Cisco Cisco Expressway 维护手册
2.
Add the details of a Cisco Unity Connection publisher node:
a.
Click New.
b.
Enter the Unity Connection address.
You can enter an FQDN or an IP address, but we recommend using the FQDN when TLS verify mode is
On.
On.
c.
Enter the Username and Password of an account that can access this server.
Note:
These credentials are stored permanently in the Expressway database.
d.
[Recommended] Leave TLS verify mode switched On to ensure Expressway verifies the node's tomcat
certificate.
certificate.
e.
[Optional] Select which deployment this node/cluster will belong to.
The Deployment field does not show if you have not created multiple deployments. All nodes belong to the
default deployment if you choose not to use multiple deployments.
default deployment if you choose not to use multiple deployments.
f.
Click Add address.
If you enabled TLS verify mode, then the Expressway tests whether a secure connection can be
established. It does this so you can find any TLS configuration errors before it continues the discovery
process.
established. It does this so you can find any TLS configuration errors before it continues the discovery
process.
If the secure connection test was successful, or if you did not enable TLS verify mode, then the system
attempts to contact the publisher and retrieve details of its associated nodes.
attempts to contact the publisher and retrieve details of its associated nodes.
3.
Repeat the discovery procedure for other Cisco Unity Connection nodes/clusters, if required.
4.
Click Refresh servers to refresh all the node details after configuring multiple publisher addresses.
Automatically Generated Zones and Search Rules
Expressway-C automatically generates non-configurable neighbor zones between itself and each discovered Unified
CM node. A TCP zone is always created, and a TLS zone is created also if the Unified CM node is configured with a
Cluster Security Mode (System > Enterprise Parameters > Security Parameters) of 1 (Mixed) (so that it can support
devices provisioned with secure profiles). The TLS zone is configured with its TLS verify mode set to On if the Unified
CM discovery had TLS verify mode enabled. This means that the Expressway-C will verify the CallManager
certificate for subsequent SIP communications. Each zone is created with a name in the format 'CEtcp-<node name>'
or 'CEtls-<node name>'.
CM node. A TCP zone is always created, and a TLS zone is created also if the Unified CM node is configured with a
Cluster Security Mode (System > Enterprise Parameters > Security Parameters) of 1 (Mixed) (so that it can support
devices provisioned with secure profiles). The TLS zone is configured with its TLS verify mode set to On if the Unified
CM discovery had TLS verify mode enabled. This means that the Expressway-C will verify the CallManager
certificate for subsequent SIP communications. Each zone is created with a name in the format 'CEtcp-<node name>'
or 'CEtls-<node name>'.
A non-configurable search rule, following the same naming convention, is also created automatically for each zone.
The rules are created with a priority of 45. If the Unified CM node that is targeted by the search rule has a long name,
the search rule will use a regex for its address pattern match.
The rules are created with a priority of 45. If the Unified CM node that is targeted by the search rule has a long name,
the search rule will use a regex for its address pattern match.
Note that load balancing is managed by Unified CM when it passes routing information back to the registering
endpoints.
endpoints.
Why Should I Refresh the Discovered Nodes?
When the Expressway-C "discovers" a Unified Communications node, it establishes a connection to read the
information required to create zones and search rules to proxy requests originating from outside of the network in
towards that node.
information required to create zones and search rules to proxy requests originating from outside of the network in
towards that node.
This configuration information is static. That is, the Expressway only reads it when you manually initiate discovery of
a new node, or when you refresh the configuration of previously discovered nodes. If any related configuration has
changed on a node after you discover it, the mismatch between the new configuration and what the Expressway-C
knows of that node will probably cause some kind of failure.
a new node, or when you refresh the configuration of previously discovered nodes. If any related configuration has
changed on a node after you discover it, the mismatch between the new configuration and what the Expressway-C
knows of that node will probably cause some kind of failure.
The information that the Expressway-C reads from the Unified Communications node is different for each node type
and its role. The following list contains examples of UC configuration that you can expect to require a refresh from the
Expressway. The list is not exhaustive; if you suspect that a configuration change on a node is affecting
MRA services, you should refresh those nodes to eliminate one known source of potential problems.
and its role. The following list contains examples of UC configuration that you can expect to require a refresh from the
Expressway. The list is not exhaustive; if you suspect that a configuration change on a node is affecting
MRA services, you should refresh those nodes to eliminate one known source of potential problems.
57
Cisco Expressway Administrator Guide