Cisco Identity Services Engine Announced

20 April 2011
Cisco Systems announced on 19/3/2011 their new Identity Services Engine (ISE) platform which is the one of the main components of their over arching Trustsec architecture.

The full product brief is here:
Cisco ISE

ISE according to Cisco will tactically replace the existing NAC Appliance deployment model. NAC appliance will still be supported by Cisco and isn’t end of sale at the time of writing, however according to Cisco┬áall new┬áinstallations should be delivered on ISE once it is shipping.

The ISE platform, according to the Cisco product release material, also seems to be targetted as a replacement for Cisco Secure ACS and migration part codes are available. Some ACS configurations do however require version 2.0 of the ISE software to become available before migration should be attempted.

AIM2-CUE in 2900 Series ISRs

18 April 2011:Another little gotcha for you.

The AIM2-CUE modules do NOT work in the new 2900 series ISR G2 platforms. They’ve been around (and are still shipping) for the 2800 series platforms, however they will neither fit nor work in the 2900 series units.

The replacement part code is ISM-SRE-300-K9 which will need CUE 8.x loading on it.

Also, licensing in CUE 8.x has changed and you now no longer receive any port or user licenses as standard (you used to receive 6 port licenses and 12 mailbox licenses as part of the AIM2-CUE bundle). The part codes that now need to be ordered are:

L-FL-CUE-PORT-2=
L-FL-CUE-IVR-2=
L-FL-CUE-MBX-5=

 These are the VM port licenses (in blocks of 2), IVR (including database access again in blocks of 2) and mailboxe licenses (in blocks of 5). 

The Version 8.x GUI has now changed radically as well, and you can no longer use it to configure CUCME.

´╗┐

Keyloggers available for iOS

13 April 2011
Interesting new post on Sophos’ nakedsecurity portal. Basically it seems to show that key logging software is available for iOS which runs many of Apple’s products including the iPhone.

The full article is available here

Obviously Apple iOS is not related to Cisco’s IOS which runs many of their routing and switching platforms. Net result – be careful what you install on your iPhone, particularly if you use it for sensitive stuff like online banking!

Blackberry MVS 5.0 Generally Available

At long last, Research in Motion (RIM) have released Blackberry MVS 5.0.

MVS 5.0 builds on the existing 4.6 version and adds a major number of new functions including enabling WiFi support on the handheld. This means that your Blackberry Smartphone can now communicate with your IP PBX through native WiFi connectivity in the office. Calls made outbound from your Smartphone can be routed through the IP PBX allowing you to take advantage of lower, centralised tariffs. Calls to internal users make use of WiFi and are free. The handheld also supports VPN software from a number of vendors including Cisco and Checkpoint, allowing it to automatically connect when in range of any Internet service (such as a WiFi hotspot).

Blackberry MVS 5.0 for Cisco

Intrinsic Communications has tested MVS 5.0 on Cisco Unified Communications Manager and it works extremely well. There’s a host of other features worth noting as well including the ability to be able to transfer calls to and from the Smartphone onto an IP desk phone. It also supports dial by office and single number reach. All in all, it’s a sophisticated solution which should really assist businesses that have deployed Blackberry alongside IP PBXs. There are definitely cost savings to be made, particularly for mobile workers who are often away from the office. The WiFi support alone makes it a serious contender for many organisations.

Please feel free to comment or contact us on the main Intrinsic Communications web site for any further information.

Cisco Unity Connection 8.5(1) Announced

Cisco Systems announced version 8.5(1) of Unity Connection on 25 March 2011.

A number of features have been added in version 8.5(1) including being able to full synchronize the Connection inbox through to Exchange. This is something that has been available in Unity Unified Messaging for a long time, so it’s great that it’s finally made it into Connection as well. I do however wonder where this leaves Unity as a strategic platform moving forwards however.

A major word of warning however, Unity Connection 8.5(1) has higher disk and memory requirements than previous versions of Unity Connection – specifically over and above versions 7.x and 8.0.

A minimum of 2 x 160 Gb drives is required per server and 4 GB of DRAM is also recommended in some configurations. This is higher than some older MCS hardware platforms which only shipped with dual 80 Gb drives and 2 GB of DRAM. Also some older MCS platforms (e.g. MCS-7852 I2) hardware cannot run version 8.5. Full details are available here.

Any questions please post a comment here, or contact us at our main web site

Cisco Unified Communications Manager Express 8.6 Announced

On the 25th March 2011, Cisco Systems announced Communications Manager Express version 8.6. CUCME 8.6 runs on their Integrated Services Router (ISR) platforms and provides sophisticated telephony support for small to medium sized offices.

Version 8.6 is the latest version of what used to be called IOS Telephony Services (ITS). This release adds a number of new features and services including:

  • Support for iphone and iphone touch softphone client (providing telephony over WiFi)
  • Extension mobility support for SIP phones
  • Increased number of rules per translation rule (goes from 15 to 100)
  • Support for 7926 wireless phone (wireless handset with barcode scanner)
  • Support for native SSL VPN connections from some handset types including 7945,7965 and 7975

CUCME 8.6 doesn’t seem to be posted on CCO yet, so we’re not certain which version of IOS it will be aligned to. As soon as we have this information, we’ll post back here. Any queries, please either post a comment here, or contact us via the main www.intrinsic-comms.co.uk web site.

Update: CUCME 8.6 is aligned to IOS version 15.1(4)M.

Cisco Cius availability

Cisco System announced their android tablet device – the Cius – getting on for a year ago. Since then, there’s been a lot of anticipation as to when they would start shipping. Particular interest was around the tight integration between the tablet and Cisco Unified Communications Manager which allows it to becoming a voice and video endpoint.

As of 6th April 2011, it looks like the general release is getting closer.

CRN report that the Cius is going to be made available through Cisco Master and Advanced Unified Communications partners first. According to the article, pricing is meant to be targeting sub $700 for volume purchases.

Details on the specification of the Cius are available here

We’ll do some more digging and let you know about concrete dates as soon as we can. We’d love to get our hands on a couple!

Cisco Catalyst 6500 VSS Supervisor Redundancy

For┬áa few┬áyears, Cisco have been positioning the Cisco Catalyst 6500 VSS within the data centre. Whilst VSS does indeed have many positive benefits (for VSS think about stacking a pair of 6500s like you do with a pair of 3750s, it’s the same concept) – including allowing you to port channel your edge switches into both “sides” of the VSS. Spanning Tree is no longer┬ámandatory – as the edge switches are connected to a single logical switch and there are no loops.

At layer 3 again, things are simpler. No more HSRP/VRRP – as the two physical 6500s present themselves as a single logical device.

However, one of the major issues has always been the lack of support for dual supervisors within a single chassis. Initial and subsequent releases of VSS only supported a maxmium of one supervisor per chassis. Failure of that supervisor would take the whole chassis down; whilst the VSS would stay up, any device that was only attached to the failing side would lose network connectivity.

The good news: it seems that in the latest IOS version for the 6500 , this has been addressed:

Quad-Supervisor Uplink Forwarding on In-chassis Standby Supervisor Engines

As a personal opinion, I think a feature rename to “Dual Supervisor Redundancy” is required, but that’s just me! We’re in the process of testing this new feature, and we’ll let you know how we get on.

Cisco Catalyst 3750X Gotcha

Voice of experience talking…

On the new 3750X switches, you cannot stack a “LAN Base” unit with any other 3750 switch (including 3750, 3750G, 3750E or 3750X) other than another LAN Base 3750X. If you try (even with a 3750X running IP Base), the stack won’t come up.

This is different than other 3750 types. For example, you can stack “IP Base” 3750s with “IP Services” 3750s and it works fine. This scenario isn’t officially support by Cisco however.

IP Version 4 Address Exhaustion

The number of available IPv4 addresses available is running out… and quickly. The attached gives a count down to when there will be no new “old” format addresses left to allocate.

IPv6 is out there and available – however there are a load of questions about how it works, and importantly how do IPv6 and IPv4 work together to ensure that you don’t lose access to the web.

Intrinsic Communications has been working on a white paper on what you need to be aware of, and how to prepare yourself for the switchover. Leave us a comment if you’d like to know more.

Update: As of 15/04/2011, it’s looking like all of the IPv4 addresses have gone to the ISPs. What does this mean? Well, short term, nothing is going to stop working overnight, however as we move forward and the ISPs allocate their remaining addresses you won’t be able to get IPv4 adresses for new connections and will only be able to receive IPv6 ones. IPv6 to IPv4 interworking is something that EVERYONE is going to need to understand. The white paper available from Intrinsic Communications takes you through what is and isn’t possible.