Re: [cisco-voip] CUCM SU release cycle

[Lelio Fulgenzi]

I guess I’m speaking about something like an v11.0 to v12.5 upgrade.

V11.0 only supports: 5.0 U1, 5.1, 5.5, and 6.0
V12.5 only supports: 6.5, 6.7

V11.0 is not that old, and, yes, while they should be on 11.5, they’re not.

An upgrade to 12.5 will be a challenge. Hopefully “bridge” upgrades are 
supported.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca

www.uoguelph.ca/ccs | @UofGCCS on Instagram, 
Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: Chester Rieman 
Sent: Wednesday, August 21, 2019 12:18 PM
To: Lelio Fulgenzi 
Cc: cisco-voip (cisco-voip@puck.nether.net) ; 
Charles Goldsmith 
Subject: Re: [cisco-voip] CUCM SU release cycle

Hi Lelio,
 Checked that here:
Compatibility:
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/uc_system/virtualization/virtualization-cisco-unified-communications-manager.html

[cid:image002.png@01D5582B.D75EF420]

I Believe a large part of it was to implement workaround for specter/meltdown

Banner message when upgrading:

Warning: The following phone models are deprecated and no longer supported:

12 S, 12 SP, 12 SP+
30 SP+, 30 VIP
7902, 7905, 7910 (including 7910 SW)
7912, 7920, 7921
7935, 7970, 7971

After you upgrade and switch over, these unsupported phone models can no longer 
register with Cisco Unified Communications Manager. Please power down and 
remove these phones so they do not continue registration attempts. Keeping 
these phones on your network creates unnecessary network traffic and load on 
the UCM service.

This is a Refresh Upgrade. Refresh Upgrades require an extended service outage 
and multiple reboots. Please refer to the Software Upgrades section of the 
Cisco Unified Communication Operating System Administration Guide for more 
information.

If there exists any weak ciphers (like 1DES,null_encryption, blowfish448, 
rijndael, md5 ) in IPSEC policies then they will be converted, 1DES as 
encryption cipher will be converted to AES128 ,
MD5 as hash will be converted to SHA256 and null_encryption,blowfish448, 
rijndael  as ESP to AES128.

In order to use Certificate-based authentication with IPsec both sides of the 
connection must use certificates signed by the same root CA in the trust chain. 
Self-signed IPsec certificates are
no longer supported and IPSec connections using self-signed certificates will 
fail.

https://www.cisco.com/web/software/286319236/146815/cucm-readme-1251su1-Rev2.pdf

Enjoy…..



On Aug 21, 2019, at 12:04 PM, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

Let’s just hope there’s not a compatibility mismatch with respect to the CUCM 
version you’re running and the target ESXi version.

A lot of us (have to) wait for a few versions to pass before committing to CUCM 
upgrades. Sounds like step/bridge upgrades are in our future once again. 😊

Let’s hope the move to CentOS wasn’t _just_ an accounting decision. Maybe with 
direct access to modify the kernel and underlying libraries, we can see a bit 
more of a long term solution without having to update too frequently.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca

www.uoguelph.ca/ccs | @UofGCCS on Instagram, 
Twitter and Facebook



From: Chester Rieman mailto:crie...@gmail.com>>
Sent: Wednesday, August 21, 2019 11:45 AM
To: cisco-voip (cisco-voip@puck.nether.net) 
mailto:cisco-voip@puck.nether.net>>
Cc: Charles Goldsmith mailto:w...@woka.us>>; Lelio Fulgenzi 
mailto:le...@uoguelph.ca>>
Subject: Re: [cisco-voip] CUCM SU release cycle

Just to Chime in here….

From what I have seen upgrading in the lab upgrading to 12.5.1.11900-x 
(12.5(1)SU1) from almost anything (even from 12.5.1.1-22) should be 
considered a major upgrade,
Similar to 8.6 where CUCM went to SELINUX with a new OS install.(especially 
true when coming from 11.x since that OS is still redhat)

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKUCC-2011.pdf

VMware shows CentOS7 is supported on ESXi 6.0.0 but Cisco says you need 6.5/6.7 
(which is true)

11.x is RHEL6, 12.0 is CentOS6, 12.5 is CentOS7 and may involve an ESXi upgrade 
prior to upgrading.

Bottom line, upgrade ESXi to 6.5/6.7 prior to attempting UCOS upgrade to 
12.5(1)SU1 and you cannot do a fresh install of 12.5SU1 but you can upgrade 
from  base 12.5.1:



-Chester




On Aug 15, 2019, at 1:57 PM, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

I’m hoping that Webex calling will come 

Re: [cisco-voip] CUCM SU release cycle

[Chester Rieman]

Hi Lelio,
 Checked that here:
Compatibility:
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/uc_system/virtualization/virtualization-cisco-unified-communications-manager.html
 




I Believe a large part of it was to implement workaround for specter/meltdown

Banner message when upgrading:

Warning: The following phone models are deprecated and no longer supported:
 
12 S, 12 SP, 12 SP+
30 SP+, 30 VIP
7902, 7905, 7910 (including 7910 SW)
7912, 7920, 7921
7935, 7970, 7971
 
After you upgrade and switch over, these unsupported phone models can no longer 
register with Cisco Unified Communications Manager. Please power down and 
remove these phones so they do not continue registration attempts. Keeping 
these phones on your network creates unnecessary network traffic and load on 
the UCM service.
 
This is a Refresh Upgrade. Refresh Upgrades require an extended service outage 
and multiple reboots. Please refer to the Software Upgrades section of the 
Cisco Unified Communication Operating System Administration Guide for more 
information.
 
If there exists any weak ciphers (like 1DES,null_encryption, blowfish448, 
rijndael, md5 ) in IPSEC policies then they will be converted, 1DES as 
encryption cipher will be converted to AES128 ,
MD5 as hash will be converted to SHA256 and null_encryption,blowfish448, 
rijndael  as ESP to AES128.
 
In order to use Certificate-based authentication with IPsec both sides of the 
connection must use certificates signed by the same root CA in the trust chain. 
Self-signed IPsec certificates are
no longer supported and IPSec connections using self-signed certificates will 
fail.

https://www.cisco.com/web/software/286319236/146815/cucm-readme-1251su1-Rev2.pdf
 


Enjoy…..


> On Aug 21, 2019, at 12:04 PM, Lelio Fulgenzi  wrote:
> 
> Let’s just hope there’s not a compatibility mismatch with respect to the CUCM 
> version you’re running and the target ESXi version.
>  
> A lot of us (have to) wait for a few versions to pass before committing to 
> CUCM upgrades. Sounds like step/bridge upgrades are in our future once again. 
> 😊
>  
> Let’s hope the move to CentOS wasn’t _just_ an accounting decision. Maybe 
> with direct access to modify the kernel and underlying libraries, we can see 
> a bit more of a long term solution without having to update too frequently.
>  
> ---
> Lelio Fulgenzi, B.A. | Senior Analyst
> Computing and Communications Services | University of Guelph
> Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 
> 2W1
> 519-824-4120 Ext. 56354 | le...@uoguelph.ca 
>  
> www.uoguelph.ca/ccs  | @UofGCCS on Instagram, 
> Twitter and Facebook
>  
> 
>  
> From: Chester Rieman mailto:crie...@gmail.com>> 
> Sent: Wednesday, August 21, 2019 11:45 AM
> To: cisco-voip (cisco-voip@puck.nether.net 
> )  >
> Cc: Charles Goldsmith mailto:w...@woka.us>>; Lelio Fulgenzi 
> mailto:le...@uoguelph.ca>>
> Subject: Re: [cisco-voip] CUCM SU release cycle
>  
> Just to Chime in here….
>  
> From what I have seen upgrading in the lab upgrading to 12.5.1.11900-x 
> (12.5(1)SU1) from almost anything (even from 12.5.1.1-22) should be 
> considered a major upgrade,
> Similar to 8.6 where CUCM went to SELINUX with a new OS install.(especially 
> true when coming from 11.x since that OS is still redhat)
>  
> https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKUCC-2011.pdf 
> 
>  
> VMware shows CentOS7 is supported on ESXi 6.0.0 but Cisco says you need 
> 6.5/6.7 (which is true)
>  
> 11.x is RHEL6, 12.0 is CentOS6, 12.5 is CentOS7 and may involve an ESXi 
> upgrade prior to upgrading.
>  
> Bottom line, upgrade ESXi to 6.5/6.7 prior to attempting UCOS upgrade to 
> 12.5(1)SU1 and you cannot do a fresh install of 12.5SU1 but you can upgrade 
> from  base 12.5.1:
>  
> 
>  
> -Chester
>  
> 
> 
> On Aug 15, 2019, at 1:57 PM, Lelio Fulgenzi  > wrote:
>  
> I’m hoping that Webex calling will come out with a “video mesh node” 
> equivalent, so when your WAN link goes down, you have nodes on-premise to 
> service your phones.
>  
> That being said, chances are, that won’t happen. Cisco is going to expect you 
> to have a “Cloud Ready” network with multiple paths, QoS and peering set up.
>  
> I’m guessing may providers will soon have a backup 5G/6G cellular data option 
> available so if that squirrel finally gets through chewing the fibre, you can 
> prioritize voice traffic over the wireless backup link.
>  
> 

Re: [cisco-voip] CUCM SU release cycle

[Lelio Fulgenzi]

Let’s just hope there’s not a compatibility mismatch with respect to the CUCM 
version you’re running and the target ESXi version.

A lot of us (have to) wait for a few versions to pass before committing to CUCM 
upgrades. Sounds like step/bridge upgrades are in our future once again. 😊

Let’s hope the move to CentOS wasn’t _just_ an accounting decision. Maybe with 
direct access to modify the kernel and underlying libraries, we can see a bit 
more of a long term solution without having to update too frequently.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca

www.uoguelph.ca/ccs | @UofGCCS on Instagram, 
Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: Chester Rieman 
Sent: Wednesday, August 21, 2019 11:45 AM
To: cisco-voip (cisco-voip@puck.nether.net) 
Cc: Charles Goldsmith ; Lelio Fulgenzi 
Subject: Re: [cisco-voip] CUCM SU release cycle

Just to Chime in here….

From what I have seen upgrading in the lab upgrading to 12.5.1.11900-x 
(12.5(1)SU1) from almost anything (even from 12.5.1.1-22) should be 
considered a major upgrade,
Similar to 8.6 where CUCM went to SELINUX with a new OS install.(especially 
true when coming from 11.x since that OS is still redhat)

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKUCC-2011.pdf

VMware shows CentOS7 is supported on ESXi 6.0.0 but Cisco says you need 6.5/6.7 
(which is true)

11.x is RHEL6, 12.0 is CentOS6, 12.5 is CentOS7 and may involve an ESXi upgrade 
prior to upgrading.

Bottom line, upgrade ESXi to 6.5/6.7 prior to attempting UCOS upgrade to 
12.5(1)SU1 and you cannot do a fresh install of 12.5SU1 but you can upgrade 
from  base 12.5.1:

[cid:image002.png@01D55817.030CCBC0]

-Chester



On Aug 15, 2019, at 1:57 PM, Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

I’m hoping that Webex calling will come out with a “video mesh node” 
equivalent, so when your WAN link goes down, you have nodes on-premise to 
service your phones.

That being said, chances are, that won’t happen. Cisco is going to expect you 
to have a “Cloud Ready” network with multiple paths, QoS and peering set up.

I’m guessing may providers will soon have a backup 5G/6G cellular data option 
available so if that squirrel finally gets through chewing the fibre, you can 
prioritize voice traffic over the wireless backup link.



---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca

www.uoguelph.ca/ccs | @UofGCCS on Instagram, 
Twitter and Facebook



From: Charles Goldsmith mailto:w...@woka.us>>
Sent: Thursday, August 15, 2019 1:46 PM
To: Lelio Fulgenzi mailto:le...@uoguelph.ca>>
Cc: Ryan Huff mailto:ryanh...@outlook.com>>; Anthony 
Holloway 
mailto:avholloway+cisco-v...@gmail.com>>; 
cisco-voip voyp list 
mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] CUCM SU release cycle

Cloud is good for some things, IMHO, but not a once size fit all.  As we saw 
from last year, the cloud is not immune to outages.  Unless you are big enough 
to get a dedicated circuit, you have QoS issues.

I have yet to see WxTeams work seamlessly on my mobile, the bug is back where 
it continues to ring after I answer on elsewhere.

My cloud connected home phone is rock solid (8865 to WxTeams), aside from the 
occasional QoS hiccup, but I would get that with any provider, not just Webex.

Would I advise my bigger customers to switch?  Not yet.  Hybrid calling is good 
for now and a properly built UCM cluster just can't be beat if you have a well 
built network, etc.

On Thu, Aug 15, 2019 at 12:38 PM Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:

Cisco is paying for clients who get “Cloud or Bust” tattoos.

That’s a sign of good things to come.

I’m convinced.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca

www.uoguelph.ca/ccs | @UofGCCS on Instagram, 
Twitter and Facebook



From: Ryan Huff mailto:ryanh...@outlook.com>>
Sent: Thursday, August 15, 2019 1:31 PM
To: Lelio Fulgenzi mailto:le...@uoguelph.ca>>
Cc: Anthony Holloway 
mailto:avholloway%2bcisco-v...@gmail.com>>; 
Charles Goldsmith mailto:w...@woka.us>>; cisco-voip voyp list 
mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] CUCM SU release cycle

Let’s not get ahead of ourselves there ;). Just like war, usually (but not 
always) the people who want 100% cloud calling or think it’s a 

Re: [cisco-voip] CUCM SU release cycle

[Chester Rieman]

Just to Chime in here….

From what I have seen upgrading in the lab upgrading to 12.5.1.11900-x 
(12.5(1)SU1) from almost anything (even from 12.5.1.1-22) should be 
considered a major upgrade,
Similar to 8.6 where CUCM went to SELINUX with a new OS install.(especially 
true when coming from 11.x since that OS is still redhat)

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKUCC-2011.pdf 


VMware shows CentOS7 is supported on ESXi 6.0.0 but Cisco says you need 6.5/6.7 
(which is true)

11.x is RHEL6, 12.0 is CentOS6, 12.5 is CentOS7 and may involve an ESXi upgrade 
prior to upgrading.

Bottom line, upgrade ESXi to 6.5/6.7 prior to attempting UCOS upgrade to 
12.5(1)SU1 and you cannot do a fresh install of 12.5SU1 but you can upgrade 
from  base 12.5.1:



-Chester


> On Aug 15, 2019, at 1:57 PM, Lelio Fulgenzi  wrote:
> 
> I’m hoping that Webex calling will come out with a “video mesh node” 
> equivalent, so when your WAN link goes down, you have nodes on-premise to 
> service your phones.
>  
> That being said, chances are, that won’t happen. Cisco is going to expect you 
> to have a “Cloud Ready” network with multiple paths, QoS and peering set up.
>  
> I’m guessing may providers will soon have a backup 5G/6G cellular data option 
> available so if that squirrel finally gets through chewing the fibre, you can 
> prioritize voice traffic over the wireless backup link.
>  
>  
>  
> ---
> Lelio Fulgenzi, B.A. | Senior Analyst
> Computing and Communications Services | University of Guelph
> Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 
> 2W1
> 519-824-4120 Ext. 56354 | le...@uoguelph.ca 
>  
> www.uoguelph.ca/ccs  | @UofGCCS on Instagram, 
> Twitter and Facebook
>  
> 
>  
> From: Charles Goldsmith mailto:w...@woka.us>> 
> Sent: Thursday, August 15, 2019 1:46 PM
> To: Lelio Fulgenzi mailto:le...@uoguelph.ca>>
> Cc: Ryan Huff mailto:ryanh...@outlook.com>>; Anthony 
> Holloway  >; cisco-voip voyp list 
> mailto:cisco-voip@puck.nether.net>>
> Subject: Re: [cisco-voip] CUCM SU release cycle
>  
> Cloud is good for some things, IMHO, but not a once size fit all.  As we saw 
> from last year, the cloud is not immune to outages.  Unless you are big 
> enough to get a dedicated circuit, you have QoS issues.
>  
> I have yet to see WxTeams work seamlessly on my mobile, the bug is back where 
> it continues to ring after I answer on elsewhere.
>  
> My cloud connected home phone is rock solid (8865 to WxTeams), aside from the 
> occasional QoS hiccup, but I would get that with any provider, not just Webex.
>  
> Would I advise my bigger customers to switch?  Not yet.  Hybrid calling is 
> good for now and a properly built UCM cluster just can't be beat if you have 
> a well built network, etc.
>  
> On Thu, Aug 15, 2019 at 12:38 PM Lelio Fulgenzi  > wrote:
>  
> Cisco is paying for clients who get “Cloud or Bust” tattoos.
>  
> That’s a sign of good things to come.
>  
> I’m convinced.
>  
> ---
> Lelio Fulgenzi, B.A. | Senior Analyst
> Computing and Communications Services | University of Guelph
> Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 
> 2W1
> 519-824-4120 Ext. 56354 | le...@uoguelph.ca 
>  
> www.uoguelph.ca/ccs  | @UofGCCS on Instagram, 
> Twitter and Facebook
>  
> 
>  
> From: Ryan Huff mailto:ryanh...@outlook.com>> 
> Sent: Thursday, August 15, 2019 1:31 PM
> To: Lelio Fulgenzi mailto:le...@uoguelph.ca>>
> Cc: Anthony Holloway  >; Charles Goldsmith  >; cisco-voip voyp list  >
> Subject: Re: [cisco-voip] CUCM SU release cycle
>  
> Let’s not get ahead of ourselves there ;). Just like war, usually (but not 
> always) the people who want 100% cloud calling or think it’s a great idea are 
> the people who’ve never experienced it.. lol
> 
> Sent from my iPhone
>  
> 
> On Aug 15, 2019, at 13:22, Lelio Fulgenzi  > wrote:
> 
> 
> You forgot how everyone will be migrating to Webex Calling before then. And 
> your upgrade cycle will be out of control. Just like how Webex Teams has that 
> green restart symbol every two weeks.
>  
> ---
> Lelio Fulgenzi, B.A. | Senior Analyst
> Computing and Communications Services | University of Guelph
> Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 
> 2W1
> 519-824-4120 Ext. 56354 | le...@uoguelph.ca 
>  
> www.uoguelph.ca/ccs 
>