[cisco-voip] CUCM SU release cycle

Lelio Fulgenzi lelio at uoguelph.ca
Wed Aug 21 14:22:21 EDT 2019


I guess I’m speaking about something like an v11.0 to v12.5 upgrade.

V11.0 only supports: 5.0 U1, 5.1, 5.5, and 6.0
V12.5 only supports: 6.5, 6.7

V11.0 is not that old, and, yes, while they should be on 11.5, they’re not.

An upgrade to 12.5 will be a challenge. Hopefully “bridge” upgrades are supported.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: Chester Rieman <crieman at gmail.com>
Sent: Wednesday, August 21, 2019 12:18 PM
To: Lelio Fulgenzi <lelio at uoguelph.ca>
Cc: cisco-voip (cisco-voip at puck.nether.net) <cisco-voip at puck.nether.net>; Charles Goldsmith <w at woka.us>
Subject: Re: [cisco-voip] CUCM SU release cycle

Hi Lelio,
 Checked that here:
Compatibility:
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/uc_system/virtualization/virtualization-cisco-unified-communications-manager.html

[cid:image002.png at 01D5582B.D75EF420]

I Believe a large part of it was to implement workaround for specter/meltdown

Banner message when upgrading:

Warning: The following phone models are deprecated and no longer supported:

                    12 S, 12 SP, 12 SP+
                    30 SP+, 30 VIP
                    7902, 7905, 7910 (including 7910 SW)
                    7912, 7920, 7921
                    7935, 7970, 7971

After you upgrade and switch over, these unsupported phone models can no longer register with Cisco Unified Communications Manager. Please power down and remove these phones so they do not continue registration attempts. Keeping these phones on your network creates unnecessary network traffic and load on the UCM service.

This is a Refresh Upgrade. Refresh Upgrades require an extended service outage and multiple reboots. Please refer to the Software Upgrades section of the Cisco Unified Communication Operating System Administration Guide for more information.

If there exists any weak ciphers (like 1DES,null_encryption, blowfish448, rijndael, md5 ) in IPSEC policies then they will be converted, 1DES as encryption cipher will be converted to AES128 ,
MD5 as hash will be converted to SHA256 and null_encryption,blowfish448, rijndael  as ESP to AES128.

In order to use Certificate-based authentication with IPsec both sides of the connection must use certificates signed by the same root CA in the trust chain. Self-signed IPsec certificates are
no longer supported and IPSec connections using self-signed certificates will fail.

https://www.cisco.com/web/software/286319236/146815/cucm-readme-1251su1-Rev2.pdf

Enjoy…..



On Aug 21, 2019, at 12:04 PM, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:

Let’s just hope there’s not a compatibility mismatch with respect to the CUCM version you’re running and the target ESXi version.

A lot of us (have to) wait for a few versions to pass before committing to CUCM upgrades. Sounds like step/bridge upgrades are in our future once again. 😊

Let’s hope the move to CentOS wasn’t _just_ an accounting decision. Maybe with direct access to modify the kernel and underlying libraries, we can see a bit more of a long term solution without having to update too frequently.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

<image001.png>

From: Chester Rieman <crieman at gmail.com<mailto:crieman at gmail.com>>
Sent: Wednesday, August 21, 2019 11:45 AM
To: cisco-voip (cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>) <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Cc: Charles Goldsmith <w at woka.us<mailto:w at woka.us>>; Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
Subject: Re: [cisco-voip] CUCM SU release cycle

Just to Chime in here….

From what I have seen upgrading in the lab upgrading to 12.5.1.11900-x (12.5(1)SU1) from almost anything (even from 12.5.1.10000-22) should be considered a major upgrade,
Similar to 8.6 where CUCM went to SELINUX with a new OS install.(especially true when coming from 11.x since that OS is still redhat)

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKUCC-2011.pdf

VMware shows CentOS7 is supported on ESXi 6.0.0 but Cisco says you need 6.5/6.7 (which is true)

11.x is RHEL6, 12.0 is CentOS6, 12.5 is CentOS7 and may involve an ESXi upgrade prior to upgrading.

Bottom line, upgrade ESXi to 6.5/6.7 prior to attempting UCOS upgrade to 12.5(1)SU1 and you cannot do a fresh install of 12.5SU1 but you can upgrade from  base 12.5.1:

<image002.png>

-Chester




On Aug 15, 2019, at 1:57 PM, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:

I’m hoping that Webex calling will come out with a “video mesh node” equivalent, so when your WAN link goes down, you have nodes on-premise to service your phones.

That being said, chances are, that won’t happen. Cisco is going to expect you to have a “Cloud Ready” network with multiple paths, QoS and peering set up.

I’m guessing may providers will soon have a backup 5G/6G cellular data option available so if that squirrel finally gets through chewing the fibre, you can prioritize voice traffic over the wireless backup link.



---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

<image001.png>

From: Charles Goldsmith <w at woka.us<mailto:w at woka.us>>
Sent: Thursday, August 15, 2019 1:46 PM
To: Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
Cc: Ryan Huff <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>>; Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:avholloway+cisco-voip at gmail.com>>; cisco-voip voyp list <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] CUCM SU release cycle

Cloud is good for some things, IMHO, but not a once size fit all.  As we saw from last year, the cloud is not immune to outages.  Unless you are big enough to get a dedicated circuit, you have QoS issues.

I have yet to see WxTeams work seamlessly on my mobile, the bug is back where it continues to ring after I answer on elsewhere.

My cloud connected home phone is rock solid (8865 to WxTeams), aside from the occasional QoS hiccup, but I would get that with any provider, not just Webex.

Would I advise my bigger customers to switch?  Not yet.  Hybrid calling is good for now and a properly built UCM cluster just can't be beat if you have a well built network, etc.

On Thu, Aug 15, 2019 at 12:38 PM Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:

Cisco is paying for clients who get “Cloud or Bust” tattoos.

That’s a sign of good things to come.

I’m convinced.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, Twitter and Facebook

<image001.png>

From: Ryan Huff <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>>
Sent: Thursday, August 15, 2019 1:31 PM
To: Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
Cc: Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:avholloway%2Bcisco-voip at gmail.com>>; Charles Goldsmith <w at woka.us<mailto:w at woka.us>>; cisco-voip voyp list <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] CUCM SU release cycle

Let’s not get ahead of ourselves there ;). Just like war, usually (but not always) the people who want 100% cloud calling or think it’s a great idea are the people who’ve never experienced it.. lol
Sent from my iPhone

On Aug 15, 2019, at 13:22, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:

You forgot how everyone will be migrating to Webex Calling before then. And your upgrade cycle will be out of control. Just like how Webex Teams has that green restart symbol every two weeks.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs&data=02%7C01%7C%7C22113f37d40644de57c608d721a523d2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637014865456429669&sdata=Pd10jsjcQBMgJXb1etRx7L0VkkiGRtg%2B06QmkUhomqY%3D&reserved=0> | @UofGCCS on Instagram, Twitter and Facebook

<image001.png>

From: Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:avholloway+cisco-voip at gmail.com>>
Sent: Thursday, August 15, 2019 12:05 PM
To: Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
Cc: Charles Goldsmith <w at woka.us<mailto:w at woka.us>>; cisco-voip voyp list <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] CUCM SU release cycle

So if I do the math...

No more minor versions
...punches some keys...

And 2 month SU cycles
...punches more keys....

With an upper limit of 3 SUs
...punches even more keys...

That's a new major version every 6 months!

That means we'll see
..key punching intensifies...

CUCM 69 by mid-2046.  Just in time for me to retire!

On Thu, Aug 15, 2019 at 10:57 AM Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:
Pretty sure I remember them saying there likely wouldn’t be that many SU’s either, three at most?

*sigh*

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>

www.uoguelph.ca/ccs<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uoguelph.ca%2Fccs&data=02%7C01%7C%7C22113f37d40644de57c608d721a523d2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637014865456439678&sdata=nPmXLEtfP23uE8IG5eNiL4ouIBaMQ0a7bU6IrVmF7Xc%3D&reserved=0> | @UofGCCS on Instagram, Twitter and Facebook

<image001.png>

From: cisco-voip <cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>> On Behalf Of Anthony Holloway
Sent: Thursday, August 15, 2019 11:50 AM
To: Charles Goldsmith <w at woka.us<mailto:w at woka.us>>
Cc: cisco-voip voyp list <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] CUCM SU release cycle

Make it SU5 in memory of the .5 releases.

On Thu, Aug 15, 2019 at 9:18 AM Charles Goldsmith <w at woka.us<mailto:w at woka.us>> wrote:
I didn't see an announcement, was just told about the change, Cisco doesn't like us waiting for the .5 release to push out to customers.  We all know that the .0 releases have historically been more challenging.

So now, I plan to wait until at least su2 before upgrading :)


On Thu, Aug 15, 2019 at 9:15 AM Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:avholloway%2Bcisco-voip at gmail.com>> wrote:
Why not just all Major versions all the time?  Google Chrome is on version 76.

But seriously though, anyone got a reference to this announcement?  I didn't see it in the cisco live preso linked earlier.

If not, what's the reported reason for dropping minor release numbers?

On Thu, Aug 15, 2019 at 5:40 AM Ryan Huff <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>> wrote:
After 12.5, no more “.5” releases, it’ll just be major versions (and the SUs in between). After 12.5 we skip 13 and go right to 14 (then presumably, 15 after that).
Sent from my iPhone

On Aug 15, 2019, at 02:05, Anthony Holloway <avholloway+cisco-voip at gmail.com<mailto:avholloway%2Bcisco-voip at gmail.com>> wrote:

What's going on with .5 releases?  I don't think I heard about that.

On Wed, Aug 14, 2019 at 11:16 PM Charles Goldsmith <w at woka.us<mailto:w at woka.us>> wrote:
Yeah, I think with the move away from the .5 releases, we'll be getting more SU's and less major releases.

On Wed, Aug 14, 2019 at 10:58 PM Ki Wi <kiwi.voice at gmail.com<mailto:kiwi.voice at gmail.com>> wrote:
Hi Group,
in the past , the SU release is every 6 months (usually longer than that, approximately twice a year maximum) but now Cisco is changing to every 2 months?

Reference : Page 20 of the link
https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/PSOCOL-1000.pdf<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ciscolive.com%2Fc%2Fdam%2Fr%2Fciscolive%2Fus%2Fdocs%2F2019%2Fpdf%2FPSOCOL-1000.pdf&data=02%7C01%7C%7C22113f37d40644de57c608d721a523d2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637014865456439678&sdata=yeh%2BPcDLDmSl8oD0w3mTIZBpZXMDrDLZWh5YVl9aV4U%3D&reserved=0>


--
Regards,
Ki Wi
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7C22113f37d40644de57c608d721a523d2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637014865456449683&sdata=hswrIv%2FhhzYNqP8qwgdZY0pAcfi%2BOwJD7xUL7reKvhs%3D&reserved=0>
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7C22113f37d40644de57c608d721a523d2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637014865456449683&sdata=hswrIv%2FhhzYNqP8qwgdZY0pAcfi%2BOwJD7xUL7reKvhs%3D&reserved=0>
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7C8f229ab7944c4083959608d72146906c%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637014459258670341&sdata=2Ovozm%2FGSCWnNZNpQ4h0zz4VcUi5L%2B3gr1OsZb8FD9M%3D&reserved=0<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7C22113f37d40644de57c608d721a523d2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637014865456459688&sdata=iVaM7QHz64pJg8LbFCoZ5GE9DuUgfXGnAell0aW9dXQ%3D&reserved=0>
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7C22113f37d40644de57c608d721a523d2%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637014865456479707&sdata=%2B5VpSOlf2Og6F4ruvWr0BBkcwFfbUirCmuxxQI1QqZk%3D&reserved=0
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190821/2deae69b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1297 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190821/2deae69b/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 20097 bytes
Desc: image002.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190821/2deae69b/attachment-0001.png>


More information about the cisco-voip mailing list