Specifications
3-32
Cisco Unified Communications Manager Managed Services Guide, Release 8.0(1)
OL-20105-01
Chapter 3 Managing and Monitoring the Health of Cisco Unified Communications Manager Systems
Platform Monitoring
• admin:utils dbreplication reset all/nodename
• admin:utils dbreplication stop
• admin:utils dbreplication dropadmindb
• admin:utils dbreplication setrepltimeout
• show tech dbstateinfo
• show tech dbinuse
• show tech notify
• run sql <query>
Hardware Migration
Customers may wish to migrate their Cisco Unified CM to more powerful hardware, either to prepare
for upgrading to a later Cisco Unified CM release that does not support the older hardware, or just to
leverage capabilities only available in the more powerful hardware, such as increases in
capacity/performance or RAID. The procedure is to backup from the old hardware, install the same
Cisco Unified CM release to the new hardware, then restore on the new hardware.
Migrating to more powerful hardware may require a migration SKU to cover royalties Cisco owes to
third-parties. If you are considering this, have your account team check the Guide to Cisco Unified CM
Upgrades and Server Migrations, which is a supplement to the Cisco Unified CM Ordering Guide.
Platform Security
The following topics are covered in this section:
• Locked-down System, page 3-32
• Cisco Security Agent Support, page 3-33
• Security Patching and Updating, page 3-33
• Role-Based Access Control, page 3-33
Locked-down System
For security, Cisco Security Agent is included along with a built-in firewall controlling connectivity
among all cluster nodes, via IP tables and sensitive ports defined by the application. No AntiVirus
application is installed on the appliance. The native OS used by the appliance is also hardened to
minimize attack surface and vulnerabilities; fewer than 200 of the thousands of available packages are
used to eliminate unused software and the corresponding vulnerabilities.
No “on-box” e-mail clients or Web browsers are supported, all unnecessary logins have been removed
or disabled, and all software is provided by Cisco and digitally signed to ensure it is authorized by Cisco.
The GUI, CLI, and API interfaces that Cisco provides are the only methods to administer the system,
and authentication is required for users to interact with them. It also useful to note that appliances of this
sort are less frequently targets of malware than Microsoft Windows or other systems with open-system
access to the native OS, so significantly fewer patches need to be applied to the base OS.
Cisco Unified CM regulates its TCP/UDP port usage. See the “Cisco Unified Communications Manager
TCP and UDP Port Usage” document for each Cisco Unified CM release for the specific list.