Use this information to learn about the port numbers, protocols, IP address ranges, domains you must approve before you use Cloud-Connected UC.

Prerequisites

  • Ensure that you're able to log in to Control Hub. For more info, see Get Started with Cisco Webex Control Hub.

  • Bandwidth Usage: For a larger cluster, ensure that you have at least 2 MBPS of bandwidth.

  • Network Proxy: The CCUC service supports both unauthenticated and authenticated HTTP proxies. The supported proxy authentication schemes are Basic and Digest.

  • Enable support for WebSocket traffic.

  • Cloud-Connected UC cloud port 443 must be reachable from customer environment.

  • Enable CDR and CMR in Unified CM.

  • Configure the Unified CM clusters with Network Time Protocol (NTP). The NTP server must be synchronized with the international UTC clock.

Types of Traffic

Data over HTTPS connections is outbound only and uses URLs for communication.

Cloud-Connected UC only supports Transport Layer Security (TLS) version 1.2.

URLs Required to Access CCUC Service

If your organization uses a proxy, ensure that you can access the following URLs:

*.ucmgmt.cisco.com

*.webex.com

IP addresses are chosen from the available Cisco and Amazon Web Services (AWS) address pools.

Data Encryption in Transit

Cloud-Connected UC agents validate the Cloud-Connected UC connection with a certificate (Hydrant certificate). This ensures that the certificates presented when a TLS session establishes can be validated against the trusted root CA certificates. The trusted root CA certificates are installed on the device operating system.

Cloud-Connected UC doesn't offer Online Certificate Status Protocol (OCSP) Stapling to check the validity of the SSL certificate.


Currently only TLS version 1.2 is supported.

Product

Release

Cipher

Unified CM

11.5 to 12.0 (x)

  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

14.0 and later

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • DH-DSS-AES256-GCM-SHA384

  • DH-RSA-AES256-GCM-SHA384

  • DHE-RSA-AES256-GCM-SHA384

  • DH-DSS-AES128-GCM-SHA256

  • DH-RSA-AES128-GCM-SHA256

  • DHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

  • DHE-RSA-AES256-SHA256

  • DH-RSA-AES256-SHA256

  • DH-DSS-AES256-SHA256

  • DHE-RSA-AES256-SHA

  • DH-RSA-AES256-SHA

  • DH-DSS-AES256-SHA

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES128-SHA

  • DHE-RSA-AES128-SHA256

  • DH-RSA-AES128-SHA256

  • DH-DSS-AES128-SHA256

  • DHE-RSA-AES128-SHA

  • DH-RSA-AES128-SHA

  • DH-DSS-AES128-SHA

  • DHE-RSA-CAMELLIA256-SHA

  • DH-RSA-CAMELLIA256-SHA

  • DH-DSS-CAMELLIA256-SHA

  • DHE-RSA-CAMELLIA128-SHA

  • DH-RSA-CAMELLIA128-SHA

  • DH-DSS-CAMELLIA128-SHA

  • AES256-GCM-SHA384

  • AES128-GCM-SHA256

  • AES256-SHA256

  • AES256-SHA

  • AES128-SHA256

  • AES128-SHA

  • CAMELLIA256-SHA

  • CAMELLIA128-SHA

What to Do Next