This document provides tasks to be done on-premises by the customer before activating the Enhanced Survivability Node (ESN) from the Control Hub.

  • Prerequisites to be done before the activation of the Enhanced Survivability Node.
  • ESN installation parameters to be used during the installation of the node in remote site(s).

Consider the following key specifications for an Enhanced Survivability Node before deploying:

  • In a single Unified CM cluster, you can deploy a maximum of 8 Enhanced Survivability Nodes

  • The round-trip time (RTT) between the Unified CM cluster in Dedicated Instance and the enhanced survivability node must be equal to or less than 200 ms.
  • A maximum of 7500 devices are registered on the Enhanced Survivability Node during the Survivability event.
  • The feature is supported only on Edge Connect or Partner Connect cloud connectivity options.
  • Deploy the PSTN Local Gateway in the site for the PSTN routing of Emergency and PSTN calls.
  • On-net calling is possible only between devices that are registered to the same ESN and for other calls, it must be routed through the PSTN Local Gateway.
  • The Enhanced Survivability Node is added only as the tertiary node in the Unified CM group. Hence, you must make sure the integrations and devices/clients support the tertiary TFTP or ESN IP configurable in the application.

Changes to be done on customer’s firewall

The customer’s firewall should allow the following ports before starting the activation of Enhanced Survivability Node in the Control Hub.

Ports to be allowed in firewall

List of ports to be allowed in the customer firewall.

Protocol TCP/UDP Source Destination Source Port Destination Port Direction Purpose

SFTP

SSH

TCP

ESN

Cisco Monitoring Tool and Unified CM

Greater than 102322Bidirectional
  • Cisco requires the port to install a COP file to convert the publisher node installed on-premises to ESN.
  • It’s also used for executing commands on ESN during the activation process.
  • To collect Call Detailed Record post a survivability event.
NTPUDPESNUnified CMGreater than 1023123BidirectionalClock sync to publisher in Dedicated Instance cloud.
SNMPUDP Cisco Monitoring ToolESN Greater than 1023 161 BidirectionalSNMP service response (requests from management applications) 
SNMPUDP ESN Cisco Monitoring servers Greater than 1023 162 BidirectionalSNMP traps
HTTPS TCP Cisco monitoring, management serversESN Greater than 1023 443 BidirectionalCommunications between subscriber to publisher, Used for Cisco User Data Services (UDS) requests, admin UI to Unified CM, Unified CM to CSSM 
Syslog UDP ESN Cisco Monitoring servers Greater than 1023 514 Bidirectional

Monitoring 

Cisco AMC ServiceTCPESNUnified CMGreater than 10231090BidirectionalMonitoring
Cisco AMC ServiceTCPESNUnified CMGreater than 10231099BidirectionalMonitoring
Database ConnectionTCPESNUnified CMGreater than 10231500BidirectionalDatabase Replication between the Dedicated Instance Unified CM cluster and ESN.
Database ConnectionTCPESNUnified CMGreater than 10231501Bidirectional

Database Replication, secondary connection

Database ConnectionTCPESNUnified CMGreater than 10231510BidirectionalDatabase Replication CAR Cisco Identity Service DB. CAR Cisco Identity Service engine listens on waiting for connection requests from the clients.
Database ConnectionTCPESNUnified CMGreater than 10231511Bidirectional

Database Replication, CAR Cisco Identity Service DB. An alternate port used to bring up a second instance of CAR Cisco Identity Service during upgrade.

Database ConnectionTCPESNUnified CMGreater than 10231515Bidirectional

Database replication between nodes during installation.

Cisco Extended Functions DB ReplicationTCPESNUnified CMGreater than 10232551Bidirectional

Database Replication within the cluster for communication between Cisco Extended Services for Active/Backup.

Cisco Extended Functions DB ReplicationTCPESNUnified CMGreater than 10232552Bidirectional

Database Replication. Allows subscribers to receive Unified CM database change notification

RIS serverTCPESNUnified CMGreater than 10232555BidirectionalMonitoring, Real-time Information Services (RIS) database server
RIS clientTCPESNUnified CMGreater than 10232556BidirectionalMonitoring, Real-time Information Services (RIS) database client for Cisco RIS
CTITCPESNUnified CMGreater than 10232748BidirectionalCall Control, CTI application server
Trunk-based SIP serviceTCPESNUnified CMGreater than 10235060BidirectionalSIP service
Trunk-based SIP serviceTCPESNUnified CMGreater than 10235061BidirectionalSIP service
Database change notificationTCPESNUnified CMGreater than 10238001BidirectionalDatabase Replication
SDLTCPESNUnified CMGreater than 10238002BidirectionalCall Control
SDL (CTI)TCPESNUnified CMGreater than 10238003BidirectionalCall Control
DiagnosisTCPESNUnified CMGreater than 10238080Bidirectional

Monitoring, Communication between servers used for diagnostic tests.

Cisco Control Center between NodesTCPESNUnified CMGreater than 10238443BidirectionalCisco Control Center between Nodes.
Monitoring TCP Cisco Monitoring ToolESN Greater than 1023 8443 BidirectionalMonitoring 
Intra-Cluster ReplicationTCPESNUnified CMGreater than 10238500BidirectionalDatabase Replication, Intracluster replication of system data by IPSec Cluster Manager
Location Bandwidth ManagerTCPESNUnified CMGreater than 10239004BidirectionalCall Control, Intracluster communication between LBMs
Secure Web socketTCPESNUnified CM9560n/aBidirectionalLPNS notification from DI cloud
Connectivity ValidationICMPESNUnified CMn/an/a-Ping

Dedicated Instance subnets to be allowed in the customer’s firewall

The below-mentioned IP addresses need to be allowed in the Customer’s firewall for the Enhanced Survivability Nodes to communicate with the Dedicated Instance UCM cluster.

Dedicated Instance RegionSubnet
U.S.69.168.17.0/24
EMEA178.215.138.0/24
EU178.215.131.0/24
APJC103.232.71.0/24
AUS178.215.128.0/24
UK178.215.135.0/24

DNS requirements

Customer needs to configure conditional forwarders in the customer’s internal DNS servers, towards the Dedicated Instance DNS, to allow resolution of cloud devices. For more information regarding the Dedicated Instance DNS server IPs, refer DNS requirements. To support failover to the ESN, the customer must also configure pinpoint DNS entries. These entries are site specific and will allow devices to find the correct address of the local ESN based on the source IP Address.

For each ESN, it is important to include both forward and reverse lookups in the customer’s local DNS.

Example for reverse lookup, local IP to esn-hostname.cust1.amer.wxc-di.webex.com.

During the survivability event, hard devices and already logged in soft devices, will failover to the tertiary entry in the CallManager Group, the ESN node. The local DNS will respond with the correct address based on the pinpoint entry, a record for the ESN.

For example, esn-hostname.cust1.amer.wxc-di.webex.com - A record mapped to local IP.

Soft clients that need to complete service discovery need to resolve the _cisco-uds._tcp SRV record. To ensure that the correct response is returned for the local ESN node this needs to be site specific, it should be resolved based upon the source IP Address of the query, listing A records for the DI cloud and the local ESN. For example,

_cisco-uds._tcp.cust1.amer.wxc-di.webex.com – SRV record mapped as follows

cXXXX011ccm4.cust1.amer.wxc-di.webex.com priority 10 weight 10

cXXXX021ccm5.cust1.amer.wxc-di.webex.com priority 10 weight 10

esn-hostname.cust1.amer.wxc-di.webex.com priority 20 weight 10

To create PinPoint entries in a Microsoft DNS, that resolve based on the device source IP address, use Resolution Policies and Zone Scopes. If you are using BIND this is achieved using Views.

For more information about adding PIN point entries in refer, How to Create PinPoint DNS Entry.

Proxy settings

Enhanced Survivability node has a module which needs to register to the Control Hub for telemetry and monitoring. This requires the node to reach the cloud over the internet. For the same, there can be proxy server used or direct access to the internet. There are three different options to configure the Enhanced Survivability Node to reach the Control Hub:

  • If you don’t have a proxy to reach the internet, then the Enhanced Survivability Node needs to reach the Control Hub directly without any proxy server.
  • You can configure the proxy server settings in the Unified CM publisher installed on-premises using the CLI admin console.
    • utils ucmgmt proxy add
  • You provide the proxy server details in the Control Hub during the activation form, and automation configures the proxy server details in the Node during the activation.

If a proxy server is present in the customer’s site, then the below mentioned URLs need to be allowed in the Firewall > Proxy server and firewall.

URLs Purpose
*.ucmgmt.cisco.comControl Hub
*.webex.comControl Hub Telemetry

Virtualization specification

ESN's supported ESXi versions, VM specs and hardware requirements match that of a single Unified CM Medium OVA size mentioned in this document, virtualization specs.

Local push notification service (LPNS) settings

You need to enable LPNS in Dedicated Instance Unified CM cluster for your Webex App/Jabber clients running on Apple iOS devices to receive notifications during survivability event. For more information, refer Push Notifications (On-Premises Deployments).

Local PSTN gateway

Deploy the Local PSTN gateway in every survivability site, as during the survivability event the Local PSTN Gateway is used for intercluster, intersite, emergency, and PSTN calls from the Enhanced Survivability Node. If there’s a central PSTN gateway and a local PSTN gateway only for survivability, a separate SIP trunk needs to be configured from the ESN to the local PSTN gateway, along with the required dial plan changes for routing the calls to Local Gateway during the survivability event.

For more information on call routing, refer Call Routing.

Supported devices

All Cisco phone models that are supported by the Unified CM can fail over and register to the Enhanced Survivability Node. But only 78XX/88XX phones while registering to the Enhanced Survivability Node displays “Service Interruption. Few Features may not be available”.

Enhanced Survivability feature supports Webex App 43.6 version and above.