Mike's PBX Cookbook

UCM Security Configuration

The UCM security domain provides central authentication, authorization, and secure communication between member elements. Member elements can all be accessed with the Primary security server username/password: called "Single Sign-On". VxWorks (CS1K) and Linux elements must all register with the security domain, establishing a mutual trust, in order to function normally.

A UCM security domain comprises a primary security server, an optional backup security server, and associated member servers.

The following is a quick list of key points:

Primary Security Server

The primary security server must be deployed first. After installing and patching the Linux Base, web browse to the elements (TLAN) IP address, or FQDN/local-login. Login with the local user account (admin2), and configure the security domain as follows:

1.png
Login locally, select Full security configuration,
then click Security Configuration
2.png
Click Next...
3.png
Select a Server Type: Primary, Backup, or Member.
Click Next
4.png
Enter the Administrator password, and confirm.
Click Next
5.png
Enter the information required to produce the certificate.
Click Finish
6.png
After a short pause, the certificate fingerprint is displayed.
Click Restart - ONCE!!
7.png
As instructed, close the browser window
8.png
When security is configured, you have the option
to demote the server (compare with first picture)
1 2 3 4 5 6 7 8

Backup Security/Member Server(s)

Having deployed the primary security server, an optional backup security server, and/or member servers can be deployed.

Configuration is similar, but Backup/Member Servers will join the primary servers secure domain and import the certificate information. However, if you changed the bit length on the primary (eg, to 512), make sure you match the setting here.

  1. Select Server Type: Backup security server, or Member server as appropriate.
  2. Enter the TLAN address of the Primary security server, click Next.
  3. Enter the Primary security server username/password, click Next.
  4. The security information screen is "auto-filled", but check the bit length setting.
  5. After the Security Configuration is complete, click Restart.

Note: The restart process may take up to 5 minutes, after which you can log in with your secure username/password.