<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-2022-jp">
<base href="x-msg://9207/">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
Good point Eric,
<div><br>
</div>
<div>Its for the point you made that I recommend reading Akhil's book (<a href="http://www.amazon.com/dp/1587142953">http://www.amazon.com/dp/1587142953</a>) before doing any work with CTL Files.</div>
<div><br>
</div>
<div>In-fact everyone running (or upgrading to) UCM 8.0 or above should read his book as IPT Security is no longer an add-on/option because of Security by Default. It's very important to have a good understanding of how Cisco's internal implementation of PKI
works, especially when working with multiple clusters are you pointed out.</div>
<div><br>
</div>
<div>UnifiedFX are starting the beta of the next version of PhoneView (Version 3.1) that has some great new and unique features, including a very relevant endpoint security feature. If anyone is interested in testing out the new version email <a href="mailto:beta@unifiedfx.com">beta@unifiedfx.com</a></div>
<div><br>
</div>
<div>Also,</div>
<div>The book has some good reviews (some almost as long as the book ;) I also wrote a review if anyone wants a quick summary:</div>
<div><br>
</div>
<div><a href="http://www.amazon.com/review/R30F5QJYK17QZU/ref=cm_cr_pr_perm?ie=UTF8&ASIN=1587142953&linkCode=&nodeID=&tag=">http://www.amazon.com/review/R30F5QJYK17QZU/ref=cm_cr_pr_perm?ie=UTF8&ASIN=1587142953&linkCode=&nodeID=&tag=</a></div>
<div><br>
</div>
<div>Thanks</div>
<div><br>
</div>
<div>Stephen Welsh</div>
<div>CTO</div>
<div><a href="http://www.unifiedfx.com">http://www.unifiedfx.com</a></div>
<div><br>
<div>
<div>On 18 May 2013, at 17:59, Eric Pedersen <<a href="mailto:PedersenE@bennettjones.com">PedersenE@bennettjones.com</a>></div>
<div> wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div dir="auto" fpstyle="1" ocsi="0" style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; ">
<div style="direction: ltr; font-family: Tahoma; font-size: 10pt; ">If you want to be able to move phones between the clusters without erasing the CTL, you need to put all the keys on both clusters. Otherwise when the phone moves to the other cluster it will
get a new CTL file signed by an unknown certificate and reject it. I made that mistake before I understood what was going on...
<div><br>
<div style="font-family: 'Times New Roman'; font-size: 16px; ">
<hr tabindex="-1">
<div id="divRpF885998" style="direction: ltr; "><font face="Tahoma" size="2"><b>From:</b><span class="Apple-converted-space"> </span>cisco-voip [<a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a>] on behalf of Erich Novak
[<a href="mailto:Erich.Novak@nts.eu">Erich.Novak@nts.eu</a>]<br>
<b>Sent:</b><span class="Apple-converted-space"> </span>Friday, May 17, 2013 12:20 PM<br>
<b>To:</b><span class="Apple-converted-space"> </span>Lelio Fulgenzi<br>
<b>Cc:</b><span class="Apple-converted-space"> </span>VoIP List Cisco<br>
<b>Subject:</b><span class="Apple-converted-space"> </span>Re: [cisco-voip] question about those funky USB token keys<br>
</font><br>
</div>
<div></div>
<div>
<div>You could use all keys on both clusters... Or any combination of at least 2 on each cluster - there is nothing happening on the tokens.</div>
<div><br>
</div>
<div>Brgds</div>
<div>Erich</div>
<div>Am 17.05.2013 um 20:09 schrieb "Lelio Fulgenzi" <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>>:<br>
<br>
</div>
<blockquote type="cite">
<div style="font-family: Verdana; font-size: 10pt; "><br>
So I need to buy some of those USB token keys for security. We have two clusters, a test cluster and a production cluster. I'd like to buy two for the test cluster and three for the production cluster to be sure.<br>
<br>
>From what I understand, the product is: KEY-CCM-ADMIN-K9= and there's no "pairing" of the keys by any means from the factory, so I can just order as many as I need, so I'm thinking, just order 5.<br>
<br>
Question though, can I use the same key to store the certs from different clusters?<span class="Apple-converted-space"> </span><br>
<br>
Lelio<br>
<br>
<span><br>
<span name="x"></span>---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst, Data Centre and Communications Facilities<br>
Computing and Communications Services (CCS)<br>
University of Guelph<br>
<br>
519$B!>(B824$B!>(B4120 Ext 56354<br>
<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><br>
<a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><br>
Room 037, Animal Science and Nutrition Building<br>
Guelph, Ontario, N1G 2W1<span name="x"></span><br>
</span><br>
</div>
</blockquote>
<blockquote type="cite"><span>_______________________________________________</span><br>
<span>cisco-voip mailing list</span><br>
<span><a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a></span><br>
<span><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a></span><br>
</blockquote>
</div>
</div>
</div>
</div>
<pre>The contents of this message may contain confidential and/or privileged
subject matter. If this message has been received in error, please contact
the sender and delete all copies. Like other forms of communication,
e-mail communications may be vulnerable to interception by unauthorized
parties. If you do not wish us to communicate with you by e-mail, please
notify us at your earliest convenience. In the absence of such
notification, your consent is assumed. Should you choose to allow us to
communicate by e-mail, we will not take any additional security measures
(such as encryption) unless specifically requested.
_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a></pre>
</div>
</blockquote>
</div>
<br>
</div>
</body>
</html>