[cisco-voip] CM Security password
Jason Burns
burns.jason at gmail.com
Wed Jan 26 07:01:50 EST 2011
I started this test on 7.1.5 in the lab yesterday and the backup files are
not encrypted. I didn't get a chance to change the sec pass and restore.
On Jan 25, 2011 6:21 PM, "Wes Sisk" <wsisk at cisco.com> wrote:
> I believe this came with the CM 8.0 feature of security by default and
> automatically encrypted backups:
>
>
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/8_0_1/secugd/secusbd.html#wp1092151
>
> Encrypted backup depends on correct password to restore. Before this
> you *may* be able to get by with mismatch passwords. I seem to recall it
> being possible but have not tested and cannot find documentation.
>
> Regards,
> Wes
>
> On 1/25/2011 5:22 PM, Ed Leatherman wrote:
>> Jason,
>>
>> Good call.. I checked on our system and no such message comes up when
>> I kick off a manual backup (which doesn't mean it isn't the case
>> though).
>>
>> I'm going to try to build this in the lab and see what happens with a
>> production backup.. licenses won't work but that shouldn't matter to
>> test this.
>>
>> I'm leaning towards changing the cluster password anyway to avoid any
>> potential upgrade or hardware migration issues in the future.
>>
>>
>>
>> On Tue, Jan 25, 2011 at 11:00 AM, Jason Burns<burns.jason at gmail.com>
wrote:
>>> The current CUCM 8.5.1 implementation of DRS prompts you with this
message
>>> before you start a backup:
>>>
>>> ============
>>> The DRS Backup archive encryption depends on the current security
password
>>> (Provided at the time of install). During a restore, you could be
prompted
>>> to enter this security password if this password has been changed.
>>> ============
>>> So in that case you're hosed.
>>> I'll have to check if that same behavior exists in 7.1.5.
>>> On Sun, Jan 23, 2011 at 7:45 PM, Ed Leatherman<ealeatherman at gmail.com>
>>> wrote:
>>>> Hello,
>>>>
>>>> When doing a restore from backup, does the cluster security password
>>>> get set from the backup files, or must it be set to match when you
>>>> initially install CM on the hardware?
>>>>
>>>> The reason I ask is, we were going to replace publisher hardware this
>>>> morning, but when we go to the step in the CM install (7.1.5) where
>>>> you enter the cluster security password and used our current security
>>>> password, it came back and said it was based on a dictionary word.
>>>> Now.. i'm guessing CM is checking against the Klingon dictionary at
>>>> this point, since the password is gibberish, and mostly special
>>>> characters. The current cluster password was set when we first
>>>> installed CM 5.
>>>>
>>>> Regardless.. if I install using some other password it accepts, and
>>>> then restore the publisher from normal per the procedure - will the
>>>> backup files restore the correct cluster security password, or am I
>>>> stuck at this point with going around and changing the current
>>>> password? Anyone else ever run into this?
>>>>
>>>> --
>>>> Ed Leatherman
>>>> _______________________________________________
>>>> cisco-voip mailing list
>>>> cisco-voip at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110126/773eccbd/attachment.html>
More information about the cisco-voip
mailing list