1.15 HTTPS Networking

This topic describes HTTPS networking, which was introduced with Cisco Unity Connection version 10.x.

Increase scalability with HTTPS networking.

In Cisco Unity Connection version 10.x, legacy networking is supported to connect multiple Cisco Unity Connection servers in a network. However, we recommended that you deploy a new network using HTTPS networking. Legacy networking includes both intrasite (digital) and intersite networking. The legacy and HTTPS networking are not supported simultaneously in the same network.

The main objective of introducing HTTPS networking is to increase the scalability and security of Cisco Unity Connection deployments. The architecture of HTTPS networking is scalable both in terms of the number of Cisco Unity Connection locations and of the total directory size.

Each location within a network uses the HTTPS protocol to exchange directory information and the SMTP protocol to exchange voice messages with each other.

The locations in an HTTPS network are linked through an HTTPS link. HTTPS networking uses a hub-and-spoke topology that plays an important role in increasing the scalability of the directory size and the number of Cisco Unity Connection locations. A hub-and-spoke topology has two types of locations: the hub location and the spoke location. The Cisco Unity Connection location that has more than one HTTPS link is known as the hub location. The Cisco Unity Connection location that has only one HTTPS link is known as the spoke location. The figure shows a network of multiple Cisco Unity Connection locations joined by HTTPS links.

In a hub-and-spoke topology, all the directory information among the spokes is shared through the hub or hubs that connect the spokes. For example, in the figure, if spoke A needs to synchronize directory information with spoke E, the directory information will flow from spoke A to hub B, hub B to hub C, hub C to hub D, and then from hub D to spoke E.


You can connect a maximum of 25 Cisco Unity Connection locations in an HTTPS network.

A single HTTPS network system supports a single site, and each site can have a maximum of 25 nodes; however, multiple HTTPS network systems can be joined using VPIM.


VPIM Networking is supported only with Cisco Business Edition 6000/7000.

If you deploy VPIM in a Unity Connection networking site, each Cisco Unity Connection digital or HTTPS network must have one server defined as the bridgehead or site gateway. The bridgehead or site gateway is used to communicate with other digital or HTTP(S) networks. The Cisco Unity Connection global directory (the entire collection of local and replicated objects and object properties) is subject to certain size limits. However, it also generates a Cisco Unified RTMT alert so that the administrator can take appropriate action. Cisco Unity Connection version 10.x has separate limits on the number of users, the number of contacts, and the number of system distribution lists:

  • 100,000 users
  • 150,000 contacts
  • 100,000 system distribution lists
  • 25,000 users per system distribution list
    1. 1.5 million total list members across all system distribution lists
    2. 20 levels of nesting (where one system distribution list is included as a member of another list)

1.14 Cisco Unity Connection Networking

This topic describes networking, where Cisco Unity Connection servers or clusters are linked together.

Connection Sites

  • Messaging is among multiple Cisco Unity Connection servers.
  • Users can send messages to subscribers on other networked servers (by name or extension).
  • Example: Use the IP phone to forward fax and email messages to any subscriber in the organization.

In voice-messaging networking, the systems are networked together to present a single messaging system to both inside and outside users.

Cisco Unity Connection supports:

  • Legacy networking
    1. Intersite networking

    The SMTP protocol is used for directory synchronization within a network.

  • VPIM networking
  • HTTPS networking

Voicemail networking allows messaging among multiple Cisco Unity Connection servers. Networked Cisco Unity Connection systems automatically exchange directory information. Therefore, a user on one Cisco Unity Connection system can dial out to or address messages to a user on any other system by name or extension, if the target user is reachable in the search scope of the originating user. The networked systems function as though they share a single directory. Users do not need to know where another user is located. They need only the name or extension number to address a message to any user or system distribution list in the directory.

The subscriber uses the same Cisco Unity Connection tools for messaging subscribers on other networked Cisco Unity Connection servers and for messaging subscribers on the same server. If your organization also has the fax mail and text-to-speech email features, subscribers can use the phone to forward fax and email messages to any subscriber in the organization.

Objects such as the following are replicated in a Cisco Unity Connection digital voicemail network:

  • Users
  • System distribution lists (including membership)
  • Partitions
  • Search spaces
  • Recorded voice names

Cisco Unity Connection Links

  • Cisco Unity Connection sites can be linked to other Cisco Unity Connection sites using an intersite link.
  • A single location from each site acts as a gateway to the other site. Only one intersite link is supported per site.
  • The intersite link increases network capacity to a maximum of 20 Cisco Unity Connection servers.

Administrators can join two or more Cisco Unity Connection servers or clusters (up to a maximum of 10 clusters) to form a well-connected network, referred to as a Cisco Unity Connection site. The servers that are joined to the site are referred to as locations. When a Cisco Unity Connection cluster is configured, the cluster counts as one location in the site.

When a subscriber addresses a message, Cisco Unity Connection searches for a matching extension on the local Cisco Unity Connection server first. If a match is found, Cisco Unity Connection ends the search and never looks for a matching extension at another location.

If required, two Cisco Unity Connection sites also can be joined to support a maximum of 20 locations for businesses that need more than 10 locations. Only one intersite link is supported per site, so you can link a single Cisco Unity Connection site to another Cisco Unity Connection site.

To create an intersite link, choose a single location from each site to act as a gateway to the other site. All directory synchronization communications pass between the two site gateways. This behavior limits the connectivity requirements and bandwidth usage to the link between those two site gateway locations.

When a Cisco Unity Connection cluster is used as a site gateway, only the publisher server in the cluster participates in directory synchronization over the intersite link. However, the subscriber server continues to provide message exchange over the intersite link if the publisher server is down.

Digital Networking with Active-Active Pairs

  • Up to 10 Cisco Unity Connection servers or cluster pairs can be networked together in an intrasite network.
  • An intersite network supports up to 20 Cisco Unity Connection clusters.
  • Pairs are supported over multiple geographic locations.
  • Created objects are homed on the Cisco Unity Connection location.

Cisco Unity Connection networking is not supported for use with Cisco Business Edition 5000 and is supported only with Cisco Business Edition 6000/7000..

Legacy networked systems use SMTP transport for message transport and HTTPS for directory replication. Cisco Unity Connection locations can be deployed across geographic boundaries. Each server that joins the network must be able to access all other servers on the network directly through the SMTP and HTTPS ports. Alternatively, SMTP messages can be routed through an SMTP smart host.

Each Cisco Unity Connection object in a network is created and homed on a single Cisco Unity Connection system, which is known as a Cisco Unity Connection location. An object can be modified or deleted only on the Cisco Unity Connection system on which it was created.

Each location in a Unity Connection site or Cisco Voicemail Organization has its own directory of users and other objects that were created on the location and are said to be “homed” on that location. The collection of objects and object properties that are replicated among locations and sites is referred to as the global directory.

1.13 Traffic-Pattern Evaluation Example

This topic describes traffic patterns for voice messaging and how these patterns change when voice messaging is centralized.

Current customer scenario:

  • PBX with integrated voice-messaging system
  • Peak of 4 percent concurrency for centralized voice messaging
  • WAN unused for traditional voice
  • How much bandwidth is required on the WAN links for G.729 calls?
  • How many Cisco Unity Connection clusters are necessary?

A customer wants to migrate from an existing PBX network to a Cisco Collaboration System, including centralized voice messaging. The current PBXs each include a voicemail system with a mailbox for every user. The call logger shows that a peak for voice messaging exists after lunch breaks on Monday and Thursday, with 4-percent concurrency. The customer wants to maintain this concurrency factor after migrating to a centralized voicemail solution that uses the WAN for voice connections, using the G.729 codec.

Centralized Cisco Unity Connection System Example

Current customer scenario that is migrated to a Cisco Collaboration System with centralized voice messaging:

  • Five Cisco Unity Connection servers each serving 5110 users
  • 4.89 percent concurrency for voice messaging
  • 10.13 Mbps additional bandwidth required at the headquarters
  • Three Cisco Unity Connection clusters are necessary.

The figure shows an example of a centralized voice-messaging solution. Three Cisco Unity Connection clusters with five Cisco Unity Connection servers are required; 25,550 / 5 = 5110 users per Cisco Unity Connection server, so the concurrency factor is (25500 + (5 * 250)) / 25500 = 4.89 percent. If only four Cisco Unity Connection servers are used, the concurrency factor will fall to (25500 + (4 * 250)) / 25500 = 3.92 percent (6387 users per Cisco Unity Connection server). However, you might advise the customer to use Unified Messaging where the company mail is used to send voice messages. Feature selection might also change the traffic pattern. Because Unified Messaging does not require real-time traffic and no Cisco Unity Connection ports, four servers might be enough when a centralized voice-messaging solution is implemented.

1.12 Cisco Unity Connection Deployment Options

This topic describes different Cisco Unity Connection single-site and multisite deployment options.

Single-Site Deployment

  • A standalone server supports as many as 20,000 voicemail users and 250 voicemail ports.
  • A cluster with two Cisco Unity Connection servers offers high availability for 20,000 users and 500 voicemail ports.
  • Deployment is easy and uses only one G.711 codec; transcoders and traffic-pattern evaluation are not necessary.

A single-site deployment is the simplest form of a Cisco Unity Connection deployment. Cisco Unity Connection can also be deployed as a standalone server in a Cisco Collaboration System solution.

Cisco Unity Connection implementations range from a 1000-user integration in Cisco Business Edition 6000 up to a Cisco Unity Connection server cluster that supports as many as 20,000 voicemail users. A second Cisco Unity Connection server does not increase the number of users, but it doubles the number of available voicemail ports from 250 per server to 500 per cluster. A failing Cisco Unity Connection server halves the number of voicemail ports, but is still fully functional.

In a single-site deployment, typically only one G.711 codec is used. CAC or transcoders are unnecessary because no additional branches are connected via WAN connections, which typically use the G.729 codec.

The platform overlay determines the capacity, capabilities, and number of users that are supported. When high availability and redundancy are needed or when multiple locations are expected, then another deployment model might better meet the needs of your organization.

Traffic patterns do not need to be evaluated when Cisco Unity Connection is used in a single-site solution. One G.711 call requires 80 kbps on Layer 3. A Cisco Unity Connection server that offers as many as 250 voice ports requires only 20 Mbps (250 calls * 80 kbps per call) on Layer 3.

However, the following specifies the Cisco Unity Connection requirements when the servers in a cluster are installed in the same site:

  • For a cluster with two virtual machines, both must have the same virtual platform overlay.
  • A minimum of 7 Mbps bandwidth is required for every 50 ports.

Centralized Multisite Deployment

  • Cisco Unity Connection and the WAN need to be highly reliable.
  • Cisco Unity Connection SRSV (virtualized and installed on a Cisco SRE module) offers voice messaging to branch IP phones during a WAN failure.
  • G.729 calls over the WAN require traffic-pattern evaluation, CAC, and transcoders to be configured.

Cisco SRE = Cisco Services-Ready Engine

In a centralized Cisco Unity Connection solution, a single Cisco Unity Connection server and the WAN are single points of failure. For high availability, use a Cisco Unity Connection cluster with two Cisco Unity Connection servers in active-active mode. The WAN SLAs should offer highly available and redundant WAN connections from the headquarters to the branches. Despite such precautions, a failure could prevent the Cisco Unity Connection branch users from using the centralized voice-messaging system (similar to call-processing issues during a WAN failure).

In the case of a failure, Cisco Unity Connection SRSV takes over the voice-messaging functionality for branch users and offers local voicemail and auto-attendant features. After the WAN has recovered, Unity Connection SRSV synchronizes with Cisco Unity Connection and changes back to passive mode, like SRST, which requires a Cisco IOS router to function.

When centralized applications are used, traffic patterns constantly change and must be evaluated. For example, suppose that a customer with 250 voice-messaging users replaces a PBX and local voicemail system with a centralized Cisco Collaboration System solution. If 10 percent of the branch employees use the centralized voicemail system simultaneously, then voice messaging brings 25 more connections (25 calls * 24 kbps on Layer 3 = 600 kbps) to the voice-traffic pattern for the Cisco Unity Connection application where QoS is required. These 25 calls also need to be transcoded at the headquarters site, which might require more DSP resources. Carefully design centralized Cisco Collaboration System solutions, and consider the traffic pattern for voicemail, auto-attendant, and transcoders.

Decentralized Multisite Deployment

  • Each site has its own call-processing and voice-messaging system and is self-sufficient.
  • Intersite links may connect the Cisco Unity Connection clusters in both locations.
  • Messages are sent to remote users via G.729 over the WAN when the phone is used.

In a decentralized Cisco Unity Connection solution, the Cisco Unity Connection clusters are networked through intersite links.


Intersite links can be used only between identical voice-messaging systems, connecting Cisco Unity Connection to Cisco Unity Connection.

If you want, for example, to connect Cisco Unity Express, you must configure VPIM. The linked sites are called a Cisco Voicemail Organization. The gateways exchange directory synchronization information by using HTTP or HTTPS; voice messages are exchanged between the sites by using SMTP.

Traffic patterns in these deployments also change constantly; for example, as messages are sent to or received from users on the remote voice-messaging system. However, these messages, which are sent via HTTPS, are not real-time streams, so they do not require QoS. Calls via the phone to users at the remote site need to be calculated and the proper bandwidth needs to be reserved. WAN bandwidth usage is the same whether a user places a call or leaves a message over the WAN. Transcoders still are required when using G.729 in the WAN.

During a WAN failure, calls are rerouted automatically over the PSTN, and voice messages are left via PSTN. In a deployment of two clusters with, for example, 15,000 users, a large number of calls (and therefore voice-messaging traffic) can occur between the locations. This situation is especially true in companies that work with virtual or distributed teams in many locations.

You can separate the two Cisco Unity Connection servers in a cluster. Requirements for a cluster over the WAN are as follows:

  • Depending on the number of voice-messaging ports on each Unity Connection server, the path of connectivity must have the following guaranteed bandwidth with no steady-state congestion: 7 Mbps for every 50 voice-messaging ports on each server.
  • When both the subscriber and publisher are taking calls, the maximum round-trip latency must be no more than 60 ms. When only the publisher is taking calls and the subscriber is idle but is replicating with the publisher, the maximum round-trip latency must be no more than 150 ms.

The bandwidth numbers mentioned are intended as guidelines to ensure proper operation of an active-active cluster regarding synchronization traffic between the two servers. Other conditions such as network congestion, CPU utilization, and message size may contribute to lower throughput than expected.

1.11 Active-Active, High-Availability Deployment

This topic describes the Cisco Unity Connection cluster using two servers that are active-active.

Cisco Unity Connection supports high availability and redundancy:

  • A maximum of two servers are supported in a cluster pair.
  • One server is designated as a publisher.
  • The second server is designated as a subscriber or secondary server.

High availability and disaster recovery are two primary customer requirements for preserving voicemail services in the event of a Cisco Unity Connection system outage or disaster.

Cisco Unity Connection supports a two-server, active-active, high-availability solution to provide high availability and redundancy for voice messaging within a LAN site. Both servers in the active-active pair run Cisco Unity Connection; both accept calls, as well as HTTP and IMAP requests. If only one server in the server pair is active, then Cisco Unity Connection preserves most of the end-user functionality, including voice calls, HTTP requests, and IMAP requests. When one cluster server is down, the port capacity is reduced by 50 percent.

One Cisco Unity Connection server is designated as the publisher node in the server pair. The other Cisco Unity Connection server is designated as the subscriber node in the server pair. The role separation is consistent with the Cisco Unified Communications Manager clustering scheme, in which there is always one publisher and multiple subscribers. However, in Cisco Unity Connection, only two servers are supported for active-active, high availability.

Before incoming voice messages can be stored, you must choose a message store for the users on a Cisco Unity Connection server. The database is shared and synchronized between both servers. If a caller leaves a message, the message is synchronized to the second server. If one of the servers fails in a Cisco Unity Connection cluster, the user can still retrieve the messages.

1.10 Sizing and Scaling Cisco Unity Connection Servers

This topic describes the parameters that affect the sizing and design of a Cisco Unity Connection solution.

When Cisco Unity Connection servers are sized, some input values must be specified. Your requirements govern your choices.

A call in any audio codec format that Cisco Unity Connection SCCP or SIP signaling supports is transcoded to LPCM. Supported codecs in Cisco Unity Connection are, for example, G.711 mu-law, G.711 a-law, G.722, G.729, and iLBC.

From LPCM, the recording is encoded in the recording format that is specified in Cisco Unity Connection Administration. The recordings can be encoded in LPCM, G.711 mu-law, G.711 a-law, G.729A, G.726, or GSM 06.10. G.711 mu-law is the default.

Because transcoding occurs in every connection, there is little difference in system impact when the line codec differs from the recording codec. For example, using G.729A as the line codec and G.711 mu-law as the recording codec does not place additional load on the Cisco Unity Connection server for transcoding. However, the iLBC and G.722 codecs require more computation to transcode and therefore place additional load on the Cisco Unity Connection server. The use of one of these codecs reduces the available voicemail ports on a Cisco Unity Connection server by about 75 percent. For more details, refer to the “Notes on 20000 user VM configuration” section of the Virtualization for Cisco Unity Connection document at http://docwiki.cisco.com/wiki/Virtualization_for_Cisco_Unity_Connection#Notes_on_20000_user_VM_configuration.

To determine the number and configuration of voice-messaging ports that are required, consider the following factors:

  • The existing voice-messaging system: Evaluate how well the existing voice-messaging system functions, if applicable. This evaluation might give the designer some idea of how many ports are needed for taking voice messages, for turning MWIs on and off, and for message notification.
  • Use of Cisco Unity Inbox or Cisco Unity Connection ViewMail for Microsoft Outlook: Cisco Unity Connection uses TRAP to allow users of the Cisco Unity Inbox web client or Cisco Unity Connection ViewMail for Microsoft Outlook client to play and record voice messages by phone rather than by using speakers and a microphone. This feature is especially helpful for users who work in cubicles, where there is a lack of privacy. However, when a user uses TRAP to play or record a message, a port on the Cisco Unity Connection server is used. No port is used when a user uses speakers and a microphone to play and record messages. A customer that wants users to use TRAP must make calculations for the total number of required voice ports.
  • Cisco Unity Connection cluster: In some cases, an existing voice-messaging system has more voice-messaging ports than Cisco Unity Connection supports. When the Cisco Unity Connection system is configured as a two-node Cisco Unity Connection cluster (an active-active, high-availability Cisco Unity Connection server pair), it can support twice the number of voice-messaging ports, compared to a single-server deployment.

    This deployment option does not double the number of users.

  • Cisco Unity Connection networking: You can purchase additional Cisco Unity Connection servers or Cisco Unity Connection cluster pairs and then use links to connect these pairs and increase the number of supported voice ports.

For Cisco Unity Connection systems that are configured to store voicemails only (not emails or faxes), base the server requirements on the total number of voice-storage minutes that are required for each user. A supported Cisco Unity Connection server generally provides storage for at least 20 to 30 minutes of voice messages per user, for the maximum number of supported users on that server.

1.9 Storage Overview

This section describes the different storage options for virtualization.

Data stores are used to store the VM files. The data store provides a uniform model to store files and hides the specifics of the storage device. The data store format is VMFS, an operating system native file system, or a storage device using NFS.

VMware vSphere ESXisupports the following storage technologies:

  • DAS: DAS is a storage disk or storage array that is directly attached to the host server.
  • Fibre Channel: The host server can be connected to a Fibre Channel switch that is also connected to a storage array. Fibre Channel is a lossless network protocol that transports SCSI commands in the upper layer of the protocol stack. People often refer to SAN and Fibre Channel in the same way, which is incorrect. SAN is a network topology, and Fibre Channel is a protocol, just like iSCSI or FCoE are protocols.
  • FCoE: FCoE accesses basically the same target device as Fibre Channel. The only difference is that from the host server to the fabric switch the path is Ethernet, where Fibre Channel frames are encapsulated into Ethernet frames. Be aware that Ethernet is not a lossless network like Fibre Channel. Discussions of unified fabric, unified ports, or converged networks usually involve FCoE.
  • iSCSI: With iSCSI, you also put SCSI commands into another protocol, in this case TCP/IP. iSCSI is an IP storage solution.
  • NAS: NAS is also accessed via TCP/IP at the file system level. NFS is used for the data store, but NFS does not support SCSI commands.

Storage technologies are based on 1-Gbps or 10-Gbps Ethernet. For Cisco Collaboration System specifications-based solutions with FCoE, you must use 10-Gbps interfaces.

DAS is mostly found in Cisco Unified Computing System (Cisco UCS) C-Series deployments, where the hypervisor and Cisco Collaboration System application are installed locally on the server. For small data center environments or dedicated technology solutions, DAS is a good choice to remove the SAN complexity. However, many data center features such as VMware vMotion and others do not work with DAS.

Shared storage can be accessed by many host servers, which allows features such as VMware vMotion and VMware High Availability. Shared storage is mostly used with Cisco UCS B-Series deployments, where the hypervisor and Cisco Collaboration System applications are installed on SANs. This environment is also called a diskless deployment. Shared storage can be used as a central repository for templates or VM files.