Roles

This topic describes the roles that can be assigned to users in Cisco Unity Connection to give them administrator access rights for limited parts of the system.

These are the predefined roles in Cisco Unity Connection. The roles cannot be modified and you cannot create new roles.

Role Description
Audio Text Administrator Administers call handlers, directory handlers, and interview handlers
Audit Administrator Administers application and database auditing
Greeting Administrator Manages call handler recorded greetings via TUI
Help Desk Administrator Resets user passwords and unlocks user accounts, views user settings
Mailbox Access Delegate Account Provides access to all messages via messaging APIs
Remote Administrator Administers the database using remote management tools

The following are the predefined roles in Cisco Unity Connection. The roles cannot be modified and you cannot create new roles.

Role Description
System Administrator Top-level Unity Connection administrator; provides access to all Unity Connection administrative functions, reports, and tools for server and users
Technician Provides access to functions that enable management of system and phone system integration settings, viewing of all system and user settings, run all reports and diagnostic tools
User Administrator Administers users; provides access to all user administration functions and user administration tools

Cisco Unity Connection offers levels of privileges for administrator accounts that are set according to a list of predefined roles. Roles specify which tasks administrators can execute. Before adding administrator accounts, choose the roles that are assigned to each account.

System Administrator is the role of the default administrator account that the installer specified during initial setup of Cisco Unity Connection. A System Administrator is the only role that has permission to create administrative accounts

To see the specific privileges for each administrator role, choose System Settings > Roles in Cisco Unity Connection Administration, and click the name of the role. Changes cannot be made to the permissions that are associated with each predefined role.

Advertisements

Cisco Unity Connection Authentication Rules

This topic describes the authentication rules that are used to secure access to Cisco Unity Connection.

  • When LDAP authentication is used, the domain policies are applied.
  • Use secure PINs and passwords according to the company-specified policies.
  • Authentication rules can be set for the password and PIN.

For Cisco Unity Connection users who are linked to user data in an LDAP directory, this authentication rule applies only to voicemail passwords (PINs). The LDAP directory, rather than Cisco Unity Connection, manages web authentication and failed sign-in attempts. For Cisco Unity Connection users who are not linked to user data in an LDAP directory, this authentication rule applies both to voicemail passwords and to web passwords.

The following settings can be configured under the System Settings > Authentication Rules section of the Cisco Unity Connection Administration:

  • Display Name: Enter a descriptive name for the authentication rule.
  • Failed Sign-In: Enter the number of failed sign-in attempts that are allowed before an account is locked.. When this field is set to 0 (zero), no limit is placed on the number of failed sign-in attempts and the user will not be locked out of the account. The default setting is three attempts.
  • No Limit for Failed Sign-Ins: Check this check box to set no limit on the number of failed sign-in attempts and to prevent users from being locked out of the account.
  • Reset Every Failed Sign-In Attempts: Enter the number of minutes after which Cisco Unity Connection will clear the count of failed sign-in attempts (unless the failed sign-in limit is already reached and the account is locked). When this field is set to 0 (zero), a failed sign-in attempt will result in the user account being locked until an administrator manually unlocks it. The default setting is 30 minutes.
  • Lockout Duration: Enter the number of minutes that a user account will remain locked after the allowed number of failed sign-in attempts has been reached. While the account is locked, users cannot access Cisco Unity Connection by phone. If a value of 0 (zero) is entered, then the account remains locked until an administrator manually unlocks it. The default is 30 minutes.
  • Administrator Must Unlock: Check this check box so that locked accounts will remain locked until manually unlocked by an administrator.
  • Minimum Duration Between Credential Changes: Enter the number of minutes that must elapse between password changes. This setting does not apply when administrators change the password in Cisco Unity Connection Administration. The default is 240 minutes.
  • Credential Expires After: The default setting is 180 days.
  • Never Expires: Check this check box so that passwords that are based on this authentication rule never expire. Use of this check box is most applicable for low-security users or for accounts that more than one person can access. Note that when this check box is checked, users can still change passwords at any time.
  • Expiration Warning Days: Enter the number of days before passwords expire that Cisco Unity Connection will warn users about that expiration. A value of 0 (zero) means that Cisco Unity Connection will not warn users that a password is about to expire.
  • Minimum Credential Length: Enter the required number of digits for user passwords. Enter a value from 1 to 64, where the default is eight digits for the password and six digits for the PIN. In general, shorter passwords are easier to use but longer passwords are more secure, so more than eight digits (password) or six digits (PIN) is recommended. When the minimum credential length changes, users will be required to use the new length the next time that they change their passwords.
  • Stored Number of Previous Credentials: Enter a value for the number of previous passwords that Cisco Unity Connection stores for a user. When a user enters a new password, Cisco Unity Connection compares it to the stored passwords, and rejects it if it matches a password in the history. A value of 0 (zero) means that Cisco Unity Connection will not store any previous passwords for the user. The default is five passwords.
  • Check for Trivial Passwords: Check this check box.

Check for Trivial Passwords

The setting verifies that a new password meets the following criteria.

Description Example
The digits are not all the same. 9999
The digits are not consecutive. 1234 or 4321
The password is not the same as the primary extension. 2001

Provide a user-password policy to avoid specifying a password that spells the first or last name, organization or company name, or any other obvious words.

Example Description
1002 Is the reverse of the primary extension
900012 Uses the same digits more than twice
20185 to 20186 Is a one-digit increment of a previous password
18181 Contains fewer than three different digits

To secure access to Cisco Unity Connection via TUI, check the Check for Trivial Passwords check box for the authentication rules and create a company password policy to enforce the password check. If you are checking for trivial passwords, Cisco Unity Connection verifies that a new password meets the system-specified criteria when user phone passwords are changed.

In addition to checking the Check for Trivial Passwords check box, consider providing users with a password policy that advises them to avoid passwords that are described in the figure.

Cisco Unity Connection Distribution Lists

This topic explains the system distribution lists in Cisco Unity Connection and how they are used to send voice messages to multiple users.

  • System and private distribution lists can be defined.
  • Predefined system distribution lists exist; for example, one that comprises all voicemail users.
  • Private distribution lists can be limited by the number of members or by the number of distribution lists per user.
  • Distribution lists can receive voice messages.

Members of a System Distribution List typically are users who need the same information regularly, such as employees in a department or members of a team. The predefined System Distribution Lists are the following:

  • Undeliverable messages
  • All Voice Mail Users with the extension 99991
  • All Voicemail-Enabled Contacts with the extension 99992

A voicemail user can configure Private Distribution Lists. An administrator can define a maximum of 99 Private Distribution Lists per user; the default is 25.

Within the Private Distribution List, the number of members can be set to a maximum of 999; the default is 99.

Time Zone Usage

This topic describes a scenario in which time zones are used at different locations of a centralized voice-messaging solution.

Mailboxes, call handlers, greetings, and other objects rely on the time zone.

  • Schedules
  • Holidays

The figure shows a centralized Cisco Unity Connection system with users in two locations in different time zones.

Mailboxes, call handlers, greetings, and other objects in Cisco Unity Connection rely on the time zone and a schedule. A user with a schedule that is set to business hours Monday through Friday from 9:00 a.m. to 5:00 p.m. (0900 to 1700) has an active mailbox during this time.

For example, in combination with time zone settings, the business hours are set to Eastern Standard Time (EST, Coordinated Universal Time [UTC] –5 hours). A call that originates at 4:00 p.m. (1600) Pacific Standard Time (PST, UTC –8 hours) and that is directed to a Cisco Unity Connection system based in the EST zone actually reaches Cisco Unity Connection at 7:00 p.m. (1900).

In the example the business hours are set to Monday through Friday from 9:00 a.m. to 5:00 p.m. (0900 to 1700). The time zones are set to UTC –5 and to UTC –8. If a caller that is based in EST calls a local number at 11:15 a.m. (1115), then Cisco Unity Connection answers the call at 11:15 a.m. (1115). If the caller dials a number that is based in PST, then the call arrives at 8:15 a.m. (0815) PST and Cisco Unity Connection plays a closed greeting, according to the business-hour schedule.

The time zones are used in different ways. When a call is forwarded to voicemail, the configured time zone of the called user controls the announcement, depending on the time when the message is left. The greeting (for example, standard or closed) is also chosen according to the time of the call at the called location, in combination with a schedule. The same is true for the call handlers.

Schedules are one of the variables that Cisco Unity Connection uses to manage calls. Call handler transfer rules can be varied based on a schedule, and schedules can be applied to routing rules to change call-routing patterns for different time periods. Schedules also affect when user and call handler greetings play.

Cisco Unity Connection offers three predefined schedules: All Hours, Weekdays, and Voice Recognition Update. All can be modified, but not deleted. By default, the Weekdays schedule is configured to observe standard hours from 8:00 a.m. through 5:00 p.m. (0800 through 1700), Monday through Friday. The schedule is also configured to observe a predefined holiday schedule, which does not contain any dates or times by default.

For each schedule that is created or modified, multiple ranges of hours and days make up the standard and closed hours. The definition of these ranges is as follows:

  • Standard hours: The standard hours and days make up the normal business hours when the organization is open. Standard hours can include multiple time ranges and different time ranges on different days. For example, standard hours for an organization might be Monday through Friday from 8:00 a.m. (0800) to noon (1200) and 1:00 p.m. to 5:00 p.m. (1300 to 1700), to accommodate a lunch break, and Saturday from 9:00 a.m. to 1:00 p.m. (0900 to 1300). Standard transfer rules are in effect during the days and time ranges that are added to the standard schedule; standard user and call handler greetings play during standard hours.
  • Closed hours: The hours and days that are not identified as standard hours are considered nonbusiness hours, when the organization is closed. Closed user and call handler transfer rules operate at all times—including holidays—that are not specified by the standard schedule. Closed user and call handler greetings play according to the closed hours.

You can specify future holidays. In addition to other schedules, you can set up a Holiday Schedule that defines specific holiday dates and times:

  • When a holiday schedule is in effect, Cisco Unity Connection plays holiday greetings (if enabled) and observes closed-hours transfer rules. Several years of holidays can be set up at one time. Because many holidays occur on different dates each year, confirm that the holiday schedule remains accurate annually.
  • Holiday greetings for users and call handlers play during this period.

General Configuration

This topic describes the Cisco Unity Connection general settings, including time and localization settings.

The general configuration comprises preconfigured system settings, including time zones and localization.

Description
General Configuration System Language, Recording Format, Greeting Length, Default Partition and Search Scope IP Addressing mode (IPv4)
Time Zone Set during installation NTP server may be changed via GUI Time zone may be changed via CLI

To modify the following preconfigured settings, in Cisco Unity Connection Administration choose System Settings > General Configuration.

  • The default Time Zone setting determines when schedules are active. In addition, the default time zone is applied to users and call handlers that have the Use Default Time Zone check box checked.
  • From the System Default Language drop-down list, choose the language in which system prompts are played to users and callers. Additional language files can be loaded after installation. Languages are not licensed, and Cisco Unity Connection 10.x does not enforce a limit on the number of languages you can install and use. However, the more languages you install, the less hard-disk space is available for storing voice messages. For details, see the “Adding or Removing Unity Connection Languages” section of the Install, Upgrade, and Maintenance Guide for Cisco Unity Connection Release 10.x at:http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/10x/install_upgrade/guide/10xcuciumgx.html.
  • From the Recording Format drop-down list, choose the default format (codec) for recorded messages. The default setting is G.711 mu-law. The other options are PCM linear, G.711 a-law, G.729A, G.726, and GSM 06.10.
  • Enter the maximum greeting length for system call handler greetings. The range is 1 to 1200 seconds; the default setting is 90 seconds.
  • If AGC is enabled, then enter the average volume, in decibels, that Cisco Unity Connection automatically maintains for recording voice messages and user greetings in the Target Decibel Level for Recordings and Messages. The AGC decibel levels are set in negative numbers.
  • From the Default Partition and Default Search Scope drop-down lists, choose the partition and search space that Cisco Unity Connection uses as the default when creating new objects such as users or templates. If these options are modified in a template, such as when a new user is created, then the template settings will be used instead of the default settings.

The time settings are configured in Cisco Unified Operating System Administration, under Settings > NTPServers. Ensure that the external server is stratum 9 or higher (9 to 1). The NTP server settings can be configured only on the first node or publisher.

If no NTP server is available, then manually configure the time and enter the date and time for Cisco Unity Connection. If the date or time was changed manually, restart the Cisco Unity Connection server.

The time zone that is set during the Cisco Unity Connection installation can be changed only via CLI. Any change that is made to the NTP servers can take as long as 5 minutes to take effect.

To see the currently configured time zone, use the show timezone config command. Use the show timezone list command to search for the correct time zone. Use the set timezone command to change the time zone; for example, use the option 152 to indicate New York time.

One reason to change the time zone could be that a Cisco Unity Connection server has moved to another location (time zone). An incorrect time zone would make the time stamps in the Cisco Unity Connection system wrong, which could represent a difficulty when you troubleshoot different Cisco Unified Communications Systems at the same time. The time stamps should be based on the same time zone as the synchronized NTP servers.

General Settings vs. User Settings

This topic explains the inheritance and precedence of settings when user or call handler settings are configured.

User-related parameters can be defined in different places in Cisco Unity Connection Administration:

  • Enterprise and Service Parameters
  • General settings
  • Templates
  • User or call handler settings

As in Cisco Unified Communications Manager, parameters can be set in the Enterprise or Service Parameters, which are valid for all entities in the Cisco Unity Connection system. A change in the Enterprise or Service Parameters immediately affects all entities. Default parameters such as a default partition are preselected for all new objects that contain that parameter field.

The next level of parameter settings is the general settings, which can alter system settings. A change at this level immediately affects all entities.

The user, call handler, and contact templates can override the general settings that apply to new objects because parameters are copied from the template during the creation of a new object, which is called initial mode. A change to a template does not affect existing objects.

On the user account, call handler, and contact level, a configuration parameter overrides the general settings and takes precedence. For instance, if a manager needs additional mailbox space for voice messages, the mailbox quota setting can be modified on the user account level for the manager account only.

Cisco Unity Connection System Settings Overview

This topic describes the Cisco Unity Connection system settings.

The Cisco Unity Connection includes the following system settings:

  • General settings such as time zones, languages, etc.
  • Roles to assign access rights to users and administrators.
  • Enterprise and Service parameters to tweak the system capabilities.

The System Settings in Cisco Unity Connection allow the administrator to modify the default system behavior. The figure lists several examples and shows the System Settings menu options.

The predefined roles can be used to limit the GUI access to certain configuration areas or to limit the TUI options for different kinds of administrators.

The Enterprise and Service Parameters in Cisco Unity Connection are like the Cisco Unified Communications Manager Enterprise Parameters and Service Parameters. Parameters allow you to change QoS settings and so on.

LDAP can be integrated and allows the use of the LDAP directory and LDAP authentication. With the use of LDAP authentication, a single password login can be provided to the users.