Use this information to learn about the port numbers, protocols, IP address ranges, domains you must approve before you use Webex Cloud-Connected UC.

Prerequisites

  • Ensure that you're able to log in to admin.webex.com. For more info, see Get Started with Cisco Webex Control Hub.

  • Bandwidth Usage: For a larger cluster, ensure that you have at least 2 MBPS of bandwidth.

    Consider the example of a system with 4000 Call Detail Records (CDRs) per minute, 8000 Call Management Records (CMRs) per minute, 80K phones, two trunks, and no headset. Based on lab calculation, the bandwidth that is required is 1.19 MBPS. The total data that is sent per day from on-premises deployment per customer is approximately 120 MB.

  • Network Proxy: The CCUC service supports an unauthenticated HTTP proxy.

  • Webex Cloud-Connected UC cloud port 443 must be reachable from customer environment.

  • CDR and CMR must be enabled in Unified CM.

Types of Traffic

Data over HTTPS connections is outbound only and uses URLs for communication.

Only TLS version 1.2 is supported.

Telemetry Analytics URLs

If your organization uses a proxy, ensure that these URLs can be accessed:

*.ucmgmt.cisco.com

IP addresses are chosen from the available Cisco and Amazon Web Services (AWS) address pools.

Data Encryption in Transit

Webex Cloud-Connected UC agents validate the Webex Cloud-Connected UC connection with a certificate (Hydrant certificate). This ensures that the certificates presented when a TLS session establishes can be validated against the trusted root CA certificates. The trusted root CA certificates are installed on the device operating system.

Webex Cloud-Connected UC doesn't offer Online Certificate Status Protocol (OCSP) Stapling to check the validity of the SSL certificate.


Currently only TLS version 1.2 is supported.

Unified CM Release

Cipher

11.5 to 12.0(x)

  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305

  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

12.5 and later

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • DH-DSS-AES256-GCM-SHA384

  • DH-RSA-AES256-GCM-SHA384

  • DHE-RSA-AES256-GCM-SHA384

  • DH-DSS-AES128-GCM-SHA256

  • DH-RSA-AES128-GCM-SHA256

  • DHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES256-SHA384

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES256-SHA

  • ECDHE-ECDSA-AES256-SHA

  • DHE-RSA-AES256-SHA256

  • DH-RSA-AES256-SHA256

  • DH-DSS-AES256-SHA256

  • DHE-RSA-AES256-SHA

  • DH-RSA-AES256-SHA

  • DH-DSS-AES256-SHA

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-RSA-AES128-SHA

  • ECDHE-ECDSA-AES128-SHA

  • DHE-RSA-AES128-SHA256

  • DH-RSA-AES128-SHA256

  • DH-DSS-AES128-SHA256

  • DHE-RSA-AES128-SHA

  • DH-RSA-AES128-SHA

  • DH-DSS-AES128-SHA

  • DHE-RSA-CAMELLIA256-SHA

  • DH-RSA-CAMELLIA256-SHA

  • DH-DSS-CAMELLIA256-SHA

  • DHE-RSA-CAMELLIA128-SHA

  • DH-RSA-CAMELLIA128-SHA

  • DH-DSS-CAMELLIA128-SHA

  • AES256-GCM-SHA384

  • AES128-GCM-SHA256

  • AES256-SHA256

  • AES256-SHA

  • AES128-SHA256

  • AES128-SHA

  • CAMELLIA256-SHA

  • CAMELLIA128-SHA