Had some practice material around SIP Trunk Security Profile requirements with CUCM and Expressway.
The High points being:
Certificates and Security with Expressway..
I have created a custom PKI playlist on my Youtube channel also:
It was worthwhile catching up with high level PKI, keys and certificates etc..
3 connections/legs that require TLS encryption as per diagram
Traversal concept is well known with normal firewall process. Normal – Firewalls keep logs, source/destination/port for outbound connections. Returning connections are permitted.
E can pass calls through ‘secure and established pipe’ between E and C.
BSCP – Desktop Sharing in Jabber (Colleague to Colleague)
TURN is used when endpoints call each other via the Internet. RTP is anchored via the Expressway C as per diagram – Media Path Summary QoS concerns!
With ICE enabled, media can flow between the 2 endpoints via the Internet. Supported by TP and Jabber endpoints and also Expressway/CUCM. (10.5 and above)
‘Service Discovery’ – In or Out of the Enterprise?
Traditional VCS Control + VCS Expressway:
Traditional VCS Control + VCS Expressway for B2B:
New Expressway C+ E Architecture:
*Same for VCS or Expressway, all dependent on the license key applied.