CUCM Backup: How to Backup Cisco Unified Communications Manager

Cisco Unified Communications Manager is a software-based call-processing system developed by Cisco Systems. The software tracks all active VoIP network components including phones, gateways, conference bridges, voicemail boxes and more. Due to the business-critical nature of the system, automated, secure backup is a requirement.

Cisco Systems, Inc. has recommended Titan FTP Server Enterprise Edition as an approved backup server for Cisco Unified Communications Manager. Cisco UCM has the ability to back up sound files to a server using SFTP. Backing up to Titan FTP Server could not be easier or more effective, and can be done by completing two simple tasks:

1. Setting up an SFTP server
2. Configuring Cisco Unified Communications Manager for backup

The steps above are simple and well-documented. SRT offers a Quick Start Guide to assist customers with this process.  The Quick Start Guide is located at:

http://webdrive.com/wp-content/uploads/Configure-Titan-FTP-with-Cisco.pdf

For CUCM Administrators looking for an on-premise solution, a free 20-day trial of Titan FTP Server enables Cisco UCM customers to configure and test this configuration in their own environments before making a purchase. Once a trial has been configured, all settings are retained for the licensed version. The administrator simply enters the registration code into the trial server to enable the fully licensed version to run. The purchase includes 12 months of maintenance.

Access more information on Titan FTP Server,  or download the trial to begin your evaluation.

Server Upgrade Best Practices

It may seem mundane, but remembering to do little things, such as upgrading server software from time to time, can make life much more easy and manageable. One simple upgrade can help ensure that you are receiving all the most recent maintenance updates, patches and fixes, and news about your particular product. To make this process run even more smoothly, be sure to follow these best practices for upgrading server software.

•Find out what windows service packs should be applied and apply them.

•Assure that your maintenance is up-to-date and that you are using the correct registration codes for your product as old or outdated registration codes can delay the upgrade process. You can easily find this out by running the “check for program updates” utility in your product’s program group.

• Back up your database/registry/configurations. The backup procedures can be found in the program administrator under HELP… Help Contents… Contents Tab… Configuring Servers… Backing up Servers.

Cornerstone – To back up your database: Use the standard backup functionality built into SQLServer to backup the SQLServer Database. For more information about backing up your SQL Server database, see http://msdn.microsoft.com/en-us/library/ms187510.aspx or contact your SQL Server Administrator. To back up the Cornerstone Registry: Using Regedit – export the Server’s directory under HKEY_LOCAL_MACHINE\SOFTWARE\South River Technologies\Titan FTP Server. Save the .reg file and copy it to your computer (or a new computer). Copy that .reg file to the new computer and then, while on the new computer, double-click on the .reg file to import the information into the registry. Repeat this process for the information stored under HKEY_LOCAL_MACHINE\Software\ODBC\ODBC.INI as this contains information related to the SQLServer connection used by Cornerstone to communicate with your SQLServer Restart the computer for everything to take effect properly. Once you have restarted the new machine, launch your Cornerstone Administrator, and make sure that the IP settings for each server have been changed to the new server address.

Titan – To back up your Titan server configuration, reun RegEdit and export the Server’s directory under HKEY_LOCAL_MACHINE\SOFTWARE\South River Technologies\Titan FTP Server. Notify your users in advance of when the server will be offline so they can plan appropriately.

• Schedule the server upgrade after business hours if possible. If operations are 24X7, it is a good idea to be running in a clustered environment so that you can take a server offline without impact.

• Have a plan for how to roll back if there are any issues with the upgrade.

• Even if you are sure you know what you are doing, it doesn’t hurt to read any instructions or help files that come with the software. You might learn something you did not know.

Don’t forget to keep up with important installs. Following the correct steps can save you from unnecessary stress and keep your operations running smoothly.

Managing License Activations

All of South River Technologies applications include a feature that permits them to run in trial mode for a specified number of days. This feature permits a potential customer to run the application in their environment for a while to determine if it meets the requirements.

As is the case with most trials, it all comes to an end at some point and the software must be either purchased, or removed from your system. Of course, it’s our preference that you will decide to move ahead with the purchase.

Once a registration code is purchased and entered into the program (eliminating the annoying nag screens), the program is activated. The registration code purchased determines how many times the software may be simultaneously activated. Multi-seat WebDrive licenses can be installed on multiple systems, server products can be installed on a single computer.

SRT has set up a Customer Activation Portal where an end user may manage the activations on a given registration code. Using the Portal you have the ability to view your current activations, download the list of activations in XML format, deactivate one (or all) computer activations, edit the customer registration information for the registration code, and manage any SRT email mailing list subscriptions.

A Recipe for SFTP

Ingredients:

• Server (Select your own hardware; recommend Server class machine)
• Operating System (recommend Windows 2003, 2008 various flavors)
• *Licensed operational Titan Enterprise or MFT Server (other SFTP Servers can be used but not as flavorful as Titan)
• Port 22
• Client SFTP software (we like to use WebDrive; Mac or Windows flavor)
• 2 Host Key Pair, 1 for Server and 1 for Client
• 1 Password for Private Key pair (required for Titan Server)

*Note if you attempt to use single Licensed Titan Server in the same recipe, you will receive bad results

Preparation Time: 1 – 2 hours

Prep:

On your Server class machine, install your Operating system with either Windows 2003 or 2008 flavor, some people even like it with Windows XP.

Refer to: our Titan Host Key Quick Start Guide (Steps 1 – 7) for detailed instructions on preparing your Titan Server with SFTP.

Now that your Titan Server is ready, now you can add SFTP to make it incredible.

To make SFTP (SSH’s Secure File Transfer Protocol) on this server select this check box and choose the port number using the up/down arrows. Choose the host key set by using the drop down arrow. To use SFTP services, you will need a host key pair that will be used by the Titan FTP Server. Use the Host Key Management utility to either create a new host key pair to be used by the Titan FTP Server or to import an existing host key pair from an external file set. Once you have created a host key pair, select it from the list and then type the password associated with the host key.

*Port 22 is reserved for SSH (Secure Shell)/SFTP and is the default/recommended port.

Depending on your taste, choose your Host Key Type flavor: select a DSA host keys (must be 1024 bits in length), or  RSA keys, which do not have this restriction and can range from 512 bits in length to 4096 bits in length. A longer key length provides better taste, but takes longer to serve.  Shorter keys aren’t as good, but you can serve it quickly.

Now add the finishing touches to your Titan server, and then you are ready to serve your guests.

Before your guests can experience your server, they must use a password or a host key.  You’ll have to add the final component to the server to make this easier for your guests.

We recommend you support both Password Authentication and Public Key Authentication (meaning that client can use either Password OR Public Key Authentication), then select the Allow Trusted Host Keys option and deselect the Require Trusted Host Keys option, but depending on your taste, select what you like.

Before serving your guests, navigate to the guest’s public key filename and click.

* Note that the client host key pair will be created by each individual client.

They will then need to export their Public Host Key in SSH2 or OpenSSH format and send that .pub file to the Titan Administrator so that it can be imported into the Titan Host Key Database.

Make sure your server is started prior to serving.  Enjoy!

On The “Edge”

When inbound ports to networks are opened, private networks become vulnerable to malicious hacking attempts. When a hacker’s primary motivation is theft, that hacker will attempt to gain unauthorized access to a network, intent upon stealing and exploiting private and valuable information. Network intrusion attacks can seriously damage an organization’s reputation, and compromise assets and revenue. 

In order to protect  Titan servers, South River Technologies has written a product called DMZedge Server.  The DMZedge server resides outside the firewall. The  Titan and GroupDrive servers call out to the DMZedge server by opening an outbound port, preventing unauthorized client requests. Client requests are satisfied by a response on the outbound port; no inbound ports are ever opened. No unauthorized requests can gain access to valuable information and resources that exist on the private network.  Access to Titan and GroupDrive servers is securely extended beyond the local LAN with minimal firewall configuration/administration.  You can take an “out of the box” stateful firewall with DENY ALL as the incoming firewall rule, put up a DMZedge server and still have an Internet facing, remotely accessible Titan and/or GroupDrive server.

DMZedge will act as an authentication proxy for internal servers.  If your users authenticate against Active Directory or LDAP, or even Native GroupDrive or Titan authentication, that capability is extended via the Edge server to external networks.  The authentication database is never stored on, or replicated to, the DMZedge server.  It can also listen on all the Titan/GroupDrive supported secure protocols – FTPS, SFTP, HTTPS, and WebDAV over SSL.   It supports multiple server environments as well as server clustering. 

One could explain DMZedge as being both bouncer and doorman – stopping unwanted visitors while allowing residents to enter.  The reality is that it’s a fast, simple way to secure access to internal servers while leveraging existing authentication and data access policies.

Top 10 Reasons to Use the E-mail Tab in Titan FTP/MFT Server

10.  You can configure it to send  an e-mail every time someone types in a bad password.

9.    You can find out who uploaded the “Thriller” video to the Finance FTP server.

8.    You can finally give the Cleveland office proof that typing:  WHEREISIT is not a valid FTP command.

7.    You can see how many times a day the user: Root tries to hack into your server.  

6.    You can see how much space the Art Department really uses on the server.

5.     Get a message that Joe changed his password.

4.     Discover who renamed a file on the Accounting server to: nomoremoney.xls

3.     Instead of waiting for the Help Desk to ring, you can find out the FTP server is down.

2.    You can find out who deleted the “Thriller” video before you got to watch it.

And the Number #1 Reason:

You can find out if your FTP server is being hammered and hindering your legit users from accessing the server!

How to Configure E-mail:

 The Email Server tab is used to configure mail server settings used by Titan.

To access the Email Server tab, click the server in the tree pane and then click the Email Server tab.

 SMTP Server IP or Hostname – Type the IP address or host name of the SMTP server used for sending email.

 Mail Server Username– Type a valid Username that will be used for authentication to the remote SMTP server.

 Mail Server Password – Type a corresponding Password for the username.

 Test Connection – Click Test Connection to test the connection settings to the SMTP server. If Titan is unable to connect to the server, or unable to authenticate to the server using your credentials, an error will be displayed.

Get more information on the Titan FTP/MFT Server

PATCH IT!

A familiar icon appeared in my system tray a few hours ago and it got me thinking. Now that’s always dangerous, me thinking.

The icon was the “New updates are available” notification icon. So I started thinking about a conversation I had over the weekend with a new friend of mine, Sean. Sean is an avid Macintosh user. I am not. In the many conversations I have had with avid Macintosh users, the common theme seems to be that a Mac is largely flawless and invulnerable to attack whereas Windows computers are always being attacked because they are horribly vulnerable because of security holes. My personal experience with Windows over the last twenty years is quite the opposite, I have never (knocking on wood here) had a virus or trojan or spyware on any of my Windows based computers. And I have owned or used several dozen such computers over that span and for the last fifteen years they’ve all had constant connections to the Internet.

I thought I should check on the situation from a neutral party. I found a paper from the Computer Engineering and Networks Laboratory – Swiss Federal Institute of Technology titled “0-Day Patch – Exposing Vendors (In)security Performance.”  In the paper the writers compare the speed of response to published vulnerabilities in Microsoft’s Windows and Apple’s Macintosh operating systems. The concept of a “zero day” patch is that the company releases the patch for a vulnerability on the same day it is publicly disclosed. I was surprised by two things: it turns out that Macs and Windows PCs have had about the same number of high and medium vulnerabilities over the study period from January 2002 to December 2007, with Macs having 738 to Windows’ 658; and Microsoft has been much better at releasing 0-day patches over that period with over a 60% average rate of 0-day patches vs Apple’s under 40% average.

Patches are an important feature of any software package and they are often critical in operating systems. At South River Technologies we recently began using our own Windows Server Update Services server to better manage how and when updates are installed. And all of our software packages also have a “Check for Updates” feature. Our new Webdrive for Mac, which is currently in beta testing, also has this feature. I’m amazed when one of our support engineers tells me that a customer is using version 6 of Webdrive (the current one is 9.0) or version 5 of Titan FTP (the current one is 7.11). Like most software companies, we don’t provide support for older versions of the software. The reason is that it can’t be patched. So if you’re using software: PATCH IT!

What do I do with a new registration code?

You have been running WebDrive or Titan for a while now – at least a year or more. You have gone through the “Check for Program Update” a few times over the past year to keep your version of the application up to date, but now you find that it’s time to purchase a maintenance renewal. You make the purchase either online through our web shop or through one of our world-wide reseller partners. You have just received the new registration code. What to do next?

The process is as simple as deactivating the application with your current registration code and then reactivating with the new registration code. Once reactivated with the new reg code, perform the “Check for Program Update” to download and install the latest version of your software.

The deactivation / reactivation process is slightly different depending on if you are running a server application or a client application.

For WebDrive, you will take the following steps, with the program running:

1. Right-click the WebDrive icon in the systray and select “Open WebDrive”.
2. Navigate to the HELP menu and select “License >” option.
3. Select “Registration and License Information”.
4. Click the “Deactivate” button and select “Yes” when prompted to confirm.
5. You will return to the license splash screen.
6. Select “Reactivate License”.
7. Enter the NEW registration code into the dialog box and select “Next”.
8. Click the “Activate” button,  followed by OK and FINISH.

For Titan or GroupDrive servers, from the admin PC you perform the following steps:

1. Right-click the server administrator icon in the systray and select “Open Administrator”.
2. On the Welcome tab, select “License Details”.
3. Follow from Step 3 above.

After you complete these steps you will be able to perform the “Check for Program Update” function to download and install the latest version of the program. It is not necessary to uninstall the current version.  All of your current configuration settings will be maintained in the new version.

Be sure to visit our knowledge base for more information regarding license questions, cache settings, protocol configuration, and multi-seat deployment, to name a few topics.

Checking for updates…

In today’s fast paced, highly competitive technology environment, applications need to adapt (let go of old technologies and embrace new ones) and overcome (address and improve shortcomings ) in order to stay viable.  South River Technologies has done an excellent job keeping pace with the market by adding features (such as 64 bit support and FIPS compliance) to its products and the product Road Map promises even more of the same.  SRT also makes bug fixes a high priority by addressing, testing, and releasing new product builds within a very small time frame.  The time from inital issue discovery to final build release has been as short as one day.

That being said, what’s up with the title of the blog?  Well, SRT products all have a “Check For Updates” feature built into the application.  This function will go out and determine if you are running the most current release of the software.  In Webdrive,  you will find it under HELP, License, Check for Program Updates. In Titan Server it is under Online, Check for Program Updates.  The process will tell you what version you are currently running and let you know if a new release is available.  The release notes are available on the SRT website (http://www.southrivertech.com/products) – click on your product icon, then click on Release Notes.

What does that mean to you?  In a nutshell, the Check for Program Updates feature is a fast, effective way to leverage not only SRT’s tech knowledge, but the experiences of our entire user base.  Put simply, it is entirely possible that if you have a specific issue or require a specific functionality, it has been identified or addressed via an update or fix.  This can save precious  researching and troubleshooting time. If you require technical support, our staff can very easily identify issues through log files and/or streaming support sessions at no cost, which is another benefit of keeping current  – sorry, phone support is still gonna cost you.

So, definitely take a moment to check for updates.  It is the first step in the troubleshooting process and the benefit dramatically outweighs the effort.

Time to Call the Exterminator?

It’s been particularly rainy out here in the muggy Mid-Atlantic this spring. And unfortunately that means one thing: ants and other insects invade our dry homes trying to escape the deluge. So as I was pouring my coffee this morning and thinking about what to write for my blog post, I was watching ants scouting for food on the counter and a topic came to mind:

BUGS!

No, not the 8 legged kind. The software kind. Most bugs in software are the result of a well intentioned programmer (like myself) trying to improve the software. Inevitably one feature or improvement will lead to an inadvertent oversight or the breaking of some formerly working code.

I think the key to good programming is not only to get it right, but to care enough to fix the bugs found in the software quickly. To be responsive, not defensive.  How a software company responds to a bug report says a lot about the company and how much they care about their product and ultimately how much they care about their customers. 

At South River Technologies we take great pride in our suite of software solutions and we care about our customers. We’ve enhanced our technical support offerings by hiring two new very capable support engineers and increasing the support options to include paid phone support so that we can be more responsive than ever to the needs of our customers. Our engineers are top notch, and we work diligently, sometimes very late into the night, to offer the finest quality software.

We all make mistakes, in software we call them bugs, in business it matters how we choose to deal with them.

Oh, and honey, if your reading this, yes, please call the exterminator.  🙂