[cisco-voip] Prepare Cluster for Rollback to pre 8.0 Parameter - still valid for moving to different hardware?

Lelio Fulgenzi lelio at uoguelph.ca
Wed Feb 28 15:47:18 EST 2018


Interesting. We’ll have to see how 11.5 plays into the process. We plan on testing things on a development cluster to ensure the process works. Last thing we need is to have staff reset their own phones. Yuck.


---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: bmeade90 at gmail.com [mailto:bmeade90 at gmail.com] On Behalf Of Brian Meade
Sent: Wednesday, February 28, 2018 12:46 PM
To: Anthony Holloway <avholloway+cisco-voip at gmail.com>
Cc: Lelio Fulgenzi <lelio at uoguelph.ca>; voyp list, cisco-voip (cisco-voip at puck.nether.net) <cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Prepare Cluster for Rollback to pre 8.0 Parameter - still valid for moving to different hardware?

That's what I would do.  Sometimes new versions have issues with restored certs so may be worth doing the rollback method and not completely relying on DRS.

If you have 2 clusters with different IPs and both online at the same time, definitely a better idea to use the Bulk Certificate Export/Consolidate/Import method.

https://supportforums.cisco.com/t5/collaboration-voice-and-video/migrating-ip-phones-between-clusters-with-cucm-8-and-itl-files/ta-p/3108501

Also keep in mind, post 11.5(1)SU3? I believe they started signing the ITL with the recovery key instead which may not restore the same, haven't tried restoring the ITL recovery key yet.

On Wed, Feb 28, 2018 at 12:16 PM, Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:avholloway+cisco-voip at gmail.com>> wrote:
Your first step is incorrect.  You need to restart TFTP and TVS first, then reset phones.

Now, the scenario you described, you wouldn't even need this, would you?  Because your servers and more importantly, certificates, are staying the same, you're just upgrading the application.  Unless of course you were planning on regenerating certs before moving phones over, but you didn't say that, and you might as well just wait until the phones are moved, then regenerating certs is actually easy, and doesn't require special considerations like cert combo and rollback.  You just regen one server at a time, resetting the phones so they learn about the new server identity, while still trusting one or more servers in the cluster.

But, yes, this is the main go to method for me when migrating phones from one cluster to another (not hardware).  Keep in mind, that if the old cluster is staying around, and phones need to move between them, then sharing/combining certs would be the answer.

I think I said everything correct...  Brian Meade seems to be the Chief Security Office around these parts, so let's see what he says.


On Wed, Feb 28, 2018 at 10:58 AM Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:

In the past, we used this parameter to prepare phones to be homed to a different set of hardware.

For example:


  *   Set parameter to true, reset phones.
  *   In an offline network, restore from DRS and upgrade servers
  *   During a maintenance window, turn off version A servers and turn on version B servers
  *   Wait for TFTP timeout/reset for phones to begin talking with new TFTP server
  *   Once all phones are registered, set parameter to false, reset phones

Just wondering if this is still the way to get phones registered to different cluster hardware.

Lelio


---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354<tel:(519)%20824-4120> | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs><http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180228/a8873b73/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1297 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180228/a8873b73/attachment.png>


More information about the cisco-voip mailing list