So here you are!
>>
>>
>> https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/trouble/12_5_1/fieldNotice/cucm_b_fn-secure-ldap-mandatory-ad.html
>>
>>
>> I'm interested in any early thoughts on other integrations--vCenter, ISE,
>> VPN, TACACS, etc. I assume it applies across the board.
>>
>> Thanks,
>>
>> James
>>
>>
>> ___
>> cisco-voip mailing list
>> cisco-voip@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>> ___
>> cisco-voip mailing list
>> cisco-voip@puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

[cisco-voip] Cisco DevNet Create 2020

[Pete Brown]

Anyone going to DevNet Create in March?
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] [EXT] Re: Field Notice from Cisco making Secure LDAP mandatory

[Daniel Pagan]

Just a heads up – I spoke w/ TAC who then spoke with the authors of the 
bulletin. They agreed to update the article to better reflect the new timeline 
posted by Microsoft and add clarification that LDAP functionality will not in 
fact break in March due to the patch expected in that month. The update will 
contain something along the lins of:

“This [Microsoft] security update is not expected to become mandatory until 
fall 2020. However, it's recommended that you update your Cisco Collaboration 
deployment to use Secure LDAP as soon as possible. This will both secure your 
LDAP connection and will also ensure that services remain up and running when 
the security update becomes mandatory.”

- Daniel Pagan

From: cisco-voip  On Behalf Of Daniel Pagan
Sent: Tuesday, February 11, 2020 2:36 PM
To: Lelio Fulgenzi ; Matthew Loraditch 

Cc: voyp list, cisco-voip (cisco-voip@puck.nether.net) 

Subject: Re: [cisco-voip] [EXT] Re: Field Notice from Cisco making Secure LDAP 
mandatory

Whoops – sent the email a bit prematurely…

Here’s a link to that VMware article with a recent update mentioning that 
defaults will not be changing in March.

https://blogs.vmware.com/vsphere/2020/01/microsoft-ldap-vsphere-channel-binding-signing-adv190023.html

It seems the Cisco article is a bit behind and needs to be updated. Hopefully 
this buys everyone some time, especially for those supporting a number of 
environments.

- Daniel Pagan


From: Daniel Pagan
Sent: Tuesday, February 11, 2020 2:33 PM
To: Lelio Fulgenzi mailto:le...@uoguelph.ca>>; Matthew 
Loraditch 
mailto:mloradi...@heliontechnologies.com>>
Cc: voyp list, cisco-voip 
(cisco-voip@puck.nether.net) 
mailto:cisco-voip@puck.nether.net>>
Subject: RE: [EXT] Re: [cisco-voip] Field Notice from Cisco making Secure LDAP 
mandatory

It does not appear Microsoft will be enforcing LDAP over TLS with this upcoming 
patch. While the original plan was indeed to tighten this up, it seems this 
requirement is being delayed until after Q2 of the year.

The advisory was updated February 4th and shows:
Windows Updates in March 2020 add new audit events, additional logging, and a 
remapping of Group Policy values that will enable hardening LDAP Channel 
Binding and LDAP Signing. The March 2020 updates do not make changes to LDAP 
signing or channel binding policies or their registry equivalent on new or 
existing domain controllers.
A further future monthly update, anticipated for release the second half of 
calendar year 2020, will enable LDAP signing and channel binding on domain 
controllers configured with default values for those settings.
I found that VMware updated their advisory to reflect this recent change to 
Microsoft’s timeline two days later:
“Update (2/6/2020): On February 4, 2020 Microsoft changed their guidance for 
the March 2020 Windows Updates to indicate that the defaults will NOT be 
changing in that update.”




From: cisco-voip 
mailto:cisco-voip-boun...@puck.nether.net>> 
On Behalf Of Lelio Fulgenzi
Sent: Sunday, February 9, 2020 6:05 PM
To: Matthew Loraditch 
mailto:mloradi...@heliontechnologies.com>>
Cc: voyp list, cisco-voip 
(cisco-voip@puck.nether.net) 
mailto:cisco-voip@puck.nether.net>>
Subject: [EXT] Re: [cisco-voip] Field Notice from Cisco making Secure LDAP 
mandatory

I believe we had to load two certs.

And, after loading certs, restart tomcat.


Sent from my iPhone

On Feb 9, 2020, at 5:23 PM, Matthew Loraditch 
mailto:mloradi...@heliontechnologies.com>> 
wrote:
Interesting. Our root cert is and has been loaded, but I’m still using just the 
IPs so normally that would make the handshake fail.

Get Outlook for iOS

Matthew Loraditch​
Sr. Network Engineer
p: 443.541.1518
w: www.heliontechnologies.com
 |
e: mloradi...@heliontechnologies.com






From: Lelio Fulgenzi mailto:le...@uoguelph.ca>>
Sent: Sunday, February 9, 2020 5:15:40 PM
To: Matthew Loraditch 
mailto:mloradi...@heliontechnologies.com>>
Cc: James Buchanan 
mailto:james.buchan...@gmail.com>>; voyp list, 
cisco-voip (cisco-voip@puck.nether.net) 
mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory

[EXTERNAL]


I couldn’t get secure ldap to work without loading the certificates from the AD 
servers. I also had more luck using the global catalog ports.
Sent from my iPhone

On Feb 9, 2020, at 5:05 PM, Matthew Loraditch 
mailto:mloradi...@heliontechnologies.com>> 
wrote:
I was wondering if they were going to post anything as it’s very unclear if 
ldap over tls was the fix.

Apparently (and amen) it is. Did it on our office system last week to 

Re: [cisco-voip] Field Notice from Cisco making Secure LDAP mandatory

[Brian Meade]

CUCM doesn't check the names, just that the chain is trusted.

On Sun, Feb 9, 2020 at 5:23 PM Matthew Loraditch <
mloradi...@heliontechnologies.com> wrote:

> Interesting. Our root cert is and has been loaded, but I’m still using
> just the IPs so normally that would make the handshake fail.
>
> Get Outlook for iOS 
>
> Matthew Loraditch​
> Sr. Network Engineer
> p: *443.541.1518* <443.541.1518>
> w: *www.heliontechnologies.com*   |
> e: *mloradi...@heliontechnologies.com* 
> [image: Helion Technologies] 
> [image: Facebook] 
> [image: Twitter] 
> [image: LinkedIn] 
> --
> *From:* Lelio Fulgenzi 
> *Sent:* Sunday, February 9, 2020 5:15:40 PM
> *To:* Matthew Loraditch 
> *Cc:* James Buchanan ; voyp list, cisco-voip (
> cisco-voip@puck.nether.net) 
> *Subject:* Re: [cisco-voip] Field Notice from Cisco making Secure LDAP
> mandatory
>
>
> [EXTERNAL]
>
>
> I couldn’t get secure ldap to work without loading the certificates from
> the AD servers. I also had more luck using the global catalog ports.
>
> Sent from my iPhone
>
> On Feb 9, 2020, at 5:05 PM, Matthew Loraditch <
> mloradi...@heliontechnologies.com> wrote:
>
> I was wondering if they were going to post anything as it’s very unclear
> if ldap over tls was the fix.
>
> Apparently (and amen) it is. Did it on our office system last week to see
> if it would work without any certificate needs. It just worked and during a
> save it will instantly tell you if it worked or not.
>
> Outside of the most regimented environments you should be able to just
> make the change. If it fails talk to your AD team as they would likely have
> something blocked or disabled.
>
> Get Outlook for iOS 
>
> Matthew Loraditch​
> Sr. Network Engineer
> p: *443.541.1518* <443.541.1518>
> w: *www.heliontechnologies.com*   |
> e: *mloradi...@heliontechnologies.com* 
>  
>  
>  
>  
> 
> --
> *From:* cisco-voip  on behalf of
> James Buchanan 
> *Sent:* Sunday, February 9, 2020 4:57:40 PM
> *To:* voyp list, cisco-voip (cisco-voip@puck.nether.net) <
> cisco-voip@puck.nether.net>
> *Subject:* [cisco-voip] Field Notice from Cisco making Secure LDAP
> mandatory
>
>
> [EXTERNAL]
>
> Hello folks,
>
> I know you all needed some more work. I sure did! So here you are!
>
>
> https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/trouble/12_5_1/fieldNotice/cucm_b_fn-secure-ldap-mandatory-ad.html
>
>
> I'm interested in any early thoughts on other integrations--vCenter, ISE,
> VPN, TACACS, etc. I assume it applies across the board.
>
> Thanks,
>
> James
>
>
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip